Bug#1073180: python-requests-unixsocket: please replace abandonned python-requests-unixsocket by src:python-requests-unixsocket2 fork
Source: python-requests-unixsocket Version: 0.3.0-4 Severity: serious Justification: FTBFS X-Debbugs-Cc: debian-pyt...@lists.debian.org Dear Maintainers, python-requests-unixsocket is abandonned and was never adapted to work with urllib3 2.x released 2023-04-26. Please consider updating to this fork (versionned 0.4) https://gitlab.com/thelabnyc/requests-unixsocket2 > Since this project seems to be abandoned, > but its longevity is important to my team, > we've forked the project as requests-unixsocket2. > It should be a drop in replacement for this package. > > PyPI: https://pypi.org/project/requests-unixsocket2/0.4.0/ > Repository: https://gitlab.com/thelabnyc/requests-unixsocket2 Fedora already does that: https://src.fedoraproject.org/rpms/python-requests-unixsocket/raw/rawhide/f/python-requests-unixsocket.spec I found out thanks to repology.com. Greetings
Bug#1073179: python-requests-cache: please apply patch for urlllib3 2.x compatibility
Source: python-requests-cache Version: 0.9.8-2 Severity: serious X-Debbugs-Cc: debian-pyt...@lists.debian.org Dear Maintainer, Please consider applying Ubuntu patch to add urllib3 2.x compatibility, or alternatively package a newer version of python-requests-cache https://patches.ubuntu.com/p/python-requests-cache/python-requests-cache_0.9.8-1ubuntu1.patch Greetings Alexandre
Bug#1073178: awscli: please update awsci and/or botocore to support urllib3 2.x
Source: awscli Version: 2.15.22-1 Severity: serious Justification: FTBFS X-Debbugs-Cc: debian-pyt...@lists.debian.org, Noah Meyerhans Dear Maintainers, Please update awscli and/or botocore to untangle the urllib3 2.x transition. https://tracker.debian.org/pkg/python-urllib3 : see failing autopkgtests that leads here: https://github.com/aws/aws-cli/issues/7905 "cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_'" https://github.com/boto/botocore/pull/2924/files Greetings Alexandre
Bug#1072366: libndp: CVE-2024-5564
On Thu, Jun 13, 2024 at 08:17:41PM +0200, Moritz Muehlenhoff wrote: > Thanks, these look good! Please upload to security-master, I'll take care > of the DSA over the weekend. Thanks for verifying, thus just uploaded to security-master. And thanks in advance for taking care of the DSA. Cheers, Flo signature.asc Description: PGP signature
Bug#1073176: gramps: Error with loss of data: TypeError: '<' not supported between instances of 'str' and 'NoneType'
Package: gramps Version: 5.2.2+dfsg-0.1 Severity: grave Justification: causes non-serious data loss Dear Maintainer, New version of gramps in Trixie upgrade. Insisted on upgrading database advising to create backup without means. Upgraded and loaded database. Spat error, lost new record. -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.12-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gramps depends on: ii gir1.2-gtk-3.03.24.42-1 ii librsvg2-22.58.0+dfsg-1 ii python3 3.11.8-1 ii python3-bsddb36.2.9-2+b6 ii python3-gi3.48.2-1 ii python3-gi-cairo 3.48.2-1 ii xdg-utils 1.1.3-4.1 Versions of packages gramps recommends: ii gir1.2-geocodeglib-2.0 3.26.3-6+b2 ii gir1.2-gexiv2-0.10 0.14.2-2+b2 ii gir1.2-osmgpsmap-1.01.2.0-2+b2 ii graphviz2.42.2-9+b1 ii python3-icu 2.13.1-1 Versions of packages gramps suggests: ii fonts-freefont-ttf20211204+svn4273-2 pn gir1.2-goocanvas-2.0 pn gir1.2-gtkspell3-3.0 ii python3-numpy 1:1.26.4+ds-10 ii python3-pil 10.3.0-2 pn rcs -- no debconf information
Bug#1073040: dput: Fails when processing ssh_config_options value: AttributeError: 'list' object has no attribute 'split'
On 12-Jun-2024, Ben Finney wrote: > On 11-Jun-2024, Christoph Berg wrote: > > > File "/usr/share/dput/dput/dput.py", line 1152, in > > upload_files_via_method_scp > > line.strip() for line in ssh_config_options.split("\n")) > > > > AttributeError: 'list' object has no attribute 'split' > > This is a bug in recently refactored code, thank you for finding it. I will > correct that and get you to confirm the fix. At https://salsa.debian.org/debian/dput/-/merge_requests/15> is a merge request proposing to fix this bug. Can you try the resulting Dput package, and confirm whether it corrects the behaviour in your case? -- \ “I like to skate on the other side of the ice.” —Steven Wright | `\ | _o__) | Ben Finney signature.asc Description: PGP signature
Processed: Bug#1073106 marked as pending in swarm-cluster
Processing control commands: > tag -1 pending Bug #1073106 [src:swarm-cluster] swarm-cluster: replace to-be-removed markdown build-dependency Added tag(s) pending. -- 1073106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073106 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073106: marked as pending in swarm-cluster
Control: tag -1 pending Hello, Bug #1073106 in swarm-cluster reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/swarm-cluster/-/commit/790cc43073aa1d80e2b5af2b49dd2650b66c9769 Build-depend on discount instead of markdown Closes: #1073106 (this message was generated automatically) -- Greetings https://bugs.debian.org/1073106
Bug#1073104: marked as done (srst2: replace to-be-removed markdown build-dependency)
Your message dated Fri, 14 Jun 2024 01:19:10 + with message-id and subject line Bug#1073104: fixed in srst2 0.2.0-12 has caused the Debian Bug report #1073104, regarding srst2: replace to-be-removed markdown build-dependency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073104 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: srst2 Version: 0.2.0-11 Severity: serious Control: block 1072958 by -1 Your package build-depends on markdown. Per bug #1063645, markdown is not maintained upstream or in Debian and should be removed. Drop-in alternatives, for examples the suggested `discount` or `python3-markdown` or `libtext-markdown-perl`. `discount` and `libtext-markdown-perl` provide a `markdown` program if your package needs that. --- End Message --- --- Begin Message --- Source: srst2 Source-Version: 0.2.0-12 Done: Charles Plessy We believe that the bug you reported is fixed in the latest version of srst2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Charles Plessy (supplier of updated srst2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jun 2024 09:35:28 +0900 Source: srst2 Architecture: source Version: 0.2.0-12 Distribution: unstable Urgency: medium Maintainer: Debian Med Packaging Team Changed-By: Charles Plessy Closes: 1073104 Changes: srst2 (0.2.0-12) unstable; urgency=medium . * Team upload. * Packaging update * Standards-Version: 4.7.0 (routine-update) * Build-depend on discount instead of markdown (Closes: #1073104) Checksums-Sha1: 683f60c1f3fe5809b82bd4c4671a4b49cec6aa08 2153 srst2_0.2.0-12.dsc a9a59242e6f57c4840805a45f1a8fdf1b49861d8 17948 srst2_0.2.0-12.debian.tar.xz 5580142fb67154b9fd24b5ce16aba3170a83664c 7414 srst2_0.2.0-12_amd64.buildinfo Checksums-Sha256: d5b54344ba21421dc040f99edbf468ea907ff45937179133ba87d8ee560742d9 2153 srst2_0.2.0-12.dsc b6d8dbadd53e2623cb8993e7724830e718cb88977ed5fe40bfb40ab4e3ed0e30 17948 srst2_0.2.0-12.debian.tar.xz 450773f2bdc1c054d500824f6458bdfdf313952db1c82fca4701b0ee7b39e8cd 7414 srst2_0.2.0-12_amd64.buildinfo Files: 164fa81a802a518dccd876742ff9 2153 science optional srst2_0.2.0-12.dsc 838175139f0a92b93ffe9fe18f3027d5 17948 science optional srst2_0.2.0-12.debian.tar.xz b06db73db1a394255fb831db48c6dd4a 7414 science optional srst2_0.2.0-12_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEEc0cUmcxg7Z7ugFlGxb1sjyKV1QIFAmZrlSsSHHBsZXNzeUBk ZWJpYW4ub3JnAAoJEMW9bI8ildUC5jsP/AyP8A6jwwHBGTv0ppiAdZSIBUZ/BaL1 10TpkKB3eC6HzKut8sUBxQlV7fv6Dtw/IHTNTKdiWBpTphyLRIVXjTR7VUfNM38C AfzjYrBnpohvsD/xqB3DcKwCTzlqp3i4QIZP+vCQVDX4+EXO3mZF7P3gIrcKWuOk OoiEFeUhBL2XoLTPUCJF7vTqF0Er63+4zTNSIorAv9doIf4hD/EUeHpLuLUmUw0E DIlLmKPxkgFQj8zYBbswsVOq4/niWGnTKOFR6d8rcD1TI5bsX/ZaOE4MAIWUcpFq EvhGSGcKpc+GlxHcYwy7Dmt0WE+p5ePKs8R/YJFs6rIV/GdP+sLy+wijWzwcUIZt a5N2cuSGYCshR+C3glxvhcHqHjAdskxuajMs5w7sGjRNF2fWWkwGLcsKr/GnJSEI vWQDJyTAQ8Nlcfdeh4Wl5yo8UrP+01KiwrokVRsPaHcUDszdrbxVV/j934w7w4Qv NBAI4rli8ugrKZ3ukjSYcSeQsEmR1KdM2Ab/rl/4OBad6FBsinbx1C4YaeoXbrMS DmfHAGhs+XzeorGpk4juXsKR+x59X1MNjX6R6mm4ZzAN/c6tnYGZ15pjPr7vC/9X Ije1mU3cpM9pV5I+ie6Be4kSHknqnfiIJhN3+GiOyh64CplVBXVnGibvn+SvqZwb 6JxhRPN2b9Vw =pmBd -END PGP SIGNATURE- pgpsgMiJbgglU.pgp Description: PGP signature --- End Message ---
Processed: Bug#1073105 marked as pending in ssake
Processing control commands: > tag -1 pending Bug #1073105 [src:ssake] ssake: replace to-be-removed markdown build-dependency Added tag(s) pending. -- 1073105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073105 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073105: marked as pending in ssake
Control: tag -1 pending Hello, Bug #1073105 in ssake reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/ssake/-/commit/e182ba7de0f9b15d434fec946810055d09abbca3 Build-depend on discount instead of Markown Closes: #1073105 (this message was generated automatically) -- Greetings https://bugs.debian.org/1073105
Bug#1073103: marked as done (scythe: replace to-be-removed markdown build-dependency)
Your message dated Fri, 14 Jun 2024 00:49:09 + with message-id and subject line Bug#1073103: fixed in scythe 0.994+git20141017.20d3cff-5 has caused the Debian Bug report #1073103, regarding scythe: replace to-be-removed markdown build-dependency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073103 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: scythe Version: 0.994+git20141017.20d3cff-4 Severity: serious Control: block 1072958 by -1 Your package build-depends on markdown. Per bug #1063645, markdown is not maintained upstream or in Debian and should be removed. Drop-in alternatives, for examples the suggested `discount` or `python3-markdown` or `libtext-markdown-perl`. `discount` and `libtext-markdown-perl` provide a `markdown` program if your package needs that. --- End Message --- --- Begin Message --- Source: scythe Source-Version: 0.994+git20141017.20d3cff-5 Done: Charles Plessy We believe that the bug you reported is fixed in the latest version of scythe, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Charles Plessy (supplier of updated scythe package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jun 2024 08:54:07 +0900 Source: scythe Architecture: source Version: 0.994+git20141017.20d3cff-5 Distribution: unstable Urgency: medium Maintainer: Debian Med Packaging Team Changed-By: Charles Plessy Closes: 1073103 Changes: scythe (0.994+git20141017.20d3cff-5) unstable; urgency=medium . * Team upload. * Build-depend on discount instead of makdown (Closes: #1073103) * Set upstream metadata fields: Bug-Submit. Checksums-Sha1: 8e40aed3ebd436088095a60da7f1e539630e9b65 2118 scythe_0.994+git20141017.20d3cff-5.dsc 0661136d9c086a981914e23cd5a3e64a4c03d2bb 6636 scythe_0.994+git20141017.20d3cff-5.debian.tar.xz 08c8134c9a4642b1e1f75d7fbefa066f136234e7 6391 scythe_0.994+git20141017.20d3cff-5_amd64.buildinfo Checksums-Sha256: 2e7e8c1ec3080583e44e1d915398b84e4c172b6eb4524f9db35fd7e696c97121 2118 scythe_0.994+git20141017.20d3cff-5.dsc 2ca44b523196b913fc65646427ea6c8dcdff6853d44f42e7cd757ab96cc5f7e5 6636 scythe_0.994+git20141017.20d3cff-5.debian.tar.xz e4ce1bfad1eda8e22d6ddbbe6f5a093481c7dc214daa7a6b0f2e955c8b28fa7d 6391 scythe_0.994+git20141017.20d3cff-5_amd64.buildinfo Files: 21281eb5a202d0d3a73baf0ab715461f 2118 science optional scythe_0.994+git20141017.20d3cff-5.dsc 0a89976836bda33fc723210dc6ceb164 6636 science optional scythe_0.994+git20141017.20d3cff-5.debian.tar.xz 54a22e6a064f731d3f7787413479bc72 6391 science optional scythe_0.994+git20141017.20d3cff-5_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEEc0cUmcxg7Z7ugFlGxb1sjyKV1QIFAmZrjUgSHHBsZXNzeUBk ZWJpYW4ub3JnAAoJEMW9bI8ildUCK3sP/jeUE06kvb7vIdwplsWBA6txtQ3PWeGZ /wxYHrHibP4d15CjmZGuDF4X7GKD7gIj5szlLOTs9i0vuqsVPy0/zXkCLTefpBmU EUuBhR7mAiq5DuUyOnByDEFFzave6DNG/sQkM89ATZuKDBjLWhwrliyAiAQplKdd 6TtM5WMRCLsCoAsNYyfpVBelPEgFRc7M4bLfFGnh/jP+kqHBm5mu+p/kJxz3eFdb ITE6ZjpCPgSEp5JlBGhdtqaLIFURYyDKDnP6JVVqkBFvOxAm/VJSouk31YcybTjP FU/huX+GdKYDjO98fD1DV5+Tfu5vOxHd+LvR7EYNufqRz5pfgV8UP7hiVoK9QXwo upL8VabqMhtwccHthxhoEbJlczqiOaBkCxl7i9AwuQvidRys3HC/ultwPNrWlvrb d6eCEWRk5u971Pizpe6Unb7jyocFIuc60kyj3bABgoyQNFv2eUyn6pFv3ogK+5R1 UPbYDMMxOHr7VHq2quf24UJ7R+XyQveB6ISX2tsF528Nzs87a+eXcqXNcGs24xeO jEMzWWHMw/D/FhWn5CMW/DD+df7HSnffZ7bb1v5RKqhVJcvkffvlz5lCgm35jFWt tgSSa6hjeaTkjutvQ2E2/9wO6/aXWRNQM73+3xMzZL30MqjhYY8yfF7aq28orrU6 Jo6x9MAbnIMI =tI7b -END PGP SIGNATURE- pgpSC__udAdkm.pgp Description: PGP signature --- End Message ---
Processed: Bug#1073104 marked as pending in srst2
Processing control commands: > tag -1 pending Bug #1073104 [src:srst2] srst2: replace to-be-removed markdown build-dependency Added tag(s) pending. -- 1073104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073104 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073104: marked as pending in srst2
Control: tag -1 pending Hello, Bug #1073104 in srst2 reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/srst2/-/commit/5f8b6e6042855ddba33a608e8541be063303041a Build-depend on discount instead of markdown Closes: #1073104 (this message was generated automatically) -- Greetings https://bugs.debian.org/1073104
Bug#1073095: marked as done (hilive: replace to-be-removed markdown build-dependency)
Your message dated Fri, 14 Jun 2024 00:06:13 + with message-id and subject line Bug#1073095: fixed in hilive 2.0a-4 has caused the Debian Bug report #1073095, regarding hilive: replace to-be-removed markdown build-dependency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073095: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073095 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: hilive Version: 2.0a-3 Severity: serious Control: block 1072958 by -1 Your package build-depends on markdown. Per bug #1063645, markdown is not maintained upstream or in Debian and should be removed. Drop-in alternatives, for examples the suggested `discount` or `python3-markdown` or `libtext-markdown-perl`. `discount` and `libtext-markdown-perl` provide a `markdown` program if your package needs that. --- End Message --- --- Begin Message --- Source: hilive Source-Version: 2.0a-4 Done: Charles Plessy We believe that the bug you reported is fixed in the latest version of hilive, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Charles Plessy (supplier of updated hilive package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jun 2024 08:36:14 +0900 Source: hilive Architecture: source Version: 2.0a-4 Distribution: unstable Urgency: medium Maintainer: Debian Med Packaging Team Changed-By: Charles Plessy Closes: 1073095 Changes: hilive (2.0a-4) unstable; urgency=medium . * Team upload * Build-depend on discount instead of markdown (Closes: #1073095) * Fix debian/watch * Standards-Version: 4.7.0 (routine-update) * debhelper-compat 13 (routine-update) * Rules-Requires-Root: no (routine-update) * Set upstream metadata fields: Bug-Database, Bug-Submit. Checksums-Sha1: 32c3195478279c48d157a3cb83ee33f9f05b0fb8 2118 hilive_2.0a-4.dsc ed28dc5d15857303f512465c47adc3a9aa32ef3d 9160 hilive_2.0a-4.debian.tar.xz fec205bd3493a355cc9cba95877c7ae3049a657f 8107 hilive_2.0a-4_amd64.buildinfo Checksums-Sha256: 26ba7a5ba57230298fbfa233a4229a0ec6d49143eaeb8dc182c8ace1ac2d4f0b 2118 hilive_2.0a-4.dsc 04497470e67f179dad42efb1d3773e9f84904c13b79fbfc8600508f084fbb3c6 9160 hilive_2.0a-4.debian.tar.xz 6624b65f6a1dddb2de88f340ee0a17e7efd9f85438b3c1aa5c4a20e8d923ec00 8107 hilive_2.0a-4_amd64.buildinfo Files: 078c68183b003f610558432917719ae7 2118 science optional hilive_2.0a-4.dsc 93489243120b9716f0e6696b85e2b2bd 9160 science optional hilive_2.0a-4.debian.tar.xz 39c0a242328b02f69fbb558db030c79a 8107 science optional hilive_2.0a-4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEEc0cUmcxg7Z7ugFlGxb1sjyKV1QIFAmZrhPgSHHBsZXNzeUBk ZWJpYW4ub3JnAAoJEMW9bI8ildUCp98P/1YxmF1HyuudP4YFRIA9V1IC2kxF43K4 4HmLLTEaVW+7WT1ZDwXO6aHhux+5jTlxWQbMiso3fxl9AB3IGPOsub/OE37M13/J a5Ap/Z+2t9VeMoPvu0fCH3+DP+y4J3vmFPIWUZtp26HD6tX4s6FuYTA+69tpQ+U1 PAy2QXU1xs7/e69mVAJIPrOBaC/cot23wtQRcgnwMWMW18NjI+rai3E83FFzy9CM rtNT3UJNaDhUFPqXKI9lHAkhfS2g8zEo3vrDjXMKR2fSOnKVf+y0+NbujMUSEHgZ s96CC0XL6Fajd7CJ/a/Yr+mjEOVukMhQo4c1Ntf1GY2OzRj2a+9qFJVc9XBs9Btv 8Rdb116rTxVqHDVlYOiRpMDPdujB/orsfpc8r+VkwN/IMp/Xsn91R3/dmhfCwtW0 5K1HqtytFF9lcE48q4ERsiJ/vRd9Ni3snhjgntWQEgqejlN9532tL0deq8YbY7v4 DXWNnpUqgRwUOLkuWeMKTv4CrGymTIvd7o08HjQYNcJL5SVSJX/FSvGEbgqcBhRC 6SkfTy9VJokgfTzsqOsrTeSO23XIx/EMEh06t3j6Bi/6iYZ/iqNlOQ3M3f+qk8hP ca7N4O7X8+gdgaE+/8asoFM9r+dkeqKlR73AASgjwEV4XOPju+w1sJE64izMXpQC n6GRd1Q3JcfF =wtNX -END PGP SIGNATURE- pgpxu6Tx9Sbmu.pgp Description: PGP signature --- End Message ---
Processed: Bug#1073103 marked as pending in scythe
Processing control commands: > tag -1 pending Bug #1073103 [src:scythe] scythe: replace to-be-removed markdown build-dependency Added tag(s) pending. -- 1073103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073103 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073103: marked as pending in scythe
Control: tag -1 pending Hello, Bug #1073103 in scythe reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/scythe/-/commit/953eea5245cbf129820dc601f3c0669fe55b055b Build-depend on discount instead of makdown Closes: #1073103 (this message was generated automatically) -- Greetings https://bugs.debian.org/1073103
Processed: Bug#1073098 marked as pending in libvcflib
Processing control commands: > tag -1 pending Bug #1073098 [src:libvcflib] libvcflib: replace to-be-removed markdown build-dependency Added tag(s) pending. -- 1073098: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073098 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073098: marked as pending in libvcflib
Control: tag -1 pending Hello, Bug #1073098 in libvcflib reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/libvcflib/-/commit/becbc3630213bcc3e3137abdd792abbb66c140bc Build-depend on discount instead of markdown Closes: #1073098 (this message was generated automatically) -- Greetings https://bugs.debian.org/1073098
Processed: Bug#1073095 marked as pending in hilive
Processing control commands: > tag -1 pending Bug #1073095 [src:hilive] hilive: replace to-be-removed markdown build-dependency Added tag(s) pending. -- 1073095: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073095 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073095: marked as pending in hilive
Control: tag -1 pending Hello, Bug #1073095 in hilive reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/hilive/-/commit/904fb9ec71de3d067f31607f6d7998a4fc3953a3 Build-depend on discount instead of markdown Closes: #1073095 (this message was generated automatically) -- Greetings https://bugs.debian.org/1073095
Bug#1072977: marked as done (apt-listbugs 0.1.42 is broken)
Your message dated Fri, 14 Jun 2024 00:49:15 +0200 with message-id <20240614004915.0844e4e3d0aba4539f1c8...@paranoici.org> and subject line Re: Bug#1072977: apt-listbugs 0.1.42 is broken has caused the Debian Bug report #1072977, regarding apt-listbugs 0.1.42 is broken to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1072977: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072977 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apt-listbugs Version: 0.1.42 Severity: grave Hi, Since the upgrade to version 0.1.42, apt-listbugs doesn't work anymore. As examplen the command apt-listbugs list apt-lisbugs gave the error: Retrieving bug reports... 0% Fail Error retrieving bug reports from the server with the following error message: E: SSL_connect returned=1 errno=0 peeraddr=[2605:bc80:3010:b00:0:deb:166:212]:443 state=error: certificate verify failed (unable to get local issuer certificate) It could be because your network is down, or because of broken proxy servers, or the BTS server itself is down. Check network configuration and try again I downgrade apt-listbugs to the version 0.1.41-nmu1, it works just fine. System: debian/sid apt-listbugs depends on: apt (2.9.4) ruby (any, installed version 1:3.1+nmu1) ruby-debian (0.3.10+b10) ruby-gettex (3.3.3-2) ruby-soap4r (2.0.5-6) ruby-unicode (0.4.4.4-1+b6) ruby-xmlparser (0.7.3-4+b5) recommends: ruby-httpclient (2.8.3+git20211122.4658227-1) I don't figure out why this issue occurs. Cheers. -- Karine Crévecœur --- End Message --- --- Begin Message --- On Thu, 13 Jun 2024 09:47:20 +0200 Karine Crèvecœur wrote: > Hi Francesco, > > I'm very sorry, this bug was my fault. I have installed some gems > globally (in /var/lib/gems/3.1.0/). The library hhtpclient 2.8.3 was > also installed as a gem. And since I uninstall it your little script > works. So the "bug" is solved. I should have started with that. > > I installed again apt-listbugs 0.1.42 to check it works. This is great news, I am glad that you found where the issue was. I am therefore closing this bug report as a non-bug. > > I apologize to waste your time. Don't worry about that: you legitimately reported an issue that could potentially affect other users too, it's just that it was later found out that the issue was not in apt-listbugs! ;-) > > Thanks for your help. You're welcome! :-) Have a nice day. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpbKWxCp1YhS.pgp Description: PGP signature --- End Message ---
Bug#1073112: marked as done (daemontools: autopkgtest daemontools-run-systemd is flaky)
