Bug#891821: plasma-discover: discover remains in state "looking for updates"

[luca]

Package: plasma-discover
Version: 5.12.2-1
Severity: normal

Dear Maintainer,

plasma discover, if no updates are present, remains in state "looking for
updates" while it should indicate "system is up to date"

Anyway i can close the window.



-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages plasma-discover depends on:
ii  appstream 0.11.8-3
ii  kio   5.42.0-3
ii  libappstreamqt2   0.11.8-3
ii  libc6 2.26-6
ii  libkf5attica5 5.42.0-2
ii  libkf5configcore5 5.42.0-2
ii  libkf5configwidgets5  5.42.0-2
ii  libkf5coreaddons5 5.42.0-2
ii  libkf5crash5  5.42.0-2
ii  libkf5dbusaddons5 5.42.0-2
ii  libkf5declarative55.42.0-2
ii  libkf5i18n5   5.42.0-3
ii  libkf5itemmodels5 5.42.0-2
ii  libkf5kiocore55.42.0-3
ii  libkf5kiowidgets5 5.42.0-3
ii  libkf5newstuffcore5   5.42.0-2
ii  libkf5notifications5  5.42.0-2
ii  libkf5service-bin 5.42.0-2
ii  libkf5service55.42.0-2
ii  libkf5widgetsaddons5  5.42.1-2
ii  libkf5xmlgui5 5.42.0-2
ii  libpackagekitqt5-11.0.1-1
ii  libqt5core5a  5.9.2+dfsg-12
ii  libqt5dbus5   5.9.2+dfsg-12
ii  libqt5gui55.9.2+dfsg-12
ii  libqt5network55.9.2+dfsg-12
ii  libqt5qml55.9.2-3
ii  libqt5quick5  5.9.2-3
ii  libqt5widgets55.9.2+dfsg-12
ii  libqt5xml55.9.2+dfsg-12
ii  libstdc++68-20180218-1
ii  packagekit1.1.7-1
ii  plasma-discover-common5.12.2-1
ii  qml-module-org-kde-kirigami2  5.42.0-3

Versions of packages plasma-discover recommends:
ii  software-properties-kde  0.96.20.2-1

Versions of packages plasma-discover suggests:
pn  plasma-discover-backend-flatpak  

-- no debconf information

Bug#891819: dovecot: CVE-2017-14461: rfc822_parse_domain information leak vulnerability

[Salvatore Bonaccorso]

Source: dovecot
Version: 1:2.2.13-11
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for dovecot.

CVE-2017-14461[0]:
rfc822_parse_domain information leak vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461

Regards,
Salvatore

Bug#891820: dovecot: CVE-2017-15130: TLS SNI config lookups are inefficient and can be used for DoS

[Salvatore Bonaccorso]

Source: dovecot
Version: 1:2.2.13-11
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for dovecot.

CVE-2017-15130[0]:
TLS SNI config lookups are inefficient and can be used for DoS

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15130

Regards,
Salvatore

Bug#891818: libxmltooling7: 1.6.0-4+deb9u1 security update amd64 build missing

[Mika Tiainen]

Package: libxmltooling7
Version: 1.6.0-4+deb9u1
Severity: important
Tags: security

Hi,

There are no amd64 packages for 1.6.0-4+deb9u1 at
http://security.debian.org/pool/updates/main/x/xmltooling/ only arch all
xmltooling-schemas_1.6.0-4+deb9u1_all.deb

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libxmltooling7 depends on:
ii  libc6  2.24-11+deb9u1
ii  libcurl3   7.52.1-5+deb9u4
ii  libgcc11:6.3.0-18+deb9u1
ii  liblog4shib1v5 1.0.9-3
ii  libssl1.0.21.0.2l-2+deb9u2
ii  libstdc++6 6.3.0-18+deb9u1
ii  libxerces-c3.1 3.1.4+debian-2
ii  libxml-security-c17v5  1.7.3-4

libxmltooling7 recommends no packages.

libxmltooling7 suggests no packages.

-- no debconf information

Bug#891816: ITP: node-prismjs -- Lightweight, robust, elegant syntax highlighting

[Pirate Praveen]

Package: wnpp
Severity: wishlist
Owner: Pirate Praveen 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-prismjs
  Version : 1.11.0
  Upstream Author : Lea Verou
* URL : https://github.com/LeaVerou/prism#readme
* License : Expat
  Programming Lang: JavaScript
  Description : Lightweight, robust, elegant syntax highlighting

 A spin-off project from Dabblet. Some of its unique features include:
  * It’s tiny. The core is only 1.5KB minified & gzipped.
  * It’s incredibly extensible. Not only it’s easy to add new languages, but
also to extend existing ones.
  * It encourages good author practices. Other highlighters encourage or
even
force you to use elements that are semantically wrong, like 
(on its
own) or 

Bug#891817: transition: petsc

[Drew Parsons]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

I'd like to proceed with the transition of petsc (and slepc) from 3.7
to 3.8. 

I've confirmed rdepends getdp, sundials and deal.ii will build. dolfin
will build after a source upload (it has a tight dependency on the
petsc version)

I've reorganised the packaging so there are no longer patch-specific
packages, just the minor version (libpetsc-real3.8 and
libpetsc-complex3.8 instead of libpetsc3.7.7 and
libpetsc-complex-3.7.7).  

I added "real" to the package name (for real number support) to get
naming symmetry with the complex number package, and to better reflect the
soname of the library.

I will also update slepc from 3.7 to 3.8 as part of this transition.


Ben file:

title = "petsc";
is_affected = .depends ~ "libpetsc3.7.7" | .depends ~ "libpetsc-real3.8";
is_good = .depends ~ "libpetsc-real3.8";
is_bad = .depends ~ "libpetsc3.7.7";


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#891815: qmidinet should not have jackd server dependency

[John Belmonte]

Package: qmidinet
Severity: important

Dear Maintainer,

Please remove the jackd dependency from qmidinet.  While the libjack
dependency is needed to support integration with jack midi,
qmidinet in no way requires running jackd server to operate.

  https://sources.debian.org/src/qmidinet/0.5.0-1/debian/control/#L25

Regards,
--John

Bug#873094: RFS: granite/0.4.1-1 [ITP]

[Yangfl]

2018-03-01 4:37 GMT+08:00 Tobias Frost :
> Hi Yangfl,
>
> the package has now been accepted.
> However, I noticed that it targets "experimental", something I missed
> in the last review. Can you prepare another upload for unstable?
>
> And please tag the release on salsa! TIA!
>
> --
> tobi

Uploaded to https://salsa.debian.org/pkg-deepin-team/granite . Thanks
for your reminder.

Bug#891327: Depends on minidb package

[tony mancill]

On Sat, Feb 24, 2018 at 03:29:32PM +0100, Maxime Werlen wrote:
> Package: gpodder
> Version: 3.10.1-1
> 
> Hi,
> 
> I have packaged minidb 2.0.2 as a debian package to update project
> urlwatch. Could you please depends on minidb package instead of a local
> copy for your next versions of gpodder ?


Hello Maxime,

Thank you for the pointer.  I'll work on a patch to gpodder use the
minidb package.

Cheers,
tony


signature.asc
Description: PGP signature

Bug#891814: exim4-base: changes to update-exim4.conf COMPLETELY fail to respect BASIC rules: DO NOT BREAK CONFIGS

[root]

Package: exim4-base
Version: 4.90.1-1
Severity: important


guys.  this is really serious.  i have been running an exim4 system, live,
for over 12 years.  it's an extremely complex and comprehensive setup that
cannot just be blithely "upgraded" without a hell of a lot of work.

you've just completely ignored the most BASIC rules of being a maintainer
for a package: DON'T fuck with peoples' configurations.

it is just a pure coincidence that i happen to be migrating a server, and
happened to have an older version which is still live and has NOT been
upgraded.

if i had been forced into doing an upgrade on the live server (which has
happened at least once with exim4 in the past twelve years) it would have
been absolutely fucking disastrous.

running update-exim4.conf should JUST WORK.  your job is NOT to fucking
well IMPOSE on people arbitrary changes that are guaranteed to break a
mission-critical server!  it doesn't matter if you're
not being paid to work on this stuff because you're volunteers.  if
people are complaining and raising bugreports your response should
NOT BE TO BITCH AND BLAME THEM for quotes NOT READING THE DOCUMENTATION quotes,
your response should be, "oh fuck, *we* fucked up by BREAKING PEOPLE's
SYSTEMS AND CAUSING THEM SERIOUS PROBLEMS".

alright.  sorry for shouting, but if someone doesn't shout at you about
this, there's the risk that it might not get through that what you've done
and the approach you're taking is not ok (i can see in the install logs
the warning signs that you're blaming users for not reading documentation).



-- Package-specific info:

-- System Information:
Debian Release: 7.4
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exim4-base depends on:
ii  adduser3.113+nmu3
ii  anacron2.3-19
ii  cron [cron-daemon] 3.0pl1-124
ii  debconf [debconf-2.0]  1.5.59
ii  exim4-config [exim4-config-2]  4.90.1-1
ii  libc6  2.23-4
ii  libdb5.3   5.3.28-3
ii  lsb-base   4.1+Debian8+deb7u1
ii  netbase5.0

Versions of packages exim4-base recommends:
ii  bsd-mailx [mailx]  8.1.2-0.2006cvs-1
ii  psmisc 22.19-1+deb7u1

Versions of packages exim4-base suggests:
ii  bsd-mailx [mail-reader]  8.1.2-0.2006cvs-1
pn  exim4-doc-html | exim4-doc-info  
pn  eximon4  
ii  file 1:5.20-1
ii  mutt [mail-reader]   1.5.21-6.2+deb7u2
ii  openssl  1.0.1e-2+deb7u6
pn  spf-tools-perl   
pn  swaks

-- debconf information excluded

Bug#888636: epiphany-browser: Can't get quality above 360p on Youtube

[Byron]

On Sat, 27 Jan 2018 20:04:38 -0700 Byron  
wrote:

> Package: epiphany-browser
> Version: 3.22.7-1
> Severity: normal
>
> Dear Maintainer,
>
> First I should make it clear that although I am running Stretch, I 
downloaded
> and installed Epiphany from Flathub in order to get the latest 
stable version
> (3.26.5.1, to be exact.) In case you need to know, I'm using a 
1280x1024

> screen.
>
> I went to Youtube and watched any video. On the version of Epiphany 
which comes
> with Debian (3.22.7), I can get up to 720p resolution on videos that 
are shot
> in 1080p or 4K, but never above 720p. On Epiphany 3.26, I'm unable 
(as of yet)

> to find out how to get a resolution past 320p.
>
> I tried both Xorg and Xwayland with the same result. I'll try more 
as more

> ideas slowly come to my brain.
>
> I do a lot of media consumption so it would be nice to have sharper 
video.

>
> Thanks for your time. =)
>
>
>
> -- System Information:
> Debian Release: 9.3
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)

> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages epiphany-browser depends on:
> ii  dbus-user-session [default-dbus-session-bus]  1.10.24-0+deb9u1
> ii  dbus-x11 [dbus-session-bus]   1.10.24-0+deb9u1
> ii  epiphany-browser-data 3.22.7-1
> ii  gsettings-desktop-schemas 3.22.0-1
> ii  iso-codes 3.75-1
> ii  libavahi-client3  0.6.32-2
> ii  libavahi-common3  0.6.32-2
> ii  libavahi-gobject0 0.6.32-2
> ii  libc6 2.24-11+deb9u1
> ii  libcairo2 1.14.8-1
> ii  libgcr-base-3-1   3.20.0-5.1
> ii  libgcr-ui-3-1 3.20.0-5.1
> ii  libgdk-pixbuf2.0-02.36.5-2+deb9u2
> ii  libglib2.0-0  2.50.3-2
> ii  libgnome-desktop-3-12 3.22.2-1
> ii  libgtk-3-03.22.11-1
> ii  libjavascriptcoregtk-4.0-18   2.16.6-0+deb9u1
> ii  libnotify40.7.7-2
> ii  libpango-1.0-01.40.5-1
> ii  libpangocairo-1.0-0   1.40.5-1
> ii  libsecret-1-0 0.18.5-3.1
> ii  libsoup2.4-1  2.56.0-2+deb9u1
> ii  libsqlite3-0  3.16.2-5+deb9u1

Hmmm, while trying out Arch I'm using 3.26.6 and the resolutions are 
fine. Looks like it was some flatpaking issue or something, feel free 
to close the bug. =)

Bug#891813: RFS: i2pd/2.18.0-1 [ITP]

[Yangfl]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "i2pd"

 * Package name: i2pd
   Version : 2.18.0-1
   Upstream Author : R4SAS
 * URL : https://github.com/PurpleI2P/i2pd
 * License : BSD
   Section : net


  It builds those binary packages:

i2pd  - Full-featured C++ implementation of I2P client

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/i2pd


  Alternatively, one can download the package with dget using this command:

dget -x https://mentors.debian.net/debian/pool/main/i/i2pd/i2pd_2.18.0-1.dsc

  Git repo:

https://salsa.debian.org/yangfl-guest/i2pd

Regards,
Yangfl

Bug#886399: RFS: opencascade/7.2.0-1 [ITP]

[Kurt Kremitzki]

On 02/27/2018 12:02 PM, Tobias Frost wrote:

Hi,

just to avoid a dead-lock: you're still working on the package, nothing to
review atm?
Just let us know (and remove the moreinfo tag as sign) when ready for
the next round of review. (I'd like to avoid reviewing when not everything
has been implemented)

--
tobi



Yep, I'm still working on it--I got stuck for quite a while by the issue 
I mentioned in my reply to Anton (the dpkg-shlibdeps errors.) I just 
fixed this a couple of days ago (missing *.substvars files) so hopefully 
I should be able to wrap up the rest of your suggestions soon.


I do have a question regarding the naming of everything, though. 
According to `objdump -p lib*.so | grep SONAME`, where * is any of the 
objects provided by OpenCASCADE 7.2.0, the SONAME is just 7, although 
lib*.so and lib*.so.7 are both just symlinks to lib*.so.7.2.0. This 
creates some uncertainty...


To summarize:
1. When the OCC was in Debian previously, and its current form in the 
Ubuntu PPA, we had e.g. libopencascade-foundation-7.1.0

2. Anton suggested e.g. libopencascade-foundation-7.2
3. Appendix A of the Debian New Maintainer's Guide [1] suggests 
libopencascade-foundation7 is correct
4. Some packages also use the form libopencascade7-foundation, and this 
seems most correct to me


But which one should be used here? In the case of 4, would the -dev 
files just be e.g. libopencascade-foundation-dev? or libopencascade7-*-dev?


I suppose, also, that I should split opencascade-draw into a library and 
non-library part. I updated its description to reflect why it should be 
included:
	"Draw is a command interpreter based on TCL and a graphical system used 
to test and demonstrate Open CASCADE Technology modeling libraries."


Upstream requires bug reports to use it to show reproducibility of 
problems, and it's useful for learning the library, so it does need to 
be included.


Regarding the problematic binary name DRAWEXE, besides just getting rid 
of uppercase I thought perhaps it would be good to just rename it to 
e.g. `opencascade7-draw`. Thoughts?


I'll add the -doc package as well. What exactly would this be named, by 
the way, in light of my version question above? And while I'm at it, 
should I consider a -dbg package?



1. https://www.debian.org/doc/manuals/maint-guide/advanced.en.html#library

Bug#889608: Continuing to get core dumps with man-db

[John Sivak]

We have a winner. That build works on my system as well.

Let me know if you need any other assistance and thanks for tracking
down the issue.

John

On 02/28/2018 08:13 AM, Colin Watson wrote:
> On Sun, Feb 25, 2018 at 07:13:52PM -0500, John Sivak wrote:
>> On 02/25/2018 07:06 AM, Colin Watson wrote:
>>> Ah, right, no explicit path there. Can you try git master again
>>> (https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=122802046452c5d900a3d74b643d2089c4df58d2)?
>> Still not working. :(
>>
>> Stack trace attached for: strace -f -o man.trace -s 1024 man man
> OK, I finally cracked and installed a trial setup in a VM so that I
> could iterate more quickly.
> https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=eb88d394e8c3bed3953bbeb106f0dc5996c18621
> now works for me - please confirm.
>
> Thanks,
>

Bug#891281: DO NOT use file format of /bin/sh for x32 detection!

[Ben Elliston]

On Wed, Feb 28, 2018 at 03:55:57PM +0100, Thorsten Glaser wrote:

> I really have no other idea that???s in scope. After all,
> CC_FOR_BUILD is the *only* tool guaranteed to correspond to the
> target (in FreeWRT speak; --build= in GNU autotools speak) system.

We're trying to guess the build system, not the target. When
configuring cross-tools, it has always been necessary to specify the
target triplet with --target.

In a native environment, there should be numerous ways of determining
the system ABI (if it matters) without invoking a C compiler (which is
often not installed, leading to spurious problem reports from users).

Ben


signature.asc
Description: PGP signature

Bug#891812: util-linux: FTBFS on hurd-i386: calls pty_init_slave unconditionally

[Samuel Thibault]

Aaron M. Ucko, on mer. 28 févr. 2018 19:47:40 -0500, wrote:
>   login-utils/su-common.c:1427:3: warning: implicit declaration of function 
> 'pty_init_slave'; did you mean 'initstate'? [-Wimplicit-function-declaration]
>   [...]
>   ./login-utils/su-common.c:1427: undefined reference to `pty_init_slave'

IIRC I got a fix commited upstream

Samuel

Bug#891281: DO NOT use file format of /bin/sh for x32 detection!

[James Clarke]

On 1 Mar 2018, at 00:50, Ben Elliston  wrote:
> 
> On Wed, Feb 28, 2018 at 03:55:57PM +0100, Thorsten Glaser wrote:
> 
>> I really have no other idea that???s in scope. After all,
>> CC_FOR_BUILD is the *only* tool guaranteed to correspond to the
>> target (in FreeWRT speak; --build= in GNU autotools speak) system.
> 
> We're trying to guess the build system, not the target. When
> configuring cross-tools, it has always been necessary to specify the
> target triplet with --target.

Thorsten is not doing a cross-compile; the native system is x32, with an
x32->x32 compiler. The exception is that the odd binary is amd64 rather than
x32, so it's not a *pure* system, but build=host=target=x32.

