date:20150325

Thanks Zachary, I confirm your workaround seems to make this work
correctly. I'm not sure that these modules are important for a personal
usage, but maybe I miss something here?

-- 
Julien

On 21 November 2014 at 00:12, Debian Bug Tracking System 
ow...@bugs.debian.org wrote:

 Thank you for filing a new Bug report with Debian.

 This is an automatically generated reply to let you know your message
 has been received.

 Your message is being forwarded to the package maintainers and other
 interested parties for their attention; they will reply in due course.

 Your message has been sent to the package maintainer(s):
  Debian Kernel Team debian-ker...@lists.debian.org

 If you wish to submit further information on this problem, please
 send it to 770...@bugs.debian.org.

 Please do not send mail to ow...@bugs.debian.org unless you wish
 to report a problem with the Bug-tracking system.

 --
 770397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770397
 Debian Bug Tracking System
 Contact ow...@bugs.debian.org with problems

Bug#781150: Info received (Bug#781150: Acknowledgement (linux-image-3.16.0-4-amd64: Integrated Screen switches off when plugging in an external HDMI screen))

However:

* Signing off didn't work: nothing happens. (LIkely a Gnome issue)
* Switching to the VT, it's cloned on both screens.
* Restarting gdm3 with the HDMI cable still plugged in don't change
anything: Integrated Screen is off while External Screen is on, when in X.
* But restarting gdm3 with the HDMI cable off make the Integrated Screen
work again.

Bug#772823: ITP: kimchi -- HTML5 baseITP: kimchi -- HTML5 based management tool for KVM.d management tool for KVM.

2015-03-25 Thread Frederic Bonnard

Hi Julien,
thanks for this one. I added it to the lastest packaging I pushed on
mentors.debian.net .
I also added a patch that I sent for review on @kimchi-devel which should make
possible to use http://server/kimchi with a sub-site configuration file in
nginx based on commentis of Robie Basak to comply better with :
http://webapps-common.alioth.debian.org/draft/html/ch-httpd.html

F.


On Sun, 22 Mar 2015 23:37:44 +1100, Julien Goodwin jgood...@studio442.com.au 
wrote:
 One more missing dep that slipped through, novnc is missing from the
 package deps.
 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781136: RFS: pyqso/0.2-1 [ITP]

2015-03-25 Thread Iain R. Learmonth

Hi Riley,

On Wed, Mar 25, 2015 at 05:15:36PM +1100, Riley Baird wrote:
 That's great! I'm not a DD, so I can't sponsor your package, but here
 are my thoughts:

Thanks for the review.

 d/changelog:
 -As this is a new package, priority should be low.

Added to my pre-upload checklist. I make pre-release uploads for testing to
a private repository for my friends and upstream mailing lists. Looks like
this got changed somewhere by dch.

 d/copyright:
 -Remove the copyright symbol.
 -If you worked on the package this year, you should probably add 2015
 to the years. Similarly, upstream development has continued past 2013
 so you should probably give 2013-2015 as the years for the non-Debian
 parts.

Years have been updated. I've had the copyright symbol in my other packages,
and this is part of the Debian Med package template created by tille. If the
copyright symbol is against policy, I have a lot of things to fix as will
others. Left it in for now.

 d/docs:
 -Include README.md as well.

Good point. Done.

 d/pyqso.1:
 -You should try submitting this upstream.

Already done.

 General:
 -I got the below error when building. Have you forgotten a
 build-depends, or is this message to be expected?
 
 ERROR:root:Could not import a non-standard Python module
 needed by the GreyLine class, or the version of the non-standard module
 is too old. Check that all the PyQSO dependencies are satisfied.
 ERROR:root:Could not import the Hamlib module! ERROR:root:Could not
 import the Hamlib module! reading sources...

Yep. The software includes the modules if they're available, and they are
dependencies of the binary package, but not required during the build. Might
ask upstream to change ERROR to Warning so it's a bit less scary.

The new package has been uploaded to mentors.d.o.

Thanks,
Iain.

-- 
e: i...@fsfe.orgw: iain.learmonth.me
x: i...@jabber.fsfe.org t: EPVPN 2105
c: 2M0STB  g: IO87we
p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49


pgp9_UWB3HE8l.pgp
Description: PGP signature

Bug#781136: RFS: pyqso/0.2-1 [ITP]

2015-03-25 Thread Iain R. Learmonth

Hi,

On Wed, Mar 25, 2015 at 09:53:41AM +0100, John Paul Adrian Glaubitz wrote:
 I do sponsoring on a regular basis and I am also an aspiring ham
 radio operator. I'd be happy to help.

Awesome. I believe the package on mentors.d.o is ready for upload. The
initial package I uploaded had a couple of issues with it wrt dates not
mentioning 2015 (I initially did this packaging work last year) and
README.md not appearing in d/docs.

I have tested the functionality of the package, as has the upstream author,
and we both find it to be working. Upstream also tested the package on a
fresh install to ensure all the dependencies were present.

Thanks,
Iain.

-- 
e: i...@fsfe.orgw: iain.learmonth.me
x: i...@jabber.fsfe.org t: EPVPN 2105
c: 2M0STB  g: IO87we
p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49


pgpQV8bYBwY1W.pgp
Description: PGP signature

Bug#780748: Change merged upstream

2015-03-25 Thread Florian Bruhin

Any update on this? The change has now been merged upstream:
http://code.qt.io/cgit/qt/qtwebkit.git/commit/?h=5.4id=2810aea1f6c9cca48b93130a7c245f9a2f85637e

Florian

-- 
http://www.the-compiler.org | m...@the-compiler.org (Mail/XMPP)
   GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc
 I love long mails! | http://email.is-not-s.ms/


pgpofOjy8LjfH.pgp
Description: PGP signature

Bug#781149: ITP: python-mistralclient -- OpenStack Workflow as a Service client

2015-03-25 Thread Thomas Goirand

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand z...@debian.org

* Package name: python-mistralclient
  Version : 2015.1~b3
  Upstream Author : OpenStack Foundation openstack-...@lists.openstack.org
* URL : https://github.com/stackforge/python-mistralclient
* License : Apache-2.0
  Programming Lang: Python
  Description : OpenStack Workflow as a Service client

 Mistral is a task management service. It is also known as Workflow as a
 Service. Most business processes consist of multiple distinct interconnected
 steps that need to be executed in a particular order in a distributed
 environment. One can describe such process as a set of tasks and task
 relations and upload such description to Mistral so that it takes care of
 state management, correct execution order, task distribution and high
 availability. Mistral also provides flexible task scheduling so that we can
 run a process according to a specified schedule (i.e. every Sunday at 4.00pm)
 instead of running it immediately. We call such set of tasks and dependencies
 between them a workflow. Independent routes in a workflow (which, in fact, is
 a graph) are called flows and Mistral can execute them in parallel.

Note: This is a new dependency of Murano, which graduated from incubation.
The project Mistral itself, is IMO not yet ready for an upload in Debian.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775850: timblserver: FTBFS in unstable: error: 'class Timbl::GetOptClass' has no member named 'getLogFile'

2015-03-25 Thread James Cowgill

Hi,

On Wed, 2015-03-25 at 06:46 +0100, Joost van Baal-Ilić wrote:
 On Tue, Jan 20, 2015 at 05:23:22PM +, James Cowgill wrote:
  Source: timblserver
  Version: 1.7-4
  Severity: serious
  Tags: sid
  
  Hi,
  
  timblserver FTBFS in unstable (but not in testing) on amd64 with the
  following error:
[...]
 
 I'll get to this soonish.  It'll get fixed with the upcoming upload of new
 upstream 1.9. (Note to self: first convert repo from svn to git.)
 
 Thanks for reporting!
 
 Bye,
 
 Joost
 
 PS: do you happen to know if this endangers timblserver in jessie? I'd guess
 not...

No it doesn't - timblserver builds fine on jessie. The 'sid' tag should
prevent anything bad happening.

Thanks,
James


signature.asc
Description: This is a digitally signed message part

Bug#781150: linux-image-3.16.0-4-amd64: Integrated Screen switches off when plugging in an external HDMI screen

Package: src:linux
Version: 3.16.7-ckt7-1
Severity: normal

Hi,

I have a Lenovo Thinkpad Yoga. This is a laptop.

As soon as I plug-in an external HDMI screen, the Integrated Screen switches
off. Yet xrandr and gnome's screen preference window still says it's on.

I tried switching it off and on using these commands:

  xrandr --output eDP1 --off
  xrandr --output eDP1 --auto

When I input that last command I clearly see that the Integrated Screen
flashes
with Gnome's lockscreen before being off again.

When I unplug the external HDMI screen, it's not back to normal. Rarely
suspending/resuming the laptop make it work again.

I tried the workaround of adding a script in /etc/pm/sleep.d/ that runs
chvt
1; chvt 7 but this changed nothing.


Please also note that merely booting to the older kernel linux-
image-3.14-2-amd64 (I have version 3.14.15-2) makes it work perfectly.
That's
why I think it's a kernel bug.

Here is the current xrandr output with an external HDMI screen and my
integrated screen off (despite xrandr saying otherwise):

$ xrandr
Screen 0: minimum 320 x 200, current 3840 x 1080, maximum 8192 x 8192
eDP1 connected primary 1920x1080+1920+0 (normal left inverted right x axis y
axis) 276mm x 156mm
   1920x1080 60.04*+  59.93
   1680x1050 59.9559.88
   1600x1024 60.17
   1400x1050 59.98
   1280x1024 60.02
   1440x900  59.89
   1280x960  60.00
   1360x768  59.8059.96
   1152x864  60.00
   1024x768  60.00
   800x600   60.3256.25
   640x480   59.94
DP1 disconnected (normal left inverted right x axis y axis)
HDMI1 disconnected (normal left inverted right x axis y axis)
HDMI2 connected 1920x1080+0+0 (normal left inverted right x axis y axis)
1060mm
x 626mm
   1920x1080 60.00*+  50.0059.9430.0025.0024.0029.97
23.98
   1920x1080i60.0050.0059.94
   1680x1050 59.88
   1600x900  59.98
   1280x1024 75.0260.02
   1440x900  59.90
   1366x768  59.79
   1280x800  59.91
   1152x864  75.00
   1280x720  60.0050.0059.94
   1440x576i 50.00
   1024x768  75.0870.0760.00
   1440x480i 60.0059.94
   832x624   74.55
   800x600   72.1975.0060.32
   720x576   50.00
   720x480   60.0059.94
   640x480   75.0072.8166.6760.0059.94
   720x400   70.08


Here is a trace I _sometimes_ get when I plug in an external HDMI screen:

[ 7925.045494] [ cut here ]
[ 7925.045536] WARNING: CPU: 0 PID: 1821 at /build/linux-
SAvLSw/linux-3.16.7-ckt7/drivers/gpu/drm/i915/intel_pm.c:5992
intel_display_power_put+0x127/0x150 [i915]()
[ 7925.045539] Modules linked in: nls_utf8 nls_cp437 vfat fat ctr ccm option
usb_wwan usbserial wacom hid_sensor_magn_3d hid_sensor_incl_3d
hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_rotation hid_sensor_als
hid_sensor_trigger industrialio_triggered_buffer kfifo_buf
hid_sensor_iio_common industrialio hid_sensor_hub cpufreq_userspace
cpufreq_powersave cpufreq_conservative cpufreq_stats bnep snd_hda_codec_hdmi
nfsd auth_rpcgss oid_registry nfs_acl nfs lockd fscache sunrpc ecb qmi_wwan
cdc_wdm usbnet mii usb_storage hid_multitouch uvcvideo videobuf2_vmalloc
videobuf2_memops btusb videobuf2_core v4l2_common usbhid videodev bluetooth
media hid 6lowpan_iphc joydev arc4 x86_pkg_temp_thermal intel_powerclamp
intel_rapl coretemp kvm_intel kvm crc32_pclmul iTCO_wdt iTCO_vendor_support
ghash_clmulni_intel
[ 7925.045604]  iwlmvm mac80211 aesni_intel efi_pstore
snd_hda_codec_conexant
snd_hda_codec_generic iwlwifi aes_x86_64 lrw gf128mul glue_helper
ablk_helper
cryptd evdev psmouse serio_raw pcspkr efivars rtsx_pci_ms cfg80211 memstick
i915 i2c_i801 tpm_tis lpc_ich wmi tpm thinkpad_acpi nvram rfkill
snd_hda_intel
battery drm_kms_helper snd_hda_controller ac snd_hda_codec drm snd_hwdep
snd_pcm video i2c_algo_bit i2c_core snd_timer snd intel_smartconnect shpchp
soundcore mei_me processor mei button fuse autofs4 ext4 crc16 mbcache jbd2
sg
sd_mod crc_t10dif crct10dif_generic rtsx_pci_sdmmc mmc_core crct10dif_pclmul
crct10dif_common crc32c_intel ahci libahci libata ehci_pci ehci_hcd xhci_hcd
scsi_mod rtsx_pci mfd_core usbcore thermal usb_common thermal_sys
[ 7925.045690] CPU: 0 PID: 1821 Comm: Xorg Tainted: GW
3.16.0-4-amd64 #1 Debian 3.16.7-ckt7-1
[ 7925.045693] Hardware name: LENOVO 20CDCTO1WW/20CDCTO1WW, BIOS GQET34WW
(1.14
) 02/26/2014
[ 7925.045696]  0009 81509e7c 
81067727
[ 7925.045702]  8802159a002c 8802159a 8802159a
880214168000
[ 7925.045708]  8802159a8520 a03c3127 000b
8802159a
[ 7925.045714] Call Trace:
[ 7925.045724]  [81509e7c] ? dump_stack+0x41/0x51
[ 7925.045732]  [81067727] ? warn_slowpath_common+0x77/0x90
[ 7925.045751]  [a03c3127] ? intel_display_power_put+0x127/0x150
[i915]
[ 7925.045777]  [a0409434] ?

Bug#781150: Acknowledgement (linux-image-3.16.0-4-amd64: Integrated Screen switches off when plugging in an external HDMI screen)

Additional info:

I booted with the HDMI cable in: at the login session, both screens were
working. But as soon as I logged in to Gnome the integrated screen switched
off.

So maybe the Linux kernel is not the only culprit here.

Bug#781128: security.debian.org: GeoDNS load balancing of Debian Security mirrors + out of date mirrors means you cant patch

2015-03-25 Thread Florian Weimer

* Sam McLeod:

 4) Mirror given by GeoDNS for security.debian.org was:
 - nashira.anu.edu.au (Located in Canberra, Australia)
 - Out of date and did not contain the patch.

As far as I can tell, the Australian mirror is in sync now:

$ wget -q -O- --header Host: security.debian.org 
http://gluck.debian.org/debian-security/dists/wheezy/updates/  | grep InRelease
trtd valign=topimg src=/icons/unknown.gif alt=[   ]/tdtda 
href=InReleaseInRelease/a/tdtd align=right24-Mar-2015 21:32  
/tdtd align=right101K/td/tr

Either this was temporary, or the issue had a different cause.

Note that mirror update is not instantaneous around the globe.  In
some cases, the debian-security-announce message will arrive some time
before packages are available.  In other cases, the message arrives
afterwards.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781153: [zanshin] Fix compatibility with zanshin development version

2015-03-25 Thread Franz Schrober

Package: zanshin
Version: 0.2.1-1+b2
Severity: grave


I had data loss when using a mix of the Debian version and the current
development version of zanshin. The problem is that the zanshin in Debian
fails to handle the projects of the current development zanshin. This
problem was fixed in
 http://commits.kde.org/zanshin/325ebf25a5de3cfeb02c4cd71deacfea3dc767e3
(the only difference between zanshin 0.2.1 and 0.2.2 - for some reason the
0.2.2 was tagged but never uploaded to http://files.kde.org/zanshin/ )

--- System information. ---
Architecture: amd64
Kernel:   Linux 3.16.0-4-amd64

Debian Release: 8.0
500 testinghttp.debian.net 

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#746580: sysv-rc: [patch] much improved update-rc.d integration w/ systemd

2015-03-25 Thread Raphael Hertzog

Control: severity -1 serious

On Sat, 21 Mar 2015, Florian Schlichting wrote:
 I think the severity should be raised - the working of update-rc.d ought
 to be improved for jessie.

Done now. I will file a separate bug on openbsd-inetd for the problem I
encountered.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781154: ITP: libphpcpp -- a C++ library for developing PHP extensions

2015-03-25 Thread Rafal Goslawski

Package: wnpp
Severity: wishlist
Owner: Rafal Goslawski rafal.goslaw...@copernica.com

* Package name: libphpcpp
  Version : 1.3.1
  Upstream Author : Emiel Bruijntjes emiel.buijnt...@copernica.com
* URL : http://www.php-cpp.com/
* License : Apache
  Programming Lang: C++
  Description : a C++ library for developing PHP extensions

The PHP-CPP library is a C++ library for developing PHP extensions.
It offers a collection of well documented and easy-to-use classes that
can be used and extended to build native extensions for PHP.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#669735: dpkg-www: transition towards Apache 2.4

2015-03-25 Thread Jean-Michel Nirgal Vourgère

Control: tags -1 patch

Attached is a fix.

It's also available on mentors at:
https://mentors.debian.net/package/dpkg-www
diff -Nru dpkg-www-2.54+nmu1/debian/changelog dpkg-www-2.55/debian/changelog
--- dpkg-www-2.54+nmu1/debian/changelog	2008-05-30 22:47:16.0 +0200
+++ dpkg-www-2.55/debian/changelog	2015-03-25 11:17:24.0 +0100
@@ -1,3 +1,20 @@
+dpkg-www (2.55) unstable; urgency=medium
+
+  * QA upload:
+- d/control: Set maintainer address to QA.
+  * Apache2.4 transition (Closes: #669735):
+- d/control: Build-depends on dh-apache2, change hard Depends on apache2
+  to use of misc:Recommends.
+- d/rules: Add dh_apache2.
+- New d/dpkg-www.apache2 to handle apache configuration, renamed
+  src/apache.conf to debian/dpkg-www.conf.
+- d/maintscript: rm_conffile in /etc/apache for apache1, mv_conffile to
+  conf-available.
+- Makefile: No longer handling apache2 conf.
+- d/postinst: No longer handling apache2 conf. File deleted.
+
+ -- Jean-Michel Nirgal VourgÃ¨re jmv_...@nirgal.com  Wed, 25 Mar 2015 11:04:14 +0100
+
 dpkg-www (2.54+nmu1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru dpkg-www-2.54+nmu1/debian/control dpkg-www-2.55/debian/control
--- dpkg-www-2.54+nmu1/debian/control	2008-06-28 21:07:04.0 +0200
+++ dpkg-www-2.55/debian/control	2015-03-25 10:56:39.0 +0100
@@ -1,13 +1,14 @@
 Source: dpkg-www
 Section: doc
 Priority: optional
-Maintainer: Massimo Dal Zotto d...@debian.org
-Build-Depends: debhelper (= 4.1.16)
+Maintainer: Debian QA Group packa...@qa.debian.org
+Build-Depends: debhelper (= 4.1.16), dh-apache2
 Standards-Version: 3.5.8
 
 Package: dpkg-www
 Architecture: all
-Depends: apt, dwww, info2www, perl | perl5, apache2 | httpd
+Depends: apt, dwww, info2www, perl | perl5
+Recommends: ${misc:Recommends}
 Suggests: dlocate, grep-dctrl, mozilla-firefox | www-browser, man2html, tasksel
 Description: Web based Debian package browser
  With the dpkg cgi-bin you can browse Debian packages on a local or
diff -Nru dpkg-www-2.54+nmu1/debian/dpkg-www.apache2 dpkg-www-2.55/debian/dpkg-www.apache2
--- dpkg-www-2.54+nmu1/debian/dpkg-www.apache2	1970-01-01 01:00:00.0 +0100
+++ dpkg-www-2.55/debian/dpkg-www.apache2	2015-03-25 10:53:27.0 +0100
@@ -0,0 +1 @@
+conf debian/dpkg-www.conf
diff -Nru dpkg-www-2.54+nmu1/debian/dpkg-www.conf dpkg-www-2.55/debian/dpkg-www.conf
--- dpkg-www-2.54+nmu1/debian/dpkg-www.conf	1970-01-01 01:00:00.0 +0100
+++ dpkg-www-2.55/debian/dpkg-www.conf	2005-10-07 13:18:06.0 +0200
@@ -0,0 +1,11 @@
+# Apache config for dpkg-www
+
+# Disable execution of dpkg from remote hosts
+Location /cgi-bin/dpkg
+order deny,allow
+deny from all
+allow from localhost 127.0.0.1
+# allow from .your_domain.com
+/Location
+
+# End dpkg-www config
diff -Nru dpkg-www-2.54+nmu1/debian/maintscript dpkg-www-2.55/debian/maintscript
--- dpkg-www-2.54+nmu1/debian/maintscript	1970-01-01 01:00:00.0 +0100
+++ dpkg-www-2.55/debian/maintscript	2015-03-25 10:31:06.0 +0100
@@ -0,0 +1,2 @@
+rm_conffile /etc/apache/conf.d/dpkg-www 2.55~
+mv_conffile /etc/apache2/conf.d/dpkg-www /etc/apache2/conf-available/dpkg-www.conf 2.55~
diff -Nru dpkg-www-2.54+nmu1/debian/postinst dpkg-www-2.55/debian/postinst
--- dpkg-www-2.54+nmu1/debian/postinst	2006-09-26 14:13:39.0 +0200
+++ dpkg-www-2.55/debian/postinst	1970-01-01 01:00:00.0 +0100
@@ -1,29 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case $1 in
-configure)
-	;;
-abort-upgrade|abort-remove|abort-deconfigure)
-	exit 0
-	;;
-*)
-echo postinst called with unknown argument \`$1' 2
-	exit 1
-	;;
-esac
-
-for server in apache2 apache apache-ssl; do
-apachectl=/usr/sbin/${server}ctl
-apachepid=/var/run/${server}.pid
-if [ -x $apachectl -a -f $apachepid ]; then
-	echo Restarting $server... 2
-	$apachectl restart 2 /dev/null || true
-fi
-done
-
-#DEBHELPER#
-exit 0
-
-# end of file
diff -Nru dpkg-www-2.54+nmu1/debian/:q dpkg-www-2.55/debian/:q
--- dpkg-www-2.54+nmu1/debian/:q	1970-01-01 01:00:00.0 +0100
+++ dpkg-www-2.55/debian/:q	2015-03-25 11:18:48.0 +0100
@@ -0,0 +1,744 @@
+dpkg-www (2.55) unstable; urgency=medium
+
+  * QA upload:
+- d/control: Set maintainer address to QA.
+  * Apache2.4 transition (Closes: #669735):
+- d/control: Build-depends on dh-apache2, change hard Depends on apache2
+  to use of misc:Recommends.
+- d/rules: Add dh_apache2.
+- New d/dpkg-www.apache2 to handle apache configuration, renamed
+  src/apache.conf to debian/dpkg-www.conf.
+- d/maintscript: rm_conffile in /etc/apache for apache1, mv_conffile to
+  conf-available.
+- Makefile: No longer handling apache2 conf.
+- d/postinst: No longer handling apache2 conf. File deleted.
+
+ -- Jean-Michel Nirgal VourgÃ¨re jmv_...@nirgal.com  Wed, 25 Mar 2015 11:04:14 +0100
+
+dpkg-www (2.54+nmu1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Lintian-based changes:
+

Bug#781161: dovecot-core: Can't log in via imap on kFreeBSD amd64 (Auth request missing a file descriptor)

2015-03-25 Thread Jeff Epler

Package: dovecot-core
Version: 1:2.2.15-1
Severity: important

Dear Maintainer,

After upgrading my Debian kFreeBSD machine from Wheezy to Jessie,
dovecot imap stopped working.  The version from experiemental was also
broken in the same way.

After I attempt to sign in with valid information, the following messages
are logged:

dovecot: imap: Error: Auth request missing a file descriptor 
dovecot: imap-login: Error: read(imap) failed: Remote closed connection 
(service's process_limit reached?) 

When direcly invoking imap (mutt's set tunnel=/usr/lib/dovecot/imap),
all is well.  When I attempt to sign in with invalid information, the
incorrect password is diagnosed.  So this problem is not actually with
authentication.

I was not able to determine the exact cause of the problem, but I did
determine that the problems pertains to the fd-passing code, fd_send() /
fd_read().  In the imap process, fd_read succeeds but CHECK_CMSG(cmsg)
is false.

Neither defining BUGGY_CMSG_MACROS nor redefining CHECK_CMSG as for
LINUX20 resolved the problem; doing the latter caused read_fd to fill
out *fd with an invalid file number.  Anyway, fdpass.c looks
substantially similar from 2.1 to 2.2 so perhaps the problem lies
elsewhere and this was a red herring.

[most information below pertains to the *working version*,
1:2.1.7-7+deb7u1]

-- Package-specific info:

dovecot configuration
-
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: GNU/kFreeBSD 10.1-0-amd64 x86_64  
auth_verbose = yes
debug_log_path = /tmp/dovecot.debug
disable_plaintext_auth = no
lda_mailbox_autocreate = yes
mail_location = maildir:~/Maildir
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
}
passdb {
  args = failure_show_msg=yes
  driver = pam
}
passdb {
  args = /etc/dovecot/extra.passwd
  driver = passwd-file
}
postmaster_address = postmas...@unpythonic.net
protocols = imap
ssl = required
ssl_cert = /etc/dovecot/ssl/dovecot.cert
ssl_key = /etc/dovecot/ssl/dovecot.key
userdb {
  driver = passwd
}
userdb {
  args = /etc/dovecot/extra.passwd
  driver = passwd-file
}
verbose_ssl = yes

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 10.1-0-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages dovecot-core depends on:
ii  adduser 3.113+nmu3
ii  libbz2-1.0  1.0.6-7+b2
ii  libc0.1 2.19-15
ii  libpam-runtime  1.1.8-3.1
ii  libpam0g1.1.8-3.1
ii  libssl1.0.0 1.0.1k-1
ii  openssl 1.0.1k-1
ii  ucf 3.0030
ii  zlib1g  1:1.2.8.dfsg-2+b1

dovecot-core recommends no packages.

Versions of packages dovecot-core suggests:
pn  dovecot-gssapinone
ii  dovecot-imapd 1:2.1.7-7+deb7u1
pn  dovecot-ldap  none
pn  dovecot-lmtpd none
pn  dovecot-managesieved  none
pn  dovecot-mysql none
pn  dovecot-pgsql none
pn  dovecot-pop3d none
pn  dovecot-sieve none
pn  dovecot-solr  none
pn  dovecot-sqlitenone
ii  ntp   1:4.2.6.p5+dfsg-5

Versions of packages dovecot-core is related to:
ii  dovecot-core [dovecot-common]  1:2.1.7-7+deb7u1
pn  dovecot-dbgnone
pn  dovecot-devnone
pn  dovecot-gssapi none
ii  dovecot-imapd  1:2.1.7-7+deb7u1
pn  dovecot-ldap   none
pn  dovecot-lmtpd  none
pn  dovecot-managesieved   none
pn  dovecot-mysql  none
pn  dovecot-pgsql  none
pn  dovecot-pop3d  none
pn  dovecot-sieve  none
pn  dovecot-sqlite none

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772823: ITP: kimchi -- HTML5 baseITP: kimchi -- HTML5 based management tool for KVM.d management tool for KVM.

2015-03-25 Thread Julien Goodwin

On 25/03/15 21:01, Frederic Bonnard wrote:
 Hi Julien,
 thanks for this one. I added it to the lastest packaging I pushed on
 mentors.debian.net .
 I also added a patch that I sent for review on @kimchi-devel which should make
 possible to use http://server/kimchi with a sub-site configuration file in
 nginx based on commentis of Robie Basak to comply better with :
 http://webapps-common.alioth.debian.org/draft/html/ch-httpd.html

Yep, been seeing those come through.

 On Sun, 22 Mar 2015 23:37:44 +1100, Julien Goodwin 
 jgood...@studio442.com.au wrote:
 One more missing dep that slipped through, novnc is missing from the
 package deps.

 




signature.asc
Description: OpenPGP digital signature

Bug#781159: [Pkg-lyx-devel] Bug#781159: lyx-common: two dangling symlinks

2015-03-25 Thread Sven Hoexter

On Wed, Mar 25, 2015 at 01:00:53PM +0100, Manolo Díaz wrote:

Hi,

 /usr/share/lyx/thes -- ../mythes

Ah I think I remember that is a compat
symlink to the mythes files. So if
you install for example mythes-de for
german thesaurus files the destination
is there.

So IMO that's a won't fix issue because
we would have an insanely long Suggest:
list with a non helpful default for one language.
Plus not everyone would like to install
a thesaurus at all.

Sven


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781155: Alternative solution

2015-03-25 Thread Raphael Hertzog

On Wed, 25 Mar 2015, Raphael Hertzog wrote:
 Hello,
 
 while discussing on #debian-systemd we have found another possible way
 to have the service managed under two names:

And a tested version of this hack courtesy of Didier Roche (with
foo.service the real service file, and bar.service the aliased variant):

foo.service:
[Unit]
BindsTo=bar.service

[Service]
ExecStart=/bin/sleep 300

[Install]
Also=bar.service
WantedBy=multi-user.target


bar.service:
[Unit]
BindsTo=foo.service

[Service]
Type=oneshot
ExecStart=/bin/true
RemainAfterExit=True

[Install]
Also=foo.service
WantedBy=multi-user.target

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#764084: ifplugd NetworkManager

Ok,

As I couldn't understand to configure NM to disable this zeroconf/ipv4ll
stuff (where's the doc?!?), I've tried to use ifplugd.

It's a neat package, but there are gotcha:

1- you need to configure it, because by default it won't monitor any
interface, despite what's writen in its man page (option -i);
2- you need to uninstall avahi-autoipd, as otherwise, it will do its thing
and you'll end up with a default route to 169.254

So, in my case, by uninstalling avahi-autoipd and installing and
configuring ifplugd, I could overcome this issue.

So, now, I've a nice system that automatically set up my ethernet network
interface when needed (ie: when there's a cable plugged in), but without
ipv4ll (RFC3927) support.

Cyrille

Bug#781159: [Pkg-lyx-devel] Bug#781159: lyx-common: two dangling symlinks

2015-03-25 Thread Manolo Díaz

On Wednesday, Mar 25 2015 at 13:32 UTC+1,
Sven Hoexter wrote:

On Wed, Mar 25, 2015 at 01:00:53PM +0100, Manolo Díaz wrote:

Hi,

 /usr/share/lyx/thes -- ../mythes

Ah I think I remember that is a compat
symlink to the mythes files. So if
you install for example mythes-de for
german thesaurus files the destination
is there.

Confirmed. After installing mythes-en-us (unfortunately there is no
mythes-es* packages) /usr/share/lyx/the is not a dangling symlink
any more. It seems I ran apt-file search with a wrong path. Sorry.

So IMO that's a won't fix issue because
we would have an insanely long Suggest:
list with a non helpful default for one language.
Plus not everyone would like to install
a thesaurus at all.

Agreed.

Thanks for your quick response.

Best Regards,
-- 
Manolo Díaz


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781166: ifplugd doesn't monitor eth0 by default as documented

Package: ifplugd
Version: 0.28-19
Severity: normal

Dear Maintainer,

According to ifplugd's man page, it should monitor eth0 by default (see 
documentation of the -i option).

However, this was not the case when I installed ifplugd. And, I had to set the 
INTERFACES variable to eth0
in /etc/default/ifplugd to get ifplugd running.

When I leave the INTERFACES variable empty, ifplugd doesn't start.

To be in-line with the documentation, the INTERFACES variable should be set to 
eth0 at package's installation.

Best regards,

Cyrille

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- Package-specific info:
 /sys/class/net/ interfaces:
/sys/class/net/eth0/
/sys/class/net/lo/
/sys/class/net/wlan0/

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ifplugd depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  libc6  2.19-15
ii  libdaemon0 0.14-6
ii  lsb-base   4.1+Debian13+nmu1

Versions of packages ifplugd recommends:
ii  ifupdown  0.7.53.1

Versions of packages ifplugd suggests:
ii  wpasupplicant  2.3-1

-- debconf information:
  ifplugd/args: -q -f -u0 -d10 -w -I
  ifplugd/interfaces:
  ifplugd/hotplug_interfaces:
  ifplugd/suspend_action: stop


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#779731: dleyna-server: Dleyna saturating cpu

2015-03-25 Thread Nico Rikken

Package: dleyna-server
Version: 0.4.0-1
Followup-For: Bug #779731

Dear Maintainer,

I have a similar problem. On my core2duo machine, when I start playing an 
audio- or video-file in Totem (Gnome Video), the Dleyna server starts. It fully 
saturates one of my cores. As a result the system will eventually lock-up in 
say a couple of minutes, presumably due to the other processor not being able 
to keep up with both processing the video (Totem's processes) and handling all 
other processing on the system.
The only cure I have is to kill the process 
(/usr/lib/dleyna-server/dleyna-server-service), which frees up the processor 
again. The service doesn't seem to come up again when continuing to play the 
video or audio file in Totem. When restarting Totem Dleyna will be present once 
again, starting to saturate my processor.

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dleyna-server depends on:
ii  libc6   2.19-15
ii  libdleyna-connector-dbus-1.0-1  0.2.0-1
ii  libdleyna-core-1.0-30.4.0-1
ii  libglib2.0-02.42.1-1
ii  libgssdp-1.0-3  0.14.10-1
ii  libgupnp-1.0-4  0.20.12-1
ii  libgupnp-av-1.0-2   0.12.6-1
ii  libgupnp-dlna-2.0-3 0.10.2-1
ii  libsoup2.4-12.48.0-1

dleyna-server recommends no packages.

dleyna-server suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781159: [Pkg-lyx-devel] Bug#781159: lyx-common: two dangling symlinks

2015-03-25 Thread Sven Hoexter

On Wed, Mar 25, 2015 at 01:00:53PM +0100, Manolo Díaz wrote:

Hi,

 Two symlinks in lyx-common point to files no provided by any debian
 package, at least in the Jessie branch:
 
 /usr/share/lyx/thes -- ../mythes
 /usr/share/icons/hicolor/48x48/apps/lyx.png -- ../../../../lyx/images/lyx.png
 
 I haven't found any use impact, though.

The icon issue is fixed with the latest package in unstable
but back then the fix wasn't accepted by the release team.
(The package would've introduced other issues as we learned later,
but the fix would've been rejected anyway.)

The thes - mythes thing is still open and should be fixed.

Thanks for the report.

Sven


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781160: RM: libcapsinetwork -- ROM; obsolete, no upstream, IPv4 only

2015-03-25 Thread Markus Koschany

Package: ftp.debian.org
Severity: normal

Hello,

please remove libcapsinetwork from unstable and if possible also from
the testing distribution. If it is necessary to contact the release
team about that, please let me know.

Reasons for removing libcapsinetwork from Debian:

* no upstream release since 2005
* libcapsinetwork supports only IPv4
* This network library is obsolete and was partly integrated into
  monopd, the reason why it was packaged after all. The new
  upstream developer of monopd does not intend to work on
  libcapsinetwork and also recommends to remove it from Debian.
  New networking features will be integrated into monopd.
* libcapsinetwork has no further reverse-dependencies

See also https://bugs.debian.org/781044 for reference.

Regards,

Markus


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781162: slapd segfaults on pass-through SASL authentication

2015-03-25 Thread Simon Bin

Package: slapd
Version: 2.4.31-1+nmu2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

I'm trying to set up pass-through authentication against Kerberos
Realm for our LDAP Directory. For that I installed saslauthd and
confirmed the operation with sasl-sample-client/server and
testsaslauthd.

   * What led up to the situation?

To pass off authentication, set the userPassword attribute to

   {SASL}Username@KRBREALM

in the LDAP directory, as explained on
http://www.openldap.org/doc/admin24/security.html

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

After doing so, slapd crashes on log-in.

   * What was the outcome of this action?

I'm attaching a gdb trace as good as I was able to create

   * What outcome did you expect instead?

Functioning log-in operation.

-- Syslog message

Mar 25 12:47:34 server slapd[16578]:  slap_listener(ldap:///)
Mar 25 12:47:34 server slapd[16578]: conn=1004 fd=21 ACCEPT from 
IP=139.*.*.*:51272 (IP=0.0.0.0:389)
Mar 25 12:47:34 server slapd[16578]: connection_get(21): got connid=1004
Mar 25 12:47:34 server slapd[16578]: connection_read(21): checking for input on 
id=1004
Mar 25 12:47:34 server slapd[16578]: op tag 0x60, time 1427284054
Mar 25 12:47:34 server slapd[16578]: conn=1004 op=0 do_bind
Mar 25 12:47:34 server slapd[16578]:  dnPrettyNormal: 
cn=*,ou=People,dc=,dc=org
Mar 25 12:47:34 server slapd[16578]:  dnPrettyNormal: 
cn=*,ou=People,dc=,dc=org, cn=*,ou=people,dc=,dc=org
Mar 25 12:47:34 server slapd[16578]: conn=1004 op=0 BIND 
dn=*,ou=People,dc=,dc=org method=128
Mar 25 12:47:34 server slapd[16578]: do_bind: version=3 
dn=cn=*,ou=People,dc=,dc=org method=128
Mar 25 12:47:34 server slapd[16578]: 
bdb_dn2entry(cn=*,ou=people,dc=,dc=org)
Mar 25 12:47:34 server slapd[16578]: = hdb_dn2id(ou=people,dc=,dc=org)
Mar 25 12:47:34 server slapd[16578]: = hdb_dn2id: got id=0x4
Mar 25 12:47:34 server slapd[16578]: = 
hdb_dn2id(cn=*,ou=people,dc=,dc=org)
Mar 25 12:47:34 server slapd[16578]: = hdb_dn2id: got id=0x237
Mar 25 12:47:34 server slapd[16578]: entry_decode: 
Mar 25 12:47:34 server slapd[16578]: = entry_decode()
Mar 25 12:47:34 server kernel: [571560.569822] slapd[16598]: segfault at 0 ip 
7f83289a735a sp 7f8323a47db8 error 4 in 
libc-2.13.so[7f8328929000+181000]


-- Stack trace

#0  __strcmp_sse2 () at ../sysdeps/x86_64/multiarch/../strcmp.S:214
No locals.
#1  0x7effc77d14ec in select_backend (dn=dn@entry=0x7effc0aa4f28, 
noSubs=noSubs@entry=1) at ../../../../servers/slapd/backend.c:697
j = optimized out
len = optimized out
dnlen = 0
be = 0x7effc8a79c30
#2  0x7effc78168a3 in slap_auxprop_lookup (glob_context=optimized out, 
sparams=optimized out, flags=0, user=optimized out, ulen=optimized out) 
at ../../../../servers/slapd/sasl.c:345
cb = {sc_next = 0x0, sc_response = 0x7effc7815fb0 sasl_ap_lookup, 
sc_cleanup = 0, sc_private = 0x7effc0aa4e40}
opbuf = {ob_op = {o_hdr = 0x0, o_tag = 0, o_time = 0, o_tincr = 0, o_bd 
= 0x0, o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn = {bv_len = 0, bv_val = 
0x0}, o_request = {oq_add = {rs_modlist = 0x0, rs_e = 0x0}, oq_bind = {
rb_method = 0, rb_cred = {bv_len = 0, bv_val = 0x0}, rb_edn = 
{bv_len = 0, bv_val = 0x0}, rb_ssf = 0, rb_mech = {bv_len = 0, bv_val = 0x0}}, 
oq_compare = {rs_ava = 0x0}, oq_modify = {rs_mods = {rs_modlist = 0x0, 
  rs_no_opattrs = 0 '\000'}, rs_increment = 0}, oq_modrdn = 
{rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn = 0, 
rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, bv_val = 
0x0}, 
rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope = 0, 
rs_deref = 0, rs_slimit = 0, rs_tlimit = 0, rs_limit = 0x0, rs_attrsonly = 0, 
rs_attrs = 0x0, rs_filter = 0x0, rs_filterstr = {bv_len = 0, bv_val = 0x0}}, 
  oq_abandon = {rs_msgid = 0}, oq_cancel = {rs_msgid = 0}, 
oq_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0}, rs_flags = 0, rs_reqdata 
= 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0}, 
  rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0, bv_val 
= 0x0}, rs_new = {bv_len = 0, bv_val = 0x0}, rs_mods = 0x0, rs_modtail = 0x0}}, 
o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000', 
o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv 
= ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', 
o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', 
o_ctrlflag = '\000' repeats 31 times, o_controls = 0x0, o_authz = 
{sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0, 
bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0, 
  sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber 
= 0x0, o_res_ber = 0x0,

Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions

Control: tags -1 moreinfo

Dear Thibaud,

Am 25.03.2015 um 10:39 schrieb Thibaut Paumard:
 About each time I reboot my computer, boot stalls with two start jobs unable 
 to
 complete:
 
 A start job is running for Enable support for additional binary formats ([...]
 / no limit)
 
 A start job is running for LSB: Recover schroot sessions ([...] / no limit)
 
 When that happens, I have to forcibly halt the computer (an Apple MacBook Pro)
 by holding the power button. Next boot usually goes fine.
 
 This has been happening since at least end of December 2014. It looks random,
 with a fairly high probability (~50%).

Can you boot with the following added to your kernel command line (man
kerne-command-line) systemd.debug-shell.

This will start a debug shell on tty9.

If your system hang during boot, please switch to tty9, then save the
output of
ps aux
systemctl list-jobs
systemd-cgls

Thanks,
Michael



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#781145: UEFI boot issues

2015-03-25 Thread Steve McIntyre

On Tue, Mar 24, 2015 at 11:43:17PM -0800, Patrick Brooks wrote:

I have video issues when trying to install Debian using UEFI. I tried
using both the system's internal boot menu and rEFInd to boot the
installer. Both have video issues.The computer boots fine if I use
Windows so hardware failure is not the cause.

For reference:

http://i.imgur.com/FKopKE0.jpg

http://i.imgur.com/gOwkuwk.jpg

Right. This looks like video corruption I've seen myself in testing on
various platforms with Wheezy builds. Depending on the system, the
video setup would *sometimes* work if retried - is this consistent for
you on every boot?

Also: we've moved on a long way since then. Could you try a current
Jessie netinst and see how that works for you please?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Welcome my son, welcome to the machine.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781164: apport: more unicode errors

2015-03-25 Thread Ritesh Raj Sarraf

Package: apport
Version: 2.16.2-1
Severity: normal

Have a look at the attachment

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.19.2 (SMP w/4 CPU cores)
Locale: LANG=en_IN.utf8, LC_CTYPE=en_IN.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apport depends on:
ii  gir1.2-glib-2.0  1.42.0-2.2
ii  lsb-base 4.1+Debian13+nmu1
ii  python3  3.4.2-2
ii  python3-apport   2.16.2-1
ii  python3-gi   3.14.0-1
pn  python:any   none

Versions of packages apport recommends:
ii  policykit-1  0.105-8

Versions of packages apport suggests:
ii  apport-gtk  2.16.2-1

-- Configuration Files:
/etc/apport/crashdb.conf changed:
default = 'debian-debug'
databases = {
'ubuntu': {
'impl': 'launchpad',
'bug_pattern_url': 
'http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml',
'dupdb_url': 
'http://people.canonical.com/~ubuntu-archive/apport-duplicates',
'distro': 'ubuntu',
'escalation_tag': 'bugpattern-needed',
'escalated_tag': 'bugpattern-written',
},
'fedora': {
 # NOTE this will change Fall '07 when RHT switches to bugzilla 3.x!
'impl': 'rhbugzilla',
'bug_pattern_url': 'http://qa.fedoraproject.org/apport/bugpatterns.xml',
'distro': 'fedora'
},
'debian': {
'impl': 'debian',
'distro': 'debian',
'smtphost': 'reportbug.debian.org',
'recipient': 'sub...@bugs.debian.org',
'sender': ''
},
'debian-debug': {
'impl': 'debian',
'distro': 'debian',
'smtphost': 'localhost',
'recipient': 'r...@debian.org',
'sender': 'r...@researchut.com'
},
'debug': {
# for debugging
'impl': 'memory',
'bug_pattern_url': '/tmp/bugpatterns.xml',
'distro': 'debug'
},
}


-- no debconf information
ERROR: apport (pid 12764) Wed Mar 25 16:14:46 2015: called for pid 12721, signal 11, core limit 0
ERROR: apport (pid 12764) Wed Mar 25 16:14:46 2015: Unhandled exception:
Traceback (most recent call last):
  File /usr/share/apport/apport, line 347, in module
info.add_proc_info(pid)
  File /usr/lib/python3/dist-packages/apport/report.py, line 544, in add_proc_info
ret = self.get_logind_session(pid)
  File /usr/lib/python3/dist-packages/apport/report.py, line 1595, in get_logind_session
for l in f.read().split('\0'):
  File /usr/lib/python3.4/encodings/ascii.py, line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 2303: ordinal not in range(128)
ERROR: apport (pid 12764) Wed Mar 25 16:14:46 2015: pid: 12764, uid: 1000, gid: 1000, euid: 0, egid: 0
ERROR: apport (pid 12764) Wed Mar 25 16:14:46 2015: environment: environ({})
ERROR: apport (pid 12985) Wed Mar 25 16:18:06 2015: called for pid 12977, signal 11, core limit 0
ERROR: apport (pid 12985) Wed Mar 25 16:18:06 2015: Unhandled exception:
Traceback (most recent call last):
  File /usr/share/apport/apport, line 347, in module
info.add_proc_info(pid)
  File /usr/lib/python3/dist-packages/apport/report.py, line 544, in add_proc_info
ret = self.get_logind_session(pid)
  File /usr/lib/python3/dist-packages/apport/report.py, line 1595, in get_logind_session
for l in f.read().split('\0'):
  File /usr/lib/python3.4/encodings/ascii.py, line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 2305: ordinal not in range(128)
ERROR: apport (pid 12985) Wed Mar 25 16:18:06 2015: pid: 12985, uid: 1000, gid: 1000, euid: 0, egid: 0
ERROR: apport (pid 12985) Wed Mar 25 16:18:06 2015: environment: environ({})
ERROR: apport (pid 13088) Wed Mar 25 16:20:06 2015: called for pid 13079, signal 11, core limit 0
ERROR: apport (pid 13088) Wed Mar 25 16:20:06 2015: Unhandled exception:
Traceback (most recent call last):
  File /usr/share/apport/apport, line 347, in module
info.add_proc_info(pid)
  File /usr/lib/python3/dist-packages/apport/report.py, line 544, in add_proc_info
ret = self.get_logind_session(pid)
  File /usr/lib/python3/dist-packages/apport/report.py, line 1595, in get_logind_session
for l in f.read().split('\0'):
  File /usr/lib/python3.4/encodings/ascii.py, line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 2305: ordinal not in range(128)
ERROR: apport (pid 13088) Wed Mar 25 16:20:06 2015: pid: 13088, uid: 1000, gid: 1000, euid: 0, egid: 0
ERROR: apport (pid 13088) Wed Mar 25 16:20:06 2015: environment: environ({})
ERROR: apport (pid 13289) Wed Mar 25 16:23:59 2015: called for pid 13282, signal 11, core limit 0
ERROR: apport (pid

Bug#781163: unblock (pre-approved): util-linux/2.25.2-5.1

2015-03-25 Thread Kirill Smelkov

Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: unblock, confirmed, moreinfo

Hello up there,

Recently I've discovered that `unshare -r`, though it used to work in
2014, stopped working for Jessie:

https://bugs.debian.org/780841

The fix was pre-ack'ed by util-linux maintainer (Andreas Henriksson)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780841#10

and pre-approved by RT member Niels Thykier on debian-release@l.d.o:

https://lists.debian.org/debian-release/2015/03/msg00661.html


Niels asked to file an unblock request with full intended debdiff, which
I do here. It is an NMU, because there is no reply from Andreas for
several days. Hope it is ok.


Thanks beforehand,
Kirill


diff --git a/debian/changelog b/debian/changelog
index 7850238..0d80c1b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+util-linux (2.25.2-5.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Cherry-pick `unshare -r` fix from upstream. (Closes: #780841)
+
+ -- Kirill Smelkov k...@nexedi.com  Wed, 25 Mar 2015 16:23:34 +0300
+
 util-linux (2.25.2-5) unstable; urgency=medium
 
   * Revert Trigger update of initramfs on upgrades (Closes: #773354)
diff --git a/debian/patches/series b/debian/patches/series
index 6428b26..577ad52 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,3 +17,4 @@ Update-Japanese-translation.patch
 Update-Russian-translation.patch
 Trivial-unfuzzy.patch
 libblkid-care-about-unsafe-chars-in-cache.patch
+unshare-Fix-map-root-user-to-work-on-new-kernels.patch
diff --git 
a/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch 
b/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch
new file mode 100644
index 000..9a469c1
--- /dev/null
+++ b/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch
@@ -0,0 +1,71 @@
+From: Eric W. Biederman ebied...@xmission.com
+Date: Wed, 17 Dec 2014 17:06:03 -0600
+Subject: [PATCH] unshare: Fix --map-root-user to work on new kernels
+Origin: 
https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit?id=0bf159413bdb9e324864a422b7aecb081e739119
+
+In rare cases droping groups with setgroups(0, NULL) is an operation
+that can grant a user additional privileges.  User namespaces were
+allwoing that operation to unprivileged users and that had to be
+fixed.
+
+Update unshare --map-root-user to disable the setgroups operation
+before setting the gid_map.
+
+This is needed as after the security fix gid_map is restricted to
+privileged users unless setgroups has been disabled.
+
+Signed-off-by: Eric W. Biederman ebied...@xmission.com
+---
+ include/pathnames.h |  1 +
+ sys-utils/unshare.c | 19 +++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/include/pathnames.h b/include/pathnames.h
+index 0d21b98..cbc93b7 100644
+--- a/include/pathnames.h
 b/include/pathnames.h
+@@ -93,6 +93,7 @@
+ 
+ #define _PATH_PROC_UIDMAP /proc/self/uid_map
+ #define _PATH_PROC_GIDMAP /proc/self/gid_map
++#define _PATH_PROC_SETGROUPS  /proc/self/setgroups
+ 
+ #define _PATH_PROC_ATTR_CURRENT   /proc/self/attr/current
+ #define _PATH_PROC_ATTR_EXEC  /proc/self/attr/exec
+diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
+index fccdba2..9fdce93 100644
+--- a/sys-utils/unshare.c
 b/sys-utils/unshare.c
+@@ -39,6 +39,24 @@
+ #include pathnames.h
+ #include all-io.h
+ 
++static void disable_setgroups(void)
++{
++  const char *file = _PATH_PROC_SETGROUPS;
++  const char *deny = deny;
++  int fd;
++
++  fd = open(file, O_WRONLY);
++  if (fd  0) {
++  if (errno == ENOENT)
++  return;
++   err(EXIT_FAILURE, _(cannot open %s), file);
++  }
++
++  if (write_all(fd, deny, strlen(deny)))
++  err(EXIT_FAILURE, _(write failed %s), file);
++  close(fd);
++}
++
+ static void map_id(const char *file, uint32_t from, uint32_t to)
+ {
+   char *buf;
+@@ -181,6 +199,7 @@ int main(int argc, char *argv[])
+   }
+ 
+   if (maproot) {
++  disable_setgroups();
+   map_id(_PATH_PROC_UIDMAP, 0, real_euid);
+   map_id(_PATH_PROC_GIDMAP, 0, real_egid);
+   }


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781123: Looks similar to upstream bug #960

2015-03-25 Thread Vasyl Kaigorodov

Just my 2c here - quicly looking at Valgrind backtrace, and the code -
looks like the issue is that with attached crafted .riff file 
RiffVideo::tagDecoder() gets unsigned long as
its' 2nd argument, which is then passed further to 
RiffVideo::dateTimeOriginal() as long.
I'm not a CPP guru, but other functions there might suffer from the same issue:

junkHandler
aviHeaderTagsHandler
streamHandler
streamDataTagHandler

Jakub, did you report this upsream already?

Thanks.
-- 
Vasyl Kaigorodov | Red Hat Product Security
PGP:  0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828


pgpdIgRCMmpIt.pgp
Description: PGP signature

Bug#762465: KREDIT

2015-03-25 Thread werner miller

-- 
Grüß Gott,

  Sie brauchen dringend Darlehen? oder eine finanzielle
Unterstützung? wir alle können von Darlehen mit einem sehr geringen
Zinssatz, wenn Sie interessiert sind, sich ein Darlehen, kontaktieren
Sie uns heute per E-Mail wernermiller...@hotmail.com


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#774660: [Alexander Cherepanov chere...@mccme.ru] Bug#774660: Directory traversal through symlinks

2015-03-25 Thread Moritz Muehlenhoff

On Thu, Feb 19, 2015 at 11:08:43PM +0100, Mohammed Adnène Trojette wrote:
 tags 774660 + upstream forwarded
 thanks
 
 Hi!
 
 The bug mentioned below was reported to Debian.

Did you receive a reply from upstream?

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781165: RFP: prospector -- Python code analysis tool

2015-03-25 Thread Raphael Hertzog

Package: wnpp
Severity: wishlist

* Package name: prospector
  Version : 0.9.9
  Upstream Author : Carl Crowder
* URL : https://github.com/landscapeio/prospector
* License : GPL-2+
  Programming Lang: Python
  Description : Python code analysis tool

Prospector is a tool to analyse Python code and output information about
errors, potential problems, convention violations and complexity.

It brings together the functionality of other Python analysis tools such
as pylint, pep8 and McCabe complexity. More information and a complete
list of supported tools is available on the documentation site.

The primary aim of Prospector is to be useful 'out of the box'. A common
complaint of other Python analysis tools is that it takes a long time to
filter through which errors are relevant or interesting to your own coding
style. Prospector provides some default profiles, which hopefully will
provide a good starting point and will be useful straight away, and adapts
the output depending on the libraries your project uses. 


It would be nice to have this available to help check one's own Python
code.

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#780816: tophat: embedded samtools copy

2015-03-25 Thread Alex Mestiashvili


Dear Maintainer,

Tophat 2.0.13 started to include a convience copy of samtools 0.1.18, 
I believe
this is technically a violation of Debian policy. Though I'm not sure 
how hard

it would be properly fix the issue.

Diane Trout


Hi Diane,

Please see this thread for more details:
 https://lists.debian.org/debian-med/2014/10/msg4.html

Until we have a solution we need to ship samtools 0.1.18 with tophat.

Regards,
Alex


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#228380:

In my case, I'm trying to get rid of the ipv4ll configuration.

I wanted to use dhcpcd5 because we can disable its ipv4ll support.

But eventually, I couldn't uninstall isc-dhcp-client because
network-manager depends on it.

So, I can't use dhcpcd5 without uninstalling network-manager (which I don't
want to do atm).

Cyrille

Bug#731439: linux: unable to handle kernel paging request at ffffffffffffffb8 when trying to remove a file in a checkpoint directory of a NFSv4 mount from a EMC VNx Storage

2015-03-25 Thread Salvatore Bonaccorso

Control: retitle -1 BUG: unable to handle kernel paging request at 
ffb8 when trying to remove a file in a checkpoint directory of a 
NFSv4 mount from a EMC VNx Storage
Control: found -1 3.2.14-1
Control: severity -1 important

Hi Kernel Team!

It looks that this is a 3.2.x specific regression introduced between
3.2.13-1 and 3.2.14-1. I failed for now to isolate the correct commit,
but hope you might help in that. Using a 3.2.13-1 the bug does not
appear, and trying to remove a file from such a checkpoint directory
just gives rm: cannot remove `foo': Input/output error. Updating
3.2.14-1 and retrying the procedure panics the kernel.

(I increased the severity beeing a regression from 3.2.13-1 and which
could cause basically a DoS against other users on a multiuser
system.)

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781162: [Pkg-openldap-devel] Bug#781162: slapd segfaults on pass-through SASL authentication

2015-03-25 Thread Ryan Tandy


Control: severity -1 important
Control: tags -1 confirmed

Hi,

Thanks for the report.

You referred to saslauthd in your original message, but I noticed that 
the crash only happens if pwcheck_method in /etc/ldap/sasl2/slapd.conf 
is set to auxprop (or not set at all; auxprop is the default), whereas 
for pass-through authentication, AFAIK one would normally choose the 
saslauthd method (which, for me, works correctly and does not crash). Is 
that configuration by you intentional?


The SASL configuration is mentioned in the upstream docs:

http://www.openldap.org/doc/admin24/security.html#Configuring%20slapd%20to%20use%20an%20authentication%20provider


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#774643: can't cast Hash to text

2015-03-25 Thread Knut Arne Bjørndal

Hi

There still seems to be some problems with stored configs, in a test
deployment I have the following minimal node manifest:

define foo($params) {
}

node 'test.adm.easyconnect.no' {
  @@foo {'bar': params = {foo = 1, bar = 2} }
}

We use this kind of pattern in quite a few places where it would be
inconvenient to flatten it before exporting, and it works fine on wheezy.

The first run of the agent works fine, and the following value is
written to the database: {foo=1, bar=2}

The second (and third, fourth, ...) run fails: Error: Could not retrieve
catalog from remote server: Error 400 on SERVER: can't cast Hash to text

Enabling as much debug as I know how to on the master it logs this on
the first (successful) run:

Notice: Compiled catalog for test.adm.easyconnect.no in environment
vagrant in 1.20 seconds
Info: Caching catalog for test.adm.easyconnect.no
Debug: Searched for resources in 0.01 seconds
Debug: Searched for resource params and tags in 0.00 seconds
Debug: Resource removal in 0.00 seconds
Debug: Resource merger in 0.00 seconds
Debug: Added resources(initialization) in 0.01 seconds
Debug: Added resources(parameters) in 0.01 seconds
Debug: Added resources(tags) in 0.02 seconds
Debug: Resource addition in 0.06 seconds
Debug: Performed resource comparison in 0.06 seconds
Debug: Using cached facts for test.adm.easyconnect.no
Info: Caching node for test.adm.easyconnect.no

While for the second run:

Info: Caching node for test.adm.easyconnect.no
Notice: Compiled catalog for test.adm.easyconnect.no in environment
vagrant in 0.03 seconds
Info: Caching catalog for test.adm.easyconnect.no
Debug: Searched for resources in 0.01 seconds
Debug: Searched for resource params and tags in 0.00 seconds
Debug: Resource removal in 0.00 seconds
Error: can't cast Hash to text

Agent version doesn't seem to matter, I've tried both 2.7 and 3.7.
Master is on 3.7.2-3 from jessie.

-- 
Knut Arne Bjørndal, Tekniker Easy Connect AS - http://1890.no
E-post: knut.arne.bjorn...@easyconnect.no



signature.asc
Description: OpenPGP digital signature

Bug#781168: Workarounds for Google being evil with .ics feeds

2015-03-25 Thread Enrico Zini

Package: akonadi-server
Version: 1.13.0-2
Severity: normal

Hello,

I have as a calendar source an .ics served by Google, with an address
like this: 
https://www.google.com/calendar/ical/person%40gmail.com/private-12341234123412341234123412341234/basic.ics

It looks like Google is being evil by breaking all the assumptions that
allow an efficient update of that data feed. Not only they did not
implement neither If-Modified-Since nor a sensible modification date for
their ical server:

  Current date/time: Wed, 25 Mar 2015 14:34:24 +

  Headers for a HEAD request on the ics url:

 Content-Type: text/calendar; charset=UTF-8
 X-Content-Type-Options: nosniff
 Pragma: no-cache
 Content-Length: 312906
 Alternate-Protocol: 443:quic,p=0.5
 Server: GSE
 Cache-Control: no-cache, no-store, max-age=0, must-revalidate
 Expires: Fri, 01 Jan 1990 00:00:00 GMT
 Date: Wed, 25 Mar 2015 14:34:24 GMT
 X-XSS-Protection: 1; mode=block
 X-Frame-Options: SAMEORIGIN

But also the content is significantly different. This is the list of
what I have observed Gmail doing to an unchanged ical feed:

 - DTSTAMP of each element is always now
 - VTIMEZONE entries appear in random order
 - ORGANIZER CN entries randomly change between full name and plus.google.com
   user ID
 - ATTENDEE entries randomly change between having a CN or not having it
 - TRIGGER entries change spontaneously
 - CREATED entries change spontaneously

This causes akonadi to download and reprocess the entire ical feed every
single time. In this case we are talking about 300Kb, which is a lot of
ical data, and I end up with akonadi and the database working more often
than not, a hot an noisy laptop, and an unhealthy amount of anger.

I am now working on a smart diff between ical files that should be able
to tell when two .ics files mangled that way are still actually the
same. I'll try to keep you posted.


Thank you,

Enrico

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.19.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages akonadi-server depends on:
ii  akonadi-backend-postgresql  1.13.0-2
ii  libakonadiprotocolinternals11.13.0-2
ii  libboost-program-options1.55.0  1.55.0+dfsg-3
ii  libc6   2.19-15
ii  libgcc1 1:4.9.2-10
ii  libqt4-dbus 4:4.8.6+git64-g5dc8b2b+dfsg-3
ii  libqt4-network  4:4.8.6+git64-g5dc8b2b+dfsg-3
ii  libqt4-sql  4:4.8.6+git64-g5dc8b2b+dfsg-3
ii  libqt4-xml  4:4.8.6+git64-g5dc8b2b+dfsg-3
ii  libqtcore4  4:4.8.6+git64-g5dc8b2b+dfsg-3
ii  libqtgui4   4:4.8.6+git64-g5dc8b2b+dfsg-3
ii  libstdc++6  4.9.2-10

akonadi-server recommends no packages.

Versions of packages akonadi-server suggests:
pn  akonadi-backend-mysql   none
ii  akonadi-backend-postgresql  1.13.0-2
pn  akonadi-backend-sqlite  none

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781167: claws-mail-pgpinline: pgpinline encrypts an e-mail, then cannot decrypt the same e-mail in it's own Sent folder

2015-03-25 Thread clayton

Package: claws-mail-pgpinline
Version: 3.11.1-3
Severity: normal

For e-mail in Sent folder, claws reports Couldn't decrypt: Decryption failed.

If I save the encrypted attachment and then do a gpg --decrypt filename 
then gpg reports 
gpg: decryption failed: secret key not available

No feedback yet from recipient as to whether he was able to decrypt.

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (800, 'testing'), (700, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages claws-mail-pgpinline depends on:
ii  claws-mail   3.11.1-3
ii  claws-mail-pgpmime [claws-mail-pgpcore]  3.11.1-3
ii  libarchive13 3.1.2-11
ii  libassuan0   2.1.2-2
ii  libatk1.0-0  2.14.0-1
ii  libc62.19-15
ii  libcairo21.14.0-2.1
ii  libdb5.3 5.3.28-9
ii  libetpan17   1.5-2
ii  libfontconfig1   2.11.0-6.3
ii  libfreetype6 2.5.2-3
ii  libgdk-pixbuf2.0-0   2.31.1-2+b1
ii  libglib2.0-0 2.42.1-1
ii  libgnutls-deb0-283.3.8-6
ii  libgpg-error01.17-3
ii  libgpgme11   1.5.1-6
ii  libgtk2.0-0  2.24.25-3
ii  liblockfile1 1.09-6
ii  libpango-1.0-0   1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-01.36.8-3
ii  libsasl2-2   2.1.26.dfsg1-13
ii  zlib1g   1:1.2.8.dfsg-2+b1

claws-mail-pgpinline recommends no packages.

claws-mail-pgpinline suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781169: Checkinstall fails to add files to dpkg conffiles

2015-03-25 Thread Larsen


Package: checkinstall
Version: 1.6.2-4
Severity: normal
Tags: patch

Dear Maintainer,

checkinstall 1.6.2-4 does not tag conffiles of packages it creates as such.
Therefore, files of a created package in /etc will be deleted when the  
package

is removed.

This has already been reported for Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/checkinstall/+bug/1304760

A patch is attached to fix this problem.


-- System Information:
Debian Release: 7.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages checkinstall depends on:
ii  dpkg-dev  1.16.15
ii  file  5.11-2+deb7u3
ii  libc6 2.13-38+deb7u1

Versions of packages checkinstall recommends:
ii  make  3.81-8.2

Versions of packages checkinstall suggests:
pn  gettext  none

-- no debconf information

checkinstall.patch
Description: Binary data

Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions

Am 25.03.2015 um 16:55 schrieb Thibaut Paumard:
 Le 25/03/2015 14:52, Michael Biebl a écrit :
 

 If your system hang during boot, please switch to tty9, then save the
 output of
 ps aux
 systemctl list-jobs
 systemd-cgls
 
 Thanks Michael,
 
 the output of each command is attached in the corresponding file.
 

Looks like a some kind of bug in schroot to me, which causes a dead lock.
I assume, if you disable the schroot.service (update-rc.d disable
schroot), the problem is gone?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#774660: [Alexander Cherepanov chere...@mccme.ru] Bug#774660: Directory traversal through symlinks

2015-03-25 Thread Mohammed Adnène TROJETTE


Unfortunately no reply at all :-/

--
Adnène



Le 25/03/2015 15:12, Moritz Muehlenhoff a écrit :

On Thu, Feb 19, 2015 at 11:08:43PM +0100, Mohammed Adnène Trojette wrote:

tags 774660 + upstream forwarded
thanks

Hi!

The bug mentioned below was reported to Debian.

Did you receive a reply from upstream?

Cheers,
 Moritz




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#533233: relates to bug 764084

This bug relates to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764084

I like the simple solution proposed in message #26 (
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533233#26) where the
metric for RFC3927 subnet is raised above the wireless connexions' default
metric (1024).

However, a definitive solution would be that avahi-autoipd doesn't assign a
RFC3927 address when no cable is connected to the ethernet interface. Maybe
the ifupdown-extra could help here?

See also bug 764084 for more on this RFC3927 problem.

Cyrille

Bug#780841: Please approve `unshare -r` fix for Jessie

2015-03-25 Thread Kirill Smelkov

FYI, I've filed an unblock request for this fix:

http://bugs.debian.org/781163


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781168: Workarounds for Google being evil with .ics feeds

2015-03-25 Thread Enrico Zini

On Wed, Mar 25, 2015 at 04:24:40PM +0100, Enrico Zini wrote:

 I am now working on a smart diff between ical files that should be able
 to tell when two .ics files mangled that way are still actually the
 same. I'll try to keep you posted.

Done! I'm attaching the script that I'm using at the moment.


Enrico

-- 
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org
#!/usr/bin/python3
#
# Copyright © 2015 Enrico Zini enr...@enricozini.org
# This work is free. You can redistribute it and/or modify it under the
# terms of the Do What The Fuck You Want To Public License, Version 2,
# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details.
#
# Work around Google being evil in ical feeds.
#
# This is the list of what I have observed Gmail doing to an ical feed to make
# it hard to sync with its contents efficiently:
#
#  - HTTP Date header is always now
#  - If-Modified-Since is not supported
#  - DTSTAMP of each element is always now
#  - VTIMEZONE entries appear in random order
#  - ORGANIZER CN entries randomly change between full name and plus.google.com
#user ID
#  - ATTENDEE entries randomly change between having a CN or not having it
#  - TRIGGER entries change spontaneously
#  - CREATED entries change spontaneously

import requests
import tempfile
import os
import re
import argparse
import time

class atomic_writer(object):

Atomically write to a file

def __init__(self, fname, mode, osmode=0o644, sync=True, **kw):
self.fname = fname
self.osmode = osmode
self.sync = sync
dirname = os.path.dirname(self.fname)
self.fd, self.abspath = tempfile.mkstemp(dir=dirname, text=b not in 
mode)
self.outfd = open(self.fd, mode, closefd=True, **kw)

def __enter__(self):
return self.outfd

def __exit__(self, exc_type, exc_val, exc_tb):
if exc_type is None:
self.outfd.flush()
if self.sync: os.fdatasync(self.fd)
os.fchmod(self.fd, self.osmode)
os.rename(self.abspath, self.fname)
else:
os.unlink(self.abspath)
self.outfd.close()
return False


class Field:
def __init__(self, content):
# Field name and value
self.name, self.value = content.split(:, 1)

def __str__(self):

Reserialize the field.

return {}:{}\n.format(self.name, self.value)


def parse_ical(fd):

Parse an ical feed in a sequence of Field elements.

lines = []
for line in fd:
if line[0] !=  :
# Field start
if lines:
yield Field(.join(lines))
lines = [line]
else:
# Continuation line
if not lines:
raise RuntimeError(feed starts with a continuation line)
lines.append(line[1:])
if lines:
yield Field(.join(lines))


def drop_vtimezones(feed):

Skip VTIMEZONE fields

in_vtimezone = False
for field in feed:
if field.value == VTIMEZONE:
if field.name == BEGIN:
in_vtimezone = True
continue
elif field.name == END:
in_vtimezone = False
continue
if in_vtimezone: continue
yield field


re_nondet = re.compile(r^(?:DTSTAMP|ORGANIZER|ATTENDEE|TRIGGER|CREATED))
def remove_nondeterminism(content):

Return the string content without all the DTSTAMP lines

res = []
for field in drop_vtimezones(parse_ical(content.splitlines())):
if re_nondet.match(field.name): continue
res.append(str(field))
return .join(res)


def download(url, target):

Download a new version of an ical feed, without touching the existing file
if it has not changed.

res = requests.get(url)

if os.path.exists(target):
with open(target, rt) as fd:
old_content = fd.read()
if remove_nondeterminism(res.text) == 
remove_nondeterminism(old_content):
# Update not needed
return False
#else: # Uncomment for debugging
#with open(old, wt) as out:
#out.write(remove_nondeterminism(old_content))
#with open(new, wt) as out:
#out.write(remove_nondeterminism(res.text))

with atomic_writer(target, wt) as fd:
# Update needed
fd.write(res.text)
return True

if __name__ == __main__:
parser = argparse.ArgumentParser(
description=Download a gmail ics feed, leaving the destination 
untouched if it has not changed)
parser.add_argument('url', help=url to download)
parser.add_argument('dest', help=destination file name)
parser.add_argument('--log', action=store, help=log actual updates to 
this file)

args = parser.parse_args()
if download(args.url, args.dest):
if args.log:
with open(args.log, at) as fd:
print({}: updated

Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions

2015-03-25 Thread Thibaut Paumard

Le 25/03/2015 14:52, Michael Biebl a écrit :

 
 If your system hang during boot, please switch to tty9, then save the
 output of
 ps aux
 systemctl list-jobs
 systemd-cgls

Thanks Michael,

the output of each command is attached in the corresponding file.

Kind regards, Thibaut.



USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
root 1  5.8  0.0  30840  6588 ?Ss   16:01   0:11 /sbin/init
root 2  0.0  0.0  0 0 ?S16:01   0:00 [kthreadd]
root 3  1.2  0.0  0 0 ?S16:01   0:02 [ksoftirqd/0]
root 4  0.0  0.0  0 0 ?S16:01   0:00 [kworker/0:0]
root 5  0.0  0.0  0 0 ?S   16:01   0:00 [kworker/0:0H]
root 6  0.1  0.0  0 0 ?S16:01   0:00 [kworker/u16:0]
root 7  0.2  0.0  0 0 ?S16:01   0:00 [rcu_sched]
root 8  0.0  0.0  0 0 ?S16:01   0:00 [rcu_bh]
root 9  0.0  0.0  0 0 ?S16:01   0:00 [migration/0]
root10  0.0  0.0  0 0 ?S16:01   0:00 [watchdog/0]
root11  0.2  0.0  0 0 ?S16:01   0:00 [watchdog/1]
root12  0.0  0.0  0 0 ?S16:01   0:00 [migration/1]
root13  0.0  0.0  0 0 ?S16:01   0:00 [ksoftirqd/1]
root14  0.0  0.0  0 0 ?S16:01   0:00 [kworker/1:0]
root15  0.0  0.0  0 0 ?S   16:01   0:00 [kworker/1:0H]
root16  0.0  0.0  0 0 ?S16:01   0:00 [watchdog/2]
root17  0.0  0.0  0 0 ?S16:01   0:00 [migration/2]
root18  0.0  0.0  0 0 ?S16:01   0:00 [ksoftirqd/2]
root19  0.0  0.0  0 0 ?S16:01   0:00 [kworker/2:0]
root20  0.0  0.0  0 0 ?S   16:01   0:00 [kworker/2:0H]
root21  0.0  0.0  0 0 ?S16:01   0:00 [watchdog/3]
root22  0.0  0.0  0 0 ?S16:01   0:00 [migration/3]
root23  0.2  0.0  0 0 ?S16:01   0:00 [ksoftirqd/3]
root24  0.0  0.0  0 0 ?S16:01   0:00 [kworker/3:0]
root25  0.0  0.0  0 0 ?S   16:01   0:00 [kworker/3:0H]
root26  0.0  0.0  0 0 ?S16:01   0:00 [watchdog/4]
root27  0.0  0.0  0 0 ?S16:01   0:00 [migration/4]
root28  0.1  0.0  0 0 ?S16:01   0:00 [ksoftirqd/4]
root29  0.0  0.0  0 0 ?S16:01   0:00 [kworker/4:0]
root30  0.0  0.0  0 0 ?S   16:01   0:00 [kworker/4:0H]
root31  0.0  0.0  0 0 ?S16:01   0:00 [watchdog/5]
root32  0.0  0.0  0 0 ?S16:01   0:00 [migration/5]
root33  0.0  0.0  0 0 ?S16:01   0:00 [ksoftirqd/5]
root34  0.0  0.0  0 0 ?S16:01   0:00 [kworker/5:0]
root35  0.0  0.0  0 0 ?S   16:01   0:00 [kworker/5:0H]
root36  0.0  0.0  0 0 ?S16:01   0:00 [watchdog/6]
root37  0.0  0.0  0 0 ?S16:01   0:00 [migration/6]
root38  0.0  0.0  0 0 ?S16:01   0:00 [ksoftirqd/6]
root39  0.0  0.0  0 0 ?S16:01   0:00 [kworker/6:0]
root40  0.0  0.0  0 0 ?S   16:01   0:00 [kworker/6:0H]
root41  0.0  0.0  0 0 ?S16:01   0:00 [watchdog/7]
root42  0.0  0.0  0 0 ?S16:01   0:00 [migration/7]
root43  0.2  0.0  0 0 ?S16:01   0:00 [ksoftirqd/7]
root44  0.0  0.0  0 0 ?S16:01   0:00 [kworker/7:0]
root45  0.0  0.0  0 0 ?S   16:01   0:00 [kworker/7:0H]
root46  0.0  0.0  0 0 ?S   16:01   0:00 [khelper]
root47  0.0  0.0  0 0 ?S16:01   0:00 [kdevtmpfs]
root48  0.0  0.0  0 0 ?S   16:01   0:00 [netns]
root49  0.0  0.0  0 0 ?S16:01   0:00 [khungtaskd]
root50  0.0  0.0  0 0 ?S   16:01   0:00 [writeback]
root51  0.0  0.0  0 0 ?SN   16:01   0:00 [ksmd]
root52  0.0  0.0  0 0 ?SN   16:01   0:00 [khugepaged]
root53  0.0  0.0  0 0 ?S   16:01   0:00 [crypto]
root54  0.0  0.0  0 0 ?S   16:01   0:00 [kintegrityd]
root55  0.0  0.0  0 0 ?S   16:01   0:00 [bioset]
root56  0.0  0.0  0 0 ?S   16:01   0:00 [kblockd]
root57  0.0  0.0  0 0 ?S16:01   0:00 [kworker/7:1]
root58  0.0  0.0  0 0 ?S16:01   0:00 [kworker/6:1]
root59  0.0  0.0  0 0 ?S16:01   0:00 [kworker/5:1]
root60  0.0  0.0  0 0 ?

Bug#781162: [Pkg-openldap-devel] Bug#781162: slapd segfaults on pass-through SASL authentication

2015-03-25 Thread Ryan Tandy


Control: severity -1 normal
Control: found -1 2.4.40-4
Control: retitle -1 slapd: crash with SASL auxprop pwcheck_method and empty 
suffix

On Wed, Mar 25, 2015 at 05:13:52PM +0100, Simon Bin wrote:

thanks for the quick response. Indeed it was a configuration mistake
(pwcheck_method not set in the right file). The crash was a bit further
misleading me...

Everything is working fine now with the proper config.


OK, thanks for confirming.

Meanwhile I reproduced the crash in jessie as well. It seems to require 
that the database suffix be empty, though, which I think is an unusual 
configuration. Is that actually the case in your setup?



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#779318: Update for SSH Tests

2015-03-25 Thread Dave Vehrs

I just installed the latest update to Lynis 2.0 on my Sid workstation.
When I installed the package, your note was present by apt-listchanges.
Thanks for highlighting my submission.

However, one point in your note jumped out to my attention and that was
the idea that updates to the tests should be included in the Debian
plugin whenever possible.  And that makes a lot of sense for these
tests, especially the DebianBanner test.  Therefore, if you will hold
off on testing these tests, I will work to move them into the Debian
plugin and hopefully submit the updates before another update to Lynis
is in the works.

With any luck, I will have these ready for resubmission in a day or two
but no promises.  Wish me luck!

-- 
Dave VehrsEmail: dve...@gmail.com


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781173: ITP: crmsh -- Command-line interface for High-Availability cluster management on GNU/Linux systems

2015-03-25 Thread Richard B Winters

Package: wnpp
Severity: wishlist
Owner: Richard B Winters r...@mmogp.com

* Package name: crmsh
  Version : 2.2.0~rc2+git.115.g0e24f25
  Upstream Author : Dejan Muhamedagic de...@suse.de, Kristoffer Gronlund 
kgronl...@suse.com
* URL : https://github.com/ClusterLabs/crmsh
* License : GPL-2+
  Programming Lang: Python
  Description : CLI for HA cluster management

Command-line interface for High-Availability cluster 
management on GNU/Linux systems


crmsh is one of several command-line interfaces for managing
the pacemaker/corosync High-Availability cluster stack. It was 
at one time bundled with cman, but as cman is no longer used or 
supported in the modern stack; crmsh needs its own package.

RHEL only used cman until corosync was able to handle quorum
on its own. In Debian, crmsh is bundled with cman. Both are
considered out-of-date.

I've authored changes upstream, and plan to keep in close
contact with the upstream team. I intend to maintain this
package via sponsorship - unless debian-ha would like to 
sponsor the package and allow me to join the team.

If debian-ha is inactive, though, I'd like to get it going
again. It will be uploaded to mentors.debian.org if nothing
else, and awaiting sponsorship.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781174: thunar: unable to mount password protected shares (jessie)

2015-03-25 Thread Janis Hamme

Package: thunar
Version: 1.6.3-2
Severity: normal

Dear Maintainer,

I have some password protected shares in my /etc/fstab that are mounted
by unprivileged users, e. g.

 //192.168.1.2/Data /media/Data cifs 
 vers=3.0,users,username=user,noauto,file_mode=0640,dir_mode=0750 0 0

When mounting the share with the 'mount' command a password is prompted
as intended. However, mounting the share with thunar fails: On the first
access thunar tries to mount the share and a graphical password prompt
*should* appear. Instead an error message is shown:

 Failed to create password file: Permission denied

After some investigation I found out that the ask-password functionality
from systemd is used. Therefore a file has to be created in
/run/systemd/ask-password and password agents watching the directory
might prompt for the password. See [1] for reference.

Creating the password file fails, as /run/systemd/ask-password is only
writable by root. As this functionality is intended to be used for
system-level passwords only, I guess it shouldn't be world writable.

To mount the volume, thunar seems to rely on libglib2 (Thunar calls
g_volume_mount). See [2], [3] for the source code. I don't really
understand how that code works and why systemd ask-password is used - I
didn't manage to find the corresponding code.

Im not sure if this bug can be fixed in thunar or if either systemd or
glib2 are to blame, but I hope you can help to track down the root
cause. Probably systemd shouldn't be used at all for mounting shares in
thunar.

To reproduce this bug you don't need an actual share - you can add a
fake entry to your fstab.

Janis

[1] http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/
[2]
http://git.xfce.org/xfce/thunar/tree/thunar/thunar-device.c?h=thunar-1.6.3
[3] https://git.gnome.org/browse/glib/tree/gio/gvolume.c?h=glib-2-42


-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (990, 'testing-updates'), (990, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4+custom-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages thunar depends on:
ii  desktop-file-utils  0.22-1
ii  exo-utils   0.10.2-4
ii  libatk1.0-0 2.14.0-1
ii  libc6   2.19-15
ii  libcairo2   1.14.0-2.1
ii  libdbus-1-3 1.8.16-1
ii  libdbus-glib-1-20.102-1
ii  libexo-1-0  0.10.2-4
ii  libgdk-pixbuf2.0-0  2.31.1-2+b1
ii  libglib2.0-02.42.1-1
ii  libgtk2.0-0 2.24.25-3
ii  libgudev-1.0-0  215-12
ii  libice6 2:1.0.9-1+b1
ii  libnotify4  0.7.6-2
ii  libpango-1.0-0  1.36.8-3
ii  libsm6  2:1.2.2-1+b1
ii  libthunarx-2-0  1.6.3-2
ii  libxfce4ui-1-0  4.10.0-6
ii  libxfce4util6   4.10.1-2
ii  libxfconf-0-2   4.10.0-3
ii  shared-mime-info1.3-1
ii  thunar-data 1.6.3-2

Versions of packages thunar recommends:
ii  dbus-x11 1.8.16-1
ii  gvfs 1.22.2-1
ii  libfontconfig1   2.11.0-6.3
ii  libfreetype6 2.5.2-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-01.36.8-3
ii  thunar-volman0.8.0-4
ii  tumbler  0.1.30-1+b1
ii  xdg-user-dirs0.15-2
ii  xfce4-panel  4.10.1-1

Versions of packages thunar suggests:
ii  thunar-archive-plugin 0.3.1-3
ii  thunar-media-tags-plugin  0.2.1-1

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771433: RFS: xastir/2.06-1

2015-03-25 Thread Iain R. Learmonth

Hi John,

You previously commented on my RFS for Xastir in January.

The lintian issues regarding hardening have been resolved.

There are now no lintian errors or warnings on the package.

Thanks,
Iain.

-- 
e: i...@fsfe.orgw: iain.learmonth.me
x: i...@jabber.fsfe.org t: EPVPN 2105
c: 2M0STB  g: IO87we
p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49


pgphHqrvpILxY.pgp
Description: PGP signature

Bug#779612: [pkg-cryptsetup-devel] Bug#779612: systemd-sysv,cryptsetup: systemd-sysv, cryptsetup should recommend plymouth; without plymouth cryptsetup prompts are unusable

Am 25.03.2015 um 17:40 schrieb Gordon Morehouse:
On 03/25/2015 09:29 AM, Jonas Meurer wrote:
[snip]

Seems like there's some more discussion needed in order to fix the
reported bug:

a) do we want cryptsetup to recommend plymouth? this way at least
for manual installation of cryptsetup, plymouth would be pulled
in, fixing destroyed nasty boot-password-prompts introduced that
were introduced by the switch to systemd.

b) do we want plymouth to be installed per default on new installs?
to my knowledge it's not _required_ for systemd to work, but as
soon as an initscript with user interaction is invoked,
apparently plymouth is required. This *is* an argument for
installing plymouth by default.

c) do we want any of the above to be fixed/changed in time for
jessie?

I'm Just A User(tm) but I really think this should be fixed in time for
jessie, because it looks really, really terrible. Yes, there's a fix
- if you can get your system booted, which takes me on average 3-5 tries
with only two interactive password prompts.

If I were a sysadmin and ran into this after installing jessie, I'd
think strongly about uninstalling it and going with something else.

It can't even boot right?! is the first question that came to mind
after my first install of jessie - really unacceptable UX for a release
soon to be marked stable and a distribution which people have relied
upon for stability for well over a decade, including myself.

I'll drop it after this, but I urge release maintainers to take the
above into consideration and fix this in time for jessie. Thanks for
all your hard work.

New installation, when choosing the LVM+cryptsetup setup, will have a
single cryptsetup prompt, which is run in the initramfs. So new
installations are not affected, i.e, this only affects custom setups.

As for upgrades, we do document this issue in the release notes [1], and
when upgrading, you'll still have sysvinit around as fallback (which can
be chosen from grub from the extended menu). So your system is hardly
unbootable.

As for adding plymouth to recommends: No matter if we add that to
systemd to cryptsetup, it doesn't really solve the problem, as you'll
need to add splash to the kernel command line.

[1]
https://www.debian.org/releases/testing/amd64/release-notes/ch-information.de.html#plymouth-required-for-boot-prompts

--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

signature.asc
Description: OpenPGP digital signature

Bug#772272: systemd: Journalctl fail to print logs from user session

2015-03-25 Thread Jameson Graef Rollins

Package: systemd
Version: 215-12
Followup-For: Bug #772272

I am also experiencing this issue.  I have multiple services running
as systemd user services, and I don't have access to the logs of any
of them:

music@rippy:~ 1$ systemctl --user status mopidy
● mopidy.service - Mopidy Music Server
   Loaded: loaded (/home/music/.config/systemd/user/mopidy.service; enabled)
   Active: active (running) since Tue 2015-03-24 22:22:54 PDT; 11h ago
 Main PID: 910 (mopidy)
   CGroup: /user.slice/user-1001.slice/user@1001.service/mopidy.service
   └─910 /usr/bin/python /usr/bin/mopidy
music@rippy:~ 0$ journalctl --user
No journal files were found.
music@rippy:~ 1$ journalctl --user-unit=mopidy.service
No journal files were found.
music@rippy:~ 1$

This user is not in the systemd-journal group.  However, the
journalctl man page declares that this should not be necessary (from
journalctl(1)):

All users are granted access to their private per-user
journals. However, by default, only root and users who are members
of the systemd-journal group get access to the system journal
and the journals of other users.

Thanks.

jamie.


-- Package-specific info:

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (600, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  acl 2.2.52-2
ii  adduser 3.113+nmu3
ii  initscripts 2.88dsf-58
ii  libacl1 2.2.52-2
ii  libaudit1   1:2.4-1+b1
ii  libblkid1   2.25.2-5
ii  libc6   2.19-15
ii  libcap2 1:2.24-7
ii  libcap2-bin 1:2.24-7
ii  libcryptsetup4  2:1.6.6-5
ii  libgcrypt20 1.6.2-4+b1
ii  libkmod218-3
ii  liblzma55.1.1alpha+20120614-2+b3
ii  libpam0g1.1.8-3.1
ii  libselinux1 2.3-2
ii  libsystemd0 215-12
ii  mount   2.25.2-5
ii  sysv-rc 2.88dsf-58
ii  udev215-12
ii  util-linux  2.25.2-5

Versions of packages systemd recommends:
ii  dbus1.9.8-1
ii  libpam-systemd  215-12

Versions of packages systemd suggests:
ii  systemd-ui  3-2

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#706522: pcs - Pacemaker/Corosync configuration system

2015-03-25 Thread Richard B Winters

On Fri, 19 Dec 2014 11:23:24 -0800 Jeff Welling jeff.well...@hootsuite.com 
wrote:
 Bump - Any progress on this? Or alternatives?
 
 

@Jeff  @Madkiss  @Everyone else

I've submitted an ITP for crmsh (an alternative to pcs). This was
do-able because a package specific for crmsh doesn't exist for Debian
yet, as it's bundled with the old version of cman sitting in stable.

However, I also intend to package pcs/pcsd, corosync, and pacemaker as
well.  I'm not sure what's going on with debian-ha - they should have
been the ones to sponsor this package to begin with and to have helped
maintain it. Upstream states madkiss is the only developer they've seen
active in a very long time.

The problem the other packages, is that while those packages exist
(corosync, pcs, pacemaker), I need the maintainers to either sponsor my
contributions or allow me to join the team as a maintainer. I don't NEED
to make new packages, but we do need to clean things up and get
everything up to date.

I've poked debian-ha asking to join the team, and I've let it be known
to the devel mailing list that I want to get debian-ha going again if
its inactive.

I've been in contact with clusterlabs and feist (feist is the author of
pcs/pcsd). I've authored upstream changes and contributed to both crmsh
and pcs/pcsd.

The current stack available in Debian needs updating, as the stack has
changed significantly over the years.  How we bundle the software can
even be drastically changed so its much simpler, I'm hoping to get
everything rolling again - or at least help if debian-ha isn't in fact
inactive.


As far as that alternative is concerned...crmsh would be it - though
you'd need an updated pacemaker and corosync as well, due to the drastic
API changes. The same would go for pcs/pcsd as well.



@Madkiss 

The last dev post on this was in 2013:

Please let me know if I can help with pcs/pcsd (maintain, adopt,
anything really).  Thanks :)


-- 
Rik


signature.asc
Description: This is a digitally signed message part

Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions

2015-03-25 Thread Thibaut Paumard

Le 25/03/2015 17:22, Michael Biebl a écrit :
 Am 25.03.2015 um 17:10 schrieb Michael Biebl:
 Am 25.03.2015 um 16:55 schrieb Thibaut Paumard:
 Le 25/03/2015 14:52, Michael Biebl a écrit :


 If your system hang during boot, please switch to tty9, then save the
 output of
 ps aux
 systemctl list-jobs
 systemd-cgls

 Thanks Michael,

 the output of each command is attached in the corresponding file.


 Looks like a some kind of bug in schroot to me, which causes a dead lock.
 I assume, if you disable the schroot.service (update-rc.d disable
 schroot), the problem is gone?
 
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677811
 looks related, although this bug is marked as fixed.
 
 You could try disabling the /etc/schroot/setup.d/15binfmt  hook script,
 to narrow down the problem.
 
 

Dear Michael,

Thanks, indeed it does look like a race condition between this script
and systemd support for binfmt. I guess the schroot service should
somehow depend on binfmt support to have terminated.

It is not so easy for me to check though, because the boot process tends
to run smoothly when I reboot several times in a row. Any solution will
take several days at least to be confirmed. I rebooted several times
with no problem after disabling schroot, but then again with no problem
after re-enabling it.

Kind regards, Thibaut.


-- 




signature.asc
Description: OpenPGP digital signature

Bug#774171: unrar: symlink directory traversal

2015-03-25 Thread Felix Geyer

On 23.03.2015 23:15, Felix Geyer wrote:
 It looks like upstream attempted to fix / work around the issue.
 
 From the WinRAR Version 5.21 changelog:
 
4. Now by default WinRAR skips symbolic links with absolute paths
   in link target when extracting. You can enable creating such links
   with Allow absolute paths in symbolic links option on Advanced
   page of extraction dialog or with -ola command line switch.

   Such links pointing to folders outside of extraction destination
   folder can present a security risk. Enable their extraction only
   if you are sure that archive contents is safe, such as your own backup.
 
 The -ola switch and related changes are part of 5.2.5 but I can still 
 reproduce
 the problem with this version.

I've notified upstream about the incomplete fix.
Attached are patches for 5.0.10 and 5.2.5.
Review would be appreciated.

Cheers,
Felix
--- unrar-nonfree-5.0.10.orig/extinfo.cpp
+++ unrar-nonfree-5.0.10/extinfo.cpp
@@ -60,6 +60,37 @@ void SetExtraInfo(CommandData *Cmd,Archi
 
 
 
+bool IsRelativeSymlinkSafe(const wchar *SrcName,const wchar *TargetName)
+{
+  if (IsFullRootPath(SrcName))
+return false;
+  int AllowedDepth=0;
+  while (*SrcName!=0)
+  {
+if (IsPathDiv(SrcName[0])  SrcName[1]!=0  !IsPathDiv(SrcName[1]))
+{
+  bool Dot=SrcName[1]=='.'  (IsPathDiv(SrcName[2]) || SrcName[2]==0);
+  bool Dot2=SrcName[1]=='.'  SrcName[2]=='.'  (IsPathDiv(SrcName[3]) || SrcName[3]==0);
+  if (!Dot  !Dot2)
+AllowedDepth++;
+}
+SrcName++;
+  }
+  if (IsFullRootPath(TargetName)) // Catch root dir based /path/file paths.
+return false;
+  for (int Pos=0;*TargetName!=0;Pos++)
+  {
+bool Dot2=TargetName[0]=='.'  TargetName[1]=='.'  
+  (IsPathDiv(TargetName[2]) || TargetName[2]==0) 
+  (Pos==0 || IsPathDiv(*(TargetName-1)));
+if (Dot2)
+  AllowedDepth--;
+TargetName++;
+  }
+  return AllowedDepth=0;
+}
+
+
 bool ExtractSymlink(CommandData *Cmd,ComprDataIO DataIO,Archive Arc,const wchar *LinkName)
 {
 #if defined(SAVE_LINKS)  defined(_UNIX)
--- unrar-nonfree-5.0.10.orig/extinfo.hpp
+++ unrar-nonfree-5.0.10/extinfo.hpp
@@ -1,6 +1,7 @@
 #ifndef _RAR_EXTINFO_
 #define _RAR_EXTINFO_
 
+bool IsRelativeSymlinkSafe(const wchar *SrcName,const wchar *TargetName);
 bool ExtractSymlink(CommandData *Cmd,ComprDataIO DataIO,Archive Arc,const wchar *LinkName);
 #ifdef _UNIX
 void SetUnixOwner(Archive Arc,const wchar *FileName);
--- unrar-nonfree-5.0.10.orig/pathfn.cpp
+++ unrar-nonfree-5.0.10/pathfn.cpp
@@ -593,6 +593,12 @@ bool IsFullPath(const wchar *Path)
 }
 
 
+bool IsFullRootPath(const wchar *Path)
+{
+  return IsFullPath(Path) || IsPathDiv(Path[0]);
+}
+
+
 bool IsDiskLetter(const wchar *Path)
 {
   wchar Letter=etoupperw(Path[0]);
--- unrar-nonfree-5.0.10.orig/pathfn.hpp
+++ unrar-nonfree-5.0.10/pathfn.hpp
@@ -31,6 +31,7 @@ wchar* UnixSlashToDos(wchar *SrcName,wch
 wchar* DosSlashToUnix(wchar *SrcName,wchar *DestName=NULL,size_t MaxLength=NM);
 void ConvertNameToFull(const wchar *Src,wchar *Dest,size_t MaxSize);
 bool IsFullPath(const wchar *Path);
+bool IsFullRootPath(const wchar *Path);
 bool IsDiskLetter(const wchar *Path);
 void GetPathRoot(const wchar *Path,wchar *Root,size_t MaxSize);
 int ParseVersionFileName(wchar *Name,bool Truncate);
--- unrar-nonfree-5.0.10.orig/ulinks.cpp
+++ unrar-nonfree-5.0.10/ulinks.cpp
@@ -24,6 +24,12 @@ static bool UnixSymlink(const char *Targ
 }
 
 
+static bool IsFullPath(const char *PathA) // Unix ASCII version.
+{
+  return *PathA==CPATHDIVIDER;
+}
+
+
 bool ExtractUnixLink30(ComprDataIO DataIO,Archive Arc,const wchar *LinkName)
 {
   char Target[NM];
@@ -42,6 +48,9 @@ bool ExtractUnixLink30(ComprDataIO Data
 if (!DataIO.UnpHash.Cmp(Arc.FileHead.FileHash,Arc.FileHead.UseHashKey ? Arc.FileHead.HashKey:NULL))
   return true;
 
+if (IsFullPath(Target) || !IsRelativeSymlinkSafe(Arc.FileHead.FileName,Arc.FileHead.RedirName))
+  return false;
+
 return UnixSymlink(Target,LinkName);
   }
   return false;
@@ -55,10 +64,14 @@ bool ExtractUnixLink50(const wchar *Name
   if (hd-RedirType==FSREDIR_WINSYMLINK || hd-RedirType==FSREDIR_JUNCTION)
   {
 // Cannot create Windows absolute path symlinks in Unix. Only relative path
-// Windows symlinks can be created here.
-if (strncmp(Target,\\??\\,4)==0)
+// Windows symlinks can be created here. RAR 5.0 used \??\ prefix
+// for Windows absolute symlinks, since RAR 5.1 /??/ is used.
+// We escape ? as \? to avoid trigraph warning
+if (strncmp(Target,\\??\\,4)==0 || strncmp(Target,/\?\?/,4)==0)
   return false;
 DosSlashToUnix(Target,Target,ASIZE(Target));
   }
+  if (IsFullPath(Target) || !IsRelativeSymlinkSafe(hd-FileName,hd-RedirName))
+return false;
   return UnixSymlink(Target,Name);
 }
--- unrar-nonfree-5.2.5.orig/ulinks.cpp
+++ unrar-nonfree-5.2.5/ulinks.cpp
@@ -56,6 +56,7 @@ bool ExtractUnixLink30(CommandData *Cmd,
 
 if (!Cmd-AbsoluteLinks

Bug#779612: [pkg-cryptsetup-devel] Bug#779612: systemd-sysv,cryptsetup: systemd-sysv, cryptsetup should recommend plymouth; without plymouth cryptsetup prompts are unusable

Am 25.03.2015 um 18:04 schrieb Michael Biebl:

 New installation, when choosing the LVM+cryptsetup setup, will have a
 single cryptsetup prompt, which is run in the initramfs. So new
 installations are not affected, i.e, this only affects custom setups.
 
 As for upgrades, we do document this issue in the release notes [1], and
 when upgrading, you'll still have sysvinit around as fallback (which can
 be chosen from grub from the extended menu). So your system is hardly
 unbootable.
 
 As for adding plymouth to recommends: No matter if we add that to
 systemd to cryptsetup, it doesn't really solve the problem, as you'll
 need to add splash to the kernel command line.
 

Gordon, can you try systemd v219 from experimental?
It has some tricks to suppress output from other jobs while a password
prompt is running. I dunno how well that works, though so having someone
with such a setup test this would be appreciated.

If v219 works reasonably well (without plymouth), we might consider
backporting those patches (depending on how invasive they are).

Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#781172: base: Stock Debian Jessie - can't boot off degraded raid1?

2015-03-25 Thread carl

Package: base
Severity: important

Dear Maintainer,


Install a Wheezy VM using debian-7.8.0-amd64-netinst.iso 
create a raid1 mirror in the drive setup
mount / on /dev/md0 and install base system to it
login
grub-install /dev/vdb
poweroff
disable either drive /dev/vda or /dev/vdb (give VM access to only 1 drive)
computer boots

# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 vda1[1]
 8382400 blocks super 1.2 [2/1] [_U]

Sweet.



Install a Jessie VM using debian-jessie-DI-rc1-amd64-netinst.iso
create a raid1 mirror in the drive setup
mount / on /dev/md0 and install base system to it
login
grub-install /dev/vdb
poweroff
disable either drive /dev/vda or /dev/vdb (give VM access to only 1 drive)

ALERT! /dev/disk/by-uuid/ does not exist. 
Dropping to a shell!

(where  is the uuid of /dev/md0)

# cat /proc/mdstat
Personalities :
md0 : inactive vda1[0](S)
 8382464 blocks super 1.2

Both refer to md0 by UUID in fstab.

When I remove the quiet from the kernel boot args, this is the last line I 
see repeated over and over again until finally I get the error I described 
above:

running /scripts/local-block
 
I'm admitedly not a raid expert, but this seems to be really missing the point. 
Part of the reason I want a raid1 is so it can survive this type of scenario. 

I googled around and surprisingly came up with very few leads. I found a Ubuntu 
wiki 
(https://help.ubuntu.com/community/Installation/SoftwareRAID#Boot_from_Degraded_Disk)
 that discussed how to force it to boot a degraded raid but seemed to do 
nothing here on debian. I found a kernel boot arg that promised to do the same 
(http://serverfault.com/questions/196445/boot-debian-while-raid-array-is-degraded),
 but it didn't work either.

What am I missing here? Shouldn't this work by default? I think a lot of people 
will get caught off guard by this thinking their startup drive is mirrored but 
the server won't boot without some manual intervention? Actually, I was not 
able to get it to boot at all.




-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-0.bpo.4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772272: systemd: Journalctl fail to print logs from user session

Am 25.03.2015 um 17:54 schrieb Jameson Graef Rollins:
 Package: systemd
 Version: 215-12
 Followup-For: Bug #772272
 
 I am also experiencing this issue.  I have multiple services running
 as systemd user services, and I don't have access to the logs of any
 of them:
 
 music@rippy:~ 1$ systemctl --user status mopidy
 ● mopidy.service - Mopidy Music Server
Loaded: loaded (/home/music/.config/systemd/user/mopidy.service; enabled)
Active: active (running) since Tue 2015-03-24 22:22:54 PDT; 11h ago
  Main PID: 910 (mopidy)
CGroup: /user.slice/user-1001.slice/user@1001.service/mopidy.service
└─910 /usr/bin/python /usr/bin/mopidy
 music@rippy:~ 0$ journalctl --user
 No journal files were found.
 music@rippy:~ 1$ journalctl --user-unit=mopidy.service
 No journal files were found.
 music@rippy:~ 1$
 
 This user is not in the systemd-journal group.  However, the
 journalctl man page declares that this should not be necessary (from
 journalctl(1)):
 
 All users are granted access to their private per-user
 journals. However, by default, only root and users who are members
 of the systemd-journal group get access to the system journal
 and the journals of other users.
 

This requires persistent journal with v215 from jessie/sid (see
/usr/share/doc/systemd/README.Debian).
With v219 from experimental, we do also apply the ACLs to the journal
files in /run/journal.

Can you test if either of these two works for you?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#781175: packagekit: when purging packagekit it leaves some files in /etc/Packagekit behind.

2015-03-25 Thread shirish शिरीष

Source: packagekit
Version: 1.0.1-2
Severity: normal

Dear Maintainer,
I was purging packagekit and it still left some things. See

Removing packagekit (1.0.1-2) ...
D01: ensure_diversions: same, skipping
D01: removal_bulk package packagekit:amd64
D01: ensure_diversions: same, skipping
D01: removal_bulk cleaning info directory
D01: removal_bulk purging? foundpostrm=1
Purging configuration files for packagekit (1.0.1-2) ...
D01: ensure_diversions: same, skipping
dpkg: warning: while removing packagekit, directory '/etc/PackageKit'
not empty so not removed
D01: removal_bulk purge done, removing list
'/var/lib/dpkg/info/packagekit.list'
D01: removal_bulk purge done, removing postrm
'/var/lib/dpkg/info/packagekit.postrm'
D01: removal done

I had to manually remove the contents within /etc/Packagekit.

Don't know if this is an oversight or a feature ? It would be nice if
all the events and transactions are moved to apt in case packagekit is
purged.

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (600, 'testing'), (500, 'testing-updates'), (1,
'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781176: byobu: fails to start when using shared NFS home

2015-03-25 Thread Dominik George

Package: byobu
Version: 5.87-1
Severity: serious
Justification: possible user security hole

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Byobu fails to behave well in an environment where multiple hosts share
home directories through NFS.

Doing the following provokes malicious behaviour:

  1. Set byobu to automatically start on login
  2. Login to host A and let byobu set up its environment
  3. Login to host B in some way, with host B using the
 same home directory

The expected result would be byobu running flawlessly on both hosts.

The actual result is byobu wreaking havoc because it finds a running
session in ~/.byobu and tries to join it. This fails at the point where
it tries to get to its state in /dev/shm:

  /usr/lib/byobu/include/dirs:52: no matches found: /dev/shm/byobu-nik-*
  mkdir: cannot create directory „/cache.tmux“: Permission denied

There are at least two bugs:

  1. byobu should not try to join a session running on another host
  2. Failure to find the /dev/shm directory should result in
 immediate failure, not have byobu go on with an empty
 variable and try to create stuff in /

This bug is possibly security relevant because the intention of the
script, namely separating user directories in /dev/shm, is entirely
defeated. As a matter of lucky fact, / is not writable by regular users.
However, this will break even more once root decides to use byobu and
succeeds in creating /cache.tmux (or whatever byobu will create for
other backends). Please find out whether this is exploitable in any way.


- -- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages byobu depends on:
ii  debconf [debconf-2.0]  1.5.55
ii  gawk   1:4.1.1+dfsg-1
ii  gettext-base   0.19.3-2
ii  python 2.7.8-4
ii  python-newt0.52.17-1+b1
ii  screen 4.2.1-3
ii  tmux   1.9-6

Versions of packages byobu recommends:
pn  run-one  none
ii  screen   4.2.1-3
ii  tmux 1.9-6

Versions of packages byobu suggests:
pn  apport  none
pn  cczenone
ii  lsb-release 4.1+Debian13+nmu1
ii  po-debconf  1.0.16+nmu3
pn  ttf-ubuntu-font-family  none
pn  update-notifier-common  none
ii  vim 2:7.4.488-4
pn  w3m none
pn  wireless-tools  none

- -- debconf information:
  byobu/launch-by-default: false

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQJOBAEBCAA4BQJVEu6QMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n
cGctcG9saWN5LnR4dC5hc2MACgkQt5o8FqDE8pY5jg/+ILvnidZ4h8l1jSSC+B02
G1vIQqq41BKjNnnZBdL2hPFmmD2Nn6pK0xYrARNMDh9hKMbOC6RqXwl5+iiT3GSZ
CsDbFpW5bG6KYwaBsMMSTPLh3D6XjHKkbyEmYuPDX4mO2tg066TjmjQXZwFAZfY+
1wjbBvVnwQNku4BuI0xtNDUAh2gXiPNCY8p0kyQLg3ScofteyEZntysoPF3Q4gfA
FZnLwECrz7h0hlrGgO7fAcCB4hPOag/Gv6mNcqqIzNuL+nvc9LIKkGIBEH6lCIMn
x9o5M4rZmX5AuxsYS/8q8yKN0Hvl0/FOVOzJYObr+uS0m4s34QHbFJAdfJUG51ZV
VScdU9VupvpJJ4yqBFdWK+4FcGZO6HuEMM0FuRaAknBBxtRRpwUZRadgl4vr9UgQ
QpBLyotkiXJUR+C8Tbcp6inAHEX9eIqrdE0+IQqKTYmRGuh/V8uCiq42AbrPeJr7
dS/neqMrBYCTRRpABzXuvquBuyehWtwiv9EzS+LM1qORbLHBjE4MJr+nfk1kbQRP
w00fy5VQT4bg+IqLyrAhCXIBZNzHTmDOJhHHF6SCm8fSvoCsQkuPEIK0j5VERre+
iDRFjl0DxQ7wa09X8WdQazEPv5M+FP8c6dnIYKvnWI8wp8luZtwc7OYMuMfEUm10
lbG5by1gE9RPDEiDZzwq7rA=
=sd4f
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#779612: [pkg-cryptsetup-devel] Bug#779612: systemd-sysv,cryptsetup: systemd-sysv, cryptsetup should recommend plymouth; without plymouth cryptsetup prompts are unusable

2015-03-25 Thread Gordon Morehouse


On 03/25/2015 09:29 AM, Jonas Meurer wrote:
[snip]


Seems like there's some more discussion needed in order to fix the
reported bug:

a) do we want cryptsetup to recommend plymouth? this way at least
for manual installation of cryptsetup, plymouth would be pulled
in, fixing destroyed nasty boot-password-prompts introduced that
were introduced by the switch to systemd.

b) do we want plymouth to be installed per default on new installs?
to my knowledge it's not _required_ for systemd to work, but as
soon as an initscript with user interaction is invoked,
apparently plymouth is required. This *is* an argument for
installing plymouth by default.

c) do we want any of the above to be fixed/changed in time for
jessie?


I'm Just A User(tm) but I really think this should be fixed in time for 
jessie, because it looks really, really terrible.  Yes, there's a fix 
- if you can get your system booted, which takes me on average 3-5 tries 
with only two interactive password prompts.


If I were a sysadmin and ran into this after installing jessie, I'd 
think strongly about uninstalling it and going with something else.


It can't even boot right?! is the first question that came to mind 
after my first install of jessie - really unacceptable UX for a release 
soon to be marked stable and a distribution which people have relied 
upon for stability for well over a decade, including myself.


I'll drop it after this, but I urge release maintainers to take the 
above into consideration and fix this in time for jessie.  Thanks for 
all your hard work.


Best,
-Gordon M.


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#779310: TODO Update for new DEB-#### numbers

2015-03-25 Thread Dave Vehrs

With the new update to Lynis 2 and the inclusion of the Debian Plugin,
this patch needs to be reworked.  Rather than suppressing the URLs when
 is found for an issue number, it should look for an issue number
that starts with DEB- and then either suppress the display of the URL
or use an URL base somewhere within the Debian Wiki or other
documentation.

I will start on the first case (suppressing the URL) and resubmit this
patch.

-- 
Dave VehrsEmail: dve...@gmail.com


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781171: tiger: Aufs (docker) is not recognised as valid filesystem

2015-03-25 Thread Patrick Poulain

Package: tiger
Version: 1:3.2.3-10
Severity: normal

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***

Tiger does not recognised aufs as a valid filesystem.

Based on this report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653416

Its seems adding the following line in gen_mounts fix this issue : 
[ $1 = aufs ]  LOCAL=1

But there is three files and I don't know which one update :

/usr/lib/tiger/systems/Linux/0/gen_mounts
/usr/lib/tiger/systems/Linux/1/gen_mounts
/usr/lib/tiger/systems/Linux/2/gen_mounts

Here is the email send by tiger :

--CONFIG-- [con010c] Filesystem 'aufs' used by 'none' is not recognised as a 
valid filesystem
--CONFIG-- [con010c] Filesystem 'aufs' used by 'none' is not recognised as a 
valid filesystem
--CONFIG-- [con010c] Filesystem 'aufs' used by 'none' is not recognised as a 
valid filesystem

-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-0.bpo.4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages tiger depends on:
ii  binutils   2.22-8+deb7u2
ii  bsdmainutils   9.0.3
ii  debconf [debconf-2.0]  1.5.49
ii  libc6  2.13-38+deb7u8
ii  net-tools  1.60-24.2
ii  ucf3.0025+nmu3

Versions of packages tiger recommends:
ii  chkrootkit  0.49-4.1+deb7u2
ii  john1.7.8-1
ii  postfix [mail-transport-agent]  2.9.6-2
pn  tripwire | aide none

Versions of packages tiger suggests:
ii  lsof  4.86+dfsg-1

-- debconf information:
  tiger/mail_rcpt: root
  tiger/policy_adapt:


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#779612: [pkg-cryptsetup-devel] Bug#779612: systemd-sysv,cryptsetup: systemd-sysv, cryptsetup should recommend plymouth; without plymouth cryptsetup prompts are unusable

2015-03-25 Thread Jonas Meurer


Hello,

Am 2015-03-20 16:49, schrieb Gordon Morehouse:

On 03/19/2015 06:58 PM, Michael Biebl wrote:

As pointed out, a recommends does not really help for new installs,
since they have no effect when installing the base system.


A recommends at least provides users a pointer towards fixing a really
nasty problem (which they shouldn't even have, but, they currently
will).


Also, what Julien said.

Therefor, I wonder if this bug report is useful in this form and if
there's a point, keeping it open.


Perhaps you could open a more appropriate bug to fix the problem for
new installs?  I'm not familiar enough with Debian to do so.

Leaving this bug completely untouched is not a good idea.  It makes
Debian look cartoonishly bad when it bites.


Seems like there's some more discussion needed in order to fix the
reported bug:

a) do we want cryptsetup to recommend plymouth? this way at least
   for manual installation of cryptsetup, plymouth would be pulled
   in, fixing destroyed nasty boot-password-prompts introduced that
   were introduced by the switch to systemd.

b) do we want plymouth to be installed per default on new installs?
   to my knowledge it's not _required_ for systemd to work, but as
   soon as an initscript with user interaction is invoked,
   apparently plymouth is required. This *is* an argument for
   installing plymouth by default.

c) do we want any of the above to be fixed/changed in time for
   jessie?

I'm happy to implement the outcome of this discussion into the
cryptsetup package, and I'm happy to prepare a quick upload with
an added recommends on plymouth targeted at jessie. But at the
moment I'm unsure which is the best solution, waiting for more
opinions and especially for comments by the RMs ;)

Cheers,
 jonas


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#768050: python-cairocffi: New upstream version: 0.6

2015-03-25 Thread Tycho Andersen

Hi,

I think python-xcffib is going into debian unstable now, so it should
be possible to package python-cairocffi 0.6:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776178

Tycho


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

2015-03-25 Thread Robert Edmonds

Hi, Nikos:

Nikos Mavrogiannopoulos wrote:
  The D-BUS interface is not really necessary because DNS provides
 already this functionality. What we need is a convention for
 applications in the system to discover the local trusted (for dnssec)
 nameservers. 

What do you mean by local?  A nameserver listening on localhost, or
only a nameserver on the local network?

 My attempt to use c-ares for dnssec resolving would have the same effect
 as the ones you mention and is much cleaner and straightforward than
 D-BUS. However, it is blocked by the fact that there is no commonly
 acceptable convention for reading the trusted nameservers. My current
 solution was to use /etc/resolv-sec.conf, but it is pretty much
 arbitrary and that's why c-ares upstream blocked it. If Debian would set
 such a convention, I think it would allow software use DNSSEC easier.
 
 https://github.com/bagder/c-ares/pulls

If I understand this pull request correctly, it only checks that the AD
bit is set in responses; in the language of RFC 4033, that makes this a
Non-Validating Security-Aware Stub Resolver.

libunbound, OTOH, is a Validating Stub Resolver (it can also do full
recursion if no forwarders are configured).  A tool that uses libunbound
can guarantee that the result is cryptographically authentic, to the
limits of the integrity of the local system.

So, I disagree with you if you are saying that trusting the AD bit
without validating from a nameserver on the local network (even if it
has been marked as trusted by local policy) has the same effect as
validating on the endpoint (whether it be by a trusted process or by a
nameserver bound to a privileged port, etc.).

Maybe better than a D-BUS service would be DNS transport over an
AF_LOCAL / SOCK_DGRAM socket; that can also guarantee that validation
happens on the local system by a trusted process.

Though, I wonder why danetool / libdane must perform the DNS lookup
itself.  Couldn't it also have an interface for accepting fetched TLSA
records that have already been validated by an external tool?  (I see
that it can fetch certificates from remote servers, too, so I guess it
wants to be an all-in-one tool.)  E.g., unbound-host can securely fetch
TLSA records:

$ unbound-host -v -f /usr/share/dns/root.key -t TLSA _443._tcp.www.nic.cz
_443._tcp.www.nic.cz has TLSA record 3 1 1 
AA7B93DAAB084536530BD3256E9CEFF4557CB43512640F7AB64487DC9CA14FAB (secure)
$

Also, unrelated to this discussion, I notice that gnutls hardcodes the
path to the root trust anchor file at compile time:

AC_ARG_WITH(unbound-root-key-file, 
AS_HELP_STRING([--with-unbound-root-key-file],
 [specify the unbound root key file]),
unbound_root_key_file=$withval,
if test $have_win = yes; then
unbound_root_key_file=C:\\Program Files\\Unbound\\root.key
else
if test -f /var/lib/unbound/root.key;then
unbound_root_key_file=/var/lib/unbound/root.key
else
unbound_root_key_file=/etc/unbound/root.key
fi
fi
)

This is not right; a buildd environment won't have a running unbound
daemon and thus won't have a /var/lib/unbound/root.key file, and
/etc/unbound/root.key won't normally exist on a Debian system.  (There
is a package in Debian that ships the root trust anchor, though:
dns-root-data.)

-- 
Robert Edmonds
edmo...@debian.org


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781170: bsd-mailx: Error message references invalid option -t

2015-03-25 Thread Daniel Piddock

Package: bsd-mailx
Version: 8.1.2-0.20141216cvs-1
Severity: minor

Dear Maintainer,

Running the following command produces the given error:
$ echo test | mail -b t...@example.com -s test
mail: You must specify direct recipients with -t when -s, -c, or -b is used

bsd-mailx does not have a -t option.

I believe the suggestion to use -t was introduced with the fix for bug
#327809, which was to fix a previously confusing but correct error
message.

Maybe the wording You must specify to-addr recipients when using -s,
-c, or -b would be better?

Dan


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781162: [Pkg-openldap-devel] Bug#781162: slapd segfaults on pass-through SASL authentication

2015-03-25 Thread Simon Bin

Constrol: severity -2 minor

Hi Ryan,

 You referred to saslauthd in your original message, but I noticed that 
 the crash only happens if pwcheck_method in /etc/ldap/sasl2/slapd.conf 
 is set to auxprop (or not set at all; auxprop is the default), whereas 
 for pass-through authentication, AFAIK one would normally choose the 
 saslauthd method (which, for me, works correctly and does not crash). Is 
 that configuration by you intentional?

thanks for the quick response. Indeed it was a configuration mistake
(pwcheck_method not set in the right file). The crash was a bit further
misleading me...

Everything is working fine now with the proper config.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions