Bug#1051797: marked as done (libtk-img-doc: dpkg extraction error during upgrading)
Your message dated Fri, 13 Oct 2023 07:05:13 + with message-id and subject line Bug#1051797: fixed in libtk-img 1:1.4.15+dfsg-2.1 has caused the Debian Bug report #1051797, regarding libtk-img-doc: dpkg extraction error during upgrading to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1051797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051797 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libtk-img-doc Version: 1:1.4.14+dfsg-2 Severity: normal X-Debbugs-Cc: davide.pr...@null.net Dear mainteiner, during the upgrade of the package from version 1:1.4.15+dfsg-1 to version 1:1.4.14+dfsg-2 I have the following error: dpkg: errore nell'elaborare l'archivio /tmp/user/0/apt-dpkg-install-f3K6IA/18-libtk-img-doc_1%3a1.4.15+dfsg-1_all.deb (--unpack): tentata sovrascrittura di "/usr/share/doc/libtk-img/README.gz" presente anche nel pacchetto libtk-img:amd64 1:1.4.15+dfsg-1 I try to translate: dpkg: error processing the archive /tmp/user/0/apt-dpkg-install-f3K6IA/18-libtk-img-doc_1%3a1.4.15+dfsg-1_all.deb (--unpack): try to overwrite of "/usr/share/doc/libtk-img/README.gz" present also in the package libtk-img:amd64 1:1.4.15+dfsg-1 Ciao Davide -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'stable-security') Architecture: amd64 (x86_64) Kernel: Linux 6.4.0-4-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled libtk-img-doc depends on no packages. libtk-img-doc recommends no packages. Versions of packages libtk-img-doc suggests: ii libtk-img 1:1.4.15+dfsg-1 -- no debconf information --- End Message --- --- Begin Message --- Source: libtk-img Source-Version: 1:1.4.15+dfsg-2.1 Done: Ole Streicher We believe that the bug you reported is fixed in the latest version of libtk-img, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1051...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ole Streicher (supplier of updated libtk-img package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 13 Oct 2023 08:18:39 +0200 Source: libtk-img Architecture: source Version: 1:1.4.15+dfsg-2.1 Distribution: unstable Urgency: medium Maintainer: Sergei Golovan Changed-By: Ole Streicher Closes: 1051797 Changes: libtk-img (1:1.4.15+dfsg-2.1) unstable; urgency=medium . * Non-maintainer upload. * Add Breaks+Replaces for README move from doc to main package (Closes: #1051797) Checksums-Sha1: 1e04e78b8c88cea83fe8707a923cf9baf7010d85 2149 libtk-img_1.4.15+dfsg-2.1.dsc 3a1993ffe5a0609c627b502f44099b896f62f122 14124 libtk-img_1.4.15+dfsg-2.1.debian.tar.xz Checksums-Sha256: 2920b5461d533e1a24e7caf4bc6d1790f6c6dce6b55167dd2113628c98dd4ad0 2149 libtk-img_1.4.15+dfsg-2.1.dsc fc7c36b06630047a74b59c3fbf6d2f0b1aaf1570ae66406154e6d942456f49be 14124 libtk-img_1.4.15+dfsg-2.1.debian.tar.xz Files: 4dab60c73bcdf2896b3e6dc23b01acde 2149 libs optional libtk-img_1.4.15+dfsg-2.1.dsc 25488f7c2216891c0c7ea2ce179d79a5 14124 libs optional libtk-img_1.4.15+dfsg-2.1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEuvxshffLFD/utvsVcRWv0HcQ3PcFAmUo5aQACgkQcRWv0HcQ 3PeWhRAAmwGWtLZUaNZuStQ1aN/I5rYFxL+bFpNgX3LmlJ47WD5J1q1n1aF1+wLg cb1aqzwUpqB4Y+cacfREG4hzJaFY2Jj76RLn8AlSezCaDiFcFmeRMluVXJP71WL1 VfTTnSRengTUsvdGOInL6zvllnKTxWyRQB88mgBuKBofhans6ITsVXXzoNGiEs+5 QU8N3uKVQmh+AhvAmVlflfnd1dhr/u3JUTGoLtJALp2WKk0cxB51ZNwKTv2norwA ZRWxJxMINdnDwalCiH1YAxCpnuDccvkVLjjdizXl1sIaBLctAsDFQSCQNyd3kPw+ I/RrT6vg1ySLNAz/Tf72UMRQjW2QRJh1XCF9OQFwDawq6o8FsyCZK7M6oNtar7Bj QotbmHpkrjO9hS8TVyOuvvFOTpcGQgaODA5PzZvA3rWT9NsP3MvBbs3z/luWFyXB Jvz7/4waguzhTfsRUghpVLHf9zmO3Z6ZuKV5LCqLAKRW9PjznUTyd4jIULOs474Y 3Q/9c4+DC+EBTUvEVkk5kXJHqgSsghWsqDvXBtTF9ibpOpaqKhOz1QBj7BvV3i8L FyAZNky+N9XtYue8V0T9yAy1HzOuQV16dCjuZD2YOZi1N9rawOGn0TnOXTiLigy4 Spi/lpzYGmx54TZkiShJcEPw9pi89CI/ehIdot9vt+LydK2XhRI= =ItHf -END PGP SIGNATURE End Message ---
Bug#1051570: [Mlt-devel] Fwd: Bug#1051570: mlt: FTBFS with RtAudio 6
Fixed in git, supports old (4) and new versions. See also https://github.com/mltframework/mlt/issues/930 On Thu, Oct 12, 2023 at 6:34 AM Patrick Matthäi via Mlt-devel < mlt-de...@lists.sourceforge.net> wrote: > Hello, > > I have got this patch for RTAudio 6 "support" (not tested, but it builds > with 7.18.0). This patch also applies to the 7.20.0 version. > The problem is with the patch applied mlt builds against rtaudio 6.0.1, > but it fails against 5.2.0 just with: > > [ 57%] Linking CXX shared module ../../../out/lib/mlt/libmltmovit.so > cd /build/mlt-7.20.0/obj-x86_64-linux-gnu/src/modules/movit && > /usr/bin/cmake -E cmake_link_script CMakeFiles/mltmovit.dir/link.txt > --verbose=1 > /usr/bin/c++ -fPIC -g -O2 -ffile-prefix-map=/build/mlt-7.20.0=. > -fstack-protector-strong -fstack-clash-protection -Wformat > -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 > -Wl,-z,relro -Wl,-z,now -shared -o ../../../out/lib/mlt/libmltmovit.so > CMakeFiles/mltmovit.dir/factory.c.o > CMakeFiles/mltmovit.dir/filter_glsl_manager.