Bug#608044: should support exporting sets of photos (events)

[Jörg Frings-Fürst]

Hello,

no answer from upstream. So I close this 6 years old bug.


CU
Jörg


-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser

Threema: SYR8SJXB
Wire: @joergfringsfuerst

IRC: j_...@freenode.net
 j_...@oftc.net

My wish list: 
 - Please send me a picture from the nature at your home.


signature.asc
Description: This is a digitally signed message part

Bug#864104: garmin-plugin: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: garmin-plugin
Version: 0.3.23-1
Severity: normal

garmin-plugin build-depends on libgcrypt11-dev. This is a transition
package, please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864103: freeipmi: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: freeipmi
Version: 1.4.11-1.1
Severity: normal

freeipmi build-depends on libgcrypt11-dev. This is a transition package,
please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864101: filetea: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: filetea
Version: 0.1.16-3
Severity: normal

filetea build-depends on libgcrypt11-dev. This is a transition package,
please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864102: fis-gtm: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: fis-gtm
Version: 6.3-000A-1
Severity: normal

fis-gtm build-depends on libgcrypt11-dev. This is a transition package,
please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864099: cupt: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: cupt
Version: 2.9.9
Severity: normal

cupt build-depends on libgcrypt11-dev. This is a transition package,
please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864100: event-dance: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: event-dance
Version: 0.1.28-4
Severity: normal

event-dance build-depends on libgcrypt11-dev. This is a transition
package, please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864097: chntpw: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: chntpw
Version: 1.0-1
Severity: normal

chntpw build-depends libgcrypt11-dev. This is a transition package,
please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864098: clamz: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: clamz
Version: 0.5-2
Severity: normal

clamz build-depends on libgcrypt11-dev. This is a transition package,
please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864096: charybdis: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: charybdis
Version: 3.5.3-1
Severity: normal

charybdis build-depends libgcrypt11-dev. This is a transition package,
please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864095: cadaver: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: cadaver
Version: 0.23.3-2
Severity: normal

cadaver build-depends libgcrypt11-dev. This is a transition package, please
use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#864094: aria2: Please stop Build-Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: aria2
Version: 1.31.0-1
Severity: normal

aria2 build-depends libgcrypt11-dev. This is a transition package, please
use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#630196: Shotwell only publishes to cloud services Picasa, Facebook and Flickr

[Jörg Frings-Fürst]

Hello,

no answer from upstream. So I close this 6 years old bug


CU
Jörg


-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser

Threema: SYR8SJXB
Wire: @joergfringsfuerst

IRC: j_...@freenode.net
 j_...@oftc.net

My wish list: 
 - Please send me a picture from the nature at your home.


signature.asc
Description: This is a digitally signed message part

Bug#864093: libotr: Please stop (Build-)Depending on libgcrypt11-dev transition package

[Andreas Metzler]

Source: libotr
Version: 4.1.1-2
Severity: normal

libotr build-depends and libotr5-dev depends on libgcrypt11-dev. This is
a transition package, please use libgcrypt20-dev instead.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#862666: ansible: CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment

[Moritz Mühlenhoff]

On Mon, May 15, 2017 at 04:28:24PM +0200, Salvatore Bonaccorso wrote:
> Source: ansible
> Version: 2.2.1.0-2
> Severity: important
> Tags: patch security upstream
> 
> Hi,
> 
> the following vulnerability was published for ansible.
> 
> CVE-2017-7481[0]:
> Security issue with lookup return not tainting the jinja2 environment

What's the status? Can we get that fixed for stretch?

Cheers,
Moritz

Bug#758234: another nasty fallout of this requirement

[Niels Thykier]

On Tue, 06 Dec 2016 15:54:46 +0100 Ansgar Burchardt 
wrote:
> On Sat, 2016-12-03 at 06:33 +0100, Adam Borowski wrote:
> > And to actually fix the issues, instead of merely dropping the
> > mention and
> > thus making the dependencies last forever because of inertia, I urge
> > you to
> > go all the way from "priority of rdepends MUST be raised" all the way
> > to
> > "priority of rdepends MUST NOT be raised, every package is to be
> > evaluated
> > only based on what it directly brings to the user (elevation possibly
> > _moved_ to a metapackage/etc but never copied the other way)" (maybe
> > just a
> > SHOULD NOT for a transitional period).
> 
> I think this should be a "SHOULD NOT":
> 
> The main consumer of the priority information is the installer
> (debootstrap) which has only a very limited dependency resolver.  It
> might be necessary to raise the priority of dependencies to make sure
> it does the right thing (I don't think we need this currently, but we
> should keep the option open in case it turns out we need it).
> 
> Ansgar
> 
> 

Hi,

I support this (with "SHOULD NOT").

Thanks,
~Niels




signature.asc
Description: OpenPGP digital signature

Bug#864091: unblock: ettercap (CVE)

[Gianfranco Costamagna]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team

Please unblock package ettercap, we fixed CVE 2017-8366

unblock ettercap/1:0.8.2-5

debdiff attached
diff -Nru ettercap-0.8.2/debian/changelog ettercap-0.8.2/debian/changelog
--- ettercap-0.8.2/debian/changelog 2017-03-07 21:28:07.0 +0100
+++ ettercap-0.8.2/debian/changelog 2017-06-04 09:27:11.0 +0200
@@ -1,3 +1,12 @@
+ettercap (1:0.8.2-5) unstable; urgency=high
+
+  [ Alexander Koeppe ]
+  * debian/patches/803.patch: Fix buffer overflow/underflow
+with bad filters (Closes: #861604).
+CVE-2017-8366
+
+ -- Gianfranco Costamagna   Sun, 04 Jun 2017 
09:24:59 +0200
+
 ettercap (1:0.8.2-4) unstable; urgency=high
 
   * debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch:
diff -Nru ettercap-0.8.2/debian/patches/803.patch 
ettercap-0.8.2/debian/patches/803.patch
--- ettercap-0.8.2/debian/patches/803.patch 1970-01-01 01:00:00.0 
+0100
+++ ettercap-0.8.2/debian/patches/803.patch 2017-06-04 09:25:14.0 
+0200
@@ -0,0 +1,210 @@
+From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe 
+Date: Thu, 1 Jun 2017 08:56:23 +0200
+Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type
+
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: ettercap-0.8.2/CMakeLists.txt
+===
+--- ettercap-0.8.2.orig/CMakeLists.txt
 ettercap-0.8.2/CMakeLists.txt
+@@ -125,7 +125,27 @@
+   # library dir path in our RPATH.
+   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+ endif(NOT DISABLE_RPATH)
++
++# set general build flags for debug build-type
+ set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign 
-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra 
-Wredundant-decls" CACHE STRING "" FORCE)
++# append ASAN build flags if compiler version has support
++if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
++   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++  set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
++  message("Building with ASAN support (GNU compiler)")
++   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++  message("Building without ASAN support (GNU compiler)")
++   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
++   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++  set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
++  message("Building with ASAN support (Clang compiler)")
++   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++  message("Building without ASAN support (Clang compiler)")
++   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
++
++# set build flags for release build-type
+ set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+ 
+ if(OS_DARWIN)
+Index: ettercap-0.8.2/include/ec_strings.h
+===
+--- ettercap-0.8.2.orig/include/ec_strings.h
 ettercap-0.8.2/include/ec_strings.h
+@@ -40,7 +40,7 @@
+ 
+ EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
+ EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
+-EC_API_EXTERN int strescape(char *dst, char *src);
++EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
+ EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);   
+ EC_API_EXTERN size_t strlen_utf8(const char *s);
+ EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
+Index: ettercap-0.8.2/src/ec_strings.c
+===
+--- ettercap-0.8.2.orig/src/ec_strings.c
 ettercap-0.8.2/src/ec_strings.c
+@@ -167,13 +167,14 @@
+ /* 
+  * convert the escaped string into a binary one
+  */
+-int strescape(char *dst, char *src)
++int strescape(char *dst, char *src, size_t len)
+ {
+char  *olddst = dst;
++   char  *oldsrc = src;
+int   c;
+int   val;
+ 
+-   while ((c = *src++) != '\0') {
++   while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
+   if (c == '\\') {
+  switch ((c = *src++)) {
+ case '\0':
+@@ -218,9 +219,11 @@
+   if (c >= '0' && c <= '7')
+  val = (val << 3) | (c - '0');
+   else 
+- --src;
++ if (src > oldsrc) /* protect against buffer underflow */
++--src;
+} else 
+-  --src;
++  if (src > oldsrc) /* protect against buffer underflow */
++ --src;
+*dst++ 

Bug#864092: unblock: llvm-toolchain-3.8

[Gianfranco Costamagna]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team

Please unblock package llvm-toolchain-3.8, we fixed the Julia build
(bad arm64 generated code), and also fixed a sanitizer hang on newer kernels
(it is an upstream patch, it might be incomplete, we tested and it worked, but
it hanged again on one buildd)


unblock llvm-toolchain-3.8/1:3.8.1-24

thanks

G.
diff -Nru llvm-toolchain-3.8-3.8.1/debian/changelog 
llvm-toolchain-3.8-3.8.1/debian/changelog
--- llvm-toolchain-3.8-3.8.1/debian/changelog   2017-04-25 19:46:34.0 
+0200
+++ llvm-toolchain-3.8-3.8.1/debian/changelog   2017-06-02 15:15:49.0 
+0200
@@ -1,3 +1,14 @@
+llvm-toolchain-3.8 (1:3.8.1-24) unstable; urgency=medium
+
+  * Team upload
+  * debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch:
+fix relocation issue, preventing Julia from working correctly on
+arm64 (Closes: #862360, #861484)
+  * debian/patches/asan-48bit-VMA-aarch64.patch:
+- fix asan testsuite hang with some arm64 builders.
+
+ -- Gianfranco Costamagna   Fri, 02 Jun 2017 
15:11:29 +0200
+
 llvm-toolchain-3.8 (1:3.8.1-23) unstable; urgency=medium
 
   * Oups, same player try again (wrong package name, sorry)
diff -Nru llvm-toolchain-3.8-3.8.1/debian/patches/asan-48bit-VMA-aarch64.patch 
llvm-toolchain-3.8-3.8.1/debian/patches/asan-48bit-VMA-aarch64.patch
--- llvm-toolchain-3.8-3.8.1/debian/patches/asan-48bit-VMA-aarch64.patch
1970-01-01 01:00:00.0 +0100
+++ llvm-toolchain-3.8-3.8.1/debian/patches/asan-48bit-VMA-aarch64.patch
2017-06-02 15:12:44.0 +0200
@@ -0,0 +1,16 @@
+Description: [asan] Enable 48-bit VMA support on aarch64
+Origin: upstream, https://reviews.llvm.org/D22095?id=63084
+Bug-Debian: https://bugs.debian.org/862360
+Author: Adhemerval Zanella 
+Last-Update: 2016-07-07
+--- a/compiler-rt/lib/sanitizer_common/sanitizer_platform.h
 b/compiler-rt/lib/sanitizer_common/sanitizer_platform.h
+@@ -114,6 +114,8 @@
+ // will still work but will consume more memory for TwoLevelByteMap.
+ #if defined(__mips__)
+ # define SANITIZER_MMAP_RANGE_SIZE FIRST_32_SECOND_64(1ULL << 32, 1ULL << 40)
++#elif defined(__aarch64__)
++# define SANITIZER_MMAP_RANGE_SIZE FIRST_32_SECOND_64(1ULL << 32, 1ULL << 48)
+ #else
+ # define SANITIZER_MMAP_RANGE_SIZE FIRST_32_SECOND_64(1ULL << 32, 1ULL << 47)
+ #endif
diff -Nru 
llvm-toolchain-3.8-3.8.1/debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch
 
llvm-toolchain-3.8-3.8.1/debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch
--- 
llvm-toolchain-3.8-3.8.1/debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch
 1970-01-01 01:00:00.0 +0100
+++ 
llvm-toolchain-3.8-3.8.1/debian/patches/fix-R_AARCH64_MOVW_UABS_G3-relocation.patch
 2017-06-02 15:14:37.0 +0200
@@ -0,0 +1,16 @@
+Description: Fix R_AARCH64_MOVW_UABS_G3 relocation
+Origin: upstream, https://reviews.llvm.org/D27609?id=80860
+Bug-Debian: https://bugs.debian.org/862360
+Author: Yichao Yu 
+Last-Update: 2016-12-15
+--- a/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp
 b/lib/ExecutionEngine/RuntimeDyld/RuntimeDyldELF.cpp
+@@ -357,7 +357,7 @@
+ // bits affected by the relocation on entry is garbage.
+ *TargetPtr &= 0xffe0001fU;
+ // Immediate goes in bits 20:5 of MOVZ/MOVK instruction
+-*TargetPtr |= Result >> (48 - 5);
++*TargetPtr |= (Result & 0xULL) >> (48 - 5);
+ // Shift must be "lsl #48", in bits 22:21
+ assert((*TargetPtr >> 21 & 0x3) == 3 && "invalid shift for relocation");
+ break;
diff -Nru llvm-toolchain-3.8-3.8.1/debian/patches/series 
llvm-toolchain-3.8-3.8.1/debian/patches/series
--- llvm-toolchain-3.8-3.8.1/debian/patches/series  2017-03-19 
22:10:46.0 +0100
+++ llvm-toolchain-3.8-3.8.1/debian/patches/series  2017-06-02 
15:11:44.0 +0200
@@ -57,3 +57,5 @@
 lldb-server-path.diff
 lldb-server-link.diff
 add_symbols_versioning.patch
+fix-R_AARCH64_MOVW_UABS_G3-relocation.patch
+asan-48bit-VMA-aarch64.patch


signature.asc
Description: OpenPGP digital signature

Bug#863710: journald's most recent entries

[defanor]

> There were lots of changes regarding the journal between v215 and v232
> (which is the version in the upcoming stretch release).
>
> Would be great if you can try and reproduce the problem with that
> version. If it still happens, this should be taken upstream.

I've reproduced it with a shell script on v215 now, by printing same 5
messages every 2 hours for a day or so -- so that I'd have some idea of
how to test it on v232 (otherwise it would be hard to tell if the bug is
still there).

Going to try it with v232 either on a VM or on the same machine once it
will be updated to Debian 9 (probably in a month).

Bug#792307: closed by Brian Potkin <claremont...@gmail.com> (Re: Bug#863974: hplip should not require systemd)

[Christian Mueller]

Correct, sorry, I've been running without any systemd components for 
such a long time that I forgot the details. Either way, systemd 
components are currently pulled in and activated (logind-systemd).


I don't have a good example for Linux off the top of my head because 
I've removed systemd a long time ago but maybe an example from OS X 
(which seems to be the origin of quite a few concepts introduced with 
systemd) explains my general problem: the socket used for X11 is stored 
in a private tmp diretory which can't be accessed by other users, thus I 
can't su to another login and still use X11 programs. That's what breaks 
my workflow - I usually have two or three different logins active on the 
same desktop and private tmp directories break things for me sooner or 
later. Of course I can set up a shared directory accessible by all users 
but that's not the point. Plus the ever-growing list of tmpfs mount 
points is really getting to me.


I know that ConsoleKit is no longer maintained but that's what I'm using 
right now because it's set up as a dependency. Maybe it would be 
possible to ditch all dependencies to "fast user switching" without 
systemd and go back to the old way of things where ownership of console 
devices is set to whoever logs into a local console when no other 
console is active. This way, folks who don't want Linux turned into 
something resembling Windows or OS X can work the way they're used to 
and all others can have systemd and all the things that come with it...


Like I said, I'm more than happy to provide a patch for policykit that 
does all that dynamically, i.e. doesn't need hard dependencies to 
systemd but uses it when present, dynamically loading the systemd libs. 
But if there's no interest it would be a waste of time. I'd also be 
willing to step up as maintainer for ConsolKit if that helps. Or both.


On 06/04/2017 11:05 AM, Simon McVittie wrote:

On Sat, 03 Jun 2017 at 22:50:58 +0200, Christian Mueller wrote:

(separate temp mount points for
each user) which, apart from the incredible clutter in the list of mounted
file systems, breaks my workflows (I need a single /tmp for all users).

systemd-logind mounts a small tmpfs at /run/user/$uid for each concurrent
user, as its way to implement XDG_RUNTIME_DIR without letting users cause
denial of service by filling up /run. /tmp remains visible to all users.


Just having a version of policykit-1 compiled without systemd
dependencies would solve all our issues and it's a tiny little change in the
rules file.

The change is tiny, but the support burden is not.

To be able to implement the policies that it provides, polkit needs a
way to determine which users are logged-in, which of those logged-in
users are local (getty, xdm etc. but not ssh), and which of those local
users are on the active VT. Historically, that was implemented by
ConsoleKit, which no longer has upstream maintainers[1], and does not
appear to have Debian maintainers either. On Linux systems (with
either systemd, sysvinit + systemd-shim or Upstart + systemd-shim)
the replacement is systemd-logind.

 S

[1] https://www.freedesktop.org/wiki/Software/ConsoleKit/

Bug#863290: src:linux: no warning that btrfs RAID5/6 is buggered up

[Svein Engelsgjerd]

Package: src:linux
Followup-For: Bug #863290

Dear Maintainer,

I would like voice my concern as well. Btrfs RAID5/6 really needs a warning.
These days most (if not all) of the problems you see with Btrfs is caused by
the unstable features (https://btrfs.wiki.kernel.org/index.php/Status).

RAID5/6 in kernel 4.9 is less than stellar and should absolutely not be used
for anything except testing and experimentation.

RAID1 actually needs a warning too. It will not work as "classic" RAID1 e.g.
it need to be able to make two copies always to not get stuck in read only mode.
You will not loose your data which is a good thing, but to be safe you need a
minimum of 3 devices (I would prefer four or more to be on the safe side).

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#841925: latexmk 4.48 in Debian

[Lucas Nussbaum]

Hi,

On 24/11/16 at 13:55 +0100, Willi Mann wrote:
> Dear Ohura,
> 
> I really would like to see latexmk 4.48 in stretch.

It's obviously too late for stretch. But since I use latexmk rather
intensively, I would be interested in co-maintaining if you are looking
for help.

Lucas

Bug#864090: CVE-2017-9409: the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/458

Bug#864087: CVE-2017-9405: the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/457

Bug#864088: unblock (pre-approval): sqlite3/3.6.12-4

[GCS]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

I would like to upload a security related update for sqlite3. It contains:
- Prevent a possible NULL pointer dereference in the OP_Found opcode
that can follow an OOM error. Problem found by OSS-Fuzz[1],
- Stack overflow while parsing deeply nested JSON[2],
- JSON allows unescaped control characters in strings[3],
- JSON extension accepts invalid numeric values[4].

Upstream tagged these as 'code defect' and severity 'severe'. The
changes itself are small and the 3.19.2-1 version in experimental
contains these fixes.

Debdiff is attached. Thanks for consideration.

Regards,
Laszlo/GCS
[1] http://www.sqlite.org/src/info/c2de178fe7e2e4e0
[2] https://www.sqlite.org/src/info/981329adeef51011052
[3] https://www.sqlite.org/src/info/6c9b5514077fed34551
[4] https://www.sqlite.org/src/info/b93be8729a895a528e2
diff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog
--- sqlite3-3.16.2/debian/changelog	2017-02-13 17:31:26.0 +
+++ sqlite3-3.16.2/debian/changelog	2017-06-04 07:58:54.0 +
@@ -1,3 +1,13 @@
+sqlite3 (3.16.2-4) unstable; urgency=high
+
+  * Backport fix for a possible NULL pointer dereference in the OP_Found
+opcode that can follow an OOM error.
+  * Backport fix for stack overflow while parsing deeply nested JSON.
+  * Backport fix for JSON allows unescaped control characters in strings.
+  * Backport fix for JSON extension accepts invalid numeric values.
+
+ -- Laszlo Boszormenyi (GCS)   Sun, 04 Jun 2017 07:58:54 +
+
 sqlite3 (3.16.2-3) unstable; urgency=medium
 
   * Backport upstream fix to ensure that sqlite3_blob_reopen() correctly
diff -Nru sqlite3-3.16.2/debian/patches/36-OSS-Fuzz.patch sqlite3-3.16.2/debian/patches/36-OSS-Fuzz.patch
--- sqlite3-3.16.2/debian/patches/36-OSS-Fuzz.patch	1970-01-01 00:00:00.0 +
+++ sqlite3-3.16.2/debian/patches/36-OSS-Fuzz.patch	2017-06-04 07:58:54.0 +
@@ -0,0 +1,24 @@
+Index: sqlite3/src/vdbe.c
+==
+--- sqlite3/src/vdbe.c
 sqlite3/src/vdbe.c
+@@ -4017,14 +4017,16 @@
+ }
+ #endif
+ pIdxKey = 
+ pFree = 0;
+   }else{
++assert( pIn3->flags & MEM_Blob );
++rc = ExpandBlob(pIn3);
++assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
++if( rc ) goto no_mem;
+ pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo);
+ if( pIdxKey==0 ) goto no_mem;
+-assert( pIn3->flags & MEM_Blob );
+-(void)ExpandBlob(pIn3);
+ sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey);
+   }
+   pIdxKey->default_rc = 0;
+   takeJump = 0;
+   if( pOp->opcode==OP_NoConflict ){
+
diff -Nru sqlite3-3.16.2/debian/patches/40-JSON-1.patch sqlite3-3.16.2/debian/patches/40-JSON-1.patch
--- sqlite3-3.16.2/debian/patches/40-JSON-1.patch	1970-01-01 00:00:00.0 +
+++ sqlite3-3.16.2/debian/patches/40-JSON-1.patch	2017-06-04 07:58:54.0 +
@@ -0,0 +1,205 @@
+Index: sqlite3/ext/misc/json1.c
+==
+--- sqlite3/ext/misc/json1.c
 sqlite3/ext/misc/json1.c
+@@ -726,17 +726,18 @@
+   char c;
+   u32 j;
+   int iThis;
+   int x;
+   JsonNode *pNode;
+-  while( safe_isspace(pParse->zJson[i]) ){ i++; }
+-  if( (c = pParse->zJson[i])=='{' ){
++  const char *z = pParse->zJson;
++  while( safe_isspace(z[i]) ){ i++; }
++  if( (c = z[i])=='{' ){
+ /* Parse object */
+ iThis = jsonParseAddNode(pParse, JSON_OBJECT, 0, 0);
+ if( iThis<0 ) return -1;
+ for(j=i+1;;j++){
+-  while( safe_isspace(pParse->zJson[j]) ){ j++; }
++  while( safe_isspace(z[j]) ){ j++; }
+   x = jsonParseValue(pParse, j);
+   if( x<0 ){
+ if( x==(-2) && pParse->nNode==(u32)iThis+1 ) return j+1;
+ return -1;
+   }
+@@ -743,18 +744,18 @@
+   if( pParse->oom ) return -1;
+   pNode = >aNode[pParse->nNode-1];
+   if( pNode->eType!=JSON_STRING ) return -1;
+   pNode->jnFlags |= JNODE_LABEL;
+   j = x;
+-  while( safe_isspace(pParse->zJson[j]) ){ j++; }
+-  if( pParse->zJson[j]!=':' ) return -1;
++  while( safe_isspace(z[j]) ){ j++; }
++  if( z[j]!=':' ) return -1;
+   j++;
+   x = jsonParseValue(pParse, j);
+   if( x<0 ) return -1;
+   j = x;
+-  while( safe_isspace(pParse->zJson[j]) ){ j++; }
+-  c = pParse->zJson[j];
++  while( safe_isspace(z[j]) ){ j++; }
++  c = z[j];
+   if( c==',' ) continue;
+   if( c!='}' ) return -1;
+   break;
+ }
+ pParse->aNode[iThis].n = pParse->nNode - (u32)iThis - 1;
+@@ -762,19 +763,19 @@
+   }else if( c=='[' ){
+ /* Parse array */
+ iThis = jsonParseAddNode(pParse, JSON_ARRAY, 0, 0);
+ if( iThis<0 ) return -1;
+ for(j=i+1;;j++){
+-  while( safe_isspace(pParse->zJson[j]) ){ j++; }
++  while( safe_isspace(z[j]) ){ j++; }
+   x = jsonParseValue(pParse, j);
+ 

Bug#864089: CVE-2017-9407: the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/459

Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript

[Bastien ROUCARIES]

On Sat, Jun 3, 2017 at 6:13 PM, Pirate Praveen  wrote:
> On Sat, 27 May 2017 15:34:07 +0200 Bastien ROUCARIES
>  wrote:
>> Moreover test suite fail
>
> Can you push your work to alioth, so others can have a look at the test
> failure as well?
>
> Also if we can mention all copyright notices in debian/copyright, that
> would be sufficient, no need to involve upstream I think.

Done could you check testsuite failure and copyright ?

Bastien
>

Bug#864086: libcommoncpp2: Unused (build-)dependencies: gnutls/gcrypt

[Andreas Metzler]

Source: libcommoncpp2
Version: 1.8.1-6.1
Severity: normal
Tags: patch

Hello,

afaict libcommoncpp2's (build-)depencies on 
libgnutls28-dev | libgnutls-dev, libgcrypt11-dev | libgcrypt-dev

are unused. The package is not built with --with-gnutls.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru libcommoncpp2-1.8.1/debian/changelog libcommoncpp2-1.8.1/debian/changelog
--- libcommoncpp2-1.8.1/debian/changelog	2015-08-16 17:39:25.0 +0200
+++ libcommoncpp2-1.8.1/debian/changelog	2017-06-04 11:21:40.0 +0200
@@ -1,3 +1,10 @@
+libcommoncpp2 (1.8.1-6.2) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop unused  (build-)dependencies on gnutls/gcrypt.
+
+ -- Andreas Metzler   Sun, 04 Jun 2017 11:21:40 +0200
+
 libcommoncpp2 (1.8.1-6.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libcommoncpp2-1.8.1/debian/control libcommoncpp2-1.8.1/debian/control
--- libcommoncpp2-1.8.1/debian/control	2015-08-16 17:39:25.0 +0200
+++ libcommoncpp2-1.8.1/debian/control	2017-06-04 11:21:40.0 +0200
@@ -4,7 +4,7 @@
 Maintainer: Debian VoIP Team 
 Uploaders: Mark Purcell , Kilian Krause 
 Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.13.19), autotools-dev, doxygen,
- libxml2-dev, zlib1g-dev, libgnutls28-dev | libgnutls-dev, libgcrypt11-dev | libgcrypt-dev
+ libxml2-dev, zlib1g-dev
 Standards-Version: 3.9.5
 Homepage: http://www.gnu.org/software/commoncpp/
 Vcs-Svn: svn://anonscm.debian.org/pkg-voip/libcommoncpp2/trunk/
@@ -13,7 +13,7 @@
 Package: libcommoncpp2-dev
 Section: libdevel
 Architecture: any
-Depends: ${misc:Depends}, libccgnu2-1.8-0v5 (= ${binary:Version}), libgnutls28-dev | libgnutls-dev, zlib1g-dev, libgcrypt11-dev | libgcrypt-dev, pkg-config
+Depends: ${misc:Depends}, libccgnu2-1.8-0v5 (= ${binary:Version}), zlib1g-dev, pkg-config
 Suggests: libcommoncpp2-doc
 Description: Header files and static libraries for Common C++ "2"
  Common C++ is a GNU package which offers portable "abstraction" of system

Bug#856811: solved issue

[Denis Prost]

Problem was solved with :

ln -s /usr/lib64/sane /usr/lib

Bug#864085: unblock: dnsmasq/2.76-5

[?]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package dnsmasq


The dnsmasq package in testing has a serious problem when dns-root-data is
installed, due to changes in the format of the dns-root-data files.
The effect is to render dnsmasq unusable.

There are several serious bugs filed to this effect, but they should
really be release-critical, eg 863896

There are also several bugs in the DNSSEC validation code, which are fixed
upstream, and really should be in stretch.

Therefore, if we can get dnsmasq-2.77-1, currently in unstable, into Stretch,
that would be a Good Thing. If not, it will need a point release.

Apologies for the short notice.


unblock dnsmasq/2.76-5

-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 
'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-78-generic (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#854727: Removal from stretch?

[Moritz Muehlenhoff]

Moritz Muehlenhoff wrote:
> On Fri, Mar 24, 2017 at 07:41:03AM -0400, Scott Howard wrote:
> > I was contacted by someone at SUSE that is working on fixing the security
> > bugs - but even if successful, I don't know how good the quality will be or
> > how much testing will be able to get done before stretch is released.
> > Removal might be safest option
> 
> Unfortunately removal didn't work our for stretch and will have to wait
> for buster.

Since the stretch release is coming close and since Scott is on the LowNMU
list I've uploaded an NMU. CVE-2017-5980 isn't mentioned in the patch
names, but I've confirmed with the reproducers that it's fixed as well.

CVE-2017-5977 still needs to be checked, it might be fixed along with
zziplib-CVE-2017-5974.patch or zziplib-CVE-2017-5976.patch, but needs
further investigation. It's only a memory overread, so if it misses
the stretch release that's not a big deal.

Cheers,
Moritz

Bug#864084: unblock: zabbix/1:3.0.7+dfsg-3

[Dmitry Smirnov]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Affects: -1 zabbix
X-Debbugs-CC: j...@debian.org
 
Please unblock zabbix/1:3.0.7+dfsg-3

I would like to accommodate two attached diffs to Stretch please.
One fixes defunctional UI (broken by incompatible libjs-jquery) and
another fixes two security vulnerabilities as per #863584.

Thanks.

-- 
All the best,
 Dmitry Smirnov.


signature.asc
Description: This is a digitally signed message part.
diff --git a/debian/changelog b/debian/changelog
index d570c6d..755bc59 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+zabbix (1:3.0.7+dfsg-2) unstable; urgency=medium
+
+  * Frontend-PHP: switch to private jQuery (Closes: #857287).
+
+ -- Dmitry Smirnov   Sun, 21 May 2017 13:56:56 +1000
+
 zabbix (1:3.0.7+dfsg-1) unstable; urgency=medium
 
   * New upstream release [December 2016].
diff --git a/debian/control b/debian/control
index d989f84..c0f275f 100644
--- a/debian/control
+++ b/debian/control
@@ -21,7 +21,7 @@ Build-Depends: debhelper (>= 9), automake, dh-autoreconf, dh-systemd (>= 1.5), d
 ## dh-linktree:
 ,libjs-prototype
 ,libjs-jquery-ui (>= 1.10.1)
-,libjs-jquery (>= 1.10.1)
+#   ,libjs-jquery (>= 1.10.1)
 ## java-gateway deps:
 ,javahelper
 Build-Depends-Indep: default-jdk
diff --git a/debian/zabbix-frontend-php.linktrees b/debian/zabbix-frontend-php.linktrees
index 7308d0c..9dc6cc8 100644
--- a/debian/zabbix-frontend-php.linktrees
+++ b/debian/zabbix-frontend-php.linktrees
@@ -4,5 +4,5 @@ replace  /usr/share/javascript/prototype/prototype.js		/usr/share/zabbix/js/vend
 ## libjs-jquery-ui (1.10.1 vs 1.10.3)
 replace  /usr/share/javascript/jquery-ui/jquery-ui.js		/usr/share/zabbix/js/vendors/jquery-ui.js
 
-## libjs-jquery (1.11.3 vs 1.10.2)
-replace  /usr/share/javascript/jquery/jquery.js			/usr/share/zabbix/js/vendors/jquery.js
+## libjs-jquery (3.1.1 vs 1.10.2)
+#replace  /usr/share/javascript/jquery/jquery.js			/usr/share/zabbix/js/vendors/jquery.js
diff --git a/debian/changelog b/debian/changelog
index 755bc59..d1c4c64 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+zabbix (1:3.0.7+dfsg-3) unstable; urgency=high
+
+  * CVE-2017-2824, CVE-2017-2825: new upstream patches
+"ZBX-12075_r67082.patch", "ZBX-12075_r67270.patch" (Closes: #863584).
+
+ -- Dmitry Smirnov   Sun, 04 Jun 2017 17:14:06 +1000
+
 zabbix (1:3.0.7+dfsg-2) unstable; urgency=medium
 
   * Frontend-PHP: switch to private jQuery (Closes: #857287).
diff --git a/debian/patches/ZBX-12075_r67082.patch b/debian/patches/ZBX-12075_r67082.patch
new file mode 100644
index 000..59bf622
--- /dev/null
+++ b/debian/patches/ZBX-12075_r67082.patch
@@ -0,0 +1,44 @@
+Bug-Upstream: https://support.zabbix.com/browse/ZBX-12075
+From 089f0d90b3d94c577263e8bdfe08ce3f33f9e178 Mon Sep 17 00:00:00 2001
+Origin: upstream
+Date: Wed, 5 Apr 2017 15:31:59 +
+Subject: [DEV-567] added validation of discovered host IP addresses
+
+--- a/src/libs/zbxcommon/misc.c
 b/src/libs/zbxcommon/misc.c
+@@ -1872,17 +1872,9 @@
+  **
+  **/
+ int	is_ip(const char *ip)
+ {
+-	zabbix_log(LOG_LEVEL_DEBUG, "In is_ip() ip:'%s'", ip);
+-
+-	if (SUCCEED == is_ip4(ip))
+-		return SUCCEED;
+-#if defined(HAVE_IPV6)
+-	if (SUCCEED == is_ip6(ip))
+-		return SUCCEED;
+-#endif
+-	return FAIL;
++	return SUCCEED == is_ip4(ip) ? SUCCEED : is_ip6(ip);
+ }
+ 
+ /**
+  **
+--- a/src/libs/zbxdbhigh/proxy.c
 b/src/libs/zbxdbhigh/proxy.c
+@@ -2561,8 +2561,14 @@
+ 
+ 		if (FAIL == zbx_json_value_by_name(_row, ZBX_PROTO_TAG_IP, ip, sizeof(ip)))
+ 			goto json_parse_error;
+ 
++		if (SUCCEED != is_ip(ip))
++		{
++			zabbix_log(LOG_LEVEL_DEBUG, "\"%s\" is not a valid IP address", ip);
++			goto next;
++		}
++
+ 		if (SUCCEED == zbx_json_value_by_name(_row, ZBX_PROTO_TAG_PORT, tmp, sizeof(tmp)))
+ 			port = atoi(tmp);
+ 
+ 		zbx_json_value_by_name(_row, ZBX_PROTO_TAG_KEY, key_, sizeof(key_));
diff --git a/debian/patches/ZBX-12075_r67270.patch b/debian/patches/ZBX-12075_r67270.patch
new file mode 100644
index 000..10a403c
--- /dev/null
+++ b/debian/patches/ZBX-12075_r67270.patch
@@ -0,0 +1,93 @@
+Bug-Upstream: https://support.zabbix.com/browse/ZBX-12075
+From 17a159950db846a1c6365027c647b25a4bb02b94 Mon Sep 17 00:00:00 2001
+Origin: upstream
+Date: Wed, 12 Apr 2017 06:17:40 +
+Subject: [DEV-567] resurrected old IP check function to check SourceIP config file parameter taking into account IPv6 support enabled/disabled at compile time
+
+--- a/include/common.h
 b/include/common.h
+@@ -981,8 +981,9 @@
+ #ifdef HAVE_IPV6
+ int	is_ip6(const char *ip);
+ #endif
+ int	is_ip4(const char 

Bug#792307: closed by Brian Potkin <claremont...@gmail.com> (Re: Bug#863974: hplip should not require systemd)

[Simon McVittie]

On Sat, 03 Jun 2017 at 22:50:58 +0200, Christian Mueller wrote:
> (separate temp mount points for
> each user) which, apart from the incredible clutter in the list of mounted
> file systems, breaks my workflows (I need a single /tmp for all users).

systemd-logind mounts a small tmpfs at /run/user/$uid for each concurrent
user, as its way to implement XDG_RUNTIME_DIR without letting users cause
denial of service by filling up /run. /tmp remains visible to all users.

> Just having a version of policykit-1 compiled without systemd
> dependencies would solve all our issues and it's a tiny little change in the
> rules file.

The change is tiny, but the support burden is not.

To be able to implement the policies that it provides, polkit needs a
way to determine which users are logged-in, which of those logged-in
users are local (getty, xdm etc. but not ssh), and which of those local
users are on the active VT. Historically, that was implemented by
ConsoleKit, which no longer has upstream maintainers[1], and does not
appear to have Debian maintainers either. On Linux systems (with
either systemd, sysvinit + systemd-shim or Upstart + systemd-shim)
the replacement is systemd-logind.

S

[1] https://www.freedesktop.org/wiki/Software/ConsoleKit/

Bug#864077: tellico-doc: khelpcenter error 'Documentation not found'

[Geert Stappers]

Control: tags -1 confirmed


On Sun, Jun 04, 2017 at 03:27:31PM +0930, David Nebauer wrote:
> When invoking tellico help, khelpcenter open with the error message
> 'Documentation not found'. This occurs whether help is invoked using the
> tellico help menu, by pressing F1 in tellico, or directly from a shell
> ('khelpcenter help:/tellico').

And it did work in the previous version in Debian.
Thanks for reporting.
Thanks for the good report.

Bug#864083: unblock: libgcrypt20/1.7.6-2

[Niels Thykier]

Control: tags -1 confirmed d-i

Andreas Metzler:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package libgcrypt20, the upload features the following
> changes:
> * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
> * Pull two fixes from gcrypt 1.7.7 bugfix release:
>   + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
> Fix possible timing attack on EdDSA session key.
>   + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
> Fix long standing bug in secure memory implementation which could lead
> to a segv on free.
> 
> unblock libgcrypt20/1.7.6-2
> 
> Thanks, cu Andreas
> 

Ack from here, CC'ing KiBi for a d-i ack - assuming there is still time.
 Worst case, we will have to defer it to 9.1.

Thanks,
~Niels

Bug#864083: unblock: libgcrypt20/1.7.6-2

[Andreas Metzler]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libgcrypt20, the upload features the following
changes:
* Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
* Pull two fixes from gcrypt 1.7.7 bugfix release:
  + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
Fix possible timing attack on EdDSA session key.
  + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
Fix long standing bug in secure memory implementation which could lead
to a segv on free.

unblock libgcrypt20/1.7.6-2

Thanks, cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru libgcrypt20-1.7.6/debian/changelog libgcrypt20-1.7.6/debian/changelog
--- libgcrypt20-1.7.6/debian/changelog	2017-01-26 11:58:32.0 +0100
+++ libgcrypt20-1.7.6/debian/changelog	2017-06-03 10:58:36.0 +0200
@@ -1,3 +1,15 @@
+libgcrypt20 (1.7.6-2) unstable; urgency=high
+
+  * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
+  * Pull two fixes from gcrypt 1.7.7 bugfix release:
++ 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
+  Fix possible timing attack on EdDSA session key.
++ 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
+  Fix long standing bug in secure memory implementation which could lead
+  to a segv on free.
+
+ -- Andreas Metzler   Sat, 03 Jun 2017 10:58:36 +0200
+
 libgcrypt20 (1.7.6-1) unstable; urgency=medium
 
   * New upstream version, includes
diff -Nru libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
--- libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch	1970-01-01 01:00:00.0 +0100
+++ libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch	2017-06-03 10:53:37.0 +0200
@@ -0,0 +1,35 @@
+From f9494b3f258e01b6af8bd3941ce436bcc00afc56 Mon Sep 17 00:00:00 2001
+From: Jo Van Bulck 
+Date: Thu, 19 Jan 2017 17:00:15 +0100
+Subject: [PATCH 1/2] ecc: Store EdDSA session key in secure memory.
+
+* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
+session key.
+--
+
+An attacker who learns the EdDSA session key from side-channel
+observation during the signing process, can easily revover the long-
+term secret key. Storing the session key in secure memory ensures that
+constant time point operations are used in the MPI library.
+
+Signed-off-by: Jo Van Bulck 
+---
+ cipher/ecc-eddsa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
+index f91f8489..813e030d 100644
+--- a/cipher/ecc-eddsa.c
 b/cipher/ecc-eddsa.c
+@@ -603,7 +603,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+   a = mpi_snew (0);
+   x = mpi_new (0);
+   y = mpi_new (0);
+-  r = mpi_new (0);
++  r = mpi_snew (0);
+   ctx = _gcry_mpi_ec_p_internal_new (skey->E.model, skey->E.dialect, 0,
+  skey->E.p, skey->E.a, skey->E.b);
+   b = (ctx->nbits+7)/8;
+-- 
+2.11.0
+
diff -Nru libgcrypt20-1.7.6/debian/patches/30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch libgcrypt20-1.7.6/debian/patches/30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
--- libgcrypt20-1.7.6/debian/patches/30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch	1970-01-01 01:00:00.0 +0100
+++ libgcrypt20-1.7.6/debian/patches/30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch	2017-06-03 10:53:37.0 +0200
@@ -0,0 +1,69 @@
+From 91456759b887e153c4d4ce19538d478df260cab2 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Fri, 2 Jun 2017 10:34:42 +0900
+Subject: [PATCH 2/2] secmem: Fix SEGV and stat calculation.
+
+* src/secmem (init_pool): Care about the header size.
+(_gcry_secmem_malloc_internal): Likewise.
+(_gcry_secmem_malloc_internal): Use mb->size for stats.
+
+--
+
+GnuPG-bug-id: 3027
+Signed-off-by: NIIBE Yutaka 
+---
+ src/secmem.c | 10 +-
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/secmem.c b/src/secmem.c
+index 46bbf82e..b2a9667d 100644
+--- a/src/secmem.c
 b/src/secmem.c
+@@ -454,7 +454,7 @@ init_pool (pooldesc_t *pool, size_t n)
+ 
+   /* Initialize first memory block.  */
+   mb = (memblock_t *) pool->mem;
+-  mb->size = pool->size;
++  mb->size = pool->size - BLOCK_HEAD_SIZE;
+   mb->flags = 0;
+ }
+ 
+@@ -610,7 +610,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint)
+   mb = mb_get_new (pool, (memblock_t *) pool->mem, size);
+   if (mb)
+ {
+-  stats_update (pool, size, 0);
++  stats_update (pool, mb->size, 0);
+   

Bug#864082: fontconfig: please make the cache files reproducible

[Chris Lamb]

Source: fontconfig
Version: 2.12.1-0.1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
fontconfig generates non-reproducible cache files under
/var/cache/fontconfig.

This is because fontconfig embeds the mtime of each font directory
in a "checksum" member of a "_FcCache" struct. This is so that it
can identify which cache files remain valid and/or require
regeneration.

We therefore "clamp" the mtimes of font directories to SOURCE_DATE_EPOCH
prior to calling fc-cache to avoid these non-deterministic values
appearing in the files themselves. This is safe as we now force
regeneration in subsequent fc-cache calls with -f.

(We can't just replace the checksum value with SOURCE_DATE_EPOCH as it
will result in fontconfig believing the cache to be outdated, defeating
the entire point of generating them in the first place.)

This work was sponsored by Tails[1].

Patch attached.


 [0] https://reproducible-builds.org/
 [1] https://tails.boum.org/


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
diff --git a/debian/fontconfig.postinst b/debian/fontconfig.postinst
index ad7ac19..dfba70e 100644
--- a/debian/fontconfig.postinst
+++ b/debian/fontconfig.postinst
@@ -2,10 +2,28 @@
 
 set -e
 
+if [ -n "$SOURCE_DATE_EPOCH" ]; then
+  # fontconfig embeds the mtime of each font directory in a "checksum" member
+  # of a "_FcCache" struct. This is so that it can identify which cache files
+  # remain valid and/or require regeneration.
+  #
+  # We therefore "clamp" the mtimes of font directories to SOURCE_DATE_EPOCH
+  # prior to calling fc-cache to avoid these non-deterministic values appearing
+  # in the files themselves. This is safe as we force regeneration in
+  # subsequent fc-cache calls with -f.
+  #
+  # (We can't just replace the checksum value with SOURCE_DATE_EPOCH as it will
+  # result in fontconfig believing the cache to be outdated, defeating the
+  # entire point of generating them in the first place.
+  fc-cache -s --list-dirs | \
+xargs -I{} find {} -type d -follow -newermt "@$SOURCE_DATE_EPOCH" -print0 
2>/dev/null | \
+xargs -0r touch --date="@$SOURCE_DATE_EPOCH"
+fi
+
 if [ "$1" = triggered ]; then
   # Force regeneration of all fontconfig cache files.
   mkdir -p /var/cache/fontconfig
-  fc-cache -s -v 1>/var/log/fontconfig.log 2>&1 || printf "fc-cache 
failed.\nSee /var/log/fontconfig.log for more information.\n"
+  fc-cache -s -f -v 1>/var/log/fontconfig.log 2>&1 || printf "fc-cache 
failed.\nSee /var/log/fontconfig.log for more information.\n"
   exit 0
 fi
 
diff --git a/fc-cache/fc-cache.1 b/fc-cache/fc-cache.1
index e514779..f5a733d 100644
--- a/fc-cache/fc-cache.1
+++ b/fc-cache/fc-cache.1
@@ -4,7 +4,7 @@
 fc-cache \- build font information cache files
 .SH SYNOPSIS
 .sp
-\fBfc-cache\fR [ \fB-EfrsvVh\fR ]  [ \fB--error-on-no-fonts\fR ]  [ 
\fB--force\fR ]  [ \fB--really-force\fR ]  [ \fB [ -y \fIdir\fB ]  [ --sysroot 
\fIdir\fB ] \fR ]  [ \fB--system-only\fR ]  [ \fB--verbose\fR ]  [ 
\fB--version\fR ]  [ \fB--help\fR ]  [ \fB\fIdir\fB\fR\fI...\fR ] 
+\fBfc-cache\fR [ \fB-EfrsvVh\fR ]  [ \fB--error-on-no-fonts\fR ]  [ 
\fB--force\fR ]  [ \fB--really-force\fR ]  [ \fB [ -y \fIdir\fB ]  [ --sysroot 
\fIdir\fB ] \fR ]  [ \fB--system-only\fR ]  [ \fB--list-dirs\fR ]  [ 
\fB--verbose\fR ]  [ \fB--version\fR ]  [ \fB--help\fR ]  [ 
\fB\fIdir\fB\fR\fI...\fR ] 
 .SH "DESCRIPTION"
 .PP
 \fBfc-cache\fR scans the font directories on
@@ -44,6 +44,9 @@ Erase all existing cache files and rescan.
 Only scan system-wide directories, omitting the places
 located in the user's home directory.
 .TP
+\fB-l\fR
+Only list directories, don't regenerate anything.
+.TP
 \fB-v\fR
 Display status information while busy.
 .TP
diff --git a/fc-cache/fc-cache.c b/fc-cache/fc-cache.c
index 0336073..fc5ff07 100644
--- a/fc-cache/fc-cache.c
+++ b/fc-cache/fc-cache.c
@@ -70,6 +70,7 @@ const struct option longopts[] = {
 {"really-force", 0, 0, 'r'},
 {"sysroot", required_argument, 0, 'y'},
 {"system-only", 0, 0, 's'},
+{"list-dirs", 0, 0, 'l'},
 {"version", 0, 0, 'V'},
 {"verbose", 0, 0, 'v'},
 {"help", 0, 0, 'h'},
@@ -87,10 +88,10 @@ usage (char *program, int error)
 {
 FILE *file = error ? stderr : stdout;
 #if HAVE_GETOPT_LONG
-fprintf (file, "usage: %s [-EfrsvVh] [-y SYSROOT] [--error-on-no-fonts] 
[--force|--really-force] [--sysroot=SYSROOT] [--system-only] [--verbose] 
[--version] [--help] [dirs]\n",
+fprintf (file, "usage: %s [-EfrslvVh] [-y SYSROOT] [--error-on-no-fonts] 
[--force|--really-force] [--sysroot=SYSROOT] [--system-only] [--list-dirs] 
[--verbose] [--version] [--help] [dirs]\n",
 program);
 #else
-fprintf (file, "usage: %s [-EfrsvVh] [-y SYSROOT] [dirs]\n",
+fprintf (file, "usage: %s 

Bug#716982: note

[Geert Stappers]

Package gwenview has directory debian/tests

$ ls -l ~/src/gwenview/debian/tests/
totaal 12
-rw-r--r-- 1 stappers stappers 204 jun  4 08:37 control
-rwxr-xr-x 1 stappers stappers 391 jun  4 08:37 testsuite
-rwxr-xr-x 1 stappers stappers 102 jun  4 08:37 testsuite.xsession
$ cat ~/src/gwenview/debian/tests/testsuite
#!/bin/sh
if [ -z "$HOME" ] || [ ! -d "$HOME" ]; then
[ -e debian/tests.home ] || mkdir debian/tests.home
export HOME="$(pwd)/debian/tests.home"
trap "rm -rf debian/tests.home" EXIT
fi
mkdir -p "$HOME"/.config || true
mkdir -p "$HOME"/.kde-unit-test || true

xvfb-run -a --server-args="-screen 0 1024x768x24" \
dbus-launch --exit-with-session debian/tests/testsuite.xsession
$ 

Bug#864080: openssl: libssl1.1-udeb is missing versioned dependency on libcrypto1.1-udeb

[Niels Thykier]

Package: openssl
Version: 1.1.0e-2
Severity: serious
Tags: d-i

As noted in #863472:

"""
The libssl1.1-udeb package is broken, as it fails to depend on an
appropriate version of libcrypto1.1-udeb, which means I've just
successfully built a debian-installer against testing with this
addition: build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb
and gotten a broken wget:
| wget: /usr/lib/libcrypto.so.1.1: version `OPENSSL_1_1_0f' not found (required 
by /usr/lib/libssl.so.1.1)

See the missing version here:
| $ dpkg --info build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb|grep 
Depends:
|  Depends: libc6-udeb (>= 2.24), libcrypto1.1-udeb
"""

Bug#864079: ITP: backuppc-rsync -- rsync optimised for BackupPC backup utility

[Ludovic Drolez]

Package: wnpp
Severity: wishlist
Owner: Ludovic Drolez 

* Package name: backuppc-rsync
  Version : 3.0.9.7
  Upstream Author : Craig Barratt 
* URL : https://github.com/backuppc/rsync-bpc
* License : GPL
  Programming Lang: C
  Description : rsync optimised for BackupPC backup utility

Rsync-bpc is a customized version of rsync that is used as part of
BackupPC, an open source backup system.

The main change to rsync is adding a shim layer (in the subdirectory
backuppc, and in bpc_sysCalls.c) that emulates the system calls for
accessing the file system so that rsync can directly read/write files
in BackupPC's format.

Bug#835127: tellico: Tellico always crashes at boot time

[Andrej Mernik]

Package: tellico
Followup-For: Bug #835127

Dear Maintainer,

I have installed version 3.0.2-1.1 from unstable on my Stretch install and the
crashing seems to be gone for good.

Best Regards,
Andrej Mernik




-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=sl_SI.UTF-8, LC_CTYPE=sl_SI.UTF-8 (charmap=UTF-8), LANGUAGE=sl 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tellico depends on:
ii  kio5.28.0-2
ii  libbtparse10.78-1
ii  libc6  2.24-11
ii  libcsv33.0.3+dfsg-3
ii  libdiscid0 0.6.1-6
ii  libexempi3 2.4.1-1
ii  libkf5archive5 5.28.0-2
ii  libkf5codecs5  5.28.0-1+b2
ii  libkf5completion5  5.28.0-1
ii  libkf5configcore5  5.28.0-2
ii  libkf5configgui5   5.28.0-2
ii  libkf5configwidgets5   5.28.0-2
ii  libkf5coreaddons5  5.28.0-2
ii  libkf5crash5   5.28.0-1
ii  libkf5filemetadata35.28.0-1+b2
ii  libkf5guiaddons5   5.28.0-1
ii  libkf5i18n55.28.0-2
ii  libkf5iconthemes5  5.28.0-2
ii  libkf5itemmodels5  5.28.0-2
ii  libkf5jobwidgets5  5.28.0-2
ii  libkf5khtml5   5.28.0-2
ii  libkf5kiocore5 5.28.0-2
ii  libkf5kiofilewidgets5  5.28.0-2
ii  libkf5kiogui5  5.28.0-2
ii  libkf5kiowidgets5  5.28.0-2
ii  libkf5newstuff55.28.0-1
ii  libkf5parts5   5.28.0-1
ii  libkf5service-bin  5.28.0-1
ii  libkf5service5 5.28.0-1
ii  libkf5solid5   5.28.0-3
ii  libkf5sonnetcore5  5.28.0-2
ii  libkf5sonnetui55.28.0-2
ii  libkf5textwidgets5 5.28.0-1
ii  libkf5wallet-bin   5.28.0-3
ii  libkf5wallet5  5.28.0-3
ii  libkf5widgetsaddons5   5.28.0-3
ii  libkf5windowsystem55.28.0-2
ii  libkf5xmlgui5  5.28.0-1
ii  libpoppler-qt5-1   0.48.0-2
ii  libqt5core5a   5.7.1+dfsg-3+b1
ii  libqt5dbus55.7.1+dfsg-3+b1
ii  libqt5gui5 5.7.1+dfsg-3+b1
ii  libqt5network5 5.7.1+dfsg-3+b1
ii  libqt5widgets5 5.7.1+dfsg-3+b1
ii  libqt5xml5 5.7.1+dfsg-3+b1
ii  libstdc++6 6.3.0-18
ii  libtag1v5  1.11.1+dfsg.1-0.1
ii  libxml22.9.4+dfsg1-2.2
ii  libxslt1.1 1.1.29-2.1
ii  libyaz44.2.30-4+b6
ii  tellico-data   3.0.2-1.1
ii  tellico-scripts3.0.2-1.1

Versions of packages tellico recommends:
ii  khelpcenter4  4:16.08.3-1
ii  tellico-doc   3.0.2-1.1

tellico suggests no packages.

-- no debconf information

Bug#863308: fixed in golang-1.7 1.7.6-1

[Moritz Mühlenhoff]

On Thu, Jun 01, 2017 at 10:05:07AM +, Michael Hudson-Doyle wrote:
> Closes: 863308
> Changes:
>  golang-1.7 (1.7.6-1) unstable; urgency=medium
>  .
>* New upstream release. (Closes: #863308)
>* Remove d/patches/cl-29995--tzdata-2016g.patch, applied upstream.

Are you planning to file an unblock request for this (and the similar
change for Go 1.8)?

Cheers,
Moritz

Bug#795657: libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing

[Salvatore Bonaccorso]

Hi,

On Sun, Jun 04, 2017 at 08:26:19AM +0200, Moritz Mühlenhoff wrote:
> On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote:
> > Source: libapache2-mod-nss
> > Version: 1.0.11-1
> > Severity: important
> > Tags: security upstream
> > 
> > Hi,
> > 
> > the following vulnerability was published for libapache2-mod-nss,
> > introduced with the update to 1.0.11.
> > 
> > CVE-2015-3277[0]:
> > incorrect multi-keyword mode cipherstring parsing
> > 
> > The vulnerable code was added in 1.0.11[1] afaict.
> 
> What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14?

AFAICT, in ChangeLog up to 1.0.14 this seems still unresolved. The Red
Hat bug seem to indicate that as well (note I adjusted the introducing
commit reference in the security-tracker since the upstream git repo
moved to pagure.io apparently).

Salvatore

Bug#864078: CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-9117

[Moritz Muehlenhoff]

Source: openexr
Severity: grave
Tags: security

Please see http://www.openwall.com/lists/oss-security/2017/05/12/5

These were reported upstream at https://github.com/openexr/openexr/issues/232

Upstream fixes are linked in the github bug.

Cheers,
Moritz

Bug#539798: texlive: please suggest -doc packages

[Chris Lamb]

Hi Norbert,

> You should maybe have taken a look at the systemd bug, where there is
> definitely more to do. 
>
> Thanks for your inactivity.

It is disheartening (and somewhat unfair) that you have taken my non-
involvement in a different bug that I have not seen before as evidence
of inactivity.

As a serious question, what would you have me do? The DPL should surely
not be compelled make technical decisions on the hermeneutics of Policy;
there are other groups for that.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#795657: libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing

[Moritz Mühlenhoff]

On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote:
> Source: libapache2-mod-nss
> Version: 1.0.11-1
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for libapache2-mod-nss,
> introduced with the update to 1.0.11.
> 
> CVE-2015-3277[0]:
> incorrect multi-keyword mode cipherstring parsing
> 
> The vulnerable code was added in 1.0.11[1] afaict.

What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14?

Cheers,
Moritz


> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2015-3277
> [1] 
> https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1238324
> 
> Could you please double-check this?
> 
> Regards,
> Salvatore
> 

Bug#853034: patches Re: unar: Fuzzer-generated crashing testcases for a dozen identified file formats

[Julián Moreno Patiño]

Hello YOSHINO Yoshihito,

Thanks for your patches, I will look into it tomorrow afternoon (GMT-5).

Kind regards,

-- 
Julián Moreno Patiño
Debian Developer
 .''`. Debian GNU/{Linux,KfreeBSD}
: :' : Free Operating Systems
`. `'  http://debian.org/
  `-   GPG Fingerprint:
C2C8 904E 314C D8FA 041D 9B00 D5FD FC15 6168 BF60
Registered GNU Linux User ID 488513


signature.asc
Description: PGP signature

Bug#864067: unblock: plasma-workspace/5.8.6-2.1

[Nobuhiro Iwamatsu]

Hi,

2017-06-04 15:00 GMT+09:00 Niels Thykier :
> Control: tags -1 confirmed moreinfo
>
> Nobuhiro Iwamatsu:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> Hi,
>>
>> I want to upload a NMU of plasma-workspace to unstable fixing an issue
>> where processing stopped in ksplashqml on some environments(e.g. Japanese
>> environment), proposed patch attached.
>>
>> unblock plasma-workspace/5.8.6-2.1.
>>
>> [...]
>>
>
> Ack, please go head.  Please do the upload today or tomorrow (with at
> most 1-day in the delay queue, but preferably without delay) as the
> deadline for migration is Friday.

Thanks! I just uploaded.

>
> Thanks,
> ~Niels
>
>

Best regards,
  Nobuhiro


-- 
Nobuhiro Iwamatsu
   iwamatsu at {nigauri.org / debian.org}
   GPG ID: 40AD1FA6

Bug#859151: Bug#859271: thunderbird: Please add build support for m68k

[Carsten Schoenert]

Control: tags -1 pending

Hello Adrian,

On Thu, Jun 01, 2017 at 06:06:53PM +0200, John Paul Adrian Glaubitz wrote:
> Hi Carsten!
> 
> On 05/05/2017 11:47 AM, Carsten Schoenert wrote:
> > Could you prepare new updates patches so we can add sparc64 support
> > again? We probably need to upload more than one Debian version of 52.1.0
> > so we could add a updated changeset in -2 or so.
> 
> Attaching an updated patch for sparc64. It compiles, but there are some
> issues with xpcshell which I need to figure out:
> 
> Executing /<>/obj-thunderbird/dist/bin/xpcshell -g 
> /<>/obj-thunderbird/dist/bin/ -a 
> /<>/obj-thunderbird/dist/bin/ -f
> /<>/mozilla/toolkit/
> mozapps/installer/precompile_cache.js -e 
> precompile_startupcache("resource://gre/");
> ^G[77997] ###!!! ABORT: u_init() failed: file 
> /<>/mozilla/xpcom/build/XPCOMInit.cpp, line 709
> [77997] ###!!! ABORT: u_init() failed: file 
> /<>/mozilla/xpcom/build/XPCOMInit.cpp, line 709
> Traceback (most recent call last):
>   File "/<>/mozilla/toolkit/mozapps/installer/packager.py", line 
> 415, in 
> main()
>   File "/<>/mozilla/toolkit/mozapps/installer/packager.py", line 
> 409, in main
> args.source, gre_path, base)
>   File "/<>/mozilla/toolkit/mozapps/installer/packager.py", line 
> 166, in precompile_cache
> errors.fatal('Error while running startup cache precompilation')
>   File "/<>/mozilla/python/mozbuild/mozpack/errors.py", line 
> 103, in fatal
> self._handle(self.FATAL, msg)
>   File "/<>/mozilla/python/mozbuild/mozpack/errors.py", line 98, 
> in _handle
> raise ErrorMessage(msg)
> mozpack.errors.ErrorMessage: Error: Error while running startup cache 
> precompilation
> 
> Please include the patch anyway, I will try to figure out what the problem is
> in the meantime. Might be a local issue, too.

don't give that much on that issue, we had the same problem while
testing xpcshell with autopkg.
It turns out that xpcshell searches for icudt58dl.dat in
/usr/share/thunderbird (in the opposite to the thunderbird binary that
looks in /usr/lib/thunderbird). The current prepared build uses the
internal icu18n implementation instead of using the system library, this is
for Stretch to old. Because of this we've added a extra symlink in the
-dev package and the xpcshell testing is working again.

I can image you've been hitting by the same problem. Otherwise wait
until we switch back to system packages for building thunderbird. It's a
bit annoying to search issues related to the use of internal shipped
stuff.

> PS: The folder with the m68k support patch says "porting-mk68". Could you
> fix that to be "porting-m68k"? Thanks :).

Urgs, yes a stupid typo. Christoph has changed this in preparation for
the upload too. thunderbird should be in NEW soon.

Regards
Carsten

Bug#864067: unblock: plasma-workspace/5.8.6-2.1

[Niels Thykier]

Control: tags -1 confirmed moreinfo

Nobuhiro Iwamatsu:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi,
> 
> I want to upload a NMU of plasma-workspace to unstable fixing an issue 
> where processing stopped in ksplashqml on some environments(e.g. Japanese
> environment), proposed patch attached.
> 
> unblock plasma-workspace/5.8.6-2.1.
> 
> [...]
> 

Ack, please go head.  Please do the upload today or tomorrow (with at
most 1-day in the delay queue, but preferably without delay) as the
deadline for migration is Friday.

Thanks,
~Niels

Bug#864076: unblock: distro-info-data/0.36

[Niels Thykier]

Control: tags -1 confirmed moreinfo

Stefano Rivera:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package distro-info-data
> 
> This is a pre-upload unblock request for distro-info-data, now that the
> Jessie release date has been announced.
> 
> While I was here, I realised that we didn't have EOL dates for Jessie or
> Wheezy yet :( We have a long-standing bug of not including LTS dates
> (#782685) so I've maintained the status-quo and did that for these two
> as well. Alternatively, I could just extend the support dates out to
> include LTS, but that seems like another bad idea :/
> 
> So, are you OK with this patch-set, and would you consider allowing it
> in, for Stretch?
> 
> unblock distro-info-data/0.36
> 
> Thanks,
> 
> SR
> 
> [...]
> 

Ack, please go head.  Please do the upload today or tomorrow as the
deadline for migration is Friday.

Thanks,
~Niels

Bug#864077: tellico-doc: khelpcenter error 'Documentation not found'

[David Nebauer]

Package: tellico-doc
Version: 3.0.2-1.1
Severity: normal

Dear Maintainer,

When invoking tellico help, khelpcenter open with the error message
'Documentation not found'. This occurs whether help is invoked using the
tellico help menu, by pressing F1 in tellico, or directly from a shell
('khelpcenter help:/tellico').

I do not know how khelpcenter integrates application documentation -- I
could not locate any simple guides -- but the desktop file entry
'X-DocPath=tellico/index.html' seems standard. 

I compared tellico's help file paths with those in a couple of packages
which do successfully display khelpcenter help: okular and gwenview.
Both those packages have as their primary helpfile 'index.docbook' while
tellico has a compressed version: 'index.docbook.gz'. I have no idea
whether this is significant.

I also compared the directory paths for english documentation:
/usr/share/doc/kde/HTML/en/okular
/usr/share/doc/HTML/en/gwenview
/usr/share/doc/tellico/HTML/HTML/en/tellico

Tellico's path is unusual in that it has its own subdirectory directly under
/usr/share/doc and includes HTML/HTML. I do not know whether this is
significant.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (1000, 'testing'), (995, 'testing'), (750, 'stable'), (500, 
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages tellico-doc depends on:
ii  kdelibs5-data  4:4.14.26-2

Versions of packages tellico-doc recommends:
ii  tellico  3.0.2-1.1

tellico-doc suggests no packages.

-- no debconf information