Bug#1054749: ruby-android-key-attestation: FTBFS: ERROR: Test "ruby3.1" failed: Failure/Error: require "pry-byebug"
severity 1054749 normal thanks I could reproduce this locally, I am lowering the severity of this bug to normal.
Bug#1030689: ruby-upr: blocking ruby-moneta migration
Package: ruby-upr Version: 0.3.0-3 Severity: serious User: debian-r...@lists.debian.org Usertags: ruby-sprint-2023 Hi, ruby-upr is dead upstream (last commit in 2013[1]). It have no reverse-dependencies and blocking the migration ruby-moneta (1.0.0-9 to 1.5.2-1). Getting it out testing. [1] - https://yhbt.net/upr.git/ -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.18.0-2-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ruby-upr depends on: ii ruby 1:3.1 pn ruby-moneta ii ruby-rack2.2.4-2 ruby-upr recommends no packages. Versions of packages ruby-upr suggests: pn rainbows
Bug#1013383: ruby-github-markup: FTBFS with ruby3.0: ERROR: Test "ruby3.0" failed.
Hello. I've pushed the changes https://salsa.debian.org/ruby-team/ruby-github-markup/-/commit/60644d46f911aadbe7787a20d17c89ffa32d7aa3 #996234 #1013383 will be fixed on next upload. --abhijith
Bug#985840: gitlab-shell: should not ship /usr/bin/check
On 18/12/22 03:06 AM, Abhijith PA wrote: > Praveen, mdbilal > > On 24/03/21 07:11 PM, Julien Cristau wrote: > > ... > > > /usr/bin/check seems like an awfully generic program name to be shipped > > in something like gitlab-shell. Please don't. > > I have reported this upstream. > https://gitlab.com/gitlab-org/gitlab-shell/-/issues/603 Hey, I didn't know you reported upstream long time before. https://gitlab.com/gitlab-org/gitlab-shell/-/issues/197 I will close my issue opened upstream. --abhijith
Bug#985840: gitlab-shell: should not ship /usr/bin/check
Praveen, mdbilal On 24/03/21 07:11 PM, Julien Cristau wrote: ... > /usr/bin/check seems like an awfully generic program name to be shipped > in something like gitlab-shell. Please don't. I have reported this upstream. https://gitlab.com/gitlab-org/gitlab-shell/-/issues/603 For now, this will work. https://salsa.debian.org/go-team/packages/gitlab-shell/-/commit/0a36733fd8bc2ba10f9a7afd3ab306c96114d5a9 --abhijith signature.asc Description: PGP signature
Bug#1017524: [DRE-maint] Bug#1017524: status?
On 23/11/22 04:48 PM, Cédric Boutillier wrote: > Hi, > > I recently looked at failures in jekyll. > > Jekyll is broken in several ways in unstable due to version constraints > on the dependencies. One can easily relax the > version dependency on mercenary in the gemdeps (no changes needed). > > One would need a newer version of jekyll to fix most of them. But the > blocking point seems that even the latest jekyll release requires > ruby-liquid < 5, whereas we have 5.4. https://github.com/jekyll/jekyll/pull/9030 I could see ~9 month old open pull request to update to liquid 5. --abhijith
Bug#995625: httping FTBFS: error: format not a string literal and no format arguments [-Werror=format-security]
