Bug#1051592: Regression: Commit "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" breaks ruleset loading in linux-stable
On 9/24/23 13:48, Salvatore Bonaccorso wrote: The work for bookworm has been done, but for bullseye: would you be able to help here and prepare the fixes? Unfortunatlly the fixes will not apply cleanly. If we fear to much breakage, maybe upstream can be convinced to help? Hi Salvatore, I don't think I will have a lot of time to work on this in the next few weeks. I'm sorry :-(
Bug#1051592: Regression: Commit "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" breaks ruleset loading in linux-stable
On Sat, Sep 16, 2023, 08:37 Salvatore Bonaccorso wrote: > Hi > > Dropping some recipients for the Debian specific handling of this > issue. So AFAIU upstream will not consider this on src:linux side to > be further handled and needs to be addressed in nftables. > > Arturo: With the patches provided I prepared (as Timo) an update > targetting bookworm for the next point release (bug for release.d.o to > be submitted soon). > > Attached is the proposed debdiff, ans as well as MR on salsa. > > > https://salsa.debian.org/pkg-netfilter-team/pkg-nftables/-/merge_requests/11 > (note not touching thte salsa-ci part was deliberate, but to make the > piuparts test one would need adjustment of the target release. But as > itwas not done for the +deb12u1 itself, I have not touched this) > > The same would be needed OTOH for bullseye as well. Hi Salvatore, thanks for working on this. I just approved the salsa MR Please go ahead an upload to the archive via NMU as required ASAP. I won't be near the keyboard today. really appreciated, thanks, regards.
Bug#1031943: [pkg-netfilter-team] Bug#1031943: Should we do something?
control: severity -1 important On 3/23/23 16:18, Jeremy Sowden wrote: On 2023-03-23, at 15:58:45 +0100, Alberto Molina Coballes wrote: I agree with Arturo, the proposed change should be harmless, but we were not able to reproduce the issue in any of the test performed so I was thinking to lower the severity and apply the patch but don't ask to be included in bookworm. Sounds good to me. Ok, lowering the severity now, thanks.
Bug#1031943: Should we do something?
On Thu, 23 Mar 2023 09:46:05 +0100 Thomas Goirand wrote: Hi, It's been a month since the last entry in this bug, with nobody able to reproduce the bug, and no answer from original submitter. Shall we: - close the bug? - lower severity? - apply the patch? Introducing the proposed change should be harmless. I'd do that, specially if it relax some problems somewhere.
Bug#1012613: nftables: upgrade stops but does not start service
On Fri, 10 Jun 2022 12:21:37 +0200 =?UTF-8?Q?Christian_G=C3=B6ttsche?= wrote: Package: nftables Version: 1.0.4-1 Severity: serious Dear Maintainer, upgrades of nftables stop the service but do not start it (even if the service is actually enabled). This can lead to lockouts, e.g. when using special rules for ssh access. nft.preinst: #!/bin/sh set -e # Automatically added by dh_installsystemd/13.7.1 if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = upgrade ] && [ -d /run/systemd/system ] ; then deb-systemd-invoke stop 'nftables.service' >/dev/null || true fi # End automatically added section nft.postinst: #!/bin/sh set -e # Automatically added by dh_installsystemd/13.7.1 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if deb-systemd-helper debian-installed 'nftables.service'; then # This will only remove masks created by d-s-h on package removal. deb-systemd-helper unmask 'nftables.service' >/dev/null || true if deb-systemd-helper --quiet was-enabled 'nftables.service'; then # Create new symlinks, if any. deb-systemd-helper enable 'nftables.service' >/dev/null || true fi fi # Update the statefile to add new symlinks (if any), which need to be cleaned # up on purge. Also remove old symlinks. deb-systemd-helper update-state 'nftables.service' >/dev/null || true fi # End automatically added section I confirmed this can be a problem: === 8< === ⌂0.65 arturo@nostromo:~ $ apt-cache policy nftables nftables: Installed: 1.0.2-1 Candidate: 1.0.4-1 Version table: 1.0.4-1 500 500 http://deb.debian.org/debian sid/main amd64 Packages *** 1.0.2-1 500 500 http://deb.debian.org/debian testing/main amd64 Packages 100 /var/lib/dpkg/status ⌂0.68 arturo@nostromo:~ $ sudo systemctl status nftables ● nftables.service - nftables Loaded: loaded (/lib/systemd/system/nftables.service; disabled; vendor preset: enabled) Active: active (exited) since Sun 2022-06-19 13:38:11 CEST; 51s ago Docs: man:nft(8) http://wiki.nftables.org Process: 5537 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS) Main PID: 5537 (code=exited, status=0/SUCCESS) CPU: 13ms Jun 19 13:38:11 nostromo systemd[1]: Starting nftables... Jun 19 13:38:11 nostromo systemd[1]: Finished nftables. ⌂0.70 arturo@nostromo:~ $ sudo nft list ruleset table inet filter { chain input { type filter hook input priority filter; policy accept; iif "lo" accept ct state established,related accept tcp dport 22 ct state new accept ip6 nexthdr ipv6-icmp icmpv6 type { nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept counter packets 6 bytes 898 drop } } ⌂0.65 arturo@nostromo:~ $ sudo aptitude install nftables The following packages will be upgraded: libnftables1 nftables 2 packages upgraded, 0 newly installed, 0 to remove and 754 not upgraded. Need to get 365 kB of archives. After unpacking 27.6 kB will be used. Do you want to continue? [Y/n/?] Y Get: 1 http://deb.debian.org/debian sid/main amd64 nftables amd64 1.0.4-1 [71.9 kB] Get: 2 http://deb.debian.org/debian sid/main amd64 libnftables1 amd64 1.0.4-1 [294 kB] Fetched 365 kB in 0s (4,064 kB/s) Reading changelogs... Done (Reading database ... 273043 files and directories currently installed.) Preparing to unpack .../nftables_1.0.4-1_amd64.deb ... Unpacking nftables (1.0.4-1) over (1.0.2-1) ... Preparing to unpack .../libnftables1_1.0.4-1_amd64.deb ... Unpacking libnftables1:amd64 (1.0.4-1) over (1.0.2-1) ... Setting up libnftables1:amd64 (1.0.4-1) ... Setting up nftables (1.0.4-1) ... Processing triggers for man-db (2.10.2-1) ... Processing triggers for libc-bin (2.33-7) ... Current status: 754 (-2) upgradable. ⌂0.78 arturo@nostromo:~ $ sudo nft list ruleset ⌂0.78 arturo@nostromo:~ $ sudo systemctl status nftables ○ nftables.service - nftables Loaded: loaded (/lib/systemd/system/nftables.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:nft(8) http://wiki.nftables.org Jun 19 13:38:11 nostromo systemd[1]: Starting nftables... Jun 19 13:38:11 nostromo systemd[1]: Finished nftables. Jun 19 13:39:13 nostromo systemd[1]: Stopping nftables... Jun 19 13:39:13 nostromo systemd[1]: nftables.service: Deactivated successfully. Jun 19 13:39:13 nostromo systemd[1]: Stopped nftables. === 8< === @Alberto, @Jeremy, It seems to me like we need to play with the dh_installsystemd --no-restart-after-upgrade option, but don't have time to figure out the right logic. I'm currently unable to handle this. Could you please take a look? regards.
Bug#1007829: [pkg-netfilter-team] Bug#1007829: arptables - Fails to install: Too many levels of symbolic links: debdiff for NMU in DELAYED/2
On 4/6/22 13:29, Thomas Goirand wrote: Hi, As per discussion on IRC and check of the existing prerm, arptables already has the logic in prerm to clean-up old symlinks, so I didn't touch it. Discussing on #debian-devel, it was agreed we need to clean-up eventual remainings of the symlink, if they point to /usr/sbin/*, so that's what I've done in the attached patch. I have attached the debdiff for the NMU that I've uploaded to delayed-2. Let me know if that's fine, or if you would like me to "dcut rm" the upload. Works for me, thanks!
Bug#1007829: [pkg-netfilter-team] Bug#1007829: Bug#1007829: arptables - Fails to install: Too many levels of symbolic links
On 4/6/22 10:36, Thomas Goirand wrote: Hi, Please find attached debdiff to fix this bug. I'll be uploading this to DELAYED/2 queue, as this is affecting a lot of people/packages and we need a fix fast. Please let me know if you prefer to fix it yourself and you wish me to "dcut rm" my upload. I was wondering if a similar fix was required in iptables & ebtables. In the case of iptables: https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/-/commit/5b0b40839fbc18eb71130947ed76527b7caccdd1 That code was dropped a few years ago. However, in the case of ebtables: https://salsa.debian.org/pkg-netfilter-team/pkg-ebtables/-/blob/master/debian/ebtables.postinst#L20 The same code is present. In all cases, we need a similar fix for prerm as well, see: https://salsa.debian.org/pkg-netfilter-team/pkg-ebtables/-/commit/5dbd22d1a2c8848d40596524a73d3c3f5e272734
Bug#1008222: bind unicast_src x.y.z.w failed 99 - Cannot assign requested address
Package: keepalived Version: 1:2.1.5-0.2+deb11u1 Severity: grave Tags: upstream X-Debbugs-Cc: art...@debian.org Dear maintainer, thanks for your work with this package, really appreciated. Today I tried upgrading a Debian 10 Buster system to Debian 11 Bullseye. Keepalived refused to work with a previously working setup, error message: === 8< === aborrero@cloudgw2001-dev:~ $ sudo /usr/sbin/keepalived -lD --dont-fork Thu Mar 24 15:59:24 2022: Starting Keepalived v2.1.5 (07/13,2020) Thu Mar 24 15:59:24 2022: WARNING - keepalived was build for newer Linux 5.10.70, running on Linux 5.10.0-12-amd64 #1 SMP Debian 5.10.103-1 (2022-03-07) Thu Mar 24 15:59:24 2022: Command line: '/usr/sbin/keepalived' '-lD' '--dont-fork' Thu Mar 24 15:59:24 2022: Opening file '/etc/keepalived/keepalived.conf'. Thu Mar 24 15:59:24 2022: NOTICE: setting config option max_auto_priority should result in better keepalived performance Thu Mar 24 15:59:24 2022: Starting VRRP child process, pid=17238 Thu Mar 24 15:59:24 2022: Registering Kernel netlink reflector Thu Mar 24 15:59:24 2022: Registering Kernel netlink command channel Thu Mar 24 15:59:24 2022: Opening file '/etc/keepalived/keepalived.conf'. Thu Mar 24 15:59:24 2022: (/etc/keepalived/keepalived.conf: Line 25) Warning - cannot track route 185.15.57.0/29 with no interface specified, not tracking Thu Mar 24 15:59:24 2022: (/etc/keepalived/keepalived.conf: Line 26) Warning - cannot track route 172.16.128.0/24 with no interface specified, not tracking Thu Mar 24 15:59:24 2022: Assigned address 208.80.153.188 for interface eno2.2120 Thu Mar 24 15:59:24 2022: Assigned address fe80::32e1:71ff:fe60:e97d for interface eno2.2120 Thu Mar 24 15:59:24 2022: Registering gratuitous ARP shared channel Thu Mar 24 15:59:24 2022: (VRRP1) removing Virtual Routes Thu Mar 24 15:59:24 2022: (VRRP1) removing VIPs. Thu Mar 24 15:59:24 2022: bind unicast_src 208.80.153.188 failed 99 - Cannot assign requested address Thu Mar 24 15:59:24 2022: (VRRP1): entering FAULT state (src address not configured) Thu Mar 24 15:59:24 2022: (VRRP1) Entering FAULT STATE Thu Mar 24 15:59:24 2022: (VRRP1) removing Virtual Routes Thu Mar 24 15:59:24 2022: VRRP sockpool: [ifindex( 8), family(IPv4), proto(112), fd(-1,-1), unicast, address(208.80.153.188)] ^CThu Mar 24 16:00:05 2022: Stopping Thu Mar 24 16:00:06 2022: Stopped - used 0.002007 user time, 0.00 system time Thu Mar 24 16:00:06 2022: CPU usage (self/children) user: 0.008240/0.003615 system: 0.004120/0.00 Thu Mar 24 16:00:06 2022: Stopped Keepalived v2.1.5 (07/13,2020) === 8< === The config file is pretty straigt forward: === 8< === aborrero@cloudgw2001-dev:~ $ cat /etc/keepalived/keepalived.conf global_defs { } vrrp_instance VRRP1 { state BACKUP interface eno2.2120 virtual_router_id 52 nopreempt priority 6 advert_int 1 authentication { auth_type PASS auth_pass } track_interface { eno2.2107 } virtual_routes { 185.15.57.0/29 table 10 nexthop via 185.15.57.10 dev eno2.2107 onlink 172.16.128.0/24 table 10 nexthop via 185.15.57.10 dev eno2.2107 onlink } virtual_ipaddress { 185.15.57.9/30 dev eno2.2107 208.80.153.190/29 dev eno2.2120 } unicast_peer { 208.80.153.189 } } === 8< === This exact same setup was previously working, and actually, the next version works just fine. Not sure if this has anything to do with the kernel version warning at the beginning. In summary: | keepalived version | Debian | Works? | | |--|| | 1:2.0.10-1 | buster | yes| | 1:2.1.5-0.2+deb11u1 | bullseye | no | | 1:2.2.7-1~bpo11+1 | bullseye-bpo | yes| I'm opeining this bug report mostly so others can find it. Raelly appreciated the bpo package is ready to use. regards.
Bug#985498: missing dependency on cpp
On Fri, 19 Mar 2021 11:09:08 +0100 Arturo Borrero Gonzalez wrote: The fix is rather simple: add cpp as Depends for gridengine-common. I'll send a patch/pull request to the salsa repository soon. Pull request: https://salsa.debian.org/hpc-team/gridengine/-/merge_requests/2 Patch also included here for reference: === 8< === commit 97af886c1e106fe2161d0a704b3e6749323dfb0a (HEAD -> master, origin/master, origin/HEAD) Author: Arturo Borrero Gonzalez Date: Fri Mar 19 11:03:20 2021 +0100 gridengine-common: depends on cpp The script /usr/share/gridengine/util/arch calls /usr/bin/cpp on line 203. Introduce corresponding dependency. Closes: #985498 Signed-off-by: Arturo Borrero Gonzalez diff --git a/debian/control b/debian/control index 8252bc8b3..d9d9a7fa6 100644 --- a/debian/control +++ b/debian/control @@ -39,6 +39,7 @@ Depends: ${misc:Depends}, adduser, bsd-mailx | mailx, + cpp, ucf, tcsh | c-shell, Suggests: === 8< === regards. -- Arturo Borrero Gonzalez SRE / Wikimedia Cloud Services Wikimedia Foundation
Bug#985498: missing dependency on cpp
Package: gridengine-common Version: 8.1.9+dfsg-4+deb9u2 Severity: serious Tags: patch Dear gridengine maintaners, thanks for your work on this package, it is really appreciated. I detected the script /usr/share/gridengine/util/arch calls /usr/bin/cpp on line 203: === 8< === x86_64) if /usr/bin/cpp -dM
Bug#981641: FTBFS with an xsltproc error
On 2/2/21 5:21 PM, Helmut Grohne wrote: On Tue, Feb 02, 2021 at 04:25:36PM +0100, Arturo Borrero Gonzalez wrote: I suspect this might be related to this recent change: https://salsa.debian.org/pkg-netfilter-team/pkg-nftables/-/commit/4eb323698ee7d8e50132fb271c0f3aa92c727285 Could you please check if introducing back docbook-xsl as build-dep fixes the issue? Mea culpa. np! :-) I'm just uploading a new version of nftables, hopefully fixing the issue. Of course, that would get us a bigger dependency tree than before. Quite the opposite of what I wanted to achieve. It would be one with fewer surprises though. What do you think? Adding the asciidoc maintainer to Cc. I don't have a strong opinion. But yes, apparently it feels like it would make sense.
Bug#981641: FTBFS with an xsltproc error
On 2/2/21 2:36 PM, Michael Biebl wrote: Source: nftables Version: 0.9.8-2 Severity: serious Hi, trying to rebuild nftables on sid, I ran into a failure: make[3]: Entering directory '/build/nftables-0.9.8/doc' a2x -L --doctype manpage --format manpage -D . nft.txt a2x -L --doctype manpage --format manpage -D . libnftables-json.adoc a2x -L --doctype manpage --format manpage -D . libnftables.adoc a2x: ERROR: "xsltproc" --stringparam callout.graphics 0 --stringparam navig.graphics 0 --stringparam admon.textlabel 1 --stringparam admon.graphics 0 "/etc/asciidoc/docbook-xsl/manpage.xsl" "/build/nftables-0.9.8/doc/libnftables.xml" returned non-zero exit status 5 make[3]: *** [Makefile:642: libnftables.3] Error 1 make[3]: *** Waiting for unfinished jobs a2x: ERROR: "xsltproc" --stringparam callout.graphics 0 --stringparam navig.graphics 0 --stringparam admon.textlabel 1 --stringparam admon.graphics 0 "/etc/asciidoc/docbook-xsl/manpage.xsl" "/build/nftables-0.9.8/doc/libnftables-json.xml" returned non-zero exit status 5 make[3]: *** [Makefile:645: libnftables-json.5] Error 1 a2x: ERROR: "xsltproc" --stringparam callout.graphics 0 --stringparam navig.graphics 0 --stringparam admon.textlabel 1 --stringparam admon.graphics 0 "/etc/asciidoc/docbook-xsl/manpage.xsl" "/build/nftables-0.9.8/doc/nft.xml" returned non-zero exit status 5 make[3]: *** [Makefile:639: nft.8] Error 1 make[3]: Leaving directory '/build/nftables-0.9.8/doc' make[2]: *** [Makefile:481: all-recursive] Error 1 make[2]: Leaving directory '/build/nftables-0.9.8' make[1]: *** [Makefile:390: all] Error 2 make[1]: Leaving directory '/build/nftables-0.9.8' dh_auto_build: error: make -j4 returned exit code 2 make: *** [debian/rules:15: build] Error 25 Looking at https://buildd.debian.org/status/package.php?p=nftables, this also happened on a few buildds. In my case it happened for amd64. I suspect there was a recent change in the xsltproc toolchain. Hi there, thanks for the report. I suspect this might be related to this recent change: https://salsa.debian.org/pkg-netfilter-team/pkg-nftables/-/commit/4eb323698ee7d8e50132fb271c0f3aa92c727285 Could you please check if introducing back docbook-xsl as build-dep fixes the issue? I might have my local sbuild chroot polluted somehow, I cannot reproduce the issue. CC'ing change author Helmut Grohne
Bug#969058: iptables in buster-backports requires netbase >= 6.0 which is not present in archive
Control: forcemerge -1 969020 On Wed, 26 Aug 2020 20:12:15 + Johan Fleury wrote: > Package: iptables > Version: 1.8.5-3~bpo10+1 > Severity: grave > Justification: renders package unusable > > Dear Maintainer, > > Commit d7ad2173[^1] was backported into the debian/buster-backports > branch and the iptables package version 1.8.5-3~bpo10+1 was pushed to > the buster-backports archive yesterday[^2], but netbase is not present > in version >=6.0 in the archive. I just uploaded netbase 6.1~bpo10+1 to buster-backports. This should fix the problem. Thanks for reporting! > > This makes `iptables` un-upgradable on my system, and even worse, it > lead to it being removed an I cannot install it anymore: this is because the apt pin config you have for the package... The config tells apt to only install the package from buster-bpo, but that package is uninstallable, therefore the deadlock.
Bug#965021: adjust severity
control: severity -1 important This is a bug in a particular option of the software. I'm therefore reducing the bug severity.
Bug#885265: [py3] some fixes to get chirpw running with python3, Fixes #7431
Hi there! I tested chirp from the upstream mercurial repository (py3 branch) today in Debian testing bullseye, and I got it working with python3 with the attached patch. I was able to download the image from a baofeng UV-5RA, modify it and the upload it again. Please, consider merging the attached patch. If the patch requires any mangling please do so yourself, I'm on vacations and I don't plan to follow-up on this. regards. # HG changeset patch # User Arturo Borrero Gonzalez # Date 1596733882 -7200 # Thu Aug 06 19:11:22 2020 +0200 # Branch py3 # Node ID 16906193cd4089786be642ce0af684a72e29cae9 # Parent 68534f20c1418ae8e4cc09f3ff468d0375ba843a [py3] some fixes to get chirpw running with python3, Fixes #7431 This patch contains a couple of small changes to get chirpw running with python3. Signed-off-by: Arturo Borrero Gonzalez diff -r 68534f20c141 -r 16906193cd40 chirp/drivers/uv5r.py --- a/chirp/drivers/uv5r.py Thu Feb 13 16:35:52 2020 -0800 +++ b/chirp/drivers/uv5r.py Thu Aug 06 19:11:22 2020 +0200 @@ -587,7 +587,7 @@ data += _read_block(radio, i, 0x40, False) if append_model: -data += radio.MODEL.ljust(8) +data += bytes(radio.MODEL.ljust(8), 'utf-8') LOG.debug("done.") return memmap.MemoryMapBytes(data) diff -r 68534f20c141 -r 16906193cd40 chirp/drivers/vx6.py --- a/chirp/drivers/vx6.py Thu Feb 13 16:35:52 2020 -0800 +++ b/chirp/drivers/vx6.py Thu Aug 06 19:11:22 2020 +0200 @@ -871,5 +871,5 @@ elif setting == "password": newval = self._encode_chars(newval, 4) setattr(_settings, setting, newval) -except Exception, e: +except: raise diff -r 68534f20c141 -r 16906193cd40 chirp/ui/mainapp.py --- a/chirp/ui/mainapp.py Thu Feb 13 16:35:52 2020 -0800 +++ b/chirp/ui/mainapp.py Thu Aug 06 19:11:22 2020 +0200 @@ -1137,7 +1137,7 @@ query = "http://chirp.danplanet.com/query/rb/1.0/app_direct; \ "?loc=%s=%s=%s" % (loc, band, dist) -print query +print(query) # Do this in case the import process is going to take a while # to make sure we process events leading up to this
Bug#965021: conntrackd: segfaults when not disabling internal cache
Control: tags -1 confirmed upstream Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1445 On Tue, 14 Jul 2020 17:04:17 +0200 Thomas Schneider wrote: > Package: conntrackd > Version: 1:1.4.5-2 > Severity: grave > Justification: renders package unusable > > Dear Maintainer, > > I’m experiencing a problem with conntrackd. > Thanks for the report. I was able to reproduce the problem. Hopefully a fix will be available soon.