James

> In a native environment, there should be numerous ways of determining
> the system ABI (if it matters) without invoking a C compiler (which is
> often not installed, leading to spurious problem reports from users).
> 
> Ben

Bug#891812: util-linux: FTBFS on hurd-i386: calls pty_init_slave unconditionally

[Aaron M. Ucko]

Source: util-linux
Version: 2.31.1-0.4
Severity: important
Tags: upstream
Justification: fails to build from source (but built successfully in the past)
User: debian-h...@lists.debian.org
Usertags: hurd

Builds of util-linux for hurd-i386 (admittedly not a release
architecture) have been failing lately:

  login-utils/su-common.c:1427:3: warning: implicit declaration of function 
'pty_init_slave'; did you mean 'initstate'? [-Wimplicit-function-declaration]
  [...]
  ./login-utils/su-common.c:1427: undefined reference to `pty_init_slave'

AFAICT, this call (and the corresponding if statement) should be
conditional on USE_PTY, as with the other pty_* calls.  (USE_PTY
requires , which the Hurd lacks.)

Could you please take a look?

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#891811: RFS: hoteldruid/2.2.2-1

[Marco M. F. De Santis]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "hoteldruid":

* Package name: hoteldruid
  Version : 2.2.2-1
  Upstream Author : Marco M. F. De Santis
* URL : http://www.hoteldruid.com
* License : AGPLv3
  Section : web

It builds those binary packages:

  hoteldruid - web-based property management system for hotels or B

To access further information about this package, please visit the 
following URL:


  https://mentors.debian.net/package/hoteldruid

Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/h/hoteldruid/hoteldruid_2.2.2-1.dsc


More information about hoteldruid can be obtained from 
http://www.hoteldruid.com.


Changes since the last upload:

  * New upstream release.
  * debian/control: updated Standards-Version and added
Rules-Requires-Root
  * debian/control: added recommendation on php-imap previously included
in core php packages
  * debian/install: changed AppStream metadata location as required by
new AppStream guidelines
  * debian/install: removed xpm icon and added 64x64 png icon
  * debian/extra/appdata/hoteldruid.appdata.xml: changed license to
CC0-1.0
  * debian/compat: updated debhelper compatibility level to 11

Regards,
Marco M. F. De Santis

Bug#891810: hplip not installable without systemd

[Juliusz Chroboczek]

Package: hplip
Version: 3.17.10+repack0-2

My systems are configured to avoid installing systemd.  This makes it
impossible to install hplip:

  hplip depends on policykit-1
  policykit-1 depends on libpam-systemd
  libpam-systemd depends on systemd

If you believe this is an issue with libpam-systemd, please reassign this
bug.  Thanks.

Bug#891809:

[starenka .]

Seems like installing newer mesa solves this for me:

apt install libgl1-mesa-dri -t experimental

---
In Perl you shoot yourself in the foot, but nobody can understand how you
did it. Six months later, neither can you. | print 'aknerats'[::-1]

Bug#891809: xserver-xorg-video-intel: Rapid page scrolling freezes whole system and after ~15s restarts X (i915)

[starenka]

Package: xserver-xorg-video-intel
Version: 2:2.99.917+git20171229-1
Severity: important

Hi folks,

whenever I pgup and pgdown severl times in Emacs buffer, my system freezes and
after a while it restarts X. I'd love to share more information, but I don't
know how to get relevant information, all I see in dmesg is:

[  110.997418] [drm] GPU HANG: ecode 9:0:0x85db, in Xorg [6849], reason:
Hang on rcs0, action: reset
[  110.997424] i915 :00:02.0: Resetting rcs0 after gpu hang
[  118.989720] i915 :00:02.0: Resetting rcs0 after gpu hang
[  126.992591] i915 :00:02.0: Resetting rcs0 after gpu hang
[  134.991226] i915 :00:02.0: Resetting rcs0 after gpu hang
[  142.988915] i915 :00:02.0: Resetting rcs0 after gpu hang

I think I've found similar bug reported in Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1547612



-- Package-specific info:
/etc/X11/X does not exist.
/etc/X11/X is not a symlink.
/etc/X11/X is not executable.

VGA-compatible devices on PCI bus:
--
00:02.0 VGA compatible controller [0300]: Intel Corporation HD Graphics 520 
[8086:1916] (rev 07)

/etc/X11/xorg.conf does not exist.

/etc/X11/xorg.conf.d does not exist.

/etc/modprobe.d contains no KMS configuration files.

Kernel version (/proc/version):
---
Linux version 4.14.0-3-amd64 (debian-ker...@lists.debian.org) (gcc version 
7.3.0 (Debian 7.3.0-3)) #1 SMP Debian 4.14.17-1 (2018-02-14)

Xorg X server log files on system:
--
-rw-r--r-- 1 starenka starenka 35626 Feb 16  2017 
/home/starenka/.local/share/xorg/Xorg.0.log
-rw-r--r-- 1 root root 44130 Feb 28 23:55 /var/log/Xorg.0.log

Contents of most recent Xorg X server log file (/var/log/Xorg.0.log):
-
[   787.596] (--) Log file renamed from "/var/log/Xorg.pid-24747.log" to 
"/var/log/Xorg.0.log"
[   787.597] 
X.Org X Server 1.19.6
Release Date: 2017-12-20
[   787.597] X Protocol Version 11, Revision 0
[   787.597] Build Operating System: Linux 4.9.0-5-amd64 x86_64 Debian
[   787.598] Current Operating System: Linux kosmik1 4.14.0-3-amd64 #1 SMP 
Debian 4.14.17-1 (2018-02-14) x86_64
[   787.598] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.14.0-3-amd64 
root=UUID=14795565-d456-4401-92e5-fca2f272daaf ro quiet
[   787.598] Build Date: 26 January 2018  04:30:21PM
[   787.598] xorg-server 2:1.19.6-1 (https://www.debian.org/support) 
[   787.598] Current version of pixman: 0.34.0
[   787.598]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[   787.598] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[   787.598] (==) Log file: "/var/log/Xorg.0.log", Time: Wed Feb 28 23:42:38 
2018
[   787.598] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
[   787.599] (==) No Layout section.  Using the first Screen section.
[   787.599] (==) No screen section available. Using defaults.
[   787.599] (**) |-->Screen "Default Screen Section" (0)
[   787.599] (**) |   |-->Monitor ""
[   787.600] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[   787.600] (==) Automatically adding devices
[   787.600] (==) Automatically enabling devices
[   787.600] (==) Automatically adding GPU devices
[   787.600] (==) Max clients allowed: 256, resource mask: 0x1f
[   787.600] (WW) The directory "/usr/share/fonts/X11/cyrillic" does not exist.
[   787.600]Entry deleted from font path.
[   787.600] (==) FontPath set to:
/usr/share/fonts/X11/misc,
/usr/share/fonts/X11/100dpi/:unscaled,
/usr/share/fonts/X11/75dpi/:unscaled,
/usr/share/fonts/X11/Type1,
/usr/share/fonts/X11/100dpi,
/usr/share/fonts/X11/75dpi,
built-ins
[   787.600] (==) ModulePath set to "/usr/lib/xorg/modules"
[   787.600] (II) The server relies on udev to provide the list of input 
devices.
If no devices become available, reconfigure udev or disable 
AutoAddDevices.
[   787.600] (II) Loader magic: 0x55c7fa540de0
[   787.600] (II) Module ABI versions:
[   787.600]X.Org ANSI C Emulation: 0.4
[   787.600]X.Org Video Driver: 23.0
[   787.600]X.Org XInput driver : 24.1
[   787.600]X.Org Server Extension : 10.0
[   787.603] (++) using VT number 7

[   787.603] (II) systemd-logind: logind integration requires -keeptty and 
-keeptty was not provided, disabling logind integration
[   787.605] (II) xfree86: Adding drm device (/dev/dri/card0)
[   787.610] (--) PCI:*(0:0:2:0) 8086:1916:17aa:504a rev 7, Mem @ 
0xf000/16777216, 0xe000/268435456, I/O @ 0xe000/64, BIOS @ 
0x/131072
[   787.611] (II) LoadModule: "glx"
[   787.611] (II) Loading /usr/lib/xorg/modules/extensions/libglx.so
[   

Bug#891808: ITP: r-bioc-impute -- Imputation for microarray data

[Dylan Aïssi]

Package: wnpp
Severity: wishlist
Owner: Debian Med Packaging Team 

Package name: r-bioc-impute
URL: https://bioconductor.org/packages/impute/
License: GPL-2
Description: Imputation for microarray data
 R package which provide a function to perform imputation for
 microarray data (currently KNN only).

The package will be maintained by the Debian R Packages Team at:
https://salsa.debian.org/r-pkg-team/r-bioc-impute.git

Bug#891802: llvm-6.0: LLVM ERROR: Cannot select: 0x582f0b00: f32 = X86ISD::FNMSUB 0x582f8740, 0x583805f0, 0x582fde50

[Sylvestre Ledru]

forwarded 891802 https://bugs.llvm.org/show_bug.cgi?id=36553
thanks

Le 01/03/2018 à 00:01, Andreas Beckmann a écrit :
> Package: llvm-6.0
> Version: 1:6.0~+rc3-1
> Severity: important
>
> Hi,
>
> this is a regression from llvm-5.0 to llvm-6.0 on i386.
Reported upstream

Bug#858962: [Pkg-xen-devel] Bug#858962: enabling OVMF - 4.10+

[John Keates]

Excellent! Good to see you got the serial console working as well. 
There are a bunch of extra options like allowing custom nvram per-vm (normally 
it’s just one read-only nvram for all instances),
but those aren’t important right now, basic EFI domu booting is pretty fair to 
get in Debian first.

John

> On 1 Mar 2018, at 00:14, Hans van Kranenburg  wrote:
> 
> Hey,
> 
> On 02/28/2018 12:59 AM, John Keates wrote:
>> 
>> [...]
>> 
>> 1. Install Xen with OVMF support
>> 2. Install OVMF (which basically just gets you the binary file, package is 
>> called ovmf)
>> 3. Get an EFI-bootable image, the Debian Netinstall image will probably do 
>> fine
>> 3. Create a domU config like this:
>> 
>> name = 'uefi-domu-thingy'
>> bios = "ovmf"
>> builder = 'hvm'
>> memory = '512'
>> vcpus = 1
>> 
>> Then sudo xl create 
>> 
>> This should start the domu, and since there is no disk, just get to the UEFI 
>> shell and idle around and not do much else. You can connect to it over VNC, 
>> but I’m sure it can be started in UEFI text mode too so you get UEFI access 
>> via the serial console.
> 
> Ok, as promised, I tried.
> 
> For Xen 4.10, I ended up with:
> 
> name = 'uefi-domu-thingy'
> bios = "ovmf"
> type = 'hvm'
> memory = '512'
> vcpus = 1
> vnc=1
> vnclisten='0.0.0.0'
> serial='pty'
> 
> I installed the qemu packages that Mark Pryor already rebuilt as test
> (which use libxen 4.10).
> 
> When doing xen create -c on that, I get a serial console to it:
> 
> UEFI Interactive Shell v2.2
> EDK II
> UEFI v2.70 (EDK II, 0x0001)
> Mapping table
> BLK0: Alias(s):
>  PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0)
> BLK1: Alias(s):
>  PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x1)
> Press ESC in 1 seconds to skip startup.nsh or any other key to continue.
> Shell>
> 
> A vnc connection also shows an ugly screen which a copy of the output.
> 
> Step 2: Use a disk
> 
> I simply added...
> disk = ['file:/yolo/ovmf/debian-9.3.0-amd64-netinst.iso,xvda']
> 
> and now the serial console shows a purple blinking cursor, and the vnc
> connection shows a graphical Debian GNU/Linux UEFI Installer menu.
> 
> Great success!
> 
> Hans

Bug#891807: stretch-pu: package libdate-holidays-de-perl/1.9-1

[Christoph Biedl]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello release team,

some states in Germany are about to make Reformation Day (Oct 31st) a
new holiday. So far, Hamburg and Schleswig-Holstein have passed
according laws, see the patch below for details. In order to avoid
confusion, I'd like to update libdate-holidays-de-perl in stretch, a
module to determine German holiday dates.

The debdiff is attached.

Regards,

Christoph
diff -Nru libdate-holidays-de-perl-1.9/debian/changelog 
libdate-holidays-de-perl-1.9/debian/changelog
--- libdate-holidays-de-perl-1.9/debian/changelog   2016-12-04 
16:59:55.0 +0100
+++ libdate-holidays-de-perl-1.9/debian/changelog   2018-03-01 
00:06:15.0 +0100
@@ -1,3 +1,10 @@
+libdate-holidays-de-perl (1.9-1+deb9u1) stretch; urgency=low
+
+  * Mark Reformation Day as a holiday in Hamburg and
+Schleswig-Holstein from 2018 on
+
+ -- Christoph Biedl   Thu, 01 Mar 2018 
00:06:15 +0100
+
 libdate-holidays-de-perl (1.9-1) unstable; urgency=low
 
   * Initial Release. Closes: #829833
diff -Nru libdate-holidays-de-perl-1.9/debian/patches/refo.patch 
libdate-holidays-de-perl-1.9/debian/patches/refo.patch
--- libdate-holidays-de-perl-1.9/debian/patches/refo.patch  1970-01-01 
01:00:00.0 +0100
+++ libdate-holidays-de-perl-1.9/debian/patches/refo.patch  2018-03-01 
00:06:05.0 +0100
@@ -0,0 +1,33 @@
+Subject: Add new regional holidays from 2018 on
+Author: Christoph Biedl 
+Forwarded: https://rt.cpan.org/Ticket/Display.html?id=124559
+Last-Update: 2018-02-28
+
+Sources (in German):
+Schleswig-Holstein:
+
http://www.spiegel.de/karriere/reformationstag-wird-in-schleswig-holstein-neuer-feiertag-a-1195092.html
+Hamburg:
+
http://www.spiegel.de/karriere/hamburg-reformationstag-wird-feiertag-a-1195881.html
+
+--- a/DE.pm
 b/DE.pm
+@@ -121,6 +121,9 @@
+ 
+   # Extras for Hamburg
+   @{$holidays{'hh'}} = qw();
++  if ($year >= 2018) {
++  push @{$holidays{'hh'}}, qw(refo);
++  }
+ 
+   # Extras for Hessen
+   @{$holidays{'he'}} = qw(fron);
+@@ -148,6 +151,9 @@
+ 
+   # Extras for Schleswig-Holstein
+   @{$holidays{'sh'}} = qw();
++  if ($year >= 2018) {
++  push @{$holidays{'sh'}}, qw(refo);
++  }
+ 
+   # Extras for Thueringen
+   @{$holidays{'th'}} = qw(refo);
diff -Nru libdate-holidays-de-perl-1.9/debian/patches/series 
libdate-holidays-de-perl-1.9/debian/patches/series
--- libdate-holidays-de-perl-1.9/debian/patches/series  2016-12-04 
16:59:55.0 +0100
+++ libdate-holidays-de-perl-1.9/debian/patches/series  2018-03-01 
00:06:05.0 +0100
@@ -1 +1,2 @@
 fix-typo-in-manpage.patch
+refo.patch


signature.asc
Description: PGP signature

Bug#858962: [Pkg-xen-devel] Bug#858962: enabling OVMF - 4.10+

[Hans van Kranenburg]

Hey,

On 02/28/2018 12:59 AM, John Keates wrote:
> 
> [...]
> 
> 1. Install Xen with OVMF support
> 2. Install OVMF (which basically just gets you the binary file, package is 
> called ovmf)
> 3. Get an EFI-bootable image, the Debian Netinstall image will probably do 
> fine
> 3. Create a domU config like this:
> 
> name = 'uefi-domu-thingy'
> bios = "ovmf"
> builder = 'hvm'
> memory = '512'
> vcpus = 1
> 
> Then sudo xl create 
> 
> This should start the domu, and since there is no disk, just get to the UEFI 
> shell and idle around and not do much else. You can connect to it over VNC, 
> but I’m sure it can be started in UEFI text mode too so you get UEFI access 
> via the serial console.

Ok, as promised, I tried.

For Xen 4.10, I ended up with:

name = 'uefi-domu-thingy'
bios = "ovmf"
type = 'hvm'
memory = '512'
vcpus = 1
vnc=1
vnclisten='0.0.0.0'
serial='pty'

I installed the qemu packages that Mark Pryor already rebuilt as test
(which use libxen 4.10).

When doing xen create -c on that, I get a serial console to it:

UEFI Interactive Shell v2.2
EDK II
UEFI v2.70 (EDK II, 0x0001)
Mapping table
 BLK0: Alias(s):
  PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0)
 BLK1: Alias(s):
  PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x1)
Press ESC in 1 seconds to skip startup.nsh or any other key to continue.
Shell>

A vnc connection also shows an ugly screen which a copy of the output.

Step 2: Use a disk

I simply added...
disk = ['file:/yolo/ovmf/debian-9.3.0-amd64-netinst.iso,xvda']

and now the serial console shows a purple blinking cursor, and the vnc
connection shows a graphical Debian GNU/Linux UEFI Installer menu.

Great success!

Hans

Bug#891806: busybox: Please include stty in busybox-udeb

[Samuel Thibault]

Source: busybox
Version: 1:1.27.2-2
Severity: normal
Tags: a11y

Hello,

In order to be able to tune the console size for better accessibility in
the Debian installer, we would need to have the stty tool available in
d-i, could you enable it?

Thanks,
Samuel

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-debug'), (500, 'oldoldstable'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Samuel
* B kicks DW (non mais franchement)
* DW was kicked
 -+- #ens-mim - comment ça hopeless ? -+-

Bug#891805: libmstoolkit82: symbols file generates dependencies that cannot be fulfilled

[Adrian Bunk]

Package: libmstoolkit82
Version: 82-2
Severity: serious
Control: affects -1 src:comet-ms

The following packages have unmet dependencies:
 comet-ms : Depends: libmstoolkit82 (>= 82.0.0) but it is not going to be 
installed


libmstoolkit dropped the .0.0 from the version,
but the symbols file generates 82.0.0 dependencies.

Bug#891804: debichem-analytical-biochemistry suggests nonexisting packages

[Adrian Bunk]

Package: debichem-analytical-biochemistry
Version: 0.0.6
Severity: normal

E: Package 'libmstoolkit' has no installation candidate
This should be libmstoolkit-dev.

E: Package 'python-mzml' has no installation candidate
This should be python-pymzml and/or python3-pymzml.

E: Package 'biceps' has no installation candidate
No idea about that one.

Bug#891802: llvm-6.0: LLVM ERROR: Cannot select: 0x582f0b00: f32 = X86ISD::FNMSUB 0x582f8740, 0x583805f0, 0x582fde50

[Andreas Beckmann]

Package: llvm-6.0
Version: 1:6.0~+rc3-1
Severity: important

Hi,

this is a regression from llvm-5.0 to llvm-6.0 on i386.

