a patch for the DaCHS version in unstable.
Thanks for reporting this!
-- Markus
On Wed, 2025-04-23 at 23:20 +0200, Philipp Huebner wrote:
> Hi,
> you can now grab an ejabberd package with the proposed fix for
> testing/unstable from this location:
> https://apt.debalance.de/pool/main/e/ejabberd/ejabberd_24.12-4_amd64.deb
>
>
> Please let me know if that solves your problem.
On Wed, 2025-04-23 at 16:44 +0200, Philipp Huebner wrote:
>
> for what architecture do you need the supposedly fixed ejabberd
> package?
Thx for the rocket-fast response :)
amd64
Markus
Source: undertow
Version: 2.3.18-2
Severity: serious
X-Debbugs-Cc: a...@debian.org
undertow is a popular Java webserver and servlet engine but also
regularly affected by security relevant issues which makes it
difficult to maintain. As in previous years I recommend to remove
undertow from the test
I see the same issue on Trixie with certbot 2.11.0-1.
Trixie is still in soft freeze. Please incorporate the existing fix or
upstream soon.
Thx!
Package: ejabberd
On upgrading an ejabberd cluster node from bookworm to trixie a problem
with mam tables arises.
* ejabberd version: 24.12-3
(Debian trixie, upgraded from bookworm 23.01-1 with apt dist-upgrade)
* Erlang version: Erlang 15.2.6
Error from the log [2]
I did report this upstream
expect instead?
VM starts
Thanks,
Markus
-- Package-specific info:
** Kernel log: boot messages should be attached
** Model information
sys_vendor: Gigabyte Technology Co., Ltd.
product_name: Z390 I AORUS PRO WIFI
product_version: Default string
chassis_vendor: Default string
According to upstream jetty9 server and client are not affected or more
specifically, quote:
"Jetty 9 doesn't even have a UriCompliance, nor is it RFC9110. This PR in Jetty
9 makes no sense. We cannot force RFC9110 on Jetty 9 users, and the Jetty 9
users have no means to configure this UriComplian
Hello Antonio,
thanks a lot for your answer and the info.
Best regards,
security origin.
--
Markus
Hi there,
on my system, with trixie installed, the synapic search field is missing
too.
When rebuilding the Xapian index with 'sudo update-apt-xapian-index -vf'
the log is telling:
sudo update-apt-xapian-index -vf
Reading plugin /usr/share/apt-xapian-index/plugins/aliases.py.
Reading plugin
lberta ben tracker seems ok.
Kind regards,
Markus
Ben file:
title = "alberta";
is_affected = .depends ~ "libalberta4t64" | .depends ~ "libalberta5";
is_good = .depends ~ "libalberta5";
is_bad = .depends ~ "libalberta4t64";
libgtk-4-1:amd64 is installed in version 4.17.4+ds-4, starting any
programs depending on this package takes unusually long (up to minutes),
sometimes causing the program to be unusable.
On Sun, 16 Feb 2025 at 19:41:37 +0100, Markus Steinko wrote:
I am facing the same bug on a Debian testing system
Hi there,
I am facing the same bug on a Debian testing system, running Gnome.
Many applications are just reacting very slow. Like gnome-terminal,
gnome-settings, gnome-tweaks and the extension-manager. Also some are
loosing their dark-mode and turn back to light mode...
It's not an extension
Hi,
seems like this is not fixed yet. I apologize for improper testing.
The original build errors are fixed but we get runtime errors now:
unknown location(0): fatal error: in "TEST": fmt::v11::format_error: cannot
switch from manual to automatic argument indexing
Best,
Markus
Hi,
thanks for noticing.
The failing test is due tp Python 3.12 using a more accurate summation
algorithm (Neumaier) for summation of floats than previous versions.
I'll fix this by using numpy.sum for the failing test.
Best,
Markus
Hi,
thanks for the report.
Could you send me a sample of your data or tell me what data you are trying to
modify. Maybe steps to reproduce the problem. Is it specific to a certain data
type or a general issue? The more information the better.
Regards,
Markus
signature.asc
Description: This
ation disclosure and/or a denial of
+service attack. (Closes: #1082713)
+
+ -- Markus Koschany Sat, 08 Feb 2025 21:24:47 +0100
+
libapache-mod-jk (1:1.2.48-2+deb12u1) bookworm; urgency=high
* Fix CVE-2023-41081:
diff -Nru libapache-mod-jk-1.2.48/debian/patches/0004-CVE-2024-46544.
Control: reassign -1 src:openjfx
Control: affects -1 src:mediathekview
Mediathekview segfaults since openjfx 11.0.11+1-4 was uploaded to unstable in
November 2024. Apparently several g++ compilation changes have been made and I
wonder if that negatively affects applications which depend on openjfx
maven plugin in Debian.
I'll try to have a look at it soon.
Markus
signature.asc
Description: This is a digitally signed message part
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-56161
https://www.cve.org/CVERecord?id=CVE-2024-56161
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
rity-tracker.debian.org/tracker/CVE-2024-57004
https://www.cve.org/CVERecord?id=CVE-2024-57004
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
wonder if 'vd' could/should just
be a symlink to 'visidata' :)
Thanks and greetings,
Markus
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel
Package: src:linux
Version: 6.12.9-1~bpo12+1
Followup-For: Bug #1092869
X-Debbugs-Cc: mar...@schmees.info
Hi there,
it would have been too good to be true, so it is not. Here is the bugreport for
kernel 6.12.9-1.
Yours,
Markus
-- Package-specific info:
** Version:
Linux version 6.12.9+bpo
Hi Salvatore,
I installed kernel 6.12.9 from bookworm-backports and it's running now.
I'll keep you updated.
Thank you,
Markus
y thinking about switching to "testing" instead of "stable",
because I need a stable system. But is it? What do you think?
Yours,
Markus
-- Package-specific info:
** Version:
Linux version 6.1.0-30-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian
12.2.0-14) 12.2.0, GNU ld
Package: src:linux
Version: 6.1.124-1
Followup-For: Bug #1092869
X-Debbugs-Cc: mar...@schmees.info
Hi Salvatore,
sorry, but I had to reopen the bug again. The freezing reappeared. It seems
that the kernel does not like my AMD GPU.
Hope this helps,
Markus
-- Package-specific info:
** Version
Hi Salvatore,
I installed 6.1.24 as soon as it was released (2025-01-15) and the bug
did not reappear since then. The previous kernel wouldn't run 4 days
straight without freezing, so I assume that you already fixed the bug in
the new kernel.
Thanks again,
Markus
Am 19.01.25 um
Package: src:linux
Version: 6.1.123-1
Followup-For: Bug #1092869
Hi Salvatore,
the bug reappeared. Here are the info you requested.
Yours,
Markus
-- Package-specific info:
** Version:
Linux version 6.1.0-29-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian
12.2.0-14) 12.2.0, GNU ld (GNU
Am Thu, Jan 09, 2025 at 04:29:30PM +0100 schrieb Chris Hofstaedtler:
* Markus Blatt [250109 16:24]:
Hi,
the binary rebuild for version 2024.10+ds-3+b3 on January 7 failed on all
architectures, see [1]
and particularly [2] for amd64. The rebuilds were probably done for the
python3.13 as
,
Markus
[1] <https://buildd.debian.org/status/package.php?p=opm-simulators>
[2]
<https://buildd.debian.org/status/fetch.php?pkg=opm-simulators&arch=amd64&ver=2024.10%2Bds-3%2Bb3&stamp=1736272314&raw=0>
[3] <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091907>
ize once again for not announcing this
> initiative on Weblate!
Done.
