Bug#942615: bats: Source upload required to migrate to testing

2019-10-18 Thread Scott Leggett 
Package: bats
Version: 1.1.0+git104-g1c83a1b-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source

Dear maintainer,

Could you please upload a source package for bats to unstable? Because
the package has not been built from source on a buildd, it is failing to
migrate from unstable to testing.

Thanks

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

bats depends on no packages.

Versions of packages bats recommends:
ii  parallel  20161222-1.1

bats suggests no packages.

-- no debconf information

Bug#928056: dhcpcd5: Open security issues in dhcpcd5 prior to 7.2.1 affecting all versions found in Debian

2019-04-27 Thread Scott Leggett 
On 2019-04-27.03:46, Timo Sigurdsson wrote:
>   *  auth: Use consttime_memequal to avoid latency attack consttime_memequal 
> is supplied if libc does not support it
>  dhcpcd >=6.2 <7.2.1 are vulnerable
> 
>   *  DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED
>  dhcpcd >=4 <7.2.1 are vulnerable
> 
>   *  DHCPv6: Fix a potential buffer overflow reading NA/TA addresses
>  dhcpcd >=7 <7.2.1 are vulnerable

Hi Timo,

Thanks for the heads up, I agree with the severity.
I'll put together some uploads to fix this in the next few days.

-- 
Regards,
Scott Leggett.


signature.asc
Description: PGP signature

Bug#879474: quagga-bgpd: BGP session termination due to rather long AS paths in update messages

2017-11-05 Thread Scott Leggett 
On 2017-11-02.12:44, Salvatore Bonaccorso wrote:
> Control: block -1 by 880522
> 
> Hi Hugo
> 
> On Thu, Nov 02, 2017 at 12:24:53PM +0100, Hugo Lefeuvre wrote:
> > Hi,
> > 
> > I have prepared an NMU fixing CVE-2017-16227 in unstable.
> 
> I have the same NMU locally pending (actually trivially since I did
> the upload for stretch and it's the same version ;-) sorry for not
> letting know the bug), but I have refrained from uploading because I
> think we should see what is the problem actually for #880522.

Hi Salvatore, Hugo,

Thanks for preparing the NMU for stable, much appreciated! :-)

I've packaged upstream release 1.2.2 that fixes this bug (and several
others including #880522) in unstable. I'm waiting on sponsorship for
that upload [0].

[0] https://mentors.debian.net/package/quagga

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#864829: screen reader stops speaking

2017-07-03 Thread Scott Leggett 
Hi,

I've been able to reproduce this bug. A not-very-helpful workaround is
to restart espeakup whenever sound goes missing.

I've dug into the issue a bit and found it discussed on
pulseaudio-discuss back in 2010. The discussion on the thread seems to
indicate that espeakup and pulseaudio couldn't coexist at the time due
to espeakup not being multi-seat aware. Lennart summarised what needs to
be done to get them working together[0].

I'm not sure what the situation is now. Looking briefly at espeakup
upstream [1], it doesn't seem to be very active, so maybe the situation is
the same?

[0]
https://lists.freedesktop.org/archives/pulseaudio-discuss/2010-January/006033.html
[1] https://github.com/williamh/espeakup

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#864044: pasystray: Segmentation fault on startup (under wayland?)

2017-06-05 Thread Scott Leggett 
forwarded 864044 https://github.com/christophgysin/pasystray/issues/90
severity 864044 important
--

On 2017-06-03.11:18, Felipe Sateler wrote:
> Package: pasystray
> Version: 0.6.0-1
> Severity: serious
> 
> pasystray crashes on startup when running under gnome wayland:
> 
> #0  0xedc7 in x11_property_init () at x11-property.c:46
> #1  0xb10a in init (settings=0x7fffdf10) at pasystray.c:65
> #2  0x8f63 in main (argc=1, argv=0x7fffe018) at pasystray.c:52
> 
> Turns out the ScreenOfDisplay is NULL. I'm not sure if that is is a
> problem in pasystray usage or X/Wayland. But this effectively makes
> pasystray unusable.

Hi Felipe, thanks for the bug report!

It looks as though wayland is simply unsupported in pasystray. I've
tested it under Gnome with X (the default for stretch), and the bug does
not manifest. For that reason I'm downgrading the severity to important.

I've forwarded the details of this bug and the request for wayland
support on to upstream.

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#862899: rsync: insufficient escaping/quoting of arguments

2017-05-22 Thread Scott Leggett 
On Thu, 18 May 2017 13:16:23 +0200 Thorsten Glaser  wrote:
> Package: rsync
> Version: 3.1.2-2
> Severity: serious
> Tags: security upstream
> Justification: security-relevant
> 
> Assume my home directory on 'remote' has no files matching '*4'.
> 
> Now run this:
> 
> remote$ touch ./-zT.mp4
> local$ mkdir test
> local$ cd test
> local$ rsync -zavPH --numeric-ids -S --stats '--rsh=ssh -T' $remote:\*4 .

I think you just need to prefix your wildcard. This works for me:

$ rsync -zavP --numeric-ids --stats $remote:./*4 .
receiving incremental file list
-zT.mp4
  0 100%0.00kB/s0:00:00 (xfr#1, to-chk=0/1)

  Number of files: 1 (reg: 1)
  Number of created files: 1 (reg: 1)
  Number of deleted files: 0
  Number of regular files transferred: 1
  Total file size: 0 bytes
  Total transferred file size: 0 bytes
  Literal data: 0 bytes
  Matched data: 0 bytes
  File list size: 37
  File list generation time: 0.001 seconds
  File list transfer time: 0.000 seconds
  Total bytes sent: 43
  Total bytes received: 88

  sent 43 bytes  received 88 bytes  262.00 bytes/sec
  total size is 0  speedup is 0.00

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#809669: unattended-upgrades: files got created under /var/ mountpoint

2017-04-20 Thread Scott Leggett 
Hi Louis, thanks for your work on this.

On 2017-04-20.14:05, Louis Bouchard wrote:
> > [Unit]  
> >
> > Description=Unattended Upgrades Shutdown
> >
> > After=network.target local-fs.target
> >
> > RequiresMountsFor=/var/log /var/run /var/lib /boot  
> >
> > Documentation=man:unattended-upgrade(8) 
> >
> > 
> >
> > [Service]   
> >
> > Type=oneshot
> >
> > RemainAfterExit=yes 
> >
> > ExecStop=/usr/share/unattended-upgrades/unattended-upgrade-shutdown 
> >
> > TimeoutStopSec=900  
> >
> > 
> >
> > [Install]   
> >
> > WantedBy=multi-user.target  
> >
> 
> DefaultDependencies=no Needs to be removed as switching from shutdown.target 
> to
> multi-user.target requires to have the DefaultDependencies

I think the After=local-fs.target is unnecessary, as DefaultDependencies
pulls in After=sysinit.target, which itself is After=local-fs.target.

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#859581: quagga-core: fails to upgrade from 'jessie' - trying to overwrite /etc/pam.d/quagga

2017-04-06 Thread Scott Leggett 
On Wed, 05 Apr 2017 01:18:09 +0200 Andreas Beckmann  wrote:
> Package: quagga-core
> Version: 1.1.1-2
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
> 
> Hi,
> 
> during a test with piuparts I noticed your package fails to upgrade from
> 'jessie'.
> It installed fine in 'jessie', then the upgrade to 'stretch' fails
> because it tries to overwrite other packages files without declaring a
> Breaks+Replaces relation.
> 
> See policy 7.6 at
> https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces
> 
> >From the attached log (scroll to the bottom...):
> 
>   Selecting previously unselected package quagga-core.
>   Preparing to unpack .../quagga-core_1.1.1-2_amd64.deb ...
>   addgroup: The group `quaggavty' already exists as a system group. Exiting.
>   addgroup: The group `quagga' already exists as a system group. Exiting.
>   Adding user `quagga' to group `quaggavty' ...
>   Adding user quagga to group quaggavty
>   Done.
>   Unpacking quagga-core (1.1.1-2) ...
>   dpkg: error processing archive 
> /var/cache/apt/archives/quagga-core_1.1.1-2_amd64.deb (--unpack):
>trying to overwrite '/etc/pam.d/quagga', which is also in package quagga 
> 0.99.23.1-1+deb8u3
>   dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)

Hi,

Thanks for the bug report, I'll upload a fix ASAP.

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#856936: quagga: libquagga0 contains libraries with different SOVERSIONS

2017-03-13 Thread Scott Leggett 
Hi all,

Thanks for the bug report and for the thoughful advice.

On 2017-03-10.11:18, Vincent Bernat wrote:
>  ❦ 10 mars 2017 09:29 GMT, Simon McVittie  :
> 
> >> I suppose that's why I am in copy (the other actions are pretty obvious
> >> and I suppose Scott will apply them soon; I can also do that if he's
> >> unavailable).

Yes, I will make the changes suggested by Simon. I won't be able to do
this in the next few days, but will get it done within the next week
after that.

As the libraries are really intended to be private to the quagga
"family" of daemons/utils, I plan to roll them into quagga-core (thanks
for the explanation for how to do this correctly!).

> >
> > The other reason I wanted to Cc you is because as sponsor, you were
> > responsible for checking that the package split proposed by the
> > maintainer was Policy-compliant. I would have expected a sponsor to
> > query the current library packaging and not upload without changes,
> > because as it stands at the moment, it isn't correct for either
> > private/internal libraries or public libraries; it's somewhere in
> > between.
> >
> > (In particular, seeing the Lintian overrides in the diff should probably
> > have been a warning sign.)
> >
> 
> During the first upload, the packaging was policy compliant as all
> libraries were sharing the same version. There was no override. The
> change in SO name for libzebra was done during a minor version
> update. At this time, I suggested to solve the problem by ignoring
> lintian instead of being overly complicated for a library without
> reverse dependencies. My bad.
> 

This was also due to me lacking the experience to solve this somewhat
complicated packaging issue. My apologies too.

FYI the version bump originated from this post to the upstream mailing
list[0], which shows upstream's somewhat relaxed attitude to ABI
stability. I guess this is understandable as the libraries are intended
to be private.

> >>  - removing libquagga0 and libquagga-dev and put the libraries in
> >>quagga-core and in /usr/lib/quagga. Not shipping the development
> >>files. This is a change that would likely to be accepted by the
> >>release team.
> >
> > I would recommend this route. As you say, splitting libquagga0 into
> > 5 library packages seems like overkill if nobody is going to use it.

Agreed.

[0]
https://lists.quagga.net/pipermail/quagga-dev/2016-December/033087.html

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#809669: unattended-upgrades: files got created under /var/ mountpoint

2017-02-21 Thread Scott Leggett 
Hi Louis,

On Wed, 15 Feb 2017 14:34:58 +0100 Louis Bouchard 
 wrote:
> Hello,
> 
> I may be wrong, but this clearly shows that the Unattended Upgrades Shutdown
> unit starts once the target Network is being brought down :

I don't think the replacement unit I proposed was installed correctly on
your system. Could you double check?

> Pinging google for 4 seconds is not sufficient, the Unattended upgrade 
> shutdown
> can run for saveral minutes before completing.

This is the express purpose of network.target. Here's the relevant
snippet from `man systemd.special`:

  network.target
This unit is supposed to indicate when network functionality is
available, but it is only very weakly defined what that is supposed
to mean, with one exception: at shutdown, a unit that is ordered
after network.target will be stopped before the network — to
whatever level it might be set up then — is shut down. It is hence
useful when writing service files that require network access on
shutdown, which should order themselves after this target, but not
pull it in. Also see Running Services After the Network is up[1] for
more information. Also see network-online.target described above.

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#809669: unattended-upgrades: files got created under /var/ mountpoint

2017-02-11 Thread Scott Leggett 
On Fri, 10 Feb 2017 16:31:25 +0100 Louis Bouchard 
 wrote:
> Hi,
>·
> The proposed systemd unit change would break :
>·
> Unattended-Upgrade::InstallOnShutdown "true";
>·
> as the network is no longer available to fetch the archive.
>·

No, it wouldn't.

> As outlined in the systemd documentation :
>·
> "Given two units with any ordering dependency between them, if one unit is 
> shut
> down and the other is started up, the shutdown is ordered before the start-up.
> It doesn't matter if the ordering dependency is After= or Before=."
>·

Both units in this case are being shut down, so that paragraph doesn't
apply.

You can test that the network is available for yourself by adding
anonther ExecStop line below the first:

  ExecStop=/bin/ping -c 4 google.com

--·
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#850226: no longer advertises route

2017-01-07 Thread Scott Leggett 
On 2017-01-05.09:46, Steinar H. Gunderson wrote:
> Package: quagga-bgpd
> Version: 1.1.0-3
> Severity: grave
> 
> Hi,
> 
> I lost all of my IPv6 connectivity this morning; a bit of searching shows that
> it is due to an automated upgrade of:
> 
>   2017-01-05 07:36:26 upgrade quagga:amd64 1.0.20160315-2 1.1.0-3
> ...

Hi, thanks for the bug report.

Though the broken versions appear to be different, this issue looks
similar to an existing upstream bug:
https://bugzilla.quagga.net/show_bug.cgi?id=870

Does this look like the same issue to you?

FYI a similar issues is also discussed here:
https://lists.quagga.net/pipermail/quagga-users/2016-December/014596.html

-- 
Regards,
Scott.


signature.asc
Description: Digital signature

Bug#849953: cannot restart service

2017-01-03 Thread Scott Leggett 
On 2017-01-02.17:06, Peter Palfrader wrote:
> Package: quagga-bgpd
> Version: 1.1.0-2
> Severity: serious
> 
> Hi, it seems the recent move to systemd services breaks stuff.  In
> particular, the bgpd service cannot be restarted:
> ...

Hi, thanks for the bug report. I can reproduce the issue and will upload
a fix ASAP.

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#847355: quagga-core: fails to install, remove, and install again

2016-12-07 Thread Scott Leggett 
On 2016-12-07.14:53, Andreas Beckmann wrote:
> Package: quagga-core
> Version: 1.1.0-1
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
> 
> Hi,
> 
> during a test with piuparts I noticed your package failed to install,
> remove (but not purge), and install again.
> Before the second installation the package is in config-files-remaining
> state. The configuration is remaining from the last version that was
> successfully configured - which is the same version that is going to be
> installed again.
> 
> Like a plain failure on initial install this makes the package too buggy
> for a release, thus the severity.
> 
> >From the attached log (scroll to the bottom...):
> 
>   Selecting previously unselected package quagga-core.
>   (Reading database ... 
> (Reading database ... 4885 files and directories currently installed.)
>   Preparing to unpack .../quagga-core_1.1.0-1_amd64.deb ...
>   addgroup: The group `quaggavty' already exists as a system group. Exiting.
>   addgroup: The group `quagga' already exists as a system group. Exiting.
>   The user `quagga' is already a member of `quaggavty'.
>   Unpacking quagga-core (1.1.0-1) ...
>   Setting up quagga-core (1.1.0-1) ...
>   dpkg-statoverride: error: an override for '/etc/quagga' already exists; 
> aborting
>   dpkg: error processing package quagga-core (--configure):
>subprocess installed post-installation script returned error exit status 2
>   Errors were encountered while processing:
>quagga-core
>  
> 
> cheers,
> 
> Andreas

Hi Andreas,

Thanks for the bug report. I'll upload a fix ASAP.

-- 
Regards,
Scott.


signature.asc
Description: Digital signature