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_blur.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_convert.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_crop.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_deconvolution_sharpen.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_diffusion.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_flip.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_glow.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_lift_gamma_gain.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_mirror.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_opacity.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_rect.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_resample.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_resize.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_saturation.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_vignette.cpp.o > CMakeFiles/mltmovit.dir/filter_movit_white_balance.cpp.o > CMakeFiles/mltmovit.dir/mlt_movit_input.cpp.o > CMakeFiles/mltmovit.dir/transition_movit_luma.cpp.o > CMakeFiles/mltmovit.dir/transition_movit_mix.cpp.o > CMakeFiles/mltmovit.dir/transition_movit_overlay.cpp.o > CMakeFiles/mltmovit.dir/consumer_xgl.c.o > -Wl,-rpath,/build/mlt-7.20.0/obj-x86_64-linux-gnu/out/lib: -lm > ../../../out/lib/libmlt++-7.so.7.20.0 /usr/lib/x86_64-linux-gnu/libX11.so > ../../../out/lib/libmlt-7.so.7.20.0 /usr/lib/x86_64-linux-gnu/libGLX.so > /usr/lib/x86_64-linux-gnu/libOpenGL.so > /usr/lib/x86_64-linux-gnu/libmovit.so /usr/lib/x86_64-linux-gnu/libepoxy.so > make[3]: Leaving directory '/build/mlt-7.20.0/obj-x86_64-linux-gnu' > [ 57%] Built target mltmovit > make[2]: Leaving directory '/build/mlt-7.20.0/obj-x86_64-linux-gnu' > make[1]: *** [Makefile:139: all] Error 2 > make[1]: Leaving directory '/build/mlt-7.20.0/obj-x86_64-linux-gnu' > dh_auto_build: error: cd obj-x86_64-linux-gnu && make -j2 "INSTALL=install > --strip-program=true" VERBOSE=1 returned exit code 2 > make: *** [debian/rules:11: binary] Error 2 > dpkg-buildpackage: error: debian/rules binary subprocess returned exit > status 2 > > > A better fix would be welcome :) > > > Weitergeleitete Nachricht > Betreff: Bug#1051570: mlt: FTBFS with RtAudio 6 > Weitersenden-Datum: Sat, 09 Sep 2023 21:15:01 + > Weitersenden-Von: IOhannes m zmoelnig > > Weitersenden-An: debian-bugs-d...@lists.debian.org > Weitersenden-CC: Patrick Matthäi > > Datum: Sat, 09 Sep 2023 23:10:59 +0200 > Von: IOhannes m zmoelnig > Antwort an: IOhannes m zmoelnig > , 1051...@bugs.debian.org > An: Debian Bug Tracking System > > > Source: mlt > Version: 7.18.0-2 > Severity: serious > Tags: ftbfs patch > Justification: fails to build from source (but built successfully in the > past) > > Dear Maintainer, > > mlt ftbfs with RtAudio 6 (currently in experimental). > > ``` > [ 89%] Building CXX object > src/modules/rtaudio/CMakeFiles/mltrtaudio.dir/consumer_rtaudio.cpp.o > cd /build/mlt-zme0kO/mlt-7.18.0/obj-x86_64-linux-gnu/src/modules/rtaudio > && /usr/lib/ccache/c++ -Dmltrtaudio_EXPORTS > -I/build/mlt-zme0kO/mlt-7.18.0/src/framework/.. -isystem > /usr/include/rtaudio -g -O2 > -ffile-prefix-map=/build/mlt-zme0kO/mlt-7.18.0=. -fstack-protector-strong > -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection > -Wdate-time -D_FORTIFY_SOURCE=2 -std=c++14 -fPIC -mmmx -msse -msse2 > -pthread -D__LINUX_ALSA__ -D__LINUX_PULSE__ -D__UNIX_JACK__ -D_REENTRANT > -MD -MT > src/modules/rtaudio/CMakeFiles/mltrtaudio.dir/consumer_rtaudio.cpp.o -MF > CMakeFiles/mltrtaudio.dir/consumer_rtaudio.cpp.o.d -o > CMakeFiles/mltrtaudio.dir/consumer_rtaudio.cpp.o -c > /build/mlt-zme0kO/mlt-7.18.0/src/modules/rtaudio/consumer_rtaudio.cpp > /build/mlt-zme0kO/mlt-7.18.0/src/modules/rtaudio/consumer_rtaudio.cpp: In > member function ‘bool RtAudioConsumer::create_rtaudio(RtAudio::Api, int, > int)’: > /build/mlt-zme0kO/mlt-7.18.0/src/modules/rtaudio/consumer_rtaudio.cpp:164:26: > error: ‘struct RtAudio::DeviceInfo’ has no member named ‘probed’ > 164 | i
Processed: reassign 1053811 to gnome-shell, tagging 1053847, tagging 1053837, tagging 1053838, tagging 1053839 ...
Processing commands for cont...@bugs.debian.org:
> reassign 1053811 gnome-shell 44.5-2
Bug #1053811 [gnome-shell (44.5-2)] weird suspention notification in GNOME on
testing
Warning: Unknown package '44.5-2'
Bug reassigned from package 'gnome-shell (44.5-2)' to 'gnome-shell'.
Ignoring request to alter found versions of bug #1053811 to the same values
previously set
Ignoring request to alter fixed versions of bug #1053811 to the same values
previously set
Bug #1053811 [gnome-shell] weird suspention notification in GNOME on testing
Marked as found in versions gnome-shell/44.5-2.
> tags 1053847 + experimental
Bug #1053847 {Done: Paul Gevers }
[src:golang-github-gocql-gocql] src:golang-github-gocql-gocql: fails to migrate
to testing for too long: uploader built arch:all
Added tag(s) experimental.
