Bug#1023179: Info received (ghostscript-x doesn't give previews)
The problem has been solved for me with ghostscript-x 10.0.0~dfsg-8 update. Thank you!
Processed: Re: Bug#1024327: gv hangs on any file
Processing control commands:
> reassign -1 ghostscript
Bug #1024327 [gv] gv hangs on any file
Bug reassigned from package 'gv' to 'ghostscript'.
No longer marked as found in versions gv/1:3.7.4-2.
Ignoring request to alter fixed versions of bug #1024327 to the same values
previously set
> forcemerge 1023330 -1
Bug #1023330 {Done: Sebastian Ramacher } [ghostscript]
ghostscript 10.0.0~dfsg-6: x11 support missing, thus 'gv 1:3.7.4-2+b1' is
failing
Bug #1024318 {Done: Sebastian Ramacher } [ghostscript]
gv: x11 output driver not found
Bug #1024318 {Done: Sebastian Ramacher } [ghostscript]
gv: x11 output driver not found
Added tag(s) experimental.
Added tag(s) experimental.
Bug #1024327 [ghostscript] gv hangs on any file
Marked Bug as done
Marked as fixed in versions ghostscript/10.0.0~dfsg-8.
Marked as found in versions ghostscript/10.0.0~dfsg-6.
Merged 1023330 1024318 1024327
> affects -1 gv
Bug #1024327 {Done: Sebastian Ramacher } [ghostscript] gv
hangs on any file
Bug #1023330 {Done: Sebastian Ramacher } [ghostscript]
ghostscript 10.0.0~dfsg-6: x11 support missing, thus 'gv 1:3.7.4-2+b1' is
failing
Bug #1024318 {Done: Sebastian Ramacher } [ghostscript]
gv: x11 output driver not found
Added indication that 1024327 affects gv
Added indication that 1023330 affects gv
Added indication that 1024318 affects gv
--
1023330: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023330
1024318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024318
1024327: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024327
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: Re: Processed: Re: Bug#1024327: gv hangs on any file
Processing commands for cont...@bugs.debian.org:
> tags 1023330 - experimental
Bug #1023330 {Done: Sebastian Ramacher } [ghostscript]
ghostscript 10.0.0~dfsg-6: x11 support missing, thus 'gv 1:3.7.4-2+b1' is
failing
Bug #1024318 {Done: Sebastian Ramacher } [ghostscript]
gv: x11 output driver not found
Bug #1024327 {Done: Sebastian Ramacher } [ghostscript] gv
hangs on any file
Removed tag(s) experimental.
Removed tag(s) experimental.
Removed tag(s) experimental.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1023330: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023330
1024318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024318
1024327: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024327
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1025710: bullseye-pu: package awstats/7.8-2+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: awst...@packages.debian.org, car...@debian.org
Control: affects -1 + src:awstats
Hi Stable release managers,
awstats is prone to a XSS vulnerability, but it does not warrant a
DSA. Following the QA upload to unstable (which should migrate in two
days), I would like to propose the change as well for stable and have
it included in the next point release.
CVE-2022-46391 is assigned to the issue (Cf. #1025410)
https://github.com/eldy/AWStats/pull/226
[ Impact ]
Issue remains open, but might be cherry-picked as well for furture
upload via security or in the next point release.
[ Tests ]
None specific
[ Risks ]
It is a targetted fix for the reporte XSS vulnerability.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
* fix cross site scripting (CVE-2022-46391) (Closes: #1025410)
[ Other info ]
Nothing I'm aware of.
Regards,
Salvatore
diff -Nru awstats-7.8/debian/changelog awstats-7.8/debian/changelog
--- awstats-7.8/debian/changelog2021-02-02 08:56:57.0 +0100
+++ awstats-7.8/debian/changelog2022-12-07 21:47:25.0 +0100
@@ -1,3 +1,10 @@
+awstats (7.8-2+deb11u1) bullseye; urgency=medium
+
+ * QA upload.
