Bug#997504: terminator: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.9 returned exit code 13

[Markus Frosch]

Hi Jochen,

On Sun, 2021-11-28 at 15:30 +0100, Jochen Sprickerhof wrote:
> The actual problem is that libgtk-3-0 version 3.24.30-1 drops the 
> dependency on librest-0.7-0 which brought in gsettings-desktop-schemas 
> which seems to be the missing build dependency as this works for unstable:
> 
> sbuild terminator --add-depends gsettings-desktop-schemas
> 
> Assigning back, accordingly, though I'm not sure if there should be an 
> other bug for python3-gi or the gtk backtrace above.

Thank you very much for the analysis, I'm not very deep into desktop basics
around GTK yet.

Will push a fix soon.

Best Regards
Markus Frosch

Bug#990983: [Pkg-utopia-maintainers] Bug#990983: network-manager-openvpn: Connecting to OpenVPN Server 2.5.x with some IPv6 configuration fails

[Markus Frosch]

On Mon, 2021-07-12 at 10:31 +0200, Michael Biebl wrote:
> Thanks for the offer. Since it's a simple git cherry-pick, I don't think 
> I need help with preparing the package. If you could test though that 
> the MR/patch fixes the issues you are having, this would be great.

Hi Micheal,

will try the patch as a single change build later and report back.

Thanks
Markus

Bug#990983: network-manager-openvpn: Connecting to OpenVPN Server 2.5.x with some IPv6 configuration fails

[Markus Frosch]

Package: network-manager-openvpn
Version: 1.8.12-2
Severity: important
Tags: patch

Dear Maintainer,

I've had some trouble connecting to an OpenVPN server with some IPv6
configuration.

It seems like this is only caused with server and client on 2.5.x, but I
wasn't able to test this to a good extend.

I was able to fix the issue with 1.8.14-1 from experimental. But I think
we should fix this for bullseye, a possible patch can be found in the
merge request below.

Do you need any help preparing or testing the patch for bullseye?

Regards
Markus Frosch

References:
- https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/64
- https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/34
- https://bugs.archlinux.org/task/68567

-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 
'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages network-manager-openvpn depends on:
ii  adduser  3.118
ii  libc62.31-12
ii  libglib2.0-0 2.66.8-1
ii  libnm0   1.30.0-2
ii  network-manager  1.30.0-2
ii  openvpn  2.5.1-3

network-manager-openvpn recommends no packages.

network-manager-openvpn suggests no packages.

-- no debconf information

Bug#980502: evolution: printing emails doesn't work

[Markus Frosch]

clone 980502 -1
forwarded 980502 https://gitlab.gnome.org/GNOME/evolution/-/issues/1141
forwarded -1 https://bugs.webkit.org/show_bug.cgi?id=202363
reassign -1 webkit2gtk 2.30.6-1
retitle -1 Printing not working with bubblewrap sandbox enabled
affects -1 evolution
bye

Hi,

On Tue, 19 Jan 2021 22:52:07 +0100 Ben Ruhnow  wrote:
> when I recently had to print an email I found out that this function is
useless for now! 
> The workaround described there makes this feature useable.
> 
> Hoping this will be fixed in the next releases.

I can confirm this, root cause seems to be using the sandbox of webkit.

Issue: https://bugs.webkit.org/show_bug.cgi?id=202363

Workaround would be starting evolution like this:
WEBKIT_FORCE_SANDBOX=0 evolution

Until fixed, Webkit devs seems to recommend disabling the sandbox code.

Also see:
https://gitlab.gnome.org/GNOME/evolution/-/issues/1141#note_1058502

Best Regards
Markus Frosch

Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)

[Markus Frosch]

Hi Daniel,

On Sun, 2021-03-21 at 13:52 +0200, Daniel Hevron Pereh wrote:
> I successfully managed to unlock my LUKS partition by generating the response
> on a different machine (with package 'ykpersonalize' using the command
> 'ykchalresp') and typing it manually. the system was updated as I thought. 
> 
> My system recognized my yubikey when it was unlocked and I could do the usual
> operation I'm using it for. the chalresp OTP slot works as usual as well for
> other oprations. 
> 
> Tried to do another update and rebooted the system, still no luck with the
> yubikey itself. 
> 
> As for your suggestion, I'll try to unlock it with the yubikey-luks package on
> a live system and report back.

Sorry you are having problems with the integration.

Could you share a few details?

* dpkg -l "*yubi*"
* dpkg -l "*cryptsetup*"
* cat /etc/crypttab
* Screenshots of the prompt, error messages, maybe boot in recovery mode

You should always be able to unlock with any other passphrase, as long as the
YubiKey is not present, I hope this works for you?

Also make sure you have updated initramfs, after upgrading yubikey-luks: update-
initramfs -uv

Best Regards
Markus Frosch

Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)

[Markus Frosch]

Hi Jerome,

On Sat, 2021-03-20 at 12:29 -0400, Jerome Charaoui wrote:
> I've attempted, but was unable, to reproduce this bug.
> 
> I set up the yubikey-luks challenge-response on a fresh stretch system, 
> and after upgrading to bullseye, it was working as before, which 
> suggests the package is working as intended even after a release upgrade.
> 
> I'm wondering if your bug could actually be related to an update in the 
> kernel or usb subsystem itself, rather than the yubikey-luks package?
> 
> Did you try booting up using a live system such as Grml and trying to 
> unlock your luks filesystem manually in that environment?

Thanks for verifying, I just re-confirmed it working on my test VMs without any
problems (from a fresh install).

And thanks for tagging! :)

Regards
Markus

Bug#984709: yubikey-luks: Stop exposing challenge in process list

[Markus Frosch]

Hi Christian,

On Sun, 2021-03-07 at 15:44 +0100, Christian Kastner wrote:
> Looking at the upstream yubikey-luks repository, I noticed what seems to
> be an important recent fix, namely for the password (used as the yubikey
> challenge) being exposed in the process list:
> 
>    https://github.com/cornelinux/yubikey-luks/pull/63
> 
> This affects stable, too.
> 
> The fix from the PR seems simple enough, it just changes four LOC.
> 
> I looked at the (non-whitespace, non-documentation) diff between our
> current version and HEAD, and it's not that big. Perhaps the RT would be
> even be willing to ACK an update to HEAD.

Thanks for reporting, haven't been following upstream for a while since I don't
use the package actively anymore.

Due to lack of time, I'll upload a minimal patch for now. Feel free to join in
maintaining.

Regards
Markus

Bug#972119: terminator: conflicts with icon-theme.cache on install

[Markus Frosch]

Source: terminator
Source-Version: 2.0.1+gittag-1~bpo10+1

Hey,

this is now fixed with the latest update to buster-backports.

Best Regards
Markus Frosch

Bug#978995: Useless in Debian

[Markus Frosch]

On Fri, 2021-01-01 at 22:19 -0400, David Prévot wrote:
> Package: php-dompdf
> Severity: serious
> 
> [ Reported by a team member to see the package removed from testing ]
> 
> php-dompdf was introduced in Debian as part of the ownCloud packaging
> effort, but no packages depend on it anymore, so I don’t believe it’s
> useful to keep it around.
> 
> Unless someone disagree with the above, I intend to ask for removal of
> this package soon (so if you read this message years from now, no need
> to ask for permission to act on what I’ve failed to…).

Hi David,

I kinda noticed that myself for a while, but it seems like civicrm [1] depends
on it now, which doesn't look like it would make it to bullseye.

See #978994 [2], I orphaned it and php-font-lib #978995 for that reason, also
CCing Dimitry on all bugs.

We could remove it from testing if civicrm won't make it, so this bug should
take care of that at least...

I'll open another serious bug for php-font-lib then.

Best
Markus Frosch

[1] https://tracker.debian.org/pkg/civicrm
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978994
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978995

Bug#979063: php-font-lib: Useless in Debian

[Markus Frosch]

Package: php-font-lib
Version: 0.3.1+dfsg-3.1
Severity: serious
X-Debbugs-Cc: taf...@debian.org, only...@debian.org, hol...@debian.org

[ Trying to remove the package from bullseye at least ]

Similar to php-dompdf [1], this package is pretty useless for bullseye,
since it is only needed by php-dompdf, which is not depent on by any
package in testing.

Only possible candidate would be civicrm [2], which seems not be able to
make it to bullseye.

Also see the orphan [3].

Best Regards
Markus Frosch

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979022
[2] https://tracker.debian.org/pkg/civicrm
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978995

Bug#978995: O: php-font-lib -- read, parse, export and make subsets of different fonts

[Markus Frosch]

Package: wnpp
Severity: normal
X-Debbugs-Cc: only...@debian.org

I intend to orphan the php-font-lib package, since I'm no longer using
it myself for anything.

Only reverse deps are:
* php-dompdf
* civicrm-common

The package description is:
 A library to read, parse, export and make subsets of different types of font
 files
 .
 This library can be used to:
  * Read TrueType, OpenType (with TrueType glyphs), WOFF font files
  * Extract basic info (name, style, etc.)
  * Extract advanced info (horizontal metrics, glyph names, glyph
shapes, etc.)
  * Make an Adobe Font Metrics (AFM) file from a font

Bug#978994: O: php-dompdf -- HTML to PDF converter

[Markus Frosch]

Package: wnpp
Severity: normal
X-Debbugs-Cc: only...@debian.org

I intend to orphan the php-dompdf package, because I only did partial
uploads for dependencies I maintained, but the only reverse dependency
is now:

civicrm-common

The package description is:
 DOMPDF is a CSS 2.1 compliant HTML to PDF converter. It:
  * handles most CSS 2.1 and a few CSS3 properties, including @import,
@media & @page rules
  * supports most presentational HTML 4.0 attributes
  * supports external stylesheets, either local or through HTTP/FTP
(via fopen-wrappers)
  * supports complex tables, including row and column spans, separate
and collapsed border models, individual cell styling
  * supports images: GIF, PNG (8-, 24- and 32-bit with alpha channel),
BMP, and JPEG
  * supports inline PHP

Bug#969788: nextcloud-desktop: Upgrade removed part of configuration

[Markus Frosch]

> > from my side it seems like not many people have the problem that the 
> > configuration is lost while doing the upgrade. So I think, it is just a
> > normal 
> > bug you found. Please report it upstream and provide us the url, so that we 
> > can track the upstream status.
> > 
> > hefee

This bug could be related, it sounds like an iteration problem when updating the
folder selection DB from 2.x to 3.x

https://github.com/nextcloud/desktop/pull/2435

Backport: https://github.com/nextcloud/desktop/pull/2436

It should be included in 3.0.2 - so I suggest to update to 3.0.2 and close this
bug for now...

Best Regards
Markus Frosch
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#969788: Fwd: Re: Bug#969788: nextcloud-desktop: Upgrade removed part of configuration

[Markus Frosch]

Control: severity -1 important

Somehow this message didn't reach the BTS...

 Forwarded Message 
Von: Sandro Knauß 
An: Tobias Frost , 969...@bugs.debian.org, Markus Frosch <
lazyfro...@debian.org>, Erwan David 
Betreff: Re: Bug#969788: nextcloud-desktop: Upgrade removed part of 
configuration
Datum: Thu, 24 Sep 2020 21:04:34 +0200

> Control: severity 969576 important
> 
> Hey,
> 
> from my side it seems like not many people have the problem that the 
> configuration is lost while doing the upgrade. So I think, it is just a
> normal 
> bug you found. Please report it upstream and provide us the url, so that we 
> can track the upstream status.
> 
> hefee
> 
> --
> On Donnerstag, 10. September 2020 20:16:48 CEST you wrote:
> > On Thu, 10 Sep 2020 19:27:37 +0200 Tobias Frost  wrote:
> > > I'll see if I can find some logs…
> > 
> > Ok, it seems so that my instance deletes its configuration itself…
> > 
> > But I think that needs a word on my configuration:
> > ~/Documents is synced with my Nextcloud intance
> > I have setup XDG_DATA and XDG_CONFIG to be on
> > ~/Documents/XDG/$hostname/{XDG_DATA XDG_CONFIG}
> > (to be able to share XDG configurations files on complicant apps more easy
> > between PCs)
> > 
> > ~/Documents/XDG/isildor/XDG_CONFIG/Nextcloud is a symlink to
> > ~/.config/Nextcloud (so it is not on the share)
> > 
> > It seems that nextcloud app is deleting that file, (following the symlink)
> > 
> > Of course this could be a read herring, as I naively tried to reconfigure
> > the nextcloud without deleting Documents and I just got conflict everywhere
> > now.
> > 
> > It is possible the the app is following the symlink and thinks, hey , file
> > not on the nextcloud server, delete it… Could be another bug though; (I
> > guess it should not follow symlinks, at least it used to ignore symlinks
> > when syncing to servers)
> > 
> > Next step I'll try a fresh resync…
> 
> -- 
> Mein öffentlicher Schlüssel / My public key: E68031D299A6527C 
> Fingerabdruck / Fingerprint:
> D256 4951 1272 8840 BB5E  99F2 E680 31D2 99A6 527C 
> Runterladen z.B. bei/ Get it e.g. here:
> pool.sks-keyservers.net, ...
> 
> Ich habe meinen Schlüssel 2015 gewechselt / I've switched my GnuPG key 2015.
> Hier ein Dokument, was meinen Wechsel deutlich macht ( mit beiden Schlüsseln 
> unterschrieben)
> Here's a document, that proves I wanted to do this switch ( it is signed by 
> both keys)
> http://sandroknauss.de/files/transition2015.asc

-- 
mar...@lazyfrosch.de
https://lazyfrosch.de

Bug#969788: nextcloud-desktop: Upgrade removed part of configuration

[Markus Frosch]

tags -1 + moreinfo upstream
thanks

On Tue, 08 Sep 2020 08:29:17 +0200 Erwan David  wrote:
> Package: nextcloud-desktop
> Version: 3.0.1-1
> Severity: grave
> Justification: causes non-serious data loss
> 
> I had 3 synchronized folders, after upgrade I had only the first defined,
configuration of other synchronized folders was lost.

I've upgraded from 2.x to 3.x yesterday, apt full-upgrade, restart client,
reboot.

No problems whatsoever, so I can not confirm the problem...

I'm having 2 accounts configured, multiple folders, and also selective choice
for which sub-folders are synchronized.

Can anyone confirm the problems of Erwan?

Regards
Markus

-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#968395: Stretch update of {{ package }}?

[Markus Frosch]

Hi Emilio,

On Fri, 2020-08-14 at 12:40 +0200, Emilio Pozuelo Monfort wrote:
> The Debian LTS team would like to fix the security issues which are
> currently open in the Stretch version of {{ package }}:
> 

I'm not aware of any security issues with Terminator.

Not sure why went wrong here, apart from the template rendering.

Cheers
Markus
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#961277: Please do not depends on dbus-x11 without alternative

[Markus Frosch]

On Fri, 2020-05-22 at 13:54 +0200, Laurent Bigonville wrote:
> dbus-x11 has been added about a year ago to the dependencies (see bug
> #918149) without an alternative.
> 
> This is not OK as dbus-x11 is only needed in case there is not an
> already existing dbus user bus running.
> 
> The proper dependency should be something like: "default-dbus-session-bus |
> dbus-session-bus"
> 
> instead, default-dbus-session-bussee this mail from 2016: 
> https://lists.debian.org/debian-devel/2016/08/msg00554.html
> 
> Please switch to the recommended dependency.

Hi Laurent,
thank you for the pointer.

Regards
Markus
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#959856: [Python-apps-team] Bug#959856: terminator: ships /usr/share/icons/hicolor/icon-theme.cache

[Markus Frosch]

On Mon, 2020-05-18 at 19:05 +0200, Adrian Vondendriesch wrote:
> I wasn't able to find any way to tell pybuild to pass any argument right
> after "python3 setup.py" and the action it should call (for instance
> "install"). Passing --install-args to pybuild doesn't work. Therefor I
> did the same thing as in commit 2271ffc9. Overwrite dh_auto_-install.

Thanks for the patch Adrian, but I think the best way for now is to purge the
file after dh_auto_install.

I want to remove the "feature" in 2.0 anyways:
https://github.com/gnome-terminator/terminator/issues/102

Thanks
Markus
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#959893: appstream-generator: Link against libglibd-2.0.so broken

[Markus Frosch]

Package: appstream-generator
Version: 0.8.1-1+b1
Severity: grave
Justification: renders package unusable

Hi maintainer,
the package possible needs rebuilding.

> appstream-generator: error while loading shared libraries: libglibd-2.0.so:
> cannot open shared object file: No such file or directory

libglibd-2.0 now has an explicit .0 suffix version:

> $ apt-file search libglibd-2.0.so
> libglibd-2.0-0: /usr/lib/x86_64-linux-gnu/libglibd-2.0.so.0
> libglibd-2.0-0: /usr/lib/x86_64-linux-gnu/libglibd-2.0.so.2.1.0
> libglibd-2.0-dev: /usr/lib/x86_64-linux-gnu/libglibd-2.0.so

Adding a symlink helps, but not sure why this happened.

