Bug#608044: should support exporting sets of photos (events)
Hello, no answer from upstream. So I close this 6 years old bug. CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser Threema: SYR8SJXB Wire: @joergfringsfuerst IRC: j_...@freenode.net j_...@oftc.net My wish list: - Please send me a picture from the nature at your home. signature.asc Description: This is a digitally signed message part
Bug#864104: garmin-plugin: Please stop Build-Depending on libgcrypt11-dev transition package
Source: garmin-plugin Version: 0.3.23-1 Severity: normal garmin-plugin build-depends on libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864103: freeipmi: Please stop Build-Depending on libgcrypt11-dev transition package
Source: freeipmi Version: 1.4.11-1.1 Severity: normal freeipmi build-depends on libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864101: filetea: Please stop Build-Depending on libgcrypt11-dev transition package
Source: filetea Version: 0.1.16-3 Severity: normal filetea build-depends on libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864102: fis-gtm: Please stop Build-Depending on libgcrypt11-dev transition package
Source: fis-gtm Version: 6.3-000A-1 Severity: normal fis-gtm build-depends on libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864099: cupt: Please stop Build-Depending on libgcrypt11-dev transition package
Source: cupt Version: 2.9.9 Severity: normal cupt build-depends on libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864100: event-dance: Please stop Build-Depending on libgcrypt11-dev transition package
Source: event-dance Version: 0.1.28-4 Severity: normal event-dance build-depends on libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864097: chntpw: Please stop Build-Depending on libgcrypt11-dev transition package
Source: chntpw Version: 1.0-1 Severity: normal chntpw build-depends libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864098: clamz: Please stop Build-Depending on libgcrypt11-dev transition package
Source: clamz Version: 0.5-2 Severity: normal clamz build-depends on libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864096: charybdis: Please stop Build-Depending on libgcrypt11-dev transition package
Source: charybdis Version: 3.5.3-1 Severity: normal charybdis build-depends libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864095: cadaver: Please stop Build-Depending on libgcrypt11-dev transition package
Source: cadaver Version: 0.23.3-2 Severity: normal cadaver build-depends libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#864094: aria2: Please stop Build-Depending on libgcrypt11-dev transition package
Source: aria2 Version: 1.31.0-1 Severity: normal aria2 build-depends libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#630196: Shotwell only publishes to cloud services Picasa, Facebook and Flickr
Hello, no answer from upstream. So I close this 6 years old bug CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser Threema: SYR8SJXB Wire: @joergfringsfuerst IRC: j_...@freenode.net j_...@oftc.net My wish list: - Please send me a picture from the nature at your home. signature.asc Description: This is a digitally signed message part
Bug#864093: libotr: Please stop (Build-)Depending on libgcrypt11-dev transition package
Source: libotr Version: 4.1.1-2 Severity: normal libotr build-depends and libotr5-dev depends on libgcrypt11-dev. This is a transition package, please use libgcrypt20-dev instead. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#862666: ansible: CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment
On Mon, May 15, 2017 at 04:28:24PM +0200, Salvatore Bonaccorso wrote: > Source: ansible > Version: 2.2.1.0-2 > Severity: important > Tags: patch security upstream > > Hi, > > the following vulnerability was published for ansible. > > CVE-2017-7481[0]: > Security issue with lookup return not tainting the jinja2 environment What's the status? Can we get that fixed for stretch? Cheers, Moritz
Bug#758234: another nasty fallout of this requirement
On Tue, 06 Dec 2016 15:54:46 +0100 Ansgar Burchardtwrote: > On Sat, 2016-12-03 at 06:33 +0100, Adam Borowski wrote: > > And to actually fix the issues, instead of merely dropping the > > mention and > > thus making the dependencies last forever because of inertia, I urge > > you to > > go all the way from "priority of rdepends MUST be raised" all the way > > to > > "priority of rdepends MUST NOT be raised, every package is to be > > evaluated > > only based on what it directly brings to the user (elevation possibly > > _moved_ to a metapackage/etc but never copied the other way)" (maybe > > just a > > SHOULD NOT for a transitional period). > > I think this should be a "SHOULD NOT": > > The main consumer of the priority information is the installer > (debootstrap) which has only a very limited dependency resolver. It > might be necessary to raise the priority of dependencies to make sure > it does the right thing (I don't think we need this currently, but we > should keep the option open in case it turns out we need it). > > Ansgar > > Hi, I support this (with "SHOULD NOT"). Thanks, ~Niels signature.asc Description: OpenPGP digital signature
Bug#864091: unblock: ettercap (CVE)
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team Please unblock package ettercap, we fixed CVE 2017-8366 unblock ettercap/1:0.8.2-5 debdiff attached diff -Nru ettercap-0.8.2/debian/changelog ettercap-0.8.2/debian/changelog --- ettercap-0.8.2/debian/changelog 2017-03-07 21:28:07.0 +0100 +++ ettercap-0.8.2/debian/changelog 2017-06-04 09:27:11.0 +0200 @@ -1,3 +1,12 @@ +ettercap (1:0.8.2-5) unstable; urgency=high + + [ Alexander Koeppe ] + * debian/patches/803.patch: Fix buffer overflow/underflow +with bad filters (Closes: #861604). +CVE-2017-8366 + + -- Gianfranco CostamagnaSun, 04 Jun 2017 09:24:59 +0200 + ettercap (1:0.8.2-4) unstable; urgency=high * debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch: diff -Nru ettercap-0.8.2/debian/patches/803.patch ettercap-0.8.2/debian/patches/803.patch --- ettercap-0.8.2/debian/patches/803.patch 1970-01-01 01:00:00.0 +0100 +++ ettercap-0.8.2/debian/patches/803.patch 2017-06-04 09:25:14.0 +0200 @@ -0,0 +1,210 @@ +From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001 +From: Alexander Koeppe +Date: Thu, 1 Jun 2017 08:56:23 +0200 +Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type + +--- + CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: ettercap-0.8.2/CMakeLists.txt +=== +--- ettercap-0.8.2.orig/CMakeLists.txt ettercap-0.8.2/CMakeLists.txt +@@ -125,7 +125,27 @@ + # library dir path in our RPATH. + set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) + endif(NOT DISABLE_RPATH) ++ ++# set general build flags for debug build-type + set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE) ++# append ASAN build flags if compiler version has support ++if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") ++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) ++ message("Building with ASAN support (GNU compiler)") ++ else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++ message("Building without ASAN support (GNU compiler)") ++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang") ++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) ++ message("Building with ASAN support (Clang compiler)") ++ elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++ message("Building without ASAN support (Clang compiler)") ++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") ++ ++# set build flags for release build-type + set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE) + + if(OS_DARWIN) +Index: ettercap-0.8.2/include/ec_strings.h +=== +--- ettercap-0.8.2.orig/include/ec_strings.h ettercap-0.8.2/include/ec_strings.h +@@ -40,7 +40,7 @@ + + EC_API_EXTERN int match_pattern(const char *s, const char *pattern); + EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded); +-EC_API_EXTERN int strescape(char *dst, char *src); ++EC_API_EXTERN int strescape(char *dst, char *src, size_t len); + EC_API_EXTERN int str_replace(char **text, const char *s, const char *d); + EC_API_EXTERN size_t strlen_utf8(const char *s); + EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr); +Index: ettercap-0.8.2/src/ec_strings.c +=== +--- ettercap-0.8.2.orig/src/ec_strings.c ettercap-0.8.2/src/ec_strings.c +@@ -167,13 +167,14 @@ + /* + * convert the escaped string into a binary one + */ +-int strescape(char *dst, char *src) ++int strescape(char *dst, char *src, size_t len) + { +char *olddst = dst; ++ char *oldsrc = src; +int c; +int val; + +- while ((c = *src++) != '\0') { ++ while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) { + if (c == '\\') { + switch ((c = *src++)) { + case '\0': +@@ -218,9 +219,11 @@ + if (c >= '0' && c <= '7') + val = (val << 3) | (c - '0'); + else +- --src; ++ if (src > oldsrc) /* protect against buffer underflow */ ++--src; +} else +- --src; ++ if (src > oldsrc) /* protect against buffer underflow */ ++ --src; +*dst++
Bug#864092: unblock: llvm-toolchain-3.8
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team Please unblock package llvm-toolchain-3.8, we fixed the Julia build (bad arm64 generated code), and also fixed a sanitizer hang on newer kernels (it is an upstream patch, it might be incomplete, we tested and it worked, but it hanged again on one buildd) unblock llvm-toolchain-3.8/1:3.8.1-24 thanks G. diff -Nru llvm-toolchain-3.8-3.8.1/debian/changelog llvm-toolchain-3.8-3.8.1/debian/changelog --- llvm-toolchain-3.8-3.8.1/debian/changelog 2017-04-25 19:46:34.0 +0200 +++ llvm-toolchain-3.8-3.8.1/debian/changelog 2017-06-02 15:15:49.0 +0200 @@ -1,3 +1,14 @@ +llvm-toolchain-3.8 (1:3.8.1-24) unstable; urgency=medium + + * Team upload + * debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch: +fix relocation issue, preventing Julia from working correctly on +arm64 (Closes: #862360, #861484) + * debian/patches/asan-48bit-VMA-aarch64.patch: +- fix asan testsuite hang with some arm64 builders. + + -- Gianfranco CostamagnaFri, 02 Jun 2017 15:11:29 +0200 + llvm-toolchain-3.8 (1:3.8.1-23) unstable; urgency=medium * Oups, same player try again (wrong package name, sorry) diff -Nru llvm-toolchain-3.8-3.8.1/debian/patches/asan-48bit-VMA-aarch64.patch llvm-toolchain-3.8-3.8.1/debian/patches/asan-48bit-VMA-aarch64.patch --- llvm-toolchain-3.8-3.8.1/debian/patches/asan-48bit-VMA-aarch64.patch 1970-01-01 01:00:00.0 +0100 +++ llvm-toolchain-3.8-3.8.1/debian/patches/asan-48bit-VMA-aarch64.patch 2017-06-02 15:12:44.0 +0200 @@ -0,0 +1,16 @@ +Description: [asan] Enable 48-bit VMA support on aarch64 +Origin: upstream, https://reviews.llvm.org/D22095?id=63084 +Bug-Debian: https://bugs.debian.org/862360 +Author: Adhemerval Zanella +Last-Update: 2016-07-07 +--- a/compiler-rt/lib/sanitizer_common/sanitizer_platform.h b/compiler-rt/lib/sanitizer_common/sanitizer_platform.h +@@ -114,6 +114,8 @@ + // will still work but will consume more memory for TwoLevelByteMap. + #if defined(__mips__) + # define SANITIZER_MMAP_RANGE_SIZE FIRST_32_SECOND_64(1ULL << 32, 1ULL << 40) ++#elif defined(__aarch64__) ++# define SANITIZER_MMAP_RANGE_SIZE FIRST_32_SECOND_64(1ULL << 32, 1ULL << 48) + #else + # define SANITIZER_MMAP_RANGE_SIZE FIRST_32_SECOND_64(1ULL << 32, 1ULL << 47) + #endif diff -Nru llvm-toolchain-3.8-3.8.1/debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch llvm-toolchain-3.8-3.8.1/debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch --- llvm-toolchain-3.8-3.8.1/debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch 1970-01-01 01:00:00.0 +0100 +++ llvm-toolchain-3.8-3.8.1/debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch 2017-06-02 15:14:37.0 +0200 @@ -0,0 +1,16 @@ +Description: Fix R_AARCH64_MOVW_UABS_G3 relocation +Origin: upstream, https://reviews.llvm.org/D27609?id=80860 +Bug-Debian: https://bugs.debian.org/862360 +Author: Yichao Yu +Last-Update: 2016-12-15 +--- a/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp b/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp +@@ -357,7 +357,7 @@ + // bits affected by the relocation on entry is garbage. + *TargetPtr &= 0xffe0001fU; + // Immediate goes in bits 20:5 of MOVZ/MOVK instruction +-*TargetPtr |= Result >> (48 - 5); ++*TargetPtr |= (Result & 0xULL) >> (48 - 5); + // Shift must be "lsl #48", in bits 22:21 + assert((*TargetPtr >> 21 & 0x3) == 3 && "invalid shift for relocation"); + break; diff -Nru llvm-toolchain-3.8-3.8.1/debian/patches/series llvm-toolchain-3.8-3.8.1/debian/patches/series --- llvm-toolchain-3.8-3.8.1/debian/patches/series 2017-03-19 22:10:46.0 +0100 +++ llvm-toolchain-3.8-3.8.1/debian/patches/series 2017-06-02 15:11:44.0 +0200 @@ -57,3 +57,5 @@ lldb-server-path.diff lldb-server-link.diff add_symbols_versioning.patch +fix-R_AARCH64_MOVW_UABS_G3-relocation.patch +asan-48bit-VMA-aarch64.patch signature.asc Description: OpenPGP digital signature
Bug#863710: journald's most recent entries
> There were lots of changes regarding the journal between v215 and v232 > (which is the version in the upcoming stretch release). > > Would be great if you can try and reproduce the problem with that > version. If it still happens, this should be taken upstream. I've reproduced it with a shell script on v215 now, by printing same 5 messages every 2 hours for a day or so -- so that I'd have some idea of how to test it on v232 (otherwise it would be hard to tell if the bug is still there). Going to try it with v232 either on a VM or on the same machine once it will be updated to Debian 9 (probably in a month).
Bug#792307: closed by Brian Potkin <claremont...@gmail.com> (Re: Bug#863974: hplip should not require systemd)
Correct, sorry, I've been running without any systemd components for such a long time that I forgot the details. Either way, systemd components are currently pulled in and activated (logind-systemd). I don't have a good example for Linux off the top of my head because I've removed systemd a long time ago but maybe an example from OS X (which seems to be the origin of quite a few concepts introduced with systemd) explains my general problem: the socket used for X11 is stored in a private tmp diretory which can't be accessed by other users, thus I can't su to another login and still use X11 programs. That's what breaks my workflow - I usually have two or three different logins active on the same desktop and private tmp directories break things for me sooner or later. Of course I can set up a shared directory accessible by all users but that's not the point. Plus the ever-growing list of tmpfs mount points is really getting to me. I know that ConsoleKit is no longer maintained but that's what I'm using right now because it's set up as a dependency. Maybe it would be possible to ditch all dependencies to "fast user switching" without systemd and go back to the old way of things where ownership of console devices is set to whoever logs into a local console when no other console is active. This way, folks who don't want Linux turned into something resembling Windows or OS X can work the way they're used to and all others can have systemd and all the things that come with it... Like I said, I'm more than happy to provide a patch for policykit that does all that dynamically, i.e. doesn't need hard dependencies to systemd but uses it when present, dynamically loading the systemd libs. But if there's no interest it would be a waste of time. I'd also be willing to step up as maintainer for ConsolKit if that helps. Or both. On 06/04/2017 11:05 AM, Simon McVittie wrote: On Sat, 03 Jun 2017 at 22:50:58 +0200, Christian Mueller wrote: (separate temp mount points for each user) which, apart from the incredible clutter in the list of mounted file systems, breaks my workflows (I need a single /tmp for all users). systemd-logind mounts a small tmpfs at /run/user/$uid for each concurrent user, as its way to implement XDG_RUNTIME_DIR without letting users cause denial of service by filling up /run. /tmp remains visible to all users. Just having a version of policykit-1 compiled without systemd dependencies would solve all our issues and it's a tiny little change in the rules file. The change is tiny, but the support burden is not. To be able to implement the policies that it provides, polkit needs a way to determine which users are logged-in, which of those logged-in users are local (getty, xdm etc. but not ssh), and which of those local users are on the active VT. Historically, that was implemented by ConsoleKit, which no longer has upstream maintainers[1], and does not appear to have Debian maintainers either. On Linux systems (with either systemd, sysvinit + systemd-shim or Upstart + systemd-shim) the replacement is systemd-logind. S [1] https://www.freedesktop.org/wiki/Software/ConsoleKit/
Bug#863290: src:linux: no warning that btrfs RAID5/6 is buggered up
Package: src:linux Followup-For: Bug #863290 Dear Maintainer, I would like voice my concern as well. Btrfs RAID5/6 really needs a warning. These days most (if not all) of the problems you see with Btrfs is caused by the unstable features (https://btrfs.wiki.kernel.org/index.php/Status). RAID5/6 in kernel 4.9 is less than stellar and should absolutely not be used for anything except testing and experimentation. RAID1 actually needs a warning too. It will not work as "classic" RAID1 e.g. it need to be able to make two copies always to not get stuck in read only mode. You will not loose your data which is a good thing, but to be safe you need a minimum of 3 devices (I would prefer four or more to be on the safe side). -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
Bug#841925: latexmk 4.48 in Debian
Hi, On 24/11/16 at 13:55 +0100, Willi Mann wrote: > Dear Ohura, > > I really would like to see latexmk 4.48 in stretch. It's obviously too late for stretch. But since I use latexmk rather intensively, I would be interested in co-maintaining if you are looking for help. Lucas
Bug#864090: CVE-2017-9409: the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/458
Bug#864087: CVE-2017-9405: the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/457
Bug#864088: unblock (pre-approval): sqlite3/3.6.12-4
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, I would like to upload a security related update for sqlite3. It contains: - Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz[1], - Stack overflow while parsing deeply nested JSON[2], - JSON allows unescaped control characters in strings[3], - JSON extension accepts invalid numeric values[4]. Upstream tagged these as 'code defect' and severity 'severe'. The changes itself are small and the 3.19.2-1 version in experimental contains these fixes. Debdiff is attached. Thanks for consideration. Regards, Laszlo/GCS [1] http://www.sqlite.org/src/info/c2de178fe7e2e4e0 [2] https://www.sqlite.org/src/info/981329adeef51011052 [3] https://www.sqlite.org/src/info/6c9b5514077fed34551 [4] https://www.sqlite.org/src/info/b93be8729a895a528e2 diff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog --- sqlite3-3.16.2/debian/changelog 2017-02-13 17:31:26.0 + +++ sqlite3-3.16.2/debian/changelog 2017-06-04 07:58:54.0 + @@ -1,3 +1,13 @@ +sqlite3 (3.16.2-4) unstable; urgency=high + + * Backport fix for a possible NULL pointer dereference in the OP_Found +opcode that can follow an OOM error. + * Backport fix for stack overflow while parsing deeply nested JSON. + * Backport fix for JSON allows unescaped control characters in strings. + * Backport fix for JSON extension accepts invalid numeric values. + + -- Laszlo Boszormenyi (GCS)Sun, 04 Jun 2017 07:58:54 + + sqlite3 (3.16.2-3) unstable; urgency=medium * Backport upstream fix to ensure that sqlite3_blob_reopen() correctly diff -Nru sqlite3-3.16.2/debian/patches/36-OSS-Fuzz.patch sqlite3-3.16.2/debian/patches/36-OSS-Fuzz.patch --- sqlite3-3.16.2/debian/patches/36-OSS-Fuzz.patch 1970-01-01 00:00:00.0 + +++ sqlite3-3.16.2/debian/patches/36-OSS-Fuzz.patch 2017-06-04 07:58:54.0 + @@ -0,0 +1,24 @@ +Index: sqlite3/src/vdbe.c +== +--- sqlite3/src/vdbe.c sqlite3/src/vdbe.c +@@ -4017,14 +4017,16 @@ + } + #endif + pIdxKey = + pFree = 0; + }else{ ++assert( pIn3->flags & MEM_Blob ); ++rc = ExpandBlob(pIn3); ++assert( rc==SQLITE_OK || rc==SQLITE_NOMEM ); ++if( rc ) goto no_mem; + pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo); + if( pIdxKey==0 ) goto no_mem; +-assert( pIn3->flags & MEM_Blob ); +-(void)ExpandBlob(pIn3); + sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey); + } + pIdxKey->default_rc = 0; + takeJump = 0; + if( pOp->opcode==OP_NoConflict ){ + diff -Nru sqlite3-3.16.2/debian/patches/40-JSON-1.patch sqlite3-3.16.2/debian/patches/40-JSON-1.patch --- sqlite3-3.16.2/debian/patches/40-JSON-1.patch 1970-01-01 00:00:00.0 + +++ sqlite3-3.16.2/debian/patches/40-JSON-1.patch 2017-06-04 07:58:54.0 + @@ -0,0 +1,205 @@ +Index: sqlite3/ext/misc/json1.c +== +--- sqlite3/ext/misc/json1.c sqlite3/ext/misc/json1.c +@@ -726,17 +726,18 @@ + char c; + u32 j; + int iThis; + int x; + JsonNode *pNode; +- while( safe_isspace(pParse->zJson[i]) ){ i++; } +- if( (c = pParse->zJson[i])=='{' ){ ++ const char *z = pParse->zJson; ++ while( safe_isspace(z[i]) ){ i++; } ++ if( (c = z[i])=='{' ){ + /* Parse object */ + iThis = jsonParseAddNode(pParse, JSON_OBJECT, 0, 0); + if( iThis<0 ) return -1; + for(j=i+1;;j++){ +- while( safe_isspace(pParse->zJson[j]) ){ j++; } ++ while( safe_isspace(z[j]) ){ j++; } + x = jsonParseValue(pParse, j); + if( x<0 ){ + if( x==(-2) && pParse->nNode==(u32)iThis+1 ) return j+1; + return -1; + } +@@ -743,18 +744,18 @@ + if( pParse->oom ) return -1; + pNode = >aNode[pParse->nNode-1]; + if( pNode->eType!