Bug#764483: gettext: Please support setting COPYRIGHT_HOLDER from an autoconf variable (fwd)

2019-08-29 Thread Bruno Haible 
Hi Santiago,

Re 
   

> For dpkg, which uses muliple po directories, I'd like to be able to
> set the COPYRIGHT_HOLDER variable centrally, instead of having to set
> it on each po/Makevars file, and possibly having to keep it in sync.
> 
> It would be nice if gettext supported setting it from an autoconf
> variable (with AC_SUBST), in the same way MSGID_BUGS_ADDRESS falls
> back to use PACKAGE_BUGREPORT when MSGID_BUGS_ADDRESS is empty.
> 
> This might require setting something like:
> 
>   PACKAGE_COPYRIGHT_HOLDER = @PACKAGE_COPYRIGHT_HOLDER@
> 
> in Makefile.in.in, and making the code fallback to use that if
> COPYRIGHT_HOLDER is not set.

This would be a useful feature for packages with more than 10 'po'
directories.

But given that
  - Most packages have not more than 2 'po' directories,
  - Even dpkg has only 4 'po' directories [1],
  - The copyright holder typically does not change more frequently
than once in 10 years,
this feature does not seem worth the added complexity in the
documentation. Namely, the current state [2] is that
  - customizations for the build process go in configure.ac,
  - customizations for the 'po' directories go in po/Makevars and
po/LINGUAS and po/POTFILES.in.
The suggested feature would blur this simple rule.

So, it's declined.

Bruno

[1] git clone https://git.dpkg.org/git/dpkg/dpkg.git
[2] https://www.gnu.org/software/gettext/manual/html_node/Adjusting-Files.html

Bug#936019: onboard triggers user logout

2019-08-29 Thread Peter Solari 
Package: onboard
Version: 1.4.1-4+b1
Severity: normal
Tags: l10n

Dear Maintainer,

When key is held, international keys appear on the onscreen keyboard.
If an international key is clicked, it triggers user logout.

But this happens only when such an international key (say ž) is not part 
of the current "normal" keyboard layout (say US layout). With Slovak layout
clicking ž will not trigger logout. I'm not sure if user locale also affects
it.

This does not happen in Xubuntu 18.04 with onboard version 1.4.1-2ubuntu1.
There, such a click is either ignored, or keypress is correctly generated
even "outside" of current keyboard layout.


-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=sk_SK.UTF-8, LC_CTYPE=sk_SK.UTF-8 (charmap=UTF-8), 
LANGUAGE=sk_SK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages onboard depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.30.1-2
ii  gir1.2-gdkpixbuf-2.0 2.38.1+dfsg-1
ii  gir1.2-glib-2.0  1.58.3-2
ii  gir1.2-gtk-3.0   3.24.5-1
ii  gir1.2-pango-1.0 1.42.4-7~deb10u1
ii  iso-codes4.2-1
ii  libc62.28-10
ii  libcairo-gobject21.16.0-4
ii  libcairo21.16.0-4
ii  libcanberra0 0.30-7
ii  libdconf10.30.1-2
ii  libgcc1  1:8.3.0-6
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.58.3-2
ii  libgtk-3-0   3.24.5-1
ii  libhunspell-1.7-01.7.0-2
ii  libpango-1.0-0   1.42.4-7~deb10u1
ii  libpangocairo-1.0-0  1.42.4-7~deb10u1
ii  librsvg2-common  2.44.10-2.1
ii  libstdc++6   8.3.0-6
ii  libudev1 241-5
ii  libx11-6 2:1.6.7-1
ii  libxi6   2:1.7.9-1
ii  libxkbfile1  1:1.0.9-2+b11
ii  libxtst6 2:1.2.3-1
ii  onboard-common   1.4.1-4
ii  python3  3.7.3-1
ii  python3-cairo1.16.2-1+b1
ii  python3-dbus 1.2.8-3
ii  python3-gi-cairo 3.30.4-1

Versions of packages onboard recommends:
ii  gir1.2-atspi-2.0 2.30.0-7
ii  gir1.2-ayatanaappindicator3-0.1  0.5.3-4
ii  onboard-data 1.4.1-4
ii  xdg-utils1.1.3-1

Versions of packages onboard suggests:
pn  mousetweaks  

-- no debconf information

Bug#935990: osmpbf not rebuilt for protobuf 3.6.1

2019-08-29 Thread Bas Couwenberg 

reassign 935990 src:osmpbf
found 935990 osmpbf/1.3.3-11
affects 935990 src:mkgmap src:mkgmap-splitter src:osmosis
thanks

Hi Melvin,

Thanks for reporting this issue.

It seems to be caused by osmpbf not being rebuilt when protobuf was 
updated to 3.6.1.


Rebuilding osmpbf with libprotobuf-java in buster resolves the issue.

I'll prepare a new upload to unstable and a stable update to fix this 
issue.


Kind Regards,

Bas

Bug#936018: New upstream release

2019-08-29 Thread Laurent Bigonville 
Source: virglrenderer
Version: 0.7.0-2
Severity: wishlist

Hello,

Apparently there is a new upstream release for virglrenderer (0.8)

Could you please package it?

Kind regards,

Laurent Bigonville

https://www.collabora.com/news-and-blog/blog/2019/08/28/virglrenderer-state-of-virtualized-virtual-worlds/

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#936020: /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator upon removal

2019-08-29 Thread Olivier Berger 
Package: sympa
Version: 6.2.40~dfsg-1
Severity: normal

Dear Maintainer,

Upon removal of sympa (not purge), I got:
Suppression de sympa (6.2.40~dfsg-1) ...
/var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator
Conf sympa disabled.
apache2_invoke postrm: Disable configuration sympa.conf
apache2_invoke sympa-soap.conf postrm: No action required

That "unexpected operator" message doesn't look great...

Hope this helps,

Best regards,

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sympa depends on:
ii  adduser3.118
ii  ca-certificates20190110
pn  dbconfig-common
ii  debconf [debconf-2.0]  1.5.73
ii  exim4-daemon-light [mail-transport-agent]  4.92.1-2
ii  fonts-font-awesome 5.0.10+really4.7.0~dfsg-1
ii  libarchive-zip-perl1.64-1
ii  libc6  2.28-10
ii  libcgi-fast-perl   1:2.15-1
ii  libcgi-pm-perl 4.44-1
pn  libclass-singleton-perl
pn  libcrypt-eksblowfish-perl  
pn  libcrypt-openssl-x509-perl 
pn  libcrypt-smime-perl
pn  libdatetime-format-mail-perl   
pn  libdbd-csv-perl
pn  libdbd-mysql-perl  
pn  libdbd-pg-perl 
pn  libdbd-sqlite3-perl
ii  libdbi-perl1.642-1+b1
ii  libfcgi-perl   0.78-2+b3
pn  libfile-copy-recursive-perl
pn  libfile-nfslock-perl   
ii  libhtml-format-perl2.12-1
pn  libhtml-stripscripts-parser-perl   
ii  libhtml-tree-perl  5.07-2
pn  libintl-perl   
ii  libio-stringy-perl 2.111-3
ii  libjs-jquery   3.3.1~dfsg-3
pn  libjs-jquery-migrate-1 
pn  libjs-jquery-minicolors
ii  libjs-jquery-ui1.12.1+dfsg-5
pn  libmail-dkim-perl  
ii  libmailtools-perl  2.21-1
ii  libmime-charset-perl   1.012.2-1
pn  libmime-encwords-perl  
pn  libmime-lite-html-perl 
ii  libmime-tools-perl 5.509-1
pn  libnet-cidr-perl   
ii  libnet-dns-perl1.20-1
pn  libnet-ldap-perl   
pn  libnet-netmask-perl
pn  libregexp-common-perl  
ii  libsoap-lite-perl  1.27-1
ii  libtemplate-perl   2.27-1+b1
pn  libterm-progressbar-perl   
ii  libunicode-linebreak-perl  0.0.20190101-1+b1
ii  libxml-libxml-perl 2.0134+dfsg-1
ii  lsb-base   11.1.0
pn  mhonarc
ii  perl   5.28.1-6
ii  rsyslog [system-log-daemon]8.1907.0-1
ii  sqlite33.29.0-2

Versions of packages sympa recommends:
pn  apache2-suexec 
pn  default-mysql-server | postgresql  
pn  doc-base   
pn  libapache2-mod-fcgid   
pn  libcrypt-ciphersaber-perl  
ii  libio-socket-ssl-perl  2.066-1
ii  locales2.28-10
ii  logrotate  3.14.0-4

Versions of packages sympa suggests:
ii  apache2 [httpd-cgi]  2.4.41-1
pn  libauthcas-perl  
pn  libdbd-odbc-perl 
pn  libdbd-oracle-perl   

-- 
Olivier BERGER 
https://www-public.imtbs-tsp.eu/~berger_o/ - OpenPGP 2048R/0xF9EAE3A65819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

Bug#936021: Please add "mountd 20048" to "/etc/services"

2019-08-29 Thread Tom H 
Package: netbase
Version: 5.6

Please add "mountd 20048" to "/etc/services". Thanks.

Bug#936022: buster-pu: package osmpbf/1.3.3-11

2019-08-29 Thread Bas Couwenberg 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

To fix the PBF support in the osmpbf rdeps it needs to be rebuilt with
protobuf 3.6.1 as reported in #935990.

There are no actual changes to the source package for this, just
rebuilding with the protobuf package in buster fixes the issue.

The libprotobuf-java rdeps weren't rebuilt as part of the transition.

Kind Regards,

Bas
diff -Nru osmpbf-1.3.3/debian/changelog osmpbf-1.3.3/debian/changelog
--- osmpbf-1.3.3/debian/changelog   2018-08-18 17:11:02.0 +0200
+++ osmpbf-1.3.3/debian/changelog   2019-08-29 09:19:36.0 +0200
@@ -1,3 +1,11 @@
+osmpbf (1.3.3-11+deb10u1) buster; urgency=medium
+
+  * Update branch in gbp.conf & Vcs-Git URL.
+  * Rebuild with protobuf 3.6.1.
+(closes: #935990)
+
+ -- Bas Couwenberg   Thu, 29 Aug 2019 09:19:36 +0200
+
 osmpbf (1.3.3-11) unstable; urgency=medium
 
   * Bump Standards-Version to 4.2.0, no changes.
diff -Nru osmpbf-1.3.3/debian/control osmpbf-1.3.3/debian/control
--- osmpbf-1.3.3/debian/control 2018-08-05 20:39:56.0 +0200
+++ osmpbf-1.3.3/debian/control 2019-08-29 09:19:36.0 +0200
@@ -13,7 +13,7 @@
maven-repo-helper
 Standards-Version: 4.2.0
 Vcs-Browser: https://salsa.debian.org/debian-gis-team/osmpbf
-Vcs-Git: https://salsa.debian.org/debian-gis-team/osmpbf.git
+Vcs-Git: https://salsa.debian.org/debian-gis-team/osmpbf.git -b buster
 Homepage: https://github.com/scrosby/OSM-binary
 
 Package: libosmpbf-java
diff -Nru osmpbf-1.3.3/debian/gbp.conf osmpbf-1.3.3/debian/gbp.conf
--- osmpbf-1.3.3/debian/gbp.conf2016-09-02 18:32:37.0 +0200
+++ osmpbf-1.3.3/debian/gbp.conf2019-08-29 09:19:36.0 +0200
@@ -1,6 +1,6 @@
 
 [DEFAULT]
 upstream-branch = master
-debian-branch = debian
+debian-branch = buster
 pristine-tar = True

Bug#936023: CVE-2019-15767

2019-08-29 Thread Moritz Muehlenhoff 
Package: gnuchess
Severity: important

This was assigned CVE-2019-15767:
https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg4.html

Cheers,
Moritz

Bug#936024: CVE-2019-15758 CVE-2019-15759

2019-08-29 Thread Moritz Muehlenhoff 
Package: binaryen
Severity: important

This was assigned CVE-2019-15758 and CVE-2019-15759:
https://github.com/WebAssembly/binaryen/issues/2288
https://github.com/WebAssembly/binaryen/pull/2290

Cheers,
Moritz

Bug#936025: CVE-2019-15553

2019-08-29 Thread Moritz Muehlenhoff 
Source: rust-memoffset
Severity: grave
Tags: security

Please see https://rustsec.org/advisories/RUSTSEC-2019-0011.html

Cheers,
Moritz

Bug#936027: libpam-script: Using "sufficient" prevents running post-auth modules

2019-08-29 Thread Matthijs Kooijman 
Package: libpam-script
Version: 1.1.9-4
Severity: normal

Hi,

I've just installed libpam-script, and noticed it uses "sufficient" in
its pam config lines. This results in e.g. the following common-auth on
my system:

  # here are the per-package modules (the "Primary" block)
  authsufficient  pam_script.so
  auth[success=1 default=ignore]  pam_unix.so nullok_secure 
try_first_pass
  # here's the fallback if no module succeeds
  authrequisite   pam_deny.so
  # prime the stack with a positive return value if there isn't one
  # already; this avoids us returning an error just because nothing sets
  # a success code since the modules above will each just jump around
  authrequiredpam_permit.so
  # and here are more per-package modules (the "Additional" block)
  authoptionalpam_fscrypt.so
  authoptionalpam_cap.so
  # end of pam-auth-update config

IIUC, sufficient means to stop executing other modules if the script
succeeds. This is fine wrt other modules that do additional "primary"
authentication checks (e.g. only one of them needs to succeed), but
AFAICS this also prevents running additional modules (that typically run
after the primary modules (such as the fscrpt or cap modules above).

As you can see, the unix module uses a jump to skip any other primary
modules, rather than sufficient to skip *all* other modules. This is
something that pam-auth-update can apparently automatically handle.
Here's how this looks in /usr/share/pam-configs/unix:

  Name: Unix authentication
  Default: yes
  Priority: 256
  Auth-Type: Primary
  Auth:
  [success=end default=ignore]pam_unix.so nullok_secure 
try_first_pass
  Auth-Initial:
  [success=end default=ignore]pam_unix.so nullok_secure
  Account-Type: Primary
  Account:
  [success=end new_authtok_reqd=done default=ignore]  pam_unix.so
  Account-Initial:
  [success=end new_authtok_reqd=done default=ignore]  pam_unix.so

Note the "success=end", which I assume to be autoreplaced with an appropriate 
value.

Gr.

Matthijs

-- System Information:
Debian Release: buster/sid
  APT prefers disco-updates
  APT policy: (990, 'disco-updates'), (990, 'disco-security'), (990, 
'disco-backports'), (990, 'disco'), (50, 'testing'), (50, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.0-25-generic (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libpam-script depends on:
ii  libc6 2.29-0ubuntu2
ii  libpam0g  1.3.1-5ubuntu1

libpam-script recommends no packages.

libpam-script suggests no packages.

-- no debconf information

Bug#935290: rakudo: FTBFS on amd64

2019-08-29 Thread Dominique Dumont 
On Tuesday, 27 August 2019 18:33:30 CEST M. Zhou wrote:
> > On the other hand, I'm able to build rakudo 2019-07 on my system with
> > latest libuv1.
> 
> Have you built it with the root user? The build would pass.
> Try to switch to a normal user and it would FTBFS.

Oops... Actually, I forgot to do a git pull before trying. So I'm not able to 
build rakudo 2019-07 with libuv1 1.30.1 . I've nor tried as root user. Sorry 
about the confusion.

> I'm recently too busy to dig into these issues.

No problem. There's an upstream bug related to a similar issue on Arch linux:
https://github.com/rakudo/rakudo/issues/3090

I'm following up there.

All the best

Bug#936021: Please add "mountd 20048" to "/etc/services"

2019-08-29 Thread Marco d'Itri 
On Aug 29, Tom H  wrote:

> Please add "mountd 20048" to "/etc/services". Thanks.
Why? Please justify your request as discussed in the comment at the top 
of /etc/services.

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Bug#900981: transmission-remote-cli: Not maintained anymore from upstream.

2019-08-29 Thread Léo Girardin 
Dear Maintainer,

Sorry for resurrecting this thread but I’d like to second this request. Any 
plans on
packaging tremc or stig?

Best regards,

-- 
Léo Girardin

Bug#936028: dbconfig-common: [INTL:tr] turkish translation update

2019-08-29 Thread Atila KOÇ 

Package: dbconfig-common
Version: N/A
Severity: wishlist
Tags: l10n patch

Please find attached the Turkish translation of dbconfig-common package.
It has been submitted for review to the debian-l10n-turkish mailing
list.

Regards,
Atila KOÇ
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
# Atila KOÇ , 2012, 2015, 2019.
#
msgid ""
msgstr ""
"Project-Id-Version: dbconfig-common\n"
"Report-Msgid-Bugs-To: dbconfig-com...@packages.debian.org\n"
"POT-Creation-Date: 2019-08-18 20:35+0200\n"
"PO-Revision-Date: 2019-08-22 10:34+0300\n"
"Last-Translator: Atila KOÇ \n"
"Language-Team: Turkish \n"
"Language: tr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 2.2.1\n"

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:2001
msgid "Will this server be used to access remote databases?"
msgstr "Bu sunucu uzak veritabanlarına erişmek için kullanılacak mı?"

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:2001
msgid ""
"For the database types that support it, dbconfig-common includes support for "
"configuring databases on remote systems. When installing a package's "
"database via dbconfig-common, the questions related to remote configuration "
"are asked with a priority such that they are skipped for most systems."
msgstr ""
"Destekleyen veritabanı türleri için, dbconfig-common uzak sistemlerdeki "
"veritabanlarını yapılandırma desteği içerir. Bir paketin veritabanı dbconfig-"
"common aracılığı ile kurulurken, uzak yapılandırmaya ilişkin sorular çoğu "
"sistemde yanıtlamayı gerektirmeyecek şekilde sorulacaktır."

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:2001
msgid ""
"If you select this option, the default behavior will be to prompt you with "
"questions related to remote database configuration when you install new "
"packages."
msgstr ""
"Eğer bu seçeneği seçerseniz, yeni paketlerinizi kurarken, uzak "
"veritabanlarına ilişkin yapılandırmalarla ilgili soruların size sorulması "
"öntanımlı davranış olacaktır."

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:2001
msgid "If you are unsure, you should not select this option."
msgstr "Emin değilseniz, bu seçeneği seçmemelisiniz."

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:3001
msgid "Remember database passwords permanently in debconf?"
msgstr "Veritabanı parolaları debconf içerisinde kalıcı olarak saklansın mı?"

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:3001
msgid ""
"When you configure, upgrade, or remove applications with dbconfig-common, "
"administrator-level database passwords are needed. By default, these "
"passwords are not stored, so you will be prompted for them each time."
msgstr ""
"Uygulamaları dbconfig-common ile yapılandırdığınız, güncellediğiniz ya da "
"kaldırdığınızda yönetici seviyesi parolalar gerekecektir. Bu parolalar, "
"öntanımlı olarak saklanmadıklarından, her defasında sizden sorulacaktır."

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:3001
msgid ""
"Alternatively the passwords can be permanently remembered in the debconf "
"database (which is protected by Unix file permissions), though this is less "
"secure and thus not the default setting."
msgstr ""
"Alternatif olarak bu parolalar, Unix dosya erişim hakları ile korunan "
"debconf veritabanının içerisinde saklanabilir. Daha az güvenilir olan bu "
"seçenek öntanımlı değildir."

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:3001
msgid ""
"If you would rather not be bothered for an administrative password every "
"time you upgrade a database application with dbconfig-common, you should "
"choose this option. Otherwise, you should refuse this option."
msgstr ""
"dbconfig-common ile yapacağınız her veritabanı uygulaması yükseltimi "
"sırasında yönetimsel parola girmekle uğraşmak istemiyorsanız, bu seçeneği "
"seçiniz. Aksi durumda, bu seçeneği geri çeviriniz."

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:4001
msgid "Configure database for ${pkg} with dbconfig-common?"
msgstr "${pkg} paketinin veritabanı dbconfig-common ile yapılandırılsın mı?"

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:4001
msgid ""
"The ${pkg} package must have a database installed and configured before it "
"can be used. This can be optionally handled with dbconfig-common."
msgstr ""
"${pkg} paketi kullanılmadan önce kurulmuş ve yapılandırılmış bir veritabanı "
"olmalıdır. Dilerseniz bu işlem dbconfig-common tarafından yürütülebilir."

#. Type: boolean
#. Description
#: ../dbconfig-common.templates:4001
msgid ""
"If you are an advanced database administrator and know that you want to "
"perform this configuration manually, or if your da

Bug#927079: libpam-script: Filters environment variables

2019-08-29 Thread Matthijs Kooijman 
Package: libpam-script
Followup-For: Bug #927079


Hi,

you mentioned that libpam-script filters environment variables, but I
think this is not actually the case. Looking at the code, it only seems
to *add* a number of variables, not remove any.

For example I added the following line to my /etc/pam.d/sudo (just
before the common-auth line):

  auth optional pam_script.so dir=/etc/pam.d/lock-scripts

And then created /etc/pam.d/lock-scripts/pam_script_auth:

  #!/bin/sh
  env > /tmp/env

After running sudo, I get my entire environment in /tmp/env.

I suspect there might be other pam modules that might be clearing the
env, or maybe the application that calls the pam module?

Gr.

Matthijs

Bug#936029: apt fails to resolve multiple levels of provides

2019-08-29 Thread Ximin Luo 
Package: apt
Version: 1.8.3
Severity: important

Dear Maintainer,

apt is having trouble resolving the (correct) dependencies of a certain rust 
package:

$ sudo apt install librust-rand+default-dev
[..]
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 librust-rand+default-dev : Depends: librust-rand-dev (= 0.6.4-2)
Depends: librust-rand+std-dev (= 0.6.4-2)
E: Unable to correct problems, you have held broken packages.
exit code 100

A manual workaround is to supply the dependencies being complained about 
explicitly:

$ sudo apt install librust-rand+default-dev librust-rand-dev
[..]
The following additional packages will be installed:
[..]
0 upgraded, 25 newly installed, 0 to remove and 101 not upgraded.
Need to get 964 kB/1,280 kB of archives.
After this operation, 10.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] ^C

However this of course can't be done on the buildds, and is preventing
rust-debcargo from building, though strangely it has succeeded on some
architectures:

https://buildd.debian.org/status/package.php?p=rust-debcargo

Note that the dose3 checker succeeds, which is why the builds are being
attempted in the first place, as opposed to being stuck on BD-Uninstallable.

X

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable'), (300, 'unstable'), (100, 'experimental'), 
(1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser 3.118
ii  debian-archive-keyring  2019.1
ii  gpgv2.2.17-3
ii  libapt-pkg5.0   1.8.3
ii  libc6   2.28-10
ii  libgcc1 1:9.2.1-4
ii  libgnutls30 3.6.9-4
ii  libseccomp2 2.4.1-2
ii  libstdc++6  9.2.1-4

Versions of packages apt recommends:
ii  ca-certificates  20190110

Versions of packages apt suggests:
pn  apt-doc 
ii  aptitude0.8.11-7
ii  dpkg-dev1.19.7
ii  gnupg   2.2.17-3
ii  gnupg2  2.2.17-3
ii  powermgmt-base  1.36
ii  synaptic0.84.6+b1

-- no debconf information

Bug#900087: xserver-xorg-video-amdgpu: AMD RX 550 often locks up

2019-08-29 Thread Moritz Mühlenhoff 
On Sat, Jun 23, 2018 at 11:34:58AM -0700, Alan W. Irwin wrote:
> On 2018-06-02 10:07-0700 Alan W. Irwin wrote:
> 
> > The propagation of kernel 4.16.12 from Sid to Buster has greatly
> > improved this situation, i.e., no lock ups so far (uptime approaching
> > 3 days since I switched to 4.16.12 from 4.16.5) and may have
> > completely solved it. [...]
> 
> Well, further experience showed lockups occurred roughly as often for
> 4.16.12 as for 4.16.5.  So currently I am only able to use this
> computer in a reliable way using an X-terminal (an alternate computer
> with a different X server that runs "X -query "
> to control and display remote desktop results that are running on this
> computer).
> 
> Therefore I plan to wait for kernel 4.17.x (which apparently has many
> graphics fixes for modern AMD cards such as the RX 550) to propagate
> to Buster before I try this computer again with a local X server,
> i.e., direct use rather than X-terminal use.

I'm seeing the same with RX 570 (which according to Wikipedia should
be the same architecture as your RX 550) and the stable Buster release,
both with the standard 4.19 kernel and the 5.2 kernel from buster-backports.

Cheers,
Moritz

Bug#936030: /usr/bin/cloud-init: cloud-init 18.3 failed to detect network link type: cascading (datasource: OpenStack)

2019-08-29 Thread Sabrina-Mueller 

Package: cloud-init
Version: 18.3-6

Environment:
OpenTelekomCloud (OpenStack)
KVM VM
Debian 10 buster
DataSource: OpenStack


Dear Maintainer,


Boot a new installed VM in OpenTelekomCloud on KVM or manual run 'cloud-init -d 
init'
results in error message in /var/log/cloud-init-output.log that network 
interface can not be detected right.

Error msg: ValueError: Unknown network_data link type: cascading

# cloud-init clean -l; cloud-init -d init
(...)
2019-08-29 07:23:35,025 - util.py[WARNING]: failed stage init
failed run of stage init

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cloudinit/cmd/main.py", line 655, in 
status_wrapper
ret = functor(name, args)
  File "/usr/lib/python3/dist-packages/cloudinit/cmd/main.py", line 361, in 
main_init
init.apply_network_config(bring_up=bool(mode != sources.DSMODE_LOCAL))
  File "/usr/lib/python3/dist-packages/cloudinit/stages.py", line 640, in 
apply_network_config
netcfg, src = self._find_networking_config()
  File "/usr/lib/python3/dist-packages/cloudinit/stages.py", line 627, in 
_find_networking_config
if self.datasource and hasattr(self.datasource, 'network_config'):
  File 
"/usr/lib/python3/dist-packages/cloudinit/sources/DataSourceOpenStack.py", line 
114, in network_config
self.network_json, known_macs=None)
  File "/usr/lib/python3/dist-packages/cloudinit/sources/helpers/openstack.py", 
line 628, in convert_net_json
'Unknown network_data link type: %s' % link['type'])
ValueError: Unknown network_data link type: cascading


Scanning network_data.json get from dataSource OpenStack is not successfully.

Additional I'm wondering if it is even necessary to scan network_data.jso when 
network configuration set to disabled for cloud-init
# cat /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
network: {config: disabled}


More information about running VM:
===

# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Debian GNU/Linux 10 (buster)
Release:10
Codename:   buster

# cloud-init --version
/usr/bin/cloud-init 18.3

# dpkg -l | grep cloud-init
ii  cloud-init 18.3-6  all  
initialization system for infrastructure cloud instances
ii  cloud-initramfs-growroot   0.18.debian7all  
automatically resize the root partition on first boot

# systemd-detect-virt
kvm

# cat ds-identify.log
[up 3.04s] ds-identify
policy loaded: mode=search report=false found=all maybe=all notfound=disabled
/etc/cloud/cloud.cfg.d/90_dpkg.cfg set datasource_list: [ NoCloud, ConfigDrive, 
OpenNebula, Azure, AltCloud, OVF, MAAS, GCE, OpenStack, CloudSigma, SmartOS, 
Ec2, CloudStack, None ]
DMI_PRODUCT_NAME=OpenStack Nova
DMI_SYS_VENDOR=OpenStack Foundation
DMI_PRODUCT_SERIAL=65a965de-870a-4b0f-b3cd-698cca8ded47
DMI_PRODUCT_UUID=43ee03d1-7e16-409d-9e19-f65afb7f09da
PID_1_PRODUCT_NAME=unavailable
DMI_CHASSIS_ASSET_TAG=
FS_LABELS=cloudimg-rootfs
ISO9660_DEVS=
KERNEL_CMDLINE=BOOT_IMAGE=/boot/vmlinuz-4.19.0-5-amd64 
root=LABEL=cloudimg-rootfs ro console=tty0 console=ttyS0,115200 no_timer_check 
console=ttyS0,115200n8 console=tty0
VIRT=kvm
UNAME_KERNEL_NAME=Linux
UNAME_KERNEL_RELEASE=4.19.0-5-amd64
UNAME_KERNEL_VERSION=#1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08)
UNAME_MACHINE=x86_64
UNAME_NODENAME=test-debian-10-x86-64-20190828-1143-jenkins-143
UNAME_OPERATING_SYSTEM=GNU/Linux
DSNAME=
DSLIST=NoCloud ConfigDrive OpenNebula Azure AltCloud OVF MAAS GCE OpenStack 
CloudSigma SmartOS Ec2 CloudStack None
MODE=search
ON_FOUND=all
ON_MAYBE=all
ON_NOTFOUND=disabled
pid=216 ppid=198
is_container=false
is_ds_enabled(IBMCloud) = false.
is_ds_enabled(IBMCloud) = false.
check for 'OpenStack' returned found
ec2 platform is 'Unknown'.
Found single datasource: OpenStack
[up 3.09s] returning 0


# w3m -dump http://169.254.169.254/openstack/latest/network_data.json | jq ''
{
  "services": [
{
  "type": "dns",
  "address": "100.125.4.25"
},
{
  "type": "dns",
  "address": "8.8.8.8"
},
{
  "type": "dns",
  "address": "4.2.2.2"
}
  ],
  "networks": [
{
  "network_id": "16795ad2-e09f-4512-b8a7-8abeb6ff068f",
  "type": "ipv4_dhcp",
  "link": "tap81eb42ef-23",
  "id": "network0"
}
  ],
  "links": [
{
  "type": "cascading",
  "vif_id": "81eb42ef-23d6-4fa8-b9ec-98b7409b0878",
 "ethernet_mac_address": "fa:16:3e:81:37:ea",
  "id": "tap81eb42ef-23",
  "mtu": null
}
  ]
}

# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: ens3:  mtu 1500 qdisc pfifo_fast state UP

Bug#874950: New version stable?

2019-08-29 Thread Shengjing Zhu 
Hi Diego,

On Wed, Jul 24, 2019 at 12:32 AM Shengjing Zhu  wrote:
>
> On Mon, 22 Jul 2019 01:09:00 -0300 Diego Sarzi  wrote:
> > Thank you Shenging Zhy for the contribution.
> >
> > Can you tell me how is the stability of keepassx with its modifications,
> > referring to QT4 for QT5?
> >
> > Can we use it for the unstable version?
> >
>
> Hi, I see you adopt this package. That's great.
>
> I don't know the stability. But I have used this version after I
> uploaded it experimental, and didn't have any problem.

As keepassx will be removed from testing at 02 Sept, what's the plan
for you to upload the qt5 version? Do you need sponsor? I'm glad to
help.

-- 
Shengjing Zhu

Bug#936031: RM: znc-push -- ROM; obsolete source, binary took over by src:znc

2019-08-29 Thread Mattia Rizzolo 
Package: ftp.debian.org

Please drop src:znc-push; I uploaded it to NEW, but a few weeks after I
managed to agree with the src:znc maintainer and build the binary from
there, but there was a race and I didn't request rejection of this
source quickly enough.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#936032: systemd: Main process of service unit gets killed on reload if ExecReload fails

2019-08-29 Thread Nikos Kormpakis 
Package: systemd
Version: 241-5
Severity: important
Tags: upstream

Dear Maintainer,

systemd kills the main process of a service unit after issuing a reload
command, if the command in `ExecReload` fails. This is a regression
introduced in v239 by upstream commit ec5b145 [1].

This behavior is not an expected one and changed systemd's behavior
during the reload of a unit. Before v239, an `ExecReload` command with
a non-successful exit code, would not kill the main process of the
unit. The change may cause problems in production environments, when
configuration changes happen, that include typos or syntax errors.

Imagine the following scenario:
  * Production server runs haproxy
  * A configuration change happens
  * A reload gets triggered from a configuration management tool
  * HAProxy's `ExecReload` command, `haproxy -c` exits with code 1 due
to a syntax error.
  * systemd kills HAProxy, causing an outage

This issue has been reported upstream in issue #11238 [2] and has been
fixed in commit d611cfa [3] of pull request #13098 [4]. The fix is
quite fresh (2019-07-17) and seems that will be included in v243.

Unfortunately, this issue has unexpected side-effects and may cause
problems to Debian users that use systemd to manage production-grade
services, after upgrading to Buster.

I tried to apply the fix [3] on the package's source tree for Buster
and it seems to work; the patch applies cleanly, the package gets
builded and systemd behaves as expected.

I think that it is possible to include this fix in Buster.

Thanks for maintaining systemd in Debian,
Nikos

[1] 
https://github.com/systemd/systemd/commit/ec5b1452ac73e41274f9b3ca401f813fa079b9f0
[2] https://github.com/systemd/systemd/issues/11238
[3] 
https://github.com/systemd/systemd/commit/86bc88ca8dbdeeefc2e5032636b9677fda126184
[4] https://github.com/systemd/systemd/pull/13098

-- Package-specific info:

-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  adduser  3.118
ii  libacl1  2.2.53-4
ii  libapparmor1 2.13.2-10
ii  libaudit11:2.8.4-3
ii  libblkid12.33.1-0.1
ii  libc62.28-10
ii  libcap2  1:2.25-2
ii  libcryptsetup12  2:2.1.0-5
ii  libgcrypt20  1.8.4-5
ii  libgnutls30  3.6.7-4
ii  libgpg-error01.35-1
ii  libidn11 1.33-2.2
ii  libip4tc01.8.2-4
ii  libkmod2 26-1
ii  liblz4-1 1.8.3-1
ii  liblzma5 5.2.4-1
ii  libmount12.33.1-0.1
ii  libpam0g 1.3.1-5
ii  libseccomp2  2.3.3-4
ii  libselinux1  2.8-1+b1
ii  libsystemd0  241-5
ii  mount2.33.1-0.1
ii  util-linux   2.33.1-0.1

Versions of packages systemd recommends:
ii  dbus1.12.16-1
ii  libpam-systemd  241-5

Versions of packages systemd suggests:
ii  policykit-10.105-25
pn  systemd-container  

Versions of packages systemd is related to:
pn  dracut   
ii  initramfs-tools  0.133
ii  udev 241-5

-- no debconf information

Bug#934587: fd-find: shell completion does not work

2019-08-29 Thread Florent Lévigne 
Hello,

Thanks for the update, but the completion does not work (tested in zsh and 
bash).
It must be because of the executable name in Debian (fdfind and not fd).
I have completion when i type fd (which is a command not found), but nothing 
with fdfind.

Bug#934457: installation in chroot failing with Unknown device "/dev/fuse": No such device

2019-08-29 Thread Patrick Schleizer 
Thank you very much for looking into this!

Does the following information help to make head or tail of this?
Otherwise, I will provide better instruction for reproduction.

László Böszörményi (GCS):
>  How did you create that Buster chroot?


#!/bin/bash

set -x
set -e

img=/home/user/test.img

export http_proxy="http://127.0.0.1:3142";

export DEBUG="true"
export KERNEL="linux-image-amd64"

sudo -E \
bash -x \
grml-debootstrap \
--arch amd64 \
--filesystem ext4 \
--force \
--hostname host \
--mirror http://ftp.us.debian.org/debian \
--keep_src_list \
--password changeme \
--release buster \
--verbose \
--vmfile \
--vmsize "2G" \
--target "$img"


> Mine was created with
> 'pbuilder create' and


I guess it has to do with which folders are mounted in the chroot.

> I do have the fuse device in the chroot.

I have.

ls -la /dev/fuse
crw-rw-rw- 1 0 0 10, 229 Aug 29 07:10 /dev/fuse


fuse installation,

- works with only /dev mounted in chroot
- works with only /proc mounted in chroot
- does not work with both, /dev and /proc mounted in chroot


It is mounted using:

mount --bind "/dev" "$CHROOT_FOLDER/dev"
mount --bind "/proc" "$CHROOT_FOLDER/proc"

> As noted above, if the fuse device is not there, the udevadm is not
> run due to the check for that being false. One thing came into my mind
> is that you have the chroot on a mount point that has the nodev
> option. Can you check that please?


By the time this bug happened, nodev was not in use.

(Maybe nodev will be used in the future if that is possible.)


Setting up fuse (2.9.9-1) ...
+ set -e
+ [ -c /dev/cuse ]
+ chrooted
+ stat -c %d/%i /
+ stat -Lc %d/%i /proc/1/root
+ [ 64768/2 = 51715/2 ]
+ return 0
+ dpkg-statoverride --list /bin/fusermount
+ chmod 4755 /bin/fusermount
+ modprobe fuse
+ true
+ [ -x /sbin/lsmod ]
+ lsmod
+ grep -qs fuse
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/loop/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/xt_conntrack/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nft_counter/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nft_chain_nat_ipv4/holders': No such file or
directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/ipt_MASQUERADE/holders': No such file or
directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nf_nat_ipv4/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nf_nat/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nf_conntrack/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nf_defrag_ipv6/holders': No such file or
directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nf_defrag_ipv4/holders': No such file or
directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/libcrc32c/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nft_compat/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nf_tables/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/nfnetlink/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/fuse/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/binfmt_misc/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/intel_rapl/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/crct10dif_pclmul/holders': No such file or
directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/crc32_pclmul/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1931 kmod_module_get_holders:
could not open '/sys/module/crc32c_intel/holders': No such file or directory
libkmod: ERROR ../libkmod/libkmod-module

Bug#934587: [Pkg-rust-maintainers] Bug#934587: fd-find: shell completion does not work

2019-08-29 Thread Sylvestre Ledru 

Le 29/08/2019 à 11:31, Florent Lévigne a écrit :

Hello,

Thanks for the update, but the completion does not work (tested in zsh and 
bash).
It must be because of the executable name in Debian (fdfind and not fd).

Yeah, I will add symlinks for fix that, sorry :/
Could you please report a new bug?

You have a workaround:
add /usr/lib/cargo/bin/ in your PATH
to have fd

Cheers,
S

Bug#936033: ITP: pyprof2calltree -- visualise Python cProfile data with this kcachegrind converter

2019-08-29 Thread Nicholas D Steeves 
Package: wnpp
Severity: wishlist
Owner: Nicholas D Steeves 

Package name: pyprof2calltree
Version : 1.4.4
Upstream Author : Peter Waller 
URL : https://github.com/pwaller/pyprof2calltree
License : Expat, MIT, or custom-permissive (needs verification)
Programming Lang: Python
Description : visualise Python cProfile data with this kcachegrind converter

 Pyprof2calltree converts cProfile data into a format that is
 consumable by kcachegrind and qcachegrind for graphical calltree
 analysis.  This combination provides similar capabilities to Snakeviz
 or RunSnakeRun.
 .
 Pyprof2calltree is an adaptation of lsprofcalltree.py, by David
 Allouche, Jp Calderone, Itamar Shtull-Trauring, and Johan Dahlin.  It
 has been adapted to behave more like scripts in the
 kcachegrind-converters package.  One of the authors' objectives is
 for pyprof2calltree to become part of the official upstream kdesdk
 package.
 .
 This package installs the library for Python 3.

I am packaging this because of the cProfile visualisers Elpy (Emacs
IDE for Python) supports: one displays in a browser, RunSnakeRune is
Python 2 only, which leaves this package.  IMHO it's the most
desirable, but I have a KDE bias.

As I'm already on the QT/KDE Team and upstream intents to eventually
merge it into kdesdk, I believe the KDE Extras project is probably the
most appropriate place for it.  I will need a sponsor for the initial
upload.


Regards,
Nicholas

Bug#934147: geoip-database: Please ship GeoLite2 databases in MMDB format

2019-08-29 Thread Faidon Liambotis 
On Wed, Aug 28, 2019 at 03:05:07PM +0200, Patrick Matthäi wrote:
> > I'd be happy to help with that. Is the package in git somewhere? I don't
> > see Vcs-* headers - perhaps you could import it to salsa?
> 
> I have got my own subversion system for my packages. If you want to
> co-maintain geoip{-database} I could grant you access to it

I haven't used Subversion for about a decade, and I'd rather not do
collaborative development on someone's private server. Could we just
move this into salsa?

> For me building them from source was a requirement all the time, so that
> the package could be in main and not non-free or contrib. So it would be
> great if the MMDBs also could be in main.

We don't have any reason to believe CSV is the source and MMDB is not,
so I don't think this should affect inclusion in main.

Faidon

Bug#936034: broken http2 in apache2 2.4.25-3+deb9u8 for mod_dav_svn on stretch?

2019-08-29 Thread Fabien 


Package: apache2
Version: 2.4.25-3+deb9u8

It seems that since the updated version above, my svn server (through 
mod_dav_svn) does not serve contents correctly when using http2:


  sh> curl --http2 --verbose 
https://scm.cri.ensmp.fr/svn/nlpmake/trunk/makes/setup_pips.sh
  * ALPN, server accepted to use h2
  * Using HTTP2, server supports multi-use
  * Connection state changed (HTTP/2 confirmed)
  * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: 
len=0
  * Using Stream ID: 1 (easy handle 0x5576f7c8a3f0)
  > GET /svn/nlpmake/trunk/makes/setup_pips.sh HTTP/2
  > Host: scm.cri.ensmp.fr
  > User-Agent: curl/7.58.0
  > Accept: */*
  >
  * Connection state changed (MAX_CONCURRENT_STREAMS updated)!
  * Unexpected EOF
  * Connection #0 to host scm.cri.ensmp.fr left intact
  curl: (56) Unexpected EOF

But it works fine with "curl --http1.1 …"

Also, site works well with http1.1 browsers (eg w3m), but is inaccessible 
with modern http2 compatible browsers (firefox, chrome), which is 
consistent.


After some investigating, I found:

 [Thu Aug 29 11:49:14.974371 2019] [core:notice] [pid 19929:tid 
140177116143680] AH00052: child pid 19972 exit signal Segmentation fault (11)

Last time it worked with http2:

 10.2.14.177 - - [26/Aug/2019:23:33:01 +0200] "GET /svn/nlpmake/trunk/makes/setup_pips.sh HTTP/2.0" 
200 11361 "-" "curl/7.58.0"

So it is broken since after that date, which I guess is when the server 
was updated to the above version. It seems that there was no simulaneous 
mod_dav_svn updates, so the issue appeared with apache2 latest update.


Current workaround is to disactivate http2 module.

--
Fabien

Bug#936020: /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator upon removal

2019-08-29 Thread Stefan Hornburg (Racke) 
On 8/29/19 9:49 AM, Olivier Berger wrote:
> Package: sympa
> Version: 6.2.40~dfsg-1
> Severity: normal
> 
> Dear Maintainer,
> 
> Upon removal of sympa (not purge), I got:
> Suppression de sympa (6.2.40~dfsg-1) ...
> /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator
> Conf sympa disabled.
> apache2_invoke postrm: Disable configuration sympa.conf
> apache2_invoke sympa-soap.conf postrm: No action required
> 
> That "unexpected operator" message doesn't look great...

Hello Olivier,

I can not reproduce this problem. Which shell is used as /bin/sh?
Also this part is injected by deb helpers.

Regards
Racke

> 
> Hope this helps,
> 
> Best regards,
> 
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers testing
>   APT policy: (500, 'testing'), (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
> LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages sympa depends on:
> ii  adduser3.118
> ii  ca-certificates20190110
> pn  dbconfig-common
> ii  debconf [debconf-2.0]  1.5.73
> ii  exim4-daemon-light [mail-transport-agent]  4.92.1-2
> ii  fonts-font-awesome 5.0.10+really4.7.0~dfsg-1
> ii  libarchive-zip-perl1.64-1
> ii  libc6  2.28-10
> ii  libcgi-fast-perl   1:2.15-1
> ii  libcgi-pm-perl 4.44-1
> pn  libclass-singleton-perl
> pn  libcrypt-eksblowfish-perl  
> pn  libcrypt-openssl-x509-perl 
> pn  libcrypt-smime-perl
> pn  libdatetime-format-mail-perl   
> pn  libdbd-csv-perl
> pn  libdbd-mysql-perl  
> pn  libdbd-pg-perl 
> pn  libdbd-sqlite3-perl
> ii  libdbi-perl1.642-1+b1
> ii  libfcgi-perl   0.78-2+b3
> pn  libfile-copy-recursive-perl
> pn  libfile-nfslock-perl   
> ii  libhtml-format-perl2.12-1
> pn  libhtml-stripscripts-parser-perl   
> ii  libhtml-tree-perl  5.07-2
> pn  libintl-perl   
> ii  libio-stringy-perl 2.111-3
> ii  libjs-jquery   3.3.1~dfsg-3
> pn  libjs-jquery-migrate-1 
> pn  libjs-jquery-minicolors
> ii  libjs-jquery-ui1.12.1+dfsg-5
> pn  libmail-dkim-perl  
> ii  libmailtools-perl  2.21-1
> ii  libmime-charset-perl   1.012.2-1
> pn  libmime-encwords-perl  
> pn  libmime-lite-html-perl 
> ii  libmime-tools-perl 5.509-1
> pn  libnet-cidr-perl   
> ii  libnet-dns-perl1.20-1
> pn  libnet-ldap-perl   
> pn  libnet-netmask-perl
> pn  libregexp-common-perl  
> ii  libsoap-lite-perl  1.27-1
> ii  libtemplate-perl   2.27-1+b1
> pn  libterm-progressbar-perl   
> ii  libunicode-linebreak-perl  0.0.20190101-1+b1
> ii  libxml-libxml-perl 2.0134+dfsg-1
> ii  lsb-base   11.1.0
> pn  mhonarc
> ii  perl   5.28.1-6
> ii  rsyslog [system-log-daemon]8.1907.0-1
> ii  sqlite33.29.0-2
> 
> Versions of packages sympa recommends:
> pn  apache2-suexec 
> pn  default-mysql-server | postgresql  
> pn  doc-base   
> pn  libapache2-mod-fcgid   
> pn  libcrypt-ciphersaber-perl  
> ii  libio-socket-ssl-perl  2.066-1
> ii  locales2.28-10
> ii  logrotate  3.14.0-4
> 
> Versions of packages sympa suggests:
> ii  apache2 [httpd-cgi]  2.4.41-1
> pn  libauthcas-perl  
> pn  libdbd-odbc-perl 
> pn  libdbd-oracle-perl   
> 


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.



signature.asc
Description: OpenPGP digital signature

Bug#903161: Same issue here; solution found

2019-08-29 Thread Timo Sirainen 
On 29 Aug 2019, at 3.57, Josh Triplett  wrote:
> 
> On Wed, Aug 28, 2019 at 05:43:27PM -0700, Josh Triplett wrote:
>> So if the stats sockets don't exist at *all*, deliver won't complain.
>> 
>> To disable those stats sockets, add the following configuration to a
>> file in /etc/dovecot/conf.d/ :
> 
> Update: sadly this doesn't fully work, as it produces the following
> spurious errors in the logs:
> 
> Aug 28 17:54:27 cloud dovecot[3168]: imap-login: Error: 
> net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or 
> directory
> Aug 28 17:54:27 cloud dovecot[3168]: auth: Error: 
> net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or 
> directory
> Aug 28 17:54:27 cloud dovecot[3168]: auth: Error: stats: open(old-stats-user) 
> failed: No such file or directory
> Aug 28 17:54:28 cloud dovecot[3168]: auth: Error: 
> net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or 
> directory
> Aug 28 17:54:28 cloud dovecot[3168]: auth-worker(3182): Error: stats: 
> open(old-stats-user) failed: No such file or directory
> Aug 28 17:54:28 cloud dovecot[3168]: imap: Error: 
> net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or 
> directory
> 
> So while deliver has no problem ignoring such errors, the rest of
> dovecot unfortunately doesn't like that configuration.
> 
> I'd like to have a "disable all stats" configuration, rather than having
> to make a stats socket available to the user running deliver.

Add to dovecot.conf: stats_writer_socket_path=

Bug#935588: lttv 1.5-3+b1 flagged for acceptance

2019-08-29 Thread Adam D Barratt 
package release.debian.org
tags 935588 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: lttv
Version: 1.5-3+b1

Explanation: rebuild against new libbabeltrace

Bug#934147: geoip-database: Please ship GeoLite2 databases in MMDB format

2019-08-29 Thread Patrick Matthäi 


Am 29.08.2019 um 12:09 schrieb Faidon Liambotis:
> On Wed, Aug 28, 2019 at 03:05:07PM +0200, Patrick Matthäi wrote:
>>> I'd be happy to help with that. Is the package in git somewhere? I don't
>>> see Vcs-* headers - perhaps you could import it to salsa?
>> I have got my own subversion system for my packages. If you want to
>> co-maintain geoip{-database} I could grant you access to it
> I haven't used Subversion for about a decade, and I'd rather not do
> collaborative development on someone's private server. Could we just
> move this into salsa?
>
>> For me building them from source was a requirement all the time, so that
>> the package could be in main and not non-free or contrib. So it would be
>> great if the MMDBs also could be in main.
> We don't have any reason to believe CSV is the source and MMDB is not,
> so I don't think this should affect inclusion in main.
>
> Faidon
So why not leaving src:geoip-database for the legacy databases and
introduce a new src package for the new formats?

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: http://www.linux-dev.org/
E-Mail: pmatth...@debian.org
patr...@linux-dev.org
*/

Bug#936035: xfwm4: fails to load due to missing libxfconf-0.so.2

2019-08-29 Thread Theppitak Karoonboonyanan 
Package: xfwm4
Version: 4.14.0-1
Severity: serious
Justification: Policy 3.5

Dear Maintainer,

xfwm4 fails to start:

$ xfwm4
xfwm4: error while loading shared libraries: libxfconf-0.so.2: cannot
open shared object file: No such file or directory
$ ldd /usr/bin/xfwm4 | grep libxfconf
libxfconf-0.so.3 => /usr/lib/x86_64-linux-gnu/libxfconf-0.so.3
(0x7f74ba2f5000)
libxfconf-0.so.2 => not found
$

Fortunately, installing libxfconf-0-2 does make it load successfully,
but it's not listed as a dependency.

Actually, this bug can be grave (rendering the package unusable)
when libxfconf-0-2 is faded out.

Regards,
-- 
Theppitak Karoonboonyanan
http://linux.thai.net/~thep/

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500,
'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8),
LANGUAGE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xfwm4 depends on:
ii  libc6 2.28-10
ii  libcairo2 1.16.0-4
ii  libepoxy0 1.5.3-0.1
ii  libgdk-pixbuf2.0-02.38.1+dfsg-1
ii  libglib2.0-0  2.60.6-2
ii  libgtk-3-03.24.10-1
ii  libpango-1.0-01.42.4-7
ii  libpangocairo-1.0-0   1.42.4-7
ii  libstartup-notification0  0.12-6
ii  libwnck-3-0   3.32.0-1
ii  libx11-6  2:1.6.7-1
ii  libxcomposite11:0.4.4-2
ii  libxdamage1   1:1.1.5-1
ii  libxext6  2:1.3.3-1+b2
ii  libxfce4ui-2-04.14.1-1+b1
ii  libxfce4util7 4.14.0-1
ii  libxfconf-0-3 4.14.1-1
ii  libxfixes31:5.0.3-1
ii  libxi62:1.7.9-1
ii  libxinerama1  2:1.1.4-2
ii  libxpresent1  1.0.0-2+b10
ii  libxrandr22:1.5.1-1
ii  libxrender1   1:0.9.10-1

Versions of packages xfwm4 recommends:
ii  librsvg2-common  2.44.14-1

Versions of packages xfwm4 suggests:
ii  xfce4  4.14

-- no debconf information

Bug#934147: geoip-database: Please ship GeoLite2 databases in MMDB format

2019-08-29 Thread Faidon Liambotis 
On Thu, Aug 29, 2019 at 12:21:11PM +0200, Patrick Matthäi wrote:
> So why not leaving src:geoip-database for the legacy databases and
> introduce a new src package for the new formats?

Well, that's certainly doable, but it just feels like duplicated effort,
considering that the CSV/MMDB files are paired/part of the same
distribution by upstream, as well as the fact that these are volatile
files that need frequent updates (and even in stable). I was hoping to
collaborate here, but either way is OK with me.

Faidon

Bug#935128: aspell: potentially unbounded buffer over-read in GNU Aspell 0.60.*

2019-08-29 Thread Agustin Martin 
On Thu, Aug 29, 2019 at 12:26:59PM +0200, Agustin Martin wrote:
> 
> > There are some tests in test/.  There not very expensive and will make sure
> > that that Aspell is correctly patched with the new interface intended for
> > working with wide-characters  You should be able to run the tests by doing a
> > 
> >   make -C test
> 
> Unfortunately, this seems to need more that just the two git patches to work
> with plain 0.60.7 (only part of test/ is created), like an updated test dir,
> the aspell filter command and some new filters. Will try to extract the
> relevant patches and try.

Hi, Kevin

Applied aspell filter and markdown patches, but since I am only interested in
wide chars stuff,

$ make -C test/ wide

did the work after refreshing the build environment, it suceeded.

Thanks for your help,

-- 
Agustin

Bug#935069: installation-guide: remove mentions of floppies

2019-08-29 Thread Holger Wansing 
Control: tags -1 + patch


Ben Hutchings  wrote:
> On Wed, 2019-08-28 at 21:42 +0100, Miguel Figueiredo wrote:
> > Hello,
> > 
> > On 18/08/19 23:44, Holger Wansing wrote:
> > > Package: installation-guide
> > > Severity: wishlist
> > > 
> > > 
> > > The installation-guide still mentions floppies as installation-media.
> > > Remove that.
> > > 
> > > 
> > > Filing this bugreport as a reminder.
> > > 
> > > Holger
> 
> Maybe you should send the patch to the bug address?

Now done. Thanks


Holger


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076
diff --git a/build/arch-options/hurd-i386 b/build/arch-options/hurd-i386
index 0b341aeb6..7177cc32e 100644
--- a/build/arch-options/hurd-i386
+++ b/build/arch-options/hurd-i386
@@ -20,7 +20,6 @@ smp_config_option="N/A"
 fdisk="fdisk.txt;cfdisk.txt"
 network=""
 # For Lenny i386 does not have floppy images
-#boot="supports-floppy-boot;bootable-disk"
 boot="bootable-disk"
 frontend="newt"
 other=""
diff --git a/build/arch-options/i386 b/build/arch-options/i386
index 4cb7d5316..090b1ca5e 100644
--- a/build/arch-options/i386
+++ b/build/arch-options/i386
@@ -20,7 +20,6 @@ smp_config_option="Symmetric multi-processing support"
 fdisk="fdisk.txt;cfdisk.txt"
 network="supports-tftp;supports-bootp;supports-nfsroot"
 # For Lenny i386 does not have floppy images
-#boot="supports-floppy-boot;bootable-disk;bootable-usb"
 boot="bootable-disk;bootable-usb;isohybrid-supported"
 frontend="newt;gtk"
 other="supports-wireless;supports-pcmcia;supports-serial-console"
diff --git a/build/arch-options/kfreebsd-i386 b/build/arch-options/kfreebsd-i386
index 46be8b717..8da63c7ed 100644
--- a/build/arch-options/kfreebsd-i386
+++ b/build/arch-options/kfreebsd-i386
@@ -22,7 +22,6 @@ smp_config_option="Symmetric multi-processing support"
 fdisk="fdisk.txt;cfdisk.txt"
 network="supports-tftp;supports-bootp;supports-nfsroot"
 # For Lenny i386 does not have floppy images
-#boot="supports-floppy-boot;bootable-disk;bootable-usb"
 boot="bootable-disk;bootable-usb;isohybrid-unsupported"
 frontend="newt;not-gtk"
 other="supports-wireless;supports-pcmcia;supports-serial-console"
diff --git a/build/arch-options/powerpc b/build/arch-options/powerpc
index d885d54e2..db8a8d8fa 100644
--- a/build/arch-options/powerpc
+++ b/build/arch-options/powerpc
@@ -20,7 +20,7 @@ smp_config_option="Symmetric multi-processing support"
 # in the build scripts
 fdisk="mac-fdisk.txt;cfdisk.txt"
 network="supports-tftp;supports-bootp;supports-nfsroot"
-boot="supports-floppy-boot;bootable-disk"
+boot="bootable-disk"
 frontend="newt;gtk"
 other="supports-wireless;supports-pcmcia;supports-serial-console"
 smp="supports-smp-sometimes"
diff --git a/build/entities/common.ent b/build/entities/common.ent
index 128095798..37ebf5991 100644
--- a/build/entities/common.ent
+++ b/build/entities/common.ent
@@ -184,5 +184,4 @@ to first switch tasksel to that DE using the following command, e.g:
"install.386amd">
 
 
-
   
diff --git a/build/templates/docstruct.ent b/build/templates/docstruct.ent
index f3b6e8faa..112c7881b 100644
--- a/build/templates/docstruct.ent
+++ b/build/templates/docstruct.ent
@@ -60,10 +60,6 @@
  
 
 
-  
-   
-   
-
   


diff --git a/en/appendix/chroot-install.xml b/en/appendix/chroot-install.xml
index 6dd075af2..e4b7c2505 100644
--- a/en/appendix/chroot-install.xml
+++ b/en/appendix/chroot-install.xml
@@ -304,7 +304,6 @@ Here is a sample you can modify to suit:
 /dev/XXX none  swapsw   00
 proc /proc procdefaults 00
 
-/dev/fd0 /media/floppy autonoauto,rw,sync,user,exec 00
 /dev/cdrom   /media/cdrom  iso9660 noauto,ro,user,exec  00
 
 /dev/XXX /tmp  ext3rw,nosuid,nodev  02
diff --git a/en/appendix/files.xml b/en/appendix/files.xml
index 9ecbce948..0103afd2a 100644
--- a/en/appendix/files.xml
+++ b/en/appendix/files.xml
@@ -16,16 +16,6 @@ The most important device files are listed in the tables below.
 
 
 
-
-
-  fd0
-  First Floppy Drive
-
-  fd1
-  Second Floppy Drive
-
-
-
 
 
   sda
diff --git a/en/appendix/pppoe.xml b/en/appendix/pppoe.xml
index a4610abbf..d2d6d1292 100644
--- a/en/appendix/pppoe.xml
+++ b/en/appendix/pppoe.xml
@@ -22,7 +22,7 @@ after the reboot into the installed system (see ).
 To have the option of setting up and using PPPoE during the installation,
 you will need to install using one of the CD-ROM/DVD images that are
 available. It is not supported for other installation methods (e.g.
-netboot or floppy).
+netboot).
 
 
 
diff --git a/en/appendix/preseed.xml b/en/appendix/preseed.xml
index df8f2d841..1ec09a627 100644
--- a/en/appendix/preseed.xml
+++ b/en/appendix/preseed.xml
@@ -94,16 +94,6 @@ installation methods.
   yes
   yes
   yes
-
-  floppy based (cd-drivers)
-  yes
-  yes
-  yes
-
-  floppy based (net-drivers)
-  yes
-  no
-  yes
 
   generic
   yes
@@

Bug#936020: /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator upon removal

2019-08-29 Thread Olivier Berger 
Hallo.

"Stefan Hornburg (Racke)"  writes:

> On 8/29/19 9:49 AM, Olivier Berger wrote:
>> Package: sympa
>> Version: 6.2.40~dfsg-1
>> Severity: normal
>> 
>> Dear Maintainer,
>> 
>> Upon removal of sympa (not purge), I got:
>> Suppression de sympa (6.2.40~dfsg-1) ...
>> /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator
>> Conf sympa disabled.
>> apache2_invoke postrm: Disable configuration sympa.conf
>> apache2_invoke sympa-soap.conf postrm: No action required
>> 
>> That "unexpected operator" message doesn't look great...
>
> Hello Olivier,
>
> I can not reproduce this problem. Which shell is used as /bin/sh?
> Also this part is injected by deb helpers.
>

dash, it seems.

Hope this helps,

Vielen Danke,
-- 
Olivier BERGER 
https://www-public.imtbs-tsp.eu/~berger_o/ - OpenPGP 2048R/0xF9EAE3A65819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

Bug#936036: fd-find: shell completion does not works

2019-08-29 Thread Florent Lévigne 
Package: fd-find
Version: 7.3.0-3
Severity: normal

Hello,

Shell completion does not work (tested in zsh and bash), because of the
executable name in Debian (fdfind and not fd as in upstream).
I have completion when i type fd (which is a command not found), but nothing
with fdfind.



-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fd-find depends on:
ii  libc62.28-10
ii  libgcc1  1:8.3.0-6

fd-find recommends no packages.

fd-find suggests no packages.

-- no debconf information

Bug#935128: aspell: potentially unbounded buffer over-read in GNU Aspell 0.60.*

2019-08-29 Thread Agustin Martin 
On Wed, Aug 28, 2019 at 07:32:35PM -0400, Kevin Atkinson wrote:
> On Thu, 29 Aug 2019, Agustin Martin wrote:
> 
> > This message is sent to all packages that depend in some way on
> > libaspell15 (pdo addresses bcc'ed)
> > 
> > A potentially unbounded buffer over-read has been found in in GNU
> > Aspell 0.60.*. Package aspell 0.60.7-1 has been uploaded to Debian
> > experimental, including upstream patch to deal with this problem.
> 
> It looks like you just applied the patches from Git.  This will not work
> with a release as Aspell uses a lot of generated source files which are not
> checked into git.  You need to run 'maintainer/autogen' to update them after
> applying the patch. Assuming the normal Debian build process rebuilds the
> automake/conf related bits then you can likely get away with just doing a:
> 
>   cd auto/
>   perl -I ./ mk-src.pl
>   perl -I ./ mk-doc.pl
>   touch auto
>   cd ..

Thanks a lot for the info, 

aspell 0.60.7-2 just uploaded to Debian experimental. Build for the
different arches should start soon.

> There are some tests in test/.  There not very expensive and will make sure
> that that Aspell is correctly patched with the new interface intended for
> working with wide-characters  You should be able to run the tests by doing a
> 
>   make -C test

Unfortunately, this seems to need more that just the two git patches to work
with plain 0.60.7 (only part of test/ is created), like an updated test dir,
the aspell filter command and some new filters. Will try to extract the
relevant patches and try.

Regards,

-- 
Agustin

Bug#936014: dovecot: CVE-2019-11500

2019-08-29 Thread Salvatore Bonaccorso 
Hi Apollon,

On Thu, Aug 29, 2019 at 12:55:57PM +0300, Apollon Oikonomopoulos wrote:
> Source: dovecot
> Version: 1:2.3.7.2-1
> 
> Hi,
> 
> This was fixed in unstable in 1:2.3.7.2-1. Closing this manually as I 
> stripped the Closes: tag from d/changelog during a rebase ;)

Thank you!

Regards,
Salvatore

Bug#906258: yubico-piv-tool 1.4.2-2+deb9u2 flagged for acceptance

2019-08-29 Thread Adam D Barratt 
package release.debian.org
tags 906258 = stretch pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian stretch.

Thanks for your contribution!

Upload details
==

Package: yubico-piv-tool
Version: 1.4.2-2+deb9u2

Explanation: fix security issues [CVE-2018-14779 CVE-2018-14780]

Bug#936037: RM: trilinos [mips64el] -- RoM; FTBFS on buildds

2019-08-29 Thread Graham Inggs 

Package: ftp.debian.org

Dear FTP Team

Please remove binaries of trilinos on mips64el.  It no longer builds on 
the buildds, and each attempt takes 20+ hours.


Its only reverse-dependency, deal.ii, has not been able to build on 
mips64el since 2016.


Regards
Graham

Bug#906258: yubico-piv-tool 1.4.2-2+deb9u1 flagged for acceptance

2019-08-29 Thread Adam D Barratt 
package release.debian.org
tags 906258 = stretch pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian stretch.

Thanks for your contribution!

Upload details
==

Package: yubico-piv-tool
Version: 1.4.2-2+deb9u1

Explanation: fix security issues [CVE-2018-14779 CVE-2018-14780]

Bug#936038: GeoIP support broken

2019-08-29 Thread Faidon Liambotis 
Package: src:bro
Version: 2.6.1+ds1-1
Severity: normal
Tags: patch

Hi there,

src:bro seems to Build-Depend on libgeoip-dev, but no GeoIP supports
seems to built into the resulting binary. Upstream's NEWS for 2.6
mentions:
> - GeoIP Legacy Database support has been replaced with GeoIP2 MaxMind DB
>   format support.
> 
>   - This updates the "lookup_location" and "lookup_asn" BIFs to use
> libmaxminddb.  The motivation for this is that MaxMind is discontinuing
> GeoLite Legacy databases: no updates after April 1, 2018, no downloads
> after January 2, 2019.  It's also noted that all GeoIP Legacy databases
> may be discontinued as they are superseded by GeoIP2.

Modifying Build-Depends to remove "libgeoip-dev" and add
"libmaxminddb-dev" should fix this in the Debian packages.

Thanks,
Faidon

Bug#934810: aspell 0.60.7 available

2019-08-29 Thread Sebastien Bacher 
Thanks for the update Agustin.

I'm curious of what problem you saw/expect and on the reason it went to
experimental? Is there anything desktop environments/applications should
we watching for to make sure the new version is no creating problems
(I'm asking from a GNOME maintainer perspective)?

Thanks,
Sebastien Bacher

Le 17/08/2019 à 11:30, Agustin Martin a écrit :
> I read apell-devel and was aware of this new release. Just that there
> were more differences than expected with previous version and I wanted
> to look better at them and guess what they fix before uploading.

Bug#936039: GeoIP support broken

2019-08-29 Thread Faidon Liambotis 
Package: src:inspircd
Version: 3.3.0-1
Severity: normal

Hi there,

src:inspircd seems to Build-Depend on libgeoip-dev, but no GeoIP
supports seems to built into the resulting binary. Looking into the
source, it looks like there is support for using GeoIP2 (aka
libmaxminddb) in src/modules/extra/m_geo_maxmind.cpp. Most likely,
upstream removed support for GeoIP-Legacy (aka libgeoip) in favor of
GeoIP2.

Modifying Build-Depends to remove "libgeoip-dev" and add
"libmaxminddb-dev" should fix this.

Thanks,
Faidon

Bug#936040: isc-kea: CVE-2019-6472 CVE-2019-6473 CVE-2019-6474

2019-08-29 Thread Salvatore Bonaccorso 
Source: isc-kea
Version: 1.5.0-2
Severity: grave
Tags: security upstream

Hi,

The following vulnerabilities were published for isc-kea.

CVE-2019-6472[0]:
|A packet containing a malformed DUID can cause the kea-dhcp6 server to
|terminate

CVE-2019-6473[1]:
|An invalid hostname option can cause the kea-dhcp4 server to terminate

CVE-2019-6474[2]:
|An oversight when validating incoming client requests can lead to a
|situation where the Kea server will exit when trying to restart

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-6472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6472
[1] https://security-tracker.debian.org/tracker/CVE-2019-6473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6473
[2] https://security-tracker.debian.org/tracker/CVE-2019-6474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6474

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#885433: Access to wiki.debian.org is blocked with 403 Forbidden

2019-08-29 Thread jane anuprai 
1.0.179.0/24  is blocked too, perhaps whole TOT Thailand IP range?
1.0.128.0 - 1.0.191.255

Please unblock, thank you.

Bug#936032: systemd: Main process of service unit gets killed on reload if ExecReload fails

2019-08-29 Thread Michael Biebl 
Am 29.08.19 um 11:40 schrieb Nikos Kormpakis:

> I think that it is possible to include this fix in Buster.

Make's sense on a cursory glance. Thanks for the detailed bug report.

It's probably too late to do it for 10.1, as this release is just around
the door. But I'll try to get it into the next point release 10.2. This
will also give us some more time to give the patch more widespread
testing in unstable/testing.

Regards,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#859122: 31 DLAs missing from the website

2019-08-29 Thread Holger Levsen 
On Thu, Aug 22, 2019 at 05:38:18PM +1000, Brian May wrote:
> I believe all of these have now been resolved.

and YAY! (& sorry I forgot that in my previous mail!)


signature.asc
Description: PGP signature

Bug#859122: 31 DLAs missing from the website

2019-08-29 Thread Holger Levsen 
control: retitle -1 1 DLA missing from the website (or not)
thanks

Hi Brian,

On Thu, Aug 22, 2019 at 05:38:18PM +1000, Brian May wrote:
> On Wed, Aug 14, 2019 at 11:16:50AM +, Holger Levsen wrote:
> > ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories --mode DLA  
> > 2>&1
> > ERROR: .data or .wml file missing for DLA 1885-1
> > ERROR: .data or .wml file missing for DLA 1884-1
> > ERROR: .data or .wml file missing for DLA 1879-1
> > ERROR: .data or .wml file missing for DLA 1877-1
> > ERROR: .data or .wml file missing for DLA 1871-1
> > ERROR: .data or .wml file missing for DLA 1846-2
> > ERROR: .data or .wml file missing for DLA 1833-2
> > ERROR: .data or .wml file missing for DLA 1784-1
> > ERROR: .data or .wml file missing for DLA 607-1
> > ERROR: .data or .wml file missing for DLA 567-1
> > ERROR: .data or .wml file missing for DLA 377-1
> > ERROR: .data or .wml file missing for DLA 267-1
> > ERROR: .data or .wml file missing for DLA 115-2
> > ERROR: .data or .wml file missing for DLA 145-2
> 
> I believe all of these have now been resolved.

the script disagrees on DLA 607-1 and 377-1 and indeed
https://www.debian.org/lts/security/2016/dla-607 does not exist.
while https://www.debian.org/lts/security/2016/dla-377 does (which
matches debian-www.git)

do you know what's up with DLA-607?


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#936041: Add dependency for gnome-session

2019-08-29 Thread darkdragon 
Package: gnome-control-center
Version: 3.33.90

Please add a dependency to gnome-session to gnome-control-center in
reference to the upstream discussion at
https://gitlab.gnome.org/GNOME/gnome-control-center/issues/651

Bug#935475: [pkg-tasktools] Bug#935475: powerline-taskwarrior: diff for NMU version 0.7.2-1.1

2019-08-29 Thread Iain Learmonth 
Hi,

On 23/08/2019 01:04, Sandro Tosi wrote:
> I've prepared an NMU for powerline-taskwarrior (versioned as 0.7.2-1.1) and
> uploaded it to DELAYED/10. Please feel free to tell me if I
> should delay it longer.

Ack. The Python 2 support was previously required for vim but I see that
Vim now builds with Python 3. No issues from me.

Feel free to let it float through DELAYED or just upload to unstable.

Thanks,
Iain. (as maintainer)



signature.asc
Description: OpenPGP digital signature

Bug#936035: xfwm4: fails to load due to missing libxfconf-0.so.2

2019-08-29 Thread Yves-Alexis Perez 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2019-08-29 at 17:31 +0700, Theppitak Karoonboonyanan wrote:
> Package: xfwm4
> Version: 4.14.0-1
> Severity: serious
> Justification: Policy 3.5
> 
> Dear Maintainer,
> 
> xfwm4 fails to start:
> 
> $ xfwm4
> xfwm4: error while loading shared libraries: libxfconf-0.so.2: cannot
> open shared object file: No such file or directory
> $ ldd /usr/bin/xfwm4 | grep libxfconf
> libxfconf-0.so.3 => /usr/lib/x86_64-linux-gnu/libxfconf-0.so.3
> (0x7f74ba2f5000)
> libxfconf-0.so.2 => not found
> $
> 
> Fortunately, installing libxfconf-0-2 does make it load successfully,
> but it's not listed as a dependency.
> 
> Actually, this bug can be grave (rendering the package unusable)
> when libxfconf-0-2 is faded out.

Hi,

xfwm4 4.14.0-1 (in sid and unstable) is only linked against libxfconf-0.3, not
libxfconf-0.2, so it's definitely not where the problem lies. Xfce 4.14 just
migrated to testing so that could explain your issue (which is likely
transient), but it shouldn't have happened anyway.

Can you install the pax-utils package (and only that package, please try not
to upgrade anything else) and give us the output of lddtree (so we have an
idea from where exactly the link comes from). My guess would be libxfce4ui, so
if you could give us the output of dpkg -l |grep libxfce4ui in the same reply
it'd be nice.

Regards,
- -- 
Yves-Alexis
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl1nthwACgkQ3rYcyPpX
RFtJdggAwHZABAc+x8sq0L8u6uihUu74OJZkJkqZMNbImDBrpc/e8hrvDFwJBOrN
uU/o83cFnsG+gUzyZCGJEuID8QbY+GsTmHCPzTGBScK2sSV7igpJgkBDH7JR7GQd
SOGloR8ui4tkWXAxYHVs640FGMmnc6wDmuLfewWtF85unSUJKY/hILEO3S4Ew32o
g5E2fsyPeJ3Rxbv01IQmDg3OwMW/MkdWOOaCZxWSbfTD7BGHayFXVdZacGJrSMVW
ao3qC6XoGHjR9rc0thHRTNORcEidcnHP8fjWa+AVnCDPv2WX2EomiCPTqy1pBoRk
eE47hTHBrZEjujPBwWJJZFvJxfRhZg==
=xCEb
-END PGP SIGNATURE-

Bug#936042: Assertion `vao_formats.count(key) == 0' failed.

2019-08-29 Thread Arturo Borrero Gonzalez 
Package: kdenlive
Version: 19.08.0-1
Severity: normal
Tags: upstream

Dear maintainer,

thanks for your hard work with this package, it's really appreciated.

Today my kdenlive app crashed doing a normal operation like dragging a clip
into the timeline and then trying to playback the timeline.

Trace I got by running kdenlive from the terminal:

[...]
QPoint(0,312)
MUTEX LOCK setmodel
MUTEX UNLOCK setmodel
MUTEX LOCK loadEffects: 
// UPDATING PROJECT FILES
--
---
// UPDATING PROJECT FILES
--
---
QPoint(0,612)
MUTEX LOCK setmodel
MUTEX UNLOCK setmodel
MUTEX LOCK loadEffects: 
qml: dropped data:  5
requestClipInsertion  "5" 13   597
requestClipCreation  "5"
 // /REQUEST TL CLP REGSTR:  22 

CLIPS COUNT:  12
REGISTRATION  22 ptr count 5
// GOT CLIP STACK DATA CHANGE:  QVector(298)
qml: keyframe model changed
qml: loaded clip:  597 , ID:  22 , index:  0 , TYPE: AV
CLIP HAS A+V:  true
CREATING SPLIT  1  usetargets false
requestClipCreation  "5"
 // /REQUEST TL CLP REGSTR:  23 

CLIPS COUNT:  13
REGISTRATION  23 ptr count 5
// GOT CLIP STACK DATA CHANGE:  QVector(298)
-

INSERTION FAILED, REVERTING

---
 ** * DEREGISTERING TIMELINE CLIP:  23
 ** * DEREGISTERING TIMELINE CLIP:  22
org.kde.knotifications: Audio notification requested, but sound file from 
notifyrc file was not found, aborting audio notification
requestClipInsertion  "5" 8   659
requestClipCreation  "5"
 // /REQUEST TL CLP REGSTR:  24 

CLIPS COUNT:  12
REGISTRATION  24 ptr count 5
// GOT CLIP STACK DATA CHANGE:  QVector(298)
qml: keyframe model changed
qml: loaded clip:  659 , ID:  24 , index:  1 , TYPE: AV
CLIP HAS A+V:  true
CREATING SPLIT  3  usetargets false
requestClipCreation  "5"
 // /REQUEST TL CLP REGSTR:  25 

CLIPS COUNT:  13
REGISTRATION  25 ptr count 5
// GOT CLIP STACK DATA CHANGE:  QVector(298)
// EFFECT  0  :  deinterlace
// EFFECT  1  :  fieldorder
// EFFECT  2  :  movit.crop
// EFFECT  3  :  movit.resample
// EFFECT  4  :  movit.resize
// EFFECT  5  :  swresample
// EFFECT  6  :  resample
// EFFECT  7  :  data_feed
// EFFECT  8  :  movit.convert
// EFFECT  9  :  avcolor_space
// EFFECT  10  :  audioconvert
qml: keyframe model changed
qml: loaded clip:  659 , ID:  25 , index:  2 , TYPE: AV
 ** * DEREGISTERING TIMELINE CLIP:  25
 ** * DEREGISTERING TIMELINE CLIP:  24
requestClipInsertion  "5" 8   724
requestClipCreation  "5"
 // /REQUEST TL CLP REGSTR:  27 

CLIPS COUNT:  12
REGISTRATION  27 ptr count 5
// GOT CLIP STACK DATA CHANGE:  QVector(298)
// EFFECT  0  :  deinterlace
// EFFECT  1  :  fieldorder
// EFFECT  2  :  movit.crop
// EFFECT  3  :  movit.resample
// EFFECT  4  :  movit.resize
// EFFECT  5  :  swresample
// EFFECT  6  :  resample
// EFFECT  7  :  data_feed
// EFFECT  8  :  movit.convert
// EFFECT  9  :  avcolor_space
// EFFECT  10  :  audioconvert
qml: keyframe model changed
qml: loaded clip:  724 , ID:  27 , index:  1 , TYPE: AV
CLIP HAS A+V:  true
CREATING SPLIT  3  usetargets false
requestClipCreation  "5"
 // /REQUEST TL CLP REGSTR:  28 

CLIPS COUNT:  13
REGISTRATION  28 ptr count 5
// GOT CLIP STACK DATA CHANGE:  QVector(298)
qml: keyframe model changed
qml: loaded clip:  724 , ID:  28 , index:  2 , TYPE: AV
kdenlive: resource_pool.cpp:618: GLuint 
movit::ResourcePool::create_vec2_vao(const std::set&, GLuint): Assertion 
`vao_formats.count(key) == 0' failed.
Aborted



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kdenlive depends on:
ii  ffmpeg 7:4.1.4-1+b2
ii  kded5  5.54.0-1
ii  kdenlive-data  19.08.0-1
ii  kinit  5.54.0-1
ii  kio5.54.1-1
ii  kpackagetool5  5.54.0-1
ii  libc6  2.28-10
ii  libgcc11:9.2.1-4
ii  libkf5archive5 5.54.0-1
ii  libkf5attica5  5.54.0-1
ii  libkf5auth55.54.0-2
ii  libkf5bookmarks5   5.54.0-1
ii  libkf5codecs5  5.54.0-1
ii  libkf5completion5  5.54.0-1
ii  libkf5configcore5  5.54.0-2
ii  libkf5configgui5   5.54.0-2
ii  libkf5configwidgets5   5.54.0-1
ii  libkf5coreaddons5  5.54.0-1
ii  libkf5crash5   5.54.0-1
ii  libkf5dbusaddons5  5.54.0-1
ii  libkf5declarative5

Bug#934038: ASSERT: "mImg == qImg->constBits()" in file common.cpp, line 63

2019-08-29 Thread Arturo Borrero Gonzalez 
Control: fixed -1 19.08.0-1

On Fri, 16 Aug 2019 10:50:54 +0200 =?UTF-8?Q?Patrick_Matth=c3=a4i?=
 wrote:
> 
> can you please test 19.08.0-1 in unstable again (just uploaded right now)?
> 

Hi,

I was not able to reproduce the issue in 19.08.0-1, so I guess it is fixed :-)

thanks!

Bug#936043: ITP: gitbatch -- Manage git repositories in one place

2019-08-29 Thread Dawid Dziurla 
Package: wnpp
Severity: wishlist
Owner: Dawid Dziurla 

* Package name: gitbatch
  Version : 0.5.0-1
  Upstream Author : Ibrahim Serdar Acikgoz
* URL : https://github.com/isacikgoz/gitbatch
* License : Expat
  Programming Lang: Go
  Description : Manage git repositories in one place

 Managing multiple git repositories is easier than ever. Often one would end
 up working on many directories and manually pulling updates etc. To make
 this routine faster, gitbatch was created, a simple tool to handle this job.
 Although the focus is batch jobs, one can still do de facto micro management of
 git repositories (e.g add/reset, stash, commit etc.)

Useful tool for managing multiple git repositiories at once.
Does not need additional dependencies, only those already in archive.

Bug#934587: [Pkg-rust-maintainers] Bug#934587: Bug#934587: fd-find: shell completion does not work

2019-08-29 Thread Paride Legovini 
Sylvestre Ledru wrote on 29/08/2019:
> Le 29/08/2019 à 11:31, Florent Lévigne a écrit :
>> Hello,
>>
>> Thanks for the update, but the completion does not work (tested in zsh
>> and bash).
>> It must be because of the executable name in Debian (fdfind and not fd).
> Yeah, I will add symlinks for fix that, sorry :/

Symlinking is probably not a good idea, as the completions for 'fd'
would then (wrongly) work for the 'fd' binary from the fdclone package.
I think we need to rename the completion files.

Too bad fdfind chose a binary name that was already taken :(

Paride

Bug#934810: aspell 0.60.7 available

2019-08-29 Thread Sebastien Bacher 
Ah ok, thanks for the details!

Cheers,

Le 29/08/2019 à 13:39, Agustin Martin a écrit :
> Hi,
>
> Should have put it clearer in the changelog. It contains a fix for #935128
> [aspell: potentially unbounded buffer over-read in GNU Aspell 0.60.*] that
> may break applications that use null-terminated UCS-2 or UCS-4 strings with
> the C API.
>
> I uploaded it to experimental for those apps to have a chance to check if
> they are affected and be ready for the actual sid upload. I warned pdo
> adresses about this.
>
> Regards,
>
> --

Bug#936044: RM: libgeotiff-epsg -- ROM; Obsolete

2019-08-29 Thread Bas Couwenberg 
Package: ftp.debian.org
Severity: normal

Please remove libgeotiff-epsg from the archive, it's obsolete with the
transition to PROJ 6.

Kind Regards,

Bas

Bug#936045: After update to 12.99.2-1 the bt headset's microphone is not detected

2019-08-29 Thread Dietz Proepper 
Package: pulseaudio
Version: 12.2-4
Severity: important

As in the Subject: after upgrading, my headset's microphone is not detected
(means, does not show up in volume control and records no sound.)

Downgrading everything to 12.2-4 (12.2-5 might work, too, did not check) solves 
the issue
for me.

-- Package-specific info:
File '/etc/default/pulseaudio' does not exist


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.8 (SMP w/8 CPU cores; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pulseaudio depends on:
ii  adduser  3.118
ii  libasound2   1.1.8-1
ii  libasound2-plugins   1:1.1.8-dmo1
ii  libc62.28-10
ii  libcap2  1:2.25-2
ii  libdbus-1-3  1.12.16-1
ii  libgcc1  1:9.2.1-6
ii  libice6  2:1.0.9-2
ii  libltdl7 2.4.6-11
ii  liborc-0.4-0 1:0.4.28-3.1
ii  libpulse012.2-4
ii  libsm6   2:1.2.3-1
ii  libsndfile1  1.0.28-6
ii  libsoxr0 0.1.2-3
ii  libspeexdsp1 1.2~rc1.2-1+b2
ii  libstdc++6   9.2.1-6
ii  libsystemd0  242-4
ii  libtdb1  1.3.16-2+b1
ii  libudev1 242-4
ii  libwebrtc-audio-processing1  0.3-1+b1
ii  libx11-6 2:1.6.7-1
ii  libx11-xcb1  2:1.6.7-1
ii  libxcb1  1.13.1-2
ii  libxtst6 2:1.2.3-1
ii  lsb-base 11.1.0
ii  pulseaudio-utils 12.2-4

Versions of packages pulseaudio recommends:
ii  dbus-user-session  1.12.16-1
ii  libpam-systemd 242-4
ii  rtkit  0.12-4

Versions of packages pulseaudio suggests:
pn  paman
pn  paprefs  
pn  pavucontrol  
pn  pavumeter
ii  udev 242-4

-- no debconf information
# This file is part of PulseAudio.
#
# PulseAudio is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PulseAudio is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with PulseAudio; if not, see .

## Configuration file for PulseAudio clients. See pulse-client.conf(5) for
## more information. Default values are commented out.  Use either ; or # for
## commenting.

; default-sink =
; default-source =
; default-server =
; default-dbus-server =

; autospawn = yes
; daemon-binary = /usr/bin/pulseaudio
; extra-arguments = --log-target=syslog

; cookie-file =

; enable-shm = yes
; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 
MiB

; auto-connect-localhost = no
; auto-connect-display = no
# This file is part of PulseAudio.
#
# PulseAudio is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PulseAudio is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with PulseAudio; if not, see .

## Configuration file for the PulseAudio daemon. See pulse-daemon.conf(5) for
## more information. Default values are commented out.  Use either ; or # for
## commenting.

; daemonize = no
; fail = yes
; allow-module-loading = yes
; allow-exit = yes
; use-pid-file = yes
; system-instance = no
; local-server-type = user
; enable-shm = yes
; enable-memfd = yes
; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 
MiB
; lock-memory = no
; cpu-limit = no

; high-priority = yes
; nice-level = -11

; realtime-scheduling = yes
; realtime-priority = 5

; exit-idle-time = 20
; scache-idle-time = 20

; dl-search-path = (depends on architecture)

; load-default-script-file = yes
; default-script-file = /etc/pulse/default.pa

; log-target = auto
; log-level = notice
; log-meta = no
; log-time = no
; log-backtra

Bug#936046: python3-pyqt5: does not depends on matching qtbase-abi

2019-08-29 Thread Duck 
Package: python3-pyqt5
Version: 5.12.3+dfsg-1


Quack,

I needed the QT5 version in experimental for some reason. Now i'd like
to install python3-pyqt5 but is still depend on qtbase-abi-5-11-3.

As it follows the same exact version as QT core I guess it's meant to
work together. Maybe I'm wrong but it would make things easier if these
experimental package would be installable together.

Regards.
\_o<




signature.asc
Description: OpenPGP digital signature

Bug#934810: aspell 0.60.7 available

2019-08-29 Thread Agustin Martin 
On Thu, Aug 29, 2019 at 12:56:35PM +0200, Sebastien Bacher wrote:
> Thanks for the update Agustin.
> 
> I'm curious of what problem you saw/expect and on the reason it went to
> experimental? Is there anything desktop environments/applications should
> we watching for to make sure the new version is no creating problems
> (I'm asking from a GNOME maintainer perspective)?

Hi,

Should have put it clearer in the changelog. It contains a fix for #935128
[aspell: potentially unbounded buffer over-read in GNU Aspell 0.60.*] that
may break applications that use null-terminated UCS-2 or UCS-4 strings with
the C API.

I uploaded it to experimental for those apps to have a chance to check if
they are affected and be ready for the actual sid upload. I warned pdo
adresses about this.

Regards,

-- 
Agustin

Bug#936047: firewalld: missing intltool dependency on testsuite?

2019-08-29 Thread Gianfranco Costamagna 
Source: firewalld
Version: 0.7.1-1
Severity: important
tags: patch

Hello, I would like to request you a little fix on your package if possible.

Add intltool to debian/tests/control.

In some environment, automake --refresh is run before tests to recreate the 
needed files, and fails because of missing intltool
(probably it is comparing the date of the files and the system one, to decide 
if there is need to recreate or not, I don't know)

diff -Nru firewalld-0.7.1/debian/tests/control 
firewalld-0.7.1/debian/tests/control
--- firewalld-0.7.1/debian/tests/control2019-07-23 00:18:50.0 
+0200
+++ firewalld-0.7.1/debian/tests/control2019-07-29 23:56:18.0 
+0200
@@ -4,6 +4,7 @@
  python3-dbus,
  python3-gi,
  automake,
+ intltool,
  nftables,
  ipset,
  iptables,


please have a look and apply if possible!

Thanks

Gianfranco

Bug#935798: [Pkg-utopia-maintainers] Bug#935798: firewalld: patches from Ubuntu (test fixes and ebtables Recommendation)

2019-08-29 Thread Gianfranco Costamagna 
 Hello Michael, Laurent
>> -Recommends: ipset
>> +Recommends: ebtables (>= 2.0.10.4-3.1~),
>> +            ipset
>
>Please see #918470
>
>I dropped the ebtables Recommends as it was explicitly requested.
>
>Can you discuss that with Laurent and whatever the outcome I'm happy to
>apply the result.

Not needed, it is clear now,
I got tricked by the debian/tests/control ebtables dependency... but looks like 
without that dependency the full testsuite fails... 51: direct ebtables 
FAILED (firewall-cmd.at:825)
106: direct ebtables FAILED 
(firewall-cmd.at:825)
maybe the ebtables implementation inside iptables is not good enough for the 
above two tests?see: e.g. 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-eoan/eoan/amd64/f/firewalld/20190829_100327_ff88f@/log.gz
Gianfranco

Bug#930363: faad2: fix build with gcc-9 [patch]

2019-08-29 Thread Hugo Lefeuvre 
Hi Gianfranco,

On Thu, Aug 29, 2019 at 07:43:15AM +0200, Gianfranco Costamagna wrote:
> control: severity -1 serious
> On Tue, 11 Jun 2019 15:06:01 +0200 Gianfranco Costamagna 
>  wrote:
> > Source: faad2
> > Version: 2.8.8-3
> > Severity: normal
> > tags: patch
> > 
> > Hello, looks like gcc-9 is adding wl,asneeded flag in compilation, so libs
> > passed as CFLAGS are not correctly used by gcc anymore, because only LIBS
> > is added at the end of the compilation line.
> > 
> > The following patch fixes the issue, and starts then using again the glib
> > implementation of the library.  (without the patch, the bundled version is
> > used everywhere, and the build fails only on i386 because of an
> > implementation mismatch of a long/int data type)
> > 
> > I reported the patch already upstream
> > https://sourceforge.net/p/faac/bugs/242/
> > patch: 
> > http://launchpadlibrarian.net/427773869/faad2_2.8.8-3_2.8.8-3ubuntu1.diff.gz
> 
> Now this bug is RC, and preventing CVE fixes from Migration.
> Hugo, can you please reupload with the Ubuntu patch?
> https://launchpad.net/ubuntu/+source/faad2/2.8.8-3.1ubuntu1
> I rebased it with the upstream version

Fabian (faad2 maintainer and upstream), do you want to handle this?

Otherwise I can NMU a second time with this patch.

cheers,
Hugo

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C


signature.asc
Description: PGP signature

Bug#936021: Please add "mountd 20048" to "/etc/services"

2019-08-29 Thread Tom H 
Sorry, I hadn't read the top of "/etc/services". I'd simply grepped for 20048.

20048 has been IANA's mountd port since 2010 or 2011. Having that line
included means that "rpc.mountd" uses that port and someone seting up
nfs can configure iptables without having to define a random fixed
port. Debian and Slackware recommend 32767 (which is assigned by IANA
to some obscure thing).

Furthermore, if you use firewalld and run "firewall-cmd [--permanent]
--add-service=mountd", port 20048'll be opened in your firewall, as
can be seen in "/usr/lib/firewalld/services/mountd.xml". ufw also uses
"services" but I don't know whether it defines a mountd one.

Thanks

Bug#936046: python3-pyqt5: does not depends on matching qtbase-abi

2019-08-29 Thread Dmitry Shachnev 
Hi Marc!

On Thu, Aug 29, 2019 at 08:52:08PM +0900, Marc Dequènes wrote:
> Quack,
>
> I needed the QT5 version in experimental for some reason. Now i'd like
> to install python3-pyqt5 but is still depend on qtbase-abi-5-11-3.
>
> As it follows the same exact version as QT core I guess it's meant to
> work together. Maybe I'm wrong but it would make things easier if these
> experimental package would be installable together.

That happens because I did not bump the build-dependency on Qt, so the
buildds picked up Qt from unstable (and not from experimental) when building
PyQt5.

My plan is to upload PyQt 5.12 to unstable in the next few days, and upload
Qt 5.12 to unstable after 5.12.5 is released (and the release team gives us
a transition slot).

So at this point you just have to wait.

--
Dmitry Shachnev


signature.asc
Description: PGP signature

Bug#936021: Please add "mountd 20048" to "/etc/services"

2019-08-29 Thread Marco d'Itri 
On Aug 29, Tom H  wrote:

> 20048 has been IANA's mountd port since 2010 or 2011. Having that line
> included means that "rpc.mountd" uses that port and someone seting up
> nfs can configure iptables without having to define a random fixed
> port. Debian and Slackware recommend 32767 (which is assigned by IANA
> to some obscure thing).
I think that it would be confusing to add this to /etc/services since 
this port is not actually used in practice: by default mountd uses an 
ephemeral port, and documentation suggests to use something else.

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Bug#936048: pinentry: please mark as Multi-Arch: foreign

2019-08-29 Thread Yuriy M. Kaminskiy 
Source: pinentry
Version: 1.0.0-2
Severity: normal
Tags: patch

Dear Maintainer,

As pinentry-* packages provide arch-independent service (text protocol over
stdin/out), please mark them as Multi-Arch: foreign.
Trivial patch (against buster, applicable with fuzz to bullseye) attached.

-- System Information:
Debian Release: 9.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 
'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500, 
'oldstable-debug'), (500, 'oldstable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 4.9.0-10-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R), 
LANGUAGE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru pinentry-1.1.0/debian/control pinentry-1.1.0/debian/control
--- pinentry-1.1.0/debian/control   2019-04-17 21:38:06.0 +0300
+++ pinentry-1.1.0/debian/control   2019-08-29 15:00:02.0 +0300
@@ -28,6 +28,7 @@
 
 Package: pinentry-curses
 Architecture: any
+Multi-Arch: foreign
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
@@ -56,6 +57,7 @@
 
 Package: pinentry-tty
 Architecture: any
+Multi-Arch: foreign
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
@@ -84,6 +86,7 @@
 
 Package: pinentry-qt
 Architecture: any
+Multi-Arch: foreign
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
@@ -108,6 +111,7 @@
 
 Package: pinentry-qt4
 Architecture: all
+Multi-Arch: foreign
 Depends:
  pinentry-qt (>= ${binary:Version}),
  ${misc:Depends},
@@ -148,6 +152,7 @@
 
 Package: pinentry-fltk
 Architecture: any
+Multi-Arch: foreign
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
@@ -175,6 +180,7 @@
 
 Package: pinentry-gnome3
 Architecture: any
+Multi-Arch: foreign
 Depends:
  gcr,
  ${misc:Depends},
@@ -207,6 +213,7 @@
 Package: pinentry-doc
 Section: doc
 Architecture: all
+Multi-Arch: foreign
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},

Bug#934038: ASSERT: "mImg == qImg->constBits()" in file common.cpp, line 63

2019-08-29 Thread Arturo Borrero Gonzalez 
Control: reopen -1
Control: notfixed -1 19.08.0-1

On Thu, 29 Aug 2019 13:26:05 +0200 Arturo Borrero Gonzalez 
wrote:
> Control: fixed -1 19.08.0-1
> 
> On Fri, 16 Aug 2019 10:50:54 +0200 =?UTF-8?Q?Patrick_Matth=c3=a4i?=
>  wrote:
> > 
> > can you please test 19.08.0-1 in unstable again (just uploaded right now)?
> > 
> 
> Hi,
> 
> I was not able to reproduce the issue in 19.08.0-1, so I guess it is fixed :-)
> 

No luck :-(

I just got the exact same assert. This is the trace I got by running kdenlive in
the terminal:


[...]
/// requestAddBinClip "-1"
/// found id "25"
/// constructed
/// added  true
### JOB finished 48
### loadjob COMMIT
### ProjectClip::setproducer
### ClipController::updateProducer
### ClipController::addmasterproducer
QPainter::begin: Paint device returned engine == 0, type: 3
QPainter::setRenderHint: Painter must be active to set rendering hints
QPainter::save: Painter not active
QPainter::setClipRect: Painter not active
QPainter::setWorldTransform: Painter not active
QPainter::opacity: Painter not active
QPainter::worldTransform: Painter not active
QPainter::setWorldTransform: Painter not active
QPainter::save: Painter not active
QPainter::setOpacity: Painter not active
QPainter::setPen: Painter not active
QPainter::setBrush: Painter not active
QPainter::drawRects: Painter not active
QPainter::restore: Unbalanced save/restore
QPainter::setWorldTransform: Painter not active
QPainter::save: Painter not active
QPainter::setOpacity: Painter not active
QPainter::setRenderHint: Painter must be active to set rendering hints
QPainter::restore: Unbalanced save/restore
QPainter::setWorldTransform: Painter not active
QPainter::save: Painter not active
QPainter::setOpacity: Painter not active
QPainter::fillPath: Painter not active
QPainter::restore: Unbalanced save/restore
QPainter::setWorldTransform: Painter not active
QPainter::save: Painter not active
QPainter::setOpacity: Painter not active
QPainter::fillPath: Painter not active
QPainter::restore: Unbalanced save/restore
QPainter::setWorldTransform: Painter not active
QPainter::setOpacity: Painter not active
QPainter::restore: Unbalanced save/restore
QPainter::end: Painter not active, aborted
ASSERT: "mImg == qImg->constBits()" in file common.cpp, line 63
Aborted

I happened when I was trying to create a Title Clip. I created it (simple black
background with some white string) and pressed the OK button and the crash
happened immediately.

Bug#934587: [Pkg-rust-maintainers] Bug#934587: Bug#934587: Bug#934587: fd-find: shell completion does not work

2019-08-29 Thread Sylvestre Ledru 

Le 29/08/2019 à 13:43, Paride Legovini a écrit :

Sylvestre Ledru wrote on 29/08/2019:

Le 29/08/2019 à 11:31, Florent Lévigne a écrit :

Hello,

Thanks for the update, but the completion does not work (tested in zsh
and bash).
It must be because of the executable name in Debian (fdfind and not fd).

Yeah, I will add symlinks for fix that, sorry :/


Symlinking is probably not a good idea, as the completions for 'fd'
would then (wrongly) work for the 'fd' binary from the fdclone package.
I think we need to rename the completion files.

yeah, right :'(



Too bad fdfind chose a binary name that was already taken :(

Or that the Debian policy on this point is dumb :)

S

Bug#935775: libcwidget4: should not ship files conflicting with libcwidget3v5

2019-08-29 Thread Manuel A. Fernandez Montecelo 
Control: tags -1 + pending


Hi Sven,

Em seg, 26 de ago de 2019 às 20:33, Sven Joachim  escreveu:
> On 2019-08-26 07:55 +0200, Sven Joachim wrote:
>
> > Package: libcwidget4
> > Version: 0.5.18-3
> >
> > The libcwidget4 package ships its translations under
> > /usr/share/locale/*/LC_MESSAGES/libcwidget3.mo.  This is bad, because
> > these files conflict with the ones from libcwidget3v5, they should be
> > named /usr/share/locale/*/LC_MESSAGES/libcwidget4.mo instead.
> >
> > See bug #655689[1] for the initial discussion about including the soname in
> > the translation file names, and why these are currently called
> > libcwidget3.mo rather than just libcwidget.mo.
>
> Attached is a patch against the master branch in cwidget-upstream which
> takes care of that, I have not looked what it would take to apply it to
> the Debian packaging.

Thanks for the fix and the explanations.

> Having to change three files for an SONAME bump is not great.  Another
> option would be to set the domain back to 'cwidget' and ship the
> translations in their own package, say libcwidget-l10n.  Then both
> libcwidget4 and a later libcwidget5 package could declare a relationship
> to libcwidget-l10n, probably Recommends.

There's been only this one SONAME change in the last decade or so, so
I think that we're fine with the current method :)

So I will upload this during the afternoon, thanks for the help.

-- 
Manuel A. Fernandez Montecelo

Bug#936049: metview: missing libopenmpi-dev dependency?

2019-08-29 Thread Gianfranco Costamagna 
Source: odb-api
Version: 0.18.1-6
Severity: serious
tags: patch

Hello, looks like for some reasons eckit in Ubuntu fails to see the include 
directory for openmpi, because it simply doesn't exist

adding libopenmpi-dev dependency to odb-api should fix the issue, bringing the 
directory back when cmake tries to find header files
/usr/lib/x86_64-linux-gnu/pkgconfig/odb.pc:ODB_CC=/usr/bin/cc -pthread 
-I/usr/lib/x86_64-linux-gnu/openmpi/include 
-I/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi -Wdate-time 
-D_FORTIFY_SOURCE=2 -pipe -fopenmp -fPIC -I${prefix}/include
/usr/lib/x86_64-linux-gnu/cmake/odb/odb-import.cmake:set(ODB_ENVIRONMENT 
"ODB_ROOT=/usr;ODB_SYSPATH=/usr/include;ODB_BINPATH=/usr/bin;ODB_BEBINPATH=/usr/bin;ODB_FEBINPATH=/usr/bin;ODB_LIBPATH=/usr/lib;ODB_RTABLE_PATH=/usr/share/odb;ODB_SYSDBPATH=/usr/share/odb;ODB_CC=/usr/bin/cc
 -pthread -I/usr/lib/x86_64-linux-gnu/openmpi/include 
-I/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi -Wdate-time 
-D_FORTIFY_SOURCE=2 -pipe -fopenmp -fPIC 
-I/usr/include;ODB_F90=/usr/bin/gfortran -g -O2 
-fdebug-prefix-map=/build/odb-api=. -fstack-protector-strong -fopenmp -fPIC 
-ffree-line-length-none -I/usr/include -I/usr/module 
-I/usr/odb/module;ODB_COMPILER=/usr/bin/odb98.x -V 
-O3;ODB_COMPILER_FLAGS=/usr/share/odb/odb98.flags;ODB_STATIC_LINKING=1;ODB_LD_SHARED=none;ODB_LD_SHARED_SFX=.so;ODB_IOASSIGN_MAXPROC=32;ODB_IOASSIGN_PARAMS=-r
 1m -w 
1m;ODB_AR=/usr/bin/ar;ODB_GZIP=/bin/gzip;ODB_GUNZIP=/bin/gunzip;ODB_SETUP_SHELL=/bin/sh")

it looks like used and needed


snip of the failing log:

-- The following OPTIONAL packages have not been found:

 * Git
 * fckit (required version >= 0.6.2)
 * transi (required version >= 0.4.4)
 * CGAL
 * gridtools_storage

-- ENABLE_EXPOSE_SUBPACKAGES is On:
-- All packages in the bundle will be installed at the same level into:
--   /usr
-- Configuring done
CMake Error in atlas/src/atlas/CMakeLists.txt:
  Imported target "eckit_mpi" includes non-existent path

"/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi"

  in its INTERFACE_INCLUDE_DIRECTORIES.  Possible reasons include:

  * The path was deleted, renamed, or moved to another location.

  * An install or uninstall procedure did not complete successfully.

  * The installation package was faulty and references files it does not
  provide.



CMake Error in atlas/src/atlas/CMakeLists.txt:
  Imported target "eckit_mpi" includes non-existent path

"/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi"

  in its INTERFACE_INCLUDE_DIRECTORIES.  Possible reasons include:

  * The path was deleted, renamed, or moved to another location.

  * An install or uninstall procedure did not complete successfully.

  * The installation package was faulty and references files it does not
  provide.


trivial patch here:
https://launchpad.net/ubuntu/+source/odb-api/0.18.1-6ubuntu1

Gianfranco

Bug#936050: please add systemctl daemon-reload hint to /etc/fstab

2019-08-29 Thread Marc Haber 
Package: debian-installer
Severity: minor

Hi,

I haven't found any mention of /etc/fstab in my /var/lib/dpkg/info/* and
therefore I believe that /etc/fstab is initially created by the
Installer and not managed by any package during the lifetime of a
system. Please feel free to reassign if filing this against the
Installer was not the right thing to do.

systemd upstream says on systemd-devel, that "well-meaning
distributions would most likely include a comment" in /etc/fstab,such as
Fedora does:


# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.


I think we should have this as well.

Greetings
Marc

Bug#860753: konsole: 'screen' can not use the konsole scrollback buffer

2019-08-29 Thread Cyrille Berger 
On Wed, 19 Apr 2017 21:26:23 +0300 Delian Krustev  wrote:
> Package: konsole
> Version: 4:16.12.0-1
> Severity: normal
> 
> 'screen' is supposed to use the konsole scrollback buffer when /etc/screenrc 
> (or ~/.screenrc) is updated with:
> 
>   termcapinfo xterm|xterms|xs|rxvt ti@:te@
> 
> It has been working for me on all hosts until this Stretch install.
> I've tested it with 'xterm' and it works fine with it.
> 
> Or maybe I am missing a newly introduced konsole config option ?

It should now be:

termcapinfo xterm*|xterms|xs|rxvt ti@:te@

-- 
Cyrille Berger

Bug#936051: stretch-pu: package sdl-image1.2/1.2.12-5+deb9u2

2019-08-29 Thread Hugo Lefeuvre 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

sdl-image1.2 is affected by a number of security issues in stretch. Impact is
quite minor, but it would still be nice to get them fixed.

Attached is a debdiff addressing most of them for stretch.

libsdl2-image 2.0.4+dfsg1+deb10u1 and 2.0.1+dfsg-2+deb9u2 have already been
accepted in stretch-pu and buster-pu, those are the same issues and the same
patches.

(I initially intended to submit -pu requests for both sdl-image1.2 and libsdl2
at the same time, but for a number of reasons sdl-image1.2 was delayed)

thanks!

cheers,
Hugo

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
diff -Nru sdl-image1.2-1.2.12/debian/changelog sdl-image1.2-1.2.12/debian/changelog
--- sdl-image1.2-1.2.12/debian/changelog	2018-04-15 11:54:38.0 -0400
+++ sdl-image1.2-1.2.12/debian/changelog	2019-08-29 08:28:17.0 -0400
@@ -1,3 +1,16 @@
+sdl-image1.2 (1.2.12-5+deb9u2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2018-3977: buffer overflow in do_layer_surface (IMG_xcf.c).
+  * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c.
+  * CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c).
+  * CVE-2019-12216, CVE-2019-12217,
+CVE-2019-12218, CVE-2019-12219,
+CVE-2019-12220, CVE-2019-12221,
+CVE-2019-1, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c).
+
+ -- Hugo Lefeuvre   Thu, 29 Aug 2019 08:28:17 -0400
+
 sdl-image1.2 (1.2.12-5+deb9u1) stretch-security; urgency=high
 
   * Backport various security fixes:
diff -Nru sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch
--- sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch	1969-12-31 19:00:00.0 -0500
+++ sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch	2019-08-29 08:26:26.0 -0400
@@ -0,0 +1,19 @@
+Description: Fix potential buffer overflow on corrupt or maliciously-crafted XCF file.
+ This patch bundles two fixes, the original one for CVE-2018-3977
+ (TALOS-2018-0645) which is actually broken, and the followup patch
+ (TALOS-2019-0842).
+Author: Ryan C. Gordon 
+Origin: upstream, https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
+  https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
+--- a/IMG_xcf.c	2019-07-23 11:56:35.733259428 -0300
 b/IMG_xcf.c	2019-07-23 11:57:55.036947079 -0300
+@@ -634,6 +634,9 @@
+   p16 = (Uint16 *) p8;
+   p   = (Uint32 *) p8;
+   for (y=ty; y < ty+oy; y++) {
++	if ((y >= surface->h) || ((tx+ox) > surface->w)) {
++		break;
++	}
+ 	row = (Uint32 *)((Uint8 *)surface->pixels + y*surface->pitch + tx*4);
+ 	switch (hierarchy->bpp) {
+ 	case 4:
diff -Nru sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch
--- sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch	1969-12-31 19:00:00.0 -0500
+++ sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch	2019-08-29 08:26:26.0 -0400
@@ -0,0 +1,83 @@
+Description: fix heap buffer overflow issue in IMG_pcx.c
+ Issue known as TALOS-2019-0841, CVE-2019-12218.
+Author: Sam Lantinga 
+Origin: upstream, https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
+--- a/IMG_pcx.c	2019-07-23 11:28:25.847897628 -0300
 b/IMG_pcx.c	2019-07-23 11:43:07.748441381 -0300
+@@ -100,6 +100,8 @@
+ 	Uint8 *row, *buf = NULL;
+ 	char *error = NULL;
+ 	int bits, src_bits;
++	int count = 0;
++	Uint8 ch;
+ 
+ 	if ( !src ) {
+ 		/* The error message has been set in SDL_RWFromFile */
+@@ -148,14 +150,14 @@
+ 	bpl = pcxh.NPlanes * pcxh.BytesPerLine;
+ 	if (bpl > surface->pitch) {
+ 		error = "bytes per line is too large (corrupt?)";
++		goto done;
+ 	}
+-	buf = calloc(SDL_max(bpl, surface->pitch), 1);
++	buf = (Uint8 *)SDL_calloc(surface->pitch, 1);
+ 	row = surface->pixels;
+ 	for ( y=0; yh; ++y ) {
+ 		/* decode a scan line to a temporary buffer first */
+-		int i, count = 0;
+-		Uint8 ch;
+-		Uint8 *dst = (src_bits == 8) ? row : buf;
++		int i;
++		Uint8 *dst = buf;
+ 		if ( pcxh.Encoding == 0 ) {
+ 			if(!SDL_RWread(src, dst, bpl, 1)) {
+ error = "file truncated";
+@@ -168,14 +170,15 @@
+ 		error = "file truncated";
+ 		goto done;
+ 	}
+-	if( (ch & 0xc0) == 0xc0) {
+-		count = ch & 0x3f;
++	if( ch < 0xc0) {
++		count = 1;
++	} else {
++		count = ch - 0xc0;
+ 		if(!SDL_RWread(src, &ch, 1, 1)) {
+ 			error = "file truncated";
+ 			goto done;
+ 		}
+-	} else
+-		count = 1;
++	}
+ }
+ dst[i] = ch;
+ count--;
+@@ -207,10 +210,16 @@
+ int x;
+ dst = row + plane;
+ for(x = 0; x < width; x++) {
++	if ( dst >= row+surface->pitch ) {
++		error = "decoding out of bounds (corrupt?)";
++		goto done;
++	}
+ 	*dst = *src++;
+ 	dst +=

Bug#935915: apt-cacher-ng: Extremely low transfer rate on LAN

2019-08-29 Thread Eduard Bloch 
tags 935915 +confirmed +notreproducible
thanks

Hallo,
* sixerjman [Tue, Aug 27 2019, 01:55:01PM]:
>Package: apt-cacher-ng
>Version: 3.2-2
>Severity: important
>
>Dear Maintainer,
>
>   * What led up to the situation?
>Very low transfer speed for clients on LAN
>   * What exactly did you do (or not do) that was effective (or
>     ineffective)?
>apt update / apt upgrade
>   * What was the outcome of this action?
>Approximately 1/10 transfer rate for packages which had been previously
>downloaded to the server (same architecture AMD64)
>   * What outcome did you expect instead?
>LAN speed equivalent to speed from direct download from same Debian mirror
>
>Attached is a compressed 'apt-cacher-ng.err' log of the apt update

thanks for the report but I still have no idea how to reproduce it. The
debug log looks quite normal.

What about CPU load? Your kernel is tainted, maybe some driver running
amok and consuming too many cycles?

Is there any rate limiting configured with kernel IP filters?

Best regards,
Eduard.

Bug#936052: amavisd-new: Missing dependency on libnet-snmp-perl

2019-08-29 Thread Dominik 
Package: amavisd-new
Version: 1:2.11.0-6.1
Severity: important

Dear Maintainer,

after updating from debian stretch to debian buster, amavis did not start 
correctly with the following error:

Aug 29 14:26:09 emailserver amavisd-snmp-subagent[839]: Can't locate 
NetSNMP/OID.pm in @INC (you may need to install the NetSNMP::OID module) (@INC 
contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 
/usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 
/usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 
/usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at 
/usr/sbin/amavisd-snmp-subagent line 130.

After installing libnet-snmp-perl and restarting, everything worked normal.

I think the dependendy should be included


-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages amavisd-new depends on:
ii  adduser  3.118
ii  debconf [debconf-2.0]1.5.71
ii  file 1:5.35-4
ii  init-system-helpers  1.56+nmu1
ii  libarchive-zip-perl  1.64-1
ii  libberkeleydb-perl   0.55-2
ii  libconvert-tnef-perl 0.18-1
ii  libconvert-uulib-perl1:1.5~dfsg-1+b1
pn  libdigest-md5-perl   
ii  libio-stringy-perl   2.111-3
ii  libmail-dkim-perl0.54-1
ii  libmailtools-perl2.18-1
pn  libmime-base64-perl  
ii  libmime-tools-perl   5.509-1
ii  libnet-libidn-perl   0.12.ds-3+b1
ii  libnet-server-perl   2.009-1
ii  libperl5.24 [libtime-hires-perl] 5.24.1-3+deb9u5
ii  libunix-syslog-perl  1.1-3+b1
ii  lsb-base 10.2019051400
ii  pax  1:20190224-1
ii  perl 5.28.1-6
ii  perl-modules-5.24 [libarchive-tar-perl]  5.24.1-3+deb9u5

Versions of packages amavisd-new recommends:
ii  altermime 0.3.10-9
ii  libnet-patricia-perl  1.22-1+b5
ii  ripole0.2.0+20081101.0215-3

Versions of packages amavisd-new suggests:
ii  apt-listchanges  3.19
ii  arj  3.10.22-18
ii  cabextract   1.9-1
ii  clamav   0.101.2+dfsg-1
ii  clamav-daemon0.101.2+dfsg-1
ii  cpio 2.12+dfsg-9
pn  dspam
pn  lhasa
ii  libauthen-sasl-perl  2.1600-1
pn  libdbi-perl  
ii  libmail-dkim-perl0.54-1
pn  libnet-ldap-perl 
pn  libsnmp-perl 
pn  libzeromq-perl   
pn  lzop 
ii  nomarch  1.4-3+b2
pn  p7zip
pn  rpm  
ii  spamassassin 3.4.2-1
pn  unrar

-- Configuration Files:
/etc/amavis/conf.d/15-content_filter_mode changed:
use strict;
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1;  # ensure a defined return

/etc/amavis/conf.d/50-user changed:
use strict;
$hdrfrom_notify_sender = "postmaster\@$mydomain";  #Des Weiteren möchten wir 
hier noch auf einen Fehler in den Paketen von Debian hinweisen. Dieser bewirkt, 
dass Reports über Virenmails nicht zugestellt werden können.  
$max_servers = 1;
$child_timeout=1200; 
1;  # ensure a defined return


-- no debconf information

Bug#921034: Depends on MaxMind GeoIP Legacy databases - superseded by GeoIP2

2019-08-29 Thread Faidon Liambotis 
On Thu, Jan 31, 2019 at 04:36:45PM -0500, Thomas Ward wrote:
> The GeoIP module is a core module in NGINX upstream.  Keeping this in
> mind, it's just packaged here as a dynamic module.
> 
> For reference purposes, I have forwarded this bug report to nginx
> upstream's nginx-devel mailing list [1] for their response.
> 
> (Note that this is just me adding information, not adding anything 'new'
> to this discussion, as it is ultimately up to the maintainers to include
> a third party module or not here in Debian)

Thanks Thomas! Looking at that thread, upstream doesn't seem to have
issued a response.

That said, Debian is already shipping third-party modules in src:nginx,
under debian/modules. Would it perhaps be acceptable to the nginx
maintainers to include github:leev/ngx_http_geoip2_module in the source
package and include it as a separate binary package?

Whether we should continue to ship the geoip (legacy) module is
orthogonal in a way -- both can be shipped at the same time, although
I'd argue that this is no longer very useful.

Regards,
Faidon

Bug#930363: faad2: fix build with gcc-9 [patch]

2019-08-29 Thread Fabian Greffrath 
Dear Hugo,

Am Donnerstag, den 29.08.2019, 08:04 -0400 schrieb Hugo Lefeuvre:
> Fabian (faad2 maintainer and upstream), do you want to handle this?
> Otherwise I can NMU a second time with this patch.

please go ahead with a second NMU. I am a bit short on time currently
(home alone with the 10mo baby...).

Thanks!

 - Fabian



signature.asc
Description: This is a digitally signed message part

Bug#936006: [Pkg-fonts-devel] Bug#936006: fonts-dejavu-core: Invalid rendering of 'ż' at serveral different sizes

2019-08-29 Thread Fabian Greffrath 
Dear Łukasz,

Am Mittwoch, den 28.08.2019, 23:52 +0200 schrieb Łukasz Stelmach:
> In some applications (notably Firefox) 'ż' (\u017c) character from
> DejaVu Sans (14px, 16px, 19px, 22px) and DejaVu Serif (15px, 16px) is
> rendered improperly. The dot above is not centered and there is a
> pixel
> or two of extra space to the left of the character.

thanks for the record! Though, I am afraid there isn't much we can do
about this in the Debian package. Would you mind reporting this issue
upstream, please?

Thanks!

 - Fabian



signature.asc
Description: This is a digitally signed message part

Bug#936053: qemu-system-x86_64 "bdrv_error_action: Assertion `error >= 0' failed."

2019-08-29 Thread Stephan Breitrainer 
Package: qemu-system-x86
Version: 1:2.1+dfsg-12+deb8u11
Severity: normal

Dear Maintainer,

when starting a qemu process, the process terminates suddenly leaving this
error message in /var/log/libvirt/qemu/.log:

qemu-system-x86_64: /build/qemu-2.1+dfsg/block.c:3606: bdrv_error_action:
Assertion `error >= 0' failed.

The qemu command used:
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
QEMU_AUDIO_DRV=none /usr/bin/qemu-system-x86_64 -name testmachine -S
-machine pc-i440fx-2.1,accel=kvm,usb=off -m 4096 -realtime mlock=off -smp
2,sockets=2,cores=1,threads=1 -uuid cc300f3e-cdc9-465f-95b3-f208b92ad4ac
-no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/testmachine.monitor,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown
-boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
file=/data/one/0/322/disk.0,format=qcow2,if=none,id=drive-virtio-disk0,cache=none,discard=unmap,aio=native
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
-drive
file=/data/one/0/testmachine/disk.2,format=raw,if=none,id=drive-virtio-disk1,cache=none,discard=unmap,aio=native
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1
-drive
file=/data/one/0/testmachine/disk.1,format=raw,if=none,id=drive-ide0-0-0,readonly=on
-device ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -netdev
tap,fd=24,id=hostnet0,vhost=on,vhostfd=43 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=02:00:ac:10:01:88,bus=pci.0,addr=0x3
-vnc 0.0.0.0:322 -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on

The expected outcome should be a stable, running VM.


-- System Information:
Debian Release: 8.11
  APT prefers oldoldstable-updates
  APT policy: (500, 'oldoldstable-updates'), (500, 'oldoldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-0.bpo.9-amd64 (SMP w/32 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages qemu-system-x86 depends on:
ii  ipxe-qemu   1.0.0+git-20141004.86285d1-1
ii  libaio1 0.3.110-1
ii  libasound2  1.0.28-1
ii  libbluetooth3   5.23-2+deb8u1
ii  libbrlapi0.65.2~20141018-5
ii  libc6   2.19-18+deb8u10
ii  libcurl3-gnutls 7.38.0-4+deb8u15
ii  libfdt1 1.4.0+dfsg-1
ii  libgcc1 1:4.9.2-10+deb8u2
ii  libglib2.0-02.42.1-1+deb8u3
ii  libgnutls-deb0-28   3.3.30-0+deb8u1
ii  libiscsi2   1.12.0-2
ii  libjpeg62-turbo 1:1.3.1-12+deb8u2
ii  libncurses5 5.9+20140913-1+deb8u3
ii  libpixman-1-0   0.32.6-3+deb8u1
ii  libpng12-0  1.2.50-2+deb8u3
ii  libpulse0   5.0-13
ii  librados2   0.80.7-2+deb8u3
ii  librbd1 0.80.7-2+deb8u3
ii  libsasl2-2  2.1.26.dfsg1-13+deb8u1
ii  libsdl1.2debian 1.2.15-10+deb8u1
ii  libseccomp2 2.1.1-1
ii  libspice-server10.12.5-1+deb8u7
ii  libssh2-1   1.4.3-4.1+deb8u5
ii  libtinfo5   5.9+20140913-1+deb8u3
ii  libusb-1.0-02:1.0.19-1
ii  libusbredirparser1  0.7-1
ii  libuuid12.25.2-6
ii  libvdeplug2 2.3.2+r586-1
ii  libx11-62:1.6.2-3+deb8u2
ii  libxen-4.4  4.4.4lts4-0+deb8u1
ii  libxenstore3.0  4.4.4lts4-0+deb8u1
ii  qemu-system-common  1:2.1+dfsg-12+deb8u11
ii  seabios 1.7.5-1
ii  zlib1g  1:1.2.8.dfsg-2+b1

Versions of packages qemu-system-x86 recommends:
ii  qemu-utils  1:2.1+dfsg-12+deb8u11

Versions of packages qemu-system-x86 suggests:
ii  kmod 18-3
pn  ovmf 
pn  samba
pn  sgabios  
pn  vde2 

-- no debconf information

-- 
 LineMetrics GmbH, Steyrerstraße 51, 3350 Haag, 
Austria
VAT ATU 67254446
Commercial register number FN 381 079 k
Commercial 
court St. Pölten, Austria

Bug#931255: Update in stable?

2019-08-29 Thread Christoph Haas 
I would like to see this simple fix in Buster. Without it the package
is nearly unusable in my opinion. Do you think the release team would
agree?

…Christoph

Bug#936046: python3-pyqt5: does not depends on matching qtbase-abi

2019-08-29 Thread Duck 


On 8/29/19 9:17 PM, Dmitry Shachnev wrote:

> So at this point you just have to wait.

Ok. thanks for the explanation.



signature.asc
Description: OpenPGP digital signature

Bug#936054: python-scapy: python-pyx is going away

2019-08-29 Thread Stuart Prescott 
Package: python-scapy
Version: 2.4.2-1
Severity: normal

Dear Maintainer,

python-scapy suggests users install the python-pyx package, which has been
removed from bullseye. python-pyx along with most Python 2 packages, will
not be in bullseye. The Suggests of python-scapy could be cleaned up, but
a better option would be to remove python-scapy from bullseye too, finishing
the update of its rdeps to Python 3.

(python3-scapy doesn't suggest python3-pyx; is that intended?)

regards
Stuart

Bug#936056: buster-pu: package sdl-image1.2/1.2.12-10+deb10u1

2019-08-29 Thread Hugo Lefeuvre 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-CC: t...@security.debian.org

Hi,

sdl-image1.2 is affected by a number of security issues in buster. Impact is
quite minor, but it would still be nice to get them fixed.

Attached is a debdiff addressing most of them for buster.

libsdl2-image 2.0.4+dfsg1+deb10u1 and 2.0.1+dfsg-2+deb9u2 have already been
accepted in stretch-pu and buster-pu, those are the same issues and the same
patches.

(I initially intended to submit -pu requests for both sdl-image1.2 and libsdl2
at the same time, but for a number of reasons sdl-image1.2 was delayed)

This is essentially the same update as 1.2.12-5+deb9u2, see #936051.

thanks!

cheers,
Hugo

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
diff -Nru sdl-image1.2-1.2.12/debian/changelog sdl-image1.2-1.2.12/debian/changelog
--- sdl-image1.2-1.2.12/debian/changelog	2018-11-04 18:58:30.0 -0500
+++ sdl-image1.2-1.2.12/debian/changelog	2019-08-29 08:51:05.0 -0400
@@ -1,3 +1,17 @@
+sdl-image1.2 (1.2.12-10+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-5058: Fix CVE-2018-3977.patch from previous upload: check should
+be done for y, not ty (Closes: #932755).
+  * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c.
+  * CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c).
+  * CVE-2019-12216, CVE-2019-12217,
+CVE-2019-12218, CVE-2019-12219,
+CVE-2019-12220, CVE-2019-12221,
+CVE-2019-1, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c).
+
+ -- Hugo Lefeuvre   Thu, 29 Aug 2019 08:51:05 -0400
+
 sdl-image1.2 (1.2.12-10) unstable; urgency=medium
 
   * Non-maintainer upload with permission of maintainers.
diff -Nru sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch
--- sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch	2018-11-04 18:58:30.0 -0500
+++ sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch	2019-08-29 08:51:05.0 -0400
@@ -9,15 +9,13 @@
  IMG_xcf.c | 3 +++
  1 file changed, 3 insertions(+)
 
-diff --git a/IMG_xcf.c b/IMG_xcf.c
-index 064e641..93b6929 100644
 a/IMG_xcf.c
-+++ b/IMG_xcf.c
-@@ -634,6 +634,9 @@ static int do_layer_surface (SDL_Surface * surface, SDL_RWops * src, xcf_header
+--- a/IMG_xcf.c	2019-08-29 09:34:10.888355386 -0400
 b/IMG_xcf.c	2019-08-29 09:34:37.702747635 -0400
+@@ -634,6 +634,9 @@
p16 = (Uint16 *) p8;
p   = (Uint32 *) p8;
for (y=ty; y < ty+oy; y++) {
-+	if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
++	if ((y >= surface->h) || ((tx+ox) > surface->w)) {
 +		break;
 +	}
  	row = (Uint32 *)((Uint8 *)surface->pixels + y*surface->pitch + tx*4);
diff -Nru sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch
--- sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch	1969-12-31 19:00:00.0 -0500
+++ sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch	2019-08-29 08:49:56.0 -0400
@@ -0,0 +1,83 @@
+Description: fix heap buffer overflow issue in IMG_pcx.c
+ Issue known as TALOS-2019-0841, CVE-2019-12218.
+Author: Sam Lantinga 
+Origin: upstream, https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
+--- a/IMG_pcx.c	2019-07-23 11:28:25.847897628 -0300
 b/IMG_pcx.c	2019-07-23 11:43:07.748441381 -0300
+@@ -100,6 +100,8 @@
+ 	Uint8 *row, *buf = NULL;
+ 	char *error = NULL;
+ 	int bits, src_bits;
++	int count = 0;
++	Uint8 ch;
+ 
+ 	if ( !src ) {
+ 		/* The error message has been set in SDL_RWFromFile */
+@@ -148,14 +150,14 @@
+ 	bpl = pcxh.NPlanes * pcxh.BytesPerLine;
+ 	if (bpl > surface->pitch) {
+ 		error = "bytes per line is too large (corrupt?)";
++		goto done;
+ 	}
+-	buf = calloc(SDL_max(bpl, surface->pitch), 1);
++	buf = (Uint8 *)SDL_calloc(surface->pitch, 1);
+ 	row = surface->pixels;
+ 	for ( y=0; yh; ++y ) {
+ 		/* decode a scan line to a temporary buffer first */
+-		int i, count = 0;
+-		Uint8 ch;
+-		Uint8 *dst = (src_bits == 8) ? row : buf;
++		int i;
++		Uint8 *dst = buf;
+ 		if ( pcxh.Encoding == 0 ) {
+ 			if(!SDL_RWread(src, dst, bpl, 1)) {
+ error = "file truncated";
+@@ -168,14 +170,15 @@
+ 		error = "file truncated";
+ 		goto done;
+ 	}
+-	if( (ch & 0xc0) == 0xc0) {
+-		count = ch & 0x3f;
++	if( ch < 0xc0) {
++		count = 1;
++	} else {
++		count = ch - 0xc0;
+ 		if(!SDL_RWread(src, &ch, 1, 1)) {
+ 			error = "file truncated";
+ 			goto done;
+ 		}
+-	} else
+-		count = 1;
++	}
+ }
+ dst[i] = ch;
+ count--;
+@@ -207,10 +210,16 @@
+ int x;
+ dst = row + plane;
+ for(x = 0; x < width; x++) {
++	if ( dst >= row+surface->pitch ) {
++		error = "decoding out of bounds (corrupt?)";
++		goto done;
++

Bug#936055: t/unthreaded.t test failing

2019-08-29 Thread Matthias Klose 

Package: src:libapp-stacktrace-perl
Version: 0.09-3
Severity: important
Tags: upstream
Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=121262

I see you already forwarded this upstream.  Filing the issue, because I also see 
that in Ubuntu at

https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-eoan/eoan/amd64/liba/libapp-stacktrace-perl/20190828_222752_2da85@/log.gz

Is there a way to exit with a status for unreliable tests, that gets ignored by 
the autopkg tests?

Bug#936057: python-yt: python-pyx has been removed from bullseye

2019-08-29 Thread Stuart Prescott 
Package: python-yt
Version: 3.5.0-1
Severity: normal
Tags: bullseye, sid

Dear Maintainer,

python-yt suggests that users install python-pyx; python-pyx has now been
removed from bullseye and will not be part of bullseye, along with much of
the rest of the Python 2 stack. It would be appropriate to drop the python-yt
package (and update the astro-python package) at this stage.

regards
Stuart

Bug#931255: Update in stable?

2019-08-29 Thread Mathieu Parent 
Le jeu. 29 août 2019 à 15:39, Christoph Haas  a écrit :
>
> I would like to see this simple fix in Buster. Without it the package is 
> nearly unusable in my opinion. Do you think the release team would agree?

Yes, the release team will agree.

Unfortunately, I won't work on this soon.

Regards
-- 
Mathieu Parent

Bug#936058: Missing binary package for armhf

2019-08-29 Thread Eduardo Trápani 

Package: barrier
Version: 2.1.2+dfsg-1

I cannot install 'barrier' in armhf because the binary package is not 
available[1] for armhf. It is available for the other architectures though.


The build shows no error[2] but the package is missing from the archive[3].

[1]: https://packages.debian.org/buster/barrier
[2]: https://buildd.debian.org/status/package.php?p=barrier&suite=buster
[3]: http://ftp.debian.org/debian/pool/main/b/barrier/

Bug#936049: metview: missing libopenmpi-dev dependency?

2019-08-29 Thread Alastair McKinstry 

odb-api includes mpi-default-dev, which defaults to libopenmpi-dev.

This may be failing if another mpi (mpich-dev) is installed instead. I 
agree hard-coding including libopenmpi-dev is needed for the moment.


The CMake code in the ECMWF stack (eccodes, magics++, metview, ...) is 
brittle, and leaks dependencies. Adding a dependency lower down the 
chain (eg odb-api)  breaks packages up the chain (metview) unless they 
include all dev libraries, etc. which in turn is bad for transitions.


I've recently packaged the underlying build cmake code (ecbuild, 
currently bundled into the ECMWF tarballs), and will start patching it 
to fix this brittleness; if eg libodb-api.so is built with libssl.so, 
libssl-dev should not be needed for metview to build.


Secondly, i'm refactoring some of the components. eckit, fckit, atlas 
are available independently at github so I'm packaging them separately 
from odb-api.


regards

Alastair


On 29/08/2019 13:35, Gianfranco Costamagna wrote:

Source: odb-api
Version: 0.18.1-6
Severity: serious
tags: patch

Hello, looks like for some reasons eckit in Ubuntu fails to see the include 
directory for openmpi, because it simply doesn't exist

adding libopenmpi-dev dependency to odb-api should fix the issue, bringing the 
directory back when cmake tries to find header files
/usr/lib/x86_64-linux-gnu/pkgconfig/odb.pc:ODB_CC=/usr/bin/cc -pthread 
-I/usr/lib/x86_64-linux-gnu/openmpi/include 
-I/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi -Wdate-time 
-D_FORTIFY_SOURCE=2 -pipe -fopenmp -fPIC -I${prefix}/include
/usr/lib/x86_64-linux-gnu/cmake/odb/odb-import.cmake:set(ODB_ENVIRONMENT 
"ODB_ROOT=/usr;ODB_SYSPATH=/usr/include;ODB_BINPATH=/usr/bin;ODB_BEBINPATH=/usr/bin;ODB_FEBINPATH=/usr/bin;ODB_LIBPATH=/usr/lib;ODB_RTABLE_PATH=/usr/share/odb;ODB_SYSDBPATH=/usr/share/odb;ODB_CC=/usr/bin/cc
 -pthread -I/usr/lib/x86_64-linux-gnu/openmpi/include 
-I/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi -Wdate-time -D_FORTIFY_SOURCE=2 -pipe 
-fopenmp -fPIC -I/usr/include;ODB_F90=/usr/bin/gfortran -g -O2 
-fdebug-prefix-map=/build/odb-api=. -fstack-protector-strong -fopenmp -fPIC 
-ffree-line-length-none -I/usr/include -I/usr/module 
-I/usr/odb/module;ODB_COMPILER=/usr/bin/odb98.x -V 
-O3;ODB_COMPILER_FLAGS=/usr/share/odb/odb98.flags;ODB_STATIC_LINKING=1;ODB_LD_SHARED=none;ODB_LD_SHARED_SFX=.so;ODB_IOASSIGN_MAXPROC=32;ODB_IOASSIGN_PARAMS=-r
 1m -w 
1m;ODB_AR=/usr/bin/ar;ODB_GZIP=/bin/gzip;ODB_GUNZIP=/bin/gunzip;ODB_SETUP_SHELL=/bin/sh")

it looks like used and needed


snip of the failing log:

-- The following OPTIONAL packages have not been found:

  * Git
  * fckit (required version >= 0.6.2)
  * transi (required version >= 0.4.4)
  * CGAL
  * gridtools_storage

-- ENABLE_EXPOSE_SUBPACKAGES is On:
-- All packages in the bundle will be installed at the same level into:
--   /usr
-- Configuring done
CMake Error in atlas/src/atlas/CMakeLists.txt:
   Imported target "eckit_mpi" includes non-existent path

 "/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi"

   in its INTERFACE_INCLUDE_DIRECTORIES.  Possible reasons include:

   * The path was deleted, renamed, or moved to another location.

   * An install or uninstall procedure did not complete successfully.

   * The installation package was faulty and references files it does not
   provide.



CMake Error in atlas/src/atlas/CMakeLists.txt:
   Imported target "eckit_mpi" includes non-existent path

 "/usr/lib/x86_64-linux-gnu/openmpi/include/openmpi"

   in its INTERFACE_INCLUDE_DIRECTORIES.  Possible reasons include:

   * The path was deleted, renamed, or moved to another location.

   * An install or uninstall procedure did not complete successfully.

   * The installation package was faulty and references files it does not
   provide.


trivial patch here:
https://launchpad.net/ubuntu/+source/odb-api/0.18.1-6ubuntu1

Gianfranco


--
Alastair McKinstry, email: alast...@sceal.ie, matrix: @alastair:sceal.ie, 
phone: 087-6847928
Green Party Councillor, Galway County Council

Bug#930363: faad2: fix build with gcc-9 [patch]

2019-08-29 Thread Hugo Lefeuvre 
Hi Fabian,

> Am Donnerstag, den 29.08.2019, 08:04 -0400 schrieb Hugo Lefeuvre:
> > Fabian (faad2 maintainer and upstream), do you want to handle this?
> > Otherwise I can NMU a second time with this patch.
> 
> please go ahead with a second NMU. I am a bit short on time currently
> (home alone with the 10mo baby...).

Ack, I'll NMU then. Good luck with the baby :)

cheers,
Hugo

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C


signature.asc
Description: PGP signature

Bug#936051: stretch-pu: package sdl-image1.2/1.2.12-5+deb9u2

2019-08-29 Thread Hugo Lefeuvre 
Small update: I forgot to close the bug report (#932755) and did not mention
CVE-2019-5058 in debian/changelog. You can find an updated debdiff in
attachment.

cheers,
Hugo

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
diff -Nru sdl-image1.2-1.2.12/debian/changelog sdl-image1.2-1.2.12/debian/changelog
--- sdl-image1.2-1.2.12/debian/changelog	2018-04-15 11:54:38.0 -0400
+++ sdl-image1.2-1.2.12/debian/changelog	2019-08-29 08:28:17.0 -0400
@@ -1,3 +1,17 @@
+sdl-image1.2 (1.2.12-5+deb9u2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2018-3977, CVE-2019-5058: buffer overflow in do_layer_surface
+(IMG_xcf.c) (Closes: #932755).
+  * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c.
+  * CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c).
+  * CVE-2019-12216, CVE-2019-12217,
+CVE-2019-12218, CVE-2019-12219,
+CVE-2019-12220, CVE-2019-12221,
+CVE-2019-1, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c).
+
+ -- Hugo Lefeuvre   Thu, 29 Aug 2019 08:28:17 -0400
+
 sdl-image1.2 (1.2.12-5+deb9u1) stretch-security; urgency=high
 
   * Backport various security fixes:
diff -Nru sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch
--- sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch	1969-12-31 19:00:00.0 -0500
+++ sdl-image1.2-1.2.12/debian/patches/CVE-2018-3977.patch	2019-08-29 08:26:26.0 -0400
@@ -0,0 +1,19 @@
+Description: Fix potential buffer overflow on corrupt or maliciously-crafted XCF file.
+ This patch bundles two fixes, the original one for CVE-2018-3977
+ (TALOS-2018-0645) which is actually broken, and the followup patch
+ (TALOS-2019-0842).
+Author: Ryan C. Gordon 
+Origin: upstream, https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
+  https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
+--- a/IMG_xcf.c	2019-07-23 11:56:35.733259428 -0300
 b/IMG_xcf.c	2019-07-23 11:57:55.036947079 -0300
+@@ -634,6 +634,9 @@
+   p16 = (Uint16 *) p8;
+   p   = (Uint32 *) p8;
+   for (y=ty; y < ty+oy; y++) {
++	if ((y >= surface->h) || ((tx+ox) > surface->w)) {
++		break;
++	}
+ 	row = (Uint32 *)((Uint8 *)surface->pixels + y*surface->pitch + tx*4);
+ 	switch (hierarchy->bpp) {
+ 	case 4:
diff -Nru sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch
--- sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch	1969-12-31 19:00:00.0 -0500
+++ sdl-image1.2-1.2.12/debian/patches/CVE-2019-12218.patch	2019-08-29 08:26:26.0 -0400
@@ -0,0 +1,83 @@
+Description: fix heap buffer overflow issue in IMG_pcx.c
+ Issue known as TALOS-2019-0841, CVE-2019-12218.
+Author: Sam Lantinga 
+Origin: upstream, https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
+--- a/IMG_pcx.c	2019-07-23 11:28:25.847897628 -0300
 b/IMG_pcx.c	2019-07-23 11:43:07.748441381 -0300
+@@ -100,6 +100,8 @@
+ 	Uint8 *row, *buf = NULL;
+ 	char *error = NULL;
+ 	int bits, src_bits;
++	int count = 0;
++	Uint8 ch;
+ 
+ 	if ( !src ) {
+ 		/* The error message has been set in SDL_RWFromFile */
+@@ -148,14 +150,14 @@
+ 	bpl = pcxh.NPlanes * pcxh.BytesPerLine;
+ 	if (bpl > surface->pitch) {
+ 		error = "bytes per line is too large (corrupt?)";
++		goto done;
+ 	}
+-	buf = calloc(SDL_max(bpl, surface->pitch), 1);
++	buf = (Uint8 *)SDL_calloc(surface->pitch, 1);
+ 	row = surface->pixels;
+ 	for ( y=0; yh; ++y ) {
+ 		/* decode a scan line to a temporary buffer first */
+-		int i, count = 0;
+-		Uint8 ch;
+-		Uint8 *dst = (src_bits == 8) ? row : buf;
++		int i;
++		Uint8 *dst = buf;
+ 		if ( pcxh.Encoding == 0 ) {
+ 			if(!SDL_RWread(src, dst, bpl, 1)) {
+ error = "file truncated";
+@@ -168,14 +170,15 @@
+ 		error = "file truncated";
+ 		goto done;
+ 	}
+-	if( (ch & 0xc0) == 0xc0) {
+-		count = ch & 0x3f;
++	if( ch < 0xc0) {
++		count = 1;
++	} else {
++		count = ch - 0xc0;
+ 		if(!SDL_RWread(src, &ch, 1, 1)) {
+ 			error = "file truncated";
+ 			goto done;
+ 		}
+-	} else
+-		count = 1;
++	}
+ }
+ dst[i] = ch;
+ count--;
+@@ -207,10 +210,16 @@
+ int x;
+ dst = row + plane;
+ for(x = 0; x < width; x++) {
++	if ( dst >= row+surface->pitch ) {
++		error = "decoding out of bounds (corrupt?)";
++		goto done;
++	}
+ 	*dst = *src++;
+ 	dst += pcxh.NPlanes;
+ }
+ 			}
++		} else {
++			SDL_memcpy(row, buf, bpl);
+ 		}
+ 
+ 		row += surface->pitch;
+@@ -227,8 +236,9 @@
+ 			/* look for a 256-colour palette */
+ 			do {
+ if ( !SDL_RWread(src, &ch, 1, 1)) {
+-	error = "file truncated";
+-	goto done;
++	/* Couldn't find the palette, try the end of the file */
++	SDL_RWseek(src, -768, RW_SEEK_END);
++	break;
+ }
+ 			} while ( ch != 12 );
+ 
diff -Nru sd

Bug#936059: RM: pyx -- ROM; Python 2 only; no rdeps

2019-08-29 Thread Stuart Prescott 
Package: ftp.debian.org
Severity: normal
User: debian-pyt...@lists.debian.org
Usertags: py2removal

(Old) Python 2 version of the newer pyx3 source package. A couple of Python 2
only reverse-suggests exist, but no reverse-recommends, reverse-depends or
reverse-build-deps.

farewell old friend

Stuart

.

Bug#933922: [Pkg-salt-team] Bug#933922: src:salt: Unsafe use of yaml.load()

2019-08-29 Thread Benjamin Drung 
Am Montag, den 05.08.2019, 01:41 -0400 schrieb Scott Kitterman:
> Package: src:salt
> Version: 2018.3.4+dfsg1-6
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> The new version of pyyaml no longer allows use of yaml.load() without
> a
> loader being specifed.  This raises a deprecation warning which has
> caused and autopkgtest failure on this package.  These are generally
> trivial to fix, see the upstream guidance [1].

This was already reported to upstream in 
https://github.com/saltstack/salt/issues/39531 and was fixed by pull
request https://github.com/saltstack/salt/pull/40751

I will cherry-pick these changes.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de

Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss

Member of United Internet

Bug#926981: golang-1.12-go: Needs /etc/alternatives/go to be useful

2019-08-29 Thread Nye Liu 

On Mon, 5 Aug 2019 22:10:52 +0800 YunQiang Su  wrote:
> On Sat, 13 Apr 2019 00:09:46 -0700 Nye Liu  wrote:
> > Package: golang-1.12-go
> > Version: 1.12.1-1
> > Severity: normal
> >
> > Without /etc/alternatives/go (and friends), this package is pretty 
useless.

>
> Please install golang-go, it contains /usr/bin/go.
> https://packages.debian.org/sid/amd64/golang-go/filelist
>
> I guess it is what you need.
>

That definitely does not provide update-alternatives functionality.

Bug#913756: tootle: Tootle window opens and closes immediately

2019-08-29 Thread Axel Beckert 
Control: reassign 913756 libgranite5,tootle
Control: found -1 tootle/0.2.0-1
Control: found -1 granite/5.2.3-1
Control: tag 913756 + fixed-upstream

Hi,

context for the granite maintainers: Since the switch to granite 5.2,
tootle crashes upon startup with "[GLib-GIO] Settings schema
'io.elementary.desktop.wingpanel.datetime' is not installed".

Federico Ceratto wrote:
> Temporary workaround: download the package for your architecture from
> https://snapshot.debian.org/package/granite/5.1.0-2/\#libgranite5_5.1.0-2
> and install it with sudo dpkg -i 

This is because of a change in granite 5.2.x up to 5.2.3 (which is
currently in Buster, Bullseye and Sid).

According to
https://github.com/bleakgrey/tootle/issues/107#issuecomment-510074740
granite upstream has reverted that controversial change in granite
5.2.4, so the issue is now actually more or less in granite — but only
(or mostly) seems to affect tootle.

Hence reassigning this issue to both, granite and tootle as a fix in
any of them could solve this issue.

It though should be fixed in granite by uploading 5.2.4 to Debian
Unstable. (Hence the "fixed-upstream" tag which refers to granite
upstream. :-)

It might also help to have tootle depend on "libgranite5 (<< 5.2) |
libgranite5 (>= 5.2.4)" in the future to avoid this issue popping up
again during upgrades or when backporting.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#936060: rocksndiamonds lintian override for maintainer-script-should-not-use-recursive-chown-or-chmod reasoning is incorrect

2019-08-29 Thread Daniel Kahn Gillmor 
Package: rocksndiamonds
Version: 4.1.1.0+dfsg-1

the lintian override says:

# We recursively chown files to root:root after neutering their
# permissions, so the attacks mentioned by Lintian aren’t applicable
rocksndiamonds: maintainer-script-should-not-use-recursive-chown-or-chmod 
postinst:340
rocksndiamonds: maintainer-script-should-not-use-recursive-chown-or-chmod 
postinst:341
rocksndiamonds: maintainer-script-should-not-use-recursive-chown-or-chmod 
postinst:342

But this reasoning doesn't follow.

The script is:

cmd_execute "find $tempdir -type d -exec chmod 0755 '{}' '+'";
cmd_execute "find $tempdir -type f -exec chmod 0644 '{}' '+'";
cmd_execute "chown -R root:root $tempdir";

even if we set aside race condition concerns (can some unprivileged user
get away with something between the find and the chown?), the
"neutering" of permissions makes all the files in that directory
world-readable.

so if an attacker can manage to link /etc/shadow or
/etc/ssh/ssh_host_*_key or whatever into that directory before the chown
happens, they can reveal system secrets that should only be visible to
the superuser.

--dkg


signature.asc
Description: PGP signature

Bug#936029: apt fails to resolve multiple levels of provides

2019-08-29 Thread Ximin Luo 
Control: reopen -1
Control: retitle -1 better error messages when failing to resolve multiple 
levels of provides

Julian Andres Klode:
> On Thu, Aug 29, 2019 at 02:27:45AM -0700, Ximin Luo wrote:
>> Package: apt
>> Version: 1.8.3
>> Severity: important
>>
>> Dear Maintainer,
>>
>> apt is having trouble resolving the (correct) dependencies of a certain rust 
>> package:
>>
>> $ sudo apt install librust-rand+default-dev
>> [..]
>> Some packages could not be installed. This may mean that you have
>> requested an impossible situation or if you are using the unstable
>> distribution that some required packages have not yet been created
>> or been moved out of Incoming.
>> The following information may help to resolve the situation:
>>
>> The following packages have unmet dependencies:
>>  librust-rand+default-dev : Depends: librust-rand-dev (= 0.6.4-2)
>> Depends: librust-rand+std-dev (= 0.6.4-2)
>> E: Unable to correct problems, you have held broken packages.
>> exit code 100
>>
> 
> There's a conflict between librust-rand-chacha-0.1-dev depending on
> librust-rand-core-0.3-dev and librust-rand-pcg-0.1-dev depending on
> librust-rand-core-0.4-dev (which conflicts with other versioned 
> librust-rand-core)
> 
>   MarkInstall librust-rand+default-dev:amd64 < none -> 0.6.4-2 @un puN Ib > 
> FU=1  
>   
> 
> MarkInstall librust-rand-dev:amd64 < none -> 0.6.4-2 @un uN Ib > FU=0 
>   
>   
>   
>   MarkInstall librust-autocfg-dev:amd64 < none -> 0.1.4-1 @un uN > FU=0   
>   
>   
>   
>   MarkInstall librust-libc-dev:amd64 < none -> 0.2.62-1 @un uN > FU=0 
>   
>   
>   
>   MarkInstall librust-rand-chacha-0.1-dev:amd64 < none -> 0.1.1-2+b1 @un 
> uN Ib > FU=0  
>   
>
> MarkInstall librust-rand-core-0.3-dev:amd64 < none -> 0.3.0-1+b1 @un 
> uN > FU=0 
>   
>
>   MarkInstall librust-rand-hc-0.1-dev:amd64 < none -> 0.1.0-1 @un uN > 
> FU=0  
>   
>  
>   MarkInstall librust-rand-isaac-0.1-dev:amd64 < none -> 0.1.1-1 @un uN > 
> FU=0  
>   
>   
>   MarkInstall librust-rand-pcg-0.1-dev:amd64 < none -> 0.1.2-1 @un uN Ib 
> > FU=0
>   
>
> MarkInstall librust-rand-core-0.4-dev:amd64 < none -> 0.4.0-2+b1 @un 
> uN Ib > FU=0  
>   
>
>   MarkDelete librust-rand-core-0.3-dev:amd64 < none -> 0.3.0-1+b1 @un 
> uN > FU=0
> 
> 
> This happens because librust-rand+default-dev depends on 
> librust-rand-pcg-0.1+default-dev
> which is a virtual package provided by librust-rand-pcg-0.1-dev and
> librust-rand-pcg-dev.
> 
> Depending on virtual packages that have more than one provider without 
> specifying
> a preferred provider (e.g. 
> librust-rand-pcg-dev|librust-rand-pcg-0.1+default-dev)
> is not correct.
> 
> Please fix your packaging.
> 

Thanks for diagnosing. We forgot to upgrade rust-rand-pcg to version 0.2 when 
uploading rust-rand-pcg-0.1, and I have just done the former so the error 
should go away soon.

If apt had printed more details about the error (e.g. at the minimum, an 
advisory

  1   2   3   >