Bug#993348: anacron: dangling symlinks under /etc/systemd/system

[Vincent Lefevre]

Package: anacron
Version: 2.3-31+b1
Severity: normal

anacron has left dangling symlinks:

lrwxrwxrwx 1 root root 35 2015-06-18 10:28:00 
/etc/systemd/system/multi-user.target.wants/anacron.service -> 
/lib/systemd/system/anacron.service
lrwxrwxrwx 1 root root 33 2017-06-02 10:42:36 
/etc/systemd/system/timers.target.wants/anacron.timer -> 
/lib/systemd/system/anacron.timer

These files are now under /usr/lib/systemd/system, so that this
should be cleaned up automatically.

I don't know about the consequences, as the anacron.timer timer is
still active (in the "systemctl list-timers" output).

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages anacron depends on:
ii  debianutils  5.4-3
ii  libc62.31-17
ii  lsb-base 11.1.0

Versions of packages anacron recommends:
ii  cron [cron-daemon]  3.0pl1-137

Versions of packages anacron suggests:
ii  postfix [mail-transport-agent]  3.5.6-1+b1
pn  powermgmt-base  
ii  rsyslog [system-log-daemon] 8.2108.0-1

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#993348: marked as done (anacron: dangling symlinks under /etc/systemd/system)

[Debian Bug Tracking System]

Your message dated Tue, 31 Aug 2021 12:20:32 +
with message-id 
and subject line Bug#993348: fixed in r-cran-bh 1.74.0-2
has caused the Debian Bug report #993348,
regarding anacron: dangling symlinks under /etc/systemd/system
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
993348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993348
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: anacron
Version: 2.3-31+b1
Severity: normal

anacron has left dangling symlinks:

lrwxrwxrwx 1 root root 35 2015-06-18 10:28:00 
/etc/systemd/system/multi-user.target.wants/anacron.service -> 
/lib/systemd/system/anacron.service
lrwxrwxrwx 1 root root 33 2017-06-02 10:42:36 
/etc/systemd/system/timers.target.wants/anacron.timer -> 
/lib/systemd/system/anacron.timer

These files are now under /usr/lib/systemd/system, so that this
should be cleaned up automatically.

I don't know about the consequences, as the anacron.timer timer is
still active (in the "systemctl list-timers" output).

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages anacron depends on:
ii  debianutils  5.4-3
ii  libc62.31-17
ii  lsb-base 11.1.0

Versions of packages anacron recommends:
ii  cron [cron-daemon]  3.0pl1-137

Versions of packages anacron suggests:
ii  postfix [mail-transport-agent]  3.5.6-1+b1
pn  powermgmt-base  
ii  rsyslog [system-log-daemon] 8.2108.0-1

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
--- End Message ---
--- Begin Message ---
Source: r-cran-bh
Source-Version: 1.74.0-2
Done: Dirk Eddelbuettel 

We believe that the bug you reported is fixed in the latest version of
r-cran-bh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 993...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dirk Eddelbuettel  (supplier of updated r-cran-bh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 31 Aug 2021 06:40:29 -0500
Source: r-cran-bh
Architecture: source
Version: 1.74.0-2
Distribution: unstable
Urgency: medium
Maintainer: Dirk Eddelbuettel 
Changed-By: Dirk Eddelbuettel 
Closes: 993348
Changes:
 r-cran-bh (1.74.0-2) unstable; urgency=medium
 .
   * debian/control: Updated actual package version in DESCRIPTION which
 was accidentally omitted from the previous update (Closes: #993348)
   * debian/control: Versioned Depends on libboost-dev added, may get
 removed later as upstream BH (which I maintain) is not always in sync
 with Debian and for example. was not when release -1 was made
 .
   * debian/control: Set Build-Depends: to current R version
   * debian/control: Set Standards-Version: to current version
Checksums-Sha1:
 3749d5c5582a4977f8f572e831f5f387dd8a5fa7 1818 r-cran-bh_1.74.0-2.dsc
 2053964abdbf854e156502e702b5ebdbaecff4d6 1628 r-cran-bh_1.74.0-2.debian.tar.xz
 19902de85d02ea070ffbd5398bb097c7e541d684 9972 
r-cran-bh_1.74.0-2_amd64.buildinfo
Checksums-Sha256:
 7e2acd2a02c9a428fd779b1eca63522dd8553faf1a8c3637cbf7d773a09ed1ad 1818 
r-cran-bh_1.74.0-2.dsc
 bdcd2ce264cb295f76a4d34938bcb7b28e52bdec9f2f142e0c1fbc9ad2ea48c5 1628 
r-cran-bh_1.74.0-2.debian.tar.xz
 26fb646ef591b5312c55d407e2bdd124e3722bbfea3f4bd582738af1a6d124f6 9972 
r-cran-bh_1.74.0-2_amd64.buildinfo
Files:
 fcd348a99f40213cc31d20f59d99c0fe 1818 gnu-r optional r-cran-bh_1.74.0-2.dsc
 9ab31371d43d59f2a1d3b2e6eafbfdf8 1628 gnu-r optional 
r-cran-bh_1.74.0-2.debian.tar.xz
 9bd221e78f3b7ff00a498393f570736c 9972 gnu-

