Bug#866356: unp FTBFS: ln: failed to create symbolic link 'debian/unp/usr/share/man/man1/ucat.1.gz': No such file or directory

2017-06-28 Thread Adrian Bunk 
Source: unp
Version: 2.0~pre7+nmu1
Severity: serious
Tags: buster sid

Some recent change in unstable makes unp FTBFS:

https://tests.reproducible-builds.org/debian/history/unp.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/unp.html

...
dh_compress
ln -sf unp.1.gz debian/unp/usr/share/man/man1/ucat.1.gz
ln: failed to create symbolic link 'debian/unp/usr/share/man/man1/ucat.1.gz': 
No such file or directory
debian/rules:32: recipe for target 'binary-indep' failed
make: *** [binary-indep] Error 1

Bug#866340: aa-genprof: ERROR: Can't find system log "/var/log/syslog" (journald-only setup)

2017-06-28 Thread intrigeri 
Control: tag -1 + upstream
Control: forwarded -1 https://bugs.launchpad.net/apparmor/+bug/1597671

Hi,

Julian Andres Klode:
> aa-genprof fails if syslog does not exist, which is the
> case on a journald-only machine.

Yeah, sorry about that. I've just generalized an existing upstream bug
report to include this use case.

Cheers,
-- 
intrigeri

Bug#845659: debpatch: New script, "Apply a debdiff to a Debian source package"

2017-06-28 Thread James McCoy 
On Wed, Jun 28, 2017 at 02:30:00PM +, Ximin Luo wrote:
> Ximin Luo:
> > I have switched to using debian.changelog though, thanks for the tip. I 
> > also got rid of some dirty "this is already applied" logic and removed some 
> > arbitrary limits.
> > 
> > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debpatch
> > 
> > Pushed there ^ but also would be happy to squash these commits if you 
> > prefer.
> > 
> 
> I've updated git (pu/debpatch branch) with a few more minor changes.
> 
> Is it OK if I merge this into master now?

Looks good to me.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#866339: gstreamer1.0-plugins-ugly: fails to play mp3 files

2017-06-28 Thread Sebastian Dröge 
On Thu, 2017-06-29 at 00:17 +0200, Martin Bergström wrote:
> Package: gstreamer1.0-plugins-ugly
> Version: 1.12.1-1
> Severity: normal
> 
> (I am not confident diagnosing gstreamer issues, so please bear with me.)
> 
> Other formats like ogg and flac works fine. Also non-gstreamer players 
> can play
> mp3 files.
> 
> There is an error message in Quod Libet and Totem when attempting to 
> play mp3
> files. Totem says "MPEG-1 Layer 3 (MP3) decoder is required to play the 
> file,
> but it is not installed."
> 
> gstreamer was recently upgraded to 1.12.1-1. (I think the problem manifested
> also in 1.10.4-1 but I might have that wrong.) It worked a couple a 
> weeks ago on  this machine running up-to-date "testing".
> 
> 1.10.4-1 depends on libmad0 but 1.12.1-1 does not.
> libmad0 0.15.1b-8 is installed to satisfy dependencies of other packages.

1.12.1 does not have the mad plugin anymore but uses mpg123 instead. Is
your problem maybe that you had gst-plugins-ugly 1.12.1 installed
together with libgstreamer1.0-0 1.10 before?

You can check with
 $ gst-inspect-1.0 -b

Are any plugins blacklisted? If so, now that all versions are in sync
again you could try deleting
  ~/.cache/gstreamer-1.0/registry.*.bin
and then try again.

signature.asc
Description: This is a digitally signed message part

Bug#831764: logrotate: does not rotate logs if delaycompress is used

2017-06-28 Thread Harald Dunkel 
metoo, see #720096



signature.asc
Description: OpenPGP digital signature

Bug#866355: adacontrol sometimes FTBFS: error: "adactl.adb" must be recompiled ("system.ads" has been modified)

2017-06-28 Thread Adrian Bunk 
Source: adacontrol
Version: 1.18r9-1
Severity: serious

https://buildd.debian.org/status/logs.php?pkg=adacontrol=ppc64el
https://buildd.debian.org/status/fetch.php?pkg=adacontrol=mips=1.17r3.1-3=1463222472=0

...
  -> object file /<>/src/rules-style-keyword.o does not exist
/usr/bin/gnatgcc -c -x ada -gnatA -g -O2 -gnatws -gnat12 -gnato -gnatf -g -g 
-O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -gnatwa 
-gnatec=/<>/src/GNAT-TEMP-01.TMP 
-gnatem=/<>/src/GNAT-TEMP-04.TMP 
/<>/src/rules-style-keyword.adb
   Checking binder generated files for adactl.adb...
  -> binder exchange file adactl.bexch does not exist
ADA_PRJ_OBJECTS_FILE = /<>/src/GNAT-TEMP-07.TMP
/usr/lib/gprbuild/gprbind adactl.bexch
/usr/bin/gnatbind -shared -o b__adactl.adb /<>/src/adactl.ali -x -O
error: "adactl.adb" must be recompiled ("system.ads" has been modified)
error: "adactl_options.adb" must be recompiled ("system.ads" has been modified)
error: "framework.adb" must be recompiled ("system.ads" has been modified)
error: "asis.ads" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/asis.ali" is obsolete 
and read-only)
error: "a4g.ads" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g.ali" is obsolete 
and read-only)
error: "a4g-a_types.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-a_types.ali" is 
obsolete and read-only)
error: "a4g-int_knds.ads" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-int_knds.ali" is 
obsolete and read-only)
error: "asis-compilation_units.adb" must be compiled
error: 
("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/asis-compilation_units.ali" is 
obsolete and read-only)
error: "a4g-a_opt.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-a_opt.ali" is 
obsolete and read-only)
error: "a4g-a_debug.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-a_debug.ali" is 
obsolete and read-only)
error: "a4g-a_osint.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-a_osint.ali" is 
obsolete and read-only)
error: "a4g-a_output.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-a_output.ali" is 
obsolete and read-only)
error: "a4g-contt.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-contt.ali" is 
obsolete and read-only)
error: "a4g-contt-dp.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-contt-dp.ali" is 
obsolete and read-only)
error: "a4g-contt-ut.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-contt-ut.ali" is 
obsolete and read-only)
error: "a4g-contt-tt.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-contt-tt.ali" is 
obsolete and read-only)
error: "a4g-asis_tables.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-asis_tables.ali" is 
obsolete and read-only)
error: "asis-elements.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/asis-elements.ali" is 
obsolete and read-only)
error: "a4g-a_sem.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-a_sem.ali" is 
obsolete and read-only)
error: "a4g-mapping.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-mapping.ali" is 
obsolete and read-only)
error: "a4g-a_sinput.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-a_sinput.ali" is 
obsolete and read-only)
error: "asis-set_get.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/asis-set_get.ali" is 
obsolete and read-only)
error: "a4g-gnat_int.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-gnat_int.ali" is 
obsolete and read-only)
error: "a4g-vcheck.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-vcheck.ali" is 
obsolete and read-only)
error: "asis-exceptions.ads" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/asis-exceptions.ali" is 
obsolete and read-only)
error: "asis-implementation.adb" must be compiled
error: 
("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/asis-implementation.ali" is 
obsolete and read-only)
error: "a4g-defaults.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-defaults.ali" is 
obsolete and read-only)
error: "a4g-u_conv.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/a4g-u_conv.ali" is 
obsolete and read-only)
error: "asis-errors.ads" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/asis-errors.ali" is 
obsolete and read-only)
error: "asis-text.adb" must be compiled
error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/asis/asis-text.ali" is 
obsolete and read-only)
error: "a4g-span_beginning.adb" must be compiled
error:

Bug#866354: armel: symbol _ZTINSt13__future_base12_Result_baseE, version GLIBCXX_3.4.15 not defined in file libstdc++.so.6

2017-06-28 Thread Adrian Bunk 
Package: libstdc++6
Version: 7.1.0-7
Severity: serious
Control: affects -1 src:mesa

mesa FTBFS on armel due to:

https://buildd.debian.org/status/fetch.php?pkg=mesa=armel=17.1.3-2=1498610882=0

...
llvm-config-4.0: relocation error: 
/usr/lib/llvm-4.0/bin/../lib/libLLVM-4.0.so.1: symbol 
_ZTINSt13__future_base12_Result_baseE, version GLIBCXX_3.4.15 not defined in 
file libstdc++.so.6 with link time reference
llvm-config-4.0: relocation error: 
/usr/lib/llvm-4.0/bin/../lib/libLLVM-4.0.so.1: symbol 
_ZTINSt13__future_base12_Result_baseE, version GLIBCXX_3.4.15 not defined in 
file libstdc++.so.6 with link time reference
llvm-config-4.0: relocation error: 
/usr/lib/llvm-4.0/bin/../lib/libLLVM-4.0.so.1: symbol 
_ZTINSt13__future_base12_Result_baseE, version GLIBCXX_3.4.15 not defined in 
file libstdc++.so.6 with link time reference
llvm-config-4.0: relocation error: 
/usr/lib/llvm-4.0/bin/../lib/libLLVM-4.0.so.1: symbol 
_ZTINSt13__future_base12_Result_baseE, version GLIBCXX_3.4.15 not defined in 
file libstdc++.so.6 with link time reference
...


My first guess would be that the #727621 fix might be missing
or broken in GCC 7.

Bug#866353: rsync: wrong Architecture field in cross built binary package

2017-06-28 Thread Helmut Grohne 
Source: rsync
Version: 3.1.2-2
Severity: important
User: helm...@debian.org
Usertags: rebootstrap

I noticed that when building rsync, it sometimes ends up with the wrong
Architecture field in the binary package. When I built rsync for arm64,
it could still end up as "Architecture: amd64". It turns out the
debian/rules assigns DEB_HOST_ARCH=$(DEB_BUILD_ARCH). Since
DEB_HOST_ARCH usually is an exported variable, subprocesses (e.g.
dpkg-gencontrol) see the assignment and use the wrong value. Simply
removing that line (as it is otherwise unused) fixes the build. Please
consider applying the attached patch.

Helmut
diff --minimal -Nru rsync-3.1.2/debian/changelog rsync-3.1.2/debian/changelog
--- rsync-3.1.2/debian/changelog2017-03-17 15:02:00.0 +0100
+++ rsync-3.1.2/debian/changelog2017-06-29 06:30:39.0 +0200
@@ -1,3 +1,11 @@
+rsync (3.1.2-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix Architecture field of cross built packages.
+closes: #-1
+
+ -- Helmut Grohne   Thu, 29 Jun 2017 06:30:39 +0200
+
 rsync (3.1.2-2) unstable; urgency=medium
 
   * Added patch from upstream git to resolve temporary lines in --progress
diff --minimal -Nru rsync-3.1.2/debian/rules rsync-3.1.2/debian/rules
--- rsync-3.1.2/debian/rules2016-10-07 15:51:56.0 +0200
+++ rsync-3.1.2/debian/rules2017-06-29 06:30:36.0 +0200
@@ -25,21 +25,6 @@
 CFLAGS   := -Wall  $(shell $(dpkg_buildflags) --get CFLAGS)
 LDFLAGS  :=$(shell $(dpkg_buildflags) --get LDFLAGS)
 
-# backwards compatibility stuff, from dpkg-architecture manpage
-DEB_BUILD_ARCH := $(shell dpkg --print-architecture)
-DEB_BUILD_GNU_CPU := $(patsubst hurd-%,%,$(DEB_BUILD_ARCH))
-ifeq ($(filter-out hurd-%,$(DEB_BUILD_ARCH)),)
-DEB_BUILD_GNU_SYSTEM := gnu
-else
-DEB_BUILD_GNU_SYSTEM := linux
-endif
-DEB_BUILD_GNU_TYPE=$(DEB_BUILD_GNU_CPU)-$(DEB_BUILD_GNU_SYSTEM)
-
-DEB_HOST_ARCH=$(DEB_BUILD_ARCH)
-DEB_HOST_GNU_CPU=$(DEB_BUILD_GNU_CPU)
-DEB_HOST_GNU_SYSTEM=$(DEB_BUILD_GNU_SYSTEM)
-DEB_HOST_GNU_TYPE=$(DEB_BUILD_GNU_TYPE)
-
 DEB_BUILD_GNU_TYPE := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)

Bug#866334: ITP: lean -- theorem prover from Microsoft Research

2017-06-28 Thread Andreas Tille 
Hi Benjamin,

Thanks for this ITP.
I'd suggest to package this in Debian Science team.

Kind regards

 Andreas.

On Wed, Jun 28, 2017 at 05:37:53PM -0400, Benjamin Barenblat wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Benjamin Barenblat 
> 
> * Package name: lean
>   Version : 3.2.0
>   Upstream Author : Leonardo de Moura  et al.
> * URL : https://leanprover.github.io/
> * License : Apache-2.0
>   Programming Lang: C++
>   Description : theorem prover from Microsoft Research
> 
> Lean is a theorem prover or interactive proof assistant. That is, it’s
> a system in which you can write formal mathematical proofs that are
> checked for correctness by the computer. Lean is thus broadly similar
> to Coq, but the Lean developers hope to build a faster, more extensible
> system than Coq is today.
> 
> From the About page: “Lean is a new open source theorem prover being
> developed at Microsoft Research, and its standard library at Carnegie
> Mellon University. Lean aims to bridge the gap between interactive and
> automated theorem proving by situating automated tools and methods in a
> framework that supports user interaction and the construction of fully
> specified axiomatic proofs. The goal is to support both mathematical
> reasoning and reasoning about complex systems, and to verify claims in
> both domains.”
> 
> Lean has been under development for several years; regular releases
> first appeared in January. I use Lean, and I know other Debian users
> would like to have it easily accessible.

-- 
http://fam-tille.de

Bug#828477: Aw: Re: Bug#828477: openvpn: FTBFS with openssl 1.1.0

2017-06-28 Thread Dr. Markus Waldeck 
Hi Eric,

this topic should have gone directly to you:

OpenSSL 1.1 support in OpenVPN

> has been fixed in 2.4.3, but switching over is
> currently blocked by libpkcs11-helper1-dev depending on libssl1.0-dev
> (presumably because of OpenVPN, see Bug #859555).
> 
> Eric, if openvpn was the only reason to stay on OpenSSL 1.0 feel free to
> switch over now.

Please check.

Thanks in advance!

Markus

Bug#788045: reportbug: patch - use the default desktop mua

2017-06-28 Thread David Steele 

On Wed, Jun 28, 2017 at 10:19 PM, Paul Wise  wrote:
> On Wed, 2017-06-28 at 10:41 -0400, David Steele wrote:
>
> > The attached patch adds a "desktop-default" option
>
> I might be wrong but I think individual options for choosing an MUA are
> deprecated and you should instead use a parameter to the --mua option.

I followed the convention for the other options in the code, supported by the
current documentation. The --mua option feels pretty useless to me
(532150, 865792).

> I also think you should call it xdg-email not desktop-default for
> precision about what it does, there is no /usr/bin/desktop-default

reportbug has a mode called NOVICE. This felt like a better description -
xdg comes later. But, I could be persuaded.
 
> > via xdg-open and a "mailto" URI.
>
> I'd strongly suggest using xdg-email *not* xdg-open, the latter might
> not work for mailto but the former is more likely to work.

I've worked quite a bit with xdg-open with the mailto scheme, and know
how it will interpret the URI. I'm not so sure with xdg-email, and had
problems controlling text quoting for the individual arguments. I suspect
that the two are equivalent for mailto's, but this way I didn't have to check.

> In addition, xdg-email allows you to specify attachments, which IIRC
> reportbug can sometimes use. xdg-open cannot add attachments.

Actually, it can. There is broad support for an attachment keyword in
the mailto URI scheme, though at one point there was disagreement
on the name of the tag. That may or may not be fixed (Evolution was
the holdout, IIRC).

In any case, there's a 4+-year old comment in the reportbug source
stating that attachments are not (yet) supported for mua's. If that
changes, I would be willing to revisit it.

> > Note that this drops headers that are not
>
> I don't think that is acceptable since reportbug sets a number of other
> headers. mailto URLs can contain arbitrary headers anyway.

I just reread rfc2368. You shouldn't expect a mailto interface to respect
very many headers. Mine doesn't (gmail api, via gnome-gmail). I didn't
encounter any issues beyond X-Debbugs-CC, and I would worry about
side effects from feeding them all to all mailers. This way I am controlling
the issue at the source.

> > "X-Debbugs-Cc" would need to be moved to a pseudo-header.
>
> I think this should happen anyway, so that people receiving XCCs
> understand why they are getting a bug they did not expect.

I also think this is an issue that's independent of mailto support.

> PS: I think use of ui.system breaks this under the GTK+ UI.
>
> PPS: I note that the emacsclient MUA and viewing in a pager use it too.
>
> PPPS: *never* run external commands from python via os.system or
> equivalent (such as ui.system) unless you are using a hard-coded string
> for the command. Using dynamically calculated or user-provided data is
> likely to create issues when there are shell meta-characters present.

I'm trying not to break new ground beyond supporting the standard mailer.
The Mua class uses ui.system(). Note that all externally collected mailto
data is url-quoted before the call.

> S: if you are interested in expanding the MUA support of reportbug,
> I would suggest looking at reportbug-ng, which even supports webmail
> like gmail.com (in commented-out code that actually works).

You really should take a look at gnome-gmail.

> Personally,
> I think the MUA handling code of both reportbug and reportbug-ng needs
> to be factored out into a Python library that both tools can use.

Fair enough. Let's see how much friction there is in the process.

My immediate goal is modest - to make reportbug useful to me, and
make moot the question "Where did the message file go?".

Thanks for the prompt feedback.

-- 
AE0D BF5A 92A5 ADE4 9481  BA6F 8A31 71EF 3661 50CE


signature.asc
Description: GooPG digital signature

Bug#696254: qa.debian.org: PTS has outdated current policy version

2017-06-28 Thread Paul Hardy 
There is a bug in the code for checking a major standards version
increment.  For example, the page for Unifont
(https://packages.qa.debian.org/u/unifont.html) contains this item in
the "Problem" section:

"The package is severly out of date with respect to the Debian Policy.
Latest version is 3.9.8 and your package only follows 4.0.0..."

Note also the misspelling of "severely" as "severly".  The new tracker
spells this correctly.


Paul Hardy

Bug#866352: ros-catkin-pkg FTBFS: ImportError: No module named setuptools

2017-06-28 Thread Adrian Bunk 
Source: ros-catkin-pkg
Version: 0.3.5-1
Severity: serious

https://buildd.debian.org/status/fetch.php?pkg=ros-catkin-pkg=all=0.3.5-1=1498644999=0

...
   dh_auto_clean -O--buildsystem=python_distutils
python setup.py clean -a
Traceback (most recent call last):
  File "setup.py", line 5, in 
from setuptools import setup
ImportError: No module named setuptools
dh_auto_clean: python setup.py clean -a returned exit code 1
debian/rules:7: recipe for target 'clean' failed
make: *** [clean] Error 1

Bug#866351: stretch-pu: package phpunit/5.4.6-2~deb8u1

2017-06-28 Thread David Prévot 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi stable managers,

Please, allow this patched version of phpunit, built and tested in a
Stretch environment, fixing an arbitrary PHP code execution via HTTP
POST [CVE-2017-9841], aka #866200. As discussed with the security team,
PHPUnit should not be available on a production server, even less
publicly accessible (so we’d prefer to pass on a proper DSA), yet, we’d
prefer not to let such a big flaw available, so please, accept it in the
next stable update.

Regards

David
diff -Nru phpunit-5.4.6/debian/changelog phpunit-5.4.6/debian/changelog
--- phpunit-5.4.6/debian/changelog	2016-06-18 12:34:11.0 -1000
+++ phpunit-5.4.6/debian/changelog	2017-06-28 17:03:35.0 -1000
@@ -1,3 +1,18 @@
+phpunit (5.4.6-2~deb8u1) stretch; urgency=high
+
+  * Team upload
+  * Upload previous fix to Stretch
+
+ -- David Prévot   Wed, 28 Jun 2017 17:03:35 -1000
+
+phpunit (5.4.6-2) unstable; urgency=high
+
+  * Team upload
+  * Fix arbitrary PHP code execution via HTTP POST [CVE-2017-9841]
+(Closes: #866200)
+
+ -- David Prévot   Wed, 28 Jun 2017 16:43:26 -1000
+
 phpunit (5.4.6-1) unstable; urgency=medium
 
   * Team upload
diff -Nru phpunit-5.4.6/debian/patches/0002-Correct-fix-for-1956.patch phpunit-5.4.6/debian/patches/0002-Correct-fix-for-1956.patch
--- phpunit-5.4.6/debian/patches/0002-Correct-fix-for-1956.patch	1969-12-31 14:00:00.0 -1000
+++ phpunit-5.4.6/debian/patches/0002-Correct-fix-for-1956.patch	2017-06-28 16:41:16.0 -1000
@@ -0,0 +1,34 @@
+From: Bob Weinand 
+Date: Sun, 13 Nov 2016 18:52:50 +0100
+Subject: Correct fix for #1956
+
+Origin: upstream, https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5
+Bug: https://github.com/sebastianbergmann/phpunit/pull/2356
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866200
+---
+ src/Util/PHP/Template/TestCaseMethod.tpl.dist | 2 +-
+ src/Util/PHP/eval-stdin.php   | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/Util/PHP/Template/TestCaseMethod.tpl.dist b/src/Util/PHP/Template/TestCaseMethod.tpl.dist
+index 47ef6e4..c7172b9 100644
+--- a/src/Util/PHP/Template/TestCaseMethod.tpl.dist
 b/src/Util/PHP/Template/TestCaseMethod.tpl.dist
+@@ -58,7 +58,7 @@ function __phpunit_run_isolated_test()
+ $output = $test->getActualOutput();
+ }
+ 
+-rewind(STDOUT);
++@rewind(STDOUT); /* @ as not every STDOUT target stream is rewindable */
+ if ($stdout = stream_get_contents(STDOUT)) {
+ $output = $stdout . $output;
+ }
+diff --git a/src/Util/PHP/eval-stdin.php b/src/Util/PHP/eval-stdin.php
+index fe1b8bd..3b3a6d0 100644
+--- a/src/Util/PHP/eval-stdin.php
 b/src/Util/PHP/eval-stdin.php
+@@ -1,3 +1,3 @@
+ ' . file_get_contents('php://input'));
++eval('?>' . file_get_contents('php://stdin'));
diff -Nru phpunit-5.4.6/debian/patches/series phpunit-5.4.6/debian/patches/series
--- phpunit-5.4.6/debian/patches/series	2016-06-18 12:15:55.0 -1000
+++ phpunit-5.4.6/debian/patches/series	2017-06-28 16:41:16.0 -1000
@@ -1 +1,2 @@
 0001-Remove-Composer-autoload.patch
+0002-Correct-fix-for-1956.patch


signature.asc
Description: PGP signature

Bug#866334: ITP: lean -- theorem prover from Microsoft Research

2017-06-28 Thread Anton Gladky 
Hi Benjamin,

please consider the option of maintaining
this package under the roof of the Debian
Science Team.

Best regards

Anton

Am Mittwoch, 28. Juni 2017 schrieb Benjamin Barenblat :

> Package: wnpp
> Severity: wishlist
> Owner: Benjamin Barenblat >
>
> * Package name: lean
>   Version : 3.2.0
>   Upstream Author : Leonardo de Moura  > et al.
> * URL : https://leanprover.github.io/
> * License : Apache-2.0
>   Programming Lang: C++
>   Description : theorem prover from Microsoft Research
>
> Lean is a theorem prover or interactive proof assistant. That is, it’s
> a system in which you can write formal mathematical proofs that are
> checked for correctness by the computer. Lean is thus broadly similar
> to Coq, but the Lean developers hope to build a faster, more extensible
> system than Coq is today.
>
> From the About page: “Lean is a new open source theorem prover being
> developed at Microsoft Research, and its standard library at Carnegie
> Mellon University. Lean aims to bridge the gap between interactive and
> automated theorem proving by situating automated tools and methods in a
> framework that supports user interaction and the construction of fully
> specified axiomatic proofs. The goal is to support both mathematical
> reasoning and reasoning about complex systems, and to verify claims in
> both domains.”
>
> Lean has been under development for several years; regular releases
> first appeared in January. I use Lean, and I know other Debian users
> would like to have it easily accessible.
>


-- 

Anton

Bug#866350: ITP: node-duplexify -- Turn stream into a streams2 duplex with async initialization

2017-06-28 Thread Ying-Chun Liu (PaulLiu) 
Package: wnpp
Severity: wishlist
Owner: Ying-Chun Liu (PaulLiu) 

* Package name: node-duplexify
  Version : 3.5.0
  Upstream Author : Mathias Buus
* URL : https://github.com/mafintosh/duplexify
* License : Expat
  Programming Lang: JavaScript
  Description : Turn stream into a streams2 duplex with async
initialization
 Turn a writable and readable stream into a streams2 duplex stream with
 support for async initialization and streams1/streams2 input.
 .
 Similar to duplexer2 except it supports both streams2 and streams1 as input
 and it allows you to set the readable and writable part asynchronously
using
 setReadable(stream) and setWritable(stream)
 .
 Node.js is an event-based server-side JavaScript engine.

-- 
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) 



signature.asc
Description: OpenPGP digital signature

Bug#853476: kodi: ftbfs with GCC-7

2017-06-28 Thread Bálint Réczey 
Control: reassign -1 libiso9660-dev 0.83-4.3
Control: affects -1 kodi

Hi Matthias,

2017-01-31 10:32 GMT+01:00 Matthias Klose :
> Package: src:kodi
> Version: 2:17.0~rc3+dfsg1-2
> Severity: normal
> Tags: sid buster
> User: debian-...@lists.debian.org
> Usertags: ftbfs-gcc-7
>
> Please keep this issue open in the bug tracker for the package it
> was filed for.  If a fix in another package is required, please
> file a bug for the other package (or clone), and add a block in this
> package. Please keep the issue open until the package can be built in
> a follow-up test rebuild.
>
> The package fails to build in a test rebuild on at least amd64 with
> gcc-7/g++-7, but succeeds to build with gcc-6/g++-6. The
> severity of this report may be raised before the buster release.
> There is no need to fix this issue in time for the stretch release.
>
> The full build log can be found at:
> http://people.debian.org/~doko/logs/gcc7-20170126/kodi_17.0~rc3+dfsg1-2_unstable_gcc7.log
> The last lines of the build log are at the end of this report.
>
> To build with GCC 7, either set CC=gcc-7 CXX=g++-7 explicitly,
> or install the gcc, g++, gfortran, ... packages from experimental.
>
>   apt-get -t=experimental install g++
>
> Common build failures are new warnings resulting in build failures with
> -Werror turned on, or new/dropped symbols in Debian symbols files.
> For other C/C++ related build failures see the porting guide at
> http://gcc.gnu.org/gcc-7/porting_to.html
>
> [...]


The build failed a bit earlier, with:

CPP xbmc/dbwrappers/mysqldataset.o
In file included from
/<>/kodi-17.0~rc3+dfsg1/xbmc/filesystem/iso9660.h:35:0,
 from DetectDVDType.cpp:30:
/usr/include/cdio/iso9660.h:277:45: error: flexible array member
'iso9660_dir_s::filename' not at end of 'struct iso9660_pvd_s'
   char filename[EMPTY_ARRAY_SIZE];
 ^
/usr/include/cdio/iso9660.h:310:20: note: next member 'char
iso9660_pvd_s::root_directory_filename' declared here
   char root_directory_filename;  /**< Is '\\0' or root
^~~
/usr/include/cdio/iso9660.h:283:8: note: in the definition of 'struct
iso9660_pvd_s'
 struct iso9660_pvd_s {
^
/usr/include/cdio/iso9660.h:277:45: error: flexible array member
'iso9660_dir_s::filename' not at end of 'struct iso9660_svd_s'
   char filename[EMPTY_ARRAY_SIZE];
 ^
/usr/include/cdio/iso9660.h:424:20: note: next member 'char
iso9660_svd_s::root_directory_filename' declared here
   char root_directory_filename;  /**< Is '\\0' or root
^~~
/usr/include/cdio/iso9660.h:392:8: note: in the definition of 'struct
iso9660_svd_s'
 struct iso9660_svd_s {
^
...

The problem is in the structure definitions of iso9660.h

The easies way of reproducing the issue is running:
$ sudo apt-get install libiso9660-dev g++-7
$ echo '#include ' | g++-7 -x c++ -
In file included from :1:0:
...

...
> debian/rules:131: recipe for target 'override_dh_auto_build' failed
> make[1]: *** [override_dh_auto_build] Error 2
> make[1]: Leaving directory '/<>/kodi-17.0~rc3+dfsg1'
> debian/rules:79: recipe for target 'build' failed
> make: *** [build] Error 2
> dpkg-buildpackage: error: debian/rules build gave error exit status 2

Cheers,
Balint

Bug#866349: ITP: node-ultron -- event emitter enhancement for node.js

2017-06-28 Thread Ying-Chun Liu (PaulLiu) 
Package: wnpp
Severity: wishlist
Owner: Ying-Chun Liu (PaulLiu) 

* Package name: node-ultron
  Version : 1.1.0
  Upstream Author : Arnout Kazemier
* URL : https://github.com/unshiftio/ultron
* License : Expat
  Programming Lang: JavaScript
  Description : event emitter enhancement for node.js
 Ultron gathers intelligence so it can start improving upon his rudimentary
 design. It will learn your event emitting patterns and find ways to
 exterminate them. Allowing you to remove only the event emitters that you
 assigned and not the ones that your users or developers assigned. This can
 prevent race conditions, memory leaks and even file descriptor leaks from
 ever happening as you won't remove clean up processes.
 .
 Node.js is an event-based server-side JavaScript engine.

-- 
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) 



signature.asc
Description: OpenPGP digital signature

Bug#837187: python3-venv: Using --system-site-packages causes wrong `pip` to be used

2017-06-28 Thread Scott Kitterman 
It looks like this is fixed in python3.6 3.6.1.

Scott K

Bug#788045: reportbug: patch - use the default desktop mua

2017-06-28 Thread Paul Wise 
Control: tags -1 - patch

Disclaimer: I'm not the maintainer of reportbug but...

I don't think this patch is quite ready yet, see below.

On Wed, 2017-06-28 at 10:41 -0400, David Steele wrote:

> The attached patch adds a "desktop-default" option

I might be wrong but I think individual options for choosing an MUA are
deprecated and you should instead use a parameter to the --mua option. 

I also think you should call it xdg-email not desktop-default for
precision about what it does, there is no /usr/bin/desktop-default.

> via xdg-open and a "mailto" URI.

I'd strongly suggest using xdg-email *not* xdg-open, the latter might
not work for mailto but the former is more likely to work.

In addition, xdg-email allows you to specify attachments, which IIRC
reportbug can sometimes use. xdg-open cannot add attachments.

> Note that this drops headers that are not

I don't think that is acceptable since reportbug sets a number of other
headers. mailto URLs can contain arbitrary headers anyway.

> "X-Debbugs-Cc" would need to be moved to a pseudo-header.

I think this should happen anyway, so that people receiving XCCs
understand why they are getting a bug they did not expect.

> I dropped a stopgap measure that moved X-Debug-Cc entries to Cc.

You should never CC folks on a submit@ mail, so thanks for dropping it.

PS: I think use of ui.system breaks this under the GTK+ UI.

PPS: I note that the emacsclient MUA and viewing in a pager use it too.

PPPS: *never* run external commands from python via os.system or
equivalent (such as ui.system) unless you are using a hard-coded string
for the command. Using dynamically calculated or user-provided data is
likely to create issues when there are shell meta-characters present. 

S: if you are interested in expanding the MUA support of reportbug,
I would suggest looking at reportbug-ng, which even supports webmail
like gmail.com (in commented-out code that actually works). Personally,
I think the MUA handling code of both reportbug and reportbug-ng needs
to be factored out into a Python library that both tools can use.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#816740: python3-venv: virtual environment was not created successfully because ensurepip is not available

2017-06-28 Thread Scott Kitterman 
On Fri, 4 Mar 2016 17:13:21 +0100 Emmanuel Fleury  wrote:
> Package: python3-venv
> Version: 3.5.1-2
> Severity: important
> 
> Dear beloved Maintainer,
> 
> I recently updated my Debian unstable with the new python-3.5 packages
> and it rendered the pyvenv command totally unusable (that is why I am
> marking this report as 'important').
> 
> What are the symptoms and how to reproduce it:
> ==
> 
> $> pyvenv my_venv_name
> The virtual environment was not created successfully because ensurepip
> is not available.  On Debian/Ubuntu systems, you need to install the
> python3-venv package using the following command.

This is a deliberate design choice in Debian and not a bug, so tagging 
wontfix.  Ensurepip is a development tool and in Debian those are not 
installed by default.

Scott K

Bug#840750: Availability for picocoin RFS

2017-06-28 Thread Joel DeJesus 
No worries on that.  I will have to do some updating of the source code
to coincide with some protocol updates. 

Thanks for your help and hope you can pick up some time after Summer.


On 06/29/2017 05:26 AM, David Steele wrote:
> First, I want to apologize for the latest delay in responding. I remember 
> being on the waiting side of things, and am sorry I'm contributing to the 
> problem.
>
> Second, I want to let you know that I won't be able to get to this, for at 
> least till the end of summer. If someone else picks up sponsorship, that 
> would be great. Otherwise, I'll check in after August.
>




signature.asc
Description: OpenPGP digital signature

Bug#866313: systemd: create /var/log/lastlog if it does not exist

2017-06-28 Thread Peter Colberg 
Hi Michael,

On Wed, Jun 28, 2017 at 10:10:25PM +0200, Michael Biebl wrote:
> Am 28.06.2017 um 21:50 schrieb Peter Colberg:
> > Package: systemd
> > Version: 233-9
> > Severity: normal
> > 
> > Dear Maintainer,
> > 
> > Could you extend /usr/lib/tmpfiles.d/var.conf as follows?
> > 
> > f /var/log/lastlog 0664 root utmp -
> > 
> > systemd already creates /var/log/wtmp and /var/log/btmp if they do not
> > exist. For custom live-boot images that exclude files under /var/log/,
> > it would be nice to also create /var/log/lastlog, e.g., for sshd:
> > 
> > # grep lastlog /var/log/auth.log
> > Jun 27 20:00:00 huron sshd[1234]: lastlog_openseek: Couldn't stat 
> > /var/log/lastlog: No such file or directory
> 
> I can see the reason why /var/log/{utmp,wtmp} are shipped by systemd.
> See man systemd-update-utmp
> 
> I don't immediately see a good reason why such a tmpfile for lastlog
> would belong into systemd though, given that systemd does not touch that
> file at all.
> Can you please elaborate?

In Debian, base-files creates the files /var/log/wtmp /var/log/btmp
/var/log/lastlog in postinst [1]. For consistency, systemd should
recreate all of these three files if needed.

Regards,
Peter

[1] https://sources.debian.net/src/base-files/10/debian/postinst.in/#L86

Bug#866348: xserver-xorg-core: Jessie -> Stretch upgrade breaks X on Silicon Motion SM710 LynxEM

2017-06-28 Thread Michael Redman 
Package: xserver-xorg-core
Version: 2:1.19.3-1
Severity: important

Dear Maintainer,

Thank you for your work on the Debian project.

This is my first time reporting a bug.

X was working fine under Jessie on a Gateway Solo 2550 laptop I have, using 
"apt-get install xorg icewm" and an xorg.conf I have had since probably Etch 
and kludged with every release to keep the machine working.

Recently I upgraded to Stretch (fresh install) and found X was no longer 
working. /usr/lib/xorg/Xorg segfaults, regardless of how I try to kludge the 
xorg.conf, and also even when running "X -configure". When running "X 
-configure" the first 3 lines of the stack trace are also Xorg, Xorg, 
linux-gate.so, but then there is nothing more.

In the xorg.conf I tried EXA acceleration and no acceleration but neither of 
those helps. Nor does "UseBIOS true", using the "vesa" driver instead of 
"siliconmotion", or anything else so far.

Thanks in advance for any fixes, workarounds, or troubleshooting guidance you 
may be able to offer.

Best regards,

Michael Redman
michael.redma...@gmail.com


-- Package-specific info:
/etc/X11/X does not exist.
/etc/X11/X is not a symlink.
/etc/X11/X is not executable.

VGA-compatible devices on PCI bus:
--
01:00.0 VGA compatible controller [0300]: Silicon Motion, Inc. SM710 LynxEM 
[126f:0710] (rev a3)

Xorg X server configuration file status:

-rw-r--r-- 1 root root 3168 Jun 28 19:24 /etc/X11/xorg.conf

Contents of /etc/X11/xorg.conf:
---
# /etc/X11/xorg.conf (xorg X Window System server configuration file)
#
# This file was generated by dexconf, the Debian X Configuration tool, using
# values from the debconf database.
#
# Edit this file with caution, and see the /etc/X11/xorg.conf manual page.
# (Type "man /etc/X11/xorg.conf" at the shell prompt.)
#
# This file is automatically updated on xserver-xorg package upgrades *only*
# if it has not been modified since the last upgrade of the xserver-xorg
# package.
#
# If you have edited this file but would like it to be automatically updated
# again, run the following command:
#   sudo dpkg-reconfigure -phigh xserver-xorg

Section "Files"
FontPath"/usr/share/fonts/X11/misc"
FontPath"/usr/X11R6/lib/X11/fonts/misc"
FontPath"/usr/share/fonts/X11/cyrillic"
FontPath"/usr/X11R6/lib/X11/fonts/cyrillic"
FontPath"/usr/share/fonts/X11/100dpi/:unscaled"
FontPath"/usr/X11R6/lib/X11/fonts/100dpi/:unscaled"
FontPath"/usr/share/fonts/X11/75dpi/:unscaled"
FontPath"/usr/X11R6/lib/X11/fonts/75dpi/:unscaled"
FontPath"/usr/share/fonts/X11/Type1"
FontPath"/usr/X11R6/lib/X11/fonts/Type1"
FontPath"/usr/share/fonts/X11/100dpi"
FontPath"/usr/X11R6/lib/X11/fonts/100dpi"
FontPath"/usr/share/fonts/X11/75dpi"
FontPath"/usr/X11R6/lib/X11/fonts/75dpi"
# path to defoma fonts
FontPath"/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
EndSection

Section "Module"
Load"bitmap"
Load"ddc"
Load"dri"
Load"extmod"
Load"freetype"
Load"glx"
Load"int10"
Load"vbe"
EndSection

Section "InputDevice"
Identifier  "Generic Keyboard"
Driver  "kbd"
Option  "CoreKeyboard"
Option  "XkbRules"  "xorg"
Option  "XkbModel"  "pc104"
Option  "XkbLayout" "us"
EndSection

Section "InputDevice"
Identifier  "Configured Mouse"
Driver  "mouse"
Option  "CorePointer"
Option  "Device""/dev/input/mice"
Option  "Protocol"  "ImPS/2"
Option  "Emulate3Buttons"   "true"
EndSection

Section "InputDevice"
Identifier  "Synaptics Touchpad"
Driver  "synaptics"
Option  "SendCoreEvents""true"
Option  "Device""/dev/psaux"
Option  "Protocol"  "auto-dev"
Option  "HorizScrollDelta"  "0"
EndSection

Section "Device"
Identifier  "Silicon Motion, Inc. SM710 LynxEM"
Driver  "siliconmotion"
BusID   "PCI:1:0:0"
Option  "UseBIOS"   "false"
EndSection

Section "Monitor"
Identifier  "Generic Monitor"
Option  "DPMS"
HorizSync   28-51
VertRefresh 43-60
EndSection

Section "Screen"
Identifier  "Default Screen"
Device  "Silicon Motion, Inc. SM710 LynxEM"
Monitor "Generic Monitor"
DefaultDepth16
SubSection "Display"
Depth   1
Modes

Bug#725408: Debian bug #725408

2017-06-28 Thread Nicholas D Steeves 
Hello,

On Sun, Oct 27, 2013 at 06:54:18PM +0100, Sébastien Delafond wrote:
> 
> OK, I see it now; since I'm using emacs24 these days, I had to re-run
> your tests with emacs24-common-non-dfsg on my end to reproduce the
> behavior you see.
> 
> Cheers,
> 
> --Seb
> 
> On Oct/27, Thomas Koch wrote:
> > I could reproduce this behaviour also with 'emacs -q'. My org-mode package 
> > is 
> > from backports but my org-mode-doc package from testing since there isn't 
> > one 
> > in backports.
> > 
> > I've purged both emacs23-common-non-dfsg and org-mode-doc and reinstalled 
> > only 
> > org-mode-doc from testing. Than I see the version 8 of org-mode info 
> > documentation in emacs.
> > 
> > After installing emacs23-common-non-dfsg again, I see version 6 of the org 
> > mode documentation.
> > 
> > I've purged both packages again and installed emacs23-common-non-dfsg first 
> > and 
> > org-mode-doc afterwards and still only see version 6 of org-mode in the 
> > info 
> > browser.
> > 
> > When I run "info" from the shell, I see the org 8 manual.
> > 
> > The solution might be related to this:
> > 
> > Info-directory-list is a variable defined in `info.el'.
> > Its value is ("/usr/share/info/emacs-23" "/usr/share/info/" 
> > "/usr/share/info/")
> > 
> > 
> > Documentation:
> > List of directories to search for Info documentation files.
> > If nil, meaning not yet initialized, Info uses the environment
> > variable INFOPATH to initialize it, or `Info-default-directory-list'
> > if there is no INFOPATH variable in the environment, or the
> > concatenation of the two if INFOPATH ends with a colon.
> > 
> > When `Info-directory-list' is initialized from the value of
> > `Info-default-directory-list', and Emacs is installed in one of the
> > standard directories, the directory of Info files that come with Emacs
> > is put last (so that local Info files override standard ones).
> > 
> > When `Info-directory-list' is initialized from the value of
> > `Info-default-directory-list', and Emacs is not installed in one
> > of the standard directories, the first element of the resulting
> > list is the directory where Emacs installs the Info files that
> > come with it.  This is so that Emacs's own manual, which suits the
> > version of Emacs you are using, will always be found first.  This
> > is useful when you install an experimental version of Emacs without
> > removing the standard installation.
> > 
> > If you want to override the order of directories in
> > `Info-default-directory-list', set INFOPATH in the environment.
> > 
> > If you run the Emacs executable from the `src' directory in the Emacs
> > source tree, and INFOPATH is not defined, the `info' directory in the
> > source tree is used as the first element of `Info-directory-list', in
> > place of the installation Info directory.  This is useful when you run
> > a version of Emacs without installing it.
> > 
> > Regards, Thomas Koch
> > 

This bug hasn't seen any activity for some time, so I thought I'd
update it for 8.2.10-1 (jessie) with emacs24-common-non-dfsg
installed.  The command "info org" shows the manual for Org version
8.2.10; however, the Emacs info mode (C-h i m org) shows the manual
for Org version 8.2.9.  Emacs24 is the only emacsen that is installed.

In stretch, with emacs25-common-non-dfsg and only emacs25 installed
"info org" shows the manual for Org version 8.2.9 and emacs' info mode
also shows the manual for version 8.2.9.  This is very strange, seeing
as "info org" found the correct manual in jessie!

I will probably do a mini-project on pkg-emacsen documentation during
Debcamp17.  Would you like me to look into org-mode-doc at this time?

Cheers,
Nicholas


signature.asc
Description: Digital signature

Bug#866347: pcmanfm-qt should recommend and/or suggest some lxqt components

2017-06-28 Thread Alf Gaida 
Package: pcmanfm-qt
Version: 0.11.4~59-g30abc55-1
Severity: normal
Tags: newcomer

Even if pcmanfm-qt is DE agnosic, it is part of the LXQt project. Thus, 
pcmanfm-qt should recommend a few
components and suggest lxqt | lxqt-core

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-rc6-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pcmanfm-qt depends on:
ii  dbus-user-session [default-dbus-session-bus]  1.10.18-1
ii  dbus-x11 [dbus-session-bus]   1.10.18-1
ii  libc6 2.24-12
ii  libfm-modules 1.2.5-1.34-g9125c4ae-1
ii  libfm-qt3 0.11.3~120-g7ee6505-1
ii  libfm41.2.5-1.34-g9125c4ae-1
ii  libglib2.0-0  2.52.3-1
ii  libqt5core5a  5.7.1+dfsg-3+b1
ii  libqt5dbus5   5.7.1+dfsg-3+b1
ii  libqt5gui55.7.1+dfsg-3+b1
ii  libqt5widgets55.7.1+dfsg-3+b1
ii  libqt5x11extras5  5.7.1~20161021-2
ii  libstdc++67.1.0-7
ii  libxcb1   1.12-1

Versions of packages pcmanfm-qt recommends:
ii  breeze-icon-theme  4:5.32.0-1
ii  eject  2.1.5+deb1+cvs20081104-13.2
ii  faenza-icon-theme  1.3.1-2
ii  gksu   2.0.2-9+b1
ii  gnome-icon-theme   3.12.0-2
ii  gvfs-backends  1.30.4-1+b1
ii  lxqt-sudo  0.11.2~2-g398d171-1
ii  oxygen-icon-theme  5:5.28.0-1
ii  pcmanfm-qt-l10n0.11.3~40-gfecb1e72-1

Versions of packages pcmanfm-qt suggests:
ii  cdtool  2.1.8-release-4

-- no debconf information

Bug#866346: lxqt-session should recommend lxqt-config

2017-06-28 Thread Alf Gaida 
Package: lxqt-session
Version: 0.11.2~108-ga56daab-1
Severity: normal
Tags: newcomer

lxqt-config is the container app for all session and DE settings and should be 
recommend

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-rc6-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxqt-session depends on:
ii  libc62.24-12
ii  libkf5windowsystem5  5.28.0-2
ii  liblxqt0 0.11.2~14-gcc4ab53-1
ii  libqt5core5a 5.7.1+dfsg-3+b1
ii  libqt5dbus5  5.7.1+dfsg-3+b1
ii  libqt5gui5   5.7.1+dfsg-3+b1
ii  libqt5widgets5   5.7.1+dfsg-3+b1
ii  libqt5x11extras5 5.7.1~20161021-2
ii  libqt5xdg2   2.0.1~54-g075f9f4-1
ii  libstdc++6   7.1.0-7
ii  libudev1 233-9
ii  libx11-6 2:1.6.4-3
ii  x11-xkb-utils7.7+3+b1

Versions of packages lxqt-session recommends:
ii  lxqt-session-l10n  0.11.3~40-gfecb1e72-1
ii  xscreensaver   5.36-1

lxqt-session suggests no packages.

-- no debconf information

Bug#866345: lxqt-sudo should recommend lxqt-qtplugin

2017-06-28 Thread Alf Gaida 
Package: lxqt-sudo
Version: 0.11.2~2-g398d171-1
Severity: normal
Tags: newcomer

lxqt-qtplugin is needed for session settings, so even lxqt-sudo should 
recommend it.

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-rc6-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxqt-sudo depends on:
ii  libc6   2.24-12
ii  liblxqt00.11.2~14-gcc4ab53-1
ii  libqt5core5a5.7.1+dfsg-3+b1
ii  libqt5gui5  5.7.1+dfsg-3+b1
ii  libqt5widgets5  5.7.1+dfsg-3+b1
ii  libstdc++6  7.1.0-7

Versions of packages lxqt-sudo recommends:
pn  lxqt-sudo-l10n  

lxqt-sudo suggests no packages.

-- no debconf information

Bug#866314: linux-image-4.9.0-3-686-pae: 100+ times slower disk writes on 4.x+/i386/16+RAM, compared to 3.x

2017-06-28 Thread Holger Levsen 
On Wed, Jun 28, 2017 at 11:22:06PM +, Holger Levsen wrote:
> (As a workaround I plan to use 8 machines with 15gb ram instead of 4 with 35…)

actually this wont work here, there are not enough storage ressources to run
8 instead of 4 machines…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#866344: lxqt-session should depend on lxqt-qtplugin and recommend lxqt-policykit

2017-06-28 Thread Alf Gaida 
Package: lxqt-session
Version: 0.11.2~108-ga56daab-1
Severity: normal
Tags: newcomer

lxqt-session should depend on lxqt-qtplugin - if we consider that all
components should be provided with session settings. lxqt-policykit
should be at least recommended.

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-rc6-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxqt-session depends on:
ii  libc62.24-12
ii  libkf5windowsystem5  5.28.0-2
ii  liblxqt0 0.11.2~14-gcc4ab53-1
ii  libqt5core5a 5.7.1+dfsg-3+b1
ii  libqt5dbus5  5.7.1+dfsg-3+b1
ii  libqt5gui5   5.7.1+dfsg-3+b1
ii  libqt5widgets5   5.7.1+dfsg-3+b1
ii  libqt5x11extras5 5.7.1~20161021-2
ii  libqt5xdg2   2.0.1~54-g075f9f4-1
ii  libstdc++6   7.1.0-7
ii  libudev1 233-9
ii  libx11-6 2:1.6.4-3
ii  x11-xkb-utils7.7+3+b1

Versions of packages lxqt-session recommends:
ii  lxqt-session-l10n  0.11.3~40-gfecb1e72-1
ii  xscreensaver   5.36-1

lxqt-session suggests no packages.

-- no debconf information

Bug#866334: ITP: lean -- theorem prover from Microsoft Research

2017-06-28 Thread Benjamin Barenblat 
> On Wed, Jun 28, 2017 at 05:37:53PM -0400, Benjamin Barenblat wrote:
> >   Description : theorem prover from Microsoft Research

On Thu, Jun 29, 2017 at  1:41:57 AM, Julian Andres Klode  
wrote:
> I don't think we need the company advertisement here, though.

Maybe. MSR is a well-known name in the programming languages and formal
verification communities, and the fact that they’re behind Lean is
something that many potential users would want to know. That said, I’m
not terribly attached to this description, and I’d feel comfortable just
saying “interactive theorem prover”.

> > From the About page: “Lean is a new open source theorem prover being
> > developed at Microsoft Research, and its standard library at Carnegie
> 
> Sounds weird, how can a standard libary develop something?

Ha. I agree that it’s not the best-written description. I’d probably
rephrase it as “Lean is a theorem prover developed at Microsoft Research
and Carnegie Mellon University.”

> > Lean has been under development for several years; regular releases
> > first appeared in January. I use Lean, and I know other Debian users
> > would like to have it easily accessible.
> 
> Seems like this is not a good fit for the package description

I assume you’re specifically referring to this paragraph, in which case,
you’re completely right. I was responding to the reportbug prompt to
explain why I think Lean ought to be packaged. I don’t intend to include
this praagraph in the description.

> […] the quote might have licensing issues.

We should be in the clear here, since the Lean web site is licensed
under Expat. The quote in question appears in Git at
https://github.com/leanprover/leanprover.github.io/blob/master/about/index.md,
if you’re interested.

Bug#788045: reportbug: patch - use the default desktop mua

2017-06-28 Thread David Steele 
Control: tags -1 + patch

Paul Wise wrote:

> When it is available, please use the xdg-email program to send bugs via
> the users preferred MUA. It supports setting To, CC, BCC, Subject, body
> text and adding attachments.

Good idea.

The attached patch adds a "desktop-default" option, which causes reportbug
to send using the default desktop mailer, via xdg-open and a "mailto" URI.

--
AE0D BF5A 92A5 ADE4 9481  BA6F 8A31 71EF 3661 50CE


0001-Add-a-desktop-default-mua-option.patch
Description: Binary data


signature.asc
Description: GooPG digital signature

Bug#840750: Availability for picocoin RFS

2017-06-28 Thread David Steele 

First, I want to apologize for the latest delay in responding. I remember being 
on the waiting side of things, and am sorry I'm contributing to the problem.

Second, I want to let you know that I won't be able to get to this, for at 
least till the end of summer. If someone else picks up sponsorship, that would 
be great. Otherwise, I'll check in after August.

-- 
AE0D BF5A 92A5 ADE4 9481  BA6F 8A31 71EF 3661 50CE


signature.asc
Description: GooPG digital signature

Bug#866334: ITP: lean -- theorem prover from Microsoft Research

2017-06-28 Thread Julian Andres Klode 
On Wed, Jun 28, 2017 at 05:37:53PM -0400, Benjamin Barenblat wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Benjamin Barenblat 
> 
> * Package name: lean
>   Version : 3.2.0
>   Upstream Author : Leonardo de Moura  et al.
> * URL : https://leanprover.github.io/
> * License : Apache-2.0
>   Programming Lang: C++
>   Description : theorem prover from Microsoft Research

I don't think we need the company advertisement here, though.

> 
> Lean is a theorem prover or interactive proof assistant. That is, it’s
> a system in which you can write formal mathematical proofs that are
> checked for correctness by the computer. Lean is thus broadly similar
> to Coq, but the Lean developers hope to build a faster, more extensible
> system than Coq is today.

This looks good so far for the package description, not sure about
the rest though:

> 
> From the About page: “Lean is a new open source theorem prover being
> developed at Microsoft Research, and its standard library at Carnegie

Sounds weird, how can a standard libary develop something?

> Mellon University. Lean aims to bridge the gap between interactive and
> automated theorem proving by situating automated tools and methods in a
> framework that supports user interaction and the construction of fully
> specified axiomatic proofs. The goal is to support both mathematical
> reasoning and reasoning about complex systems, and to verify claims in
> both domains.”
> 
> Lean has been under development for several years; regular releases
> first appeared in January. I use Lean, and I know other Debian users
> would like to have it easily accessible.

Seems like this is not a good fit for the package description, and
the quote might have licensing issues.

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.

Bug#866009: ITP: python-aiosmtpd -- Python3 asyncio based SMTP server

2017-06-28 Thread Pierre-Elliott Bécue 
Le lundi 26 juin 2017 à 16:55:28+0200, Pierre-Elliott Bécue a écrit :
> Package: wnpp
> Severity: wishlist
> Owner: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= 
> 
> * Package name: python-aiosmtpd
>   Version : 1.0
>   Upstream Author : Barry Warsaw , Eric V. Smith,
> Andrew Kuchling, Jason Coombs
> * URL : https://github.com/aio-libs/aiosmtpd
> * License : Apache 2
>   Programming Lang: Python
>   Description : Python3 asyncio based SMTP server
> 
> This is a server for SMTP and related protocols, similar in utility to
> the standard library’s smtpd.py module, but rewritten to be based on
> asyncio for Python 3.
> 
> This package is a new dependency for mailman3-core package that I first
> intended to package in sept. 2015[1]. Since then, we decided to wait
> until Mailman 3.1 to finalize packaging as python3.5 became the main
> version of python in debian and mailman3.0.x was not fully 3.5
> operative.
> 
> Now that 3.1 is out, it's time to finish this work, and this package
> seems to be the only missing dependency.
> 
> This package would be maintained by me and the DPMT. Barry Warsaw
> offered to sponsor me on this one.
> 
> Cheers.
> 
> [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799281

The package builds properly. Lintian complains about a .gitignore file that
hangs around, and there is a small bug upstream on some tests that lead to
raises during dh_auto_test (but the tests still succeed).

I'll wait for a push into pypi of a fixed version and then RFS.

-- 
PEB

Bug#866343: extlinux: Files in /etc/kernel/ not removed during upgrade

2017-06-28 Thread Laurent Bigonville 
Package: extlinux
Version: 3:6.03+dfsg-14.1
Severity: normal

Hi,

It seems that the files that were installed in /etc/kernel/ have never
been removed:

 /etc/kernel/postinst.d/zz-extlinux 75d6c53e25000da91039ef7758d4904d obsolete
  /etc/kernel/postrm.d/zz-extlinux 75d6c53e25000da91039ef7758d4904d obsolete

This should be done explicitly during the upgrade

Regards,

Laurent Bigonville

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages extlinux depends on:
ii  libc6  2.24-12

Versions of packages extlinux recommends:
ii  syslinux-common  3:6.03+dfsg-14.1

extlinux suggests no packages.

-- debconf information:
* extlinux/no-bootloader-integration:
  extlinux/install: false
  extlinux/title:

Bug#866314: linux-image-4.9.0-3-686-pae: 100+ times slower disk writes on 4.x+/i386/16+RAM, compared to 3.x

2017-06-28 Thread Holger Levsen 
On Wed, Jun 28, 2017 at 10:35:39PM +0100, Ben Hutchings wrote:
> I would say only 'normal', because this isn't a sensible configuration.
 
I was saying today that there are probably 100 people running i386 with i386
kernels with more than 16gb ram in the world. And then corrected myself to
"1000"…

;-)

> Why don't you assign a smaller amount of RAM to the 32-bit VMs?  Are
> there packages that need this much to build?
 
because there are up to ten builds running simulataneously on these machines.
5 on average, and usually between 3 and 7 I'd say…

And hey, it used to work nicely.

(As a workaround I plan to use 8 machines with 15gb ram instead of 4 with 35…)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#866341: ben: Please use deb.debian.org as the default mirror

2017-06-28 Thread James Clarke 
Package: ben
Version: 0.7.4
Tags: patch

Hi,
Currently, ben defaults to using httpredir.debian.org as the default
mirror, which is now deprecated and redirects to deb.debian.org. Please
use deb.debian.org directly; patch attached.

Regards,
James
>From 96c8db6a97e7d88405999c661bb281f351985fe8 Mon Sep 17 00:00:00 2001
From: James Clarke 
Date: Wed, 28 Jun 2017 23:50:56 +0100
Subject: [PATCH] Use deb.debian.org rather than httpredir.debian.org as the
 default mirror

---
 examples/download/unstable.ben | 2 +-
 examples/tracker/global.conf   | 2 +-
 lib/benl_clflags.ml| 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/download/unstable.ben b/examples/download/unstable.ben
index e065568..54ee1b3 100644
--- a/examples/download/unstable.ben
+++ b/examples/download/unstable.ben
@@ -3,7 +3,7 @@
 # Run with "ben download -c unstable.ben", and it will download Sources and
 # Packages for listed architectures into current directory.
 
-mirror = "http://httpredir.debian.org/debian;;
+mirror = "http://deb.debian.org/debian;;
 suite = "unstable";
 areas = [ "main"; "contrib"; "non-free" ];
 
diff --git a/examples/tracker/global.conf b/examples/tracker/global.conf
index 6f3ac66..4d668b9 100644
--- a/examples/tracker/global.conf
+++ b/examples/tracker/global.conf
@@ -52,4 +52,4 @@ use-projectb = true;
 # - mirror sets both mirror-binaries and mirror-sources to the same mirror
 # These options are (obviously) not taken into account if use-projectb is
 # set to true.
-mirror = "http://httpredir.debian.org/debian;;
+mirror = "http://deb.debian.org/debian;;
diff --git a/lib/benl_clflags.ml b/lib/benl_clflags.ml
index 7bce6c2..29085e1 100644
--- a/lib/benl_clflags.ml
+++ b/lib/benl_clflags.ml
@@ -33,8 +33,8 @@ let cache_file = ref "ben.cache"
 let use_cache = ref false
 let use_benrc = ref true
 let media_dir = ref (get_env_default "BEN_MEDIA_DIR" "/usr/share/ben/media")
-let mirror_binaries = ref "http://httpredir.debian.org/debian;
-let mirror_sources = ref "http://httpredir.debian.org/debian;
+let mirror_binaries = ref "http://deb.debian.org/debian;
+let mirror_sources = ref "http://deb.debian.org/debian;
 let mirror = mirror_binaries
 let suite = ref "unstable"
 let areas = ref ["main"; "contrib"; "non-free"]
-- 
2.13.2

Bug#866342: ben: Please use tracker.debian.org for PTS links

2017-06-28 Thread James Clarke 
Package: ben
Version: 0.7.4
Tags: patch

Hi,
Currently ben uses packages.qa.debian.org for its PTS links; please use
the newer tracker.debian.org instead. Patch attached.

Regards,
James
>From a0b2b82ce9472e0c9d85b929f382b954761b26c5 Mon Sep 17 00:00:00 2001
From: James Clarke 
Date: Wed, 28 Jun 2017 23:51:37 +0100
Subject: [PATCH] Use tracker.debian.org for PTS links

---
 doc/refman.txt| 2 +-
 templates/debian.ml   | 2 +-
 templates/debianrt.ml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/refman.txt b/doc/refman.txt
index 6071ed7..1ef6c8d 100644
--- a/doc/refman.txt
+++ b/doc/refman.txt
@@ -269,7 +269,7 @@ There are other optional fields:
 [options="header"]
 |=
 | Original text  | Result
-| pts:ocaml  | https://packages.qa.debian.org/ocaml[pts:ocaml]
+| pts:ocaml  | https://tracker.debian.org/ocaml[pts:ocaml]
 | buildd:ocaml   | https://buildd.debian.org/ocaml[buildd:ocaml]
 | #123456| https://bugs.debian.org/123456[#123456]
 || https://lists.debian.org/msg-id
diff --git a/templates/debian.ml b/templates/debian.ml
index ac89277..acfee5a 100644
--- a/templates/debian.ml
+++ b/templates/debian.ml
@@ -37,7 +37,7 @@ let () =
 name = "Simple";
 page;
 intro = [];
-pts = (fun ~src -> sprintf "https://packages.qa.debian.org/%s; src);
+pts = (fun ~src -> sprintf "https://tracker.debian.org/%s; src);
 changelog = (fun ~letter ~src ~ver -> sprintf 
"https://packages.debian.org/changelog:%s; src);
 buildd = (fun ~src ~ver -> sprintf 
"https://buildd.debian.org/status/package.php?p=%s; src);
 buildds = (fun ~srcs ->
diff --git a/templates/debianrt.ml b/templates/debianrt.ml
index 96d23a9..7211d7d 100644
--- a/templates/debianrt.ml
+++ b/templates/debianrt.ml
@@ -50,7 +50,7 @@ let () =
   br ();
   br ();
 ];
-pts = (fun ~src -> sprintf "https://packages.qa.debian.org/%s; src);
+pts = (fun ~src -> sprintf "https://tracker.debian.org/%s; src);
 changelog = (fun ~letter ~src ~ver -> sprintf 
"https://packages.debian.org/changelog:%s; src);
 buildd = (fun ~src ~ver -> sprintf 
"https://buildd.debian.org/status/package.php?p=%s; src);
 buildds = (fun ~srcs ->
-- 
2.13.2

Bug#866326: strongswan-swanctl: Include ‘/etc/swanctl/conf.d/*.conf’ from ‘/etc/swanctl/swanctl.conf’

2017-06-28 Thread Gerald Turner 
Control: forwarded -1 https://wiki.strongswan.org/issues/2371

FYI, I opened a bug with strongSwan upstream that included the inner
quilt patch.

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D


signature.asc
Description: PGP signature

Bug#866325: charon-systemd: Install charon-systemd.conf

2017-06-28 Thread Gerald Turner 
Control: forwarded -1 https://wiki.strongswan.org/issues/2370

FYI, I opened a bug with strongSwan upstream that included the inner
quilt patch.

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D


signature.asc
Description: PGP signature

Bug#866340: aa-genprof: ERROR: Can't find system log "/var/log/syslog" (journald-only setup)

2017-06-28 Thread Julian Andres Klode 
Package: apparmor-utils
Version: 2.11.0-5
Severity: normal
File: /usr/sbin/aa-genprof

aa-genprof fails if syslog does not exist, which is the
case on a journald-only machine.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (900, 'testing'), (500, 'unstable-debug'), 
(500, 'buildd-unstable'), (98, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor-utils depends on:
ii  apparmor  2.11.0-5
ii  libapparmor-perl  2.11.0-5
ii  python3   3.5.3-1
ii  python3-apparmor  2.11.0-5

apparmor-utils recommends no packages.

Versions of packages apparmor-utils suggests:
ii  vim-addon-manager  0.5.6

-- no debconf information

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.

Bug#866041: anacron: may execute daily/weekly/monthly jobs shortly after midnight

2017-06-28 Thread Michael Biebl 
Am 29.06.2017 um 00:16 schrieb Michael Biebl:
> On Mon, 26 Jun 2017 23:50:51 +0200 "Francesco Poli (wintermute)"
>  wrote:
>> Package: anacron
>> Version: 2.3-24
>> Severity: normal
>> Tags: patch
>>
>> Hello,
>> I see that bug #744753 has been solved by changing the frequency at
>> which anacron checks whether there are jobs to be executed.
>> When systemd is PID 1, anacron performs this check hourly via
>> timer, rather than daily at 7:30, as done on boxes where systemd is
>> *not* PID 1 (/etc/cron.d/anacron).
>>
>> This behavior change has a significant side effect: if the box
>> is up and running at midnight, anacron may begin to execute
>> daily (and possibly also weekly or monthly) jobs shortly after.
>> Maybe it will (attempt to) start a backup or something like that,
>> after midnight, when it could be time to shut the box down...
> 
> If you run a backup via cron you should guard it against accidental
> shutdown in any case. systemd-inhibit is the tool you might want to look
> into.

I also want to add that in older releases anacron was triggered on
resume and AC changes (via the pm-utils hooks).

So you didn't necessarly have a fixed time when anacron (and possibly
such a backup script) runs.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#866335: transition: python3-defaults

2017-06-28 Thread Emilio Pozuelo Monfort 
Control: forwarded -1 https://release.debian.org/transitions/html/python3.6.html

On 28/06/17 23:46, Scott Kitterman wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> We would like to add python3.6 as a supported python3 version along with
> python3.5.  This is not exactly like a normal transition.  Only transient
> unbuildability of higher level packages is to be expected.
> 
> As usual, we are planning a three step transition from python3.5 to python3.6.
> 
> Adding python3.6 as supported is first.
> 
> Once that is complete, we'll file another request to make python3.6 the
> default python3.  This step does not need to immediately follow the first.
> 
> After that, we'll drop python3.5 as a supported version (other than needing a
> tracker, that step doesn't need any support from the release team and won't
> entangle anything as buildability of packages is not implicated).

Sure, should be all fine. For the first step, have you done a rebuild? Do or
should all rdeps that build modules for all supported python versions works fine
with 3.6, or are there some bugs / ftbfs issues?

> Ben file:
> 
> title = "python3-defaults";
> is_affected = .depends ~ "python3-all-dev";

You probably meant build-depends, but I prefer to use depends as otherwise there
usually are too many unknowns. Hopefully the tracker (similar to the python3.5
one) is fine.

Emilio

> is_good = .depends ~ "python3 (<< 3.7)";
> is_bad = .depends ~ "python3 (<< 3.6)";
> 
> Scott K
> 
>

Bug#866338: New version 4.0.0

2017-06-28 Thread Craig Andrews 

Source: cppformat
Version: 3.0.1+ds-1

Version 4.0.0 of libfmt has been released - can you please release new 
packages for it? (libfmt4-dev, libfmt4-doc, etc)


https://github.com/fmtlib/fmt/releases/tag/4.0.0

Thanks,
~Craig

Bug#866339: gstreamer1.0-plugins-ugly: fails to play mp3 files

2017-06-28 Thread Martin Bergström 

Package: gstreamer1.0-plugins-ugly
Version: 1.12.1-1
Severity: normal

(I am not confident diagnosing gstreamer issues, so please bear with me.)

Other formats like ogg and flac works fine. Also non-gstreamer players 
can play

mp3 files.

There is an error message in Quod Libet and Totem when attempting to 
play mp3
files. Totem says "MPEG-1 Layer 3 (MP3) decoder is required to play the 
file,

but it is not installed."

gstreamer was recently upgraded to 1.12.1-1. (I think the problem manifested
also in 1.10.4-1 but I might have that wrong.) It worked a couple a 
weeks ago on

this machine running up-to-date "testing".

1.10.4-1 depends on libmad0 but 1.12.1-1 does not.
libmad0 0.15.1b-8 is installed to satisfy dependencies of other packages.

$ LC_ALL=C gst-play-1.0 -v cipyd99.mp3
Press 'k' to see a list of keyboard shortcuts.
Now playing /home/martin/media/incoming/cipyd99.mp3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: ring-buffer-max-size = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-size = -1
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-duration = -1
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: use-buffering = false
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: download = false
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: uri = 
file:///home/martin/media/incoming/cipyd99.mp3

/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: connection-speed = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: source = 
"\(GstFileSrc\)\ source"
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:src: 
caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:src: 
caps = NULL
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstID3Demux:id3demux0.GstPad:src: 
caps = NULL
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstID3Demux:id3demux0.GstPad:src: 
caps = NULL
WARNING No decoder available for type 'audio/mpeg, mpegversion=(int)1, 
mpegaudioversion=(int)1, layer=(int)3, rate=(int)44100, channels=(int)1, 
parsed=(boolean)true'.
WARNING debug information: gsturidecodebin.c(931): unknown_type_cb (): 
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0
ERROR Your GStreamer installation is missing a plug-in. for 
file:///home/martin/media/incoming/cipyd99.mp3
ERROR debug information: gsturidecodebin.c(998): no_more_pads_full (): 
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0:

no suitable plugins found:
gstdecodebin2.c(4600): gst_decode_bin_expose (): 
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0:

no suitable plugins found:
Missing decoder: MPEG-1 Layer 3 (MP3) (audio/mpeg, mpegversion=(int)1, 
mpegaudioversion=(int)1, layer=(int)3, rate=(int)44100, channels=(int)1, 
parsed=(boolean)true)


Reached end of play list.

$ LC_ALL=C gst-inspect-1.0 mad
No such element or plugin 'mad'

Is there anything else I can do to diagnose or fix this issue?



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')

Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=sv_SE.utf8, LC_CTYPE=sv_SE.utf8 (charmap=UTF-8), 
LANGUAGE=sv_SE.utf8 (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gstreamer1.0-plugins-ugly depends on:
ii  liba52-0.7.40.7.4-19
ii  libc6   2.24-12
ii  libcdio13   0.83-4.3+b1
ii  libdvdread4 5.0.3-2
ii  libgcc1 1:7.1.0-7
ii  libglib2.0-02.50.3-2
ii  libgstreamer-plugins-base1.0-0  1.12.1-1
ii  libgstreamer1.0-0   1.12.1-1
ii  libmp3lame0 3.99.5+repack1-9+b2
ii  libmpeg2-4  0.5.1-7+b2
ii  libmpg123-0 1.25.0-1
ii  libopencore-amrnb0  0.1.3-2.1+b2
ii  libopencore-amrwb0  0.1.3-2.1+b2
ii  liborc-0.4-01:0.4.26-2
ii  libsidplay1v5   1.36.59-10
ii  libstdc++6  7.1.0-7
ii  libtwolame0 0.3.13-2
ii  libx264-148 2:0.148.2748+git97eaef2-1

gstreamer1.0-plugins-ugly recommends no packages.

gstreamer1.0-plugins-ugly suggests no packages.

-- no debconf information

Bug#866337: linux-image-4.9.0-3-686: KASLR does not disable hibernate

2017-06-28 Thread Krylov Michael 
Package: src:linux
Version: 4.9.30-2
Severity: important
Tags: upstream

Hello.

It looks like I found a problem in the kernel that is currently shipped with
debian stretch. 

In the stretch kernel ASLR mechanism got enabled (kernel option
CONFIG_RANDOMIZE_BASE), which conflicts with the hibernation mechanism
(kernel option CONFIG_HIBERNATE). 

It is clearly stated in the CONFIG_RANDOMIZE_BASE help that enabling
KASLR will prevent kernel from hibernating, cite:

If CONFIG_HIBERNATE is also enabled, KASLR is disabled at boot
time. To enable it, boot with "kaslr" on the kernel command
line (which will also disable hibernation).

Unfortunately, in my case it is not disabled. That is, I'm able to
hibernate, and then, when I turn on my laptop (Thinkpad X220i) again,
kernel tries to restore the dump it made while hibernating, fails, and
that leads either to hard reset of the laptop, or just it turning off.

I've spent around a week trying to find out why my hibernation doesn't
work. I suppose that, if KASLR is enabled (i.e. by default)  the kernel 
should disable hibernation *and* drop a message into dmesg that it can't 
hibernate because of KASLR.

I'm pretty sure that it is an upstream bug, so I mark this report as
upstream. I also tried 4.11 kernel from the unstable branch -- situation
is the same.

-- Package-specific info:
** Version:
Linux version 4.9.0-3-686 (debian-ker...@lists.debian.org) (gcc version 6.3.0 
20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.30-2 (2017-06-12)

** Command line:
BOOT_IMAGE=Linux ro root=801 quiet resume=/dev/sda2 ipv6.disable=1 nokaslr 
noefi 

** Not tainted

** Kernel log:
[ 4434.556977] iwlwifi :03:00.0: Radio type=0x0-0x0-0x3
[ 4434.613836] iwlwifi :03:00.0: L1 Enabled - LTR Disabled
[ 4434.621349] iwlwifi :03:00.0: L1 Enabled - LTR Disabled
[ 4434.621452] iwlwifi :03:00.0: Radio type=0x0-0x0-0x3
[ 4434.669620] iwlwifi :03:00.0: L1 Enabled - LTR Disabled
[ 4434.677205] iwlwifi :03:00.0: L1 Enabled - LTR Disabled
[ 4434.677308] iwlwifi :03:00.0: Radio type=0x0-0x0-0x3
[ 4434.940857] e1000e: eth0 NIC Link is Down
[ 4436.088445] (NULL device *): firmware: direct-loading firmware 
iwlwifi-1000-5.ucode
[ 4436.088462] PM: Syncing filesystems ... 
[ 4437.000320] done.
[ 4437.000325] Freezing user space processes ... (elapsed 0.001 seconds) done.
[ 4437.001807] PM: Marking nosave pages: [mem 0x-0x0fff]
[ 4437.001810] PM: Marking nosave pages: [mem 0x0009d000-0x000f]
[ 4437.001818] PM: Marking nosave pages: [mem 0x2000-0x201f]
[ 4437.001842] PM: Basic memory bitmaps created
[ 4437.001979] PM: Preallocating image memory... done (allocated 274066 pages)
[ 4437.236336] PM: Allocated 1096264 kbytes in 0.23 seconds (4766.36 MB/s)
[ 4437.236337] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) 
done.
[ 4437.237756] Suspending console(s) (use no_console_suspend to debug)
[ 4437.238068] ACPI : EC: event blocked
[ 4437.487413] PM: freeze of devices complete after 249.647 msecs
[ 4437.505923] PM: late freeze of devices complete after 18.497 msecs
[ 4437.506444] ACPI : EC: interrupt blocked
[ 4437.508041] PM: noirq freeze of devices complete after 2.113 msecs
[ 4437.508629] ACPI: Preparing to enter system sleep state S4
[ 4437.515379] ACPI : EC: EC stopped
[ 4437.515381] PM: Saving platform NVS memory
[ 4437.516824] Disabling non-boot CPUs ...
[ 4437.518251] smpboot: CPU 1 is now offline
[ 4437.518845] PM: Creating hibernation image:
[ 4437.647743] PM: Need to copy 271622 pages
[ 4437.647749] PM: Normal pages needed: 68774 + 1024, available pages: 157885
[ 4437.519580] PM: Restoring platform NVS memory
[ 4437.519803] ACPI : EC: EC started
[ 4437.520088] Suspended for 56643.583 seconds
[ 4437.520142] Enabling non-boot CPUs ...
[ 4437.520197] x86: Booting SMP configuration:
[ 4437.520198] smpboot: Booting Node 0 Processor 1 APIC 0x2
[ 4437.520440] Initializing CPU#1
[ 4437.520455] Disabled fast string operations
[ 4437.527059] CPU1 is up
[ 4437.528698] ACPI: Waking up from system sleep state S4
[ 4437.537385] thinkpad_acpi: EC reports that Thermal Table has changed
[ 4437.544774] ACPI : EC: interrupt unblocked
[ 4437.545539] sdhci-pci :0d:00.0: MMC controller base frequency changed to 
50Mhz.
[ 4437.575107] PM: noirq restore of devices complete after 30.405 msecs
[ 4437.575762] PM: early restore of devices complete after 0.605 msecs
[ 4437.674942] ACPI : EC: event unblocked
[ 4437.675220] usb usb1: root hub lost power or was reset
[ 4437.679118] ehci-pci :00:1a.0: cache line size of 64 is not supported
[ 4437.679203] usb usb2: root hub lost power or was reset
[ 4437.680266] iwlwifi :03:00.0: RF_KILL bit toggled to enable radio.
[ 4437.680897] rtc_cmos 00:02: System wakeup disabled by ACPI
[ 4437.683085] ehci-pci :00:1d.0: cache line size of 64 is not supported
[ 4437.691504] iwlwifi :03:00.0: L1 Enabled - LTR Disabled
[ 4437.693603] sd 0:0:0:0: [sda] Starting disk
[ 4437.701506] iwlwifi

Bug#542288: debian-policy: Version numbering: native packages, NMU's, and binary only uploads

2017-06-28 Thread Bill Allombert 
On Sun, Jun 25, 2017 at 02:08:05PM -0700, Russ Allbery wrote:
> It's been a while since the last update to this thread and proposed
> wording about the special version numbering conventions in use in Debian,
> and in the meantime things have settled out a bit more and we have a
> pretty firm consensus on how to handle special versions.  I'd therefore
> like to resurrect this thread and see if we can agree on some wording.
> 
> The patch below adds a definition of native packages to our definitions
> section and documents the following version number conventions:
> 
> - Native packages
> - NMUs of native and non-native packages
> - binNMUs
> - Stable updates
> - Backports
> 
> I think these are all fairly consistent and widely agreed-on at this
> point.
> 
> Concerns, objections, seconds?

Maybe we should check whether this is consistent with the devref, since
it covers the same ground.

Cheers,
-- 
Bill. 

Imagine a large red swirl here.

Bug#866335: Acknowledgement (transition: python3-defaults)

2017-06-28 Thread Scott Kitterman 


Sorry,

Affected should be build-depends, not depends.

Scott K

Bug#866336: linux-image-3.2.0-4-amd64: not loading nfsd kernel modul

2017-06-28 Thread Thomas Muenster 
Package: src:linux
Version: 3.2.89-2
Severity: normal

Dear Maintainer,

after a kernel update 3.2.89-2, the 'nfsd' kernel module will not load.
When downgrading to 3.2.78-1 it works again.



Here the details:

# apt-cache policy linux-image-3.2.0-4-amd64
linux-image-3.2.0-4-amd64:
  Installiert:   3.2.89-2
  Installationskandidat: 3.2.89-2
  Versionstabelle:
 *** 3.2.89-2 0
500 http://mirror.hetzner.de/debian/security/ wheezy/updates/main amd64 
Packages
500 http://security.debian.org/ wheezy/updates/main amd64 Packages
100 /var/lib/dpkg/status
 3.2.78-1 0
500 http://mirror.hetzner.de/debian/packages/ wheezy/main amd64 Packages



# service nfs-kernel-server start

[ ok ] Exporting directories for NFS kernel daemon
[] Starting NFS kernel daemon: nfsdrpc.nfsd: Unable to access /proc/fs/nfsd 
errno 2 (No such file or directory).
Please try, as root, 'mount -t nfsd nfsd /proc/fs/nfsd' and then restart 
rpc.nfsd to correct the problem
 failed!



# modprobe nfsd
ERROR: could not insert 'nfsd': Unknown symbol in module, or unknown parameter 
(see dmesg)


# dmesg
...
[  880.770963] nfsd: Unknown symbol setattr_prepare (err 0)
[  882.631922] nfsd: Unknown symbol setattr_prepare (err 0)
[  882.709046] nfsd: Unknown symbol setattr_prepare (err 0)
[  945.610445] nfsd: Unknown symbol setattr_prepare (err 0)


# apt-get install nfs-kernel-server nfs-common --reinstall

...
nfs-kernel-server (1:1.2.6-4) wird eingerichtet ...
[ ok ] Stopping NFS kernel daemon: mountd nfsd.
[ ok ] Unexporting directories for NFS kernel daemon
[ ok ] Exporting directories for NFS kernel daemon
[] Starting NFS kernel daemon: nfsdrpc.nfsd: Unable to access /proc/fs/nfsd 
errno 2 (No such file or directory).
Please try, as root, 'mount -t nfsd nfsd /proc/fs/nfsd' and then restart 
rpc.nfsd to correct the problem
 failed!




# aptitude install linux-image-3.2.0-4-amd64=3.2.78-1

Die folgenden Pakete werden durch eine ÄLTERE VERSION ERSETZT (Downgrade):
  linux-image-3.2.0-4-amd64
0 Pakete aktualisiert, 0 zusätzlich installiert, 1 durch eine ältere Version 
ersetzt, 0 werden entfernt und 0 nicht aktualisiert.
23,5 MB an Archiven müssen heruntergeladen werden. Nach dem Entpacken werden 
195 kB frei werden.
Holen: 1 http://mirror.hetzner.de/debian/packages/ wheezy/main 
linux-image-3.2.0-4-amd64 amd64 3.2.78-1 [23,5 MB]
23,5 MB wurden in 0 s heruntergeladen (29,9 MB/s)
Vorkonfiguration der Pakete ...
dpkg: Warnung: Version 3.2.89-2 des Paketes linux-image-3.2.0-4-amd64 wird 
durch ältere Version 3.2.78-1 ersetzt
...


# reboot


# lsmod|grep nfs
nfsd  216181  13
nfs   308353  0
nfs_acl12511  2 nfs,nfsd
auth_rpcgss37143  2 nfs,nfsd
fscache36739  1 nfs
lockd  67306  2 nfs,nfsd
sunrpc173775  19 lockd,auth_rpcgss,nfs_acl,nfs,nfsd




This bug-report was sent with the old kernel running.


Regards,
Thomas


-- Package-specific info:
** Version:
Linux version 3.2.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.6.3 
(Debian 4.6.3-14) ) #1 SMP Debian 3.2.65-1+deb7u1

** Command line:
BOOT_IMAGE=/vmlinuz-3.2.0-4-amd64 root=/dev/mapper/web--ssd-root ro quiet

** Not tainted

** Kernel log:
[0.562401] Registering the dns_resolver key type
[0.562635] PM: Hibernation image not present or could not be loaded.
[0.562660] registered taskstats version 1
[0.563544] rtc_cmos 00:01: setting system clock to 2017-06-28 21:41:08 UTC 
(1498686068)
[0.563571] Initializing network drop monitor service
[0.564319] Freeing unused kernel memory: 576k freed
[0.564461] Write protecting the kernel read-only data: 6144k
[0.565949] Freeing unused kernel memory: 644k freed
[0.567700] Freeing unused kernel memory: 688k freed
[0.584145] udevd[58]: starting version 175
[0.599302] ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 10
[0.599860] virtio-pci :00:03.0: setting latency timer to 64
[0.600023] ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 10
[0.600046] virtio-pci :00:0a.0: setting latency timer to 64
[0.600223] virtio-pci :00:0b.0: setting latency timer to 64
[0.600884] virtio-pci :00:12.0: setting latency timer to 64
[0.602711] SCSI subsystem initialized
[0.608813] usbcore: registered new interface driver usbfs
[0.608834] usbcore: registered new interface driver hub
[0.608856] libata version 3.00 loaded.
[0.609191] ata_piix :00:01.1: version 2.13
[0.609298] usbcore: registered new device driver usb
[0.609959] ata_piix :00:01.1: setting latency timer to 64
[0.610306] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[0.610602] uhci_hcd: USB Universal Host Controller Interface driver
[0.610658] scsi0 : ata_piix
[0.610984] scsi1 : ata_piix
[0.611011] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc0e0 irq 14
[0.611016] ata2: PATA max MWDMA2 cmd

Bug#866041: anacron: may execute daily/weekly/monthly jobs shortly after midnight

2017-06-28 Thread Michael Biebl 
On Mon, 26 Jun 2017 23:50:51 +0200 "Francesco Poli (wintermute)"
 wrote:
> Package: anacron
> Version: 2.3-24
> Severity: normal
> Tags: patch
> 
> Hello,
> I see that bug #744753 has been solved by changing the frequency at
> which anacron checks whether there are jobs to be executed.
> When systemd is PID 1, anacron performs this check hourly via
> timer, rather than daily at 7:30, as done on boxes where systemd is
> *not* PID 1 (/etc/cron.d/anacron).
> 
> This behavior change has a significant side effect: if the box
> is up and running at midnight, anacron may begin to execute
> daily (and possibly also weekly or monthly) jobs shortly after.
> Maybe it will (attempt to) start a backup or something like that,
> after midnight, when it could be time to shut the box down...

If you run a backup via cron you should guard it against accidental
shutdown in any case. systemd-inhibit is the tool you might want to look
into.

> This is inconsistent with the old behavior and with the behavior
> of boxes with non-systemd init systems (where the check is performed
> at boot or daily at 7:30, if the box is up and running at that time
> of the day).


> With the attached patch, the behavior becomes consistent with
> the non-systemd one. Thanks to the Persistent=true directive,
> any skipped checks will be catched up on boot or on resume,
> but the check won't be performed between midnight and 7:30,
> unless the box is booted/resumed in that time interval.

Afaics, this would basically reopen #744753.
Take a laptop for example, which is charged over night and then booted
in the morning while unplugged. We'd never trigger anacron because of
ConditionACPower=true in anacron.service
By triggering anacron.service hourly it's much more likely we hit a time
window where the system is plugged in.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#846396: screen: display corruption with bce due to wide character

2017-06-28 Thread Axel Beckert 
Control: forwarded -1 https://savannah.gnu.org/bugs/index.php?50044
Control: tag -1 + pending

Hi Vincent,

Vincent Lefevre wrote:
> According to a user who ran into the same issue, the cause is the
> obsolete Unicode lookup table:
> 
>   https://savannah.gnu.org/bugs/index.php?50044

I see. Wouldn't have guessed that so thanks for that hint.

> I didn't have the time to test the patch. But GNU Screen 4.6.0, which
> has just been released, has:
> 
>   * Update Unicode wide tables to 9.0
> 
> Thus, if this is really the same issue, this bug should now be fixed
> upstream.

Your reasoning sounds valid, so I'll close this bug report with
4.6.0-1 (which I'm currently preparing). Please reopen if you still
can reproduce the issue.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#855173: ITP: keepassxc -- Community fork of KeePassX, a free and open-source cross-platform password manager.

2017-06-28 Thread KeePassXC Team 
Hey all!

> I pushed the packaging so far to
>   https://anonscm.debian.org/git/collab-maint/keepassxc.git
> (web ui will appear soon, and it might need some cleanup and rebasing
>  before release; also copyright file needs update).

Thanks for taking over! One more thing to add: we have a packaging
repository, which Matt started. Since you have taken over ownership of
the package, I want to offer you also taking over the repository if you
like: https://github.com/keepassxreboot/keepassxc-packaging

Janek

Bug#866335: transition: python3-defaults

2017-06-28 Thread Scott Kitterman 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

We would like to add python3.6 as a supported python3 version along with
python3.5.  This is not exactly like a normal transition.  Only transient
unbuildability of higher level packages is to be expected.

As usual, we are planning a three step transition from python3.5 to python3.6.

Adding python3.6 as supported is first.

Once that is complete, we'll file another request to make python3.6 the
default python3.  This step does not need to immediately follow the first.

After that, we'll drop python3.5 as a supported version (other than needing a
tracker, that step doesn't need any support from the release team and won't
entangle anything as buildability of packages is not implicated).

Ben file:

title = "python3-defaults";
is_affected = .depends ~ "python3-all-dev";
is_good = .depends ~ "python3 (<< 3.7)";
is_bad = .depends ~ "python3 (<< 3.6)";

Scott K

Bug#846396: screen: display corruption with bce due to wide character

2017-06-28 Thread Vincent Lefevre 
Control: tags -1 - moreinfo + fixed-upstream
Control: found -1 4.5.1-4

According to a user who ran into the same issue, the cause is the
obsolete Unicode lookup table:

  https://savannah.gnu.org/bugs/index.php?50044

I didn't have the time to test the patch. But GNU Screen 4.6.0, which
has just been released, has:

  * Update Unicode wide tables to 9.0

Thus, if this is really the same issue, this bug should now be fixed
upstream.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#866328: user-setup: allow to preseed the user shell

2017-06-28 Thread Luca Boccassi 
On Wed, 2017-06-28 at 23:20 +0200, Cyril Brulebois wrote:
> Hi Luca,
> 
> Luca Boccassi  (2017-06-28):
> > It would be useful to allow preseeding the user shell.
> > 
> > The use case we have at work is building live Debian images and
> > shipping them to users, where we need to have something other than
> > bash as the live user shell.
> > 
> > This could be achieved with hacky posthook scripts that sed
> > /etc/passwd, but it just feels wrong :-)
> > 
> > Attached is a very small and simple patch to add a passwd/user-
> > shell
> > configurable option, modeled after passwd/user-uid.
> 
> I'm still undecided as to whether this patch is needed/useful in d-i,
> but anyway:

Hi,

At work we build a downstream of Debian, Vyatta, and it would be quite
useful for us. There might be more crazy folks like us out there who
might like it too :-)

> >  # Allow preseeding the groups to which the first created user is
> > added
> >  Template: passwd/user-default-groups
> >  Type: string
> > diff --git a/user-setup-apply b/user-setup-apply
> > index f24ece2..9dfcf55 100755
> > --- a/user-setup-apply
> > +++ b/user-setup-apply
> > @@ -109,6 +109,16 @@ if [ "$RET" = true ] && ! is_system_user; then
> >     UIDOPT=
> >     fi
> >  
> > +   if db_get passwd/user-shell && [ "$RET" ]; then
> > +   if [ -x $ROOT/usr/sbin/adduser ]; then
> > +   SHELLOPT="--shell $RET"
> > +   else
> > +   SHELLOPT="-s $RET"
> > +   fi
> > +   else
> > +   SHELLOPT=
> > +   fi
> > +
> 
> This distinction doesn't seem needed? I see this in useradd's manpage
> from jessie to sid:
>    -s, --shell SHELL

Yes I noticed the same, but that was true for --uid as well, so I
followed the same convention.

New version inlined without that if-else. Thanks for the feedback!

Kind regards,
Luca Boccassi

From 84e6049f8e41f15da2e3b91f1184e89e8cd429b7 Mon Sep 17 00:00:00 2001
From: Luca Boccassi 
Date: Wed, 28 Jun 2017 19:21:10 +0100
Subject: [PATCH] Add passwd/user-shell to allow preseeding the shell

In some cases it is useful to be able to configure the user shell via
the installer. Add a new optional db_get passwd/user-shell and pass
it to adduser/useradd --shell/-s if it is set.
---
 debian/user-setup-udeb.templates |  5 +
 user-setup-apply | 10 --
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/debian/user-setup-udeb.templates b/debian/user-setup-udeb.templates
index 45e16b4..64731de 100644
--- a/debian/user-setup-udeb.templates
+++ b/debian/user-setup-udeb.templates
@@ -16,6 +16,11 @@ Template: passwd/user-uid
 Type: string
 Description: for internal use only
 
+# Allow preseeding the shell configured for the first created user
+Template: passwd/user-shell
+Type: string
+Description: for internal use only
+
 # Allow preseeding the groups to which the first created user is added
 Template: passwd/user-default-groups
 Type: string
diff --git a/user-setup-apply b/user-setup-apply
index f24ece2..9a6a913 100755
--- a/user-setup-apply
+++ b/user-setup-apply
@@ -109,6 +109,12 @@ if [ "$RET" = true ] && ! is_system_user; then
    UIDOPT=
    fi
 
+   if db_get passwd/user-shell && [ "$RET" ]; then
+   SHELLOPT="--shell $RET"
+   else
+   SHELLOPT=
+   fi
+
    # Add the user to the database, using adduser in noninteractive
    # mode.
    db_get passwd/username
@@ -121,9 +127,9 @@ if [ "$RET" = true ] && ! is_system_user; then
    fi
 
    if [ -x $ROOT/usr/sbin/adduser ]; then
-   $log $chroot $ROOT adduser --disabled-password --gecos "$RET" 
$UIDOPT "$USER" >/dev/null || true
+   $log $chroot $ROOT adduser --disabled-password --gecos "$RET" 
$UIDOPT $SHELLOPT "$USER" >/dev/null || true
    else
-   $log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT 
>/dev/null || true
+   $log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT 
$SHELLOPT >/dev/null || true
    fi
 
    # Clear the user password from the database.
-- 
2.11.0


signature.asc
Description: This is a digitally signed message part

Bug#866314: linux-image-4.9.0-3-686-pae: 100+ times slower disk writes on 4.x+/i386/16+RAM, compared to 3.x

2017-06-28 Thread Ben Hutchings 
On Wed, 2017-06-28 at 19:53 +, Holger Levsen wrote:
> package: linux-image-4.9.0-3-686-pae
> version: 4.9.30-2+deb9u2
> # severity: important ?

I would say only 'normal', because this isn't a sensible configuration.

[...]
> We want to run half of our i386 build nodes with a 32 bit kernel and the other
> half with an 64 bit kernel to test reproducibility under this variation, so
> I'm really looking forward to see this bug fixed soon. Other people can
> probably just keep running the amd64 kernel, thus I've decided for normal 
> severity for this issue.

Why don't you assign a smaller amount of RAM to the 32-bit VMs?  Are
there packages that need this much to build?

Ben.

-- 
Ben Hutchings
Absolutum obsoletum. (If it works, it's out of date.) - Stafford Beer



signature.asc
Description: This is a digitally signed message part

Bug#866334: ITP: lean -- theorem prover from Microsoft Research

2017-06-28 Thread Benjamin Barenblat 
Package: wnpp
Severity: wishlist
Owner: Benjamin Barenblat 

* Package name: lean
  Version : 3.2.0
  Upstream Author : Leonardo de Moura  et al.
* URL : https://leanprover.github.io/
* License : Apache-2.0
  Programming Lang: C++
  Description : theorem prover from Microsoft Research

Lean is a theorem prover or interactive proof assistant. That is, it’s
a system in which you can write formal mathematical proofs that are
checked for correctness by the computer. Lean is thus broadly similar
to Coq, but the Lean developers hope to build a faster, more extensible
system than Coq is today.

From the About page: “Lean is a new open source theorem prover being
developed at Microsoft Research, and its standard library at Carnegie
Mellon University. Lean aims to bridge the gap between interactive and
automated theorem proving by situating automated tools and methods in a
framework that supports user interaction and the construction of fully
specified axiomatic proofs. The goal is to support both mathematical
reasoning and reasoning about complex systems, and to verify claims in
both domains.”

Lean has been under development for several years; regular releases
first appeared in January. I use Lean, and I know other Debian users
would like to have it easily accessible.

Bug#866320: libspreadsheet-writeexcel-perl: uses deprecated POSIX::tmpnam()

2017-06-28 Thread gregor herrmann 
On Wed, 28 Jun 2017 23:20:06 +0300, Niko Tyni wrote:

> This package uses POSIX::tmpnam(), deprecated in Perl 5.22
> and removed in 5.26 (currently in experimental.)
> 
>  lib/Spreadsheet/WriteExcel/Workbook.pm:$tmp_dir = "POSIX::tmpnam() 
> directory" if not $fh;
>  lib/Spreadsheet/WriteExcel/Worksheet.pm:$tmp_dir = "POSIX::tmpnam() 
> directory" if not $fh;
> 
> It looks like this is fallback code that might not be active
> so filing at 'normal' for now.

Hm, I think it's the default case:


# In the default case we use IO::File->new_tmpfile(). This may fail, in
# particular with IIS on Windows, so we allow the user to specify a temp
# directory via File::Temp.
#
if (defined $self->{_tempdir}) {

# Delay loading File:Temp to reduce the module dependencies.
eval { require File::Temp };
die "The File::Temp module must be installed in order ".
"to call set_tempdir().\n" if $@;


# Trap but ignore File::Temp errors.
eval { $fh = File::Temp::tempfile(DIR => $self->{_tempdir}) };

# Store the failed tmp dir in case of errors.
$tmp_dir = $self->{_tempdir} || File::Spec->tmpdir if not $fh;
}
else {

$fh = IO::File->new_tmpfile();

# Store the failed tmp dir in case of errors.
$tmp_dir = "POSIX::tmpnam() directory" if not $fh;
}


And $self->{_tempdir} is only set when the user/consumer explicitly
uses the set_tempdir() method.

OTOH, POSIX::tmpnam() is only called when IO::File->new_tmpfile()
fails. But still, this should be fixed, I guess.


Cheers,
gregor, forwarding upstream

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Bob Dylan: Not Dark Yet


signature.asc
Description: Digital Signature

Bug#850291: gdm3: does not work without gnome-session

2017-06-28 Thread Michael Biebl 
Am 28.06.2017 um 23:27 schrieb Michael Biebl:
> Am 28.06.2017 um 21:00 schrieb Michael Biebl:
>> Marking this as RC (missing dependency to function properly).
>> We should fix that in stretch via a point release.
> 
> After some more discussion on IRC, we concluded this is a result of the
> following upstream change:
> https://git.gnome.org/browse/gdm/commit/?id=f66cdfcb
> 
> gdm dropped it's own gdm-shell.session in preference of gnome.session.
> 
> This file is currently shipped by gnome-session.
> 
> Afaics, we have 3 options:
> 
> 1/ Add a hard dependency on gnome-session to gdm3
> (this kind of makes the line
> Depends: gnome-session | x-session-manager | x-window-manager |
> x-terminal-emulator,
> pointless, so this should be dropped if this option is chosen)

Also, since the gnome-session <> gnome-session-bin split was originally
done for gdm3, having a hard dep on gnome-session would make the split
pointless, so we should merge the packages again (this would obviously
not be something which should be done in stable)


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#850291: gdm3: does not work without gnome-session

2017-06-28 Thread Michael Biebl 
Am 28.06.2017 um 21:00 schrieb Michael Biebl:
> Marking this as RC (missing dependency to function properly).
> We should fix that in stretch via a point release.

After some more discussion on IRC, we concluded this is a result of the
following upstream change:
https://git.gnome.org/browse/gdm/commit/?id=f66cdfcb

gdm dropped it's own gdm-shell.session in preference of gnome.session.

This file is currently shipped by gnome-session.

Afaics, we have 3 options:

1/ Add a hard dependency on gnome-session to gdm3
(this kind of makes the line
Depends: gnome-session | x-session-manager | x-window-manager |
x-terminal-emulator,
pointless, so this should be dropped if this option is chosen)

2/ Move /usr/share/gnome-session/sessions/gnome.session to gnome-session-bin

3/ Revert upstream commit
https://git.gnome.org/browse/gdm/commit/?id=f66cdfcb and possibly
https://git.gnome.org/browse/gdm/commit/?id=9fb36b as well.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#866333: jessie-pu: package c-ares/1.10.0-2+deb8u1

2017-06-28 Thread Gregor Jasny 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hello,

recently a buffer overlow in c-ares has been fixed and the Security Team
asked me to prepare an upload to jessie (see #865360).

Attached you'll find the debdiff.

Thanks,
Gregor

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru c-ares-1.10.0/debian/changelog c-ares-1.10.0/debian/changelog
--- c-ares-1.10.0/debian/changelog  2016-09-29 20:30:48.0 +0200
+++ c-ares-1.10.0/debian/changelog  2017-06-26 22:03:42.0 +0200
@@ -1,3 +1,9 @@
+c-ares (1.10.0-2+deb8u2) jessie; urgency=medium
+
+  * Add patch for CVE-2017-1000381 (Closes: #865360)
+
+ -- Gregor Jasny   Mon, 26 Jun 2017 22:03:42 +0200
+
 c-ares (1.10.0-2+deb8u1) jessie-security; urgency=high
 
   * Apply patch for CVE-2016-5180 (Closes: #839151)
diff -Nru c-ares-1.10.0/debian/patches/CVE-2017-1000381.diff 
c-ares-1.10.0/debian/patches/CVE-2017-1000381.diff
--- c-ares-1.10.0/debian/patches/CVE-2017-1000381.diff  1970-01-01 
01:00:00.0 +0100
+++ c-ares-1.10.0/debian/patches/CVE-2017-1000381.diff  2017-06-26 
22:03:42.0 +0200
@@ -0,0 +1,30 @@
+Origin: upstream, e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116
+From: David Drysdale 
+Date: Mon, 22 May 2017 10:54:10 +0100
+Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data
+Bug-Debian: http://bugs.debian.org/865360
+
+Check that there is enough data for the required elements
+of an NAPTR record (2 int16, 3 bytes for string lengths)
+before processing a record.
+
+--- a/ares_parse_naptr_reply.c
 b/ares_parse_naptr_reply.c
+@@ -110,6 +110,12 @@
+   status = ARES_EBADRESP;
+   break;
+ }
++  /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
++  if (rr_len < 7)
++{
++  status = ARES_EBADRESP;
++  break;
++}
+ 
+   /* Check if we are really looking at a NAPTR record */
+   if (rr_class == C_IN && rr_type == T_NAPTR)
+@@ -185,4 +191,3 @@
+ 
+   return ARES_SUCCESS;
+ }
+-
diff -Nru c-ares-1.10.0/debian/patches/series 
c-ares-1.10.0/debian/patches/series
--- c-ares-1.10.0/debian/patches/series 2016-09-29 20:28:42.0 +0200
+++ c-ares-1.10.0/debian/patches/series 2017-06-26 22:03:42.0 +0200
@@ -1,2 +1,3 @@
 disable-cflags-rewrite.diff
 CVE-2016-5180.diff
+CVE-2017-1000381.diff

Bug#866332: stretch-pu: package c-ares/1.12.0-1

2017-06-28 Thread Gregor Jasny 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello,

recently a buffer overlow in c-ares has been fixed and the Security Team
asked me to prepare an upload to stretch (see #865360).

Attached you'll find the debdiff.

Thanks,
Gregor

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru c-ares-1.12.0/debian/changelog c-ares-1.12.0/debian/changelog
--- c-ares-1.12.0/debian/changelog  2016-09-29 18:19:09.0 +0200
+++ c-ares-1.12.0/debian/changelog  2017-06-26 22:00:03.0 +0200
@@ -1,3 +1,9 @@
+c-ares (1.12.0-1+deb9u1) stretch; urgency=medium
+
+  * Add patch for CVE-2017-1000381 (Closes: #865360)
+
+ -- Gregor Jasny   Mon, 26 Jun 2017 22:00:03 +0200
+
 c-ares (1.12.0-1) unstable; urgency=high
 
   [ Daniel Stenberg ]
diff -Nru c-ares-1.12.0/debian/gbp.conf c-ares-1.12.0/debian/gbp.conf
--- c-ares-1.12.0/debian/gbp.conf   2016-02-12 22:09:13.0 +0100
+++ c-ares-1.12.0/debian/gbp.conf   2017-06-26 22:00:03.0 +0200
@@ -1,6 +1,6 @@
 [DEFAULT]
 upstream-branch = upstream
-debian-branch = master
+debian-branch = stretch
 upstream-tag = upstream/%(version)s
 debian-tag = debian/%(version)s
 pristine-tar = True
diff -Nru c-ares-1.12.0/debian/patches/CVE-2017-1000381.diff 
c-ares-1.12.0/debian/patches/CVE-2017-1000381.diff
--- c-ares-1.12.0/debian/patches/CVE-2017-1000381.diff  1970-01-01 
01:00:00.0 +0100
+++ c-ares-1.12.0/debian/patches/CVE-2017-1000381.diff  2017-06-26 
22:00:03.0 +0200
@@ -0,0 +1,30 @@
+Origin: upstream, e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116
+From: David Drysdale 
+Date: Mon, 22 May 2017 10:54:10 +0100
+Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data
+Bug-Debian: http://bugs.debian.org/865360
+
+Check that there is enough data for the required elements
+of an NAPTR record (2 int16, 3 bytes for string lengths)
+before processing a record.
+
+--- a/ares_parse_naptr_reply.c
 b/ares_parse_naptr_reply.c
+@@ -110,6 +110,12 @@
+   status = ARES_EBADRESP;
+   break;
+ }
++  /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
++  if (rr_len < 7)
++{
++  status = ARES_EBADRESP;
++  break;
++}
+ 
+   /* Check if we are really looking at a NAPTR record */
+   if (rr_class == C_IN && rr_type == T_NAPTR)
+@@ -185,4 +191,3 @@
+ 
+   return ARES_SUCCESS;
+ }
+-
diff -Nru c-ares-1.12.0/debian/patches/series 
c-ares-1.12.0/debian/patches/series
--- c-ares-1.12.0/debian/patches/series 2016-02-12 22:09:13.0 +0100
+++ c-ares-1.12.0/debian/patches/series 2017-06-26 22:00:03.0 +0200
@@ -1 +1,2 @@
 disable-cflags-rewrite.diff
+CVE-2017-1000381.diff

Bug#866330: cd-hit: please make the build reproducible

2017-06-28 Thread Chris Lamb 
Source: cd-hit
Version: 4.6.7-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed
that cd-hit could not be built reproducibly.

This is because the help2man call to cd-hit-div fails as it does not
support --help argument, and the error message contains the absolute
build path.

Patch attached. It adds a very basic "usage" stanza, thus fixing both
issues at once.

 [0] https://reproducible-builds.org/


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb, Debian Project Leader
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- a/debian/patches/enable_help2man.patch  2017-06-28 22:02:55.736716965 
+0100
--- b/debian/patches/enable_help2man.patch  2017-06-28 22:18:48.946156579 
+0100
  
+--- cd-hit-4.6.7.orig/cd-hit-div.pl
 cd-hit-4.6.7/cd-hit-div.pl
+@@ -4,6 +4,11 @@
+ #or throw away seq
+ 
+ $in  = shift; $in  or die "no input file";
++if ($in eq "--help") {
++  print "Usage: $0 IN OUT DIV\n\n";
++  print "Divide a FASTA file into pieces.\n";
++  exit;
++}
+ $out = shift; $out or die "no output file";
+ $div = shift; $div or die "no div number";
+

Bug#862456: jessie-pu: package cfitsio/3.370-2+deb8u1

2017-06-28 Thread Aurelien Jarno 
On 2017-06-28 00:00, Cyril Brulebois wrote:
> Control: tag -1 confirmed
> 
> Hi Aurélien,
> 
> Aurelien Jarno  (2017-05-12):
> > I would like to fix the cfitsio package in stable wrt bug#800819. The
> > wrong use of memcpy on overlapping area causes some tests in depending
> > packages to fail. More importantly this bug is likely to cause issues
> > on other architectures. The patch, which simply replaces memcpy by
> > memmove is included upstream for quite some time now, as well as in
> > stretch.
> > 
> > You will find below the full debdiff of the proposed changes. Thanks
> > for considering.
> 
> Looks good to me, feel free to upload; thanks.

Thanks for the review, I have just uploaded it.

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net


signature.asc
Description: PGP signature

Bug#866331: fai-server: fai-diskimage exits with 0 even when a script does not

2017-06-28 Thread Brian Sutherland 
Package: fai-server
Version: 5.3.6
Severity: normal

Dear Maintainer,

I'm relatively new to FAI, so please close this as wontfix if it's
expected behaviour. However, it's quite unexpected for me to see that
fai-diskimage exits with status code 0 when a script in "scripts" fails
with a non-zero status code.

I can see the failure in the log output, but don't see any other way of
verifying that there were no failures while building the image.

Is this expected? why?

Many thanks,

Brian

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fai-server depends on:
ii  debootstrap  1.0.89
ii  fai-client   5.3.6
ii  xz-utils 5.2.2-1.2+b1

Versions of packages fai-server recommends:
pn  isc-dhcp-server   
pn  libproc-daemon-perl   
pn  nfs-kernel-server 
pn  openbsd-inetd | inet-superserver  
ii  openssh-client1:7.4p1-10
ii  openssh-server1:7.4p1-10
pn  tftpd-hpa | atftpd

Versions of packages fai-server suggests:
pn  aptitude   
ii  binutils   2.28-5
pn  debmirror  
ii  fai-setup-storage  5.3.6
pn  grub2  
pn  perl-tk
ii  qemu-utils 1:2.8+dfsg-6
ii  reprepro   5.1.1-1
pn  squashfs-tools 
pn  xorriso

-- no debconf information

Bug#866328: user-setup: allow to preseed the user shell

2017-06-28 Thread Cyril Brulebois 
Hi Luca,

Luca Boccassi  (2017-06-28):
> It would be useful to allow preseeding the user shell.
> 
> The use case we have at work is building live Debian images and
> shipping them to users, where we need to have something other than
> bash as the live user shell.
> 
> This could be achieved with hacky posthook scripts that sed
> /etc/passwd, but it just feels wrong :-)
> 
> Attached is a very small and simple patch to add a passwd/user-shell
> configurable option, modeled after passwd/user-uid.

I'm still undecided as to whether this patch is needed/useful in d-i,
but anyway:

>  # Allow preseeding the groups to which the first created user is added
>  Template: passwd/user-default-groups
>  Type: string
> diff --git a/user-setup-apply b/user-setup-apply
> index f24ece2..9dfcf55 100755
> --- a/user-setup-apply
> +++ b/user-setup-apply
> @@ -109,6 +109,16 @@ if [ "$RET" = true ] && ! is_system_user; then
>   UIDOPT=
>   fi
>  
> + if db_get passwd/user-shell && [ "$RET" ]; then
> + if [ -x $ROOT/usr/sbin/adduser ]; then
> + SHELLOPT="--shell $RET"
> + else
> + SHELLOPT="-s $RET"
> + fi
> + else
> + SHELLOPT=
> + fi
> +

This distinction doesn't seem needed? I see this in useradd's manpage
from jessie to sid:
   -s, --shell SHELL


KiBi.


signature.asc
Description: Digital signature

Bug#866324: [Pkg-swan-devel] Bug#866324: strongswan-swanctl: Install empty directories that ‘swanctl --load-all’ expects

2017-06-28 Thread Gerald Turner 
On Wed, Jun 28 2017, Gerald Turner wrote:
> On Wed, Jun 28 2017, Yves-Alexis Perez wrote:
>> I don't have those logs message, because the folders actually exist
>> here, so I somehow have the feeling that strongSwan actually created
>> the directories itself.
>
> I'm not sure... I made the conversion to VICI in April, I had these
> errors in my test environment for days until I wrote that patch,
> unfortunately my persistent journald logs don't go back that far.  I
> do distinctly remember taking the time to grok the source code in
> order to determine the correctness of this patch - and I don't recall
> seeing any code which creates these directories.

I just tested by stopping strongswan-swanctl, rmdir /etc/swanctl/ecdsa
(I'm not using ECDSA certificates), and started strongswan-swanctl.  The
directory wasn't created.

Inspecting my commit message I see that I had written “… subsystem
‘lib’, log level 1”, so you'd have to turn up charon-systemd.journal
logging to see these messages.

Apologies for the nearly frivilous patch, but having mode 0700 set on
directories potentially containing private keys is kind of nifty ;-)
(and consistent with the strongswan-starter package)

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D


signature.asc
Description: PGP signature

Bug#866324: [Pkg-swan-devel] Bug#866324: strongswan-swanctl: Install empty directories that ‘swanctl --load-all’ expects

2017-06-28 Thread Gerald Turner 
On Wed, Jun 28 2017, Yves-Alexis Perez wrote:
> On Wed, 2017-06-28 at 13:42 -0700, Gerald Turner wrote:
>> Whenever strongswan-swanctl.service is started, it logs warnings like:
>>
>>   “opening directory '/etc/swanctl/x509' failed: No such file or directory”
>>
>> I believe that, similar to how the strongswan-starter package
>> installs empty directores that are scanned by the charon daemon
>> (‘/etc/ipsec.d/cacerts’, etc.), that the strongswan-swanctl package
>> should also have it's dependent directores installed.
>>
>> This would eliminate the [harmless] log messages and also aid in
>> discovery for and admins setting up strongswan-swanctl for the first
>> time.
>
> I don't have those logs message, because the folders actually exist
> here, so I somehow have the feeling that strongSwan actually created
> the directories itself.

I'm not sure... I made the conversion to VICI in April, I had these
errors in my test environment for days until I wrote that patch,
unfortunately my persistent journald logs don't go back that far.  I do
distinctly remember taking the time to grok the source code in order to
determine the correctness of this patch - and I don't recall seeing any
code which creates these directories.

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D


signature.asc
Description: PGP signature

Bug#866329: apt: sandbox warning when using apt install ./example.deb

2017-06-28 Thread Jeremy Bicha 
Package: apt
Version: 1.4.6

The sandbox warning is unnecessary when apt is installing a local file
that shouldn't really be downloaded. Please don't show this warning in
that case.

sudo apt install ./gnome-getting-started-docs_3.24.0-1ubuntu1_all.deb
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'gnome-getting-started-docs' instead of
'./gnome-getting-started-docs_3.24.0-1ubuntu1_all.deb'
The following packages will be DOWNGRADED:
  gnome-getting-started-docs
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 0 not upgraded.
Need to get 0 B/11.1 MB of archives.
After this operation, 2,048 B disk space will be freed.
Do you want to continue? [Y/n] y
Get:1 
/home/jeremy/devel/ubuntu/gnome-getting-started-docs/gnome-getting-started-docs_3.24.0-1ubuntu1_all.deb
gnome-getting-started-docs all 3.24.0-1ubuntu1 [11.1 MB]
dpkg: warning: downgrading gnome-getting-started-docs from
3.24.1-0ubuntu2 to 3.24.0-1ubuntu1
(Reading database ... 182902 files and directories currently installed.)
Preparing to unpack .../gnome-getting-started-docs_3.24.0-1ubuntu1_all.deb ...
Unpacking gnome-getting-started-docs (3.24.0-1ubuntu1) over
(3.24.1-0ubuntu2) ...
Setting up gnome-getting-started-docs (3.24.0-1ubuntu1) ...
N: Download is performed unsandboxed as root as file
'/home/jeremy/devel/ubuntu/gnome-getting-started-docs/gnome-getting-started-docs_3.24.0-1ubuntu1_all.deb'
couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

Thanks,
Jeremy Bicha

Bug#866327: charon-systemd: Create AppArmor profiles for /usr/sbin/swanctl and /usr/sbin/charon-systemd

2017-06-28 Thread Gerald Turner 
Control: tags -1 + patch

Attached is a patch adapts the work Canonical had done for
/usr/lib/ipsec/charon policy for /usr/sbin/charon-systemd.

I've tested the swanctl (client) profile thoroughly, however the
charon-systemd (daemon) profile had only been tested with relatively few
plugins.

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D
commit b1ca98314847ef5db77983122ab855be5b6ff8b7
Author: Gerald Turner 
Date:   Thu May 11 17:15:09 2017 -0700

Install AppArmor profiles for /usr/sbin/swanctl and /usr/sbin/charon-systemd.

The AppArmor profile for charon-systemd was copied from the existing profile
for /usr/lib/ipsec/charon without much scrutiny other than testing basic IPsec
tunnels (no fancy plugin options were tested).  It appears that the team at
Canonical that had written the /usr/lib/ipsec/charon policy had done extensive
testing with several plugins, and it seems likely that applying the same
profile to charon-systemd will allow those plugins to continue to work.

The AppArmor profile for swanctl was written from scratch and well tested.  It
turns out that swanctl unnecessarily loads plugins by default, so a bit of
frivolous access has been granted.

diff --git a/debian/charon-systemd.install b/debian/charon-systemd.install
index 6ab3af8f..a1424ab8 100644
--- a/debian/charon-systemd.install
+++ b/debian/charon-systemd.install
@@ -2,3 +2,4 @@ etc/strongswan.d/charon-systemd.conf
 lib/systemd/system/strongswan-swanctl.service
 usr/sbin/charon-systemd
 usr/share/strongswan/templates/config/strongswan.d/charon-systemd.conf
+debian/usr.sbin.charon-systemd /etc/apparmor.d/
diff --git a/debian/rules b/debian/rules
index dacdb645..184abc7c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -195,6 +195,8 @@ endif
 	dh_apparmor --profile-name=usr.lib.ipsec.charon -p strongswan-charon
 	dh_apparmor --profile-name=usr.lib.ipsec.lookip -p libcharon-extra-plugins
 	dh_apparmor --profile-name=usr.lib.ipsec.stroke -p strongswan-starter
+	dh_apparmor --profile-name=usr.sbin.swanctl -p strongswan-swanctl
+	dh_apparmor --profile-name=usr.sbin.charon-systemd -p charon-systemd
 
 	# add additional files not covered by upstream makefile...
 	install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets
diff --git a/debian/strongswan-swanctl.install b/debian/strongswan-swanctl.install
index 483b0385..561b9d5b 100644
--- a/debian/strongswan-swanctl.install
+++ b/debian/strongswan-swanctl.install
@@ -8,3 +8,4 @@ usr/share/man/man8/swanctl.8
 usr/sbin/swanctl
 usr/lib/ipsec/libvici.so*
 usr/lib/ipsec/plugins/libstrongswan-vici.so
+debian/usr.sbin.swanctl /etc/apparmor.d/
diff --git a/debian/usr.sbin.charon-systemd b/debian/usr.sbin.charon-systemd
new file mode 100644
index ..e1769f29
--- /dev/null
+++ b/debian/usr.sbin.charon-systemd
@@ -0,0 +1,76 @@
+# --
+#
+#   Copyright (C) 2016 Canonical Ltd.
+#
+#   This program is free software; you can redistribute it and/or
+#   modify it under the terms of version 2 of the GNU General Public
+#   License published by the Free Software Foundation.
+#
+#   Author: Jonathan Davies 
+#   Ryan Harper 
+#
+# --
+
+#include 
+
+/usr/sbin/charon-systemd flags=(complain,attach_disconnected) {
+  #include 
+  #include 
+  #include 
+  #include 
+  #include 
+
+  capability ipc_lock,
+  capability net_admin,
+  capability net_raw,
+
+  # allow priv dropping (LP: #1333655)
+  capability chown,
+  capability setgid,
+  capability setuid,
+
+  # libcharon-extra-plugins: xauth-pam
+  capability audit_write,
+
+  # libstrongswan-standard-plugins: agent
+  capability dac_override,
+
+  capability net_admin,
+  capability net_raw,
+
+  network,
+  network raw,
+
+  /bin/dash rmPUx,
+
+  # libchron-extra-plugins: kernel-libipsec
+  /dev/net/tun  rw,
+
+  /etc/ipsec.conf   r,
+  /etc/ipsec.secretsr,
+  /etc/ipsec.*.secrets  r,
+  /etc/ipsec.d/ r,
+  /etc/ipsec.d/**   r,
+  /etc/ipsec.d/crls/*   rw,
+  /etc/opensc/opensc.conf   r,
+  /etc/strongswan.conf  r,
+  /etc/strongswan.d/r,
+  /etc/strongswan.d/**  r,
+  /etc/tnc_config   r,
+
+  /proc/sys/net/core/xfrm_acq_expires   w,
+
+  /run/charon.* rw,
+  /run/pcscd/pcscd.comm rw,
+
+  /usr/lib/ipsec/charon rmix,
+  /usr/lib/ipsec/imcvs/ r,
+  /usr/lib/ipsec/imcvs/**   rm,
+
+  /usr/lib/*/opensc-pkcs11.so rm,
+
+  /var/lib/strongswan/* r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include 
+}
diff --git a/debian/usr.sbin.swanctl b/debian/usr.sbin.swanctl
new file mode 100644
index

Bug#865098: gajim-omemo: uncaught exception and two spelling mistakes at start

2017-06-28 Thread W. Martin Borgert 
Upstream fixed this five minutes ago:
https://dev.gajim.org/gajim/gajim-plugins/commit/4a8a9cebba964b30ae7422a675dec2981e191d98

Bug#866326: strongswan-swanctl: Include ‘/etc/swanctl/conf.d/*.conf’ from ‘/etc/swanctl/swanctl.conf’

2017-06-28 Thread Gerald Turner 
Control: tags -1 + patch

Attached is a patch which installs this directory and the include
statement via quilt patch suitable for upstreaming.

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D
commit fc945ec8953c853d83994a88df2ea665b2a0d700
Author: Gerald Turner 
Date:   Wed May 10 20:42:25 2017 -0700

Include ‘/etc/swanctl/conf.d/*.conf’ from ‘/etc/swanctl/swanctl.conf’.

Similar to how an administrator could create files like
‘/etc/strongswan.d/99-custom-logging.conf’ or
‘/etc/strongswan.d/charon/99-kernel-netlink.conf’ rather than customizing any
of the dpkg-maintained conffiles, administrators can now create files like
‘/etc/swanctl/conf.d/99-vpn.conf’, while leaving ‘/etc/swanctl/swanctl.conf’
unaltered, so that package upgrades don't prompt when local modifications are
detected.

Added quilt patch 06_include-swanctl-conf-d-dir.patch.

diff --git a/debian/patches/06_include-swanctl-conf-d-dir.patch b/debian/patches/06_include-swanctl-conf-d-dir.patch
new file mode 100644
index ..fd348c23
--- /dev/null
+++ b/debian/patches/06_include-swanctl-conf-d-dir.patch
@@ -0,0 +1,18 @@
+Index: strongswan/src/swanctl/Makefile.am
+===
+--- strongswan.orig/src/swanctl/Makefile.am
 strongswan/src/swanctl/Makefile.am
+@@ -78,3 +78,4 @@ install-data-local: swanctl.conf
+ 	test -e "$(DESTDIR)$(swanctldir)/pkcs8" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/pkcs8" || true
+ 	test -e "$(DESTDIR)$(swanctldir)/pkcs12" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/pkcs12" || true
+ 	test -e "$(DESTDIR)$(swanctldir)/swanctl.conf" || $(INSTALL) -m 640 $(srcdir)/swanctl.conf $(DESTDIR)$(swanctldir)/swanctl.conf || true
++	test -e "$(DESTDIR)$(swanctldir)/conf.d" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/conf.d" || true
+Index: strongswan/src/swanctl/swanctl.conf
+===
+--- strongswan.orig/src/swanctl/swanctl.conf
 strongswan/src/swanctl/swanctl.conf
+@@ -495,3 +495,4 @@
+ 
+ # }
+ 
++include conf.d/*.conf
diff --git a/debian/patches/series b/debian/patches/series
index 949de693..d2cc0473 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 03_systemd-service.patch
 04_disable-libtls-tests.patch
 05_install-charon-systemd-conf.patch
+06_include-swanctl-conf-d-dir.patch
diff --git a/debian/strongswan-swanctl.dirs b/debian/strongswan-swanctl.dirs
index 77d36958..b5d1f323 100644
--- a/debian/strongswan-swanctl.dirs
+++ b/debian/strongswan-swanctl.dirs
@@ -5,6 +5,7 @@
 /etc/swanctl/private
 /etc/swanctl/pubkey
 /etc/swanctl/rsa
+/etc/swanctl/conf.d
 /etc/swanctl/x509
 /etc/swanctl/x509aa
 /etc/swanctl/x509ac


signature.asc
Description: PGP signature

Bug#866252: apt-get update doesn't work when connection is filtered through iptables owner module

2017-06-28 Thread Niels Thykier 
On Wed, 28 Jun 2017 22:10:08 +0200 Julian Andres Klode 
wrote:
> On Thu, Jun 29, 2017 at 12:34:37AM +0530, Prahlad Yeri wrote:
> > Package: apt
> > Version: 1.4.6
> > 
> > I'm not very sure that this is a bug or not, but I'm inclined to treat
> > this as bug because its different from expected behavior. iptables
> > is a well known component of Linux kernel and many users use it to
> > control access to network resources and especially the Internet.
> > 
> > The problem here is that when you use the owner module to restrict
> > access to only root group, the root user(sudo) isn't able to do the
> > "apt-get update" (or rather any apt-get command that uses the internet
> > such as "apt-get download"), though he is able to use the internet
> > otherwise.
> 
> Downloads are performed by the _apt user for security reasons.
> 
> -- 
> Debian Developer - deb.li/jak | jak-linux.org - free software dev
>   |  Ubuntu Core Developer |
> When replying, only quote what is necessary, and write each reply
> directly below the part(s) it pertains to ('inline').  Thank you.
> 
> 

Hi,

You may want to read the stretch release-notes, which document this
change.  :)

https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#apt-unpriv-acquire

Thanks,
~Niels

Bug#866325: charon-systemd: Install charon-systemd.conf

2017-06-28 Thread Gerald Turner 
Control: tags -1 + patch

On Wed, Jun 28 2017, Gerald Turner wrote:
> Please install this file to /etc/strongswan.d/charon-systemd.conf.

Attached is a patch which installs this file via quilt patch suitable
for upstreaming.

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D
commit f09f857f6c3fe9d4f648fbcd22603b14612b58ab
Author: Gerald Turner 
Date:   Wed May 10 16:07:00 2017 -0700

Install ‘/etc/strongswan.d/charon-systemd.conf’ with charon-systemd package.

Upstream contains source ‘conf/options/charon-systemd.conf’ which is like
‘conf/options/charon-logging.conf’, however there is a bug with configure that
it is not included in the install target.  Added quilt patch
05_install-charon-systemd-conf.patch which fixes configure.

diff --git a/debian/charon-systemd.install b/debian/charon-systemd.install
index 3b62aade..6ab3af8f 100644
--- a/debian/charon-systemd.install
+++ b/debian/charon-systemd.install
@@ -1,2 +1,4 @@
+etc/strongswan.d/charon-systemd.conf
 lib/systemd/system/strongswan-swanctl.service
 usr/sbin/charon-systemd
+usr/share/strongswan/templates/config/strongswan.d/charon-systemd.conf
diff --git a/debian/patches/05_install-charon-systemd-conf.patch b/debian/patches/05_install-charon-systemd-conf.patch
new file mode 100644
index ..67eb976f
--- /dev/null
+++ b/debian/patches/05_install-charon-systemd-conf.patch
@@ -0,0 +1,10 @@
+--- a/configure.ac
 b/configure.ac
+@@ -1724,6 +1724,7 @@ AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"])
+ AM_COND_IF([USE_SCEPCLIENT], [strongswan_options=${strongswan_options}" scepclient"])
+ AM_COND_IF([USE_PKI], [strongswan_options=${strongswan_options}" pki"])
+ AM_COND_IF([USE_SWANCTL], [strongswan_options=${strongswan_options}" swanctl"])
++AM_COND_IF([USE_SYSTEMD], [strongswan_options=${strongswan_options}" charon-systemd"])
+ 
+ AC_SUBST(strongswan_options)
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 6d7cc1df..949de693 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 01_fix-manpages.patch
 03_systemd-service.patch
 04_disable-libtls-tests.patch
+05_install-charon-systemd-conf.patch


signature.asc
Description: PGP signature

Bug#866324: [Pkg-swan-devel] Bug#866324: strongswan-swanctl: Install empty directories that ‘swanctl --load-all’ expects

2017-06-28 Thread Yves-Alexis Perez 
On Wed, 2017-06-28 at 13:42 -0700, Gerald Turner wrote:
> Whenever strongswan-swanctl.service is started, it logs warnings like:
> 
>   “opening directory '/etc/swanctl/x509' failed: No such file or directory”
> 
> I believe that, similar to how the strongswan-starter package installs
> empty directores that are scanned by the charon daemon
> (‘/etc/ipsec.d/cacerts’, etc.), that the strongswan-swanctl package
> should also have it's dependent directores installed.
> 
> This would eliminate the [harmless] log messages and also aid in
> discovery for and admins setting up strongswan-swanctl for the first
> time.
I don't have those logs message, because the folders actually exist here, so I
somehow have the feeling that strongSwan actually created the directories
itself.

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Bug#866324: strongswan-swanctl: Install empty directories that ‘swanctl --load-all’ expects

2017-06-28 Thread Gerald Turner 
Control: tags -1 + patch

Attached is a patch installs these directories.

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D
commit 43103f99391a5683cba327174e53986b2c8d0981
Author: Gerald Turner 
Date:   Wed May 10 14:44:49 2017 -0700

Install empty directories that ‘swanctl --load-all’ expects.

Furthermore some of these directories exist to hold private keys (read by
‘swanctl --load-creds’) and need tighter permissions (0700 instead of 0755).

There is no harm if these directories do not exist, however swanctl will emit
log messages (e.g. “opening directory '/etc/swanctl/x509' failed: No such file
or directory” under subsystem ‘lib’, log level 1).

diff --git a/debian/rules b/debian/rules
index 724b684e..dacdb645 100755
--- a/debian/rules
+++ b/debian/rules
@@ -205,10 +205,15 @@ endif
 	sed -r 's/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf > $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp
 	mv $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf
 
-	# set permissions on ipsec.secrets
+	# set permissions on ipsec.secrets and private key directories
 	chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets
 	chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/
 	chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/
+	chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/bliss/
+	chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/ecdsa/
+	chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/pkcs8/
+	chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/private/
+	chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/rsa/
 
 	# this is handled by update-rc.d
 	rm -rf $(CURDIR)/debian/strongswan-starter/etc/rc?.d
@@ -231,7 +236,15 @@ override_dh_strip:
 	dh_strip --dbgsym-migration='strongswan-dbg (<< 5.3.5-2~)'
 
 override_dh_fixperms:
-	dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d -X var/lib/strongswan
+	dh_fixperms \
+		-X etc/ipsec.d \
+		-X etc/ipsec.secrets \
+		-X etc/swanctl/bliss \
+		-X etc/swanctl/ecdsa \
+		-X etc/swanctl/pkcs8 \
+		-X etc/swanctl/private \
+		-X etc/swanctl/rsa \
+		-X var/lib/strongswan
 
 override_dh_makeshlibs:
 	dh_makeshlibs -n -X usr/lib/ipsec/plugins
diff --git a/debian/strongswan-swanctl.dirs b/debian/strongswan-swanctl.dirs
new file mode 100644
index ..77d36958
--- /dev/null
+++ b/debian/strongswan-swanctl.dirs
@@ -0,0 +1,13 @@
+/etc/swanctl/bliss
+/etc/swanctl/ecdsa
+/etc/swanctl/pkcs12
+/etc/swanctl/pkcs8
+/etc/swanctl/private
+/etc/swanctl/pubkey
+/etc/swanctl/rsa
+/etc/swanctl/x509
+/etc/swanctl/x509aa
+/etc/swanctl/x509ac
+/etc/swanctl/x509ca
+/etc/swanctl/x509crl
+/etc/swanctl/x509ocsp
diff --git a/debian/strongswan-swanctl.lintian-overrides b/debian/strongswan-swanctl.lintian-overrides
new file mode 100644
index ..0b0dad9e
--- /dev/null
+++ b/debian/strongswan-swanctl.lintian-overrides
@@ -0,0 +1,7 @@
+# Directories containing private keys which are read by ‘swanctl --load-creds’
+# need tighter permissions
+strongswan-swanctl: non-standard-dir-perm etc/swanctl/bliss/ 0700 != 0755
+strongswan-swanctl: non-standard-dir-perm etc/swanctl/ecdsa/ 0700 != 0755
+strongswan-swanctl: non-standard-dir-perm etc/swanctl/pkcs8/ 0700 != 0755
+strongswan-swanctl: non-standard-dir-perm etc/swanctl/private/ 0700 != 0755
+strongswan-swanctl: non-standard-dir-perm etc/swanctl/rsa/ 0700 != 0755


signature.asc
Description: PGP signature

Bug#866325: charon-systemd: Install charon-systemd.conf

2017-06-28 Thread Gerald Turner 
Package: charon-systemd
Version: 5.5.1-4
Severity: normal

Dear Maintainer,

Upstream contains source ‘conf/options/charon-systemd.conf’ which is
like ‘conf/options/charon-logging.conf’.

Like the discoverability of strongswan-starter logging configuration
that charon-logging.conf provides, this charon-systemd.conf file
documents the ‘charon-systemd.journal’ configuration prefix.

Please install this file to /etc/strongswan.d/charon-systemd.conf.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (601, 'stable'), (500, 'stable-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages charon-systemd depends on:
ii  init-system-helpers   1.48
ii  libc6 2.24-11+deb9u1
ii  libstrongswan 5.5.1-4
ii  libsystemd0   232-25
ii  strongswan-libcharon  5.5.1-4
ii  strongswan-swanctl5.5.1-4

charon-systemd recommends no packages.

charon-systemd suggests no packages.

-- no debconf information

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D


signature.asc
Description: PGP signature

Bug#866328: user-setup: allow to preseed the user shell

2017-06-28 Thread Luca Boccassi 
Package: user-setup
Tags: patch
Severity: wishlist

Dear Maintainer,

It would be useful to allow preseeding the user shell.

The use case we have at work is building live Debian images and
shipping them to users, where we need to have something other than bash
as the live user shell.

This could be achieved with hacky posthook scripts that sed
/etc/passwd, but it just feels wrong :-)

Attached is a very small and simple patch to add a passwd/user-shell
configurable option, modeled after passwd/user-uid.

Thank you!

Kind regards,
Luca Boccassi


From 80480267a470793b77c336fa49c24a864e647bea Mon Sep 17 00:00:00 2001
From: Luca Boccassi 
Date: Wed, 28 Jun 2017 19:21:10 +0100
Subject: [PATCH] Add passwd/user-shell to preseed the user shell

In some cases it is useful to be able to configure the user shell via
the installer. Especially when building live-images to deliver to users.

Add a new optional db_get passwd/user-shell and pass it to
adduser/useradd --shell/-s if it is set.
---
 debian/user-setup-udeb.templates |  5 +
 user-setup-apply | 14 --
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/debian/user-setup-udeb.templates b/debian/user-setup-udeb.templates
index 45e16b4..64731de 100644
--- a/debian/user-setup-udeb.templates
+++ b/debian/user-setup-udeb.templates
@@ -16,6 +16,11 @@ Template: passwd/user-uid
 Type: string
 Description: for internal use only
 
+# Allow preseeding the shell configured for the first created user
+Template: passwd/user-shell
+Type: string
+Description: for internal use only
+
 # Allow preseeding the groups to which the first created user is added
 Template: passwd/user-default-groups
 Type: string
diff --git a/user-setup-apply b/user-setup-apply
index f24ece2..9dfcf55 100755
--- a/user-setup-apply
+++ b/user-setup-apply
@@ -109,6 +109,16 @@ if [ "$RET" = true ] && ! is_system_user; then
UIDOPT=
fi
 
+   if db_get passwd/user-shell && [ "$RET" ]; then
+   if [ -x $ROOT/usr/sbin/adduser ]; then
+   SHELLOPT="--shell $RET"
+   else
+   SHELLOPT="-s $RET"
+   fi
+   else
+   SHELLOPT=
+   fi
+
# Add the user to the database, using adduser in noninteractive
# mode.
db_get passwd/username
@@ -121,9 +131,9 @@ if [ "$RET" = true ] && ! is_system_user; then
fi
 
if [ -x $ROOT/usr/sbin/adduser ]; then
-   $log $chroot $ROOT adduser --disabled-password --gecos "$RET" 
$UIDOPT "$USER" >/dev/null || true
+   $log $chroot $ROOT adduser --disabled-password --gecos "$RET" 
$UIDOPT $SHELLOPT "$USER" >/dev/null || true
else
-   $log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT 
>/dev/null || true
+   $log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT 
$SHELLOPT >/dev/null || true
fi
 
# Clear the user password from the database.
-- 
2.11.0


signature.asc
Description: This is a digitally signed message part

Bug#866326: strongswan-swanctl: Include ‘/etc/swanctl/conf.d/*.conf’ from ‘/etc/swanctl/swanctl.conf’

2017-06-28 Thread Gerald Turner 
Package: strongswan-swanctl
Version: 5.5.1-4
Severity: normal

Dear Maintainer,

Similar to how an administrator could create files like
‘/etc/strongswan.d/99-custom-logging.conf’ or
‘/etc/strongswan.d/charon/99-kernel-netlink.conf’ rather than
customizing any of the dpkg-maintained conffiles, administrators should
be able to create files like ‘/etc/swanctl/conf.d/99-vpn.conf’, while
leaving ‘/etc/swanctl/swanctl.conf’ unaltered, so that package upgrades
don't prompt when local modifications are detected.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (601, 'stable'), (500, 'stable-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages strongswan-swanctl depends on:
ii  libc6  2.24-11+deb9u1
ii  libstrongswan  5.5.1-4

strongswan-swanctl recommends no packages.

strongswan-swanctl suggests no packages.

-- no debconf information

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D


signature.asc
Description: PGP signature

Bug#866327: charon-systemd: Create AppArmor profiles for /usr/sbin/swanctl and /usr/sbin/charon-systemd

2017-06-28 Thread Gerald Turner 
Package: charon-systemd
Version: 5.5.1-4
Severity: normal

Dear Maintainer,

Similar to how strongswan-charon and strongswan-starter have AppArmor
profiles for /usr/lib/ipsec/charon and /usr/lib/ipsec/stroke, the
charon-systemd and strongswan-charon packages should have AppArmor
profiles as well.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (601, 'stable'), (500, 'stable-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages charon-systemd depends on:
ii  init-system-helpers   1.48
ii  libc6 2.24-11+deb9u1
ii  libstrongswan 5.5.1-4
ii  libsystemd0   232-25
ii  strongswan-libcharon  5.5.1-4
ii  strongswan-swanctl5.5.1-4

charon-systemd recommends no packages.

charon-systemd suggests no packages.

-- no debconf information

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D


signature.asc
Description: PGP signature

Bug#866323: clutter-gtk: [INTL:de] Initial German translation

2017-06-28 Thread Chris Leick 

Package: clutter-gtk
Version: 1.8.2
Severity: wishlist
Tags: l10n patch



Hi,

please find attached the initial German translation.

Kind regards,
Chris


de.po.gz
Description: application/gzip

Bug#866324: strongswan-swanctl: Install empty directories that ‘swanctl --load-all’ expects

2017-06-28 Thread Gerald Turner 
Package: strongswan-swanctl
Version: 5.5.1-4
Severity: normal

Dear Maintainer,

Whenever strongswan-swanctl.service is started, it logs warnings like:

  “opening directory '/etc/swanctl/x509' failed: No such file or directory”

I believe that, similar to how the strongswan-starter package installs
empty directores that are scanned by the charon daemon
(‘/etc/ipsec.d/cacerts’, etc.), that the strongswan-swanctl package
should also have it's dependent directores installed.

This would eliminate the [harmless] log messages and also aid in
discovery for and admins setting up strongswan-swanctl for the first
time.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (601, 'stable'), (500, 'stable-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages strongswan-swanctl depends on:
ii  libc6  2.24-11+deb9u1
ii  libstrongswan  5.5.1-4

strongswan-swanctl recommends no packages.

strongswan-swanctl suggests no packages.

-- no debconf information

-- 
Gerald Turner Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D


signature.asc
Description: PGP signature

Bug#866322: lintian: false positive: r-data-without-readme-source

2017-06-28 Thread Dylan 
Package: lintian
Version: 2.5.51
Severity: normal

Hi,
Lintian emits the tag r-data-without-readme-source for my packages
(i.e. r-cran-ape and r-cran-calibrate) with *.Rdata files although
that the README.source file is present. After checking some others R
packages from the Debian Med team (ex: r-bioc-affy, r-bioc-annotate,
...), it seems that the tag is always emits when *.Rdata files are
present although that the README.source file is present.

Best regards,
Dylan

Bug#863663: libgstreamer1.0-0: plays MJPEG AVI files (and possibly other formats) at degraded quality

2017-06-28 Thread Francesco Poli 
On Tue, 27 Jun 2017 23:34:08 +0200 Francesco Poli wrote:

[...]
> Is there any alternative approach?

Just to clarify: while waiting for [bug 783267] to be fixed[^NOTE],
I am looking for a workaround.

[bug 783267]: 

[^NOTE]: by the way, is there any progress?!? could someone please
 fix the bug once and for all?!?

I was trying to adjust the ranks from within the application in order
to convince the GStreamer library to select the equivalent of the
following pipeline for MJPEG AVI files:

  $ gst-launch-1.0 filesrc location=wave_anim.avi \! avidemux \! jpegparse \! 
avdec_mjpeg \! videoconvert \! autovideosink

But all my attempts seem to fail.

On the other hand, since in my use case all the movies are MJPEG AVI
files, another temporary workaround could be to force the above
pipeline manually.

Could someone please help me?

The application is pdf-presenter-console also known as [pdfpc].
The code that sets the GStreamer pipeline is (I think) in the
establish_pipeline() method included in the file
[src/classes/action/movie.vala].
I believe that this method sets up a generic pipeline (suitable for any
file format supported by GStreamer).
How should I modify that method to force the use of the above mentioned
pipeline (avidemux \! jpegparse \! avdec_mjpeg \! videoconvert), which
is only suitable for MJPEG AVI files?

[pdfpc]: 

[src/classes/action/movie.vala]: 



 
> P.S.: Please Cc me, as well as the Debian bug address and the
> gstreamer-devel mailing list. Thanks for your understanding!


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpG_Z2z731gY.pgp
Description: PGP signature

Bug#866321: frozen-bubble: uses deprecated POSIX::tmpnam()

2017-06-28 Thread Niko Tyni 
Package: frozen-bubble
Version: 2.212-7
Severity: normal
User: debian-p...@lists.debian.org
Usertags: perl-5.26-transition

This package uses POSIX::tmpnam(), deprecated in Perl 5.22
and removed in 5.26 (currently in experimental.)

/usr/games/frozen-bubble:6024:do { $filename = POSIX::tmpnam() }

It looks like this is in the '--replay' code path and not the
game itself, so filing at 'normal' for now.
-- 
Niko Tyni   nt...@debian.org

Bug#858664: RFS: dfc/3.1.0-1 [ITA]

2017-06-28 Thread sab 

  Package: sponsorship-requests
  Severity: normal [important for RC bugs, wishlist for new packages]

  Dear mentors,

  I am looking for a sponsor for my package "dfc":

 * Package name: dfc

   Version : 3.1.0
   Upstream Author : Robin Hahling
 * URL :https://projects.gw-computing.net/projects/dfc
 * License : BSD-3-Clause
   Section : utils

  It builds those binary packages:

dfc - display file system usage using graph and colors


  To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/dfc


  Alternatively, one can download the package with dget using this command:

  dget -xhttps://mentors.debian.net/debian/pool/main/d/dfc/dfc_3.1.0-1.dsc

  Changes since the last upload:

  I have changed upstream source to the new dfc version.

  Regards,
  Sabino

Bug#866320: libspreadsheet-writeexcel-perl: uses deprecated POSIX::tmpnam()

2017-06-28 Thread Niko Tyni 
Package: libspreadsheet-writeexcel-perl
Version: 2.40-1
Severity: normal
User: debian-p...@lists.debian.org
Usertags: perl-5.26-transition

This package uses POSIX::tmpnam(), deprecated in Perl 5.22
and removed in 5.26 (currently in experimental.)

 lib/Spreadsheet/WriteExcel/Workbook.pm:$tmp_dir = "POSIX::tmpnam() 
directory" if not $fh;
 lib/Spreadsheet/WriteExcel/Worksheet.pm:$tmp_dir = "POSIX::tmpnam() 
directory" if not $fh;

It looks like this is fallback code that might not be active
so filing at 'normal' for now.
-- 
Niko Tyni   nt...@debian.org

Bug#864969: gnat: Ada.Locales ignores setting of LANG

2017-06-28 Thread Nicolas Boulenguez 
Package: gnat-7
Followup-For: Bug #864969
Control: retitle -1 Ada.Locales ignores setting of LANG
Control: tags -1 + upstream
Control: forwarded -1 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81243

Ada.Locales.Country_Code is a thin wrapper to locales.c.
void c_get_country_code (char4 p) {
   char *r = "ZZ";
   for (; *r != '\0'; p++, r++)
  *p = *r;
}
This looks like a forgotten placeholder.

Bug#866318: lxqt-runner should depend on lxqt-policykit and recomment lxqt-qtplugin

2017-06-28 Thread Alf Gaida 
Package: lxqt-runner
Version: 0.11.2~17-g27eca0b-3
Severity: normal
Tags: newcomer

lxqt-panel should depend on lxqt-policykit for shutdown. logout and restart 
actions.
lxqt-qtplugin should be at least recommended to pickup session settings

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-rc6-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxqt-runner depends on:
ii  libc6   2.24-12
ii  libgcc1 1:7.1.0-7
ii  libglib2.0-02.52.3-1
ii  libkf5windowsystem5 5.28.0-2
ii  liblxqt-globalkeys-ui0  0.11.2~36-g9e64d65-1
ii  liblxqt-globalkeys0 0.11.2~36-g9e64d65-1
ii  liblxqt00.11.2~13-g05e4153
ii  libmenu-cache3  1.0.3~7-g4695338-1
ii  libmuparser2v5  2.2.3-6
ii  libqt5core5a5.7.1+dfsg-3+b1
ii  libqt5gui5  5.7.1+dfsg-3+b1
ii  libqt5widgets5  5.7.1+dfsg-3+b1
ii  libqt5xdg2  2.0.1~54-g075f9f4-1
ii  libqt5xml5  5.7.1+dfsg-3+b1
ii  libstdc++6  7.1.0-7

Versions of packages lxqt-runner recommends:
ii  lxqt-runner-l10n  0.11.3~31-g70dd9ff4~1

lxqt-runner suggests no packages.

-- no debconf information

Bug#866319: openvswitch-vtep: Fails with an error about missing libs

2017-06-28 Thread Sean M. Collins 
Package: openvswitch-vtep
Version: 2.6.2~pre+git20161223-3
Severity: normal


The vtep-ctl binary appears to be missing something, and fails to
execute.


root@7dd518162735:/usr/src/app# vtep-ctl  --version
/usr/bin/vtep-ctl: error: '/usr/bin/.libs/vtep-ctl' does not exist
This script is just a wrapper for vtep-ctl.
See the libtool documentation for more information.


-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.2 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=C 
(charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages openvswitch-vtep depends on:
ii  openvswitch-common  2.6.2~pre+git20161223-3
ii  openvswitch-switch  2.6.2~pre+git20161223-3
ii  python  2.7.13-2
ii  python-openvswitch  2.6.2~pre+git20161223-3

openvswitch-vtep recommends no packages.

openvswitch-vtep suggests no packages.

-- no debconf information

-- 
Sean M. Collins

Bug#866317: html2ps: relies on deprecated Perl syntax/features, breaks with 5.26

2017-06-28 Thread Niko Tyni 
Package: html2ps
Version: 1.0b7-1
Severity: important
User: debian-p...@lists.debian.org
Usertags: perl-5.26-transition

In addition to the $[ deprecation (#740782), this package also relies
on other deprecated Perl features. These will become fatal in
Perl 5.26, currently in experimental.

 % html2ps /dev/null >/dev/null
 Use of assignment to $[ is deprecated at /usr/bin/html2ps line 3409.
 Unescaped left brace in regex is deprecated, passed through in regex; marked 
by <-- HERE in m//DH { <-- HERE / at /usr/bin/html2ps line 3834.
 Unescaped left brace in regex is deprecated, passed through in regex; marked 
by <-- HERE in m/\\patterns{ <-- HERE .*/ at /usr/bin/html2ps line 4085.
 Calling POSIX::tmpnam() is deprecated at /usr/bin/html2ps line 497.
 
-- 
Niko Tyni   nt...@debian.org

Bug#866313: systemd: create /var/log/lastlog if it does not exist

2017-06-28 Thread Michael Biebl 
Hi

Am 28.06.2017 um 21:50 schrieb Peter Colberg:
> Package: systemd
> Version: 233-9
> Severity: normal
> 
> Dear Maintainer,
> 
> Could you extend /usr/lib/tmpfiles.d/var.conf as follows?
> 
> f /var/log/lastlog 0664 root utmp -
> 
> systemd already creates /var/log/wtmp and /var/log/btmp if they do not
> exist. For custom live-boot images that exclude files under /var/log/,
> it would be nice to also create /var/log/lastlog, e.g., for sshd:
> 
> # grep lastlog /var/log/auth.log
> Jun 27 20:00:00 huron sshd[1234]: lastlog_openseek: Couldn't stat 
> /var/log/lastlog: No such file or directory

I can see the reason why /var/log/{utmp,wtmp} are shipped by systemd.
See man systemd-update-utmp

I don't immediately see a good reason why such a tmpfile for lastlog
would belong into systemd though, given that systemd does not touch that
file at all.
Can you please elaborate?
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#866316: ITP: svgpp -- SVG-framework with parsers for various syntaxes and adapters

2017-06-28 Thread Anton Gladky 
Package: wnpp
Severity: wishlist
Owner: Anton Gladky 

* Package name: svgpp
  Version : 1.2.3
  Upstream Author : Oleg Maximenko 
* URL : https://github.com/svgpp/svgpp
* License : Boost
  Programming Lang: C++
  Description : SVG-framework with parsers for various syntaxes and adapters

The library can be thought of as a framework, containing parsers for various
SVG syntaxes, adapters that simplify handling of parsed data and a lot of
other utilities and helpers for the most common tasks.  SVG++ features

* Is a header-only library
* Can be used with any XML parser
* Compile time configured - no virtual functions
* Minimal runtime overhead - you pay only for what you get
* Fully functional, conforming SVG viewers
* Simple in-app SVG rasterizers
* Import modules of vector editing software
* Implementing path-only input of SVG format with minimal efforts
  in any graphics or math software
* Compatible with C++03, but requires conforming implementation

The package will be hosted on collab-maint.

Anton

Bug#866315: libgcj-common: dh_nativejava uses deprecated POSIX::tmpnam()

2017-06-28 Thread Niko Tyni 
Package: libgcj-common
Version: 1:6.3-4
Severity: important
User: debian-p...@lists.debian.org
Usertags: perl-5.26-transition

The dh_nativejava program uses POSIX::tmpnam(), which was deprecated in
Perl 5.22.and is removed in Perl 5.26 (currently in experimental.)

Please use File::Temp instead.
-- 
Niko Tyni   nt...@debian.org

Bug#866314: linux-image-4.9.0-3-686-pae: 100+ times slower disk writes on 4.x+/i386/16+RAM, compared to 3.x

2017-06-28 Thread Holger Levsen 
package: linux-image-4.9.0-3-686-pae
version: 4.9.30-2+deb9u2
# severity: important ?
forwarded: https://bugzilla.kernel.org/show_bug.cgi?id=196157

Hi,

upon upgrading the i386 build nodes for tests.reproducible-builds.org to Stretch
I noticed a huge performance loss, which I could "fix" by installing 
linux-image-4.9.0-3-amd64:amd64 (version 4.9.30-2+deb9u2 too).
(which btw is a nice example for Multiarchs's usefulness…)

Today Vagrant pointed me to https://bugzilla.kernel.org/show_bug.cgi?id=196157
which is the upstream issue tracking this.

I'm filing this bug for the benefit of other Debian users and for myself to
benefit from the BTS subscription and tracking features…

We want to run half of our i386 build nodes with a 32 bit kernel and the other
half with an 64 bit kernel to test reproducibility under this variation, so
I'm really looking forward to see this bug fixed soon. Other people can
probably just keep running the amd64 kernel, thus I've decided for normal 
severity for this issue.

Thanks for maintaining src:linux!


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#866313: systemd: create /var/log/lastlog if it does not exist

2017-06-28 Thread Peter Colberg 
Package: systemd
Version: 233-9
Severity: normal

Dear Maintainer,

Could you extend /usr/lib/tmpfiles.d/var.conf as follows?

f /var/log/lastlog 0664 root utmp -

systemd already creates /var/log/wtmp and /var/log/btmp if they do not
exist. For custom live-boot images that exclude files under /var/log/,
it would be nice to also create /var/log/lastlog, e.g., for sshd:

# grep lastlog /var/log/auth.log
Jun 27 20:00:00 huron sshd[1234]: lastlog_openseek: Couldn't stat 
/var/log/lastlog: No such file or directory

Regards,
Peter

Bug#866085: At least it should be the option to not download

2017-06-28 Thread Holger Wansing 
Hi,

Am Mittwoch 28. Juni 2017 schrieb Narcis Garcia:
> > 
> > If you are doing an install party, set up a proxy server.  That really
> > really helps a lot.
> > 
> 
> Not only experts should be able to do an install party; some more people
> wants to share small knowledge and experiences.

You could also download a CD or DVD image and burn 10 or
20 discs. That allows installation without internet connection
on many machines at the same time.
And you have something to hand out to the people ...

Holger  

-- 
Sent from my Jolla phone
http://www.jolla.com/

Bug#866312: mutt: mailspell uses deprecated POSIX::tmpnam()

2017-06-28 Thread Niko Tyni 
Package: mutt
Version: 1.8.3+neomutt20170609-2
Severity: normal
User: debian-p...@lists.debian.org
Usertags: perl-5.26-transition

The mailspell helper uses POSIX::tmpnam(), which was deprecated in
Perl 5.22.and is removed in Perl 5.26 (currently in experimental.)

  % /usr/lib/mutt/mailspell /dev/null
  Calling POSIX::tmpnam() is deprecated at /usr/lib/mutt/mailspell line 37.

Please use File::Temp instead.
-- 
Niko Tyni   nt...@debian.org

Bug#865929: Advice on dealing with GRUB upgrade failure caused by init-select

2017-06-28 Thread Niko Tyni 
On Sun, Jun 25, 2017 at 11:37:13PM +0100, Colin Watson wrote:

> I could arrange for the relevant grub2 postinst scripts to remove
> /etc/default/grub.d/init-select.cfg entirely when appropriate conditions
> apply.  In addition to a self-defence argument, this is further
> justified by the fact that grub2 now provides a similar facility of its
> own as of 2.02~beta2-20: if other init daemons are installed, then
> grub-mkconfig generates additional menu items for them (although there
> are no arrangements to migrate the default choice from
> /etc/default/init).  This would still violate policy §10.7.3/10.7.4,
> although it seems to be the favoured option of the debian-devel thread,
> and it is the least bad option I can see so far.

I also think this is acceptable.

As init-select is gone from stretch and sid, and particularly given the
other circumstances, I think you should feel free to take over management
of the offending conffile that used your extension facility.

Viewed this way, I'm not sure there's an inherent policy violation here
at all (assuming you only remove the file if it's unmodified etc.)
All you're doing is adopting a configuration file and removing it on
upgrade as obsolete.

Obviously moving configuration files should only be done between
cooperative packages and hostile takeovers are not OK, but that's not
an issue here.

If init-select actually had a future in sid/buster, things would be
a bit messier I think...

As for possible policy changes, this seems such a corner case to me that
they'd be a bit overkill. But I'm certainly not opposing such changes.
-- 
Niko Tyni   nt...@debian.org

  1   2   3   >