Bug#916750: marked as done (lighttpd: reorganize lighttpd binary packages to reduce dependencies (ldap/mysql) and package count)
Your message dated Mon, 7 Jan 2019 09:37:21 +0100 with message-id <20190107083721.aarzz7lhwapyirzj@laureti-dev> and subject line Re: Bug#916750: lighttpd: reorganize lighttpd binary packages to reduce dependencies (ldap/mysql) and package count has caused the Debian Bug report #916750, regarding lighttpd: reorganize lighttpd binary packages to reduce dependencies (ldap/mysql) and package count to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 916750: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916750 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: lighttpd Version: 1.4.52-1 It has come up that lighttpd's binary packages are organized suboptimally. I'm creating this bug report to discuss a better organization and have X-Debbugs-Cced some interested parties. Please forward the bug to other interested parties that you may know of. Problem #1: Some upload since stretch added the mod_vhostdb_* modules including mod_vhostdb_ldap.so and mod_vhostdb_mysql.so. Therefore lighttpd now depends on libldap and libmariadbclient. That produces an unreasonable installation size for embedded uses. Multiple people (including Stefan Bühler, Glenn Strauss and myself) have requested to shrink this. Problem #2: lighttpd presently produces 11 binary packages. That's quite many for an otherwise small package. Adding binary packages has a metadata cost to the Debian archive that affects everyone (not just lighttpd users). We should seek to reduce the package count. Are there more problems? Fixing the first problem likely involves making the second problem worse. We should seek to avoid that. With regard to fixing this my first proposal builds on the existing practise to put mod_foo.so into lighttpd-mod-foo: Let every binary package build from src:lighttpd have Provides for the modules that it ships. For the present lighttpd-mod-* packages, no Provides are needed. Only the main lighttpd package needs a pile of provides. A README.Debian should explain that you should use these virtual packages in Depends rather than e.g. "Depends: lighttpd (>= $version_that_introduced_mod_foo)". Given that lighttpd modules are comparatively small (some tens of KB), I suggest that grouping them by their main dependency would make sense. The fairly obvious consequences would be: * lighttpd-modules-mysql: mod_authn_mysql, mod_mysql_vhost, mod_vhostdb_mysql * lighttpd-modules-ldap: mod_authn_ldap, mod_vhostdb_ldap * lighttpd (base package): mod_access, mod_accesslog, mod_alias, mod_auth, mod_authn_file, mod_cgi, mod_dirlisting, mod_evasive, mod_evhost, mod_expire, mod_extforward, mod_fastcgi, mod_flv_streaming, mod_indexfile, mod_proxy, mod_redirect, mod_rewrite, mod_rrdtool, mod_scgi, mod_secdownload, mod_setenv, mod_simple_vhost, mod_sockproxy, mod_ssi, mod_staticfile, mod_status, mod_uploadprogress, mod_userdir, mod_usertrack, mod_vhostdb, mod_wstunnel * The modules mod_authn_gssapi, mod_cml, mod_geoip, mod_magnet, mod_trigger_b4_dl and mod_webdav presently have their own binary packages and they each have significant library piles. Maybe it is best to leave these as is. * The remaining modules are mod_compress, mod_deflate and mod_openssl. These pull zlib1g, libbz2-1.0 and libssl1.1. At least the first two are transitively essential already and mod_openssl seems to be very popular, so it likely is best to leave them with the main binary package. Resulting changes: * Merge lighttpd-mod-authn-mysql and lighttpd-mod-mysql-vhost together into lighttpd-modules-mysql. * Rename lighttpd-mod-auth-ldap to lighttpd-modules-ldap. * Add 3 transitional dummy packages for the removed/renamed packages. * Move mod_vhostdb_mysql and mod_vhostdb_ldap to the new packages. -> mysql and ldap depends removed from lighttpd -> +2 binary packages for buster -> -3 binary packages for bullseye -> Due to Provides (see above), rdeps don't have to change. Then Stefan and Glenn proposed adding new modules: * mod_vhostdb_dbi * mod_vhostdb_pgsql * mod_authn_pam * mod_authn_sasl Here it is less clear how to organize them. mod_cml and mod_trigger_b4_dl each use libsasl2 (via libmemcached). mod_vhostdb_pgsql is likely the only module that links postgres, so likely it'll deserve a binary package. How bad would it be to simply not ship these four packages in buster (as is presently the case) and add them for bullseye? Which ones do we really need for buster? Did I miss anything? Please reply in a timely manner to allow implementing as much of the changes as possible before the b