Bug#993348: reopen

[Vincent Lefevre]

Control: reopen -1
Control: notfixed -1 r-cran-bh/1.74.0-2

Hello Dirk,

On 2021-08-31 12:24:03 +, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the anacron package:
> 
> #993348: anacron: dangling symlinks under /etc/systemd/system
> 
> It has been closed by Debian FTP Masters  
> (reply to Dirk Eddelbuettel ).
[...]
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Format: 1.8
> Date: Tue, 31 Aug 2021 06:40:29 -0500
> Source: r-cran-bh
> Architecture: source
> Version: 1.74.0-2
> Distribution: unstable
> Urgency: medium
> Maintainer: Dirk Eddelbuettel 
> Changed-By: Dirk Eddelbuettel 
> Closes: 993348
> Changes:
>  r-cran-bh (1.74.0-2) unstable; urgency=medium
>  .
>* debian/control: Updated actual package version in DESCRIPTION which
>  was accidentally omitted from the previous update (Closes: #993348)

Wrong bug number. The one in r-cran-bh about DESCRIPTION is #993349.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Processed: reopen

[Debian Bug Tracking System]

Processing control commands:

> reopen -1
Bug #993348 {Done: Dirk Eddelbuettel } [anacron] anacron: 
dangling symlinks under /etc/systemd/system
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions r-cran-bh/1.74.0-2.
> notfixed -1 r-cran-bh/1.74.0-2
Bug #993348 [anacron] anacron: dangling symlinks under /etc/systemd/system
Ignoring request to alter fixed versions of bug #993348 to the same values 
previously set

-- 
993348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993348
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#993375: gtkpod: CVE-2021-37231 - stack-buffer overflow in embedded AtomicParsley code, APar_readX

[Neil Williams]

Package: gtkpod
Version: 2.1.5-8
Severity: important
Tags: security

gtkpod embeds a vulnerable version of AtomicParsley, however, the data file 
used to
test atomicparsley upstream is not recognised by gtkpod.

https://github.com/wez/atomicparsley/issues/30

https://sources.debian.org/src/gtkpod/2.1.5-8/libs/atomic-parsley/AP_AtomExtracts.cpp/#L1117

See also #993372

Bug#993376: gtkpod: CVE-2021-32732 - stack overflow in embedded AtomicParsley code APar_read64

[Neil Williams]

Package: gtkpod
Version: 2.1.5-6
Severity: important
Tags: security

https://github.com/wez/atomicparsley/issues/32

See also #993366

gtkpod embeds a vulnerable version of AtomicParsley which causes a stack 
overflow,
however the data file used to test atomicparsley upstream is not recognised by 
gtkpod.

Note that in #993366, the upstream fix for this CVE does not resolve the issue 
as described when
the upstream fix is applied to atomicparsley, so more work may be needed here 
to identify the
problem as it applies to the version of atomicparsley used by gtkpod.

>From a check of the embedded source code, the vulnerable code can be found at:

https://sources.debian.org/src/gtkpod/2.1.5-8/libs/atomic-parsley/AP_AtomExtracts.cpp/#L1325

Bug#993373: Use-after-free bug in realpath()

[Antonin Décimo]

Hi Madie,

Last year I wrote a lot of patches for pmount, amongst which two
remove the bundled implementation of realpath and switch to the
"modern" interface

   char *realpath(const char *restrict path, NULL);

which has been supported by the libc for quite some time. The original
program (mount(8) from util-linux) from which the current
implementation was taken even dropped it in 2013.

Instead of the patch you send, why not drop it completely like I did?
https://github.com/MisterDA/pmount/commit/3f1c9229d828698c348e0f933d1438bbd32a9ed7
https://github.com/MisterDA/pmount/commit/391a9752df966a65afe35308c81e5db975f85a6d

I wasn't ready to release my updated pmount as the current head commit
is broken, and I haven't had time to fix it. I also need to convince
myself that the commit history looks good and that I haven't
introduced more bugs than I've fixed.

If you have some time to spare, please take a look!

I'm also afraid that the Debian package is unmaintained.

Best regards,

-- Antonin

Processed: tagging 993376, tagging 993375, tagging 993372 ..., tagging 993366 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 993376 + upstream
Bug #993376 [gtkpod] gtkpod: CVE-2021-32732 - stack overflow in embedded 
AtomicParsley code APar_read64
Added tag(s) upstream.
> tags 993375 + upstream
Bug #993375 [gtkpod] gtkpod: CVE-2021-37231 - stack-buffer overflow in embedded 
AtomicParsley code, APar_readX
Added tag(s) upstream.
> tags 993372 + upstream
Bug #993372 [atomicparsley] atomicparsley: CVE-2021-37231 - stack-buffer 
overflow in APar_readX in src/extract.cpp
Added tag(s) upstream.
> forwarded 993372 https://github.com/wez/atomicparsley/issues/30
Bug #993372 [atomicparsley] atomicparsley: CVE-2021-37231 - stack-buffer 
overflow in APar_readX in src/extract.cpp
Set Bug forwarded-to-address to 
'https://github.com/wez/atomicparsley/issues/30'.
> tags 993366 + upstream
Bug #993366 [atomicparsley] atomicparsley: CVE-2021-37232 - stack overflow in 
APar_read64 in src/extract.cpp
Ignoring request to alter tags of bug #993366 to the same tags previously set
> forwarded 993366 https://github.com/wez/atomicparsley/issues/32
Bug #993366 [atomicparsley] atomicparsley: CVE-2021-37232 - stack overflow in 
APar_read64 in src/extract.cpp
Set Bug forwarded-to-address to 
'https://github.com/wez/atomicparsley/issues/32'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
993366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366
993372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372
993375: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375
993376: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993376
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processing of elida_0.4.0_source.changes

[Debian FTP Masters]

elida_0.4.0_source.changes uploaded successfully to localhost
along with the files:
  elida_0.4.0.dsc
  elida_0.4.0.tar.xz
  elida_0.4.0_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

