From adrelanos at whonix.org Sat May 1 10:00:13 2021 From: adrelanos at whonix.org (Patrick Schleizer) Date: Sat, 1 May 2021 09:00:13 +0000 Subject: [Pkg-xmpp-devel] Bug#987876: Gajim update invalidates encryption settings Message-ID: <7bfc2047-9a0f-6fc1-5f41-ee70c859615b@whonix.org> Package: gajim Severity: important X-Debbugs-CC: whonix-devel at whonix.org Quote https://dev.gajim.org/gajim/gajim/-/issues/10527 > Steps to reproduce: > > Configure gajim to encrypt messages using OMEMO to a specific contact > Update Gajim to 1.3.1 > Restart Gajim, update the plugins > Try to send a message > Expected outcome: the message is encrypted, encryption settings are "OMEMO" > Actual outcome: the message is not encrypted, encryption settings are "unencrypted" > > This is a security issue, because users might send messages thinking they're going to be encrypted, unaware of the fact that the upgrade reset the encryption settings. From taowa at debian.org Fri May 14 03:38:39 2021 From: taowa at debian.org (Taowa) Date: Thu, 13 May 2021 22:38:39 -0400 Subject: [Pkg-xmpp-devel] Gajim, Dino, other Salsa repos don't support merge requests In-Reply-To: References: <7a55f31d3b399dc39b514cb85404290cc0723539.camel@posteo.net> Message-ID: <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> Hi Martin, Martin, 2021-04-08 16:32 -0400: > We really need more active people in the team. E.g. I would love > to see regular experimental packages of some clients git > masters. That would give the software more testing, and some > people just love to play with the latest stuff. But that needs > more hands. I'm interested in taking you up on that. Would you be alright with me uploading dino-im's git master to experimental once it's a bit more stable? I'd love to see support for calls in dino in experimental. Thanks! Taowa -- Taowa (they) people.debian.org/~taowa LOC FN35EL From debacle at debian.org Fri May 14 08:51:28 2021 From: debacle at debian.org (Martin) Date: Fri, 14 May 2021 07:51:28 +0000 Subject: [Pkg-xmpp-devel] Gajim, Dino, other Salsa repos don't support merge requests In-Reply-To: <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> References: <7a55f31d3b399dc39b514cb85404290cc0723539.camel@posteo.net> <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> Message-ID: <87sg2peosf.fsf@fama.lan> On 2021-05-14 02:38, Taowa wrote: > I'm interested in taking you up on that. Would you be alright with me > uploading dino-im's git master to experimental once it's a bit more > stable? I'd love to see support for calls in dino in experimental. That would be awesome! Feel free to jump in and also to add your name to Uploaders. >From what I heard, the current version is already half-working with Conversations (Android) and Siskin (iOS), so it probably makes sense to package it right away. That would allow more people to test. In fact, I already started that, but got stuck with a strange problem, that non-release versions of Dino fail to build in pbuilder. With `dpkg-buildpackage` it builds fine, however. I'm pretty stupid when it comes to cmake, which is probably to blame here. I'll push the upstream/master, pristine-tar, and debian/experimental branches, so that you can start from there, OK? Cheers, Martin From ftpmaster at ftp-master.debian.org Fri May 14 08:52:06 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Fri, 14 May 2021 07:52:06 +0000 Subject: [Pkg-xmpp-devel] Processing of prosody_0.11.9-1_source.changes Message-ID: prosody_0.11.9-1_source.changes uploaded successfully to localhost along with the files: prosody_0.11.9-1.dsc prosody_0.11.9.orig.tar.gz prosody_0.11.9-1.debian.tar.xz prosody_0.11.9-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Fri May 14 09:16:42 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Fri, 14 May 2021 08:16:42 +0000 Subject: [Pkg-xmpp-devel] prosody_0.11.9-1_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 May 2021 09:17:12 +0200 Source: prosody Architecture: source Version: 0.11.9-1 Distribution: unstable Urgency: high Maintainer: Debian XMPP Maintainers Changed-By: Victor Seva Changes: prosody (0.11.9-1) unstable; urgency=high . * New upstream version 0.11.9 addressing several security issues - https://prosody.im/security/advisory_20210512/ + CVE-2021-32918 + CVE-2021-32920 + CVE-2021-32921 + CVE-2021-32917 + CVE-2021-32919 * refresh patches Checksums-Sha1: e8ad347ee2392f6d3313d08e018fc5adac058f0d 1873 prosody_0.11.9-1.dsc 632c2dd7794d344d4edbcea18fc1b5f623da5ca4 431647 prosody_0.11.9.orig.tar.gz 08d484b712d25e99d701cc450c9e18fff40156f3 28284 prosody_0.11.9-1.debian.tar.xz fd5e5e3f5a0e147a0b90c84145908b87004d86a3 6518 prosody_0.11.9-1_amd64.buildinfo Checksums-Sha256: 4490c7565871e1270cbb2ce50b3d5d339b55edef729b2531706729ef4820d66f 1873 prosody_0.11.9-1.dsc ccc032aea49d858635fb93644db276de6812be83073a8d80e9b4508095deff09 431647 prosody_0.11.9.orig.tar.gz 7445716669c8bf6326482b312a482bd415af11c059c1130ec153c12c2f19f97c 28284 prosody_0.11.9-1.debian.tar.xz c6499637757c98c1fb40f325cc912d2390d7705005c848f1ecdbc0212a2a0e4d 6518 prosody_0.11.9-1_amd64.buildinfo Files: ed301a4a2248138b250a19e388c64574 1873 net optional prosody_0.11.9-1.dsc be7e1c66c06b0eb4bdce37b67bcc6b51 431647 net optional prosody_0.11.9.orig.tar.gz 3d9e3916e40e67c994a6e6c3d0a584a1 28284 net optional prosody_0.11.9-1.debian.tar.xz ec3f10d241458d9c50d50b7f9cee6542 6518 net optional prosody_0.11.9-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCgAvFiEEDmBQEMrYIhRFqKAgIXSmjn2oLMcFAmCeKj8RHHZzZXZhQGRl Ymlhbi5vcmcACgkQIXSmjn2oLMdboQf+KA/6aPQkH5vS+eDiFhpDire0Uny2AGg0 nInHzgwPBFkZxqTzvODAtqO2vACuaeHK041U1hwUcWv4Fnvatobmx6p/cLYr8Af7 VtANwHKM9RG43IuveQKPB2P/X5iEX4DN+/p+a+0EnBWcSptNvZPJ7Zwsy1ezEu/0 BdAf8pWWyclNTgBO7DKfoc0d5WyF0dpVyMwCNvM0LMtVthrMBV3b1os3IB2UzE8n lDG34sX+qjnNXOmT6AM3Km0hFpbyOG6zaN1Wy87+zvTJcOHhSj2ZJa75ZiUCsRGe SczgLg8zGy1ZLfGhRwfuyGgo67cGOA8L5BZ84NpTqf34RiPMy1z9sA== =D+An -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From michel at lebihan.pl Fri May 14 09:02:42 2021 From: michel at lebihan.pl (Michel Le Bihan) Date: Fri, 14 May 2021 10:02:42 +0200 Subject: [Pkg-xmpp-devel] Gajim, Dino, other Salsa repos don't support merge requests In-Reply-To: <87sg2peosf.fsf@fama.lan> References: <7a55f31d3b399dc39b514cb85404290cc0723539.camel@posteo.net> <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> <87sg2peosf.fsf@fama.lan> Message-ID: <88580ecc28dd7946998977d20a5ffacbb096d853.camel@lebihan.pl> Hello, I don't think it's time to package Dino for experimental yet. The feature is very new and there are already known problems with it. I would wait at least a week or two until they fix them and give time for testers to discover any potential regressions. Michel Le Bihan Le vendredi 14 mai 2021 ? 07:51 +0000, Martin a ?crit?: > > On 2021-05-14 02:38, Taowa wrote: > > I'm interested in taking you up on that. Would you be alright with > > me > > uploading dino-im's git master to experimental once it's a bit more > > stable? I'd love to see support for calls in dino in experimental. > > That would be awesome! > Feel free to jump in and also to add your name to Uploaders. > > From what I heard, the current version is already half-working with > Conversations (Android) and Siskin (iOS), so it probably makes sense > to > package it right away. That would allow more people to test. > > In fact, I already started that, but got stuck with a strange > problem, > that non-release versions of Dino fail to build in pbuilder. With > `dpkg-buildpackage` it builds fine, however. I'm pretty stupid when > it > comes to cmake, which is probably to blame here. > > I'll push the upstream/master, pristine-tar, and debian/experimental > branches, so that you can start from there, OK? > > Cheers, Martin > > _______________________________________________ > Pkg-xmpp-devel mailing list > Pkg-xmpp-devel at alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-xmpp-devel From taowa at debian.org Fri May 14 15:49:14 2021 From: taowa at debian.org (Taowa) Date: Fri, 14 May 2021 10:49:14 -0400 Subject: [Pkg-xmpp-devel] uploading dino to experimental [was: Gajim, Dino, other Salsa repos don't support merge requests] In-Reply-To: <87sg2peosf.fsf@fama.lan> References: <7a55f31d3b399dc39b514cb85404290cc0723539.camel@posteo.net> <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> <87sg2peosf.fsf@fama.lan> Message-ID: <20210514144913.7ykdbogojy5flhma@tarteausucre.boxen.rosetwig.systems> Hi Martin, Michel, Martin, 2021-05-14 04:04 -0400: > That would be awesome! > Feel free to jump in and also to add your name to Uploaders. > > From what I heard, the current version is already half-working with > Conversations (Android) and Siskin (iOS), so it probably makes sense to > package it right away. That would allow more people to test. Michel Le Bihan, 2021-05-14 04:19 -0400: > I don't think it's time to package Dino for experimental yet. The > feature is very new and there are already known problems with it. I > would wait at least a week or two until they fix them and give time for > testers to discover any potential regressions. I'll freely admit that waiting was both because of the issues above, as well as having just sent the last mail in my NM process, meaning that in an absolute best-case scenario I'll have uploading privileges by the 24th or whenever keyring-maint does their next push. (If not, I could always submit the package for sponsorship or get DM privileges on it.) > In fact, I already started that, but got stuck with a strange problem, > that non-release versions of Dino fail to build in pbuilder. With > `dpkg-buildpackage` it builds fine, however. I'm pretty stupid when it > comes to cmake, which is probably to blame here. > > I'll push the upstream/master, pristine-tar, and debian/experimental > branches, so that you can start from there, OK? Thanks for the warning, and the push, and I'll take a look! Taowa -- Taowa (they) people.debian.org/~taowa LOC FN35EL From debacle at debian.org Sat May 15 18:43:08 2021 From: debacle at debian.org (Martin) Date: Sat, 15 May 2021 17:43:08 +0000 Subject: [Pkg-xmpp-devel] Gajim, Dino, other Salsa repos don't support merge requests In-Reply-To: <88580ecc28dd7946998977d20a5ffacbb096d853.camel@lebihan.pl> References: <7a55f31d3b399dc39b514cb85404290cc0723539.camel@posteo.net> <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> <87sg2peosf.fsf@fama.lan> <88580ecc28dd7946998977d20a5ffacbb096d853.camel@lebihan.pl> Message-ID: <87im3jriz7.fsf@fama.lan> On 2021-05-14 08:02, Michel Le Bihan wrote: > I don't think it's time to package Dino for experimental yet. The > feature is very new and there are already known problems with it. I > would wait at least a week or two until they fix them and give time for > testers to discover any potential regressions. I agree, that A/V calls do not yet work well with Dino, but I just had a semi-successful call to a Conversations user. Audio worked in both directions, but while I could see them, they could not see me. Also, after two or three minutes, their image became distorted in a pretty psychodelic way. I would not oppose early packaging for experimental, though, because I expect only few, advanced users install from there. And those can help to test and improve Dino before it goes to unstable (after release of Debian 11). I would leave this decision to Taowa - just ping me, in case you need sponsorship for upload. From taowa at debian.org Sat May 15 18:47:29 2021 From: taowa at debian.org (Taowa) Date: Sat, 15 May 2021 13:47:29 -0400 Subject: [Pkg-xmpp-devel] Gajim, Dino, other Salsa repos don't support merge requests In-Reply-To: <87im3jriz7.fsf@fama.lan> References: <7a55f31d3b399dc39b514cb85404290cc0723539.camel@posteo.net> <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> <87sg2peosf.fsf@fama.lan> <88580ecc28dd7946998977d20a5ffacbb096d853.camel@lebihan.pl> <87im3jriz7.fsf@fama.lan> Message-ID: <20210515174728.xu7ftfxp6uysk6ku@tarteausucre.boxen.rosetwig.systems> Hi all, Martin, 2021-05-15 13:43 -0400: > I would leave this decision to Taowa - just ping me, in case you need > sponsorship for upload. I've managed to get myself DM privileges on dino-im right as I received this message, but having my request to join xmpp-team approved would be lovely :). Taowa -- Taowa (they) people.debian.org/~taowa LOC FN35EM From debacle at debian.org Sat May 15 19:03:15 2021 From: debacle at debian.org (Martin) Date: Sat, 15 May 2021 18:03:15 +0000 Subject: [Pkg-xmpp-devel] Gajim, Dino, other Salsa repos don't support merge requests In-Reply-To: <20210515174728.xu7ftfxp6uysk6ku@tarteausucre.boxen.rosetwig.systems> References: <7a55f31d3b399dc39b514cb85404290cc0723539.camel@posteo.net> <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> <87sg2peosf.fsf@fama.lan> <88580ecc28dd7946998977d20a5ffacbb096d853.camel@lebihan.pl> <87im3jriz7.fsf@fama.lan> <20210515174728.xu7ftfxp6uysk6ku@tarteausucre.boxen.rosetwig.systems> Message-ID: <87eee7ri1o.fsf@fama.lan> On 2021-05-15 17:47, Taowa wrote: > having my request to join xmpp-team approved would be > lovely :). Done :-) From ftpmaster at ftp-master.debian.org Sat May 15 23:52:14 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 15 May 2021 22:52:14 +0000 Subject: [Pkg-xmpp-devel] Processing of dino-im_0.2.0+git20210515.686035c-1_source.changes Message-ID: dino-im_0.2.0+git20210515.686035c-1_source.changes uploaded successfully to localhost along with the files: dino-im_0.2.0+git20210515.686035c-1.dsc dino-im_0.2.0+git20210515.686035c.orig.tar.gz dino-im_0.2.0+git20210515.686035c-1.debian.tar.xz dino-im_0.2.0+git20210515.686035c-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From taowa at debian.org Sat May 15 23:55:01 2021 From: taowa at debian.org (Taowa) Date: Sat, 15 May 2021 18:55:01 -0400 Subject: [Pkg-xmpp-devel] dino-im in experimental In-Reply-To: <87im3jriz7.fsf@fama.lan> References: <7a55f31d3b399dc39b514cb85404290cc0723539.camel@posteo.net> <20210514023839.d4ff6ueweeesdj6x@tarteausucre.boxen.rosetwig.systems> <87sg2peosf.fsf@fama.lan> <88580ecc28dd7946998977d20a5ffacbb096d853.camel@lebihan.pl> <87im3jriz7.fsf@fama.lan> Message-ID: <20210515225501.kcanrbanszwzv3c5@tarteausucre.boxen.rosetwig.systems> Hi again all, Martin, 2021-05-15 13:43 -0400: > I would not oppose early packaging for experimental, though, because I > expect only few, advanced users install from there. And those can help > to test and improve Dino before it goes to unstable (after release of > Debian 11). In the interest of keeping everyone updated: - I've uploaded 0.2.0+git20210515.686035c-1. - I've added myself to uploaders in said upload. - I... appear to have resolved the bug with building when using sbuild. I don't really know how. - I plan on uploading to experimental as needed to keep up with new development in master. - CMake makes me sad :'( Alright, I think that's all! Taowa -- Taowa (they) people.debian.org/~taowa LOC FN35EM From ftpmaster at ftp-master.debian.org Sun May 16 00:03:30 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 15 May 2021 23:03:30 +0000 Subject: [Pkg-xmpp-devel] dino-im_0.2.0+git20210515.686035c-1_source.changes ACCEPTED into experimental Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 May 2021 18:00:00 -0400 Source: dino-im Architecture: source Version: 0.2.0+git20210515.686035c-1 Distribution: experimental Urgency: medium Maintainer: Debian XMPP Maintainers Changed-By: Taowa Changes: dino-im (0.2.0+git20210515.686035c-1) experimental; urgency=medium . [ Martin ] * add new build dependencies * remove obsolete patch . [ Taowa ] * add myself as an uploader * add a patch to enable building in sbuild Checksums-Sha1: b78b243e2ebfcb08c59f1c6b185159150c019843 2472 dino-im_0.2.0+git20210515.686035c-1.dsc 0ac9ffff02e459268f1376975d263ddf6a258f66 631606 dino-im_0.2.0+git20210515.686035c.orig.tar.gz d97894bbc18a4ee4d155b99caf346743d38ba061 8876 dino-im_0.2.0+git20210515.686035c-1.debian.tar.xz ea10f8f00dd5e44f43413ae984c27edb1ec08f7f 17856 dino-im_0.2.0+git20210515.686035c-1_amd64.buildinfo Checksums-Sha256: 839a238471b06a33e88958c9203c5cb0566a6d5ef99ce82b4541286140ea5d14 2472 dino-im_0.2.0+git20210515.686035c-1.dsc 58c185b22f2b2321ada1e8aa39b338e3327c3c41c77bdbb23aa56742125cbc39 631606 dino-im_0.2.0+git20210515.686035c.orig.tar.gz f750b65fe271586ff0d0abee300a7f5adff81b3b8984a95fee3d4705a92f3b7b 8876 dino-im_0.2.0+git20210515.686035c-1.debian.tar.xz 187bb233b7d535834c7a8f0c3a08e3ee9413e89993549e5550ab114593a403bf 17856 dino-im_0.2.0+git20210515.686035c-1_amd64.buildinfo Files: fc99852e1c0ce39e3952525a5d7b71a2 2472 net optional dino-im_0.2.0+git20210515.686035c-1.dsc 60f7af8d0be4b869e15068ab67d152da 631606 net optional dino-im_0.2.0+git20210515.686035c.orig.tar.gz c604acb807cf96506cc15d465910ce7b 8876 net optional dino-im_0.2.0+git20210515.686035c-1.debian.tar.xz 6fe4744585e0cca1864188683efb1b4d 17856 net optional dino-im_0.2.0+git20210515.686035c-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEbv8kOX6gMqkVlASsCPnj4gwseacFAmCgTeIACgkQCPnj4gws eaftrA//Z/oFX87qVfp3r3WnQChbfIaMEiM4yko6eFP6Sm9OmqhBo8V5gsHfP4Ay Y/iDpSq3HbVVnJ/AgIw5I4kauddm49L7ddLvCF85Lk2/U2KpLKdt1oPZ7TLe+tgq IiF7zLYXxc8iKawXXls4LFu0+5bRlZuAXVsIGNrMcBaPM+vC/XAVC+9TLHkkdSHZ +B/V2VJLg8VXloof6AXPJbQKLqmKGtdObuE41wE5Q39hK/ij7xpfdSH/iJjprPuj dF5kIwKmfG3uy1e3ZZhCpk4oMskdNTR4QmyAGQnKX/d0c+m+pzixt5UHQBPSMgoZ Z90qZXTuP1BFe26N8T9kvI94E+7R1nysnkGvmt6qk5xI+sP2slMdAuNDv1n9hoIg dNhzpPgl7hKQILJV6oFEGKZxMfzcorW/pHdlv8qmjx84EW6i1tPxGX8ui61eBu4P gT168jOkiobpygd+FfNWCCm+2XsWHuRpX+aUKONJTKChY5s0NKYrR26rDBnt/AuK M+oTWi1/dR8339pMK4mggFenA5eSXBfWvZkiomjs6wLOMSlplkWCK1WfpUV07Le0 gPnlxCX8jDpRAHDE8kP5zFQuD/TSevOOnwuyE2ivwy0xq5Ve69zUx6D2DU8kg/gS jeuJmQLCg4yGO7hbUxebQKd4MZZ3gvd48BSHmME9vIRci5Wgn3Q= =UVW4 -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From carnil at debian.org Mon May 17 18:08:27 2021 From: carnil at debian.org (Salvatore Bonaccorso) Date: Mon, 17 May 2021 19:08:27 +0200 Subject: [Pkg-xmpp-devel] Bug#988668: prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 Message-ID: <162127130769.2375321.17071442510761568365.reportbug@eldamar.lan> Source: prosody Version: 0.11.8-1 Severity: serious Tags: security upstream Justification: security issues, need to be fixed in testing for avoid security regression from buster X-Debbugs-Cc: carnil at debian.org, Debian Security Team Control: found -1 0.11.2-1 Control: fixed -1 0.11.2-1+deb10u1 Control: fixed -1 0.11.9-1 Hi, The following vulnerabilities were published for prosody. Those are fixed in unstable already by 0.11.9, but we need to make sure the fixed go into bullseye in particular as they are going to be fixed with 0.11.2-1+deb10u1 via buster security. Can you please contact the release team for an unblock, please? CVE-2021-32917[0]: | An issue was discovered in Prosody before 0.11.9. The proxy65 | component allows open access by default, even if neither of the users | has an XMPP account on the local server, allowing unrestricted use of | the server's bandwidth. CVE-2021-32918[1]: | An issue was discovered in Prosody before 0.11.9. Default settings are | susceptible to remote unauthenticated denial-of-service (DoS) attacks | via memory exhaustion when running under Lua 5.2 or Lua 5.3. CVE-2021-32919[2]: | An issue was discovered in Prosody before 0.11.9. The undocumented | dialback_without_dialback option in mod_dialback enables an | experimental feature for server-to-server authentication. It does not | correctly authenticate remote server certificates, allowing a remote | server to impersonate another server (when this option is enabled). CVE-2021-32920[3]: | Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood | of SSL/TLS renegotiation requests. CVE-2021-32921[4]: | An issue was discovered in Prosody before 0.11.9. It does not use a | constant-time algorithm for comparing certain secret strings when | running under Lua 5.2 or later. This can potentially be used in a | timing attack to reveal the contents of secret strings to an attacker. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-32917 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917 [1] https://security-tracker.debian.org/tracker/CVE-2021-32918 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918 [2] https://security-tracker.debian.org/tracker/CVE-2021-32919 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919 [3] https://security-tracker.debian.org/tracker/CVE-2021-32920 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920 [4] https://security-tracker.debian.org/tracker/CVE-2021-32921 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921 [5] https://prosody.im/security/advisory_20210512.txt Regards, Salvatore From owner at bugs.debian.org Mon May 17 18:21:07 2021 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 17 May 2021 17:21:07 +0000 Subject: [Pkg-xmpp-devel] Processed: closing 988668, found 988668 in 0.11.2-1, fixed 988668 in 0.11.2-1+deb10u1 References: <1621271862-3596-bts-carnil@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > close 988668 0.11.9-1 Bug #988668 [src:prosody] prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 Marked as fixed in versions prosody/0.11.9-1. Bug #988668 [src:prosody] prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 Marked Bug as done > found 988668 0.11.2-1 Bug #988668 {Done: Salvatore Bonaccorso } [src:prosody] prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 Marked as found in versions prosody/0.11.2-1. > # upcoming prosody DSA > fixed 988668 0.11.2-1+deb10u1 Bug #988668 {Done: Salvatore Bonaccorso } [src:prosody] prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 The source 'prosody' and version '0.11.2-1+deb10u1' do not appear to match any binary packages Marked as fixed in versions prosody/0.11.2-1+deb10u1. > thanks Stopping processing here. Please contact me if you need assistance. -- 988668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From ftpmaster at ftp-master.debian.org Mon May 17 21:49:03 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 17 May 2021 20:49:03 +0000 Subject: [Pkg-xmpp-devel] prosody_0.11.2-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new Message-ID: Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 May 2021 15:25:16 +0200 Source: prosody Architecture: source Version: 0.11.2-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian XMPP Maintainers Changed-By: Victor Seva Changes: prosody (0.11.2-1+deb10u1) buster-security; urgency=high . * fixes for https://prosody.im/security/advisory_20210512.txt Checksums-Sha1: 106805f4912f722f13040e7b40ae2472b41c0d0f 1844 prosody_0.11.2-1+deb10u1.dsc 0508cfc1c3c74a7eb8fdac2ed50435e190930f6a 420689 prosody_0.11.2.orig.tar.gz 4a3ad2c11c16cc12d020c41074004c2aa3958ebb 23708 prosody_0.11.2-1+deb10u1.debian.tar.xz e7990294db57794f047cbfffa54332920d4f0fe5 6302 prosody_0.11.2-1+deb10u1_amd64.buildinfo Checksums-Sha256: 63c5173f00743828596725d770df7153ff0033d3211c97baaf70bbd7ecfa2a00 1844 prosody_0.11.2-1+deb10u1.dsc 8911f6dc29b9e0c4edf9e61dc23fa22d77bc42c4caf28b809ab843b2f08e4831 420689 prosody_0.11.2.orig.tar.gz 0df1b32ced0faa37246b1ded9ca0e2977588ae763508ae47780efea6ce4ca58e 23708 prosody_0.11.2-1+deb10u1.debian.tar.xz 25a2b84d8891c54274648022b203b03ba1312b356d5502332df3af9a4a07b827 6302 prosody_0.11.2-1+deb10u1_amd64.buildinfo Files: 60ecd73c88e52761badf0a1f274f5c00 1844 net optional prosody_0.11.2-1+deb10u1.dsc b4529e0cf8e0ee82a2f677e404c3df35 420689 net optional prosody_0.11.2.orig.tar.gz d3c42a4f8b154036850a2ddb9485cda2 23708 net optional prosody_0.11.2-1+deb10u1.debian.tar.xz f055d1f2baac32958083d64ecf68c114 6302 net optional prosody_0.11.2-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCgAvFiEEDmBQEMrYIhRFqKAgIXSmjn2oLMcFAmCiVG8RHHZzZXZhQGRl Ymlhbi5vcmcACgkQIXSmjn2oLMcgxAf/SXpVRCUN+3czmXuLEN2FGehoaafMdsKk Oj8hApRJ6aCcZU7wmol2jkJtjkSeakatmRXhC8uXXtM+u2Djf2oGhAUWgGcFtSeN 0Herk+93UCTTyH7S8vRtpmXW+joUiFWd/i/8c8/lpu02HWroNApXDJ5dWeSlW744 LMCjOLYOYsebk5jsvLbizjfq1eVjYHJkWA4fx1UOy/tZwXcIpZ8zcjA0xxEUqnpX w6CrSc3qKOZFdWI5QBUQ63kjxCM34bNyV6QcOGti8Ic+bcN33z1mn98WrSqFOPJ+ OAnQXFUJqHgUij2b4CxyqX+F6C+Q/HfVDOvrL98Lh+nGyGE5n0GFUQ== =f+6h -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From noreply at release.debian.org Wed May 19 05:39:12 2021 From: noreply at release.debian.org (Debian testing watch) Date: Wed, 19 May 2021 04:39:12 +0000 Subject: [Pkg-xmpp-devel] prosody 0.11.9-1 MIGRATED to testing Message-ID: FYI: The status of the prosody source package in Debian's testing distribution has changed. Previous version: 0.11.8-1 Current version: 0.11.9-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From jf at fahrner.name Wed May 19 05:44:35 2021 From: jf at fahrner.name (J. Fahrner) Date: Wed, 19 May 2021 06:44:35 +0200 Subject: [Pkg-xmpp-devel] Bug#988756: Prosody security update breaks websocket Message-ID: <09e352d03962058fe5e6dc5ddd08b8d5@fahrner.name> Package: prosody Version: 0.11.2-1+deb10u1 After latest security update prosodys websocket aborts with the following error: May 18 08:33:07 general error Top-level error, please report: /usr/lib/prosody/net/websocket/frames.lua:76: bad argument #1 to 's_byte' (string expected, got table) May 18 08:33:07 general error stack traceback: [C]: in function 's_byte' /usr/lib/prosody/net/websocket/frames.lua:76: in function 'parse_frame_header' /usr/lib/prosody/net/websocket/frames.lua:138: in function 'parse_frame' /usr/lib/prosody/modules/mod_websocket.lua:280: in function '?' /usr/lib/prosody/util/filters.lua:25: in function 'filter' /usr/lib/prosody/modules/mod_c2s.lua:284: in function 'data' /usr/lib/prosody/modules/mod_c2s.lua:309: in function (...tail calls...) /usr/lib/prosody/net/server_select.lua:915: in function [C]: in function 'xpcall' /usr/bin/prosody:80: in function 'loop' /usr/bin/prosody:90: in main chunk [C]: in ? -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xA9189208.asc Type: application/pgp-keys Size: 5499 bytes Desc: not available URL: From owner at bugs.debian.org Wed May 19 07:18:06 2021 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Wed, 19 May 2021 06:18:06 +0000 Subject: [Pkg-xmpp-devel] Processed: affects 988756 References: <1621404897-1803-bts-carnil@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > affects 988756 + release.debian.org,security.debian.org Bug #988756 [prosody] Prosody security update breaks websocket Added indication that 988756 affects release.debian.org and security.debian.org > thanks Stopping processing here. Please contact me if you need assistance. -- 988756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988756 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From linuxmaniac at torreviejawireless.org Wed May 19 10:24:40 2021 From: linuxmaniac at torreviejawireless.org (Victor Seva) Date: Wed, 19 May 2021 11:24:40 +0200 Subject: [Pkg-xmpp-devel] Bug#988756: Prosody security update breaks websocket In-Reply-To: <09e352d03962058fe5e6dc5ddd08b8d5@fahrner.name> References: <09e352d03962058fe5e6dc5ddd08b8d5@fahrner.name> <09e352d03962058fe5e6dc5ddd08b8d5@fahrner.name> Message-ID: Hi On 5/19/21 6:44 AM, J. Fahrner wrote: > Package: prosody > Version: 0.11.2-1+deb10u1 > > After latest security update prosodys websocket aborts with the > following error: > > May 18 08:33:07 general error?? Top-level error, please report: > /usr/lib/prosody/net/websocket/frames.lua:76: bad argument #1 to > 's_byte' (string expected, got table) > May 18 08:33:07 general error > stack traceback: > ??????? [C]: in function 's_byte' > ??????? /usr/lib/prosody/net/websocket/frames.lua:76: in function > 'parse_frame_header' > ??????? /usr/lib/prosody/net/websocket/frames.lua:138: in function > 'parse_frame' > ??????? /usr/lib/prosody/modules/mod_websocket.lua:280: in function '?' > ??????? /usr/lib/prosody/util/filters.lua:25: in function 'filter' > ??????? /usr/lib/prosody/modules/mod_c2s.lua:284: in function 'data' > ??????? /usr/lib/prosody/modules/mod_c2s.lua:309: in function > > ??????? (...tail calls...) > ??????? /usr/lib/prosody/net/server_select.lua:915: in function > > ??????? [C]: in function 'xpcall' > ??????? /usr/bin/prosody:80: in function 'loop' > ??????? /usr/bin/prosody:90: in main chunk > ??????? [C]: in ? Can you please check that this version[0] would fix this issue? [0] https://www.torreviejawireless.org/prosody/prosody_0.11.2-1%2Bdeb10u2_amd64.deb From ftpmaster at ftp-master.debian.org Wed May 19 16:32:08 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Wed, 19 May 2021 15:32:08 +0000 Subject: [Pkg-xmpp-devel] prosody_0.11.2-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 May 2021 15:25:16 +0200 Source: prosody Architecture: source Version: 0.11.2-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian XMPP Maintainers Changed-By: Victor Seva Changes: prosody (0.11.2-1+deb10u1) buster-security; urgency=high . * fixes for https://prosody.im/security/advisory_20210512.txt Checksums-Sha1: 106805f4912f722f13040e7b40ae2472b41c0d0f 1844 prosody_0.11.2-1+deb10u1.dsc 0508cfc1c3c74a7eb8fdac2ed50435e190930f6a 420689 prosody_0.11.2.orig.tar.gz 4a3ad2c11c16cc12d020c41074004c2aa3958ebb 23708 prosody_0.11.2-1+deb10u1.debian.tar.xz e7990294db57794f047cbfffa54332920d4f0fe5 6302 prosody_0.11.2-1+deb10u1_amd64.buildinfo Checksums-Sha256: 63c5173f00743828596725d770df7153ff0033d3211c97baaf70bbd7ecfa2a00 1844 prosody_0.11.2-1+deb10u1.dsc 8911f6dc29b9e0c4edf9e61dc23fa22d77bc42c4caf28b809ab843b2f08e4831 420689 prosody_0.11.2.orig.tar.gz 0df1b32ced0faa37246b1ded9ca0e2977588ae763508ae47780efea6ce4ca58e 23708 prosody_0.11.2-1+deb10u1.debian.tar.xz 25a2b84d8891c54274648022b203b03ba1312b356d5502332df3af9a4a07b827 6302 prosody_0.11.2-1+deb10u1_amd64.buildinfo Files: 60ecd73c88e52761badf0a1f274f5c00 1844 net optional prosody_0.11.2-1+deb10u1.dsc b4529e0cf8e0ee82a2f677e404c3df35 420689 net optional prosody_0.11.2.orig.tar.gz d3c42a4f8b154036850a2ddb9485cda2 23708 net optional prosody_0.11.2-1+deb10u1.debian.tar.xz f055d1f2baac32958083d64ecf68c114 6302 net optional prosody_0.11.2-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCgAvFiEEDmBQEMrYIhRFqKAgIXSmjn2oLMcFAmCiVG8RHHZzZXZhQGRl Ymlhbi5vcmcACgkQIXSmjn2oLMcgxAf/SXpVRCUN+3czmXuLEN2FGehoaafMdsKk Oj8hApRJ6aCcZU7wmol2jkJtjkSeakatmRXhC8uXXtM+u2Djf2oGhAUWgGcFtSeN 0Herk+93UCTTyH7S8vRtpmXW+joUiFWd/i/8c8/lpu02HWroNApXDJ5dWeSlW744 LMCjOLYOYsebk5jsvLbizjfq1eVjYHJkWA4fx1UOy/tZwXcIpZ8zcjA0xxEUqnpX w6CrSc3qKOZFdWI5QBUQ63kjxCM34bNyV6QcOGti8Ic+bcN33z1mn98WrSqFOPJ+ OAnQXFUJqHgUij2b4CxyqX+F6C+Q/HfVDOvrL98Lh+nGyGE5n0GFUQ== =f+6h -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From bert at dismail.de Fri May 21 17:22:46 2021 From: bert at dismail.de (bert) Date: Fri, 21 May 2021 18:22:46 +0200 Subject: [Pkg-xmpp-devel] Bug#988927: dino-im: Add dependency for gstreamer1.0-gtk3 Message-ID: <162161416635.29662.5898055446883345563.reportbug@x200> Package: dino-im Version: 0.2.0+git20210515.686035c-1 Severity: normal X-Debbugs-Cc: bert at dismail.de Dear Maintainer, in order to enable video calls in dino-im (experimental), I noticed that gstreamer1.0-gtk3 seems to be a dependency. Only after installing that package, the video call button is shown in the Dino gui, and I was able to make video calls. Thanks! -- System Information: Debian Release: 11.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing'), (90, 'unstable'), (10, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-6-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_WARN, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dino-im depends on: ii dino-im-common 0.2.0+git20210515.686035c-1 ii libc6 2.31-12 ii libcairo2 1.16.0-5 ii libgcc-s1 10.2.1-6 ii libgcrypt20 1.8.7-3 ii libgdk-pixbuf-2.0-0 2.42.2+dfsg-1 ii libgee-0.8-2 0.20.3-1 ii libglib2.0-0 2.66.8-1 ii libgnutls30 3.7.1-3 ii libgpg-error0 1.38-2 ii libgpgme11 1.14.0-1+b2 ii libgspell-1-2 1.8.4-1 ii libgstreamer-plugins-base1.0-0 1.18.4-2 ii libgstreamer1.0-0 1.18.4-2 ii libgtk-3-0 3.24.24-4 ii libicu67 67.1-6 ii libnice10 0.1.16-1 ii libpango-1.0-0 1.46.2-3 ii libqrencode4 4.1.1-1 ii libsignal-protocol-c2.3.2 2.3.3-1 ii libsoup2.4-1 2.72.0-2 ii libsqlite3-0 3.34.1-3 ii libsrtp2-1 2.3.0-5 ii libstdc++6 10.2.1-6 ii libwebrtc-audio-processing1 0.3-1+b1 Versions of packages dino-im recommends: ii ca-certificates 20210119 ii dbus 1.12.20-2 ii fonts-noto-color-emoji 0~20200916-1 ii network-manager 1.30.0-2 dino-im suggests no packages. -- no debconf information From ftpmaster at ftp-master.debian.org Fri May 21 20:18:37 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Fri, 21 May 2021 19:18:37 +0000 Subject: [Pkg-xmpp-devel] prosody_0.11.2-1+deb10u2_source.changes ACCEPTED into proposed-updates->stable-new Message-ID: Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 19 May 2021 09:46:54 +0200 Source: prosody Architecture: source Version: 0.11.2-1+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian XMPP Maintainers Changed-By: Victor Seva Closes: 988756 Changes: prosody (0.11.2-1+deb10u2) buster-security; urgency=high . * fix websocket error due to missing backport for CVE-2021-32918 (Closes: #988756) Checksums-Sha1: 35be2c5994ce16389083d9366fb3e73a633a6b33 1844 prosody_0.11.2-1+deb10u2.dsc 01a4085006a00d80cc8bb8ec912d87528212455f 24828 prosody_0.11.2-1+deb10u2.debian.tar.xz 15c42aba8265d78adc03cfc27d201a9ce417b076 6302 prosody_0.11.2-1+deb10u2_amd64.buildinfo Checksums-Sha256: 68f90532fcfc4992005370a50661daed10eda8b592e3e4aa51adc8b3a3a5dd89 1844 prosody_0.11.2-1+deb10u2.dsc 7f4283e70e7bf153f1e7ba4c319ef1b73d218e48329dd246248ef445b527b1bb 24828 prosody_0.11.2-1+deb10u2.debian.tar.xz 1db0bc597063dbd8d5014baaf57b7e340ee77b5683c6462b56dabd583a4b01b0 6302 prosody_0.11.2-1+deb10u2_amd64.buildinfo Files: 0cd614011a7ba7b966c70246d7f3d955 1844 net optional prosody_0.11.2-1+deb10u2.dsc e03cb262be66c147911d21b63cd3eba9 24828 net optional prosody_0.11.2-1+deb10u2.debian.tar.xz f8cfeccf69c759e9d7b0c3072b7a0821 6302 net optional prosody_0.11.2-1+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCgAvFiEE3S3PbKiJPTunbGuNsViYiXJxmOAFAmCmvn0RHHZzZXZhQGRl Ymlhbi5vcmcACgkQsViYiXJxmOBalQgAipf6KNfOxjVWgKvY3sjCC5NxZukgrnB+ mEVWh85E58s6UC8r4XfLX6CICzV38bcXAQS8MjJRk16Hy4CtjwJ1lGPej3LOUr56 FNe/YmibQdnsQDhNj9SNqQZPbzIFb6cLZph73CFesvtWVTjkW8Eilsq+pduYnf4f aKdqJ7X3T7f3wG9G+MZJ7F5eP1S6vKTvRDDcnhlt4L01knq1/rDz+ln/DEmIIWFR 5Pz7NFmdaSmTI/HDbzrtvjsclIDUNgZRL6RI/Hd2SmB1T92AB0pSMJFvV/DlpSNe OLwaBH5Lke4GEGw6Nsf+Ugs4uEhu7HzbOQyIn1HYHUMVWbOg9SjWEA== =2NG6 -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Fri May 21 20:27:57 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Fri, 21 May 2021 19:27:57 +0000 Subject: [Pkg-xmpp-devel] Processing of prosody_0.11.9-1~bpo10+1_source.changes Message-ID: prosody_0.11.9-1~bpo10+1_source.changes uploaded successfully to localhost along with the files: prosody_0.11.9-1~bpo10+1.dsc prosody_0.11.9-1~bpo10+1.debian.tar.xz prosody_0.11.9-1~bpo10+1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Fri May 21 20:34:40 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Fri, 21 May 2021 19:34:40 +0000 Subject: [Pkg-xmpp-devel] prosody_0.11.9-1~bpo10+1_source.changes ACCEPTED into buster-backports->backports-policy Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 May 2021 10:15:43 +0200 Source: prosody Architecture: source Version: 0.11.9-1~bpo10+1 Distribution: buster-backports Urgency: medium Maintainer: Debian XMPP Maintainers Changed-By: Victor Seva Changes: prosody (0.11.9-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. Checksums-Sha1: 075cad7508d51a91ec51863df3c31830c2386156 2226 prosody_0.11.9-1~bpo10+1.dsc 1055621d15c3c7fa3baeec681c6587721095670e 28328 prosody_0.11.9-1~bpo10+1.debian.tar.xz ad6ce64729e456b89d51d39292f629da90383411 6615 prosody_0.11.9-1~bpo10+1_amd64.buildinfo Checksums-Sha256: 80742a85e1914e4aab16952addd9f604c9796825ce832bdf33f92870bbac2c97 2226 prosody_0.11.9-1~bpo10+1.dsc cdf0a3e25b5c30a8c69a58a272668967013241dfb609db17879a06f2bf07b834 28328 prosody_0.11.9-1~bpo10+1.debian.tar.xz 0163d425ec057fad2b899d47c7c671787ae072c494596893cc400a4e320bea16 6615 prosody_0.11.9-1~bpo10+1_amd64.buildinfo Files: 7dbda3a6faf1088903e7583729bcdc0a 2226 net optional prosody_0.11.9-1~bpo10+1.dsc ffbdebab67517714778d2ae94b39e840 28328 net optional prosody_0.11.9-1~bpo10+1.debian.tar.xz 5b84f85ee3315ab4df9e949121e1a211 6615 net optional prosody_0.11.9-1~bpo10+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEftHeo0XZoKEY1KdA4+Chwoa5Y+oFAmCoB1YACgkQ4+Chwoa5 Y+p04g//SozNRWrZlQ+X7tDh17F1muAkETUvep+5D2E80Mbk9hp6vH/IfQv3/nGe BpsDD6TZSdqTypnkulUtm8oreCi1AKQ2WiikAFZ8zdSc3KZRTidscDd/T9DknvQH V0PyzV2AFCUfM/ddsecxPa63JqcF1HSmW01nI6dBHe9s4obYBxdtZ0QBIJK8dZO5 vgVCsCnOWvlW8zNKqD7Qn8INlSHhcDBzmLBVNkAAHwhtG7VgrUsd1uqD3Jldz1oH cw+T/ExAckCFyXmLrXDbr8wsiVz+HqYgCUexHUOzGbyTV8RC2K4jPHQFhnwD9W8t jrSHImUqG1T6WrchU+JAX41FwO5t/Roy3a4gI2HsKcOq3OA8kL6mt7ZQ3ZRKIGAo sestV4iqBoEYQHu4Nm/Y7KvqHfG2ZU9zcW78lfJ19qUwYu7nhU+TVbK/P2q9h44O jwfzMgkf1ScYYaT8DKoS1pkOWyczp9lPNcnLb/NmyAwUeXEHNLc1RNMM2U4cU91i Scy531XY6YBpPZJrVNuyp9fzDgJkQtNVS0d1E8TIx4ddxl+rvbhMhIIMuReMBK3h C0kpjwCJYd9wpUlzn4u1DU9LClBEJJlXW1LMbEd+5yHBBJ+uTqcY/L9suXEXPoAi s4GxjAcMGHA/z02DC3Y/R/X8aKwX+5bbhPeXt2ShQk0pM88a1Bw= =KopA -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Mon May 24 18:02:52 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 24 May 2021 17:02:52 +0000 Subject: [Pkg-xmpp-devel] prosody_0.11.9-1~bpo10+1_source.changes ACCEPTED into buster-backports->backports-policy, buster-backports Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 May 2021 10:15:43 +0200 Source: prosody Architecture: source Version: 0.11.9-1~bpo10+1 Distribution: buster-backports Urgency: medium Maintainer: Debian XMPP Maintainers Changed-By: Victor Seva Changes: prosody (0.11.9-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. Checksums-Sha1: 075cad7508d51a91ec51863df3c31830c2386156 2226 prosody_0.11.9-1~bpo10+1.dsc 1055621d15c3c7fa3baeec681c6587721095670e 28328 prosody_0.11.9-1~bpo10+1.debian.tar.xz ad6ce64729e456b89d51d39292f629da90383411 6615 prosody_0.11.9-1~bpo10+1_amd64.buildinfo Checksums-Sha256: 80742a85e1914e4aab16952addd9f604c9796825ce832bdf33f92870bbac2c97 2226 prosody_0.11.9-1~bpo10+1.dsc cdf0a3e25b5c30a8c69a58a272668967013241dfb609db17879a06f2bf07b834 28328 prosody_0.11.9-1~bpo10+1.debian.tar.xz 0163d425ec057fad2b899d47c7c671787ae072c494596893cc400a4e320bea16 6615 prosody_0.11.9-1~bpo10+1_amd64.buildinfo Files: 7dbda3a6faf1088903e7583729bcdc0a 2226 net optional prosody_0.11.9-1~bpo10+1.dsc ffbdebab67517714778d2ae94b39e840 28328 net optional prosody_0.11.9-1~bpo10+1.debian.tar.xz 5b84f85ee3315ab4df9e949121e1a211 6615 net optional prosody_0.11.9-1~bpo10+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEftHeo0XZoKEY1KdA4+Chwoa5Y+oFAmCoB1YACgkQ4+Chwoa5 Y+p04g//SozNRWrZlQ+X7tDh17F1muAkETUvep+5D2E80Mbk9hp6vH/IfQv3/nGe BpsDD6TZSdqTypnkulUtm8oreCi1AKQ2WiikAFZ8zdSc3KZRTidscDd/T9DknvQH V0PyzV2AFCUfM/ddsecxPa63JqcF1HSmW01nI6dBHe9s4obYBxdtZ0QBIJK8dZO5 vgVCsCnOWvlW8zNKqD7Qn8INlSHhcDBzmLBVNkAAHwhtG7VgrUsd1uqD3Jldz1oH cw+T/ExAckCFyXmLrXDbr8wsiVz+HqYgCUexHUOzGbyTV8RC2K4jPHQFhnwD9W8t jrSHImUqG1T6WrchU+JAX41FwO5t/Roy3a4gI2HsKcOq3OA8kL6mt7ZQ3ZRKIGAo sestV4iqBoEYQHu4Nm/Y7KvqHfG2ZU9zcW78lfJ19qUwYu7nhU+TVbK/P2q9h44O jwfzMgkf1ScYYaT8DKoS1pkOWyczp9lPNcnLb/NmyAwUeXEHNLc1RNMM2U4cU91i Scy531XY6YBpPZJrVNuyp9fzDgJkQtNVS0d1E8TIx4ddxl+rvbhMhIIMuReMBK3h C0kpjwCJYd9wpUlzn4u1DU9LClBEJJlXW1LMbEd+5yHBBJ+uTqcY/L9suXEXPoAi s4GxjAcMGHA/z02DC3Y/R/X8aKwX+5bbhPeXt2ShQk0pM88a1Bw= =KopA -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Wed May 26 20:17:09 2021 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Wed, 26 May 2021 19:17:09 +0000 Subject: [Pkg-xmpp-devel] prosody_0.11.2-1+deb10u2_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 19 May 2021 09:46:54 +0200 Source: prosody Architecture: source Version: 0.11.2-1+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian XMPP Maintainers Changed-By: Victor Seva Closes: 988756 Changes: prosody (0.11.2-1+deb10u2) buster-security; urgency=high . * fix websocket error due to missing backport for CVE-2021-32918 (Closes: #988756) Checksums-Sha1: 35be2c5994ce16389083d9366fb3e73a633a6b33 1844 prosody_0.11.2-1+deb10u2.dsc 01a4085006a00d80cc8bb8ec912d87528212455f 24828 prosody_0.11.2-1+deb10u2.debian.tar.xz 15c42aba8265d78adc03cfc27d201a9ce417b076 6302 prosody_0.11.2-1+deb10u2_amd64.buildinfo Checksums-Sha256: 68f90532fcfc4992005370a50661daed10eda8b592e3e4aa51adc8b3a3a5dd89 1844 prosody_0.11.2-1+deb10u2.dsc 7f4283e70e7bf153f1e7ba4c319ef1b73d218e48329dd246248ef445b527b1bb 24828 prosody_0.11.2-1+deb10u2.debian.tar.xz 1db0bc597063dbd8d5014baaf57b7e340ee77b5683c6462b56dabd583a4b01b0 6302 prosody_0.11.2-1+deb10u2_amd64.buildinfo Files: 0cd614011a7ba7b966c70246d7f3d955 1844 net optional prosody_0.11.2-1+deb10u2.dsc e03cb262be66c147911d21b63cd3eba9 24828 net optional prosody_0.11.2-1+deb10u2.debian.tar.xz f8cfeccf69c759e9d7b0c3072b7a0821 6302 net optional prosody_0.11.2-1+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCgAvFiEE3S3PbKiJPTunbGuNsViYiXJxmOAFAmCmvn0RHHZzZXZhQGRl Ymlhbi5vcmcACgkQsViYiXJxmOBalQgAipf6KNfOxjVWgKvY3sjCC5NxZukgrnB+ mEVWh85E58s6UC8r4XfLX6CICzV38bcXAQS8MjJRk16Hy4CtjwJ1lGPej3LOUr56 FNe/YmibQdnsQDhNj9SNqQZPbzIFb6cLZph73CFesvtWVTjkW8Eilsq+pduYnf4f aKdqJ7X3T7f3wG9G+MZJ7F5eP1S6vKTvRDDcnhlt4L01knq1/rDz+ln/DEmIIWFR 5Pz7NFmdaSmTI/HDbzrtvjsclIDUNgZRL6RI/Hd2SmB1T92AB0pSMJFvV/DlpSNe OLwaBH5Lke4GEGw6Nsf+Ugs4uEhu7HzbOQyIn1HYHUMVWbOg9SjWEA== =2NG6 -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From owner at bugs.debian.org Wed May 26 20:21:07 2021 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Wed, 26 May 2021 19:21:07 +0000 Subject: [Pkg-xmpp-devel] Bug#988756: marked as done (Prosody security update breaks websocket) References: <09e352d03962058fe5e6dc5ddd08b8d5@fahrner.name> Message-ID: Your message dated Wed, 26 May 2021 19:17:09 +0000 with message-id and subject line Bug#988756: fixed in prosody 0.11.2-1+deb10u2 has caused the Debian Bug report #988756, regarding Prosody security update breaks websocket to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 988756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988756 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: "J. Fahrner" Subject: Prosody security update breaks websocket Date: Wed, 19 May 2021 06:44:35 +0200 Size: 9053 URL: -------------- next part -------------- An embedded message was scrubbed... From: Debian FTP Masters Subject: Bug#988756: fixed in prosody 0.11.2-1+deb10u2 Date: Wed, 26 May 2021 19:17:09 +0000 Size: 4945 URL: From tg at mirbsd.de Mon May 31 02:13:13 2021 From: tg at mirbsd.de (Thorsten Glaser) Date: Mon, 31 May 2021 01:13:13 +0000 Subject: [Pkg-xmpp-devel] Bug#989283: prosody: upgrade overwrites changed files in /etc without asking Message-ID: <162242359350.10785.3892798643186542727.reportbug@caas.mirbsd.org> Package: prosody Version: 0.11.2-1+deb10u2 Severity: serious Justification: Policy 10.7.3 The recent security upgrade (0.11.2-1 ? 0.11.2-1+deb10u2) overwrote the configuration files prosody/certs/localhost.{crt,key} without asking, notifying, or anything. This is a Policy violation: 10.7.3. Behavior[40]? Configuration file handling must conform to the following behavior: * local changes must be preserved during a package upgrade, and Please make sure to fix this! -- System Information: Debian Release: 10.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-16-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages prosody depends on: ii adduser 3.118 ii libc6 2.28-10 ii libidn11 1.33-2.2 ii libssl1.1 1.1.1d-0+deb10u6 ii lsb-base 10.2019051400 ii lua-bitop [lua5.2-bitop] 1.0.2-5 ii lua-expat [lua5.2-expat] 1.3.0-4 ii lua-filesystem [lua5.2-filesystem] 1.6.3-1 ii lua-sec [lua5.2-sec] 0.7-1 ii lua-socket [lua5.2-socket] 3.0~rc1+git+ac3201d-4 ii lua5.2 5.2.4-1.1+b2 ii ssl-cert 1.0.39 Versions of packages prosody recommends: pn lua5.2-event Versions of packages prosody suggests: pn lua-dbi-mysql pn lua-dbi-postgresql pn lua-dbi-sqlite3 pn lua-zlib -- Configuration Files: /etc/init.d/prosody changed [not included] /etc/prosody/conf.avail/example.com.cfg.lua [Errno 13] Permission denied: '/etc/prosody/conf.avail/example.com.cfg.lua' /etc/prosody/conf.avail/localhost.cfg.lua [Errno 13] Permission denied: '/etc/prosody/conf.avail/localhost.cfg.lua' /etc/prosody/prosody.cfg.lua [Errno 13] Permission denied: '/etc/prosody/prosody.cfg.lua' -- no debconf information From debacle at debian.org Mon May 31 19:03:08 2021 From: debacle at debian.org (Martin) Date: Mon, 31 May 2021 18:03:08 +0000 Subject: [Pkg-xmpp-devel] Upcoming release of Debian 11: XMPP-related blog post? Message-ID: <87o8cqixwj.fsf@fama.lan> [cc VoIP team because of biboumi, cc Ejabberd team because of ejabberd] Dears, the Debian XMPP has a blog, but it is not used heavily [1, 2]. That's fine - no need to blog, if there is nothing to blog about. However, Debian 11 will be released soon and many things happened since Debian 10 in Jabberland. I would love to see a blog post with or after release of Debian 11, giving a r?sum? of new and updated packages in Debian 11. Just concentrating on end-user software, both clients and servers, there are at least: - biboumi 8.3 -> 9.0 - dino-im 0.0.git20181129 -> 0.2.0 - ejabberd 18.12.1 -> 21.01 - gajim 1.1.2 -> 1.3.1 - new gajim plugins gajim-lengthnotifier, gajim-openpgp, and gajim-syntaxhighlight - new chat client kaidan - mcabber 1.1.0 -> 1.1.2 - poezio 0.12.1 -> 0.13.1 - profanity 0.6.0 -> 0.10.0 - prosody 0.11.2 -> 0.11.9 - prosody-modules 0.0~hg20190203 -> 0.0~hg20210130 with many new modules added - psi 1.3 -> 1.5 - salutatoi 0.7.0a4 -> 0.8.0~hg3453 - new XMPP-SMS-gateway sms4you Did I miss someting? Shall we add at least one sentence about every package? Somehow I think, that upstreams deserve that respect :-) The blog is aggregated both in Planet Debian and Planet Jabber. I.e. it will reach the attention of interested people. TIA for any comments & Cheers [1] Blog: https://xmpp-team.pages.debian.net/blog/ [2] Sources: https://salsa.debian.org/xmpp-team/blog/