Cheers,
Markus
signature.asc
Description: This is a digitally signed message part
Hi,
thanks for your report. I have forwarded the po file upstream to
https://github.com/ib/xarchiver/issues/206
However the developer prefers that you translate it on Weblate as you
apparently did before. Would that be possible?
Regards,
Markus
signature.asc
Description: This is a digitally
Control: forwarded -1 https://github.com/ib/xarchiver/issues/206
signature.asc
Description: This is a digitally signed message part
Thanks for the report.
This is fixed in Git. I can upload a new revision although mediathekview is
still affected by #1087687.
signature.asc
Description: This is a digitally signed message part
Hi,
the segmentation fault happened in libfontconfig.so. Maybe this is a bug in
JavaFX or OpenJDK 21 itself. I have no idea how to fix this in mediathekview at
the moment.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
Hi,
I just need fonts-glyphicons-halflings for openrefine and I can't find a
similar package for bootstrap 5. Can't we just keep the font package? I guess
security support is not an issue here.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
Control: severity -1 important
Openrefine is not a server application but a single-user app thus typical
openrefine users don't face the same risks. Even network access is not required
to use openrefine in production. As with previous CVE a normal stable update
should be sufficient in my opinion.
needs to link
to /usr/lib/aarch64-linux-gnu/libpython3.12.so. This dependency might
be dragged in by other packages that we use. Maybe some are missing a
rebuild?
Best,
Markus
Package: valgrind
Version: 1:3.19.0-1
Severity: minor
X-Debbugs-Cc: debian-bugrep...@tmpmail2013.wamser.eu
Dear Maintainer,
* What led up to the situation?
Followed instruction from the internet.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Trie
Hi,
As a workaround one can use chrpath to remove those in packages. See e.g.
<https://salsa.debian.org/science-team/opm-simulators/-/commit/0ee4530b2def2ce99c0f38e7a0e010eed7e9666d>
HTH and best,
Markus
Dear Colin,
On Thu, Dec 05, 2024 at 12:33:19PM +, Colin Watson wrote:
> I've prepared an NMU for gavodachs (versioned as 2.10+dfsg-1.1) and
> uploaded it to DELAYED/10. Please feel free to tell me if I should
> delay it longer.
I have to admit my Debian-Fu fails for figuring out what DELAYED
ls
48s blame: opm-models
48s badpkg: rules extract failed with exit code 1
48s autopkgtest [12:06:03]: ERROR: erroneous package: rules extract failed
with exit code 1
This seems to be a known issue of britney, see [4]
Best,
Markus
[1] https://tracker.debian.org/pkg/opm-models
[2] https://trac
that this file
is licensed under EPL because of the word Eclipse appearing in the comment.
Kind regards,
Markus
-- System Information:
Debian Release: 12.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'
Hi Graham,
On Mon, Oct 21, 2024 at 08:39:41AM +, Graham Inggs wrote:
> The SyntaxWarning below were emitted when this package was tested with
> pipuarts[1].
This is already fixed in version 2.10, which I thought was in
unstable already. I'll investigate why it's not.
ian sid or experimental:
# mpicc --show-me:link
gcc -I/usr/lib/x86_64-linux-gnu/openmpi/include
-I/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi
-L/usr/lib/x86_64-linux-gnu/openmpi/lib -Wl,-rpath
-Wl,/usr/lib/x86_64-linux-gnu/openmpi/lib -lmpi
Best,
Markus
path:
gcc -I/usr/lib/x86_64-linux-gnu/openmpi/include
-I/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi
-L/usr/lib/x86_64-linux-gnu/openmpi/lib -Wl,-rpath
-Wl,/usr/lib/x86_64-linux-gnu/openmpi/lib -lmpi
Best,
Markus
Source: cmake
Version: 3.30.5
Severity: important
Dear Maintainer,
I have been hunting this down for a few days, as I got lintian errors in my
packges telling me that there is an rapth to /usr/lib/x86_64-linux-
gnu/openmpi/lib in the shared libraries of my packages. This happened in
experimental,
I had the same problem. Kernel 6.1.112-1 resolved the problem for me.