Bug#949518: iptables-restore empty line not accepted any more (regression)
This seems to be fixed by this upstream patch: https://git.netfilter.org/iptables/commit/?id=8e76391096f12212985c401ee83a67990aa27a29 Will try to include this fix in the iptables package soon.
Bug#950637: update build-dep on iptables-dev
Source: xtables-addons Version: 3.7-1 Severity: serious It seems xtables-addons build-deps on iptables-dev, which no longer exists. Please update the build-deps of xtables-addons. You probably need the libxtables-dev package instead. This is apparently preventing the migration of iptables from sid to testing. regards. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-3-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#946289: ufw: fails to start with iptables 1.8.4
On Mon, 6 Jan 2020 12:38:52 -0600 Jamie Strandboge wrote: > On Fri, 13 Dec 2019, Jamie Strandboge wrote: > > > I can confirm this. It looks like iptables-restore and iptables6-restore > > in 1.8.4 has broken -n behavior with the nft varieties. > > This is https://bugzilla.netfilter.org/show_bug.cgi?id=1394 > This is probably fixed by: https://git.netfilter.org/iptables/commit/?id=a103fbfadf4c17b8b12caa57eef72deaaa71a18c
Bug#947176: [pkg-netfilter-team] Bug#947176: libiptc.pc non-functional
On 1/11/20 12:04 PM, Michael Biebl wrote: > Hi Arturo > > On Sun, 22 Dec 2019 15:06:02 +0100 Michael Biebl wrote: >> >> 1/ Have a single libiptc-dev package which contains all development files >> 2/ Have a libip6tc-dev package which contains all development files >> related to libip6tc, have a libip4tc-dev package which contains all >> development files related to libip4tc and have libiptc-dev (convenience) >> package which contains libiptc.pc and depends on both libip6tc-dev and >> libip4tc-dev >> > > Have you decided how you want to proceed from here? > Would welcome your feedback. > Option 2) is probably the way to go. I didn't have time to get to this yet. Perhaps @alberto have some spare cycles? regards.
Bug#944748: [pkg-netfilter-team] Bug#944748: nftables: no init script
Control: tags -1 wontfix Control: severity -1 normal On 11/14/19 7:00 PM, Thorsten Glaser wrote: > [..] > > However, nftables appears to ship a systemd unit, which is a > clear violation of Policy §9.11: > “However, any package integrating with other init systems > must also be backwards-compatible with sysvinit by providing a SysV- > style init script with the same name as and equivalent functionality > to any init-specific job, as this is the only start-up configuration > method guaranteed to be supported by all init implementations.” > > I checked latest version of Policy, and this is still there. > So please make a stable update adding an init script. > Hey! Thanks for getting in touch. I'm sorry, but I don't plan to work on any kind of sysvinit support for nftables. That Debian Policy bit is known to be flawed and a work in progress, to better reflect the reality of now-a-days Debian systems [0]. If you are aware of that, I wonder what is the purpose of this bug report. If you weren't aware of that, I'm glad now you are :-) Anyway, I'm closing the bug report as wontfix. regards. [0] https://lists.debian.org/debian-devel-announce/2019/10/msg2.html
Bug#932498: issue with iptables -L
Control: severity -1 normal Control: tags -1 = moreinfo unreproducible I can't reproduce this bug: % sudo iptables -L [sudo] password for arturo: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Please include more context information or I will close the bug as bogus.
Bug#929527: [pkg-netfilter-team] Bug#929527: Bug#929527: Bug#914694
Control: severity -1 important On 6/26/19 2:28 PM, Thomas Lamprecht wrote: > > Hmm, but that's a grave issue which may just render the firewall void > for _any_ intermediate chain and produces segmentation faults errors. > The issue you found is not a general-case issue. The segfault is only produced apparently if you: * define a custom chain * flush all rules of that custom chain (not required, because the chain was just created) * add a rule to that custom chain all in the same batch. I may understand that this is important for some scripts or robots making use of the iptables interface in that particular way, but is not the general case of how people define and add rules to custom chain/ruleset. Because of this, I think we should lower the severity of this bug. I understand is annoying in your use case, and I'm sorry for that. Thankfully, we already have an iptables version fixing the issue, but unfortunately it won't make it to Debian Buster in the first round as I already explained in my previous email. > How about a minimal patch which places higher update-alternative priority > to the the -legacy parts of iptables so that the alternative currently > working in Buster is used by default. Once the fixed nft based is rolled > out the priorities could then be switched again (or if that cannot be done > for a stable release, in Bullseye). > No, sorry, we won't do this at this point.
Bug#929527: [pkg-netfilter-team] Bug#929527: Bug#914694
On 6/25/19 10:25 AM, Thomas Lamprecht wrote: > Don't want to nag to much but is there any news regarding this? > Buster is planned to release pretty soon (<2 weeks) and iptables > is quite a important package, IMO. Maybe it went under my radar > but I saw no unblock request on d.o release list. > > For now I just used update-alternative to use the legacy variants, > which work fine here, but if my understanding is correct then this > package (version?) could be thrown out of Buster if it still has RC > bug so close to the planned release, I mean iptables may be an > exception as it's quite relevant and still used by a lot but still. > The last upstream release of iptables won't make it into Debian Buster at this point. Once buster is released I will: * provide uptodate package backports of newer upstream releases in buster-backports (for both iptables and nftables) * for important bugs, I would try backporting concrete patches to the version in buster-stable.
Bug#929527: Bug#914694
iptables 1.8.3-1~exp1 is already uploaded, currently waiting in the NEW queue. The upload is for experimental, since the build depends on a newer release of libnftnl (already in experimental), and we are at a point of the Buster freeze that I would like to make extra sure I'm allowed to push such a big diff into unstable. Hopefully all this will be untangled in the upcoming weeks.
Bug#929527: [pkg-netfilter-team] Bug#929527: /usr/sbin/xtables-nft-multi: restoring IP Tables with an self-defined chain segfaults in libnftnl.so
On 5/27/19 12:29 PM, Arturo Borrero Gonzalez wrote: > On 5/25/19 6:49 PM, Thomas Lamprecht wrote: >> Package: iptables >> Version: 1.8.2-4 >> Severity: grave >> File: /usr/sbin/xtables-nft-multi >> Justification: renders package unusable by segfaulting on usage >> >> Reproducer: >> # cat simple-segv-table >> *filter >> :NEW-OUTPUT - [0:0] >> -A OUTPUT -j NEW-OUTPUT >> -F NEW-OUTPUT >> -A NEW-OUTPUT -j ACCEPT >> COMMIT >> >> # iptables ./simple-segv-table >> Segmentation fault >> >> # dmesg | tail -1 >> [12860.813350] traps: iptables-restor[19173] general protection >> ip:7f4894682793 sp:7ffcedc177d0 error:0 in >> libnftnl.so.11.0.0[7f4894677000+17000] >> >> # addr2line -e /usr/lib/x86_64-linux-gnu/libnftnl.so.11.0.0 -fCi $(printf >> "%x" $[0x7f2cb9882793 - 0x7f2cb9877000]) >> nftnl_batch_is_supported >> ??:? >> > > I can reproduce this. > > I'm already looking for a fix. > This should be fixed in iptables 1.8.3, which just got released.
Bug#929527: [pkg-netfilter-team] Bug#929527: /usr/sbin/xtables-nft-multi: restoring IP Tables with an self-defined chain segfaults in libnftnl.so
On 5/25/19 6:49 PM, Thomas Lamprecht wrote: > Package: iptables > Version: 1.8.2-4 > Severity: grave > File: /usr/sbin/xtables-nft-multi > Justification: renders package unusable by segfaulting on usage > > Reproducer: > # cat simple-segv-table > *filter > :NEW-OUTPUT - [0:0] > -A OUTPUT -j NEW-OUTPUT > -F NEW-OUTPUT > -A NEW-OUTPUT -j ACCEPT > COMMIT > > # iptables ./simple-segv-table > Segmentation fault > > # dmesg | tail -1 > [12860.813350] traps: iptables-restor[19173] general protection > ip:7f4894682793 sp:7ffcedc177d0 error:0 in > libnftnl.so.11.0.0[7f4894677000+17000] > > # addr2line -e /usr/lib/x86_64-linux-gnu/libnftnl.so.11.0.0 -fCi $(printf > "%x" $[0x7f2cb9882793 - 0x7f2cb9877000]) > nftnl_batch_is_supported > ??:? > I can reproduce this. I'm already looking for a fix.
Bug#927722: Correct fix for this bug
On 4/25/19 12:49 PM, Thomas Goirand wrote: > Hi, > > Please fine attached to this message the *CORRECT* debdiff to fix it. > I've uploaded it to DELAYED/7 (after dcuting the wrong package...). Let > me know if you think it's still wrong and I should still dcut it... > LGTM
Bug#927722: [pkg-netfilter-team] Bug#927722: Uploaded to delayed/7
On 4/25/19 11:44 AM, Thomas Goirand wrote: > Hi, > > I've uploaded the fix to DELAYED/7. Debdiff attached. > Let me know if I should dcut rm the upload. > > Cheers, > LGTM
Bug#926728: Removing the package breaks the alternative on usr-merge system
On 4/9/19 6:34 PM, Laurent Bigonville wrote: > Package: ebtables > Version: 2.0.10.4+snapshot20181205-2 > Severity: serious > > Hello, > > On system with usr-merge, removing ebtables breaks the alternative. > > The postinst script install symlinks from /sbin to /usr/sbin, in the > prerm script these symlinks are removed. BUT ebtables also add itself as > an alternative for ebtables implementations. > > That means that the symlinks installed by update-alternatives are > rm when the package is removed. > > Not too sure how to fix this, maybe the prerm script should check if the > symlinks directly point to a real file and only remove them in that > case? > Thanks for the report! I don't use usr-merge, so it would be great if you can provide concrete examples of which files and which symlinks are affected by the bug you are describing, and what would be the right state after package removal for them. regards.
Bug#912977: iptables: nftables layer breaks ipsec/policy keyword
Control: severity -1 important On Tue, 6 Nov 2018 20:38:41 +0100 Pierre Chifflier wrote: > > I'm still running some more tests, but I think the severity can be > lowered. > Ok, lowering severity now.
Bug#912046: [pkg-netfilter-team] Bug#912046: debsums: Error: symlink loop detected in path 'sbin/ebtables'.