Your message dated Thu, 13 Jun 2024 22:04:12 + with message-id and subject line Bug#1073112: fixed in daemontools 1:0.76-12 has caused the Debian Bug report #1073112, regarding daemontools: autopkgtest daemontools-run-systemd is flaky to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073112: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073112 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: daemontools Severity: serious Justification: flaky debci is RC as per RT User: debian...@lists.debian.org Usertags: flaky Dear maintainer(s), The daemontools-run-systemdautopkgtest is flaky, and often requires a retry to pass, with no other changes. As per RT, this is RC. Example: https://ci.debian.net/packages/d/daemontools/testing/riscv64/47570489/ https://ci.debian.net/packages/d/daemontools/testing/riscv64/47570489/ https://ci.debian.net/packages/d/daemontools/testing/riscv64/47664507/ -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part --- End Message --- --- Begin Message --- Source: daemontools Source-Version: 1:0.76-12 Done: Jan Mojžíš We believe that the bug you reported is fixed in the latest version of daemontools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jan Mojžíš (supplier of updated daemontools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 23:32:18 +0200 Source: daemontools Architecture: source Version: 1:0.76-12 Distribution: unstable Urgency: medium Maintainer: Joost van Baal-Ilić Changed-By: Jan Mojžíš Closes: 1073112 Changes: daemontools (1:0.76-12) unstable; urgency=medium . * d/t/daemontools-run-systemd update test timeouts (Closes: 1073112) Checksums-Sha1: bf289d547df6c11df4209595d3f023c71e756e47 2063 daemontools_0.76-12.dsc 4ad214b2de52f0ad0159297e5979567ee6dcdb60 20608 daemontools_0.76-12.debian.tar.xz e211bf021606581a2b4824da4eaf1b196681d233 6394 daemontools_0.76-12_source.buildinfo Checksums-Sha256: 81de7b5e8c363481ede0ab6b5cd628b9d0147874f9d87ed11a7a4114b0341e1c 2063 daemontools_0.76-12.dsc 4b13c8df6ecd41b8d5a3109298dfbeda976837a8ac0a50744c9e84ccc6629e05 20608 daemontools_0.76-12.debian.tar.xz 725b61878f7a91be47dcd3c27b9aecd9954eda85faa1ae039af797a2b163497c 6394 daemontools_0.76-12_source.buildinfo Files: 1805c182c7a21e8dd7bc3101a60f2cb6 2063 admin optional daemontools_0.76-12.dsc 2822526cd3bc9a047aba1017d94ee20e 20608 admin optional daemontools_0.76-12.debian.tar.xz 31e4547c912ae5b62ae1f073b9e75c06 6394 admin optional daemontools_0.76-12_source.buildinfo -BEGIN PGP SIGNATURE- iQJJBAEBCgAzFiEE0Aiwwj2EeeRrn8uQRdpRdJaTn/kFAmZraAgVHGphbi5tb2p6 aXNAZ21haWwuY29tAAoJEEXaUXSWk5/5Je8QAIn+19wa2vKKx5fZC8muHCwQrWym 3gXdQ/lPg82K3eDB7UlVoGXfW0D4ki5X6Wrz2D1jGWT8hKMQXrvm/K4VTWLCXX06 ple6n3m2d8Qb5xZrfgB82WGHzje96wYJqeW8/D8Ir69RAJFULq5Moil7n/QVJwDJ QOBPBlz2V9KADQ1ry2X2dd6xm19pYdsOxqaUxlSpgv3zDdYzP3ZDHy8J6BJxYCNj Fvz6R06yCQV706gdpowsQcx2klarF+JQzwyjrOYNYheBMipM+TyhzNB/7lPWHXrI rkkhGk0dvqMJXIUf6Qm704z3gBmU+jmzZeH5F2RnqN7r4OinlaI/Y9U9lHqh2t6W kDL/decnSPPpiGOQEPUiAAjZx90USrTs1yu7somK4idZXx/P81mHP0TqcGt3YmPT EHfQq+YiEhb6CUu6jpnUBSGCEQr3DWm7E2F1QMi8r5W8/rmHEvj27U0Wx6g+9ahi z3c7XH2wOy3Wf6O9oHDYJr6YTW52rwwQdPEigRx/J4JROslKe71c+f4zpWTNAfv0 WKyc4K5WkcBJ+TfAHfTAYulgRJiPftg6PU+pWCoJVWyq3ghsjxLyGl5yLAKSt0mb wmngIarXelqDCxLNbLFBNtAv/sYJ2rFTxifhwxuCp9o/A3Sfcu+lumzSiKMKq4zq ohqFsMW1tEpr/c4I =30xe -END PGP SIGNATURE- pgpr_xKjbsJbg.pgp Description: PGP signature --- End Message ---
Processed: merging 1073076 1073078
Processing commands for cont...@bugs.debian.org: > merge 1073076 1073078 Bug #1073076 [src:pd-iemmatrix] pd-iemmatrix: autopkgtest regression on s390x: failing test doesn't stop Bug #1073076 [src:pd-iemmatrix] pd-iemmatrix: autopkgtest regression on s390x: failing test doesn't stop Added tag(s) sid and trixie. Bug #1073078 [src:pd-iemmatrix] puredata breaks pd-iemmatrix autopkgtest: it now times out Marked as found in versions pd-iemmatrix/0.4.0-1. Merged 1073076 1073078 > thanks Stopping processing here. Please contact me if you need assistance. -- 1073076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073076 1073078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073110: marked as done (vsearch: replace to-be-removed markdown build-dependency)
Your message dated Thu, 13 Jun 2024 21:21:43 + with message-id and subject line Bug#1073110: fixed in vsearch 2.28.1-2 has caused the Debian Bug report #1073110, regarding vsearch: replace to-be-removed markdown build-dependency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073110: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073110 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: vsearch Version: 2.28.1-1 Severity: serious Control: block 1072958 by -1 Your package build-depends on markdown. Per bug #1063645, markdown is not maintained upstream or in Debian and should be removed. Drop-in alternatives, for examples the suggested `discount` or `python3-markdown` or `libtext-markdown-perl`. `discount` and `libtext-markdown-perl` provide a `markdown` program if your package needs that. --- End Message --- --- Begin Message --- Source: vsearch Source-Version: 2.28.1-2 Done: Étienne Mollier We believe that the bug you reported is fixed in the latest version of vsearch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Étienne Mollier (supplier of updated vsearch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 22:47:23 +0200 Source: vsearch Architecture: source Version: 2.28.1-2 Distribution: unstable Urgency: medium Maintainer: Debian Med Packaging Team Changed-By: Étienne Mollier Closes: 1073110 Changes: vsearch (2.28.1-2) unstable; urgency=medium . * d/control: replace markdown by libtext-markdown-perl. (Closes: #1073110) Checksums-Sha1: 4741e285f16a0f18793a7fedeca32241ee3c29ee 2330 vsearch_2.28.1-2.dsc 9825cbe28e62c0aad49b0dfe9bea9e0cd2f3 1631644 vsearch_2.28.1-2.debian.tar.xz Checksums-Sha256: 22138d5d8fbd3a1581bc1ce8fa2e804c2cc47b7e0c3548d64b2c9ebde295ca72 2330 vsearch_2.28.1-2.dsc bcece94da0fde35b63cd6c84387a49ee49627373dc2fb3acf7a151035f39f6e3 1631644 vsearch_2.28.1-2.debian.tar.xz Files: 015f646617aa0f14af5f49505966ec02 2330 science optional vsearch_2.28.1-2.dsc b5f06c52be95f6e7cf3f371705eef580 1631644 science optional vsearch_2.28.1-2.debian.tar.xz -BEGIN PGP SIGNATURE- iQJHBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmZrW58UHGVtb2xsaWVy QGRlYmlhbi5vcmcACgkQeTz2fo8NEdpEwg/1E53ib8GAc804jOsPYpgmkOYsSmyG xEw1Q4orCVl7LVl4fMIxq5NBFOhBmeNBqELjpf6CcJM+RDqG00Bx9JHz/gMqemXn HHtEzzradP13IsBdEtiOBX+xjzg3dloznzkKuT2fYRGg/3tOqHkEv8KuTkCzWkki lXFNrH4EMttR8Uh+XlS7N1GiO0YSp21XOC2sabXFcN+M2+OdGF2F8MMpwM9GGWM3 xWw8Vur02xQTlSjjvMEdEqNXoEchXv487YtfikmZmP04fnezqFanwhnplwM3OQj4 Tf9j2clQWjfxwzYdQWKu/v2pnWPqhsWr5ctBnIpBDc90LuPTnYkowaYth6/JSFwr Ncv7izFSPLMOJ7wArzBvv0sxLuQDij5MNyjSdWwMmpmfmZeOZB2N8XFHqNVwEOAu 6P9v7XSXaB/PiP+ZuDmxHqaIIsBai9l3YlqSvimlue6LNO2cnvd7wFJID5liUatR LDbWZ45XmlwR4hrwRZ2l+OTEJANmV5g2nqf2knsgjEx0Xt7+cnSI6grbAP0f98ZJ Kmq3RepWygPKwDux1eXP0vzZbJ/O9cfEUYd5PscfGhkdZHXn4E6EArafMpeLIJTb hQBZ0jgkRMj/zKHZpC3yI0pSmOeUmOswHILdtdqXuJz+5u9AOYU1uYVJL6YELmeq u3e1EaCRBZThdg== =Y2Ch -END PGP SIGNATURE- pgp_8rqecxbZx.pgp Description: PGP signature --- End Message ---
Bug#1072792: marked as done (nvidia-graphics-drivers: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092)
Your message dated Thu, 13 Jun 2024 21:17:35 + with message-id and subject line Bug#1072792: fixed in nvidia-graphics-drivers 470.256.02-1 has caused the Debian Bug report #1072792, regarding nvidia-graphics-drivers: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1072792: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072792 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: nvidia-graphics-drivers Severity: serious Tags: security upstream X-Debbugs-Cc: Debian Security Team Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6 Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0090, CVE-2024-0092 Control: tag -2 + wontfix Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4 Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0090, CVE-2024-0092 Control: tag -3 + wontfix Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1 Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0090, CVE-2024-0092 Control: tag -4 + wontfix Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1 Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0090, CVE-2024-0092 Control: tag -5 + wontfix Control: close -5 450.248.02-4 Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1 Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0090, CVE-2024-0092 Control: tag -6 + wontfix Control: close -6 460.106.00-3 Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1 Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0090, CVE-2024-0092 Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1 Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0090, CVE-2024-0092 Control: found -8 515.48.07-1 Control: found -8 525.60.13-1 Control: tag -8 + wontfix Control: close -8 525.147.05-6 Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1 Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092 Control: found -9 520.56.06-1 Control: found -9 525.85.12-1 Control: found -9 530.30.02-1 Control: found -9 535.43.02-1 Control: found -9 545.23.06-1 Control: found -9 550.40.07-1 Control: found -9 555.42.02-1 Control: found -1 340.24-1 Control: found -1 343.22-1 Control: found -1 396.18-1 Control: found -1 430.14-1 Control: found -1 455.23.04-1 Control: found -1 465.24.02-1 Control: found -1 495.44-1 Control: found -1 515.48.07-1 Control: found -1 520.56.06-1 Control: found -1 525.53-1 Control: found -1 530.30.02-1 Control: found -1 535.43.02-1 Control: found -1 545.23.06-1 Control: found -1 550.40.07-1 Control: found -1 555.42.02-1 https://nvidia.custhelp.com/app/answers/detail/a_id/5551 CVE-2024-0090 NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2024-0091 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. CVE-2024-0092 NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. Linux Driver Branch CVE IDs Addressed R555, R550 CVE-2024-0090, CVE-2024-0091, CVE-2024-0092 R535, R470 CVE-2024-0090, CVE-2024-0092 Driver Branch Affected Driver VersionsUpdated Driver Version R555All driver versions prior to 555.52.04 555.52.04 R550All driver versions prior to 550.90.07 550.90.07 R535All driver versions prior to 535.183.01 535.183.01 R470All driver versions prior to 470.256.02 470.256.02 Andreas --- End Message --- --- Begin Message --- Source: nvidia-graphics-drivers Source-Version: 470.256.02-1 Done: Andreas Beckmann We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, wh
Bug#1072366: libndp: CVE-2024-5564
Hi Florian, > Please give those packages an additional check, and feel free to just > upload them when they indeed meet your requirements, or briefly ping me > back for me to upload them / possibly apply further changes, whatever > suits you best. Thanks, these look good! Please upload to security-master, I'll take care of the DSA over the weekend. Cheers, Moritz
Processed: Bug#1073110 marked as pending in vsearch
Processing control commands: > tag -1 pending Bug #1073110 [src:vsearch] vsearch: replace to-be-removed markdown build-dependency Added tag(s) pending. -- 1073110: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073110 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073110: marked as pending in vsearch
Control: tag -1 pending Hello, Bug #1073110 in vsearch reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/vsearch/-/commit/a4fa2c4d247d891ca7358d457b8154c1424af820 d/control: replace markdown by libtext-markdown-perl. Closes: #1073110 (this message was generated automatically) -- Greetings https://bugs.debian.org/1073110
Processed: src:libabigail: fails to migrate to testing for too long: uploader built arch:all binaries
Processing control commands: > close -1 2.5-1 Bug #1073170 [src:libabigail] src:libabigail: fails to migrate to testing for too long: uploader built arch:all binaries Marked as fixed in versions libabigail/2.5-1. Bug #1073170 [src:libabigail] src:libabigail: fails to migrate to testing for too long: uploader built arch:all binaries Marked Bug as done -- 1073170: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073170 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073170: src:libabigail: fails to migrate to testing for too long: uploader built arch:all binaries
