Bug#993588: wily: Potential Buffer Overflow in libmsg/connect.c
Package: wily
Version: 0.13.41
Severity: normal
Dear Maintainer,
It seems that there exists a potential Buffer Overflow in libmsg/connect.c.
In line 184, and 191,
(184) if(!(disp = getenv("DISPLAY"))) {
...
(191) sprintf(buf, "%s/wily%s%s", dir, pw->pw_name, disp);
the variable disp is a previously stored path by external source.
If the length of disp is large enough in sprintf, this may cause Buffer
Overflow.
-- System Information:
Debian Release: 11.0
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.4.0-19041-Microsoft
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Bug#993373: Use-after-free bug in realpath()
Dear Antonin Thanks for your replay. On Tuesday, August 31, 2021 4:04 PM, Antonin Décimo wrote: > Last year I wrote a lot of patches for pmount, amongst which two > remove the bundled implementation of realpath and switch to the > "modern" interface > > char *realpath(const char *restrict path, NULL); > [...] > Instead of the patch you send, why not drop it completely like I did? Definitely the better option in any regard! I feared the packages is not well-maintained, so I opted for a patch which doesn't touch much hoping to reduce maintenance burden and get this fixed easily. (And also because I don't program C and don't know the (often subtle) differences in those implementations). > I'm also afraid that the Debian package is unmaintained. Sad news. So I guess the best is to avoid pmount packages for now. > I wasn't ready to release my updated pmount as the current head commit > is broken, and I haven't had time to fix it. I also need to convince > myself that the commit history looks good and that I haven't > introduced more bugs than I've fixed. > > If you have some time to spare, please take a look! Nice to see that someone gave some love to pmount in the last years! I tested your HEAD but as you mentioned it's doesn't work. As I said, I don't program C, so probably can't help you with that problem. I hope you're fork will become the source eventually. Maybe linking to your repo instead of a dead alioth-archive page would rise its visibility, getting one step closer to that goal. Regards Madie
Processing of jimtcl_0.79+dfsg0-3_source.changes
jimtcl_0.79+dfsg0-3_source.changes uploaded successfully to localhost along with the files: jimtcl_0.79+dfsg0-3.dsc jimtcl_0.79+dfsg0-3.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processing of libopenaptx_0.2.0-6_source.changes
libopenaptx_0.2.0-6_source.changes uploaded successfully to localhost along with the files: libopenaptx_0.2.0-6.dsc libopenaptx_0.2.0-6.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
jimtcl_0.79+dfsg0-3_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 Sep 2021 16:22:09 +0200 Source: jimtcl Architecture: source Version: 0.79+dfsg0-3 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Didier Raboud Changes: jimtcl (0.79+dfsg0-3) unstable; urgency=medium . * Orphan package . * Run wrap-and-sort -baskt * S-V: Update to 4.6.0 without changes needed * Set upstream metadata fields * Add Salsa CI configuration Checksums-Sha1: c9ed234df698a2ac0055d493d7af30d93096f2d9 2060 jimtcl_0.79+dfsg0-3.dsc 645455fdb07e008d5369455bbc8943a7dd7c7174 8864 jimtcl_0.79+dfsg0-3.debian.tar.xz Checksums-Sha256: a31671209c88b332cd82b5741fb2861a93d59d6b8ea96dd4c5bce47153c9f54d 2060 jimtcl_0.79+dfsg0-3.dsc 0b11963b496ef8038d5783e3845ac23123767d049051c9b0542d5dc6615c2be0 8864 jimtcl_0.79+dfsg0-3.debian.tar.xz Files: d5cc9e37fdc14b7568857ebf7f90820d 2060 devel optional jimtcl_0.79+dfsg0-3.dsc 15ae6d88d07e54524b85f82f17b8c626 8864 devel optional jimtcl_0.79+dfsg0-3.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEJ3k7rA0YCplkx4gZqcb6xg1jAWkFAmEyMTcACgkQqcb6xg1j AWkFLQ/+M/x/vf2W+frykdPdjHnVz6hHqdmqzvk1BssYuT+qAic8Ib+kvCU6irM/ rZ7sdXAMcc7Ql1eMdrNUhQvT3lsKnwYIq7W8IecfGWVJtVaajl3hKbnBpwoUt8Lc 2si3GxsQLyoIaeumrzppgR+aPCPjjkD63Qo0uRe5aVjfuGRJ6hGJXD4cAeo+TA0b tcENqbkw3n3ARCXtzLDLtkR2tLE62xx1pOqkLWlTY2pVM61EzQbbOCs/PdXR3fOW qDRL378dWYu5LfNpHTgy2qSq7hhQQgLARlmoB+fdtXJVc2K6Wy63kaYDQGUiNuFk uUseG9w7TVn73onSkHvn8fXz9kIzORpEFXo0+jn11cxfcMxB3Sct97U/tHPnesQq N+aMsPN/Ppv56/x/MHEejQbQdlrjFklDs1Q2y3mIP1tc/gIZL/6Nq9pboAnMoYvt W0yCEZv7pTKjgmcPSECOWvicCcToy5kVkxW2WilFL2wd2vrd52NUoaIA3qek2Lgm 1y5S3hu4KxG7gxv40ajOql9MZvWWdIDe9P/QhrlJh8VET6MheDujsJLdclQeREQb gSwy1N9Dkkhk8UDomdt5PcPCDRKS68k11jRAFfFXmM7JUpZEhuvzrSsDMBAGHlsB RElA/C1CdnsQvH9kvSwfSI0w75BMxY9iCT0dla+h50gYxKvn7Fg= =MgNo -END PGP SIGNATURE- Thank you for your contribution to Debian.