Regards,
Markus
Package: apache2
Version: 2.4.62-1~deb12u1
Severity: important
X-Debbugs-Cc: markus.wol...@computec.de, t...@security.debian.org
Dear Maintainer,
After upgrading apache2 packages, we noticed that our SEO rewriting rules in
apache2 no longer worked and Tomcat tried to access non-existing file pat
re in both Debian stable and testsing.
Kind regards,
Markus
-- System Information:
Debian Release: 12.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-23-amd6
Package: libwebkit2gtk-4.1-0
Version: 2.44.2-1~deb12u1
Severity: important
I have 2 programs installed which use this webkit rendering library: "yelp" and
"surf". yelp does not render anything. surf renders a website to some degree
but usually there is no way to enter any input. If you instruct su
You need to upgrade to FINAL CUT version 0.9.1:
https://github.com/gansm/finalcut/releases/tag/0.9.1
On Wed, 03 Jul 2024 12:26:34 + Matthias Klose
wrote:
> Package: src:finalcut
> Version: 0.9.0-2
> Severity: important
> Tags: sid trixie
> User: debian-...@lists.debian.org
> Usertags: ftb
Package: hylafax-server
Version: 3:6.0.7-5
Severity: important
File: /usr/sbin/hylafax_wrapper
Dear Maintainer,
the script hylafax_wrapper is used in cron.weekly/hylafax to wrap calls to
(among others) faxcron. When triggered, it will globally do a bind mount /
unmount on /var/spool/hylafax/etc
Package: ifupdown
Version: 0.8.41
Severity: normal
Dear Maintainer,
When reporting a bug in ifupdown, a copy of /etc/network/interfaces is
included. While I realise that that may frequently be relevant information,
that should at least not happen silently and automatically, as interfaces may
con
test.sh
echo 'echo hello' >> test.sh
mpirun test.sh
This is also causing CI regressions for opm-common on riscv64, see e.g. [1].
Best regards,
Markus
[1] https://ci.debian.net/packages/o/opm-models/testing/riscv64/48956914/
-- System Information:
Debian Release: 12.6
APT p
On Thu, Jun 27, 2024 at 10:56:18AM +, Bastien Roucariès wrote:
> Could you please merge
> https://salsa.debian.org/debian/luakit/-/merge_requests/3
Thanks for the patch. That totally makes sense. I've merged the MR
just now.
-- Markus
ream version (6.1.11 currently).
Pretty, pretty please fix this bug. Or remove the package if it's
unmaintained...
cu
--
Markus
Hi,
the problem already appears in OpenMPI's own autopkgtests, see [1]
Best,
Markus
[1] https://ci.debian.net/packages/o/openmpi/unstable/i386/46207866/
I_INIT completed completed
successfully, but am not able to aggregate error messages, and not able to
guarantee that all other processes were killed!
See [1] for a complete build where the tests using mpirun fail in this way.
This happens on these architectures: armel, armhf, i386, hppa
Best,
commended to prevent Kerberos Tickets and
password hashes to be cached on the server.
Typically these tickets and hashes are used for lateral movement after a
breach.
libfreerdp2-2 needs to be compiled with "WITH_GSSAPI=on" to be able to
connect with user accounts protected in such a way.
Kind Regads,
Markus Wigge
list
of packages to be installed could also work. Then a user could define a
list of packages that they would be ok with not being installed due to
reasons such as them being non-existing.
--
Markus
Hi,
the problem occurs during startup of OpenMPI when running mpirun. I see similar
problems for other packages during the same rebuild.
Hence I don't think this is related to us but rather to OpenMPI.
Best,
Markus
BTS as needed.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
Hi,
seems like upstream already has a proposed fix, see [1]
Best,
Markus
[1] https://gitlab.kitware.com/vtk/vtk/-/issues/19258#note_1510307
their assumptions broke when moving to 2.6.0.
Hence this probably is an incompatibility on vtk9's side rather than a bug in
expat. At least upstream thinks that way in in [1] and closed the bug.
The stalled discussion about this in VTK9 can be found in [3].
Should we reassing this to vtk9?
Best,
n a bug in
expat. At least upstream thinks that way in in [1] and closed the bug.
The stalled discussion about this in VTK9 can be found in [3].
Should we reassing this to vtk9?
Best,
Markus
[1] https://github.com/libexpat/libexpat/issues/857
[2] https://github.com/libexpat/libexpat/issues/840
Hi,
I am running into the same problem.
One of my machines fails the install with:
installed grub-efi-amd64 package post-installation script subprocess
returned error exit status 128
here the full log with -x in and DEBCONF_DEBUG=developer
# dpkg --configure -a --debug=77
D01: root=
+
+ * Fix CVE-2024-25447 and CVE-2024-25448 and CVE-2024-25450.
+A heap-buffer overflow vulnerability was discovered in imlib2 when using
+the tgaflip function in loader_tga.c
+
+ -- Markus Koschany Sat, 06 Apr 2024 22:40:50 +0200
+
imlib2 (1.7.1-2) unstable; urgency=medium
* Drop
touch /var/log/tomcat10/catalina.out
to recreate it?
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
Am Fri, Apr 05, 2024 at 05:58:15AM + schrieb Thorsten Glaser:
> Markus Wichmann dixit:
> >In any case, the emission of non-relative relocations is the issue here,
> >and it is coming from the linker.
>
> They are present in the glibc static-pie binary as well, though.
>
witches added to the linker command line.
In any case, the emission of non-relative relocations is the issue here,
and it is coming from the linker.
Ciao,
Markus
, they will not be processed.
What you are seeing seems indicative of missing relocation processing.
Is it possible you are linking in the wrong start file? gcc -v should
output the command line it feeds to the linker.
Ciao,
Markus
== InterRegFlow::bufferSize();
}
(sid_ppc64el-dchroot)blattms@platti:~/opm-common$
Best,
Markus
== InterRegFlow::bufferSize();
}
(sid_ppc64el-dchroot)blattms@platti:~/opm-common$
Best,
Markus
Hello Shriram,
Am Mittwoch, dem 27.03.2024 um 15:10 +0530 schrieb Shriram Ravindranathan:
> Dear Markus,
>
> On 27/03/24 13:01, Markus Koschany wrote:
> > As this bug report proves, normal people tend to have problems with system
> > services. A system administrator would ha
Hi Sylvain,
Am Montag, dem 25.03.2024 um 18:48 +0100 schrieb Sylvain Rochet:
> Hi Markus,
>
> On Mon, Mar 25, 2024 at 02:36:59AM +0100, Markus Koschany wrote:
> > Sylvain Rochet wrote:
> > > Actually, the main problem is /lib/systemd/system/monopd.socket which
> >
Sylvain Rochet wrote:
> Actually, the main problem is /lib/systemd/system/monopd.socket which
> set Accept=yes while monopd needs Accept=no (which is the default value).
I wonder if monopd needs a systemd socket file at all and if we should disable
the service after the installation. We have bee
nd it with either `alias fd=fdfind` or
`alias _fdfind=_fd`, but it would be nice not to have to.
Raising the severity to normal because of this (first time doing
that, not sure if it will actually work :))
Thanks,
Markus
patches for these CVEs have been backported already:
* https://security-tracker.debian.org/tracker/source-package/expat
Best,
Markus
I like Sam's suggestions. Has a maintainer considered it?
--
Markus
, but recursion isn't necessary in these cases anyway.
I also saw some other hooks explicitly use `cp -L`.
Thanks,
Markus
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86
Hi,
the dependency is alread gone version 2023.10+ds-2 and later (unstable). We
just need to wait for their migration to testing.
Best,
Markus
Hi,
I did some further tests with the provided test case.
If I install vtk (latest version 9.3) with pip in a venve. The script also does
not report an error for the relative paths. Tested on stable and in a sid
chroot.
Best,
Markus
Hi,
there is already a version (2023.10+ds-2) uploaded to unstable with the
python3-distutils
dependency. We just need to for it's migration.
Best,
Markus
case. To me it is more likely that the problem
is due a change in vtk9. Hence I am reassinging to vtk9 in the hope
that the maintainers there have more clues than me.
Best,
Markus
python3-vtk9-test.tar.gz
Description: application/gzip
I need
a sponsor from e.g. the Debian Science team that uploads the fixed package.
alberta is marked for removal today.
Thanks a lot.
Best,
Markus
[1] https://salsa.debian.org/science-team/alberta/-/merge_requests/4
signature.asc
Description: PGP signature
org/GNOME/mutter/-/blob/main/src/backends/meta-cursor-sprite-xcursor.c?ref_type=heads#L75
Thanks,
Markus
Oh no, sorry I meant to say "46~beta-4" in the first sentence.
Copied it from the bottom and forgot to change it :)
n I'm using gnome-shell 45.3-2 from
experimental.
[1]:
https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/96b91ec62c9c8133eb7b0e76e486a7cea6edebdb/js/ui/dnd.js#L390
Thanks and greetings,
Markus
strcmp(buf,"$MeshFormat")!=0)
DUNE_THROW(Dune::IOError, "expected $MeshFormat in first line");
readfile(file,3,"%lg %d %d\n",&version_number,&file_type,&data_size);
if( (version_number < 2.0) || (version_number > 2.2) )
DUNE_THROW(Dune::IOError, "can only read Gmsh version 2 files");
[...]
File unitcube.sh:
$MeshFormat
2.2 0 8
$EndMeshFormat
$Nodes
...
I will need to reproduce this somehow. Just need to learn how.
Best,
Markus
Hey Jeremy,
Haha well I was debating if even "important" is warranted,
given it's just about fancy emoji in the end. But I guess
people do feel passionate about them :)
Also didn't know that "serious" prevents migration to testing,
will keep that in mind for the
moji font load fine. I am unsure whether to
> consider this as a regression, but for now I will close this issue.
After running "dpkg-reconfigure fontconfig-config" and enabling bitmap fonts
the color emoji indeed work again.
Greetings,
Markus
emoji
NotoSans-Regular.ttf: "Noto Sans" "Regular"
```
Downgrading to 2.14.2-6+b1 fixes it:
```
$ fc-match emoji
NotoColorEmoji.ttf: "Noto Color Emoji" "Regular"
```
Greetings,
Markus
-- System Information:
Debian Release: trixie/sid
APT prefers
Package: wnpp
Severity: normal
from the kernel tarball.
Greetings,
Markus
Package: runescape
Version: 0.8-2
Severity: important
X-Debbugs-Cc: schm...@web.de
After installing "runescape" (by "sudo apt install runescape") I could start
the program "runescape", but it stopped executing at 98%.
I could adjust the file "/usr/games/runescape" so that error messages were
show
6-1+deb10u8 and 4.6-
> 1+deb10u9 (4.6-1+deb10u8 is OK)
Thank you for the report. I believe this is related to the fix for CVE-2023-
46846. I am currently investigating the problem.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
ill on my todo list but with a low priority. As long as there are no
major issue with endless-sky, it will be part of games-finest when I update
src:debian-games again.
Cheers,
Markus
signature.asc
Description: This is a digitally signed message part
Package: mate-control-center
Version: 1.26.0-2+deb12u1
Severity: normal
When you activate "Select windows when the mouse moves over them" there is a
delay that you can set (Raise selected windows after XX seconds). I have set
the delay to 1 second.
The delay works unless the window being raised is
1 - 100 of 3705 matches
Mail list logo