On 12/10/18 9:30 AM, Laurent Bigonville wrote: > On Sat, 1 Dec 2018 13:36:11 +0100 gregor herrmann > wrote: > >> On Sat, 27 Oct 2018 17:39:50 +0200, Laurent Bigonville wrote: >> >> > When running debsums -ac, it complains that: >> > >> > debsums: Error: symlink loop detected in path 'sbin/ebtables'. > Please file a bug against ebtables. >> > >> > So here is the bug report. >> >> I can't reproduce this (by installing the package and running >> debsums), and I don't see any symlinkery in the package either but I >> might miss somthing. >> >> What do see are alternatives [0] but they all seem to be in the >> iptables package and /sbin/ebtables doesn't seem to be involved. >> >> So maybe this is/was an iptables problem and maybe this was/is fixed >> (or maybe I have a to old iptables version). >> > >> Or is this another merged-/usr issue poppoing up? > > Alright, so it's indeed a problem with usrmerge and the fact that > ebtables package is NOT using the alternative for (/usr)/sbin/ebtables > > Apparently, iptables now adds an alternative to /usr/sbin/ebtables: > > update-alternatives \ > --install /usr/sbin/ebtables ebtables /usr/sbin/ebtables-nft 20 \ > --slave /usr/sbin/ebtables-restore ebtables-restore > /usr/sbin/ebtables-nft-restore \ > --slave /usr/sbin/ebtables-save ebtables-save > /usr/sbin/ebtables-nft-save > > But as the ebtables package is still providing a real executables in > /sbin/ebtables* ; with usr-merge it explodes. > > IMVHO, iptables package should provides "ebtables" (it's providing the > same CLI interface right?) and must breaks with the current version of > ebtables. And either ebtables must be kicked out of the archive (is this > really deprecated?) and/or use the alternatives system. > > It seems that the same problem exists with the aprtables package The > fact that iptables package started providing ebtables/arptables > executable without coordination is quite bad. > > Note there is also bug #913883 that is more than probably a duplicate of > this bug. > > we are working both in arptables and ebtables and will upload soon.
Bug#914129: Docker issue with iptables 1.8.2
Control: severity -1 normal Control: unmerge -1 Control: retitle -1 possible issue with docker Let's retitle this to something more meaningfull. Downgrading severity until we see further details on this issue. Also, unmerge this bug report from the unrelated #914129.
Bug#914074: Bug fixed
Control: unmerge -1 Control: fixed -1 1.8.2-2 This bug is different from #914129, unmerging now. Also, this bug is fixed by iptables 1.8.2-2, so closing it now as well.
Bug#913877: [pkg-netfilter-team] Bug#913877: iptables 1.8.2: ERROR when adding REJECT target to custom chains
On 11/16/18 1:18 PM, Amos Jeffries wrote: > My kernel version is 3.16.0-4-amd64. > This kernel is very very old. First thing to do is to upgrade your kernel to something modern. Is not related to the hardware. Both x_tables and nf_tables kernel subsystem received severe updates since 3.16. By mixing modern userspace components with old kernelside modules you are exposed to severe limitations to say the least. > > The main problem as I see it is that the packaging switched straight to > the -nft versions without sufficient checking that it was not breaking > the system by doing so. Surely there are tests that can be done on > install to select the auto/default flavour better? > I don't have time to work on such magic migration mechanisms. But as I said, your issue is not with iptables-nft or nftables itself. You are using a very old kernel which won't work. thanks!
Bug#913877: iptables 1.8.2: ERROR when adding REJECT target to custom chains
Control: tag -1 unreproducible On Fri, 16 Nov 2018 23:20:02 +1300 Amos Jeffries wrote: > Followup experiments isolating the custom sub-chain are showing even > worse behaviour from the new iptables (-nft flavour). > > These commands > > iptables -N test-foo > iptables -I test-foo 1 -s 127.0.0.1 -j REJECT > > Produces this output: > > iptables v1.8.2 (nf_tables): RULE_INSERT failed (Invalid argument): > rule in chain test-foo > > > And this absurd syslog message: > > x_tables: ip_tables: REJECT target: used from hooks FORWARD, but only > usable from INPUT/FORWARD/OUTPUT > > > Upstream reports that this does work on other systems. Which kernel are you running? Mine is: arturo@endurance:~ $ uname -r 4.18.0-2-amd64 This is my local test: arturo@endurance:~ $ sudo iptables-nft -N test-foo arturo@endurance:~ $ sudo iptables-nft -I test-foo 1 -s 127.0.0.1 -j REJECT arturo@endurance:~ $ sudo iptables-nft-save # Generated by xtables-save v1.8.2 on Fri Nov 16 12:40:51 2018 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :test-foo - [0:0] -A test-foo -s 127.0.0.1/32 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Fri Nov 16 12:40:51 2018 Closing bug now, feel free to reopen if required. Thanks for reporting.
Bug#913877: [pkg-netfilter-team] Bug#913877: (no subject)
Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1298
Bug#913877: (no subject)
Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1298
Bug#913877: [pkg-netfilter-team] Bug#913877: iptables 1.8.2: ERROR when adding REJECT target to custom chains
Control: forward -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1298 Your bug report has been forwarded upstream.
Bug#913088: Bug forwarded upstream
Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1292
Bug#912977: iptables: nftables layer breaks ipsec/policy keyword
Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1290 Hopefully next upstream release will contain a fix.
Bug#911849: Try 1.8.1-2
Control: fixed -1 1.8.1-2 Hi, please try with iptables 1.8.1-2 which I just uploaded. It includes some symlinks to handle this. Please close bug if solved with 1.8.1-2. thanks for the report! :-)
Bug#889649: [pkg-netfilter-team] Bug#889649: FTBFS with debhelper 10
On 7 August 2018 at 11:06, Niels Thykier wrote: > On Tue, 6 Feb 2018 17:04:59 +0100 Arturo Borrero Gonzalez > wrote: >> On 5 February 2018 at 11:08, Daniel Baumann >> wrote: >> > Package: iptables >> > Version: 1.6.2-1 >> > Severity: normal >> > >> > Hi, >> > >> > thanks for all the work you're doing for iptables/nftables in debian, >> > much appreciated. >> > >> > when doing local backport of iptables 1.6.2-1 to stretch, i noticed that >> > it fails to build from source: >> >> Thanks for the report, next upload to unstable will contain the fix >> which is already in the repo. >> >> > > Hi Arturo, > > Thanks for the update. > > Do you have an estimate on when this upload will be or alternatively > would you mind an NMU with the fix to resolve this RC bug? The fix in the source repo [0]. I'm blocked with the iptables package, since there is a major upstream release which requires *a lot* of work from the Debian point of view (involving also ebtables and arptables) and I had no time to handle that yet... Hopefully I can find the time in September. Feel free to NMU but what I would really love to see is some additional help integrating iptables 1.8.0 upstream release into Debian. [0] https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/commit/3d13411ee6a2b209493ee5e478a5b46331055903)
Bug#897592: ebtables: randomly FTBFS - makefile is not parallel safe
On 3 May 2018 at 12:07, James Cowgillwrote: > When parallel builds are enabled, the "scripts" and "exec" targets will > be run in parallel which fails because: > - exec does not create $(DESTDIR)$(BINDIR) so will fail if scripts has > not created it yet. > - exec copies ebtables-save_ which will also fail if scripts has not > created it yet. > Thanks James :-) your report saved us valuable time investigating the issue by ourselves. May I ask you to send a patch? That would be awesome, we always welcome help in the pkg-netfilter team.
Bug#895342: suricata: new version fails to start if eth0 not present
Control: severity -1 normal On Wed, 18 Apr 2018 10:30:56 -0700 Steve Langasekwrote: > > There is at least one bug here in the package, which is that the > autopkgtests make a brittle assumption that eth0 will be available in the > test bed. eth0 is a legacy interface name in the kernel, and despite the > fact that eth0 is currently present on the ci.debian.net testbeds, this is > not a robust assumption. If you want to reorder the tests so that the > config file setup is done first, then that would address the bug in the > autopkgtests. > Hi, thanks for taking the time to elaborate. I talked to upstream to know if they plan to implement something for interface names at runtime. No plans. And I don't have time to work on that myself. Downgrading the severity to avoid the package removal from testing. On a side note: you mentioned the daemon should be up and running to consider the package being OK installed. While I agree that by installing the package we should get a daemon ready to use, How would you do that? given suricata acts as a firewall, the config is strictly baked per environment and no preset could be used as default?
Bug#895342: suricata: new version fails to start if eth0 not present
If you check debian/tests/systemd-service-test.sh [0], the interface in use by the config file is decided at runtime. What autopkgtest tests are you running? This seem like an ubuntu specific issue. All tests in debian are going fine, both in unstable and in testing [1]. This Debian bug may result in the package being removed from Debian testing for no actual reason. Closing this bug now as it seems totally bogus. [0] https://salsa.debian.org/pkg-suricata-team/pkg-suricata/blob/master/debian/tests/systemd-service-test.sh [1] https://ci.debian.net/packages/s/suricata/
Bug#881580: googleearth-package: Generated package is uninstallable, and application unrunnable
On Sun, 12 Nov 2017 22:18:54 -0800 Dima Koganwrote: > Package: googleearth-package > Version: 1.2.2dima1 > Severity: grave > > Hi. I'm installing googleearth on a recent Debian/sid on amd64. Clearly > I need to have the i386 foreign arch enabled. It'd be nice if the > install explicitly told unsuspecting users this, but whatever. > I was able to use native amd64 by just replacing all the Depends with the matching amd64 package. > The generated package Depends:lbs-core even though this package is no > longer a part of Debian. Removing this, I can make a googleearth package > that I can install. > Probably 'lsb-compat' should be used. > At that point I can't run the application though. To make it work, I > needed to > > 1. install libqtcore4:i386 libqtgui4:i386 libqt4-network:i386 > libqtwebkit4:i386 libglu1-mesa:i386 >This list is likely incomplete; it's just what I was missing > > 2. The i386 linker the application requires is /lib/ld-lsb.so.3. This >presumably lived in lsb-core at one point, but it no longer does. I >can fake it with > > sudo ln -fs /lib/ld-linux.so.2 /lib/ld-lsb.so.3 > Apart of that (or perhaps same kind of issue): % googleearth /usr/lib/googleearth/googleearth-bin: error while loading shared libraries: libfontconfig.so.1: cannot open shared object file: No such file or directory % /usr/lib/googleearth/googleearth-bin /usr/lib/googleearth/googleearth-bin: error while loading shared libraries: libgoogleearth_free.so: cannot open shared object file: No such file or directory More link problems. Not sure if they could be related to the hack I did to install into amd64 without the foreign arch enabled.