Thank you folkert. I will be very happy to take the patch, if you have committed in upstream repo. :) --abhijith On 03/10/21 07:49 PM, folkert wrote: > replace it by: > > wprintw(w, "%s", what); > > On Sun, Oct 03, 2021 at 07:48:19AM +0200, Helmut Grohne wrote: > > Source: httping > > Version: 2.5-5.1 > > Severity: serious > > Tags: ftbfs > > > > httping fails to build from source in unstable on amd64. A non-parallel > > build ends as follows: > > > > | x86_64-linux-gnu-gcc -g -O2 -ffile-prefix-map=/<>=. > > -fstack-protector-strong -Wformat -Werror=format-security -Wall -W -Wextra > > -pedantic -D_FORTIFY_SOURCE=2 -DVERSION=\"2.5\" > > -DLOCALEDIR=\"/usr/share/locale\" -DTCP_TFO -DNC -DFW -D_DEBUG -ggdb > > -Wdate-time -D_FORTIFY_SOURCE=2 -c -o nc.o nc.c > > | nc.c: In function ???myprint???: > > | nc.c:238:3: error: format not a string literal and no format arguments > > [-Werror=format-security] > > | 238 | wprintw(w, what); > > | | ^~~ > > | nc.c: In function ???draw_graph???: > > | nc.c:611:24: warning: unused parameter ???val??? [-Wunused-parameter] > > | 611 | void draw_graph(double val) > > | | ~~~^~~ > > | nc.c: In function ???status_line???: > > | nc.c:389:2: warning: ignoring return value of ???vasprintf??? declared > > with attribute ???warn_unused_result??? [-Wunused-result] > > | 389 | vasprintf(&line, fmt, ap); > > | | ^ > > | cc1: some warnings being treated as errors > > | make[1]: *** [: nc.o] Error 1 > > | make[1]: Leaving directory '/<>' > > | dh_auto_build: error: make -j1 returned exit code 2 > > | make: *** [debian/rules:10: build] Error 25 > > | dpkg-buildpackage: error: debian/rules build subprocess returned exit > > status 2 > > > > This is likely caused by ncurses adding format string annotations. > > > > Helmut > > > Folkert van Heusden > > -- > MultiTail ist eine flexible Applikation um Logfiles und Kommando > Eingaben zu überprüfen. Inkl. Filter, Farben, Zusammenführen, > Ansichten etc. http://www.vanheusden.com/multitail/ > -- > Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com
Bug#988109: buster-pu: package mqtt-client/1.14-1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@debian.org Hello Stable release team, I would like to update mqtt-client in buster for fixing CVE-2019-0222. It is fixed in stretch, bullseye and sid. Right now stretch-security has a newer version(1.14-1+9u1) than buster, breaking clean upgrades to buster. CVE-2019-0222 is no-dsa thus using pu. Vcs field URL also updated. Debdiff is attached. Please allow to upload this fix to Buster. --abhijith -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-4-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru mqtt-client-1.14/debian/changelog mqtt-client-1.14/debian/changelog --- mqtt-client-1.14/debian/changelog 2016-07-19 13:30:10.0 +0530 +++ mqtt-client-1.14/debian/changelog 2021-05-21 21:59:49.0 +0530 @@ -1,3 +1,13 @@ +mqtt-client (1.14-1+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2019-0222: unmarshalling corrupt MQTT frame can lead to +broker Out of Memory exception making it unresponsive. +(Closes: #988109) + * Update Vcs-* URL in d/control. + + -- Abhijith PA Fri, 21 May 2021 21:59:49 +0530 + mqtt-client (1.14-1) unstable; urgency=medium * New upstream release diff -Nru mqtt-client-1.14/debian/control mqtt-client-1.14/debian/control --- mqtt-client-1.14/debian/control 2016-07-19 13:28:53.0 +0530 +++ mqtt-client-1.14/debian/control 2021-05-21 21:59:49.0 +0530 @@ -10,8 +10,8 @@ libmaven-bundle-plugin-java, maven-debian-helper (>= 1.5) Standards-Version: 3.9.8 -Vcs-Git: https://anonscm.debian.org/git/pkg-java/mqtt-client.