elida_0.4.0_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 31 Aug 2021 10:54:30 -0400
Source: elida
Architecture: source
Version: 0.4.0
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Boyuan Yang 
Closes: 776955
Changes:
 elida (0.4.0) unstable; urgency=medium
 .
   * QA upload.
   * Orphan the package.
   * Refresh packaging:
 + Bump to debhelper compat v13.
 + Bump to Standards-Version 4.6.0.
 + Use "3.0 (native)" source format.
   * debian/rules: Use dh interface.
 + Also make the build reproducible. (Closes: #776955)
   * debian/elida.install: Replace manual file installation.
   * elida.init.d: Convert permission (0644->0755).
Checksums-Sha1:
 bac6aae74fa239abf51b1b72f6a5529269cf42b9 1488 elida_0.4.0.dsc
 34e25a6016d2deee3412e50ed311d0b4c54fd0c1 7048 elida_0.4.0.tar.xz
 1d36d15cf310a2a35c4caee6ae627d8f09a0f2b0 5591 elida_0.4.0_amd64.buildinfo
Checksums-Sha256:
 0eabaeae65095745cebaeee22c942a5051715b6e81d91f053d9f5154ffd94b6a 1488 
elida_0.4.0.dsc
 6beeacde734171ac6ed53619e8a8a49ba3933376fc1e72c1d0678e236f061b44 7048 
elida_0.4.0.tar.xz
 539bed3b197e7b394c498fa70ac1550ab7f1f7de2d20c46b2f0863262c2f2a33 5591 
elida_0.4.0_amd64.buildinfo
Files:
 0f1335bf3f6da7f5619b3ff07a371ab0 1488 devel optional elida_0.4.0.dsc
 97b808b411502f6a060342df8c943cfb 7048 devel optional elida_0.4.0.tar.xz
 8d4020bc6961b9f8ff8738f27347aa9b 5591 devel optional 
elida_0.4.0_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmEuV9QACgkQwpPntGGC
Ws7/qw//S+Pymy8ZScJ3ZMARPppCBlSa+4TFo3FhFhamegtKriJQ5pmDdNboAV0q
FSg9IQh0VbzNP/pWI3fWAQh7RJv4fvoqUBpTPIx3ToL2eKPaaVnRr2xW0wSN78g7
hx5YaVbzxyV7cbR9o0CrWGT8JMxoxXIdxZxLOlqrh7JY1dYznC7EmWPJ6Ug6Goa3
bmoIeFWy+qguHu+yq2Xk1oZLZGhE9Ij3rnzMfLEo7i/8CIFgJuVixWmHMcVu17d5
trHHj6oysnsyWXm3MWh5oU5dy9eh0TKHZgAWEZfi9DH18bBpF6hrFgINcbpyoQEw
lWZ6YNH+oP6vD3+wDF9BYw47beJfC+bspjAkzyBrkDsJYWuZWHzcOn9bIae1tp9n
d4yHd9xPR1VYW7UjVKafj7GdTXzFKOX7i7SfYLsLuLM+eIBrcF4m5P36S2a9ATV1
eAEQ10uDj7mpCxfUL62L0rnqog1EEyW41HAvSUbLVIeUKkvD70oc68D6B2tZRRND
2SEq/lB5CmOalgoQIcXSPhUtpWabX3c3x3xHcS1hmDek/iTzWqQNn0MwYf/q+Z/B
rBN+m067u6A3gCa2j4eB8E82B9TKatVrXTERT0KwEvYBq8Rlgz4e/8JzPO7nmPlc
yZAyuT2idY2vqTKuj+ctpEEuhoSHJ8P1MJY9nsfPBuUgP08yne4=
=lT25
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Bug#993373: Use-after-free bug in realpath()

[Madie K. Mckeel]

Package: pmount
Version: 0.9.23-6
Tags: patch

Dear Debian maintainers

I stumbled over a use-after-free bug in pmount.  It's in its realpath 
implementation when dealing with stacked symlinks, i.e. symlinks pointing to 
symlinks. (Ironically, pmount "switched to a [self-made] implementation of 
realpath, for security reasons", so that's that).

The bug is in realpath.c lines 144 to 149:
```
// while (symlink) {
// [...]
if (buf)
free(buf); // (1)
buf = xmalloc(m + n + 1);
memcpy(buf, link_path, n);
memcpy(buf + n, path, m + 1);  // (2)
path = buf;// (3)
// [...]
// }
```
This snippet is iterated in a while loop over the stacked symlinks, e.g. twice 
for a symlink pointing to a symlink pointing to a file. In this case `buf` is 
freed to early (1) as the memory region is still pointed to by `path` (3) and 
used afterwards (2).

A simple (but properly bad) fix is to delay the freeing as in the follow up 
message.  I don't fully understand all the pointer tricker going on in that 
function, so there might be better solutions.

Upstream of this package seams dead a long time ago and Fedora uses Debian as 
upstream, so a fix in Debian would at least hit two major Linux distributions 
and their derivative ecosystems and maybe even others.

Lastly, how to trigger this bug.  Run the test suite `make check` of pmount.  
Though you have to initialise the test data first (first follow up commit to 
this). The test_policy the fails.  On my system the `resolved_path` variable 
contained garbage at the end (probably copied from the invalid pointer 
reference) and `readlink()` failed with an error as such a file did not exist.

Bug#993373: [PATCH 1/2] Populate with dummy test data

[Madie K. Mckeel]

This is derived (and slightly expanded) from the old-upstream revision
144.

