Bug#1105035: cmark-gfm produces invalid roff for code blocks

Package: cmark-gfm Version: 0.29.0.gfm.13-4 Severity: important When transcoding commonmark / markdown to roff man pages with cmark-gfm, it will apply the "\f[C] \f[]" font style syntax to code blocks. This affects both four space indented code blocks, as well as backtick fenced code blocks.

Bug#1104925: afpd -F ignored for certain options

Package: netatalk Version: 4.2.1~ds-1 Severity: important X-Debbugs-Cc: pkg-netatalk-de...@lists.alioth.debian.org A long-standing bug with option indexing in afpd has been discovered and fixed upstream. This bug causes unreliable behavior of the config file parser when specifying a custom afp.c

Bug#1098577: netatalk: FTBFS: dh_install: warning: Cannot find (any matches for) "etc/netatalk/dbus-session.conf"

Hi Santiago, Thank you for reporting the issue. Looking at the full build log, I can see that this is caused by Meson failing to find the sparql dependency: Run-time dependency tracker-sparql-3.0 found: NO (tried pkgconfig and cmake) Run-time dependency tracker-sparql-2.0 found: NO (tried pkgcon

Bug#1098776: [Pkg-netatalk-devel] Bug#1098577: netatalk: FTBFS: dh_install: warning: Cannot find (any matches for) "etc/netatalk/dbus-session.conf"

Package: src:netatalk On Saturday, February 22nd, 2025 at 12:27 AM, Santiago Vila wrote: > > > Package: src:netatalk > Version: 4.1.2~ds-1 > Severity: serious > Tags: ftbfs trixie sid > > Dear maintainer: > > During a rebuild of all packages in unstable, your package failed to build: >

Bug#1084819: [Pkg-netatalk-devel] Bug#1084819: netatalk-tools has an undeclared file conflict

On Friday, October 11th, 2024 at 6:30 AM, Daniel Markstedt wrote: > > > As an additional remark, the Policy text suggests that the combination of > Breaks and Replaces directives should allow dpkg to overwrite the overlapping > files and transfer ownership of said f

Bug#1084948: dpkg not respecting Breaks+Replaces relationship

Package: dpkg Version: 1.22.11 Severity: normal Dear maintainers, It seems like dpkg does not allow for overwriting files when using the combination of package Replaces and Breaks that's described in Policy chapter 7.6.1 https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

Bug#1084819: netatalk-tools has an undeclared file conflict

As an additional remark, the Policy text suggests that the combination of Breaks and Replaces directives should allow dpkg to overwrite the overlapping files and transfer ownership of said files to the new package. This section: > It is usually an error for a package to contain files which are

Bug#1084819: netatalk-tools has an undeclared file conflict

Hi Helmut, I ran some empirical tests to make sure that we solve the underlying problem properly. As you say, the goal is to prevent two conflicting packages to be unpacked at the same time. This is what I tried: 1. Install the present (monolithic) package in Testing: 3.2.10~ds-1 2. With dpkg,

Bug#1084819: The use of Breaks for deb file conflicts

bug #1084819. You may publish or > quote my reply there. > Hi Helmut, Thanks for your reply! Per your recommendation, I'm forwarding this conversation in the public bug. > On Thu, Oct 10, 2024 at 04:36:02AM +, Daniel Markstedt wrote: > > > I read the Debian Poli

Bug#1083138: dh_installsystemd attempts to install unit file for wrong package

On Friday, October 4th, 2024 at 5:13 PM, Niels Thykier wrote: > > > Daniel Markstedt: > > > Package: debhelper > > Version: 13.20 > > Severity: important > > > > Dear maintainers, > > > > I'm doing packaging for a project

Bug#1083138: dh_installsystemd attempts to install unit file for wrong package

Package: debhelper Version: 13.20 Severity: important Dear maintainers, I'm doing packaging for a project that has multiple packages, each with one systemd unit file. The dh_installsystemd debhelper picks up on the unit files and start processing them, but soon hits an error where it tries to p

Bug#568601: Fixing upstream

We are fixing the overzealous libgcrypt version check upstream. (Better late than never.) https://github.com/Netatalk/netatalk/issues/1550 The problem was a misinterpretation of the gcrypt API. The version validation is not supposed to be done against the version that the package was linked

Bug#1082436: Better default value for localstatedir in Meson debhelper script

irmed in a current unstable or Bookworm system that practically all programs put their local state files into /var/lib rather than /var … Would you consider changing the default in the debhelper script? Sincerely, Daniel Markstedt signature.asc Description: OpenPGP digital signature

Bug#1074503: [Pkg-netatalk-devel] Bug#1071945: netatalk: FTBFS against libgcrypt 1.11