+ * fix cross site scripting (CVE-2022-46391) (Closes: #1025410)
+
+ -- Salvatore Bonaccorso Wed, 07 Dec 2022 21:47:25 +0100
+
awstats (7.8-2) unstable; urgency=high
* QA upload.
diff -Nru awstats-7.8/debian/patches/fix-cross-site-scripting.patch
awstats-7.8/debian/patches/fix-cross-site-scripting.patch
--- awstats-7.8/debian/patches/fix-cross-site-scripting.patch 1970-01-01
01:00:00.0 +0100
+++ awstats-7.8/debian/patches/fix-cross-site-scripting.patch 2022-12-07
21:47:25.0 +0100
@@ -0,0 +1,29 @@
+From: rekter0 <58881147+rekt...@users.noreply.github.com>
+Date: Mon, 7 Nov 2022 15:12:03 +0100
+Subject: fix cross site scripting
+Origin:
https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965
+Bug: https://github.com/eldy/AWStats/pull/226
+Bug-Debian: https://bugs.debian.org/1025410
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-46391
+
+xss due to printing response from Net::XWhois without proper checks
+---
+ wwwroot/cgi-bin/plugins/hostinfo.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/wwwroot/cgi-bin/plugins/hostinfo.pm
b/wwwroot/cgi-bin/plugins/hostinfo.pm
+index 95b2c20b7b91..1f0ac699459d 100644
+--- a/wwwroot/cgi-bin/plugins/hostinfo.pm
b/wwwroot/cgi-bin/plugins/hostinfo.pm
+@@ -181,7 +181,7 @@ sub BuildFullHTMLOutput_hostinfo {
+
+ &tab_head("Full Whois Field",0,0,'whois');
+ if ($w && $w->response()) {
+- print "".($w->response())."\n";
++ print "".CleanXSS($w->response())."\n";
+ }
+ else {
+ print "The Whois command failed.Did the
server running AWStats is allowed to send WhoIs queries (If a firewall is
running, port 43 should be opened from inside to outside) ?\n";
+--
+2.38.1
+
diff -Nru awstats-7.8/debian/patches/series awstats-7.8/debian/patches/series
--- awstats-7.8/debian/patches/series 2021-02-02 08:56:57.0 +0100
+++ awstats-7.8/debian/patches/series 2022-12-07 21:47:25.0 +0100
@@ -11,3 +11,4 @@
2008_twitter.patch
2009_googlesearch.patch
0013-Only-look-for-configuration-in-dedicated-awstats-dir.patch
+fix-cross-site-scripting.patch
Processing of awstats_7.8-2+deb11u1_sourceonly.changes
awstats_7.8-2+deb11u1_sourceonly.changes uploaded successfully to localhost along with the files: awstats_7.8-2+deb11u1.dsc awstats_7.8-2+deb11u1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
awstats_7.8-2+deb11u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new
Thank you for your contribution to Debian. Mapping bullseye to stable. Mapping stable to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 07 Dec 2022 21:47:25 +0100 Source: awstats Architecture: source Version: 7.8-2+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian QA Group Changed-By: Salvatore Bonaccorso Closes: 1025410 Changes: awstats (7.8-2+deb11u1) bullseye; urgency=medium . * QA upload. * fix cross site scripting (CVE-2022-46391) (Closes: #1025410) Checksums-Sha1: ec5cddb2bd4c1011ad0baeeae4a8c90a5d6a5016 2021 awstats_7.8-2+deb11u1.dsc 952c8ed48eb3ce28f6018bb0845e6f01a4bee8ab 37756 awstats_7.8-2+deb11u1.debian.tar.xz Checksums-Sha256: ca9da35899cdad77a22a7dce6964f84069f93f9dc3c50ddfd7b5ec0836c0553c 2021 awstats_7.8-2+deb11u1.dsc f62a8e1958191980f2422f63e3ccf7b0405a319ec164c1c04a3733c908b08edf 37756 awstats_7.8-2+deb11u1.debian.tar.xz Files: 61a560a17332ba944cceb0f391fd8f54 2021 web optional awstats_7.8-2+deb11u1.dsc 31b4f4d7781a5a25da22216afd2a2355 37756 web optional awstats_7.8-2+deb11u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmOQ/MFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EBrUP+wUDJgr1eLDXRola66NSP+57qfCQqfbx V5txJXZHqlmz3B5lD/EAnGj16QUS0b1d58r37uet8PZAOul+A646wf9w9XEIXWBD heRogjsLiShAQnnQ/tnQL48n8kqpjzSk8HQposlUrxAPgu9JglDro/AD5zGG3oGb Y5Hz4e+nE9jaVFUbdUghlMXHMSJ4S5V0IrkDqvaNCcM54+YVc8fK6R/P41qtAgsX /SSq5vK6bOnSIgudOuqJvAsHAsxML1cPNy9uHL073+k5krVpYNGRas+XzARv1rZB MRu+LCLDFErPgRCPZtvsBmP03LN3yEJ/9wC0s++5xQ8u5zdILTAsaGAoAcL3CFU8 K9URyLSBXI3j10m3BBZQ+x5ymV/o+JL5uFt+w3M9O6RbHfd12Ni12RNE8mos+vm8 SMkbLEi9l22XYVpblie5rTfyZUaycp5OZ0MXK3WI3eg8QPismJqAh1WluQHA2Cnv BtHReHUwNTB3WxthjLoe7GyW10igGPOZ+Q0ompLoZBS3ZpHSuNxOIfjgynp7qyxQ ZSgcF5+xvar43fD9kXb0g0ekUMD/CLmWtaAgdiw5M5IWVK2IvCVz/xQeJaa/eCuQ /WR2L+NGBYsJTmxbViV+K8cNvtU0tDAB5lh3zFVncajj+h4Y9ShZPedjYLGNCzDM TTmN4ezaZde7 =926q -END PGP SIGNATURE-
Processing of jamulus_3.9.1+dfsg-1~bpo11+1_source.changes
jamulus_3.9.1+dfsg-1~bpo11+1_source.changes uploaded successfully to localhost along with the files: jamulus_3.9.1+dfsg-1~bpo11+1.dsc jamulus_3.9.1+dfsg.orig.tar.gz jamulus_3.9.1+dfsg-1~bpo11+1.debian.tar.xz jamulus_3.9.1+dfsg-1~bpo11+1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
jamulus_3.9.1+dfsg-1~bpo11+1_source.changes ACCEPTED into bullseye-backports
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 07 Dec 2022 15:57:32 -0500 Source: jamulus Architecture: source Version: 3.9.1+dfsg-1~bpo11+1 Distribution: bullseye-backports Urgency: medium Maintainer: Debian QA Group Changed-By: Boyuan Yang Changes: jamulus (3.9.1+dfsg-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. Checksums-Sha1: 89f5cc6f9232cc4dd4e285ad4f07a7049b114037 2003 jamulus_3.9.1+dfsg-1~bpo11+1.dsc 96b09d6924963ccb1b2db73a82c8752b7f22cf1d 3626171 jamulus_3.9.1+dfsg.orig.tar.gz 0f9c1e7ac61763df406dd9ecc283d2ea46e40052 9368 jamulus_3.9.1+dfsg-1~bpo11+1.debian.tar.xz 974bb7b16eae6f2df3f83bd41bbaa66eca16d0a3 13107 jamulus_3.9.1+dfsg-1~bpo11+1_amd64.buildinfo Checksums-Sha256: 4490e04a0ce8098ff4394fa56957ade51d730cc0c9b077ac69c617d9f01401b5 2003 jamulus_3.9.1+dfsg-1~bpo11+1.dsc 97b9e510ae6eb2a14c54b97721c811fc424c019bf6e4a59938f781d2fc5ebf36 3626171 jamulus_3.9.1+dfsg.orig.tar.gz 55d693ef83f4a1cfa45bc01fdc62a6c1dbc23ef805e2ba6494f9faaf886c6173 9368 jamulus_3.9.1+dfsg-1~bpo11+1.debian.tar.xz 386a16dea96ea693e546c45ee52cacfaf8adc36731fe719f09a4093bfd4391de 13107 jamulus_3.9.1+dfsg-1~bpo11+1_amd64.buildinfo Files: 4616cbe416233a8e0451b479d155b0cb 2003 sound optional jamulus_3.9.1+dfsg-1~bpo11+1.dsc 75e0e9d73657cb89ed8f16b752169c78 3626171 sound optional jamulus_3.9.1+dfsg.orig.tar.gz 18de03c625ea263384404c5b7b0e2ae2 9368 sound optional jamulus_3.9.1+dfsg-1~bpo11+1.debian.tar.xz d0e7cc653e3c116c6c3d76fd06b5a36d 13107 sound optional jamulus_3.9.1+dfsg-1~bpo11+1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmOQ/xUACgkQwpPntGGC Ws7bUBAAmG9rK5Z5gmefOPdqxCaGDN17Peq5NQeJi/IoCtvsBDdD8SbX/mLnvOkC 6Xc36zawGgwRZup4XJSzdUqdkCdKKFn8qS3XSgeYc+xYooy9NT9LG/ziV3Xvuqzc 8+Qjhk37kQVmqldA1v+ErYmgtvlEZt3+67ojXfXWl1FjvlvQqHfqjhPccS/Motg/ NCzu/Xqx2cdIdJBsgMJz7JkerFnRYVN+WNMkG+eeOv9Ligrp9i39ADlZfheOZbFK mV+2Tx7iimLfJ8hEQOvEsmtIrUlMqKyo3oT6Hze3Gw/LjTf7ojd2Qwa1uanrElkg QImvw06NkNi5ROK9D2qb688Pnld0dVJ61sileJLX4x/OZICLilliTAUw+XTNCe6K kxXxC4xySUrrtXTaeSrLdvmEfEi5NY/oLWlIQ7vF7f0I8nHO+aFMupF5NMWuu1RO 6cfFzocRwIKiq4D/swB8qYDYOHpLapE7XQ36x9PWNnb8iPcW32LF86bN+cbw+QMq s0Lpm175JrqlXicLtgaI2uEHjO3LTqj+MRf6F7oKEv3Bmry09kk5pqpIHY9se5Ka 6Md1NYL9mtIk7U4xcB9BXf+nO4Rp/WUJNVIg1csCWfa4pkHdvi3p5zxkBRSuMRx2 PcagdlKrH+siqcnKQRr3uDVWhqSPIdRetJCodYTKjjE2uyl0muw= =frlZ -END PGP SIGNATURE-
Processing of dbtoepub_0+svn9904-7_source.changes
dbtoepub_0+svn9904-7_source.changes uploaded successfully to localhost along with the files: dbtoepub_0+svn9904-7.dsc dbtoepub_0+svn9904-7.debian.tar.xz dbtoepub_0+svn9904-7_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
dbtoepub_0+svn9904-7_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 07 Dec 2022 22:06:39 + Source: dbtoepub Architecture: source Version: 0+svn9904-7 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Jelmer Vernooij Changes: dbtoepub (0+svn9904-7) unstable; urgency=medium . * QA upload. . [ Debian Janitor ] * Apply multi-arch hints. + dbtoepub: Add :any qualifier for ruby dependency. Checksums-Sha1: 855581464929340acd12c5cf317400401e97954c 1930 dbtoepub_0+svn9904-7.dsc 821b00226cc93e764c5229d7e9902b1bdcfb6fca 6052 dbtoepub_0+svn9904-7.debian.tar.xz eb7b4472a67a38b4e6610ebcb827767e0e67810a 6110 dbtoepub_0+svn9904-7_amd64.buildinfo Checksums-Sha256: 41af5d29eda6a4dddc76c6ac1da7c9d9c573c248484e144c1550839aabe4b486 1930 dbtoepub_0+svn9904-7.dsc 567a1e03bf59bdc34d3ec735834594f7b12f9bdf1a8d6d4e058b06bdf705a308 6052 dbtoepub_0+svn9904-7.debian.tar.xz 5614a629c2b501218fe918a131280718c56d19275033a1ba6c26ed306d94b312 6110 dbtoepub_0+svn9904-7_amd64.buildinfo Files: 42241d7e9131460ff26dd18a7b3346aa 1930 text optional dbtoepub_0+svn9904-7.dsc 7a21ad2ab61e32cf6a0ba4f568141618 6052 text optional dbtoepub_0+svn9904-7.debian.tar.xz d3048346d0f970274382a7350bca1043 6110 text optional dbtoepub_0+svn9904-7_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIyBAEBCgAdFiEEsjhixBXWVlpOhsvXV5wWDUyeI+gFAmORDqYACgkQV5wWDUye I+g2Mg/3ejjbNX11366nuEw4kJjvktCKEbSVAgCU0h3qhn7q51rw5I4Sz5+Kiu5Y +FPmxCrHNBRLm8P7nga39vK31lEPVqOFFYDZo2Dziry5mMIXFq7ZusCUDgXEfzdx ujHVZZUI0wQhvbSnglUAkZAYjQrHcmWm6k3CApFtjOGm3Cbc8iPtuua5cbyM+vbu nWiNRmbMbkJ2ceiuCV7335PdE7DLs0uk9eoWhO60ZONxRsrGLbyHyuScES8RY+ol IDl3kilzNUZs9wNsZZ8VvAHYMDE+BRnDf3nO/LmnF2qfbQXkNYIpgVk1p5dTuBmG MBGgD7MZVYYyjDOEXZZLzvB2Nb2fJrRVEaF6EGGS9jEECi/cbbcIsJ81CPHuJ3hJ JLwsPZdwivXA7Xgbn2kaeKahfz7urYdaGsoI9mRVnWp40l2IK/0N+QeTr+tYrkNR geh+O7AplAlxaRFkGqk1h7HugWTzEQVbM/fLEoywGa7XXdX8UVig2cRGxWrxI/aQ Cczj6fvwPfgWUYc6tuhfN+54+EzxFMoOs6/3imXBMxWBbFNLKyL75BkHXz6qpyrJ WYugY8alBQGd6sC6vxfwQJqcK9gmouSuWlS/u80FitSOXL5YimiB8joWOzRPO0qB wcUlIoj5qKAmeLpPtohL689OZ/ABzwctrFJ9+gN2T8fZT3o3/g== =tBKD -END PGP SIGNATURE-
Bug#1025723: qpsmtpd: [INTL:pt_BR] Brazilian Portuguese debconf templates translation
Package: qpsmtpd Tags: l10n patch Severity: wishlist Hello, Could you please update this Brazilian Portuguese translation? Attached you will find the file pt_BR.po. It is UTF-8 encoded and tested with msgfmt and podebconf-display-po. Kind regards. -- Paulo Henrique de Lima Santana (phls) Belo Horizonte - Brasil Debian Developer Site: http://phls.com.br GPG ID: 0443C450 pt_BR.po.gz Description: application/gzip OpenPGP_signature Description: OpenPGP digital signature
Bug#1025724: b43-fwcutter: [INTL:pt_BR] Brazilian Portuguese debconf templates translation
Package: b43-fwcutter Tags: l10n patch Severity: wishlist Hello, Could you please update this Brazilian Portuguese translation? Attached you will find the file pt_BR.po. It is UTF-8 encoded and tested with msgfmt and podebconf-display-po. Kind regards. -- Paulo Henrique de Lima Santana (phls) Belo Horizonte - Brasil Debian Developer Site: http://phls.com.br GPG ID: 0443C450 pt_BR.po.gz Description: application/gzip OpenPGP_signature Description: OpenPGP digital signature
Processing of wcd_6.0.3-4_source.changes
wcd_6.0.3-4_source.changes uploaded successfully to localhost along with the files: wcd_6.0.3-4.dsc wcd_6.0.3-4.debian.tar.xz wcd_6.0.3-4_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
wcd_6.0.3-4_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 08 Dec 2022 01:06:38 + Source: wcd Architecture: source Version: 6.0.3-4 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Jelmer Vernooij Changes: wcd (6.0.3-4) unstable; urgency=medium . * QA upload. . [ Debian Janitor ] * Bump debhelper from old 12 to 13. * Update standards version to 4.5.1, no changes needed. * Avoid explicitly specifying -Wl,--as-needed linker flag. Checksums-Sha1: e9f335668d5505a804308671b3f2d5fdbdc11d37 1842 wcd_6.0.3-4.dsc 7e8b7128e2af506a877d30f94aa2dd62979c4b17 7036 wcd_6.0.3-4.debian.tar.xz 3e47f712a1da65fc6847a6aa89971dbd9d402bbc 7837 wcd_6.0.3-4_amd64.buildinfo Checksums-Sha256: e083d9b1b39ab24e0c5add9ddec3d6337fa2ea8af3212ebd7ad8807d5d23a196 1842 wcd_6.0.3-4.dsc 9257205a19cbeb76e3c0612da8f5f12510c92d98dc18a265bfca1733b5eb59c5 7036 wcd_6.0.3-4.debian.tar.xz 159df371a1946ed87f54ad59a3d33e5fcc501154b12f6ec076d59a003e5a 7837 wcd_6.0.3-4_amd64.buildinfo Files: ff113134e1588e35c948f708e02b9be3 1842 utils optional wcd_6.0.3-4.dsc 16dcfae0ebe4bee9dfae2572c382ea83 7036 utils optional wcd_6.0.3-4.debian.tar.xz 3d5371e0526cefd8b07a44501fe1bd41 7837 utils optional wcd_6.0.3-4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEsjhixBXWVlpOhsvXV5wWDUyeI+gFAmOROOYACgkQV5wWDUye I+jNuA/+ISE+Ma4lrMaSWsDZ59GV/dkqgCO5RIXZfaKdIJGEFbrwBirbqON+pDSg mdC1wG083DCnS8HWSQM4zUXFSi/Td7qKRV99qsTFzw3lIq4VdCwpxWC2buAK9vIC +ZdFEh7CBYXUsk90tUBe4MGAPDmrvW6QzNnQKEFQtnLmAJv+hNIZFx0H8sNPe5xa ZUtjN9o8QuUzPMb2kqb7a8wiUWBmwHLaloqdEeK/7avEP2cGMIowAShG9n/02xD+ aI5c+L5DhCy4blUr8koVk1DY3sYeDEsGZkrJI91PV+iBgpQIvveYRwrekLxPCuAu CL6dPi6++fLkHk/vijWdUL/c53sq+g9eEGlfsYn/OjHPjwiFpbV0gBBqybyvFFKu Nx6C8x6Qcp0FIB7NYagCE+a1tstoPGRZbwL43urhmLeH9kkkRyCUuMNKjU0kVH8A LThY0uOuhg9fpbMItL9CfGrmMi+1QqgshtBYTNMFbmZSb0DDnwmA9IbAAkht5Qb8 uEdJpQyJqmE8ApVmpCV0tcs+18M9F7VT7V1JF/Hk0UM5xZJbaEQvaa3r8gcaaCGD EXEPmYbQ2TjtclVEipT4I+s+eRIcrpI9Z7GLAWljr6BwskqBH/ho7fkc5Q+hQqrq AORNHs94JRhQFWCSofsJVmHMPZWqhy8BlH0hy8Fi/WGhjcbEmgM= =wQBw -END PGP SIGNATURE-
Processing of git-remote-hg_1.0.4~ds-1_source.changes
git-remote-hg_1.0.4~ds-1_source.changes uploaded successfully to localhost along with the files: git-remote-hg_1.0.4~ds-1.dsc git-remote-hg_1.0.4~ds.orig.tar.xz git-remote-hg_1.0.4~ds-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#1023804: marked as done (git-remote-hg: autopkgtest needs update for new version of git: transport 'file' not allowed)
Your message dated Thu, 08 Dec 2022 02:38:28 + with message-id and subject line Bug#1023804: fixed in git-remote-hg 1.0.4~ds-1 has caused the Debian Bug report #1023804, regarding git-remote-hg: autopkgtest needs update for new version of git: transport 'file' not allowed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1023804: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023804 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: git-remote-hg Version: 1.0.3.2~ds-2 Severity: serious X-Debbugs-CC: g...@packages.debian.org Tags: sid bookworm User: debian...@lists.debian.org Usertags: needs-update Control: affects -1 src:git Dear maintainer(s), With a recent upload of git the autopkgtest of git-remote-hg fails in testing when that autopkgtest is run with the binary packages of git from unstable. It passes when run with only packages from testing. In tabular form: passfail gitfrom testing1:2.38.1-1 git-remote-hg from testing1.0.3.2~ds-2 all others from testingfrom testing I copied some of the output at the bottom of this report. This is due to """ * Addresses the security issue CVE-2022-39253: cloning an attacker-controlled local repository could store arbitrary files in the ".git" directory of the destination repository. """ This has a nice write up: https://vielmetti.typepad.com/logbook/2022/10/git-security-fixes-lead-to-fatal-transport-file-not-allowed-error-in-ci-systems-cve-2022-39253.html Currently this regression is blocking the migration of git to testing [1]. Of course, git shouldn't just break your autopkgtest (or even worse, your package), but it seems to me that the change in git was intended and your package needs to update to the new situation. If this is a real problem in your package (and not only in your autopkgtest), the right binary package(s) from git should really add a versioned Breaks on the unfixed version of (one of your) package(s). Note: the Breaks is nice even if the issue is only in the autopkgtest as it helps the migration software to figure out the right versions to combine in the tests. More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=git https://ci.debian.net/data/autopkgtest/testing/amd64/g/git-remote-hg/28079228/log.gz Initialized empty Git repository in /tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/sub/.git/ [master (root-commit) be983cd] init Author: A U Thor 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 empty Initialized empty Git repository in /tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/gitrepo/.git/ Cloning into '/tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/gitrepo/sub'... fatal: transport 'file' not allowed fatal: clone of '/tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/sub' into submodule path '/tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/gitrepo/sub' failed not ok 52 - push with submodule OpenPGP_signature Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Source: git-remote-hg Source-Version: 1.0.4~ds-1 Done: Paul Wise We believe that the bug you reported is fixed in the latest version of git-remote-hg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1023...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Wise (supplier of updated git-remote-hg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 08 Dec 2022 10:00:03 +0800 Source: git-remote-hg Architecture: source Version: 1.0.4~ds-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Paul Wise Closes: 1023804 Changes: git-remote-hg (1.0.4~ds-1) unstable; urgency=medium . * QA upload. * New u
Processing of omnievents_2.6.2-5.1+deb11u1_source.changes
omnievents_2.6.2-5.1+deb11u1_source.changes uploaded successfully to localhost along with the files: omnievents_2.6.2-5.1+deb11u1.dsc omnievents_2.6.2-5.1+deb11u1.debian.tar.xz omnievents_2.6.2-5.1+deb11u1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
git-remote-hg_1.0.4~ds-1_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 08 Dec 2022 10:00:03 +0800 Source: git-remote-hg Architecture: source Version: 1.0.4~ds-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Paul Wise Closes: 1023804 Changes: git-remote-hg (1.0.4~ds-1) unstable; urgency=medium . * QA upload. * New upstream release. - Drop patches merged upstream - Fixes test failure with git security update (Closes: #1023804) * Update standards version to 4.6.1, no changes needed. Checksums-Sha1: 2af2e9de1b4ef6a785fcff86011eb017f110be87 2099 git-remote-hg_1.0.4~ds-1.dsc b2493b665ba8831b2c3206213e179a0996c61ec2 51200 git-remote-hg_1.0.4~ds.orig.tar.xz c13dc3b40d3bd26bb97a51754236acfe5b86defc 5832 git-remote-hg_1.0.4~ds-1.debian.tar.xz Checksums-Sha256: f01b60435e0b056525689a9e323db766ebb675cbdf72ba22264935bdf6d3fc97 2099 git-remote-hg_1.0.4~ds-1.dsc bd9b0941738a1fbb52c79d33acb64fd21007618c5897b8a46fb544b43b945be8 51200 git-remote-hg_1.0.4~ds.orig.tar.xz 0f073b71b012814912c88e956beb5cde05a9a89d26ae4487d54648fc3750a018 5832 git-remote-hg_1.0.4~ds-1.debian.tar.xz Files: e2984c01f04ea53eeb3d222a885d88a7 2099 vcs optional git-remote-hg_1.0.4~ds-1.dsc 4ca99192234044a51150433e428f4b6a 51200 vcs optional git-remote-hg_1.0.4~ds.orig.tar.xz fed78c86ab45d7080ec516b9c38f073e 5832 vcs optional git-remote-hg_1.0.4~ds-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmORSUUACgkQMRa6Xp/6 aaNXvhAAqmDgEO5tZvNNOqYhTGU23b9iGpiktioGlBkpMxCRU72NWSU8MMJwSGGW BadFlbdcaMgCFkN+9GKg58NUV0m7GQ8+KRz7+q0ktVwJN4fg5SjH9Mo9ayiN/Trm VYWAKqrKSbhZLdw0JqF5+qLkiE3mMpUwo1uURzgbX/QZKiiL5iWA+rhFIT/yvts4 emRiXlx7/9uIRql18luvYXxchT4zKk96m/kla6U+TFUwCHb3nfGQJrcbkNSLC+JL a8Hr1yr/HNcpEsM1EDp8Y1beAt/v9hPLTg/QACwlzb6wigKKZxUxZxBZ3mFNSdWS Km8lMdnsSy3ftOZRxeydvgaDxUBhkE2KbrokzvfoHlzJV/ZnO6xSwT/14mFXMgez JeE1BRh3A8TQTYV9o6Uryxtkc3aKUS8U/ShVfX9VAN0BILlKBzoxYGjkb70mMKnm LUsfQJG4BYZyZJmxoaS4akuwW7HJv3OREW4aYknIaozjDdeuqQzNW93v0oOGGvie c3/qQnouL/T+dUgkm3sT31mRWcj2D2q/MDjLxgKqAhuTBOspBWh1MrcX+DCbOcJb Hjk4N4Ub+G5x8NdBh9uz4lN9qd/yd/3cs6l6TyOhzyOPQ9yIzrRdpU5ypXBHRaRW ACohUcskZx1aQc8cje9HeMOA8q+UeyH+MeL4xHhzP+6ab6x1MPU= =vqqC -END PGP SIGNATURE-
omnievents_2.6.2-5.1+deb11u1_source.changes ACCEPTED into proposed-updates->stable-new