> tags 1053837 - bookworm + trixie
Bug #1053837 [src:ruby-html-pipeline] src:ruby-html-pipeline: unsatisfied build
dependency in testing: ruby-sanitize
Removed tag(s) bookworm.
Bug #1053837 [src:ruby-html-pipeline] src:ruby-html-pipeline: unsatisfied build
dependency in testing: ruby-sanitize
Added tag(s) trixie.
> tags 1053838 - bookworm + trixie
Bug #1053838 [src:ruby-gitlab-markup] src:ruby-gitlab-markup: unsatisfied build
dependency in testing: ruby-sanitize
Removed tag(s) bookworm.
Bug #1053838 [src:ruby-gitlab-markup] src:ruby-gitlab-markup: unsatisfied build
dependency in testing: ruby-sanitize
Added tag(s) trixie.
> tags 1053839 - bookworm + trixie
Bug #1053839 [src:ruby-github-markup] src:ruby-github-markup: unsatisfied build
dependency in testing: ruby-sanitize
Removed tag(s) bookworm.
Bug #1053839 [src:ruby-github-markup] src:ruby-github-markup: unsatisfied build
dependency in testing: ruby-sanitize
Added tag(s) trixie.
> tags 1053840 - bookworm + trixie
Bug #1053840 [src:python-ws4py] src:python-ws4py: unsatisfied build dependency
in testing: python3-sphinxcontrib.seqdiag
Removed tag(s) bookworm.
Bug #1053840 [src:python-ws4py] src:python-ws4py: unsatisfied build dependency
in testing: python3-sphinxcontrib.seqdiag
Added tag(s) trixie.
> tags 1053842 - bookworm + trixie
Bug #1053842 [src:flask-dance] src:flask-dance: unsatisfied build dependency in
testing: python3-sphinxcontrib.seqdiag
Removed tag(s) bookworm.
Bug #1053842 [src:flask-dance] src:flask-dance: unsatisfied build dependency in
testing: python3-sphinxcontrib.seqdiag
Added tag(s) trixie.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1053811: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053811
1053837: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053837
1053838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053838
1053839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053839
1053840: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053840
1053842: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053842
1053847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053847
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1053870: CVE-2023-42118: integer underflow in libspf2 resulting in RCE
Package: libspf2-2 Version: 1.2.10-7.1~deb11u1 Severity: critical Tags: security patch Justification: root security hole X-Debbugs-Cc: Debian Security Team As already outlined on https://security-tracker.debian.org/tracker/CVE-2023-42118 there's a known security issue in libspf2 found through a security review of Exim by the Zero Day Initiative. An integer underflow in libspf2 was found which can be used to perform RCEs. A patch on https://github.com/shevek/libspf2/pull/44 is available and has been merged into the main repository. All relevant links are already available on the Debian Security Tracker. -- System Information: Debian Release: 11.8 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-25-amd64 (SMP w/16 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libspf2-2 depends on: ii libc6 2.31-13+deb11u7 libspf2-2 recommends no packages. libspf2-2 suggests no packages. -- debconf information excluded
Bug#1053872: systemd with high load after 19-01-2038
Package: systemd Version: 252.12-1~deb12u1 Severity: serious Justification: linux system unstable Dear Maintainer, When setting the time to 19 Jan 2038 3:14 GMT using "date 011903142038" the systemd gets high load. At 7 seconds after 3:14 the date is correct in the kernel but systemd get high load. After disable systemd-journald the error from systemd is reported to console: "Time has been changed" Inspection of the systemd code, I found lines in manager.c and others calling timerfd_settime using struct itimerspec with seconds set to TIME_T_MAX. The define TIME_T_MAX is 0x7fff which is used to set a time which blocks the call until an event triggers the timer. The TIME_T_MAX is 19/01/2038 3:14:07. After 2038 this define does not work for ABS_TIME in settime. Implementation of a blocked timer is wrong using this TIME_T_MAX in ABS_TIME value. Create a timeout relative to current time or calculate a better absolute time. -- Package-specific info: -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 6.1.0-10-686-pae (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages systemd depends on: ii libacl12.3.1-3 ii libaudit1 1:3.0.9-1 ii libblkid1 2.38.1-5+b1 ii libc6 2.36-9+deb12u1 ii libcap21:2.66-4 ii libcryptsetup122:2.6.1-4~deb12u1 ii libfdisk1 2.38.1-5+b1 ii libgcrypt201.10.1-3 ii libkmod2 30+20221128-1 ii liblz4-1 1.9.4-1 ii liblzma5 5.4.1-0.2 ii libmount1 2.38.1-5+b1 ii libp11-kit00.24.1-2 ii libseccomp22.5.4-1+b3 ii libselinux13.4-1+b6 ii libssl33.0.9-1 ii libsystemd-shared 252.12-1~deb12u1 ii libsystemd0252.12-1~deb12u1 ii libzstd1 1.5.4+dfsg2-5 ii mount 2.38.1-5+b1 Versions of packages systemd recommends: ii dbus [default-dbus-system-bus] 1.14.8-2~deb12u1 ii systemd-timesyncd [time-daemon] 252.12-1~deb12u1 Versions of packages systemd suggests: ii libfido2-11.12.0-2+b1 ii libqrencode4 4.1.1-1 ii libtss2-esys-3.0.2-0 3.2.1-3 ii libtss2-mu0 3.2.1-3 ii libtss2-rc0 3.2.1-3 ii policykit-1 122-3 ii polkitd 122-3 pn systemd-boot pn systemd-container pn systemd-homed pn systemd-resolved pn systemd-userdbd Versions of packages systemd is related to: ii dbus-user-session 1.14.8-2~deb12u1 pn dracut ii initramfs-tools0.142 ii libnss-systemd 252.12-1~deb12u1 ii libpam-systemd 252.12-1~deb12u1 ii udev 252.12-1~deb12u1 -- no debconf information
Bug#1053873: cronie: Crond with high load after 19-01-2038
Package: cronie Version: cron Severity: serious Justification: linux system unstable Dear Maintainer, When setting the time to 19 Jan 2038 3:14 GMT using "date 011903142038" the crond gets high load. Inspection of the cronie code, the meanloop of cron is controlled by a time value that becomes buggie after 0x7fff (19/01/2038) Probably cron_sleep is wrong. The actual sleep() is never called after 2038 The time is used to calculate the delay value but when used as unsigned the value becomes negative. it will continously run in the loop causing a high load of the cron daemon. -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 6.1.0-10-686-pae (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Processed: 1053872
Processing commands for cont...@bugs.debian.org: > severity 1053872 minor Bug #1053872 [systemd] systemd with high load after 19-01-2038 Severity set to 'minor' from 'serious' > End of message, stopping processing here. Please contact me if you need assistance. -- 1053872: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053872 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053877: zabbix: CVE-2023-32721 CVE-2023-32722 CVE-2023-32723 CVE-2023-32724