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/mqtt-client.git +Vcs-Git: https://salsa.debian.org/java-team/mqtt-client.git +Vcs-Browser: https://salsa.debian.org/java-team/mqtt-client Homepage: http://mqtt-client.fusesource.org Package: libmqtt-client-java diff -Nru mqtt-client-1.14/debian/patches/CVE-2019-0222.patch mqtt-client-1.14/debian/patches/CVE-2019-0222.patch --- mqtt-client-1.14/debian/patches/CVE-2019-0222.patch 1970-01-01 05:30:00.0 +0530 +++ mqtt-client-1.14/debian/patches/CVE-2019-0222.patch 2021-05-21 21:59:02.0 +0530 @@ -0,0 +1,21 @@ +Description: CVE-2019-0222 + + unmarshalling corrupt MQTT frame can lead + to broker Out of Memory exception making it unresponsive. + +Author: Abhijith PA + +diff --git a/mqtt-client/src/main/java/org/fusesource/mqtt/codec/MessageSupport.java b/mqtt-client/src/main/java/org/fusesource/mqtt/codec/MessageSupport.java +index 08fb8391abbbdb365310cda08373b3a7e4befc3e..a0a5e8ee4cec70d37b9c451e9f2bd02010107dfa 100644 +--- a/mqtt-client/src/main/java/org/fusesource/mqtt/codec/MessageSupport.java b/mqtt-client/src/main/java/org/fusesource/mqtt/codec/MessageSupport.java +@@ -62,6 +62,9 @@ public final class MessageSupport { + + static protected UTF8Buffer readUTF(DataByteArrayInputStream is) throws ProtocolException { + int size = is.readUnsignedShort(); ++if (size < 0) { ++throw new ProtocolException("Invalid message encoding"); ++} + Buffer buffer = is.readBuffer(size); + if (buffer == null || buffer.length != size) { + throw new ProtocolException("Invalid message encoding"); diff -Nru mqtt-client-1.14/debian/patches/series mqtt-client-1.14/debian/patches/series --- mqtt-client-1.14/debian/patches/series 1970-01-01 05:30:00.0 +0530 +++ mqtt-client-1.14/debian/patches/series 2021-05-21 21:59:02.0 +0530 @@ -0,0 +1 @@ +CVE-2019-0222.patch signature.asc Description: PGP signature
Bug#977752: spip: package spip is unusable without libapache2-mod-php
Package: spip Version: 3.2.8-1 Severity: grave Justification: renders package unusable Hello, After a fresh install and going through README.debian. I cannot start apache2 service due to, Dec 20 09:44:26 debian systemd[1]: Starting The Apache HTTP Server... Dec 20 09:44:27 debian apachectl[9556]: AH00526: Syntax error on line 28 of /etc/apache2/sites-enabled/000-default.conf: Dec 20 09:44:27 debian apachectl[9556]: Invalid command 'php_flag', perhaps misspelled or defined by a module not included in> Dec 20 09:44:27 debian apachectl[9546]: Action 'start' failed. Dec 20 09:44:27 debian apachectl[9546]: The Apache error log may have more information. Dec 20 09:44:27 debian systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE Dec 20 09:44:27 debian systemd[1]: apache2.service: Failed with result 'exit-code'. Dec 20 09:44:27 debian systemd[1]: Failed to start The Apache HTTP Server. After installing libapache2-mod-php, this went OK. Let me know if it just me. --abhijith -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-4-amd64 (SMP w/4 CPU threads) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages spip depends on: pn fonts-dustin pn libjs-excanvas ii libjs-jquery 3.5.1+dfsg+~3.5.4-3 pn libjs-jquery-colorbox pn libjs-jquery-flot pn libjs-jquery-form pn libjs-jquery-migrate-1 ii libjs-jquery-ui 1.12.1+dfsg-7 pn libjs-mediaelement pn libjs-moment pn node-js-cookie pn php-common pn php-getid3 pn php-mysql | php-pgsql | php-sqlite3 pn php-pclzip pn php-xml pn php-xml-htmlsax3 Versions of packages spip recommends: pn apache2 | httpd pn default-mysql-server | virtual-mysql-server | postgresql ii netpbm2:10.0-15.3+b2 pn php-sqlite3 spip suggests no packages.
Bug#955535: Bug #955535: httping: flaky autopkgtest: PING google.com:80
Hi Aron On 03/04/20 7:24 am, Aron Xu wrote: > Hi, > > The two different results are caused by different CI workers - some of > our workers at ci.d.n does not have reliable network to public > services, in this case to google.com:80, which makes the test result > flaky. > > Would you mind to consider setting up something locally (a small web > server) in testing environment to facilitate this test? If that's okay > I can help to cook a patch. Yep, I was planning to run python simplehttpserver. If you are interested in preparing a patch you are more than welcome. :) --abhijith
Bug#955535: httping: flaky autopkgtest: PING google.com:80
Thanks for reporting. On 02/04/20 12:26 pm, Sebastian Andrzej Siewior wrote: > Source: httping > Version: 2.5-5 > Severity: serious > Tags: sid bullseye > User: debian...@lists.debian.org > Usertags: flaky > > The test for httping passed on amd64[0] and failed on arm64[1]. Looking > at the failed log > |autopkgtest [17:03:58]: test command3: httping -F -c 4 http://google.com > |autopkgtest [17:03:58]: test command3: [--- > |PING google.com:80 (/): > |connect time out > | > |connect time out > | > |connect time out > | > |connect time out > | > |--- http://google.com/ ping statistics --- > |4 connects, 0 ok, 100.00% failed, time 124118ms > |autopkgtest [17:06:02]: test command3: ---] > |autopkgtest [17:06:02]: test command3: - - - - - - - - - - results - - - - > - - - - - - > |command3 FAIL non-zero exit status 127 > |autopkgtest [17:06:02]: summary > |command1 PASS > |command2 PASS > |command3 FAIL non-zero exit status 127 > > it seems to have failed because the test is not allowed to connect to > the internet (or google itself). > Could it be verified what the test policy is in regard to network access > and then > - run the test again once CI enabled network access on all nodes > - removed that test from CI. httping -F -c 4 http://google.com was kind of off hand smoke test. It was working in amd64 ci and I didn't bothered to look in to other archs. I will try to run some simple http server locally and ping to that. --abhijith
Bug#937249: closed by Abhijith PA (Bug#937249: fixed in patool 1.12-4)
Hi Adrian, On 15/01/20 5:47 pm, Adrian Bunk wrote: > On Tue, Dec 17, 2019 at 03:21:07PM +, Debian Bug Tracking System wrote: >> ... >> Architecture: source all >> Version: 1.12-4 >> ... > > Please make a source-only upload to allow testing migration. Currently I don't have any change to make a new source only upload. But I am working on one of its lintian warning[1]. Once it is solved, I will make a source only upload. --abhijith [1] W: patool: python-module-in-wrong-location usr/lib/python3.8/dist-packages/_patool_configdata.py usr/lib/python3/dist-packages/_patool_configdata.py
Bug#927126: aqemu: after updating can't open VMs
You are looking for sponsor ? Well I can help you with it. I am DD. On 19 May 2019 2:04:41 AM IST, Alexis Murzeau wrote: >Le 18/05/2019 à 05:27, Abhijith PA a écrit : >> Dear Alexis. >> >> I tried your build and its working for me, thanks. I think you should >> upload to archive. We still have time, isn't ? >> >> >> --abhijith >> > >Yes it should be fine. FYI, I've made a RFS to upload the NMU'ed >package: >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929180 > >-- >Alexis Murzeau >PGP: B7E6 0EBB 9293 7B06 BDBC 2787 E7BD 1904 F480 937F -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Bug#927126: aqemu: after updating can't open VMs
Dear Alexis. On 18/05/19 3:18 am, Alexis Murzeau wrote: > Le 14/05/2019 à 05:28, Abhijith PA a écrit : >> >> >> On 29/04/19 1:22 am, Alexis Murzeau wrote: >>> The vlan argument issue has a upstream issues open [0]. >>> >>> [0] : >>> - https://github.com/tobimensch/aqemu/issues/58 >>> - https://github.com/tobimensch/aqemu/issues/57 >> >> The error log in issue 57 is same as what I get. >> >>> - https://github.com/tobimensch/aqemu/pull/61 >> >> Yes, please >> https://github.com/tobimensch/aqemu/pull/61/commits/9ff55188fb8479e573d6ed6f5669147af48316a9 >> try to backport this patch. I can help you in testing. >> >> >> --abhijith >> > > I've put a test package that include the more complete commit: > https://github.com/pcwizzy37/aqemu/commit/37d5447126343cc7a70b95c6e73d670be444a05d > > The package is available in this repository: > https://github.com/amurzeau/apt-repository/ > > Instructions to install the repository are in the README.md file. > I tried your build and its working for me, thanks. I think you should upload to archive. We still have time, isn't ? --abhijith
Bug#927126: aqemu: after updating can't open VMs
On 29/04/19 1:22 am, Alexis Murzeau wrote: > The vlan argument issue has a upstream issues open [0]. > > [0] : > - https://github.com/tobimensch/aqemu/issues/58 > - https://github.com/tobimensch/aqemu/issues/57 The error log in issue 57 is same as what I get. > - https://github.com/tobimensch/aqemu/pull/61 Yes, please https://github.com/tobimensch/aqemu/pull/61/commits/9ff55188fb8479e573d6ed6f5669147af48316a9 try to backport this patch. I can help you in testing. --abhijith
Bug#927126: aqemu: after updating can't open VMs
On 14/05/19 4:02 am, Alexis Murzeau wrote: > Le 28/04/2019 à 21:52, Alexis Murzeau a écrit : ... > As this package is going to be removed if nothing happen, I will try to > backport a patch from upstream forks. > popcon indicate that is really used (while I don't use it myself), and > might be more used given virtualbox was removed from buster [0]. > > > [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794466 > Yes, please go ahead I can help you with testing.