---
 tests/check_fstab/a | 1 +
 tests/check_fstab/b | 1 +
 tests/check_fstab/c | 1 +
 tests/check_fstab/d | 1 +
 tests/check_fstab/e | 1 +
 5 files changed, 5 insertions(+)
 create mode 100644 tests/check_fstab/a
 create mode 12 tests/check_fstab/b
 create mode 12 tests/check_fstab/c
 create mode 100644 tests/check_fstab/d
 create mode 12 tests/check_fstab/e

diff --git a/tests/check_fstab/a b/tests/check_fstab/a
new file mode 100644
index 000..df3f5a7
--- /dev/null
+++ b/tests/check_fstab/a
@@ -0,0 +1 @@
+dummy file a
diff --git a/tests/check_fstab/b b/tests/check_fstab/b
new file mode 12
index 000..2e65efe
--- /dev/null
+++ b/tests/check_fstab/b
@@ -0,0 +1 @@
+a
\ No newline at end of file
diff --git a/tests/check_fstab/c b/tests/check_fstab/c
new file mode 12
index 000..c59d9b6
--- /dev/null
+++ b/tests/check_fstab/c
@@ -0,0 +1 @@
+d
\ No newline at end of file
diff --git a/tests/check_fstab/d b/tests/check_fstab/d
new file mode 100644
index 000..54519ff
--- /dev/null
+++ b/tests/check_fstab/d
@@ -0,0 +1 @@
+dummy file d
diff --git a/tests/check_fstab/e b/tests/check_fstab/e
new file mode 12
index 000..3410062
--- /dev/null
+++ b/tests/check_fstab/e
@@ -0,0 +1 @@
+c
\ No newline at end of file
--
2.31.1

Bug#993373: Subject: [PATCH 2/2] Fix use-after-free bug in realpath()

[Madie K. Mckeel]

The memory provided by `buf` is still reference by `path` and used after
the free call.  Delay the freeing until after using it.
---
 src/realpath.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/realpath.c b/src/realpath.c
index 1cf7eaf..9133605 100644
--- a/src/realpath.c
+++ b/src/realpath.c
@@ -64,6 +64,7 @@ private_realpath(const char *path, char *resolved_path, int 
maxreslth) {
char link_path[PATH_MAX+1];
int n;
char *buf = NULL;
+   char *oldbuf = NULL;

npath = resolved_path;

@@ -141,12 +142,19 @@ private_realpath(const char *path, char *resolved_path, 
int maxreslth) {

/* Insert symlink contents into path. */
m = strlen(path);
-   if (buf)
-   free(buf);
+   if (buf) {
+   /* Delay freeing of 'buf', as 'path' might
+* still be pointing to it. */
+   oldbuf = buf;
+   }
buf = xmalloc(m + n + 1);
memcpy(buf, link_path, n);
memcpy(buf + n, path, m + 1);
path = buf;
+   if (oldbuf) {
+   free(oldbuf);
+   oldbuf = NULL;
+   }
 #endif
}
*npath++ = '/';
--
2.31.1

Processing of libgssglue_0.4-3_source.changes

[Debian FTP Masters]

libgssglue_0.4-3_source.changes uploaded successfully to localhost
along with the files:
  libgssglue_0.4-3.dsc
  libgssglue_0.4.orig.tar.bz2
  libgssglue_0.4-3.debian.tar.xz
  libgssglue_0.4-3_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