Thank you for your contribution to Debian. Mapping bullseye to stable. Mapping stable to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 28 Nov 2022 17:20:30 -0300 Source: omnievents Architecture: source Version: 1:2.6.2-5.1+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian QA Group Changed-By: Guilherme de Paula Xavier Segundo Closes: 989339 Changes: omnievents (1:2.6.2-5.1+deb11u1) bullseye; urgency=medium . * debian/control: Added 'libjs-jquery' as a dependency of 'omnievents-doc' to fix broken symlinks that prevent reading part of the documentation. . Closes: #989339 Checksums-Sha1: 2cd8e0d8b6e1c8d4c30c63dd8afd98f04a63f1dc 2260 omnievents_2.6.2-5.1+deb11u1.dsc afe27995d8a04b882a85c12e6c85fbe8a79e6e7e 5996 omnievents_2.6.2-5.1+deb11u1.debian.tar.xz 3e74469c6e7179cb185d5c60cb5907d55b1789f2 8392 omnievents_2.6.2-5.1+deb11u1_source.buildinfo Checksums-Sha256: 4168d9c646ab6bbaa3667ac8a93d0184411c4bf676345f33feb0a0882065e9c6 2260 omnievents_2.6.2-5.1+deb11u1.dsc 45b3abd118038d69701553c6174f9f960260251efa19bdc5110a79e24108ab30 5996 omnievents_2.6.2-5.1+deb11u1.debian.tar.xz 27c0f58dd461e7516b2a86428460fd0e1a643b31909e10ce2cf1f2428f3b8229 8392 omnievents_2.6.2-5.1+deb11u1_source.buildinfo Files: 0eb15d2ab1c5f7ac40a6ee8dabd20b11 2260 net optional omnievents_2.6.2-5.1+deb11u1.dsc 8ee89932fb53bd083106df39e96daca8 5996 net optional omnievents_2.6.2-5.1+deb11u1.debian.tar.xz 2aa85847a7eb516d64ac8ae9c8662346 8392 net optional omnievents_2.6.2-5.1+deb11u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAmOGTSoACgkQ3mO5xwTr 6e/tZBAAhLv1g3+WVDyOpeEcCjDiVmSqPBDlyg/3yX7Qt2K/qsDvr9ALFxwUHv7y vyFOo1n37fTmPx0uQSqavOM161v8ajL4BOCDQ2l4EzE5sHfQKzDq8fCyAawsqKzo fz6bUExISnZqQ30p7xh0qJ6d/oWKmllJ0TdSM0SuCEr3IwMUynx97nPuCyvTQqfN DjyrXWEjjJ21lxjfC9Kv+w4Ec1MncFSApHsbofhA7K8SHOL+UYFoWmNEwZQ2u6Fb +cyTnM9pmt8hLyhe1TefjSjkwcLVR0rQuTpbpdyRGdjyPjzdXSqELyzCmoRFD0vF fRubF8NjTzPFZlx2uvo8fzPYr7a6VAjJR8JtKzfKgP/aTnJDwt4uP2vlMM8o1og0 zvReRfmcCvd63gTbBxv58sLv0ZELBKcmX8bV9CvCW6kTLkA1D8d5JHjn59MWG51D MFAIe9dYzu01dR5Qa6GJT9B3UB5La4P5KJJm+r2n+UbpgcDvcw9qRzJs4TO7o46/ NbU02gET5NrEJc15beiBhgBFMLN+C/sNpmqq+CFpdFYN7kbgEdvWeVM4wc32ktoh qNrnOFRlAN20Ms7Lyx+H/0hJ09+92LK6Dq6WdRck5qUpn/alAAnwQfm5btFfHBsO r2S1pBjTJakoSg9I32DVQtrVVGIxExxhEWyXL7NEj0AWFuOKywY= =ybVU -END PGP SIGNATURE-
spellutils_0.7+debian-1~bpo11+1_amd64.changes is NEW
binary:spellutils is NEW. binary:spellutils is NEW. source:spellutils is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid), so please be patient. Packages are routinely processed through to the archive, and do feel free to browse the NEW queue[1]. If there is an issue with the upload, you will receive an email from a member of the ftpteam. If you have any questions, you may reply to this email. [1]: https://ftp-master.debian.org/new.html or https://ftp-master.debian.org/backports-new.html for *-backports
python-restless is marked for autoremoval from testing
python-restless 2.2.0-2 is marked for autoremoval from testing on 2023-01-12 It (build-)depends on packages with these RC bugs: 1025117: python-pyramid: (autopkgtest) needs update for python3.11: 'Translations' object has no attribute 'lgettext' https://bugs.debian.org/1025117 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl
