Bug#836775: twinkle hangs when it receives REFER and pops up transfer window

[Juha Heinanen]

Peter Colberg writes:

> This is probably a regression of the porting from Qt3 to Qt5.
> 
> Could you forward your report to the upstream issue tracker?
> 
> https://github.com/LubosD/twinkle/issues

Done https://github.com/LubosD/twinkle/issues/74, Juha

Bug#837603: qemu: CVE-2016-7157: mptsas: invalid memory access while building configuration pages

[Salvatore Bonaccorso]

Source: qemu
Version: 1:2.6+dfsg-3
Severity: normal
Tags: security upstream

Hi,

the following vulnerability was published for qemu.

CVE-2016-7157[0]:
mptsas: invalid memory access while building  configuration pages

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7157

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#835253: RFS: steghide/0.5.1-11 [QA]

[Fernando Seiti Furusato]

Hi.

On 09/12/2016 12:31 PM, Gianfranco Costamagna wrote:
> dpkg -c steghide_0.5.1-11_amd64.deb  |grep man |wc -l
> 308

I was actually referring to the original version 0.5.1-10 from the
Debian archive.
When you have doxygen it builds the same way you have in the version I
uploaded. I was just reproducing the same result.
I was not clear about it, sorry.
In any case:

> this is something that should be installed as a doxygen documentation, 
> somewhere else.

I removed the manpages file that I created from debian directory
and unset doxygen as a build-dep.

> probably the spec file is autogenerated, not sure

Yes, in fact, the spec and other files in the diff.gz.
I am removing them from the patches.

I have just uploaded it to mentors again.

dget -x 
https://mentors.debian.net/debian/pool/main/s/steghide/steghide_0.5.1-11.dsc

Thanks!

-- 
Fernando Seiti Furusato
IBM Linux Technology Center




signature.asc
Description: OpenPGP digital signature

Bug#837473: whysynth package - new upstream version

[James Cowgill]

Control: reassign -1 src:whysynth 20090403-1.2
Control: reassign 775388 src:whysynth 20090403-1.2
Control: forcemerge 694317 775388 -1

Hi Olivier,

On 11/09/16 22:36, treb...@tuxfamily.org wrote:
> (Copying multimedia maintainers in case Rosea isn't available anymore)

I've merged the 3 duplicate bugs about this issue.

As you've probably noticed this package isn't maintained by the
multimedia maintainers so we can't do a direct upload to fix this.
However given how old the package is, I don't think NMUing a new
upstream version would be that controversial.

It looks like you've already done some work on this. If you want, you
could create an updated package and get it uploaded. debian-mentors is
the general list for packaging help.

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#837602: No periodical RA's with multiple IPv6 prefixes

[Christian Schrötter]

Package: dnsmasq
Version: 2.72-3+deb8u1

dnsmasq doesn't send periodic RA's when multiple prefixes are defined:

> enable-ra
> dhcp-range=2001:db8:dead::,ra-only
> dhcp-range=2001:db8:affe::,ra-only

Only replies to RS are sent, but that's not enough. A client will lose
it's addresses and routes without periodical RA's. It works with only
one prefix:

> enable-ra
> dhcp-range=2001:db8::,ra-only

I've not tested (yet) if this bug is fixed in testing/unstable.

-- 
With kind regards,
Christian Schrötter

Bug#828540: sendmail: FTBFS with openssl 1.1.0

[Sebastian Andrzej Siewior]

On 2016-09-12 17:15:15 [+0200], Andreas Beckmann wrote:
> Many thanks, so let's just try it :-)
> 
> It FTBFS on the non-linux architectures:
> https://buildd.debian.org/status/package.php?p=sendmail=unstable
> 
> It's this part of your patch:

Sorry for that. V2 attached. I could throw on a freebsd-* porter box
first if you want me to.

Sebastian
>From 02edb8d94682fcf13a7e98618294e06f728e66e6 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior 
Date: Sat, 10 Sep 2016 19:27:17 +
Subject: [PATCH] sendmail: compile against openssl 1.1.0

Signed-off-by: Sebastian Andrzej Siewior 
---
 debian/configure.ac |  13 +++--
 sendmail/tls.c  | 165 +++-
 2 files changed, 132 insertions(+), 46 deletions(-)

diff --git a/debian/configure.ac b/debian/configure.ac
index fb73d89..3c16c82 100644
--- a/debian/configure.ac
+++ b/debian/configure.ac
@@ -1605,11 +1605,16 @@ if test $sm_enable_tls != no; then
 		,[sm_have_tls=no])
 
 	if test $ac_cv_header_openssl_ssl_h = yes; then
-		AC_CHECK_LIB(ssl, SSL_library_init,
-			[sm_have_tls=yes]
-			,[sm_have_tls=no]
-			,[-lcrypto])
 
+		tmp_libs="$LIBS"
+		LIBS="$LIBS -lssl"
+		AC_LINK_IFELSE(
+			   [AC_LANG_PROGRAM([[#include ]],
+		[[SSL_library_init();]])],
+		[sm_have_tls="yes";],
+		[sm_have_tls="no";])
+
+		LIBS=$tmp_libs
 		if test $sm_have_tls != yes; then
 			AC_MSG_WARN([Could not find -lssl (libssl-dev)])
 			fi;
diff --git a/sendmail/tls.c b/sendmail/tls.c
index 6b0ea25..6a10890 100644
--- a/sendmail/tls.c
+++ b/sendmail/tls.c
@@ -60,18 +60,58 @@ static unsigned char dh512_g[] =
 	0x02
 };
 
+#if OPENSSL_VERSION_NUMBER < 0x1010
+
+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+	/* If the fields p and g in d are NULL, the corresponding input
+	 * parameters MUST be non-NULL.  q may remain NULL.
+	 */
+	if ((dh->p == NULL && p == NULL)
+	|| (dh->g == NULL && g == NULL))
+		return 0;
+
+	if (p != NULL) {
+		BN_free(dh->p);
+		dh->p = p;
+	}
+	if (q != NULL) {
+		BN_free(dh->q);
+		dh->q = q;
+	}
+	if (g != NULL) {
+		BN_free(dh->g);
+		dh->g = g;
+	}
+
+	if (q != NULL) {
+		dh->length = BN_num_bits(q);
+	}
+
+	return 1;
+}
+#endif
+
 static DH *
 get_dh512()
 {
 	DH *dh = NULL;
-
-	if ((dh = DH_new()) == NULL)
-		return NULL;
-	dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-	dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		return NULL;
+	BIGNUM *p;
+	BIGNUM *g;
+
+	dh = DH_new();
+	p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+	g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+	if (!dh || !p || !g)
+		goto err;
+	if (!DH_set0_pqg(dh, p, NULL, g))
+		goto err;
 	return dh;
+err:
+	DH_free(dh);
+	BN_free(p);
+	BN_free(g);
+	return NULL;
 }
 
 #  if 0
@@ -117,17 +157,22 @@ get_dh2048()
 		};
 	static unsigned char dh2048_g[]={ 0x02, };
 	DH *dh;
-
-	if ((dh=DH_new()) == NULL)
-		return(NULL);
-	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-	{
-		DH_free(dh);
-		return(NULL);
-	}
+	BIGNUM *p;
+	BIGNUM *g;
+
+	dh = DH_new();
+	p = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+	g = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+	if (!dh || !p || !g)
+		goto err;
+	if (!DH_set0_pqg(dh, p, NULL, g))
+		goto err;
 	return(dh);
+err:
+	DH_free(dh);
+	BN_free(p);
+	BN_free(g);
+	return NULL;
 }
 # endif /* !NO_DH */
 
@@ -926,7 +971,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
 	{
 		/* get a pointer to the current certificate validation store */
 		store = SSL_CTX_get_cert_store(*ctx);	/* does not fail */
-		crl_file = BIO_new(BIO_s_file_internal());
+		crl_file = BIO_new(BIO_s_file());
 		if (crl_file != NULL)
 		{
 			if (BIO_read_filename(crl_file, CRLFile) >= 0)
@@ -1000,26 +1045,41 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
 	**  maybe we should do it only on demand...
 	*/
 
-	if (bitset(TLS_I_RSA_TMP, req)
 #  if SM_CONF_SHM
-	&& ShmId != SM_SHM_NO_ID &&
-	(rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
-	NULL)) == NULL
-#  else /* SM_CONF_SHM */
-	&& 0	/* no shared memory: no need to generate key now */
-#  endif /* SM_CONF_SHM */
-	   )
+	if (bitset(TLS_I_RSA_TMP, req)
+	&& ShmId != SM_SHM_NO_ID)
 	{
-		if (LogLevel > 7)
+		BIGNUM *bn;
+
+		bn = BN_new();
+		rsa_tmp = RSA_new();
+		if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
+			RSA_free(rsa_tmp);
+			rsa_tmp = NULL;
+		}
+		if (rsa_tmp)
 		{
-			sm_syslog(LOG_WARNING, NOQID,
-  "STARTTLS=%s, error: RSA_generate_key failed",
-  who);
-			if (LogLevel > 9)
-tlslogerr(LOG_WARNING, who);
+			if (!RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL))
+			{
+RSA_free(rsa_tmp);
+rsa_tmp = NULL;
+			}
+		}
+		BN_free(bn);
+		if (!rsa_tmp)
+		{
+			if (LogLevel > 7)
+			{
+

Bug#837373: [Pkg-mpd-maintainers] Bug#837373: mpd: cannot play m4a files

[Florian Schlichting]

Hi Chris,

> mpd 0.19.18 has a bug which prevents it from playing m4a files.
> 
> This is documented in their bug tracker:
> https://bugs.musicpd.org/view.php?id=4564

thanks for the heads up! I wasn't aware this is a run-time issue that
affects the version currently in Debian.

I'll upload 0.19.19-1 tonight.

Florian

Bug#837601: mutt segfaults when leaving pager view on new message

[Hannes von Haugwitz]

Package: mutt
Version: 1.7.0-3
Severity: important

Hi,

mutt 1.7.0-3 segfaults when leaving the pager view on new message:

Reading /var/mail/hvhaugwitz... 0Segmentation fault

Steps to reproduce:
1. read a mail
2. send mail to mailbox
3. leave pager view (eg by pressing 'i')

Best regards

Hannes

Bug#837600: ITP: r-bioc-phyloseq -- GNU R handling and analysis of high-throughput microbiome census data

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: r-bioc-phyloseq
  Version : 1.16.2
  Upstream Author : Paul J. McMurdie 
* URL : 
http://bioconductor.org/packages/release/bioc/html/phyloseq.html
* License : AGPL
  Programming Lang: GNU R
  Description : GNU R handling and analysis of high-throughput microbiome 
census data
 The Bioconductor module phyloseq provides a set of classes and tools to
 facilitate the import, storage, analysis, and graphical display of
 microbiome census data.


Remark: This package will be maintained by the Debian Med team at
  svn://anonscm.debian.org/debian-med/trunk/packages/R/r-bioc-phyloseq/trunk/

Bug#837599: autotrace: CVE-2016-7392: heap-based buffer overflow in pstoedit_suffix_table_init (output-pstoedit.c)

[Salvatore Bonaccorso]

Source: autotrace
Version: 0.31.1-16
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for autotrace.

CVE-2016-7392[0]:
heap-based buffer overflow in pstoedit_suffix_table_init (output-pstoedit.c)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7392

Regards,
Salvatore

Bug#837534: apt-listchanges: postinst runs a Python script out of /tmp/

[Raphael Hertzog]

Hi,

On Mon, 12 Sep 2016, Robert Luberda wrote:
> Thanks, I will create temporary directory instead:
[...]
> python3 -B "$temp" "$@"
> 
> Do you think this will be OK?

Yes.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Bug#837534: apt-listchanges: postinst runs a Python script out of /tmp/

[Robert Luberda]

Raphaël Hertzog writes:

> 
> You should thus create that temporary file in a root-owned
> directory which is specific to apt-listchanges.

Thanks, I will create temporary directory instead:

tempdir=`mktemp --directory --sufix=.aptlc`
trap "rm -rf $tempdir" EXIT
temp="$tempdir/debconf-helper.py"
cat > "$temp" << 'EOF'
#DEBCONF_HELPER_PY#  <--- replaced by a real script by debian/rules
EOF
python3 -B "$temp" "$@"

Do you think this will be OK?


> 
> You should also review whether that issue needs to be fixed in
> stable/oldstable...

No, it doesn't. This code has been introduced recently to fix "debconf
is not a registry" issue. (Actually I don't really like the approach of
this tempdir/file creation, but the other option, namely making the
scripts '#/usr/bin/python3', didn't worked, because of some issues with
debconf, if I remember correctly).

Regards,
robert

Bug#811432: Krita no longer part of Calligra

[Pino Toscano]

Hi,

In data lunedì 12 settembre 2016 14:56:12 CEST, juichenieder-deb...@yahoo.co.uk 
ha scritto:
> root/debian/changelog
> This contains only the line for this package, this seems a bit odd to ditch 
> the
> changelog from before.  While Krita technically goes in to debian as a new 
> package,
> it just replaces the older krita package, and I do not presume that upstream 
> have
> started from scratch with krita 3.x.  Of course the old-package's changelogs 
> allias
> the entire calligra source package, so a copy-paste not doable, but I would 
> expect
> more than just "Initial Release" as this breaks the flow from the previous 
> version.
> Just something to document that krita has now split from Calligra and thus 
> has been
> repackaged from scratch, so people don't feel so surprised to see an empty 
> changelog.

This is technically the packaging of a new source: in the end, what I
could borrow from the calligra packaging was just the descriptions of
the packages; everything else (rules, build deps, copyright, etc) was
done from scratch.

I could have mentioned "Initial release, split from calligra", but IMHO
was not really true, and anyway it's too late now (if the source is
rejected I can amend it).

> In NEW, I see that you haven't listed krita as closing this bug.  Would that 
> help
> speed up the NEW process as this represents only a package split, rather than 
> an
> actually NEW package?

This has almost no change on the processing of the source from the NEW
queue -- what will slow it is the review of the licenses & copyrights
for the huge amount of files (more than 9000) in the source.

Note the upload is targeted to experimental for now -- its upload to
unstable will close the "it's uninstallable" bug for krita (#811432).

> Should the new calligra package reference krita as a suggested package?  Or 
> treat it as
> completely separate.

Since I uploaded also calligra (and it's waiting in NEW as well),
I had to comment out the krita dependency in the calligra metapackage
(otherwise if calligra is accepted before krita, that metapackage will
be uninstallable and prevent the migration to testing).
Once both sources are accepted in the archive and migrated to testing
(which means they build fine on all the release architectures, and
there are no critical/RC bugs), I will readd it as recommend or
suggest.

> I notice a lot of commented out lines, personally I hate  them in VCS as they
> undermine the reason for using a VCS.  If you want to go back and look at old 
> lines,
> use git for that, not comments.

Which ones are you referring to in particular? Most of the occurrences
are proper comments, and the two places which aren't are there for
actual reasons (like point out why libopenexr-dev is not enabled).

> I still don't understand what has changed between this version and the 
> previous to
> fix the depend requirements, I still see ${misc:Depends} 
> and${shlibs:Depends}, so
> won't this hit the same problem as before, or do I miss something with the 
> reason
> calligra got removed before... did the new package depends break BC with 
> regards
> calligra or something like that?

${shlibs:Depends} is the actual sauce of the dependencies: it contains
the list of libraries dependencies of the binaries & libraries in each
binary package. See the man pages of dh_shlibdeps & dpkg-shlibdeps to
know how they are filled, and dh_gencontrol & dpkg-gencontrol to know
how they are used.

-- 
Pino Toscano

signature.asc
Description: This is a digitally signed message part.

Bug#837598: RFS: nlohmann-json/2.0.4-1

[Muri Nicanor]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "nlohmann-json"

* Package name: nlohmann-json
  Version : 2.0.4-1
   Upstream Author : Niels Lohmann
 * URL : https://github.com/nlohmann/json
 * License : MIT
   Section : libs

It builds those binary packages:

nlohmann-json-dev - JSON for Modern C++

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/nlohmann-json


Alternatively, one can download the package with dget using this command:

dget -x
https://mentors.debian.net/debian/pool/main/n/nlohmann-json/nlohmann-json_2.0.4-1.dsc

Changes since the last upload:

* New upstream version 2.0.4

cheers,
-- 
muri



signature.asc
Description: OpenPGP digital signature

Bug#837579: user-mode-linux: FTBFS with bindnow and PIE enabled

[Ritesh Raj Sarraf]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Control: tag -1 +help


Hello Balint,


On Mon, 2016-09-12 at 16:42 +0200, Balint Reczey wrote:
> During a rebuild of all packages in sid, your package failed to build on
> amd64 with patched GCC and dpkg.
> 
> The rebuild tested if packages are ready for a transition
> enabling PIE and bindnow for amd64.
> 

I have tried enabling hardening flags before but that never helped. And I did
not look very deep into it.

hardening=+all also modifies LDFLAGS which breaks the UML kernel build.

So today, I tried with just the below, but lintian still complains.

rrs@chutzpah:~/Community/Packaging/user-mode-linux (master)$ git diff
diff --git a/debian/rules b/debian/rules
index e29da82..802eb1e 100755
- --- a/debian/rules
+++ b/debian/rules
@@ -15,6 +15,10 @@ tmpmodules:=$(debian)/uml-modules
 DEB_HOST_ARCH?=$(shell dpkg-architecture -qDEB_HOST_ARCH)
 #SUBARCH?=$(shell uname -m)
 
+export DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow
+#DPKG_EXPORT_BUILDFLAGS = 1
+#include /usr/share/dpkg/buildflags.mk
+
 ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
 KBUILDVARS := CFLAGS_KERNEL=-O1
 endif


If you have any suggestions on working around it, please do share on this bug
report.


