control: tags -1 + patch
Hi,
Find the patch hereFrom: =?utf-8?q?Bastien_Roucari=C3=A8s?=
Date: Sun, 13 Aug 2023 14:14:09 +
Subject: CVE-2023-32627 Filter null sampling rate in VOC coder
Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file
bug:
Hi,
This problem is fixed by CVE-2022-31650.patch
Channel could not overflow
signature.asc
Description: This is a digitally signed message part.
Source: zoneminder
Severity: serious
Justification: embded code copy
Dear Maintainer,
Your package include a copy of cake php. Could you use the packaged one ?
Thanks
signature.asc
Description: This is a digitally signed message part.
Source: umatrix
Followup-For: Bug #976697
Forwarded: https://gitlab.com/vannilla/ematrix/
Dear Maintainer,
I have asked guidance to the last fork about firefox/chromium support. If not
RM is the wayto go
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
Source: ublock-origin
Severity: serious
Justification: not prefered form of modification
Dear Maintainer,
src/lib include a few library that are already packaged for debian.
per se it is not a serious bug, but we should try if possible after testing to
use packaged version
The serious bug is
Source: ruby-rails-assets-punycode
Severity: serious
Justification: source is missing
Dear Maintainer,
You package node-punycode without source...
I plan to fix this
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: php-horde-editor
Severity: serious
Tags: security
Justification: security reason EOL
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
ckeditor4 go to EOL since June by upstream.
You use ckeditor3. With my javascript hat maint of ckeditor I think we could
migrate your software to
Package: firefox-esr
Version: 115.0.2esr-1
Severity: important
control: clone -1 src:firefox
control: clone -1 src:chromium
Dear Maintainer,
Could you allow by providing a webext-https-everywhere and correct break
replace (versionned) a smooth upgrade for webext-https-everywhere
Source: netdata
Severity: serious
Dear Maintainer,
pako is packaged for debian as node-pako and minify now under
/usr/share/javascript/pako
Moreover the first line of your missing source show a webpack line so your
source are not on the prefered form and thus this is a serious bug
You should
Source: mediawiki
Version: 1:1.39.4-2
Severity: serious
Justification: missing source
Dear Maintainer,
resources/lib/
(https://sources.debian.org/src/mediawiki/1:1.39.4-2/resources/lib/)
include a few library already packaged for debian.
Moreover some source are missing (I have only checked
Source: novnc
Severity: serious
Justification: embed code copy
Dear Maintainer,
Your package include an embded code copy of node-pako (under vendor)
Could you please use the packaged node-pako ?
Thanks
bastien
signature.asc
Description: This is a digitally signed message part.
Source: sogo
Severity: serious
Tags: ftbfs security
Justification: FTBFS + security
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
https://sources.debian.org/src/sogo/5.8.4-1/UI/WebServerResources/js/vendor/
inlclude a few library precompiled and that seems outdated (bad from a security
Source: ldap-account-manager
Severity: serious
Tags: ftbfs security
Justification: FTBFS + security
Dear Maintainer,
Ldap-account-manager include a few vendored and outdated (without security
support) javascript library
Could you remove this depends and use packaged library
Thanks
Source: request-tracker5
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: tags -1 + security
Dear Maintainer,
https://sources.debian.org/src/request-
tracker5/5.0.3+dfsg-3/share/static/RichText/
include ckeditor outdated (with CVE) and moreover minified
Could you use the packaged
Package: node-lodash
Version: 4.17.21+dfsg+~cs8.31.198.20210220-9
Severity: important
Dear Maintainer,
Could you add lodash-es mini package to lodash
It is only running
lodash modularize exports=es -o ./
and installing to right part.
it is needed for ckeditor5
Thanks
signature.asc
control: reopen -1
control: notfound -1 19
control: reassign -1 qemu-user
control: found -1 1:8.0.2+dfsg-3
control: found -1
control: forwarded -1 https://gitlab.com/qemu-project/qemu/-/issues/1776
control: affects -1 src:isa-support
control: severity -1 important
Hi,
THis is a qemu bug mark as
Le vendredi 21 juillet 2023, 10:52:17 UTC Bastien Roucariès a écrit :
> Le vendredi 21 juillet 2023, 08:55:39 UTC Marco d'Itri a écrit :
> > efs
> https://pypi.org/project/qnxmount/ claim to mount it. Check
> > hfs
> https://github.com/0x09/hfsfuse
Corrected not supporte
Le vendredi 21 juillet 2023, 08:55:39 UTC Marco d'Itri a écrit :
> efs
https://pypi.org/project/qnxmount/ claim to mount it. Check
> hfs
https://github.com/0x09/hfsfuse
> hfaplus
https://github.com/0x09/hfsfuse
> qnx6
Fuse ro filesystem https://pypi.org/project/qnxmount/ better support then
Source: node-jszip-utils
Severity: wishlist
Dear Maintainer,
Could you create a dist version and browserified version ? it is needed for
some package in the tree
Thanks
bastien
signature.asc
Description: This is a digitally signed message part.