Bug#916786: marked as done (916750)
Your message dated Mon, 7 Jan 2019 09:37:21 +0100 with message-id <20190107083721.aarzz7lhwapyirzj@laureti-dev> and subject line Re: Bug#916750: lighttpd: reorganize lighttpd binary packages to reduce dependencies (ldap/mysql) and package count has caused the Debian Bug report #916750, regarding 916750 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 916750: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916750 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: lighttpd Version: 1.4.52-1 > Problem #2: > > lighttpd presently produces 11 binary packages. That's quite many for an > otherwise small package. Adding binary packages has a metadata cost to > the Debian archive that affects everyone (not just lighttpd users). We > should seek to reduce the package count. IMHO, it appears that the origin of these issues is the metadata cost, and not that lighttpd is modular. It appears the metadata costs are the tail wagging the dog for package design decisions. That is most unfortunate. > How bad would it be to simply not ship these four packages in buster (as > is presently the case) and add them for bullseye? Which ones do we > really need for buster? Did I miss anything? The previous Debian lighttpd maintainers did a pretty poor job following upstream. Just about everything that you're doing is an improvement, so thank you. Perhaps for Buster, all the new packages should be removed, except those split from existing lighttpd core (mod_openssl) and from mod_auth (mod_authn_file, mod_authn_ldap). Hopefully, Debian will address the metadata cost scaling issue in a future Debian release. I still think it reflects poorly on Debian that lighttpd in Debian will be crippled due to Debian packaging scaling limitations. While I would like to see mod_openssl as its own package for the future, no such requirement exists at the moment, and other parts of lighttpd link against libcrypto (not libssl). The lighttpd build would have to be modified if lighttpd were to provide some algorithms with the core (e.g. SHA1), rather than obtaining them from libcrypto, and then mod_openssl built separately. So for now, let's not do mod_openssl as a separate package. As you proposed, we might proceed with creating lighttpd-modules-mysql and lighttpd-modules-ldap to start the transition, as that makes sense to group the modules depending on the database so that a future Debian release can remove those dependencies from the core. . tl;dr: I agree with your proposal for lighttpd-modules-mysql and lighttpd-modules-ldap, though I might suggest lighttpd-modules-mariadb instead of lighttpd-modules-mysql. I agree with your proposal to avoid adding new modules to the lighttpd base package which would increase the dependency footprint of the lighttpd base package. I propose leaving the -dev build dependencies in debian/rules so that others could more easily build dpkgs of the additional modules, and install those modules themselves. --- End Message --- --- Begin Message --- Version: 1.4.52-2+exp2 On Fri, Jan 04, 2019 at 08:36:53AM +0100, Helmut Grohne wrote: > a copyright update seems prudent. So we need two further changes. Unless > I hear something, I'll go ahead with an upload to experimental soon. That went faster than expected. We've got the reorganization in experimental now. Helmut--- End Message ---
Bug#834625: lighttpd: Add autopkgtests test to check mitigation against HTTPoxy
