Bug#860025: unblock: bsdmainutils/9.0.12+nmu1 (pre-approval)

[Niels Thykier]

Control: tags -1 confirmed moreinfo

Thorsten Glaser:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> I would like to request another pre-approval for a one-line fix
> to bsdmainutils to fix a bad patch. The Debian bug is #859933.
> 
> In jessie (and on BSD), calling 'calendar' would output:
> 
> root@evolvis:~ # calendar
> Apr 10  Commodore Matthew Calbraith Perry born, 1794
> Apr 10  William Booth born, 1829, founder of the Salvation Army
> […]
> 
> On stretch/sid, it looks thus:
> 
> tglase@tglase:~ $ calendar
> Apr 10  Commodore Matthew Calbraith Perry born, 1794
> 
> Apr 10  William Booth born, 1829, founder of the Salvation Army
> 
> […]
> 
> The patch is trivial:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=859933;filename=bsdmainutils_9.0.12%2Bnmu0teckids1.debdiff;msg=5
> (of course as 9.0.12+nmu1)
> 
> [...]

Please go ahead and remove the moreinfo tag once the NMU has reached
unstable + have been built on all relevant architectures.

Thanks,
~Niels

Bug#860058: unblock: libnl3/3.2.27-2

[Niels Thykier]

Control: tags -1 confirmed

Heiko Stuebner:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package libnl3
> 
> In CVE-2017-0553 a possible (but moderate) security issue was found
> which resulted in bug #859948 against the Debian libnl3 package.
> 
> The 3.2.27-2 fixes this (and only this) issue.
> 

Ack from here, CC'ing KiBi for a d-i ack (and keeping the debdiff for
his sake).

~Niels

> debdiff:
> diff -Nru libnl3-3.2.27/debian/changelog libnl3-3.2.27/debian/changelog
> --- libnl3-3.2.27/debian/changelog  2016-01-24 23:54:53.0 +0100
> +++ libnl3-3.2.27/debian/changelog  2017-04-10 11:48:23.0 +0200
> @@ -1,3 +1,9 @@
> +libnl3 (3.2.27-2) unstable; urgency=low
> +
> +  * Add upstream fix for CVE-2017-0553 (Closes: #859948)
> +
> + -- Heiko Stuebner   Mon, 10 Apr 2017 11:48:23 +0200
> +
>  libnl3 (3.2.27-1) unstable; urgency=low
> 
>* New upstream release
> diff -Nru libnl3-3.2.27/debian/patches/debian/nlmsg_reserve-overflow.patch
> libnl3-3.2.27/debian/patches/debian/nlmsg_reserve-overflow.patch
> --- libnl3-3.2.27/debian/patches/debian/nlmsg_reserve-overflow.patch
> 1970-01-01 01:00:00.0 +0100
> +++ libnl3-3.2.27/debian/patches/debian/nlmsg_reserve-overflow.patch
> 2017-04-10 10:55:21.0 +0200
> @@ -0,0 +1,38 @@
> +From 3e18948f17148e6a3c4255bdeaaf01ef6081ceeb Mon Sep 17 00:00:00 2001
> +From: Thomas Haller 
> +Date: Mon, 6 Feb 2017 22:23:52 +0100
> +Subject: [PATCH] lib: check for integer-overflow in nlmsg_reserve()
> +
> +In general, libnl functions are not robust against calling with
> +invalid arguments. Thus, never call libnl functions with invalid
> +arguments. In case of nlmsg_reserve() this means never provide
> +a @len argument that causes overflow.
> +
> +Still, add an additional safeguard to avoid exploiting such bugs.
> +
> +Assume that @pad is a trusted, small integer.
> +Assume that n->nm_size is a valid number of allocated bytes (and thus
> +much smaller then SIZE_T_MAX).
> +Assume, that @len may be set to an untrusted value. Then the patch
> +avoids an integer overflow resulting in reserving too few bytes.
> +---
> + lib/msg.c | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/lib/msg.c b/lib/msg.c
> +index 9af3f3a..3e27d4e 100644
> +--- a/lib/msg.c
>  b/lib/msg.c
> +@@ -411,6 +411,9 @@ void *nlmsg_reserve(struct nl_msg *n, size_t len, int 
> pad)
> +   size_t nlmsg_len = n->nm_nlh->nlmsg_len;
> +   size_t tlen;
> +
> ++  if (len > n->nm_size)
> ++  return NULL;
> ++
> +   tlen = pad ? ((len + (pad - 1)) & ~(pad - 1)) : len;
> +
> +   if ((tlen + nlmsg_len) > n->nm_size)
> +--
> +2.9.3
> +
> diff -Nru libnl3-3.2.27/debian/patches/series
> libnl3-3.2.27/debian/patches/series
> --- libnl3-3.2.27/debian/patches/series 2016-01-24 00:36:27.0 +0100
> +++ libnl3-3.2.27/debian/patches/series 2017-04-10 10:57:45.0 +0200
> @@ -3,3 +3,4 @@
>  debian/no-symvers.diff -p1
>  debian/__nl_cache_ops_lookup-unstatic.diff -p1
>  debian/_nl_socket_generate_local_port_no_release.diff -p1
> +debian/nlmsg_reserve-overflow.patch -p1
> 
> 
> unblock libnl3/3.2.27-2
> 
> [...]

Bug#859787: davmail: new upstream version available - please upgrade

[Jan Beyer]

Am 10.04.2017 um 22:06 schrieb Geert Stappers:
> On Mon, Apr 10, 2017 at 06:45:27PM +0200, Alexandre Rossi wrote:
>>> ...
>> I will prepare an upload to experimental if my sponsor thinks it may
>> be worth his time.
> Just let me known and I'll upload.
Great - that's fine for me!

Thanks a lot!

Best regards,
Jan

-- 
Jan Beyer   happy Debian Maintainer ;-) 

mailj...@beathovn.deGPG key ID 0xC6D815D8
jabber  beath...@jabber.org
web http://www.beathovn.de/

Bug#852395: unblock: gssproxy/0.5.1-2

[Robbie Harwood]

Niels Thykier  writes:

> Ok - as I understand it, what we are dealing with here is:
>
>  * systemd: You can get gssproxy + NFS and it "just works(tm)" if
>you install gssproxy.  Otherwise you get svcgssd + NFS.
>(This is how I understood Neil Brown)
>  * sysvinit: Business as usual either way.
>
>
> So granting gssproxy will:
>
>  * Provide systemd users with NFS + gssproxy if they opt-in to it
>(by installing it)
>  * Provide sysvinit users gssproxy and if they want to use it with
>NFS, they may have to tweak things themselves
>  * Not cause any issues for neither systemd users nor sysvinit users
>just by installing it.
>  * enable users to get gssproxy which is not deprecated (unlike the
>existing svcgssd)
>
> Is the above correct? And you are happy with gssproxy/0.5.1-2 as it is?

That sounds right.  And yes.


signature.asc
Description: PGP signature

Bug#860072: botan1.10: CVE-2017-2801: Incorrect comparison in X.509 DN strings

[Salvatore Bonaccorso]

Source: botan1.10
Version: 1.10.8-2
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for botan1.10.

CVE-2017-2801[0]:
Incorrect comparison in X.509 DN strings

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2801
[1] 
https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4

Regards,
Salvatore


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#860071: tomcat8: CVE-2017-5651

[Salvatore Bonaccorso]

Source: tomcat8
Version: 8.5.11-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tomcat8.

CVE-2017-5651[0]:
|The refactoring of the HTTP connectors for 8.5.x onwards, introduced a
|regression in the send file processing. If the send file processing
|completed quickly, it was possible for the Processor to be added to the
|processor cache twice. This could result in the same Processor being
|used for multiple requests which in turn could lead to unexpected errors
|and/or response mix-up.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651

Regards,
Salvatore

Bug#860070: tomcat8: CVE-2017-5650

[Salvatore Bonaccorso]

Source: tomcat8
Version: 8.5.11-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tomcat8.

CVE-2017-5650[0]:
|The handling of an HTTP/2 GOAWAY frame for a connection did not close
|streams associated with that connection that were currently waiting for
|a WINDOW_UPDATE before allowing the application to write more data.
|These waiting streams each consumed a thread. A malicious client could
|therefore construct a series of HTTP/2 requests that would consume all
|available processing threads.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5650

Regards,
Salvatore

Bug#860069: tomcat8: CVE-2017-5648

[Salvatore Bonaccorso]

Source: tomcat8
Version: 8.0.14-1
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for tomcat8.

CVE-2017-5648[0]:
|While investigating bug 60718, it was noticed that some calls to
|application listeners did not use the appropriate facade object. When
|running an untrusted application under a SecurityManager, it was
|therefore possible for that untrusted application to retain a
|reference to the request or response object and thereby access and/or
|modify information associated with another web application.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648

Regards,
Salvatore

Bug#860068: tomcat8: CVE-2017-5647

[Salvatore Bonaccorso]

Source: tomcat8
Version: 8.0.14-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tomcat8.

CVE-2017-5647[0]
|A bug in the handling of the pipelined requests when send file was
|used resulted in the pipelined request being lost when send file
|processing of the previous request completed. This could result in
|responses appearing to be sent for the wrong request. For example, a
|user agent that sent requests A, B and C could see the correct
|response for request A, the response for request C for request B and
|no response for request C.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647

Regards,
Salvatore

Bug#860049: dovecot-core 1:2.2.13-12~deb8u2 (fix for bug 860049) seems to break dovecot dict key interpolation entirely

[Salvatore Bonaccorso]

Hi Nick,

On Tue, Apr 11, 2017 at 01:19:11AM +0100, Nick Thomas wrote:
> Hi,
> 
> dovecot-core/1:2.2.13-12~deb8u2 with a dict-based userdb or passdb no
> longer interprets placeholders like %u in the keys even once.
> 
> The referenced commit claims to prevent double-parsing in a situation
> like this:
> 
> 
> username: fo...@example.com
> config file: 
> 
> ```
> key userdb {
> ?? key = userdb/%u
> ?? format = json
> }
> ```
> 
> result: userdb/foo...@example.com@example.com
> 
> Instead, it claims the result should be userdb/fo...@example.com
> 
> What I'm seeing is that the key actually becomes userdb/%u
> 
> I'm using the UNIX socket "proxy" protocol listed here: https://wiki2.d
> ovecot.org/AuthDatabase/Dict
> 
> 
> Similar issues with the passdb, which is similarly configured.
> 
> In 1:2.2.13-12~deb8u1, the proxy receives lines like:
> "Lshared/passdb/foo.default.urgs.uk0.bigv.io"
> In 1:2.2.13-12~deb8u2, the proxy receives lines like:
> "Lshared/passdb/%u"
> 
> This comes up with the symbiosis integration to dovecot; I've got a
> GitHub issue open with them here: https://github.com/BytemarkHosting/sy
> mbiosis/issues/13 - I'm having trouble believing that dovecot-core
> master's functionality is broken here, although I guess it's possible.
> Their examples and wiki still show the "%u" syntax.
> 
> Regards,
> 
> Nick Thomas

Thanks for the report. I'm Cc'ing explicitly Apollon and upstream.

Timo and Aki, attached is the patch used for the version in Debian
Jessie.

Did I misss something obvious with backporting the commit to 2.2.13?

Regards,
Salvatore
>From 30feb7a30f193197f1aab8a7b04a26b42735 Mon Sep 17 00:00:00 2001
From: Aki Tuomi 
Date: Mon, 6 Mar 2017 14:59:46 +0200
Subject: [PATCH] auth: Do not double-expand key in passdb dict when
 authenticating

Broken by 79042f8c
[carnil: Backport for context in 2.2.13]
---
 src/auth/db-dict.c | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

--- a/src/auth/db-dict.c
+++ b/src/auth/db-dict.c
@@ -404,7 +404,7 @@ static int db_dict_iter_lookup_key_value
 			continue;
 
 		str_truncate(path, strlen(DICT_PATH_SHARED));
-		var_expand(path, key->key->key, iter->var_expand_table);
+		str_append(path, key->key->key);
 		ret = dict_lookup(iter->conn->dict, iter->pool,
   str_c(path), >value);
 		if (ret > 0) {

Bug#681941: Addressed upstream

[Olly Betts]

Control: patch -1 + fixed-upstream patch

I've committed a patch upstream to skip any testcase which fails with
NetworkError when errno is ECHILD, which should address these buildd
failures.

I'd really love to know what the problem is, but it seems unreproducible
outside of the buildds which makes it really hard to investigate.

Cheers,
Olly

Bug#681941: Addressed upstream

[Olly Betts]

On Tue, Apr 11, 2017 at 03:26:34PM +1200, Olly Betts wrote:
> I've committed a patch upstream to skip any testcase which fails with
> NetworkError when errno is ECHILD, which should address these buildd
> failures.

Forgot link to patch:

https://trac.xapian.org/changeset/3b1e60f80eb2b6780c9fc196ef06706b665d339f/git

Cheers,
Olly

Bug#860067: ITP: minijail -- Utility to run a program inside a sandbox

[Andrew Pollock]

Package: wnpp
Severity: wishlist
Owner: Andrew Pollock 

* Package name: minijail
  Version : 1
  Upstream Author : Jorge Lucángeli Obes 
* URL : 
https://www.chromium.org/chromium-os/developer-guide/chromium-os-sandboxing
* License : BSD
  Programming Lang: C, C++
  Description : Utility to run a program inside a sandbox

minijail provides a consistent method to sandbox of services and applications,
using a mix of capability restrictions, user ID compartmentalisation, namespace
isolation and seccomp.

It is the sandboxing tool of choice for Chromium OS and Android.

 - why is this package useful/relevant? 
   It's a useful security enhancement that could potentially be used by 
   other packages. There's potential functionality overlap with firejail
 - how do you plan to maintain it? 
   I'm open to maintaining this under collab-maint

Bug#859800: [debian-mysql] jessie -> stretch upgrade with MySQL 5.5

[Paul Gevers]

On 04/10/17 22:11, Ondřej Surý wrote:
> 1. what init system does your NAS have after upgrade?

paul@fuji ~ $ ll /sbin/init
lrwxrwxrwx 1 root root 20 mrt  2 09:21 /sbin/init -> /lib/systemd/systemd

> 2. did you reboot the system between removing mysql-server-5.5 and
> mariadb-server-10.0 (purging /var/run on tmpfs)?

Yes. Below some lines from /var/log/syslog


Apr  7 11:03:43 fuji mysql[15397]: Stopping MySQL database server: mysqld.
Apr  7 11:03:43 fuji systemd[1]: Stopped LSB: Start and stop the mysql
database server daemon.


Apr  7 12:06:44 fuji kernel: [0.00] Booting Linux on physical
CPU 0x0


Apr  7 12:45:43 fuji mysqld_safe[2798]: 2017-04-07 12:45:43 3062317056
[Note] /usr/sbin/mysqld (mysqld 10.1.22-MariaDB-) starting as process
2825 ...
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: Installation of system tables
failed!  Examine the logs in
Apr  7 12:45:52 fuji mysqld_safe[2798]: /var/lib/mysql for more information.
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: The problem could be conflicting
information in an external
Apr  7 12:45:52 fuji mysqld_safe[2798]: my.cnf files. You can ignore
these by doing:
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: shell>
/usr/scripts/scripts/mysql_install_db --defaults-file=~/.my.cnf
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: You can also try to start the
mysqld daemon with:
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: shell> /usr/sbin/mysqld
--skip-grant --general-log &
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: and use the command line tool
/usr/bin/mysql
Apr  7 12:45:52 fuji mysqld_safe[2798]: to connect to the mysql database
and look at the grant tables:
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: shell> /usr/bin/mysql -u
root mysql
Apr  7 12:45:52 fuji mysqld_safe[2798]: mysql> show tables;
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: Try 'mysqld --help' if you have
problems with paths.  Using
Apr  7 12:45:52 fuji mysqld_safe[2798]: --general-log gives you a log in
/var/lib/mysql that may be helpful.
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: The latest information about
mysql_install_db is available at
Apr  7 12:45:52 fuji mysqld_safe[2798]:
https://mariadb.com/kb/en/installing-system-tables-mysql_install_db
Apr  7 12:45:52 fuji mysqld_safe[2798]: MariaDB is hosted on launchpad;
You can find the latest source and
Apr  7 12:45:52 fuji mysqld_safe[2798]: email lists at
http://launchpad.net/maria
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2798]: Please check all of the above
before submitting a bug report
Apr  7 12:45:52 fuji mysqld_safe[2798]: at http://mariadb.org/jira
Apr  7 12:45:52 fuji mysqld_safe[2798]:
Apr  7 12:45:52 fuji mysqld_safe[2858]: 2017-04-07 12:45:52 3062255616
[Note] /usr/sbin/mysqld (mysqld 10.1.22-MariaDB-) starting as process
2857 ...

which coincides with the abort in /var/log/mysqld/error.log:
2017-04-07 12:45:49 3062317056 [ERROR] Aborting

On 04/10/17 22:47, Ondřej Surý wrote:
> Are you sure that you haven't done any manual changes to
> /etc/init.d/mysql that would cause dpkg to not replace it with new
> script?

Yes.
paul@fuji ~ $ ll /etc/init.d/mysql
-rwxr-xr-x 1 root root 5930 mrt 28 22:59 /etc/init.d/mysql

Which matches:
mariadb-10.1 (10.1.22-3) unstable; urgency=medium
 -- Ondřej Surý   Tue, 28 Mar 2017 22:59:06 +0200

> Is there something like /etc/init.d/mysql.dpkg-* present on your
> NAS system (although I can start mariadb even with the old MySQL 5.5
> init.d script).

No,
paul@fuji ~ $ ll /etc/init.d/mysql*
-rwxr-xr-x 1 root root 5930 mrt 28 22:59 /etc/init.d/mysql

> Would you be willing to test it again on your system:
> 
> a) stop mariadb server
> b) rm -rf /var/run/mysqld
> c) start mariadb server

paul@fuji ~ $ sudo service mysql stop
paul@fuji ~ $ sudo rmdir /var/run/mysqld/
paul@fuji ~ $ sudo service mysql start
paul@fuji ~ $ ll /var/run/mysqld/
total 4
drwxr-xr-x  2 mysql root   80 apr 11 04:08 .
drwxr-xr-x 26 root  root  820 apr 11 04:08 ..
-rw-rw  1 mysql mysql   6 apr 11 04:08 mysqld.pid
srwxrwxrwx  1 mysql mysql   0 apr 11 04:08 mysqld.sock

So, now it can properly succeed.

> Does it fails to create /var/run/mysqld?  If not, then (on sysvinit
> system) output of:
> 
> sh -x /etc/init.d/mysql start
> 
> or on systemd init system output of
> 
> journalctl --unit=mariadb
> 
> would be appreciated.

paul@fuji ~ $ sudo journalctl --unit=mariadb
-- Logs begin at Mon 2017-04-10 23:56:51 CEST, end at Tue 2017-04-11
04:09:35 CEST. --
apr 11 04:07:18 fuji systemd[1]: Stopping MariaDB database server...
apr 11 04:07:20 fuji systemd[1]: Stopped MariaDB database server.
apr 11 04:08:08 fuji systemd[1]: Starting MariaDB database 

Bug#860060: muttdown: move from contrib to main (or explain why in contrib)

[gustavo panizzo]

On Tue, Apr 11, 2017 at 07:23:39AM +0800, Paul Wise wrote:

Source: muttdown
Severity: wishlist

muttdown is Free Software and has no external dependencies that I can
see, so it should be moved from contrib to main.

muttdown depends on python-pynliner which is, unfortunately, non-free



Alternatively, according to Debian Policy section 12.5:


Packages in the contrib or non-free archive areas should state in the
copyright file that the package is not part of the Debian
distribution and briefly explain why.


https://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile

As far as I can tell the muttdown copyright file doesn't state that why
it is in contrib. Please add a Comment field explaining this.

I've fixed that, but no upload yet

https://anonscm.debian.org/cgit/collab-maint/muttdown.git/commit/?h=debian/unstable=7c455669095857275d70e45c9fc957051d7a00e5

thanks Pabs!

--
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333

keybase: https://keybase.io/gfa


signature.asc
Description: Digital Signature

Bug#860013: Bug#824442: and conflict needs to be resolved

[Ben Hutchings]

Control: tag -1 moreinfo

On Mon, 10 Apr 2017 10:48:45 +0200 Aurelien Jarno  wrote:
[...] 
> Unfortunately I have been pointed on the libc-alpha mailing list that
> it doesn't work if another file which includes 
> (e.g. ) is included before . The problem is
> that the __UAPI_DEF_IF_* constants are set to 1 in 
> even if  is not included.
[...]

Does this affect any real programs, or is this just theoretical (and
therefore should be downgraded)?

Ben.

-- 
Ben Hutchings
73.46% of all statistics are made up.



signature.asc
Description: This is a digitally signed message part

Bug#858373: apache2: segfaults upon recieving bad request when using worker/event mpm and cgid errordoc

[Doran Moppert]

This looks like a form of CVE-2015-0253, which affected upstream apache
2.4.11, was introduced by the backport.  The fix is to ensure
r->protocol is always populated:

https://svn.apache.org/viewvc?view=revision=1668879

-- 
Doran Moppert
Red Hat Product Security

Bug#860066: ltrace: Doesn't work on some binaries

[Matthew Gabeler-Lee]

Package: ltrace
Version: 0.7.3-6+b1
Severity: normal

ltrace -f ls: crapton of output
ltrace -f irw: nothing

(irw from current testing version of lirc)

I've not found the correlation between apps that work and apps that don't. 
I see an old bug about PIE executables, but that was listed as fixed?  None
of the apps from the lirc package work.

Most apps work.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ltrace depends on:
ii  libc62.24-9
ii  libelf1  0.168-0.2
ii  libselinux1  2.6-3+b1

ltrace recommends no packages.

ltrace suggests no packages.

-- no debconf information

Bug#860065: lirc: Ignores remote configs included with absolute paths

[Matthew Gabeler-Lee]

Package: lirc
Version: 0.9.4c-9
Severity: normal

If you put a line like this in lircd.conf or one of the files it includes:

include "/absolute/path/to/remote.conf"

It will be ignored.  The problem seems to be bad interaction between these
two snippets of code in lib/config_file.c:

~ line 906 (read_all_included):
lirc_parse_relative(buff, sizeof(buff), val, name);
glob(buff, 0, NULL, );
~ line 791 (lirc_parse_relative)
if (*child == '/')
return child;

The caller doesn't actually use the return value of lirc_parse_relative, it
assumes buff will be filled ...  but it's not.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lirc depends on:
ii  init-system-helpers  1.47
ii  libasound2   1.1.3-5
ii  libc62.24-9
ii  libftdi1-2   1.3-2+b2
ii  libgcc1  1:6.3.0-11
ii  liblirc-client0  0.9.4c-9
ii  liblirc0 0.9.4c-9
ii  libportaudio219.6.0-1
ii  libstdc++6   6.3.0-11
ii  libsystemd0  232-22
ii  libudev1 232-22
ii  libusb-0.1-4 2:0.1.12-30
ii  libusb-1.0-0 2:1.0.21-1
ii  lsb-base 9.20161125
ii  python3  3.5.3-1

Versions of packages lirc recommends:
pn  gir1.2-vte
ii  python3-gi3.22.0-2
pn  python3-yaml  

Versions of packages lirc suggests:
pn  ir-keytable  
ii  lirc-compat-remotes  0.9.0-1
pn  lirc-doc 
pn  lirc-drv-irman   
ii  lirc-x   0.9.4c-9
ii  setserial2.17-50

-- Configuration Files:
/etc/lirc/hardware.conf changed [not included]
/etc/lirc/lircd.conf changed [not included]
/etc/lirc/lircd.conf.d/devinput.lircd.conf [Errno 2] No such file or directory: 
'/etc/lirc/lircd.conf.d/devinput.lircd.conf'

-- debconf information excluded

Bug#758260: The problem is serious and should be fixed IMHO.

[ISHIKAWA,chiaki]

I recently encountered the similar problem after a quick install using  
netinstall ISO.

As the original poster said,
the default partition done by
choosing guided install with separate "/home" only reserves
about only 10- GB for the "/" partion.

This is way too small since, in this set up, "/" will hold
/var, /usr, and /lib, and all of them are known to bloat (when you need  
to run apt-get upgrade, etc.)


 > pretty sure 10 GB is quite reasonable for a root filesystem, unless you

have specific requirements (which you didn't mention, so that's hard to
figure out). Last I checked, default is *not* using separate directories
so if you're switching away from it, I'm sure you could also partition
as you desire…


No, I think you are missing the point.
[It is true 10 GB root "/" is enough if "/usr", "/lib", "/var" and  
possibly others are on separate partition. But the auto-guided
partition when we instruct a separate "/home" directory does not  
separate all these bloated directories AND only reserve 10 GB "/".
This is crazy. I suspect with the easy-intall, ONLY using the entire  
partition (with the exception of swap) is really USABLE.
Pity since the easy install should give the simple and less time  
consuming step to do a REASONABLE install.

The current install when we pick "separate /home" fails this criteria.


My point is,
if we say, separate "/home", do it as instructed, but
reserve at least 30-50 GB (depending on the size of the disk/ssd/etc.)  
for the root partition so that at least, during the initial cycles of  
"get-apt update upgrade install", we won't run out of "/" partition.
Some admins are in a hurry and they expect a reasonable minimum for root  
partition.



This problem of running out of "/" partions have happened a few times in  
the last few years (especially since TeX packages have become very large  
and the default desktop requires TeX packages as part of  dependency.)


[Another issue, of course, is the non-intuitive manner to reach the  
desired FULL manual partition from the installer. I think the installer  
has DEGRADED in this regard over the years. I could not find the full  
manual partition easily this time. But I will file a different bug entry  
for the non-intuitive UI.]


I am attaching a partition list as a screen dump on a test install when  
the problem was noticed. Since the system I had was unusable when during  
the upgrade (apt-get upgrade) it ran out of "/" and nothing could be  
done further.
I could not even run debianbug command, etc. since it failed to execute  
properly.
I had to erase the crippled installation and start over. I captured the  
listing of "flist -l" before erasing the installation.


TIA

PS: if this particular bug entry is not the proper bug entry to complain  
about this grave usability issue (from the perspective busy sysadmins,  
let me know if I should file a new bug entry.

Bug#860064: [dnsmasq] startup failue when dns-root-data installed

[Liang Guo]

Package: dnsmasq
Version: 2.76-5+b1
Severity: normal

When dns-root-data installed, dnsmasq will failed to start with :

junk found in command line.

I debug this problem with "-x" In /etc/init.d/dnsmasq, this is the out put of
"journalctl -r":

4月 11 08:48:30 bcat dnsmasq[22850]: + DNSMASQ_USER=dnsmasq
4月 11 08:48:30 bcat dnsmasq[22850]: + 
DNSMASQ_OPTS=--conf-file=/etc/dnsmasq.conf --local-service
4月 11 08:48:30 bcat dnsmasq[22850]: + ROOT_DS=/usr/share/dns/root.ds
4月 11 08:48:30 bcat dnsmasq[22850]: + [ -f /usr/share/dns/root.ds ]
4月 11 08:48:30 bcat dnsmasq[22850]: + sed -e s/. IN DS /--trust-anchor=.,/ -e 
s/ /,/g /usr/share/dns/root.ds
4月 11 08:48:30 bcat dnsmasq[22850]: + tr \n
4月 11 08:48:30 bcat dnsmasq[22850]: + 
DNSMASQ_OPTS=--conf-file=/etc/dnsmasq.conf --local-service .172800  
  IN   
 DS
19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 .
172800INDS 
   
20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
4月 11 08:48:30 bcat dnsmasq[22850]: + [ ! -d /run/dnsmasq ]
4月 11 08:48:30 bcat dnsmasq[22850]: + exec /usr/sbin/dnsmasq -x 
/run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d --conf-
file=/etc/dnsmasq.conf --local-service . 172800 IN DS 
19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8f
b5 . 172800 IN DS 
20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
4月 11 08:48:30 bcat dnsmasq[22850]: dnsmasq: junk found in command line
4月 11 08:48:30 bcat dnsmasq[22850]: junk found in command line
4月 11 08:48:30 bcat dnsmasq[22850]: FAILED to start up
4月 11 08:48:30 bcat systemd[1]: dnsmasq.service: Control process exited, 
code=exited status=1
4月 11 08:48:30 bcat systemd[1]: Failed to start dnsmasq - A lightweight DHCP 
and caching DNS server.
4月 11 08:48:30 bcat systemd[1]: dnsmasq.service: Unit entered failed state.
4月 11 08:48:30 bcat systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
4月 11 08:49:05 bcat dnsmasq[22871]: junk found in command line
4月 11 08:49:05 bcat dnsmasq[22871]: FAILED to start up



options after ". 172800 IN DS" are imported from /usr/share/dns/root.ds

After remove dns-root-data, dnsmasq can be started successfully. 


--- System information. ---
Architecture: 
Kernel:   Linux 4.9.0-1-amd64

Debian Release: 9.0
  500 unstable192.168.2.12 
  500 stable  dl.google.com 
1 experimental192.168.2.12 

-- 
Thanks and Regards,
--
Liang Guo


signature.asc
Description: PGP signature

Bug#860063: fsolve docs should state that it cannot solve over- or under-determined problems

[James Van Zandt]

Package: python-scipy
Version: 0.18.1


I have a MATLAB program that uses fsolve() from the optimization toolbox.
I found that scipy offers a similar function.  I spent a fair amount of
time translating my program into Python, only to discover that the scipy
implementation (unlike the MATLAB one) requires that the number of
functions and the number of variables be equal.  The documentation for the
underlying minpack programs (hybrd and hybrj) makes this clear, but the
scipy documentation does not.  It should.  I suggest the attached patch.

(It might also be a good idea to add a mention of leastsq, which can handle
an over- or under-determined problem.)

- Jim Van Zandt


patch
Description: Binary data

Bug#860062: ITP: fancon -- High performance, configurable system & NVIDIA fan controller

[Hayden Briese]

Package: wnpp
Severity: wishlist
Owner: Hayden Briese 

* Package name: fancon
  Version : 0.10.2
  Upstream Author : Hayden Briese 
* URL : https://github.com/hbriese/fancon
* License : Apache v2
  Programming Lang: C++
  Description : High performance, configurable system & NVIDIA fan
controller

fancon is a multi-threaded, high performance fan control daemon
written in C++ aimed at low overhead, and configurability.
It provides meaningful configuration through PWM, RPM or percentage
speed control.
Support for both system (lm-sensors supported) & NVIDIA fans.

I am the developer for fancon, and developed it as an
alternative/replacement to the `fancontrol` package.
Please keep in mind that I appreciate the work the lm-sensors team has
done on `fancontrol`, and wish to improve Linux fan control in part
through use of their library `libsensors`.

fancon provides several key improvements over `fancontrol`:
- meaningful configuration - RPM & percentage speed control, not just
  PWM control as `fancontrol` provides (e.g. 5% or 600RPM vs 125PWM);
  note. PWM control is still supported.
- simpler configuration - greater readability and ease of use (a serious
  issue for `fancontrol` in my opinion).
- support for stopping fans with gauranteed start (minimum PWM is
  almost always lower than the starting PWM meaning you can't go
  from 0RPM -> 400RPM, but instead from 0 -> 500 -> 400),
  not supported by `fancontrol`.
- user doesn't require knowledge detailed knowledge of each fan as
  they do with `fancontrol` due to 'meaningful configuration' support
  (120PWM does not result in the same RPM for even the same
  model of fan).
- no limit on the number of configuration points,
  where as `fancontrol` has a limit of 3.
- no limit on the number of configuration points,
  where as `fancontrol` has a limit of 3.

I will maintain the package, which will be very frictionless - as both a
debian user, and the package's developer.
I am looking looking for a sponsor; you may contact me via email for
more information. The package has been built and is working well, just
requring finishing details such as the man doc.

Thanks,
Hayden

Bug#849722: python-xapian: QueryParser.add_boolean_prefix() throws TypeError with grouping=''

[Olly Betts]

Control: tag -1 + patch fixed-upstream

On Thu, Dec 29, 2016 at 10:11:08PM -0800, Jameson Graef Rollins wrote:
> servo:~ $ python -c "import xapian; qp = xapian.QueryParser(); 
> qp.add_boolean_prefix('tag', 'K', '')"
> Traceback (most recent call last):
>   File "", line 1, in 
>   File "/usr/lib/python2.7/dist-packages/xapian/__init__.py", line 10485, in 
> _queryparser_add_boolean_prefix
> return __queryparser_add_boolean_prefix_orig(self, s, proc, exclusive)
> TypeError: in method 'QueryParser_add_boolean_prefix', argument 4 of type 
> 'std::string const *'

I've committed a fix upstream:

https://trac.xapian.org/changeset/7a7c948abac86bee3cbb72d557520e30f77c88f6/git

I think applying this will have to wait until after stretch though.

But I found a better workaround, which is to pass a Unicode string for the
grouping parameter.  This works with the package currently in testing:

$ python -c "import xapian; qp = xapian.QueryParser(); 
qp.add_boolean_prefix('tag', 'K', u'')"

That uses the preferred form, and also works when the grouping parameter
isn't an empty string.

> Tried to report this issue upstream directly but I couldn't seem to
> register an account at trac.xapian.org.

Registering should now work reliably - it was a caching bug in the trac
account manager plugin.

Cheers,
Olly

Bug#860049: dovecot-core 1:2.2.13-12~deb8u2 (fix for bug 860049) seems to break dovecot dict key interpolation entirely

[Nick Thomas]

Hi,

dovecot-core/1:2.2.13-12~deb8u2 with a dict-based userdb or passdb no
longer interprets placeholders like %u in the keys even once.

The referenced commit claims to prevent double-parsing in a situation
like this:


username: fo...@example.com
config file: 

```
key userdb {
  key = userdb/%u
  format = json
}
```

result: userdb/foo...@example.com@example.com

Instead, it claims the result should be userdb/fo...@example.com

What I'm seeing is that the key actually becomes userdb/%u

I'm using the UNIX socket "proxy" protocol listed here: https://wiki2.d
ovecot.org/AuthDatabase/Dict


Similar issues with the passdb, which is similarly configured.

In 1:2.2.13-12~deb8u1, the proxy receives lines like:
"Lshared/passdb/foo.default.urgs.uk0.bigv.io"
In 1:2.2.13-12~deb8u2, the proxy receives lines like:
"Lshared/passdb/%u"

This comes up with the symbiosis integration to dovecot; I've got a
GitHub issue open with them here: https://github.com/BytemarkHosting/sy
mbiosis/issues/13 - I'm having trouble believing that dovecot-core
master's functionality is broken here, although I guess it's possible.
Their examples and wiki still show the "%u" syntax.

Regards,

Nick Thomas

Bug#860061: openlp: Openlp seems to be missing dependancy

[Paul Hedderly]

Package: openlp
Version: 2.4.4-1
Severity: normal
Tags: newcomer

Dear Maintainer,

Without libqt5multimedia5-plugins installed, most of OpenLP functions
without
issue, however linked-audio will not play, and/because the "system"
media
playback option will not work.

This bug I think has been present since the switch to QT5 with OLP2.4 -
took me
a while to work out why everything was fine on one box, and not
another!

Thanks for you work on this package. This bug is still present in
2.4.5-1 - and hopefully 2.4.6 can be pushed shortly :)



-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-rt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openlp depends on:
ii  libjs-jquery3.1.1-2
ii  libjs-jquery-mobile 1.2.0+dfsg-2
ii  python3-alembic 0.8.8-2
ii  python3-bs4 4.5.3-1
ii  python3-chardet 2.3.0-2
ii  python3-dbus1.2.4-1+b1
ii  python3-enchant 1.6.7-1
ii  python3-lxml3.7.3-1
ii  python3-mako1.0.6+ds1-2
ii  python3-pyqt5   5.7+dfsg-5
ii  python3-pyqt5.qtmultimedia  5.7+dfsg-5
ii  python3-pyqt5.qtopengl  5.7+dfsg-5
ii  python3-pyqt5.qtwebkit  5.7+dfsg-5
ii  python3-sqlalchemy  1.1.6+ds1-1
ii  python3-uno 1:5.2.6-2
ii  python3-xdg 0.25-4
pn  python3:any 

openlp recommends no packages.

Versions of packages openlp suggests:
pn  python3-mysql.connector  
pn  python3-psycopg2 

-- no debconf information

Bug#859978: [PATCH] cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores

[Ben Hutchings]

The switch that conditionally sets CPUPOWER_CAP_HAS_TURBO_RATIO and
CPUPOWER_CAP_IS_SNB flags is missing a break, so all cores get both
flags set and an assumed base clock of 100 MHz for turbo values.

Reported-by: GSR 
Tested-by: GSR 
References: https://bugs.debian.org/859978
Fixes: 8fb2e440b223 ("cpupower: Show Intel turbo ratio support via ...")
Signed-off-by: Ben Hutchings 
---
 tools/power/cpupower/utils/helpers/cpuid.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/power/cpupower/utils/helpers/cpuid.c 
b/tools/power/cpupower/utils/helpers/cpuid.c
index 93b0aa74ca03..39c2c7d067bb 100644
--- a/tools/power/cpupower/utils/helpers/cpuid.c
+++ b/tools/power/cpupower/utils/helpers/cpuid.c
@@ -156,6 +156,7 @@ int get_cpu_info(unsigned int cpu, struct cpupower_cpu_info 
*cpu_info)
 */
case 0x2C:  /* Westmere EP - Gulftown */
cpu_info->caps |= CPUPOWER_CAP_HAS_TURBO_RATIO;
+   break;
case 0x2A:  /* SNB */
case 0x2D:  /* SNB Xeon */
case 0x3A:  /* IVB */


signature.asc
Description: Digital signature

Bug#858078: Suggested param works

[Santiago Garcia Mantinan]

Hi!

I have tested linux-image-4.9.0-2-amd64 4.9.18-1 and keeps on failing like
previous versions.

However after adding the parameter suggested by Steve Cotton it works
perfectly, thanks for your suggestion, Steve.

I hope this helps with all this, sorry for not reporting before, I think
mail bounced or similar and I have just seen it.

Regards.
-- 
Manty/BestiaTester -> http://manty.net

Bug#860060: muttdown: move from contrib to main (or explain why in contrib)

[Paul Wise]

Source: muttdown
Severity: wishlist

muttdown is Free Software and has no external dependencies that I can
see, so it should be moved from contrib to main.

Alternatively, according to Debian Policy section 12.5:

> Packages in the contrib or non-free archive areas should state in the
> copyright file that the package is not part of the Debian
> distribution and briefly explain why.

https://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile

As far as I can tell the muttdown copyright file doesn't state that why
it is in contrib. Please add a Comment field explaining this.

http://metadata.ftp-master.debian.org/changelogs/contrib/m/muttdown/unstable_copyright
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#comment-field

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#860059: gdm3: Window lag

[Rodrigo]

Package: gdm3
Version: 3.14.1-7
Severity: important

Description:

Most of the time, all windows behave strangely. It's like they don't update
what they should show until you force change what they should display. For 
example: if I'm on rhytmbox acrolling some list with up and down arrows,
sometimes the screen does not show my latest button press. If I press it
again, it is noticeable that the key was pressed twice, even though it only
shows that at the second key press.



-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gdm3 depends on:
ii  accountsservice   0.6.37-3+b1
ii  adduser   3.113+nmu3
ii  dconf-cli 0.22.0-1
ii  dconf-gsettings-backend   0.22.0-1
ii  debconf [debconf-2.0] 1.5.56
ii  gir1.2-gdm3   3.14.1-7
ii  gnome-session [x-session-manager] 3.14.0-2
ii  gnome-session-bin 3.14.0-2
ii  gnome-settings-daemon 3.14.2-3
ii  gnome-shell   3.14.4-1~deb8u1
ii  gnome-terminal [x-terminal-emulator]  3.14.1-1+deb8u1
ii  gsettings-desktop-schemas 3.14.1-1
ii  libaccountsservice0   0.6.37-3+b1
ii  libaudit1 1:2.4-1+b1
ii  libc6 2.19-18+deb8u7
ii  libcanberra-gtk3-00.30-2.1
ii  libcanberra0  0.30-2.1
ii  libgdk-pixbuf2.0-02.31.1-2+deb8u5
ii  libgdm1   3.14.1-7
ii  libglib2.0-0  2.42.1-1+b1
ii  libglib2.0-bin2.42.1-1+b1
ii  libgtk-3-03.14.5-1+deb8u1
ii  libpam-modules1.1.8-3.1+deb8u2
ii  libpam-runtime1.1.8-3.1+deb8u2
ii  libpam-systemd215-17+deb8u6
ii  libpam0g  1.1.8-3.1+deb8u2
ii  librsvg2-common   2.40.5-1+deb8u2
ii  libselinux1   2.3-2
ii  libsystemd0   215-17+deb8u6
ii  libwrap0  7.6.q-25
ii  libx11-6  2:1.6.2-3
ii  libxau6   1:1.0.8-1
ii  libxdmcp6 1:1.1.1-1+b1
ii  libxrandr22:1.4.2-1+b1
ii  lsb-base  4.1+Debian13+nmu1
ii  metacity [x-window-manager]   1:3.14.3-1
ii  mutter [x-window-manager] 3.14.4-1~deb8u1
ii  policykit-1   0.105-15~deb8u2
ii  ucf   3.0030
ii  x11-common1:7.7+7
ii  x11-xserver-utils 7.7+3+b1
ii  xterm [x-terminal-emulator]   312-2

Versions of packages gdm3 recommends:
ii  at-spi2-core   2.14.0-1
ii  desktop-base   8.0.2
ii  gnome-icon-theme   3.12.0-1
ii  gnome-icon-theme-symbolic  3.12.0-1
ii  x11-xkb-utils  7.7+1
ii  xserver-xephyr 2:1.16.4-1
ii  xserver-xorg   1:7.7+7
ii  zenity 3.14.0-1

Versions of packages gdm3 suggests:
ii  gnome-orca3.14.0-4+deb8u1
ii  libpam-gnome-keyring  3.14.0-1+b1

-- debconf information:
  gdm3/daemon_name: /usr/sbin/gdm3
* shared/default-x-display-manager: gdm3

Bug#860058: unblock: libnl3/3.2.27-2

[Heiko Stuebner]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libnl3

In CVE-2017-0553 a possible (but moderate) security issue was found
which resulted in bug #859948 against the Debian libnl3 package.

The 3.2.27-2 fixes this (and only this) issue.

debdiff:
diff -Nru libnl3-3.2.27/debian/changelog libnl3-3.2.27/debian/changelog
--- libnl3-3.2.27/debian/changelog  2016-01-24 23:54:53.0 +0100
+++ libnl3-3.2.27/debian/changelog  2017-04-10 11:48:23.0 +0200
@@ -1,3 +1,9 @@
+libnl3 (3.2.27-2) unstable; urgency=low
+
+  * Add upstream fix for CVE-2017-0553 (Closes: #859948)
+
+ -- Heiko Stuebner   Mon, 10 Apr 2017 11:48:23 +0200
+
 libnl3 (3.2.27-1) unstable; urgency=low

   * New upstream release
diff -Nru libnl3-3.2.27/debian/patches/debian/nlmsg_reserve-overflow.patch
libnl3-3.2.27/debian/patches/debian/nlmsg_reserve-overflow.patch
--- libnl3-3.2.27/debian/patches/debian/nlmsg_reserve-overflow.patch
1970-01-01 01:00:00.0 +0100
+++ libnl3-3.2.27/debian/patches/debian/nlmsg_reserve-overflow.patch
2017-04-10 10:55:21.0 +0200
@@ -0,0 +1,38 @@
+From 3e18948f17148e6a3c4255bdeaaf01ef6081ceeb Mon Sep 17 00:00:00 2001
+From: Thomas Haller 
+Date: Mon, 6 Feb 2017 22:23:52 +0100
+Subject: [PATCH] lib: check for integer-overflow in nlmsg_reserve()
+
+In general, libnl functions are not robust against calling with
+invalid arguments. Thus, never call libnl functions with invalid
+arguments. In case of nlmsg_reserve() this means never provide
+a @len argument that causes overflow.
+
+Still, add an additional safeguard to avoid exploiting such bugs.
+
+Assume that @pad is a trusted, small integer.
+Assume that n->nm_size is a valid number of allocated bytes (and thus
+much smaller then SIZE_T_MAX).
+Assume, that @len may be set to an untrusted value. Then the patch
+avoids an integer overflow resulting in reserving too few bytes.
+---
+ lib/msg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/msg.c b/lib/msg.c
+index 9af3f3a..3e27d4e 100644
+--- a/lib/msg.c
 b/lib/msg.c
+@@ -411,6 +411,9 @@ void *nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
+   size_t nlmsg_len = n->nm_nlh->nlmsg_len;
+   size_t tlen;
+
++  if (len > n->nm_size)
++  return NULL;
++
+   tlen = pad ? ((len + (pad - 1)) & ~(pad - 1)) : len;
+
+   if ((tlen + nlmsg_len) > n->nm_size)
+--
+2.9.3
+
diff -Nru libnl3-3.2.27/debian/patches/series
libnl3-3.2.27/debian/patches/series
--- libnl3-3.2.27/debian/patches/series 2016-01-24 00:36:27.0 +0100
+++ libnl3-3.2.27/debian/patches/series 2017-04-10 10:57:45.0 +0200
@@ -3,3 +3,4 @@
 debian/no-symvers.diff -p1
 debian/__nl_cache_ops_lookup-unstatic.diff -p1
 debian/_nl_socket_generate_local_port_no_release.diff -p1
+debian/nlmsg_reserve-overflow.patch -p1


unblock libnl3/3.2.27-2

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Bug#860033: [Pkg-zsh-devel] Bug#860033: /usr/bin/zsh gone after dist-upgrade

[Axel Beckert]

Control: tag -1 - unreproducible moreinfo

Hi Adrian!

Adrian Bunk wrote:
> I think I understand where the problem is:
> 
> The link is not created due to the old alternatives link still existing.

Thanks for that insight. That also explains why I haven't found it on
my already upgraded systems: I've upgraded them already a while ago
and they saw at least one more zsh upgrade since then, so the symlink
came back on that occassion and I didn't notice that it vanished when
it happened initially.

> This block has to be moved after the
>   update-alternatives --remove zsh /bin/zsh5

Sounds like the right solution, yes. Will test it.

ilf: Thanks for the additional data, too.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#860057: intltool-debian: Unescaped left brace in regex is deprecated

[Ben Wiederhake]

Package: intltool-debian
Version: 0.35.0+20060710.4
Severity: minor

Dear future Maintainer,

it seems that #787537 has come back.

Exact message:

Unescaped left brace in regex is deprecated, passed through in regex; 
marked by <-- HERE in m/\${ <-- HERE ?PACKAGE_NAME}?/ at 
/usr/bin/intltool-update line 1071,  line 101.

Note that this is a different set of lines (soecifically: 1 line)
 than the previous report.

This bug does not impede functionality.  I just wanted to document that
this is another issue one might want to work on.

Cheers,
Ben Wiederhake


-- System Information:
Debian Release: 9.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages intltool-debian depends on:
ii  gettext  0.19.8.1-2
ii  perl 5.24.1-2

intltool-debian recommends no packages.

intltool-debian suggests no packages.

-- no debconf information

Bug#839639: latexml: Fails to load Error.pm

[Mark J. Nelson]

tags 839639 upstream fixed-upstream
forwarded 839639 https://rt.cpan.org/Public/Bug/Display.html?id=112442
thanks

This was fixed upstream in the 0.8.2 release.

-- 
Mark J. Nelson
The MetaMakers Institute
Falmouth University
http://www.kmjn.org

Bug#860043:

[Olly Betts]

On Mon, Apr 10, 2017 at 04:42:14PM +, Gianfranco Costamagna wrote:
> Hello, poedit2 is having a lot of asserts and segfaulting (IIRC).
> Reason is a bug in wxpython3.0 and the fix from Poedit upstream has already
> been merged to wx upstream (3.0 maint branch too)
> 
> Please cherry-pick the following fix
> https://github.com/wxWidgets/wxWidgets/commit/ed88188be7e97a0503f3471f7b0452740b732902.patch
> I don't know if poedit1 is affected, but I would appreciate a fix in any case
> (poedit2 is experimental only)
> 
> (I'm open to a team upload too, just ask me!)

It looks like pretty safe patch (though it's not code I'm familiar with),
and I believe fixes for severity important via unstable are still OK so if
you want to upload and request a freeze exception that seems reasonable to
me.

Please remember to push the packaging changes to the repo, along with a
signed tag.

Cheers,
Olly

Bug#860056: unblock: python-cassandra-driver/3.7.1-2.1

[Thomas Goirand]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package python-cassandra-driver

This upload removes the -dbg packages for the arch that are producing empty
packages. It is not the best fix, but at least it closes the RC bug.
Please also override the migration delay to 5 days instead of 10, as
otherwise the package will AUTORM (as well as openstack-trove, which I'm
trying to save here).

Debdiff attached, as always.

Please unblock python-cassandra-driver/3.7.1-2.1,

Thomas Goirand (zigo)
diff -Nru python-cassandra-driver-3.7.1/debian/changelog python-cassandra-driver-3.7.1/debian/changelog
--- python-cassandra-driver-3.7.1/debian/changelog	2017-01-08 16:28:48.0 +
+++ python-cassandra-driver-3.7.1/debian/changelog	2017-04-10 21:52:26.0 +
@@ -1,3 +1,12 @@
+python-cassandra-driver (3.7.1-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Remove some arch that are failing for the -dbg packages (Closes: #857298),
+this is only a quick temporary fix for Stretch, anyone with more time to
+fix properly is welcome to do so.
+
+ -- Thomas Goirand   Mon, 10 Apr 2017 21:52:26 +
+
 python-cassandra-driver (3.7.1-2) unstable; urgency=medium
 
   * debian/rules
diff -Nru python-cassandra-driver-3.7.1/debian/control python-cassandra-driver-3.7.1/debian/control
--- python-cassandra-driver-3.7.1/debian/control	2017-01-08 16:28:48.0 +
+++ python-cassandra-driver-3.7.1/debian/control	2017-04-10 21:52:26.0 +
@@ -32,7 +32,7 @@
 Package: python-cassandra-dbg
 Section: debug
 Priority: extra
-Architecture: any
+Architecture: amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 kfreebsd-i386 mips64el mipsel ppc64el
 Depends: ${python:Depends}, ${misc:Depends}, ${shlibs:Depends}, python-cassandra (= ${binary:Version}),
 Suggests: python-snappy, python-lz4, python-blist
 Description: Python driver for Apache Cassandra (debug)
@@ -78,7 +78,7 @@
 Package: python3-cassandra-dbg
 Section: debug
 Priority: extra
-Architecture: any
+Architecture: amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 kfreebsd-i386 mips64el mipsel ppc64el
 Depends: ${python3:Depends}, ${misc:Depends}, ${shlibs:Depends}, python3-cassandra (= ${binary:Version})
 Suggests: python3-blist
 Description: Python driver for Apache Cassandra (Python 3 debug)

Bug#860055: RFP: dino -- modern XMPP client

[W. Martin Borgert]

Package: wnpp
Severity: wishlist

* Package name: dino
  Version : none yet
  Upstream Author : unknown
* URL : https://github.com/dino/dino
* License : GPL3
  Programming Lang: C, Vala
  Description : modern XMPP client

dino is a modern XMPP client with a nice and clean look.
It does support OMEMO and OpenPGP for end-to-end encryption.

Note 1: The program is not yet "ready", but would be fine
for the experimental suite.

Note 2: The program is licensed GPL3, but uses OpenSSL.
IIRC, this needs some work.

Bug#858125: e1000: ethernet interface hangs occasionally, kernel reports hang

[Bruce Momjian,,,]

On Thu, Mar 23, 2017 at 03:25:15PM -0400, Bruce Momjian,,, wrote:
> I had four more 14 hours later so I created new files that also include
> the earlier ones:
> 
>   http://momjian.us/expire/eth0/dmesg2.txt
>   http://momjian.us/expire/eth0/ethtool2.gz
> 
> The last two dmesg lines at 13:29  are me turning of flow control on the
> switch so they are not problems.

My system is working fine with flow control turned off.  What are my
next steps?

* Additional debugging
* Patched or updated Ethernet driver
* Try a new Ethernet card
* Nothing?

-- 
  Bruce Momjian  http://momjian.us
  EnterpriseDB http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+  Ancient Roman grave inscription +

Bug#860054: ITP: node-static-module -- convert module usage to inline expressions

[Bastien ROUCARIES]

Package: wnpp
Severity: wishlist
Owner: Bastien Roucariès 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-static-module
  Version : 1.3.1
  Upstream Author : James Halliday  (http://substack.net)
* URL : https://github.com/substack/static-module
* License : Expat
  Programming Lang: JavaScript
  Description : convert module usage to inline expressions

This module outputs a transform stream that transforms javascript
source input to
 javascript source output with each property in the `modules` object expanded in
  inline form.
  .
This is used in javascript tool like brfs
 .
 Node.js is an event-based server-side JavaScript engine.