Package: netatalk On Sunday, May 26th, 2024 at 7:14 PM, Andreas Metzler wrote: > > Hello, > > netatalk uses libgcrypt-config to locate libgcrypt. This breaks > against libgcrypt 1.11 which does not ship libgcrypt-config anymore. > Please use pkg-config/pkgconf instead. > > A development snaps

Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

On Sunday, June 30th, 2024 at 5:33 AM, Jonathan Wiltshire wrote: > > > Hi, > > This request was approved for 11.10 but not uploaded in time; is it still > relevant for 11.11, the planned final point release for bullseye? > > Thanks, > > -- > Jonathan Wiltshire j...@debian.org > Debian Dev

Bug#1074475: CVE-2024-38441: Heap out-of-bounds write in directory.c

Package: netatalk Version: 3.1.18~ds-1+b2 Severity: critical Tags: patch security upstream Justification: root security hole X-Debbugs-Cc: Debian Security Team This vulnerability in Netatalk arises due to a lack of validation for the length field after parsing user-provided data, leading to an o

Bug#1074474: CVE-2024-38440: Heap out-of-bounds write in uams_dhx_pam.c

Package: netatalk Version: 3.1.18~ds-1+b2 Severity: critical Tags: patch security upstream Justification: root security hole X-Debbugs-Cc: Debian Security Team This vulnerability in Netatalk arises due to a lack of validation for the length field after parsing user-provided data, leading to an o

Bug#1074473: CVE-2024-38439: Heap out-of-bounds write in uams_pam.c

Package: netatalk Version: 3.1.18~ds-1+b2 Severity: critical Tags: security upstream patch Justification: root security hole X-Debbugs-Cc: Debian Security Team This vulnerability in Netatalk arises due to a lack of validation for the length field after parsing user-provided data, leading to an o

Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

On Thursday, June 13th, 2024 at 6:33 AM, Jonathan Wiltshire wrote: > > > On Sat, Feb 24, 2024 at 11:16:47AM +0000, Daniel Markstedt wrote: > > > If it looks good, I will arrange for this to get uploaded. > > > Yes, you can go ahead with that. > > Thank

Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

CVE-2022-22995. Harden create_appledesktop_folder. +closes: bug#1060773 + + -- Daniel Markstedt Sat, 10 Feb 2024 23:49:31 + + netatalk (3.1.12~ds-8+deb11u1) bullseye-security; urgency=high * Fix CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, diff -Nru netatalk-3.1.12

Bug#1032236: netatalk2 repo in Salsa

know how to take this to the next stage in the packaging evaluation process! Sincerely, Daniel Markstedt

Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

Control: tags -1 - moreinfo On Wednesday, February 7th, 2024 at 3:06 AM, Jonathan Wiltshire wrote: > > > Hi, > > On Tue, Jan 16, 2024 at 08:30:52AM +, Daniel Markstedt wrote: > > > 2024年1月16日 (火) 02:53, Adam D. Barratt > > <[a...@adam-barratt.org.uk](

Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

2024年2月7日 (水) 03:06, Jonathan Wiltshire <[j...@debian.org](mailto:2024年2月7日 (水) 03:06, Jonathan Wiltshire < 送信: > Hi, > > On Tue, Jan 16, 2024 at 08:30:52AM +, Daniel Markstedt wrote: >> 2024年1月16日 (火) 02:53, Adam D. Barratt >> <[a...@adam-barratt.org.uk](mailt

Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

2024年1月16日 (火) 02:53, Adam D. Barratt <[a...@adam-barratt.org.uk](mailto:2024年1月16日 (火) 02:53, Adam D. Barratt < 送信: > Control: tags -1 + moreinfo > > On Sun, 2024-01-14 at 06:23 +, Daniel Markstedt wrote: >> CVE-2022-22995 >> Ref. advisory: https://netatalk.source

Bug#1060774: Bug ticket

This is the relevant bug ticket for the netatalk package: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060773

Bug#1060773: Filed an upload request to release team

I prepared a deb patch and filed this upload request with the release team: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774

Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

attached patch can be applied to Debian oldstable to address the vulnerability. I'm proposing an oldstable out-of-release-cycle upload: 3.1.12~ds-8+deb11u2 Sincerely, Daniel MarkstedtFrom 3bf8b9032afcdbb5547abf420697a78c9d9b35a5 Mon Sep 17 00:00:00 2001 From: Daniel Markstedt Date: Sun, 14 Jan

Bug#1060773: CVE-2022-22995: afpd daemon vulnerable to symlink redirection

Package: netatalk Version: 3.1.12~ds-8+deb11u1 Severity: normal Tags: security X-Debbugs-Cc: t...@security.debian.org, pkg-netatalk-de...@alioth-lists.debian.net, Debian Security Team This is for tracking the fix for security vulnerability CVE-2022-22995 in Debian Oldstable (Bullseye) Upstream

Bug#568601: [Pkg-netatalk-devel] Bug#568601: Bug#568601: Can confirm this problem still exists

dependency specification would fail to pull those in. > > Kind regards, > Matijs van Zuijlen > > On 01/12/2023 00:42, Daniel Markstedt wrote: > > > Hi Matijs, > > > > This is not something we can address in the netatalk package itself, since > > you

Bug#568601: [Pkg-netatalk-devel] Bug#568601: Can confirm this problem still exists

Hi Matijs, This is not something we can address in the netatalk package itself, since you're using an Unstable netatalk package with a Stable Debian version. (Netatalk was dropped from Debian 12 Bookworm.) See this upstream discussion for more details: https://github.com/Netatalk/netatalk/disc

Bug#1053545: CVE-2022-22995: netatalk afpd vulnerable to symlink spoofing

Package: netatalk Version: 3.1.12~ds-3 Severity: critical Tags: security Justification: root security hole X-Debbugs-Cc: pkg-netatalk-de...@alioth-lists.debian.net, Debian Security Team Under very specific circumstances, netatalk can be tricked into copying a symlink or other malicious file fro

Bug#1049325: Updated patch with CVE-2023-42464 fix

A new 0-day vulnerability CVE-2023-42464 has been published and patched with upstream Netatalk 3.1.17 The large CVE patch batch for oldstable has been updated and a new version attached here. Thank you! Daniel netatalk-3.1.12~ds-8+deb11u1-2.patch Description: Binary data

Bug#1052087: Versions affected

Please note: The vulnerability also affects 3.1.12~ds-8 in oldstable, and 3.1.15~ds-3 in unstable. stable isn't distributing a netatalk package.

Bug#1052087: CVE-2023-42464: 0-day vulnerability in afpd Spotlight RPC

Package: netatalk Version: 3.1.12~ds-3 Severity: critical Tags: security Justification: root security hole A 0-day vulnerability patch has been published for the upstream project. The CVE record has not been made public yet, but this is the body of the advisory for the record: A Type Confusion v

Bug#1051066: [Pkg-netatalk-devel] Bug#1051066: netatalk: 9 outstanding CVEs in Bullseye with available patches

--- Original Message --- On Saturday, September 2nd, 2023 at 1:33 AM, Jonas Smedegaard wrote: > > This is one bugreport about multiple issues. That easily gets confusing > to track, e.g. if some of the issues are solved and some are not, for a > certain release of the package (and conse

Bug#1051103: netatalk: Unknown error: 211 from macOS when trying to mount in 3.1.15~ds-2 or later

--- Original Message --- On Saturday, September 2nd, 2023 at 12:18 PM, David Gilman wrote: > > > Package: netatalk > Version: 3.1.15~ds-2 > Severity: important > X-Debbugs-Cc: davidgilm...@gmail.com > > Dear Maintainer, > > After the update from 3.1.15~ds-1 to 3.1.15~ds-2 any attempt to

Bug#1051066: netatalk: 9 outstanding CVEs in Bullseye with available patches

To add the justification for the critical severity of this ticket: At least 6 of the 9 vulnerabilities grant theoretical root access of a Debian system running non-patched netatalk. CVE-2022-43634, CVE-2022-23124, CVE-2022-23123, CVE-2022-23122, CVE-2022-23121, CVE-2022-0194

Bug#1051066: netatalk: 9 outstanding CVEs in Bullseye with available patches

Package: netatalk Version: 3.1.12~ds-8 Severity: critical Tags: patch security Justification: root security hole X-Debbugs-Cc: pkg-netatalk-de...@alioth-lists.debian.net, Debian Security Team Nine CVE security advisories were addressed in netatalk upstream releases between 3.1.13 and 3.1.15. The

Bug#1049325: Increasing severity

Control: severity -1 important X-Debbugs-Cc: pkg-netatalk-de...@alioth-lists.debian.net Dear Debian Release Team, Please allow me to raise the severity for this ticket. The patches address 9 public CVE advisories, and I think it would be beneficial to Bullseye users to have a patched package. A

Bug#1043504: [Pkg-netatalk-devel] Bug#1043504: marked as done (Another regression fix for CVE-2022-23123)

> -- Forwarded message -- > From: Markus Koschany > To: Daniel Markstedt > Cc: 1043504-d...@bugs.debian.org > Bcc: > Date: Sun, 13 Aug 2023 23:44:58 +0200 > Subject: Re: Bug#1043504: Another regression fix for CVE-2022-23123 > Version: 3.1.12~ds-3+deb

Bug#1025011: Release request filed

For the record, I have filed a request with the Release Team now to get the green light to upload Bullseye packages. See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049325