Source: zabbix X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for zabbix. CVE-2023-32721[0]: | A stored XSS has been found in the Zabbix web application in the | Maps element if a URL field is set with spaces before URL. https://support.zabbix.com/browse/ZBX-23389 CVE-2023-32722[1]: | The zabbix/src/libs/zbxjson module is vulnerable to a buffer | overflow when parsing JSON files via zbx_json_open. https://support.zabbix.com/browse/ZBX-23390 CVE-2023-32723[2]: | Request to LDAP is sent before user permissions are checked. https://support.zabbix.com/browse/ZBX-23230 CVE-2023-32724[3]: | Memory pointer is in a property of the Ducktape object. This leads | to multiple vulnerabilities related to direct memory access and | manipulation. https://support.zabbix.com/browse/ZBX-23391 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-32721 https://www.cve.org/CVERecord?id=CVE-2023-32721 [1] https://security-tracker.debian.org/tracker/CVE-2023-32722 https://www.cve.org/CVERecord?id=CVE-2023-32722 [2] https://security-tracker.debian.org/tracker/CVE-2023-32723 https://www.cve.org/CVERecord?id=CVE-2023-32723 [3] https://security-tracker.debian.org/tracker/CVE-2023-32724 https://www.cve.org/CVERecord?id=CVE-2023-32724 Please adjust the affected versions in the BTS as needed.
Bug#1053880: node-babel7: CVE-2023-45133
Source: node-babel7 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for node-babel7. CVE-2023-45133[0]: | Babel is a compiler for writingJavaScript. In `@babel/traverse` | prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of | `babel-traverse`, using Babel to compile code that was specifically | crafted by an attacker can lead to arbitrary code execution during | compilation, when using plugins that rely on the `path.evaluate()`or | `path.evaluateTruthy()` internal Babel methods. Known affected | plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` | when using its `useBuiltIns` option; and any "polyfill provider" | plugin that depends on `@babel/helper-define-polyfill-provider`, | such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill- | corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill- | regenerator`. No other plugins under the `@babel/` namespace are | impacted, but third-party plugins might be. Users that only compile | trusted code are not impacted. The vulnerability has been fixed in | `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those | who cannot upgrade `@babel/traverse` and are using one of the | affected packages mentioned above should upgrade them to their | latest version to avoid triggering the vulnerable code path in | affected `@babel/traverse` versions: `@babel/plugin-transform- | runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper- | define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` | v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin- | polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` | v0.5.3. https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 https://github.com/babel/babel/pull/16033 https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-45133 https://www.cve.org/CVERecord?id=CVE-2023-45133 Please adjust the affected versions in the BTS as needed.
Bug#1053880: marked as pending in node-babel
Control: tag -1 pending Hello, Bug #1053880 in node-babel reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/js-team/node-babel/-/commit/ff932dfe976deb4b61b26ffb8f7bd8535df95c4b Only evaluate own String/Number/Math methods (Closes: #1053880, CVE-2023-45133) (this message was generated automatically) -- Greetings https://bugs.debian.org/1053880
Processed: Bug#1053880 marked as pending in node-babel
Processing control commands: > tag -1 pending Bug #1053880 [src:node-babel7] node-babel7: CVE-2023-45133 Added tag(s) pending. -- 1053880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1053881: tracker-miners: CVE-2023-5557
Processing control commands: > fixed -1 3.4.5-1 Bug #1053881 [src:tracker-miners] tracker-miners: CVE-2023-5557 Marked as fixed in versions tracker-miners/3.4.5-1. > block -1 by 1053238 Bug #1053881 [src:tracker-miners] tracker-miners: CVE-2023-5557 1053881 was not blocked by any bugs. 1053881 was not blocking any bugs. Added blocking bug(s) of 1053881: 1053238 -- 1053881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053881 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1053880 marked as pending in node-babel
Processing control commands: > tag -1 pending Bug #1053880 [src:node-babel7] node-babel7: CVE-2023-45133 Ignoring request to alter tags of bug #1053880 to the same tags previously set -- 1053880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053880: marked as pending in node-babel
Control: tag -1 pending Hello, Bug #1053880 in node-babel reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/js-team/node-babel/-/commit/b77c2b9b7cdc2a5201bf0f7d258348e5ee5312c3 Only evaluate own String/Number/Math methods (Closes: #1053880, CVE-2023-45133) (this message was generated automatically) -- Greetings https://bugs.debian.org/1053880
Bug#1053880: marked as pending in node-babel
Control: tag -1 pending Hello, Bug #1053880 in node-babel reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/js-team/node-babel/-/commit/ab1563acf5657fad72235f0cd90f8a709fddc4f4 Only evaluate own String/Number/Math methods (Closes: #1053880, CVE-2023-45133) (this message was generated automatically) -- Greetings https://bugs.debian.org/1053880
Processed: Bug#1053880 marked as pending in node-babel
Processing control commands: > tag -1 pending Bug #1053880 [src:node-babel7] node-babel7: CVE-2023-45133 Ignoring request to alter tags of bug #1053880 to the same tags previously set -- 1053880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053880: marked as done (node-babel7: CVE-2023-45133)
Your message dated Fri, 13 Oct 2023 14:37:13 + with message-id and subject line Bug#1053880: fixed in node-babel7 7.20.15+ds1+~cs214.269.168-5 has caused the Debian Bug report #1053880, regarding node-babel7: CVE-2023-45133 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1053880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: node-babel7 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for node-babel7. CVE-2023-45133[0]: | Babel is a compiler for writingJavaScript. In `@babel/traverse` | prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of | `babel-traverse`, using Babel to compile code that was specifically | crafted by an attacker can lead to arbitrary code execution during | compilation, when using plugins that rely on the `path.evaluate()`or | `path.evaluateTruthy()` internal Babel methods. Known affected | plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` | when using its `useBuiltIns` option; and any "polyfill provider" | plugin that depends on `@babel/helper-define-polyfill-provider`, | such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill- | corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill- | regenerator`. No other plugins under the `@babel/` namespace are | impacted, but third-party plugins might be. Users that only compile | trusted code are not impacted. The vulnerability has been fixed in | `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those | who cannot upgrade `@babel/traverse` and are using one of the | affected packages mentioned above should upgrade them to their | latest version to avoid triggering the vulnerable code path in | affected `@babel/traverse` versions: `@babel/plugin-transform- | runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper- | define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` | v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin- | polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` | v0.5.3. https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 https://github.com/babel/babel/pull/16033 https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-45133 https://www.cve.org/CVERecord?id=CVE-2023-45133 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: node-babel7 Source-Version: 7.20.15+ds1+~cs214.269.168-5 Done: Yadd We believe that the bug you reported is fixed in the latest version of node-babel7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1053...