I'm attaching two .bc files from a pocl selftest, one generated with
llvm-5.0, one with llvm-6.0. 

llc-5.0 successfully compiles both, llc-6.0 fails to compile both:

$ llc-5.0 -O2 -mcpu=i686  pocl.trig.llvm5.bc

$ llc-5.0 -O2 -mcpu=i686  pocl.trig.llvm6.bc


$ llc-6.0 -O2 -mcpu=i686  pocl.trig.llvm5.bc
LLVM ERROR: Cannot select: 0x582f0b00: f32 = X86ISD::FNMSUB 0x582f8740, 
0x583805f0, 0x582fde50
  0x582f8740: f32 = fsub 0x58314d20, 0x58329d00
0x58314d20: f32,ch = load 
0x583150e0, 0x58322db0, undef:i32
  0x58322db0: i32 = or FrameIndex:i32<0>, Constant:i32<12>
0x5837f620: i32 = FrameIndex<0>
0x582c0e40: i32 = Constant<12>
  0x58326f60: i32 = undef
0x58329d00: f32,ch = load 0x58329c80, FrameIndex:i32<1>, 
undef:i32
  0x582f8180: i32 = FrameIndex<1>
  0x58326f60: i32 = undef
  0x583805f0: f32,ch = load 0x58223a80, 0x58318150, undef:i32
0x58318150: i32 = X86ISD::Wrapper TargetConstantPool:i32 0
  0x582bbbe0: i32 = TargetConstantPool 0
0x58326f60: i32 = undef
  0x582fde50: f32,ch,glue = CopyFromReg 0x5831d6a0, Register:f32 %fp0, 
0x5831d6a0:1
0x58309fe0: f32 = Register %fp0
0x5831d6a0: ch,glue = callseq_end 0x58320a90, TargetConstant:i32<12>, 
TargetConstant:i32<0>, 0x58320a90:1
  0x58315ef0: i32 = TargetConstant<12>
  0x5837f5e0: i32 = TargetConstant<0>
  0x58320a90: ch,glue = X86ISD::CALL 0x583189d0, 
TargetExternalSymbol:i32'fmaf', RegisterMask:Untyped
0x582eff80: i32 = TargetExternalSymbol'fmaf'
0x58327420: Untyped = RegisterMask
In function: _Z20__pocl_argReductionSPDv4_fS0_S_

$ llc-6.0 -O2 -mcpu=i686  pocl.trig.llvm6.bc
LLVM ERROR: Cannot select: 0x575fb6e0: f32 = X86ISD::FNMSUB 0x575c98d0, 
0x575aad80, 0x575c82f0
  0x575c98d0: f32 = fsub 0x575aa740, 0x575754a0
0x575aa740: f32,ch = load 
0x575a8b60, 0x5753a900, undef:i32
  0x5753a900: i32 = or FrameIndex:i32<0>, Constant:i32<12>
0x575a89e0: i32 = FrameIndex<0>
0x575b58b0: i32 = Constant<12>
  0x575aa280: i32 = undef
0x575754a0: f32,ch = load 0x575a8620, FrameIndex:i32<1>, 
undef:i32
  0x575b2d00: i32 = FrameIndex<1>
  0x575aa280: i32 = undef
  0x575aad80: f32,ch = load 0x574a1260, 0x57588590, undef:i32
0x57588590: i32 = X86ISD::Wrapper TargetConstantPool:i32 0
  0x575ca110: i32 = TargetConstantPool 0
0x575aa280: i32 = undef
  0x575c82f0: f32,ch,glue = CopyFromReg 0x575aa100, Register:f32 %fp0, 
0x575aa100:1
0x575a3c20: f32 = Register %fp0
0x575aa100: ch,glue = callseq_end 0x5758, TargetConstant:i32<12>, 
TargetConstant:i32<0>, 0x5758:1
  0x5758fdd0: i32 = TargetConstant<12>
  0x575a17f0: i32 = TargetConstant<0>
  0x5758: ch,glue = X86ISD::CALL 0x575b2030, 
TargetExternalSymbol:i32'fmaf', RegisterMask:Untyped
0x575a8460: i32 = TargetExternalSymbol'fmaf'
0x575c7cf0: Untyped = RegisterMask
In function: _Z20__pocl_argReductionSPU9CLprivateDv4_fS1_S_


Andreas


pocl.trig.llvm5.bc.gz
Description: application/gzip


pocl.trig.llvm6.bc.gz
Description: application/gzip

Bug#891797: openssl: Please add support for new architecture "riscv64" (RISC-V 64 bits little-endian)

[Manuel A. Fernandez Montecelo]

2018-02-28 23:33 Manuel A. Fernandez Montecelo:

I am attaching a patch [...]


Looks like the patch was somehow removed by reportbug after further
editing, or it wasn't added correctly in the first place, hopefully it
gets through now :)


OK, so the real problem was PEBKAC and I am officially an idiot, I mixed
the patches of openssl1.0 and openssl1.1, I was sending them in
parallel.

For 1.1 there are no algorithm choices, so forget about the comments of
the original message too.

Hopefully will attach the correct patch now, third time is the charm :)

--
Manuel A. Fernandez Montecelo 

--- a/debian-targets.patch	2017-08-06 23:38:33.0 +0200
+++ b/debian-targets.patch	2018-02-28 23:46:12.561123019 +0100
@@ -4,7 +4,7 @@
 
 --- /dev/null
 +++ b/Configurations/20-debian.conf
-@@ -0,0 +1,140 @@
+@@ -0,0 +1,143 @@
 +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . "-Wa,--noexecstack -Wall";
 +$debian_cflags =~ s/\n/ /g;
 +my $debian_ldflags = `dpkg-buildflags --get LDFLAGS`;
@@ -107,6 +107,9 @@
 +	"debian-ppc64el" => {
 +		inherit_from => [ "linux-ppc64le", "debian" ],
 +	},
++	"debian-riscv64" => {
++		inherit_from => [ "linux-generic64", "debian" ],
++	},
 +	"debian-s390" => {
 +		inherit_from => [ "linux-generic32", "debian" ],
 +	},

Bug#891801: stretch-pu: package unbound/1.6.0-3+deb9u2

[Robert Edmonds]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I would like to fix a DNSSEC validation bug (CVE-2017-15105) in the
unbound package shipped in stretch. After discussion with the security
team, this bug was deemed minor enough that the fix could be shipped in
a point release:

https://security-tracker.debian.org/tracker/CVE-2017-15105

Please see attached a debdiff for unbound 1.6.0-3+deb9u2 containing the
backported fix from upstream version 1.6.8. I'd like to have this
considered for the upcoming stable point release.

Details on the bug and its impact are available in this upstream
advisory:

https://unbound.net/downloads/CVE-2017-15105.txt

I have cherry-picked two commits (svn r4441, r4528) from the upstream
repository containing the fix and a test case. Those upstream commits
are available here:

https://github.com/NLnetLabs/unbound/commit/2a6250e3fb3ccd6e9a0a16b6908c5cfb76d8d6f3

https://github.com/NLnetLabs/unbound/commit/eff62cecac1388214032906eb6944ceb9c0e6d41

(There was a minor conflict when merging the cherry-picked commit r4441
due to the renaming of some internal types in svn r3989.)

A very similar fix has already been shipped for wheezy-lts in
1.4.17-3+deb7u3.

Thanks!

-- 
Robert Edmonds
edmo...@debian.org
diff -Nru unbound-1.6.0/debian/changelog unbound-1.6.0/debian/changelog
--- unbound-1.6.0/debian/changelog  2017-08-27 00:43:42.0 -0400
+++ unbound-1.6.0/debian/changelog  2018-02-28 17:00:51.0 -0500
@@ -1,3 +1,12 @@
+unbound (1.6.0-3+deb9u2) stretch; urgency=high
+
+  * Cherry-pick upstream commit svn r4441, "patch for CVE-2017-15105:
+vulnerability in the processing of wildcard synthesized NSEC records."
+  * Cherry-pick upstream commit svn r4528, "Added tests with wildcard
+expanded NSEC records (CVE-2017-15105 test)".
+
+ -- Robert Edmonds   Wed, 28 Feb 2018 17:00:51 -0500
+
 unbound (1.6.0-3+deb9u1) stretch; urgency=high
 
   * Cherry-pick upstream commit svn r4301, "Fix install of trust anchor
diff -Nru unbound-1.6.0/debian/patches/debian-changes 
unbound-1.6.0/debian/patches/debian-changes
--- unbound-1.6.0/debian/patches/debian-changes 2017-08-27 00:43:42.0 
-0400
+++ unbound-1.6.0/debian/patches/debian-changes 2018-02-28 17:00:51.0 
-0500
@@ -5,14 +5,12 @@
  information below has been extracted from the changelog. Adjust it or drop
  it.
  .
- unbound (1.6.0-3+deb9u1) stretch; urgency=high
+ unbound (1.6.0-3+deb9u2) stretch; urgency=high
  .
-   * Cherry-pick upstream commit svn r4301, "Fix install of trust anchor
- when two anchors are present, makes both valid.  Checks hash of DS but
- not signature of new key.  This fixes installs between sep11 and oct11
- 2017."
-   * debian/control: unbound: Add versioned dependency on dns-root-data (>=
- 2017072601~) for KSK-2017 in RFC 5011 state VALID.
+   * Cherry-pick upstream commit svn r4441, "patch for CVE-2017-15105:
+ vulnerability in the processing of wildcard synthesized NSEC records."
+   * Cherry-pick upstream commit svn r4528, "Added tests with wildcard
+ expanded NSEC records (CVE-2017-15105 test)".
 Author: Robert Edmonds 
 
 ---
@@ -26,7 +24,7 @@
 Bug-Ubuntu: https://launchpad.net/bugs/
 Forwarded: 
 Reviewed-By: 
-Last-Update: 2017-08-27
+Last-Update: 2018-02-28
 
 --- unbound-1.6.0.orig/acx_python.m4
 +++ unbound-1.6.0/acx_python.m4
@@ -79,6 +77,165 @@
 +echo "Setup success. Certificates created."
  
  exit 0
+--- unbound-1.6.0.orig/testcode/unitverify.c
 unbound-1.6.0/testcode/unitverify.c
+@@ -186,7 +186,9 @@ verifytest_rrset(struct module_env* env,
+   ntohs(rrset->rk.rrset_class));
+   }
+   setup_sigalg(dnskey, sigalg); /* check all algorithms in the dnskey */
+-  sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, );
++  /* ok to give null as qstate here, won't be used for answer section. */
++  sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, ,
++  LDNS_SECTION_ANSWER, NULL);
+   if(vsig) {
+   printf("verify outcome is: %s %s\n", sec_status_to_string(sec),
+   reason?reason:"");
+--- /dev/null
 unbound-1.6.0/testdata/val_nodata_failwc.rpl
+@@ -0,0 +1,71 @@
++; config options
++; The island of trust is at nsecwc.nlnetlabs.nl
++server:
++  trust-anchor: "nsecwc.nlnetlabs.nl. 10024   IN  DS  565 8 2 
0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E"
++  val-override-date: "20181202115531"
++  target-fetch-policy: "0 0 0 0 0"
++  fake-sha1: yes
++  trust-anchor-signaling: no
++stub-zone:
++  name: "nsecwc.nlnetlabs.nl"
++  stub-addr: "185.49.140.60"
++
++CONFIG_END
++
++SCENARIO_BEGIN Test validator with nodata response with wildcard expanded 
NSEC record, original NSEC owner does not provide proof for QNAME. 

Bug#861649: Newer version uploaded

[Gard Spreemann]

On Wednesday, 28 February 2018 22:26:58 CET Tobias Frost wrote:
> Ok, it builds now.
> But there are tons of lintian warnings "privacy-break-generic", just
> one example: Not checked, but maybe some template for the doc
> generation has a link to this site?
> 
> […]
> 
> There are other lintian warnings as well; just a friendly reminder to
> alwyays run linitian. Better, include it in your build process so that
> it is automatically executed...

Very good point! Thanks a lot for pointing this out! I'll see if I can
patch the docs to avoid this; if not, I'll avoid building a
documentation package alltogether.

Are there other aspects of the package you feel should be improved?


 Best,
 Gard

Bug#882688: udev

[Hans-Christoph Steiner]

Sounds nice to have indeed! Ideally, this package would use the udev
rules from this project:
https://github.com/M0Rf30/android-udev-rules/blob/master/51-android.rules

I've tried in the past to use that, but it seems that its syntax doesn't
work with Debian, and I couldn't figure out how to fix it.

.hc

Bug#871229: /usr/sbin/update-grub: running update-grub segment faults

[Sven Hartge]

On Wed, 28 Feb 2018 22:37:41 +0100 Martin Zobel-Helas 
wrote:

> I get segfaults when running update-grub on my Lenovo Thinkpad x270
> running Debian unstable from today.

I see the same on my Dell Precision 7520.

> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Core was generated by `/usr/sbin/grub-probe --device /dev/nvme0n1p1 
> --target=hints_string'.
> Program terminated with signal SIGSEGV, Segmentation fault.

Interesting thing is: we both use a NVME-SSD on an AMD64 system.

My other systems, one 32bit-on-AMD64 on normal SATA disks and one pure
AMD64 on normal SATA disks works without segfault, only the NVME one
shows problems.

Grüße,
Sven.





signature.asc
Description: OpenPGP digital signature

Bug#891800: libprelude: New upstream version 4.1.0

[Thomas Andrejak]

Source: libprelude
Version: 3.1.0-1
Severity: wishlist

libprelude 4.1 was released in 2017.

Thanks

Regards

Bug#859130: Status end febrary 2018

[Geert Stappers]

FWIW

At mentors there is .deb and .dsc available.

It is been reviewed.

No upload done due the "gap"
behind upstream git repository and provided  .orig.tar.gz.


Time will tell how this proceeds.


Groeten
Geert Stappers
-- 
Leven en laten leven

Bug#890946: debian-policy: Editor policy is inconsistent with sensible-editor's behaviour

[Matthew Woodcraft]

Ian Jackson wrote:

I think #482274 should probably simply be reverted.

From the POV of the policy package: I think existing policy is
correct.  A bug should be filed against sensible-editor saying that
#482274 should be reverted so that programs which use sensible-editor
conform to policy.


I have filed #891795 against sensible-utils.

Bug#876063: fixed in ktexteditor 5.41.0-1

[Daniele Scasciafratte]

I am checking if kate support them.
Looking on the documentation ->
https://docs.kde.org/stable5/en/applications/katepart/config-variables.html
mention an option about configuration search depth (that seems not exist
anymore) and looking on the internet seems that the behaviour used to
locate and load .editorconfig is the same of kateconfig files.
So I don't find a way right now to specify where is the editorconfig or
what to do specifically.

Someone has suggestions?

Bug#891799: openssl1.0: Please add support for new architecture "riscv64" (RISC-V 64 bits little-endian)

[Manuel A. Fernandez Montecelo]

Source: openssl1.0
Version: 1.0.2n-1
Severity: normal
Tags: patch
User: debian-ri...@lists.debian.org
Usertags: riscv64

Hello,

We need support in this package for RISC-V, to bootstrap the riscv64
architecture.

I am attaching a patch that allowed me to cross-compile the package.  I am not
completely sure if all of the options are the most correct or the best choice
(more optimised), for example I used DES_RISC2 because the MIPS family uses
those and it's probably the closest to RISC-V, so it's my best-guess.  But if
you spot something fishy, please tell.

It would be great if you could include these changes and release a new version
for unstable.

If we can do something to speed-up this process, please let me/us know.


Thanks and cheers.
--
Manuel A. Fernandez Montecelo 
--- debian-targets.patch.orig   2018-02-28 22:46:26.476599340 +0100
+++ debian-targets.patch2018-02-28 23:08:57.666768100 +0100
@@ -56,6 +56,7 @@
 +"debian-powerpcspe","gcc:-DB_ENDIAN 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 
DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-ppc64","gcc:-m64 -DB_ENDIAN 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK 
DES_RISC1 
DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-ppc64el","gcc:-m64 -DL_ENDIAN 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK 
DES_RISC1 
DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-riscv64","gcc:-DL_ENDIAN 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK 
DES_RISC2 
DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-s390","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR 
RC4_CHUNK DES_INT 
DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 +"debian-s390x","gcc:-DB_ENDIAN 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK 
DES_INT 
DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sh3",   "gcc:-DL_ENDIAN 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

Bug#891797: openssl: Please add support for new architecture "riscv64" (RISC-V 64 bits little-endian)

[Manuel A. Fernandez Montecelo]

2018-02-28 23:16 Manuel A. Fernandez Montecelo:

Source: openssl
Version: 1.1.0g-2
Severity: normal
Tags: patch
User: debian-ri...@lists.debian.org
Usertags: riscv64

Hello,

We need support in this package for RISC-V, to bootstrap the riscv64
architecture.

I am attaching a patch [...]


Looks like the patch was somehow removed by reportbug after further
editing, or it wasn't added correctly in the first place, hopefully it
gets through now :)

--
Manuel A. Fernandez Montecelo 

--- debian-targets.patch.orig	2018-02-28 22:46:26.476599340 +0100
+++ debian-targets.patch	2018-02-28 23:08:57.666768100 +0100
@@ -56,6 +56,7 @@
 +"debian-powerpcspe","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-ppc64","gcc:-m64 -DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-ppc64el","gcc:-m64 -DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-riscv64","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-s390","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
 +"debian-s390x","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sh3",   "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

Bug#881946: RFS: keychain/2.8.4+dfsg-1 [ITA]

[Tobias Frost]

Control: tags -1 moreinfo

I did a very quick but incomplete check on the package:

- there are many lintian messages (some warnings)
- d/compat is 9, should be bumped.
- Uploaders: Ondřej Surý  ... undocumented in the
changelog. (I assume Ondřej wants to be uploader, doesn't he? I do not
find anything in the ITP or elsewhere documenting this)
- I think the remarks from Niels are not yet adressed, are they?
- Maybe you want also to be added to d/copyright for debian/* (this is
optional)
- dep3 headers for the patch should be added. 
  - e.g has the patch been sent upstream?

--
tobi 



> Uploaders: Ondřej Surý 
> 


On Thu, 04 Jan 2018 14:09:37 +0100 Tobias Frost 
wrote:
> Control: tags -1 moreinfo
> 
> There is a new upload on mentors, but did not check was has been
> changed.
> 
> --
> tobi
> 
> 

Bug#891643: I'd appreciate if you could also give me upload rights for this package.

[Geert Stappers]

On Tue, Feb 27, 2018 at 05:27:37PM +0100, Félix Sipma wrote:
> 
} I am looking for a sponsor for package "inkscape-open-symbols".
> 
> 
> I'd appreciate if you could also give me upload rights for this package.
> 

That is documented at https://wiki.debian.org/DebianMaintainer

Yes, that implies it takes some initial effort.
Compare it with learning something new.


