d8773572df43f5
Great stuff; thanks! The only thing I would add would be something that
explicitly addresses the the "freeware" term - it is a bit of a
"trigger word" for people looking for DFSG violations.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
(It would also be great if you used the "real" DEP-5 style? You are so
close as it is, after all.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@
ht and almost-literally copy your (own) words, ie.:
> This is only a comment, copied from the PCL sources (and I believe not
> even true over there).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
as "freeware" (!= is this even DFSG-free software?).
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
, as I highlight above, a new version might contain different files
in this directory?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
probably just resurface or require
a different wildcard in the future.
Why not just repack the tarball properly to remove "site/"?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Thank you! I've been thinking it's high time I got back to this and fixed a
few bugs. I'll take a look at this when the more pressing ones are closed
and 4.x is in testing.
CC
On Sat, 22 Sep 2018 at 15:09, shirish शिरीष wrote:
> Dear Andreas,
>
> There are attempts being made at angband forums
rds,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi,
> > Sorry, please provide a .dsc; I am very busy, alas...
>
> Understood...
No, sorry, please provide a HTTP-accessible link to .dsc with all the
sources, etc. Just like a regular sponsor request…
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la..
dard git-buildpackage
> workflow.
Sorry, please provide a .dsc; I am very busy, alas...
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
an ask the rest of your team?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
(?).
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
* Gianfranco Costamagna [180911 06:48]:
> control: tags -1 patch pending
> the following diff is now in deferred/4, please let me know if you want me to
> cancel or reschedule it.
Please commit your changes on salsa; feel free to do a team upload
(with no delay) then.
Cheers,
Chris
kg-voip-team/kamailio/tree/stretch-security
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi security team,
> kamailo: CVE-2018-16657
Would you like me to prepare a stretch-security debdiff for
this issue?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
cker/CVE-2018-16657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16657
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
n.t line 121.
And further failures.
Please also see the attached build log.
Cheers,
Chris
h2o_2.2.5+dfsg1-6_amd64-2018-09-06T13:21:48Z.build.gz
Description: application/gzip
Control: tag -1 pending
Hello,
Bug #906348 in django-prometheus reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
severity 830215 important
thanks
I'm lowering severity as violating a "may not" is not an RC bug as per
Policy § 1.1.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
severity 830214 important
thanks
I'm lowering severity as violating a "may not" is not an RC bug as per
Policy §1.1.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ot;, which apparently violates DFSG §6:
https://lists.debian.org/debian-devel/2018/08/msg00319.html
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
debian.org/status/fetch.php?pkg=gnucash=s390x=1%3A3.2-1=1530791265=0
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
gnucash.1:3.2-1.sid.mips.log.txt.gz
Description: Binary data
ks OK to me, please upload to security-master.
Uploaded to security-master.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Vincent Lefevre writes:
> But in any case, the bug needs to be fixed.
Yeah, I don't believe this can reasonably be called a bug. Emacs, like
a lot of big complex apps, can and does write to various parts of the
filesystem when used. There's a good chance that if you check your
home directory,
low. (CVE-2015-9262) Closes: #906012)
-- Chris Lamb Mon, 13 Aug 2018 09:09:13 +0200
Full debdiff attached. Permission to upload to stretch-security?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diffstat for libxcursor_1.1.1
/CVE-2015-9262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9262
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
for at least
Sun Microsystems, Nokia, Network Resonance, etc. etc.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
over the entire package
carefully and address these on your next upload. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Dear ovito Maintainers,
is there any update on progress of porting to botan2, or at least
moving off botan1.10?
Cheers,
Chris
you for the hint.
Is there any update on progress of switching to botan2 for monotone?
Cheers,
Chris
-amd64 kfreebsd-i386]
oce: oce-draw [kfreebsd-amd64 kfreebsd-i386]
oce is BD-Uninstallable on kfreebsd* for 91 days.
netgen is BD-Uninstallable on hurd, kfreebsd*.
Thanks,
Chris
Control: tag -1 pending
Hello,
Bug #905765 in django-prometheus reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
do so until
> the end of the week (latest).
Gentle reminder about this.
Thanks,
Chris
/historical.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #880247 in python-formencode reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
dir.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ghdl sticking around?
This is possible.
CCing in Thorsten Alteholz and quoting in full; as it was his note.
Thorsten, can you comment here?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
code copy.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574
Regards,
--
,''`.
: :' : C
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
for at least sophia.c.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
in debian/copyright for at least
internal/validation/testdata.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-libjansson/CATS/CODEGEN.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
that it embeds.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
tests that say "Restrictions: needs-root" do not appear to hit
those code paths.
I might try to come up with a patch if no one beats me to it.
Chris
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
bly NACK this change, sorry.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
the entire package
carefully and address these on your next upload. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
in no way exhaustive so please check over the entire package
carefully and address these on your next upload. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
package
carefully and address these on your next upload. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
in no way exhaustive so please check over the entire package
carefully and address these on your next upload. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
the entire package
carefully and address these on your next upload.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Package: netgen
Version: 4.9.13.dfsg-11
Severity: serious
In #896085 it has been suggested that tk8.5 should go away before
stretch. This bug informs you of this ;-)
C.
Control: tag -1 pending
Hello,
Bug #903285 in bundler reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
Upstream commit is:
https://git.opensvc.com/gitweb.cgi?p=multipath-tools/.git;a=commit;h=fef089a6610f94a847541069f3008a5708044015
to non-RC :-)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
erhaps by getting a statement from upstream or similar.
"This_file_is_part_of_KDE" is really not suitable as an author,
whatever the file says, after all.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
e on this bug could be miscontrued as overly combative or
antagonistic then I do not see how anyone can move forward here.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
One possible solution here is to change the translation domain used
either by libmypaint or by mypaint.
I think it would be better to change the domain used by mypaint (to,
e.g., "mypaint12"), since that change would only have to be a
temporary one, until the next version comes out, which will
affects 903194 + diffoscope
thanks
(Marking this as affecting diffoscope.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
w_new_from_uri () at
/usr/lib/libspreadsheet-1.12.39.so
#9 0x8251 in ()
#10 0x7b68 in main ()
(gdb)
(test1.gnumeric attached.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
test1.gnumeri
Hi Mattia,
> Alas yes, see the failures in
> https://salsa.debian.org/reproducible-builds/diffoscope/pipelines/12501
Hmpf, I cannot reproduce or understand these. :(
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi Mattia,
> I'll take care of it once I can debug the other 4 errors (tbh, I didn't
> try to reproduce them locally).
Did you manage to get to this? Are we even still seeing them? :-)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
commit/
d6f1d04b3dbc3f350f50a798979e1501a8cb89f3
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
iously, I cannot reproduce
this. :)
Happy to upload if your recent changes (d6f1d04 looks promising?)
fix it.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
retitle 902709 diffoscope: FTBFS: /usr/lib/python3.6/tempfile.py:509:
FileNotFoundError
thanks
Hi Mattia,
> So, I believe there is a bug here that needs to be fixed.
I can't reproduce this locally.
> Incidentally, Chris: any reason you did binary uploads instead of source
> onl
please check over the entire package
carefully and address these on your next upload.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
//salsa.debian.org/reproducible-builds/diffoscope/commit/f77d2b1b466dfd37ffb091943d6c71e6836dee05
… pending upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
interest?)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12326
Regards,
--
,''`.
: :' : Chris
e full debdiff is attached. Please let me know if it is okay to upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diffstat for php-horde-image-2.3.6 php-horde-image-2.3.6
changelog| 16 +++
pa
py. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
e clarify this in debian/copyright.
After all, there was probably /some/ reason why I didn't immediately
understand what was going on and we should fix that in the packaging
(and not document it on bugs like this where it will get lost).
Thanks :)
Regards,
--
,''`.
: :' : C
imported
code under src/ringct/.
(This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
/external_tools.py | 4 ---
tests/comparators/test_pdf.py | 10 ++-
tests/data/pdf_internal_expected_diff | 52 ---
5 files changed, 3 insertions(+), 76 deletions(-)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org
ua?
Good idea. Filed as #901669.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> Security team, oermission to upload the attached to
> stretch-security?
>
> redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high
>
> * CVE-2018-11218, CVE-2018-11219: Backport patches to fix multiple heap
> corruption and integer ove
forwarded 901526 https://code.djangoproject.com/ticket/29498#ticket
thanks
I've identified the issue and forwarded it upstream here:
https://code.djangoproject.com/ticket/29498
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
simply to remove them is unnecessary and involves other
compromises.
(As an aside, it might be clearer to explicitly remove the pre-built
files in the clean target — this way it guarantees they are always
rebuilt... but that's an entire adjunct remark.)
Regards,
--
,''`.
: :'
Chris Lamb wrote:
> We are likely deleting or otherwise refreshing the .pyc file. :)
Curiously, I can reproduce in stretch, buster and sid in upstream's
git repo...
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
sg):
MigrationLoader(connection)
We are likely deleting or otherwise refreshing the .pyc file. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
mat(exc_name))
> File "/usr/lib/python3.6/unittest/case.py", line 135, in _raiseFailure
> raise self.test_case.failureException(msg)
> AssertionError: ImportError not raised
Cool, same thing in the r-b setup:
https://tests.reproducible-builds.org/debian/rb-pkg/experimental/amd64/python-django.html
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> > redis: multiple security issues in Lua scripting
>
> This has now been assigned CVE-2018-11219 & CVE-2018-11218.
Security team, oermission to upload the attached to
stretch-security?
redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high
* CVE-2018
Hi,
> redis: multiple security issues in Lua scripting
This has now been assigned CVE-2018-11219 & CVE-2018-11218.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
The full
> report is here: <http://antirez.com/news/119>
No CVE has (yet) been assigned:
https://github.com/antirez/redis/issues/5017#issuecomment-397038992
Version tagged >= 3:3.2.6-1 due to stretch having Lua support but
wheezy (2.8.17) does not.
Regards,
--
,''`.
:
ulli attribution
(This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Grave to Wishlist, though I hope
lsb_release dependency is removed.
Chris
Description: Remove lsb_release dependency to work on other distributions.
Author: Chris Dos
Bug-Debian: https://bugs.debian.org/900089
Forwarded: no
--- a/scripts/dkms.mkconf
+++ b/scripts/dkms.mkconf
@@ -25,7
801 - 900 of 4641 matches
Mail list logo