Package: rclone-browser
Version: 1.8.0-5
Severity: serious
Justification: privacy leak without user consent
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu plucky
Downstream bug:
https://bugs.launchpad.net/ubuntu/+source/rclone-browser/+bug/2059246
I haven't fully verified this report
On Tue, Dec 10, 2024 at 07:45:06PM +, Colin Watson wrote:
> The attached patch is cherry-picked from upstream and fixes this. If
> you're still busy, would you like me to NMU again?
Uploaded. Tnank you!
Robie
signature.asc
Description: PGP signature
severity 1061410 wishlist
thanks
This doesn't seem like a bug in python-trio to me. It's simply using
select.epoll(). If that's being monkey patched by gevent in a way that
breaks things then that seems like either a gevent problem or a
fundamental incompatibility in trying to use Trio at the same
clone 1030487 -1
reassign -1 python3-service-identity 18.1.0-7
retitle -1 Missing dependency on python3-six makes package unusable
thanks
On Sat, Feb 04, 2023 at 08:58:30AM +0100, Lucas Nussbaum wrote:
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
[...]
> >
On Sat, Dec 17, 2022 at 07:28:24AM +0100, Jochen Sprickerhof wrote:
> I've prepared an NMU for python-trio (versioned as 0.22.0-0.1) and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.
Thank you for working on this! Assuming it builds and passes tests OK,
+1
On Sun, Nov 13, 2022 at 08:31:24PM +0100, Moritz Mühlenhoff wrote:
> The following vulnerabilities were published for mysql-8.0.
FTR, an update to 8.0.31 to fix these is already prepared and being
tested at
https://salsa.debian.org/mariadb-team/mysql/-/merge_requests/65
signature.asc
Description
Hi,
On Tue, Dec 21, 2021 at 05:33:17PM +0100, Lucas Nussbaum wrote:
> Source: google-authenticator
> Version: 20191231-2
> Severity: serious
> Justification: FTBFS
> Tags: bookworm sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-20211220 ftbfs-bookworm
>
> Hi,
>
> During a rebuild of all pa
On Fri, Jul 01, 2022 at 05:45:12PM +0200, Bastian Germann wrote:
> Lena, please tag the changelog entries accordingly, at least for RC bugs so
> they do not keep the package from migrating.
Note that mysql-8.0 is permanently blocked from migrating by order of
the release team. They want MariaDB i
Package: frogatto
Version: 1.3.1+dfsg-5
Severity: serious
Tags: patch
Justification: fails to build from source (but built successfully in the past)
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu kinetic ubuntu-patch
*** /tmp/tmpULOMPK/bug_body
In Ubuntu, the build was failing with t
Source: debianutils
Severity: serious
Justification: FTBFS when making a derived work, contrary to the spirit
of the Debian Social Contract
Version: 5.5-1
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu jammy
Hi,
If I patch the debianutils source package, then I find that I cannot
ea
Control: tag -1 pending
Hello,
Bug #981905 in mysql-common reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/mariadb-team/mysql/-/commit/a00d50137db1499315e31
Hi,
The relevant previous bug is
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921488 where the
packaging switched from "system" to "bundled". Switching back to
"system" would regress that licensing problem.
Also relevant is
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924937 which is th
tags 969115 + wontfix
thanks
Hi,
Thank you for the FTBFS report. As it happens src:mysql-5.7 has been
deprecated by src:mysql-8.0 and I filed a removal bug 969095 for
src:mysql-5.7. So it seems pointless to fix this now.
Robie
On Thu, Aug 27, 2020 at 09:48:21PM +0200, Aurelien Jarno wrote:
> So
tags 968854 + moreinfo
thanks
libmysqld is no longer part of MySQL and so libmysql-dev is no longer a
binary source package produced by MySQL packaging. src:mysql-8.0 does
not produce libmysqld-dev. The libmysqld-dev package in unstable is left
over from src:mysql-5.7 which needs to be removed.
W
Thank you for the report.
On Sun, Aug 09, 2020 at 09:48:13PM +0200, Andreas Beckmann wrote:
> This is likely caused by the corresponding binary packages shipping
> identical binaries (or librariesi, ...) with different names.
Looks like this is because this file is shipped in both mysql-router
an
Source: zoneminder
Version: 1.32.3-2
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu focal ubuntu-patch
Severity: serious
Justification: policy violation in behaviour of build target causing FTBFS
Tags: patch
Hi,
In Ubuntu this package FTBFS. The reason seems to be that the
build-inde
On Sun, Oct 13, 2019 at 11:02:45PM +0200, Birger Schacht wrote:
> The problem is that the package will be removed from unstable in a
> couple of days because of this bug report. 3 month is sometimes not that
> much time to fix a bug or even comment on a bug report. And the release
> of bullseye is
On Sun, Oct 13, 2019 at 05:23:40PM +0200, Birger Schacht wrote:
> Robie, could you please point out the part of the Debian policy that
> this package is violating?
I cannot. I believe that this issue is such a clear violation of
Debian's philosophy that it has never been necessary to document it
f
On Mon, Sep 30, 2019 at 12:39:33PM +0200, Michael Boelen wrote:
> Although I can understand the sentiment of disabling "phoning home"
> functionality, it is there with a good reason. It helps people to learn
> when their software is (very) outdated, especially when it comes to doing a
> security au
Package: lynis
Version: 2.6.2-1
Severity: serious
Justification: privacy leak
By default, this program appears to make a DNS query to
lynis-latest-version.cisofy.com. thus leaking information about the
system and the fact that the user is running an audit. This is
particularly egregious in the cas
openssl binary package is installed, which is not a build dependency,
+but apparently the buildds have it by default. Closes: #926652.
+
+ -- Robie Basak Sat, 13 Apr 2019 17:30:20 +0100
+
python-trustme (0.4.0-2) unstable; urgency=medium
* Explicitly build-depend on python3-idna to fix F
On Mon, Apr 08, 2019 at 01:38:04PM +, Ivo De Decker wrote:
> The latest version of python-trustme in unstable fails on all:
See also bug 925576. I haven't got round to looking at it yet. I hope to
investigate and fix it soon; patches also welcome.
signature.asc
Description: PGP signature
On Tue, Mar 26, 2019 at 09:49:00PM +0100, Lucas Nussbaum wrote:
> During a rebuild of all packages in buster (in a buster chroot, not a
> sid chroot), your package failed to build on amd64.
Thank you for this report.
It looks like python-trustme (build time) tests uses the idna directly,
so an ex
On Tue, Mar 19, 2019 at 10:49:06AM +0100, Christoph Berg wrote:
> Re: Robie Basak 2019-03-18 <20190318165800.gc12...@mal.justgohome.co.uk>
> > It is well understood that the OpenSSL license is not "compatible" with
> > the GPL (either version 2 or 3); and furthermore
Package: libpq5
Version: 11.2-2
Severity: serious
Affects: bandwidthd-pgsql dballe inspircd libnss-pgsql2 libodb-pgsql-2.4 pmacct
r-cran-rpostgresql saga sphinxsearch tora ulogd2-pgsql yubikey-server-c
Justification: renders many Debian packages undistributable
Hello,
It's come to my attention t
Package: letsencrypt
Version: 0.28.0-1
Severity: grave
Justification: causes data loss
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu disco
Steps to reproduce:
1. Start on sid
2. apt install letsencrypt # using transitional package
3. Use letsencrypt or certbot
4. Later, note the pr
Source: python-trio
Version: 0.9.0-1
Severity: serious
Forwarded: https://github.com/python-trio/trio/issues/1
Trio upstream do not yet consider the API stable, so in my opinion this
package is not yet ready for a stable Debian release.
Please use this bug for discussion if you think this status
I wonder if "dpkg -P libsss-sudo" is a reasonable workaround. Are there
any cases where libsss-sudo needs to be installed but not active in
nsswitch.conf?
signature.asc
Description: PGP signature
Package: libsss-sudo
Version: 1.16.2-1
Severity: serious
Justification: policy violation (section 10.7.3)
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu cosmic
Steps to reproduce:
1. apt install sssd
2. Edit /etc/nsswitch.conf and remove "sss" from the "sudoers" entry
3. apt install
Fix proposed in:
https://salsa.debian.org/dns-team/bind9/merge_requests/3
signature.asc
Description: PGP signature
tags 896709 + moreinfo
thanks
This doesn't appear to be a bug report. Please see
https://www.debian.org/Bugs/Reporting (in particular the section
entitled "The body of the report") and
https://www.chiark.greenend.org.uk/~sgtatham/bugs.html and provide a
full explanation.
signature.asc
Descriptio
tag 882643 + patch
user ubuntu-de...@lists.ubuntu.com
usertag 882643 + bionic ubuntu-patch
thanks
Patch against mongodb/1:3.4.7-1 below.
---
debian/patches/major-minor-sysmacros | 45
debian/patches/series| 1 +
2 files changed, 46 insertions
Hi Otto,
On Wed, May 31, 2017 at 01:49:28PM +0300, Otto Kekäläinen wrote:
> MariaDB 10.3 test packages should be removed from experimental. I
> think it was just a temporary test by Ondrej. There is no point in
> having a unreleased upstream version in Debian permantently.
Entirely up to you, but
Hi Otto,
On Fri, Mar 10, 2017 at 05:09:42PM +0200, Otto Kekäläinen wrote:
> I wonder if this really is how update-alternatives should be used and
> is really adding conflicts between all packages that use it the smart
> way to utilize the flexibility the update-alternatives scheme should
> provide
On Wed, Mar 08, 2017 at 11:00:35PM +0200, Otto Kekäläinen wrote:
> I am not sure what the actual problem here is. What are you trying to
> achieve which does not work?
I think pkgconfig and mysql_config from libmariadbclient-dev should be
specifying -lmariadbclient instead of -lmysqlclient.
I had
Hi Otto,
On Thu, Mar 02, 2017 at 01:04:16AM +0200, Otto Kekäläinen wrote:
> Sorry for the late reply. I think that the urgent security slip was
> already fixed by updating mariadb-10.1 to have the correct conflicts.
I believe this is incorrect. The only commit addressing this is
https://anonscm.d
On Thu, Jan 19, 2017 at 03:01:47PM +, Robie Basak wrote:
> I wonder if we should have both mariadb-common and mysql-server-5.7 (ie.
> everything that asks for a custom my.cnf symlink) declare a virtual
> package? So add:
>
> Provides: mysql-my-cnf
> Conflicts: mysql-m
On Mon, Jan 30, 2017 at 06:38:16PM +, Robie Basak wrote:
> manage /var/lib/mysql manually. So perhaps it is indeed entirely
> inappropriate to put purging code in the *-core package postrm.
I keep saying "purging code", but what I really mean is "code that
touches/dele
On Mon, Jan 30, 2017 at 06:02:30PM +, Julian Gilbey wrote:
> There is an issue with this: the postrm's in mysql-server-5.7 and
> mariadb-server-10.1 do significantly more than just removing
> /var/lib/mysql when purging - see my (now broken because of this!)
> patches on bug#852495: they also d
On Mon, Jan 30, 2017 at 10:45:44AM +0100, Lars Tangvald wrote:
> I think an ok short-term solution is to make a .postrm script for
> mysql-server-core, and move the delete logic there with the check on
> /usr/sbin/mysqld restored, for both MariaDB and MySQL. Then we don't need to
> check on any spe
Hi Julian,
Thank you for reporting this.
On Mon, Jan 30, 2017 at 09:24:46AM +0100, Lars Tangvald wrote:
> Anyone else have any good ideas on how to handle this?
I think the root cause here is that both MySQL and MariaDB packaging
"own" /var/lib/mysql. This causes confusion because even though th
Hi Otto,
On Sun, Jan 15, 2017 at 09:33:24PM +0200, Otto Kekäläinen wrote:
> 2017-01-13 13:18 GMT+02:00 Robie Basak :
> > So I think the configure-symlinks code needs to move from mariadb-common
> > to mariadb-server-10.1 in addition.
>
> The MariaDB client programs mi
Hi Otto,
Thank you for working on this.
On Fri, Jan 13, 2017 at 01:05:49AM +0200, Otto Kekäläinen wrote:
> Fixed as suggested in
> https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.1.git/commit/?id=75fa84af6bdf84ff95bd0cabb2a8966330d77154
I don't think this fix is sufficient. Though it may wo
reassign 850216 libmariadbclient18
thanks
Hi Salvatore,
Thank you for the report. I can reproduce this on stretch.
Otto: please could you take a look at this?
It seems that the problem is that libmariadbclient18 depends on
mariadb-common directly. mariadb-common's postinst adds
/etc/mysql/maria
forcemerge 847231 847992 848118
thanks
These are all the same bug.
When fixing, also see bug 840646. These should all be resolved at once.
signature.asc
Description: PGP signature
On Mon, Nov 14, 2016 at 12:31:43PM +0100, Lucas Nussbaum wrote:
> On 14/11/16 at 02:47 -0800, Lars Tangvald wrote:
> > I got it backwards, then :)
> > A high number of cores might cause this if fs.aio-max-nr is set low (cat
> > /proc/sys/fs/aio-max-nr | aio-nr), or rather, too low for the the
> >
fixed 798080 5.7.13-1~exp1
thanks
I believe this is fixed in 5.7.13-1~exp1 in experimental, where we no
longer use mysqld_safe.
Hi Dominic,
On Sat, Sep 24, 2016 at 01:38:19PM +0100, Dominic Hargreaves wrote:
> > > As I need to have a MySQL 5.6 backport supported for the foreseeable
> > > future, I intend to NMU a new upstream release in the next few weeks.
> > >
> > > Does anyone have any objections to this?
> >
> >
> >
Hi Dominic,
On Thu, Sep 22, 2016 at 04:10:37PM +0100, Dominic Hargreaves wrote:
> > Do you have any ETA for this update being in unstable?
>
> I assume that there is no more work for mysql-5.6 planned by the
> MySQL team, given the silence on this bug and that you are about to
> upload mysql-5.7
Dear Release Team,
I believe we're now pretty much ready for an upload of MySQL 5.7 to
unstable. This would be src:mysql-5.7, which would eventually supersede
src:mysql-5.6, with a general s/5.6/5.7/ in the binary package names.
One significant change is the transition from libmysqlclient18 to
li
On Mon, Sep 12, 2016 at 11:37:49PM +0200, Moritz Muehlenhoff wrote:
> As per previous discussion, don't include in stretch/blocker bug to
> keep it out.
What previous discussion? I'm aware of a decision for things to depend
on src:mariadb-10.0 instead, not of any decision to keep src:mysql-5.6
out
verisons of autotools
+change.
+
+ -- Robie Basak Thu, 14 Apr 2016 11:29:24 +
+
sysbench (0.4.12-1.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru sysbench-0.4.12/debian/control sysbench-0.4.12/debian/control
--- sysbench-0.4.12/debian/control 2014-02-12 22:43:13.0
Hi Salvatore,
On Mon, Apr 25, 2016 at 04:54:03PM +0200, Salvatore Bonaccorso wrote:
> On Fri, Apr 22, 2016 at 09:52:44AM +0100, Robie Basak wrote:
> > On Thu, Apr 21, 2016 at 07:13:34PM +0200, Salvatore Bonaccorso wrote:
> > > Do you have any status-update for this for us?
>
On Thu, Apr 21, 2016 at 07:13:34PM +0200, Salvatore Bonaccorso wrote:
> Do you have any status-update for this for us?
Struggling to find an available and willing sponsor, sorry. Lars has had
his tree ready for a while.
I am DM for src:mysql-5.6, but not for src:mysql-5.5 (that's just a
technical
tags 811068 + patch
user ubuntu-de...@lists.ubuntu.com
usertag 811068 + xenial ubuntu-patch
thanks
Quilt patch attached.
Robie
From: Robie Basak
Date: Sun, 10 Apr 2016 19:03:00 +
Subject: [PATCH 1/1] Accept SQLITE_INDEX_CONSTRAINT_LIKE from sqlite
sqlite 3.10.0 added the
forwarded 811068 https://bugzilla.gnome.org/show_bug.cgi?id=764860
thanks
On Fri, Jan 15, 2016 at 03:31:24AM -0800, Martin Michlmayr wrote:
> Package: libgda5
> Version: 5.2.4-1
>
> libgda5 fails to build for me in unstable. Do you see this, too?
We see this in Ubuntu. I've done some investigat
Hi Otto,
On Tue, Jan 26, 2016 at 10:03:37PM +0200, Otto Kekäläinen wrote:
> The mysql-5.5 source package produces the libmysqlclient18 shared
> library, main file being libmysqlclient.so.18. So does the mysql-5.6
> package too (even using the same "18" version string oddly, are there
> no changes
On Wed, Jan 27, 2016 at 07:15:24PM +0100, Salvatore Bonaccorso wrote:
> Yes the dak mails for security-master are only sent to the security
> team. I can confirm that
>
> mysql-5.5_5.5.47-0+deb8u1_amd64.changes ACCEPTED into stable->embargoed
>
> and
>
> mysql-5.5_5.5.47-0+deb7u1_amd64.changes A
Hi Salvatore,
On Tue, Jan 26, 2016 at 08:17:30PM +0100, Salvatore Bonaccorso wrote:
> On Tue, Jan 26, 2016 at 06:36:06PM +0000, Robie Basak wrote:
> > Hi Salvatore,
> >
> > On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote:
> > > Thank you lo
Hi Salvatore,
On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote:
> Thank you looks good to me.
>
> I haven't seen the same for jessie, but assuming it is basically the
> same and matching what you showed me initially from git, let's go
> ahead with an upload.
FYI, we're still
Dear Security Team,
You have asked us to be prompt with helping to prepare security updates
for you, and we have done so. We have kept the bug updated like you
asked us last time. The sources are tested and ready. We notified the
bug as requested, but haven't heard from you. Please let us know how
Question for the security team.
On Mon, Jan 18, 2016 at 09:16:06PM +0100, Norvald H. Ryeng wrote:
> Source: mysql-5.6
> Version: 5.6.27-2
> Severity: grave
> Tags: security upstream fixed-upstream
5.6.27-2 only exists in testing, and I uploaded 5.6.28-1 to unstable
recently. It hasn't landed in t
tags 811222 + wontfix
thanks
Hi Martin,
On Sat, Jan 16, 2016 at 04:05:15PM -0800, Martin Michlmayr wrote:
> Package: mysql-5.5
> Version: 5.5.44-0+deb8u1
> Severity: serious
5.5.44-0+deb8u1 will be removed from unstable shortly. It is not in
testing. See bug #811158. It is superseded by src:mysq
Hi,
Do you have steps to reproduce this please? What makes you think it is a
bug in the packaging as opposed to a configuration problem on your
system?
On Sun, Nov 22, 2015 at 10:02:05PM +0100, jpp wrote:
> The /var/lib/mysql is a symlinj to another location on another disk.
I'm not aware of any
Hi Andreas,
As always, thank you for looking into this!
On Wed, Jul 22, 2015 at 12:48:49PM +0200, Andreas Beckmann wrote:
> move innochecksum manpage to mysql-server-core-5.6, too
Please note that these may need to be coordinated with mariadb and
percona packaging. Otherwise we could end u
reassign 609537 mysql-server-5.5
thanks
As far as I can tell this bug doesn't exist in the init.d script shipped
with mysql-server-5.6 - I can see waiting code there similar to the code
proposed in the patches in this bug.
So presumably this should be tracked just in mysql-server-5.5 (which
will
Hi Andreas,
Some quick answers (without looking at detail):
On Fri, Jul 17, 2015 at 01:10:35PM +0200, Andreas Beckmann wrote:
> I pushed another one to deregister the my.cnf.fallback alternative on
> removal, otherwise purge gets noisy about the dangling link.
Having looked at your previous patc
Hi Andreas,
On Sat, Jul 11, 2015 at 03:29:02AM +0200, Andreas Beckmann wrote:
> Since the issue is hard to describe in detail and with all pitfalls
> without digging into it and testing it, I rather developed patches
> that I tested in sid and stretch, to ensure sane upgrade paths.
> The commit me
On Fri, Jun 05, 2015 at 09:54:04PM +0200, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package now fails to start
> the server in a piuparts test environment, i.e. a a minimal sid or
> stretch chroot (while jessie works fine). This is most likely a
> regression introduced by
On Tue, Jun 30, 2015 at 05:55:04PM +0200, Mateusz Kijowski wrote:
> http://bugs.mysql.com/bug.php?id=70672 seems to be the reason. Perhaps we
> can hack the mysql package to include it?
If it's not part of the public API, then I don't think it's appropriate
for the package to include it. We'd effe
tags 790406 + pending
thanks
Hi Ralf,
On Mon, Jun 29, 2015 at 08:35:28AM +0200, Ralf Treinen wrote:
> dpkg: error processing archive
> /var/cache/apt/archives/mysql-server-core-5.6_5.6.25-2_amd64.deb (--unpack):
> trying to overwrite '/usr/bin/innochecksum', which is also in package
> mysql-cl
Hi Martin,
On Sat, Jun 27, 2015 at 02:40:19PM -0400, Martin Michlmayr wrote:
> I've filed this as serious since it breaks other packages, but let me
> know if the change was intentional and I'll file bugs on the 11
> packages instead and close this one. Given that libmysqlclient15-dev
> hasn't be
On Sun, Jun 14, 2015 at 02:47:00AM +0300, Otto Kekäläinen wrote:
> ..so at the moment the only thing I can do is to revert all mysql-5.6
> compatibility in MariaDB, which would be a huge waste of everybody's
> time. Can't we make an exception from the policy here as clearly the
> point of the polic
n the postrm
+since it may already have been removed (Closes: #748618, LP: #1042511).
+
+ -- Robie Basak Thu, 09 Apr 2015 11:44:25 +0100
+
syslinux-themes-debian (12-3) unstable; urgency=low
* QA upload.
diff -Nru
syslinux-themes-debian-12/debian/syslinux-themes-debian-squeeze.p
Package: sweethome3d
Version: 4.3+dfsg-2
Severity: serious
I've only tested 4.3+dfsg-2 (through Ubuntu 14.04), but I see nothing in
changelogs to suggest that this behaviour has changed more recently.
By default, sweethome3d calls home by making an HTTP request to
http://www.sweethome3d.com/Sweet
reopen 712004
thanks
AIUI, a workaround to unblock the Apache 2.4 transition was to disable
building of libapache2-svn in 1.6.17dfsg-4.1, which isn't really a fix
for this particular bug but did close it. I'm not sure whether you'd
prefer a separate bug for the fact that we no longer have a Subver
Package: mysql-5.5
Version: 5.5.31+dfsg-1
Severity: serious
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu saucy
See:
https://blog.mariadb.org/mysql-man-pages-silently-relicensed-away-from-gpl/
It seems that Oracle silently changed the licensing in the
documentation; at least the man
77 matches
Mail list logo