Groeten
Geert Stappers
-- 
Leven en laten leven

Bug#891797: openssl: Please add support for new architecture "riscv64" (RISC-V 64 bits little-endian)

[Manuel A. Fernandez Montecelo]

Source: openssl
Version: 1.1.0g-2
Severity: normal
Tags: patch
User: debian-ri...@lists.debian.org
Usertags: riscv64

Hello,

We need support in this package for RISC-V, to bootstrap the riscv64
architecture.

I am attaching a patch that allowed me to cross-compile the package.  I am not
completely sure if all of the options are the most correct or the best choice
(more optimised), for example I used DES_RISC2 because the MIPS family uses
those and it's probably the closest to RISC-V, so it's my best-guess.  But if
you spot something fishy, please tell.

It would be great if you could include these changes and release a new version
for unstable.

If we can do something to speed-up this process, please let me/us know.


Thanks and cheers.
--
Manuel A. Fernandez Montecelo 

Bug#891798: CVE-2017-3158

[Moritz Muehlenhoff]

Source: guacamole-client
Severity: grave
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3158

Cheers,
Moritz

Bug#891795: /usr/bin/sensible-editor: The select-editor mechanism should be removed

[Matthew Woodcraft]

Package: sensible-utils
Version: 0.0.11
Severity: normal

Background:

Policy 11.4 describes the mechanism for determining the user's preferred
editor:
 - check the EDITOR environment variable and use it if set;
 - (optionally): check the VISUAL environment variable and use it if set;
 - otherwise, use /usr/bin/editor (which is managed as a dpkg alternative).

sensible-editor was invented as a convenient way for packages to
implement this behaviour in programs whose source code doesn't do so
already.


In #482774, sensible-editor's behaviour was changed, adding a new helper
script named 'select-editor', and is now roughly as follows:
- check EDITOR and VISUAL as per policy;
 - if neither is set, check a ~/.selected-editor configuration file;
 - if that doesn't provide an editor, offer the user a list of editors
   and record their choice in ~/.selected-editor

The list that select-editor provides comes from the dpkg alternatives
system. If one of the editors in the list is 'nano', it's annotated with
"< easiest".


Problems:

The intent of this change was to make life easier for inexperienced
users, who might not find it easy to edit .bashrc to change an
environment variable.

But this does not work well, for a number of reasons.

1) Many (I believe most) programs shipped in Debian which invoke an
editor implement the environment variable check and fallback directly,
rather than using sensible-editor.

2) If the system administrator has selected a system-wide alternative
which their users will find more friendly than nano, select-editor ends
up making their lives worse.

3) If the user selects an editor via select-editor which is later
removed (eg a versioned emacs), things go badly (see #753670).


Of these I think the first is the most serious. The effect is that users
see inconsistent behaviour depending which program is launching an
editor.

They can think they've told the system their preferred editor once, then
find it's not used later. Or they can find they normally get an editor
they're comfortable with, then on one occasion be presented with a list
of unfamiliar names and end up with nano.


I asked about this on Debian policy (#890946), and received the response
that sensible-editor wasn't intended as a point where enhancements could
be made, and a recommendation that #482774 should be reverted so that
programs which use sensible-editor conform to policy.

Bug#891796: CVE-2017-18197

[Moritz Muehlenhoff]

Source: libjgraphx-java
Severity: normal
Tags: security

This was assigned CVE-2017-18197:
https://github.com/jgraph/mxgraph/issues/124

Cheers,
Moritz

Bug#891244: RFS: gnumail/1.2.2-1.1+deb9u1 [RC] [stable]

[Tobias Frost]

On Fri, 23 Feb 2018 20:39:33 +0200 Yavor Doganov  wrote:
> Yavor Doganov wrote:
> >  * Package name: gnumail
> >Version : 1.2.2-1.1+deb9u1
> 
> Forgot to mention the release.d.o bug: #886636
> 
> 

Uploaded.
Thanks for your contribution to Debian!

--
tobi

Bug#890950: Info received (Bug#890950: initramfs-tools: Resuming from hibernated swapfile fails)

[Mario.Limonciello]

Hi,

I've had some more testing this week and developed some changes that I think 
are more sustainable.
1) No longer revert the setting offset via /bin/resume.
I've started a discussion upstream to allow reading offset this way.  If it's 
adopted then this should
definitely stay.
Otherwise it's harmless.
2) Detect the offset both from kernel command line as well as filename.

Can you please ignore my old ones, and re-review my new patches and consider 
them for initramfs-tools?
https://salsa.debian.org/superm1-guest/initramfs-tools/commit/f74423c610bd3b9ee9baf97d42bfa0219bfb4826
https://salsa.debian.org/superm1-guest/initramfs-tools/commit/a39f61e48eca03e264a7235ee984db76e8c10aa9

Thanks,

Bug#891705: [Pkg-dns-devel] Bug#891705: Bug#891705: Apparmor policy prevents chown/chmod of the Unix control socket

[Simon Deziel]

> I get a 404 on that URL, and your repository doesn't show up under:
> 
> https://salsa.debian.org/users/sdeziel-guest/projects
> 
> Maybe your GitLab visibility settings are misconfigured.

Yes indeed. Projects default to private, fixed and tested. Sorry for the
back and forth it's my first steps with salsa.

Simon

Bug#868218: problem still there, only workaround available would be to disclose confidential information to remote users

[Luc Maisonobe]

Hello,

I have files this bug report more than 7 months ago and no progress have
been seen so far, depite several new versions of the package have been 
published. The bug was files against version 52.2.1, were are now

at 52.6.0.

I really think this is big problem and even a security threat. The
current behaviour forces user to either put the exact same password
to several accounts (hence someone guessing one password will get
access to all accounts and their confidential informations) or to
store passwords (and by the way thunderbird seems to not even be able
to use passwords it already stored, it keeps asking for them, despite
having already registered them, pre-filling all entries it its popup
and checking by itself the "store password field", but this is another 
story).


May be I was not clear enough in the first report, so lets try again.

I have one (really only ONE) server that holds several caldav accounts,
say "work", "teaching", "health", "legal", "shared-with-family",
"shared-with-business-partners", "shared-with-friends", "you-name-it".
Some calendars are accessed not only by me, but by other people and the
people having access to "shared-with-business-partners" should not have
access to "shared-with-family", so the passwords are different.

the only work-around would be to use the same username/password for
all calendars, but this would imply the confidential informations from
one calendar becomes available to people having access to another
calendar, even when they should not be able to access it. And this
happens regardless of their cladav client: the thunderbird bug forces
to configure the *server* in an insecure way because it is the only
way thunderbird will be able to access properly a bunch of calendars
hosted by a single server.

The current behaviour only ask me for a pair username/password *without*
even telling me to which calendar name correspond each popup. Upon
launching thunderbird, I get a bunch of requests, all the same, only
ginving me the name of the server, but this name is the same for all
calendars, so I cannot guess.

If I try pairs of usernames/password at random, I even get kicked of
the server after too many attempts due to protections like fail2ban.

Before July 2017, the requests included the name for which the password
was requested (i.e. here the calendar name) in the popup asking for
the credentials. The current behaviour is akin to a program telling you:

 I need a password but I will not tell you what for, just give one to me
 and I will not even tell you what I will do with it

Removing from the credentials request popup the information allowing to
provide the correct credentials is counter-productive and, imho,
decreases security. As explained above, either you allow everyone to see
all your confidential information because you end up using the same
password for everything, or you don't have access to your own data
because you are kicked off the server after too many failed attempts.

best regards,
Luc

Bug#891705: [Pkg-dns-devel] Bug#891705: Bug#891705: Apparmor policy prevents chown/chmod of the Unix control socket

[Robert Edmonds]

Simon Deziel wrote:
> On 2018-02-28 11:48 AM, Simon Deziel wrote:
> > Yes, I'm working on a pull request/merge proposal via salsa.debian.org.
> > I'll be proposing a fix for all 3 Apparmor related bugs with the Unbound
> > profile. Shouldn't be too long. Thanks!
> 
> I couldn't find a way to do the merge proposal through the WebUI of
> salsa (maybe because I'm a -guest). Please see the refreshed Apparmor
> profile at [1]. Feedback is welcome of course!
> 
> Regards,
> Simon
> 
> 1: https://salsa.debian.org/sdeziel-guest/unbound/tree/apparmor-refresh

Hi, Simon:

I get a 404 on that URL, and your repository doesn't show up under:

https://salsa.debian.org/users/sdeziel-guest/projects

Maybe your GitLab visibility settings are misconfigured.

Can you just email the patches to the bug report?

-- 
Robert Edmonds
edmo...@debian.org

Bug#861649: Newer version uploaded

[Tobias Frost]

Control: tags -1 moreinfo

On Mon, 05 Feb 2018 11:07:40 +0100 Gard Spreemann  wrote:
> Control: tags -1 - moreinfo
> 
> On Tuesday 26 December 2017 21:58:36 CET Tobias Frost wrote:
> > I was checking your RFS, but I cannot get it compiled...
> > Please check and then remove the moreinfo tag again...
> 
> Hello again,
> 
> Upstream has now released GUDHI 2.1.0 which is compatible with the
> CGAL version in sid.
> 
> If you have a chance to take a look, version 2.1.0-1 of the package
> can be obtained from
> 
>  https://mentors.debian.net/debian/pool/main/g/gudhi/gudhi_2.1.0+dfsg
-1.dsc
> 

Ok, it builds now.
But there are tons of lintian warnings "privacy-break-generic", just
one example: Not checked, but maybe some template for the doc
generation has a link to this site?

W: libgudhi-doc: privacy-breach-generic
usr/share/doc/libgudhi/html/_active__witness_8h_source.html [http://gudhi.gforge.inria.fr/assets/img/home.png;
alt="gudhi">] (http://gudhi.gforge.inria.fr/assets/img/home
.png) 
W: libgudhi-doc: privacy-breach-generic
usr/share/doc/libgudhi/html/_active__witness_8h_source.html [http://pages.saclay.inria.fr/vin
cent.rouvreau/gudhi/gudhi-doc-
2.0.0/assets/css/styles_feeling_responsive.css" />] (http://pages.sacla
y.inria.fr/vincent.rouvreau/gudhi/gudhi-doc-
2.0.0/assets/css/styles_feeling_responsive.css)

There are other lintian warnings as well; just a friendly reminder to
alwyays run linitian. Better, include it in your build process so that
it is automatically executed...


--
tobi

Bug#866731: gnss-sdr: Bogus build dependency on libc6

[Adrian Bunk]

Control: severity -1 important

On Sat, Jul 01, 2017 at 11:37:11AM +0200, John Paul Adrian Glaubitz wrote:
> Source: gnss-sdr
> Version: 0.0.8-1
> Severity: serious
> Justification: breaks build dependencies
> 
> Hello!
> 
> src:gnss-sdr has a bogus build dependency on libc6 which is not
> allowed for two reasons:
> 
>  a) libc6 is not the correct package required for building
> gnss-sdr, libc6-dev would be.
>  b) libc6-dev is also pulled in through "build-essential"
> which is always present during build.
> 
> Please remove "libc6" from Build-Depends completely. It blocks
> the build on multiple architectures like alpha, kfreebsd-* and
> hurd-*.
> 
> Please refer to Debian Policy, section 7.7 [1].

I am lowering the severity of this bug:

This was clearly a bug (and already fixed in unstable),
but it is not a release critical issue that would cause
problems on any release architectures and where the fix
should be backported to stretch.

> Thanks,
> Adrian
>...

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#891794: lintian -- False positive on spelling-error-in-binary

[Thorsten Alteholz]

Package: lintian
Version: 2.5.67
Severity: normal

A soon to be available package gives:
 I: osmocom-analog: spelling-error-in-binary usr/bin/amps Rouge Rogue

This is a false positive as it comes from:
  osmocom-analog-0.0.1/src/amps/stations.c:   { 85,   0,  "Baton Rouge",  "LA",   
"Cellular One", "504 291 9703", "GTEDS" },
  osmocom-analog-0.0.1/src/amps/stations.c:   { 106,  0,  "Baton Rouge",  "LA",   
"Bell South Mobile","800 351 2400", "GTEDS" },

 Thorsten

Bug#891793: stretch-pu: package obfsproxy/0.2.13-2+deb9u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

   * Don't install the broken AppArmor profile. (Closes: #882103)
diff -Nru obfsproxy-0.2.13/debian/changelog obfsproxy-0.2.13/debian/changelog
--- obfsproxy-0.2.13/debian/changelog   2016-09-22 14:15:38.0 +0300
+++ obfsproxy-0.2.13/debian/changelog   2018-02-28 23:03:50.0 +0200
@@ -1,3 +1,10 @@
+obfsproxy (0.2.13-2+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Don't install the broken AppArmor profile. (Closes: #882103)
+
+ -- Adrian Bunk   Wed, 28 Feb 2018 23:03:50 +0200
+
 obfsproxy (0.2.13-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru obfsproxy-0.2.13/debian/control obfsproxy-0.2.13/debian/control
--- obfsproxy-0.2.13/debian/control 2016-09-22 14:15:38.0 +0300
+++ obfsproxy-0.2.13/debian/control 2018-02-28 23:03:48.0 +0200
@@ -5,7 +5,6 @@
 Priority: extra
 Build-Depends: asciidoc,
debhelper (>= 9),
-   dh-apparmor,
dh-python,
docbook-xsl,
python-all (>= 2.6.6-3~),
diff -Nru obfsproxy-0.2.13/debian/obfsproxy.dirs 
obfsproxy-0.2.13/debian/obfsproxy.dirs
--- obfsproxy-0.2.13/debian/obfsproxy.dirs  2016-09-22 14:15:38.0 
+0300
+++ obfsproxy-0.2.13/debian/obfsproxy.dirs  1970-01-01 02:00:00.0 
+0200
@@ -1 +0,0 @@
-etc/apparmor.d
diff -Nru obfsproxy-0.2.13/debian/obfsproxy.maintscript 
obfsproxy-0.2.13/debian/obfsproxy.maintscript
--- obfsproxy-0.2.13/debian/obfsproxy.maintscript   1970-01-01 
02:00:00.0 +0200
+++ obfsproxy-0.2.13/debian/obfsproxy.maintscript   2018-02-28 
23:03:50.0 +0200
@@ -0,0 +1 @@
+rm_conffile /etc/apparmor.d/usr.bin.obfsproxy 0.2.13-2+deb9u1~ obfsproxy
diff -Nru obfsproxy-0.2.13/debian/rules obfsproxy-0.2.13/debian/rules
--- obfsproxy-0.2.13/debian/rules   2016-09-22 14:15:38.0 +0300
+++ obfsproxy-0.2.13/debian/rules   2018-02-28 23:03:48.0 +0200
@@ -5,9 +5,6 @@
 
 override_dh_install:
dh_install -O--buildsystem=pybuild
-   cp debian/apparmor-profile 
debian/obfsproxy/etc/apparmor.d/usr.bin.obfsproxy
-   dh_apparmor --profile-name=usr.bin.obfsproxy -pobfsproxy
-
 override_dh_installman:
a2x --no-xmllint --doctype manpage --format manpage 
debian/obfsproxy.1.txt
dh_installman -O--buildsystem=pybuild

Bug#891792: libmlt6: SIGSEGV in mlt_properties_lock causes crash in Flowblade

[Nathaniel Morck Beaver]

Package: libmlt6
Version: 6.4.1-4
Severity: normal

Dear Maintainer,

While using Flowblade, I tried playing a video file and got a segfault 
and a core dump. The full backtrace is attached and the core dump is 
available upon request (it is 436 MiB).


Sincerely,

Nathaniel Beaver

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 
'stable')

Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-0.bpo.3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: 
LC_ALL set to en_US.UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libmlt6 depends on:
ii  libavcodec57  7:3.2.10-1~deb9u1
ii  libavdevice57 7:3.2.10-1~deb9u1
ii  libavfilter6  7:3.2.10-1~deb9u1
ii  libavformat57 7:3.2.10-1~deb9u1
ii  libavutil55   7:3.2.10-1~deb9u1
ii  libc6 2.24-11+deb9u1
ii  libebur128-1  1.2.2-2
ii  libepoxy0 1.3.1-2
ii  libexif12 0.6.21-2+b2
ii  libfftw3-double3  3.3.5-3
ii  libfontconfig12.11.0-6.7+b1
ii  libgcc1   1:6.3.0-18+deb9u1
ii  libgdk-pixbuf2.0-02.36.5-2+deb9u2
ii  libgl1-mesa-glx [libgl1]  13.0.6-1+b2
ii  libglib2.0-0  2.50.3-2
ii  libgtk2.0-0   2.24.31-2
ii  libjack0 [libjack-0.125]  1:0.125.0-2
ii  libmlt++3 6.4.1-4
ii  libmovit5 1.4.0-1
ii  libpango-1.0-01.40.5-1
ii  libpangoft2-1.0-0 1.40.5-1
ii  libqt5core5a  5.7.1+dfsg-3+b1
ii  libqt5gui55.7.1+dfsg-3+b1
ii  libqt5svg55.7.1~20161021-2+b2
ii  libqt5widgets55.7.1+dfsg-3+b1
ii  libqt5xml55.7.1+dfsg-3+b1
ii  librtaudio5a  4.1.2~ds0-4
ii  libsamplerate00.1.8-8+b2
ii  libsdl1.2debian   1.2.15+dfsg1-4
ii  libsox2   14.4.1-5+b2
ii  libstdc++66.3.0-18+deb9u1
ii  libswscale4   7:3.2.10-1~deb9u1
ii  libx11-6  2:1.6.4-3
ii  libxml2   2.9.4+dfsg1-2.2+deb9u2

Versions of packages libmlt6 recommends:
ii  libmlt-data  1:0.9.6-dmo1

libmlt6 suggests no packages.

-- no debconf information


flowblade_sig11_uid1000_time1519849772.core.txt.gz
Description: application/gzip

Bug#891791: stretch-pu: package local-apt-repository/0.4+deb9u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

   * Backport changes from Joachim Breitner to stop breaking apt
 when the package is removed but not purged. (Closes: #881753)
diff -Nru local-apt-repository-0.4/debian/changelog 
local-apt-repository-0.4+deb9u1/debian/changelog
--- local-apt-repository-0.4/debian/changelog   2016-06-15 15:45:19.0 
+0300
+++ local-apt-repository-0.4+deb9u1/debian/changelog2018-02-28 
22:52:28.0 +0200
@@ -1,3 +1,11 @@
+local-apt-repository (0.4+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Backport changes from Joachim Breitner to stop breaking apt
+when the package is removed but not purged. (Closes: #881753)
+
+ -- Adrian Bunk   Wed, 28 Feb 2018 22:52:28 +0200
+
 local-apt-repository (0.4) unstable; urgency=medium
 
   * Use apt-ftparchive instead of dpkg-scansources (Closes: #804542).
diff -Nru local-apt-repository-0.4/debian/local-apt-repository.install 
local-apt-repository-0.4+deb9u1/debian/local-apt-repository.install
--- local-apt-repository-0.4/debian/local-apt-repository.install
2015-08-22 14:16:16.0 +0300
+++ local-apt-repository-0.4+deb9u1/debian/local-apt-repository.install 
2018-02-28 22:52:24.0 +0200
@@ -1,4 +1,5 @@
 rebuild /usr/lib/local-apt-repository
-local-apt-repository.list /etc/apt/sources.list.d/
+# it is linked from /etc/apt/sources.list.d/ using maintainer scripts
+local-apt-repository.list /usr/lib/local-apt-repository
 local-apt-repository.path /lib/systemd/system/
 local-apt-repository.service /lib/systemd/system/
diff -Nru local-apt-repository-0.4/debian/local-apt-repository.maintscript 
local-apt-repository-0.4+deb9u1/debian/local-apt-repository.maintscript
--- local-apt-repository-0.4/debian/local-apt-repository.maintscript
1970-01-01 02:00:00.0 +0200
+++ local-apt-repository-0.4+deb9u1/debian/local-apt-repository.maintscript 
2018-02-28 22:52:24.0 +0200
@@ -0,0 +1 @@
+rm_conffile /etc/apt/sources.list.d/local-apt-repository.list 0.4
diff -Nru local-apt-repository-0.4/debian/local-apt-repository.postinst 
local-apt-repository-0.4+deb9u1/debian/local-apt-repository.postinst
--- local-apt-repository-0.4/debian/local-apt-repository.postinst   
2015-08-22 21:23:25.0 +0300
+++ local-apt-repository-0.4+deb9u1/debian/local-apt-repository.postinst
2018-02-28 22:52:24.0 +0200
@@ -6,6 +6,7 @@
 
   configure)
 /usr/lib/local-apt-repository/rebuild -f
+ln -fs /usr/lib/local-apt-repository/local-apt-repository.list 
/etc/apt/sources.list.d/local-apt-repository.list
   ;;
 
   abort-upgrade|abort-remove|abort-deconfigure)
diff -Nru local-apt-repository-0.4/debian/local-apt-repository.prerm 
local-apt-repository-0.4+deb9u1/debian/local-apt-repository.prerm
--- local-apt-repository-0.4/debian/local-apt-repository.prerm  2015-08-22 
14:47:34.0 +0300
+++ local-apt-repository-0.4+deb9u1/debian/local-apt-repository.prerm   
2018-02-28 22:52:24.0 +0200
@@ -5,6 +5,7 @@
 
 case "$1" in
   remove|deconfigure)
+rm -f /etc/apt/sources.list.d/local-apt-repository.list
 rm -rf /var/lib/local-apt-repository/
 ;;
 

Bug#890115: xl2tpd problems

[Samir Hussain]

>From @refrog2000

"I didn’t get any useful information from log. The line which I think
the cause is in only said pppd had exited with code 2. This is the
origin text:

child_handler: pppd exited for call x with code 2"


So your child service is failing. I would suggest simplifying your
configuration to see if there is a specific option or combination that
causes the problem.

I would begin by removing "rand source", "rx bps" and "tx bps" from your
xl2tpd.conf   In addition, I unsure if "auth file" will work with "unix
authentication"

Similarly you should simplify your /etc/ppp/options file

If the issue occurs, please provide:
* your latest xl2tpd config file
* your latest ppp config file
* logs

Samir

Bug#891787: linux-image-4.15.0-1-arm64: Socionext SynQuacer support not enabled

[Ard Biesheuvel]

On 28 February 2018 at 20:43, Ard Biesheuvel  wrote:
> Package: src:linux
> Version: 4.15.4-1
> Severity: normal
>
> Dear Maintainer,
>
> Support for Socionext SynQuacer based platforms (a 24 core arm64 SoC) has 
> landed in v4.15 mainline.
>
> Please enable this support in the Debian kernel as well:
> CONFIG_ARCH_SYNQUACER=y
> CONFIG_SNI_NETSEC=m
> CONFIG_MMC_SDHCI_F_SDH30=m
> CONFIG_GPIO_MB86S7X=m
>

Actually, NETSEC support did not make it into v4.15 after all but was
pulled into v4.16 instead.

The SoC has PCIe support, so it can be used with PCIe NICs instead,
and so it would still be useful to enable the other pieces.

Thanks,
Ard.

>
> -- Package-specific info:
> ** Version:
> Linux version 4.15.0-1-arm64 (debian-ker...@lists.debian.org) (gcc version 
> 7.3.0 (Debian 7.3.0-3)) #1 SMP Debian 4.15.4-1 (2018-02-18)
>
> ** Command line:
> BOOT_IMAGE=/boot/vmlinuz-4.15.0-1-arm64 
> root=UUID=4e4cd64e-fe66-44c6-ae59-4c8f8fada27d ro earlycon
>
> ** Tainted: O (4096)
>  * Out-of-tree module has been loaded.
>
> ** Kernel log:
> [2.572430] pci 0001:00:00.0: BAR 0: assigned [mem 
> 0x3f-0x3f3fff 64bit]
> [2.580576] vgaarb: loaded
> [2.583622] EDAC MC: Ver: 3.0.0
> [2.587045] dmi: Firmware registration failed.
> [2.591498] Registered efivars operations
> [2.597581] clocksource: Switched to clocksource arch_sys_counter
> [2.647787] VFS: Disk quotas dquot_6.6.0
> [2.651808] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
> [2.659117] AppArmor: AppArmor Filesystem Enabled
> [2.663943] pnp: PnP ACPI init
> [2.710945] system 00:00: [mem 0x7000-0x77ef] could not be reserved
> [2.717930] system 00:00: Plug and Play ACPI device, IDs PNP0c02 (active)
> [2.717941] pnp: PnP ACPI: found 1 devices
> [2.728872] NET: Registered protocol family 2
> [2.733841] TCP established hash table entries: 32768 (order: 6, 262144 
> bytes)
> [2.741430] TCP bind hash table entries: 32768 (order: 7, 524288 bytes)
> [2.748510] TCP: Hash tables configured (established 32768 bind 32768)
> [2.755274] UDP hash table entries: 2048 (order: 4, 65536 bytes)
> [2.761390] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes)
> [2.768200] NET: Registered protocol family 1
> [2.772594] PCI: CLS 0 bytes, default 128
> [2.772776] Unpacking initramfs...
> [3.775379] Freeing initrd memory: 18460K
> [3.781356] hw perfevents: enabled with armv8_pmuv3_0 PMU driver, 7 
> counters available
> [3.789398] kvm [1]: 8-bit VMID
> [3.792543] kvm [1]: IDMAP page: 808b2000
> [3.796551] kvm [1]: HYP VA range: 8000:
> [3.803083] kvm [1]: vgic-v2@2c02
> [3.806800] kvm [1]: GIC system register CPU interface enabled
> [3.813166] kvm [1]: vgic interrupt IRQ1
> [3.817109] kvm [1]: virtual timer IRQ3
> [3.821557] kvm [1]: Hyp mode initialized successfully
> [3.830044] Initialise system trusted keyrings
> [3.834634] workingset: timestamp_bits=44 max_order=20 bucket_order=0
> [3.845934] zbud: loaded
> [5.139407] Key type asymmetric registered
> [5.143515] Asymmetric key parser 'x509' registered
> [5.148554] Block layer SCSI generic (bsg) driver version 0.4 loaded 
> (major 246)
> [5.156157] io scheduler noop registered
> [5.160090] io scheduler deadline registered
> [5.164583] io scheduler cfq registered (default)
> [5.169289] io scheduler mq-deadline registered
> [5.177066] ACPI GTDT: found 1 SBSA generic Watchdog(s).
> [5.183192] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
> [5.190393] Serial: AMBA driver
> [5.193625] msm_serial: driver initialized
> [5.198236] cacheinfo: Unable to detect cache hierarchy for CPU 0
> [5.204767] mousedev: PS/2 mouse device common for all mice
> [5.211741] ledtrig-cpu: registered to indicate activity on CPUs
> [5.217772] dmi-sysfs: dmi entry is absent.
> [5.222849] NET: Registered protocol family 10
> [5.240755] Segment Routing with IPv6
> [5.244479] mip6: Mobile IPv6
> [5.247452] NET: Registered protocol family 17
> [5.251904] mpls_gso: MPLS GSO support
> [5.256247] registered taskstats version 1
> [5.260351] Loading compiled-in X.509 certificates
> [5.426174] Loaded X.509 cert 'Debian Project: Ben Hutchings: 
> 008a018dca80932630'
> [5.433813] zswap: loaded using pool lzo/zbud
> [5.438349] AppArmor: AppArmor sha1 policy hashing enabled
> [5.443843] ima: No TPM chip found, activating TPM-bypass! (rc=-19)
> [5.450360] hctosys: unable to open rtc device (rtc0)
> [5.466502] Freeing unused kernel memory: 4544K
> [5.608443] nvme nvme0: pci function 0001:00:00.0
> [5.871879] blk_queue_max_hw_sectors: set to minimum 8
> [5.890416] blk_queue_max_hw_sectors: set to minimum 8
> [5.905751]  nvme0n1: p1 p2 p3 p4
> [6.706212] PM: Starting manual resume from disk
> [6.711061] PM: Image 

Bug#891790: Please install the example configuration file

[Laurent Bigonville]

Package: policyd-weight
Version: 0.1.15.2-12
Severity: wishlist

Hi,

The upstream tarballs contains an example config file.

It would be nice if it was installed as an example by dh_installexamples

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

Bug#891789: Please add systemd .service file

[Laurent Bigonville]

Package: policyd-weight
Version: 0.1.15.2-12
Severity: normal
User: pkg-systemd-maintain...@lists.alioth.debian.org
Usertags: systemd-units

Hi,

It would be nice to add a systemd .service file.

The initscript support dstop and drestart to not invalidate the cache
during the restart. The default stop/restart call -k to kill the cache,
the question here will be, do we want to invalidate the cache on restart
or not.

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

Versions of packages policyd-weight depends on:
ii  adduser  3.117
ii  libio-socket-inet6-perl  2.72-2
ii  libnet-dns-perl  1.10-2
ii  libnet-ip-perl   1.26-1
ii  lsb-base 9.20170808
ii  perl 5.26.1-5

Versions of packages policyd-weight recommends:
ii  libperl5.26 [libsys-syslog-perl]  5.26.1-5

policyd-weight suggests no packages.

Bug#891788: stretch-pu: package starplot/0.95.5-8.2+deb9u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

   * Add patch from Bernhard Übelacker to fix startup crash.
 (Closes: #862065)
diff -Nru starplot-0.95.5/debian/changelog starplot-0.95.5/debian/changelog
--- starplot-0.95.5/debian/changelog2016-12-24 23:59:59.0 +0200
+++ starplot-0.95.5/debian/changelog2018-02-28 22:37:50.0 +0200
@@ -1,3 +1,11 @@
+starplot (0.95.5-8.2+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Add patch from Bernhard Übelacker to fix startup crash.
+(Closes: #862065)
+
+ -- Adrian Bunk   Wed, 28 Feb 2018 22:37:50 +0200
+
 starplot (0.95.5-8.2) unstable; urgency=low
 
   * Non-maintainer upload to fix RC bug.
diff -Nru starplot-0.95.5/debian/patches/05-startup-crash.diff 
starplot-0.95.5/debian/patches/05-startup-crash.diff
--- starplot-0.95.5/debian/patches/05-startup-crash.diff1970-01-01 
02:00:00.0 +0200
+++ starplot-0.95.5/debian/patches/05-startup-crash.diff2018-02-28 
22:37:38.0 +0200
@@ -0,0 +1,84 @@
+From f603ddfa6a0eb6fc90bc8f14d0bb010efef975fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= 
+Date: Mon, 8 May 2017 23:05:28 +0200
+Subject: Replace c-like qsort with c++-like std::sort.
+
+https://bugs.debian.org/862065
+---
+ src/classes/stararray.cc | 49 +---
+ 1 file changed, 17 insertions(+), 32 deletions(-)
+
+diff --git a/src/classes/stararray.cc b/src/classes/stararray.cc
+index 26cc6a0..72cc856 100644
+--- a/src/classes/stararray.cc
 b/src/classes/stararray.cc
+@@ -26,6 +26,7 @@
+ 
+ #define NEED_FULL_NAMES
+ #include "constellations.h"
++#include 
+ 
+ using std::string;
+ using std::vector;
+@@ -167,42 +168,26 @@ typedef struct {
+ 
+ // Next, the function to compare for qsort().
+ 
+-int compare_function(const void *p, const void *q)
+-{
+-  double x1 = ((const sortable *)p)->xposition;
+-  double x2 = ((const sortable *)q)->xposition;
+-  return (x1 - x2 >= 0.0) ? 1 : -1;
+-}
++struct sort_class {
++  Rules 
++  sort_class(Rules ) : rules(r) {};
++  bool operator() (const Star , const Star )
++  {
++SolidAngle orientation = rules.ChartOrientation;
++Vector3 relativeLocation;
++relativeLocation = p.GetStarXYZ() - rules.ChartLocation;
++double x1 = relativeLocation.getX() * cos(orientation.getPhi()) + 
relativeLocation.getY() * sin(orientation.getPhi());
++relativeLocation = q.GetStarXYZ() - rules.ChartLocation;
++double x2 = relativeLocation.getX() * cos(orientation.getPhi()) + 
relativeLocation.getY() * sin(orientation.getPhi());
++return (x1 - x2 >= 0.0) ? 1 : -1;
++  }
++};
+ 
+-// Finally, the main function which calls qsort()
++// Finally, the main function which calls std::sort()
+ 
+ void StarArray::Sort()
+ {
+-  size_t size = Array.size();
+-  Vector3 relativeLocation;
+-  SolidAngle orientation = ArrayRules.ChartOrientation;
+-  sortable *temparray = new sortable[size];
+-
+-  // Make a temporary array for qsort(), consisting of "sortable" structs
+-  //  which each contain a Star and a position in local coordinates.
+-  for (size_t i = 0; i < size; i++) {
+-relativeLocation = Array[i].GetStarXYZ() - ArrayRules.ChartLocation;
+-temparray[i].xposition =
+-  relativeLocation.getX() * cos(orientation.getPhi())
+-  + relativeLocation.getY() * sin(orientation.getPhi());
+-temparray[i].star = Array[i];
+-  }
+-
+-  qsort(temparray, size, sizeof(sortable), compare_function);
+-
+-  // Put the sorted temporary array back into the vector
+-  Array.clear();
+-  for (size_t i = 0; i < size; i++) {
+-temparray[i].star.SetPlace(i+1);// label stars starting at 1
+-Array.push_back(temparray[i].star);
+-  }
+-
+-  delete [] temparray;
++  std::sort(Array.begin(), Array.end(), sort_class(ArrayRules));
+   return;
+ }
+ 
+-- 
+2.11.0
+
diff -Nru starplot-0.95.5/debian/patches/series 
starplot-0.95.5/debian/patches/series
--- starplot-0.95.5/debian/patches/series   2016-12-24 23:59:40.0 
+0200
+++ starplot-0.95.5/debian/patches/series   2018-02-28 22:37:47.0 
+0200
@@ -1,3 +1,4 @@
 01-starplot_desktop_file.diff
 02-fix-ftbfs-and-hrdiagram-opts.diff
 03-fix-ftbfs-convert.diff
+05-startup-crash.diff

Bug#891786: isc-dhcp: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient

[Salvatore Bonaccorso]

Source: isc-dhcp
Version: 4.3.1-6
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for isc-dhcp.

CVE-2018-5732[0]:
|A specially constructed response from a malicious server can cause a
|buffer overflow in dhclient

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-5732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732
[1] https://kb.isc.org/article/AA-01565/75/CVE-2018-5732

Regards,
Salvatore

Bug#891787: linux-image-4.15.0-1-arm64: Socionext SynQuacer support not enabled

[Ard Biesheuvel]

Package: src:linux
Version: 4.15.4-1
Severity: normal

Dear Maintainer,

Support for Socionext SynQuacer based platforms (a 24 core arm64 SoC) has 
landed in v4.15 mainline.