Bug#868059: tc: m_xt: Segfault with iptables-1.6.0
On 22 November 2017 at 18:28, Cyril Bruleboiswrote: > Control: severity -1 serious > Control: tag -1 pending > > Hi Gabor, > > (I'm cc-ing the iptables maintainers so that they can correct me if I'm > wrong in my findings below; iproute2's maintainer Alexander; and Julian > who proposed an update to a new upstream release. Spoiler alert: I'm > proposing to fix the most obvious issues in a targetted way.) > > Thanks! :-) > > There are probably reasons for including a copy of the header instead of > using the system one (probably because such things are common when it > comes to kernel-related headers), but deleting the header entirely would > work as well. > I don't see the point in caching an userspace library header. By doing that you are exposed to this kind of bugs. I guess it's OK to cache kernel headers, since these are supposed to not introduce breaking changes. Perhaps you could send a patch upstream to drop the embedded copy. best regards.
Bug#878948:
Control: found -1 17.2.2-1
Bug#873832:
Control: tags -1 pending Thanks, I did the change and is now pending: https://anonscm.debian.org/cgit/pkg-suricata/pkg-suricata.git/commit/?id=93ee9030a53a45c800ad5879c4e7c754c1dc1331
Bug#863518: nftables: "workstation" example breaks alternate keyboard layout in gdm
Control: severity -1 normal On 28 May 2017 at 00:54, Harlan Lieberman-Bergwrote: > > Bizarrely, the quite simple "workstation" example causes the language picker > in > gdm3 to disappear and the default layout to switch back to qwerty. As far as > I > can tell this doesn't happen on the next boot, but rather a couple of boots > later. > > Disabling the nftables ruleset and rebooting fixes the problem completely. > > I'm not sure whether this is an nftables bug or a gdm bug, but I'm putting it > here as similar iptables rules don't cause this behavior. > Hi, I've been using this example ruleset for years now, with no issues. The example ruleset isn't buggy. Generally, if a machine is misbehaving after loading a firewall ruleset, it usually means that the ruleset policy is wrong for your environment/configuration. This is highly possible, and that's why the file is just an example: you will probably need to tune the ruleset or the rest of the configuration of your machine. Regarding the 'uninterruptable sleep', the nft command line interface tool (what the nftables package contains) is by no means intended to interfere with kernel ability to send signals to other running process (i.e. to interrupt others processes). No code is included in this package. How could a bug in the nftables CLI tool led to chrome to hang? So your problem is likely in another place. Probably the kernel. Did you check 'dmesg' after the issue happens? Perhaps you are hitting an oops related to the network stack. The strace you attached shows that nftables hangs when trying to talk to the netlink subsystem. A nfnetlink/nf_tables kernel bug is indeed more likely, but then this bug belongs to the linux package. To summarise, this is my opinion on the possibilities of this bugs: * configuration issue in your machine * linux kernel bug I'm Lowering the severity right now because of this.
Bug#862400: several bios updates exist since 2007
On Mon, 15 May 2017 13:56:24 +0200 Arturo Borrero Gonzalez <art...@debian.org> wrote: > (please keep me in CC) > > On Sat, 13 May 2017 06:16:44 +0200 franckr <franck...@online.de> wrote: > > Hi Arturo, > > > > I cannot help for kernel, however, and you probably already know it: > > Several bios updates became available since 10/04/2007 version. > > Did you consider them ? (ie checking release logs) > > Will you try ? > > > > Sure, we are in the way of updating the BIOS. > > But the question remains, is this some kind of kernel regression? > We managed to upgrade the BIOS (not the last one, though). Still no luck, kernel 4.9 doesn't boot while 4.7 does.
Bug#862400: several bios updates exist since 2007
On Mon, 15 May 2017 13:56:24 +0200 Arturo Borrero Gonzalez <art...@debian.org> wrote: > > But the question remains, is this some kind of kernel regression? > > BTW, I can give ssh access to the machine, running 4.7, for testing pourposes.
Bug#862400: several bios updates exist since 2007
(please keep me in CC) On Sat, 13 May 2017 06:16:44 +0200 franckrwrote: > Hi Arturo, > > I cannot help for kernel, however, and you probably already know it: > Several bios updates became available since 10/04/2007 version. > Did you consider them ? (ie checking release logs) > Will you try ? > Sure, we are in the way of updating the BIOS. But the question remains, is this some kind of kernel regression?
Bug#859775: iptables: iptables-save fails for rules using hashlimit on 32-bit architectures
On 10 April 2017 at 11:57, Niels Thykierwrote: > > It appears that upstream is ok with the patch except some minor > whitespace issue they are going to fixup themselves[1]. > That's true. However, I don't see the patch in the git tree [0] yet. [0] http://git.netfilter.org/iptables/
Bug#859775: iptables: iptables-save fails for rules using hashlimit on 32-bit architectures
On 7 April 2017 at 13:51, James Cowgillwrote: > > Here's a patch, which I also sent to netfilter-devel. > Thanks James, I will wait for the upstream review. If upstream accepts the patch then I will apply it to our package. best regards.
Bug#855573: suricata: fails to install: update-alternatives: error: alternative path /usr/bin/suricata.generic doesn't exist
On 20 February 2017 at 10:30, Andreas Beckmannwrote: > Package: suricata > Version: 3.2.1-1~exp1 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package failed to install. As > per definition of the release team this makes the package too buggy for > a release, thus the severity. > Thanks, we already knew about this and are working on a fix which will be uploaded in the short term.
Bug#855281: marked as pending
tag 855281 pending thanks Hello, Bug #855281 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=pkg-netfilter/pkg-conntrack-tools.git;a=commitdiff;h=19315e8 --- commit 19315e859a26d3242e4bb21e6d8fe9dbf5cf212e Author: Arturo Borrero Gonzalez <art...@debian.org> Date: Thu Feb 16 14:15:50 2017 +0100 d/changelog: generate entry for 1:1.4.4+snapshot20161117-5 unstable Using gbp dch. Git-Dch: Ignore Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org> diff --git a/debian/changelog b/debian/changelog index 4b94c9e..07092b2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +conntrack-tools (1:1.4.4+snapshot20161117-5) unstable; urgency=medium + + * [1232348] d/tests/control: restrict internal testsuites to isolation-machine + * [8bf0689] d/control: refresh VCS URLs + * [9fc7318] conntrackd: include missing helper plugins (Closes: #855281) + + -- Arturo Borrero Gonzalez <art...@debian.org> Thu, 16 Feb 2017 14:14:49 +0100 + conntrack-tools (1:1.4.4+snapshot20161117-4) unstable; urgency=medium * [6add2e0] d/rules: disable parallel building
Bug#820974: Git commit for #820974 which was uploaded to unstable
Hi, I tried to commit/push to the git repo of bind9, but I have no permissions for this. So, for the sake of git history sanity, find attached the patch for you to push into the git repo. best regards and sorry for the noise. commit fb3be2841c107448d1201c62f3fb8cabab229066 Author: Marc Haber <mh+debian-b...@zugschlus.de> Date: Tue Feb 7 10:52:31 2017 +0100 NMU: Prevent ENGINE_by_id failed in chroot by disabling GOST This annoyance seems to prevent bind9 from running in a chroot, which is one of the most commons patterns of deployment. Closes: #820974 Signed-off-by: Marc Haber <mh+debian-b...@zugschlus.de> Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org> diff --git a/debian/changelog b/debian/changelog index 0601dc24c..692756e84 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium + + * Non-maintainer upload. + * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot. +Patch by Marc Haber <mh+debian-b...@zugschlus.de> (Closes: #820974). + + -- Arturo Borrero Gonzalez <art...@debian.org> Tue, 07 Feb 2017 10:42:00 +0100 + bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium * Fix some lintian warnings. diff --git a/debian/rules b/debian/rules index 80a33383b..e26361828 100755 --- a/debian/rules +++ b/debian/rules @@ -61,6 +61,7 @@ stamps/configure: stamps/prepare --with-libtool \ --enable-shared \ --enable-static \ + --with-gost=no \ --with-openssl=/usr \ --with-gssapi=/usr \ --with-gnu-ld \
Bug#820974: plans for bug #820974
Hi, I'm planning a NMU for this to debian unstable in the short term.
Bug#820974: plans for bug #820974
On Fri, 27 Jan 2017 08:06:08 -0500 Michael Gilbert <mgilb...@debian.org> wrote: > On Thu, Jan 26, 2017 at 6:41 AM, Arturo Borrero Gonzalez wrote: > > could you please share yours plans regarding this bug? > > Patches welcome? > Indeed, please see message 35 [0] in this same bug report. BTW this bug report is already tagged as 'patch'. Do you suggest to further discuss the patch provided by Marc Haber? best regard. [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820974#35
Bug#853931: Processed: Problem is also in the version in stretch
Control: notfound -1 3.2-2 On 3 February 2017 at 13:14, Adrian Bunkwrote: >> >> Do you mean that the same source package FTBFS using debian stretch only? > > The "build dependencies are not strict enough" problem is also in 3.2-2. > > stretch might happen to have recent enough versions, but this doesn't > change the fact that the build dependencies are not strict enough. > I just tested the arm64 stretch build, with no issues. This bug doesn't affect stretch. I think we are not in position of doing a upload targeting stretch a this point. Closing this bug now. Please, feel free to reopen if you would like to further discuss this. best regards.
Bug#853931: Processed: Problem is also in the version in stretch
On 2 February 2017 at 19:54, Debian Bug Tracking Systemwrote: > Processing commands for cont...@bugs.debian.org: > >> found 853931 3.2-2 Hi Adrian, could you please elaborate a bit more? suricata version 3.2-2 was uploaded source-only, and it seems it was build just fine by all the buildds in all arches: https://buildd.debian.org/status/package.php?p=suricata=sid Do you mean that the same source package FTBFS using debian stretch only? best regards.
Bug#853931: FTBFS: dh_install: debian/suricata-hyperscan.install returned exit code 127
On 2 February 2017 at 10:59, James Cowgillwrote: > > I believe you need both debhelper and dh-exec from jessie-backports to > make this work. > Thanks James, it works!! :-)
Bug#853931: FTBFS: dh_install: debian/suricata-hyperscan.install returned exit code 127
Source: suricata Version: 3.2-2~bpo8+1 Severity: serious Justification: FTBFS Hi, the suricata package fails to build from source in jessie-backports [0] in several architectures, in which hyperscan is not available. The pattern is always the same: [...] cp -a ./debian/tmp/dh-exec.3aIscV32/usr/bin/suricata.generic debian/suricata//usr/bin// cp -a ./debian/build-tmp/suricata-no-hs/usr/bin/suricatasc debian/suricata/usr/bin/ install -d debian/suricata/usr/lib cp -a ./debian/build-tmp/suricata-no-hs/usr/lib/python2.7 debian/suricata/usr/lib/ Failed to copy 'debian/build-tmp/suricata-hs/usr/bin/suricata': No such file or directory at /usr/share/dh-exec/dh-exec-install-rename line 32, <> line 1. dh_install: problem reading debian/suricata-hyperscan.install: debian/rules:76: recipe for target 'binary-arch' failed make: *** [binary-arch] Error 127 [...] Files d/control, d/rules and d/*.install all seem fine: they specify in which architectures the hyperscan-enabled package should be built. I was able to reproduce the issue in an arm64 porterbox. Sascha pointed to bug #698054 [1] in debhelper, but I tried debhelper 10.2.2~bpo8+1 from jessie-backports again in an arm64 porterbox with the same result. So, we keep investigating. [0] https://buildd.debian.org/status/package.php?p=suricata=jessie-backports [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698054
Bug#820974: plans for bug #820974
Dear maintainer, could you please share yours plans regarding this bug? best regards
Bug#820974: bind9 crypto issue
On Fri, 20 Jan 2017 07:38:32 -0700 LaMont Joneswrote: > > Can you provide a named.conf that reproduces the issue? > file named.conf: === 8< === include "/etc/rndc/rndc.key"; controls { inet 1.1.1.1 port 953 allow { 2.2.2.2; } keys { "rndc-key"; }; inet fe00::1 port 953 allow { fe00::2; } keys { "rndc-key"; }; }; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; === 8< === file named.conf.options: === 8< === acl clients { 10.1.1.1/8; }; options { directory "/var/cache/bind"; recursion yes; allow-query { clients; }; dnssec-validation auto; auth-nxdomain no;# conform to RFC1035 listen-on-v6 { any; }; }; === 8< === File named.conf.local and named.conf.default-zones contains nothing worth mentioning.