libopenaptx_0.2.0-6_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 Sep 2021 16:35:07 +0200 Source: libopenaptx Architecture: source Version: 0.2.0-6 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Didier Raboud Changes: libopenaptx (0.2.0-6) unstable; urgency=medium . * Orphan package . * Run wrap-and-sort -baskt * S-V: Update to 4.6.0 without changes needed Checksums-Sha1: 749525399052aa719d0522ab70b3bcb06620ff2d 2369 libopenaptx_0.2.0-6.dsc 1aa994d50fef29e0fd5487108744f8f69e95a908 6084 libopenaptx_0.2.0-6.debian.tar.xz Checksums-Sha256: febdc1c6cb45db5cc8ac4c43c1ffa64e922d5288173d7790b431339a96550ab9 2369 libopenaptx_0.2.0-6.dsc dc265a0a68d2d4c2d720f26dd46c31fec0fba8fc5bc94e266aca2c3a23bf4233 6084 libopenaptx_0.2.0-6.debian.tar.xz Files: 403838db1e12cc9f2c4dfb02b9a7 2369 libs optional libopenaptx_0.2.0-6.dsc a1b97d5941f36c246afb28b755374a3e 6084 libs optional libopenaptx_0.2.0-6.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEJ3k7rA0YCplkx4gZqcb6xg1jAWkFAmEyM3YACgkQqcb6xg1j AWmebRAAhUtiN8O0pV8mdK3T8osDjtoTRDruZ+fsTGWhmfL49L7LI73RWHYSj+Q2 W7R+lHdAI1eMXvfkNrKdbGDPcuHAND/RtKDGEifP4j/yRSFL8A2n4O2WTsWHV1+2 KSSkcYNSwJwzoPmCinNIQuKAH0xIWVZkSyHqJDx1J8zfgB320xg54/3RJFnI4371 u4qFXWLbDtNLbuoyzb/t3+So9lAm0fEaimesZs3SySbFoBAFO2hddcQ0NMu9aqAe 01qjKa6lnOzDexcoU/B1XvONzDFYMfExZxhlaLgT8zk0metGcmp4JfDZ5syg/uUk GFi1gKBSrpDl3BUR9vH2hRrz0rJf+ugr4fdpVkYJE9EUeADHdYbGKoY+Qf19gxpf Xex7Qlj3p8+LQ51c2bUqHUy/vofOehxntsHOEFkAQKbIUzya/kiOWELYM9NJ4CC3 967TwZ+KKAFCpC5ON6xb6myHxA6AbCUGksQDSMzEuYfInbpFuEculbnUDLo0WY5n Ox1ESRNsXyXaRnrKEYzdbMAyfMCdKIFcHXv19E2sqguKWJzDsaMd+XaPnPKXFoba 7QclH9GNepN67FRQ6V3+nn+6VCzmmbhrcsElSCMVtVMe0jqT/KeVCMHXwuvy/Y+2 oSFVo15/wR3scCQOfyesyuIUxfwNfvo5XZHrhDmEMF0HxZ2sV+o= =eVGr -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#993610: crafty: Potential Integer Overflow in tbdecode.h
Package: crafty Version: 23.4 Severity: normal Dear Maintainer, There seems to exist potential integer overflow in tbdecode.h . In line 647, (647) if (fread(temp, 1, HEADER_SIZE, fd) != HEADER_SIZE) ... (651) ptr = temp; (652) # define R4(i) \ (653) ((ptr[i] << 24) + (ptr[(i) + 1] << 16) + (ptr[(i) + 2] << 8) + (ptr[(i) + 3])) ... (661) n_blk = R4(72) ... (683) n = sizeof(unsigned) * (1+n_blk) ... (686) blk = (unsigned *)malloc(n); temp is read from external source. ptr has the same value as temp, and n_blk is the result of R4(72). Thus, arbitrary value of temp can cause n_blk to be a large number, which can cause integer overflow in line 683. When allocating memory in 686, the value may not be as intended. -- System Information: Debian Release: 11.0 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-19041-Microsoft Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
Processing of libquvi_0.9.3-2_source.changes
libquvi_0.9.3-2_source.changes uploaded successfully to localhost along with the files: libquvi_0.9.3-2.dsc libquvi_0.9.3.orig.tar.xz libquvi_0.9.3.orig.tar.xz.asc libquvi_0.9.3-2.debian.tar.xz libquvi_0.9.3-2_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
libquvi_0.9.3-2_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 Sep 2021 10:52:08 -0400 Source: libquvi Architecture: source Version: 0.9.3-2 Distribution: unstable Urgency: high Maintainer: Debian QA Group Changed-By: Boyuan Yang Closes: 978860 Changes: libquvi (0.9.3-2) unstable; urgency=high . * QA upload. * Orphan package. * debian/control: Set Vcs-* fields to git packaging repo on Salsa GitLab platform. * debian/control: Drop outdated versioned pre-depends on dpkg. * debian/control: Use updated gcrypt dev package name (libgcrypt20-dev) to avoid FTBFS. * debian/patches: + Refresh all patches. + Add patch 0004 to fix FTBFS with autoconf 2.70. (Closes: #978860) + Add patch 0005 to make the build reproducible. (see #834945, this patch is not enough) * debian/: Apply "wrap-and-sort -abst". * Refresh packaging: + Bump debhelper compat to v13. + Bump Standards-Version to 4.6.0. * Drop unnecessary files: debian/compat, debian/source/options, debian/source/lintian-overrides. Checksums-Sha1: 06d7d836521c79e877d2bdee5cffab94b66647f7 2372 libquvi_0.9.3-2.dsc 8138a7f518619ee52953e03720b77a17f5eec5d6 372012 libquvi_0.9.3.orig.tar.xz af3c2dfb44e32e51f16aabbe4a6d06679e1b1b24 801 libquvi_0.9.3.orig.tar.xz.asc dac408e3bf0f0975582347cf4fcd3633243cbaa3 21644 libquvi_0.9.3-2.debian.tar.xz 5ba7f0df126a8fd33ef21c81fedc0935121ab3f0 9026 libquvi_0.9.3-2_amd64.buildinfo Checksums-Sha256: ae563271aec6dda124e00cb666b163ed38f0e1197e90788e32fbfd18ae9861fb 2372 libquvi_0.9.3-2.dsc 894182cbc8858bf4dc5ae3f56661967a12d5677a931679730df1fa533af6187b 372012 libquvi_0.9.3.orig.tar.xz e75274d265ac9fcd0097ef4ec46e58df68238b0e6e9c6bb60b043b461c213a0f 801 libquvi_0.9.3.orig.tar.xz.asc 1d871890cd191f2c44037ebf5231789758d1046c4581d52887f7c7575fd11939 21644 libquvi_0.9.3-2.debian.tar.xz f86c9a34879b22e8c201b804efb59dbe2b7c31283229a2d56d07814a0a33b708 9026 libquvi_0.9.3-2_amd64.buildinfo Files: 48a350e39ecf100ee2970ffb886d252d 2372 libs optional libquvi_0.9.3-2.dsc 12a62c4fcde9b6109193191b7bd3d685 372012 libs optional libquvi_0.9.3.orig.tar.xz cd58fd0d0186787ef4618ddfea07120a 801 libs optional libquvi_0.9.3.orig.tar.xz.asc 91705466c0916b7cdcc6683f707ffeb9 21644 libs optional libquvi_0.9.3-2.debian.tar.xz 297ce5e54bb3f18495acf8b96173a0b4 9026 libs optional libquvi_0.9.3-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmEyUL0ACgkQwpPntGGC Ws5ixw//WQrVVIuqj8pkDolv15IzZgkIdmC22X7GYTWz0jH73C656nDtJOGr+0hf pcEoyA//ZwBSzbRr0iiAhFO/bzSev9NxMuFXLL6CAXWKQxUQ6fFGaXE7w7ODeD5r +Mifd8u+V5Anl/PYlwvfPGNcbSV7Y74iEALMQxaGViqRLLNDh7YtzIBjJGTBSn5Z xPAKR6FzXOptYcHy8wFowrGnW6H/j1vCaT+BSW+3BwFvG0MZSsJMAWO4WhUkfWyX JYj4qXK7UZ/Ui/1pLsaboSLHEITu+sn1wdVrZk/dJIS8St2byYw1z/piRbBe6cOI JG6aAaBZbx6qSPFnyOsB9loav2FrtIFn1Yr2AwCZgzV7vT+4cEf3WIG4ABg22eZW fNI1uzukTnTYC5qVuBYzz3b+qUsk/XIpgaMoJicEs2FCyg52nlBINQ6BWdBUh7qE PI+ouDulMC48olq3eeGAkIqHfahXud3SmXShHox3sIoJFFaBuY6PRPie4eLSx+/s FnBLpMf/XfvBZl96PG44zzCErzYt8s2UZsx8N6G8zde8NGJV0347IbN49FNxdxK9 6trYozKgYxHP9SnKk7i/QfhnQRHkNR13+583ZrFNatCyX4duFv/gD+x2LFz74N58 w90tpQP4ZOEFTdfMZ4X8RoAM02/pRxfKWQy8ng+xGMmCMqOcnJo= =NR/H -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of libquvi-scripts_0.9.20131130-2_source.changes
libquvi-scripts_0.9.20131130-2_source.changes uploaded successfully to localhost along with the files: libquvi-scripts_0.9.20131130-2.dsc libquvi-scripts_0.9.20131130.orig.tar.xz libquvi-scripts_0.9.20131130-2.debian.tar.xz libquvi-scripts_0.9.20131130-2_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
libquvi-scripts_0.9.20131130-2_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 Sep 2021 18:18:40 -0400 Source: libquvi-scripts Architecture: source Version: 0.9.20131130-2 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Boyuan Yang Closes: 840717 Changes: libquvi-scripts (0.9.20131130-2) unstable; urgency=medium . * QA upload. * Orphan the package. * debian/: Apply "wrap-and-sort -abst". * Refresh packaging: + Bump debhelper compat to v13. + Bump Standards-Version to 4.6.0. + Update Vcs-* fields. * debian/patches/0001: Add patch to fix cross compilation of libquvi. (Closes: #840717) . [ Ansgar Burchardt ] * debian/control: Remove myself from Uploaders. Checksums-Sha1: d69ea6e5c0cd9fe982c33ed886bf7963a3c3b52a 1980 libquvi-scripts_0.9.20131130-2.dsc 41f059964c8f47aeb241cc53b883592b5db77e53 322080 libquvi-scripts_0.9.20131130.orig.tar.xz f0a1fff30318d2a895098715191fbd98476ae5cf 19484 libquvi-scripts_0.9.20131130-2.debian.tar.xz eac5c0e6729b9c0313c75af4b6728d3982da41f0 6447 libquvi-scripts_0.9.20131130-2_amd64.buildinfo Checksums-Sha256: 80c53334515c60570e475c8322e7b80961ce6cb41d55ad0b241899e2fe0ffea7 1980 