Bug#914897: tech-ctte: Should debootstrap disable merged /usr by default?

[Didier 'OdyX' Raboud]

Dear Technical Committee members,
(CC'ed to submitter, and debootstrap maintainers for information and feedack)

Here's the current state of the draft resolution; which `master` is at
https://salsa.debian.org/debian/tech-ctte/blob/master/914897_merged_usr/ballot.md

I will submit it to vote on Friday 22.; the discussion period is open!

# #914897: tech-ctte: Should debootstrap disable merged `/usr` by default?

## What is "merged `/usr`"

"Merged `/usr`" describes a possible future standard directories scheme in
which the `/{bin,sbin,lib*}/` directories have been made superfluous through
replacing them by symlinks to their `/usr` equivalents (/usr/{bin,sbin,lib*}).
The motivation to get Debian systems to converge towards such a scheme is
vastly documented elsewhere ([FDO's TheCaseForTheUsrMerge][0],
[wiki.d.o UsrMerge][1]) but can be summarized as the following points:

* having separate `/` and `/usr` filesystems has been useful in the past for
  booting without initramfs onto a minimal root filesystem that carried just
  enough to mount the `/usr` filesystem later in the boot process. Given the
  evolution of physical hosts' capabilities, initramfs'es have been default in
  Debian (and elsewhere) for a long time, and most systems no longer have an
  intermediate state during boot in which they have only `/`, but not `/usr`,
  mounted.
* another use-case is to be able to share an identical `/usr` over a network
  link; hence booting an initramfs, mounting a local `/`, then mounting `/usr`
  over the network. It seems that an initramfs with everything needed to mount
  a filesystem over a network link directly actually has a smaller footprint.
* booting with `/` only is not systematically tested in Debian anymore;
* the packaging infrastructure to install files outside of `/usr` is not
  standard and represents technical debt:
* given its status as remnant "folklore", the distinction between what _needs_
  to be shipped in `/` and what can stay in `/usr` is often interpreted
  arbitrarily;
* allowing shipment of identically-named libraries or binaries in different
  paths can confuse common understanding of paths precedence.

The arguments against moving the base directories' scheme towards
"merged `/usr`" are as follows:

* there's no gain in disrupting something that is not inherently broken;
* `/{bin,sbin,lib*}/` → `/usr/{bin,sbin,lib*}/` symlinks create confusing views
  of the system (`/bin/cat` and `/usr/bin/cat` are the same file), and dpkg
  doesn't support this situation cleanly
  [#134758](https://bugs.debian.org/134758).

[0]: https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge/
[1]: https://wiki.debian.org/UsrMerge

The compatibility symbolic links `/lib` → `/usr/lib` and
`/lib64` → `/usr/lib64` are required by the various CPUs' platform ABIs (for
example i386 requires `/lib/ld-linux.so.2` to resolve to glibc's `ld.so`, and
amd64 requires `/lib64/ld-linux-x86-64.so.2`) so there are no plans to remove
them altogether. Similarly, removing `/bin` is not under consideration because
it would break the assumption that `/bin/sh` exists, and removing `/sbin` would
break the assumption that `/sbin/fsck.*` and `/sbin/mount.*` exist.

## "merged `/usr`" in Debian

In Debian buster, the current testing suite, "merged `/usr`" is only considered
for implementation with symlinks (there are no proposals for simply dropping
`/{bin,sbin,lib*}`) and is implemented in two main ways:

* existing hosts can be made to have a "merged `/usr`" by installing the
  [usrmerge][2] package;
* new hosts get the `/{bin,sbin,lib*}/`→ `/usr/{bin,sbin,lib*}/` symlinks by
  default when using debootstrap >= 1.0.102.

The usrmerge package contains a `/usr/lib/convert-usrmerge` perl executable
that runs in `postinst`, that will move the contents of `/{bin,sbin,lib*}/` and
replace these directories with symlinks when empty.

It is also possible to merge `/usr` in other ways, for example with
`debootstrap --merged-usr` or by bootstrapping into a chroot that already
contains the necessary symlinks.

[2]: https://tracker.debian.org/pkg/usrmerge

## Issues from "merged `/usr`"

Since the default change in debootstrap 1.0.102, some issues have arisen.
Due to the fact that some buster/sid hosts have the "merged `/usr`" symlinks in
place, it has been observed that some binary packages carried some traces of
these differences (notably official packages built on Debian buildd hosts which
had been resetup).
Some such differences can actually render the built packages unuseable on
non-"merged `/usr`" systems.
For example, if `cat` is detected at build-time in `/usr/bin/cat` (where
coreutils ships `/bin/cat`), a binary hardcoding that path will try to use
`/usr/bin/cat` after installation, but that path doesn't exist in
non-"merged `/usr`" systems.
In order to mitigate this, debootstrap has been modified to let its "buildd"
variant be non-"merged `/usr`", the Debian buildds have been resetup and the
affected packages rebuilt.

Bug#922502: plasma-desktop: regional settings allow do select system incompatible locales

[Maximiliano Curia]

Control: reassign -1 libqt5core5a/5.11.3+dfsg-2
Control: affects -1 plasma-desktop

Control: severity -1 important

Please, don't abuse the bugs severity just to get more attention.

El 2019-02-17 a las 10:06 +0100, Charlemagne Lasse escribió:

Package: plasma-desktop
Version: 4:5.14.5-1
Severity: critical
Justification: makes unrelated software break on the system



The "regional settings" allow to select various regions which are not
available on the system (even with locales-all). An example here is
en_DE (Germany) for "Time". This is then exported at the next login in
the env variable LC_TIME as "en_DE.UTF-8". This is not supported on
any Debian buster installation and is causing other software to break.


This is a known issue (see https://bugs.debian.org/845788), plasma desktop 
here simply shows the result of calling:

QList allLocales = QLocale::matchingLocales(QLocale::AnyLanguage, 
QLocale::AnyScript, QLocale::AnyCountry);

(See kcms/formats/kcmformats.cpp in plasma-desktop) supplied by qt, which 
contains a rather large set of locales definitions, some of which don't have a 
libc's locales equivalent.


It would be nice to either limit qt's locales to the ones available to libc 
somehow, this might be done patching qtlocale at build time, or patching the 
kcmformats to reduce the list to the ones matching the currently generated 
locales.


Patches to either approach would be welcome.

Happy hacking,
--
"If you are in a hole, stop digging." -- The First Rule of Excavation
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Processed (with 1 error): Re: Bug#922502: plasma-desktop: regional settings allow do select system incompatible locales

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 libqt5core5a/5.11.3+dfsg-2
Unknown command or malformed arguments to command.

> affects -1 plasma-desktop
Bug #922502 [plasma-desktop] plasma-desktop: regional settings allow do select 
system incompatible locales
Added indication that 922502 affects plasma-desktop

-- 
922502: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#922502: plasma-desktop: regional settings allow do select system incompatible locales

[Charlemagne Lasse]

> Control: reassign -1 libqt5core5a/5.11.3+dfsg-2
> Control: affects -1 plasma-desktop
>
> Control: severity -1 important
>
> Please, don't abuse the bugs severity just to get more attention.

I didn't  abuse the severity. The
https://www.debian.org/Bugs/Developer#severities has an entry "makes
unrelated software on the system (or the whole system) break". And
this is the case here. There is no obvious relation between
plasma-desktop/libqt5core5a and the tex-common installation scripts.

The same happened in the tex-common bug (actually worse - they just
closed it). I am under the impression that everyone just wants to
ignore this problem.

Bug#922253: Bug #922253 in hamradio-maintguide marked as pending

[Christoph Berg]

Control: tag -1 pending

Hello,

Bug #922253 in hamradio-maintguide reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian-hamradio-team/hamradio-maintguide/commit/2880d404528814cfcab3e4a96ca9e73c16f80666


Drop sphinx.ext.pngmath usage, not needed. (Closes: #922253)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/922253

Processed: Bug #922253 in hamradio-maintguide marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #922253 [src:hamradio-maintguide] hamradio-maintguide: FTBFS (Could not 
import extension sphinx.ext.pngmath)
Added tag(s) pending.

-- 
922253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922253
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#921733: marked as done (prevent migration while I am out of town)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 09:19:30 +
with message-id 
and subject line Bug#921733: fixed in cyrus-imapd 3.0.8-2
has caused the Debian Bug report #921733,
regarding prevent migration while I am out of town
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921733
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:cyrus-imapd
Version: 3.0.8-1
Severity: serious

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

This is new upstream major release and it needs to be tested by people
with real cyrus-imapd installations, so I am just preventing the
migration to testing while I without Internet access next week.

To release team - just ignore this.

Ondrej

- -- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/6 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_DK.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8), LANGUAGE=en_DK.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAlxdoSZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz
NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u
WcKsrQ/6Ai5PnyEEPtZBK4odg1OZpW7SII/s2dZ00oqEaa9YCC4fJUqpmSufR+Du
RO4R4+T5spg49U/zSm6NrHhdRMVsZ7XTN8smQC+/TSsfutJI8Y40tRHMyMieCx0i
9lt6qcarD16nWyfhdVEs6WQBecBJWcqCD16vTjI5BefAb56YkfaI6650hlh/GQyX
eByq+ugbqb9Kxpsu6PDQLbE9GH+DHO58jHh+1CK1wPVXxXpB7+tDI08+OwAZkgA9
42pV7fu08eBR6HuOC6scWEzBORUZ5stVah8P/a45r6D8UO/Bh18lfHGXu2+EXTOV
cgQ8l4qboPR+lxVS+65NOw1jXcLpUorpOYTXJyhQ//yzDQsHlrtoo9kfxAn4CKAG
NhUdiySEckI2P2M8i+NcNKH344JCKEoymT4wAfogSML9A6mDflI8rJAf34WtOYlx
21MoTfhxjtOCvXg0W5QV+x1qFX6JAuw/B6UWFwASZFdY9mpxM+9ePHsRIw9YfjFz
NvdHubC/kWRtKo/CuA7uyXr71VNQ/l2ro7pdH53lhFwR1nngLWPH6QKKa8KssGFZ
Fi0QHIzUF0hcQEJsmpeC6+07nhQ+g18n8E07eflJJ6Qo4IhWN7k/PfFtdWE9Qz1F
uOCqrjhiiN1xkSrw/ugpnXh7wrMfkbxHJs+EDItvNbYZqlv7gH0=
=/Erk
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: cyrus-imapd
Source-Version: 3.0.8-2

We believe that the bug you reported is fixed in the latest version of
cyrus-imapd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 921...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý  (supplier of updated cyrus-imapd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 18 Feb 2019 07:58:29 +
Source: cyrus-imapd
Architecture: source
Version: 3.0.8-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cyrus Team 
Changed-By: Ondřej Surý 
Closes: 675812 685263 750053 766403 825783 862066 866973 869870 901024 921733 
922290
Changes:
 cyrus-imapd (3.0.8-2) unstable; urgency=medium
 .
   [ Max Kosmach ]
   * Enable backup, xapian, calalarmd and unit tests
   * Update certificates for unit tests
   * Add backup and calalarmd files to cyrus-common
   * Add upstream patches to fix some crashes
   * Fix backup manpages
 .
   [ Anthony Prades ]
   * Enable systemd support (Closes: #922290)
 .
   [ Ondřej Surý ]
   * Upload to final cyrus-imapd 3.0.x to unstable
 (Closes: #921733, #866973)
   * Init script now uses systemd tmpfiles
 (Closes: #685263, #675812, #750053, #766403, #825783, #862066)
   * GOODCHARS #define is now synchronized with upstream
 (Closes: #901024)
   * Update cyrus-imapd version check in cron.daily (Closes: #869870)
Checksums-Sha1:
 2398875216fed15e38a80d6f4e46cd2132198723 3223 cyrus-imapd_3.0.8-2.dsc
 9103e90b51fda171b39aa2c6c350f9f5e258a7b9 89188 
cyrus-imapd_3.0.8-2.debian.tar.xz
 bcc311d517c00be21956538a0a03b037a7be28c6 15173 
cyrus-imapd_3.0.8-2_amd64.buildinfo
Checksums-Sha256:
 942d192954f75d153066b818734ab54f87010f35d359ceb3eacdbbd2a76d85e8 3223 
cyrus-imapd_3.0.8-2.dsc
 8c31c21e374f00e86e59765b1dbefda9d79a3c1f508ba0f4f46328cfd1dd514b 89188 
cy

Bug#922253: marked as done (hamradio-maintguide: FTBFS (Could not import extension sphinx.ext.pngmath))

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 09:34:13 +
with message-id 
and subject line Bug#922253: fixed in hamradio-maintguide 0.5
has caused the Debian Bug report #922253,
regarding hamradio-maintguide: FTBFS (Could not import extension 
sphinx.ext.pngmath)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
922253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922253
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:hamradio-maintguide
Version: 0.4
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_update_autotools_config -i
   dh_auto_configure -i
   debian/rules override_dh_auto_build
make[1]: Entering directory '/<>'
make html
make[2]: Entering directory '/<>'
sphinx-build -b html -d _build/doctrees   . _build/html
Running Sphinx v1.8.3

Extension error:
Could not import extension sphinx.ext.pngmath (exception: No module named 
'sphinx.ext.pngmath')
make[2]: *** [Makefile:53: html] Error 2
make[2]: Leaving directory '/<>'
make[1]: *** [debian/rules:7: override_dh_auto_build] Error 2
make[1]: Leaving directory '/<>'
make: *** [debian/rules:4: build-indep] Error 2
dpkg-buildpackage: error: debian/rules build-indep subprocess returned exit 
status 2


(The above is just how the build ends and not necessarily the most relevant 
part)

The build was made in my autobuilder with "dpkg-buildpackage -A"
and it also fails here:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/hamradio-maintguide.html

where you can get a full build log if you need it.

If this is really a bug in one of the build-depends, please use reassign and 
affects,
so that this is still visible in the BTS web page for this package.

Thanks.
--- End Message ---
--- Begin Message ---
Source: hamradio-maintguide
Source-Version: 0.5

We believe that the bug you reported is fixed in the latest version of
hamradio-maintguide, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 922...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Berg  (supplier of updated 
hamradio-maintguide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 10:06:37 +0100
Source: hamradio-maintguide
Architecture: source
Version: 0.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Hamradio Maintainers 
Changed-By: Christoph Berg 
Closes: 922253
Changes:
 hamradio-maintguide (0.5) unstable; urgency=medium
 .
   * Team upload.
   * Point Vcs headers at salsa.
   * Drop sphinx.ext.pngmath usage, not needed. (Closes: #922253)
   * Multi-Arch: foreign.
   * Remove _build/ on clean.
Checksums-Sha1:
 7e195436a69f485522a5026a8608f950fbc654be 1817 hamradio-maintguide_0.5.dsc
 8760c4307dc5832d4b2e9633c5540f64c059b7be 13604 hamradio-maintguide_0.5.tar.xz
Checksums-Sha256:
 bff1ad41525637b39b51f23f884c77b142bc5f5f5d9e8afca43fb155b75e4959 1817 
hamradio-maintguide_0.5.dsc
 067760c7040a87710e430056d5a3875ff7681e254b7aee5c3cad3b8f5ab7bef9 13604 
hamradio-maintguide_0.5.tar.xz
Files:
 5aa655d0ada2cd70c1ee1adc0850fa93 1817 doc optional hamradio-maintguide_0.5.dsc
 f84a31b82b83d9db88355bd50517442b 13604 doc optional 
hamradio-maintguide_0.5.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAlxqdoIACgkQTFprqxLS
p66FURAAkg1TArGPkD1YsJzs/ByO670HMVwt10B3h77k4jgNFxQ6PqI5R5EFoKzX
ZAZ6JyH2+6yGCk8wEdgnl1ESWtw5IcjF27uvVBeW0R7MMk+1DrT7EqFbvbFqAKkS
DDpOLHtxa73TaxtfINpLymDA8QCnkYCSev2kX3nD69mxLeqxvGcdojcCk8Bt+bzc
oX12b+OTVNaUEV8EUQrRmmMWV9WHJHXcpaW4skVD7Y7MDxOZ7ntdaBSfnck9vivv
CLXWhndFUZPOCHzP3j1x0vkW3j10glz3KFehuFMPFrUyIe9Dvb1U4FrF+1aoFpUG
Oji4GjhKguE69WRmFUVi9zDdcEV26VKSTMtS/tSImFpAnRuUFdT4oOpnCMvURkfE
+aaAOheCHK8P7YrH3f6OV0STg49DbQtzIMF6dtWVFXmhCi7RV0rFbRX6DJIRNFj2
9bNmQGAixs1LiZDFmPv8LAU+T4fQYOR/gtl9cFRoJfOCGYIoo4655OGqk8fw15yj
+tl+bl2TUOuuNBj9qxsBSnDAP/+M2XloGF5S3w8A7hXtsGJ4XR7rghhrcIGh9vvV
Ax94Uq6K12k7X/lrqrsQD6tKWOQwDDuLAHZhmv9Tkv

Bug#915311: dumb-init FTBFS on mips*: test failures

[Dmitry Smirnov]

On Thursday, 14 February 2019 4:03:35 AM AEDT Shengjing Zhu wrote:
> BTW, now the test migration is 10 days, and this package will be removed
> from testing in 6 days. Maybe the release-team should be contacted to
> keep this in buster?

I can not spare time for dumb-init right now but I trust you to do whatever 
you think is appropriate.

Thank you.

-- 
Regards,
 Dmitry Smirnov.

---

Criticism may not be agreeable, but it is necessary. It fulfils the same
function as pain in the human body. It calls attention to an unhealthy
state of things.
-- Winston Churchill


signature.asc
Description: This is a digitally signed message part.

Bug#915311: dumb-init FTBFS on mips*: test failures

[Dmitry Smirnov]

On Saturday, 16 February 2019 5:57:51 AM AEDT Shengjing Zhu wrote:
> I've uploaded this NMU to DELAYED/2-day. Hope it works.

Awesome. Thank you very much.

-- 
Regards,
 Dmitry Smirnov.

---

To predict the behavior of ordinary people in advance, you only have to
assume that they will always try to escape a disagreeable situation with
the smallest possible expenditure of intelligence.
-- Friedrich Nietzsche


signature.asc
Description: This is a digitally signed message part.

Processed: forcibly merging 922478 922547

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forcemerge 922478 922547
Bug #922478 [src:linux] upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 
4.9.130-2 to 4.9.144-3 renders many systems unbootable
Bug #922532 [src:linux] upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 
4.9.130-2 to 4.9.144-3 renders many systems unbootable
Bug #922547 [src:linux] linux-image-4.9.0-8-armmp: Failed to boot after 
upgrading to linux-image-4.9.0-8-armmp version 4.9.144-3
Severity set to 'serious' from 'normal'
Marked as found in versions linux/4.9.144-3.
Bug #922478 [src:linux] upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 
4.9.130-2 to 4.9.144-3 renders many systems unbootable
Marked as found in versions linux/4.9.130-2.
Marked as found in versions linux/4.9.130-2.
Bug #922532 [src:linux] upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 
4.9.130-2 to 4.9.144-3 renders many systems unbootable
Merged 922478 922532 922547
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
922478: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922478
922532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922532
922547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#873016: marked as done (node-lodash-packages: not preferred form for source: Should be built from node-lodash)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 10:23:03 +
with message-id 
and subject line Bug#873016: fixed in node-lodash 4.17.11+dfsg-2
has caused the Debian Bug report #873016,
regarding node-lodash-packages: not preferred form for source: Should be built 
from node-lodash
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
873016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: node-lodash-packages
Severity: serious
Justification: Policy 2.1

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The source package node-lodash-packages does not contain the source form
preferred for editing by upstream.  Instead, upstream documents how the
contents of that code is generated from the sources included in Debian
in the source package node-lodash.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIyBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlmdw4sACgkQLHwxRsGg
ASGTug/2Lp398huckuiUYZpi1L3JQ1gKA52++Vn/q57MoT1nRd/9FvY9dkRuNmCw
B1kD+wp/Fd/MkWxdP+b/ZaoizQbbpGLg6BT1AHqFht1iwLl1pNDYsJkHx3R9LqTW
JCOfaKsetIcW+DPzYV6sbaqaULWtxK1p1oN9xcYsFaeD+vBk8D1dIerT3E6wLbRJ
B6p/h7T6k1nHZdik1eTD7Hyereocu8QzicNhkY0lCOmqa//bWTrkrP4xPICM0JEw
g3U8VlUHkezb+XlP/IcRp7iK6Oz7L5c2ZBmzxxmku/tapGMbtqm7JI/lvjuNldyZ
TKepo6jywEjJAx6F3D35U5vEla22TRpWNm0UP4S9IzAxfl4nGofY2vOp1lR8cNbb
LMhXWIdIcAA5NKwMxnzSZv4zH1tEPB8GrPNPUM8FCuwQN2mNxlURhkb7S8TZX2di
QdmvR6lRuECrOUWS6VeRsPK1HeHqXkKDo52fSJK5yCfJChHxPHtNUv+mARs3BWdC
rZVQcVXm4BoQp2OdwsqIH5Wg/h89GApRVh16C/6bbjWe7tim7QCt0W6B67woHmU2
cK41cZVvcCawPFzC1N2ggk8SqI+3bxsokN/YvAUibZRpj+box92QlJNd9Yak9IlF
7BU/XDLRlrRegafJ1KRm8P66v14D+O3PfAso3nCQCAHFI2MtXA==
=Kn8q
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: node-lodash
Source-Version: 4.17.11+dfsg-2

We believe that the bug you reported is fixed in the latest version of
node-lodash, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pirate Praveen  (supplier of updated node-lodash package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 15:31:23 +0530
Source: node-lodash
Binary: libjs-lodash node-lodash node-lodash-packages
Architecture: source all
Version: 4.17.11+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Pirate Praveen 
Description:
 libjs-lodash - Lo-dash is a Javascript utility library
 node-lodash - Lo-dash is a Node.js utility library
 node-lodash-packages - Lo-dash is a Node.js utility library (per method 
packages)
Closes: 873016
Changes:
 node-lodash (4.17.11+dfsg-2) unstable; urgency=medium
 .
   * Drop modules directory (now generated from source)
   * Embed lodash-cli module
   * Don't gitignore debian/node_modules
   * Generate split npm packages and files for lodash node module
   * Add node-lodash-packages binary (Closes: #873016)
Checksums-Sha1:
 f72ea3d7b8355887dcf6210a700d3a6a9ab60821 2294 node-lodash_4.17.11+dfsg-2.dsc
 ae32eba3165f3bd7c048ae6579f8fcb06c435c6b 54608 
node-lodash_4.17.11+dfsg-2.debian.tar.xz
 8bdf5d72d8602d979f527a12ae4e36e27c3cb0e0 106028 
libjs-lodash_4.17.11+dfsg-2_all.deb
 221772875ae2ac19a6068a88be8ecd093c1cbee6 145712 
node-lodash-packages_4.17.11+dfsg-2_all.deb
 1afea8c165212884791e711460f2cf4610d7477c 162484 
node-lodash_4.17.11+dfsg-2_all.deb
 8075ec97c15d36d5542745666a1d4657dbd959c1 7819 
node-lodash_4.17.11+dfsg-2_amd64.buildinfo
Checksums-Sha256:
 23cc3dcd77378dfff5f2ff354af08ce191b080a2f330029857e8f35ccbdf0139 2294 
node-lodash_4.17.11+dfsg-2.dsc
 a230d68ceda372ba88b2a43f797828b28958ef7353fc2adf60cfd5850d4b9a7e 54608 
node-lodash_4.17.11+dfsg-2.debian.tar.xz
 42011543f76327ea3b742f197ac03ddcf639fc27f42b407c24cc8cd2eaff0a2b 106028 
libjs-lodash_4.17.11+dfsg-2_all.deb
 a58c5fe48d627a047700973d2f277f19bce92039425a150745d996cc53457c6e 145712 
node-lodash-packages_4.17.11+dfsg-2_all.deb
 785a034ee4f2762f34a2cb946c1739f1fecec53bf8ea40fbd43f8cfa162510cc 162484 
node-lodash_4.17.11+dfsg-2_all.deb
 1b7eed0079a0603dc1660587229afe6182eae2e3b7960c9ad0fe488c39fa5908 7819 
node-lodash_4.17.11+dfsg-2_amd64.buildinfo
Files:
 8e

Bug#922478: upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 4.9.130-2 to 4.9.144-3 renders Bananapi and Lamobo R1 unbootable

[Neil Williams]

On Sun, 17 Feb 2019 21:26:41 +0100 (CET) "Timo Sigurdsson"
 wrote:
> Hi,
> 
> Cyril Brulebois schrieb am 17.02.2019 19:38:
> 
> > Hi folks,
> > 
> > Jürgen Löb  (2019-02-16):
> >> Package: linux-image-4.9.0-8-armmp-lpae
> >> Version: 4.9.144-3
> >> Severity: serious
> >> 
> >> Updated my Lamobo R1 board with apt update;apt upgrade
> >> 
> >> After the update uboot is struck at "Starting kernel". There is no
> >> further output after "Starting kernel". Same happens on Bananapi 1
> >> board. Unfortunately there is no more useful information.
> > […]
> > 
> > Summing up, it looks like everybody in cc is confirming the
> > regression happens between 4.9.130-2 and 4.9.144-3, with and
> > without lpae, on various boards. Any chance you could check what
> > happens with the 4.9.135-1 intermediary version that can be found on
> > snapshot.debian.org?
> > 
> >  https://snapshot.debian.org/package/linux/4.9.135-1/
> > 
> > This might help narrow it down when the regression happened.
> > 
> > (And please use reply-all so that everyone is kept in the loop.)
> 
> So, I also tested 4.9.135-1 on a Bananapi board and can confirm it
> works.
> 
> I would suspect the issue is caused by Debian's kernel configuration
> or changes. The Kernel CI project has ARM hardware, including the
> Bananapi board and does tests of stable kernel updates to verify that
> the kernel boots. At least with multi_v7_defconfig and
> sunxi_defconfig, upstream 4.9.144 does boot on Allwinner-based
> hardware, see:
> https://kernelci.org/soc/allwinner/job/stable-rc/kernel/v4.9.144/
> 

Is it feasible to have a script in devscripts or similar which maps the
version of the kernel *Candidate* to KernelCI URLs for the same
version?

Can we correlate Debian kernel versions to something like
https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.144/
or
https://kernelci.org/boot/all/job/stable-rc/kernel/v4.9.144/ ?



-- 

Neil Williams
h...@codehelp.co.uk



pgpjnCRTlo984.pgp
Description: OpenPGP digital signature

Processed (with 1 error): Re: Bug#922564: FTBFS on ppc64el

[Debian Bug Tracking System]

Processing control commands:

> merge -1 910237
Bug #922564 [src:mathicgb] FTBFS on ppc64el
Unable to merge bugs because:
forwarded of #910237 is 'https://github.com/Macaulay2/mathicgb/issues/12' not ''
severity of #910237 is 'serious' not 'important'
Failed to merge 922564: Did not alter merged bugs.


-- 
910237: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910237
922564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922564
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 922564 https://github.com/Macaulay2/mathicgb/issues/12
Bug #922564 [src:mathicgb] FTBFS on ppc64el
Set Bug forwarded-to-address to 
'https://github.com/Macaulay2/mathicgb/issues/12'.
> severity 922564 serious
Bug #922564 [src:mathicgb] FTBFS on ppc64el
Severity set to 'serious' from 'important'
> merge 922564 910237
Bug #922564 [src:mathicgb] FTBFS on ppc64el
Bug #922564 [src:mathicgb] FTBFS on ppc64el
Added tag(s) ftbfs.
Bug #910237 [src:mathicgb] googletest causes mathicgb to FTBFS: invalid cast
Merged 910237 922564
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
910237: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910237
922564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922564
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#921732: hg-git: incompatible with mercurial 4.9

[Graham Inggs]

Control: tags -1 + ftbfs

Hi Julien

I'm neither a user of mercurial nor hg-git.

On 2019/02/08 16:52, Julien Cristau wrote:

Guess there's two parts here, splitting them.  hg-git has been in need
of upstream love for a while AFAICT...


Do you have any ideas on how to suppress the deprecation warnings?

Regards
Graham

Processed: hg-git: incompatible with mercurial 4.9

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + ftbfs
Bug #921732 [hg-git] hg-git: incompatible with mercurial 4.9
Added tag(s) ftbfs.

-- 
921732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921732
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#921979: marked as done (lmfit-py: FTBFS randomly (test_covariance_matrix.test_bounded_parameters fails))

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 12:19:06 +
with message-id 
and subject line Bug#921979: fixed in lmfit-py 0.9.11+dfsg-2
has caused the Debian Bug report #921979,
regarding lmfit-py: FTBFS randomly 
(test_covariance_matrix.test_bounded_parameters fails)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921979: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921979
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:lmfit-py
Version: 0.9.11+dfsg-1
Severity: serious
Tags: ftbfs patch

Hello Andreas et al.

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep --with python2,python3,sphinxdoc --buildsystem=pybuild
   dh_update_autotools_config -i -O--buildsystem=pybuild
   dh_autoreconf -i -O--buildsystem=pybuild
   dh_auto_configure -i -O--buildsystem=pybuild
I: pybuild base:217: python2.7 setup.py config 
running config
I: pybuild base:217: python3.7 setup.py config 
running config
   debian/rules override_dh_auto_build
make[1]: Entering directory '/<>/lmfit-py-0.9.11+dfsg'
dh_auto_build
I: pybuild base:217: /usr/bin/python setup.py build 
running build
running build_py
creating 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/lineshapes.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/models.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/jsonutils.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/__init__.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/printfuncs.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/_ampgo.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/model.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/minimizer.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/parameter.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/confidence.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
copying lmfit/_version.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit
creating 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit/ui
copying lmfit/ui/__init__.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit/ui
copying lmfit/ui/ipy_fitter.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit/ui
copying lmfit/ui/basefitter.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit/ui
UPDATING 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit/_version.py
set 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build/lmfit/_version.py
 to '0.9.11'
I: pybuild pybuild:295: cp -r NIST_STRD 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython2_2.7_lmfit/build
I: pybuild base:217: /usr/bin/python3 setup.py build 
running build
running build_py
creating 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/lineshapes.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/models.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/jsonutils.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/__init__.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/printfuncs.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/_ampgo.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/model.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/minimizer.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/parameter.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/confidence.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
copying lmfit/_version.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit
creating 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit/ui
copying lmfit/ui/__init__.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit/ui
copying lmfit/ui/ipy_fitter.py -> 
/<>/lmfit-py-0.9.11+dfsg/.pybuild/cpython3_3.7_lmfit/build/lmfit/ui
copying lmfit/ui/basefitter.py -> 
/<>/lmfit-py-0.9.11+dfsg

Bug#918417: Status update

[Jordi Mallach]

Hi,

I'm looking at this bug because it's menacing my package goiardi.

The removal count expires today; in the meanwhile goiardi 0.11.9 has
been uploaded a few days ago, and does no longer require -x-exp-dev to
build.

The other two source packages requiring -x-exp-dev to build are
kubernetes and cadvisor, which are not in testing.

I have tried to build the newest snapshot of golang-golang-x-dev but it
seems to fail in the same way as the current one.

I'll upload the resulting package anyway.

Jordi
-- 
Jordi Mallach Pérez  -- Debian developer  https://www.debian.org/
jo...@sindominio.netjo...@debian.org  https://www.sindominio.net/
GnuPG public key information available at https://oskuro.net/

Bug#922478: upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 4.9.130-2 to 4.9.144-3 renders many systems unbootable

[Steve McIntyre]

On Sun, Feb 17, 2019 at 04:54:00PM -0800, Vagrant Cascadian wrote:
>On 2019-02-17, Vagrant Cascadian  wrote:
>> On 2019-02-17, Timo Sigurdsson wrote:
>>> Cyril Brulebois schrieb am 17.02.2019 19:38:
 Jürgen Löb  (2019-02-16):
>> FWIW, I also built a local package from 4.9.155-1~ from salsa/stretch
>> git, and it worked on a wandboard quad.
>>
>> $ uname -a
>> Linux wbq0 4.9.0-9-armmp #1 SMP Debian 4.9.155-1~20190217~1 (2019-02-17) 
>> armv7l GNU/Linux
>
>That seemed to work fine on several tested boards.
>
>I also did a local build commenting out
>"debian/arm-avoid-abi-change-in-4.9.139.patch" in debian/patches and
>removing "debian/abi/4.9.0-8/armhf_none_armmp" so that the abi conflicts
>didn't fail to build...
>
>$ uname -a
>Linux cbxi4b 4.9.0-8-armmp #1 SMP Debian 4.9.144-4~20190217~1 (2019-02-17) 
>armv7l GNU/Linux

Yes, me too. Built similar and tested on the Marvell Armada XP here
and it solved the problem.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Because heaters aren't purple!" -- Catherine Pitt

Bug#922478: upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 4.9.130-2 to 4.9.144-3 renders Bananapi and Lamobo R1 unbootable

[Steve McIntyre]

On Mon, Feb 18, 2019 at 11:28:10AM +, Neil Williams wrote:
>On Sun, 17 Feb 2019 21:26:41 +0100 (CET) "Timo Sigurdsson"
>> 
>> So, I also tested 4.9.135-1 on a Bananapi board and can confirm it
>> works.
>> 
>> I would suspect the issue is caused by Debian's kernel configuration
>> or changes. The Kernel CI project has ARM hardware, including the
>> Bananapi board and does tests of stable kernel updates to verify that
>> the kernel boots. At least with multi_v7_defconfig and
>> sunxi_defconfig, upstream 4.9.144 does boot on Allwinner-based
>> hardware, see:
>> https://kernelci.org/soc/allwinner/job/stable-rc/kernel/v4.9.144/

Yup. The bug is clearly coming from a local Debian patch.

>Is it feasible to have a script in devscripts or similar which maps the
>version of the kernel *Candidate* to KernelCI URLs for the same
>version?
>
>Can we correlate Debian kernel versions to something like
>https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.144/
>or
>https://kernelci.org/boot/all/job/stable-rc/kernel/v4.9.144/ ?

Sure, maybe. I've suggested kernelci as a useful thing to help here,
but we really need to be testing kernels complete with all the Debian
patches to...

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
  Armed with "Valor": "Centurion" represents quality of Discipline,
  Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
  concord the digital world while feeling safe and proud.

Bug#922478: upgrade linux-image-4.9.0-8-686 from 4.9.130 to 4.9.144 on ALIX-Board is unbootable

[Werner Opriel]

Hi all.

I'd like to add that 4.9.0-8-686 Version is broken too.
At least for my ALIX-Board ALIX.2D2 from PC Engines.

(CPU: 500 MHz AMD Geode LX800)

W.O.

Bug#888556: marked as done (libetsf-io-doc: fails to upgrade from 'testing' - trying to overwrite /usr/share/doc/libetsf-io-dev/AUTHORS)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 12:49:18 +
with message-id 
and subject line Bug#888556: fixed in etsf-io 1.0.4-4
has caused the Debian Bug report #888556,
regarding libetsf-io-doc: fails to upgrade from 'testing' - trying to overwrite 
/usr/share/doc/libetsf-io-dev/AUTHORS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888556
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libetsf-io-doc
Version: 1.0.4-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package libetsf-io-doc.
  Preparing to unpack .../libetsf-io-doc_1.0.4-2_all.deb ...
  Unpacking libetsf-io-doc (1.0.4-2) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libetsf-io-doc_1.0.4-2_all.deb (--unpack):
   trying to overwrite '/usr/share/doc/libetsf-io-dev/AUTHORS', which is also 
in package libetsf-io-dev 1.0.4-1.1+b3
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/libetsf-io-doc_1.0.4-2_all.deb

This is probably caused by a dh_installdocs behavior change in
debhelper compat level 11.


cheers,

Andreas


libetsf-io-dev=1.0.4-1.1+b3_libetsf-io-doc=1.0.4-2.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: etsf-io
Source-Version: 1.0.4-4

We believe that the bug you reported is fixed in the latest version of
etsf-io, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 888...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille  (supplier of updated etsf-io package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 13:22:44 +0100
Source: etsf-io
Binary: etsf-io libetsf-io-doc libetsf-io-dev
Architecture: source
Version: 1.0.4-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team 

Changed-By: Andreas Tille 
Description:
 etsf-io- Binary tools to check, merge and read ETSF files
 libetsf-io-dev - Static libraries and Fortran module files of ETSF_IO
 libetsf-io-doc - Developer documentation API and tutorials for ETSF_IO
Closes: 888556
Changes:
 etsf-io (1.0.4-4) unstable; urgency=medium
 .
   * Team upload.
   * libetsf-io-doc Breaks/Replaces: libetsf-io-dev (<< 1.0.4-2)
 Closes: #888556
Checksums-Sha1:
 6ba76a5a804e1fc1bf8d468c0a05ee0c9e4dad6d 2147 etsf-io_1.0.4-4.dsc
 6a11c358d6418adc5e8a4c69fb657aac2e7453f6 3976 etsf-io_1.0.4-4.debian.tar.xz
Checksums-Sha256:
 d3eb2074ff4ff35993860f809fa7263d02f04d6c0e7cf598b185f2d9c06da9a7 2147 
etsf-io_1.0.4-4.dsc
 fe53d652f26609ec32a6ad47553cf4dd01222f8d04d966df32369be85d6ea1b5 3976 
etsf-io_1.0.4-4.debian.tar.xz
Files:
 26d660e4d8beb10cbb825d1e11cb0a32 2147 science optional etsf-io_1.0.4-4.dsc
 d4de59d2275a2e319bf0a6305ae8b356 3976 science optional 
etsf-io_1.0.4-4.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJFBAEBCAAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAlxqpHwRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtFGmBAAnBzB7IPYvQ/OeDTuBQIxxbnW3gHE5bCQ
gzqzOTyv8a9L67E8AoGAIse7Pe9qJNowl8VNZ7aAVZRXUPA8zTV6fcfzIF+oEWPH
7K9wPtW5dXQk5pgheYZntYf5DulPMaYFuR1HKBrWKzpUCz9bUWL8fHo4psLcRI31
UxsAuB/8XgQ/78VwIsJusBe6icB91umhz/1I9wk1MIae0DfSQTzlh7J4QTXHmVKu
njWg7AsHf8u0PS4z77q5CkhrDi3f86KyI8w7P1oqJJdj9kTRuEY2omfdstRdCv/E
Eb1/jzw/z8msH5/aXy/DYLagu8BWwaTZcztLVP3jwQQO8wASL6ZCxb0S0tRyfpWb
P/SPxkgasX7vO9vhxyYngZNsYeZEKhPtNDPXQWxnAlp1zQ4yy5ygB9PlZC16yjBW
38LUXgLYmyI+YXzBosikF25LyOSU7eQnmWiFyzgBtOe2nnB+2cJ5eVCnnKAJb0Rf
w5mGQBNzEIpQi3HBzw9WcW9J/1o8oCRVTmRuHsaNPJvO9ikeWTI9FPKUccfwZ1NQ
gI1xcOkDC5kd5KqKzcF8LOIBjgWAoC0qyYxsmdblE4pjWdaJC20kFE4Jf/vRa+dG
vc+3inXEYswGGwKsnXYldRLluXpvfSlEK1YIxvRUUhyoX+TXX/FXVgBulaXccfO/
69gSLg5f

Bug#922478: upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 4.9.130-2 to 4.9.144-3 renders Bananapi and Lamobo R1 unbootable

[Timo Sigurdsson]

Hi,

On Mon, 18 Feb 2019 11:28:10 +, Neil Williams  wrote:
> Is it feasible to have a script in devscripts or similar which maps the
> version of the kernel *Candidate* to KernelCI URLs for the same
> version?
> 
> Can we correlate Debian kernel versions to something like
> https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.144/
> or
> https://kernelci.org/boot/all/job/stable-rc/kernel/v4.9.144/ ?

I just had another look and found they also have a job for the stable releases 
rather than the release candidates:
https://kernelci.org/build/stable/branch/linux-4.9.y/kernel/v4.9.144/

So, as long as the Debian kernel is based on a longterm kernel which is still 
supported upstream, the mapping should work.

What might be worth a thought as well, though, is to have such automated 
testing of the Debian kernels as well. Either by asking the Kernel CI project 
whether they'd be willing to build and test Debian kernels, too, or by setting 
up an infrastructure similar to theirs just for Debian. Now, I wouldn't expect 
Debian to have as much hardware to test on, but in this particular case it 
would have helped already to test the kernel in a virtualized setup. Based on 
this thread, it seems to me that the armhf kernels haven't received any boot 
testing prior to release. If that's really the case, I guess something along 
these lines might help Debian substantially.


Cheers,

Timo

Bug#922552: marked as done (diffutils: FTBFS in ppc64el (failing tests))

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 13:19:09 +
with message-id 
and subject line Bug#922552: fixed in diffutils 1:3.7-2
has caused the Debian Bug report #922552,
regarding diffutils: FTBFS in ppc64el (failing tests)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
922552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:diffutils
Version: 1:3.7-1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/fetch.php?pkg=diffutils&arch=ppc64el&ver=1%3A3.7-1&stamp=1550448741&raw=0

Have to look at this.
--- End Message ---
--- Begin Message ---
Source: diffutils
Source-Version: 1:3.7-2

We believe that the bug you reported is fixed in the latest version of
diffutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 922...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila  (supplier of updated diffutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 14:03:30 +0100
Source: diffutils
Architecture: source
Version: 1:3.7-2
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 922552
Changes:
 diffutils (1:3.7-2) unstable; urgency=low
 .
   * Increase sleeping time from 1 to 5 seconds in tests/colors for ppc64el.
 Closes: #922552 (hopefully).
Checksums-Sha1:
 348780deb4cb1388645a592ff38c2882e63fdf59 1453 diffutils_3.7-2.dsc
 c139bae9bf9eccb75f2a6efbb1c7fcdf603e1474 10956 diffutils_3.7-2.debian.tar.xz
 95679e061205f394f17fa73bb5bb4c1b4a197101 4860 diffutils_3.7-2_source.buildinfo
Checksums-Sha256:
 9c698a8dd86f76d57c4a18cd5364d0aff7798c6c32e4f350df02d2f63681776b 1453 
diffutils_3.7-2.dsc
 61cd7a77d4b1cdaf6549cb4db63e0f78bccd7a602a0b869bab67cf6b124dd140 10956 
diffutils_3.7-2.debian.tar.xz
 da5db9dc2ba8927b2e093cb1600ecb8b5540eebf4167cd22a691b861834fac84 4860 
diffutils_3.7-2_source.buildinfo
Files:
 052838f00c9dde4a3953b2f71a364486 1453 utils required diffutils_3.7-2.dsc
 bfebf14649717aa8e5a1fe41ade57d87 10956 utils required 
diffutils_3.7-2.debian.tar.xz
 b907a255ef849abe7a3b275b9432bc8c 4860 utils required 
diffutils_3.7-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlxqrUAACgkQQc5/C58b
izJInQf/V4LQpaaWe5J/bmdK/46UdexEfOxW5WRZijPByMa4rtTJ9RrG+0V/c8X8
jWx2pL9q/PAS+tnsgF4MOtJdxy8U2C/Bgd9j5RBjP7pZ+W5y4XqxH+rPxuTyVlNy
vfPl24zvIu0IamMKO+qheV1WdlTj7r4s18VQdWSNF/ZGKfL22VWlZeHYHCrzzo+g
OkrEQGw3cgn9tPQ1Cq7ZLQoBYwOIzoibD5uPM5q4oasyCi6x63MOpHYWMJYDVR6I
tpR+qwnKoaigMvracwtulWeNrCwELTgVhxeVoRyDm+zRnS0qlTnAYsT/XOm9pLI0
LZ0+b5voq6toLGXDb0kbGqENFaNosA==
=Tvz6
-END PGP SIGNATURE End Message ---

Processed: Re: Bug#918578: gosa: GOsa web interface missing password field

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 918578 serious
Bug #918578 [gosa] gosa: GOsa web interface missing password field
Severity set to 'serious' from 'important'
> # After upgrading a Debian Edu main server (Stretch 9.8 -> Buster) the
> # password entry field is missing just like reported.
> # Further investigation needed...
> --
Stopping processing here.

Please contact me if you need assistance.
-- 
918578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918578
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: fix found version

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfound 922478 4.9.130-2
Bug #922478 [src:linux] upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 
4.9.130-2 to 4.9.144-3 renders many systems unbootable
Bug #922532 [src:linux] upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 
4.9.130-2 to 4.9.144-3 renders many systems unbootable
Bug #922547 [src:linux] linux-image-4.9.0-8-armmp: Failed to boot after 
upgrading to linux-image-4.9.0-8-armmp version 4.9.144-3
No longer marked as found in versions linux/4.9.130-2.
No longer marked as found in versions linux/4.9.130-2.
No longer marked as found in versions linux/4.9.130-2.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
922478: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922478
922532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922532
922547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#921320: marked as done (ruby-rspec-rails build depends on ruby-capybara (>= 2.15~) that is currently not in buster)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 19:02:15 +0530
with message-id 
and subject line ruby-capybara is in testing now
has caused the Debian Bug report #921320,
regarding ruby-rspec-rails build depends on ruby-capybara (>= 2.15~) that is 
currently not in buster
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921320
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-rspec-rails
Version: 3.8.1-2
Severity: serious
Tags: ftbfs
Control: block -1 by 900156

ruby-rspec-rails build depends on ruby-capybara (>= 2.15~)
that is currently not in buster due to #900156.
--- End Message ---
--- Begin Message ---



signature.asc
Description: OpenPGP digital signature
--- End Message ---

Processed: severity of 917807 is grave

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 917807 grave
Bug #917807 [src:libcaca] libcaca: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 
CVE-2018-20547 CVE-2018-20548 CVE-2018-20549
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
917807: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917807
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#919805: marked as done (redmine: FTBFS (Could not find gem mail))

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 13:37:36 +
with message-id 
and subject line Bug#919805: fixed in redmine 4.0.1-1
has caused the Debian Bug report #919805,
regarding redmine: FTBFS (Could not find gem mail)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919805: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919805
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:redmine
Version: 3.4.6-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_update_autotools_config -i
   dh_autoreconf -i
   debian/rules override_dh_auto_configure
make[1]: Entering directory '/<>'
./debian/check-locales
bundle --local --quiet
`/sbuild-nonexistent` is not a directory.
Bundler will use `/tmp/bundler-20190119-2834-1oobqh6' as your home directory 
temporarily.
Could not find gem 'mail (~> 2.6.4)' in any of the gem sources listed in your
Gemfile.
make[1]: *** [debian/rules:9: override_dh_auto_configure] Error 7
make[1]: Leaving directory '/<>'
make: *** [debian/rules:5: build-indep] Error 2
dpkg-buildpackage: error: debian/rules build-indep subprocess returned exit 
status 2


(The above is just how the builds ends and not necessarily the most relevant 
part)

The build was made in my autobuilder with "dpkg-buildpackage -A"
and it also fails here:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/redmine.html

where you can get a full build log if you need it.

If this is really a bug in one of the build-depends, please use reassign and 
affects,
so that this is still visible in the BTS web page for this package.

Thanks.
--- End Message ---
--- Begin Message ---
Source: redmine
Source-Version: 4.0.1-1

We believe that the bug you reported is fixed in the latest version of
redmine, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 919...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lucas Kanashiro  (supplier of updated redmine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 10:03:45 -0300
Source: redmine
Architecture: source
Version: 4.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Lucas Kanashiro 
Closes: 903903 909661 909775 919805
Changes:
 redmine (4.0.1-1) unstable; urgency=medium
 .
   [ Marc Dequènes (Duck) ]
   * Use default-mysql-server for autopkgtests.
   * Fix missing or not tight enough dependencies, thanks to Dmitry
 Smirnov (Closes: #903903).
   * Fix relaxed dependency on mysql2, thanks to Hashem Nasarat (Closes:
 #909775).
   * Fix the trigger to update the Gemfile.lock, thanks Antonio Terceiro
 for the solution and Hashem Nasarat for the investigation (Closes:
 #909661).
   * Declare compliance with Debian Policy 4.2.1
   * Use system jquery libs instead of source-less embedded aggregated
 file.
 .
   [ Balint Reczey ]
   * New upstream version 4.0.1 (Closes: #919805)
   * Refresh patches
 .
   [ Lucas Kanashiro ]
   * Update build and runtime dependencies
   * Update patch to also relax ruby-pg contraint version
   * debian/rules: do not try to remove non existent file
   * Bump debhelper compatibility level to 11
   * Declare compliance with Debian Policy 4.3.0
   * Update years of upstream copyright
   * Update upstream copyright
Checksums-Sha1:
 c8eae70fc7ad88b8eddbe1c81d75e49a3b993f60 2969 redmine_4.0.1-1.dsc
 736850a49fa686afd24c491e67289a5d056171c3 2335301 redmine_4.0.1.orig.tar.gz
 77878fec5d1d7416364317247ecc38e950cb3665 239388 redmine_4.0.1-1.debian.tar.xz
 00b6aebaab0e87cee4264910999c4d60e5e46f9c 9773 redmine_4.0.1-1_amd64.buildinfo
Checksums-Sha256:
 f8413b0eaadcf866184732e9333f832861a8c16c578d82ff7d63b46df2833d4d 2969 
redmine_4.0.1-1.dsc
 7cae161bd3e2a63f0996f0885bdb1fbde407636cb53d8494dea9d1d407b90586 2335301 
redmine_4.0.1.orig.tar.gz
 d52bb6395f5e4a03d734b5d0cf622d3cdfc2a810d07931bdc9eeac1a

Bug#922288: ruby-rails-assets-chartjs: doesn't build from upstream source

[Pirate Praveen]

On Thu, 14 Feb 2019 09:41:13 +0100 Paul Gevers  wrote:
> While investigating ways to fix bug #896468 (new version for
> libjs-chartjs), I discovered that ruby-rails-assets-chartjs doesn't
> contain the source of Chart.js and for sure doesn't build Chart.js from
> the upstream source.
> 
> Ironically, the same person (in a different team), packaged the same
> thing again in the node-chart.js source package. I propose to remove
> this package from Debian and all dependencies (in X-Debbugs-CC) must
> migrate to the new binary package.

If you had checked the ITP you would not have felt it was ironic.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908325

"This is a dependency of gitlab 10.x and it will also provide
libjs-chartjs built from its source for ruby-rails-assets-chartjs."

It was originally packaged for gitlab and since we could not complete
packaging all dependencies of gitlab, this was not a priority for
buster. I was intending to get gitlab back in main including fix for
this in time for bullseye.



signature.asc
Description: OpenPGP digital signature

Bug#920838: marked as done (libredberry-pipe-java: pom generates unfulfillable dependency)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 15:17:59 +0100
with message-id <1dea5cef-0a73-796d-e55c-c2fc95311...@gmx.de>
and subject line Milib fixes "~" dependency oversight
has caused the Debian Bug report #920838,
regarding libredberry-pipe-java: pom generates unfulfillable dependency
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
920838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920838
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libredberry-pipe-java
Version: 1.0.0~alpha0-1
Severity: serious

The following packages have unmet dependencies:
 libmilib-java : Depends: libredberry-pipe-java (>= 1.0.0-alpha0) but 
1.0.0~alpha0-1 is to be installed


1.0.0~alpha0 < 1.0.0-alpha0
--- End Message ---
--- Begin Message ---

This is addressed by a recent upload of milib 1.10, see
https://salsa.debian.org/med-team/milib/blob/master/debian/control

Closing bug since the "~" in the redberry-pipe version is correct and 
dependencies in milib is corrected.--- End Message ---

Bug#895115: marked as done (info leakage and unauthorized access to devices)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 14:50:31 +
with message-id 
and subject line Bug#895115: fixed in beep 1.4.3-1
has caused the Debian Bug report #895115,
regarding info leakage and unauthorized access to devices
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
895115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895115
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: beep
Version: 1.3-4+b1

beep opens arbitrary files for write as root, bypassing file
permissions. The impact is as follows:

1. beep reveals whether any file exists, even if the file's existence
would normally be secret from the calling user.

$ ls -ld /etc/hidden/
drwx-- 2 root root 4096 Apr  7 08:18 /etc/hidden/

$ ls -l /etc/hidden/secret
ls: cannot access '/etc/hidden/secret': Permission denied
$ ls -l /etc/hidden/nonexistent
ls: cannot access '/etc/hidden/nonexistent': Permission denied

$ beep -e /etc/hidden/secret
ioctl: Inappropriate ioctl for device
ioctl: Inappropriate ioctl for device
$ beep -e /etc/hidden/nonexistent
Could not open /etc/hidden/nonexistent for writing
open: No such file or directory

2. beep reveals information about the file type, even if that would
normally be secret from the calling user. For example, a socket will
yield "no such device or address".

3. If a file has side effects when opened, beep allows the calling user
to trigger those side effects even if they are not authorized to do so.
Jakub Wilk pointed out that named pipes and tape devices are affected.

This issue is already discussed in the upstream bug report at
https://github.com/johnath/beep/issues/11 but I believe all the relevant
information is captured here.

ttfn/rjk
--- End Message ---
--- Begin Message ---
Source: beep
Source-Version: 1.4.3-1

We believe that the bug you reported is fixed in the latest version of
beep, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 895...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rhonda D'Vine  (supplier of updated beep package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 15:01:31 +0100
Source: beep
Binary: beep beep-dbgsym beep-udeb
Architecture: source amd64
Version: 1.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Rhonda D'Vine 
Changed-By: Rhonda D'Vine 
Description:
 beep   - advanced PC-speaker beeper
 beep-udeb  - advanced PC-speaker beeper - minimal package (udeb)
Closes: 895115 902722
Changes:
 beep (1.4.3-1) unstable; urgency=high
 .
   [ Rhonda D'Vine ]
   * Update watch file for new upstream repository.
   * Remove manpage patch (which was needed for the new options which are now
 incorporated upstream).
   * Use generic dh_install approach now that the GNUmakefile supports it.
   * Update to debhelper-compat (= 12).
   * Disable dh_dwz and dh_auto_test.
   * Bump Standards-Version to 4.3.0.
   * Add debian/NEWS about handling permissions, beep won't get installed suid
 root anymore.
   * Remove debconf handling.
 .
   [ Axel Beckert ]
   * Update Vcs-* headers for move to Salsa.
   * Add a debian/gbp.conf to make gbp aware of the current branch layout.
   * Switch upstream to https://github.com/spkr-beep/beep and import new
 upstream release 1.4.3.
 + Fixes CVE-2018-1000532. (Closes: #902722, #895115)
 + Drop patches CVE-2018-0492.patch + catch-sig-term, applied upstream.
 + Drop patch fix-makefile, fixed differently upstream.
 + Update Homepage and Source fields.
Checksums-Sha1:
 1b6f808716a8b96ec21213a0cc545f33d466f563 1852 beep_1.4.3-1.dsc
 743ad6bb8eee9870737db7177a5aeb8f29d2ef37 39677 beep_1.4.3.orig.tar.gz
 f5769cf3373bfc4cf534b883529e3624eff19a1b 7780 beep_1.4.3-1.debian.tar.xz
 51b9f11ff1e2503fabb6a7b48299fbb7e74c9a45 17796 beep-dbgsym_1.4.3-1_amd64.deb
 f418044ca162fa3895b8d548d6bc7eba2ff40dec 7884 beep-udeb_1.4.3-1_amd64.udeb
 38d316b85b19173295dd06e1e1f36bf93d36597b 5672 beep_1.4.3-1_amd64.buildinfo
 b32f35826ce6b5006c5c3356f3747abb21a362fb 26580 beep_1.4.3-1_amd64.deb
Checksums-Sha256:
 dae48b0b32a76b889c2379007012c015754241b77fe8eae0fe166c5203f44e81 1852 
beep_1.4.3-1.dsc
 4867039c828f29714b

Bug#902722: marked as done (CVE-2018-1000532)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 14:50:31 +
with message-id 
and subject line Bug#902722: fixed in beep 1.4.3-1
has caused the Debian Bug report #902722,
regarding CVE-2018-1000532
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
902722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: beep
Severity: important
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000532

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: beep
Source-Version: 1.4.3-1

We believe that the bug you reported is fixed in the latest version of
beep, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 902...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rhonda D'Vine  (supplier of updated beep package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 15:01:31 +0100
Source: beep
Binary: beep beep-dbgsym beep-udeb
Architecture: source amd64
Version: 1.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Rhonda D'Vine 
Changed-By: Rhonda D'Vine 
Description:
 beep   - advanced PC-speaker beeper
 beep-udeb  - advanced PC-speaker beeper - minimal package (udeb)
Closes: 895115 902722
Changes:
 beep (1.4.3-1) unstable; urgency=high
 .
   [ Rhonda D'Vine ]
   * Update watch file for new upstream repository.
   * Remove manpage patch (which was needed for the new options which are now
 incorporated upstream).
   * Use generic dh_install approach now that the GNUmakefile supports it.
   * Update to debhelper-compat (= 12).
   * Disable dh_dwz and dh_auto_test.
   * Bump Standards-Version to 4.3.0.
   * Add debian/NEWS about handling permissions, beep won't get installed suid
 root anymore.
   * Remove debconf handling.
 .
   [ Axel Beckert ]
   * Update Vcs-* headers for move to Salsa.
   * Add a debian/gbp.conf to make gbp aware of the current branch layout.
   * Switch upstream to https://github.com/spkr-beep/beep and import new
 upstream release 1.4.3.
 + Fixes CVE-2018-1000532. (Closes: #902722, #895115)
 + Drop patches CVE-2018-0492.patch + catch-sig-term, applied upstream.
 + Drop patch fix-makefile, fixed differently upstream.
 + Update Homepage and Source fields.
Checksums-Sha1:
 1b6f808716a8b96ec21213a0cc545f33d466f563 1852 beep_1.4.3-1.dsc
 743ad6bb8eee9870737db7177a5aeb8f29d2ef37 39677 beep_1.4.3.orig.tar.gz
 f5769cf3373bfc4cf534b883529e3624eff19a1b 7780 beep_1.4.3-1.debian.tar.xz
 51b9f11ff1e2503fabb6a7b48299fbb7e74c9a45 17796 beep-dbgsym_1.4.3-1_amd64.deb
 f418044ca162fa3895b8d548d6bc7eba2ff40dec 7884 beep-udeb_1.4.3-1_amd64.udeb
 38d316b85b19173295dd06e1e1f36bf93d36597b 5672 beep_1.4.3-1_amd64.buildinfo
 b32f35826ce6b5006c5c3356f3747abb21a362fb 26580 beep_1.4.3-1_amd64.deb
Checksums-Sha256:
 dae48b0b32a76b889c2379007012c015754241b77fe8eae0fe166c5203f44e81 1852 
beep_1.4.3-1.dsc
 4867039c828f29714b327e8a5ad20e27dfe185811a666817d54b08df09f0470a 39677 
beep_1.4.3.orig.tar.gz
 149c318adba8f82614725c0816b8e6dc6bf76f0aa3f0d8925f64a688e6c15523 7780 
beep_1.4.3-1.debian.tar.xz
 fac89dff18002a687c54cf82fc274f7df2b10ba2c2f4a760d3b06d70a067323e 17796 
beep-dbgsym_1.4.3-1_amd64.deb
 63098b94195b0425a48e4b48f90853416180abc9672c27608b973c76cb339703 7884 
beep-udeb_1.4.3-1_amd64.udeb
 965ec3fc2ca43fdd1fdd7a3d363016fae52fa5c898c1dde806751cf6a585e676 5672 
beep_1.4.3-1_amd64.buildinfo
 be1017dac9d57602e9067b88648adaeed7816b9d65a69a3a82c81180b68881db 26580 
beep_1.4.3-1_amd64.deb
Files:
 b126ce25c983331a59eb746acb6d2403 1852 sound optional beep_1.4.3-1.dsc
 5e800172c58c042dbf270f69052d4747 39677 sound optional beep_1.4.3.orig.tar.gz
 252da58f297c9f864034ecef0a1cd29e 7780 sound optional beep_1.4.3-1.debian.tar.xz
 4fe2b0c1bcfa17dc29eecc148b5fbeee 17796 debug optional 
beep-dbgsym_1.4.3-1_amd64.deb
 7c0e98498bb26e6dc154a658759e985b 7884 debian-installer optional 
beep-udeb_1.4.3-1_amd64.udeb
 e6d8cd4be98ef760314ac828b32073f9 5672 sound optional 
beep_1.4.3-1_amd64.buildinfo
 0bb65c042d7b1a5e0c246bb625e5c835 26580 sound optional beep_1.4.3-1_amd64.deb

-BEGIN PGP SIGNATUR

Bug#922502: plasma-desktop: regional settings allow do select system incompatible locales

[Lisandro Damián Nicanor Pérez Meyer]

Hi!

El lun., 18 feb. 2019 05:48, Charlemagne Lasse 
escribió:

> > Control: reassign -1 libqt5core5a/5.11.3+dfsg-2
> > Control: affects -1 plasma-desktop
> >
> > Control: severity -1 important
> >
> > Please, don't abuse the bugs severity just to get more attention.
>
> I didn't  abuse the severity. The
> https://www.debian.org/Bugs/Developer#severities has an entry "makes
> unrelated software on the system (or the whole system) break". And
> this is the case here. There is no obvious relation between
> plasma-desktop/libqt5core5a and the tex-common installation scripts.
>
> The same happened in the tex-common bug (actually worse - they just
> closed it). I am under the impression that everyone just wants to
> ignore this problem.
>

There is a simple workaround which is not selecting a faulty locale. This
makes the bug important, but not RC.

I'll dig qt's code but  I'm not entirely sure it's the right place to fix
this issue.

>

Bug#870051: qile FTBFS: test_thermalsensor_regex_compatibility failure

[Thierry fa...@linux.ibm.com]

Hello,
Just wondering why this test seem to have passed in 0.10.6-3 (sid) and
not any more ?
As this test is failing on most arch, shouldn't we disable it ?
Thanks


On Sat, 29 Jul 2017 12:43:02 +0300 Adrian Bunk  wrote:
> Source: qtile
> Version: 0.10.7-2
> Severity: serious
> 
> https://buildd.debian.org/status/package.php?p=qtile&suite=sid
> 
> ...
> === FAILURES 
> ===
>  test_thermalsensor_regex_compatibility 
> 
> 
> def test_thermalsensor_regex_compatibility():
> >   sensors = ThermalSensor()
> 
> test/test_widget.py:62: 
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
> _ 
> libqtile/widget/sensors.py:73: in __init__
> temp_values = self.get_temp_sensors()
> libqtile/utils.py:202: in wrapper
> return_value = func(*args, **kwargs)
> libqtile/widget/sensors.py:93: in get_temp_sensors
> sensors_out = self.call_process(command)
> libqtile/widget/base.py:262: in call_process
> output = subprocess.check_output(command, **kwargs)
> /usr/lib/python3.6/subprocess.py:336: in check_output
> **kwargs).stdout
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
> _ 
> 
> input = None, timeout = None, check = True, popenargs = (['sensors'],)
> kwargs = {'stdout': -1}, process = 
> stdout = b'', stderr = None, retcode = 1
> 
> def run(*popenargs, input=None, timeout=None, check=False, **kwargs):
> """Run command with arguments and return a CompletedProcess instance.
> 
> The returned instance will have attributes args, returncode, stdout 
> and
> stderr. By default, stdout and stderr are not captured, and those 
> attributes
> will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture 
> them.
> 
> If check is True and the exit code was non-zero, it raises a
> CalledProcessError. The CalledProcessError object will have the 
> return code
> in the returncode attribute, and output & stderr attributes if those 
> streams
> were captured.
> 
> If timeout is given, and the process takes too long, a TimeoutExpired
> exception will be raised.
> 
> There is an optional argument "input", allowing you to
> pass a string to the subprocess's stdin.  If you use this argument
> you may not also use the Popen constructor's "stdin" argument, as
> it will be used internally.
> 
> The other arguments are the same as for the Popen constructor.
> 
> If universal_newlines=True is passed, the "input" argument must be a
> string and stdout/stderr in the returned object will be strings 
> rather than
> bytes.
> """
> if input is not None:
> if 'stdin' in kwargs:
> raise ValueError('stdin and input arguments may not both be 
> used.')

-- 
Thierry Fauck @ fr.ibm.com

Bug#922625: grfcodec build loops indefinitely on failure

[Helmut Grohne]

Package: grfcodec
Version: 6.0.6-2
Severity: serious
Justification: policy 4.6
Tags: upstream

grfcodec can make the build loop indefinitely. The attached bad.patch
demonstrates the behaviour. The problem seems to be
https://sources.debian.org/src/grfcodec/6.0.6-2/Makefile/#L216:

|   $(_C)objs/$(ENDIAN_CHECK) $(ENDIAN_PARAMS) > src/endian.h || rm 
src/endian.h

If running $(ENDIAN_CHECK) fails (which is what bad.patch does), then
src/endian.h is removed, but this is counted as success. For some reason
make restarts compiling from scratch in that case and builds ad
infinitum. I aborted it after it tried building each file 18000 times.

This bug breaks Debian QA infrastructure. To paper over the bug, you
could use the following line:

|   $(_C)objs/$(ENDIAN_CHECK) $(ENDIAN_PARAMS) > src/endian.h || { rm 
src/endian.h; exit 1; }

Thus making the command fail and make aborts. In essence, the failing
behaviour is not aborting the build when a failure happens. This is
prohibited by Debian policy section 4.6 and proved fatal this time
around.

Helmut

Bug#918764: marked as done (udev: "udevadm control --reload-rules" kills all processes except init)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 15:21:16 +
with message-id 
and subject line Bug#918764: fixed in systemd 240-6
has caused the Debian Bug report #918764,
regarding udev: "udevadm control --reload-rules" kills all processes except init
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
918764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918764
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: udev
Version: 240-2
Severity: critical
Justification: Breaks whole system

Hi,

I have no idea why this is happening, but several packages use "udevadm
control --reload-rules" in their postinst (e.g. fuse) and if that's run,
all process except init are instantly killed (reproducibly; the gettys
seem to be respawned by init then, so I can login locally again) and
since sshd is killed, too, the system is usually no more accessible from
remote (hence the severity "critical") despite still responding to ping
replies.

There's nothing in dmesg. And corekeeper didn't catch any core either.

Some more details which might be helpful:

* The udev daemon itself also vanishes and this happens independently of
  the udev daemon being running or not (i.e. "service udev start" before
  calling udevadm doesn't prevent this from happening).

* The other two udevadm command from fuse's postinst don't seem to
  trigger this:

  udevadm test --action -p  $(udevadm info -q path -n /dev/fuse)

* It first happened when I install linux-image-4.20-trunk-amd64 from
  experimental about a week ago or so. Since I was away from home until
  yesterday evening, I could only recently start to debug this.

Here's an strace of that command:

execve("/sbin/udevadm", ["udevadm", "control", "--reload-rules"], 
0x7ffd60743730 /* 39 vars */) = 0
brk(NULL)   = 0x561a4e851000
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK)  = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=446764, ...}) = 0
mmap(NULL, 446764, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f52728ca000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260A\2\0\0\0\0\0"..., 
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1824496, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x7f52728c8000
mmap(NULL, 1837056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5272707000
mprotect(0x7f5272729000, 1658880, PROT_NONE) = 0
mmap(0x7f5272729000, 1343488, PROT_READ|PROT_EXEC, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f5272729000
mmap(0x7f5272871000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 
0x16a000) = 0x7f5272871000
mmap(0x7f52728be000, 24576, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7f52728be000
mmap(0x7f52728c4000, 14336, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f52728c4000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libkmod.so.2", O_RDONLY|O_CLOEXEC) 
= 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0206\0\0\0\0\0\0"..., 
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=100400, ...}) = 0
mmap(NULL, 102472, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f52726ed000
mprotect(0x7f52726f, 86016, PROT_NONE) = 0
mmap(0x7f52726f, 61440, PROT_READ|PROT_EXEC, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f52726f
mmap(0x7f52726ff000, 20480, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 
0x12000) = 0x7f52726ff000
mmap(0x7f5272705000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f5272705000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libacl.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\37\0\0\0\0\0\0"..., 
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=35488, ...}) = 0
mmap(NULL, 2130592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 
0x7f52724e4000
mprotect(0x7f52724eb000, 2097152, PROT_NONE) = 0
mmap(0x7f52726eb000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed #917408 5.7.4-1
Bug #917408 [src:jupyter-notebook] jupyter-notebook: CVE-2018-19352
Marked as fixed in versions jupyter-notebook/5.7.4-1.
> fixed #917409 5.7.4-1
Bug #917409 [src:jupyter-notebook] jupyter-notebook: CVE-2018-19351
Marked as fixed in versions jupyter-notebook/5.7.4-1.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
917408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917408
917409: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917409
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#922478: have yet to find an armhf board that works with 4.9.144-3

[Cyril Brulebois]

Control: tag -1 patch

Adrian Bunk  (2019-02-17):
> On Sun, Feb 17, 2019 at 09:52:48AM -0800, Vagrant Cascadian wrote:
> > After upgrading to the latest 4.9.x kernel in sid, all of the armhf
> > boards running this kernel failed to boot.
> > 
> > Adding to the list:
> > 
> > imx6: Cubox-i4pro, Cubox-i4x4, Wandboard Quad
> > exynos5: Odroid-XU4
> > exynos4: Odroid-U3
> > rk3328: firefly-rk3288
> > sunxi A20: Cubietruck
> > 
> > 
> > So it clearly impacts a wide variety of systems...
> 
> debian/patches/debian/arm-avoid-abi-change-in-4.9.139.patch changes
> the order of struct processor but lacks a corresponding change to 
> arch/arm/mm/proc-macros.S

Based on this suggestion and Julien's suggested patch on IRC a couple
hours ago, I've tested the attached patch successfully (as in: from a
busy loop in qemu-system-arm to the “expected” kernel panic, as
discussed in another subthread).

I've uploaded linux-image binaries (armmp and armmp-lpae) here, which
were cross-built through sbuild, thanks to Vagrant's suggestion on IRC:
  https://people.debian.org/~kibi/linux-bug-922478/

which is:
  DEBIAN_KERNEL_DISABLE_DEBUG=yes sbuild -d stretch-proposed-updates -c 
stretch-amd64-sbuild --build=amd64 --profiles='pkg.linux.notools nodoc nopython 
cross pkg.linux.nosource' --host=armhf linux_4.9.144-4.dsc

Checking this on real hardware would be great, trying to put everyone
involved in the loop through cc.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant
From 07f237b3911a685b18a7584456ace1293636bcc7 Mon Sep 17 00:00:00 2001
From: Cyril Brulebois 
Date: Mon, 18 Feb 2019 13:49:50 +0100
Subject: [PATCH] Update debian/arm-avoid-abi-change-in-4.9.139.patch (Closes:
 #922478).

This makes it take into account the function pointers reordering in
arch/arm/mm/proc-macros.S (addition of check_bugs), fixing the failure
to boot many armhf devices.

With thanks to Adrian Bunk for the hint, and Julien Cristau for the
prospective patch.
---
 debian/changelog   | 10 ++
 .../debian/arm-avoid-abi-change-in-4.9.139.patch   | 18 ++
 2 files changed, 28 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index b0d5b6082859..3ef3c29c6fca 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+linux (4.9.144-4) UNRELEASED; urgency=medium
+
+  * Update debian/arm-avoid-abi-change-in-4.9.139.patch to take into
+account the function pointers reordering in arch/arm/mm/proc-macros.S
+(addition of check_bugs), fixing the failure to boot many armhf
+devices (Closes: #922478). With thanks to Adrian Bunk for the hint,
+and Julien Cristau for the prospective patch.
+
+ -- Cyril Brulebois   Mon, 18 Feb 2019 13:46:37 +0100
+
 linux (4.9.144-3) stretch; urgency=medium
 
   * libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature()
diff --git a/debian/patches/debian/arm-avoid-abi-change-in-4.9.139.patch b/debian/patches/debian/arm-avoid-abi-change-in-4.9.139.patch
index 7f73ea0066c8..bf1dc1e86731 100644
--- a/debian/patches/debian/arm-avoid-abi-change-in-4.9.139.patch
+++ b/debian/patches/debian/arm-avoid-abi-change-in-4.9.139.patch
@@ -40,3 +40,21 @@ building modules, to make sure they really don't use it.
  } processor;
  
  #ifndef MULTI_CPU
+--- a/arch/arm/mm/proc-macros.S
 b/arch/arm/mm/proc-macros.S
+@@ -281,7 +281,6 @@ ENTRY(\name\()_processor_functions)
+ 	.word	\dabort
+ 	.word	\pabort
+ 	.word	cpu_\name\()_proc_init
+-	.word	\bugs
+ 	.word	cpu_\name\()_proc_fin
+ 	.word	cpu_\name\()_reset
+ 	.word	cpu_\name\()_do_idle
+@@ -309,6 +308,7 @@ ENTRY(\name\()_processor_functions)
+ 	.word	0
+ 	.endif
+ 
++	.word	\bugs
+ 	.size	\name\()_processor_functions, . - \name\()_processor_functions
+ .endm
+ 
-- 
2.11.0



signature.asc
Description: PGP signature

Processed: Re: Bug#922478: have yet to find an armhf board that works with 4.9.144-3

[Debian Bug Tracking System]

Processing control commands:

> tag -1 patch
Bug #922478 [src:linux] upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 
4.9.130-2 to 4.9.144-3 renders many systems unbootable
Bug #922532 [src:linux] upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 
4.9.130-2 to 4.9.144-3 renders many systems unbootable
Bug #922547 [src:linux] linux-image-4.9.0-8-armmp: Failed to boot after 
upgrading to linux-image-4.9.0-8-armmp version 4.9.144-3
Added tag(s) patch.
Added tag(s) patch.
Added tag(s) patch.

-- 
922478: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922478
922532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922532
922547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed (with 1 error): forcibly merging 910056 920458

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forcemerge 910056 920458
Bug #910056 {Done: Mattia Rizzolo } [src:twisted] twisted: 
Missing version constraint on python-attr dependencies
Unable to merge bugs because:
package of #920458 is 'python3-twisted' not 'src:twisted'
Failed to forcibly merge 910056: Did not alter merged bugs.

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
910056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910056
920458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920458
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#922478: have yet to find an armhf board that works with 4.9.144-3

[Steve McIntyre]

On Mon, Feb 18, 2019 at 05:09:12PM +0100, Cyril Brulebois wrote:
>Control: tag -1 patch
>
>Adrian Bunk  (2019-02-17):
>> On Sun, Feb 17, 2019 at 09:52:48AM -0800, Vagrant Cascadian wrote:
>> > After upgrading to the latest 4.9.x kernel in sid, all of the armhf
>> > boards running this kernel failed to boot.
>> > 
>> > Adding to the list:
>> > 
>> > imx6: Cubox-i4pro, Cubox-i4x4, Wandboard Quad
>> > exynos5: Odroid-XU4
>> > exynos4: Odroid-U3
>> > rk3328: firefly-rk3288
>> > sunxi A20: Cubietruck
>> > 
>> > 
>> > So it clearly impacts a wide variety of systems...
>> 
>> debian/patches/debian/arm-avoid-abi-change-in-4.9.139.patch changes
>> the order of struct processor but lacks a corresponding change to 
>> arch/arm/mm/proc-macros.S
>
>Based on this suggestion and Julien's suggested patch on IRC a couple
>hours ago, I've tested the attached patch successfully (as in: from a
>busy loop in qemu-system-arm to the “expected” kernel panic, as
>discussed in another subthread).
>
>I've uploaded linux-image binaries (armmp and armmp-lpae) here, which
>were cross-built through sbuild, thanks to Vagrant's suggestion on IRC:
>  https://people.debian.org/~kibi/linux-bug-922478/
>
>which is:
>  DEBIAN_KERNEL_DISABLE_DEBUG=yes sbuild -d stretch-proposed-updates -c 
> stretch-amd64-sbuild --build=amd64 --profiles='pkg.linux.notools nodoc 
> nopython cross pkg.linux.nosource' --host=armhf linux_4.9.144-4.dsc
>
>Checking this on real hardware would be great, trying to put everyone
>involved in the loop through cc.
>
>
>Cheers,
>-- 
>Cyril Brulebois (k...@debian.org)
>D-I release manager -- Release team member -- Freelance Consultant

>From 07f237b3911a685b18a7584456ace1293636bcc7 Mon Sep 17 00:00:00 2001
>From: Cyril Brulebois 
>Date: Mon, 18 Feb 2019 13:49:50 +0100
>Subject: [PATCH] Update debian/arm-avoid-abi-change-in-4.9.139.patch (Closes:
> #922478).
>
>This makes it take into account the function pointers reordering in
>arch/arm/mm/proc-macros.S (addition of check_bugs), fixing the failure
>to boot many armhf devices.
>
>With thanks to Adrian Bunk for the hint, and Julien Cristau for the
>prospective patch.

...

Just to confirm: installed this on the Armada XP on my desk (copy of
the buildd hardware we're using) and it works just fine.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Every time you use Tcl, God kills a kitten." -- Malcolm Ray

Bug#922478: Re : Bug#922478: upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 4.9.130-2 to 4.9.144-3 renders many systems unbootable

[jean . tampa]

Hi all,

Same issue here with 4.9.144-3 on my Olimex OLinuXino-LIME2 board 
(Allwinner A20 cpu) :

u-boot is struck at "Starting kernel", nothing happens after that.

This board boots ok with 4.9.130-2 and also with 4.9.135-1 (found at 
snapshot.debian.org).


I'm using the armmp kernel variant (non-lpae), if that helps I could 
easily try with lpae.
More generally please let me know if I can help pinpointing the issue by 
testing some more
kernel images. Note that I've never played with (cross-)compiling armhf 
kernels myself, though.


Despite this specific issue, thanks for all this great work, it's so 
cool to have Debian

supported out-of-the box on such little boards !

Jean

Bug#922478: have yet to find an armhf board that works with 4.9.144-3

[Neil Williams]

On Mon, 18 Feb 2019 17:09:12 +0100
Cyril Brulebois  wrote:

> Control: tag -1 patch
> 
> Adrian Bunk  (2019-02-17):
> > On Sun, Feb 17, 2019 at 09:52:48AM -0800, Vagrant Cascadian wrote:  
> > > After upgrading to the latest 4.9.x kernel in sid, all of the
> > > armhf boards running this kernel failed to boot.
> > > 
> > > Adding to the list:
> > > 
> > > imx6: Cubox-i4pro, Cubox-i4x4, Wandboard Quad
> > > exynos5: Odroid-XU4
> > > exynos4: Odroid-U3
> > > rk3328: firefly-rk3288
> > > sunxi A20: Cubietruck
> > > 
> > > 
> > > So it clearly impacts a wide variety of systems...  
> > 
> > debian/patches/debian/arm-avoid-abi-change-in-4.9.139.patch changes
> > the order of struct processor but lacks a corresponding change to 
> > arch/arm/mm/proc-macros.S  
> 
> Based on this suggestion and Julien's suggested patch on IRC a couple
> hours ago, I've tested the attached patch successfully (as in: from a
> busy loop in qemu-system-arm to the “expected” kernel panic, as
> discussed in another subthread).
> 
> I've uploaded linux-image binaries (armmp and armmp-lpae) here, which
> were cross-built through sbuild, thanks to Vagrant's suggestion on
> IRC: https://people.debian.org/~kibi/linux-bug-922478/
> 
> which is:
>   DEBIAN_KERNEL_DISABLE_DEBUG=yes sbuild -d stretch-proposed-updates
> -c stretch-amd64-sbuild --build=amd64 --profiles='pkg.linux.notools
> nodoc nopython cross pkg.linux.nosource' --host=armhf
> linux_4.9.144-4.dsc
> 
> Checking this on real hardware would be great, trying to put everyone
> involved in the loop through cc.

Passes on a cubietruck in LAVA:

https://staging.validation.linaro.org/scheduler/job/249113



-- 

Neil Williams
h...@codehelp.co.uk



pgpBMbLzgqZD8.pgp
Description: OpenPGP digital signature

Bug#921754: marked as done (gfsview: FTBFS (error adding symbols))

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 16:35:05 +
with message-id 
and subject line Bug#921754: fixed in gfsview 20121130+dfsg-6
has caused the Debian Bug report #921754,
regarding gfsview: FTBFS (error adding symbols)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921754: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921754
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:gfsview
Version: 20121130+dfsg-5
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-arch
dh build-arch --with autoreconf
   dh_update_autotools_config -a
   dh_autoreconf -a
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
configure.ac:9: warning: AM_INIT_AUTOMAKE: two- and three-arguments forms are 
deprecated.  For more info, see:
configure.ac:9: 
https://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation

[... snipped ...]

 from gfsgl.c:21:
/usr/include/gts.h:166:16: note: expected 'gchar *' {aka 'char *'} but argument 
is of type 'const gchar *' {aka 'const char *'}
 GtsFile *  gts_file_new_from_string   (gchar * s);
^~~~
libtool: compile:  mpicc -DHAVE_CONFIG_H -I. -I.. 
-DPACKAGE_DATA_DIR=\"/usr/share/gfsview\" -DPACKAGE_LOCALE_DIR=\"/usr//locale\" 
-DG_LOG_DOMAIN=\"GfsGl\" -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include 
-I/usr/include/FTGL -I/usr/include/freetype2 -I/usr/include/libpng16 -g -O2 
-fdebug-prefix-map=/<>/gfsview-20121130+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security 
-I/usr/include/glib-2.0/ -I/usr/lib/x86_64-linux-gnu/glib-2.0/include/ -Wall 
-Werror-implicit-function-declaration -Wmissing-prototypes 
-Wmissing-declarations -pipe -std=c99 -D_XOPEN_SOURCE=500 -c gfsgl.c -o 
libgfsgl3D_la-gfsgl.o >/dev/null 2>&1
/bin/bash ../libtool  --tag=CC   --mode=compile mpicc -DHAVE_CONFIG_H -I. -I.. 
-DPACKAGE_DATA_DIR=\""/usr/share/gfsview"\" 
-DPACKAGE_LOCALE_DIR=\""/usr//locale"\" -DG_LOG_DOMAIN=\"GfsGl\" -I..  
-Wdate-time -D_FORTIFY_SOURCE=2  -pthread -I/usr/include/glib-2.0 
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/FTGL 
-I/usr/include/freetype2 -I/usr/include/libpng16 -g -O2 
-fdebug-prefix-map=/<>/gfsview-20121130+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security 
-I/usr/include/glib-2.0/ -I/usr/lib/x86_64-linux-gnu/glib-2.0/include/ -Wall 
-Werror-implicit-function-declaration -Wmissing-prototypes 
-Wmissing-declarations -pipe -std=c99 -D_XOPEN_SOURCE=500 -c -o 
libgfsgl3D_la-trackball.lo `test -f 'trackball.c' || echo './'`trackball.c
libtool: compile:  mpicc -DHAVE_CONFIG_H -I. -I.. 
-DPACKAGE_DATA_DIR=\"/usr/share/gfsview\" -DPACKAGE_LOCALE_DIR=\"/usr//locale\" 
-DG_LOG_DOMAIN=\"GfsGl\" -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include 
-I/usr/include/FTGL -I/usr/include/freetype2 -I/usr/include/libpng16 -g -O2 
-fdebug-prefix-map=/<>/gfsview-20121130+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security 
-I/usr/include/glib-2.0/ -I/usr/lib/x86_64-linux-gnu/glib-2.0/include/ -Wall 
-Werror-implicit-function-declaration -Wmissing-prototypes 
-Wmissing-declarations -pipe -std=c99 -D_XOPEN_SOURCE=500 -c trackball.c  -fPIC 
-DPIC -o .libs/libgfsgl3D_la-trackball.o
libtool: compile:  mpicc -DHAVE_CONFIG_H -I. -I.. 
-DPACKAGE_DATA_DIR=\"/usr/share/gfsview\" -DPACKAGE_LOCALE_DIR=\"/usr//locale\" 
-DG_LOG_DOMAIN=\"GfsGl\" -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include 
-I/usr/include/FTGL -I/usr/include/freetype2 -I/usr/include/libpng16 -g -O2 
-fdebug-prefix-map=/<>/gfsview-20121130+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security 
-I/usr/include/glib-2.0/ -I/usr/lib/x86_64-linux-gnu/glib-2.0/include/ -Wall 
-Werror-implicit-function-declaration -Wmissing-prototypes 
-Wmissing-declarations -pipe -std=c99 -D_XOPEN_SOURCE=500 -c trackball.c -o 
libgfsgl3D_la-trackball.o >/dev/null 2>&1
/bin/bash ../libtool  --tag=CC   --mode=compile mpicc -DHAVE_

Bug#922478: have yet to find an armhf board that works with 4.9.144-3

[Reco]

Hi.

On Mon, Feb 18, 2019 at 05:09:12PM +0100, Cyril Brulebois wrote:
> Checking this on real hardware would be great, trying to put everyone
> involved in the loop through cc.

Confirming that the patched kernel booted successfully on
Armada385/Caiman.

Reco

Bug#922478: Re : Bug#922478: upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 4.9.130-2 to 4.9.144-3 renders many systems unbootable

[jean . tampa]

On Mon, Feb 18, 2019 at 05:09:12PM +0100, Cyril Brulebois wrote:


I've uploaded linux-image binaries (armmp and armmp-lpae) here, which
were cross-built through sbuild, thanks to Vagrant's suggestion on IRC:
  https://people.debian.org/~kibi/linux-bug-922478/

[...]

Checking this on real hardware would be great, trying to put everyone
involved in the loop through cc.


So I've just tried this linux-image-4.9.0-8-armmp_4.9.144-4 on my 
OLinuXino-LIME2, it boots ok, everything seems to work well.


Thanks !

Jean

Bug#922478: upgrade linux-image-4.9.0-8-armmp-lpae:armhf from 4.9.130-2 to 4.9.144-3 renders many systems unbootable

[Neil Williams]

On Mon, 18 Feb 2019 17:45:25 +0100
jean.ta...@free.fr wrote:

> On Mon, Feb 18, 2019 at 05:09:12PM +0100, Cyril Brulebois wrote:
> 
> > I've uploaded linux-image binaries (armmp and armmp-lpae) here,
> > which were cross-built through sbuild, thanks to Vagrant's
> > suggestion on IRC:
> > https://people.debian.org/~kibi/linux-bug-922478/  
> [...]
> > Checking this on real hardware would be great, trying to put
> > everyone involved in the loop through cc.  

I didn't get a chance to prove the original bug in LAVA, so now I've
got that result too:
Original bug:
https://staging.validation.linaro.org/scheduler/job/249115
Fails to boot, as others have reported.

Fixed kernel build:
https://staging.validation.linaro.org/scheduler/job/249113
Kernel boots correctly and job runs to completion.

To test, I downloaded the built .deb files and extracted the contents
and made a modules.tar.gz from ./lib/. The jobs above include
SHA256 checksums for the extracted files and the modules.tar.gz and I
uploaded the files to:
http://people.linaro.org/~neil.williams/linux-bug-922478/ (fixed
build) and
http://people.linaro.org/~neil.williams/linux-bug-922478/original/
(buggy build)

 
> So I've just tried this linux-image-4.9.0-8-armmp_4.9.144-4 on my 
> OLinuXino-LIME2, it boots ok, everything seems to work well.
> 
> Thanks !
> 
> Jean


-- 

Neil Williams
h...@codehelp.co.uk



pgpfgoGdvi1UD.pgp
Description: OpenPGP digital signature

Processed: [bts-link] source package ruby-ronn

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package ruby-ronn
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #921637 (http://bugs.debian.org/921637)
> # Bug title: ronn 0.8.0-1 breaks man pages with numbered lists
> #  * https://github.com/apjanke/ronn-ng/issues/24
> #  * remote status changed: (?) -> closed
> #  * closed upstream
> tags 921637 + fixed-upstream
Bug #921637 [ronn] ronn 0.8.0-1 breaks man pages with numbered lists
Added tag(s) fixed-upstream.
> usertags 921637 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
921637: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921637
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 918611 is forwarded to https://github.com/ichord/jquery-atwho-rails/issues/29

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 918611 https://github.com/ichord/jquery-atwho-rails/issues/29
Bug #918611 [src:ruby-jquery-atwho-rails] ruby-jquery-atwho-rails FTBFS with 
rails 5.2
Set Bug forwarded-to-address to 
'https://github.com/ichord/jquery-atwho-rails/issues/29'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
918611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918611
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#776246: Processed: severity of 776246 is grave

[Valentin Vidic]

Hi,

Not sure why grave so late in the release process that we lose
some packages (csync2 in my case)? grave after the release would
give us more time to move to librsync2.

-- 
Valentin

Bug#922478: have yet to find an armhf board that works with 4.9.144-3

[Timo Sigurdsson]

Hi Cyril,

Cyril Brulebois schrieb am 18.02.2019 17:09:

> Based on this suggestion and Julien's suggested patch on IRC a couple
> hours ago, I've tested the attached patch successfully (as in: from a
> busy loop in qemu-system-arm to the “expected” kernel panic, as
> discussed in another subthread).
> 
> I've uploaded linux-image binaries (armmp and armmp-lpae) here, which
> were cross-built through sbuild, thanks to Vagrant's suggestion on IRC:
>  https://people.debian.org/~kibi/linux-bug-922478/
> 
> which is:
>  DEBIAN_KERNEL_DISABLE_DEBUG=yes sbuild -d stretch-proposed-updates -c
>  stretch-amd64-sbuild --build=amd64 --profiles='pkg.linux.notools nodoc
>  nopython cross pkg.linux.nosource' --host=armhf linux_4.9.144-4.dsc
> 
> Checking this on real hardware would be great, trying to put everyone
> involved in the loop through cc.
> 

Thanks for the patch and effort. I can confirm your kernel package boots fine 
on my LeMaker BananaPi.
  $ uname -a
  Linux bananapi 4.9.0-8-armmp-lpae #1 SMP Debian 4.9.144-4 (2019-02-18) armv7l 
GNU/Linux

journalctl also shows no errors that haven't been there before.


Regards,

Timo

Bug#919800: marked as done (javadoc: The code being documented uses modules but the packages defined in … are in the unnamed module)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding javadoc: The code being documented uses modules but the packages 
defined in … are in the unnamed module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:jackson-databind
Version: 2.9.8-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep --with javahelper
   dh_update_autotools_config -i
   dh_autoreconf -i
   dh_auto_configure -i
mh_patchpoms -plibjackson2-databind-java --debian-build 
--keep-pom-version --maven-repo=/<>/debian/maven-repo
   jh_linkjars -i
   dh_auto_build -i
/usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
-Dproperties.file.manual=/<>/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian 
-Dmaven.repo.local=/<>/debian/maven-repo --batch-mode package 
javadoc:jar javadoc:aggregate -DskipTests -Dnotimestamp=true -Dlocale=en_US
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by 
com.google.inject.internal.cglib.core.$ReflectUtils$1 
(file:/usr/share/maven/lib/guice.jar) to method 
java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of 
com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal 
reflective access operations
WARNING: All illegal access operations will be denied in a future release

[... snipped ...]

[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/DeserializationFeature.java:87:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/DeserializationFeature.java:87:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/DeserializationFeature.java:89:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/deser/std/EnumMapDeserializer.java:22:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/deser/std/EnumMapDeserializer.java:22:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:635:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:646:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:658:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:998:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:1010:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:1023:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:635:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:646:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:658:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:998:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:1010:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/AnnotationIntrospector.java:1023:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/module/SimpleModule.java:17:
 warning - Tag @link: reference not found: Module
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/databind/node/ArrayNode.java:311:
 warning - invalid usage of tag >
[ERROR] 
/<>/src/main/java/com/fasterxml/jackson/d

Bug#920747: marked as done (dirgra FTBFS with recent OpenJDK)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding dirgra FTBFS with recent OpenJDK
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dirgra
Version: 0.3-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/dirgra.html

...
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar (default-cli) on 
project dirgra: MavenReportException: Error while generating Javadoc: 
[ERROR] Exit code: 1 - javadoc: error - The code being documented uses modules 
but the packages defined in https://docs.oracle.com/javase/6/docs/api/ are in 
the unnamed module.


For background see
https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=919798#125
--- End Message ---
--- Begin Message ---
Source: maven-javadoc-plugin
Source-Version: 3.0.1-3

We believe that the bug you reported is fixed in the latest version of
maven-javadoc-plugin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 919...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated maven-javadoc-plugin 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 17 Feb 2019 10:36:03 -0800
Source: maven-javadoc-plugin
Architecture: source
Version: 3.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 919798
Changes:
 maven-javadoc-plugin (3.0.1-3) unstable; urgency=medium
 .
   * Team upload.
   * Add default-detectJavaApiLink-to-false.patch (Closes: #919798)
 This addresses FTBFS bugs for multiple javadoc packages that
 build-depend on maven.  Also see:
 - https://github.com/oracle/opengrok/issues/2629
 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919831
 Thank you to Markus Koschany for identifying a work-around.
Checksums-Sha1:
 0881fbd794ee91c1966900bfaa2cfcef27d79a9a 2645 maven-javadoc-plugin_3.0.1-3.dsc
 74811d78357981019706a0415350dd55c9f37fa0 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 c3b705be1d0728a08d918c043796c45c070d9202 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Checksums-Sha256:
 a3e5e57a3adf8b910a7a5d386610904bc8eff7c37a5b5554faafccdc435e 2645 
maven-javadoc-plugin_3.0.1-3.dsc
 90ee74633a6473a83561787312f3a4289c113a8f4555cf1a66adb97a7ae1f955 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 f8ba5577aa484ad24f5ffbeb545fd7b58f3abd887687a0ec39eccdd37e2dbe4a 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Files:
 a204447b8f15a3e83de17b81342418c3 2645 java optional 
maven-javadoc-plugin_3.0.1-3.dsc
 f10017a77ae0b977aab26005593d4d4a 7724 java optional 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 dfbbc41406bd3f7ca4f7fbefc625613c 15158 java optional 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlxq718UHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpa6jQ/8C0Cm5T8Jbf2257uGBaS7yxCdbNKl
pPW4a8kByApZOaiW0bS33eS4LrvEqqD+j1f8HFxUiNM+An5BNSs16DaZF0joZOju
kkEgifT3xHKpp/GqyMBgjtTJiPLyV2sxV2Xcog+y0EQgrlcGwmLKqGp+3RPj+Ele
J/g6cGJX+ceHAt3G9y2OTG6n/1+mAb1CTbL5G+09/us+JlWtIEi+QRlJKTAExciR
i5XnzMH+/r1qCiuYijeBhiItRU1bLVEiIGyf8SisOg1Q9f0PXl0OvhJ6jNBTlvvT
MLmuqmS2PXtLcGAxpaDggoq7XD+mc2mseQLh4X8u1ivtGeTiKWBm1colwWC7w+3Q
1OyRrZHnJ+VK98O4oGK7u1Y6E4uP/Earv45eZD3BPDwteEyTWYjkdj/Yhjqqv/KW
XNhFONOOERfbDKIAsplIwsuCjrXuxZ3YwfdTY6GngWNUsOGfoAUIj0fRBjxrpnBx
LHTUiS6tewNNDky1q6mQ10LpK0abeEV9ehbUtXyIITStPH1ovQz+LCjtfV0ZvoHh
8Pl1LeJmrop4OF0cO1DZOfNXxpxeeY3OVjhyCBIfFNX1VpRj7ikV4TQRLdDYsM+g
/yC2ZXSplhmcjZfsbEOmOKS7OV4aGSe9dMjdqkIVQOgwnYdO/BbzM+UJFxxxp/Zl
/lu5/qrR/PlcD5U=
=Oh6N
-END PGP SIGNATURE End Message ---

Bug#919874: marked as done (javadoc: The code being documented uses modules but the packages defined in … are in the unnamed module)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding javadoc: The code being documented uses modules but the packages 
defined in … are in the unnamed module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:bsaf
Version: 1.9.2-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_update_autotools_config -i
   dh_autoreconf -i
   dh_auto_configure -i
mh_patchpoms -plibbetter-appframework-java --debian-build 
--keep-pom-version --maven-repo=/<>/debian/maven-repo
   dh_auto_build -i
/usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
-Dproperties.file.manual=/<>/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian 
-Dmaven.repo.local=/<>/debian/maven-repo --batch-mode package 
javadoc:jar javadoc:aggregate -DskipTests -Dnotimestamp=true -Dlocale=en_US
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by 
com.google.inject.internal.cglib.core.$ReflectUtils$1 
(file:/usr/share/maven/lib/guice.jar) to method 
java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of 
com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal 
reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for 
org.jdesktop.bsaf:bsaf:jar:1.9.2
[WARNING] 'dependencies.dependency.systemPath' for javax.jnlp:jnlp:jar should 
use a variable instead of a hard-coded path /usr/share/java/netx.jar @ line 
129, column 16
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten 
the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support 
building such malformed projects.
[WARNING] 
[INFO] 
[INFO] ---< org.jdesktop.bsaf:bsaf >---
[INFO] Building bsaf 1.9.2
[INFO] [ jar ]-
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ bsaf ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 7 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.8.0:compile (default-compile) @ bsaf ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 38 source files to /<>/target/classes
[WARNING] bootstrap class path not set in conjunction with -source 6
[WARNING] source value 6 is obsolete and will be removed in a future release
[WARNING] target value 1.6 is obsolete and will be removed in a future release
[WARNING] To suppress warnings about obsolete options, use -Xlint:-options.
[WARNING] 
/<>/src/main/java/org/jdesktop/application/SessionStorage.java:[13,19]
 java.applet.Applet in java.applet has been deprecated
[WARNING] 
/<>/src/main/java/org/jdesktop/application/ResourceMap.java:[15,16]
 java.awt.Event in java.awt has been deprecated
[WARNING] 
/<>/src/main/java/org/jdesktop/application/SessionStorage.java:[210,84]
 java.applet.Applet in java.applet has been deprecated
[WARNING] 
/<>/src/main/java/org/jdesktop/application/Application.java:[232,18]
 isAccessible() in java.lang.reflect.AccessibleObject has been deprecated
[WARNING] 
/<>/src/main/java/org/jdesktop/application/ResourceMap.java:[1257,31]
 isAccessible() in java.lang.reflect.AccessibleObject has been deprecated
[WARNING] 
/<>/src/main/java/org/jdesktop/application/ResourceMap.java:[1277,27]
 isAccessible() in java.lang.reflect.AccessibleObject has been deprecated
[WARNING] 
/<>/src/main/java/org/jdesktop/application/ResourceMap.java:[1511,74]
 getMenuShortcutKeyMask() in java.awt.Toolkit has been deprecated
[WARNING] 
/<>/src/main/java/org/jdesktop/application/Reso

Bug#920794: marked as done (localizer FTBFS with recent OpenJDK)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding localizer FTBFS with recent OpenJDK
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: localizer
Version: 1.13-3
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/localizer.html

...
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar (default-cli) on 
project localizer: MavenReportException: Error while generating Javadoc: 
[ERROR] Exit code: 1 - javadoc: error - The code being documented uses modules 
but the packages defined in https://docs.oracle.com/javase/1.5.0/docs/api/ are 
in the unnamed module.


For background see
https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=919798#125
--- End Message ---
--- Begin Message ---
Source: maven-javadoc-plugin
Source-Version: 3.0.1-3

We believe that the bug you reported is fixed in the latest version of
maven-javadoc-plugin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 919...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated maven-javadoc-plugin 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 17 Feb 2019 10:36:03 -0800
Source: maven-javadoc-plugin
Architecture: source
Version: 3.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 919798
Changes:
 maven-javadoc-plugin (3.0.1-3) unstable; urgency=medium
 .
   * Team upload.
   * Add default-detectJavaApiLink-to-false.patch (Closes: #919798)
 This addresses FTBFS bugs for multiple javadoc packages that
 build-depend on maven.  Also see:
 - https://github.com/oracle/opengrok/issues/2629
 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919831
 Thank you to Markus Koschany for identifying a work-around.
Checksums-Sha1:
 0881fbd794ee91c1966900bfaa2cfcef27d79a9a 2645 maven-javadoc-plugin_3.0.1-3.dsc
 74811d78357981019706a0415350dd55c9f37fa0 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 c3b705be1d0728a08d918c043796c45c070d9202 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Checksums-Sha256:
 a3e5e57a3adf8b910a7a5d386610904bc8eff7c37a5b5554faafccdc435e 2645 
maven-javadoc-plugin_3.0.1-3.dsc
 90ee74633a6473a83561787312f3a4289c113a8f4555cf1a66adb97a7ae1f955 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 f8ba5577aa484ad24f5ffbeb545fd7b58f3abd887687a0ec39eccdd37e2dbe4a 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Files:
 a204447b8f15a3e83de17b81342418c3 2645 java optional 
maven-javadoc-plugin_3.0.1-3.dsc
 f10017a77ae0b977aab26005593d4d4a 7724 java optional 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 dfbbc41406bd3f7ca4f7fbefc625613c 15158 java optional 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlxq718UHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpa6jQ/8C0Cm5T8Jbf2257uGBaS7yxCdbNKl
pPW4a8kByApZOaiW0bS33eS4LrvEqqD+j1f8HFxUiNM+An5BNSs16DaZF0joZOju
kkEgifT3xHKpp/GqyMBgjtTJiPLyV2sxV2Xcog+y0EQgrlcGwmLKqGp+3RPj+Ele
J/g6cGJX+ceHAt3G9y2OTG6n/1+mAb1CTbL5G+09/us+JlWtIEi+QRlJKTAExciR
i5XnzMH+/r1qCiuYijeBhiItRU1bLVEiIGyf8SisOg1Q9f0PXl0OvhJ6jNBTlvvT
MLmuqmS2PXtLcGAxpaDggoq7XD+mc2mseQLh4X8u1ivtGeTiKWBm1colwWC7w+3Q
1OyRrZHnJ+VK98O4oGK7u1Y6E4uP/Earv45eZD3BPDwteEyTWYjkdj/Yhjqqv/KW
XNhFONOOERfbDKIAsplIwsuCjrXuxZ3YwfdTY6GngWNUsOGfoAUIj0fRBjxrpnBx
LHTUiS6tewNNDky1q6mQ10LpK0abeEV9ehbUtXyIITStPH1ovQz+LCjtfV0ZvoHh
8Pl1LeJmrop4OF0cO1DZOfNXxpxeeY3OVjhyCBIfFNX1VpRj7ikV4TQRLdDYsM+g
/yC2ZXSplhmcjZfsbEOmOKS7OV4aGSe9dMjdqkIVQOgwnYdO/BbzM+UJFxxxp/Zl
/lu5/qrR/PlcD5U=
=Oh6N
-END PGP SIGNATURE End Message ---

Bug#922369: marked as done (javamail: FTBFS on Buster/Sid)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding javamail: FTBFS on Buster/Sid
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: javamail
Severity: serious
Tags: ftbfs
Justification: fails to build from source


You can also see the same build failure from the reproducible builds
projects efforts.

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/javamail.html

[  254s] Generating 
/usr/src/packages/BUILD/mail/target/apidocs/index-all.html...
[  254s] Building index for all classes...
[  254s] Generating 
/usr/src/packages/BUILD/mail/target/apidocs/allclasses-index.html...
[  254s] Generating 
/usr/src/packages/BUILD/mail/target/apidocs/allpackages-index.html...
[  254s] Generating 
/usr/src/packages/BUILD/mail/target/apidocs/deprecated-list.html...
[  254s] Building index for all classes...
[  254s] Generating 
/usr/src/packages/BUILD/mail/target/apidocs/allclasses.html...
[  254s] Generating 
/usr/src/packages/BUILD/mail/target/apidocs/allclasses.html...
[  254s] Generating /usr/src/packages/BUILD/mail/target/apidocs/index.html...
[  254s] Generating 
/usr/src/packages/BUILD/mail/target/apidocs/overview-summary.html...
[  254s] Generating /usr/src/packages/BUILD/mail/target/apidocs/help-doc.html...
[  254s] 1 error
[  254s] 1 warning
[  254s] [[1;34mINFO[m] 
[  254s] [[1;34mINFO[m] 
[1m[m
[  254s] [[1;34mINFO[m] [1mSkipping JavaMail API distribution[m
[  254s] [[1;34mINFO[m] This project has been banned from the build due to 
previous failures.
[  254s] [[1;34mINFO[m] 
[1m[m
[  254s] [[1;34mINFO[m] 
[1m[m
[  254s] [[1;34mINFO[m] [1mReactor Summary for JavaMail API distribution 
1.6.2:[m
[  254s] [[1;34mINFO[m] 
[  254s] [[1;34mINFO[m] JavaMail API distribution .. 
[1;32mSUCCESS[m [  2.080 s]
[  254s] [[1;34mINFO[m] JavaMail API ... 
[1;31mFAILURE[m [ 21.766 s]
[  254s] [[1;34mINFO[m] JavaMail API (no providers)  
[1;33mSKIPPED[m
[  254s] [[1;34mINFO[m] JavaMail API jar ... 
[1;33mSKIPPED[m
[  254s] [[1;34mINFO[m] JavaMail API smtp provider . 
[1;33mSKIPPED[m
[  254s] [[1;34mINFO[m] JavaMail API imap provider . 
[1;33mSKIPPED[m
[  254s] [[1;34mINFO[m] JavaMail API Gmail IMAP provider ... 
[1;33mSKIPPED[m
[  254s] [[1;34mINFO[m] JavaMail API pop3 provider . 
[1;33mSKIPPED[m
[  254s] [[1;34mINFO[m] JavaMail API dsn support ... 
[1;33mSKIPPED[m
[  254s] [[1;34mINFO[m] JavaMail API logging handler ... 
[1;33mSKIPPED[m
[  254s] [[1;34mINFO[m] 
[1m[m
[  254s] [[1;34mINFO[m] [1;31mBUILD FAILURE[m
[  254s] [[1;34mINFO[m] 
[1m[m
[  254s] [[1;34mINFO[m] Total time:  24.522 s
[  254s] [[1;34mINFO[m] Finished at: 2019-02-15T04:59:59Z
[  254s] [[1;34mINFO[m] 
[1m[m
[  254s] [[1;31mERROR[m] Failed to execute goal 
[32morg.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar[m 
[1m(default-cli)[m on project [36mjavax.mail[m: [1;31mMavenReportException: 
Error while generating Javadoc: [m
[  254s] [[1;31mERROR[m] [1;31mExit code: 1 - javadoc: error - The code being 
documented uses modules but the packages defined in 
https://docs.oracle.com/javase/7/docs/api/ are in the unnamed module.[m
[  254s] [[1;31mERROR[m] 
[1;31m/usr/src/packages/BUILD/mail/src/main/java/com/sun/mail/util/package.html:60:
 warning - Tag @link: reference not found: java.util.logging[m
[  254s] [[1;31mERROR[m] [1;31m[m
[  254s] [[1;31mERROR[m] [1;31mCommand line was: 
/usr/lib/jvm/java-11-openjdk-amd64/bin/javadoc @options @argfile[m
[  254s] [[1;31mERROR[m] [1;31m[m
[  254s] [[1;31mERROR[m] [1;31mRefer to the generated Javadoc files in 
'/usr/src/packages/BUILD/mail/target/apidocs' dir.[m
[  254s] [[1;31mERROR[m] [1;31m[m
[  254s] [[1;31mERROR[m] -> [1m[Help 1][m
[  254s] [[1;31mERROR[m] 
[ 

Bug#920748: marked as done (jnr-posix FTBFS with recent OpenJDK)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding jnr-posix FTBFS with recent OpenJDK
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jnr-posix
Version: 3.0.45-2
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/jnr-posix.html

...
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar (attach-javadocs) on 
project jnr-posix: MavenReportException: Error while generating Javadoc: 
[ERROR] Exit code: 1 - Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
[ERROR] javadoc: error - The code being documented uses modules but the 
packages defined in https://docs.oracle.com/javase/6/docs/api/ are in the 
unnamed module.


For background see
https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=919798#125
--- End Message ---
--- Begin Message ---
Source: maven-javadoc-plugin
Source-Version: 3.0.1-3

We believe that the bug you reported is fixed in the latest version of
maven-javadoc-plugin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 919...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated maven-javadoc-plugin 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 17 Feb 2019 10:36:03 -0800
Source: maven-javadoc-plugin
Architecture: source
Version: 3.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 919798
Changes:
 maven-javadoc-plugin (3.0.1-3) unstable; urgency=medium
 .
   * Team upload.
   * Add default-detectJavaApiLink-to-false.patch (Closes: #919798)
 This addresses FTBFS bugs for multiple javadoc packages that
 build-depend on maven.  Also see:
 - https://github.com/oracle/opengrok/issues/2629
 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919831
 Thank you to Markus Koschany for identifying a work-around.
Checksums-Sha1:
 0881fbd794ee91c1966900bfaa2cfcef27d79a9a 2645 maven-javadoc-plugin_3.0.1-3.dsc
 74811d78357981019706a0415350dd55c9f37fa0 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 c3b705be1d0728a08d918c043796c45c070d9202 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Checksums-Sha256:
 a3e5e57a3adf8b910a7a5d386610904bc8eff7c37a5b5554faafccdc435e 2645 
maven-javadoc-plugin_3.0.1-3.dsc
 90ee74633a6473a83561787312f3a4289c113a8f4555cf1a66adb97a7ae1f955 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 f8ba5577aa484ad24f5ffbeb545fd7b58f3abd887687a0ec39eccdd37e2dbe4a 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Files:
 a204447b8f15a3e83de17b81342418c3 2645 java optional 
maven-javadoc-plugin_3.0.1-3.dsc
 f10017a77ae0b977aab26005593d4d4a 7724 java optional 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 dfbbc41406bd3f7ca4f7fbefc625613c 15158 java optional 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlxq718UHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpa6jQ/8C0Cm5T8Jbf2257uGBaS7yxCdbNKl
pPW4a8kByApZOaiW0bS33eS4LrvEqqD+j1f8HFxUiNM+An5BNSs16DaZF0joZOju
kkEgifT3xHKpp/GqyMBgjtTJiPLyV2sxV2Xcog+y0EQgrlcGwmLKqGp+3RPj+Ele
J/g6cGJX+ceHAt3G9y2OTG6n/1+mAb1CTbL5G+09/us+JlWtIEi+QRlJKTAExciR
i5XnzMH+/r1qCiuYijeBhiItRU1bLVEiIGyf8SisOg1Q9f0PXl0OvhJ6jNBTlvvT
MLmuqmS2PXtLcGAxpaDggoq7XD+mc2mseQLh4X8u1ivtGeTiKWBm1colwWC7w+3Q
1OyRrZHnJ+VK98O4oGK7u1Y6E4uP/Earv45eZD3BPDwteEyTWYjkdj/Yhjqqv/KW
XNhFONOOERfbDKIAsplIwsuCjrXuxZ3YwfdTY6GngWNUsOGfoAUIj0fRBjxrpnBx
LHTUiS6tewNNDky1q6mQ10LpK0abeEV9ehbUtXyIITStPH1ovQz+LCjtfV0ZvoHh
8Pl1LeJmrop4OF0cO1DZOfNXxpxeeY3OVjhyCBIfFNX1VpRj7ikV4TQRLdDYsM+g
/yC2ZXSplhmcjZfsbEOmOKS7OV4aGSe9dMjdqkIVQOgwnYdO/BbzM+UJFxxxp/Zl
/lu5/qrR/PlcD5U=
=Oh6N
-END PGP SIGNATURE End Message ---

Bug#920750: marked as done (libparanamer-java FTBFS with recent OpenJDK)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding libparanamer-java FTBFS with recent OpenJDK
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libparanamer-java
Version: 2.8-4
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libparanamer-java.html

...
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar (attach-javadoc) on 
project paranamer: MavenReportException: Error while generating Javadoc: 
[ERROR] Exit code: 1 - javadoc: error - The code being documented uses modules 
but the packages defined in https://docs.oracle.com/javase/1.5.0/docs/api/ are 
in the unnamed module.


For background see
https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=919798#125
--- End Message ---
--- Begin Message ---
Source: maven-javadoc-plugin
Source-Version: 3.0.1-3

We believe that the bug you reported is fixed in the latest version of
maven-javadoc-plugin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 919...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated maven-javadoc-plugin 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 17 Feb 2019 10:36:03 -0800
Source: maven-javadoc-plugin
Architecture: source
Version: 3.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 919798
Changes:
 maven-javadoc-plugin (3.0.1-3) unstable; urgency=medium
 .
   * Team upload.
   * Add default-detectJavaApiLink-to-false.patch (Closes: #919798)
 This addresses FTBFS bugs for multiple javadoc packages that
 build-depend on maven.  Also see:
 - https://github.com/oracle/opengrok/issues/2629
 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919831
 Thank you to Markus Koschany for identifying a work-around.
Checksums-Sha1:
 0881fbd794ee91c1966900bfaa2cfcef27d79a9a 2645 maven-javadoc-plugin_3.0.1-3.dsc
 74811d78357981019706a0415350dd55c9f37fa0 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 c3b705be1d0728a08d918c043796c45c070d9202 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Checksums-Sha256:
 a3e5e57a3adf8b910a7a5d386610904bc8eff7c37a5b5554faafccdc435e 2645 
maven-javadoc-plugin_3.0.1-3.dsc
 90ee74633a6473a83561787312f3a4289c113a8f4555cf1a66adb97a7ae1f955 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 f8ba5577aa484ad24f5ffbeb545fd7b58f3abd887687a0ec39eccdd37e2dbe4a 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Files:
 a204447b8f15a3e83de17b81342418c3 2645 java optional 
maven-javadoc-plugin_3.0.1-3.dsc
 f10017a77ae0b977aab26005593d4d4a 7724 java optional 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 dfbbc41406bd3f7ca4f7fbefc625613c 15158 java optional 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlxq718UHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpa6jQ/8C0Cm5T8Jbf2257uGBaS7yxCdbNKl
pPW4a8kByApZOaiW0bS33eS4LrvEqqD+j1f8HFxUiNM+An5BNSs16DaZF0joZOju
kkEgifT3xHKpp/GqyMBgjtTJiPLyV2sxV2Xcog+y0EQgrlcGwmLKqGp+3RPj+Ele
J/g6cGJX+ceHAt3G9y2OTG6n/1+mAb1CTbL5G+09/us+JlWtIEi+QRlJKTAExciR
i5XnzMH+/r1qCiuYijeBhiItRU1bLVEiIGyf8SisOg1Q9f0PXl0OvhJ6jNBTlvvT
MLmuqmS2PXtLcGAxpaDggoq7XD+mc2mseQLh4X8u1ivtGeTiKWBm1colwWC7w+3Q
1OyRrZHnJ+VK98O4oGK7u1Y6E4uP/Earv45eZD3BPDwteEyTWYjkdj/Yhjqqv/KW
XNhFONOOERfbDKIAsplIwsuCjrXuxZ3YwfdTY6GngWNUsOGfoAUIj0fRBjxrpnBx
LHTUiS6tewNNDky1q6mQ10LpK0abeEV9ehbUtXyIITStPH1ovQz+LCjtfV0ZvoHh
8Pl1LeJmrop4OF0cO1DZOfNXxpxeeY3OVjhyCBIfFNX1VpRj7ikV4TQRLdDYsM+g
/yC2ZXSplhmcjZfsbEOmOKS7OV4aGSe9dMjdqkIVQOgwnYdO/BbzM+UJFxxxp/Zl
/lu5/qrR/PlcD5U=
=Oh6N
-END PGP SIGNATURE End Message ---

Bug#919875: marked as done (javadoc: The code being documented uses modules but the packages defined in … are in the unnamed module)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding javadoc: The code being documented uses modules but the packages 
defined in … are in the unnamed module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:commons-csv
Version: 1.5-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_update_autotools_config -i
   dh_autoreconf -i
   dh_auto_configure -i
mh_patchpoms -plibcommons-csv-java --debian-build --keep-pom-version 
--maven-repo=/<>/debian/maven-repo
   dh_auto_build -i
/usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian 
-Dmaven.repo.local=/<>/debian/maven-repo --batch-mode package 
javadoc:jar javadoc:aggregate -DskipTests -Dnotimestamp=true -Dlocale=en_US
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by 
com.google.inject.internal.cglib.core.$ReflectUtils$1 
(file:/usr/share/maven/lib/guice.jar) to method 
java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of 
com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal 
reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for 
org.apache.commons:commons-csv:jar:1.5
[WARNING] 'build.plugins.plugin.version' for 
org.apache.maven.plugins:maven-jar-plugin is missing. @ 
org.apache.commons:commons-parent:debian, 
/<>/debian/maven-repo/org/apache/commons/commons-parent/debian/commons-parent-debian.pom,
 line 277, column 12
[WARNING] 'build.plugins.plugin.version' for 
org.apache.felix:maven-bundle-plugin is missing. @ 
org.apache.commons:commons-parent:debian, 
/<>/debian/maven-repo/org/apache/commons/commons-parent/debian/commons-parent-debian.pom,
 line 310, column 12
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten 
the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support 
building such malformed projects.
[WARNING] 
[WARNING] The POM for org.apache.maven.plugins:maven-site-plugin:jar:3.3 is 
missing, no dependency information available
[WARNING] Failed to retrieve plugin descriptor for 
org.apache.maven.plugins:maven-site-plugin:3.3: Plugin 
org.apache.maven.plugins:maven-site-plugin:3.3 or one of its dependencies could 
not be resolved: Cannot access central (https://repo.maven.apache.org/maven2) 
in offline mode and the artifact 
org.apache.maven.plugins:maven-site-plugin:jar:3.3 has not been downloaded from 
it before.
[WARNING] The POM for org.apache.maven.plugins:maven-antrun-plugin:jar:1.3 is 
missing, no dependency information available
[WARNING] Failed to retrieve plugin descriptor for 
org.apache.maven.plugins:maven-antrun-plugin:1.3: Plugin 
org.apache.maven.plugins:maven-antrun-plugin:1.3 or one of its dependencies 
could not be resolved: Cannot access central 
(https://repo.maven.apache.org/maven2) in offline mode and the artifact 
org.apache.maven.plugins:maven-antrun-plugin:jar:1.3 has not been downloaded 
from it before.
[WARNING] The POM for 
org.apache.maven.plugins:maven-assembly-plugin:jar:2.2-beta-5 is missing, no 
dependency information available
[WARNING] Failed to retrieve plugin descriptor for 
org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5: Plugin 
org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5 or one of its 
dependencies could not be resolved: Cannot access central 
(https://repo.maven.apache.org/maven2) in offline mode and the artifact 
org.apache.maven.plugins:maven-assembly-plugin:jar:2.2-beta-5 has not been 
downloaded from it before.
[WARNING] The POM for org.apache.maven.plu

Bug#919798: marked as done (javadoc: The code being documented uses modules but the packages defined in … are in the unnamed module)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding javadoc: The code being documented uses modules but the packages 
defined in … are in the unnamed module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:antlr4
Version: 4.7.1-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_update_autotools_config -i
   dh_autoreconf -i
   dh_auto_configure -i
mh_patchpoms -pantlr4 --debian-build --keep-pom-version 
--maven-repo=/<>/debian/maven-repo
   debian/rules override_dh_auto_build
make[1]: Entering directory '/<>'
cp -r debian/generated-sources/antlr4/* runtime/Java/src/
dh_auto_build
/usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
-Dproperties.file.manual=/<>/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian 
-Dmaven.repo.local=/<>/debian/maven-repo --batch-mode package 
javadoc:jar javadoc:aggregate -DskipTests -Dnotimestamp=true -Dlocale=en_US
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by 
com.google.inject.internal.cglib.core.$ReflectUtils$1 
(file:/usr/share/maven/lib/guice.jar) to method 
java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of 
com.google.inject.internal.cglib.core.$ReflectUtils$1

[... snipped ...]

[ERROR] Exit code: 1 - javadoc: error - The code being documented uses modules 
but the packages defined in https://docs.oracle.com/javase/7/docs/api/ are in 
the unnamed module.
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/CharStreams.java:27: 
warning - invalid usage of tag >
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/CodePointCharStream.java:19:
 warning - invalid usage of tag >
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/ParserInterpreter.java:72:
 warning - invalid usage of tag >
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/ParserInterpreter.java:72:
 warning - invalid usage of tag >
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/RuleContext.java:34: 
warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/RuleContext.java:35: 
warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/RuleContext.java:37: 
warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/RuleContext.java:51: 
warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/RuleContext.java:52: 
warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/RuleContext.java:53: 
warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/RuleContext.java:166: 
warning - invalid usage of tag {@see ParseTree#setParent}
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:16:
 warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:18:
 warning - invalid usage of tag >
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:23:
 warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:37:
 warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:23:
 warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:37:
 warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/tree/ParseTreeListener.java:15:
 warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:23:
 warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:37:
 warning - invalid usage of tag <
[ERROR] 
/<>/runtime/Java/src/org/antlr/v4/runtime/atn/CodePointTransitions.java:23:
 warning - inv

Bug#919878: marked as done (javadoc: The code being documented uses modules but the packages defined in … are in the unnamed module)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding javadoc: The code being documented uses modules but the packages 
defined in … are in the unnamed module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:servlet-api
Version: 4.0.1-2
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_update_autotools_config -i
   dh_autoreconf -i
   dh_auto_configure -i
mh_patchpoms -plibservlet-api-java --debian-build --keep-pom-version 
--maven-repo=/<>/debian/maven-repo
   dh_auto_build -i
/usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
-Dproperties.file.manual=/<>/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian 
-Dmaven.repo.local=/<>/debian/maven-repo --batch-mode package 
javadoc:jar javadoc:aggregate -DskipTests -Dnotimestamp=true -Dlocale=en_US
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by 
com.google.inject.internal.cglib.core.$ReflectUtils$1 
(file:/usr/share/maven/lib/guice.jar) to method 
java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of 
com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal 
reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Scanning for projects...
[INFO] 
[INFO] --< javax.servlet:javax.servlet-api >---
[INFO] Building Java Servlet API 4.0.1
[INFO] [ jar ]-
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ 
javax.servlet-api ---
[WARNING] Using platform encoding (ANSI_X3.4-1968 actually) to copy filtered 
resources, i.e. build is platform dependent!
[INFO] Copying 11 resources
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:3.8.0:compile (default-compile) @ 
javax.servlet-api ---
[INFO] Changes detected - recompiling the module!
[WARNING] File encoding has not been set, using platform encoding 
ANSI_X3.4-1968, i.e. build is platform dependent!
[INFO] Compiling 77 source files to /<>/target/classes
[INFO] 
[INFO] --- maven-bundle-plugin:3.5.1:manifest (bundle-manifest) @ 
javax.servlet-api ---
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ 
javax.servlet-api ---
[WARNING] Using platform encoding (ANSI_X3.4-1968 actually) to copy filtered 
resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory /<>/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.8.0:testCompile (default-testCompile) @ 
javax.servlet-api ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ javax.servlet-api 
---
[INFO] Tests are skipped.
[INFO] 
[INFO] --- maven-jar-plugin:3.1.1:jar (default-jar) @ javax.servlet-api ---
[INFO] Building jar: /<>/target/javax.servlet-api-4.0.1.jar
[INFO] 
[INFO] --- maven-javadoc-plugin:3.0.1:jar (default) @ javax.servlet-api ---
[WARNING] Source files encoding has not been set, using platform encoding 
ANSI_X3.4-1968, i.e. build is platform dependent!
[INFO] Adding the --ignore-source-errors option
[INFO] 
Loading source file 
/<>/src/main/java/javax/servlet/SessionCookieConfig.java...
Loading source file 
/<>/src/main/java/javax/servlet/ServletRequestAttributeListener.java...
Loading source file 
/<>/src/main/java/javax/servlet/http/HttpSessionBindingEvent.java...
Loading source file 
/<>/src/main/java/javax/servlet/http/HttpServletMapping.java...
Loading source file 
/<>/src/main/java/javax/servlet/http/HttpSession.java...
Loading source file 
/<>/src/main/java/javax/servlet/http/HttpFilter.java...
Loading source file 
/<>/src/main/java/javax/servlet/http/HttpServletResponse.java...
Loading source file 

Bug#920795: marked as done (weupnp FTBFS with recent OpenJDK)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 18:06:14 +
with message-id 
and subject line Bug#919798: fixed in maven-javadoc-plugin 3.0.1-3
has caused the Debian Bug report #919798,
regarding weupnp FTBFS with recent OpenJDK
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: weupnp
Version: 0.1.4-1
Severity: serious
Tags: ftbfs buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/weupnp.html

...
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar (default-cli) on 
project weupnp: MavenReportException: Error while generating Javadoc: 
[ERROR] Exit code: 1 - javadoc: error - The code being documented uses modules 
but the packages defined in https://docs.oracle.com/javase/1.5.0/docs/api/ are 
in the unnamed module.


For background see
https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=919798#125
--- End Message ---
--- Begin Message ---
Source: maven-javadoc-plugin
Source-Version: 3.0.1-3

We believe that the bug you reported is fixed in the latest version of
maven-javadoc-plugin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 919...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated maven-javadoc-plugin 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 17 Feb 2019 10:36:03 -0800
Source: maven-javadoc-plugin
Architecture: source
Version: 3.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 919798
Changes:
 maven-javadoc-plugin (3.0.1-3) unstable; urgency=medium
 .
   * Team upload.
   * Add default-detectJavaApiLink-to-false.patch (Closes: #919798)
 This addresses FTBFS bugs for multiple javadoc packages that
 build-depend on maven.  Also see:
 - https://github.com/oracle/opengrok/issues/2629
 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919831
 Thank you to Markus Koschany for identifying a work-around.
Checksums-Sha1:
 0881fbd794ee91c1966900bfaa2cfcef27d79a9a 2645 maven-javadoc-plugin_3.0.1-3.dsc
 74811d78357981019706a0415350dd55c9f37fa0 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 c3b705be1d0728a08d918c043796c45c070d9202 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Checksums-Sha256:
 a3e5e57a3adf8b910a7a5d386610904bc8eff7c37a5b5554faafccdc435e 2645 
maven-javadoc-plugin_3.0.1-3.dsc
 90ee74633a6473a83561787312f3a4289c113a8f4555cf1a66adb97a7ae1f955 7724 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 f8ba5577aa484ad24f5ffbeb545fd7b58f3abd887687a0ec39eccdd37e2dbe4a 15158 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo
Files:
 a204447b8f15a3e83de17b81342418c3 2645 java optional 
maven-javadoc-plugin_3.0.1-3.dsc
 f10017a77ae0b977aab26005593d4d4a 7724 java optional 
maven-javadoc-plugin_3.0.1-3.debian.tar.xz
 dfbbc41406bd3f7ca4f7fbefc625613c 15158 java optional 
maven-javadoc-plugin_3.0.1-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlxq718UHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpa6jQ/8C0Cm5T8Jbf2257uGBaS7yxCdbNKl
pPW4a8kByApZOaiW0bS33eS4LrvEqqD+j1f8HFxUiNM+An5BNSs16DaZF0joZOju
kkEgifT3xHKpp/GqyMBgjtTJiPLyV2sxV2Xcog+y0EQgrlcGwmLKqGp+3RPj+Ele
J/g6cGJX+ceHAt3G9y2OTG6n/1+mAb1CTbL5G+09/us+JlWtIEi+QRlJKTAExciR
i5XnzMH+/r1qCiuYijeBhiItRU1bLVEiIGyf8SisOg1Q9f0PXl0OvhJ6jNBTlvvT
MLmuqmS2PXtLcGAxpaDggoq7XD+mc2mseQLh4X8u1ivtGeTiKWBm1colwWC7w+3Q
1OyRrZHnJ+VK98O4oGK7u1Y6E4uP/Earv45eZD3BPDwteEyTWYjkdj/Yhjqqv/KW
XNhFONOOERfbDKIAsplIwsuCjrXuxZ3YwfdTY6GngWNUsOGfoAUIj0fRBjxrpnBx
LHTUiS6tewNNDky1q6mQ10LpK0abeEV9ehbUtXyIITStPH1ovQz+LCjtfV0ZvoHh
8Pl1LeJmrop4OF0cO1DZOfNXxpxeeY3OVjhyCBIfFNX1VpRj7ikV4TQRLdDYsM+g
/yC2ZXSplhmcjZfsbEOmOKS7OV4aGSe9dMjdqkIVQOgwnYdO/BbzM+UJFxxxp/Zl
/lu5/qrR/PlcD5U=
=Oh6N
-END PGP SIGNATURE End Message ---

Processed: Re: Bug#921704: tortoisehg: uninstallable with mercurial 4.9

[Debian Bug Tracking System]

Processing control commands:

> tag -1 - sid experimental
Bug #921704 [src:tortoisehg] tortoisehg: uninstallable with mercurial 4.9
Removed tag(s) sid and experimental.

-- 
921704: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921704
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#921704: tortoisehg: uninstallable with mercurial 4.9

[Julien Cristau]

Control: tag -1 - sid experimental

On Sun, Feb 17, 2019 at 21:57:32 -0800, Ludovico Cavedon wrote:

> package src:tortoisehg
> tags 921704 + sid experimental
> thanks
> 
> Thank you for the bug report. TortoiseHg 4.9 has not been released yet.
> 
There's no need for the tags, and this will affect buster when mercurial
migrates so they're wrong anyway.

Cheers,
Julien

Bug#921704: tortoisehg: uninstallable with mercurial 4.9

[Ludovico Cavedon]

On Mon, Feb 18, 2019 at 10:58 AM Julien Cristau  wrote:

> > Thank you for the bug report. TortoiseHg 4.9 has not been released yet.
> >
> There's no need for the tags, and this will affect buster when mercurial
> migrates so they're wrong anyway.
>

I see.
Would it make sense to delay the migration of mercurial until an updated
tortoisehg is migrated, so we avoid removing tortoisehg from testing, given
the upcoming release?

Thanks,
Ludovico

Processed: Re: simplejson breaks json-schema-validator autopkgtest

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #918632 [src:simplejson, src:json-schema-validator] simplejson breaks 
json-schema-validator autopkgtest
Severity set to 'serious' from 'normal'

-- 
918632: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918632
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: htslib breaks python-pysam autopkgtest

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #919928 [src:htslib, src:python-pysam] htslib breaks python-pysam 
autopkgtest
Severity set to 'serious' from 'normal'

-- 
919928: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919928
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#921704: tortoisehg: uninstallable with mercurial 4.9

[Julien Cristau]

On Mon, Feb 18, 2019 at 11:07:59 -0800, Ludovico Cavedon wrote:

> On Mon, Feb 18, 2019 at 10:58 AM Julien Cristau  wrote:
> 
> > > Thank you for the bug report. TortoiseHg 4.9 has not been released yet.
> > >
> > There's no need for the tags, and this will affect buster when mercurial
> > migrates so they're wrong anyway.
> >
> 
> I see.
> Would it make sense to delay the migration of mercurial until an updated
> tortoisehg is migrated, so we avoid removing tortoisehg from testing, given
> the upcoming release?
> 
Well it's going to be delayed by virtue of making tortoisehg and hg-git
uninstallable anyway, for now.  Is there an ETA on a tortoise 4.9
release?

Cheers,
Julien

Bug#921704: tortoisehg: uninstallable with mercurial 4.9

[Ludovico Cavedon]

On Mon, Feb 18, 2019 at 11:39 AM Julien Cristau  wrote:

> Well it's going to be delayed by virtue of making tortoisehg and hg-git
> uninstallable anyway, for now.  Is there an ETA on a tortoise 4.9
> release?
>
>
Let me check with upstream.

Thanks,
Ludovico

Bug#919373: kannel: FTBFS with mariadb-10.3: gwlib/utils.c:602:14:

[Jonas Smedegaard]

Quoting Faustin Lammler (2019-01-17 22:17:07)
> Control: forwarded -1 https://redmine.kannel.org/issues/795
> 
> Hi,
> This seems to be a bug (see
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919395#36):
> 
> > error: 'MYSQL_SERVER_VERSION' undeclared
> > 
> > this looks like a bug. MYSQL_SERVER_VERSION is documented here:
> > https://dev.mysql.com/doc/refman/5.5/en/c-api-server-client-versions.html

Thanks, Andreas and Faustin.

In case others get confused same as me: This seems to be a but not in 
kannel but in mariadb, in that it fails to implement the MySQL spec.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#921798: marked as done (node-mocha: FTBFS (Module not found: Error: Recursion in resolving))

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 20:44:08 +
with message-id 
and subject line Bug#921798: fixed in node-mocha 4.1.0+ds3-4
has caused the Debian Bug report #921798,
regarding node-mocha: FTBFS (Module not found: Error: Recursion in resolving)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:node-mocha
Version: 4.1.0+ds3-3
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_update_autotools_config -i
   dh_autoreconf -i
   dh_auto_configure -i
   debian/rules override_dh_auto_build
make[1]: Entering directory '/<>/node-mocha-4.1.0+ds3'
NODE_PATH='/usr/share/nodejs:/usr/lib/nodejs' webpack --verbose --config 
debian/webpack.config.js
Hash: 87cc69c5bf02c862585f
Version: webpack 3.5.6
Time: 2463ms
   AssetSize  ChunksChunk Names
mocha.js  458 kB   0  [emitted]  [big]  main
Entrypoint main [big] = mocha.js

[... snipped ...]

  raw-module: (/<>/node-mocha-4.1.0+ds3) buffer
  module: (/<>/node-mocha-4.1.0+ds3) buffer
  resolve: (/usr/share/nodejs) ./buffer
  new-resolve: (/usr/share/nodejs) ./buffer
  parsed-resolve: (/usr/share/nodejs) ./buffer
  described-resolve: (/usr/share/nodejs) ./buffer
  resolve: (/<>/node-mocha-4.1.0+ds3) buffer
 @ /usr/lib/nodejs/core-util-is/lib/util.js 1:0-79
 @ /usr/lib/nodejs/readable-stream/lib/_stream_duplex.js
 @ /usr/lib/nodejs/readable-stream/readable-browser.js
 @ /usr/lib/nodejs/stream-browserify/index.js
 @ /usr/lib/nodejs/browser-stdout/index.js
 @ ./browser-entry.js

ERROR in /usr/share/javascript/util/support/isBuffer.js
Module not found: Error: Recursion in resolving
Stack:
  resolve: (/usr/share/javascript/util/support) 
./../../../../../<>/node-mocha-4.1.0+ds3/buffer
  new-resolve: (/usr/share/javascript/util/support) 
./../../../../../<>/node-mocha-4.1.0+ds3/buffer
  parsed-resolve: (/usr/share/javascript/util/support) 
./../../../../../<>/node-mocha-4.1.0+ds3/buffer
  described-resolve: (/usr/share/javascript/util/support) 
./../../../../../<>/node-mocha-4.1.0+ds3/buffer
  relative: (/<>/node-mocha-4.1.0+ds3/buffer) 
  described-relative: (/<>/node-mocha-4.1.0+ds3/buffer) 
  raw-file: (/<>/node-mocha-4.1.0+ds3/buffer) 
  file: (/<>/node-mocha-4.1.0+ds3/buffer) 
  resolve: (/<>/node-mocha-4.1.0+ds3) buffer
  new-resolve: (/<>/node-mocha-4.1.0+ds3) buffer
  parsed-resolve: (/<>/node-mocha-4.1.0+ds3) buffer module
  described-resolve: (/<>/node-mocha-4.1.0+ds3) buffer module
  raw-module: (/<>/node-mocha-4.1.0+ds3) buffer
  module: (/<>/node-mocha-4.1.0+ds3) buffer
  resolve: (/usr/share/nodejs) ./buffer
  new-resolve: (/usr/share/nodejs) ./buffer
  parsed-resolve: (/usr/share/nodejs) ./buffer
  described-resolve: (/usr/share/nodejs) ./buffer
  resolve: (/<>/node-mocha-4.1.0+ds3) buffer
 @ /usr/share/javascript/util/support/isBuffer.js 1:0-79
 @ /usr/share/javascript/util/util.js
 @ ./lib/utils.js
 @ ./lib/mocha.js
 @ ./browser-entry.js
make[1]: *** [debian/rules:23: mocha.js] Error 2
make[1]: Leaving directory '/<>/node-mocha-4.1.0+ds3'
make: *** [debian/rules:8: build-indep] Error 2
dpkg-buildpackage: error: debian/rules build-indep subprocess returned exit 
status 2


(The above is just how the build ends and not necessarily the most relevant 
part)

The build was made in my autobuilder with "dpkg-buildpackage -A"
and it also fails here:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/node-mocha.html

where you can get a full build log if you need it.

If this is really a bug in one of the build-depends, please use reassign and 
affects,
so that this is still visible in the BTS web page for this package.

Thanks.
--- End Message ---
--- Begin Message ---
Source: node-mocha
Source-Version: 4.1.0+ds3-4

We believe that the bug you reported is fixed in the latest version of
node-mocha, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 921...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xavier Guimard  (supplier of updated node-mocha pa

Processed: unarchiving 895778

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unarchive 895778
Bug #895778 {Done: Markus Koschany } [jruby] jruby: Several 
security vulnerabilities
Unarchived Bug 895778
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
895778: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#896625: marked as done (FTBFS with sphinx 1.7.2: exception: cannot import name 'Directive')

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 21:50:39 +
with message-id 
and subject line Bug#896625: fixed in pyevolve 0.6+git20151103.589b6a9-1
has caused the Debian Bug report #896625,
regarding FTBFS with sphinx 1.7.2: exception: cannot import name 'Directive'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
896625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896625
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: sphinx
Version: 1.7.2-1
Severity: serious
Control: affects -1 src:alembic src:bcfg2 src:bottleneck src:dipy src:heat 
src:julia src:mako src:prospector src:pyevolve src:pymvpa2 
src:python-cryptography src:python-expyriment src:python-numpy src:python-scipy

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/alembic.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/bcfg2.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/bottleneck.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/dipy.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/heat.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/julia.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/mako.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/prospector.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/pyevolve.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/pymvpa2.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/i386/python-cryptography.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-expyriment.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-numpy.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-scipy.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/arm64/sqlalchemy.html

Example (from alembic):

...
   debian/rules override_dh_sphinxdoc
make[1]: Entering directory '/build/1st/alembic-0.9.7'
sphinx-build -b html docs/build 
/build/1st/alembic-0.9.7/debian/alembic/usr/share/doc/alembic/html
Running Sphinx v1.7.2

Extension error:
Could not import extension changelog (exception: cannot import name 'Directive')
make[1]: *** [debian/rules:13: override_dh_sphinxdoc] Error 2
--- End Message ---
--- Begin Message ---
Source: pyevolve
Source-Version: 0.6+git20151103.589b6a9-1

We believe that the bug you reported is fixed in the latest version of
pyevolve, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 896...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Kastner  (supplier of updated pyevolve package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 18 Feb 2019 21:54:45 +0100
Source: pyevolve
Architecture: source
Version: 0.6+git20151103.589b6a9-1
Distribution: unstable
Urgency: medium
Maintainer: Christian Kastner 
Changed-By: Christian Kastner 
Closes: 896625
Changes:
 pyevolve (0.6+git20151103.589b6a9-1) unstable; urgency=medium
 .
   * New upstream version 0.6+git20151103.589b6a9
 - Upstream has moved from SourceForge to GitHub
   * Move Files-Excluded patterns from standalone file to d/copyright
   * Update d/watch to check GitHub HEAD
 - Upstream hasn't tagged or released yet
   * d/patches:
 - Refresh 0002-Fix-broken-example-12.patch
 - Add patch Switch-away-from-deprecated-sphinx-interface.patch
   Closes: #896625
   * d/tests: Rename ADTTMP to AUTOPKGTEST_TMP
   * d/control:
 - Point Vcs-* to Salsa
 - Switch Build-Depends from debhelper to debhelper-compat
 - Bump debhelper to compatibility level 12
 - Drop ancient X-Python-Version
 - Bump Standards-Version to 4.3.0
 - Add Rules-Requires-Root: no
   We don't need (fake)root for building the packages
 - Mark python-pyevolve-doc as Multi-Arch: foreign
   As per the Multiarch hinter's suggestion
 - Switch Build-Depends from python-sphinx to python3-sphinx
   * Remove now obsolete d/compat
   * gbp.conf:
 - Set pristine-tar and sign-tags options
   Drop upstr

Processed: affects 895778

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 895778 9.1.13.0-1
Bug #895778 {Done: Markus Koschany } [jruby] jruby: Several 
security vulnerabilities
Added indication that 895778 affects 9.1.13.0-1
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
895778: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: affects 895778

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 895778 9.1.13.0-1^
Bug #895778 {Done: Markus Koschany } [jruby] jruby: Several 
security vulnerabilities
Added indication that 895778 affects 9.1.13.0-1^
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
895778: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#900787: nvidia-graphics-drivers-legacy-304xx: does not support Xorg Xserver 1.20

[Moritz Mühlenhoff]

On Mon, Jun 04, 2018 at 11:47:35PM +0200, Andreas Beckmann wrote:
> Source: nvidia-graphics-drivers-legacy-304xx
> Version: 304.137-5
> Severity: serious
> Tags: sid buster upstream wontfix
> 
> The 304.xx legacy series is EoL upstream and won't be updated for the
> latest Xorg.
> 
> Let's get it out of buster ... but keep it in sid for now.

Out of interest, why is this kept in sid? Unstable also has 1.20 since
May of last year.

Cheers,
Moritz

Bug#913467: nvidia-graphics-drivers: CVE‑2018‑6260: access to application data processed on the GPU through a side channel exposed by the GPU performance counters

[Moritz Mühlenhoff]

On Mon, Nov 12, 2018 at 02:36:23PM +, Luca Boccassi wrote:
> On Mon, 2018-11-12 at 13:47 +0100, Andreas Beckmann wrote:
> > On 2018-11-11 13:54, Luca Boccassi wrote:
> > > https://nvidia.custhelp.com/app/answers/detail/a_id/4738
> > 
> > So we expect new releases soon. There is already 415.* ...
> > 
> > Please refrain from any uploads for now while I'm preparing
> > infrastructure changes. I'll do a 390.87-3 upload soon, thereafter
> > you
> > could update that in sid. If there are some pkern commits in the
> > repository, use them, if not, they will come with -2.
> > 
> > (Procedure in 390:
> > do all commits incl. finalization of changelog in 390
> > merge into master
> > upload from master
> > )
> > 
> > Andreas
> 
> Ok, I see -3 is now in unstable (thanks!) so if something comes out for
> the 390 branch I'll follow that procedure and upload to unstable from
> master.
> 
> What about -legacy-390xx?
> 
> > PS: finally a reason to push 390 to stretch, lets do it soon at the
> > beginning of the new point release cycle
> 
> Yes, sounds good, 384 is not maintained anymore.

I'm confused by all the branches in buster. Can you please confirm
which are fixed for CVE-2018-6260 and which are not? (And if so, which
version in sid fixed it):

nvidia-graphics-drivers: 390.87-8 (sid: 410.93-2)
nvidia-graphics-drivers-legacy-390xx: 390.87-6 (sid the same)
nvidia-graphics-drivers-legacy-340xx: 340.107-3 (sid the same)
nvidia-graphics-drivers-legacy-304xx: not in testing

Cheers,
Moritz

Processed (with 1 error): forcibly merging 910056 920458

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forcemerge 910056 920458
Bug #910056 {Done: Mattia Rizzolo } [src:twisted] twisted: 
Missing version constraint on python-attr dependencies
Unable to merge bugs because:
package of #920458 is 'python3-twisted' not 'src:twisted'
Failed to forcibly merge 910056: Did not alter merged bugs.

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
910056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910056
920458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920458
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#918632: simplejson breaks json-schema-validator autopkgtest

[Neil Williams]

On Mon, 18 Feb 2019 20:05:41 +0100 Paul Gevers 
wrote:
> Control: severity -1 serious
> 
> Hi,
> 
> On Mon, 7 Jan 2019 21:49:01 +0100 Paul Gevers 
> wrote:
> > With a recent upload of simplejson the autopkgtest of
> > json-schema-validator fails in testing when that autopkgtest is run
> > with the binary packages of simplejson from unstable. It passes
> > when run with only packages from testing. In tabular form:
> >passfail
> > simplejson from testing3.16.0-1
> > json-schema-validator  from testing2.3.1-3
> > all others from testingfrom testing
> > 
> > I copied some of the output at the bottom of this report.
> > 
> > Currently this regression is contributing to the delay of the
> > migration of simplejson to testing [1]. Due to the nature of this
> > issue, I filed this bug report against both packages. Can you
> > please investigate the situation and reassign the bug to the right
> > package? If needed, please change the bug's severity.
> 
> Since February 12, this is now blocking simplejson from migrating.
> This bug should be fixed either direction: or simplejson fixes the
> regression it causes in json-schema-validator, or
> json-schema-validator fixes its autopkgtest to adapt to the new
> situation. Please agree which package should be fixed and reassign it
> to that package, keeping the version information.

My guess is that json-schema-validator is the package at fault but I
orphaned it precisely because I don't have time to investigate bugs in
the package. There are no reverse dependencies that affect buster or
unstable and no Python3 package in Debian. Nobody else has taken any
interest in the package since it was orphaned over a year ago.

Unless there are any relevant bug reports filed against simplejson or
some other confirmation of the bug as being caused by simplejson within
say a week to 10 days, I'll assign this just to json-schema-validator
and seek removal of json-schema-validator from Debian as orphaned, out
of date & RC buggy. There are better ways to validate Python data
structures than exporting & validating in JSON.

-- 

Neil Williams
h...@codehelp.co.uk



pgpwDCBDDw6UP.pgp
Description: OpenPGP digital signature

Bug#918578: gosa: GOsa web interface missing password field

[Wolfgang Schweer]

On Sun, Feb 17, 2019 at 04:41:57PM +0100, Wolfgang Schweer wrote:
> On Mon, Jan 14, 2019 at 03:43:26PM +, Holger Levsen wrote:
> > On Mon, Jan 14, 2019 at 05:15:59PM +0200, Eliza Ralph wrote:
> > > So are you saying it's not possible to fix GOsa in this case?
> > 
> > it's not gosa that is broken but your php setup.
> 
> After upgrading a Debian Edu main server (Stretch 9.8 -> Buster) the 
> password entry field is missing just like reported.
> Further investigation needed...
 
It seems to be enough to adjust the Apache configuration like this:

a2dismod php7.0
a2enmod php7.3
a2enconf php7.3-cgi
service apache2 restart

Most probably the gosa package should ship some information (NEWS).

Wolfgang


signature.asc
Description: PGP signature

Bug#913467: nvidia-graphics-drivers: CVE‑2018‑6260: access to application data processed on the GPU through a side channel exposed by the GPU performance counters

[Luca Boccassi]

On Mon, 2019-02-18 at 22:57 +0100, Moritz Mühlenhoff wrote:
> On Mon, Nov 12, 2018 at 02:36:23PM +, Luca Boccassi wrote:
> > On Mon, 2018-11-12 at 13:47 +0100, Andreas Beckmann wrote:
> > > On 2018-11-11 13:54, Luca Boccassi wrote:
> > > > https://nvidia.custhelp.com/app/answers/detail/a_id/4738
> > > 
> > > So we expect new releases soon. There is already 415.* ...
> > > 
> > > Please refrain from any uploads for now while I'm preparing
> > > infrastructure changes. I'll do a 390.87-3 upload soon,
> > > thereafter
> > > you
> > > could update that in sid. If there are some pkern commits in the
> > > repository, use them, if not, they will come with -2.
> > > 
> > > (Procedure in 390:
> > > do all commits incl. finalization of changelog in 390
> > > merge into master
> > > upload from master
> > > )
> > > 
> > > Andreas
> > 
> > Ok, I see -3 is now in unstable (thanks!) so if something comes out
> > for
> > the 390 branch I'll follow that procedure and upload to unstable
> > from
> > master.
> > 
> > What about -legacy-390xx?
> > 
> > > PS: finally a reason to push 390 to stretch, lets do it soon at
> > > the
> > > beginning of the new point release cycle
> > 
> > Yes, sounds good, 384 is not maintained anymore.
> 
> I'm confused by all the branches in buster. Can you please confirm
> which are fixed for CVE-2018-6260 and which are not? (And if so,
> which
> version in sid fixed it):
> 
> nvidia-graphics-drivers: 390.87-8 (sid: 410.93-2)
> nvidia-graphics-drivers-legacy-390xx: 390.87-6 (sid the same)
> nvidia-graphics-drivers-legacy-340xx: 340.107-3 (sid the same)
> nvidia-graphics-drivers-legacy-304xx: not in testing

Unfortunately we have no idea - NVIDIA's security tracker was never
updated after the initial mention of the CVE:

https://nvidia.custhelp.com/app/answers/detail/a_id/4738

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#921725: marked as done (libu2f-host: CVE-2018-20340)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 23:18:42 +
with message-id 
and subject line Bug#921725: fixed in libu2f-host 1.1.2-2+deb9u1
has caused the Debian Bug report #921725,
regarding libu2f-host: CVE-2018-20340
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921725
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libu2f-host
Version: 1.1.2-2
Severity: grave
Tags: security upstream
Control: found -1  1.1.6-1

Hi,

The following vulnerability was published for libu2f-host.

CVE-2018-20340[0]:
buffer overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20340
[1] https://www.yubico.com/support/security-advisories/ysa-2019-01/

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libu2f-host
Source-Version: 1.1.2-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
libu2f-host, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 921...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolas Braud-Santoni  (supplier of updated libu2f-host 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 08 Feb 2019 21:42:16 +0100
Source: libu2f-host
Binary: libu2f-host0 libu2f-host-dev u2f-host
Architecture: source amd64
Version: 1.1.2-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Authentication Maintainers 

Changed-By: Nicolas Braud-Santoni 
Description:
 libu2f-host-dev - Development files for the U2F host C library libu2f-host
 libu2f-host0 - Universal 2nd Factor (U2F) host communication C Library
 u2f-host   - Command line tool to do Universal 2nd Factor (U2F) operations
Closes: 921725
Changes:
 libu2f-host (1.1.2-2+deb9u1) stretch-security; urgency=high
 .
   * Backport patch for CVE-2018-20340 (Closes: #921725)
Checksums-Sha1:
 233bae3a54d0736d5963b2aa6676485e9358e97b 2342 libu2f-host_1.1.2-2+deb9u1.dsc
 c3e6ebb9c48924c87d9fb4f41436620a36a8f064 456160 libu2f-host_1.1.2.orig.tar.xz
 c15f5dc02f38b18ae66cc0630c3288ffde019782 61548 
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
 a26ea85b2fa1caac2d32f6e0e6c0698f4fe9a540 117190 
libu2f-host-dev_1.1.2-2+deb9u1_amd64.deb
 0539be4886bdf57321f9362c37d73f028a262af2 34022 
libu2f-host0-dbgsym_1.1.2-2+deb9u1_amd64.deb
 ee01e16d371ca717fe071b943e099f93a73c9b8c 24982 
libu2f-host0_1.1.2-2+deb9u1_amd64.deb
 51d7ccbb563829ea92bc33543bf5f671bec7f3a9 11970 
libu2f-host_1.1.2-2+deb9u1_amd64.buildinfo
 f3a899fca46f3bc8eaac7647c657a17460162cfa 14914 
u2f-host-dbgsym_1.1.2-2+deb9u1_amd64.deb
 b326f61580a3fb0d37e29a8e90af4d1f27b7d4f5 14624 
u2f-host_1.1.2-2+deb9u1_amd64.deb
Checksums-Sha256:
 edcd5e634758c0134efb6f833ed08fc1daebc7169d77bae301981353aeb0606e 2342 
libu2f-host_1.1.2-2+deb9u1.dsc
 5bcdfbc5e6f972da5395185b71de2272f9a397f0f0d431860e71545f52f1c56a 456160 
libu2f-host_1.1.2.orig.tar.xz
 e79b799d66dfd31655b63f43de7845e2f703062eda0af8c22d6b6c3a6de384f2 61548 
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
 a4022a9cf554e7371c4613fffe11f3c2bddcf2c2ce7a23b83a40f542b04a5161 117190 
libu2f-host-dev_1.1.2-2+deb9u1_amd64.deb
 d2894190d9cf66009d2995a11765e775523412a1f6e029eeaf56dd290f7fb2a0 34022 
libu2f-host0-dbgsym_1.1.2-2+deb9u1_amd64.deb
 2d8fbfef9bcfcc53d2b757284a90d0362bac2ccb4c2cdb29a67f86f53d1318d2 24982 
libu2f-host0_1.1.2-2+deb9u1_amd64.deb
 4a3f7bff9ac07bed93bddc3f32641ddf603b9f90478988a54a7aacd2573bd12c 11970 
libu2f-host_1.1.2-2+deb9u1_amd64.buildinfo
 cd4dd2e62e88756a8ad0ec467999c81b4199400edc8abc303453c855b8524da6 14914 
u2f-host-dbgsym_1.1.2-2+deb9u1_amd64.deb
 cb9e455b7a3ffcbbd5d619c50e03220d26c270f82244dec2293be473da3aa491 14624 
u2f-host_1.1.2-2+deb9u1_amd64.deb
Files:
 0dd7fae6e3f5249d64e4b48605886760 2342 utils extra 
libu2f-host_1.1.2-2+deb9u1.dsc
 92fde5650151623635e97287bd389592 456160 utils extra 
libu2f-host_1.1.2.orig.tar.xz
 0e987f39b76a6130876b011570d688c5 61548 utils extra 
libu2f-host_

Bug#906855: marked as done (gcu-plugin: NPAPI plugins are no longer supported by firefox-esr)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 23:18:41 +
with message-id 
and subject line Bug#906855: fixed in gnome-chemistry-utils 0.14.15-1+deb9u1
has caused the Debian Bug report #906855,
regarding gcu-plugin: NPAPI plugins are no longer supported by firefox-esr
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
906855: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906855
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gcu-plugin
Version: 0.14.15-1
Severity: serious

NPAPI plugins are no longer supported by firefox-esr.
--- End Message ---
--- Begin Message ---
Source: gnome-chemistry-utils
Source-Version: 0.14.15-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
gnome-chemistry-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 906...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated gnome-chemistry-utils 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 10 Feb 2019 21:52:08 +0100
Source: gnome-chemistry-utils
Binary: libgcu0v5 gcu-bin gcrystal gchempaint
Architecture: source
Version: 0.14.15-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debichem Team 
Changed-By: Andreas Beckmann 
Description:
 gchempaint - 2D chemical structures editor for the GNOME2 desktop
 gcrystal   - lightweight crystal structures visualizer
 gcu-bin- GNOME chemistry utils (helper applications)
 libgcu0v5  - GNOME chemistry utils (library)
Closes: 890980 906855
Changes:
 gnome-chemistry-utils (0.14.15-1+deb9u1) stretch; urgency=medium
 .
   [ Andreas Beckmann ]
   * Non-maintainer upload.
 .
   [ Adrian Bunk ]
   * Drop the obsolete gcu-plugin. (Closes: #906855, #890980)
Checksums-Sha1:
 4de9e6300c9d2784bd11e92b90b4e387a7b79c0d 2892 
gnome-chemistry-utils_0.14.15-1+deb9u1.dsc
 0f103588caac64125a4b62e83675a4736f11b6c2 21168 
gnome-chemistry-utils_0.14.15-1+deb9u1.debian.tar.xz
 91538e939531cfb7009a8ddb463de169cab27717 16551 
gnome-chemistry-utils_0.14.15-1+deb9u1_source.buildinfo
Checksums-Sha256:
 563e9528beebf7e0efeda2626910097c4520af0e76396963a74834e3c49b0476 2892 
gnome-chemistry-utils_0.14.15-1+deb9u1.dsc
 86dcb0c830c154fc307727a2443d74b67f6bb81cba6dff10d83251b70575804a 21168 
gnome-chemistry-utils_0.14.15-1+deb9u1.debian.tar.xz
 41c85013063f942568c187f3e25c0853dcd2c4ed2e61f10dd0a9d5df7b0688aa 16551 
gnome-chemistry-utils_0.14.15-1+deb9u1_source.buildinfo
Files:
 6506d230e12064e7be7223718d76dac4 2892 science optional 
gnome-chemistry-utils_0.14.15-1+deb9u1.dsc
 26eb5335459f837575e3eeb6918e7806 21168 science optional 
gnome-chemistry-utils_0.14.15-1+deb9u1.debian.tar.xz
 9fb402b122d6ba3d9adc756023c37deb 16551 science optional 
gnome-chemistry-utils_0.14.15-1+deb9u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJDBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAlxgkgAQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCHT1D/ICdlCu5P6Zm+SizUsiM/dzeEA/etFlwk61
zYCM5i8Ox8dldf28miE3NhyvMgD/qHpwkMcCyMox5HQXtNcL6sgWfYONS+PoyEV1
jNkZRbn0KZHHW/1XpS3dPUWxIIw0+uRI0RlE7UWws0/7i2Yn4qvMpoSIR4VlhiNY
/VSu+Fr0imqe+RZfa93R8Qws2xxuJE5SpTpjDS8ZgQSXEcW+be+Fcj9n8xNDTZbs
x5oYmBG4RT9FnqCMUo9LFnikyC0mmFMTbL3W867i87s8lUTayEw/KnwyjUwwBPgs
p+3m1O4HqTgdfEGYCHTp2sSaLWQbGEblDGB2b7AZjM3P3FTF1Wu5B0gSU7xw13vq
pYOzMfGYQvb20tbGsdF850VqgXb3vhxrzRRKJ7hfySvqY2BwrRpuUENCpMVlxu7X
wk9LashQRNVUUEOWKvYzsEtYszg5o9Qdqy4aHjXlBWnBLlgPs+bvXYU32atWQmHs
kbreR4uHkqkrAuZ92q9TO7UN91NrsEwafKw2tAA+fMi03tUgGKBt6IkKHPez0gET
FgdZseFFhpnE3nXpOlAtXjWP/qwcpx43jsDhQQiHlZeNbrmNyPiF3JG0Q7NsEDDm
mqwbKUgJgdK2iHOMRc7C0JZvWLHYTYyirDBlfjZnPN1oc+kdsuNnHPR51uJbtSMD
RPvUrOHo
=f/b+
-END PGP SIGNATURE End Message ---

Bug#922059: marked as done (flatpak: CVE-2019-8308: vulnerability similar to runc CVE-2019-5736 involving /proc/self/exe)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 23:18:30 +
with message-id 
and subject line Bug#922059: fixed in flatpak 0.8.9-0+deb9u2
has caused the Debian Bug report #922059,
regarding flatpak: CVE-2019-8308: vulnerability similar to runc CVE-2019-5736 
involving /proc/self/exe
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
922059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: flatpak
Version: 1.2.2-1
Severity: critical
Tags: security upstream patch
Justification: root security hole (?)
Control: found -1 1.2.0-1~bpo9+1
Control: found -1 0.8.9-0+deb9u1
Control: found -1 0.8.9-0+deb9u1~bpo8+1
Control: found -1 0.8.5-2+deb9u1

Flatpak upstream releases 1.2.3 and 1.0.7 fix a vulnerability similar to
runc vulnerability CVE-2019-5736. If a user installs a system-wide Flatpak
app or runtime that has an 'apply_extra' script, then the apply_extra
script is run in a sandbox, as root, with /proc mounted. A malicious app
or runtime could traverse /proc/self/exe to modify a host-side executable.

It is not completely clear to me *which* host-side executable. To be on
the safe side, I'm assuming that it's something that could lead to an
unsandboxed privilege escalation vulnerability. I don't currently have an
exploit that can be used to demonstrate this vulnerability.

Mitigation: the app or runtime would have to come from a trusted Flatpak
repository (such as Flathub) that was previously added as a system-wide
source of Flatpak apps by a root-equivalent user.

(Non-malicious apply_extra scripts are normally used to process "extra
data" files that had to be downloaded out-of-band, such as the archives
containing the proprietary Nvidia graphics drivers, which the Flathub
maintainers do not believe they are allowed to redistribute directly.)

For buster/sid, I'm preparing a 1.2.3-1 release that will fix this.

For stretch, 0.8.5 and 0.8.9 appear to be vulnerable. I don't think
upstream plan to release a 0.8.10 version, but the patch doesn't seem
difficult to backport (untested patch attached).

Do the security team want to issue a DSA for this, or should I be targeting
the next stretch point release?

References:
https://lists.freedesktop.org/archives/flatpak/2019-February/001476.html
https://github.com/flatpak/flatpak/releases/tag/1.2.3
https://lists.freedesktop.org/archives/flatpak/2019-February/001477.html
https://github.com/flatpak/flatpak/releases/tag/1.0.7

Thanks,
smcv
From: Alexander Larsson 
Date: Sun, 10 Feb 2019 18:23:44 +0100
Subject: Don't expose /proc when running apply_extra

As shown by CVE-2019-5736, it is sometimes possible for the sandbox
app to access outside files using /proc/self/exe. This is not
typically an issue for flatpak as the sandbox runs as the user which
has no permissions to e.g. modify the host files.

However, when installing apps using extra-data into the system repo
we *do* actually run a sandbox as root. So, in this case we disable mounting
/proc in the sandbox, which will neuter attacks like this.

(cherry picked from commit 468858c1cbcdbcb27266deb5c7347b37adf3a9e4)
---
 common/flatpak-dir.c | 2 +-
 common/flatpak-run.c | 6 +-
 common/flatpak-run.h | 1 +
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 4f6f54d..35e0a65 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -3914,7 +3914,7 @@ apply_extra_data (FlatpakDir  *self,
 NULL);
 
   if (!flatpak_run_setup_base_argv (argv_array, fd_array, runtime_files, NULL, runtime_ref_parts[2],
-FLATPAK_RUN_FLAG_NO_SESSION_HELPER,
+FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_NO_PROC,
 error))
 return FALSE;
 
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index cad8bc9..9a69f7b 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -4071,9 +4071,13 @@ flatpak_run_setup_base_argv (GPtrArray  *argv_array,
   if (fd_array)
 g_array_append_val (fd_array, group_fd);
 
+  if ((flags & FLATPAK_RUN_FLAG_NO_PROC) == 0)
+add_args (argv_array,
+  "--proc", "/proc",
+  NULL);
+
   add_args (argv_array,
 "--unshare-pid",
-"--proc", "/proc",
 "--dir", "/tmp",
 "--dir", "/var/tmp",
 "--dir", "/run/host",
diff --git a/common/flatpak-run.h b/common/flatpak-run.h
index 8a29fe0..e16c4db 100644
--- a/common/flatpak-run.h
+++ b/common/flatpak-r

Bug#921726: marked as done (libu2f-host: CVE-2018-20340)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 23:18:42 +
with message-id 
and subject line Bug#921725: fixed in libu2f-host 1.1.2-2+deb9u1
has caused the Debian Bug report #921725,
regarding libu2f-host: CVE-2018-20340
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921725
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libu2f-host
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for libu2f-host.

CVE-2018-20340[0]:
Unchecked buffer in libu2f-host before 1.1.7 ...

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20340

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libu2f-host
Source-Version: 1.1.2-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
libu2f-host, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 921...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolas Braud-Santoni  (supplier of updated libu2f-host 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 08 Feb 2019 21:42:16 +0100
Source: libu2f-host
Binary: libu2f-host0 libu2f-host-dev u2f-host
Architecture: source amd64
Version: 1.1.2-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Authentication Maintainers 

Changed-By: Nicolas Braud-Santoni 
Description:
 libu2f-host-dev - Development files for the U2F host C library libu2f-host
 libu2f-host0 - Universal 2nd Factor (U2F) host communication C Library
 u2f-host   - Command line tool to do Universal 2nd Factor (U2F) operations
Closes: 921725
Changes:
 libu2f-host (1.1.2-2+deb9u1) stretch-security; urgency=high
 .
   * Backport patch for CVE-2018-20340 (Closes: #921725)
Checksums-Sha1:
 233bae3a54d0736d5963b2aa6676485e9358e97b 2342 libu2f-host_1.1.2-2+deb9u1.dsc
 c3e6ebb9c48924c87d9fb4f41436620a36a8f064 456160 libu2f-host_1.1.2.orig.tar.xz
 c15f5dc02f38b18ae66cc0630c3288ffde019782 61548 
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
 a26ea85b2fa1caac2d32f6e0e6c0698f4fe9a540 117190 
libu2f-host-dev_1.1.2-2+deb9u1_amd64.deb
 0539be4886bdf57321f9362c37d73f028a262af2 34022 
libu2f-host0-dbgsym_1.1.2-2+deb9u1_amd64.deb
 ee01e16d371ca717fe071b943e099f93a73c9b8c 24982 
libu2f-host0_1.1.2-2+deb9u1_amd64.deb
 51d7ccbb563829ea92bc33543bf5f671bec7f3a9 11970 
libu2f-host_1.1.2-2+deb9u1_amd64.buildinfo
 f3a899fca46f3bc8eaac7647c657a17460162cfa 14914 
u2f-host-dbgsym_1.1.2-2+deb9u1_amd64.deb
 b326f61580a3fb0d37e29a8e90af4d1f27b7d4f5 14624 
u2f-host_1.1.2-2+deb9u1_amd64.deb
Checksums-Sha256:
 edcd5e634758c0134efb6f833ed08fc1daebc7169d77bae301981353aeb0606e 2342 
libu2f-host_1.1.2-2+deb9u1.dsc
 5bcdfbc5e6f972da5395185b71de2272f9a397f0f0d431860e71545f52f1c56a 456160 
libu2f-host_1.1.2.orig.tar.xz
 e79b799d66dfd31655b63f43de7845e2f703062eda0af8c22d6b6c3a6de384f2 61548 
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
 a4022a9cf554e7371c4613fffe11f3c2bddcf2c2ce7a23b83a40f542b04a5161 117190 
libu2f-host-dev_1.1.2-2+deb9u1_amd64.deb
 d2894190d9cf66009d2995a11765e775523412a1f6e029eeaf56dd290f7fb2a0 34022 
libu2f-host0-dbgsym_1.1.2-2+deb9u1_amd64.deb
 2d8fbfef9bcfcc53d2b757284a90d0362bac2ccb4c2cdb29a67f86f53d1318d2 24982 
libu2f-host0_1.1.2-2+deb9u1_amd64.deb
 4a3f7bff9ac07bed93bddc3f32641ddf603b9f90478988a54a7aacd2573bd12c 11970 
libu2f-host_1.1.2-2+deb9u1_amd64.buildinfo
 cd4dd2e62e88756a8ad0ec467999c81b4199400edc8abc303453c855b8524da6 14914 
u2f-host-dbgsym_1.1.2-2+deb9u1_amd64.deb
 cb9e455b7a3ffcbbd5d619c50e03220d26c270f82244dec2293be473da3aa491 14624 
u2f-host_1.1.2-2+deb9u1_amd64.deb
Files:
 0dd7fae6e3f5249d64e4b48605886760 2342 utils extra 
libu2f-host_1.1.2-2+deb9u1.dsc
 92fde5650151623635e97287bd389592 456160 utils extra 
libu2f-host_1.1.2.orig.tar.xz
 0e987f39b76a6130876b011570d688c5 61548 utils extra 
libu2f-host_1.1.2-2+d

Bug#922071: marked as done (mosquitto dumps core on startup on armv7l)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 23:18:59 +
with message-id 
and subject line Bug#922071: fixed in mosquitto 1.4.10-3+deb9u4
has caused the Debian Bug report #922071,
regarding mosquitto dumps core on startup on armv7l
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
922071: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922071
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mosquitto
Version: 1.4.10-3+deb9u3
Severity: grave
Justification: renders package unusable

Dear Maintainer,

   * What led up to the situation?

On armv7l box, after updating from 1.4.10-3+deb9u2 to 1.4.10-3+deb9u3,
mosquitto dumps core on startup.

Used gdb to get a stack trace (after installing mosquitto-dbg):
(gdb) bt
#0  __memcpy_vfp () at ../sysdeps/arm/armv7/multiarch/memcpy_impl.S:878
#1  0x7f5dcf08 in memcpy (__len=153597, __src=0xbef4b38c,
__dest=) at
/usr/include/arm-linux-gnueabihf/bits/string3.h:53
#2  mqtt3_db_message_store (db=db@entry=0x7f5fe5a8 ,
source=source@entry=0xbef4b3b0, source_mid=,
topic=0x7f60f380 "owntracks/user/device/info", qos=0,
payloadlen=payloadlen@entry=153597,
payload=payload@entry=0xbef4b38c, retain=1,
stored=stored@entry=0xbef4b394, store_id=store_id@entry=369513) at
database.c:587
#3  0x7f5dff1e in _db_msg_store_chunk_restore (db_fptr=, db=) at persist.c:778
#4  mqtt3_db_restore (db=db@entry=0x7f5fe5a8 ) at
persist.c:921
#5  0x7f5dc9e8 in mqtt3_db_open (config=,
db=0x7f5fe5a8 ) at database.c:95
#6  0x7f5d75c6 in main (argc=, argv=0xbef4bcb4) at
mosquitto.c:282

(Please excuse the linewrapping.  I've edited the arguments on frame #2
to remove actual user and device name; please feel free to comment on
the report if you feel the actual strings are relevant)

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

 Downgraded to older version 1.4.10-3+deb9u2, which works.  I
 haven't attempted any debugging with the latest version because I
 am not sufficiently clueful.



-- System Information:
Debian Release: 9.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 4.3.5-std-1 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mosquitto depends on:
ii  adduser 3.115
ii  libc6   2.24-11+deb9u3
ii  libssl1.1   1.1.0j-1~deb9u1
ii  libuuid12.29.2-1+deb9u1
ii  libwebsockets8  2.0.3-2
ii  libwrap07.6.q-26
ii  lsb-base9.20161125

mosquitto recommends no packages.

Versions of packages mosquitto suggests:
pn  apparmor  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: mosquitto
Source-Version: 1.4.10-3+deb9u4

We believe that the bug you reported is fixed in the latest version of
mosquitto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 922...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roger A. Light  (supplier of updated mosquitto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 13 Feb 2019 00:45:38 +
Source: mosquitto
Binary: mosquitto mosquitto-dev libmosquitto1 libmosquitto-dev libmosquittopp1 
libmosquittopp-dev mosquitto-clients mosquitto-dbg libmosquitto1-dbg 
libmosquittopp1-dbg
Architecture: source
Version: 1.4.10-3+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Roger A. Light 
Changed-By: Roger A. Light 
Closes: 922071
Description: 
 libmosquitto-dev - MQTT version 3.1/3.1.1 client library, development files
 libmosquitto1 - MQTT version 3.1/3.1.1 client library
 libmosquitto1-dbg - debugging symbols for libmosquitto binaries
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 3.1/3.1.1 client C++ library
 libmosquittopp1-dbg - debugging symbols for libmosquittopp binaries
 mosquitto  - MQTT version 3.1/3.1.1 compatible message broker
 mosquitto-

Bug#911873: python-transitions FTBFS: tests fail with Python 3.7: RuntimeError: generator raised StopIteration

[Stein Magnus Jodal]

Control: fixed 911873 python-pygraphviz/1.5-1

Hi,

I cannot reproduce this bug by building python-transitions in a fresh
buster pbuilder environment. I've updated upstream's CI setup to run on
Python 3.7, and all tests pass there as well.

Looking closer at the stack trace and the source code, it becomes clear
that `container` is a pygraphviz object, and this bug really is a
duplicate of #914378, which was fixed by python-pygraphviz 1.5-1 back in
November.

Sorry for not looking into this bug before the soft freeze.

-jodal


signature.asc
Description: PGP signature

Processed: Re: python-transitions FTBFS: tests fail with Python 3.7: RuntimeError: generator raised StopIteration

[Debian Bug Tracking System]

Processing control commands:

> fixed 911873 python-pygraphviz/1.5-1
Bug #911873 {Done: Stein Magnus Jodal } 
[src:python-transitions] python-transitions FTBFS: tests fail with Python 3.7: 
RuntimeError: generator raised StopIteration
Marked as fixed in versions python-pygraphviz/1.5-1.

-- 
911873: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911873
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#911873: marked as done (python-transitions FTBFS: tests fail with Python 3.7: RuntimeError: generator raised StopIteration)

[Debian Bug Tracking System]

Your message dated Tue, 19 Feb 2019 00:38:57 +0100
with message-id <20190218233857.GA29367@buildup>
and subject line Re: python-transitions FTBFS: tests fail with Python 3.7: 
RuntimeError: generator raised StopIteration
has caused the Debian Bug report #911873,
regarding python-transitions FTBFS: tests fail with Python 3.7: RuntimeError: 
generator raised StopIteration
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
911873: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911873
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-transitions
Version: 0.6.7-1
Severity: serious
Tags: ftbfs

python-transitions fails to build from source. Its test suite has lots
of these:

| ==
| ERROR: test_use_machine_as_model 
(tests.test_states.TestStatesDiagramsLockedNested)
| --
| Traceback (most recent call last):
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/transitions/extensions/diagrams.py",
 line 376, in _get_graph
| return self.model_graphs[model] if not show_roi else 
self._graph_roi(model)
| KeyError: 
| 
| During handling of the above exception, another exception occurred:
| 
| Traceback (most recent call last):
|   File "/usr/lib/python3/dist-packages/pygraphviz/agraph.py", line 1093, in 
subgraphs_iter
| raise StopIteration
| StopIteration
| 
| The above exception was the direct cause of the following exception:
| 
| Traceback (most recent call last):
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/tests/test_states.py",
 line 169, in setUp
| super(TestStatesDiagramsLockedNested, self).setUp()
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/tests/test_graphing.py",
 line 290, in setUp
| super(TestDiagramsLockedNested, self).setUp()
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/tests/test_graphing.py",
 line 222, in setUp
| super(TestDiagramsNested, self).setUp()
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/tests/test_graphing.py",
 line 89, in setUp
| self.stuff = Stuff(machine_cls=self.machine_cls)
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/tests/utils.py", line 
20, in __init__
| self.machine = machine_cls(*args, **kwargs)
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/transitions/extensions/diagrams.py",
 line 363, in __init__
| model.get_graph()
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/transitions/extensions/diagrams.py",
 line 378, in _get_graph
| return self._get_graph(model, title, force_new=True, show_roi=show_roi)
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/transitions/extensions/diagrams.py",
 line 373, in _get_graph
| self.model_graphs[model] = self.graph_cls(self).get_graph(title if title 
is not None else self.title)
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/transitions/extensions/diagrams.py",
 line 179, in get_graph
| self._add_edges(self.machine.events.copy(), fsm_graph)
|   File 
"/<>/.pybuild/cpython3_3.7_transitions/build/transitions/extensions/diagrams.py",
 line 222, in _add_edges
| for sub in container.subgraphs_iter():
| RuntimeError: generator raised StopIteration
| 
| --
| Ran 981 tests in 15.914s
| 
| FAILED (errors=323)
| E: pybuild pybuild:338: test: plugin distutils failed with: exit code=1: cd 
/<>/.pybuild/cpython3_3.7_transitions/build; python3.7 -m nose -v 
tests
| dh_auto_test: pybuild --test -i python{version} -p "3.7 3.6" returned exit 
code 13
| make: *** [debian/rules:10: build] Error 25
| dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2

Likely this is due to Python 3.7 having become a supported Python
version and Python 3.7 having changed behaviour wrt. generators.

Helmut
--- End Message ---
--- Begin Message ---
Control: fixed 911873 python-pygraphviz/1.5-1

Hi,

I cannot reproduce this bug by building python-transitions in a fresh
buster pbuilder environment. I've updated upstream's CI setup to run on
Python 3.7, and all tests pass there as well.

Looking closer at the stack trace and the source code, it becomes clear
that `container` is a pygraphviz object, and this bug really is a
duplicate of #914378, which was fixed by python-pygraphviz 1.5-1 back in
November.

Sorry for not looking into this bug before the soft freeze.

-jodal


signature.asc
Description: PGP signature
--- End Message ---

Bug#914897: tech-ctte: Should debootstrap disable merged /usr by default?

[Cyril Brulebois]

Hi,

Didier 'OdyX' Raboud  (2019-02-18):
> Dear Technical Committee members,
> (CC'ed to submitter, and debootstrap maintainers for information and feedack)
> 
> Here's the current state of the draft resolution; which `master` is at
> https://salsa.debian.org/debian/tech-ctte/blob/master/914897_merged_usr/ballot.md

Thanks, Didier.

While I haven't dived into it as deep as you did (e.g. I didn't proofread
the big table at the end), that seems like a reasonable characterization
of the current situation; many thanks for your highly detailed summary.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#914897: tech-ctte: Should debootstrap disable merged /usr by default?

[Steve McIntyre]

Hi Didier,

While I'm not necessarily disagreeing with the overall point(s) here,
some of the points in this list of arguments seem dubious at
best. Maybe you could expand?

>* having separate `/` and `/usr` filesystems has been useful in the past for
>  booting without initramfs onto a minimal root filesystem that carried just
>  enough to mount the `/usr` filesystem later in the boot process. Given the
>  evolution of physical hosts' capabilities, initramfs'es have been default in
>  Debian (and elsewhere) for a long time, and most systems no longer have an
>  intermediate state during boot in which they have only `/`, but not `/usr`,
>  mounted.
>* another use-case is to be able to share an identical `/usr` over a network
>  link; hence booting an initramfs, mounting a local `/`, then mounting `/usr`
>  over the network. It seems that an initramfs with everything needed to mount
>  a filesystem over a network link directly actually has a smaller footprint.
>* booting with `/` only is not systematically tested in Debian anymore;

I'm assuming you mean "/ without /usr" here?

>* the packaging infrastructure to install files outside of `/usr` is not
>  standard and represents technical debt:

I have no idea what you're suggesting here.

>* given its status as remnant "folklore", the distinction between what _needs_
>  to be shipped in `/` and what can stay in `/usr` is often interpreted
>  arbitrarily;
>* allowing shipment of identically-named libraries or binaries in different
>  paths can confuse common understanding of paths precedence.

...

>Various valid long-term desireable situations coexist, and while discussing
>immediate countermeasures, it is useful to keep the long-term outcome that
>those are most likely to produce.
>
>These are the five possible situations at the time of bullseye (buster + 1):
>
>* `none`: "merged `/usr`" has been reverted
>* `weak`: both directory schemes are allowed, packages only built on classical
>  hosts
>* `middle`: both directory schemes are allowed, packages can be built anywhere
>* `hard`: both directory schemes are allowed, packages only built on
>  "merged `/usr`" hosts
>* `all`: only "merged `/usr`" directory schemes are allowed, packages only
>  built on "merged `/usr`" hosts
>
>It can be summarized by the following table:
>
>```
>|  | Host types that are allowed   | Are merged `/usr` | 
>Official packages are built on| Packages built on … can break on the other 
>|
>| Codename | classical hosts | merged `/usr` hosts | symlinks allowed  | 
>classical hosts | merged `/usr` hosts |   classical hosts   |  merged `/usr` 
>hosts |
>|--|-|-|---|—|-|-|--|
>| none |   yes   |  no | no|   
>yes   |  no | yes |  yes |
>| weak |   yes   | yes |yes|   
>yes   |  no |  no |  yes |
>|   middle |   yes   | yes |yes|   
>yes   | yes |  no |   no |
>| hard |   yes   | yes |yes|   
> no   | yes |  no |   no |
>|  all |   no| yes |yes|   
> no   | yes | yes |   no |
>```
>
>The current state of buster is `weak`.
>
>=== DRAFT Resolution ===
>
>The Technical Committee resolves to:
>
>* Option A: Ask the debootstrap maintainers to disable "merged `/usr`" by
>  default
>  (Using its §6.1.4 "Overrule a Developer" power; requires a 3:1 majority)
>
>  Given that:
>  * hosts with both directory schemes already exist,
>  * the "merged `/usr`" directory scheme ought to be reserved for special
>use-cases,
>  * official packages ought to only be built on classical directory schemes,
>
>  … the Technical Committee considers that the desireable solution at the time
>  of bullseye is `weak`; and asks the debootstrap maintainers to disable
>  "merged `/usr`" by default.

There is a deeper worry about builds that may be done against the
"weak" background. Although buildd chroots are easily fixed up,
there's going to be a (small, but unknown) set of maintainers who
might be uploading binaries from merged systems. I think we're making
good progress on source-only uploads and building in clean chroots
etc., but...  It's also likely not easy to pick up on "wrong" binary
packages built this way.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
The two hard things in computing:
 * naming things
 * cache invalidation
 * off-by-one errors  -- Stig Sandbeck Mathisen

Bug#914897: tech-ctte: Should debootstrap disable merged /usr by default?

[Marco d'Itri]

On Feb 18, Didier 'OdyX' Raboud  wrote:

> * another use-case is to be able to share an identical `/usr` over a network
>   link; hence booting an initramfs, mounting a local `/`, then mounting `/usr`
>   over the network. It seems that an initramfs with everything needed to mount
>   a filesystem over a network link directly actually has a smaller footprint.
A MAJOR use case is to share /usr among different containers so that 
they use the same software (which then can be updated centrally) but 
different data and configurations.
It is a longer term goal of some projects to support booting new 
a system with empty /etc and /var directories, i.e. basically an empty 
/ partition and software coming from the (possibly read only, possibly 
snapshotted, etc) /usr partition.

> * booting with `/` only is not systematically tested in Debian anymore;
Nowadays this will surely to not work at all, at least in a default 
install. E.g. libkmod2 is in /usr/lib/.
I think that it can be safely said that Debian does not support booting 
systems with a standalone /usr/ and no initramfs.

> In Debian buster, the current testing suite, "merged `/usr`" is only 
> considered
> for implementation with symlinks (there are no proposals for simply dropping
> `/{bin,sbin,lib*}`) and is implemented in two main ways:
For clarity: I am not aware of anybody anywhere proposing to drop the 
/{bin,sbin,lib*} links, for Debian or any other distribution.

Thank you for this excellent summary.

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Bug#921953: apacheds: Further analysis

[tony mancill]

On Sun, Feb 10, 2019 at 09:25:30PM +0100, Johan Grip wrote:
> Hi.
> 
> Looked at it a bit more and found the following things.
> 
> ApacheDS have moved it's configuration to a dynamic schema based setup, like
> OpenLDAP.
> As part of the startup it tries to migrate the config.ldif to a folder based
> setup
> in ou=config. Since the user it runs as doesn't have write permission for
> /etc/apacheds
> it fails and then gives up starting.
> 
> Additionally, once the permission issue is sorted the current systemd unit
> checks for the
> existance of the config.ldif file which will be renamed as part of the
> migration so it will
> not start the server.
> 
> The patch below fixes both but I'm not sure if services are supposed to
> write in /etc.

Hi Johan,

Thank you for the analysis and the patch.  I adjusted the permissions
slightly based on [1].  I'm not completely sure that the directory
shouldn't also be world-readable given that the configuration created by
apacheds when it does start correctly is world readable anyway, but I
didn't change that.  Also, as I interpret Debian Policy 10.7.2 [2], the
files are in the desired location.

Since I'm not normally an uploader of apacheds, I'm going to give the
normal uploaders a couple days to comment before proceeding.  I am keen
on getting this RC bug addressed, since it will remove several other
packages from Debian, including zookeeper.

Cheers,
tony

[1] 
https://www.debian.org/doc/debian-policy/ch-files.html#permissions-and-owners
[2] https://www.debian.org/doc/debian-policy/ch-files.html#location


signature.asc
Description: PGP signature

Bug#915987: marked as done (partimage FTBFS with glibc 2.28)

[Debian Bug Tracking System]

Your message dated Tue, 19 Feb 2019 02:40:41 +
with message-id 
and subject line Bug#915987: fixed in partimage 0.6.9-7
has caused the Debian Bug report #915987,
regarding partimage FTBFS with glibc 2.28
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
915987: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915987
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: partimage
Version: 0.6.9-6
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/partimage.html

...
misc.cpp: In function 'int checkInodeForDevice(char*, char*)':
misc.cpp:1683:103: error: expected ';' before ')' token
   nRes = mknod(szDevice, S_IFBLK | S_IREAD | S_IWRITE | S_IRGRP | S_IROTH, 
makedev(nMajor, nMinor));

   ^
make[5]: *** [Makefile:537: misc.o] Error 1
--- End Message ---
--- Begin Message ---
Source: partimage
Source-Version: 0.6.9-7

We believe that the bug you reported is fixed in the latest version of
partimage, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 915...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joao Eriberto Mota Filho  (supplier of updated partimage 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 18 Feb 2019 22:45:26 -0300
Source: partimage
Architecture: source
Version: 0.6.9-7
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Joao Eriberto Mota Filho 
Closes: 915987
Changes:
 partimage (0.6.9-7) unstable; urgency=medium
 .
   * QA upload.
   * debian/patches/04-fix-FTBFS-glic-2.28.patch: added to fix a FTBFS. Patch
 from Gentoo Linux. Thanks. (Closes: #915987)
Checksums-Sha1:
 69e15e222aa4ce94572b6ed625c63b0f06a8b7cc 1927 partimage_0.6.9-7.dsc
 84d6f480ed8750f0082d1a808df9282dae6a4198 16952 partimage_0.6.9-7.debian.tar.xz
 d14c32a31ebc9a3d4dd66a0572bcef346992eb5f 5398 
partimage_0.6.9-7_source.buildinfo
Checksums-Sha256:
 34d8fde1f1945b0d565aa54b208e340293935ed0275beed6edf6ea348498810c 1927 
partimage_0.6.9-7.dsc
 047d8f25bc8534a99a0c6a4b8767bc8cf76eb6b7928fec31e0ddf8d01ad429ae 16952 
partimage_0.6.9-7.debian.tar.xz
 02a6745b4107ebdea44e7e637e0e4f2f94ecf8b331003dfb3b86e4d9cfcee8e5 5398 
partimage_0.6.9-7_source.buildinfo
Files:
 e59a1555930e40b0b60db745f8caadcb 1927 admin optional partimage_0.6.9-7.dsc
 ed2a57497490d6021aa89ed7b67e6932 16952 admin optional 
partimage_0.6.9-7.debian.tar.xz
 10c025b1e40e3e2df7866ff874ca5427 5398 admin optional 
partimage_0.6.9-7_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAlxrYswACgkQ3mO5xwTr
6e8jJBAAiwAGCuN3ow8edeXnqrygpg/kEM7sbnzlK4+tWyqoDSv+iXK8yGsEneKe
tgO3Pt7rP0ZPWQlAsz//RzOAXjM7ENnmBTFq9s/hg1jawkfnumuFpunKJqBBaEwb
N+kxo3JBmR4teij611EcmS/ImGpCMlFjnUUO3OL6yS/FIxYrxsyIHXaaivMfewi8
Woi/STc/jAVVMoJQ46ov2dzQnZaAbUZhipW4F/g6UCnia0beGUBy7/tOTPOb207i
ZKwLqgjNazAXnDCLOS05QCDnesg2vhZiEn9gK43go8urqQQwPQ5BbFfUcRY5chXC
n3gmEv09venty5WB5nmngt6gu9eVndzgBzPPrrMg8DzHwhm6D8o8Zky+87v+vSwM
Q5sPMfERbJLpGC3F/igwyOzwGsBa/7bdzpE5F1yHqfO+mrcdFffGkq9dVBpOGVFD
fXXZWq/zreZquJ0MUCW7WUp7VZixL47k6lz7LvIRYHWxzL7vSU3QFBfypZIaxeqB
FIQxxaSJHqYjX7KLSEa3VdCy+h9x9s8ULtjHMAqbH5N5GvsLKX++Xh8dkoaac6d2
17/Y9SRRkWGLr9yYB4+qs5xp9f17T2tduAm9Ojv2fPGr6l1wq8nL5NEXTlk/t7yW
jfiEXnKw7TIZwtqxQkQgh3N+U9987wWXadTNJlAseTMudLLBVuc=
=K5Mg
-END PGP SIGNATURE End Message ---

Bug#921521: marked as done (chromium-browser: CVE/Security fixes missing in stable-sec)

[Debian Bug Tracking System]

Your message dated Mon, 18 Feb 2019 22:09:36 -0500
with message-id 

and subject line Re: Bug#921521: chromium-browser: CVE/Security fixes missing 
in stable-sec
has caused the Debian Bug report #921521,
regarding chromium-browser: CVE/Security fixes missing in stable-sec
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921521: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921521
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: chromium
Version: 71.0.3578.80-1~deb9u1
Severity: serious

The stable-sec package is stuck with version 71.0.3578.80 and is
missing security updates for several CVEs.  Take for example the list
from 72.0.3626.81

- Stack buffer overflow in Skia. Reported by Ivan Fratric
- Use after free in Mojo, FileAPI, and Payments. Reported by Mark Brand
- CVE-2018-17481: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported
  by Klzgrad
- CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay
  Bosamiya
- CVE-2019-5756: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis
- CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin
- CVE-2019-5759: Use after free in HTML select elements. Reported by Almog
  Benin
- CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin
- CVE-2019-5762: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5763: Insufficient validation of untrusted input in V8.
  Reported by Guang Gong
- CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin
- CVE-2019-5765: Insufficient policy enforcement in the browser. Reported
  by Sergey Toshin
- CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by
  David Erceg
- CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu,
  Yifan Zhang, Luyi Xing, and Xiaojing Liao
- CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by
  Rob Wu
- CVE-2019-5769: Insufficient validation of untrusted input in Blink.
  Reported by Guy Eshel
- CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidallt
- CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou
- CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by
  Yongke Wang
- CVE-2019-5774: Insufficient validation of untrusted input in
  SafeBrowsing. Reported by Junghwan Kang and Juno Im
- CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by
  evi1m0
- CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by
  Lnyas Zhang
- CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by
  Khalil Zhani
- CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported
  by David Erceg
- CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
  Reported by David Erceg
- CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas
  Hegenberg
- CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by
  evi1m0
- CVE-2019-5782: Inappropriate implementation in V8 reported by Qixun Zhao
- CVE-2019-5783: Insufficient validation of untrusted input in DevTools.
  Reported by Shintaro Kobori
--- End Message ---
--- Begin Message ---
version: 72.0.3626.96-1~deb9u1

On Wed, Feb 6, 2019 at 8:03 AM Charlemagne Lasse wrote:
> The stable-sec package is stuck with version 71.0.3578.80 and is
> missing security updates for several CVEs.

Security update has just been released.

Best wishes,
Mike--- End Message ---

Processed: the locale bug

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 922500 minor
Bug #922500 [tex-common] tex-common: Fails to install with LC_TIME=en_DE.UTF-8
Severity set to 'minor' from 'serious'
> retitle 922500 make luatex work under broken locales
Bug #922500 [tex-common] tex-common: Fails to install with LC_TIME=en_DE.UTF-8
Changed Bug title to 'make luatex work under broken locales' from 'tex-common: 
Fails to install with LC_TIME=en_DE.UTF-8'.
> tags 922500 + wontfix
Bug #922500 [tex-common] make luatex work under broken locales
Added tag(s) wontfix.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
922500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922500
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: retitle 920476 to mumble: CVE-2019-1000029: DoS due to changing # of allowed users in root channel

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 920476 mumble: CVE-2019-129: DoS due to changing # of allowed 
> users in root channel
Bug #920476 {Done: Christopher Knadle } [mumble] 
security issue: DoS due to changing # of allowed users in root channel
Changed Bug title to 'mumble: CVE-2019-129: DoS due to changing # of 
allowed users in root channel' from 'security issue: DoS due to changing # of 
allowed users in root channel'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
920476: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920476
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#922667: beep: Error: could not open any device

[jim_p]

Package: beep
Version: 1.4.3-1
Severity: grave
Tags: upstream
Justification: renders package unusable

Dear Maintainer,

After today's upgrade to version 1.4.x, beep no longer works and pops the above
error. After checking its man page, I found out that it tries to access these
devices, in that specific order

/dev/input/by-path/platform-pcspkr-event-spkr
/dev/tty0
/dev/vc/0

and although I have the 1st one (the pc speaker), beep does not seem to be able
to access it.
If I am correct. from the new developer's page in github, I found out that
there is this udev rule that needs to be present.

https://github.com/spkr-beep/beep/blob/master/90-pcspkr-beep.rules

If so, please add the above udev rule to your package.



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-3-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages beep depends on:
ii  libc6  2.28-6

beep recommends no packages.

beep suggests no packages.

-- no debconf information