Bug#850723: heimdal: FTBFS on x32 because libtommath thinks it’s amd64

[Brian May]

Dominique Dumont  writes:

> libtommath upstream cannot reproduce this problem.
>
> Could you try to build heimdal with a more recent version of libtommath ? 
> (like the version that packaged in Debian)

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850723#10.

You already fixed this bug in libtommath, but this bug is against
Heimdal not libtommath. As the bug is not fixed in Heimdal so we have to
keep this bug report open.
-- 
Brian May 

Bug#860053: ITP: vim-ledger -- Vim plugin for Ledger

[Edward Betts]

Package: wnpp
Severity: wishlist
Owner: Edward Betts 

* Package name: vim-ledger
  Version : 1.0.0
  Upstream Author : Johann Klähn 
* URL : https://github.com/ledger/vim-ledger
* License : GPL 2 or later
  Programming Lang: Vim
  Description : Vim plugin for Ledger

Ledger is a powerful and flexible double-entry accounting system run
entirely from the command line. Your accounts ledger is stored in a
plain-text files with a very simple and readable format,

This plugin provides Vim syntax highlighting and folding for Ledger
files.

I convinced the upstream author to tag a release on github so I could
package it.

Bug#859793: fluidsynth: Package has infringed GPL

[Peter Hanappe]

Hello all,

I agree that the licenses in fluidsynth are not completely consisted and
Debian is right to make sure that they are.
However, it seems that chorus.c is now under the LGPL license. From
https://sourceforge.net/p/sox/code/ci/master/tree/COPYING:

  SoX source code is distributed under two main licenses. The two
  licenses are in the files LICENSE.GPL and LICENSE.LGPL. sox.c,
  and thus SoX-the user application, is distributed under the
  GPL, while the files that make up libsox are licensed under the
  less restrictive LGPL.

In the Makefile.am, you can see that chorus.c is part of libsox
(https://sourceforge.net/p/sox/code/ci/master/tree/src/Makefile.am).

I don't check the list of contributors to
fluidsynth_chorus.c. There was Markus Nentwig and me but surely
others, too. However, since fluidsynth was under LGPL
with "Copyright (C) 2003 Peter Hanappe and others" from the
beginning, I don't believe any contributors to
fluidsynth_chorus.c would object to putting their changes to that
file under the LGPL. I'll happily make my changes available under
that license.

So, because SoX/chorus.c is now under the LGPL and all the
changes that have been made between chorus.c and
fluidsynth_chorus.c fall under the LGPL, I believe that
fluidsynth_chorus.c can be put under the LGPL, too.

Cheers,
Peter



On 04/10/2017 12:38 PM, Javier Serrano Polo wrote:

El dl 10 de 04 de 2017 a les 09:24 +0200, David Henningsson va escriure:

What makes things slightly easier for us as upstream is that FluidSynth
is released under LGPL rather than GPL. LGPL allows linking to custom
licenses.

This is not the case because fluid_chorus.c is part of the library and
must respect rights under LGPL.

Rewriting fluid_chorus.c could be one first step. However, we could wait
some time until Chris Bagwell tells us about the original source; Chris
Bagwell or Peter Hanappe, it is not clear to me that fluid_chorus.c
comes from SoX.

Bug#859943: [Pkg-openldap-devel] Bug#859943: openldap: [INTL:pt] Portuguese translation for debconf messages

[Traduz - DebianPT]

Hi Ryan,

You're welcome.
In attach goes the updated pt debconf translation.




On 09-04-2017 23:43, Ryan Tandy wrote:

Control: tag -1 - patch

Hi,

Thank you for the translation! Unfortunately it seems to be based on 
an older revision of the English text. (I sent a call for translations 
of the updated English text on 2017-01-09.)


I'm attaching the po file with the English messages updated and the 
translations marked as fuzzy. Would it be possible for you to update 
them?


Thank you very much for the contribution, and my apologies for not 
having the updated English messages in unstable sooner.


--
Best regards,

"Traduz" - Portuguese Translation Team
http://www.DebianPT.org

# Portuguese translation for openldap debconf messages.
# Copyright (C) Tiago Fernandes , 2006
# This file is distributed under the same license as the openldap package.
#
# Tiago Fernandes , 2006,2008,2010.
# Rui Branco - DebianPT , 2017.
msgid ""
msgstr ""
"Project-Id-Version: openldap 2.4.44+dfsg-3\n"
"Report-Msgid-Bugs-To: openl...@packages.debian.org\n"
"POT-Creation-Date: 2017-01-10 05:24+\n"
"PO-Revision-Date: 2017-04-10 22:08+\n"
"Last-Translator: Rui Branco - DebianPT \n"
"Language-Team: Portuguese \n"
"Language: pt\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2;\n"

#. Type: boolean
#. Description
#: ../slapd.templates:1001
msgid "Omit OpenLDAP server configuration?"
msgstr "Omitir a configuração do servidor OpenLDAP?"

#. Type: boolean
#. Description
#: ../slapd.templates:1001
msgid ""
"If you enable this option, no initial configuration or database will be "
"created for you."
msgstr ""
"Se activar esta opção, não será criada inicialmente uma configuração ou base "
"de dados para si."

#. Type: select
#. Choices
#: ../slapd.templates:2001
msgid "always"
msgstr "sempre"

#. Type: select
#. Choices
#: ../slapd.templates:2001
msgid "when needed"
msgstr "quando necessário"

#. Type: select
#. Choices
#: ../slapd.templates:2001
msgid "never"
msgstr "nunca"

#. Type: select
#. Description
#: ../slapd.templates:2002
msgid "Dump databases to file on upgrade:"
msgstr "Despejar as bases de dados para ficheiro durante a actualização:"

#. Type: select
#. Description
#: ../slapd.templates:2002
msgid ""
"Before upgrading to a new version of the OpenLDAP server, the data from your "
"LDAP directories can be dumped into plain text files in the standard LDAP "
"Data Interchange Format."
msgstr ""
"Antes de actualizar para uma nova versão do servidor OpenLDAP, os dados dos "
"seu directórios LDAP podem ser despejados para ficheiros de texto simples no "
"formato padronizado LDAP Data Interchange Format."

#. Type: select
#. Description
#: ../slapd.templates:2002
msgid ""
"Selecting \"always\" will cause the databases to be dumped unconditionally "
"before an upgrade. Selecting \"when needed\" will only dump the database if "
"the new version is incompatible with the old database format and it needs to "
"be reimported. If you select \"never\", no dump will be done."
msgstr ""
"Seleccionar \"sempre\" fará com as bases de dados sejam despejadas "
"incondicionalmente antes de uma actualização. Seleccionar \"quando"
" necessário\" "
"irá apenas despejar a base de dados se a nova versão for incompatível com "
"o formato da base de dados antiga e for necessário reimportar-la. Se "
"seleccionar \"nunca\", não será feito qualquer despejo."

#. Type: string
#. Description
#: ../slapd.templates:3001
msgid "Directory to use for dumped databases:"
msgstr "Directório a utilizar para bases de dados despejadas:"

#. Type: string
#. Description
#: ../slapd.templates:3001
msgid ""
"Please specify the directory where the LDAP databases will be exported. In "
"this directory, several LDIF files will be created which correspond to the "
"search bases located on the server. Make sure you have enough free space on "
"the partition where the directory is located. The first occurrence of the "
"string \"VERSION\" is replaced with the server version you are upgrading "
"from."
msgstr ""
"Por favor, especifique o directório para onde as bases de dados LDAP serão "
"exportadas. Dentro deste directório serão criados vários ficheiros LDIF que "
"correspondem às bases de pesquisas localizadas no servidor. Assegure-se que "
"tem espaço livre suficiente na partição onde se encontra o directório. A "
"primeira ocorrência da string \"VERSION\" é substituída com a versão do "
"servidor que está a actualizar."

#. Type: boolean
#. Description
#: ../slapd.templates:4001
msgid "Move old database?"
msgstr "Mover a base de dados antiga?"

#. Type: boolean
#. Description
#: ../slapd.templates:4001
msgid ""
"There are still files in /var/lib/ldap which will probably break the "
"configuration process. If you enable this option, the 

Bug#851420: Hold the removal, please!

[Marten de Vries]

Dear awesome people from Debian,

As you can see in https://bugs.launchpad.net/openteacher/+bug/1547432 ,
I did the unexpected and restarted the OpenTeacher project, with an
upgrade to Qt 5 in the works.

Also, although that work is not done yet, I would caution against
removal of the package from the repositories in the meantime, as a
subset of the OpenTeacher application can function just fine without
QtWebKit. It degrades gracefully when missing dependencies.

Hope this helps.

Regards,,

-- 
Marten de Vries
mar...@openteacher.org

Bug#860052: can generate illegal and thus lost e-mail messages due to long lines

[Paul Traina]

Package: logcheck
Version: 1.3.18
Severity: important
Tags: security

[Note: I've tagged this with security because of the DoS potential,
where admins relying on logcheck can have their logs "lost" if someone
generates a long log message. Your choice whether you think it's
legitimate or not, but I am obligated to point it out.]

If a log line is generated that is >998 characters, logcheck will
generate an illegal (MUST in SMTP RFC is violated) e-mail message that
exim (and possibly other mailers) will choke on.

This was caused because we force mime-encode to use an encoding of 7bit
on the resultant logfiles.

That's fundamentally a mistake, as mime-encode is smart enough to
recognize that the encoding needs to be changed in cases where lines
have non-ascii characters or are too long, and will re-encode as
quoted-printable.

I can imagine, in days past, that this was a deliberate choice because
so many sysadmin types were using non-mime-compliant MUAs and wanted to
be able to simply cut and paste out of /bin/mailx output, but we don't
live in that universe and haven't for a couple of decades.

Dropping all log messages because of one overly-long-line is highly
problematic.

Fix:

Any place in `/usr/sbin/logcheck` where there is --enconding "7bit"
can simply be removed.  Let mime-encode do its job, it knows better than
logcheck what to do with the input data.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-042stab120.16 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages logcheck depends on:
ii  adduser3.115
ii  cron [cron-daemon] 3.0pl1-128+b1
ii  exim4-daemon-light [mail-transport-agent]  4.88-5
ii  lockfile-progs 0.1.17+b1
ii  logtail1.3.18
ii  mime-construct 1.11+nmu2
ii  rsyslog [system-log-daemon]8.24.0-1

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.18

Versions of packages logcheck suggests:
pn  syslog-summary  

-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: 
'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: 
'/etc/logcheck/logcheck.logfiles'

-- no debconf information

Bug#857131: RFS: fgrun/2016.4.0-0.1 [RC, NMU]

[Markus Wanner]

control: tag -1 -wontfix

On 04/10/2017 05:39 PM, Mattia Rizzolo wrote:
> On Fri, Mar 10, 2017 at 07:58:52AM -0700, Sean Whitton wrote:
> Markus: would you please take this RFS to its end?

I'm rather busy with stretch issues I'd like to fix (and then there's
the day job as well...)

I take it granted there's enough interest to re-introduce fgrun to
unstable (without an unblock request, that doesn't affect stretch, and
given there's nothing to possibly upgrade in stretch, there's no need
for an upload to experimental, only).

@Boyuan: could you please:

 a) change the watch file to point to the github mirror and
release tags you found? (Or provide some other way of automatically
fetching an orig.tar.gz?)

 b) commit your changes to alioth / collab-maint (do you have access,
there?)

 c) add yourself as an uploader, I'm happy to review and sponsor
uploads of fgrun for you.

Kind Regards

Markus Wanner




signature.asc
Description: OpenPGP digital signature

Bug#859800: [debian-mysql] jessie -> stretch upgrade with MySQL 5.5

[Ondřej Surý]

Hi Paul,

so I still can't reproduce the error you have seen.

There are couple of things that might be improved[1][2], but the
/var/run/mysqld should be created on start under either sysvinit or
systemd.

Are you sure that you haven't done any manual changes to
/etc/init.d/mysql that would cause dpkg to not replace it with new
script? Is there something like /etc/init.d/mysql.dpkg-* present on your
NAS system (although I can start mariadb even with the old MySQL 5.5
init.d script).

Would you be willing to test it again on your system:

a) stop mariadb server
b) rm -rf /var/run/mysqld
c) start mariadb server

Does it fails to create /var/run/mysqld?  If not, then (on sysvinit
system) output of:

sh -x /etc/init.d/mysql start

or on systemd init system output of

journalctl --unit=mariadb

would be appreciated.

(Or can I catch you on IRC/Jabber/?)

Minor nits:
1. systemd unit should use tmpfiles instead of running install -d
2. there's a race condition where /var/run/mysqld is a dangling symlink,
but that's should not happen

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Mon, Apr 10, 2017, at 22:11, Ondřej Surý wrote:
> Paul,
> 
> thanks, my E_TOO_MANY_EMAILS hit me again.  Seems like the error can be
> safely ignored, and the real issue is the missing rundir.
> 
> So, couple more questions:
> 
> 1. what init system does your NAS have after upgrade?
> 2. did you reboot the system between removing mysql-server-5.5 and
> mariadb-server-10.0 (purging /var/run on tmpfs)?
> 
> Cheers,
> -- 
> Ondřej Surý 
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
> fast DNS(SEC) resolver
> Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
> pečení chleba všeho druhu
> 
> On Mon, Apr 10, 2017, at 22:05, Paul Gevers wrote:
> > Oh, and I assume you take
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859800 into account.
> > That has an update with respect to my first e-mail.
> > 
> > Paul
> > 
> > On 04/10/17 22:00, Ondřej Surý wrote:
> > > I spoke too soon. I see the aforementioned errors in the log file:
> > > 
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Using mutexes to ref
> > > count buffer pool pages
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: The InnoDB memory
> > > heap is disabled
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Mutexes and rw_locks
> > > use GCC atomic builtins
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: GCC builtin
> > > __atomic_thread_fence() is used for memory barrier
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Compressed tables use
> > > zlib 1.2.8
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Using Linux native
> > > AIO
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Using SSE crc32
> > > instructions
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Initializing buffer
> > > pool, size = 128.0M
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Completed
> > > initialization of buffer pool
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Highest supported
> > > file format is Barracuda.
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Creating tablespace
> > > and datafile system tables.
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Tablespace and
> > > datafile system tables created.
> > > 2017-04-10 19:48:36 140304128580992 [Warning] InnoDB: Resizing redo log
> > > from 2*320 to 2*3072 pages, LSN=1600094
> > > 2017-04-10 19:48:36 140304128580992 [Warning] InnoDB: Starting to delete
> > > and rewrite log files.
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Setting log file
> > > ./ib_logfile101 size to 48 MB
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Setting log file
> > > ./ib_logfile1 size to 48 MB
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Renaming log file
> > > ./ib_logfile101 to ./ib_logfile0
> > > 2017-04-10 19:48:36 140304128580992 [Warning] InnoDB: New log files
> > > created, LSN=1600524
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: 128 rollback
> > > segment(s) are active.
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Waiting for purge to
> > > start
> > > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB:  Percona XtraDB
> > > (http://www.percona.com) 5.6.35-80.0 started; log sequence number
> > > 1595685
> > > 2017-04-10 19:48:36 140303495309056 [Note] InnoDB: Dumping buffer
> > > pool(s) not yet started
> > > 2017-04-10 19:48:36 140304075331328 [ERROR] Incorrect definition of
> > > table mysql.proc: expected column 'sql_mode' at position 14 to have type
> > > 

Bug#827936: [Po4a-devel] Bug#827936: po4a: please implement support for Ruby document format

[Francesco Poli]

Control: tags -1 + patch


On Mon, 27 Mar 2017 09:15:38 +0200 Martin Quinson wrote:

> On Sun, Mar 26, 2017 at 04:03:47PM +0200, Martin Quinson wrote:
> > Hello,

Hi!

> > 
> > it took me a while, but I had a look at your code, at least. Your new
> > module seem very reasonnable to me, thank you.

Good, I am glad to read this.

> > 
> > The thing is that I don't quite understand the tests. Could you please
> > give your files sensible names? Have a look at how the AsciiDoc tests
> > are organized: they are in t/data-30. You have a bunch of source
> > files, one per feature set. And for each file you have a out and po
> > files. All of these files are listed in t/30-asciidoc.t 
> > 
> > So you just have to "cp t/30-asciidoc.t t/31-rubydoc.t", edit
> > t/31-rubydoc.t to change the asciidoc tests into rubydoc ones.
> > 
> > if you have any issue with integrating your tests, I can certainly do
> > that, but I'd need you to give sensible names to the test files, please.

I am attaching a full patch, with the new module, the new tests,
everything with respect to po4a version 0.51.
I hope this satisfies your expectations, since I have devoted a
quantity of spare time to it and it was not easy to find such time...

> > 
> > Sorry for the latency, I'll try to be more responsive in the future.
> > 
> 
> In addition, you'll need the attached patch to integrate your module
> to po4a and play with the test directory. It assumes that your Rd.pm
> file is renamed as lib/Locale/Po4a/RubyDoc.pm (as it should).

These modifications are included in the patch I am sending right now.


Further actions yet to be performed:

 * the new module should probably be added to  t/01-classes.t
   (could you please do it for me?)

 * three new copyright lines should be added to  debian/copyright
   (please remember to do so; please note that my patch is released
under the terms of the GNU GPL v2 or later, just like most of po4a)

Copyright (c) 2016-2017 by Francesco Poli
 Copyright (c) 2004 by MoonWolf
 Copyright (c) 2011-2012 by Youhei SASAKI


 * my patch is to be applied to the official version of po4a
   (only you po4a developers can do that, so please accept it)

 * a new version of po4a will have to be uploaded to Debian unstable
   (please do so, when possible)

> 
> Thanks for your time and patience,

You're welcome.

Looking forward to seeing this new module accepted in po4a.
Bye!


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


add-rubydoc-module.diff.gz
Description: application/gzip


pgpH7CCv6rL2k.pgp
Description: PGP signature

Bug#859311: [Fwd: Bug#859311: fix date formating]

[Florian Ernst]

Hello Tom,

thanks for your research!

However, I'll merely leave this to the upstream author for
consideration, forwarding now ...

Cheers,
Flo
--- Begin Message ---
Dear Florian,

i found this searching with google:

https://paste.softver.org.mk/db4f44ed085a3a98fc746be845737363


  1.  --- tree.c 2014-05-25 11:26:32.379254443 +0200
  2.  +++ tree.c 2014-05-25 14:37:09.794311844 +0200
  3.  @@ -1029,6 +1029,8 @@ char *do_date(time_t t)
  4.  tm = localtime();
  5.
  6.  if (timefmt) {
  7.  + setlocale(LC_TIME,"");
  8.  +
  9.  strftime(buf,255,timefmt,tm);
  10. buf[255] = 0;
  11. } else {


Maybe this could fix the broken local time

thx
Tom
--- End Message ---

Bug#860051: praat: Crashes on any attempt to run

[Alex Hedges]

Package: praat
Version: 5.4.0-1
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***

When I invoke `praat' without arguments from an ordinary shell
prompt, it crashes and displays error messages.
Here is a transcript:

$ praat

(praat:9464): GLib-GObject-WARNING **: invalid (NULL) pointer instance

(praat:9464): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion 
'G_TYPE_CHECK_INSTANCE (instance)' failed

(praat:9464): Gtk-WARNING **: Screen for GtkWindow not set; you must always set
a screen for a GtkWindow before using the window

(praat:9464): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion 
'GDK_IS_SCREEN (screen)' failed

(praat:9464): Gdk-CRITICAL **: IA__gdk_colormap_get_visual: assertion 
'GDK_IS_COLORMAP (colormap)' failed

(praat:9464): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion 
'GDK_IS_SCREEN (screen)' failed

(praat:9464): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion 
'GDK_IS_SCREEN (screen)' failed

(praat:9464): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion 
'GDK_IS_SCREEN (screen)' failed

(praat:9464): Gdk-CRITICAL **: IA__gdk_window_new: assertion 'GDK_IS_WINDOW 
(parent)' failed
Segmentation fault


-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 4.4.30-ti-r64 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages praat depends on:
ii  libatk1.0-0  2.14.0-1
ii  libc62.19-18+deb8u7
ii  libcairo21.14.0-2.1+deb8u2
ii  libfontconfig1   2.11.0-6.3+deb8u1
ii  libfreetype6 2.5.2-3+deb8u1
ii  libgcc1  1:4.9.2-10
ii  libgdk-pixbuf2.0-0   2.31.1-2+deb8u5
ii  libglib2.0-0 2.42.1-1+b1
ii  libgtk2.0-0  2.24.25-3+deb8u1
ii  libpango-1.0-0   1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-01.36.8-3
ii  libstdc++6   4.9.2-10
ii  oss-compat   6
ii  python   2.7.9-1

Versions of packages praat recommends:
ii  xfonts-100dpi  1:1.0.3
ii  xfonts-75dpi   1:1.0.3

praat suggests no packages.

-- no debconf information

Bug#637744: proftpd-mod-ldap: LDAPServer scope doesn't work

[Hilmar Preuße]

Am 16.02.2017 um 00:53 tastete Dmitry Katsubo:

Hi Dimitry,


I think this is about the same matter. If I remember correctly, I have
originally using "LDAPSearchScope subtree", which at some moment was broken
(bug#500731), and then I tried "LDAPServer ldap://localhost??sub; which also
didn't work, but after updating to v1.3.2 it worked fine. Then I believe it was
broken again (bug#637744).

Maybe I miss something (quite some time had passed), however I confirm that
"LDAPServer ldap://localhost??sub; works for me since v1.3.2 up to v1.3.5a-1
which I am using now.

Do you want to focus on "LDAPSearchScope subtree" issue at the moment?
Well, I quickly tried

LDAPServer localhost
LDAPSearchScope subtree

and it seems to work as expected. I cannot be 100% sure, but I'll let one
know in bugzilla if I find any problem.


Thanks for response!

The upstream bug http://bugs.proftpd.org/show_bug.cgi?id=4289 is now 
solved in 1.3.6. Please be so kind to check if that log entry[1] 
together w/ the FAQ[2] solves/describes your problem. Currently my 
impression is: we have various methods to specify the search scope and 
(depending on the used version) some work and some don't. :-(
No, the 1.3.6 is not available in Debian and won't be before the next 
release.


Hilmar

[1]
- Bug 4289 - LDAPSearchScope does not alter search scope as expected. 
When the LDAPServer directive is used with LDAP URLs, the 
LDAPSearchScope should not be used; the handler was failing to handle 
this case properly.

[2] http://www.proftpd.org/docs/contrib/mod_ldap.html#ScopesFAQ

--
#206401 http://counter.li.org

Bug#859978: linux-cpupower: wrong turbo speeds reported on Nehalem

[GSR]

Hi,
b...@decadent.org.uk (2017-04-10 at 1904.15 +0100):
> I've attached the patch that should fix this.  Please either test this
> patch or the modified packages (linux-cpupower & libcpupower1 version
> 4.9.18-2~a.test) from .

Works, now it reports 3200, 3200, 3467, 3600 MHz.

Maybe it should report 3.200 GHz etc like all the other lines
(= standardise on one unit and format). :)

Thank you,
GSR
 

Bug#860050: RFS: xtensor/0.8.4-1

[Anton Gladky]

Hi Ghis,

I will try to sponsor this package within the next 2 days, if it is OK for you.

Anton


2017-04-10 21:46 GMT+02:00 Ghislain Antony Vaillant :
> Package: sponsorship-requests
> Severity: normal
>
> Dear mentors,
>
> * Package name: xtensor
>   Version : 0.8.4-1
>   Upstream Author : Johan Mabille and Sylvain Corlay
> * URL : http://quantstack.net/xtensor
> * License : BSD
>   Section : libs
>
> One can check out the package by visiting the following URL:
>
>   https://anonscm.debian.org/git/debian-science/packages/xtensor.git
>
> Changes since the last upload:
>
>   * New upstream version 0.8.4
>   * Drop the patch queue, applied upstream
>   * Fix the clean target when nodoc requested
>   * Change doc-base registration to Programming/C++
>
> Best regards,
> Ghis
>
>
> -- System Information:
> Debian Release: 9.0
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>

Bug#860050: RFS: xtensor/0.8.4-1

[Ghislain Vaillant]

Absolutely, thanks Anton.

Le 10 avr. 2017 9:10 PM, "Anton Gladky"  a écrit :

> Hi Ghis,
>
> I will try to sponsor this package within the next 2 days, if it is OK for
> you.
>
> Anton
>
>
> 2017-04-10 21:46 GMT+02:00 Ghislain Antony Vaillant :
> > Package: sponsorship-requests
> > Severity: normal
> >
> > Dear mentors,
> >
> > * Package name: xtensor
> >   Version : 0.8.4-1
> >   Upstream Author : Johan Mabille and Sylvain Corlay
> > * URL : http://quantstack.net/xtensor
> > * License : BSD
> >   Section : libs
> >
> > One can check out the package by visiting the following URL:
> >
> >   https://anonscm.debian.org/git/debian-science/packages/xtensor.git
> >
> > Changes since the last upload:
> >
> >   * New upstream version 0.8.4
> >   * Drop the patch queue, applied upstream
> >   * Fix the clean target when nodoc requested
> >   * Change doc-base registration to Programming/C++
> >
> > Best regards,
> > Ghis
> >
> >
> > -- System Information:
> > Debian Release: 9.0
> >   APT prefers unstable
> >   APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
> > Architecture: amd64 (x86_64)
> >
> > Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
> > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> > Shell: /bin/sh linked to /bin/dash
> > Init: systemd (via /run/systemd/system)
> >
>

Bug#859800: [debian-mysql] jessie -> stretch upgrade with MySQL 5.5

[Ondřej Surý]

Paul,

thanks, my E_TOO_MANY_EMAILS hit me again.  Seems like the error can be
safely ignored, and the real issue is the missing rundir.

So, couple more questions:

1. what init system does your NAS have after upgrade?
2. did you reboot the system between removing mysql-server-5.5 and
mariadb-server-10.0 (purging /var/run on tmpfs)?

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Mon, Apr 10, 2017, at 22:05, Paul Gevers wrote:
> Oh, and I assume you take
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859800 into account.
> That has an update with respect to my first e-mail.
> 
> Paul
> 
> On 04/10/17 22:00, Ondřej Surý wrote:
> > I spoke too soon. I see the aforementioned errors in the log file:
> > 
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Using mutexes to ref
> > count buffer pool pages
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: The InnoDB memory
> > heap is disabled
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Mutexes and rw_locks
> > use GCC atomic builtins
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: GCC builtin
> > __atomic_thread_fence() is used for memory barrier
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Compressed tables use
> > zlib 1.2.8
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Using Linux native
> > AIO
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Using SSE crc32
> > instructions
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Initializing buffer
> > pool, size = 128.0M
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Completed
> > initialization of buffer pool
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Highest supported
> > file format is Barracuda.
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Creating tablespace
> > and datafile system tables.
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Tablespace and
> > datafile system tables created.
> > 2017-04-10 19:48:36 140304128580992 [Warning] InnoDB: Resizing redo log
> > from 2*320 to 2*3072 pages, LSN=1600094
> > 2017-04-10 19:48:36 140304128580992 [Warning] InnoDB: Starting to delete
> > and rewrite log files.
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Setting log file
> > ./ib_logfile101 size to 48 MB
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Setting log file
> > ./ib_logfile1 size to 48 MB
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Renaming log file
> > ./ib_logfile101 to ./ib_logfile0
> > 2017-04-10 19:48:36 140304128580992 [Warning] InnoDB: New log files
> > created, LSN=1600524
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: 128 rollback
> > segment(s) are active.
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB: Waiting for purge to
> > start
> > 2017-04-10 19:48:36 140304128580992 [Note] InnoDB:  Percona XtraDB
> > (http://www.percona.com) 5.6.35-80.0 started; log sequence number
> > 1595685
> > 2017-04-10 19:48:36 140303495309056 [Note] InnoDB: Dumping buffer
> > pool(s) not yet started
> > 2017-04-10 19:48:36 140304075331328 [ERROR] Incorrect definition of
> > table mysql.proc: expected column 'sql_mode' at position 14 to have type
> > set('REAL_AS_FLOAT','PIPES_AS_CONCAT','ANSI_QUOTES','IGNORE_SPACE','IGNORE_BAD_TABLE_OPTIONS','ONLY_FULL_GROUP_BY','NO_UNSIGNED_SUBTRACTION','NO_DIR_IN_CREATE','POSTGRESQL','ORACLE','MSSQL','DB2','MAXDB','NO_KEY_OPTIONS','NO_TABLE_OPTIONS','NO_FIELD_OPTIONS','MYSQL323','MYSQL40','ANSI','NO_AUTO_VALUE_ON_ZERO','NO_BACKSLASH_ESCAPES','STRICT_TRANS_TABLES','STRICT_ALL_TABLES','NO_ZERO_IN_DATE','NO_ZERO_DATE','INVA
> > 2017-04-10 19:48:36 140304075331328 [ERROR] Incorrect definition of
> > table mysql.event: expected column 'sql_mode' at position 14 to have
> > type
> > set('REAL_AS_FLOAT','PIPES_AS_CONCAT','ANSI_QUOTES','IGNORE_SPACE','IGNORE_BAD_TABLE_OPTIONS','ONLY_FULL_GROUP_BY','NO_UNSIGNED_SUBTRACTION','NO_DIR_IN_CREATE','POSTGRESQL','ORACLE','MSSQL','DB2','MAXDB','NO_KEY_OPTIONS','NO_TABLE_OPTIONS','NO_FIELD_OPTIONS','MYSQL323','MYSQL40','ANSI','NO_AUTO_VALUE_ON_ZERO','NO_BACKSLASH_ESCAPES','STRICT_TRANS_TABLES','STRICT_ALL_TABLES','NO_ZERO_IN_DATE','NO_ZERO_DATE','INVALID_DATES','ERROR_FOR_DIVISION_BY_ZERO','TRADITIONAL','NO_AUTO_CREATE_USER','HIGH_NOT_PRECEDENCE','NO_ENGINE_SUBSTITUTION','PAD_CHAR_TO_FULL_LENGTH'),
> > found type
> > set('REAL_AS_FLOAT','PIPES_AS_CONCAT','ANSI_QUOTES','IGNORE_SPACE','NOT_USED','ONLY_FULL_GROUP_BY','NO_UNSIGNED_SUBTRACTION','NO_DIR_IN_CREATE','POSTGRESQL','ORACLE','MSSQL','DB2','MAXDB','NO_KEY_OPTIONS','NO_TABLE_OPTIONS','NO_FIELD_OPTIONS','MYSQL323','MYSQL40','ANSI','NO_AUTO_VALUE_ON_ZERO','NO_BACKSLASH_ESCAPES','STRICT_TRANS_TABLES','STRICT_A
> > ERROR: 1136  Column count doesn't match value count at row 1
> > 2017-04-10 19:48:36 

Bug#859787: davmail: new upstream version available - please upgrade

[Geert Stappers]

On Mon, Apr 10, 2017 at 06:45:27PM +0200, Alexandre Rossi wrote:
> > there is a new upstream version of DavMail available:
> > https://sourceforge.net/projects/davmail/files/davmail/4.8.0/
> >
> > Please consider upgrading the Debian package when convenient,
> > as it contains a couple of important improvements.
> 
> I will prepare an upload to experimental if my sponsor thinks it may
> be worth his time.

Just let me known and I'll upload.

Groeten
Geert Stappers
-- 
Leven en laten leven


signature.asc
Description: Digital signature

Bug#860050: RFS: xtensor/0.8.4-1

[Ghislain Antony Vaillant]

Package: sponsorship-requests
Severity: normal

Dear mentors,

* Package name: xtensor
  Version : 0.8.4-1
  Upstream Author : Johan Mabille and Sylvain Corlay
* URL : http://quantstack.net/xtensor
* License : BSD
  Section : libs

One can check out the package by visiting the following URL:

  https://anonscm.debian.org/git/debian-science/packages/xtensor.git

Changes since the last upload:

  * New upstream version 0.8.4
  * Drop the patch queue, applied upstream
  * Fix the clean target when nodoc requested
  * Change doc-base registration to Programming/C++

Best regards,
Ghis


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#860049: dovecot: CVE-2017-2669

[Salvatore Bonaccorso]

Source: dovecot
Version: 1:2.2.13-11
Severity: important
Tags: security upstream patch
Control: fixed -1 1:2.2.13-12~deb8u2

Hi,

the following vulnerability was published for dovecot.

CVE-2017-2669[0]:
|passdb/userdb dict: Don't double-expand %variables in keys. If dict
|was used as the authentication passdb, using specially crafted
|%variables in the username could be used to cause DoS

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2669

Regards,
Salvatore

Bug#551350: arpwatch: restart option

[Lukas Schwaighofer]

Hi Stephen,

I recently took over maintenance of arpwatch as part of the
pkg-security team, sorry for reviving this more than 7 years old bug.

Thanks for reporting the bug regarding the restart functionality and
providing a patch. As you probably know (or knew 7 years ago), the
restart functionality only works when arpwatch is run as root. I would
like to discourage anyone from running arpwatch as root, so I'm not
really in favor of implementing nice features that only work when
running as root.


Instead of merging your patch I propose the following:
* we drop the restart functionality altogether; it was introduced in
  Debian and is not part of upstream, so this would reduce the delta
  carried by Debian
* we change the systemd unit file to restart arpwatch automatically if
  it exits uncleanly

Would you be fine with that?


Thank you
Lukas


pgpq9q83d7_Av.pgp
Description: OpenPGP digital signature

Bug#859414: libiscsi: diff for NMU version 1.17.0-1.1

[Adrian Bunk]

Control: tags 859414 + pending

Dear maintainer,

I've prepared an NMU for libiscsi (versioned as 1.17.0-1.1) and
uploaded it to DELAYED/5. Please feel free to tell me if you
want to make an upload yourself.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

diff -Nru libiscsi-1.17.0/debian/changelog libiscsi-1.17.0/debian/changelog
--- libiscsi-1.17.0/debian/changelog	2016-05-24 12:20:05.0 +0300
+++ libiscsi-1.17.0/debian/changelog	2017-04-10 22:05:20.0 +0300
@@ -1,3 +1,11 @@
+libiscsi (1.17.0-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Don't disable PIE, to make static libraries usable with
+gcc defaulting to PIE. (Closes: #859414)
+
+ -- Adrian Bunk   Mon, 10 Apr 2017 22:05:20 +0300
+
 libiscsi (1.17.0-1) unstable; urgency=medium
 
   * new upstream release (Closes: #822870)
diff -Nru libiscsi-1.17.0/debian/rules libiscsi-1.17.0/debian/rules
--- libiscsi-1.17.0/debian/rules	2016-05-24 12:15:36.0 +0300
+++ libiscsi-1.17.0/debian/rules	2017-04-10 22:05:14.0 +0300
@@ -1,6 +1,6 @@
 #!/usr/bin/make -f
 
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
 
 %:
 	dh $@ --with autoreconf

Bug#782057: arpwatch problems

[Lukas Schwaighofer]

Control: tags -1 + moreinfo

Hi,

sorry for reviving such an old bug report.  I recently took over
maintenance of arpwatch as part of the pkg-security-team.


In your bug report you described two different problems.

1. Arpwatch does not start properly after startup, requires manual
   restart

Is this issue still present?  If it is, could you check if version
2.1a15-3, which was just uploaded to experimental, fixes the problem?
This new version has native systemd unit files and the startup is quite
different.


2. The arp.dat database was cleared (at least once)

Has this happened more often and/or can you reproduce this problem? I
can think of two reasons why this might have happened:

* two arpwatch instances are accidentally started using the same
  database file and there is a race condition with reading/writing the
  file
* the postinstall script, which used to copy the database around until
  version 2.1a15-1.3, might have cleared it (e.g. due to a
  dpkg-reconfigure)

Neither these two problems can happen any more with version 2.1a15-3,
but maybe your problem is something else.  If you have any further
information please let me know.


Thank you
Lukas


pgpd25LZIRqIb.pgp
Description: OpenPGP digital signature

Bug#860048: unblock: open-vm-tools/2:10.1.5-5055683-3

[Bernd Zeimetz]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi release team,

VMware asked me to change the boot order of vmtoolsd to start before
cloud init. This was necessary as the cloud-init is started early
in the boot process now - and without running vmtoolsd before
cloud-init a VM customization is not possible.

For details see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859677
https://bugs.launchpad.net/cloud-init/+bug/1667831

Debdiff is attached.


unblock open-vm-tools/2:10.1.5-5055683-3


Thanks,

Bernd

-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F
diff --git a/debian/changelog b/debian/changelog
index 658a4222..5bcddde2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+open-vm-tools (2:10.1.5-5055683-3) unstable; urgency=medium
+
+  * [0aa95b6] Start open-vm-tools before cloud-init-local.service.
+Required for a working guest customization as reported by VMware.
+Also add cloud-init to 'Suggests'.
+Thanks to Sankar Tanguturi (Closes: #859677)
+
+ -- Bernd Zeimetz   Sun, 09 Apr 2017 21:54:21 +0200
+
 open-vm-tools (2:10.1.5-5055683-2) unstable; urgency=medium
 
   * [651cdfe] Depend on iproute2.
diff --git a/debian/control b/debian/control
index 5935c52f..432b11f7 100644
--- a/debian/control
+++ b/debian/control
@@ -19,7 +19,7 @@ Package: open-vm-tools
 Architecture: amd64 i386
 Depends: ${misc:Depends}, ${shlibs:Depends}, pciutils, iproute2
 Recommends: ethtool, zerofree, fuse, lsb-release
-Suggests: open-vm-tools-desktop
+Suggests: open-vm-tools-desktop, cloud-init
 Breaks: open-vm-tools-desktop (<< 2:10.0.7-3227872-2~)
 Replaces: open-vm-tools-desktop (<< 2:10.0.7-3227872-2~)
 Description: Open VMware Tools for virtual machines hosted on VMware (CLI)
diff --git a/debian/open-vm-tools.service b/debian/open-vm-tools.service
index 426d4fbd..a988f08e 100644
--- a/debian/open-vm-tools.service
+++ b/debian/open-vm-tools.service
@@ -2,6 +2,8 @@
 Description=Service for virtual machines hosted on VMware
 Documentation=http://open-vm-tools.sourceforge.net/about.php
 ConditionVirtualization=vmware
+DefaultDependencies=no
+Before=cloud-init-local.service
 
 [Service]
 ExecStart=/usr/bin/vmtoolsd

Bug#850723: heimdal: FTBFS on x32 because libtommath thinks it’s amd64

[Dominique Dumont]

Hello

libtommath upstream cannot reproduce this problem.

Could you try to build heimdal with a more recent version of libtommath ? 
(like the version that packaged in Debian)

All the best

-- 
 https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org

Bug#859979: firejail: Option --overlay-path=path not supported but documented

[Reiner Herrmann]

Control: tags -1 + fixed-upstream

Hi GSR,

On Sun, Apr 09, 2017 at 10:23:06PM +0200, GSR wrote:
> Man page talks about overlay-path but it fails as in:
> ---8<---
> firejail --overlay-path=/tmp/testdir --overlay-named=testname
> Error: invalid --overlay-path=/tmp/testdir command line option
> --->8---
> 
> Checked the source, it seems to be unsupported yet (around line 1471
> of main.c). Maybe man page should drop any mention until the issues
> are solved.

Thanks for reporting this.

This feature has been removed because of security problems.
I removed it from the manpage [1].

Regards,
  Reiner

[1]: https://github.com/netblue30/firejail/commit/d103b38


signature.asc
Description: Digital signature

Bug#859963: mimetic FTBFS on architectures where char is unsigned

[gregor herrmann]

Control: tag -1 + pending patch

On Sun, 09 Apr 2017 21:10:51 +0300, Adrian Bunk wrote:

> mimetic FTBFS on architectures where char is unsigned
> (originally reported by Frederic Bonnard):
> 
> ...
> base64.cxx:30:1: error: narrowing conversion of '-1' from 'int' to 'char' 
> inside { } [-Wnarrowing]
> base64.cxx:30:1: error: narrowing conversion of '-1' from 'int' to 'char' 
> inside { } [-Wnarrowing]
> base64.cxx:30:1: error: narrowing conversion of '-1' from 'int' to 'char' 
> inside { } [-Wnarrowing]
> base64.cxx:30:1: error: narrowing conversion of '-1' from 'int' to 'char' 
> inside { } [-Wnarrowing]
> base64.cxx:30:1: error: narrowing conversion of '-1' from 'int' to 'char' 
> inside { } [-Wnarrowing]
> base64.cxx:30:1: error: narrowing conversion of '-1' from 'int' to 'char' 
> inside { } [-Wnarrowing]
> ...

Thanks.

I'm in contact with upstream, and I'm attaching a preliminary patch
which makes the package build (including passing tests) on plummer
(ppc64el porterbox). Reviews welcome.


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Tom Waits: Day After Tomorrow
diff -Nru mimetic-0.9.8/debian/changelog mimetic-0.9.8/debian/changelog
--- mimetic-0.9.8/debian/changelog	2016-01-15 15:29:38.0 +0100
+++ mimetic-0.9.8/debian/changelog	2017-04-10 20:05:28.0 +0200
@@ -1,3 +1,11 @@
+mimetic (0.9.8-5) UNRELEASED; urgency=medium
+
+  * Add patch signed-char.patch to fix build failure on architectures
+where char is unsigned.
+Thanks to Adrian Bunk for the bug report. (Closes: #859963)
+
+ -- gregor herrmann   Mon, 10 Apr 2017 20:05:28 +0200
+
 mimetic (0.9.8-4) unstable; urgency=medium
 
   * debian/rules: change dh_strip argument from --ddeb-migration to
diff -Nru mimetic-0.9.8/debian/patches/series mimetic-0.9.8/debian/patches/series
--- mimetic-0.9.8/debian/patches/series	1970-01-01 01:00:00.0 +0100
+++ mimetic-0.9.8/debian/patches/series	2017-04-10 20:05:28.0 +0200
@@ -0,0 +1 @@
+signed-char.patch
diff -Nru mimetic-0.9.8/debian/patches/signed-char.patch mimetic-0.9.8/debian/patches/signed-char.patch
--- mimetic-0.9.8/debian/patches/signed-char.patch	1970-01-01 01:00:00.0 +0100
+++ mimetic-0.9.8/debian/patches/signed-char.patch	2017-04-10 20:05:28.0 +0200
@@ -0,0 +1,31 @@
+Description: fix FTBFS on architectures where char is unsigned
+ Fix error
+   base64.cxx:30:1: error: narrowing conversion of '-1' from 'int' to 'char' inside { } [-Wnarrowing]
+ by making Base64::sDecTable a signed char.
+Bug-Debian: https://bugs.debian.org/859963
+Forwarded: via email
+Author: gregor herrmann 
+Last-Update: 2017-04-10
+
+--- a/mimetic/codec/base64.cxx
 b/mimetic/codec/base64.cxx
+@@ -13,7 +13,7 @@
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789+/=";
+ 
+-const char Base64::sDecTable[] = {
++const signed char Base64::sDecTable[] = {
+ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+--- a/mimetic/codec/base64.h
 b/mimetic/codec/base64.h
+@@ -20,7 +20,7 @@
+ enum { default_maxlen = 76 };
+ enum { eq_sign = 100 };
+ static const char sEncTable[];
+-static const char sDecTable[];
++static const signed char sDecTable[];
+ static const int sDecTableSz;
+ public:
+ class Encoder; class Decoder;


signature.asc
Description: Digital Signature

Bug#859978: linux-cpupower: wrong turbo speeds reported on Nehalem

[Ben Hutchings]

Control: tag -1 upstream patch

On Sun, 2017-04-09 at 22:26 +0200, GSR wrote:
> Package: linux-cpupower
> Version: 4.9.13-1
> Severity: normal
> 
> Dear Maintainer,
> 
> On i7-870 Nehalem, "cpupower frequency-info -n" reports the wrong
> speeds for boost states. It seems to take the right multipliers (24,
> 24, 26 and 27) but the wrong base clock (100 as per newer chips,
> instead of correct 133). Thus the reported speeds (2400-2700 Mhz) are
> even lower than the normal maximum (2934 Mhz). Output should be approx
> 3192-3591.
> 
> i7z tool figures the 100 vs 133 correctly (yet has other bug and says
> the chip to be Nehalem Haswell at the same time, which has been
> reported too). It may serve as reference to figure where to extract
> the proper clock value for the cpupower command.

I didn't believe this at first, but cpupower really does have this
hardware-specific information - and a silly bug which results in using
the wrong base clock, as you say.

I've attached the patch that should fix this.  Please either test this
patch or the modified packages (linux-cpupower & libcpupower1 version
4.9.18-2~a.test) from .

Ben.

-- 
Ben Hutchings
73.46% of all statistics are made up.
From: Ben Hutchings 
Date: Mon, 10 Apr 2017 17:44:13 +0100
Subject: cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
Origin: https://git.kernel.org/linus/73f1b3551b088660eaa311edce6bd0842cebb38b
Bug-Debian: https://bugs.debian.org/859978

The switch that conditionally sets CPUPOWER_CAP_HAS_TURBO_RATIO and
CPUPOWER_CAP_IS_SNB flags is missing a break, so all cores get both
flags set and an assumed base clock of 100 MHz for turbo values.

Fixes: 8fb2e440b223 ("cpupower: Show Intel turbo ratio support via ...")
Signed-off-by: Ben Hutchings 
---
 tools/power/cpupower/utils/helpers/cpuid.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/power/cpupower/utils/helpers/cpuid.c b/tools/power/cpupower/utils/helpers/cpuid.c
index 93b0aa74ca03..39c2c7d067bb 100644
--- a/tools/power/cpupower/utils/helpers/cpuid.c
+++ b/tools/power/cpupower/utils/helpers/cpuid.c
@@ -156,6 +156,7 @@ int get_cpu_info(unsigned int cpu, struct cpupower_cpu_info *cpu_info)
 	 */
 			case 0x2C:	/* Westmere EP - Gulftown */
 cpu_info->caps |= CPUPOWER_CAP_HAS_TURBO_RATIO;
+break;
 			case 0x2A:	/* SNB */
 			case 0x2D:	/* SNB Xeon */
 			case 0x3A:	/* IVB */


signature.asc
Description: This is a digitally signed message part

Bug#856843:

[Luke Suchocki]

With regard to my previous message, the 15-minute inactivity timeout is
expected.

The attempt to send an echo request without re-negotiating is not, and
thus the server is closing the connection with a reset.

Commit  b8c600120fc87d53642476f48c8055b38d6e14c7
"Call echo service immediately after socket reconnect"

This path likely introduced or contributed to the behavior we're
seeing.

Prior to this, when the system reconnected, the TCP socket would be
brought open in connect.c:cifs_reconnect(), but no echos were
scheduled, and it was simply left in a CifsNeedsNegotiate state.

The connection was re-negotiated when the next "real" SMB request was
made.

The SMBv1 echo code itself is unable to re-negotiate the connection:

When I follow the connect.c:cifs_echo_request() code through to
"server->ops->echo(server)" which is called when we need a re-
negotiate, that brings me to cifssmb.c:CIFSSMBEcho().

CIFSSMBEcho() calls small_smb_init() with tcon=NULL.

small_smb_init() calls cifs_reconnect_tcon() with tcon=NULL, which then
exits with rc=0, as it can't get references to session or server
without tcon.

The rest of the CIFSSMBEcho() code completes, and attempts to send an
echo request to the server, without re-negotiating the connection.

The server resets the connection, connect.c:cifs_readv_from_socket()
notices this, calls connect.c:cifs_reconnect(), and the entire process
repeats itself, ~1000 times per second in my testing.

I would consider marking this a CRITICAL issue, as it could cause a
significant DDOS against windows servers.

I haven't done a diff with Linux 4.11-rc6, but a quick review of the
patches do not appear to mention any of this behavior.

Additionally, I value the need for this patch, as the TCP session will
be reestablished as soon as the connection is reset, but echos are not
required until "real" SMB services are requested again by the client...


--Luke Suchocki

 

Bug#857460: unblock: exim4/4.89-1

[Andreas Metzler]

On 2017-03-11 Andreas Metzler  wrote:
[...]
> unblock exim4/4.89-1
> unblock eximdoc4/4.89-1

Ping?

Bug#859621: printer-driver-gutenprint: Regression in 5.2.11 for Brother printer

[Olivier Aubert]

$ grep -i Nickname /etc/cups/ppd/Brother.ppd
*NickName: "Brother MFC7420 for CUPS"
*ShortNickName: "Brother MFC7420 for CUPS"
$ grep -i cupsfilter /etc/cups/ppd/Brother.ppd 
*cupsFilter: "application/vnd.cups-postscript 0 brlpdwrapperMFC7420"

Best,
Olivier

On Mon, 2017-04-10 at 18:37 +0100, Brian Potkin wrote:
> On Mon 10 Apr 2017 at 19:05:19 +0200, Olivier Aubert wrote:
> 
> > Actually, my wording was wrong: the Brother drivers do not use
> > gutenprint and gutenprint does not support the MFC7420, as far as I
> > can
> > read the source/doc.
> 
> Indeed. There is no declared support for the MFC7420.
> 
> > I just can acknowledge that the printer stopped working after
> > upgrading
> > gutenprint to 5.2.11 (with a gutenprint-related error message), and
> > that downgrading gutenprint solved the issue.
> 
> You will have a PPD in /etc/cups/ppd which gives the capabilities
> of your printer. Please post the outputs of
> 
> grep -i Nickname /etc/cups/ppd/your_ppd
> 
> and
> 
> grep -i cupsfilter /etc/cups/ppd/your_ppd
> 
> Regards,
> 
> Brian.
> 

Bug#860043: (no subject)

[Gianfranco Costamagna]

control: retitle -1 wxpython3.0: asserts on valid poedit code due to bad mutex 
unlock

This affects only poedit2, so just experimental for now

thanks

G.



signature.asc
Description: OpenPGP digital signature

Bug#859957: Fwd: Bug#859957: natbraille: ftbfs without networking

[Bruno Mascret]

Hello Alex,

Le 10/04/2017 à 13:25, Alex ARNAUD a écrit :

Is the new natbraille works on GNU/Linux also ?

Of course!
Even more: some functionalities work only with linux ;-)



We 'll try to do our best to publish an updated version of the
softwares, if someone could help we 'll appreciate!


It will be great indeed.
Natbraille's version are available at 
http://natbraille.free.fr/index.php?lang=fr=down.php


Best regards,
Bruno

Bug#859621: printer-driver-gutenprint: Regression in 5.2.11 for Brother printer

[Brian Potkin]

On Mon 10 Apr 2017 at 19:05:19 +0200, Olivier Aubert wrote:

> Actually, my wording was wrong: the Brother drivers do not use
> gutenprint and gutenprint does not support the MFC7420, as far as I can
> read the source/doc.

Indeed. There is no declared support for the MFC7420.

> I just can acknowledge that the printer stopped working after upgrading
> gutenprint to 5.2.11 (with a gutenprint-related error message), and
> that downgrading gutenprint solved the issue.

You will have a PPD in /etc/cups/ppd which gives the capabilities
of your printer. Please post the outputs of

grep -i Nickname /etc/cups/ppd/your_ppd

and

grep -i cupsfilter /etc/cups/ppd/your_ppd

Regards,

Brian.

Bug#860045: [Pkg-utopia-maintainers] Bug#860045: Please don't use /var/run/$foo in network-manager anymore

[Michael Biebl]

Am 10.04.2017 um 19:01 schrieb Alf Gaida:
> Package: network-manager
> Severity: normal
> 
> We live in the 21. century - 
> https://wiki.debian.org/ReleaseGoals/RunDirectory : This is a release goal 
> for Wheezy. 
> 

feel free to send a patch.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#860047: libostree-dev: lockstep dependency on libostree-1-1 missing

[Simon McVittie]

Package: libostree-dev
Version: 2016.15-3
Severity: serious
Justification: Policy 8.4
Tags: pending

libostree-dev should have a lockstep dependency on a corresponding version
of libostree-1-1. It does not.

It does indirectly depend on libostree-1-1 via gir1.2-ostree-1.0, but that
dependency is not sufficiently strictly versioned to guarantee that the
headers and the shared library match exactly.

S

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libostree-dev depends on:
ii  gir1.2-ostree-1.0  2017.3-1
ii  libglib2.0-dev 2.50.3-2
ii  pkg-config 0.29-4+b1

libostree-dev recommends no packages.

Versions of packages libostree-dev suggests:
ii  libostree-doc  2017.3-1

-- no debconf information

Bug#860046: wolfssl: Incomplete debian/copyright?