Source: node-jszip
Severity: wishlist
Dear Maintainer,
Could you create a dist version and browerify version. It is needed for package
in the tree
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: ruby-redcloth
Severity: important
Tags: patch
Dear Maintainer,
Find the following patch in order to fix a REDOS
Thanks
BastienFrom: Kornelius Kalnbach
Date: Wed, 28 Jun 2023 17:24:55 +0200
Subject: CVE-2023-31606 make regex faster with Atomic Grouping
MIME-Version: 1.0
Content-Type:
Source: docker.io
Version: 18.09.1+dfsg1-7.1+deb10u3
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: debian-...@lists.debian.org
Dear Maintainer,
The current security version FTBFS for me with
-- FAIL: TestCheckoutGit (0.52s)
gitutils_test.go:188: assertion failed: error is not nil:
Source: yajl
Version: 2.1.0-3
Severity: important
Forwarded: https://github.com/lloyd/yajl/issues/252
Dear Maintainer,
yajl upstream seems to be dead
Could you please move to https://github.com/openEuler-BaseService/yajl
Thanks
rouca
-- System Information:
Debian Release: trixie/sid
APT
Source: fs-uae
Severity: important
Dear Maintainer,
Your package embed lua;
It is best practice to repack in order to avoid accidental compilation
Thanks
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900,
Source: freedroidrpg
Version: 1.0-1
Severity: important
Dear Maintainer, Cher julien
Could you repack and remove the external lua (+ds suffix) ?
It is best pratice to remove code embed old version of packaged software.
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers
Source: enigma
Severity: serious
Tags: security
Justification: embded
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
You ship a outdated and embed lua:
- could you use the system library
- repack in order to avoid compiling accidentally the embded version
Bastien
-- System Information:
Source: src:emscripten
Severity: important
Dear Maintainer,
A few system library are embdeded in tests/third_party/ and seems to be shipped
as example. It is not really good for a security point of view
Could you:
- try to repack and avoid this
- use embded library if possible
rouca
--
control: reassign -1 src:eja
Source: src:eja
Severity: important
Dear Maintainer,
Could you repack in order to avoid to ship lua.
It will avoid false positive for shipping lua and avoid to accidentally compile
local lua instead of packaged lua
Thanks
Rouca
-- System Information:
Debian Release: trixie/sid
APT prefers
Source: darktable
Version: Use packaged lua
Severity: serious
Justification: embded code copy
Dear Maintainer,
It appear that your package embded and compile lua
Could you:
- use the packaged lua lib
- repack in order to avoid accidental reintroduction of compiling lua
rouca
-- System
Source: blobby
Severity: important
Dear Maintainer,
Could you consider to repack in order to avoid to ship a non compiled lua ?
It is alway better to repack in this case, it avoid accidental compilation of
this embded library.
Rouca
-- System Information:
Debian Release: trixie/sid
APT
Source: bam
Severity: important
Dear Maintainer,
Could you consider to repack in order to avoid third party library like lua.
Even if they are not compiled, it could be accidentally compiled and thus is
not best pratice
Thanks
Rouca
-- System Information:
Debian Release: trixie/sid
APT
Source: ardour
Version: Please repack without third party library
Severity: important
Dear Maintainer,
I was checking if your are affected by a lua security bug. It will be nice if
you could strip (repack with +ds suffix) third party library.
It is a good pratice to not ship third party library
Hi,
I found the commit that remove the stack overlfow check line 688
https://github.com/lua/lua/commit/287b302acb8d925178e9edb800f0a8d18c7d35f6
Thus first introduced (if no backport) after 5.4.2
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: whitedb
Version: embed yajl
Severity: serious
Justification: devref
Dear Maintainer,
Your package embed a copy of yajl. Could you:
- compile against debian yajl package
- remove by repacking the yajl code copy in order to accidentally compile the
embed code copy
Thanks
Rouca
--
Source: epic-base
Severity: serious
Justification: devref
Dear Maintainer,
Your package embed a copy of yajl.
Could you:
- compile against the packaged yajl package
- remove by repacking the embded code copy in order to avoid accidental
compilation of the embed code copy
Thanks
Rouca
--
Source: collada2gltf
Severity: serious
Justification: devref
Dear Maintainer,
Your package embed a copy a yajl
Could you:
- build against yajl package
- remove by repacking the code copy in order to avoid in the future accidental
code compilation against the embed code copy
Thanks
Bastien
Source: burp
Severity: serious
Justification: devref
Dear Maintainer,
Your package embed a code copy of yajl. Could you:
- build against yajl debian package
- repack your package removing the emded code copy in order to avoid accidental
compilation in future.
Thanks
rouca
-- System
Source: crun
Severity: serious
Justification: embed code copy devref
Dear Maintainer,
Your package include an embed code copy of yajl
Could you please:
- deembed
- the repack (+ds source if needed) in order to be sure it will be not compiled
in by accident in newer release
Thanks
Bastien
--
Source: r-cran-jsonlite
Severity: important
Dear Maintainer,
Your package include a embded copy of yajl (patched).
You should try to use the upstream library if needed by using a thin layer of
compatibility
Thanks
rouca
-- System Information:
Debian Release: trixie/sid
APT prefers
Le vendredi 23 juin 2023, 08:42:54 UTC Shengjing Zhu a écrit :
> Control: severity -1 wishlist
> Control: tags -1 patch
>
> On Fri, Jun 23, 2023 at 5:33 AM Bastien Roucariès wrote:
> >
> > Source: docker.io
> > Severity: serious
> > Tags: ftbfs
> >
Source: docker.io
Severity: serious
Tags: ftbfs
control: tags -1 + patch
Justification: FTBFS
Dear Maintainer,
I had applied the following patch for compiling under btrfs for buster. Could
you refresh and apply for other version
BastienFrom: =?utf-8?q?Bastien_Roucari=C3=A8s?=
Date: Thu, 22
the range of unsigned char
+(Closes: #1016442)
+ * Fix CVE-2022-32546: Value outside the range of representable
+values of type 'unsigned long' at coders/pcl.c,
+ * Use Salsa CI
+
+ -- Bastien Roucariès Fri, 26 May 2023 07:10:27 +
+
imagemagick (8:6.9.11.60+dfsg-1.3+deb11u1) bullseye
Source: dnsmasq
Severity: important
Tags: patch
Dear Maintainer,
Please found a basic autopkgtest suite for dnsmasq from debian ELTS
The udp packet size fail (and is incomplete) with older dnsmasq
Thanks
Bastien
tests.tar.xz
Description: application/xz-compressed-tar
signature.asc
Package: chromium
Version: 111.0.5563.64-1
Severity: serious
Tags: patch
Justification: unusable under wayland kde
Dear Maintainer,
Under wayland chromium tab are unresponsible to mouse.
#ozone-platform-hint set to auto instead of default help here to detect
wayland.
Could you set this option
Package: dpkg-dev
Version: 1.21.21
Severity: minor
Dear Maintainer,
Do not know if it is the right place but a dpkg-buildpackage bissection tool
that will allow to bissect the debian/patches queue will be helpful.
I know git bissect but sometime it is useful to have tool insteaf of manually
Package: developers-reference
Version: 12.18
Severity: normal
Dear Maintainer,
Sometime (think a header only dev package) you need to depend on a strict
version of an other package.
However, (= ${source:Version})) is not NMU, backport, piupart and user
recompile safe.
That is the best
-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 13:47:23 +
+
node-css-what (4.0.0-3) unstable; urgency=medium
* Team upload
diff -Nru
node-css-what-4.0.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch
node-css-what-4.0.0
be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable; urgency=medium
* new upstream version
diff -Nru node-css-what-2.1.0/debian/patches/0001-Partial
expression in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable
in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 13:47:23 +
+
node-css-what (4.0.0-3) unstable; urgency=medium
* Team
Package: node-css-what
Version: 4.0.0-3
Severity: serious
Tags: security
Justification: security
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
Find the minimal ReDoS fix for 4.0.0, checked with recheck
Bastien>From eeb1fafd26a9f09114b6f8282a9569f99d52d716 Mon Sep 17 00:00:00 2001
From:
Package: firefox-esr
Version: 102.8.0esr-1
Followup-For: Bug #992150
Control: severity -1 important
Dear Maintainer,
punycode is still here duplicated from libjs-punycode...