Bug#927126: aqemu: after updating can't open VMs
Hi, I missed this mail somehow. Sorry for the late reply On 29/04/19 1:22 am, Alexis Murzeau wrote: > On Mon, 15 Apr 2019 16:55:13 +0530 Abhijith PA wrote: >> I recently updated aqemu and ended up in not able to open VMs. >> >> Following is the message is what I get when I open VMs >> >> AQEMU Error [264] >>> >> Sender: QEMU return value != 0 >> Message: >> > > Hi, > > When you right-click on your VM and choose "Show QEMU Arguments", what > are the arguments of qemu ? > If you try to run the command directly in a console, does it works ? > If not, what's the qemu error ? > > I tried myself and got errors about the vlan option. > This option seems to be deprecated since a long time and removed now. Yes, I can manually run vm when those arguments (removing vlan) are copied. > The vlan argument issue has a upstream issues open [0]. > > [0] : > - https://github.com/tobimensch/aqemu/issues/58 > - https://github.com/tobimensch/aqemu/issues/57 > - https://github.com/tobimensch/aqemu/pull/61 >
Bug#927126: aqemu: after updating can't open VMs
Package: aqemu Version: 0.9.2-2.1 Severity: grave Justification: renders package unusable I recently updated aqemu and ended up in not able to open VMs. Following is the message is what I get when I open VMs AQEMU Error [264] >>> Sender: QEMU return value != 0 Message: -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages aqemu depends on: ii libc62.28-8 ii libgcc1 1:8.3.0-6 ii libqt5core5a 5.11.3+dfsg1-1 ii libqt5dbus5 5.11.3+dfsg1-1 ii libqt5gui5 5.11.3+dfsg1-1 ii libqt5network5 5.11.3+dfsg1-1 ii libqt5printsupport5 5.11.3+dfsg1-1 ii libqt5test5 5.11.3+dfsg1-1 ii libqt5widgets5 5.11.3+dfsg1-1 ii libstdc++6 8.3.0-6 ii libvncclient10.9.11+dfsg-1.3 ii qemu 1:3.1+dfsg-7 Versions of packages aqemu recommends: ii qemu-kvm 1:3.1+dfsg-7 aqemu suggests no packages. -- no debconf information
Bug#891407: httping: diff for NMU version 2.5-1.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Adrian, Something happened with my mail queue as I got the mails ( from autoremoval, then ftp master) today. Thanks for taking care of #891407. You can go ahead and directly upload to the archive. Regards. - --abhijith. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlqvfhcACgkQhj1N8u2c KO/eXhAAlr3marGaY2r+s+kZNimZhsv+02IWREFP6X2KHAamLy5LEWOXmxf9g/Fg MpjQRfGQlgY9guy5icKLHR7sKMeVnyZzCzeCvaIH6aECZ1s/3OkkSX33HrL/vNK1 MbSpwpPwbSGUzSjr+N4OkuvL7gjCdYmPuwr+IJmUkBGDpD6Ld4BDSfycatY2lWia s/nvEud5+2kvZqVJStdfwPW5qkLTVBmwHut3ehKhDA/T2y/tc9DJ6kM2q2xyP+tK W4/Es30sbMrKzod6WpMOfXRRaKumi6kD4hf+SKuJHZ9SYMmnYjtHFZwQaBKyGWmW Au3wjPz6v9PBPlO/p4BqB8MPUZf+fNUGN8Vo0oPiWSwu7/K8/l7Fwa4VtHmyeB2O EsK2qRKMrMgIURwSxdeD6gVZg04g9S5hjLeew9sKisBLuGh7CUoRAqjlVfmXVUim MIWzGE3a2D39m1wnHQRbIbW7xp5G8bxUuoX93/x1Wx2cCWWvzUQnNT7wKE3BoSw3 d0kz51gCDHSkhSrLCNDxwujpf9cEXl9MFjT/0snY72LxD0M/krfDGbBmVq0nsENJ +KwLjlEA9QVQUXjp/T3986b5p/I67+pRxyD7y4Qqg3oy4cU6XCU6ixZyfWuYT/3i LN53YebUGdN5O2KwDTinNN2IergOtUCSO5k65dcbbeZO4AMVgU4= =Cz+B -END PGP SIGNATURE-
Bug#845987: [Python-apps-team] Bug#845987: Makes planet not work at all