Please enable this support in the Debian kernel as well:
CONFIG_ARCH_SYNQUACER=y
CONFIG_SNI_NETSEC=m
CONFIG_MMC_SDHCI_F_SDH30=m
CONFIG_GPIO_MB86S7X=m


-- Package-specific info:
** Version:
Linux version 4.15.0-1-arm64 (debian-ker...@lists.debian.org) (gcc version 
7.3.0 (Debian 7.3.0-3)) #1 SMP Debian 4.15.4-1 (2018-02-18)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-4.15.0-1-arm64 
root=UUID=4e4cd64e-fe66-44c6-ae59-4c8f8fada27d ro earlycon

** Tainted: O (4096)
 * Out-of-tree module has been loaded.

** Kernel log:
[2.572430] pci 0001:00:00.0: BAR 0: assigned [mem 0x3f-0x3f3fff 
64bit]
[2.580576] vgaarb: loaded
[2.583622] EDAC MC: Ver: 3.0.0
[2.587045] dmi: Firmware registration failed.
[2.591498] Registered efivars operations
[2.597581] clocksource: Switched to clocksource arch_sys_counter
[2.647787] VFS: Disk quotas dquot_6.6.0
[2.651808] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[2.659117] AppArmor: AppArmor Filesystem Enabled
[2.663943] pnp: PnP ACPI init
[2.710945] system 00:00: [mem 0x7000-0x77ef] could not be reserved
[2.717930] system 00:00: Plug and Play ACPI device, IDs PNP0c02 (active)
[2.717941] pnp: PnP ACPI: found 1 devices
[2.728872] NET: Registered protocol family 2
[2.733841] TCP established hash table entries: 32768 (order: 6, 262144 
bytes)
[2.741430] TCP bind hash table entries: 32768 (order: 7, 524288 bytes)
[2.748510] TCP: Hash tables configured (established 32768 bind 32768)
[2.755274] UDP hash table entries: 2048 (order: 4, 65536 bytes)
[2.761390] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes)
[2.768200] NET: Registered protocol family 1
[2.772594] PCI: CLS 0 bytes, default 128
[2.772776] Unpacking initramfs...
[3.775379] Freeing initrd memory: 18460K
[3.781356] hw perfevents: enabled with armv8_pmuv3_0 PMU driver, 7 counters 
available
[3.789398] kvm [1]: 8-bit VMID
[3.792543] kvm [1]: IDMAP page: 808b2000
[3.796551] kvm [1]: HYP VA range: 8000:
[3.803083] kvm [1]: vgic-v2@2c02
[3.806800] kvm [1]: GIC system register CPU interface enabled
[3.813166] kvm [1]: vgic interrupt IRQ1
[3.817109] kvm [1]: virtual timer IRQ3
[3.821557] kvm [1]: Hyp mode initialized successfully
[3.830044] Initialise system trusted keyrings
[3.834634] workingset: timestamp_bits=44 max_order=20 bucket_order=0
[3.845934] zbud: loaded
[5.139407] Key type asymmetric registered
[5.143515] Asymmetric key parser 'x509' registered
[5.148554] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 
246)
[5.156157] io scheduler noop registered
[5.160090] io scheduler deadline registered
[5.164583] io scheduler cfq registered (default)
[5.169289] io scheduler mq-deadline registered
[5.177066] ACPI GTDT: found 1 SBSA generic Watchdog(s).
[5.183192] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[5.190393] Serial: AMBA driver
[5.193625] msm_serial: driver initialized
[5.198236] cacheinfo: Unable to detect cache hierarchy for CPU 0
[5.204767] mousedev: PS/2 mouse device common for all mice
[5.211741] ledtrig-cpu: registered to indicate activity on CPUs
[5.217772] dmi-sysfs: dmi entry is absent.
[5.222849] NET: Registered protocol family 10
[5.240755] Segment Routing with IPv6
[5.244479] mip6: Mobile IPv6
[5.247452] NET: Registered protocol family 17
[5.251904] mpls_gso: MPLS GSO support
[5.256247] registered taskstats version 1
[5.260351] Loading compiled-in X.509 certificates
[5.426174] Loaded X.509 cert 'Debian Project: Ben Hutchings: 
008a018dca80932630'
[5.433813] zswap: loaded using pool lzo/zbud
[5.438349] AppArmor: AppArmor sha1 policy hashing enabled
[5.443843] ima: No TPM chip found, activating TPM-bypass! (rc=-19)
[5.450360] hctosys: unable to open rtc device (rtc0)
[5.466502] Freeing unused kernel memory: 4544K
[5.608443] nvme nvme0: pci function 0001:00:00.0
[5.871879] blk_queue_max_hw_sectors: set to minimum 8
[5.890416] blk_queue_max_hw_sectors: set to minimum 8
[5.905751]  nvme0n1: p1 p2 p3 p4
[6.706212] PM: Starting manual resume from disk
[6.711061] PM: Image not found (code -22)
[6.842702] EXT4-fs (nvme0n1p2): mounted filesystem with ordered data mode. 
Opts: (null)
[7.020882] systemd[1]: System time before build time, advancing clock.
[7.045997] ip_tables: (C) 2000-2006 Netfilter Core Team
[7.071928] systemd[1]: systemd 232 running in system mode. (+PAM +AUDIT 
+SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS 
+ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
[7.090621] systemd[1]: Detected architecture arm64.
[

Bug#891785: isc-dhcp: CVE-2018-5733: A malicious client can overflow a reference counter in ISC dhcpd

[Salvatore Bonaccorso]

Source: isc-dhcp
Version: 4.3.1-6
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for isc-dhcp.

CVE-2018-5733[0]:
A malicious client can overflow a reference counter in ISC dhcpd

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-5733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5733
[1] https://kb.isc.org/article/AA-01567/75/CVE-2018-5733

Regards,
Salvatore

Bug#873094: RFS: granite/0.4.1-1 [ITP]

[Tobias Frost]

Hi Yangfl,

the package has now been accepted.
However, I noticed that it targets "experimental", something I missed
in the last review. Can you prepare another upload for unstable?

And please tag the release on salsa! TIA!

--
tobi

Bug#891784: stretch-pu: package abiword/3.0.2-2+deb9u2

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

   * Solve binary file conflict between abiword-dbgsym
 and abiword-plugin-grammar-dbgsym (Closes: #868537).
diff -Nru abiword-3.0.2/debian/changelog abiword-3.0.2/debian/changelog
--- abiword-3.0.2/debian/changelog  2017-10-01 02:04:08.0 +0300
+++ abiword-3.0.2/debian/changelog  2018-02-28 22:17:26.0 +0200
@@ -1,3 +1,13 @@
+abiword (3.0.2-2+deb9u2) stretch; urgency=medium
+
+  * QA upload.
+
+  [ Simon Quigley ]
+  * Solve binary file conflict between abiword-dbgsym
+and abiword-plugin-grammar-dbgsym (Closes: #868537).
+
+ -- Adrian Bunk   Wed, 28 Feb 2018 22:17:26 +0200
+
 abiword (3.0.2-2+deb9u1) stretch; urgency=medium
 
   * QA upload.
diff -Nru abiword-3.0.2/debian/rules abiword-3.0.2/debian/rules
--- abiword-3.0.2/debian/rules  2017-10-01 02:04:08.0 +0300
+++ abiword-3.0.2/debian/rules  2018-02-28 22:17:26.0 +0200
@@ -73,8 +73,11 @@
-dh_auto_test
 
 override_dh_makeshlibs:
-   $(RM) -v 
debian/abiword/usr/lib/$(DEB_HOST_MULTIARCH)/abiword-*/plugins/grammar.*
dh_makeshlibs -V
 
 override_dh_strip:
dh_strip --dbgsym-migration='abiword-dbg (<< 3.0.1-7~)'
+
+override_dh_install:
+   dh_install
+   $(RM) -v 
debian/abiword/usr/lib/$(DEB_HOST_MULTIARCH)/abiword-*/plugins/grammar.*

Bug#891783: exiv2: CVE-2017-17724

[Salvatore Bonaccorso]

Source: exiv2
Version: 0.26-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/Exiv2/exiv2/issues/210

Hi,

the following vulnerability was published for exiv2, another one
affecting only exiv2 starting from 0.26 and thus for the moment only
experimental.

CVE-2017-17724[0]:
| In Exiv2 0.26, there is a heap-based buffer over-read in the
| Exiv2::IptcData::printStructure function in iptc.cpp. Remote attackers
| can exploit this vulnerability to cause a denial of service via a
| crafted TIFF file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-17724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17724
[1] https://github.com/Exiv2/exiv2/issues/210

Regards,
Salvatore

Bug#891782: iprutils: broken ncurses check in configure.ac

[Sven Joachim]

Source: iprutils
Version: 2.4.15.1-2
Tags: upstream

The following test for ncurses CFLAGS in configure.ac is flawed:

,
| ncurses_include=$(ncurses5-config --cflags)
| if test -n ${ncurses_include}; then
|   CFLAGS="${CFLAGS} ${ncurses_include}"
| fi
`

The first problem is that ncurses_include can and does include spaces,
and its improper quoting leads to the following funny message seen on
the buildds:

./configure: line 12105: test: -D_GNU_SOURCE: binary operator expected

The second problem is that ncurses5-config is about to go away in favor
of ncurses6-config, when building iprutils with libncurses-dev from
experimental I see a different error:

./configure: line 12104: ncurses5-config: command not found

Obviously the package builds anyway, so maybe the best way to fix this
test is just to remove it.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 4.15.7-nouveau (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#891781: osslsigncode: libcurl4-openssl-dev + libssl1.0-dev to become incompatible shortly

[Steve Langasek]

Package: osslsigncode
Version: 1.7.1-2
Severity: important
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu bionic ubuntu-patch

Hi Stephen,

libcurl is about to migrate from openssl1.0 to openssl 1.1 (bug #858398), at
which point osslsigncode will again FTBFS because its two
build-dependencies, libcurl4-openssl-dev and libssl1.0-dev, will no longer
be co-installable.

I've deployed a workaround for this in Ubuntu, which is to build-depend on
libcurl4-gnutls-dev instead.  Since gnutls is LGPL there is no license
incompatibility due to switching, and osslsigncode doesn't pass opaque blobs
between libssl and libcurl so there doesn't appear to be any requirement
that curl be using the same library to implement TLS as osslsigncode is
using to implement its signature management.

Of course, the longer-term solution is to fix bug #828483, but as that may
still be a way out, it might be good to have osslsigncode buildable in the
near term.

Cheers,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
diff -Nru osslsigncode-1.7.1/debian/control osslsigncode-1.7.1/debian/control
--- osslsigncode-1.7.1/debian/control   2017-06-20 03:13:18.0 -0700
+++ osslsigncode-1.7.1/debian/control   2018-02-28 12:05:34.0 -0800
@@ -3,7 +3,7 @@
 Section: otherosfs
 Priority: optional
 Build-Depends: debhelper (>= 10),
-   libcurl4-openssl-dev,
+   libcurl4-gnutls-dev,
libgsf-1-dev,
libssl1.0-dev
 Standards-Version: 3.9.8

Bug#891561: Aw: Re: Bug#891561: librsvg2-2: With librsvg2-2 version 2.40.20 no svg-images are shown

[Margot Berg]

Thank you for your prompt replay.



I had also installed librsvg2-bin and librsvg2-common.



The system is updated every day and shows no other errors.

For a better understanding, I attached two screenshots.

 

Regards

MB





 

Gesendet: Montag, 26. Februar 2018 um 19:30 Uhr
Von: "Jeremy Bicha" 
An: MB , 891...@bugs.debian.org
Betreff: Re: Bug#891561: librsvg2-2: With librsvg2-2 version 2.40.20 no svg-images are shown

On Mon, Feb 26, 2018 at 12:30 PM, MB  wrote:
> It was working for me until librsvg2-2 version 2.40.18. After the update to version 2.40.20 no svg-images are shown in my theme anymore.

> Versions of packages librsvg2-2 recommends:
> ii librsvg2-common 2.40.20-2

Please make sure that librsvg2-common is installed.

Thanks,
Jeremy Bicha

Bug#891780: bash: Cannot mouse paste into reverse-i-search when bracketed paste is enabled.

[Andrew McDaniel]

Package: bash
Version: 4.4-5
Severity: normal

Dear Maintainer,

When bracketed paste mode is enabled on bash, attempting to mouse paste
(middle click) into the search prompt closes the prompt, and results in
pasting into the command again.

Steps to reproduce:

1. Enable bracketed paste
$ bind 'enable-bracketed-paste on'
OR
add "enable-bracketed-paste on" to ~/.inputrc

2. Open a bash terminal.

3. Press CTRL-R

4. Highlight a snippet of text elsewhere to search

5. Middle click on bash terminal.

Expected result: It shows search results from the command history.

Actual result: Search prompt is dismissed and test is pasted onto the
command prompt.

zsh also has a similar history search, and it works as expected when
bracketed paste is enabled. For this reason, I believe the issue is
specific to bash.

-- System Information:
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-6-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages bash depends on:
ii  base-files   10
ii  dash 0.5.8-2.5
ii  debianutils  4.8.2
ii  libc62.24-12
ii  libtinfo56.0+20171125-1

Versions of packages bash recommends:
ii  bash-completion  1:2.1-4.3

Versions of packages bash suggests:
pn  bash-doc  

-- Configuration Files:
/etc/bash.bashrc changed [not included]
/etc/skel/.bashrc changed [not included]

-- no debconf information

Bug#891779: RFP: ephoto -- A Comprehensive Image Viewer Using EFL

[Antoine Beaupre]

Package: wnpp
Severity: wishlist

* Package name: ephoto
  Version : 1.5
  Upstream Author : Stephen Houston 
* URL : https://www.enlightenment.org/about-ephoto
* License : BSD-3-clause
  Programming Lang: C
  Description : A Comprehensive Image Viewer Using EFL

Ephoto is an image viewer and editor written using the Enlightenment
Foundation Libraries(EFL). It focuses on simplicity and ease of use,
while taking advantage of the speed and small footprint provided by
EFL.

--

While there are many image viewers in Debian already, this one is
interesting because it has an interesting mix of features. It has a
grid view to browse images from the filesystem directly and slideshow
support but can also act as a simple standalone image viewer. It can
also operate basic filters and image modifications.

This is similar to Shotwell or Digikam, but much more lightweight in
that images do not need to be imported.

Hopefully this can be part of the e-team..?

Bug#890791: stretch-pu: package dpkg/1.18.25

[Adam D. Barratt]

On Wed, 2018-02-28 at 20:11 +0100, Manuel A. Fernandez Montecelo wrote:
> 2018-02-28 19:45 GMT+01:00 Adam D. Barratt 
> :
> > We understand that this is inconvenient for the riscv porters, so
> > are
> > exploring whether it would be possible to have the dak support made
> > available via p-u after the upcoming point release.
> 
> I'd appreciate if you can find some alternative solution for the
> RISC-V support, waiting to the next stable update is a bit too much,
> and still there's no guarantee that it'll be accepted then.

For the record, I don't foresee any issues with getting the RISC-V
support accepted, it's simply unfortunate timing for this point
release.

Regards,

Adam

Bug#871229:

[Beren Minor]

Hello,

I have the same issue, with a NVME drive as well.

It looks like the segmentation fault comes from grub-probe, when
called with --target=hints_string. Attached grub-probe.log is the
output of the command that leads to a segfault.

Trying with gdb doesn't give much more information, the call stack is:

Program received signal SIGSEGV, Segmentation fault.
__strcat_sse2_unaligned () at
../sysdeps/x86_64/multiarch/strcat-sse2-unaligned.S:46
46../sysdeps/x86_64/multiarch/strcat-sse2-unaligned.S: No such
file or directory.
(gdb) bt
#0  __strcat_sse2_unaligned () at
../sysdeps/x86_64/multiarch/strcat-sse2-unaligned.S:46
#1  0xdd38 in ?? ()
#2  0xca89 in ?? ()
#3  0xbe76 in ?? ()
#4  0x777d7f2a in __libc_start_main (main=0xbd10,
argc=5, argv=0x7fffdf88, init=, fini=, rtld_fini=, stack_end=0x7fffdf78) at
../csu/libc-start.c:310
#5  0xbfea in ?? ()

I'm not sure how critical it is either but as a workaround, it's
possible to roll back to testing versions of the grub-efi-amd64-bin,
grub-efi-amd64, grub2-common packages.

Cheers,
--
Beren Minor
$ sudo /usr/sbin/grub-probe --device /dev/nvme0n1p2 --target=hints_string --verbose
/usr/sbin/grub-probe: info: cannot open `/boot/grub/device.map': No such file or directory.
/usr/sbin/grub-probe: info: /dev/nvme0n1p2 is not present.
/usr/sbin/grub-probe: info: Looking for /dev/nvme0n1p2.
/usr/sbin/grub-probe: info: /dev/nvme0n1 is a parent of /dev/nvme0n1p2.
/usr/sbin/grub-probe: info: /dev/nvme0n1p2 starts from 1050624.
/usr/sbin/grub-probe: info: opening the device hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: drive = 0.
/usr/sbin/grub-probe: info: the size of hostdisk//dev/nvme0n1 is 2000409264.
/usr/sbin/grub-probe: info: drive = 0.
/usr/sbin/grub-probe: info: the size of hostdisk//dev/nvme0n1 is 2000409264.
/usr/sbin/grub-probe: info: Scanning for DISKFILTER devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid1x devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid09 devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid09_be devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for dmraid_nv devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for ldm devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: scanning hostdisk//dev/nvme0n1 for LDM.
/usr/sbin/grub-probe: info: no LDM signature found.
/usr/sbin/grub-probe: info: Scanning for lvm devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: no LVM signature found.
/usr/sbin/grub-probe: info: Scanning for DISKFILTER devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid1x devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid09 devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid09_be devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for dmraid_nv devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for ldm devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: scanning hostdisk//dev/nvme0n1 for LDM.
/usr/sbin/grub-probe: info: no LDM signature found.
/usr/sbin/grub-probe: info: Scanning for lvm devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: no LVM signature found.
/usr/sbin/grub-probe: info: Scanning for DISKFILTER devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid1x devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid09 devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid09_be devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for dmraid_nv devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for ldm devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: scanning hostdisk//dev/nvme0n1 for LDM.
/usr/sbin/grub-probe: info: no LDM signature found.
/usr/sbin/grub-probe: info: Scanning for lvm devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: no LVM signature found.
/usr/sbin/grub-probe: info: Scanning for DISKFILTER devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid1x devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid09 devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for mdraid09_be devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for dmraid_nv devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: Scanning for ldm devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: info: scanning hostdisk//dev/nvme0n1 for LDM.
/usr/sbin/grub-probe: info: no LDM signature found.
/usr/sbin/grub-probe: info: Scanning for lvm devices on disk hostdisk//dev/nvme0n1.
/usr/sbin/grub-probe: 

Bug#890791: stretch-pu: package dpkg/1.18.25

[Manuel A. Fernandez Montecelo]

2018-02-28 19:45 GMT+01:00 Adam D. Barratt :
> We understand that this is inconvenient for the riscv porters, so are
> exploring whether it would be possible to have the dak support made
> available via p-u after the upcoming point release.

I'd appreciate if you can find some alternative solution for the
RISC-V support, waiting to the next stable update is a bit too much,
and still there's no guarantee that it'll be accepted then.


Cheers.
-- 
Manuel A. Fernandez Montecelo 

Bug#891778: zatacka crashes on map selection

[Adrian Bunk]

Package: zatacka
Version: 0.1.8-5
Severity: serious

Start the game and press m

Backtrace:
#0  0x76da8a52 in __readdir (dirp=dirp@entry=0x0)
at ../sysdeps/posix/readdir.c:44
#1  0x7084 in menu (screen=0x557a02e0) at fx.cpp:425
#2  0x5628 in main (argc=, argv=)
at main.cpp:40

Bug#891777: Kernel panic after upgrade

[basia]

Package: linux-kernel
version: 3.2.0.4-686-pae

After issuing command apt-get update I have lost my TDE desktop and got 
something like unstable LXDE and console with random uselessness - some reboot 
gave stable console, some reboots gave unstable LXDE. It was yesterday
I have seen, there is over 5 hundred packages waiting, so, today I have decided 
to run apt-get dist-upgrade, after I have got stable console. 
Download went without problems, but after unpacking there have been some 
dependencies problems, something was rolled bakc by system and was finished 
with standard prompt and no activity like configuring packages or something 
like this. 
So, I have tried to restart computer, and then standard command as "init 6" did 
not work. Ctrl+Alt+Del gave command about

Final result was sad:

***
libseccomp.so.2 cannot open shared object file: no such file or directory
kernel panic - not syncing; attempt to kill init!
Pid:1,comm: init not tained 3.2.0-4-686-pae # 1
Debian 3.2.65-1

call trace:
[] ? panic+0x4d/0x141
[] ? do_exit+076/0x608
[] ? do_group_exit+0x5c/07f
[] ? sys_exit_group+0x11/0x11
[] ? syscall_call+0x7/0x7

and it hangs here
***

Now, I am sitting on live Knoppix 6.2 CD on the same machine. I have access to 
all partitions of hard disk
It seems, there is enough disk space for temporary files.

My machine it is laptop Acer Extensa 5220 with Intel Celeron processor

What can I do to help to identify source of the problems?

Best greetings :-)
Basia

Bug#891776: stretch-pu: package xfrisk/1.2-3+deb9u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

   * Recommend xfonts-75dpi or -100dpi since they are required by the X
 client, but not for the server alone. (Closes: #528058)
diff -u xfrisk-1.2/debian/control xfrisk-1.2/debian/control
--- xfrisk-1.2/debian/control
+++ xfrisk-1.2/debian/control
@@ -1,7 +1,7 @@
 Source: xfrisk
 Section: games
 Priority: optional
-Maintainer: Joe Nahmias 
+Maintainer: Debian QA Group 
 Standards-Version: 3.8.0
 Build-Depends: xaw3dg-dev, debhelper (>> 6), libxaw7-dev
 Homepage: http://tuxick.net/xfrisk/
@@ -9,6 +9,7 @@
 Package: xfrisk
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
+Recommends: xfonts-75dpi | xfonts-100dpi
 Description: Server and X11 client for playing risk with humans or AIs
  Risk is a board game played on a map of the world.  You control a group
  of armies and attempt to capture large sections of the world and try to
diff -u xfrisk-1.2/debian/changelog xfrisk-1.2/debian/changelog
--- xfrisk-1.2/debian/changelog
+++ xfrisk-1.2/debian/changelog
@@ -1,3 +1,12 @@
+xfrisk (1.2-3+deb9u1) stretch; urgency=medium
+
+  * QA upload.
+  * Set Maintainer to Debian QA Group. (See #869300)
+  * Recommend xfonts-75dpi or -100dpi since they are required by the X
+client, but not for the server alone. (Closes: #528058)
+
+ -- Adrian Bunk   Wed, 28 Feb 2018 20:25:58 +0200
+
 xfrisk (1.2-3) unstable; urgency=low
 
   * Ack NMU, closes: #370232.

Bug#891731: nvidia-legacy-check: check fails preventing apt full-upgrade

[John Kozak]

Andreas Beckmann writes:

> On 2018-02-28 14:39, John Kozak wrote:
>> Thanks - one more thing: on a reboot (yes, I should have checked this
>> before filing an all-clear!) X didn't start but was fixed by
>> `update-glx` (changing from 0 to 2):
>>
>>   $ sudo update-glx --config nvidia
>>   There are 2 choices for the alternative nvidia (providing 
>> /usr/lib/nvidia/nvidia).
>>
>> SelectionPath  Priority   Status
>>   
>> 0/usr/lib/nvidia/current384   auto mode
>> 1/usr/lib/nvidia/current384   manual mode
>>   * 2/usr/lib/nvidia/legacy-340xx   340   manual mode
>>
>> /usr/lib/nvidia/current is an empty directory.
>
> If that directory and the alternative still exist, some packages from
> the current driver must still be installed. Or you found another bug.
>
> Please send the output of
>
> dpkg -l | grep nvidia

ii  glx-alternative-nvidia0.8.3 
   amd64allows the selection of NVIDIA as GLX provider
ii  libegl-nvidia0:amd64  384.111-4 
   amd64NVIDIA binary EGL library
ii  libegl-nvidia0:i386   384.111-4 
   i386 NVIDIA binary EGL library
ic  libegl1-nvidia:amd64  340.96-1  
   amd64NVIDIA binary EGL libraries
ii  libegl1-nvidia-legacy-340xx:amd64 340.106-2 
   amd64NVIDIA binary EGL library (340xx legacy version)
ii  libegl1-nvidia-legacy-340xx:i386  340.106-2 
   i386 NVIDIA binary EGL library (340xx legacy version)
ii  libgl1-nvidia-glvnd-glx:i386  384.111-4 
   i386 NVIDIA binary OpenGL/GLX library (GLVND variant)
ic  libgl1-nvidia-glx:amd64   340.96-1  
   amd64NVIDIA binary OpenGL libraries
ii  libgl1-nvidia-legacy-340xx-glx:amd64  340.106-2 
   amd64NVIDIA binary OpenGL/GLX library (340xx legacy 
version)
ii  libgl1-nvidia-legacy-340xx-glx:i386   340.106-2 
   i386 NVIDIA binary OpenGL/GLX library (340xx legacy 
version)
ii  libgles-nvidia2:i386  384.111-4 
   i386 NVIDIA binary OpenGL|ES 2.x library
ic  libgles1-nvidia:amd64 340.96-1  
   amd64NVIDIA binary OpenGL|ES 1.x libraries
ii  libgles1-nvidia-legacy-340xx:amd64340.106-2 
   amd64NVIDIA binary OpenGL|ES 1.x library (340xx legacy 
version)
ii  libgles1-nvidia-legacy-340xx:i386 340.106-2 
   i386 NVIDIA binary OpenGL|ES 1.x library (340xx legacy 
version)
ic  libgles2-nvidia:amd64 340.96-1  
   amd64NVIDIA binary OpenGL|ES 2.x libraries
ii  libgles2-nvidia-legacy-340xx:amd64340.106-2 
   amd64NVIDIA binary OpenGL|ES 2.x library (340xx legacy 
version)
ii  libgles2-nvidia-legacy-340xx:i386 340.106-2 
   i386 NVIDIA binary OpenGL|ES 2.x library (340xx legacy 
version)
ii  libglx-nvidia0:amd64  384.111-4 
   amd64NVIDIA binary GLX library
ii  libglx-nvidia0:i386   384.111-4 
   i386 NVIDIA binary GLX library
ii  libnvidia-cfg1:i386   384.111-4 
   i386 NVIDIA binary OpenGL/GLX configuration library
ic  libnvidia-compiler:amd64  340.96-1  
   amd64NVIDIA runtime compiler library
ii  libnvidia-egl-wayland1:amd64  384.111-4 
   amd64NVIDIA binary Wayland EGL external platform library
ii  libnvidia-egl-wayland1:i386   384.111-4 
   i386 NVIDIA binary Wayland EGL external platform library
ii  libnvidia-eglcore:amd64   384.111-4 
   amd64NVIDIA binary EGL core libraries
ii  libnvidia-eglcore:i386384.111-4 
   i386 NVIDIA binary EGL core libraries
ii  libnvidia-glcore:amd64384.111-4 
   amd64NVIDIA binary OpenGL/GLX core libraries
ii  libnvidia-glcore:i386 384.111-4 

Bug#890791: stretch-pu: package dpkg/1.18.25

[Adam D. Barratt]

Hi,

On Wed, 2018-02-28 at 16:05 +0100, Manuel A. Fernandez Montecelo wrote:
[..]
> 2018-02-18 22:26 Guillem Jover:
[...]
> > I'd like to update dpkg in stretch. This includes several fixes for
> > documentation, regressions, misbheavior, minor security issues, and
> > a new arch definition so that DAK can accept packages using it. The
> > fixes have been in sid/buster for a while now.
> 
> We depend on this version being accepted and installed in the systems
> where DAK lives to learn about the new architecture.  After that,
> several other packages can add support for the architecture, without
> receiving an automatic reject when uploaded.
> 
> It would be great if this update could enter in the next stable
> update, so we can make progress on that front.

We've been discussing this amongst the SRMs and are quite wary of a
dpkg update this close to the p-u freeze. We appreciate that the
changes individually seem self-contained but would like to have an
update of such a key package able to be tested more than is feasible in
the time available.

(On a related note, in practical terms it's very unlikely that there
would be sufficient time to get the new strings that are introduced 
translated.)

We understand that this is inconvenient for the riscv porters, so are
exploring whether it would be possible to have the dak support made
available via p-u after the upcoming point release.

Regards,

Adam

Bug#891774: [cantata] System Tray Icon Missing in XFCE

[Mark Brandis]

Package: cantata
Version: 2.2.0.ds1-1
Severity: minor
Tags: patch

--- Please enter the report below this line. ---

The system tray icon is not available in Cantata when used in XFCE.
Please refer for details to

https://github.com/CDrummond/cantata/issues/1089

I used the patch from the issue to rebuild Cantata via apt-get source.
Then the system tray icon works.

https://github.com/CDrummond/cantata/files/1354366/cantata.systray.patch.txt

--- System information. ---
Architecture: Kernel:   Linux 4.14.0-3-amd64

Debian Release: buster/sid
  990 testing packages.x2go.org   990 testing
ftp-stud.hs-esslingen.de   800 stable  www.countcount.com   800
stable  packages.x2go.org   800 stable
ftp-stud.hs-esslingen.de   700 unstablepackages.x2go.org   700
unstableftp-stud.hs-esslingen.de   500 xenial
updates.signal.org   500 oldstable   packages.x2go.org   500
oldstable   ftp-stud.hs-esslingen.de   500 grml-testing
deb.grml.org   500 grml-stable deb.grml.org 1 experimental
ftp-stud.hs-esslingen.de
--- Package information. ---
Depends   (Version) | Installed
===-+-===
libavcodec57  (>= 10:3.4.2) | libavformat57
   (>= 10:3.4.2) | libavutil55   (>= 10:3.4.2) | libc6
  (>= 2.14) | libcddb2
 | libcdparanoia0   (>= 3.10.2+debian) | libebur128-1
 (>= 1.1.0) | libgcc1  (>=
1:3.0) | libmpg123-0  (>= 1.6.2) | libmtp9
   (>= 1.1.3) | libmusicbrainz5cc2v5   (>= 5.1)
| libqt5concurrent5(>= 5.0.2) | libqt5core5a
   (>= 5.9.0~beta) | libqt5dbus5  (>= 5.0.2) |
libqt5gui5   (>= 5.7.0) | libqt5network5
  (>= 5.0.2) | libqt5sql5   (>= 5.0.2) |
libqt5svg5  (>= 5.6.0~beta) | libqt5widgets5
 (>= 5.6.0~beta) | libqt5xml5   (>= 5.0.2) |
libstdc++6 (>= 5.2) | libtag-extras1
  (>= 1.0.0) | libtag1v5 (>= 1.11) |
libudev1   (>= 183) | libvlc5
(>= 1:3.0.0) | zlib1g (>= 1:1.1.4) |
fonts-font-awesome  | libqt5sql5-sqlite
 |

Recommends   (Version) | Installed
==-+-===
liburi-perl| 1.73-1


Suggests   (Version) | Installed
-+-===
media-player-info| 23-1
mpd  |

Bug#891775: libslepc3.7-dev: SLEPC_DIR in slepcconf.h refers to builddir not installdir

[Drew Parsons]

Package: libslepc3.7-dev
Version: 3.7.4+dfsg1-2+b5
Severity: normal

slepcconf.h is generated at build time and installed in the include
directory.

It contains a definition of SLEPC_DIR, which currently is populated
with the builddir.  It should instead refer to the installdir (as used
for SLEPC_LIB_DIR in the same file)


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libslepc3.7-dev depends on:
ii  libslepc3.7.4-dev  3.7.4+dfsg1-2+b5

libslepc3.7-dev recommends no packages.

libslepc3.7-dev suggests no packages.

-- no debconf information

Bug#891691: [Pkg-mailman-hackers] Bug#891691: mailman3-core: Cannot install mailman3-suite with mysql database

[Pierre-Elliott Bécue]

Le mercredi 28 février 2018 à 01:55:23+, Colin Turner a écrit :
> Package: mailman3-core
> Version: 3.1.1-4
> Severity: normal
> 
> Dear Maintainer,
> 
> Many thanks for your work on these packages. I'm following up from bug 891553.
> 
> I have attempted to install mailman3-suite, and allowed automatic 
> configuration using mysql. I think this was the default presented choice.
> This configuration failed, with this error transcript.
> 
> Errors were encountered while processing:
>  mailman3-suite
> E: Sub-process /usr/bin/dpkg returned an error code (1)
> Setting up mailman3-suite (0+20170523-10) ...
> Determining localhost credentials from /etc/mysql/debian.cnf: succeeded.
> dbconfig-common: writing config to /etc/dbconfig-common/mailman3-suite.conf
> mailman3suite already exists and has privileges on mailman3suite.
> creating database mailman3suite: already exists.
> dbconfig-common: flushing administrative password
> Traceback (most recent call last):
>   File "/usr/bin/django-admin", line 21, in 
> management.execute_from_command_line()
>   File "/usr/lib/python2.7/dist-packages/django/core/management/__init__.py", 
> line 364, in execute_from_command_line
> utility.execute()
>   File "/usr/lib/python2.7/dist-packages/django/core/management/__init__.py", 
> line 338, in execute
> django.setup()
>   File "/usr/lib/python2.7/dist-packages/django/__init__.py", line 27, in 
> setup
> apps.populate(settings.INSTALLED_APPS)
>   File "/usr/lib/python2.7/dist-packages/django/apps/registry.py", line 108, 
> in populate
> app_config.import_models()
>   File "/usr/lib/python2.7/dist-packages/django/apps/config.py", line 202, in 
> import_models
> self.models_module = import_module(models_module_name)
>   File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
> __import__(name)
>   File "/usr/lib/python2.7/dist-packages/hyperkitty/models/__init__.py", line 
> 27, in 
> from .category import ThreadCategoryg
>   File "/usr/lib/python2.7/dist-packages/hyperkitty/models/category.py", line 
> 30, in 
> class ThreadCategory(models.Model):
>   File "/usr/lib/python2.7/dist-packages/django/db/models/base.py", line 124, 
> in __new__
> new_class.add_to_class('_meta', Options(meta, app_label))
>   File "/usr/lib/python2.7/dist-packages/django/db/models/base.py", line 325, 
> in add_to_class
> value.contribute_to_class(cls, name)
>   File "/usr/lib/python2.7/dist-packages/django/db/models/options.py", line 
> 214, in contribute_to_class
> self.db_table = truncate_name(self.db_table, 
> connection.ops.max_name_length())
>   File "/usr/lib/python2.7/dist-packages/django/db/__init__.py", line 33, in 
> __getattr__
> return getattr(connections[DEFAULT_DB_ALIAS], item)
>   File "/usr/lib/python2.7/dist-packages/django/db/utils.py", line 211, in 
> __getitem__
> backend = load_backend(db['ENGINE'])
>   File "/usr/lib/python2.7/dist-packages/django/db/utils.py", line 115, in 
> load_backend
> return import_module('%s.base' % backend_name)
>   File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
> __import__(name)
>   File "/usr/lib/python2.7/dist-packages/django/db/backends/mysql/base.py", 
> line 30, in 
> 'Did you install mysqlclient or MySQL-python?' % e
> django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: No 
> module named MySQLdb.
> Did you install mysqlclient or MySQL-python?
> dpkg: error processing package mailman3-suite (--configure):
>  installed mailman3-suite package post-installation script subprocess 
> returned error exit status 1
> Errors were encountered while processing:
>  mailman3-suite
> 
> So I'm guessing there is a missing dependency here. I tried installing 
> python-mysqldb, but this provided a different error:
> 
> Errors were encountered while processing:
>  mailman3-suite
> E: Sub-process /usr/bin/dpkg returned an error code (1)
> Setting up mailman3-suite (0+20170523-10) ...
> Determining localhost credentials from /etc/mysql/debian.cnf: succeeded.
> dbconfig-common: writing config to /etc/dbconfig-common/mailman3-suite.conf
> mailman3suite already exists and has privileges on mailman3suite.
> creating database mailman3suite: already exists.
> dbconfig-common: flushing administrative password
> Traceback (most recent call last):
>   File "/usr/bin/django-admin", line 21, in 
> management.execute_from_command_line()
>   File "/usr/lib/python2.7/dist-packages/django/core/management/__init__.py", 
> line 364, in execute_from_command_line
> utility.execute()
>   File "/usr/lib/python2.7/dist-packages/django/core/management/__init__.py", 
> line 356, in execute
> self.fetch_command(subcommand).run_from_argv(self.argv)
>   File "/usr/lib/python2.7/dist-packages/django/core/management/base.py", 
> line 283, in run_from_argv
> self.execute(*args, **cmd_options)
>   File "/usr/lib/python2.7/dist-packages/django/core/management/base.py", 
> line 330, in 

Bug#891773: grub-pc: segfault when running /etc/kernel/postrm.d/zz-update-grub

[Diederik de Haas]

Package: grub-pc
Version: 2.02+dfsg1-2
Severity: normal

Latest update brought this new version of GRUB with it, but when it's
running /etc/kernel/postrm.d/zz-update-grub, I get several segfaults.
This happened on the update of grub-pc, but it also happened when I
removed (some) kernel(s) from my system.

# aptitude purge linux-image-3.16.0-4-amd64
The following packages will be REMOVED:
  linux-image-3.16.0-4-amd64{p}
0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 163 MB will be freed.
Do you want to continue? [Y/n/?]
(Reading database ... 442833 files and directories currently installed.)
Removing linux-image-3.16.0-4-amd64 (3.16.7-ckt11-1) ...
/etc/kernel/postrm.d/initramfs-tools:
update-initramfs: Deleting /boot/initrd.img-3.16.0-4-amd64
/etc/kernel/postrm.d/zz-update-grub:
Generating grub configuration file ...
Segmentation fault
Segmentation fault
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-4.15.0-1-amd64
Found initrd image: /boot/initrd.img-4.15.0-1-amd64
Segmentation fault
Found linux image: /boot/vmlinuz-4.14.0-3-amd64
Found initrd image: /boot/initrd.img-4.14.0-3-amd64
Found linux image: /boot/vmlinuz-4.13.0-1-amd64
Found initrd image: /boot/initrd.img-4.13.0-1-amd64
Found linux image: /boot/vmlinuz-4.9.0-3-amd64
Found initrd image: /boot/initrd.img-4.9.0-3-amd64
Found Microsoft Windows XP Professional on /dev/sdb2
done


-- Package-specific info:

*** BEGIN /proc/mounts
/dev/nvme0n1p3 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
/dev/nvme0n1p2 /boot ext4 rw,relatime,data=ordered 0 0
/dev/sda3 /home ext4 rw,relatime,data=ordered 0 0
/dev/sdb6 /home/diederik/media ext4 rw,relatime,data=ordered 0 0
/dev/md0 /home/diederik/dev ext4 rw,relatime,stripe=256,data=ordered 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/device.map
(hd0)   /dev/disk/by-id/ata-WDC_WD3000HLFS-01G6U0_WD-WXL908100455
(hd1)   /dev/disk/by-id/ata-Maxtor_6L200M0_L408BNRH
(hd2)   /dev/disk/by-id/usb-Generic_Flash_Disk_CA2FA22A-0:0
*** END /boot/grub/device.map

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod ext2
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root  a2a5e481-0ac6-4e68-818f-38255bf7dd57
else
  search --no-floppy --fs-uuid --set=root a2a5e481-0ac6-4e68-818f-38255bf7dd57
fi
font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=C
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root  a2a5e481-0ac6-4e68-818f-38255bf7dd57
else
  search --no-floppy --fs-uuid --set=root a2a5e481-0ac6-4e68-818f-38255bf7dd57
fi
insmod png
if background_image /usr/share/desktop-base/softwaves-theme/grub/grub-4x3.png; 
then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu 
--class os $menuentry_id_option 
'gnulinux-simple-a2a5e481-0ac6-4e68-818f-38255bf7dd57' 

Bug#891705: [Pkg-dns-devel] Bug#891705: Apparmor policy prevents chown/chmod of the Unix control socket

[Simon Deziel]

On 2018-02-28 11:48 AM, Simon Deziel wrote:
> Yes, I'm working on a pull request/merge proposal via salsa.debian.org.
> I'll be proposing a fix for all 3 Apparmor related bugs with the Unbound
> profile. Shouldn't be too long. Thanks!

I couldn't find a way to do the merge proposal through the WebUI of
salsa (maybe because I'm a -guest). Please see the refreshed Apparmor
profile at [1]. Feedback is welcome of course!

Regards,
Simon

1: https://salsa.debian.org/sdeziel-guest/unbound/tree/apparmor-refresh

Bug#883963: stretch-pu: package xchain/1.0.1-9~deb9u1

[Adrian Bunk]

Control: tags -1 -moreinfo

On Sat, Jan 13, 2018 at 06:17:18PM +0100, Julien Cristau wrote:
> Control: tag -1 moreinfo
> 
> On Sat, Dec  9, 2017 at 21:21:27 +0100, Andreas Beckmann wrote:
> 
> > Package: release.debian.org
> > Severity: normal
> > Tags: stretch
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > Let's fix the dependency problem of xchain in stretch, too. #878090
> > It calls /usr/bin/wish, therefore it needs to depend on wish and not
> > tk8.5 (which no longer provides the generic wish binary, that's tk8.6
> > realm now).
> > 
> Was there a reason for the version-specific tk dependency? Was xchain
> tested with wish 8.6?

Except for the half day when 1.0.1-8 was in unstable,
xchain has always[1] called /usr/bin/wish.

/usr/bin/wish is provided by the tk package,
and points to wish8.6 in unstable since
tcltk-defaults 8.6.0+8 was uploaded on 08 Mar 2014.

xchain works for me with 8.6, and there are no bugs in the BTS 
indicating that it wouldn't work in jessie (sic) or stretch.

The only bug was the dependency "tk8.5 | wish",
the tk8.5 package never provided /usr/bin/wish.

> Cheers,
> Julien

cu
Adrian

[1] at least since wheezy, I haven't checked older versions

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#891757: package's /etc/udhcpd.conf still mentions obsolete "remaining" option

[Nathan Stratton Treadway]

On Wed, Feb 28, 2018 at 10:36:46 -0500, Nathan Stratton Treadway wrote:
> (Comparing those two files quickly I don't see any other obsolete option
> still listed in the Debian /etc/udhcpd.conf file.)

Actually, looking a little more closely it seems that this
Debian-specific file was copied (essentially unchanged) from the
upstream "examples" version of the file shortly before the
above-mentioned commit 2b0e95780863da44f6a9244699ece8620a599e19, and it
hasn't been updated since.  So perhaps it would make sense just to
distribute the upstream version as Debian's /etc/udhcpd.conf rather than
having a separate copy?

=
$ git diff 
2b0e95780863da44f6a9244699ece8620a599e19^1:examples/udhcp/udhcpd.conf 
HEAD:debian/tree/udhcpd/etc/udhcpd.conf | cat
diff --git 
a/2b0e95780863da44f6a9244699ece8620a599e19^1:examples/udhcp/udhcpd.conf 
b/HEAD:debian/tree/udhcpd/etc/udhcpd.conf
index 8c9a968..672c481 100644
--- a/2b0e95780863da44f6a9244699ece8620a599e19^1:examples/udhcp/udhcpd.conf
+++ b/HEAD:debian/tree/udhcpd/etc/udhcpd.conf
@@ -114,7 +114,7 @@ option  lease   864000  # 10 days of seconds
 #opt ntpsrv
 #opt tftp
 #opt bootfile
-
+#opt wpad
 
 # Static leases map
 #static_lease 00:60:08:11:CE:4E 192.168.0.54
$ git log debian/tree/udhcpd/etc/udhcpd.conf
commit 9f5c542f05969830b28e16d73c2f8af69c742a90
Author: Bastian Blank 
Date:   Sat Nov 7 18:26:56 2009 +

* debian/busybox-syslogd.busybox-klogd.init, debian/busybox-syslogd.default,
  debian/busybox-syslogd.init, debian/busybox-syslogd.links,
  debian/udhcpc.install, debian/udhcpc.links,
  debian/udhcpd.install, debian/udhcpd.links: Add.
* debian/config/deb, debian/config/static: Enable FEATURE_PIDFILE-
* debian/control: Add new binary packages.
* debian/copyright: Fix typo.
* debian/rules: Build new binary packages.
* debian/tree/udhcpc, debian/tree/udhcpd: Add trees.

r61201

=


Nathan

Bug#865624: Applying the patch

[Michael Lowe]

Can someone please tell me how to apply this patch and build it without
having to install qt5?

Bug#891772: stretch-pu: package tinyproxy/1.8.4-3~deb9u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

   * Add sighup_hang.patch: Fix Tinyproxy ceasing to listen to connections
 after it receives a SIGHUP, something that happens daily in our default
 setup (closes: #880427).
   * Fix path to tinyproxy.conf in sysvinit script. Thanks, Guo Yixuan (郭溢譞)
 (closes: #870325).
   * Add Depends on adduser.
diff -Nru tinyproxy-1.8.4/debian/changelog tinyproxy-1.8.4/debian/changelog
--- tinyproxy-1.8.4/debian/changelog2017-01-21 13:40:00.0 +0200
+++ tinyproxy-1.8.4/debian/changelog2018-02-28 19:33:56.0 +0200
@@ -1,3 +1,22 @@
+tinyproxy (1.8.4-3~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+ -- Adrian Bunk   Wed, 28 Feb 2018 19:33:56 +0200
+
+tinyproxy (1.8.4-3) unstable; urgency=medium
+
+  * Add sighup_hang.patch: Fix Tinyproxy ceasing to listen to connections
+after it receives a SIGHUP, something that happens daily in our default
+setup (closes: #880427).
+  * Fix path to tinyproxy.conf in sysvinit script. Thanks, Guo Yixuan (郭溢譞)
+(closes: #870325).
+  * Add Depends on adduser.
+  * Update Standards-Version to 4.1.1, with no changes needed.
+
+ -- Jordi Mallach   Wed, 15 Nov 2017 02:28:58 +0100
+
 tinyproxy (1.8.4-2) unstable; urgency=medium
 
   * Remove obsolete preinst and postinst maintainer scripts.
@@ -270,13 +289,13 @@
 
 tinyproxy (1.6.2-3) unstable; urgency=low
 
-  * Properly close file handles on daemonize (Closes: #248124) 
+  * Properly close file handles on daemonize (Closes: #248124)
 
  -- Ed Boraas   Mon,  9 Aug 2004 22:23:55 -0600
 
 tinyproxy (1.6.2-2) unstable; urgency=low
 
-  * Actually depend on logrotate 
+  * Actually depend on logrotate
 
  -- Ed Boraas   Mon,  9 Aug 2004 18:16:09 -0600
 
@@ -303,22 +322,22 @@
 
 tinyproxy (1.6.1-1) unstable; urgency=low
 
-  * New upstream release (Closes: #186935) 
+  * New upstream release (Closes: #186935)
 
  -- Ed Boraas   Mon, 11 Aug 2003 19:32:18 -0600
 
 tinyproxy (1.5.1-2) unstable; urgency=low
 
-  * Open logfile with elevated permissions, passing fd to children 
+  * Open logfile with elevated permissions, passing fd to children
 (Closes: #159614)
 * Urgency still low since the affected version is not in testing
- 
+
  -- Ed Boraas   Wed, 4 Sep 2002 23:05:16 -0600
 
 tinyproxy (1.5.1-1) unstable; urgency=low
 
   * New upstream release (Closes: #157315)
- 
+
  -- Ed Boraas   Sat, 24 Aug 2002 16:48:50 -0600
 
 tinyproxy (1.4.3-3) unstable; urgency=high
@@ -328,7 +347,7 @@
   * postrm only cleans /etc/tinyproxy on purge, as it should have
   * SECURITY: Please use this package in woody, as -2 won't
 upgrade over 1.4.3-1 because of the postrm bug
- 
+
  -- Ed Boraas   Thu, 23 May 2002 06:54:19 -0700
 
 tinyproxy (1.4.3-2) unstable; urgency=high
@@ -394,7 +413,7 @@
 tinyproxy (1.3.3b-1) unstable; urgency=low
 
   * New upstream release
-  * Fixed some obscure file permissions that were causing 
+  * Fixed some obscure file permissions that were causing
 problems for the auto-builders (Closes: #92099)
 
  -- Ed Boraas   Thu, 29 Mar 2001 07:05:19 -0700
diff -Nru tinyproxy-1.8.4/debian/control tinyproxy-1.8.4/debian/control
--- tinyproxy-1.8.4/debian/control  2017-01-13 11:21:07.0 +0200
+++ tinyproxy-1.8.4/debian/control  2017-11-15 03:28:58.0 +0200
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Ed Boraas 
 Uploaders: Jordi Mallach 
-Standards-Version: 3.9.8
+Standards-Version: 4.1.1
 Build-Depends: debhelper (>= 10),
asciidoc,
xmlto
@@ -13,7 +13,7 @@
 
 Package: tinyproxy
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate, lsb-base (>= 3.0-6)
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, logrotate, lsb-base (>= 
3.0-6)
 Description: Lightweight, non-caching, optionally anonymizing HTTP proxy
  An anonymizing HTTP proxy which is very light on system resources,
  ideal for smaller networks and similar situations where other proxies
diff -Nru tinyproxy-1.8.4/debian/init tinyproxy-1.8.4/debian/init
--- tinyproxy-1.8.4/debian/init 2017-01-12 12:45:28.0 +0200
+++ tinyproxy-1.8.4/debian/init 2017-11-15 02:38:47.0 +0200
@@ -14,7 +14,7 @@
 # 
 
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-CONFIG=/etc/tinyproxy.conf
+CONFIG=/etc/tinyproxy/tinyproxy.conf
 DAEMON=/usr/sbin/tinyproxy
 DESC="Tinyproxy lightweight HTTP proxy daemon"
 FLAGS=
diff -Nru tinyproxy-1.8.4/debian/patches/series 
tinyproxy-1.8.4/debian/patches/series
--- tinyproxy-1.8.4/debian/patches/series   1970-01-01 02:00:00.0 
+0200
+++ tinyproxy-1.8.4/debian/patches/series   2017-11-15 02:22:25.0 
+0200
@@ -0,0 +1 @@
+sighup_hang.patch

Bug#740146: qtiplot crash when switching to python

[Günter Frenz]

Hi,

does anybody read this? About 2 months ago I reported that the bug is
again open in the current version of qtiplot: 0.9.8.9-17. Up to now not
a single reaction on this report is definitely not what I expect from a
bug-report system and a maintainer-team...

regards

Günter

-- 
---
Günter Frenz
Börschgasse 16a, D-51143 Köln
(h) gu...@freenet.de, gu...@guefz.de
(w) f...@gso-koeln.de
---




pgpqW9WTKANsw.pgp
Description: Digitale Signatur von OpenPGP

Bug#851594: cpm: FTBFS if ncursesw5-config is not present

[Sven Joachim]

Control: severity -1 important

On 2017-01-16 18:44 +0100, Sven Joachim wrote:

> Source: cpm
> Version: 0.32-1.2
> User: ncur...@packages.debian.org
> Usertags: ncurses5-config
>
> The ncurses development packages are going to see a change after the
> Stretch release, ncursesw5-config will be replaced by ncursesw6-config.
> Your package FTBFS if ncursesw5-config is not present on the build
> system.  From my pbuilder log:
>
> ,
> | checking for wget_wch in -lncursesw... yes
> | checking for ncursesw5-config... no
> | : error: Could not find ncursesw5-config anywhere.
> `

This is now reproducible by installing libncurses-dev from experimental.

> The configure script should search for ncursesw6-config in addition to
> ncursesw5-config, or even better use pkg-config instead.

Cheers,
   Sven

Bug#891771: ITP: libauth-googleauth-perl -- Google Authenticator TBOT Abstraction

[Xavier Guimard]

Package: wnpp
Severity: wishlist
Owner: Xavier Guimard 

* Package name: libauth-googleauth-perl
  Version : 1.02
  Upstream Author : Gryphon Shafer 
* URL : https://metacpan.org/pod/Auth::GoogleAuth
* License : Aristic or GPL-1+
  Programming Lang: Perl
  Description : Google Authenticator TOTP Abstraction

Auth::GoogleAuth provides a simplified interface to supporting typical
two-factor authentication with Google Authenticator using the TOTP
Algorithm as defined by RFC 6238. Although Google Authenticator supports
both TOTP and HOTP, at the moment, this module only supports TOTP.

Bug#850735: the: FTBFS if ncurses5-config is not present

[Sven Joachim]

Control: severity -1 important

On 2017-01-09 21:08 +0100, Sven Joachim wrote:

> Source: the
> Version: 3.3~rc1-3
> User: ncur...@packages.debian.org
> Usertags: ncurses5-config
>
> The ncurses development packages are going to see a change after the
> Stretch release, ncurses5-config will be replaced by ncurses6-config.
> Your package FTBFS if ncurses5-config is not present on the build
> system.  From my pbuilder log:
>
> ,
> | checking for ncurses5-config... no
> | checking for location of ncurses.h header file... found in /usr/include
> | checking for location of ncurses library file... configure: error:
> | Cannot find curses library file: ncurses; cannot configure
> | debian/rules:23: recipe for target 'stamp-configure' failed
> | make: *** [stamp-configure] Error 1
> | dpkg-buildpackage: error: debian/rules build gave error exit status 2
> `

This still happens, now reproducible by installing libncurses-dev from
experimental.

Cheers,
   Sven

Bug#891731: nvidia-legacy-check: check fails preventing apt full-upgrade

[Andreas Beckmann]

On 2018-02-28 14:39, John Kozak wrote:
> Thanks - one more thing: on a reboot (yes, I should have checked this
> before filing an all-clear!) X didn't start but was fixed by
> `update-glx` (changing from 0 to 2):
> 
>   $ sudo update-glx --config nvidia
>   There are 2 choices for the alternative nvidia (providing 
> /usr/lib/nvidia/nvidia).
> 
> SelectionPath  Priority   Status
>   
> 0/usr/lib/nvidia/current384   auto mode
> 1/usr/lib/nvidia/current384   manual mode
>   * 2/usr/lib/nvidia/legacy-340xx   340   manual mode
> 
> /usr/lib/nvidia/current is an empty directory.

If that directory and the alternative still exist, some packages from
the current driver must still be installed. Or you found another bug.

Please send the output of

dpkg -l | grep nvidia

dpkg -S /usr/lib/nvidia/current

I suspect the nvidia-alternative package to be still installed (not the
-legacy-340xx one, that of course needs to be there), but that shouldn't
be possible after you purged nvidia-legacy-check.


Andreas

Bug#891705: [Pkg-dns-devel] Bug#891705: Apparmor policy prevents chown/chmod of the Unix control socket

[Simon Deziel]

Hello Robert,

On 2018-02-28 11:31 AM, Robert Edmonds wrote:
> Did you mean to include the fix in your bug report?

Yes, I'm working on a pull request/merge proposal via salsa.debian.org.
I'll be proposing a fix for all 3 Apparmor related bugs with the Unbound
profile. Shouldn't be too long. Thanks!

Regards,
Simon

Bug#851238: angband: disables ncurses frontend if ncursesw5-config is not present

[Sven Joachim]

Control: severity -1 important
Control: tags -1 upstream

On 2017-01-13 09:35 +0100, Sven Joachim wrote:

> Source: angband
> Version: 1:3.5.1-2.2
> User: ncur...@packages.debian.org
> Usertags: ncurses5-config
>
> The ncurses development packages are going to see a change after the
> Stretch release, ncursesw5-config will be replaced by ncursesw6-config.
> Your package disables the ncurses frontend if ncursesw5-config is not
> present on the build system.  From my pbuilder log:
>
> ,
> | checking for ncursesw5-config... no
> | checking for ncurses - wide char support... no
> | *** The ncursesw5-config script installed by ncursesw could not be found
> | *** If ncursesw was installed in PREFIX, make sure PREFIX/bin is in
> | *** your path, or set the NCURSES_CONFIG environment variable to the
> | *** full path to ncursesw5-config.
> | [...]
> | -- Frontends --
> | - Curses  No; missing libraries
> `

This is still the case today and can be tested with the ncurses version
in experimental.  Alas, the broken configure check is still the same in
angband 4.1.2. :-(

> The archlinux people did[1]
>
> sed -i 's/ncursesw5-config/ncursesw6-config/g' acinclude.m4
>
> which obviously only works if
>
> a) ncurses actually starts shipping ncursesw6-config, and
> b) angband regenerates the configure script, e.g. with dh_autoreconf.
>
>
> 1. 
> https://git.archlinux.org/svntogit/community.git/commit/angband/trunk/PKGBUILD?id=e57bea45a128bfd527bfc6e6c70f0d5ca1d78f8f

To ensure that ncursesw6-config is present, a build-dependency on
libncurses-dev (>= 6.1+20180210) could be added.  Which at the moment
only works in experimental.

Cheers,
   Sven

Bug#891705: [Pkg-dns-devel] Bug#891705: Apparmor policy prevents chown/chmod of the Unix control socket

[Robert Edmonds]

Simon Deziel wrote:
> Without the fix, ls -l returns this:

Hi, Simon:

Did you mean to include the fix in your bug report?

-- 
Robert Edmonds
edmo...@debian.org