Bug#854434: sometimes shows duplicate messages on 32-bit architectures

[Michael Stapelberg]

Package: irssi-plugin-robustirc
Version: 0.6-2+b1
Severity: normal
Tags: upstream

When network connection is lost, resuming the stream of messages starts
at the wrong message id, due to the last seen message id being truncated
from 64-bit to 32-bit.

This has been fixed upstream with the following commit:
https://github.com/robustirc/irssi-robustirc/commit/a4244f9a72f583cdb7e6b85db60d861d1ccf5999

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, mipsel

Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages irssi-plugin-robustirc depends on:
ii  irssi 1.0.0-1
ii  libc6 2.24-8
ii  libcurl3  7.52.1-1.1
ii  libglib2.0-0  2.50.2-2
ii  libyajl2  2.1.0-2

irssi-plugin-robustirc recommends no packages.

irssi-plugin-robustirc suggests no packages.

-- no debconf information

Bug#799480: XEN domU crash when PV grub chainloads 32-bit domU grub

[Sergio Gelato]

control: forwarded -1 https://savannah.gnu.org/bugs/?46014

I think I've found a solution. If I change Xen ELF note 9 (PAE_MODEL) from the
current "yes" to "no", the resulting image boots successfully all the way into
Linux (i686-pae).

The attached patch should take care of this problem, and also of #50237 as a
side effect.

Disclaimer 1: I haven't compiled it yet; for my testing I found it faster to
patch the binary image with a hex editor.

Disclaimer 2: my testing has only limited coverage, and I'm not 100% confident
that pvboot-i386.elf will not need PAE_MODEL=yes under any circumstances.
Maybe one will need to add PAE support to grub-core/kern/i386/xen/startup.S
after all.
>From 9eb25f6f2e67037d800f492436d247ff350b244f Mon Sep 17 00:00:00 2001
From: Sergio Gelato 
Date: Tue, 7 Feb 2017 08:08:38 +0100
Subject: [PATCH] Xen i386 PV guest bootloader does NOT support PAE

I've found empirically that this change solves, or at least works around,
bug #46014 (failure to chainload (/boot)/xen/pvboot-i386.elf). In my testing
pvboot-i386.elf is still able to load a PAE Linux kernel even with this
change. I'm not sufficiently well versed into the architecture to judge
whether this should work in all cases; maybe the correct fix is to make
pvboot-i386.elf PAE-bootable.

This is also one of the three possible fixes for #50237.
---
 util/grub-mkimagexx.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
index f8faae8..9b5206c 100644
--- a/util/grub-mkimagexx.c
+++ b/util/grub-mkimagexx.c
@@ -368,13 +368,13 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc
 	{
 	  note_ptr = (Elf_Nhdr *) ptr;
 	  note_ptr->n_namesz = grub_host_to_target32 (sizeof (GRUB_XEN_NOTE_NAME));
-	  note_ptr->n_descsz = grub_host_to_target32 (sizeof ("yes,bimodal"));
+	  note_ptr->n_descsz = grub_host_to_target32 (sizeof ("no"));
 	  note_ptr->n_type = grub_host_to_target32 (9);
 	  ptr += sizeof (Elf_Nhdr);
 	  memcpy (ptr, GRUB_XEN_NOTE_NAME, sizeof (GRUB_XEN_NOTE_NAME));
 	  ptr += ALIGN_UP (sizeof (GRUB_XEN_NOTE_NAME), 4);
-	  memcpy (ptr, "yes", sizeof ("yes"));
-	  ptr += ALIGN_UP (sizeof ("yes"), 4);
+	  memcpy (ptr, "no", sizeof ("no"));
+	  ptr += ALIGN_UP (sizeof ("no"), 4);
 	}
 
   assert (XEN_NOTE_SIZE == (ptr - note_start));
-- 
2.1.4

Bug#854005: [pkg-gnupg-maint] Bug#854005: Bug#854005: ssh-agent no longer works

[Werner Koch]

On Mon,  6 Feb 2017 07:04, gni...@fsij.org said:
> simultaneously/interchangeably on a system.  scdaemon is not a system-
> wide service for all smartcards, but it's specific to OpenPGP card and
> it's per user service for gpg-agent.

FWIW: Scdaemon supports several smartcards and certain other cards than
the OpenPGP card are in active use (in particular for S/MIME).  However,
scdaemon does not make use of any "middleware" commonly seen with these
cards.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpHHWK6z_3Ce.pgp
Description: PGP signature

Bug#854435: ITP: node-write-file-atomic -- Write files in an atomic fashion w/configurable ownership

[Aarti Kashyap]

Package: wnpp
Severity: wishlist
Owner: Aarti Kashyap 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-write-file-atomic
  Version : 1.3.1
  Upstream Author : Rebecca Turner  (http://re-becca.org)
* URL : https://github.com/iarna/write-file-atomic
* License : ISC
  Programming Lang: JavaScript
  Description : Write files in an atomic fashion w/configurable
ownership.This is an extension for node's fs.writeFile that makes its
operation atomic and allows you set ownership
This is dependency for ava ,a futuristic test runner

Bug#854436: openldap: please don't use tcp-wrappers with slapd

[Arturo Borrero Gonzalez]

Source: openldap
Severity: important

Dear openldap maintainers and contributors, thanks for your work with this
package.

Please, don't use tcp-wrappers with slapd.

It has been already known for a while that this technology is obsolete [0],
and may cause a false sense of security which is even worse.

In some environments, this may cause other issues, for example:

slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files


[0] https://lists.ubuntu.com/archives/ubuntu-users/2014-June/276215.html

Bug#820818: partman is not able to resize nvme0n1p3 in d-i

[Cyril Brulebois]

Philip Hands  (2017-02-07):
> I just tried it with this image:
> 
>   
> http://cdimage.debian.org/cdimage/stretch_di_rc2/amd64/iso-cd/debian-stretch-DI-rc2-amd64-netinst.iso
> 
> adding this to the kernel command line (hit TAB at the boot menu):
> 
>   url=hands.com/d-i/bug/820818/preseed.cfg
> 
> and it drops the replacement resize.sh (now using Cyril's version) in
> place.
> 
> BTW If you want to suggest somewhere to exit the script to avoid
> touching your disks, I can add that to save you the effort.
> 
> Cheers, Phil.
> 
> P.S. This kludge is totally over-engineered, as the file is ready to
> be replaced by the time the early command is run, so in this case the
> checks and background loop are superfluous.
> 
> P.P.S. I think this is much less effort than building a new image,
> since a newly built netinst would download the old partman-partition
> udeb from the archive unless you start making more invasive changes.
> You can check that it's done the right thing by the time you get to
> the root password prompts, flipping to a console and running:
> 
>   head -40 /lib/partman/lib/resize.sh

Eh? The whole point of building and providing an image is that it contains
all the bits you want to test; that's why I was suggesting this in the
first place…


KiBi.


signature.asc
Description: Digital signature

Bug#777288: bcron: please make the build reproducible

[Gerrit Pape]

On Sun, Feb 05, 2017 at 10:00:51AM +1300, Chris Lamb wrote:
> > Would you consider applying this patch and uploading?
> 
> Friendly ping on this :)

Hi, unfortunately I'm quite busy and currently not very active within
Debian.  NMU welcome!

Best Regards, Gerrit.

Bug#854437: ITP: python-osmnx -- street network library

[Canberk Koç]

Package: wnpp
Owner: =Canberk Koç 
Severity: wishlist

* Package name: python-osmnx
  Version : 0.3
  Upstream Author : Geoff Boeing 
* URL : https://github.com/gboeing/osmnx
* License : MIT
  Programming Lang: Python
  Description : street network library
 OSMnx is a Python package for downloading administrative boundary
 shapes and street networks from OpenStreetMap. It allows you to
 easily construct, project, visualize, and analyze complex street
 networks in Python with NetworkX. You can get a city’s or
 neighborhood’s walking, driving, or biking network with a single
 line of Python code.

Bug#854438: dpkg: please allow Architecture:all packages to satisfy :native build dependencies

[Johannes Schauer]

Source: dpkg
Severity: wishlist

Hi,

I want to make the case that it makes sense to let Architecture:all
packages satisfy :native build dependencies. We talked about this on IRC
but having a bug lets us not forget about all the arguments for either
side. Here are some reasons:

1. It is pointed out in multiple sources that Architecture:all packages
   are treated as of the native architecture. With the current
   behaviour, this is a lie. Instead one would always have to say:
   "Architecture:all packages are treated as of the native architecture
   expect that...". By removing this special casing we end up with less
   exceptions and thus less surprises which I'd argue is a good thing.

2. The MultiarchCross spec [1] never forbids that Architecture:all
   packages are able to satisfy :native build dependencies. In fact it
   says:

  ":native" is appended to a build-dep to signify that it should be
  installed for the build (i.e 'native') architecture rather than
  the host architecture.

   The ambiguity here is whether when it talks about "build" and "host"
   architectures above, it means explicit architectures or also the
   implicit architecture that Architecture:all packages provide. From
   the MultiarchSpec [2] we read:

  Architecture: all packages will, at least initially, be treated as
  equivalent to packages of the native architecture for all
  dependency resolution

   What I want to show here is not that the multiarch spec mandates that
   Architecture:all packages should satisfy :native build dependencies
   (I can see the ambiguity in the texts above) but that making
   Architecture:all packages satisfy :native dependencies does not
   violate the spec.

3. Without allowing :native on Architecture:all packages, the affected
   packages have to be converted to Architecture:any/Multi-Arch:same if
   they cannot be marked as Multi-Arch:foreign.

4. dose3 and apt already allow Architecture:all packages to satisfy
   :native build dependencies. To verify the claim, clone this git
   repository:

  https://gitlab.mister-muffin.de/josch/deb-m-a-dep-check.git

   and test the appropriate dependency situation like this:

  $ ./check.sh source none any all none no depends pkgb:native
  #A  AA   A   AA  A   A
  #|  ||   |   ||  |   |
  #|  ||   |   ||  |   +-- dependency on 
pkgb:native
  #|  ||   |   ||  +-- dependency not conflict 
relationship
  #|  ||   |   |+-- multiarch value of pkgb
  #|  ||   |   +-- multiarch value of pkga (none 
because it's a source package)
  #|  ||   +-- architecture of pkgb
  #|  |+-- architecture of pkga
  #|  +-- what pkgb provides (none because it provides 
nothing)
  #+-- type of pkga (source because it's a source package with 
build-depends)

   the output will be:

  source none any all none no depends pkgb:native 0 0 1

   the last three numbers indicate that dose3 finds it satisfiable, apt
   finds it satisfiable and dpkg finds it unsatisfiable (in that order).
   Thus, if we decide that Architecture:all packages should satisfy
   :native build dependencies, then only dpkg would have to change.


I'm looking forward to any arguments against this change. Guillem
pointed out that the arguments against :native being satisfied by
M-A:foreign [3] would apply here. But I do not see how this would be a
non-sensical relationship because for a package being Architecture:all
says nothing about whether their interface is architecture independent
or not. The field only says that the package has the same content across
all architectures and that the implicit architecture of the package
depends on the native architecture it is installed on.

Thanks!

cheers, josch


[1] https://wiki.ubuntu.com/MultiarchCross
[2] 
https://wiki.ubuntu.com/MultiarchSpec#Dependencies_involving_Architecture:_all_packages
[3] 
https://wiki.debian.org/Multiarch/MissingRationale#Why_do_M-A:foreign_packages_not_satisfy_:native_qualified_dependencies_in_build-dependencies.3F

Bug#854120: qt4-dev-tools: Please move the "assistant" binary to an other package

[Laurent Bigonville]

Le 06/02/17 à 16:10, Lisandro Damián Nicanor Pérez Meyer a écrit :

On sábado, 4 de febrero de 2017 11:51:56 ART Laurent Bigonville wrote:

Package: qt4-dev-tools
Version: 4:4.8.7+dfsg-11
Severity: wishlist

Hi,

Is there a reason the "assistant" executable is installed in the
qt4-dev-tools package and not in an other one?

Because it's a developer's only tool.


For what I can see this is used to display help/documentation viewer,
this is barely a development task.

It displays just the Qt documentation, thus purely a developer tool.


Well it's also seems to be used for _user_ documentation:

"You can use Qt Assistant as the help viewer in your applications. You 
can display your own documentation and customize Qt Assistant to look 
and feel like part of your application. You can change the window title 
or icon, as well as menu texts and actions. For more information, see 
Customizing Qt Assistant."


https://doc.qt.io/qt-5/qtassistant-index.html

I myself maintain one application that uses "assistant" to display its 
documentation, looking in the archive, I see several others (qterm, 
qtikz,...) that are shipping .qhc/.qch files too.


For me it's far from evident that it's a developers tool only.

Could you please reconsider your position? It seems to me that providing 
documentation out of the box to the users (especially to the less 
experienced ones) is quite important.


Regards,

Laurent Bigonville

Bug#799480: XEN domU crash when PV grub chainloads 32-bit domU grub

[Sergio Gelato]

- Forwarded message from Vladimir Serbinenko -

Follow-up Comment #3, bug #46014 (project grub):

I believe this is red herring. Please try the patch that I've posted on
grub-devel mailing list
(https://lists.gnu.org/archive/html/grub-devel/2017-02/msg00031.html) or the
branch xenfixes
(http://git.savannah.gnu.org/cgit/grub.git/commit/?h=phcoder/xenfixes )

Bug#820818: partman is not able to resize nvme0n1p3 in d-i

[Philip Hands]

Cyril Brulebois  writes:

> Philip Hands  (2017-02-07):
>> I just tried it with this image:
>> 
>>   
>> http://cdimage.debian.org/cdimage/stretch_di_rc2/amd64/iso-cd/debian-stretch-DI-rc2-amd64-netinst.iso
>> 
>> adding this to the kernel command line (hit TAB at the boot menu):
>> 
>>   url=hands.com/d-i/bug/820818/preseed.cfg
>> 
>> and it drops the replacement resize.sh (now using Cyril's version) in
>> place.
>> 
>> BTW If you want to suggest somewhere to exit the script to avoid
>> touching your disks, I can add that to save you the effort.
>> 
>> Cheers, Phil.
>> 
>> P.S. This kludge is totally over-engineered, as the file is ready to
>> be replaced by the time the early command is run, so in this case the
>> checks and background loop are superfluous.
>> 
>> P.P.S. I think this is much less effort than building a new image,
>> since a newly built netinst would download the old partman-partition
>> udeb from the archive unless you start making more invasive changes.
>> You can check that it's done the right thing by the time you get to
>> the root password prompts, flipping to a console and running:
>> 
>>   head -40 /lib/partman/lib/resize.sh
>
> Eh? The whole point of building and providing an image is that it contains
> all the bits you want to test; that's why I was suggesting this in the
> first place…

Sure, if you think that's less effort, great: build Ian an ISO.

My experience of doing so is that there are quite often wrinkles that
make sure the resulting image is not actually what one wanted to test in
some subtle way.  That being the case, I'm _much_ more confident that
the preseed patch is changing just what you wanted to change, and
nothing more.

This is probably an indication that I don't build images often enough,
rather than anything else.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Bug#820818: partman is not able to resize nvme0n1p3 in d-i

[Cyril Brulebois]

Ian Jackson  (2017-02-06):
> Philip Hands writes ("Re: Bug#820818: partman is not able to resize nvme0n1p3 
> in d-i"):
> > BTW I just pushed Ben's alternative suggetion to the
> > pu/resize-nvme-820818-benh branch:
> > 
> >   
> > https://anonscm.debian.org/cgit/d-i/partman-partitioning.git/commit/?h=pu/resize-nvme-820818-benh&id=62c696450a206d7ee08d570fef4c2923a03042a8
> > 
> > (also untested)
> 
> Is it easy for you to make an image to give to me to test that ?

An image for my change:
  https://mraw.org/~kibi/debian-stretch-rc2+nvme.iso [299 MB]

sha1: f9d705280cb77b04592e34d5db1d40ddb71a64ee

(Note partman-partioning 115 being loaded instead of what's in the
archive; you can grep nvme /lib/partman/lib/resize.sh to make sure the
change is present.)


KiBi.


signature.asc
Description: Digital signature

Bug#854439: ITP: node-sort-keys -- Sort the keys of an object

[Aarti Kashyap]

Package: wnpp
Severity: wishlist
Owner: Aarti Kashyap 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-sort-keys
  Version : 1.1.2
  Upstream Author : Sindre Sorhus  (sindresorhus.com
)
* URL : https://github.com/sindresorhus/sort-keys#readme
* License : Expat
  Programming Lang: JavaScript
  Description : Sort the keys of an object
Useful to get a deterministically ordered object, as the order of keys can
vary between engines.
This is dependency for ava ,a futuristic test runner

Bug#854437: ITP: python-osmnx -- street network library

[Canberk Koç]

I don't have permission to write on Debian repositories. I need sponsorship
FYI



Canberk Koç
[image: https://]about.me/canberkkoc


2017-02-07 11:44 GMT+03:00 Canberk Koç :

> Package: wnpp
> Owner: =Canberk Koç 
> Severity: wishlist
>
> * Package name: python-osmnx
>   Version : 0.3
>   Upstream Author : Geoff Boeing 
> * URL : https://github.com/gboeing/osmnx
> * License : MIT
>   Programming Lang: Python
>   Description : street network library
>  OSMnx is a Python package for downloading administrative boundary
>  shapes and street networks from OpenStreetMap. It allows you to
>  easily construct, project, visualize, and analyze complex street
>  networks in Python with NetworkX. You can get a city’s or
>  neighborhood’s walking, driving, or biking network with a single
>  line of Python code.
>
>

Bug#820427: diffoscope: Show non-debug packages first in output

[Chris Lamb]

tags 820427 + pending
thanks

Fixed in Git:

  
https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=62b3900ff9a873bdaa86a95e2d129ac6d5f0b283


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#854440: qtchooser: Does not search for QT5 executables by default

[Laurent Bigonville]

Package: qtchooser
Version: 63-g13a3d08-1
Severity: serious

Hi,

With qttools5-dev-tools installed, when I'm trying to run the
"assistant" command, I get:

bigon@fornost:~$ qtchooser -run-tool=assistant
qtchooser: could not exec '/usr/lib/x86_64-linux-gnu/qt4/bin/assistant': No 
such file or directory

I explicitly need to specify the version and then it's working:

bigon@fornost:~$ qtchooser -run-tool=assistant -qt=5

Isn't that defeating completely the purpose of this tool?