Hello. I prepared NMU for this bug. Debdiff is attached. Please review and acknowledge. If there is no objection, I could upload after two days. Thanks. diff -Nru planet-venus-0~git9de2109/debian/changelog planet-venus-0~git9de2109/debian/changelog --- planet-venus-0~git9de2109/debian/changelog 2016-02-17 16:25:44.0 + +++ planet-venus-0~git9de2109/debian/changelog 2018-01-06 06:22:51.0 + @@ -1,3 +1,13 @@ +planet-venus (0~git9de2109-4.1) unstable; urgency=high + + * Non-maintainer upload. + * Incorporate a patch along with html5lib-no_XHTMLSerializer.patch, + for fixing python-html5lib version bug. ( Closes: #845987) + * Switch to compact version 9 + * Refresh removevendordeps.patch + + -- Abhijith PA Sat, 06 Jan 2018 11:52:51 +0530 + planet-venus (0~git9de2109-4) unstable; urgency=medium * Team upload. diff -Nru planet-venus-0~git9de2109/debian/patches/html5lib-no_XHTMLSerializer.patch planet-venus-0~git9de2109/debian/patches/html5lib-no_XHTMLSerializer.patch --- planet-venus-0~git9de2109/debian/patches/html5lib-no_XHTMLSerializer.patch 2014-05-08 14:05:25.0 + +++ planet-venus-0~git9de2109/debian/patches/html5lib-no_XHTMLSerializer.patch 2018-01-06 06:22:51.0 + @@ -1,12 +1,18 @@ Description: Adjust to html5lib 0.999 There are several changes in html5lib (and feedparser) that need some adaptations (tested to comply with the test suite mainly). -Author: Olivier Berger + -- + edit: A patch from #845987 is incorporated along with this patch. Thanks + to Jakob Haufe . -diff --git a/planet/scrub.py b/planet/scrub.py -index fef5c22..bd707f1 100644 a/planet/scrub.py -+++ b/planet/scrub.py +Date: 2018-01-06 +Author: Olivier Berger , +Abhijith PA + +Index: planet-venus-0~git9de2109/planet/scrub.py +=== +--- planet-venus-0~git9de2109.orig/planet/scrub.py planet-venus-0~git9de2109/planet/scrub.py @@ -128,24 +128,23 @@ def scrub(feed_uri, data): node['value'] = feedparser._resolveRelativeURIs( node.value, node.base, 'utf-8', node.type) @@ -19,12 +25,25 @@ -doc = minidom.parseString(node['value']) - except: -node['type']='text/html' -- ++if node['value']: ++# Run this through HTML5's sanitizer ++doc = None ++if 'xhtml' in node['type']: ++try: ++from xml.dom import minidom ++doc = minidom.parseString(node['value']) ++except: ++node['type']='text/html' + -if not doc: - from html5lib import html5parser, treebuilders - p=html5parser.HTMLParser(tree=treebuilders.getTreeBuilder('dom')) - doc = p.parseFragment(node['value'], encoding='utf-8') -- ++if not doc: ++from html5lib import html5parser, treebuilders ++ p=html5parser.HTMLParser(tree=treebuilders.getTreeBuilder('dom')) ++doc = p.parseFragment(node['value']) + -from html5lib import treewalkers, serializer -from html5lib.filters import sanitizer -walker = sanitizer.Filter(treewalkers.getTreeWalker('dom')(doc)) @@ -32,28 +51,15 @@ -tree = xhtml.serialize(walker, encoding='utf-8') - -node['value'] = ''.join([str(token) for token in tree]) -+if node['value']: -+# Run this through HTML5's sanitizer -+doc = None -+if 'xhtml' in node['type']: -+try: -+from xml.dom import minidom -+doc = minidom.parseString(node['value']) -+except: -+node['type']='text/html' -+ -+if not doc: -+from html5lib import html5parser, treebuilders, sanitizer -+ p=html5parser.HTMLParser(tree=treebuilders.getTreeBuilder('dom'), tokenizer=sanitizer.HTMLSanitizer) -+doc = p.parseFragment(node['value'], encoding='utf-8') -+ +from html5lib import treewalkers, serializer +walker = treewalkers.getTreeWalker('dom')(doc) -+xhtml = serializer.HTMLSerializer(inject_meta_charset = False) ++xhtml = serializer.HTMLSerializer(inject_meta_charset = False, sanitize=True) +tree = xhtml.serialize(walker, encoding='utf-8') +node['value
Bug#845987: Makes planet not work at all
No replies from the maintainer(s). I think, I should go ahead and do a NMU. Thanks -- Abhijith
Bug#886990: transmission: rpc session-id mechanism design flaw results in RCE
Hello. Why isn't this vulnerability have CVE id ?. The security-tracker[1] shows a temporary id. -- Abhijith
Bug#885835: awstats: CVE-2017-1000501: path traversals in config and migrate parameter
Hello. I am working on updating awstats for jessie and stretch. -- Abhijith PA
Bug#845987: Makes planet not work at all
Dear planet-venus maintainer(s). Please merge above patch and upload to archive. It's a serious bug. Thanks.
Bug#822980: ruby-email-reply-parser: FTBFS: test_runner.rb:126:in `exit': no implicit conversion from nil to integer (TypeError)
ec 11 17:01:12 2015 UTC using RSA key ID 4512C22A gpgv: Can't check signature: public key not found dpkg-source: warning: failed to verify signature on ./ruby-email-reply-parser_0.5.8-1.dsc dpkg-source: info: extracting ruby-email-reply-parser in ruby-email-reply-parser-0.5.8 dpkg-source: info: unpacking ruby-email-reply-parser_0.5.8.orig.tar.gz dpkg-source: info: unpacking ruby-email-reply-parser_0.5.8-1.debian.tar.xz I: Building the package I: Running cd /build/*/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" dpkg-buildpackage -us -uc -rfakeroot dpkg-buildpackage: info: source package ruby-email-reply-parser dpkg-buildpackage: info: source version 0.5.8-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Abhijith PA dpkg-buildpackage: info: host architecture amd64 dpkg-source --before-build ruby-email-reply-parser-0.5.8 fakeroot debian/rules clean dh clean --buildsystem=ruby --with ruby dh_testdir -O--buildsystem=ruby dh_auto_clean -O--buildsystem=ruby dh_ruby --clean dh_ruby --clean dh_clean -O--buildsystem=ruby dpkg-source -b ruby-email-reply-parser-0.5.8 dpkg-source: info: using source format '3.0 (quilt)' dpkg-source: info: building ruby-email-reply-parser using existing ./ruby-email-reply-parser_0.5.8.orig.tar.gz dpkg-source: info: building ruby-email-reply-parser in ruby-email-reply-parser_0.5.8-1.debian.tar.xz dpkg-source: info: building ruby-email-reply-parser in ruby-email-reply-parser_0.5.8-1.dsc debian/rules build dh build --buildsystem=ruby --with ruby dh_testdir -O--buildsystem=ruby dh_update_autotools_config -O--buildsystem=ruby dh_auto_configure -O--buildsystem=ruby dh_ruby --configure dh_auto_build -O--buildsystem=ruby dh_ruby --build dh_ruby --build