webext-noscript: /usr/share/webext/noscript/lib/punycode.js
webext-noscript:
Package: dash
Followup-For: Bug #883179
Control: User debian-cr...@lists.debian.org
Control: Usertags -1 + ftcbfs
Add to the cross compile list of bug not really a ftcbfs but it is will
lead to ftcbfs
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy:
Le dimanche 26 février 2023, 21:37:51 UTC Axel Beckert a écrit :
> Control: tag -1 + confirmed
>
> Hi Andreas,
>
> Andreas Beckmann wrote:
> > Checking intel-mkl (pre-built binaries in non-free) with lintian is very
> > slow. A full build (i.e. source+all+any) on amd64 takes nearly 18 hours
> >
Le dimanche 26 février 2023, 15:49:52 UTC Bruno Haible a écrit :
> Santiago Vila wrote:
> > Mensaje reenviado
> > Asunto: Bug#1032011: gettext: Private library should go to private subdir
> > under lib
> > Fecha: Sun, 26 Feb 2023 14:57:45 +000
Le dimanche 26 février 2023, 15:16:03 UTC Santiago Vila a écrit :
> El 26/2/23 a las 15:53, Bastien Roucariès escribió:
> > Package: gettext
> > Version: 0.21-11
> > Severity: minor
> > Tags: upstream
> >
> > Dear Maintainer,
> >
> > As lin
Package: gettext
Version: 0.21-11
Severity: minor
Tags: upstream
Dear Maintainer,
Private library /libgettextsrc-0.21.so and libgettextlib-0.21.so should go to
private sudbir aka:
usr/lib/x86_64-linux-gnu/gettext/libgettextsrc-0.21.so
and
usr/lib/x86_64-linux-gnu/gettext/libgettextlib-0.21.so
control: tags -1 + moreinfo
Le dimanche 26 février 2023, 13:17:54 UTC Matthias Klose a écrit :
Hi,
> control: tags -1 -moreinfo
>
> On 25.02.23 15:14, Bastien Roucariès wrote:
> > control: tags -1 +moreinfo
> > Le vendredi 24 février 2023, 11:28:18 UTC Matthias Klose a
Package: gettext
Version: 0.21-11
Severity: minor
Tags: upstream
Dear Maintainer,
As lintian reported binary in usr/lib/arm-linux-gnueabihf/gettext/ should move
to usr/libexec/arm-linux-gnueabihf/gettext/
See
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html
-- System Information:
) unstable; urgency=medium
+
+ * Bug fix: "gettext is wrongly marked Multi-Arch: foreign", thanks to
+Helmut Grohne (Closes: #984748).
+
+ -- Bastien Roucariès Sat, 25 Feb 2023 16:14:51 +
+
gettext (0.21-11) unstable; urgency=medium
* Use a common debian/watch file which is vali
Package: gettext
Version: 0.21-11
Severity: wishlist
Dear Maintainer,
Could you add gettext under salsa. I could therefore create merge request for
you
Bastien
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Package: gettext
Version: 0.21-11
Severity: serious
Tags: ftbfs upstream
Justification: DFSG #2
User: lintian-ma...@debian.org
Usertags: source-is-missing
X-Debbugs-Cc: ftpmas...@debian.org
Hi,
your package includes some files that seem to lack sources
in preferred forms of modification:
control: tags -1 +moreinfo
Le vendredi 24 février 2023, 11:28:18 UTC Matthias Klose a écrit :
> Package: lintian
> Version: 2.116.3
> Severity: serious
> Tags: sid bookworm
>
> seen with the binary packages from
> https://people.debian.org/~doko/tmp/
>
> $ lintian -F
Package: dracut
Version: 056-3
Severity: critical
Tags: patch upstream
Justification: breaks the whole system
Forwarded:
https://github.com/dracutdevs/dracut/commit/79f9d9e1c29a9c8fc046ab20765e5bde2aaa3428
Dear Maintainer,
grep is missing failling with lvm main partition.
Could you apply patch
control: reassign -1 automake
control: affects -1 autoconf-archive
Hi,
The macro AM_PATH_PYTHON dos not support 3 level python version...
The bug lie in automake not autoconf-archive
Could be workarround by a little sed script in order remove micro version on
graph tool
side
Bastien
control: tags -1 + moreinfo
Le mercredi 21 septembre 2022, 10:00:40 UTC Hilmar Preusse a écrit :
> Package: lintian
> Version: 2.115.3
> Severity: normal
>
> Dear Maintainer,
>
> the upstream source code of package "asymptote" contains the rapidjson.
> Lintian correctly complains:
Package: widelands-data
Version: 2:1.0-2
Followup-For: Bug #1018966
Control: severity -1 serious
Control: tags -1 + patch
Control: tags -1 - unreproducible
Dear Maintainer,
This is in fact an RC bug that should have been catch by piuparts
Patch here not tested please test by runing CI on salsa
Package: qemu-system-common
Version: 1:7.0+dfsg-7+b1
Severity: important
Tags: upstream
Control: affects -1 src:isa-support
Dear Maintainer,
The documentation qemu-system-common(7) is nice but incomplete:
* a lot of arch are not present (we should at least add release arch)
* -sse , -mmx and so
Hi,
adding support to armv6-support will help here
Bastien
control: severity -1 important
Hi Tomasz,
Could you made a release of libnghttp2-dev by applying this patch ?
We plan to boostrap nodejs on a new architecture and it will help us a lot.
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Le mardi 16 août 2022, 13:37:39 UTC Axel Beckert a écrit :
Hi,
I have just reinstanced the sliding windows on master.
could you please check why autotest fail
BTW I am really supprised that test are not run at build time
Bastien
> Hi Bastien,
>
> Bastien Roucariès wrote:
> >
Package: lintian
Version: 2.115.2
Severity: important
Dear Maintainer,
I have an interesting interaction between dwz and lintian
https://salsa.debian.org/debian/isa-support/-/commits/lintianbug
dh_dwz create a small technically without common debug file, so without debug
symbols
It is a new
Source: isa-support
Version: 7
Severity: grave
Tags: patch
Justification: causes non-serious data loss
Dear Maintainer,
mktemp could fail and base64 is preinst is not nice
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture:
Package: debian-policy
Version: 4.6.1.0
Severity: important
Dear Maintainer,
I will like to stress that this kind of stuff is bad:
https://salsa.debian.org/debian/isa-support/-/blob/master/debian/altivec-
support.preinst.in#L10
base64 encoded binary in maint script and mktemp on /usr/lib
I
Source: lintian
Version: 2.115.2
Followup-For: Bug #1012289
Dear Maintainer,
I will restep to be a lintian maint.Could you please prepare a list of urgent
action ?
Bastien
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture:
Source: isa-support
Version: 7
Followup-For: Bug #1014892
Control: owner -1 ro...@debian.org
Dear Maintainer,
Ok for me to sponsor and comaintain
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign
Source: cross-toolchain-base
Version: 59
Followup-For: Bug #1017213
Control: tags -1 + patch
Dear Maintainer,
Could you apply https://salsa.debian.org/toolchain-team/cross-toolchain-
base/-/merge_requests/7
Thanks
Rouca
-- System Information:
Debian Release: bookworm/sid
APT prefers
Source: glibc
Version: 2.31-13+deb11u3
Severity: important
Tags: patch
Dear Maintainer,
Could you please apply the https://salsa.debian.org/glibc-
team/glibc/-/merge_requests/9
It will ease crossbuilding
Thanks
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT
control: tags -1 + confirmed
Need gcc11 ...
Bastien
/build/cross-toolchain-base-59.1/glibc-2.34/configure: line 2671: x86_64-linux-
gnu-gcc-11: command not found
configure:2673: $? = 127
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "GNU C Library"
| #define
Package: wnpp
Severity: normal
X-Debbugs-Cc: debian-de...@lists.debian.org
Control: affects -1 src:imagemagick
I request assistance with maintaining the imagemagick package.
The package description is:
ImageMagick is a software suite to create, edit, and compose bitmap images.
It can read,
Package: debian-policy
Version: 4.6.1.0
Severity: minor
Control: tags -1 + patch
Dear Maintainer,
The wording of upgrade list 4.5.1 about copyright is not clear
>The copyright information for files in a package must be copied verbatim into
/usr/share/doc/PACKAGE/copyright when
Whereas the 2.3 is
Package: lintian
Version: 2.115.2
Followup-For: Bug #1014254
Control: severity -1 serious
Control: tags -1 security
Dear Maintainer,
This bug was fixed in old version of lintian (before rewrite by lechner) by
using a slidding windows algorithm...
Nthyhier and myself are the main author of the
Package: lintian
Version: 2.115.2
Severity: minor
Dear Maintainer,
It will be nice if documentation give example for regex filtering.
For instance I do not know if regex syntax is pcre or shell and if only * is
considered as a regex
-- System Information:
Debian Release: bookworm/sid
APT
Source: bibledit
Version: 5.0.983-1
Severity: serious
Tags: upstream ftbfs security
Justification: DFSG #2
X-Debbugs-Cc: Debian Security Team ,
debian...@lists.debian.org
Dear Maintainer,
Your package includes some files that seem to lack sources
in preferred forms of modification:
# Several
Hi;
I need it for gulp-wrap that is needed for a chai extension
signature.asc
Description: This is a digitally signed message part.
Source: src:node-lodash
Version: 4.17.21+dfsg+~cs8.31.173-1
Severity: serious
Justification: do not compile from source
Dear Maintainer,
The vendor directory should be emptied
The debug version is compiled without source (lintian warn) and moreover the
rest of file are already packaged
grep -R
Package: www.debian.org
Severity: important
User: www.debian@packages.debian.org
Usertags: packages
Dear Maintainer,
It seems that packages.debian.org does not resolve versioned provides
Javascript (node-) is based on it so this a major problem for the javascript
teams
See instance
Package: npm2deb
Version: 0.3.0-6
Severity: important
Dear Maintainer,
I do not know if the bug belong to npm2deb or to ts-node that do not provide
node-ts-node but npm2deb does not found this package
Bastien
Package: node-define-property
Severity: serious
Tags: security upstream fixed-upstream
Justification: security bug
Forwarded: https://github.com/jonschlinkert/define-property/pull/6
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
According to
https://www.npmjs.com/advisories/1490
Package: pkg-js-tools
Version: 0.9.66
Severity: important
Dear Yadd,
I will like to get an official way and documented way to get the list of
components as a space separated list.
It will allow to get it in debian/rules and therefore do ssomething interesting
COMPONENTS=$(shell pkg-js-tools
Package: ftp.debian.org
Severity: normal
Control: block -1 by 979475
Could you please remove node-gyp-build ?
It was packaged by error see #979475
Thanks you
Package: gyp
Version: 0.1+20200513gitcaa6002-2
Severity: minor
Control: block -1 by 992976
Dear Maintainer,
Please add the following uscan
version=4
opts=\
mode=git,\
pretty=0.1+%cdgit%h,\
dversionmangle=auto \
https://chromium.googlesource.com/external/gyp HEAD group
opts=\
mode=git,\
Source: nodejs
Severity: serious
Tags: patch
Justification: base arch
Forwarded:
https://chromium.googlesource.com/v8/v8.git/+/e825c4318eb2065ffdf9044aa6a5278635c36427
Dear Maintainer,
libv8 need sse2 on i386 since 2017...
I asked upstream better communication with us, but we must depends on
Source: isa-support
Version: Please add armv6 support
Severity: important
Dear Maintainer,
Could you add an armv6 abi check for armel ?
It will help nodejs
Bastien
Package: libnode-dev
Version: 12.22.5~dfsg-2
Severity: important
Dear Maintainer,
It will be nice if libnode-dev ship header on arch triplet instead on directly
include path
Bastien
Package: nodejs
Version: 12.22.5~dfsg-2
Severity: serious
Dear Maintainer,
README.source should document the deps directory.
It will be better to remove some libs from deps. Why libz is needed for node ?
Could we push this plugin stuff to libz and so on.
Acorn embdeded should be fixed by
Package: node-nan
Version: 2.14.2-2
Severity: important
Dear Maintainer,
I think the cross-build effort should give us the opportunity to move nan
header (that means for me not a number) to a /usr/include/ subdirectory like
/usr/include/node-nan
I will implement it after a few weeks
Bastien
Package: pkg-js-tools
Version: 0.9.66
Severity: important
Dear Maintainer,
According to a few cross build test (see for instance
https://salsa.debian.org/js-team/node-re2/-/jobs/1960208)
This package is a blocker.
May be MA: same if possible will help here
Package: nodejs
Version: 12.22.5~dfsg-2
Severity: important
Dear Maintainer,
Nodejs salsa ci fail. It seems they are difference between debci and salsa.
Therefore some test should be disabled on salsa
Bastien
101 - 200 of 567 matches
Mail list logo