Bug#931939: ITA: acpitool -- command line ACPI client

[jathan]

Hi Michael,

I intent to adopt the acpitool package,

Best regards
Jonathan Bustillos

-- 
Por favor evita enviarme adjuntos en formato de word o powerpoint, si
quieres saber porque lee esto:
http://www.gnu.org/philosophy/no-word-attachments.es.html
¡Cámbiate a GNU/Linux! http://getgnulinux.org/es





signature.asc
Description: OpenPGP digital signature

Bug#934346: sbuild: No need to install fakeroot for source packages with Rules-Requires-Root: no

[Johannes Schauer]

Quoting Johannes Schauer (2019-08-10 07:16:53)
> Quoting Daniel Schepler (2019-08-10 04:45:05)
> > I notice that on my source packages which declare
> > "Rules-Requires-Root: no" I still see sbuild installing fakeroot in
> > the chroot which shouldn't be necessary.
> 
> please be more specific. When does sbuild install fakeroot for you?

ah I see it now. This could indeed be fixed. Thanks!


signature.asc
Description: signature

Bug#934348: ITP: python3-flask-marshmallow -- Flask + marshmallow for beautiful APIs

[Utkarsh Gupta]

Package: wnpp
Severity: wishlist
Owner: Utkarsh Gupta 

* Package name: python3-flask-marshmallow
  Version : 0.10.1
  Upstream Author : Steven Loria
* URL : https://github.com/marshmallow-code/flask-marshmallow
* License : Expat
  Programming Lang: Python
  Description : Flask + marshmallow for beautiful APIs

 Flask-Marshmallow is a thin integration layer for Flask (a Python web
 framework) and marshmallow (an object serialization/deserialization
library)
 that adds additional features to marshmallow, including URL and Hyperlinks
 fields for HATEOAS-ready APIs.
 .
 It also (optionally) integrates with Flask-SQLAlchemy.


Best,
Utkarsh

Bug#934346: sbuild: No need to install fakeroot for source packages with Rules-Requires-Root: no

[Johannes Schauer]

Hi,

Quoting Daniel Schepler (2019-08-10 04:45:05)
> I notice that on my source packages which declare
> "Rules-Requires-Root: no" I still see sbuild installing fakeroot in
> the chroot which shouldn't be necessary.

please be more specific. When does sbuild install fakeroot for you?

Thanks!

cheers, josch


signature.asc
Description: signature

Bug#934347: dose3 FTBFS with OCaml 4.08.0 (safe strings)

[Stéphane Glondu]

Source: dose3
Version: 5.0.1-12
Severity: important

Dear Maintainer,

Your package dose3 FTBFS with OCaml 4.08.0 because -safe-string is now
the default.

Please provide a version of dose3 that works with -safe-string. Note:
this can be done before OCaml is updated because the current version in
unstable (4.05.0) already supports -safe-strings.

Cheers,

-- 
Stéphane

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#869733: ispell.1X: Fix some formatting and textual matters

[Geoff Kuenning]

Yes, K doesn't automatically mean bytes.  When somebody makes 
$100K per year, they're not earning their pay in bytes.


In any case, that line in ispell.1X is horribly obsolete.  I just 
did a quick test of the largest word list I have; it did 80K roots 
in 1.7 seconds on my laptop.  I'm going to remove the line; I 
didn't realize it was still there.



Bjarni Ingi Gislason writes:

Hi,


Package: ispell
Version: 3.4.00-6
Severity: minor

  The patch is in the attachment.


Sorry for the delay, Thanks for the patch, I've just applied it 
in git,

see [1].

As your patch was apparently for the older version of ispell 
(3.3.02),
some of your corrections were already there. Additionally I've 
changed

your fix for:
  "-munching a normal-sized dictionary (15K roots, 45K expanded 
  words)"

from:
  "+munching a normal-sized dictionary (15\ kB roots, 45\ kB 
  expanded

words)"
to:
  "+munching a normal-sized dictionary (15000 roots, 45000 
  expanded words)"
as K meaning just "kilo", i.e. "thousand", here seemed more 
sensible to me.


[1]
https://salsa.debian.org/debian/ispell/blob/7416a731b3efb8586bca56099194e2fc66996399/debian/patches/0039-Man-page-issues-fix.patch

Regards,
robert




--
   Geoff Kuenning   ge...@cs.hmc.edu 
   http://www.cs.hmc.edu/~geoff/


It's is not, it isn't ain't, and it's it's, not its, if you mean 
it
is.  If you don't, it's its.  Then too, it's hers.  It isn't 
her's.  It

isn't our's either.  It's ours, and likewise yours and theirs.
   -- Oxford University Press, Edpress News

Bug#934282: zfs-dkms: fails to install for 5.2.0-2-amd64 due to GPL-only symbol 'alternatives_patched'

[Craig Sanders]

I tested this on one of my ZFS testing VMs ('ztest') and can confirm that
zfs-dkms 0.8.1 compiles against 5.2.0-2-amd64 when the patch is applied to
/var/lib/dkms/zfs/0.8.1/source/include/linux/simd_x86.h

ztest:~# dkms status
zfs, 0.8.1, 4.19.0-3-amd64, x86_64: installed
zfs, 0.8.1, 4.19.0-5-amd64, x86_64: installed
zfs, 0.8.1, 5.2.0-2-amd64, x86_64: installed


The VM reboots successfuly and the zfs pool is working normally:

ztest:~# uname -a
Linux ztest 5.2.0-2-amd64 #1 SMP Debian 5.2.7-1 (2019-08-07) x86_64 GNU/Linux

ztest:~# zpool status
  pool: tank1
 state: ONLINE
  scan: scrub repaired 0B in 0 days 00:00:02 with 0 errors on Sat Aug 10 
13:47:04 2019
config:

NAMESTATE READ WRITE CKSUM
tank1   ONLINE   0 0 0
  mirror-0  ONLINE   0 0 0
virtio-VD-0005  ONLINE   0 0 0
virtio-VD-0006  ONLINE   0 0 0

errors: No known data errors

craig

--
craig sanders 

Bug#934244: mshr: please disable parallel building to avoid FTBFS

[Drew Parsons]

Source: mshr
Followup-For: Bug #934244

CGAL triggers out-of-memory on mips/mipsel.  I suspect disabling
parallel builds won't fix that. But perhaps it won't hurt to try.

Drew


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#934346: sbuild: No need to install fakeroot for source packages with Rules-Requires-Root: no

[Daniel Schepler]

Package: sbuild
Version: 0.78.1-2
Severity: wishlist

I notice that on my source packages which declare
"Rules-Requires-Root: no" I still see sbuild installing fakeroot in
the chroot which shouldn't be necessary.
-- 
Daniel Schepler

Bug#934345: buster-pu: package gosa/2.7.4+reloaded3-8+deb10u1

[Mike Gabriel]

On Sat, 10 Aug 2019 04:09:33 +0200 Mike Gabriel  
wrote:


> + * debian/patches:
> + + Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch.
> + Perform stricter check on LDAP success/failure (CVE-2019-11187).
>
> Considered severe issue by FusionDirectory upstream, assessment by the
> security team says: no-dsa issue. In theory, the flaw that got fixed 
could

> let someone into the FusionDirectory WebUI with a wrong password.

Sorry, the FusionDirectory upstream consider this issue severe, not only 
in FD, but also in GOsa.


For this upload approval request, the flaw, of course, can possibly 
allow someone to get into the GOsa WebUI with a wrong password.


Sorry for the confusion in the last line of the previous mail/paragraph.

Mike

Bug#927433: stretch-pu: package gosa/2.7.4+reloaded2-13+deb9u2

[Mike Gabriel]

Hi again,

On Fri, 19 Apr 2019 19:53:33 +0200 Mike Gabriel  
wrote:

> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian@packages.debian.org
> Usertags: pu
>
> Dear stable release team,
>
> now that we could avoid the full backport of gosa from buster to stretch
> (see #927306), the Debian Edu team would still like to introduce various
> fixes for gosa to the next Debian 9 point release.
>
> Some issues require a fix (RC / important), some are small fixes here and
> there that caused people pain and have been resolved in Debian buster's
> gosa.
>
> Resorting the patches, the most critical come first:
>
>
> Critical (appear often, problematic for the users):
>
> + + Add 1043_smarty-add-on-function-param-types.patch.
> + Fix missing password field, caused by PHP error "parameter 2 expected
> + to be a reference, value given". (Closes: #918578).
>
> -> definitely happens in Debian buster, I have seen it once on Debian
> stretch.
>
> + + Add 1045_dont_use_filter_caching.patch. Disable filter caching via
> + $_SESSION. The approach stores PHP object in $_SESSION; since php7.0
> + this leads to unexpected results and flawed rendering of 
class_management

> + based listings. (Closes: #907815).
>
> -> issue is reproducable on Debian stretch, may be a security issue in
> fact (as sort-of-random / old data gets accessed).
>
> + + Add 1031_no-context-loose-continues.patch.
> + Avoid stray continue expression. (Closes: #879105).
>
> -> issue occurs on PHP7, rendering of management view gets aborted 
with error.

>
>
> Important fixes (as they can break things when they occur):
>
> + + Add 1029_better-whitespace-cleanup-in-genuid.patch.
> + Prevent gen_uids() from generating UIDs containing blanks.
>
> -> we saw login uids generated with blanks. If the pattern is
> 3 initial from last name, 3 from first name, and the user is
> Chen Wu -> login uid: "wu che" (which is bad on POSIX).
>
> + + Add 1032_fix_select_acl_role.patch.
> + Use ACL from role definition: Select the correct role.
>
> -> When returning to ACL editing and a role was used for an
> ACL and there are more than one role, always the top role (not
> the one configured) gets pre-selected.
>
> + + Add 1033_fix_unable_to_delete_acl_asignment.patch.
> + Fix removing ACLs from objects (e.g. groups).

I was wondering what the state of this stretch-pu request is?

I attached a new .debdiff version for this potential upload, adding the 
fix for CVE-2019-11187 (no-dsa issue).


Greets+Thanks!
Mike
diff -Nru gosa-2.7.4+reloaded2/debian/changelog 
gosa-2.7.4+reloaded2/debian/changelog
--- gosa-2.7.4+reloaded2/debian/changelog   2018-07-04 09:15:17.0 
+0200
+++ gosa-2.7.4+reloaded2/debian/changelog   2019-04-19 19:03:52.0 
+0200
@@ -1,3 +1,59 @@
+gosa (2.7.4+reloaded2-13+deb9u2) stretch; urgency=medium
+
+  [ Mike Gabriel ]
+  * debian/patches:
++ Add 1029_better-whitespace-cleanup-in-genuid.patch.
+  Prevent gen_uids() from generating UIDs containing blanks.
++ Add 1030_column-header-titles-group-members.patch.
+  Fix column titles in member lists of POSIX groups.
++ Add 1043_smarty-add-on-function-param-types.patch.
+  Fix missing password field, caused by PHP error "parameter 2 expected
+  to be a reference, value given". (Closes: #918578).
++ Update 1026_fix-deprecated-constructor-format.patch. Drop an unwanted
+  find+replace artefact in class_userFilter.
++ Add 1045_dont_use_filter_caching.patch. Disable filter caching via
+  $_SESSION. The approach stores PHP object in $_SESSION; since php7.0
+  this leads to unexpected results and flawed rendering of class_management
+  based listings. (Closes: #907815).
++ Rebase / update 1016_allow-same-user-ids-as-adduser.patch and
+  1026_fix-deprecated-constructor-format.patch.
++ Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch. Perform stricter
+  check on LDAP success/failure (CVE-2019-11187).
+
+  [ Benjamin Zapiec ]
+  * debian/patches:
++ Add 1031_no-context-loose-continues.patch.
+  Avoid stray continue expression. (Closes: #879105).
+
+  [ Christian Schwamborn ]
+  * debian/patches:
++ Add 1032_fix_select_acl_role.patch.
+  Use ACL from role definition: Select the correct role.
++ Add 1033_fix_unable_to_delete_acl_asignment.patch.
+  Fix removing ACLs from objects (e.g. groups).
++ Add 1034_remove_superfluous__get_post__call_from__save_object.patch.
+  class_sortableListing: Remove superfluous get_post() call
+  from_ save_object()
++ Add 1035_acl_override_to_allow_delete_of_group_members.patch.
+  Support member removal from groups, if someone has the right
+  to edit the group.
++ Add 1036_remove_double_groupList_setEditable_setting.patch.
+  Remove duplicate setEditable() for POSIX group lists.
++ Add 1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch.
+  Propagate shadow expiry from user templates to 

Bug#934345: buster-pu: package gosa/2.7.4+reloaded3-8+deb10u1

[Mike Gabriel]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd just uploaded a fix for gosa targetting the first buster point release:

+  * debian/changelog:
++ post-upload fix of patch-1045 explanation...

Cosmetic fixes for the 2.7.4+reloaded3-8 (previous) changelog stanza.

+  * debian/patches:
++ Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch.
+  Perform stricter check on LDAP success/failure (CVE-2019-11187).

Considered severe issue by FusionDirectory upstream, assessment by the
security team says: no-dsa issue. In theory, the flaw that got fixed could
let someone into the FusionDirectory WebUI with a wrong password.

Greets,
Mike

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru gosa-2.7.4+reloaded3/debian/changelog 
gosa-2.7.4+reloaded3/debian/changelog
--- gosa-2.7.4+reloaded3/debian/changelog   2019-04-19 15:24:14.0 
+0200
+++ gosa-2.7.4+reloaded3/debian/changelog   2019-08-10 04:04:23.0 
+0200
@@ -1,3 +1,13 @@
+gosa (2.7.4+reloaded3-8+deb10u1) buster; urgency=medium
+
+  * debian/changelog:
++ post-upload fix of patch-1045 explanation...
+  * debian/patches:
++ Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch.
+  Perform stricter check on LDAP success/failure (CVE-2019-11187).
+
+ -- Mike Gabriel   Sat, 10 Aug 2019 04:04:23 +0200
+
 gosa (2.7.4+reloaded3-8) unstable; urgency=medium
 
   * debian/patches:
@@ -14,8 +24,8 @@
 + Update 1026_fix-deprecated-constructor-format.patch. Drop an
   unwanted find+replace artefact in class_userFilter.
 + Add 1045_dont_use_filter_caching.patch. Disable filter caching via
-  $_SESSION. The filter caching mechanism stores PHP object in ; since
-  php7.0 this has lead to all sorts of unexpected results and flawed
+  $_SESSION. The filter caching mechanism stores PHP object in $_SESSON;
+  since php7.0 this has lead to all sorts of unexpected results and flawed
   rendering of class_management based listings. (Closes: #907815).
   * debian/control:
 + Bump Standards-Version: to 4.3.0. No changes needed.
diff -Nru 
gosa-2.7.4+reloaded3/debian/patches/1046_CVE-2019-11187_stricter-ldap-error-check.patch
 
gosa-2.7.4+reloaded3/debian/patches/1046_CVE-2019-11187_stricter-ldap-error-check.patch
--- 
gosa-2.7.4+reloaded3/debian/patches/1046_CVE-2019-11187_stricter-ldap-error-check.patch
 1970-01-01 01:00:00.0 +0100
+++ 
gosa-2.7.4+reloaded3/debian/patches/1046_CVE-2019-11187_stricter-ldap-error-check.patch
 2019-08-10 04:04:05.0 +0200
@@ -0,0 +1,29 @@
+From f2fd17d4ddead5d3b61ddebf5fd21e043bda30be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=B4me=20Chilliet?= 
+Date: Mon, 29 Jul 2019 09:32:22 +
+Subject: [PATCH] Merge branch 'stricter-ldap-error-check' into '1.4-dev'
+
+:ambulance: fix(ldap) Use a stricter error check in ldap::success()
+
+See merge request fusiondirectory/fd!648
+
+(cherry picked from commit 29ca9876df28e45bb8f4f8960f3760c336936dfc)
+
+[sunweaver (Debian)] Ported over from FD to GOsa².
+
+23936352 :ambulance: fix(ldap) Use a stricter error check in ldap::success()
+---
+ core/include/class_ldap.inc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/gosa-core/include/class_ldap.inc
 b/gosa-core/include/class_ldap.inc
+@@ -931,7 +931,7 @@
+ 
+ function success()
+ {
+-return (preg_match('/Success/i', $this->error));
++return (trim($this->error) === 'Success');
+ }
+ 
+ 
diff -Nru gosa-2.7.4+reloaded3/debian/patches/series 
gosa-2.7.4+reloaded3/debian/patches/series
--- gosa-2.7.4+reloaded3/debian/patches/series  2019-04-19 15:22:28.0 
+0200
+++ gosa-2.7.4+reloaded3/debian/patches/series  2019-08-10 04:04:05.0 
+0200
@@ -63,3 +63,4 @@
 1043_smarty-add-on-function-param-types.patch
 1044_crypto-transition-without-mcrypt.patch
 1045_dont_use_filter_caching.patch
+1046_CVE-2019-11187_stricter-ldap-error-check.patch

Bug#934343: buster-pu: package fusiondirectory/1.2.3-4+deb10u1

[Mike Gabriel]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I just uploaded two fixes for fusiondirectory for buster targetting the 
next/first point release:

+  * debian/patches:
++ Add 0001_CVE-2019-11187_stricter-ldap-error-check.patch.
+  Perform stricter check on LDAP success/failure (CVE-2019-11187).

Considered severe issue by upstream, assessment by the security team say:
no-dsa issue. In theory, the flaw that got fixed could let someone into
the FusionDirectory WebUI with a wrong password.

+  * debian/control:
++ Add to D (fusiondirectory): php-xml. (Closes: #931959).

The installer setup requires php-xml.

Greets,
Mike

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru fusiondirectory-1.2.3/debian/changelog 
fusiondirectory-1.2.3/debian/changelog
--- fusiondirectory-1.2.3/debian/changelog  2019-03-22 15:22:53.0 
+0100
+++ fusiondirectory-1.2.3/debian/changelog  2019-08-08 11:55:44.0 
+0200
@@ -1,3 +1,13 @@
+fusiondirectory (1.2.3-4+deb10u1) buster-security; urgency=medium
+
+  * debian/patches:
++ Add 0001_CVE-2019-11187_stricter-ldap-error-check.patch.
+  Perform stricter check on LDAP success/failure (CVE-2019-11187).
+  * debian/control:
++ Add to D (fusiondirectory): php-xml. (Closes: #931959).
+
+ -- Mike Gabriel   Thu, 08 Aug 2019 11:55:44 +0200
+
 fusiondirectory (1.2.3-4) unstable; urgency=medium
 
   * debian/fusiondirectory.postinst:
diff -Nru fusiondirectory-1.2.3/debian/control 
fusiondirectory-1.2.3/debian/control
--- fusiondirectory-1.2.3/debian/control2019-01-18 11:55:58.0 
+0100
+++ fusiondirectory-1.2.3/debian/control2019-08-08 11:55:44.0 
+0200
@@ -45,6 +45,7 @@
  php-ldap,
  php-mbstring,
  php-recode,
+ php-xml,
  schema2ldif (>= 1.3),
  smarty-gettext (>= 1.1),
  smarty3,
diff -Nru 
fusiondirectory-1.2.3/debian/patches/0001_CVE-2019-11187_stricter-ldap-error-check.patch
 
fusiondirectory-1.2.3/debian/patches/0001_CVE-2019-11187_stricter-ldap-error-check.patch
--- 
fusiondirectory-1.2.3/debian/patches/0001_CVE-2019-11187_stricter-ldap-error-check.patch
1970-01-01 01:00:00.0 +0100
+++ 
fusiondirectory-1.2.3/debian/patches/0001_CVE-2019-11187_stricter-ldap-error-check.patch
2019-08-08 11:48:56.0 +0200
@@ -0,0 +1,32 @@
+From f2fd17d4ddead5d3b61ddebf5fd21e043bda30be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=B4me=20Chilliet?= 
+Date: Mon, 29 Jul 2019 09:32:22 +
+Subject: [PATCH] Merge branch 'stricter-ldap-error-check' into '1.4-dev'
+
+:ambulance: fix(ldap) Use a stricter error check in ldap::success()
+
+See merge request fusiondirectory/fd!648
+
+(cherry picked from commit 29ca9876df28e45bb8f4f8960f3760c336936dfc)
+
+23936352 :ambulance: fix(ldap) Use a stricter error check in ldap::success()
+---
+ core/include/class_ldap.inc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/core/include/class_ldap.inc b/core/include/class_ldap.inc
+index e5b04c28..54090353 100644
+--- a/core/include/class_ldap.inc
 b/core/include/class_ldap.inc
+@@ -906,7 +906,7 @@ class LDAP
+*/
+   function success()
+   {
+-return preg_match('/Success/i', $this->error);
++return (trim($this->error) === 'Success');
+   }
+ 
+   /*!
+-- 
+2.21.0
+
diff -Nru fusiondirectory-1.2.3/debian/patches/series 
fusiondirectory-1.2.3/debian/patches/series
--- fusiondirectory-1.2.3/debian/patches/series 2018-08-24 18:43:03.0 
+0200
+++ fusiondirectory-1.2.3/debian/patches/series 2019-08-08 11:55:44.0 
+0200
@@ -2,3 +2,4 @@
 2002_fusiondirectory-headers.patch
 2003_fusiondirectory-setup.patch
 2004_fusiondirectory-apache-php7.patch
+0001_CVE-2019-11187_stricter-ldap-error-check.patch

Bug#934342: stretch-pu: package fusiondirectory/1.0.19-1+deb9u1

[Mike Gabriel]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I just uploaded two fusiondirectory fixes (one bug, one no-dsa CVE) for the 
next stretch point release:

+  * debian/patches:
++ Add 0001_CVE-2019-11187_stricter-ldap-error-check.patch.
+  Perform stricter check on LDAP success/failure (CVE-2019-11187).

Considered severe issue by upstream, assessment by the security team say:
no-dsa issue. In theory, the flaw that got fixed could let someone into
the FusionDirectory WebUI with a wrong password.

+  * debian/control:
++ Add to D (fusiondirectory): php-xml. (Closes: #931959).

The installer setup requires php-xml, also valid for fusiondirectory in stretch.

Greets,
Mike

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru fusiondirectory-1.0.19/debian/changelog 
fusiondirectory-1.0.19/debian/changelog
--- fusiondirectory-1.0.19/debian/changelog 2017-01-22 21:54:59.0 
+0100
+++ fusiondirectory-1.0.19/debian/changelog 2019-08-08 12:01:12.0 
+0200
@@ -1,3 +1,13 @@
+fusiondirectory (1.0.19-1+deb9u1) stretch; urgency=medium
+
+  * debian/patches:
++ Add 0001_CVE-2019-11187_stricter-ldap-error-check.patch.
+  Perform stricter check on LDAP success/failure (CVE-2019-11187).
+  * debian/control:
++ Add to D (fusiondirectory): php-xml. (Closes: #931959).
+
+ -- Mike Gabriel   Thu, 08 Aug 2019 12:01:12 +0200
+
 fusiondirectory (1.0.19-1) unstable; urgency=medium
 
   [ Benoit Mortier ]
diff -Nru fusiondirectory-1.0.19/debian/control 
fusiondirectory-1.0.19/debian/control
--- fusiondirectory-1.0.19/debian/control   2017-01-22 21:52:35.0 
+0100
+++ fusiondirectory-1.0.19/debian/control   2019-08-08 12:01:12.0 
+0200
@@ -43,6 +43,7 @@
  php-ldap,
  php-recode,
  schema2ldif,
+ php-xml,
  smarty-gettext (>= 1.1),
  smarty3,
  ${misc:Depends},
diff -Nru 
fusiondirectory-1.0.19/debian/patches/0001_CVE-2019-11187_stricter-ldap-error-check.patch
 
fusiondirectory-1.0.19/debian/patches/0001_CVE-2019-11187_stricter-ldap-error-check.patch
--- 
fusiondirectory-1.0.19/debian/patches/0001_CVE-2019-11187_stricter-ldap-error-check.patch
   1970-01-01 01:00:00.0 +0100
+++ 
fusiondirectory-1.0.19/debian/patches/0001_CVE-2019-11187_stricter-ldap-error-check.patch
   2019-08-08 12:01:12.0 +0200
@@ -0,0 +1,32 @@
+From f2fd17d4ddead5d3b61ddebf5fd21e043bda30be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=B4me=20Chilliet?= 
+Date: Mon, 29 Jul 2019 09:32:22 +
+Subject: [PATCH] Merge branch 'stricter-ldap-error-check' into '1.4-dev'
+
+:ambulance: fix(ldap) Use a stricter error check in ldap::success()
+
+See merge request fusiondirectory/fd!648
+
+(cherry picked from commit 29ca9876df28e45bb8f4f8960f3760c336936dfc)
+
+23936352 :ambulance: fix(ldap) Use a stricter error check in ldap::success()
+---
+ core/include/class_ldap.inc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/core/include/class_ldap.inc b/core/include/class_ldap.inc
+index e5b04c28..54090353 100644
+--- a/core/include/class_ldap.inc
 b/core/include/class_ldap.inc
+@@ -906,7 +906,7 @@ class LDAP
+*/
+   function success()
+   {
+-return preg_match('/Success/i', $this->error);
++return (trim($this->error) === 'Success');
+   }
+ 
+   /*!
+-- 
+2.21.0
+
diff -Nru fusiondirectory-1.0.19/debian/patches/series 
fusiondirectory-1.0.19/debian/patches/series
--- fusiondirectory-1.0.19/debian/patches/series2016-11-26 
20:01:13.0 +0100
+++ fusiondirectory-1.0.19/debian/patches/series2019-08-08 
12:01:12.0 +0200
@@ -2,3 +2,4 @@
 2001_fusiondirectory-apache.patch
 2002_fusiondirectory-headers.patch
 2003_fusiondirectory-setup.patch
+0001_CVE-2019-11187_stricter-ldap-error-check.patch

Bug#934341: guayadeque: broken due to mixed used of gtk2 and gtk3

[Michael Rasmussen]

Package: guayadeque
Version: 0.4.6.r2121.85c97c9~bionic-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

(guayadeque:4301): Gtk-ERROR **: 02:57:52.211: GTK+ 2.x symbols detected. Using 
GTK+ 2.x and GTK+ 3 in the same process is not supported


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0-2-amd64 (SMP w/16 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages guayadeque depends on:
ii  gstreamer1.0-plugins-base   1.16.0-2
ii  gstreamer1.0-plugins-good   1.16.0-2+b1
ii  libc6   2.28-10
ii  libcurl47.65.1-1
ii  libdbus-1-3 1.12.16-1
ii  libgcc1 1:9.1.0-10
ii  libgdk-pixbuf2.0-0  2.38.1+dfsg-1
ii  libglib2.0-02.60.6-1
ii  libgpod40.8.3-13
ii  libgstreamer-plugins-base1.0-0  1.16.0-2
ii  libgstreamer1.0-0   1.16.0-2
ii  libindicate50.6.92-6
ii  libstdc++6  9.1.0-10
ii  libtag1v5   1.11.1+dfsg.1-0.3
ii  libwxbase3.0-0v53.0.4+dfsg-9
ii  libwxgtk3.0-0v5 3.0.4+dfsg-9
ii  libwxsqlite3-3.0-0  3.4.1~dfsg-4

guayadeque recommends no packages.

guayadeque suggests no packages.

-- no debconf information



This mail was virus scanned and spam checked before delivery.
This mail is also DKIM signed. See header dkim-signature.

Bug#934340: Please remove the dependency on obus and camlp4

[Stéphane Glondu]

Source: zeroinstall-injector
Version: 2.12.3-2
Severity: serious

Dear Maintainer,

zeroinstall-injector build depends on obus, which is affected by
[1]. According to [2], it is an optional dependency. Please provide a
version of zeroinstall-injector without the dependency on obus.

It also seems that the latest upstream version of zeroinstall-injector
is buildable without camlp4. Please drop the dependency in the Debian
package as well.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933992
[2] https://opam.ocaml.org/packages/0install/


Cheers,

-- 
Stéphane

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#930264: Your mail

[Iain Learmonth]

Control: affects -1 + dmrconfig

Hi,

I've hit this problem with a DMR radio that uses a USB programming
cable. It presents as a ttyACM device, which is snapped up by
ModemManager. These are not the most robust interfaces and I could
easily see radios being bricked by accepting an "upload" of
firmware/config while ModemManager is probing.

(More worryingly, if this happens with amateur radio soundcard
interfaces which commonly use homemade USB serial cables to control
transmission, it could cause the radio to transmit without warning,
possibly outside the licensed band and certainly without identifying the
station, which would cause a criminal offence to be committed.)

The second of these cases is going to be harder to protect against than
the first, but it would be nice if ModemManager didn't just assume
responsibility for any serial USB device that happens to be attached.

For the DMR radio, I have a udev rule that I included in the dmrconfig
package (not yet uploaded) that looks like:

ATTRS{idVendor}=="28e9" ATTRS{idProduct}=="018a",
ENV{ID_MM_DEVICE_IGNORE}="1"

I'm happy to maintain the list of DMR radios to ignore in that package,
but ModemManager is helpfully ignoring the rules.

Should I just suggest users disable ModemManager? What is the workaround
for this?

Thanks,
Iain.



signature.asc
Description: OpenPGP digital signature

Bug#877016: Time to drop cpufrequtils?

[Mike Gabriel]

Hi all,

On Thu, 28 Sep 2017 06:51:30 -0700 Mattia Dongili  wrote:
> On Wed, Sep 27, 2017 at 03:16:52PM -0400, Phil Susi wrote:
> > Package: cpufrequtils
> > Version: 008-1
> ...
> > is the case, should cpufrequtils not be removed now?
>
> Yes, indeed it should. Thanks for nagging.
> There's a little more work required to smooth the transition.
>
> $ apt-cache rdepends cpufrequtils
> cpufrequtils
> Reverse Depends:
> cpufreqd
> powertop
> pm-utils
> mate-applets
> parl-desktop-strict

Just FTR, mate-applets in Debian unstable is about to switch to 
libcpupower-dev with the next upload. You can wipe if off the above list.


Greets,
Mike

Bug#934339: pm-utils: Notebook (Acer Aspire 3690-2672) hangs up after hibernate image loaded

[Alexandre Lymberopoulos]

Package: pm-utils
Version: 1.4.1-18
Severity: important

Dear Maintainer,

Hibernaton used to work here, but after some update it stopped to
resume properly: the image is stored, system is halted. When powered
on the boot goes as usual until it loads the hibernate image and then
locks up (even alt+SysRq commands do not respond).

The lines on console after the load images succesfull are:

ACPI: EC: interrupt blocked
ACPI: EC: event blocked
ACPI: EC: EC stopped
Disabling non-boot CPUs...

I may provide any information necessary to solve this issue (may need some 
guidance).

Thanks in advance,
Alexandre

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.19.0-5-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages pm-utils depends on:
ii  powermgmt-base  1.36

Versions of packages pm-utils recommends:
ii  ethtool  1:4.19-1
ii  hdparm   9.58+ds-3
ii  kbd  2.0.4-4
ii  procps   2:3.3.15-2
ii  vbetool  1.1-4+b1

Versions of packages pm-utils suggests:
ii  cpufrequtils008-1.1
pn  radeontool  
ii  wireless-tools  30~pre9-13

-- no debconf information

Bug#830726: xtrlock does not block multitouch events

[Antoine Amarilli]

Hi Chris,

I can still reproduce this. I just booted an USB key with a live Debian
stable image from
https://cdimage.debian.org/debian-cd/current-live/amd64/bt-hybrid/debian-live-10.0.0-amd64-standard.iso.torrent
on the affected hardware (Lenovo IdeaPad Yoga 13 with an ELAN
touchscreen). It booted to a TTY, so I apt-get installed xserver-xorg,
openbox, slim, chromium, xtrlock, started a graphical session, and I
could reproduce the problem: run chromium, run xtrlock, press one finger
on the screen (the mouse pointer with the padlock icon moves to that
finger), then interact with chromium with the other fingers.

The problem is not actually limited to multitouch events in Chromium
(i.e., not just pinch and zoom), as I can e.g. minimize chromium by
tapping the minimize icon with the second finger while the first finger
"holds" the xtrlock icon, and generally interact with the chromium
interface (though not all interface elements work, for some reason).

I can only see this problem with chromium; I cannot interact with other
windows (e.g., xterm, firefox) in this way. This may be linked to the
fact that the chromium window is not decorated, i.e., it does not have
the openbox decorations.

Are you sure you tried to reproduce it with multiple fingers as above?
Are you sure you are using a touchscreen with multitouch support?

Now that I notice this is not limited to multitouch events, this looks
to me like a genuine vulnerability affecting xtrlock when such hardware
is present (or can be plugged in): an attacker can, e.g., completely
mess around with the chromium settings while the session is "locked" by
xtrlock.

-- 
Antoine Amarilli



signature.asc
Description: PGP signature

Bug#934338: xtel: Please migrate off xmkmf/imake

[Samuel Thibault]

Package: xtel
Version: 3.3.0-22
Severity: important
Tags: upstream
Control: block 873764 by -1

As expressed in #873764, we'd like to phase out xmkmf from Debian, so
xtel should migrate to some newer build system.

Samuel

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 
'proposed-updates'), (500, 'oldstable-proposed-updates-debug'), (500, 
'oldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), 
(500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xtel depends on:
ii  libc6 2.28-10
ii  libice6   2:1.0.9-2
ii  libjpeg62-turbo   1:1.5.2-2+b1
ii  libsm62:1.2.3-1
ii  libx11-6  2:1.6.7-1
ii  libxext6  2:1.3.3-1+b2
ii  libxm42.3.8-2
ii  libxpm4   1:3.5.12-1
ii  libxt61:1.1.5-1+b3
ii  netpbm2:10.0-15.3+b2
ii  openbsd-inetd [inet-superserver]  0.20160825-4
ii  x11-common1:7.7+19
ii  xfonts-utils  1:7.7+6

Versions of packages xtel recommends:
ii  logrotate  3.14.0-4
ii  ppp2.4.7-2+4.1
ii  xterm  347-1

xtel suggests no packages.

-- no debconf information

-- 
Samuel
"And the next time you consider complaining that running Lucid Emacs
19.05 via NFS from a remote Linux machine in Paraguay doesn't seem to
get the background colors right, you'll know who to thank."
(By Matt Welsh)

Bug#934337: xvkbd: Please migrate off xmkmf/imake

[Samuel Thibault]

Package: xvkbd
Version: 3.9-1
Severity: important
Tags: upstream
Control: block 873764 by -1

As expressed in #873764, we'd like to phase out xmkmf from Debian, so
xvkbd should migrate to some newer build system.

Samuel

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 
'proposed-updates'), (500, 'oldstable-proposed-updates-debug'), (500, 
'oldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), 
(500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xvkbd depends on:
ii  libc6 2.28-10
ii  libice6   2:1.0.9-2
ii  libsm62:1.2.3-1
ii  libx11-6  2:1.6.7-1
ii  libxext6  2:1.3.3-1+b2
ii  libxmu6   2:1.1.2-2+b3
ii  libxpm4   1:3.5.12-1
ii  libxt61:1.1.5-1+b3
ii  libxtst6  2:1.2.3-1
ii  xaw3dg1.5+E-18.3

Versions of packages xvkbd recommends:
ii  eterm [x-terminal-emulator]   0.9.6-6
ii  gnome-terminal [x-terminal-emulator]  3.30.2-2
ii  konsole [x-terminal-emulator] 4:18.04.0-1
ii  lxterminal [x-terminal-emulator]  0.3.2-1
ii  mate-terminal [x-terminal-emulator]   1.20.2-2
ii  mlterm [x-terminal-emulator]  3.8.8-2
ii  pterm [x-terminal-emulator]   0.70-6
ii  roxterm-gtk3 [x-terminal-emulator]2.9.5-1
ii  rxvt-unicode [x-terminal-emulator]9.22-6
ii  stterm [x-terminal-emulator]  0.8.2-1
ii  xfce4-terminal [x-terminal-emulator]  0.8.8-1
ii  xterm [x-terminal-emulator]   347-1

Versions of packages xvkbd suggests:
ii  wamerican  2018.04.16-1

-- no debconf information

-- 
Samuel
* y se leve dans 2h10

Bug#928918: hurd: taking over /etc/hurd/runsystem.sysv

[Samuel Thibault]

Control: tags -1 + pending

Hello,

Dmitry Bogatov, le mer. 17 juil. 2019 14:57:07 +, a ecrit:
> Hello. Any progress here?

Yes, I'm working on it now.

Sorry it took so long, I was indeed busy for so many reasons, and the
removal from the main archive didn't help.

Samuel

Bug#934107: Importing with --import=file.pdf does not import anything

[martin f krafft]

Quoting "Jeff", who wrote on 2019-08-09 at 20:01 Uhr +0200:
Thanks for the report. This fixes things for me for the next 
release.


Confirmed that this fixes things. Any chance of adding 
--import-all=* to avoid the dialog asking me which pages to import? 
Want a new issue?


--
.''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
 `-  Debian - when you have better things to do than fixing systems

"i like young girls. their stories are shorter."
 -- tom mcguane


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Bug#876547: problem solved in buster

[Philippe Waroquiers]

After upgrading to buster, all this seems to work properly.

So, from my point of view, the bug can be closed.

Thanks

Philippe

Bug#922707: Raising severity

[Lisandro Damián Nicanor Pérez Meyer]

severity 922707 normal
thanks

Raising the severity of the bug, this is clearly something that needs to be
fixed

Bug#934335: BUG: kernel NULL pointer dereference

[Nelson A. de Oliveira]

Package: src:linux
Version: 5.2.7-1
Severity: normal

Hi!

With the new 5.2.0 kernel I did try to run powertop and got this:

modprobe cpufreq_stats failed

Taking a look at dmesg it's possible to see:

=
[   24.916656] BUG: kernel NULL pointer dereference, address: 
[   24.916663] #PF: supervisor instruction fetch in kernel mode
[   24.916665] #PF: error_code(0x0010) - not-present page
[   24.916668] PGD 0 P4D 0 
[   24.916673] Oops: 0010 [#2] SMP PTI
[   24.916678] CPU: 3 PID: 15482 Comm: powertop Tainted: G  D   
5.2.0-2-amd64 #1 Debian 5.2.7-1
[   24.916681] Hardware name: Dell Inc.  Dell System XPS L502X/0MY6GN, 
BIOS A12 09/07/2012
[   24.916685] RIP: 0010:0x0
[   24.916691] Code: Bad RIP value.
[   24.916694] RSP: 0018:b618011efcd8 EFLAGS: 00010246
[   24.916697] RAX:  RBX: 9cc460f49600 RCX: 0001
[   24.916700] RDX: 9cc4740b9c00 RSI: 9cc460f49600 RDI: 9cc475ba6060
[   24.916702] RBP: 9cc475ba6060 R08:  R09: 
[   24.916704] R10: 9cc475b59240 R11:  R12: 9cc460f49610
[   24.916706] R13: 9531cdd0 R14:  R15: 9cc460f49600
[   24.916710] FS:  7fa5b86b9fc0() GS:9cc4762c() 
knlGS:
[   24.916712] CS:  0010 DS:  ES:  CR0: 80050033
[   24.916715] CR2: ffd6 CR3: 00022ec82004 CR4: 000606e0
[   24.916718] Call Trace:
[   24.916726]  do_dentry_open+0x13a/0x370
[   24.916735]  path_openat+0x2c6/0x1480
[   24.916740]  ? terminate_walk+0xe6/0x100
[   24.916744]  ? path_lookupat.isra.48+0xa3/0x220
[   24.916751]  ? reuse_swap_page+0x105/0x320
[   24.916755]  do_filp_open+0x93/0x100
[   24.916760]  ? __check_object_size+0x15d/0x189
[   24.916766]  do_sys_open+0x184/0x220
[   24.916773]  do_syscall_64+0x53/0x130
[   24.916779]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.916782] RIP: 0033:0x7fa5b88151ae
[   24.916786] Code: 25 00 00 41 00 3d 00 00 41 00 74 48 48 8d 05 59 65 0d 00 
8b 00 85 c0 75 69 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 
f0 ff ff 0f 87 a6 00 00 00 48 8b 4c 24 28 64 48 33 0c 25
[   24.916789] RSP: 002b:7ffdc0c65e80 EFLAGS: 0246 ORIG_RAX: 
0101
[   24.916792] RAX: ffda RBX: 56527315b870 RCX: 7fa5b88151ae
[   24.916794] RDX:  RSI: 7ffdc0c67230 RDI: ff9c
[   24.916796] RBP: 0008 R08: 0008 R09: 0001
[   24.916798] R10:  R11: 0246 R12: 7fa5b8c29805
[   24.916801] R13: 7fa5b8c29805 R14: 0001 R15: 565273163f00
[   24.916804] Modules linked in: msr btusb btrtl btbcm btintel bluetooth drbg 
ansi_cprng ecdh_generic ecc ctr ccm algif_aead des_generic algif_skcipher 
cpufreq_conservative cpufreq_powersave cmac cpufreq_userspace sha512_ssse3 
sha512_generic md4 algif_hash af_alg zram uvcvideo zsmalloc videobuf2_vmalloc 
videobuf2_memops videobuf2_v4l2 videobuf2_common videodev media intel_rapl 
x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass 
snd_hda_codec_hdmi snd_hda_codec_realtek arc4 crct10dif_pclmul 
snd_hda_codec_generic crc32_pclmul iwldvm ghash_clmulni_intel i915 mac80211 
snd_hda_intel aesni_intel snd_hda_codec iwlwifi snd_hda_core drm_kms_helper 
snd_hwdep aes_x86_64 crypto_simd snd_pcm cfg80211 cryptd drm dell_laptop 
glue_helper snd_timer ledtrig_audio dell_wmi intel_cstate iTCO_wdt evdev joydev 
intel_uncore mei_me dell_smbios iTCO_vendor_support snd mei i2c_algo_bit 
serio_raw pcc_cpufreq rfkill watchdog sg pcspkr sparse_keymap wmi_bmof 
soundcore dcdbas dell_wmi_descriptor
[   24.916861]  intel_rapl_perf dell_smo8800 battery ac button binfmt_misc 
ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sr_mod cdrom 
sd_mod uas usb_storage hid_generic usbhid hid ahci libahci libata xhci_pci 
xhci_hcd ehci_pci scsi_mod ehci_hcd usbcore r8169 psmouse realtek crc32c_intel 
libphy lpc_ich i2c_i801 mfd_core wmi usb_common video
[   24.916892] CR2: 
[   24.916896] ---[ end trace ef320417b81ddc15 ]---
[   24.916899] RIP: 0010:0x0
[   24.916904] Code: Bad RIP value.
[   24.916906] RSP: 0018:b6180147bcd8 EFLAGS: 00010246
[   24.916909] RAX:  RBX: 9cc460f00f00 RCX: 0001
[   24.916911] RDX: 9cc4740b9c00 RSI: 9cc460f00f00 RDI: 9cc475ba6060
[   24.916913] RBP: 9cc475ba6060 R08:  R09: 
[   24.916915] R10: 9cc475b59240 R11:  R12: 9cc460f00f10
[   24.916917] R13: 9531cdd0 R14:  R15: 9cc460f00f00
[   24.916920] FS:  7fa5b86b9fc0() GS:9cc4762c() 
knlGS:
[   24.916923] CS:  0010 DS:  ES:  CR0: 80050033
[   24.916925] CR2: ffd6 CR3: 00022ec82004 CR4: 000606e0
=

With 4.19.0-5-amd64 I don't have this problem.

Thank you!

Best 

Bug#813313: (no subject)

[David North]

For the record, it is possible to work around this with "sudo pip
install --upgrade httplib2"

Bug#934336: python-shade: (build-)depends on cruft packages.

[peter green]

Package: python-shade
Version: 1.30.0-2
Severity: serious
Tags: bullseye, sid

python-shade (build-)depends on the python-os-client-config and 
python-openstacksdk binary packages which are no longer built by the 
corresponding source packages.

It looks like it's time to drop python2 support from this package.

Bug#881177: xdvi does not draw all the symbols properly

[Леон Майер]

After Debian stable switched to Wayland by default and texlive evolved from 
2016 to 2018.20181218.49446-1, I cannot reproduce this bug any more with xdvi. 
Evince also shows all the symbols. If you are still interested and tell me how 
to temporarily switch back to xorg, I with double-check with xorg then (but it 
is unlikely to happen anytime soon).

Bug#933960: qtbase-opensource-src: .tag files do not belong into doc packages

[Lisandro Damián Nicanor Pérez Meyer]

Hi Jiri!

El vie., 9 ago. 2019 11:21, Jiri Palecek  escribió:

> On Mon, 05 Aug 2019 11:45:54 -0300
> =?utf-8?q?Lisandro_Dami=C3=A1n_Nicanor_P=C3=A9rez_Meyer?= wrote:
> > Source: qtbase-opensource-src
> > Version: 5.11.3+dfsg1-2
> > Severity: normal
> >
> > Jonathan Ridell just reported that some KDE packages (and then Scarlett
> checked
> > that Qt has the same issue) ship the .tags files within foo-doc packages.
>
> Yes. I have reported that about half a year ago as 922707.
>


Sorry for the duplicate. We haven't got to a full bug triage since the
freeze, so we might miss some bugs.

> It turns out that the .tags files are used for linking docs, thus more of
> a
> > development file.
>
> Yes. And generated apidocs in debian-built packages are suboptimal because
> of this.
>


Correct. Hopefully this will get solved soonish.

> > We need to consider if we have to move this files or not within Qt. If
> we have
> > then we might tackle the xml files for examples too (see #933597).
>
> This change is already commited in the Salsa repository.
>

Right, Scarlett went ahead with them, thanks Scarlett!



BTW the other culprits in this business are:
>

[Snip all doc packages]


Do we need a separate bug for every one of them?
>

Ideally one per qt submodule source package that ships -doc packages. But
not entirely necessary now it's on our radar

Thanks, Lisandro.

>

Bug#926543: lintian: Deadlock in source-copyright check on source:khronos-opencl-man/1.0~svn33624-4

[Andrey Rahmatullin]

On Fri, Aug 09, 2019 at 08:37:48AM -0700, Felix Lechner wrote:
> > It's the same with lintian from sid (2.16.0) on xhtml2pdf 0.2.2-2 and 
> > 0.2.2-3.
> I do not see any issues terminating locally. I used both Lintian
> master and 2.16.0 on the xhtml2pdf source packages, per below. I also
> tried, locally, the more complex command from above on
> khronos-opencl-man_1.0~svn33624-4.dsc. Attached please find the log
> showing that success, as well.
> 
> Can your errors be reproduced locally, or are they limited to lindsay?
I tried xhtml2pdf only locally.

-- 
WBR, wRAR


signature.asc
Description: PGP signature

Bug#934333: Oz needs python-monotonic

[Simon Josefsson]

Package: python-monotonic

The 'oz' package uses python 2.x because m2crypto in debian does not
support python 3.x yet.  Would you consider re-adding the python 2.x
python-monotonic binary package, so that oz can build in sid?  What was
the reason for dropping python 2.x support?  The changelog didn't 
mention anything.   Do you have any alternative suggestions on how to
resolve the problem python2-only m2crypto and python3-only monotonic
dependencies for 'oz'?

/Simon



signature.asc
Description: This is a digitally signed message part

Bug#934334: munin-plugins-extra: please package asterisk multigraph plugin from munin-contrib

[Gabriel Filion]

Package: munin-plugins-extra
Version: 2.0.49-1
Severity: normal

Hello,

I've been using the multigraph plugin for asterisk that's present in
the munin-contrib repository for a number of years and find it nice.

I was wondering if this package would be well suited for including it.

For what it's worth, the asterisk_* plugins that are shipped with the
package don't seem to work with the version of asterisk in buster.

The plugin is this one:

https://github.com/munin-monitoring/contrib/blob/master/plugins/asterisk/asterisk

However, I've had to fix the plugin to make it parse the AMI response
correctly for newer versions of asterisk. I would recommend to wait for
the changes in the following PR to be merged in:

https://github.com/munin-monitoring/contrib/pull/1005


Cheers!

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_CA.UTF-8), LANGUAGE=en_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_CA.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages munin-plugins-extra depends on:
ii  munin-common  2.0.49-1
ii  perl  5.28.1-6

munin-plugins-extra recommends no packages.

Versions of packages munin-plugins-extra suggests:
pn  libcache-memcached-perl   
ii  liblwp-useragent-determined-perl  1.07-1
ii  libnet-ip-perl1.26-2
ii  libnet-netmask-perl   1.9104-1
ii  libnet-snmp-perl  6.0.1-5
pn  libnet-telnet-perl
pn  libtext-csv-xs-perl   
ii  libxml-libxml-perl2.0134+dfsg-1
ii  python3   3.7.3-1

-- Configuration Files:
/etc/munin/plugin-conf.d/dhcpd3 [Errno 2] No such file or directory: 
'/etc/munin/plugin-conf.d/dhcpd3'
/etc/munin/plugin-conf.d/spamstats [Errno 2] No such file or directory: 
'/etc/munin/plugin-conf.d/spamstats'

-- no debconf information

Bug#934332: RM: phenny -- RoQA; dead upstream, unmaintained, unused

[Moritz Muehlenhoff]

Package: ftp.debian.org
Severity: normal

Please remove phenny, it's dead upstream, not ported to Python 3,
unmaintained (I pinged Andrey and he only touched it in 2015 for
the dh-python migration, before that the last upload was in 2010),
popcon is virtually non-existent and alternatives exist.

Cheers,
Moritz

Bug#934331: linux: backport "dm: disable DISCARD if the underlying storage no longer supports it"?

[Chris Hofstaedtler]

Package: linux
Version: 4.9.168-1+deb9u4
Severity: normal

Hi!

Today I ran into an issue that matches the description of upstream
commit bcb44433bba5eaff293888ef22ffa07f1f0347d6:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcb44433bba5eaff293888ef22ffa07f1f0347d6

> dm: disable DISCARD if the underlying storage no longer supports it
>
> Storage devices which report supporting discard commands like
> WRITE_SAME_16 with unmap, but reject discard commands sent to the
> storage device.  This is a clear storage firmware bug but it doesn't
> change the fact that should a program cause discards to be sent to a
> multipath device layered on this buggy storage, all paths can end up
> failed at the same time from the discards, causing possible I/O loss.
>
> The first discard to a path will fail with Illegal Request, Invalid
> field in cdb, e.g.:
>  kernel: sd 8:0:8:19: [sdfn] tag#0 FAILED Result: hostbyte=DID_OK 
> driverbyte=DRIVER_SENSE
>  kernel: sd 8:0:8:19: [sdfn] tag#0 Sense Key : Illegal Request [current]
>  kernel: sd 8:0:8:19: [sdfn] tag#0 Add. Sense: Invalid field in cdb
>  kernel: sd 8:0:8:19: [sdfn] tag#0 CDB: Write same(16) 93 08 00 00 00 00 00 
> a0 08 00 00 00 80 00 00 00
>  kernel: blk_update_request: critical target error, dev sdfn, sector 10487808

The patch was CC'ed to stable but doesn't seem to appear in 4.19.y.

Unfortunately this appears to be a transient bug in the storage
firmware, so I don't know how to reproduce it -- deleting and rescanning
the sdX device has cleared the repeated error condition for now.

However I'd really like to avoid corrupting the involved file systems,
so if bcb44433bba5eaff293888ef22ffa07f1f0347d6 could make it into either
the 4.9 branch or the 4.19 branch, that'd be lovely.

I've also asked the storage vendor what they think about this, but I'm
not going to hold my breath.

Many thanks in advance,
Chris

Bug#934144: Bad fix

[Xavier]

Control: repoen -1

.desc files were omitted in 0.8.13 upload

Bug#924360: xen-hypervisor-4.11-amd64 HVM Boot failure: "ERR: Bootloader shutdown EFI x64 boot services!" - also on stable

[Hans van Kranenburg]

Hi all (reporters on 924360, 901599),

On 8/6/19 5:43 PM, Gerald Wodni wrote:
> 
> I would like to confirm this bug in stable, as I have exactly the same
> issue (dom0 works/xen hangs/error message) since upgrading from stretch
> to buster.

Thanks for your report(s). Sorry to let you wait without reply for some
time.

Unfortunately booting Xen/dom0 with EFI is not something that is very
well tested in Debian. One of the reasons for this is simply that none
of the package maintainers is using EFI.

For these kind of cases, we rely on users who encounter the problem and
who have the ability/skills/etc to help debugging the problem.

I suspect the problem is caused by some intricacies concerning
interaction between grub, xen, etc. There are some other reports on the
upstream xen-users mailing list about this, but to be honest I have no
idea if those are related. The problems might or might not be specific
to Debian, I don't know.

I'm available to facilitate the process, for example by creating new
packages with a specific patch to test, but unfortunately I don't have
spare hardware and time to try reproduce the problems myself and dig
deep into it.

Thanks,
Hans van Kranenburg

Bug#934082: elpa-notmuch: Shows remote images even when requested not to

[Daniel Kahn Gillmor]

On Thu 2019-08-08 09:45:06 -0300, David Bremner wrote:
> I meant more specifically, the issue that this variable is only
> effective if your html converter is the default shr

Yes, this should be clearly documented, presumably in the documentation
text about the variable.

It would be even nicer if there was some way to alert the user that they
have this set to a non-default value *and* they are not using shr, but i
haven't thought through the emacs interface well enough to understand
how one could offer such a warning in a usable, safe, non-annoying, and
actionable fashion.

 --dkg


signature.asc
Description: PGP signature

Bug#934330: netcat-openbsd: redundant message in verbose mode

[astian]

Package: netcat-openbsd
Version: 1.203-1
Severity: normal

Dear Maintainer,

I think debian/patches/verbose-numeric-port.patch is no longer needed.  The
new upstream code brought a more comprehensive solution, which also fixes a
bug in the case of randomised port number.  Please remove that patch.

Thanks.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages netcat-openbsd depends on:
ii  libbsd0  0.9.1-2
ii  libc62.28-10

netcat-openbsd recommends no packages.

netcat-openbsd suggests no packages.

-- no debconf information

Bug#934329: buster-pu: package libxslt/1.1.32-2.1~deb10u1

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi stable release manager,

I did a NMU upload for libxslt fixing three CVEs. As the veresion in
buster is the same + fixes in unstable I opted for a rebuild for
buster "variant". The issues are no-dsa but they should be fixed at
some point in buster and stretch (the later not yet prepared).

Attached is the resulting debdiff.

Regards,
Salvatore

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
diff -Nru libxslt-1.1.32/debian/changelog libxslt-1.1.32/debian/changelog
--- libxslt-1.1.32/debian/changelog 2018-05-26 23:12:37.0 +0200
+++ libxslt-1.1.32/debian/changelog 2019-08-09 21:49:31.0 +0200
@@ -1,3 +1,20 @@
+libxslt (1.1.32-2.1~deb10u1) buster; urgency=medium
+
+  * Rebuild for buster 
+
+ -- Salvatore Bonaccorso   Fri, 09 Aug 2019 21:49:31 +0200
+
+libxslt (1.1.32-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix security framework bypass (CVE-2019-11068) (Closes: #926895, #933743)
+  * Fix uninitialized read of xsl:number token (CVE-2019-13117)
+(Closes: #931321, #933743)
+  * Fix uninitialized read with UTF-8 grouping chars (CVE-2019-13118)
+(Closes: #931320, #933743)
+
+ -- Salvatore Bonaccorso   Sun, 04 Aug 2019 08:14:05 +0200
+
 libxslt (1.1.32-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru 
libxslt-1.1.32/debian/patches/0006-Fix-security-framework-bypass.patch 
libxslt-1.1.32/debian/patches/0006-Fix-security-framework-bypass.patch
--- libxslt-1.1.32/debian/patches/0006-Fix-security-framework-bypass.patch  
1970-01-01 01:00:00.0 +0100
+++ libxslt-1.1.32/debian/patches/0006-Fix-security-framework-bypass.patch  
2019-08-04 08:14:05.0 +0200
@@ -0,0 +1,124 @@
+From: Nick Wellnhofer 
+Date: Sun, 24 Mar 2019 09:51:39 +0100
+Subject: Fix security framework bypass
+Origin: 
https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11068
+Bug: https://gitlab.gnome.org/GNOME/libxslt/issues/12
+Bug-Debian: https://bugs.debian.org/926895
+Bug-Debian: https://bugs.debian.org/933743
+
+xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
+don't check for this condition and allow access. With a specially
+crafted URL, xsltCheckRead could be tricked into returning an error
+because of a supposedly invalid URL that would still be loaded
+succesfully later on.
+
+Fixes #12.
+
+Thanks to Felix Wilhelm for the report.
+---
+ libxslt/documents.c | 18 ++
+ libxslt/imports.c   |  9 +
+ libxslt/transform.c |  9 +
+ libxslt/xslt.c  |  9 +
+ 4 files changed, 25 insertions(+), 20 deletions(-)
+
+diff --git a/libxslt/documents.c b/libxslt/documents.c
+index 3f3a7312ca8e..4aad11bbd1a9 100644
+--- a/libxslt/documents.c
 b/libxslt/documents.c
+@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const 
xmlChar *URI) {
+   int res;
+ 
+   res = xsltCheckRead(ctxt->sec, ctxt, URI);
+-  if (res == 0) {
+-  xsltTransformError(ctxt, NULL, NULL,
+-   "xsltLoadDocument: read rights for %s denied\n",
+-   URI);
++  if (res <= 0) {
++if (res == 0)
++xsltTransformError(ctxt, NULL, NULL,
++ "xsltLoadDocument: read rights for %s denied\n",
++ URI);
+   return(NULL);
+   }
+ }
+@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const 
xmlChar *URI) {
+   int res;
+ 
+   res = xsltCheckRead(sec, NULL, URI);
+-  if (res == 0) {
+-  xsltTransformError(NULL, NULL, NULL,
+-   "xsltLoadStyleDocument: read rights for %s denied\n",
+-   URI);
++  if (res <= 0) {
++if (res == 0)
++xsltTransformError(NULL, NULL, NULL,
++ "xsltLoadStyleDocument: read rights for %s denied\n",
++ URI);
+   return(NULL);
+   }
+ }
+diff --git a/libxslt/imports.c b/libxslt/imports.c
+index 874870cca90e..3783b2476d9e 100644
+--- a/libxslt/imports.c
 b/libxslt/imports.c
+@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, 
xmlNodePtr cur) {
+   int secres;
+ 
+   secres = xsltCheckRead(sec, NULL, URI);
+-  if (secres == 0) {
+-  xsltTransformError(NULL, NULL, NULL,
+-   "xsl:import: read rights for %s denied\n",
+-   URI);
++  if (secres <= 0) {
++if (secres == 0)
++  

Bug#934218: cdrom: grub-install fails with "failed to get canonical path of /dev/nvme0np1"

[Steve McIntyre]

Hi Josep,

On Thu, Aug 08, 2019 at 12:12:34PM +0200, Josep Guerrero Sole wrote:
>Package: cdrom
>Severity: important
>Tags: d-i
>
>-- System Information:
>Debian Release: 9.9
>  APT prefers oldstable
>  APT policy: (500, 'oldstable')
>Architecture: amd64 (x86_64)
>Foreign Architectures: i386
>
>Kernel: Linux 4.9.0-9-amd64 (SMP w/8 CPU cores)
>Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8), 
>LANGUAGE=ca:en_US:es:en_GB (charmap=UTF-8)
>Shell: /bin/sh linked to /bin/dash
>Init: systemd (via /run/systemd/system)
>
>Since the problem prevents me from installing the system, I'm writing
>the bug report from another system, so the automatically gathered
>data above is not correct.
>
>The correct values (those that I know) are:
>
>Debian Release: 10.0
>Architecture: amd64 (x86_64)
>Kernel: Linux 4.19.0-5-amd64
>
>I'm trying to install Debian Buster on a system with 1 500GB NVMe
>disk (intended to be the system and boot disk) and 4 12TB disks
>intended to store data.
>
>When partitioning the NVME disk, I create a 1GB EPS partition and a
>1GB grubbios partition. The rest of the disk is configured as a RAID1
>partition (it will only have one component, but I may be able to add
>a second disk later, so I prefer configuring it as a RAID from the
>beginning). The RAID partition is then configured as an LVM physical
>volume which ends as the only physical volume of a LVM volume group,
>which is further partitioned into several logical volumes to be
>mounted on some system directories (/, /tmp, /usr, /var, swap, ...).

OK, that makes sense.

>The 4 12TB disks are partitioned with just one Linux raid partition,
>and the 4 of them are configured as a RAID6 device, that again is
>configured as an LVM physical volume which ends as the only component
>of another volume group, with just one logical volume.
>
>The whole installation seems to work flawlessly, but when installing
>the grub boot loader, I get the error:
>
>grub-install dummy failed
>
>In the syslog, I can find the message
>
>grub-install: error: failed to get canonical path of `/dev/nvme0n1p1`
>
>Executing manually:
>
>chroot /target grub-install --force "dummy"
>
>results in exactly the same message. As a result, I am unable to
>install the system.
>
>This bug seems to have appeared in some Ubuntu forums, and there is a
>sort of workaround in this comment:
>
>https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1507505/comments/25
>
>but I would prefer avoiding creating the eps partition on the 12TB
>disks (I would have to do that on all the disks to keep the raid
>partitions the same size).

You don't describe the system hardware that you're working with. What
do you have? This sounds like *potentially* a firmware issue, but it's
not 100% clear yet.

When you tried to run grub-install by hand, did you have /dev and
/sys mounted ok in the chroot? If you could try again and add a "-v"
to the grub-install command line that will give us more
information. It *will* be verbose, but only the last few lines are
likely to matter.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Because heaters aren't purple!" -- Catherine Pitt

Bug#934173: dh-runit: also 'check' file should be executable

[Dmitry Bogatov]

control: tags -1 +confirmed +pending

[2019-08-07 20:10] Lorenzo Puliti 
> Package: dh-runit
> Version: 2.8.13.2
> Severity: normal
>
> Hi, 
>
> 'run' file and 'finish' file in the service directory
> are automatically made executable by dh-runit, but not 
> the 'check' file.
>
> Also, I've not tested but I guess that files under the 'control'
> directory may have the same problem.
> Althought they are rarely used they should be executable too
>
> for the record, those files are
> /etc/sv/*/control/c
> /etc/sv/*/control/d
> /etc/sv/*/control/t
> /etc/sv/*/control/u
> /etc/sv/*/control/x

Thank you for report. I prepared patch and regression test and pushed it
into master.

Unfortunately, I can't upload dh-runit into unstable right now, since
its build-dependency `libghc-shake-dev` undergoes transition right now.

From 981e64243e8d12939ae623e344e7fbb37a5367e1 Mon Sep 17 00:00:00 2001
From: Dmitry Bogatov 
Date: Thu, 8 Aug 2019 21:51:26 +
Subject: [PATCH] Ensure that all supported scripts in svdir are executable

Closes: #934173
---
 dh_runit | 15 ++-
 t/checks/934173/check| 11 +++
 t/checks/934173/debian/dh-runit-test.runit   |  1 +
 t/checks/934173/debian/test.rundir/check |  0
 t/checks/934173/debian/test.rundir/control/u |  0
 t/checks/934173/debian/test.rundir/finish|  0
 t/checks/934173/debian/test.rundir/run   |  0
 7 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 t/checks/934173/check
 create mode 100644 t/checks/934173/debian/dh-runit-test.runit
 create mode 100644 t/checks/934173/debian/test.rundir/check
 create mode 100644 t/checks/934173/debian/test.rundir/control/u
 create mode 100644 t/checks/934173/debian/test.rundir/finish
 create mode 100644 t/checks/934173/debian/test.rundir/run

diff --git a/dh_runit b/dh_runit
index 927..9825a4d 100755
--- a/dh_runit
+++ b/dh_runit
@@ -59,7 +59,20 @@ sub parse_options($opts) {
 }
 
 sub ensure_executable($directory) {
-for my $f ('run', 'finish', 'log/run', 'log/finish') {
+my @scripts = (
+'run',
+'finish',
+'check',
+'log/run',
+'log/finish',
+'control/c',
+'control/d',
+'control/t',
+'control/u',
+'control/x',
+);
+
+for my $f (@scripts) {
 my $file = "$directory/$f";
 doit('chmod', '+x', $file) if (-e $file);
 }
diff --git a/t/checks/934173/check b/t/checks/934173/check
new file mode 100644
index 000..38a3bf8
--- /dev/null
+++ b/t/checks/934173/check
@@ -0,0 +1,11 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+use Test::More tests => 3;
+use File::stat;
+
+my $svdir = 'debian/dh-runit-test/etc/sv/test';
+ok(-x "${svdir}/run", "{svdir}/run correctly set executable");
+ok(-x "${svdir}/check", "{svdir}/check correctly set executable");
+ok(-x "${svdir}/control/u", "{svdir}/control/u correctly set executable");
+
diff --git a/t/checks/934173/debian/dh-runit-test.runit 
b/t/checks/934173/debian/dh-runit-test.runit
new file mode 100644
index 000..16e0dcc
--- /dev/null
+++ b/t/checks/934173/debian/dh-runit-test.runit
@@ -0,0 +1 @@
+debian/test.rundir name=test,noreplace,logscript
\ No newline at end of file
diff --git a/t/checks/934173/debian/test.rundir/check 
b/t/checks/934173/debian/test.rundir/check
new file mode 100644
index 000..e69de29
diff --git a/t/checks/934173/debian/test.rundir/control/u 
b/t/checks/934173/debian/test.rundir/control/u
new file mode 100644
index 000..e69de29
diff --git a/t/checks/934173/debian/test.rundir/finish 
b/t/checks/934173/debian/test.rundir/finish
new file mode 100644
index 000..e69de29
diff --git a/t/checks/934173/debian/test.rundir/run 
b/t/checks/934173/debian/test.rundir/run
new file mode 100644
index 000..e69de29
-- 
Note, that I send and fetch email in batch, once in a few days.
Please, mention in body of your reply when you add or remove recepients.

Bug#929954: what about just uploading relevant patch for now?

[Elena ``of Valhalla'']

Yaroslav Halchenko  wrote:
> If new version building is problematic, why not to upload just a patched
> version?

That would only delay the removal a bit: I'm sure that the current
version doesn't work with python3, so it's going to be removed sooner or
later from the archive.

Uploading the new upstream would also be python2 only, at least at the
beginning, but at least there is hope that it can be made to work also
with python3.

I don't expect the new version to be problematic, but it will involve a
bit of yak shaving, and and see #876681 (RFH: rst2pdf) on how this
package is pretty low on my priorities.

-- 
Elena ``of Valhalla''

Bug#934328: php: ini files not preserved

[Paolo Benvenuto]

Package: php
Version: 2:7.3+69
Severity: normal

Dear Maintainer,

Upgrading stretch -> buster, php was upgraded 7.0 -> 7.3

The user expects that ini files are preserved. On the contrary 7.3's php.ini, 
probably because they are in different directories than 7.0's, are installed 
from the package.

The install script should copy 7.0's php.ini's to 7.3 locations, and then ask 
the user if the config file must be preserved/substituted/etc. like apt does 
with all the config files.



-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/12 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), 
LANGUAGE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages php depends on:
ii  php7.3  7.3.4-2

php recommends no packages.

php suggests no packages.

-- no debconf information

Bug#934327: libreswan: addconn crash on ipsec.conf

[Ray Klassen]

Package: libreswan
Version: 3.27-6
Severity: important

Dear Maintainer,


upgraded to buster from jessie
systemctl start ipsec reported a failure
narrowed the cause down to addconn crashing as invoked by ipsec.service 

ran:
/usr/lib/ipsec/addconn --config ./ipsec.conf.nioffice  --checkconfig

result:
free(): double free detected in tcache 2
Aborted


downloaded the libreswan-3.29 tarball from libreswan wiki and created debian 
package using make deb.
installed 3.29 version deb and problem went away.

copied up problem ipsec.conf to router running the stock buster 3.27 and ran 
addconn --checkconfig against it with the same result.

narrowed it down to two lines in the last 'conn' 


as below with all irrelevant info omitted.

conn %default

ike=aes256-sha2_512;modp1024
phase2alg=aes256-sha2_512;modp1024


conn site1

ike=aes256-sha2_512;modp1024
phase2alg=aes256-sha2_512;modp1024


conn site2

ike=aes256-sha2_512;modp1024
phase2alg=aes256-sha2_512;modp1024


as the default wasn't really the default anymore, I moved the identical site1 
and site2 lines into %default and removed them from the 'site' conns and 
addconn --checkconfig worked fine. 
But it really should have been able to parse the original ipsec.conf.




-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.19.0-5-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreswan depends on:
ii  bind9-host [host]1:9.11.5.P4+dfsg-5.1
ii  bsdmainutils 11.1.2+b1
ii  debconf [debconf-2.0]1.5.71
ii  dns-root-data2019031302
ii  host 1:9.10.3.dfsg.P4-12.3+deb9u5
ii  iproute2 4.20.0-2
ii  iptables 1.8.2-4
ii  libaudit11:2.8.4-3
ii  libc62.28-10
ii  libcap-ng0   0.7.9-2
ii  libcurl3-nss 7.64.0-4
ii  libevent-2.1-6   2.1.8-stable-4
ii  libevent-pthreads-2.1-6  2.1.8-stable-4
ii  libldap-2.4-22.4.47+dfsg-3
ii  libldns2 1.7.0-4
ii  libnspr4 2:4.20-1
ii  libnss3  2:3.42.1-1
ii  libnss3-tools2:3.42.1-1
ii  libpam0g 1.3.1-5
ii  libselinux1  2.8-1+b1
ii  libsystemd0  241-5
ii  libunbound8  1.9.0-2
ii  systemd  241-5

Versions of packages libreswan recommends:
ii  python3  3.7.3-1

libreswan suggests no packages.

-- Configuration Files:
/etc/init.d/ipsec [Errno 2] No such file or directory: '/etc/init.d/ipsec'
/etc/ipsec.conf changed [not included]
/etc/ipsec.d/policies/block changed [not included]
/etc/ipsec.d/policies/clear changed [not included]
/etc/ipsec.d/policies/clear-or-private changed [not included]
/etc/ipsec.d/policies/private changed [not included]
/etc/ipsec.d/policies/private-or-clear changed [not included]
/etc/ipsec.secrets changed [not included]

-- no debconf information

Bug#934326: libcrypto++: CVE-2019-14318

[Salvatore Bonaccorso]

Source: libcrypto++
Version: 5.6.4-8
Severity: important
Tags: security upstream
Forwarded: https://github.com/weidai11/cryptopp/issues/869
Control: found -1 5.6.4-7
Control: found -1 8.2.0-1

Hi,

The following vulnerability was published for libcrypto++.

CVE-2019-14318[0]:
| Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA
| signature generation. This allows a local or remote attacker, able to
| measure the duration of hundreds to thousands of signing operations,
| to compute the private key used. The issue occurs because scalar
| multiplication in ecp.cpp (prime field curves, small leakage) and
| algebra.cpp (binary field curves, large leakage) is not constant time
| and leaks the bit length of the scalar among other information.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-14318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14318
[1] https://github.com/weidai11/cryptopp/issues/869

Regards,
Salvatore

Bug#934324: RM: encuentro -- RoQA; Qt4 - obsolete libs

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

[2:47:07 pm]  From the packages that I maintain, encuentro can be
removed

Qt4 is on the way out, so this should go.

Scott K

Bug#934325: Separate tag-related bug reports from other functionality issues

[Felix Lechner]

Package: lintian
Severity: wishlist

Hi,

Could we use usertags (or any other mechanism) to separate tag-related
bug reports from other functionality issues? I like to work on the
latter.

Kind regards,
Felix Lechner

Bug#931498: Bug present in Debian GNU/Linux 10 (buster)

[Martin Tharby Jones]

Dear Maintainer,

I've just upgrade to buster and the bug is still the same.

Yours

Martin

Bug#934323: python3-octavia: Depends for pyyaml needs to be python3

[Scott Kitterman]

Package: python3-octavia
Version: 4.0.0-3
Severity: normal
Tags: patch

Versions of packages python3-octavia depends on:
pn  python-yaml 

This should be python3-yaml.

Scott K
diff -Nru octavia-4.0.0/debian/changelog octavia-4.0.0/debian/changelog
--- octavia-4.0.0/debian/changelog  2019-07-05 13:16:56.0 +
+++ octavia-4.0.0/debian/changelog  2019-08-09 18:29:45.0 +
@@ -1,3 +1,9 @@
+octavia (4.0.0-4) UNRELEASED; urgency=medium
+
+  * Correct depends for yaml
+
+ -- Scott Kitterman   Fri, 09 Aug 2019 18:29:45 +
+
 octavia (4.0.0-3) unstable; urgency=medium
 
   * Fix octavia-agent binary in init/service file.
diff -Nru octavia-4.0.0/debian/control octavia-4.0.0/debian/control
--- octavia-4.0.0/debian/control2019-07-05 13:16:56.0 +
+++ octavia-4.0.0/debian/control2019-08-09 18:29:45.0 +
@@ -16,7 +16,7 @@
  python3-sphinx ,
 Build-Depends-Indep:
  alembic,
- python-yaml,
+ python3-yaml,
  python3-babel,
  python3-bandit,
  python3-barbicanclient,

Bug#929949: New upstream version 0.8 available, compatible with python3

[Andreas Ronnquist]

On Tue, 18 Jun 2019 20:10:48 +0200 Alexander Zangerl 
wrote:
> On Tue, 18 Jun 2019 13:35:02 +0200, Sebastien Bacher writes:
> >Any news about that update?
> 
> yes. so far i can't make duplicity 0.8.0 work with python 2.7 which
> is still the default version in debian and hence important in my
> opinion. (by "does not work" i mean: the built-in test suite fails
> quite a lot, and after patching that part basic functionality is
> still very very broken.)
> 
> no promises as to when i will find time and mental strength to wade
> through this (upstream-induced) mess.
> 

Is this really a target worth pursuing? To me it looks like the Debian
Python team is working to drop Python 2 from Debian during the Bullseye
development cycle.

Thank you very much for all your work with duplicity packaging.

/Andreas Rönnquist
gus...@debian.org
mailingli...@gusnan.se

Bug#934322: Split reporting code from Lintian proper

[Felix Lechner]

Package: src:lintian

Hi,

I have had trouble keeping DSA in the loop on new dependencies. May I
please split Lintian's reporting code into a separate package?

Going forward, lintian.d.o would simply depend on 'lintian', in
addition to any installation prerequisites for the reporting package.

Name suggestions are welcome. How about 'lintian-reporting' or
'lintian-webservice'?

Kind regards,
Felix Lechner

Bug#934107: Importing with --import=file.pdf does not import anything

[Jeff]

Thanks for the report. This fixes things for me for the next release.
diff --git a/bin/gscan2pdf b/bin/gscan2pdf
index 9334d605..12e138a6 100755
--- a/bin/gscan2pdf
+++ b/bin/gscan2pdf
@@ -498,8 +498,7 @@ sub parse_arguments {
 'device=s' => \@device,
 'test=s%'  => \$test,
 'test-image=s' => \$test_image,
-'import=s' => \$import,
+'import=s@'=> \$import,
 'locale=s' => \$locale,
 'help' => \$help,
 'log=s'=> \$log,
-- 
2.20.1



signature.asc
Description: OpenPGP digital signature

Bug#849752: lintian: fails when orig tarball not present in same directory

[Felix Lechner]

Hi Drew,

On Tue, Aug 6, 2019 at 4:24 AM Drew Parsons  wrote:
>
> This
> error running lintian simply means the orig tarball is not present in
> the same directory as the changes file that lintian is run against.

Would you please post your *.changes and your *.dsc?

Kind regards,
Felix

Bug#932470: O: adminer -- web-based database administration tool

[Alexandre Rossi]

Hi,

> > I cannot find the Debian group in the project creation form on salsa so
> > I think I am not allowed to create new projects in the Debian group.
> 
> Makes some kind of sense. I've created:
> 
>   https://salsa.debian.org/debian/adminer
> 
> … and given you what I believe to be the maximum permissions. Can you
> push your changes and, as a bonus, also update debian/control to point
> to this new location?

All done thanks,

Alex

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Rene Engelhard]

On Fri, Aug 09, 2019 at 08:18:53PM +0300, Timur Irikovich Davletshin wrote:
> I believe bug is to be reopened again to fix dependencies. Package

Did so (and fixed it in git)

> libreoffice-mysql-connector does exist for LO 6.3 and to be upgraded
> automatically or it will cause problem upgrading from Buster to
> Testing.

Not really if you did a complete "apt upgrade" etc since apt will upgrade
libreoffice-mysql-connector, too and it will work.

But you are right, if you do partial upgrades (like with -t buster-backports
install libreoffice) it breaks.

That's why I added the Conflicts: now.

Regards,
   
Rene

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Rene Engelhard]

On Fri, Aug 09, 2019 at 08:21:55PM +0300, Timur Irikovich Davletshin wrote:
> If it was optional I don't get why it was changed? As far I understand
> it does exist in repo for LO 6.3.

Just as a dummy to upgrade to the new libreoffice-sdbc-mysql so that it
doesn't get lost in a upgrade.

in 6.1 it was an extension. From 6.2 on it's a proper component of
LibreOffice.

Regards,

Rene

Bug#934321: ITP: python-deeptools -- platform for exploring biological deep-sequencing data

[Steffen Moeller]

Package: wnpp
Severity: wishlist

Subject: ITP: python-deeptools -- platform for exploring biological 
deep-sequencing data
Package: wnpp
Owner: Steffen Moeller 
Severity: wishlist

* Package name: python-deeptools
  Version : 3.3.0
  Upstream Author : Fidel Ramirez 
* URL : https://github.com/deeptools/deepTools
* License : GPL-3.0+
  Programming Lang: Python
  Description : platform for exploring biological deep-sequencing data
 Aiming for compatibility with the Galaxy worklfow environment, but
 also independently contributing to a series of workflows in 
 genomics, this package provides a series of tools to address
 common tasks for the processing of high-throughput DNA/RNA sequencing.

Remark: This package is maintained by Steffen Moeller at
   https://salsa.debian.org/med-team/python-deeptools

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Rene Engelhard]

tag 933835 + pending
thanks

Hi,

On Fri, Aug 09, 2019 at 07:17:40PM +0200, Rene Engelhard wrote:
> On Fri, Aug 09, 2019 at 07:54:21PM +0300, Timur Irikovich Davletshin wrote:
> > I was wrong, problem is not in atk*. I rolled back snapshot of buster
> > to it's original state and tried to reproduce behaviour. Problem is in
> > libreoffice-mysql-connector which is not upgraded automatically. So
> 
> OK, indeed. Reopening and adapting.
> 
> Will be fixed.
> 
> > dependencies...
> 
> No, Conflicts:, libreoffice-mysql-connector is now a dummy and it seems
> that the old ibreoffice-mysql-connector plays bad with the new LO :/
> And no, LibreOffice shouldn't depend on it :) (LO works without
> libreoffice-sdbc-mysql installed, you just need it for a MySQL
> connection.)
> 
> We can't change the old package, but we can make -core Conflicts:
> against the old libreoffice-mysql-connector..

https://salsa.debian.org/libreoffice-team/libreoffice/libreoffice/commit/22be2ede8d9c5ae4c6a1759602ba5cda2f9b8718

Will be in the next upload.

Thanks for insisting, I'd have never have thought this extension would
cause a failure like this if the new LO didn't have the new internal
compnent installed even.

Regards,
 
Rene

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Timur Irikovich Davletshin]

If it was optional I don't get why it was changed? As far I understand
it does exist in repo for LO 6.3.

On Fri, 9 Aug 2019 19:10:28 +0200 Rene Engelhard 
wrote:
> Or Conflicts. libreoffice-mysql-connector was an optional extension
> until 6.2 
> 

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Timur Irikovich Davletshin]

I believe bug is to be reopened again to fix dependencies. Package
libreoffice-mysql-connector does exist for LO 6.3 and to be upgraded
automatically or it will cause problem upgrading from Buster to
Testing.

Timur.

On Fri, 9 Aug 2019 19:05:36 +0200 Rene Engelhard 
wrote:
> close 933835
> thanks
> 
> On Fri, Aug 09, 2019 at 07:36:59PM +0300, Timur Irikovich Davletshin
wrote:
> > My complain was not about LO 6.3 in Debian Testing but about LO 6.3
> 
> Aha.
> 
> > from Buster backports. Well except me we have original reporter of
this
> > bug. Let's wait for him.
> 
> Which is - as I said - built against busters atk (and on my system)
> works with busters atk. (I cross-checked just now in the .buildinfo
> file, just in the unlikely case I used the wrong chroot.)
> What dependency would you suggest to something newer? As said, LO
> doesn't use features of newer atks directly, ttbomk.
> 
> And note that buster-backports is not part of this BTS at all. The
> version tracking doesn't know bpo versions.
> So even if this was a problem there this place would be wrong and
> debian-backpo...@lists.backports.org would be the place to discuss
it.
> See backports.debian.org - Report Bugs:
> https://backports.debian.org/Instructions/#index6h2:
> "Report Bugs
> Please report bugs that you found in the packages to the backports
> mailing list and NOT to the Debian BTS!"
> 
> Closing again.
> 
> Regards,
>   
> Rene
> 
> 

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Rene Engelhard]

reopen 933835
retitle 933835 libreoffice not start with fatal exception signal 11 when old 
libreoffice-mysql-connector is installed
severity 933835 serious
thanks

Hi,

On Fri, Aug 09, 2019 at 07:54:21PM +0300, Timur Irikovich Davletshin wrote:
> I was wrong, problem is not in atk*. I rolled back snapshot of buster
> to it's original state and tried to reproduce behaviour. Problem is in
> libreoffice-mysql-connector which is not upgraded automatically. So

OK, indeed. Reopening and adapting.

Will be fixed.

> dependencies...

No, Conflicts:, libreoffice-mysql-connector is now a dummy and it seems
that the old ibreoffice-mysql-connector plays bad with the new LO :/
And no, LibreOffice shouldn't depend on it :) (LO works without
libreoffice-sdbc-mysql installed, you just need it for a MySQL
connection.)

We can't change the old package, but we can make -core Conflicts:
against the old libreoffice-mysql-connector..

Regards,

Rene

Bug#875208: [tora] Future Qt4 removal from Buster

[Scott Kitterman]

On Sat, 9 Sep 2017 23:11:23 +0200 Lisandro =?iso-8859-1?Q?
Dami=E1n_Nicanor_P=E9rez?= Meyer  wrote:
> Source: tora
> Version: 2.1.3-3
> Severity: wishlist
> User: debian-qt-...@lists.debian.org
> Usertags: qt4-removal
> 
> 
> Hi! As you might know we the Qt/KDE team are preparing to remove Qt4
> as [announced] in:
> 
> [announced] 
> 
> Currently Qt4 has been dead upstream and we are starting to have problems
> maintaining it, like for example in the [OpenSSL 1.1 support] case.
> 
> [OpenSSL 1.1 support] 
> 
> In order to make this move, all packages directly or indirectly depending on
> the Qt4 libraries have to either get ported to Qt5 or eventually get
> removed from the Debian repositories.

There is a Qt5 version available upstream (has been for several years).  This 
is one of the last two packages requirement Qscintilla2 for Qt4 and I would 
appreciate it if the maintainer would either update it or indicate they aren't 
going to so it can be removed.

Scott K

Bug#933368: forcibly merging 933368 923567, closing 933368

[Michel Le Bihan]

I confirm that purging works as expected now. I was asked before
deleting the data directory.

Michel Le Bihan

Le vendredi 09 août 2019 à 10:56 +0200, Christoph Berg a écrit :
> forcemerge 933368 923567
> close 933368 9.6.15-0+deb9u1
> thanks
> 
> This has been fixed in yesterdays security release.

Bug#742767: fonts-texgyre: Termes font in does not render ligatures in evince

[Haas, Roland]

Hello Hilmar,

I can no longer reproduce the issue and the sample file
http://www.cs.dartmouth.edu/~doug/mdmspe.pdf renders correctly with both evince 
and xpdf.

So this seems to have been fixed one way or the other.

Thank you for following up!

Installed packages are:

fonts-texgyre:

ii  fonts-texgyre   20180621-3

evince:

ii  evince  3.30.2-3

Versions of packages evince depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.30.1-2
ii  evince-common3.30.2-3
ii  gsettings-desktop-schemas3.28.1-1
ii  libatk1.0-0  2.32.0-2
ii  libc62.28-10
ii  libcairo-gobject21.16.0-4
ii  libcairo21.16.0-4
ii  libevdocument3-4 3.30.2-3
ii  libevview3-3 3.30.2-3
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.60.6-1
ii  libgnome-desktop-3-173.30.2.1-2
ii  libgtk-3-0   3.24.10-1
ii  libnautilus-extension1a  3.30.5-2
ii  libpango-1.0-0   1.42.4-7
ii  libpangocairo-1.0-0  1.42.4-7
ii  libsecret-1-00.18.7-1
ii  shared-mime-info 1.10-1

xpdf:

Versions of packages xpdf depends on:
ii  libc6 2.28-10
ii  libgcc1   1:9.1.0-10
ii  libpaper1 1.1.28
ii  libpoppler82  0.71.0-5
ii  libstdc++69.1.0-10
ii  libx11-6  2:1.6.7-1
ii  libxm42.3.8-2
ii  libxt61:1.1.5-1+b3

System information:

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (1000, 'testing'), (900, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/24 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Yours,
Roland

> Am 27.03.2014 um 06:00 teilte Roland Haas mit:
> 
> Hi Roland,
> 
> I'm going through some old bugs.
> 
> This bug went back and forward and different people identified different
> root causes (poppler or the fonts itself).
> 
> In the sample document from the bug report I can't see this issue. Both
> pieces of software (tex-gyre and poppler) got new upstream releases in
> the meantime. Are you still able to reproduce the issue?
> 
> Hilmar



-- 
My email is as private as my paper mail. I therefore support encrypting
and signing email messages. Get my PGP key from http://pgp.mit.edu .


pgp7RrrjEhKNl.pgp
Description: OpenPGP digital signature

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Rene Engelhard]

reopen 933835
retitle 933835 libreoffice not start with fatal exception signal 11 with old 
libreoffice-mysql-connector installed
thanks

On Fri, Aug 09, 2019 at 07:54:21PM +0300, Timur Irikovich Davletshin wrote:
> I was wrong, problem is not in atk*. I rolled back snapshot of buster
> to it's original state and tried to reproduce behaviour. Problem is in
> libreoffice-mysql-connector which is not upgraded automatically. So

OK, that makes it testing/unstable, too.

> dependencies...

Or Conflicts. libreoffice-mysql-connector was an optional extension
until 6.2

So new LO needs to conflict against old libreoffice-mysql-connector when
it was still an extension it seems...

Regards,

Rene

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Rene Engelhard]

close 933835
thanks

On Fri, Aug 09, 2019 at 07:36:59PM +0300, Timur Irikovich Davletshin wrote:
> My complain was not about LO 6.3 in Debian Testing but about LO 6.3

Aha.

> from Buster backports. Well except me we have original reporter of this
> bug. Let's wait for him.

Which is - as I said - built against busters atk (and on my system)
works with busters atk. (I cross-checked just now in the .buildinfo
file, just in the unlikely case I used the wrong chroot.)
What dependency would you suggest to something newer? As said, LO
doesn't use features of newer atks directly, ttbomk.

And note that buster-backports is not part of this BTS at all. The
version tracking doesn't know bpo versions.
So even if this was a problem there this place would be wrong and
debian-backpo...@lists.backports.org would be the place to discuss it.
See backports.debian.org - Report Bugs:
https://backports.debian.org/Instructions/#index6h2:
"Report Bugs
Please report bugs that you found in the packages to the backports
mailing list and NOT to the Debian BTS!"

Closing again.

Regards,
  
Rene

Bug#780515: calcurse: recurring events cannot be noted, perfectly made "apts" are ignored. Update useless.

[Илья Протасов]

Select or make any "Appointments" -> press 'r'epeat -> and ... nothing
else works.
[d/w/m/y] - not work. Only Esc :(
First installation => no config.

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Timur Irikovich Davletshin]

I was wrong, problem is not in atk*. I rolled back snapshot of buster
to it's original state and tried to reproduce behaviour. Problem is in
libreoffice-mysql-connector which is not upgraded automatically. So
dependencies...

Timur.

On Fri, 09 Aug 2019 19:36:59 +0300 Timur Irikovich Davletshin <
timur.davlets...@gmail.com> wrote:
> My complain was not about LO 6.3 in Debian Testing but about LO 6.3
> from Buster backports. Well except me we have original reporter of
this
> bug. Let's wait for him.
> 
> On Fri, 9 Aug 2019 18:30:12 +0200 Rene Engelhard 
> wrote:
> > On Fri, Aug 09, 2019 at 06:03:09PM +0200, Rene Engelhard wrote:
> > > > If some version dependencies are wrong (it seems to be the
> case)...
> > > 
> > > That's what you say. But why does it start on my laptop with
> busters atk
> > > then?
> > > And buster-backports' build is - of course - built against
busters
> atk.
> > > So that can't be it.
> > > 
> > > > they ought to be checked and fixed. But that means bug is to be
> > > > reopened.
> > > 
> > > If it was a atk thing when built against sids atk you might be
> right,
> > > but I see no confirmation here yet.
> > 
> > So, what I did just now:
> > 
> > - uptodate Debian testing VM. LO starts
> > 
> > https://tracker.debian.org/pkg/atk1.0 said the version before was
> > 2.30.0-2 and said when it migrated.
> > 
> > - added that (http://snapshot.debian.org/package/atk1.0/2.30.0-2/
and
> > thus
> > 
> 
http://snapshot.debian.org/archive/debian/20180908T223035Z/pool/main/a/atk1.0/
> > and
> > thus http://snapshot.debian.org/archive/debian/20180908T223035Z to
> > sources.list)
> > 
> > - downgraded libatk using
> > 
> > apt install libatk...=2.30.2 for atk packages installed.
> > 
> > Still starts.
> > 
> > So still unreproducible.
> > 
> > Regards,
> >  
> > Rene
> > 
> > 
> 
> 
> 

Bug#932470: O: adminer -- web-based database administration tool

[Chris Lamb]

Hi Alexandre,

> I cannot find the Debian group in the project creation form on salsa so
> I think I am not allowed to create new projects in the Debian group.

Makes some kind of sense. I've created:

  https://salsa.debian.org/debian/adminer

… and given you what I believe to be the maximum permissions. Can you
push your changes and, as a bonus, also update debian/control to point
to this new location?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#934320: mirror submission for tala.interior.edu.uy

[Daniel Vinar Ulriksen]

Package: mirrors
Severity: wishlist
User: mirr...@packages.debian.org
Usertags: mirror-submission

Submission-Type: new
Site: tala.interior.edu.uy
Type: leaf
Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 
kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
Archive-http: /debian/
Maintainer: Daniel Vinar Ulriksen 
Country: UY Uruguay




Trace Url: http://tala.interior.edu.uy/debian/project/trace/
Trace Url: 
http://tala.interior.edu.uy/debian/project/trace/ftp-master.debian.org
Trace Url: http://tala.interior.edu.uy/debian/project/trace/tala.interior.edu.uy

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Timur Irikovich Davletshin]

My complain was not about LO 6.3 in Debian Testing but about LO 6.3
from Buster backports. Well except me we have original reporter of this
bug. Let's wait for him.

On Fri, 9 Aug 2019 18:30:12 +0200 Rene Engelhard 
wrote:
> On Fri, Aug 09, 2019 at 06:03:09PM +0200, Rene Engelhard wrote:
> > > If some version dependencies are wrong (it seems to be the
case)...
> > 
> > That's what you say. But why does it start on my laptop with
busters atk
> > then?
> > And buster-backports' build is - of course - built against busters
atk.
> > So that can't be it.
> > 
> > > they ought to be checked and fixed. But that means bug is to be
> > > reopened.
> > 
> > If it was a atk thing when built against sids atk you might be
right,
> > but I see no confirmation here yet.
> 
> So, what I did just now:
> 
> - uptodate Debian testing VM. LO starts
> 
> https://tracker.debian.org/pkg/atk1.0 said the version before was
> 2.30.0-2 and said when it migrated.
> 
> - added that (http://snapshot.debian.org/package/atk1.0/2.30.0-2/ and
> thus
> 
http://snapshot.debian.org/archive/debian/20180908T223035Z/pool/main/a/atk1.0/
> and
> thus http://snapshot.debian.org/archive/debian/20180908T223035Z to
> sources.list)
> 
> - downgraded libatk using
> 
> apt install libatk...=2.30.2 for atk packages installed.
> 
> Still starts.
> 
> So still unreproducible.
> 
> Regards,
>  
> Rene
> 
> 

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Rene Engelhard]

On Fri, Aug 09, 2019 at 06:03:09PM +0200, Rene Engelhard wrote:
> > If some version dependencies are wrong (it seems to be the case)...
> 
> That's what you say. But why does it start on my laptop with busters atk
> then?
> And buster-backports' build is - of course - built against busters atk.
> So that can't be it.
> 
> > they ought to be checked and fixed. But that means bug is to be
> > reopened.
> 
> If it was a atk thing when built against sids atk you might be right,
> but I see no confirmation here yet.

So, what I did just now:

- uptodate Debian testing VM. LO starts

https://tracker.debian.org/pkg/atk1.0 said the version before was
2.30.0-2 and said when it migrated.

- added that (http://snapshot.debian.org/package/atk1.0/2.30.0-2/ and
thus
http://snapshot.debian.org/archive/debian/20180908T223035Z/pool/main/a/atk1.0/
and
thus http://snapshot.debian.org/archive/debian/20180908T223035Z to
sources.list)

- downgraded libatk using

apt install libatk...=2.30.2 for atk packages installed.

Still starts.

So still unreproducible.

Regards,
 
Rene

Bug#933676: openjdk-11-jre-dcevm: openjdk-11-jre-dvecm doesn't include the hotswap agent

[Michael Meier]

No idea how to change this report into a RFP, so I just created a new 
one (which took me long enough to find out how to): Bug#934318


So I guess you can close that one here :-).

thanks
Michael

On 01.08.19 14:53, Emmanuel Bourg wrote:

Le 01/08/2019 à 20:21, Michael Meier a écrit :


according to http://hotswapagent.org and https://github.com/TravaOpenJDK/trava-
jdk-11-dcevm/ the java 11 dvecm version is supposed to include the
hotswapagent.
This package here doesn't do so. Would be great if it also could include it. So
the tutorials/manuals on the web work directly.

Hi Michael,

Thank you for the suggestion. Technically the hotswap agent is a
separate project [1] so it can't really fit in the openjdk-11-jre-dcevm
package (it could depend on it though). I suggest turning this bug
report into a RFP.

Emmanuel Bourg

[1] https://github.com/HotswapProjects/HotswapAgent

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Timur Irikovich Davletshin]

This is why I was insisting on checking all dependencies. I have two
machines (laptop and desktop) with only darktable installed from 3rd
party repos on one of them and result is the same — LO doesn't start.

Timur.

On Fri, 9 Aug 2019 18:03:09 +0200 Rene Engelhard 
wrote:
> reopen 933835
> retitle 933835 too lax atk dependency? - libreoffice not start with
fatal exception signal 11
> thanks
> 
> Hi,
> 
> On Fri, Aug 09, 2019 at 06:49:42PM +0300, Timur Irikovich Davletshin
wrote:
> > On Fri, 9 Aug 2019 10:30:50 +0200 Rene Engelhard 
> > wrote:
> > > dependency information.. I could force a newer dependency, but...
> > > 
> > > 
> > 
> > If some version dependencies are wrong (it seems to be the case)...
> 
> That's what you say. But why does it start on my laptop with busters
atk
> then?
> And buster-backports' build is - of course - built against busters
atk.
> So that can't be it.
> 

Bug#931295: USB keyboard not working

[markus]

Hello,

I have the same problem with a BananaPI and Debian buster.

u-boot from buster does not accept any key press and autoboot starts the installer on a serial console (blank screen).

 

I have tried a "trick" and created a SD-card with firmware.BananaPi.img.gz from stretch and partition.img.gz from buster. Now I can enter setenv commands on the u-boot console and start the installer. But then I have no keyboard in the installer.

 

Markus

 

 

https://get.debian.org/debian/dists/stretch/main/installer-armhf/current/images/hd-media/SD-card-images/firmware.BananaPi.img.gz

 

https://get.debian.org/debian/dists/testing/main/installer-armhf/20190702/images/hd-media/SD-card-images/partition.img.gz

Bug#934319: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185

[Moritz Muehlenhoff]

Source: icedtea-web
Severity: grave
Tags: security

Please see https://www.openwall.com/lists/oss-security/2019/07/31/2

Cheers,
Moritz

Bug#934318: RFP: hotswap-agent -- Java unlimited redefinition of classes at runtime

[Michael Meier]

Package: wnpp
Severity: wishlist

* Package name: hotswap-agent
  Version : 1.3.1
* URL : https://github.com/HotswapProjects/HotswapAgent
* License : GPL 2
  Programming Lang: Java
  Description : Java unlimited redefinition of classes at runtime

HotswapAgent is needed when you want to use openjdk-11-jre-dcevm vor developing
so you can hotswap code in a debug session.
According to http://hotswapagent.org and https://github.com/TravaOpenJDK/trava-
jdk-11-dcevm/ the java 11 dvecm version is supposed to include the
hotswapagent. But as it seems it should be packed as a separate package, see:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933676

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Timur Irikovich Davletshin]

IMHO, all deps should be checked.

On Fri, 09 Aug 2019 18:49:42 +0300 Timur Irikovich Davletshin <
timur.davlets...@gmail.com> wrote:
> On Fri, 9 Aug 2019 10:30:50 +0200 Rene Engelhard 
> wrote:
> > dependency information.. I could force a newer dependency, but...
> > 
> > 
> 
> If some version dependencies are wrong (it seems to be the case)...
> they ought to be checked and fixed. But that means bug is to be
> reopened.
> 
> Cheers,
> 
> Timur.
> 
> 
> 

Bug#934317: reportbug-gtk: After pressing back button, fields can't be edited anymore

[Michael Meier]

Package: reportbug-gtk
Version: 7.5.2
Severity: important

When in the gui, at one point you press back, or even worse, you're forced to
do it because of an error message, then you can't edit the previous fields
anymore. You even can't copy the previous text, so you need to start all over
again! (Just had to do that 3 times for a bug report)



-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (900, 'stable'), (700, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages reportbug-gtk depends on:
ii  gir1.2-gtk-3.0 3.24.5-1
ii  gir1.2-vte-2.910.54.2-2
ii  python3-gi 3.30.4-1
ii  python3-gi-cairo   3.30.4-1
ii  python3-gtkspellcheck  4.0.5-1
ii  reportbug  7.5.2

reportbug-gtk recommends no packages.

reportbug-gtk suggests no packages.

-- no debconf information

Bug#934315: ruby2.5: FTBFS on sparc64 due to alignment issues

[John Paul Adrian Glaubitz]

On 8/9/19 5:38 PM, John Paul Adrian Glaubitz wrote:
> ruby2.5 currently fails to build from source on sparc64 due to alignment
> issues in the code that have already been fixed upstream [1].
> 
> Would it be possible to backport the patch for the Debian package to
> fix this issue for ruby2.5? [2] Attaching the patch as well.

Patch doesn't apply as-is unfortunately. I'll try to backport it.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#904083: Regression run_lintian calls lintian with a non existing filename

[Maximiliano Curia]

¡Hola Johannes!

El 2019-01-04 a las 19:35 +0100, Johannes Schauer escribió:

Quoting Maximiliano Curia (2019-01-04 19:01:52)

On Thu, 19 Jul 2018 13:08:02 +0200 Maximiliano Curia 
wrote:

With the new release of sbuild 0.77 (which moves the run_lintian call outside
of the build function), lintian receives the name of a no longer existing
changes file (as the unlink is part of the copy_changes) and as such it fails
with, for example:
 I: schroot -d /<> -c 
unstable-amd64-sbuild-a8e6ff65-a882-41b6-9ce3-b5e764b4ca8c --run-session -q -u maxy -p -- 
lintian -I --pedantic --show-overrides sddm_0.18.0-1_amd64.changes
 D: Running command: schroot -d /<> -c 
unstable-amd64-sbuild-a8e6ff65-a882-41b6-9ce3-b5e764b4ca8c --run-session -q -u maxy -p -- 
lintian -I --pedantic --show-overrides sddm_0.18.0-1_amd64.changes
 warning: "sddm_0.18.0-1_amd64.changes" cannot be processed.
 warning: It is not a valid lab query and it is not an existing file.



 E: Lintian run failed (runtime error)



The issue is not present using the 0.76 version, and can be workaround
commenting the unlink call from the copy_changes function (as shown in the
attached file).



Thanks for working in sbuild. :)



I really fail to reproduce your problem. Can you give me your exact sbuild
invocation so that I may be able to see the same error that you see? I see it
neither in the version currently in unstable nor in git master.



I'm currently using sbuild 0.77.1-2, calling it with:
 sbuild --dist=sid --arch=amd64 --chroot=sid-amd64-sbuild --arch-all --arch-any --source 
--run-lintian --lintian-opts="-I --pedantic --show-overrides" --no-run-piuparts 
--purge=never /home/maxy/debian/kde/frameworks/build-area/breeze-icons_5.53.0-1~.dsc



An it fails as long as the mentioned unlink is present.



This is really odd.



I tried your command and it works just fine over here.



How did you set up your chroot?



Can you try to set everything up inside a virtual machine or some such? Just to
have a fresh start and a step-by-step instruction of how to get to your error?


Apparently this issue is reproducible only when the host machine (the machine 
running sbuild) has a symlink from /var/lib/sbuild/build to /build.


I've created this symlink long ago in my previous machine, and today, after 
creating the symlink in my new machine the lintian errors started showing up. 
Deleting the symlink makes the builds work as expected.


I guess the unlink is being ignored on machines that don't have a /build, but 
its likely to be bogus non the less.


Happy hacking,
--
"Get your data structures correct first, and the rest of the program will 
write itself"

-- David Jones
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Rene Engelhard]

reopen 933835
retitle 933835 too lax atk dependency? - libreoffice not start with fatal 
exception signal 11
thanks

Hi,

On Fri, Aug 09, 2019 at 06:49:42PM +0300, Timur Irikovich Davletshin wrote:
> On Fri, 9 Aug 2019 10:30:50 +0200 Rene Engelhard 
> wrote:
> > dependency information.. I could force a newer dependency, but...
> > 
> > 
> 
> If some version dependencies are wrong (it seems to be the case)...

That's what you say. But why does it start on my laptop with busters atk
then?
And buster-backports' build is - of course - built against busters atk.
So that can't be it.

> they ought to be checked and fixed. But that means bug is to be
> reopened.

If it was a atk thing when built against sids atk you might be right,
but I see no confirmation here yet.

*shrugs*, reopening this bug does not really help very much in this case,
it'll still be + moreinfo, + unreproducible, so people (you?) need to give
more information to this bug anyway.

But we can do that anyway...

But don't inflate the severity. I'll immediately downgrade it again.

Regards,

Rene

Bug#892953: autofs-5.1.2-3 crashes on hppa architecture

[Helge Deller]

By the way, the crashes still happen with autofs-5.1.5 as well.
The preprocessed source in my previous mail was from autofs-5.1.5.

The full compile line was:
gcc  -shared -g -O2 -fdebug-prefix-map=/root/build/autofs/autofs-5.1.5=. -Wformat -Werror=format-security 
-Wdate-time -D_FORTIFY_SOURCE=2 -D_REENTRANT -D_FILE_OFFSET_BITS=64 -I/usr/include/tirpc -D_REENTRANT 
-D_FILE_OFFSET_BITS=64 -I/usr/include/tirpc -DSSS_LIB_DIR=\"/usr/lib/hppa-linux-gnu/sssd/modules\" 
-I../include -I../lib -fPIC -D_GNU_SOURCE -DAUTOFS_LIB_DIR=\"/usr/lib/hppa-linux-gnu/autofs\" 
-DAUTOFS_MAP_DIR=\"/etc\" -o parse_sun.so parse_sun.c  ../lib/autofs.a -lpthread -ltirpc -lrt

Bug#934315: ruby2.5: FTBFS on sparc64 due to alignment issues

[John Paul Adrian Glaubitz]

Source: ruby2.5
Version: 2.5.5-4
Severity: normal
Tags: patch upstream
User: debian-sp...@lists.debian.org
Usertags: sparc64

Hi!

ruby2.5 currently fails to build from source on sparc64 due to alignment
issues in the code that have already been fixed upstream [1].

Would it be possible to backport the patch for the Debian package to
fix this issue for ruby2.5? [2] Attaching the patch as well.

Thanks,
Adrian

> [1] https://bugs.ruby-lang.org/issues/14689
> [2] 
> https://bugs.ruby-lang.org/projects/ruby-trunk/repository/git/revisions/58a2084483ce8baaf90d7b1cb00e3fa9570fbc79/diff

--
commit 58a2084483ce8baaf90d7b1cb00e3fa9570fbc79
Author: nobu 
Date:   Mon Apr 16 12:46:08 2018 +

compile.c: align range

* compile.c (ibf_dump_object_struct): align range elements.
  [ruby-core:86548] [Bug #14689]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63167 
b2dd03c8-39d4-4d8f-98ff-823fe69b080e

diff --git a/compile.c b/compile.c
index 5d37c730ef..f1cd30fe5f 100644
--- a/compile.c
+++ b/compile.c
@@ -9259,6 +9259,7 @@ ibf_dump_object_struct(struct ibf_dump *dump, VALUE obj)
range.beg = (long)ibf_dump_object(dump, beg);
range.end = (long)ibf_dump_object(dump, end);
 
+   IBF_W_ALIGN(struct ibf_object_struct_range);
IBF_WV(range);
 }
 else {
@@ -9425,7 +9426,7 @@ ibf_dump_object_object(struct ibf_dump *dump, VALUE obj)
 IBF_ZERO(obj_header);
 obj_header.type = TYPE(obj);
 
-ibf_dump_align(dump, sizeof(ibf_offset_t));
+IBF_W_ALIGN(ibf_offset_t);
 current_offset = ibf_dump_pos(dump);
 
 if (SPECIAL_CONST_P(obj)) {
diff --git a/test/ruby/test_iseq.rb b/test/ruby/test_iseq.rb
index 2ef344741b..86aad2da69 100644
--- a/test/ruby/test_iseq.rb
+++ b/test/ruby/test_iseq.rb
@@ -423,6 +423,7 @@ class TestISeq < Test::Unit::TestCase
 
   def test_to_binary_with_objects
 assert_iseq_to_binary("[]"+100.times.map{|i|"<

Bug#933835: Info received (Bug#933835: libreoffice not start with fatal exception signal 11)

[Timur Irikovich Davletshin]

On Fri, 9 Aug 2019 10:30:50 +0200 Rene Engelhard 
wrote:
> dependency information.. I could force a newer dependency, but...
> 
> 

If some version dependencies are wrong (it seems to be the case)...
they ought to be checked and fixed. But that means bug is to be
reopened.

Cheers,

Timur.

Bug#934316: FTBFS: source-af-packet.c:646:28: error: ‘SIOCGSTAMP’ undeclared

[Aurelien Jarno]

Source: suricata
Version: 1:4.1.4-4
Severity: serious
Tags: patch upstream ftbfs
Justification: fails to build from source (but built successfully in the past)

suricata fails to build with recent kernel versions:

| gcc -DHAVE_CONFIG_H -I. -I..   -Wdate-time -D_FORTIFY_SOURCE=2  
-I/usr/lib/mips-linux-gnu/htp/include -I/usr/include/nspr -I/usr/include/nspr 
-I/usr/include/nss -I/usr/include/nspr -I/usr/include/nss 
-I/usr/include/luajit-2.1 -I/usr/include  -Wextra 
-Werror-implicit-function-declaration  -fstack-protector -D_FORTIFY_SOURCE=2 
-Wformat -Wformat-security -I/usr/include -DLOCAL_STATE_DIR=\"/var\" -std=gnu99 
-Wall -Wno-unused-parameter -Wmissing-prototypes -Wmissing-declarations 
-Wstrict-prototypes -Wwrite-strings -Wbad-function-cast -Wformat-security 
-Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char  -g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -c -o source-af-packet.o source-af-packet.c
| source-af-packet.c: In function ‘AFPRead’:
| source-af-packet.c:646:28: error: ‘SIOCGSTAMP’ undeclared (first use in this 
function); did you mean ‘SIOCGRARP’?
|  if (ioctl(ptv->socket, SIOCGSTAMP, >ts) == -1) {
| ^~
| SIOCGRARP
| source-af-packet.c:646:28: note: each undeclared identifier is reported only 
once for each function it appears in
| source-af-packet.c: In function ‘AFPReadAndDiscard’:
| source-af-packet.c:1308:28: error: ‘SIOCGSTAMP’ undeclared (first use in this 
function); did you mean ‘SIOCGRARP’?
|  if (ioctl(ptv->socket, SIOCGSTAMP, ) == -1) {
| ^~
| SIOCGRARP
| make[4]: *** [Makefile:2129: source-af-packet.o] Error 1
| make[4]: *** Waiting for unfinished jobs
| make[4]: Leaving directory '/<>/src'
| make[3]: *** [Makefile:499: all-recursive] Error 1
| make[3]: Leaving directory '/<>'
| make[2]: *** [Makefile:425: all] Error 2
| make[2]: Leaving directory '/<>'
| dh_auto_build: make -j2 returned exit code 2
| make[1]: *** [debian/rules:57: override_dh_auto_build] Error 255
| make[1]: Leaving directory '/<>'
| make: *** [debian/rules:79: build-arch] Error 2
| dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit 
status 2

A full build log is available there:
https://buildd.debian.org/status/fetch.php?pkg=suricata=mips=1%3A4.1.4-4=1565301229=0

or there:
https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/suricata_4.1.4-4.rbuild.log.gz

The issue is due to the following change in the kernel headers, that has
been merged in kernel 5.2:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0768e17073dc527ccd18ed5f96ce85f9985e9115

Upstream has published a fix here:
https://github.com/OISF/suricata/blob/master/src/source-af-packet.c

Bug#926543: lintian: Deadlock in source-copyright check on source:khronos-opencl-man/1.0~svn33624-4

[Felix Lechner]

Hi,

On Fri, Aug 9, 2019 at 3:57 AM Andrey Rahmatullin  wrote:
>
> It's the same with lintian from sid (2.16.0) on xhtml2pdf 0.2.2-2 and 0.2.2-3.

I do not see any issues terminating locally. I used both Lintian
master and 2.16.0 on the xhtml2pdf source packages, per below. I also
tried, locally, the more complex command from above on
khronos-opencl-man_1.0~svn33624-4.dsc. Attached please find the log
showing that success, as well.

Can your errors be reproduced locally, or are they limited to lindsay?

Kind regards,
Felix

$ git checkout -b 2.16 2.16.0
Switched to a new branch '2.16'

$ frontend/lintian -v ../xhtml2pdf_0.2.2-2.dsc
N: Using profile debian/main.
N: Starting on group xhtml2pdf/0.2.2-2
N: Unpacking packages in group xhtml2pdf/0.2.2-2
N: 
N: Processing source package xhtml2pdf (version 0.2.2-2, arch source) ...
N: Finished processing group xhtml2pdf/0.2.2-2

$ frontend/lintian -v ../xhtml2pdf_0.2.2-3.dsc
N: Using profile debian/main.
N: Starting on group xhtml2pdf/0.2.2-3
N: Unpacking packages in group xhtml2pdf/0.2.2-3
N: 
N: Processing source package xhtml2pdf (version 0.2.2-3, arch source) ...
N: Finished processing group xhtml2pdf/0.2.2-3


khronos-success.log.xz
Description: application/xz

Bug#934314: GnuTLS race causes HTTPS bad requests

[Ian Eure]

Package: emacs
Version: 1:26.1+1-3.2
Severity: grave
Tags: upstream

The version of Emacs shipped in buster has a bug which causes synchronous HTTPS 
requests to fail due to a GnuTLS race condition.  It’s been reported and fixed 
upstream: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34341

Known workarounds involve disabling GnuTLS support or TLS 1.3, both of which 
are inadvisable from a security perspective.

This is a grave bug because it breaks Emacs’ built-in package manager 
installing packages from the default GNU repository, which can prevent Emacs 
from working.  If I use my Emacs configuration on a clean buster install, I get 
a broken X11 session, because it can’t install EXWM.

Upstream commit e87e6a24c4 contains the fix, which should get backported to 
buster due to the bug severity.


-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages emacs depends on:
ii  emacs-gtk  1:26.1+1-3.2

emacs recommends no packages.

emacs suggests no packages.

-- no debconf information

Bug#933860: pango1.0: CVE-2019-1010238

[Salvatore Bonaccorso]

Hi Simon,

On Sun, Aug 04, 2019 at 07:05:42PM +0100, Simon McVittie wrote:
> https://gitlab.gnome.org/GNOME/pango/issues/342 has now been unembargoed.
> 
> On Sun, 04 Aug 2019 at 19:21:29 +0200, Salvatore Bonaccorso wrote:
> > Is there some indication which upstream code change introduced
> > hte issue so we can try to narrow this down?
> 
> Not as far as I can see, but I am not a Pango expert. Perhaps someone
> else in the GNOME team has some insight here?
> 
> > Re the no-dsa/dsa question, the added severity does not necessarly
> > imply that, actually to be on safe side I should have choosen grave
> > (which then can be lowered if not appropriate). The problem was simply
> > I cannot determine good enough the impact and exploiting/attack
> > scenarios.
> > 
> > Does the upstream bug give more details which can help on that?
> 
> The upstream bug reporter writes:
> 
> [The segfault] happens because g_utf8_strlen("\xf8")
> is zero, so n_chars will be zero at this point:
> 
> https://gitlab.gnome.org/GNOME/pango/blob/eb2c647ff693bf3218fd1772f11a008bfbc975e7/pango/pango-bidi-type.c#L173
> 
> But because length = 1, the loop at
> 
> https://gitlab.gnome.org/GNOME/pango/blob/eb2c647ff693bf3218fd1772f11a008bfbc975e7/pango/pango-bidi-type.c#L181
> still executes at least one time, leading to a NULL pointer
> dereference (g_new(.., 0) = NULL)).
> 
> In general, this issue leads to an out-of-bounds heap write and can
> be triggered via pango_itemize if the bytes passed to pango_itemize
> are user-controlled.
> 
> I hope that's helpful.
> 
> Sorry, I don't know enough about Pango to know whether it's reasonable
> to pass malformed UTF-8 to pango_itemize(), or whether this can happen in
> practice in (for example) web browsers.

I tried to get an idea, as well consulting codesearch. It's not fully
clear to me. But given there stuff like qtwebkit and qt4-x11 in the
list I guess we are safer off if we release a DSA and say something
along the lines of "denial of service and potentially the execution of
arbitrary code".

Do you have free cycles to prepare the update for buster-security?

I think we can simply go with a 1.42.4-7~deb10u1 as "rebuild for
buster-security".

Thank you for your time so far!

Regards,
Salvatore

Bug#934313: gertty: unbuildable in testing due to B-D on python-alembic

[Esa Peuha]

Source: gertty
Version: 1.5.0-3
Severity: serious

Binary package python-alembic is no longer built from source and has
been removed from testing. As a result, gertty is currently unbuildable
in testing. Please make gertty build-depend on python3-alembic instead.

Bug#902117: [Debian-ha-maintainers] Bug#902117: corosync-qdevice will not daemonize/run

[Nickle, Richard]

I'm seeing the same behavior in Ubuntu 18.04.

What looks like early termination, and no debug output.

The program is running though:

$ sudo strace corosync-qdevice -df

[...]

openat(AT_FDCWD, "/dev/shm/qb-votequorum-event-12248-19618-30-header",
O_RDWR) = 9
ftruncate(9, 8248)  = 0
mmap(NULL, 8248, PROT_READ|PROT_WRITE, MAP_SHARED, 9, 0) = 0x7f22de722000
openat(AT_FDCWD, "/dev/shm/qb-votequorum-event-12248-19618-30-data",
O_RDWR) = 10
ftruncate(10, 1052672)  = 0
getpid()= 19618
sendto(11, "<30>Aug  9 11:06:16 corosync-qde"..., 102, MSG_NOSIGNAL, NULL,
0) = 102
mmap(NULL, 2105344, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f22dac82000
mmap(0x7f22dac82000, 1052672, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED,
10, 0) = 0x7f22dac82000
mmap(0x7f22dad83000, 1052672, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED,
10, 0) = 0x7f22dad83000
close(10)   = 0
close(9)= 0
sendto(8, "\20", 1, MSG_NOSIGNAL, NULL, 0) = 1
exit_group(1)   = ?
+++ exited with 1 +++

Bug#934246: munin-node doesn't start any more after upgrade to buster

[Paolo Benvenuto]

now the graphs are produced normally.

It seems that is a problem with the server start script

Il giorno ven 9 ago 2019 alle ore 16:12 Paolo Benvenuto <
paolobe...@gmail.com> ha scritto:

>
>
> Il giorno gio 8 ago 2019 alle ore 23:27  ha scritto:
>
>> > I had munin and munin-node working well on stretch, after upgrading to
>> buster
>> > munin-node service doesn't start any more.
>>
>> That sounds unpleasant.
>>
>> Did you already find a reason for this behaviour?
>>
>
> no
>
>
>> What is the result of running "munin-node" directly (as root)?
>>
>> # munin-node
> doesn't produce any error
>
> after that:
>
> $ ps ax|grep munin
> 12471 ?Ss 0:00 /usr/bin/perl -wT /usr/sbin/munin-node
>
> and it seems that something more is executed every 5 minutes.
>
>
>> Cheers,
>> Lars
>>
>

Bug#934295: nvidia-legacy-340xx-driver: Fails to build with kernel 5.2

[jim_p]

Package: nvidia-legacy-340xx-driver
Version: 340.107-4
Followup-For: Bug #934295

A patch for building nvidia legacy 340 with kernel 5.2 seems to be available,
as seen on ubuntu's package changelog for 19.10 here

http://changelogs.ubuntu.com/changelogs/pool/restricted/n/nvidia-graphics-
drivers-340/nvidia-graphics-drivers-340_340.107-0ubuntu5/changelog

However, I could not find the forementioned file
(debian/dkms_nvidia/patches/buildfix_kernel_5.2.patch) anywhere.



-- Package-specific info:
uname -a:
Linux mitsos 4.19.0-5-amd64 #1 SMP Debian 4.19.37-6 (2019-07-18) x86_64 
GNU/Linux

/proc/version:
Linux version 4.19.0-5-amd64 (debian-ker...@lists.debian.org) (gcc version 
8.3.0 (Debian 8.3.0-19)) #1 SMP Debian 4.19.37-6 (2019-07-18)

/proc/driver/nvidia/version:
NVRM version: NVIDIA UNIX x86_64 Kernel Module  340.107  Thu May 24 21:54:01 
PDT 2018
GCC version:  gcc version 8.3.0 (Debian 8.3.0-6) 

lspci 'display controller [030?]':
01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GT218 [GeForce 
210] [10de:0a65] (rev a2) (prog-if 00 [VGA controller])
Subsystem: ASUSTeK Computer Inc. GT218 [GeForce 210] [1043:8490]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: nvidia
Kernel modules: nvidia

dmesg:
[0.349376] Console: colour VGA+ 80x25
[0.400274] pci :01:00.0: vgaarb: setting as boot VGA device
[0.400274] pci :01:00.0: vgaarb: VGA device added: 
decodes=io+mem,owns=io+mem,locks=none
[0.400274] pci :01:00.0: vgaarb: bridge control possible
[0.400274] vgaarb: loaded
[0.851913] Linux agpgart interface v0.103
[3.251591] nvidia: loading out-of-tree module taints kernel.
[3.251603] nvidia: module license 'NVIDIA' taints kernel.
[3.274308] nvidia: module verification failed: signature and/or required 
key missing - tainting kernel
[3.301295] nvidia :01:00.0: vgaarb: changed VGA decodes: 
olddecodes=io+mem,decodes=none:owns=io+mem
[3.305858] [drm] Initialized nvidia-drm 0.0.0 20150116 for :01:00.0 on 
minor 0
[3.305877] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  340.107  Thu May 
24 21:54:01 PDT 2018
[3.653963] snd_hda_intel :01:00.1: Handle vga_switcheroo audio client
[4.913694] input: HDA NVidia HDMI/DP,pcm=3 as 
/devices/pci:00/:00:01.0/:01:00.1/sound/card1/input21
[4.913786] input: HDA NVidia HDMI/DP,pcm=7 as 
/devices/pci:00/:00:01.0/:01:00.1/sound/card1/input23
[4.913860] input: HDA NVidia HDMI/DP,pcm=8 as 
/devices/pci:00/:00:01.0/:01:00.1/sound/card1/input24
[4.915503] input: HDA NVidia HDMI/DP,pcm=9 as 
/devices/pci:00/:00:01.0/:01:00.1/sound/card1/input25
[7.078073] caller _nv000788rm+0xe4/0x1c0 [nvidia] mapping multiple BARs

Device node permissions:
crw-rw+ 1 root video 226,   0 Aug  9 17:59 /dev/dri/card0
crw-rw-rw-  1 root root  195,   0 Aug  9 17:59 /dev/nvidia0
crw-rw-rw-  1 root root  195, 255 Aug  9 17:59 /dev/nvidiactl

/dev/dri/by-path:
total 0
lrwxrwxrwx 1 root root 8 Aug  9 17:59 pci-:01:00.0-card -> ../card0
video:*:44:jim

OpenGL and NVIDIA library files installed:
lrwxrwxrwx 1 root root   15 Nov 21  2017 /etc/alternatives/glx -> 
/usr/lib/nvidia
lrwxrwxrwx 1 root root   44 Nov 21  2017 
/etc/alternatives/glx--libEGL.so.1-x86_64-linux-gnu -> 
/usr/lib/x86_64-linux-gnu/nvidia/libEGL.so.1
lrwxrwxrwx 1 root root   43 Nov 21  2017 
/etc/alternatives/glx--libGL.so.1-x86_64-linux-gnu -> 
/usr/lib/x86_64-linux-gnu/nvidia/libGL.so.1
lrwxrwxrwx 1 root root   43 Nov 21  2017 
/etc/alternatives/glx--libGL.so.1-x86_64-linux-gnu -> 
/usr/lib/x86_64-linux-gnu/nvidia/libGL.so.1
lrwxrwxrwx 1 root root   54 Nov 21  2017 
/etc/alternatives/glx--libGLESv2.so.2-x86_64-linux-gnu -> 
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGLESv2.so.2
lrwxrwxrwx 1 root root   54 Nov 21  2017 
/etc/alternatives/glx--libGLESv2.so.2-x86_64-linux-gnu -> 
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGLESv2.so.2
lrwxrwxrwx 1 root root   25 Nov 21  2017 
/etc/alternatives/glx--linux-libglx.so -> /usr/lib/nvidia/libglx.so
lrwxrwxrwx 1 root root   42 Nov 21  2017 
/etc/alternatives/glx--nvidia-blacklists-nouveau.conf -> 
/etc/nvidia/nvidia-blacklists-nouveau.conf
lrwxrwxrwx 1 root root   36 Nov 21  2017 
/etc/alternatives/glx--nvidia-bug-report.sh -> 
/usr/lib/nvidia/nvidia-bug-report.sh
lrwxrwxrwx 1 root root   39 Nov 21  2017 
/etc/alternatives/glx--nvidia-drm-outputclass.conf -> 
/etc/nvidia/nvidia-drm-outputclass.conf
lrwxrwxrwx 1 root root   28 Nov 21  2017 
/etc/alternatives/glx--nvidia-load.conf -> /etc/nvidia/nvidia-load.conf
lrwxrwxrwx 1 root root   32 Nov 21  2017 
/etc/alternatives/glx--nvidia-modprobe.conf -> /etc/nvidia/nvidia-modprobe.conf
lrwxrwxrwx 1 root root   29 Nov 21  2017 
/etc/alternatives/glx--nvidia_drv.so 

Bug#932085: grub-common: Grub can't load initrd for Xen after upgrade to Buster

[Franck Schneider]

I have the same issue :
After upgrading to buster, the system doesn't boot anymore : it seems stuck
at "Loading initial ramdisk ..."

With kvm access, when I choose in grub menu xen-4.11-amd64 and either
kernel 4.9 or 4.19 , the system doesn't boot.
when I choose xen 4.8-amd64  and  kernel  4.9 or 4.19 , the system boot.

( Removing --nounzip didn't change anything in my case.)

I noticed that xen 4.8 entries were using multiboot + module and xen 4.11
entries were using multiboot2 + module2.
=> I changed the xen 4.11 entries to use multiboot + module => the system
boots successfully.


On Wed, 17 Jul 2019 11:05:04 +0200 Hans van Kranenburg 
wrote:
> On 7/14/19 11:43 PM, Colin Watson wrote:
> > On Sun, Jul 14, 2019 at 01:27:23PM -0700, Slava Kryvel wrote:
> >> After upgrade from Debian 9.9 to Debian 10 I have got unbootable
system.
> >>
> >> I'm using Xen hypervisor, which was also upgraded from 4.8 to 4.11
> >> during OS upgrade.
> >> UEFI is enabled.
> >>
> >> After upgrade was finished, I was unable to boot again to Xen kernel.
> >> But normal Debian kernel was still bootable.
> >
> > [...]
> >
> > I'm CCing a few folks who've contributed to GRUB's Xen support in one
> > way or another in the recent past; hopefully at least one of them can
> > help here?
>
> Just to be transparent here, not all possible functionality is tested by
> the package maintainers (currently Ian and me) before throwing a new
> package into Debian. This is simply not practically feasible for us. [0]
>
> We rely on the upstream tests to know that the upstream Xen code will
> probably work. For Debian specific things, we do test our own use cases,
> but e.g. UEFI is not one of them. For this, we rely on active users to
> report problems and help solving them. So, yes, things like this can
happen.
>
> Thanks for reporting this. Next step would be to follow Rogers
> instructions, and provide config dumps, serial console output etc...
>
> We're certainly available to include changes / etc to fix things, given
> proper information / testing reports from the user. But, the user has to
> actively help to make that happen.
>
> Hans van Kranenburg (with Debian Xen team hat on)
>
> [0]
>
https://alioth-lists.debian.net/pipermail/pkg-xen-devel/2018-October/007438.html
>
>

Bug#934024: Next trial

[Karsten]

Now i tried to add the alternate home-directory to the configuration.

In /etc/apparmor.d/tunables/home.d/site.local i added
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}.  See tunables/home for details. Eg:
#@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/
@{HOMEDIRS}+=/srv/ssd3/home/


I restarted the service apparmor and then

# aa-complain thunderbird
ERROR: Values added to a non-existing variable @{HOMEDIRS}: /srv/ssd3/home/ in 
tunables/home.d/site.local


This seems not the way to solve the problem.
Other ideas?

Bug#933930: Fwd: [Pkg-utopia-maintainers] Bug#933930: Bug#933930: Bug#933930: network-manager: Ethernet connection no longer works

[Vincent Lefevre]

On 2019-08-09 16:05:11 +0200, Beniamino Galvani wrote:
> in the traces I see that there are 3 servers and one of them
> advertises a subnet different from other two.  This setup makes the
> behavior non-deterministic because clients can get an address either
> in the 10.0.1.0/24 or in the 140.77.12.0/23 network. Do you know if
> the network configured in this way on purpose?

I think so, as there are 2 kinds of machines: those that are supposed
to have a fixed IP address on the main network, and the other machines,
which will be on a secondary network. My machine is in the former
class. I don't know how such machines are supposed to be identified
(probably with a weak identification), but I can see my machine
name in the DHCP Discover and DHCP Request packets.

> Looking at dhcp-int-failure.pcap, there is an offer from 140.77.1.11:
> 
>   12:29:03.690421 94:f1:28:19:08:00 > 98:90:96:bd:7f:f7, ethertype IPv4 
> (0x0800), length 366: (tos 0x0, ttl 63, id 55318, offset 0, flags [DF], proto 
> UDP (17), length 352)
> 140.77.1.11.67 > 140.77.13.17.68: BOOTP/DHCP, Reply, length 324, hops 1, 
> xid 0xff001675, secs 2, Flags [none]
> Your-IP 140.77.13.17
> Server-IP 140.77.14.50
> Gateway-IP 140.77.12.1
> Client-Ethernet-Address 98:90:96:bd:7f:f7
> file "/lpxelinux.0"[|bootp]
> 
> to which the internal client replies with a request. Note the
> server-id set to 140.77.1.11:
> 
>   12:29:03.690539 98:90:96:bd:7f:f7 > ff:ff:ff:ff:ff:ff, ethertype IPv4 
> (0x0800), length 340: (tos 0xc0, ttl 64, id 0, offset 0, flags [none], proto 
> UDP (17), length 326)
> 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 
> 98:90:96:bd:7f:f7, length 298, xid 0xff001675, secs 2, Flags [none]
> Client-Ethernet-Address 98:90:96:bd:7f:f7
> Vendor-rfc1048 Extensions
>   Magic Cookie 0x63825363
>   DHCP-Message Option 53, length 1: Request
>   Client-ID Option 61, length 7: ether 98:90:96:bd:7f:f7
>   Parameter-Request Option 55, length 18: 
> Subnet-Mask, Default-Gateway, Hostname, Domain-Name
> Domain-Name-Server, Time-Zone, MTU, BR
> Classless-Static-Route, Static-Route, YD, YS
> NTP, Server-ID, Option 119, Classless-Static-Route-Microsoft
> Option 252, RP
>   MSZ Option 57, length 2: 576
>   Server-ID Option 54, length 4: 140.77.1.11
>   Requested-IP Option 50, length 4: 140.77.13.17
>   Hostname Option 12, length 7: "cventin"
> 
> The DHCP server at 10.0.1.1 NAKs the request even if it had a
> different server-id; I don't think this is correct:
> 
>   12:29:03.691585 5c:96:9d:6d:9d:48 > ff:ff:ff:ff:ff:ff, ethertype IPv4 
> (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto 
> UDP (17), length 328)
> 10.0.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300, xid 
> 0xff001675, secs 2, Flags [Broadcast]
> Server-IP 10.0.1.1
> Client-Ethernet-Address 98:90:96:bd:7f:f7
> Vendor-rfc1048 Extensions
>   Magic Cookie 0x63825363
>   DHCP-Message Option 53, length 1: NACK
>   Server-ID Option 54, length 4: 10.0.1.1
>   MSG Option 56, length 31: "requested address not available"

RFC 2131 says: "If a server receives a DHCPREQUEST message with an
invalid 'requested IP address', the server SHOULD respond to the
client with a DHCPNAK message and may choose to report the problem
to the system administrator."

So this seems correct. Note that it does not say that the server must
check the server-id, and the fact that it says "a server" instead of
"the server" tends to make me think that this is how it works.

BTW, if the server implicitly needs to check the server-id, why
doesn't the internal client do this too about the DHCPNAK response?

> Also, RFC 2131 says that the "If the client receives a DHCPNAK
> message, the client restarts the configuration process", that is what
> the internal client does, until the ACK comes before or until
> timeout. dhclient apparently ignores the NAK, but I haven't found yet
> in the code where this is done and based on what.

It seems that RFC 2131 has some contradictions in case of several
DHCP servers on several networks. IMHO, the client should be
tolerant and ignore DHCPNAK if the server-id is different.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#934024: Next trial

[Karsten]

The configuration of AppArmor for Thunderbird is somehow wrong.

The first time i searched for the configuration files i could only find this:

/lib/apparmor

/etc/init.d/apparmor
/etc/apparmor
/usr/share/doc/apparmor
/usr/share/lintian/overrides/apparmor   


/usr/src/linux-headers-4.19.0-5-amd64/include/config/security/apparmor  

/usr/src/linux-headers-4.9.0-8-amd64/include/config/security/apparmor   


/var/cache/apparmor


There where NO subdirectories in /etc/apparmor !

Then i installed the package apparmor-utils to experiment with AppArmor.
After that i found out that i could not set Thunderbird in debug (complain) 
mode.
This fails with 
ERROR: /etc/apparmor.d/usr.bin.thunderbird doesn't contain a valid profile for 
/usr/bin/thunderbird (syntax error?)


Now after my next reboot i checked the path /etc/apparmor again and it looks 
this way:

 # tree -d /etc/apparmor*
/etc/apparmor
/etc/apparmor.d
├── abstractions
│   ├── apparmor_api
│   └── ubuntu-browsers.d
├── disable
├── force-complain
├── local
└── tunables
├── home.d
├── multiarch.d
└── xdg-user-dirs.d


# ll /etc/apparmor
insgesamt 40K
drwxr-xr-x   2 root root 4,0K Aug  8 15:43 .
drwxr-xr-x 157 root root  12K Aug  9 16:39 ..
-rw-r--r--   1 root root 5,1K Mär 30 14:23 logprof.conf
-rw-r--r--   1 root root 1,6K Mär 30 14:23 parser.conf
-rw-r--r--   1 root root  11K Mär 30 14:23 severity.db

# ll /etc/apparmor.d
insgesamt 128K
drwxr-xr-x   7 root root 4,0K Aug  9 16:37 .
drwxr-xr-x 157 root root  12K Aug  9 16:39 ..
drwxr-xr-x   4 root root 4,0K Aug  4 15:30 abstractions
drwxr-xr-x   2 root root 4,0K Aug  9 16:40 disable
drwxr-xr-x   2 root root 4,0K Mär 30 14:23 force-complain
-rw-r--r--   1 root root  819 Feb 22 17:50 lightdm-guest-session
drwxr-xr-x   2 root root 4,0K Aug  4 14:55 local
-rw-r--r--   1 root root 1,1K Mär 30 14:23 nvidia_modprobe
drwxr-xr-x   5 root root 4,0K Aug  4 14:52 tunables
-rw-r--r--   1 root root  10K Jan 29  2019 usr.bin.evince
-rw-r--r--   1 root root 3,1K Feb 10 13:11 usr.bin.man
-rw-r--r--   1 root root  14K Aug  9 16:37 usr.bin.thunderbird
-rw-r--r--   1 root root 1,5K Jun 18 20:36 usr.lib.libreoffice.program.oosplash
-rw-r--r--   1 root root 1,4K Jun 18 20:36 usr.lib.libreoffice.program.senddoc
-rw-r--r--   1 root root  11K Jun 18 20:36 
usr.lib.libreoffice.program.soffice.bin
-rw-r--r--   1 root root 1,3K Jun 18 20:36 
usr.lib.libreoffice.program.xpdfimport
-rw-r--r--   1 root root 8,0K Jan 16  2017 usr.lib.telepathy
-rw-r--r--   1 root root  540 Jan 19  2017 usr.sbin.cups-browsed
-rw-r--r--   1 root root 5,5K Apr 23 08:33 usr.sbin.cupsd
-rw-r--r--   1 root root  563 Apr 19 18:29 usr.sbin.haveged
-rw-r--r--   1 root root  798 Aug  6  2018 usr.sbin.mysqld-akonadi


I tried again
# aa-complain thunderbird
Setting /usr/bin/thunderbird to complain mode.

ERROR: /etc/apparmor.d/usr.bin.thunderbird doesn't contain a valid profile for 
/usr/bin/thunderbird (syntax error?)

Why has this profile an error?


But i could deactivate Thunderbird with
# aa-disable thunderbird
Disabling /usr/bin/thunderbird.


After that i could start Thunderbird and send this email.

Cheers
karsten

Bug#934312: ITP: python3-marshmallow-sqlalchemy -- SQLAlchemy integration with marshmallow

[Utkarsh Gupta]

Package: wnpp
Severity: wishlist
Owner: Utkarsh Gupta 

* Package name: python3-marshmallow-sqlalchemy
  Version : 0.17.0
  Upstream Author : Steven Loria
* URL :
https://github.com/marshmallow-code/marshmallow-sqlalchemy
* License : Expat
  Programming Lang: Python
  Description : SQLAlchemy integration with marshmallow

 SQLAlchemy integration with the marshmallow (de)serialization library.
 .
 It allows one to declare your models, generate marshmallow schemas, and
 (de)serialize your data.


Best,
Utkarsh