Bug#862888: gulp build fail for node-at.js: TypeError: Invalid Version: undefined at new SemVer (/usr/lib/nodejs/semver/semver.js:279:11)

[Jérémy Lal]

2017-05-18 7:00 GMT+02:00 Pirate Praveen :

> package: node-semver
> severity: grave
> justification: makes it unuseable
> version: 5.3.0-1
> Control: block 862880 by -1
>
> I get this error when trying to build node-at.js
> (https://anonscm.debian.org/git/pkg-javascript/node-at.js.git) using
> gulp 3.9.1-3
>
> $ gulp
> [10:13:56] Local gulp not found in
> ~/forge/debian/git/pkg-javascript/node-at.js
> [10:13:56] Try running: npm install gulp
> [10:13:56] Using globally installed gulp
> /usr/lib/nodejs/semver/semver.js:279
> throw new TypeError('Invalid Version: ' + version);
> ^
>
> TypeError: Invalid Version: undefined
> at new SemVer (/usr/lib/nodejs/semver/semver.js:279:11)
> at SemVer.compare (/usr/lib/nodejs/semver/semver.js:342:13)
> at compare (/usr/lib/nodejs/semver/semver.js:566:31)
> at Function.gt (/usr/lib/nodejs/semver/semver.js:595:10)
> at Liftoff.handleArguments (/usr/lib/nodejs/gulp/bin/gulp.js:99:14)
> at Liftoff. (/usr/lib/nodejs/liftoff/index.js:198:16)
> at module.exports (/usr/lib/nodejs/flagged-respawn/index.js:17:3)
> at Liftoff. (/usr/lib/nodejs/liftoff/index.js:190:9)
> at /usr/lib/nodejs/liftoff/index.js:164:9
> at /usr/lib/nodejs/v8flags/index.js:108:14
>


This is doubtfully a bug in semver, and rather a bug in the package using
it.
Also i can't reproduce it with the gulp version i found in debian, it stops
after
  Try running: npm install gulp

Jérémy

Bug#862888: [Pkg-javascript-devel] Bug#862888: gulp build fail for node-at.js: TypeError: Invalid Version: undefined at new SemVer (/usr/lib/nodejs/semver/semver.js:279:11)

[Pirate Praveen]

On വ്യാഴം 18 മെയ് 2017 12:27 വൈകു, Jérémy Lal wrote:
> This is doubtfully a bug in semver, and rather a bug in the package
> using it.

yes, traced it back to gulp itself.

> Also i can't reproduce it with the gulp version i found in debian, it
> stops after
>   Try running: npm install gulp

That's why I specified gulp version in the report, which was just
uploaded sometime back only. When I tested that patch, I thought it was
a bug in semver and not gulp, but once I dug deeper, I reassigned it to
gulp and fixed it.




signature.asc
Description: OpenPGP digital signature

Bug#844201:

[Patrick Garcia]

Sent from Mail for Windows 10

Bug#832509: libfreetype6-dev: compilation terminated.

[Laurent Bigonville]

tag 832509 + unreproducible
thanks

On Tue, 26 Jul 2016 11:18:43 +0200 Simon  wrote:

>
> Dear Maintainer,

Hello Simon,

>
> i hve install libfreetype6-dev
> and try to compile a code bug gcc return
> /usr/include/freetype2/ft2build.h:37:38: fatal error: 
freetype/config/ftheader.h: Aucun fichier ou dossier de ce type

> compilation terminated.
>

I cannot reproduce this with the following example:

$ cat foo.c
#include 

int main(void) {
return 0;
}

$ gcc foo.c `pkg-config --cflags --libs freetype2`

How or what are you compiling?

Bug#862890: ITP: node-vinyl-sourcemaps-apply -- Apply a source map to a vinyl file

[Pirate Praveen]

Package: wnpp
Severity: wishlist
Owner: Pirate Praveen 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-vinyl-sourcemaps-apply
  Version : 0.2.1
  Upstream Author : Florian Reiterer 
* URL : http://github.com/floridoo/vinyl-sourcemaps-apply
* License : ISC
  Programming Lang: JavaScript
  Description : Apply a source map to a vinyl file

 Apply a source map to a vinyl file, merging it with preexisting source
maps.
 .
 Source maps provide a language-agnostic way to compile back production
 code to the original source code.
 .
 This library is a build dependency of gulp-coffee, coffee script
integration
 for gulp.
 .
 Node.js is an event-based server-side JavaScript engine.



signature.asc
Description: OpenPGP digital signature

Bug#862891: jessie-pu: package flightgear/3.0.0-5+deb8u2

[Markus Wanner]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: jessie
Severity: normal

Dear Release Team,

as per Salvatore Bonaccorso, the current security fix for flightgear
doesn't warrant a DSA on its own (see below). Is it okay to upload to
'stable'?

A debdiff against the current version in stable-sec (3.0.0-5+deb8u1) is
attached. Please note that stable itself is still at 3.0.0-5 and doesn't
offer the first (and related) security fix.

Kind Regards

Markus Wanner

On 05/17/2017 08:57 AM, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, May 17, 2017 at 08:49:19AM +0200, Moritz Muehlenhoff wrote:
>> On Wed, May 17, 2017 at 07:20:15AM +0200, Salvatore Bonaccorso wrote:
>>> Hi Markus,
>>>
>>> On Fri, May 12, 2017 at 07:57:23PM +0200, Markus Wanner wrote:
 Florent,

 On 05/12/2017 07:33 PM, Florent Rougon wrote:
> We'd like to draw your attention on the following fix for FlightGear:

 thanks for your heads-up, I'll take care of preparing an upload for the
 affected Debian packages.
>>>
>>> Thanks. Filled as well #862689 in the BTS in meanwhile.
>>>
>>> For stable: We think this does need a DSA on its own, can you schedule
>> ^ not
>>
>> :-)
>
> Autsch, yes of course ... sorry for confusion caused (hope this still
> was clear from context :)).
>
> Regards,
> Salvatore
diff -Nru flightgear-3.0.0/debian/changelog flightgear-3.0.0/debian/changelog
--- flightgear-3.0.0/debian/changelog   2016-12-14 09:43:00.0 +
+++ flightgear-3.0.0/debian/changelog   2017-05-17 10:46:18.0 +
@@ -1,3 +1,11 @@
+flightgear (3.0.0-5+deb8u2) stable; urgency=high
+
+  * Add patch restrict-save-flightplan-secu-fix-faf872.patch: prevent
+overriding arbitrary files from the "save-flightplan" FGCommand.
+Closes: #862689 (CVE-2017-8921).
+
+ -- Markus Wanner   Tue, 16 May 2017 21:37:27 +0200
+
 flightgear (3.0.0-5+deb8u1) jessie-security; urgency=high
 
   * Add patch route-manager-secu-fix-280cd5.patch (security fix preventing
diff -Nru 
flightgear-3.0.0/debian/patches/restrict-save-flightplan-secu-fix-faf872.patch 
flightgear-3.0.0/debian/patches/restrict-save-flightplan-secu-fix-faf872.patch
--- 
flightgear-3.0.0/debian/patches/restrict-save-flightplan-secu-fix-faf872.patch  
1970-01-01 00:00:00.0 +
+++ 
flightgear-3.0.0/debian/patches/restrict-save-flightplan-secu-fix-faf872.patch  
2017-05-17 09:16:50.0 +
@@ -0,0 +1,36 @@
+Description: Security fix: don't allow overwriting arbitrary files
+ the previous fix 280cd523 missed commandSaveFlightPlan
+ .
+ backported from faf872e7, fixes CVE-2017-8921.
+Author: Rebecca N. Palmer 
+ Florent Rougon 
+Origin: upstream, 
https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/
+
+--- a/src/Autopilot/route_mgr.cxx
 b/src/Autopilot/route_mgr.cxx
+@@ -75,7 +75,24 @@
+ {
+   FGRouteMgr* self = (FGRouteMgr*) globals->get_subsystem("route-manager");
+   SGPath path(arg->getStringValue("path"));
+-  return self->saveRoute(path);
++  const std::string authorizedPath = fgValidatePath(path.realpath(),
++true /* write */);
++
++  if (!authorizedPath.empty()) {
++return self->saveRoute(SGPath(authorizedPath));
++  } else {
++const SGPath proposedPath = SGPath(globals->get_fg_home()) / "Export";
++std::string msg =
++  "The route manager was asked to write the flightplan to '" +
++  path.str() + "', but this path is not authorized for writing. " +
++  "Please choose another location, for instance in the $FG_HOME/Export "
++  "folder (" + proposedPath.str() + ").";
++
++SG_LOG(SG_AUTOPILOT, SG_ALERT, msg);
++modalMessageBox("FlightGear", "Unable to write to the specified file",
++msg);
++return false;
++  }
+ }
+ 
+ static bool commandActivateFlightPlan(const SGPropertyNode* arg)
diff -Nru flightgear-3.0.0/debian/patches/series 
flightgear-3.0.0/debian/patches/series
--- flightgear-3.0.0/debian/patches/series  2016-12-14 09:13:44.0 
+
+++ flightgear-3.0.0/debian/patches/series  2017-05-16 20:18:39.0 
+
@@ -5,3 +5,4 @@
 6a30e7.patch
 route-manager-secu-fix-280cd5.patch
 fix-missing-lX11-in-link-commands.patch
+restrict-save-flightplan-secu-fix-faf872.patch


signature.asc
Description: OpenPGP digital signature

Bug#860188: v40 interpreter in 2.7

[Laurent Bigonville]

tag 860188 + moreinfo
thanks

On Wed, 12 Apr 2017 18:37:39 +0200 Yuri D'Elia  wrote:

Hello Yuri,

>
> Freetype 2.7 introduces a new v40 truetype interpreter mode, which is not
> currently enabled.
>
> I've been using a custom-built freetype with the v40 interpreter 
enabled for
> the past 6 months, and I wouldn't go back. v40 has some differencies, 
but it
> really does improve on many corner cases while preserving the 
original glypth

> shape much better.
>
> When v40 is enabled, the interpreter version can be switched with an
> environment variable. This is not optimal (fontconfig support would 
be nice),

> but it *does* allow for people to revert to the old rendering behavior if
> needed.
>
> Can we enable v40 on unstable or experimental, or is there anything 
preventing

> a rendering change?

2.7.1 is currently in experimental and AFAIKS the v40 interpreter is 
enabled by default in that version, see: 
https://www.freetype.org/freetype2/docs/subpixel-hinting.html


Where you thinking about something else?

Kind regards,

Laurent Bigonville

Bug#862892: linux-signed FTBFS in stretch: Build-depends on linux packages no longer in stretch

[Adrian Bunk]

Source: linux-signed
Version: 4.4
Severity: serious

linux-signed has build dependencies on the exact version 4.9.18-1
of packages from src:linux, but version 4.9.25-1 is now in stretch.

Bug#858968: [Pkg-sssd-devel] Bug#858968: installing sssd leaves systemd in degraded state

[Harald Dunkel]

Don't panic.

Bug#862893: ITP: node-gulp-coffee -- Compile CoffeeScript file

[Pirate Praveen]

Package: wnpp
Severity: wishlist
Owner: Pirate Praveen 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-gulp-coffee
  Version : 2.3.4
  Upstream Author : Contra  (http://contra.io/)
* URL : http://github.com/contra/gulp-coffee
* License : Expat
  Programming Lang: JavaScript
  Description : Compile CoffeeScript files

 This plugin for gulp build tool supports compiling CoffeeScript files.
 .
 Gulp is a streaming build system to automate painful or time-consuming
tasks.
 This library is a build dependency for at.js.
 .
 Node.js is an event-based server-side JavaScript engine



signature.asc
Description: OpenPGP digital signature

Bug#857573: Processed: Re: systemd: Raise network interfaces fails to stop cleanly on shutdown/reboot

[Christoph Biedl]

Michael Biebl wrote...

> To mark as mountpoint as network mount, there is the _netdev mount
> option.

While I can confirm this provides a sane and safe shutdown for a mounted
AoE-device, this works only if the device was initially mounted using
that extra option. A later "mount -o remount,_netdev" exits zero but
does not change /proc/mounts, hence resulting in havoc. If you could
shed some light on this?

> See man systemd.mount. systemd tries to autodetect that for
> various network file systems
> 
> https://github.com/systemd/systemd/blob/master/src/fstab-generator/fstab-generator.c#L164
> 
> https://github.com/systemd/systemd/blob/master/src/basic/mount-util.c#L516

As a suggestion (probably too late for stretch), an extension of that
check could inspect the device name as well, to detect AoE, NBD and even
iSCSI devices - the latter probably needs some extra magic.

Christoph


signature.asc
Description: Digital signature

Bug#862355: mate-settings-daemon: Can't change wallpaper when selecting one

[Tycho Lürsen]

Same here, but I'm stuck with a black screen. Panels and desktop icons 
show up though, it's just the wallpaper that has vanished into thin air.

Bug#862857: vim: LOG_ALERT unable to open gpm console, check your /dev filesystem!

[Alan Jenkins]

On 18/05/17 02:33, James McCoy wrote:

Control: reassign -1 gpm 1.20.4-6.2
Control: merge 775443 -1

On Wed, May 17, 2017 at 05:12:55PM +, Alan Jenkins wrote:

This happens when running `vi` inside a systemd-nspawn container.
`vi` is able to run, but each time it logs three lines in
attention-getting RED (loglevel alert) in the system log.


strace shows that vi looks for /dev/vc/0 and /dev/tty0.
Neither of these exist in /dev, this is expected in a container.

This is triggered by some debian-enabled configuration.

Actually, it's triggered by the lack of a user configuration, so Vim
loads defaults.vim, which does "set mouse=a".  Since you're in a
console, that's handled by gpm.



May 17 16:55:36 unstable vim[761]: unable to open gpm console, check your /dev 
filesystem!
May 17 16:55:36 unstable vim[761]: *** err
May 17 16:55:36 unstable vim[761]: Oh, oh, it's an error! possibly I die!

Which are all emitted by gpm[0].  It looks like this has already been
reported[1] against gpm ... over 2 years ago.

[0]: https://codesearch.debian.net/search?q=Oh%2C+oh%2C+it%27s+an+error
[1]: https://bugs.debian.org/775443

Cheers,


Thanks for that.  I just saw /etc/vim/vimrc referring to default.vim, I 
overlooked that default.vim was from upstream.


I'm not sure what you mean by a console. The tty is `/dev/pts/0` (the 
other end is `machinectl login` on the host system).


#775443 says it goes away when removing gpm, so it's not exactly the 
same.  I had never installed gpm on my nspawn container.  vi does pull 
in libgpm though.


The specific error I saw comes from here:
https://github.com/telmich/gpm/blob/1.20.4/src/lib/liblow.c#L213

"what's with the lib??? ... making this piece of code work has been a 
real hassle ..."



Regards
Alan

Bug#862894: maven-debian-helper: Installed poms are missing the debian.hasPackageVersion property when --has-package-version is specified

[Emmanuel Bourg]

Package: maven-debian-helper
Version: 2.1.3
Severity: normal

When the --has-package-version options is used in the debian/.poms
file the corresponding pom should have a  property
once installed in the package. That's how mh_installpom works in
maven-repo-helper, but this behavior wasn't replicated in the SysInstallMojo
of maven-debian-helper.

As a consequence, the libraries packaged without the debian.hasPackageVersion
property can never be versioned in the ${maven:Depends} variable of packages
depending on them. This is annoying because it's impossible to automatically
enfore versioned dependencies in binary packages.

Emmanuel Bourg

Bug#862895: git rebase fails often with "index.lock: File exists"

[Alberto Garcia]

Package: git
Version: 1:2.11.0-3
Severity: normal

Hi!

this looks very similar to bug #774848, but I'm filing a separate bug
as requested.

I'm having problems with 'git rebase' once a while. I cannot find a
pattern that explains why it fails: sometimes it works fine, sometimes
it produces an error message. After the error it's usually enough with
running 'git rebase --abort' and repeating the process.

Because of this it's not always easy to reproduce it, but I just did
now: I was trying to pull from the upstream QEMU repository. My master
branch had one additional commit from me, so I did 'git pull --rebase'
to ensure that my commit remains on top.

There's no index.lock file, and git has not crashed as far as I'm
aware (syslog also shows nothing odd). I'm including the full output
below with GIT_TRACE=1.

Perhaps the only thing "special" about this repository is that it was
cloned using 'git clone --reference', and thus has an 'alternates'
file (.git/objects/info/alternates). Other than that, I've been using
this for a long time without any problems until around the beginning
of 2016 if I recall correctly.

Thanks!

Berto

$ GIT_TRACE=1 git pull --rebase
11:15:36.867251 git.c:371   trace: built-in: git 'pull' '--rebase'
11:15:36.880735 run-command.c:350   trace: run_command: 'merge-base' 
'--fork-point' 'refs/remotes/origin/master' 'master'
11:15:36.936053 run-command.c:350   trace: run_command: 'fetch' 
'--update-head-ok'
11:15:36.936333 exec_cmd.c:116  trace: exec: 'git' 'fetch' 
'--update-head-ok'
11:15:36.937298 git.c:371   trace: built-in: git 'fetch' 
'--update-head-ok'
11:15:36.941266 run-command.c:350   trace: run_command: 'git-remote-https' 
'origin' 'https://github.com/qemu/qemu'
11:15:38.001933 run-command.c:350   trace: run_command: 'rev-list' 
'--objects' '--stdin' '--not' '--all' '--quiet'
11:15:38.018560 run-command.c:350   trace: run_command: 'rev-list' 
'--objects' '--stdin' '--not' '--all' '--quiet'
11:15:38.018992 exec_cmd.c:116  trace: exec: 'git' 'rev-list' 
'--objects' '--stdin' '--not' '--all' '--quiet'
11:15:38.020063 git.c:371   trace: built-in: git 'rev-list' 
'--objects' '--stdin' '--not' '--all' '--quiet'
11:15:38.043289 run-command.c:1130  run_processes_parallel: preparing to 
run up to 1 tasks
11:15:38.043435 run-command.c:1162  run_processes_parallel: done
11:15:38.043898 run-command.c:350   trace: run_command: 'gc' '--auto'
11:15:38.044160 exec_cmd.c:116  trace: exec: 'git' 'gc' '--auto'
11:15:38.045213 git.c:371   trace: built-in: git 'gc' '--auto'
11:15:38.049490 run-command.c:350   trace: run_command: 'rebase' '--onto' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9'
11:15:38.049768 exec_cmd.c:116  trace: exec: 'git' 'rebase' '--onto' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9'
11:15:38.050855 git.c:600   trace: exec: 'git-rebase' '--onto' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9'
11:15:38.050890 run-command.c:350   trace: run_command: 'git-rebase' 
'--onto' 'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9'
11:15:38.054262 git.c:371   trace: built-in: git 'rev-parse' 
'--parseopt' '--stuck-long' '--' '--onto' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9' 
'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9'
11:15:38.057001 git.c:371   trace: built-in: git 'rev-parse' 
'--git-dir'
11:15:38.058526 git.c:371   trace: built-in: git 'rev-parse' 
'--git-path' 'objects'
11:15:38.059874 git.c:371   trace: built-in: git 'rev-parse' 
'--is-bare-repository'
11:15:38.061035 git.c:371   trace: built-in: git 'rev-parse' 
'--show-toplevel'
11:15:38.063275 git.c:371   trace: built-in: git 'config' '--bool' 
'rebase.stat'
11:15:38.064884 git.c:371   trace: built-in: git 'config' '--bool' 
'rebase.autostash'
11:15:38.066078 git.c:371   trace: built-in: git 'config' '--bool' 
'rebase.autosquash'
11:15:38.067089 git.c:371   trace: built-in: git 'config' '--bool' 
'commit.gpgsign'
11:15:38.068494 git.c:371   trace: built-in: git 'rev-parse' 
'--verify' 'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9^0'
11:15:38.070227 git.c:371   trace: built-in: git 'rev-parse' 
'--verify' 'cdece0467c7cf8e3f4b3c3f0b13bf2c4fea9^0'
11:15:38.071891 git.c:371   trace: built-in: git 'symbolic-ref' 
'-q' 'HEAD'
11:15:38.073472 git.c:371   trace: built-in: git 'rev-parse' 
'--verify' 'HEAD'
11:15:38.075400 git.c:371   trace: built-in: git 'rev-parse' 
'--verify' 'HEAD'
11:15:38.076887 git.c:371   trace: built-in: git 'update-index' 
'-q' '--ignore-submodules' '--refresh'
11:15:38.082856 git.c:371   trace: built-in: git 'diff-files' 
'--quiet' '

Bug#859445: [Pkg-sssd-devel] Bug#859445: sssd: Offline authentication : Access denied for user : 4 (System error)

[Thomas Sillard]

Workaround for us was to set ad_gpo_access_control = permissive in the
[domain] section of file /etc/sssd/sssd.conf ...

Regards,

2017-05-17 13:52 GMT+02:00 Timo Aaltonen :

> On 03.04.2017 18:23, Thomas Sillard wrote:
> > Package: sssd
> > Version: 1.15.0-3
> > Severity: important
> >
> > Dear Maintainer,
> >
> > We are testing SSO with Debian 9 / sssd / realmd to authenticate users
> on Active directory from Linux laptops.
> > All works fine when the computer is connected to the network, but not in
> offline mode.
>
> This seems to be a pretty basic setup and should work fine. Maybe ask on
> sssd-us...@lists.fedorahosted.org about it..
>
>
> --
> t
>

Bug#862896: python-x2go breaks with gevent 1.1.0

[Mike Gabriel]

Package: python-x2go
Severity: grave
Control: forwarded -1 https://bugs.x2go.org/1016


Forwarding X2Go upstream bug #1016:
 https://bugs.x2go.org/1016

```
I'm using x2go python bindings, and noticed that X2GoSession's .suspend() can
break with gevent 1.1. I've downgraded gevent to 1.0.2 and unchanged code
works fine with it.

 Sample code (i believe taken from a sample code):


 class Client(X2GoClient):
def do_connect(self):
...
sid = self.register_session(server=session_args.pop('server', None),
username=session_args.pop('username',
None),
 
profile_name=session_args.pop('profile_name',

None),
port=session_args.pop('port', None),
return_object=True)
sid.update_params(session_args)
sid.connect()
self.clean_sessions(sid.uuid)
sid.start(cmd='XFCE')

session_name = sid.get_session_name()
if session_name is None:
log.error("X2Go session creation: Session name is None,
terminating")
return
sid.suspend()
...


 Traceback:


  File "/usr/lib/python2.7/dist-packages/x2go/session.py", line 2303, in
suspend
self._lock.release()
  File "gevent/_semaphore.py", line 266, in
gevent._semaphore.BoundedSemaphore.release (gevent/gevent._semaphore.c:4866)
  File "gevent/_semaphore.py", line 268, in
gevent._semaphore.BoundedSemaphore.release (gevent/gevent._semaphore.c:4802)
thread.error: Semaphore released too many times
```

The issue is actually quite severe as gevent threads in applications  
using python-x2go bail out and stop working once that exception is  
raised.


Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpVwgZmsGM9g.pgp
Description: Digitale PGP-Signatur

Bug#862355: (no subject)

[David Griffith]

I filed a bug report at 
https://github.com/mate-desktop/mate-settings-daemon/issues/177 about 
this.  While that gets worked on, feh 
(https://packages.debian.org/stretch/feh) can be used to manually set the 
background.



--
David Griffith
d...@661.org

A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Bug#862894: Pending fixes for bugs in the maven-debian-helper package

[pkg-java-maintainers]

tag 862894 + pending
thanks

Some bugs in the maven-debian-helper package are closed in revision
1908dd0a9f2d3ddd975c31402f8196ca1ebb4100 in branch 'master' by
Emmanuel Bourg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/maven-debian-helper.git/commit/?id=1908dd0

Commit message:

Add the debian.hasPackageVersion property in the installed poms when the 
--has-package-version option is specified (Closes: #862894)

Bug#840787: Pending fixes for bugs in the maven-debian-helper package

[pkg-java-maintainers]

tag 840787 + pending
thanks

Some bugs in the maven-debian-helper package are closed in revision
78b8c8cea322b0bc830c4fd6665cffcf83bec920 in branch 'master' by
Emmanuel Bourg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/maven-debian-helper.git/commit/?id=78b8c8c

Commit message:

Fixed the error message in mh_make when licensecheck isn't installed 
(Closes: #840787)

Bug#703373: Pending fixes for bugs in the maven-debian-helper package

[pkg-java-maintainers]

tag 703373 + pending
thanks

Some bugs in the maven-debian-helper package are closed in revision
5474b021a2ee816544604a97dd7a9d69944dc66c in branch 'master' by
Emmanuel Bourg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/maven-debian-helper.git/commit/?id=5474b02

Commit message:

Removed mvn-debian (Closes: #703373)

Bug#758611: Pending fixes for bugs in the maven-debian-helper package

[pkg-java-maintainers]

tag 758611 + pending
thanks

Some bugs in the maven-debian-helper package are closed in revision
e6bce21841458682fae93fe1a0d4fcf3d028fb21 in branch 'master' by
Emmanuel Bourg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/maven-debian-helper.git/commit/?id=e6bce21

Commit message:

Clarified the 'Include all modules?' question (Closes: #758611)

Bug#862897: expire-iso8601 design problem

[Ian Jackson]

Package: chiark-scripts
Version: 4.4.2

chiark:~/junk> cat /var/lib/chiark-backup/on-davenant
2017-03-16T01:44+
2017-05-04T01:44+0100
2017-05-05T01:44+0100
2017-05-06T01:44+0100
2017-05-07T01:44+0100
2017-05-08T01:44+0100
2017-05-09T01:44+0100
2017-05-10T01:44+0100
2017-05-11T01:44+0100
2017-05-12T01:44+0100
2017-05-13T01:44+0100
2017-05-14T01:44+0100
2017-05-15T01:44+0100
2017-05-16T01:44+0100
2017-05-17T01:44+0100
2017-05-18T01:44+0100
latest
chiark:~/junk>

This is the result of

  expire-iso8601 -r -u86400 -s1 14x1 4x7

The problem is that the oldest backup (kept for 4x7) never gets
replaced because the next-oldest (kept for 14x1) is never old enough.

I think the fix is to count each spec twice, once with a minimum
interval (choosing the newest) and once with a maximum (choosing the
oldest).

Ian.

-- 
Ian JacksonThese opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Bug#852675: #852675: package cfengine3 unusable

[Christoph Martin]

severity 852675 grave
tags 852675 + patch
thanks

wrong configured path makes packages unusable. The patch is trivial:

diff --git a/debian/rules b/debian/rules
index 5aa364c..641b308 100755
--- a/debian/rules
+++ b/debian/rules
@@ -20,7 +20,7 @@ override_dh_auto_configure:
--with-libvirt \
--with-lmdb \
--with-libxml2 \
-
--with-masterdir=\$${prefix}/share/cfengine3/masterfiles \
+   --with-masterdir=/var/lib/cfengine3/masterfiles \
--with-workdir=/var/lib/cfengine3 \
--with-logdir=/var/log/cfengine3 \
--with-piddir=/var/run/cfengine3 \

Christoph

-- 

Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber: mar...@jabber.uni-mainz.de
  (Siehe http://www.zdv.uni-mainz.de/4010.php)
<>

signature.asc
Description: OpenPGP digital signature

Bug#609352: Successor to ZDoom available as free software

[Steven De Herdt]

Some news regarding ZDoom:
Official development on this port has stopped, but GZDoom which can be
regarded as its successor is now released under the GPLv3:
https://forum.zdoom.org/viewtopic.php?t=56132

Kind regards
-Steven

Bug#862898: unblock: ntirpc/1.4.4-1

[Christoph Martin]

Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ntirpc

Hi,

ntirpc/1.4.4-1, which was uploaded some days ago to unstable fixes
release critical CVE-2017-8779 bug #861836.

Thanks

Christoph
-- 

Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber: mar...@jabber.uni-mainz.de
  (Siehe http://www.zdv.uni-mainz.de/4010.php)
diff -Nru ntirpc-1.4.3/CMakeLists.txt ntirpc-1.4.4/CMakeLists.txt
--- ntirpc-1.4.3/CMakeLists.txt 2016-10-25 20:15:56.0 +0200
+++ ntirpc-1.4.4/CMakeLists.txt 2017-05-05 21:07:02.0 +0200
@@ -15,7 +15,7 @@
 # version numbers
 set(NTIRPC_MAJOR_VERSION 1)
 set(NTIRPC_MINOR_VERSION 4)
-set(NTIRPC_PATCH_LEVEL 3)
+set(NTIRPC_PATCH_LEVEL 4)
 set(VERSION_COMMENT
   "Full-duplex and bi-directional ONC RPC on TCP."
 )
diff -Nru ntirpc-1.4.3/debian/changelog ntirpc-1.4.4/debian/changelog
--- ntirpc-1.4.3/debian/changelog   2017-04-07 13:54:21.0 +0200
+++ ntirpc-1.4.4/debian/changelog   2017-05-15 09:53:09.0 +0200
@@ -1,3 +1,11 @@
+ntirpc (1.4.4-1) unstable; urgency=high
+
+  [ Christoph Martin ]
+  * Imported Upstream version 1.4.4
+  * fixes rpcbomb CVE-2017-8779 (closes: #861836)
+
+ -- Christoph Martin   Mon, 15 May 2017 09:53:09 +0200
+
 ntirpc (1.4.3-3) unstable; urgency=medium
 
   * link with libatomic if necessary (closes: #859689)
diff -Nru ntirpc-1.4.3/debian/libntirpc1.4.symbols 
ntirpc-1.4.4/debian/libntirpc1.4.symbols
--- ntirpc-1.4.3/debian/libntirpc1.4.symbols2017-04-07 13:54:21.0 
+0200
+++ ntirpc-1.4.4/debian/libntirpc1.4.symbols2017-05-15 09:53:09.0 
+0200
@@ -1,253 +1,253 @@
 libntirpc.so.1.4 libntirpc1.4 #MINVER#
- NTIRPC_1.4.3@NTIRPC_1.4.3 1.4.3
+ NTIRPC_1.4.4@NTIRPC_1.4.4 1.4.4
  NTIRPC_PRIVATE@NTIRPC_PRIVATE 1.4.3
- __ntirpc_pkg_params@NTIRPC_1.4.3 1.4.3
- __rpc_createerr@NTIRPC_1.4.3 1.4.3
- __rpc_dtbsize@NTIRPC_1.4.3 1.4.3
- __rpc_endconf@NTIRPC_1.4.3 1.4.3
- __rpc_fd2sockinfo@NTIRPC_1.4.3 1.4.3
- __rpc_fixup_addr@NTIRPC_1.4.3 1.4.3
- __rpc_get_a_size@NTIRPC_1.4.3 1.4.3
- __rpc_get_local_uid@NTIRPC_1.4.3 1.4.3
- __rpc_get_t_size@NTIRPC_1.4.3 1.4.3
- __rpc_getconf@NTIRPC_1.4.3 1.4.3
- __rpc_getconfip@NTIRPC_1.4.3 1.4.3
- __rpc_nconf2fd@NTIRPC_1.4.3 1.4.3
- __rpc_nconf2fd_flags@NTIRPC_1.4.3 1.4.3
- __rpc_nconf2sockinfo@NTIRPC_1.4.3 1.4.3
- __rpc_rawcombuf@NTIRPC_1.4.3 1.4.3
- __rpc_seman2socktype@NTIRPC_1.4.3 1.4.3
- __rpc_setconf@NTIRPC_1.4.3 1.4.3
- __rpc_sockinfo2netid@NTIRPC_1.4.3 1.4.3
- __rpc_sockisbound@NTIRPC_1.4.3 1.4.3
- __rpc_socktype2seman@NTIRPC_1.4.3 1.4.3
- __rpc_taddr2uaddr_af@NTIRPC_1.4.3 1.4.3
- __rpc_uaddr2taddr_af@NTIRPC_1.4.3 1.4.3
- __rpcgettp@NTIRPC_1.4.3 1.4.3
- _get_next_token@NTIRPC_1.4.3 1.4.3
- _null_auth@NTIRPC_1.4.3 1.4.3
- _rpc_dtablesize@NTIRPC_1.4.3 1.4.3
- _seterr_reply@NTIRPC_1.4.3 1.4.3
- _svcauth_gss@NTIRPC_1.4.3 1.4.3
- _svcauth_none@NTIRPC_1.4.3 1.4.3
- _svcauth_short@NTIRPC_1.4.3 1.4.3
- _svcauth_unix@NTIRPC_1.4.3 1.4.3
- authgss_get_private_data@NTIRPC_1.4.3 1.4.3
- authgss_ncreate@NTIRPC_1.4.3 1.4.3
- authgss_ncreate_default@NTIRPC_1.4.3 1.4.3
- authgss_service@NTIRPC_1.4.3 1.4.3
- authnone_ncreate@NTIRPC_1.4.3 1.4.3
- authunix_ncreate@NTIRPC_1.4.3 1.4.3
- authunix_ncreate_default@NTIRPC_1.4.3 1.4.3
- bindresvport@NTIRPC_1.4.3 1.4.3
- bindresvport_sa@NTIRPC_1.4.3 1.4.3
- callrpc@NTIRPC_1.4.3 1.4.3
- clnt_broadcast@NTIRPC_1.4.3 1.4.3
- clnt_dg_ncreate@NTIRPC_1.4.3 1.4.3
- clnt_ncreate@NTIRPC_1.4.3 1.4.3
- clnt_ncreate_timed@NTIRPC_1.4.3 1.4.3
- clnt_ncreate_vers@NTIRPC_1.4.3 1.4.3
- clnt_ncreate_vers_timed@NTIRPC_1.4.3 1.4.3
- clnt_pcreateerror@NTIRPC_1.4.3 1.4.3
- clnt_perrno@NTIRPC_1.4.3 1.4.3
- clnt_perror@NTIRPC_1.4.3 1.4.3
- clnt_raw_ncreate@NTIRPC_1.4.3 1.4.3
- clnt_spcreateerror@NTIRPC_1.4.3 1.4.3
- clnt_sperrno@NTIRPC_1.4.3 1.4.3
- clnt_sperror@NTIRPC_1.4.3 1.4.3
- clnt_tp_ncreate@NTIRPC_1.4.3 1.4.3
- clnt_tp_ncreate_timed@NTIRPC_1.4.3 1.4.3
- clnt_vc_ncreate2@NTIRPC_1.4.3 1.4.3
- clnt_vc_ncreate@NTIRPC_1.4.3 1.4.3
- clnt_vc_ncreate_svc@NTIRPC_1.4.3 1.4.3
- clntraw_ncreate@NTIRPC_1.4.3 1.4.3
- clnttcp_ncreate@NTIRPC_1.4.3 1.4.3
- clntudp_nbufcreate@NTIRPC_1.4.3 1.4.3
- clntudp_ncreate@NTIRPC_1.4.3 1.4.3
- clntunix_ncreate@NTIRPC_1.4.3 1.4.3
- endnetconfig@NTIRPC_1.4.3 1.4.3
- endnetpath@NTIRPC_1.4.3 1.4.3
- endrpcent@NTIRPC_1.4.3 1.4.3
- free_rpc_msg@NTIRPC_1.4.3 1.4.3
- freenetconfigent@NTIRPC_1.4.3 1.4.3
- get_myaddress@NTIRPC_1.4.3 1.4.3
- getnetconfig@NTIRPC_1.4.3 1.4.3
- getnetconfigent@NTIRPC_1.4.3 1.4.3
- getnetpath@NTIRPC_1.4.3 1.4.3
- getrpcent@NTIRPC_1.4.3 1.4.3
- getrpcport@NTIRPC_1.4.3 1.4.3
- nc_perror@NTIRPC_1.4.3 1.4.3
- nc_sperror@NTIRPC_1.4.3 1.4.3
- opr_rbtree_first@NTIRPC_1.4.3 1.4.3
- opr_rbtree_init@NTIRPC_1.4.3 1.4.3
- opr_rbtree_insert@NTIRPC_1.4.3 1.4

Bug#862899: rsync: insufficient escaping/quoting of arguments

[Thorsten Glaser]

Package: rsync
Version: 3.1.2-2
Severity: serious
Tags: security upstream
Justification: security-relevant

Assume my home directory on 'remote' has no files matching '*4'.

Now run this:

remote$ touch ./-zT.mp4
local$ mkdir test
local$ cd test
local$ rsync -zavPH --numeric-ids -S --stats '--rsh=ssh -T' $remote:\*4 .

Expected: the “-zT.mp4” file is transferred.

Actual: the whole home directory of $remote, including subdirectories
and everything, is transferred.

Now imagine I had not cd’d into a new subdirectory. I have overwritten
all files in my own home directory that are present on remote’s before
I managed to press ^C and lost my TODO file and some dotfiles.

Yes, files starting with a U+002D HYPHEN-MINUS are problematic. I’d
still expect files that have passed muster on the local side to be
properly escaped to the remote side.

I think this is simply a case of a missing “--” argument before the
pathnames on the constructed rsh command line. When I do…
$ rsync -zavPH --numeric-ids -S --stats '--rsh=logger --' localhost:\* .
… I get this in syslog:
localhost rsync --server --sender -vlHogDtprSze.iLsfxC --numeric-ids . *

Now if after --numeric-ids there was a -- I believe the problem would
go away. (I’m aware of rsync’s capability to apply remote globs, and
this is not the problem here; in fact, the first command of mine above
relies on that. This is strictly about the hyphen-minus, which is not
uncommon in filenames created by youtube-dl.)

-- System Information:
Debian Release: 9.0
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32
 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages rsync depends on:
ii  base-files   9.9
ii  init-system-helpers  1.48
ii  libacl1  2.2.52-3+b1
ii  libattr1 1:2.4.47-2+b2
ii  libc62.24-10
ii  libpopt0 1.16-10+b2
ii  lsb-base 9.20161125

rsync recommends no packages.

Versions of packages rsync suggests:
ii  openssh-client  1:7.4p1-10
ii  openssh-server  1:7.4p1-10

-- no debconf information

Bug#862900: unblock (pre-upload): python-x2go/0.5.0.4-3

[Mike Gabriel]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please consider unblocking (pre-upload) package python-x2go.

In X2Go upstream we fixed an issue lately that occurs with gevent 1.1. As
I switched to Debian testing only lately with my daily-work machine, this
issue slipped through my fingers, so far.

.debdiff is attached. 

Thanks!
Mike

unblock python-x2go/0.5.0.4-3

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru python-x2go-0.5.0.4/debian/changelog 
python-x2go-0.5.0.4/debian/changelog
--- python-x2go-0.5.0.4/debian/changelog2016-11-30 12:58:26.0 
+0100
+++ python-x2go-0.5.0.4/debian/changelog2017-05-18 13:10:48.0 
+0200
@@ -1,3 +1,13 @@
+python-x2go (0.5.0.4-3) unstable; urgency=medium
+
+  * debian/control:
++ Add to B-D: dh-python.
+  * debian/patches:
++ Add 0001_check-lock-state-before-releasing.patch. Required for flawless
+  operation with gevent 1.1. (Closes: #862896).
+
+ -- Mike Gabriel   Thu, 18 May 2017 13:10:48 +0200
+
 python-x2go (0.5.0.4-2) unstable; urgency=medium
 
   * debian/control:
diff -Nru python-x2go-0.5.0.4/debian/control python-x2go-0.5.0.4/debian/control
--- python-x2go-0.5.0.4/debian/control  2016-11-30 12:58:26.0 +0100
+++ python-x2go-0.5.0.4/debian/control  2017-05-18 13:10:48.0 +0200
@@ -6,6 +6,7 @@
  Mike Gabriel ,
 Build-Depends: 
  debhelper (>= 9),
+ dh-python,
  python (>= 2.6.6-14~),
  python-setuptools,
  python-epydoc,
diff -Nru 
python-x2go-0.5.0.4/debian/patches/0001_check-lock-state-before-releasing.patch 
python-x2go-0.5.0.4/debian/patches/0001_check-lock-state-before-releasing.patch
--- 
python-x2go-0.5.0.4/debian/patches/0001_check-lock-state-before-releasing.patch 
1970-01-01 01:00:00.0 +0100
+++ 
python-x2go-0.5.0.4/debian/patches/0001_check-lock-state-before-releasing.patch 
2017-05-18 13:08:17.0 +0200
@@ -0,0 +1,102 @@
+commit 3ed4fed3465e02c605c80e057c265ca4a5d4b2ac
+Author: Mike Gabriel 
+Date:   Tue May 9 12:24:20 2017 +0200
+
+Don't blindly release gevent locked. We need to checked if a semaphore is 
locked in some case and only then release it. (Fixes: #1016).
+
+#diff --git a/debian/changelog b/debian/changelog
+#index aeca116..cd549f0 100644
+#--- a/debian/changelog
+#+++ b/debian/changelog
+#@@ -3,6 +3,9 @@ python-x2go (0.5.0.5-0x2go1) UNRELEASED; urgency=low
+#   [ Mike Gabriel ]
+#   * New upstream version (0.5.0.5):
+# - documentation: Fix wording in docstring.
+#+- Don't blindly release gevent locked. We need to checked if a
+#+  semaphore is locked in some case and only then release it.
+#+  (Fixes: #1016).
+# 
+#   [ Mihai Moldovan ]
+#   * New upstream version (0.5.0.5):
+diff --git a/x2go/backends/control/plain.py b/x2go/backends/control/plain.py
+index 73807e5..3dcc3ef 100644
+--- a/x2go/backends/control/plain.py
 b/x2go/backends/control/plain.py
+@@ -324,7 +324,8 @@ class X2GoControlSession(paramiko.SSHClient):
+ timer.cancel()
+ 
+ self.sftp_client = None
+-self._transport_lock.release()
++if self._transport_lock.locked():
++self._transport_lock.release()
+ 
+ def _x2go_sftp_write(self, remote_path, content, timeout=20):
+ """
+@@ -380,7 +381,8 @@ class X2GoControlSession(paramiko.SSHClient):
+ timer.cancel()
+ 
+ self.sftp_client = None
+-self._transport_lock.release()
++if self._transport_lock.locked():
++self._transport_lock.release()
+ 
+ def _x2go_sftp_remove(self, remote_path, timeout=20):
+ """
+@@ -431,7 +433,8 @@ class X2GoControlSession(paramiko.SSHClient):
+ timer.cancel()
+ 
+ self.sftp_client = None
+-self._transport_lock.release()
++if self._transport_lock.locked():
++self._transport_lock.release()
+ 
+ def _x2go_exec_command(self, cmd_line, loglevel=log.loglevel_INFO, 
timeout=20, **kwargs):
+ """
+@@ -520,7 +523,8 @@ class X2GoControlSession(paramiko.SSHClient):
+ self._transport_lock.release()
+ raise x2go_exceptions.X2GoControlSessionException('the X2Go 
control session is not connected (while issuing SSH command=%s)' % cmd)
+ 
+-self._transport_lock.release()
++if self._transport_lock.locked():
++self._transport_lock.release()
+ 
+ # sanitized X2Go relevant data, protect against data injection via 
.bashrc files
+ (_stdin, _stdout, _stderr) = _retval
+@@ -1204,7 +1208,8 @@ class X2GoControlSession(paramiko.SSHClient):
+ self._session_auth_rsakey = None
+ 
+ # in any case, 

Bug#862729: pavucontrol: broken symbolic link /usr/share/doc/pavucontrol/README

[Alexander Kurtz]

Hi!

On Wed, 2017-05-17 at 14:27 -0400, Felipe Sateler wrote:
> Indeed! I have pushed a fix to git. I'm unsure if this warrants a
> freeze exception though. What do you think?

I don't think this warrants a freeze exception, but thanks for the
quick response!

Best regards

Alexander Kurtz

signature.asc
Description: This is a digitally signed message part

Bug#861953: unblock: runc/0.1.1+dfsg1-3

[Jonathan Wiltshire]

Control: tag -1 wontfix moreinfo

Hi,

On 2017-05-08 00:40, Roger Shimizu wrote:

Since you say it should fix unstable first, then stretch or t-p-u,
now I think we may just leave runc/0.1.1+dfsg1-2 (current in stretch)
as it is in stretch. Because it builds OK (without FTBFS) for stretch.
The #858250 FTBFS only occurs on unstable.


If runc currently builds in stretch, there is no need to touch it (and 
#858250 should be tagged 'sid').


It's not clear from #858250 if that is actually the case or not though.


--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

 i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits

Bug#848834: fails to build stretch image on stretch: systemd-machine-id-setup error

[me]

On Mon, 19 Dec 2016 22:29:30 -0500 =?utf-8?q?Antoine_Beaupr=C3=A9?= 
 wrote:

I: Unpacking the base system...
W: Failure trying to run: chroot /tmp/minimal/root dpkg 
--force-overwrite --force-confold --skip-same-version --install 
/var/cache/apt/archives/adduser_3.115_all.deb 
/var/cache/apt/archives/libapparmor1_2.10.95-8_amd64.deb 
/var/cache/apt/archives/libcryptsetup4_2%3a1.7.3-3_amd64.deb 
/var/cache/apt/archives/libip4tc0_1.6.0+snapshot20161117-4_amd64.deb 
/var/cache/apt/archives/libkmod2_23-1_amd64.deb 
/var/cache/apt/archives/libcap2_1%3a2.25-1_amd64.deb 
/var/cache/apt/archives/libidn11_1.33-1_amd64.deb 
/var/cache/apt/archives/libseccomp2_2.3.1-2.1_amd64.deb 
/var/cache/apt/archives/dmsetup_2%3a1.02.137-1_amd64.deb 
/var/cache/apt/archives/libdevmapper1.02.1_2%3a1.02.137-1_amd64.deb 
/var/cache/apt/archives/systemd_232-8_amd64.deb
W: See /tmp/minimal/root/debootstrap/debootstrap.log for details 
(possibly the package systemd is at fault)




I got the same error here.
It works, when using the root build method (e.g. sudo debirf make -r -n 
minimal but not using sudo debirf make -n minimal).

Maybe something with fakeroot changed?

-sebastian

Bug#862541: Pre-approval request, unblock: caffe/1.0.0-2

[Jonathan Wiltshire]

Control: tag -1 moreinfo

Hi,

On 2017-05-14 13:43, lumin wrote:

I'm working on bug #862528 for adding a missing file back,
and the fix will be shipped in 1.0.0-2 (i.e. not uploaded yet).

However the caffe package in testing is 1.0.0~rc4-1 ,
and I wish stretch to ship the 1.0.0 version [1] instead
of an upstream RC version.

I wonder whether this update can be approved. Thanks.


It's impossible to say without more information about the proposed 
changes.


I also note that the bug you're fixing is only severity:important, which 
this close to release is not really what we're looking for any longer.


Thanks,

--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

 i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits

Bug#862866: upgrade-reports: Error message after installation/Upgrade (Synaptic)

[Cindy-Sue Causey]

On 5/17/17, Bill Allombert  wrote:
> On Wed, May 17, 2017 at 11:36:50PM +0300, Geo Pe wrote:
>> Package: upgrade-reports
>> Severity: normal
>>
>> Dear Maintainer,
>>
>> *** Reporter, please consider answering these questions, where appropriate
>> ***
>>
>>* What led up to the situation?
>>  I upgraded from stable to testing. Try to install/upgrade various
>> packages
>>
>>* What exactly did you do (or not do) that was effective (or
>>  ineffective)?
>>  Tried to install netbeans. The problem is repeaded with other packages.
>>* What was the outcome of this action?
>>  Netbeans was installed but i got the following message after
>> installation:
>>
>>  "W: Download is performed unsandboxed as root as file
>> '/var/cache/apt/archives/partial/libminizip1_1.1-8+b1_amd64.deb' couldn't
>> be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)"
>>
>>* What outcome did you expect instead?
>>  Message for successfull installation.
>
> Hello Geo Pe,
> This is not an error but a warning (W: mean warning).
> You should check the permission of
> /var/cache/apt/archives/partial/
>
> Cheers,
> --
> Bill. 
>
> Imagine a large red swirl here.


I've received that warning in the past. There obviously could be
multiple causes for seeing it. In my case and purely discovered by
accident, the warning occurred because I had symlinked to
'/var/cache/apt/archives which was on an external hard drive.

No matter where the target '/var/cache/apt/archives/ was placed in a
data'esque hierarchy on that external hard drive, I still received
that error. Permissions *appeared* to be correct, but that also didn't
seem to make a difference.

As a matter of record as long as the topic is here, that symlinking
also caused my debootstrap chroot user "root" to have an identity
crisis where it kept yelling, "I Have No Name!"

As soon as I removed the symlink to '/var/cache/apt/archives/ and
moved files back in the primary hierarchy, debootstrap's chroot user
root found itself again as "root". If I'm remembering correctly, that
instance was ultimately traced back to my missing a similar
permissions denied warning early on in debootstrap. That warning
disappeared immediately upon removal of the package archives directly
symlink.

Hope this some day helps somehow..

Cindy :)

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Bug#862901: release-notes: further update to perl @INC change

[Dominic Hargreaves]

Package: release-notes
Severity: normal

Hi,

Further to #859129, please consider this additional patch which refers
to a possible workaround for local issues, and freshly-minted upstream
documentation for developers on the topic.

Index: en/issues.dbk
===
--- en/issues.dbk   (revision 11492)
+++ en/issues.dbk   (working copy)
@@ -710,6 +710,25 @@
   require(), do() etc., where the
   arguments are files in the current directory.
 
+
+
+  All perl programs and module shipped by Debian should have been
+  fixed to address any incompatibilities caused by the above; please
+  file bugs if this is not the case. As the change has now been made
+  in perl 5.26.0, third-party software should also start to be fixed.
+  Information about how to fix this issue for developers is provided
+  in the https://perl5.git.perl.org/perl.git/blob_plain/HEAD:/pod/perldelta.pod";>perl
 5.26 release notes (see the SECURITY section).
+
+
+  If needed you can temporarily reinstate . in
+  @INC globally by commenting out the line in
+  /etc/perl/sitecustomize.pl but you should
+  only do this with a understanding of the potential risks. This
+  workaround will be removed in &debian; &nextrelease;. You can
+  also set the PERL_USE_UNSAFE_INC environment
+  variable in a specific context which will have the same effect.  
 
   
   

Bug#862866: upgrade-reports: Error message after installation/Upgrade (Synaptic)

[Cindy-Sue Causey]

My apologies. I literally "hate" when I have to respond to myself as
fast as I send an email. An important detail I left off is that this
occurs for me while using apt-get.

And typo correction attached below where "directly" should have been
"directory". *oops!* :)


On 5/18/17, Cindy-Sue Causey  wrote:
> On 5/17/17, Bill Allombert  wrote:
>> On Wed, May 17, 2017 at 11:36:50PM +0300, Geo Pe wrote:
>>> Package: upgrade-reports
>>> Severity: normal
>>>
>>> Dear Maintainer,
>>>
>>> *** Reporter, please consider answering these questions, where
>>> appropriate
>>> ***
>>>
>>>* What led up to the situation?
>>> I upgraded from stable to testing. Try to install/upgrade various
>>> packages
>>>
>>>* What exactly did you do (or not do) that was effective (or
>>>  ineffective)?
>>> Tried to install netbeans. The problem is repeaded with other packages.
>>>* What was the outcome of this action?
>>> Netbeans was installed but i got the following message after
>>> installation:
>>>
>>> "W: Download is performed unsandboxed as root as file
>>> '/var/cache/apt/archives/partial/libminizip1_1.1-8+b1_amd64.deb'
>>> couldn't
>>> be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)"
>>>
>>>* What outcome did you expect instead?
>>> Message for successfull installation.
>>
>> Hello Geo Pe,
>> This is not an error but a warning (W: mean warning).
>> You should check the permission of
>> /var/cache/apt/archives/partial/
>>
>> Cheers,
>> --
>> Bill. 
>>
>> Imagine a large red swirl here.
>
>
> I've received that warning in the past. There obviously could be
> multiple causes for seeing it. In my case and purely discovered by
> accident, the warning occurred because I had symlinked to
> '/var/cache/apt/archives which was on an external hard drive.
>
> No matter where the target '/var/cache/apt/archives/ was placed in a
> data'esque hierarchy on that external hard drive, I still received
> that error. Permissions *appeared* to be correct, but that also didn't
> seem to make a difference.
>
> As a matter of record as long as the topic is here, that symlinking
> also caused my debootstrap chroot user "root" to have an identity
> crisis where it kept yelling, "I Have No Name!"
>
> As soon as I removed the symlink to '/var/cache/apt/archives/ and
> moved files back in the primary hierarchy, debootstrap's chroot user
> root found itself again as "root". If I'm remembering correctly, that
> instance was ultimately traced back to my missing a similar
> permissions denied warning early on in debootstrap. That warning
> disappeared immediately upon removal of the package archives [directory]
> symlink.
>
> Hope this some day helps somehow..
>
> Cindy :)
>
> --
> Cindy-Sue Causey
> Talking Rock, Pickens County, Georgia, USA
>
> * runs with duct tape *

Bug#862864: unblock: pixbros/0.6.3+dfsg-0.1

[Adrian Bunk]

On Thu, May 18, 2017 at 01:40:28PM +0200, Steve Cotton wrote:
> On Wed, May 17, 2017 at 11:12:52PM +0300, Adrian Bunk wrote:
> > Usertags: unblock
> >
> > +  * Repackaged to remove generated files and copyright violations
> > +from the upstream sources. (Closes: #861612)
> 
> Hi Adrian, Markus and the Release Team,
> 
> I'm sorry to be a spoilsport, but I ask the Release Team to review bug
> #861612 before unblocking Pixbros, particularly the comparisons in
> .

The correct people to review would be the FTP team (added to Cc).

> Please note that both Adrian and Markus Koschany disagree with me.

I actually don't have a settled opinion on that.

The part of my upload I was personally interested in was the 
architecture change to allow building on the buildds, and
Markus asked me to also include this change.

> Thanks,
> Steve

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#862864: unblock: pixbros/0.6.3+dfsg-0.1

[Steve Cotton]

On Wed, May 17, 2017 at 11:12:52PM +0300, Adrian Bunk wrote:
> Usertags: unblock
>
> +  * Repackaged to remove generated files and copyright violations
> +from the upstream sources. (Closes: #861612)

Hi Adrian, Markus and the Release Team,

I'm sorry to be a spoilsport, but I ask the Release Team to review bug
#861612 before unblocking Pixbros, particularly the comparisons in
.

Please note that both Adrian and Markus Koschany disagree with me.

Thanks,
Steve

Bug#862902: RM: linux-signed -- ROM; not compatible with current linux package

[Ben Hutchings]

Package: ftp.debian.org
Severity: normal

As we don't have code signing in place in the archive software,
linux-signed is not suitable for release.  Further, I've had to
disable checks for module signatures in src:linux, which makes
this package completely pointless for now.

Ben.

Bug#862216: release-notes: [Stretch] improve text about iproute2 and net-tools

[Baptiste Jammet]

Control: tags -1 patch

Hello, 

Dixit Andreas Henriksson, le 09/05/2017 :

>I recently ran across the stretch release notes draft and particularly
>"5.3.9. iproute2 will replace net-tools".
[...]
>I'm not sure I should write these texts but here's an attempt at
>providing an alternative description.
[...]
I used your words in this new patch.

>Please note that the 'iw' command (as suggested for iwconfig
>replacement) is not from the iproute2 toolset, but rather from it's own
>package 'iw'!
Removed.

>Similar for the ifrename command, which I wonder if it shouldn't be
>considered a legacy command instead of a replacement for anything.
>Modern interface naming tools more high level than 'ip link' would
>likely be systemd-networkd these days.
Removed too.

>Hope this helps.
Yes, thanks.

>Also feel free to reach out to iprou...@packages.debian.org
>for any advice related to the package and its usage.
Keeping in Cc if someone wants to comment. I intend to commit in few
days if noone disagree.

Baptiste
Index: en/issues.dbk
===
--- en/issues.dbk	(révision 11490)
+++ en/issues.dbk	(copie de travail)
@@ -739,16 +739,18 @@
   
 
   
-  iproute2 will replace net-tools
+  net-tools will be deprecated in favor of iproute2
 
-  The net-tools package's
-  priority has been changed from important to optional, while
-  iproute2 has been
-  upgraded to important.
-  New installations will have iproute2
-  installed by default, while systems upgraded from Jessie should consider migrating
-  from net-tools to
-  iproute2.
+  The net-tools package
+  is no longer part of new installations by default,
+  since it's priority has been lowered from important to optional.
+  Users are instead advised to use the modern
+  iproute2 toolset
+  (which has been part of new installs for several releases already).
+  If you still prefer to continue using the
+  net-tools
+  programs you can simply install it via
+  apt install net-tools
 
 
   Here is a summary of the net-tools commands, together with
@@ -778,16 +780,12 @@
   ip tunnel
 
 
-  iwconfig
-  iw
-
-
   nameif
-  ip link, ifrename
+  ip link
 
 
   netstat
-  ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat-g)
+  ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat -g)
 
 
   route


pgpfDsVsHgCpp.pgp
Description: OpenPGP digital signature

Bug#862899: rsync: insufficient escaping/quoting of arguments

[Paul Slootman]

On Thu 18 May 2017, Thorsten Glaser wrote:

> Now run this:
> 
> remote$ touch ./-zT.mp4
> local$ mkdir test
> local$ cd test
> local$ rsync -zavPH --numeric-ids -S --stats '--rsh=ssh -T' $remote:\*4 .
> 
> Expected: the “-zT.mp4” file is transferred.
> 
> Actual:   the whole home directory of $remote, including subdirectories
>   and everything, is transferred.

Please try again with the --protect-args option, which is meant for such
situations.

BTW, why specify '--rsh=ssh -T', what's wrong with the default?


Paul

Bug#862824: xserver-xorg-core: tigervncserver crash in WriteToClient shortly after VNC client connecs

[Rafal]

I think the correction will help.

I have recompiled tigervnc with the server version from 
cgit.freedesktop.org (currently it does not contain the patches yet), 
but, as I see, cleanup after client abort is performed much more quickly 
than in version used by Debian. From this reason repetition of this 
error is much more difficult. I was unable to repeat it.



One notice not related to this error. I'm looking at FlushClient 
function in io.c and I see one weird thing. It contains the following "if":


if (trans_conn && (len = _XSERVTransWritev(trans_conn, iov, i)) 
>= 0) {...


Later there are "else if" constructs with checks of errno variable, but 
it makes sense to check errno only when _XSERVTransWritev() was invoked 
and returned error. If the trans_conn variable is set to 0, the errno is 
0 (it is set before the "if"). In particular when SUSNSYSV is defined, 
the second "if" is always true when trans_conn is NULL. I think it was 
not the intention.



On 05/18/2017 02:00 AM, Michel Dänzer wrote:

On 18/05/17 12:50 AM, Rafal wrote:

No, this is not the case. The problem more subtle. Client connection
is closed but the entry is not marked as deleted in ospoll, so any
cleanup of deleted entries will not help. The problem is that entries
in ospoll are searched by fd (file descriptor). These descriptors are
unique for all open files, but the descriptor may be reused when some
file is closed (and usually it is reused).

New patch series related to this:

https://patchwork.freedesktop.org/patch/156892/
https://patchwork.freedesktop.org/patch/156893/
https://patchwork.freedesktop.org/patch/156894/
https://patchwork.freedesktop.org/patch/156891/
https://patchwork.freedesktop.org/patch/156895/

Bug#862903: cfengine3: cf-serverd segfaults if connected from version 3.6 client

[Christoph Martin]

Package: cfengine3
Version: 3.9.1-4.1
Severity: important

This seams to be a problem with the libssl1.1 patch:

 verbose: New connection (from 134.93.177.134, sd 7), spawning new thread...
[New Thread 0x77fe7700 (LWP 44589)]
info: 134.93.177.134> Accepting connection
 verbose: 134.93.177.134> Setting socket timeout to 600 seconds.
 verbose: 134.93.177.134> Peeked CAUTH in TCP stream, considering the
protocol as Classic

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x77fe7700 (LWP 44589)]
0x7749 in BN_num_bits ()
   from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
(gdb) back
#0  0x7749 in BN_num_bits ()
   from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#1  0x7795 in ?? () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#2  0x77b58f72 in HashNewFromKey () from /usr/lib/libpromises.so.3
#3  0x77b619da in KeyNew () from /usr/lib/libpromises.so.3
#4  0x55561834 in ?? ()
#5  0xcb36 in ?? ()
#6  0x76414064 in start_thread (arg=0x77fe7700)
at pthread_create.c:309
#7  0x7614962d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

See
https://tracker.mender.io/projects/CFE/issues/CFE-2629?filter=allopenissues

and the comment at the end which states that the patch for libssl1.1 is
still
not ready.

reverting the patch and depending on
libssl1.0-dev | libssl-dev (<< 1.1)
does fix the issue

Christoph

-- 

Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber: mar...@jabber.uni-mainz.de
  (Siehe http://www.zdv.uni-mainz.de/4010.php)
<>

signature.asc
Description: OpenPGP digital signature

Bug#848834: fails to build stretch image on stretch: systemd-machine-id-setup error

[Daniel Kahn Gillmor]

On Thu 2017-05-18 13:52:27 +0200, m...@free-minds.net wrote:
> I got the same error here.
> It works, when using the root build method (e.g. sudo debirf make -r -n 
> minimal but not using sudo debirf make -n minimal).
> Maybe something with fakeroot changed?

I agree that this seems like a larger problem.  maybe it's actually an
issue with debootstrap --variant=fakechroot ?

  --dkg

Bug#827593: new upstream (2.9.8.3)

[Matthew Gabeler-Lee]

On 03/17/2017 12:59 PM, Matthew Gabeler-Lee wrote:
> Further, I would note that upstream has now officially End of Life'd 2.9.7.x

And now they have discontinued providing rules for 2.9.7.x, making the
Debian provided package ever closer to useless.

Bug#862864: unblock: pixbros/0.6.3+dfsg-0.1

[Markus Koschany]

Am 18.05.2017 um 13:40 schrieb Steve Cotton:
> On Wed, May 17, 2017 at 11:12:52PM +0300, Adrian Bunk wrote:
>> Usertags: unblock
>>
>> +  * Repackaged to remove generated files and copyright violations
>> +from the upstream sources. (Closes: #861612)
> 
> Hi Adrian, Markus and the Release Team,
> 
> I'm sorry to be a spoilsport, but I ask the Release Team to review bug
> #861612 before unblocking Pixbros, particularly the comparisons in
> .
> 
> Please note that both Adrian and Markus Koschany disagree with me.

I still believe I gave you a reasonable explanation in [1] why pixbros
is not non-free. You also have not commented on my note that, according
to your reasoning, games like Pathological or Tuxpuck would also be
affected. I could continue with this list. Did you ever play pacman [2]?

You use Policy 2.3 as a justification for your severity. Which concrete
law in which country would we break by distributing pixbros? Where is
the evidence that distributing the game is harmful for Debian?



[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861612#35
[2] https://packages.debian.org/sid/pacman



signature.asc
Description: OpenPGP digital signature

Bug#862891: jessie-pu: package flightgear/3.0.0-5+deb8u2

[Adam D. Barratt]

Control: tags -1 + moreinfo

On 2017-05-18 8:38, Markus Wanner wrote:

as per Salvatore Bonaccorso, the current security fix for flightgear
doesn't warrant a DSA on its own (see below). Is it okay to upload to
'stable'?


So far as I can tell, having looked at the BTS and Security Tracker, and 
the description of the CVE, this issue also affects the flightgear 
package in unstable and is not yet fixed there. Assuming that's correct, 
please ensure that unstable is fixed first and then come back to us; if 
it's not correct, please get the metadata fixed.



A debdiff against the current version in stable-sec (3.0.0-5+deb8u1) is
attached. Please note that stable itself is still at 3.0.0-5 and 
doesn't

offer the first (and related) security fix.


Indeed, because the main archive rejected the upload before it made it 
as far as the p-u-new queue. I don't remember why and it was 
suffficiently long ago that the data files are no longer publicly 
available in order to check.


Regards,

Adam

Bug#862891: jessie-pu: package flightgear/3.0.0-5+deb8u2

[Markus Wanner]

Adam,

thank you for your feedback.

On 05/18/2017 03:07 PM, Adam D. Barratt wrote:
> So far as I can tell, having looked at the BTS and Security Tracker, and
> the description of the CVE, this issue also affects the flightgear
> package in unstable and is not yet fixed there. 

That's correct, yes.

> Assuming that's correct,
> please ensure that unstable is fixed first and then come back to us; if
> it's not correct, please get the metadata fixed.

I focused on stable, first, thinking of it as a security issue. The fix
for unstable is somewhat different, but also being prepared. I'll report
back when it's fixed, there.

> Indeed, because the main archive rejected the upload before it made it
> as far as the p-u-new queue. I don't remember why and it was
> suffficiently long ago that the data files are no longer publicly
> available in order to check.

I think that was the PGP key deprecation issue on my side.

Kind Regards

Markus Wanner




signature.asc
Description: OpenPGP digital signature

Bug#862904: unblock: dblatex/0.3.9-2

[Raphaël Hertzog]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package dblatex

While working on the stretch version of the Debian Handbook, I recently
discovered a regression in the way dblatex renders some inline elements
( and  among others).

I filed this as #862332 and with the maintainer we uploaded a fix to sid.
Please let it migrate to stretch so that we don't lose spaces when using
stretch's dblatex...

unblock dblatex/0.3.9-2

Debdiff is here:

diff -Nru dblatex-0.3.9/debian/changelog dblatex-0.3.9/debian/changelog
--- dblatex-0.3.9/debian/changelog  2016-10-11 08:58:13.0 +0200
+++ dblatex-0.3.9/debian/changelog  2017-05-16 20:42:07.0 +0200
@@ -1,3 +1,11 @@
+dblatex (0.3.9-2) unstable; urgency=low
+
+  * 20_preserve_spaces.patch:
+Preserve spaces in  and  elements.
+Thanks to Raphaël Hertzog for reporting and for his patch.  Closes: #862332
+
+ -- Andreas Hoenen   Tue, 16 May 2017 20:42:07 
+0200
+
 dblatex (0.3.9-1) unstable; urgency=low
 
   * New upstream release
diff -Nru dblatex-0.3.9/debian/patches/10_dblatex_version.patch 
dblatex-0.3.9/debian/patches/10_dblatex_version.patch
--- dblatex-0.3.9/debian/patches/10_dblatex_version.patch   2016-10-08 
10:04:59.0 +0200
+++ dblatex-0.3.9/debian/patches/10_dblatex_version.patch   2017-05-16 
17:48:08.0 +0200
@@ -8,6 +8,6 @@
  
 -->
  
 -0.3.9
-+0.3.9-1
++0.3.9-2
  
  
diff -Nru dblatex-0.3.9/debian/patches/20_preserve_spaces.patch 
dblatex-0.3.9/debian/patches/20_preserve_spaces.patch
--- dblatex-0.3.9/debian/patches/20_preserve_spaces.patch   1970-01-01 
01:00:00.0 +0100
+++ dblatex-0.3.9/debian/patches/20_preserve_spaces.patch   2017-05-16 
17:52:59.0 +0200
@@ -0,0 +1,14 @@
+Author: Raphaël Hertzog 
+Description: Hotfix for BTS report #862332:
+Preserve spaces in  and  elements.
+--- a/lib/dbtexmf/dblatex/texhyphen.py
 b/lib/dbtexmf/dblatex/texhyphen.py
+@@ -49,7 +49,7 @@
+ existing latex styles.
+ """
+ def __init__(self, codec=None,
+- h_sep="\penalty0 ", h_char="\penalty5000 ",
++ h_sep="\penalty0{}", h_char="\penalty5000{}",
+  h_start=3, h_stop=3):
+ self.codec = codec
+ self.seps = r":/\@=?#;-."
diff -Nru dblatex-0.3.9/debian/patches/series 
dblatex-0.3.9/debian/patches/series
--- dblatex-0.3.9/debian/patches/series 2016-10-09 18:43:00.0 +0200
+++ dblatex-0.3.9/debian/patches/series 2017-05-16 17:49:11.0 +0200
@@ -4,3 +4,4 @@
 20_subtitle_handling.patch
 20_db2latex_title_page.patch
 20_xmultirow.patch
+20_preserve_spaces.patch

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#862905: docker.io: docker run fails with "No help for topic 'create'"

[James]

Package: docker.io
Version: 1.13.0~ds1-3
Severity: important

Dear Maintainer,

I installed docker.io from the testing repository and tried to do
'docker run hellow-world'.  It pulls the necessary files but then
fails with a cryptic error message: "No help for topic 'create'"

Any Dockerfile I try to build fails in this way.  My box is up to date
dist-upgraded testing.  I tried it on another Debian testing box and
got the same result.  I then removed docker.io and installed the
Debian package from Docker.com:
https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce_17.03.1~ce-0~debian-stretch_amd64.deb
Docker now works as intended.


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'stable'), (500, 'stable-updates')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#661954: make /etc/ssmtp/* not world readable

[Simon Deziel]

On Thu, 24 Sep 2015 20:53:18 + Jason Pepas  wrote:
> Did this patch never get accepted?  It looks like a great, simple solution to 
> the problem.

Still not accepted in Debian. It was integrated in Ubuntu Xenial (16.04)
and works well there so it would be nice to have it in Debian as well.

Simon



signature.asc
Description: OpenPGP digital signature

Bug#862891: jessie-pu: package flightgear/3.0.0-5+deb8u2

[Adam D. Barratt]

On 2017-05-18 14:25, Markus Wanner wrote:
[...]

On 05/18/2017 03:07 PM, Adam D. Barratt wrote:
So far as I can tell, having looked at the BTS and Security Tracker, 
and

the description of the CVE, this issue also affects the flightgear
package in unstable and is not yet fixed there.

[...]

I focused on stable, first, thinking of it as a security issue.


We don't differentiate between types of fixes in that way for uploads 
going via p-u. If a security issue is urgent enough to need fixing in 
stable first then it should really be published via the security archive 
- that's rather its point, after all :-).



The fix
for unstable is somewhat different, but also being prepared. I'll 
report

back when it's fixed, there.


Thanks.

Regards,

Adam

Bug#803259: support for deprecated openssl features

[Stefan Bühler]

Hi,

I think a separate openssl-insecure package with an (possibly statically
linked) "/usr/bin/openssl-insecure" binary should be safe enough that
people don't "accidentally" use it.

If you would want to really make sure it isn't abused you'd put it
somewhere in /usr/lib/openssl-insecure/.

Building it from the same source as the standard openssl binary is the
higher risk in my opinion: what if some of the insecure build options
suddenly get applied to the main build?

Also upstream might remove some of the deprecated/broken features from
the code completely, in which case testssl.sh probably needs to learn to
use multiple binaries.

JFYI: I think the testssl.sh upstream openssl binary also has some other
patches, e.g. enabling IPv6.

cheers,
Stefan

Bug#862906: gnome-software can't find gnome extension if they're opened through desktop search

[André Brait]

Package: gnome-software
Version: 3.22.5-1
Severity: normal
Tags: newcomer

Dear Maintainer,

   * What led up to the situation?
Using Desktop Search to search for GNOME Shell extensions and trying to
open gnome-software by clicking one of the results.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
I used the desktop search to look for 'topicons'. Clicked the result
"TopIcons Plus" that was indicating to be a GNOME Shell extension.
   * What was the outcome of this action?
GNOME Software opened exhibiting a message telling me it couldn't find
"topIcons_adel.gadllah_gmail.com".
   * What outcome did you expect instead?
GNOME Software to open and show the page for the TopIcons Plus
extension. This happens as expected if I go to the GNOME Software and search
for the extension instead of opening it through the desktop search.



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-software depends on:
ii  appstream0.10.6-2
ii  dconf-gsettings-backend [gsettings-backend]  0.26.0-2+b1
ii  gnome-software-common3.22.5-1
ii  gsettings-desktop-schemas3.22.0-1
ii  libappstream-glib8   0.6.8-1
ii  libatk1.0-0  2.22.0-1
ii  libc62.24-10
ii  libcairo-gobject21.14.8-1
ii  libcairo21.14.8-1
ii  libenchant1c2a   1.6.0-11+b1
ii  libfwupd10.7.4-2
ii  libgdk-pixbuf2.0-0   2.36.5-2
ii  libglib2.0-0 2.50.3-2
ii  libgnome-desktop-3-123.22.2-1
ii  libgtk-3-0   3.22.11-1
ii  libgtkspell3-3-0 3.0.9-1
ii  libgudev-1.0-0   230-3
ii  libjson-glib-1.0-0   1.2.6-1
ii  libpackagekit-glib2-18   1.1.5-2
ii  libpango-1.0-0   1.40.5-1
ii  libpangocairo-1.0-0  1.40.5-1
ii  libpolkit-gobject-1-00.105-17
ii  libsecret-1-00.18.5-3.1
ii  libsoup2.4-1 2.56.0-2
ii  libsqlite3-0 3.16.2-3
ii  packagekit   1.1.5-2
ii  software-properties-gtk  0.96.20.2-1

gnome-software recommends no packages.

Versions of packages gnome-software suggests:
pn  fwupd  
pn  gnome-software-plugin-flatpak  
pn  gnome-software-plugin-limba

-- no debconf information

Bug#862907: dash: Incorrectly slurps script from stdin (POSIX compliance issue)

[Guillem Jover]

Package: dash
Version: 0.5.8-2.4
Severity: normal
Tags: upstream
X-Debbugs-CC: Michael Prokop 

Hi!

While tracking an issue with some scripts (described at [I]) we noticed
that dash is not POSIX compliant when parsing the script to invoke
from stdin. In contradiction with POSIX, it does block reads instead
of character-per-character reads to only get the current command,
quoting from POSIX [P]:

  ,---
  | STDIN
  |
  | […]
  |
  | When the shell is using standard input and it invokes a command that
  | also uses standard input, the shell shall ensure that the standard
  | input file pointer points directly after the command it has read
  | when the command begins execution. It shall not read ahead in such a
  | manner that any characters intended to be read by the invoked
  | command are consumed by the shell (whether interpreted by the shell
  | or not) or that characters that are not read by the invoked command
  | are not seen by the shell. When the command expecting to read
  | standard input is started asynchronously by an interactive shell, it
  | is unspecified whether characters are read by the command or
  | interpreted by the shell.
  `---

[I] 

[P] 

The following test demonstrates the problem:

  ,--- sh-stdin.sh ---
  #!/bin/sh

  : ${TEST_SH:=dash}

  $TEST_SH <<"EOF"
  echo "Inner: pre"
  while read line; do echo "Eat: $line"; done
  echo "Inner: post"
  exit 3
  EOF

  echo "Outer: exit code = $?"
  `---

  ,--- test session ---
  $ TEST_SH=bash ./sh-stdin
  Inner: pre
  Eat: echo "Inner: post"
  Eat: exit 3
  Outer: exit code = 0
  $ TEST_SH=dash ./stdin.sh
  Inner: pre
  Inner: post
  Outer: exit code = 3
  `---

All other shells that we tested are POSIX compliant, this includes:

  bash, ksh, mksh, posh and zsh

Thanks,
Guillem

Bug#862908: smartmontools: smartd fails when no disks are present

[Daniel Kahn Gillmor]

Package: smartmontools
Version: 6.5+svn4324-1
Severity: normal

On a system that has no built-in disks, smartd fails to start.  it
quits with a return value of 17.

this makes systemd say that the system is in "degraded" mode.

however, it would be nice to have smartd run anyway on such a system,
and to have it notice when new devices are attached.  This would make
it so that systemd doesn't see it as a failed service.

with -d present, here's the output of "systemctl status smartd -n 100"
on such a system:

* smartd.service - Self Monitoring and Reporting Technology (SMART) Daemon
   Loaded: loaded (/lib/systemd/system/smartd.service; enabled; vendor preset: 
enabled)
   Active: failed (Result: exit-code) since Thu 2017-05-18 14:12:54 UTC; 56s ago
 Docs: man:smartd(8)
   man:smartd.conf(5)
  Process: 2214 ExecStart=/usr/sbin/smartd -n $smartd_opts (code=exited, 
status=17)
 Main PID: 2214 (code=exited, status=17)

May 18 14:12:54 host systemd[1]: Started Self Monitoring and Reporting 
Technology (SMART) Daemon.
May 18 14:12:54 host smartd[2214]: smartd 6.6 2016-05-31 r4324 
[x86_64-linux-4.9.0-3-amd64] (local build)
May 18 14:12:54 host smartd[2214]: Copyright (C) 2002-16, Bruce Allen, 
Christian Franke, www.smartmontools.org
May 18 14:12:54 host smartd[2214]: Opened configuration file /etc/smartd.conf
May 18 14:12:54 host smartd[2214]: Drive: DEVICESCAN, implied '-a' Directive on 
line 21 of file /etc/smartd.conf
May 18 14:12:54 host smartd[2214]: Configuration file /etc/smartd.conf was 
parsed, found DEVICESCAN, scanning devices
May 18 14:12:54 host smartd[2214]: glob(3) found no matches for pattern 
/dev/hd[a-t]
May 18 14:12:54 host smartd[2214]: glob(3) found no matches for pattern 
/dev/sd[a-z]
May 18 14:12:54 host smartd[2214]: glob(3) found no matches for pattern 
/dev/sd[a-c][a-z]
May 18 14:12:54 host smartd[2214]: DEVICESCAN failed: glob(3) aborted matching 
pattern /dev/discs/disc*
May 18 14:12:54 host smartd[2214]: In the system's table of devices NO devices 
found to scan
May 18 14:12:54 host smartd[2214]: Unable to monitor any SMART enabled devices. 
Try debug (-d) option. Exiting...
May 18 14:12:54 host systemd[1]: smartd.service: Main process exited, 
code=exited, status=17/n/a
May 18 14:12:54 host systemd[1]: smartd.service: Unit entered failed state.
May 18 14:12:54 host systemd[1]: smartd.service: Failed with result 'exit-code'.

Regards,

--dkg

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages smartmontools depends on:
ii  debianutils  4.8.1
ii  init-system-helpers  1.48
ii  libc62.24-10
ii  libcap-ng0   0.7.7-3+b1
ii  libgcc1  1:6.3.0-16
ii  libselinux1  2.6-3+b1
ii  libstdc++6   6.3.0-16
ii  lsb-base 9.20161125

Versions of packages smartmontools recommends:
pn  mailutils [mailx]  

Versions of packages smartmontools suggests:
pn  gsmartcontrol   
pn  smart-notifier  

-- no debconf information

Bug#862909: debhelper: dh_shlibdeps does not always call dpkg-shlibdeps

[Guillem Jover]

Package: debhelper
Version: 10.2.5
Severity: normal

Hi!

When a package does not contain any candidates that dh_shlibdeps
considers worth passing to dpkg-shlibdeps, it does not call
dpkg-shlibdeps, even if dh_shlibdeps got called with additional
arguments, which in most cases will contain a list of files to
analyze. This is because $dh{U_PARAMS} or a subset of that is not
part of @filelist.

Say a package with only plugins that dh_shlibdeps does not recognize,
and then doing this manually:

  dh_shlibdeps -- path/to/plugins/foo.plugin

In my particular case the files involved were nodejs bindings, which
are recognized in later debhelper versions, but the principle applies
to any other unsupported files.

This was very surprising and took some debugging to track down,
because it seemed very non-obvious behavior. :)

Thanks,
Guillem

Bug#851810: xcalib: "Error - unsupported ramp size 0" when trying to invert screen

[Chris Lamb]

Chris Lamb wrote:

> xcalib: "Error - unsupported ramp size 0" when trying to invert screen

In case it helps anyone else, adding:

  Section "Device"
 Identifier  "Intel Graphics"
 Driver  "intel"
  EndSection

to /etc/X11/xorg.conf.d/20-intel.conf and installing xserver-xorg-video-intel
"fixes" this for me.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#862910: [INTL:id] initial Indonesian debconf translation

[Kukuh Syafaat]

Source: distributed-net
Version: 2.9112.521-1
Severity: wishlist
Tags: patch l10n
X-Debbugs-CC: debian-l10n-indones...@lists.debian.org

Dear maintainer, please find attachment for Indonesian debconf translations

msgfmt -c -v -o /dev/null id.po
3 pesan diterjemahkan.

Thank You

-- 
Kukuh Syafaat

# Translation of distributed-net debconf templates to Indonesian 
# Copyright (C) Debian Indonesia Translator 
# This file is distributed under the same license as the distributed-net package.
# Kukuh Syafaat , 2017.
#
msgid ""
msgstr ""
"Project-Id-Version: distributed-net\n"
"Report-Msgid-Bugs-To: distributed-...@packages.debian.org\n"
"POT-Creation-Date: 2014-04-06 19:24+0200\n"
"PO-Revision-Date: 2017-05-18 21:11+0700\n"
"Language: id_ID\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"Last-Translator: Kukuh Syafaat \n"
"Language-Team: Debian Indonesia Translator \n"
"X-Generator: Poedit 1.8.11\n"
"X-Poedit-SourceCharset: UTF-8\n"

#. Type: boolean
#. Description
#: ../distributed-net.templates:2001
msgid "Run the distributed.net client configuration utility?"
msgstr "Jalankan utilitas konfigurasi klien distributed.net?"

#. Type: boolean
#. Description
#: ../distributed-net.templates:2001
msgid ""
"The distributed.net client needs to be configured before it can be used. "
"While most options have reasonable defaults, you need to specify the e-mail "
"address to which you would like distributed.net to credit any work done by "
"the client. If you are installing the distributed-net package for the first "
"time, then you must configure the client, otherwise the distributed.net "
"client will refuse to start."
msgstr ""
"Klien distributed.net perlu dikonfigurasi sebelum dapat digunakan. Sementara "
"sebagian besar pilihan memiliki bawaan yang masuk akal, Anda perlu "
"menentukan alamat surel yang Anda inginkan untuk distributed.net ke kredit "
"pekerjaan yang dilakukan oleh klien. Jika Anda memasang paket distributed-"
"net untuk pertama kalinya, Anda harus mengkonfigurasi klien, jika tidak, "
"klien distributed.net akan menolak untuk memulai."

#. Type: boolean
#. Description
#: ../distributed-net.templates:2001
msgid ""
"When the distributed.net client is run as a daemon (via /etc/init.d/"
"distributed-net), the output will be redirected to /var/log/distributed-net."
"log. You do not need to set up a log file. Since the init script is "
"controlling the distributed.net client, you should not enable \"quiet mode\" "
"as that breaks the init script."
msgstr ""
"Ketika klien distributed.net dijalankan sebagai daemon (via /etc/init.d/"
"distributed-net), keluaran akan diarahkan ke /var/log/distributed-net.log. "
"Anda tidak perlu membuat berkas log. Karena skrip init mengendalikan klien "
"distributed.net, Anda seharusnya tidak mengaktifkan \"mode diam\" saat skrip "
"init rusak."

Bug#862216: release-notes: [Stretch] improve text about iproute2 and net-tools

[Andreas Henriksson]

Hello Baptiste,

On Thu, May 18, 2017 at 02:27:08PM +0200, Baptiste Jammet wrote:
> Control: tags -1 patch
[...]

Just a minor nitpit, which is unrelated but that I noticed when looking
at your patch.

There seems to be a missing space in "netstat-r" which you might also
want to fix while at it ( => "netstat -r").

Regards,
Andreas Henriksson

Bug#862911: ITP: python-decouple -- Helps you to organize your Django|Flask settings

[Herbert Parentes Fortes Neto]

Package: wnpp
Severity: wishlist
Owner: Herbert Parentes Fortes Neto 

* Package name: python-decouple
  Version : 3.0
  Upstream Author : Henrique Bastos 
* URL : https://pypi.python.org/pypi/python-decouple/
* License : MIT
  Programming Lang: Python
  Description : Decouple helps you to organize your Django settings


 Decouple helps you to organize your settings so that you 
 can change parameters without having to redeploy your app.

 Framework :: Django
 Framework :: Flask 

Bug#862912: ITP: iannix -- graphical OSC sequencer for digital arts

[IOhannes m zmoelnig]

Package: wnpp
Severity: wishlist
Owner: IOhannes m zmoelnig 

* Package name: iannix
  Version : 0.9.17
  Upstream Author : Iannix Association 
* URL : https://iannix.org
* License : GPL-3
  Programming Lang: C++
  Description : graphical OSC sequencer for digital arts

 IanniX is a graphical sequencer for digital arts,
 based on Iannis Xenakis works on graphical scores.
 IanniX manages events described via graphical elements (like curves) and
 controls your real-time environment via Open Sound Control (OSC).
 It can also be fully controlled via OSC (or FUDI, if you prefer).


I intend to package this under the pkg-multimedia-maintainers umbrella.

Bug#862717: [Pkg-ime-devel] Bug#862717: ibus-daemon often crashes on suspend/resume

[Osamu Aoki]

On Tue, May 16, 2017 at 08:43:02PM +0200, Ralf Jung wrote:
> > The way this bug is happening, this looks like a bug on plasma-workspace
> > or mozc.
> What is mozc?

It's another IM method used for ibus/uim/fcitx... for Japanese.

Your comment in another mail that patching kde fixed some of the problem
is interesting.

For missing panel, did you install libqt5gui5
i A  --\ libqt5gui55.7.1+dfsg-3+b 5.7.1+dfsg-3+b
  Description: Qt 5 GUI module
Qt is a cross-platform C++ application framework. Qt's primary feature is
its rich set of widgets that provide standard GUI functionality.

The QtGui module extends QtCore with GUI functionality.

Since it is a part of recommends, it is not installed by default.

Osamu 

Bug#862814: ibus-ui (systray icon) mis-detects Qt/KDE version

[Osamu Aoki]

On Wed, May 17, 2017 at 02:03:22PM +0200, Ralf Jung wrote:
> I can confirm that replacing the aforementioned piece of code by just
> 
>   m_indicator.set_icon_full(icon_name, "");
> 
> (i.e., removing the preprocessor conditional entirely) fixes the
> problem:  The icon is properly shown in the systray.

Please send us a patch against current package

Osamu
 
> Kind regards,
> Ralf
> 

Bug#862387: openstack-dashboard: instance delete fails with: 403 Forbidden - CSRF verification failed. Request aborted.

[Thomas Goirand]

On 05/15/2017 11:44 AM, Valentin Vidic wrote:
> On Fri, May 12, 2017 at 09:00:00AM +0200, Valentin Vidic wrote:
>> Instance delete fails when I access:
>>
>>   http://os-ctrl/horizon/project/instances/
>>
>> and select "Delete Instance" from the list of actions with
>> the error:
>>
>>   Forbidden (403)
>>   CSRF verification failed. Request aborted.
>>
>>   Help
>>   Reason given for failure:
>> CSRF token missing or incorrect.
> 
> Downgrading python-django to 1.8.16-1~bpo8+1 seems to help,
> so it seems this version of horizon is not compatible with
> django 1.10 somehow?

Hi,

FYI, I worked together with upstream during all of last summer to
somehow gain Django 1.10 compatibility. There was loads of issues, which
were fixed one by one. I guess this bug means we didn't fixed them all.

If you're good enough with Django, we'd be very happy to add the patch
both upstream and in the Debian package. According to one of the
upstream "leaders" on IRC:

 zigo: Its on the batchActions and deleteActions
 inside tables
 so obviously, very severe.
 What I dont understand is why this didnt break before

Cheers,

Thomas Goirand (zigo)

Bug#862913: [INTL:id] initial Indonesian debconf translation

[Kukuh Syafaat]

Source: arb
Version: 6.0.6-1
Severity: wishlist
Tags: patch l10n
X-Debbugs-CC: debian-l10n-indones...@lists.debian.org

Dear maintainer, please find attachment for Indonesian debconf translations

msgfmt -c -v -o /dev/null id.po
3 pesan diterjemahkan.

Thank You

-- 
Kukuh Syafaat

# Translation of arb debconf templates to Indonesian 
# Copyright (C) Debian Indonesia Translator 
# This file is distributed under the same license as the arb package.
# Kukuh Syafaat , 2017.
#
msgid ""
msgstr ""
"Project-Id-Version: arb\n"
"Report-Msgid-Bugs-To: a...@packages.debian.org\n"
"POT-Creation-Date: 2017-05-18 22:09+0700\n"
"PO-Revision-Date: 2017-05-18 22:20+0700\n"
"Last-Translator: Kukuh Syafaat \n"
"Language-Team: Debian Indonesia Translator \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.8.11\n"
"Language: id\n"

#. Type: multiselect
#. Description
#: ../arb-common.templates:2001
msgid "ARB PT-server administrators:"
msgstr " Administrator ARB PT-server:"

#. Type: multiselect
#. Description
#: ../arb-common.templates:2001
msgid ""
"The default configuration of PT-server slots in /etc/arb/arb_tcp.dat gives "
"ARB three global slots accessible by all users (connecting to localhost:"
"${PORT}), as well as three slots to give private per-user access (connecting "
"to ~/.arb_pts/${USER}${NUMBER}.socket)."
msgstr ""
"Konfigurasi bawaan slot PT-server di /etc/arb/arb_tcp.dat memberi ARB tiga "
"slot global yang dapat diakses oleh semua pengguna (terhubung ke localhost:"
"${PORT}), serta tiga slot untuk memberikan akses per pengguna pribadi "
"(menghubungkan ke ~/.arb_pts/${USER}${NUMBER}.socket)."

#. Type: multiselect
#. Description
#: ../arb-common.templates:2001
msgid ""
"Only members of the \"arb\" system group will be able to build and update "
"the shared PT-servers. Please enter the login names for these privileged "
"users."
msgstr ""
"Hanya anggota grup sistem \"arb\" yang dapat membangun dan memperbarui "
"shared server-PT. Harap masukkan nama login untuk pengguna istimewa ini."

Bug#800831: Bug#800830: missing pre-gap and index mark data

[Moray Allan]

Hi Daniel,

In October 2015 you wrote:

mkcue is behaving like "cdrdao --fast-toc", it is not reading the
pre-gap and index mark details from the disk and it is not including
those details in the Cue sheet.

For some purposes, such as calculating a Musicbrainz disk ID, it may be
necessary to have all these details.


Did you end up just using cdrdao?  Are there other features that would 
make it useful to you to fix this in mkcue, or would recommending cdrdao 
to new users be better?


Moray

Bug#846548: [pkg-opensc-maint] Bug#846548: patch for #846548

[Eric Dorland]

Sorry for not getting back to this sooner. I've canceled this upload
since it has the side-effect of breaking libp11 (ie it bumps it's
soname). I think the way forward would be to make that bump and
rebuild the only dependency (pam-p11) against it, but I'm not 100%
sure pam-p11 compiles with openssl 1.1. I guess this plan will require
release manager approval since it's rather a lot of changes.

* Luke Faraone (l...@faraone.cc) wrote:
> On Thu, 11 May 2017 20:33:41 -0700 Luke W Faraone  wrote:
> > On Thu, 11 May 2017 19:45:51 -0700 Luke W Faraone 
> > wrote:
> > > Attached is a patch to fix the path to the engine directory, and moves
> > > this library back to libssl-dev. (it isn't clear to me from changelog or
> > > git log why the move to 1.1 was originally reverted)
> > 
> > And of course, that patch was bogus. Attached is a orrected patch. I
> > intend to upload this to DELAYED/5 once I have a chance to test on real
> > hardware. 
> 
> Tested (attached) and uploaded accordingly.
> 
>   -- Luke

> $ openssl req -engine pkcs11 -keyform engine -new -key 
> "pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=[…];token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=PIV%20AUTH%20key;type=private"
>  -out req.pem -text -x509 -subj '/CN=Luke Faraone'
> engine "pkcs11" set.
> No private keys found.
> PKCS#11 token PIN: 
> cobalt:/tmp/tmp.1Pc1kTLqDp$ cat req.pem 
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> a7:78:4e:07:98:95:7d:95
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: CN = Luke Faraone
> Validity
> Not Before: May 13 20:07:39 2017 GMT
> Not After : Jun 12 20:07:39 2017 GMT
> Subject: CN = Luke Faraone
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
>   […]
> -BEGIN CERTIFICATE-
> […]
> -END CERTIFICATE-
> 




> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint


-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#792923: After an update, the translation of KDE in french becomes very incomplete

[Maximiliano Curia]

¡Hola Etienne!

El 2015-07-20 a las 10:04 +0200, Etienne MAHE escribió:
Package: kde-l10n-fr 
Version: 4:4.14.0-2 


After an update of french Localization of KDE files, the translation becomes 
very incomplete. For many menus and submenus, before this update, the 
translation was good. But after this same update, many menus switch from french 
to english, although french language is chosen in kde settings. 


The problems occurs for both testing and unstable versions. 


I wait for a solution to solve the problem. 


Sorry that it took so long to get back to you.

The kde-l10n-* packages have been updated a couple of times since this was 
reported, right now in the 4:16.04.3-1 version that covers kde applications 
based on kde frameworks 5.


While the current state is know not to be perfect I think that it's way better 
than it was when this was first reported.


Are you still seeing a very incomplete localization for the french desktop?

Happy hacking,
--
"If you think your users are idiots, only idiots will use it."
-- Linus Torvalds
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Bug#862387: openstack-dashboard: instance delete fails with: 403 Forbidden - CSRF verification failed. Request aborted.

[Valentin Vidic]

On Thu, May 18, 2017 at 05:14:10PM +0200, Thomas Goirand wrote:
> FYI, I worked together with upstream during all of last summer to
> somehow gain Django 1.10 compatibility. There was loads of issues, which
> were fixed one by one. I guess this bug means we didn't fixed them all.
> 
> If you're good enough with Django, we'd be very happy to add the patch
> both upstream and in the Debian package. According to one of the
> upstream "leaders" on IRC:
> 
>  zigo: Its on the batchActions and deleteActions
>  inside tables
>  so obviously, very severe.
>  What I dont understand is why this didnt break before

Thanks for the info, unfortunately my Django skills are pretty basic,
so I don't have a patch to share but just some more info that I found
in the meanwhile.

Tried a few Django packages from python-django git:
  * 1.8.16-1~bpo8+1 - works
  * 1.9.7-2 - works
  * 1.10-1 - fails

Since it fails with the first 1.10 release it should definitely be some
change introduced by the first Django 1.10 version.

Like you mentioned the problem seems to be with the tables - from the
page source in the browser the place where {% csrf_token %} should
be inserted in templates/horizon/common/_data_table.html is blank.
Apache error.log seems to confirm this:

UserWarning: A {% csrf_token %} was used in a template, but the context did not 
provide the value.  This is usually caused by not using RequestContext.

Let me know if you have any ideas what I could try next.

-- 
Valentin

Bug#862871: unblock: intel-microcode/3.20170511.1

[Henrique de Moraes Holschuh]

On Thu, 18 May 2017, Jonathan Wiltshire wrote:
> On 2017-05-17 22:44, Henrique de Moraes Holschuh wrote:
> >Please unblock package intel-microcode.
> 
> Unblocked.

Thank you!

-- 
  Henrique Holschuh

Bug#831860: python{,3}-sip shouldn't provide more than one sip api

[Adrian Bunk]

Control: reassign -1 src:sip4 4.18.1+dfsg-1
Control: retitle -1 python{,3}-sip shouldn't provide more than one sip api
Control: affects -1 python-sip python3-sip

On Thu, Feb 16, 2017 at 02:36:19PM +0100, di dit wrote:
> Rebuilding veusz fixes this bug.
>...

Thanks a lot for your bug report, and also for this
additional information.

The trigger is the python-qt4 upgrade.

Backtrace:
#0  0x in ?? ()
#1  0x7fcb47dce997 in sip_api_get_cpp_ptr (sw=sw@entry=0x7fcb3d763410, 
td=0x7fcb4662ed00) at siplib.c:8571
#2  0x7fcb47dcfe38 in sip_api_convert_to_type (
pyObj=pyObj@entry=, 
td=, transferObj=0x0, flags=, statep=0x0, 
iserrp=iserrp@entry=0x7ffe94602bf4) at siplib.c:8756
#3  0x7fcb47dd3055 in parsePass2 (self=0x0, selfarg=0, 
sipArgs=sipArgs@entry=(,), 
sipKwdArgs=sipKwdArgs@entry=0x0, kwdlist=kwdlist@entry=0x0, 
fmt=0x7fcb46264f2c "", fmt@entry=0x7fcb46264f2a "J8", va=)
at siplib.c:5458
#4  0x7fcb47dd3bd3 in parseKwdArgs (parseErrp=0x7ffe94602e60, 
sipArgs=(,), sipKwdArgs=0x0, 
kwdlist=0x0, unused=unused@entry=0x0, fmt=0x7fcb46264f2a "J8", 
va_orig=0x7ffe94602cf0) at siplib.c:3467
#5  0x7fcb47dd3da1 in sip_api_parse_kwd_args (parseErrp=, 
sipArgs=, sipKwdArgs=, 
kwdlist=, unused=0x0, fmt=) at siplib.c:3387
#6  0x7fcb4600a60e in ?? ()
   from /usr/lib/python2.7/dist-packages/PyQt4/QtGui.x86_64-linux-gnu.so
#7  0x7fcb47dcf7c3 in sipSimpleWrapper_init (
self=self@entry=0x7fcb3d763488, 
args=(,), kwds=0x0)
at siplib.c:9861
#8  0x55d247e8d675 in wrap_init.lto_priv.1153 (kwds=, 
wrapped=0x7fcb47dcf4f0 , args=, 
self=) at ../Objects/typeobject.c:4862
#9  wrapper_call.lto_priv () at ../Objects/descrobject.c:1035
#10 0x55d247e03673 in PyObject_Call () at ../Objects/abstract.c:2547
...


After a rebuild python-qt4 now uses sip-api-11.3, but veusz-helpers 
still uses sip-api-11.1

To enforce that this problem can't happen again or during upgrades, 
python-sip and python3-sip shouldn't provide more than one sip api.

This bug is to track that this gets fixed in python{,3}-sip for stretch.

I'll also submit a binNMU request to get veusz and the other affected 
package in stretch rebuilt with sip-api-11.3

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#862914: nmu: veusz_1.21.1-1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu veusz_1.21.1-1 . ANY . unstable . -m "rebuild with sip-api-11.3"
nmu python-poppler-qt4_0.24.0-1 . ANY . unstable . -m "rebuild with 
sip-api-11.3"

See #831860 for background.

Bug#862541: Pre-approval request, unblock: caffe/1.0.0-2

[Lumin]

Hi jmw,

The difference between the 1.0.0~rc4 version and the 1.0.0 version
is 162 git commits. I went through these git commits, and
these commits are about:

  1 documentation update / fix
  2 code grooming
  3 bug fix
  4 add tests
  5 support cudnn v6  (does not affect this package)
  6 update docker scripts  (does not affect this package)

i.e. There is no major code / feature change from the 1.0.0~rc4 tag
 -> 1.0.0 tag.

I've read the freeze policy but still want to apply for an unblock.
This is a machine learning application which has no rdepends,
and the latest stable version 1.0.0 more favorable to users and it's
more convenient for upstream to support. Although the rc4 version
works fine too.

Apart from the upstream stable release, I will add one more patch
to the packaging directory, which was already approved and merged
by upstream:

https://github.com/BVLC/caffe/commit/91b09280f5233cafc62954c98ce8bc4c204e7475

The patch will change a ambiguous static library name, and hence
fixing the bug mentioned previously won't introduce more trouble.

The 1.0.0-2 version was already prepared in the git repo:

https://anonscm.debian.org/cgit/debian-science/packages/caffe.git/log/

If this change could be approved, I'll upload the 1.0.0-2 version
to unstable, and wait for it to migrate.

If not, can I upload 1.0.0~rc4-2 simply with the patch above
applied and the fix for the bug mentioned above?


Thank you :-)


FYI:
files changed

git diff 1.0.0-rc4 1.0 --stat | cat   Thu 18 May
2017 03:49:46 PM UTC
 .gitignore  |   1 +
 CMakeLists.txt  |  42 +-
 CONTRIBUTORS.md |   2 +-
 LICENSE |   4 +-
 Makefile|   8 +-
 Makefile.config.example |  14 +-
 README.md   |   6 +-
 cmake/ConfigGen.cmake   |  67 +--
 cmake/Cuda.cmake|  14 +-
 cmake/Dependencies.cmake| 109 +++--
 cmake/External/glog.cmake   |   1 +
 cmake/Modules/FindAtlas.cmake   |   4 +-
 cmake/Modules/FindNCCL.cmake|  26 ++
 cmake/Modules/FindvecLib.cmake  |   2 +-
 cmake/ProtoBuf.cmake|   4 +-
 cmake/Summary.cmake |   1 +
 cmake/Targets.cmake |   6 +-
 cmake/Templates/CaffeConfig.cmake.in|  15 +-
 cmake/Templates/caffe_config.h.in   |  32 +-
 cmake/Uninstall.cmake.in|  26 ++
 docker/Makefile |  50 ---
 docker/README.md|  69 ++-
 docker/{standalone => }/cpu/Dockerfile  |  13 +-
 docker/{standalone => }/gpu/Dockerfile  |  16 +-
 docker/templates/Dockerfile.template|  42 --
 docs/_layouts/default.html  |   2 +-
 docs/development.md |   4 +-
 docs/index.md   |  47 +-
 docs/install_apt.md |   6 +-
 docs/install_apt_debian.md  | 161 +++
 docs/installation.md|   7 +-
 docs/model_zoo.md   |  24 +-
 docs/multigpu.md|   4 +-
 docs/performance_hardware.md|  73 ---
 docs/tutorial/interfaces.md |   4 +-
 docs/tutorial/layers.md | 562 
 docs/tutorial/layers/absval.md  |  22 +
 docs/tutorial/layers/accuracy.md|  20 +
 docs/tutorial/layers/argmax.md  |  18 +
 docs/tutorial/layers/batchnorm.md   |  20 +
 docs/tutorial/layers/batchreindex.md|  16 +
 docs/tutorial/layers/bias.md|  19 +
 docs/tutorial/layers/bnll.md|  25 ++
 docs/tutorial/layers/concat.md  |  40 ++
 docs/tutorial/layers/contrastiveloss.md |  20 +
 docs/tutorial/layers/convolution.md |  63 +++
 docs/tutorial/layers/crop.md|  20 +
 docs/tutorial/layers/data.md|  29 ++
 docs/tutorial/layers/deconvolution.md   |  22 +
 docs/tutorial/layers/dropout.md |  20 +
 docs/tutorial/layers/dummydata.md   |  20 +
 docs/tutorial/layers/eltwise.md |  20 +
 docs/tutorial/layers/elu.md |  25 ++
 docs/tutorial/layers/embed.md   |  20 +
 docs/tutorial/layers/euclideanloss.md   |  16 +
 docs/tutorial/layers/exp.md |  24 +
 docs/tutorial/layers/filter.md  |  15 +
 docs/tutorial/layers/flatten.md |  21 +
 docs/tutorial/layers/hdf5data.md|  20 +
 docs/tutorial/l

Bug#829046: Difficulties in packaging pagure

[Boyuan Yang]

在 2017年5月18日星期四 +08 下午12:07:41，SJ Zhu 写道：
> On Thu, May 18, 2017 at 11:59:36AM +0800, Boyuan Yang wrote:
> > There are some problems: this packaging uses upstream source code directly
> > from from Git repository, not the tarball upstream released on https://
> > pagures.io.
> 
> Hi,
> I import the source by `git archvie` and remove the minified js,
> then import it to upstream branch like what sergiodj did.
> 
> PS. I think I forget to remove some files which filename is not matched
> by "*.min.js"

I have several understandings on it:

Option 1


* Will not use any bundled javascript libraries, no matter minified or not
* Will depend on corresponding libjs-* packages and make symlinks to provide 
removed javascript libraries
* If that package does not exist, package them first

Option 2


* Only minified javascripts are not acceptable
* Will use tools like yui-compressor to generate minified js files without 
using 
libjs-* packages
* Write d/copyright for unminified js files

Option 3
-

* An mixture of 1 & 2
* Use libjs-* if that lib has been packaged in Debian
* If not packaged, use non-minified version and run processor to generate 
minified js files


I am not very familiar with Debian's JavaScript policies. Which of my 
understandings is correct?

--
Boyuan Yang

signature.asc
Description: This is a digitally signed message part.

Bug#862915: squid: please drop required dependency on logrotate (encourage logging to syslog or journald)

[Daniel Kahn Gillmor]

Package: squid
Version: 3.5.23-3
Severity: normal

squid Depends: logrotate

But on modern systems, logrotate is unnecessary because logs are
handled (and rotated) by a centralized logging daemon.  a clean squid
installation shouldn't need to know or do anything with log rotation
-- it just needs to know how to hand its logs over to syslog and
should let the daemon deal with it.

It would be great to be able to have a machine with squid, but without
logrotate installed.

Thanks for maintaining squid in debian!

   --dkg

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages squid depends on:
ii  adduser  3.115
ii  libc62.24-10
ii  libcap2  1:2.25-1
ii  libcomerr2   1.43.4-2
ii  libdb5.3 5.3.28-12+b1
ii  libdbi-perl  1.636-1+b1
ii  libecap3 1.0.1-3.2
ii  libexpat12.2.0-2
ii  libgcc1  1:6.3.0-16
ii  libgssapi-krb5-2 1.15-1
ii  libkrb5-31.15-1
ii  libldap-2.4-22.4.44+dfsg-4+b1
ii  libltdl7 2.4.6-2
ii  libnetfilter-conntrack3  1.0.6-2
ii  libnettle6   3.3-1+b1
ii  libpam0g 1.1.8-3.5
ii  libsasl2-2   2.1.27~101-g0780600+dfsg-3
ii  libstdc++6   6.3.0-16
ii  libxml2  2.9.4+dfsg1-2.2
ii  logrotate3.11.0-0.1
ii  lsb-base 9.20161125
ii  netbase  5.4
ii  squid-common 3.5.23-3

Versions of packages squid recommends:
ii  libcap2-bin  1:2.25-1

Versions of packages squid suggests:
pn  resolvconf   
ii  smbclient2:4.5.8+dfsg-1
pn  squid-cgi
pn  squid-purge  
pn  squidclient  
pn  ufw  
pn  winbindd 

-- no debconf information

Bug#860188: v40 interpreter in 2.7

[Yuri D'Elia]

On Thu, May 18 2017, Laurent Bigonville wrote:
> 2.7.1 is currently in experimental and AFAIKS the v40 interpreter is enabled 
> by
> default in that version, see:
> https://www.freetype.org/freetype2/docs/subpixel-hinting.html
>
> Where you thinking about something else?

After rechecking with the experimental version, it looks like v40 is
working as it should. I was just confused by ftview not showing the
engine version, but this was due to me also enabling the v38 engine as
well.

Sorry for the noise.

Bug#862398: [pkg-gnupg-maint] Bug#862398: build wks client and server tools

[Stefan Bühler]

Hi dkg,

On 05/15/2017 10:04 PM, Daniel Kahn Gillmor wrote:
> Hi Stefan--
> 
> On Fri 2017-05-12 12:37:03 +0200, Stefan Bühler wrote:
>> it would be nice to build and have packages for the gpg-wks-* tools.
>>
>> It seems there was already done some work in
>>
>> https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git/log/?h=dev/wks
>>
>> I rebased that commit to the experimental branch,
> 
> thanks for this work!  
> 
>> modified some texts and added man pages.
> 
> It'd be great to get these manpages upstream.

There are a lot of manpages in debian/* - so it looks to me like
upstream isn't really interested in maintaining them.  If upstream isn't
maintaining them, it might be easier to keep them in debian.

Does upstream know about these at least? I'm not against getting them
upstream, I'm just not sure whether it is worth my time.

>> Upstream install gpg-wks-client to /usr/lib/gnupg/, but I moved it in
>> the package to /usr/bin - I get that it was designed to be a backend
>> tool for MUAs, but right now I guess most people installing it will have
>> to use it manually.
> 
> I'm not so sure about diverging from upstream in our first introduction
> of these tools in debian.  If we do this, we're effectively committing
> to this divergence forever (someone's going to write scripts that use
> /usr/bin/gpg-wks-* and then get upset when we change it).  and it means
> that anyone who writes docs will have to have a different "how to do
> this on debian" section from "how to do this on fedora" or whatever.
> 
> would you object to using your packaging but shipping in the
> upstream-approved location?  or is it worth convincing upstream to ship
> these tools in /usr/bin instead?

I don't have any other (convincing) arguments, so I reverted the
location to the upstream path.

Now that I actually got it running I added some more infos to the
manpages too.

See attached updated patches, as previously my own changes in:

0001-wks-fix-debian-provide-man-pages-improve-texts.patch

The complete patch (squashed with the dev/wks commit) is:

0001-create-WKS-server-and-client-packages.patch

cheers,
Stefan
From 30dd3225cbbc9e408645b2be17e434dfb87a8daa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20Knau=C3=9F?= 
Date: Thu, 27 Oct 2016 19:16:14 +0200
Subject: [PATCH 1/1] Create WKS server and client packages

---
 debian/control   |  45 ++
 debian/gnupg-wks-client.install  |   1 +
 debian/gnupg-wks-client.manpages |   1 +
 debian/gnupg-wks-server.install  |   1 +
 debian/gnupg-wks-server.manpages |   1 +
 debian/gpg-wks-client.1  | 178 ++
 debian/gpg-wks-server.1  | 180 +++
 debian/rules |   1 +
 8 files changed, 408 insertions(+)
 create mode 100644 debian/gnupg-wks-client.install
 create mode 100644 debian/gnupg-wks-client.manpages
 create mode 100644 debian/gnupg-wks-server.install
 create mode 100644 debian/gnupg-wks-server.manpages
 create mode 100644 debian/gpg-wks-client.1
 create mode 100644 debian/gpg-wks-server.1

diff --git a/debian/control b/debian/control
index ac0b07907..2b9360477 100644
--- a/debian/control
+++ b/debian/control
@@ -72,6 +72,51 @@ Description: GNU privacy guard - cryptographic agent
  provides a passphrase cache, which is used by pre-2.1 versions of
  GnuPG for OpenPGP operations.
 
+Package: gnupg-wks-server
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ gnupg (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: GNU privacy guard - Web Key Service server
+ GnuPG is GNU's tool for secure communication and data storage.
+ It can be used to encrypt data and to create digital signatures.
+ It includes an advanced key management facility and is compliant
+ with the proposed OpenPGP Internet standard as described in RFC4880.
+ .
+ This package provides the GnuPG server for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more information see: https://wiki.gnupg.org/WKS
+
+Package: gnupg-wks-client
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ dirmngr (= ${binary:Version}),
+ gnupg (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: GNU privacy guard - Web Key Service client
+ GnuPG is GNU's tool for secure communication and data storage.
+ It can be used to encrypt data and to create digital signatures.
+ It includes an advanced key management facility and is compliant
+ with the proposed OpenPGP Internet standard as described in RFC4880.
+ .
+ This package provides the GnuPG client for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more infor

Bug#862530: aoetools: provide a systemd service to allow proper shutdown of AoE mounts

[Christoph Biedl]

[ Cc:'ed to the nbd-client bug since things might be quite the same there ]

Christoph Biedl wrote...

> > Also, the SysV init script used to unmount these
> > filesystems, but the aoetools package masks the systemd service. It
> > would be better to provide a real systemd service script that restores
> > the expected behaviour.
> 
> Given the fact this is something for stretch and we're pretty far into
> the freeze, there isn't the time for a few loops until such a unit works
> as expected. Therefore I'm asking for help with this topic. I can do the
> testing, then.

After some testing it seems the issue has much less impact than it
seemed initially:

(At least) AoE devices are handled properly if mounted with the _netdev
mount option. This applies to swap-over-AoE, too. Also, mounting these
through /etc/fstab works in jessie only if _netdev is provided as a
mount option as well.

Then the issue boils down to manually mounted AoE devices that will no
longer be umounted early enough. That's something that can be addressed
in the release notes as well. I'll take care of this in the next days
unless somebody objects or I find more issues.

The more complex problem "LVM over AoE" was not supported in jessie so
there's no reason to call this a blocker for stretch. It still was nice
to have it supported in Debian. Some day.

Christoph


signature.asc
Description: Digital signature

Bug#862916: RFS: xtensor/0.10.2-1

[Ghislain Vaillant]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for the following package:

* Package name: xtensor
  Version : 0.10.2-1
  Upstream Author : Johan Mabille and Sylvain Corlay
* URL : http://quantstack.net/xtensor
* License : BSD
  Section : libs

One can check out the package by visiting the following URL:

  https://anonscm.debian.org/git/debian-science/packages/xtensor.git

Changes since the last upload:

  * New upstream version 0.10.2
  * Mark xtensor-dev Multi-Arch: foreign
  * Do not build with -march=native
- New patch No-march-native.patch

Best regards,
Ghis

Bug#862529: uncommons-watchmaker-doc: Rename the documentation package to lib*-java-doc

[殷啟聰]

The reason behind this package name is that it provides the Javadoc
for both of the 2 library packages
(libuncommons-watchmaker-framework-java &
libuncommons-watchmaker-swing-java). If I split their Javadocs, there
will be dead hyperlinks (or in fact the class fullname instead of
hyperlinks) throughout the Javadoc of
libuncommons-watchmaker-swing-java.

pkg:gradle-doc follows the same reason, I guess. Besides, I fail to
find a javadoc package naming rule in the current Debian Java Policy.

The popcon is indeed low because it was merely meant for
stc:android-toolchian-jack [1]. But now that Google has officially
obsoleted this tool...

[1]: https://bugs.debian.org/847427

Bug#862300: [Pkg-citadel-devel] Bug#862300: Crashes during the login process

[Michael Meskes]

severity 862300 important
thanks

> Severity: grave
> ...

I tried with different setups and different packages, freshly downloaded, newly
compiled, etc. but I cannot reproduce this. Could it be that you have some
special string testing library installed?

Also I noticed:

> -- System Information:
>   APT prefers unstable
> Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)

This doesn't look like a straight forward unstable installation. What exactly
are you testing on?

I downgraded the bug until we can figure out whether it affects a clean
installation or which incompatibility is behind it.

Michael
-- 
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL

Bug#862296: [Pkg-citadel-devel] Bug#862296: Install hangs in postinst with error about c_Default_cal_zone

[Michael Meskes]

On Wed, May 10, 2017 at 02:53:17PM -0500, John Goerzen wrote:
> On initial install, this package hangs in postinst, and spews several of 
> these messages across
> the console:

I cannot reproduce this either, maybe you could run some more tests for me.

> Broadcast message from systemd-journald@sid (Wed 2017-05-10 14:45:52 CDT):
> 
> citserver[12602]: configuration setting c_default_cal_zone is empty, but must 
> not - check your config!

This might come but should certainly not cause a hang.

Would you be able to find out where in postinst it hangs? And if it is in
/usr/lib/citadel-server/setup where there?

Thanks.

Michael
-- 
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL

Bug#862297: [Pkg-citadel-devel] Bug#862297: Install fails if SMTP server is running on port 25, rendering console unuseable

[Michael Meskes]

On Wed, May 10, 2017 at 03:36:21PM -0500, John Goerzen wrote:
> I attempted to install citadel-server on a system that already had an MTA 
> installed,
> using the same command as I showed in #862296.  When doing so, my console -- 
> and every
> ssh session to root -- became nearly unuseable as it was flooded with 
> continuous complaints
> about the port 25 already being in use, at such a rate that I couldn't see 
> anything I
> was typing.  I was eventually able to blindly type "killall citserver" to get 
> rid of
> this problem.

It seems something changed on the upstream side since I think this used to
work. But it definitely is an upstream bug imo because the installation
explicitely sets ACT_AS_MTA to no.

Michael
-- 
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL

Bug#862861: libjs-jquery needs Breaks: libjs-chosen (<< 0.9.15-1~)

[Antonio Terceiro]

On Wed, May 17, 2017 at 11:05:36PM +0300, Adrian Bunk wrote:
> Package: libjs-jquery
> Version: 1.11.3+dfsg-1
> Severity: serious
> 
> See #797166 for details
> (and the Breaks is also missing in the backport to jessie).

There were lots of Javascript packages that were incompatible with a
non-obsolete jquery; it is not feasible to track all that by using
Breaks: on the jquery side.

Would you please provide a concrete issue where doing this would fix
anything?


signature.asc
Description: PGP signature

Bug#861952: libcgi-validop-perl: FTBFS on May 1st (?)

[gregor herrmann]

On Sat, 06 May 2017 11:30:00 +, Niels Thykier wrote:

> I looked at the code[1] and it has:
> 
> > # Normlize
> > # Unless we are checking the present or yesterday, assume the 
> > biggest day of the month is 28
> > my $maxday = (
> > $time eq 'present' or  
> > ( $time eq 'past' and $vector eq 'day' )
> > ) ? 31 : 28;
> 
> Take the branch that leads to "31" and then:
> 
> > [...]
> > if ( $vectors->{ day } < 1 ) {
> > $vectors->{ day } = $maxday;
> > $vectors->{ month }--;
> > }
> 
> Which looks like it would get this wrong for all months with < 31 days
> in them on the yesterday.  I have tagged it stretch-ignore, but I am
> happy to consider a fix for stretch.

Additional data:
- popcon vote: 0
- reverse dependencies: 0
- last release: 2009 or 2010
- not on metacpan; search.cpan.org has only older version.
  http://search.cpan.org/dist/CGI-ValidOp/

So we might as well remove this package ...


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#861952: libcgi-validop-perl: FTBFS on May 1st (?)

[Niels Thykier]

gregor herrmann:
> On Sat, 06 May 2017 11:30:00 +, Niels Thykier wrote:
> 
>> [...]
>>
>> Which looks like it would get this wrong for all months with < 31 days
>> in them on the yesterday.  I have tagged it stretch-ignore, but I am
>> happy to consider a fix for stretch.
> 
> Additional data:
> - popcon vote: 0
> - reverse dependencies: 0
> - last release: 2009 or 2010
> - not on metacpan; search.cpan.org has only older version.
>   http://search.cpan.org/dist/CGI-ValidOp/
> 
> So we might as well remove this package ...
> 
> 
> Cheers,
> gregor
> 

I would consider that a "fix for stretch" ;)

Thanks,
~Niels

Bug#862899: rsync: insufficient escaping/quoting of arguments

[Thorsten Glaser]

Paul Slootman dixit:

>Please try again with the --protect-args option, which is meant for such
>situations.

Ah, new post-2.x… *tries*

No change, this still transfers the entire home directory.
I think it’s meant for something else (I usually do quote
whitespace and so on for remote if necessary).

>BTW, why specify '--rsh=ssh -T', what's wrong with the default?

The default can be anything, including rsh. By specifying this
always, I know that ⓐ ssh is called, ⓑ -T is passed which makes
ssh change its QoS from interactive to bulk, and ⓒ can add -4
or -6 to force the IP protocol version (I recently learnt that
Debian has a local patch to pass -4/-6 from rsync to ssh, but
Debian’s isn’t the only package I use). I always use a wrapper
around rsync calling it like this (incidentally called rcp…).

bye,
//mirabilos
-- 
> Wish I had pine to hand :-( I'll give lynx a try, thanks.

Michael Schmitz on nntp://news.gmane.org/gmane.linux.debian.ports.68k
a.k.a. {news.gmane.org/nntp}#news.gmane.linux.debian.ports.68k in pine

Bug#861952: libcgi-validop-perl: FTBFS on May 1st (?)

[Santiago Vila]

On Thu, May 18, 2017 at 05:26:00PM +, Niels Thykier wrote:
> gregor herrmann:
>
> > So we might as well remove this package ...
> 
> I would consider that a "fix for stretch" ;)

I am not in a hurry to find a fix either, so this is up to you.

I just want packages in stretch to be buildable any day of the year...

As Chris Lamb would say: If the test fails some days in the year,
does it mean we can't trust the code to be right those days in the year?

Thanks.

Bug#862917: Warzone 2100 3.2 campaign is buggy and unplayable. Debian should package version 3.1 until this is resolved

[Evgeny Kapun]

Package: warzone2100
Version: 3.2.1-2
Severity: important

Starting from version 3.2, campaign scripts in Warzone 2100 are being rewritten 
in JavaScript [1]. As a result, they now have lots of bugs (some examples: [2], 
[3], [4]), making the campaign more or less unplayable.

Because the developers are not very active in fixing those bugs, and because 
the new version doesn't offer any significant advantages to players, I think 
that Debian should stick to version 3.1 until the situation improves.

[1] https://forums.wz2100.net/viewtopic.php?f=35&t=11872
[2] https://developer.wz2100.net/ticket/4541
[3] https://developer.wz2100.net/ticket/4549
[4] https://developer.wz2100.net/ticket/4565

Bug#809066: tiff: CVE-2015-7554

[Moritz Muehlenhoff]

On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
> Source: tiff
> Version: 4.0.5-1
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for tiff.
> 
> CVE-2015-7554[0]:
> invalid write

I'm attaching the patch used by Red Hat for RHEL. It doesn't
seem to have been sent upstream, but seems sane.

Cheers,
Moritz

Bug#848834: fails to build stretch image on stretch: systemd-machine-id-setup error

[Daniel Kahn Gillmor]

Control: tags 848834 + moreinfo unreproducible
Control: reassign 848834 docker.io
Control: retitle 848834 fails to build stretch image in stretch docker
Control: affects 848834 debirf

On Mon 2016-12-19 21:29:30 -0500, Antoine Beaupré wrote:
> I have recently tried building a stretch image in a stretch docker
> container. The build aborts with:
>
> I: Unpacking the base system...
> W: Failure trying to run: chroot /tmp/minimal/root dpkg --force-overwrite 
> --force-confold --skip-same-version --install 
> /var/cache/apt/archives/adduser_3.115_all.deb 
> /var/cache/apt/archives/libapparmor1_2.10.95-8_amd64.deb 
> /var/cache/apt/archives/libcryptsetup4_2%3a1.7.3-3_amd64.deb 
> /var/cache/apt/archives/libip4tc0_1.6.0+snapshot20161117-4_amd64.deb 
> /var/cache/apt/archives/libkmod2_23-1_amd64.deb 
> /var/cache/apt/archives/libcap2_1%3a2.25-1_amd64.deb 
> /var/cache/apt/archives/libidn11_1.33-1_amd64.deb 
> /var/cache/apt/archives/libseccomp2_2.3.1-2.1_amd64.deb 
> /var/cache/apt/archives/dmsetup_2%3a1.02.137-1_amd64.deb 
> /var/cache/apt/archives/libdevmapper1.02.1_2%3a1.02.137-1_amd64.deb 
> /var/cache/apt/archives/systemd_232-8_amd64.deb
> W: See /tmp/minimal/root/debootstrap/debootstrap.log for details (possibly 
> the package systemd is at fault)
>
> I attached the complete debootstrap.log.
>
> The container was built with the "debian:testing" image, which is:
>
> Linux 3e139afbcccd 4.7.0-0.bpo.1-amd64 #1 SMP Debian 4.7.8-1~bpo8+1 
> (2016-10-19) x86_64 GNU/Linux
>
>  so fairly new. It's an "official" image, according to this:
>
> https://hub.docker.com/_/debian/
>
> I am assuming the problem is not related to docker, but maybe that
> assumption is flawed as well. To reproduce:
>
> sudo apt-get install docker.io
> sudo adduser $(id -un) docker
> newgrp
> docker run -t -i debian:testing /bin/bash
> apt-get update -qq ; apt-get install -y debirf sudo
> cd /tmp
> tar xfz /usr/share/doc/debirf/example-profiles/minimal.tgz
> sudo -u nobody debirf make minimal

hm, this reproduction step isn't possible in stretch, since docker.io
isn't in stretch.

It's not clear to me why you'd want to run debirf within docker anyway,
since debirf is designed to run as a non-privileged user.  but i tried
it anyway, and i was unable to get past the "docker run" line:

0 dkg@sid:~$ docker run -t -i debian:testing /bin/bash
docker: Error response from daemon: oci runtime error: container_linux.go:247: 
starting container process caused "process_linux.go:359: container init caused 
\"rootfs_linux.go:54: mounting \\\"cgroup\\\" to rootfs 
\\\"/var/lib/docker/overlay2/e0801abba1fcdb2fb6dd685710127b1f797d98a6554e5da427dc2681afe9e1a4/merged\\\"
 at \\\"/sys/fs/cgroup\\\" caused \\\"no subsystem for mount\\\"\"".
125 dkg@sid:~$ 

fwiw, i also think you probably also want to unpack the profile .tgz as
the user that's going to run debirf -- it looks like you're extracting
the tgz as root, and then working in the profile as a non-priv user.

> Justification for severity: I believe this falls in the category of
> "makes the package in question unusable by most or all users" and
> should be marked as "grave". Obviously, I can't test for all users'
> environments and considering I heard reports from the maintainers this
> was working in *sid*, I assume it *must* be working for other
> users. This could be a docker-specific thing, but I actually doubt
> that. So if someone can reproduce on a regular stretch system, this
> should probably be bumped to "grave".

I've done the standard build as a non-root user using the just-uplodaed
0.37 bugfix release, and it works fine, so i'm inclined to say this is a
problem with docker (or perhaps with the docker image for debian
testing? i don't really know how to attribute breakage inside docker
images, but i welcome pointers or help in doing so).

So i've reassigned this bug to docker, since it seems to be peculiar to
that environment, though i'm unable to reproduce it myself because i
can't get docker to behave as you describe.

  --dkg


signature.asc
Description: PGP signature

Bug#862918: New version available upstream: 4.0.2

[Jeffrey Cliff]

Package: libjs-bignumber
Severity: normal
Version: 1.3.0+dfsg-1

Looks like this package hasn't been updated to upstream in quite awihle - 3
major versions have been released since ~2013 where 1.3.1 seems to date
from.

Bug#862919: traildb: FTBFS on non-x86: emmintrin.h absent

[Aaron M. Ucko]

Source: traildb
Version: 0.6+dfsg1-1
Severity: important
Tags: upstream
Justification: fails to build from source

Builds of traildb on non-x86 architectures have been failing:

  In file included from src/tdb_encode_model.c:22:0:
  src/dsfmt/dSFMT.h:148:25: fatal error: emmintrin.h: No such file or directory

If it is possible to get by without this header, please arrange to use
it (and the intrinsics it declares) only on x86.  (Also, please
conditionalize use of intrinsics on runtime CPU type.)  Otherwise,
please restrict the architecture accordingly, to either

Architecture: any-amd64 any-x32

or

Architecture: any-amd64 any-i386 any-x32

depending on how essential it is to have __uint128_t.

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#809066: tiff: CVE-2015-7554

[GCS]

Hi Moritz,

On Thu, May 18, 2017 at 7:36 PM, Moritz Muehlenhoff  wrote:
> On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
>> Source: tiff
>> Version: 4.0.5-1
>> Severity: important
>> Tags: security upstream
>>
>> the following vulnerability was published for tiff.
>>
>> CVE-2015-7554[0]:
>> invalid write
>
> I'm attaching the patch used by Red Hat for RHEL. It doesn't
> seem to have been sent upstream, but seems sane.
 I miss the patch, did you attach it?

Cheers,
Laszlo/GCS

Bug#862921: RFP: epub-tools -- A suite of command-line utilities for creating and manipulating epub book files.

[David Bremner]

Package: wnpp
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: epub-tools
  Version : 2.10
  Upstream Author : Dino Morelli 
  URL : https://hub.darcs.net/dino/epub-tools
* License : BSD3
  Programming Lang: Haskell
  Description : A suite of command-line utilities for creating and 
manipulating epub book files.

epubmeta is a command-line utility for examining and editing epub book
metadata. With it you can export, import and edit the raw OPF Package
XML document for a given book. Or simply dump the metadata to stdout
for viewing in a friendly format.

epubname is a command-line utility for renaming epub ebook files based
on their OPF Package metadata. It tries to use author names and title
info to construct a sensible name.

epubzip is a handy utility for zipping up the files that comprise an
epub into an .epub zip file. Using the same technology as epubname, it
can try to make a meaningful filename for the book.

-BEGIN PGP SIGNATURE-

iQGzBAEBCAAdFiEE3VS2dnyDRXKVCQCp8gKXHaSnniwFAlkd5VAACgkQ8gKXHaSn
niykPgv+OAvP6lB31XAqK02wHrOEggNuqozhykx/otRt4WZ7e2Dl/Vdgi7BZJgQU
iG4O2qOGXd6iZDJZiIBhSrtYVSydh7qBRIToP7RYDpPEV3rkWPQJmr7mSWt4D/TH
rJxTrbiTxqLTmR5y/c5aI0HmrPdqrDprdFNG1xYsTSAp/jGjMY1fD84sPkmuEBrz
ojFmQv50AWuysajiph/E/zK5Iq+PIeciTgLclTPTn9iCNHvbprf6talqloQlOQS4
4/UBbSDWcAwnwFQ8nlv72fGVbphBFqFuiySHt+CWub/FkD2bo6iT2+E9lqUXhMVb
l2THQD61IPh8qXM8+YQlkmEzjcPyLgBAk/atbG22GWCFO+GAcc9KZLGsHAbIspS0
S0QZeKb+sCqcQd3rh1gzU6YdCBkit223DGPNGRY3teg1mk/c5C354tMxHdFWtvme
C4qEdzBFtzmjrSFYVvr3kGHj5JvE4jS8ajq46oWs+D3Pk8YbBQcV9EXFek0vwuaE
vfar+QTu
=mCvp
-END PGP SIGNATURE-

Bug#862922: aptitude: [INTL:nl] Dutch po file for the aptitude package

[Frans Spiesschaert]

 

Package: aptitude 
Severity: wishlist 
Tags: l10n patch 
 

Dear Maintainer, 
 
== 
Please find attached the updated Dutch po file for the aptitude package. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as "po/nl.po" in your package build tree. 
=== 
 

-- 
Met vriendelijke groet,
Frans Spiesschaert



nl.po.gz
Description: application/gzip


signature.asc
Description: This is a digitally signed message part

Bug#862920: traildb: FTBFS (32-bit): __uint128_t not defined

[Aaron M. Ucko]

Source: traildb
Version: 0.6+dfsg1-1
Severity: important
Tags: upstream
Justification: fails to build from source

Builds of traildb for 32-bit architectures such as i386 have been failing:

  checking for __uint128_t... no
  configure: error: __uint128_t not defined

Ideally, traildb would be able to make do without this type.  However,
if it can't, please restrict its Architecture: field accordingly.  (I
think x32 might be a special case here, so I'd try allowing it for now.)

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#862923: po4a: [INTL:nl] Dutch po file for the po4a package

[Frans Spiesschaert]

 

Package: po4a 
Severity: wishlist 
Tags: l10n patch 
 

Dear Maintainer, 
 
== 
Please find attached the updated Dutch po file for the po4a package. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as "po/nl.po" in your package build tree. 
=== 
 

-- 
Regards,
Frans



nl.po.gz
Description: application/gzip


signature.asc
Description: This is a digitally signed message part

Bug#862914: nmu: veusz_1.21.1-1

[Niels Thykier]

Control: block -1 by 831860

Adrian Bunk:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> 
> nmu veusz_1.21.1-1 . ANY . unstable . -m "rebuild with sip-api-11.3"
> nmu python-poppler-qt4_0.24.0-1 . ANY . unstable . -m "rebuild with 
> sip-api-11.3"
> 
> See #831860 for background.
> 

Thanks,

If I read this correctly, we should wait with carrying these binNMUs out
until #831860 has been fixed, so we are sure that the rebuilds depends
on the correct sip API.

Thanks,
~Niels

Bug#817837: closed by Jonathan McDowell (Bug#817837: fixed in l2tpns 2.2.1-2)

[Jonathan McDowell]

On Sun, May 14, 2017 at 09:15:50PM +0300, Adrian Bunk wrote:
> On Tue, Jul 05, 2016 at 10:09:57AM +, Debian Bug Tracking System wrote:
> >...
> >  l2tpns (2.2.1-2) unstable; urgency=low
> >  .
> >* Fix log buffer overrun, thanks to Dave Reeve (closes: #817837)
> >...
> 
> Hi Jonathan,
> 
> thanks a lot for fixing this bug for stretch.
> 
> It is still present in jessie, could you also fix it there?
> Alternatively, I can fix it for jessie if you don't object.

I had avoided fixing it on jessie because it wasn't clear to me it would
be permitted by the stable-release masters, and there had been little
indication there was active use of the package (I'm planning to have it
removed post stretch as no one has stepped up to my intent to orphan
it). If you want to take the package over entirely you're more than
welcome to do so.

J.

-- 
Web [Know Thy User.]
site: http:// [  ]   Made by
www.earth.li/~noodles/  [  ] HuggieTag 0.0.24