control: severity -1 important
control: retitle -1 should be split between arch and arch:all
Thanks to Yadd partially solved.
However this package should be split between arch and arch:all part
Bastien
> On 6/28/24 01:04, Bastien Roucariès wrote:
> > Hi,
> >
> > I get
it between arch/not arch part
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: esbuild
Version: 0.20.2-1
Severity: serious
Justification: could not be imported from node
Dear Maintainer,
Could you build the node package esbuild ?
Without it the package is broken from node point of view so serious bug.
I can help here
Bastien
signature.asc
Description
Package: systemd
Severity: serious
Tags: patch
Justification: Breaks unrelated package
Control: affects -1 dracut-core
Dear Maintainer,
Following #1071182 could you add to systemd a breaks: dracut-core << 102-2~
Change is simple so I add patch tag, please remove if needed
B
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit :
> Bastien,
>
> Okay, got it. Thanks for letting me know.
>
> I can cherry-pick that fossil commit, but you know the right magic for
> a versioned apache2 breakage and how to deal with proposed-updates.
> So
.)", and did the (trivial) backport of that package
> to bookworm and bullseye, with the "breaks:" modified to the
> appropriate version.
I agree with you, may be a fullbackport is better for bookworm see changes here
(line with * are interesting commit to backport)
Yadd do you have a pie
hem.
If so you could drop for bookworm (if release team is ok) and sid this embeded
code copy
BTW I have just opened a bug and add some comment on embded code copy
Bastien
signature.asc
Description: This is a digitally signed message part.
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit :
> Bastien,
>
> Okay, got it. Thanks for letting me know.
>
> I can cherry-pick that fossil commit, but you know the right magic for
> a versioned apache2 breakage and how to deal with proposed-updates.
> So
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit :
> Bastien,
>
> Okay, got it. Thanks for letting me know.
>
> I can cherry-pick that fossil commit, but you know the right magic for
> a versioned apache2 breakage and how to deal with proposed-updates.
> So
?id=68905
I can help here and do proposed update
We also need to use breaks relationship in apache2, in order to allow smooth
upgrade
Bastien
signature.asc
Description: This is a digitally signed message part.
Le lundi 15 avril 2024, 13:58:19 UTC Steve McIntyre a écrit :
> On Mon, Apr 15, 2024 at 11:33:14AM +0000, Bastien Roucariès wrote:
> >Source: shim
> >Followup-For: Bug #1061519
> >Control: tags -1 + patch
> >
> >Dear Maintainer,
> >
> >Please find a
Source: shim
Followup-For: Bug #1061519
Control: tags -1 + patch
Dear Maintainer,
Please find a MR here
https://salsa.debian.org/efi-team/shim/-/merge_requests/13
Bastien
signature.asc
Description: This is a digitally signed message part.
control: tags -1 + patch
Hi,
You will find a merge request for fixing CVE-2023-52160
https://salsa.debian.org/debian/wpa/-/merge_requests/15
I can do a NMU if neeeded
Bastien
signature.asc
Description: This is a digitally signed message part.
Moreover, it was hard for debian to get this files builded and @xtuc ones does
not build from source
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
particularly for sensitive
security components like sudo
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel
Kernel: Linux 6.5.0-5-amd64 (SMP w/4
to export default for both
Bastien
signature.asc
Description: This is a digitally signed message part.
control: retitle -1 golang-github-facebook-ent: include non free font Calibre
Le mardi 24 octobre 2023, 06:13:41 UTC Cyril Brulebois a écrit :
> Hi Bastien,
>
> Bastien Roucariès (2023-10-23):
> > Source: golang-github-facebook-ent
> > Version: 0.5.4-3
> > Severi
control: retitle -1 fasttext: website is build with Docusaurus not packaged
for debian
Le mardi 24 octobre 2023, 06:41:55 UTC Andrius Merkys a écrit :
> Hi,
>
> On 2023-10-23 22:06, Bastien Roucariès wrote:
> > Source: fasttext
>
> Source package names in Subject an
control: retitle -1 node-katex: website is build with Docusaurus not packaged
for debian
Le mardi 24 octobre 2023, 06:40:59 UTC Andrius Merkys a écrit :
> Hi,
>
> On 2023-10-23 22:04, Bastien Roucariès wrote:
> > Source: node-katex
>
> Source package names in Subject an
/
You should repack or package docusaurus and rebuild
Bastien
signature.asc
Description: This is a digitally signed message part.
You should repack or package docusaurus and rebuild
Bastien
signature.asc
Description: This is a digitally signed message part.
control: reassign -1 ts-node
signature.asc
Description: This is a digitally signed message part.
/
You should repack or package docusaurus and rebuild
Bastien
signature.asc
Description: This is a digitally signed message part.
repack or package docusaurus and rebuild
Bastien
signature.asc
Description: This is a digitally signed message part.
/docusaurus.config.js/?hl=54#L54
You should repack or package docusaurus and rebuild
Bastien
signature.asc
Description: This is a digitally signed message part.
repack or package docusaurus and rebuild
Bastien
signature.asc
Description: This is a digitally signed message part.
repack or package docusaurus and rebuild
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: node-react-redux
Version: 8.1.2+dfsg1+~cs1.2.3-1
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
You should repack or package docusaurus and rebuild
Bastien
Source: node-redux
Version: 4.2.1-1
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
You should repack or package docusaurus and rebuild
Bastien
signature.asc
Description
Source: fasttext
Version: 0.9.2+ds-5
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
You should repack or package docusaurus and rebuild
Bastien
signature.asc
Description
docusaurus and rebuild
Bastien
signature.asc
Description: This is a digitally signed message part.
docusaurus and rebuild
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel
Kernel: Linux 6.5.0-2-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG
/packages/n/node-punycode/control-2.2.3-2
piupart is ok so it is normally ok
Could you restest ?
Bastien
-
signature.asc
Description: This is a digitally signed message part.
be documented.
Moreover you do not document where you downloaded these file a comment under
copyright will be helpful (README.source say how to retrieve it not the link to
get).
Thanks
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug
Le vendredi 18 août 2023, 23:16:04 UTC Markus Koschany a écrit :
> Am Montag, dem 31.07.2023 um 11:56 + schrieb Bastien Roucariès:
> > Source: ublock-origin
> > Severity: serious
> > Justification: not prefered form of modification
> >
> > Dear Maintaine
Source: zoneminder
Severity: serious
Justification: embded code copy
Dear Maintainer,
Your package include a copy of cake php. Could you use the packaged one ?
Thanks
signature.asc
Description: This is a digitally signed message part.
Source: umatrix
Followup-For: Bug #976697
Forwarded: https://gitlab.com/vannilla/ematrix/
Dear Maintainer,
I have asked guidance to the last fork about firefox/chromium support. If not
RM is the wayto go
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
is due that for instance punycode was not in prefered form of
modification due to being wepackaged (transpiled) in order to be an ES module.
They may be other transpiled package in this subdirectory
Bastien
signature.asc
Description: This is a digitally signed message part.
hi,
Le lun. 31 juil. 2023 à 08:27, Kunal Mehta a écrit :
>
> Hi,
>
> On 7/29/23 16:44, Bastien Roucariès wrote:
> > Dear Maintainer,
> >
> > resources/lib/
> > (https://sources.debian.org/src/mediawiki/1:1.39.4-2/resources/lib/)
> >
> > i
Source: ruby-rails-assets-punycode
Severity: serious
Justification: source is missing
Dear Maintainer,
You package node-punycode without source...
I plan to fix this
Bastien
signature.asc
Description: This is a digitally signed message part.
+
// Opera: 9.5+
After it will need to change if needed the config here in order to remove
plugins
https://sources.debian.org/src/php-horde-
imp/6.2.27-3/imp-6.2.27/lib/Script/Package/Editor.php/?hl=33#L33
I could help if needed but I need a means to test the modification
Bastien
also review the other js file and ask if needed help from debian
javascript team to package
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
pako).
You could use the packaged library under debian
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: novnc
Severity: serious
Justification: embed code copy
Dear Maintainer,
Your package include an embded code copy of node-pako (under vendor)
Could you please use the packaged node-pako ?
Thanks
bastien
signature.asc
Description: This is a digitally signed message part.
point of view due to recent CVE for ckeditor)
Could you deembed and use packaged library
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: ldap-account-manager
Severity: serious
Tags: ftbfs security
Justification: FTBFS + security
Dear Maintainer,
Ldap-account-manager include a few vendored and outdated (without security
support) javascript library
Could you remove this depends and use packaged library
Thanks
ckeditor.
Note also that I am going to package ckeditor5 (ckeditor 4 is EOL)
Bastien
signature.asc
Description: This is a digitally signed message part.
as qemu bug
Bastien
signature.asc
Description: This is a digitally signed message part.
Hi Paul,
It is a regression on qemu. I will disable the test but I will prefer
qemu fixed.
I could not reproduce on porter box, I get another qemu bug...
Who is the specialist of qemu ?
Bastien
Le mer. 19 juil. 2023 à 10:45, Paul Gevers a écrit :
>
> Source: isa-support
> Vers
: exit status 128
I am currently debugging this regression.
Bastien
signature.asc
Description: This is a digitally signed message part.
Le lun. 26 juin 2023 à 14:16, David Bremner a écrit :
>
> roucaries bastien writes:
> >
> > Yes in your case i cheched by grepping thé build log. Lua ils compiléd what
> > why i set rc severity.
>
> I suspect that you saw a different package with Lua in the name, na
Le lun. 26 juin 2023 à 06:45, David Bremner a écrit :
> Bastien Roucariès writes:
>
> > Source: darktable
> > Version: Use packaged lua
> > Severity: serious
> > Justification: embded code copy
> >
> > Dear Maintainer,
> >
> > It appear that
Source: enigma
Severity: serious
Tags: security
Justification: embded
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
You ship a outdated and embed lua:
- could you use the system library
- repack in order to avoid compiling accidentally the embded version
Bastien
-- System Information
Source: darktable
Version: Use packaged lua
Severity: serious
Justification: embded code copy
Dear Maintainer,
It appear that your package embded and compile lua
Could you:
- use the packaged lua lib
- repack in order to avoid accidental reintroduction of compiling lua
rouca
-- System
Source: whitedb
Version: embed yajl
Severity: serious
Justification: devref
Dear Maintainer,
Your package embed a copy of yajl. Could you:
- compile against debian yajl package
- remove by repacking the yajl code copy in order to accidentally compile the
embed code copy
Thanks
Rouca
--
Source: epic-base
Severity: serious
Justification: devref
Dear Maintainer,
Your package embed a copy of yajl.
Could you:
- compile against the packaged yajl package
- remove by repacking the embded code copy in order to avoid accidental
compilation of the embed code copy
Thanks
Rouca
--
Source: collada2gltf
Severity: serious
Justification: devref
Dear Maintainer,
Your package embed a copy a yajl
Could you:
- build against yajl package
- remove by repacking the code copy in order to avoid in the future accidental
code compilation against the embed code copy
Thanks
Bastien
Source: burp
Severity: serious
Justification: devref
Dear Maintainer,
Your package embed a code copy of yajl. Could you:
- build against yajl debian package
- repack your package removing the emded code copy in order to avoid accidental
compilation in future.
Thanks
rouca
-- System
Source: crun
Severity: serious
Justification: embed code copy devref
Dear Maintainer,
Your package include an embed code copy of yajl
Could you please:
- deembed
- the repack (+ds source if needed) in order to be sure it will be not compiled
in by accident in newer release
Thanks
Bastien
Source: docker.io
Severity: serious
Tags: ftbfs
control: tags -1 + patch
Justification: FTBFS
Dear Maintainer,
I had applied the following patch for compiling under btrfs for buster. Could
you refresh and apply for other version
BastienFrom: =?utf-8?q?Bastien_Roucari=C3=A8s?=
Date: Thu, 22
Le jeu. 6 avr. 2023 à 11:24, Paul Gevers a écrit :
>
> Control: tags -1 pending patch
>
> On 06-04-2023 12:54, Paul Gevers wrote:
> > I'm going to prepare NMU's for rhino and dojo and upload to DELAYED/5
>
> Please find the debdiffs attached.
Go ahead
>
> Paul
> --
> Pkg-javascript-devel mailing
smb and tt-rss can be
> affected by the new rhino version. Wouldn't those packages depend on rhino
> in
> some way? To me it seems rhino is only required to build shrinksafe which
> can
> be used for compressing Javascript files. But maybe the dojo maintainers
> can
> chim
?
At least at this freeze time could you add a note on README.Debian ?
Note that in order to change the flags manually, I have executed "chromium
--ozone-platform=wayland"
Bastien
PS: set to patch because changing an option is like a patch
-- System Information:
Debian Release: bo
be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable; urgency=medium
* new upstream version
diff -Nru node-css-what-2.1.0/debian/patches/0001-Partial
expression in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable
in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 13:47:23 +
+
node-css-what (4.0.0-3) unstable; urgency=medium
* Team
Package: node-css-what
Version: 4.0.0-3
Severity: serious
Tags: security
Justification: security
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
Find the minimal ReDoS fix for 4.0.0, checked with recheck
Bastien>From eeb1fafd26a9f09114b6f8282a9569f99d52d716 Mon Sep 17 00:00:00 2001
F
control: tags -1 + moreinfo
Le dimanche 26 février 2023, 13:17:54 UTC Matthias Klose a écrit :
Hi,
> control: tags -1 -moreinfo
>
> On 25.02.23 15:14, Bastien Roucariès wrote:
> > control: tags -1 +moreinfo
> > Le vendredi 24 février 2023, 11:28:18 UTC Matthias Klose a
Package: gettext
Version: 0.21-11
Severity: serious
Tags: ftbfs upstream
Justification: DFSG #2
User: lintian-ma...@debian.org
Usertags: source-is-missing
X-Debbugs-Cc: ftpmas...@debian.org
Hi,
your package includes some files that seem to lack sources
in preferred forms of modification:
r/bin/python3.12d]
> E: python3.12-minimal: embedded-library expat [usr/bin/python3.12]
> E: python3.12-nopie: embedded-library expat [usr/bin/python3.12]
Hi doko;
Could you check why the "requested feature requires XML_DTD support in Expat"
string is on the binary ?
Bastien
>
> The
from upstream ?
Bastien
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel
Kernel: Linux 5.19.0-2-rt-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE
control: reassign -1 automake
control: affects -1 autoconf-archive
Hi,
The macro AM_PATH_PYTHON dos not support 3 level python version...
The bug lie in automake not autoconf-archive
Could be workarround by a little sed script in order remove micro version on
graph tool
side
Bastien
Source: isa-support
Version: 7
Severity: grave
Tags: patch
Justification: causes non-serious data loss
Dear Maintainer,
mktemp could fail and base64 is preinst is not nice
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture:
Source: cross-toolchain-base
Version: 59
Followup-For: Bug #1017213
Control: tags -1 + patch
Dear Maintainer,
Could you apply https://salsa.debian.org/toolchain-team/cross-toolchain-
base/-/merge_requests/7
Thanks
Rouca
-- System Information:
Debian Release: bookworm/sid
APT prefers
control: tags -1 + confirmed
Need gcc11 ...
Bastien
/build/cross-toolchain-base-59.1/glibc-2.34/configure: line 2671: x86_64-linux-
gnu-gcc-11: command not found
configure:2673: $? = 127
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "GNU C Library"
Source: bibledit
Version: 5.0.983-1
Severity: serious
Tags: upstream ftbfs security
Justification: DFSG #2
X-Debbugs-Cc: Debian Security Team ,
debian...@lists.debian.org
Dear Maintainer,
Your package includes some files that seem to lack sources
in preferred forms of modification:
# Several
Le mer. 17 nov. 2021 à 13:02, Andreas Beckmann a écrit :
> Control: tag -1 moreinfo
>
> On Mon, 30 Aug 2021 12:23:22 + "=?utf-8?q?Bastien_Roucari=C3=A8s?="
> wrote:
> > Source: prototypejs
> > Severity: serious
> > Justification: 4
> >
> > Dear Maintainer,
> >
> > The source is
Le mar. 19 oct. 2021 à 16:12, Yadd a écrit :
> Source: node-webpack
> Version: 5.58.2+~cs5.11.7-1
> Severity: serious
> Justification: DFSG
>
> webpack 5.58 uses es-module-lexer. For now, this component is downloaded
> including some binary files (WASM,...). This should be fixed before
> going
Hi;
I need it for gulp-wrap that is needed for a chai extension
signature.asc
Description: This is a digitally signed message part.
vendor * gives only a few hit that could be cured by symlinking
Bastien
Le lun. 27 sept. 2021 à 16:08, Reinhard Tartler a écrit :
>
>
> On Thu, Sep 16, 2021 at 4:18 AM Bastien Roucariès
> wrote:
>>
>> Package: golang-github-containers-common
>> Version: 0.33.4+ds1-1
>> Severity: critical
>> Tags: upstream
>> For
Le ven. 24 sept. 2021 à 08:16, Jonas Smedegaard a écrit :
>
> Hi Bastien,
>
> Quoting Bastien Roucariès (2021-09-24 09:49:37)
> > Package: node-define-property
> > Severity: serious
> > Tags: security upstream fixed-upstream
> > Justification: security b
-define-property is vulnerable
Because it embed small modules that are vulnerable.
Embdeding is bad and we have here another proof
Bastien
Le dim. 19 sept. 2021 à 21:03, Jérémy Lal a écrit :
>
>
>> Le dim. 19 sept. 2021 à 22:33, Bastien Roucariès
>> a écrit :
>>
>> Source: nodejs
>> Severity: serious
>> Tags: patch
>> Justification: base arch
>> Forw
on
sse2-support
Patch because I will fix on git asap I have a bug number.
Bastien
Le dim. 19 sept. 2021 à 19:33, Jérémy Lal a écrit :
>
>
>
> Le dim. 19 sept. 2021 à 18:54, Bastien Roucariès
> a écrit :
>>
>> Package: nodejs
>> Version: 12.22.5~dfsg-2
>> Severity: serious
>>
>> Dear Maintainer,
>>
>> README.sou
by recent version.
openssl one is worry some...
Bastien
Package: nodjes
Version: 12.22.5~dfsg-3
Severity: serious
Dear Maintainer,
Debci fail with against 12.22.5~dfsg-2 with:
duration_ms: 0.293
severity: fail
exitcode: 1
stack: |-
assert.js:101
throw new AssertionError(obj);
^
AssertionError [ERR_ASSERTION]: Expected
debian/upstream
To fix the situation please do the following:
1) Examine debian/copyright_* and referenced files
2) Update debian/copyright as needed
3) Replace debian/copyright_hints with debian/copyright_newhints
touch debian/stamp-copyright-check
touch debian/stamp-upstream-cruft
the source compiled but now the package FTBFS due to API
changes.
Could you help me.
Thanks
Bastien
be
shipped in /etc and 988443 should also be shipped in stable.
It is current for embeded plateform to use backport kernel and in this case
adding new syscall by adding something in configuration file is the rule. I
will open a new bug report on this problem
Bastien
/debugger/dist/*.js
https://sources.debian.org/src/firefox-
esr/78.13.0esr-1/devtools/client/debugger/flow-typed/npm/*
Additionnally embdeded copy should be mentionned in README.Source
Thanks
Bastien
Note that header said compiled with babel so technically it is FTBFS for debian
-- Package-specific
Source: prototypejs
Severity: serious
Justification: 4
Dear Maintainer,
The source is https://github.com/prototypejs/prototype/tree/master and need
rake for building...
So FTBFS
Bastien
control: reassign -1 src:firefox-esr
Followup-For: Bug #992150
Control: clone -1 -2
Control: assign -1 src:firefox-esr
Followup-For: Bug #992150
Control: clone -1 src:firefox-esr
.
Therefore, could we recover the old system of working symlink ? We have now
salsa to test regression and it could be safe.
Bastien
Le mardi 10 août 2021, 08:05:00 UTC Benno Schulenberg a écrit :
> Op 09-08-2021 om 15:08 schreef Bastien Roucariès:
> > nano work with TERM=dumb (but is strange but it work),
>
> For me, 'TERM=dumb nano somefile' does not work, not on a console, not
> on an xterm, not on Xfce Te
s strange but it work), so safer will be to
consider as best effort TERM="" , TERM not set, equivalent to dumb.
At least it fix this bug.
Bastien
>
> Benno
signature.asc
Description: This is a digitally signed message part.
Le dimanche 8 août 2021, 14:57:42 UTC Bastien Roucariès a écrit :
> Le dimanche 8 août 2021, 10:04:30 UTC Benno Schulenberg a écrit :
> > > $env -i nano
> > > command fail because TERM is unset
> >
> > I can work around an unset TERM. But what if TERM=="&
1 - 100 of 1063 matches
Mail list logo