libquvi-scripts_0.9.20131130-2.dsc 17f21f9fac10cf60af2741f2c86a8ffd8007aa334d1eb78ff6ece130cb3777e3 322080 libquvi-scripts_0.9.20131130.orig.tar.xz c15c1c00692670fa09369b3c43f5a271d72b7204717d8b7f3c8c43e0c00ae3b6 19484 libquvi-scripts_0.9.20131130-2.debian.tar.xz dd5c7f28c15ef99cbe8f22db87c7699bbc95aa40330a12da086fff76c26c7a70 6447 libquvi-scripts_0.9.20131130-2_amd64.buildinfo Files: baf168e57dda7563be87c66c8e8a10e3 1980 libs optional libquvi-scripts_0.9.20131130-2.dsc 46ddfd887260a515199c2e1ba8c46d8a 322080 libs optional libquvi-scripts_0.9.20131130.orig.tar.xz 464f74aa14e4b5e8936e2c8912d9881b 19484 libs optional libquvi-scripts_0.9.20131130-2.debian.tar.xz 3760cdfffe25ed59b6c8f61f18995e84 6447 libs optional libquvi-scripts_0.9.20131130-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmEypMQACgkQwpPntGGC Ws5NGg/+Jjlb1hKh0pvcVFQgpi4T30hodaWlLY0isNCwEf1e+CUWxsB9plAYXOKR WT4Jcc+8gN5jDik0jUJy3neYtfkLWxMXiszAqWrvl6crkFiFRK6Zquvpb/bytNCj dmXTuRofm9RDiA6kws3V4dLwhjZ3KLoEUqnnToW4h/bgu/VZrKgX/+4vHyTtgj4J X5nZDZyOjb4bWdb2pnOdxMDq1rRHfwqSghIaYOdT6w4mAxgClmPCoZUveu3zH3x/ yv/LTqWf76wc9u+DVEmwheIwg9gU5RY6lPwqtAegoyrb/u65nFH2dxcSc0B9kspo t9RZ2nE3gxvDjXvh4omhnYHqHBJgcxtwJFQUJMVtn1OC1ScNgIavRMGXJ63GDH3E rGwmIxdTQH++yoRYO356OPPctqYaD+ZnGNb7oBn9xiqiJ1HlIkAMPXVxj96vNNKE qFUHd/Ksj2Nn49hjUMf3QU9wz/NDEmX88aDo3OEMf0fF/PyCk5ztRSv31yTIbhpd U8aZoyRx6YjNDRflgdC0cxle3qRj3hrAEZ+A2wlEp3oMD6/r4CpJK2dJeiNyfD0n yZFs3Ksb4zEcGHbz8UXHHGmNvjU6jvfNYEDAMO8fA7KyzeMcpfL386rG76VVycjZ L82xGsIxKB4j1NCpoy68F5Qo/TO6s0+Hu+TZfph4fZTQlXLhQqY= =RVgx -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of libquvi_0.9.4-1~exp1_amd64.changes
libquvi_0.9.4-1~exp1_amd64.changes uploaded successfully to localhost along with the files: libquvi_0.9.4-1~exp1.dsc libquvi_0.9.4.orig.tar.xz libquvi_0.9.4.orig.tar.xz.asc libquvi_0.9.4-1~exp1.debian.tar.xz libquvi-0.9-0.9.4-dbgsym_0.9.4-1~exp1_amd64.deb libquvi-0.9-0.9.4_0.9.4-1~exp1_amd64.deb libquvi-0.9-dev_0.9.4-1~exp1_amd64.deb libquvi-0.9-doc_0.9.4-1~exp1_all.deb libquvi_0.9.4-1~exp1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
libquvi_0.9.4-1~exp1_amd64.changes is NEW
binary:libquvi-0.9-0.9.4 is NEW. binary:libquvi-0.9-0.9.4 is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid), so please be patient. Packages are routinely processed through to the archive, and do feel free to browse the NEW queue[1]. If there is an issue with the upload, you will receive an email from a member of the ftpteam. If you have any questions, you may reply to this email. [1]: https://ftp-master.debian.org/new.html or https://ftp-master.debian.org/backports-new.html for *-backports
Bug#834945: libquvi: please make the build reproducible
Hi Boyuan, > Looks like your patch is not enough. After merging the new patch, the updated > libquvi/0.9.3-2 still fails to build reproducibly. Can you take a look into > it? So this is because since I wrote this patch in 2016, Debian is injecting the build path into the CFLAGS variable. Here is an updated version of the 0005-Make-the-build-reproducible.patch file to filter this: § From: Chris Lamb Date: Sat, 20 Aug 2016 20:55:08 +0100 Subject: Make the build reproducible Last-Update: 2016-08-20 Bug-Debian: https://bugs.debian.org/834945 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- libquvi-0.9.3.orig/configure.ac +++ libquvi-0.9.3/configure.ac @@ -57,7 +57,9 @@ LT_PREREQ([2.2.6]) AC_PROG_CC AM_PROG_CC_C_O -AC_DEFINE_UNQUOTED([CFLAGS], "$CFLAGS", [Define to compiler flags]) +PWD=`pwd` +FILTERED_CFLAGS=`echo $CFLAGS | sed -e "s@$PWD@«BUILDDIR»@g"` +AC_DEFINE_UNQUOTED([CFLAGS], "$FILTERED_CFLAGS", [Define to compiler flags]) AC_DEFINE_UNQUOTED([CC], "$CC", [Define to compiler]) AC_PATH_PROG([DOXYGEN], [doxygen], [no]) @@ -71,7 +73,7 @@ AS_IF([test x"$A2X" = "xno" && test -d " AC_MSG_ERROR([a2x is required to create man pages when building from git])]) AC_PATH_PROG([DATE], [date], [no]) -AS_IF([test x"$DATE" != "xno"], [build_time=`$DATE +"%F %T %z"`]) +AS_IF([test x"$DATE" != "xno" && test x"$SOURCE_DATE_EPOCH" = "x" ], [build_time=`$DATE +"%F %T %z"`]) AC_DEFINE_UNQUOTED([BUILD_TIME], ["$build_time"], [We have build time]) BUILD_TIME="$build_time" § (You might know of a cleaner way of doing this in automake.) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-
Processing of apvlv_0.3.0-1_source.changes
apvlv_0.3.0-1_source.changes uploaded successfully to localhost along with the files: apvlv_0.3.0-1.dsc apvlv_0.3.0.orig.tar.xz apvlv_0.3.0-1.debian.tar.xz apvlv_0.3.0-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
apvlv_0.3.0-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 Sep 2021 19:19:18 -0400 Source: apvlv Architecture: source Version: 0.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Boyuan Yang Changes: apvlv (0.3.0-1) unstable; urgency=medium . * QA upload. * New upstream release. * debian/patches: Refresh patches. Checksums-Sha1: ebf10330299cd1223b5a073613897dc5071cf1d1 1963 apvlv_0.3.0-1.dsc 89d850b75f2b511dc3066060962e88a03bb99145 216004 apvlv_0.3.0.orig.tar.xz ac56481d12cee6de099dd28228ba14b5e0c4bcbe 13780 apvlv_0.3.0-1.debian.tar.xz 5654d2e4ff0a016e6efa270ab6524f7621dcc8d0 17203 apvlv_0.3.0-1_amd64.buildinfo Checksums-Sha256: 22bee0078d11ee7f1ebf7539c0b888c3d8f33dd0f08ea2b464212892b60ed596 1963 apvlv_0.3.0-1.dsc be3e7a8212f844d4a2a69991bed4837ff9b4887f6af6c345226d1895bc79e655 216004 apvlv_0.3.0.orig.tar.xz 384cb96013bcb772de61abf8058ecfea4cb053b5540bdbb8c46b4f5f165baadf 13780 apvlv_0.3.0-1.debian.tar.xz ec38ab1a79d81c494c1b2e0b8ec504789ab5479fcc72ac454c20bd949e9f9f00 17203 apvlv_0.3.0-1_amd64.buildinfo Files: 560ce95f983988f1dd64f25e00023219 1963 text optional apvlv_0.3.0-1.dsc d850298e4f4f3390ea3d14bd8ff436f8 216004 text optional apvlv_0.3.0.orig.tar.xz 56fbd25a42ed44ac5afa6a85d6708346 13780 text optional apvlv_0.3.0-1.debian.tar.xz d3707e6fcadefcaa19792e2c4d6db089 17203 text optional apvlv_0.3.0-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmEyr+QACgkQwpPntGGC Ws4xvA/+OV2giC8+TKJu5F2sXgzSjRYdGxHqh8EWydwrDiD7i6Rt/MWGF90mMUwB rS7YSFY/MEvRWSNE2El/xqb7ThUZK115lOlraTiq0a0Cf5fmvRlYeVOmAwH+1+ZL f4xIQU92RK4rPgy83ulGiiZJhLlo+BQPYcZmYCoHMIbvoCuH32udIlNFvlKycnCm QkAonybx+wQZhHrYn9gNHMxuC24BbrwlLwvuQIP2SvO7H3Va8MH2UM/lMfpNIG+3 Vjpxil4hhBfyNu0GxxoxcHktmJjBipm6dDnOIVj/wqCRk5mYvCORCn1Bs1qKJKp+ m4R7p85X2HbdCQLvn3RMuoTGITsRjUDNWX9H26SsIaYaSTKBFRk27FYEsZ4QrfTK taMyIl93u1HJW9PJM6mE++D/rdsnqy+ApQF6oK71wM1l32n+HZj27HLqjlwDJnkk eJ8PModWuMTRr4IrS4LZVM0E/hxVlibVPYYD6m0b5HV41UKBla4KYGuXFvLLbyOD te4t6fIAwqFFdtU8SP6LXylM5uM0FimnfTiCHIhRDDWct3mbfm6mDvHkUOsbc75+ U6DbYJSY1BJNGEGSwl1d8lemxzaSmewV1T7yBCEiz2ilemF4ApNQhEk7hLIsf0eC iX2AqND+eu3QrvKHaa7gs5m0QbT9ywCahlDfCDhWSzOjcA1/5Y0= =Q6pe -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#971559: marked as done (coinor-cgl FTCBFS: doesn't build shared libraries)
Your message dated Sat, 04 Sep 2021 03:03:28 + with message-id and subject line Bug#971559: fixed in coinor-cgl 0.60.3+repack1-3 has caused the Debian Bug report #971559, regarding coinor-cgl FTCBFS: doesn't build shared libraries to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 971559: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971559 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: coinor-cgl Version: 0.60.3+repack1-3 Tags: patch upstream User: debian-cr...@lists.debian.org Usertags: ftcbfs coinor-cgl fails to cross build from source, because it doesn't build shared libraries and then dh_install fails. Now the reasons for that are ... a little involved. Please sit down and take a cup of coffee or tea or like that. Looking into the cross configure output, one can spot this: http://crossqa.debian.net/build/coinor-cgl_0.60.3+repack1-2_s390x_20200713232329.log > checking whether the s390x-linux-gnu-gcc linker (/usr/bin/ld -m elf64_s390) > supports shared libraries... /usr/bin/ld: unrecognised emulation mode: > elf64_s390 > Supported emulations: elf_x86_64 elf32_x86_64 elf_i386 elf_iamcu elf_l1om > elf_k1om i386pep i386pe > no Bummer. It's using the wrong ld. It should be using s390x-linux-gnu-ld. Why does it do that? It should be driving the ld name from gcc. However, it only does when working with a GNU compiler and as we can see: > checking whether we are using the GNU C compiler... no For some reason, it concludes that gcc is not a GNU C compiler. That's strange. You can also see this in native builds and it can have a range of misdetections as a consequence. Just why? The actual sequence of events is this: We start following inside AC_COIN_DEBUG_COMPILE. > checking whether we want to compile in debug mode... no Now we're moving inside AC_COIN_PROG_CC executing AC_REQUIREd code. > checking for s390x-linux-gnu-gcc... s390x-linux-gnu-gcc At this point $ac_objext is not yet computed, so it is empty. What we do next is use AC_TRY_COMPILE and that checks whether "conftest.$ac_objext" aka "conftest." is non-empty. It isn't, as the compiler chose to output to "conftest.o" instead, so we're not using a GNU compiler, right? > checking whether we are using the GNU C compiler... no > checking whether s390x-linux-gnu-gcc accepts -g... no > checking for s390x-linux-gnu-gcc option to accept ISO C89... unsupported > checking whether s390x-linux-gnu-gcc understands -c and -o together... yes Now we've completed the AC_REQUIREd stuff and proceed to the AC_PROG_CC inside AC_COIN_PROG_CC. > checking for s390x-linux-gnu-gcc... s390x-linux-gnu-gcc > checking whether the C compiler works... yes > checking for C compiler default output file name... a.out > checking for suffix of executables... > checking whether we are cross compiling... yes This time we compute $ac_cv_objext, which is propagated to $ac_objext. > checking for suffix of object files... o But we already checked that we're not using a GNU C compiler, so we don't check again. If we were checking again, we'd now see that it is a GNU C compiler as AC_TRY_COMPILE would now check for "conftest.o". > checking whether we are using the GNU C compiler... (cached) no The order of invocations is messed up. The basic structure of AC_COIN_PROG_CC is: AC_REQUIRE([AC_COIN_ENABLE_MSVC]) ... AC_PROG_CC([$comps]) ... AC_TRY_LINK(...) Unfortunately, the AC_TRY_LINK AC_REQUIREs AC_PROG_CC, so that gets executed before AC_COIN_PROG_CC gets a chance to compute $comps for AC_PROG_CC. The issue is that we're using AC_TRY_LINK in the same defun as we call AC_PROG_CC. That doesn't work. Once understood, the solution is quite simple. We must put the AC_PROG_CC and the AC_TRY_LINK in different defuns and ensure that our intended AC_PROG_CC is AC_REQUIREd before using AC_TRY_LINK. I'm attaching a patch to do that. Please consider applying it. I believe that this is worth fixing even if you don't care about cross builds. Helmut --- coinor-cgl-0.60.3+repack1.orig/BuildTools/coin.m4 +++ coinor-cgl-0.60.3+repack1/BuildTools/coin.m4 @@ -665,9 +665,8 @@ AC_LANG_POP(C++) # given my the user), and find an appropriate value for CFLAGS. It is # possible to provide additional -D flags in the variable CDEFS. -AC_DEFUN([AC_COIN_PROG_CC], -[AC_REQUIRE([AC_COIN_ENABLE_MSVC]) -AC_LANG_PUSH(C) +AC_DEFUN([AC_COIN_PROG_CC_HEAD], +[ # For consistency, we set the C compiler to the same value of the C++ # compiler, if the C++ is set, but the C compiler isn't (only for CXX=cl) @@ -726,6 +725,13 @@ AC_PROG_CC([$comps]) if t
Bug#978789: marked as done (coinor-cgl: ftbfs with autoconf 2.70)
Your message dated Sat, 04 Sep 2021 03:03:28 +
with message-id
and subject line Bug#978789: fixed in coinor-cgl 0.60.3+repack1-3
has caused the Debian Bug report #978789,
regarding coinor-cgl: ftbfs with autoconf 2.70
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
978789: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978789
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:coinor-cgl
Version: 0.60.3+repack1-2
Severity: normal
Tags: sid bookworm
User: d...@debian.org
Usertags: ftbfs-ac270
[This bug report is not targeted to the upcoming bullseye release]
The package fails to build in a test rebuild on at least amd64 with
autoconf 2.70, but succeeds to build with autoconf 2.69. The
severity of this report will be raised before the bookworm release,
so nothing has to be done for the bullseye release.
The full build log can be found at:
http://qa-logs.debian.net/2020/09/26.ac270/coinor-cgl_0.60.3+repack1-2_unstable_ac270.log
The last lines of the build log are at the end of this report.
To build with autoconf 2.70, please install the autoconf package from
experimental: apt-get -t=experimental install autoconf
[...]
am__tar=''
am__untar=''
bindir='${exec_prefix}/bin'
build='x86_64-pc-linux-gnu'
build_alias='x86_64-linux-gnu'
build_cpu='x86_64'
build_os='linux-gnu'
build_vendor='pc'
coin_doxy_excludes=''
coin_doxy_logname=''
coin_doxy_tagfiles=''
coin_doxy_tagname=''
coin_doxy_usedot=''
coin_have_doxygen=''
coin_have_latex=''
datadir='${datarootdir}'
datarootdir='${prefix}/share'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
dos2unix=''
dvidir='${docdir}'
exec_prefix='NONE'
have_autoconf=''
have_automake=''
have_svn=''
host=''
host_alias=''
host_cpu=''
host_os=''
host_vendor=''
htmldir='${docdir}'
includedir='${prefix}/include'
infodir='${prefix}/share/info'
install_sh=''
libdir='${prefix}/lib/x86_64-linux-gnu'
libexecdir='${prefix}/lib/x86_64-linux-gnu'
localedir='${datarootdir}/locale'
localstatedir='/var'
mandir='${prefix}/share/man'
mkdir_p=''
oldincludedir='/usr/include'
pdfdir='${docdir}'
prefix='/usr'
program_transform_name='s,x,x,'
psdir='${docdir}'
runstatedir='${localstatedir}/run'
sbindir='${exec_prefix}/sbin'
sharedstatedir='${prefix}/com'
sol_cc_compiler=''
subdirs=''
sysconfdir='/etc'
target_alias=''
## --- ##
## confdefs.h. ##
## --- ##
/* confdefs.h */
#define PACKAGE_NAME "Cgl"
#define PACKAGE_TARNAME "cgl"
#define PACKAGE_VERSION "0.60.3"
#define PACKAGE_STRING "Cgl 0.60.3"
#define PACKAGE_BUGREPORT "c...@lists.coin-or.org"
#define PACKAGE_URL ""
configure: exit 1
dh_auto_configure: error: ./configure --build=x86_64-linux-gnu --prefix=/usr
--includedir=\${prefix}/include --mandir=\${prefix}/share/man
--infodir=\${prefix}/share/info --sysconfdir=/etc --localstatedir=/var
--disable-option-checking --disable-silent-rules
--libdir=\${prefix}/lib/x86_64-linux-gnu
--libexecdir=\${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode
--disable-dependency-tracking --enable-static --enable-dot
--enable-dependency-linking returned exit code 1
make[1]: *** [debian/rules:12: override_dh_auto_configure] Error 25
make[1]: Leaving directory '/<>'
make: *** [debian/rules:6: build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
--- End Message ---
--- Begin Message ---
Source: coinor-cgl
Source-Version: 0.60.3+repack1-3
Done: Boyuan Yang
We believe that the bug you reported is fixed in the latest version of
coinor-cgl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 978...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Boyuan Yang (supplier of updated coinor-cgl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 03 Sep 2021 22:38:42 -0400
Source: coinor-cgl
Architecture: source
Version: 0.60.3+repack1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group
Changed-By: Boyuan Yang
Closes: 971559 978789
Changes:
coinor-cgl (0.60.3+repack1-3) unstable; urgency=medium
.
