Bug#1057096: rust-rsa: CVE-2023-49092: RUSTSEC-2023-0071: Marvin Attack: potential key recovery through timing sidechannels

Control: affects 1057096 + rsopv On Wed 2023-11-29 17:27:15 +0100, Salvatore Bonaccorso wrote: > The following vulnerability was published for rust-rsa. > > CVE-2023-49092[0]: My understanding is that we have other instances of the MARVIN attack available in debian which have not yet been solved.

Bug#1014124: qt5-image-formats-plugins: buffer overflow in the mng plugin for Qt (CVE-2020-23884)

Control: severity -1 important Lowering the severity as the security-tracker marks it as a no-dsa minor issue. Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1

Bug#1018175: ITP: funing -- a simple face recognition GUI

Control: retitle -1 RFP:funing -- a simple face recognition GUI Control: noowner -1 Hi, On Fri, Aug 26, 2022 at 04:54:30PM +0200, Renato Gallo wrote: I am interested Sorry, I did not more free time to package it and it seems that upstream was low active and low popcon. I do not see the value

Bug#1019237: ITP: thelounge -- Modern, responsive, cross-platform, self-hosted web IRC client

Control: retitle -1 RFP:thelounge -- Modern, responsive, cross-platform, self-hosted web IRC client Control: noowner -1 On Tue, Sep 06, 2022 at 11:46:15AM +0800, Bo YU wrote: Package: wnpp Severity: wishlist Owner: Bo YU X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: theloun

Bug#1086055: Should /usr/bin and /usr/sbin be merged?

Hello Michael, We haven't finished with merged-/usr yet, so I don't think we will consider a change like this any time soon. I agree with you that the systemd maintainers should patch systemd in Debian not to emit the warning. But that's up to them. -- Sean Whitton

Bug#880676: RFP: coredns -- pluggable DNS server in Go

Control: retitle -1 RFP:coredns -- pluggable DNS server in Go Control: noowner -1 hi, As you can see, I did not work on the package at all, because I do not have more free time and subject to limited Go language also, so I release it. -- Regards, -- Bo YU signature.asc Description: PGP sig

Bug#1061087: Still looking for a sponsor.

Dear Soren, Am 25.10.2024 13:21, schrieb Soren Stoutner: Control: owner -1 ! I will review the package for sponsorship. thank you very much. Best regards, Martin signature.asc Description: PGP signature

Bug#1085097: python-roborock: please make the build reproducible

user reproducible-bui...@lists.alioth.debian.org usertags +randomness -timestamps thanks On 2024-10-14, Chris Lamb wrote: > Whilst working on the Reproducible Builds effort [0], we noticed that > python-roborock could not be built reproducibly. > > This is because most/every documentation page emb

Bug#1078871: installer: reserve first 16 MiB space in default recipes for ARM devices?

On 2024-10-25, Pascal Hambourg wrote: > On 24/10/2024 at 22:04, Diederik de Haas wrote: >> On Thu Oct 24, 2024 at 9:08 PM CEST, Holger Wansing wrote: >>> >>> here you have a device|installation, which has the legacy_boot flag >>> installed, but it did not work|boot despite of this. And you changed

Bug#1086063: quart: CVE-2024-49767

Source: quart Version: 0.19.6-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for quart. CVE-2024-49767[0]: | Werkzeug is a Web Server Gateway Interface web application library. | Applications usin

Bug#1061087: Still looking for a sponsor.

Dear Soren, Am 25.10.2024 13:50, schrieb Soren Stoutner: 1. Can you please update the changelog to indicate it is targeting unstable instead of UNRELEASED? Done. 2. You probably want to fix the following typo in the word "environment": Done, thanks for spotting that typo. 3. You probabl

Bug#1086058: installation-reports

On 25/10/2024 at 21:22, DLQ wrote: Image version: https://cdimage.debian.org/images/unofficial/non-free/cd-including-firmware/archive/11.11.0+nonfree/multi-arch/iso-cd/firmware-11.11.0-amd64-i386-netinst.iso (...) As most Cherry Trail devices it has 32bit EFI, so i used an old multi-arch inst

Bug#504044: systemd complains about missing unit file

On Sat, 26 Oct 2024, Sven Geuer wrote: >Here is my repo [1] cloned from yours [0] with some commits added >implementing a systemd unit [2]. It covers soley what was requested >with bug #1039350. Please review. Thanks, will do. >It might make sense to unmerge bug #1039350 from #504044 and close o

Bug#1086025: loupe: FTBFS with DEB_BUILD_OPTIONS=optimize=-lto: Unrecognized option: 'config'

Control: reassign -1 cargo Control: retitle -1 cargo wrapper: `--config lto` wrongly gets passed along to cargo test Control: affects -1 + src:loupe > > Where does that wrapper come from? I'm guessing src:rustc? Are its > > maintainers aware of this problem? > It comes from bin:cargo. f_g (added

Bug#504044: systemd complains about missing unit file

On Wed, 2024-10-16 at 12:19 +0200, Sven Geuer wrote: > > I should be able to set up a personal repo under salsa.d.o to share > with you. I'll come back to you on this after having finished my > current work. Here is my repo [1] cloned from yours [0] with some commits added implementing a systemd

Bug#1086064: gnome-online-accounts: Cannot configure Nextcloud account

Package: gnome-online-accounts Version: 3.52.0-1 Severity: normal X-Debbugs-Cc: wintry...@theo.to Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? I tried to configure my Nextcloud online account. * What exact

Bug#1061087: Still looking for a sponsor.

Dear Soren, Am 25.10.2024 14:25, schrieb Soren Stoutner: On Friday, October 25, 2024 2:13:18 PM MST Martin Dosch wrote: I pushed the changes. Thank you very much for your instant review. :) Thank you for your excellent packaging. I have uploaded the package to the NEW queue. Please remind m

Bug#1086065: pandoc.1: postprocess the manual

Package: pandoc Version: 3.1.11.1+ds-2 Severity: minor Dear Maintainer, Postprocess the man page with sed -e 's/ *$//' -e 's/^\.RS -14n/.RS/' -.- [test-][gn]roff -mandoc -ww -b -z mandoc.1 troff: backtrace: '/home/bg/git/groff/build/s-tmac/an.tmac':722: macro 'RS' troff: backtrace: file 'p

Bug#1073786: ITP: rudof -- CLI tool to process RDF with ShEx, SHACL or DCTAP

Release 0.1.35 succesfully builds as an unofficial draft package, embedding 3 crates (2 missing, 1 outdated) which needs to be packaged before this can officially enter Debian. The built binary runs and works fine. Main task now is to package the remaining missing Rust crates. Here's how you can

Bug#1068024: Fwd: Accepted xz-utils 5.6.3-1 (source) into unstable

On Fri, 25 Oct 2024, Christoph Anton Mitterer wrote: >I guess this bug can be closed, can't it? Let’s take the submitter into explict Cc, to get an extra opinion. >If the version that Debian has reverted to after the backdoor was >disclosed or any of the supposedly cleaned versions would have st

Bug#1068024: Fwd: Accepted xz-utils 5.6.3-1 (source) into unstable

On Fri, 25 Oct 2024, Moritz Mühlenhoff wrote: >On Fri, Oct 25, 2024 at 08:00:22AM +0200, Sebastian Andrzej Siewior wrote: >> On 2024-10-24 23:38:31 [+0200], Thorsten Glaser wrote: >> > Do we trust these newer versions now? >> >> Yes. We started with 5.6.2 which was audited by upstream after the >>

Bug#1061087: Still looking for a sponsor.

On Friday, October 25, 2024 2:13:18 PM MST Martin Dosch wrote: > I pushed the changes. Thank you very much for your instant review. :) Thank you for your excellent packaging. I have uploaded the package to the NEW queue. Please remind me once it passes review and I can grant you DM upload righ

Bug#1061087: Still looking for a sponsor.

Martin, The package looks to be in good shape. 1. Can you please update the changelog to indicate it is targeting unstable instead of UNRELEASED? 2. You probably want to fix the following typo in the word "environment": P: bash-unit source: spelling-error-in-patch-description environement en

Bug#1068024: Fwd: Accepted xz-utils 5.6.3-1 (source) into unstable

I guess this bug can be closed, can't it? If the version that Debian has reverted to after the backdoor was disclosed or any of the supposedly cleaned versions would have still had any malicious code in it, it would anyway be useless by now, to revert to an even older version. Cheers, Chris

Bug#1085292: RFA: suckless-tools -- simple commands for minimalistic window managers

Hello Pierre-Elliott and Michaël, Le jeudi 24 octobre 2024 à 17:53, Pierre-Elliott Bécue a écrit : I've sent you and Michaël (Cc-ed), who contacted me privately, an invitation to be able to commit and do work in the suckless-tools repo on salsa. Thanks. Michaël is a friend and a newco

Bug#1086062: python-werkzeug: CVE-2024-49767

Source: python-werkzeug Version: 3.0.4-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for python-werkzeug. CVE-2024-49767[0]: | Werkzeug is a Web Server Gateway Interface web application library.

Bug#1086061: htmldoc: CVE-2024-46478

Source: htmldoc Version: 1.9.18-2 Severity: important Tags: security upstream Forwarded: https://github.com/michaelrsweet/htmldoc/issues/529 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for htmldoc. CVE-2024-46478[0]: | HTMLDOC v1.9.18 cont

Bug#1061087: Still looking for a sponsor.

Hi Soren, Am 25.10.2024 13:10, schrieb Soren Stoutner: I don’t see your package on mentors.debian.net. Can you add it there and go through the standard sponsorship request process? it is there: https://mentors.debian.net/package/bash-unit/ Is there something missing? Best regards, Martin

Bug#1061087: Still looking for a sponsor.

On Fri, 2024-10-25 at 13:10 -0700, Soren Stoutner wrote: > Martin, > > I don’t see your package on mentors.debian.net. Can you add it there and go > through the standard sponsorship request process? > > On Friday, October 25, 2024 12:55:37 PM MST Martin Dosch wrote: > > Dear all, > > > > as ~w

Bug#1061087: Still looking for a sponsor.

Control: owner -1 ! My fault for missing it. I made rookie mistake of looking at the recent packages on the start page instead of the full package list. I will review the package for sponsorship. On Friday, October 25, 2024 1:16:07 PM MST Phil Wyett wrote: > On Fri, 2024-10-25 at 13:10 -0700,

Bug#1061087: Still looking for a sponsor.

Martin, I don’t see your package on mentors.debian.net. Can you add it there and go through the standard sponsorship request process? On Friday, October 25, 2024 12:55:37 PM MST Martin Dosch wrote: > Dear all, > > as ~winter~ freeze is coming, I'd like to kindly ask if someone is > willing to

Bug#1086060: RM: gtk2-engines-oxygen -- ROM; Abandoned upstream

Package: ftp.debian.org Severity: normal X-Debbugs-Cc: gtk2-engines-oxy...@packages.debian.org, Debian Qt/KDE Maintainers Control: affects -1 + src:gtk2-engines-oxygen User: ftp.debian@packages.debian.org Usertags: remove Dear FTP Masters, please remove gtk2-engines-oxygen, it’s abandoned u

Bug#1061087: Still looking for a sponsor.

Dear all, as ~winter~ freeze is coming, I'd like to kindly ask if someone is willing to sponsor this package? I will maintain it as a DM if possible. Best regards, Martin signature.asc Description: PGP signature

Bug#1086059: /usr/bin/reproducible-check: assumes binary and source share the same version

Package: devscripts Version: 2.24.1 File: /usr/bin/reproducible-check Seen today on my trixie system: src:util-linux (1:2.40.2-9) (bsdutils) is not reproducible src:util-linux (1:4.16.0-2+really2.40.2-9) (login) is not reproducible

Bug#1085236: dpkg: could Architecture field support excluding architectures?

Hi Holger, On 25-10-2024 16:19, Holger Levsen wrote: On Fri, Oct 25, 2024 at 02:55:50PM +0200, Paul Gevers wrote: So, "BD: unsupported-architecute [!arch]" it is; I'll promote it more. patches for https://www.debian.org/doc/manuals/developers-reference/developers-reference.en.html#best-pract

Bug#1086058: installation-reports

Package: installation-reports Boot method: USB-stick via USB-C hub with integrated LAN Image version: https://cdimage.debian.org/images/unofficial/non-free/cd-including-firmware/archive/11.11.0+nonfree/multi-arch/iso-cd/firmware-11.11.0-amd64-i386-netinst.iso Date: October 2024 Machine: Dell Ven

Bug#1017646: Revised bdic.patch

Don, I don’t know if you saw the bdic.patch I previously sent to the bug report, but there was one small typo in one of the paths. That attached patch fixes that. -- Soren Stoutner so...@debian.orgdiff --git a/debian/changelog b/debian/changelog index cbc0fae..3ffee31 100644 --- a/debian/chan

Bug#1086057: RFP: powerline-go -- A beautiful and useful low-latency prompt for your shell, written in go

Package: wnpp Severity: wishlist * Package name: powerline-go Version : 1.24 Upstream Contact: justjanne * URL : https://github.com/justjanne/powerline-go * License : GPL-3 Programming Lang: Golang Description : A beautiful and useful low-latency prompt

Bug#1085850: regression: bluetooth game controller no longer connects

Control: tags -1 - moreinfo I still don't know any examples of an unpaired bluetooth device triggering dmesg entries at boot time. (If this ever happens with any such device, I would be interested in knowing how and why.) But since you asked, I tried it anyway. The device enters pairing mode as

Bug#1086056: RFP: pass-extension-ssh -- start a ssh session from a pass entry

Package: wnpp Severity: wishlist X-Debbugs-Cc: werdah...@debian.org, anar...@debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: pass-extension-ssh Version : n/a (git snapshot) Upstream Contact: not-jan * URL : https://github.com/not-jan/pass-ssh

Bug#1062979: tango-db: the upgraded version of tango-db is not compatible with maria-db from bookworm

El 25/10/24 a las 14:44, Santiago Ruano Rincón escribió: [snip] > Wouldn't you reporting an issue about a bookworm -> trixie upgrade? > > I have tried the above mentioned steps upgrading from bookworm to > testing, and tango-starter is unable to start: > > Oct 25 14:40:32 bookworm-tango-db Starte

Bug#1086025: loupe: FTBFS with DEB_BUILD_OPTIONS=optimize=-lto: Unrecognized option: 'config'

On Fri, 25 Oct 2024 20:04, Fabian Grünbichler wrote: Yes, src:rustc / bin:cargo is correct. I already prepared a fix and hopefully Rust 1.82 with that included will hit unstable later tonight :) Thanks for the quick fix :) best, werdahias

Bug#1086025: loupe: FTBFS with DEB_BUILD_OPTIONS=optimize=-lto: Unrecognized option: 'config'

On October 25, 2024 6:29:05 PM GMT+02:00, Simon McVittie wrote: >On Fri, 25 Oct 2024 at 16:24:40 +0200, Matthias Geiger wrote: >> On Fri, 25 Oct 2024 10:41, Simon McVittie wrote: >> > I don't know Rust, but this looks to me to be more like a problem with >> > how `cargo test` is invoking the

Bug#1062979: tango-db: the upgraded version of tango-db is not compatible with maria-db from bookworm

Hi, (CCing Thomas). El 25/10/24 a las 13:25, Santiago Ruano Rincón escribió: > Control: tag -1 + moreinfo > > El 04/02/24 a las 10:24, Picca Frédéric-Emmanuel escribió: > > Package: tango-db > > Severity: important > > X-Debbugs-Cc: pi...@debian.org > > > > Dear Maintainer, > > > > I upgraded

Bug#1086051: [arm64] partman recipes: add new identifier for legacy_boot flag on GPT table?

On 25/10/2024 à 17:55, Holger Wansing wrote: Shortly it has been mentioned, that there are arm64 systems out there (for example Rockchip), which require the 'legacy_boot' flag on the root partition (or on separate /boot partition if such exists) on GPT table, to be able to boot. To be able to

Bug#1086025: loupe: FTBFS with DEB_BUILD_OPTIONS=optimize=-lto: Unrecognized option: 'config'

On Fri, 25 Oct 2024 19:34, Simon McVittie wrote: Control: reassign -1 cargo Control: retitle -1 cargo wrapper: `--config lto` wrongly gets passed along to cargo test Control: affects -1 + src:loupe Something went wrong with your mail headers, really reassigning now. When reassigning a bug tha

Bug#1086053: ITP: systemd-netlogd -- journal message forwarder

On Fri, 25 Oct 2024 at 17:27, Christian Göttsche wrote: > > Package: wnpp > X-Debbugs-Cc: debian-de...@lists.debian.org, > pkg-systemd-maintain...@lists.alioth.debian.org > Owner: Christian Göttsche > Severity: wishlist > > * Package name: systemd-netlogd > Version : 1.4.2 > Upstr

Bug#1086025: loupe: FTBFS with DEB_BUILD_OPTIONS=optimize=-lto: Unrecognized option: 'config'

On Fri, 25 Oct 2024 at 16:24:40 +0200, Matthias Geiger wrote: > On Fri, 25 Oct 2024 10:41, Simon McVittie wrote: > > I don't know Rust, but this looks to me to be more like a problem with > > how `cargo test` is invoking the test executable, rather than a problem > > with this specific package. >

Bug#1086055: Should /usr/bin and /usr/sbin be merged?

Package: debian-policy Version: 4.7.0.1 Dear Maintainer, Debian's packaged systemd complains that /usr/bin and /usr/sbin are not merged, and reportbug now marks all reports with a corresponding "taint" flag. I reported this for the systemd package: https://bugs.debian.org/cgi-bin/bugrepo

Bug#1086054: linux: Enable DRM_ACCEL in amd64

Source: linux Version: 6.11.4-1 Severity: wishlist Tags: patch X-Debbugs-Cc: miguel.bernal.ma...@linux.intel.com, jair.gonza...@linux.intel.com Dear Maintainer, Please enable the Compute Acceleration device configuration DRM_ACCEL on amd64. This framework provides support for compute acceleratio

Bug#1062979: tango-db: the upgraded version of tango-db is not compatible with maria-db from bookworm

Control: tag -1 + moreinfo El 04/02/24 a las 10:24, Picca Frédéric-Emmanuel escribió: > Package: tango-db > Severity: important > X-Debbugs-Cc: pi...@debian.org > > Dear Maintainer, > > I upgraded a computer from bullseye to bookwork. tango-db was > installed with the bulleyes version before the

Bug#1078871: installer: reserve first 16 MiB space in default recipes for ARM devices?

On 25/10/2024 at 17:32, Holger Wansing wrote: I there some change needed for the esp flag part on arm64? No, the 'efi' method already sets thz 'esp' flag in arm64-efi recipes.

Bug#1086053: ITP: systemd-netlogd -- journal message forwarder

Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org, pkg-systemd-maintain...@lists.alioth.debian.org Owner: Christian Göttsche Severity: wishlist * Package name: systemd-netlogd Version : 1.4.2 Upstream Contact: Susant Sahani * URL : https://github.com/systemd/s

Bug#1086052: ITP: openterface-qt -- Openterface Mini-KVM - QT frontend

Package: wnpp Severity: wishlist Owner: Jakob Haufe X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: openterface-qt Version : TBA, still in early development Upstream Contact: TechxArtisan Studio * URL : https://github.com/TechxArtisanStudio/Openterface_QT/

Bug#1086051: [arm64] partman recipes: add new identifier for legacy_boot flag on GPT table?

Package: partman-auto Version: 168 This is a follow-up for #1078871: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078871 Shortly it has been mentioned, that there are arm64 systems out there (for example Rockchip), which require the 'legacy_boot' flag on the root partition (or on separate

Bug#1086050: ITS: pcaputils

Source: pcaputils Version: 0.8-1.2 Severity: important X-Debbugs-Cc: Robert S. Edmonds , 691...@bugs.debian.org, 698...@bugs.debian.org, Package Salvaging Team Hi I'm interested in salvaging your package pcaputils, in accordance with the Package Salvaging procedure outlined in the Developers Re

Bug#1086036: libgio-2.0-dev: error processing archive /tmp/apt-dpkg-install-vCerzj/09-libgio-2.0-dev_2.82.1-1_amd64.deb (--unpack): trying to overwrite '/usr/share/aclocal/glib-2.0.m4', which is also

Package: libgio-2.0-dev Version: 2.82.1-1 Severity: serious Justification: undeclared conflict/depends Hi, during update dpkg failed with: Unpacking libgio-2.0-dev:amd64 (2.82.1-1) ... dpkg: error processing archive /tmp/apt-dpkg-install-vCerzj/09-libgio-2.0-dev_2.82.1-1_amd64.deb (--unpack):

Bug#1086049: libpipewire-0.3-modules: The packaging process seems to have omitted /usr/lib/x86_64-linux-gnu/pipewire-0.3/libpipewire-module-switch-on-connect.so.

Package: libpipewire-0.3-modules Version: 1.2.6-1 Severity: normal X-Debbugs-Cc: debian-b...@fhloston.org Dear Maintainer, when trying to load /usr/lib/x86_64-linux-gnu/pipewire-0.3/libpipewire-module-switch-on-connect.so I discovered that the module itself is not contained in the libpipewire-

Bug#1078871: installer: reserve first 16 MiB space in default recipes for ARM devices?

Hi, Pascal Hambourg wrote (Fri, 25 Oct 2024 15:40:43 +0200): > >> On Thu Oct 24, 2024 at 9:08 PM CEST, Holger Wansing wrote: > >> Or do we explicitely want to support both the legacy_boot and the boot > >> flag, > > I think so, because both are needed in different use cases. > - EFI boot -> 'e

Bug#1078871: installer: reserve first 16 MiB space in default recipes for ARM devices?

Hi, "Diederik de Haas" wrote (Thu, 24 Oct 2024 22:04:54 +0200): > On Thu Oct 24, 2024 at 9:08 PM CEST, Holger Wansing wrote: > > Or do we explicitely want to support both the legacy_boot and the boot flag, > > because we know that some systems are buggy and one needs the first > > and other nee

Bug#1085946: closed by Debian FTP Masters (reply to Marc Leeman ) (Bug#1085946: fixed in ogmtools 1:1.5-5)

Am Fri, Oct 25, 2024 at 05:07:58PM +0200 schrieb Marc Leeman: > don't remove it just yet: I'll have a look and might move it there > instead of my repo. OK, fine - whatever you prefer. Just make sure you do another upload with updated Vcs fields. Let my know if you need some help. Thank you for

Bug#1085124: muon-meson: FTBFS: /bin/sh: 1: /<>/build/muon: Permission denied

El 25/10/24 a las 16:33, Andrea Pappacoda escribió: override_dh_auto_build: --->    ln -s ../meson-docs subprojects/ CC="$(CC_FOR_BUILD)" CFLAGS="$(CPPFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD)" LDFLAGS="$(LDFLAGS_FOR_BUILD)" ./bootstrap.sh build build/muon setup -Dprefix=/usr -Dsamu

Bug#1086048: ITP: python-jsonlines -- Python library for jsonlines and ndjson data

Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org, Debian Python Team Owner: Roland Mas Severity: wishlist * Package name: python-jsonlines Version : 4.0.0 Upstream Contact: Wouter Bolsterlee * URL : https://github.com/wbolster/jsonlines * License :

Bug#620826:

-- mailer-dae...@bbtpnj33vzwvmta-c-rh-cmta-01-mms-00.vtext.com

Bug#1085236: dpkg: could Architecture field support excluding architectures?

On Fri, Oct 25, 2024 at 02:55:50PM +0200, Paul Gevers wrote: > So, "BD: unsupported-architecute [!arch]" it is; I'll promote it more. patches for https://www.debian.org/doc/manuals/developers-reference/developers-reference.en.html#best-practices-for-debian-control most welcome! :) though there i

Bug#375564: Close: Bug#375564: diff for 1:1.5-2.1 NMU

Whoops, I had the an old bugs.d.o open and didn't reload. As the maintainer closure above says, the NMU was acknowledged in the changelog in -3 but but the patch only imported in -4: https://sources.debian.org/src/ogmtools/1%3A1.5-4/debian/patches/0001-configure.in-adjust-variable-formatting.pa

Bug#1086025: loupe: FTBFS with DEB_BUILD_OPTIONS=optimize=-lto: Unrecognized option: 'config'

On Fri, 25 Oct 2024 10:41, Simon McVittie wrote: Source: loupe Version: 47.1-2 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: debian-r...@lists.debian.org loupe failed to build (again) on the 32-bit release architecture

Bug#1085710: evolution: Evolution crashes at start with `floating point exception`

>> Thanks! I forgot to ask, since I see you're running i386, can you >> paste the output of /proc/cpuinfo ? Here it is, Stefan processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 23 model name : Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz ste

Bug#1085124: muon-meson: FTBFS: /bin/sh: 1: /<>/build/muon: Permission denied

Hi Santiago, On Thu Oct 24, 2024 at 1:43 PM CEST, Santiago Vila wrote: I think this is a Debian bug, which adds "meson-docs" to the build but without extra dependencies: override_dh_auto_build: --->ln -s ../meson-docs subprojects/ CC="$(CC_FOR_BUILD)" CFLAGS="$(CPPFLAGS_FOR_BUILD)

Bug#1086041: openrefine: CVE-2024-49760 CVE-2024-47882 CVE-2024-47881 CVE-2024-47880 CVE-2024-47879 CVE-2024-47878

Source: openrefine X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for openrefine. CVE-2024-49760[0]: | OpenRefine is a free, open source tool for working with messy data. | The load-language command expects a `lang` paramete

Bug#1086042: openrefine-butterfly: CVE-2024-47883

Source: openrefine-butterfly X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for openrefine-butterfly. CVE-2024-47883[0]: | The OpenRefine fork of the MIT Simile Butterfly server is a modular | web application framework. The But

Bug#1081945: git-subrepo: new upstream (0.4.9)

Hi Daniel, I prepared initial update of our package against newer upstream release 0.4.9 in: https://salsa.debian.org/spog/git-subrepo/-/tree/debian/sid You may inspect the salsa pipeline build in https://salsa.debian.org/spog/git-subrepo/-/tree/debian/sid_force, where changelog has also been co

Bug#1086040: ITP: python-maggma

Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org, Debian Python Team Owner: Roland Mas Severity: wishlist * Package name: python-maggma Version : 0.70.0 Upstream Contact: The Materials Project * URL : https://github.com/materialsproject/maggma/ * License

Bug#1074828: Atril Bug

I am CCing one of the maintainers, so that they can see this, as it affects both Debian and likely ubuntu MATE as well. -John

Bug#1081403: Proceeding with removal of profitbricks-sdk-python

Control: severity 1081403 normal Control: retitle 1081403 RM: profitbricks-sdk-python -- RoQA; rc-buggy Control: reassign 1081403 ftp.debian.org Control: affects 1081403 + src:profitbricks-sdk-python Dear profitbricks-sdk-python maintainer and ftp team, a month has passed since filing a suggestio

Bug#1086047: ITP: python-pydash

Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org, Debian Python Team Owner: Roland Mas Severity: wishlist * Package name: python-pydash Version : 8.0.3 Upstream Contact: Derrick Gilland * URL : https://github.com/dgilland/pydash * License : MIT Pr

Bug#1078871: installer: reserve first 16 MiB space in default recipes for ARM devices?

On 24/10/2024 at 22:04, Diederik de Haas wrote: On Thu Oct 24, 2024 at 9:08 PM CEST, Holger Wansing wrote: here you have a device|installation, which has the legacy_boot flag installed, but it did not work|boot despite of this. And you changed that legacy_boot flag into a boot flag, and that ma

Bug#1086046: assimp: CVE-2024-48423

Source: assimp X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for assimp. CVE-2024-48423[0]: | An issue in assimp v.5.4.3 allows a local attacker to execute | arbitrary code via the CallbackToLogRedirector function within t

Bug#1086045: assimp: CVE-2024-48424

Source: assimp X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for assimp. CVE-2024-48424[0]: | A heap-buffer-overflow vulnerability has been identified in the | OpenDDLParser::parseStructure function within the Assimp libra

Bug#1086043: assimp: CVE-2024-48426

Source: assimp X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for assimp. CVE-2024-48426[0]: | A segmentation fault (SEGV) was detected in the | SortByPTypeProcess::Execute function in the Assimp library during | fuzz testing w

Bug#1086044: assimp: CVE-2024-48425

Source: assimp X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for assimp. CVE-2024-48425[0]: | A segmentation fault (SEGV) was detected in the | Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within | the Ass

Bug#955989: ITA: didiwiki -- simple wiki implementation with built-in webserver

Control: owner -1 наб The stated adopter hasn't adopted the package since 2020. Since it showed up on BOTD a few days ago, I've prepared it for adoption by the salvage team at https://salsa.debian.org/salvage-team/didiwiki signature.asc Description: PGP signature

Bug#1086038: pam: CVE-2024-10041

Source: pam X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for pam. CVE-2024-10041[0]: | A vulnerability was found in PAM. The secret information is stored | in memory, where the attacker can trigger the victim program to | ex

Bug#1050480: ITA: net-telnet-cisco

Control: retitle -1 ITA: net-telnet-cisco -- Additional functionality to automate Cisco management I plan to adopt net-telnet-cisco under the debian-perl team umbrella. Since the source package name doesn't follow the perl library convention, I tend to rename the source package to libnet-telnet-c

Bug#1085236: dpkg: could Architecture field support excluding architectures?

Control: merge 797347 -1 Hi, On 25-10-2024 12:13, Guillem Jover wrote: On Thu, 2024-10-17 at 10:23:41 +0200, Helmut Grohne wrote: On Thu, Oct 17, 2024 at 09:35:17AM +0200, Paul Gevers wrote: I'm not sure if this idea came up before, but as far as I can see there is no bug open about it See

Bug#1086039: botan: CVE-2024-50383

Source: botan X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for botan. CVE-2024-50383[0]: | Botan before 3.6.0, when certain GCC versions are used, has a | compiler-induced secret-dependent operation in lib/utils/donna128.

Bug#492465: python-dnspython: appears to be vulnerable to cache poisoning attack CVE-2008-1447

Am Wed, Oct 23, 2024 at 07:23:23PM -0300 schrieb Santiago Ruano Rincón: > El 22/10/24 a las 00:05, Bob Halley escribió: > > This is a blast from the past; 2008 is a LONG time ago! > > Indeed! :-) > > > It should be fine, as of 1.7 since the entropy pool added then would help > > with query id ra

Bug#1082606: Proceeding with removal of nautilus-scripts-manager

Control: severity 1082606 normal Control: retitle 1082606 RM: nautilus-scripts-manager -- RoQA; rc-buggy Control: reassign 1082606 ftp.debian.org Control: affects 1082606 + src:nautilus-scripts-manager Dear nautilus-scripts-manager maintainer and ftp team, a month has passed since filing a sugges

Bug#1086035: sonic-pi: New upstream release 4.5.1 available

Package: sonic-pi Version: 3.2.2~repack-10 Severity: wishlist X-Debbugs-Cc: ti...@debian.org Hi, thanks for maintaining sonic-pi! I'm wondering if there's any blocker for packaging newer versions of it. I guess even a wontfix here could be helpful so future reporters will know as well why we're s

Bug#1081493: Proceeding with removal of nuitka

Control: severity 1081493 normal Control: retitle 1081493 RM: nuitka -- RoQA; rc-buggy Control: reassign 1081493 ftp.debian.org Control: affects 1081493 + src:nuitka Dear nuitka maintainer and ftp team, a month has passed since filing a suggestion to remove nuitka from Debian. It was suggested fo

Bug#1086034: varnish-modules FTCBFS: uses the build architecture pkg-config

Source: varnish-modules Version: 0.25.0-1 Tags: patch User: debian-cr...@lists.debian.org Usertags: ftcbfs varnish-modules fails to cross build from source, because it uses the build architecture pkg-config to query the host architecture varnishapi.pc and then passes an invalid include directory t

Bug#1086017: zless: errors out with "less: not found" if less is not installed

Hi, On Thu, Oct 24, 2024 at 10:12:12PM -0500, Aaron Rainbolt wrote: > gzip is a package with priority "essential". It currently suggests the > "less" package, which has priority "important". less is a hard > dependency of zless - if it is not installed, zless will error out with > "exec: less: not

Bug#1086033: debci-worker: cron job runs when package is removed but not purged

Package: debci-worker Version: 3.6 Tags: patch Severity: wishlist Control: found -1 debci/3.10 Hi, I accidentally learned that the debci-worker daily cronjob actually runs when debci-worker is removed but not purged. I don't think this is intended. The cronjob source starts with: | if ! dpkg-que

Bug#1086032: calibre: SEGV when trying to "add books" on a PinePhonePro arm64 architecture

Package: calibre Version: 7.20.0+ds-1 Severity: normal Below is the output of "coredumpctl info". This happens every time I try to use "add books" on a PinePhonePro (my only Debian ARM system). It is running Unstable and an AMD64 laptop running Unstable runs Calibre without any problems. This c

Bug#1086031: sqlalchemy: please remove build and test dependency on python3-mypy

Source: sqlalchemy Version: 2.0.32+ds1-1 Severity: normal Tags: patch X-Debbugs-Cc: cru...@debian.org Dear Piotr, Thank you for removing the mypy related tests in your recent upload. I noticed that sqlalchemy still has a build and test dependency on mypy, which is triggering unnecessary CI tes

Bug#1073041: [Pkg-nagios-devel] Bug#1073041: icinga2: Ignore 1 test failure on loong64

Hi Sebastiaan Couwenberg, Sorry to bother you. On Wed, 12 Jun 2024 07:30:38 +0200 Sebastiaan Couwenberg wrote: > Control: tags -1 pending > > This is fixed in git. Thanks for merging loong64 patch. A gently ping. When will the next source package version with integrated loong64 patch be relea

Bug#1085990: torbrowser-launcher: message catalog installed in wrong location

Oops, I misspoke regarding zh_SG. Chinese in Singapore uses Simplified Chinese characters. Therefore please *don't* install the translation for zh_SG. Bruno

Bug#1040378: qemu.desktop: invalid desktop file

24.10.2024 18:43, Michael Tokarev wrote: 24.10.2024 18:28, Michael Deegan wrote: Package: qemu-system-data Version: 1:9.1.0+ds-8 Followup-For: Bug #1040378 Are you sure the file isn't malformed? The desktop entry specification[1] says "The Exec key is required if DBusActivatable is not set to t

Bug#1085236: dpkg: could Architecture field support excluding architectures?

Hi! On Thu, 2024-10-17 at 10:23:41 +0200, Helmut Grohne wrote: > On Thu, Oct 17, 2024 at 09:35:17AM +0200, Paul Gevers wrote: > > I'm not sure if this idea came up before, but as far as I can see there is > > no bug open about it and last time I checked dpkg didn't support the > > following idea.

Bug#1086028: loupe: FTBFS on mips64el: failed to acquire jobserver token: Bad address (os error 14)

Control: severity -1 important Control: tags -1 + unreproducible On Fri, 25 Oct 2024 at 09:48:45 +0100, Simon McVittie wrote: > > error: failed to acquire jobserver token > > > > Caused by: > > Bad address (os error 14) > > I've retried the build: if it succeeds, we can downgrade the severity

  1   2   >