dh_auto_test -O--buildsystem=ruby dh_ruby --test fakeroot debian/rules binary dh binary --buildsystem=ruby --with ruby dh_testroot -O--buildsystem=ruby dh_prep -O--buildsystem=ruby dh_auto_install -O--buildsystem=ruby dh_ruby --install /build/ruby-email-reply-parser-0.5.8/debian/ruby-email-reply-parser dh_ruby --install ┌──┐ │ Install files│ └──┘ install -d /build/ruby-email-reply-parser-0.5.8/debian/ruby-email-reply-parser/usr/lib/ruby/vendor_ruby install -D -m644 /build/ruby-email-reply-parser-0.5.8/lib/email_reply_parser.rb /build/ruby-email-reply-parser-0.5.8/debian/ruby-email-reply-parser/usr/lib/ruby/vendor_ruby/email_reply_parser.rb ┌──┐ │ Install Rubygems integration metadata│ └──┘ generating gemspec at /build/ruby-email-reply-parser-0.5.8/debian/ruby-email-reply-parser/usr/share/rubygems-integration/all/specifications/email_reply_parser-0.5.8.gemspec /usr/bin/ruby2.3 /usr/bin/gem2deb-test-runner ┌──┐ │ Run tests for ruby2.3 from debian/ruby-test-files.yaml │ └──┘ RUBYLIB=/build/ruby-email-reply-parser-0.5.8/debian/ruby-email-reply-parser/usr/lib/ruby/vendor_ruby:. GEM_PATH=debian/ruby-email-reply-parser/usr/share/rubygems-integration/all:/var/lib/gems/2.3.0:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.3.0:/usr/share/rubygems-integration/2.3.0:/usr/share/rubygems-integration/all ruby2.3 -ryaml -e YAML.load_file\(\"debian/ruby-test-files.yaml\"\).each\ \{\ \|f\|\ require\ f\ \} Loaded suite -e Started ... Finished in 0.069021785 seconds. --- 23 tests, 68 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed --- 333.23 tests/s, 985.20 assertions/s ┌──┐ │ dh_ruby --install finished │ └──┘ dh_installdocs -O--buildsystem=ruby dh_ruby_fixdocs -O--buildsystem=ruby dh_installchangelogs -O--buildsystem=ruby dh_perl -O--buildsystem=ruby dh_link -O--buildsystem=ruby dh_strip_nondeterminism -O--buildsystem=ruby dh_compress -X.rb -O--buildsystem=ruby dh_fixperms -O--buildsystem=ruby dh_installdeb -O--buildsystem=ruby
Bug#818472: ruby-diaspora-vines: unsatisfiable Depends: ruby-eventmachine (>= 1.0.8)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 sudheesh shetty, Try adding ruby-eventmachine to build-Depends and, The lintian warning:timewarp-standards-version will be automatically fixed when you fix this RC bug. - -- അഭിജിത്ത് പി എ -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXDzGUAAoJEIY9TfLtnCjvX7oQAIEkOpMReJbEkj5SoEGYDt+A /hdoJMCwS1jrWx7Lay+hHyFZmMZ7zr7gW+zsbYX73GppaYdtYgDcFVuRItDXx4Ow 8kOS6OrckQFKeWodtsnfjKWW1xrdW+n6xGNaCPSsVfGioZKR7TY6CC2TQJPrZ192 ggqs6iFlMbIqeOFGpFtoFI/YzKWbZfB69osToQ/bXEnYN2W5DHwt2P3X/G51d2tm i2TWfa3+Fhoro+RezFnkZWFhFi7/FrEDOKSTQGMjeWP8LZKbCuWllD13/YjuYR5L RFLpb3WDtc9Inq4yhsnnJ9I80z4K5mtDyLpCgY2sLP2VWzGXdsk1oVrRX6wqPgqC 5W4tFCnvttK0FP8Arvs2qDyXFos0nyyiUwcQZB5/UOs3QEjqk/XGwB/fWMWjD55x jnZNxFohA9DVFizcrsqdISfVV2vNrEtG0/Sflvi5NiyKmVFjYk3SGrWbyCimTtwR 1eekaqMSNNoitKbr0OhfQag/J9Dlp/qPfHAoDHEwvGLjv8uugUon+sXbJgURZye0 McpbpRGbFZEQyQFRchE5gk+KNsA8FEh8MNJ6v9kSmgFzwHl3iY2s8IyVtJjDVTki /W8g4g6u3odMV+ntJxbBHcH1i9oHvd/aiiZdegsWJ1aZP6M4Ce7U+bfrbmjEm1Qd v+2s+4nJCteWWDaAxjxl =4NKe -END PGP SIGNATURE-