> ln -s libglibd-2.0.so.0 /usr/lib/x86_64-linux-gnu/libglibd-2.0.so

Regards
Markus

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.6.0-1-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages appstream-generator depends on:
ii  libappstream40.12.10-2
ii  libarchive13 3.4.0-2
ii  libc62.30-4
ii  libcairo21.16.0-4
ii  libfontconfig1   2.13.1-4
ii  libfreetype6 2.10.1-2
ii  libgcc-s110-20200418-1
ii  libgdk-pixbuf2.0-0   2.40.0+dfsg-4
ii  libglib2.0-0 2.64.2-1
ii  libjs-highlight.js   9.12.0+dfsg1-5
ii  libjs-jquery-flot0.8.3+dfsg-1
ii  liblmdb0 0.9.24-1
ii  libpango-1.0-0   1.44.7-4
ii  libphobos2-ldc-shared90  1:1.20.1-1
ii  librsvg2-2   2.48.3-1

Versions of packages appstream-generator recommends:
ii  ffmpeg   7:4.2.2-1+b1
ii  optipng  0.7.7-1+b1

appstream-generator suggests no packages.

-- no debconf information

Bug#958451: ausweisapp2: gets stuck when using service "Arbeitnehmer online"

[Markus Frosch]

On Wed, 2020-04-22 at 10:59 +0200, John Paul Adrian Glaubitz wrote:
> This is something that should be forwarded upstream, as the bug doesn't
> seem Debian-specific to me.
> 
> I have CC'ed one of the upstream developers.
> 

Hi Adrian,
should be the same issue as #958190, where simply the UI doesn't start at all on
a fresh Debian buster.

Not sure what dependency might be missing.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958190

-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#955990: terminator: Switching upstream

[Markus Frosch]

Package: terminator
Version: 1.91-4
Severity: normal
Tags: upstream

I plan to switch upstream to the new organziation on GitHub within the
next weeks: https://github.com/gnome-terminator/terminator

Disclaimer: I'm managing upstream and also act as the maintainer in
Debian.

Please see this issue for details on why:
https://github.com/gnome-terminator/terminator/issues/1

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.5.0-1-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages terminator depends on:
ii  dbus-x11   1.12.16-2
ii  gir1.2-glib-2.01.64.0-2
ii  gir1.2-gtk-3.0 3.24.14-1
ii  gir1.2-pango-1.0   1.42.4-8
ii  gir1.2-vte-2.910.60.1-1
ii  python33.8.2-2
ii  python3-cairo  1.16.2-2
ii  python3-configobj  5.0.6-3
ii  python3-dbus   1.2.16-1
ii  python3-gi 3.36.0-1
ii  python3-gi-cairo   3.36.0-1
ii  python3-psutil 5.6.7-2

Versions of packages terminator recommends:
ii  gir1.2-keybinder-3.0  0.3.2-1+b1
ii  gir1.2-notify-0.7 0.7.9-1
ii  xdg-utils 1.1.3-2

terminator suggests no packages.

-- no debconf information

Bug#955383: terminator: URLs are not clickable

[Markus Frosch]

forwarded -1 https://github.com/gnome-terminator/terminator/pull/6
owner -1 !
tags -1 + upstream
thanks

Am Donnerstag, den 02.04.2020, 09:38 -0300 schrieb Antonio Terceiro:
> FWIW I have been running with this patch for a while, and I didn't
> notice any issues. I have clicked URLs several times and it all just
> works.

I tested your patch, it works fine, only noticed one warning:

VTE-WARNING **: 18:12:07.240: (../src/vtegtk.cc:2171):int 
vte_terminal_match_add_regex(VteTerminal*, VteRegex*, guint32): runtime
check failed: (_vte_regex_has_multiline_compile_flag(regex))

Apparently one should use MULTILINE to search with vte, if not the warning is 
raised. Unfortunately there is no proper constant
for that, at least not with the Python interface.

This will be implemented with: 
https://github.com/gnome-terminator/terminator/pull/6
Patch: 
https://github.com/gnome-terminator/terminator/pull/6/commits/07d7dd56b2adf7eb8a526cc10bd5373756ff58f2

Regards
Markus
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#953153: terminator: Custom command plugin don't work

[Markus Frosch]

forwarded -1 https://github.com/gnome-terminator/terminator/issues/2
owner -1 !
tags -1 + upstream
thanks

Am Donnerstag, den 05.03.2020, 11:23 +0100 schrieb Dtux:
> In Terminator, the custom plugin not working. It's possible to add new command
> but its use has no effect.
> 
> I patch it with this:
>  $ cd /usr/share/terminator/terminatorlib/plugins/
>  $ nano custom_commands.py
> change line 132:
>  terminal.vte.feed_child(command,  len(command)
> to
>  terminal.vte.feed_child(command.encode("utf-8"))
>  $ sudo py3clean .
>  $ sudo python -m compileall .
> 
>  restart terminator, and it work fine.

Hey Dtux,
thank you for your patch.

I'm currently in the process of adopting the upstream, see the following issue 
if you are interested:

Because of compatibility I would prefer the patch added in Fedora:
https://src.fedoraproject.org/rpms/terminator/blob/master/f/bz-1573927.patch

It should avoid a hard dependency on utf8 as current encoding.

See the following links with the work to fix this:
* https://github.com/gnome-terminator/terminator/issues/2
* https://github.com/gnome-terminator/terminator/pull/6

Regards
Markus

-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#947716: RFH: terminator -- multiple GNOME terminals in one window

[Markus Frosch]

Am Montag, den 30.12.2019, 13:38 +0100 schrieb Markus Frosch:
> I tried contacting the admins of the project on launchpad.

Now I decided to start this as a project.

There is a new GitHub organization:
https://github.com/gnome-terminator?type=source

You can find all information here:
https://github.com/gnome-terminator/terminator/issues/1

Anyone that would like to help is welcome!

Regards
Markus
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#955383: [Python-apps-team] Bug#955383: terminator: URLs are not clickable

[Markus Frosch]

Am Montag, den 30.03.2020, 18:21 -0300 schrieb Antonio Terceiro:
> > I just installed terminator. All the documentation I found, and the
> > preferences dialog, led me to expect URLs to be clickable. However, they
> > are not. They work just find on gnome-terminal in the same machine, so
> > maybe there is something wrong with how terminator talks to vte for it.
> 
> Looking up the vte documentation online, it suggests that
> add_match_gregex was deprecated some time ago, and made a noop at some
> point.
> 
> The attached patch seems to fix it for me. I will be running it for the
> text days and will let you know if I find any issue with it.

Thank you for the patch, I will review and test it soon.

Terminator is kind of a mess, I opened an RFH to explain the situation [1].

I'd wish we have a long term solution for this kind of bugs, and the general 
Python 3 support.

Best Regards
Markus Frosch

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947716

-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#951732: fails to show UI on gnome

[Markus Frosch]

Am Donnerstag, den 20.02.2020, 22:48 +0100 schrieb Lee Garrett:
> Found the minimum hard deps needed:
> 
> qml-module-qtquick-controls2
> qml-module-qtqml-models2
> 
> Adrian, please add those two as hard deps to ausweisapp2.

I can confirm this fixes problems with the new UI not working correctly.

Regards
Markus
-- 
mar...@lazyfrosch.de
https://lazyfrosch.de

Bug#948150: ruby-docker-api: Unused leaf package?

[Markus Frosch]

Package: ruby-docker-api
Version: 1.22.2-1
Severity: important

Hello maintainer,
Is this package still in use somehow? I noticed it has no active
rdepends in unstable.

As the gem is a pure library, it might make sense to deprecate it and
remove it from unstable.

Has anyone still has interest to maintain or use it?

Regards
Markus Frosch

-- System Information:
Debian Release: 10.2
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.3.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ruby-docker-api depends on:
ii  ruby 1:2.5.1
pn  ruby-excon   
ii  ruby-minitar [ruby-archive-tar-minitar]  0.9-1

ruby-docker-api recommends no packages.

Versions of packages ruby-docker-api suggests:
pn  docker.io  

Bug#940778: please drop transitional package ruby-archive-tar-minitar from src:ruby-minitar

[Markus Frosch]

Hi Holger,

On Thu, 19 Sep 2019 18:06:27 +0200 Holger Levsen  wrote:
> Please drop the transitional package ruby-archive-tar-minitar (from the 
> source 
> package ruby-minitar) for bullseye, as it has been released with stretch and 
> buster already.

You are right, I've opened bugs with a usertag:
https://bugs.debian.org/tag:ruby-minitar

Regards
Markus
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#947842: Update dependency ruby-archive-tar-minitar to ruby-minitar

[Markus Frosch]

Source: subtle
Version: 0.11.3224-xi-2.2
Severity: important
Usertags: ruby-minitar

Hi maintainer,
I will remove the ruby-archive-tar-minitar transitional
package from Debian unstable soon.

Please update your dependency to ruby-minitar.

This package is available in Debian since stretch.

Best Regards
Markus Frosch
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#947841: Update dependency ruby-archive-tar-minitar to ruby-minitar

[Markus Frosch]

Source: ruby-docker-api
Version: 1.22.2-1
Severity: important
Usertags: ruby-minitar

Hi maintainer,
I will remove the ruby-archive-tar-minitar transitional
package from Debian unstable soon.

Please update your dependency to ruby-minitar.

This package is available in Debian since stretch.

Best Regards
Markus Frosch
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#947843: Update dependency ruby-archive-tar-minitar to ruby-minitar

[Markus Frosch]

Source: rhc
Version: 1.38.7-2
Severity: important
Usertags: ruby-minitar

Hi maintainer,
I will remove the ruby-archive-tar-minitar transitional
package from Debian unstable soon.

Please update your dependency to ruby-minitar.

This package is available in Debian since stretch.

Best Regards
Markus Frosch
-- 
lazyfro...@debian.org
https://lazyfrosch.de

Bug#947716: RFH: terminator -- multiple GNOME terminals in one window

[Markus Frosch]

Hi Lucas,

Am Montag, den 30.12.2019, 01:49 +0100 schrieb Lucas Nussbaum:
> I'm a happy user of terminator, and I'm surprised to learn that it's
> dead upstream. What do people use instead?
> 
> (I'm unlikely to have time to help, unfortunately)

I was wondering that myself, I know lots of people using terminator
for its split terminal views.

Of course the standard gnome terminal, or whatever people are using,
will support most use cases. But I'm not aware of any good alternative
for terminator...

Time is also my problem, I only jumped in to keep terminator in buster.

I tried contacting the admins of the project on launchpad.

Regards
Markus
-- 
mar...@lazyfrosch.de
https://lazyfrosch.de

Bug#947716: RFH: terminator -- multiple GNOME terminals in one window

[Markus Frosch]

Package: wnpp
Severity: normal

I request assistance with maintaining the terminator package. [1]

The upstream seems pretty much dead, though I'd like the keep the
package available. Popcon [2] is not too bad, and I think usage on
Ubuntu is also pretty stable (I know a lot of people).

The package doesn't have a lot todo, though we should look into some
issues and I'd prefer not to work on it alone.

Please contact me if you are interested, first step should be to have a
look at the packaging, bugs and the patches I've revised for Python 3.

Regards
Markus

The package description is:
 Terminator is a little project to produce an efficient way of
 filling a large area of screen space with terminals.
 .
 The user can have multiple terminals in one window and use
 key bindings to switch between them. See the manpage for
 details.

[1] https://tracker.debian.org/pkg/terminator
[2] https://qa.debian.org/popcon.php?package=terminator

Bug#922769: yubikey-luks: Cant use yubikey with luks. Yubikey ignored

[Markus Frosch]

Control: tags -1 + moreinfo

Am 20.02.19 um 14:09 schrieb GP:
> I encrypted my hard disk and tried to add another slot for unlocking the hard
> disk with another password and yubikey (challenge response)
> 
> The commands i entered
> 
> sudo ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 
> -oserial-api-
> visible
> sudo /usr/bin/yubikey-luks-enroll -d /dev/nvme0n1p3 -s 7
> sudo reboot
> 
>* What was the outcome of this action?
> 
> The yubikey is ignored at boot up. I dont get any messages on unlocking the
> disk with the use of yubikey.
> I can only unlock my hard disk with the original password with or without the
> yubikey inserted at usb slot.
> 
>* What outcome did you expect instead?
> 
> I should be ask to enter the original password or the password needed with
> yubikey. I should insert the yubikey and the password and decrypt my hard 
> disk.

Thanks for your report.

Have you actually changed your /etc/crypttab to use yubikey to unlock?
It is no longer enabled by default.

Please see:
/usr/share/doc/yubikey-luks/README.md
/usr/share/doc/yubikey-luks/NEWS.Debian.gz

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#921824: terminator: Impossible to load a layout on startup after upgrading to 1.91-3

[Markus Frosch]

On Sat, 9 Feb 2019 12:06:55 +0100 phep  wrote:
> I managed to fix this with the patch below but this probably not the best 
> way to do it. Besides, this might be the sign that the code base should be 
> checked up more thoroughly before to depend on python3.

Hey Patrice,
thank you so much for testing and suggesting a patch.

I partially adopted your patch and will add it to the next upload.

If you noticed something else with the current packages please report it ;)

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#921131: taking over yum-utils

[Markus Frosch]

Am 22.02.19 um 10:26 schrieb Holger Levsen:
> please adopt yum-utils and get the changes from experiemental into
> sid/buster before the freeze is fully in effect. You still have almost a
> week to do that! ;)
> 
> Also if you do that, please dont forget to include the changes from my
> NMU.
> 
> If you need any help or advice, please shout!

Hey Holger,
thanks I just did so, and uploaded a new version.

During testing I noticed the "refactoring" patch actually broke logging,
and therefor reposync working.

I fixed it with an additional patch:
https://salsa.debian.org/pkg-rpm-team/yum-utils/commit/0c946a3b072b921a96d1b47a9653367db74d5cf0

Upstream has applied more refactoring, I will rebase our patches at a
later point, for now it should work.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#921131: CVE-2018-10897

[Markus Frosch]

On Sat, 02 Feb 2019 00:46:12 +0100 Moritz Muehlenhoff 
wrote:
> Package: yum-utils
> Severity: grave
> Tags: security
> 
> This was assigned CVE-2018-10897:
> https://bugzilla.redhat.com/show_bug.cgi?id=1600221
> https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
> https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
> https://github.com/rpm-software-management/yum-utils/pull/43

I'm not sure how active Mike is currently.

Since I'm using the package in a multi distro build system, I would
proceed with uploading a fix and join as co-maintainer.

I already created a salsa project:
https://salsa.debian.org/debian/yum-utils

@Mike: Can I get a short approval?

Also: Is the experimental upload ready for buster?

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#921507: nextcloud-desktop: Nautilus extension is trying the wrong socket

[Markus Frosch]

Package: nextcloud-desktop
Version: 2.5.1-1
Severity: important

Hey Sandro,
looks like the nautilus extension is not working yet, it logs the following:

Could not connect to unix socket /run/user/1000/ownCloud/socket. [Errno 2] 
Datei oder Verzeichnis nicht gefunden

Correct path is: /run/user/1000/Nextcloud/socket

@Sandro: Do you need help in maintaining? I can help if you want.

Regards
Markus

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nextcloud-desktop depends on:
ii  libc6 2.28-5
ii  libgcc1   1:8.2.0-16
ii  libnextcloudsync0 2.5.1-1
ii  libqt5concurrent5 5.11.3+dfsg-2
ii  libqt5core5a  5.11.3+dfsg-2
ii  libqt5dbus5   5.11.3+dfsg-2
ii  libqt5gui55.11.3+dfsg-2
ii  libqt5keychain1   0.9.0-2
ii  libqt5network55.11.3+dfsg-2
ii  libqt5positioning55.11.3+dfsg-2
ii  libqt5printsupport5   5.11.3+dfsg-2
ii  libqt5qml55.11.3-2
ii  libqt5quick5  5.11.3-2
ii  libqt5sql5-sqlite 5.11.3+dfsg-2
ii  libqt5webchannel5 5.11.3-2
ii  libqt5webenginecore5  5.11.3+dfsg-2+b1
ii  libqt5webenginewidgets5   5.11.3+dfsg-2+b1
ii  libqt5webkit5 5.212.0~alpha2-19
ii  libqt5widgets55.11.3+dfsg-2
ii  libqt5xml55.11.3+dfsg-2
ii  libsqlite3-0  3.26.0+fossilbc891ac6b-2
ii  libssl1.1 1.1.1a-1
ii  libstdc++68.2.0-16
ii  nextcloud-desktop-common  2.5.1-1
ii  nextcloud-desktop-l10n2.5.1-1
ii  zlib1g1:1.2.11.dfsg-1

Versions of packages nextcloud-desktop recommends:
ii  nextcloud-desktop-doc  2.5.1-1

nextcloud-desktop suggests no packages.

-- no debconf information

Bug#897563: ITA: sl -- Correct you if you type `sl' by mistake

[Markus Frosch]

retitle -1 ITA: sl -- Correct you if you type `sl' by mistake
owner -1 lazyfrosch
thanks

I am going to adopt the package.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de

Bug#918149: terminator in buster

[Markus Frosch]

Hey Julian,
thanks for responding.

Since testing the Python 3 patch by Emilio, I would love to push this to
buster as well.

I requested to join PAPT, and am waiting for an response on that.

If you all agree, I will take care of that and join the maintainer team.

Regards
Markus

P.S. If one of you can add me to PAPT, I would appreciate some help :)

Am 28.01.19 um 21:55 schrieb Julián Moreno Patiño:
> Hello Markus,
> 
> This package is team maintained, you are welcome at board.
> 
> At the moment I am a little bit busy. Just go ahead with your NMU to
> fix the RC bug.
> 
> Kind regards,
> 
> El dom., 27 ene. 2019 a las 7:00, Markus Frosch
> () escribió:
>>
>> Hey all,
>> is anyone taking care about the RC bug [2] in terminator[1] for upcoming
>> buster?
>>
>> I plan to do an NMU over the next days, if no one says stop.
>>
>> I've seen that Emilio did some Python 3 work in experimental, is that
>> ready for unstable? What's the upstream work on this?
>>
>> Maybe I'm going to adopt the package as well, since I'm using
>> terminator. Anyone opposes that?
>>
>> Cheers
>> Markus Frosch
>>
>> [1] https://tracker.debian.org/pkg/terminator
>> [2] https://bugs.debian.org/918149
>>
>> --
>> mar...@lazyfrosch.de / lazyfro...@debian.org
>> https://lazyfrosch.de
>>
> 
> 

-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#918149: terminator in buster

[Markus Frosch]

Hey all,
is anyone taking care about the RC bug [2] in terminator[1] for upcoming
buster?

I plan to do an NMU over the next days, if no one says stop.

I've seen that Emilio did some Python 3 work in experimental, is that
ready for unstable? What's the upstream work on this?

Maybe I'm going to adopt the package as well, since I'm using
terminator. Anyone opposes that?

Cheers
Markus Frosch

[1] https://tracker.debian.org/pkg/terminator
[2] https://bugs.debian.org/918149

-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#918260: ruby-protected-attributes: Depends: ruby-activemodel (< 2:5.0) but 2:5.2.0+dfsg-2 is to be installed

[Markus Frosch]

Control: affects -1 redmine

If I understood this right, this Gem provides extra functionality for
ruby-rails, and is obsolete with rails 5.0

Problems:
- rails is not migrated to testing yet
- Autoremoval logic seems to want to remove way more packages than
  actually affected
- redmine is the actual dependency as it seems

Redmine (from its Gemfile) actually no longer mentions
"protected_attibutes".

Suggestion: Update redmine dependencies

Still a problem: Why dependency resolver wants to remove seemingly
unrelated packages?

Anything I can help with?

Cheers
Markus Frosch

Note from https://tracker.debian.org/pkg/ruby-protected-attributes:

Version 1.1.4-2 of ruby-protected-attributes is marked for autoremoval
from testing on Sun 17 Feb 2019. It is affected by #918260. The removal
of ruby-protected-attributes will also cause the removal of (transitive)
reverse dependencies: coquelicot, librarian-puppet, r10k, redmine,
redmine-plugin-custom-css, redmine-plugin-local-avatars,
redmine-plugin-pretend, ruby-fast-gettext, ruby-gettext-i18n-rails,
ruby-gettext-i18n-rails-js, ruby-gettext-setup,
ruby-haml-magic-translations, ruby-puppet-forge, samizdat. You should
try to prevent the removal by fixing these RC bugs.

-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#911734: yubikey-luks: enrolling yubikey does not work

[Markus Frosch]

Control: tags -1 + fixed pending

Hey Norbert,

Am 24.10.18 um 05:29 schrieb Norbert Preining:
> I want to use my yubikey (Neo) for unlocking the LUKS volume
> of my laptop, and did the necessary steps of initialization
> as well as
>   yubikey-enroll-luks -d /dev/sdaN
> for my luks device.
> 
> Enrollment did not report any errors whatsoever.
> 
> Albeit, rebooting didn't allow me to use the yubikey and only the
> complete passphrase is accepted.

The enroll script swallowed errors when he had access problems with the
Yubikey.

Should be fixed with 0.5.1+29.g5df2b95-1.

Make sure to also check NEWS and README.md

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de

Bug#916314: "yubikey-luks" should depends on "cryptsetup-run"

[Markus Frosch]

Hey Christophe,

Am 12.12.18 um 23:21 schrieb Christophe HENRY:
> Currently, it's not possible to not use "cryptsetup-initramfs" and use
> "yubikey-luks". The resolver wants to remove "yubikey-luks" when I
> intend to remove "cryptsetup-initramfs".
> 
> I think it should be possible to not install the initramfs package and
> use the yubikey package.
> "yubikey-luks" may depends only on "cryptsetup-run".

Can you please explain how you would use yubikey-luks without initramfs?

Currently dracut is not supported...

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de

Bug#913556: apt-show-versions: Max. recursion depth with nested structures exceeded

[Markus Frosch]

On 12.11.18 17:16, Christoph Martin wrote:
> please try for me to change the value in line 271 from 65536 to a higher
> value which is high enough for your sources.list .
> 
> What do you have in sources.list ?

Interesting, so this value relates to the amount of packages?

#$Storable::recursion_limit_hash = 65536;
$Storable::recursion_limit_hash = 123456;

$ dpkg-reconfigure apt-show-versions
** initializing cache. This may take a while **
# works!

I have a "few" sources enabled, buster, debug, and third-party. (with
multi-arch enabled) - Added details on repos and counts as an attachment!

$ grep -r ^deb sources.list sources.list.d/*.list | wc -l
15

$ apt list | wc -l
117049

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
https://lazyfrosch.de
sources.list:deb http://httpredir.debian.org/debian buster main contrib non-free
sources.list:deb-src http://httpredir.debian.org/debian buster main contrib 
non-free
sources.list.d/atom.list:deb [arch=amd64] 
https://packagecloud.io/AtomEditor/atom/any/ any main
sources.list.d/debian-debug.list:deb 
http://debug.mirrors.debian.org/debian-debug/ testing-debug main
sources.list.d/docker.list:deb [arch=amd64] 
https://download.docker.com/linux/debianstretchstable
sources.list.d/enpass.list:deb http://repo.sinew.in/ stable main
sources.list.d/enpass.list:deb http://repo.sinew.in/testing testing beta
sources.list.d/google-chrome.list:deb [arch=amd64] 
http://dl.google.com/linux/chrome/deb/ stable main
sources.list.d/insync.list:deb http://apt.insynchq.com/debian stretch non-free 
contrib
sources.list.d/keybase.list:deb http://prerelease.keybase.io/deb stable main
sources.list.d/microsoft.list:deb [arch=amd64] 
https://packages.microsoft.com/ubuntu/18.04/prod bionic main
sources.list.d/packagecloud.list:deb 
https://packagecloud.io/lazyfrosch/notebook/debian/ buster main
sources.list.d/spotify.list:deb http://repository.spotify.com stable non-free
sources.list.d/teamviewer.list:deb http://linux.teamviewer.com/deb stable main
sources.list.d/teamviewer.list:deb http://linux.teamviewer.com/deb preview main
apt.insynchq.com_debian_dists_stretch_contrib_binary-amd64_Packages:7
apt.insynchq.com_debian_dists_stretch_contrib_binary-i386_Packages:7
apt.insynchq.com_debian_dists_stretch_non-free_binary-amd64_Packages:2
apt.insynchq.com_debian_dists_stretch_non-free_binary-i386_Packages:2
debug.mirrors.debian.org_debian-debug_dists_testing-debug_main_binary-amd64_Packages:16055
debug.mirrors.debian.org_debian-debug_dists_testing-debug_main_binary-i386_Packages:15907
dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages:3
download.docker.com_linux_debian_dists_stretch_stable_binary-amd64_Packages:21
httpredir.debian.org_debian_dists_buster_contrib_binary-amd64_Packages:279
httpredir.debian.org_debian_dists_buster_contrib_binary-i386_Packages:270
httpredir.debian.org_debian_dists_buster_main_binary-amd64_Packages:56046
httpredir.debian.org_debian_dists_buster_main_binary-i386_Packages:55805
httpredir.debian.org_debian_dists_buster_non-free_binary-amd64_Packages:608
httpredir.debian.org_debian_dists_buster_non-free_binary-i386_Packages:535
linux.teamviewer.com_deb_dists_preview_main_binary-amd64_Packages:14
linux.teamviewer.com_deb_dists_preview_main_binary-i386_Packages:13
linux.teamviewer.com_deb_dists_stable_main_binary-amd64_Packages:10
linux.teamviewer.com_deb_dists_stable_main_binary-i386_Packages:9
packagecloud.io_AtomEditor_atom_any_dists_any_main_binary-amd64_Packages:51
packagecloud.io_lazyfrosch_notebook_debian_dists_buster_main_binary-amd64_Packages:5
packagecloud.io_lazyfrosch_notebook_debian_dists_buster_main_binary-i386_Packages:2
packages.microsoft.com_ubuntu_18.04_prod_dists_bionic_main_binary-amd64_Packages:144
prerelease.keybase.io_deb_dists_stable_main_binary-amd64_Packages:1
prerelease.keybase.io_deb_dists_stable_main_binary-i386_Packages:1
repo.sinew.in_dists_stable_main_binary-amd64_Packages:23
repo.sinew.in_dists_stable_main_binary-i386_Packages:19
repo.sinew.in_testing_dists_testing_beta_binary-amd64_Packages:7
repo.sinew.in_testing_dists_testing_beta_binary-i386_Packages:6
repository.spotify.com_dists_stable_non-free_binary-amd64_Packages:4
repository.spotify.com_dists_stable_non-free_binary-i386_Packages:3

Bug#913556: apt-show-versions: Max. recursion depth with nested structures exceeded

[Markus Frosch]

Package: apt-show-versions
Version: 0.22.9
Severity: grave
Justification: renders package unusable

Hello Maintainer,
this might be connected to #913477, but I'm not sure.

Since upgrading to current testing today the package broke during
configure.

Might be related to the latest perl transition.

$ apt install -f

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libperl5.26 myspell-de-de perl-modules-5.26
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up apt-show-versions (0.22.9) ...
** initializing cache. This may take a while **
Max. recursion depth with nested structures exceeded at 
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at 
/usr/bin/apt-show-versions line 273.
dpkg: error processing package apt-show-versions (--configure):
 installed apt-show-versions package post-installation script subprocess 
returned error exit status 25
Errors were encountered while processing:
 apt-show-versions

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt-show-versions depends on:
ii  apt  1.7.0
ii  libapt-pkg-perl  0.1.34+b1
ii  perl [libstorable-perl]  5.28.0-3

apt-show-versions recommends no packages.

apt-show-versions suggests no packages.

-- no debconf information

Bug#904162: yubikey-luks: keyscript not run during boot

[Markus Frosch]

tags -1 + pending
thanks

On 21.07.2018 00:16, Matt Patey wrote:
> I got it working again by changing /usr/share/initramfs-tools/scripts/local-
> top/yubikey-luks as follows:

I've adapted your path in a slightly different ways, see
https://salsa.debian.org/auth-team/yubikey-luks/commit/af092665b9628956ba5318935b66584665fda978

Thanks for submitting, I'm preparing a release.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#904030: clipit: Copy/Paste is not working

[Markus Frosch]

Package: clipit
Version: 1.4.4-2
Followup-For: Bug #904030

For me it stopped working with the upgrade to 1.4.4-2

* Keyboard Shortcuts no longer work
* Settings window is not showing up

Random errors appear on stdout, see below.

For now I had to downgrade to 1.4.2-1.2 - I'm not too sure how to debug
GTK issues.

My desktop is Gnome in Xorg mode, so no wayland here.

(clipit:31469): Gdk-CRITICAL **: 14:05:57.686: 
gdk_window_thaw_toplevel_updates: assertion 
'window->update_and_descendants_freeze_count > 0' failed
(clipit:31469): GLib-GObject-CRITICAL **: 14:06:08.366: g_object_set_data: 
assertion 'G_IS_OBJECT (object)' failed
(clipit:31469): Gdk-CRITICAL **: 14:06:08.366: gdk_window_get_window_type: 
assertion 'GDK_IS_WINDOW (window)' failed
(clipit:31469): GLib-GObject-CRITICAL **: 14:06:09.344: g_object_set_data: 
assertion 'G_IS_OBJECT (object)' failed
(clipit:31469): Gdk-CRITICAL **: 14:06:09.344: gdk_window_get_window_type: 
assertion 'GDK_IS_WINDOW (window)' failed
(clipit:31469): GLib-GObject-CRITICAL **: 14:06:10.263: g_object_set_data: 
assertion 'G_IS_OBJECT (object)' failed
(clipit:31469): Gdk-CRITICAL **: 14:06:10.263: gdk_window_get_window_type: 
assertion 'GDK_IS_WINDOW (window)' failed
(clipit:31469): Gtk-CRITICAL **: 14:06:16.027: _gtk_widget_captured_event: 
assertion 'WIDGET_REALIZED_FOR_EVENT (widget, event)' failed
(clipit:31469): Gtk-CRITICAL **: 14:06:16.027: _gtk_widget_captured_event: 
assertion 'WIDGET_REALIZED_FOR_EVENT (widget, event)' failed

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages clipit depends on:
ii  libappindicator3-1  0.4.92-6
ii  libc6   2.27-5
ii  libglib2.0-02.56.1-2
ii  libgtk-3-0  3.22.30-2
ii  libpango-1.0-0  1.42.1-2
ii  libx11-62:1.6.5-1
ii  xdotool 1:3.20160805.1-4

clipit recommends no packages.

clipit suggests no packages.

-- no debconf information

Bug#903646: libwinpr2-2: remmina crashing on reconnect

[Markus Frosch]

Package: libwinpr2-2
Version: 2.0.0~git20180411.1.7a7b1802+dfsg1-2
Severity: normal

Hello Remote maintainers,
lately remmina keeps crashing when the connection needs to be
reconnected.

I don't think this is a bug with remmina, but libwinpr2.

It happens on RDP sessions with Windows Server 2012 and 2016, here is a
backtrace I collected.

Please tell me if I can supply more details!

Regards
Markus

Core was generated by `remmina'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x7fee1b5303c5 in InterlockedIncrement () from
/usr/lib/x86_64-linux-gnu/libwinpr2.so.2
[Current thread is 1 (Thread 0x7fee0b99f700 (LWP 27333))]
(gdb) bt
#0  0x7fee1b5303c5 in InterlockedIncrement () at
/usr/lib/x86_64-linux-gnu/libwinpr2.so.2
#1  0x7fee1b521e32 in EnterCriticalSection () at
/usr/lib/x86_64-linux-gnu/libwinpr2.so.2
#2  0x7fee1b53fe50 in MessageQueue_Dispatch () at
/usr/lib/x86_64-linux-gnu/libwinpr2.so.2
#3  0x7fee1b53ffa7 in MessageQueue_Post () at
/usr/lib/x86_64-linux-gnu/libwinpr2.so.2
#4  0x7fee1b8308de in drdynvc_virtual_channel_event_disconnected
(drdynvc=0x7fedfc0031a0)
at ./channels/drdynvc/client/drdynvc_main.c:1407
#5  0x7fee1b8308de in drdynvc_virtual_channel_init_event_ex
(lpUserParam=0x7fedfc0031a0, pInitHandle=, event=3,
pData=, dataLength=) at
./channels/drdynvc/client/drdynvc_main.c:1547
#6  0x7fee1bb1bf51 in freerdp_channels_disconnect
(channels=channels@entry=0x56286c2223d0, instance=0x56286c0c17c0)
at ./libfreerdp/core/client.c:642
#7  0x7fee1bb249ae in rdp_client_reconnect (rdp=0x56286c0c5790) at
./libfreerdp/core/connection.c:399
#8  0x7fee1bb18ce0 in freerdp_reconnect (instance=)
at ./libfreerdp/core/freerdp.c:518
#9  0x7fee1bdf2114 in rf_auto_reconnect (rfi=0x56286c0c5000) at
./plugins/rdp/rdp_plugin.c:278
#10 0x7fee1bdf33b0 in remmina_rdp_main_loop (gp=0x56286be61b40) at
./plugins/rdp/rdp_plugin.c:626
#11 0x7fee1bdf33b0 in remmina_rdp_main (gp=gp@entry=0x56286be61b40)
at ./plugins/rdp/rdp_plugin.c:1106
#12 0x7fee1bdf377a in remmina_rdp_main_thread (data=0x56286be61b40)
at ./plugins/rdp/rdp_plugin.c:1122
#13 0x7fee314a15aa in start_thread (arg=0x7fee0b99f700) at
pthread_create.c:463
#14 0x7fee2f38dcbf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500,
'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libwinpr2-2 depends on:
ii  libc62.27-3
ii  libssl1.11.1.0h-4
ii  libsystemd0  239-5

libwinpr2-2 recommends no packages.

Versions of packages libwinpr2-2 suggests:
pn  freerdp2-x11  

-- no debconf information

-- 
mar...@lazyfrosch.de
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#851671: icinga-web: Mysql error: Specified key was too long; max key length is 767 bytes

[Markus Frosch]

Control: forwarded -1 https://github.com/Icinga/icinga-web/issues/1382

On 17.01.2017 14:09, John Lines wrote:
> Package: icinga-web
> Version: 1.13.1-2
> Severity: normal
> 
> Dear Maintainer,
> 
> *** Reporter, please consider answering these questions, where appropriate ***
> 
> On installing icinga-web, with default-mysql-server already freshly
> installed I receive the message
> 
> mysql said: ERROR 1071 (42000) at line 18: Specified key was too long;
> max key length is 767 bytes
> 
> The problem would appear to be in line 18 of
> /usr/share/dbconfig-common/data/icinga-web/install/mysql
> 
> which attempts to create the nsm_session table.
> 
> With the default UTF encoding it seems varchar(255) is larger than
> session_id is allowed to be.
> 
> I have worked around it by specifying varchar(125)
> 
> A dpkg-reconfigure icinga-web then succeeded

Thanks for the report, I think the explicit character set would be the best 
solution.

Testing pending.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de

Bug#851585: [Pkg-nagios-devel] Bug#851585: icinga2-ido-mysql: fails to upgrade from 'jessie': mysql said: ERROR 1067 (42000) at line 10: Invalid default value for 'status_update_time'

[Markus Frosch]

Hello Release team
- top post for referencing-

I'd like to ask you about views of this bug.

We can do the following:

1) Update icinga2 to 2.6.1 which includes some other useful changes (see below)
2) stretch-ignore the bug, since MySQL 5.7 won't be included in stretch
   (Problem: backports might make a problem then)

I could also patch some of the crashing issues, but would rather prefer 2.6.1
as a cleaner update to maintain in stretch.

Note: I'm affiliated with upstream, but want to maintain the package as conform
as possible.

In my perspective the cleanest way would be to use the minor release.

Please advise me, I left the diff out since it won't be helpful in discussion.

Interesting Icinga2 2.6.1 changes:
* Fixes an internal crash bug during check execution
* SIGPIPE crash (currently fixed in sysVinit script)
* Timestamp problems with PostgreSQL (incorrect datetime)
* Updating IDO schema to conform with MySQL >= 5.7 (big diff with lots of 
fields)
* Documentation and project links (that might be helpful for users)

Full issue list: https://github.com/Icinga/icinga2/milestone/60?closed=1

On 16.01.2017 17:33, Andreas Beckmann wrote:
> Package: icinga2-ido-mysql
> Version: 2.6.0-2
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
> 
> Hi,
> 
> during a test with piuparts I noticed your package fails to upgrade from
> 'jessie'.
> It installed fine in 'jessie', then the upgrade to 'sid' fails.
> 
>>From the attached log (scroll to the bottom...):
> 
>   Setting up icinga2-common (2.6.0-2) ...
>   Installing new version of config file /etc/default/icinga2 ...
>   Installing new version of config file /etc/icinga2/conf.d/commands.conf ...
>   Installing new version of config file /etc/icinga2/conf.d/downtimes.conf ...
>   Installing new version of config file /etc/icinga2/conf.d/groups.conf ...
>   Installing new version of config file 
> /etc/icinga2/conf.d/notifications.conf ...
>   Installing new version of config file /etc/icinga2/conf.d/services.conf ...
>   Installing new version of config file /etc/icinga2/conf.d/templates.conf ...
>   Installing new version of config file /etc/icinga2/constants.conf ...
>   Installing new version of config file 
> /etc/icinga2/features-available/api.conf ...
>   Installing new version of config file /etc/icinga2/icinga2.conf ...
>   Installing new version of config file 
> /etc/icinga2/scripts/mail-host-notification.sh ...
>   Installing new version of config file 
> /etc/icinga2/scripts/mail-service-notification.sh ...
>   Installing new version of config file /etc/init.d/icinga2 ...
>   Installing new version of config file /etc/logrotate.d/icinga2 ...
>   Created symlink /etc/systemd/system/multi-user.target.wants/icinga2.service 
> → /lib/systemd/system/icinga2.service.
>   Running in chroot, ignoring request.
>   invoke-rc.d: policy-rc.d denied execution of start.
>   Setting up icinga2-bin (2.6.0-2) ...
>   Setting up icinga2-ido-mysql (2.6.0-2) ...
>   Determining localhost credentials from /etc/mysql/debian.cnf: succeeded.
>   dbconfig-common: writing config to 
> /etc/dbconfig-common/icinga2-ido-mysql.conf
>   Replacing config file /etc/dbconfig-common/icinga2-ido-mysql.conf with new 
> version
>   creating database backup in 
> /var/cache/dbconfig-common/backups/icinga2-ido-mysql_2.1.1-1.2017-01-13-09.37.09.
>   applying upgrade sql for 2.1.1-1 -> 2.2.0.
>   error encountered processing 
> /usr/share/dbconfig-common/data/icinga2-ido-mysql/upgrade/mysql/2.2.0:
>   mysql said: ERROR 1067 (42000) at line 10: Invalid default value for 
> 'status_update_time'
>   dbconfig-common: icinga2-ido-mysql configure: aborted.
>   dbconfig-common: flushing administrative password
>   dpkg: error processing package icinga2-ido-mysql (--configure):
>subprocess installed post-installation script returned error exit status 1
> 
> This was observed during a jessie->sid upgrade which picked a mysql-5.5 -> 
> mysql-5.7 upgrade for the database server.
> Feel free to downgrade the severity if this bug is specific to that weird 
> combination.
> 
> 
> cheers,
> 
> Andreas
> 
> 
> 
> ___
> Pkg-nagios-devel mailing list
> pkg-nagios-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-nagios-devel
> 


Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#853286: unblock: ruby-minitar/0.5.4-3.1

[Markus Frosch]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-minitar

CVE-2016-10173 has been fixed with the update.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853075
And diff:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=853075;filename=ruby-minitar-0.5.4-3.1-nmu.diff;msg=10

unblock ruby-minitar/0.5.4-3.1

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#853075: ruby-minitar: diff for NMU version 0.5.4-3.1

[Markus Frosch]

On 30.01.2017 07:08, Salvatore Bonaccorso wrote:
> I've prepared an NMU for ruby-minitar (versioned as 0.5.4-3.1) and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.

Thanks Salvatore, I'm perfectly fine with that.

Should I take care about the migration to stretch? Or is there some new 
auto-security mechanism? :)

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#851991: [Pkg-nagios-devel] Bug#851991: icinga2: Please support nrpe-ng in icinga2 commands

[Markus Frosch]

Control: tags -1 + upstream

On 20.01.2017 17:10, John Lines wrote:
> The nrpe-ng package is useful for system managers migrating from jessie
> to stretch, as it is available in jessie-backports, as well as stretch.
> 
> Please provide a CheckCommand definition, similar to that for nrpe, for
> nrpe-ng
> 
> I attach one I have hacked together. Note that the specification of the
> target by name is important, as otherwise certificate checks are likely
> to fail, and the explicit specification of the command file also appears
> to be required.

Thanks for your config example.

I'd really prefer to include the config as basis of upstream. And not include 
Debian specific improvements.

You can open issues on GitHub: https://github.com/Icinga/icinga2/issues

Even a PR would be welcome.

If you don't want to do that yourself, I can help.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de

Bug#850215: [pkg-php-pear] Bug#850215: zendframework: CVE-2016-10034

[Markus Frosch]

On 05.01.2017 07:01, Salvatore Bonaccorso wrote:
> Source: zendframework
> Version: 1.12.9+dfsg-1
> Severity: grave
> Tags: upstream security
> Justification: user security hole
> 
> Hi,
> 
> the following vulnerability was published for zendframework.
> 
> CVE-2016-10034[0]:
> | The setFrom function in the Sendmail adapter in the zend-mail
> | component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and
> | Zend Framework before 2.4.11 might allow remote attackers to pass
> | extra parameters to the mail command and consequently execute
> | arbitrary code via a \" (backslash double quote) in a crafted e-mail
> | address.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2016-10034
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10034
> 
> Please adjust the affected versions in the BTS as needed.

Hi Salvatore,
thanks for bringing that up.

I actually don't think this CVE is valid for ZendFramework 1 (Version < 2).

Not only there are big differences in class structure between ZF1 and ZF >= 2.0,
but many features have been introduced first in ZF > 2.

I see no specific handling for a From header in Zend_Mail_Transport_Sendmail.

https://github.com/zendframework/zf1/blob/master/library/Zend/Mail/Transport/Sendmail.php#L128

A user of the library would be able to insert additional parameters, and pass 
whatever
argument to sendmail. But the user would have to care about securing / escaping 
then.

As we currently don't have a package for Zend-Mail, and zendframework is < 2, 
this bug
wouldn't affect Debian.

Would love if someone could approve or object my analysis.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#849323: [Pkg-nagios-devel] Bug#849323: icinga: FTBFS with -Wl, -Bsymbolic-functions

[Markus Frosch]

On 25.12.2016 14:55, Bas Couwenberg wrote:
> icinga (1.13.4-1) FTBFS on Ubuntu because they include
> -Wl,-Bsymbolic-functions in LDFLAGS. [0]
> 
> The attached patch strips -Wl,-Bsymbolic-functions from LDFLAGS which
> should resolve this issue.
> 
> [0] 
> https://launchpadlibrarian.net/299806145/buildlog_ubuntu-zesty-amd64.icinga_1.13.4-1_BUILDING.txt.gz

Hey Bas,
this does not seem to have anything todo with this compiler flags.

"-fPIE -pie" vs. "-fPIC"

Which basically comes from hardening:

# DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags
CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security

Btw. dropping "-Wl,-Bsymbolic-functions" doesn't help in my tests with xenial. 
It's not even stripping the flags via DEB_LDFLAGS_STRIP, bc
it seems not to be coming from dpkg-buildflags.

I'm no expert on C, but I think -fPIE -pie is just the wrong method for a 
module, in our case, we are using symbols of the main process,
which is loading the module. So no linking can occur.

We have to discuss how to fix it properly.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de

Bug#848689: RM: icinga2 [mips mipsel mips64el] -- ROM; FTBFS

[Markus Frosch]

Package: ftp.debian.org
Severity: normal

Hello FTP masters,
please remove icinga2 from mips*.

We have some weird GCC / libstdc++ problem there, it should not be
related to Icinga 2 itself. Which runs fine on all other arches.

But I'd prefer a migration into testing for the other arch. arm64 will
be fixed with a new upload later today.

FTBFS Bug for the issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848688

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#848688: icinga2: FTBFS on mips* architectures

[Markus Frosch]

Source: icinga2
Version: 2.5.4-2
Severity: important

The package can not be built on mips mipsel and mips64el.

As far as I isolated the problem, it seems not to be caused by Icinga2s
code, but rather GCC or stdc++.

We should fix this problem with a porter soon. But it's not likely a
flaw in Icinga2.

Here is a bt on mips (eller.d.o)

Thread 1 "boosttest-test-" received signal SIGSEGV, Segmentation fault.
parse_lsda_header (context=0x7fff5330, p=0x256dec , info=0x7fff4c80) at
../../../../src/libstdc++-v3/libsupc++/eh_personality.cc:58
58  ../../../../src/libstdc++-v3/libsupc++/eh_personality.cc: No such file 
or directory.
(gdb) bt
#0  parse_lsda_header (context=0x7fff5330, p=0x256dec , info=0x7fff4c80) at
../../../../src/libstdc++-v3/libsupc++/eh_personality.cc:58
#1  0x76e5a29c in __cxxabiv1::__gxx_personality_v0 (version=, 
actions=1, exception_class=,
ue_header=0x556984a8, context=0x7fff5330) at 
../../../../src/libstdc++-v3/libsupc++/eh_personality.cc:445
#2  0x76d39edc in _Unwind_RaiseException (exc=0x556984a8) at 
../../../src/libgcc/unwind.inc:113
#3  0x76e5b3fc in __cxxabiv1::__cxa_throw (obj=0x556984c0, tinfo=0x5564f914 

 >>,
dest=0x55580d70 
::~clone_impl()>) at ../../../../src/libstdc++-v3/libsupc++/eh_throw.cc:82
#4  0x775a7384 in __cxa_throw (obj=0x556984c0, pvtinfo=0x5564f914 
 >>,
dest=0x55580d70 
::~clone_impl()>) at ./lib/base/exception.cpp:144
#5  0x55581f30 in boost::throw_exception (e=...) at 
/usr/include/boost/throw_exception.hpp:69
#6  0x55579024 in boost::conversion::detail::throw_bad_cast () 
at /usr/include/boost/lexical_cast/bad_lexical_cast.hpp:92
#7  boost::lexical_cast (arg=...) at 
/usr/include/boost/lexical_cast.hpp:42
#8  icinga::Convert::ToLong (val=...) at ./lib/base/convert.hpp:42
#9  base_convert::tolong::test_method (this=) at 
./test/base-convert.cpp:31
#10 0x5557a5d8 in base_convert::tolong_invoker () at ./test/base-convert.cpp:29
#11 0x77aae9dc in boost::function0::operator() (this=) at 
./boost/function/function_template.hpp:771
#12 boost::detail::forward::operator() (this=) at 
./boost/test/impl/execution_monitor.ipp:1303
#13 boost::detail::function::function_obj_invoker0::invoke (function_obj_ptr=...) at
./boost/function/function_template.hpp:138
#14 0x77aad748 in boost::function0::operator() (this=0x7fff6d14) at 
./boost/function/function_template.hpp:771
#15 
boost::detail::do_invoke(boost::shared_ptr const&, 
>boost::function const&) (F=..., tr=...)
at ./boost/test/impl/execution_monitor.ipp:284
#16 boost::execution_monitor::catch_signals(boost::function const&) 
(this=0x77b42008
,
 F=...) at
./boost/test/impl/execution_monitor.ipp:867
#17 0x77aad8c0 in boost::execution_monitor::execute(boost::function 
const&) (this=0x77b42008
,
 F=...) at
./boost/test/impl/execution_monitor.ipp:1206
#18 0x77aae44c in boost::execution_monitor::vexecute(boost::function 
const&) (this=0x77b42008
,
 F=...) at
./boost/test/impl/execution_monitor.ipp:1312
#19 0x77ae1308 in 
boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function const&, unsigned int)
(this=0x77b42008 
,
 func=..., timeout=)
at ./boost/test/impl/unit_test_monitor.ipp:46
#20 0x77abbba8 in boost::unit_test::framework::state::execute_test_tree 
(this=0x77b41f08 , tu_id=, timeout=, p_random_generator=)
at ./boost/test/impl/framework.ipp:717
#21 0x77abc334 in boost::unit_test::framework::state::execute_test_tree 
(this=0x77b41f08 , tu_id=, timeout=, p_random_generator=)
at ./boost/test/impl/framework.ipp:666
#22 0x77ab3f40 in boost::unit_test::framework::state::execute_test_tree 
(timeout=0, p_random_generator=0x0, tu_id=1, this=0x77b41f08
) at ./boost/test/impl/framework.ipp:666
#23 boost::unit_test::framework::run (id=1, continue_test=) at 
./boost/test/impl/framework.ipp:1426
#24 0x77ade740 in boost::unit_test::unit_test_main (init_func=, 
argc=, argv=) at
./boost/test/impl/unit_test_main.ipp:231
#25 0xd8b8 in main (argc=2, argv=0x7fff7694) at ./test/test-runner.cpp:42

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 

Bug#838222: subtle: Update dependency to ruby-minitar

[Markus Frosch]

Package: subtle
Version: 0.11.3224-xi-2.2
Usertags: ruby-minitar

Hey Alex,
I've uploaded ruby-minitar a while, which replaces the older 
ruby-archive-tar-minitar. And in fact replaces the old binary with a
transitional package.

The old Gem (name) seems not to be maintained anymore:
https://rubygems.org/gems/archive-tar-minitar
 vs.
https://rubygems.org/gems/minitar

Please change your dependency to "ruby-minitar". Versioning and APIs work the 
same way.

Contact me if you have questions.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#838220: rhc: Update dependency to ruby-minitar

[Markus Frosch]

Package: rhc
Version: 1.38.4-2
Usertags: ruby-minitar

Hello fellow maintainer,
I've uploaded ruby-minitar a while, which replaces the older 
ruby-archive-tar-minitar. And in fact replaces the old binary with a
transitional package.

The old Gem (name) seems not to be maintained anymore:
https://rubygems.org/gems/archive-tar-minitar
 vs.
https://rubygems.org/gems/minitar

Please change your dependency to "ruby-minitar". Versioning and APIs work the 
same way.

Contact me if you have questions.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#838221: ruby-docker-api: Update dependency to ruby-minitar

[Markus Frosch]

Package: ruby-docker-api
Version: 1.22.2-1
Usertags: ruby-minitar

Hello fellow maintainer,
I've uploaded ruby-minitar a while, which replaces the older 
ruby-archive-tar-minitar. And in fact replaces the old binary with a
transitional package.

The old Gem (name) seems not to be maintained anymore:
https://rubygems.org/gems/archive-tar-minitar
 vs.
https://rubygems.org/gems/minitar

Please change your dependency to "ruby-minitar". Versioning and APIs work the 
same way.

Contact me if you have questions.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#831418: #831418 EOL: not to be released with Stretch

[Markus Frosch]

Control: severity -1 important

On 25.07.2016 13:11, Markus Frosch wrote:
> Hey all,
> this is a interesting problem, while looking on the 3 dependent packages. 
> (see below)
> 
> We have 3 choices to go on:
> 
> 1. Still provide zendframework 1 in a separated path, so it won't conflict 
> with ZF2/3
> 2. Embed needed code into the packages, and drop the full library
> 3. Remove all 3 packages from stretch
> 
> I'd prefer to go with #1, there should not be any major security issues in 
> the future with the code base.
> 
> And if so, we should be able to tackle them.
> 
> I would love to hear the opinion of the security team on the matter.
> 
> Regards
> Markus
> 
> 
> ## icingaweb2
> 
> The integrations of Zend in terms of controllers/templates is not that big of 
> a problem. Zend_Form is integrated tightly into the application.
> 
> Any adaption to ZF2/3 will need rewriting, that is not simple and certainly 
> not a drop-in replacement in terms of functionality.
> 
> ## postfixadmin
> 
> Zend_Xmlrpc_Server is used to provide API functionality, this is not a must 
> for the package.
> 
> But adapting to ZF2/3 will cause rewriting the XMLRPC interface.
> 
> ## php-letodms-lucene
> 
> The package is relying on Zend_Search_Lucene to index documents and search 
> them.
> 
> A removal of ZF1 will cause massive problems here. Question is: who uses the 
> package?

Until I hear other DDs opinion on my thoughts, I'd prefer not to remove 
zendframework from Debian.

Downgrading bug to important.

David: What do you think? ZF2+3 is not a drop-in replacement for ZF1.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de




signature.asc
Description: OpenPGP digital signature

Bug#832118: [Pkg-puppet-devel] Bug#832118: ruby-puppet-forge: FTBFS: psych.rb:471:in `initialize': No such file or directory @ rb_sysopen - /usr/lib/ruby/locales/config.yaml (Errno::ENOENT)

[Markus Frosch]

Control: tags -1 + confirmed

On 27.07.2016 15:49, Vincent Bernat wrote:
>  ❦ 22 juillet 2016 16:11 CEST, Chris Lamb <la...@debian.org> :
> 
>> ruby-puppet-forge fails to build from source in unstable/amd64:
> 
> It also fails to run. This seems due to the introduction of
> ruby-gettext-setup. The config.yaml file from locales/config.yaml should
> be installed in /usr/lib/ruby/locales but it is application
> specific. So, I suppose that ruby-puppet-forge should be patched as well
> to search inside its own locales directory.
> 
> The problem doesn't seem limited to
> ruby-puppet-forge. ruby-semantic-puppet has the same problem. Commenting
> the Gettext.initialize() call fix the problem for me.

Really weird, it was building without a problem before so I didn't notice.

Seems like the locale loading is not really meant to be used in a "vendor_ruby" 
installation.

But that should be fixable to packages that use it.

Regards
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#832428: override: r10k:admin/optional

[Markus Frosch]

Package: ftp.debian.org
Severity: normal
Control: block 832251 by -1

As suggested in "Bug#832251: r10k: Section should not be “ruby”"

The section “ruby” is for packages that install the Ruby programming
language or libraries. Its packages are primarily of interest only to
Ruby programmers.

The package ‘r10k’ installs primarily an application, of interest
regardless of the programming language. It should not be in the “ruby”
section.

By the section descriptions, this package may belong in section
“admin”.

Regards
Markus
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#831418: #831418 EOL: not to be released with Stretch

[Markus Frosch]

Hey all,
this is a interesting problem, while looking on the 3 dependent packages. (see 
below)

We have 3 choices to go on:

1. Still provide zendframework 1 in a separated path, so it won't conflict with 
ZF2/3
2. Embed needed code into the packages, and drop the full library
3. Remove all 3 packages from stretch

I'd prefer to go with #1, there should not be any major security issues in the 
future with the code base.

And if so, we should be able to tackle them.

I would love to hear the opinion of the security team on the matter.

Regards
Markus


## icingaweb2

The integrations of Zend in terms of controllers/templates is not that big of a 
problem. Zend_Form is integrated tightly into the application.

Any adaption to ZF2/3 will need rewriting, that is not simple and certainly not 
a drop-in replacement in terms of functionality.

## postfixadmin

Zend_Xmlrpc_Server is used to provide API functionality, this is not a must for 
the package.

But adapting to ZF2/3 will cause rewriting the XMLRPC interface.

## php-letodms-lucene

The package is relying on Zend_Search_Lucene to index documents and search them.

A removal of ZF1 will cause massive problems here. Question is: who uses the 
package?


-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#830941: [Pkg-nagios-devel] Bug#830941: icingaweb2: don't mangle around in the Apache configs

[Markus Frosch]

On 13.07.2016 05:28, Christoph Anton Mitterer wrote:
> The postinst of this package automatically enables some
> config snippets as well as some modules.
> 
> Please don't do that, not only has it the simple potential
> to break existing setups but also to introduce security holes.
> 
> 
> In general it's alrady a bad idea if an apache module package
> enables it's own module (i.e. a2enmod).
> It may not be configured, and depending on the layout of the
> apache configuration loading it in general may not be desired
> but e.g. rather for specific sites only.
> When some 3rd party package enables another module that's IMHO
> even worse.
> 
> mod_rewrite may easily introduce security issues or simply be
> undesired in some sites running on a node (and icingaweb2 may
> not be the only one).
> 
> 
> Similar, enabling /etc/apache2/conf-available/icingaweb2.conf
> shouldn't be done either.
> AFAICS, it's not even enforing SSL.
> It further cannot be assumed that the URL space / isn't already
> used somehow (e.g. via other generic rewritings) and it should
> be the user who decides whether he wants to make Icinga Web 2
> to /icingaweb2.
> 
> 
> 
> I think a good alternative would be simply to document in
> README.Debian wich modules are required and that there is
> an out-of-the box config snippet (icingaweb2.conf) which people
> could either use directly or integrate into their more powerful
> setup.
> Alternatively one could use debconf to at least ask whether
> that auto-configuration should be done.
> 
> I think that would be still easy for people to get it running
> while not possibly breaking more advanced setups or even
> automatically "starting" Icinga Web2 in a fashion that is not
> as tightly locked down as the site would want it.

I don't get your point here...

Its common practice in Debian to enable the daemon / configure the application, 
so it runs after installation.

Or at least gives you an easy way to let you set it up.

SSL is user choice and responsibility, there are hundreds of ways to configure 
it. (Redirect all, only some...)

The user has always the choice to change configuration afterwards, without the 
package to overwrite that.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#828347: [Pkg-nagios-devel] Bug#828347: icinga2: FTBFS with openssl 1.1.0

[Markus Frosch]

Control: forwarded -1 https://dev.icinga.org/issues/12044
Control: tags -1 + upstream fixed-upstream


Should be fixed when upstream releases 2.5.0

Will have a look onm the problem and probably release a version with the patch.

Cheers
Markus

On 26.06.2016 12:22, Kurt Roeckx wrote:
> OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
> OpenSSL this package fail to build.  A log of that build can be found at:
> https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/icinga2_2.4.10-1_amd64-20160529-1429
> 
> On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of 
> the
> reasons why it might fail.  There are also updated man pages at
> https://www.openssl.org/docs/manmaster/ that should contain useful 
> information.
> 
> There is a libssl-dev package available in experimental that contains a recent
> snapshot, I suggest you try building against that to see if everything works.
> 
> If you have problems making things work, feel free to contact us.

-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#823542: [Pkg-gmagick-im-team] Bug#823542: imagemagick-common: please mitigate CVE-2016-3714, remote arbitrary code execution during handling of delegates

[Markus Frosch]

I had a look on the RedHat patch for ImageMagick in RHEL 7.

Please see it attached.

Thats for Errata: https://rhn.redhat.com/errata/RHSA-2016-0726.html

It seems like the were adding the mitigation, and further path security for the 
delegated actions.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
diff -up ImageMagick-6.7.8-9/config/delegates.xml.in.cve-2016-3717 ImageMagick-6.7.8-9/config/delegates.xml.in
--- ImageMagick-6.7.8-9/config/delegates.xml.in.cve-2016-3717	2012-06-26 14:23:25.0 +0200
+++ ImageMagick-6.7.8-9/config/delegates.xml.in	2016-05-05 13:52:30.751570145 +0200
@@ -85,11 +85,11 @@
   
   
   
-  
+  
   
   
   
-  
+  
   
   
   
@@ -109,11 +109,11 @@
   
   
   
-  
+  
   
   
   
-  
+  
   
   
   
diff -up ImageMagick-6.7.8-9/config/policy.xml.cve-2016-3717 ImageMagick-6.7.8-9/config/policy.xml
--- ImageMagick-6.7.8-9/config/policy.xml.cve-2016-3717	2012-03-03 02:18:13.0 +0100
+++ ImageMagick-6.7.8-9/config/policy.xml	2016-05-05 14:08:15.249092848 +0200
@@ -35,6 +35,10 @@
   
 
 
+  Let's prevent possible exploits by removing the right to use indirect reads.
+ 
+ 
+
   Any large image is cached to disk rather than memory:
 
 
@@ -55,4 +59,14 @@
   
   
   
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
 
diff -up ImageMagick-6.7.8-9/magick/property.c.cve-2016-3717 ImageMagick-6.7.8-9/magick/property.c
--- ImageMagick-6.7.8-9/magick/property.c.cve-2016-3717	2012-08-10 13:08:37.0 +0200
+++ ImageMagick-6.7.8-9/magick/property.c	2016-05-05 13:52:30.752570145 +0200
@@ -66,6 +66,7 @@
 #include "magick/monitor.h"
 #include "magick/montage.h"
 #include "magick/option.h"
+#include "magick/policy.h"
 #include "magick/profile.h"
 #include "magick/property.h"
 #include "magick/quantum.h"
@@ -2357,6 +2358,29 @@ static const char *GetMagickPropertyLett
 CommandOptionToMnemonic(MagickDisposeOptions,(ssize_t) image->dispose));
   break;
 }
+case 'F':
+{
+  const char
+*q;
+
+  register char
+*p;
+
+  static char
+whitelist[] =
+"^-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+"+&@#/%?=~_|!:,.;()";
+
+  /*
+   * Magick filename (sanitized) - filename given incl. coder & read mods.
+   * */
+  (void) CopyMagickString(value,image->magick_filename,MaxTextExtent);
+  p=value;
+  q=value+strlen(value);
+  for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
+*p='_';
+  break;
+}
 case 'G': /* Image size as geometry = "%wx%h" */
 {
   (void) FormatLocaleString(value,MaxTextExtent,"%.20gx%.20g",(double)
@@ -2943,16 +2967,23 @@ MagickExport char *InterpretImagePropert
   if ((embed_text == (const char *) NULL) || (*embed_text == '\0'))
 return((char *) NULL);
   p=embed_text;
+  while ((isspace((int) ((unsigned char) *p)) != 0) && (*p != '\0'))
+p++;
+  if (*p == '\0')
+return(ConstantString(""));
+
+  if ((*p == '@') && (IsPathAccessible(p+1) != MagickFalse)) 
+  {
+/* handle a '@' replace string from file */
+if (IsRightsAuthorized(PathPolicyDomain,ReadPolicyRights,p) == MagickFalse)
+{
+  errno=EPERM;
+  (void) ThrowMagickException(>exception,GetMagickModule(),
+  PolicyError,"NotAuthorized","`%s'",p);
+  return(ConstantString(""));
+}
 
-  /* handle a '@' replace string from file */
-  if (*p == '@') {
- p++;
- if (*p != '-' && (IsPathAccessible(p) == MagickFalse) ) {
-   (void) ThrowMagickException(>exception,GetMagickModule(),
-   OptionError,"UnableToAccessPath","%s",p);
-   return((char *) NULL);
- }
- return(FileToString(p,~0,>exception));
+ return(FileToString(p+1,~0,>exception));
   }
 
   /*

Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2

[Markus Frosch]

On 23.03.2016 21:13, Adam D. Barratt wrote:
> I'd prefer a slightly more verbose changelog if possible, in terms of
> the actual issues. In any case, please go ahead.

I've updated changelog and uploaded to jessie.

RM request #816037 should be closed, since its superseeded by this upload.

Thanks :)
Markus
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2

[Markus Frosch]

On 19.03.2016 17:57, Julien Cristau wrote:
> Yes please.

Here is the current debdiff.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
diff -Nru php-dompdf-0.6.1+dfsg/debian/changelog 
php-dompdf-0.6.1+dfsg/debian/changelog
--- php-dompdf-0.6.1+dfsg/debian/changelog  2014-04-23 21:24:29.0 
+0200
+++ php-dompdf-0.6.1+dfsg/debian/changelog  2016-03-19 18:42:01.0 
+0100
@@ -1,3 +1,17 @@
+php-dompdf (0.6.1+dfsg-2+deb8u1) stable-proposed-updates; urgency=medium
+
+  * Non-maintainer upload.
+  * [22610bd] Add 0.6.2 hotfix patch (Closes: #813849)
+
+Fixes CVE:
+* CVE-2014-5011
+* CVE-2014-5012
+* CVE-2014-5013
+
+This update bundles CVE hotfixes from 0.6.2 upstream release.
+
+ -- Markus Frosch <lazyfro...@debian.org>  Sat, 19 Mar 2016 18:40:34 +0100
+
 php-dompdf (0.6.1+dfsg-2) unstable; urgency=medium
 
   * Document security issue fixed in last upstream version, and upload to
diff -Nru php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch 
php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch
--- php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch
1970-01-01 01:00:00.0 +0100
+++ php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch
2016-03-19 18:36:53.0 +0100
@@ -0,0 +1,713 @@
+Description: Hotfix based on 0.6.2
+ This patch fixes:
+ * CVE-2014-2383
+ * CVE-2014-5011
+ * CVE-2014-5012
+ * CVE-2014-5013
+ .
+ The patch bundles code changes from 0.6.2
+Author: Brian Sweeney <bswee...@eclecticgeek.com>
+Origin: upstream
+Applied-Upstream: 0.6.2
+Reviewed-by: Markus Frosch <lazyfro...@debian.org>
+Last-Update: 2016-02-27
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/dompdf.php
 b/dompdf.php
+@@ -130,6 +130,8 @@
+ $sapi = php_sapi_name();
+ $options = array();
+ 
++$dompdf = new DOMPDF();
++
+ switch ( $sapi ) {
+ 
+  case "cli":
+@@ -169,7 +171,7 @@
+ if ( $file === "-" )
+   $outfile = "dompdf_out.pdf";
+ else
+-  $outfile = str_ireplace(array(".html", ".htm", ".php"), "", $file) . 
".pdf";
++  $outfile = str_ireplace(array(".html", ".htm"), "", $file) . ".pdf";
+   }
+ 
+   if ( isset($opts["v"]) )
+@@ -194,6 +196,8 @@
+ 
+  default:
+ 
++  $dompdf->set_option('enable_php', false);
++  
+   if ( isset($_GET["input_file"]) )
+ $file = rawurldecode($_GET["input_file"]);
+   else
+@@ -220,26 +224,12 @@
+   
+   $file_parts = explode_url($file);
+   
+-  /* Check to see if the input file is local and, if so, that the base path 
falls within that specified by DOMDPF_CHROOT */
+-  if(($file_parts['protocol'] == '' || $file_parts['protocol'] === 
'file://')) {
+-$file = realpath($file);
+-if ( strpos($file, DOMPDF_CHROOT) !== 0 ) {
+-  throw new DOMPDF_Exception("Permission denied on $file. The file could 
not be found under the directory specified by DOMPDF_CHROOT.");
+-}
+-  }
+-  
+-  if($file_parts['protocol'] === 'php://') {
+-throw new DOMPDF_Exception("Permission denied on $file. This script does 
not allow PHP streams.");
+-  }
+-  
+   $outfile = "dompdf_out.pdf"; # Don't allow them to set the output file
+   $save_file = false; # Don't save the file
+   
+   break;
+ }
+ 
+-$dompdf = new DOMPDF();
+-
+ if ( $file === "-" ) {
+   $str = "";
+   while ( !feof(STDIN) )
+--- a/dompdf_config.custom.inc.php
 b/dompdf_config.custom.inc.php
+@@ -1,6 +1,7 @@
+-https://github.com/dompdf/dompdf/wiki
++ */
++//define("DOMPDF_CHROOT", DOMPDF_DIR);
++//define("DOMPDF_ENABLE_PHP", false);
++//define("DOMPDF_ENABLE_REMOTE", false);
+--- a/include/abstract_renderer.cls.php
 b/include/abstract_renderer.cls.php
+@@ -100,7 +100,7 @@
+ //Therefore read dimension directly from file, instead of creating gd 
object first.
+ //$img_w = imagesx($src); $img_h = imagesy($src);
+ 
+-list($img_w, $img_h) = dompdf_getimagesize($img);
++list($img_w, $img_h) = dompdf_getimagesize($img, 
$this->_dompdf->get_http_context());
+ if (!isset($img_w) || $img_w == 0 || !isset($img_h) || $img_h == 0) {
+   return;
+ }
+--- a/include/cpdf_adapter.cls.php
 b/include/cpdf_adapter.cls.php
+@@ -604,7 +604,7 @@
+   }
+ 
+   function image($img, $x, $y, $w, $h, $resolution = "normal") {
+-list($width, $height, $type) = dompdf_getimagesize($img);
++list($width, $height, $type) = dompdf_getimagesize($img, 
$this->_dompdf->get_http_context());
+ 
+ $debug_png = $this->_dompdf->get_option("debug_png");
+ 
+--- a/include/dompdf.cls.php
 b/include/dompdf.cls.php
+@@ -184,6 +184,25 @@
+* @var bool
+*/
+   private $_quirksmode = false;
++  
++  /**
++   * Protocol whitelist
++   

Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2

[Markus Frosch]

On 14.03.2016 23:10, Moritz Mühlenhoff wrote:
>> CVE-2014-2383 should actually be already fixed in 0.6.1+dfsg-1. Is
>> > that wrong?
>> > 
>> >  https://security-tracker.debian.org/tracker/CVE-2014-2383
>> >  https://bugs.debian.org/745619
> Markus?

Hi Moritz,
as I said:

Mail from Sun, 28 Feb 2016 19:51:01 +0100

> Thats seems to be correct, upstream mentioned it on 0.6.2 as well.
>
> I guess because CVE-2014-5013 is a follow-up for that.
>
> Will remove it from the changelog.

I'd love to go forward mit the PU, if nobody has objections. Thats the part I 
was waiting on...

I can update the diff if you like, difference only in the changelog and patch 
summary.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2

[Markus Frosch]

On 28.02.2016 19:42, Salvatore Bonaccorso wrote:
> CVE-2014-2383 should actually be already fixed in 0.6.1+dfsg-1. Is
> that wrong?
> 
>  https://security-tracker.debian.org/tracker/CVE-2014-2383
>  https://bugs.debian.org/745619

Thats seems to be correct, upstream mentioned it on 0.6.2 as well.

I guess because CVE-2014-5013 is a follow-up for that.

Will remove it from the changelog.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#816037: Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2

[Markus Frosch]

Hi Adam,
On 28.02.2016 18:29, Adam D. Barratt wrote:
> Well the RM's already been requested - see #816037. Could you please
> sort out between you what's happening, and let us know?

haven't seen that bug.

I decided to take over and ITA yesterday, so that was after David's request.

Since I still want to be the new maintainer, and just uploaded to unstable, I'd 
still prefer to keep.

Unless the release team opposes that :)

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2

[Markus Frosch]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hey release team,
I'd like to propose an update for jessie, that addresses 4 CVEs with
php-dompdf.

Related package bug is #813849

Though php-dompdf is technically a leaf package, I'd prefer to ship a
update over a RM of the package from stable.

Attached is a prepared debdiff of that update.

Please review and let me know if you need anything in addition.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru php-dompdf-0.6.1+dfsg/debian/changelog php-dompdf-0.6.1+dfsg/debian/changelog
--- php-dompdf-0.6.1+dfsg/debian/changelog	2014-04-23 21:24:29.0 +0200
+++ php-dompdf-0.6.1+dfsg/debian/changelog	2016-02-27 15:51:54.0 +0100
@@ -1,3 +1,18 @@
+php-dompdf (0.6.1+dfsg-2+deb8u1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * [22610bd] Add 0.6.2 hotfix patch (Closes: #813849)
+
+Fixes CVE:
+* CVE-2014-2383
+* CVE-2014-5011
+* CVE-2014-5012
+* CVE-2014-5013
+
+This update bundles CVE hotfixes from 0.6.2 upstream release.
+
+ -- Markus Frosch <lazyfro...@debian.org>  Sat, 27 Feb 2016 15:48:10 +0100
+
 php-dompdf (0.6.1+dfsg-2) unstable; urgency=medium
 
   * Document security issue fixed in last upstream version, and upload to
diff -Nru php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch
--- php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch	1970-01-01 01:00:00.0 +0100
+++ php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch	2016-02-27 15:47:52.0 +0100
@@ -0,0 +1,713 @@
+Description: Hotfix based on 0.6.2
+ This patch fixes:
+ * CVE-2014-2383
+ * CVE-2014-5011
+ * CVE-2014-5012
+ * CVE-2014-5013
+ .
+ The patch bundles code changes from 0.6.2
+Author: Brian Sweeney <bswee...@eclecticgeek.com>
+Origin: upstream
+Applied-Upstream: 0.6.2
+Reviewed-by: Markus Frosch <lazyfro...@debian.org>
+Last-Update: 2016-02-27
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/dompdf.php
 b/dompdf.php
+@@ -130,6 +130,8 @@
+ $sapi = php_sapi_name();
+ $options = array();
+ 
++$dompdf = new DOMPDF();
++
+ switch ( $sapi ) {
+ 
+  case "cli":
+@@ -169,7 +171,7 @@
+ if ( $file === "-" )
+   $outfile = "dompdf_out.pdf";
+ else
+-  $outfile = str_ireplace(array(".html", ".htm", ".php"), "", $file) . ".pdf";
++  $outfile = str_ireplace(array(".html", ".htm"), "", $file) . ".pdf";
+   }
+ 
+   if ( isset($opts["v"]) )
+@@ -194,6 +196,8 @@
+ 
+  default:
+ 
++  $dompdf->set_option('enable_php', false);
++  
+   if ( isset($_GET["input_file"]) )
+ $file = rawurldecode($_GET["input_file"]);
+   else
+@@ -220,26 +224,12 @@
+   
+   $file_parts = explode_url($file);
+   
+-  /* Check to see if the input file is local and, if so, that the base path falls within that specified by DOMDPF_CHROOT */
+-  if(($file_parts['protocol'] == '' || $file_parts['protocol'] === 'file://')) {
+-$file = realpath($file);
+-if ( strpos($file, DOMPDF_CHROOT) !== 0 ) {
+-  throw new DOMPDF_Exception("Permission denied on $file. The file could not be found under the directory specified by DOMPDF_CHROOT.");
+-}
+-  }
+-  
+-  if($file_parts['protocol'] === 'php://') {
+-throw new DOMPDF_Exception("Permission denied on $file. This script does not allow PHP streams.");
+-  }
+-  
+   $outfile = "dompdf_out.pdf"; # Don't allow them to set the output file
+   $save_file = false; # Don't save the file
+   
+   break;
+ }
+ 
+-$dompdf = new DOMPDF();
+-
+ if ( $file === "-" ) {
+   $str = "";
+   while ( !feof(STDIN) )
+--- a/dompdf_config.custom.inc.php
 b/dompdf_config.custom.inc.php
+@@ -1,6 +1,7 @@
+-https://github.com/dompdf/dompdf/wiki
++ */
++//define("DOMPDF_CHROOT", DOMPDF_DIR);
++//define("DOMPDF_ENABLE_PHP", false);
++//define("DOMPDF_ENABLE_REMOTE", false);
+--- a/include/abstract_renderer.cls.php
 b/include/abstract_renderer.cls.php
+@@ -100,7 +100,7 @@
+ //Therefore read dimension directly from file, instead of creating gd object first.
+ //$img_w = imagesx($src); $img_h = imagesy($src);
+ 
+-list($img_w, $img_h) = dompdf_getimagesize($img);
++list($img_w, $img_h) = dompdf_getimagesize($img, $this->_dompdf->get_http_context());
+ if (!isset($img_w) || $img_w == 0 || !isset($img_h) || $img_h == 0) {
+   return;
+

Bug#748604: RFA: php-dompdf -- HTML to PDF converter

[Markus Frosch]

Control: retitle -1 ITA: php-dompdf -- HTML to PDF converter
Control: owner -1 !

I indent to adopt the package as a dependency for icingaweb2.

Pending security issues will be taken care of.

It will stay within the PHP packaging team.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de




signature.asc
Description: OpenPGP digital signature

Bug#748606: RFA: php-font-lib -- read, parse, export and make subsets of different fonts

[Markus Frosch]

Control: retitle -1 ITA: php-font-lib -- read, parse, export and make subsets 
of different fonts
Control: owner -1 !

I indent to adopt the package as a dependency for php-dompdf.

It will stay within the PHP packaging team.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de




signature.asc
Description: OpenPGP digital signature

Bug#813849: Multiple security issues

[Markus Frosch]

Hey guys,
I'm planning to ITA php-dompdf and just had a look on the relevant diff for 
that package.

Will put it on review for stable release managers asap.

Until then, please wait with efforts to RM the package, I'm using it for 
packages in the Icinga environment, especially icingaweb2.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de

Bug#813386: RM: ruby-archive-tar-minitar -- ROM; replaced by ruby-minitar

[Markus Frosch]

Package: ftp.debian.org
Severity: normal

Hey FTP Masters,
this source has been superseeded by ruby-minitar, which is a replacement
under a new name.

It seems auto cruft hasn't found that source without a package yet.

Please remove the source from unstable + testing.

Thanks
Markus Frosch

Bug#810484: [Pkg-puppet-devel] Bug#810484: puppet agent: ruby segfault during applying catalog

[Markus Frosch]

On 12.01.2016 21:00, Felix Hagemann wrote:
> I hope this helps.

I'm afraid not, got basically the same environment on my notebook, and I 
haven't got any problems with augeas.

Can you verify that the following test brings the same crash?

If so, we need to continue with gdb to find out what lib fails exactly. Are you 
familiar with that kind of debugging?

cat augtest2.pp
-- snip --
augeas { "sshd_config":
  changes => [
"set /files/etc/ssh/sshd_config/PermitRootLogin no",
  ],
}
-- snip --

puppet apply augtest2.pp
-- snip --
Notice: Compiled catalog for emelia.lazyfrosch.de in environment production in 
0.04 seconds
Notice: Augeas[sshd_config](provider=augeas):
--- /etc/ssh/sshd_config2015-12-23 15:22:28.015054020 +0100
+++ /etc/ssh/sshd_config.augnew 2016-01-17 14:42:44.471779651 +0100
@@ -44,7 +44,7 @@
 #LoginGraceTime 120
 LoginGraceTime 120
 #PermitRootLogin yes
+PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6


Notice: /Stage[main]/Main/Augeas[sshd_config]/returns: executed successfully
Notice: Finished catalog run in 1.26 seconds
-- snip --


Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de

Bug#809786: [Pkg-puppet-devel] Bug#809786: The "posix" provider of the "exec" resource seems to invoke a shell even though the documentation says it doesn't

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 04.01.2016 02:52, Alexander Kurtz wrote:
> the puppet type reference describes the "posix" provider of the "exec" 
> resource like this: [0]
> 
> posix Executes external binaries directly, without passing through a shell or 
> performing any interpolation. This is a safer and more
> predictable way to execute most commands, but prevents the use of globbing 
> and shell built-ins (including control logic like “for” and
> “if” statements). [...] I'm not really sure what to make of this, but it 
> seems... unexpected. What do you guys think?


I had a look in the code lately and it seems like this part is very much 
abstracted.

I expect this to be the culprit:
https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/execution.rb#L273

It seems like this behavior broke at some point without anyone noticing.

I also bet it hasn't been fixed in Puppet 4 either. Have you already forwarded 
that bug to Puppetlabs?

Cheers
Markus Frosch
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWlNxmAAoJEPJhXZqrmHturPQIAIDKhAthwner4PS+jbWcVwnP
s+Xhrqn7C+XUpUcxwSpbCRQBfqNYjxD3KKD5aPJoW2+GZ5IjOesDOUwVQXrn3QrE
daEvNf/twkM9v3WCwsraaNqRXZU833XBmSY8SatmWFWoXdoINnx6oRXYIFjpk+z1
SxCSV5LFQDDsO+Xgu4ti0St+EH6lY2P4B2xJbx6jT6xNmqrLSMUAx29/03n5IAJE
1+ZmjG0MN4lulgiEOr6wzEIbuzwQYk1/NiJoZvtdZ3ofmqpLPBxkE8Gdgjmy6yDp
jkatgZXCAVogMN2i4aOTAsPA5e3e/CTM/xLgbqn2suO1/6QghNct61auZDk7BLw=
=D3XM
-END PGP SIGNATURE-

Bug#810484: [Pkg-puppet-devel] Bug#810484: puppet agent: ruby segfault during applying catalog

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08.01.2016 23:47, Felix Hagemann wrote:
> /usr/lib/ruby/vendor_ruby/puppet/provider/augeas/augeas.rb:346: [BUG] 
> Segmentation fault at 0x01 ruby 2.2.3p173
> (2015-08-18) [x86_64-linux-gnu]

This sounds a lot like a problem between ruby-augeas and libaugeas0.

Can you share us:
* dpkg -l "*augeas*"
* Parts of the Puppet code with the augeas resource

Cheers
Markus Frosch
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWlNWgAAoJEPJhXZqrmHtu12cH/12daWcpCgGthGzAtdgKruZo
ZGpayl6GUtCTdZUNg2BQcMvjkDjHsyoXWe3+Jp8o5mpNEVEekT4JNIo28jEALyQU
aQqOqf61w0/hV3tvAn4Wis8qWzS5f1qGCu3KbpaGZGCj8zlWL2YYMFvdh1r5B9wX
KutdtA0xcdYC9J/Q/sGilOc4cC42QqQrgtNeoNL93GMMTDoVyJd/f0XOwrHBFEDX
v2v7cMXlSuINnBRWtocD9+0Z17nda9Rt7Y0I+3CZ1gL4xz5K4o3dK06kTnGfxWDM
mU4SdQbY7zk3d5d62Ex0eh72GnPyM5blMBcGWn6z+YI2wtxsBi24umjaYXdhkkU=
=jZzC
-END PGP SIGNATURE-

Bug#809786: [Pkg-puppet-devel] Bug#809786: The "posix" provider of the "exec" resource seems to invoke a shell even though the documentation says it doesn't

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12.01.2016 13:11, Alexander Kurtz wrote:
> No, I haven't, since I wasn't sure if this is Debian-specific (or maybe just 
> me not understanding the documentation correctly).

I don't think it is. Could you please take care of the escalation and reference 
that bug here?

Cheers
Markus Frosch
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWlPFkAAoJEPJhXZqrmHtue9YH/j0eTv0yH+C0cVyqRLd4shRA
3/D6127Lxc4DkERJq7b8o3i2Lt94LjiFnMyWbYGKgsmoQoaZqb7Aj4AWskDehPaD
z9UGpKBJLy1OGXnKE/ppxVqSF42h9TmKNICWQS8oh8kNlN3nZ1qJcNgI4Z5YleaS
Zqt4AcwtVmV4KuoSCd/YkYXMdjV3airCfHGtsqZlJ9tIyRNqlqzmfOEku3QkUcsk
uJ1ZtT0Jyn8K3aAvJAdcI7H8OGgJz5p/VUYESBSByEoqGO2Dop2ED1efc6eT60u0
uYAicn+anqvXlmgj7ysTnVElb0ejegHFB+d8IbZCQwQ20rXxf5PSFeN4uqi3COI=
=Fxlc
-END PGP SIGNATURE-

Bug#809332: ruby-semantic-puppet: re-enable testing when RSpec problems are fixed

[Markus Frosch]

Package: ruby-semantic-puppet
Version: 0.1.1-1
Severity: normal

This is a reminder to enable rspec testing on build again, when the
RSpec problems are sorted out.

It seems to happen for RSpec > 3 in Ruby >= 1.9

Note: this only affects the test suite, not the actual functionality!

References:
* https://github.com/puppetlabs/semantic_puppet/issues/11
* https://bugs.ruby-lang.org/issues/3


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (90, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-rc6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#808201: DEPRECATION: this package will be replaced by ruby-minitar

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Source: ruby-archive-tar-minitar
Version: 0.5.2-3
Severity: important

As suggested in my pkg-ruby-extras thread [1] this source will be
replaced by ruby-minitar, which is a newer version of minitar and as it
seems to be, the persitent new upstream name.

The new package will provide a transactional package
"ruby-archive-tar-minitar", and this source should be removed once
ruby-minitar is uploaded.

Comments are welcome!

Cheers
Markus Frosch

[1]
https://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/2015-December/028348.html

- -- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (90, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWcnA4AAoJEPJhXZqrmHtu03AH/RgR8VmGU7eg422VLPP6rg3Q
0P5vj8p9VNbDRBFgqwL/D6v6/fC8PjjtrO6a0eEb+AorVDDEHtmzH9DIJ/L19aDp
iw/tSE2A0+vIbe2mzC5ZMS43oC5aToaEcuL/pkxKaEv2tSsbbncBIjMSymuiEYQQ
NGLlFyWlik7WzCGMmUU1TP8V/dqYZGNpp5LuWlSpQV3lPuJne7O4zvizjjkT6b0r
SywSotUYkTZssYNY2yrAtu9fqxz6lwUWWUo2fjin1wkIFgHeMjwowaaMkIE5BW2X
IUK66jxg8NPzYaAdTr5Yu4jXvBGA91TAmSpEugy9QYVec4myOH/Uuxkd5yZlVPY=
=iHPN
-END PGP SIGNATURE-

Bug#808219: ITP: ruby-minitar -- Provides POSIX tarchive management for Ruby

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Package: wnpp
Severity: wishlist
Owner: Markus Frosch <lazyfro...@debian.org>

* Package name: ruby-minitar
  Version : 0.5.4
  Upstream Author : Antoine Toulme <anto...@lunar-ocean.com>
* URL : https://github.com/atoulme/minitar
* License : GPL-2.0+
  Programming Lang: Ruby
  Description : Provides POSIX tarchive management for Ruby


Archive::Tar::Minitar is a pure-Ruby library and command-line utility that
provides the ability to deal with POSIX tar(1) archive files.

The implementation is based heavily on Mauricio Ferna'ndez's implementation in
rpa-base, but has been reorganised to promote reuse in other projects.

Note: This package will replace "ruby-archive-tar-minitar"

More details on that:
https://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/2015-December/028348.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808201

Cheers
Markus Frosch
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWcp1iAAoJEPJhXZqrmHtuIywIANDfpVsX8PMo86w6SkPSgVkp
pYCzukFWQf+pDCgqbgnbX7qwchwHqP3WacPOH5zUAkJFh//NfPPv27DHenY/jXLZ
Egmz3RpsKShv7cz2JAfY4LbVfiQWW/E0dhhChkfWhYTYt0G0yCpNXogLZV21+fvG
ziySvBM1HKsYcoLgGLet0ed+Wbo4HVrN/k/bxC3XO68EHjn+qHJGiHTKqNdEgz5r
UvZ5MlexrHMMc5/T5QFRDdLFE/zOEUW6DQ33CvRwqhPqXNqtRADosEucLWN9snif
9Nv6a/aiMDLuxR8/zw2UKhW+OpchkzgxE0Bk6itamwY+2BEKUU8IJun69dhVo4E=
=DePK
-END PGP SIGNATURE-

Bug#806623: [Pkg-nagios-devel] Bug#806623: icinga2: FTBFS when built with dpkg-buildpackage -A (No such file or directory)

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Control: tags -1 + pending

On 29.11.2015 17:22, Santiago Vila wrote:
> Package: src:icinga2 Version: 2.4.0-1 User: sanv...@debian.org Usertags: 
> binary-indep Severity: important
> 
> Dear maintainer:
> 
> I tried to build this package with "dpkg-buildpackage -A" (i.e. only 
> architecture-independent packages), and it failed:

Thanks for reporting.

I pushed a change to GIT, should be fixed with the next upload.

Cheers
Markus
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWXac+AAoJEPJhXZqrmHtuz6YIAKVKodlylcyV/MnJKaVp8MMy
3W/sY380HE9rB5XejONpzMw69Wp/6o5638bWtMjehwsjJQVkNrMTrpL4NGMttF+S
5apKsE/ODeutCd1KW/j6VaKxI7lQ78Abb3z2cFoqdSih7SdmPm9GWkcjuZR9+weY
qrGkYkTYxa9jjjl1xPd2c4ly1+IRyj/s7vkuUMFy2855SYUyij76VPbyzXRAykti
yRXZrRxy1VU98tZNThQoZYVZk001nl62/olHAusFkLGcngjAhdBdnjPqJirD/3nx
Wa7Nq22MQmzAf9mG7DCkTZp8ouIDiEZEPs+elj3ByKAf+XafzzWXO1LABMTq/NM=
=x195
-END PGP SIGNATURE-

Bug#804694: libqt5xcbqpa5 SIGSEGV crashes sporadically at QXcbWindow::handleClientMessageEvent

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Thanks for your efforts.

It seems like the bug vanished kind of.

Quassel sometimes still goes away, but without a SIGSEGV, this is another 
problem.

I updated gnome and mutter due to other problems to the unstable versions 
(3.18.2-1) last week. Since then it seems to be okay. So maybe
the QT crash was caused by an error with the window manager.

And yes, I have a multi-monitor setup. With a notebook I'm moving to multiple 
workplaces.

Cheers
Markus Frosch
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWSbBFAAoJEPJhXZqrmHtuVpAIALy8/YT4W4sTBFWLgzH1AWVo
wbsKLPrb/mXidP+BwUvHDvlReJND1arTs7jKfTRQ42kgobJw2ppZ8mzLPnG8CzIG
E0d1jrV+T1cgk0zR2qZ5Zfoe3M7rGnHpDkmwSE4E4u3eSZBLWmihTtMDMlbctuZZ
GwSx3oJPNEIahdYHV2fH8QOgaW9w+a9Jl7XCx5yh1m77MmFxW3lCwwx2gJh6dmUs
hlN8tGJgPAKiYlvPxjGeja5uaZS4zcludVNLujBtK3s5Ls2OaS26FiZht0eoT3W9
XD828MPOI5A8S1uewc8GWmOENGJyXKLdPoIZxWR/8XpAsbmHcHvBHlK5+XLeXyY=
=tj12
-END PGP SIGNATURE-

Bug#804694: libqt5xcbqpa5 SIGSEGV crashes sporadically at QXcbWindow::handleClientMessageEvent

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 11.11.2015 16:05, Dmitry Shachnev wrote:
> It would be nice if you could provide a more useful stacktrace (i.e. with 
> qtbase5-dbg installed).

Hi Dmitry,

Oh sure, sorry for that. Here it is:

Program received signal SIGSEGV, Segmentation fault.
0x7fffe1a6e94f in QXcbWindow::handleClientMessageEvent 
(this=0x55da6f80, event=0x7fffd8003e00) at qxcbwindow.cpp:1942
1942qxcbwindow.cpp: No such file or directory.
(gdb) bt
#0  0x7fffe1a6e94f in QXcbWindow::handleClientMessageEvent 
(this=0x55da6f80, event=0x7fffd8003e00) at qxcbwindow.cpp:1942
#1  0x7fffe1a59b2b in QXcbConnection::handleXcbEvent 
(this=this@entry=0x55b9bdd0, event=event@entry=0x7fffd8003e00)
at qxcbconnection.cpp:1066
#2  0x7fffe1a5a053 in QXcbConnection::processXcbEvents 
(this=0x55b9bdd0) at qxcbconnection.cpp:1502
#3  0x72e777f1 in QObject::event (this=0x55b9bdd0, e=) at kernel/qobject.cpp:1239
#4  0x7373c9dc in QApplicationPrivate::notify_helper 
(this=this@entry=0x55b91110, receiver=receiver@entry=0x55b9bdd0,
e=e@entry=0x7fffd80035b0) at kernel/qapplication.cpp:3716
#5  0x73741ea6 in QApplication::notify (this=0x7fffdc00, 
receiver=0x55b9bdd0, e=0x7fffd80035b0)
at kernel/qapplication.cpp:3499
#6  0x72e47dbb in QCoreApplication::notifyInternal 
(this=0x7fffdc00, receiver=0x55b9bdd0,
event=event@entry=0x7fffd80035b0) at kernel/qcoreapplication.cpp:965
#7  0x72e4a1b6 in QCoreApplication::sendEvent (event=0x7fffd80035b0, 
receiver=)
at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:224
#8  QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, 
event_type=event_type@entry=0, data=0x55b8dbf0)
at kernel/qcoreapplication.cpp:1593
#9  0x72e4a698 in QCoreApplication::sendPostedEvents 
(receiver=receiver@entry=0x0, event_type=event_type@entry=0)
at kernel/qcoreapplication.cpp:1451
#10 0x72e9e163 in postEventSourceDispatch (s=0x55bc2d50) at 
kernel/qeventdispatcher_glib.cpp:271
#11 0x708bdfe7 in g_main_context_dispatch () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x708be240 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x708be2ec in g_main_context_iteration () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x72e9e56f in QEventDispatcherGlib::processEvents 
(this=0x55bc2aa0, flags=...) at kernel/qeventdispatcher_glib.cpp:418
#15 0x72e4554a in QEventLoop::exec (this=this@entry=0x7fffdb60, 
flags=..., flags@entry=...) at kernel/qeventloop.cpp:204
#16 0x72e4d62c in QCoreApplication::exec () at 
kernel/qcoreapplication.cpp:1229
#17 0x55671736 in main ()

> Also, do you know if it is a new bug in Qt 5.5, or did it exist with Qt 5.4 
> too?

I think yes, this started with 5.5.

I'm running Debian testing for more than 3 years, reinstalled stretch on a new 
notebook months ago (April).

It never crashed like this.

Cheers
Markus Frosch
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWRJGuAAoJEPJhXZqrmHtugfcIAMUG7/OQx+R8eGoxf0DBrjBH
DbOE1I339ni0VBjEkrScdACrRsHbQBtGamkok9Twp2o1N3hIWORIIXXx0iL4bghZ
0O67ejCgSguibYHbvie8Lwm4caodNPaiuugLs32SK7G3Fr4G8/1JYLPGw02S8WAn
VdHmS6bBxOW2oGUNl3I43BhEtkZuj/SacWzkX4H4CADLD1IIK76oJxLdqMUItHDI
Eg2vs+hBLZ0gCYUJCCvXmNIWdga3zAm0xyhGx7nKju7//UxqZ2EhiW9zOAgsuTlS
LsHCN/EW9cdzzdpVyNYsMXjvKjzdsfl+1v/O1F3oYkKulNDk5RzKFTQ9JaJIpeg=
=bODu
-END PGP SIGNATURE-

Bug#803676: icinga-web-config-icinga2-ido-mysql: dbconfig creates database with wrong permissions and fails because of this

[Markus Frosch]

Control: severity -1 important

On 01.11.2015 18:43, Alexander Schier wrote:
> when installing icinga-web-config-icings2-ido-mysql and configuring for
> another host than localhost the dbconfig creates a user with access
> icinga2_web@localhost, even when another hostname via TCP/IP is
> specified. When all questions are answered, the creation of the database
> fails because it does not have the rights to populate the database (and
> the webinterface does not have the rights to access it).
> The problem affects the icinga2-ido-mysql package as well.

Thanks for reporting, I will have a detailed look tomorrow.

Though this is no grave bug, but still important.

Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#804694: libqt5xcbqpa5 SIGSEGV crashes sporadically at QXcbWindow::handleClientMessageEvent

[Markus Frosch]

Package: libqt5xcbqpa5
Version: 5.5.1+dfsg-6
Severity: important

Applications that are based on QT can crash with a SIGSEGV.

This happens for me on owncloud-client and quasselclient, others maybe
as well, but not yet stacktraced.

Here is a backtrace for quasselclient.

I'll happily supply more details if required. But I'm not very deep into QT.

Cheers
Markus

Program received signal SIGSEGV, Segmentation fault.
0x7fffe1a6e94f in 
QXcbWindow::handleClientMessageEvent(xcb_client_message_event_t const*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
(gdb) bt
#0  0x7fffe1a6e94f in 
QXcbWindow::handleClientMessageEvent(xcb_client_message_event_t const*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#1  0x7fffe1a59b2b in QXcbConnection::handleXcbEvent(xcb_generic_event_t*) 
() from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#2  0x7fffe1a5a053 in QXcbConnection::processXcbEvents() () from 
/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#3  0x72e777f1 in QObject::event(QEvent*) () from 
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x7373c9dc in QApplicationPrivate::notify_helper(QObject*, QEvent*) 
() from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#5  0x73741ea6 in QApplication::notify(QObject*, QEvent*) () from 
/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#6  0x72e47dbb in QCoreApplication::notifyInternal(QObject*, QEvent*) 
() from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x72e4a1b6 in QCoreApplicationPrivate::sendPostedEvents(QObject*, 
int, QThreadData*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x72e9e163 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x708bdfe7 in g_main_context_dispatch () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x708be240 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x708be2ec in g_main_context_iteration () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x72e9e56f in 
QEventDispatcherGlib::processEvents(QFlags) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x72e4554a in 
QEventLoop::exec(QFlags) () from 
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x72e4d62c in QCoreApplication::exec() () from 
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x55671736 in main ()

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (90, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libqt5xcbqpa5 depends on:
ii  libc62.19-22
ii  libegl1-mesa [libegl1-x11]   10.6.8-1
ii  libfontconfig1   2.11.0-6.3
ii  libfreetype6 2.6-2
ii  libgcc1  1:5.2.1-23
ii  libgl1-mesa-glx [libgl1] 10.6.8-1
ii  libglib2.0-0 2.46.1-2
ii  libice6  2:1.0.9-1+b1
ii  libqt5core5a [qtbase-abi-5-5-1]  5.5.1+dfsg-6
ii  libqt5dbus5  5.5.1+dfsg-6
ii  libqt5gui5   5.5.1+dfsg-6
ii  libsm6   2:1.2.2-1+b1
ii  libstdc++6   5.2.1-23
ii  libx11-6 2:1.6.3-1
ii  libx11-xcb1  2:1.6.3-1
ii  libxcb-glx0  1.10-3+b1
ii  libxcb-icccm40.4.1-1
ii  libxcb-image00.4.0-1
ii  libxcb-keysyms1  0.4.0-1
ii  libxcb-randr01.10-3+b1
ii  libxcb-render-util0  0.3.9-1
ii  libxcb-render0   1.10-3+b1
ii  libxcb-shape01.10-3+b1
ii  libxcb-shm0  1.10-3+b1
ii  libxcb-sync1 1.10-3+b1
ii  libxcb-xfixes0   1.10-3+b1
ii  libxcb-xkb1  1.10-3+b1
ii  libxcb1  1.10-3+b1
ii  libxi6   2:1.7.5-1
ii  libxkbcommon-x11-0   0.5.0-1
ii  libxkbcommon00.5.0-1
ii  libxrender1  1:0.9.9-2

libqt5xcbqpa5 recommends no packages.

libqt5xcbqpa5 suggests no packages.

-- no debconf information

Bug#795982: ITP: yubikey-luks -- YubiKey two factor authentication for LUKS disks

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Package: wnpp
Severity: wishlist
Owner: Markus Frosch lazyfro...@debian.org

* Package name: yubikey-luks
  Version : 0.3.3
  Upstream Author : Cornelius Kölbel co...@cornelinux.de
* URL : https://github.com/cornelinux/yubikey-luks
* License : BSD-3-Clause
  Programming Lang: Shell
  Description : YubiKey two factor authentication for LUKS disks


With this extension to the initramfs-tools, you can unlock a LUKS encrypted
disk using your YubiKey as a second factor.

The challenge-response mechanism of the YubiKey is used to generate a response
based on a PIN/password you have to enter.

Only the combination of the correct password and the matching YubiKey will
generate a response, that is a valid key of the LUKS disk. Alternatively
you can use any other LUKS passphrase when the YubiKey is not present.


Note for WNPP: dracut is not supported


- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJV0y3qAAoJEPJhXZqrmHtuMNoH/jjUYewkkh5H2F6Ea4HD5+6o
v3jloBy+sXL3WOpB4ubt67rSMgd30M/1U8wZ39t4osi9MrGshL8XCTZA0U+ExtTk
K8ETyu8WYIr7inF4iiR8iV2co4vWCfGZ7fgyo8V25zT60ZT0NYf0oRGwsGK9gFLB
cRVvMi8JZTX/0MFbWh7GMbwo8Xc1wT2a0febwLvBRTgv/lYdeSX6vmFEB2UcSYJ9
YzeKHnprX6hpiwOVISM6PP8d8CcjoL1mw2JQ4HeO+8CEh9n3xkehdelRVrJs98Lb
jpnCA6j6opxpVgFoQCoyzvSOkEtj0YBjCfnSBe8x07NWv96qhkOlkmte1/r4bBs=
=O+i4
-END PGP SIGNATURE-

Bug#794466: Virtualbox might not be suitable for Stretch

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


On 09.08.2015 12:51, Ritesh Raj Sarraf wrote:
 Not sure about MySQL, but for Iceweasel, is it really like that ?
 
 From what I've known, there were trademark issues which led to the rebranding.

Sorry for being unclear, I meant the usage of upstream releases directly in 
Debian (security) updates.

 I'm not sure how they handle vulnerabilities. But their release strategy is: 
 ESR and Regular releases. Every security fix goes into the
 next Regular release, and also the ESR release.
 
 ESR is supported until the next ESR (31 = 38). So usually the Debian Mozilla 
 team prefers the ESR branch for Debian stable.
 
 With VBox, they don't have an ESR model.

I guess they don't call it ESR or long term support, but as Gianfranco pointed 
out, they seem to support a lot of major releases currently.

The main problem is here, do we want to use their upstream releases? In lack of 
a proper patch source, the Oracle way...

Cheers
Markus Frosch
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJVyDkrAAoJEPJhXZqrmHtuBtQH/3kp+00a6xaICX1Z9jiVHDa9
iXBVNiswK9QDc7L8dpvNkbF2gWI4Um3Yy8WdpOj2vlz4Mo+kJ3ShXvJS5ONnnJOY
0pxHxkLtnvbVH7eyQRBu2YFxVRmR5eM+/Q3NvF0kZGOALQH+dqgXqvHV7VjG++tm
QkPO00ocMjGZsCqZY74GC1fJyfA0njQRues9qMiatY2ZoowLn6pRB8w3CFZkVmtr
dDdpCsVQE5swZZG7KfCsripQ3PlJD7n1S7lEr0mYVApcvQ4AUvKqTylO7aESVV/Z
XA6+nq9OezFb2PCBkDStbBPzwavfJzCXZa1nqdQ63mYNPlDlPWVgS6Rcy10tlFc=
=4Ip3
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#794466: Virtualbox might not be suitable for Stretch

[Markus Frosch]

On Mon, 3 Aug 2015 10:47:23 + (UTC) Gianfranco Costamagna 
costamagnagianfra...@yahoo.it wrote:
 Source: virtualbox
 Version: 4.3.30-dfsg-1
 Severity: critical


Hi Gianfranco,
thanks for your summary.

Although I'm not involved in maintaining virtualbox, still a few
thoughts:

* What would that mean for Jessie updates?
* Isn't that basically the same problem we have with MySQL,
  or even Iceweasel?

So I think the question is either drop, or work with upstream releases,
from which I'd personally prefer.

Even popcon isn't too bad: 
https://qa.debian.org/popcon.php?package=virtualbox

Leaving users with the possibility to use upstream packages is also not
very attractive.

Just me few cents :)
Markus


signature.asc
Description: This is a digitally signed message part

Bug#785005: [Pkg-nagios-devel] Bug#785005: icinga-web: config XML parsing error and memory leak

[Markus Frosch]

Control: severity -1 normal
Control: tags -1 + unreproducible

On Mo, 2015-05-11 at 15:43 +0200, Dominik George wrote:
 The config parser fails when loading the Agavi configuration files:
 
 PHP Fatal error:  Uncaught exception 'AgaviParseException' with 
 message 'Validation of configuration file /usr/share/icinga
 -web/app/config/config_handlers.xml failed:\n\nSchematron validation 
 of configuration file /usr/share/icinga
 -web/app/config/config_handlers.xml failed: Transformation failed: 
 Processing using schema file /usr/share/icinga
 -web/lib/agavi/src/config/sch/config_handlers.sch resulted in an 
 invalid stylesheet' in /usr/share/icinga
 -web/lib/agavi/src/config/AgaviXmlConfigParser.class.php:726\nStack 
 trace:\n#0 /usr/share/icinga
 -web/lib/agavi/src/config/AgaviXmlConfigParser.class.php(437): 
 AgaviXmlConfigParser::validate(Object(AgaviXmlConfigDomDocument), 
 'production', NULL, Array)\n#1 /usr/share/icinga
 -web/lib/agavi/src/config/AgaviXmlConfigParser.class.php(217): 
 AgaviXmlConfigParser-execute(Array, Array)\n#2 /usr/share/icinga
 -web/lib/agavi/src/config/AgaviConfigCache.class.php(183): 
 AgaviXmlConfigParser::run('/usr/share/icin...', 'production', NULL, 
 Array, Array)\n
  #3 /usr/share/icinga-web/lib/agavi/src/config/Agavi in 
 /usr/share/icinga
 -web/lib/agavi/src/config/AgaviXmlConfigParser.class.php on line 726
 
 
 This seems to be a known issue with Agavi applications, somehow 
 related
 to libxml and/or PHP versions: 
 https://github.com/agavi/agavi/wiki/WTF
 
 I tried and verified that the error goes away when setting the 
 following
 in /usr/share/icinga-web/app/config.php:
 
   AgaviConfig::set('core.skip_config_validation', true);
 
 
 Sadly, this does not only cause an Internal Server Error to be 
 thrown,
 but also makes the PHP process eat up all memory and swap, then get
 killed by the OOM killer. Please make sure to verify if this is a
 relevant bug in PHP.

I'm not sure how to address this problem, I never encountered the
problem myself, not on Debian since squeeze and not on any other
distribution.

Can you reproduce this on other systems and explain any changes you did
to XML configuration or from the user side?

I really doubt that this is a major problem, and if it can be
reproduced only 

So far, sorry for the late answer...

Best Regards
Markus Frosch
-- 
mar...@lazyfrosch.de
http://www.lazyfrosch.de

signature.asc
Description: This is a digitally signed message part

Bug#785305: Keepass would disable Lock on suspend when running on mono

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Control: severity -1 wishlist
Control: tags -1 + wontfix upstream - security

On Wed, 5 Aug 2015 08:42:24 +0200 Bernhard Schmidt be...@birkenwald.de wrote:
 On Wed, Jun 17, 2015 at 01:28:20AM -0400, Braiam Peguero wrote:
 
 Hi,
 
 From version 2.30 onwards, keepass would disable those
 options while running on mono [1]. We could fix this asap if someone could 
 figure out how to make a diff of the snapshot.
 
 [1]: http://sourceforge.net/p/keepass/bugs/1378/#8e7b
 
 So if I understand this correctly 2.30 will just not offer those options 
 anymore. I'd argue for downgrading the severity of this bug to
 allow keepass2 back in stretch. The functionality is basically wontfix in 
 upstream, it will just be hidden.
 
 Regarding a patch, I could not find a public keepass2 repository, and the 
 development snapshot linked in above bug is a binary.

Agreed, this feature is simply not available on Mono. Since this feature is not
implemented and upstream will remove the nonavailable option, this is basically 
a wishlist.

And even if users would try to use it they will clearly see that their 
workspace was not locked after resume.

- -Markus

- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJVw3nNAAoJEJo1i6sEpO0niu8P/3MOBRYoGGYr5RutT+rZqvVn
TklmWytjvEUykJ0EuTSO5N8iPBnxag/AAMlUw/xOauDqq0bAjkJbPu6pBcVRk5kN
jRPEQKtZ8n/j0bhuPchpVev8ldS0hzt2viEjVEGj/PHFO1fi/BU6222RwV/dQes4
UFSnQHAsu2ZwHgHLJdyLtjNhjXf8IYR7asFwXbOsjt0pN/UKIUsd7hSiGJFAI6q2
sOhKuAyTzU2gW99DRHTRAvZmpnTYai+7d0azTawyZoG011qgnmHzn5MUH5qy6ZP6
6985TLFILvQZPmhNHZ381xiZb7U6hXlSAok7NgV3/OJuNDhnHNtaRmfspKWyqMMW
L2SlNbtrfsK1Ia54lIJQcdpI8HayQ1zMNwFkhh3m6fBrH9iwibIWPV3SyR2bRu7a
wJBwIegqKbM0K2tIB6FkOE8w0a8idrHQUa/IUW5aqMJ7hsqCewIUySVQ8Y2TUgdc
bGrQDfgQkmpVqX+t3yUXx2oLwVkOqPqDijJuzoxmd+IxwhgsJZJka+VzxQFKRJUj
VA8S8b+tBQNoL5X8A1UG1bG6d6nlnp3r8UbvVSrZxZKe7iAE3yybv5uiOwSz38Ob
OqUBZ6yMhzkvDyNs/ZpyOyrLkwF3arg6Qok/jpFcUD9uPmP5fNFwzGGkhcVhJ7BO
SDVHAhLsjxrv05upUjbm
=UouL
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#758180: icinga-web: basic auth + auth_create does not work with Postgresql

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Control: tags -1 + wontfix

Hi Arto,
this can be fixed by using a combination of auth providers.

See here:
https://dev.icinga.org/issues/6582#note-5

I can't fix this any other way.

Cheers
Markus Frosch

On 15.08.2014 09:16, Arto Jantunen wrote:
 Package: icinga-web Severity: important Version: 1.7.1+dfsg2-6 
 Tags: wheezy, upstream
 
 Using basic auth with auth_create on a Postgresql database does
 not work. Icinga generates a db insert statement that doesn't
 include user_email, which is defined as not null. The insert fails,
 causing login fail with a message like this:
 
 Uncaught AppKitPHPError thrown: PHP Error Undefined property: 
 Doctrine_Connection_Pgsql_Exception::$getMessage 
 (/usr/share/icinga-web/app/modules/AppKit/models/Auth/DispatchModel.class.php:363)

  The Postgresql log has the smoking gun:
 
 EEST ERROR:  null value in column user_email violates not-null
 constraint EEST STATEMENT:  INSERT INTO nsm_user (user_account,
 user_authsrc, user_disabled, user_firstname, user_lastname,
 user_name, user_salt, user_password, user_created, user_modified)
 VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
 
 This has been reported upstream as ticket 6582 ( 
 https://dev.icinga.org/issues/6582 ) but has not been fixed.
 
 As a workaround the db schema can be modified to have a default
 value for user_email.
 

- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJVAE2vAAoJEJo1i6sEpO0nBXwP/2PfU/64P/PIEfdfW0xvgax/
uG8cbauVOoFipuwaRIwINJYrupKYMOnKms2zacSJKrvPNeUWYKf5G2fQ+qZ8WvQA
CYCDh766JSV9etWSpLhuvvP8pwsVcGLSGetpO11IvbOocU/v7mEnvYHuxukWUU8x
1QKjtCh17I/3s21MGi8tMJka7TfQm2C+mZlNZwyCFiO5dING6VO2khC09go0EcG6
+MKrC63le0Ye/uaNkfToh7Y9v4hSA6+n4YjiGyvy3FZtvgyyWIBNYEg/9Zjae26l
mHcD/a3qGobPHM0zn7F1haUz5zQ2F5g/WPBTKv9G9RznQ+peyoGz0f4kDoNCyYU+
cstyiIjsQTW5RwJlfIVUGUAscc0QJUiaX0lxXrWny8RvJOuIi+1XpJRuBWdwwVQY
NPvPhFsC7vsVRBBOGmRF2tHrSC7O1NcI3FZ4Sri98/GT5hvD4hLgCGuiyGSOc8PU
BRl1rAI++Sa+qXq4IUglKQaOzx/pVtGrXqfI/YabsKb1PQ2he+yOzjGMKn/14JpO
K5VEEdOcXJMkz4j6GqcENDrsA6CdkgO6cXYqQWDWxlWt6TbDZH85rIvMwpgY6Fq9
enoAvyPP1+o+fFVZHWU9wKi11K0RPM9slWa++Tw9HtqXtsHGHL8r0O9yEgj+exIY
uXYUI8m6gq3ORXLKLeUJ
=ebJ7
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775252: [Pkg-nagios-devel] Bug#775252: Bug#775252: icinga-web-config-icinga2-ido-mysql, icinga-web-config-icinga2-ido-pgsql: fails to install: icinga2-enable-feature: command not found

[Markus Frosch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Control: fixed 775252 1.12.0-1

I just noticed I forgot to set the BTS information in changelog.

This problem has been finally fixed with 1.12.0-1.

Cheers
Markus Frosch
- -- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJVAfTNAAoJEJo1i6sEpO0nYW4QAKWB0iNiBj1f0Zegirybk86p
/za80M5hwER9TKKEpfaGWrHO3YzjbTgHeR9h3kccvaNLY/C7nx5bd1vJ4qsmBAgG
+TPuHrx/ddU4JHJLnfeAVMvqcpM4snc/RRRsgZE740rfJxL+qDy7/P7tcqByiqZ6
3Alph01ZSJZ6FR6piCLKeU5UqZGO7E2DYe1PhIZZi1TI4e5jBcz5PoJHY1PpOwBO
XD4v7gFQkMpudgTb33eFbd5q6nRiPvnEDC7rTjvzJdaw0js6thT29Vp/2NY0+EfW
NMlMy3Y0NcKYWkTyk8FGg4lliIWArAGwssNrM2prOB2A0Sl16j97J1hi6HSurWMs
CEImMrSnQWoqQkKjF17nItCyEOgUnhGDahNe1Fi3J9CKunwByRrnKaZmNDyZg7/Z
73vHMLbiJWWY4M3rYCLvHHvWZ+y6G+Umaip6SFFXvy797mxR/A1Lc3h1AR5cWeZu
6my2oXFbATTCZ1S7QQyzzKoQHststGQ+lx9wkbWieejQzkQu0OsDK7Ywqkt5lIMs
Fp4TWdjO1dziynXN6tLrZrPHVvR1xV3Z2gYne050Z+/SqNJ7CJVBx9a2/iamnqiH
gQJK7STan1B78NzWzGyffSdZ9Hvoo67vpkSne2tYYLBQPY/vxYvs0X+IZ30fzIaW
xxbBFuUTskvj05pDx1BE
=8hH3
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#774047: [Pkg-nagios-devel] Bug#774047: pnp4nagios FTBFS on arm64, outdated config.sub/guess

[Markus Frosch]

Control: -1 tags + pending

On So, 2014-12-28 at 00:11 +, peter green wrote:
 Your package FTBFS on arm64 due to outdated config.sub/guess. This is a 
 regression and arm64 is now a release architecture hence the serious 
 severity.
 
 Version 0.6.19-1 was the last to build successfully on arm64,  Versions 
 0.6.24+dfsg1-3 was the first to fail on arm64, the intervening versions 
 were not built on arm64 due to bug 769696.

Thanks for noticing.

Patch pending in GIT, will do some work on the package this week, then
upload.

-- 
Markus Frosch
lazyfro...@debian.org / mar...@lazyfrosch.de
http://www.lazyfrosch.de


signature.asc
Description: This is a digitally signed message part

Bug#770743: icinga2-classicui: dangling symlink causes postinst to break

[Markus Frosch]

Package: icinga2-classicui
Version: 2.2.0-1
Severity: important

Hi Alex,

ln: failed to create symbolic link 
`/etc/apache2/conf.d/icinga2-classicui.conf': File exists
dpkg: error processing icinga2-classicui (--configure):

Looks like it's caused by a dangling symlink coming from the config file move.

$ ll /etc/apache2/conf.d
total 0
lrwxrwxrwx 1 root root 36 Nov  9 23:04 icinga2-classicui.conf - 
../../icinga2/classicui/apache2.conf

Haven't got much time at hand.

Thanks
Markus

-- System Information:
Debian Release: 7.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages icinga2 depends on:
ii  icinga2-bin 2.2.0-1~debmon70+3
ii  icinga2-common  2.2.0-1~debmon70+3

Versions of packages icinga2 recommends:
ii  icinga2-doc   2.2.0-1~debmon70+3
ii  monitoring-plugins-basic  2.0-1~debmon70+1
ii  nagios-plugins-basic  2.0-1~debmon70+1

icinga2 suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690973: Still interested in packaging it with proper patches?

[Markus Frosch]

On Mo, 2014-10-27 at 18:17 -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
 Markus: I have just asked upstream if he would take some patches to fix the 
 environment variables issues, and I think that I could handle some other 
 packaging issues too.
 
 If upstream accepts the patches, would you reconsider packaging it for Debian?

Hi Lisandro,
If upstream supports a reasonable way of a system wide installation,
with proper user config files in $HOME/.something, then I would like to
package the software

Cheers
Markus


-- 
Markus Frosch
lazyfro...@debian.org / mar...@lazyfrosch.de
http://www.lazyfrosch.de


signature.asc
Description: This is a digitally signed message part