=JSON_STRING ) return -1; + pNode->jnFlags |= JNODE_LABEL; + j = x; +- while( safe_isspace(pParse->zJson[j]) ){ j++; } +- if( pParse->zJson[j]!=':' ) return -1; ++ while( safe_isspace(z[j]) ){ j++; } ++ if( z[j]!=':' ) return -1; + j++; + x = jsonParseValue(pParse, j); + if( x<0 ) return -1; + j = x; +- while( safe_isspace(pParse->zJson[j]) ){ j++; } +- c = pParse->zJson[j]; ++ while( safe_isspace(z[j]) ){ j++; } ++ c = z[j]; + if( c==',' ) continue; + if( c!='}' ) return -1; + break; + } + pParse->aNode[iThis].n = pParse->nNode - (u32)iThis - 1; +@@ -762,19 +763,19 @@ + }else if( c=='[' ){ + /* Parse array */ + iThis = jsonParseAddNode(pParse, JSON_ARRAY, 0, 0); + if( iThis<0 ) return -1; + for(j=i+1;;j++){ +- while( safe_isspace(pParse->zJson[j]) ){ j++; } ++ while( safe_isspace(z[j]) ){ j++; } + x = jsonParseValue(pParse, j); +
Bug#864089: CVE-2017-9407: the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/459
Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript
On Sat, Jun 3, 2017 at 6:13 PM, Pirate Praveenwrote: > On Sat, 27 May 2017 15:34:07 +0200 Bastien ROUCARIES > wrote: >> Moreover test suite fail > > Can you push your work to alioth, so others can have a look at the test > failure as well? > > Also if we can mention all copyright notices in debian/copyright, that > would be sufficient, no need to involve upstream I think. Done could you check testsuite failure and copyright ? Bastien >
Bug#864086: libcommoncpp2: Unused (build-)dependencies: gnutls/gcrypt
Source: libcommoncpp2 Version: 1.8.1-6.1 Severity: normal Tags: patch Hello, afaict libcommoncpp2's (build-)depencies on libgnutls28-dev | libgnutls-dev, libgcrypt11-dev | libgcrypt-dev are unused. The package is not built with --with-gnutls. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' diff -Nru libcommoncpp2-1.8.1/debian/changelog libcommoncpp2-1.8.1/debian/changelog --- libcommoncpp2-1.8.1/debian/changelog 2015-08-16 17:39:25.0 +0200 +++ libcommoncpp2-1.8.1/debian/changelog 2017-06-04 11:21:40.0 +0200 @@ -1,3 +1,10 @@ +libcommoncpp2 (1.8.1-6.2) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Drop unused (build-)dependencies on gnutls/gcrypt. + + -- Andreas MetzlerSun, 04 Jun 2017 11:21:40 +0200 + libcommoncpp2 (1.8.1-6.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru libcommoncpp2-1.8.1/debian/control libcommoncpp2-1.8.1/debian/control --- libcommoncpp2-1.8.1/debian/control 2015-08-16 17:39:25.0 +0200 +++ libcommoncpp2-1.8.1/debian/control 2017-06-04 11:21:40.0 +0200 @@ -4,7 +4,7 @@ Maintainer: Debian VoIP Team Uploaders: Mark Purcell , Kilian Krause Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.13.19), autotools-dev, doxygen, - libxml2-dev, zlib1g-dev, libgnutls28-dev | libgnutls-dev, libgcrypt11-dev | libgcrypt-dev + libxml2-dev, zlib1g-dev Standards-Version: 3.9.5 Homepage: http://www.gnu.org/software/commoncpp/ Vcs-Svn: svn://anonscm.debian.org/pkg-voip/libcommoncpp2/trunk/ @@ -13,7 +13,7 @@ Package: libcommoncpp2-dev Section: libdevel Architecture: any -Depends: ${misc:Depends}, libccgnu2-1.8-0v5 (= ${binary:Version}), libgnutls28-dev | libgnutls-dev, zlib1g-dev, libgcrypt11-dev | libgcrypt-dev, pkg-config +Depends: ${misc:Depends}, libccgnu2-1.8-0v5 (= ${binary:Version}), zlib1g-dev, pkg-config Suggests: libcommoncpp2-doc Description: Header files and static libraries for Common C++ "2" Common C++ is a GNU package which offers portable "abstraction" of system
Bug#856811: solved issue
Problem was solved with : ln -s /usr/lib64/sane /usr/lib
Bug#864085: unblock: dnsmasq/2.76-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dnsmasq The dnsmasq package in testing has a serious problem when dns-root-data is installed, due to changes in the format of the dns-root-data files. The effect is to render dnsmasq unusable. There are several serious bugs filed to this effect, but they should really be release-critical, eg 863896 There are also several bugs in the DNSSEC validation code, which are fixed upstream, and really should be in stretch. Therefore, if we can get dnsmasq-2.77-1, currently in unstable, into Stretch, that would be a Good Thing. If not, it will need a point release. Apologies for the short notice. unblock dnsmasq/2.76-5 -- System Information: Debian Release: stretch/sid APT prefers xenial-updates APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-78-generic (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#854727: Removal from stretch?
Moritz Muehlenhoff wrote: > On Fri, Mar 24, 2017 at 07:41:03AM -0400, Scott Howard wrote: > > I was contacted by someone at SUSE that is working on fixing the security > > bugs - but even if successful, I don't know how good the quality will be or > > how much testing will be able to get done before stretch is released. > > Removal might be safest option > > Unfortunately removal didn't work our for stretch and will have to wait > for buster. Since the stretch release is coming close and since Scott is on the LowNMU list I've uploaded an NMU. CVE-2017-5980 isn't mentioned in the patch names, but I've confirmed with the reproducers that it's fixed as well. CVE-2017-5977 still needs to be checked, it might be fixed along with zziplib-CVE-2017-5974.patch or zziplib-CVE-2017-5976.patch, but needs further investigation. It's only a memory overread, so if it misses the stretch release that's not a big deal. Cheers, Moritz
Bug#864084: unblock: zabbix/1:3.0.7+dfsg-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Affects: -1 zabbix X-Debbugs-CC: j...@debian.org Please unblock zabbix/1:3.0.7+dfsg-3 I would like to accommodate two attached diffs to Stretch please. One fixes defunctional UI (broken by incompatible libjs-jquery) and another fixes two security vulnerabilities as per #863584. Thanks. -- All the best, Dmitry Smirnov. signature.asc Description: This is a digitally signed message part. diff --git a/debian/changelog b/debian/changelog index d570c6d..755bc59 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +zabbix (1:3.0.7+dfsg-2) unstable; urgency=medium + + * Frontend-PHP: switch to private jQuery (Closes: #857287). + + -- Dmitry SmirnovSun, 21 May 2017 13:56:56 +1000 + zabbix (1:3.0.7+dfsg-1) unstable; urgency=medium * New upstream release [December 2016]. diff --git a/debian/control b/debian/control index d989f84..c0f275f 100644 --- a/debian/control +++ b/debian/control @@ -21,7 +21,7 @@ Build-Depends: debhelper (>= 9), automake, dh-autoreconf, dh-systemd (>= 1.5), d ## dh-linktree: ,libjs-prototype ,libjs-jquery-ui (>= 1.10.1) -,libjs-jquery (>= 1.10.1) +# ,libjs-jquery (>= 1.10.1) ## java-gateway deps: ,javahelper Build-Depends-Indep: default-jdk diff --git a/debian/zabbix-frontend-php.linktrees b/debian/zabbix-frontend-php.linktrees index 7308d0c..9dc6cc8 100644 --- a/debian/zabbix-frontend-php.linktrees +++ b/debian/zabbix-frontend-php.linktrees @@ -4,5 +4,5 @@ replace /usr/share/javascript/prototype/prototype.js /usr/share/zabbix/js/vend ## libjs-jquery-ui (1.10.1 vs 1.10.3) replace /usr/share/javascript/jquery-ui/jquery-ui.js /usr/share/zabbix/js/vendors/jquery-ui.js -## libjs-jquery (1.11.3 vs 1.10.2) -replace /usr/share/javascript/jquery/jquery.js /usr/share/zabbix/js/vendors/jquery.js +## libjs-jquery (3.1.1 vs 1.10.2) +#replace /usr/share/javascript/jquery/jquery.js /usr/share/zabbix/js/vendors/jquery.js diff --git a/debian/changelog b/debian/changelog index 755bc59..d1c4c64 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +zabbix (1:3.0.7+dfsg-3) unstable; urgency=high + + * CVE-2017-2824, CVE-2017-2825: new upstream patches +"ZBX-12075_r67082.patch", "ZBX-12075_r67270.patch" (Closes: #863584). + + -- Dmitry Smirnov Sun, 04 Jun 2017 17:14:06 +1000 + zabbix (1:3.0.7+dfsg-2) unstable; urgency=medium * Frontend-PHP: switch to private jQuery (Closes: #857287). diff --git a/debian/patches/ZBX-12075_r67082.patch b/debian/patches/ZBX-12075_r67082.patch new file mode 100644 index 000..59bf622 --- /dev/null +++ b/debian/patches/ZBX-12075_r67082.patch @@ -0,0 +1,44 @@ +Bug-Upstream: https://support.zabbix.com/browse/ZBX-12075 +From 089f0d90b3d94c577263e8bdfe08ce3f33f9e178 Mon Sep 17 00:00:00 2001 +Origin: upstream +Date: Wed, 5 Apr 2017 15:31:59 + +Subject: [DEV-567] added validation of discovered host IP addresses + +--- a/src/libs/zbxcommon/misc.c b/src/libs/zbxcommon/misc.c +@@ -1872,17 +1872,9 @@ + ** + **/ + int is_ip(const char *ip) + { +- zabbix_log(LOG_LEVEL_DEBUG, "In is_ip() ip:'%s'", ip); +- +- if (SUCCEED == is_ip4(ip)) +- return SUCCEED; +-#if defined(HAVE_IPV6) +- if (SUCCEED == is_ip6(ip)) +- return SUCCEED; +-#endif +- return FAIL; ++ return SUCCEED == is_ip4(ip) ? SUCCEED : is_ip6(ip); + } + + /** + ** +--- a/src/libs/zbxdbhigh/proxy.c b/src/libs/zbxdbhigh/proxy.c +@@ -2561,8 +2561,14 @@ + + if (FAIL == zbx_json_value_by_name(_row, ZBX_PROTO_TAG_IP, ip, sizeof(ip))) + goto json_parse_error; + ++ if (SUCCEED != is_ip(ip)) ++ { ++ zabbix_log(LOG_LEVEL_DEBUG, "\"%s\" is not a valid IP address", ip); ++ goto next; ++ } ++ + if (SUCCEED == zbx_json_value_by_name(_row, ZBX_PROTO_TAG_PORT, tmp, sizeof(tmp))) + port = atoi(tmp); + + zbx_json_value_by_name(_row, ZBX_PROTO_TAG_KEY, key_, sizeof(key_)); diff --git a/debian/patches/ZBX-12075_r67270.patch b/debian/patches/ZBX-12075_r67270.patch new file mode 100644 index 000..10a403c --- /dev/null +++ b/debian/patches/ZBX-12075_r67270.patch @@ -0,0 +1,93 @@ +Bug-Upstream: https://support.zabbix.com/browse/ZBX-12075 +From 17a159950db846a1c6365027c647b25a4bb02b94 Mon Sep 17 00:00:00 2001 +Origin: upstream +Date: Wed, 12 Apr 2017 06:17:40 + +Subject: [DEV-567] resurrected old IP check function to check SourceIP config file parameter taking into account IPv6 support enabled/disabled at compile time + +--- a/include/common.h b/include/common.h +@@ -981,8 +981,9 @@ + #ifdef HAVE_IPV6 + int is_ip6(const char *ip); + #endif + int is_ip4(const char
Bug#792307: closed by Brian Potkin <claremont...@gmail.com> (Re: Bug#863974: hplip should not require systemd)
On Sat, 03 Jun 2017 at 22:50:58 +0200, Christian Mueller wrote: > (separate temp mount points for > each user) which, apart from the incredible clutter in the list of mounted > file systems, breaks my workflows (I need a single /tmp for all users). systemd-logind mounts a small tmpfs at /run/user/$uid for each concurrent user, as its way to implement XDG_RUNTIME_DIR without letting users cause denial of service by filling up /run. /tmp remains visible to all users. > Just having a version of policykit-1 compiled without systemd > dependencies would solve all our issues and it's a tiny little change in the > rules file. The change is tiny, but the support burden is not. To be able to implement the policies that it provides, polkit needs a way to determine which users are logged-in, which of those logged-in users are local (getty, xdm etc. but not ssh), and which of those local users are on the active VT. Historically, that was implemented by ConsoleKit, which no longer has upstream maintainers[1], and does not appear to have Debian maintainers either. On Linux systems (with either systemd, sysvinit + systemd-shim or Upstart + systemd-shim) the replacement is systemd-logind. S [1] https://www.freedesktop.org/wiki/Software/ConsoleKit/
Bug#864077: tellico-doc: khelpcenter error 'Documentation not found'
Control: tags -1 confirmed On Sun, Jun 04, 2017 at 03:27:31PM +0930, David Nebauer wrote: > When invoking tellico help, khelpcenter open with the error message > 'Documentation not found'. This occurs whether help is invoked using the > tellico help menu, by pressing F1 in tellico, or directly from a shell > ('khelpcenter help:/tellico'). And it did work in the previous version in Debian. Thanks for reporting. Thanks for the good report.
Bug#864083: unblock: libgcrypt20/1.7.6-2
Control: tags -1 confirmed d-i Andreas Metzler: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package libgcrypt20, the upload features the following > changes: > * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped. > * Pull two fixes from gcrypt 1.7.7 bugfix release: > + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch > Fix possible timing attack on EdDSA session key. > + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch > Fix long standing bug in secure memory implementation which could lead > to a segv on free. > > unblock libgcrypt20/1.7.6-2 > > Thanks, cu Andreas > Ack from here, CC'ing KiBi for a d-i ack - assuming there is still time. Worst case, we will have to defer it to 9.1. Thanks, ~Niels
Bug#864083: unblock: libgcrypt20/1.7.6-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libgcrypt20, the upload features the following changes: * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped. * Pull two fixes from gcrypt 1.7.7 bugfix release: + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch Fix possible timing attack on EdDSA session key. + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch Fix long standing bug in secure memory implementation which could lead to a segv on free. unblock libgcrypt20/1.7.6-2 Thanks, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' diff -Nru libgcrypt20-1.7.6/debian/changelog libgcrypt20-1.7.6/debian/changelog --- libgcrypt20-1.7.6/debian/changelog 2017-01-26 11:58:32.0 +0100 +++ libgcrypt20-1.7.6/debian/changelog 2017-06-03 10:58:36.0 +0200 @@ -1,3 +1,15 @@ +libgcrypt20 (1.7.6-2) unstable; urgency=high + + * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped. + * Pull two fixes from gcrypt 1.7.7 bugfix release: ++ 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch + Fix possible timing attack on EdDSA session key. ++ 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch + Fix long standing bug in secure memory implementation which could lead + to a segv on free. + + -- Andreas MetzlerSat, 03 Jun 2017 10:58:36 +0200 + libgcrypt20 (1.7.6-1) unstable; urgency=medium * New upstream version, includes diff -Nru libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch --- libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch 1970-01-01 01:00:00.0 +0100 +++ libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch 2017-06-03 10:53:37.0 +0200 @@ -0,0 +1,35 @@ +From f9494b3f258e01b6af8bd3941ce436bcc00afc56 Mon Sep 17 00:00:00 2001 +From: Jo Van Bulck +Date: Thu, 19 Jan 2017 17:00:15 +0100 +Subject: [PATCH 1/2] ecc: Store EdDSA session key in secure memory. + +* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate +session key. +-- + +An attacker who learns the EdDSA session key from side-channel +observation during the signing process, can easily revover the long- +term secret key. Storing the session key in secure memory ensures that +constant time point operations are used in the MPI library. + +Signed-off-by: Jo Van Bulck +--- + cipher/ecc-eddsa.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c +index f91f8489..813e030d 100644 +--- a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c +@@ -603,7 +603,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, + a = mpi_snew (0); + x = mpi_new (0); + y = mpi_new (0); +- r = mpi_new (0); ++ r = mpi_snew (0); + ctx = _gcry_mpi_ec_p_internal_new (skey->E.model, skey->E.dialect, 0, + skey->E.p, skey->E.a, skey->E.b); + b = (ctx->nbits+7)/8; +-- +2.11.0 + diff -Nru libgcrypt20-1.7.6/debian/patches/30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch libgcrypt20-1.7.6/debian/patches/30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch --- libgcrypt20-1.7.6/debian/patches/30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch 1970-01-01 01:00:00.0 +0100 +++ libgcrypt20-1.7.6/debian/patches/30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch 2017-06-03 10:53:37.0 +0200 @@ -0,0 +1,69 @@ +From 91456759b887e153c4d4ce19538d478df260cab2 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Fri, 2 Jun 2017 10:34:42 +0900 +Subject: [PATCH 2/2] secmem: Fix SEGV and stat calculation. + +* src/secmem (init_pool): Care about the header size. +(_gcry_secmem_malloc_internal): Likewise. +(_gcry_secmem_malloc_internal): Use mb->size for stats. + +-- + +GnuPG-bug-id: 3027 +Signed-off-by: NIIBE Yutaka +--- + src/secmem.c | 10 +- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/secmem.c b/src/secmem.c +index 46bbf82e..b2a9667d 100644 +--- a/src/secmem.c b/src/secmem.c +@@ -454,7 +454,7 @@ init_pool (pooldesc_t *pool, size_t n) + + /* Initialize first memory block. */ + mb = (memblock_t *) pool->mem; +- mb->size = pool->size; ++ mb->size = pool->size - BLOCK_HEAD_SIZE; + mb->flags = 0; + } + +@@ -610,7 +610,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint) + mb = mb_get_new (pool, (memblock_t *) pool->mem, size); + if (mb) + { +- stats_update (pool, size, 0); ++ stats_update (pool, mb->size, 0); +
Bug#864082: fontconfig: please make the cache files reproducible
Source: fontconfig Version: 2.12.1-0.1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org Hi, Whilst working on the Reproducible Builds effort [0], we noticed that fontconfig generates non-reproducible cache files under /var/cache/fontconfig. This is because fontconfig embeds the mtime of each font directory in a "checksum" member of a "_FcCache" struct. This is so that it can identify which cache files remain valid and/or require regeneration. We therefore "clamp" the mtimes of font directories to SOURCE_DATE_EPOCH prior to calling fc-cache to avoid these non-deterministic values appearing in the files themselves. This is safe as we now force regeneration in subsequent fc-cache calls with -f. (We can't just replace the checksum value with SOURCE_DATE_EPOCH as it will result in fontconfig believing the cache to be outdated, defeating the entire point of generating them in the first place.) This work was sponsored by Tails[1]. Patch attached. [0] https://reproducible-builds.org/ [1] https://tails.boum.org/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- diff --git a/debian/fontconfig.postinst b/debian/fontconfig.postinst index ad7ac19..dfba70e 100644 --- a/debian/fontconfig.postinst +++ b/debian/fontconfig.postinst @@ -2,10 +2,28 @@ set -e +if [ -n "$SOURCE_DATE_EPOCH" ]; then + # fontconfig embeds the mtime of each font directory in a "checksum" member + # of a "_FcCache" struct. This is so that it can identify which cache files + # remain valid and/or require regeneration. + # + # We therefore "clamp" the mtimes of font directories to SOURCE_DATE_EPOCH + # prior to calling fc-cache to avoid these non-deterministic values appearing + # in the files themselves. This is safe as we force regeneration in + # subsequent fc-cache calls with -f. + # + # (We can't just replace the checksum value with SOURCE_DATE_EPOCH as it will + # result in fontconfig believing the cache to be outdated, defeating the + # entire point of generating them in the first place. + fc-cache -s --list-dirs | \ +xargs -I{} find {} -type d -follow -newermt "@$SOURCE_DATE_EPOCH" -print0 2>/dev/null | \ +xargs -0r touch --date="@$SOURCE_DATE_EPOCH" +fi + if [ "$1" = triggered ]; then # Force regeneration of all fontconfig cache files. mkdir -p /var/cache/fontconfig - fc-cache -s -v 1>/var/log/fontconfig.log 2>&1 || printf "fc-cache failed.\nSee /var/log/fontconfig.log for more information.\n" + fc-cache -s -f -v 1>/var/log/fontconfig.log 2>&1 || printf "fc-cache failed.\nSee /var/log/fontconfig.log for more information.\n" exit 0 fi diff --git a/fc-cache/fc-cache.1 b/fc-cache/fc-cache.1 index e514779..f5a733d 100644 --- a/fc-cache/fc-cache.1 +++ b/fc-cache/fc-cache.1 @@ -4,7 +4,7 @@ fc-cache \- build font information cache files .SH SYNOPSIS .sp -\fBfc-cache\fR [ \fB-EfrsvVh\fR ] [ \fB--error-on-no-fonts\fR ] [ \fB--force\fR ] [ \fB--really-force\fR ] [ \fB [ -y \fIdir\fB ] [ --sysroot \fIdir\fB ] \fR ] [ \fB--system-only\fR ] [ \fB--verbose\fR ] [ \fB--version\fR ] [ \fB--help\fR ] [ \fB\fIdir\fB\fR\fI...\fR ] +\fBfc-cache\fR [ \fB-EfrsvVh\fR ] [ \fB--error-on-no-fonts\fR ] [ \fB--force\fR ] [ \fB--really-force\fR ] [ \fB [ -y \fIdir\fB ] [ --sysroot \fIdir\fB ] \fR ] [ \fB--system-only\fR ] [ \fB--list-dirs\fR ] [ \fB--verbose\fR ] [ \fB--version\fR ] [ \fB--help\fR ] [ \fB\fIdir\fB\fR\fI...\fR ] .SH "DESCRIPTION" .PP \fBfc-cache\fR scans the font directories on @@ -44,6 +44,9 @@ Erase all existing cache files and rescan. Only scan system-wide directories, omitting the places located in the user's home directory. .TP +\fB-l\fR +Only list directories, don't regenerate anything. +.TP \fB-v\fR Display status information while busy. .TP diff --git a/fc-cache/fc-cache.c b/fc-cache/fc-cache.c index 0336073..fc5ff07 100644 --- a/fc-cache/fc-cache.c +++ b/fc-cache/fc-cache.c @@ -70,6 +70,7 @@ const struct option longopts[] = { {"really-force", 0, 0, 'r'}, {"sysroot", required_argument, 0, 'y'}, {"system-only", 0, 0, 's'}, +{"list-dirs", 0, 0, 'l'}, {"version", 0, 0, 'V'}, {"verbose", 0, 0, 'v'}, {"help", 0, 0, 'h'}, @@ -87,10 +88,10 @@ usage (char *program, int error) { FILE *file = error ? stderr : stdout; #if HAVE_GETOPT_LONG -fprintf (file, "usage: %s [-EfrsvVh] [-y SYSROOT] [--error-on-no-fonts] [--force|--really-force] [--sysroot=SYSROOT] [--system-only] [--verbose] [--version] [--help] [dirs]\n", +fprintf (file, "usage: %s [-EfrslvVh] [-y SYSROOT] [--error-on-no-fonts] [--force|--really-force] [--sysroot=SYSROOT] [--system-only] [--list-dirs] [--verbose] [--version] [--help] [dirs]\n", program); #else -fprintf (file, "usage: %s [-EfrsvVh] [-y SYSROOT] [dirs]\n", +fprintf (file, "usage: %s
Bug#716982: note
Package gwenview has directory debian/tests $ ls -l ~/src/gwenview/debian/tests/ totaal 12 -rw-r--r-- 1 stappers stappers 204 jun 4 08:37 control -rwxr-xr-x 1 stappers stappers 391 jun 4 08:37 testsuite -rwxr-xr-x 1 stappers stappers 102 jun 4 08:37 testsuite.xsession $ cat ~/src/gwenview/debian/tests/testsuite #!/bin/sh if [ -z "$HOME" ] || [ ! -d "$HOME" ]; then [ -e debian/tests.home ] || mkdir debian/tests.home export HOME="$(pwd)/debian/tests.home" trap "rm -rf debian/tests.home" EXIT fi mkdir -p "$HOME"/.config || true mkdir -p "$HOME"/.kde-unit-test || true xvfb-run -a --server-args="-screen 0 1024x768x24" \ dbus-launch --exit-with-session debian/tests/testsuite.xsession $
Bug#864080: openssl: libssl1.1-udeb is missing versioned dependency on libcrypto1.1-udeb
Package: openssl Version: 1.1.0e-2 Severity: serious Tags: d-i As noted in #863472: """ The libssl1.1-udeb package is broken, as it fails to depend on an appropriate version of libcrypto1.1-udeb, which means I've just successfully built a debian-installer against testing with this addition: build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb and gotten a broken wget: | wget: /usr/lib/libcrypto.so.1.1: version `OPENSSL_1_1_0f' not found (required by /usr/lib/libssl.so.1.1) See the missing version here: | $ dpkg --info build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb|grep Depends: | Depends: libc6-udeb (>= 2.24), libcrypto1.1-udeb """
Bug#864079: ITP: backuppc-rsync -- rsync optimised for BackupPC backup utility
Package: wnpp Severity: wishlist Owner: Ludovic Drolez* Package name: backuppc-rsync Version : 3.0.9.7 Upstream Author : Craig Barratt * URL : https://github.com/backuppc/rsync-bpc * License : GPL Programming Lang: C Description : rsync optimised for BackupPC backup utility Rsync-bpc is a customized version of rsync that is used as part of BackupPC, an open source backup system. The main change to rsync is adding a shim layer (in the subdirectory backuppc, and in bpc_sysCalls.c) that emulates the system calls for accessing the file system so that rsync can directly read/write files in BackupPC's format.
Bug#835127: tellico: Tellico always crashes at boot time
Package: tellico Followup-For: Bug #835127 Dear Maintainer, I have installed version 3.0.2-1.1 from unstable on my Stretch install and the crashing seems to be gone for good. Best Regards, Andrej Mernik -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=sl_SI.UTF-8, LC_CTYPE=sl_SI.UTF-8 (charmap=UTF-8), LANGUAGE=sl (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages tellico depends on: ii kio5.28.0-2 ii libbtparse10.78-1 ii libc6 2.24-11 ii libcsv33.0.3+dfsg-3 ii libdiscid0 0.6.1-6 ii libexempi3 2.4.1-1 ii libkf5archive5 5.28.0-2 ii libkf5codecs5 5.28.0-1+b2 ii libkf5completion5 5.28.0-1 ii libkf5configcore5 5.28.0-2 ii libkf5configgui5 5.28.0-2 ii libkf5configwidgets5 5.28.0-2 ii libkf5coreaddons5 5.28.0-2 ii libkf5crash5 5.28.0-1 ii libkf5filemetadata35.28.0-1+b2 ii libkf5guiaddons5 5.28.0-1 ii libkf5i18n55.28.0-2 ii libkf5iconthemes5 5.28.0-2 ii libkf5itemmodels5 5.28.0-2 ii libkf5jobwidgets5 5.28.0-2 ii libkf5khtml5 5.28.0-2 ii libkf5kiocore5 5.28.0-2 ii libkf5kiofilewidgets5 5.28.0-2 ii libkf5kiogui5 5.28.0-2 ii libkf5kiowidgets5 5.28.0-2 ii libkf5newstuff55.28.0-1 ii libkf5parts5 5.28.0-1 ii libkf5service-bin 5.28.0-1 ii libkf5service5 5.28.0-1 ii libkf5solid5 5.28.0-3 ii libkf5sonnetcore5 5.28.0-2 ii libkf5sonnetui55.28.0-2 ii libkf5textwidgets5 5.28.0-1 ii libkf5wallet-bin 5.28.0-3 ii libkf5wallet5 5.28.0-3 ii libkf5widgetsaddons5 5.28.0-3 ii libkf5windowsystem55.28.0-2 ii libkf5xmlgui5 5.28.0-1 ii libpoppler-qt5-1 0.48.0-2 ii libqt5core5a 5.7.1+dfsg-3+b1 ii libqt5dbus55.7.1+dfsg-3+b1 ii libqt5gui5 5.7.1+dfsg-3+b1 ii libqt5network5 5.7.1+dfsg-3+b1 ii libqt5widgets5 5.7.1+dfsg-3+b1 ii libqt5xml5 5.7.1+dfsg-3+b1 ii libstdc++6 6.3.0-18 ii libtag1v5 1.11.1+dfsg.1-0.1 ii libxml22.9.4+dfsg1-2.2 ii libxslt1.1 1.1.29-2.1 ii libyaz44.2.30-4+b6 ii tellico-data 3.0.2-1.1 ii tellico-scripts3.0.2-1.1 Versions of packages tellico recommends: ii khelpcenter4 4:16.08.3-1 ii tellico-doc 3.0.2-1.1 tellico suggests no packages. -- no debconf information
Bug#863308: fixed in golang-1.7 1.7.6-1
On Thu, Jun 01, 2017 at 10:05:07AM +, Michael Hudson-Doyle wrote: > Closes: 863308 > Changes: > golang-1.7 (1.7.6-1) unstable; urgency=medium > . >* New upstream release. (Closes: #863308) >* Remove d/patches/cl-29995--tzdata-2016g.patch, applied upstream. Are you planning to file an unblock request for this (and the similar change for Go 1.8)? Cheers, Moritz
Bug#795657: libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing
Hi, On Sun, Jun 04, 2017 at 08:26:19AM +0200, Moritz Mühlenhoff wrote: > On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote: > > Source: libapache2-mod-nss > > Version: 1.0.11-1 > > Severity: important > > Tags: security upstream > > > > Hi, > > > > the following vulnerability was published for libapache2-mod-nss, > > introduced with the update to 1.0.11. > > > > CVE-2015-3277[0]: > > incorrect multi-keyword mode cipherstring parsing > > > > The vulnerable code was added in 1.0.11[1] afaict. > > What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14? AFAICT, in ChangeLog up to 1.0.14 this seems still unresolved. The Red Hat bug seem to indicate that as well (note I adjusted the introducing commit reference in the security-tracker since the upstream git repo moved to pagure.io apparently). Salvatore
Bug#864078: CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-9117
Source: openexr Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2017/05/12/5 These were reported upstream at https://github.com/openexr/openexr/issues/232 Upstream fixes are linked in the github bug. Cheers, Moritz
Bug#539798: texlive: please suggest -doc packages
Hi Norbert, > You should maybe have taken a look at the systemd bug, where there is > definitely more to do. > > Thanks for your inactivity. It is disheartening (and somewhat unfair) that you have taken my non- involvement in a different bug that I have not seen before as evidence of inactivity. As a serious question, what would you have me do? The DPL should surely not be compelled make technical decisions on the hermeneutics of Policy; there are other groups for that. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#795657: libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing
On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote: > Source: libapache2-mod-nss > Version: 1.0.11-1 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for libapache2-mod-nss, > introduced with the update to 1.0.11. > > CVE-2015-3277[0]: > incorrect multi-keyword mode cipherstring parsing > > The vulnerable code was added in 1.0.11[1] afaict. What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14? Cheers, Moritz > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-3277 > [1] > https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1238324 > > Could you please double-check this? > > Regards, > Salvatore >
Bug#853034: patches Re: unar: Fuzzer-generated crashing testcases for a dozen identified file formats
Hello YOSHINO Yoshihito, Thanks for your patches, I will look into it tomorrow afternoon (GMT-5). Kind regards, -- Julián Moreno Patiño Debian Developer .''`. Debian GNU/{Linux,KfreeBSD} : :' : Free Operating Systems `. `' http://debian.org/ `- GPG Fingerprint: C2C8 904E 314C D8FA 041D 9B00 D5FD FC15 6168 BF60 Registered GNU Linux User ID 488513 signature.asc Description: PGP signature
Bug#864067: unblock: plasma-workspace/5.8.6-2.1
Hi, 2017-06-04 15:00 GMT+09:00 Niels Thykier: > Control: tags -1 confirmed moreinfo > > Nobuhiro Iwamatsu: >> Package: release.debian.org >> Severity: normal >> User: release.debian@packages.debian.org >> Usertags: unblock >> >> Hi, >> >> I want to upload a NMU of plasma-workspace to unstable fixing an issue >> where processing stopped in ksplashqml on some environments(e.g. Japanese >> environment), proposed patch attached. >> >> unblock plasma-workspace/5.8.6-2.1. >> >> [...] >> > > Ack, please go head. Please do the upload today or tomorrow (with at > most 1-day in the delay queue, but preferably without delay) as the > deadline for migration is Friday. Thanks! I just uploaded. > > Thanks, > ~Niels > > Best regards, Nobuhiro -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6
Bug#859151: Bug#859271: thunderbird: Please add build support for m68k
Control: tags -1 pending Hello Adrian, On Thu, Jun 01, 2017 at 06:06:53PM +0200, John Paul Adrian Glaubitz wrote: > Hi Carsten! > > On 05/05/2017 11:47 AM, Carsten Schoenert wrote: > > Could you prepare new updates patches so we can add sparc64 support > > again? We probably need to upload more than one Debian version of 52.1.0 > > so we could add a updated changeset in -2 or so. > > Attaching an updated patch for sparc64. It compiles, but there are some > issues with xpcshell which I need to figure out: > > Executing /<>/obj-thunderbird/dist/bin/xpcshell -g > /<>/obj-thunderbird/dist/bin/ -a > /<>/obj-thunderbird/dist/bin/ -f > /<>/mozilla/toolkit/ > mozapps/installer/precompile_cache.js -e > precompile_startupcache("resource://gre/"); > ^G[77997] ###!!! ABORT: u_init() failed: file > /<>/mozilla/xpcom/build/XPCOMInit.cpp, line 709 > [77997] ###!!! ABORT: u_init() failed: file > /<>/mozilla/xpcom/build/XPCOMInit.cpp, line 709 > Traceback (most recent call last): > File "/<>/mozilla/toolkit/mozapps/installer/packager.py", line > 415, in > main() > File "/<>/mozilla/toolkit/mozapps/installer/packager.py", line > 409, in main > args.source, gre_path, base) > File "/<>/mozilla/toolkit/mozapps/installer/packager.py", line > 166, in precompile_cache > errors.fatal('Error while running startup cache precompilation') > File "/<>/mozilla/python/mozbuild/mozpack/errors.py", line > 103, in fatal > self._handle(self.FATAL, msg) > File "/<>/mozilla/python/mozbuild/mozpack/errors.py", line 98, > in _handle > raise ErrorMessage(msg) > mozpack.errors.ErrorMessage: Error: Error while running startup cache > precompilation > > Please include the patch anyway, I will try to figure out what the problem is > in the meantime. Might be a local issue, too. don't give that much on that issue, we had the same problem while testing xpcshell with autopkg. It turns out that xpcshell searches for icudt58dl.dat in /usr/share/thunderbird (in the opposite to the thunderbird binary that looks in /usr/lib/thunderbird). The current prepared build uses the internal icu18n implementation instead of using the system library, this is for Stretch to old. Because of this we've added a extra symlink in the -dev package and the xpcshell testing is working again. I can image you've been hitting by the same problem. Otherwise wait until we switch back to system packages for building thunderbird. It's a bit annoying to search issues related to the use of internal shipped stuff. > PS: The folder with the m68k support patch says "porting-mk68". Could you > fix that to be "porting-m68k"? Thanks :). Urgs, yes a stupid typo. Christoph has changed this in preparation for the upload too. thunderbird should be in NEW soon. Regards Carsten
Bug#864067: unblock: plasma-workspace/5.8.6-2.1
Control: tags -1 confirmed moreinfo Nobuhiro Iwamatsu: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Hi, > > I want to upload a NMU of plasma-workspace to unstable fixing an issue > where processing stopped in ksplashqml on some environments(e.g. Japanese > environment), proposed patch attached. > > unblock plasma-workspace/5.8.6-2.1. > > [...] > Ack, please go head. Please do the upload today or tomorrow (with at most 1-day in the delay queue, but preferably without delay) as the deadline for migration is Friday. Thanks, ~Niels
Bug#864076: unblock: distro-info-data/0.36
Control: tags -1 confirmed moreinfo Stefano Rivera: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package distro-info-data > > This is a pre-upload unblock request for distro-info-data, now that the > Jessie release date has been announced. > > While I was here, I realised that we didn't have EOL dates for Jessie or > Wheezy yet :( We have a long-standing bug of not including LTS dates > (#782685) so I've maintained the status-quo and did that for these two > as well. Alternatively, I could just extend the support dates out to > include LTS, but that seems like another bad idea :/ > > So, are you OK with this patch-set, and would you consider allowing it > in, for Stretch? > > unblock distro-info-data/0.36 > > Thanks, > > SR > > [...] > Ack, please go head. Please do the upload today or tomorrow as the deadline for migration is Friday. Thanks, ~Niels
Bug#864077: tellico-doc: khelpcenter error 'Documentation not found'
Package: tellico-doc Version: 3.0.2-1.1 Severity: normal Dear Maintainer, When invoking tellico help, khelpcenter open with the error message 'Documentation not found'. This occurs whether help is invoked using the tellico help menu, by pressing F1 in tellico, or directly from a shell ('khelpcenter help:/tellico'). I do not know how khelpcenter integrates application documentation -- I could not locate any simple guides -- but the desktop file entry 'X-DocPath=tellico/index.html' seems standard. I compared tellico's help file paths with those in a couple of packages which do successfully display khelpcenter help: okular and gwenview. Both those packages have as their primary helpfile 'index.docbook' while tellico has a compressed version: 'index.docbook.gz'. I have no idea whether this is significant. I also compared the directory paths for english documentation: /usr/share/doc/kde/HTML/en/okular /usr/share/doc/HTML/en/gwenview /usr/share/doc/tellico/HTML/HTML/en/tellico Tellico's path is unusual in that it has its own subdirectory directly under /usr/share/doc and includes HTML/HTML. I do not know whether this is significant. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (1000, 'testing'), (995, 'testing'), (750, 'stable'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages tellico-doc depends on: ii kdelibs5-data 4:4.14.26-2 Versions of packages tellico-doc recommends: ii tellico 3.0.2-1.1 tellico-doc suggests no packages. -- no debconf information