[Chris Lamb]

Source: wolfssl
Version: 3.10.2+dfsg-1
Severity: serious
Justication: Policy 12.5

Hi,

I just ACCEPTed wolfssl from NEW but noticed it was missing 
attribution in debian/copyright for at least the files under m4/

(This is not exhaustive so please check over the entire package 
carefully and address these on your next upload.)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#859621: printer-driver-gutenprint: Regression in 5.2.11 for Brother printer

[Olivier Aubert]

Actually, my wording was wrong: the Brother drivers do not use
gutenprint and gutenprint does not support the MFC7420, as far as I can
read the source/doc.

I just can acknowledge that the printer stopped working after upgrading
gutenprint to 5.2.11 (with a gutenprint-related error message), and
that downgrading gutenprint solved the issue. 

Regards,
Olivier



On Mon, 2017-04-10 at 17:41 +0100, Brian Potkin wrote:
> On Wed 05 Apr 2017 at 15:04:53 +0100, Brian Potkin wrote:
> 
> > On Wed 05 Apr 2017 at 12:13:56 +0200, Olivier Aubert wrote:
> > 
> > > I own a Brother MFC7420 printer (which requires proprietary
> > > drivers that use gutenprint).
> > > It has been working correctly with printer-driver-gutenprint
> > > 5.2.10. Since the upgrade to 
> > > 5.2.11-1+b1 (and idem with 5.2.11-1+b2), the printer stopped
> > > working, with the following
> > > message in /var/log/cups/error.log:
> > > 
> > > [cups-deviced] PID 27449 (gutenprint52+usb) stopped with status
> > > 1!
> > > 
> > > Similar issues can be found in Ubuntu [1] and ArchLinux [2].
> > > 
> > > I solved it for the moment by downgrading printer-driver-
> > > gutenprint to 5.2.10
> > > 
> > > [1] https://ubuntu-mate.community/t/printer-pauses-randomly-after
> > > -upgrade-to-16-04/5653
> > > [2] https://bbs.archlinux.org/viewtopic.php?id=208475
> > 
> > Intriguing. The MFC7420 is not supported by Gutenprint! Where do
> > the
> > Brother drivers enter the picture?
> 
> To make it clear - there are two questions here. One is explicit.
> The other (is the MFC7420 supported by Gutenprint?) is implicit.
> 
> Regards,
> 
> Brian.

Bug#860045: Please don't use /var/run/$foo in network-manager anymore

[Alf Gaida]

Package: network-manager
Severity: normal

We live in the 21. century - https://wiki.debian.org/ReleaseGoals/RunDirectory 
: This is a release goal for Wheezy. 

Cheers Alf

-- System Information:
Debian Release: 9.0
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.9-towo.1-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#860044: icinga-web: FTBFS: checking if php has xsl module... configure: error: not found

[Chris Lamb]

Source: icinga-web
Version: 1.13.1-2.1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Dear Maintainer,

icinga-web fails to build from source in unstable/amd64:

  […]

  checking for a BSD-compatible install... /usr/bin/install -c
  checking for grep that handles long lines and -e... /bin/grep
  checking for a sed that does not truncate output... /bin/sed
  checking for php... /usr/bin/php
  checking for phing... not found
  configure: WARNING: binary phing not found in PATH
  checking if php has sockets module... found
  checking if php has xsl module... configure: error: not found
  debian/rules:22: recipe for target 'override_dh_auto_configure' failed
  make[1]: *** [override_dh_auto_configure] Error 1
  make[1]: Leaving directory '«BUILDDIR»'
  debian/rules:15: recipe for target 'build' failed
  make: *** [build] Error 2
  dpkg-buildpackage: error: debian/rules build gave error exit status 2

  […]

The full build log is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-


icinga-web.1.13.1-2.1.unstable.amd64.log.txt.gz
Description: Binary data

Bug#859787: davmail: new upstream version available - please upgrade

[Alexandre Rossi]

Hi,

> there is a new upstream version of DavMail available:
> https://sourceforge.net/projects/davmail/files/davmail/4.8.0/
>
> Please consider upgrading the Debian package when convenient, as it contains
> a
> couple of important improvements.

Thanks for reporting, I was aware of this new version, but did not act
because of the current freeze[1]: only new versions fixing important
or above bugs should be considered (major usability issue with
package).

I will prepare an upload to experimental if my sponsor thinks it may
be worth his time.

Thanks for your interest,

Alex

[1] https://release.debian.org/stretch/freeze_policy.html

Bug#852596: iio-sensor-proxy still spams syslog with an error message every second

[Ritesh Raj Sarraf]

On Mon, 2017-04-10 at 15:19 +0300, Serhiy Cherpatyuk wrote:
> $ uname -a
> Linux csy-aspire-v13 4.9.0-2-amd64 #1 SMP Debian 4.9.18-1 (2017-03-30) 
> x86_64 GNU/Linux
> 
> syslog:
> Apr 10 15:01:22 csy-aspire-v13 iio-sensor-prox[725]: Could not open 
> input accel '/dev/input/event6': Operation not permitted

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853067

As per the bug report, the kernel side backport is done.

As for this bug, there's no fix planned any time soon. You may want to follow
the upstream bug report too.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

signature.asc
Description: This is a digitally signed message part

Bug#859621: printer-driver-gutenprint: Regression in 5.2.11 for Brother printer

[Brian Potkin]

On Wed 05 Apr 2017 at 15:04:53 +0100, Brian Potkin wrote:

> On Wed 05 Apr 2017 at 12:13:56 +0200, Olivier Aubert wrote:
> 
> > I own a Brother MFC7420 printer (which requires proprietary drivers that 
> > use gutenprint).
> > It has been working correctly with printer-driver-gutenprint 5.2.10. Since 
> > the upgrade to 
> > 5.2.11-1+b1 (and idem with 5.2.11-1+b2), the printer stopped working, with 
> > the following
> > message in /var/log/cups/error.log:
> > 
> > [cups-deviced] PID 27449 (gutenprint52+usb) stopped with status 1!
> > 
> > Similar issues can be found in Ubuntu [1] and ArchLinux [2].
> > 
> > I solved it for the moment by downgrading printer-driver-gutenprint to 
> > 5.2.10
> > 
> > [1] 
> > https://ubuntu-mate.community/t/printer-pauses-randomly-after-upgrade-to-16-04/5653
> > [2] https://bbs.archlinux.org/viewtopic.php?id=208475
> 
> Intriguing. The MFC7420 is not supported by Gutenprint! Where do the
> Brother drivers enter the picture?

To make it clear - there are two questions here. One is explicit.
The other (is the MFC7420 supported by Gutenprint?) is implicit.

Regards,

Brian.

Bug#860043:

[Gianfranco Costamagna]

Source: wxpython3.0
Version: 3.0.2.0+dfsg-3
Severity: important
Tags: patch

Hello, poedit2 is having a lot of asserts and segfaulting (IIRC).
Reason is a bug in wxpython3.0 and the fix from Poedit upstream has already
been merged to wx upstream (3.0 maint branch too)

Please cherry-pick the following fix
https://github.com/wxWidgets/wxWidgets/commit/ed88188be7e97a0503f3471f7b0452740b732902.patch
I don't know if poedit1 is affected, but I would appreciate a fix in any case
(poedit2 is experimental only)

(I'm open to a team upload too, just ask me!)

thanks!

G.

Bug#800043: dh-systemd: add documentation for using dh-systemd

[Matt Zagrabelny]

On Mon, Apr 10, 2017 at 4:50 AM, Niels Thykier  wrote:

>
> > When using tiny rules:
> >
> > %:
> > dh $@
> >
> > and the package contains a systemd unit file, but no sysv init file,
> > lintian complains:
> >
> > W: fw-skel: init.d-script-not-marked-as-conffile etc/init.d/fw-skel
> > E: fw-skel: init.d-script-not-included-in-package etc/init.d/fw-skel
> >
> > [...]
>
> Aha.  I believe that is fixed in compat 11 (still WIP though).  In
> compat 11, dh_installinit will ignore systemd files and accordingly not
> assume it should do something.
>

Excellent!


> >
> > I don't know the best place to document this idea of telling debhelper to
> > not bother with the init script if it doesn't exist.
> >
>
>
> I have added a remark in the dh_installinit manpage about it might make
> sense to skip dh_installinit for packages in compat 10 and earlier, when
> they only skip systemd services and no sysvinit scripts.
>

Thanks!


> The actual text being (review welcome):
>
> """
> In compat 10 or earlier: If a package only ships a systemd service
> file and no sysvinit script is provided, you may want to exclude the
> call to dh_installinit for that package (e.g. via B<-N>).  Otherwise,
> you may get warnings from lintian about init.d scripts not being
> included in the package.
> """
>

Looks good to me.


>
> You already did. ;)  When dh-systemd was merged into debhelper, all of
> its outstanding bugs got reassigned to debhelper.
>


Heh. I realized that I wasn't very descriptive with my comment about filing
a report against debhelper. I knew the bug was reassigned from dh-systemd
to debhelper, but I was thinking more along the lines of filing a bug
against dh_installinit to "do the right thing" because of the lintian error
and warning. Which is all moot because of your fix for compat 11 mentioned
above.

So, thanks again!

Feel free to close this bug out, or I can.

Happy hacking and thanks for your contribution to Debian and free software.
:)

-m

Bug#859923: linux-image-4.9.0-2-amd64: mmap system call problem

[Ben Hutchings]

Control: tag -1 moreinfo

On Sun, 2017-04-09 at 12:09 +0200, Fernando Santagata wrote:
[...]
> The last line in dmesg is:
> 
> [  503.531581] mmap: java (6830): VmData 134582272 exceed data ulimit
> 134217728. Update limits or use boot option ignore_rlimit_data.
> 
> but
> 
> $ ulimit
> unlimited

ulimit with no options shows the file size limit, not the data size
limit.

> I think this is related to this thread in the linux-mm mailing list, dating
> back to kernel version 4.7, the first one that exibits this behavior:
> 
> https://lists.gt.net/linux/kernel/2528084
> 
> This error shows even when using concurrent programming under Perl6, so it
> seems to be really related to sharing memory.
> 
> The last usable kernel in this respect is version 4.6.

The warning message tells you how to work around this (add kernel
parameter 'ignore_rlimit_data').  Doesn't that work?

Ben.

-- 
Ben Hutchings
73.46% of all statistics are made up.



signature.asc
Description: This is a digitally signed message part

Bug#860042: nfs-ganesha: service reload fails

[Tobias Wackenhut]

Package: nfs-ganesha
Version: 2.4.4-2
Severity: normal

Dear Maintainer,

The systemd service file for nfs-ganesha containts the following line:

ExecReload=/bin/dbus-send --system   --dest=org.ganesha.nfsd --type=method_call 
/org/ganesha/nfsd/admin org.ganesha.nfsd.admin.reload

Before testing what is described in this bug I have already created a
symbolic link at /bin/dbus-send pointing to /usr/bin/dbus-send, since
this problem of wrong paths to the dbus-send executable is a separate
issue.

Unfortunately systemctl daemon-reload does not reload the configuration
of nfs-ganesha because ganesha seems to no longer provide
org.ganesha.nfsd.admin.reload .

It looks like this problem exists upstream as well, because in commit
5cd4abd6c738bb88ed80793ab2734902e270f25c [1]
this functionality was removed but the documentation (in the wiki at
[2]) and the service file provided by upstream were not modified
accordingly.

However sending a SIGHUP signal to ganesha.nfsd [3] gives the expected
result of nfs-ganesha reloading it's config.

[1] 
https://github.com/nfs-ganesha/nfs-ganesha/commit/5cd4abd6c738bb88ed80793ab2734902e270f25c
[2] https://github.com/nfs-ganesha/nfs-ganesha/wiki/Dbusinterface
[3] 
https://github.com/nfs-ganesha/nfs-ganesha/blob/next/src/MainNFSD/nfs_init.c#L197

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nfs-ganesha depends on:
ii  daemon0.6.4-1+b2
ii  dbus  1.10.16-1
ii  libblkid1 2.29.1-1
ii  libc6 2.24-9
ii  libcap2   1:2.25-1
ii  libcomerr21.43.4-2
ii  libdbus-1-3   1.10.16-1
ii  libgssapi-krb5-2  1.15-1
ii  libk5crypto3  1.15-1
ii  libkrb5-3 1.15-1
ii  libnfsidmap2  0.25-5.1
ii  libntirpc1.4  1.4.3-2
ii  libuuid1  2.29.1-1
ii  libwbclient0  2:4.5.6+dfsg-1
ii  nfs-common1:1.3.4-2.1
ii  rpcbind   0.2.3-0.5+b1

nfs-ganesha recommends no packages.

nfs-ganesha suggests no packages.

-- no debconf information

Bug#848192: /usr/bin/dh_systemd_start: dh_systemd_start needs to start .socket before .service

[Felipe Sateler]

Control: tags -1 patch pending

On Mon, Apr 10, 2017 at 11:07 AM, Niels Thykier  wrote:
> Control: reassign -1 init-system-helpers
> Control: retitle -1 deb-systemd-invoke: Run systemctl once with all args
>
> On Thu, 15 Dec 2016 01:38:18 +0100 Matthias Urlichs
>  wrote:
>> Package: debhelper
>> Version: 10.2.2
>> Severity: normal
>> File: /usr/bin/dh_systemd_start
>>
>> When I have both a service and a socket unit file, dh_systemd_start runs
>> the service first.
>>
>> This is bad because the socket will refuse to run when the service has been
>> started, while the service's configuration probably depends on the socket.
>>
>> deb-systemd-invoke $_dh_action knxd.service knxd.socket >/dev/null 
>> || true
>>
>> Please re-order to act on the socket first.
>>
>> [...]
>
> Hi,
>
> I was on #d-systemd today and we concluded that:
>
>  * This was better solved in deb-systemd-invoke itself, which should
>call / exec systemd with all the arguments.  This would make systemd
>figure out the ordering itself.

I have a patch in this branch:

https://anonscm.debian.org/cgit/collab-maint/init-system-helpers.git/log/?h=fsateler/next

It's too late for stretch I think, so I'm queuing it for buster.

>
>  * The knxd.service should have a require on the knxd.socket if the
>.socket must be started before the .service.  Otherwise it will cause
>issues/confusion if an enduser starts the services manually.

Yes, please add that. Otherwise the config is too brittle.


-- 

Saludos,
Felipe Sateler

Bug#860041: kinfocenter: cannot find its plugins

[Laurent Bonnaud]

Package: kinfocenter
Version: 4:5.8.5-1
Severity: normal


Dear Maintainer,

when I start kinfocenter from a terminal and click on "Energy Information", I 
see the following error messages in the terminal:

org.kde.kcoreaddons: Error loading plugin "kcm_energyinfo" "The shared library 
was not found."
Plugin search paths are ("/usr/lib/x86_64-linux-gnu/qt5/plugins", "/usr/bin")
The environment variable QT_PLUGIN_PATH might be not correctly set

Same thing for this other plugin:

org.kde.kcoreaddons: Error loading plugin "kcm_fileindexermonitor" "The shared 
library was not found."
Plugin search paths are ("/usr/lib/x86_64-linux-gnu/qt5/plugins", "/usr/bin")
The environment variable QT_PLUGIN_PATH might be not correctly set


-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-rt-amd64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kinfocenter depends on:
ii  ieee-data   20160613.1
ii  kio 5.28.0-2
ii  libc6   2.24-9
ii  libegl1-mesa [libegl1-x11]  17.0.3-1
ii  libgl1-mesa-glx [libgl1]17.0.3-1
ii  libglu1-mesa [libglu1]  9.0.0-2.1
ii  libkf5completion5   5.28.0-1
ii  libkf5configcore5   5.28.0-2
ii  libkf5configwidgets55.28.0-2
ii  libkf5coreaddons5   5.28.0-2
ii  libkf5dbusaddons5   5.28.0-1
ii  libkf5i18n5 5.28.0-2
ii  libkf5iconthemes5   5.28.0-2
ii  libkf5kcmutils5 5.28.0-2
ii  libkf5kdelibs4support5  5.28.0-2
ii  libkf5kiocore5  5.28.0-2
ii  libkf5kiowidgets5   5.28.0-2
ii  libkf5quickaddons5  5.28.0-1
ii  libkf5service-bin   5.28.0-1
ii  libkf5service5  5.28.0-1
ii  libkf5solid55.28.0-3
ii  libkf5waylandclient54:5.28.0-1
ii  libkf5widgetsaddons55.28.0-2
ii  libkf5xmlgui5   5.28.0-1
ii  libpci3 1:3.5.2-1
ii  libqt5core5a5.7.1+dfsg-3+b1
ii  libqt5dbus5 5.7.1+dfsg-3+b1
ii  libqt5gui5  5.7.1+dfsg-3+b1
ii  libqt5qml5  5.7.1-2+b2
ii  libqt5widgets5  5.7.1+dfsg-3+b1
ii  libraw1394-11   2.1.2-1+b1
ii  libstdc++6  7-20170407-1
ii  libx11-62:1.6.4-3
ii  plasma-workspace4:5.8.6-2
ii  usbutils1:008-1

kinfocenter recommends no packages.

kinfocenter suggests no packages.

-- no debconf information

-- 
Laurent.

Bug#814453: bijiben: High CPU usage after Gnome shell search

[David Ayers]

Hi Vincent,

thank you for the pointers.  But as I mentioned, this issue arose with
the version is stable/jessie and those debugging repositories are only
available as of testing/stretch.

So I installed a stretch vm to see if I could reproduce the issue there
but to no avail.  I configured evolution, created some notes and then
attempted to search the strings via gnome-shell search field.

I entered: "30*12*6 + 7200*2"
With that search string I can reliably create the runaway task on
stable.

The version in stable/jessie is: 3.14.2
The version on testing/stretch is: 3.20.2

I did notice though that in testing/stretch the search results do not
contain any notes at all.  There seems to be a more fundamental issue
not related to this bug.

I have added a comment to the cooresponding bug though anyway, with the
best stacktrace I could provide:
https://bugzilla.gnome.org/show_bug.cgi?id=711650#c20

Please let me know if there is anything else I can do to get this issue
resolved in stable/jessie.

Thank you!
David


-- 
David Ayers - Team Austria
Free Software Foundation Europe (FSFE) []  (http://www.fsfe.org)
Join the Fellowship of FSFE! [][][]  (https://fsfe.org/join)
Your donation powers our work! ||   (http://fsfe.org/donate)


signature.asc
Description: This is a digitally signed message part

Bug#860040: policykit-1: Hardening /proc in fstab with hidepid=1 or 2 blocks pkexec

[Tony Sultana]

Package: policykit-1
Version: 0.105-17
Severity: normal

Dear Maintainer,

Hardening my Debian Stretch system with lynis, I enabled hardening /proc to
limit non-superuser access to /proc directories.

proc /proc proc defaults,hidepid=2 0 0

After reboot, all programs that required root authentication via a popup are
blocked from opening the window.  Programs tested include; /usr/bin/synaptic-
pkexec and /usr/bin/gufw-pkexec.

/var/log/auth.log
Apr  9 12:07:30 hostname polkitd(authority=local): Registered Authentication
Agent for unix-process:21299:214113 (system bus name :1.88 [pkexec
/usr/sbin/synaptic], object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Apr  9 12:07:33 hostname polkitd(authority=local): Operator of unix-
process:21299:214113 FAILED to authenticate to gain authorization for action
com.ubuntu.pkexec.synaptic for unix-process:21299:214113 [/bin/sh
/usr/bin/synaptic-pkexec] (owned by unix-user:username)
Apr  9 12:07:33 hostname pkexec[21300]: username: Error executing command as
another user: Not authorized [USER=root] [TTY=/dev/pts/0] [CWD=/home/username]
[COMMAND=/usr/sbin/synaptic]
Apr  9 12:07:33 hostname polkitd(authority=local): Unregistered Authentication
Agent for unix-process:21299:214113 (system bus name :1.88, object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

In fstab, hidepid=1 or hidepid=2 causes the same behavior.  Commenting out the
/proc line in fstab and rebooting solves the issue but reduces my hardening.

The behavior of blocking the user from running a program as root seems to be
correct.  However, there is no warning to the user that they are being blocked
from running the program since the popup window to enter authentication never
opens.

I suggest that if the authentication window cannot open then a warning window
is displayed to the user that permission is denied.

Debian Stretch 4.9.18-1 (2017-03-30) x86_64 GNU/Linux
lightdm 1.18.3
Openbox 3.6.1
LXQt Version: 0.11.1




-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages policykit-1 depends on:
ii  dbus   1.10.16-1
ii  libc6  2.24-9
ii  libglib2.0-0   2.50.3-2
ii  libpam-systemd 232-22
ii  libpam0g   1.1.8-3.5
ii  libpolkit-agent-1-00.105-17
ii  libpolkit-backend-1-0  0.105-17
ii  libpolkit-gobject-1-0  0.105-17

policykit-1 recommends no packages.

policykit-1 suggests no packages.

-- no debconf information

Bug#857131: RFS: fgrun/2016.4.0-0.1 [RC, NMU]

[Mattia Rizzolo]

control: tag -1 moreinfo

On Fri, Mar 10, 2017 at 07:58:52AM -0700, Sean Whitton wrote:
> Since Markus has got involved in this thread, perhaps you can organise a
> team upload, and/or add Boyuan to the Uploaders: field.

Indeed.
Markus: would you please take this RFS to its end?

> > * This package has a longstanding unfixed RC bug (FTBFS) and fell out of
> > Stretch release. With absolutely zero reverse dependency and migration 
> > blocking, I believe fgrun should be able to enter unstable even though we 
> > are 
> > in freeze now (because it wouldn't affect other packages or Stretch release 
> > at 
> > all).
> 
> Note that the release team's freeze policy does not allow this.

I'm quite positive that the release team doesn't particularly care about
what happens to sid-only packages unless as long as they don't correlate
to anything that is in stretch (i.e. a package in stretch starting to
depending on a sid-only package).


-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#848192: /usr/bin/dh_systemd_start: dh_systemd_start needs to start .socket before .service

[Matthias Urlichs]

Thank you. Will fix.

knxd is going to be packaged soon(ish; I missed the new-packages cut-off
date by less than a week).


-- 
-- Matthias Urlichs

Bug#860039: liblirc-dev pkg-config does not provide proper include paths

[Matthew Gabeler-Lee]

Package: liblirc-dev
Version: 0.9.4c-9
Severity: normal

Trying to build an LIRC plugin using liblirc-dev doesn't work, because the 
installed pkg-config file does not provide proper include flags for the cflags 
output:

$ make
cc -I../usb_ir -fpic -DPLUGINDOCS=\"/usr/share/doc/lirc/plugindocs\"   -c -o 
iguanair.o iguanair.c
In file included from /usr/include/lirc/ir_remote_types.h:52:0,
 from /usr/include/lirc_driver.h:21,
 from iguanair.c:31:
/usr/include/lirc/include/media/lirc.h:9:20: fatal error: config.h: No such 
file or directory
 #include 
^
compilation terminated.
: recipe for target 'iguanair.o' failed
make: *** [iguanair.o] Error 1
$ pkg-config --cflags lirc-driver
-fpic -DPLUGINDOCS=\"/usr/share/doc/lirc/plugindocs\"
$ ls /usr/include/lirc/config.h
/usr/include/lirc/config.h

It looks like it needs to export "-I/usr/include/lirc"

Which is strange because ... it also looks like it already does?

Cflags: -I${includedir} -fpic -DPLUGINDOCS='"${docdir}/plugindocs"'

Aaah, it seems that includedir is just set to /usr/include, but it needs to 
also give /usr/include/lirc

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages liblirc-dev depends on:
ii  liblirc-client0  0.9.4c-9
ii  liblirc0 0.9.4c-9
ii  lsb-base 9.20161125

liblirc-dev recommends no packages.

liblirc-dev suggests no packages.

-- no debconf information

Bug#859935: bsd-mailx: sends 8bit messages without indicating charset

[Niels Thykier]

Thorsten Glaser:
> On Mon, 10 Apr 2017, Niels Thykier wrote:
> 
>> I have downgraded it to important because I do not think this is release
>> critical (in the sense that it should be stalling a release).  I do
>> agree it is a bug and it would be great to have.  So please consider
> 
> OK, good point.
> 
>> applying it and requesting an unblock for it (if it happens during the
>> freeze).
> 
> Thanks for the “maintainer approval” of sorts ;-)
> 
> I’ve filed the unblock request as #860022, for future reference,
> and intend to follow your advice and NMU if it’s granted.
> 
> bye,
> //mirabilos
> 

Just to avoid misunderstandings; I am /not/ the maintainer of bsd-mailx.

~Niels

Bug#860033: [Pkg-zsh-devel] Bug#860033: /usr/bin/zsh gone after dist-upgrade

[Adrian Bunk]

On Mon, Apr 10, 2017 at 04:35:24PM +0200, Axel Beckert wrote:
>...
> It is not. See /var/lib/dpkg/info/zsh.postinst:
> 
>  5  case "$1" in
>  6  (configure)
>  7  add-shell /bin/zsh
>  8  add-shell /usr/bin/zsh
>  9
> 10  # New hardcoded symlinks which unfortunately can't be shipped 
> inside
> 11  # the package itself since some people want to merge /bin and 
> /usr/bin
> 12  # against FHS and all Unix tradition.
> 13  if [ ! -e /usr/bin/zsh -a ! -L /usr/bin/zsh ]; then
> 14ln -s /bin/zsh /usr/bin/zsh
> 15  fi
> 16  ;;
>...

I think I understand where the problem is:

The link is not created due to the old alternatives link still existing.

This block has to be moved after the
  update-alternatives --remove zsh /bin/zsh5

>   Regards, Axel

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#860038: web2py: CVE-2016-10321

[Salvatore Bonaccorso]

Source: web2py
Version: 2.12.3-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for web2py.

CVE-2016-10321[0]:
| web2py before 2.14.6 does not properly check if a host is denied before
| verifying passwords, allowing a remote attacker to perform brute-force
| attacks.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10321
[1] 
https://github.com/web2py/web2py/commit/944d8bd8f3c5cf8ae296fc03d149056c65358426


Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#860033: [Pkg-zsh-devel] Bug#860033: /usr/bin/zsh gone after dist-upgrade

[Adrian Bunk]

On Mon, Apr 10, 2017 at 04:35:24PM +0200, Axel Beckert wrote:
>...
> * Do you still have the output of the dist-upgrade? If so, could grep
>   for "zsh" in that log and send us that output?
>...

I can reproduce the problem, both on my system and in a chroot:

# apt-get install zsh=5.0.7-5 zsh-common=5.0.7-5 
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Suggested packages:
  zsh-doc
The following NEW packages will be installed:
  zsh zsh-common
0 upgraded, 2 newly installed, 0 to remove and 1420 not upgraded.
Need to get 3,821 kB of archives.
After this operation, 13.2 MB of additional disk space will be used.
Get:1 http://ftp.debian.org/debian jessie/main amd64 zsh-common all 5.0.7-5 
[3,121 kB]
Get:2 http://ftp.debian.org/debian jessie/main amd64 zsh amd64 5.0.7-5 [700 kB]
Fetched 3,821 kB in 2s (1,737 kB/s)
Selecting previously unselected package zsh-common.
(Reading database ... 403541 files and directories currently installed.)
Preparing to unpack .../0-zsh-common_5.0.7-5_all.deb ...
Unpacking zsh-common (5.0.7-5) ...
Selecting previously unselected package zsh.
Preparing to unpack .../1-zsh_5.0.7-5_amd64.deb ...
Unpacking zsh (5.0.7-5) ...
Processing triggers for menu (2.1.47) ...
Setting up zsh-common (5.0.7-5) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up zsh (5.0.7-5) ...
update-alternatives: using /bin/zsh5 to provide /bin/zsh (zsh) in auto mode
update-alternatives: using /bin/zsh5 to provide /bin/rzsh (rzsh) in auto mode
Processing triggers for menu (2.1.47) ...
# /bin/zsh --version; /usr/bin/zsh --version  
zsh 5.0.7 (x86_64-pc-linux-gnu)
zsh 5.0.7 (x86_64-pc-linux-gnu)
# apt-get install zsh
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following additional packages will be installed:
  zsh-common
Suggested packages:
  zsh-doc
The following packages will be upgraded:
  zsh zsh-common
2 upgraded, 0 newly installed, 0 to remove and 1420 not upgraded.
Need to get 4,271 kB of archives.
After this operation, 2,019 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://ftp.debian.org/debian unstable/main amd64 zsh amd64 5.3.1-3+b1 
[816 kB]
Get:2 http://ftp.debian.org/debian unstable/main amd64 zsh-common all 5.3.1-3 
[3,454 kB]
Fetched 4,271 kB in 2s (1,969 kB/s)  
Reading changelogs... Done
apt-listchanges: Do you want to continue? [Y/n] 
(Reading database ... 404768 files and directories currently installed.)
Preparing to unpack .../0-zsh_5.3.1-3+b1_amd64.deb ...
Unpacking zsh (5.3.1-3+b1) over (5.0.7-5) ...
Preparing to unpack .../1-zsh-common_5.3.1-3_all.deb ...
Unpacking zsh-common (5.3.1-3) over (5.0.7-5) ...
Processing triggers for menu (2.1.47) ...
Setting up zsh-common (5.3.1-3) ...
Installing new version of config file /etc/zsh/zshrc ...
Processing triggers for man-db (2.7.5-1) ...
Setting up zsh (5.3.1-3+b1) ...
Processing triggers for menu (2.1.47) ...
# /bin/zsh --version; /usr/bin/zsh --version  
zsh 5.3.1 (x86_64-debian-linux-gnu)
-su: /usr/bin/zsh: No such file or directory
# 
 
>   Regards, Axel

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#860033: [Pkg-zsh-devel] Bug#860033: /usr/bin/zsh gone after dist-upgrade

[ilf]

Axel Beckert:

* Was the dist-upgrade already finished when you checked this?


Yes, this was after reboot.

* Is the zsh package or zsh-common in a "broken" state? Can you send 
 us the output of "dpkg -l zsh\*"?


ii  zsh  5.3.1-3+b1   amd64   shell with lots of features
ii  zsh-common   5.3.1-3  all architecture independent files for Zsh

* Do you still have the output of the dist-upgrade? If so, could grep 
 for "zsh" in that log and send us that output?


grepping /var/log/* for zsh gives:

dpkg.log:

21:03:11 upgrade zsh:amd64 5.0.7-5 5.3.1-3+b1
21:03:11 status half-configured zsh:amd64 5.0.7-5
21:03:11 status unpacked zsh:amd64 5.0.7-5
21:03:11 status half-installed zsh:amd64 5.0.7-5
21:03:11 status half-installed zsh:amd64 5.0.7-5
21:03:11 status unpacked zsh:amd64 5.3.1-3+b1
21:03:11 status unpacked zsh:amd64 5.3.1-3+b1
21:03:11 upgrade zsh-common:all 5.0.7-5 5.3.1-3
21:03:11 status half-configured zsh-common:all 5.0.7-5
21:03:11 status unpacked zsh-common:all 5.0.7-5
21:03:11 status half-installed zsh-common:all 5.0.7-5
21:03:11 status half-installed zsh-common:all 5.0.7-5
21:03:11 status unpacked zsh-common:all 5.3.1-3
21:03:12 status unpacked zsh-common:all 5.3.1-3
21:05:44 configure zsh-common:all 5.3.1-3 
21:05:44 status unpacked zsh-common:all 5.3.1-3
21:05:44 status unpacked zsh-common:all 5.3.1-3
21:05:44 status unpacked zsh-common:all 5.3.1-3
21:05:44 status unpacked zsh-common:all 5.3.1-3
21:05:44 status unpacked zsh-common:all 5.3.1-3
21:05:44 status unpacked zsh-common:all 5.3.1-3
21:05:46 conffile /etc/zsh/zshrc keep
21:05:46 status unpacked zsh-common:all 5.3.1-3
21:05:46 status half-configured zsh-common:all 5.3.1-3
21:05:46 status installed zsh-common:all 5.3.1-3
21:05:46 configure zsh:amd64 5.3.1-3+b1 
21:05:46 status unpacked zsh:amd64 5.3.1-3+b1
21:05:46 status half-configured zsh:amd64 5.3.1-3+b1
21:05:46 status installed zsh:amd64 5.3.1-3+b1

alternatives.log update-alternatives:

21:05:46: run with --remove ksh /usr/bin/zsh
21:05:46: run with --remove ksh /bin/zsh4
21:05:46: run with --remove zsh /bin/zsh5
21:05:46: link group zsh fully removed
21:05:46: run with --remove rzsh /bin/zsh5
21:05:46: link group rzsh fully removed

--
ilf

Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung


signature.asc
Description: PGP signature

Bug#859478: offlineimap: 'maxage' comments are wrong, offlineimap DELETES your mails

[Cyril Brulebois]

Ilias Tsitsimpis  (2017-04-10):
> On Tue, Apr 04, 2017 at 07:10PM, Cyril Brulebois wrote:
> > > This should be fixed in newer versions of OfflineIMAP. Could you please
> > > give it a try?
> > 
> > Well, trying out new versions is something I can do, but it really doesn't
> > help with the fact that offlineimap in stable is responsible for data loss.
> 
> You are right, that's why I didn't close this bug report.
> 
> The patches that fix this bug should be:
> 
> https://github.com/OfflineIMAP/offlineimap/commit/25513e90387
> https://github.com/OfflineIMAP/offlineimap/commit/8096f6cd5bf
> 
> Unfortunately, backporting them is not trivial since they introduce
> changes in the core logic of OfflineIMAP.
> 
> Right now, I am considering uploading an updated version in stable,
> where the docs will mention that this feature should not be used, and
> there will also be a warning message in case it is used. Another option
> would be to completely disable this feature in stable (since it is
> broken and doesn't work as expected), but this may break older setups
> (and I would like to avoid this). What do you think?

Yeah, I initially thought about updating the docs, but that doesn't help
with longstanding ~/.offlineimaprc copied/edited from the example one. I
think updated docs + warning when this setting is used would be a good
compromise. This warning could get unnoticed though (because one might
run offlineimap from a loop, cron, screen)… but I think it'd leave users
a chance to avoid running into mail deletion. Would have worked for me
at least. :D


KiBi.


signature.asc
Description: Digital signature

Bug#860037: ITP: golang-github-neowaylabs-wabbit -- Golang AMQP mocking library

[Sascha Steinbiss]

Package: wnpp
Severity: wishlist
Owner: Sascha Steinbiss 

* Package name: golang-github-neowaylabs-wabbit
  Version : 0.0~git20170406.0.cfb5237-1
  Upstream Author : Neoway Business Solutions 
* URL : https://github.com/NeowayLabs/wabbit
* License : BSD-2-clause
  Programming Lang: Go
  Description : Golang AMQP mocking library

 AMQP is a verbose protocol that makes it difficult to implement proper
 unit-testing on your application. The goal of Wabbit is to provide a
 sane interface for an AMQP client implementation based on the specification
 AMQP-0-9-1 (no extension) and also an implementation of this interface
 using the well established streadway/amqp package.

Bug#859889: installation-reports: successful install on s390x, but no tasksel

[Cyril Brulebois]

Philipp Kern  (2017-04-08):
> I wasn't sure how to tell if reportbug already attached information.
> At least d-i's syslog is attached to this mail.

You seem to have a preseed file:
  https://people.debian.org/~pkern/preseed-s390x-auto.cfg

with: tasksel tasksel/first multiselect standard

Setting tasksel/first=standard on the kernel cmdline skips tasksel here.
Not unexpected I'd suppose?


KiBi.


signature.asc
Description: Digital signature