Bug#862945: unblock: jbig2dec/0.13-4.1

[Salvatore Bonaccorso]

On Fri, May 19, 2017 at 07:22:12AM +0200, Salvatore Bonaccorso wrote:
> The full debdiff is attached t othis mail as debdiff against the current
> version in testing.

Or not...

Salvatore
diff -Nru jbig2dec-0.13/debian/changelog jbig2dec-0.13/debian/changelog
--- jbig2dec-0.13/debian/changelog  2017-01-23 21:13:34.0 +0100
+++ jbig2dec-0.13/debian/changelog  2017-05-16 20:08:21.0 +0200
@@ -1,3 +1,13 @@
+jbig2dec (0.13-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Prevent integer overflow vulnerability (CVE-2017-7885) (Closes: #860460)
+  * Prevent SEGV due to integer overflow (CVE-2017-7975) (Closes: #860788)
+  * Bounds check before reading from image source data (CVE-2017-7976)
+(Closes: #860787)
+
+ -- Salvatore Bonaccorso   Tue, 16 May 2017 20:08:21 +0200
+
 jbig2dec (0.13-4) unstable; urgency=medium
 
   * Add patches cherry-picked upstream to squash signed/unsigned
diff -Nru jbig2dec-0.13/debian/patches/020170426~5e57e48.patch 
jbig2dec-0.13/debian/patches/020170426~5e57e48.patch
--- jbig2dec-0.13/debian/patches/020170426~5e57e48.patch1970-01-01 
01:00:00.0 +0100
+++ jbig2dec-0.13/debian/patches/020170426~5e57e48.patch2017-05-16 
20:08:21.0 +0200
@@ -0,0 +1,26 @@
+Description: Bug 697693: Prevent SEGV due to integer overflow.
+ While building a Huffman table, the start and end points were susceptible
+ to integer overflow.
+ .
+Thank you to Jiaqi for finding this issue and suggesting a patch.
+Origin: upstream, 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=697693
+Bug-Debian: https://bugs.debian.org/860788
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7975
+Forwarded: not-needed
+Author: Shailesh Mistry 
+Last-Update: 2017-05-16
+
+--- a/jbig2_huffman.c
 b/jbig2_huffman.c
+@@ -422,8 +422,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx,
+ 
+ if (PREFLEN == CURLEN) {
+ int RANGELEN = lines[CURTEMP].RANGELEN;
+-int start_j = CURCODE << shift;
+-int end_j = (CURCODE + 1) << shift;
++uint32_t start_j = CURCODE << shift;
++uint32_t end_j = (CURCODE + 1) << shift;
+ byte eflags = 0;
+ 
+ if (end_j > max_j) {
diff -Nru jbig2dec-0.13/debian/patches/020170503~b184e78.patch 
jbig2dec-0.13/debian/patches/020170503~b184e78.patch
--- jbig2dec-0.13/debian/patches/020170503~b184e78.patch1970-01-01 
01:00:00.0 +0100
+++ jbig2dec-0.13/debian/patches/020170503~b184e78.patch2017-05-16 
20:08:21.0 +0200
@@ -0,0 +1,27 @@
+Description: Bug 697703: Prevent integer overflow vulnerability.
+ Add extra check for the offset being greater than the size
+ of the image and hence reading off the end of the buffer.
+ .
+ Thank you to Dai Ge for finding this issue and suggesting a patch.
+Origin: upstream, 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=697703
+Bug-Debian: https://bugs.debian.org/860460
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7885
+Forwarded: not-needed
+Author: Shailesh Mistry 
+Last-Update: 2017-05-16
+---
+ jbig2dec/jbig2_symbol_dict.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/jbig2_symbol_dict.c
 b/jbig2_symbol_dict.c
+@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+ byte *dst = image->data;
+ 
+ /* SumatraPDF: prevent read access violation */
+-if (size - jbig2_huffman_offset(hs) < image->height * stride) 
{
++if ((size - jbig2_huffman_offset(hs) < image->height * 
stride) || (size < jbig2_huffman_offset(hs))) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, 
"not enough data for decoding (%d/%d)", image->height * stride,
+ size - jbig2_huffman_offset(hs));
+ jbig2_image_release(ctx, image);
diff -Nru jbig2dec-0.13/debian/patches/020170510~ed6c513.patch 
jbig2dec-0.13/debian/patches/020170510~ed6c513.patch
--- jbig2dec-0.13/debian/patches/020170510~ed6c513.patch1970-01-01 
01:00:00.0 +0100
+++ jbig2dec-0.13/debian/patches/020170510~ed6c513.patch2017-05-16 
20:08:21.0 +0200
@@ -0,0 +1,28 @@
+Description: Bug 697683: Bounds check before reading from image source data.
+ Add extra check to prevent reading off the end of the image source
+ data buffer.
+ .
+ Thank you to Dai Ge for finding this issue and suggesting a patch.
+Origin: upstream, 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=697683
+Bug-Debian: https://bugs.debian.org/860787
+Bug-Debian-Security: 

Bug#862945: unblock: jbig2dec/0.13-4.1

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi


Please unblock package jbig2dec

It fixes three CVEs (which as well were addressed in a DSA):

https://www.debian.org/security/2017/dsa-3855

+jbig2dec (0.13-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Prevent integer overflow vulnerability (CVE-2017-7885) (Closes: #860460)
+  * Prevent SEGV due to integer overflow (CVE-2017-7975) (Closes: #860788)
+  * Bounds check before reading from image source data (CVE-2017-7976)
+(Closes: #860787)
+
+ -- Salvatore Bonaccorso   Tue, 16 May 2017 20:08:21 +0200

unblock jbig2dec/0.13-4.1

The full debdiff is attached t othis mail as debdiff against the current
version in testing.

Thanks in advance already,

Regards,
Salvatore

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#861018: Permissions on folders and access problems

[Carsten Schoenert]

@all

Due a misspelled email address of Ulrike I'm just resend all again.

Sorry

Am 19.05.2017 um 07:11 schrieb Carsten Schoenert:
> Control: retitle -1 Thunderbird apparmor profile: access problem on /mnt
> 
> Hello Simon,
> 
> On Thu, May 18, 2017 at 06:51:14PM -0400, Simon Deziel wrote:
>> On Thu, 27 Apr 2017 12:01:47 +0100 Jim Cobley 
>> wrote:
>>> audit: type=1400 audit(1493287998.510:88): apparmor="DENIED" 
>>> operation="open" profile="thunderbird" 
>>> name="/mnt/Z/temp/Bluebell/TyreSize.jpg" pid=4537 comm="thunderbird" 
>>> requested_mask="r" denied_mask="r" fsuid=1900 ouid=1900
>>
>> Right, /mnt isn't accessible as the Apparmor policy mostly only
>> authorize reading files from $HOME and /opt. I think that granting read
>> access to the following directories:
>>
>> /data
>> /media
>> /mnt
>> /srv
>>
>> And let "owner" write to those would make sense. Carsten, I've pushed a
>> commit [*] doing just that.
> 
> thanks for taking care! I'll pick that up too.
> 
>>> audit: type=1400 audit(1493288317.390:149): apparmor="DENIED" 
>>> operation="exec" profile="thunderbird" 
>>> name="/usr/lib/firefox-esr/firefox-esr" pid=4906 comm="thunderbird" 
>>> requested_mask="x" denied_mask="x" fsuid=1900 ouid=0
>>
>> It seems like the ESR version of Firefox would need to be added to
>> "abstractions/ubuntu-browsers" or it's Debian equivalent.
> 
> The only file I've seen there on my system is for evince. I've installed
> firefox-esr.
> 
>> $ ls /etc/apparmor.d/abstractions
>> evince
> 
> @Ulrike
> You have better knowledge about the apparmor universe in Debian, what we
> need to do here?
> 
> ... 
>> *:
>> https://github.com/simondeziel/aa-profiles/blob/master/16.04/usr.bin.thunderbird
>> commit 51548d63b2
> 
> Regards
> Carsten
> 

-- 
Regards
Carsten Schoenert

Bug#861018: Permissions on folders and access problems

[Carsten Schoenert]

Control: retitle -1 Thunderbird apparmor profile: access problem on /mnt

Hello Simon,

On Thu, May 18, 2017 at 06:51:14PM -0400, Simon Deziel wrote:
> On Thu, 27 Apr 2017 12:01:47 +0100 Jim Cobley 
> wrote:
> > audit: type=1400 audit(1493287998.510:88): apparmor="DENIED" 
> > operation="open" profile="thunderbird" 
> > name="/mnt/Z/temp/Bluebell/TyreSize.jpg" pid=4537 comm="thunderbird" 
> > requested_mask="r" denied_mask="r" fsuid=1900 ouid=1900
> 
> Right, /mnt isn't accessible as the Apparmor policy mostly only
> authorize reading files from $HOME and /opt. I think that granting read
> access to the following directories:
> 
> /data
> /media
> /mnt
> /srv
> 
> And let "owner" write to those would make sense. Carsten, I've pushed a
> commit [*] doing just that.

thanks for taking care! I'll pick that up too.

> > audit: type=1400 audit(1493288317.390:149): apparmor="DENIED" 
> > operation="exec" profile="thunderbird" 
> > name="/usr/lib/firefox-esr/firefox-esr" pid=4906 comm="thunderbird" 
> > requested_mask="x" denied_mask="x" fsuid=1900 ouid=0
> 
> It seems like the ESR version of Firefox would need to be added to
> "abstractions/ubuntu-browsers" or it's Debian equivalent.

The only file I've seen there on my system is for evince. I've installed
firefox-esr.

> $ ls /etc/apparmor.d/abstractions
> evince

@Ulrike
You have better knowledge about the apparmor universe in Debian, what we
need to do here?

... 
> *:
> https://github.com/simondeziel/aa-profiles/blob/master/16.04/usr.bin.thunderbird
> commit 51548d63b2

Regards
Carsten

Bug#826026: Upstream 2.0 resolves #329192

[Donald Gordon]

Hi

I'm hitting bug #329192 (permanent SMTP failures are retried endlessly) a
lot.  Where did you get with posting an upgraded nullmailer package?

Regards

Donald

Bug#860981: CVE-2016-4484 still Exists

[??. ?]

Well, since Red Hat is not going to take any action, I think you are right

https://access.redhat.com/security/cve/cve-2016-4484

Best Regards,

XU Guang-zhao

Bug#862944: django-floppyforms: spelling error in description

[James Valleroy]

Package: django-floppyforms
Severity: minor
Tags: patch

Please see the attached patch to fix a spelling error in the package
description (foppy -> floppy).
From 6aecbca2730d9d72d3bf66a0578e4310adba107b Mon Sep 17 00:00:00 2001
From: James Valleroy 
Date: Thu, 18 May 2017 22:14:39 -0400
Subject: [PATCH] Fix spelling error in description

---
 debian/control | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian/control b/debian/control
index 03cf8bc..76d192d 100644
--- a/debian/control
+++ b/debian/control
@@ -35,7 +35,7 @@ Depends: python-django,
  ${python:Depends}
 Suggests: python-django-floppyforms-doc
 Description: better control of form rendering in Django
- Django-foppyforms is an application that gives you full control of the
+ Django-floppyforms is an application that gives you full control of the
  output of forms rendering. This is more a widgets library than a forms
  library but form fields are provided for convenience. The forms API and
  features are exactly the same as Django’s, the key difference is that
@@ -55,7 +55,7 @@ Depends: python3-django,
  ${python3:Depends}
 Suggests: python-django-floppyforms-doc
 Description: better control of form rendering in Django (Python3 version)
- Django-foppyforms is an application that gives you full control of the
+ Django-floppyforms is an application that gives you full control of the
  output of forms rendering. This is more a widgets library than a forms
  library but form fields are provided for convenience. The forms API and
  features are exactly the same as Django’s, the key difference is that
@@ -74,7 +74,7 @@ Section: doc
 Architecture: all
 Depends: ${misc:Depends}, ${sphinxdoc:Depends}
 Description: better control of form rendering in Django (Documentation)
- Django-foppyforms is an application that gives you full control of the
+ Django-floppyforms is an application that gives you full control of the
  output of forms rendering. This is more a widgets library than a forms
  library but form fields are provided for convenience. The forms API and
  features are exactly the same as Django’s, the key difference is that
-- 
2.11.0



signature.asc
Description: OpenPGP digital signature

Bug#861754: libpll: FTBFS on non-x86: x86intrin.h: No such file or directory

[Aaron M. Ucko]

Christian Seiler  writes:

> On 05/16/2017 01:28 PM, James Cowgill wrote:
>> +ifneq ($(filter $(DEB_HOST_ARCH_CPU), amd64 i386),)
>
> Also, you should add x32 to the list of archs next to amd64 and
> i386 where SSE3 and higher should be disabled.

AFAICT, amd64 should cover it:

$ dpkg-architecture -ax32 -qDEB_HOST_ARCH
x32
$ dpkg-architecture -ax32 -qDEB_HOST_ARCH_CPU
amd64

I suppose that also bears mention in a comment, though.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#862051: Refer #862051 to ctte (WAS: nodejs-legacy: possibly drop this package, now that ax25-node has been removed?)

[James Lu]

Control: reassign -1 tech-ctte
Control: retitle -1 Rename nodejs back to node for buster, now that
ax25-node has been removed?

Dear tech-ctte,

In 2012, the decision was made to rename Node.js' "node" name to
nodejs-legacy, and transition the existing "node" package to ax25-node.
However, ax25-node (and the "node" package following) were removed in
2015 citing lack of activity:
https://packages.qa.debian.org/n/node.html

Thus, would it be possible to revert the original decision, and rename
nodejs back to node in the next Debian release? Doing so would make
working with JavaScript programs outside of Debian a lot easier, as
projects tend to hardcode the "node" interpreter name.

Best,
James

On Thu, 18 May 2017 22:12:00 +0200 =?utf-8?b?SsOpcsOpbXkgTGFs?=
 wrote:
> Package: nodejs-legacy
> Version: 6.10.2~dfsg-1
> Followup-For: Bug #862051
> 
> I would love to do that, but the reason behind the rename came from
> https://bugs.debian.org/614907.
> 
> Feel free to ask TC to find a new solution.
> 
> Jérémy

Bug#862943: texlive-binaries: online display does not work in MetaFont

[Igor Liferenko]

Package: texlive-binaries
Version: 2016.20160513.41080.dfsg-2
Severity: important

Dear Maintainer,

Consider this example "test.mf":

drawdot (35,70); showit;

If we run "mf test" the graphics window comes up but nothing is displayed.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages texlive-binaries depends on:
ii  dpkg  1.18.23
ii  install-info  6.3.0.dfsg.1-1+b2
ii  libc6 2.24-10
ii  libcairo2 1.14.8-1
ii  libfontconfig12.11.0-6.7+b1
ii  libfreetype6  2.6.3-3.2
ii  libgcc1   1:6.3.0-16
ii  libgmp10  2:6.1.2+dfsg-1
ii  libgraphite2-31.3.9-4
ii  libgs99.20~dfsg-3.1
ii  libharfbuzz-icu0  1.4.2-1
ii  libharfbuzz0b 1.4.2-1
ii  libice6   2:1.0.9-2
ii  libicu57  57.1-6
ii  libkpathsea6  2016.20160513.41080.dfsg-2
ii  libmpfr4  3.1.5-1
ii  libpaper1 1.1.24+nmu5
ii  libpixman-1-0 0.34.0-1
ii  libpng16-16   1.6.28-1
ii  libpoppler64  0.48.0-2
ii  libpotrace0   1.13-3
ii  libptexenc1   2016.20160513.41080.dfsg-2
ii  libsm62:1.2.2-1+b3
ii  libstdc++66.3.0-16
ii  libsynctex1   2016.20160513.41080.dfsg-2
ii  libtexlua52   2016.20160513.41080.dfsg-2
ii  libtexluajit2 2016.20160513.41080.dfsg-2
ii  libx11-6  2:1.6.4-3
ii  libxaw7   2:1.0.13-1+b2
ii  libxext6  2:1.3.3-1+b2
ii  libxi62:1.7.9-1
ii  libxmu6   2:1.1.2-2
ii  libxpm4   1:3.5.12-1
ii  libxt61:1.1.5-1
ii  libzzip-0-13  0.13.62-3+b2
ii  perl  5.24.1-2
ii  t1utils   1.39-2
ii  tex-common6.06
ii  zlib1g1:1.2.8.dfsg-5

Versions of packages texlive-binaries recommends:
ii  python2.7.13-2
ii  ruby  1:2.3.3
ii  texlive-base  2016.20170123-5
ii  tk [wish] 8.6.0+9

texlive-binaries suggests no packages.

-- no debconf information

Bug#814755: texlive-binaries: LuaTeX "checksum mismatch" warnings in some OVF fonts on 64bit

[Igor Liferenko]

This has been fixed: http://tracker.luatex.org/view.php?id=965
The bug report may be closed.

Bug#862529: uncommons-watchmaker-doc: Rename the documentation package to lib*-java-doc

[Emmanuel Bourg]

On 05/18/2017 06:48 PM, 殷啟聰 wrote:
> The reason behind this package name is that it provides the Javadoc
> for both of the 2 library packages
> (libuncommons-watchmaker-framework-java &
> libuncommons-watchmaker-swing-java). If I split their Javadocs, there
> will be dead hyperlinks (or in fact the class fullname instead of
> hyperlinks) throughout the Javadoc of
> libuncommons-watchmaker-swing-java.

I agree this is a tricky case. I'm not even sure maven-debian-helper is
able to wire properly the javadocs of different modules from the same
package. In this case I'd suggest basing the name of the javadoc package
on the main binary package, so here that would be
libuncommons-watchmaker-framework-java-doc.


> pkg:gradle-doc follows the same reason, I guess. Besides, I fail to
> find a javadoc package naming rule in the current Debian Java Policy.

gradle is a bit different, it's a command line tool and not a library.

You are right to point out this isn't specified in the policy. The
lib*-java-doc pattern is commonly used though and for consistency it
would be good to stick to it.

Bug#862824: xserver-xorg-core: tigervncserver crash in WriteToClient shortly after VNC client connecs

[Michel Dänzer]

On 18/05/17 09:32 PM, Rafal wrote:
> 
> One notice not related to this error. I'm looking at FlushClient
> function in io.c and I see one weird thing. It contains the following "if":
> 
> if (trans_conn && (len = _XSERVTransWritev(trans_conn, iov, i))
>>= 0) {...
> 
> Later there are "else if" constructs with checks of errno variable, but
> it makes sense to check errno only when _XSERVTransWritev() was invoked
> and returned error. If the trans_conn variable is set to 0, the errno is
> 0 (it is set before the "if"). In particular when SUSNSYSV is defined,
> the second "if" is always true when trans_conn is NULL. I think it was
> not the intention.

Such questions should be directed upstream, e.g. on the
xorg-de...@lists.freedesktop.org mailing list.


-- 
Earthling Michel Dänzer   |   http://www.amd.com
Libre software enthusiast | Mesa and X developer

Bug#857766: wget failed to download

[Ctzn]

This package is outdated; points to a wrong and unavailable download
of the flashplugin.
Currently pointing to 24.0.0.186; Needs to be updated to 25.0.0.171
Maybe convert Ubuntu's tool to Debian?

Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.

Sent with [ProtonMail](https://protonmail.com) Secure Email.

Bug#862942: firefox-esr: Attempting to launch Firefox locks up my Stretch RC3 system

[Len Huppe]

Package: firefox-esr
Version: 45.9.0esr-1
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***

Running Stretch RC3 with all updates as of 5-18-17. Attempting to launch
Firefox locks up my system. When I tried to launch it froma command line I got
the following:

"An error occurred while loading or saving configuration information for
firefox-esr. Some of your configuration settings may not work properly.

No D-BUS daemon running"

When I ran # dmesg | grep failed I got:

[1.174383] acpi PNP0A03:00: _OSC failed (AE_NOT_FOUND); disabling ASPM










-- Package-specific info:

-- Extensions information
Name: Adblock Plus
Location: ${PROFILE_EXTENSIONS}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Status: enabled

Name: AdBlocker for YouTube™
Location: ${PROFILE_EXTENSIONS}/jid1-q4sg8pyhq8k...@jetpack.xpi
Status: enabled

Name: Default theme
Location: 
/usr/lib/firefox-esr/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Package: firefox-esr
Status: enabled

Name: Disconnect
Location: ${PROFILE_EXTENSIONS}/2...@disconnect.me.xpi
Status: enabled

Name: Element Hiding Helper for Adblock Plus
Location: ${PROFILE_EXTENSIONS}/elemhidehel...@adblockplus.org.xpi
Status: enabled

Name: Firefox Hello Beta
Location: ${PROFILE_EXTENSIONS}/l...@mozilla.org.xpi
Status: enabled

Name: New Tab Homepage
Location: ${PROFILE_EXTENSIONS}/{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
Status: enabled

Name: NoScript
Location: ${PROFILE_EXTENSIONS}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
Status: enabled

Name: Open Bookmarks in New Tab
Location: ${PROFILE_EXTENSIONS}/openbookmarkin...@piro.sakura.ne.jp.xpi
Status: enabled

Name: YouTube Video and Audio Downloader
Location: ${PROFILE_EXTENSIONS}/feca4b87-3be4-43da-a1b1-137c24220...@jetpack.xpi
Status: enabled

-- Plugins information
Name: IcedTea-Web Plugin (using IcedTea-Web 1.6.2 (1.6.2-3.1))
Location: /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/IcedTeaPlugin.so
Package: icedtea-8-plugin:amd64
Status: enabled

Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: enabled


-- Addons package information
ii  firefox-esr45.9.0esr-1  amd64Mozilla Firefox web browser - Ext
ii  icedtea-8-plug 1.6.2-3.1amd64web browser plugin based on OpenJ
ii  rhythmbox-plug 3.4.1-2+b1   amd64plugins for rhythmbox music playe

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox-esr depends on:
ii  debianutils   4.8.1
ii  fontconfig2.11.0-6.7+b1
ii  libasound21.1.3-5
ii  libatk1.0-0   2.22.0-1
ii  libc6 2.24-10
ii  libcairo2 1.14.8-1
ii  libdbus-1-3   1.10.18-1
ii  libdbus-glib-1-2  0.108-2
ii  libevent-2.0-52.0.21-stable-3
ii  libffi6   3.2.1-6
ii  libfontconfig12.11.0-6.7+b1
ii  libfreetype6  2.6.3-3.2
ii  libgcc1   1:6.3.0-16
ii  libgdk-pixbuf2.0-02.36.5-2
ii  libglib2.0-0  2.50.3-2
ii  libgtk2.0-0   2.24.31-2
ii  libhunspell-1.4-0 1.4.1-2+b2
ii  libnspr4  2:4.12-6
ii  libnss3   2:3.26.2-1
ii  libpango-1.0-01.40.5-1
ii  libsqlite3-0  3.16.2-3
ii  libstartup-notification0  0.12-4+b2
ii  libstdc++66.3.0-16
ii  libvpx4   1.6.1-3
ii  libx11-6  2:1.6.4-3
ii  libxcomposite11:0.4.4-2
ii  libxdamage1   1:1.1.4-2+b3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes31:5.0.3-1
ii  libxrender1   1:0.9.10-1
ii  libxt61:1.1.5-1
ii  procps2:3.3.12-3
ii  zlib1g1:1.2.8.dfsg-5

Versions of packages firefox-esr recommends:
ii  gstreamer1.0-libav 1.10.4-1
ii  gstreamer1.0-plugins-good  1.10.4-1

Versions of packages firefox-esr suggests:
pn  fonts-lmodern  
pn  fonts-stix | otf-stix  
ii  libcanberra0   0.30-3
ii  libgnomeui-0   2.24.5-3.1
ii  libgssapi-krb5-2   1.15-1
pn  mozplugger 

-- no debconf information

Bug#862941: binNMUs needed for multiple arm64 packages (#850814)

[Steve McIntyre]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hey folks,

As first discussed a while back, we've had a bug in gold which caused
some broken builds of some arm64 packages. These were mostly in
backports, with a few example in the early life of stretch. Now that
#850814 is fixed and we have an updated binutils in stable too, I've
re-scanned the archive for arm64 binaries with broken alignment. Please
binNMU the following (I hope I got the syntax right!):

Backports:

 nmu haskell-cabal_1.22.4.0-2~bpo8+1 . arm64 . jessie-backports -m "Rebuild 
with fixed binutils"
 nmu haskell-hierarchical-clustering_0.4.6-1~bpo8+1 . arm64 . jessie-backports 
-m "Rebuild with fixed binutils"
 nmu haskell-http_4000.2.20-3~bpo8+1 . arm64 . jessie-backports . -m "Rebuild 
with fixed binutils"
 nmu haskell-mtl_2.2.1-2~bpo8+1 . arm64 . jessie-backports . -m "Rebuild with 
fixed binutils"
 nmu haskell-network_2.6.2.1-3~bpo8+1 . arm64 . jessie-backports . -m "Rebuild 
with fixed binutils"
 nmu haskell-network-uri_2.6.0.3-3~bpo8+1 . arm64 . jessie-backports . -m 
"Rebuild with fixed binutils"
 nmu haskell-old-locale_1.0.0.7-2~bpo8+1 . arm64 . jessie-backports . -m 
"Rebuild with fixed binutils"
 nmu haskell-old-time_1.1.0.3-2~bpo8+1 . arm64 . jessie-backports . -m "Rebuild 
with fixed binutils"
 nmu haskell-parsec_3.1.9-4~bpo8+1 . arm64 . jessie-backports . -m "Rebuild 
with fixed binutils"
 nmu haskell-prettyclass_1.0.0.0-4~bpo8+1 . arm64 . jessie-backports . -m 
"Rebuild with fixed binutils"
 nmu haskell-random_1.1-3~bpo8+1 . arm64 . jessie-backports . -m "Rebuild with 
fixed binutils"
 nmu haskell-stm_2.4.4-4~bpo8+1 . arm64 . jessie-backports . -m "Rebuild with 
fixed binutils"
 nmu haskell-text_1.2.1.3-2~bpo8+1 . arm64 . jessie-backports . -m "Rebuild 
with fixed binutils"
 nmu haskell-zlib_0.5.4.2-4~bpo8+1 . arm64 . jessie-backports . -m "Rebuild 
with fixed binutils"
 nmu systemd_230-7~bpo8+2 . arm64 . jessie-backports . -m "Rebuild with fixed 
binutils"
 nmu wine-development_2.0.3~bpo8+1 . arm64 . jessie-backports . -m "Rebuild 
with fixed binutils"

Unstable:

 nmu wine-development_2.0.3 . arm64 . -m "Rebuild with fixed binutils"

Experimental:

 nmu wine-development_2.8-1 . arm64 . experimental . -m "Rebuild with fixed 
binutils"
 nmu wine-2.0.1-1 . arm64 . experimental . -m "Rebuild with fixed binutils"

I'm *guessing* all the Haskell packages might involve triggering more
rebuild of all the rdeps too, not sure...


-- System Information:
Debian Release: 8.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#861612: pixbros: level designs appear to be non-free

[Steve Cotton]

On Fri, May 12, 2017 at 11:03:24PM +0200, Markus Koschany wrote:
> What we need to check is: Does the game comply with the DFSG and does it
> infringe the copyright of another programmer/artist. In my opinion that
> is not the case here because the license is DFSG-compatible and the game
> looks and works differently in style and artwork. We are not aware of a
> verdict which states that the level resemblance infringes the rights of
> another party.

Hi Markus,

To clarify, I think it's a copyright violation.  The copyrights in
question are the layout of the levels, the level designers' choices of
where the platforms are.  For a simple level like level 30 it would be
unremarkable for games in the same genre to have a similar level, but
not the complex designs of most of the levels from 31 to 49.

> This whole bug report reminds me of Giana Sisters, ...

> On the other hand we have many open source games that try to clone an
> older game but they look and behave often differently and use their own
> graphics or they just reinvent the engine and then use the original
> artwork (hence why those games are shipped in contrib)

But the ones in contrib using original artwork only have the DFSG
parts in contrib, the copy of the original artwork isn't in contrib.

> Look at Pathological which is obviously a clone of Logical or Tuxpuck
> which very much resembles the Shuffle Puck Cafe game. Are they non-free
> too? I don't think so because I have played the original games and I can
> tell you that the older games had both better graphics, more levels and
> were more feature complete. They resemble each other but they are not on
> a par and the risk that some company sues Debian just for distributing
> them is highly unlikely because we make no money with them either.

Just as they used new artwork, Pathological used (AFAIK) new level
designs. The first level looks like a level of Logical, but that's
forced by the genre, there's a limited set of level designs for a
tutorial level that introduces the concept of the game.

With tuxpuck the level design seems to be a rectangular table, with a
rectangular area of that table that the player can move the bat to.

Neither of these games seems to have a direct copy from the game that
inspired them.

Regards,
Steve

Bug#758004: uswsusp: package does not play well with systemd

[Ximin Luo]

Package: uswsusp
Version: 1.0+20120915-6.1+b1
Followup-For: Bug #758004

Dear Maintainer,

An effective workaround is to use systemd overrides as mentioned earlier, from
the Arch Linux wiki. Adapted for Debian, this becomes:

$ cat 
/etc/systemd/system/systemd-{suspend,hybrid-sleep,hibernate}.service.d/override.conf
[Service]
ExecStart=
ExecStartPre=-/usr/bin/run-parts -v -a pre /lib/systemd/system-sleep
ExecStart=/usr/sbin/{s2ram,s2both,s2disk}
ExecStartPost=-/usr/bin/run-parts -v --reverse -a post /lib/systemd/system-sleep

Or you can mix-and-match as desired; for example I'm using {suspend,s2both}
because the XFCE GUI doesn't have a "hybrid sleep" option.

This works even if the whole disk is encrypted, including the swap partition.
After your initramfs decrypts the relevant partitions, the s2disk resume logic
kicks in as normal.

X

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages uswsusp depends on:
ii  debconf [debconf-2.0]  1.5.60
ii  libblkid1  2.29.2-1
ii  libc6  2.24-10
ii  liblzo2-2  2.08-1.2+b2
ii  libpci31:3.5.2-1
ii  libx86-1   1.1+ds1-10.2

Versions of packages uswsusp recommends:
ii  initramfs-tools  0.130
ii  mount2.29.2-1

uswsusp suggests no packages.

-- debconf information excluded

Bug#862940: RFS: slick-greeter/1.0.3-1 ITP

[foss.freedom]

Package: sponsorship-requests
Severity: wishlist

  Dear mentors,

  I am looking for a sponsor for my package "slick-greeter"

 * Package name: slick-greeter
   Version : 1.0.3-1
   Upstream Author :  Clement Lefebvre 
 * URL : https://github.com/linuxmint/slick-greeter/
 * License : GPL-3+
   Section : x11

  It builds those binary packages:

slick-greeter - Slick-looking LightDM greeter

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/slick-greeter


  Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/s/slick-greeter/slick-greeter_1.0.3-1.dsc

Notes:

 Slick-Greeter has been created by Linux Mint as their primary LightDM
greeter for their distro.  It is being promoted as a distro-agnostic
greeter.  I am aware it is available in several non-Debian based
distro's.
Given the limited number of LightDM based greeters available in Debian
I believe this is a good complement for Debian with a long-term
upstream viability.

Packaging issues.

Linux Mint do not PGP sign their packages.  The upstream tarball
contains their Debian package specific to their Distro. I asked the
question whether they would separate distro specific packaging from
the source but this was declined
-https://github.com/linuxmint/slick-greeter/issues/22

As such to build this package I am prepared to maintain the Debian
package under our distro GithHub organisation Ubuntu Budgie

To build this I have had to-do the following:
uscan to autodownload the upstream tarball via the debian/watch in
this Debian package
Unpack the published upstream tarball.
Remove the upstream Debian folder and its contents
Copy back from the published UbuntuBudgie slick-greeter debian branch
the Debian package.

This Debian package contains one patch - this is to replace the
upstream specific font dependency with what I consider a good font
available in Debian and all Debian based distros (font-cantarell)

I'm aware of the release state of Stretch; this package is therefore
not appropriate for Stretch.

Please let me know if experimental is perhaps more appropriate than
unstable given the status of Stretch.

I can confirm that the necessary build dependency differences between
Ubuntu and Debian have been met here i.e. builds successfully both on
Debian and Ubuntu without needing separate distro packages.

Have run check-all-the-things on the source and adjusted the
debian/copyright accordingly.  Doesnt appear to be any other changes
required as a result of the check-all-the-things output.

Also ran lintian -i -I on the built changes and this returned no issues.


  Changes since the last upload:

   * Initial release. (Closes: #862934)


  Regards,
   David Mohammed

Bug#861754: libpll: FTBFS on non-x86: x86intrin.h: No such file or directory

[Christian Seiler]

Hi,

a small comment on the patch:

On 05/16/2017 01:28 PM, James Cowgill wrote:
>  override_dh_auto_configure:
> - ./autogen.sh
> -ifeq ($(DEB_BUILD_ARCH),i386)
> - ./autogen.sh --disable-avx --disable-sse
> - dh_auto_configure -- --disable-avx --disable-sse
> +ifneq ($(filter $(DEB_HOST_ARCH_CPU), amd64 i386),)
> + dh_auto_configure
>  else
> - ./autogen.sh --disable-avx
> - dh_auto_configure -- --disable-avx
> + dh_auto_configure -- --disable-sse --disable-avx --disable-avx2
>  endif

At first glance this appears to be wrong, as SSE2 is part of the
amd64 base ISA. However, --disable-sse actually disables SSE3
(not part of amd64 base ISA), so it's not actually wrong - you'd
probably want to add a comment to d/rules that indicates that
--disable-sse is for SSE3 though.

Also, you should add x32 to the list of archs next to amd64 and
i386 where SSE3 and higher should be disabled.

Regards,
Christian

Bug#862939: RFP : golang-github-fatih-color-dev -- Color package for Go

[Jeffrey Cliff]

Package: wnpp
Severity: wishlist
Upstream Author : Fatih Arslan 
URL : https://github.com/fatih/color/
License : MIT
Language : Go
Description :   Color lets you use colorized outputs in terms of ANSI
Escape Codes in Go (Golang). The API can be used in several ways, pick one
that suits you.

Bug#862938: RFP : gostack-stack -- utilities to capture, manipulate, and format call stacks

[Jeffrey Cliff]

Package: wnpp
Severity: wishlist
Upstream Author : Chris Hines
URL : https://github.com/go-stack/stack
License : MIT
Language : Go
Description :  Package stack implements utilities to capture, manipulate,
and format call stacks. It provides a simpler API than package runtime.

The implementation takes care of the minutia and special cases of
interpreting the program counter (pc) values returned by runtime.Callers.

Bug#861686: unblock: openssl/1.1.0e-2

[Cyril Brulebois]

Sebastian Andrzej Siewior  (2017-05-18):
> On 2017-05-07 16:39:00 [+], Niels Thykier wrote:
> > Sebastian Andrzej Siewior:
> > > uploaded and built on all releases architectures.
> > 
> > Ack/RT unblock, CC'ing KiBi for a d-i ack.
> 
> I don't want to rush or anything but in case it got forgotten, we are
> still waiting for the d-i ack.

Thanks for prodding, I indeed missed the request initially…

No objections, and sorry for the lag.


KiBi.


signature.asc
Description: Digital signature

Bug#861018: Permissions on folders and access problems

[Simon Deziel]

On Thu, 27 Apr 2017 12:01:47 +0100 Jim Cobley 
wrote:
> audit: type=1400 audit(1493287998.510:88): apparmor="DENIED" 
> operation="open" profile="thunderbird" 
> name="/mnt/Z/temp/Bluebell/TyreSize.jpg" pid=4537 comm="thunderbird" 
> requested_mask="r" denied_mask="r" fsuid=1900 ouid=1900

Right, /mnt isn't accessible as the Apparmor policy mostly only
authorize reading files from $HOME and /opt. I think that granting read
access to the following directories:

/data
/media
/mnt
/srv

And let "owner" write to those would make sense. Carsten, I've pushed a
commit [*] doing just that.

> audit: type=1400 audit(1493288317.390:149): apparmor="DENIED" 
> operation="exec" profile="thunderbird" 
> name="/usr/lib/firefox-esr/firefox-esr" pid=4906 comm="thunderbird" 
> requested_mask="x" denied_mask="x" fsuid=1900 ouid=0

It seems like the ESR version of Firefox would need to be added to
"abstractions/ubuntu-browsers" or it's Debian equivalent.

Regards,
Simon


*:
https://github.com/simondeziel/aa-profiles/blob/master/16.04/usr.bin.thunderbird
commit 51548d63b2



signature.asc
Description: OpenPGP digital signature

Bug#862727: ITP: libjasper -- JasPer JPEG-2000 runtime library

[Adam Cécile]

Control:retitle -1 ITP: jasper -- JasPer JPEG-2000 runtime library

Bug#862727: ITP: libjasper -- JasPer JPEG-2000 runtime library

[Adam Cécile]

Control:retitle -1 ITP: libjasper -- JasPer JPEG-2000 runtime library

Bug#858031: Please make volume id for netinst different from DVD

[Steve McIntyre]

Control: tag -1 +pending

On Thu, May 18, 2017 at 09:38:43PM +0200, Guido Günther wrote:
>On Thu, May 18, 2017 at 08:31:18AM +0200, Thomas Schmitt wrote:
>> Hi,
>> 
>> Guido Günther wrote:
>> > > Volume id: Debian stretch-DI-rc2 amd64 1
>> > > [...]
>> > > >If the netinst variant would contain netinst or similar
>> 
>> Steve McIntyre wrote:
>> > I understand, yes. The problem we have is that the volume ID is very
>> > limited in space available. We've run out... :-/ 
>> 
>> How about replacing the volume number "1" by "n" ?
>
>That would be great!

ACK, that's a good option. :-)

I've just committed code to do that, let's see how it looks on the
next daily/weekly builds.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Every time you use Tcl, God kills a kitten." -- Malcolm Ray

Bug#862937: unblock: firejail/0.9.44.8-2

[Reiner Herrmann]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package firejail

Version 0.9.44.8-2 includes a cherry-picked patch that fixes a memory
corruption which leads to a crash when firejail is called with certain
options (#862083).

Kind regards,
  Reiner

unblock firejail/0.9.44.8-2
diff -Nru firejail-0.9.44.8/debian/changelog firejail-0.9.44.8/debian/changelog
--- firejail-0.9.44.8/debian/changelog  2017-01-19 23:14:35.0 +0100
+++ firejail-0.9.44.8/debian/changelog  2017-05-09 21:15:19.0 +0200
@@ -1,3 +1,10 @@
+firejail (0.9.44.8-2) unstable; urgency=medium
+
+  * Cherry-pick upstream patch for memory corruption in noblacklist
+processing (Closes: #862083).
+
+ -- Reiner Herrmann   Tue, 09 May 2017 21:15:19 +0200
+
 firejail (0.9.44.8-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru 
firejail-0.9.44.8/debian/patches/0001-bugfix-ugly-memory-corruption-in-noblacklist-process.patch
 
firejail-0.9.44.8/debian/patches/0001-bugfix-ugly-memory-corruption-in-noblacklist-process.patch
--- 
firejail-0.9.44.8/debian/patches/0001-bugfix-ugly-memory-corruption-in-noblacklist-process.patch
1970-01-01 01:00:00.0 +0100
+++ 
firejail-0.9.44.8/debian/patches/0001-bugfix-ugly-memory-corruption-in-noblacklist-process.patch
2017-05-09 21:10:12.0 +0200
@@ -0,0 +1,241 @@
+From: netblue30 
+Subject: [PATCH] bugfix: ugly memory corruption in noblacklist processing
+Origin: upstream, 
https://github.com/netblue30/firejail/commit/ad51fb7489a148ed87abe367a82e0d25203b2d28
+Debian-Bug: https://bugs.debian.org/862083
+
+diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
+index 13be6b11..d1445ea3 100644
+--- a/src/firejail/firejail.h
 b/src/firejail/firejail.h
+@@ -631,6 +631,7 @@ void run_symlink(int argc, char **argv);
+ 
+ // paths.c
+ char **build_paths(void);
++unsigned int count_paths(void);
+ 
+ // fs_mkdir.c
+ void fs_mkdir(const char *name);
+diff --git a/src/firejail/fs.c b/src/firejail/fs.c
+index 3ea4725b..3efaae93 100644
+--- a/src/firejail/fs.c
 b/src/firejail/fs.c
+@@ -436,26 +436,35 @@ void fs_blacklist(void) {
+ 
+   // Process noblacklist command
+   if (strncmp(entry->data, "noblacklist ", 12) == 0) {
+-  char **paths = build_paths();
+-
+-  char *enames[sizeof(paths)+1] = {0};
+-  int i = 0;
++  char **enames;
++  int i;
+ 
+   if (strncmp(entry->data + 12, "${PATH}", 7) == 0) {
+   // expand ${PATH} macro
+-  while (paths[i] != NULL) {
+-  if (asprintf([i], "%s%s", 
paths[i], entry->data + 19) == -1)
++  char **paths = build_paths();
++  unsigned int npaths = count_paths();
++  enames = calloc(npaths, sizeof(char *));
++  if (!enames)
++  errExit("calloc");
++
++  for (i = 0; paths[i]; i++) {
++  if (asprintf([i], "%s%s", 
paths[i],
++  entry->data + 19) == -1)
+   errExit("asprintf");
+-  i++;
+   }
+-  } else {
++  assert(enames[npaths-1] == 0);
++
++  }
++  else {
+   // expand ${HOME} macro if found or pass as is
++  enames = calloc(2, sizeof(char *));
++  if (!enames)
++  errExit("calloc");
+   enames[0] = expand_home(entry->data + 12, 
homedir);
+-  enames[1] = NULL;
++  assert(enames[1] == 0);
+   }
+ 
+-  i = 0;
+-  while (enames[i] != NULL) {
++  for (i = 0; enames[i]; i++) {
+   if (noblacklist_c >= noblacklist_m) {
+   noblacklist_m *= 2;
+   noblacklist = realloc(noblacklist, 
sizeof(*noblacklist) * noblacklist_m);
+@@ -463,12 +472,9 @@ void fs_blacklist(void) {
+   errExit("failed increasing 
memory for noblacklist entries");
+   }
+   noblacklist[noblacklist_c++] = enames[i];
+-  i++;
+   }
+ 
+-  while (enames[i] != NULL) {
+-  free(enames[i]);
+- 

Bug#862936: ITA: fonts-sil-annapurna -- smart font for languages using Devanagari script

[Bobby de Vos]

Package: wnpp
Version: N/A; reported 2017-05-18
Severity: normal

The current maintainer, Daniel Glassey, has requested that I take over
the packaging of the fonts that SIL International produces, such as this
font.

Bobby

-- 
Bobby de Vos
/bobby_de...@sil.org/

Bug#862935: installation-reports: vmlinuz missing from armhf netboot SD image

[Ben Harris]

Package: installation-reports
Severity: important

-- Package-specific info:

Boot method: netboot SD-card image
Image version: 
http://ftp.nl.debian.org/debian/dists/testing/main/installer-armhf/current/images/netboot/SD-card-images/partition.img.gz
 [20170407]
Date: 2017-05-18T22:00+01:00

Machine: BeagleBone Black
Partitions:

Disk /dev/mmcblk1: 3.6 GiB, 3825205248 bytes, 7471104 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0aa12372

Device Boot   Start End Sectors  Size Id Type
/dev/mmcblk1p1 *   2048  438271  436224  213M 83 Linux
/dev/mmcblk1p2   438272 6483967 6045696  2.9G 83 Linux
/dev/mmcblk1p3  6486014 7469055  983042  480M  5 Extended
/dev/mmcblk1p5  6486016 7469055  983040  480M 82 Linux swap / Solaris

Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [E]
Detect network card:[O]
Configure network:  [O]
Detect CD:  [ ]
Load installer modules: [O]
Clock/timezone setup:   [O]
User/password setup:[O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[O]
Install tasks:  [O]
Install boot loader:[O]
Overall install:[O]

Comments/Problems:

I installed the system using a serial console from an Ubuntu 16.04 box 
using picocom and GNOME Terminal.  I also used this Ubuntu box for 
downloading and manipulating boot images.


I assembled an image from parts in images/netboot/SD-card-images:

zcat firmware.BeagleBoneBlack.img.gz partition.img.gz | sudo sh -c 'cat > 
/dev/sdc'

This failed to boot on my BeagleBone Black.  Here is the console log:

8<
U-Boot SPL 2016.11+dfsg1-4 (Mar 27 2017 - 18:39:51)
Trying to boot from MMC1
MMC partition switch failed
*** Warning - MMC partition switch failed, using default environment



U-Boot 2016.11+dfsg1-4 (Mar 27 2017 - 18:39:51 +)

CPU  : AM335X-GP rev 2.1
I2C:   ready
DRAM:  512 MiB
MMC:   OMAP SD/MMC: 0, OMAP SD/MMC: 1
*** Warning - bad CRC, using default environment

 not set. Validating first E-fuse MAC
Net:   cpsw
Press SPACE to abort autoboot in 2 seconds
switch to partitions #0, OK
mmc0 is current device
SD/MMC found on device 0
reading boot.scr
1575 bytes read in 6 ms (255.9 KiB/s)
Running bootscript from mmc0 ...
## Executing script at 8200
Mainline u-boot / new-style environment detected.
This installer medium does not contain a suitable device-tree file for
this system (am335x-boneblack.dtb). Aborting boot process.
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0:1...
Found U-Boot script /boot.scr
reading /boot.scr
1575 bytes read in 7 ms (219.7 KiB/s)
## Executing script at 8000
Mainline u-boot / new-style environment detected.
reading vmlinuz
** Unable to read file vmlinuz **
SCRIPT FAILED: continuing...
switch to partitions #0, OK
mmc0 is current device
SD/MMC found on device 0
switch to partitions #0, OK
mmc0 is current device
SD/MMC found on device 0
reading boot.scr
1575 bytes read in 6 ms (255.9 KiB/s)
Running bootscript from mmc0 ...
## Executing script at 8200
Mainline u-boot / new-style environment detected.
reading vmlinuz
** Unable to read file vmlinuz **
** Invalid partition 2 **
switch to partitions #0, OK
mmc1(part 0) is current device
Scanning mmc 1:1...
switch to partitions #0, OK
mmc1(part 0) is current device
SD/MMC found on device 1
switch to partitions #0, OK
mmc1(part 0) is current device
SD/MMC found on device 1
reading boot.scr
** Unable to read file boot.scr **
reading uEnv.txt
** Unable to read file uEnv.txt **
** File not found /boot/zImage **
## Error: "bootcmd_nand0" not defined
starting USB...
USB0:   Port not available.
cpsw Waiting for PHY auto negotiation to complete. TIMEOUT !
BOOTP broadcast 1
>8

The critical line seems to be "** Unable to read file vmlinuz **". 
Indeed, there's no file called "vmlinuz" on the SD card.  I tried to copy 
on the "vmlinuz" from images/netboot, but that failed:


bjh21@sole:/tmp/debian-stretch-rc3$ sudo cp vmlinuz /media/bjh21/EB55-8514/.
cp: error writing '/media/bjh21/EB55-8514/./vmlinuz': No space left on device

I deleted the partition from the SD card, created a bigger one, and 
installed the contents of the partition image and the vmlinuz file 
referenced above.  This booted successfully.


The first question was a little odd, asking me to select a language for 
the installation process, with a choice between "English" and "C".  There 
wasn't any clear explanation of what "C" meant.


Thereafter, everything went well until the reboot after installation. 
First, the console started emitting "C" characters a few times per second, 
which makes me think of XMODEM.  Maybe I accidentally typed something at 
the wrong moment while putting the MicroSD card away.  Anyway, afterwards 
the GNOME 

Bug#862922: aptitude: [INTL:nl] Dutch po file for the aptitude package

[Manuel A. Fernandez Montecelo]

Control: tags -1 + pending


2017-05-18 20:18 Frans Spiesschaert:



Package: aptitude
Severity: wishlist
Tags: l10n patch


Dear Maintainer,

==
Please find attached the updated Dutch po file for the aptitude package.
It has been submitted for review to the debian-l10n-dutch mailing list.
Please add it to your next package revision.
It should be put as "po/nl.po" in your package build tree.
===


Applied, thanks.



--
Manuel A. Fernandez Montecelo 

Bug#862934: ITP: slick-greeter -- slick-looking LightDM greeter

[foss.freedom]

Package: wnpp
Severity: wishlist

Owner: David Mohammed 

Package name: slick-greeter
Version: 1.0.3
Upstream Author : Clement Lefebvre 
URL: https://github.com/linuxmint/slick-greeter/
License: GPL 3+
Programming Lang: Vala
Description: Slick-looking LightDM greeter
 Slick-Greeter is cross-distribution and should work pretty much
 anywhere.
 .
 All panel applets are embedded. No external indicators are launched or
 loaded by the greeter.
 .
 No settings daemon are launched or loaded by the greeter.
 .
 This greeter supports HiDPI.
 .
 Sessions are validated. If a default/chosen session isn't present on
 the system, the greeter scans for known sessions in
 /usr/share/xsessions and replaces the invalid session choice with a
 valid session.
 .
 You can take a screenshot by pressing PrintScrn. The screenshot is
 saved in /var/lib/lightdm/Screenshot.png.
 .
 Slick Greeter started as a fork of Unity Greeter 16.04.2, a greeter
 developed for Ubuntu by Canonical, which used indicators and
 unity-settings-daemon.

Bug#862917: Warzone 2100 3.2 campaign is buggy and unplayable. Debian should package version 3.1 until this is resolved

[Markus Koschany]

Am 18.05.2017 um 19:35 schrieb Evgeny Kapun:
> Package: warzone2100
> Version: 3.2.1-2
> Severity: important
> 
> Starting from version 3.2, campaign scripts in Warzone 2100 are being
> rewritten in JavaScript [1]. As a result, they now have lots of bugs
> (some examples: [2], [3], [4]), making the campaign more or less
> unplayable.
> 
> Because the developers are not very active in fixing those bugs, and
> because the new version doesn't offer any significant advantages to
> players, I think that Debian should stick to version 3.1 until the
> situation improves.
> 
> [1] https://forums.wz2100.net/viewtopic.php?f=35=11872
> [2] https://developer.wz2100.net/ticket/4541
> [3] https://developer.wz2100.net/ticket/4549
> [4] https://developer.wz2100.net/ticket/4565


It is far too late now to revert to version 3.1 in Debian Stretch and we
will release with 3.2.1. Apparently those bugs were reported against
3.2.2, so perhaps Debian's version is not affected but I haven't tested
it yet. Normally we would have received a concrete bug report by now
though. We could also do a point release to fix specific bugs in Stretch
if the patches are not too intrusive. At the moment I am not aware of
any severe campaign bugs.

As for packaging new upstream releases: We could use a helping hand with
warzone2100, someone who is interested in properly maintaining the
package. As it stands for now, only severe bugs will be addressed in the
future and hopefully we get a new version into Buster but that's not for
certain.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#862933: ITP: gmailfeed -- A plasmoid for notification and listing unread emails from your Gmail inbox

[Nicholas D Steeves]

Package: wnpp
Severity: wishlist
Owner: Nicholas D Steeves 

* Package name: gmailfeed
  Version : 1.1
  Upstream Author : Anthony Vital 
* URL : https://github.com/anthon38/gmailfeed
* License : GPL-3
  Programming Lang: C++
  Description : A plasmoid for the notification and listing of unread 
emails from your Gmail inbox

Gmail Feed is a plasmoid for Plasma 5. It provides a list of unread
emails from your Gmail inbox. You also get notified when you receive
new messages.

--

To the best of my knowledge there is not yet a plasmoid in the archive
that provides equivalent functionality.  While most KDE users probably
use KMail or Thunderbird, and with KDE5/Plasma Desktop can receive new
email notification from an Android Phone, or allow their browser to
display desktop notifications, I believe that it is useful to provide
an applet such as this--particularly for memory-constrained systems
where productivity is negatively affected by keeping a desktop email
client running.

Things I haven't yet investigated about this package:
  1. Does it support kwallet?
  2. Does it use the IMAP interface and/or OAuth 2.0?
  3. Does it support GMail labels.
  - eg: Are the nofications/lists for IMAP INBOX or for "Primary"
  4. If it supports GMail labels, are they configurable?

I believe that it would probably be best to maintain it as part of the
pkg-KDE team; however, I am not yet part of this team.  Please CC this
bug when replying.  Failing that, I would use a git project in
collab-maint.

In terms of priority/timeline it will be at least a month or two before I have 
the time to package this.

Cheers,
Nicholas

Bug#859867: [buildd-tools-devel] Bug#859867: Please add a package which automatically configures sbuild for Debian packaging

[Michael Stapelberg]

Sorry for the late reply.

On Tue, Apr 11, 2017 at 10:39 AM, Johannes Schauer  wrote:

> Hi,
>
> Quoting Michael Stapelberg (2017-04-08 11:28:12)
> > One area where sbuild sorely lacks is configuration, though: pbuilder is
> very
> > easy to set up, whereas sbuild requires reading through
> > https://wiki.debian.org/sbuild, performing a bunch of steps, only to
> end up
> > with a setup which works fine for unstable, but seems very clumsy when
> > building packages for experimental or backports.
> >
> > One solution to this issue that I can see is to add a new binary
> > package to src:sbuild which — possibly after a brief debconf prompt —
> > performs all the necessary steps to end up with a setup that just
> > works.
> >
> > What are your thoughts on this? Would patches be welcome to add such a
> > package?
>
> patches totally welcome! :D
>

Cool! I’ll see if I can whip up such a package by working through the wiki
page.


>
> This is a nice idea!
>
> Maybe these packages could be named sbuild-backend-${foo} where $foo is the
> respective backend? At first, a package sbuild-backend-schroot would be
> cool
> because schroot is the default backend. It would be nice if that would set
> up
> sbuild schroots for stable-backports, unstable and experimental. Maybe that
> package should also install and activate cron-jobs to regularly update
> those
> schroots?
>

Which other backends even are there, and do we really need to offer our
users that choice, when we’re talking about a package with sane defaults
for people who prefer not to make these choices right now? :)


>
> What irks me is, that this setup would be Debian specific. It doesn't make
> much
> sense for Debian's downstreams to have have schroots for Debian. Maybe the
> distribution name should be part of the package name? Or maybe it should be
> easy for downstreams that care to override the set of distributions the
> schroots are created for?
>

Putting Debian into the package name seems reasonable.

How about sbuild-debian-dev-setup?

I originally thought of sbuild-debian-setup, but it could be confused to
mean “a setup which reflects Debian’s official setup”, i.e. the buildds.

The “setup” suffix to me conveys that this package offers only
configuration, not new software. Perhaps there’s a more idiomatic term for
that in Debian?


>
> Thanks!
>
> cheers, josch
>



-- 
Best regards,
Michael

Bug#862580: Winbind crashes on ssh login of a domain user.

[Christian Meyer]

Okay, since it's a winbind bug, some more winbind related information:
This is a reproducible bug and a regression from jessie to stretch.
Please fix it before the release of stretch.

As a "workaround": After login as a local user you can successfull login
as a domain user for some time. When you wait too long winbind crashes
again on login.

I'm using
   idmap config * : backend = tdb
   idmap config * : range = 11000-2
   winbind enum groups = yes
   winbind enum users = yes
   winbind use default domain = yes
   winbind refresh tickets = yes

and my "log level = 2 winbind:3" log reports a winbindd_sig_term for a
failed ssh-login.
The log says:

[2017/05/18 10:22:54.102583,
3] ../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[2017/05/18 10:22:54.102670,
3] ../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
[2017/05/18 10:22:54.102796,
3] ../source3/winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
[2017/05/18 10:22:54.243679,
3] ../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[2017/05/18 10:22:54.243765,
3] ../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
[2017/05/18 10:22:54.243851,
3] ../source3/winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
[2017/05/18 10:22:54.288895,
3] ../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[2017/05/18 10:22:54.289037,
3] ../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
[2017/05/18 10:22:54.289157,
3] ../source3/winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
[2017/05/18 10:22:54.365699,
0] ../source3/winbindd/winbindd.c:279(winbindd_sig_term_handler)
[2017/05/18 13:22:54.031839,
0] ../source3/winbindd/winbindd.c:279(winbindd_sig_term_handler)
[2017/05/18 13:22:54.090085,
2] ../source3/param/loadparm.c:314(max_open_files)
[2017/05/18 13:22:54.090436,
2] ../source3/lib/interface.c:345(add_interface)
[2017/05/18 13:22:54.090511,
2] ../source3/lib/interface.c:345(add_interface)
[2017/05/18 13:22:54.093370,
0] ../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache)
[2017/05/18 13:22:54.096237,
2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
[2017/05/18 13:22:54.096281,
2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
[2017/05/18 13:22:54.096374,
2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
[2017/05/18 13:22:54.096426,
2] ../source3/lib/tallocmsg.c:56(register_msg_pool_usage)
[2017/05/18 13:22:54.096486,
2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
[2017/05/18 13:22:54.097043,
0] ../lib/util/become_daemon.c:124(daemon_ready)
[2017/05/18 13:22:54.146436,
3] ../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[2017/05/18 13:22:54.146508,
3] ../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
[2017/05/18 13:22:54.146564,
3] ../source3/winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
[2017/05/18 13:22:54.312783,
3] ../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[2017/05/18 13:22:54.312852,
3] ../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
[2017/05/18 13:22:54.312942,
3] ../source3/winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
[2017/05/18 13:22:54.386732,
3] ../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[2017/05/18 13:22:54.386829,
3] ../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
[2017/05/18 13:22:54.386966,
3] ../source3/winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
[2017/05/18 13:22:54.400652,
0] ../source3/winbindd/winbindd.c:279(winbindd_sig_term_handler)
[2017/05/18 13:22:54.449974,
2] ../source3/param/loadparm.c:314(max_open_files)
[2017/05/18 13:22:54.450316,
2] ../source3/lib/interface.c:345(add_interface)
[2017/05/18 13:22:54.450392,
2] ../source3/lib/interface.c:345(add_interface)
[2017/05/18 13:22:54.452112,
0] ../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache)
[2017/05/18 13:22:54.453401,
2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
[2017/05/18 13:22:54.453443,
2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
[2017/05/18 13:22:54.453483,
2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
[2017/05/18 13:22:54.453525,
2] ../source3/lib/tallocmsg.c:56(register_msg_pool_usage)
[2017/05/18 13:22:54.453541,
2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
[2017/05/18 13:22:54.454603,
0] ../lib/util/become_daemon.c:124(daemon_ready)
[2017/05/18 13:22:54.659064,
3] ../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[2017/05/18 13:22:54.659149,
3] ../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
[2017/05/18 13:22:54.659240,
3] ../source3/winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
[2017/05/18 13:22:54.788824,
3] ../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[2017/05/18 13:22:54.788904,
3] 

Bug#857573: Processed: Re: systemd: Raise network interfaces fails to stop cleanly on shutdown/reboot

[Michael Biebl]

Am 18.05.2017 um 10:32 schrieb Christoph Biedl:
> Michael Biebl wrote...
> 
>> To mark as mountpoint as network mount, there is the _netdev mount
>> option.
> 
> While I can confirm this provides a sane and safe shutdown for a mounted
> AoE-device, this works only if the device was initially mounted using
> that extra option. A later "mount -o remount,_netdev" exits zero but
> does not change /proc/mounts, hence resulting in havoc. If you could
> shed some light on this?
> 
>> See man systemd.mount. systemd tries to autodetect that for
>> various network file systems
>>
>> https://github.com/systemd/systemd/blob/master/src/fstab-generator/fstab-generator.c#L164
>>
>> https://github.com/systemd/systemd/blob/master/src/basic/mount-util.c#L516
> 
> As a suggestion (probably too late for stretch), an extension of that
> check could inspect the device name as well, to detect AoE, NBD and even
> iSCSI devices - the latter probably needs some extra magic.

That sounds like a reasonable request if those mount points can be
detected reliably.
Would you mind filing an upstream bug report that at
https://github.com/systemd/systemd/issues

I personally have no experience with AoE

Regards,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#862932: ferret-vis: ppl and font directories not recognised

[Marco van Hulten]

Package: ferret-vis
Version: 7.0-2
Severity: normal

Dear maintainer,

I have installed `ferret-vis` on stretch, set several `FER_*` paths and ran the
program.  The program runs and I can load a dataset.  However, when I try to
plot something from the dataset, the program crashes:

```
marco@graviton ~ $ set | grep FER_
FER_DATA=/usr/share/ferret-vis/data
FER_DESCR=/usr/share/ferret-vis/descr
FER_DIR=/usr/share/ferret-vis
FER_DSETS=/usr/share/ferret-vis/data
FER_FONTS=/usr/share/ferret-vis/ppl/fonts
FER_GO=/usr/share/ferret-vis/jnls
FER_GRIDS=/usr/share/ferret-vis/grids
FER_PALETTE=/usr/share/ferret-vis/ppl
marco@graviton ~ $ ls -l ${FER_DATA}/levitus_climatology.cdf 
-rw-r--r-- 1 root root 10373712 Dec 25 10:51 
/usr/share/ferret-vis/data/levitus_climatology.cdf
marco@graviton ~ $ ls -l ${FER_FONTS}/fondat.dat
-rw-r--r-- 1 root root 1234 Dec 25 10:51 
/usr/share/ferret-vis/ppl/fonts/fondat.dat
marco@graviton ~ $ ls -l ${FER_PALETTE}/default.spk
ls: cannot access '/usr/share/ferret-vis/ppl/default.spk': No such file or 
directory
marco@graviton ~ $ ls ${FER_PALETTE}/
fonts
marco@graviton ~ $ ferret_c 
NOAA/PMEL TMAP
FERRET v7.01 (optimized)
Linux 4.8.0-2-amd64 - 12/25/16
18-May-17 21:37 

yes? use levitus_climatology
yes? shade temp[k=1]

 PPL+ error: Unable to read "default.spk" to set shade and fill colors.


 PPL+ error: Unable to read "default.spk" to set shade and fill colors.

   *** NOTE: Fonts directory is undefined. Check the Ferret environment.
 **ERROR: file undefined or not found: fondat.dat
```

As you can see, I have set $FER_DATA, $FER_PALETTE and $FER_FONTS (amongst
other variables).  Indeed there is no problem with $FER_DATA and the file that
I try to load.  However, the file `default.spk` (amongst other files typically
part of a Ferret installation) is missing from $FER_PALETTE.  And then the
$FER_FONTS directory does contain `fondat.dat` but Ferret thinks otherwise.

Note that I run plain ferret (through `ferret_c`); so far I've never used
pyferret.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=eo.utf8, LC_CTYPE=eo.utf8 (charmap=UTF-8) (ignored: LC_ALL set to 
en_GB.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ferret-vis depends on:
ii  libc6   2.24-10
ii  libgfortran36.3.0-16
ii  libnetcdf11 1:4.4.1.1-2
ii  libnetcdff6 4.4.4+ds-2
ii  libreadline77.0-2
ii  libx11-62:1.6.4-3
ii  libxgks22.6.1+dfsg.2-4+b1
ii  tcsh [c-shell]  6.20.00-7

Versions of packages ferret-vis recommends:
ii  ferret-datasets  7.0-2
ii  python-ferret7.0.0-2
ii  python3-ferret   7.0.0-2

ferret-vis suggests no packages.

-- no debconf information

Bug#862930: RFS: node-big-integer/1.6.22-1 [ITP]

[Pierre Rudloff]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "node-big-integer"

 * Package name: node-big-integer
   Version : 1.6.22-1
   Upstream Author : Peter Olson 
 * URL : https://github.com/peterolson/BigInteger.js
 * License : Unlicense
   Section : web

It builds those binary packages:

  node-big-integer - Arbitrary length integer library for Javascript

To access further information about this package, please visit the 
following URL:


https://mentors.debian.net/package/node-big-integer


Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/n/node-big-integer/node-big-integer_1.6.22-1.dsc


Regards,

Bug#862931: RM: openjdk-6/experimental -- RoQA; obsolete

[Moritz Muehlenhoff]

Package: ftp.debian.org
Severity: normal

Hi,
please remove openjdk-6. It was already removed from unstable, but still
in experimental to stage uploads for Debian LTS and Ubuntu precise. Support
for precise has now ended and Wheezy LTS moved to openjdk-7, so it can
be removed now. (This ws discussed with Matthias on IRC)

Cheers,
Moritz

Bug#862929: CVE-2016-10371

[Moritz Muehlenhoff]

Source: tiff
Severity: important
Tags: security

Hi,
please see
http://bugzilla.maptools.org/show_bug.cgi?id=2535
http://bugzilla.maptools.org/show_bug.cgi?id=2612

Patch is here:
https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d

Cheers,
Moritz
 

Bug#862928: openvpn: systemd redirect impacts restart and init script functionality and should be disabled of fixed

[Teco Boot]

Package: openvpn
Version: 2.3.4-5+deb8u1
Severity: important
Tags: patch

Dear Maintainer,

   * What led up to the situation?
Restart of openvpn daemon failed, caused by "Address already in use"
See OpenVPN ticket #891


   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Problem has to do with systemd. Daemon is stopped and started immediately, 
while openvpn was not finished with its shutdown.
The start fails because the management socket is still open.
The init script has protection for this problem, with sleep (old days) or 
start-stop-daemon in current init script.
But systemd stops and starts in aggressive mode. So it hits this open socket.


   * What was the outcome of this action?
As a work-around, I suppressed the systemd redirect by inserting the following:

--- openvpn 2017-05-17 22:05:22.209221894 +0200
+++ openvpn.new 2017-05-18 22:30:05.587801865 +0200
@@ -20,6 +20,9 @@
 # Modified for openvpn by Alberto Gonzalez Iniesta 
 # Modified for restarting / starting / stopping single tunnels by Richard 
Mueller 
 
+# Let systemd not intercept this script
+# Needed for restart (openvpn#891) and other init script functionality
+_SYSTEMCTL_SKIP_REDIRECT=1
 . /lib/lsb/init-functions
 
 test $DEBIAN_SCRIPT_DEBUG && set -v -x


With this patch, the init script is not interupted by systemd.
Tested with:
 - reboot
 - systemctl restart openvpn
 - /etc/init.d/openvn restart
 - service openvpn restart



   * What outcome did you expect instead?
Restart should work.



-- System Information:
Debian Release: 8.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  init-system-helpers1.22
ii  initscripts2.88dsf-59
ii  iproute2   3.16.0-2
ii  libc6  2.19-18+deb8u9
ii  liblzo2-2  2.08-1.2
ii  libpam0g   1.1.8-3.1+deb8u2
ii  libpkcs11-helper1  1.11-2
ii  libssl1.0.01.0.1t-1+deb8u6

Versions of packages openvpn recommends:
ii  easy-rsa  2.2.2-1

Versions of packages openvpn suggests:
ii  openssl 1.0.1t-1+deb8u6
pn  resolvconf  

-- Configuration Files:
/etc/default/openvpn changed [not included]

-- debconf information excluded

Bug#809066: tiff: CVE-2015-7554

[Moritz Muehlenhoff]

On Thu, May 18, 2017 at 09:09:11PM +0200, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Thu, May 18, 2017 at 08:12:50PM +0200, László Böszörményi (GCS) wrote:
> > Hi Moritz,
> > 
> > On Thu, May 18, 2017 at 7:36 PM, Moritz Muehlenhoff  wrote:
> > > On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
> > >> Source: tiff
> > >> Version: 4.0.5-1
> > >> Severity: important
> > >> Tags: security upstream
> > >>
> > >> the following vulnerability was published for tiff.
> > >>
> > >> CVE-2015-7554[0]:
> > >> invalid write
> > >
> > > I'm attaching the patch used by Red Hat for RHEL. It doesn't
> > > seem to have been sent upstream, but seems sane.
> >  I miss the patch, did you attach it?
> 
> This one should basically correspond:

Ack that's the correct patch, sorry.

Cheers,
Moritz

Bug#797931: 7779

[阿正]

Bug#862927: gnat (GCC 7) fails to build on m68k

[Matthias Klose]

Package: src:gcc-7-cross-ports
Version: 1

Trying to build a gnat m68k cross compiler fails with:

/home/packages/cross/7/p/gcc-7-cross-ports-1/gcc/build/./gcc/xgcc
-B/home/packages/cross/7/p/gcc-7-cross-ports-1/
gcc/build/./gcc/ -B/usr/m68k-linux-gnu/bin/ -B/usr/m68k-linux-gnu/lib/ -isystem
/usr/m68k-linux-gnu/include -isys
tem /usr/m68k-linux-gnu/sys-include -isystem
/home/packages/cross/7/p/gcc-7-cross-ports-1/gcc/build/sys-include
  -c -g -O2   -W -Wall -gnatpg -nostdinc   s-maccod.ads -o s-maccod.o
s-maccod.ads:36:15: violation of No_Elaboration_Code_All at line 37
s-maccod.ads:36:15: unit "System" does not have No_Elaboration_Code_All
../gcc-interface/Makefile:311: recipe for target 's-maccod.o' failed
make[9]: *** [s-maccod.o] Error 1
make[9]: Leaving directory
'/home/packages/cross/7/p/gcc-7-cross-ports-1/gcc/build/gcc/ada/rts'
gcc-interface/Makefile:2748: recipe for target 'gnatlib' failed
make[8]: *** [gnatlib] Error 2
make[8]: Leaving directory
'/home/packages/cross/7/p/gcc-7-cross-ports-1/gcc/build/gcc/ada'
gcc-interface/Makefile:2836: recipe for target 'gnatlib-shared-dual' failed
make[7]: *** [gnatlib-shared-dual] Error 2
make[7]: Leaving directory
'/home/packages/cross/7/p/gcc-7-cross-ports-1/gcc/build/gcc/ada'
gcc-interface/Makefile:2932: recipe for target 'gnatlib-shared' failed
make[6]: *** [gnatlib-shared] Error 2
make[6]: Leaving directory
'/home/packages/cross/7/p/gcc-7-cross-ports-1/gcc/build/gcc/ada'
Makefile:113: recipe for target 'gnatlib-shared' failed
make[5]: *** [gnatlib-shared] Error 2
make[5]: Leaving directory
'/home/packages/cross/7/p/gcc-7-cross-ports-1/gcc/build/m68k-linux-gnu/libada'
Makefile:14110: recipe for target 'all-target-libada' failed
make[4]: *** [all-target-libada] Error 2

Bug#831360:

[阿正]

Bug#862926: RFS: fonts-firacode/1.204-2~bpo8+1

[Pierre Rudloff]

Package: sponsorship-requests
Severity: normal [important for RC bugs, wishlist for new packages]

Dear mentors,

I am looking for a sponsor for my package "fonts-firacode"

 * Package name: fonts-firacode
   Version : 1.204-2~bpo8+1
   Upstream Author : Nikita Prokopov
 * URL : https://github.com/tonsky/FiraCode
 * License : OFL-1.1
   Section : fonts

It builds those binary packages:

  fonts-firacode - Monospaced font with programming ligatures

To access further information about this package, please visit the 
following URL:


https://mentors.debian.net/package/fonts-firacode


Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/contrib/f/fonts-firacode/fonts-firacode_1.204-2~bpo8+1.dsc


Changes since the last upload:
 * Rebuild for jessie-backports.

Regards,

Bug#831360: /usr/bin/lush must not link libbfd-*-system.so dynamically

[阿正]

On Fri, 15 Jul 2016 00:06:18 +0200 Helmut Grohne  wrote:
> Package: lush
> Version: 1.2.1-9+cvs20110227+nmu1+b4
> Severity: grave
>
> /usr/bin/lush currently links libbfd dynamically. Since binutils 2.26.1,
> that library went away but lush's dependency is still satisfied
> resulting in a broken binary. Dynamically linking libbfd is not allowed
> (see package description of binutils-dev).
>
> Helmut
>
>

Bug#862051: nodejs-legacy: possibly drop this package, now that ax25-node has been removed?

[Jérémy Lal]

Package: nodejs-legacy
Version: 6.10.2~dfsg-1
Followup-For: Bug #862051

I would love to do that, but the reason behind the rename came from
https://bugs.debian.org/614907.

Feel free to ask TC to find a new solution.

Jérémy

Bug#862925: python2.7: Python not compiled with -fexceptions in ppc64le

[Bruno Rosa]

Package: python2.7
Version: 2.7.13-2
Severity: normal
Tags: upstream

Dear Maintainer,

Pytorch (https://github.com/pytorch/pytorch) is an application that is
written in python, C and C++. There's high interoperalibity between code
written in these languages therex.

The issue is that there are cases when an exception is thrown by C++
code that subsequentely calls some C code before being caught.

In ppc64le builds, without the -fexceptions gcc flag, such exceptions
are not caught when the execution returns to C++ code from C code. This
makes some Pytorch tests fail.

Compiling CPython with -fexceptions seems to solve this issue.

-- System Information:
Debian Release: 9.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: ppc64el (ppc64le)

Kernel: Linux 3.16.0-4-powerpc64le (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python2.7 depends on:
ii  libpython2.7-stdlib  2.7.13-2
ii  mime-support 3.60
ii  python2.7-minimal2.7.13-2

python2.7 recommends no packages.

Versions of packages python2.7 suggests:
ii  binutils   2.28-5
pn  python2.7-doc  

-- no debconf information

Bug#861686: unblock: openssl/1.1.0e-2

[Sebastian Andrzej Siewior]

On 2017-05-07 16:39:00 [+], Niels Thykier wrote:
> Sebastian Andrzej Siewior:
> > uploaded and built on all releases architectures.
> 
> Ack/RT unblock, CC'ing KiBi for a d-i ack.

I don't want to rush or anything but in case it got forgotten, we are
still waiting for the d-i ack.

> Thanks,
> ~Niels

Sebastian

Bug#862398: [pkg-gnupg-maint] Bug#862398: build wks client and server tools

[Daniel Kahn Gillmor]

Hi Stefan--

On Thu 2017-05-18 18:37:04 +0200, Stefan Bühler wrote:
> There are a lot of manpages in debian/* - so it looks to me like
> upstream isn't really interested in maintaining them.  If upstream isn't
> maintaining them, it might be easier to keep them in debian.

these are specific to the debian package:

migrate-pubring-from-classic-gpg.1
gpgv-static.1

but these should probably be upstreamed, you're right (unless we want to
drop some of these tools):

gpg-check-pattern.1
gpgsplit.1
gpg-zip.1
kbxutil.1
lspgpot.1

> Does upstream know about these at least? I'm not against getting them
> upstream, I'm just not sure whether it is worth my time.

that makes sense -- whose time is it worth? :) at some point Someone™
will need to push them all upstream.  But i wouldn't want that to block
your contributions here.

I'll take a look at importing your patches, the latest round looks
pretty reasonable.

thanks for persevering!

   --dkg


signature.asc
Description: PGP signature

Bug#858031: Please make volume id for netinst different from DVD

[Guido Günther]

On Thu, May 18, 2017 at 08:31:18AM +0200, Thomas Schmitt wrote:
> Hi,
> 
> Guido Günther wrote:
> > > Volume id: Debian stretch-DI-rc2 amd64 1
> > > [...]
> > > >If the netinst variant would contain netinst or similar
> 
> Steve McIntyre wrote:
> > I understand, yes. The problem we have is that the volume ID is very
> > limited in space available. We've run out... :-/ 
> 
> How about replacing the volume number "1" by "n" ?

That would be great!
Cheers,
 -- Guido

> 
>   Debian stretch-DI-rc2 amd64 n
> 
> 
> Above volume id leaves room for three more characters (the Joliet limit
> has been exceeded by 13, already). If the architecture name gets longer
> than 8 characters or the Toystory name gets longer than 10, then the
> naming scheme does not fit into the Volume Id field of the PVD.
> 
> The kfreebsd-amd64 ISOs have an abbreviated arch name in their volume id:
>   Debian 7.9.0 f-amd64 1
> Mr. Pricklepants is still waiting to get chosen as release name.
> 
> 
> An obvious possibility to densify the id text is to give up the cute names
> and to use release numbers instead. Like:
> 
>   Debian 9-DI-rc2 amd64 n
> 
> 
> Have a nice day :)
> 
> Thomas
> 

Bug#862914: nmu: veusz_1.21.1-1

[Adrian Bunk]

On Thu, May 18, 2017 at 07:00:00PM +, Niels Thykier wrote:
> Control: block -1 by 831860
> 
> Adrian Bunk:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: binnmu
> > 
> > nmu veusz_1.21.1-1 . ANY . unstable . -m "rebuild with sip-api-11.3"
> > nmu python-poppler-qt4_0.24.0-1 . ANY . unstable . -m "rebuild with 
> > sip-api-11.3"
> > 
> > See #831860 for background.
> > 
> 
> Thanks,
> 
> If I read this correctly, we should wait with carrying these binNMUs out
> until #831860 has been fixed, so we are sure that the rebuilds depends
> on the correct sip API.

They will get the latest API automatically when rebuilt.

> Thanks,
> ~Niels

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#862923: po4a: [INTL:nl] Dutch po file for the po4a package

[Martin Quinson]

package: po4a
tag 862923 fixed-upstream pending
thanks

Hello,

I just commited your work in the tree, many thanks. It will be part of
the next release, which should occure soon after the Debian release.

Thanks again,
Mt.

On Thu, May 18, 2017 at 08:19:40PM +0200, Frans Spiesschaert wrote:
>  
> 
> Package: po4a 
> Severity: wishlist 
> Tags: l10n patch 
>  
> 
> Dear Maintainer, 
>  
> == 
> Please find attached the updated Dutch po file for the po4a package. 
> It has been submitted for review to the debian-l10n-dutch mailing list. 
> Please add it to your next package revision. 
> It should be put as "po/nl.po" in your package build tree. 
> === 
>  
> 
> -- 
> Regards,
> Frans
> 





-- 
I'm not griping, I'm just observing what a miserable experience this is.
--- Calvin


signature.asc
Description: PGP signature

Bug#809066: tiff: CVE-2015-7554

[Salvatore Bonaccorso]

Hi,

On Thu, May 18, 2017 at 08:12:50PM +0200, László Böszörményi (GCS) wrote:
> Hi Moritz,
> 
> On Thu, May 18, 2017 at 7:36 PM, Moritz Muehlenhoff  wrote:
> > On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
> >> Source: tiff
> >> Version: 4.0.5-1
> >> Severity: important
> >> Tags: security upstream
> >>
> >> the following vulnerability was published for tiff.
> >>
> >> CVE-2015-7554[0]:
> >> invalid write
> >
> > I'm attaching the patch used by Red Hat for RHEL. It doesn't
> > seem to have been sent upstream, but seems sane.
>  I miss the patch, did you attach it?

This one should basically correspond:

https://git.centos.org/raw/rpms!libtiff/1ad9335dc0c1325262c62842eda01476243ec821/SOURCES!libtiff-CVE-2015-7554.patch

Regards,
Salvatore
diff -pur tiff-4.0.4/tools/tiffsplit.c tiff-4.0.4_patch/tools/tiffsplit.c
--- tiff-4.0.4/tools/tiffsplit.c	2015-05-28 15:10:26.0 +0200
+++ tiff-4.0.4_patch/tools/tiffsplit.c	2016-02-12 19:15:30.532005041 +0100
@@ -179,8 +179,9 @@ tiffcp(TIFF* in, TIFF* out)
 		TIFFSetField(out, TIFFTAG_JPEGTABLES, count, table);
 		}
 	}
+	uint32 count = 0;
 CopyField(TIFFTAG_PHOTOMETRIC, shortv);
-	CopyField(TIFFTAG_PREDICTOR, shortv);
+	CopyField2(TIFFTAG_PREDICTOR, count, shortv);
 	CopyField(TIFFTAG_THRESHHOLDING, shortv);
 	CopyField(TIFFTAG_FILLORDER, shortv);
 	CopyField(TIFFTAG_ORIENTATION, shortv);
@@ -188,7 +189,7 @@ tiffcp(TIFF* in, TIFF* out)
 	CopyField(TIFFTAG_MAXSAMPLEVALUE, shortv);
 	CopyField(TIFFTAG_XRESOLUTION, floatv);
 	CopyField(TIFFTAG_YRESOLUTION, floatv);
-	CopyField(TIFFTAG_GROUP3OPTIONS, longv);
+	CopyField2(TIFFTAG_GROUP3OPTIONS, count, longv);
 	CopyField(TIFFTAG_GROUP4OPTIONS, longv);
 	CopyField(TIFFTAG_RESOLUTIONUNIT, shortv);
 	CopyField(TIFFTAG_PLANARCONFIG, shortv);

Bug#861282: changes merged upstream

[Matthew Hooker]

Hi All,

The original patch should not be used in any distributed version of packer.
A complete fix has been merged into packer master. Please double check the
complete patch here https://github.com/hashicorp/packer/pull/4900

Thanks,
--Matt Hooker

Bug#817837: closed by Jonathan McDowell <nood...@earth.li> (Bug#817837: fixed in l2tpns 2.2.1-2)

[Jonathan McDowell]

On Sun, May 14, 2017 at 09:15:50PM +0300, Adrian Bunk wrote:
> On Tue, Jul 05, 2016 at 10:09:57AM +, Debian Bug Tracking System wrote:
> >...
> >  l2tpns (2.2.1-2) unstable; urgency=low
> >  .
> >* Fix log buffer overrun, thanks to Dave Reeve (closes: #817837)
> >...
> 
> Hi Jonathan,
> 
> thanks a lot for fixing this bug for stretch.
> 
> It is still present in jessie, could you also fix it there?
> Alternatively, I can fix it for jessie if you don't object.

I had avoided fixing it on jessie because it wasn't clear to me it would
be permitted by the stable-release masters, and there had been little
indication there was active use of the package (I'm planning to have it
removed post stretch as no one has stepped up to my intent to orphan
it). If you want to take the package over entirely you're more than
welcome to do so.

J.

-- 
Web [Know Thy User.]
site: http:// [  ]   Made by
www.earth.li/~noodles/  [  ] HuggieTag 0.0.24

Bug#862914: nmu: veusz_1.21.1-1

[Niels Thykier]

Control: block -1 by 831860

Adrian Bunk:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> 
> nmu veusz_1.21.1-1 . ANY . unstable . -m "rebuild with sip-api-11.3"
> nmu python-poppler-qt4_0.24.0-1 . ANY . unstable . -m "rebuild with 
> sip-api-11.3"
> 
> See #831860 for background.
> 

Thanks,

If I read this correctly, we should wait with carrying these binNMUs out
until #831860 has been fixed, so we are sure that the rebuilds depends
on the correct sip API.

Thanks,
~Niels

Bug#862923: po4a: [INTL:nl] Dutch po file for the po4a package

[Frans Spiesschaert]

 

Package: po4a 
Severity: wishlist 
Tags: l10n patch 
 

Dear Maintainer, 
 
== 
Please find attached the updated Dutch po file for the po4a package. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as "po/nl.po" in your package build tree. 
=== 
 

-- 
Regards,
Frans



nl.po.gz
Description: application/gzip


signature.asc
Description: This is a digitally signed message part

Bug#862922: aptitude: [INTL:nl] Dutch po file for the aptitude package

[Frans Spiesschaert]

 

Package: aptitude 
Severity: wishlist 
Tags: l10n patch 
 

Dear Maintainer, 
 
== 
Please find attached the updated Dutch po file for the aptitude package. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as "po/nl.po" in your package build tree. 
=== 
 

-- 
Met vriendelijke groet,
Frans Spiesschaert



nl.po.gz
Description: application/gzip


signature.asc
Description: This is a digitally signed message part

Bug#862920: traildb: FTBFS (32-bit): __uint128_t not defined

[Aaron M. Ucko]

Source: traildb
Version: 0.6+dfsg1-1
Severity: important
Tags: upstream
Justification: fails to build from source

Builds of traildb for 32-bit architectures such as i386 have been failing:

  checking for __uint128_t... no
  configure: error: __uint128_t not defined

Ideally, traildb would be able to make do without this type.  However,
if it can't, please restrict its Architecture: field accordingly.  (I
think x32 might be a special case here, so I'd try allowing it for now.)

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#862921: RFP: epub-tools -- A suite of command-line utilities for creating and manipulating epub book files.

[David Bremner]

Package: wnpp
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: epub-tools
  Version : 2.10
  Upstream Author : Dino Morelli 
  URL : https://hub.darcs.net/dino/epub-tools
* License : BSD3
  Programming Lang: Haskell
  Description : A suite of command-line utilities for creating and 
manipulating epub book files.

epubmeta is a command-line utility for examining and editing epub book
metadata. With it you can export, import and edit the raw OPF Package
XML document for a given book. Or simply dump the metadata to stdout
for viewing in a friendly format.

epubname is a command-line utility for renaming epub ebook files based
on their OPF Package metadata. It tries to use author names and title
info to construct a sensible name.

epubzip is a handy utility for zipping up the files that comprise an
epub into an .epub zip file. Using the same technology as epubname, it
can try to make a meaningful filename for the book.

-BEGIN PGP SIGNATURE-

iQGzBAEBCAAdFiEE3VS2dnyDRXKVCQCp8gKXHaSnniwFAlkd5VAACgkQ8gKXHaSn
niykPgv+OAvP6lB31XAqK02wHrOEggNuqozhykx/otRt4WZ7e2Dl/Vdgi7BZJgQU
iG4O2qOGXd6iZDJZiIBhSrtYVSydh7qBRIToP7RYDpPEV3rkWPQJmr7mSWt4D/TH
rJxTrbiTxqLTmR5y/c5aI0HmrPdqrDprdFNG1xYsTSAp/jGjMY1fD84sPkmuEBrz
ojFmQv50AWuysajiph/E/zK5Iq+PIeciTgLclTPTn9iCNHvbprf6talqloQlOQS4
4/UBbSDWcAwnwFQ8nlv72fGVbphBFqFuiySHt+CWub/FkD2bo6iT2+E9lqUXhMVb
l2THQD61IPh8qXM8+YQlkmEzjcPyLgBAk/atbG22GWCFO+GAcc9KZLGsHAbIspS0
S0QZeKb+sCqcQd3rh1gzU6YdCBkit223DGPNGRY3teg1mk/c5C354tMxHdFWtvme
C4qEdzBFtzmjrSFYVvr3kGHj5JvE4jS8ajq46oWs+D3Pk8YbBQcV9EXFek0vwuaE
vfar+QTu
=mCvp
-END PGP SIGNATURE-

Bug#809066: tiff: CVE-2015-7554

[GCS]

Hi Moritz,

On Thu, May 18, 2017 at 7:36 PM, Moritz Muehlenhoff  wrote:
> On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
>> Source: tiff
>> Version: 4.0.5-1
>> Severity: important
>> Tags: security upstream
>>
>> the following vulnerability was published for tiff.
>>
>> CVE-2015-7554[0]:
>> invalid write
>
> I'm attaching the patch used by Red Hat for RHEL. It doesn't
> seem to have been sent upstream, but seems sane.
 I miss the patch, did you attach it?

Cheers,
Laszlo/GCS

Bug#862919: traildb: FTBFS on non-x86: emmintrin.h absent

[Aaron M. Ucko]

Source: traildb
Version: 0.6+dfsg1-1
Severity: important
Tags: upstream
Justification: fails to build from source

Builds of traildb on non-x86 architectures have been failing:

  In file included from src/tdb_encode_model.c:22:0:
  src/dsfmt/dSFMT.h:148:25: fatal error: emmintrin.h: No such file or directory

If it is possible to get by without this header, please arrange to use
it (and the intrinsics it declares) only on x86.  (Also, please
conditionalize use of intrinsics on runtime CPU type.)  Otherwise,
please restrict the architecture accordingly, to either

Architecture: any-amd64 any-x32

or

Architecture: any-amd64 any-i386 any-x32

depending on how essential it is to have __uint128_t.

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#862918: New version available upstream: 4.0.2

[Jeffrey Cliff]

Package: libjs-bignumber
Severity: normal
Version: 1.3.0+dfsg-1

Looks like this package hasn't been updated to upstream in quite awihle - 3
major versions have been released since ~2013 where 1.3.1 seems to date
from.

Bug#848834: fails to build stretch image on stretch: systemd-machine-id-setup error

[Daniel Kahn Gillmor]

Control: tags 848834 + moreinfo unreproducible
Control: reassign 848834 docker.io
Control: retitle 848834 fails to build stretch image in stretch docker
Control: affects 848834 debirf

On Mon 2016-12-19 21:29:30 -0500, Antoine Beaupré wrote:
> I have recently tried building a stretch image in a stretch docker
> container. The build aborts with:
>
> I: Unpacking the base system...
> W: Failure trying to run: chroot /tmp/minimal/root dpkg --force-overwrite 
> --force-confold --skip-same-version --install 
> /var/cache/apt/archives/adduser_3.115_all.deb 
> /var/cache/apt/archives/libapparmor1_2.10.95-8_amd64.deb 
> /var/cache/apt/archives/libcryptsetup4_2%3a1.7.3-3_amd64.deb 
> /var/cache/apt/archives/libip4tc0_1.6.0+snapshot20161117-4_amd64.deb 
> /var/cache/apt/archives/libkmod2_23-1_amd64.deb 
> /var/cache/apt/archives/libcap2_1%3a2.25-1_amd64.deb 
> /var/cache/apt/archives/libidn11_1.33-1_amd64.deb 
> /var/cache/apt/archives/libseccomp2_2.3.1-2.1_amd64.deb 
> /var/cache/apt/archives/dmsetup_2%3a1.02.137-1_amd64.deb 
> /var/cache/apt/archives/libdevmapper1.02.1_2%3a1.02.137-1_amd64.deb 
> /var/cache/apt/archives/systemd_232-8_amd64.deb
> W: See /tmp/minimal/root/debootstrap/debootstrap.log for details (possibly 
> the package systemd is at fault)
>
> I attached the complete debootstrap.log.
>
> The container was built with the "debian:testing" image, which is:
>
> Linux 3e139afbcccd 4.7.0-0.bpo.1-amd64 #1 SMP Debian 4.7.8-1~bpo8+1 
> (2016-10-19) x86_64 GNU/Linux
>
>  so fairly new. It's an "official" image, according to this:
>
> https://hub.docker.com/_/debian/
>
> I am assuming the problem is not related to docker, but maybe that
> assumption is flawed as well. To reproduce:
>
> sudo apt-get install docker.io
> sudo adduser $(id -un) docker
> newgrp
> docker run -t -i debian:testing /bin/bash
> apt-get update -qq ; apt-get install -y debirf sudo
> cd /tmp
> tar xfz /usr/share/doc/debirf/example-profiles/minimal.tgz
> sudo -u nobody debirf make minimal

hm, this reproduction step isn't possible in stretch, since docker.io
isn't in stretch.

It's not clear to me why you'd want to run debirf within docker anyway,
since debirf is designed to run as a non-privileged user.  but i tried
it anyway, and i was unable to get past the "docker run" line:

0 dkg@sid:~$ docker run -t -i debian:testing /bin/bash
docker: Error response from daemon: oci runtime error: container_linux.go:247: 
starting container process caused "process_linux.go:359: container init caused 
\"rootfs_linux.go:54: mounting \\\"cgroup\\\" to rootfs 
\\\"/var/lib/docker/overlay2/e0801abba1fcdb2fb6dd685710127b1f797d98a6554e5da427dc2681afe9e1a4/merged\\\"
 at \\\"/sys/fs/cgroup\\\" caused \\\"no subsystem for mount\\\"\"".
125 dkg@sid:~$ 

fwiw, i also think you probably also want to unpack the profile .tgz as
the user that's going to run debirf -- it looks like you're extracting
the tgz as root, and then working in the profile as a non-priv user.

> Justification for severity: I believe this falls in the category of
> "makes the package in question unusable by most or all users" and
> should be marked as "grave". Obviously, I can't test for all users'
> environments and considering I heard reports from the maintainers this
> was working in *sid*, I assume it *must* be working for other
> users. This could be a docker-specific thing, but I actually doubt
> that. So if someone can reproduce on a regular stretch system, this
> should probably be bumped to "grave".

I've done the standard build as a non-root user using the just-uplodaed
0.37 bugfix release, and it works fine, so i'm inclined to say this is a
problem with docker (or perhaps with the docker image for debian
testing? i don't really know how to attribute breakage inside docker
images, but i welcome pointers or help in doing so).

So i've reassigned this bug to docker, since it seems to be peculiar to
that environment, though i'm unable to reproduce it myself because i
can't get docker to behave as you describe.

  --dkg


signature.asc
Description: PGP signature

Bug#862917: Warzone 2100 3.2 campaign is buggy and unplayable. Debian should package version 3.1 until this is resolved

[Evgeny Kapun]

Package: warzone2100
Version: 3.2.1-2
Severity: important

Starting from version 3.2, campaign scripts in Warzone 2100 are being rewritten 
in JavaScript [1]. As a result, they now have lots of bugs (some examples: [2], 
[3], [4]), making the campaign more or less unplayable.

Because the developers are not very active in fixing those bugs, and because 
the new version doesn't offer any significant advantages to players, I think 
that Debian should stick to version 3.1 until the situation improves.

[1] https://forums.wz2100.net/viewtopic.php?f=35=11872
[2] https://developer.wz2100.net/ticket/4541
[3] https://developer.wz2100.net/ticket/4549
[4] https://developer.wz2100.net/ticket/4565

Bug#809066: tiff: CVE-2015-7554

[Moritz Muehlenhoff]

On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
> Source: tiff
> Version: 4.0.5-1
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for tiff.
> 
> CVE-2015-7554[0]:
> invalid write

I'm attaching the patch used by Red Hat for RHEL. It doesn't
seem to have been sent upstream, but seems sane.

Cheers,
Moritz

Bug#861952: libcgi-validop-perl: FTBFS on May 1st (?)

[Santiago Vila]

On Thu, May 18, 2017 at 05:26:00PM +, Niels Thykier wrote:
> gregor herrmann:
>
> > So we might as well remove this package ...
> 
> I would consider that a "fix for stretch" ;)

I am not in a hurry to find a fix either, so this is up to you.

I just want packages in stretch to be buildable any day of the year...

As Chris Lamb would say: If the test fails some days in the year,
does it mean we can't trust the code to be right those days in the year?

Thanks.

Bug#862899: rsync: insufficient escaping/quoting of arguments

[Thorsten Glaser]

Paul Slootman dixit:

>Please try again with the --protect-args option, which is meant for such
>situations.

Ah, new post-2.x… *tries*

No change, this still transfers the entire home directory.
I think it’s meant for something else (I usually do quote
whitespace and so on for remote if necessary).

>BTW, why specify '--rsh=ssh -T', what's wrong with the default?

The default can be anything, including rsh. By specifying this
always, I know that ⓐ ssh is called, ⓑ -T is passed which makes
ssh change its QoS from interactive to bulk, and ⓒ can add -4
or -6 to force the IP protocol version (I recently learnt that
Debian has a local patch to pass -4/-6 from rsync to ssh, but
Debian’s isn’t the only package I use). I always use a wrapper
around rsync calling it like this (incidentally called rcp…).

bye,
//mirabilos
-- 
> Wish I had pine to hand :-( I'll give lynx a try, thanks.

Michael Schmitz on nntp://news.gmane.org/gmane.linux.debian.ports.68k
a.k.a. {news.gmane.org/nntp}#news.gmane.linux.debian.ports.68k in pine

Bug#861952: libcgi-validop-perl: FTBFS on May 1st (?)

[Niels Thykier]

gregor herrmann:
> On Sat, 06 May 2017 11:30:00 +, Niels Thykier wrote:
> 
>> [...]
>>
>> Which looks like it would get this wrong for all months with < 31 days
>> in them on the yesterday.  I have tagged it stretch-ignore, but I am
>> happy to consider a fix for stretch.
> 
> Additional data:
> - popcon vote: 0
> - reverse dependencies: 0
> - last release: 2009 or 2010
> - not on metacpan; search.cpan.org has only older version.
>   http://search.cpan.org/dist/CGI-ValidOp/
> 
> So we might as well remove this package ...
> 
> 
> Cheers,
> gregor
> 

I would consider that a "fix for stretch" ;)

Thanks,
~Niels

Bug#861952: libcgi-validop-perl: FTBFS on May 1st (?)

[gregor herrmann]

On Sat, 06 May 2017 11:30:00 +, Niels Thykier wrote:

> I looked at the code[1] and it has:
> 
> > # Normlize
> > # Unless we are checking the present or yesterday, assume the 
> > biggest day of the month is 28
> > my $maxday = (
> > $time eq 'present' or  
> > ( $time eq 'past' and $vector eq 'day' )
> > ) ? 31 : 28;
> 
> Take the branch that leads to "31" and then:
> 
> > [...]
> > if ( $vectors->{ day } < 1 ) {
> > $vectors->{ day } = $maxday;
> > $vectors->{ month }--;
> > }
> 
> Which looks like it would get this wrong for all months with < 31 days
> in them on the yesterday.  I have tagged it stretch-ignore, but I am
> happy to consider a fix for stretch.

Additional data:
- popcon vote: 0
- reverse dependencies: 0
- last release: 2009 or 2010
- not on metacpan; search.cpan.org has only older version.
  http://search.cpan.org/dist/CGI-ValidOp/

So we might as well remove this package ...


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#862861: libjs-jquery needs Breaks: libjs-chosen (<< 0.9.15-1~)

[Antonio Terceiro]

On Wed, May 17, 2017 at 11:05:36PM +0300, Adrian Bunk wrote:
> Package: libjs-jquery
> Version: 1.11.3+dfsg-1
> Severity: serious
> 
> See #797166 for details
> (and the Breaks is also missing in the backport to jessie).

There were lots of Javascript packages that were incompatible with a
non-obsolete jquery; it is not feasible to track all that by using
Breaks: on the jquery side.

Would you please provide a concrete issue where doing this would fix
anything?


signature.asc
Description: PGP signature

Bug#862297: [Pkg-citadel-devel] Bug#862297: Install fails if SMTP server is running on port 25, rendering console unuseable

[Michael Meskes]

On Wed, May 10, 2017 at 03:36:21PM -0500, John Goerzen wrote:
> I attempted to install citadel-server on a system that already had an MTA 
> installed,
> using the same command as I showed in #862296.  When doing so, my console -- 
> and every
> ssh session to root -- became nearly unuseable as it was flooded with 
> continuous complaints
> about the port 25 already being in use, at such a rate that I couldn't see 
> anything I
> was typing.  I was eventually able to blindly type "killall citserver" to get 
> rid of
> this problem.

It seems something changed on the upstream side since I think this used to
work. But it definitely is an upstream bug imo because the installation
explicitely sets ACT_AS_MTA to no.

Michael
-- 
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL

Bug#862296: [Pkg-citadel-devel] Bug#862296: Install hangs in postinst with error about c_Default_cal_zone

[Michael Meskes]

On Wed, May 10, 2017 at 02:53:17PM -0500, John Goerzen wrote:
> On initial install, this package hangs in postinst, and spews several of 
> these messages across
> the console:

I cannot reproduce this either, maybe you could run some more tests for me.

> Broadcast message from systemd-journald@sid (Wed 2017-05-10 14:45:52 CDT):
> 
> citserver[12602]: configuration setting c_default_cal_zone is empty, but must 
> not - check your config!

This might come but should certainly not cause a hang.

Would you be able to find out where in postinst it hangs? And if it is in
/usr/lib/citadel-server/setup where there?

Thanks.

Michael
-- 
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL

Bug#862300: [Pkg-citadel-devel] Bug#862300: Crashes during the login process

[Michael Meskes]

severity 862300 important
thanks

> Severity: grave
> ...

I tried with different setups and different packages, freshly downloaded, newly
compiled, etc. but I cannot reproduce this. Could it be that you have some
special string testing library installed?

Also I noticed:

> -- System Information:
>   APT prefers unstable
> Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)

This doesn't look like a straight forward unstable installation. What exactly
are you testing on?

I downgraded the bug until we can figure out whether it affects a clean
installation or which incompatibility is behind it.

Michael
-- 
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL

Bug#862529: uncommons-watchmaker-doc: Rename the documentation package to lib*-java-doc

[殷啟聰]

The reason behind this package name is that it provides the Javadoc
for both of the 2 library packages
(libuncommons-watchmaker-framework-java &
libuncommons-watchmaker-swing-java). If I split their Javadocs, there
will be dead hyperlinks (or in fact the class fullname instead of
hyperlinks) throughout the Javadoc of
libuncommons-watchmaker-swing-java.

pkg:gradle-doc follows the same reason, I guess. Besides, I fail to
find a javadoc package naming rule in the current Debian Java Policy.

The popcon is indeed low because it was merely meant for
stc:android-toolchian-jack [1]. But now that Google has officially
obsoleted this tool...

[1]: https://bugs.debian.org/847427

Bug#862916: RFS: xtensor/0.10.2-1

[Ghislain Vaillant]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for the following package:

* Package name: xtensor
  Version : 0.10.2-1
  Upstream Author : Johan Mabille and Sylvain Corlay
* URL : http://quantstack.net/xtensor
* License : BSD
  Section : libs

One can check out the package by visiting the following URL:

  https://anonscm.debian.org/git/debian-science/packages/xtensor.git

Changes since the last upload:

  * New upstream version 0.10.2
  * Mark xtensor-dev Multi-Arch: foreign
  * Do not build with -march=native
- New patch No-march-native.patch

Best regards,
Ghis

Bug#862530: aoetools: provide a systemd service to allow proper shutdown of AoE mounts

[Christoph Biedl]

[ Cc:'ed to the nbd-client bug since things might be quite the same there ]

Christoph Biedl wrote...

> > Also, the SysV init script used to unmount these
> > filesystems, but the aoetools package masks the systemd service. It
> > would be better to provide a real systemd service script that restores
> > the expected behaviour.
> 
> Given the fact this is something for stretch and we're pretty far into
> the freeze, there isn't the time for a few loops until such a unit works
> as expected. Therefore I'm asking for help with this topic. I can do the
> testing, then.

After some testing it seems the issue has much less impact than it
seemed initially:

(At least) AoE devices are handled properly if mounted with the _netdev
mount option. This applies to swap-over-AoE, too. Also, mounting these
through /etc/fstab works in jessie only if _netdev is provided as a
mount option as well.

Then the issue boils down to manually mounted AoE devices that will no
longer be umounted early enough. That's something that can be addressed
in the release notes as well. I'll take care of this in the next days
unless somebody objects or I find more issues.

The more complex problem "LVM over AoE" was not supported in jessie so
there's no reason to call this a blocker for stretch. It still was nice
to have it supported in Debian. Some day.

Christoph


signature.asc
Description: Digital signature

Bug#862398: [pkg-gnupg-maint] Bug#862398: build wks client and server tools

[Stefan Bühler]

Hi dkg,

On 05/15/2017 10:04 PM, Daniel Kahn Gillmor wrote:
> Hi Stefan--
> 
> On Fri 2017-05-12 12:37:03 +0200, Stefan Bühler wrote:
>> it would be nice to build and have packages for the gpg-wks-* tools.
>>
>> It seems there was already done some work in
>>
>> https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git/log/?h=dev/wks
>>
>> I rebased that commit to the experimental branch,
> 
> thanks for this work!  
> 
>> modified some texts and added man pages.
> 
> It'd be great to get these manpages upstream.

There are a lot of manpages in debian/* - so it looks to me like
upstream isn't really interested in maintaining them.  If upstream isn't
maintaining them, it might be easier to keep them in debian.

Does upstream know about these at least? I'm not against getting them
upstream, I'm just not sure whether it is worth my time.

>> Upstream install gpg-wks-client to /usr/lib/gnupg/, but I moved it in
>> the package to /usr/bin - I get that it was designed to be a backend
>> tool for MUAs, but right now I guess most people installing it will have
>> to use it manually.
> 
> I'm not so sure about diverging from upstream in our first introduction
> of these tools in debian.  If we do this, we're effectively committing
> to this divergence forever (someone's going to write scripts that use
> /usr/bin/gpg-wks-* and then get upset when we change it).  and it means
> that anyone who writes docs will have to have a different "how to do
> this on debian" section from "how to do this on fedora" or whatever.
> 
> would you object to using your packaging but shipping in the
> upstream-approved location?  or is it worth convincing upstream to ship
> these tools in /usr/bin instead?

I don't have any other (convincing) arguments, so I reverted the
location to the upstream path.

Now that I actually got it running I added some more infos to the
manpages too.

See attached updated patches, as previously my own changes in:

0001-wks-fix-debian-provide-man-pages-improve-texts.patch

The complete patch (squashed with the dev/wks commit) is:

0001-create-WKS-server-and-client-packages.patch

cheers,
Stefan
From 30dd3225cbbc9e408645b2be17e434dfb87a8daa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20Knau=C3=9F?= 
Date: Thu, 27 Oct 2016 19:16:14 +0200
Subject: [PATCH 1/1] Create WKS server and client packages

---
 debian/control   |  45 ++
 debian/gnupg-wks-client.install  |   1 +
 debian/gnupg-wks-client.manpages |   1 +
 debian/gnupg-wks-server.install  |   1 +
 debian/gnupg-wks-server.manpages |   1 +
 debian/gpg-wks-client.1  | 178 ++
 debian/gpg-wks-server.1  | 180 +++
 debian/rules |   1 +
 8 files changed, 408 insertions(+)
 create mode 100644 debian/gnupg-wks-client.install
 create mode 100644 debian/gnupg-wks-client.manpages
 create mode 100644 debian/gnupg-wks-server.install
 create mode 100644 debian/gnupg-wks-server.manpages
 create mode 100644 debian/gpg-wks-client.1
 create mode 100644 debian/gpg-wks-server.1

diff --git a/debian/control b/debian/control
index ac0b07907..2b9360477 100644
--- a/debian/control
+++ b/debian/control
@@ -72,6 +72,51 @@ Description: GNU privacy guard - cryptographic agent
  provides a passphrase cache, which is used by pre-2.1 versions of
  GnuPG for OpenPGP operations.
 
+Package: gnupg-wks-server
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ gnupg (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: GNU privacy guard - Web Key Service server
+ GnuPG is GNU's tool for secure communication and data storage.
+ It can be used to encrypt data and to create digital signatures.
+ It includes an advanced key management facility and is compliant
+ with the proposed OpenPGP Internet standard as described in RFC4880.
+ .
+ This package provides the GnuPG server for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more information see: https://wiki.gnupg.org/WKS
+
+Package: gnupg-wks-client
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ dirmngr (= ${binary:Version}),
+ gnupg (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: GNU privacy guard - Web Key Service client
+ GnuPG is GNU's tool for secure communication and data storage.
+ It can be used to encrypt data and to create digital signatures.
+ It includes an advanced key management facility and is compliant
+ with the proposed OpenPGP Internet standard as described in RFC4880.
+ .
+ This package provides the GnuPG client for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ 

Bug#860188: v40 interpreter in 2.7

[Yuri D'Elia]

On Thu, May 18 2017, Laurent Bigonville wrote:
> 2.7.1 is currently in experimental and AFAIKS the v40 interpreter is enabled 
> by
> default in that version, see:
> https://www.freetype.org/freetype2/docs/subpixel-hinting.html
>
> Where you thinking about something else?

After rechecking with the experimental version, it looks like v40 is
working as it should. I was just confused by ftview not showing the
engine version, but this was due to me also enabling the v38 engine as
well.

Sorry for the noise.

Bug#862915: squid: please drop required dependency on logrotate (encourage logging to syslog or journald)

[Daniel Kahn Gillmor]

Package: squid
Version: 3.5.23-3
Severity: normal

squid Depends: logrotate

But on modern systems, logrotate is unnecessary because logs are
handled (and rotated) by a centralized logging daemon.  a clean squid
installation shouldn't need to know or do anything with log rotation
-- it just needs to know how to hand its logs over to syslog and
should let the daemon deal with it.

It would be great to be able to have a machine with squid, but without
logrotate installed.

Thanks for maintaining squid in debian!

   --dkg

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages squid depends on:
ii  adduser  3.115
ii  libc62.24-10
ii  libcap2  1:2.25-1
ii  libcomerr2   1.43.4-2
ii  libdb5.3 5.3.28-12+b1
ii  libdbi-perl  1.636-1+b1
ii  libecap3 1.0.1-3.2
ii  libexpat12.2.0-2
ii  libgcc1  1:6.3.0-16
ii  libgssapi-krb5-2 1.15-1
ii  libkrb5-31.15-1
ii  libldap-2.4-22.4.44+dfsg-4+b1
ii  libltdl7 2.4.6-2
ii  libnetfilter-conntrack3  1.0.6-2
ii  libnettle6   3.3-1+b1
ii  libpam0g 1.1.8-3.5
ii  libsasl2-2   2.1.27~101-g0780600+dfsg-3
ii  libstdc++6   6.3.0-16
ii  libxml2  2.9.4+dfsg1-2.2
ii  logrotate3.11.0-0.1
ii  lsb-base 9.20161125
ii  netbase  5.4
ii  squid-common 3.5.23-3

Versions of packages squid recommends:
ii  libcap2-bin  1:2.25-1

Versions of packages squid suggests:
pn  resolvconf   
ii  smbclient2:4.5.8+dfsg-1
pn  squid-cgi
pn  squid-purge  
pn  squidclient  
pn  ufw  
pn  winbindd 

-- no debconf information

Bug#829046: Difficulties in packaging pagure

[Boyuan Yang]

在 2017年5月18日星期四 +08 下午12:07:41，SJ Zhu 写道：
> On Thu, May 18, 2017 at 11:59:36AM +0800, Boyuan Yang wrote:
> > There are some problems: this packaging uses upstream source code directly
> > from from Git repository, not the tarball upstream released on https://
> > pagures.io.
> 
> Hi,
> I import the source by `git archvie` and remove the minified js,
> then import it to upstream branch like what sergiodj did.
> 
> PS. I think I forget to remove some files which filename is not matched
> by "*.min.js"

I have several understandings on it:

Option 1


* Will not use any bundled javascript libraries, no matter minified or not
* Will depend on corresponding libjs-* packages and make symlinks to provide 
removed javascript libraries
* If that package does not exist, package them first

Option 2


* Only minified javascripts are not acceptable
* Will use tools like yui-compressor to generate minified js files without 
using 
libjs-* packages
* Write d/copyright for unminified js files

Option 3
-

* An mixture of 1 & 2
* Use libjs-* if that lib has been packaged in Debian
* If not packaged, use non-minified version and run processor to generate 
minified js files


I am not very familiar with Debian's JavaScript policies. Which of my 
understandings is correct?

--
Boyuan Yang

signature.asc
Description: This is a digitally signed message part.

Bug#862541: Pre-approval request, unblock: caffe/1.0.0-2

[Lumin]

Hi jmw,

The difference between the 1.0.0~rc4 version and the 1.0.0 version
is 162 git commits. I went through these git commits, and
these commits are about:

  1 documentation update / fix
  2 code grooming
  3 bug fix
  4 add tests
  5 support cudnn v6  (does not affect this package)
  6 update docker scripts  (does not affect this package)

i.e. There is no major code / feature change from the 1.0.0~rc4 tag
 -> 1.0.0 tag.

I've read the freeze policy but still want to apply for an unblock.
This is a machine learning application which has no rdepends,
and the latest stable version 1.0.0 more favorable to users and it's
more convenient for upstream to support. Although the rc4 version
works fine too.

Apart from the upstream stable release, I will add one more patch
to the packaging directory, which was already approved and merged
by upstream:

https://github.com/BVLC/caffe/commit/91b09280f5233cafc62954c98ce8bc4c204e7475

The patch will change a ambiguous static library name, and hence
fixing the bug mentioned previously won't introduce more trouble.

The 1.0.0-2 version was already prepared in the git repo:

https://anonscm.debian.org/cgit/debian-science/packages/caffe.git/log/

If this change could be approved, I'll upload the 1.0.0-2 version
to unstable, and wait for it to migrate.

If not, can I upload 1.0.0~rc4-2 simply with the patch above
applied and the fix for the bug mentioned above?


Thank you :-)


FYI:
files changed

git diff 1.0.0-rc4 1.0 --stat | cat   Thu 18 May
2017 03:49:46 PM UTC
 .gitignore  |   1 +
 CMakeLists.txt  |  42 +-
 CONTRIBUTORS.md |   2 +-
 LICENSE |   4 +-
 Makefile|   8 +-
 Makefile.config.example |  14 +-
 README.md   |   6 +-
 cmake/ConfigGen.cmake   |  67 +--
 cmake/Cuda.cmake|  14 +-
 cmake/Dependencies.cmake| 109 +++--
 cmake/External/glog.cmake   |   1 +
 cmake/Modules/FindAtlas.cmake   |   4 +-
 cmake/Modules/FindNCCL.cmake|  26 ++
 cmake/Modules/FindvecLib.cmake  |   2 +-
 cmake/ProtoBuf.cmake|   4 +-
 cmake/Summary.cmake |   1 +
 cmake/Targets.cmake |   6 +-
 cmake/Templates/CaffeConfig.cmake.in|  15 +-
 cmake/Templates/caffe_config.h.in   |  32 +-
 cmake/Uninstall.cmake.in|  26 ++
 docker/Makefile |  50 ---
 docker/README.md|  69 ++-
 docker/{standalone => }/cpu/Dockerfile  |  13 +-
 docker/{standalone => }/gpu/Dockerfile  |  16 +-
 docker/templates/Dockerfile.template|  42 --
 docs/_layouts/default.html  |   2 +-
 docs/development.md |   4 +-
 docs/index.md   |  47 +-
 docs/install_apt.md |   6 +-
 docs/install_apt_debian.md  | 161 +++
 docs/installation.md|   7 +-
 docs/model_zoo.md   |  24 +-
 docs/multigpu.md|   4 +-
 docs/performance_hardware.md|  73 ---
 docs/tutorial/interfaces.md |   4 +-
 docs/tutorial/layers.md | 562 
 docs/tutorial/layers/absval.md  |  22 +
 docs/tutorial/layers/accuracy.md|  20 +
 docs/tutorial/layers/argmax.md  |  18 +
 docs/tutorial/layers/batchnorm.md   |  20 +
 docs/tutorial/layers/batchreindex.md|  16 +
 docs/tutorial/layers/bias.md|  19 +
 docs/tutorial/layers/bnll.md|  25 ++
 docs/tutorial/layers/concat.md  |  40 ++
 docs/tutorial/layers/contrastiveloss.md |  20 +
 docs/tutorial/layers/convolution.md |  63 +++
 docs/tutorial/layers/crop.md|  20 +
 docs/tutorial/layers/data.md|  29 ++
 docs/tutorial/layers/deconvolution.md   |  22 +
 docs/tutorial/layers/dropout.md |  20 +
 docs/tutorial/layers/dummydata.md   |  20 +
 docs/tutorial/layers/eltwise.md |  20 +
 docs/tutorial/layers/elu.md |  25 ++
 docs/tutorial/layers/embed.md   |  20 +
 docs/tutorial/layers/euclideanloss.md   |  16 +
 docs/tutorial/layers/exp.md |  24 +
 docs/tutorial/layers/filter.md  |  15 +
 docs/tutorial/layers/flatten.md |  21 +
 docs/tutorial/layers/hdf5data.md|  20 +
 

Bug#862914: nmu: veusz_1.21.1-1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu veusz_1.21.1-1 . ANY . unstable . -m "rebuild with sip-api-11.3"
nmu python-poppler-qt4_0.24.0-1 . ANY . unstable . -m "rebuild with 
sip-api-11.3"

See #831860 for background.

Bug#831860: python{,3}-sip shouldn't provide more than one sip api

[Adrian Bunk]

Control: reassign -1 src:sip4 4.18.1+dfsg-1
Control: retitle -1 python{,3}-sip shouldn't provide more than one sip api
Control: affects -1 python-sip python3-sip

On Thu, Feb 16, 2017 at 02:36:19PM +0100, di dit wrote:
> Rebuilding veusz fixes this bug.
>...

Thanks a lot for your bug report, and also for this
additional information.

The trigger is the python-qt4 upgrade.

Backtrace:
#0  0x in ?? ()
#1  0x7fcb47dce997 in sip_api_get_cpp_ptr (sw=sw@entry=0x7fcb3d763410, 
td=0x7fcb4662ed00) at siplib.c:8571
#2  0x7fcb47dcfe38 in sip_api_convert_to_type (
pyObj=pyObj@entry=, 
td=, transferObj=0x0, flags=, statep=0x0, 
iserrp=iserrp@entry=0x7ffe94602bf4) at siplib.c:8756
#3  0x7fcb47dd3055 in parsePass2 (self=0x0, selfarg=0, 
sipArgs=sipArgs@entry=(,), 
sipKwdArgs=sipKwdArgs@entry=0x0, kwdlist=kwdlist@entry=0x0, 
fmt=0x7fcb46264f2c "", fmt@entry=0x7fcb46264f2a "J8", va=)
at siplib.c:5458
#4  0x7fcb47dd3bd3 in parseKwdArgs (parseErrp=0x7ffe94602e60, 
sipArgs=(,), sipKwdArgs=0x0, 
kwdlist=0x0, unused=unused@entry=0x0, fmt=0x7fcb46264f2a "J8", 
va_orig=0x7ffe94602cf0) at siplib.c:3467
#5  0x7fcb47dd3da1 in sip_api_parse_kwd_args (parseErrp=, 
sipArgs=, sipKwdArgs=, 
kwdlist=, unused=0x0, fmt=) at siplib.c:3387
#6  0x7fcb4600a60e in ?? ()
   from /usr/lib/python2.7/dist-packages/PyQt4/QtGui.x86_64-linux-gnu.so
#7  0x7fcb47dcf7c3 in sipSimpleWrapper_init (
self=self@entry=0x7fcb3d763488, 
args=(,), kwds=0x0)
at siplib.c:9861
#8  0x55d247e8d675 in wrap_init.lto_priv.1153 (kwds=, 
wrapped=0x7fcb47dcf4f0 , args=, 
self=) at ../Objects/typeobject.c:4862
#9  wrapper_call.lto_priv () at ../Objects/descrobject.c:1035
#10 0x55d247e03673 in PyObject_Call () at ../Objects/abstract.c:2547
...


After a rebuild python-qt4 now uses sip-api-11.3, but veusz-helpers 
still uses sip-api-11.1

To enforce that this problem can't happen again or during upgrades, 
python-sip and python3-sip shouldn't provide more than one sip api.

This bug is to track that this gets fixed in python{,3}-sip for stretch.

I'll also submit a binNMU request to get veusz and the other affected 
package in stretch rebuilt with sip-api-11.3

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#862871: unblock: intel-microcode/3.20170511.1

[Henrique de Moraes Holschuh]

On Thu, 18 May 2017, Jonathan Wiltshire wrote:
> On 2017-05-17 22:44, Henrique de Moraes Holschuh wrote:
> >Please unblock package intel-microcode.
> 
> Unblocked.

Thank you!

-- 
  Henrique Holschuh

Bug#792923: After an update, the translation of KDE in french becomes very incomplete

[Maximiliano Curia]

¡Hola Etienne!

El 2015-07-20 a las 10:04 +0200, Etienne MAHE escribió:
Package: kde-l10n-fr 
Version: 4:4.14.0-2 


After an update of french Localization of KDE files, the translation becomes 
very incomplete. For many menus and submenus, before this update, the 
translation was good. But after this same update, many menus switch from french 
to english, although french language is chosen in kde settings. 


The problems occurs for both testing and unstable versions. 


I wait for a solution to solve the problem. 


Sorry that it took so long to get back to you.

The kde-l10n-* packages have been updated a couple of times since this was 
reported, right now in the 4:16.04.3-1 version that covers kde applications 
based on kde frameworks 5.


While the current state is know not to be perfect I think that it's way better 
than it was when this was first reported.


Are you still seeing a very incomplete localization for the french desktop?

Happy hacking,
--
"If you think your users are idiots, only idiots will use it."
-- Linus Torvalds
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Bug#862387: openstack-dashboard: instance delete fails with: 403 Forbidden - CSRF verification failed. Request aborted.

[Valentin Vidic]

On Thu, May 18, 2017 at 05:14:10PM +0200, Thomas Goirand wrote:
> FYI, I worked together with upstream during all of last summer to
> somehow gain Django 1.10 compatibility. There was loads of issues, which
> were fixed one by one. I guess this bug means we didn't fixed them all.
> 
> If you're good enough with Django, we'd be very happy to add the patch
> both upstream and in the Debian package. According to one of the
> upstream "leaders" on IRC:
> 
>  zigo: Its on the batchActions and deleteActions
>  inside tables
>  so obviously, very severe.
>  What I dont understand is why this didnt break before

Thanks for the info, unfortunately my Django skills are pretty basic,
so I don't have a patch to share but just some more info that I found
in the meanwhile.

Tried a few Django packages from python-django git:
  * 1.8.16-1~bpo8+1 - works
  * 1.9.7-2 - works
  * 1.10-1 - fails

Since it fails with the first 1.10 release it should definitely be some
change introduced by the first Django 1.10 version.

Like you mentioned the problem seems to be with the tables - from the
page source in the browser the place where {% csrf_token %} should
be inserted in templates/horizon/common/_data_table.html is blank.
Apache error.log seems to confirm this:

UserWarning: A {% csrf_token %} was used in a template, but the context did not 
provide the value.  This is usually caused by not using RequestContext.

Let me know if you have any ideas what I could try next.

-- 
Valentin

Bug#846548: [pkg-opensc-maint] Bug#846548: patch for #846548

[Eric Dorland]

Sorry for not getting back to this sooner. I've canceled this upload
since it has the side-effect of breaking libp11 (ie it bumps it's
soname). I think the way forward would be to make that bump and
rebuild the only dependency (pam-p11) against it, but I'm not 100%
sure pam-p11 compiles with openssl 1.1. I guess this plan will require
release manager approval since it's rather a lot of changes.

* Luke Faraone (l...@faraone.cc) wrote:
> On Thu, 11 May 2017 20:33:41 -0700 Luke W Faraone  wrote:
> > On Thu, 11 May 2017 19:45:51 -0700 Luke W Faraone 
> > wrote:
> > > Attached is a patch to fix the path to the engine directory, and moves
> > > this library back to libssl-dev. (it isn't clear to me from changelog or
> > > git log why the move to 1.1 was originally reverted)
> > 
> > And of course, that patch was bogus. Attached is a orrected patch. I
> > intend to upload this to DELAYED/5 once I have a chance to test on real
> > hardware. 
> 
> Tested (attached) and uploaded accordingly.
> 
>   -- Luke

> $ openssl req -engine pkcs11 -keyform engine -new -key 
> "pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=[…];token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=PIV%20AUTH%20key;type=private"
>  -out req.pem -text -x509 -subj '/CN=Luke Faraone'
> engine "pkcs11" set.
> No private keys found.
> PKCS#11 token PIN: 
> cobalt:/tmp/tmp.1Pc1kTLqDp$ cat req.pem 
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> a7:78:4e:07:98:95:7d:95
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: CN = Luke Faraone
> Validity
> Not Before: May 13 20:07:39 2017 GMT
> Not After : Jun 12 20:07:39 2017 GMT
> Subject: CN = Luke Faraone
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
>   […]
> -BEGIN CERTIFICATE-
> […]
> -END CERTIFICATE-
> 




> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint


-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#800831: Bug#800830: missing pre-gap and index mark data

[Moray Allan]

Hi Daniel,

In October 2015 you wrote:

mkcue is behaving like "cdrdao --fast-toc", it is not reading the
pre-gap and index mark details from the disk and it is not including
those details in the Cue sheet.

For some purposes, such as calculating a Musicbrainz disk ID, it may be
necessary to have all these details.


Did you end up just using cdrdao?  Are there other features that would 
make it useful to you to fix this in mkcue, or would recommending cdrdao 
to new users be better?


Moray

Bug#862913: [INTL:id] initial Indonesian debconf translation

[Kukuh Syafaat]

Source: arb
Version: 6.0.6-1
Severity: wishlist
Tags: patch l10n
X-Debbugs-CC: debian-l10n-indones...@lists.debian.org

Dear maintainer, please find attachment for Indonesian debconf translations

msgfmt -c -v -o /dev/null id.po
3 pesan diterjemahkan.

Thank You

-- 
Kukuh Syafaat

# Translation of arb debconf templates to Indonesian 
# Copyright (C) Debian Indonesia Translator 
# This file is distributed under the same license as the arb package.
# Kukuh Syafaat , 2017.
#
msgid ""
msgstr ""
"Project-Id-Version: arb\n"
"Report-Msgid-Bugs-To: a...@packages.debian.org\n"
"POT-Creation-Date: 2017-05-18 22:09+0700\n"
"PO-Revision-Date: 2017-05-18 22:20+0700\n"
"Last-Translator: Kukuh Syafaat \n"
"Language-Team: Debian Indonesia Translator \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.8.11\n"
"Language: id\n"

#. Type: multiselect
#. Description
#: ../arb-common.templates:2001
msgid "ARB PT-server administrators:"
msgstr " Administrator ARB PT-server:"

#. Type: multiselect
#. Description
#: ../arb-common.templates:2001
msgid ""
"The default configuration of PT-server slots in /etc/arb/arb_tcp.dat gives "
"ARB three global slots accessible by all users (connecting to localhost:"
"${PORT}), as well as three slots to give private per-user access (connecting "
"to ~/.arb_pts/${USER}${NUMBER}.socket)."
msgstr ""
"Konfigurasi bawaan slot PT-server di /etc/arb/arb_tcp.dat memberi ARB tiga "
"slot global yang dapat diakses oleh semua pengguna (terhubung ke localhost:"
"${PORT}), serta tiga slot untuk memberikan akses per pengguna pribadi "
"(menghubungkan ke ~/.arb_pts/${USER}${NUMBER}.socket)."

#. Type: multiselect
#. Description
#: ../arb-common.templates:2001
msgid ""
"Only members of the \"arb\" system group will be able to build and update "
"the shared PT-servers. Please enter the login names for these privileged "
"users."
msgstr ""
"Hanya anggota grup sistem \"arb\" yang dapat membangun dan memperbarui "
"shared server-PT. Harap masukkan nama login untuk pengguna istimewa ini."

Bug#862387: openstack-dashboard: instance delete fails with: 403 Forbidden - CSRF verification failed. Request aborted.

[Thomas Goirand]

On 05/15/2017 11:44 AM, Valentin Vidic wrote:
> On Fri, May 12, 2017 at 09:00:00AM +0200, Valentin Vidic wrote:
>> Instance delete fails when I access:
>>
>>   http://os-ctrl/horizon/project/instances/
>>
>> and select "Delete Instance" from the list of actions with
>> the error:
>>
>>   Forbidden (403)
>>   CSRF verification failed. Request aborted.
>>
>>   Help
>>   Reason given for failure:
>> CSRF token missing or incorrect.
> 
> Downgrading python-django to 1.8.16-1~bpo8+1 seems to help,
> so it seems this version of horizon is not compatible with
> django 1.10 somehow?

Hi,

FYI, I worked together with upstream during all of last summer to
somehow gain Django 1.10 compatibility. There was loads of issues, which
were fixed one by one. I guess this bug means we didn't fixed them all.

If you're good enough with Django, we'd be very happy to add the patch
both upstream and in the Debian package. According to one of the
upstream "leaders" on IRC:

 zigo: Its on the batchActions and deleteActions
 inside tables
 so obviously, very severe.
 What I dont understand is why this didnt break before

Cheers,

Thomas Goirand (zigo)

Bug#862814: ibus-ui (systray icon) mis-detects Qt/KDE version

[Osamu Aoki]

On Wed, May 17, 2017 at 02:03:22PM +0200, Ralf Jung wrote:
> I can confirm that replacing the aforementioned piece of code by just
> 
>   m_indicator.set_icon_full(icon_name, "");
> 
> (i.e., removing the preprocessor conditional entirely) fixes the
> problem:  The icon is properly shown in the systray.

Please send us a patch against current package

Osamu
 
> Kind regards,
> Ralf
> 

Bug#862717: [Pkg-ime-devel] Bug#862717: ibus-daemon often crashes on suspend/resume

[Osamu Aoki]

On Tue, May 16, 2017 at 08:43:02PM +0200, Ralf Jung wrote:
> > The way this bug is happening, this looks like a bug on plasma-workspace
> > or mozc.
> What is mozc?

It's another IM method used for ibus/uim/fcitx... for Japanese.

Your comment in another mail that patching kde fixed some of the problem
is interesting.

For missing panel, did you install libqt5gui5
i A  --\ libqt5gui55.7.1+dfsg-3+b 5.7.1+dfsg-3+b
  Description: Qt 5 GUI module
Qt is a cross-platform C++ application framework. Qt's primary feature is
its rich set of widgets that provide standard GUI functionality.

The QtGui module extends QtCore with GUI functionality.

Since it is a part of recommends, it is not installed by default.

Osamu 

Bug#862912: ITP: iannix -- graphical OSC sequencer for digital arts

[IOhannes m zmoelnig]

Package: wnpp
Severity: wishlist
Owner: IOhannes m zmoelnig 

* Package name: iannix
  Version : 0.9.17
  Upstream Author : Iannix Association 
* URL : https://iannix.org
* License : GPL-3
  Programming Lang: C++
  Description : graphical OSC sequencer for digital arts

 IanniX is a graphical sequencer for digital arts,
 based on Iannis Xenakis works on graphical scores.
 IanniX manages events described via graphical elements (like curves) and
 controls your real-time environment via Open Sound Control (OSC).
 It can also be fully controlled via OSC (or FUDI, if you prefer).


I intend to package this under the pkg-multimedia-maintainers umbrella.

Bug#862911: ITP: python-decouple -- Helps you to organize your Django|Flask settings

[Herbert Parentes Fortes Neto]

Package: wnpp
Severity: wishlist
Owner: Herbert Parentes Fortes Neto 

* Package name: python-decouple
  Version : 3.0
  Upstream Author : Henrique Bastos 
* URL : https://pypi.python.org/pypi/python-decouple/
* License : MIT
  Programming Lang: Python
  Description : Decouple helps you to organize your Django settings


 Decouple helps you to organize your settings so that you 
 can change parameters without having to redeploy your app.

 Framework :: Django
 Framework :: Flask 

Bug#862910: [INTL:id] initial Indonesian debconf translation

[Kukuh Syafaat]

Source: distributed-net
Version: 2.9112.521-1
Severity: wishlist
Tags: patch l10n
X-Debbugs-CC: debian-l10n-indones...@lists.debian.org

Dear maintainer, please find attachment for Indonesian debconf translations

msgfmt -c -v -o /dev/null id.po
3 pesan diterjemahkan.

Thank You

-- 
Kukuh Syafaat

# Translation of distributed-net debconf templates to Indonesian 
# Copyright (C) Debian Indonesia Translator 
# This file is distributed under the same license as the distributed-net package.
# Kukuh Syafaat , 2017.
#
msgid ""
msgstr ""
"Project-Id-Version: distributed-net\n"
"Report-Msgid-Bugs-To: distributed-...@packages.debian.org\n"
"POT-Creation-Date: 2014-04-06 19:24+0200\n"
"PO-Revision-Date: 2017-05-18 21:11+0700\n"
"Language: id_ID\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"Last-Translator: Kukuh Syafaat \n"
"Language-Team: Debian Indonesia Translator \n"
"X-Generator: Poedit 1.8.11\n"
"X-Poedit-SourceCharset: UTF-8\n"

#. Type: boolean
#. Description
#: ../distributed-net.templates:2001
msgid "Run the distributed.net client configuration utility?"
msgstr "Jalankan utilitas konfigurasi klien distributed.net?"

#. Type: boolean
#. Description
#: ../distributed-net.templates:2001
msgid ""
"The distributed.net client needs to be configured before it can be used. "
"While most options have reasonable defaults, you need to specify the e-mail "
"address to which you would like distributed.net to credit any work done by "
"the client. If you are installing the distributed-net package for the first "
"time, then you must configure the client, otherwise the distributed.net "
"client will refuse to start."
msgstr ""
"Klien distributed.net perlu dikonfigurasi sebelum dapat digunakan. Sementara "
"sebagian besar pilihan memiliki bawaan yang masuk akal, Anda perlu "
"menentukan alamat surel yang Anda inginkan untuk distributed.net ke kredit "
"pekerjaan yang dilakukan oleh klien. Jika Anda memasang paket distributed-"
"net untuk pertama kalinya, Anda harus mengkonfigurasi klien, jika tidak, "
"klien distributed.net akan menolak untuk memulai."

#. Type: boolean
#. Description
#: ../distributed-net.templates:2001
msgid ""
"When the distributed.net client is run as a daemon (via /etc/init.d/"
"distributed-net), the output will be redirected to /var/log/distributed-net."
"log. You do not need to set up a log file. Since the init script is "
"controlling the distributed.net client, you should not enable \"quiet mode\" "
"as that breaks the init script."
msgstr ""
"Ketika klien distributed.net dijalankan sebagai daemon (via /etc/init.d/"
"distributed-net), keluaran akan diarahkan ke /var/log/distributed-net.log. "
"Anda tidak perlu membuat berkas log. Karena skrip init mengendalikan klien "
"distributed.net, Anda seharusnya tidak mengaktifkan \"mode diam\" saat skrip "
"init rusak."

Bug#862216: release-notes: [Stretch] improve text about iproute2 and net-tools

[Andreas Henriksson]

Hello Baptiste,

On Thu, May 18, 2017 at 02:27:08PM +0200, Baptiste Jammet wrote:
> Control: tags -1 patch
[...]

Just a minor nitpit, which is unrelated but that I noticed when looking
at your patch.

There seems to be a missing space in "netstat-r" which you might also
want to fix while at it ( => "netstat -r").

Regards,
Andreas Henriksson