Source: libabigail Version: 2.4-3 Severity: serious Control: close -1 2.5-1 Tags: sid trixie pending User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 30 days as having a Release Critical bug in testing [1]. Your package src:libabigail has been trying to migrate for 41 days [2]. Hence, I am filing this bug. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and trixie, so it doesn't affect (old-)stable. Your package is only blocked because the arch:all binary package(s) aren't built on a buildd. Unfortunately the Debian infrastructure doesn't allow arch:all packages to be properly binNMU'ed. Hence, I will shortly do a no-changes source-only upload to DELAYED/15, closing this bug. Please let me know if I should delay or cancel that upload. Paul [1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html [2] https://qa.debian.org/excuses.php?package=libabigail OpenPGP_signature.asc Description: OpenPGP digital signature
Processed: src:mold: fails to migrate to testing for too long: FTBFS on armel
Processing control commands: > close -1 2.31.0+dfsg-1 Bug #1073168 [src:mold] src:mold: fails to migrate to testing for too long: FTBFS on armel Marked as fixed in versions mold/2.31.0+dfsg-1. Bug #1073168 [src:mold] src:mold: fails to migrate to testing for too long: FTBFS on armel Marked Bug as done -- 1073168: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073168 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073168: src:mold: fails to migrate to testing for too long: FTBFS on armel
Source: mold Version: 2.30.0+dfsg-1 Severity: serious Control: close -1 2.31.0+dfsg-1 Tags: sid trixie ftbfs User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 30 days as having a Release Critical bug in testing [1]. Your package src:mold has been trying to migrate for 41 days [2]. Hence, I am filing this bug. The version in unstable failed to build on armel. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and trixie, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html [2] https://qa.debian.org/excuses.php?package=mold OpenPGP_signature.asc Description: OpenPGP digital signature
Processed: src:rxtx: fails to migrate to testing for too long: FTBFS nearly everywhere
Processing control commands: > close -1 2.2.0+dfsg-3 Bug #1073167 [src:rxtx] src:rxtx: fails to migrate to testing for too long: FTBFS nearly everywhere Marked as fixed in versions rxtx/2.2.0+dfsg-3. Bug #1073167 [src:rxtx] src:rxtx: fails to migrate to testing for too long: FTBFS nearly everywhere Marked Bug as done > block -1 by 1070417 Bug #1073167 {Done: Paul Gevers } [src:rxtx] src:rxtx: fails to migrate to testing for too long: FTBFS nearly everywhere 1073167 was not blocked by any bugs. 1073167 was not blocking any bugs. Added blocking bug(s) of 1073167: 1070417 -- 1073167: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073167 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073167: src:rxtx: fails to migrate to testing for too long: FTBFS nearly everywhere
Source: rxtx Version: 2.2.0+dfsg-2 Severity: serious Control: close -1 2.2.0+dfsg-3 Tags: sid trixie User: release.debian@packages.debian.org Usertags: out-of-sync Control: block -1 by 1070417 Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 30 days as having a Release Critical bug in testing [1]. Your package src:rxtx has been trying to migrate for 43 days [2]. Hence, I am filing this bug. The version in unstable failed to build as reported in bug 1070417. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and trixie, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html [2] https://qa.debian.org/excuses.php?package=rxtx OpenPGP_signature.asc Description: OpenPGP digital signature
Processed: your mail
Processing commands for cont...@bugs.debian.org: > found 1069163 4:20.08.3-1 Bug #1069163 {Done: Patrick Franz } [libkf5kmanagesieve5] libkf5kmanagesieve5: CVE-2023-52723: sends password as username when authenticating against sieve servers Marked as found in versions libkf5ksieve/4:20.08.3-1. > End of message, stopping processing here. Please contact me if you need assistance. -- 1069163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: src:golang-golang-x-tools: fails to migrate to testing for too long: triggers autopkgtest issues
Processing control commands: > merge -1 1072779 Bug #1073165 {Done: Paul Gevers } [src:golang-golang-x-tools] src:golang-golang-x-tools: fails to migrate to testing for too long: triggers autopkgtest issues Bug #1072779 {Done: Paul Gevers } [src:golang-golang-x-tools] src:golang-golang-x-tools: fails to migrate to testing for too long: triggers autopkgtest issues Merged 1072779 1073165 -- 1072779: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072779 1073165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073165: src:golang-golang-x-tools: fails to migrate to testing for too long: triggers autopkgtest issues
Control: merge -1 1072779 Sorry for the noise, I wasn't paying enough attention that I already filed this report earlier. On Thu, 13 Jun 2024 22:36:00 +0200 Paul Gevers wrote: Source: golang-golang-x-tools Version: 1:0.19.0+ds-1 Severity: serious Control: close -1 1:0.20.0+ds-1 Tags: sid trixie User: release.debian@packages.debian.org Usertags: out-of-sync Paul OpenPGP_signature.asc Description: OpenPGP digital signature
Processed: src:django-pipeline: fails to migrate to testing for too long: autopkgtest failure
Processing control commands: > close -1 3.0.0-2 Bug #1073166 [src:django-pipeline] src:django-pipeline: fails to migrate to testing for too long: autopkgtest failure Marked as fixed in versions django-pipeline/3.0.0-2. Bug #1073166 [src:django-pipeline] src:django-pipeline: fails to migrate to testing for too long: autopkgtest failure Marked Bug as done -- 1073166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073166 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073166: src:django-pipeline: fails to migrate to testing for too long: autopkgtest failure
Source: django-pipeline Version: 1.6.14-6 Severity: serious Control: close -1 3.0.0-2 Tags: sid trixie User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 30 days as having a Release Critical bug in testing [1]. Your package src:django-pipeline has been trying to migrate for 46 days [2]. Hence, I am filing this bug. The version in unstable fails its own autopkgtest. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and trixie, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html [2] https://qa.debian.org/excuses.php?package=django-pipeline OpenPGP_signature.asc Description: OpenPGP digital signature
Processed (with 1 error): merging 1073076 1073078
Processing commands for cont...@bugs.debian.org: > merge 1073076 1073078 Bug #1073076 [src:pd-iemmatrix] pd-iemmatrix: autopkgtest regression on s390x: failing test doesn't stop Unable to merge bugs because: severity of #1073078 is 'serious' not 'important' package of #1073078 is 'pd-iemmatrix' not 'src:pd-iemmatrix' Failed to merge 1073076: Did not alter merged bugs. > thanks Stopping processing here. Please contact me if you need assistance. -- 1073076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073076 1073078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: severity of 1073076 is serious
Processing commands for cont...@bugs.debian.org: > severity 1073076 serious Bug #1073076 [src:pd-iemmatrix] pd-iemmatrix: autopkgtest regression on s390x: failing test doesn't stop Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 1073076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073076 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 1073078 to src:pd-iemmatrix
Processing commands for cont...@bugs.debian.org: > reassign 1073078 src:pd-iemmatrix Bug #1073078 [pd-iemmatrix] puredata breaks pd-iemmatrix autopkgtest: it now times out Bug reassigned from package 'pd-iemmatrix' to 'src:pd-iemmatrix'. Ignoring request to alter found versions of bug #1073078 to the same values previously set Ignoring request to alter fixed versions of bug #1073078 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1073078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073165: src:golang-golang-x-tools: fails to migrate to testing for too long: triggers autopkgtest issues
Source: golang-golang-x-tools Version: 1:0.19.0+ds-1 Severity: serious Control: close -1 1:0.20.0+ds-1 Tags: sid trixie User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 30 days as having a Release Critical bug in testing [1]. Your package src:golang-golang-x-tools has been trying to migrate for 47 days [2]. Hence, I am filing this bug. The version in unstable causes the autopkgtest of ycmd to fail. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and trixie, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html [2] https://qa.debian.org/excuses.php?package=golang-golang-x-tools OpenPGP_signature.asc Description: OpenPGP digital signature
Processed: src:golang-golang-x-tools: fails to migrate to testing for too long: triggers autopkgtest issues
Processing control commands: > close -1 1:0.20.0+ds-1 Bug #1073165 [src:golang-golang-x-tools] src:golang-golang-x-tools: fails to migrate to testing for too long: triggers autopkgtest issues Marked as fixed in versions golang-golang-x-tools/1:0.20.0+ds-1. Bug #1073165 [src:golang-golang-x-tools] src:golang-golang-x-tools: fails to migrate to testing for too long: triggers autopkgtest issues Marked Bug as done -- 1073165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: fix ruby-xmlrpc bug
Processing commands for cont...@bugs.debian.org: > found 1073152 0.3.3-1 Bug #1073152 [ruby-xmlrpc] ruby-xmlrpc 0.3.3-1 has a file conflict with conserver-client Marked as found in versions ruby-xmlrpc/0.3.3-1. > notfound 1073152 0.3.2-2 Bug #1073152 [ruby-xmlrpc] ruby-xmlrpc 0.3.3-1 has a file conflict with conserver-client No longer marked as found in versions ruby-xmlrpc/0.3.2-2. > thanks Stopping processing here. Please contact me if you need assistance. -- 1073152: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073152 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073162: yojson-tools: missing Breaks+Replaces: libyojson-ocaml-dev (<< 2.2)
Package: yojson-tools Version: 2.2.1-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts fileconflict Hi, during a test with piuparts I noticed your package fails to upgrade from 'testing'. It installed fine in 'testing', then the upgrade to 'sid' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces >From the attached log (scroll to the bottom...): Preparing to unpack .../yojson-tools_2.2.1-1+b1_amd64.deb ... Unpacking yojson-tools (2.2.1-1+b1) ... dpkg: error processing archive /var/cache/apt/archives/yojson-tools_2.2.1-1+b1_amd64.deb (--unpack): trying to overwrite '/usr/bin/ydump', which is also in package libyojson-ocaml-dev 2.1.2-1 Errors were encountered while processing: /var/cache/apt/archives/yojson-tools_2.2.1-1+b1_amd64.deb cheers, Andreas libyojson-ocaml-dev=2.1.2-1_yojson-tools=2.2.1-1+b1.log.gz Description: application/gzip
Bug#1073145: rust-bcrypt: unsatisfiable dependency librust-getrandom-0.2+js-dev
I know about this issue and have created a patch for it: https://salsa.debian.org/rust-team/debcargo-conf/-/commit/59345de27bee1925390fe36301803e460a80d51a However, I cannot get debcargo to build a new source-only package with that patch included. Anybody may upload a new revision to fix this anytime. Thanks.
Bug#1072847: marked as done (lacme: Post-issuance validation fails in the default configuration)
Your message dated Thu, 13 Jun 2024 17:50:40 + with message-id and subject line Bug#1072847: fixed in lacme 0.8.3-1 has caused the Debian Bug report #1072847, regarding lacme: Post-issuance validation fails in the default configuration to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1072847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072847 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: lacme Version: 0.8.2-1 Severity: grave Justification: renders package unusable Let's Encrypt has recently rotated its intermediate certificates [0]. The previous intermediate certificates (lets-encrypt-r[34].pem and lets-encrypt-e[12].pem) are concatenated along side the roots (isrgrootx1.pem and isrg-root-x2.pem) and used as trust anchors for validation of the issued X.509 certificate before its deployment. The new intermediates means the validation step now fails. A quick fix is to add R1[0-4].pem and E[5-9].pem to the certificate bundle, however that will cease to work once Let's Encrypt rotates its intermediates again. A proper fix would be to use the intermediate(s) provided during the issuance step as -untrusted (for chain building). -- Guilhem. [0] https://letsencrypt.org/2024/03/19/new-intermediate-certificates signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: lacme Source-Version: 0.8.3-1 Done: Guilhem Moulin We believe that the bug you reported is fixed in the latest version of lacme, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1072...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin (supplier of updated lacme package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 17:56:33 +0200 Source: lacme Architecture: source Version: 0.8.3-1 Distribution: unstable Urgency: high Maintainer: Guilhem Moulin Changed-By: Guilhem Moulin Closes: 1072847 Changes: lacme (0.8.3-1) unstable; urgency=high . * New upstream bugfix release. + Fix post-issuance validation logic. We avoid pining the intermediate certificates in the bundle and instead validate the leaf certificate with intermediates supplied during issuance as untrusted (used for chain building only). Only the root certificates are used as trust anchor. Not pining intermediate certificates is in line with Let's Encrypt's latest recommendations. Closes: #1072847 + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with OpenSSL 3.2 or later. + Fix test suite to account for Let's Encrypt's (staging) ACME server changes. * d/control: Update Standards-Version to 4.7.0 (no changes necessary). Checksums-Sha1: c9ff63c41a0c3def597952bc896f3f6af44053b8 1892 lacme_0.8.3-1.dsc 2db8df4d1e2df5f2a5c86eea41d47692c58fe0d6 69628 lacme_0.8.3.orig.tar.gz 70337fb516eec94905ea090da8445da1be8fc2ec 16212 lacme_0.8.3-1.debian.tar.xz 1dc15b22cc4d3250c18993acf22e9a77649cdc09 6198 lacme_0.8.3-1_amd64.buildinfo Checksums-Sha256: 0d241578e3024fe7755fa243c812ed17d1550d0cbd29a10dba2329611a29596d 1892 lacme_0.8.3-1.dsc 28b98f89b57c045e36d9d5534143d92d2a4f760bc503f5f37b4bfafc26d176c5 69628 lacme_0.8.3.orig.tar.gz 5012eae0198af3989e9cb4fcf9060a0fba0164f0fa57be17679ade49f28100fd 16212 lacme_0.8.3-1.debian.tar.xz fc357e9f96f65115612fcad8821fc9aeddef267058fb5eb545254430e8042798 6198 lacme_0.8.3-1_amd64.buildinfo Files: d896b9fa05598525bf7daf3555aa84a6 1892 utils optional lacme_0.8.3-1.dsc 23a05ee2eaf89565274611c6dcae275f 69628 utils optional lacme_0.8.3.orig.tar.gz ba6fc4fde9b7b4e1683abe0ae0b0c0b4 16212 utils optional lacme_0.8.3-1.debian.tar.xz 97abbcc94c97257cbada5fc3459f2d8c 6198 utils optional lacme_0.8.3-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmZrGDIACgkQ05pJnDwh pVKsnBAAuQ8Ck39HrWEMMoqkx3JxvKlGGDhocbo3HSYCIAdTG2EIaJardlRAW2S4 GeDeZ+6v1vwZBOz73OJkQA2F9/xBr2E8Hjl1C5tXsTmaai7Soq8gD5/qg6firjq1 P1uKMxERllxln2TT8dh1vUD67qIIHimEE3riZn5TxpFd1BZDhwV0fMmEUIdCikg5 KDBkYWhMBHjToo+j2PnO9N2tyshDurxyp/Pr8QIKXC9NwWStIwa0cBxCqyF8wjwX y5t0RkT2J5Zsq
Bug#1072733: Sherlock package name
On 6/12/24 22:25, Paul Pfeister wrote: Any opposition to naming the importable package `sherlocklib`? The installable package (via apt) would presumably remain `sherlock` The importable module (via python) would become `sherlocklib` The binary exec would remain `sherlock` Fine for me, as long as you don't conflict with sherlock (the distributed lock thingy) anymore. Though as I just wrote, I would suggest you keep: python module name == pypi name == egg-name which is best practice. Cheers, Thomas Goirand (zigo)
Bug#1073151: rust-yoke: unsatisfiable dependency librust-yoke-derive-0.7-dev
Source: rust-yoke Version: 0.7.3-1 Severity: serious X-Debbugs-CC: sylves...@debian.org Control: block -1 by 1073146 librust-yoke-dev is uninstallable because it has Depends: librust-yoke-derive-0.7-dev It also has unsatisfiable Depends: librust-zerofrom-0.1+derive-dev (see the blocking bug) These issues are preventing rust-yoke from reaching Testing. https://tracker.debian.org/pkg/rust-yoke https://release.debian.org/transitions/html/rust.html https://piuparts.debian.org/sid/state-dependency-does-not-exist.html#librust-yoke-dev Thank you, Jeremy Bícha
Processed: rust-yoke: unsatisfiable dependency librust-yoke-derive-0.7-dev
Processing control commands: > block -1 by 1073146 Bug #1073151 [src:rust-yoke] rust-yoke: unsatisfiable dependency librust-yoke-derive-0.7-dev 1073151 was not blocked by any bugs. 1073151 was not blocking any bugs. Added blocking bug(s) of 1073151: 1073146 -- 1073151: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073151 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1071007: Bug#1072733:
On 6/10/24 23:43, Paul Pfeister wrote: When building the rpm, I named the (rpm) package sherlock-project to have parity with PyPI, due to the same conflicting package. The importable module is still simply sherlock, however, which is _less than ideal_, and should probably be addressed. With this discussion now being had on the deb side, I just introduced the conversation about renaming last night. Still up for debate, but assuming we do decide to change it, we'll most likely use sherlock_project (again, for parity). I don't like the underscore, but it's the least likely to have conflict. I'll let you guys know of the decision. (executable would remain sherlock even if the package name changes) Hi! Am I right, reading this, to double-guess you're also upstream author for sherlock (the social media package)? If so, why don't you simply change your module name to sherlock-project indeed? That would solve the conflict. So I'm all for it. Please make it happen. Also, having module-name == pypi name == egg-name is a good practice. Cheers, Thomas Goirand (zigo)
Bug#1073152: ruby-xmlrpc 0.3.3-1 has a file conflict with conserver-client
Package: ruby-xmlrpc Version: 0.3.2-2 Severity: serious Dear Maintainer, ruby-xmlrpc 0.3.3-1 ships a new file named /usr/bin/console This file already exists in another package named conserver-client. Conserver has been shipping this binary for a very long time. (probably since 2001 when that package was introduced) -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.8.12-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages ruby-xmlrpc depends on: ii ruby-webrick 1.8.1-1 ruby-xmlrpc recommends no packages. ruby-xmlrpc suggests no packages. -- no debconf information
Bug#1042737: marked as done (libzstd build fails when using "dpkg-buildpackage -us -uc -ui -F")
Your message dated Thu, 13 Jun 2024 14:51:32 + with message-id and subject line Bug#1042737: fixed in libzstd 1.5.6+dfsg-1 has caused the Debian Bug report #1042737, regarding libzstd build fails when using "dpkg-buildpackage -us -uc -ui -F" to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1042737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042737 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libzstd Version: 1.5.5+dfsg2-1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: u20230731report...@projektzentrisch.de Dear Maintainer, earlier today, an attempted rebuild of "libzstd" in a debootstrap/schroot environment failed with the following error: [...] d=6 steps=40 split=100 Save dictionary of size 112640 into file dictionary make[3]: Leaving directory '/build/packages/libzstd-1.5.5+dfsg2/tests' make[2]: *** [Makefile:85: test] Error 2 make[2]: Leaving directory '/build/packages/libzstd-1.5.5+dfsg2' rm -fr -- /tmp/user/0/dh-xdg-rundir-0tHhrq1P dh_auto_test: error: make -j4 test returned exit code 2 make[1]: *** [debian/rules:71: build] Error 255 make[1]: Leaving directory '/build/packages/libzstd-1.5.5+dfsg2' make: *** [debian/rules:34: binary] Error 2 dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2 Steps to reproduce this: # debootstrap --arch=amd64 sid debian-sid-amd64 [...] # schroot -c debian-sid-amd64 -u root -d /build/packages -s /bin/bash (debian-sid-amd64)root@vserver19:/build/packages# cat << EOF > /etc/apt/sources.list > deb https://deb.debian.org/debian sid main contrib non-free non-free-firmware deb-src https://deb.debian.org/debian sid main contrib non-free non-free-firmware EOF (debian-sid-amd64)root@vserver19:/build/packages# apt update; apt upgrade -y (debian-sid-amd64)root@vserver19:/build/packages# export EDITOR=nano; apt install -y build-essential devscripts lintian diffutils patch patchutils quilt ca-certificates git equivs less nano (debian-sid-amd64)root@vserver19:/build/packages# dget http://deb.debian.org/debian/pool/main/libz/libzstd/libzstd_1.5.5+dfsg2-1.dsc (debian-sid-amd64)root@vserver19:/build/packages# cd libzstd-1.5.5+dfsg2; mk-build-deps; apt install -y /tmp/user/0/libzstd-build-deps_1.5.5+dfsg2-1_all.deb (debian-sid-amd64)root@vserver19:/build/packages/libzstd-1.5.5+dfsg2# dpkg-buildpackage -us -uc -ui -F The above problem is currently reproducible for a non-root user, an arm64/aarch64 host (using kernel 5.15 w/ Ubuntu "jammy"), and downstream repositories (namely Ubuntu "mantic") as well--all combinations have been tried to no avail. It's my understanding that the above call to "dpkg-buildpackage" should never fail in a current debootstrap/schroot environment on x86_64 hosts if all dependencies are met (in the absence of DEB_xxx environment variables). -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.15.0-74-generic (SMP w/4 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE, TAINT_SOFTLOCKUP Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect # source /etc/os-release; echo $VERSION; uname -a 20.04.6 LTS (Focal Fossa) Linux vserver19 5.15.0-74-generic #81~20.04.2-Ubuntu SMP Fri May 26 19:56:20 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux # arch x86_64 --- End Message --- --- Begin Message --- Source: libzstd Source-Version: 1.5.6+dfsg-1 Done: Peter Pentchev We believe that the bug you reported is fixed in the latest version of libzstd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1042...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Pentchev (supplier of updated libzstd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 16:32:12 +0300 Source: libzstd Architecture: source Version: 1.5.6+dfsg-1 Distribution: unstable Urgency: medium Maintainer: RPM packaging te
Processed: reassign 1073078 to pd-iemmatrix