* QA upload.
.
[ Debian Janitor ]
* Apply multi-arch hints.
+ coinor-libcgl1: Add Multi-Arch: same.
Processing of coinor-cgl_0.60.3+repack1-3_source.changes
coinor-cgl_0.60.3+repack1-3_source.changes uploaded successfully to localhost along with the files: coinor-cgl_0.60.3+repack1-3.dsc coinor-cgl_0.60.3+repack1.orig.tar.xz coinor-cgl_0.60.3+repack1-3.debian.tar.xz coinor-cgl_0.60.3+repack1-3_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
coinor-cgl_0.60.3+repack1-3_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 Sep 2021 22:38:42 -0400 Source: coinor-cgl Architecture: source Version: 0.60.3+repack1-3 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Boyuan Yang Closes: 971559 978789 Changes: coinor-cgl (0.60.3+repack1-3) unstable; urgency=medium . * QA upload. . [ Debian Janitor ] * Apply multi-arch hints. + coinor-libcgl1: Add Multi-Arch: same. + coinor-libcgl-dev: Add Multi-Arch: same. + coinor-libcgl-doc: Add Multi-Arch: foreign. . [ Boyuan Yang ] * Rebuild against autoconf 2.71. (Closes: #978789) * Bump Standards-Version to 4.6.0. * debian/upstream/metadata: Use better format. * debian/not-installed: Be specific on what is not installed. * debian/patches/cross.patch: Add patch to fix FTBFS in cross compilation. (Closes: #971559) Checksums-Sha1: 74831aa941d2c3aac52b637715121bbd38466dd6 2268 coinor-cgl_0.60.3+repack1-3.dsc 10bedabca03086dd507bee2e1e441433ff44d1af 606960 coinor-cgl_0.60.3+repack1.orig.tar.xz d0ccacb320264ea7bb75a8dd7e218b8f722fcf6a 9928 coinor-cgl_0.60.3+repack1-3.debian.tar.xz fd2a709e3d58f2bf55fc72b309406c76fea1a6d1 8894 coinor-cgl_0.60.3+repack1-3_amd64.buildinfo Checksums-Sha256: 95763a868a4e3d19abd1200ef2326097d35aa758020febca0d1b6c23e9c63f8c 2268 coinor-cgl_0.60.3+repack1-3.dsc 756f858691021c9982274ee3510b00b998a0e160f62a2a5813e1324b94418576 606960 coinor-cgl_0.60.3+repack1.orig.tar.xz 503c9723bf1ce1a339084c986a107371fd9d987f90818c03b468578234a7d092 9928 coinor-cgl_0.60.3+repack1-3.debian.tar.xz e0aa6ff68a3cc42499cd54c5c231e51225fd2da1caa8dfb443206b1453f713e5 8894 coinor-cgl_0.60.3+repack1-3_amd64.buildinfo Files: 59bf22b55b6cb5b9e13b7653f1f0f845 2268 science optional coinor-cgl_0.60.3+repack1-3.dsc 55efe6a8239e712c59bbbd5a187df882 606960 science optional coinor-cgl_0.60.3+repack1.orig.tar.xz 4d5b1a8842d7ede7053e5dd6f0ad1713 9928 science optional coinor-cgl_0.60.3+repack1-3.debian.tar.xz 4115d05a18fe61889291530418d483ec 8894 science optional coinor-cgl_0.60.3+repack1-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmEy3NAACgkQwpPntGGC Ws4shQ//X8k0WWgAZ9jLqx7j2ZSxHI6wRIYUld8OKti4zQ3jdH3nDpJu0mjmjVyI dndjvpHhIMN8kfIl+CqB504GV0wxkGyUbo8QagE0GAbYlA9zi8DwjDhtZrtOGvSR XdtJuWfMS1+WinpErmdppoaIn8e3euVcusGQq0p01tCqErVW8dT6fZanz1Z34rTO 0Y7CgGcp7quJbGVdEd7MWd2iGuW20ehVHc7ozP1X6XIPNm2nm/MZgZ5N/sem9zUk wPBGDLBF1oXfRXwjPuXKmTkwFNE/ha+5zT/DFe5E8OwSLdjzvX3wdNAVy91bnJrV qFv59JZq7m+8mzdV5s0SnW/E/26JKR1XYKTifoO6FsgT0YF+UI0BrrUj0w5aaD8q N+b0n//4slixBPxS19PxbaiE9FYhjFcO8XCtxq0ErgxBr9WbxrBuV00eZM+wrqQv lJqLfPT/MFPzNhBJNd3T9tcbFxV/RHK/zIGlzFYdd/5HwME1DiZvjPPd9VLXXJIQ LjC+SsEKlm8waLRIpSrN6V3W5ARdFF5qV6BCi8HPLlO13bYXgoNaUA+klj4ZiQOu d9UoeukSLIQ3h1Arf4ISeL40QhfXUxn3iGHrKHx//NcMk6e+BqWa8tR8Uk7nfWOW EO+z7k05BX0Y/0HBFE134K5LvIwsvZb4dx6MxOvxMIuM6cfELWw= =vt2A -END PGP SIGNATURE- Thank you for your contribution to Debian.
