Your message dated Thu, 08 Dec 2022 02:38:28 +0000 with message-id <E1p36ns-0045di-CO@fasolo.debian.org> and subject line Bug#1023804: fixed in git-remote-hg 1.0.4~ds-1 has caused the Debian Bug report #1023804, regarding git-remote-hg: autopkgtest needs update for new version of git: transport 'file' not allowed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1023804: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023804 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: git-remote-hg: autopkgtest needs update for new version of git: transport 'file' not allowed
- From: Paul Gevers <elbrus@debian.org>
- Date: Thu, 10 Nov 2022 12:37:20 +0100
- Message-id: <cbdb7e6c-1f13-5610-5b15-e743c0cf73f6@debian.org>
Source: git-remote-hg Version: 1.0.3.2~ds-2 Severity: serious X-Debbugs-CC: git@packages.debian.org Tags: sid bookworm User: debian-ci@lists.debian.org Usertags: needs-update Control: affects -1 src:git Dear maintainer(s),With a recent upload of git the autopkgtest of git-remote-hg fails in testing when that autopkgtest is run with the binary packages of git from unstable. It passes when run with only packages from testing. In tabular form:pass fail git from testing 1:2.38.1-1 git-remote-hg from testing 1.0.3.2~ds-2 all others from testing from testing I copied some of the output at the bottom of this report. This is due to """ * Addresses the security issue CVE-2022-39253: cloning an attacker-controlled local repository could store arbitrary files in the ".git" directory of the destination repository. """ This has a nice write up: https://vielmetti.typepad.com/logbook/2022/10/git-security-fixes-lead-to-fatal-transport-file-not-allowed-error-in-ci-systems-cve-2022-39253.htmlCurrently this regression is blocking the migration of git to testing [1]. Of course, git shouldn't just break your autopkgtest (or even worse, your package), but it seems to me that the change in git was intended and your package needs to update to the new situation.If this is a real problem in your package (and not only in your autopkgtest), the right binary package(s) from git should really add a versioned Breaks on the unfixed version of (one of your) package(s). Note: the Breaks is nice even if the issue is only in the autopkgtest as it helps the migration software to figure out the right versions to combine in the tests.More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=git https://ci.debian.net/data/autopkgtest/testing/amd64/g/git-remote-hg/28079228/log.gzInitialized empty Git repository in /tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/sub/.git/[master (root-commit) be983cd] init Author: A U Thor <author@example.com> 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 emptyInitialized empty Git repository in /tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/gitrepo/.git/ Cloning into '/tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/gitrepo/sub'...fatal: transport 'file' not allowedfatal: clone of '/tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/sub' into submodule path '/tmp/autopkgtest-lxc.4ir0bv3l/downtmp/build.jzc/src/test/trash directory.main-push/tmp/gitrepo/sub' failednot ok 52 - push with submoduleAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: 1023804-close@bugs.debian.org
- Subject: Bug#1023804: fixed in git-remote-hg 1.0.4~ds-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 08 Dec 2022 02:38:28 +0000
- Message-id: <E1p36ns-0045di-CO@fasolo.debian.org>
- Reply-to: Paul Wise <pabs@debian.org>
Source: git-remote-hg Source-Version: 1.0.4~ds-1 Done: Paul Wise <pabs@debian.org> We believe that the bug you reported is fixed in the latest version of git-remote-hg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1023804@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Wise <pabs@debian.org> (supplier of updated git-remote-hg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 08 Dec 2022 10:00:03 +0800 Source: git-remote-hg Architecture: source Version: 1.0.4~ds-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Paul Wise <pabs@debian.org> Closes: 1023804 Changes: git-remote-hg (1.0.4~ds-1) unstable; urgency=medium . * QA upload. * New upstream release. - Drop patches merged upstream - Fixes test failure with git security update (Closes: #1023804) * Update standards version to 4.6.1, no changes needed. Checksums-Sha1: 2af2e9de1b4ef6a785fcff86011eb017f110be87 2099 git-remote-hg_1.0.4~ds-1.dsc b2493b665ba8831b2c3206213e179a0996c61ec2 51200 git-remote-hg_1.0.4~ds.orig.tar.xz c13dc3b40d3bd26bb97a51754236acfe5b86defc 5832 git-remote-hg_1.0.4~ds-1.debian.tar.xz Checksums-Sha256: f01b60435e0b056525689a9e323db766ebb675cbdf72ba22264935bdf6d3fc97 2099 git-remote-hg_1.0.4~ds-1.dsc bd9b0941738a1fbb52c79d33acb64fd21007618c5897b8a46fb544b43b945be8 51200 git-remote-hg_1.0.4~ds.orig.tar.xz 0f073b71b012814912c88e956beb5cde05a9a89d26ae4487d54648fc3750a018 5832 git-remote-hg_1.0.4~ds-1.debian.tar.xz Files: e2984c01f04ea53eeb3d222a885d88a7 2099 vcs optional git-remote-hg_1.0.4~ds-1.dsc 4ca99192234044a51150433e428f4b6a 51200 vcs optional git-remote-hg_1.0.4~ds.orig.tar.xz fed78c86ab45d7080ec516b9c38f073e 5832 vcs optional git-remote-hg_1.0.4~ds-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmORSUUACgkQMRa6Xp/6 aaNXvhAAqmDgEO5tZvNNOqYhTGU23b9iGpiktioGlBkpMxCRU72NWSU8MMJwSGGW BadFlbdcaMgCFkN+9GKg58NUV0m7GQ8+KRz7+q0ktVwJN4fg5SjH9Mo9ayiN/Trm VYWAKqrKSbhZLdw0JqF5+qLkiE3mMpUwo1uURzgbX/QZKiiL5iWA+rhFIT/yvts4 emRiXlx7/9uIRql18luvYXxchT4zKk96m/kla6U+TFUwCHb3nfGQJrcbkNSLC+JL a8Hr1yr/HNcpEsM1EDp8Y1beAt/v9hPLTg/QACwlzb6wigKKZxUxZxBZ3mFNSdWS Km8lMdnsSy3ftOZRxeydvgaDxUBhkE2KbrokzvfoHlzJV/ZnO6xSwT/14mFXMgez JeE1BRh3A8TQTYV9o6Uryxtkc3aKUS8U/ShVfX9VAN0BILlKBzoxYGjkb70mMKnm LUsfQJG4BYZyZJmxoaS4akuwW7HJv3OREW4aYknIaozjDdeuqQzNW93v0oOGGvie c3/qQnouL/T+dUgkm3sT31mRWcj2D2q/MDjLxgKqAhuTBOspBWh1MrcX+DCbOcJb Hjk4N4Ub+G5x8NdBh9uz4lN9qd/yd/3cs6l6TyOhzyOPQ9yIzrRdpU5ypXBHRaRW ACohUcskZx1aQc8cje9HeMOA8q+UeyH+MeL4xHhzP+6ab6x1MPU= =vqqC -----END PGP SIGNATURE-----
--- End Message ---