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated node-babel7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 13 Oct 2023 17:53:38 +0400 Source: node-babel7 Architecture: source Version: 7.20.15+ds1+~cs214.269.168-5 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Yadd Closes: 1053880 Changes: node-babel7 (7.20.15+ds1+~cs214.269.168-5) unstable; urgency=medium . * Team upload * Only evaluate own String/Number/Math methods (Closes: #1053880, CVE-2023-45133) Checksums-Sha1: 619734cff5f03d380e45d2a34a516b894b06b78e 19547 node-babel7_7.20.15+ds1+~cs214.269.168-5.dsc 8bd7cde12d9e58232336e6ff9d2b6af16c0bcd03 243560 node-babel7_7.20.15+ds1+~cs214.269.168-5.debian.tar.xz Checksums-Sha256: a155b71442b7c9ad210cc5b30549811214af77427011a5cae2a0198e95a397c6 19547 node-babel7_7.20.15+ds1+~cs214.269.168-5.dsc d0c526b2ab950c8310bd0910d19273d189e243dedfdf6297b718da87fbcf7717 243560 node-babel7_7.20.15+ds1+~cs214.269.168-5.debian.tar.xz Files: ee75bcff22329b15debf0de240937bd0 19547 javascript optional node-babel7_7.20.15+ds1+~cs214.269.168-5.dsc 3b
Processed: Re: Bug#1028212: prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades
Processing commands for cont...@bugs.debian.org: > severity 1028212 serious Bug #1028212 [prometheus-node-exporter-collectors] prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades Severity set to 'serious' from 'important' > tags 1028212 +patch Bug #1028212 [prometheus-node-exporter-collectors] prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 1028212: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028212 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1028212: prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades
On 10/13/23 08:26, Julian Andres Klode wrote: Also please do not run apt update in the background or try to calculate dist upgrades, that is evil and you're breaking stuff. If you want to check for updates, make sure the periodic apt service is configured to run. You are entitled to one run per day. If you do not operate the mirror infrastructure please do not run your own updates out of band. A fair critique, although as I mentioned in an earlier email, this collector cannot do its job if it's running on a significantly out-of-date cache. At the same time, if feels out of scope for this Debian package to ensure the periodic apt service is configured to run. Feels like a rock and a hard place. Thoughts? Kyle
Bug#1028212: prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades
On 2023-10-13 09:05:35, Kyle Fazzari wrote: > On 10/13/23 08:26, Julian Andres Klode wrote: >> Also please do not run apt update in the background or try to >> calculate dist upgrades, that is evil and you're breaking stuff. >> If you want to check for updates, make sure the periodic apt service >> is configured to run. You are entitled to one run per day. If you >> do not operate the mirror infrastructure please do not run your own >> updates out of band. > > A fair critique, although as I mentioned in an earlier email, this > collector cannot do its job if it's running on a significantly > out-of-date cache. At the same time, if feels out of scope for this > Debian package to ensure the periodic apt service is configured to run. > Feels like a rock and a hard place. Thoughts? I think this is a deployment issue. People who provision this package should *not* expect it to run `apt update`: I certainly didn't, and the previous (shell) implementation didn't either. We have other tools that continuously pull mirrors, and as jak stated, APT can be configured to do so as well (although I'm not sure what the canonical way of doing so). So let's not do this here. -- A developed country is not a place where the poor have cars. It's where the rich use public transportation. - Gustavo Petro
Bug#1028212: prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades
On 10/13/23 09:14, Antoine Beaupré wrote: On 2023-10-13 09:05:35, Kyle Fazzari wrote: On 10/13/23 08:26, Julian Andres Klode wrote: Also please do not run apt update in the background or try to calculate dist upgrades, that is evil and you're breaking stuff. If you want to check for updates, make sure the periodic apt service is configured to run. You are entitled to one run per day. If you do not operate the mirror infrastructure please do not run your own updates out of band. A fair critique, although as I mentioned in an earlier email, this collector cannot do its job if it's running on a significantly out-of-date cache. At the same time, if feels out of scope for this Debian package to ensure the periodic apt service is configured to run. Feels like a rock and a hard place. Thoughts? I think this is a deployment issue. People who provision this package should *not* expect it to run `apt update`: I certainly didn't, and the previous (shell) implementation didn't either. We have other tools that continuously pull mirrors, and as jak stated, APT can be configured to do so as well (although I'm not sure what the canonical way of doing so). So let's not do this here. I don't entirely agree, but disagreement is okay. I do at least recommend accompanying this with a cache age statistic, as we discussed earlier. Kyle
Bug#1028212: prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades
On 2023-10-13 09:17:49, Kyle Fazzari wrote: [...] > I don't entirely agree, but disagreement is okay. I do at least > recommend accompanying this with a cache age statistic, as we discussed > earlier. Right, that would be a better way of going around doing that. I have a separate upstream issue about this, and we can track that problem there: https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/issues/180 We might be able to squeeze that metric along with the hotfix here, that said, we just need to make sure of the better way of reporting that metric. a. -- I've got to design so you can put it together out of garbage cans. In part because that's what I started from, but mostly because I don’t trust the industrial structure—they might decide to suppress us weirdos and try to deny us the parts we need. - Lee Felsenstein
Bug#1028212: prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades
On 2023-10-13 11:59:23, Antoine Beaupré wrote:
> severity 1028212 serious
> tags 1028212 +patch
[...]
> From 3b17a4dcb8caa56191c5be523c874a7f470bd04a Mon Sep 17 00:00:00 2001
[...]
> diff --git a/apt_info.py b/apt_info.py
> index eb1a642..9b1b675 100755
> --- a/apt_info.py
> +++ b/apt_info.py
[...]
> registry = CollectorRegistry()
> _write_pending_upgrades(registry, cache)
> _write_held_upgrades(registry, cache)
That patch doesn't actually apply cleanly on bookworm because upstream
did some refactoring, the attached patch should work better.
A.
--
C'est avec les pierres de la loi qu'on a bâti les prisons,
et avec les briques de la religion, les bordels.
- William Blake
>From 28c179ddfd3d7e0f5bc49b93f924f0dffba5b71d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?=
Date: Fri, 13 Oct 2023 12:29:48 -0400
Subject: [PATCH] do not run apt update or simulate apt dist-upgrade
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is causing all sorts of problems. The first of which is that
we're hitting our poor mirrors every time the script is ran, which, in
the Debian package configuration, is *every 15 minutes* (!!).
The second is that this locks the cache and makes this script
needlessly stumble upon a possible regression in APT from Debian
bookworm and Ubuntu 22.06:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2003851
That still has to be confirmed: it's possible that `apt update` can
hang for a long time, but that shouldn't concern us if we delegate
this work out of band.
I also do not believe actually performing the `dist-upgrade`
calculations is necessary to compute the pending upgrades at all. I've
done work with python-apt for other projects and haven't found that to
be required: the cache has the necessary information about pending
upgrades.
Closes: #179
Signed-off-by: Antoine Beaupré
---
apt_info.py | 9 -
1 file changed, 9 deletions(-)
diff --git a/apt_info.py b/apt_info.py
index 59f3ad7..81a276b 100755
--- a/apt_info.py
+++ b/apt_info.py
@@ -9,7 +9,6 @@
import apt
import collections
-import contextlib
import os
_UpgradeInfo = collections.namedtuple("_UpgradeInfo", ["labels", "count"])
@@ -90,14 +89,6 @@ def _write_reboot_required():
def _main():
cache = apt.cache.Cache()
-# First of all, attempt to update the index. If we don't have permission
-# to do so (or it fails for some reason), it's not the end of the world,
-# we'll operate on the old index.
-with contextlib.suppress(apt.cache.LockFailedException, apt.cache.FetchFailedException):
-cache.update()
-
-cache.open()
-cache.upgrade(True)
_write_pending_upgrades(cache)
_write_held_upgrades(cache)
_write_autoremove_pending(cache)
--
2.39.2
Bug#1052904: marked as pending in pytest-mock
Control: tag -1 pending Hello, Bug #1052904 in pytest-mock reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/packages/pytest-mock/-/commit/346b9c685bc6317546e3ef5b02a71d71a9d9 Regenerate egg-info because it is needed for the unit tests Closes: #1052904 (this message was generated automatically) -- Greetings https://bugs.debian.org/1052904
Processed: Bug#1052904 marked as pending in pytest-mock
Processing control commands: > tag -1 pending Bug #1052904 [src:pytest-mock] pytest-mock: FTBFS: cp: cannot stat '/<>/src/*.egg-info': No such file or directory Added tag(s) pending. -- 1052904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052904 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052904: marked as done (pytest-mock: FTBFS: cp: cannot stat '/<>/src/*.egg-info': No such file or directory)
Your message dated Fri, 13 Oct 2023 17:49:12 +
with message-id
and subject line Bug#1052904: fixed in pytest-mock 3.11.1-2
has caused the Debian Bug report #1052904,
regarding pytest-mock: FTBFS: cp: cannot stat
'/<>/src/*.egg-info': No such file or directory
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1052904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052904
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pytest-mock
Version: 3.11.1-1
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20230925 ftbfs-trixie
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> make[1]: Entering directory '/<>'
> mkdir docs/_static
> sphinx-build -W --keep-going -b html docs docs/_build/html
> Running Sphinx v5.3.0
> making output directory... done
> building [mo]: targets for 0 po files that are out of date
> building [html]: targets for 7 source files that are out of date
> updating environment: [new config] 7 added, 0 changed, 0 removed
> reading sources... [ 14%] about
> reading sources... [ 28%] changelog
> reading sources... [ 42%] configuration
> reading sources... [ 57%] contributing
> reading sources... [ 71%] index
> reading sources... [ 85%] remarks
> reading sources... [100%] usage
>
> looking for now-outdated files... none found
> pickling environment... done
> checking consistency... done
> preparing documents... done
> writing output... [ 14%] about
> writing output... [ 28%] changelog
> writing output... [ 42%] configuration
> writing output... [ 57%] contributing
> writing output... [ 71%] index
> writing output... [ 85%] remarks
> writing output... [100%] usage
>
> generating indices... genindex done
> writing additional pages... search done
> copying static files... done
> copying extra files... done
> dumping search index in English (code: en)... done
> dumping object inventory... done
> build succeeded.
>
> The HTML pages are in docs/_build/html.
> make[1]: Leaving directory '/<>'
>dh_auto_test -O--buildsystem=pybuild
> I: pybuild pybuild:314: cp -r /<>/src/*.egg-info
> /<>/.pybuild/cpython3_3.11_pytest-mock/build
> cp: cannot stat '/<>/src/*.egg-info': No such file or directory
> E: pybuild pybuild:395: test: plugin distutils failed with: exit code=1: cp
> -r /<>/src/*.egg-info
> /<>/.pybuild/cpython3_3.11_pytest-mock/build
> dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.11
> returned exit code 13
The full build log is available from:
http://qa-logs.debian.net/2023/09/25/pytest-mock_3.11.1-1_unstable.log
All bugs filed during this archive rebuild are listed at:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20230925;users=lu...@debian.org
or:
https://udd.debian.org/bugs/?release=na&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=ftbfs-20230925&fusertaguser=lu...@debian.org&allbugs=1&cseverity=1&ctags=1&caffected=1#results
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
--- End Message ---
--- Begin Message ---
Source: pytest-mock
Source-Version: 3.11.1-2
Done: Timo Röhling
We believe that the bug you reported is fixed in the latest version of
pytest-mock, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1052...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Röhling (supplier of updated pytest-mock package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 13 Oct 2023 19:40:04 +0200
Source: pytest-mock
Architecture: source
Version: 3.11.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team
Changed-By: Timo Röhling
Closes: 1052904
Changes:
pytest-mock (3.11.1-2) unstable;
Bug#1052723: marked as done (node-undici: FTBFS: clang: error: linker command failed with exit code 1 (use -v to see invocation))
Your message dated Fri, 13 Oct 2023 18:19:33 + with message-id and subject line Bug#1052723: fixed in node-undici 5.26.3+dfsg1+~cs23.10.12-1 has caused the Debian Bug report #1052723, regarding node-undici: FTBFS: clang: error: linker command failed with exit code 1 (use -v to see invocation) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1052723: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052723 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: node-undici Version: 5.22.1+dfsg1+~cs20.10.10.2-1 Severity: serious Justification: FTBFS Tags: trixie sid ftbfs User: lu...@debian.org Usertags: ftbfs-20230925 ftbfs-trixie Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > make[1]: Entering directory '/<>/llhttp' > rm -rf release/ > rm -rf build/ > ts-node bin/generate.ts > rm -rf release > mkdir -p release/src > mkdir -p release/include > cp -rf build/llhttp.h release/include/ > cp -rf build/c/llhttp.c release/src/ > cp -rf src/native/*.c release/src/ > cp -rf src/llhttp.gyp release/ > cp -rf src/common.gypi release/ > sed s/_RELEASE_/8.1.1/ CMakeLists.txt > release/CMakeLists.txt > cp -rf libllhttp.pc.in release/ > cp -rf README.md release/ > cp -rf LICENSE-MIT release/ > make[1]: Leaving directory '/<>/llhttp' > Found debian/nodejs/./build > cd ./. && sh -ex debian/nodejs/./build > + mkdir -p deps/llhttp/include deps/llhttp/src > + cp llhttp/build/c/llhttp.c deps/llhttp/src/ > + cp llhttp/src/native/api.c llhttp/src/native/http.c deps/llhttp/src/ > + cp llhttp/build/llhttp.h deps/llhttp/include/ > + clang -nodefaultlibs --sysroot=/usr -target wasm32-unknown-wasi -Ofast > -fno-exceptions -fvisibility=hidden -mexec-model=reactor -Wl,-lc > -Wl,-error-limit=0 -Wl,-O3 -Wl,--lto-O3 -Wl,--strip-all -Wl,--allow-undefined > -Wl,--export-dynamic -Wl,--export-table -Wl,--export=malloc -Wl,--export=free > deps/llhttp/src/api.c deps/llhttp/src/http.c deps/llhttp/src/llhttp.c > -Ideps/llhttp/include -o lib/llhttp/llhttp-wasm > wasm-ld-16: error: entry symbol not defined (pass --no-entry to suppress): > rror-limit=0 > clang: error: linker command failed with exit code 1 (use -v to see > invocation) The full build log is available from: http://qa-logs.debian.net/2023/09/25/node-undici_5.22.1+dfsg1+~cs20.10.10.2-1_unstable.log All bugs filed during this archive rebuild are listed at: https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20230925;users=lu...@debian.org or: https://udd.debian.org/bugs/?release=na&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=ftbfs-20230925&fusertaguser=lu...@debian.org&allbugs=1&cseverity=1&ctags=1&caffected=1#results A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! If you reassign this bug to another package, please mark it as 'affects'-ing this package. See https://www.debian.org/Bugs/server-control#affects If you fail to reproduce this, please provide a build log and diff it with mine so that we can identify if something relevant changed in the meantime. --- End Message --- --- Begin Message --- Source: node-undici Source-Version: 5.26.3+dfsg1+~cs23.10.12-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of node-undici, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1052...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated node-undici package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 13 Oct 2023 22:03:31 +0400 Source: node-undici Built-For-Profiles: nocheck Architecture: source Version: 5.26.3+dfsg1+~cs23.10.12-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Yadd Closes: 1052723 1053879 Changes: node-undici (5.26.3+dfsg1+~cs23.10.12-1) unstable; urgency=medium . * Embed @fastify/busboy * New upstream version (Closes: #1053879, CVE-2023-45143) * Unfuzz patches * Fix for clang 16 (Closes: #1052723) * Update copyright * Update lintia
Bug#1028212: prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades
On 2023-10-13 11:40:17, Antoine Beaupré wrote: [...] > What's the magic setting to make apt check those updates on its own? I > often get confused between unattended-upgrades and apt there... Answering my own question, again, on my Debian bookworm machine, there's a `/etc/cron.daily/apt-compat` script (for systemd-less systems) and a `apt-daily.service` service. The latter does `/usr/lib/apt/apt.systemd.daily update` which, if `APT::Periodic::Update-Package-Lists` is set in apt-config(8), will periodically update the package list. I believe that is the canonical and normal way of doing this.
Bug#1053897: src:ansible-core: fails to migrate to testing for too long: autopkgtest regression
Source: ansible-core Version: 2.14.9-2 Severity: serious Control: close -1 2.14.10-1 Tags: sid trixie User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 30 days as having a Release Critical bug in testing [1]. Your package src:ansible-core has been trying to migrate for 31 days [2]. Hence, I am filing this bug. The version in unstable fails its own autopkgtest. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and trixie, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html [2] https://qa.debian.org/excuses.php?package=ansible-core OpenPGP_signature.asc Description: OpenPGP digital signature
Processed: src:ansible-core: fails to migrate to testing for too long: autopkgtest regression
Processing control commands: > close -1 2.14.10-1 Bug #1053897 [src:ansible-core] src:ansible-core: fails to migrate to testing for too long: autopkgtest regression Marked as fixed in versions ansible-core/2.14.10-1. Bug #1053897 [src:ansible-core] src:ansible-core: fails to migrate to testing for too long: autopkgtest regression Marked Bug as done -- 1053897: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053897 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053898: Hardening rsyslog.service breaks debian/tests/logcheck autopkgtest
Source: rsyslog Version: 8.2310.0-1 Severity: serious X-Debbugs-Cc: Richard Lewis The latest update of rsyslog enabled various systemd hardening and security features, specifically: CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_RESOURCE CAP_SYSLOG SystemCallFilter=@system-service NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes ProtectHome=yes ProtectSystem=full ProtectKernelTunables=yes ProtectKernelModules=yes ProtectClock=yes ProtectControlGroups=yes ProtectHostname=yes It turns out that `PrivateTmp=yes` breaks the logcheck autopkgtest. @Richard: as author of that test, could you please that a look at this issue. It currently prevents rsyslog from migrating to testing. https://qa.debian.org/excuses.php?package=rsyslog Regards, Michael
Bug#1053902: imapfilter: unnecessarily build-depends on obsolete pcre3 library
Source: imapfilter Version: 1:2.8.1-1 Severity: serious User: matthew-pcre...@debian.org Usertags: obsolete-pcre3 (wording copied from MBF by Matthew Vernon) Dear maintainer, Your package still build-depends on the old, obsolete PCRE libraries (i.e. libpcre3-dev). This has been end of life for a while now, and upstream do not intend to fix any further bugs in it. Accordingly, I would like to remove the pcre3 libraries from Debian. The newer PCRE2 library was first released in 2015, and has been in Debian since stretch. Upstream's documentation for PCRE2 is available here: https://pcre.org/current/doc/html/ Many large projects that use PCRE have made the switch now (e.g. git, php); it does involve some work, but we are now at the stage where PCRE should not be used, particularly if it might ever be exposed to untrusted input. This mass bug filing was discussed on debian-devel@ in https://lists.debian.org/debian-devel/2021/11/msg00176.html
Bug#1053902: imapfilter: unnecessarily build-depends on obsolete pcre3 library
I am going to upload a NMU to fix this. The changes are pushed to Vcs-Git.
Processed: tags changes for 1002527
Processing commands for cont...@bugs.debian.org: > tags 1002527 patch Bug #1002527 [milter-greylist] milter-greylist -u user does not correctly ensure user can update greylist.db Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 1002527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002527 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1002527: "milter-greylist -u user" considered harmful
X-Debbugs-CC: m...@renich.org, b...@debian.org, t...@zhadum.org.uk, t...@debian.org Hello, How do folks feel about the attached patch (against https://salsa.debian.org/debian/milter-greylist)? It implements Matthias's proposal of allowing the use of a user (and/or group) other than 'greylist' for systemd users as well. I understand it may not be a 100% "solution" that everyone would be happy with (e.g. postinst configure still sets 'greylist' as the owner user and group for /var/lib/milter-greylist), but I think it's an improvement over the current situation, as it makes milter-greylist respect the corresponding setting in its configuration file, and also adds an example of more suitable 'socket' and 'user' settings values to the configuration file for use with a chrooted Postfix. I'd appreciate any comments/feedback on this, but if there aren't any, I'd ask Tobi to sponsor it to unstable for me. Thanks, -a >From cbfdd5fb0dcc45639b313eea5cdf2f580be18f52 Mon Sep 17 00:00:00 2001 From: Amin Bandali Date: Fri, 13 Oct 2023 01:28:35 -0400 Subject: [PATCH] Set user greylist in greylist.conf instead of milter-greylist.service --- debian/changelog | 12 debian/milter-greylist.service | 2 +- debian/patches/greylist.conf | 19 --- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/debian/changelog b/debian/changelog index 3a05494..f36f77a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +milter-greylist (4.6.4-1.2) unstable; urgency=medium + + * QA upload. + * Non-maintainer upload. + * Set user greylist in the configuration file rather than as a +command-line option in the service file (which always takes +precedence) to allow easier customization. (Closes: #1002527) +- debian/milter-greylist.service +- debian/patches/greylist.conf + + -- Amin Bandali Fri, 13 Oct 2023 18:43:39 -0400 + milter-greylist (4.6.4-1.1) unstable; urgency=medium * QA upload. diff --git a/debian/milter-greylist.service b/debian/milter-greylist.service index b5a6e80..bcef86f 100644 --- a/debian/milter-greylist.service +++ b/debian/milter-greylist.service @@ -5,7 +5,7 @@ Before=postfix.service [Service] Type=forking -ExecStart=/usr/sbin/milter-greylist -u greylist +ExecStart=/usr/sbin/milter-greylist Restart=on-failure PrivateTmp=true diff --git a/debian/patches/greylist.conf b/debian/patches/greylist.conf index 6e1d33d..216aae9 100644 --- a/debian/patches/greylist.conf +++ b/debian/patches/greylist.conf @@ -8,23 +8,28 @@ Index: milter-greylist-4.5.11/greylist.conf === --- milter-greylist-4.5.11.orig/greylist.conf 2014-07-30 09:29:48.543484591 +0100 +++ milter-greylist-4.5.11/greylist.conf 2014-07-30 09:29:48.539484522 +0100 -@@ -6,11 +6,17 @@ +@@ -6,11 +6,21 @@ # pidfile "/var/run/milter-greylist.pid" -socket "/var/milter-greylist/milter-greylist.sock" -dumpfile "/var/milter-greylist/greylist.db" 600 ++socket "/var/run/milter-greylist/milter-greylist.sock" +dumpfile "/var/lib/milter-greylist/greylist.db" 600 dumpfreq 1 -+ -+# For sendmail use the following two lines -+socket "/var/run/milter-greylist/milter-greylist.sock" - user "smmsp" +-user "smmsp" ++user "greylist" -+# For Postfix uncomment the following two lines and comment out the -+# sendmail ones above. ++# If using Postfix rather than Sendmail, uncomment the following ++# socket and user settings and comment out the socket and user above. +#socket "/var/run/milter-greylist/milter-greylist.sock" 660 +#user "postfix" ++ ++# If using a chrooted Postfix, you might want to use something like ++# the following instead (where "/var/spool/postfix" is the Postfix ++# chroot): ++#socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 660 ++#user "greylist:postfix" # Log milter-greylist activity to a file #stat ">>/var/milter-greylist/greylist.log" \ -- 2.39.2