libgssglue_0.4-3_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 31 Aug 2021 15:04:19 -0400
Source: libgssglue
Architecture: source
Version: 0.4-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Boyuan Yang 
Closes: 732574
Changes:
 libgssglue (0.4-3) unstable; urgency=medium
 .
   * QA upload.
   * debian/rules: Use dh-autoreconf to update libtool macros for
 new ports. (Closes: #732574)
   * debian/source/options: Drop custom compression level.
   * debian/*.dirs: Dropped, not needed.
   * debian/rules: Migrate to dh sequencer.
 + Install all libraries into /usr/lib/ rather than /lib/.
   * debian/control:
 + Bump Standards-Version to 4.6.0.
 + Bump debhelper compat to v13.
 + Add Vcs-* fields.
 + Refresh build-dependency field.
 + Do not mark libgssglue1 as Priority: standard.
Checksums-Sha1:
 7730cc577168ba8a0821bcab477bed567325d95e 1930 libgssglue_0.4-3.dsc
 7e8095fc58c6cace53eee2aa92e92332c599dea0 281429 libgssglue_0.4.orig.tar.bz2
 1ff9d0b116ff75cc9e329d4cbc4a131c67549ba7 6972 libgssglue_0.4-3.debian.tar.xz
 365b9a94c427c7216ce82580062d904579bbf875 6411 libgssglue_0.4-3_amd64.buildinfo
Checksums-Sha256:
 34c62c435306a1381e2063b8b1481b0ac63f8f9813526db87b59fb34693d9e31 1930 
libgssglue_0.4-3.dsc
 bb47b2de78409f461811d0db8595c66e6631a9879c3621a35e4434b104ee52f5 281429 
libgssglue_0.4.orig.tar.bz2
 8c21d1e0b6000145728fdc808d3814f92ee0d49c0f9942247bdb35ef9fb95b32 6972 
libgssglue_0.4-3.debian.tar.xz
 085c755e38becd5c47fa383b9253f1c7ee7997372cdf4c34d0df00f5928f984d 6411 
libgssglue_0.4-3_amd64.buildinfo
Files:
 7753455b9444e2420886534a44ffa0d8 1930 libs optional libgssglue_0.4-3.dsc
 5ce81940965fa68c7635c42dcafcddfe 281429 libs optional 
libgssglue_0.4.orig.tar.bz2
 df6a1bfdb46a8f3b8462a6e3070237f9 6972 libs optional 
libgssglue_0.4-3.debian.tar.xz
 761deef9376cd3a08e3366099ece99f8 6411 libs optional 
libgssglue_0.4-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmEufjMACgkQwpPntGGC
Ws7YvhAAxL+LRNQrBh9RK3tNbIyZtHiguxRojj38N8N7AIvLo0Up1S9pyeQ8ukdo
I8N8HIBIkysaLcsECq5QNpFEPYJ8Mi8iXx9RJD9RK702OEcJF6JsEWCjZqK1Y7tz
WjIQq+ybqlXjRnojUIjEAjlehz8UxpAOkPbWkMf9LfdfnwnLZEGppOnEjkVduu0y
CezhChlbaY103xJbP83C6XiBuxQrZq1k5vv+lpt5ARvs9hIZMrmWdRLGnnLs4eOk
+aYioKHSEwo2xIaRRW6Dd3gVP4t9YZs+0J7Ph6lmjU7Q64sNd1lm8Nz8NULn/HXF
yxZ7s0pEIKQosNPZYMUjr6asvydrPx/4Pz5qWzRDJn1pCYY7KhdUV+Led0e6hLZR
FlPcxzKMQ0R0F6vkLzeD8YBxNogbIXh6sEiX7g4GV2MZ1V1kMrgl6EduXqXxeaok
mJih7WEKlceuSOOURCF4cuTuEvPBR6ni7ugl68r+Wcy7saJ8n2KHbo9zyAKllyLO
93otk3jb1ZIQaSzpPZESnHwgl5oexADy8tdW/FMk6aZXlZqc03Jrvbu91HBif7tA
6Gd5U01sacbnArASlcaIK0UvO9KXsYg/4y5yU3ADHoXQ37onhQGTg0NyHV8Ls05v
q972gF3/ZeKeiCmEmgoPNb3mKqcwFXXnQgac0+5lNU+W2WlKFLo=
=W5py
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of sawfish-themes_0.13.0-1_source.changes

[Debian FTP Masters]

sawfish-themes_0.13.0-1_source.changes uploaded successfully to localhost
along with the files:
  sawfish-themes_0.13.0-1.dsc
  sawfish-themes_0.13.0.orig.tar.gz
  sawfish-themes_0.13.0-1.debian.tar.xz
  sawfish-themes_0.13.0-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

sawfish-themes_0.13.0-1_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 31 Aug 2021 16:32:50 -0400
Source: sawfish-themes
Architecture: source
Version: 0.13.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Boyuan Yang 
Changes:
 sawfish-themes (0.13.0-1) unstable; urgency=medium
 .
   * QA upload.
   * Orphan package.
   * Convert package to "3.0 (quilt)" format to allow using separate
 patches in debian/patches/.
 + Set pseudo upstream version string to 0.13.0.
   * Refresh packaging:
 + Bump Standards-Version to 4.6.0.
 + Bump debhelper compat to v13.
   * debian/rules: Rewrite with dh sequencer.
   * .pc: Remove hidden directory.
Checksums-Sha1:
 1f287b301336286a8a9cb417e9f18470c7d2d7a6 1855 sawfish-themes_0.13.0-1.dsc
 45bf99a906590f1247cf9dd734de2c84d51f470b 635928 
sawfish-themes_0.13.0.orig.tar.gz
 ac977c163f35740e1d5bc8530aa654e41d7adc2a 8504 
sawfish-themes_0.13.0-1.debian.tar.xz
 ca603bd2d23e4357c7c20e91b8f125da5bc1f743 5733 
sawfish-themes_0.13.0-1_amd64.buildinfo
Checksums-Sha256:
 3dc7c6a395dbd48ba4e6ab02d4088d88e0e777bd4ffae5fbef71041627f0ae65 1855 
sawfish-themes_0.13.0-1.dsc
 32017b85ce0d10d599f6337136169ca3ba6e15307542a367609f58038f14f23a 635928 
sawfish-themes_0.13.0.orig.tar.gz
 005a34ceee9f34addfa8f73e8c9d03950b80bc8683c4c6e004b744ef45186c70 8504 
sawfish-themes_0.13.0-1.debian.tar.xz
 9cefaedd1688b34be64732011e68007153fa7b540e355b823e3d7bff2db4e79a 5733 
sawfish-themes_0.13.0-1_amd64.buildinfo
Files:
 a5444be30b0f0aac85803660cc158a29 1855 x11 optional sawfish-themes_0.13.0-1.dsc
 2c4c8d03b58ba6816ead11a058daec9c 635928 x11 optional 
sawfish-themes_0.13.0.orig.tar.gz
 34450f6709e0cef6e9e802fd4ee09a94 8504 x11 optional 
sawfish-themes_0.13.0-1.debian.tar.xz
 4e41b1a80f0eced471320930dbd4f1ce 5733 x11 optional 
sawfish-themes_0.13.0-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmEuk7IACgkQwpPntGGC
Ws4AhBAAj88cARK/qy8xOyDPYnSQxcPl/a3JEJ4/65PDFX7j/vdizfCIrqRUBsac
CXQHYStvEDecernQ2VI3VSO5ftH230UBDNOWM8lBcS1aFAf5FuhCKlSFY33Ix1OQ
bgJoX9ZZbaQo/ccggXABCwqHLxAP5pbwqoQFylvTo+h84x8bm4eosxXuNoKROD+V
OsfTsk4SSHX7EM7EAy3ss2vKBh/y9Bn/g2SwoSnjh85x3he57MPm6EFeZAUyhNeW
gGczVbR2Y5OkLvprQHakeLOA+oS74/+xAm1BouK5TdpSalYxrZCwzIu4fzPd4h16
0IXIzNFvmFAdCvu6BrIMz9WzUsh/mQo1IUAviM0NK2S8GW+YB0u+uJBDJv/GF/DN
WTf6zqIHrsjdaZ+eUrXE0d1lfiOk9nyKETzDPT1hB2PkHBw8+5k+eDOP0jzbKZ2P
O9+7L7qcvrxboqli37pxkqFS6k052KezKdaaCz57DxN2ujOafAqjo6eARe7j2Y2K
TPj2sBQOCvueNx7ATbZ70ko8x60qhMSkm694zhseLAEgS9uqPlLHkN7YYbioQE5c
NdQjdyXwmuow7yFOmrcM3NHUK17boAS7EIrMBxFjYLLUwterz876Ts5x6xYJdecO
cpNq8+wuEz5t9jS5x/cQysQ8uaTDpMp42e90lwbmCj5CmZohcHo=
=Qa2n
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processed: Reassign bugs for old package

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 502616 libwbxml2-1
Bug #502616 [libwbxml2-0] libwbxml2-0: Bad Request (0x40) while using MultiSync 
0.90
Bug reassigned from package 'libwbxml2-0' to 'libwbxml2-1'.
No longer marked as found in versions wbxml2/0.9.2-6.
Ignoring request to alter fixed versions of bug #502616 to the same values 
previously set
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
502616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502616
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

sendfile is marked for autoremoval from testing

[Debian testing autoremoval watch]

sendfile 2.1b.20080616-8 is marked for autoremoval from testing on 2021-09-30

It is affected by these RC bugs:
969409: sendfile: weekly cron job should use mktemp instead of tempfile
 https://bugs.debian.org/969409



This mail is generated by:
https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl

Autoremoval data is generated by:
https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl