Bug#863117: scilab: please make the build reproducible

[Chris Lamb]

Source: scilab
Version: 5.5.2-4
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed
that scilab could not be built reproducibly as it embeds the current
year into the generated binaries.

Patch attached.

 [0] https://reproducible-builds.org/


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
diff --git a/configure.ac b/configure.ac
index 433059f..813e488 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1882,6 +1882,9 @@ if test ! -f modules/core/src/c/banier.c; then
 fi
 
 CURRENT_YEAR=`date "+%Y"`
+if test -n "$SOURCE_DATE_EPOCH"; then
+   CURRENT_YEAR=`date --utc --date="@$SOURCE_DATE_EPOCH" "+%Y"`
+fi
 DETECTED_YEAR=`grep "Copyright (c) 2011-" modules/core/src/c/banier.c|sed -e 
"s/.*Copyright (c) 2011-\([[0-9]]*\).*/\1/g"`
 
 if test "$CURRENT_YEAR" != "$DETECTED_YEAR"; then

Bug#863085: unblock: dante/1.4.1+dfsg-5 [preapproval, RC]

[Peter Pentchev]

On Mon, May 22, 2017 at 06:15:00AM +, Niels Thykier wrote:
> Control: tags -1 moreinfo
> 
> Peter Pentchev:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > 
> > Hi,
> > 
> > This is a pre-approval request for dante to fix a long-standing
> > bug that makes the first installation of the dante-server binary
> > package fail, since the dante-server service cannot possibly be
> > started with the default config file.  The bug - #862988 - was
> > reported as "important", but I raised its priority to "serious",
> > and I should have fixed it a long time ago.
> > 
> > I'm attaching the proposed debdiff, a targeted fix that lets
> > the initial installation succeed even though the service fails
> > to start.  If it is approved, I'll upload the package and let
> > you know when the time comes to really unblock it.
> > 
> > Thanks in advance for your time!
> > 
> > G'luck,
> > Peter
> > 
> > [...]
> 
> Hi,
> 
> The debdiff adds an error handler for the postinst script generated by
> dh_installinit.  But the error seen in the bug (#862988) shows an error
> for starting the service via systemd.
> 
> I do not understand how adding an error handler for the sysvinit script
> would fix that bug.  Could you perhaps help me spot what I am missing?

Thanks for the quick reply!

The error handler is invoked for systemd services, too - it's part of
an "invoke-rc.d #SCRIPT# start || #ERROR_HANDLER#" command, and invoke-rc.d
takes care of starting the service in the init-system-dependent way.
With systemd (as tested using strace on my laptop), invoke-rc.d runs
systemctl directly (after checking for /run/systemd/system), and that's
how we get to the systemd service failure.  On a SysV init system,
invoke-rc.d would have invoked /etc/init.d/danted with the same result.

Even if invoke-rc.d did not know about systemctl, it would still have tried
to run /etc/init.d/danted start, and then the systemd redirection in
/lib/lsb/init-functions.d/40-systemd would have still started the systemd
service.

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.net r...@freebsd.org p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature

Bug#860656: python-biplist: FTBFS on i386: dh_auto_test: pybuild --test --test-nose -i python{version} -p 2.7 returned exit code 13

[Hans-Christoph Steiner]

The tests don't need fixing, they are pointing out a real issue, check
the bug report to upstream for more info.  If we just want to ship with
this specific issue not fixed, then patching the test could lead people
astray.  Instead, seems like we should just disable that test on 32-bit
archs.

Bug#861878: nvidia-cuda-toolkit: nvcc needs to pass -fpie to compiler

[lumin]

Control: tags -1 +patch

This patch simply discussed about the way getting NVCC
working with the compiler in README.Debian.

Please review.From a9c1cc803ddc531c06e0f51c50c8b2f2eba22510 Mon Sep 17 00:00:00 2001
From: Zhou Mo 
Date: Mon, 22 May 2017 07:53:07 +
Subject: [PATCH] README.Debian: discuss about getting NVCC working with
 compiler

This is what we can do from the CUDA packaging side in order to
Close #861878.
---
 nvidia-cuda-toolkit.README.Debian | 54 +++
 1 file changed, 54 insertions(+)

diff --git a/nvidia-cuda-toolkit.README.Debian b/nvidia-cuda-toolkit.README.Debian
index d6e7a3a..b702963 100644
--- a/nvidia-cuda-toolkit.README.Debian
+++ b/nvidia-cuda-toolkit.README.Debian
@@ -1,5 +1,59 @@
 nvidia-cuda-toolkit for Debian
 --
+Contents:
+  1. Getting NVCC Working with the Compiler
+  2. Installing the CUDA Code Samples
+
+Getting NVCC Working with the Compiler
+==
+
+It is worth noting that not all compilers can be used together with NVCC.
+Here is a list of possible combinations:
+
+```
+CXX compiler |  CUDA 7.5  |  CUDA 8.0  |  CUDA 9.0  |
+-++++
+GCC-8| ?  | ?  | ?  |
+GCC-7| ?  | ?  | ?  |
+GCC-6| X  | X  | OK |
+GCC-5| OK[1]  | OK | OK |
+-++++
+CLANG-4.0| ?  | ?  | ?  |
+CLANG-3.9| X  | X  | OK |
+CLANG-3.8| ?  | OK | OK |
+```
+
+In the above table, '?' means 'not tested', 'X' means 'never work',
+'OK' means 'should work'.
+
+CUDA 8.0 Specific
+-
+
+The recommended way, as declared in NEWS, to compile your CUDA application
+with CUDA 8.0 is to globally use clang-3.8/clang++-3.8 as the C/CXX compiler
+for your project. Example:
+
+  CC=clang-3.8 make
+
+However, when you have to mix the use of GCC and CLANG, things differ.
+Due to the difference on the default options of the two compilers, you
+may have to add flags such as -fPIC/-fPIE or alike to CLANG's argument
+list, to avoid the linkage failure as reported in BUG #861878 [2].
+See [3] for detail about these compiler options. Example:
+
+  nvcc -ccbin clang-3.8 --compiler-options -fPIC ...
+
+Sidenotes
+-
+
+Debian Stretch ships CUDA 8.0, and the same time its default GCC is
+GCC-6. So we changed the default compiler to clang-3.8 for the CUDA 8.0
+package because Stretch ships no GCC-5.
+
+[1] CUDA 7.5 works with GCC-5 after begin patched.
+[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861878
+[3] https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html
+
 
 Installing the CUDA Code Samples
 =
-- 
2.11.0

Bug#862260: zlib: debian/copyright isn't in DEP5 format

[Do Thanh Trung]

Hi

I updated zlib's copyright.
There is one thing different with libz-mingw-w64 copyright, it is 
copyright holder "1998 Andreas R. Kleinert". In libz-mingw-w64, Stephen 
puts this copyright in section "Files: *", but I only see this copyright 
in "amiga/Makefile.pup", so I created a new section for it.

Files: amiga/Makefile.pup
Copyright: 1998 by Andreas R. Kleinert
License: Zlib


Copyright holder of debian/* is set to "2000-2017 Mark Brown".

Trung
--- zlib-1.2.8.dfsg/debian/copyright	2013-05-03 22:30:15.0 +0700
+++ zlib-1.2.8.dfsg/debian/copyright	2017-05-22 14:49:55.258537211 +0700
@@ -1,36 +1,83 @@
-This is the pre-packaged Debian Linux version of the zlib compression
-library.  It was packaged by Michael Alan Dorman 
-from sources originally retrieved from ftp.uu.net in the directory
-/pub/archiving/zip/zlib as the file zlib-1.0.4.tar.gz.
-
-There is a homepage at http://www.gzip.org/zlib/ 
-
-Acknowledgments:
-
-  The deflate format used by zlib was defined by Phil Katz. The deflate
-  and zlib specifications were written by Peter Deutsch. Thanks to all the
-  people who reported problems and suggested various improvements in zlib;
-  they are too numerous to cite here.
-
-Copyright notice:
-
-  Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler
-
-  This software is provided 'as-is', without any express or implied
-  warranty.  In no event will the authors be held liable for any damages
-  arising from the use of this software.
-
-  Permission is granted to anyone to use this software for any purpose,
-  including commercial applications, and to alter it and redistribute it
-  freely, subject to the following restrictions:
-
-  1. The origin of this software must not be misrepresented; you must not
- claim that you wrote the original software. If you use this software
- in a product, an acknowledgment in the product documentation would be
- appreciated but is not required.
-  2. Altered source versions must be plainly marked as such, and must not be
- misrepresented as being the original software.
-  3. This notice may not be removed or altered from any source distribution.
-
-  Jean-loup GaillyMark Adler
-  jl...@gzip.org  mad...@alumni.caltech.edu
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: zlib
+Upstream-Contact: z...@gzip.org
+Source: http://zlib.net/
+Comment: This is the pre-packaged Debian Linux version of the zlib compression
+ library.  It was packaged by Michael Alan Dorman 
+ from sources originally retrieved from ftp.uu.net in the directory
+ /pub/archiving/zip/zlib as the file zlib-1.0.4.tar.gz.
+ .
+ The deflate format used by zlib was defined by Phil Katz. The deflate
+ and zlib specifications were written by Peter Deutsch. Thanks to all the
+ people who reported problems and suggested various improvements in zlib;
+ they are too numerous to cite here.
+Files-Excluded:
+ contrib/ada
+ contrib/amd64
+ contrib/asm686
+ contrib/blast
+ contrib/delphi
+ contrib/dotzlib
+ contrib/gcc_gvmat64
+ contrib/infback9
+ contrib/inflate86
+ contrib/iostream
+ contrib/iostream2
+ contrib/iostream3
+ contrib/masmx64
+ contrib/masmx86
+ contrib/pascal
+ contrib/puff
+ contrib/testzlib
+ contrib/untgz
+ contrib/vstudio
+ doc/rfc1950.txt
+ doc/rfc1951.txt
+ doc/rfc1952.txt
+
+Files: *
+Copyright: 1995-2013 Jean-loup Gailly and Mark Adler
+License: Zlib
+
+Files: amiga/Makefile.pup
+Copyright: 1998 by Andreas R. Kleinert
+License: Zlib
+
+Files: contrib/minizip/*
+Copyright: 1998-2010 Gilles Vollant
+   2007-2008 Even Rouault
+   2009-2010 Mathias Svensson
+License: Zlib
+
+Files: debian/*
+Copyright: 2000-2017 Mark Brown
+License: Zlib
+
+License: Zlib
+ This software is provided 'as-is', without any express or implied
+ warranty.  In no event will the authors be held liable for any damages
+ arising from the use of this software.
+ .
+ Permission is granted to anyone to use this software for any purpose,
+ including commercial applications, and to alter it and redistribute it
+ freely, subject to the following restrictions:
+ .
+ 1. The origin of this software must not be misrepresented; you must not
+claim that you wrote the original software. If you use this software
+in a product, an acknowledgment in the product documentation would be
+appreciated but is not required.
+ 2. Altered source versions must be plainly marked as such, and must not be
+misrepresented as being the original software.
+ 3. This notice may not be removed or altered from any source distribution.
+ .
+ Jean-loup GaillyMark Adler
+ jl...@gzip.org  mad...@alumni.caltech.edu
+ .
+ If you use the zlib library in a product, we would appreciate *not* receiving
+ lengthy legal documents to sign.  The sources are provided for free but without
+ warranty of any kind.  The library has been entirely written by Jean-loup
+ Gailly and Mark Adler; it does not include third-party code.
+ .

Bug#863118: devscripts needs proper configuration file parsing

[Adrian Bunk]

Package: devscripts
Version: 2.17.5
Severity: normal

devscripts.conf(5) says:

  The two configuration files are /etc/devscripts.conf for system-wide
  defaults and ~/.devscripts for per-user settings. They are written
  with bash(1) syntax, but should only have comments and simple variable
  assignments in them; they are both sourced (if present) by many of the
  devscripts scripts.


This is a hack, not a proper handling of the configuration.

As seen in #863101, "they are both sourced" implies that one
whitespace too many can have unexpected consequences.

The "but should only have" statement implies that users cannot
rely on being able todo anything other than variable assignment
in them.

It would be much more robust against user typos if the configuration
files would be properly parsed instead of blindly executed.

Bug#862580: [Pkg-samba-maint] Bug#862580: Bug #862580: Winbind crashes on ssh login of a domain user.

[L . P . H . van Belle]

Hai, 

Ok, you used the "wrong" info for configuring smb.conf.
Mail got longer then expected, but read through it. 
Run samba-tool testparm ( not testparm , these results can differ. )

The debian wiki is a bit out detect when it comes to samba 4.x.
A quick test with 4.5.9 is possible, i can share my packages if needed, 
but for what i read, this is not your problem. 
Im running the same on jessie en i dont see this beheavor.

I suggest, you have a look at this link after you did read this completely 
first.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Now below is a samba member setup, a basic one. I left out the shares setup, 
but added usefull tips on the setup on debian systems. 

Review your setup base on this.
I suggest start here, this is setup is very well tested. 

Setup jessie: 
# Choose expert install, and at taskselect choose only ssh server. ( optional 
and the standard package, but i setup really minimal ) 
# install WITH static ip from the start, ( best ) or install with dhcp ip and 
change /etc/hosts /etc/resolv.conf /etc/network/interfaces.

# Check all these. 
hostname -s 
hostname -d 
hostname -f 
hostname -i

# install samba winbind and needed extras. 
apt-get install samba smbclient samba-dsdb-modules samba-vfs-modules winbind 
libpam-winbind libnss-winbind krb5-user ntp bind9-host libpam-krb5

When questions come, fill in :
# AD DC ipnumbers at ntp questions 
# krb5-user fill in your REALM in CAPS.  ! CAPS YES ! 
# keep all other defaults.

# stop samba en winbind
systemctl stop samba
systemctl stop winbind

# Change your /etc/nsswitch.conf
cp /etc/nsswitch.conf{,.backup}
sed -i 's]passwd: compat]passwd: compat winbind]g' 
/etc/nsswitch.conf
sed -i 's]group:  compat]group:  compat winbind]g' 
/etc/nsswitch.conf


now if you didnt change anything else, you should be ready.. ;-) , yes ready. 
Test:  kinit administrator
( should respond with administrator@REALM and login )  

Setup a "correct smb.conf" like this one. 
This is how i would have exected to how your smb.conf would/should look like. 
I'll add some comment to it. 
## -- START AD MEMBER SMB.CONF - ## 
workgroup = WORK
security = ADS
realm = WORK.COMPANY
   # The netbiosname if empty/not in config, this will use the server hostname.
netbios name = SERVERNAME

   # only one server should be the master browser. 
   # ( ! Samba AD cannot be master browserver, never, no nmbd that starts ) 
preferred master = no
domain master = no
host msdfs = no
   # speeds up name resolving, (WINS), through dns.
dns proxy = yes

   # I preffer to define the ip. 
   # and if you use bind interfaces, also define the interfaces. 
bind interfaces only = yes
interfaces = IP_OR_ETH 127.0.0.1

   # I've added these, mustly same as the defaults, but this explains things 
for others 
   # if they have auth problems. 
   # mandatory will still require SMB2 clients to use signing
server signing = mandatory

   #  if ntlm and lanman auth are both disabled, then only NTLMv2 logins will 
be permited
ntlm auth = no
lanman auth = no

   # Add and Update TLS Key, change/update these to your windows 2008R2 domain. 
   # ( read: 
https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/ ) 
   # and setup your keys correctly, the depends on you u use this server. 
   # ! SSO with proxy (kerberos auth), the ROOT CA of you DC should be in this 
config file defined.
   # I deployed my own CA Root for this. 


###--# this part, id ranges may not overlap. 
###  id setup shown is samba default. 
   # These match samba AD preffered settings, you can play with these but 2 
tings. 
   # 1) try to keep the "*" to local/other domain below . 
## map id's outside to domain to tdb files.
idmap config *: backend = tdb
idmap config *: range = 2000-

  # https://wiki.samba.org/index.php/Idmap_config_rid
  # idmap config for the WORK domain.
idmap config WORK : backend = rid
idmap config WORK : range = 1-99
###--#

# Template settings for login shell and home directory (RID backend) 
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U

kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab

# renew the kerberos ticket
winbind refresh tickets = yes

winbind trusted domains only = no
# use default domain, preffered no. 
# wbinfo -u shows (default domain no) : NTODOM\username
# wbinfo -u shows (default domain yes) : username
winbind use default domain = no

# If you dont need uid/gid of groups set to no, speeds up samba. 
# if you login local the server, you may need it, depends on use of server.
winbind enum users  = yes
winbind enum groups = yes

# Enable offline logins, if needed. 
winbind offline logon = yes

# If winbind offline logon is set to Yes, then only o

Bug#850510: node-require-inject has been packaged by Pirate Praveen

[Pirate Praveen]

On Sun, 21 May 2017 17:05:09 +0300 Adrian Bunk  wrote:
> It would be helpful if everyone would check for already existing
> ITP/RFP bugs before submitting an ITP.
> 
> cu

Some times it misses, just see the number of packages I have and number of 
mistakes I make. Its not intentional.

Bug#863118: devscripts needs proper configuration file parsing

[Adam D. Barratt]

On 2017-05-22 9:14, Adrian Bunk wrote:

devscripts.conf(5) says:

  The two configuration files are /etc/devscripts.conf for system-wide
  defaults and ~/.devscripts for per-user settings. They are written
  with bash(1) syntax, but should only have comments and simple 
variable
  assignments in them; they are both sourced (if present) by many of 
the

  devscripts scripts.


This is a hack, not a proper handling of the configuration.


fwiw, the maintainers have been in violent agreement with this for 
years, but it needs someone with tuits to replace the current situation 
with a solution that's usable from all the languages included in 
devscripts and maintains the existing semantics (it's not just simple 
key=value pairs, users are actively relying on being able to use shell 
within the file in some cases, and that at least needs considering).


Regards,

Adam

Bug#863042: [Letsencrypt-devel] Bug#863042: dehydrated: insecure file permissions by default

[Mattia Rizzolo]

Control: tag -1 unreproducible moreinfo

On Sat, May 20, 2017 at 07:25:03PM +0300, Alexander GQ Gerasiov wrote:
> dehydrated package by default create private files with word-readable
> permissions.

That's not what it doe around here, nor I could find anybody who had
your experience.
One of the first thing dehydrated does is to set an umask of 077, and
then mktemp creates file with 600 by default anyway, indeed all my
files (public and private keys) are 600.

> How I got this:
> I installed dehydrated 0.3.1-3~bpo8+1
> Put my domain with subdomains to /etc/dehydrated/domains.txt and run
> # dehydrated -c
> as root user
> (I dont know does it matter or not, but first runs failed because I did
> not setup challenge dir for all subdomain.)
> 
> After cerificates and keys was generated I found that files are
> readable by anyone in the system:
> dnsmasq@master:~$ ls -la /var/lib/dehydrated/certs/gerasiov.net/privkey*

In fact you shouldn't even be able to do this, the certs directories
should be 700...

Are you running with a weird umask (which shouldn't matter anyway), or a
mangled mktemp, or do you have (more likely) any hook misbehaving?

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#860064: [dnsmasq] startup failue when dns-root-data installed

[Francesco Paolo Lovergine]

Package: dnsmasq
Version: 2.76-5
Followup-For: Bug #860064

Hi, I can confirm this problem and that the provided patch works.

cheers.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dnsmasq depends on:
ii  dnsmasq-base 2.76-5+b1
ii  init-system-helpers  1.48
ii  netbase  5.4

dnsmasq recommends no packages.

Versions of packages dnsmasq suggests:
pn  resolvconf  

-- Configuration Files:
/etc/default/dnsmasq changed:
DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.conf"
ENABLED=1
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new

/etc/dnsmasq.conf changed:
domain-needed
bogus-priv
local=/localnet/
interface=eth1
domain=ba.issia.cnr.it,172.16.0.0/24
dhcp-range=172.16.0.100,172.16.0.150,12h
dhcp-host=00:01:6c:e9:52:11,blegrez
dhcp-host=00:0d:60:cc:0d:f5,gloin
dhcp-host=a0:36:9f:55:8c:11,emstedal
dhcp-boot=pxelinux.0,pxeserver,172.16.0.1
pxe-service=x86pc,"Install Linux",pxelinux
enable-tftp
tftp-root=/srv/tftp

/etc/init.d/dnsmasq changed:
set +e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/dnsmasq
NAME=dnsmasq
DESC="DNS forwarder and DHCP server"
ENABLED=1
if [ -r /etc/default/$NAME ]; then
. /etc/default/$NAME
fi
if [ -r /etc/default/locale ]; then
. /etc/default/locale
export LANG
fi
test -e /usr/share/dnsmasq/installed-marker || exit 0
 
test -x $DAEMON || exit 0
if [ -f /lib/lsb/init-functions ]; then
 . /lib/lsb/init-functions
else
 log_warning_msg () {
echo "${@}."
 }
 log_success_msg () {
echo "${@}."
 }
 log_daemon_msg () {
echo -n "${1}: $2"
 }
 log_end_msg () {
if [ $1 -eq 0 ]; then
  echo "."
elif [ $1 -eq 255 ]; then
  /bin/echo -e " (warning)."
else
  /bin/echo -e " failed!"
fi
 }
fi
if [ ! "$RESOLV_CONF" ] &&
   [ "$IGNORE_RESOLVCONF" != "yes" ] &&
   [ -x /sbin/resolvconf ]
then
RESOLV_CONF=/run/dnsmasq/resolv.conf
fi
for INTERFACE in $DNSMASQ_INTERFACE; do
DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -i $INTERFACE"
done
for INTERFACE in $DNSMASQ_EXCEPT; do
DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -I $INTERFACE"
done
if [ ! "$DNSMASQ_USER" ]; then
   DNSMASQ_USER="dnsmasq"
fi
DNSMASQ_OPTS="$DNSMASQ_OPTS --local-service"
ROOT_DS="/usr/share/dns/root.ds"
if [ -f $ROOT_DS ]; then
   DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/".*\sIN\sDS\s"/--trust-anchor=.,/ -e 
s/" "/,/g $ROOT_DS | tr '\n' ' '`" 
fi
start()
{
# Return
#   0 if daemon has been started
#   1 if daemon was already running
#   2 if daemon could not be started
# /run may be volatile, so we need to ensure that
# /run/dnsmasq exists here as well as in postinst
if [ ! -d /run/dnsmasq ]; then
   mkdir /run/dnsmasq || return 2
   chown dnsmasq:nogroup /run/dnsmasq || return 2
fi
start-stop-daemon --start --quiet --pidfile /run/dnsmasq/$NAME.pid 
--exec $DAEMON --test > /dev/null || return 1
start-stop-daemon --start --quiet --pidfile /run/dnsmasq/$NAME.pid 
--exec $DAEMON -- \
-x /run/dnsmasq/$NAME.pid \
${MAILHOSTNAME:+ -m $MAILHOSTNAME} \
${MAILTARGET:+ -t $MAILTARGET} \
${DNSMASQ_USER:+ -u $DNSMASQ_USER} \
${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \
${DHCP_LEASE:+ -l $DHCP_LEASE} \
${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \
${RESOLV_CONF:+ -r $RESOLV_CONF} \
${CACHESIZE:+ -c $CACHESIZE} \
${CONFIG_DIR:+ -7 $CONFIG_DIR} \
${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} \
|| return 2
}
start_resolvconf()
{
for interface in $DNSMASQ_EXCEPT
do
[ $interface = lo ] && return
done
if [ -x /sbin/resolvconf ] ; then
echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME
fi
return 0
}
stop()
{
# Return
#   0 if daemon has been stopped
#   1 if daemon was already stopped
#   2 if daemon could not be stopped
#   other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile 
/run/dnsmasq/$NAME.pid --name $NAME
}
stop_resolvconf()
{
if [ -x /sbin/resolvconf ] ; then
/sbin/resolvconf -d lo.$NAME
fi
return 0
}
status()
{
# Return
#   0 if daemon is running
#   1 if daemon is dead and pid file exists
#   3 if daemon is not r

Bug#818016: updating ido in Debian

[Mike Gabriel]

Control: retitle -1 ITA: ido -- widgets and other objects used for indicators

Hi,

I plan to update this package in Debian soon. And continue efforts  
regarding indicator support in Debian. The packaging will continue to  
take happen under the umbrella of the pkg-ayatana Alioth team.


Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgp9AE_qOx4K0.pgp
Description: Digitale PGP-Signatur

Bug#857287: [zabbix-frontend-php] No zoom or slice on graphics

[Estevo Paz Freire]

Confirmed, fixed on version 1:3.0.7+dfsg-2

Thanks a lot.

Bug#856122: Tried 5.9.0, still the same

[Dennis van Dok]

I was hoping a later release would not suffer from this. Here is what I did:

(I'm running 'stretch' at the moment.)

apt-get source ardour
apt-get build-dep ardour

Downloaded the latest ardour sources from
https://community.ardour.org/src/ (5.9.0) using uscan.

unpacked the sources, copied the debian/ files from the 5.5.0 source tree.

I had to disable the 0080-more-spelling.patch because it wouldn't
cleanly apply (needs an update).

Otherwise

dpkg-buildpackage -b --no-sign

produced a new package.

Installed and tested. Bug is still reproducible.

My versions:

ardour 1:5.9.0~dfsg-1
libcairo2:amd64 1.14.8-1
calf-plugins 0.0.60-4+b1
-- 
D.H. van Dok :: System administrator :: www.nikhef.nl/grid ::
Phone +31 20 592 22 28 :: http://www.nikhef.nl/~dennisvd/

Bug#863119: mboxgrep -P seems to match everything

[Matus UHLAR - fantomas]

Package: mboxgrep
Version: 0.7.9-1

when using the -P option, mboxgrep tends to match everything.
I have tried with simple string over a maildir, I got copy of the maildir...

short look at the code:

  if (config.headers)
res1 = pcre_exec (pcre_pattern, hints, msg->headers,
  (int) strlen (msg->headers), 0, 0, of, BUFSIZ);
  if (config.body)
res2 = pcre_exec (pcre_pattern, hints, msg->body,
  (int) strlen (msg->body), 0, 0, of, BUFSIZ);

  res1 = res1 ^ 1;
  res2 = res2 ^ 1;

I think that the results should be compared to null instead:

  res1 = (res1 != NULL);
  res2 = (res2 != NULL);


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Bug#862742: filetea: Wrong version of jQuery gets installed

[Alberto Garcia]

Control: tags -1 moreinfo unreproducible

On Tue, May 16, 2017 at 12:30:10PM +, Rahul De wrote:

> The package uses the function live which has been removed in
> jQuery 1.9.  The source in the upstream depends on 1.7.2 and no
> version has been mentioned in the control file of the packaging
> for libjs-jquery. Hence the latest version(3.1.1) is fetched which
> breaks it and makes it unusable for everyone.

Hi,

I just tried filetea 0.1.16-3+b1 with libjs-jquery 3.1.1-2 and it
seems to work just fine. I shared a file between two machines without
problems.

What is the problem that you are having exactly?

Berto

Bug#858269: Fails to build, test try things not allowed as non-root

[Jordi Mallach]

Package: docker.io
Version: 1.13.0~ds1-3
Followup-For: Bug #858269

Hi Tim,

I've extended the patches so they fix the testsuite errors.

Attached are the new two patches for debian/patches. With them, docker.io
builds with a non-priviledged user.

Jordi


-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages docker.io depends on:
ii  adduser  3.115
ii  containerd   0.2.3~git20161117.78.03e5862~ds1-2+b1
ii  golang-libnetwork0.8.0~dev.2+git20161130.568.fd27f22-4+b1
ii  init-system-helpers  1.48
ii  iptables 1.6.0+snapshot20161117-6
ii  libapparmor1 2.11.0-3
ii  libc62.24-10
ii  libdevmapper1.02.1   2:1.02.137-2
ii  libsqlite3-0 3.16.2-3
ii  libsystemd0  232-23
ii  lsb-base 9.20161125
ii  runc 1.0.0~rc2+git20161109.131.5137186-2+b1

Versions of packages docker.io recommends:
ii  ca-certificates  20161130
ii  cgroupfs-mount   1.4
ii  git  1:2.11.0-2
ii  xz-utils 5.2.2-1.2+b1

Versions of packages docker.io suggests:
pn  aufs-tools   
ii  btrfs-progs  4.9.1-1
ii  debootstrap  1.0.90
pn  docker-doc   
pn  rinse
pn  zfs-fuse | zfsutils  

-- no debconf information
Index: docker.io-1.13.0~ds1/profiles/seccomp/seccomp.go
===
--- docker.io-1.13.0~ds1.orig/profiles/seccomp/seccomp.go
+++ docker.io-1.13.0~ds1/profiles/seccomp/seccomp.go
@@ -17,7 +17,7 @@ import (
 
 // GetDefaultProfile returns the default seccomp profile.
 func GetDefaultProfile(rs *specs.Spec) (*specs.Seccomp, error) {
-   return setupSeccomp(DefaultProfile(), rs)
+   return setupSeccomp(DefaultProfile(rs), rs)
 }
 
 // LoadProfile takes a file path and decodes the seccomp profile.
Description: allow skipping "privileged" tests with "-test.short"
Author: Tianon Gravi 
Forwarded: no

Index: docker.io-1.13.0~ds1/daemon/daemon_test.go
===
--- docker.io-1.13.0~ds1.orig/daemon/daemon_test.go
+++ docker.io-1.13.0~ds1/daemon/daemon_test.go
@@ -158,6 +158,10 @@ func TestValidContainerNames(t *testing.
 }
 
 func TestContainerInitDNS(t *testing.T) {
+   if testing.Short() {
+   t.Skip("Skipping privileged test in short mode")
+   }
+
tmp, err := ioutil.TempDir("", "docker-container-test-")
if err != nil {
t.Fatal(err)
Index: docker.io-1.13.0~ds1/daemon/graphdriver/aufs/aufs_test.go
===
--- docker.io-1.13.0~ds1.orig/daemon/graphdriver/aufs/aufs_test.go
+++ docker.io-1.13.0~ds1/daemon/graphdriver/aufs/aufs_test.go
@@ -28,6 +28,10 @@ func init() {
 }
 
 func testInit(dir string, t testing.TB) graphdriver.Driver {
+   if testing.Short() {
+   t.Skip("Skipping privileged test in short mode")
+   }
+
d, err := Init(dir, nil, nil, nil)
if err != nil {
if err == graphdriver.ErrNotSupported {
Index: docker.io-1.13.0~ds1/daemon/graphdriver/devmapper/devmapper_test.go
===
--- docker.io-1.13.0~ds1.orig/daemon/graphdriver/devmapper/devmapper_test.go
+++ docker.io-1.13.0~ds1/daemon/graphdriver/devmapper/devmapper_test.go
@@ -11,50 +11,70 @@ import (
"github.com/docker/docker/daemon/graphdriver/graphtest"
 )
 
-func init() {
+func shortSkip(t *testing.T) {
+   if testing.Short() {
+   t.Skip("Skipping privileged test in short mode")
+   }
+}
+
+// This avoids creating a new driver for each test if all tests are run
+// Make sure to put new tests between TestDevmapperSetup and 
TestDevmapperTeardown
+func TestDevmapperSetup(t *testing.T) {
+   shortSkip(t)
+
// Reduce the size the the base fs and loopback for the tests
defaultDataLoopbackSize = 300 * 1024 * 1024
defaultMetaDataLoopbackSize = 200 * 1024 * 1024
defaultBaseFsSize = 300 * 1024 * 1024
defaultUdevSyncOverride = true
if err := graphtest.InitLoopbacks(); err != nil {
-   panic(err)
+   t.Fatal(err)
}
-}
 
-// This avoids creating a new driver for each test if all tests are run
-// Make sure to put new tests between TestDevmapperSetup and 
TestDevmapperTeardown
-func TestDevmapperSetup(t *testing.T) {
graphtest.GetDriver(t, "devicemapper")
 }
 
 func TestDevmapperCreateEmpty(t *testing.T) {
+   shortSkip(t)
+
graphtest.DriverTestCreateEmpty(t, "devicemapper")
 }
 
 func TestDevmapp

Bug#810145: pbuiler: find a way to mount /run/shm even if some other process is accessing it

[Jo Shields]

This is especially painful with the Jenkins Chroot plugin, which uses 
`pbuilder execute` to run things - a stray process from a failed CI test 
leads to gigs of "target is busy" messages in the build logs, which need 
manually killing.


This doesn't seem inordinately difficult to resolve - lsof can filter on 
BUILDPLACE, add a flag to kill stray processes, and just kill all the 
detected processes when that's turned on

Bug#863120: ITP: node-stream-array -- Pipe an Array through Node.js streams

[Pirate Praveen]

Package: wnpp
Severity: wishlist
Owner: Pirate Praveen 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-stream-array
  Version : 1.1.2
  Upstream Author : Matthew I. Metnetsky 
* URL : https://github.com/mimetnet/node-stream-array
* License : Expat
  Programming Lang: JavaScript
  Description : Pipe an Array through Node.js streams

 This is rather useful for testing other streams. This library is a build
 dependency of gulp-concat, concatenation support for gulp build tool.
 .
 Node.js is an event-based server-side JavaScript engine.



signature.asc
Description: OpenPGP digital signature

Bug#861744: [Pkg-privacy-maintainers] Bug#861744: torbrowser-launcher: Should not be part of Stretch

[intrigeri]

Hi Holger,

[This comes after reading your message, feeling unhappy about it,
sleeping on it and re-reading it again.]

While I see a few interesting related points and questions in your
message, I still don't understand what is your position wrt.
what's most relevant here IMO, so I figured I would ask you instead of
arguing based on wrong assumptions:

Fundamentally, do you disagree with the main point this bug report is
about i.e. "Should not be part of Stretch"?

And if you indeed do want to see this package in Stretch, how do you
plan to be involved on maintaining it via stable-security or
stable-updates?

Cheers,
-- 
intrigeri

Bug#863121: ITP: ayatana-ido -- Widgets and other objects used for Ayatana Indicators

[Mike Gabriel]

Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

* Package name: ayatana-ido
  Version : 0.4.0
  Upstream Author : Mike Gabriel 
Canonical Ltd.
* URL : https://github.com/ArcticaProject/aytana-ido
* License : GPL, LGPL
  Programming Lang: C, C++
  Description : Widgets and other objects used for Ayatana Indicators

 Shared library providing extra gtk menu items for display in system
 indicators.
 .
 The ayatana-ido is a fork of https://launchpad.net/ido that has been
 stripped-off of all Ubuntu-specific elements. It builds against and runs
 on top of a vanilla GTK-3, no Ubuntu-specific patches in GTK-3 are
 required.
 .
 The ayatana-ido widget library allows menubar providers like e.g.
 Arctica Greeter to render tray icons and their menus based on
 menu information provided over DBus for various indicator applets.

Bug#863122: ITP: lua-argparse -- feature-rich command line parser for Lua language

[Victor Seva]

Package: wnpp
Severity: wishlist
Owner: Victor Seva 

* Package name: lua-argparse
  Version : 0.5.0
  Upstream Author : Peter Melnichenko
* URL : https://github.com/mpeterv/argparse
* License : Expat
  Programming Lang: Lua
  Description : feature-rich command line parser for Lua language

Argparse is a feature-rich command line parser for Lua inspired by argparse for 
Python.

Argparse supports positional arguments, options, flags, optional arguments, 
subcommands and more. Argparse automatically generates usage, help and error 
messages.

It will be maintained under pkg-lua team

Bug#863123: Specially crafted arts file could lead to memory leak

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/456

origin: 
https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4
bug: https://github.com/ImageMagick/ImageMagick/issues/456

Bug#863124: A crafted file revealed an assertion failure in profile.c.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/489

Bug#863125: A crafted file revealed an assertion failure in blob.c.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/490

Bug#863119: mboxgrep -P seems to match everything

[Matus UHLAR - fantomas]

Correction:

On 22.05.17 11:34, Matus UHLAR - fantomas wrote:

 if (config.headers)
   res1 = pcre_exec (pcre_pattern, hints, msg->headers,
 (int) strlen (msg->headers), 0, 0, of, BUFSIZ);
 if (config.body)
   res2 = pcre_exec (pcre_pattern, hints, msg->body,
 (int) strlen (msg->body), 0, 0, of, BUFSIZ);

 res1 = res1 ^ 1;
 res2 = res2 ^ 1;

I think that the results should be compared to null instead:

 res1 = (res1 != NULL);
 res2 = (res2 != NULL);


the pcre_regex returns <0 when no match or an error occured, and >=0 if
match found.

otoh, the function expects "0" when match is found - as regexec() does.

that also means, both res1 and res2 values should be modified within the if()
block, so they stay correct.

This seems to work:

--- scan.c.orig 2003-04-06 23:01:49.0 +0200
+++ scan.c  2017-05-22 12:27:26.0 +0200
@@ -159,14 +159,18 @@
 if (config.perl)
  {
if (config.headers)
+ {
  res1 = pcre_exec (pcre_pattern, hints, msg->headers,
(int) strlen (msg->headers), 0, 0, of, BUFSIZ);
+   res1 = (res1 < 0);
+ }
if (config.body)
+ {
  res2 = pcre_exec (pcre_pattern, hints, msg->body,
(int) strlen (msg->body), 0, 0, of, BUFSIZ);
+   res1 = (res2 < 0);
+ }

- res1 = res1 ^ 1;
- res2 = res2 ^ 1;
  }
 else
   #endif /* HAVE_LIBPCRE */

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...

Bug#863126: Check for EOF conditions for RLE image format

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4


Waiting for CVE

  origin: 
https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198

Bug#863127: ITP: node-stream-assert -- Assertion library for streams

[Pirate Praveen]

Package: wnpp
Severity: wishlist
Owner: Pirate Praveen 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-stream-assert
  Version : 2.0.3
  Upstream Author : Vsevolod Strukchinsky 
* URL : https://github.com/floatdrop/stream-assert
* License : Expat
  Programming Lang: JavaScript
  Description : Assertion library for streams

 Assert streams with ease. This library is a build dependency of
gulp-concat,
 concatenation support for gulp build tool.
 .
 Node.js is an event-based server-side JavaScript engine.



signature.asc
Description: OpenPGP digital signature

Bug#862899: rsync: insufficient escaping/quoting of arguments

[Scott Leggett]

On Thu, 18 May 2017 13:16:23 +0200 Thorsten Glaser  wrote:
> Package: rsync
> Version: 3.1.2-2
> Severity: serious
> Tags: security upstream
> Justification: security-relevant
> 
> Assume my home directory on 'remote' has no files matching '*4'.
> 
> Now run this:
> 
> remote$ touch ./-zT.mp4
> local$ mkdir test
> local$ cd test
> local$ rsync -zavPH --numeric-ids -S --stats '--rsh=ssh -T' $remote:\*4 .

I think you just need to prefix your wildcard. This works for me:

$ rsync -zavP --numeric-ids --stats $remote:./*4 .
receiving incremental file list
-zT.mp4
  0 100%0.00kB/s0:00:00 (xfr#1, to-chk=0/1)

  Number of files: 1 (reg: 1)
  Number of created files: 1 (reg: 1)
  Number of deleted files: 0
  Number of regular files transferred: 1
  Total file size: 0 bytes
  Total transferred file size: 0 bytes
  Literal data: 0 bytes
  Matched data: 0 bytes
  File list size: 37
  File list generation time: 0.001 seconds
  File list transfer time: 0.000 seconds
  Total bytes sent: 43
  Total bytes received: 88

  sent 43 bytes  received 88 bytes  262.00 bytes/sec
  total size is 0  speedup is 0.00

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#861480: Processed: Version tracking fix

[Michal Čihař]

Hi Adrian

Debian Bug Tracking System píše v Po 22. 05. 2017 v 11:03 +:
> Processing commands for cont...@bugs.debian.org:
> 
> > found 861480 4.11.4+dfsg-2
> 
> Bug #861480 {Done: Debian FTP Masters  g>} [series60-remote] ImportError: No module named QtWebKit
> There is no source info for the package 'series60-remote' at version
> '4.11.4+dfsg-2' with architecture ''
> Unable to make a source version for version '4.11.4+dfsg-2'
> Marked as found in versions 4.11.4+dfsg-2 and reopened.

Are you sure this is correct version?

-- 
Michal Čihař | https://cihar.com/ | https://weblate.org/


signature.asc
Description: This is a digitally signed message part

Bug#863128: ITP: open-infrastructure-package-tracker -- Compare and track package versions in debian repositories

[Daniel Baumann]

Package: wnpp

* Package name: open-infrastructure-package-tracker
  Upstream Author : Andreas Kreuzer

* License : GPL-3+
  Description : package-tracker is designed to compare apt archives
from a derrivate (debian extending repositories)
against their parent ones. As such it is possible
to track changes of package versions in other
archives.

Bug#857986: [Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

[Pirate Praveen]

On വെള്ളി 19 മെയ് 2017 03:45 വൈകു, Jérémy Lal wrote:
> There are complications to distributing npm: it depends on a LOT of
> modules, which
> means it requires a lot of debian-maintainer time to package, and update.

https://wiki.debian.org/Javascript/Nodejs/Tasks/npm ie, roughly about 78
new modules to package. If one person were to work full time, I think
about 10-15 days time.




signature.asc
Description: OpenPGP digital signature

Bug#857085: [Pkg-d-devel] Bug#857085: terminix FTBFS on armhf: Error executing /usr/bin/ldc2: Segmentation fault

[Matthias Klumpp]

2017-05-22 7:17 GMT+02:00 Petter Reinholdtsen :
> I was sad to discover that ldc and all its dependencies were removed from 
> testing
> today because of this issue.
>
> I guess no-one succeeded in figuring out what go wrong here?

Eww, I completely forgot to reply to the bug report yesterday to defer
the autoremoval a little, because I was originally planning to just
remove Terminix on armhf. This is really bad because I need LDC on the
AppStream DSA machine, it not being in Stretch means I can not build
the AppStream generator on the appstream.d.o machine and have to do a
manual binary upload, which does really suck a lot.

Unfortunately I don't think policy leaves any room for getting LDC
back into testing, especially since the version in unstable is a
different, new one now due to my attempts to debug this issue in
unstable (and the release team won't like that).

Sorry, I think I screwed up here (I thought the expiration date was
25.May for some reason).

Cheers,
Matthias

-- 
I welcome VSRE emails. See http://vsre.info/

Bug#857085: [Pkg-d-devel] Bug#857085: terminix FTBFS on armhf: Error executing /usr/bin/ldc2: Segmentation fault

[Matthias Klumpp]

Regarding the issue: The cause for it remains elusive to me. There is
a bug happening on Debian's i386 buildds which apparently is the same
thing that's happening on the armhf architecture, but I failed to
reproduce it locally (built LDC 8 times in a row in a pristine Sid
chroot with no failure, while it always FTBFS in Debian unstable).

I have no idea on what could cause the bug, I did even read the LDC
code section where this issue occurs a few times to check for some
potential 64bit <-> 32bit fallacies but the code looks fine to me. I
don't really know how to debug this further. The most puzzling thing
is that this particular bug seems to be Debian specific, as no other
distro shipping LDC has this issue (no issue in Fedora, OpenSUSE,
etc.).

As soon as there is a solution to this issue, I think I could upload
LDC, Tilix, and AppStream Generator as well as their dependencies to
Stretch backports.

Cheers,
Matthias

Bug#861744: [Pkg-privacy-maintainers] Bug#861744: Bug#861744: torbrowser-launcher: Should not be part of Stretch

[Holger Levsen]

On Mon, May 22, 2017 at 12:12:39PM +0200, intrigeri wrote:
> While I see a few interesting related points and questions in your
> message, I still don't understand what is your position wrt.
> what's most relevant here IMO, so I figured I would ask you instead of
> arguing based on wrong assumptions:
 
:) thanks for asking!

> Fundamentally, do you disagree with the main point this bug report is
> about i.e. "Should not be part of Stretch"?

yes, somewhat, but I acknowledge that it's not my call.

> And if you indeed do want to see this package in Stretch, how do you
> plan to be involved on maintaining it via stable-security or
> stable-updates?

I don't plan to be involved.

My trigger to send this mail are those mails generated through the failures
on https://jenkins.debian.net/view/torbrowser/ - I get a daily mail that
torbrowser-launcher in jessie is broken, and weekly mails about the breakage
in wheezy-backports and jessie-backports.

So of course what I shall do is to disable those mails to me, after all
I'm one of the maintainers of jenkins.d.n :) But then I fear that
torbrowser-launcher will bitrot even more…

So, in summary, yes, I disagree with this bugreport that I think that the
package is supportable in stable and then I realized that I also question
the plan to support it in stretch-backports, cause I'm very aware of the
status of the package in stable-backports and oldstable-backports today.


I realize that my position is not the most helpful one, but I thought and
think that it's also not helpful to be aware of problems and stay silent on
them.

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#863129: jessie-pu: package salt/2014.1.13+ds-3

[Benjamin Drung]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi,

salt in jessie is affected by some security issues. Salvatore Bonaccorso
from the security wrote: So we are basically down at
https://security-tracker.debian.org/tracker/source-package/salt to
no-dsa issues, so up to decicde I guess if you still want a DSA or
rather go via the upcoming point release.

Thus the requests for a SPU to fix four security bugs (debdiff
attached).

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.dr...@profitbricks.com
Web: https://www.profitbricks.com

Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Achim Weiss.
diff -Nru salt-2014.1.13+ds/debian/changelog salt-2014.1.13+ds/debian/changelog
--- salt-2014.1.13+ds/debian/changelog  2015-02-13 06:27:53.0 +0100
+++ salt-2014.1.13+ds/debian/changelog  2017-05-22 13:34:40.0 +0200
@@ -1,3 +1,18 @@
+salt (2014.1.13+ds-3+deb8u1) jessie; urgency=high
+
+  [ Benjamin Drung ]
+  * Team upload.
+  * CVE-2015-6918: git module leaks authentication details into log
+  * CVE-2015-6941: user state displays passwords in debug log
+
+  [ Salvatore Bonaccorso ]
+  * CVE-2015-8034: Information leak from state.sls cache data stored as
+world-readable (Closes: #807356)
+  * CVE-2016-3176: Insecure configuration of PAM external authentication
+service (Closes: #819184)
+
+ -- Benjamin Drung   Mon, 22 May 2017 
13:34:36 +0200
+
 salt (2014.1.13+ds-3) unstable; urgency=medium
 
   * [5273cd4] Added python-msgpack dependency. Closes: 777665
diff -Nru salt-2014.1.13+ds/debian/patches/CVE-2015-6918.patch 
salt-2014.1.13+ds/debian/patches/CVE-2015-6918.patch
--- salt-2014.1.13+ds/debian/patches/CVE-2015-6918.patch1970-01-01 
01:00:00.0 +0100
+++ salt-2014.1.13+ds/debian/patches/CVE-2015-6918.patch2017-04-18 
12:18:56.0 +0200
@@ -0,0 +1,46 @@
+From 528916548726976dcc75626dc6f6641ceb206ee3 Mon Sep 17 00:00:00 2001
+From: Tarjei Husøy 
+Date: Wed, 19 Aug 2015 11:41:10 -0700
+Subject: [PATCH] Git: Don't leak https user/pw to log
+Origin: backport, 
https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a
+
+---
+ salt/modules/git.py| 17 ++---
+ tests/unit/modules/git_test.py | 18 ++
+ 2 files changed, 32 insertions(+), 3 deletions(-)
+
+--- a/salt/modules/git.py
 b/salt/modules/git.py
+@@ -5,6 +5,7 @@
+ 
+ # Import python libs
+ import os
++import re
+ import tempfile
+ try:
+ import pipes
+@@ -75,6 +76,7 @@
+ result = __salt__['cmd.run_all'](cmd,
+  cwd=cwd,
+  runas=runas,
++ output_loglevel='quiet',
+  env=env,
+  **kwargs)
+ 
+@@ -86,7 +88,15 @@
+ if retcode == 0:
+ return result['stdout']
+ else:
+-raise exceptions.CommandExecutionError(result['stderr'])
++stderr = _remove_sensitive_data(result['stderr'])
++raise exceptions.CommandExecutionError(stderr)
++
++
++def _remove_sensitive_data(sensitive_output):
++'''
++Remove HTTP user and password.
++'''
++return re.sub('(https?)://.*@', r'\1://@', sensitive_output)
+ 
+ 
+ def _git_getdir(cwd, user=None):
diff -Nru salt-2014.1.13+ds/debian/patches/CVE-2015-6941.patch 
salt-2014.1.13+ds/debian/patches/CVE-2015-6941.patch
--- salt-2014.1.13+ds/debian/patches/CVE-2015-6941.patch1970-01-01 
01:00:00.0 +0100
+++ salt-2014.1.13+ds/debian/patches/CVE-2015-6941.patch2017-04-18 
12:32:52.0 +0200
@@ -0,0 +1,33 @@
+From fdd35374562658f4a20767a3703fab93d92f9ca9 Mon Sep 17 00:00:00 2001
+From: twangboy 
+Date: Fri, 11 Sep 2015 16:39:47 -0600
+Subject: [PATCH] Replaced password with redacted when displayed
+Origin: backport, 
https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710
+
+---
+ salt/states/user.py | 10 ++
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/salt/states/user.py
 b/salt/states/user.py
+@@ -362,6 +362,8 @@
+ ret['comment'] = ('The following user attributes are set to be '
+   'changed:\n')
+ for key, val in changes.items():
++if key == 'password':
++val = 'XXX-REDACTED-XXX'
+ ret['comment'] += '{0}: {1}\n'.format(key, val)
+ return ret
+ # The user is present
+@@ -480,9 +482,9 @@
+ if spost['passwd'] != password:
+ ret['comment'] = 'User {0} created but failed to set' 
\
+  ' password to' \
+- ' {1}'.format(name, password)
++ 

Bug#863108: RFS: minecraft-installer/0.1-1 [ITP] -- Unofficial way to easily install game

[Carlos Donizete Froes]

Em seg, 2017-05-22 às 08:29 +0200, Christian Seiler escreveu:
> The package itself is free software (I presume), but it is for downloading a 
> non-free game. For
> this reason it should be in contrib, not main. You should hence change the 
> section from 'games' to
> 'contrib/games'.

This package contains "contrib/games" in 'd/control'.

d/control:
--

Source: minecraft-installer
Section: contrib/games
Priority: optional
Maintainer: Carlos Donizete Froes 
Build-Depends: debhelper (>= 10)
Standards-Version: 3.9.8
Homepage: https://github.com/coringao/minecraft-installer/wiki

Package: minecraft-installer
Architecture: any-amd64 any-i386
Depends: default-jre, ${misc:Depends}
Description: Unofficial way to easily install game
 The installer will download files from the official Mojang server
 and will not be redistributing, respecting the copyright
 and wishes of the Minecraft authors.
 .
 Have fun exploring the world where people built structures to protect
 against nocturnal monsters, players online work together to
 create wonderful, imaginative things.

-

Thanks!

-- 
⢀⣴⠾⠻⢶⣦⠀ Carlos Donizete Froes [a.k.a coringao]
⣾⠁⢠⠒⠀⣿⡁ - https://wiki.debian.org/coringao
⢿⡄⠘⠷⠚⠋⠀ GPG: 4096R/B638B780
⠈⠳⣄⠀⠀⠀  2157 630B D441 A775 BEFF  D35F FA63 ADA6 B638 B780

signature.asc
Description: This is a digitally signed message part

Bug#862988: dante-server: Job for danted.service failed because the control process exited with error code during installation

[Daniel Bareiro]

Hi, Peter.

El domingo 21 de mayo del 2017 a las 17:28:39 +0300,
Peter Pentchev escribió:

> > > Yeah, I guess I'll have to fix that at some point, probably before the
> > > stretch release.  Right after installation, the sample config file for
> > > dante-server does not specify any network interfaces at all (obviously,
> > > since nothing is known at that point), but then the dante server is
> > > automatically started, so it fails, and the installation itself fails.
> > > The correct fix would be to make dante-server not start automatically on
> > > installation; I'll take a look at this in the next couple of days.
> > > 
> > > In the meantime, could you try to take a look at the /etc/danted.conf
> > > file, configure it for your use case (at the very least, specify the
> > > listening address, and maybe some rules), then try to start the
> > > dante-server service?  If this works, if the dante-server service may be
> > > started properly, you can then run:
> > > 
> > >   dpkg-reconfigure -a
> > > 
> > > ...to let dpkg and apt complete the package installation.

> Ahh, so that's what happens when one posts before caffeine... of course,
> this was supposed to be:
> 
>   dpkg --configure -a
> 
> ...there's nothing that dpkg-reconfigure can do to help.

No problem :-) I think that anyway the installation was completed
successfully using "aptitude reinstall dante-server".

> > > Sorry about that, I keep forgetting about it :(  I'll fix it soon.
> > > 
> > > Thanks for your interest in Dante!
 
> > Thanks for your reply.
> > 
> > I added a minimal configuration, specifying the internal and external
> > interfaces and then running "aptitude reinstall dante-server". This
> > seems to solve the issue with the installation and then the service
> > starts without problems:
 
> I'm glad that it worked for you!  I've committed the fix to my dante
> packaging Git repository, I'll ask the release team for a freeze
> exception so that the fix makes it into the next release.
> 
> Thanks for your understanding, and do not hesitate to let me know if
> you hit any other problems!

Thank you very much!

I add below some other comments that may be useful.

Do you think it might be a good idea to enable the service at the boot
of the operating system? I think it is currently necessary to do
"systemctl enable danted" for this happen.

Do you think it might be a good idea to use something like:

---
# Include Dante defaults if available
if [ -f /etc/default/dante ]; then
. /etc/default/dante
fi
---

I think it might be useful if someone wants to start the service with
some additional parameter (eg "-d" for debug mode) without having to
manually modify the startup script.


Thanks for your time.

Kind regards,

-- 
Ing. Daniel Bareiro

Opción Libre - Soberanía tecnológica para su empresa
WWW: http://www.opcion-libre.com.ar
Tel: +54 11 5235-3090
Correo-e: conta...@opcion-libre.com.ar


signature.asc
Description: Digital signature

Bug#863130: ITP: node-stream-combiner -- Turn a pipeline into a single stream

[Pirate Praveen]

Package: wnpp
Severity: wishlist
Owner: Pirate Praveen 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-stream-combiner
  Version : 0.2.2
  Upstream Author : 'Dominic Tarr' 
(http://dominictarr.com)
* URL : https://github.com/dominictarr/stream-combiner
* License : Expat
  Programming Lang: JavaScript
  Description : Turn a pipeline into a single stream

 `Combine` function in this library returns a stream that writes to the
first
 stream and reads from the last stream. Listening for 'error' will recieve
 errors from all streams inside the pipe.
 .
 This library is a dependency for gulp-umd, plugin to add umd support to
gulp
 build tool.
 .
 Node.js is an event-based server-side JavaScript engine.



signature.asc
Description: OpenPGP digital signature

Bug#862387: openstack-dashboard: instance delete fails with: 403 Forbidden - CSRF verification failed. Request aborted.

[Valentin Vidic]

On Thu, May 18, 2017 at 05:14:10PM +0200, Thomas Goirand wrote:
> FYI, I worked together with upstream during all of last summer to
> somehow gain Django 1.10 compatibility. There was loads of issues, which
> were fixed one by one. I guess this bug means we didn't fixed them all.
> 
> If you're good enough with Django, we'd be very happy to add the patch
> both upstream and in the Debian package. According to one of the
> upstream "leaders" on IRC:

Ok, I've got a patch that fixes the CSRF issue.  It seems to be a
template change in 1.10 described in the upgrade documentation[1].
Could you please review it?

[1] https://docs.djangoproject.com/en/1.11/ref/templates/upgrading/
Passing a Context or a RequestContext is still possible when the
template is loaded by a DjangoTemplates backend but it’s deprecated and
won’t be supported in Django 1.10.

-- 
Valentin
--- a/horizon/browsers/base.py
+++ b/horizon/browsers/base.py
@@ -141,5 +141,4 @@
 def render(self):
 browser_template = template.loader.get_template(self.template)
 extra_context = {self.context_var_name: self}
-context = template.RequestContext(self.request, extra_context)
-return browser_template.render(context)
+return browser_template.render(extra_context, self.request)
--- a/horizon/browsers/breadcrumb.py
+++ b/horizon/browsers/breadcrumb.py
@@ -42,5 +42,4 @@
 """Renders the table using the template from the table options."""
 breadcrumb_template = template.loader.get_template(self.template)
 extra_context = {"breadcrumb": self}
-context = template.RequestContext(self.request, extra_context)
-return breadcrumb_template.render(context)
+return breadcrumb_template.render(extra_context, self.request)
--- a/horizon/tables/base.py
+++ b/horizon/tables/base.py
@@ -1333,8 +1333,7 @@
 table_template = template.loader.get_template(self._meta.template)
 extra_context = {self._meta.context_var_name: self,
  'hidden_title': self._meta.hidden_title}
-context = template.RequestContext(self.request, extra_context)
-return table_template.render(context)
+return table_template.render(extra_context, self.request)
 
 def get_absolute_url(self):
 """Returns the canonical URL for this table.
@@ -1482,9 +1481,8 @@
 extra_context['table_actions_menu'].append(action)
 elif action != extra_context.get('filter'):
 extra_context['table_actions_buttons'].append(action)
-context = template.RequestContext(self.request, extra_context)
 self.set_multiselect_column_visibility(len(bound_actions) > 0)
-return table_actions_template.render(context)
+return table_actions_template.render(extra_context, self.request)
 
 def render_row_actions(self, datum, row=False):
 """Renders the actions specified in ``Meta.row_actions`` using the
@@ -1500,8 +1498,7 @@
 bound_actions = self.get_row_actions(datum)
 extra_context = {"row_actions": bound_actions,
  "row_id": self.get_object_id(datum)}
-context = template.RequestContext(self.request, extra_context)
-return row_actions_template.render(context)
+return row_actions_template.render(extra_context, self.request)
 
 @staticmethod
 def parse_action(action_string):
--- a/horizon/utils/csvbase.py
+++ b/horizon/utils/csvbase.py
@@ -84,8 +84,7 @@
 if template:
 # Display some header info if provided as a template
 header_template = django_template.loader.get_template(template)
-context = django_template.RequestContext(request, self.context)
-self.header = header_template.render(context)
+self.header = header_template.render(self.context, request)
 
 if self.header:
 self.out.write(self.encode(self.header))
@@ -117,8 +116,7 @@
 if template:
 # Display some header info if provided as a template
 header_template = django_template.loader.get_template(template)
-context = django_template.RequestContext(request, self.context)
-self.header = header_template.render(context)
+self.header = header_template.render(self.context, request)
 
 self._closable_objects.append(self.out)
 
--- a/horizon/workflows/base.py
+++ b/horizon/workflows/base.py
@@ -176,8 +176,7 @@
 extra_context = extra_context or {}
 if self.help_text_template:
 tmpl = template.loader.get_template(self.help_text_template)
-context = template.RequestContext(self.request, extra_context)
-text += tmpl.render(context)
+text += tmpl.render(extra_context, self.request)
 else:
 text += linebreaks(force_text(self.help_text))
 return safe(text)
@@ -443,8 +442,7 @@
 step_template = template.loader.get_template(self.templa

Bug#863132: qjoypad: please mark as Architecture:linux-any

[Adam Borowski]

Package: qjoypad
Version: 4.1.0-2.1
Severity: minor

Hi!
This package keeps FTBFSing on kfreebsd and hurd with the following error:

joypadw.h:7:28: fatal error: linux/joystick.h: No such file or directory

It relies on Linux-specific interfaces thus porting would probably be
tricky, and it seems to be moribund upstream, thus such porting is not to be
expected anytime soon.

It'd be nice if you marked this fact, and changed:
debian/control
-Architecture: any
+Architecture: linux-any


-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(150, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-rc1-debug-00011-gb82803d91ae5 (SMP w/6 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages qjoypad depends on:
ii  libc6   2.24-10
ii  libgcc1 1:7.1.0-5
ii  libqtcore4  4:4.8.7+dfsg-11
ii  libqtgui4   4:4.8.7+dfsg-11
ii  libstdc++6  7.1.0-5
ii  libx11-62:1.6.4-3
ii  libxtst62:1.2.3-1

qjoypad recommends no packages.

qjoypad suggests no packages.

-- no debconf information

Bug#794466: hi

[Vintexs Deku]

*Why you have not reply to my email which I send to you, check you email
and reply to me*

Bug#857085: [Pkg-d-devel] Bug#857085: terminix FTBFS on armhf: Error executing /usr/bin/ldc2: Segmentation fault

[Matthias Klumpp]

2017-05-22 13:32 GMT+02:00 Matthias Klumpp :
> [...]
> Sorry, I think I screwed up here (I thought the expiration date was
> 25.May for some reason).

I learned just now that jcristau force-hinted LDC out yesterday,
although he knew that I already comitted a workaround (dropping armhf
from Terminix) to t-p-u. I am not happy that I wasn't at least
notified about that step beforehand (would've been so easy on IRC!).

Making the best out of a bad situation, once we have a solution for
this, I'll make a backport of the stuff that got dropped (about 8-10
packages), if the fix is suitablke for backports (if it's resolved by
upgrading to a newer LLVM, we might have a problem).

Cheers,
Matthias

-- 
I welcome VSRE emails. See http://vsre.info/

Bug#863133: debmirror: multiple problems with --debmarshal --getcontents --dry-run

[Stefan Kisdaroczi]

Package: debmirror
Version: 1:2.26
Tags: patch

Hi,

1) debmirror fails with --debmarshal and --getcontents

$ debmirror --rsync-extra=none --method http --keyring
/usr/share/keyrings/debian-archive-keyring.gpg --debmarshal
--getcontents mirror
Warning: --rsync-extra is not configured to mirror the trace files.
This configuration is not recommended.
Error while linking .temp/dists/sid/contrib/Contents-i386.gz: No such
file or directory
WARNING: releasing 1 pending lock...

link_contents_into_snapshot() is called i a $sect loop and contains
itself a $sect loop.
Patch 01-debmarshal-getcontents.diff removes the loop in
link_contents_into_snapshot().

2) debmirror fails with --debmarshal and --dry-run and updates latest symlink

Without --getcontents:
$ debmirror --rsync-extra=none --method http --keyring
/usr/share/keyrings/debian-archive-keyring.gpg --debmarshal --dry-run
mirror
...
[  0%] Getting: dists/sid/contrib/i18n/Translation-en.bz2... ok
linking dists/sid/contrib/i18n/Translation-en.bz2
Error while linking .temp/dists/sid/contrib/i18n/Translation-en.bz2:
No such file or directory at /usr/bin/debmirror line 2028.
WARNING: releasing 1 pending lock...

With --getcontents:
$ debmirror --rsync-extra=none --method http --keyring
/usr/share/keyrings/debian-archive-keyring.gpg --debmarshal --dry-run
--getcontents mirror
...
[100%] Getting: dists/sid/main/Contents-i386.diff/Index... ok
.temp/dists/sid/main/Contents-i386.diff/Index: No such file or
directory at /usr/bin/debmirror line 2571.
WARNING: releasing 1 pending lock...

Patch 02-debmarshal-dry-run.diff fixes --debmarshal in --dry-run mode.

3) debmirror fails with --dry-run and --getcontents if --diff is != none

debmirror --rsync-extra=none --method http --keyring
/usr/share/keyrings/debian-archive-keyring.gpg --dry-run --getcontents
mirror
...
http://ftp.debian.org/debian/dists/sid/main/Contents-i386.diff/Index
=> [100%] Getting: dists/sid/main/Contents-i386.diff/Index... ok
.temp/dists/sid/main/Contents-i386.diff/Index: No such file or
directory at /usr/bin/debmirror line 2570.
WARNING: releasing 1 pending lock...

Patch 03-dry-run-getcontents.diff

4) debmirror creates pool/ and dists/$dist/ directory tree with --dry-run

I did not expect that in --dry-run mode. Patch 04-dry-run.diff


Regards
Stefan
diff --git a/debmirror b/debmirror
index 51fc92d..059cc23 100755
--- a/debmirror
+++ b/debmirror
@@ -2007,17 +2007,14 @@ sub link_release_into_snapshot {
 }
 
 sub link_contents_into_snapshot {
-  my ($dist,$mirrordir,$arch,$tempdir) = @_;
+  my ($dist,$mirrordir,$arch,$sect,$tempdir) = @_;
   my $next = get_next_snapshot($dist);
-  push my @sects, @sections,  "";
-  foreach my $sect (@sects) {
-if ($sect ne "") {$sect = "/$sect";}
-if (exists $file_lists{"$tempdir/dists/$dist$sect/Contents-$arch.gz"}) {
-  unlink("$mirrordir/dists/$dist/$next$sect/Contents-$arch.gz");
-  link("$tempdir/dists/$dist$sect/Contents-$arch.gz",
-   "$mirrordir/dists/$dist/$next$sect/Contents-$arch.gz")
-or die "Error while linking 
$tempdir/dists/$dist$sect/Contents-$arch.gz: $!\n";
-}
+  say("Linking dists/$dist$sect/Contents-$arch.gz to $next");
+  if (exists $file_lists{"$tempdir/dists/$dist$sect/Contents-$arch.gz"}) {
+unlink("$mirrordir/dists/$dist/$next$sect/Contents-$arch.gz");
+link("$tempdir/dists/$dist$sect/Contents-$arch.gz",
+ "$mirrordir/dists/$dist/$next$sect/Contents-$arch.gz")
+  or die "Error while linking $tempdir/dists/$dist$sect/Contents-$arch.gz: 
$!\n";
   }
 }
 
@@ -2419,7 +2416,7 @@ sub get_contents_files {
 $files{"dists/$dist$sect/Contents-$arch.gz"}=1;
 $files{$tempdir."/"."dists/$dist$sect/Contents-$arch.gz"}=1;
 if ($debmarshal) {
-  link_contents_into_snapshot($dist,$mirrordir,$arch,$tempdir);
+  link_contents_into_snapshot($dist,$mirrordir,$arch,$sect,$tempdir);
 }
   };
   my $first = 1;
diff --git a/debmirror b/debmirror
index 059cc23..dd66362 100755
--- a/debmirror
+++ b/debmirror
@@ -995,8 +995,12 @@ foreach my $dist (@dists) {
 $files{"dists/$codename$dist_sdir/Release"}=1;
 $files{$tempdir."/"."dists/$codename$dist_sdir/Release"}=1;
 if ($debmarshal) {
-  $next = make_next_snapshot($mirrordir,$dist,$codename,
-$dist_sdir,$tempdir);
+  $next = get_next_snapshot($dist);
+  say("Making dists/$codename$dist_sdir snapshot $next");
+  make_dir("$mirrordir/dists/$dist/$next") if ! $dry_run;
+  say("Linking dists/$codename$dist_sdir/Release to $next");
+  link_release_into_snapshot($mirrordir,$dist,$next,$tempdir,
+ $codename,$dist_sdir,"Release") if ! $dry_run;
 }
 if (-f "$tdir/Release.gpg") {
   rename("$tdir/Release.gpg", 
"$tempdir/dists/$codename$dist_sdir/Release.gpg")
@@ -1004,8 +1008,9 @@ foreach my $dist (@dists) {
   $files{"dists/$codename$dist_sdir/Release.gpg"}=1;
   $files{$tempdir."/"."dists/$codename$dist_sdir/Re

Bug#863134: ITP: libayatana-indicator -- Ayatana Indicators panel applets shared library

[Mike Gabriel]

Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

* Package name: libayatana-indicator
  Version : 0.6.0
  Upstream Author : Mike Gabriel 
Ted Gould 
* URL : https://github.com/ArcticaProject/libayatana-indicator
* License : GPL
  Programming Lang: C
  Description : Ayatana Indicators panel applets shared library

 This library contains information to build indicators to go into
 the Ayatana Indicator based panel applets.
 .
 The libayatana-indicator project is a fork of
 https://launchpad.net/libindicator that has been stripped-off of all
 Ubuntu-specific elements. It builds against and runs on top of a vanilla
 GTK-3 (or GTK-2), no Ubuntu-specific patches in GTK-3 are required.
 Ubuntu and Canonical namespaces (e.g. in DBus) have been fully dropped.
 .
 With this shared library, developers can code indicator based applets
 (GTK-2 and GTK-3 are supported currently) for modern desktop integration.

Bug#863108: RFS: minecraft-installer/0.1-1 [ITP] -- Unofficial way to easily install game

[Christian Seiler]

On 05/22/2017 02:14 PM, Carlos Donizete Froes wrote:
> This package contains "contrib/games" in 'd/control'.

Hmmm, then mentors doesn't show that, because it just says
"Section: games" on that page. Well, I just noticed it does show it,
but only in the URL to the dsc file that I overlooked when I saw
this message.

Sorry for the noise. :-(

Regards,
Christian

Bug#857986: [Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

[Jonas Smedegaard]

Quoting Pirate Praveen (2017-05-22 13:27:35)
> On വെള്ളി 19 മെയ് 2017 03:45 വൈകു, Jérémy Lal wrote:
>> There are complications to distributing npm: it depends on a LOT of 
>> modules, which means it requires a lot of debian-maintainer time to 
>> package, and update.
>
> https://wiki.debian.org/Javascript/Nodejs/Tasks/npm ie, roughly about 
> 78 new modules to package. If one person were to work full time, I 
> think about 10-15 days time.

...for the _initial_ packaging work.

We are package *maintainers*.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#861840: thunderbird: gmail authentication broken

[Laurent Bigonville]

On Thu, 4 May 2017 08:15:59 -0800 Christopher Howard 
 wrote:

> Subject: thunderbird: gmail authentication broken
> Package: thunderbird
> Severity: important
>
> Dear Maintainer,
>
> When attempting to authenticate a google email account, i get stuck 
at the
> google sign-in page. It requests the email account but the Next 
button and

> More
> options buttons do not work. This is a known probably caused by a google
> oauth
> change of some sort which has been fixed in upstream thunderbird:
>
> 
https://askubuntu.com/questions/910327/thunderbird-stuck-at-google-sign-in
> 
https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-

> native-apps.html
>


Updating the google calendar provider (from 2.6) to 3.3 fixed the 
problem for me


https://addons.mozilla.org/thunderbird/addon/provider-for-google-calendar/

Bug#863135: ifupdown: man interfaces: network-manager *does* now support source-directory

[Alan Jenkins]

Package: ifupdown
Version: 0.8.19
Severity: normal

Dear Maintainer,

`man interfaces` mentions that network-manager does not
support `source-directory`.  This limitation was fixed in
 
https://github.com/NetworkManager/NetworkManager/commit/ada6b96de94b97df57f321372736f66725676065

The commit is in 1.5.2-dev, and hence network-manager 1.6.
network-manager in stretch is now at version 1.6.2.
Therefore we can remove this caveat from the manual page.

Thanks
Alan


-- Package-specific info:
--- /etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

--- /etc/network/interfaces.d/*:
cat: '/etc/network/interfaces.d/*': No such file or directory

--- up and down scripts installed:
/etc/network/if-down.d:
total 8
-rwxr-xr-x 1 root root 1015 Apr 13  2015 avahi-autoipd
-rwxr-xr-x 1 root root  332 Jan  6  2013 upstart
lrwxrwxrwx 1 root root   32 Feb 20 10:55 wpasupplicant -> 
../../wpa_supplicant/ifupdown.sh

/etc/network/if-post-down.d:
total 4
lrwxrwxrwx 1 root root   23 Jan 23 08:41 avahi-daemon -> ../if-up.d/avahi-daemon
-rwxr-xr-x 1 root root 1409 Mar 24  2016 wireless-tools
lrwxrwxrwx 1 root root   32 Feb 20 10:55 wpasupplicant -> 
../../wpa_supplicant/ifupdown.sh

/etc/network/if-pre-up.d:
total 12
-rwxr-xr-x 1 root root  344 Sep 22  2014 ethtool
-rwxr-xr-x 1 root root 4178 Mar 24  2016 wireless-tools
lrwxrwxrwx 1 root root   32 Feb 20 10:55 wpasupplicant -> 
../../wpa_supplicant/ifupdown.sh

/etc/network/if-up.d:
total 28
-rwxr-xr-x 1 root root  923 Apr 13  2015 avahi-autoipd
-rwxr-xr-x 1 root root  484 Apr 13  2015 avahi-daemon
-rwxr-xr-x 1 root root 1685 Sep 22  2014 ethtool
-rwxr-xr-x 1 root root 4958 Apr  6  2015 mountnfs
-rwxr-xr-x 1 root root  972 Mar 30 11:18 openssh-server
-rwxr-xr-x 1 root root 1483 Jan  6  2013 upstart
lrwxrwxrwx 1 root root   32 Feb 20 10:55 wpasupplicant -> 
../../wpa_supplicant/ifupdown.sh


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ifupdown depends on:
ii  adduser  3.115
ii  init-system-helpers  1.48
ii  iproute2 4.9.0-1
ii  libc62.24-10
ii  lsb-base 9.20161125

Versions of packages ifupdown recommends:
ii  isc-dhcp-client [dhcp-client]  4.3.5-3

Versions of packages ifupdown suggests:
ii  ppp 2.4.7-1+4
pn  rdnssd  

-- no debconf information

Bug#851903: gcc-4.9 on RPi 3: gcc crashes with -mtune=native or -march=native or -mcpu=native

[Wolfgang M. Reimer]

$ gcc -march=native -Q --help=target
*** Error in `gcc': double free or corruption (top): 0x013b8bf8 ***
Aborted
$ gcc -mcpu=native -Q --help=target
*** Error in `gcc': double free or corruption (top): 0x00536c30 ***
Aborted
$ gcc -mtune=native -Q --help=target
*** Error in `gcc': double free or corruption (top): 0x00a66c90 ***
Aborted
$ 

Bug#861480: Processed: Version tracking fix

[Adrian Bunk]

Control: notfound -1 4.11.4+dfsg-2
Control: close -1
Control: tags -1 stretch sid

On Mon, May 22, 2017 at 01:17:25PM +0200, Michal Čihař wrote:
> Hi Adrian

Hi Michal,

> Debian Bug Tracking System píše v Po 22. 05. 2017 v 11:03 +:
> > Processing commands for cont...@bugs.debian.org:
> > 
> > > found 861480 4.11.4+dfsg-2
> > 
> > Bug #861480 {Done: Debian FTP Masters  > g>} [series60-remote] ImportError: No module named QtWebKit
> > There is no source info for the package 'series60-remote' at version
> > '4.11.4+dfsg-2' with architecture ''
> > Unable to make a source version for version '4.11.4+dfsg-2'
> > Marked as found in versions 4.11.4+dfsg-2 and reopened.
> 
> Are you sure this is correct version?

no, thanks for noticing.

What I wanted to do is to tell the BTS that the problem is not in jessie.

I failed to notice that #784513 was in another package.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#863110: openvpn: VPN remains connected, but network is unreachable after 30-45 min and requires reconnect

[Alberto Gonzalez Iniesta]

On Sun, May 21, 2017 at 06:40:31PM -0500, Prescott wrote:
> Package: openvpn
> Version: 2.4.0-5
> Severity: important
> 
> Dear Maintainer,
> 
>After the upgrade to openvpn 2.4.0-5 (from *-4), an issue has been
>occuring where after having been connected to the VPN for an
>approximate amount of time of around 30-45 minutes, the network
>connection will drop.  NetworkManager continues to state that the VPN
>is currently active, but no network is reachable.  The only way to
>restart the VPN network is to bring the connection up again.
> 
>As stated before, I am using openvpn through NetworkManger, and use
>nmcli with a configured VPN config file and a separate password file from 
> a paid service I
>subscribe to.
> 

Hi,

Could you try 2.4.0-6 just uploaded to unstable? It fixes an issue that
matches your symptoms.

Regards,

Alberto


-- 
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
mailto/sip: a...@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55

Bug#857986: [Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

[Pirate Praveen]

On തിങ്കള്‍ 22 മെയ് 2017 06:41 വൈകു, Jonas Smedegaard wrote:
> ...for the _initial_ packaging work.
> 
> We are package *maintainers*.

If you have not realized, we are discussing about maintaining an
existing package. I think you have also not realized the meaning of team
maintained packages. The person who did the initial package need not be
the maintainer of the packager for ever. When there is enough interest
in the package, it will remain maintained else it gets removed.



signature.asc
Description: OpenPGP digital signature

Bug#857986: [Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

[Jérémy Lal]

2017-05-22 16:10 GMT+02:00 Pirate Praveen :

> On തിങ്കള്‍ 22 മെയ് 2017 06:41 വൈകു, Jonas Smedegaard wrote:
> > ...for the _initial_ packaging work.
> >
> > We are package *maintainers*.
>
> If you have not realized, we are discussing about maintaining an
> existing package. I think you have also not realized the meaning of team
> maintained packages. The person who did the initial package need not be
> the maintainer of the packager for ever. When there is enough interest
> in the package, it will remain maintained else it gets removed.
>

I did the initial npm packaging. At that moment i was optimistic upstream
wouldn't add or change dependencies too much. I was wrong, npm is
constantly adding/removing modules through the months and years, requiring
a lot of maintainer work to keep up.
I think Jonas was pointing out that updating npm today won't actually solve
any issue regarding npm maintenance. Some company should fund that work.

Jérémy

Bug#863136: ITP: sphinx-autorun -- code execution extension for Sphinx

[Félix Sipma]

Package: wnpp
Severity: wishlist
Owner: =?utf-8?q?F=C3=A9lix_Sipma?= 

* Package name: sphinx-autorun
  Version : 1.0.1
  Upstream Author : Hugo Osvaldo Barrera 
* URL : https://github.com/hobarrera/sphinx-autorun/
* License : (GPL, LGPL, BSD, MIT/X, etc.)
  Programming Lang: Python
  Description : Code execution extension for Sphinx

  This extension for Sphinx that can execute the code from a runblock directive
  and attach the output of the execution to the document.

This package is a build dependency of todoman, another ITP of mine.

I'd like to maintain it in the python modules team. I've sent a request to join
the team, but did not get any answer yet.


signature.asc
Description: PGP signature

Bug#851143: systemd: doesn't use all the mount options from /etc/fstab when mounting on boot

[Russell Coker]

reopen 851143
thanks

> > Could you attach the output of
> > systemctl status mail.mount
> > systemctl show mail.mount
> 
> Since I don't have a selinux enabled system so I could try and reproduce
> this and no further information was provided, I'm closing this bug report.
> 
> Please reopen if you are available to debug this further.

Sorry for the delay in responding.  I've attached those files.

# ls -ldZ /mail
drwxr-xr-x. 1 vmail vmail system_u:object_r:nfsd_rw_t:s0 754 May 10 12:41 
/mail
# umount /mail ; mount /mail
# ls -ldZ /mail
drwxr-xr-x. 1 vmail vmail system_u:object_r:mail_spool_t:s0 754 May 10 12:41 
/mail

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
Where=/mail
What=10.10.10.1:/mailstore
Options=rw,relatime,seclabel,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.10.10.24,local_lock=none,addr=10.10.10.1
Type=nfs4
TimeoutUSec=1min 30s
ControlPID=0
DirectoryMode=0755
SloppyOptions=no
LazyUnmount=no
ForceUnmount=no
Result=success
UID=4294967295
GID=4294967295
ExecMount={ path=/bin/mount ; argv[]=/bin/mount 10.10.10.1:/mailstore /mail -t 
nfs -o context=system_u:object_r:mail_spool_t:s0,x-systemd.automount ; 
ignore_errors=no ; start_time=[Tue 2017-05-23 00:07:53 AEST] ; stop_time=[Tue 
2017-05-23 00:07:53 AEST] ; pid=740 ; code=exited ; status=0 }
Slice=system.slice
ControlGroup=/system.slice/mail.mount
MemoryCurrent=18446744073709551615
CPUUsageNSec=18446744073709551615
TasksCurrent=0
Delegate=no
CPUAccounting=no
CPUWeight=18446744073709551615
StartupCPUWeight=18446744073709551615
CPUShares=18446744073709551615
StartupCPUShares=18446744073709551615
CPUQuotaPerSecUSec=infinity
IOAccounting=no
IOWeight=18446744073709551615
StartupIOWeight=18446744073709551615
BlockIOAccounting=no
BlockIOWeight=18446744073709551615
StartupBlockIOWeight=18446744073709551615
MemoryAccounting=no
MemoryLow=0
MemoryHigh=18446744073709551615
MemoryMax=18446744073709551615
MemorySwapMax=18446744073709551615
MemoryLimit=18446744073709551615
DevicePolicy=auto
TasksAccounting=yes
TasksMax=4915
UMask=0022
LimitCPU=18446744073709551615
LimitCPUSoft=18446744073709551615
LimitFSIZE=18446744073709551615
LimitFSIZESoft=18446744073709551615
LimitDATA=18446744073709551615
LimitDATASoft=18446744073709551615
LimitSTACK=18446744073709551615
LimitSTACKSoft=8388608
LimitCORE=18446744073709551615
LimitCORESoft=0
LimitRSS=18446744073709551615
LimitRSSSoft=18446744073709551615
LimitNOFILE=4096
LimitNOFILESoft=1024
LimitAS=18446744073709551615
LimitASSoft=18446744073709551615
LimitNPROC=7977
LimitNPROCSoft=7977
LimitMEMLOCK=65536
LimitMEMLOCKSoft=65536
LimitLOCKS=18446744073709551615
LimitLOCKSSoft=18446744073709551615
LimitSIGPENDING=7977
LimitSIGPENDINGSoft=7977
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=18446744073709551615
LimitRTTIMESoft=18446744073709551615
OOMScoreAdjust=0
Nice=0
IOScheduling=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=5
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=inherit
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
SecureBits=0
CapabilityBoundingSet=18446744073709551615
AmbientCapabilities=0
DynamicUser=no
RemoveIPC=no
MountFlags=0
PrivateTmp=no
PrivateDevices=no
ProtectKernelTunables=no
ProtectKernelModules=no
ProtectControlGroups=no
PrivateNetwork=no
PrivateUsers=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=yes
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
RuntimeDirectoryMode=0755
MemoryDenyWriteExecute=no
RestrictRealtime=no
RestrictNamespace=2114060288
KillMode=control-group
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=mail.mount
Names=mail.mount
Requires=system.slice -.mount
Wants=network-online.target
Conflicts=umount.target
Before=umount.target remote-fs.target
After=remote-fs-pre.target mail.automount -.mount network-online.target 
system.slice network.target
TriggeredBy=mail.automount
RequiresMountsFor=/
Documentation=man:fstab(5) man:systemd-fstab-generator(8)
Description=/mail
LoadState=loaded
ActiveState=active
SubState=mounted
FragmentPath=/run/systemd/generator/mail.mount
SourcePath=/etc/fstab
UnitFileState=generated
UnitFilePreset=enabled
StateChangeTimestamp=Tue 2017-05-23 00:07:53 AEST
StateChangeTimestampMonotonic=10421737
InactiveExitTimestamp=Tue 2017-05-23 00:07:53 AEST
InactiveExitTimestampMonotonic=10037643
ActiveEnterTimestamp=Tue 2017-05-23 00:07:53 AEST
ActiveEnterTimestampMonotonic=10401752
ActiveExitTimestampMonotonic=0
InactiveEnterTimestampMonotonic=0
CanStart=yes
CanStop=yes
CanReload=yes
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=yes
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobTimeoutAction=none

Bug#863108: RFS: minecraft-installer/0.1-1 [ITP] -- Unofficial way to easily install game

[Carlos Donizete Froes]

Sorry for the noise. :-(


It's all right! I'm waiting for a sponsor for my package.

Thanks!


--
⢀⣴⠾⠻⢶⣦⠀ Carlos Donizete Froes [a.k.a coringao]
⣾⠁⢠⠒⠀⣿⡁ - https://wiki.debian.org/coringao
⢿⡄⠘⠷⠚⠋⠀ GPG: 4096R/B638B780
⠈⠳⣄⠀⠀⠀  2157 630B D441 A775 BEFF  D35F FA63 ADA6 B638 B780

Bug#860656: python-biplist: FTBFS on i386: dh_auto_test: pybuild --test --test-nose -i python{version} -p 2.7 returned exit code 13

[Chris Lamb]

tags 860656 - patch
thanks

Hans-Christoph Steiner wrote:

> The tests don't need fixing, they are pointing out a real issue, check
> the bug report to upstream for more info.

Sorry it looked like it was just a test representation issue. Untagging
"patch"...


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#860193: laptop-detect: false-positive on desktop if bluetooth k/b or mouse are used

[Damir Islamov]

Hello,

it seem to be working.

$ sh -x laptop-detect --verbose
+ PRINTIT=/bin/true
+ [ --verbose !=  ]
+ PRINTIT=echo
+ test -d /proc/pmu
+ command -v dmidecode
+ dmidecode=
+ [ -r /dev/mem -a -x  ]
+ [ -e /sys/devices/virtual/dmi/id/chassis_type ]
+ cat /sys/devices/virtual/dmi/id/chassis_type
+ chassis_type=3
+ /sbin/modprobe battery
+ sysfs_power_supply=/sys/class/power_supply
+ [ -d /sys/class/power_supply ]
+ ls /sys/class/power_supply
+ grep -q Battery 
/sys/class/power_supply/hid-f0:65:dd:7a:a1:26-battery/type
+ grep -q Device 
/sys/class/power_supply/hid-f0:65:dd:7a:a1:26-battery/scope

+ [ -d /proc/acpi/battery ]
+ [ -f /proc/apm ]
+ echo We're not on a laptop (no relevant hint found)
We're not on a laptop (no relevant hint found)
+ exit 1

---
Sincerely yours
Damir Islamov

email: da...@trefle.ru
Tel: 7-903-904-604-9

Simó Albert i Beltran писал 2017-05-20 14:25:

Please could you test the following version?
https://gitlab.com/debiants/laptop-detect/blob/sim6_non_device_acpi_batteries/laptop-detect.in

0xB5653FEF.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Bug#861752: libgit2: embeds unnecessary 3rd-party source files in deps/

[Ximin Luo]

Hi Russell, I think you just need to delete the empty line between License and 
Files-Excluded, it's supposed to be part of the first stanza.

You probably also want to add a 
dversionmangle=s/\+dfsg\d*$//,repacksuffix=+dfsg1, to the options list in 
debian/watch.

X

Russell Sim:
> Hi Ximin,
> 
> I can't figure out how this feature works.  Despite applying the patch I
> have attached, it seems that it doesn't actually strip the files I expect
> it to.  Do you have any suggestions?\
> 
> $ uscan --download-current-version --verbose
> uscan info: uscan (version 2.17.5) See uscan(1) for help
> uscan info: Scan watch files in .
> uscan info: Check debian/watch and debian/changelog in ./.git/refs/tags
> uscan info: Check debian/watch and debian/changelog in .
> uscan info: package="libgit2" version="0.25.1-1" (as seen in
> debian/changelog)
> uscan info: package="libgit2" version="0.25.1" (no epoch/revision)
> uscan info: ./debian/changelog sets package="libgit2" version="0.25.1"
> uscan info: Process ./debian/watch (package=libgit2 version=0.25.1)
> uscan info: opts:
> compression=xz,repack,filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/libgit2-$1\.tar\.gz/
> uscan info: line: https://github.com/libgit2/libgit2/releases
> .*/v?([\d.]*)\.tar\.gz
> uscan info: Parsing compression=xz
> uscan info: Parsing repack
> uscan info: Parsing
> filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/libgit2-$1\.tar\.gz/
> uscan info: line: https://github.com/libgit2/libgit2/releases
> .*/v?([\d.]*)\.tar\.gz
> uscan info: Last orig.tar.* tarball version (from debian/changelog): 0.25.1
> uscan info: Download the --download-current-version specified version:
> 0.25.1
> uscan info: Requesting URL:
>https://github.com/libgit2/libgit2/releases
> uscan info: Matching pattern:
>(?:(?:https://github.com
> )?\/libgit2\/libgit2\/releases)?.*/v?([\d.]*)\.tar\.gz
> uscan info: Found the following matching hrefs on the web page (newest
> first):
>/libgit2/libgit2/archive/v0.25.1.tar.gz (0.25.1) index=0.25.1-1 matched
> with the download version
>/libgit2/libgit2/archive/v0.25.0.tar.gz (0.25.0) index=0.25.0-1
>/libgit2/libgit2/archive/v0.24.6.tar.gz (0.24.6) index=0.24.6-1
>/libgit2/libgit2/archive/v0.24.5.tar.gz (0.24.5) index=0.24.5-1
>/libgit2/libgit2/archive/v0.24.4.tar.gz (0.24.4) index=0.24.4-1
>/libgit2/libgit2/archive/v0.24.3.tar.gz (0.24.3) index=0.24.3-1
>/libgit2/libgit2/archive/v0.24.2.tar.gz (0.24.2) index=0.24.2-1
>/libgit2/libgit2/archive/v0.24.1.tar.gz (0.24.1) index=0.24.1-1
> uscan info: Matching target for downloadurlmangle:
> https://github.com/libgit2/libgit2/archive/v0.25.1.tar.gz
> uscan info: Upstream URL (downloadurlmangled):
>https://github.com/libgit2/libgit2/archive/v0.25.1.tar.gz
> uscan info: Newest upstream tarball version selected for download
> (uversionmangled): 0.25.1
> uscan info: Matching target for filenamemangle:
> /libgit2/libgit2/archive/v0.25.1.tar.gz
> uscan info: Download filename (filenamemangled): libgit2-0.25.1.tar.gz
> uscan: Newest version of libgit2 on remote site is 0.25.1, specified
> download version is 0.25.1
> uscan info: Not downloading, using existing file: libgit2-0.25.1.tar.gz
> uscan info: Start checking for common possible upstream OpenPGP signature
> files
> uscan info: End checking for common possible upstream OpenPGP signature
> files
> uscan info: Missing OpenPGP signature.
> uscan info: New orig.tar.* tarball version (oversionmangled): 0.25.1
> uscan info: Executing internal command:
>mk-origtargz --package libgit2 --version 0.25.1 --repack --compression
> xz --directory .. --copyright-file debian/copyright ../libgit2-0.25.1.tar.gz
> uscan info: New orig.tar.* tarball version (after mk-origtargz): 0.25.1
> uscan info: Successfully repacked ../libgit2-0.25.1.tar.gz as
> ../libgit2_0.25.1.orig.tar.xz.
> uscan info: Scan finished
> 
> $ tar tJf ../libgit2_0.25.1.orig.tar.xz | grep deps
> libgit2-0.25.1/deps/
> libgit2-0.25.1/deps/http-parser/
> libgit2-0.25.1/deps/http-parser/LICENSE-MIT
> libgit2-0.25.1/deps/http-parser/http_parser.c
> libgit2-0.25.1/deps/http-parser/http_parser.h
> libgit2-0.25.1/deps/regex/
> libgit2-0.25.1/deps/regex/config.h
> libgit2-0.25.1/deps/regex/regcomp.c
> libgit2-0.25.1/deps/regex/regex.c
> libgit2-0.25.1/deps/regex/regex.h
> libgit2-0.25.1/deps/regex/regex_internal.c
> libgit2-0.25.1/deps/regex/regex_internal.h
> libgit2-0.25.1/deps/regex/regexec.c
> libgit2-0.25.1/deps/winhttp/
> libgit2-0.25.1/deps/winhttp/urlmon.h
> libgit2-0.25.1/deps/winhttp/winhttp.def
> libgit2-0.25.1/deps/winhttp/winhttp.h
> libgit2-0.25.1/deps/winhttp/winhttp64.def
> libgit2-0.25.1/deps/zlib/
> libgit2-0.25.1/deps/zlib/adler32.c
> libgit2-0.25.1/deps/zlib/crc32.c
> libgit2-0.25.1/deps/zlib/crc32.h
> libgit2-0.25.1/deps/zlib/deflate.c
> libgit2-0.25.1/deps/zlib/deflate.h
> libgit2-0.25.1/deps/zlib/infback.c
> libgit2-0.25.1/deps/zlib/inffast.c
> libgit2-0.25.1/deps/zlib/inffast.h
> libgit2-0.25.1/deps/zlib/inffixed.h
> libgit2-0.25.1/deps/zlib

Bug#863137: Please switch to GeoIP2/libmaxminddb

[Faidon Liambotis]

Package: pmacct
Version: 1.6.1-1
Severity: normal

Hi,

pmacct seems to (optionally) support the new MaxMind GeoIP databases
(GeoIP2) using the new interface library created for them. From the
ChangeLog, it looks like support for this was added in v1.5.2. Support
for that would be interesting, especially given that GeoIP2 supports
IPv6 properly.

Would it be possible to switch from libgeoip to libmaxminddb instead? If
not, I'd be interested to hear about those challenges, with my
libmaxminddb maintainer hat on :)

Thanks!
Faidon

Bug#649530: Why you have not reply to my email which I send to you, check you email and reply to me

[Vintexs Deku]

Bug#863136: Acknowledgement (ITP: sphinx-autorun -- code execution extension for Sphinx)

[Félix Sipma]

Woops, I've sent this before completing the License information...

The author did not provide a License yet. I just opened a ticket for this.
https://github.com/hobarrera/sphinx-autorun/issues/1

Sorry for the noise.


signature.asc
Description: PGP signature

Bug#863139: mongo-tools FTBFS on arm64: _build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: syscall.Dup2

[Adrian Bunk]

Source: mongo-tools
Version: 3.2.11-1
Severity: important

https://buildd.debian.org/status/fetch.php?pkg=mongo-tools&arch=arm64&ver=3.2.11-1&stamp=1481880888&raw=0

...
make[1]: Entering directory '/«PKGBUILDDIR»'
for tool in bsondump mongodump mongoexport mongofiles mongoimport mongooplog 
mongorestore mongostat mongotop; do \
go install -v -tags="ssl sasl" -ldflags -extldflags=-Wl,-z,now,-z,relro 
$tool/main/$tool.go; \
done
gopkg.in/mgo.v2/internal/json
gopkg.in/mgo.v2/internal/sasl
gopkg.in/mgo.v2/internal/scram
github.com/jessevdk/go-flags
github.com/mongodb/mongo-tools/common/log
github.com/spacemonkeygo/openssl/utils
github.com/spacemonkeygo/spacelog
golang.org/x/crypto/ssh/terminal
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
github.com/howeyc/gopass
github.com/mongodb/mongo-tools/common/password
gopkg.in/mgo.v2/bson
gopkg.in/mgo.v2
github.com/mongodb/mongo-tools/common/util
github.com/mongodb/mongo-tools/common/json
github.com/mongodb/mongo-tools/common/signals
github.com/mongodb/mongo-tools/common/bsonutil
github.com/mongodb/mongo-tools/common/intents
github.com/mongodb/mongo-tools/common/text
github.com/spacemonkeygo/spacelog
github.com/mongodb/mongo-tools/common/progress
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
github.com/spacemonkeygo/spacelog
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
github.com/spacemonkeygo/spacelog
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
github.com/spacemonkeygo/spacelog
gopkg.in/tomb.v2
github.com/mongodb/mongo-tools/mongoimport/csv
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
github.com/spacemonkeygo/spacelog
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
github.com/spacemonkeygo/spacelog
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
github.com/spacemonkeygo/spacelog
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
github.com/spacemonkeygo/spacelog
# github.com/spacemonkeygo/spacelog
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:26: undefined: 
syscall.Dup2
_build/src/github.com/spacemonkeygo/spacelog/capture_other.go:30: undefined: 
syscall.Dup2
debian/rules:41: recipe for target 'override_dh_auto_build' failed
make[1]: *** [override_dh_auto_build] Error 2

Bug#860689: blockdiag: FTBFS on i386: E: Build killed with signal TERM after 150 minutes of inactivity

[Changwoo Ryu]

reassign 860689 blockdiag
retitle 860689 Missing Build-Depends on libmagickcore extra lib
thanks

blockdiag should fix its own Build-Depends.

Currently python*-wand does not depends on the ImageMagick
libmagickcore extra lib. This can be in debate but it is intended.



2017-05-14 9:22 GMT+09:00 Changwoo Ryu :
> Sorry for the late response.
>
> Please try to build blockdiag with libmagickcore-6.q16-3-extra
> package. This extra lib has the SVG codec.

Bug#857986: [Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

[Jonathan Wiltshire]

On 2017-05-22 15:19, Jérémy Lal wrote:

2017-05-22 16:10 GMT+02:00 Pirate Praveen :


On തിങ്കള്‍ 22 മെയ് 2017 06:41 വൈകു,
Jonas Smedegaard wrote:

...for the _initial_ packaging work.

We are package *maintainers*.


If you have not realized, we are discussing about maintaining an
existing package. I think you have also not realized the meaning of
team
maintained packages. The person who did the initial package need not
be
the maintainer of the packager for ever. When there is enough
interest
in the package, it will remain maintained else it gets removed.


I did the initial npm packaging. At that moment i was optimistic
upstream wouldn't add or change dependencies too much. I was wrong,
npm is constantly adding/removing modules through the months and
years, requiring a lot of maintainer work to keep up.
I think Jonas was pointing out that updating npm today won't actually
solve any issue regarding npm maintenance. Some company should fund
that work.

Jérémy


Can this discussion please not be on debian-release? Thanks.



--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

 i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits

Bug#863100: How to setup debugging for vim-utlisnips

[Yukiharu YABUKI]

Dear maintainer.

I investigated this issue.

This issue come from wrong 'set comments' option.
bbox in all.snippets (in this version) expects some tuples.
but _purse_comments returns blank.

I also check upstream
https://github.com/honza/vim-snippets/blob/master/UltiSnips/all.snippets

It had already changed this program. (Yes, Still I have not used this yet)

I'll close this bug.

Because:
(1) I found that this issue come from all.snippets in vim-snippets
package.
(2) I should check vim-ultisnips and vim-snippets in sid.

And I quit investigating this version vim-snippets.

But I'd like to write how to debug vim-ultisnips. This procedure can be
shorter your debug time.

01.. I backuped vim-ultisnips and vim-snippets.
02. I'd like to embededd debug sentence
03.  Set 'from UltiSnips.debug import debug' in debug program.
04. set debug("hello world")
05. run ultisnips (triggered, program)
06. check /tmp/file.txt

if you want to know more detail. please read
 UltiShips/debug.py

Happy Hacking.

Best
Yukiharu.

--
++++++++++++++
Yukiharu Yabuki (矢吹幸治)  I use Debian GNU/Linux
mail: yab...@netfort.gr.jp
クレクレタコラは好き / クレクレタコだはイヤ
++++++++++++++


pgprtrC0vXNQ_.pgp
Description: PGP signature

Bug#863141: new version available upstream

[Jeffrey Cliff]

Package: mnemosyne
Version: 2.4-0.1

mnemosyne version 2.4.1 is available upstream and has fixes to bugs such as
ubuntu   ( https://bugs.launchpad.net/ubuntu/+source/mnemosyne/+bug/1692326
https://bugs.launchpad.net/ubuntu/+source/mnemosyne/+bug/1690856 )

Bug#670991: rsync 3.1

[Stefan Kisdaroczi]

Hi,

this happens if you run debmirror as root using rsync. rsync uses the
uid:gid from the server if run as root.
rsync 3.1 added the Options --usermap/--groupmap/--chown [1]. The
rsync version in Jessie is 3.1.1.

So, if you really need to run debmirror as root you can add
"--chown=x:y" to --rsync-options:
$ sudo debmirror --rsync-options="-aIL --partial --chown=me:me" ...

IMO this bug can be closed. Only happens if run as root with rsync on
wheezy and older.

Regards
Stefan

[1] https://download.samba.org/pub/rsync/src/rsync-3.1.0-NEWS

Bug#863140: libretro-desmume FTBFS everywhere except armhf and x86: src/utils/AsmJit/x86/x86cpuinfo.cpp:151:56: error: impossible constraint in asm

[Adrian Bunk]

Source: libretro-desmume
Version: 0.9.11+git20160819+dfsg1-1
Severity: important

https://buildd.debian.org/status/package.php?p=libretro-desmume

...
g++ -g 
-fdebug-prefix-map=/«BUILDDIR»/libretro-desmume-0.9.11+git20160819+dfsg1=. 
-fstack-protector-strong -Wformat -Werror=format-security -DHAVE_JIT -DNDEBUG 
-O3 -D__LIBRETRO__ -fpermissive -fPIC -Isrc/libretro-common/include -Isrc 
-Isrc/libretro  -Wdate-time -D_FORTIFY_SOURCE=2  -c -o 
src/utils/AsmJit/x86/x86cpuinfo.o src/utils/AsmJit/x86/x86cpuinfo.cpp
src/utils/AsmJit/x86/x86cpuinfo.cpp: In function 'void 
AsmJit::x86CpuId(uint32_t, AsmJit::X86CpuId*)':
src/utils/AsmJit/x86/x86cpuinfo.cpp:151:56: error: impossible constraint in 
'asm'
   __myCpuId(out->eax, out->ebx, out->ecx, out->edx, in);
^
: recipe for target 'src/utils/AsmJit/x86/x86cpuinfo.o' failed
make[2]: *** [src/utils/AsmJit/x86/x86cpuinfo.o] Error 1

Bug#861282: [No Subject]

[JD Friedrikson]

Here are the four patches that are related to this issue:

https://github.com/hashicorp/packer/commit/28ee60d216e49d565d654443b57295ce37197db1
https://github.com/hashicorp/packer/commit/249cb690e04477582aefadf4350a087bf4e33a87
https://github.com/hashicorp/packer/commit/ee5d13611fb8aca1f1014f9bcd65c18fffdd1b2b
https://github.com/hashicorp/packer/commit/a0052fdb687f80ac07e67d7a0f39dcf3a66e32dd

28ee60d216e49d565d654443b57295ce37197db1 is the patch that is currently 
packaged with debian

249cb690e04477582aefadf4350a087bf4e33a87 concerns vendor files which Debian 
doesn't appear to carry as part of the source package

ee5d13611fb8aca1f1014f9bcd65c18fffdd1b2b and 
a0052fdb687f80ac07e67d7a0f39dcf3a66e32dd both concern drivers to proprietary 
software (which Debian also does not seem to carry) so both need to be trimmed 
before applying

After removing the references to missing files, 
a0052fdb687f80ac07e67d7a0f39dcf3a66e32dd works just fine.

ee5d13611fb8aca1f1014f9bcd65c18fffdd1b2b is the one I'm having trouble with 
currently as it's failing for openstack's and amazon's ssh.go files. Not sure 
what changes we're carrying for those as I haven't dug too deep, but that's 
where I'm at now.

JD

Bug#863143: wicd pm script prevents wireless wake on lan (WoWLAN) from working

[Scott Barker]

Package: wicd
Version: 1.7.4+tb2-3
Severity: normal

Dear Maintainer,

The pm-utils script provided with wicd prevents wireless wake on lan from 
working:

  - /usr/lib/pm-utils/sleep.d/55wicd runs /usr/share/wicd/daemon/suspend.py

  - /usr/share/wicd/daemon/suspend.py invokes the Disconnect and SetSuspend 
methods
in /usr/share/wicd/daemon/wicd-daemon.py

  - The SetSuspend method in /usr/share/wicd/daemon/wicd-daemon.py also
invokes the Disconnect method in /usr/share/wicd/daemon/wicd-daemon.py

  - The Disconnect method in /usr/share/wicd/daemon/wicd-daemon.py invokes
the Wireless.Disconnect() method in 
/usr/lib/python2.7/dist-packages/wicd/networking.py

  - The Wireless.Disconnect() method in 
/usr/lib/python2.7/dist-packages/wicd/networking.py
takes down the wireless interface, which disassociates it from the
access point, making wireless wake on lan impossible.

Over-riding or blacklisting 55wicd fixes the problem, but it would probably
be better to change one of the python methods involved to check the state of
wireless wake on lan (as set by sudo iw phy0 wowlan enable ...) before
taking the interface down completely.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages wicd depends on:
ii  wicd-daemon 1.7.4+tb2-3
ii  wicd-gtk [wicd-client]  1.7.4+tb2-3

wicd recommends no packages.

wicd suggests no packages.

Versions of packages wicd-gtk depends on:
ii  python-glade2  2.24.0-5.1
ii  python-gtk22.24.0-5.1
pn  python:any 
ii  wicd-daemon1.7.4+tb2-3

Versions of packages wicd-gtk recommends:
ii  gksu   2.0.2-9+b1
pn  python-notify  

Versions of packages wicd-daemon depends on:
ii  adduser  3.115
ii  dbus 1.10.18-1
ii  debconf  1.5.60
ii  ethtool  1:4.8-1+b1
ii  iproute2 4.9.0-1
ii  iputils-ping 3:20161105-1
ii  isc-dhcp-client  4.3.5-3
ii  lsb-base 9.20161125
ii  net-tools1.60+git20161116.90da8a0-1
ii  psmisc   22.21-2.1+b2
ii  python-dbus  1.2.4-1+b1
ii  python-gobject   3.22.0-2
ii  python-wicd  1.7.4+tb2-3
pn  python:any   
ii  wireless-tools   30~pre9-12+b1
ii  wpasupplicant2:2.4-1

Versions of packages wicd-daemon recommends:
ii  rfkill  0.5-1+b1
ii  wicd-gtk [wicd-client]  1.7.4+tb2-3

Versions of packages wicd-daemon suggests:
ii  pm-utils  1.4.1-17

Versions of packages python-wicd depends on:
pn  python:any  

-- debconf information:
* wicd/users:

Bug#863142: eclipse-titan FTBFS on arm*/ppc64el/s390x: fatal error: RT1/PreGenRecordOf.hh: No such file or directory

[Adrian Bunk]

Source: eclipse-titan
Version: 6.1.0-1
Severity: important

https://buildd.debian.org/status/package.php?p=eclipse-titan

...
  (dep)  DebuggerUI.cc
In file included from DebuggerUI.cc:16:0:
Debugger.hh:23:33: fatal error: RT1/PreGenRecordOf.hh: No such file or directory
 #include "RT1/PreGenRecordOf.hh"
 ^
compilation terminated.
...

Bug#851143: systemd: doesn't use all the mount options from /etc/fstab when mounting on boot

[Michael Biebl]

Am 22.05.2017 um 16:35 schrieb Russell Coker:
> reopen 851143
> thanks
> 
>>> Could you attach the output of
>>> systemctl status mail.mount
>>> systemctl show mail.mount
>>
>> Since I don't have a selinux enabled system so I could try and reproduce
>> this and no further information was provided, I'm closing this bug report.
>>
>> Please reopen if you are available to debug this further.
> 
> Sorry for the delay in responding.  I've attached those files.
> 

The configuration you attached doesn't seem to match up.
E.g. the original fstab didn't have x-systemd.automount.


The ExecMount shows that mount has apparently been called as
/bin/mount 10.10.10.1:/mailstore /mail -t nfs -o
context=system_u:object_r:mail_spool_t:s0,x-systemd.automount

I.e. "context=system_u:object_r:mail_spool_t:s0" has been passed along
correctly.

Are you absolutely sure it was actually systemd which has mounted
/mailstore?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#863081: getting crosstool-ng in Debian

[Geert Stappers]

On Sun, May 21, 2017 at 10:03:00PM +0200, Julien Cristau wrote:
> On Sun, May 21, 2017 at 16:19:51 +0200, Geert Stappers wrote:
> 
> > Package: release.debian.org
> > 
> > 
> > Hello Release team,
> > 
> > On getting package `crosstool-ng` in Debian,
> > where  ( {unstable|stable|exprimental} ) and
> > when ( {any time|after date } ) should it be uploaded?

where: unstable
when: any time


> > I'm asking now ( during freeze ) because
> > previous there was nothing to upload.  The ITP is
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721430
> > 
> > It is a new package that wouldn't break other packages.
> > 
> I have no idea what you're trying to ask, sorry.  This doesn't sound
> like it has anything to do with the release team.

Mostly asking for a clue ...

Meanwhile I understand that getting crosstool-ng in Debian
starts with an upload to unstable.
Freeze, or not, doesn't matter.  Old ITP neither.


> Cheers,
> Julien

Thanks


Groeten
Geert Stappers
-- 
Leven en laten leven

Bug#862355: Fixit

[Mevludin Zeciri]

Hi Debian can somebody fix this problem.

Bug#863108: RFS: minecraft-installer/0.1-1 [ITP] -- Unofficial way to easily install game

[PICCORO McKAY Lenz]

interesting, but seems more complicated in background download more
software rather than reall need! a complete JDK either a JRE!

i need a java runtime to play a game that its native compiled? sound
strange but in any case, user never be know right?

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

2017-05-22 10:45 GMT-04:00 Carlos Donizete Froes :

> Sorry for the noise. :-(
>>
>
> It's all right! I'm waiting for a sponsor for my package.
>
>
> Thanks!
>
>
> --
> ⢀⣴⠾⠻⢶⣦⠀ Carlos Donizete Froes [a.k.a coringao]
> ⣾⠁⢠⠒⠀⣿⡁ - https://wiki.debian.org/coringao
> ⢿⡄⠘⠷⠚⠋⠀ GPG: 4096R/B638B780
> ⠈⠳⣄⠀⠀⠀  2157 630B D441 A775 BEFF  D35F FA63 ADA6 B638 B780
>
>

Bug#863144: conky: seqfaults

[Michael Rasmussen]

Package: conky
Version: 1.10.6-1
Severity: important

Dear Maintainer,

Conky seqfaults after a while.

 *** Error in `conky': corrupted double-linked list: 0x55b3d50056e0 ***
=== Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7f76ab6b6bcb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7f76ab6bcf96]
/lib/x86_64-linux-gnu/libc.so.6(+0x7731c)[0x7f76ab6bd31c]
/lib/x86_64-linux-gnu/libc.so.6(+0x78cda)[0x7f76ab6becda]
/lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7f76ab6c0d84]
conky(_Z11do_gradientimm+0x65)[0x55b3d33e6a45]
conky(_Z20draw_each_line_innerPcii+0x1127)[0x55b3d33ed987]
conky(+0x3f554)[0x55b3d33ee554]
conky(+0x3fafa)[0x55b3d33eeafa]
conky(+0x414c1)[0x55b3d33f04c1]
conky(main+0x960)[0x55b3d33e19b0]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f76ab6662b1]
conky(_start+0x2a)[0x55b3d33e5faa]

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages conky depends on:
ii  conky-all  1.10.6-1

conky recommends no packages.

conky suggests no packages.

-- debconf-show failed



This mail was virus scanned and spam checked before delivery.
This mail is also DKIM signed. See header dkim-signature.

Bug#851143: systemd: doesn't use all the mount options from /etc/fstab when mounting on boot

[Michael Biebl]

Am 22.05.2017 um 18:49 schrieb Michael Biebl:
> The ExecMount shows that mount has apparently been called as
> /bin/mount 10.10.10.1:/mailstore /mail -t nfs -o
> context=system_u:object_r:mail_spool_t:s0,x-systemd.automount

What happens, if you run

umount /mail
mount 10.10.10.1:/mailstore /mail -t nfs -o 
context=system_u:object_r:mail_spool_t:s0,x-systemd.automount

Are the options correctly applied then?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#863145: lrzip: CVE-2017-8847: NULL pointer dereference in bufRead::get

[Salvatore Bonaccorso]

Source: lrzip
Version: 0.631-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ckolivas/lrzip/issues/67

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8847[0]:
| The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in
| lrzip 0.631 allows remote attackers to cause a denial of service (NULL
| pointer dereference and application crash) via a crafted archive.

./lrzip -t /root/poc/00229-lrzip-nullptr-bufRead-get 
Decompressing...
Inconsistent length after decompression. Got 0 bytes, expected 2
ASAN:DEADLYSIGNAL
=
==15340==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 
0x00459ef1 bp 0x7f4bf3031a90 sp 0x7f4bf3031a70 T2)
#0 0x459ef0 in bufRead::get() libzpaq/libzpaq.h:485
#1 0x44de34 in libzpaq::Decompresser::findBlock(double*) 
libzpaq/libzpaq.cpp:1236
#2 0x44e45b in libzpaq::decompress(libzpaq::Reader*, libzpaq::Writer*) 
libzpaq/libzpaq.cpp:1363
#3 0x445c2c in zpaq_decompress libzpaq/libzpaq.h:538
#4 0x428c2e in zpaq_decompress_buf stream.c:453
#5 0x430e60 in ucompthread stream.c:1534
#6 0x7f4c48e05493 in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#7 0x7f4c482ab93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libzpaq/libzpaq.h:485 in bufRead::get()
Thread T2 created by T0 here:
#0 0x7f4c49697f59 in __interceptor_pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
#1 0x4267f8 in create_pthread stream.c:133
#2 0x4325f0 in fill_buffer stream.c:1673
#3 0x4333d5 in read_stream stream.c:1755
#4 0x422b76 in unzip_literal runzip.c:162
#5 0x423ccb in runzip_chunk runzip.c:320
#6 0x4244a8 in runzip_fd runzip.c:382
#7 0x411378 in decompress_file lrzip.c:826
#8 0x409b39 in main main.c:669
#9 0x7f4c481e32b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

==15340==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8847

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#863146: [libreoffice-kde] Menu graphics corrupted (breeze style)

[B.M.]

Package: libreoffice-kde
Version: 1:5.2.7-1
Severity: normal

libreoffice-style-breeze is installed.

If libreoffice-kde is not installed, no KDE dialogs are used (as expected), but 
the menus look correct.
If libreoffice-kde is installed, KDE dialogs are used (as expected), but the 
menus are somehow corrupted, please see the two attachments to understand what 
I mean.


--- System information. ---
Architecture: 
Kernel:   Linux 4.9.0-3-amd64

Debian Release: 9.0
  500 testing security.debian.org 
  500 testing ftp.ch.debian.org 

--- Package information. ---
Depends (Version) | Installed
=-+-=
libreoffice-core(= 1:5.2.7-1) | 1:5.2.7-1
kde-runtime   (>> 4:4.10) | 4:16.08.3-2
libc6(>= 2.4) | 2.24-10
libgcc1(>= 1:3.0) | 1:6.3.0-18
libgl1-mesa-glx   | 13.0.6-1+b2
 OR libgl1| 
libglew2.0(>= 1.12.0) | 2.0.0-3+b1
libglib2.0-0  (>= 2.15.0) | 
libglu1-mesa  | 
 OR libglu1   | 
libice6  (>= 1:1.0.0) | 
libicu57 (>= 57.1-1~) | 
libkdecore5  (>= 4:4.3.4) | 
libkdeui5(>= 4:4.3.4) | 
libkfile4(>= 4:4.3.4) | 
libkio5  (>= 4:4.3.4) | 
libqt4-network (>= 4:4.8) | 
libqtcore4 (>= 4:4.8) | 
libqtgui4(>= 4:4.8.0) | 
libsm6| 
libstdc++6 (>= 5) | 
libx11-6  | 
libxext6  | 
uno-libs3(>= 4.4.0~alpha) | 
ure   | 


Recommends(Version) | Installed
===-+-===
libreoffice-style-breeze| 1:5.2.7-1


Suggests   (Version) | Installed
-+-===
kmail| 4:16.04.3-3
konqueror| 4:16.08.3-1

Bug#863147: gnutls28: GNU Guile bindings are missing

[Dmitry Alexandrov]

Source: gnutls28
Version: 3.5.8-5
Severity: normal

Dear Maintainers, this is a thing you are undoubtedly aware of, however
I have to report it as an issue at least for the sake of googleability.

Providing Guile bindings for GNUTLS (‘guile-gnutls’ package) was dropped
[0] more than a year ago due to issues [1][2] with building farm and it
is no longer available till today.

May I hope that you will give that package a next try?

[0] 
https://anonscm.debian.org/git/pkg-gnutls/gnutls.git/commit/?id=ebb7130b47dc08311c1de2c189758a73bbaeca27
[1] https://bugs.debian.org/805863
[2] https://bugs.debian.org/821457

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Bug#863148: unblock: shadow/1:4.4-4.1

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi

Please unblock package shadow

It fixes a regression introduced in the last upload, from the fix for
CVE-2017-2616. If su recieves a signal like SIGTERM, it was not
propagated to the child.

Changelog:

+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+This is a regression fix for CVE-2017-2616. If su receives a signal like
+SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso   Wed, 17 May 2017 13:59:59 +0200

unblock shadow/1:4.4-4.1

Regards,
Salvatore
diff -Nru shadow-4.4/debian/changelog shadow-4.4/debian/changelog
--- shadow-4.4/debian/changelog 2017-02-24 01:50:13.0 +0100
+++ shadow-4.4/debian/changelog 2017-05-17 13:59:59.0 +0200
@@ -1,3 +1,12 @@
+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+This is a regression fix for CVE-2017-2616. If su receives a signal like
+SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso   Wed, 17 May 2017 13:59:59 +0200
+
 shadow (1:4.4-4) unstable; urgency=high
 
   * su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
diff -Nru 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
--- 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
  1970-01-01 01:00:00.0 +0100
+++ 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
  2017-05-17 13:59:59.0 +0200
@@ -0,0 +1,29 @@
+From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 14 May 2017 17:58:10 +0200
+Subject: [PATCH] Reset pid_child only if waitpid was successful.
+
+Do not reset the pid_child to 0 if the child process is still
+running. This else-condition can be reached with pid being -1,
+therefore explicitly test this condition.
+
+This is a regression fix for CVE-2017-2616. If su receives a
+signal like SIGTERM, it is not propagated to the child.
+
+Reported-by: Radu Duta 
+Signed-off-by: Tobias Stoeckmann 
+---
+ src/su.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/su.c
 b/src/su.c
+@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
+   /* wake child when resumed */
+   kill (pid, SIGCONT);
+   stop = false;
+-  } else {
++  } else if (   (pid_t)-1 != pid) {
+   pid_child = 0;
+   }
+   } while (!stop);
diff -Nru shadow-4.4/debian/patches/series shadow-4.4/debian/patches/series
--- shadow-4.4/debian/patches/series2017-02-24 01:50:13.0 +0100
+++ shadow-4.4/debian/patches/series2017-05-17 13:59:59.0 +0200
@@ -6,6 +6,8 @@
 0006-French-manpage-translation.patch
 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
 0008-su-properly-clear-child-PID.patch
+301-Reset-pid_child-only-if-waitpid-was-successful.patch
+
 # These patches are only for the testsuite:
 #900_testsuite_groupmems
 #901_testsuite_gcov

Bug#863149: libgpgmepp-dev: please split the qtgpgme(pp) stuff out

[Rene Engelhard]

Package: libgpgmepp-dev
Version: 1.8.0-3
Severity: wishlist

Hi,

# apt-cache show libgpgmepp-dev
Package: libgpgmepp-dev
Source: gpgme1.0 (1.8.0-3)
Version: 1.8.0-3+b2
Installed-Size: 3626
Maintainer: Debian GnuPG Maintainers 
Architecture: amd64
Replaces: kdepimlibs5-dev
Depends: libgpgmepp6 (= 1.8.0-3+b2), libqgpgme7 (= 1.8.0-3+b2), qtbase5-dev
 ^^
Recommends: libgpgmepp-doc (= 1.8.0-3+b2)
Breaks: kdepimlibs5-dev
Description: C++ and Qt bindings for GPGME (development files)
Description-md5: d409b90b546df24f9e29efdc20935e54
Homepage: https://www.gnupg.org/related_software/gpgme/
Tag: devel::library, role::devel-lib
Section: libdevel
Priority: optional
Filename: pool/main/g/gpgme1.0/libgpgmepp-dev_1.8.0-3+b2_amd64.deb
Size: 415202
MD5sum: 5509c6463400a5c90874e6aa47699a0b
SHA256: e8e5a6c4476097bf43ad92f27d50516c637d65d1e719dbd8ce865a3f436516e0

# apt-cache show libqgpgme7
Package: libqgpgme7
Source: gpgme1.0
Version: 1.9.0-2
Installed-Size: 1102
Maintainer: Debian GnuPG Maintainers 
Architecture: amd64
Depends: libassuan0 (>= 2.0.1), libc6 (>= 2.14), libgcc1 (>= 1:3.0), 
libgpg-error0 (>= 1.14), libgpgme11 (>= 1.1.2), libgpgmepp6 (>= 1.9.0), 
libqt5core5a (>= 5.9.0~beta), libstdc++6 (>= 5.2)
Description: library for GPGME integration with Qt
Description-md5: 0d569a713cd9a1fb2465f4dd9add5f06
Multi-Arch: same
Homepage: https://www.gnupg.org/related_software/gpgme/
Tag: role::shared-lib
Section: libs
Priority: optional
Filename: pool/main/g/gpgme1.0/libqgpgme7_1.9.0-2_amd64.deb
Size: 281176
MD5sum: 123161754815e3e54c9baf5dc7aee735
SHA256: 000b1416292629e33ba8e4be0e6ab9733cae93acc6f01af4c8d631820e6b37bb

Package: libqgpgme7
Source: gpgme1.0 (1.8.0-3)
Version: 1.8.0-3+b2
Installed-Size: 1071
Maintainer: Debian GnuPG Maintainers 
Architecture: amd64
Depends: libassuan0 (>= 2.0.1), libc6 (>= 2.14), libgcc1 (>= 1:3.0), 
libgpg-error0 (>= 1.14), libgpgme11 (>= 1.1.2), libgpgmepp6 (>= 1.8.0), 
libqt5core5a (>= 5.7.0), libstdc++6 (>= 5.2)

 
^^
Description: library for GPGME integration with Qt
Description-md5: 0d569a713cd9a1fb2465f4dd9add5f06
Multi-Arch: same
Homepage: https://www.gnupg.org/related_software/gpgme/
Tag: role::shared-lib
Section: libs
Priority: optional
Filename: pool/main/g/gpgme1.0/libqgpgme7_1.8.0-3+b2_amd64.deb
Size: 249492
MD5sum: 62848d7da08b6382fd4d9906b7e3da95
SHA256: a04c35af7517e72cf71865758659c2fd14a6efdbbb2c7e11927666556fea6422

I don't exactly like the Qt5 dependency.

While not being a problem per se it makes the build-dependency footprint of
stuff only using the non-Qt parts bigger than needed.

So far this was no issue since

# grep-dctrl -FDepends gpgmepp -sPackage 
/var/lib/apt/lists/httpredir.debian.org_debian_dists_unstable_main_binary-amd64_Packages
Package: libgpgmepp-dev
Package: libqgpgme7
Package: libkf5gpgmepp-dev
Package: libkf5qgpgme5
Package: kaddressbook
Package: kmail
Package: libkf5messagecomposer5
Package: libkf5messageviewer5
Package: kleopatra
Package: libkf5wallet-bin
Package: libkwalletbackend5-5
Package: libkf5libkleo-dev
Package: libkf5libkleo5

(only KDE5 stuff using Qt5 anyways.)

but starting from LibreOffice 5.4 we have libreoffice-core having a
build-dependency on libgpgmepp-dev and LibreOffice (still, yes, I consider
that a bug, but..) uses Qt4/KDE for -kde, not Qt5.

Can the qgpgme(pp) stuff split out to an own -dev (As was already done
with the library itself.) and only that one be made depedant on libqgpgme7?
( This would probably require a transition and the above apps changing their
Build-Depends:, but..)

Regards,

Rene

Bug#863150: lrzip: CVE-2017-8846: use-after-free in read_stream (stream.c)

[Salvatore Bonaccorso]

Source: lrzip
Severity: important
Tags: security upstream
Forwarded: https://github.com/ckolivas/lrzip/issues/71

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8846[0]:
| The read_stream function in stream.c in liblrzip.so in lrzip 0.631
| allows remote attackers to cause a denial of service (use-after-free
| and application crash) via a crafted archive.

I'm not 100% certain I can confirm the issue on lrzip. There looks
there is definitively a possible issue, but I was not able to follow
the full code, to confirm. Thus filling for this one just a but with
the respective upstream reference. We might need to wait for the
upstream patch to confirm.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8846
[1] https://github.com/ckolivas/lrzip/issues/71

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#846548: marked as pending

[Julien Cristau]

On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:

> tag 846548 pending
> thanks
> 
> Hello,
> 
> Bug #846548 reported by you has been fixed in the Git repository. You can
> see the changelog below, and you can check the diff of the fix at:
> 
> https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> 
So, erm.  This seems like it would break using libengine-pkcs11-openssl
in an application using libssl1.0.2.  As a SONAME bump it also seems
rather inappropriate during the freeze.

I'm very interested in having this fixed in stretch so I can get the
secure-boot stuff working on ftp-master, but this doesn't look like the
way to go.  Not to mention that you'd have to justify the bump from
0.4.3 to 0.4.4.

Can you explain your plans here?

Thanks,
Julien

Bug#863151: lrzip: CVE-2017-8845: invalid memory read in lzo_decompress_buf

[Salvatore Bonaccorso]

Source: lrzip
Severity: important
Tags: upstream security
Forwarded: https://github.com/ckolivas/lrzip/issues/68

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8845[0]:
| The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in
| lrzip 0.631, allows remote attackers to cause a denial of service
| (invalid memory read and application crash) via a crafted archive.

Filling this downstream in the Debian BTS, with foward to the upstream
one so we can track any possible conclusion + fix.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8845
[1] https://github.com/ckolivas/lrzip/issues/68

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#857986: [Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

[Jonas Smedegaard]

Quoting Pirate Praveen (2017-05-22 16:10:32)
> On തിങ്കള്‍ 22 മെയ് 2017 06:41 വൈകു, Jonas Smedegaard wrote:
>> ...for the _initial_ packaging work.
>> 
>> We are package *maintainers*.
>
> If you have not realized, we are discussing about maintaining an 
> existing package. I think you have also not realized the meaning of 
> team maintained packages. The person who did the initial package need 
> not be the maintainer of the packager for ever. When there is enough 
> interest in the package, it will remain maintained else it gets 
> removed.

Exactly: Packages poorly _maintained_ should be removed.  E.g. npm!

My point in previous post was that focusing only on the workload for 
_initial_ packaging masks the actual real workload, which is being 
discussed here!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#863138: mirror submission for mirror.funkfreundelandshut.de

[Bastian Blank]

Control: retitle -1 mirror submission for mirror.funkfreundelandshut.de 
[tracefile-info syncscript non-standard-path]

Hi Christoph

Thank you for mirroring Debian.

However I have some questions about this listing.

On Mon, May 22, 2017 at 03:43:09PM +, Christoph van Bracht wrote:
> Submission-Type: new
> Site: mirror.funkfreundelandshut.de
> Aliases: repo.dl4ste.ampr.org

I believe this resolves to an internal IP of AMPRNet?

> Archive-architecture: amd64 armhf i386

We are a bit reluctant to list partial mirrors, especially in regions
with good coverage.

> Archive-http: /debian/
> CDImage-http: /debian-releases/

You may want to move that to /debian-cd/, like everyone else.

> Archive-upstream: mirror.netcologne.de
> CDImage-upstream: mirror.netcologne.de
> Updates: four
> Maintainer: Christoph van Bracht 

Is there more then one person behind this address?

> Trace Url: http://mirror.funkfreundelandshut.de/debian/project/trace/
> Trace Url: 
> http://mirror.funkfreundelandshut.de/debian/project/trace/ftp-master.debian.org
> Trace Url: 
> http://mirror.funkfreundelandshut.de/debian/project/trace/mirror.funkfreundelandshut.de

Please make sure you use the latest version of ftpsync[1].  We really
don't list new mirrors that have incomplete trace files.

Regards,
Bastian

[1]: http://ftp.debian.org/debian/project/ftpsync/ftpsync-current.tar.gz
-- 
Landru! Guide us!
-- A Beta 3-oid, "The Return of the Archons", stardate 3157.4

Bug#863136: Acknowledgement (ITP: sphinx-autorun -- code execution extension for Sphinx)

[Félix Sipma]

The developer added a BSD-2-Clause license.


signature.asc
Description: PGP signature

Bug#863153: lrzip: CVE-2017-8844: heap-based buffer overflow write in read_1g

[Salvatore Bonaccorso]

Source: lrzip
Version: 0.631-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ckolivas/lrzip/issues/70

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8844[0]:
| The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows
| remote attackers to cause a denial of service (heap-based buffer
| overflow and application crash) or possibly have unspecified other
| impact via a crafted archive.

./lrzip -t /root/poc/00232-lrzip-heapoverflow-read_1g 
Decompressing...
=
==13952==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x6020ef13 at pc 0x7fe0d6a35965 bp 0x7fff12b23c70 sp 0x7fff12b23420
WRITE of size 8 at 0x6020ef13 thread T0
#0 0x7fe0d6a35964 in read (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x48964)
#1 0x42aa75 in read_1g stream.c:731
#2 0x42ac71 in read_buf stream.c:774
#3 0x432110 in fill_buffer stream.c:1648
#4 0x4333d5 in read_stream stream.c:1755
#5 0x422073 in read_vchars runzip.c:79
#6 0x42304e in unzip_match runzip.c:208
#7 0x423d4b in runzip_chunk runzip.c:329
#8 0x4244a8 in runzip_fd runzip.c:382
#9 0x411378 in decompress_file lrzip.c:826
#10 0x409b39 in main main.c:669
#11 0x7fe0d55692b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#12 0x4032e9 in _start (/root/lrzip-0.631/lrzip+0x4032e9)

0x6020ef13 is located 0 bytes to the right of 3-byte region 
[0x6020ef10,0x6020ef13)
allocated by thread T0 here:
#0 0x7fe0d6aaed28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x431ff2 in fill_buffer stream.c:1643
#2 0x4333d5 in read_stream stream.c:1755
#3 0x422073 in read_vchars runzip.c:79
#4 0x42304e in unzip_match runzip.c:208
#5 0x423d4b in runzip_chunk runzip.c:329
#6 0x4244a8 in runzip_fd runzip.c:382
#7 0x411378 in decompress_file lrzip.c:826
#8 0x409b39 in main main.c:669
#9 0x7fe0d55692b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0x48964) in read
Shadow bytes around the buggy address:
  0x0c047fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9de0: fa fa[03]fa fa fa fd fd fa fa fd fa fa fa fd fd
  0x0c047fff9df0: fa fa 00 00 fa fa 04 fa fa fa 03 fa fa fa 05 fa
  0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:   fa
  Heap right redzone:  fb
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack partial redzone:   f4
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==13952==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8844
[1] https://github.com/ckolivas/lrzip/issues/70

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#846548: marked as pending

[Julien Cristau]

On Mon, May 22, 2017 at 20:32:47 +0200, Julien Cristau wrote:

> On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:
> 
> > tag 846548 pending
> > thanks
> > 
> > Hello,
> > 
> > Bug #846548 reported by you has been fixed in the Git repository. You can
> > see the changelog below, and you can check the diff of the fix at:
> > 
> > https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> > 
> So, erm.  This seems like it would break using libengine-pkcs11-openssl
> in an application using libssl1.0.2.  As a SONAME bump it also seems
> rather inappropriate during the freeze.
> 
> I'm very interested in having this fixed in stretch so I can get the
> secure-boot stuff working on ftp-master, but this doesn't look like the
> way to go.  Not to mention that you'd have to justify the bump from
> 0.4.3 to 0.4.4.
> 
> Can you explain your plans here?
> 
I wonder if the only way out for stretch isn't to have two separate
source packages, one with an engine built for libssl1.0.2, and the other
for libssl1.1.

Cheers,
Julien

Bug#863154: dbconfig-common: dbc_sql_substitution should be evaluated on upgrades, not only on installations

[Jörg Steffens]

Package: dbconfig-common
Version: 2.0.4ubuntu1
Severity: wishlist
Tags: upstream patch

Dear Maintainer,

we are using dbconfig-common for packaging Bareos.

It would help us, if dbconfig-common would also evaluate the
dbc_sql_substitution setting on upgrades, not only on installs.

A patch for this functionality is included.

If you decide *NOT* to include it, please update the documentation for
dbc_sql_substitution, so people get aware, that this behavior is intended.

My current workaround is to run scripts/upgrade/NUMBER, which uses dbconfig-
generate-include to create data/upgrade-dbadmin/NUMBER.

Of course, this requires that dbconfig-common continues to executes upgrades in
this order (scripts/upgrade, data/upgrade-dbadmin, data/upgrade), which is not
guranteed. Please consider to keep this order, as we use build Bareos also for
older distributions (Debian 7, Ubuntu 12.04).



-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (700, 'xenial-updates'), (700, 'xenial'), (500, 'xenial-security')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-77-generic (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dbconfig-common depends on:
ii  debconf [debconf-2.0]  1.5.58ubuntu1
ii  ucf3.0036

dbconfig-common recommends no packages.

Versions of packages dbconfig-common suggests:
pn  dbconfig-mysql | dbconfig-pgsql | dbconfig-sqlite | dbconfig-sqlite  

-- debconf information excluded
>From a8b2829d63e9386925e21fd4b4819b52719ba15b Mon Sep 17 00:00:00 2001
From: Joerg Steffens 
Date: Mon, 22 May 2017 16:20:30 +0200
Subject: [PATCH 1/2] evaluate dbc_sql_substitution also on upgrades

Until now, dbc_sql_substitution has only be evaluated on installations.
This changes uses it also for sql upgrades.
---
 dpkg/postinst | 22 +++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/dpkg/postinst b/dpkg/postinst
index 6e54c3b..dfeb4c1 100644
--- a/dpkg/postinst
+++ b/dpkg/postinst
@@ -409,7 +409,7 @@ _dbc_find_upgrades(){
 ## be applied, that is assumed to have been done by _dbc_find_upgrades().
 ##
 _dbc_apply_upgrades(){
-local f vers sqlfile admsqlfile scriptfile
+local f vers sqlfile admsqlfile scriptfile tsubstfile error_msg_upgrade
 _dbc_debug "_dbc_apply_upgrades() $@"
 # check for new upgrades in these three locations
 vers="$1"
@@ -432,14 +432,30 @@ _dbc_apply_upgrades(){
 _dbc_asuser=""
 if [ -f "$admsqlfile" ]; then
 dbc_logline "applying upgrade admin sql for $dbc_oldversion -> $vers"
-$dbc_sqlfile_cmd $admsqlfile || dbc_upgrade_error "processing $admsqlfile" || return $?
+tsubstfile=$admsqlfile
+error_msg_upgrade="processing $admsqlfile"
+if [ "$dbc_sql_substitutions" ]; then
+tsubstfile=$(dbc_mktemp)
+/usr/sbin/dbconfig-generate-include -f template -o template_infile=$admsqlfile $dbc_packageconfig > $tsubstfile
+error_msg_upgrade="processing $admsqlfile (translated: $tsubstfile)"
+fi
+$dbc_sqlfile_cmd $tsubstfile || dbc_upgrade_error "$error_msg_upgrade" || return $?
+[ "$dbc_sql_substitutions" ] && rm -f $tsubstfile
 [ "$dbc_tried_again" ] && return 0
 fi
 
 if [ -f "$sqlfile" ]; then
 _dbc_asuser="yes"
 dbc_logline "applying upgrade sql for $dbc_oldversion -> $vers"
-$dbc_sqlfile_cmd $sqlfile || dbc_upgrade_error "processing $sqlfile" || return $?
+tsubstfile=$sqlfile
+error_msg_upgrade="processing $sqlfile"
+if [ "$dbc_sql_substitutions" ]; then
+tsubstfile=$(dbc_mktemp)
+/usr/sbin/dbconfig-generate-include -f template -o template_infile=$sqlfile $dbc_packageconfig > $tsubstfile
+error_msg_upgrade="processing $sqlfile (translated: $tsubstfile)"
+fi
+$dbc_sqlfile_cmd $tsubstfile || dbc_upgrade_error "$error_msg_upgrade" || return $?
+[ "$dbc_sql_substitutions" ] && rm -f $tsubstfile
 [ "$dbc_tried_again" ] && return 0
 _dbc_asuser=""
 fi
-- 
2.7.4

>From 19488752ee73aed132a9ce0a56c3ed65332b6cb6 Mon Sep 17 00:00:00 2001
From: Joerg Steffens 
Date: Mon, 22 May 2017 16:22:46 +0200
Subject: [PATCH 2/2] test dbc_sql_substitution on package upgrade

---
 examples/buildpackages.sh|   2 +-
 examples/db-test-pgsql-2.2/COPYING   | 340 +++
 examples/db-test-pgsql-2.2/README|  11 +
 examples/db-test-pgsql-2.2/debian/changelog  |  82 ++
 examples/db-test-pgsql-2.2/debian/compat |   1 +
 examples/db-test-pgsql-2.2/debian/config |  12 +
 examples/db-test-pgsql-2.2/debian/control|  15 +
 examples/db-test-pgsql-2.2/debian/copyright  |  25 ++
 examples/db-test-pgsql-2.2/debian/dirs   |   1 +

Bug#856351: parse_vt_settings: Cannot open /dev/tty0 (Permission denied)

[Harald Dunkel]

Any news on this?

Motivated by #862706 I kicked out my nvidia graphics card in my PC
at home and gave Intel graphics a try, just to find out that I am
struck by this problem again. Even worse, startx doesn't work, either.
Installing and reinstalling xserver-xorg-legacy didn't help :-(.

Sorry to say, but my PC in the office (Testing) with proprietary
nvidia driver installed is not affected.


Regards
Harri

Bug#863155: lrzip: CVE-2017-8843: NULL pointer dereference in join_pthread

[Salvatore Bonaccorso]

Source: lrzip
Severity: important
Tags: upstream security
Forwarded: https://github.com/ckolivas/lrzip/issues/69

Hi,

the following vulnerability was published for lrzip. Filling this to
track upstream development and possible fix.

CVE-2017-8843[0]:
| The join_pthread function in stream.c in liblrzip.so in lrzip 0.631
| allows remote attackers to cause a denial of service (NULL pointer
| dereference and application crash) via a crafted archive.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8843
[1] https://github.com/ckolivas/lrzip/issues/69

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#863156: lrzip: CVE-2017-8842: divide-by-zero in bufRead::get

[Salvatore Bonaccorso]

Source: lrzip
Version: 0.631-1
Severity: important
Tags: upstream security
Forwarded: https://github.com/ckolivas/lrzip/issues/66

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8842[0]:
| The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in
| lrzip 0.631 allows remote attackers to cause a denial of service
| (divide-by-zero error and application crash) via a crafted archive.

ASAN_OPTIONS="detect_leaks=0" ./lrzip -t /root/poc/00228-lrzip-fpe-bufRead-get 
Decompressing...
ASAN:DEADLYSIGNAL
=
==14170==ERROR: AddressSanitizer: FPE on unknown address 0x00459dca (pc 
0x00459dca bp 0x7f0defc37a90 sp 0x7f0defc37a70 T1)
#0 0x459dc9 in bufRead::get() libzpaq/libzpaq.h:468
#1 0x44de34 in libzpaq::Decompresser::findBlock(double*) 
libzpaq/libzpaq.cpp:1236
#2 0x44e45b in libzpaq::decompress(libzpaq::Reader*, libzpaq::Writer*) 
libzpaq/libzpaq.cpp:1363
#3 0x445c2c in zpaq_decompress libzpaq/libzpaq.h:538
#4 0x428c2e in zpaq_decompress_buf stream.c:453
#5 0x430e60 in ucompthread stream.c:1534
#6 0x7f0e456a6493 in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#7 0x7f0e44b4c93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE libzpaq/libzpaq.h:468 in bufRead::get()
Thread T1 created by T0 here:
#0 0x7f0e45f38f59 in __interceptor_pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
#1 0x4267f8 in create_pthread stream.c:133
#2 0x4325f0 in fill_buffer stream.c:1673
#3 0x4333d5 in read_stream stream.c:1755
#4 0x421d21 in read_u8 runzip.c:55
#5 0x422983 in read_header runzip.c:144
#6 0x423fd2 in runzip_chunk runzip.c:314
#7 0x4244a8 in runzip_fd runzip.c:382
#8 0x411378 in decompress_file lrzip.c:826
#9 0x409b39 in main main.c:669
#10 0x7f0e44a842b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

==14170==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8842
[1] https://github.com/ckolivas/lrzip/issues/66

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#863157: ITP: curvedns -- DNS/DNSCurve forwarding name server

[Stéphane Neveu]

Package: wnpp
Severity: wishlist
Owner: Stephane Neveu 

Dear mentors,

I am looking for a sponsor for my package "curvedns"

* Package name: curvedns
  Version : 0.87-1
  Upstream Author :  Harm Van Tilborg, Jeroen Scheerder, Lieuwe Jan Koning
* URL : http://curvedns.on2it.net/ [1]
* License : BSD-2-clause
  Programming Lang: C
  Section :  Net
  Description :  DNS/DNSCurve forwarding name server

It builds those binary packages:

curvedns : DNS/DNSCurve forwarding name server
curvedns-keygen :  Generates a keypair for curvedns
To access further information about this package, please visit the
following  URL:

https://mentors.debian.net/package/curvedns [2]

Alternatively, one can download the package with dget using this
command:

dget -x 
https://mentors.debian.net/debian/pool/main/c/curvedns/curvedns_0.87-1.dsc

Regards,

Bug#863147: gnutls28: GNU Guile bindings are missing

[Andreas Metzler]

Control: tags -1 wontfix

On 2017-05-22 Dmitry Alexandrov <321...@gmail.com> wrote:
> Source: gnutls28
> Version: 3.5.8-5
> Severity: normal

> Dear Maintainers, this is a thing you are undoubtedly aware of, however
> I have to report it as an issue at least for the sake of googleability.

> Providing Guile bindings for GNUTLS (‘guile-gnutls’ package) was dropped
> [0] more than a year ago due to issues [1][2] with building farm and it
> is no longer available till today.

> May I hope that you will give that package a next try?

> [0] 
> https://anonscm.debian.org/git/pkg-gnutls/gnutls.git/commit/?id=ebb7130b47dc08311c1de2c189758a73bbaeca27
> [1] https://bugs.debian.org/805863
> [2] https://bugs.debian.org/821457

I do not expect so. The reason for removal was never fixed.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#863160: DDPO: Packages erroneously listed under experimental

[Dr. Tobias Quathamer]

Package: qa.debian.org
Severity: minor

Dear Maintainer,

I've noticed that some packages on the DDPO website are erroneously 
listed with an experimental version.


Here are some examples, taken from
.


1. Package golang-github-pelletier-go-buffruneio
   (listed in section "main"):

The package is shown with the version "0.0~git20160124.0.df1e16f-1" for 
testing, unstable, and experimental, although it was never part of 
experimental.



2. Package golang-github-pelletier-go-toml
   (listed in section "main"):

Same as above with a different version, of course.


3. Package golang-github-spf13-viper
   (listed in section "Sponsored/other uploads"):

The package is shown with "0.0~git20161213.0.5ed0fc3-3" in testing and 
unstable, and also with a *lower* version "0.0~git20161213.0.5ed0fc3-2" 
in experimental. The package was never part of experimental.



4. Package golang-google-api
   (listed in section "Sponsored/other uploads"):

Same as above, *lower* version in experimental than unstable.


I've tried to look into the source code for that page, but in the end, I 
got stuck. It seems to me that the PHP script (developer.php) is 
correct, but it gets the wrong data.


I think the file /srv/qa.debian.org/data/ddpo/results/archive.db on 
qa.debian.org already has the wrong data, but I was not able to really 
understand and debug the perl script "extract_archive.pl".


I hope someone (myon?) can have a look and
maybe spot an obvious bug ... :-)

Regards,
Tobias



signature.asc
Description: OpenPGP digital signature

Bug#863159: zstd: New upstream version with multithreading support

[Andreas Kotes]

Package: zstd
Version: 1.1.2-1
Severity: wishlist

Dear Maintainer,

https://github.com/facebook/zstd/releases has a new release (1.2.0),
sporting Multi-Threading support directly in zstd (instead of just via
pzst), making it worth bugging you about it for a moment *cough* :)

The code present there can also far either be dpkg-buildpackaged on
older Debian & Ubuntu versions, making this a very selfish ask ...

Please consider packaging it sometime soon - thank you :)

Thanks in advance!

  count

-- System Information:
Debian Release: 8.8
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages zstd depends on:
ii  libc6   2.24-10
ii  libgcc1 1:6.3.0-18
ii  libstdc++6  6.3.0-18
ii  libzstd11.1.2-1

zstd recommends no packages.

zstd suggests no packages.

-- no debconf information

-- 
Andreas 'count' Kotes
Taming computers for humans since 1990.
"Don't ask what the world needs. Ask what makes you come alive, and go do it.
Because what the world needs is people who have come alive." -- Howard Thurman