Bug#791574: [Reproducible-builds] Bug#791574: strip-nondeterminism: failure in zip.pm, breaking package builds
severity 791574 important thanks On Fri, 17 Jul 2015 20:08:13 +0200 Andreas Tille wrote: > Ahhh, that's interesting. My situation is that I just wanted to find > out why some of our team packages are about to be removed. I do not > expect myself to be very helpful in fixing the problem. The only > thing I would like to know is why this bug is qualified as serious if > there is no build error when using the available tools but fails only > with a patched tool. IMHO this does qualify as important as > maximum. Please do not understand me wrong: Any bug should be fixed > but I see no point in kicking a chain of packages out uf testing only > because a package using a patched debhelper fails to build. Hi Andreas, I agree the severity was set too high considering it only affected builds with a patched debhelper. I had no idea strip-nondeterminism had accumulated so many reverse dependencies, or I would have been more proactive about making sure packages outside of the reproducible builds effort weren't bothered with an auto-removal notice. I just decreased the severity, and a fixed package will be uploaded to unstable soon anyways, so you don't have to worry about your packages being kicked out. Cheers, Andrew -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#791574: Fixed, pending upload
tags 791574 + fixed-upstream tags 791574 + pending thanks This was caused by a zip64 archive in the golang test suite. Archive::Zip, and hence strip-nondeterminism, doesn't support zip64 archives. Fortunately, zip64 archives are rare and the one in the golang source doesn't contain any nondeterminism, so I've modified strip-nondeterminism to just ignore zip64 archives. -- Andrew -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#718315: Please reduce severity of bug
Dear Maintainer, I do not believe that this bug constitutes a security vulnerability or that it deserves grave severity. To be exploited remotely, you have to execute an untrusted XSLT stylesheet, which is similar to executing untrusted arbitrary code, and is a bad idea for reasons much more severe than this DoS. For example, using external entities and the document() function, an untrusted XSLT stylesheet can read arbitrary files from the filesystem and upload their contents to a Web server on the Internet. So in order to safely execute an untrusted XSLT stylesheet, you really need to run the XSLT processor in a sandbox with restricted filesystem and network access. At that point you might as well use ulimit or cgroups to prevent resource consumption such as from infinite recursion. As for exploiting locally, there are already a plethora of ways for a local user to DoS the system, such as by running a fork bomb in bash. In these ways, Xalan is similar to an interpreter like bash or perl. The fact that malicious programs can do great harm to a system if interpreted by bash or perl does not constitute a security vulnerability in bash or perl, and nor should it in Xalan. I therefore propose that the severity of this bug be reduced to important or normal so that Xalan can migrate to Testing. It would be a shame for Xalan to not make it into Jessie because of this. Regards, Andrew -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#756389: libndp: CVE-2014-3554: buffer overflow
Hi, An updated package has been prepared. Just waiting for my sponsor to upload. Regards, Andrew -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#731644: libhdhomerun-dev: Header files should be installed to /usr/include, not /usr/lib
Package: libhdhomerun-dev Version: 20120405-1 Severity: serious Justification: Policy 9.1.1 Dear Maintainer, Thanks for maintaining libhdhomerun in Debian. I noticed that libhdhomerun-dev installs its header files to /usr/lib/libhdhomerun. It should install them to /usr/include/libhdhomerun instead, per the FHS. Regards, Andrew -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#713040: t1-xfree86-nonfree: Does not create symlinks in X11 fonts directory
Package: t1-xfree86-nonfree Version: 4.2.1-3.1 Severity: grave Tags: patch Justification: renders package unusable Dear Maintainer, This package does not install any symlinks for its font files in /usr/share/fonts/X11/Type1/, rendering the fonts completely unusable in X11. This bug was introduced when the package transitioned away from defoma (#649825) and a line was inadvertently removed from the rules file, preventing the auto-generation of the symlinks. The attached patch restores the removed line and also fixes the resulting lintian warnings. Thanks, Andrew -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages t1-xfree86-nonfree depends on: ii fontconfig2.9.0-7.1 ii xfonts-utils 1:7.7~1 t1-xfree86-nonfree recommends no packages. Versions of packages t1-xfree86-nonfree suggests: ii xserver-xephyr [xserver] 2:1.12.4-6 ii xserver-xorg [xserver]1:7.7+3~deb7u1 ii xvfb [xserver]2:1.12.4-6 -- no debconf information diff -ruN xfonts-scalable-nonfree-4.2.1.old/debian/rules xfonts-scalable-nonfree-4.2.1/debian/rules --- xfonts-scalable-nonfree-4.2.1.old/debian/rules 2013-06-21 19:43:58.11210 -0400 +++ xfonts-scalable-nonfree-4.2.1/debian/rules 2013-06-21 19:48:10.900143000 -0400 @@ -19,9 +19,10 @@ binary-post-install/t1-xfree86-nonfree:: perl debian/gen-fonts-dir.pl \ - ../../../../../share/fonts/type1/t1-xfree86-nonfree \ + ../../type1/t1-xfree86-nonfree \ debian/t1-xfree86-nonfree/usr/share/fonts/X11/Type1 \ - debian/t1-xfree86-nonfree.scale + debian/t1-xfree86-nonfree.scale \ + debian/t1-xfree86-nonfree.defoma-hints install -m 644 -p debian/t1-xfree86-nonfree.scale debian/t1-xfree86-nonfree/etc/X11/fonts/Type1 getsource: