Bug#863285: [Pkg-samba-maint] Bug#863285: [winbind] Install/Updates Fail When Samba Running as samba 4 Domain

[L . P . H . van Belle]

Hai Roberto, 

First of all, nice to see good config. 
That helps, so thats clear, no config errors.

The locations for samba (systemd) files is by default.
/lib/systemd/system/
This is all correct, so no worries. 

Also, since systemd is new for you, as of debian stretch, you can use the 
command
systemctl edit your.service
This creates a new file ( overrides to the default settings) in somewhere 
/etc/systemd/.. 
A good thing to know is when you use : systemctl edit --full your.service
The makes a full copy of the original and places it in /etc/systemd. 
In case of the samba-ad-dc.service,  

I dont see the "bug" here. 

If server_role is not "active dir. " 
if [ "$SERVER_ROLE" != "active directory domain controller" ] \

And while true, echo server_service | grep silently and dont show smb.
> && ( echo "$SERVER_SERVICES" | grep -qv '\(^\|, \)smb\(,\|$\)' ) \

Thats what im reading, but im not a coder.. 
The smb, why thats there, i dont know. It probly has to do with removing ntvfs 
and adding s3fs as default. 

But for this report, i can confirm this is a bug.


Bug in /var/lib/dpkg/info/winbind.postinst
Missing AD DC, detection, and if ADDC is running, dont restart winbind.
See example, samba.postinst


Greetz, 

Louis


> -Oorspronkelijk bericht-
> Van: Pkg-samba-maint 
> [mailto:pkg-samba-maint-bounces+belle=bazuin.nl@lists.alioth.d
> ebian.org] Namens Roberto C. Sánchez
> Verzonden: maandag 31 juli 2017 16:57
> Aan: 863...@bugs.debian.org
> Onderwerp: [Pkg-samba-maint] Bug#863285: [winbind] 
> Install/Updates Fail When Samba Running as samba 4 Domain
> 
> Hi Louis,
> 
> On Mon, Jul 31, 2017 at 02:02:52PM +0200, L.P.H. van Belle wrote:
> > Hai Roberto,
> > 
> > Thank you for your insight also.
> > Can you post you complete (anonimized where needed) smb.conf. 
> > And the running version you have and the version your upgrading to.
> > This way we have most of the needed info. 
> > 
> Here is the smb.conf:
> 
> # Global parameters
> [global]
> workgroup = EXAMPLE
> realm = EXAMPLE.COM
> netbios name = SAMBA-ADDC1
> server role = active directory domain controller
> server services = -dns
> idmap_ldb:use rfc2307 = yes
> printing = CUPS
> printcap name = /dev/null
> kerberos method = secrets and keytab
> #ldap server require strong auth = allow_sasl_over_tls
> ldap server require strong auth = no
> 
> map to guest = bad user
> 
> tls enabled = yes
> tls keyfile = 
> /etc/ssl/samba-addc1.example.com/samba-addc1.example.com.key
> tls certfile = 
> /etc/ssl/samba-addc1.example.com/samba-addc1.example.com.pem
> tls cafile = /etc/ssl/cacert.pem
> 
> idmap config *:backend = tdb
> idmap config *:range = 70001-8
> idmap config EXAMPLE:backend = ad
> idmap config EXAMPLE:schema_mode = rfc2307
> idmap config EXAMPLE:range = 1-2
> 
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> 
> log level = 2
> syslog = 3
> 
> [netlogon]
> path = /var/lib/samba/sysvol/example.com/scripts
> read only = No
> 
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> 
> The server was initially installed with wheezy, using the 
> Samba 4 backport packages (this was around the end of 2014), 
> then upgraded to jessie when it became the stable release.
> 
> The currently installed version of Samba is: 2:4.2.14+dfsg-0+deb8u7+b1
> 
> The version I am trying to install (as part of the dist-upgrade to
> stretch) is: 2:4.5.8+dfsg-2+deb9u1+b1
> 
> I have read through all of the upstream release notes and 
> changelogs, as well as the NEWS file in the Debian package to 
> make sure that I don't have anything in the configuration 
> that will cause problems.  After reviewing, there is nothing 
> in my configuration that makes me think I need to change it 
> prior to upgrading.
> 
> > In general.
> > For samba ( standalone/members ) systemd uses one or more : 
> smbd nmbd 
> > winbind For samba ( AD DC ) systemd uses samba-ad-dc
> > 
> Yes, and that is how it appears to be with the systems on my network.
> 
> > The change to samba AD DC with systemd is: 
> > 
> > systemctl disable smbd nmbd winbind
> > systemctl mask smbd nmbd winbind
> > systemctl stop smbd nmbd winbind
> > 
> > systemctl enable samba-ad-dc
> > systemctl unmask samba-ad-dc
> > systemctl start samba-ad-dc
> > 
> 
> Interestingly, I never had to do anything with systemctl when 
> upgrading from wheezy to jessie.  On the jessie system (prior 
> to upgrade) here is what the systemd setup looks like:
> 
> systemctl list-units |egrep 'samba|nmbd|smbd|winbind'
> nmbd.service  
> loaded active exited   

Bug#867316: O: awesome -- highly configurable X window manager

[Julien Danjou]

On Mon, Jul 31 2017, Nicolas Boulenguez wrote:

> The upstream branch seems to track *every* upstream commit, but
> differs from the history visible on github.
> Julien, could you explain your workflow?
> We could then describe it in README.source for potential adopters.

I've not been updating this packages over 3 years so I doubt I can
explain much. ;)

-- 
Julien Danjou
# Free Software hacker
# https://julien.danjou.info


signature.asc
Description: PGP signature

Bug#870330: Please add the dotenv executable

[Bastian Venthur]

Package: ruby-dotenv
Version: 2.0.2-1
Severity: normal

Hi,

the upstream package provides the `dotenv` executable which makes 
commands like:


$ dotenv ./script.sh

possible. In fact the README.md of the ruby-dotenv package suggests that 
this executable is there. Could you please upload a version with this 
executable enabled?



Cheers,

Bastian




-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ruby-dotenv depends on:
ii  ruby  1:2.3.3

ruby-dotenv recommends no packages.

ruby-dotenv suggests no packages.

-- no debconf information

--
Dr. Bastian Venthur  http://venthur.de
Debian Developer venthur at debian org

Bug#870310: glib-mkenums: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 108: ordinal not in range(128)

[Simon McVittie]

Control: forwarded -1 https://bugzilla.gnome.org/show_bug.cgi?id=785113

On Tue, 01 Aug 2017 at 00:47:43 +0200, Michael Biebl wrote:
> Am 01.08.2017 um 00:34 schrieb Adrian Bunk:
> >>>   File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
> >>> return codecs.ascii_decode(input, self.errors)[0]
> >>> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 108: 
> >>> ordinal not in range(128)
> > Works with LANG=C.UTF-8 and FTBFS with LANG=C
> 
> Not sure what glib-mkenums is supposed to do about this then.
> It's the package/build environment not using a UTF-8 locale and Python 3
> being picky about that.

It can open files with a specified encoding, as in the commits in GLib
master that reference the upstream bug I've linked (I haven't verified
that they are a complete solution, so no +patch, but they seem good to
have).

Regards,
S

Bug#870331: installation-reports: Fails to install grub in the MBR of second device via menu item

[Andrea Brenci]

Package: installation-reports
Severity: normal
Tags: d-i

Dear Maintainer,

-- Package-specific info:

Boot method: CD
Image version: 
https://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/i386/iso-cd/debian-testing-i386-netinst.iso
 - 20170725-09:50
Date: 25 July 2017

Machine: Laptop Acer TM4002
Partitions: 
File systemTipo 1K-blocchi   Usati Disponib. Uso% Montato su
udev   devtmpfs 618560   0618560   0% /dev
tmpfs  tmpfs1255084220121288   4% /run
/dev/sdb6  ext2   23780504 3859820  18712672  18% /
tmpfs  tmpfs6275286968620560   2% /dev/shm
tmpfs  tmpfs  5120   4  5116   1% /run/lock
tmpfs  tmpfs627528   0627528   0% /sys/fs/cgroup
tmpfs  tmpfs125504  16125488   1% /run/user/1000


Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [O]
Detect network card:[O]
Configure network:  [O]
Detect CD:  [O]
Load installer modules: [O]
Clock/timezone setup:   [O]
User/password setup:[O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[O]
Install tasks:  [O]
Install boot loader:[E]
Overall install:[O]

Comments/Problems:



Installation of grub in the MBR of /dev/sdb using menu item (expert install, 
not gui) failed.
Installation of grub in the MBR of /dev/sdb setting it by hand (expert install) 
was successful.

-- 

Please make sure that the hardware-summary log file, and any other
installation logs that you think would be useful are attached to this
report. Please compress large files using gzip.

Once you have filled out this report, mail it to sub...@bugs.debian.org.

==
Installer lsb-release:
==
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="9 (stretch) - installer build 20170725-00:33"
X_INSTALLATION_MEDIUM=cdrom

==
Installer hardware-summary:
==
uname -a: Linux (none) 4.11.0-2-686 #1 SMP Debian 4.11.11-1 (2017-07-22) i686 
GNU/Linux
lspci -knn: 00:00.0 Host bridge [0600]: Intel Corporation 82852/82855 
GM/GME/PM/GMV Processor to I/O Controller [8086:3580] (rev 02)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: Kernel driver in use: agpgart-intel
lspci -knn: 00:00.1 System peripheral [0880]: Intel Corporation 82852/82855 
GM/GME/PM/GMV Processor to I/O Controller [8086:3584] (rev 02)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: 00:00.3 System peripheral [0880]: Intel Corporation 82852/82855 
GM/GME/PM/GMV Processor to I/O Controller [8086:3585] (rev 02)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: 00:02.0 VGA compatible controller [0300]: Intel Corporation 
82852/855GM Integrated Graphics Device [8086:3582] (rev 02)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: 00:02.1 Display controller [0380]: Intel Corporation 82852/855GM 
Integrated Graphics Device [8086:3582] (rev 02)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: 00:1d.0 USB controller [0c03]: Intel Corporation 82801DB/DBL/DBM 
(ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 [8086:24c2] (rev 03)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: Kernel driver in use: uhci_hcd
lspci -knn: Kernel modules: uhci_hcd
lspci -knn: 00:1d.1 USB controller [0c03]: Intel Corporation 82801DB/DBL/DBM 
(ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 [8086:24c4] (rev 03)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: Kernel driver in use: uhci_hcd
lspci -knn: Kernel modules: uhci_hcd
lspci -knn: 00:1d.2 USB controller [0c03]: Intel Corporation 82801DB/DBL/DBM 
(ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3 [8086:24c7] (rev 03)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: Kernel driver in use: uhci_hcd
lspci -knn: Kernel modules: uhci_hcd
lspci -knn: 00:1d.7 USB controller [0c03]: Intel Corporation 82801DB/DBM 
(ICH4/ICH4-M) USB2 EHCI Controller [8086:24cd] (rev 03)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: Kernel driver in use: ehci-pci
lspci -knn: Kernel modules: ehci_pci
lspci -knn: 00:1e.0 PCI bridge [0604]: Intel Corporation 82801 Mobile PCI 
Bridge [8086:2448] (rev 83)
lspci -knn: 00:1f.0 ISA bridge [0601]: Intel Corporation 82801DBM (ICH4-M) LPC 
Interface Bridge [8086:24cc] (rev 03)
lspci -knn: 00:1f.1 IDE interface [0101]: Intel Corporation 82801DBM (ICH4-M) 
IDE Controller [8086:24ca] (rev 03)
lspci -knn: Subsystem: Acer Incorporated [ALI] Device [1025:0064]
lspci -knn: Kernel drive

Bug#770171: sshd jail fails when system solely relies on systemd journal for logging

[Jean-Michel Vourgère]

For people looking for an easy work around:

apt-get install rsyslog

will ensure sshd is logged as usual.

Bug#870332: lintian: overrides on specific file ignored

[Salvo Tomaselli]

Package: lintian
Version: 2.5.52
Severity: normal

Dear Maintainer,
I'm preparing a new release for xinetd, and it has an override for
script-with-language-extension, because of historical reasons.

In any case, lintian reports the issue despite the override, so I had to do
the following:

--- a/debian/xinetd.lintian-overrides
+++ b/debian/xinetd.lintian-overrides
@@ -1 +1 @@
-xinetd: script-with-language-extension usr/sbin/xconv.pl
+script-with-language-extension

To make lintian stop bothering me.

Without this change, it would also generate a low priority warning about an
unused override.

Best


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lintian depends on:
ii  binutils  2.29-2
ii  bzip2 1.0.6-8.1
ii  diffstat  1.61-1+b1
ii  dpkg  1.18.24
ii  file  1:5.30-1
ii  gettext   0.19.8.1-2+b1
ii  intltool-debian   0.35.0+20060710.4
ii  libapt-pkg-perl   0.1.32+b2
ii  libarchive-zip-perl   1.59-1
ii  libclass-accessor-perl0.34-1
ii  libclone-perl 0.38-2+b2
ii  libdpkg-perl  1.18.24
ii  libemail-valid-perl   1.202-1
ii  libfile-basedir-perl  0.07-1
ii  libipc-run-perl   0.94-1
ii  liblist-moreutils-perl0.416-1+b3
ii  libparse-debianchangelog-perl 1.2.0-12
ii  libperl5.26 [libdigest-sha-perl]  5.26.0-5
ii  libtext-levenshtein-perl  0.13-1
ii  libtimedate-perl  2.3000-2
ii  liburi-perl   1.71-1
ii  libxml-simple-perl2.24-1
ii  libyaml-libyaml-perl  0.63-2+b2
ii  man-db2.7.6.1-2
ii  patchutils0.3.4-2
ii  perl  5.26.0-5
ii  t1utils   1.40-2
ii  xz-utils  5.2.2-1.3

Versions of packages lintian recommends:
pn  libperlio-gzip-perl  

Versions of packages lintian suggests:
pn  binutils-multiarch 
ii  dpkg-dev   1.18.24
ii  libhtml-parser-perl3.72-3+b2
pn  libtext-template-perl  

-- no debconf information

Bug#870333: libid3tag: CVE-2017-11551

[Salvatore Bonaccorso]

Source: libid3tag
Version: 0.15.1b-11
Severity: normal
Tags: security upstream

Hi,

the following vulnerability was published for libid3tag.

CVE-2017-11551[0]:
| The id3_field_parse function in field.c in libid3tag 0.15.1b allows
| remote attackers to cause a denial of service (OOM) via a crafted MP3
| file.

Quickly skimming over the code looks this would be present. But please
double-check. This CVE is the second of the issues listed at [1].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11551
[1] http://seclists.org/fulldisclosure/2017/Jul/85

Regards,
Salvatore

Bug#761441: RFP: node-istanbul -- a JS code coverage tool written in JS

[Ying-Chun Liu (PaulLiu)]

block 761441 by 858856
thanks

node-handlebars is also missing. See bug #858856. In istanbul there's
require('handlebars'); However, this is currently not working.

Yours,
Paul

-- 
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) 



signature.asc
Description: OpenPGP digital signature

Bug#870334: pkg-perl-autopkgtest: revisiting smoke prove --recurse

[Niko Tyni]

Package: pkg-perl-autopkgtest
Version: 0.37

Since 0.37, we're running 'prove --recurse' by default in the smoke
test. This has resulted in ~50 regressions according to ci.d.n:
there are packages ship .t files under t/ subdirectories (or starting
with a dot) that are not run during builds and are either broken
or not intended to be run at all.  Fixing these by adding t/*.t in
debian/tests/pkg-perl/smoke-tests gets boring quite quickly, though it's
certainly doable.

All these packages seem to be relying on the ExtUtils::MakeMaker default
of TEST_FILES => t/*.t. I'm wondering if we should try to parse that
out of Makefile.PL during autopkgtest instead of always recursing,
though that does seem somewhat error prone.

FWIW, Module::Build seems to have a related 'recursive_test_files'
option that is off by default (see Module::Build::API(3pm)).

It might help a bit to collect some statistics about the number of
packages with *.t files in subdirectories, and whether those have
TEST_FILES specified in Makefile.PL. Currently I have no idea if the
failing packages are just a small minority of the affected ones, or if
almost all of them are failing now.
-- 
Niko Tyni   nt...@debian.org

Bug#869070: apt-listbugs does not honor Acquire::http::TimeOut

[Vincent Lefevre]

On 2017-07-26 19:33:55 +0200, Francesco Poli wrote:
> Could you please perform the following test?
> 
> As root, back up one file:
> 
>   # cp -ai /usr/lib/ruby/vendor_ruby/aptlistbugs/debian/btssoap.rb /root/
> 
> Then, edit lines 35÷37 of the file itself (using VIM or any other
> editor of your choice):
> 
>   # vim /usr/lib/ruby/vendor_ruby/aptlistbugs/debian/btssoap.rb
> 
> Please try to set 10 (in stead of 999) for the three timeout values.
> 
> Does this solve your issue?

This solves the timeout issue, but actually the bug is worse than
I thought. After setting

@drv.options["protocol.http.connect_timeout"] = 10
@drv.options["protocol.http.send_timeout"] = 10
@drv.options["protocol.http.receive_timeout"] = 10

I get:

Retrieving bug reports... 0% Fail
Error retrieving bug reports from the server with the following error message:
E: execution expired
It could be because your network is down, or because of broken proxy servers, 
or the BTS server itself is down. Check network configuration and try again
Retry downloading bug information? [Y/n] 

i.e. it doesn't fallback to the IPv4 address, contrary to what
other tools do!

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#870335: gnome-session: Gnome session creates a new kernel session keyring, without a link to the user keyring

[Itaï BEN YAACOV]

Package: gnome-session
Version: 3.22.3-1
Severity: normal

Dear Maintainer,

When logging in to console, or via ssh, typing "keyctl show" gives something 
like

Session Keyring
 365837487 --alswrv   1000  1000  keyring: _ses
 924915722 --alswrv   1000 65534   \_ keyring: _uid.1000

When logging in to gnome, I get

Session Keyring
1002009370 --alswrv   1000  1000  keyring: _ses
 226607596 s-rv  0 0   \_ user: invocation_id

without a link to the user keyring.  This breaks ecryptfs-mount-private (which
is how I found this problem).

I did this with a phoney pristine user, same behaviour, so this isn't something 
in my
dotfiles.

Better still: doing "keyctl show > SOMEFILE" in my .profile shows that when
.profile is sourced, there is a session keyring with a link to the user keyring
(so pam_keyinit is run correctly), but once in the gnome session, I get a 
different
session ring (different keyring number) without the link.

I suspect that as some stage after the .profile is invoked, a new session ring 
is created.
Not entirely sure how to debug this any further.

Cheers,
Itaï.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-session depends on:
ii  gnome-session-bin  3.22.3-1
ii  gnome-session-common   3.22.3-1
ii  gnome-settings-daemon  3.22.2-5
ii  gnome-shell3.22.3-3

gnome-session recommends no packages.

Versions of packages gnome-session suggests:
ii  desktop-base  9.0.5
ii  gnome-keyring 3.20.1-1
ii  gnome-user-guide  3.22.0-1

-- debconf-show failed

Bug#773201: python-nxt: Make sure python-nxt works with pyusb>1.0

[Petter Reinholdtsen]

Control: forwarded -1 https://github.com/Eelviny/nxt-python/issues/83

[Scott Kitterman]
> There's a patch in the upstream bug tracker for python-nxt.

Unfortunately, upstream did not approve of this patch.

-- 
Happy hacking
Petter Reinholdtsen

Bug#697224: python-nxt-filer: Should show GUI dialog when no NXT is plugged in

[Petter Reinholdtsen]

Control: forwarded -1 https://github.com/eelviny/nxt-python/issues/51

Upstream migrated to github.
-- 
Happy hacking
Petter Reinholdtsen

Bug#870336: Helping migration of camlp5, lablgtk2, etc.

[Stéphane Glondu]

Package: release.debian.org
Severity: normal

Dear RT,

camlp5, lablgtk2 and other packages have been waiting for migration to
testing for a while. Their migration is essentially blocked by
hol-light and botch which FTBFS at the moment.

Here are hints to make things evolve (courtesy of comigrate):

age-days 4 frama-c/20161101+silicon+dfsg-6
age-days 3 pxp/1.2.9-1
age-days 3 utop/1.19.3-2
easy aac-tactics/amd64/8.6.1-1 aac-tactics/arm64/8.6.1-1 
aac-tactics/armel/8.6.1-1 aac-tactics/armhf/8.6.1-1 aac-tactics/i386/8.6.1-1 
aac-tactics/mips/8.6.1-1 aac-tactics/mips64el/8.6.1-1 
aac-tactics/mipsel/8.6.1-1 aac-tactics/ppc64el/8.6.1-1 
aac-tactics/s390x/8.6.1-1 advi/mips/1.10.2-3 advi/mips64el/1.10.2-3 
advi/mipsel/1.10.2-3 advi/ppc64el/1.10.2-3 advi/s390x/1.10.2-3 
alt-ergo/mips/1.30-1 alt-ergo/mips64el/1.30-1 alt-ergo/mipsel/1.30-1 
alt-ergo/ppc64el/1.30-1 alt-ergo/s390x/1.30-1 ara/1.0.33 belenios/1.4+dfsg-2 
ben/0.7.7 -botch/0.21-3 cairo-ocaml/amd64/1:1.2.0-6 cairo-ocaml/arm64/1:1.2.0-6 
cairo-ocaml/armel/1:1.2.0-6 cairo-ocaml/armhf/1:1.2.0-6 
cairo-ocaml/i386/1:1.2.0-6 cairo-ocaml/mips/1:1.2.0-6 
cairo-ocaml/mips64el/1:1.2.0-6 cairo-ocaml/mipsel/1:1.2.0-6 
cairo-ocaml/ppc64el/1:1.2.0-6 cairo-ocaml/s390x/1:1.2.0-6 
camlimages/amd64/1:4.2.0-1.1 camlimages/arm64/1:4.2.0-1.1 
camlimages/armel/1:4.2.0-1.1 camlimages/armhf/1:4.2.0-1.1 
camlimages/i386/1:4.2.0-1.1 camlimages/mips/1:4.2.0-1.1 
camlimages/mips64el/1:4.2.0-1.1 camlimages/mipsel/1:4.2.0-1.1 
camlimages/ppc64el/1:4.2.0-1.1 camlimages/s390x/1:4.2.0-1.1 camlp5/7.01-1 
camomile/0.8.5-1 cduce/amd64/0.6.0-5 cduce/arm64/0.6.0-5 cduce/armel/0.6.0-5 
cduce/armhf/0.6.0-5 cduce/i386/0.6.0-5 coinst/mips/1.9.3-1 
coinst/mips64el/1.9.3-1 coinst/mipsel/1.9.3-1 coinst/ppc64el/1.9.3-1 
coinst/s390x/1.9.3-1 coq/amd64/8.6-4 coq/arm64/8.6-4 coq/armel/8.6-4 
coq/armhf/8.6-4 coq/i386/8.6-4 coq/mips/8.6-4 coq/mips64el/8.6-4 
coq/mipsel/8.6-4 coq/ppc64el/8.6-4 coq/s390x/8.6-4 cryptokit/1.11-1 
dose3/5.0.1-9 eliom/amd64/4.2-3 eliom/arm64/4.2-3 eliom/armel/4.2-3 
eliom/armhf/4.2-3 eliom/i386/4.2-3 eliom/mips/4.2-3 eliom/mips64el/4.2-3 
eliom/mipsel/4.2-3 eliom/ppc64el/4.2-3 eliom/s390x/4.2-3 
frama-c/20161101+silicon+dfsg-6 freetennis/mips/0.4.8-10 
freetennis/mips64el/0.4.8-10 freetennis/mipsel/0.4.8-10 
freetennis/ppc64el/0.4.8-10 freetennis/s390x/0.4.8-10 galax/amd64/1.1-15 
galax/arm64/1.1-15 galax/armel/1.1-15 galax/armhf/1.1-15 galax/i386/1.1-15 
galax/mips/1.1-15 galax/mips64el/1.1-15 galax/mipsel/1.1-15 
galax/ppc64el/1.1-15 galax/s390x/1.1-15 -hol-light/20170109-1 
lablgtk-extras/amd64/1.5-1 lablgtk-extras/arm64/1.5-1 
lablgtk-extras/armel/1.5-1 lablgtk-extras/armhf/1.5-1 lablgtk-extras/i386/1.5-1 
lablgtk-extras/mips/1.5-1 lablgtk-extras/mips64el/1.5-1 
lablgtk-extras/mipsel/1.5-1 lablgtk-extras/ppc64el/1.5-1 
lablgtk-extras/s390x/1.5-1 lablgtk2/2.18.5+dfsg-1 lablgtkmathview/amd64/0.7.8-6 
lablgtkmathview/arm64/0.7.8-6 lablgtkmathview/armel/0.7.8-6 
lablgtkmathview/armhf/0.7.8-6 lablgtkmathview/i386/0.7.8-6 
lablgtkmathview/mips/0.7.8-6 lablgtkmathview/mips64el/0.7.8-6 
lablgtkmathview/mipsel/0.7.8-6 lablgtkmathview/ppc64el/0.7.8-6 
lablgtkmathview/s390x/0.7.8-6 laby/0.6.4-2 lambda-term/1.10.1-2 
ledit/amd64/2.03-5 ledit/arm64/2.03-5 ledit/armel/2.03-5 ledit/armhf/2.03-5 
ledit/i386/2.03-5 ledit/mips/2.03-5 ledit/mips64el/2.03-5 ledit/mipsel/2.03-5 
ledit/ppc64el/2.03-5 ledit/s390x/2.03-5 liquidsoap/mips/1.1.1-7.2 
liquidsoap/mips64el/1.1.1-7.2 liquidsoap/mipsel/1.1.1-7.2 
liquidsoap/ppc64el/1.1.1-7.2 liquidsoap/s390x/1.1.1-7.2 lwt/2.5.2-2 
monotone-viz/mips/1.0.2-4 monotone-viz/mips64el/1.0.2-4 
monotone-viz/mipsel/1.0.2-4 monotone-viz/ppc64el/1.0.2-4 
monotone-viz/s390x/1.0.2-4 nurpawiki/amd64/1.2.3-10 nurpawiki/arm64/1.2.3-10 
nurpawiki/armel/1.2.3-10 nurpawiki/armhf/1.2.3-10 nurpawiki/i386/1.2.3-10 
nurpawiki/mips/1.2.3-10 nurpawiki/mips64el/1.2.3-10 nurpawiki/mipsel/1.2.3-10 
nurpawiki/ppc64el/1.2.3-10 nurpawiki/s390x/1.2.3-10 ocaml-fileutils/0.5.2-1 
ocaml-gettext/0.3.7-1 ocaml-http/amd64/0.1.5-1 ocaml-http/arm64/0.1.5-1 
ocaml-http/armel/0.1.5-1 ocaml-http/armhf/0.1.5-1 ocaml-http/i386/0.1.5-1 
ocaml-lastfm/amd64/0.3.0-4 ocaml-lastfm/arm64/0.3.0-4 
ocaml-lastfm/armel/0.3.0-4 ocaml-lastfm/armhf/0.3.0-4 ocaml-lastfm/i386/0.3.0-4 
ocaml-mm/0.3.0-1 ocaml-ssl/0.5.3-1 ocamlbricks/amd64/0.90+bzr400-2 
ocamlbricks/arm64/0.90+bzr400-2 ocamlbricks/armel/0.90+bzr400-2 
ocamlbricks/armhf/0.90+bzr400-2 ocamlbricks/i386/0.90+bzr400-2 
ocamlbricks/mips/0.90+bzr400-2 ocamlbricks/mips64el/0.90+bzr400-2 
ocamlbricks/mipsel/0.90+bzr400-2 ocamlbricks/ppc64el/0.90+bzr400-2 
ocamlbricks/s390x/0.90+bzr400-2 ocamldap/amd64/2.1.8-10 ocamldap/arm64/2.1.8-10 
ocamldap/armel/2.1.8-10 ocamldap/armhf/2.1.8-10 ocamldap/i386/2.1.8-10 
ocamldap/mips/2.1.8-10 ocamldap/mips64el/2.1.8-10 ocamldap/mipsel/2.1.8-10 
ocamldap/ppc64el/2.1.8-10 ocamldap/s390x/2.1.8-10 ocamlgraph/amd64/1.8.6-1 
ocamlgraph/arm64/1.8.6-1 ocamlgraph/armel/1.8.6-1 ocamlgraph/armhf/1.8.6-1 
ocamlgraph/i386/1.8.6-1 ocamlgrap

Bug#870337: Stretch: /lib/systemd/system/tor@default.service broken

[clayton]

Package: tor
Version: 0.2.9.11-1~deb9u1
Severity: normal

On stretch, tor does not start after installation.

After I comment out these

# ReadOnlyDirectories=/
# ReadWriteDirectories=-/proc
# ReadWriteDirectories=-/var/lib/tor
# ReadWriteDirectories=-/var/log/tor
# ReadWriteDirectories=-/var/run 

lines in /lib/systemd/system/tor@default.service this

systemctl start tor.service

will work.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-042stab120.16 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tor depends on:
ii  adduser  3.115
ii  init-system-helpers  1.48
ii  libc62.24-11+deb9u1
ii  libevent-2.0-5   2.0.21-stable-3
ii  libseccomp2  2.3.1-2.1
ii  libssl1.11.1.0f-3
ii  libsystemd0  232-25+deb9u1
ii  lsb-base 9.20161125
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages tor recommends:
ii  logrotate3.11.0-0.1
ii  tor-geoipdb  0.2.9.11-1~deb9u1
ii  torsocks 2.2.0-1

Versions of packages tor suggests:
pn  apparmor-utils   
pn  mixmaster
ii  obfs4proxy   0.0.7-1+b2
pn  obfsproxy
pn  socat
pn  tor-arm  
pn  torbrowser-launcher  

-- no debconf information

Bug#870297: closed by Rene Engelhard (Re:Bug#870297: Libre Office upgrade problem)

[basia]

Good Morning,

Thanks for your efforts.
I will try dist-upgrade. Earlier o later something should go forward :-)

Best regards
Basia

Dnia Mon, 31 Jul 2017 21:24:03 + napisales[as]:

> This is an automatic notification regarding your Bug report
> which was filed against the libreoffice package:
> 
> #870297: Libre Office upgrade problem
> 
> It has been closed by Rene Engelhard .
> 
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Rene Engelhard 
>  by
> replying to this email.
> 
> 
> -- 
> 870297:  
> target='_blank'>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870297
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
> 
> 
> 
-
> Temat: Re: Bug#870297: Libre Office upgrade problem 
> Nadawca: Rene Engelhard r...@debian.org 
> Data: Mon, 31 Jul 2017 23:22:02 +0200 
> Adresat: 870297-d...@bugs.debian.org 
> On Mon, Jul 31, 2017 at 11:14:36PM +0200, ba...@jastra.netprojekt.pl wrote:
> Dnia Mon, 31 Jul 2017 21:23:36 +0200 napisales[as]:
> 
>> Hi,
> 
>>> extensa:/home/basia# apt-get install libreoffice-base
>> 
>> Why -base? 
> 
> just attempt...
> 
>> You should try first with low-level like ure, 
> 
> extensa:/home/basia# apt-get install ure 
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> ure is already the newest version.
> 
> so it is OK
> 
>> uno-libs3 
> 
> extensa:/home/basia# apt-get install uno-libs3
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> uno-libs3 is already the newest version.
> 
> Here is also OK
> 
>> or libreoffice-core before trying -base (yes, I know the name is confusing.)
> 
> extensa:/home/basia# apt-get install libreoffice-core
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> 
> The following packages have unmet dependencies:
>  libreoffice-core : Depends: libclucene-contribs1v5 (>= 2.3.3.4+dfsg) but it 
> is not going to be installed
> Depends: libclucene-core1v5 (>= 2.3.3.4+dfsg) but it is 
> not going to be installed
> E: Unable to correct problems, you have held broken packages.
> extensa:/home/basia# 
> ***
> 
> extensa:/home/basia# apt-get install libclucene-core1v5
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> The following packages have unmet dependencies:
>  perl-base : Breaks: texinfo (< 6.1.0.dfsg.1-8) but 4.13a.dfsg.1-10 is to be 
> installed
>  python-talloc : Breaks: python-samba (< 2:4.3.6+dfsg-2) but 2:4.1.17+dfsg-4 
> is to be installed
> E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by 
> held packages.
> extensa:/home/basia# 

$ rmadison -s testing texinfo python-samba
python-samba | 2:4.6.5+dfsg-8 | testing| amd64, arm64, armel, armhf, 
i386, mips, mips64el, mipsel, ppc64el, s390x
texinfo  | 6.4.90.dfsg.1-1| testing| source
texinfo  | 6.4.90.dfsg.1-1+b1 | testing| amd64, arm64, armel, armhf, 
i386, mips, mips64el, mipsel, ppc64el, s390x

Obviously parts of your systems are ancient. (dist-)upgrade?

Now you are on your own, this obviously is not a LO bug but a bug
in your system.

Will close this report.

Regards,

Rene)



> 

> 

> Temat: Libre Office upgrade problem 
> Nadawca: ba...@jastra.netprojekt.pl 
> Data: Mon, 31 Jul 2017 19:57:11 +0200 
> Adresat:  
> Package: libreoffice
version: 1:5.3.5~rc1-3

I have installed some programs, which I hoped could help me to contact my 
tablet with Android. They resulted uninstalling my Libre Office. 
Attempt to install Libre Office again resulted dependencies problems with 
versions (system communicates in Polish)

extensa:/home/basia# apt-get install libreoffice
Czytanie list pakietów... Gotowe
Budowanie drzewa zależności   
Odczyt informacji o stanie... Gotowe
Nie udało się zainstalować niektórych pakietów. Może to oznaczać,
że zażądano niemożliwej sytuacji lub użyto dystrybucji niestabilnej,
w której niektóre pakiety nie zostały jeszcze utworzone lub przeniesione
z katalogu Incoming ("Przychodzące").
Następujące informacje mogą pomóc rozwiązać sytuację:
Następują

Bug#870337: Stretch: /lib/systemd/system/tor@default.service broken

[Peter Palfrader]

Control: tags -1 + unreproducible
On Tue, 01 Aug 2017, clayton wrote:

> On stretch, tor does not start after installation.

You will need to provide more information.  Show the output of
journalctrl -f while restarting the service, and show me your torrc.

-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#870338: timidity: CVE-2017-11546 CVE-2017-11547 CVE-2017-11549

[Salvatore Bonaccorso]

Source: timidity
Version: 2.13.2-40.2
Severity: important
Tags: upstream security

Hi,

the following vulnerabilities were published for timidity. All three
issues seem to affect the same set of versions in Debian, thus filling
only one bugreport:

CVE-2017-11546[0]:
| The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0
| allows remote attackers to cause a denial of service (divide-by-zero
| error and application crash) via a crafted mid file. NOTE: a crash
| might be relevant when using the --background option.

CVE-2017-11547[1]:
| The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows
| remote attackers to cause a denial of service (heap-based buffer
| over-read) via a crafted mid file. NOTE: a crash might be relevant when
| using the --background option. NOTE: the TiMidity++ README.alsaseq
| documentation suggests a setuid-root installation.

CVE-2017-11549[2]:
| The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote
| attackers to cause a denial of service (large loop and CPU consumption)
| via a crafted mid file. NOTE: CPU consumption might be relevant when
| using the --background option.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11546
[1] https://security-tracker.debian.org/tracker/CVE-2017-11547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11547
[2] https://security-tracker.debian.org/tracker/CVE-2017-11549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11549
[3] http://seclists.org/fulldisclosure/2017/Jul/83

Regards,
Salvatore

Bug#869070: apt-listbugs does not honor Acquire::http::TimeOut

[Vincent Lefevre]

On 2017-08-01 10:24:13 +0200, Vincent Lefevre wrote:
> This solves the timeout issue, but actually the bug is worse than
> I thought. After setting
> 
> @drv.options["protocol.http.connect_timeout"] = 10
> @drv.options["protocol.http.send_timeout"] = 10
> @drv.options["protocol.http.receive_timeout"] = 10
> 
> I get:
> 
> Retrieving bug reports... 0% Fail
> Error retrieving bug reports from the server with the following error message:
> E: execution expired
> It could be because your network is down, or because of broken proxy servers, 
> or the BTS server itself is down. Check network configuration and try again
> Retry downloading bug information? [Y/n] 
> 
> i.e. it doesn't fallback to the IPv4 address, contrary to what
> other tools do!

Well, without the above change, I get the usual 2-minute timeout
per IP address, and the fallback to the first IP address that works
(here, IPv4). I assume that this is because the timeout occurs at
the socket level instead of the protocol level, thus not handled
by the same code.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#870339: animal-sniffer FTBFS: recipe for target 'clean' failed

[Adrian Bunk]

Source: animal-sniffer
Version: 1.15-2
Severity: serious

https://buildd.debian.org/status/fetch.php?pkg=animal-sniffer&arch=all&ver=1.15-2&stamp=1501531486&raw=0

...
dh clean
   dh_auto_clean
"for dir in \$(find . -name target -type d); do if [ -f \$(echo \$dir | 
sed -e s/target\$/pom.xml/) ]; then rm -Rf \$dir; fi done"
Can't exec "for dir in $(find . -name target -type d); do if [ -f $(echo $dir | 
sed -e s/target$/pom.xml/) ]; then rm -Rf $dir; fi done": No such file or 
directory at /usr/share/perl5/Debian/Debhelper/Dh_Lib.pm line 330.
dh_auto_clean: "for dir in \$(find . -name target -type d); do if [ -f \$(echo 
\$dir | sed -e s/target\$/pom.xml/) ]; then rm -Rf \$dir; fi done" failed to 
execute: No child processes
dh_auto_clean: "for dir in \$(find . -name target -type d); do if [ -f \$(echo 
\$dir | sed -e s/target\$/pom.xml/) ]; then rm -Rf \$dir; fi done" returned 
exit code 10
debian/rules:4: recipe for target 'clean' failed
make: *** [clean] Error 2

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

[Duck]

Control: tags -1 -unreproducible
Control: found -1 1.16.0-2


Quack,

I'm using two different servers and could reproduce the crash. With only
one of them on another machine it works fine.

Here is the trace:
#0  0x7f7798fc2676 in strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x7f7798fc23ae in __GI___strdup (s=0x1 ) at strdup.c:41
len = 
new = 
#2  0x55ffc458b7aa in examine_discovered_printer_record
(host=, ip=0x0, port=631, resource=,
service_name=, location=0x1 , info=0x55ffc53363e4 "Canon iR-ADV C5045F New Office",
type=0x55ffc4595ab2 "", domain=0x55ffc4595ab2 "", txt=0x0) at
utils/cups-browsed.c:5268
uri = "ipp://s01.server.com:631/printers/Canon_C5045F_OM",
'\000' 
queue_name = 0x55ffc533d260
"Canon_iR_ADV_C5045F_New_Office_s01_server_com"
remote_host = 0x55ffc52be2c0 "s01.server.com"
pdl = 
make_model = 
color = 
duplex = 
fields = {0x55ffc459516f "product", 0x55ffc4595183 "usb_MDL",
0x55ffc459518b "ty", 0x0}
f = 
entry = 
key = 0x0
value = 0x0
note_value = 0x0
cluster = 
member = 
str = 
p = 0x55ffc52d8950
local_printer = 
backup_queue_name = 0x55ffc532c3c0
"canon_ir_adv_c5045f_new_office_s01_server_...@s01.server.com"
local_queue_name = 0x55ffc533d260
"Canon_iR_ADV_C5045F_New_Office_s01_server_com"
local_queue_name_lower = 
is_cups_queue = 1
#3  0x55ffc458f362 in found_cups_printer (remote_host=, uri=, location=0x1 , info=) at utils/cups-browsed.c:6010
scheme = "ipp", '\000' 
username = '\000' 
host = "s01.server.com", '\000' 
resource = "/printers/Canon_C5045F_OM", '\000' 
port = 631
iface = 
local_resource = "printers/Canon_C5045F_OM", '\000' 
service_name = "Canon iR-ADV C5045F New Office @
s01.server.com\000\375\177\000\000`\304\033\377\375\177\000\000`\304\033\377\375\177\000\000e\304\033\377\375\177\000\000\217\304\033\377\375\177\000\000`\304\033\377\375\177\000\000\217\304\033\377\375\177",
'\000' ,
"\v\000\000\000\004\000\000\000\220\303\033\377\375\177\000\000\000\000\033\377\375\177\000\000\000\000\000\000\000\000\000\000r\303\033\377\375\177\000\000\b\212\003\231w\177\000\000\377\377\377\377\377\377\377\377"...
c = 
hl = 51
printer = 
#4  0x55ffc458fbda in browse_poll_get_printers (conn=0x55ffc5371b70,
context=0x55ffc52d2750) at utils/cups-browsed.c:6427
uri = 0x55ffc5326f94
"ipp://s01.server.com:631/printers/Canon_C5045F_OM"
location = 0x1 
info = 0x55ffc53363e4 "Canon iR-ADV C5045F New Office"
request = 
rattrs = {0x55ffc4594aef "printer-uri-supported", 0x55ffc4594b5d
"printer-info"}
response = 0x55ffc5355670
attr = 0x55ffc5354910
printers = 
rattrs = {0x55ffc4594aef "printer-uri-supported", 0x55ffc4594b5d
"printer-info"}
context = 0x55ffc52d2750
conn = 
get_printers = 
#5  0x55ffc458fbda in browse_poll (data=0x55ffc52d2750,
data@entry=)
at utils/cups-browsed.c:6694
context = 0x55ffc52d2750
conn = 
get_printers = 
#6  0x7f77999cc523 in g_timeout_dispatch (source=0x55ffc531afd0,
callback=, user_data=)
at ../../../../glib/gmain.c:4629
timeout_source = 0x55ffc531afd0
again = 
#7  0x7f77999cbaaa in g_main_dispatch (context=0x55ffc52d8f30) at
../../../../glib/gmain.c:3148
dispatch = 0x7f77999cc510 
prev_source = 0x0
was_in_call = 0
user_data = 0x55ffc52d2750
callback = 0x55ffc458f800 
cb_funcs = 
cb_data = 0x55ffc52f6ab0
need_destroy = 
source = 0x55ffc531afd0
current = 0x55ffc5308890
i = 0
#8  0x7f77999cbaaa in g_main_context_dispatch
(context=context@entry=0x55ffc52d8f30) at ../../../../glib/gmain.c:3813
#9  0x7f77999cbe60 in g_main_context_iterate
(context=0x55ffc52d8f30, block=block@entry=1, dispatch=dispatch@entry=1,
self=)
at ../../../../glib/gmain.c:3886
max_priority = 2147483647
timeout = 43837
some_ready = 1
nfds = 3
allocated_nfds = 3
fds = 
#10 0x7f77999cc182 in g_main_loop_run (loop=0x55ffc530ffe0) at
../../../../glib/gmain.c:4082
__func__ = "g_main_loop_run"
#11 0x55ffc458213b in main (argc=1, argv=0x7ffdff1bc988) at
utils/cups-browsed.c:7987
ret = 1
http = 
i = 
val = 
p = 
proxy = 0x55ffc52f5460 [GDBusProxy]
error = 0x0
subscription_id = 824
action =
  {__sigaction_handler = {sa_handler = 0x55ffc4585ec0
, sa_sigaction = 0x55ffc4585ec0 },
sa_mask = {__val = {2048, 0 }}, sa_flags = 0,
sa_restorer = 0x0}

Regards.



signature.asc
Description: OpenPGP digital signature

Bug#859867: [buildd-tools-devel] Bug#859867: Bug#859867: Please add a package which automatically configures sbuild for Debian packaging

[Michael Stapelberg]

On Mon, Jul 31, 2017 at 4:24 PM, Johannes Schauer  wrote:

> Quoting Michael Stapelberg (2017-07-31 14:19:16)
> > Unless I’m mistaken, the following is what we’d need to recommend to new
> > users:
> >
> > % sudo apt install sbuild apt-cacher-ng lintian
>
> Why install lintian?
>

So that it is available to be used, as per the changed default?


>
> > % sudo adduser --quiet -- "$USER" sbuild
>
> Better:
>
> sudo sbuild-adduser $USER
>

sbuild-adduser gives instructions which don’t apply in our case (AFAIR).


>
> > % sudo sbuild-createchroot \
> >   --command-prefix=eatmydata \
> >   --include=eatmydata \
> >   --alias=UNRELEASED \
> >   --alias=sid \
> >   unstable \
> >   /srv/chroot/unstable-amd64-sbuild \
> >   http://localhost:3142/deb.debian.org/debian
>
> That is *if* the machine of the user is amd64.
>

Substitute $(dpkg --print-architecture).


>
> Also, this part would be Debian-specific. Downstream distributions would
> have
> to adapt the alias and mirror values.
>

Yes.


>
> Also, didn't you also propose to make the schroot be run in a tmpfs the
> default? In that case, eatmydata would be quite pointless, no?
>

I proposed suggesting to build in tmpfs, not doing it by default. If you
think people in general have enough RAM for that to be a good idea, I’ll
happily change it and get rid of eatmydata.


>
> > % echo 15 */6 * * * root /usr/share/doc/sbuild/examples/sbuild-update-all
> |
> > sudo tee /etc/cron.d/sbuild-update-all
>
> Every six hours? I find that a bit excessive. This should certainly be
>

This is the first example
from /usr/share/doc/sbuild/examples/sbuild-update-all itself, which I
assumed was a recommendation. We could dial it down to once a day.


> configurable. Not everybody is behind an internet connection which is fast
>

It is configurable, just edit the file afterwards :).


> enough and/or where one doesn't pay per MB.
>

True, but I’d wager most DMs/DDs (the primary target audience of this
endavour) are. We can slap a fat warning on top of the package description
to clarify that we’re operating under the assumption.


>
> > % newgrp sbuild
>
> This would only have an effect on the currently open terminal and would
> have to
> be executed again on every new terminal session until the user *really*
> logs
> out and in again.
>

Yes. We can tell the user about this fact, but running newgrp seems like a
good idea nevertheless.


>
> > That seems quite involved over, say, “apt install sbuild-setup &&
> > sbuild-setup unstable”.
> >
> > Hence, I’d definitely appreciate a script which does all the over having
> to
> > refer to a wiki page and copy&paste long commands.
>
> Except that the sbuild-setup command would need to become quite complex
> because
> it the user has to be able to control:
>
>  - how to setup schroot (overlayfs? tmpfs?)
>

The default.


>  - where to put the chroots
>

The default.


>  - which distribution aliases (distribution specific)
>

sid for Debian. Downstream can change this.


>  - which extra packages to include (like eatmydata)
>

Only eatmydata.


>  - whether this is the first run or not (warn if the script is run for a
> second
>time)
>  - how often to update the chroots via cron
>

Once a day, change the crontab file if you want to change that.

To summarize: the point of this script is to provide an easy way to get
sbuild for people who don’t care. People who do care about any of these
details should not use it. I think there is significant value in providing
an easy path, if only as a stop-gap until the user gets around to looking
into this subject area in more depth, and creating their own preferred
setup.


>
> And then we have a script with a complexity which is close to where
> sbuild-createchroot already is.
>
> Or are you actually convinced that it is possible to find a set of defaults
> which fits even half the userbase of sbuild?
>
> Since we are down to two mandatory (and two optional) commands after
> running
> "apt install sbuild", I'd argue that a superior solution would be to
> improve
> the documentation of which commands to run for a "typical" setup. I fear
> that
> trying to create a "one-size-fits-all" script can have many unintended
> side-effects (thinking of users behind bad or costly internet, who use
> schroot
> for other purposes, who don't want to install another deamon like
> apt-cacher-ng, who are not building for Debian but for downstreams...).
> I'm not
> convinced that the time that the user would invest to *really* understand
> the
> things that an sbuild-setup script is actually doing would not be better
> spent
> in learning how to use the individual tools.
>

I think the following suggestion takes care of all the concerns you brought
up: Let’s name it sbuild-debian-developer-setup, describe that the goal is
to provide an sbuild setup which can build packages for Debian unstable,
automates maintenance with its daily update cronjob and assumes an
un-metered internet connection.

Does that sound reasonab

Bug#870340: perl: perldoc outputs visible escape sequences again

[Niko Tyni]

Package: perl
Version: 5.26.0-4

As noticed by Olly Betts, the fix for #758689, where we injected the less
'-R' option in perldoc, has regressed in the 5.26 packages.

It looks like Pod::Perldoc is now trying to figure out what the pager
is before injecting options, and possibly gets confused by Debian's
sensible-pager or something like that.

Some related links:

 https://github.com/mrallen1/Pod-Perldoc/issues/28

 https://rt.perl.org/Public/Bug/Display.html?id=130759

 https://github.com/mrallen1/Pod-Perldoc/pull/16

 
https://sources.debian.net/src/perl/5.26.0-4/cpan/Pod-Perldoc/lib/Pod/Perldoc/ToTerm.pm/#L35

-- 
Niko Tyni   nt...@debian.org

Bug#859867: [buildd-tools-devel] Bug#859867: Bug#859867: Please add a package which automatically configures sbuild for Debian packaging

[Johannes Schauer]

Quoting Michael Stapelberg (2017-08-01 10:51:41)
> I think the following suggestion takes care of all the concerns you brought
> up: Let’s name it sbuild-debian-developer-setup, describe that the goal is to
> provide an sbuild setup which can build packages for Debian unstable,
> automates maintenance with its daily update cronjob and assumes an un-metered
> internet connection.
> 
> Does that sound reasonable?

Okay, you seem to be very enthusiastic about this. Would you like to maintain
that script? Then it could live in the sbuild package but I would not have to
deal with it. ;)


signature.asc
Description: signature

Bug#859867: [buildd-tools-devel] Bug#859867: Bug#859867: Please add a package which automatically configures sbuild for Debian packaging

[Michael Stapelberg]

That works for me :).

How shall we proceed? Should I prepare a patch against the sbuild package?

On Tue, Aug 1, 2017 at 11:00 AM, Johannes Schauer  wrote:

> Quoting Michael Stapelberg (2017-08-01 10:51:41)
> > I think the following suggestion takes care of all the concerns you
> brought
> > up: Let’s name it sbuild-debian-developer-setup, describe that the goal
> is to
> > provide an sbuild setup which can build packages for Debian unstable,
> > automates maintenance with its daily update cronjob and assumes an
> un-metered
> > internet connection.
> >
> > Does that sound reasonable?
>
> Okay, you seem to be very enthusiastic about this. Would you like to
> maintain
> that script? Then it could live in the sbuild package but I would not have
> to
> deal with it. ;)
>



-- 
Best regards,
Michael

Bug#859867: [buildd-tools-devel] Bug#859867: Bug#859867: Please add a package which automatically configures sbuild for Debian packaging

[Johannes Schauer]

Quoting Michael Stapelberg (2017-08-01 11:04:16)
> That works for me :).
> 
> How shall we proceed? Should I prepare a patch against the sbuild package?

Yes please!

Put the patch into this bug and then we can talk about it. :)


signature.asc
Description: signature

Bug#870135: radeontop: does not report vram usage with amdgpu driver

[Ole Harth]

Hi Adrina,

the updated package still has the issue.

I tried building the package myself (overriding dh_auto_build with 
"dh_auto_build -- amdgpu=1") and noticed that the binary is build twice, 
first during the dh_auto_build step and then again during the 
dh_auto_install step.


Executing the build step only produced the correct binary with amdgpu 
support enabled, but it was overwritten immediately when executing the 
whole dh sequence.


Cheers
Ole

Bug#870342: libvorbis: CVE-2017-11735

[Salvatore Bonaccorso]

Source: libvorbis
Version: 1.3.5-4
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for libvorbis, can you
please double-check the report.

CVE-2017-11735[0]:
| The vorbis_block_clear function in lib/block.c in Xiph.Org libvorbis
| 1.3.5 allows remote attackers to cause a denial of service (NULL
| pointer dereference and application crash) via a crafted ogg file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11735
[1] http://seclists.org/fulldisclosure/2017/Jul/82

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#870341: libvorbis: CVE-2017-11333

[Salvatore Bonaccorso]

Source: libvorbis
Version: 1.3.5-4
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for libvorbis, can you
double-check the report.

CVE-2017-11333[0]:
| The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis
| 1.3.5 allows remote attackers to cause a denial of service (OOM) via a
| crafted wav file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333
[1] http://seclists.org/fulldisclosure/2017/Jul/82

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#870344: New upstream release supporting Firefox 57+

[Damyan Ivanov]

Source: debianbuttons
Version: 1.11-3
Severity: wishlist

Control: block -1 by 866997

Hi,

As written previously¹, Firefox 57 will stop supporting add-ons that 
don't use the WebExtensions technology.

 ¹ https://support.mozilla.org/en-US/kb/firefox-add-technology-modernizing

debianbuttons is one such add-on. To overcome this, I have released 
version 2.0 which is rewritten using WebExtensions and works with 
Firefox 42+ (e.g. jessie/stretch are supported).

When firefox hits unstable (probably towards the end of this year) this 
bug will become grave.

The new release is available as before on  and 
.

If I can help with the transition from upstream side, I'll gladly do so.


-- dam

Bug#870339: animal-sniffer FTBFS: recipe for target 'clean' failed

[Adrian Bunk]

Control: reassign -1 debhelper 10.7.1
Control: affects -1 src:animal-sniffer

On Tue, Aug 01, 2017 at 11:01:47AM +0200, Emmanuel Bourg wrote:
> Thank you for the report Adrian. I admit I don't understand why the
> clean target fails on the builder. The package just uses the default
> dh_auto_clean from maven-debian-helper with no other customization (no
> override, no debian/clean), and it works well for many other packages.

Lots of Java packages started to FTBFS the same way last night in the 
reproducible builds.

I just tried downgrading debhelper to 10.7 and that fixed it,
so this is actually a 10.7 -> 10.7.1 regression in debhelper.

Reassigning.

> Emmanuel Bourg

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#870280: xelatex: Undefined control sequence \l__xeCJK_listings_letter_bool

[Alexis Bienvenüe]

Hi.

On Mon, 31 Jul 2017 23:49:38 +0900 Norbert Preining
 wrote:
> Using this package has been an endless source of problems. Please
> provide a minimal non-working example *NOT* using docbook (dblatex)

The same problem arises with the following source file:

\documentclass{article}
\usepackage{listings}
\usepackage{xeCJK}
\setCJKmainfont{IPAexMincho}
\setCJKsansfont{IPAexGothic}
\setCJKmonofont{IPAexGothic}
\begin{document}
\lstinline!x!
\end{document}

Note that this file is compiling properly (xelatex) with debian version
2017.20170629-1.
Also, this file is compiling properly with debian version
2017.20170724-1 *and* the following files from version 2017.20170629-1
in the current directory:
expl3-code.tex
expl3.sty
l3keys2e.sty
l3xdvipdfmx.def
xparse.sty
xtemplate.sty

Regards,
Alexis Bienvenüe.

Bug#869994: perl5.26 update: postgresql databases cannot be viewed using browser

[Neil Redgate]

On Fri, 28 Jul 2017 10:37:38 -0400 gregor herrmann 
wrote:
> On Fri, 28 Jul 2017 14:45:11 +0100, Neil Redgate wrote:
> 
> Thanks for your detailed bug report!
> 
> > I can no longer access my postgressql database using any web
browser for the
> > sql-ledger 3.2.4 package.
> 
> > [Fri Jul 28 13:45:40.995556 2017] [cgi:error] [pid 6345] [client
::1:40496] End
> > of script output before headers: admin.pl
> > [Fri Jul 28 13:46:12.133989 2017] [cgi:error] [pid 6231] [client
::1:40500]
> > AH01215: Can't locate bin/mozilla/login.pl in @INC (@INC contains:
/etc/perl
> > /usr/local/lib/x86_64-linux-gnu/perl/5.26.0
/usr/local/share/perl/5.26.0
> > /usr/lib/x86_64-linux-gnu/perl5/5.26 /usr/share/perl5
/usr/lib/x86_64-linux-
> > gnu/perl/5.26 /usr/share/perl/5.26 /usr/local/lib/site_perl
> > /usr/lib/x86_64-linux-gnu/perl-base) at /usr/local/sql-
ledger/login.pl line
> > 119.: /usr/local/sql-ledger/login.pl
> > [Fri Jul 28 13:46:12.134085 2017] [cgi:error] [pid 6231] [client
::1:40500] End
> > of script output before headers: login.pl
> 
> I'm afraid there's not much we can do here.
/etc/perl/sitecustomize.pl
> was a temporary workaround which is gone for good now.
> 
> It seems that you are using sql-ledger 3.2.4 which is not packaged in
> Debian and installed in /usr/local/sql-ledger, and that this version
> is not updated to work with Perl 5.26. (I had a brief look at 3.2.5
> and it looks like it still does the same "do $file").
> 
> https://metacpan.org/pod/release/XSAWYERX/perl-5.26.0/pod/perldelta.p
od#Removal-of-the-current-directory-%28%22.%22%29-from-@INC
> has background information and a couple of suggestions to remedy the
> situation which you can try yourself and/or suggest to the sql-ledger
> upstream authors.
> 
> (Not closing the bug report yet in case the perl maintainers have
> something to add.)
> 
> 
> Cheers,
> gregor
> 
> -- 
>  .''`.  https://info.comodo.priv.at/ - Debian Developer
https://www.debian.org
>  : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801
8649 AA06
>  `. `'  Member of VIBE!AT & SPI, fellow of the Free Software
Foundation Europe
>`-   

Hi Gregor,

While investigating this problem, I came across bug #865020 (message
#1524985) concerning postgresql9.6, perl5.26 and postgresql-plperl?
It looks like an upgrade is forthcoming sometime this month

yours
Neil


-- 

  
  


Neil Redgate

Bug#870345: globus-gram-job-manager FTBFS: test failures

[Adrian Bunk]

Source: globus-gram-job-manager
Version: 14.36-2
Severity: serious

Some recent change in unstable makes globus-gram-job-manager FTBFS:

https://tests.reproducible-builds.org/debian/history/globus-gram-job-manager.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/globus-gram-job-manager.html

...
===
   globus_gram_job_manager 14.36: test/client/test-suite.log
===

# TOTAL: 21
# PASS:  10
# SKIP:  0
# XFAIL: 0
# FAIL:  11
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: cancel-test
=

#   Starting personal gatekeeper
1..1
not ok - cancel-test
FAIL cancel-test (exit status: 25)

FAIL: refresh-credentials-test
==

#   Starting personal gatekeeper
1..1
not ok
FAIL refresh-credentials-test (exit status: 25)

FAIL: register-cancel-test
==

#   Starting personal gatekeeper
1..1
not ok 1 register-cancel-test
FAIL register-cancel-test (exit status: 25)

FAIL: register-refresh-credentials-test
===

#   Starting personal gatekeeper
1..1
not ok 1 register-refresh-credentials-test
FAIL register-refresh-credentials-test (exit status: 25)

FAIL: status-test
=

#   Starting personal gatekeeper
Made 5 calls to status in 0.163985 seconds
1..1
not ok 1 status-test
FAIL status-test (exit status: 25)

FAIL: two-phase-commit-test.pl
==

#   Starting personal gatekeeper
1..4
ok 1 - ./two-phase-commit-test "localhost:43287:/CN=test" no-commit 1
not ok 2 - ./two-phase-commit-test "localhost:43287:/CN=test" no-commit-end 10
#   Failed test './two-phase-commit-test "localhost:43287:/CN=test" 
no-commit-end 10'
#   at ./two-phase-commit-test.pl line 101.
ok 3 - ./two-phase-commit-test "localhost:43287:/CN=test" commit 10
ok 4 - ./two-phase-commit-test "localhost:43287:/CN=test" late-commit-end 10
# Looks like you failed 1 test of 4.
FAIL two-phase-commit-test.pl (exit status: 1)

FAIL: local-stdio-size-test
===

#   Starting personal gatekeeper
job contact: https://localhost:41371/16650366878192254056/1438345404066772617/
job manager returned 0 (Success) when I expected it to tell me the size was 
wrong1..1
not ok # local-stdio-size-test 
FAIL local-stdio-size-test (exit status: 255)

FAIL: restart-to-new-url-test
=

#   Starting personal gatekeeper
test_restart_to_new_url:384: Expected rc = 130, got 25 (the job manager 
detected an invalid script status)
1..1
not ok # test_restart_to_new_url
FAIL restart-to-new-url-test (exit status: 1)

FAIL: set-credentials-test
==

#   Starting personal gatekeeper
1..1
not ok 1 set-credentials-test
FAIL set-credentials-test (exit status: 25)

FAIL: stdio-size-test
=

#   Starting personal gatekeeper
job manager returned 161 (the job manager is still streaming output) when I 
expected it to still be streaming output
1..1
not ok 1 stdio-size-test
FAIL stdio-size-test (exit status: 161)

FAIL: stdio-update-test
===

#   Starting personal gatekeeper
test_stdio_update:393: Expected rc = 0, got 156 (the job contact string does 
not match any which the job manager is handling)
1..1
not ok  test_stdio_update
FAIL stdio-update-test (exit status: 1)


Testsuite summary for globus_gram_job_manager 14.36

# TOTAL: 21
# PASS:  10
# SKIP:  0
# XFAIL: 0
# FAIL:  11
# XPASS: 0
# ERROR: 0

See test/client/test-suite.log
Please report to https://github.com/globus/globus-toolkit/issues

Makefile:975: recipe for target 'test-suite.log' failed
make[5]: *** [test-suite.log] Error 1
make[5]: Leaving directory 
'/build/1st/globus-gram-job-manager-14.36/test/client'
Makefile:1081: recipe for target 'check-TESTS' failed
make[4]: *** [check-TESTS] Error 2
make[4]: Leaving directory 
'/build/1st/globus-gram-job-manager-14.36/test/client'
Makefile:1294: recipe for target 'check-am' failed
make[3]: *** [check-am] Error 2
make[3]: Leaving directory 
'/build/1st/globus-gram-job-manager-14.36/test/client'
Makefile:411: recipe for target 'check-recursive' failed
make[2]: *** [check-recursive] Error 1
make[2]: Leaving directory '/build/1st/globus-gram-job-manager-14.36/test'
Makefile:1006: recipe for target 'check-recursive' failed
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory '/build/1st/globus-gram-job-manager-14.36'
debian/rules:48: recipe for target 'build-stamp' failed
make: *** [build-stamp] Error 2

Bug#870280: xelatex: Undefined control sequence \l__xeCJK_listings_letter_bool

[Alexis Bienvenüe]

Hi.

Digging a little more, I found that \l__xeCJK_listings_letter_bool is
never defined.
Adding the following line in
/usr/share/texlive/texmf-dist/tex/xelatex/xecjk/xeCJK-listings.sty (eg.
line 160) corrects the bug:

\bool_new:N \l__xeCJK_listings_letter_bool

I also tried the following source file:

\documentclass{article}
\usepackage{expl3}
\begin{document}
\ExplSyntaxOn
\bool_if:NTF \l__TEST { TRUE } { FALSE }
\ExplSyntaxOff
\end{document}

It compiles OK with LaTeX3 from 2017.20170629-1 (showing "FALSE"), but
reports an error (I think this is the proper result) with 2017.20170724-1.

Regards,
Alexis Bienvenüe.

Bug#870346: glib2.0 FTCBFS: .../.libs/gobject-scan: cannot execute binary file

[Helmut Grohne]

Source: glib2.0
Version: 2.53.4-2
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

The most recent glib2.0 unstable upload (compared to the previous
unstable upload) introduced a FTCBFS. Now building ends with:

| gtkdoc-scan --module=gobject --ignore-headers="tests gatomicarray.h 
gobject_trace.h gtype-private.h" ${_source_dir} 
--deprecated-guards="G_DISABLE_DEPRECATED" 
--ignore-decorators="G_GNUC_INTERNAL|G_GNUC_WARN_UNUSED_RESULT" 
| Unescaped left brace in regex is deprecated here (and will be fatal in Perl 
5.30), passed through in regex; marked by <-- HERE in m/(.*?){ <-- HERE / at 
/usr/bin/gtkdoc-scan line 735.
| if grep -l '^..*$' gobject.types > /dev/null 2>&1 ; then \
|   scanobj_options=""; \
|   gtkdoc-scangobj 2>&1 --help | grep  >/dev/null "\-\-verbose"; \
|   if test "$?" = "0"; then \
| if test "x" = "x1"; then \
|   scanobj_options="--verbose"; \
| fi; \
|   fi; \
|   CC="/bin/bash ../../../libtool --tag=CC --mode=compile 
aarch64-linux-gnu-gcc   -I../../../../../../docs/reference/gobject -I../../.. 
-I../../../glib -I../../../../../../glib -I../../../../../.. 
-DG_DISABLE_CAST_CHECKS -Wdate-time -D_FORTIFY_SOURCE=2 -pthread  -g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security" LD="/bin/bash ../../../libtool --tag=CC --mode=link 
aarch64-linux-gnu-gcc   -g -O2 -fdebug-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security  -Wl,-z,relro 
-Wl,-z,now -Wl,-z,defs -Wl,--no-as-needed -Wl,-O1" RUN="/bin/bash 
../../../libtool --mode=execute" CFLAGS=" -g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security" LDFLAGS="../../../glib/libglib-2.0.la 
../../../gobject/libgobject-2.0.la -Wl,-z,relro -Wl,-z,now -Wl,-z,defs 
-Wl,--no-as-needed -Wl,-O1" \
|   gtkdoc-scangobj  $scanobj_options --module=gobject; \
| else \
|   for i in gobject.args gobject.hierarchy gobject.interfaces 
gobject.prerequisites gobject.signals ; do \
| test -f $i || touch $i ; \
|   done \
| fi
| /<>/debian/build/deb/docs/reference/gobject/gobject-scan: line 
117: 
/<>/debian/build/deb/docs/reference/gobject/.libs/gobject-scan: 
cannot execute binary file: Exec format error
| /<>/debian/build/deb/docs/reference/gobject/gobject-scan: line 
117: 
/<>/debian/build/deb/docs/reference/gobject/.libs/gobject-scan: 
Success
| Scan failed: 
| Makefile:856: recipe for target 'scan-build.stamp' failed
| make[6]: *** [scan-build.stamp] Error 126
| make[6]: Leaving directory 
'/<>/debian/build/deb/docs/reference/gobject'
| Makefile:488: recipe for target 'all-recursive' failed
| make[5]: *** [all-recursive] Error 1
| make[5]: Leaving directory '/<>/debian/build/deb/docs/reference'
| Makefile:488: recipe for target 'all-recursive' failed
| make[4]: *** [all-recursive] Error 1
| make[4]: Leaving directory '/<>/debian/build/deb/docs'
| Makefile:1239: recipe for target 'all-recursive' failed
| make[3]: *** [all-recursive] Error 1
| make[3]: Leaving directory '/<>/debian/build/deb'
| Makefile:860: recipe for target 'all' failed
| make[2]: *** [all] Error 2
| make[2]: Leaving directory '/<>/debian/build/deb'
| dh_auto_build: make -j8 returned exit code 2
| debian/rules:129: recipe for target 'override_dh_auto_build' failed
| make[1]: *** [override_dh_auto_build] Error 2
| make[1]: Leaving directory '/<>'
| debian/rules:25: recipe for target 'build-arch' failed
| make: *** [build-arch] Error 2
| dpkg-buildpackage: error: debian/rules build-arch gave error exit status 2

It seems that previous cross builds skipped documentation. That's still
vaguely visible in the packaging (which was converted from cdbs to dh)
where --disable-gtk-doc is appended to DEB_CONFIGURE_EXTRA_FLAGS for
cross building. Unfortunately, that flag is reverted by a
--enable-gtk-doc in DEB_CONFIGURE_FLAGS_deb. I conclude that there is a
packaging bug: Either the order of flags is wrong or the
--disable-gtk-doc is useless and should be removed.

Reordering makes cross building succeed. Thus I am attaching the
reordering as a patch.

I do question whether having --disable-gtk-doc conditional to cross
building is a good idea. If I understand the packaging correctly, the
documentation is only needed for the libglib2.0-doc package, which
happens to be Arch:all. Is there a good reason for not passing
--disable-gtk-doc in arch-only native builds?

Helmut
diff --minimal -Nru glib2.0-2.53.4/debian/changelog 
glib2.0-2.53.4/debian/changelog
--- glib2.0-2.53.4/debian/changelog 2017-07-30 12:54:22.0 +0200
+++ glib2.0-2.53.4/debian/changelog 2017-08-01 11:07:37.0 +0200
@@ -1,3 +1,10 @@
+glib2.0 (2.53.4-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Fix order of configure flags (Closes: #-1)
+
+ -- Helmut Grohne   Tue, 01 Aug 2017 11:07:37 +0200
+
 glib2.0 (2.53.4-2) unstable; urgency=medium
 
   * Upload to unstable
diff --minimal -Nru glib2.0-2.53.4/debian/rules glib2.0-2.53.4/debian/rules
--- glib2.0-2.53.4/debi

Bug#863089: [Piuparts-devel] Bug#863089: Bug#863089: Please provide post-processed logs output for manpages.d.o

[Michael Stapelberg]

Sure: https://github.com/stapelberg/piuparts/commits/distill

As previously, this is untested, so just let me know if any changes are
required, or — probably faster — just perform the changes yourself if you
want :).

Thanks!

On Thu, Jul 20, 2017 at 11:25 PM, Holger Levsen 
wrote:

> Hi Michael,
>
> sorry for the delay here…
>
> On Thu, Jun 01, 2017 at 09:30:50PM +0200, Michael Stapelberg wrote:
> > Alright, then. Find attached a patch against the piuparts git to add
> > debiman-piuparts-distill. You can build it by running “go build” in the
> > debiman-piuparts-distill subdirectory.
>
> cool!
>
> can you please also a.) patch the Makefile, update-piuparts-master-setup
> and
> debian/piuparts-master.install in a meaningful way and b.) push this to
> your
> piuparts.git repo?
>
> Thanks already!
>
>
> --
> cheers,
> Holger
>



-- 
Best regards,
Michael

Bug#870135: radeontop: does not report vram usage with amdgpu driver

[John Paul Adrian Glaubitz]

On Tue, Aug 01, 2017 at 11:04:27AM +0200, Ole Harth wrote:
> I tried building the package myself (overriding dh_auto_build with
> "dh_auto_build -- amdgpu=1") and noticed that the binary is build twice,
> first during the dh_auto_build step and then again during the
> dh_auto_install step.

Yeah, I just noticed that while looking at the build log.

> Executing the build step only produced the correct binary with amdgpu
> support enabled, but it was overwritten immediately when executing the whole
> dh sequence.

Yeah, not surprising when the target is built twice. I will look into
the problem now. Thanks for testing the package.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#859457: Pending fixes for bugs in the antlr4 package

[pkg-java-maintainers]

tag 859457 + pending
thanks

Some bugs in the antlr4 package are closed in revision
37576f5c5ddc81830c90eff9a203e80ba5ee36ed in branch 'master' by
Emmanuel Bourg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/antlr4.git/commit/?id=37576f5

Commit message:

Fixed the classpath for grun (Closes: #859457)

Bug#870347: fortunes-eo: offensive fortune in non-offensive collection

[tristan alexander mc leay]

Package: fortunes-eo
Version: 20020729b-1
Severity: normal

Dear Maintainer (An esperanto translation follows; Esperanta traduko sekvas),

In the esperanto fortunes, there is a fortune thus:

Virino scias -- tuta mondo scias

meaning "A woman knows — The whole world knows".

It indicates that woman are uniquely well-described as being gossips. This is
simply not the case and the sexism is greatly offensive. Whatever truth it has
in one particular time and place, it does not hold general truth.

It should be removed or at least relegated to a collection of potentially
offensive fortunes.

 Esperanto:

En la esperantaj fortunoj, estas fortuno tiel:

Virino scias -- tuta mondo scias

Ĝi signifas, ke virinoj estas ununure bone-priskribitaj kiel klaĉuloj. Tio
ĉi estas fakte ne vera kaj la seksismo estas ege ofendiga. Kion ajn
eventualajn veron ĝi havus je unu specifa tempo kaj unu specifa loko, ĝi ne
posedas necesan veron.

Ĝin oni forprenu aŭ minimume ĝin kaŝu en aro da ofendaj fortunoj.



-- System Information:
Debian Release: buster/sid
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'oldoldstable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=eo.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_AU.UTF-8), LANGUAGE=eo.UTF-8:eo.UTF-8:eo:en_AU.UTF-8:en.UTF-8:en 
(charmap=UTF-8) (ignored: LC_ALL set to en_AU.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fortunes-eo depends on:
ii  fortune-mod  1:1.99.1-7+b1

fortunes-eo recommends no packages.

fortunes-eo suggests no packages.

-- no debconf information

Bug#870348: mirror submission for mirror.novg.net

[Igor Novgorodov]

Package: mirrors
Severity: wishlist
User: mirr...@packages.debian.org
Usertags: mirror-submission

Submission-Type: new
Site: mirror.novg.net
Type: leaf
Archive-architecture: amd64
Archive-http: /debian/
Archive-rsync: debian/
Archive-upstream: ftp.nl.debian.org
Updates: four
Maintainer: Igor Novgorodov 
Country: NL Netherlands
Location: Amsterdam




Trace Url: http://mirror.novg.net/debian/project/trace/
Trace Url: http://mirror.novg.net/debian/project/trace/ftp-master.debian.org
Trace Url: http://mirror.novg.net/debian/project/trace/mirror.novg.net

Bug#561185: xkb-data: support custom layouts

[Ernest Adrogué]

Package: xkb-data
Version: 2.19-1
Followup-For: Bug #561185

Hello!

Here's a simple solution:

1. Patch base, evdec and xfree98 in /usr/share/X11/xkb/rules/ to include
the following lines:

! modellayout  =  symbols
  **   =  +overrides

2. Create a symbolic link to /etc/X11/xkb/symbols/overrides at
/usr/share/X11/xkb/symbols/overrides.

Now the system administrator can remap keys in
/etc/X11/xkb/symbols/overrides without fear that the file will be
overwritten.  For example

cat < /etc/X11/xkb/symbols/overrides
partial
xkb_symbols "basic"
{
  override key   { [  q,Q,  parenleft ] };
  override key   { [  w,W, parenright ] };
};
EOF

This method has a big advantage which is that changes take effect both
in X and in the Linux console, therefore users don't end up with
inconsistent key maps in these environments.

Cheers.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=ca_ES.utf8, LC_CTYPE=ca_ES.utf8 (charmap=UTF-8), 
LANGUAGE=ca_ES.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- no debconf information

Bug#869241: python-libnacl FTBFS: Illegal instruction

[Colin Watson]

On Fri, Jul 21, 2017 at 11:55:28PM +0300, Adrian Bunk wrote:
> Source: python-libnacl
> Version: 1.5.2-1
> Severity: serious
> 
> https://buildd.debian.org/status/fetch.php?pkg=python-libnacl&arch=all&ver=1.5.2-1&stamp=1500664052&raw=0
> 
> ...
>dh_auto_test -i -O--buildsystem=pybuild
> I: pybuild base:184: cd /<>/.pybuild/pythonX.Y_2.7/build; 
> python2.7 -m nose tests
> Illegal instruction
> E: pybuild pybuild:283: test: plugin distutils failed with: exit code=132: cd 
> /<>/.pybuild/pythonX.Y_2.7/build; python2.7 -m nose tests
> dh_auto_test: pybuild --test -i python{version} -p 2.7 returned exit code 13
> debian/rules:7: recipe for target 'build-indep' failed
> make: *** [build-indep] Error 25

I think this can only be a bug in libsodium rather than in
python-libnacl as such; presumably somewhere in crypto_aead_aes256gcm_*
or crypto_aead_chacha20poly1305_ietf_* which are newly used in
python-libnacl 1.5.2.  But I can't reproduce it locally, and the Ubuntu
builders seemed happy with it too, so perhaps it has something to do
with the CPU or the kernel version, or perhaps it was fixed in libsodium
1.0.13 (the failure was with 1.0.12).

Before embarking on any more time-consuming investigation, could the
build be given back to see if libsodium 1.0.13 helps?

  gb python-libnacl_1.5.2-1 . all

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]

Bug#870150: sks FTBFS with OCaml 4.05.0: missing ?cloexec argument to UnixLabels.socket

[Stéphane Glondu]

On 31/07/2017 21:03, Daniel Kahn Gillmor wrote:
> But the fact that we need it is pretty disappointing, and it's not the
> first time that a backwards-incompatible API change was introduced in
> what looks like a minor release of OCaml.  (see also the bytes changes
> introduced in 4.02 or 4.03 for example).

This is not a minor release! Actually, the current version in unstable
is 4.02.3, so 4.05.0 is 3 major releases ahead!

> What does OCaml upstream think that packages that are actually supposed
> to ship against multiple architectures and versions of the ocaml
> compiler should do in these cases?  if we include this patch in debian,
> we will have to drop it in backports, etc.  This kind of bookkeeping is
> annoying and error-prone.  If it happened at major version transitions
> for OCaml, i'd be more inclined to put up with it, but when it's on
> seemingly minor updates, it makes me grumpy :/

People use conditional compilation in this case.

Actually, here is another patch (without resorting to conditional
compilation), less elegant but compatible with unstable.


Cheers,

-- 
Stéphane
Description: Fix FTBFS with OCaml 4.05.0
Author: Stephane Glondu 
Bug-Debian: https://bugs.debian.org/870150
Last-Update: 2017-08-01

--- sks-1.1.6.orig/eventloop.ml
+++ sks-1.1.6/eventloop.ml
@@ -26,6 +26,7 @@ open MoreLabels
 open Printf
 open Common
 open Packet
+let unix_socket = Unix.socket
 module Unix = UnixLabels
 open Unix
 
@@ -129,7 +130,7 @@ let create_sock addr =
 let domain =
   Unix.domain_of_sockaddr addr in
 let sock =
-  socket ~domain ~kind:SOCK_STREAM ~protocol:0 in
+  unix_socket domain SOCK_STREAM 0 in
 setsockopt sock SO_REUSEADDR true;
 if domain = PF_INET6 then
   setsockopt sock IPV6_ONLY true;
--- sks-1.1.6.orig/reconComm.ml
+++ sks-1.1.6/reconComm.ml
@@ -26,6 +26,7 @@ open Printf
 open Common
 open Packet
 
+let unix_socket = Unix.socket
 module Unix = UnixLabels
 module Map = PMap.Map
 
@@ -37,10 +38,10 @@ open DbMessages
 
 (** send DbMessages message and wait for response *)
 let send_dbmsg msg =
-  let s = Unix.socket
-~domain:(Unix.domain_of_sockaddr db_command_addr)
-~kind:Unix.SOCK_STREAM
-~protocol:0 in
+  let s = unix_socket
+(Unix.domain_of_sockaddr db_command_addr)
+Unix.SOCK_STREAM
+0 in
   protect ~f:(fun () ->
 Unix.connect s ~addr:db_command_addr;
 let cin = Channel.sys_in_from_fd s in
@@ -54,10 +55,10 @@ let send_dbmsg msg =
 
 (** send DbMessages message, don't wait for response *)
 let send_dbmsg_noreply msg =
-  let s = Unix.socket
-~domain:(Unix.domain_of_sockaddr db_command_addr)
-~kind:Unix.SOCK_STREAM
-~protocol:0 in
+  let s = unix_socket
+(Unix.domain_of_sockaddr db_command_addr)
+Unix.SOCK_STREAM
+0 in
   protect ~f:(fun () ->
 Unix.connect s ~addr:db_command_addr;
 let cout = Channel.sys_out_from_fd s in
@@ -75,10 +76,10 @@ let is_content_type line =
 let http_status_ok_regexp = Str.regexp "^HTTP/[0-9]+\\.[0-9]+ 2"
 
 let get_keystrings_via_http addr hashes =
-  let s = Unix.socket
-~domain:(Unix.domain_of_sockaddr addr)
-~kind:Unix.SOCK_STREAM
-~protocol:0  in
+  let s = unix_socket
+(Unix.domain_of_sockaddr addr)
+Unix.SOCK_STREAM
+0  in
   protect ~f:(fun () ->
 Unix.bind s ~addr:(match_client_recon_addr addr);
 Unix.connect s ~addr;
--- sks-1.1.6.orig/sks_do.ml
+++ sks-1.1.6/sks_do.ml
@@ -27,6 +27,7 @@ open Printf
 open Common
 open Packet
 open DbMessages
+let unix_socket = Unix.socket
 module Unix = UnixLabels
 module PTree = PrefixTree
 module Map = PMap.Map
@@ -37,10 +38,10 @@ let fail reason =
   exit (-1)
 
 let send_dbmsg msg =
-  let s = Unix.socket
-~domain:(Unix.domain_of_sockaddr db_command_addr)
-~kind:Unix.SOCK_STREAM
-~protocol:0 in
+  let s = unix_socket
+(Unix.domain_of_sockaddr db_command_addr)
+Unix.SOCK_STREAM
+0 in
   protect ~f:(fun () ->
 Unix.connect s ~addr:db_command_addr;
 let cin = Channel.sys_in_from_fd s in
--- sks-1.1.6.orig/tester.ml
+++ sks-1.1.6/tester.ml
@@ -26,6 +26,7 @@ open Printf
 open Common
 open Packet
 open DbMessages
+let unix_socket = Unix.socket
 module Unix = UnixLabels
 
 let settings = {
@@ -46,10 +47,10 @@ module Keydb = Keydb.Safe
 
 
 let send_msg addr msg =
-  let s = Unix.socket
-~domain:(Unix.domain_of_sockaddr addr)
-~kind:Unix.SOCK_STREAM
-~protocol:0 in
+  let s = unix_socket
+(Unix.domain_of_sockaddr addr)
+Unix.SOCK_STREAM
+0 in
   protect ~f:( fun () ->
  Unix.connect s ~addr:addr;
  let cin = Channel.sys_in_from_fd s
@@ -62,10 +63,10 @@ let send_msg addr msg =

Bug#869241: python-libnacl FTBFS: Illegal instruction

[James Cowgill]

Hi,

On 01/08/17 10:59, Colin Watson wrote:
> On Fri, Jul 21, 2017 at 11:55:28PM +0300, Adrian Bunk wrote:
>> Source: python-libnacl
>> Version: 1.5.2-1
>> Severity: serious
>>
>> https://buildd.debian.org/status/fetch.php?pkg=python-libnacl&arch=all&ver=1.5.2-1&stamp=1500664052&raw=0
>>
>> ...
>>dh_auto_test -i -O--buildsystem=pybuild
>> I: pybuild base:184: cd /<>/.pybuild/pythonX.Y_2.7/build; 
>> python2.7 -m nose tests
>> Illegal instruction
>> E: pybuild pybuild:283: test: plugin distutils failed with: exit code=132: 
>> cd /<>/.pybuild/pythonX.Y_2.7/build; python2.7 -m nose tests
>> dh_auto_test: pybuild --test -i python{version} -p 2.7 returned exit code 13
>> debian/rules:7: recipe for target 'build-indep' failed
>> make: *** [build-indep] Error 25
> 
> I think this can only be a bug in libsodium rather than in
> python-libnacl as such; presumably somewhere in crypto_aead_aes256gcm_*
> or crypto_aead_chacha20poly1305_ietf_* which are newly used in
> python-libnacl 1.5.2.  But I can't reproduce it locally, and the Ubuntu
> builders seemed happy with it too, so perhaps it has something to do
> with the CPU or the kernel version, or perhaps it was fixed in libsodium
> 1.0.13 (the failure was with 1.0.12).
> 
> Before embarking on any more time-consuming investigation, could the
> build be given back to see if libsodium 1.0.13 helps?

It fails on barriere.debian.org with libsodium 1.0.13. Looking at
/proc/cpuinfo, barriere does not have the x86 AES instructions.

> (gdb) bt
> #0  0x74a46c3f in crypto_aead_aes256gcm_beforenm () from 
> /usr/lib/x86_64-linux-gnu/libsodium.so
> #1  0x74a49cd1 in crypto_aead_aes256gcm_encrypt () from 
> /usr/lib/x86_64-linux-gnu/libsodium.so
> #2  0x74c72038 in ffi_call_unix64 () from 
> /usr/lib/x86_64-linux-gnu/libffi.so.6
> #3  0x74c71a9a in ffi_call () from 
> /usr/lib/x86_64-linux-gnu/libffi.so.6
> #4  0x74e85e84 in _ctypes_callproc () from 
> /usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so
> #5  0x74e85845 in ?? () from 
> /usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so
> #6  0x55640163 in PyObject_Call ()
> #7  0x55659622 in PyEval_EvalFrameEx ()
[...]

> (gdb) disassemble
> Dump of assembler code for function crypto_aead_aes256gcm_beforenm:
>0x74a46c20 <+0>: movdqu (%rsi),%xmm1
>0x74a46c24 <+4>: xor%eax,%eax
>0x74a46c26 <+6>: pxor   %xmm0,%xmm0
>0x74a46c2a <+10>:movaps %xmm1,0x10(%rdi)
>0x74a46c2e <+14>:movdqa %xmm1,%xmm3
>0x74a46c32 <+18>:shufps $0x10,%xmm1,%xmm0
>0x74a46c36 <+22>:movdqu 0x10(%rsi),%xmm2
>0x74a46c3b <+27>:pxor   %xmm0,%xmm3
> => 0x74a46c3f <+31>:aeskeygenassist $0x1,%xmm2,%xmm12
>0x74a46c46 <+38>:movdqa %xmm2,%xmm14
>0x74a46c4b <+43>:movaps %xmm2,0x20(%rdi)
>0x74a46c4f <+47>:shufps $0x8c,%xmm3,%xmm0
>0x74a46c53 <+51>:pshufd $0xff,%xmm12,%xmm12
>0x74a46c59 <+57>:pxor   %xmm0,%xmm12
>0x74a46c5e <+62>:shufps $0x10,%xmm2,%xmm0

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#870126: ecryptfs-utils: The problem is the link from the session ring

[Itaï BEN YAACOV]

Package: ecryptfs-utils
Followup-For: Bug #870126


Hello,

1. The problem is the user keyring not being linked
to the session keyring.   keyctl link @u @s   is a much easier workaround.

2. For me this happens only in gnome sessions (not console or ssh)
Is this the same for you?

(see also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870335 )

Cheers,
Itaï.



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ecryptfs-utils depends on:
ii  gettext-base0.19.8.1-2+b1
ii  keyutils1.5.9-9
ii  libassuan0  2.4.3-2
ii  libc6   2.24-12
ii  libecryptfs1111-4
ii  libgpg-error0   1.27-3
ii  libgpgme11  1.8.0-3+b3
ii  libkeyutils11.5.9-9
ii  libpam-runtime  1.1.8-3.6
ii  libpam0g1.1.8-3.6
ii  libtspi10.3.14+fixed1-1

ecryptfs-utils recommends no packages.

Versions of packages ecryptfs-utils suggests:
pn  cryptsetup  

-- debconf-show failed

Bug#870349: ITP: node-opencv -- OpenCV Bindings for node.js

[Ying-Chun Liu (PaulLiu)]

Package: wnpp
Severity: wishlist
Owner: Ying-Chun Liu (PaulLiu) 
Control: block -1 by 761441 869925

* Package name: node-opencv
  Version : 6.0.0
  Upstream Author : Peter Braden 
* URL : https://github.com/peterbraden/node-opencv
* License : Expat
  Programming Lang: JavaScript
  Description : OpenCV Bindings for node.js
 OpenCV is the defacto computer vision library - by interfacing with it
 natively in node, we get powerful real time vision in js.
 .
 People are using node-opencv to fly control quadrocoptors, detect faces
 from webcam images and annotate video streams.
 .
 Node.js is an event-based server-side JavaScript engine.

-- 
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) 



signature.asc
Description: OpenPGP digital signature

Bug#865592: Aw, snap! when displaying an xml page

[Philippe Cochy]

Hello.
The Chrome developer thinks this is a bug specific to my installation.
Can anyone tell if this is the case or if it is a generalized bug to
Debian Strech? In the latter case it would be relevant to intervene on
this issue:
https://bugs.chromium.org/p/chromium/issues/detail?id=736026

Regards,
Philippe

signature.asc
Description: This is a digitally signed message part

Bug#870350: systemd: "systemctl disable --now" doesn't stop either cron or fetchmail

[Faheem Mitha]

Package: systemd
Version: 232-25+deb9u1
Severity: normal

Dear Maintainer,

According to the documentation,

systemctl disable service --now

stops the service. For example, `man systemctl` says:

  --now
  When used with enable, the units will also be started. When used
  with disable or mask, the units will also be stopped. The start
  or stop operation is only carried out when the respective enable
  or disable operation has been successful.

But here it doesn't, at least for cron and fetchmail.

See output below.

This is similar to https://bugs.debian.org/804438 and may be related
or a dupe.

Regards, Faheem Mitha

root@orwell:/home/faheem# systemctl disable cron --now
Synchronizing state of cron.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable cron
insserv: warning: current start runlevel(s) (empty) of script `cron' overrides 
LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (2 3 4 5) of script `cron' overrides 
LSB defaults (empty).

root@orwell:/home/faheem# systemctl status cron
● cron.service - Regular background program processing daemon
   Loaded: loaded (/lib/systemd/system/cron.service; disabled; vendor preset: 
enabled)
   Active: active (running) since Mon 2017-07-31 12:25:36 IST; 1 day 3h ago
 Docs: man:cron(8)
 Main PID: 10356 (cron)
  CPU: 3ms
   CGroup: /system.slice/cron.service
   ├─10356 /usr/sbin/cron -f
   ├─23104 /usr/sbin/CRON -f
   ├─23105 /usr/sbin/CRON -f
[...]

###
root@orwell:/home/faheem# systemctl disable fetchmail --now
fetchmail.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable fetchmail
insserv: warning: current stop runlevel(s) (empty) of script `fetchmail' 
overrides LSB defaults (0 1 6).
insserv: warning: current start runlevel(s) (empty) of script `fetchmail' 
overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (2 3 4 5) of script `fetchmail' 
overrides LSB defaults (0 1 6).

root@orwell:/home/faheem# systemctl status fetchmail
● fetchmail.service - LSB: init-Script for system wide fetchmail daemon
   Loaded: loaded (/etc/init.d/fetchmail; generated; vendor preset: enabled)
   Active: active (running) since Mon 2017-07-31 12:23:20 IST; 1 day 3h ago
 Docs: man:systemd-sysv-generator(8)
  CPU: 18ms
   CGroup: /system.slice/fetchmail.service
   └─9777 /usr/bin/fetchmail -f /etc/fetchmailrc --pidfile 
/var/run/fetchmail/fetchmail.pid -d 300 --syslog
[...]

-- Package-specific info:

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser 3.115
ii  libacl1 2.2.52-3+b1
ii  libapparmor12.11.0-3
ii  libaudit1   1:2.6.7-2
ii  libblkid1   2.29.2-1
ii  libc6   2.24-11+deb9u1
ii  libcap2 1:2.25-1
ii  libcryptsetup4  2:1.7.3-4
ii  libgcrypt20 1.7.6-2+deb9u1
ii  libgpg-error0   1.26-2
ii  libidn111.33-1
ii  libip4tc0   1.6.0+snapshot20161117-6
ii  libkmod223-2
ii  liblz4-10.0~r131-2+b1
ii  liblzma55.2.2-1.2+b1
ii  libmount1   2.29.2-1
ii  libpam0g1.1.8-3.6
ii  libseccomp2 2.3.1-2.1
ii  libselinux1 2.6-3+b1
ii  libsystemd0 232-25+deb9u1
ii  mount   2.29.2-1
ii  procps  2:3.3.12-3
ii  util-linux  2.29.2-1

Versions of packages systemd recommends:
ii  dbus1.10.18-1
ii  libpam-systemd  232-25+deb9u1

Versions of packages systemd suggests:
ii  policykit-10.105-18
pn  systemd-container  
pn  systemd-ui 

Versions of packages systemd is related to:
pn  dracut   
ii  initramfs-tools  0.130
ii  udev 232-25+deb9u1

-- debconf-show failed

Bug#870212: mate-panel FTBFS: org.mate.panel.toplevel.gschema.xml:24:1 Error on line 24 char 1: not (yet) defined.. --strict was specified; exiting.

[Mike Gabriel]

Control: reassign -1 src:glib2.0
Control: forwarded -1 https://bugzilla.gnome.org/show_bug.cgi?id=779332
Control: tags -1 fixed-upstream
Control: tags -1 patch
Control: severity -1 important
Control: affects -1 mate-panel


Hi Adrian,

On  Mo 31 Jul 2017 01:52:26 CEST, Adrian Bunk wrote:


Source: mate-panel
[...]
touch org.mate.panel.menubar.gschema.valid
org.mate.panel.toplevel.gschema.xml:24:1  Error on line 24 char 1:  
 not (yet) defined..   
--strict was specified; exiting.
Makefile:638: recipe for target  
'org.mate.panel.toplevel.gschema.valid' failed


This feels like

https://bugzilla.gnome.org/show_bug.cgi?id=779332

and seems to be a regression in Debian's glib2.0 package.

Thus, reassigning... I hope for the glib2.0 maintainers to provide a  
fix very soon, hopefully.


Thanks!
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgp3gVKQnNjoi.pgp
Description: Digitale PGP-Signatur

Bug#870318: mate-polkit: MATE polkit built against GTK 3 displays a corrupted icon.

[Mike Gabriel]

Hi Omar,

On  Di 01 Aug 2017 01:07:15 CEST, Omar Jair Purata Funes wrote:


Package: mate-polkit
Version: 1.16.0-2
Severity: minor

Dear Maintainer, when using the MATE-polkit package that is built  
against GTK 3

the elevated privileges icon seems a little off (It appears as a 1 1/2 icon),
the bug seems to be fixed in the 1.18 version but is it possible that the
stretch version will get a fix?



Could you please try to rebuild mate-polkit 1.16.0-2 from source and  
add this patch to debian/patches:


https://github.com/mate-desktop/mate-polkit/commit/24c247381e1e0fd62159bdcecf89929f2d846492

The patch filename also has to be appended to debian/patches/series.


Looking forward to feedback from you.

Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpw9Cb1p_6fz.pgp
Description: Digitale PGP-Signatur

Bug#870319: ben: Please make generated simple query match the set of exact package names

[Stéphane Glondu]

On 01/08/2017 01:44, Balint Reczey wrote:
> The queries generated for the auto-* transitions may match more
> packages than expected due to \b matching "-".
> [...]
> -  let rex = Re_pcre.regexp (Printf.sprintf "\b(%s)\b" r_string) in
> +  let rex = Re_pcre.regexp (Printf.sprintf "[ ](%s)[, $]" r_string) in

Actually, I'm surprised it matches anything at all. Indeed, "\b" in a
string in OCaml is an escape sequence for backspace. So the generated
regexp looks for a backspace character. The removed line should be:

  let rex = Re_pcre.regexp (Printf.sprintf "\\b(%s)\\b" r_string) in

But it is true that this would (if r_string is set to "toto") match
"toto" in "toto-foo". Am I understanding right that this is not desired?

-- 
Stéphane

Bug#870319: ben: Please make generated simple query match the set of exact package names

[Stéphane Glondu]

On 01/08/2017 02:00, Steve Langasek wrote:
> I believe the provided patch is inaccurate because it doesn't handle the
> case of a given package name appearing at the very beginning or the very end
> of the dependency list.
> 
> The syntax that I have used for transition trackers in Ubuntu that works
> reliably is:
> 
>   /(^| )(list|of|packages)\s*([,(:]|$)/

So you don't use the .depends ~ "foo|bar" syntax, right?

> Note that ^ and $ do not work as part of a character class in the regexp
> implementation used by ben, the last time I checked.
> 
> Breaking this down, we have:
> 
>  - either the beginning of the dependency list or a space
>  - the package name
>  - optional whitespace
>  - either the end of the dependency list, or one of the characters [,(:]
> 
> The three possible terminating characters are for: a bare dependency
> followed by another ("libevent-0.2-5, [...]"); a versioned dependency
> ("libevent-0.2-5 (>= [...])"; and a multiarch dependency
> ("libevent-0.2-5:any").

Isn't there also "<" (for build profiles)?


Cheers,

-- 
Stéphane

Bug#804438: Related bug report

[Faheem Mitha]

Related:

https://bugs.debian.org/870350

Bug#870337: Stretch: /lib/systemd/system/tor@default.service broken

[Clayton]

On Tue, 1 Aug 2017 08:35:46 +
Peter Palfrader  wrote:

> Control: tags -1 + unreproducible
> On Tue, 01 Aug 2017, clayton wrote:
> 
> > On stretch, tor does not start after installation.  
> 
> You will need to provide more information.  Show the output of
> journalctrl -f while restarting the service, and show me your torrc.

See attached for journalctrl -f and torrc. torrc should (deliberately)
still be in the default state.

Clayton

torrc
Description: Binary data
journalctrl -f with those lines commented out (working Tor):

Aug 01 06:54:50 qhsg systemd[1]: Stopping Anonymizing overlay network for TCP...
Aug 01 06:54:50 qhsg systemd[1]: Stopped Anonymizing overlay network for TCP 
(multi-instance-master).
Aug 01 06:54:50 qhsg systemd[1]: Stopping Anonymizing overlay network for TCP 
(multi-instance-master)...
Aug 01 06:54:50 qhsg systemd[1]: tor.service: Failed to set invocation ID on 
control group /system.slice/tor.service, ignoring: Operation not permitted
Aug 01 06:54:50 qhsg systemd[1]: Starting Anonymizing overlay network for TCP 
(multi-instance-master)...
Aug 01 06:54:50 qhsg systemd[1]: Stopped Anonymizing overlay network for TCP.
Aug 01 06:54:50 qhsg systemd[1]: tor@default.service: Failed to set invocation 
ID on control group /system.slice/system-tor.slice/tor@default.service, 
ignoring: Operation not permitted
Aug 01 06:54:50 qhsg systemd[1]: Starting Anonymizing overlay network for TCP...
Aug 01 06:54:51 qhsg systemd[1]: Started Anonymizing overlay network for TCP 
(multi-instance-master).
Aug 01 06:54:51 qhsg systemd[1]: tor.service: Failed to set invocation ID on 
control group /system.slice/tor.service, ignoring: Operation not permitted
Aug 01 06:54:51 qhsg tor[30428]: Aug 01 06:54:51.112 [notice] Tor 0.2.9.11 
(git-572f4570e1771890) running on Linux with Libevent 2.0.21-stable, OpenSSL 
1.1.0f and Zlib 1.2.8.
Aug 01 06:54:51 qhsg tor[30428]: Aug 01 06:54:51.113 [notice] Tor can't help 
you if you use it wrong! Learn howto be safe at 
https://www.torproject.org/download/download#warning
Aug 01 06:54:51 qhsg tor[30428]: Aug 01 06:54:51.113 [notice] Read 
configuration file "/usr/share/tor/tor-service-defaults-torrc".
Aug 01 06:54:51 qhsg tor[30428]: Aug 01 06:54:51.113 [notice] Read 
configuration file "/etc/tor/torrc".
Aug 01 06:54:51 qhsg tor[30428]: Configuration was valid
Aug 01 06:54:51 qhsg tor[30431]: Aug 01 06:54:51.154 [notice] Tor 0.2.9.11 
(git-572f4570e1771890) running on Linux with Libevent 2.0.21-stable, OpenSSL 
1.1.0f and Zlib 1.2.8.
Aug 01 06:54:51 qhsg tor[30431]: Aug 01 06:54:51.155 [notice] Tor can't help 
you if you use it wrong! Learn howto be safe at 
https://www.torproject.org/download/download#warning
Aug 01 06:54:51 qhsg tor[30431]: Aug 01 06:54:51.155 [notice] Read 
configuration file "/usr/share/tor/tor-service-defaults-torrc".
Aug 01 06:54:51 qhsg tor[30431]: Aug 01 06:54:51.155 [notice] Read 
configuration file "/etc/tor/torrc".
Aug 01 06:54:51 qhsg tor[30431]: Aug 01 06:54:51.159 [notice] I think we have 8 
CPUS, but only 1 of them are available. Telling Tor to only use 1. You can 
override this with the NumCPUs option
Aug 01 06:54:51 qhsg tor[30431]: Aug 01 06:54:51.159 [notice] Opening Socks 
listener on 127.0.0.1:9050
Aug 01 06:54:51 qhsg systemd[1]: Started Anonymizing overlay network for TCP.

journalctrl -f with those lines NOT commented out (broken Tor), over and over 
again:

Aug 01 06:59:38 qhsg systemd[1]: Starting Anonymizing overlay network for TCP...
Aug 01 06:59:38 qhsg systemd[30528]: tor@default.service: Failed at step 
NAMESPACE spawning /usr/bin/install: Too many levels of symbolic links
Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Control process exited, 
code=exited status=226
Aug 01 06:59:38 qhsg systemd[1]: Failed to start Anonymizing overlay network 
for TCP.
Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Unit entered failed state.
Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Failed with result 
'exit-code'.
Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Service hold-off time 
over, scheduling restart.
Aug 01 06:59:38 qhsg systemd[1]: Stopped Anonymizing overlay network for TCP.
Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Start request repeated 
too quickly.
Aug 01 06:59:38 qhsg systemd[1]: Failed to start Anonymizing overlay network 
for TCP.
Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Unit entered failed state.
Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Failed with result 
'exit-code'.

Bug#870337: Stretch: /lib/systemd/system/tor@default.service broken

[Peter Palfrader]

On Tue, 01 Aug 2017, Clayton wrote:

> Aug 01 06:59:38 qhsg systemd[1]: Starting Anonymizing overlay network for 
> TCP...
> Aug 01 06:59:38 qhsg systemd[30528]: tor@default.service: Failed at step 
> NAMESPACE spawning /usr/bin/install: Too many levels of symbolic links
> Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Control process exited, 
> code=exited status=226

What kind of non-standard Debian is this?  Kernel?  VPS?


-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#870319: ben: Please make generated simple query match the set of exact package names

[Balint Reczey]

Hi Stéphane,

On Tue, Aug 1, 2017 at 12:56 PM, Stéphane Glondu  wrote:
> On 01/08/2017 02:00, Steve Langasek wrote:
>> I believe the provided patch is inaccurate because it doesn't handle the
>> case of a given package name appearing at the very beginning or the very end
>> of the dependency list.
>>
>> The syntax that I have used for transition trackers in Ubuntu that works
>> reliably is:
>>
>>   /(^| )(list|of|packages)\s*([,(:]|$)/
>
> So you don't use the .depends ~ "foo|bar" syntax, right?
>
>> Note that ^ and $ do not work as part of a character class in the regexp
>> implementation used by ben, the last time I checked.
>>
>> Breaking this down, we have:
>>
>>  - either the beginning of the dependency list or a space
>>  - the package name
>>  - optional whitespace
>>  - either the end of the dependency list, or one of the characters [,(:]
>>
>> The three possible terminating characters are for: a bare dependency
>> followed by another ("libevent-0.2-5, [...]"); a versioned dependency
>> ("libevent-0.2-5 (>= [...])"; and a multiarch dependency
>> ("libevent-0.2-5:any").
>
> Isn't there also "<" (for build profiles)?

There is but i think we can expect a " " before it (like with "(").
Adding it to the regex does not hurt much OTOH.

Cheers,
Balint

Bug#870351: openvpn: [INTL:ca] Catalan translation of openvpn

[Alytidae]

Package: openvpn
Version: 2.4.0-6+deb9u1
Severity: wishlist
Tags: patch l10n

Dear Maintainer,

I have translated the openvpn 2.4.3-4 debconf file to catalan. I hope you can
patch it whenever possible.

Thank you.


-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8), 
LANGUAGE=ca_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  init-system-helpers1.48
ii  iproute2   4.9.0-1
ii  libc6  2.24-11+deb9u1
ii  liblz4-1   0.0~r131-2+b1
ii  liblzo2-2  2.08-1.2+b2
ii  libpam0g   1.1.8-3.6
ii  libpkcs11-helper1  1.21-1
ii  libssl1.0.21.0.2l-2
ii  libsystemd0232-25+deb9u1
ii  lsb-base   9.20161125

Versions of packages openvpn recommends:
ii  easy-rsa  2.2.2-2

Versions of packages openvpn suggests:
ii  openssl 1.1.0f-3
pn  resolvconf  

-- debconf information excluded
# OpenVPN (debconf) translation to Catalan.
# Copyright (C) 2004 Free Software Foundation, Inc.
# Aleix Badia i Bosch , 2004
# Josep Lladonosa i Capell , 2004
# Alytidae , 2017
msgid ""
msgstr ""
"Project-Id-Version: openvpn_2.4.3-4\n"
"Report-Msgid-Bugs-To: open...@packages.debian.org\n"
"POT-Creation-Date: 2011-05-10 17:48+0200\n"
"PO-Revision-Date: 2017-07-23 16:53+0200\n"
"Last-Translator: Alytidae \n"
"Language-Team: Catalan \n"
"Language: ca\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: boolean
#. Description
#: ../templates:2001
msgid "Create the TUN/TAP device?"
msgstr "Crear un dispositiu TUN/TAP?"

#. Type: boolean
#. Description
#: ../templates:2001
msgid ""
"If you choose this option, the /dev/net/tun device needed by OpenVPN will be "
"created."
msgstr "Si tries aquesta opció es crearà el dispositiu /dev/net/tun, que és "
"necessari per a OpenVPN."

#. Type: boolean
#. Description
#: ../templates:2001
msgid "You should not choose this option if you're using devfs."
msgstr "No hauries de triar aquesta opció si estàs utilitzant devfs."

#~ msgid "Would you like to start openvpn sooner?"
#~ msgstr "Voldríeu iniciar l'openvpn abans?"

#, fuzzy
#~ msgid ""
#~ "Previous versions of openvpn started at the same time as most of other "
#~ "services. This means that most of these services couldn't use openvpn "
#~ "since it may have been unavailable when they started. Newer versions of "
#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc"
#~ "[235].d instead of a S20openvpn)"
#~ msgstr ""
#~ "Les versions anteriors de l'openvpn s'iniciaven al mateix temps que la "
#~ "majoria de serveis. Aquesta característica implica que la majoria de "
#~ "serveis no poguessin utilitzar l'openvpn al no estar disponible. Les "
#~ "noves versions de l'openvpn s'iniciaran abans (ex. un enllaç S18openvpn a "
#~ "rc[235].d en comptes d'un S20openvpn)"

#~ msgid ""
#~ "If you accept here, the package upgrade will make this change for you. If "
#~ "you refuse, nothing will change, and openvpn will be working just like it "
#~ "did before."
#~ msgstr ""
#~ "Si ho accepteu, l'actualització del paquet ho modificarà per vosaltres. "
#~ "Si no ho accepteu, no canviarà res i l'openvpn s'executarà tal i com ho "
#~ "feia anteriorment."

#, fuzzy
#~ msgid "Would you like to stop openvpn later?"
#~ msgstr "Voldríeu iniciar l'openvpn abans?"

#, fuzzy
#~ msgid ""
#~ "Previous versions of openvpn stopped at the same time as most of other "
#~ "services. This meant that some of services stopping later couldn't use  "
#~ "openvpn since it may have been stopped before them. Newer versions of the "
#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in  "
#~ "rc[06].d instead of a K20openvpn)"
#~ msgstr ""
#~ "Les versions anteriors de l'openvpn s'iniciaven al mateix temps que la "
#~ "majoria de serveis. Aquesta característica implica que la majoria de "
#~ "serveis no poguessin utilitzar l'openvpn al no estar disponible. Les "
#~ "noves versions de l'openvpn s'iniciaran abans (ex. un enllaç S18openvpn a "
#~ "rc[235].d en comptes d'un S20openvpn)"

#~ msgid "Would you like a TUN/TAP device to be created?"
#~ msgstr "Voleu que es creï un dispositiu TUN/TAP?"

#~ msgid ""
#~ "If you accept here, the package will make a special device called /dev/"
#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. "
#~ "Read README.Debian for details on how to make it. If you are using devfs "
#~ "refuse here."
#~ msgstr ""
#~ "Si ho accepteu, el paquet crearà un dispositiu especial anomenat /dev/net/"
#~ "tun per a l'openvpn. Si no ho accepteu, no es crearà el dispositiu. Per a "
#~ "més a informació sobre el procés llegiu el fitxer README.Debian. 

Bug#870352: RFS: xtensor/0.10.9-1

[Ghislain Vaillant]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for the following package:

* Package name: xtensor
  Version : 0.10.9-1
  Upstream Author : Johan Mabille, Sylvain Corlay and Wolf Vollprecht
* URL : http://quantstack.net/xtensor
* License : BSD
  Section : libs

Please check out the package by visiting the following URL:

  https://anonscm.debian.org/git/debian-science/packages/xtensor.git

Changes since the last upload:

  * New upstream version 0.10.9
  * Refresh the patch queue

Regards,
Ghis

Bug#870337: Stretch: /lib/systemd/system/tor@default.service broken

[Peter Palfrader]

On Tue, 01 Aug 2017, Peter Palfrader wrote:

> On Tue, 01 Aug 2017, Clayton wrote:
> 
> > Aug 01 06:59:38 qhsg systemd[1]: Starting Anonymizing overlay network for 
> > TCP...
> > Aug 01 06:59:38 qhsg systemd[30528]: tor@default.service: Failed at step 
> > NAMESPACE spawning /usr/bin/install: Too many levels of symbolic links
> > Aug 01 06:59:38 qhsg systemd[1]: tor@default.service: Control process 
> > exited, code=exited status=226
> 
> What kind of non-standard Debian is this?  Kernel?  VPS?

Also,
  ls -ld /tmp /var/tmp /run /var /var/run /var/run/tor /var/run/tor-instances
please.

-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#870353: cacti: CVE-2017-12065

[Salvatore Bonaccorso]

Source: cacti
Version: 1.1.15+ds1-1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/Cacti/cacti/issues/877

Hi,

the following vulnerability was published for cacti.

CVE-2017-12065[0]:
| spikekill.php in Cacti before 1.1.16 might allow remote attackers to
| execute arbitrary code via the avgnan, outlier-start, or outlier-end
| parameter.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12065
[1] https://github.com/Cacti/cacti/issues/877

Regards,
Salvatore

Bug#870339: animal-sniffer FTBFS: recipe for target 'clean' failed

[Emmanuel Bourg]

Thank you for the report Adrian. I admit I don't understand why the
clean target fails on the builder. The package just uses the default
dh_auto_clean from maven-debian-helper with no other customization (no
override, no debian/clean), and it works well for many other packages.

Emmanuel Bourg

Bug#870354: cacti: CVE-2017-12066

[Salvatore Bonaccorso]

Source: cacti
Version: 1.1.15+ds1-1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/Cacti/cacti/issues/877

Hi,

the following vulnerability was published for cacti.

CVE-2017-12066[0]:
| Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in
| Cacti before 1.1.16 allows remote authenticated users to inject
| arbitrary web script or HTML via specially crafted HTTP Referer
| headers, related to the $cancel_url variable. NOTE: this vulnerability
| exists because of an incomplete fix (lack of the htmlspecialchars
| ENT_QUOTES flag) for CVE-2017-11163.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12066
[1] https://github.com/Cacti/cacti/issues/877

(yes the same commit and upstream issue as CVE-2017-12065 since the
reporter mixed/collected the report in one upstream issue). 

Regards,
Salvatore

Bug#870337: Stretch: /lib/systemd/system/tor@default.service broken

[Clayton]

> > What kind of non-standard Debian is this?  Kernel?  VPS?  

OpenVZ VPS,

# uname -a
Linux qhsg 2.6.32-042stab120.16 #1 SMP Tue Dec 13 20:58:28 MSK 2016
x86_64 GNU/Linux

I have Tor running on a very similar VPS, but Ubuntu 16.04, elsewhere.

> Also,
>   ls
> -ld /tmp /var/tmp /run /var /var/run /var/run/tor /var/run/tor-instances
> please.

# ls -ld /tmp/
drwxrwxrwt 10 root root 260 Aug  1 07:17 /tmp/

# ls -ld /var/tmp/
drwxrwxrwt 3 root root 4096 Aug  1 06:59 /var/tmp/

# ls -ld /run
drwxr-xr-x 18 root root 620 Aug  1 04:00 /run

# ls -ld /var
drwxr-xr-x 11 root root 4096 Aug 30  2015 /var

# ls -ld /var/run
lrwxrwxrwx 1 root root 4 Jul 25 04:11 /var/run -> /run

# ls -ld /var/run/tor/
drwxr-sr-x 2 debian-tor debian-tor 60 Aug  1 06:59 /var/run/tor/

/var/run/tor-instances does not exist.

Clayton

Bug#870355: vmpk: new upstream 0.6.2

[Jonatan Nyberg]

package: vmpk
severity: high

Please upgrade to latest VMPK version (0.6.2), this package hasn't been
upgraded since 2012.

Regards,
Jonatan

Bug#870356: potrace: CVE-2017-12067

[Salvatore Bonaccorso]

Source: potrace
Version: 1.14-2
Severity: minor
Tags: upstream security

Hi,

the following vulnerability was published for potrace.

CVE-2017-12067[0]:
| Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic
| function in mkbitmap.c.

This does not need any immediate update, since it seems only relates
to the mkbitmap cli tool. Main pupose is can you bring that to
upstream? The original reporter might not have done that.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12067

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#865324: ITA: golang-github-digitalocean-godo -- DigitalOcean API V2 client library for Golang

[Daniel Stender]

A new version of this package has been uploaded yesterday by me, and I've 
rechecked the ITA bug now, which
has been closed by this upload.

It happened that the bug was closed resp. the package was adopted by Shengjing 
Zhu, but he wasn't the owner of
this bug report.

I'm sorry that this have been hijacked. I haven't properly monitored that, and 
I'm sure Shengjing Zhu
has just missed it for he's adopting a whole row of Golang packages which have 
been RFA by me from the
dependencies for Packer.

If you're not o.k. with this Andrew, of course we're restoring the Maintainer 
resp. Uploader immediately
to meet who has been the owner of this bug.

Best,
Daniel Stender

-- 
4096R/DF5182C8 (sten...@debian.org)
http://www.danielstender.com/



signature.asc
Description: OpenPGP digital signature

Bug#870357: [gf-complete-tools] Package in wrong Section "libs"

[Andre Naujoks]

Package: gf-complete-tools
Version: 1.0.2-2+b1
Severity: minor

--- Please enter the report below this line. ---

The package gf-complete-tools is packaged in the Debian-Section "libs",
which leads to false positives from e.g. deborphan. (running deborphan
on a system with the package installed outputs the package as removable)

The package only consists of binaries and does not even contain a
library. I would see the package in "math" (or "science").

Regards
 Andre

--- System information. ---
Architecture: Kernel:   Linux 4.11.0-2-amd64

Debian Release: buster/sid
  500 unstable-debug  debug.mirrors.debian.org   500 unstable
ftp.de.debian.org
--- Package information. ---
Depends  (Version) | Installed
==-+-===
libgf-complete1 (= 1.0.2-2+b1) | 1.0.2-2+b1
libc6(>= 2.14) | 2.24-13


Package's Recommends field is empty.

Package's Suggests field is empty.

Bug#870358: Ships /usr/lib/python2.7/dist-packages/easy-install.pth

[Andrey Rahmatullin]

Package: python-pysph
Version: 0~20160514.git91867dc-4
Severity: important

/usr/lib/python2.7/dist-packages/easy-install.pth should not be shipped by
module packages, as it's a file common for the entire python2.7 installation,
and packaged modules should work without a need to write into it.



-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python-pysph depends on:
ii  build-essential   12.3
ii  cython0.25.2-1+b1
ii  libc6 2.24-12
ii  libgcc1   1:7.1.0-10
ii  libgomp1  7.1.0-10
ii  libstdc++67.1.0-10
ii  python2.7.13-2
ii  python-dev2.7.13-2
ii  python-mako   1.0.7+ds1-1
ii  python-mock   2.0.0-3
ii  python-nose   1.3.7-2
ii  python-numpy [python-numpy-abi9]  1:1.12.1-3+b2

Versions of packages python-pysph recommends:
pn  pysph-viewer  

python-pysph suggests no packages.

-- debconf-show failed

Bug#869820: gcc-7-cross-ports: Please build gnat-7 cross-compiler for m68k

[John Paul Adrian Glaubitz]

Hi!

On 07/26/2017 08:32 PM, John Paul Adrian Glaubitz wrote:
> Now that #862927 has been resolved, please remember to build the gnat-7
> cross-compiler for m68k in the next upload.  It's then easier to cross-build
> a native compiler and continue working on the gnat-7 issue on m68k with
> the native compiler [1].

I just did a test build of the package with gnat-7 enabled for m68k. Builds
fine and I have a usable gnat-7 cross-compiler for m68k now.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#870337: Stretch: /lib/systemd/system/tor@default.service broken

[Peter Palfrader]

On Tue, 01 Aug 2017, Clayton wrote:

> > > What kind of non-standard Debian is this?  Kernel?  VPS?  
> OpenVZ VPS,
> 
> # uname -a
> Linux qhsg 2.6.32-042stab120.16 #1 SMP Tue Dec 13 20:58:28 MSK 2016
> x86_64 GNU/Linux
> 
> I have Tor running on a very similar VPS, but Ubuntu 16.04, elsewhere.

Any symlinks for /home or /root or anything weird?  This looks like
systemd and your specific setup being weird.

If you google for 'systemd  Failed at step NAMESPACE spawning  Too many
levels' you can find a few more examples of where things may go wrong.

I don't think this is a bug in the Debian package, but I'd still like to
learn what is causing this on your system, exactly.
-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#870359: clustershell: Missing dependency python-pkg-resources

[Hans Fredrik Nordhaug]

Package: clustershell
Version: 1.7.3-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

after installing clustershell, I get the following error when running
clush:

Traceback (most recent call last):
  File "/usr/bin/clush", line 6, in 
from pkg_resources import load_entry_point

Installing the python-pkg-resources package fixes the problem.

I think adding python-pkg-resources as a dependencies is the correct solution.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-3-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages clustershell depends on:
ii  python   2.7.13-2
ii  python-yaml  3.12-1

clustershell recommends no packages.

Versions of packages clustershell suggests:
pn  vim-addon-manager  

-- no debconf information

Bug#870360: encfs is flooding syslog with DEBUG [default] [user@unknown-host]

[Jose Filho]

Package: encfs
Version: 1.9.1-4
Severity: normal

Dear Maintainer,

after installing encfs on a fresh install on debian 9 netinst, my syslog is 
being flooded with:
Aug  1 08:04:10 desktop1 encfs: 2017-08-01 08:04:10,861 DEBUG [default] 
[user@unknown-host] [virtual int encfs::RawFileIO::getAttr(stat*) const] 
[/home/ed/debian/dev/build-area/encfs-1.9.1/encfs/RawFileIO.cpp:167] 
getAttr error on /data/home/username/u0aAsGSEmeo,rphl: No such file or directory

I think some debug flag was enabled by default.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages encfs depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  fuse   2.9.7-1
ii  libc6  2.24-11+deb9u1
ii  libfuse2   2.9.7-1
ii  libgcc11:6.3.0-18
ii  libssl1.1  1.1.0f-3
ii  libstdc++6 6.3.0-18
ii  libtinyxml2-4  4.0.1-1
ii  mount  2.29.2-1

encfs recommends no packages.

encfs suggests no packages.

Bug#870362: ariba FTBFS with bowtie2 2.3.2-2

[Adrian Bunk]

Source: ariba
Version: 2.10.0+ds-1
Severity: serious

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ariba.html

...
==
FAIL: Test run_bowtie2 unsorted
--
Traceback (most recent call last):
  File "/build/1st/ariba-2.10.0+ds/ariba/tests/mapping_test.py", line 62, in 
test_run_bowtie2
self.assertListEqual(expected, got)
AssertionError: Lists differ: [('1', 99, 'ref', 0, [(4, 5), (0, 20)], 
'AGCCCTC[857 chars]AT')] != [('1', 153, 'ref', 30, [(0, 25)], 
'AGGATACAGATCT[795 chars]AT')]

First differing element 0:
('1', 99, 'ref', 0, [(4, 5), (0, 20)], 'AGCCCTCCACAGGATGGTGGTATAC')
('1', 153, 'ref', 30, [(0, 25)], 'AGGATACAGATCTTGTGGGAAAGGT')

- [('1', 99, 'ref', 0, [(4, 5), (0, 20)], 'AGCCCTCCACAGGATGGTGGTATAC'),
-  ('1', 147, 'ref', 30, [(0, 25)], 'AGGATACAGATCTTGTGGGAAAGGT'),
? ^   ^^

+ [('1', 153, 'ref', 30, [(0, 25)], 'AGGATACAGATCTTGTGGGAAAGGT'),
? ^   ^^

+  ('1', 101, None, 30, [], 'AGCCCTCCACAGGATGGTGGTATAC'),
-  ('2', 99, 'ref', 124, [(0, 25)], 'TAATGTTCTTAGGGCTTACCATAGA'),
?^^

+  ('2', 73, 'ref', 124, [(0, 25)], 'TAATGTTCTTAGGGCTTACCATAGA'),
?^^

-  ('2', 147, 'ref', 170, [(0, 20), (4, 5)], 'TCCACCTTAGCTAAGCGCAGACTCG'),
+  ('2', 133, None, 124, [], 'CGAGTCTGCGCTTAGCTAAGGTGGA'),
   ('3', 73, 'ref', 86, [(0, 25)], 'TCGGGTCTGTACAAGGACGGATGGT'),
   ('3', 133, None, 86, [], 'CGTACTGACTGACTGACGTACTGCA'),
   ('4', 99, 'ref', 55, [(0, 25)], 'CCGCCGGGAAGTCCTTCTGTCGTGC'),
   ('4', 147, 'ref', 136, [(0, 25)], 'GGCTTACCATAGAGGTACACT'),
-  ('5', 99, 'ref', 0, [(4, 2), (0, 23)], 'CCTCCACAGGATGGTGGTATACCTG'),
?^^  ^^ --  ^   ---

+  ('5', 77, None, -1, [], 'CCTCCACAGGATGGTGGTATACCTG'),
?^^  ^^^   ^^

-  ('5', 147, 'ref', 166, [(0, 24), (4, 1)], 'TTCATCCACCTTAGCTAAGCGCAGA'),
+  ('5', 141, None, -1, [], 'TCTGCGCTTAGCTAAGGTGGATGAA'),
   ('6', 77, None, -1, [], 'CAGTTGCATGACGTCATGCAGTCAT'),
   ('6', 141, None, -1, [], 'AATGAGTATGATGAGTAATGGTATG'),
   ('7', 99, 'ref', 56, [(4, 1), (0, 23), (4, 1)], 'ACGCCGGGAAGTCCTTCTGTCGTGT'),
   ('7', 147, 'ref', 136, [(0, 24), (4, 1)], 'GGCTTACCATAGAGGTACACTAAAT')]

==
FAIL: Test run_bowtie2 sorted
--
Traceback (most recent call last):
  File "/build/1st/ariba-2.10.0+ds/ariba/tests/mapping_test.py", line 105, in 
test_run_bowtie2_and_sort
self.assertListEqual(expected, got)
AssertionError: Lists differ: [('1', 99, 'ref', 0, [(4, 5), (0, 20)], 
'AGCCCTC[857 chars]TG')] != [('1', 101, None, 30, [], 
'AGCCCTCCACAGGATGGTGGT[795 chars]TG')]

First differing element 0:
('1', 99, 'ref', 0, [(4, 5), (0, 20)], 'AGCCCTCCACAGGATGGTGGTATAC')
('1', 101, None, 30, [], 'AGCCCTCCACAGGATGGTGGTATAC')

Diff is 1434 characters long. Set self.maxDiff to None to see it.

--
Ran 335 tests in 173.301s

FAILED (failures=2)
debian/rules:23: recipe for target 'override_dh_auto_test' failed
make[1]: *** [override_dh_auto_test] Error 1

Bug#870364: say "... is already mounted rw elsewhere. Cannot mount ro."

[積丹尼 Dan Jacobson]

Package: mount
Version: 2.29.2-2
Severity: wishlist

# mount -o ro /dev/sda7 /mnt/usb/extra/
mount: /dev/sda7 is already mounted or /mnt/usb/extra busy
   /dev/sda7 is already mounted on /
# mount  /dev/sda7 /mnt/usb/extra/
#

So it should say instead:
mount: /dev/sda7 is already mounted rw elsewhere. Cannot mount ro.

Bug#870363: libsane : Depends: libsane-common (= 1.0.26~git20151121-1) but 1.0.27-1~experimental1 is to be installed

[積丹尼 Dan Jacobson]

Package: libsane
Version: 1.0.26~git20151121-1
Severity: minor

The following packages have unmet dependencies:
 libsane : Depends: libsane-common (= 1.0.26~git20151121-1) but 
1.0.27-1~experimental1 is to be installed

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable-debug'), (500, 
'unstable'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)

Bug#870339: animal-sniffer FTBFS: recipe for target 'clean' failed

[Emmanuel Bourg]

Le 1/08/2017 à 11:11, Adrian Bunk a écrit :

> Lots of Java packages started to FTBFS the same way last night in the 
> reproducible builds.

It should affect all packages built with maven-debian-helper + DH, so
about 400 packages.


> I just tried downgrading debhelper to 10.7 and that fixed it,
> so this is actually a 10.7 -> 10.7.1 regression in debhelper.

I confirm this. I managed to work around the issue by replacing a call
to doit_in_builddir with complex_doit_in_builddir in maven-debian-helper
[1]. I don't mind patching maven-debian-helper if needed, but I thought
the compatibility would have been preserved at least until the version 11.


[1]
https://anonscm.debian.org/cgit/pkg-java/maven-debian-helper.git/tree/share/perl/maven.pm#n136

Bug#869665: libgit2-dev: please update version in Debian unstable and do a library transition

[Ximin Luo]

Ximin Luo:
> Russell Sim:
>>> [..]
>>>
>>> $ echo $(aptitude search --disable-columns -F "%p" '~Dlibgit2-24 ~rnative
>>> !~e^libgit2$')
>>> eeshow fritzing geany-plugin-git-changebar gnome-builder gnuastro kate
>>> kup-backup libgit2-glib-1.0-0 libgnuastro1 libgnuastro2 libkf5texteditor5
>>> lua-gall python-pygit2 python3-pygit2 ruby-rugged
>>>
>>> [..]
>>
>> Thanks for the info, I'll follow the document as described.
>>
>> I think i may get some time on Monday to start building and testing the
>> rdepends.  In the meantime could you please upload 0.26.0+dfsg.1-1 to
>> experimental, I've pushed it to the collab-maint git.
>>
> 
> I've uploaded that to experimental. I made a minor tweak in git which will 
> take effect for the next version, you can revert it if you want, see the 
> commit message for details.
> 
> I can help with the rebuilds [..]
> 

I've rebuilt the packages above (except eeshow which is only in experimental, 
and libgnucastro1 since it was replaced by *2). The following packages fail:

fritzing_0.9.3b+dfsg-4.dsc
gnome-builder_3.22.4-1.dsc
gnuastro_0.3.33-1.dsc
kate_16.08.3-1.dsc
libgit2-glib_0.24.4-1.dsc
python-pygit2_0.24.2-2.dsc
ruby-rugged_0.24.0+ds1-3.dsc

Build logs are here if you'd like to investigate: 
https://people.debian.org/~infinity0/libgit2/

I'll file bugs to those packages in the next few days, or feel free to jump in 
ahead. (I'll be travelling tomorrow to go to DebConf, so it might be a while 
before I get around to it.)

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

Bug#865324: ITA: golang-github-digitalocean-godo -- DigitalOcean API V2 client library for Golang

[Shengjing Zhu]

Hi Daniel,

On Tue, Aug 1, 2017 at 7:49 PM, Daniel Stender  wrote:
> A new version of this package has been uploaded yesterday by me, and I've 
> rechecked the ITA bug now, which
> has been closed by this upload.
>
> It happened that the bug was closed resp. the package was adopted by 
> Shengjing Zhu, but he wasn't the owner of
> this bug report.
>
> I'm sorry that this have been hijacked. I haven't properly monitored that, 
> and I'm sure Shengjing Zhu
> has just missed it for he's adopting a whole row of Golang packages which 
> have been RFA by me from the
> dependencies for Packer.
>
> If you're not o.k. with this Andrew, of course we're restoring the Maintainer 
> resp. Uploader immediately
> to meet who has been the owner of this bug.
>

Actually this package is signed by Andrew, see the info below:
https://tracker.debian.org/news/859858

I contacted Andrew on July 26, asking if he could update this package,
but he was on traveling then. He agreed that I could push the new
version to git repo. And he signed the update yesterday,
https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-digitalocean-godo.git/commit/?id=77d8a0c2fc6043ce592064ff821e2e547cadf5b1

Maybe he forget to put his name on Uploaders field and d/changelog.


-- 
Best regards,
Shengjing Zhu

Bug#868255: openjdk-9: Please build with --with-debug-level=slowdebug on Zero-only architectures

[Andrew Haley]

On 13/07/17 21:01, John Paul Adrian Glaubitz wrote:
> openjdk-9 currently FTBFS on architectures which exclusively rely on the Zero
> VM. This happens because the JVM segfaults during build at some point [1].

So I found two bugs in the package which stop it from building, one
yours and one ours.  The first one is
debian/patches/8073754-stack-overflow-9-build.diff, which sets the
thread stack size to 2240: this is too small, and the build aborts.  I
think this problem may be due to the use of 64k pages.

NOTE THAT you should not increase the thread sizes in
os_linux_zero.cpp: these are minimums.  Change the values in
hotspot/src/os_cpu/linux_zero/vm/globals_linux_zero.hpp and
common/autoconf/boot-jdk.m4 .

The second one is more subtle.  Zero is so called because it uses zero
assembly language, but this is not quite true: there is a tiny bit of
assembly language, and it is wrong.  Here is the PPC32 definition of
atomic_copy64.  It uses a floating-point register to copy a 64-bit
doubleword atomically:

  // Atomically copy 64 bits of data
  static void atomic_copy64(volatile void *src, volatile void *dst) {
#if defined(PPC32) && !defined(__NO_FPRS__)
double tmp;
asm volatile ("lfd  %0, 0(%1)\n"
  "stfd %0, 0(%2)\n"
  : "=f"(tmp)
  : "b"(src), "b"(dst));

The eagle-eyed among you might have noticed the bug: this asm has no
memory effect.  It has no memory inputs, no memory outputs, and no
memory clobber.  So, as far as GCC is concerned atomic_copy64 does not
touch memory at all, and there is no need to store the source operand
into memory.  For all GCC knows, the asm might just be doing some
arithmetic on the pointers.  We need a better definition of
atomic_copy64, and this is mine:

  // Atomically copy 64 bits of data
static void atomic_copy64(volatile void *src, volatile void *dst) {
#if defined(PPC32) && !defined(__NO_FPRS__)
double tmp;
asm volatile ("lfd  %0, %2\n"
  "stfd %0, %1\n"
  : "=&f"(tmp), "=Q"(*(volatile double*)dst)
  : "Q"(*(volatile double*)src));

Note that we dereference src and dst and pass the actual memory
operands to the asm, not just pointers to them.

(This might be more detail than you need, and I'm sorry this isn't a
real patch, but if you base a patch on what I've said here, it should
build.  Let me know.)

-- 
Andrew Haley
Java Platform Lead Engineer
Red Hat UK Ltd. 
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671

Bug#870366: libreoffice-writer: Comment text not accessible with screen reader

[Alex ARNAUD]

Package: libreoffice-writer
Version: 4.2.6.5 1:5.4.0-1
Tags: a11y upstream
Owner: b...@hypra.fr
User: b...@hypra.fr
Usertags: hypra
Forwarded: https://bugs.documentfoundation.org/show_bug.cgi?id=92389

DESCRIPTION FROM UPSTREAM:

When composing a document, and the user wishes to add a comment, once you press 
the Control+Alt+C keybinding to add a comment to a highlighted portion of text, 
or to a area of text that is proceeding the cursor, Orca does not interact with 
the comment field. Arrowing through the text typed out provides no speech 
output. Deleting text does not provide speech output.

Activating the menu item under Insert, Comment, yields the same result.

Using the Control + Alt + Page Up and Page Down functions to cycle through 
comments only reads the text written out for that particular area that is 
commented, does not allow navigation to the actual comment itself with orca.

Perhaps provide a keybinding that will get to the list of comments presented 
should there already be some?

Bug#869356: ghc: Eats gigabytes of memory when compiling haskell-skylighting

[Clint Adams]

On Mon, Jul 31, 2017 at 05:44:54PM -0400, Jonas Smedegaard wrote:
> Can we please have a newer release of Skylighting in Debian?

There you go.  I guess you're going to patch pandoc 1.19.2.1 to
work with it?

Bug#868255: openjdk-9: Please build with --with-debug-level=slowdebug on Zero-only architectures

[Andrew Haley]

On 01/08/17 13:57, Andrew Haley wrote:
> NOTE THAT you should not increase the thread sizes in
> os_linux_zero.cpp: these are minimums.  Change the values in
> hotspot/src/os_cpu/linux_zero/vm/globals_linux_zero.hpp and
> common/autoconf/boot-jdk.m4 .

Sorry, I should have said: set the size to 2560.

-- 
Andrew Haley
Java Platform Lead Engineer
Red Hat UK Ltd. 
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671

Bug#868255: openjdk-9: Please build with --with-debug-level=slowdebug on Zero-only architectures

[John Paul Adrian Glaubitz]

On Tue, Aug 01, 2017 at 01:57:02PM +0100, Andrew Haley wrote:
> So I found two bugs in the package which stop it from building, one
> yours and one ours.  The first one is
> debian/patches/8073754-stack-overflow-9-build.diff, which sets the
> thread stack size to 2240: this is too small, and the build aborts.  I
> think this problem may be due to the use of 64k pages.

Interesting.

> NOTE THAT you should not increase the thread sizes in
> os_linux_zero.cpp: these are minimums.  Change the values in
> hotspot/src/os_cpu/linux_zero/vm/globals_linux_zero.hpp and
> common/autoconf/boot-jdk.m4 .

Ok, I will test that.

> The second one is more subtle.  Zero is so called because it uses zero
> assembly language, but this is not quite true: there is a tiny bit of
> assembly language, and it is wrong.

Yeah, I already assumed that because of the fact that the Zero build
fails on powerpc with --with-debug-level=release but not on sh4, for
example.

> Here is the PPC32 definition of
> atomic_copy64.  It uses a floating-point register to copy a 64-bit
> doubleword atomically:
> 
>   // Atomically copy 64 bits of data
>   static void atomic_copy64(volatile void *src, volatile void *dst) {
> #if defined(PPC32) && !defined(__NO_FPRS__)
> double tmp;
> asm volatile ("lfd  %0, 0(%1)\n"
>   "stfd %0, 0(%2)\n"
>   : "=f"(tmp)
>   : "b"(src), "b"(dst));
> 
> The eagle-eyed among you might have noticed the bug: this asm has no
> memory effect.  It has no memory inputs, no memory outputs, and no
> memory clobber.  So, as far as GCC is concerned atomic_copy64 does not
> touch memory at all, and there is no need to store the source operand
> into memory.  For all GCC knows, the asm might just be doing some
> arithmetic on the pointers.  We need a better definition of
> atomic_copy64, and this is mine:
> 
>   // Atomically copy 64 bits of data
> static void atomic_copy64(volatile void *src, volatile void *dst) {
> #if defined(PPC32) && !defined(__NO_FPRS__)
> double tmp;
> asm volatile ("lfd  %0, %2\n"
>   "stfd %0, %1\n"
>   : "=&f"(tmp), "=Q"(*(volatile double*)dst)
>   : "Q"(*(volatile double*)src));

Wow, that's indeed very subtle.

> Note that we dereference src and dst and pass the actual memory
> operands to the asm, not just pointers to them.
> 
> (This might be more detail than you need, and I'm sorry this isn't a
> real patch, but if you base a patch on what I've said here, it should
> build.  Let me know.)

Ok, I'll give it a try. Thanks a lot for digging this out!

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#870367: neovim FTBFS on big endian: Test_get_buf_options line 3: Expected 8 but got 0

[Adrian Bunk]

Source: neovim
Version: 0.2.0-2
Severity: serious

https://buildd.debian.org/status/package.php?p=neovim&suite=sid

...
>From test_bufwintabinfo.vim:
Found errors in Test_get_buf_options():
function RunTheTest[9]..Test_get_buf_options line 3: Expected 8 but got 0

Test results:


>From test_bufwintabinfo.vim:
Found errors in Test_get_buf_options():
function RunTheTest[9]..Test_get_buf_options line 3: Expected 8 but got 0
TEST FAILURE
Makefile:115: recipe for target 'report' failed
make[2]: *** [report] Error 1
make[2]: Leaving directory '/<>/src/nvim/testdir'
debian/rules:60: recipe for target 'override_dh_auto_test-arch' failed
make[1]: *** [override_dh_auto_test-arch] Error 2

Bug#870248: pandoc: Collision for lang-Variable when using specific language for pandoc-citeproc and Babel (Latex)

[Jonas Smedegaard]

Hi Claus-Michael,

Quoting c...@dock.in-berlin.de (2017-07-31 05:26:54)
> it seems that both Babel and pandoc-citeproc use `lang` as a variable 
> to set the language, but they don't use the same language codes, e.g. 
> for german: ngerman (Babel) and de-DE (pandoc-citeproc), so when using 
> Babel and pandoc-citeproc, setting another language throws an error 
> either from Babel or from pandoc-citeproc. This issue has been 
> reportedly solved in the most recent versions of pandoc -- see 
> https://github.com/jgm/pandoc-citeproc/issues/297 )

Thanks for reporting!

Unfortunately we cannot release newest pandoc until skylighting is 
releasable on all architectures. That issue is sort-of tracked at 
https://bugs.debian.org/869356

I looked at the code changes, but they are too complex for me to 
backport, so this cannot be addressed properly until skylighting is 
working.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#870368: libreoffice-writer: The orca Screen Reader is silent when placing focus over a bullet in a bulleted list.

[Alex ARNAUD]

Package: libreoffice-writer
Version: 4.2.6.5 5.1.2 1:5.4.0-1
Tags: a11y upstream
Owner: b...@hypra.fr
User: b...@hypra.fr
Usertags: hypra
Forwarded: https://bugs.documentfoundation.org/show_bug.cgi?id=93139

DESCRIPTION FROM UPSTREAM:

If one creates a bulleted list, presses home to go to the beginning of the line and 
then presses left arrow to place focus on the bullet, nothing is spoken by Orca. It 
would be nice to have the screen reader speak bullet and even possibly describe the 
bullet such as something like "large square bullet.

Bug#870369: xfig: window not deleted when quitting via menu

[Tim Bagot]

Package: xfig
Version: 1:3.2.6a-1
Severity: normal

Dear Maintainer,

When I quit xfig by selecting "Exit" from the "File" menu, very often
xfig's window is left behind (unresponsive) after the process has
terminated. (I can fortunately kill the window with xkill.) This does
not happen 100% reliably, and I cannot quite determine the precise
circumstances that make it happen or not; but so far it does _not_
appear to happen when a figure has been modified. (In other words, the
save-before-quitting dialog box seems to prevent the problem.)

Interestingly, if I move the dead window around, the File menu (which
is still displayed) does not move with it, but stays fixed in the same
position on the screen.

This only affects quitting via the menu, not quitting using the Meta-Q
keyboard shortcut or by closing the window.


Tim Bagot

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xfig depends on:
ii  libc62.24-11+deb9u1
ii  libjpeg62-turbo  1:1.5.1-2
ii  libpng16-16  1.6.28-1
ii  libx11-6 2:1.6.4-3
ii  libxi6   2:1.7.9-1
ii  libxpm4  1:3.5.12-1
ii  libxt6   1:1.1.5-1
ii  xaw3dg   1.5+E-18.2

Versions of packages xfig recommends:
ii  fig2dev [transfig]  1:3.2.6a-2
ii  transfig1:3.2.6a-2
ii  xfig-libs   1:3.2.6a-1

Versions of packages xfig suggests:
ii  cups-bsd [lpr]  2.2.1-8
ii  cups-client 2.2.1-8
ii  ghostscript 9.20~dfsg-3.2
ii  gimp2.8.18-1
ii  gsfonts-x11 0.24
ii  netpbm  2:10.0-15.3+b2
pn  spell   
ii  xfig-doc1:3.2.6a-1

-- no debconf information

Bug#870370: RM: jellyfish [kfreebsd-amd64] -- RoQA; B-D valgrind not available on kfreebsd

[Andreas Beckmann]

Package: ftp.debian.org
Severity: normal

lets remove some outdated binary packages from sid ...

Andreas

Bug#865324: ITA: golang-github-digitalocean-godo -- DigitalOcean API V2 client library for Golang

[Daniel Stender]

It came out it was me who lost track, I wasn't even the uploader here but 
Andrew. So there's no
issue here at all. Please excuse the hassle & have a nice day.

DS

-- 
4096R/DF5182C8 (sten...@debian.org)
http://www.danielstender.com/

Bug#758434: Re : Bug#870366: libreoffice-writer: Comment text not accessible with screen reader

[MENGUAL Jean-Philippe]

Hi,

I had submitted a similar bug related to gnome-orca:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758434

When I did we did not have explanations about origin of the bug, etc. Maybe we 
should merge them, or close the gnome-orca one, or reaffect orca ont to it?

Best regards 


Jean-Philippe MENGUAL

HYPRA, progressons ensemble

Tél.: 01 84 73 06 61

Mail: cont...@hypra.fr

Site Web: http://www.hypra.fr

- Alex ARNAUD  a écrit :
> Package: libreoffice-writer
> Version: 4.2.6.5 1:5.4.0-1
> Tags: a11y upstream
> Owner: b...@hypra.fr
> User: b...@hypra.fr
> Usertags: hypra
> Forwarded: https://bugs.documentfoundation.org/show_bug.cgi?id=92389
> 
> DESCRIPTION FROM UPSTREAM:
> > When composing a document, and the user wishes to add a comment, once you 
> > press the Control+Alt+C keybinding to add a comment to a highlighted 
> > portion of text, or to a area of text that is proceeding the cursor, Orca 
> > does not interact with the comment field. Arrowing through the text typed 
> > out provides no speech output. Deleting text does not provide speech output.
> > 
> > Activating the menu item under Insert, Comment, yields the same result.
> > 
> > Using the Control + Alt + Page Up and Page Down functions to cycle through 
> > comments only reads the text written out for that particular area that is 
> > commented, does not allow navigation to the actual comment itself with orca.
> > 
> > Perhaps provide a keybinding that will get to the list of comments 
> > presented should there already be some?
> 

Bug#870371: RM: trinityrnaseq [kfreebsd-amd64] -- RoQA; transitive B-D valgrind not available on kfreebsd

[Andreas Beckmann]

Package: ftp.debian.org
Severity: normal

and B-D jellyfish not available on kfreebsd, soon

Andreas

Bug#870372: RM: pbbam [kfreebsd-i386 m68k sh4 powerpcspe] -- RoQA; FTBFS on all 32-bit arches

[Andreas Beckmann]

Package: ftp.debian.org
Severity: normal

so remove the last remaining binaries


Andreas

Bug#869686: fio: new upstream version 2.99 available

[Martin Steigerwald]

Hi Michael.

Michael Prokop - 25.07.17, 18:37:
> fio v2.99 is supposed to be the last release before we'll see a 3.0
> release and it was released at the beginning of this month (July 2017).
> 
> Would be nice to have a current version available in Debian, because
> there have been quite some changes since v2.16 back from December 2016.

Thank you for your wishlist request.

Currently I have other more high priority items at work. It will likely take 
at least a week till I feel comfortable to take time for packaging a fio 
update.

In case you´d like to have this packaged faster feel free to update the 
packaging.

Thank you,

Bug#870374: libreoffice-writer: Accessible focus event missing when caret moves to start of paragraph spanning two pages

[Alex ARNAUD]

Package: libreoffice-writer
Version: 5.2 1:5.4.0-1
Tags: a11y upstream
Owner: b...@hypra.fr
User: b...@hypra.fr
Usertags: hypra
Forwarded: https://bugs.documentfoundation.org/show_bug.cgi?id=94113

DESCRIPTION FROM UPSTREAM:

Steps to reproduce:
1. Open the attached test case in Writer
2. Launch the attached pyatspi accessible-event listener in a terminal
3. Position the caret in the middle of the last line on the first page
4. Down arrow once then up arrow
5. Position the caret at the start of the last line on the first page
6. Down arrow once then up arrow

Expected results: Each time the caret moves into the paragraph on the other 
page, that paragraph would emit both an object:state-changed:focused event and 
a caret moved event.

Actual results: The expected results *unless* the caret has moved from the 
start of the paragraph on page 2 to the start of the paragraph on page 1. In 
that instance, only the caret-moved event is received.

Annotated output from performing the steps above:

==
# Step 3: Position caret in middle of last line on first page
18:09:32 - [paragraph | ] with index in parent 11 - is focused.
18:09:32 - [paragraph | ] with index in parent 11 - caret moved to offset 14.

# Step 4: Down arrow and up arrow
18:09:35 - [paragraph | ] with index in parent 12 - is focused.
18:09:35 - [paragraph | ] with index in parent 12 - caret moved to offset 14.
18:09:38 - [paragraph | ] with index in parent 11 - is focused.
18:09:38 - [paragraph | ] with index in parent 11 - caret moved to offset 14.

# Step 5: Position caret at start of last line on first page
18:09:45 - [paragraph | ] with index in parent 11 - caret moved to offset 0.

# Step 6: Down arrow and up arrow
18:09:47 - [paragraph | ] with index in parent 11 - caret moved to offset 70.
18:09:47 - [paragraph | ] with index in parent 12 - is focused.
18:09:47 - [paragraph | ] with index in parent 12 - caret moved to offset 0.
18:09:52 - [paragraph | ] with index in parent 11 - caret moved to offset 0.
=

Bug#870375: gcc-7: Native gdc cross-builds fail

[John Paul Adrian Glaubitz]

Source: gcc-7
Version: 7.1.0-11
Severity: normal
Tags: patch

Hi!

Trying to do a cross-native build for m68k with gdc enabled fails with:

g++-o d/impcvgen d/impcnvgen.dmdgen.o
/usr/bin/ld: d/idgen.dmdgen.o: Relocations in generic ELF (EM: 4)
/usr/bin/ld: d/idgen.dmdgen.o: Relocations in generic ELF (EM: 4)
/usr/bin/ld: d/idgen.dmdgen.o: Relocations in generic ELF (EM: 4)
/usr/bin/ld: d/idgen.dmdgen.o: Relocations in generic ELF (EM: 4)
/usr/bin/ld: d/idgen.dmdgen.o: Relocations in generic ELF (EM: 4)
/usr/bin/ld: d/idgen.dmdgen.o: Relocations in generic ELF (EM: 4)
/usr/bin/ld: d/idgen.dmdgen.o: Relocations in generic ELF (EM: 4)
/usr/bin/ld: d/idgen.dmdgen.o: Relocations in generic ELF (EM: 4)
d/idgen.dmdgen.o: error adding symbols: File in wrong format
collect2: error: ld returned 1 exit status
../../src/gcc/d/Make-lang.in:254: recipe for target 'd/idgen' failed

I'm currently working around this issue by adding the following
changes to debian/rules.defs:

--- debian/rules.defs.orig  2017-08-01 15:35:52.999394076 +0200
+++ debian/rules.defs   2017-08-01 15:27:13.531269664 +0200
@@ -869,6 +869,9 @@
 ifeq ($(DEB_STAGE)-$(filter libphobos, $(with_rtlibs)),rtlibs-)
   with_d := disabled for rtlibs stage
 endif
+ifeq (,$(filter $(build_type), build-cross build-native))
+   with_d += no
+endif
 with_d := $(call envfilt, d, , , $(with_d))
 
 #with_d := not yet built for GCC 7

I'm attaching the patch just in case. I will also test whether this
affects other architectures for cross-native builds.

Adrian

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
--- debian/rules.defs.orig  2017-08-01 15:35:52.999394076 +0200
+++ debian/rules.defs   2017-08-01 15:27:13.531269664 +0200
@@ -869,6 +869,9 @@
 ifeq ($(DEB_STAGE)-$(filter libphobos, $(with_rtlibs)),rtlibs-)
   with_d := disabled for rtlibs stage
 endif
+ifeq (,$(filter $(build_type), build-cross build-native))
+   with_d += no
+endif
 with_d := $(call envfilt, d, , , $(with_d))
 
 #with_d := not yet built for GCC 7

Bug#870361: systemd: after/before is ignored

[Michael Biebl]

Am 27.07.2017 um 17:23 schrieb Vladki:
> Package: systemd
> Version: 232-25+deb9u1
> Severity: normal
> 
> Dear Maintainer,
> 
> I wanted to create my own systemd unit to mount encrypted fs, and needed
> to ensure that it starts after the networking is fully up, and before
> zfs and samba starts. After many experiments with
> after/before/wants/requires/wantedBy/requiredBy, I got to a partial
> succes with sequence: network-online.target (dhclient up) -> 
> custom_mount_end.service
> -> zfs.target.
> 
> But smbd is still starting too early. By default it has After=nmbd.service, 
> and
> nmbd has After=network-online.target. But the reaility is that smbd is
> started in parallel with dhclient, while nmbd correctly waits for
> dhclient to set up networking.
> 
> I tried to add After=zfs.target and Wants=zfs.target to smbd, call
> systemctl reeenable smbd, reboot. But it still starts too early.
> 
> Either the documentation is not clear enough or the options After and
> Before are not working as they should.

I'm pretty sure After/Before works correctly.
Can you please be more specific which units should be ordered against
each other in what way.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#758434: Re : Bug#870366: libreoffice-writer: Comment text not accessible with screen reader

[Alex ARNAUD]

Le 01/08/2017 à 15:26, MENGUAL Jean-Philippe a écrit :

Hi,


Hi,


I had submitted a similar bug related to gnome-orca:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758434

When I did we did not have explanations about origin of the bug, etc. Maybe we 
should merge them, or close the gnome-orca one, or reaffect orca ont to it?


We could link the bug you mention on this one.

Best regards.
--
Alex ARNAUD
Visual-Impairment Project Manager
Hypra - "Humanizing technology"

Bug#870376: jessie-pu: package sudo/1.8.10p3-1+deb8u5

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi

sudo in jessie ist still affected by CVE-2017-1000368. The issue IMHo
does not need a DSA, since with the previous fixes due to the /dev
traversal changes the issue was not anymore exploitable. Still it
would make sense IMHO to address it. Attached is the proposed debdiff.

But in the Debian BTS: #863897

Regards,
Salvatore
diff -Nru sudo-1.8.10p3/debian/changelog sudo-1.8.10p3/debian/changelog
--- sudo-1.8.10p3/debian/changelog  2017-05-28 13:25:43.0 +0200
+++ sudo-1.8.10p3/debian/changelog  2017-08-01 15:00:25.0 +0200
@@ -1,3 +1,10 @@
+sudo (1.8.10p3-1+deb8u5) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
+
+ -- Salvatore Bonaccorso   Tue, 01 Aug 2017 15:00:25 +0200
+
 sudo (1.8.10p3-1+deb8u4) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru sudo-1.8.10p3/debian/patches/CVE-2017-1000368.patch 
sudo-1.8.10p3/debian/patches/CVE-2017-1000368.patch
--- sudo-1.8.10p3/debian/patches/CVE-2017-1000368.patch 1970-01-01 
01:00:00.0 +0100
+++ sudo-1.8.10p3/debian/patches/CVE-2017-1000368.patch 2017-08-01 
15:00:25.0 +0200
@@ -0,0 +1,76 @@
+
+# HG changeset patch
+# User Todd C. Miller 
+# Date 1496243671 21600
+# Node ID 15a46f4007dde8e819dd2c70e670a529bbb9d312
+# Parent  6f3d9816541ba84055ae5aec6ff9d9523c2a96f3
+A command name may also contain newline characters so read
+/proc/self/stat until EOF.  It is not legal for /proc/self/stat to
+contain embedded NUL bytes so treat the file as corrupt if we see
+any.  With help from Qualys.
+
+This is not exploitable due to the /dev traversal changes in sudo
+1.8.20p1 (thanks Solar!).
+
+--- a/src/ttyname.c
 b/src/ttyname.c
+@@ -412,24 +412,36 @@ get_process_ttyname(void)
+ char *
+ get_process_ttyname(void)
+ {
+-char path[PATH_MAX], *line = NULL, *tty = NULL;
+-size_t linesize = 0;
+-ssize_t len;
+-FILE *fp;
++char path[PATH_MAX], *tty = NULL;
++char *cp, buf[1024];
++ssize_t nread;
++int fd;
+ debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
+ 
+-/* Try to determine the tty from tty_nr in /proc/pid/stat. */
+-snprintf(path, sizeof(path), "/proc/%u/stat", (unsigned int)getpid());
+-if ((fp = fopen(path, "r")) != NULL) {
+-  len = getline(&line, &linesize, fp);
+-  fclose(fp);
+-  if (len != -1) {
++/*
++ * Try to determine the tty from tty_nr in /proc/pid/stat.
++ * Ignore /proc/self/stat if it contains embedded NUL bytes.
++ */
++if ((fd = open(path, O_RDONLY | O_NOFOLLOW)) != -1) {
++cp = buf;
++while ((nread = read(fd, cp, buf + sizeof(buf) - cp)) != 0) {
++if (nread == -1) {
++if (errno == EAGAIN || errno == EINTR)
++continue;
++break;
++}
++cp += nread;
++if (cp >= buf + sizeof(buf))
++break;
++}
++if (nread == 0 && memchr(buf, '\0', cp - buf) == NULL) {
+ /*
+  * Field 7 is the tty dev (0 if no tty).
+- * Since the process name at field 2 "(comm)" may include spaces,
+- * start at the last ')' found.
++ * Since the process name at field 2 "(comm)" may include
++ * whitespace (including newlines), start at the last ')' found.
+  */
+-char *cp = strrchr(line, ')');
++*cp = '\0';
++cp = strrchr(buf, ')');
+ if (cp != NULL) {
+ char *ep = cp;
+ const char *errstr;
+@@ -453,7 +465,8 @@ get_process_ttyname(void)
+ }
+   }
+   }
+-  efree(line);
++if (fd != -1)
++close(fd);
+ }
+ 
+ debug_return_str(tty);
diff -Nru sudo-1.8.10p3/debian/patches/series 
sudo-1.8.10p3/debian/patches/series
--- sudo-1.8.10p3/debian/patches/series 2017-05-28 13:25:43.0 +0200
+++ sudo-1.8.10p3/debian/patches/series 2017-08-01 15:00:25.0 +0200
@@ -16,3 +16,4 @@
 CVE-2015-5602-6.patch
 CVE-2015-5602-7.patch
 CVE-2017-1000367.patch
+CVE-2017-1000368.patch