On Wed, Aug 17, 2016 at 06:08:52PM +0200, Santiago Ruano Rincón wrote: > Please, find attached the patches to include a DEP-8 test to check if > lighttpd correctly avoids passing http proxy variables to CGIs. Thank you for your contribution to the lighttpd package. Raising the absence of tests was very useful and I now added a few simpler ones. Unfortunately, I think that it is not reasonable to include your patch as is. > +Tests: do-not-emit-http-proxy-to-cgi This is a very specific test. However, we still lack a lot of simpler tests. When this test breaks, one has a hard time figuring out what the cause is. At the time of your bug filing, lighttpd had no autopkgtests at all. Now, we have some very basic tests (thanks to your bug), but not even a single cgi test. Before adding such a specific test, I think it would be prudent to include a basic cgi test. > +Depends: @, python2.7, python-requests, curl, netcat > +Restrictions: needs-root, allow-stderr This test can be reasonably implemented without needs-root. Requiring needs-root means that you cannot run it under schroot unfortunately. So I don't think your patch is usable as is. Would you be interested in addressing the points raised? Helmut
Bug#917347: marked as done (Obsolete build dependency on libssl1.0-dev)
Your message dated Mon, 07 Jan 2019 09:35:40 + with message-id and subject line Bug#917347: fixed in lighttpd 1.4.52-3 has caused the Debian Bug report #917347, regarding Obsolete build dependency on libssl1.0-dev to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 917347: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917347 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: lighttpd Severity: normal Your package uses "libssl-dev | libssl1.0-dev" as a build dependency on OpenSSL. openssl1.0 is scheduled for removal, the alternate build dependency can now be removed. Cheers, Moritz --- End Message --- --- Begin Message --- Source: lighttpd Source-Version: 1.4.52-3 We believe that the bug you reported is fixed in the latest version of lighttpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 917...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Helmut Grohne (supplier of updated lighttpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Jan 2019 10:03:56 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-modules-ldap lighttpd-modules-mysql lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav lighttpd-mod-authn-gssapi lighttpd-mod-authn-ldap lighttpd-mod-authn-mysql lighttpd-mod-authn-pam lighttpd-mod-authn-sasl lighttpd-mod-geoip lighttpd-mod-vhostdb-dbi lighttpd-mod-vhostdb-pgsql Architecture: source Version: 1.4.52-3 Distribution: sid Urgency: medium Maintainer: Debian QA Group Changed-By: Helmut Grohne Description: lighttpd - fast webserver with minimal memory footprint lighttpd-doc - documentation for lighttpd lighttpd-mod-authn-gssapi - GSSAPI authentication for lighttpd lighttpd-mod-authn-ldap - Transitional dummy package for LDAP authentication for lighttpd lighttpd-mod-authn-mysql - Transitional dummy package for MySQL authentication for lighttpd lighttpd-mod-authn-pam - PAM authentication for lighttpd lighttpd-mod-authn-sasl - SASL authentication for lighttpd lighttpd-mod-cml - cache meta language module for lighttpd lighttpd-mod-geoip - GeoIP restrictions for lighttpd lighttpd-mod-magnet - control the request handling module for lighttpd lighttpd-mod-mysql-vhost - Transitional dummy package for MySQL-based virtual host configura lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd lighttpd-mod-vhostdb-dbi - DBI-based virtual host configuration for lighttpd lighttpd-mod-vhostdb-pgsql - PostgreSQL-based virtual host configuration for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd lighttpd-modules-ldap - LDAP-based modules for lighttpd lighttpd-modules-mysql - MySQL-based modules for lighttpd Closes: 916676 917347 Changes: lighttpd (1.4.52-3) unstable; urgency=medium . * QA Upload to unstable. * http_auth_backends_assertion.patch: Fix load-all-modules autopkgtest. * Update lighttpd.tmpfile.conf to use /run. (Closes: #916676) * Drop obsolete alternative libssl1.0-dev from Build-Depends. Thanks to Moritz Muehlenhoff and Stefan Bühler for considering implications on backports. (Closes: #917347) Checksums-Sha1: 32af91a8a1e358b83cc2ad4c590bd817083d71f2 3456 lighttpd_1.4.52-3.dsc 611c76ce419e75a473df33cb99deb90f0e379832 49368 lighttpd_1.4.52-3.debian.tar.xz 7a4d7653ed0d4da1df2ef9b826d3a0554b31c6a3 15987 lighttpd_1.4.52-3_amd64.buildinfo Checksums-Sha256: cbd0d1ff79ae7f35620573e8d6136a355359077310063018060ba565f375c85f 3456 lighttpd_1.4.52-3.dsc f92158e19ec1308e6b144aac54bddbcda2387889e42e9a5d6362261c9f291abb 49368 lighttpd_1.4.52-3.debian.tar.xz 7447f988c03dd56f720af32582b3f61332848fcea77a01ef919429316b8d14ba 15987 lighttpd_1.4.52-3_amd64.buildinfo Files: 559925e340d32eae36d95ce1866cc2fc 3456 httpd optional lighttpd_1.4.52-3.dsc b00195d85de308954d3bf4e4a7f1ead5 49368 httpd optional lighttpd_1.4.52-3.debian.tar.xz 3e1a21bcca973d22515eaae4de28a49e 15987 httpd optional lighttpd_1.4.52-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAlwzGngACgkQLRqqzyRE REIXDxAAjEp9
Bug#916676: marked as done (lighttpd: please update the tmpfiles.d/ drop-in file accordingly)
Your message dated Mon, 07 Jan 2019 09:35:40 + with message-id and subject line Bug#916676: fixed in lighttpd 1.4.52-3 has caused the Debian Bug report #916676, regarding lighttpd: please update the tmpfiles.d/ drop-in file accordingly to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 916676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916676 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Subject: lighttpd: /var/run deprecated? Package: lighttpd Version: 1.4.52-1 Severity: normal Dear Maintainer, Setting up lighttpd (1.4.52-1) ... Created symlink /etc/systemd/system/multi-user.target.wants/lighttpd.service → /lib/systemd/system/lighttpd.service. [lighttpd.tmpfile.conf:1] Line references path below legacy directory /var/run/, updating /var/run/lighttpd → /run/lighttpd; please update the tmpfiles.d/ drop-in file accordingly. Gr, Olaf -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages lighttpd depends on: ii libattr11:2.4.47-2+b2 ii libbz2-1.0 1.0.6-9 ii libc6 2.28-2 ii libfam0 2.7.0-17.2+b1 ii libldap-2.4-2 2.4.46+dfsg-5+b1 ii libmariadbclient18 1:10.1.37-3 ii libpcre32:8.39-11 ii libssl1.1 1.1.1a-1 ii lsb-base10.2018112800 ii mime-support3.61 ii perl5.28.1-3 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages lighttpd recommends: ii spawn-fcgi 1.6.4-2 Versions of packages lighttpd suggests: pn apache2-utils pn lighttpd-doc ii openssl1.1.1a-1 pn php-cgi pn rrdtool -- no debconf information --- End Message --- --- Begin Message --- Source: lighttpd Source-Version: 1.4.52-3 We believe that the bug you reported is fixed in the latest version of lighttpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 916...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Helmut Grohne (supplier of updated lighttpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Jan 2019 10:03:56 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-modules-ldap lighttpd-modules-mysql lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav lighttpd-mod-authn-gssapi lighttpd-mod-authn-ldap lighttpd-mod-authn-mysql lighttpd-mod-authn-pam lighttpd-mod-authn-sasl lighttpd-mod-geoip lighttpd-mod-vhostdb-dbi lighttpd-mod-vhostdb-pgsql Architecture: source Version: 1.4.52-3 Distribution: sid Urgency: medium Maintainer: Debian QA Group Changed-By: Helmut Grohne Description: lighttpd - fast webserver with minimal memory footprint lighttpd-doc - documentation for lighttpd lighttpd-mod-authn-gssapi - GSSAPI authentication for lighttpd lighttpd-mod-authn-ldap - Transitional dummy package for LDAP authentication for lighttpd lighttpd-mod-authn-mysql - Transitional dummy package for MySQL authentication for lighttpd lighttpd-mod-authn-pam - PAM authentication for lighttpd lighttpd-mod-authn-sasl - SASL authentication for lighttpd lighttpd-mod-cml - cache meta language module for lighttpd lighttpd-mod-geoip - GeoIP restrictions for lighttpd lighttpd-mod-magnet - control the request handling module for lighttpd lighttpd-mod-mysql-vhost - Transitional dummy package for MySQL-based virtual host configura lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd lighttpd-mod-vhostdb-dbi - DBI-based virtual host configuration for lighttpd lighttpd-mod-vhostdb-pgsql - PostgreSQL-based virtual host configuration for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd lighttpd-modules-ldap - LDAP-based modules for lighttpd lighttpd-modules-mysql - MySQL-based modules for lighttpd Closes: 916676 917347 Changes: lighttpd (1.4.52-3
Processing of lighttpd_1.4.52-3_source.changes
lighttpd_1.4.52-3_source.changes uploaded successfully to localhost along with the files: lighttpd_1.4.52-3.dsc lighttpd_1.4.52-3.debian.tar.xz lighttpd_1.4.52-3_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
lighttpd_1.4.52-3_source.changes ACCEPTED into unstable
Mapping sid to unstable. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Jan 2019 10:03:56 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-modules-ldap lighttpd-modules-mysql lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav lighttpd-mod-authn-gssapi lighttpd-mod-authn-ldap lighttpd-mod-authn-mysql lighttpd-mod-authn-pam lighttpd-mod-authn-sasl lighttpd-mod-geoip lighttpd-mod-vhostdb-dbi lighttpd-mod-vhostdb-pgsql Architecture: source Version: 1.4.52-3 Distribution: sid Urgency: medium Maintainer: Debian QA Group Changed-By: Helmut Grohne Description: lighttpd - fast webserver with minimal memory footprint lighttpd-doc - documentation for lighttpd lighttpd-mod-authn-gssapi - GSSAPI authentication for lighttpd lighttpd-mod-authn-ldap - Transitional dummy package for LDAP authentication for lighttpd lighttpd-mod-authn-mysql - Transitional dummy package for MySQL authentication for lighttpd lighttpd-mod-authn-pam - PAM authentication for lighttpd lighttpd-mod-authn-sasl - SASL authentication for lighttpd lighttpd-mod-cml - cache meta language module for lighttpd lighttpd-mod-geoip - GeoIP restrictions for lighttpd lighttpd-mod-magnet - control the request handling module for lighttpd lighttpd-mod-mysql-vhost - Transitional dummy package for MySQL-based virtual host configura lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd lighttpd-mod-vhostdb-dbi - DBI-based virtual host configuration for lighttpd lighttpd-mod-vhostdb-pgsql - PostgreSQL-based virtual host configuration for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd lighttpd-modules-ldap - LDAP-based modules for lighttpd lighttpd-modules-mysql - MySQL-based modules for lighttpd Closes: 916676 917347 Changes: lighttpd (1.4.52-3) unstable; urgency=medium . * QA Upload to unstable. * http_auth_backends_assertion.patch: Fix load-all-modules autopkgtest. * Update lighttpd.tmpfile.conf to use /run. (Closes: #916676) * Drop obsolete alternative libssl1.0-dev from Build-Depends. Thanks to Moritz Muehlenhoff and Stefan Bühler for considering implications on backports. (Closes: #917347) Checksums-Sha1: 32af91a8a1e358b83cc2ad4c590bd817083d71f2 3456 lighttpd_1.4.52-3.dsc 611c76ce419e75a473df33cb99deb90f0e379832 49368 lighttpd_1.4.52-3.debian.tar.xz 7a4d7653ed0d4da1df2ef9b826d3a0554b31c6a3 15987 lighttpd_1.4.52-3_amd64.buildinfo Checksums-Sha256: cbd0d1ff79ae7f35620573e8d6136a355359077310063018060ba565f375c85f 3456 lighttpd_1.4.52-3.dsc f92158e19ec1308e6b144aac54bddbcda2387889e42e9a5d6362261c9f291abb 49368 lighttpd_1.4.52-3.debian.tar.xz 7447f988c03dd56f720af32582b3f61332848fcea77a01ef919429316b8d14ba 15987 lighttpd_1.4.52-3_amd64.buildinfo Files: 559925e340d32eae36d95ce1866cc2fc 3456 httpd optional lighttpd_1.4.52-3.dsc b00195d85de308954d3bf4e4a7f1ead5 49368 httpd optional lighttpd_1.4.52-3.debian.tar.xz 3e1a21bcca973d22515eaae4de28a49e 15987 httpd optional lighttpd_1.4.52-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAlwzGngACgkQLRqqzyRE REIXDxAAjEp9C3C15DptZ5hWWdVYOBOzVHERLGXMGl6g5w5UHsNjafdbNWbicTO2 ol6qrGeGeJexdit4MS+YrkM62lBriDzL2s9Tk9wlkKSTZXhA1nr7muhb2FUVJbuc I6DNWyooGoK0pz2ATinusww7N4ZO7wwjKFUVJUNmoQAsvmtcwpJZQ1PY2yr/C3/Y ucA+ispeZw+68PSBv1AR/RgY346V7sO6sEq1VSCFVUADdG+q4eY499WgN+ztwhHY 9nZPWcpXvKjqZJeuPSmdHFtjWIDaenQG7tm4KgzslDifY5TOd9TDeKNJxsRJ 8eQrVWH+7ZqN9MjiAaUEfKhH9dVplsGVe8Xegfff1pkfIuqTCnSPt+ervj+YONu1 i1Yx95jHJ0lGWSKOoCbjt9D5uxk7UlZpQwDlNxFRkehFiCozDu4flCvPmjFskvsK 3x57mO19MO0+FJ3JjPaQnhgZC+B7rEmHJhC0XzZJQwjQg4x/2LZaTE3C2MTF85/S uCAtioDXgO1+13EmnorVISq6poU+kZtcP2VX5ixIGkOiQNHdRBll0oE9E+BoKz0J JkuHG0qTYky2kgeBk7CBEmd8DUaW9RPn1rMMpiCwN9VVEEob+VU34pextfhKVQxi zljGpKka6tBxHRhwOUesNvlIWEWMtJZGwSjvvMeJohXb6D2I1X8= =aYf6 -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processed: found 774439 in 5.21q-6
Processing commands for cont...@bugs.debian.org: > found 774439 5.21q-6 Bug #774439 [arc] arc: buffer over-read Marked as found in versions arc/5.21q-6. > thanks Stopping processing here. Please contact me if you need assistance. -- 774439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774439 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#829963: marked as done (gpdftext: Uses deprecated gnome-common macros/variables)
Your message dated Mon, 07 Jan 2019 14:51:22 + with message-id and subject line Bug#918496: Removed package(s) from unstable has caused the Debian Bug report #829963, regarding gpdftext: Uses deprecated gnome-common macros/variables to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 829963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829963 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gpdftext Version: 0.1.6-2 Severity: normal User: pkg-gnome-maintain...@lists.alioth.debian.org Usertags: gnome-common Hi, gnome-common did a cleanup upstream and deprecated quite a few macros and variables. gnome-doc-utils removal === The gnome-doc-utils build infrastructure was removed completely along with the following macros: GNOME_DOC_INIT [1] GNOME_COMMON_INIT [2] deprecated variables The following variables used in gnome-autogen.sh have been declared deprecated [3]: REQUIRED_GNOME_DOC_UTILS_VERSION REQUIRED_DOC_COMMON_VERSION USE_COMMON_DOC_BUILD FORBIDDEN_M4MACROS GNOME2_DIR GNOME2_PATH USE_GNOME2_MACROS deprecated macros = The following macros have also been declared deprecated: GNOME_COMPILE_WARNINGS [4] GNOME_CXX_WARNINGS [5] Upstream has documentation at [6] with how you can fix your package and why those particular changes were made. According to codesearch.d.n your package gpdftext uses one of the macros or variables so might be affected, especially once you run autoreconf. Please update your package accordingly and forward it to upstream if possible. If you have further question, please don't hesitate to ask. Regards, Michael [1] https://git.gnome.org/browse/gnome-common/commit/?id=6684e2fa5 [2] https://git.gnome.org/browse/gnome-common/commit/?id=1f60e9536 [3] https://git.gnome.org/browse/gnome-common/commit/?id=4c8d8ad93 [4] https://git.gnome.org/browse/gnome-common/commit/?id=b57bae0be [5] https://git.gnome.org/browse/gnome-common/commit/?id=2bffd7e1u [6] https://wiki.gnome.org/Projects/GnomeCommon/Migration --- End Message --- --- Begin Message --- Version: 0.1.6-3+rm Dear submitter, as the package gpdftext has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/918496 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#885666: marked as done (gpdftext: Depends on gconf)
Your message dated Mon, 07 Jan 2019 14:51:22 + with message-id and subject line Bug#918496: Removed package(s) from unstable has caused the Debian Bug report #885666, regarding gpdftext: Depends on gconf to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 885666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885666 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gpdftext Version: 0.1.6-3 Severity: important User: pkg-gnome-maintain...@lists.alioth.debian.org Usertags: oldlibs gconf Tags: sid buster As announced [1], we do not intend to release Debian 10 "Buster" with the old libgnome (and related) libraries. These libraries have been deprecated and unmaintained for several years. Your package depends and or build-depends on these libraries: - gconf gconf has been replaced by dconf / gsettings. Please port your package to GTK3 and related maintained libraries. Otherwise, please consider requesting that your package be removed from Debian to help us complete this goal. [1] https://lists.debian.org/debian-devel/2017/10/msg00299.html On behalf of the Debian GNOME team, Jeremy Bicha --- End Message --- --- Begin Message --- Version: 0.1.6-3+rm Dear submitter, as the package gpdftext has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/918496 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#914104: marked as done (gpdftext: Intent to remove from Debian)
Your message dated Mon, 07 Jan 2019 14:51:22 + with message-id and subject line Bug#918496: Removed package(s) from unstable has caused the Debian Bug report #914104, regarding gpdftext: Intent to remove from Debian to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 914104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914104 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gpdftext Version: 0.3.10-3 Severity: serious Tags: buster sid X-Debbugs-CC: codeh...@debian.org gpdftext was orphaned 2 years ago. This is a bit concerning since the Debian maintainer was also upstream for the package. Its last maintainer upload was 4 years ago. I did the only QA upload a year ago to stop using scrollkeeper and modernize the packaging. gpdftext is one of the last packages in Debian using gconf. Although gconf will still be in the Debian Buster release, its main purpose there is to provide the gconf-to-gsettings migration helper. I intend to remove gpdftext from Debian very soon. Please respond very promptly if you agree or object to its removal. References https://bugs.debian.org/835907 (orphan bug) https://bugs.debian.org/885666 (gconf dependency bug) https://web.archive.org/web/20150921230353/https://alioth.debian.org/projects/gpdftext/ On behalf of the Debian GNOME team, Jeremy Bicha --- End Message --- --- Begin Message --- Version: 0.1.6-3+rm Dear submitter, as the package gpdftext has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/918496 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#918496: Removed package(s) from unstable
We believe that the bug you reported is now fixed; the following package(s) have been removed from unstable: gpdftext |0.1.6-3 | source, amd64, arm64, armel, armhf, hurd-i386, i386, kfreebsd-amd64, kfreebsd-i386, mips, mips64el, mipsel, ppc64el, s390x --- Reason --- RoQA; unmaintained, depends on gconf -- Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. Packages are usually not removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. The release team can force a removal from testing if it is really needed, please contact them if this should be the case. We try to close bugs which have been reported against this package automatically. But please check all old bugs, if they were closed correctly or should have been re-assigned to another package. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 918...@bugs.debian.org. The full log for this bug can be viewed at https://bugs.debian.org/918496 This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
Bug#918496: Removed package(s) from unstable
Version: 0.1.6-3+rm Dear submitter, as the package gpdftext has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/918496 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
Bug#863382: xpdf: Config Error: Unknown config file command 'errQuiet'
On Wed, Jan 02, 2019 at 09:02:53PM +0900, Masanori Goto wrote: > This bug has been introduced in xpdf (3.04-6) with the changelog: > * Hacks to compile with poppler 0.61 by Adrian Bunk (closes: #883523) > > I, however, wonder this patch is still valid or not, because I > reverted comments for errQuiet related code and it worked well. I'll > take a look at it more. These were ugly hacks to fix the build. If you have a better replacement for my changes that's appreciated. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Processed: retitle 774527 to arc: CVE-2015-9275: directory traversal
Processing commands for cont...@bugs.debian.org:
> retitle 774527 arc: CVE-2015-9275: directory traversal
Bug #774527 {Done: Salvatore Bonaccorso } [arc] arc:
directory traversal
Changed Bug title to 'arc: CVE-2015-9275: directory traversal' from 'arc:
directory traversal'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
774527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774527
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
