Bug#892251: dovecot: fails to build from source twice in a row (unclean tree)
Source: dovecot Version: 1:2.2.34-2 Severity: normal Hi, thanks for maintaining the dovecot packages. While rebuilding dovecot from source, I've noticed that doing this twice in a row fails: ~/dovecot-2.2.34 % debuild -us -uc [..] ~/dovecot-2.2.34 % debuild -us -uc [..] dpkg-source: info: local changes detected, the modified files are: dovecot-2.2.34/dovecot.service dovecot-2.2.34/src/config/all-settings.c dpkg-source: error: aborting due to unexpected upstream changes, see /tmp/dovecot_2.2.34-2.diff.KZl62_ [..] Please see the diff below. Thanks, Chris --- /dev/null +++ dovecot-2.2.34/dovecot.service @@ -0,0 +1,32 @@ +# This file is part of Dovecot +# +# If you want to pass additionally command line options to the dovecot +# binary, create the file: +# `/etc/systemd/system/dovecot.service.d/service.conf'. + +[Unit] +Description=Dovecot IMAP/POP3 email server +Documentation=man:dovecot(1) +Documentation=http://wiki2.dovecot.org/ +After=local-fs.target network-online.target + +[Service] +Type=simple +ExecStart=/usr/sbin/dovecot -F +PIDFile=/var/run/dovecot/master.pid +ExecReload=/usr/bin/doveadm reload +ExecStop=/usr/bin/doveadm stop +PrivateTmp=true +NonBlocking=yes +# Enable this if your systemd is new enough to support it: +ProtectSystem=full + +# You can add environment variables with e.g.: +#Environment='CORE_OUTOFMEM=1' +# If you have trouble with `Too many open files' you may set: +#LimitNOFILE=8192 +# If you want to allow the Dovecot services to produce core dumps, use: +#LimitCORE=infinity + +[Install] +WantedBy=multi-user.target --- dovecot-2.2.34.orig/src/config/all-settings.c +++ dovecot-2.2.34/src/config/all-settings.c @@ -1068,7 +1068,7 @@ static const struct setting_define mbox_ }; static const struct mbox_settings mbox_default_settings = { .mbox_read_locks = "fcntl", - .mbox_write_locks = "dotlock fcntl", + .mbox_write_locks = "fcntl dotlock", .mbox_lock_timeout = 5*60, .mbox_dotlock_change_timeout = 2*60, .mbox_min_index_size = 0, @@ -2910,7 +2910,7 @@ struct master_settings master_default_se .state_dir = PKG_STATEDIR, .libexec_dir = PKG_LIBEXECDIR, .instance_name = PACKAGE, - .protocols = "imap pop3 lmtp", + .protocols = "", .listen = "*, ::", .ssl = "yes:no:required", .default_internal_user = "dovecot", @@ -2997,7 +2997,7 @@ static const struct setting_define login static const struct login_settings login_default_settings = { .login_trusted_networks = "", .login_source_ips = "", - .login_greeting = PACKAGE_NAME" ready.", + .login_greeting = DOVECOT_NAME" ready.", .login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>", .login_log_format = "%$: %s", .login_access_sockets = "", @@ -3154,7 +3154,7 @@ static const struct lmtp_settings lmtp_d .lmtp_user_concurrency_limit = 0, .lmtp_address_translate = "", .lmtp_hdr_delivery_address = "final:none:original", - .login_greeting = PACKAGE_NAME" ready.", + .login_greeting = DOVECOT_NAME" ready.", .login_trusted_networks = "" }; static const struct setting_parser_info *lmtp_setting_dependencies[] = { @@ -4802,34 +4802,34 @@ buffer_t config_all_services_buf = { const struct setting_parser_info *all_default_roots[] = { _service_setting_parser_info, _service_ssl_setting_parser_info, - _storage_setting_parser_info, - _setting_parser_info, + _setting_parser_info, + _setting_parser_info, _params_setting_parser_info, - _user_setting_parser_info, - _setting_parser_info, - _setting_parser_info, - _urlauth_setting_parser_info, + _setting_parser_info, + _storage_setting_parser_info, _urlauth_login_setting_parser_info, - _login_setting_parser_info, - _crypt_setting_parser_info, - _login_setting_parser_info, - _setting_parser_info, _setting_parser_info, - _setting_parser_info, - _setting_parser_info, _setting_parser_info, - _urlauth_worker_setting_parser_info, - _setting_parser_info, - _status_setting_parser_info, - _setting_parser_info, + _crypt_setting_parser_info, _setting_parser_info, - _setting_parser_info, + _setting_parser_info, + _setting_parser_info, + _setting_parser_info, + _setting_parser_info, _setting_parser_info, - _setting_parser_info, + _setting_parser_info, + _login_setting_parser_info, + _urlauth_worker_setting_parser_info, + _status_setting_parser_info, + _login_setting_parser_info, _setting_parser_info, + _urlauth_setting_parser_info, + _setting_parser_info, _setting_parser_info, - _setting_parser_info, - _setting_parser_info, +
Bug#889556: monotone: (Build-)Depends on obsolete libbotan1.10-dev
Package: monotone Version: 1.1-9 Severity: serious Dear Maintainer, your package monotone (build-)depends on botan1.10, which itself is obsolete. Upstream will end security support at the end of 2018, so it must not be part of buster. Please drop the libbotan1.10-dev build dependency. Thanks, Chris
Bug#889557: ovito: (Build-)Depends on obsolete libbotan1.10-dev
Package: ovito Version: 2.9.0+dfsg1-5 Severity: serious Dear Maintainer, your package ovito (build-)depends on botan1.10, which itself is obsolete. Upstream will end security support at the end of 2018, so it must not be part of buster. Please drop the libbotan1.10-dev build dependency. Thanks, Chris
Bug#889558: qtcreator: (Build-)Depends on obsolete libbotan1.10-dev
Package: qtcreator Version: 4.5.0-2 Severity: serious Dear Maintainer, your package qtcreator (build-)depends on botan1.10, which itself is obsolete. Upstream will end security support at the end of 2018, so it must not be part of buster. Please drop the libbotan1.10-dev build dependency. Thanks, Chris
Bug#883456: RM: pdns [armel] -- ROM; no longer builds; likely unusable
Package: ftp.debian.org Severity: normal Dear ftpmasters, please remove pdns from armel. It no longer builds there, and considering the usefulness / requirements any effort to fix that is likely a pure loss of hours. Thanks, Chris
Bug#882961: jessie-pu: package pdns/3.4.1-4+deb8u8
* Adam D. Barratt[171128 22:20]: > Control: tags -1 + confirmed > > On Mon, 2017-11-27 at 22:23 +, Chris Hofstaedtler wrote: > > Security update for CVE-2017-15091. DSA has marked this > > no-DSA but suggested this goes through (old)-stable-updates. > > Please go ahead. Uploaded, thanks. Chris
Bug#882960: jessie-pu: package pdns-recursor/3.6.2-2+deb8u4
* Adam D. Barratt[171128 22:21]: > Control: tags -1 + confirmed > > On Mon, 2017-11-27 at 22:28 +, Chris Hofstaedtler wrote: > > Security update using upstream patch for CVE-2017-15093. > > DSA has marked this non-DSA but suggested fixing this > > through an (old)stable update. > > Please go ahead. Uploaded, thanks. Chris
Bug#882958: stretch-pu: package pdns-recursor/4.0.4-1+deb9u2
* Adam D. Barratt[171128 22:22]: > Control: tags -1 + confirmed > > On Mon, 2017-11-27 at 22:29 +, Chris Hofstaedtler wrote: > > Security update using upstream patches to fix CVE-2017-15090, > > CVE-2017-15092, CVE-2017-15093, CVE-2017-15094. > > DSA has marked those as non-DSA but suggested fixing through > > a stable update instead. > > Please go ahead. Uploaded, thanks. Chris
Bug#882959: stretch-pu: package pdns/4.0.3-1+deb9u2
* Adam D. Barratt[171128 22:22]: > Control: tags -1 + confirmed > > On Mon, 2017-11-27 at 22:25 +, Chris Hofstaedtler wrote: > > Security update using upstream patch, for CVE-2017-15091. > > DSA has marked this no-DSA but suggested that this should > > be fixed via stable-updates. > > I assume you mean proposed-updates. Indeed; sorry for that mixup. > Please go ahead. Uploaded, thanks. Chris
Bug#878173: stretch-pu: package pdns/4.0.3-1+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear Release Team, pdns before 4.0.4 replies incorrectly to DNS questions with the DNSSEC query bit (DO) set, when the query also uses the "0x20" mechanism to increase spoofing resistance. Unfortunately this is the configuration letsencrypt uses to check for CAA records on domains. This implies letsencrypt being broken for all users that have domains on pdns from stretch. Upstream has fixed this in 4.0.4, but that didn't make it into stretch. There is more discussion on this in Debian bug #869222 and at https://github.com/PowerDNS/pdns/issues/5546 and at https://community.letsencrypt.org/t/caa-servfail-changes/38298/2 I have imported a minimal patch from upstream and attached the debdiff. Please let me know if this looks good or if I got something wrong. Thanks, Chris diff -Nru pdns-4.0.3/debian/changelog pdns-4.0.3/debian/changelog --- pdns-4.0.3/debian/changelog 2017-01-19 23:05:09.0 + +++ pdns-4.0.3/debian/changelog 2017-10-10 18:08:15.0 + @@ -1,3 +1,9 @@ +pdns (4.0.3-1+deb9u1) stable; urgency=medium + + * Fix incorrect qname casing in NSEC3 generation (Closes: #869222) + + -- Christian Hofstaedtler <z...@debian.org> Tue, 10 Oct 2017 18:08:15 + + pdns (4.0.3-1) unstable; urgency=medium * New upstream version 4.0.3, fixing bug when running bindbackend diff -Nru pdns-4.0.3/debian/patches/869222-lowercase-qname-before-NSEC-generation.patch pdns-4.0.3/debian/patches/869222-lowercase-qname-before-NSEC-generation.patch --- pdns-4.0.3/debian/patches/869222-lowercase-qname-before-NSEC-generation.patch 1970-01-01 00:00:00.0 + +++ pdns-4.0.3/debian/patches/869222-lowercase-qname-before-NSEC-generation.patch 2017-10-10 18:08:15.0 + @@ -0,0 +1,25 @@ +From b91cfe5c069df975176f5fd944540f72fc5d01bb Mon Sep 17 00:00:00 2001 +From: Kees Monshouwer <min...@monshouwer.org> +Date: Wed, 3 May 2017 21:49:11 +0200 +Subject: [PATCH] auth: lowercase qname before NSEC generation + +[z...@debian.org]: Patch from upstream PR #5289. +https://github.com/PowerDNS/pdns/commit/b91cfe5c069df975176f5fd944540f72fc5d01bb + +--- + pdns/dnsbackend.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc +index 4e43ffc2b1..2454d6efb8 100644 +--- a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc +@@ -273,7 +273,7 @@ bool DNSBackend::getBeforeAndAfterNames(uint32_t id, const DNSName& zonename, co + // lcqname=labelReverse(lcqname); + DNSName dnc; + string relqname, sbefore, safter; +- relqname=labelReverse(makeRelative(qname.toStringNoDot(), zonename.toStringNoDot())); // FIXME400 ++ relqname=labelReverse(makeRelative(toLower(qname.toStringNoDot()), zonename.toStringNoDot())); + //sbefore = before.toString(); + //safter = after.toString(); + bool ret = this->getBeforeAndAfterNamesAbsolute(id, relqname, dnc, sbefore, safter); diff -Nru pdns-4.0.3/debian/patches/series pdns-4.0.3/debian/patches/series --- pdns-4.0.3/debian/patches/series1970-01-01 00:00:00.0 + +++ pdns-4.0.3/debian/patches/series2017-10-10 18:08:15.0 + @@ -0,0 +1 @@ +869222-lowercase-qname-before-NSEC-generation.patch
Bug#877783: spyne: Please provide python3-spyne
Package: spyne Version: 2.12.11-1 Severity: wishlist Dear Maintainer, Please provide a Python 3 version of the python-spyne package. Thanks, Chris
Bug#872928: stretch-pu: package dnsdist/1.1.0-2+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, this update fixes low-severity CVEs CVE-2016-7069, CVE-2017-7557, purely based on version-targetted patches from upstream. Thanks, Chris diff -Nru dnsdist-1.1.0/debian/changelog dnsdist-1.1.0/debian/changelog --- dnsdist-1.1.0/debian/changelog 2016-12-31 15:50:47.0 + +++ dnsdist-1.1.0/debian/changelog 2017-08-22 13:58:05.0 + @@ -1,3 +1,10 @@ +dnsdist (1.1.0-2+deb9u1) stretch; urgency=medium + + * Fix CVE-2016-7069, CVE-2017-7557 using patches from upstream +(Closes: #872854) + + -- Christian Hofstaedtler <z...@debian.org> Tue, 22 Aug 2017 13:58:05 + + dnsdist (1.1.0-2) unstable; urgency=medium * Bump debhelper compat to 10 for systemd support. diff -Nru dnsdist-1.1.0/debian/patches/CVE-2016-7069.patch dnsdist-1.1.0/debian/patches/CVE-2016-7069.patch --- dnsdist-1.1.0/debian/patches/CVE-2016-7069.patch1970-01-01 00:00:00.0 + +++ dnsdist-1.1.0/debian/patches/CVE-2016-7069.patch2017-08-22 13:58:05.0 + @@ -0,0 +1,37 @@ +--- a/dnsdist-ecs.cc b/dnsdist-ecs.cc +@@ -392,26 +392,29 @@ void handleEDNSClientSubnet(char* const packet, const size_t packetSize, const u + static int removeEDNSOptionFromOptions(unsigned char* optionsStart, const uint16_t optionsLen, const uint16_t optionCodeToRemove, uint16_t* newOptionsLen) + { + unsigned char* p = optionsStart; +- const unsigned char* end = p + optionsLen; +- while ((p + 4) <= end) { ++ size_t pos = 0; ++ while ((pos + 4) <= optionsLen) { + unsigned char* optionBegin = p; + const uint16_t optionCode = 0x100*p[0] + p[1]; + p += sizeof(optionCode); ++pos += sizeof(optionCode); + const uint16_t optionLen = 0x100*p[0] + p[1]; + p += sizeof(optionLen); +-if ((p + optionLen) > end) { ++pos += sizeof(optionLen); ++if ((pos + optionLen) > optionsLen) { + return EINVAL; + } + if (optionCode == optionCodeToRemove) { +- if (p + optionLen < end) { ++ if (pos + optionLen < optionsLen) { + /* move remaining options over the removed one, +if any */ +-memmove(optionBegin, p + optionLen, end - (p + optionLen)); ++memmove(optionBegin, p + optionLen, optionsLen - (pos + optionLen)); + } + *newOptionsLen = optionsLen - (sizeof(optionCode) + sizeof(optionLen) + optionLen); + return 0; + } + p += optionLen; ++pos += optionLen; + } + return ENOENT; + } diff -Nru dnsdist-1.1.0/debian/patches/CVE-2016-7069.patch.asc dnsdist-1.1.0/debian/patches/CVE-2016-7069.patch.asc --- dnsdist-1.1.0/debian/patches/CVE-2016-7069.patch.asc1970-01-01 00:00:00.0 + +++ dnsdist-1.1.0/debian/patches/CVE-2016-7069.patch.asc2017-08-22 13:58:05.0 + @@ -0,0 +1,12 @@ +-BEGIN PGP SIGNATURE- + +iQFOBAABCgA4FiEE1jAMq8v0abvjkuUDogjtT4r1hEYFAlmcNN0aHHJlbWkuZ2Fj +b2duZUBwb3dlcmRucy5jb20ACgkQogjtT4r1hEZjugf9FqmZzPzql6A8yvqix4lj +/dXYIuuoIqt2NKIZlKkf4QsMO9fhF+AC6WkPessodAExkyB4IdxrmneumWvVNRpO +beXT+2l6COKjvDkmYvc+5qKDUPEYHxvh6G1dBFDSGvn5AH5uZI2xXko7R3NdA2m+ +hThY37mkDSsiHrqWGNjj6/DoWIJFeU7gRg2aHkos68JiNdIhai6LMYerwecu4v1b +6Y5xG6hI85Ofn25xKbXNBjAlj1vYJS8/nMYqqWdxD+eIFKX9FkClwE9IkOdqmyRv +K0vceChANzLvnIzIcYm81AgKTKqPAoQMQP/0L+IG4hSwVTytHLeajsbQ/XRFDUUW +Gg== +=+FBw +-END PGP SIGNATURE- diff -Nru dnsdist-1.1.0/debian/patches/CVE-2017-7557-1.1.0.patch dnsdist-1.1.0/debian/patches/CVE-2017-7557-1.1.0.patch --- dnsdist-1.1.0/debian/patches/CVE-2017-7557-1.1.0.patch 1970-01-01 00:00:00.0 + +++ dnsdist-1.1.0/debian/patches/CVE-2017-7557-1.1.0.patch 2017-08-22 13:58:05.0 + @@ -0,0 +1,123 @@ +--- a/dnsdist-web.cc b/dnsdist-web.cc +@@ -79,13 +79,28 @@ static void apiSaveACL(const NetmaskGroup& nmg) + apiWriteConfigFile("acl", content); + } + +-static bool compareAuthorization(YaHTTP::Request& req, const string _password, const string& expectedApiKey) ++static bool checkAPIKey(const YaHTTP::Request& req, const string& expectedApiKey) + { +- // validate password +- YaHTTP::strstr_map_t::iterator header = req.headers.find("authorization"); +- bool auth_ok = false; +- if (header != req.headers.end() && toLower(header->second).find("basic ") == 0) { +-string cookie = header->second.substr(6); ++ if (expectedApiKey.empty()) { ++return false; ++ } ++ ++ const auto header = req.headers.find("x-api-key"); ++ if (header != req.headers.end()) { ++return (header->second == expectedApiKey); ++ } ++ ++ return false; ++} ++ ++static bool checkWebPassword(const YaHTTP::Request& req, const string _password) ++{ ++ static const char basicStr[] = "basic "; ++ ++ const auto header = req.headers.find("authorization"); ++ ++ if (header != req.head
Bug#872854: dnsdist: CVE-2016-7069 CVE-2017-7557
> CVE-2016-7069[0]: > Crafted backend responses can cause a denial of service > > CVE-2017-7557[1]: > Alteration of ACLs via API authentication bypass Source patches for 1.1.0 are available here: https://downloads.powerdns.com/patches/2017-01/ https://downloads.powerdns.com/patches/2017-02/
Bug#867159: stretch-pu: package pdns-recursor/4.0.4-1
Hi, * Cyril Brulebois <k...@debian.org> [170705 07:13]: > Control: tag -1 confirmed > > Christian Hofstaedtler <z...@debian.org> (2017-07-04): > > pdns-recursor has an embedded copy of the DNS root (".") zone public > > signing key ("KSK"), for DNSSEC verification purposes. ICANN has > > created a new key and expects it to use starting from October 11, > > 2017, in place of the old key. > > > > [..] > > This looks good to me, feel free to upload. Done, should be in proposed-updates by now. > Are we getting an update for jessie as well? (If so, let's track this in > a separate bug report please.) The version in jessie does not have DNSSEC capabilities. The version in jessie-backports does, and I'll update it once the stretch update is all through. > Thanks. Thanks, Chris
Bug#867159: stretch-pu: package pdns-recursor/4.0.4-1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu pdns-recursor has an embedded copy of the DNS root (".") zone public signing key ("KSK"), for DNSSEC verification purposes. ICANN has created a new key and expects it to use starting from October 11, 2017, in place of the old key. This update adds the new key to the trusted set. If users do not get this update, DNSSEC validation will fail for them starting on Oct. 11, until they manually update the configuration. The same fix is already in unstable (as 4.0.4-2). Thanks, Chris diff -Nru pdns-recursor-4.0.4/debian/changelog pdns-recursor-4.0.4/debian/changelog --- pdns-recursor-4.0.4/debian/changelog2017-01-14 03:03:18.0 + +++ pdns-recursor-4.0.4/debian/changelog2017-06-27 12:31:08.0 + @@ -1,3 +1,10 @@ +pdns-recursor (4.0.4-1+deb9u1) stretch; urgency=medium + + * Add new root trust anchor KSK-2017 to embedded root trust list. +(Closes: #866112) + + -- Christian Hofstaedtler <z...@debian.org> Tue, 27 Jun 2017 12:31:08 + + pdns-recursor (4.0.4-1) unstable; urgency=medium * New upstream version, fixing security issues CVE-2016-7068 and diff -Nru pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch --- pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch 1970-01-01 00:00:00.0 + +++ pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch 2017-06-27 12:31:08.0 + @@ -0,0 +1,20 @@ +From d5037c4d34ffbc89ca5d4f79554dd87aa49fdbc8 Mon Sep 17 00:00:00 2001 +From: Pieter Lexis <pieter.le...@powerdns.com> +Date: Fri, 3 Feb 2017 09:03:35 +0100 +Subject: [PATCH] Add the 2017 root key + +--- + pdns/root-dnssec.hh | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/pdns/root-dnssec.hh b/pdns/root-dnssec.hh +index 0d4b3b4ea1..1f5bb37fe7 100644 +--- a/root-dnssec.hh b/root-dnssec.hh +@@ -22,4 +22,5 @@ + + #pragma once + +-static const char*rootDSs[]={"19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5"}; ++static const char*rootDSs[]={"19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5", ++ "20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d"}; diff -Nru pdns-recursor-4.0.4/debian/patches/series pdns-recursor-4.0.4/debian/patches/series --- pdns-recursor-4.0.4/debian/patches/series 1970-01-01 00:00:00.0 + +++ pdns-recursor-4.0.4/debian/patches/series 2017-06-27 12:31:08.0 + @@ -0,0 +1 @@ +0001-Add-the-2017-root-key.patch
Bug#866112: [Pkg-dns-devel] Bug#866112: pdns-recursor: Embedded "root" DNSSEC Trust Anchor will expire in 2017
* Ondřej Surý <ond...@sury.org> [170627 15:21]: > Actually it would be best if you could convince pdns_recursor to use TAs > from dns-root-data, either at build or preferably at start time (or > runtime). Yeah, I agree. This is #760470 and https://github.com/PowerDNS/pdns/issues/3530 Should even be relatively easy, but I haven't found time to work on a patch to send upstream. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#866112: pdns-recursor: Embedded "root" DNSSEC Trust Anchor will expire in 2017
Package: pdns-recursor Version: 4.0.4-1 Severity: important Tags: upstream fixed-upstream pdns-recursor embeds the "root" DNSSEC Trust Anchor in its source code, and the currently in use KSK-2010 will soon be replaced by KSK-2017. The former is embedded, the latter is not. Upstream has fixed this already: https://github.com/PowerDNS/pdns/commit/d5037c4d34ffbc89ca5d4f79554dd87aa49fdbc8
Bug#865561: [Pkg-dns-devel] pdns_server does not start after upgrade to stretch
* James Cloos[170623 20:15]: > > "OS" == Ondřej Surý writes: > > OS> (e.g it is recommended to have bind plugin installed under common > OS> conditions). > > Why is it recommended, though? > > I suspect most use pdns for db backends. > > All of the backends should be suggested, not recommended. The bind backend is Recommends: because previously it was part of pdns-server. To not break setups relying on bindbackend (at least not more than necessary), everyone(*) gets the same feature set as before. Those who do not want bindbackend at all can purge the package or comment out the launch+= line. C. * Everyone running with the default APT configuration. Setups that run with --no-install-recommends are assumed to really know what they are doing.
Bug#865561: [Pkg-dns-devel] Bug#865561: closed by Christian Hofstaedtler <z...@debian.org> (Re: Bug#865561: pdns_server does not start after upgrade to stretch)
* Juha Heinanen[170623 20:33]: > Ondřej Surý writes: > > I think that Recommends/Suggests should reflect their actual meanings (e.g > > it is recommended to have bind plugin installed under common conditions). > > It should not be changes to workaround settings of apt. > > Common condition of powerdns is to use a database, not bind backend. > Database support is the very reason most people use powerdns. Previously bindbackend was not optional but always builtin into core. Having a module is a new option in 4.x, and the package is there to support configurations without bindbackend. You can remove the package if you don't want it. Good luck.
Bug#842432: ruby2.3: CVE-2016-7798: IV Reuse in GCM Mode
* Moritz Mühlenhoff <j...@inutil.org> [170528 13:07]: > On Thu, Jan 05, 2017 at 08:08:14PM +0100, Salvatore Bonaccorso wrote: > > Hi Christian, > > > > On Wed, Nov 16, 2016 at 02:48:03AM +0100, Christian Hofstaedtler wrote: > > > Hi, > > > > > > * Salvatore Bonaccorso <car...@debian.org> [161116 01:46]: > > > > Source: ruby2.3 > > > > [...] > > > > [0] https://security-tracker.debian.org/tracker/CVE-2016-7798 > > > > [1] https://github.com/ruby/openssl/issues/49 > > > > [2] > > > > https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062 > > > > > > I'm attaching a potential patch against ruby2.3 2.3.2. Any review > > > would be most welcome. > > > > The patch looks sane to me. Do you have any chance to let it review > > from upstream for the 2.3 version? Antonio? > > What's the status? So, the upstream review did not happen because at least I don't have any useful contacts for that, and it appears upstream did not bother to fix this in 2.3. Realistically I'll not have time to work on this over the long weekend... if someone else can do another review pass and maybe upload the patch, that would be very welcome. Best, -ch
Bug#860689: blockdiag: FTBFS on i386: E: Build killed with signal TERM after 150 minutes of inactivity
Control: retitle -1 double free or corruption when loading unhandled SVG from BytesIO Control: reassign -1 python-wand Control: affects -1 blockdiag Hi, * Lucas Nussbaum[170505 18:36]: > During a rebuild of all packages in stretch (in a stretch chroot, not a > sid chroot), your package failed to build on i386. > > Relevant part (hopefully): > > f73d6000-f73d7000 r--p 00022000 ca:02 6950262 > > /lib/i386-linux-gnu/ld-2.24.so > > f73d7000-f73d8000 rw-p 00023000 ca:02 6950262 > > /lib/i386-linux-gnu/ld-2.24.so > > f73d8000-f7733000 r-xp ca:02 6822683 > > /usr/bin/python2.7 > > f7733000-f7734000 rwxp 00:00 0 > > f7734000-f7735000 r--p 0035b000 ca:02 6822683 > > /usr/bin/python2.7 > > f7735000-f7795000 rw-p 0035c000 ca:02 6822683 > > /usr/bin/python2.7 > > f7795000-f77aa000 rw-p 00:00 0 > > f90e4000-f96dc000 rw-p 00:00 0 > > [heap] > > ff8b3000-ff8d4000 rw-p 00:00 0 > > [stack] > > Aborted I've reduced this to a simple test case: import io import wand.image s = io.BytesIO() s.write('\nhttp://www.w3.org/2000/svg;>\n circle\n \n\n') s.seek(0) wand.image.Image(file=s) Result on i386: (stretch_i386-dchroot)zeha@barriere:~$ python ~/test.py Traceback (most recent call last): File "/home/zeha/test.py", line 7, in wand.image.Image(file=s) File "/usr/lib/python2.7/dist-packages/wand/image.py", line 2740, in __init__ self.read(file=file, resolution=resolution) File "/usr/lib/python2.7/dist-packages/wand/image.py", line 2822, in read self.raise_exception() File "/usr/lib/python2.7/dist-packages/wand/resource.py", line 222, in raise_exception raise e wand.exceptions.MissingDelegateError: no decode delegate for this image format `SVG' @ error/blob.c/BlobToImage/353 Exception TypeError: TypeError("object of type 'NoneType' has no len()",) in > ignored *** Error in `python': double free or corruption (!prev): 0xf90daf40 *** === Backtrace: = /lib/i386-linux-gnu/libc.so.6(+0x6737a)[0xf71d437a] /lib/i386-linux-gnu/libc.so.6(+0x6dfb7)[0xf71dafb7] /lib/i386-linux-gnu/libc.so.6(+0x6e776)[0xf71db776] python(PyMem_Free+0x18)[0xf74f7fe8] /usr/lib/python2.7/lib-dynload/_ctypes.i386-linux-gnu.so(+0xf249)[0xf7054249] python(+0x10f97d)[0xf74f897d] python(+0x10f485)[0xf74f8485] python(+0xeb29e)[0xf74d429e] python(+0xf1cbd)[0xf74dacbd] python(+0xf1c88)[0xf74dac88] python(PyDict_SetItem+0x44a)[0xf749cfea] python(PyDict_SetItemString+0x58)[0xf74a04d8] python(PyImport_Cleanup+0x118)[0xf74fd488] python(Py_Finalize+0x99)[0xf74fb439] python(Py_Main+0x4d3)[0xf749a2a3] python(main+0x26)[0xf7499db6] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xf7185276] python(+0xb0c50)[0xf7499c50] Note that blockdiag is not even involved in this code anymore. Therefore reassigning to wand, which appears to be the running code. Involved versions: ii libmagickcore-6.q16-3:i3868:6.9.7.4+dfsg-6 i386 low-level image manipulation library -- quantum depth Q16 ii libmagickcore-6.q16-3-dbgsym:i386 8:6.9.7.4+dfsg-6 i386 Debug symbols for libmagickcore-6.q16-3 ii libmagickwand-6.q16-3:i3868:6.9.7.4+dfsg-6 i386 image manipulation library -- quantum depth Q16 ii libmagickwand-6.q16-3-dbgsym:i386 8:6.9.7.4+dfsg-6 i386 Debug symbols for libmagickwand-6.q16-3 ii python-wand 0.4.4-1.1all Python interface for ImageMagick library (Python 2 build) Best, C.
Bug#861789: Please provide database.target as a synchronization point for applications providing databases and needing databases
How will a database.target solve anything in those not so uncommon setups: - database is remote or - one database needs another to start? Please consider: if you end up with a solution that only works for 90% of installations - fails on 10% - is that actually solving your problem? C.
Bug#861040: [DRE-maint] Bug#861040: camping: broken symlink: /usr/share/doc/camping/rdoc/fonts/Lato-RegularItalic.ttf -> ../../../../fonts/truetype/lato/Lato-RegularItalic.ttf
* Chris Lamb[170424 11:45]: > > The fonts-lato ships /usr/share/fonts/truetype/lato/Lato-Italic.ttf > > instead. > > Indeed. Patch attached. > - ln -s /usr/share/fonts/truetype/lato/Lato-RegularItalic.ttf > debian/camping/usr/share/doc/camping/rdoc/fonts/ > + ln -s /usr/share/fonts/truetype/lato/Lato-Italic.ttf > debian/camping/usr/share/doc/camping/rdoc/fonts/ Note that rdoc really expects a file named Lato-RegularItalic.ttf in that place. C.
Bug#860512: [DRE-maint] Bug#860512: ruby-ronn: fails on m68k (no fast_xs)
Hi, * Aaron M. Ucko[170418 04:27]: > ronn --roff debian/telegram-desktop.1.md > /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require': > cannot load such file -- fast_xs (LoadError) This usually means the ruby-fast-xs package is missing or broken or the search paths are incorrect. Please provide: - ruby -e 'puts RbConfig::CONFIG' - strace -eopen ronn --roff debian/telegram-desktop.1.md - installed versions of ruby* (esp. ruby-hpricot, ruby-fast-xs, ronn) PS: ronn hasn't seen any development since 2013. It's advisable to migrate off it. Cheers, C.
Bug#857650: [DRE-maint] Bug#857650: ruby-json: Please build java extension
* Miguel Landaeta[170313 19:45]: > I noticed ruby-json Java extension was not being built from this > package. > > So, since I need that to get JRuby unit tests passing and it should be > useful for real-world users, I added that missing component to this > package. > > If there are no objections to my approach (please see the debdiff > below), I was planning to merge this and do an upload to experimental > very soon. Looks mostly good to me. One thing: > diff -Nru ruby-json-2.0.1+dfsg/debian/control > ruby-json-2.0.1+dfsg/debian/control > --- ruby-json-2.0.1+dfsg/debian/control 2016-12-05 23:33:24.0 > + > +++ ruby-json-2.0.1+dfsg/debian/control 2017-03-13 11:54:41.0 > + > @@ -6,7 +6,11 @@ > Antonio Terceiro , > Cédric Boutillier > Build-Depends: debhelper (>= 9~), > + default-jdk, > gem2deb, > + git, ^^^ Is git actually needed for the build? As far as I can see from the build log, the git call ends up emitting just this error: > fatal: Not a git repository (or any of the parent directories): .git -ch
Bug#856337: systemd: please support kernel 4.4, or don't hardcode dm interface versions
* Michael Biebl[170228 14:57]: > TBH, I find it rather broken having to embed a local copy of dm-ioctl.h > to work around this. My feeling as well. > Christian, this version mismatch, does that happen for minor version > differences as well, like say 4.10.0 vs 4.10.1 or only major versions > like 4.10.x vs 4.11.x? The exact code in the kernel is: | if ((DM_VERSION_MAJOR != version[0]) || | (DM_VERSION_MINOR < version[1])) { | DMWARN("ioctl interface mismatch: " | "kernel(%u.%u.%u), user(%u.%u.%u), cmd(%d)", | DM_VERSION_MAJOR, DM_VERSION_MINOR, | DM_VERSION_PATCHLEVEL, | version[0], version[1], version[2], cmd); | r = -EINVAL; So: patchlevel (4.10.0 vs 4.10.1) does not matter, the 'minor' version (10 in 4.10) of userspace has to be lower or equal to the kernel's number. The bump from 4.34 to 4.35 happened in linux.git 545ed20e6df68a4d2584a29a2a28ee8b2f7e9547 which was then part of kernel 4.8. -c
Bug#856337: systemd: please support kernel 4.4, or don't hardcode dm interface versions
* Marc Lehmann[170228 02:21]: > Alternatively, since lvm and dmsetup from stretch do not have any issues > with kernel 4.4, I suspect systemd hardcodes version numbers in direct > calls instead of going through e.g. libdevmapper - going through a library > such as libdevmapper that hanmdles the kernel versions bettrer would also > take care of this issue, at least for current stretch. This is a direct result of the dm-ioctl.h header file shipped by the Linux kernel (and the linux-libc-dev package) - any program compiled against that official header file will embed the version number used to build. Building systemd (or anything else) against a newer kernel will result in this problem for older kernels. libdevmapper works around this by embedding an old copy of dm-ioctl.h ... -c
Bug#854449: dns-root-data: New root keys and hint file changes
Package: dns-root-data Version: 2015052300+h+1 Severity: important Dear Maintainers, IANA has published new hint files and new root keys. It'd be good if those would be updated for stretch. Thanks, -ch
Bug#854290: unblock: ruby-pdf-reader/1.4.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ruby-pdf-reader version 1.4.0-2 #850688 explains that the copies of the Type1 font files are not actually distributed under a DFSG-free license when the MustRead.html file is missing. This revision of the package just adds that file and updates d/copyright, which also was neglected in the past. debdiff below. Thanks, -ch unblock ruby-pdf-reader/1.4.0-2 diff -Nru ruby-pdf-reader-1.4.0/debian/changelog ruby-pdf-reader-1.4.0/debian/changelog --- ruby-pdf-reader-1.4.0/debian/changelog 2016-03-03 13:07:16.0 + +++ ruby-pdf-reader-1.4.0/debian/changelog 2017-02-05 19:10:44.0 + @@ -1,3 +1,11 @@ +ruby-pdf-reader (1.4.0-2) unstable; urgency=medium + + * Team upload. + * Include missing file for Type1 fonts license compliance, +and update debian/copyright. (Closes: #850688) + + -- Christian Hofstaedtler <z...@debian.org> Sun, 05 Feb 2017 19:10:44 + + ruby-pdf-reader (1.4.0-1) unstable; urgency=medium * Team upload. diff -Nru ruby-pdf-reader-1.4.0/debian/copyright ruby-pdf-reader-1.4.0/debian/copyright --- ruby-pdf-reader-1.4.0/debian/copyright 2016-03-03 12:52:32.0 + +++ ruby-pdf-reader-1.4.0/debian/copyright 2017-02-05 19:10:44.0 + @@ -11,6 +11,18 @@ Copyright: Copyright 2011 Cédric Boutillier <cedric.boutill...@gmail.com> License: Expat +Files: lib/pdf/reader/afm/* +Copyright: © 1985-1997, Adobe Systems Incorporated +License: other + Core 14 AFM Files - ReadMe + This file and the 14 PostScript(R) AFM files it accompanies may be used, + copied, and distributed for any purpose and without charge, with or without + modification, provided that all copyright notices are retained; that the AFM + files are not distributed without this file; that all modifications to this + file or any of the AFM files are prominently noted in the modified file(s); + and that this paragraph is not modified. Adobe Systems has no responsibility + or obligation to support the use of the AFM files. + License: Expat Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff -Nru ruby-pdf-reader-1.4.0/debian/patches/0001-add-licensefile.patch ruby-pdf-reader-1.4.0/debian/patches/0001-add-licensefile.patch --- ruby-pdf-reader-1.4.0/debian/patches/0001-add-licensefile.patch 1970-01-01 00:00:00.0 + +++ ruby-pdf-reader-1.4.0/debian/patches/0001-add-licensefile.patch 2017-02-05 19:10:44.0 + @@ -0,0 +1,7 @@ +Index: ruby-pdf-reader/lib/pdf/reader/afm/MustRead.html +=== +--- /dev/null ruby-pdf-reader/lib/pdf/reader/afm/MustRead.html +@@ -0,0 +1 @@ ++ Core 14 AFM Files - ReadMe or This file and the 14 PostScript(R) AFM files it accompanies may be used, copied, and distributed for any purpose and without charge, with or without modification, provided that all copyright notices are retained; that the AFM files are not distributed without this file; that all modifications to this file or any of the AFM files are prominently noted in the modified file(s); and that this paragraph is not modified. Adobe Systems has no responsibility or obligation to support the use of the AFM files. Col +\ No newline at end of file diff -Nru ruby-pdf-reader-1.4.0/debian/patches/series ruby-pdf-reader-1.4.0/debian/patches/series --- ruby-pdf-reader-1.4.0/debian/patches/series 2015-12-17 21:27:00.0 + +++ ruby-pdf-reader-1.4.0/debian/patches/series 2017-02-05 19:10:44.0 + @@ -1,3 +1,4 @@ +0001-add-licensefile.patch 0002-examples_rubygems.patch 0004-spec_fix_requires.patch 0006-spec_add_require_yaml.patch
Bug#854285: unblock: ruby-rabl/0.13.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ruby-rabl, version 0.13.0-2. This version adds a patch from Gilles Filippini to fix FTBFS bug #849315. While globally patching BSON to expose the removed 'serialize' method again might not be the nicest thing to do, I agree it's the best thing to do for stretch. (Effect limited to users importing ruby-rabl, very tiny change, no other packages appear to care about the specifics.) debdiff below. Thanks, -ch unblock ruby-rabl/0.13.0-2 diff -Nru ruby-rabl-0.13.0/debian/changelog ruby-rabl-0.13.0/debian/changelog --- ruby-rabl-0.13.0/debian/changelog 2016-08-24 10:43:46.0 + +++ ruby-rabl-0.13.0/debian/changelog 2017-02-05 17:37:31.0 + @@ -1,3 +1,13 @@ +ruby-rabl (0.13.0-2) unstable; urgency=medium + + * Team upload. + + [ Gilles Filippini ] + * def-bson-serialize.patch: reintroduce BSON.serialize method dropped +from ruby-bson since release 2.0.0 (Closes: #849315) + + -- Christian Hofstaedtler <z...@debian.org> Sun, 05 Feb 2017 17:37:31 + + ruby-rabl (0.13.0-1) unstable; urgency=medium * Imported Upstream version 0.13.0 diff -Nru ruby-rabl-0.13.0/debian/patches/def-bson-serialize.patch ruby-rabl-0.13.0/debian/patches/def-bson-serialize.patch --- ruby-rabl-0.13.0/debian/patches/def-bson-serialize.patch1970-01-01 00:00:00.0 + +++ ruby-rabl-0.13.0/debian/patches/def-bson-serialize.patch2017-02-05 17:37:31.0 + @@ -0,0 +1,36 @@ +Description: From ruby-bson upstream changelog [1]: + 2.0.0 + Backwards Incompatible Changes + ... + BSON.serialize is no longer the entry point to serialize a BSON + document into its raw bytes. + For Ruby runtimes that support ordered hashes, you may simply call + `to_bson` on the hash instance (Alternatively a `BSON::Document` is + also a hash: + { key: "value" }.to_bson + BSON::Document[:key, "value"].to_bson + For Ruby runtimes that do not support ordered hashes, then you must + instantiate an instance of a `BSON::Document` (which is a subclass of + hash) and call `to_bson` on that, since the BSON specification + guarantees order of the fields: + BSON::Document[:key, "value"].to_bson + . + [1] https://github.com/mongodb/bson-ruby/blob/master/CHANGELOG.md + . + This patch re-introduces BSON.serialize. +Author: Gilles Filippini <p...@debian.org> +Bug-Debian: https://bugs.debian.org/849315 +Index: ruby-rabl-0.13.0/lib/rabl/configuration.rb +=== +--- ruby-rabl-0.13.0.orig/lib/rabl/configuration.rb ruby-rabl-0.13.0/lib/rabl/configuration.rb +@@ -7,6 +7,9 @@ end + # We load the bson library if it is available. + begin + require 'bson' ++ def BSON.serialize data ++data.to_bson ++ end + rescue LoadError + end + diff -Nru ruby-rabl-0.13.0/debian/patches/series ruby-rabl-0.13.0/debian/patches/series --- ruby-rabl-0.13.0/debian/patches/series 1970-01-01 00:00:00.0 + +++ ruby-rabl-0.13.0/debian/patches/series 2017-02-05 17:37:31.0 + @@ -0,0 +1 @@ +def-bson-serialize.patch
Bug#854283: RM: kolabadmin -- RoQA; orphaned; upstream vanished; no related packages in Debian
Package: ftp.debian.org Severity: normal Dear ftpmasters, as outlined by one of the previous maintainers in #807711, kolabadmin should have been gone a while ago: - upstream has vanished - orphaned in Debian - no other kolab packages are in Debian, so use is very limited - unclear if it works with current kolab Please remove kolabadmin from sid. Thanks, -ch
Bug#854282: RM: pydirector -- RoQA; orphaned; upstream abandoned; will not work with py3k
Package: ftp.debian.org Severity: normal Dear ftpmasters, please remove pydirector, which has not seen any upstream activity since 1.0.0 (already in o-o-stable), and the previous maintainer has also orphaned it. There's an open bug suggesting that in error cases, it will not work under any of the shipping Python 2.x versions, and I do not see how this package will ever work under Python 3.x. Previous maintainer CC'ed. Thanks, -ch
Bug#854269: unblock: ruby-gettext/3.2.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ruby-gettext. I have no idea what happened, but -2 apparently never made it into unstable, even though it was prepared in November 2016. I can confirm that it fixes the FTBFS bug (#840789) and the problems under autopkgtest. debdiff below. Thanks for considering, -ch unblock ruby-gettext/3.2.2-2 diff -Nru ruby-gettext-3.2.2/debian/changelog ruby-gettext-3.2.2/debian/changelog --- ruby-gettext-3.2.2/debian/changelog 2016-08-08 15:56:05.0 + +++ ruby-gettext-3.2.2/debian/changelog 2016-11-03 08:57:28.0 + @@ -1,3 +1,17 @@ +ruby-gettext (3.2.2-2) unstable; urgency=medium + + [ Antonio Terceiro ] + * Avoid calling rake in debian/ruby-tests.rb; instead, just load +test/run-test.rb; that is the same as what the Rakefile would do, but the +Rakefile would also try to write to lib/gettext/po_parser.rb under +autopkgtest because lib/ is moved away. This fixes the test suite under +autopkgtest + [ Hleb Valoshka ] + * Set external encoding in tests with Encoding.default_external not LC_ALL + * Use ruby-test-unit-rr instead of -rr and -test-unit (Closes: #840789) + + -- Hleb Valoshka <375...@gmail.com> Thu, 03 Nov 2016 11:57:28 +0300 + ruby-gettext (3.2.2-1) unstable; urgency=medium [ Cédric Boutillier ] diff -Nru ruby-gettext-3.2.2/debian/control ruby-gettext-3.2.2/debian/control --- ruby-gettext-3.2.2/debian/control 2016-08-08 15:56:05.0 + +++ ruby-gettext-3.2.2/debian/control 2016-11-03 08:57:28.0 + @@ -8,8 +8,7 @@ racc, rake, ruby-locale (>= 2.0.5), - ruby-rr, - ruby-test-unit (>= 2.5.4), + ruby-test-unit-rr, ruby-text (>= 1.3.0), yard Standards-Version: 3.9.8 diff -Nru ruby-gettext-3.2.2/debian/ruby-tests.rb ruby-gettext-3.2.2/debian/ruby-tests.rb --- ruby-gettext-3.2.2/debian/ruby-tests.rb 2016-08-08 15:56:05.0 + +++ ruby-gettext-3.2.2/debian/ruby-tests.rb 2016-11-03 08:57:28.0 + @@ -1,7 +1,3 @@ -ENV['LC_ALL'] = 'C.UTF-8' +Encoding.default_external = 'UTF-8' -require 'rake' -app = Rake.application -app.init -app.load_rakefile -app['test'].invoke +load 'test/run-test.rb'
Bug#853244: ruby-sshkit: Non-determistically FTBFS due to unreliable timing in tests
* Chris Lamb <la...@debian.org> [170204 21:46]: > Christian Hofstaedtler wrote: > > I agree this is suboptimal, but these operations succeed on modern > > hardware including the buildd network > > I'm not so sure. Not only are these not "tests" (in the Martin Fowler > sense that they are nondeterminstic), Even tests can have bugs :-) Thing is, upstream thought these tests provide value, even if they depend on a certain base performance of the machine they are running on. We can certainly disable those tests, but neither disabling them or keeping them as is strikes me as the right thing to do. > but we can actually trigger them > on the Reproducible Builds testing framework: > > https://tests.reproducible-builds.org/debian/logs/unstable/amd64/ruby-sshkit_1.9.0-1.build2.log.gz > > so throwing developer manpower at this is a bad investment at > > this time. > > Would the idea that they interfere with running QA efforts across the > archive change your mind? :) I can see that, but the reality is that there's only so many people looking at bugs. (Assuming "interfere" means you file a note in reproducible notes git and move on.) I've asked micah to take a look though. Cheers, -ch
Bug#850688: ruby-pdf-reader: contains non-free Adobe AFM fonts
* Jonas Smedegaard[170205 16:39]: > The ruby-pdf-reader package includes fonts not freely licensed. > > E.g. /usr/lib/ruby/vendor_ruby/pdf/reader/afm/Times-Bold.afm I have no idea what to do about that. In any case, here are some more: https://packages.debian.org/search?suite=stretch=contents=Times-Bold.afm Please also file bugs against those. -ch
Bug#853244: ruby-sshkit: Non-determistically FTBFS due to unreliable timing in tests
Control: severity -1 important * Chris Lamb[170204 13:15]: > Source: ruby-sshkit > Version: 1.9.0-1 > Severity: serious > Dear Maintainer, > > ruby-sshkit's testsuite appears to use method timing/benchmarking in > such a way that it will non-deterministically FTBFS: > > 117 def assert_within_10_ms(array) > 118 assert_in_delta(*array, 0.01) # 10 msec > 119 end I agree this is suboptimal, but these operations succeed on modern hardware including the buildd network, so throwing developer manpower at this is a bad investment at this time. Best, -ch
Bug#843474: ruby-ethon: FTBFS: [BUG] Segmentation fault at 0x007f2767e0d800
Control: severity -1 normal Control: tags -1 + unreproducible moreinfo > ruby-ethon fails to build from source in unstable/amd64: Builds for me just fine in sbuild (multiple builds). More info needed. Best, -ch
Bug#853841: [DRE-maint] Bug#853841: schleuder: Decide how the schleuder v2 -> v3 upgrade path should look like
* Georg Faerber[170201 13:15]: > - schleuder doesn't exist in jessie, but in wheezy. > - According to popcon, there are currently four installs out there. > - I'm aware of some large installations with >100 lists each. > Upstream is more in favor of failing (hence the code) if v2 data is > found, asking the user to move the data out of the way, resume the > install and migrate after this, which is a (more) manual process then; > but maybe this would be tolerable as well, because, I guess, most people > running schleuder have at least some basic script skills. A positive > side effect would be to cleanup up '/var/lib/schleuder', so we don't > keep old data inside there "forever". I'd think moving /var/lib/schleuder out of the way in the postinst is acceptable here; just let the user know you're doing that (print something, don't use debconf). -ch
Bug#853875: [DRE-maint] Bug#853875: ruby-signet: conflicts with ruby-uuidtools over securerandom.rb
Control: clone -1 -2 Control: reassign -2 ruby-uuidtools Control: severity -2 important * Aaron M. Ucko[170201 19:15]: > Package: ruby-signet > Version: 0.7.3-1 > Severity: serious > Justification: Policy 6.6(4) > > ruby-signet is impossible to install alongside ruby-uuidtools: > > Unpacking ruby-signet (0.7.3-1) ... > dpkg: error processing archive > /tmp/user/0/apt-dpkg-install-psUCUp/19-ruby-signet_0.7.3-1_all.deb (--unpack): >trying to overwrite '/usr/lib/ruby/vendor_ruby/compat/securerandom.rb', > which is also in package ruby-uuidtools 2.1.5-1 > > Could you please take a look? You might consider splitting > securerandom.rb into its own package > ... Actually none of these should ship securerandom.rb, as > require 'securerandom' works just fine in the Ruby shipping with stretch. -ch
Bug#851841: xonsh: jobs and backgrounding broken
* Gordon Ball[170123 00:23]: > I have upgraded the bug to severity:serious to prevent migration, so > stretch will get 0.4.7 and unstable will be updated when patches for 0.5 > are available. That clearly did not work. 0.5.2+dfsg-1 is now in stretch. -ch
Bug#852256: #661591 for avahi-autoipd
The hook installed by avahi-autoipd unconditionally runs avahi-autoipd -k when dhclient assigns an IP. When the interface was not configured beforehand, no daemon is running, and the -k invocation will cause an exit code of 1. This in turn causes ifup to exit with 1, and the interface will end up in a half-configured state, and the ifup@.service service will show an error state. -ch
Bug#852229: failing to log output at boot time
* 積丹尼 Dan Jacobson[170122 18:13]: > Package: systemd > Version: 232-12 > > As you see in Bug#852194, systemd is failing to log its output at boot time. It's hard to understand which message you're exactly refering to, but I've found some weirdness: I've made systemd-modules-load.service fail (echo athingthatdoesnotexist >> /etc/modules), and in 232-13, there is indeed this message in the journal: Jan 22 19:21:00 sxl systemd[1]: Listening on Journal Socket. Jan 22 19:21:00 sxl systemd-journald[302]: Journal started Jan 22 19:21:00 sxl systemd-journald[302]: Runtime journal (/run/log/journal/48e9d21e953d4a28860cd5e78cddae4c) is 0B, max 0B, 0B free. Jan 22 19:21:00 sxl systemd-modules-load[303]: Failed to find module 'athingthatdoesnotexist' Previously this was longer, indicating that systemd-modules-load.service failed to start. (I saw the extra messages when running stretch with 232-8, but downgrading systemd, systemd-sysv, libsystemd0 to 232-8 does not make the messages reappear.) Messages as appearing in syslog, previously: Jan 22 19:12:46 sxl systemd-modules-load[309]: Failed to find module 'athingthatdoesnotexist' Jan 22 19:12:46 sxl systemd[1]: systemd-modules-load.service: Main process exited, code=exited, status=1/FAILURE Jan 22 19:12:46 sxl systemd[1]: Failed to start Load Kernel Modules. Jan 22 19:12:46 sxl systemd[1]: systemd-modules-load.service: Unit entered failed state. Jan 22 19:12:46 sxl systemd[1]: systemd-modules-load.service: Failed with result 'exit-code'. Also, with 232-13, systemctl status does not show the error that's present in the journal: root@sxl:~# date ; systemctl status systemd-modules-load.service Sun Jan 22 19:25:41 CET 2017 ● systemd-modules-load.service - Load Kernel Modules Loaded: loaded (/lib/systemd/system/systemd-modules-load.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Sun 2017-01-22 19:21:00 CET; 4min 41s ago Docs: man:systemd-modules-load.service(8) man:modules-load.d(5) Main PID: 303 (code=exited, status=1/FAILURE) Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. If the error happens after boot, status works as expected: root@sxl:~# systemctl stop systemd-modules-load.service root@sxl:~# systemctl start systemd-modules-load.service Job for systemd-modules-load.service failed because the control process exited with error code. See "systemctl status systemd-modules-load.service" and "journalctl -xe" for details. root@sxl:~# systemctl status systemd-modules-load.service ● systemd-modules-load.service - Load Kernel Modules Loaded: loaded (/lib/systemd/system/systemd-modules-load.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Sun 2017-01-22 19:29:18 CET; 2s ago Docs: man:systemd-modules-load.service(8) man:modules-load.d(5) Process: 1306 ExecStart=/lib/systemd/systemd-modules-load (code=exited, status=1/FAILURE) Main PID: 1306 (code=exited, status=1/FAILURE) Jan 22 19:29:18 sxl systemd[1]: Starting Load Kernel Modules... Jan 22 19:29:18 sxl systemd[1]: systemd-modules-load.service: Main process exited, code=exited, status=1/FAILURE Jan 22 19:29:18 sxl systemd[1]: Failed to start Load Kernel Modules. Jan 22 19:29:18 sxl systemd[1]: systemd-modules-load.service: Unit entered failed state. Jan 22 19:29:18 sxl systemd[1]: systemd-modules-load.service: Failed with result 'exit-code'. So, wild guess... race condition between journald starting and services starting just after it? -ch (puzzled)
Bug#833256: shadow and util-linux
* Andreas Henriksson <andr...@fatal.se> [170122 17:25]: > [..] > # chsh > > shadowutil-linux > > -h (== --help)-u (== --help) > > -R chroot-dir > --root chroot-dir > > (not listing the options only existing in util-linux) > > > The strict validation of only valid shells allowed for non-root seems > to be a COMPILE-TIME "opt-in" feature in util-linux version: > --enable-chsh-only-listed > (Default in util-linux is to just warn when setting shell not listed in > /etc/shells.) >From a quick look at 2.29.1-1, it appears to be a compile-time opt-out feature. From ./configure --help: --disable-chsh-only-listed chsh: allow shells not in /etc/shells > # newgrp > > The optional command-line '-' in shadow not supported in util-linux version. > > The shadow man page is much longer and describes possible additional > functionality in shadow version (this needs further investigation): > > * password prompting > * gshadow u-l newgrp reads gshadow (and falls back to group) for the password, and does password prompting, if a password is set. > The shadow version has (compile-time optional) support for login.defs > variable SYSLOG_SG_ENAB but that's not available in (any) util-linux tool. Note that in shadow, this is compile-time and run-time enabled in Debian. > # vipw > > The shadow version of vipw and vigr supports many command-line options, while > the util-linux equivalents only supports: > > -h --help > (-V --version) The biggest issue I'm seeing there is the behaviour rgd. the shadow files. shadow vipw/vigr allow you to say --shadow to just edit the respective shadow file. u-l vipw/vigr do not have this flag, and interactively prompt after editing the normal file, if the user wants to change the shadow file too. shadow vipw/vigr also have --passwd/--group, but personally I see no value in supporting `vigr --passwd` ... -- christian hofstaedtler <z...@debian.org>
Bug#833256: Patch for tryout
For anyone wanting to try the binaries from u-l, here's a simple (and likely wrong) patch against u-l git, that produces a util-linux.deb with the binaries included. Use at your own risk :-) >From 140d9982e75e7cd313a91a3ba8b7bd8a9fb0e283 Mon Sep 17 00:00:00 2001 From: Christian Hofstaedtler <z...@debian.org> Date: Sun, 22 Jan 2017 16:01:51 + Subject: [PATCH] Build login, nologin, su, chsh, chfn from this package --- debian/control| 5 - debian/rules | 6 -- debian/util-linux.install | 5 + 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/debian/control b/debian/control index 4bf4359ad..e514c1119 100644 --- a/debian/control +++ b/debian/control @@ -37,7 +37,10 @@ Replaces: bash-completion (<< 1:2.1-4.1~), sysvinit-utils (<< 2.88dsf-59.1~), initscripts (<< 2.88dsf-59.2~), mount (= 2.26.2-3), - mount (= 2.26.2-3ubuntu1) + mount (= 2.26.2-3ubuntu1), + passwd (<= 1:4.4-2), + login (<= 1:4.4-2), + bash-completion (<= 1:2.1-4.3) Breaks: bash-completion (<< 1:2.1-4.1~), grml-debootstrap (<< 0.68), cloud-utils (<< 0.27-1~), diff --git a/debian/rules b/debian/rules index 227577bfb..1c0cf70f4 100755 --- a/debian/rules +++ b/debian/rules @@ -36,16 +36,10 @@ CONFOPTS += --without-python CONFOPTS += --enable-libmount-force-mountinfo # disable utilities shipped by other packages -# => login -CONFOPTS += --disable-login -CONFOPTS += --disable-nologin -CONFOPTS += --disable-su # => procps CONFOPTS += --disable-kill # => eject CONFOPTS += --disable-eject -# => passwd -CONFOPTS += --disable-chfn-chsh ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) CROSS := diff --git a/debian/util-linux.install b/debian/util-linux.install index bbe347c3c..31dfd228e 100755 --- a/debian/util-linux.install +++ b/debian/util-linux.install @@ -30,6 +30,11 @@ sbin/sulogin sbin/swaplabel sbin/wipefs sbin/zramctl[linux-any] +bin/su +bin/login +sbin/nologin +usr/bin/chsh +usr/bin/chfn usr/bin/chrt [!hurd-any] usr/bin/flock usr/bin/getopt -- 2.11.0
Bug#852228: Please use -a instead of -s when calling dh_fixperms
Source: util-linux Version: 2.29.1-1 Severity: wishlist Tags: patch dh_fixperms complains that -s is a deprecated option. Trivial patch attached. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `- >From 7d511e8669e6b20d7b3eced09022739d34a3e196 Mon Sep 17 00:00:00 2001 From: Christian Hofstaedtler <z...@debian.org> Date: Sun, 22 Jan 2017 16:35:59 + Subject: [PATCH] Fix debhelper -s deprecation warning --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index cc8c07e1d..e26dbcebb 100755 --- a/debian/rules +++ b/debian/rules @@ -173,7 +173,7 @@ override_dh_makeshlibs: --add-udeb=libuuid1-udeb override_dh_fixperms: - dh_fixperms -i -s -Xusr/bin/wall -Xbin/mount -Xbin/umount + dh_fixperms -i -a -Xusr/bin/wall -Xbin/mount -Xbin/umount override_dh_auto_test: ifeq ($(DEB_HOST_ARCH_OS), linux) -- 2.11.0
Bug#833256: shadow and util-linux
* Christian Hofstaedtler <z...@debian.org> [170122 17:06]: > * Andreas Henriksson <andr...@fatal.se> [170122 15:31]: > > Also note the following su related patches carried in Debian shadow package: > > http://sources.debian.net/src/shadow/1:4.4-2/debian/patches/523_su_arguments_are_concatenated/ > > http://sources.debian.net/src/shadow/1:4.4-2/debian/patches/523_su_arguments_are_no_more_concatenated_by_default/ > > Both seems obsolete (the second one even says to be dropped after etch > > which was released 2007). > > (Also pbuilder seems to have switched from su to start-stop-daemon.) > > Dropping the second one sure sounds safe, but the first one looks > like it changes commonly used behaviour? How does su from util-linux handle > that? After some testing (and discussion on IRC), I can't find a difference in -c and -- handling between u-l su and Debian's current su *. So whatever those patches do exactly, they are not preventing us from switching. * ignoring the extra env var SU_NO_SHELL_ARGS that Debian's su supports. -- christian hofstaedtler <z...@debian.org>
Bug#833256: shadow and util-linux
Chiming in here because I can send email. * Andreas Henriksson <andr...@fatal.se> [170122 15:31]: > [andreas was looking at the unsupported features in su from > util-linux]: > [..] > > > DEFAULT_HOME > > util-linux has the opposite default (only warn), and doesn't support > manual configuring this setting. > http://sources.debian.net/src/util-linux/2.29.1-1/login-utils/su-common.c/#L979 > > Might be useful to implement support for this setting in util-linux. > Question remains about default, maybe implement a configure time setting > for the default? > > How much do we really care about this setting though? > > I personally don't think this is a blocker (for su - for login it would > be important to support it), would rather consider it a wishlist feature > request than anyone is free to submit a patch to upstream for if they > want to see it supported. > > > => consider as potential wishlist-severity feature request if anyone is >interested?! The /etc/login.defs file as shipped in login today has this set to "yes". Having login and su behave differently does not appear to be an option today, so I don't think "no" for this setting is actually important? > > SULOG_FILE > > It seems shadow had the intention for *optional* support of syslog (but > it's actually always enabled at compile-time and configurable at > runtime), and non-optional support for built-in logging system. This is > likely something we want the opposite way around in a modern system, so > I'd advocate for deprecating this option if we move to util-linux su. > > > => consider deprecated?! (Possibly implement a warning on upgrades on >systems which has it set?) +1 > > SU_NAME > > This seems like a pretty superficial feature to me. > > (Note: messing with argv0 also seems to cause problems when busybox > is being used as /bin/sh as experienced by OpenEmbedded.) > > => consider deprecated?! +1 > > SYSLOG_SU_ENAB > > In util-linux syslog logging is mandatory. I don't see a reason to be > able to switch it off. > > > => consider deprecated?! +1 > > > Also note the following su related patches carried in Debian shadow package: > http://sources.debian.net/src/shadow/1:4.4-2/debian/patches/523_su_arguments_are_concatenated/ > http://sources.debian.net/src/shadow/1:4.4-2/debian/patches/523_su_arguments_are_no_more_concatenated_by_default/ > Both seems obsolete (the second one even says to be dropped after etch > which was released 2007). > (Also pbuilder seems to have switched from su to start-stop-daemon.) Dropping the second one sure sounds safe, but the first one looks like it changes commonly used behaviour? How does su from util-linux handle that? Cheers, -- christian hofstaedtler <z...@debian.org>
Bug#850968: CVE-2016-2788
* Moritz Muehlenhoff <j...@debian.org> [170121 23:16]: > Source: mcollective > > Please see https://puppet.com/security/cve/cve-2016-2788 Looks like the fix is in this commit/merge: https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d I've checked the 2.6.x branch and it appears to have the vulnerable code too. -- christian hofstaedtler <z...@debian.org>
Bug#850762: setserial: missing dependency on lsb-base
* Adrian Bunk <b...@debian.org> [170120 19:57]: > Control: reopen -1 > > On Fri, Jan 20, 2017 at 12:42:38AM +0100, Christian Hofstaedtler wrote: > > Hi, > > > > * Andreas Beckmann <a...@debian.org> [170119 23:40]: > > > Selecting previously unselected package setserial. > > > (Reading database ... > > > (Reading database ... 4394 files and directories currently installed.) > > > Preparing to unpack .../setserial_2.17-49.1_amd64.deb ... > > > Unpacking setserial (2.17-49.1) ... > > > Setting up setserial (2.17-49.1) ... > > > removing the old setserial entry in the rcn.d directories > > > Update complete. > > > update-rc.d: warning: start and stop actions are no longer supported; > > > falling back to defaults > > > update-rc.d: warning: start and stop actions are no longer supported; > > > falling back to defaults > > > update-rc.d: warning: start and stop actions are no longer supported; > > > falling back to defaults > > > update-rc.d: warning: start and stop actions are no longer supported; > > > falling back to defaults > > > /etc/init.d/setserial: 35: .: Can't open /lib/lsb/init-functions > > > > It is believed that this is fixed with the newer > > init-system-helpers - the invoke-rc.d call should now be ignored in > > chroots that miss an init system. > > (And, if sysvinit is present, the missing file is present, or if > > systemd is present, setserial.service is used instead.) > > You are looking at the wrong line. > The update-rc.d warnings are non-fatal warnings. > > The error is the "Can't open /lib/lsb/init-functions" in the last line. I was refering to that line. > (lintian also gives an error for this bug.) A very misguided one though. I'll leave this for someone else to test, there may very well be additional issues hiding in postinst. Best, -- christian hofstaedtler <z...@debian.org>
Bug#851161: CVE-2016-2337 CVE-2016-2339
* Salvatore Bonaccorso <car...@debian.org> [170120 09:48]: > > For the TclTk issue, looks like this upstream patch: > > https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab > > If this is the correct patch, 2.3.0 has this fixed, but 2.1.x needs > > a patch. > > Thanks added the commit as well, and the fixed version to the tracker. I > *think*, although a problem in the source, this might not rally need an update > in jessie via a DSA, since the issue is incombination with cancel_eval which > is > supported in Tcl/Tk8.6 or later, but we don't have that for jessie. So I would > tend to just mark that one as no-dsa at least. Or do I miss something? Right; I didn't remember we are building with tcl8.5 in jessie. So looks like no-dsa for that, yes. It looks like the patch might just apply as is to ruby2.1, so when doing an update we could try sticking it in just because. Best regards, -ch -- christian hofstaedtler <z...@debian.org>
Bug#851161: CVE-2016-2339
Control: reassign -1 ruby2.1 Control: found -1 2.1.5-2+deb8u3 Hi, * Moritz Muehlenhoff <j...@debian.org> [170120 00:05]: > this has been assigned CVE-2016-2339: > http://www.talosintelligence.com/reports/TALOS-2016-0034/ > > Patch is here: > https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42 If I'm reading all those right, this is actually fixed since 2.3.0; this issue is likely open in 2.1.x. Reassigning. For the TclTk issue, looks like this upstream patch: https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab If this is the correct patch, 2.3.0 has this fixed, but 2.1.x needs a patch. Would be good if somebody could crosscheck this. Thanks, -- christian hofstaedtler <z...@debian.org>
Bug#849821: pdns-recursor: Crash with DNSSEC enabled
Hi Chris, there's a new pdns-recursor 4.0.4-1 in sid, maybe you could give it a try. Best, -- christian hofstaedtler <z...@debian.org>
Bug#849401: restart silently fails
* Francesco Poli <invernom...@paranoici.org> [170115 17:39]: > Christian, have you decided which strategy should be adopted for the > ISCONFIGURED handling? I'm going to set the default UPSTYPE to usb, so there will be no activity on /dev/ttyS0 caused by the default configuration, and then ignoring ISCONFIGURED under systemd should be okay. -- christian hofstaedtler <z...@debian.org>
Bug#851586: pdns-backend-mysql: fails to upgrade from 'jessie': mysql said: ERROR 1074 (42000) at line 15: Column length too big for column 'comment' (max = 21845); use BLOB or TEXT instead
Control: tags -1 - wontfix * Andreas Beckmann <a...@debian.org> [170116 18:36]: > On 2017-01-16 17:56, Christian Hofstaedtler wrote: > > The SQL upgrade scripts have been patched to work with MariaDB > > instead. As long as MySQL 5.7 and MariaDB 10.x do not align their > > limitations, this will stay as is (or until Debian picks MySQL > > again). > > Thanks for the info. > Should the package come with a Breaks: mysql-server-5.7 in that case? Doubt it - the used mysql server may very well be remote and/or the local one may be used for something different. > Does the package work on Ubuntu (which should have mysql-server-5.7 as > default?) Interesting. Probably not then? MariaDB conditional comment syntax: https://mariadb.com/kb/en/mariadb/comment-syntax/ Unfortunately this has no "else" clause... -- christian hofstaedtler <z...@debian.org>
Bug#851586: pdns-backend-mysql: fails to upgrade from 'jessie': mysql said: ERROR 1074 (42000) at line 15: Column length too big for column 'comment' (max = 21845); use BLOB or TEXT instead
Control: severity -1 wishlist Control: tag -1 + wontfix * Andreas Beckmann <a...@debian.org> [170116 17:39]: > creating database backup in > /var/cache/dbconfig-common/backups/pdns-backend-mysql_3.4.1-4+deb8u6.2017-01-14-15.05.20. > applying upgrade sql for 3.4.1-4+deb8u6 -> 4.0.1-6. > error encountered processing > /usr/share/dbconfig-common/data/pdns-backend-mysql/upgrade/mysql/4.0.1-6: > mysql said: ERROR 1074 (42000) at line 15: Column length too big for column > 'comment' (max = 21845); use BLOB or TEXT instead > This was observed during a jessie->sid upgrade which picked a mysql-5.5 -> > mysql-5.7 upgrade for the database server. > Feel free to downgrade the severity if this bug is specific to that weird > combination. The SQL upgrade scripts have been patched to work with MariaDB instead. As long as MySQL 5.7 and MariaDB 10.x do not align their limitations, this will stay as is (or until Debian picks MySQL again). I'd welcome help in making those scripts work with all versions of MariaDB/MySQL though... Best, -- christian hofstaedtler <z...@debian.org>
Bug#851412: #851412: libsystemd segfaults on mips64el
* Michael Biebl <bi...@debian.org> [170115 19:09]: > Am 15.01.2017 um 14:12 schrieb Christian Hofstaedtler: > > PS: libsystemd does not appear to have a -dbgsym package. > > > > It does, at least on amd64 > > libsystemd0-dbgsym: > Installed: (none) > Candidate: 232-10 > Version table: > 232-10 500 > 500 http://debug.mirrors.debian.org/debian-debug > unstable-debug/main amd64 Packages > > Did you miss the "0" ? No; appears to be some other, unidentified issue with the mips64el schroot on eller.d.o. Best, -ch -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#851412: #851412: libsystemd segfaults on mips64el
Control: affects -1 + pdns pdns-recursor Hi, pdns and pdns-recursor link against libsystemd, and this bug causes both of them to just segfault on startup on mips64el. Tiny reproducer: (sid_mips64el-dchroot)zeha@eller:~$ cat foo.c int main() { } (sid_mips64el-dchroot)zeha@eller:~$ make foo LDFLAGS=-lsystemd cc -lsystemd foo.c -o foo (sid_mips64el-dchroot)zeha@eller:~$ gdb --args foo GNU gdb (Debian 7.12-4) 7.12 Copyright (C) 2016 Free Software Foundation, Inc. This GDB was configured as "mips64el-linux-gnuabi64". Type "show configuration" for configuration details. Reading symbols from foo...(no debugging symbols found)...done. (gdb) run Starting program: /home/zeha/foo [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/mips64el-linux-gnuabi64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. _IO_new_fclose (warning: GDB can't find the start of the function at 0xfff7f2fd27. GDB is unable to find the start of the function at 0xfff7f2fd27 and thus can't determine the size of that function's stack frame. This means that GDB may be unable to access that stack frame, or the frames below it. This problem is most likely caused by an invalid program counter or stack pointer. However, if you think GDB should simply search farther back from 0xfff7f2fd27 for code which looks like the beginning of a function, you can increase the range of the search using the `set heuristic-fence-post' command. fp=0x1) at iofclose.c:48 48 iofclose.c: No such file or directory. (gdb) bt full #0 _IO_new_fclose (fp=0x1) at iofclose.c:48 status = #1 0x00fff7f2fd28 in ?? () from /lib/mips64el-linux-gnuabi64/libsystemd.so.0 No symbol table info available. (gdb) quit A debugging session is active. Inferior 1 [process 11890] will be killed. Quit anyway? (y or n) y (sid_mips64el-dchroot)zeha@eller:~$ ls -la /etc/machine-id ls: cannot access '/etc/machine-id': No such file or directory PS: libsystemd does not appear to have a -dbgsym package. -- christian hofstaedtler <z...@debian.org>
Bug#849401: restart silently fails
* Francesco Poli <invernom...@paranoici.org> [170113 00:15]: > On Wed, 11 Jan 2017 23:17:47 +0100 Christian Hofstaedtler wrote: > > Suggestions on the actual implementation also welcome ;-) > > I am no systemd expert, but, after reading a bit of the > systemd.service(5) man page, I would think about adding another > ExecStartPre= (before the already existing one) and using it to run a > script that fails in case ISCONFIGURED is not "yes"... > > But of course, I am not sure that making the "service apcupsd restart" > command fail during the configuration of a newly installed apcupsd > package is a good idea... Exactly. I think this is basically the "between a rock and a hard place" situation. Do it right for new installs and break upgrades or do it right for upgrades and new installs get the silly treatment. -ch
Bug#849401: restart silently fails
* Francesco Poli <invernom...@paranoici.org> [170111 22:51]: > However, I glanced over the diff between > apcupsd_3.14.14-0.2.debian.tar.xz and the proposed > apcupsd_3.14.14-0.3.debian.tar.xz: the only thing that looks suspicious > is that the apcupsd.service file seems to lack any check for the > ISCONFIGURED variable in /etc/default/apcupsd (unlike apcupsd.init, > which aborts whenever that variable is not set to "yes"). > > Is this intentional? > I think that the check should be implemented somehow... It's intentional for the test packages. I did not want to spend time on implementing that if the proposed change doesn't work in the first place. Suggestions on the actual implementation also welcome ;-) (TBH, if I did this package anew today, I'd probably just install with the service disabled/masked and not do the ISCONFIGURED dance, but it's not a new package and it's not my package...) -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#849401: restart silently fails
Hi, * Daniel Pocock[170106 11:06]: > > Is anyone able to reproduce the issue on current Debian testing? > > > > How long does it take for your apcupsd daemon to shutdown? > > My UPS uses SNMP signalling, I wonder if that makes the daemon shut > down more slowly. Likely. I can't test this (my UPS is broken and it'd be a serial one anyway), but here are some test packages with a systemd service file: https://people.debian.org/~zeha/apcupsd/ Please report back if those work for you and if the restart issue is fixed. Note that successful testing also needs to include a powerfail test really. -ch
Bug#849821: pdns-recursor: Crash with DNSSEC enabled
Hi Chris, * Chris Boot[170102 18:45]: > I updated to 4.0.3-5 on Saturday, and have just experienced another > crash. This time I also got double-free/corruption errors: Hmm. Upstream is also a bit at a loss with those weird crashes. Your stacktrace was at least useful to probably rule out the libssl and the getZoneCuts issues. There's now a 4.0.3-6 in unstable that's closer to the current 4.0.x release branch (-5 was missing a few more changesets). Maybe you could try that? Thanks, -ch
Bug#849821: pdns-recursor: Crash with DNSSEC enabled
Chris, * Chris Boot <bo...@debian.org> [161231 16:18]: > Sure, that's now installed, now I just need to wait for it to fail > again. This will probably take several days; I'll get back to you when > it next crashes. Great! Incidentally, I've just uploaded version 4.0.3-5, which might fix the crash. Would be good if you could test againt that version. Thanks, -ch -- christian hofstaedtler <z...@debian.org>
Bug#849821: pdns-recursor: Crash with DNSSEC enabled
Hi, * Chris Boot <bo...@debian.org> [161231 15:39]: > Version: 4.0.3-4 > > Since the upgrade from 4.0.3-3 to 4.0.3-4 I have been experiencing > intermittent crashes in pdns-recursor. I have so far not managed to get > a core dump from the daemon, so have resorted to running the process > within gdb to catch a backtrace. Thank you for your report! Upstream has asked if you could install libssl1.1-dbg and capture the stack of all threads when this happens? (With "thread apply all bt full" in gdb.) Cheers, -- christian hofstaedtler <z...@debian.org>
Bug#833245: openssl-blacklist: Uses obsolete compressor for .deb data.tar member
* Moritz Muehlenhoff <j...@inutil.org> [161221 23:22]: > > Source: openssl-blacklist > > Instead of fixing this, should we just remove the package? It's been almost > a decade since CVE-2008-0166 happened, I don't think it serves any purpose > any longer. Cloned as #833245 to ftp.debian.org for RM. There's still one r-dep to update. -- christian hofstaedtler <z...@debian.org>
Bug#848616: #848616: mysql_install_db creates unusable root user
* Otto Kekäläinen <o...@debian.org> [161221 23:11]: > To be able to access your test database anyway, use > --skip-grant-tables to circumvent authentication (which is not needed > on a test database, right?). Test suites also test authentication failure, and GRANT statements. None of these work with --skip-grant-tables. -- christian hofstaedtler <z...@debian.org>
Bug#849019: O: clearsilver -- fast, powerful, and language-neutral HTML template system
Package: wnpp Severity: normal All maintainers of the clearsilver package are not active anymore, therefore I'm hereby orphaning it. Maintaining a package takes time. Before you adopt it, please consider if you will have enough time to keep maintenance up. -- zeha
Bug#845106: #845106: x11vnc: configure does not find libssl, builds without OpenSSL support
* Christian Beier <christian.cb.be...@googlemail.com> [161219 23:35]: > So, honestly, I don't know what should happen when the original author of some > project apparently goes MIA. (Are you there, Karl?) Can the community simply > "take over" the project or should https://github.com/LibVNC/x11vnc technically > considered to be a fork? > > What is Debian's experience with situations like that? I'm sure stuff like > this > has happened before... This is mostly for the package maintainer in Debian to decide; often "taking the one active fork" is the only option one has, but not always the correct one. I'm sure Fathi will do the right thing once the key situation is sorted :-) Maybe Vagrant (in CC, as one of his packages depends on x11vnc) also has input on the fork. Best, -- christian hofstaedtler <z...@debian.org>
Bug#831965: asciidoc: FTBFS with dpkg-buildpackage -A: doc/testasciidoc.1: No such file or directory at /usr/bin/dh_installman line 131.
