Bug#944019: nmu: netsniff-ng_0.6.6-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu netsniff-ng_0.6.6-1 . ANY . experimental . -m "Rebuild against libcli1.10." Rebuild for the ongoing libcli transition. Andreas
Bug#941237: marked as done (transition: brltty)
Your message dated Sat, 2 Nov 2019 21:44:31 +0100 with message-id and subject line Re: Bug#941237: transition: brltty has caused the Debian Bug report #941237, regarding transition: brltty to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 941237: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941237 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, I'd like to upload brltty which introduces libbrlapi0.7 instead of libbrlapi0.6. The only rdep is qemu, which builds fine against it. Ben file: title = "brltty"; is_affected = .depends ~ "libbrlapi0.6" | .depends ~ "libbrlapi0.7"; is_good = .depends ~ "libbrlapi0.7"; is_bad = .depends ~ "libbrlapi0.6"; -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.3.0 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Samuel muhahaha... ya un train qui part de Perrache à 14h57 qui passe à Part-Dieu à 15h10 si je le prends à Perrache, je suis en zone bleue si je le prends à Part-Dieu, je suis en zone blanche donc je vais le prendre à Perrache *mais* à Part-Dieu ;-) -+- #ens-mim - vive la SNCF -+- --- End Message --- --- Begin Message --- Hi, On 12-10-2019 20:04, Samuel Thibault wrote: > Emilio Pozuelo Monfort, le sam. 12 oct. 2019 15:45:15 +0200, a ecrit: >> On 26/09/2019 23:20, Samuel Thibault wrote: >>> Package: release.debian.org >>> Severity: normal >>> User: release.debian@packages.debian.org >>> Usertags: transition >>> >>> Hello, >>> >>> I'd like to upload brltty which introduces libbrlapi0.7 instead of >>> libbrlapi0.6. The only rdep is qemu, which builds fine against it. >> >> Sure, please go ahead. > > Thanks, it's now in! This is all finished now. Paul signature.asc Description: OpenPGP digital signature --- End Message ---
Bug#944014: marked as done (nmu: bind_1:9.13.3-1)
Your message dated Sat, 2 Nov 2019 21:43:23 +0100 with message-id and subject line Re: Bug#944014: nmu: bind_1:9.13.3-1 has caused the Debian Bug report #944014, regarding nmu: bind_1:9.13.3-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 944014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944014 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu bind_1:9.13.3-1 . ANY . experimental . -m "Rebuild against libjson-c4." Let's finish the libjson-c transition in experimental, too. Andreas --- End Message --- --- Begin Message --- Hi On 02-11-2019 21:27, Andreas Beckmann wrote: > nmu bind_1:9.13.3-1 . ANY . experimental . -m "Rebuild against libjson-c4." Scheduled. Paul signature.asc Description: OpenPGP digital signature --- End Message ---
Processed: tagging 915721, tagging 942554
Processing commands for cont...@bugs.debian.org: > tags 915721 + pending Bug #915721 [release.debian.org] transition: opencv Added tag(s) pending. > tags 942554 + pending Bug #942554 [release.debian.org] transition: soapysdr Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 915721: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915721 942554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942554 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#944014: nmu: bind_1:9.13.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu bind_1:9.13.3-1 . ANY . experimental . -m "Rebuild against libjson-c4." Let's finish the libjson-c transition in experimental, too. Andreas
Bug#944009: buster-pu: package ncurses/6.1+20181013-2+deb10u2
On Sat, Nov 02, 2019 at 08:10:39PM +0100, Sven Joachim wrote: > Package: release.debian.org > Severity: normal > Tags: buster d-i > User: release.debian@packages.debian.org > Usertags: pu > > I would like to upload ncurses 6.1+20181013-2+deb10u2 to buster, fixing > several bugs in tic's parser which have been reported last month. Two > of them are heap buffer overflows that have been assigned CVE numbers hmm - "overflow" is the wrong term, afaik (all of the ones that I verified were out-of-bound-reads). > and a Debian bug[1], two others are out-of-bound-reads and one an > infinite loop. > > I have verified that the reported crashes and the infinite loop which I > could reproduce in ncurses 6.1+20181013-2+deb10u1 appear to be fixed, at > least with the submitted corrupt input files. Also, the compiled > terminfo files in ncurses-base and ncurses-term are identical to the > ones currently in buster. > > This upload touches the tinfo library which is used in the installer, > however to the best of my knowledge the changed functions are only used > by tic and not by any other packages. that's accurate - comp*.c are just tic. -- Thomas E. Dickey https://invisible-island.net ftp://ftp.invisible-island.net signature.asc Description: PGP signature
Bug#944009: buster-pu: package ncurses/6.1+20181013-2+deb10u2
Package: release.debian.org
Severity: normal
Tags: buster d-i
User: release.debian@packages.debian.org
Usertags: pu
I would like to upload ncurses 6.1+20181013-2+deb10u2 to buster, fixing
several bugs in tic's parser which have been reported last month. Two
of them are heap buffer overflows that have been assigned CVE numbers
and a Debian bug[1], two others are out-of-bound-reads and one an
infinite loop.
I have verified that the reported crashes and the infinite loop which I
could reproduce in ncurses 6.1+20181013-2+deb10u1 appear to be fixed, at
least with the submitted corrupt input files. Also, the compiled
terminfo files in ncurses-base and ncurses-term are identical to the
ones currently in buster.
This upload touches the tinfo library which is used in the installer,
however to the best of my knowledge the changed functions are only used
by tic and not by any other packages.
Thanks for your consideration.
1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942401
diff -Nru ncurses-6.1+20181013/debian/changelog ncurses-6.1+20181013/debian/changelog
--- ncurses-6.1+20181013/debian/changelog 2019-08-05 20:03:21.0 +0200
+++ ncurses-6.1+20181013/debian/changelog 2019-11-02 19:16:19.0 +0100
@@ -1,3 +1,20 @@
+ncurses (6.1+20181013-2+deb10u2) buster; urgency=medium
+
+ * Cherry-pick tic fixes from upstream patchlevels 20191012,
+20191015 and 20191019 (Closes: #942401).
+- Check for invalid hashcode in _nc_find_type_entry and
+ nc_find_entry (CVE-2019-17594).
+- Check for missing character after backslash in fmt_entry
+ (CVE-2019-17595).
+- Check for acsc with odd length in dump_entry in check for
+ one-one mapping.
+- Check for missing character after backslash in write_it.
+- Modify tic to exit if it cannot remove a conflicting name, because
+ treating that as a partial success can cause an infinite loop in
+ use-resolution.
+
+ -- Sven Joachim Sat, 02 Nov 2019 19:16:19 +0100
+
ncurses (6.1+20181013-2+deb10u1) buster; urgency=medium
* Drop "rep" from xterm-new and derived terminfo descriptions
diff -Nru ncurses-6.1+20181013/debian/patches/CVE-2019-17594.diff ncurses-6.1+20181013/debian/patches/CVE-2019-17594.diff
--- ncurses-6.1+20181013/debian/patches/CVE-2019-17594.diff 1970-01-01 01:00:00.0 +0100
+++ ncurses-6.1+20181013/debian/patches/CVE-2019-17594.diff 2019-11-02 17:21:09.0 +0100
@@ -0,0 +1,37 @@
+Author: Sven Joachim
+Description: Fix for CVE-2019-17594
+ Check for invalid hashcode in _nc_find_type_entry and nc_find_entry,
+ fix cherry-picked from upstream patchlevel 20191012.
+Bug-Debian: https://bugs.debian.org/942401
+Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html
+Forwarded: not-needed
+Last-Update: 2019-11-02
+
+---
+ ncurses/tinfo/comp_hash.c |8 ++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/ncurses/tinfo/comp_hash.c
b/ncurses/tinfo/comp_hash.c
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+
+ hashvalue = data->hash_of(string);
+
+-if (data->table_data[hashvalue] >= 0) {
++if (hashvalue >= 0
++ && (unsigned) hashvalue < data->table_size
++ && data->table_data[hashvalue] >= 0) {
+
+ real_table = _nc_get_table(termcap);
+ ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+ const HashData *data = _nc_get_hash_info(termcap);
+ int hashvalue = data->hash_of(string);
+
+-if (data->table_data[hashvalue] >= 0) {
++if (hashvalue >= 0
++ && (unsigned) hashvalue < data->table_size
++ && data->table_data[hashvalue] >= 0) {
+ const struct name_table_entry *const table = _nc_get_table(termcap);
+
+ ptr = table + data->table_data[hashvalue];
diff -Nru ncurses-6.1+20181013/debian/patches/CVE-2019-17595.diff ncurses-6.1+20181013/debian/patches/CVE-2019-17595.diff
--- ncurses-6.1+20181013/debian/patches/CVE-2019-17595.diff 1970-01-01 01:00:00.0 +0100
+++ ncurses-6.1+20181013/debian/patches/CVE-2019-17595.diff 2019-11-02 17:22:34.0 +0100
@@ -0,0 +1,36 @@
+Author: Sven Joachim
+Description: Fix for CVE-2019-17595
+ Fix for CVE-2019-17595 cherry-picked from upstream patchlevel
+ 20191012. Additionally to the CVE fix, this contains a check for
+ acsc with odd length in dump_entry in check for one-one mapping.
+Bug-Debian: https://bugs.debian.org/942401
+Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
+Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00018.html
+Forwarded: not-needed
+Last-Update: 2019-11-02
+
+---
+ progs/dump_entry.c |5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/progs/dump_entry.c
b/progs/dump_entry.c
+@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm,
+ *d++ = '\\';
+ *d = ':';
+ } else if (*d == '\\') {
+-*++d = *s++;
++if ((*++d = *s++) == '\0')
++break;
+ }
+ d++;
+ *d = '\0';
+@@ -1370,7 +1371,7 @@
Bug#944002: buster-pu: package libreoffice/1:6.1.5-3+deb10u5
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I think we should fix #943873 in stable since even though stable has
PostgreSQL 11 people might use it against some other server having
12...
Debdiff attached. (Patch from 1:6.3.3-2 cherry-picked.)
Regards,
Rene
diff --git a/changelog b/changelog
index d5983949..a78024d8 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,11 @@
+libreoffice (1:6.1.5-3+deb10u5) buster; urgency=medium
+
+ * debian/patches/Postgresql-12-no-adsrc.diff: add from
+libreoffice-6-3 branch; fix the postgresql driver with
+PostgreSQL 12 (closes: #943873)
+
+ -- Rene Engelhard Thu, 31 Oct 2019 18:26:41 +0100
+
libreoffice (1:6.1.5-3+deb10u4) buster-security; urgency=medium
* debian/patches/expand-pyuno-path-separators.diff.
diff --git a/patches/Postgresql-12-no-adsrc.diff
b/patches/Postgresql-12-no-adsrc.diff
new file mode 100644
index ..76275ade
--- /dev/null
+++ b/patches/Postgresql-12-no-adsrc.diff
@@ -0,0 +1,128 @@
+From 0872f7dc87445f81afd56b5a096d026df75d3a05 Mon Sep 17 00:00:00 2001
+From: Julien Nabet
+Date: Sun, 13 Oct 2019 00:26:10 +0200
+Subject: tdf#128111: "adsrc" doesn't exist from Postgresql 12
+
+Before Postgresql 8.0, there was only "adsrc"
+then it's been deprecated
+"The adsrc field is historical, and is best not used, because it does not
track outside changes
+ that might affect the representation of the default value.
+ Reverse-compiling the adbin field (with pg_get_expr for example) is a better
way to display the default value
+"
+and finally it's been removed with version 12
+
+See evolution with:
+- https://www.postgresql.org/docs/8/catalog-pg-attrdef.html
+- https://www.postgresql.org/docs/11/catalog-pg-attrdef.html
+- https://www.postgresql.org/docs/12/catalog-pg-attrdef.html
+
+Merge with
https://cgit.freedesktop.org/libreoffice/core/commit/?id=1ec93ef100bb5f6ccef91f12e28ed09feb3eb38b
+
+Change-Id: I57e9da423a23b5a96bbb64b0e026b160e9643ab9
+Reviewed-on: https://gerrit.libreoffice.org/80722
+(cherry picked from commit 0c46c81e04530e8f6ce4f34195d8f0443ed8bfc3)
+Reviewed-on: https://gerrit.libreoffice.org/80736
+Tested-by: Jenkins
+Reviewed-by: Julien Nabet
+---
+ connectivity/source/drivers/postgresql/pq_databasemetadata.cxx | 6 +++---
+ connectivity/source/drivers/postgresql/pq_statement.cxx| 10 ++
+ connectivity/source/drivers/postgresql/pq_tools.cxx| 7 +++
+ connectivity/source/drivers/postgresql/pq_tools.hxx| 2 ++
+ 4 files changed, 18 insertions(+), 7 deletions(-)
+
+diff --git a/connectivity/source/drivers/postgresql/pq_databasemetadata.cxx
b/connectivity/source/drivers/postgresql/pq_databasemetadata.cxx
+index 10c8546..8af02f9 100644
+--- a/connectivity/source/drivers/postgresql/pq_databasemetadata.cxx
b/connectivity/source/drivers/postgresql/pq_databasemetadata.cxx
+@@ -1514,7 +1514,7 @@ css::uno::Reference< XResultSet >
DatabaseMetaData::getColumns(
+ //allow NULL values. An empty string means
+ //nobody knows.
+ // => pg_attribute.attnotnull
+-
++OUString strDefaultValue = getColExprForDefaultSettingVal(m_pSettings);
+ Reference< XPreparedStatement > statement = m_origin->prepareStatement(
+ "SELECT pg_namespace.nspname, " // 1
+ "pg_class.relname, " // 2
+@@ -1524,8 +1524,8 @@ css::uno::Reference< XResultSet >
DatabaseMetaData::getColumns(
+ "pg_attribute.attnotnull, " // 6
+ "pg_type.typdefault, " // 7
+ "pg_type.typtype, " // 8
+-"pg_attrdef.adsrc, " // 9
+-"pg_description.description, " // 10
+++ strDefaultValue + // 9
++",pg_description.description, " // 10
+ "pg_type.typbasetype, " // 11
+ "pg_attribute.attnum " // 12
+ "FROM pg_class, "
+diff --git a/connectivity/source/drivers/postgresql/pq_statement.cxx
b/connectivity/source/drivers/postgresql/pq_statement.cxx
+index 7796cac..79930e2 100644
+--- a/connectivity/source/drivers/postgresql/pq_statement.cxx
b/connectivity/source/drivers/postgresql/pq_statement.cxx
+@@ -631,10 +631,12 @@ static void getAutoValues(
+ String2StringMap & result,
+ const Reference< XConnection > & connection,
+ const OUString &schemaName,
+-const OUString & tableName )
++const OUString & tableName,
++ConnectionSettings *pConnectionSettings )
+ {
++OUString strDefaultValue =
getColExprForDefaultSettingVal(pConnectionSettings);
+ Reference< XPreparedStatement > stmt = connection->prepareStatement(
+- "SELECT pg_attribute.attname, pg_attrdef.adsrc "
++ "SELECT pg_attribute.attname, " + strDefaultValue +
+ "FROM pg_class, pg_namespace, pg_attribute "
+
Bug#941093: ping!
On Sat, 02 Nov 2019, Mattia Rizzolo wrote: > I filed the RM myself, I x-debbugs-cc'ed calibre@. Thanks! Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#941093: ping!
On Sat, Nov 02, 2019 at 11:18:16PM +0900, Norbert Preining wrote: > I am fine with both, but I feel like RM is necessary, since without > qtwebengine reading ebooks does not work. > > Any suggestions of what I should do? I filed the RM myself, I x-debbugs-cc'ed calibre@. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#941093: ping!
Hi On Sat, 02 Nov 2019, Dmitry Shachnev wrote: > - calibre has missing build on armel, mips64el, ppc64el and s390x because > Qt WebEngine is not available there. I am CCing the calibre maintainers. > Either that build-dependency should be limited to the architectures where > Qt WebEngine is available, or an RM bug for calibre on the other > architectures should be filed. I am fine with both, but I feel like RM is necessary, since without qtwebengine reading ebooks does not work. Any suggestions of what I should do? Best Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#941093: ping!
Hi all, On Fri, Oct 25, 2019 at 05:31:41PM +0300, Dmitry Shachnev wrote: > s390x will be removed in #943467, and mips64el will be (hopefully) fixed > in https://salsa.debian.org/debian/telegram-desktop/merge_requests/16 > (thanks Nicholas!). I looked at update_output.txt and it looks like there are two issues preventing Qt from migration: - qgis is too young, only 2 of 5 days old; - calibre has missing build on armel, mips64el, ppc64el and s390x because Qt WebEngine is not available there. I am CCing the calibre maintainers. Either that build-dependency should be limited to the architectures where Qt WebEngine is available, or an RM bug for calibre on the other architectures should be filed. -- Dmitry Shachnev signature.asc Description: PGP signature
Processed: bug 943992 is forwarded to https://release.debian.org/transitions/html/auto-qscintilla2.html
Processing commands for cont...@bugs.debian.org: > forwarded 943992 > https://release.debian.org/transitions/html/auto-qscintilla2.html Bug #943992 [release.debian.org] transition: qscintilla2, soname 13 -> 15 Set Bug forwarded-to-address to 'https://release.debian.org/transitions/html/auto-qscintilla2.html'. > thanks Stopping processing here. Please contact me if you need assistance. -- 943992: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943992 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#943992: transition: qscintilla2, soname 13 -> 15
Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Severity: normal Dear release team I would like to ask for a transition of qscintilla2 2.11.2+dfsg from experimental to unstable. The package is a part of the auto-qscintilla2 transition. The SONAME is changed from 13 to 15. All python2 packages have been removed. All Qt4 packages have been removed. All reverse dependencies compile against version 2.11.2. title = "qscintilla2"; is_affected = .depends ~ "libqscintilla2-qt5-13" | .depends ~ "libqscintilla2-qt5-15"; is_good = .depends ~ "libqscintilla2-qt5-15"; is_bad = .depends ~ "libqscintilla2-qt5-13"; Regards Gudjon -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.3.0-1-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