Bug#1049325: bullseye-pu: netatalk/3.1.12~ds-8+deb11u1

keep oldstable up to date with security patches. Is this enough to make a case for uploading an update to oldstable? Sincerely, Daniel Markstedt netatalk-3.1.12~ds-8+deb11u1.patch Description: Binary data

Bug#1043504: Another regression fix for CVE-2022-23123

My apologies, the previous patch had a fatal typo that I noticed when running debuild. This "-2" version should work properly. On Sat, Aug 12, 2023 at 10:58 PM Daniel Markstedt wrote: > > Here is a patch with the upstream code change, for the 3.1.12~ds3 patchset. > I follo

Bug#1043504: Another regression fix for CVE-2022-23123

Here is a patch with the upstream code change, for the 3.1.12~ds3 patchset. I followed the maintainers' documentation and used quilt, so hopefully it should be compliant! Please let me know if there's anything I should be doing differently here. Thanks! Daniel CVE-2022-23123_part6.patch Descript

Bug#1043504: Another regression fix for CVE-2022-23123

Package: netatalk Version: 3.1.12~ds-3+deb10u2 X-Debbugs-Cc: t...@security.debian.org,debian-...@lists.debian.org Dear Debian Security team, Would you be able to help me get the following critical regression fix into the Buster netatalk package? The regression was introduced with the patch for C

Bug#1040065: [Pkg-netatalk-devel] Bug#1040065: afpd: systemd-logind ReleaseSession rejected by dbus-daemon

On Sat, Jul 1, 2023 at 3:27 PM Richard van den Berg wrote: > > Package: netatalk > Version: 3.1.12~ds-8 > Severity: normal > Tags: patch > > I am using netatalk for time machine backups. After every session I see this > line in /var/log/auth.log > > 2023-07-01T22:31:47.223949+02:00 my-server dbus-

Bug#1038421: Fix for CVE-2022-45188

Package: netatalk Version: 3.1.15~ds-1 X-Debbugs-Cc: pkg-netatalk-de...@lists.alioth.debian.org This bug is to record that the fix for CVE-2022-45188 has already been included with netatalk 3.1.15~ds-1. It is still flagged as unresolved for bookworm, which is not correct. See https://github.com/

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: closed by Markus Koschany (Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata)

On Sat, Jun 3, 2023 at 11:07 PM Jonas Smedegaard wrote: > > Quoting Salvatore Bonaccorso (2023-06-04 07:39:12) > > Hi Daniel, > > > > On Sat, Jun 03, 2023 at 02:56:00PM -0700, Daniel Markstedt wrote: > > > > -- Forwarded message -- > > >

Bug#1025011: [Pkg-netatalk-devel] Bug#1025011: fixed in netatalk 3.1.15~ds-1

On Wed, May 24, 2023 at 7:18 AM Moritz Mühlenhoff wrote: > [...] > It's nice that there's renewed interest, but this involves also taking > care of netatalk in stable, there's a range of issues (full list at > https://security-tracker.debian.org/tracker/source-package/netatalk) > which need to be

Bug#1036740: closed by Markus Koschany (Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata)

> -- Forwarded message -- > From: Markus Koschany > To: Daniel Markstedt , 1036740-d...@bugs.debian.org > Cc: debian-...@lists.debian.org > Bcc: > Date: Thu, 01 Jun 2023 19:54:55 +0200 > Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault w

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

On Fri, May 26, 2023 at 1:15 PM Markus Koschany wrote: > > Could you tell me which exact commands were used, so that I can try to > reproduce the problem? > Do by any chance have access to a Mac of any vintage? It could be a brand new machine running the latest macOS or a classic Mac from the 90s

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

On Thu, May 25, 2023 at 3:39 AM Markus Koschany wrote: > > Hello Daniel, > > Am Donnerstag, dem 25.05.2023 um 08:02 +0200 schrieb Salvatore Bonaccorso: > > > > > > These two commits in upstream addressed this: > > > https://github.com/Netatalk/netatalk/commit/9d0c21298363e8174cdfca657e66c4d1081950

Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

Package: netatalk Version: 3.1.12~ds-3+deb10u1 X-Debbugs-Cc: t...@security.debian.org The code that addressed CVE-2022-23123 introduced appledouble metadata validity assertions that were too strict and caused instant segfaults with valid metadata for a large number of users. These two commits in

Bug#1032236: ITP: netatalk2 -- File server for Macintosh and Apple II clients

Package: wnpp Severity: wishlist Owner: Daniel Markstedt X-Debbugs-Cc: debian-de...@lists.debian.org, markst...@gmail.com * Package name: netatalk2 Version : 2.2.8 Upstream Author : The Netatalk Team * URL : https://netatalk.sourceforge.io * License : GPL 2.0