> For more information about the changes to sid's dpkg and GCC please
> visit:
>  https://wiki.debian.org/Hardening/PIEByDefaultTransition
> 
> Relevant part (hopefully):
> ...
>   LD  init/built-in.o
> /usr/bin/ld: arch/um/drivers/built-in.o: relocation R_X86_64_32 against
> `.rodata.str1.1' can not be used when making a shared object; recompile
> with -fPIC
> /usr/bin/ld: final link failed: Nonrepresentable section on output
> ...

I've tagged this bug report as "help".

BTW, do you know if the regular linux images of Debian are Hardening enabled ?


- -- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX1vFuAAoJEKY6WKPy4XVphCkP/1XrTHg8wGTrBiDoKOXbS+rn
5DcS7J8g6fFYWIsViyA6I2MyMSXUaCtoxQHqHBe86gqqL2duPO+inAf2m8aFkuEn
XkkPe+8zOwDKaN3aEIkxfG2erphN7O0Q/efv15bParyMCaC315mASAMxzM2kC/hj
830SmEUfRtzvCTXzdo8NKiF5wY6c4rPrJyQNs9EE5vZk8L+ucrTtlsXzV2pUaJfq
v2Sj72GmRG28p4VkfQzpmwdMgQT3tYcAfsi49Up0fVgwohhyXgaOgDrJKeYQgPwc
vet5QjP+2LL0hZVovMbSrGc22mTap89TZzbQHPd3YMNPDp0GySQNO7Z+E7JZ+bOc
DjD/0u634yfKuUNOmBtlkjhBzSVuI2a7vRzlw7ouS6a7efGUju9lc9j3bDdqghQg
BCzTgtWBRnV8CX+l+61vofXZiDKdkJYaCGxJpnstQ+qgMwjblNGGHWku7gMXNy5M
dqpBF70AdXiMCD8mdeNHKex2X+DMGkAYhMerBopwy6QZoZ6g7Dm6eMr2T1WisZp4
UJToid7pOXG3n2TJ6QUVlg0ChQa7sw+cR/7C9cqHic27qj75Efajbqp25X2t5Mt/
gkfaJqN2e/M9CWhOskzImI4XkcKNAquzcO9Ue//UUJZKGOJWjj5tEAQ8ECllY8rC
uuZ+OTm0y7pO40d8ErSm
=8ufT
-END PGP SIGNATURE-

Bug#836412: Fwd: RE: qtwebengine on armhf

[Sandro Knauß]

Control: reassign -1 qtdeclarative-opensource-src
Control: tags -1 +patch

Hey,

it would be great to add the patch to qtdeclerative and enable the tests, as 
upstream points out, this would may have helped here.

Regards,

sandro

--  Forwarded message --
From: Allan Jensen 
For the second issue with big-endian. The test that fails tries to use 
QJSEngine which doesn work, and as far as I can tell you are not running the 
tests on qtdeclarative either.

I tried looking into it, and I think this solves it: 
https://codereview.qt-project.org/#/c/170754

Atleast it works on qemu powerpc.

`Allan

signature.asc
Description: This is a digitally signed message part.

Bug#837597: network-manager: NetworkManager start times out during boot

[Sten Heinze]

Package: network-manager
Version: 1.2.4-2
Severity: normal

Dear Maintainer,

* What led up to the situation?
  * Since my upgrade last Friday this happens on every boot.
  * Before the login manager is displayed, I can see the following message,
waiting the full 90s:

[  *** ] A start job is running for Network Manager (30s/1min 30s)

  * Sometimes I could see the following output on the console just before 
the login manager takes over, but I have not seen those since installing
systemd from sid 231-5 and -6 instead of -4 from testing:

[FAILED] Failed to start Network Manager.
[DEPEND] Dependency failed for Network Manager Wait Online.

  * The output of "journalctl -u NetworkManager" contains a first failed start
during boot, followed by a successful start (I have seen two failed starts
followed by a successful start, too):

Sep 12 12:28:31 pc systemd[1]: Starting Network Manager...
Sep 12 12:30:01 pc systemd[1]: NetworkManager.service: Start operation timed 
out. Terminating.
Sep 12 12:30:01 pc systemd[1]: Failed to start Network Manager.
Sep 12 12:30:01 pc systemd[1]: NetworkManager.service: Unit entered failed 
state.
Sep 12 12:30:01 pc systemd[1]: NetworkManager.service: Failed with result 
'timeout'.
Sep 12 12:30:01 pc systemd[1]: NetworkManager.service: Service hold-off time 
over, scheduling restart.
Sep 12 12:30:01 pc systemd[1]: Stopped Network Manager.
Sep 12 12:30:01 pc systemd[1]: Starting Network Manager...
Sep 12 12:31:23 pc NetworkManager[921]:   [1473697883.1057] 
NetworkManager (version 1.2.4) is starting...
Sep 12 12:31:23 pc NetworkManager[921]:   [1473697883.1064] Read config: 
/etc/NetworkManager/NetworkManager.conf

* What exactly did you do (or not do) that was effective (or ineffective)?
  * I tried many things, none of which helped
* Plugging in the wired network cable to see if earlier network access 
helps. 
  (Usually the wireless network connection is established after I log in.)
* Using "systemd-analyze critical-chain" I saw virtualbox at the top of the 
  chain, but purging it did not help.
* I tried to set logging level to DEBUG in 
/etc/NetworkManager/NetworkManager.conf,
  but only the successful second start of NetworkManager logged with DEBUG 
level,
  the output for the first start was unchanged (same as above).
* I tried commenting out CapabilityBoundingSet, ProtectSystem, and 
ProtectHome as
  described in #820174, nothing changed.
* Downgrading network-manager to the pre-upgrade version 1.2.2-2 did not 
help.
* Upgrading network-manager to 1.4.0-3 from sid, nothing changed (well, 
actually 
  the plasma desktop client to network-manager failed to pick up that a 
network 
  connection was established).

* What outcome did you expect instead?
  * I expect my system to boot in 30s not 3min. And I don't expect 
NetworkManager
to fail to start for no obvious reason. So please help me figure out why 
this
happens and how it can be fixed.

* I am adding some system information below that was asked for in #820174 and I 
hope
  is useful:

# systemctl status NetworkManager.service
● NetworkManager.service - Network Manager
   Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled; vendor 
preset: enabled)
   Active: active (running) since Mon 2016-09-12 12:51:13 EDT; 27min ago
 Docs: man:NetworkManager(8)
 Main PID: 1012 (NetworkManager)
Tasks: 5 (limit: 4915)
   CGroup: /system.slice/NetworkManager.service
   ├─1012 /usr/sbin/NetworkManager --no-daemon
   └─1301 /sbin/dhclient -d -q -sf 
/usr/lib/NetworkManager/nm-dhcp-helper -pf /var/run/dhclient-wlp3s0.pid -lf 
/var/lib/NetworkManager/dhclien

Sep 12 12:51:20 pc NetworkManager[1012]:   [1473699080.2381] policy: set 
'GuestWiFi' (wlp3s0) as default for IPv4 routing and DN
Sep 12 12:51:20 pc NetworkManager[1012]:   [1473699080.2397] device 
(wlp3s0): Activation: successful, device activated.
Sep 12 12:51:20 pc NetworkManager[1012]:   [1473699080.2403] manager: 
startup complete
Sep 12 12:51:20 pc dhclient[1301]: bound to 192.168.65.26 -- renewal in 5900 
seconds.
Sep 12 13:07:08 pc NetworkManager[1012]:   [1473700028.0004] 
sup-iface[0x179fb80,wlp3s0]: connection disconnected (reason -4)
Sep 12 13:07:08 pc NetworkManager[1012]:   [1473700028.0050] device 
(wlp3s0): supplicant interface state: completed -> disconnected
Sep 12 13:07:08 pc NetworkManager[1012]:   [1473700028.1048] device 
(wlp3s0): supplicant interface state: disconnected -> scanning
Sep 12 13:07:08 pc NetworkManager[1012]:   [1473700028.3096] device 
(wlp3s0): supplicant interface state: scanning -> authenticating
Sep 12 13:07:08 pc NetworkManager[1012]:   [1473700028.3162] device 
(wlp3s0): supplicant interface state: authenticating -> associating
Sep 12 13:07:08 pc NetworkManager[1012]:   [1473700028.4372] device 
(wlp3s0): supplicant interface state: associating -> completed


$ systemctl --version
systemd 231
+PAM +AUDIT 

Bug#835286: RFS: mmh/0.3-1 ITP

[Dmitry Bogatov]

> you are installing too many manpages.

One per binary.

> 2) dh-autoreconf and autotools-dev, please drop one (if possible)

Updated version is on mentors.

> 3) lots of binaries under /usr/bin/mh/*
> you sure you want them?

Of course. It is MH hier, after all.

Bug#837158: [git-buildpackage/master] create_remote_repo: allow to create non bare repositories

[Guido Günther]

tag 837158 pending
thanks

Date:   Fri Sep 9 13:35:41 2016 +0200
Author: Guido Günther 
Commit ID: 7a7068d14ab34e47d44bd601db201fb4126751ef
Commit URL: 
https://git.sigxcpu.org/cgit/git-buildpackage/;a=commitdiff;h=7a7068d14ab34e47d44bd601db201fb4126751ef
Patch URL: 
https://git.sigxcpu.org/cgit/git-buildpackage/;a=commitdiff_plain;h=7a7068d14ab34e47d44bd601db201fb4126751ef

create_remote_repo: allow to create non bare repositories

Closes: #837158

A snapshot build including this change will be available at
http://honk.sigxcpu.org:8001/job/git-buildpackage/
  

Bug#837590: [Pkg-alsa-devel] Bug#837590: alsa-tools FTBFS on armel: gcc-6 narrowing conversions

[Elimar Riesebieter]

Control: forwarded -1 
http://mailman.alsa-project.org/pipermail/alsa-devel/2016-September/112697.html

* Helmut Grohne  [2016-09-12 18:23 +0200]:

> Source: alsa-tools
> Version: 1.1.0-1
> Severity: serious
> 
> I noticed that alsa-tools fails to cross build from source for armel due
> to gcc-6 narrowing conversion issues. Issues about narrowing conversions
> are generally not cross compilation specific and reproducible natively.
> Thus filing at RC severity. A full (cross) build log is attached. The
> relevant excerpt is:
> 
> | arm-linux-gnueabi-g++ -DPACKAGE_NAME=\"hdspmixer\" 
> -DPACKAGE_TARNAME=\"hdspmixer\" -DPACKAGE_VERSION=\"1.11\" 
> -DPACKAGE_STRING=\"hdspmixer\ 1.11\" -DPACKAGE_BUGREPORT=\"\" 
> -DPACKAGE_URL=\"\" -DPACKAGE=\"hdspmixer\" -DVERSION=\"1.11\" 
> -DSTDC_HEADERS=1 -DHAVE_LIBASOUND=1 -I.   -Wdate-time -D_FORTIFY_SOURCE=2  -g 
> -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security   -I/usr/include/freetype2   -D_THREAD_SAFE 
> -D_REENTRANT -fno-exceptions -MT channelmap.o -MD -MP -MF 
> .deps/channelmap.Tpo -c -o channelmap.o channelmap.cxx
> | channelmap.cxx:59:1: error: narrowing conversion of '-1' from 'int' to 
> 'char' inside { } [-Wnarrowing]
> |  };
> |  ^
> 
> Helmut


> ___
> Pkg-alsa-devel mailing list
> pkg-alsa-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-alsa-devel


-- 
  Learned men are the cisterns of knowledge,
  not the fountainheads ;-)

Bug#836536: ruby-concurrent: FTBFS too much often (failed examples)

[Antonio Terceiro]

On Mon, Sep 12, 2016 at 11:12:26AM +0530, Balasankar C wrote:
> On Sat, 3 Sep 2016 21:49:13 +0200 (CEST) Santiago Vila  
> wrote:
> >   BTW: I think the "Randomized with seed xxx" above is a bad idea.
> > Maintainers often ask bug reporters for "a way to reproduce the error".
> > But if the build is based on random variables, this becomes an
> > impossible task. Please consider modifying the build system so that
> > those random things are always the same.
> 
> I believe I have fixed this in the latest upload, in which I specified the
> order to run the tests. I tried building it 5 times in a cowbuilder 
> environment
> and didn't hit any failures. Please reopen the bug if this problem persists.

I think that in general 5 times is probably not enough. the last package
I fixed that failed randomly would fail 6% of the time (i.e. ~3 times
out of 50 attempts in my tests).


signature.asc
Description: PGP signature

Bug#835286: RFS: mmh/0.3-1 ITP

[Gianfranco Costamagna]

control: tags -1 moreinfo

Hi,

>  * mmh



sounds interesting, lets see:

1)

-rw-r--r-- root/root   840 2016-08-24 06:33 ./usr/share/man/man1/mmh.1.gz
-rw-r--r-- root/root   794 2016-08-24 06:33 
./usr/share/man/man1/mmhwrap.1.gz
-rw-r--r-- root/root  1065 2016-08-24 06:33 ./usr/share/man/man1/new.1.gz
lrwxrwxrwx root/root 0 2016-08-24 06:33 ./usr/share/man/man1/next.1.gz 
-> show.1.gz
-rw-r--r-- root/root   766 2016-08-24 06:33 ./usr/share/man/man1/packf.1.gz
-rw-r--r-- root/root  3718 2016-08-24 06:33 ./usr/share/man/man1/pick.1.gz
lrwxrwxrwx root/root 0 2016-08-24 06:33 ./usr/share/man/man1/prev.1.gz 
-> show.1.gz
-rw-r--r-- root/root  2155 2016-08-24 06:33 
./usr/share/man/man1/prompter.1.gz
-rw-r--r-- root/root   886 2016-08-24 06:33 
./usr/share/man/man1/rcvdist.1.gz
-rw-r--r-- root/root   728 2016-08-24 06:33 
./usr/share/man/man1/rcvpack.1.gz
-rw-r--r-- root/root  1570 2016-08-24 06:33 
./usr/share/man/man1/rcvstore.1.gz
-rw-r--r-- root/root  1685 2016-08-24 06:33 ./usr/share/man/man1/refile.1.gz
-rw-r--r-- root/root  3694 2016-08-24 06:33 ./usr/share/man/man1/repl.1.gz
-rw-r--r-- root/root  1240 2016-08-24 06:33 ./usr/share/man/man1/rmf.1.gz
-rw-r--r-- root/root   784 2016-08-24 06:33 ./usr/share/man/man1/rmm.1.gz
-rw-r--r-- root/root  2070 2016-08-24 06:33 ./usr/share/man/man1/scan.1.gz
-rw-r--r-- root/root  2635 2016-08-24 06:33 ./usr/share/man/man1/send.1.gz
-rw-r--r-- root/root   766 2016-08-24 06:33 
./usr/share/man/man1/sendfiles.1.gz
-rw-r--r-- root/root  4487 2016-08-24 06:33 ./usr/share/man/man1/show.1.gz

you are installing too many manpages.

2) dh-autoreconf and autotools-dev, please drop one (if possible)

3) lots of binaries under /usr/bin/mh/*
you sure you want them?

other stuff LGTM

G.

Bug#837050: RFS: clsparse/0.10.1.0-1 [ITP]

[Gianfranco Costamagna]

control: owner -1 !
control: tags -1 moreinfo

>I am looking for a sponsor for my package "clsparse"

missing copyrights:

e.g. 
Copyright 2015 Vratis, Ltd.

wrong licenses: I see lots of expat under
./src/library/kernels/*


2) usual cl missing header failure
http://debomatic-i386.debian.net/distribution#unstable/clsparse/0.10.1.0-1/buildlog

please ping back once unstable is ok again
(the same package in new queue that needs processing, right?)
check-all-the-things is complaining about some stuff, but I don't think
it is worth patching, maybe you can forward it upstream
(e.g. missing initialization of variables, or typos)

cheers,

G.

Bug#837550: gnome-shell-pomodoro: incorrect watch file

[Joseph Herlant]

Hi Ghislain,

Wow, indeed, stupid mistake from my side, wonder why it's working right now! :D
I'll fix that in the next release I'll try to push this week.

Thanks for your contribution! :)

Joseph


On Mon, Sep 12, 2016 at 5:35 AM, Ghislain Antony Vaillant
 wrote:
> Package: gnome-shell-pomodoro
> Version: 0.11.2-2
> Severity: normal
> Tags: patch
>
> Dear Maintainer,
>
> The current watch file for this package is incorrect.
>
> You will find a patch which addresses this issue.
>
> Cheers,
> Ghis
>
>
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (900, 'testing'), (300, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages gnome-shell-pomodoro depends on:
> ii  gnome-shell3.20.3-1+b1
> ii  gnome-shell-pomodoro-data  0.11.2-2
> ii  libatk1.0-02.21.90-2
> ii  libc6  2.23-5
> ii  libcairo-gobject2  1.14.6-1+b1
> ii  libcairo2  1.14.6-1+b1
> ii  libcanberra0   0.30-3
> ii  libdbus-1-31.10.10-1
> ii  libdbus-glib-1-2   0.106-1
> ii  libgdk-pixbuf2.0-0 2.34.0-1
> ii  libglib2.0-0   2.49.6-1
> ii  libgnome-desktop-3-12  3.21.90-3
> ii  libgstreamer1.0-0  1.8.3-1
> ii  libgtk-3-0 3.21.5-3
> ii  libpango-1.0-0 1.40.2-1
> ii  libpangocairo-1.0-01.40.2-1
> ii  libtelepathy-glib0 0.24.1-1.1
>
> gnome-shell-pomodoro recommends no packages.
>
> gnome-shell-pomodoro suggests no packages.
>
> -- no debconf information

Bug#837591: leaves user (and files?) behind on purge

[Antoine Beaupré]

Package: irker
Version: 2.13+dfsg-1
Severity: serious

Version 2.13 of the debian package introduces a regression where the
`irker` user is left behind when the package is removed.

I understand why that was done (files were left behind unowned), but I
was expecting the user to be removed during purge (as opposed to
remove) at least.

If there are files left behind by the program, they should be removed
as well.

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable'), (1, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages irker depends on:
ii  adduser  3.113+nmu3
ii  init-system-helpers  1.22
pn  python:any   

irker recommends no packages.

irker suggests no packages.

-- no debconf information

Bug#804680: why Recommends: fonts-droid ?

[Joseph Herlant]

Hi Ghislain,

The Droid fonts dependency on upstream has been removed in the latest
release (0.12) on June 10th.
I was planning to release it this weekend but didn't have the time to.

Relevant upstream commit:
https://github.com/codito/gnome-pomodoro/commit/512ea61103af8e3fe798aa74063504568a027afb

I'll try to release that before EOW so that we can close this one.
Sorry that I've been so long to answer this. I've been having issues
on my side and only had very little time to contribute to Debian over
the last 2 years.

Joseph


On Mon, Sep 12, 2016 at 5:39 AM, Ghislain Vaillant  wrote:
> I have looked at the packaging content and I fail to understand why the
> additional font package is recommended by gnome-shell-pomodoro-data.
>
> Could you elaborate on the Recommends relationship?
>
> Ghis

Bug#837590: alsa-tools FTBFS on armel: gcc-6 narrowing conversions

[Helmut Grohne]

Source: alsa-tools
Version: 1.1.0-1
Severity: serious

I noticed that alsa-tools fails to cross build from source for armel due
to gcc-6 narrowing conversion issues. Issues about narrowing conversions
are generally not cross compilation specific and reproducible natively.
Thus filing at RC severity. A full (cross) build log is attached. The
relevant excerpt is:

| arm-linux-gnueabi-g++ -DPACKAGE_NAME=\"hdspmixer\" 
-DPACKAGE_TARNAME=\"hdspmixer\" -DPACKAGE_VERSION=\"1.11\" 
-DPACKAGE_STRING=\"hdspmixer\ 1.11\" -DPACKAGE_BUGREPORT=\"\" 
-DPACKAGE_URL=\"\" -DPACKAGE=\"hdspmixer\" -DVERSION=\"1.11\" -DSTDC_HEADERS=1 
-DHAVE_LIBASOUND=1 -I.   -Wdate-time -D_FORTIFY_SOURCE=2  -g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security   -I/usr/include/freetype2   -D_THREAD_SAFE 
-D_REENTRANT -fno-exceptions -MT channelmap.o -MD -MP -MF .deps/channelmap.Tpo 
-c -o channelmap.o channelmap.cxx
| channelmap.cxx:59:1: error: narrowing conversion of '-1' from 'int' to 'char' 
inside { } [-Wnarrowing]
|  };
|  ^

Helmut


alsa-tools_1.1.0-1_armel.log.xz
Description: application/xz

Bug#837183: systemd: unprivileged call to systemd-resolve starts systemd-resolved even when masked

[Brian Kroth]

Felipe Sateler  2016-09-10 12:45:

Control: forwarded -1 https://github.com/systemd/systemd/issues/4122

On 9 September 2016 at 19:36, Michael Biebl  wrote:

Am 10.09.2016 um 00:26 schrieb Michael Biebl:

So, you'll also need to mask that name, i.e
dbus-org.freedesktop.resolve1.service


https://github.com/systemd/systemd/issues/1873
is somewhat related.
Upstream's position on this is, that masks apply only on that particular
name and not for any existing aliases (symlinks)


Thanks for the backstory.


I interpret upstream's comment differently. They say "any alias
pointed to it is masked", which (applied to this case) should mean
that masking dbus-org.freedesktop.resolve1.service should not cause
systemd-resolved.service to be masked. I would expect the other way
around to work though: all aliases *should* resolve to the same unit,
and if that final unit is masked it should not be started.


Right, that's what I was expecting too.


Side complaint: /usr/share/dbus-1/system-services/ is not listed as one 
of the directories searched for units in systemd.unit or systemd.service 
or any other man page I've been able to find.


I sort of guessed at dbus activation, but didn't see where that would 
have been configured since I was expecting all units to live in either 
/lib/systemd/, /run/systemd/ or /etc/systemd/ (excluding user units for 
this case which make sense to live in /usr/lib/systemd/ to me).


Thanks,
Brian

Bug#835075: [PATCH] use fake-pinentry (Closes: #835075)

[gregor herrmann]

On Sun, 11 Sep 2016 16:38:05 +0200, gregor herrmann wrote:

> > > 3) This is in schroot-on-lvm. And here unmounting fails because of the
> > >running gpg-agents leaving my schroot/lvm setup in a sad state.
> > right, but this is a different issue, related to gpg-agent not.
> > terminating rapidly enough when its socket is removed (same as (1)).
> > I'm happy to track this as an issue, but it is a different issue than
> > 835075.
> True, I'm just a bit hesitant to upload a package which (at least in
> my autopkgtest setup) fails autopkgtests and leaves a broken schroot
> session and an orphaned lvm snapshot lying around. My fear is that
> the same happens on the buildds and on ci.debian.net.

ci.d.n is currently a non-issue because #806140.
  
> > but
> > it seems more important for me to get these fixes upstreamed.
> Right, and I've asked David on IRC to look into this issue.

In cooperation with David who checked and built the packager from git
we decided to upload the package now to Debian, add the patch to the
upstream ticket and he will try to get the situation on the CPAN
sorted out afterwards.

I just completed the first two steps :)
  

Cheers,
gregor

-- 
 .''`.  Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Madonna / Antonio Banderas: Goodnight And Thank You


signature.asc
Description: Digital Signature

Bug#832758: irkerd.service runs irkerd as root (should run as user "irker")

[anarcat]

Control: tags -1 +pending
Control: forwarded https://gitlab.com/esr/irker/merge_requests/15

The following patch should fix that problem:

commit 1980b7cb4239463b581579cc39480774d3e2d2fe
Author: Antoine Beaupré 
Date:   Mon Sep 12 12:01:44 2016 -0400

run daemon as the irker user (Close: #832758)

this is an improvement upon the default .service file. it requires a
irker user to be created, something which is automatically handled by
the debian package, but should be handled by other distributions when
deploying the .service file.

there are obvious dangers in running irkerd as root: a compromise
would be catastrophic, and since it runs on public servers that are
traditionnally pretty hostile (IRC), it seems critical that rights of
the daemon be limited.

diff --git a/irkerd.service b/irkerd.service
index d19378b..82f39b0 100644
--- a/irkerd.service
+++ b/irkerd.service
@@ -7,6 +7,7 @@ Requires=network.target
 
 [Service]
 ExecStart=/usr/bin/irkerd
+User=irker
 
 [Install]
 WantedBy=multi-user.target

I have forwarded it upstream as well.

A.


signature.asc
Description: Digital signature

Bug#837588: hppa: Please disable CONFIG_FTRACE for hppa architecture

[Helge Deller]

Package: linux
Version: 4.7.2-1
Severity: important

We sadly will need to disable CONFIG_FTRACE for hppa architecture completely 
for now.

The problem is, that gcc creates lots of overhead when adding the code for the
mcount call (minimum 16 bytes per function, plus two relocation symbol entries)
which leads that the 64bit vmlinux kernel file for 4.7 becomes around 99MB, 
while
vmlinux for kernel 4.6 was just around 17MB. This size wouldn't be a real 
problem itself,
but sadly the default /boot partition is currently maximum 128 MB in size which
is not able to keep the vmlinux file plus the size for the initrd image (which 
is a lot
bigger than 100MB then).
That leads to the fact, that people who have a default hppa installation will 
not
be able to install the new kernel (and don't have space in /boot to keep other 
older
images either).

So, can you please deactivate CONFIG_FTRACE completely for 32- and 64bit hppa 
configs?
Is it sufficient to add "CONFIG_FTRACE=n" to debian/config/hppa/config ?

Thanks!
Helge

PS: I'm still working on upstream ftrace support for hppa. It's not complete 
yet, so
we don't loose to much when we disable ftrace again now. Further more I will 
adjust the
debian installer to create bigger /boot partitions so that we can enable it 
later again.

Bug#837589: irker: diff for NMU version 2.18+dfsg-1.1

[anarcat]

Package: irker
Version: 2.18+dfsg-1
Severity: normal
Tags: patch pending

[Replace XX with correct value]
Dear maintainer,

I've prepared an NMU for irker (versioned as 2.18+dfsg-1.1) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.

Regards.
diff -Nru irker-2.18+dfsg/debian/changelog irker-2.18+dfsg/debian/changelog
--- irker-2.18+dfsg/debian/changelog	2016-06-18 04:54:48.0 -0400
+++ irker-2.18+dfsg/debian/changelog	2016-09-12 12:09:50.0 -0400
@@ -1,3 +1,12 @@
+irker (2.18+dfsg-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * new patches to the .service file:
+* run daemon as the irker used (Closes: #832758)
+* properly import environment from /etc/defaults (Closes: #832322)
+
+ -- Antoine Beaupré   Mon, 12 Sep 2016 11:59:26 -0400
+
 irker (2.18+dfsg-1) unstable; urgency=low
 
   * Update to latest upstream release.
diff -Nru irker-2.18+dfsg/debian/patches/0008-user-service.patch irker-2.18+dfsg/debian/patches/0008-user-service.patch
--- irker-2.18+dfsg/debian/patches/0008-user-service.patch	1969-12-31 19:00:00.0 -0500
+++ irker-2.18+dfsg/debian/patches/0008-user-service.patch	2016-09-12 12:04:51.0 -0400
@@ -0,0 +1,28 @@
+commit 1980b7cb4239463b581579cc39480774d3e2d2fe
+Author: Antoine Beaupré 
+Date:   Mon Sep 12 12:01:44 2016 -0400
+
+run daemon as the irker user (Close: #832758)
+
+this is an improvement upon the default .service file. it requires a
+irker user to be created, something which is automatically handled by
+the debian package, but should be handled by other distributions when
+deploying the .service file.
+
+there are obvious dangers in running irkerd as root: a compromise
+would be catastrophic, and since it runs on public servers that are
+traditionnally pretty hostile (IRC), it seems critical that rights of
+the daemon be limited.
+
+diff --git a/irkerd.service b/irkerd.service
+index d19378b..82f39b0 100644
+--- a/irkerd.service
 b/irkerd.service
+@@ -7,6 +7,7 @@ Requires=network.target
+ 
+ [Service]
+ ExecStart=/usr/bin/irkerd
++User=irker
+ 
+ [Install]
+ WantedBy=multi-user.target
diff -Nru irker-2.18+dfsg/debian/patches/0009-env-service.patch irker-2.18+dfsg/debian/patches/0009-env-service.patch
--- irker-2.18+dfsg/debian/patches/0009-env-service.patch	1969-12-31 19:00:00.0 -0500
+++ irker-2.18+dfsg/debian/patches/0009-env-service.patch	2016-09-12 12:08:44.0 -0400
@@ -0,0 +1,14 @@
+diff --git a/irkerd.service b/irkerd.service
+index 82f39b0..f4cd45b 100644
+--- a/irkerd.service
 b/irkerd.service
+@@ -6,7 +6,8 @@ Description=irker daemon
+ Requires=network.target
+ 
+ [Service]
+-ExecStart=/usr/bin/irkerd
++EnvironmentFile=-/etc/default/irker
++ExecStart=/usr/bin/irkerd $IRKER_OPTIONS
+ User=irker
+ 
+ [Install]
diff -Nru irker-2.18+dfsg/debian/patches/series irker-2.18+dfsg/debian/patches/series
--- irker-2.18+dfsg/debian/patches/series	2016-03-17 18:42:26.0 -0400
+++ irker-2.18+dfsg/debian/patches/series	2016-09-12 12:08:55.0 -0400
@@ -2,3 +2,5 @@
 0005-author-name.patch
 0006-alias-service.patch
 0007-irkerhook-git.patch
+0008-user-service.patch
+0009-env-service.patch


signature.asc
Description: Digital signature

Bug#832322: irker: Irker is ignoring startup options defined in /etc/default/irker.

[anarcat]

Control: tags -1 +patch +pending

The following patch should fix that problem:

diff --git a/irkerd.service b/irkerd.service
index 82f39b0..f4cd45b 100644
--- a/irkerd.service
+++ b/irkerd.service
@@ -6,7 +6,8 @@ Description=irker daemon
 Requires=network.target
 
 [Service]
-ExecStart=/usr/bin/irkerd
+EnvironmentFile=-/etc/default/irker
+ExecStart=/usr/bin/irkerd $IRKER_OPTIONS
 User=irker
 
 [Install]

Note that this is rolled on top of the patch for #832758.


signature.asc
Description: Digital signature

Bug#837183: systemd: unprivileged call to systemd-resolve starts systemd-resolved even when masked

[Brian Kroth]

Oh, I guess I have an idea what's happening.
systemd-resolve triggers the start via D-Bus activation.


Yeah, that was my guess as well.  Just seemed wrong to me given that the 
unit providing that service is masked.



/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service


For the record, masking org.freedesktop.resolve1.service didn't help.


has
SystemdService=dbus-org.freedesktop.resolve1.service

dbus-org.freedesktop.resolve1.service is a symlink to
systemd-resolved.service

So, you'll also need to mask that name, i.e
dbus-org.freedesktop.resolve1.service


But masking that one did.

# systemd-resolve debian.org
debian.org: resolve call failed: Unit dbus-org.freedesktop.resolve1.service is 
masked.

Thanks,
Brian

Bug#823803: [Debichem-devel] NMU for libint2 : FTBFS (blocking openmpi transition)

[Michael Banck]

Hi,

On Mon, Sep 12, 2016 at 11:07:59AM +0100, Alastair McKinstry wrote:
> I've uploaded an NMU for libint2 to fix a FTBFS that was blocking the
> openmpi2 transition.
> 
> Please find the debdiff attached.

According to your changelog, the debdiff appears to be backwards, or am
I reading it wrong?

In any case, thanks for the patch.


Michael

Bug#831018: gimp: Restore 02_help-message.patch

[Jeremy Bicha]

Control: severity -1 wishlist

On Mon, Sep 12, 2016 at 8:29 AM, Ari Pollak  wrote:
> Thanks for the patch. However, I intentionally removed it because gimp-help
> in Debian is not particularly up-to-date and the message was not translated
> into any other languages, so it was less useful than the existing message.

Thanks. OK, I went ahead and synced gimp. Ubuntu might have
translations for that message into several languages.

Jeremy

Bug#837531: subtitleeditor: Negative content width -2 (allocation 0, extents 1x1) while allocating gadget

[Philip Rinn]

tags 837531 unreproducible moreinfo
thanks

Hi,

> Dear Maintainer,
> Got the following when trying to run subtitleeditor in mate desktop.
> This is on testing.
> 
> [$] subtitleeditor somesubtitle.srt
> 
> (subtitleeditor:13174): Gtk-WARNING **: Theme parsing error:
> gtk.css:63:28: The :prelight pseudo-class is deprecated. Use :hover
> instead.
> 
> (subtitleeditor:13174): Gtk-WARNING **: Theme parsing error:
> gtk.css:73:35: The :prelight pseudo-class is deprecated. Use :hover
> instead.
> 
> (subtitleeditor:13174): Gtk-WARNING **: Theme parsing error:
> mate-applications.css:415:16: not a number
> 
> (subtitleeditor:13174): Gtk-WARNING **: Theme parsing error:
> mate-applications.css:415:16: Expected a string.
> 
> (subtitleeditor:13174): Gtk-WARNING **: Theme parsing error:
> other-applications.css:146:13: not a number
> 
> (subtitleeditor:13174): Gtk-WARNING **: Theme parsing error:
> other-applications.css:146:13: Expected a string.

All those seem to be mate related, I don't see them with Gnome3...

> ** (subtitleeditor:13174): CRITICAL **: bool
> Config::get_value_bool(const Glib::ustring&, const Glib::ustring&):
> assertion 'state' failed

I see this one with Gnome3 too...

> (subtitleeditor:13174): Gtk-WARNING **: Negative content width -2
> (allocation 0, extents 1x1) while allocating gadget (node highlight,
> owner gtkmm__GtkScale)
> 
> (subtitleeditor:13174): Gtk-WARNING **: Negative content width -2
> (allocation 0, extents 1x1) while allocating gadget (node highlight,
> owner gtkmm__GtkScale)

I don't see them with Gnome3...

> It takes lot of memory and sort of hangs the system. I had to use
> CTRL+ALT+Fn to get to another console terminal interface to kill the
> app. and get control of the desktop.

For me it works fine with random .srt files - so I guess it's due to some bugs 
in
mate. Could you please check with Gnome3 and report back?

Best,
Philip




signature.asc
Description: OpenPGP digital signature

Bug#837587: ITP: libgkarrays -- library to query large collection of NGS sequences

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: libgkarrays
  Version : 2.1.0
  Upstream Author : Nicolas PHILIPPE  and others
* URL : http://crac.gforge.inria.fr/gkarrays/
* License : CeCILL
  Programming Lang: C++
  Description : library to query large collection of NGS sequences
 Gk-arrays are provided as a simple-to-use C++ library dedicated to
 queries on large collection of sequences as produced by high-throughput
 sequencers (e.g. HiSeq 2000 from Illumina, 454 from Roche).
 .
 Gk-arrays index k-mers of reads and allows one to answer different queries
 on that read collection (e.g. how many reads share this k-mer? where does
 this k-mer occur in the read collection?).
 .
 Gk-arrays consist of a space-efficient alternative to hash tables while
 being similar in terms of query times.


Remark: This package is a precondition for another Debian Med target (crac)
and will be maintained at
https://anonscm.debian.org/git/debian-med/libgkarrays.git

Bug#837300: jessie-pu: package mariadb-10.0/10.0.27-0+deb8u1

[Otto Kekäläinen]

2016-09-12 15:16 GMT+03:00 Adam D. Barratt :
> On 2016-09-11 14:41, Adam D. Barratt wrote:
>>
>> On Sat, 2016-09-10 at 14:42 +0300, Otto Kekäläinen wrote:
>>>
>>> The powerpc build of the security release 10.0.26-0+deb8u1 fails to
>>> build due to an upstream regression (see Bug#832931). This has been
>>> fixed in 10.0.27, but as it is not a security release (at least not
>>> publicly at the moment) I propose it to be uploaded via
>>> stable-updates.
>>
>>
>> Unfortunately 10.0.27 still FTBFS on powerpc, with failures that look
>> the same as those seen for 10.0.26-0+deb8u1.
>
>
> For absolute clarity, if that can't be resolved in a very short time period
> then 10.0.27 won't be included in the point release next weekend.

I am adding a MariaDB core developer Vicențiu Ciorbaru as CC here, in
case he could help.

So this is the build status for powerpc is:

- OK: sid (development):
https://buildd.debian.org/status/package.php?p=mariadb-10.0
  from master branch at http://git.debian.org/?p=pkg-mysql/mariadb-10.0.git

- FAILING: jessie (proposed 8.6)
https://buildd.debian.org/status/package.php?p=mariadb-10.0=jessie
  from jessie branch at http://git.debian.org/?p=pkg-mysql/mariadb-10.0.git

In jessie powerpc fails with mtr exiting immediately for an unknown reason.

Log: 
https://buildd.debian.org/status/fetch.php?pkg=mariadb-10.0=powerpc=10.0.27-0%2Bdeb8u1=1473621159

The history of PowerPC builds does not give insight to the current
jessie failure:
https://buildd.debian.org/status/logs.php?pkg=mariadb-10.0=powerpc

I have no idea what to try next.

Bug#834402: [Aptitude-devel] Bug#834402: aptitude: search loses column format when redirected or piped

[Javier Cantero]

On Wed, Aug 17, 2016 at 10:46:59PM +0100, Manuel A. Fernandez Montecelo wrote:
 
> - somehow try to use the same width of the current terminal, with
>  possible truncation (would work fine in pipes for which the ultimate
>  output is the same terminal, but not if redirected and processed/seen
>  from another terminal/computer, unless the width is the same)

A way to get the width of the current terminal even when stdout was
redirected/piped is read it from stdin (fd 0) instead. With the
advantage that, unlike stdout, most of the times the standard input is
going to be connected directly to the terminal (I don't see actual cases
where somebody would want to redirect the standard input of aptitude to a
file/pipe, but maybe I'm wrong).

A simple proof of concept:

#include 
#include 
#include 

void check_term_size( int fd )
{
struct winsize ws;

if ( isatty(fd) )
{
printf( "tty at FD %d\n", fd );
if ( ioctl(fd, TIOCGWINSZ, ) != -1 )
{
printf( "ROWS=%d\n", ws.ws_row );
printf( "COLUMNS=%d\n", ws.ws_col );
}
}
}

int main( int argc, char* argv[] )
{
check_term_size( 1 ); /* stdout */
check_term_size( 0 ); /* stdin  */

return 0;
}


The downside is that the problem persists with redirections: they are
again dependent on the size of the terminal --meaning "aptitude search
 > kk" would be different depending on the current width of the
terminal where the command is executed. But that is the case the -w
option was created for, right?

-- 
   Saludos de Javier 




signature.asc
Description: PGP signature

Bug#835253: RFS: steghide/0.5.1-11 [QA]

[Gianfranco Costamagna]

Hi,




>This is actually because of lack of dependency on doxygen.
>When you do not have doxygen installed, the manpages are simply not
>created with
>no errors whatsoever.
>Although when you have it there is some difference, it drops to 6 lines,
>instead

>of 300.

-> Considering build-dep doxygen
-> Trying doxygen
-> Installing  debhelper libmcrypt-dev libmhash-dev zlib1g-dev libtool 
libtool-bin libjpeg-dev dh-autoreconf doxygen


I'm installing it

dpkg -c steghide_0.5.1-11_amd64.deb  |grep man |wc -l
308



no, you can't pollute the usr/share/man/man3 namespace with all the functions 
of your library.
-rw-r--r-- root/root   275 2016-08-22 23:03 
./usr/share/man/man3/WavFormatChunk.h.3.gz
-rw-r--r-- root/root   869 2016-08-22 23:03 
./usr/share/man/man3/WavPCMSampleValue.3.gz
-rw-r--r-- root/root   291 2016-08-22 23:03 
./usr/share/man/man3/WavPCMSampleValue.h.3.gz
-rw-r--r-- root/root   808 2016-08-22 23:03 
./usr/share/man/man3/WavPCMSampleValueTest.3.gz
-rw-r--r-- root/root   271 2016-08-22 23:03 
./usr/share/man/man3/WavPCMSampleValueTest.h.3.gz
-rw-r--r-- root/root   385 2016-08-22 23:03 
./usr/share/man/man3/WavPCMSmaller.3.gz
-rw-r--r-- root/root   849 2016-08-22 23:03 
./usr/share/man/man3/common.h.3.gz
-rw-r--r-- root/root   383 2016-08-22 23:03 
./usr/share/man/man3/error.h.3.gz
-rw-r--r-- root/root   517 2016-08-22 23:03 
./usr/share/man/man3/gettext.h.3.gz
-rw-r--r-- root/root   304 2016-08-22 23:03 ./usr/share/man/man3/msg.h.3.gz
-rw-r--r-- root/root   374 2016-08-22 23:03 
./usr/share/man/man3/utcommon.h.3.gz
-rw-r--r-- root/root   206 2016-08-22 23:03 
./usr/share/man/man3/wrapper_hash_map.h.3.gz
-rw-r--r-- root/root   205 2016-08-22 23:03 
./usr/share/man/man3/wrapper_hash_set.h.3.gz


this is something that should be installed as a doxygen documentation, 
somewhere else.

>Ok, this might be something I messed up when removing usage of mkinstalldirs
>script.


wonderful
>Yes, there is a grammar correction for po/de.po indeed.
>Now for the spec file I kind of ignored it intentionally.
>I will review them all.


probably the spec file is autogenerated, not sure

>Right, I was not sure about this.
>At first the dh_clean broke badly so I cleaned it up manually then did this.
>I will fix it.


usually it breaks when you kill the configure script, you have to manually
do: fakeroot debian/rules clean, and maybe delete files created when configure
fails, e.g. config.log

I hope this helps,

G.

Bug#827154: transmission-remote-gtk

[Benjamin Barenblat]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, Sep 9, 2016 at 7:43 AM, Scott Leggett  wrote:
> Please update the package to the newest version :)
>
> Upstream is now at 1.3.1 - it would be great to get this into Stretch!

It’s on my to-do list.  I’ve been hoping upstream would resolve
https://github.com/transmission-remote-gtk/transmission-remote-gtk/issues/21,
but I’m probably just going to have to work around it.

-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJX1shmXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5OThCQjVEMTlDOEE3QjE3OUUwREFCODY5
RTczMDE0OUVCOTFDNTNCAAoJEJ5zAUnrkcU7vRAH/2xJhTWI7sHlxnrT9ZM+naU3
GfIv/xa8gB4ZSMCnh4hYJ6zbz7H40sGIknf2pMNXM0mMnsTjeq0AEoIhH7WbATXO
FceIkaeVimZISJrr7LUyNSTW5HEYY6W+weLQpOq8HIFvRi6zlMWAMwHWQogdX1he
eL9VsNrlua8Y8pivAW8WG2IT+0JCBNJ33iNJDcJu8sTtVvLi3YEl5UZjMwaxtG0Y
cad0v8fAKclDxLVUK+mJLNXMsUfK5BVY4ooeZ4m3jAir/ruTyL1EtpHxye+81Lcq
LFF99F5E8ipufmUWRsNA8REIi6dZYR7Gck3coeHn5bOetNihulu0luLtsMxltXU=
=Z1he
-END PGP SIGNATURE-

Bug#828540: sendmail: FTBFS with openssl 1.1.0

[Andreas Beckmann]

On 2016-09-12 09:02, Sebastian Andrzej Siewior wrote:
> could you please try if the patch attached works? It compiles :)

Many thanks, so let's just try it :-)

It FTBFS on the non-linux architectures:
https://buildd.debian.org/status/package.php?p=sendmail=unstable

It's this part of your patch:

@@ -1002,9 +1047,23 @@ inittls(ctx, req, options, srv, certfile, keyfile, 
cacertpath, cacertfile, dhpar

if (bitset(TLS_I_RSA_TMP, req)
 #  if SM_CONF_SHM
-   && ShmId != SM_SHM_NO_ID &&
-   (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
-   NULL)) == NULL
+   && ShmId != SM_SHM_NO_ID) {
+   BIGNUM *bn;
+
+   bn = BN_new();
+   rsa_tmp = RSA_new();
+   if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
+   RSA_free(rsa_tmp);
+   rsa_tmp = NULL;
+   }
+   if (rsa_tmp) {
+   if (!RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, 
NULL)) {
+   RSA_free(rsa_tmp);
+   rsa_tmp = NULL;
+   }
+   }
+   BN_free(bn);
+   if (!rsa_tmp
 #  else /* SM_CONF_SHM */
&& 0/* no shared memory: no need to generate key now */
 #  endif /* SM_CONF_SHM */
@@ -1020,6 +1079,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, 
cacertpath, cacertfile, dhpar
}
return false;
}
+   }
 # endif /* !TLS_NO_RSA */

/*

The braces don't match the #if scope (opened within SM_CONF_SHM, closed 
outside).
kfreebsd doesn't seem to have shmem.


Andreas

Bug#773896: monkeyscan: identity menu has no indicator for expired keys

[Antoine Beaupré]

Control: tags -1 +pending

This should now be fixed along the parent bug, #766129.

Please test the latest git version on the 2.x branch or try the
following patch:

https://0xacab.org/monkeysphere/monkeysign/compare/8c8ec0106aa77ceb3ecbd5fe99750e22751c63cc%5E...42d6014bc3a0d11b5e1dd55bc7f3a243f5955bca

Also see this issue for further discussion:

https://0xacab.org/monkeysphere/monkeysign/issues/37

Thanks!

A.
-- 
The survival of humans and other species on planet Earth in my view can
only be guaranteed via a timely transition towards a stationary
state, a world economy without growth.
 - Peter Custers

Bug#837560: [Pkg-dkms-maint] Bug#837560: dkms: new upstream version 2.3 available

[Anthony Wong]

On 12 September 2016 at 22:40, Aron Xu  wrote:
> 2.2.1.0+git20160527-1 is actually the same as upstream 2.3, only the
> last commit difference.

I know, and that's what I have written in my bug report, but the
version number is misleading.

Thanks,
Anthony

Bug#766129: monkeysign tells me that it's going to sign with a key I revoked in 2009

[Antoine Beaupré]

Control: tags -1 +pending

This should be fixed in the 2.x branch of monkeysign. The patches from
tobias work for monkeyscan, but not for monkeysign. the final patch
should look something like this, but it's unlikely to apply directly to
2.0.2, so you are better off trying the 2.x branch or waiting for the
upcoming 2.1 release:

https://0xacab.org/monkeysphere/monkeysign/compare/8c8ec0106aa77ceb3ecbd5fe99750e22751c63cc%5E...42d6014bc3a0d11b5e1dd55bc7f3a243f5955bca

Cheers,

A.
-- 
While the creative works from the 16th century can still be accessed
and used by others, the data in some software programs from the 1990s
is already inaccessible.
 - Lawrence Lessig

Bug#828589: uw-imap: FTBFS with openssl 1.1.0

[Kurt Roeckx]

On Mon, Sep 12, 2016 at 01:50:36PM +0200, Sebastian Andrzej Siewior wrote:
> On 2016-09-10 16:36:35 [+0200], Kurt Roeckx wrote:
> > Looking at the certificate subject looks just wrong.  It should
> > at least check the Subject Altnerative Name, if present, and it
> > should be present.  And it really shouldn't convert it to a string
> > and hope there are no other field that happen to have "CN=" in it.
> > You might want to look at:
> > 
> > https://wiki.openssl.org/index.php/Hostname_validation
> 
> But this problem existed before 1.1.0 support (this patch).
> What do you recommend here? The builtin usage
> (X509_VERIFY_PARAM_set_hostflags()) looks simple. The alternative
> X509_check_host() is 1.0.2+ and since it can not be applied to stable I
> don't see the point. I would add this for 1.1.0 and keep the current
> validation for < 1.1.0.

We don't want to upload this to Debian stable in any case.  But if
it's only doing the right thing with 1.1.0 that works for me.


Kurt

Bug#811432: Krita no longer part of Calligra

[juichenieder-debbie]

Thanks Pino,

A few comments/questions...

root/debian/changelog
This contains only the line for this package, this seems a bit odd to ditch the
changelog from before.  While Krita technically goes in to debian as a new 
package,
it just replaces the older krita package, and I do not presume that upstream 
have
started from scratch with krita 3.x.  Of course the old-package's changelogs 
allias
the entire calligra source package, so a copy-paste not doable, but I would 
expect
more than just "Initial Release" as this breaks the flow from the previous 
version.
Just something to document that krita has now split from Calligra and thus has 
been
repackaged from scratch, so people don't feel so surprised to see an empty 
changelog.

In NEW, I see that you haven't listed krita as closing this bug.  Would that 
help
speed up the NEW process as this represents only a package split, rather than an
actually NEW package?

Should the new calligra package reference krita as a suggested package?  Or 
treat it as
completely separate.

I notice a lot of commented out lines, personally I hate  them in VCS as they
undermine the reason for using a VCS.  If you want to go back and look at old 
lines,
use git for that, not comments.


I still don't understand what has changed between this version and the previous 
to
fix the depend requirements, I still see ${misc:Depends} and${shlibs:Depends}, 
so
won't this hit the same problem as before, or do I miss something with the 
reason
calligra got removed before... did the new package depends break BC with regards
calligra or something like that?

Best,
Jack

Bug#837586: ITP: ruby-sprockets-es6 -- Sprockets ES6 transformer

[Pirate Praveen]

package: wnpp
severity: wishlist
owner: Pirate Praveen 

from https://rubygems.org/gems/sprockets-es6

Dependency for gitlab 8.11.3









signature.asc
Description: OpenPGP digital signature

Bug#837584: mutt: crash while navigating through inbox

[Sebastian Ramacher]

Package: mutt
Version: 1.7.0-3
Severity: normal

Since the last update, I repeatedly get SIGSEGVs while going through some unseen
mails in my inbox:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x55596b73f69a in update_index (menu=0x0, ctx=0x55596d883090, check=1, 
oldcount=26756, index_hint=0) at ../../curs_main.c:371
371 ../../curs_main.c: No such file or directory.
(gdb) bt
#0  0x55596b73f69a in update_index (menu=0x0, ctx=0x55596d883090, check=1, 
oldcount=26756, index_hint=0) at ../../curs_main.c:371
#1  0x55596b772e7d in mutt_pager (banner=banner@entry=0x0, 
fname=fname@entry=0x7ffc75f98e70 
"/tmp/mutt-jupiter-1000-22076-6547043317620087410", flags=, 
flags@entry=66, extra=extra@entry=0x7ffc75f98e40) at ../../pager.c:2031
#2  0x55596b734045 in mutt_display_message (cur=0x55596f740ed0) at 
../../commands.c:225
#3  0x55596b74464b in mutt_index_menu () at ../../curs_main.c:1902
#4  0x55596b7247aa in main (argc=1, argv=) at 
../../main.c:877

Let me know if you need any more information. I still have the core dumps.

Cheers

-- Package-specific info:
NeoMutt 20160910 (1.7.0)
Copyright (C) 1996-2016 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 4.7.0-1-amd64 (x86_64)
libidn: 1.33 (compiled with 1.33)
hcache backend: tokyocabinet 1.4.48

Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 6.2.0-3' 
--with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs 
--enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr 
--program-suffix=-6 --enable-shared --enable-linker-build-id 
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix 
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu 
--enable-libstdcxx-debug --enable-libstdcxx-time=yes 
--with-default-libstdcxx-abi=new --enable-gnu-unique-object 
--disable-vtable-verify --enable-libmpx --enable-plugin --with-system-zlib 
--disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo 
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre --enable-java-home 
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64 
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64 
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar 
--enable-objc-gc --enable-multiarch --with-arch-32=i686 --with-abi=m64 
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic 
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu 
--target=x86_64-linux-gnu
Thread model: posix
gcc version 6.2.0 20160901 (Debian 6.2.0-3) 

Configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' 
'--includedir=\${prefix}/include' '--mandir=\${prefix}/share/man' 
'--infodir=\${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' 
'--disable-silent-rules' '--libdir=\${prefix}/lib/x86_64-linux-gnu' 
'--libexecdir=\${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' 
'--disable-dependency-tracking' '--with-mailpath=/var/mail' 
'--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache' 
'--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop' 
'--enable-sidebar' '--enable-nntp' '--enable-notmuch' '--disable-fmemopen' 
'--with-curses' '--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster' 
'--with-sasl' '--without-gdbm' '--without-bdb' '--without-qdbm' 
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 
-fdebug-prefix-map=/build/mutt-4QGZu8/mutt-1.7.0=. -fPIE 
-fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-fPIE -pie 
-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'

Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2 
-fdebug-prefix-map=/build/mutt-4QGZu8/mutt-1.7.0=. -fPIE 
-fstack-protector-strong -Wformat -Werror=format-security

Compile options:
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME 
+DEBUG +DL_STANDALONE +ENABLE_NLS -EXACT_ADDRESS -HOMESPOOL -LOCALES_HACK 
-SUN_ATTACHMENT +HAVE_BKGDSET +HAVE_COLOR +HAVE_CURS_SET +HAVE_GETADDRINFO 
+HAVE_GETSID +HAVE_ICONV +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR 
+HAVE_LIBIDN +HAVE_META +HAVE_REGCOMP +HAVE_RESIZETERM +HAVE_START_COLOR 
+HAVE_TYPEAHEAD +HAVE_WC_FUNCS +ICONV_NONTRANS +USE_COMPRESSED +USE_DOTLOCK 
+USE_FCNTL -USE_FLOCK -USE_FMEMOPEN -USE_GNU_REGEX +USE_GSS +USE_HCACHE 
+USE_IMAP +USE_NOTMUCH +USE_NNTP +USE_POP +USE_SASL +USE_SETGID +USE_SIDEBAR 
+USE_SMTP +USE_SSL_GNUTLS -USE_SSL_OPENSSL 
-DOMAIN
MIXMASTER="mixmaster"
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"

patch-attach-headers-color-neomutt
patch-compress-neomutt
patch-cond-date-neomutt

Bug#837585: Please build transitional dh-systemd package from src:debhelper

[Michael Biebl]

Source: debhelper
Version: 10
Severity: normal
Tags: patch

Hi,

today we discussed the feasibility of a debhelper 10 backport for
jessie on #debian-devel.

The biggest issue here afaics is, that the dh_systemd* helpers were
moved from dh-systemd (built from src:init-system-helpers) into the
debhelper package itself. For that the debhelper package gained a
Breaks/Replaces: dh-systemd (<< 1.38).
dh-systemd was turned into a transitional package pulling in a new
enough debhelper version.

Backporting debhelper would thus mean also backporting a newer
src:init-system-helpers package. That in turn requires backports of
src:openrc, src:sysvinit and src:util-linux.
This is getting complicated quickly.

Afaics, the simplest solution would be, if the dh-systemd transitional
package was built from src:debhelper and not src:init-system-helpers.

We also discussed if the Provides in debhelper wasn't sufficient for
that. But concerns were raised that the build infrastructure (for
jessie) is not yet ready for versioned Provides.

The version number of debhelper is already higher, so it would just work
afaics. The debhelper package could then drop the Provides: dh-systemd
and we could drop the dh-systemd transitional package from
src:init-system-helpers in a subsequent upload.

I've pushed the necessary changes for debhelper to a branch at [1]

Feedback welcome.

Regards,
Michael

[1] 
https://anonscm.debian.org/git/debhelper/debhelper.git/log/?h=biebl/dh-systemd-compat


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- no debconf information

Bug#756655: libembperl-perl: FTBFS on s390x: Embperl.so: undefined symbol: ap_rflush

[gregor herrmann]

On Fri, 15 Jan 2016 20:15:56 +0100, Axel Beckert wrote:

> Can't load '/home/abe/libembperl-perl/blib/arch/auto/Embperl/Embperl.so' for 
> module Embperl: /home/abe/libembperl-perl/blib/arch/auto/Embperl/Embperl.so: 
> undefined symbol: ap_hook_open_logs at 
> /usr/lib/s390x-linux-gnu/perl/5.22/DynaLoader.pm line 187.
>  at test.pl line 1916.
> Compilation failed in require at test.pl line 1916.
> BEGIN failed--compilation aborted at test.pl line 1916.
> 
> Same for ap_hook_post_config and ap_rwrite. That's where I stopped
> commenting out code.
[..]
> For now, I'm out of ideas.

This (#756655) looks a bit like the new #837562 (FTBFS with PIE),
especially since, if I'm reading the patch in #835148 correctly, PIE
was already enabled on s390x.


Cheers,
gregor

-- 
 .''`.  Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Beatles


signature.asc
Description: Digital Signature

Bug#832597: mirror submission for mirror.aminidc.com

[Donald Norwood]

control: tag -1 +moreinfo




signature.asc
Description: OpenPGP digital signature

Bug#837581: xfsdump: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: xfsdump
Version: 3.1.6+nmu1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
checking for xfs/handle.h... yes
checking for open_by_fshandle in -lhandle... no

FATAL ERROR: could not find a current XFS handle library.
Install or upgrade the XFS library package.
Alternatively, run "make install-dev" from the xfsprogs source.
Makefile:78: recipe for target 'include/builddefs' failed
make[1]: *** [include/builddefs] Error 1
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/xfsdump_3.1.6+nmu1_amd64.build.gz

Thanks,
Balint

Bug#837577: t38modem: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: t38modem
Version: 2.0.0-4
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
g++ -c -g -O2 -fdebug-prefix-map=/<>=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 `pkg-config --cflags opal` -DUSE_OPAL -fpermissive
-DUSE_UNIX98_PTY -o opal/fake_codecs.o opal/fake_codecs.cxx
g++ -Wdate-time -D_FORTIFY_SOURCE=2 `pkg-config --cflags opal`
-DUSE_OPAL -fpermissive -DUSE_UNIX98_PTY -o t38modem pmutils.o dle.o
pmodem.o pmodemi.o drivers.o t30tone.o tone_gen.o hdlc.o t30.o fcs.o
pmodeme.o enginebase.o t38engine.o audio.o drv_pty.o main_process.o
opal/opalutils.o opal/modemep.o opal/modemstrm.o opal/h323ep.o
opal/sipep.o opal/manager.o opal/fake_codecs.o -Wl,-z,relro -Wl,-z,now
`pkg-config --libs opal`
/usr/bin/ld: pmodeme.o: relocation R_X86_64_PC32 against symbol
`_ZNK17PStringDictionaryI7PStringE5GetAtERKS0_' can not be used when
making a shared object; recompile with -fPIC
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/t38modem_2.0.0-4_amd64.build.gz

Thanks,
Balint

Bug#837578: terminix: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: terminix
Version: 1.2.0-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
make[3]: Entering directory '/<>'
ldmd2 -O -I/usr/include/d/gtkd-3/ -L-lvted-3
-L-L/usr/lib/x86_64-linux-gnu/ -L-lgtkd-3 -L-ldl -c sourc
e/app.d source/gx/terminix/common.d source/gx/terminix/profilewindow.d
source/gx/terminix/colorschemes
.d source/gx/terminix/cmdparams.d source/gx/terminix/prefwindow.d
source/gx/terminix/sidebar.d source/
gx/terminix/appwindow.d source/gx/terminix/application.d
source/gx/terminix/session.d source/gx/termin
ix/shortcuts.d source/gx/terminix/encoding.d
source/gx/terminix/constants.d source/gx/terminix/preferences.d
source/gx/terminix/terminal/layout.d
source/gx/terminix/terminal/search.d
source/gx/terminix/terminal/terminal.d
source/gx/terminix/terminal/vtenotification.d
source/gx/terminix/terminal/actions.d source/gx/i18n/l10n.d
source/gx/util/array.d source/gx/gtk/resource.d
source/gx/gtk/clipboard.d source/gx/gtk/threads.d source/gx/gtk/cairo.d
source/gx/gtk/util.d source/gx/gtk/dialog.d source/gx/gtk/vte.d
source/gx/gtk/actions.d -ofterminix.o
ldmd2 -L-lvted-3 -L-L/usr/lib/x86_64-linux-gnu/ -L-lgtkd-3 -L-ldl
terminix.o -ofterminix
/usr/bin/ld: terminix.o: relocation R_X86_64_32S against symbol
`_D3app4mainFAAyaZ12__dgliteral2MFNaNbNfZAya' can not be used when
making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/terminix_1.2.0-1_amd64.build.gz

Thanks,
Balint

Bug#837575: jessie-pu: package suckless-tools/40-1+deb8u1

[Ilias Tsitsimpis]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Team,

I would like to update suckless-tools in jessie in order to fix a bug in
the slock command (CVE-2016-6866).

I have contacted the Security Team about this, and they decided this
is not severe enough to warrant a DSA.

Attached is a full debdiff.

Thanks,
Ilias

[CVE-2016-6866] https://security-tracker.debian.org/tracker/CVE-2016-6866

-- 
Ilias
diff -Nru suckless-tools-40/debian/changelog suckless-tools-40/debian/changelog
--- suckless-tools-40/debian/changelog	2016-02-26 13:07:26.0 +0200
+++ suckless-tools-40/debian/changelog	2016-09-12 17:25:07.0 +0300
@@ -1,3 +1,15 @@
+suckless-tools (40-1+deb8u2) stable-proposed-updates; urgency=medium
+
+  * CVE-2016-6866: Fix SEGV in slock when users account has been disabled.
+The screen locking application slock called crypt(3) and used the return
+value for strcmp(3) without checking to see if the return value of crypt(3)
+was a NULL pointer.
+If the hash returned by (getspnam()->sp_pwdp) was invalid, crypt(3) would
+return NULL and set errno to EINVAL. This would cause slock to segfault
+which then leaves the machine unprotected.
+
+ -- Ilias Tsitsimpis   Mon, 12 Sep 2016 16:17:14 +0300
+
 suckless-tools (40-1+deb8u1) stable-proposed-updates; urgency=medium
 
   * Set myself as the maintainer.
diff -Nru suckless-tools-40/debian/patches/0002_fix-cve-2016-6866.patch suckless-tools-40/debian/patches/0002_fix-cve-2016-6866.patch
--- suckless-tools-40/debian/patches/0002_fix-cve-2016-6866.patch	1970-01-01 02:00:00.0 +0200
+++ suckless-tools-40/debian/patches/0002_fix-cve-2016-6866.patch	2016-09-12 16:09:57.0 +0300
@@ -0,0 +1,48 @@
+Description: Fix CVE-2016-6866
+ Fix SEGV in slock when users account has been disabled.
+ .
+ The screen locking application slock called crypt(3) and used the return
+ value for strcmp(3) without checking to see if the return value of crypt(3)
+ was a NULL pointer.
+ .
+ If the hash returned by (getspnam()->sp_pwdp) was invalid, crypt(3) would
+ return NULL and set errno to EINVAL. This would cause slock to segfault
+ which then leaves the machine unprotected.
+Author: Markus Teich 
+Origin: upstream, http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8
+
+Index: b/slock/slock.c
+===
+--- a/slock/slock.c
 b/slock/slock.c
+@@ -85,7 +85,7 @@ readpw(Display *dpy)
+ readpw(Display *dpy, const char *pws)
+ #endif
+ {
+-	char buf[32], passwd[256];
++	char buf[32], passwd[256], *encrypted;
+ 	int num, screen;
+ 	unsigned int len, llen;
+ 	KeySym ksym;
+@@ -118,7 +118,11 @@ readpw(Display *dpy, const char *pws)
+ #ifdef HAVE_BSD_AUTH
+ running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
+ #else
+-running = strcmp(crypt(passwd, pws), pws);
++errno = 0;
++if (!(encrypted = crypt(passwd, pws)))
++	fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
++else
++	running = !!strcmp(encrypted, pws);
+ #endif
+ if(running != False)
+ 	XBell(dpy, 100);
+@@ -262,6 +266,8 @@ main(int argc, char **argv) {
+ 
+ #ifndef HAVE_BSD_AUTH
+ 	pws = getpw();
++	if (strlen(pws) < 2)
++		die("slock: failed to get user password hash.\n");
+ #endif
+ 
+ 	if(!(dpy = XOpenDisplay(0)))
diff -Nru suckless-tools-40/debian/patches/series suckless-tools-40/debian/patches/series
--- suckless-tools-40/debian/patches/series	2016-02-26 13:08:45.0 +0200
+++ suckless-tools-40/debian/patches/series	2016-09-12 16:01:21.0 +0300
@@ -4,3 +4,4 @@
 2003_transparent-makefiles.patch
 2004_use_system_searchpaths.patch
 0001_resize_lockscreen.patch
+0002_fix-cve-2016-6866.patch

Bug#837580: xenomai: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: xenomai
Version: 2.6.4+dfsg-0.2
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
make[4]: Entering directory
'/<>/xenomai-2.6.4+dfsg/src/testsuite/clocktest'
gcc -DHAVE_CONFIG_H -I. -I../../../src/include  -I../../../include/posix
-O2 -D_GNU_SOURCE -D_REENTRANT -Wall
-Werror-implicit-function-declaration -pipe -D__XENO__ -D__IN_XENO__
-Wstrict-prototypes -fstrict-aliasing -Wno-strict-aliasing
-I../../../include -Wdate-time -D_FORTIFY_SOURCE=2  -g -O2
-fdebug-prefix-map=/<>/xenomai-2.6.4+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -fno-omit-frame-pointer -c -o clocktest-clocktest.o
`test -f 'clocktest.c' || echo './'`clocktest.c
/bin/bash ../../../libtool  --tag=CC   --mode=link
../../../scripts/wrap-link.sh gcc  -g -O2
-fdebug-prefix-map=/<>/xenomai-2.6.4+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -fno-omit-frame-pointer
-Wl,@/<>/xenomai-2.6.4+dfsg/src/skins/posix/posix.wrappers
-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -o clocktest
clocktest-clocktest.o ../../skins/posix/libpthread_rt.la
../../skins/common/libxenomai.la -lpthread -lrt libtool: link:
../../../scripts/wrap-link.sh gcc -g -O2
-fdebug-prefix-map=/<>/xenomai-2.6.4+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -fno-omit-frame-pointer
-Wl,@/<>/xenomai-2.6.4+dfsg/src/skins/posix/posix.wrappers
-Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,--as-needed -o .libs/clocktest
clocktest-clocktest.o  ../../skins/posix/.libs/libpthread_rt.so
../../skins/common/.libs/libxenomai.so -lpthread -lrt
/usr/bin/ld: -r and -pie may not be used together
collect2: error: ld returned 1 exit status
Makefile:435: recipe for target 'clocktest' failed
make[4]: *** [clocktest] Error 1
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/xenomai_2.6.4+dfsg-0.2_amd64.build.gz

Thanks,
Balint

Bug#837583: unicon-imc2: Please build libimmclient.a with -fPIC

[Balint Reczey]

Source: unicon-imc2
Version: 3.0.4-14+b1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: makes zhcon FTBFS with extra hardening
Affects: zhcon

Dear Maintainers,

During a rebuild of all packages in sid, zhcon
failed to build on amd64 with patched GCC and dpkg. The root
cause seems to be that libimmclient.a is shipped as a non-PIC library.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64 (and selected architectures).

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part of zhcon's build log:
...
g++  -g -O2 -fdebug-prefix-map=/<>=.
-fstack-protector-strong -Wformat -Werror=format-security
-funsigned-char -O2 -DNDEBUG -Wall  -Wl,-z,relro -Wl,-z,now -o zhcon
basefont.o big52gbdecoder.o big5decoder.o configfile.o console.o
gb2big5decoder.o gbdecoder.o gbkdecoder.o graphdev.o hzdecoder.o
jisdecoder.o kscdecoder.o main.o window.o winime.o zhcon.o
overspotclient.o nativeinputserver.o inputclient.o inputmanager.o
inputserver.o candilist.o uniconinputserver.o nativebarclient.o mouse.o
encfilter.o iconv_string.o cmdline.o display/libdisplay.a -lgpm
-L/usr/lib/unicon -limm_server -limmclient -lpth -ldl -lcurses -lutil
/usr/bin/ld:
/usr/lib/gcc/x86_64-linux-gnu/6/../../../../lib/libimmclient.a(TLC_LibImmClient.o):
relocation R_X86_64_PC32 against symbol `TCP_Connect' can not be used
when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/zhcon_0.2.6-11_amd64.build.gz

Thanks,
Balint

Bug#837579: user-mode-linux: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: user-mode-linux
Version: 4.6-1um-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
  LD  init/built-in.o
/usr/bin/ld: arch/um/drivers/built-in.o: relocation R_X86_64_32 against
`.rodata.str1.1' can not be used when making a shared object; recompile
with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/user-mode-linux_4.6-1um-1_amd64.build.gz

Thanks,
Balint

Bug#837582: yabause: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: yabause
Version: 0.9.14-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
[ 38%] Linking C executable yabause-gtk
cd /<>/obj-x86_64-linux-gnu/src/gtk && /usr/bin/cmake -E
cmake_link_script CMakeFiles/yabause-gtk.dir/link.txt --verbose=1
/usr/bin/cc  -g -O2 -fdebug-prefix-map=/<>=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -Wdate-time -D_FORTIFY_SOURCE=2
-Wdeclaration-after-statement -I/usr/include/gdk-pixbuf-2.0
-Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,--as-needed
CMakeFiles/yabause-gtk.dir/gtk-compat.c.o
CMakeFiles/yabause-gtk.dir/gtkglwidget.c.o
CMakeFiles/yabause-gtk.dir/main.c.o CMakeFiles/yabause-gtk.dir/menu.c.o
CMakeFiles/yabause-gtk.dir/pergtk.c.o
CMakeFiles/yabause-gtk.dir/settings.c.o
CMakeFiles/yabause-gtk.dir/yuicheckbutton.c.o
CMakeFiles/yabause-gtk.dir/yuifileentry.c.o
CMakeFiles/yabause-gtk.dir/yuiinputentry.c.o
CMakeFiles/yabause-gtk.dir/yuim68k.c.o
CMakeFiles/yabause-gtk.dir/yuimem.c.o
CMakeFiles/yabause-gtk.dir/yuipage.c.o
CMakeFiles/yabause-gtk.dir/yuirange.c.o
CMakeFiles/yabause-gtk.dir/yuiresolution.c.o
CMakeFiles/yabause-gtk.dir/yuiscreenshot.c.o
CMakeFiles/yabause-gtk.dir/yuiscsp.c.o
CMakeFiles/yabause-gtk.dir/yuiscudsp.c.o
CMakeFiles/yabause-gtk.dir/yuish.c.o
CMakeFiles/yabause-gtk.dir/yuitransfer.c.o
CMakeFiles/yabause-gtk.dir/yuivdp1.c.o
CMakeFiles/yabause-gtk.dir/yuivdp2.c.o
CMakeFiles/yabause-gtk.dir/yuiviewer.c.o
CMakeFiles/yabause-gtk.dir/yuiwindow.c.o  -o yabause-gtk -rdynamic
../libyabause.a -lm -lGLU -lGL -lglut -lXmu -lXi -Wl,-Bstatic -lSDLmain
-Wl,-Bdynamic -lSDL -lpthread -lopenal -lpthread -lmini18n -lXrandr
-lX11 -lglib-2.0 -lgobject-2.0 -latk-1.0 -lgio-2.0 -lgthread-2.0
-lgmodule-2.0 -lgdk_pixbuf-2.0 -lcairo -lpango-1.0 -lpangocairo-1.0
-lpangoft2-1.0 -lpangoxft-1.0 -lgdk-x11-2.0 -lgtk-x11-2.0
-lgtkglext-x11-1.0 -lgdkglext-x11-1.0 -lopenal -lmini18n -lXrandr -lX11
-lglib-2.0 -lgobject-2.0 -latk-1.0 -lgio-2.0 -lgthread-2.0 -lgmodule-2.0
-lgdk_pixbuf-2.0 -lcairo -lpango-1.0 -lpangocairo-1.0 -lpangoft2-1.0
-lpangoxft-1.0 -lgdk-x11-2.0 -lgtk-x11-2.0 -lgtkglext-x11-1.0
-lgdkglext-x11-1.0 /usr/bin/ld: ../libyabause.a(linkage_x64.s.o):
relocation R_X86_64_32S against undefined symbol `master_ip' can not be
used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
src/gtk/CMakeFiles/yabause-gtk.dir/build.make:713: recipe for target
'src/gtk/yabause-gtk' failed
make[3]: *** [src/gtk/yabause-gtk] Error 1
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/yabause_0.9.14-1_amd64.build.gz

Thanks,
Balint

Bug#837576: sbcl: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: sbcl
Version: 1.3.8-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
cc -g -Wall -Wsign-compare -O3 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64 -fno-omit-frame-pointer -I.
-DSBCL_PREFIX=\"'/<>/stage1'\"  -c -o ldso-stubs.o ldso-stubs.S
cc -g -Wl,--export-dynamic -o sbcl alloc.o backtrace.o breakpoint.o
coreparse.o dynbind.o funcall.o gc-common.o globals.o interr.o
interrupt.o largefile.o monitor.o os-common.o parse.o print.o purify.o
pthread-futex.o regnames.o run-program.o runtime.o safepoint.o save.o
search.o thread.o time.o util.o validate.o vars.o wrap.o x86-64-arch.o
linux-os.o x86-64-linux-os.o gencgc.o x86-64-assem.o ldso-stubs.o -ldl
-lpthread -lz -lm
/usr/bin/ld: x86-64-assem.o: relocation R_X86_64_32S against undefined
symbol `all_threads' can not be used when making a shared object;
recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/sbcl_1.3.8-1_amd64.build.gz

Thanks,
Balint

Bug#837573: picolisp: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: picolisp
Version: 16.6-2
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
cc -o ../bin/picolisp x86-64.linux.base.o -Wl,--no-as-needed -rdynamic
-lc -lm -ldl -Wl,-z,relro -Wl,-z,now
/usr/bin/ld: x86-64.linux.base.o: relocation R_X86_64_32S against symbol
`Nil' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
Makefile:177: recipe for target '../bin/picolisp' failed
make[2]: *** [../bin/picolisp] Error 1
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/picolisp_16.6-2_amd64.build.gz

Thanks,
Balint

Bug#837574: qemu: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: qemu
Version: 2.6+dfsg-3
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
cc -I/<>/qemu-2.6+dfsg/tcg
-I/<>/qemu-2.6+dfsg/tcg/i386
-I/<>/qemu-2.6+dfsg/linux-headers
-I/<>/qemu-2.6+dfsg/qemu-build/linux-headers -I.
-I/<>/qemu-2.6+dfsg -I/<>/qemu-2.6+dfsg/include
-I/<>/qemu-2.6+dfsg/block -Iblock -I/usr/include/pixman-1
-DHAS_LIBSSH2_SFTP_FSYNC -fPIE -DPIE -m64 -D_GNU_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes
-fno-strict-aliasing -fno-common  -g -O2
-fdebug-prefix-map=/<>/qemu-2.6+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2
-DCONFIG_QEMU_DATAPATH='"/usr/share/qemu:/usr/share/seabios:/usr/lib/ipxe/qemu"'
-DVENDOR_DEBIAN -Wendif-labels -Wmissing-include-dirs -Wempty-body
-Wnested-externs -Wformat-security -Wformat-y2k -Winit-self
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition
-Wtype-limits -fstack-protector-strong  -I/usr/include/p11-kit-1
-I/usr/include/libpng16 -I/usr/include/spice-server
-I/usr/include/spice-1 -I/usr/include/cacard -I/usr/include/libusb-1.0
-I/<>/qemu-2.6+dfsg/tests -MMD -MP -MT block/iscsi.o -MF
block/iscsi.d -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread
-I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include
-pthread -I/usr/include/glib-2.0
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include -g  -fPIC -DBUILD_DSO  -c
-o block/iscsi.o /<>/qemu-2.6+dfsg/block/iscsi.c
cc -nostdlib -Wl,-r  -o block/iscsi.mo block/iscsi.o
/usr/bin/ld: -r and -pie may not be used together
collect2: error: ld returned 1 exit status
/<>/qemu-2.6+dfsg/rules.mak:99: recipe for target
'block/iscsi.mo' failed
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/qemu_2.6+dfsg-3_amd64.build.gz

Thanks,
Balint

Bug#837572: open-coarrays: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: open-coarrays
Version: 1.6.2-2
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
[ 33%] Linking Fortran executable coarray_navier_stokes
cd
/<>/obj-x86_64-linux-gnu/src/tests/integration/pde_solvers/navier-stokes
&& /usr/bin/c
make -E cmake_link_script CMakeFiles/coarray_navier_stokes.dir/link.txt
--verbose=1
/usr/bin/mpifort-Wl,-z,relro -Wl,-z,now -g -O2
-fdebug-prefix-map=/<>=. -fstack-prote
ctor-strong
CMakeFiles/coarray_navier_stokes.dir/coarray-shear_coll.F90.o  -o
coarray_navier_stokes
../../../../../../src/tests/integration/pde_solvers/navier-stokes/libfft_sse.a
../../../../mpi/libcaf_
mpi.so.0d -Wl,-rpath,/<>/obj-x86_64-linux-gnu/src/mpi
/usr/bin/ld:
../../../../../../src/tests/integration/pde_solvers/navier-stokes/libfft_sse.a(trig.o):
r
elocation R_X86_64_32 against `.rodata' can not be used when making a
shared object; recompile with -fPIC

...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/open-coarrays_1.6.2-2_amd64.build.gz

Thanks,
Balint

Bug#837571: libbmusb-dev: Please build libbmusb.a with -fPIC

[Balint Reczey]

Source: libbmusb-dev
Version: 0.5.1-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: makes nageru FTBFS with extra hardening
Affects: nageru

Dear Maintainers,

During a rebuild of all packages in sid, nageru
failed to build on amd64 with patched GCC and dpkg. The root
cause seems to be that libbmusb.a is shipped as a non-PIC library.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64 (and selected architectures).

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part of nageru's build log:
...
g++ -o nageru glwidget.o main.o mainwindow.o vumeter.o lrameter.o
vu_common.o correlation_meter.o abou
tdialog.o glwidget.moc.o mainwindow.moc.o vumeter.moc.o lrameter.moc.o
correlation_meter.moc.o aboutdi
alog.moc.o mixer.o pbo_frame_allocator.o context.o ref_counted_frame.o
theme.o resampling_queue.o httpd.o ebu_r128_proc.o flags.o image_input.o
stereocompressor.o filter.o alsa_output.o correlation_measurer.o
quicksync_encoder.o x264_encoder.o x264_speed_control.o video_encoder.o
metacube2.o mux.o audio_encoder.o ffmpeg_raii.o decklink_capture.o
decklink/DeckLinkAPIDispatch.o -Wl,-z,relro -Wl,-z,now
-lQt5OpenGLExtensions -lQt5OpenGL -lQt5Widgets -lQt5Gui -lQt5Core
-lusb-1.0 -lmovit -llua5.2 -lmicrohttpd -lepoxy -lx264 -lbmusb -pthread
-lva -lva-drm -lva-x11 -lX11 -lavformat -lavcodec -lavutil -lswscale
-lavresample -lzita-resampler -lasound -ldl
/usr/bin/ld:
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libbmusb.a(bmusb.o):
relocation R_X86_64_32 against `.rodata.str1.8' can not be used when
making a shared object; recompile with -fPIC
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/nageru_1.3.4-2_amd64.build.gz

Thanks,
Balint

Bug#837569: mpqc3: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: mpqc3
Version: 0.0~git20160216-3
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
-- Found OpenBabel2:
--  OPENBABEL2_LIBRARIES: /usr/lib/libopenbabel.so
--  OPENBABEL2_INCLUDE_DIR: /usr/include/openbabel-2.0
-- Performing Test PSI3_COMPILES
-- Performing Test PSI3_COMPILES - Failed
CMake Error at external/Psi3:56 (message):
  Could not compile Psi3 test program
Call Stack (most recent call first):
  external/External:16 (include)
  CMakeLists.txt:301 (include)
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/mpqc3_0.0~git20160216-3_amd64.build.gz

Thanks,
Balint

Bug#837568: libctl-dev: Please build libctlgeom.a with -fPIC

[Balint Reczey]

Source: libctl-dev
Version: 3.2.2-2
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: makes mpb FTBFS with extra hardening
Affects: mpb

Dear Maintainers,

During a rebuild of all packages in sid, mpb
failed to build on amd64 with patched GCC and dpkg. The root
cause seems to be that libctlgeom.a is shipped as a non-PIC library.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64 (and selected architectures).

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part of mpb's build log:
...
libtool: link: mpicc -g -O2 -fdebug-prefix-map=/<>=.
-fstack-protector-strong -Wformat -W
error=format-security -Wall -W -Wbad-function-cast -Wcast-qual
-Wpointer-arith -Wcast-align -pedantic
-Wl,-z -Wl,relro -Wl,-z -Wl,now
-Wl,-L/usr/lib/x86_64-linux-gnu/hdf5/openmpi -o normal_vectors normal_
vectors.o  -lctlgeom ../src/.libs/libmpb.a
-L/usr/lib/gcc/x86_64-linux-gnu/6 -L/usr/lib/gcc/x86_64-lin
ux-gnu/6/../../../x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/6/../../../../lib -L/lib/x86_64-lin
ux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib
-L/usr/lib/gcc/x86_64-linux-gnu/6/.
./../.. -L/usr/lib/x86_64-linux-gnu/hdf5/openmpi -lctl -lguile-2.0 -lgc
-lhdf5 -lz -llapack -lblas -lf
ftw3 -lgfortran -lm -lquadmath
/usr/bin/ld:
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libctlgeom.a(geom.o):
relocation R_X86_64_32 against `.rodata.str1.1' can not be used when
making a shared object; recompile with -fPIC
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/mpb_1.5-2_amd64.build.gz

Thanks,
Balint

Bug#659213: package python-glpk

[Joao Pedro Pedroso]

This bug is easy to correct, but I think it doesn't make sense to go
ahead with a fix before correcting #750228.

Coal Pedro

Bug#837567: mlton: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: mlton
Version: 20100608-5.1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening
Affects: urweb

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
"/<>/bin/upgrade-basis"
'/<>/build/bin:/<>/build/bin:/<>/bin:/<>/build/bin:/<>/bin:/<>/build/bin:/<>/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games'
"amd64" "linux" >upgrade-basis.sml
/usr/bin/ld: /usr/lib/mlton/targets/self/libmlton.a(platform.o):
relocation R_X86_64_32 against `.rodata.str1.8' can not be used when
making a shared object; recompile with -fPIC
/usr/bin/ld: /usr/lib/mlton/targets/self/libmlton.a(gc.o): relocation
R_X86_64_32 against `.rodata.str1.8' can not be used when making a
shared object; recompile with -fPIC
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/mlton_20100608-5.1_amd64.build.gz

Not shipping libmilton.a as PIC also makes urweb FTBFS:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/urweb_20160805+dfsg-1_amd64.build.gz

Thanks,
Balint

Bug#837570: msrtool: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: msrtool
Version: 20141027-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
gcc -o msrtool msrtool.o msrutils.o sys.o linux.o darwin.o freebsd.o
geodegx2.o geodelx.o cs5536.o k8.o intel_pentium3_early.o
intel_pentium3.o intel_pentium4_early.o intel_pentium4_later.o
intel_core1.o intel_core2_early.o intel_core2_later.o intel_nehalem.o
intel_atom.o -Wl,-z,relro -Wl,-z,now -lpci
/usr/bin/ld: msrtool.o: relocation R_X86_64_32 against `.rodata.str1.1'
can not be used when making a shared object; recompile with -fPIC
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/msrtool_20141027-1_amd64.build.gz

Thanks,
Balint

Bug#837566: mjpegtools: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: mjpegtools
Version: 2.1.0+debian-4
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
gcc -DHAVE_CONFIG_H -I. -I..  -I.. -I../utils -Wdate-time
-D_FORTIFY_SOURCE=2 -fno-PIC -g -O2
-fdebug-prefix-map=/<>/mjpegtools-2.1.0+debian=.
-fstack-protector-strong -Wformat -Werror=format-security -pthread -Wall
-Wunused -c -o yuvscaler-yuvscaler_resample.o `test -f
'yuvscaler_resample.c' || echo './'`yuvscaler_resample.c
gcc -DHAVE_CONFIG_H -I. -I..  -I.. -I../utils -Wdate-time
-D_FORTIFY_SOURCE=2 -fno-PIC -g -O2
-fdebug-prefix-map=/<>/mjpegtools-2.1.0+debian=.
-fstack-protector-strong -Wformat -Werror=format-security -pthread -Wall
-Wunused -c -o yuvscaler-yuvscaler_bicubic.o `test -f
'yuvscaler_bicubic.c' || echo './'`yuvscaler_bicubic.c
/bin/bash ../libtool  --tag=CC   --mode=link gcc -fno-PIC -g -O2
-fdebug-prefix-map=/<>/mjpegtools-2.1.0+debian=.
-fstack-protector-strong -Wformat -Werror=format-security -pthread -Wall
-Wunused  -Wl,-z,relro -Wl,-z,now -o yuvscaler yuvscaler-yuvscaler.o
yuvscaler-yuvscaler_resample.o yuvscaler-yuvscaler_bicubic.o
../utils/libmjpegutils.la  -lm  -lm libtool: link: gcc -fno-PIC -g -O2
-fdebug-prefix-map=/<>/mjpegtools-2.1.0+debian=.
-fstack-protector-strong -Wformat -Werror=format-security -pthread -Wall
-Wunused -Wl,-z -Wl,relro -Wl,-z -Wl,now -o .libs/yuvscaler
yuvscaler-yuvscaler.o yuvscaler-yuvscaler_resample.o
yuvscaler-yuvscaler_bicubic.o  ../utils/.libs/libmjpegutils.so -lm -pthread
/usr/bin/ld: yuvscaler-yuvscaler.o: relocation R_X86_64_32 against
`.rodata.str1.8' can not be used when making a shared object; recompile
with -fPIC
/usr/bin/ld: yuvscaler-yuvscaler_resample.o: relocation R_X86_64_32
against `.rodata.str1.8' can not be used when making a shared object;
recompile with -fPIC
/usr/bin/ld: yuvscaler-yuvscaler_bicubic.o: relocation R_X86_64_32
against `.rodata.str1.8' can not be used when making a shared object;
recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
Makefile:441: recipe for target 'yuvscaler' failed
make[3]: *** [yuvscaler] Error 1
make[3]: Leaving directory '/<>/mjpegtools-2.1.0+debian/yuvscaler'
Makefile:572: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/mjpegtools_2.1.0+debian-4_amd64.build.gz

Thanks,
Balint

Bug#750228: package python-glpk

[Joao Pedro Pedroso]

Control: tags 750228 +help

This bug requests to update GLPK's dependency to a newer version; but
this is a rather substantial update, as changes in GLPK's interface
imply a deep restructuring in python-glpk.

João Pedro

Bug#837565: liblpsolve55-dev: Please build liblpsolve55.a with -fPIC

[Balint Reczey]

Source: liblpsolve55-dev
Version: 5.5.0.15-4
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: makes mccs FTBFS with extra hardening
Affects: mccs libreoffice

Dear Maintainers,

During a rebuild of all packages in sid, mccs
failed to build on amd64 with patched GCC and dpkg. The root
cause seems to be that liblpsolve55.a is shipped as a non-PIC library.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64 (and selected architectures).

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part of mccs's build log:
...
g++ -Wall -O6 -Wl,-z,relro -Wl,-z,now  -DUSELPSOLVE -o mccs objs/cudf.o
objs/constraint_generation.o objs/lp_solver.o objs/pblib_solver.o
objs/removed_criteria.o objs/changed_criteria.o objs/new_criteria.o
objs/notuptodate_criteria.o objs/nunsat_criteria.o objs/count_criteria.o
objs/unaligned_criteria.o objs/lexicographic_combiner.o
objs/lexagregate_combiner.o objs/agregate_combiner.o
objs/lexsemiagregate_combiner.o objs/leximin_combiner.o
objs/leximax_combiner.o objs/lexleximin_combiner.o
objs/lexleximax_combiner.o objs/cudf_reductions.o objs/lpsolve_solver.o
-lfl -L. -lccudf \
 \
 \
-L/usr/lib -llpsolve55 -ldl -lcolamd \
/usr/bin/ld: /usr/lib/liblpsolve55.a(lp_lib.o): relocation
R_X86_64_32 against `.rodata.str1.1' can not be used when making a
shared object; recompile with -fPIC
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/mccs_1.1-3_amd64.build.gz

Thanks,
Balint

Bug#837561: kvmtool: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: kvmtool
Version: 0.20160419-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
  CC   x86/bios.o
In file included from x86/bios.c:9:0:
x86/bios/bios-rom.h:12:27: error: ISO C99 requires whitespace after the
macro name [-Werror]
 #define BIOS_OFFSETx86.get_pc_thunk.bx 0x02ea
   ^
cc1: all warnings being treated as errors
Makefile:426: recipe for target 'x86/bios.o' failed
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/kvmtool_0.20160419-1_amd64.build.gz

Thanks,
Balint

Bug#837563: libsecret: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: libsecret
Version: 0.18.5-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
PASS: test-vala-lang 6 /vala/clear/sync
PASS: test-vala-lang 7 /vala/clear/async
FAIL: test-vala-unstable 1 /vala/unstable/read-alias
ERROR: test-vala-unstable process failed: 245

Testsuite summary for libsecret 0.18.5

# TOTAL: 199
# PASS:  197
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 1

See ./test-suite.log
Please report to http://bugzilla.gnome.org/enter_bug.cgi?product=libsecret

Makefile:1966: recipe for target 'test-suite.log' failed
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/libsecret_0.18.5-1_amd64.build.gz

Thanks,
Balint

Bug#837564: llvm-toolchain-3.8: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: llvm-toolchain-3.8
Version: 3.8.1-9
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
-- Testing: 15541 tests, 4 threads --
Testing: 0 .. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80..
FAIL: LLVM :: tools/llvm-symbolizer/print_context.c (14205 of 15541)
 TEST 'LLVM ::
tools/llvm-symbolizer/print_context.c' FAILED 
Script:
--
/usr/bin/gcc-6  -O0 -g
/<>/test/tools/llvm-symbolizer/print_context.c -o
/<>/build-llvm/test/tools/llvm-symbolizer/Output/print_context.c.tmp
2>&1
/<>/build-llvm/test/tools/llvm-symbolizer/Output/print_context.c.tmp
2>&1 | /<>/build-llvm/./bin/llvm-symbolizer
-print-source-context-lines=5
-obj=/<>/build-llvm/test/tools/llvm-symbolizer/Output/print_context.c.tmp
| /<>/build-llvm/./bin/FileCheck
/<>/test/tools/llvm-symbolizer/print_context.c
--check-prefix=CHECK
--
Exit Code: 1

Command Output (stderr):
--
/<>/test/tools/llvm-symbolizer/print_context.c:16:11:
error: expected string not found in input
// CHECK: inc
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/llvm-toolchain-3.8_3.8.1-9_amd64.build.gz

Thanks,
Balint

Bug#837562: libembperl-perl: FTBFS with bindnow and PIE enabled

[Balint Reczey]

Source: libembperl-perl
Version: 2.5.0-8
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: FTBFS on amd64 with extra hardening

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64 with patched GCC and dpkg.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part (hopefully):
...
Writing Embperl.bs
chmod 644 "Embperl.bs"
PERL_DL_NONLAZY=0 PERL_USE_UNSAFE_INC=1 "/usr/bin/perl" "-Iblib/lib"
"-Iblib/arch" test.pl
loading...Can't load
'/<>/blib/arch/auto/Embperl/Embperl.so' for module Embperl:
/<>/blib/arch/auto/Embperl/Embperl.so: undefined symbol:
ap_hook_open_logs at /usr/lib/x86_64-linux-gnu/perl/5.22/DynaLoader.pm
line 187.
 at test.pl line 1916.
Compilation failed in require at test.pl line 1916.
BEGIN failed--compilation aborted at test.pl line 1916.

Test terminated with fatal error
Use of uninitialized value $EPHTTPD in string ne at test.pl line 1300.
Makefile:1619: recipe for target 'test_dynamic' failed
make[1]: *** [test_dynamic] Error 1
make[1]: Leaving directory '/<>'
dh_auto_test: make -j1 test TEST_VERBOSE=1 returned exit code 2
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/libembperl-perl_2.5.0-8_amd64.build.gz

Thanks,
Balint

Bug#837560: dkms: new upstream version 2.3 available

[Anthony Wong]

Package: dkms
Version: 2.2.1.0+git20160527-1
Severity: wishlist

Although the current version is very close to what has just been
released at upstream as 2.3 two weeks ago, please still consider to
package that new official version:

https://github.com/dell/dkms/releases/tag/2.3

Thanks.

-- 
Anthony Wong

Bug#837559: puppet-agent: name collision with official puppet-agent

[tkoeck]

Package: puppet-agent
Version: 1.6.2-1jessie
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***
Hi,

there is a name collision problem if the official Puppet Server
installation source is used

https://docs.puppet.com/puppet/latest/reference/install_linux.html#for-apt-based-systems

The package

puppetserver works fine but it then takes as a dependency the puppetagent from 
Debian because of the higher priority.

I know it's not directly a Debian problem but maybe you can rename the
puppet-agent packages.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages puppet-agent depends on:
ii  libreadline6  6.3-8+b4
ii  tar   1.29b-1

puppet-agent recommends no packages.

puppet-agent suggests no packages.

-- Configuration Files:
/etc/puppetlabs/puppet/puppet.conf changed [not included]

-- no debconf information

Bug#710880: xoscope: Fail to work with ALSA and Pulseaudio

[Petter Reinholdtsen]

Hi

I just tested xoscope version 2.1, and was happy to discover that this version
work for me on a machine with pulseaudio active.  I suspect it is using ALSA
via Pulseaudio, as pavucontrol did not show any clients recording.  I have
this in my /etc/asound.conf:

pcm.!default {
type pulse
}
ctl.!default {
type pulse
}

pcm.pulse { type pulse }
ctl.pulse { type pulse }

It would be great if xoscope was upgraded to version 2.1.

If you are interested, I have a git repo with the recent Debian packages 
imported
for use with git-buildpackage with the changes I needed to get version 2.1 
building.
-- 
Happy hacking
Petter Reinholdtsen

Bug#837557: [gcc-5] FTBS when trying to rebuild on stretch

[Christophe Trophime]

Package: gcc-5 
Version: 5.4.1-2 
Severity: normal 

--- Please enter the report below this line. --- 
Trying to backport gcc-5 package on stretch fails: 

make[5]: Leaving directory '/build/gcc-5-5.4.1/build/x86_64-linux-gnu/libjava' 
make[4]: Leaving directory '/build/gcc-5-5.4.1/build/x86_64-linux-gnu/libjava' 
make[3]: Leaving directory '/build/gcc-5-5.4.1/build' 
make[2]: Leaving directory '/build/gcc-5-5.4.1/build' 
for i in debug go pkgconfig '*.so' '*.so.*' '*.a' '*.la' '*.o' '*.py' '*.spec'; 
do \ 
mv debian/tmp/usr/lib/$i \ 
debian/tmp/usr/lib/x86_64-linux-gnu/. || true; \ 
done 
mv: cannot stat 'debian/tmp/usr/lib/pkgconfig': No such file or directory 
mv: cannot stat 'debian/tmp/usr/lib/*.py': No such file or directory 
: # FIXME: the libstdc++ gdb.py file is installed with a wrong name 
for i in $(find debian/tmp/usr -name libstdc++_pic.a-gdb.py); do \ 
[ -f $i ] || continue; \ 
d=$(dirname $i); \ 
b=$(basename $i); \ 
t=$(cd $d; echo libstdc++.so.*.*.*)-gdb.py; \ 
mv $i $d/$t; \ 
done 

It seems that path for pkgconfig and *.py are wrong. 
find debian -name pkgconfig 
debian/tmp/usr/lib/x86_64-linux-gnu/pkgconfig 

find debian -name \*.py 
debian/tmp/usr/lib32/libstdc++.so.6.0.21-gdb.py 
debian/tmp/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21-gdb.py 
debian/tmp/usr/libx32/libstdc++.so.6.0.21-gdb.py 

Note that the same problem also appears when trying to backport gcc-6 6.2 on 
testing 

Best 
C 

--- System information. --- 
Architecture: amd64 
Kernel: Linux 4.6.0-1-amd64 

Debian Release: stretch/sid 
901 testing euler 
900 testing ftp.fr.debian.org 
500 stretch neurodebian.g-node.org 
500 data neurodebian.g-node.org 
1 testing www.deb-multimedia.org 

--- Package information. --- 
Depends (Version) | Installed 
==-+-== 
cpp-5 (= 5.4.1-1) | 5.4.1-1 
gcc-5-base (= 5.4.1-1) | 
libcc1-0 (>= 5.4.1-1) | 
binutils (>= 2.26.1) | 
libgcc-5-dev (= 5.4.1-1) | 
libc6 (>= 2.14) | 
libgcc1 (>= 1:3.0) | 
libgmp10 (>= 2:5.0.1~) | 
libisl15 (>= 0.15) | 
libmpc3 | 
libmpfr4 (>= 3.1.3) | 
libstdc++6 (>= 4.1.1) | 
zlib1g (>= 1:1.1.4) | 


Recommends (Version) | Installed 
==-+- 
libc6-dev (>= 2.13-5) | 2.23-5 


Suggests (Version) | Installed 
===-+-=== 
gcc-5-multilib | 5.4.1-1 
gcc-5-doc (>= 5.4.0-6) | 
gcc-5-locales (>= 5.4.0-6) | 5.4.1-1 
libgcc1-dbg (>= 1:5.4.1-1) | 1:6.1.1-11 
libgomp1-dbg (>= 5.4.1-1) | 6.1.1-11 
libitm1-dbg (>= 5.4.1-1) | 6.1.1-11 
libatomic1-dbg (>= 5.4.1-1) | 6.1.1-11 
libasan2-dbg (>= 5.4.1-1) | 5.4.1-1 
liblsan0-dbg (>= 5.4.1-1) | 6.1.1-11 
libtsan0-dbg (>= 5.4.1-1) | 6.1.1-11 
libubsan0-dbg (>= 5.4.1-1) | 6.1.1-11 
libcilkrts5-dbg (>= 5.4.1-1) | 6.1.1-11 
libmpx0-dbg (>= 5.4.1-1) | 5.4.1-1 
libquadmath0-dbg (>= 5.4.1-1) | 6.1.1-11 

Bug#837419: /usr/bin/pasystray: Segfault when choosing About from the menu

[Scott Leggett]

Awesome bug report, thanks for the detailed stack trace! :D

This looks like a bug in GTK+ rather than in pasystray specifically, so
I'm reassigning it there. I've also reported it upstream:

  https://bugzilla.gnome.org/show_bug.cgi?id=771279

-- 
Regards,
Scott.


signature.asc
Description: Digital signature

Bug#827154: transmission-remote-gtk

[Scott Leggett]

Please update the package to the newest version :)

Upstream is now at 1.3.1 - it would be great to get this into Stretch!

-- 
Regards,
Scott.


signature.asc
Description: Digital signature

Bug#837558: jessie-pu: package sed/4.2.2-4+deb8u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Dear release team:

I'd like to see Bugs #774347 and #835516 fixed in jessie.
(This is the bug that makes /bin to be 775, not 755, on new installs).
(Well, maybe not the only one, but the one happening on a required package).

The debdiff would be the attached one, which I've initially extracted from
the jessie branch in git (as indicated by the maintainer in Bug #835516),
and then cleaned up a little bit to be free from artifacts.

I have the ok from the maintainer here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835516#89

so this would be more a "sponsored upload" than a NMU.

Thanks.diff -Nru sed-4.2.2/debian/changelog sed-4.2.2/debian/changelog
--- sed-4.2.2/debian/changelog  2014-02-09 17:41:05.0 +
+++ sed-4.2.2/debian/changelog  2016-09-12 13:50:16.0 +0100
@@ -1,3 +1,11 @@
+sed (4.2.2-4+deb8u1) stable; urgency=medium
+
+  [ Jérémy Bobbio ]
+  * Ensure consistent permissions with different umasks.
+closes: #774347, #835516.
+
+ -- Clint Adams   Fri, 09 Sep 2016 18:07:57 -0400
+
 sed (4.2.2-4) unstable; urgency=medium
 
   * Add Samuel Thibault's backport of upstream patch to define
diff -Nru sed-4.2.2/debian/rules sed-4.2.2/debian/rules
--- sed-4.2.2/debian/rules  2013-12-14 04:38:32.0 +
+++ sed-4.2.2/debian/rules  2016-09-12 13:50:16.0 +0100
@@ -107,6 +107,8 @@
cd debian/tmp && find * -type f ! -regex '^DEBIAN/.*' -print0 | xargs 
-r0 md5sum > DEBIAN/md5sums
 
 # Build the packgae
+   find $(tmpdir) ! -type l -print0 | xargs -0r chmod go=rX,u+rw,a-s
+
dpkg-shlibdeps -dPre-Depends $(tmpdir)/bin/sed
dpkg-gencontrol -isp
dpkg --build debian/tmp ..

Bug#832429: Failure when trying to build

[Sean Whitton]

On Mon, Sep 12, 2016 at 01:30:33PM +0200, Andreas Tille wrote:
> > >I'd prefer the defaults specified in our team policy.
> > 
> > I adopted DEP-14 [1] which is supposed to be the most flexible scheme.
> > 
> > The nice thing with debian/master is that it is both applicable for
> > upstream git (since they use a master branch already) and import-orig
> > based packaging.
> > 
> > [1] https://lists.debian.org/debian-devel/2014/11/msg00444.html
> 
> I'd consider this a valid reason - but if I want to switch all my
> repositories because of this - h ...

Team conventions generally supercede project-wide conventions.  Team git
repositories are the main way by which teams work together, so it's best
not to disrupt carefully-crafted workflows.

-- 
Sean Whitton

Bug#837406: caff: "gpg: error reading key: No public key"

[Marcus Frings]

On Mon, 12 Sep 2016 14:15:34 +0200, Guilhem Moulin
 wrote:

> Got it!  I couldn't reproduce it because I have
> “$CONFIG{'keys-from-gnupg'} = 1;” in my ~/.caffrc.  The regression was
> introduced in r864 (2.4-1) and the enclosed patch fixes it.

Hooray, great! I confirm that your patch works here, too. With
your patch being applied, caff does its job:

$ ~/bin/local-caff --debug 39278DA8109E6244
[...]
[NOTICE] Fetching keys from a keyserver (this may take a while)...

Finally we found it, thanks a lot for your help on solving the
problem! :-)

Best regards,
Marcus
-- 
RWTH Aachen University, Institute of Organic Chemistry,
Landoltweg 1, 52074 Aachen, Germany

GPG key: 6C3458EE737CE22C0EF9FA3BE88FEBBE202CE599 (ed25519, preferred)
GPG key: 0138DA92EDFFB27DD270F86DB475E207BAB58229 (dsa1024, disfavoured)


pgpFbr1yapDJ5.pgp
Description: OpenPGP digital signature

Bug#836903: RFS: qevercloud/3.0.2+ds-1 [ITP] -- Unofficial Evernote Cloud API library for Qt

[Sean Whitton]

Dear Boyuan,

On Sun, Sep 11, 2016 at 08:48:15AM +0800, Boyuan Yang wrote:
> > - status of lemon parser currently unclear
> 
> This is fixed in the RFS of qevercloud before already. Of course we are
> using the lemon parser from Debian. The bundled source code of lemon
> is discarded in the source package. Sorry I didn't update the situation
> on that Github thread, which is a little bit outdated.

Great.

> You suggested the separate packaging of qevercloudgenerator, but now we
> seems to agree that since it is not useful for anything other than building
> qevercloud,  it should not be packaged separately.

Right.

> Now the problem is focused on the separation of evernote-thrift files.
> 
> I believe you suggested packaging thrift files alone, since the
> separated package
> can be used by other packages (most likely as a Build-Depend?), and to deal
> with the FTBFS of qevercloud after the version bump of evernote-thrift, we can
> include multiple copies. Did you suggest the coexistence of multiple versions
> of evernote-thrift in the Debian repository, for example,
> "evernote-thrift-1-25" and
> "evernote-thrift-1-28"? Or if I misunderstood, it is just one package
> "evernote-thrift"
> but provides different versions of files inside one binary package (e.g.,
> /usr/share/evernote/thrift/1.25/foobar and
> /usr/share/evernote/thrift/1.28/foobar)?

No, I was suggesting that you just embed the thrift files in your
qevercloud source package, as you wanted to do originally.

When I said "multiple versions in the archive" I meant copies in various
source packages, but not in any binary packages.

> Personally I am against the separated package of evernote-thrift, and
> the main reason is that it is not useful; thrift files are technically
> used by no one other than evernote people; developers are
> encouraged/guided to use official Evernote SDK released by evernote,
> which is already a generated project from the thrift files; no one
> else is parsing thrift files by him/herself.

Right.  They shouldn't be installed: just present in the qevernote
source package for the purposes of regeneration.

Could you confirm that your git repository is up-to-date with our
discussion, so I can (finally!) do a review of your packaging, please?

-- 
Sean Whitton

Bug#837556: ITP: lorene -- framework for numerical relativity

[Thibaut Paumard]

Package: wnpp
Severity: wishlist
Owner: Thibaut Paumard 

* Package name: lorene
  Version : 0.0.0~cvs20160908+dfsg
  Upstream Author : Eric Gourgoulhon, Philippe Grandclément, Jérôme Novak et
al.
* URL : http://www.lorene.obspm.fr/
* License : GPL2+
  Programming Lang: C++, Fortran
  Description : framework for numerical relativity

LORENE (Langage Objet pour la RElativité NumériquE) is a set of C++ classes
to solve various problems arising in numerical relativity, and more generally
in computational astrophysics. It provides tools to solve partial differential
equations by means of multi-domain spectral methods.


Packaging LORENE is a prerequisite to enable support for numerical space-times
in Gyoto.

I intend on maintaining LORENE in the Debian Astro team.

I have split the package as follows:

liblorene-dev: the static libraries and header;
lorene-codes-src: codes using LORENE (they must be recompiled for each use
case);
lorene: a meta-package that depends on the two packages above;
lorene-doc: the reference guide.

Note that LORENE does not support dynamic linking. At the moment, this is not a
strong issue since there will be only one file distributed in Debian binary
packages that will be linked with it (libgyoto-lorene.so in  package
libgyotoX).

Kind regards, Thibaut.

Bug#832212: block 832212 by 837554

[Hans-Christoph Steiner]

block 832212 by 837554

Bug#837555: installation-reports: Successful Sid d-i Reiser4-enabled 4.7.0-1+reiser4.0.1-amd64 kernel onto root reiser4 fs HP dv6-6c53cl

[Jose R Rodriguez]

Package: installation-reports
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- Package-specific info:

Boot method: netboot/USB stick
Image version: https://metztli.it/readOnlyEphemeral/Mictlanteuccitlalli.iso 
https://metztli.it/readOnlyEphemeral/Mictlanteuccitlalli.SHA256SUM
Date: Sep 11, 2016 ~ 17:14

Machine: HP Pavilion dv6-6c53cl
Partitions:
jose@mictlantecuhtli:~$ df -Tl
Filesystem Type 1K-blocks Used Available Use% Mounted on
udev   devtmpfs   81814640   8181464   0% /dev
tmpfs  tmpfs  1638284 1060   1637224   1% /run
/dev/sda15 reiser4   92435000  7818180  84616820   9% /
tmpfs  tmpfs 51204  5116   1% /run/lock
tmpfs  tmpfs  3862920 7892   3855028   1% /run/shm
/dev/sda9  ext2136269   103081 25918  80% /boot
cgroup tmpfs   12012   0% /sys/fs/cgroup
tmpfs  tmpfs  1638280   20   1638260   1% /run/user/1000


Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [O]
Detect network card:[O]
Configure network:  [O]
Detect CD:  [O]
Load installer modules: [O]
Clock/timezone setup:   [O]
User/password setup:[O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[O]
Install tasks:  [O]
Install boot loader:[O]
Overall install:[O]

Comments/Problems: Installed in 'expert' mode, as I...

Built Reiser4-enabled Unstable (svn) Debian Installer and Reiser4-patched 
kernel from Sid source
specifically for a Debian native Reiser4 partitioning, formating, and 
installation on my
development environment. Given its bleeding edge changing nature, Debian
simply installed flawlessly its Debian Desktop environment.

Only issue is that upon instantiation, d-i did not recognize my command:
preseed/late_command="in-target apt-get install -y sysvinit-core"

as I don't want *that* systemd thingy-magingy with my Enlightenment subsequent 
build. Thus,
had to give the above command myself after first boot.

I have noticed, since a while back, that the GDM3 behaves buggy, i.e.,
CTRL + Alt + fn to get a virtual terminal usually hangs the system; it
could be as a result of not having systemd(?) -- notwithstanding still seems 
GDM3 behaves laggardly.
I usually replace it with XDM -- which works beautifully to instantiate (and 
customize) Enlightenment.

Please note below that since I build my own SSL-enabled BusyBox UDEB for
d-i so that it can fetch its Reiser4 kernel &/or utilities from
metztli.it, I usually customize its option for an 'OS name' as Xonecuiltzin
(which is appended to uname -a output ;-)


-- 

Please make sure that the hardware-summary log file, and any other
installation logs that you think would be useful are attached to this
report. Please compress large files using gzip.

Once you have filled out this report, mail it to sub...@bugs.debian.org.

==
Installer lsb-release:
==
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="9 (stretch) - installer build 20160911-15:10"
X_INSTALLATION_MEDIUM=netboot

==
Installer hardware-summary:
==
uname -a: Linux mictlantecuhtli 4.7.0-1+reiser4.0.1-amd64 #1 SMP Debian 
4.7.2-1+reiser4.0.1 (2016-09-11) x86_64 Xonecuiltzin
lspci -knn: 00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core 
Processor Family DRAM Controller [8086:0104] (rev 09)
lspci -knn: Subsystem: Hewlett-Packard Company Device [103c:1658]
lspci -knn: 00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd 
Generation Core Processor Family Integrated Graphics Controller [8086:0116] 
(rev 09)
lspci -knn: Subsystem: Hewlett-Packard Company Device [103c:1658]
lspci -knn: 00:16.0 Communication controller [0780]: Intel Corporation 6 
Series/C200 Series Chipset Family MEI Controller #1 [8086:1c3a] (rev 04)
lspci -knn: Subsystem: Hewlett-Packard Company Device [103c:1658]
lspci -knn: 00:1a.0 USB controller [0c03]: Intel Corporation 6 Series/C200 
Series Chipset Family USB Enhanced Host Controller #2 [8086:1c2d] (rev 05)
lspci -knn: Subsystem: Hewlett-Packard Company Device [103c:1658]
lspci -knn: Kernel driver in use: ehci-pci
lspci -knn: Kernel modules: ehci_pci
lspci -knn: 00:1b.0 Audio device [0403]: Intel Corporation 6 Series/C200 Series 
Chipset Family High Definition Audio Controller [8086:1c20] (rev 05)
lspci -knn: Subsystem: 

Bug#837554: override: fdroidserver:devel/optional

[Hans-Christoph Steiner]

Package: ftp.debian.org
Severity: normal

This package was previously listed as python. There is no reason that
this package should conflict with any other package with optional or
higher priority.

Thanks,

.hc

Bug#837553: higan: new upstream release

[Ghislain Antony Vaillant]

Package: higan
Version: 098-2
Severity: wishlist

Dear Maintainer,

According to the upstream website [1], a new upstream version is available
(v101). Please consider packaging it.

Also, it might be worth tracking the release tags in the upstream git
repository [2] from now on. The current download link in the upstream website
leads to a 404.

[1] http://byuu.org/emulation/higan/
[2] https://gitlab.com/higan/higan/tags

Best regards,
Ghis


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages higan depends on:
ii  libao41.1.0-3
ii  libasound21.1.2-1
ii  libatk1.0-0   2.21.90-2
ii  libc6 2.23-5
ii  libcairo2 1.14.6-1+b1
ii  libfontconfig12.11.0-6.7
ii  libfreetype6  2.6.3-3+b1
ii  libgcc1   1:6.1.1-11
ii  libgdk-pixbuf2.0-02.34.0-1
ii  libgl1-mesa-glx [libgl1]  12.0.2-1
ii  libglib2.0-0  2.49.6-1
ii  libgomp1  6.1.1-11
ii  libgtk2.0-0   2.24.30-4
ii  libgtksourceview2.0-0 2.10.5-2
ii  libopenal11:1.17.2-1
ii  libpango-1.0-01.40.2-1
ii  libpangocairo-1.0-0   1.40.2-1
ii  libpangoft2-1.0-0 1.40.2-1
ii  libpulse0 9.0-3
ii  libsdl1.2debian   1.2.15+dfsg1-4
ii  libstdc++66.1.1-11
ii  libudev1  231-4
ii  libx11-6  2:1.6.3-1
ii  libxext6  2:1.3.3-1
ii  libxv12:1.0.10-1+b1

higan recommends no packages.

higan suggests no packages.

-- no debconf information

Bug#837552: sddm: Greeter segfaults on startup

[Alex Hvostov]

Package: sddm
Version: 0.13.0-1
Severity: important

After updating to this version, the greeter now segfaults on start. `startx`
into Plasma works fine (I'm reporting this bug from there).

gdb backtrace of the crashing thread:
#0  QFontconfigDatabase::populateFontDatabase (this=) at 
fontdatabases/fontconfig/qfontconfigdatabase.cpp:500
#1  0x7f73dca696d9 in initializeDb () at text/qfontdatabase.cpp:889
#2  0x7f73dca6e5c5 in QFontDatabase::findFont (request=..., 
script=script@entry=2) at text/qfontdatabase.cpp:2633
#3  0x7f73dca6f0c7 in QFontDatabase::load (d=d@entry=0x95dc90, 
script=script@entry=2) at text/qfontdatabase.cpp:2788
#4  0x7f73dca44c8a in QFontPrivate::engineForScript (this=0x95dc90, 
script=script@entry=2) at text/qfont.cpp:212
#5  0x7f73dca7676d in QTextEngine::fontEngine 
(this=this@entry=0x7fff78a4dd20, si=..., ascent=ascent@entry=0xb6f074, 
descent=descent@entry=0xb6f070, leading=leading@entry=0xb6f078) at 
text/qtextengine.cpp:2084
#6  0x7f73dca774a7 in QTextEngine::shapeText 
(this=this@entry=0x7fff78a4dd20, item=item@entry=0) at text/qtextengine.cpp:994
#7  0x7f73dca781d0 in QTextEngine::shape (this=this@entry=0x7fff78a4dd20, 
item=item@entry=0) at text/qtextengine.cpp:1528
#8  0x7f73dca7e870 in QTextEngine::boundingBox 
(this=this@entry=0x7fff78a4dd20, from=from@entry=0, len=) at 
text/qtextengine.cpp:1865
#9  0x7f73dca62451 in QFontMetrics::boundingRect (this=, 
text=...) at text/qfontmetrics.cpp:673
#10 0x7f73c61e92c0 in ?? () from 
/usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/plasma/core/libcorebindingsplugin.so
#11 0x7f73c61e969e in ?? () from 
/usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/plasma/core/libcorebindingsplugin.so
#12 0x7f73c61c4f56 in ?? () from 
/usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/plasma/core/libcorebindingsplugin.so
#13 0x7f73dd26a07a in QQmlThread::internalCallMethodInThread 
(this=0x982a20, message=) at qml/ftw/qqmlthread.cpp:315
#14 0x7f73dd203195 in QQmlThread::callMethodInThread (arg=, 
Member=, this=) at 
../../include/QtQml/5.6.1/QtQml/private/../../../../../src/qml/qml/ftw/qqmlthread_p.h:159
#15 QQmlTypeLoaderThread::load (this=, b=b@entry=0x0) at 
qml/qqmltypeloader.cpp:754
#16 0x7f73dd211799 in PlainLoader::load (this=, 
loader=0xb43f10, blob=0x0) at qml/qqmltypeloader.cpp:921
#17 QQmlTypeLoader::doLoad (this=0xb43f10, loader=..., blob=0x0, 
mode=QQmlTypeLoader::PreferSynchronous) at qml/qqmltypeloader.cpp:985
#18 0x7f73dd20a4d1 in QQmlTypeLoader::load 
(mode=QQmlTypeLoader::PreferSynchronous, blob=0xb43f10, this=0x9b8ed8) at 
qml/qqmltypeloader.cpp:1008
#19 QQmlTypeLoader::getType (this=0x9b8ed8, url=..., 
mode=QQmlTypeLoader::PreferSynchronous) at qml/qqmltypeloader.cpp:1644
#20 0x7f73dd1ec079 in QQmlComponentPrivate::loadUrl (this=0xb43de0, 
newUrl=..., mode=QQmlComponent::PreferSynchronous) at qml/qqmlcomponent.cpp:672
#21 0x7f73dd5e510a in QQuickViewPrivate::execute (this=0x97ef50) at 
items/qquickview.cpp:125
#22 0x7f73dd5e529a in QQuickView::setSource (this=this@entry=0x96ffb0, 
url=...) at items/qquickview.cpp:256
#23 0x00428abe in SDDM::GreeterApp::addViewForScreen 
(this=this@entry=0x7fff78a50cf0, screen=0x93cae0) at 
/build/sddm-Wa20od/sddm-0.13.0/src/greeter/GreeterApp.cpp:199
#24 0x00429b98 in SDDM::GreeterApp::GreeterApp (this=0x7fff78a50cf0, 
argc=, argv=) at 
/build/sddm-Wa20od/sddm-0.13.0/src/greeter/GreeterApp.cpp:134
#25 0x00414833 in main (argc=5, argv=0x7fff78a50e78) at 
/build/sddm-Wa20od/sddm-0.13.0/src/greeter/GreeterApp.cpp:231

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sddm depends on:
ii  adduser   3.115
ii  debconf [debconf-2.0] 1.5.59
ii  libc6 2.24-2
ii  libgcc1   1:6.2.0-3
ii  libpam0g  1.1.8-3.3
ii  libqt5core5a  5.6.1+dfsg-3+b1
ii  libqt5dbus5   5.6.1+dfsg-3+b1
ii  libqt5gui55.6.1+dfsg-3+b1
ii  libqt5network55.6.1+dfsg-3+b1
ii  libqt5qml55.6.1-8
ii  libqt5quick5  5.6.1-8
ii  libstdc++66.2.0-3
ii  libsystemd0   231-6
ii  libxcb-xkb1   1.11.1-1.1
ii  libxcb1   1.11.1-1.1
ii  qml-module-qtquick2   5.6.1-8
ii  sddm-theme-breeze [sddm-theme]4:5.7.4-1
ii  sddm-theme-circles [sddm-theme]   0.13.0-1
ii  sddm-theme-elarun [sddm-theme]0.13.0-1
ii  sddm-theme-maldives [sddm-theme]  0.13.0-1
ii  

Bug#837551: override: libreoffice-gtk:oldlibs/extra

[Rene Engelhard]

Package: ftp.debian.org
Severity: normal

https://packages.qa.debian.org/libr/libreoffice.html:

There were override disparities found in suite unstable:

libreoffice-gtk: Override says gnome - extra, .deb says oldlibs - extra

Was changed with
https://anonscm.debian.org/cgit/pkg-openoffice/libreoffice.git/commit/?id=55c32a7c871ba76835aad6fce0bcc25293304656

which was prompted by

https://lintian.debian.org/tags/transitional-package-should-be-oldlibs-extra.html

So oldlibs/extra should be correct.

Regards,

Rene

Bug#793824: which package

[Bozhan Boyadzhiev]

Can you remember which packages are needed?
NM doesn't work after update at
 01.09.2016


Божан

Bug#836368: retitle 836368 ITA: pev -- text-based tool to analyze PE files

[Stephen Kitt]

Hi Paulo,

On Sat, Sep 03, 2016 at 11:54:04PM -0300, Paulo wrote:
> I working in this package, it's almost done, there are some issues to solve.
> 
> I uploaded to mentors a version 0.70-1

It would be nice if you could base your updated package on Petter
Reinholdtsen's version 0.50 since that has been uploaded to the
archive (and pulled into collab-maint).

I've reviewed your current package on mentors; here are my comments...

The package descriptions could be improved: something like

Description: PE (Portable Executable) analysis toolkit
 pev is a toolkit to work with PE (Portable Executable) binaries
 commonly used on Windows operating systems.
 .
 Its main goal is to provide feature-rich tools enabling proper
 analysis of binaries, especially suspicious ones. It's typically used
 to analyse malware and viruses.

for pev,

Description: PE (Portable Executable) analysis library
 libpe provides functions to extract information from
 PE32/PE32+-format binaries (32- and 64-bit Windows executables), such
 as headers, sections, resources... This format is used by .EXE
 programs, .DLL dynamic-link libraries, .OCX component libraries and
 many others.

for libpe1 (dropping "libpe1" so you don't need to update the
description for a soname change), and likewise for libpe-dev (with the
extra paragraph you already have).


In debian/rules, you should use

export DEB_BUILD_MAINT_OPTIONS=hardening=+all

instead of manually specifying the CFLAGS and LDFLAGS for hardening;
that way, dpkg will use the appropriate flags for each platform.


In debian/copyright, license information for lib/libfuzzy and
lib/libudis86 is missing; also, the pev code still has GPL-3+ headers
(despite the authors' intentions as evidenced by the change in the
LICENSE file). In any case, the licensing situation means that 0.70
can't be uploaded to Debian; pev needs an OpenSSL licensing exception
which will be included in the next version (see
https://github.com/merces/pev/issues/98 for details).


Thanks for the work you've put into the packaging, you obviously care
about getting it right! I'll happily sponsor the package once it's in
an uploadable state (which really depends on upstream now).

Regards,

Stephen

Bug#804680: why Recommends: fonts-droid ?

[Ghislain Vaillant]

I have looked at the packaging content and I fail to understand why the
additional font package is recommended by gnome-shell-pomodoro-data.

Could you elaborate on the Recommends relationship?

Ghis

Bug#837550: gnome-shell-pomodoro: incorrect watch file

[Ghislain Antony Vaillant]

Package: gnome-shell-pomodoro
Version: 0.11.2-2
Severity: normal
Tags: patch

Dear Maintainer,

The current watch file for this package is incorrect.

You will find a patch which addresses this issue.

Cheers,
Ghis


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-shell-pomodoro depends on:
ii  gnome-shell3.20.3-1+b1
ii  gnome-shell-pomodoro-data  0.11.2-2
ii  libatk1.0-02.21.90-2
ii  libc6  2.23-5
ii  libcairo-gobject2  1.14.6-1+b1
ii  libcairo2  1.14.6-1+b1
ii  libcanberra0   0.30-3
ii  libdbus-1-31.10.10-1
ii  libdbus-glib-1-2   0.106-1
ii  libgdk-pixbuf2.0-0 2.34.0-1
ii  libglib2.0-0   2.49.6-1
ii  libgnome-desktop-3-12  3.21.90-3
ii  libgstreamer1.0-0  1.8.3-1
ii  libgtk-3-0 3.21.5-3
ii  libpango-1.0-0 1.40.2-1
ii  libpangocairo-1.0-01.40.2-1
ii  libtelepathy-glib0 0.24.1-1.1

gnome-shell-pomodoro recommends no packages.

gnome-shell-pomodoro suggests no packages.

-- no debconf information
>From 74a7794cdfbc373641c493883338e45fad0407f3 Mon Sep 17 00:00:00 2001
From: Ghislain Antony Vaillant 
Date: Mon, 12 Sep 2016 13:31:16 +0100
Subject: [PATCH] Fix watch file.

---
 debian/watch | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/watch b/debian/watch
index cf689ff..109dbb6 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,3 +1,3 @@
 version=3
-opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/-$1\.tar\.gz/ \
-  https://github.com/codito/gnome-pomodoro/tags .*/v?(\d\S*)\.tar\.gz
+opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/gnome-pomodoro-$1\.tar\.gz/ \
+https://github.com/codito/gnome-pomodoro/tags .*/v?(\d\S*)\.tar\.gz
-- 
2.9.3

Bug#622391: duplicate of 669707

[Tomáš Hnyk]

This is a duplicate of 669707.

also, the new realease is 3.5.7 http://t-sato.in.coocan.jp/xvkbd/#changelog