* Joseph Herlant <herla...@gmail.com> [161219 19:21]: > Did you upload al the last changes that happened to the repo since > 2014 or only this particular patch? Just that patch to sort out this severity serious bug. I'm not sure what else is in git, etc. If you need a sponsor for those changes, I could take a look though. -- christian hofstaedtler <z...@debian.org>
Bug#848603: Enable innodb_large_prefix
* Otto Kekäläinen <o...@seravo.fi> [161219 22:21]: > We live in a world where WordPress sites expect to be able to save > emojis in comments :) Sure, but other apps expect their indexes to work. > We have had utf8mb4 as default in Debian and Ubuntu for a many years. Possibly, but it's only now the provider for (default-)mysql-server. > You are experiencing a corner case with a single app (which one?). pdns-backend-mysql Maybe next time when flipping providers, doing an rdep build and install check is in order. Discovering that your package breaks with no upload on your side - as such, a random discovery - is not fun at all. -- christian hofstaedtler <z...@debian.org>
Bug#848701: statsmodels: FTBFS on i386
Source: statsmodels Version: 0.8.0~rc1+git59-gef47cd9-1 Hi, your package statsmodels currently FTBFS on i386 and as such does not migrate to testing. Build logs from the buildds can be found here: https://buildd.debian.org/status/logs.php?arch=i386=statsmodels=0.8.0%7Erc1%2Bgit59-gef47cd9-1 I also note that your package is due to be removed from testing today, and the freeze is approaching rather quickly. -- christian hofstaedtler <z...@debian.org>
Bug#846848: [Pkg-nagios-devel] Bug#846848: check-mk: Provides binary package for nagios3 which has been removed from unstable
Hi, * Matt Taggart <tagg...@debian.org> [161219 17:14]: > The patch you committed looks good. But I have temporarily reverted it > due to the backport issue mentioned on the list. I think it might still > be interesting to apply it _before_ stretch releases, ... Given this bug is severity: serious and check-mk is marked for autoremoval in 13 days, please apply and upload that patch or whatever else you see fit. Thanks, -- christian hofstaedtler <z...@debian.org>
Bug#848660: ruby: might need to strip -fdebug-prefix-map
Package: ruby2.3 Severity: normal dpkg-buildflags has started injecting -fdebug-prefix-map with a variable path into C(..)FLAGS. We need to figure out if we need to strip that. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#846098: #846098: unrep
> Lowering bug severity for now, as there's another user who cannot > repro this. Maybe the bug is in mono instead. Checked with mono-* from testing and can still not repro the issue. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#846098: #846098:
Control: tags -1 + moreinfo unreproducible Control: severity -1 normal Dear Submitter, I've quickly tried to reproduce your problem with keepass2 in sid and failed to do so. Please provide more details about your environment. Lowering bug severity for now, as there's another user who cannot repro this. Maybe the bug is in mono instead. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#846917: #846917: functionality loss
Hi, the submitter tells me that the "auth module was splitted, and the new binaries are not packaged". So there's some r-c context for anyone wondering. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#845106: #845106: x11vnc: configure does not find libssl, builds without OpenSSL support
Control: reopen -1 Control: severity -1 important For stretch this is worked around by using libssl1.0, for stretch+1 this needs a proper fix. By then, we hopefully don't need to traverse 5000 lines of openssl glue. -- christian hofstaedtler <z...@debian.org>
Bug#841601: mysql failures fixed in git
I've fixed the mysql_install_db related failure in git (by switching to mariadb + updating the wrapper shell script), but there's a new failing test. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#848625: Please drop openssl-blacklist dependency
Package: slurmd Version: 16.05.7-1 Severity: important Please drop the dependency on openssl-blacklist, if possible. As outlined in #833245, it's usefulness is probably over. (Same also applies to slurmctld.) Thanks, -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#834423: Can't reproduce
* Dominic Hargreaves <d...@earth.li> [161219 02:04]: > Control: severity -1 important > Control tags -1 + unreproducible > > This package builds for me on a current sid chroot, so downgrading. I was going to merge this bug with #834420 as it looks like basically the same thing, but then saw this downgrade. Can you sort out the severity of the other bug and/or the merging? Thanks, -- christian hofstaedtler <z...@debian.org>
Bug#831965: asciidoc: FTBFS with dpkg-buildpackage -A: doc/testasciidoc.1: No such file or directory at /usr/bin/dh_installman line 131.
* Santiago Vila <sanv...@unex.es> [161219 01:50]: > tags 831965 + patch > > The "build-indep" target is missing. > Patch attached. Now in DELAYED/2. -- christian hofstaedtler <z...@debian.org>
Bug#848288: ruby-em-synchrony: (build-)depends on mysql-{client,server}
* Emilio Pozuelo Monfort <po...@debian.org> [161219 01:22]: > Your package build-depends on mysql-server. Since we're transitioning to > mariadb as the default mysql provider, you should switch your build > dependency to default-mysql-server | virtual-mysql-server. While I've done so now in the recent upload, I think this is misguided: the mysql-server implementations are not nearly compatible enough to allow switching between them. * mysql_install_db takes different parameters (--force is missing in 5.7) * mariadb sets up users with a default plugin of `unix_socket` which needs workarounding * --skip-grant works differently between mysql and mariadb (mariadb does not allow SET PASSWORD after FLUSH PRIVILEGES in this mode) * the default character sets differ, and as such the valid indexes that can be created differ. None of these are just theoretical issues. -- christian hofstaedtler <z...@debian.org>
Bug#848616: #848616: mysql_install_db creates unusable root user
Here's a silly workaround I've added to ruby-mysql2, but this really can't be the solution: https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-mysql2.git/commit/?id=38e0a5633506fd115853aa0b16b91a7441069db5 -- christian hofstaedtler <z...@debian.org>
Bug#848289: ruby-riddle: (build-)depends on mysql-{client,server}
Control: tags -1 + help I've committed the d/control changes to git, but with MariaDB there are failing tests: 1) Sphinx Updates should update a single record appropriately Failure/Error: ellie[:attributes]["birthday"].should == Time.local(1970, 1, 23).to_i expected: 1900800 got: 191203200 (using ==) # ./spec/functional/update_spec.rb:14:in `block (2 levels) in ' Looks like MariaDB is not really that compatible or something. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#848616: mysql_install_db creates unusable root user
the MariaDB daemon with: cd '/usr' ; /usr/bin/mysqld_safe --datadir='/tmp/tmp.WiS7YFCukw' You can test the MariaDB daemon with mysql-test-run.pl cd '/usr/mysql-test' ; perl mysql-test-run.pl Please report any problems at http://mariadb.org/jira The latest information about MariaDB is available at http://mariadb.org/. You can find additional information about the MySQL part at: http://dev.mysql.com Support MariaDB development by buying support/new features from MariaDB Corporation Ab. You can contact us about this at sa...@mariadb.com. Alternatively consider joining our community based development effort: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/ ch@d:~ % /usr/sbin/mysqld --no-defaults --socket=/tmp/tmp.WiS7YFCukw/mysql.sock --datadir=/tmp/tmp.WiS7YFCukw --skip-networking 161219 0:19:09 [Note] /usr/sbin/mysqld (mysqld 10.0.28-MariaDB-2) starting as process 11972 ... 161219 0:19:09 [Note] InnoDB: Using mutexes to ref count buffer pool pages 161219 0:19:09 [Note] InnoDB: The InnoDB memory heap is disabled 161219 0:19:09 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 161219 0:19:09 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier 161219 0:19:09 [Note] InnoDB: Compressed tables use zlib 1.2.8 161219 0:19:09 [Note] InnoDB: Using Linux native AIO 161219 0:19:09 [Note] InnoDB: Using CPU crc32 instructions 161219 0:19:09 [Note] InnoDB: Initializing buffer pool, size = 128.0M 161219 0:19:09 [Note] InnoDB: Completed initialization of buffer pool 161219 0:19:09 [Note] InnoDB: Highest supported file format is Barracuda. 161219 0:19:10 [Note] InnoDB: 128 rollback segment(s) are active. 161219 0:19:10 [Note] InnoDB: Waiting for purge to start 161219 0:19:10 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.32-79.0 started; log sequence number 1623579 161219 0:19:10 [Note] Plugin 'FEEDBACK' is disabled. 161219 0:19:10 [Note] /usr/sbin/mysqld: ready for connections. Version: '10.0.28-MariaDB-2' socket: '/tmp/tmp.WiS7YFCukw/mysql.sock' port: 0 Debian unstable [in another shell:] ch@d:~ % /usr/bin/mysqladmin --socket=/tmp/tmp.WiS7YFCukw/mysql.sock ping /usr/bin/mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user 'ch'@'localhost'' ch@d:~ % /usr/bin/mysqladmin --socket=/tmp/tmp.WiS7YFCukw/mysql.sock ping -u root /usr/bin/mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user 'root'@'localhost'' -- christian hofstaedtler <z...@debian.org>
Bug#835146: dpkg: please enable bindow hardening flag by default
* Bálint Réczey <bal...@balintreczey.hu> [161219 00:06]: > I have uploaded a fixed package with the attached patch to DELAYED/10. Given dpkg/1.18.16 has entered sid, your upload will likely fail... Best, -- christian hofstaedtler <z...@debian.org>
Bug#846299: #846299: lighttpd depends on systemd
Control: severity -1 normal Extra dependencies that are harmless certainly do not qualify as "severity serious". Also note that while this would help installability on kfreebsd, right now lighttpd does not even build there. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#828486: #828486: libssl versions
Control: severity -1 important 0.4.3-1 with symbol versioning has entered testing; it also switched back to libssl 1.0.2; therefore downgrading severity, as upgrading to libssl 1.1.0 can be done in stretch+1. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#847659: #847659: [dma] postinst maintainer script fails
Control: tags -1 + moreinfo Dear Submitter, I've quickly tried to reproduce your bug report, but failed to do so. Please provide more info. Were you upgrading from a previous version? If so, which? Cheers, -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#848603: Enable innodb_large_prefix
Package: mariadb-server Version: 10.0.28-2 Severity: serious mariadb-server, the new default-mysql-server, breaks existing well-functioning applications that need to index columns defined as VARCHAR(255). This worked fine with mysql-server-5.6. This is caused by two questionable choices: * default character set is utf8mb4 (causing index prefix lengths quadruple). * innodb_large_prefix is OFF. I'd suggest you enable innodb_large_prefix or revert to what mysql-server-5.6 did, i.e. set the character set to utf8 (which uses "just" 3 bytes per character). Thanks, -- christian hofstaedtler <z...@debian.org>
Bug#848588: cvm: FTBFS: + : directory debian/cvm missing
Control: severity -1 important This appears to be caused by parallel building, which I'm not sure is a policy requirement, so downgrading for now. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#848588: cvm: FTBFS: + : directory debian/cvm missing
Source: cvm Version: 0.96-1.2 Severity: serious Dear Maintainer, your package cvm currently FTBFS in unstable, last few lines: make[1]: Leaving directory '/<>' touch build-stamp fakeroot debian/rules binary : implicit + : directory debian/cvm missing : debian/cvm/usr/share/doc/cvm/examples/ debian/implicit:20: recipe for target 'cvm.deb-checkdir' failed make: *** [cvm.deb-checkdir] Error 1 make: *** Waiting for unfinished jobs : debian/cvm/usr/share/doc/cvm/ + install -m0644 debian/cvm.README.Debian debian/cvm/usr/share/doc/cvm/README.Debian + install -m0644 debian/copyright debian/cvm/usr/share/doc/cvm/ + install -m0644 debian/changelog debian/cvm/usr/share/doc/cvm/changelog.Debian + mv debian/cvm/usr/share/doc/cvm/changelog.Debian debian/cvm/usr/share/doc/cvm/changelog dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 Build log attached. Cheers, -- christian hofstaedtler <z...@debian.org> sbuild (Debian sbuild) 0.72.0 (25 Oct 2016) on debbuild.in.namespace.at +==+ | cvm 0.96-1.2 (amd64) Sun, 18 Dec 2016 17:13:41 + | +==+ Package: cvm Version: 0.96-1.2 Source Version: 0.96-1.2 Distribution: unstable Machine Architecture: amd64 Host Architecture: amd64 Build Architecture: amd64 I: NOTICE: Log filtering will replace 'var/run/schroot/mount/unstable-amd64-sbuild-3727a883-1bb1-47e9-a623-ac99b68433ba' with '<>' +--+ | Update chroot| +--+ Get:1 http://http.at.debian.org/debian unstable InRelease [223 kB] Get:2 http://http.at.debian.org/debian unstable/main Sources.diff/Index [27.9 kB] Get:3 http://http.at.debian.org/debian unstable/main amd64 Packages.diff/Index [27.9 kB] Get:4 http://http.at.debian.org/debian unstable/main Sources 2016-12-18-0227.50.pdiff [18.4 kB] Get:5 http://http.at.debian.org/debian unstable/main Sources 2016-12-18-0827.17.pdiff [2281 B] Get:6 http://http.at.debian.org/debian unstable/main Sources 2016-12-18-1427.50.pdiff [10.9 kB] Get:7 http://http.at.debian.org/debian unstable/main amd64 Packages 2016-12-18-0227.50.pdiff [13.7 kB] Get:8 http://http.at.debian.org/debian unstable/main amd64 Packages 2016-12-18-0827.17.pdiff [2228 B] Get:9 http://http.at.debian.org/debian unstable/main amd64 Packages 2016-12-18-1427.50.pdiff [16.5 kB] Get:6 http://http.at.debian.org/debian unstable/main Sources 2016-12-18-1427.50.pdiff [10.9 kB] Get:9 http://http.at.debian.org/debian unstable/main amd64 Packages 2016-12-18-1427.50.pdiff [16.5 kB] Fetched 343 kB in 1s (238 kB/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... Calculating upgrade... 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +--+ | Fetch source files | +--+ Local sources - /home/ch/Debian/tmp/cvm_0.96-1.2.dsc exists in /home/ch/Debian/tmp; copying to chroot I: NOTICE: Log filtering will replace 'build/cvm-7jI1Ey/cvm-0.96' with '<>' I: NOTICE: Log filtering will replace 'build/cvm-7jI1Ey' with '<>' +--+ | Install build-essential | +--+ Setup apt archive - Merged Build-Depends: build-essential, fakeroot Filtered Build-Depends: build-essential, fakeroot dpkg-deb: building package 'sbuild-build-depends-core-dummy' in '/<>/resolver-LEFpsD/apt_archive/sbuild-build-depends-core-dummy.deb'. dpkg-scanpackages: warning: Packages in archive but missing from override file: dpkg-scanpackages: warning: sbuild-build-depends-core-dummy dpkg-scanpackages: info: Wrote 1 entries to output Packages file. Ign:1 copy:/<>/resolver-LEFpsD/apt_archive ./ InRelease Get:2 copy:/<>/resolver-LEFpsD/apt_archive ./ Release [957 B] Ign:3 copy:/<>/resolver-LEFpsD/apt_archive ./ Release.gpg Get:4 copy:/<>/resolver-LEFpsD/apt_archive ./ Sources [349 B] Get:5 copy:/<>/resolver-LEFpsD/apt_archive ./ Packages [432 B] Fetched 1738 B in 0s (106 kB/s) Reading package lists... Reading package lists... +--+ | Install core build dependencies (aptitude-based resolver)| +--+
Bug#848580: dirmngr: upgrading from jessie fails
Control: reassign -1 dpkg Control: found -1 1.18.16 Control: retitle -1 dpkg-maintscript-helper: fails if optional version is not given Reassigning to dpkg which apparently broke dpkg-maintscript-helper in 1.18.16. -- christian hofstaedtler <z...@debian.org>
Bug#848504: usrmerge breaks various systemd symlinks
Control: found -1 13 * Michael Biebl <bi...@debian.org> [161217 21:35]: > Am 17.12.2016 um 21:08 schrieb Michael Biebl: ... > > So it seems, usrmerge resolved those to the symlink target. > > > > I don't see anything broken in systemd here though, so > > reassigning to usrmerge (and bumping the severity, as this breaks systemd > > badly) > > > > Which version of usrmerge is this? Version 13 > Fwiw, I just tried usrmerge in a freshly created test VM. It ran > succesfully without any issues regarding systemd symlinks. > > Christian, do you have any custom modifications or some special setup? > Do you maybe have a backup of that system where you can check those > symlinks and where they were pointing to? No to both unfortunately. This is my scratch/build VM, so it may very well have seen various interesting upgrades over time in sid, or it may just have been plain and normal. The VM probably started out as jessie. So what I did not mention before (sorry), is that installing usrmerge actually aborted at first, because keepalived installed a file in both /usr/lib and /lib; but from the output it appeared to me the abort happened before doing any real work. Therefore I just removed keepalived and then dpkg ran the usrmerge postinst again, I think. /etc/fstab (minus comments): UUID=dcdeb525-ea16-4b14-96bc-52669f8b28f6 / ext4 errors=remount-ro 0 1 /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-4.8.0-2-amd64 root=UUID=dcdeb525-ea16-4b14-96bc-52669f8b28f6 ro panic=30 console=ttyS0,115200 console=tty0 vga=791 % grep -Ev '^(#|$)' /etc/dpkg/dpkg.cfg /etc/dpkg/dpkg.cfg.d/* /etc/dpkg/dpkg.cfg:no-debsig /etc/dpkg/dpkg.cfg:log /var/log/dpkg.log /etc/dpkg/dpkg.cfg.d/needrestart:status-logger=(test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null) /etc/dpkg/dpkg.cfg.d/pkg-config-hook-config:post-invoke=if { test "$DPKG_HOOK_ACTION" = add-architecture || test "$DPKG_HOOK_ACTION" = remove-architecture; } && test -x /usr/share/pkg-config-dpkghook; then /usr/share/pkg-config-dpkghook update; fi apt is set to APT::Install-Recommends 0; ii usrmerge 13 all Convert the system to the merged /usr directories scheme ii util-linux2.29-1 amd64 miscellaneous system utilities ii systemd 232-7 amd64 system and service manager un systemd-container (no description available) un systemd-shim (no description available) ii systemd-sysv 232-7 amd64 system and service manager - SysV links un systemd-ui (no description available) Cheers, -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#843977: #843977: missing dependeny on python-pkg-resources
Even with python-pkg-resources installed, the package does not work, as pep8 has been renamed to pycodestyle and autopep8 now fails like this: % autopep8 Traceback (most recent call last): File "/usr/bin/autopep8", line 5, in from pkg_resources import load_entry_point File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3019, in @_call_aside File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3003, in _call_aside f(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3032, in _initialize_master_working_set working_set = WorkingSet._build_master() File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 655, in _build_master ws.require(__requires__) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 963, in require needed = self.resolve(parse_requirements(requirements)) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 849, in resolve raise DistributionNotFound(req, requirers) pkg_resources.DistributionNotFound: The 'pep8>=1.4.5' distribution was not found and is required by autopep8 -- christian hofstaedtler <z...@debian.org>
Bug#848504: usrmerge breaks various systemd symlinks
After rebooting: % systemctl status procps.service Unit procps.service could not be found. % systemctl status runlevel3.target Unit runlevel3.target could not be found. % systemctl status dbus-org.freedesktop.hostname1.service Unit dbus-org.freedesktop.hostname1.service could not be found. % systemctl status dbus-org.freedesktop.timedate1.service Unit dbus-org.freedesktop.timedate1.service could not be found. % systemctl status dbus-org.freedesktop.login1.service Unit dbus-org.freedesktop.login1.service could not be found. I don't think that is the expected outcome...? -- christian hofstaedtler <z...@debian.org>
Bug#848504: usrmerge breaks various systemd symlinks
Package: systemd Version: 232-7 usrmerge reports that various symlinks installed by systemd are "broken" and cannot be properly converted: WARNING: /usr/lib/systemd/system/dbus-org.freedesktop.login1.service is a broken symlink and has been renamed! WARNING: /usr/lib/systemd/system/runlevel3.target is a broken symlink and has been renamed! WARNING: /usr/lib/systemd/system/dbus-org.freedesktop.timedate1.service is a broken symlink and has been renamed! WARNING: /usr/lib/systemd/system/dbus-org.freedesktop.hostname1.service is a broken symlink and has been renamed! WARNING: /usr/lib/systemd/system/procps.service is a broken symlink and has been renamed! ls -la (in /usr/lib/systemd/system/) after conversion: lrwxrwxrwx 1 root root 62 Dec 17 18:35 dbus-org.freedesktop.hostname1.service -> /usr/lib/systemd/system/dbus-org.freedesktop.hostname1.service lrwxrwxrwx 1 root root 59 Dec 17 18:35 dbus-org.freedesktop.login1.service -> /usr/lib/systemd/system/dbus-org.freedesktop.login1.service lrwxrwxrwx 1 root root 62 Dec 17 18:35 dbus-org.freedesktop.timedate1.service -> /usr/lib/systemd/system/dbus-org.freedesktop.timedate1.service lrwxrwxrwx 1 root root 38 Dec 17 18:35 procps.service -> /usr/lib/systemd/system/procps.service lrwxrwxrwx 1 root root 40 Dec 17 18:35 runlevel3.target -> /usr/lib/systemd/system/runlevel3.target lrwxrwxrwx 1 root root 25 Nov 30 13:38 dbus-org.freedesktop.hostname1.service.usrmerge-broken -> systemd-hostnamed.service lrwxrwxrwx 1 root root 22 Nov 30 13:38 dbus-org.freedesktop.login1.service.usrmerge-broken -> systemd-logind.service lrwxrwxrwx 1 root root 25 Nov 30 13:38 dbus-org.freedesktop.timedate1.service.usrmerge-broken -> systemd-timedated.service lrwxrwxrwx 1 root root 22 Nov 30 13:38 procps.service.usrmerge-broken -> systemd-sysctl.service lrwxrwxrwx 1 root root 17 Nov 30 13:38 runlevel3.target.usrmerge-broken -> multi-user.target Can't really tell what the state before was, though. -- christian hofstaedtler <z...@debian.org>
Bug#843761: invoke-rc.d: Kill 600 birds with one stone (a.k.a. automatic policy-rc.d for init-less chroots)
* Martin Pitt <mp...@debian.org> [161210 20:50]: > However, I do like the patch, it would give us a much saner behaviour > of package installation in self-created chroots. mk-sbuild and friends > do install a policy-rc.d already, but I've seen this come up more than > once already. > Michael, any others: Do you see any downside of this? >From a sysadmin PoV: please implement this. Cheers, -- christian hofstaedtler <z...@debian.org>
Bug#416086: [Pkg-sysvinit-devel] Bug#416086: symlinks are not removed on uninstall/purge
Control: tags -1 + wontfix * Henrique de Moraes Holschuh <h...@debian.org> [161210 20:43]: > On Sat, 24 Mar 2007, Michael Biebl wrote: > > When deinstalling/purging initscripts, the symlinks in /etc/rcS.d,rc0.d > > and rc6.d are not removed. > > Messing with those has a critical effect on the ability to shutdown or > reboot the system. I don't know if we can change that, even for purging. Note that purging works fine. I'm tagging this wontfix for now, as the symlinks are indeed configuration, and just removing initscripts then is pointless. -- christian hofstaedtler <z...@debian.org>
Bug#728682: Patch
Control: tags -1 + patch Proposed patch attached. -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `- >From ceae57b4ae857680c2526d2e7c3a149ae5c23dec Mon Sep 17 00:00:00 2001 From: Christian Hofstaedtler <z...@debian.org> Date: Sat, 10 Dec 2016 20:34:05 + Subject: [PATCH] Align policy-rc.d existing/nonexisting case for custom actions Previously, when calling invoke-rc.d with a "custom" action, it would print an error when a policy-rc.d file was installed, but it would be silent if no such file was installed. Closes: #728682 --- script/invoke-rc.d | 11 --- 1 file changed, 11 deletions(-) diff --git a/script/invoke-rc.d b/script/invoke-rc.d index ed9028d..7d839bf 100755 --- a/script/invoke-rc.d +++ b/script/invoke-rc.d @@ -257,17 +257,6 @@ fi #NOTE: It may not be obvious, but "$@" from this point on must expand #to the extra initscript parameters, except inside functions. -## sanity checks and just-in-case warnings. -case ${ACTION} in -start|stop|force-stop|restart|reload|force-reload|status) - ;; -*) - if test "x${POLICYHELPER}" != x && test -x "${POLICYHELPER}" ; then - printerror action ${ACTION} is unknown, but proceeding anyway. - fi - ;; -esac - # Operate against system upstart, not session unset UPSTART_SESSION # If we're running on upstart and there's an upstart job of this name, do -- 2.11.0
Bug#728682: #728682 - unfixed, only happens with policy-rc.d
Reassigning to init-system-helpers, which nowadays provides invoke-rc.d. While Michael correctly notices that the warning is not printed on sid, this is just an effect of the bug: invoke-rc.d does print the warning ONLY if a policy-rc.d helper has been installed by the local admin. See: http://sources.debian.net/src/init-system-helpers/1.46/script/invoke-rc.d/#L265 I find this is quite annoying, and would suggest just dropping lines 260-269 from that file. Any opposition? Thanks, -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-