Bug#845464: fixed in iptables 1.6.0+snapshot20161117-4
Hi, this seems fixed in iptables/libxtables12 1.6.0+snapshot20161117-4, isn't it? Please, confirm and close the bug.
Bug#846766: race condition in the build process?
On 6 December 2016 at 11:06, Adrian Bunkwrote: > > 2. work around it by disabling parallel building: > - dh $@ --with systemd,autotools-dev > + dh $@ --with systemd,autotools-dev --no-parallel > > Thanks Adrian, I think I will take this simple approach by now. best regards.
Bug#846766: weird FTBFS
Weird, Here amd64 which is good: https://buildd.debian.org/status/fetch.php?pkg=conntrack-tools=amd64=1%3A1.4.4%2Bsnapshot20161117-2=1480672733 Here arm64 which presents the same issue as reported by you: https://buildd.debian.org/status/fetch.php?pkg=conntrack-tools=arm64=1%3A1.4.4%2Bsnapshot20161117-2=1480672797 automake should take care of generating/updating config_read_yy.h Anyway, I'm preparing 1:1.4.4+snapshot20161117-3 which solves a missing include warning. Just built here this new version in pbuilder and it's just fine.
Bug#846766: race condition in the build process?
Hi, from the logs: [...] read_config_lex.l:25:28: fatal error: read_config_yy.h: No such file or directory #include "read_config_yy.h" ^ compilation terminated. Makefile:662: recipe for target 'read_config_lex.o' failed make[3]: *** [read_config_lex.o] Error 1 make[3]: *** Waiting for unfinished jobs updating read_config_yy.h [...] Note how the read_config_yy.h file is generated *after* the build process tries to use it. We have a race condition? I can't explain this. It seems to only happen in some arches but not all. Reference: https://buildd.debian.org/status/fetch.php?pkg=conntrack-tools=arm64=1%3A1.4.4%2Bsnapshot20161117-3=1480938247
Bug#844421: marked as pending
tag 844421 pending thanks Hello, Bug #844421 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=pkg-rpm/rpmlint.git;a=commitdiff;h=ec16499 --- commit ec16499b24b8ef4bf116f371f2e3c15af89e14ce Author: Arturo Borrero Gonzalez <art...@debian.org> Date: Tue Nov 29 11:09:14 2016 +0100 d/changelog: generate entry for 1.9-5 unstable Using gbp dch. Git-Dch: Ignore Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org> diff --git a/debian/changelog b/debian/changelog index e76028b..219912f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +rpmlint (1.9-5) unstable; urgency=medium + + [ Evgeni Golov ] + * [7951e47] rpmlint: fix bash-completion installing into wrong directory +(Closes: #841725) + + [ Arturo Borrero Gonzalez ] + * [3acdf65] d/: run wrap-and-sort + * [1a00af4] rpmlint: disable tests at build time (Closes: #844421) + + -- Arturo Borrero Gonzalez <art...@debian.org> Tue, 29 Nov 2016 11:05:32 +0100 + rpmlint (1.9-4) unstable; urgency=medium * [d573ab0] d/patches: delete nano .swp control file
Bug#845278: closed by Arturo Borrero Gonzalez <art...@debian.org> (Bug#845278: fixed in iptables 1.6.0+snapshot20161117-3)
reopen thanks On 22 November 2016 at 14:36, Alessandro Ghediniwrote: > > This isn't actually fixed, "<<" doesn't mean what you think it means. It only > applies to version that are strctly lower than 1.6.0+snapshot20161117-1, not > lower or equal. The upgrade is still broken. > Ok, thanks, trying a new upload now.
Bug#844908:
merge 844421 thanks
Bug#844421: reassign to pycodestyle
Hi, upstream reports this is an issue with pycodestyle which is used by flake8. I'm doing the reassign now.
Bug#844421: [Pkg-rpm-devel] Bug#844421: rpmlint: FTBFS (failing tests)
On 15 November 2016 at 16:12, Santiago Vilawrote: > Package: src:rpmlint > Version: 1.9-4 > Severity: serious > > Dear maintainer: > > I tried to build this package in stretch with "dpkg-buildpackage -A" > (which is what the "Arch: all" autobuilder would do to build it) > but it failed: > Know issue, already discussed with upstream [0]. [0] https://github.com/rpm-software-management/rpmlint/issues/82
Bug#812303: synergy: diff for NMU version 1.4.16-1.1
On Mon, 24 Oct 2016 00:33:44 -0500 Joshua Honeycuttwrote: > Control: tags 812303 + patch > Control: tags 812303 + pending > > Dear maintainer, > > I've prepared an NMU for synergy (versioned as 1.4.16-1.1) and > uploaded it to DELAYED/2. Please feel free to tell me if I > should delay it longer. > > Regards. Hi, ping me if you need sponsor for this upload. best regards.
Bug#841352: libnftnl: FTBFS (testsuite error) on Big Endian Architectures
On 19 October 2016 at 20:20, Gianfranco Costamagnawrote: > Source: libnftnl > Version: 1.0.6-2 > Severity: serious > > Hi, as you know, the current package is not migrating because of testsuite > failures on BE architectures. > > Unfortunately I don't have a patch, but in Ubuntu we are excluding them from > the testsuite > I know, I know. Currently trying to find some spare time to fix this upstream, but no way. Thanks for the pseudo-patch, I think I will apply it for now. best regards. -- Arturo Borrero González
Bug#739251: iptables: Upgrade breaks existing rules (and is not documented)
Control: fixed -1 1.6.0-2 Hi, there has been no modifications of the syntax from 1.4.21-2 onwars, so I guess we can consider 1.6.0-2 fixed (i.e, migrating from 1.4.21-2 to 1.6.0-2 should causes no issues). thanks, best regards. -- Arturo Borrero González
Bug#801853: sheepdog: corosync transition: update build-deps
Package: sheepdog Version: 0.8.3-4 Severity: serious Dear maintainer, Starting with corosync 2.3.5-1, the package libcorosync-dev no longer exists. The build-deps should be updated to libcorosync-common-dev, libcpg-dev and libcfg-dev. Find attached a patch. best regards. Author: Arturo Borrero Gonzalez <arturo.borrero.g...@gmail.com> Date: Thu Oct 15 11:42:42 2015 +0200 d/control: update build-deps on corosync libcorosync-dev no longer exists. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.g...@gmail.com> diff --git a/debian/control b/debian/control index c22c377..2df2226 100644 --- a/debian/control +++ b/debian/control @@ -7,7 +7,9 @@ Build-Depends: debhelper (>= 9), dh-autoreconf, bash-completion, pkg-config, - libcorosync-dev, + libcorosync-common-dev, + libcpg-dev, + libcfg-dev, liburcu-dev, libzookeeper-mt-dev [!hppa], libfuse-dev,
Bug#795096: nftables: Missing license in d/copyright.
Control: tags -1 + pending On 10 August 2015 at 17:22, Vincent Blut vincent.deb...@free.fr wrote: The file from which the man page is generated ('doc/nft.xml') is licensed under the terms of the CC BY-SA 4.0, so let’s add that to 'debian/copyright'. Patch attached! Applied, thanks Vincent. I mangled the commit message [0] a bit. best regards. [0] https://github.com/aborrero/pkg-nftables/commit/0fc181f9062e6128addf5dac57334067ea184b01 -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#794276: opencollada: FTBFS on mipsel
Package: opencollada Severity: serious Justification: fails to build from source Dear maintainer, opencollada FTBFS on mipsel [0]. Apart of this bug, I've opened an upstream issue as well [1]. I've reproduced the issue locally in my mipsel machine. I will keep this bug updated with all future news. best regards. [0] https://buildd.debian.org/status/fetch.php?pkg=opencolladaarch=mipselver=0.1.0%7E20140703.ddf8f47%2Bdfsg1-1stamp=1438038099 [1] https://github.com/KhronosGroup/OpenCOLLADA/issues/338 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#794278: madness: FTBFS on mipsel
Source: madness Severity: serious Justification: fails to build from source Dear maintainer, madness seems to FTBFS on mipsel [0]. Apart of this bug, I've opened an upstream issue as well [1]. I reproduced the issue locally in my mipsel machine. Will keep this bug updated with news as they happen. Best regards. [0] https://buildd.debian.org/status/fetch.php?pkg=madnessarch=mipselver=0.10-1stamp=1437866412 [1] https://github.com/m-a-d-n-e-s-s/madness/issues/148 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#794273: nim: FTBFS on mipsel
Package: nim Severity: serious Justification: fails to build from source Dear maintainer, nim seems to FTBFS on mipsel [0]. I've reproduced the issue locally in my mipsel machine. I've opened an upstream issue [1] and will update this bug as soon as any news happens.. best regards. [0] https://buildd.debian.org/status/fetch.php?pkg=nimarch=mipselver=0.11.2%2Bdfsg1-2stamp=1438296591 [1] https://github.com/nim-lang/Nim/issues/3162 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793010: pax-utils: FTBFS on mipsel: FAIL: lddtree.py.list
On 27 July 2015 at 16:44, Tomasz Buchert tom...@debian.org wrote: On 24/07/15 14:49, Tomasz Buchert wrote: [...] * you should confirm that python-pyelftools ignore dynamic linker configuration (I suspect this is true); it would be good to extract a minimal Python program using pyelftools that shows this I take it back, maybe pyelftools do not parse ld.so.conf, but lddtree.py in pax-utils *does* parse it. It must be something else then. Ok, Could you please point me to the upstream bug tracker? -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793010: pax-utils: FTBFS on mipsel: FAIL: lddtree.py.list
Control: tags -1 patch On 28 July 2015 at 13:14, Tomasz Buchert tom...@debian.org wrote: I'm not sure there is such a thing, but the upstream authors have been very reponsive. Btw, I may have found the problem, I attach a patch, which has been sent to upstream authors. It passes all tests, but may break something that I'm ignorant about. It seems to work here in my mipsel machine: [...] ./dotest.sh PASS: lddtree.sh.smoke ./dotest.py PASS: lddtree.py.smoke ./dotest.cmp PASS: lddtree.py.list make[4]: Leaving directory '/tmp/buildd/pax-utils-1.0.4/tests/lddtree' make -C source check make[4]: Entering directory '/tmp/buildd/pax-utils-1.0.4/tests/source' ./dotest PASS: src.typos PASS: src.obsolete.funcs PASS: src.bad.constants PASS: src.obsolete.headers PASS: src.use.xfuncs PASS: src.style PASS: src.space PASS: src.elf.h make[4]: Leaving directory '/tmp/buildd/pax-utils-1.0.4/tests/source' make -C scanelf check make[4]: Entering directory '/tmp/buildd/pax-utils-1.0.4/tests/scanelf' ./dotest PASS: scanelf.simple [...] I would upload the fixed package. thanks. -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793010: pax-utils: FTBFS on mipsel: FAIL: lddtree.py.list
On 20 July 2015 at 15:08, Tomasz Buchert tom...@debian.org wrote: Well, upstream is already working on this. In fact, the test above passes in the new version (which I've just pushed to collab-maint), but the next one fails. You may try to pinpoint the problem, but it is very likely the fact that python-pyelftools do not follow /etc/ld.conf configuration. Well, then how would you recommend me to approach a fix? Perhaps opening an issue in python-pyelftools upstream would do the trick. -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793010: pax-utils: FTBFS on mipsel: FAIL: lddtree.py.list
Package: pax-utils Severity: serious Justification: fails to build from source (but built successfully in the past) Dear maintainer, as you can see at buildd [0], pax-utils FTBFS on mipsel. The final part of the log is: [...] ../dotest.cmp FAIL: lddtree.py.list --- lddtree.py.list 2015-07-19 20:27:49.035987607 + +++ lddtree.sh.list 2015-07-19 20:27:48.667985305 + @@ -4,4 +4,4 @@ /lib/mipsel-linux-gnu/libtinfo.so.5 /lib/mipsel-linux-gnu/libdl.so.2 /lib/mipsel-linux-gnu/libc.so.6 -/lib/ld.so.1 +/lib/mipsel-linux-gnu/ld.so.1 make[4]: *** [cmp.check] Error 1 Makefile:4: recipe for target 'cmp.check' failed make[3]: *** [lddtree_check_] Error 2 make[4]: Leaving directory '/«PKGBUILDDIR»/tests/lddtree' Makefile:8: recipe for target 'lddtree_check_' failed make[2]: *** [check] Error 2 make[3]: Leaving directory '/«PKGBUILDDIR»/tests' Makefile:4: recipe for target 'check' failed make[1]: *** [check-hook] Error 2 make[2]: Leaving directory '/«PKGBUILDDIR»/tests' Makefile:2219: recipe for target 'check-hook' failed make[1]: Leaving directory '/«PKGBUILDDIR»' dh_auto_test: make -j1 check returned exit code 2 make: *** [build-arch] Error 2 debian/rules:21: recipe for target 'build-arch' failed dpkg-buildpackage: error: debian/rules build-arch gave error exit status 2 So it seems a test is failing. Just want to let you know I'm working towards a fix. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793011: castxml: FTBFS on mipsel: failed tests
Package: castxml Severity: serious Justification: fails to build from source Dear maintainer, just want to let you know I'm working towards a fix for the FTBFS of castxml on mipsel [0]. There are some tests that are failing. I just opened a bug [1] in the upstream issue tracker. best regards. [0] https://buildd.debian.org/status/fetch.php?pkg=castxmlarch=mipselver=0.1%2Bgit20150630-1stamp=1437262967 [1] https://github.com/CastXML/CastXML/issues/22 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793012: gmp-ecm: FTBFS on mipsel: bad assembly?
Package: gmp-ecm Version: 6.4.4+ds-2 Severity: serious Justification: fails to build from source Dear maintaner, Just to let you know gmp-ecm FTBFS on mipsel [0]. It seems the generated assembly is somehow bad. I'm working towards a fix. best regards. [0] https://buildd.debian.org/status/fetch.php?pkg=gmp-ecmarch=mipselver=6.4.4%2Bds-2stamp=1437074376 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#791830: patch fix for bedtools FTBFS on mipsel
control: -1 tags + patch Dear maintainer, find attached a patch to fix the FTBFS issue on mipsel. The patch was generated from a upstream commit [0]. I tested it in my mipsel machine and it works :-) Thanks, best regards. [0] https://github.com/arq5x/bedtools2/commit/b47dbefcb57f8e6c4fe397f64346338620740b71 -- Arturo Borrero González From b47dbefcb57f8e6c4fe397f64346338620740b71 Mon Sep 17 00:00:00 2001 From: arq5x ar...@virginia.edu Date: Wed, 15 Jul 2015 15:15:23 -0600 Subject: [PATCH] settle on uint32_t signature for QuickString. Resolves #267 and #271? --- src/coverageFile/coverageFile.cpp | 24 src/utils/general/QuickString.cpp | 27 ++- src/utils/general/QuickString.h |6 +++--- 3 files changed, 29 insertions(+), 28 deletions(-) diff --git a/src/coverageFile/coverageFile.cpp b/src/coverageFile/coverageFile.cpp index 859cfdc..0fb544b 100644 --- a/src/coverageFile/coverageFile.cpp +++ b/src/coverageFile/coverageFile.cpp @@ -83,11 +83,11 @@ void CoverageFile::giveFinalReport(RecordOutputMgr *outputMgr) { float depthPct = (float)basesAtDepth / (float)_totalQueryLen; _finalOutput = all\t; - _finalOutput.append(depth); + _finalOutput.append(static_castuint32_t(depth)); _finalOutput.append(\t); - _finalOutput.append(basesAtDepth); + _finalOutput.append(static_castuint32_t(basesAtDepth)); _finalOutput.append(\t); - _finalOutput.append(_totalQueryLen); + _finalOutput.append(static_castuint32_t(_totalQueryLen)); _finalOutput.append(\t); format(depthPct); @@ -138,7 +138,7 @@ size_t CoverageFile::countBasesAtDepth(size_t depth) { void CoverageFile::doCounts(RecordOutputMgr *outputMgr, RecordKeyVector hits) { - _finalOutput = hits.size(); + _finalOutput = static_castuint32_t(hits.size()); outputMgr-printRecord(hits.getKey(), _finalOutput); } @@ -147,9 +147,9 @@ void CoverageFile::doPerBase(RecordOutputMgr *outputMgr, RecordKeyVector hits) //loop through all bases in query, printing full record and metrics for each const Record * queryRec = hits.getKey(); for (size_t i= 0; i _queryLen; i++) { - _finalOutput = i +1; + _finalOutput = static_castuint32_t(i+1); _finalOutput.append(\t); - _finalOutput.append(_depthArray[i]); + _finalOutput.append(static_castuint32_t(_depthArray[i])); outputMgr-printRecord(queryRec, _finalOutput); } @@ -181,11 +181,11 @@ void CoverageFile::doHist(RecordOutputMgr *outputMgr, RecordKeyVector hits) size_t numBasesAtDepth = iter-second; float coveredBases = (float)numBasesAtDepth / (float)_queryLen; - _finalOutput = depth; + _finalOutput = static_castuint32_t(depth); _finalOutput.append(\t); - _finalOutput.append(numBasesAtDepth); + _finalOutput.append(static_castuint32_t(numBasesAtDepth)); _finalOutput.append(\t); - _finalOutput.append(_queryLen); + _finalOutput.append(static_castuint32_t(_queryLen)); _finalOutput.append(\t); format(coveredBases); @@ -199,11 +199,11 @@ void CoverageFile::doDefault(RecordOutputMgr *outputMgr, RecordKeyVector hits) size_t nonZeroBases = _queryLen - countBasesAtDepth(0); float coveredBases = (float)nonZeroBases / (float)_queryLen; - _finalOutput = hits.size(); + _finalOutput = static_castuint32_t(hits.size()); _finalOutput.append(\t); - _finalOutput.append(nonZeroBases); + _finalOutput.append(static_castuint32_t(nonZeroBases)); _finalOutput.append(\t); - _finalOutput.append(_queryLen); + _finalOutput.append(static_castuint32_t(_queryLen)); _finalOutput.append(\t); format(coveredBases); diff --git a/src/utils/general/QuickString.cpp b/src/utils/general/QuickString.cpp index 0757009..a83263e 100644 --- a/src/utils/general/QuickString.cpp +++ b/src/utils/general/QuickString.cpp @@ -105,11 +105,11 @@ QuickString QuickString::operator = (uint32_t val) { return *this; } -QuickString QuickString::operator = (size_t val) { - clear(); - append(val); - return *this; -} +// QuickString QuickString::operator = (size_t val) { +// clear(); +// append(val); +// return *this; +// } QuickString QuickString::operator = (float val) { clear(); @@ -158,10 +158,11 @@ QuickString QuickString::operator += (uint32_t num) { return *this; } -QuickString QuickString::operator += (size_t num) { - append(num); - return *this; -} +// QuickString QuickString::operator += (size_t num) { +// append(num); +// return *this; +// } + QuickString QuickString::operator += (float num) { append(num); return *this; @@ -273,12 +274,12 @@ void QuickString::append(int num) { } void QuickString::append(uint32_t num) { - int2str((int)num, *this, true); + int2str((int)num, *this, true); } -void QuickString::append(size_t num) { - int2str((int)num, *this, true); -} +// void QuickString::append(size_t num) { +// int2str((int)num, *this, true); +// } void QuickString::append(float num) { append(ToString(num)); diff --git a/src/utils/general/QuickString.h b/src/utils/general/QuickString.h index
Bug#791830: bedtools FTBFS on mipsel: opened upstream bug
Hi, just to let you know I opened an upstream issue [0]. best regards. [0] https://github.com/arq5x/bedtools2/issues/271 -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#790855: sdrangelove mipsel build issues: ICE
Hi there, I contacted upstream to let them know the issue. A couple of commits were pushed to their git [0]. However, I now hit an ICE (internal compiler error): [...] [ 38%] Building CXX object CMakeFiles/sdrbase.dir/sdrbase/gui/glspectrum.cpp.o /usr/bin/c++ -DQT_CORE_LIB -DQT_GUI_LIB -DQT_MULTIMEDIA_LIB -DQT_NETWORK_LIB -DQT_NO_DEBUG -DQT_OPENGL_LIB -DQT_WIDGETS_LIB -DUSE_FFTW -Dsdrangelove_EXPORTS -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -O3 -DNDEBUG -fPIC -isystem /usr/include/mipsel-linux-gnu/qt5 -isystem /usr/include/mipsel-linux-gnu/qt5/QtCore -isystem /usr/lib/mipsel-linux-gnu/qt5/mkspecs/linux-g++ -isystem /usr/include/mipsel-linux-gnu/qt5/QtWidgets -isystem /usr/include/mipsel-linux-gnu/qt5/QtGui -isystem /usr/include/mipsel-linux-gnu/qt5/QtOpenGL -isystem /usr/include/mipsel-linux-gnu/qt5/QtMultimedia -isystem /usr/include/mipsel-linux-gnu/qt5/QtNetwork -I/tmp/buildd/sdrangelove-2test2/obj-mipsel-linux-gnu -I/tmp/buildd/sdrangelove-2test2/include -I/tmp/buildd/sdrangelove-2test2/include-gpl-fPIC -o CMakeFiles/sdrbase.dir/sdrbase/gui/glspectrum.cpp.o -c /tmp/buildd/sdrangelove-2test2/sdrbase/gui/glspectrum.cpp /tmp/buildd/sdrangelove-2test2/sdrbase/gui/glspectrum.cpp: In member function 'void GLSpectrum::applyChanges()': /tmp/buildd/sdrangelove-2test2/sdrbase/gui/glspectrum.cpp:1154:1: error: insn does not satisfy its constraints: } ^ (call_insn 846 845 2999 73 (parallel [ (call (mem:SI (reg:SI 1005) [0 setRange S4 A32]) (const_int 16 [0x10])) (clobber (reg:SI 31 $31)) ]) /tmp/buildd/sdrangelove-2test2/sdrbase/gui/glspectrum.cpp:915 594 {call_internal} (expr_list:REG_DEAD (reg:SI 1005) (expr_list:REG_DEAD (reg:SF 7 $7) (expr_list:REG_DEAD (reg:SF 6 $6) (expr_list:REG_DEAD (reg:SI 5 $5) (expr_list:REG_DEAD (reg:SI 4 $4) (expr_list:REG_EH_REGION (const_int 2 [0x2]) (nil))) (expr_list (use (reg:SI 79 $fakec)) (expr_list (use (reg:SI 28 $28)) (expr_list:SF (use (reg:SF 7 $7)) (expr_list:SF (use (reg:SF 6 $6)) (expr_list:SI (use (reg:SI 5 $5)) (expr_list:SI (use (reg:SI 4 $4)) (nil /tmp/buildd/sdrangelove-2test2/sdrbase/gui/glspectrum.cpp:1154:1: internal compiler error: in extract_constrain_insn_cached, at recog.c:2117 Please submit a full bug report, with preprocessed source if appropriate. See file:///usr/share/doc/gcc-4.9/README.Bugs for instructions. The bug is not reproducible, so it is likely a hardware or OS problem. CMakeFiles/sdrbase.dir/build.make:713: recipe for target 'CMakeFiles/sdrbase.dir/sdrbase/gui/glspectrum.cpp.o' failed make[3]: *** [CMakeFiles/sdrbase.dir/sdrbase/gui/glspectrum.cpp.o] Error 1 make[3]: Leaving directory '/tmp/buildd/sdrangelove-2test2/obj-mipsel-linux-gnu' CMakeFiles/Makefile2:130: recipe for target 'CMakeFiles/sdrbase.dir/all' failed [...] So, given the ICE is not reproducible I'm giving up :-( We can revisit this in future versions of GCC. [0] http://cgit.osmocom.org/sdrangelove/ -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#719367: node-raptor on mipsel
Hi, after a month of no movements upstream, I feel we are hitting a dead project upstream. My intention is to give up in this issue :-( -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#791753: strace: FTBFS on mipsel: sys_syscall undeclared (and more)
Package: strace Version: 4.9-2 Severity: serious Tags: upstream Justification: fails to build from source (but built successfully in the past) Dear maintainer, as reported in buildd [0], strace FTBFS on mipsel. [...] In file included from ../linux/mips/syscallent.h:3:0, from ../syscall.c:85: .../linux/mips/syscallent-o32.h:3:20: error: 'sys_syscall' undeclared here (not in a function) [4000] = { MA, 0, sys_syscall, syscall }, /* start of Linux o32 */ ^ gcc -DHAVE_CONFIG_H -I. -I.. -I./linux/mips -I../linux/mips -I./linux -I../linux -D_FORTIFY_SOURCE=2 -Wall -Wwrite-strings -Wsign-compare -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -g -O2 -MT strace-syslog.o -MD -MP -MF .deps/strace-syslog.Tpo -c -o strace-syslog.o `test -f 'syslog.c' || echo '../'`syslog.c mv -f .deps/strace-syslog.Tpo .deps/strace-syslog.Po gcc -DHAVE_CONFIG_H -I. -I.. -I./linux/mips -I../linux/mips -I./linux -I../linux -D_FORTIFY_SOURCE=2 -Wall -Wwrite-strings -Wsign-compare -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -g -O2 -MT strace-sysmips.o -MD -MP -MF .deps/strace-sysmips.Tpo -c -o strace-sysmips.o `test -f 'sysmips.c' || echo '../'`sysmips.c mv -f .deps/strace-sysinfo.Tpo .deps/strace-sysinfo.Po .../syscall.c:622:1: warning: return type defaults to 'int' [-Wreturn-type] SYS_FUNC(syscall) ^ .../syscall.c: In function 'SYS_FUNC': .../syscall.c:624:19: error: 'tcp' undeclared (first use in this function) return printargs(tcp); ^ .../syscall.c:624:19: note: each undeclared identifier is reported only once for each function it appears in .../syscall.c:624:19: warning: passing argument 1 of 'printargs' from incompatible pointer type In file included from ../syscall.c:34:0: .../defs.h:462:12: note: expected 'struct tcb *' but argument is of type 'const struct struct_sysent *' extern int printargs(struct tcb *); ^ .../syscall.c: In function 'trace_syscall_entering': .../syscall.c:1797:18: warning: comparison of distinct pointer types lacks a cast if (sys_syscall == tcp-s_ent-sys_func) ^ .../syscall.c:1798:3: error: too few arguments to function 'decode_mips_subcall' decode_mips_subcall(); ^ .../syscall.c:611:1: note: declared here decode_mips_subcall(struct tcb *tcp) ^ gcc -DHAVE_CONFIG_H -I. -I.. -I./linux/mips -I../linux/mips -I./linux -I../linux -D_FORTIFY_SOURCE=2 -Wall -Wwrite-strings -Wsign-compare -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -g -O2 -MT strace-term.o -MD -MP -MF .deps/strace-term.Tpo -c -o strace-term.o `test -f 'term.c' || echo '../'`term.c .../syscall.c:1798:3: warning: statement with no effect [-Wunused-value] decode_mips_subcall(); ^ make[3]: *** [strace-syscall.o] Error 1 make[3]: *** Waiting for unfinished jobs [...] I've reported this issue upstream and I'm working towards a fix. best regards. [0] https://buildd.debian.org/status/fetch.php?pkg=stracearch=mipselver=4.10-2stamp=1435800897 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#791830: bedtools: FTBFS on mipsel
Source: bedtools Severity: serious Tags: upstream Justification: fails to build from source Dear maintainer, as you can see at buildd [0], bedtools FTBFS on mipsel. I just want to let you know I've reproduced the issue locally in my mipsel machine and I'm working towards a fix. best regards. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#791830: bedtools: FTBFS on mipsel
On 8 July 2015 at 20:40, Arturo Borrero Gonzalez arturo.borrero.g...@gmail.com wrote: as you can see at buildd [0], bedtools FTBFS on mipsel. Missing reference: [0] https://buildd.debian.org/status/fetch.php?pkg=bedtoolsarch=mipselver=2.24.0-1stamp=1436289056 -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#719367: node-raptor on mipsel
Dear maintainer, just to let you know that I'm working toward a fix. I have a patch to switch from node-waf to node-gyp, but I get a weird error on my mipsel machine. I opened 2 upstream bugs [0][1], as feel a bit lost on how to proceed. Any hint would be really appreciated. Thanks, best regards. [0] https://github.com/0xfeedface/node_raptor/issues/15 [1] https://github.com/TooTallNate/node-gyp/issues/646 -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#790855: sdrangelove: FTBFS on mipsel
Package: sdrangelove Severity: serious Tags: upstream Justification: fails to build from source Dear maintainer, as buildd reports [0], sdrangelove FTBFS on mipsel. At first, it seems an issue with the '-msse2' switch. If I patch the package to delete the switch, then other error happens: [...] [ 21%] Building CXX object CMakeFiles/sdrbase.dir/sdrbase/dsp/interpolator.cpp.o /usr/bin/c++ -DQT_CORE_LIB -DQT_GUI_LIB -DQT_MULTIMEDIA_LIB -DQT_NETWORK_LIB -DQT_NO_DEBUG -DQT_OPENGL_LIB -DQT_WIDGETS_LIB -DUSE_FFTW -Dsdrangelove_EXPORTS -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -O3 -DNDEBUG -fPIC -isystem /usr/include/mipsel-linux-gnu/qt5 -isystem /usr/include/mipsel-linux-gnu/qt5/QtCore -isystem /usr/lib/mipsel-linux-gnu/qt5/mkspecs/linux-g++ -isystem /usr/include/mipsel-linux-gnu/qt5/QtWidgets -isystem /usr/include/mipsel-linux-gnu/qt5/QtGui -isystem /usr/include/mipsel-linux-gnu/qt5/QtOpenGL -isystem /usr/include/mipsel-linux-gnu/qt5/QtMultimedia -isystem /usr/include/mipsel-linux-gnu/qt5/QtNetwork -I/tmp/buildd/sdrangelove-0.0.1.20140824/obj-mipsel-linux-gnu -I/tmp/buildd/sdrangelove-0.0.1.20140824/include -I/tmp/buildd/sdrangelove-0.0.1.20140824/include-gpl-fPIC -o CMakeFiles/sdrbase.dir/sdrbase/dsp/interpolator.cpp.o -c /tmp/buildd/sdrangelove-0.0.1.20140824/sdrbase/dsp/interpolator.cpp In file included from /tmp/buildd/sdrangelove-0.0.1.20140824/sdrbase/dsp/interpolator.cpp:4:0: /tmp/buildd/sdrangelove-0.0.1.20140824/include-gpl/dsp/interpolator.h:4:23: fatal error: immintrin.h: No such file or directory #include immintrin.h ^ compilation terminated. CMakeFiles/sdrbase.dir/build.make:322: recipe for target 'CMakeFiles/sdrbase.dir/sdrbase/dsp/interpolator.cpp.o' failed [...] In current mipsel sid, the file immintrin.h seems to be provided by the libclang-common-3.6-dev package, however I'm simply unable to proceed further. Please, could you give me any hint? I've contacted upstream as well [2], with no results. Thanks, best regards. [0] https://buildd.debian.org/status/fetch.php?pkg=sdrangelovearch=mipselver=0.0.1.20140824-1stamp=1410582994 [1] https://packages.debian.org/sid/mipsel/libclang-common-3.6-dev/filelist [2] http://lists.osmocom.org/pipermail/osmocom-sdr/2015-June/78.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789187: moarvm for mipsel
Control: reopen -1 Dear maintainer, I'm reopening this bug as we really want moarvm for mipsel. Do you have any news regarding the latest upstream release? thanks, best regards -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org