Processing commands for cont...@bugs.debian.org: > reassign 1073078 pd-iemmatrix Bug #1073078 [src:puredata, src:pd-iemmatrix] puredata breaks pd-iemmatrix autopkgtest: it now times out Bug reassigned from package 'src:puredata, src:pd-iemmatrix' to 'pd-iemmatrix'. No longer marked as found in versions puredata/0.55.0+ds-1 and pd-iemmatrix/0.4.0-1. Ignoring request to alter fixed versions of bug #1073078 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1073078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073146: rust-zerofrom: unsatisfiable dependency librust-zerofrom-derive-0.1-dev
Source: rust-zerofrom Version: 0.1.3-1 Severity: serious X-Debbugs-CC: sylves...@debian.org librust-zerofrom-dev is uninstallable because it has Depends: librust-zerofrom-derive-0.1-dev This issue is preventing rust-zerofrom from reaching Testing. https://tracker.debian.org/pkg/rust-zerofrom https://release.debian.org/transitions/html/rust.html https://piuparts.debian.org/sid/state-dependency-does-not-exist.html#librust-zerofrom-dev Thank you, Jeremy Bícha
Bug#1073145: rust-bcrypt: unsatisfiable dependency librust-getrandom-0.2+js-dev
Source: rust-bcrypt Version: 0.15.1-1 Severity: serious Control: affects -1 src:rust-getrandom X-Debbugs-CC: b...@debian.org librust-bcrypt-dev is uninstallable because it has Depends: librust-getrandom-0.2+js-dev While rust-getrandom 0.2 is packaged in Debian, librust-getrandom-0.2+js-dev is not. This issue is preventing rust-bcrypt from reaching Testing. https://tracker.debian.org/pkg/rust-bcrypt https://release.debian.org/transitions/html/rust.html https://piuparts.debian.org/sid/state-dependency-does-not-exist.html#librust-bcrypt-dev Thank you, Jeremy Bícha
Processed: rust-bcrypt: unsatisfiable dependency librust-getrandom-0.2+js-dev
Processing control commands: > affects -1 src:rust-getrandom Bug #1073145 [src:rust-bcrypt] rust-bcrypt: unsatisfiable dependency librust-getrandom-0.2+js-dev Added indication that 1073145 affects src:rust-getrandom -- 1073145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073145 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: found 1072847 in 0.8.0-2+deb11u1, found 1072847 in 0.8.2-1
Processing commands for cont...@bugs.debian.org: > found 1072847 0.8.0-2+deb11u1 Bug #1072847 [lacme] lacme: Post-issuance validation fails in the default configuration Marked as found in versions lacme/0.8.0-2+deb11u1. > found 1072847 0.8.2-1 Bug #1072847 [lacme] lacme: Post-issuance validation fails in the default configuration Ignoring request to alter found versions of bug #1072847 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1072847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072847 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073143: lua-vips: Bus error in lua jit during tests
Package: lua-vips Version: 1.1.11-3 Severity: serious Tags: ftbfs Justification: fails to build from source Failing build log: https://buildd.debian.org/status/fetch.php?pkg=lua-vips&arch=mips64el&ver=1.1.11-3&stamp=1718268467&raw=0 I have yet to reproduce on a porter box, but it seems it's a bug in luajit. Jérémy -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: mips64el
Bug#1073102: marked as done (rtpengine: replace to-be-removed markdown build-dependency)
Your message dated Thu, 13 Jun 2024 13:20:54 + with message-id and subject line Bug#1073102: fixed in rtpengine 11.5.1.25-1 has caused the Debian Bug report #1073102, regarding rtpengine: replace to-be-removed markdown build-dependency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073102: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073102 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: rtpengine Version: 11.5.1.24-1 Severity: serious Control: block 1072958 by -1 Your package build-depends on markdown. Per bug #1063645, markdown is not maintained upstream or in Debian and should be removed. Drop-in alternatives, for examples the suggested `discount` or `python3-markdown` or `libtext-markdown-perl`. `discount` and `libtext-markdown-perl` provide a `markdown` program if your package needs that. --- End Message --- --- Begin Message --- Source: rtpengine Source-Version: 11.5.1.25-1 Done: Victor Seva We believe that the bug you reported is fixed in the latest version of rtpengine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Victor Seva (supplier of updated rtpengine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 14:52:33 +0200 Source: rtpengine Architecture: source Version: 11.5.1.25-1 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team Changed-By: Victor Seva Closes: 1073102 Changes: rtpengine (11.5.1.25-1) unstable; urgency=medium . * New upstream version 11.5.1.25 * switch from markdown to discount (Closes: #1073102) Checksums-Sha1: b5552d6dbee2eabff5328525ce9d4efbca073d1d 3028 rtpengine_11.5.1.25-1.dsc 89ea2a17b1a8dd369c288d7794270602d355d021 6491224 rtpengine_11.5.1.25.orig.tar.gz dc927227958c50146803be64adff80f6e50c13c7 9500 rtpengine_11.5.1.25-1.debian.tar.xz 6c28be746d54d717a773766eaccdf02b2a8ff451 18071 rtpengine_11.5.1.25-1_amd64.buildinfo Checksums-Sha256: e1aac581f447ed0f5ef792859f96198357fd417298c4c2bc95c2efbbc9de0b2a 3028 rtpengine_11.5.1.25-1.dsc 2cb61769a3e18904f657b9778b8ac3e6fe799dee452eced842cbec1b866c4820 6491224 rtpengine_11.5.1.25.orig.tar.gz cfb5204f890e0ff1d913b5e971f7d024a31a19af26903b609e7e2d851cd5c062 9500 rtpengine_11.5.1.25-1.debian.tar.xz 8ebc2759551961d7233cd672565f5b70b60c365c924032834d74695b31decfff 18071 rtpengine_11.5.1.25-1_amd64.buildinfo Files: daae0a6924c5d04ebd578506790b562e 3028 net optional rtpengine_11.5.1.25-1.dsc 986b20636c9c38ec5730b030ef5afff6 6491224 net optional rtpengine_11.5.1.25.orig.tar.gz c5021325e477864cd01e408328941dd8 9500 net optional rtpengine_11.5.1.25-1.debian.tar.xz f009bdab95a256d674957700e44c15f5 18071 net optional rtpengine_11.5.1.25-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iIcEARYKAC8WIQQq6AO8RS0zF4SC1vh9e2XEKg7IsgUCZmrsxBEcdnNldmFAZGVi aWFuLm9yZwAKCRB9e2XEKg7IsqQmAQDHf/FD+HUE3TDVh4kxGngwmMDjuWlcZB5h L+X1QqfDyAD/WLkzITL/cGHwWxgZ0ODkMgEvtXIhXBKW2EVaVYXvwwQ= =1Tak -END PGP SIGNATURE- pgpBDnHeC9IAd.pgp Description: PGP signature --- End Message ---
Processed: limit source to composer, tagging 1073126, tagging 1073125
Processing commands for cont...@bugs.debian.org: > limit source composer Limiting to bugs with field 'source' containing at least one of 'composer' Limit currently set to 'source':'composer' > tags 1073126 + pending Bug #1073126 [src:composer] composer: CVE-2024-35242: Multiple command injections via malicious git/hg branch names Added tag(s) pending. > tags 1073125 + pending Bug #1073125 [src:composer] composer: CVE-2024-35241: Command injection via malicious git branch name Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1073125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073125 1073126: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073126 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1073125: marked as done (composer: CVE-2024-35241: Command injection via malicious git branch name)
Your message dated Thu, 13 Jun 2024 10:49:12 + with message-id and subject line Bug#1073125: fixed in composer 2.7.7-1 has caused the Debian Bug report #1073125, regarding composer: CVE-2024-35241: Command injection via malicious git branch name to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073125 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: composer Version: 2.7.6-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for composer. CVE-2024-35241[0]: | Composer is a dependency manager for PHP. On the 2.x branch prior to | versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` | commands with packages installed from source via git containing | specially crafted branch names in the repository can be used to | execute code. Patches for this issue are available in version 2.2.24 | for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing | dependencies via git by using `--prefer-dist` or the `preferred- | install: dist` config setting. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-35241 https://www.cve.org/CVERecord?id=CVE-2024-35241 [1] https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: composer Source-Version: 2.7.7-1 Done: David Prévot We believe that the bug you reported is fixed in the latest version of composer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot (supplier of updated composer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 13 Jun 2024 08:57:06 +0200 Source: composer Architecture: source Version: 2.7.7-1 Distribution: unstable Urgency: medium Maintainer: Debian PHP PEAR Maintainers Changed-By: David Prévot Closes: 1073125 1073126 Changes: composer (2.7.7-1) unstable; urgency=medium . [ Jordi Boggiano ] * Fix Filesystem::isLocalPath including windows checks on linux * Fix perforce arg not being escaped correctly * Fix handling of zip bombs when unzipping archives * Fix UX when a non-required plugin is still present in vendor dir (#12000) * Fixed PSR violations for classes not matching the namespace of a rule being hidden, fixes #11957 * Fix new platform requirements from composer.json not being checked when composer.lock is outdated, fixes #11989 (#12001) * Fix empty type support in init command, fixes #11999 * Fix secure-http check to avoid bypass using emojis * Merge pull request from GHSA-v9qv-c7wm-wgmf [CVE-2024-35242] (Closes: #1073126) * Merge pull request from GHSA-47f6-5gq3-vx9c [CVE-2024-35241] (Closes: #1073125) * Fix windows parameter encoding to prevent abuse of unicode characters with best fit encoding conversion * Release 2.7.7 . [ Krzysztof Ciszewski ] * composer#11852 fix: ability to remove autoload* keys (#11967) * Fix composer error when git config safe.bareRepository is set to explicit (#11969) . [ Dan Wallis ] * Close style tags to avoid bleed (#11972) . [ Sam B ] * To enable to the TransportException code to be accessed in PHP < 8.1, make reflection property accessible (#11974) Checksums-Sha1: 55aca5600abdbd45498865f7af3876d8972353f7 composer_2.7.7-1.dsc 1b10df781006ec5fe80d12a84ac949010a33884d 665056 composer_2.7.7.orig.tar.xz 69d8ff242b76424a4648748b6bed85d167e51ab4 18056 composer_2.7.7-1.debian.tar.xz b10b9ea66f5a87713edd594f2c65a8106219cae1 9311 composer_2.7.7-1_amd64.buildinfo Checksums-Sha256: fb6beed1282431d19d51838c6b43e8b12745ecf1ed93ebb3db68bbd1f51e627f composer_2.7.7-1.dsc 000306b9e45380ad5c9a0a740d195
Bug#1073126: marked as done (composer: CVE-2024-35242: Multiple command injections via malicious git/hg branch names)
Your message dated Thu, 13 Jun 2024 10:49:12 + with message-id and subject line Bug#1073126: fixed in composer 2.7.7-1 has caused the Debian Bug report #1073126, regarding composer: CVE-2024-35242: Multiple command injections via malicious git/hg branch names to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073126: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073126 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: composer Version: 2.7.6-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for composer. CVE-2024-35242[0]: | Composer is a dependency manager for PHP. On the 2.x branch prior to | versions 2.2.24 and 2.7.7, the `composer install` command running | inside a git/hg repository which has specially crafted branch names | can lead to command injection. This requires cloning untrusted | repositories. Patches are available in version 2.2.24 for 2.2 LTS or | 2.7.7 for mainline. As a workaround, avoid cloning potentially | compromised repositories. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-35242 https://www.cve.org/CVERecord?id=CVE-2024-35242 [1] https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: composer Source-Version: 2.7.7-1 Done: David Prévot We believe that the bug you reported is fixed in the latest version of composer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot (supplier of updated composer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 13 Jun 2024 08:57:06 +0200 Source: composer Architecture: source Version: 2.7.7-1 Distribution: unstable Urgency: medium Maintainer: Debian PHP PEAR Maintainers Changed-By: David Prévot Closes: 1073125 1073126 Changes: composer (2.7.7-1) unstable; urgency=medium . [ Jordi Boggiano ] * Fix Filesystem::isLocalPath including windows checks on linux * Fix perforce arg not being escaped correctly * Fix handling of zip bombs when unzipping archives * Fix UX when a non-required plugin is still present in vendor dir (#12000) * Fixed PSR violations for classes not matching the namespace of a rule being hidden, fixes #11957 * Fix new platform requirements from composer.json not being checked when composer.lock is outdated, fixes #11989 (#12001) * Fix empty type support in init command, fixes #11999 * Fix secure-http check to avoid bypass using emojis * Merge pull request from GHSA-v9qv-c7wm-wgmf [CVE-2024-35242] (Closes: #1073126) * Merge pull request from GHSA-47f6-5gq3-vx9c [CVE-2024-35241] (Closes: #1073125) * Fix windows parameter encoding to prevent abuse of unicode characters with best fit encoding conversion * Release 2.7.7 . [ Krzysztof Ciszewski ] * composer#11852 fix: ability to remove autoload* keys (#11967) * Fix composer error when git config safe.bareRepository is set to explicit (#11969) . [ Dan Wallis ] * Close style tags to avoid bleed (#11972) . [ Sam B ] * To enable to the TransportException code to be accessed in PHP < 8.1, make reflection property accessible (#11974) Checksums-Sha1: 55aca5600abdbd45498865f7af3876d8972353f7 composer_2.7.7-1.dsc 1b10df781006ec5fe80d12a84ac949010a33884d 665056 composer_2.7.7.orig.tar.xz 69d8ff242b76424a4648748b6bed85d167e51ab4 18056 composer_2.7.7-1.debian.tar.xz b10b9ea66f5a87713edd594f2c65a8106219cae1 9311 composer_2.7.7-1_amd64.buildinfo Checksums-Sha256: fb6beed1282431d19d51838c6b43e8b12745ecf1ed93ebb3db68bbd1f51e627f composer_2.7.7-1.dsc 000306b9e45380ad5c9a0a740d1959e6acfa21ff9ebf5dee3d906293c829f8a7 665056 composer_2.7.7.or
Bug#1073038: po4a: Fails due to undefined subroutine Locale::Po4a::Pod::dgettext
Hello, I just updated the NEWS file. I hope it's OK now, but any potential improvement is welcome. Mt Le jeudi 13 juin 2024 à 01:09 +0200, Guillem Jover a écrit : > On Thu, 2024-06-13 at 00:45:14 +0200, Martin Quinson wrote: > > Le jeudi 13 juin 2024 à 00:29 +0200, Guillem Jover a écrit : > > > On Thu, 2024-06-13 at 00:02:43 +0200, Martin Quinson wrote: > > > > The problem is that Perl has a rather unexpected behavior wrt utf8, > > > > UTF-8 > > > > and UTF8. These names are not aliases of others in Perl. See > > > > https://perldoc.perl.org/Encode#UTF-8-vs.-utf8-vs.-UTF8 > > > > > > Sure, but here I think this does not matter (in theory), because it > > > depends on how the pod parser interprets the encoding name, and from > > > checking the perl code it seems it maps /utf-?8/i to ":encoding(UTF-8)". > > > So they are really treated the same, at least when it comes to POD, that > > > does not mean perl has that distinction for the encoding in other > > > contexts. > > > > Ok, ok. You are perfectly right. This distinction between utf8 and UTF-8 is > > perfectly useless in the context of POD files. I just pushed yet another > > commit > > to not do that in POD. > > Perfect, thanks! :) > > > Please tell me whether it looks good to you now. > > I just hot-fixed my installed po4a and it seems to be working fine > now. Thank you! > > You might also perhaps want to update the NEWS file after that change > though? :) > > Regards, > Guillem signature.asc Description: This is a digitally signed message part
Processed: Re: Po4a needs to announce stricter parsing of config files
Processing commands for cont...@bugs.debian.org: > severity 1072643 normal Bug #1072643 {Done: Martin Quinson } [po4a] Regression: po4a fails on valid non-utf8 file Severity set to 'normal' from 'serious' > reopen 1072643 Bug #1072643 {Done: Martin Quinson } [po4a] Regression: po4a fails on valid non-utf8 file Bug reopened Ignoring request to alter fixed versions of bug #1072643 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1072643: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072643 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1072643: Po4a needs to announce stricter parsing of config files
severity 1072643 normal reopen 1072643 thanks Note: The commands from Helge did not work, I'm reopening as "normal". Thanks.
Bug#1072643: Po4a needs to announce stricter parsing of config files
Hello Martin. Please disregard the severity aspect of this bug. The RC status was just an artifact of a FTBFS bug being reassigned to another package. I agree that it would have been better to downgrade at the same time of doing the reassign. Everything we ask (Helge and I) is that this is documented a little bit better. Let me tell you a somewhat personal story: I have never used NEWS.Debian before, but recently I did a potentially breaking change in base-files (the way /etc/profile.d/*.sh snippets are read) and I was suggested to use a NEWS.Debian for that, which I did, after checking that it would help. In this case, I fixed one of the affected packages myself, because it was orphaned and anybody could fix it without asking for permission: https://tracker.debian.org/news/1535648/accepted-apt-build-01250-source-into-unstable/ For the fix, I recoded some files to UTF-8. However, in the previous message you said that it was not really necessary. So, at this point, I still don't know what is the exact nature of the behaviour change that makes some packages to FTBFS, so I believe I would be one of those who would have benefited from having a NEWS.Debian file. Thanks.
Bug#1072643: Po4a needs to announce stricter parsing of config files
reopen 1072643 severity 1072643 important found 1072643 0.72 thanks Hello Martin, Am Thu, Jun 13, 2024 at 12:26:53AM +0200 schrieb Martin Quinson: > I think that the fix applied to #1072594 (recoding the input file from latin-1 > to UTF-8) was not necessary. Changing the config of po4a to correctly specify > the used encoding would have worked. > > I tried to improve the error messages upstream to help future users to debug > such issues, but in any case, this does not justify a RC bug against po4a, > thus > closing. I'm not arguing the severity (I left it intentionally to you after closing), but there still is a bug. I leave this to you and Santiago, but making several pages suddenly FTBFS is IMHO at least serious. For several years (probably something like 10 years) this worked without problem, now it fails (and with a very strange message). If the previous po4a was buggy, i.e. allowed broken config files, then a warning or NOTE during updates would be mandated, but switching this (inadverently, probably) to a strange or even fatal error message is not sufficient. Here is the statement from Santiago: From: Santiago Vila To: 1072...@bugs.debian.org, Helge Kreutzmann Subject: Regression: po4a fails on valid non-utf8 file Date: Wed, 5 Jun 2024 19:03:48 +0200 (Adding this note to the cloned bug) Note: If you take a look at the FTBFS bugs I reported yesterday: https://people.debian.org/~sanvila/build-logs/202406/?C=M;O=A you can see that several of them are also a consequence of this change in po4a. So, I fully support that this kind of behaviour change deserves at least an entry in NEWS.Debian. Thanks. So no, this bug is not closed. Greetings Helge -- Dr. Helge Kreutzmann deb...@helgefjell.de Dipl.-Phys. http://www.helgefjell.de/debian.php 64bit GNU powered gpg signed mail preferred Help keep free software "libre": http://www.ffii.de/ signature.asc Description: PGP signature
Bug#1073014: dhcpcd: flaky autopkgtest: Obtaining network configuration for veth1 via dhcp... timed out
Adding the dnsmasq maintainer in CC. to 13. kesäk. 2024 klo 11.39 Paul Gevers (elb...@debian.org) kirjoitti: > On 13-06-2024 3:36 a.m., Martin-Éric Racine wrote: > > Subsequent ones randomly timeout waiting for an IP from the DHCP > > server. This could well be an issue with dnsmasq, which is what we use > > for the test. Alternately, it could be caused by those constant fails > > on glibc. Without more detailed logs, I am not in a position to > > investigate this. Help is welcome. > > Well, I can't give you more logs than what your test writes. So that's > in your hands, I suggest you try and make the test more verbose of > what's going on, or maybe ensure some logs end up in the artifacts for > inspection. Also, if dnsmasq is the problem, you might want to contact > the maintainer and discuss the issue (e.g. in a bug report). From my > standpoint, it's the autopkgtest of dhcpcd that's having issues and that > *is* an issue for src:dhcpcd. You could reassign this bug and mark it > "affects dhcpcd". I'm curious to hear whether any of what appears in the log rings any bell for Simon. > I acknowledge that something fishy seems to be ongoing in the archive > when new version of src:glibc binaries appear (not only with dhcpcd I > mean). For now I'll not hold that against autopkgtest failures of > packages too much. Which is where I suspect the real issue is. Personally, I already find it suspicious that the tracker tells me about unrelated packages' transitions or issues. If the problem is in someone else's code, while mine hasn't changed in ages, that's where the bug report needs to go. In this case, dhcpcd's autopkgtest hasn't changed in ages, and has been verified to work as-is at Ubuntu, where isolation machines were implemented a long time before Debian. Martin-Éric
Bug#1073014: dhcpcd: flaky autopkgtest: Obtaining network configuration for veth1 via dhcp... timed out
Hi, On 13-06-2024 3:36 a.m., Martin-Éric Racine wrote: https://ci.debian.net/packages/d/dhcpcd/unstable/amd64/ I was looking at https://ci.debian.net/packages/d/dhcpcd/testing/amd64/ Most of these pre-date your previous bug report (#1069599) about the missing Depends on systemd-timesyncd for the test. I file so many bugs, I don't keep track. I forgot I recently filed another bug for dhcpcd. Thanks for reminding me. Subsequent ones randomly timeout waiting for an IP from the DHCP server. This could well be an issue with dnsmasq, which is what we use for the test. Alternately, it could be caused by those constant fails on glibc. Without more detailed logs, I am not in a position to investigate this. Help is welcome. Well, I can't give you more logs than what your test writes. So that's in your hands, I suggest you try and make the test more verbose of what's going on, or maybe ensure some logs end up in the artifacts for inspection. Also, if dnsmasq is the problem, you might want to contact the maintainer and discuss the issue (e.g. in a bug report). From my standpoint, it's the autopkgtest of dhcpcd that's having issues and that *is* an issue for src:dhcpcd. You could reassign this bug and mark it "affects dhcpcd". I acknowledge that something fishy seems to be ongoing in the archive when new version of src:glibc binaries appear (not only with dhcpcd I mean). For now I'll not hold that against autopkgtest failures of packages too much. Paul OpenPGP_signature.asc Description: OpenPGP digital signature
Processed: tagging 1061159, notfixed 1056496 in 1.2-6, fixed 1056496 in 1.2-6, found 1066086 in 5.47.0-2 ...
Processing commands for cont...@bugs.debian.org: > tags 1061159 + sid trixie Bug #1061159 [src:sdaps] sdaps: FTBFS: command 'sdaps_clean_i18n' has no such option 'all' Added tag(s) sid and trixie. > notfixed 1056496 1.2-6 Bug #1056496 {Done: Emmanuel Arias } [src:python-pyknon] python-pyknon's autopkg tests fail with Python 3.12 No longer marked as fixed in versions python-pyknon/1.2-6 and src:python-pyknon/1.2-6. > fixed 1056496 1.2-6 Bug #1056496 {Done: Emmanuel Arias } [src:python-pyknon] python-pyknon's autopkg tests fail with Python 3.12 Marked as fixed in versions python-pyknon/1.2-6. > found 1066086 5.47.0-2 Bug #1066086 [maxima-emacs,xemacs21] maxima-emacs: maxima-emacs again not installable with xemacs21 There is no source info for the package 'xemacs21' at version '5.47.0-2' with architecture '' Marked as found in versions maxima/5.47.0-2. > tags 1073108 + sid trixie Bug #1073108 [src:tools-nrepl-clojure] tools-nrepl-clojure: replace to-be-removed markdown build-dependency Added tag(s) sid and trixie. > tags 1073107 + sid trixie Bug #1073107 [src:tools-namespace-clojure] tools-namespace-clojure: replace to-be-removed markdown build-dependency Added tag(s) sid and trixie. > tags 1073101 + sid trixie Bug #1073101 [src:math-numeric-tower-clojure] math-numeric-tower-clojure: replace to-be-removed markdown build-dependency Added tag(s) trixie and sid. > tags 1073100 + sid trixie Bug #1073100 [src:math-combinatorics-clojure] math-combinatorics-clojure: replace to-be-removed markdown build-dependency Added tag(s) sid and trixie. > tags 1073097 + sid trixie Bug #1073097 [src:lazymap-clojure] lazymap-clojure: replace to-be-removed markdown build-dependency Added tag(s) trixie and sid. > tags 1073095 + sid trixie Bug #1073095 [src:hilive] hilive: replace to-be-removed markdown build-dependency Added tag(s) sid and trixie. > tags 1073094 + sid trixie Bug #1073094 [src:gtk3-nocsd] gtk3-nocsd: replace to-be-removed markdown build-dependency Added tag(s) trixie and sid. > tags 1073092 + sid trixie Bug #1073092 [src:erlang-cowlib] erlang-cowlib: replace to-be-removed markdown build-dependency Added tag(s) trixie and sid. > found 1057784 0.28-19.7 Bug #1057784 [src:ifplugd] ifplugd: RM for trixie Marked as found in versions ifplugd/0.28-19.7. > notfound 1073038 0.70 Bug #1073038 [po4a] po4a: Fails due to undefined subroutine Locale::Po4a::Pod::dgettext There is no source info for the package 'po4a' at version '0.70' with architecture '' Unable to make a source version for version '0.70' No longer marked as found in versions 0.70. > found 1073038 0.70-1 Bug #1073038 [po4a] po4a: Fails due to undefined subroutine Locale::Po4a::Pod::dgettext There is no source info for the package 'po4a' at version '0.70-1' with architecture '' Unable to make a source version for version '0.70-1' Marked as found in versions 0.70-1. > tags 1073089 + sid trixie Bug #1073089 {Done: Charles Plessy } [src:adapterremoval] adapterremoval: replace to-be-removed markdown build-dependency Added tag(s) trixie and sid. > tags 1073105 + sid trixie Bug #1073105 [src:ssake] ssake: replace to-be-removed markdown build-dependency Added tag(s) sid and trixie. > tags 1071179 + sid trixie Bug #1071179 [src:nose-el] RM: elpa-nose : obsolete Added tag(s) trixie and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 1056496: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056496 1057784: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057784 1061159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061159 1066086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066086 1071179: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071179 1073038: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073038 1073089: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073089 1073092: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073092 1073094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073094 1073095: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073095 1073097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073097 1073100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073100 1073101: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073101 1073105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073105 1073107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073107 1073108: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073108 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1072977: apt-listbugs 0.1.42 is broken
Hi Francesco, I'm very sorry, this bug was my fault. I have installed some gems globally (in /var/lib/gems/3.1.0/). The library hhtpclient 2.8.3 was also installed as a gem. And since I uninstall it your little script works. So the "bug" is solved. I should have started with that. I installed again apt-listbugs 0.1.42 to check it works. I apologize to waste your time. Thanks for your help. Best regards. -- Karine Crévecœur
Bug#1073128: clamav: unaligned access on armhf architecture
Source: clamav Version: 1.3.1+dfsg-3 Severity: serious tags: patch Hello, in Ubuntu, where the kernel is configured to forbid unaligned accesses on armhf, the package FTBFS (this should be reproducible also on some Debian buildd machines, this is why I'm reporting as serious severity) example of failure: https://launchpadlibrarian.net/734963041/buildlog_ubuntu-oracular-armhf.clamav_1.3.1+dfsg-3ubuntu1_BUILDING.txt.gz 3: clamscan/fp_check_test.py::TC::test_fp_for_normalized PASSED [ 52%] 5: freshclam_test.py::TC::test_freshclam_08_cdiff_update_twice PASSED [100%] 5: 5: === warnings summary === 5: freshclam_test.py:20 5: /<>/unit_tests/freshclam_test.py:20: DeprecationWarning: 'cgi' is deprecated and slated for removal in Python 3.13 5: import cgi 5: 5: -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html 5: == 10 passed, 1 skipped, 1 warning in 49.40s === 3: clamscan/fp_check_test.py::TC::test_fp_for_normalized_wild PASSED[ 54%] 4: clamd_test.py::TC::test_clamd_08_VirusEvent PASSED [ 69%] 3: clamscan/fp_check_test.py::TC::test_fp_for_zipped_file PASSED[ 56%] 3: clamscan/fp_check_test.py::TC::test_fp_for_zipped_file_wild PASSED [ 58%] 2/6 Test #5: freshclam Passed 51.50 sec test 6 Start 6: sigtool 6: Test command: /usr/bin/pytest "-v" "sigtool_test.py" 6: Working Directory: /<>/unit_tests 6: Environment variables: 6: PYTHONTRACEMALLOC=1 6: VERSION=1.3.1 6: SOURCE=/<> 6: BUILD=/<>/obj-arm-linux-gnueabihf 6: TMP=/<>/obj-arm-linux-gnueabihf/unit_tests 6: CK_FORK=no 6: CK_DEFAULT_TIMEOUT=300 6: LD_LIBRARY_PATH=/<>/obj-arm-linux-gnueabihf/libfreshclam:/<>/obj-arm-linux-gnueabihf/libclamav:/usr/lib/arm-linux-gnueabihf: 6: DYLD_LIBRARY_PATH=/<>/obj-arm-linux-gnueabihf/libfreshclam:/<>/obj-arm-linux-gnueabihf/libclamav:/usr/lib/arm-linux-gnueabihf: 6: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games 6: LIBSSL=/usr/lib/arm-linux-gnueabihf/libssl.so 6: LIBCRYPTO=/usr/lib/arm-linux-gnueabihf/libcrypto.so 6: LIBZ=/usr/lib/arm-linux-gnueabihf/libz.so 6: LIBBZ2=/usr/lib/arm-linux-gnueabihf/libbz2.so 6: LIBPCRE2=/usr/lib/arm-linux-gnueabihf/libpcre2-8.so 6: LIBXML2=/usr/lib/arm-linux-gnueabihf/libxml2.so 6: LIBCURL=/usr/lib/arm-linux-gnueabihf/libcurl.so 6: LIBJSONC=/usr/lib/arm-linux-gnueabihf/libjson-c.so 6: LIBICONV= 6: LLVM_LIBS= 6: LLVM_DIRS= 6: LIBPTHREADW32= 6: LIBWIN32COMPAT= 6: LIBCLAMAV=/<>/obj-arm-linux-gnueabihf/libclamav/libclamav.so.12.0.2 6: LIBCLAMMSPACK=/usr/lib/arm-linux-gnueabihf/libmspack.so 6: LIBCLAMUNRARIFACE= 6: LIBCLAMUNRAR= 6: CHECK_CLAMAV=/<>/obj-arm-linux-gnueabihf/unit_tests/check_clamav 6: CHECK_CLAMD=/<>/obj-arm-linux-gnueabihf/unit_tests/check_clamd 6: CHECK_FPU_ENDIAN=/<>/obj-arm-linux-gnueabihf/unit_tests/check_fpu_endian 6: CLAMBC=/<>/obj-arm-linux-gnueabihf/clambc/clambc 6: CLAMD=/<>/obj-arm-linux-gnueabihf/clamd/clamd 6: CLAMDSCAN=/<>/obj-arm-linux-gnueabihf/clamdscan/clamdscan 6: CLAMDTOP=/<>/obj-arm-linux-gnueabihf/clamdtop/clamdtop 6: CLAMSCAN=/<>/obj-arm-linux-gnueabihf/clamscan/clamscan 6: CLAMSUBMIT=/<>/obj-arm-linux-gnueabihf/clamsubmit/clamsubmit 6: CLAMCONF=/<>/obj-arm-linux-gnueabihf/clamconf/clamconf 6: FRESHCLAM=/<>/obj-arm-linux-gnueabihf/freshclam/freshclam 6: SIGTOOL=/<>/obj-arm-linux-gnueabihf/sigtool/sigtool 6: CLAMAV_MILTER=/<>/obj-arm-linux-gnueabihf/clamav-milter/clamav-milter 6: CLAMONACC=/<>/obj-arm-linux-gnueabihf/clamonacc/clamonacc 6: Test timeout computed to be: 1500 3: clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_algorithm PASSED [ 60%] 3: clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_hamming PASSED[ 62%] 3: clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_hash PASSED [ 64%] 3: clamscan/fuzzy_img_hash_test.py::TC::test_sigs_good_allmatch PASSED [ 66%] 4: clamd_test.py::TC::test_clamd_09_clamdscan_ExcludePath PASSED[ 76%] 6: = test session starts == 6: platform linux -- Python 3.12.3, pytest-7.4.4, pluggy-1.5.0 -- /usr/bin/python3 6: cachedir: .pytest_cache 6: rootdir: /<>/unit_tests 6: collecting ... collected 3 items 6: 3: clamscan/heuristics_test.py::TC::test_allmatch FAILED[ 67%] 6: sigtool_test.py::TC::test_sigtool_00_version PASSED [ 33%] 3: clamscan/heuristics_test.py::TC::test_allmatch_precedence FAILED [ 69%] 6: sigtool_test.py::TC::test_sigtool_01_run_cdiff PASSED[ 66%] 4: clamd_test.py::TC::test_clamd_10_allmatch_not_sticky PASSED [ 84%] 3: clamscan/heuristics_test.py::TC::test_hidden_by_strong_indicator FAILED [ 71%] 6: sigtool_test.py::TC::test_sigtool_02_rust_logs_messages_work PASSED [100%] 6: 6: == 3 passed in 2.9