astian:
> - Bug in fonts-noto-core: Either the glyphs don't belong or there is
> some incorrect metadata or configuration, or bad interaction with
> other fonts, or any combination thereof, which causes FC to
> correctly (in technical terms) change the fall
Jonas Smedegaard:
> Hi astian,
>
> Thanks for a detailed bugreport!
>
> Quoting astian (2020-11-11 21:31:00)
>> With version 20200323-1, when attempting to render code points such as
>> 0x3001 and 0x3002, fontconfig would choose "Noto Sans CJK JP" [0] as
&
Package: fonts-noto-core
Version: 20201109-1
Severity: normal
Dear Maintainer,
With version 20200323-1, when attempting to render code points such as
0x3001 and 0x3002, fontconfig would choose "Noto Sans CJK JP" [0] as
fallback for "Monospace". This was expected behaviour, I want to see
Japanese
David Bremner:
> astian writes:
>
>> Control: found -1 3.2.1-2
>>
>> What's the problem with fixing this? It's a one-liner FFS.
>>
>
> The problem is a lack of time and motivation. You are not helping with
> either by sending such messages.
>
Control: found -1 3.2.1-2
What's the problem with fixing this? It's a one-liner FFS.
Package: darktable
Version: 3.0.2-1
Severity: normal
Dependencies "libjs-prototype" and "libjs-scriptaculous" are unneeded
and unwanted. Nothing in darktable uses them and they pull in more
javascrapt crap. Please drop them and the "/usr/share/darktable/js"
directory.
Thanks.
Control: reassign -1 spice
Control: affects -1 qemu
Control: tags -1 upstream fixed-upstream
Bug was fixed by this patch [0], which shipped in the spice library (server
side) version 0.14.3 [1].
0:
https://lists.freedesktop.org/archives/spice-devel/2019-September/050859.html
1: https://gitla
:00 2001
From: astian
Date: Mon, 11 Feb 2020 21:08:51 +
Subject: [PATCH] lua: fix unintended code execution vulnerability
Backport of upstream commit cce7062a8a6b6a3b3666aea3ff86db879cba67b6
("lua: fix highly security relevant arbitrary code execution") to
release 0.32.0.
Note: B
astian:
> If Lua scripts are enabled (they are by default) and configured for use
> (Debian doesn't seem to have any active by default)
Correction: mpv as shipped by Debian does have some active Lua scripts
embedded in the ELF binary, but, as the author says in the quoted commit,
Package: mpv
Version: 0.32.0-1
Severity: grave
Tags: security fixed-upstream
Justification: user security hole
Dear Maintainer,
If Lua scripts are enabled (they are by default) and configured for use
(Debian doesn't seem to have any active by default) mpv could end up
loading unintended code (lua
astian:
> astian:
>>> AFAICT it's a no-op for stream sockets; might make sense to error
>>> out unless ‘-u’ is set.
>>
>> Right, so it could be something like:
>>
>> -} else if (argc == 1 && !pflag && !sflag) {
>&
astian:
>> AFAICT it's a no-op for stream sockets; might make sense to error
>> out unless ‘-u’ is set.
>
> Right, so it could be something like:
>
> - } else if (argc == 1 && !pflag && !sflag) {
> + } else if (argc == 1 && !pflag &
Guilhem Moulin:
> On Sat, 24 Aug 2019 at 20:25:00 +0000, astian wrote:
>> Looking at the patch I don't trust this is the only behaviour change. I
>> don't understand why this divergence from upstream was introduced and I
>> wish it was reverted altogether.
>
&g
Package: netcat-openbsd
Version: 1.203-1
Severity: normal
Control: tags -1 + patch
Dear Maintainer,
The debian-specific patch "use-flags-to-specify-listen-address.patch"
disallows the usage of "-s" in some valid cases. For example, the
following should connect to the unix socket "target" and use
Package: netcat-openbsd
Version: 1.203-1
Severity: normal
Dear Maintainer,
I think debian/patches/verbose-numeric-port.patch is no longer needed. The
new upstream code brought a more comprehensive solution, which also fixes a
bug in the case of randomised port number. Please remove that patch.
Package: xdot
Version: 1.1-1
Severity: minor
/usr/share/doc/xdot/copyright links to GPL-3 but should link to LGPL-3.
- version 3 can be found in the /usr/share/common-licenses/GPL-3 file.
+ version 3 can be found in the /usr/share/common-licenses/LGPL-3 file.
Cheers.
Package: alsa-utils
Version: 1.1.8-2
Severity: normal
Dear Maintainer,
The package depends on whiptail|dialog, but the only user of whiptail
(alsaconf) is not part of the package. The only (optional) user of
dialog (alsa-info.sh) explicitly calls "dialog" and does not check for
whiptail. Whipta
Package: minetest-mod-pipeworks
Version: 20190430-1
Severity: serious
Justification: Policy 3.5. Dependencies
Dear Maintainer,
Package lacks a dependency on "basic_materials" (minetest-mod-basic-materials).
-- System Information:
Debian Release: 10.0
APT prefers unstable-debug
APT policy: (5
Package: felix-latin
Version: 2.0-10
Severity: important
Dear Maintainer,
By default QImage cannot read TIFF images [0], although there is a
plugin for it [1]. However, felix is missing a dependency on the
appropriate package: qt5-image-formats-plugins. Package libqt5gui5
only suggests it, so f
Control: found -1 1.20.0-2
Patch refreshed.
Cheers.
Description: Stop setting TERM
TERM should be set by libvte by default, do not override it.
.
See also: https://bugzilla.gnome.org/show_bug.cgi?id=740641
.
Author: astian
---
Bug: https://github.com/mate-desktop/mate-terminal/issues/209
nstants are not hardcoded in the source code and
the Scheme namespace is not polluted with implementation details.
Author: astian
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831017
Forwarded: no
Last-Update: 2018-03-05
--- scm-5f2.orig/Iedline.scm
+++ scm-5f2/Iedline.scm
@@ -2
e source code and
the Scheme namespace is not polluted with implementation details.
Author: astian
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831017
Forwarded: no
Last-Update: 2018-03-03
--- scm-5f2.orig/Iedline.scm
+++ scm-5f2/Iedline.scm
@@ -23,7 +23,17 @@
;; lines, i.e. lines untermina
.
.
See also: https://bugzilla.gnome.org/show_bug.cgi?id=740641
.
Author: astian
---
Bug: https://github.com/mate-desktop/mate-terminal/issues/209
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800832
Last-Update: 2018-02-15
--- mate-terminal-1.20.0.orig/src/terminal-screen.c
t/?id=1d5c1b6ca6373c1301494edbc9e43c3e6a9c9aaf
.
Author: astian
---
Bug: https://github.com/mate-desktop/mate-terminal/issues/209
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800832
Last-Update: 2017-12-28
--- mate-terminal-1.18.2.orig/src/terminal-screen.c
+++ mate-terminal-1.18.2/src/terminal-screen.c
@@ -1338,9 +1
Control: notforwarded -1
Control: reassign -1 mate-terminal
Control: tags -1 - fixed-upstream
Control: severity -1 normal
Control: found -1 1.18.2-1
This is still broken and has not been fixed in mate-terminal upstream, which
is where the bug is. From src/terminal-screen.c:
g_hash_table_replac
Control: found -1 virt-manager/1:1.4.3-1
This is still broken. For reference, Red Hat fixed this 1 and 1/2 years ago:
https://bugzilla.redhat.com/show_bug.cgi?id=1334554
Cheers.
_
Package: x11-utils
Version: 7.7+3+b1
Severity: important
Control: tags -1 + fixed-upstream
Dear Maintainer,
I believe this [0] is the bug I'm experiencing; fixed upstream [1],
though apparently still unreleased.
0: https://bugs.freedesktop.org/show_bug.cgi?id=101214
1:
https://cgit.freedesk
Javier Fernandez-Sanguino:
[snip]
>
>> I can't remember where I read that the maintainer doesn't like
>> maintaining scripts longer than a couple hundred lines, and this one
>> grew to about 390 so in the end I didn't send it and forgot about the
>> bug report. Today I remembered and here it is.
Package: python3-flask-socketio
Version: 2.9.0-1
Severity: serious
Dear Maintainer,
This package lacks a dependency on the upstream "python-socketio" [0],
which provides a "socketio" module. Please do not confuse it with the
Debian package of the same name, which also provides a "socketio": that
Michael Tokarev:
> This bug has been fixed by the last security update of qemu.
>
> Thanks,
>
> /mjt
Shall we close it then? The "Closes:" in the changelog somehow did not do it...
Osamu Aoki:
> control: severity -1 important
> control: tags -1 pending
> thanks
>
> Hi
>
> With the delayed 7 day upload of anthy, this problem is gone.
>
> Osamu
Hi, thanks for working on this. Newbie question: How should one
proceed in order to test this kind of patches (which change the
re
Package: debian-goodies
Version: 0.75
Severity: minor
Dear Maintainer,
I think that commit 27ac5129ce187c6f571cac25ef70553bb9c9d475 broke the
error message dman used to produce when it failed to fetch some page.
It says "not found: " but it no longer says what it didn't find.
I actually run into
astian:
> Consider:
>
> - AdminAuth: unexpected.tld:80/secret
I forgot to mention: Even though this suggests that unintended network
requests could be made, therefore (partially) leaking credentials to DNS, I
have found that the wrapped `IDlConFactory` (into `maintfac`) in function
`
Package: apt-cacher-ng
Version: 3-5
Severity: normal
Control: tags -1 + patch
Dear Maintainer,
When generating URLs, apt-cacher-ng (acngtool in particular) does not
properly encode the "userinfo" component (used for credentials in Basic
or Digest HTTP authentication). As a result, when such URLs
Michael Tokarev:
> On Thu, 31 Aug 2017 12:11:00 +0000 astian wrote:
>> [snip]
>
> Now that's interesting.
>
> The thing is that I've never seen this email. Now I come across it while
> trying
> to understand what's going on here.
Hmm, I sent that me
:
tags 871648 - moreinfo unreproducible
tags 871648 + confirmed
merge 871648 871702 872257
Cheers.
From: astian
Date: Thu, 31 Aug 2017 11:02:10 +
Subject: [PATCH] exec: Add lock parameter to qemu_ram_ptr_length
This patch is a simple backport of upstream commit
Control: affects -1 ibus-anthy
Control: found -1 ibus-anthy/1.5.9-2
Control: found -1 anthy/1:0.3-5
Hi,
Packaging is still broken on sid. (Interesting how 2 years of forewarning
were still not sufficient to prevent this.)
$ sudo apt install ibus-anthy
Reading package lists... Done
Buildin
Package: exim4-config
Version: 4.89-3
Severity: normal
Dear maintainer,
Brokenness in the debconf part of the package has resulted in all local
email (sent from system daemons to users in the same host) to become
undeliverable and therefore frozen.
Background:
Exim4 was automatically installe
Stretch was released, could this move forward now? I think this [0] patch
may help fix/diagnose a bug I observed in the current version of the package in
sid.
0: http://repo.or.cz/socat.git/commit/6b596b8852d8fad2675894e3ceb18a04801eaf23
Also, the tracker page [1] shows a 2.0 beta as new avail
39 matches
Mail list logo