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages qtchooser depends on:
ii  libc6   2.24-9
ii  libgcc1 1:6.3.0-5
ii  libstdc++6  6.3.0-5

qtchooser recommends no packages.

qtchooser suggests no packages.

-- no debconf information

Bug#854403: paxctld flags for GNOME

[Michele Orrù]

> [I hope I'll be able to motivate a bit in more detail why the flags are what
>  they are and maybe provide a patch myself soon…

I've uploaded a draft of the patch on mentors:


> in the meantime running on ther machines]

euh sent too early… here I meant to say:

"in the meantime it would be cool if anybody could test this on their
own machines."

-- 
µ.

Bug#851997: [Pkg-xmpp-devel] Bug#851997: No TLS encryption possible

[Simon Josefsson]

severity -1 normal
tags -1 moreinfo
thanks

Hello Karsten,

> I am sorry to report this, but the users of jabberd2 should now that
> there is no encryption possible with this package. An configuration
> with encryption settings is ignored and an unencrypted connection is
> opened without warnings.

You need to provide more details for this to be a useful bug report.
Your statements above can easily be disproved.  I'm using
2.4.0-1~bpo8+1 and TLS works just as I want it to work, see for example:

https://www.xmpp.net/result.php?domain=josefsson.org&type=server
https://www.xmpp.net/result.php?domain=josefsson.org&type=client

All of my configurations are available here:

https://gitlab.com/jas/sjd-cosmos/tree/master/chat.josefsson.org/overlay/etc/jabberd2

> Wasting many time to get it running with a working TLS i had to give
> up. There is no interest from the developer to solve the problem.
>
> Please refer to this bugs that include further links:
> 
> https://github.com/jabberd2/jabberd2/issues/137
> https://github.com/jabberd2/jabberd2/issues/141

As far as I can tell, what you are looking for is help to configure
jabberd2.  To get help, you need to find someone to help you and you
need to explain what you have tried and what happenes, and what you
expect to happen. For your problem to be anything like a bug, there
needs to be some inconsistency between documentation and results.  If
you believe the documentation is insufficient, that is a separate
request for improvement, but it is hardly a release critical bug nor a
security issue.

If you cannot figure out how to configure jabberd2, maybe jabberd2
just isn't your cup of tea.  There are other XMPP servers out there.

I'll let this bug report be open to allow you to provide more
information if you want to.

/Simon


pgpdX9WdU9TA5.pgp
Description: OpenPGP digital signatur

Bug#849077: commenting "wifi.cloned-mac-address=random" fixed it for me

[Philipp Marek]

I had the same problem, with wpasupplicant 2.3 and 2.5.

[device]
wifi.scan-rand-mac-address=no

wasn't sufficient, I needed to comment out the setting

[connection]
wifi.cloned-mac-address=random

to get WIFI working again.


I'm using broadcom-sta-dkms=6.30.223.271-5, on a
14e4:4365 Broadcom Limited BCM43142 802.11b/g/n (rev 01).

Bug#844718: kmail: Kmail cannot be synchronized between 2 computers anymore

[Joerg Hau]

Based on your instructions, I managed to get the mails synchronized (again ;-) 
between two computers. 

o The laptop pc-2 was set up from scratch, its home directory was barely 
populated when I ran the sync with unison for the first time => I don't know 
how this might work out if the account has been heavily used on both computers 
before, in particular due to the kmail-migrator, kres-migrator and -firstrun 
scripts.
 
o The following problems appeared and still need a solution:

(1) Search does not work anymore on the laptop pc-2. No matter what I search 
for: no matching entries are found. => How to get this running again? 

(2) The mail filters are not transferred. I ended up exporting them on pc-1 and 
importing them manually on pc-2. => In what file are they? I want future 
changes to the filters to propagate automagically :-/

Here are the relevant parts of my unison profile to synchronise laptop (pc-2) 
and home PC (pc-1). unison has to be invoked on the laptop:

# remember to run "akonadictl stop" (and wait for akonadi to really stop) 
before syncing !

path = .gnupg
ignore = Regex .*(cache|Cache|trash|Trash|history|thumbnails).*
ignore = Name *~
ignore = Name *.desktop 

path = .kde/share/apps/kmail
path = .kde/share/config/kmailrc
path = .kde/share/apps/kmail2
path = .kde/share/config/kmail2rc
path = .kde/share/config/kmailsnippetrc
path = .kde/share/apps/kmail-migrator   # to be sure ...
path = .kde/share/apps/kres-migrator# to be sure ...
path = .kde/share/config/kgpgrc
path = .signature

path = .kde/share/apps/kwallet
path = .kde/share/config/kwalletrc
path = .kde/share/config/kwalletmanagerrc

path = .kde/share/apps/kabc
path = .kde/share/config/kabcrc
path = .kde/share/apps/korganizer
path = .kde/share/config/korganizerrc

path = .kde/share/apps/emailidentities  # is this no longer used?
path = .kde/share/config/emailidentities 
path = .kde/share/config/emaildefaults   
path = .kde/share/config/mailtransports

path = .kde/share/config/ksslcertificatemanager

path = .local/share/notes
path = .local/share/local-mail

ignore = Path {.gnupg/gpg-agent-info-*}
ignore = Path {.local/share/akonadi/socket-*}

# Th following filenames are likely to change if you modify settings 
# in the Personal Information framework => list has to be revised manually! 
# I did not figure out a suitable unison pattern yet, there are 
# too many other *rc files in the same directory ...
#
path = .local/share/akonadi
path = .config/akonadi
ignore = Path .kde/share/config/
ignore = Name {.local/share/akonadi/db_data/*.pid}
path = .kde/share/config/akonadi_akonotes_resource_0rc
path = .kde/share/config/akonadi_akonotes_resource_1rc
path = .kde/share/config/akonadi_akonotes_resource_2rc
path = .kde/share/config/akonadi_birthdays_resourcerc
# path = .kde/share/config/akonadiconsolerc
path = .kde/share/config/akonadi_contactrc
path = .kde/share/config/akonadi_davgroupware_resource_0rc
path = .kde/share/config/akonadi-firstrunrc
path = .kde/share/config/akonadi_folderarchive_agentrc
path = .kde/share/config/akonadi_gcal_resource_1rc
path = .kde/share/config/akonadi_googlecalendar_resource_0rc
path = .kde/share/config/akonadi_googledata_resource_0rc
path = .kde/share/config/akonadi_ical_resource_0rc
path = .kde/share/config/akonadi_imap_resource_0rc
path = .kde/share/config/akonadi_imap_resource_1rc
path = .kde/share/config/akonadi_imap_resource_2rc
path = .kde/share/config/akonadi_imap_resource_3rc
path = .kde/share/config/akonadi_imap_resource_4rc
path = .kde/share/config/akonadi_imap_resource_5rc
path = .kde/share/config/akonadi_imap_resource_6rc
path = .kde/share/config/akonadi_kabc_resource_4rc
path = .kde/share/config/akonadi_kcal_resource_0rc
#path = .kde/share/config/akonadikderc
path = .kde/share/config/akonadi_maildir_resource_0rc
path = .kde/share/config/akonadi_maildir_resource_1rc
path = .kde/share/config/akonadi_mailfilter_agentrc
path = .kde/share/config/akonadi-migrationrc
path = .kde/share/config/akonadi_mixedmaildir_resource_1rc
path = .kde/share/config/akonadi_nepomuk_feederrc
path = .kde/share/config/akonadi_newmailnotifier_agentrc
path = .kde/share/config/akonadi_notes_agentrc
path = .kde/share/config/akonadi_pop3_resource_0rc
path = .kde/share/config/akonadi_pop3_resource_1rc
path = .kde/share/config/akonadi_pop3_resource_2rc
path = .kde/share/config/akonadi_pop3_resource_3rc
path = .kde/share/config/akonadi_sendlater_agentrc

Best,
- Joerg

Bug#799804: librecad since 2.09 supports DWG, please update it

[Luca]

Package: librecad
Version: 2.0.4-1
Followup-For: Bug #799804

Dear Maintainer,

librecad since 2.09 supports DWG, unfortunately this file format is a must even
if it not an open format.
Please update librecad

Thanks for you effort
Luca



-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-0.bpo.1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages librecad depends on:
ii  libc6  2.19-18+deb8u7
ii  libgcc11:4.9.2-10
ii  libmuparser2   2.2.3-4
ii  libqt4-help4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqt4-sql 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqt4-svg 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqtgui4  4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  librecad-data  2.0.4-1
ii  libstdc++6 4.9.2-10

librecad recommends no packages.

librecad suggests no packages.

-- no debconf information

Bug#814057: diffoscope: Add option to ignore mtimes

[Chris Lamb]

Hi Leo,

> Since I am comparing the entire output of Python 2.7's build process,
> there are a lot of files, and they *all* have different ctimes (we set
> mtimes to epoch).

So, we already ignore mtimes on specified command-line arguments:

  $ touch --date="@0" epoch

  $ touch now

  $ diffoscope epoch now --no-progress

  $ echo $?
  0

Are you referring to {m,c}times, etc. within archives?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#854441: apng2gif: Improper sanitization of user input causing huge memory allocations resulting in crash

[Dileep Kumar Jallepalli]

Package: apng2gif
Version: 1.7-1
Severity: important

Dear Maintainer,

Q.) What led up to the situation?
A.) In read_chunk function, the line "pChunk->p = new unsigned
char[pChunk->size]" is trying to allocate pChunk->size amount of memory where
this pChunk->size is read from the png file. So, if this pChunk->size is set to
a huge value, it can result in the crash of the program.

Q.) What exactly did you do (or not do) that was effective (or ineffective)?
A.) Just have to modify the relavent offset in the png file so that the
pChunk->size value is huge.

Steps to reproduce:
Use the makefile in the attachment and compile the program (Attaching
makefile just as a reference).
Use the input.png file in the attachment as input to the program and
run it:
apng2gif input.png

Q.) What was the outcome of this action?
A.) Program will try to allocate huge amount of memory and can result in a
crash.

Sample Output:

apng2gif 1.7

Reading './crashes_submitted/largememoryallocation/input.png'...
terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc
Aborted (core dumped)

Analysis:

gdb backtrace:
#0  0xb7fdd424 in __kernel_vsyscall ()
#1  0xb7d15687 in __GI_raise (sig=sig@entry=0x6) at
.../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2  0xb7d18ab3 in __GI_abort () at abort.c:89
#3  0xb7f28405 in __gnu_cxx::__verbose_terminate_handler() () from
/usr/lib/i386-linux-gnu/libstdc++.so.6
#4  0xb7f26063 in ?? () from /usr/lib/i386-linux-gnu/libstdc++.so.6
#5  0xb7f2609f in std::terminate() () from /usr/lib/i386-linux-
gnu/libstdc++.so.6
#6  0xb7f26306 in __cxa_throw () from /usr/lib/i386-linux-gnu/libstdc++.so.6
#7  0xb7f26916 in operator new(unsigned int) () from /usr/lib/i386-linux-
gnu/libstdc++.so.6
#8  0xb7f269cb in operator new[](unsigned int) () from /usr/lib/i386-linux-
gnu/libstdc++.so.6
#9  0x0804e78e in read_chunk (f=0x88e0008, pChunk=0xb410) at
apng2gif.cpp:135
#10 0x08049921 in load_apng (szIn=0xb842
"./crashes_submitted/largememoryallocation/input.png", frames=...,
num_loops=0xb4bc) at apng2gif.cpp:267
#11 0x0804e3f9 in main (argc=0x2, argv=0xb6c4) at apng2gif.cpp:1336
#12 0xb7d00af3 in __libc_start_main (main=0x804df2a ,
argc=0x2, argv=0xb6c4, init=0x80500a0 <__libc_csu_init>, fini=0x8050110
<__libc_csu_fini>,
rtld_fini=0xb7fed160 <_dl_fini>, stack_end=0xb6bc) at libc-start.c:287
#13 0x08048e71 in _start ()

The value of pChunk->size is 0xff8c; which is very large that caused the
allocation to fail.

Q.) What outcome did you expect instead?
A.) Maybe some check to see if pChunk->size is greater than the size of png or
proper exception handling over memory allocation using new to gracefully quit
the program or using malloc instead of new to check the return pointer is null
or not.




-- System Information:
Debian Release: jessie/sid
  APT prefers trusty-updates
  APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty'), (100, 'trusty-backports')
Architecture: i386 (i686)

Kernel: Linux 3.13.0-32-generic (SMP w/2 CPU cores)
PACKAGE= apng2gif
CC = gcc
CFLAGS = -Wall -pedantic
CFLAGS_OPT = -g
LIBS   = -lstdc++ -lm -lpng -lz

all :
	$(CC) $(CFLAGS) $(CFLAGS_OPT) -o apng2gif apng2gif.cpp $(LIBS)

..PHONY : clean

clean : 
	rm -rf apng2gif

Bug#854440: qtchooser: Does not search for QT5 executables by default

[Laurent Bigonville]

On Tue, 07 Feb 2017 10:07:41 +0100 Laurent Bigonville  
wrote:


> Hi,
>
> With qttools5-dev-tools installed, when I'm trying to run the
> "assistant" command, I get:
>
> bigon@fornost:~$ qtchooser -run-tool=assistant
> qtchooser: could not exec 
'/usr/lib/x86_64-linux-gnu/qt4/bin/assistant': No such file or directory

>
> I explicitly need to specify the version and then it's working:
>
> bigon@fornost:~$ qtchooser -run-tool=assistant -qt=5
>
> Isn't that defeating completely the purpose of this tool?

I see in #764184 that qtchooser is apparently a qt4 application, so why 
would qt5 package depends on it?


That doesn't make a lot of sense to me.

I see QT5 applications also try to use the "assistant" from /usr/bin 
that then points to the non existing version of QT4. Wouldn't it be 
better to force the PATH in libqt5 to also look in /usr/lib/*/qt5/bin if 
qtchooser cannot be used?

Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals

[Christoph Martin]

Control: tag -1 -moreinfo

What can be do about this bug?

Kernel 4.7 is the last usable version.
-- 

Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber: mar...@jabber.uni-mainz.de
  (Siehe http://www.zdv.uni-mainz.de/4010.php)
<>

signature.asc
Description: OpenPGP digital signature

Bug#851997: [Pkg-xmpp-devel] Bug#851997: No TLS encryption possible

[Karsten Malcher]

Hello Simon,

Am 07.02.2017 um 10:12 schrieb Simon Josefsson:
> You need to provide more details for this to be a useful bug report.
> Your statements above can easily be disproved.  I'm using
> 2.4.0-1~bpo8+1 and TLS works just as I want it to work, see for example:
>
> https://www.xmpp.net/result.php?domain=josefsson.org&type=server
> https://www.xmpp.net/result.php?domain=josefsson.org&type=client

I don't know what is tested there - but all i can test is

$ openssl s_client -connect chat.josefsson.org:5222 -starttls xmpp
CONNECTED(0003)

There is no TLS connection established!


But when i test the same to my prosody server i get
...
---
SSL handshake has read 1946 bytes and written 627 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
...

This is an working TLS connection!

>
> All of my configurations are available here:
>
> https://gitlab.com/jas/sjd-cosmos/tree/master/chat.josefsson.org/overlay/etc/jabberd2

So at least you use

|josefsson.org |

That's what i already tested.

> As far as I can tell, what you are looking for is help to configure
> jabberd2.  To get help, you need to find someone to help you and you
> need to explain what you have tried and what happenes, and what you
> expect to happen.

I have written all this information in the linked bug reports.
There is nothing more that could be find out.
The developer doesn't support help or more information.

Sorry.
It's just a warning to users who want's to have a secure XMPP server.

Best regards
Karsten

Bug#840482: diffoscope: error at startup: AttributeError: undefined symbol: archive_errno

[Mihai - Catalin Stefan]

Hi,

I've updated diffoscope to version 70 and I don't see the error anymore.
$ pip install --upgrade diffoscope
Collecting diffoscope
  Downloading diffoscope-70.tar.gz (452kB)
100% || 460kB 265kB/s
Requirement already up-to-date: python-magic in
/usr/local/lib/python3.4/dist-packages (from diffoscope)
Collecting libarchive-c (from diffoscope)
  Downloading libarchive_c-2.7-py2.py3-none-any.whl
Installing collected packages: libarchive-c, diffoscope
  Found existing installation: libarchive-c 2.5
Uninstalling libarchive-c-2.5:
  Successfully uninstalled libarchive-c-2.5
  Found existing installation: diffoscope 61
Uninstalling diffoscope-61:
  Successfully uninstalled diffoscope-61
  Running setup.py install for diffoscope ... done
Successfully installed diffoscope-70 libarchive-c-2.7

$ diffoscope
usage: diffoscope [--debug] [--debugger] [--status-fd FD] [--progress]
  [--no-progress] [--text OUTPUT_FILE] [--text-color WHEN]
  [--output-empty] [--html OUTPUT_FILE]
  [--html-dir OUTPUT_DIR] [--css URL] [--jquery URL]
  [--markdown OUTPUT_FILE] [--restructured-text OUTPUT_FILE]
  [--profile OUTPUT_FILE] [--no-default-limits]
  [--max-report-size BYTES] [--max-report-child-size BYTES]
  [--max-diff-block-lines LINES]
  [--max-diff-block-lines-parent LINES]
  [--max-diff-block-lines-saved LINES] [--new-file]
  [--fuzzy-threshold FUZZY_THRESHOLD]
  [--max-diff-input-lines LINES] [--help] [--version]
  [--list-tools [DISTRO]]
  path1 path2
diffoscope: error: the following arguments are required: path1, path2

Regards,
Mihai

On Tue, Feb 7, 2017 at 3:01 AM, Chris Lamb  wrote:

> Mihai - Catalin Stefan wrote:
>
> > > AttributeError: /usr/bin/python3: undefined symbol: archive_errno
>
> Are you still seeing this with recent versions? If so, I wonder if this
> is related to conflicts between the pip and package-installed versions
> of libarchive-c.
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-
>

Bug#268658: Aussicht ICT Admin Schreibtisch

[Amanda Düring]

Sehr geehrter E-Mail-Benutzer:

Beachten Sie dieses neue wichtige Update, dass unsere neue Web-Mail mit einem 
neuen Messaging-System von Microsoft Outlook verbessert wurde, das auch eine 
schnellere Nutzung von E-Mails, freigegebenen Kalender, Web-Dokumenten und die 
neue Anti-Spam-Version von 2017 beinhaltet.

Bitte verwenden Sie den unten stehenden Link, um Ihr Update für unsere neue 
Microsoft Outlook verbesserte Webmail abzuschließen.
Melden Sie sich bei Outlook Web App an, 
um Ihr Postfach zu aktualisieren.

ITS Hilfe
ADMIN-TEAM

Bug#854443: nm-openvpn: dialog asks for private key password, but does not re-query when password turns out wrong

[Dennis van Dok]

Package: network-manager-openvpn
Version: 0.9.10.0-1
Severity: normal
File: nm-openvpn

Starting a connection through nm-applet; a dialog appears asking for
the private key password (it never did before, somehow the password
must have been forgotten by the keyring). I typed a passphrase,
apparently the wrong one, and the connection failes. Any subsequent attempt
to initiate the connection through the nm-applet fails immediately; no
new dialog appears to ask the correct passphrase.

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (990, 'stable'), (50, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-dvdrt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=nl_NL.utf8, LC_CTYPE=nl_NL.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages network-manager-openvpn depends on:
ii  libc6 2.19-18+deb8u7
ii  libdbus-1-3   1.8.22-0+deb8u1
ii  libdbus-glib-1-2  0.102-1
ii  libglib2.0-0  2.42.1-1+b1
ii  libnm-glib-vpn1   0.9.10.0-7
ii  libnm-glib4   0.9.10.0-7
ii  libnm-util2   0.9.10.0-7
ii  openvpn   2.3.4-5+deb8u1

network-manager-openvpn recommends no packages.

network-manager-openvpn suggests no packages.

-- no debconf information

Bug#852888: sx: FTBFS: Test failures

[Roger Shimizu]

Control: tag -1 patch

> The full build log is available from:
>http://aws-logs.debian.net/2017/01/28/sx_2.0+ds-3_unstable.log

The build log of AWS shows the error is:
nginx: [alert] could not open error log file: open()
"/var/log/nginx/error.log" failed (13: Permission denied)
...
+ /<>/sx-2.0+ds/server/sx-test-5uNoeXXd/bin/sxinit
--batch-mode --port=8013 --no-ssl
--auth-file=/<>/sx-2.0+ds/server/sx-test-5uNoeXXd/var/lib/sxserver/data/admin.key
--config-dir=/<>/sx-2.0+ds/server/sx-test-5uNoeXXd/.sx
sx://localhost
Segmentation fault

And logs of buildd [0][1][2] seems simply skipped the nginx test:
  PASS: test/hdist-test
  PASS: test/blob-test
  SKIP: test/run-nginx-test.sh

[0] https://buildd.debian.org/status/package.php?p=sx
[1] 
https://buildd.debian.org/status/fetch.php?pkg=sx&arch=i386&ver=2.0%2Bds-3&stamp=1481129412&raw=0
[2] 
https://buildd.debian.org/status/fetch.php?pkg=sx&arch=arm64&ver=2.0%2Bds-3&stamp=1481129348&raw=0

However, local "gbp buildpackage" result is the same as AWS log.
Since test/run-nginx-test.sh was previously skipped on buildd already,
so I think it should be OK to add a patch to prevent it running in
local gbp environment.

Please kindly help to sponsor the upload, before it get removed from stretch.
Thank you!

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1
From: Roger Shimizu 
Date: Tue, 7 Feb 2017 18:44:30 +0900
Subject: [PATCH] debian/patches: Add a patch to skip test/run-nginx-test.sh

---
 .../patches/04-Skip-test-run-nginx-test.sh.patch   | 36 ++
 debian/patches/series  |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 debian/patches/04-Skip-test-run-nginx-test.sh.patch

diff --git a/debian/patches/04-Skip-test-run-nginx-test.sh.patch b/debian/patches/04-Skip-test-run-nginx-test.sh.patch
new file mode 100644
index 000..840b8fa
--- /dev/null
+++ b/debian/patches/04-Skip-test-run-nginx-test.sh.patch
@@ -0,0 +1,36 @@
+From: Roger Shimizu 
+Date: Tue, 7 Feb 2017 18:43:29 +0900
+Subject: Skip test/run-nginx-test.sh
+
+---
+ server/Makefile.am | 2 +-
+ server/Makefile.in | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/server/Makefile.am b/server/Makefile.am
+index 4ac0137..9b65eaf 100644
+--- a/server/Makefile.am
 b/server/Makefile.am
+@@ -155,7 +155,7 @@ check_PROGRAMS = test/printerrno
+ 
+ check_SCRIPTS = test/runvg.sh test/run-nginx-test.sh test/fcgi-test.pl
+ EXTRA_DIST += $(check_SCRIPTS)
+-TESTS = test/hdist-test test/blob-test test/run-nginx-test.sh
++TESTS = test/hdist-test test/blob-test
+ 
+ test_printerrno_SOURCES = test/printerrno.c
+ 
+diff --git a/server/Makefile.in b/server/Makefile.in
+index 46b761c..cb717f2 100644
+--- a/server/Makefile.in
 b/server/Makefile.in
+@@ -97,8 +97,7 @@ sbin_PROGRAMS = src/fcgi/sx.fcgi$(EXEEXT) \
+ 	src/tools/sxreport-server/sxreport-server$(EXEEXT) \
+ 	src/tools/sxadm/sxadm$(EXEEXT)
+ check_PROGRAMS = test/printerrno$(EXEEXT)
+-TESTS = test/hdist-test$(EXEEXT) test/blob-test$(EXEEXT) \
+-	test/run-nginx-test.sh
++TESTS = test/hdist-test$(EXEEXT) test/blob-test$(EXEEXT)
+ subdir = .
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_append_compile_flags.m4 \
diff --git a/debian/patches/series b/debian/patches/series
index 89b8d64..ce1189c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 01-OpenSSL.patch
 02-OpenSSL.patch
 03-OpenSSL.patch
+04-Skip-test-run-nginx-test.sh.patch

Bug#853205: (no subject)

[Ksamak]

On Mon, Jan 30, 2017 at 03:35:21PM +, Hugh Morris wrote:
> Subject: compiz: Window Decoration Problem
> Package: compiz
> Version: 1:0.9.13.0+16.10.20160818.2-4
> Severity: normal
> 
> Dear Maintainer,
> 
> I, too, was surprised and pleased to see Compiz back in the Debian 
> repositories.
> I have installed it on a Debian Unstable installation with MATE on a fairly 
> old
> AMD64 desktop system with a nvidia GeForce 6200 video card with the nvidia 
> driver.
> 
> The problem I am having is with the window decorations. Decorations do appear,
> but they are not the normal ones for the theme I am using (BlackMATE).
> It's the same with any other theme.
> 
> The error messages I am getting are:
> compiz (decor) - Warn: failed to bind pixmap to texture
> compiz (decor) - Warn: No default decoration found, placement will not be 
> correct
> 
> gtk-window-decorator is running.
> 
> I used Compiz for years in the past, so I am quite familiar with it and CCSM.
> 
> Can you give me a clue to help me fix this? I would be very grateful.
> 
I think it's got something to do with the metacity themes (build flag
USE_METACITY), which are dependent on a old version of gnome-desktop,
which has not been updated or ported since mate.

the cmake of compiz says so:
No package 'gnome-window-settings-2.0' found
No package 'gnome-desktop-2.0' found

and in the summary:
"metacity theme support : No"

I guess it could be updated/ported like every other mate package,
although it's not confirmed it would fix the problem.

thanks for your interest!
-- 
Ksamak
Free software hacktivist


pgpM5R7PjB4I4.pgp
Description: PGP signature

Bug#854444: linux-image-4.9.0-0.bpo.1-amd64-unsigned: System time divergence with HyperV TimeSync protocol version 4

[Moritz Schlarb]

Package: linux-image-4.9.0-0.bpo.1-amd64-unsigned
Version: 4.9.2-2~bpo8+1
Severity: important
Tags: upstream

Since using the linux-image-4.9.0-0.bpo.1-amd64 kernel, some of our Jessie
systems running under HyperV virtualization show an enormous time divergence
gradually building up over some hours (see attached graphs from our NTP
monitoring).
System time and NTP time converge to approx. 10 minutes every approx. 8 hours
(though some machines diverge forwards and some backwards...). Especially
jumping backwards in time can be critical for various applications.
Additionally, Systemd prints "Time has been changed" to the syslog every 5
seconds, which is a little bit annoying.

In upstream, there is a patch under development that drops in-kernel time
adjustments and exposes the TimeSync messages as a PTP device for consumation
by an NTP client: https://lkml.org/lkml/2017/1/30/232.

I don't know whether this classifies as some kind of brokenness on some
hardware (e.g. HyperV 2016)...
A possible workaround of course is to just disable Time Synchronisation in the
Guest Additions setting in HyperV.

Best regards,
Moritz



-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (700, 'stable-updates'), (700, 'stable'), (60, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#854445: ITP: node-browser-resolve -- resolve which handles browser field support in package.json

[Siddhesh Rane]

Package: wnpp
Severity: wishlist
Owner: Siddhesh Rane 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-browser-resolve
  Version : 1.11.2
  Upstream Author : Roman Shtylman 
* URL : https://github.com/shtylman/node-browser-resolve#readme
* License : Expat
  Programming Lang: JavaScript
  Description : resolve which handles browser field support in package.json

 Provides the functionality of node's require.resolve with support for a
 'browser' field in package.json which will conditionally include or exclude
 modules and other functionality depending on your browser. This module aims
 to make js files compatible across browser as well as server.
 .
 Node.js is an event-based server-side JavaScript engine.

Bug#820974: plans for bug #820974

[Arturo Borrero Gonzalez]

Hi,

I'm planning a NMU for this to debian unstable in the short term.

Bug#840482: diffoscope: error at startup: AttributeError: undefined symbol: archive_errno

[Chris Lamb]

Hi Mihai,

> I've updated diffoscope to version 70 and I don't see the error anymore.

Great stuff. Closing this bug :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#842250: diffoscope: crashes on NetBSD's base.tgz

[Holger Levsen]

On Tue, Feb 07, 2017 at 04:04:23PM +1300, Chris Lamb wrote:
> > $ wget 
> > https://tests.reproducible-builds.org/netbsd/artifacts/b{1,2}/amd64/binary/sets/base.tgz
> >  
> Holger, can you still reproduce?

while on https://tests.reproducible-builds.org/netbsd/netbsd.html
the base.tgz looks reproducible, on
https://jenkins.debian.net/view/reproducible/job/reproducible_netbsd/138/console
it's less clear:

--- quote-begin ---
Thu  2 Feb 03:58:13 UTC 2017 - amd64/binary/sets/base.tgz is reproducible, yay!
artifacts published for debugging #842250 in 
https://tests.reproducible-builds.org/netbsd/artifacts/ - please dont forget to 
delete this directory later…
--- quote-end ---

so I downloaded them…

from 
https://tests.reproducible-builds.org/netbsd/artifacts/b(1|2)/amd64/binary/sets/base.tgz

and compared them:

debian-work:~$ sha256sum b?/base.tgz
d42bcf4ba2e54d5eccae839dc8f2c81c8b680d74ec55ea60cb1ceb9bf87e678e  b1/base.tgz
d42bcf4ba2e54d5eccae839dc8f2c81c8b680d74ec55ea60cb1ceb9bf87e678e  b2/base.tgz

How strange. ATM it's unclear what's really causing this…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#851147: --max-report-size does not apply to --text reports

[Chris Lamb]

Hi,

> --max-report-size does not apply to --text reports

Fixed in Git:

  
https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=7479e160411b62fa12206a2443939fed2202b397


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#842250: diffoscope: crashes on NetBSD's base.tgz

[Chris Lamb]

Holger Levsen wrote:

> > can you still reproduce?
> 
> while on https://tests.reproducible-builds.org/netbsd/netbsd.html
> the base.tgz looks reproducible

Can you still reproduce your crash though?

This bug is about it crashing diffoscope, not whether the NetBSD images
are themselves reproducible (they weren't before).


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#854446: fix mutter to work with libglvnd

[Timo Aaltonen]

Package: mutter
Severity: wishlist


Hi, please include the patch from

https://bugzilla.gnome.org/show_bug.cgi?id=772422

and upload mutter to experimental, so that people testing mesa built
with libglvnd can still launch gnome-shell with wayland. I've tested it
locally and it works.


-- 
t

Bug#854447: apng2gif: Integer overflow resulting in heap overflow write

[Dileep Kumar Jallepalli]

Package: apng2gif
Version: 1.7-1
Severity: important

Dear Maintainer,

Q.) What led up to the situation?
A.) In read_chunk function, the line "pChunk->size = png_get_uint_32(len) + 12"
is having an integer overflow vulnerability which can result in smaller memory
allocation for pChunk->p than expected. If the integer overflow results in a
pChunk->size < 4; it can cause heap overflow write in the subsequent line
"memcpy(pChunk->p, len, 4)".

Q.) What exactly did you do (or not do) that was effective (or ineffective)?
A.) Just have to modify the relavent offset in the png file so that the
pChunk->size value is less than 4.

Steps to reproduce:
Use the makefile in the attachment and compile the program in asan mode
(Attaching makefile just as a reference).
Use the input.png file in the attachment as input to the program and
run it:
apng2gif input.png

Q.) What was the outcome of this action?
A.) There will be a heap overflow write of 4 bytes for this particular crafter
input png.

Sample ASAN Output:

apng2gif 1.7

Reading './crashes_submitted/iohpw/input.png'...
=
==19011== ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4b007d0
at pc 0x8057c2c bp 0xbf847468 sp 0xbf84745c
WRITE of size 4 at 0xb4b007d0 thread T0
#0 0x8057c2b (apng2gif/1.7/gccasanbuild/apng2gif+0x8057c2b)
#1 0x804938b (apng2gif/1.7/gccasanbuild/apng2gif+0x804938b)
#2 0xb5ef6af2 (/lib/i386-linux-gnu/libc-2.19.so+0x19af2)
#3 0x804a0c1 (apng2gif/1.7/gccasanbuild/apng2gif+0x804a0c1)
0xb4b007d1 is located 0 bytes to the right of 1-byte region
[0xb4b007d0,0xb4b007d1)
allocated by thread T0 here:
#0 0xb61cb6a4 (/usr/lib/i386-linux-gnu/libasan.so.0.0.0+0x116a4)
#1 0x8056888 (apng2gif/1.7/gccasanbuild/apng2gif+0x8056888)
#2 0x804938b (apng2gif/1.7/gccasanbuild/apng2gif+0x804938b)
#3 0xb5ef6af2 (/lib/i386-linux-gnu/libc-2.19.so+0x19af2)
Shadow bytes around the buggy address:
  0x369600a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369600b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369600c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369600d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369600e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x369600f0: fa fa fa fa fa fa fa fa fa fa[01]fa fa fa 00 fa
  0x36960100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36960110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36960120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36960130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36960140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap righ redzone: fb
  Freed Heap region: fd
  Stack left redzone:f1
  Stack mid redzone: f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:f5
  Stack use after scope: f8
  Global redzone:f9
  Global init order: f6
  Poisoned by user:  f7
  ASan internal: fe
==19011== ABORTING

Analysis:

In this particular example, the pChunk->size value is 1, and hence
memcpy(pChunk->p, len, 4) resulted in a heap overflow write of 4 bytes.

Q.) What outcome did you expect instead?
A.) Probably some input validation to prevent integer overflow.




-- System Information:
Debian Release: jessie/sid
  APT prefers trusty-updates
  APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty'), (100, 'trusty-backports')
Architecture: i386 (i686)

Kernel: Linux 3.13.0-32-generic (SMP w/2 CPU cores)
PACKAGE= apng2gif
CC = gcc
CFLAGS = -Wall -g3 -pedantic -fno-omit-frame-pointer -fsanitize=address
CFLAGS_OPT = -O3
LIBS   = -lstdc++ -lm -lpng -lz

all :
	$(CC) $(CFLAGS) $(CFLAGS_OPT) -o apng2gif apng2gif.cpp $(LIBS)

..PHONY : clean

clean : 
	rm -rf apng2gif

Bug#854212: RFS: synergy/1.8.7-stable+dfsg.1-1 [ITA]

[Arturo Borrero Gonzalez]

On Mon, 6 Feb 2017 11:44:47 -0600 Joshua Honeycutt
 wrote:
>
> A new package was uploaded to mentors.
>

Uploaded to experimental.

Thanks for your contribution :-)

Bug#854287: Acknowledgement (putty: ed25519 key not recognized)

[Demetris Demetriou]

Yes, puttygen was indeed a dev version. Haven't realized how far behind 
the stable version is from the dev version (2 years for this particular 
feature).


Please close this bug.

Bug#841315: cloud-init: Datasource list missing "OpenStack" key

[Olivier Berger]

Hi.

On Wed, Oct 19, 2016 at 04:45:10PM +0200, Mateo Boudet wrote:
> 
> Cloud-init refers to a datasource list located at
> /etc/cloud/cloud.cfg.d/90_dpkg.cfg to select from where it should import data.
> 
> On a fresh install, the list is as follows :
> 
> datasource_list: [ NoCloud, AltCloud, CloudStack, ConfigDrive, Ec2, MAAS, OVF,
> GCE, None ]
> 
> It is missing an 'OpenStack' key. Without it, it cannot import vendor data 
> from
> an Openstack install.
> 
> Even with dpkg-reconfigure, the 'OpenStack' cannot be added, it must be added
> manually.
> 

May it be that the Ec2 is supported by OpenStack ? I kinda remember having 
noticed something like this in the docs.

Also "OpenStack Config Drive" seems supported, but this may not be what you 
need ?

Hope this helps a bit.

Best regards,

-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

Bug#841315: cloud-init: Datasource list missing "OpenStack" key

[Mateo Boudet]

Hi,

Without the "OpenStack" key, most of the instance configuration works 
(using the EC2 key to configure maybe), but some parts are missing, such 
as "Vendordata" which are not passed to the instance.


As far as I know, the "ConfigDrive" is a different way to configure the 
instance.


(Nb: This is using a Mitaka Openstack deployment, it might be different 
with Newton)




Le 07/02/2017 à 11:32, Olivier Berger a écrit :

Hi.

On Wed, Oct 19, 2016 at 04:45:10PM +0200, Mateo Boudet wrote:

Cloud-init refers to a datasource list located at
/etc/cloud/cloud.cfg.d/90_dpkg.cfg to select from where it should import data.

On a fresh install, the list is as follows :

datasource_list: [ NoCloud, AltCloud, CloudStack, ConfigDrive, Ec2, MAAS, OVF,
GCE, None ]

It is missing an 'OpenStack' key. Without it, it cannot import vendor data from
an Openstack install.

Even with dpkg-reconfigure, the 'OpenStack' cannot be added, it must be added
manually.


May it be that the Ec2 is supported by OpenStack ? I kinda remember having 
noticed something like this in the docs.

Also "OpenStack Config Drive" seems supported, but this may not be what you 
need ?

Hope this helps a bit.

Best regards,

Bug#851997: [Pkg-xmpp-devel] Bug#851997: Bug#851997: No TLS encryption possible

[Thadeu Lima de Souza Cascardo]

On Tue, Feb 07, 2017 at 10:34:09AM +0100, Karsten Malcher wrote:
> Hello Simon,
> 
> Am 07.02.2017 um 10:12 schrieb Simon Josefsson:
> > You need to provide more details for this to be a useful bug report.
> > Your statements above can easily be disproved.  I'm using
> > 2.4.0-1~bpo8+1 and TLS works just as I want it to work, see for example:
> >
> > https://www.xmpp.net/result.php?domain=josefsson.org&type=server
> > https://www.xmpp.net/result.php?domain=josefsson.org&type=client
> 
> I don't know what is tested there - but all i can test is
> 
> $ openssl s_client -connect chat.josefsson.org:5222 -starttls xmpp
> CONNECTED(0003)
> 
> There is no TLS connection established!
> 

On the other hand, when I run it here:

$ cat /etc/debian_version
9.0
$ apt-cache policy openssl
openssl:
  Installed: 1.1.0d-2
  Candidate: 1.1.0d-2
  Version table:
 *** 1.1.0d-2 500
500 http://ftp.debian.org/debian sid/main amd64 Packages
100 /var/lib/dpkg/status
$ openssl s_client -connect chat.josefsson.org:5222 -starttls xmpp
CONNECTED(0003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 497 bytes and written 123 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
$

> 
> But when i test the same to my prosody server i get
> ...
> ---
> SSL handshake has read 1946 bytes and written 627 bytes
> ---
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol  : TLSv1.2
> Cipher: ECDHE-RSA-AES256-GCM-SHA384
> ...
> 
> This is an working TLS connection!
> 
> >
> > All of my configurations are available here:
> >
> > https://gitlab.com/jas/sjd-cosmos/tree/master/chat.josefsson.org/overlay/etc/jabberd2
> 
> So at least you use
> 
> | pemfile='/etc/jabberd2/server.pem'>josefsson.org |
> 
> That's what i already tested.
> 
> > As far as I can tell, what you are looking for is help to configure
> > jabberd2.  To get help, you need to find someone to help you and you
> > need to explain what you have tried and what happenes, and what you
> > expect to happen.
> 
> I have written all this information in the linked bug reports.
> There is nothing more that could be find out.
> The developer doesn't support help or more information.
> 
> Sorry.
> It's just a warning to users who want's to have a secure XMPP server.
> 
> Best regards
> Karsten
> 
> ___
> Pkg-xmpp-devel mailing list
> pkg-xmpp-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xmpp-devel

Bug#854448: octave-stk: Yaml syntax error in debian/upstream/metadata

[Andreas Tille]

Package: octave-stk
Severity: normal
Tags: patch

Hi,

the string ": " is not allowed inside values and you need to quote
the value string.

Kind regards

  Andreas.

PS: If ACLs would have been set I would have commited the attached
patch right to Git.


-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
>From 4a0d4cbcfb192b7341c6f79b4146c16fd7da5c86 Mon Sep 17 00:00:00 2001
From: Andreas Tille 
Date: Tue, 7 Feb 2017 11:40:34 +0100
Subject: [PATCH] Fix yaml syntax

---
 debian/upstream/metadata | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/upstream/metadata b/debian/upstream/metadata
index c61594f..b801078 100644
--- a/debian/upstream/metadata
+++ b/debian/upstream/metadata
@@ -3,6 +3,6 @@ Homepage: http://www.praat.org/
 Contact: The Octave Community 
 Reference:
   Author: Bect, Julien and Vazquez, Emmanuel and others
-  Title: STK: a Small (Matlab/Octave) Toolbox for Kriging. Release 2.3}
+  Title: "STK: a Small (Matlab/Octave) Toolbox for Kriging. Release 2.3}"
   Type: misc
   URL: http://www.citeulike.org/user/schulman/article/4016976p
-- 
2.11.0

Bug#854449: dns-root-data: New root keys and hint file changes

[Christian Hofstaedtler]

Package: dns-root-data
Version: 2015052300+h+1
Severity: important

Dear Maintainers,

IANA has published new hint files and new root keys.
It'd be good if those would be updated for stretch.

Thanks,
-ch

Bug#842250: diffoscope: crashes on NetBSD's base.tgz

[Mattia Rizzolo]

Well, if the images are reproducible a whole lot of the diffoscope code
(most probably where the crash happened) is short circuited; hence you
really need to find 2 differing files that used to cause the crash to test
this.

On Tue, 7 Feb 2017, 11:24 a.m. Chris Lamb,  wrote:

> Holger Levsen wrote:
>
> > > can you still reproduce?
> >
> > while on https://tests.reproducible-builds.org/netbsd/netbsd.html
> > the base.tgz looks reproducible
>
> Can you still reproduce your crash though?
>
> This bug is about it crashing diffoscope, not whether the NetBSD images
> are themselves reproducible (they weren't before).
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-
>
> ___
> Reproducible-builds mailing list
> reproducible-bui...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
>

Bug#852108: usbguard: fails to start after installation: "ERROR: Configuration: /etc/usbguard/rules.conf: usbguard::Exception"

[intrigeri]

Control: tag -1 - moreinfo
Control: retitle -1 usbguard.service is started three times on initial 
installation and only the 3rd time succeeds

Hi,

Muri Nicanor:
> control: tags -1 + moreinfo unreproducible

> i'm actually not able to reproduce the bug. if i install usbguard on a
> clean stretch installation i can start usbguard[0] without having an
> /etc/usbguard/rules.conf file:

>> muri@debian:~$ ls /etc/usbguard/
>> usbguard-daemon.conf
>> muri@debian:~$ grep RuleFile /etc/usbguard/usbguard-daemon.conf
>> # RuleFile=/path/to/rules.conf
>> RuleFile=/etc/usbguard/rules.conf
>> muri@debian:~$ sudo service usbguard stop
>> [sudo] password for muri:
>> muri@debian:~$ sudo service usbguard start
>> muri@debian:~$ sudo systemctl status usbguard
>> ● usbguard.service - USBGuard daemon
>>   Loaded: loaded (/lib/systemd/system/usbguard.service; enabled;
>>vendor preset: enabled)
>>   Active: active (running) since Sat 2017-02-04 12:44:55 EST; 5s ago
>> Docs: man:usbguard-daemon(8)
>> Main PID: 1130 (usbguard-daemon)
>>Tasks: 2 (limit: 4915)
>>   CGroup: /system.slice/usbguard.service
>>   └─1130 /usr/sbin/usbguard-daemon -k -c /etc/usbguard
>>/usbguard-daemon.conf
>>
>>Feb 04 12:44:55 debian systemd[1]: Started USBGuard daemon.

Looking closer, I see the same here, *but* what happens on
installation is weird: usbguard.service is started no less than
3 times, and only the third attempt works. It looks somewhat related
to usbguard-dbus.service:

Feb 07 11:38:41 sid-desktop systemd[1]: Started USBGuard daemon.
Feb 07 11:38:41 sid-desktop systemd[1]: Starting USBGuard D-Bus Service...
Feb 07 11:38:41 sid-desktop usbguard-daemon[3693]: [1486463921.919] (E) ERROR: 
Configuration: /etc/usbguard/rules.conf: usbguard::Exception
Feb 07 11:38:41 sid-desktop systemd[1]: usbguard.service: Main process exited, 
code=exited, status=1/FAILURE
Feb 07 11:38:41 sid-desktop systemd[1]: usbguard.service: Unit entered failed 
state.
Feb 07 11:38:41 sid-desktop systemd[1]: usbguard.service: Failed with result 
'exit-code'.
Feb 07 11:38:41 sid-desktop systemd[1]: Started USBGuard D-Bus Service.
Feb 07 11:38:42 sid-desktop systemd[1]: usbguard.service: Service hold-off time 
over, scheduling restart.
Feb 07 11:38:42 sid-desktop systemd[1]: Stopped USBGuard daemon.
Feb 07 11:38:42 sid-desktop systemd[1]: Started USBGuard daemon.
Feb 07 11:38:42 sid-desktop systemd[1]: Stopping USBGuard D-Bus Service...
Feb 07 11:38:42 sid-desktop systemd[1]: Stopped USBGuard D-Bus Service.
Feb 07 11:38:42 sid-desktop systemd[1]: Starting USBGuard D-Bus Service...
Feb 07 11:38:42 sid-desktop usbguard-daemon[3704]: [1486463922.084] (E) ERROR: 
Configuration: /etc/usbguard/rules.conf: usbguard::Exception
Feb 07 11:38:42 sid-desktop systemd[1]: usbguard.service: Main process exited, 
code=exited, status=1/FAILURE
Feb 07 11:38:42 sid-desktop systemd[1]: usbguard.service: Unit entered failed 
state.
Feb 07 11:38:42 sid-desktop systemd[1]: usbguard.service: Failed with result 
'exit-code'.
Feb 07 11:38:42 sid-desktop systemd[1]: Started USBGuard D-Bus Service.
Feb 07 11:38:42 sid-desktop systemd[1]: usbguard.service: Service hold-off time 
over, scheduling restart.
Feb 07 11:38:42 sid-desktop systemd[1]: Stopping USBGuard D-Bus Service...
Feb 07 11:38:42 sid-desktop systemd[1]: Stopped USBGuard daemon.
Feb 07 11:38:42 sid-desktop systemd[1]: Started USBGuard daemon.
Feb 07 11:38:42 sid-desktop systemd[1]: Stopped USBGuard D-Bus Service.
Feb 07 11:38:42 sid-desktop systemd[1]: Starting USBGuard D-Bus Service...
Feb 07 11:38:42 sid-desktop systemd[1]: Started USBGuard D-Bus Service.

So in the end the service is started successfully, but still I wonder
if this strange behavior is highlighting something wrong somewhere
deeper, that could bite us in the future.

Retitling accordingly. Feel free to downgrade severity.

> (nontheless i'll still add the rules.conf in the postinst script)

Sounds good!

Cheers,
-- 
intrigeri

Bug#854450: gtk-vnc: CVE-2017-5884 CVE-2017-5885

[Markus Koschany]

Package: gtk-vnc
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for gtk-vnc.

CVE-2017-5885[0]:

CVE-2017-5884[1]:

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5885
[1] https://security-tracker.debian.org/tracker/CVE-2017-5884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5884
Please adjust the affected versions in the BTS as needed.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#854123: Bug#854120: qt4-dev-tools: Please move the "assistant" binary to an other package

[Lisandro Damián Nicanor Pérez Meyer]

reopen 854123
reopen 854130
thanks

I must admit this is totally new for me. Yes, assistant should be splitted.

Thanks for the bug Laurent!

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

Bug#836193: Improper handling of arch all only package

[Konstantinos Margaritis]

Hello,

I just wanted to say that I was able to reproduce this bug on a stretch
based system (mini-buildd 1.0.29), building 2 arches, i386/amd64, where
 i386 is optional and amd64 builder builds arch:all packages. I
uploaded a python package in both source and binary form (ie,
source.changes, amd64.changes) and in both cases I'm getting the FAILED 
status, message:

1 mandatory architecture(s) missing: amd64

Is there any way to get passed this?

Regards

Konstantinos

signature.asc
Description: This is a digitally signed message part

Bug#854451: ITP: node-des.js -- DES implementation in javascript

[Siddhesh Rane]

Package: wnpp
Severity: wishlist
Owner: Siddhesh Rane 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-des.js
  Version : 1.0.0
  Upstream Author : Fedor Indutny 
* URL : https://github.com/indutny/des.js#readme
* License : Expat
  Programming Lang: JavaScript
  Description : DES implementation in javascript

 Provides implementation of DES encryption algorithm in javascript.
 Required for browserify-des
.
 Node.js is an event-based server-side JavaScript engine.

Bug#854452: ITP: kissebook -- A ebook organizer with quick 'open ebook file' option using user defined viewer and reader

[Elif AKDAĞ]

Package: wnpp
Owner: Elif Akdag 
Severity: wishlist

* Package name: kissebook
  Version : 0.8.0
  Upstream Author : Jan Riechers 
* URL : https://www.github.com/jrie/kisslib
* License : GPL 3
  Programming Lang: C
  Description : A ebook organizer with quick 'open ebook file' option
using user defined viewer and reader

KISSebook is a simple ebook organizer for pdf, epub, mobi and chm ebook
formats, which does support basic readout of metadata like authors and
title.
It can launch (open) ebooks in user selected viewers on a per file
basis Either by providing a command, possibly with parameters or by
detecting some common readers by there executable binary.

NOTE: I don't have a permission to write to Debian's Repository. So I need
sponsor for this package.

Thank you.

Bug#854453: apng2gif: Stack overflow because of improper input parameter sanitization

[Dileep Kumar Jallepalli]

Package: apng2gif
Version: 1.7-1
Severity: important

Dear Maintainer,

Q.) What led up to the situation?
A.) In main function, the variable szOut is being used to store the input file
name in the statements "strcpy(szOut, szOpt)" and "strcpy(szOut, szInput)",
since szOut is of size 256 and there is no check on the size of input parameter
that is being copied into szOut, user can pass a parameter of size more than
256 to corrupt the stack.

Q.) What exactly did you do (or not do) that was effective (or ineffective)?
What was the outcome of this action?
A.) Just have to pass a parameter of size more than 256 characters.

Steps to reproduce:
Use the makefile in the attachment and compile the program (Attaching
makefile just as a reference).

Since there are multiple places in the code where the stack overflow is
possible, im just pointing out 2 of these cases:

Case 1: (at strcpy(szOut, szOpt))

Command line:
../gccbuild/apng2gif ./aflasanbuildinput/not_kitty.png


Output:
apng2gif 1.7

Reading './aflasanbuildinput/not_kitty.png'...
1 frame.
5 colors.
Error: can't open
''
save_agif() failed:
''
*** stack smashing detected ***: ./gccbuild/apng2gif terminated
Aborted (core dumped)

Case 2: (at strcpy(szOut, szInput))

Command line:
../gccbuild/apng2gif
../aflasanbuildinput/.png

Output:
apng2gif 1.7

Reading
'./aflasanbuildinput/.png'...
load_apng() failed:
'./aflasanbuildinput/.png'
*** stack smashing detected ***: ./gccbuild/apng2gif terminated
Aborted (core dumped)

Q.) What outcome did you expect instead?
A.) Maybe some check to see if the parameter passed is greater than 255
characters before trying to do strcpy.




-- System Information:
Debian Release: jessie/sid
  APT prefers trusty-updates
  APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 
'trusty'), (100, 'trusty-backports')
Architecture: i386 (i686)

Kernel: Linux 3.13.0-32-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
PACKAGE= apng2gif
CC = gcc
CFLAGS = -Wall -pedantic
CFLAGS_OPT = -g
LIBS   = -lstdc++ -lm -lpng -lz

all :
	$(CC) $(CFLAGS) $(CFLAGS_OPT) -o apng2gif apng2gif.cpp $(LIBS)

..PHONY : clean

clean : 
	rm -rf apng2gif

Bug#854454: D-I RC2 under KVM; some wishlist items included.

[Toomas Tamm]

Package: installation-reports

Boot method: KVM (virt-install) boot from ISO image
Image version: debian-stretch-DI-rc2-amd64-netinst.iso
Date: Tue Feb  7 12:49:26 EET 2017

Machine: KVM virtual host, with virtio, running under Debian 7.11 (stretch)
Processor: virtual, single core
Memory: 1 GB
Partitions: 
Filesystem Type 1K-blocks   Used Available Use% Mounted on
udev   devtmpfs505680  0505680   0% /dev
tmpfs  tmpfs   102048   1668100380   2% /run
/dev/vda1  ext4  23898960 549604  22112316   3% /
tmpfs  tmpfs   510224  0510224   0% /dev/shm
tmpfs  tmpfs 5120  0  5120   0% /run/lock
tmpfs  tmpfs   510224  0510224   0% /sys/fs/cgroup
/dev/vda5  ext4   9545920 193768   8847528   3% /var
/dev/vda8  ext4 128014556  61464 121407224   1% /home
/dev/vda7  ext4   1888268   5748   1768552   1% /tmp
tmpfs  tmpfs   102044  0102044   0% /run/user/0

Output of lspci -knn (or lspci -nn):
00:00.0 Host bridge [0600]: Intel Corporation 440FX - 82441FX PMC [Natoma] 
[8086:1237] (rev 02)
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
00:01.0 ISA bridge [0601]: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton 
II] [8086:7000]
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
00:01.1 IDE interface [0101]: Intel Corporation 82371SB PIIX3 IDE 
[Natoma/Triton II] [8086:7010]
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
Kernel driver in use: ata_piix
Kernel modules: ata_piix, ata_generic
00:01.2 USB controller [0c03]: Intel Corporation 82371SB PIIX3 USB 
[Natoma/Triton II] [8086:7020] (rev 01)
Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100]
Kernel driver in use: uhci_hcd
Kernel modules: uhci_hcd
00:01.3 Bridge [0680]: Intel Corporation 82371AB/EB/MB PIIX4 ACPI [8086:7113] 
(rev 03)
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
Kernel driver in use: piix4_smbus
Kernel modules: i2c_piix4
00:02.0 VGA compatible controller [0300]: Cirrus Logic GD 5446 [1013:00b8]
Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100]
Kernel driver in use: cirrus
Kernel modules: cirrusfb, cirrus
00:03.0 Ethernet controller [0200]: Red Hat, Inc Virtio network device 
[1af4:1000]
Subsystem: Red Hat, Inc Virtio network device [1af4:0001]
Kernel driver in use: virtio-pci
Kernel modules: virtio_pci
00:04.0 SCSI storage controller [0100]: Red Hat, Inc Virtio block device 
[1af4:1001]
Subsystem: Red Hat, Inc Virtio block device [1af4:0002]
Kernel driver in use: virtio-pci
Kernel modules: virtio_pci
00:05.0 Unclassified device [00ff]: Red Hat, Inc Virtio memory balloon 
[1af4:1002]
Subsystem: Red Hat, Inc Virtio memory balloon [1af4:0005]
Kernel driver in use: virtio-pci
Kernel modules: virtio_pci


Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [O]
Detect network card:[O]
Configure network:  [O]
Detect CD:  [O]
Load installer modules: [O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[O]
Clock/timezone setup:   [wishlist]
User/password setup:[O]
Install tasks:  [wishlist]
Install boot loader:[O]
Overall install:[O]

Comments/Problems:

I normally use FAI to install Debian. In order to prepare a stretch
system for forthcoming upgrades, I installed a stretch instance under
a KVM virtual machine. I used the non-graphical advanced mode.

I did not initially realize that the timezone selection list is a hard
dependence on my location and had to go back to configure the locale.
While everything turned out smooth eventually, I recommend an extra
option in the timezone list which would lead to all available timezones.
This may be especially relevant when installing virtual machines in
remote locations via networking.

The bigger problem came when I got to the tasksel step. By accident
I selected "continue" before I had made my selections and the installer
proceeded to downloading 1500+ packages which I did not intend to install.

I have two suggestions here:
1) The system should ask for extra confirmation just like apt-get does:
"You are about to install 1508 packages, taking 345 megabytes of disk
space. Do you want to continue?"
Remember, we are in "advanced" mode, so the user should know what this 
means.
2) The software installation screen should include an interrupt option, 
at least for the initial time when packages are being downloaded and 
interruption would not result in a half-installed unconfigured system. 
I tried the normal keys (Esc, ctrl-C, ctrl-G) but they were ignored.

It would also be nice (given we are in "advanced" mode) if the lists
of packages behind, eg "standard system utilities" were available f

Bug#854455: Package: installation-reports

[Jürgen Kleber]

Package: installation-reports

Boot method: Booting from DVD
Image version: Debian GNU/Linux testing_Stretch_-Official Snapshot amd64
NETINST Binary-1 20170201-09:50
Date: 2017-02-06 16:00MED

Machine: Desktop PC
Processor: Intel Pentium(R) Dual-Core  CPU  E5200  @ 2.50GHz (family:
0x6, model: 0x17, stepping: 0xa)
Memory: Memory: 4027448K/4193396K available (6138K kernel code, 1134K
rwdata, 2840K rodata, 1392K init, 812K bss, 165948K reserved, 0K
cma-reserved)

Partitions:
df -Tl
DateisystemTyp   1K-Blöcke   Benutzt  Verfügbar Verw% Eingehängt auf
udev   devtmpfs2013736 020137360% /dev
tmpfs  tmpfs405020  6464 3985562% /run
/dev/sda1  ext4 3840040208 342073992 3302832676   10% /
tmpfs  tmpfs   2025084 420250801% /dev/shm
tmpfs  tmpfs  5120 4   51161% /run/lock
tmpfs  tmpfs   2025084 020250840% /sys/fs/cgroup
tmpfs  tmpfs40501616 4050001% /run/user/117
tmpfs  tmpfs40501640 4049761% /run/user/1000

od -t x1 mbr.dmp
000 eb 63 90 00 00 00 00 00 00 00 00 00 00 00 00 00
020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
120 00 00 00 00 00 00 00 00 00 00 00 80 60 66 04 19
140 01 00 00 00 ff fa 90 90 f6 c2 80 74 05 f6 c2 70
160 74 02 b2 80 ea 79 7c 00 00 31 c0 8e d8 8e d0 bc
200 00 20 fb a0 64 7c 3c ff 74 02 88 c2 52 bb 17 04
220 f6 07 03 74 06 be 88 7d e8 17 01 be 05 7c b4 41
240 bb aa 55 cd 13 5a 52 72 3d 81 fb 55 aa 75 37 83
260 e1 01 74 32 31 c0 89 44 04 40 88 44 ff 89 44 02
300 c7 04 10 00 66 8b 1e 5c 7c 66 89 5c 08 66 8b 1e
320 60 7c 66 89 5c 0c c7 44 06 00 70 b4 42 cd 13 72
340 05 bb 00 70 eb 76 b4 08 cd 13 73 0d 5a 84 d2 0f
360 83 d0 00 be 93 7d e9 82 00 66 0f b6 c6 88 64 ff
400 40 66 89 44 04 0f b6 d1 c1 e2 02 88 e8 88 f4 40
420 89 44 08 0f b6 c2 c0 e8 02 66 89 04 66 a1 60 7c
440 66 09 c0 75 4e 66 a1 5c 7c 66 31 d2 66 f7 34 88
460 d1 31 d2 66 f7 74 04 3b 44 08 7d 37 fe c1 88 c5
500 30 c0 c1 e8 02 08 c1 88 d0 5a 88 c6 bb 00 70 8e
520 c3 31 db b8 01 02 cd 13 72 1e 8c c3 60 1e b9 00
540 01 8e db 31 f6 bf 00 80 8e c6 fc f3 a5 1f 61 ff
560 26 5a 7c be 8e 7d eb 03 be 9d 7d e8 34 00 be a2
600 7d e8 2e 00 cd 18 eb fe 47 52 55 42 20 00 47 65
620 6f 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 61
640 64 00 20 45 72 72 6f 72 0d 0a 00 bb 01 00 b4 0e
660 cd 10 ac 3c 00 75 f4 c3 00 00 00 00 00 00 00 00
700 01 00 ee fe ff ff 01 00 00 00 ff ff ff ff 00 00
720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa
0001000


Output of lspci -knn
00:00.0 Host bridge [0600]: Intel Corporation 4 Series Chipset DRAM
Controller [8086:2e20] (rev 03)
Subsystem: ASUSTeK Computer Inc. P5Q Deluxe Motherboard [1043:82d3]
00:01.0 PCI bridge [0604]: Intel Corporation 4 Series Chipset PCI Express
Root Port [8086:2e21] (rev 03)
Kernel driver in use: pcieport
Kernel modules: shpchp
00:1a.0 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB
UHCI Controller #4 [8086:3a37]
Subsystem: ASUSTeK Computer Inc. P5Q Deluxe Motherboard [1043:82d4]
Kernel driver in use: uhci_hcd
Kernel modules: uhci_hcd
00:1a.1 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB
UHCI Controller #5 [8086:3a38]
Subsystem: ASUSTeK Computer Inc. P5Q Deluxe Motherboard [1043:82d4]
Kernel driver in use: uhci_hcd
Kernel modules: uhci_hcd
00:1a.2 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB
UHCI Controller #6 [8086:3a39]
Subsystem: ASUSTeK Computer Inc. P5Q Deluxe Motherboard [1043:82d4]
Kernel driver in use: uhci_hcd
Kernel modules: uhci_hcd
00:1a.7 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family)
USB2 EHCI Controller #2 [8086:3a3c]
Subsystem: ASUSTeK Computer Inc. P5Q Deluxe Motherboard [1043:82d4]
Kernel driver in use: ehci-pci
Kernel modules: ehci_pci
00:1b.0 Audio device [0403]: Intel Corporation 82801JI (ICH10 Family) HD
Audio Controller [8086:3a3e]
Subsystem: ASUSTeK Computer Inc. 82801JI (ICH10 Family) HD Audio
Controller [1043:8357]
Kernel driver in use: snd_hda_intel
Kernel modules: snd_hda_intel
00:1c.0 PCI bridge [0604]: Intel Corporation 82801JI (ICH10 Family) PCI
Express Root Port 1 [8086:3a40]
Kernel driver in use: pcieport
Kernel modules: shpchp
00:1c.4 PCI bridge [0604]: Intel Corporation 82801JI (ICH10 Family) PCI
Express Root Port 5 [8086:3a48]
Kernel driver in use: pcieport
Kernel modules: shpchp
00:1c.5 PCI bridge [0604]: Intel Corporation 82801JI (ICH10 Family) PCI
Express Root Port 6 [8086:3a4a]
Kernel driver in use: pcieport
Kernel modules: shpchp
00:1d.0 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB
UHCI Controller #1 [8086:3a34]
Subsystem: ASUSTeK Computer Inc. P5Q Deluxe Motherbo

Bug#820797: Does anybody care about clhep (and other software from CERN)

[Ole Streicher]

Hi Andreas,

in clhep, the 2.1.4.1 releases were not in the git repository.

I corrected that, merged everything together, and now it compiles fine.
I took the freedom to just upload it :-)

Cheers

Ole

Bug#854456: unblock: debdelta/0.59

[A Mennucc]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debdelta

Dear release team, the version 0.56 of debdelta in testing suffers of
many bugs, and in particular #852087 that is release-critical

In 07 Jan I had prepared debdelta 0.57 to the archives, but it was not
accepted (I suspect that "debsign" chose the wrong key :-(  )

I have now uploaded 0.58exp in experimental;
and I have prepared 0.59 to upload into testing,
but I need advice, if it may be accepted or not.

Here is a streamlined changelog, to help you read the attached debdiff

  * Bug fix: "cannot handle redirects",
thanks to Paul Wise (Closes: #835655).
  * Bug fix: "[INTL:pt] Updated Portuguese translation for program",
thanks to Miguel Figueiredo (Closes: #852087).
  * Installation leaves gpg-agent process running <- *release critical*
Thanks Andreas Beckmann (Closes: #85135).
  * Lintian fixes:
- rewrite copyright using  copyright-format/1.0/
- bump standards version to 3.9.8
  * Various code fixes.
- Fix guessing of xz parameters for dbgsym files
- do not print gnupg messages in verbosity <= 2
- keep some more temporary files when -k
- add option "mirrors-exclude" in server
  * Autodetect and install all available translations.
Thanks Carlos Maddela. Closes: #849908
  * Update Italian translation.
  * debdelta-upgrade: explain why the delta is not available; and also add
corresponding --deb-policies.
Thanks  shirish शिरीष . Closes: #779897
  * debdelta-upgrade handles redirects. Thanks Paul Wise. Closes: #835655

Note that, when solving bug 779897 , I added new features, and these
are documented and then translated in the PT and IT translations.

I remark that I did not yet upload 0.59 to unstable.

Thanks again for any help. A.

unblock debdelta/0.59

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-0.bpo.2-amd64 (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- debdelta-0.56/debdelta	2017-01-01 23:59:34.0 +0100
+++ debdelta-0.59/debdelta	2017-02-07 10:30:24.0 +0100
@@ -181,7 +181,7 @@
 OLD = []
 ACT = True
 DO_MD5  = True
-DEB_POLICY = ['b','s','e']
+DEB_POLICY = ['b','s','e','t','f']
 DO_PROGRESS = terminalcolumns != None
 
 #where/how debpatch/debdelta-upgrade will send forensic data, when patching fails
@@ -912,9 +912,9 @@
   
   os.close(temp_fd)
   
-  if VERBOSE > 1 or p.returncode:
+  if VERBOSE > 2 or p.returncode:
 for j in open(temp_name):
-  print '  GPG> ',j,
+  print '   GPG> ',j,
   
   os.unlink(temp_name)
   
@@ -2901,6 +2901,10 @@
 PARS=['-6e','-9','-9e']
 if par:
   PARS.append(par)
+  if par == '--lzma2=dict=1MiB':
+# dbgsym deb files are compressed with -1e
+PARS.append('-1')
+PARS.append('-1e')
 if check:
   redo=True
   while redo and PARS:
@@ -3975,8 +3979,11 @@
 except DebDeltaError,s:
   if not VERBOSE : print _('Creating:'),delta
   print ' Creation of delta failed, reason: ',str(s)
-  if os.path.exists(deltatmp) and DEBUG == 0:
-os.unlink(deltatmp)
+  if os.path.exists(deltatmp):
+if KEEP:
+  print(' '+_('You may want to examine:')+' '+str(deltatmp))
+else:
+  os.unlink(deltatmp)
   if not s.retriable :
 open(delta+'-fails','w').close()
   exitstatus=max(exitstatus, s.exitcode)
@@ -4011,8 +4018,11 @@
 pret=do_patch(deltatmp,old_File,None , info=info_delta, do_gpg=None)
   except DebDeltaError,s:
 print ' '+_('Error: testing of delta failed:')+' '+str(s)
-if os.path.exists(deltatmp) and DEBUG==0:
-  os.unlink(deltatmp)
+if os.path.exists(deltatmp):
+  if KEEP:
+print(' '+_('You may want to examine:')+' '+str(deltatmp))
+  else:
+os.unlink(deltatmp)
 if not  s.retriable :
   open(delta+'-fails','w').close()
   except KeyboardInterrupt:
@@ -4022,8 +4032,11 @@
   except Exception,s:
 exitstatus=max(exitstatus,4)
 puke(" *** Error while testing delta  "+delta,s)
-if os.path.exists(deltatmp) and DEBUG==0:
-  os.unlink(deltatmp)
+if os.path.exists(deltatmp):
+  if KEEP:
+print ' '+_('You may want to examine:')+' '+str(deltatmp)
+  else:
+os.unlink(deltatmp)
 open(delta+'-fails','w').close()
   if pret == None:
 return max(exitstatus, 4)
@@ -4659,7 +4672,11 @@
   r, status, msg, responseheaders=_connect(uri, re)
   if not hasattr(r,'rea

Bug#854440: qtchooser: Does not search for QT5 executables by default

[Lisandro Damián Nicanor Pérez Meyer]

El feb 7, 2017 6:33 AM, "Laurent Bigonville"  escribió:
>
> On Tue, 07 Feb 2017 10:07:41 +0100 Laurent Bigonville 
wrote:
>
> > Hi,
> >
> > With qttools5-dev-tools installed, when I'm trying to run the
> > "assistant" command, I get:
> >
> > bigon@fornost:~$ qtchooser -run-tool=assistant
> > qtchooser: could not exec
'/usr/lib/x86_64-linux-gnu/qt4/bin/assistant': No such file or directory
> >
> > I explicitly need to specify the version and then it's working:
> >
> > bigon@fornost:~$ qtchooser -run-tool=assistant -qt=5
> >
> > Isn't that defeating completely the purpose of this tool?
>
> I see in #764184 that qtchooser is apparently a qt4 application, so why
would qt5 package depends on it?

Qtchooser is neither a qt4 nor a qt5 application, it's "simply" a qt
version chooser.

> That doesn't make a lot of sense to me.
>
> I see QT5 applications also try to use the "assistant" from /usr/bin that
then points to the non existing version of QT4. Wouldn't it be better to
force the PATH in libqt5 to also look in /usr/lib/*/qt5/bin if qtchooser
cannot be used?

No, that's not the way it works. Note that I'm not saying that I like it,
but that's what we have sadly. That's because upstream didn't want to
rename binaries with a 5 in them.

I'll be happy to explain you more on irc if needed.

Kind regards, Lisandro.

Bug#854457: unblock: chocolate-doom/2.3.0-3

[Jonathan Dowland]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package chocolate-doom

The version in sid makes a very small package metadata change to improve the
experience of Debian users: the "zenity" package was suggested, and is now
recommended. We made some late adjustments to the chocolate-doom package to
work around an infrastructure bug[1] (heads-up to release[2]) which meant
this change is more important since the package include several binaries and
most users will not be able to run them all: with zenity installed, those
binaries will at least pop up a message explaining the situation.

I got my timings wrong when uploading this package and didn't expect to need to
request an unblock (I forgot that priority medium packages took 10 days in the
pre-freeze). Therefore some small unrelated source change is in the debdiff,
this is effectively a no-op.

Thanks

[1] http://bugs.debian.org/824169
[2] https://lists.debian.org/debian-release/2016/11/msg00372.html

unblock chocolate-doom/2.3.0-3

-- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru chocolate-doom-2.3.0/debian/changelog 
chocolate-doom-2.3.0/debian/changelog
--- chocolate-doom-2.3.0/debian/changelog   2017-01-11 16:02:51.0 
+
+++ chocolate-doom-2.3.0/debian/changelog   2017-01-27 07:37:30.0 
+
@@ -1,3 +1,14 @@
+chocolate-doom (2.3.0-3) unstable; urgency=medium
+
+  * debian/rules: remove --parallel and --with=autoreconf, which are
+defaults for debhelper compat level >= 10
+  * Promote zenity from Suggests: to Recommends:. This ensures that error
+messages will be displayed when trying to launch the engines from
+a graphical menu system, such as when an IWAD is not detected.
+Closes: #850427.
+
+ -- Jonathan Dowland   Fri, 27 Jan 2017 07:37:30 +
+
 chocolate-doom (2.3.0-2) unstable; urgency=medium
 
   * Upload to unstable.
diff -Nru chocolate-doom-2.3.0/debian/control 
chocolate-doom-2.3.0/debian/control
--- chocolate-doom-2.3.0/debian/control 2016-12-30 14:23:29.0 +
+++ chocolate-doom-2.3.0/debian/control 2017-01-27 07:37:30.0 +
@@ -26,8 +26,7 @@
  ${misc:Depends},
  ${shlibs:Depends}
 Recommends:
- freedm | game-data-packager
-Suggests:
+ freedm | game-data-packager,
  zenity
 Provides:
  chocolate-heretic,
diff -Nru chocolate-doom-2.3.0/debian/rules chocolate-doom-2.3.0/debian/rules
--- chocolate-doom-2.3.0/debian/rules   2016-12-29 22:20:55.0 +
+++ chocolate-doom-2.3.0/debian/rules   2017-01-23 15:16:17.0 +
@@ -3,7 +3,7 @@
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -Wl,-z,defs
 
 %:
-   dh $@ --parallel --with autoreconf,bash-completion
+   dh $@ --with bash-completion
 
 override_dh_auto_configure:
dh_auto_configure -- \

Bug#848895: Chromium freezes randomly

[Luke Kenneth Casson Leighton]

ah ha!  when i did the latest "kill" i got this:

 [11121:11121:0207/112924:ERROR:gpu_process_transport_factory.cc(844)]
Lost UI shared context.

Bug#854352: [mediawiki] stretch - clean install of mediawiki.postinst fails

[Kunal Mehta]

Hi,

On 02/06/2017 02:28 AM, Dana Johnson wrote:
> Package: mediawiki
> Version: 1:1.27.1-3
> 
> 
> is trying to configure a dangling link:
> 
> /etc/apache2/conf-available/mediawiki.conf -> /etc/mediawiki/apache.conf
> 
> but apache.conf is installed instead as
> 
> /etc/mediawiki/mediawiki.conf
> 
> setting /etc/mediawiki/apache.conf to mediawiki.conf allows the install
> to finish.
> 

I cannot reproduce this. I created a new chroot of stretch, and ran "apt
install mediawiki --no-install-recommends".

root@DebianStretch:~# ls -l /etc/mediawiki
total 4
-rw-r--r--. 1 root root 1033 Aug 22 19:52 mediawiki.conf
root@DebianStretch:~# ls -l /etc/apache2/conf-enabled/ | grep wiki
lrwxrwxrwx. 1 root root 32 Feb  7 03:20 mediawiki.conf ->
../conf-available/mediawiki.conf
root@DebianStretch:~# ls -l /etc/apache2/conf-available/ | grep wiki
-rw-r--r--. 1 root root 1033 Sep 13 04:17 mediawiki.conf


Could you please provide some more details on whether you had MediaWiki
installed before, any other apache2 config you might have that could
help with reproducing?

Thanks,
-- Kunal



signature.asc
Description: OpenPGP digital signature

Bug#854458: Returns 1 instead of 127 when a command cannot be found

[Laurent Bigonville]

Package: qtchooser
Version: 63-g13a3d08-1
Severity: normal

Hi,

Shells useally returns 127 when a command is not found, qtchooser simply
returns 1.

Shouldn't qtchooser be changed to return 127 if the executable is not
found (and maybe 126 if the executable has not the exec bit?)

Regards,

Laurent Bigonville

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages qtchooser depends on:
ii  libc6   2.24-9
ii  libgcc1 1:6.3.0-6
ii  libstdc++6  6.3.0-6

qtchooser recommends no packages.

qtchooser suggests no packages.

-- no debconf information

Bug#848729: reportbug UnicodeDecodeError: possible patch, please test

[Frank Doepper]

Am 26.01.17 um 00:47 schrieb Nis Martensen:

> Can you please test if the attached patch fixes this bug?

It does fix the bug in my case. Thank you!

Viele Grüße,
Frank Doepper

Bug#854459: mon: Can't use 'defined' at /usr/lib/cgi-bin/mon.cgi

[Frank Doepper]

Package: mon
Version: 1.2.0-9+nmu4
Severity: normal

Dear Maintainer,

accessing mon.cgi gives the following errors in apache2 error.log:

AH01215: Can't use 'defined(%hash)' (Maybe you should just omit the defined()?) 
at /usr/lib/cgi-bin/mon.cgi line 986.: /usr/lib/cgi-bin/mon.cgi
AH01215: Can't use 'defined(@array)' (Maybe you should just omit the 
defined()?) at /usr/lib/cgi-bin/mon.cgi line 1070.: /usr/lib/cgi-bin/mon.cgi

removing the "defined" from mon.cgi in that cases makes it work again.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mon depends on:
ii  adduser  3.115
ii  libc62.24-9
ii  libtime-period-perl  1.20-8.2
ii  mon-client   1.2.0-2

Versions of packages mon recommends:
ii  fping3.15-1
ii  libauthen-pam-perl   0.16-3+b3
ii  libcrypt-ssleay-perl 0.73.04-2
ii  libfilesys-diskspace-perl0.05-16+nmu2
ii  libnet-dns-perl  1.07-1
ii  libnet-ldap-perl 1:0.6500+dfsg-1
ii  libnet-telnet-perl   3.04-1
ii  libsnmp-perl 5.7.3+dfsg-1.7
ii  libstatistics-descriptive-perl   3.0612-1
ii  libtime-parsedate-perl   2015.103-2
ii  perl-modules-5.24 [libnet-perl]  5.24.1-1

Versions of packages mon suggests:
pn  mon-contrib  

-- Configuration Files:
/etc/mon/mon.cf changed [not included]

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/lib/cgi-bin/mon.cgi (from mon package)

Bug#820974: Git commit for #820974 which was uploaded to unstable

[Arturo Borrero Gonzalez]

Hi,

I tried to commit/push to the git repo of bind9, but I have no
permissions for this.

So, for the sake of git history sanity, find attached the patch for
you to push into the git repo.

best regards and sorry for the noise.
commit fb3be2841c107448d1201c62f3fb8cabab229066
Author: Marc Haber 
Date:   Tue Feb 7 10:52:31 2017 +0100

NMU: Prevent ENGINE_by_id failed in chroot by disabling GOST

This annoyance seems to prevent bind9 from running in a chroot, which is one
of the most commons patterns of deployment.

Closes: #820974
Signed-off-by: Marc Haber 
Signed-off-by: Arturo Borrero Gonzalez 

diff --git a/debian/changelog b/debian/changelog
index 0601dc24c..692756e84 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot.
+Patch by Marc Haber  (Closes: #820974).
+
+ -- Arturo Borrero Gonzalez   Tue, 07 Feb 2017 10:42:00 +0100
+
 bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
 
   * Fix some lintian warnings.
diff --git a/debian/rules b/debian/rules
index 80a33383b..e26361828 100755
--- a/debian/rules
+++ b/debian/rules
@@ -61,6 +61,7 @@ stamps/configure: stamps/prepare
 		--with-libtool \
 		--enable-shared \
 		--enable-static \
+		--with-gost=no \
 		--with-openssl=/usr \
 		--with-gssapi=/usr \
 		--with-gnu-ld \

Bug#848256:

[Ben Spencer]

I experienced this issue, it seems to have been resolved by restarting
the lpass agent process.

Bug#854460: No reuse of SSL session for data connection.

[Mats Erik Andersson]

Package: ftp-ssl
Version: 0.17.34+0.2-3
Severity: important

This version of ftp-ssl is not able to reuse SSL session data
properly; in particular does not set the session identity of
the data connection.  It is a mistake introduced during the
improvement of certificate verification.

The effect is not noticeable with the server 'linux-ftpd-ssl',
but Proftpd will need 'NoSessionReuseRequired' to deliver
files and listings to this version of ftp-ssl.

Sadly reported by the package maintainer!

Bug#854461: Subject: khangman: Missing dependencies

[Yvan Masson]

Package: khangman
Version: 4:16.08.3-1
Severity: important

Dear maintainers,

I am running Stretch with LXDE and do not have many Qt apps installed.
When I start KHangMan, the window is completely white, which renders it
unusable. Starting from a terminal, the following errors are written:

$ khangman 
Checking path  "/usr/share/apps/kvtml"  for kvtml files
file:///usr/share/khangman/qml/main.qml:24:1: module "QtMultimedia" is
not installed import QtMultimedia 5.0 
 ^
file:///usr/share/khangman/qml/main.qml:22:1: module "QtQuick.Controls"
is not installed import QtQuick.Controls 1.2 
 ^
file:///usr/share/khangman/qml/main.qml:23:1: module "QtQuick.Layouts"
is not installed import QtQuick.Layouts 1.1 
 ^
file:///usr/share/khangman/qml/main.qml:21:1: module "QtQuick" is not
installed import QtQuick 2.3 
 ^
file:///usr/share/khangman/qml/main.qml:24:1: module "QtMultimedia" is
not installed import QtMultimedia 5.0 
 ^
file:///usr/share/khangman/qml/main.qml:22:1: module "QtQuick.Controls"
is not installed import QtQuick.Controls 1.2 
 ^
file:///usr/share/khangman/qml/main.qml:23:1: module "QtQuick.Layouts"
is not installed import QtQuick.Layouts 1.1 
 ^
file:///usr/share/khangman/qml/main.qml:21:1: module "QtQuick" is not
installed import QtQuick 2.3 
 ^
file:///usr/share/khangman/qml/main.qml:24:1: module "QtMultimedia" is
not installed import QtMultimedia 5.0 
 ^
file:///usr/share/khangman/qml/main.qml:22:1: module "QtQuick.Controls"
is not installed import QtQuick.Controls 1.2 
 ^
file:///usr/share/khangman/qml/main.qml:23:1: module "QtQuick.Layouts"
is not installed import QtQuick.Layouts 1.1 
 ^
file:///usr/share/khangman/qml/main.qml:21:1: module "QtQuick" is not
installed import QtQuick 2.3 
 ^
file:///usr/share/khangman/qml/main.qml:24:1: module "QtMultimedia" is
not installed import QtMultimedia 5.0 
 ^
file:///usr/share/khangman/qml/main.qml:22:1: module "QtQuick.Controls"
is not installed import QtQuick.Controls 1.2 
 ^
file:///usr/share/khangman/qml/main.qml:23:1: module "QtQuick.Layouts"
is not installed import QtQuick.Layouts 1.1 
 ^
file:///usr/share/khangman/qml/main.qml:21:1: module "QtQuick" is not
installed import QtQuick 2.3 
 ^

I finally made it working after installing manually these packages:
- qml-module-qtquick2
- qml-module-qtquick-layouts
- qml-module-qtquick-controls
- qml-module-qtmultimedia
- qml-module-qtquick-dialogs

Probably they should be installed as dependencies?

Best regards,
Yvan


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages khangman depends on:
ii  fonts-dustin  20030517-10
ii  kdeedu-kvtml-data 4:16.08.0-1
ii  libc6 2.24-9
ii  libkeduvocdocument5   4:16.08.0-1
ii  libkf5configcore5 5.28.0-1
ii  libkf5coreaddons5 5.28.0-1
ii  libkf5crash5  5.28.0-1
ii  libkf5declarative55.28.0-1
ii  libkf5i18n5   5.28.0-1
ii  libkf5newstuff5   5.28.0-1
ii  libkf5widgetsaddons5  5.28.0-1
ii  libkf5xmlgui5 5.28.0-1
ii  libqt5core5a  5.7.1+dfsg-3+b1
ii  libqt5gui55.7.1+dfsg-3+b1
ii  libqt5qml55.7.1-2
ii  libqt5quickwidgets5   5.7.1-2
ii  libqt5widgets55.7.1+dfsg-3+b1
ii  libqt5xml55.7.1+dfsg-3+b1
ii  libstdc++66.3.0-5

khangman recommends no packages.

Versions of packages khangman suggests:
pn  khelpcenter  

-- no debconf information


pgpxUirbDeF82.pgp
Description: Signature digitale OpenPGP

Bug#848903: metastudent: autopkgtests fail since 2016-12-05

[Graham Inggs]

Hi Tanya, Andreas

On 07/02/2017 04:23, merlettaia wrote:

I assume that this patch makes metastudent work with blast+ correctly.


FWIW, your patch made metastudent pass its autopkgtests against 
ncbi-blast+ 2.6.0-1 in Ubuntu [1].


Andreas, I notice you marked this bug 'pending'.  Do you plan to upload 
soon?  I think the severity of this bug could be upgraded to 'important' 
or even 'serious' and an unblock request filed.  This fix should be 
included in Stretch.


Regards
Graham


[1] http://autopkgtest.ubuntu.com/packages/metastudent/zesty/amd64

Bug#852135: debdelta: installation leaves gpg-agent process running

[A Mennucc]

Il 07/02/2017 02:36, Paul Wise ha scritto:
> I noticed this is fixed in experimental (but there was a typo in the
> changelog), do you intend to get this fixed in stretch too?
yes , see  854456

a.




signature.asc
Description: OpenPGP digital signature

Bug#854462: ITP: girl -- new version debian package

[Kerim Ölçer]

Package: wnpp
Owner: Kerim Ölçer 
Severity: wishlist

* Package name: girl
  Version : 9.8.0
  Upstream Author : Ole Aamot 
* URL : https://wiki.gnome.org/Apps/Girl
* License : GPL
  Programming Lang: C
  Description : GNOME Internet Radio Locator

girl or the GNOME Internet Radio Locator program allows users to easily
find and record live radio programs on radio broadcasters on the
Internet.

Bug#854463: FTBFS without user input with a controlling TTY

[James Clarke]

Source: kodi
Version: 2:17.0~rc3+dfsg1-2
Severity: serious

In a freshly-unpacked source directory, dpkg-buildpackage (or pdebuild,
or sbuild) blocks in the clean target trying to reverse some patches,
because they were never applied (they get applied during configure) and
patch prompts the user for input. The user needs to answer 44 questions
before the clean target actually finishes:

> ls /«BUILDDIR»/kodi-17.0~rc3+dfsg1/debian/patches/libdvdnav-* | tac | xargs 
> cat
> ls /«BUILDDIR»/kodi-17.0~rc3+dfsg1/debian/patches/libdvdnav-* | tac | xargs 
> cat | patch -R --no-backup-if-mismatch -r - -s -p1 \
>   -d libdvdnav-5-0-3 || true
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 2 out of 2 hunks ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> ls /«BUILDDIR»/kodi-17.0~rc3+dfsg1/debian/patches/libdvdread-* | tac | xargs 
> cat | patch -R --no-backup-if-mismatch -r - -s -p1 \
>   -d libdvdread-5-0-3 || true
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 2 out of 2 hunks ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 5 out of 5 hunks ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 2 out of 2 hunks ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored
> Unreversed patch detected!  Ignore -R? [n] 
> Apply anyway? [n] 
> 1 out of 1 hunk ignored

Bug#854464: unblock: clhep/2.1.4.1+dfsg-1

[Ole Streicher]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: Andreas Tille 

Dear release team,

please unblock clhep 2.1.4.1+dfsg-1

It solves RC #820797 "clhep: non-free file; incomplete copyright" with
severity: serious.


Relevant changelog:

clhep (2.1.4.1+dfsg-1) unstable; urgency=medium

  [ Andreas Tille ]
  * Team upload
  * Replace psfig by graphicx
Closes: #820797
  * DEP5 copyright to enable using Files-Excluded: */psfig.sty

 -- Ole Streicher   Tue, 07 Feb 2017 12:01:31 +0100

The debdiff is attached. Relevant command:

unblock clhep/2.1.4.1+dfsg-1

Thank you very much

Ole

diff -Nru clhep-2.1.4.1/debian/changelog clhep-2.1.4.1+dfsg/debian/changelog
--- clhep-2.1.4.1/debian/changelog  2015-08-16 20:04:58.0 +0200
+++ clhep-2.1.4.1+dfsg/debian/changelog 2017-02-07 12:01:31.0 +0100
@@ -1,3 +1,13 @@
+clhep (2.1.4.1+dfsg-1) unstable; urgency=medium
+
+  [ Andreas Tille ]
+  * Team upload
+  * Replace psfig by graphicx
+Closes: #820797
+  * DEP5 copyright to enable using Files-Excluded: */psfig.sty
+
+ -- Ole Streicher   Tue, 07 Feb 2017 12:01:31 +0100
+
 clhep (2.1.4.1-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru clhep-2.1.4.1/debian/copyright clhep-2.1.4.1+dfsg/debian/copyright
--- clhep-2.1.4.1/debian/copyright  2013-12-14 09:49:56.0 +0100
+++ clhep-2.1.4.1+dfsg/debian/copyright 2017-02-07 11:48:35.0 +0100
@@ -1,12 +1,15 @@
-This package was debianized by Lifeng Sun  on
-Wed, 11 May 2011 18:43:56 +0800. All of the Debian packaging stuff
-written by us are released under the GPL-3.0.
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Contact: clhep-edit...@listbox.cern.ch
+Source: http://proj-clhep.web.cern.ch/proj-clhep/
+Files-Excluded: */psfig.sty
 
-It was downloaded from http://proj-clhep.web.cern.ch/proj-clhep/.
-
-Upstream Author: clhep-edit...@listbox.cern.ch
+Files: *
 Copyright 1992-2012 CLHEP Editors 
-License: GPL-3.0, LGPL-3.0
+License: GPL-3.0 or LGPL-3.0
+
+Files: debian/*
+Copyright: 2011-2013 Lifeng Sun 
+License: GPL-3.0
 
 License: GPL-3.0
  This program is free software: you can redistribute it and/or modify
diff -Nru clhep-2.1.4.1/debian/patches/replace_psfig_by_graphicx.patch 
clhep-2.1.4.1+dfsg/debian/patches/replace_psfig_by_graphicx.patch
--- clhep-2.1.4.1/debian/patches/replace_psfig_by_graphicx.patch
1970-01-01 01:00:00.0 +0100
+++ clhep-2.1.4.1+dfsg/debian/patches/replace_psfig_by_graphicx.patch   
2017-02-07 11:48:35.0 +0100
@@ -0,0 +1,68 @@
+Description: Replace psfig by graphicx
+ psfig is non-free and graphicx can do the same job
+Bug-Debian: https://bugs.debian.org/820797
+Author: Andreas Tille 
+Last-Update: Fri, 20 Jan 2017 11:21:20 +0100
+
+--- a/GenericFunctions/doc/genericFunctions.tex
 b/GenericFunctions/doc/genericFunctions.tex
+@@ -1,5 +1,5 @@
+ \documentclass{report}
+-\input{psfig.sty}
++\usepackage{graphicx}
+ \oddsidemargin 0.0in
+ \evensidemargin 0.0in
+ \setlength{\unitlength}{1mm}
+@@ -122,14 +122,14 @@ enough to be built easily but complicate
+ features of the library.
+  
+ \begin{figure}
+-\centerline{\makebox{\psfig{figure=example.ps}}}
++\centerline{\makebox{\includegraphics{example.ps}}}
+ \caption{Example.  Use of Generic Functions libary.  See text for 
explanation.}
+ \label{ref:ExampleCode}
+ \end{figure}
+  
+
+ \begin{figure}
+-\centerline{\makebox{\psfig{figure=WideOpen.ps}}}
++\centerline{\makebox{\includegraphics{WideOpen.ps}}}
+ \caption{Picture of the example application which is discussed in the text.
+ Above, the impulse function shows both slots wide open. Each of the sliders
+ changes parameters and causes the plotter to update.  Below, the response 
function
+@@ -138,7 +138,7 @@ shows the classic two-slit interference
+ \end{figure}
+ 
+ \begin{figure}
+-\centerline{\makebox{\psfig{figure=PartiallyClosed.ps}}}
++\centerline{\makebox{\includegraphics{PartiallyClosed.ps}}}
+ \caption{The parameter values are now changed.  All of the functions, both 
primitive
+ and derived, change their shape in response.  Not that changing one parameter 
has
+ affected both functions.}
+@@ -146,7 +146,7 @@ affected both functions.}
+ \end{figure}
+ 
+ \begin{figure}
+-\centerline{\makebox{\psfig{figure=TotallyClosed.ps}}}
++\centerline{\makebox{\includegraphics{TotallyClosed.ps}}}
+ \caption{The second slit has been effectively closed, by setting the intensity
+ of light through this slit to zero.  The two-slit interference pattern then
+ reduces to single-slit diffraction.  This simple classroom demonstration 
program 
+@@ -496,7 +496,7 @@ by forming a three dimensional function
+ the illustration is the probability density function for a higher excited
+ state of hydrogen. 
+ \begin{figure}
+-\centerline{\makebox{\psfig{figure=hydrogen.ps}}}
++\centerline{\makebox{\includegraphics{hydrogen.ps}}}
+ \caption{Multidimensional functions can be expres

Bug#854465: unblock: jdupes/1.7-2

[Joao Eriberto Mota Filho]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package jdupes.

Some considerations:

  * The revision fix a segment fault issue when jdupes is used in some
conditions. It will close #854427, severity important.

  * The patch used to fix was generated by the upstream.

  * The package was already uploaded to Sid and it builds correctly
on all applicable architectures.

  * There is a debdiff attached.

  * The debian/changelog says:

jdupes (1.7-2) unstable; urgency=medium

  * debian/patches/10_fix-segfault.patch: added to fix a segmentation
fault in jdupes. (Closes: #854427)

Thanks in advance.

Regards,

Eriberto
diff -Nru jdupes-1.7/debian/changelog jdupes-1.7/debian/changelog
--- jdupes-1.7/debian/changelog 2017-01-03 17:30:04.0 -0200
+++ jdupes-1.7/debian/changelog 2017-02-06 22:19:51.0 -0200
@@ -1,3 +1,10 @@
+jdupes (1.7-2) unstable; urgency=medium
+
+  * debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in
+jdupes. (Closes: #854427)
+
+ -- Joao Eriberto Mota Filho   Mon, 06 Feb 2017 22:19:51 
-0200
+
 jdupes (1.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru jdupes-1.7/debian/patches/10_fix-segfault.patch 
jdupes-1.7/debian/patches/10_fix-segfault.patch
--- jdupes-1.7/debian/patches/10_fix-segfault.patch 1969-12-31 
21:00:00.0 -0300
+++ jdupes-1.7/debian/patches/10_fix-segfault.patch 2017-02-06 
22:19:33.0 -0200
@@ -0,0 +1,147 @@
+Description: fix a major bug in string_malloc()'s free list functionality
+ (Closes: #854427)
+Author: Jody Bruchon 
+Last-Update: 2017-01-19
+Index: jdupes-1.7/string_malloc.c
+===
+--- jdupes-1.7.orig/string_malloc.c
 jdupes-1.7/string_malloc.c
+@@ -30,7 +30,7 @@
+ #endif
+ 
+ static void *sma_head = NULL;
+-static uintptr_t *sma_lastpage = NULL;
++static uintptr_t *sma_curpage = NULL;
+ static unsigned int sma_pages = 0;
+ static void *sma_freelist[SMA_MAX_FREE];
+ static int sma_freelist_cnt = 0;
+@@ -52,9 +52,9 @@ uintmax_t sma_free_tails = 0;
+ /* Scan the freed chunk list for a suitably sized object */
+ static inline void *scan_freelist(const size_t size)
+ {
+-  size_t *min_p, *object;
++  size_t *object, *min_p;
+   size_t sz, min = 0;
+-  int i, used = 0;
++  int i, used = 0, min_i = -1;
+ 
+   /* Don't bother scanning if the list is empty */
+   if (sma_freelist_cnt == 0) return NULL;
+@@ -74,9 +74,9 @@ static inline void *scan_freelist(const
+   /* Skip smaller objects */
+   if (sz < size) continue;
+   /* Object is big enough; record if it's the new minimum */
+-  if (min == 0 || sz < min) {
++  if (min == 0 || sz <= min) {
+   min = sz;
+-  min_p = object;
++  min_i = i;
+   /* Always stop scanning if exact sized object found */
+   if (sz == size) break;
+   }
+@@ -85,8 +85,9 @@ static inline void *scan_freelist(const
+   /* Enhancement TODO: split the free item if it's big enough */
+ 
+   /* Return smallest object found and delete from free list */
+-  if (min != 0) {
+-  sma_freelist[i] = NULL;
++  if (min_i != -1) {
++  min_p = sma_freelist[min_i];
++  sma_freelist[min_i] = NULL;
+   sma_freelist_cnt--;
+   min_p++;
+   return (void *)min_p;
+@@ -107,10 +108,10 @@ static inline void *string_malloc_page(v
+   *pageptr = (uintptr_t)NULL;
+ 
+   /* Link previous page to this page, if applicable */
+-  if (sma_lastpage != NULL) *sma_lastpage = (uintptr_t)pageptr;
++  if (sma_curpage != NULL) *sma_curpage = (uintptr_t)pageptr;
+ 
+   /* Update last page pointers and total page counter */
+-  sma_lastpage = pageptr;
++  sma_curpage = pageptr;
+   sma_pages++;
+ 
+   return (void *)pageptr;
+@@ -119,7 +120,7 @@ static inline void *string_malloc_page(v
+ 
+ void *string_malloc(size_t len)
+ {
+-  const void * restrict page = (char *)sma_lastpage;
++  const void * restrict page = (char *)sma_curpage;
+   static size_t *address;
+ 
+   /* Calling with no actual length is invalid */
+@@ -130,8 +131,6 @@ void *string_malloc(size_t len)
+   len &= ~(sizeof(uintptr_t) - 1);
+   len += sizeof(uintptr_t);
+   }
+-  /* Make room for size prefix */
+-  len += sizeof(size_t);
+ 
+   /* Pass-through allocations larger than maximum object size to malloc() 
*/
+   if (len > (SMA_PAGE_SIZE - sizeof(uintptr_t) - sizeof(size_t))) {
+@@ -151,7 +150,7 @@ void *string_malloc(size_t len)
+   for (int i = 0; i < SMA_MAX_FREE; i++) sma_freelist[i] = NULL;
+   /* Allocate first page and set up for first allocation */
+

Bug#854466: Missing Dependency to binutils

[Christian Ehrhardt]

Package: pax-utils
Version: 1.2.2-1
Severity: low

Hi,
mostly binutils are available anyway so it might be rarely seen.
But in e.g. a container with a minimal image I found that "lddree" from
pax-utils reports:

lddtree /bin/true
true => /bin/true (interpreter =>
/lib64/ld-linux-x86-64.so.2)/usr/bin/lddtree: line 163: strings: command
not found

Installing binutils (which the strings command is part of) solves the issue.

It seems to work still, so severity is low IMHO.



-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

Bug#854467: cannot upgrade

[積丹尼 Dan Jacobson]

Package: flashplugin-nonfree
Version: 1:3.7
File: /usr/sbin/update-flashplugin-nonfree

# update-flashplugin-nonfree --status
Flash Player version installed on this system  : 24.0.0.186
Flash Player version available on upstream site: 24.0.0.194
flash-mozilla.so - auto mode
  link best version is /usr/lib/flashplugin-nonfree/libflashplayer.so
  link currently points to /usr/lib/flashplugin-nonfree/libflashplayer.so
  link flash-mozilla.so is /usr/lib/mozilla/plugins/flash-mozilla.so
/usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50
# update-flashplugin-nonfree --install
ERROR: wget failed to download 
http://people.debian.org/~bartm/flashplugin-nonfree/D5C0FC14/fp.24.0.0.194.sha512.amd64.pgp.asc
More information might be available at:
  http://wiki.debian.org/FlashPlayer

Bug#848903: metastudent: autopkgtests fail since 2016-12-05

[Andreas Tille]

severity 848903 serious
thanks

Hi Graham,

On Tue, Feb 07, 2017 at 02:17:52PM +0200, Graham Inggs wrote:
> On 07/02/2017 04:23, merlettaia wrote:
> >I assume that this patch makes metastudent work with blast+ correctly.
> 
> FWIW, your patch made metastudent pass its autopkgtests against ncbi-blast+
> 2.6.0-1 in Ubuntu [1].
> 
> Andreas, I notice you marked this bug 'pending'.  Do you plan to upload
> soon?  I think the severity of this bug could be upgraded to 'important' or
> even 'serious' and an unblock request filed.  This fix should be included in
> Stretch.

OK, made it serious and will upload.

Kind regards

 Andreas.

-- 
http://fam-tille.de

Bug#854468: lprng silently loses authentication support when compiled with OpenSSL 1.1

[Adrian Bunk]

Source: lprng
Version: 3.8.B-2
Severity: serious
Tags: stretch sid
Control: block 827061 by -1

https://buildd.debian.org/status/package.php?p=lprng

...
checking if ssl authentication is disabled... enabled
checking for OpenSSL include files... found in /usr/include
checking for OpenSSL libraries... not found.
...

Bug#811576: tpm-tools: diff for NMU version 1.3.9-0.1

[Sebastian Andrzej Siewior]

On 2017-02-05 23:46:07 [+0100], John Paul Adrian Glaubitz wrote:
> Hi Sebastian!
Hi Adrian,

> However, I'm afraid your patch currently has no chance to get merged into
> the Debian package as it involves too many changes and will therefore
> rejected by the release team for Debian Stretch.

as per #854412 it got unblocked. Any reason not to upload it as-is?

> Also, your patch contains unrelated changes to the formatting like:
> 
> @@ -421,23 +394,23 @@
>  # MiNT.  But MiNT is downward compatible to TOS, so this should
>  # be no problem.
>  atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
> - echo m68k-atari-mint${UNAME_RELEASE}
> +echo m68k-atari-mint${UNAME_RELEASE}
>   exit ;;
>  atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
>   echo m68k-atari-mint${UNAME_RELEASE}
> - exit ;;
> +exit ;;
> 
> These changes should be removed, so that your patch contains actual
> functional changes only. I also recommend splitting your patch up
> into smaller, logical chunks.

now I understand what you mean. Earlier, while reading it, I though you
were asking to get them removed because I introduced them. Now I
understand what you emant.

> If upstream is dead, I'd suggest put your changes in a repo on github
> and point the Homepage field of the Debian package to that repo.
I am not sure whether or not upstream is dead. I would like to get as
little involved in this as possible and just fix what stops it getting
into testing. Changing the homepage field + creating a github repo looks
somehow like asking to become the maintainer.

> Adrian

Sebastian

Bug#853927: debian-installer: Hang in os-prober in "dmsetup create -r osprober-linux-sda1"

[Bernhard Schmidt]

On Sat, Feb 04, 2017 at 02:32:40AM +0100, Cyril Brulebois wrote:

Hi,

I'm having the same problem with Stretch *RC2* and without Crypto

~ # blkid
/dev/mapper/sysvg-root:UUID="62e90454-25b4-4803-b9c3-8ea1337b919a"
TYPE="ext4"
/dev/sda1: UUID="arFRxm-N1ki-U3JC-S3dB-hHSI-mEux-xtnoos"  
TYPE="LVM2_member"  PARTUUID="3629c5e6-01"
/dev/mapper/sysvg-swap_1:  UUID="c4b8fc97-102c-4d59-b4e8-3d2600bd7eca"
TYPE="swap"
/dev/dm-3: UUID="arFRxm-N1ki-U3JC-S3dB-hHSI-mEux-xtnoos"  
TYPE="LVM2_member"

Extract from the process list

 1097 root  6416 Sudpkg --configure --force-configure grub-installer
 1098 root  4512 S{grub-installer.} /bin/sh -e 
/var/lib/dpkg/info/grub-installer.postinst configure
 1107 root  4512 S{grub-installer} /bin/sh /usr/bin/grub-installer 
/target
 2279 root  4512 S{in-target} /bin/sh /bin/in-target update-grub
 2325 root  6276 Slog-output -t in-target chroot /target update-grub
 2326 root  4288 S{grub-mkconfig} /bin/sh /usr/sbin/grub-mkconfig -o 
/boot/grub/grub.cfg
 2693 root  4288 S{30_os-prober} /bin/sh /etc/grub.d/30_os-prober
 2697 root  4288 S{30_os-prober} /bin/sh /etc/grub.d/30_os-prober
 2698 root  4288 S{os-prober} /bin/sh /usr/bin/os-prober
 2699 root  5864 Str   ^
 2700 root  5844 Spaste -s -d  
 2767 root  4288 S{50mounted-tests} /bin/sh 
/usr/lib/os-probes/50mounted-tests /dev/sda1
-tests /dev/sda14288 S{50mounted-tests} /bin/sh 
/usr/lib/os-probes/50mounted--More-- 
 2778 root 22592 Sdmsetup create -r osprober-linux-sda1
 2780 root 0 SW<  [kdmflush]
 2782 root 0 SW<  [bioset]

Bernhard


signature.asc
Description: Digital signature

Bug#854469: spdlog: fails autopkgtests due to output on stderr

[Graham Inggs]

Source: spdlog
Version: 1.11-1
Severity: wishlist
Tags: patch

Hi Maintainer

Spdlog has been consistently failing its autopkgtests since 2016-09-07 
[1] which seems to coincide with the upload of 1.11-1, however I think  
GCC 6 became the default around the same time.


Test output now includes warnings similar to the following, which cause 
the tests to fail:


In file included from main.cpp:2:0:
catch.hpp: In member function ‘bool 
Catch::TestSpec::Filter::matches(const Catch::TestCaseInfo&) const’:
catch.hpp:2913:17: warning: this ‘for’ clause does not guard... 
[-Wmisleading-indentation]
 for( std::vector >::const_iterator it = 
m_patterns.begin(), itEnd = m_patterns.end(); it != itEnd; ++it )


This can be worked around by allowing stderr output in the autopkgtests 
(as below), or by fixing the indentation in catch.hpp.


a/debian/tests/control
b/debian/tests/control
@@ -1,2 +1,3 @@
 Tests: run-tests
+Restrictions: allow-stderr
 Depends: @, @builddeps@

Regards
Graham


[1] https://ci.debian.net/packages/s/spdlog/unstable/amd64/

Bug#811576: tpm-tools: diff for NMU version 1.3.9-0.1

[John Paul Adrian Glaubitz]

Hi!

On 02/07/2017 01:34 PM, Sebastian Andrzej Siewior wrote:
>> However, I'm afraid your patch currently has no chance to get merged into
>> the Debian package as it involves too many changes and will therefore
>> rejected by the release team for Debian Stretch.
> 
> as per #854412 it got unblocked. Any reason not to upload it as-is?

If the release team agrees with the changes, it's fine. I did not expect
that they'd approve such large changes at this point in the freeze.

>> Also, your patch contains unrelated changes to the formatting like:
>>
>> @@ -421,23 +394,23 @@
>>  # MiNT.  But MiNT is downward compatible to TOS, so this should
>>  # be no problem.
>>  atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
>> -echo m68k-atari-mint${UNAME_RELEASE}
>> +echo m68k-atari-mint${UNAME_RELEASE}
>>  exit ;;
>>  atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
>>  echo m68k-atari-mint${UNAME_RELEASE}
>> -exit ;;
>> +exit ;;
>>
>> These changes should be removed, so that your patch contains actual
>> functional changes only. I also recommend splitting your patch up
>> into smaller, logical chunks.
> 
> now I understand what you mean. Earlier, while reading it, I though you
> were asking to get them removed because I introduced them. Now I
> understand what you emant.

Ok, any idea where these changes come from?

>> If upstream is dead, I'd suggest put your changes in a repo on github
>> and point the Homepage field of the Debian package to that repo.
> I am not sure whether or not upstream is dead. I would like to get as
> little involved in this as possible and just fix what stops it getting
> into testing. Changing the homepage field + creating a github repo looks
> somehow like asking to become the maintainer.

Where did the new upstream come from then? I'm a bit confused.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#841315: cloud-init: Datasource list missing "OpenStack" key

[Olivier Berger]

Hi.

Mateo Boudet  writes:

> Hi,
>
> Without the "OpenStack" key, most of the instance configuration works 
> (using the EC2 key to configure maybe), but some parts are missing, such 
> as "Vendordata" which are not passed to the instance.
>
> As far as I know, the "ConfigDrive" is a different way to configure the 
> instance.
>
> (Nb: This is using a Mitaka Openstack deployment, it might be different 
> with Newton)
>

You're right, it seems the OpenStack source is missing from the debconf
templates, even though it is supported (actually, it seems to be working
in the stable images built with build-openstack-debian-image from
package openstack-debian-images).

So one has to manually add it to /etc/cloud/cloud.cfg.d/90_dpkg.cfg, but
with the risk to see it overwritten by dpkg-reconfigure-ation.

Unfortunately, as this applies to stable/jessie, I'm not sure this may
be fixed, now that stretch is ahead quite soon.

Hth,

Best regards,

-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

Bug#854470: weex silently loses FTPS support when compiled with OpenSSL 1.1

[Adrian Bunk]

Source: weex
Version: 2.8.2
Severity: serious
Control: block 827061 by -1

https://buildd.debian.org/status/package.php?p=weex

...
checking for CRYPTO_new_ex_data in -lcrypto... yes
checking for SSL_library_init in -lssl... no
...

Bug#846045: python-pytest-benchmark: fixture is not detected by pytest

[Ghislain Vaillant]

On Sat, 17 Dec 2016 11:24:17 +0100 Hugo Lefeuvre  wrote:
> Hi Afif,
> 
> Thanks for reporting bugs.
> 
> The problem comes from the fact that pytest-benchmark needs the
> statistics module, which I haven't declared in the dependencies as
> it is not packaged yet and is in the extra section of the setup.py.
> 
> I'll package the needed module as soon as possible.

Since python-pytest-benchmark will not make it to Stretch, you can just
drop the binary package for Python 2 to close this RC.

Ghis

Bug#854471: tcc: disable stack protection where it is enabled by default

[Graham Inggs]

Source: tcc
Version:  0.9.27~git20161217.cd9514ab-3
Severity: wishlist
Tags: patch

Hi Maintainer

Tcc FTBFS on i386 in Ubuntu where stack protection is enabled by default.
The diff against your patch, below, also disables stack protection in 
this case, and should be a no-op in Debian.


Regards
Graham


--- a/debian/patches/0003-Disable-stack-protector-in-runtime-library.patch
+++ b/debian/patches/0003-Disable-stack-protector-in-runtime-library.patch
@@ -22,7 +22,7 @@
  ARM64_O = lib-arm64.o
  WIN32_O = crt1.o wincrt1.o dllcrt1.o dllmain.o chkstk.o

-+CFLAGS:=$(filter-out -fstack-protector%,$(CFLAGS))
++CFLAGS:=$(filter-out -fstack-protector%,$(CFLAGS)) -fno-stack-protector
  # build TCC runtime library to contain PIC code, so it can be linked
  # into shared libraries
  PICFLAGS = -fPIC

Bug#854472: nspr: libreswan FTBFS on mips and mipsel due to undefined ABI

[Radovan Birdic]

Package: nspr
Version: 2:4.12-6
Severity: important
Tags: sid + patch
Justification: FTBFS
User: debian-m...@lists.debian.org
Usertags: mips-patch


Package libreswan_3.19-2 FTBFS on mips and mipsel with following error:

> In file included from /usr/include/nspr/prtypes.h:26:0,
>  from /usr/include/nss/seccomon.h:17,
>  from /usr/include/nss/nss.h:34,
>  from /«PKGBUILDDIR»/lib/libswan/base64_rsa_pubkey.c:21:
> /usr/include/nspr/prcpucfg.h:511:18: error: "_ABI64" is not defined 
> [-Werror=undef]
>  #if _MIPS_SIM == _ABI64
>   ^~
> cc1: all warnings being treated as errors
> ../../../mk/depend.mk:28: recipe for target 'base64_rsa_pubkey.o' failed
> make[5]: *** [base64_rsa_pubkey.o] Error 1

Full build log:
https://buildd.debian.org/status/fetch.php?pkg=libreswan&arch=mips&ver=3.19-2&stamp=1486258333&raw=0

On 32-bit mips (ABIO32) _ABI64 is not defined and build fails if Wundef is used.
Problem could be resolved by including  header (which includes ABI 
definitions) into "_linux.cfg" file.
Another way to solve the problem could be changing "#if _MIPS_SIM == _ABI64" 
expression (if defined _ABI64 has value 3).

> $ gcc -dM -E -mabi=64 - < /dev/null | grep --color -s "ABI"
> #define _ABI64 3
> #define _MIPS_SIM _ABI64

Bug is reported here:
https://bugs.debian.org/853947

Regards,
Radovan

Bug#854473: smtm: smtm not running

[Gian-Maria Daffré]

Package: smtm
Version: 1.6.10
Severity: important

Dear Maintainer,

Thanks for your work on smtm. Please find below some error messages I
have received when starting the application from the terminal in Debian stable.

* What led up to the situation?

Installed smtm. Ran it without options or stock symbols.
   
* What exactly did you do (or not do) that was effective (or
 ineffective)?

Just running the program

* What was the outcome of this action?

See error messages:

No arguments given, and no file found. Using example portfolio.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in join or string at /usr/bin/smtm line 435.
Use of uninitialized value in uc at /usr/bin/smtm line 435.
Use of uninitialized value in split at /usr/bin/smtm line 495.
Use of uninitialized value in numeric gt (>) at /usr/bin/smtm line 508.
Use of uninitialized value in split at /usr/bin/smtm line 495.
Use of uninitialized value in n

Bug#839863: This is clearly RC

[Adrian Bunk]

Control: severity -1 serious

rpc.pas:
...
  const
OpenSSLVersions: array[1..2] of string =
  ('0.9.8', '1.0.0');
...


cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#769366: zssh won't start: "out of pty's"

[Frank Doepper]

still the same, binary 1.5c.debian.1-3.2+b2 from the repo causes "out of
pty's" and rebuilding from source fixes. With Debian 9.

regards,
Frank

Bug#854286: cyrus-imapd: cyrus user has a working shell.

[Ondřej Surý]

Control: tags -1 +moreinfo

Hi Mans,

the cyrus user is created with disabled credentials:

adduser --quiet --system --ingroup mail --home /var/spool/cyrus
\
   --shell /bin/sh --no-create-home --disabled-password \
   --gecos "Cyrus Mailsystem User"  cyrus >/dev/null

and as you have changed that I don't see how it's a package fault that
you chose to use a weak password?

Disabling the shell is a not strong security countermeasure for a weak
passwords - f.e. the attacker might have been able to modify the sieve
scripts by authenticating to the cyrus user, etc.

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Sun, Feb 5, 2017, at 19:44, Mans Nilsson wrote:
> Package: cyrus-imapd
> Version: cyrus-imapd
> Severity: important
> Tags: patch
> 
> Dear Maintainer,
> 
>* What led up to the situation?
> 
> I was owned by a cracker that explited the fact that cyrus has /bin/sh
> as shell
> 
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
> 
> I'd set a simple password for cyrus, and expected to use that for
> situations where authenticating as cyrus would be done without a shell
> being opened. I run Kerberos 5 as authentication system, and GSSAPI for
> my IMAP access, so giving "cyrus" a Kerberos principal was important to
> get some admin stuff working.
> 
>* What was the outcome of this action?
> 
> I was owned and had to spend an evening rebooting and patching. 
> 
>* What outcome did you expect instead?
> 
> Happiness ;-) 
> 
>* Fix: 
> 
> I've done a bunch of quick tests simply setting the cyrus user shell
> to /bin/false. The IMAP server works as before, but I've not tested
> all functions.  If for some reason, the shell must remain usable, it is
> probably advisable to admonish people into setting a good password.
> 
> -- System Information:
> Debian Release: 8.7
>   APT prefers stable
>   APT policy: (500, 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
> 
> ___
> Pkg-Cyrus-imapd-Debian-devel mailing list
> pkg-cyrus-imapd-debian-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-imapd-debian-devel

Bug#852888: sx: FTBFS: Test failures

[Roger Shimizu]

Put the latest release to debomatic amd64, to reproduce the FTBFS:
 - http://debomatic-amd64.debian.net/distribution#unstable/sx/2.0+ds-3/buildlog

And the package after my patch:
 - 
http://debomatic-amd64.debian.net/distribution#unstable/sx/2.0+ds-3.1/buildlog

So it confirms the fix.
And I also uploaded the fixed package to mentors:
 - https://mentors.debian.net/package/sx
 - https://mentors.debian.net/debian/pool/main/s/sx/sx_2.0+ds-3.1.dsc

Hope it's convenient for you to sponsor the upload.
If not, I'll ask mentors list for help this week. Thank you!

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

Bug#854474: alsa-lib: FTBFS when built with dpkg-buildpackage -A

[Santiago Vila]

Package: src:alsa-lib
Version: 1.1.3-4
Severity: serious

Dear maintainer:

I tried to build this package in stretch with "dpkg-buildpackage -A"
but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_testdir -i
   dh_update_autotools_config -i
   dh_autoreconf -i
configure.ac:39: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in 
body
../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
../../lib/autoconf/general.m4:2672: _AC_LINK_IFELSE is expanded from...
../../lib/autoconf/general.m4:2689: AC_LINK_IFELSE is expanded from...
../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
../../lib/autoconf/general.m4:2042: AC_CACHE_VAL is expanded from...
../../lib/autoconf/general.m4:2063: AC_CACHE_CHECK is expanded from...
m4/attributes.m4:87: CC_CHECK_LDFLAGS is expanded from...
m4/attributes.m4:104: CC_NOUNDEFINED is expanded from...

[... snipped ...]

Making check in utils
make[2]: Entering directory '/<>/utils'
make[2]: Nothing to be done for 'check'.
make[2]: Leaving directory '/<>/utils'
make[2]: Entering directory '/<>'
make[2]: Nothing to be done for 'check-am'.
make[2]: Leaving directory '/<>'
make[1]: Leaving directory '/<>'
 fakeroot debian/rules binary-indep
dh binary-indep
   dh_testroot -i
   dh_prep -i
   debian/rules override_dh_auto_install-indep
make[1]: Entering directory '/<>'
/usr/bin/make -C doc install
make[2]: Entering directory '/<>/doc'
Making install in pictures
make[3]: Entering directory '/<>/doc/pictures'
make[4]: Entering directory '/<>/doc/pictures'
make[4]: Nothing to be done for 'install-exec-am'.
make[4]: Nothing to be done for 'install-data-am'.
make[4]: Leaving directory '/<>/doc/pictures'
make[3]: Leaving directory '/<>/doc/pictures'
make[3]: Entering directory '/<>/doc'
make[4]: Entering directory '/<>/doc'
make[4]: Nothing to be done for 'install-exec-am'.
make[4]: Nothing to be done for 'install-data-am'.
make[4]: Leaving directory '/<>/doc'
make[3]: Leaving directory '/<>/doc'
make[2]: Leaving directory '/<>/doc'
make[1]: Leaving directory '/<>'
   debian/rules override_dh_install
make[1]: Entering directory '/<>'
dh_install --list-missing
dh_install: Cannot find (any matches for) "usr/share/alsa" (tried in "." and 
"debian/tmp")
dh_install: libasound2-data missing files: usr/share/alsa
Can't stat debian/tmp: No such file or directory
 at /usr/bin/dh_install line 288.
dh_install: missing files, aborting
debian/rules:32: recipe for target 'override_dh_install' failed
make[1]: *** [override_dh_install] Error 2
make[1]: Leaving directory '/<>'
debian/rules:8: recipe for target 'binary-indep' failed
make: *** [binary-indep] Error 2
dpkg-buildpackage: error: fakeroot debian/rules binary-indep gave error exit 
status 2


To reproduce, please try building with "dpkg-buildpackage -A".

Also, please consider uploading in source-only form (dpkg-buildpackage -S),
so that this kind of bugs never propagate to testing.

Thanks.

Bug#854194: valgrind: segfaults on MIPS Cavium Octeon boards

[James Cowgill]

Control: reopen -1
Control: retitle -1 valgrind: segfaults on MIPS Cavium Octeon boards
Control: severity -1 important

Hi,

On Tue, 7 Feb 2017 17:20:44 +0800 YunQiang Su  wrote:
> On Sun, 05 Feb 2017 00:39:49 +0200 Adrian Bunk  wrote:
> > Package: valgrind
> > Version: 1:3.12.0~svn20160714-1+b1
> > Severity: serious
> >
> 
> It seems that 1:3.12.0-1.1 doesn't have this problem.
> I also test it on Loongson 3A.
> 
> root@thor:/# valgrind /usr/bin/hello
> ==2085== Memcheck, a memory error detector
> ==2085== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
> ==2085== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
> ==2085== Command: /usr/bin/hello
> ==2085==
> 
> VEX: Unsupported baseline
>  Found: Loongson-baseline
> Cannot continue. Good-bye

Well this just means that valgrind refuses to run on Loongson. The code
which triggers this bug hasn't yet run at this point.

However, if I hack /proc/cpuinfo so that it pretends to be an Octeon
machine, then valgrind does work correctly on Loongson 3A machines (at
least ls works). I can also get valgrind to work correctly on the CI20.

It seems this bug is Octeon specific. I'm downgrading the bug on that
basis since it doesn't affect mipsel in general. It just so happens that
the majority of the buildds and the 2 mips porterboxes are Octeons.

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#852698: linux-image-4.9.0-1-amd64: nouveau seems to hang programs like lspci and Xorg

[Bernhard Ehlers]

Kernel version 4.9.7 contains a workaround, that may help, see 
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=2abb7f408f7cfb9af9218e74507f5f44af154302
 . When a debian kernel of 4.9.7 (or later) will arrive, I will test it.

As far as I understand Peter Ujfalusi is still working on a final fix.

Bug#849688: package in debian/testing is development version, severely broken

[Jens Georg]

If I may throw in my 2¢ here - 0.26 will not have any different 
functionality

to 0.24. All fixes that are applied to 0.26 will be ported to 0.24 where
applicable. I don't see the map functionality going in as we still have 
not

resolved the tile provider issue.

So the main difference of 0.26 will be that it's ported to GAction and 
have the
possibility to support different authentication backends better than 
before,

which might be interesting for you, Jeremy.

Bug#854475: postfix: systemd needs postfix@.service to have "After=network.target"

[Russell Coker]

Package: postfix
Version: 3.1.4-4
Severity: important
Tags: patch

The file /lib/systemd/system/postfix@.service needs to have the line
"After=network.target" to make sure that all the network interfaces are raised
before it is started.  Otherwise the startup will abort if Postfix is
configured to bind to any interface other than all (or maybe localhost).

After a recent update postfix would not be running on system start, it would
report that it couldn't bind to one of the IP addresses in it's config file.
After changing the service file it works correctly.

-- System Information:
Debian Release: 9.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages postfix depends on:
ii  adduser3.115
ii  cpio   2.11+dfsg-6
ii  debconf [debconf-2.0]  1.5.60
ii  dpkg   1.18.18
ii  init-system-helpers1.47
ii  libc6  2.24-9
ii  libdb5.3   5.3.28-12+b1
ii  libicu57   57.1-5
ii  libsasl2-2 2.1.27~101-g0780600+dfsg-2
ii  libssl1.1  1.1.0c-2
ii  lsb-base   9.20161125
ii  netbase5.4
ii  postfix-sqlite 3.1.4-4
ii  ssl-cert   1.0.38

Versions of packages postfix recommends:
ii  python3  3.5.3-1

Versions of packages postfix suggests:
ii  bsd-mailx [mail-reader]8.1.2-0.20160123cvs-3
ii  dovecot-core [dovecot-common]  1:2.2.27-2
ii  libsasl2-modules   2.1.27~101-g0780600+dfsg-2
pn  postfix-cdb
ii  postfix-doc3.1.4-4
pn  postfix-ldap   
pn  postfix-lmdb   
ii  postfix-mysql  3.1.4-4
ii  postfix-pcre   3.1.4-4
pn  postfix-pgsql  
pn  procmail   
pn  resolvconf 
pn  sasl2-bin  
pn  ufw

-- Configuration Files:
/etc/network/if-down.d/postfix changed:
exit 0
if [ ! -d /usr/lib/postfix ]; then
exit 0
fi
RUNNING=""
if [ -f /var/spool/postfix/pid/master.pid ]; then
pid=$(sed 's/ //g' /var/spool/postfix/pid/master.pid)
exe=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* //;s/.*\///')
if [ "X$exe" = "Xmaster" ]; then
RUNNING="y"
fi
fi
if [ ! -x /sbin/resolvconf ]; then
f=/etc/resolv.conf
if ! cp $f $(postconf -h queue_directory)$f 2>/dev/null; then
exit 0
fi
if [ -n "$RUNNING" ]; then
service postfix reload >/dev/null 2>&1
fi
fi
exit 0

/etc/network/if-up.d/postfix changed:
exit 0
if [ "$IFACE" = "lo" ]; then
exit 0
fi
if [ ! -d /usr/lib/postfix ]; then
exit 0
fi
RUNNING=""
if [ -f /var/spool/postfix/pid/master.pid ]; then
pid=$(sed 's/ //g' /var/spool/postfix/pid/master.pid)
exe=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* //;s/.*\///')
if [ "X$exe" = "Xmaster" ]; then
RUNNING="y"
fi
fi
if [ ! -x /sbin/resolvconf ]; then
f=/etc/resolv.conf
if ! cp $f $(postconf -h queue_directory)$f 2>/dev/null; then
exit 0
fi
if [ -n "$RUNNING" ]; then
service postfix reload >/dev/null 2>&1
fi
fi
if [ -n "$RUNNING" ]; then
if [ -x /usr/sbin/sendmail ]; then
/usr/sbin/sendmail -q >/dev/null 2>&1
fi
fi

/etc/ppp/ip-down.d/postfix changed:
exit 0
if [ ! -d /usr/lib/postfix ]; then
exit 0
fi
RUNNING=""
if [ -f /var/spool/postfix/pid/master.pid ]; then
pid=$(sed 's/ //g' /var/spool/postfix/pid/master.pid)
exe=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* //;s/.*\///')
if [ "X$exe" = "Xmaster" ]; then
RUNNING="y"
fi
fi
if [ ! -x /sbin/resolvconf ]; then
f=/etc/resolv.conf
if ! cp $f $(postconf -hx queue_directory)$f 2>/dev/null; then
exit 0
fi
if [ -n "$RUNNING" ]; then
service postfix reload >/dev/null 2>&1
fi
fi
exit 0

/etc/ppp/ip-up.d/postfix changed:
exit 0
if [ "$IFACE" = "lo" ]; then
exit 0
fi
if [ ! -d /usr/lib/postfix ]; then
exit 0
fi
RUNNING=""
if [ -f /var/spool/postfix/pid/master.pid ]; then
pid=$(sed 's/ //g' /var/spool/postfix/pid/master.pid)
exe=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* //;s/.*\///')
if [ "X$exe" = "Xmaster" ]; then
RUNNING="y"
fi
fi
if [ ! -x /sbin/resolvconf ]; then
f=/etc/resolv.conf
if ! cp $f $(postconf -hx queue_directory)$f 2>/dev/null; then
exit 0
fi
if [ -n "$RUNNING" ]; then
service postfix reload >/dev/