date:20161024

Bug#841007: linux-image-4.8.0-rc8-amd64-unsigned: Shutdown when pressing any key on Asus E200 HA

2016-10-24 Thread Jose M Calhariz

On 24/10/16 03:30, Ben Hutchings wrote:
> On Sun, 2016-10-16 at 21:22 +0100, Jose M Calhariz wrote:
>> Package: src:linux
>> Version: 4.8~rc8-1~exp1
>> Severity: important
>>
>> Dear Maintainer,
>>
>>* What led up to the situation?
>>
>> Using a very recent Debian kernel 4.7 or 4.8.  The vanilla 4.7.0 from
>> kernel.org works.  I simply boot the laptop.  When the X11 is up and
>> ready to input the user name, if I press any key it will shutdown.
> [...]
>
> Is that a clean shutdown (services stopped, filesystems unmounted) or a
> dirty shutdown (shuts off almost immediately, fsck reports an error on
> the next boot)?
>
> What happens if you press a key earlier than that?
>
> Ben.
>
Yes, it seams to be a clean shutdown.  User programs killed, services
shutdown, nothing logged.


If I press a key earlier, it is just ignored, as expected.


Kind regards

Jose M Calhariz





signature.asc
Description: OpenPGP digital signature

Bug#841884: openssh: CVE-2016-8858: Memory exhaustion due to unregistered KEXINIT handler after receiving message

2016-10-24 Thread Salvatore Bonaccorso

Source: openssh
Version: 1:6.7p1-5
Severity: normal
Tags: security upstream

Hi,

the following vulnerability was published for openssh.

CVE-2016-8858[0]:
|Memory exhaustion due to unregistered KEXINIT handler after receiving
|message

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-8858
[1] 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127=text/x-cvsweb-markup
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1384860

Regards,
Salvatore

Bug#834857: [Pkg-nagios-devel] Bug#834857: nagios-nrpe: please make the build reproducible

2016-10-24 Thread Alexander Wirt

On Mon, 24 Oct 2016, Chris Lamb wrote:

> Dear Maintainer,
> 
> > Source: nagios-nrpe
> > Version: 2.15-0ubuntu1
> > Tags: patch
> 
> There hasn't seem to be any update on this bug in 65 days, in which
> time the Reproducible Builds effort has come on a long way. :)
> 
> Would you consider applying this patch and uploading?
The package is without a maintainer. 

Alex

Bug#841885: gerris: autopkgtests fail with openmpi2

2016-10-24 Thread Graham Inggs

Source: gerris
Version: 20131206+dfsg-9

Hi Maintainer

Since the transition to openmpi2, gerris' autopkgtests have been
failing with the following error:

orte_ess_init failed
--> Returned value A system-required executable either could not be
found or was not executable by this user (-126) instead of
ORTE_SUCCESS

I solved this by adding mpi-default-bin to debian/tests/control as follows:

--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,2 +1,2 @@
 Tests: testHydro testKinetic testPlate testQuadr
-Depends: gerris, libgfs-dev, build-essential, pkg-config, mpi-default-dev
+Depends: gerris, libgfs-dev, build-essential, pkg-config,
mpi-default-dev, mpi-default-bin

However, if the dependencies libgfs-dev, build-essential, pkg-config,
mpi-default-dev and mpi-default-bin are actually needed for normal
usage of gerris, then maybe they should rather be added to the gerris
package's Depends in debian/control.

Regards
Graham

Bug#836385: [Pkg-auth-maintainers] Bug#836385: yubikey-personalization: Please announce supported hardware using appstream

2016-10-24 Thread Klas Lindfors

> Klas, does the PIDs make sense to you?
>

No.

usb:v1050p0010d*
> usb:v1050p0011d*
> usb:v1050p0014d*
> usb:v1050p0016d*
> usb:v1050p0401d*
> usb:v1050p0403d*
> usb:v1050p0405d*
> usb:v1050p0407d*
> usb:v1050p0410d*
>

yubikey-personalization works with 0010, 0110, 0111, 0114, 0116, 0401,
0403, 0405, 0407 & 0410

/klas

Bug#834857: [Pkg-nagios-devel] Bug#834857: nagios-nrpe: please make the build reproducible

2016-10-24 Thread Chris Lamb

Alexander Wirt wrote:

> > Would you consider applying this patch and uploading?
>
> The package is without a maintainer. 

Not quite sure what this means; should you orphan it, RM it, etc.? :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#834861: cookiecutter: please make the build reproducible

2016-10-24 Thread Chris Lamb

Vincent Bernat wrote:

> >> Maybe I can just build the documentation with HOME=/home/docs as an
> >> environment variable?
> >
> > That could work. Might be nicer to use the patch though, otherwise we
> > could have duplicate workarounds once it gets released upstream. :)
> 
> OK, I'll apply the patch. I have another bug to fix in the package, so
> the upload should be soon.

Great stuff; thanks! I suppose it would be nice to say to upstream "hey,
look, it works for us!"  ;-)

Thanks again.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#841877: Don't recommend contacting base-passwd maintainer for dynamic UIDs

2016-10-24 Thread Colin Watson

Control: tag -1 patch

On Sun, Oct 23, 2016 at 08:00:23PM -0700, Sean Whitton wrote:
> Policy section "Permissions and owners" probably shouldn't recommend
> contacting the base-passwd maintainer when selecting a username for a
> dynamically-allocated UID created by a postinst maintscript.  It should
> continue to recommend contacting the base-passwd maintainer when the
> postinst script needs to create a static UID.

I (obviously) agree.  How about this patch?  I'm seeking seconds for
this proposal.

diff --git a/policy.sgml b/policy.sgml
index 9cd182b..ab4f736 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -9610,9 +9610,7 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
  that a dynamically allocated id can be used.  In this case
  you should choose an appropriate user or group name,
  discussing this on debian-devel and checking
- with the adduser in the preinst or
  postinst script (again, the latter is to be

-- 
Colin Watson   [cjwat...@debian.org]

Bug#841886: Please upgrade babeltrace to the 1.5 series for Stretch

2016-10-24 Thread Sebastian Andrzej Siewior

Package: babeltrace
Version: 1.4.0-3
Severity: wishlist

Could you please bump babeltrace to the 1.5 series which is prepared in
https://github.com/jgalar/babeltrace/tree/stable-1.5-staging

This is upstream kind answer to what is needed to get the `perf' command
(from the linux-perf package) linked against libbabeltrace and so
support a perf to CTF conversion.

If you need any support on packaging etc. please let me know, I am glad
to help to get this done before the transition freeze on 5th November.

Sebastian

Bug#770542: can not run debdry --dry for a java package

2016-10-24 Thread Paul Wise

Control: severity -1 wishlist
Control: retitle -1 debdry: add support for Java packages with 
javahelper/maven-debian-helper/mh_make

On Sat, 22 Nov 2014 10:18:52 +0100 Picca Frédéric-Emmanuel wrote:

> Hello, i would like to try debdry with the remotetea package
> but I got this error
...
> RuntimeError: No method found for debianising .

There is simply no support for Java packages yet. If you would like to
add that, the debdry package is orphaned and git is in collab-maint.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#841887: reportbug: PPTP and VPN L2TP can not be connected, can be connected after reboot

2016-10-24 Thread PPTP and L2TP VPN can not connect

Package: reportbug
Version: 6.4.4+deb7u1
Severity: important

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***


-- Package-specific info:
** Environment settings:
INTERFACE="text"

** /root/.reportbugrc:
reportbug_version "6.4.4"
mode standard
ui text
realname "PPTP and L2TP VPN can not connect"
email "l...@hpsasaki.com"
no-check-uid
no-cc
header "X-Debbugs-CC: l...@hpsasaki.com"
smtphost reportbug.debian.org

-- System Information:
Debian Release: 7.11
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages reportbug depends on:
ii  apt   0.9.7.9+deb7u7
ii  python2.7.3-4+deb7u1
ii  python-reportbug  6.4.4+deb7u1

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail 
pn  debconf-utils  
pn  debsums
pn  dlocate
pn  emacs22-bin-common | emacs23-bin-common
ii  exim4  4.80-7+deb7u3
ii  exim4-daemon-light [mail-transport-agent]  4.80-7+deb7u3
ii  file   5.11-2+deb7u9
ii  gnupg  1.4.12-7+deb7u8
pn  python-gtk2
pn  python-gtkspell
pn  python-urwid   
pn  python-vte 
pn  xdg-utils  

Versions of packages python-reportbug depends on:
ii  apt   0.9.7.9+deb7u7
ii  python2.7.3-4+deb7u1
ii  python-debian 0.1.21
ii  python-debianbts  1.11
ii  python-support1.0.15

python-reportbug suggests no packages.

-- no debconf information

Oct 24 00:45:37 s50 kernel: [187448.606291] [ cut here ]
Oct 24 00:45:37 s50 kernel: [187448.608040] kernel BUG at 
/build/linux-K0o_uQ/linux-3.2.82/drivers/net/ppp/ppp_generic.c:279!
Oct 24 00:45:37 s50 kernel: [187448.608040] invalid opcode:  [#1] SMP 
Oct 24 00:45:37 s50 kernel: [187448.608040] CPU 1 
Oct 24 00:45:37 s50 kernel: [187448.608040] Modules linked in: ppp_deflate 
zlib_deflate authenc xfrm4_mode_transport hmac sha1_ssse3 sha1_generic arc4 ecb 
ppp_mppe ipt_LOG xt_ipp2p(O) compat_xtables(O) xt_TCPMSS xt_state xt_tcpudp 
xt_hashlimit xt_multiport iptable_filter ipt_MASQUERADE iptable_nat nf_nat 
nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack ip_tables x_tables ppp_async 
crc_ccitt ppp_generic slhc xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp 
esp4 ah4 af_key nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc loop snd_pcm 
crc32c_intel snd_page_alloc snd_timer snd soundcore pcspkr aesni_intel 
aes_x86_64 aes_generic cryptd virtio_balloon psmouse joydev evdev serio_raw 
processor i2c_piix4 thermal_sys i2c_core button ext4 crc16 jbd2 mbcache usbhid 
hid sg sr_mod cdrom ata_generic virtio_blk virtio_net floppy ata_piix libata 
uhci_hcd ehci_hcd usbcore scsi_mod usb_common virtio_pci virtio_ring virtio 
[last unloaded: scsi_wait_scan]
Oct 24 00:45:37 s50 kernel: [187448.635348] 
Oct 24 00:45:37 s50 kernel: [187448.635348] Pid: 19757, comm: pppd Tainted: G   
O 3.2.0-4-amd64 #1 Debian 3.2.82-1 Red Hat KVM
Oct 24 00:45:37 s50 kernel: [187448.635348] RIP: 0010:[]  
[] ppp_pernet+0x5/0x19 [ppp_generic]
Oct 24 00:45:37 s50 kernel: [187448.635348] RSP: 0018:88003c62bdf0  EFLAGS: 
00010246
Oct 24 00:45:37 s50 kernel: [187448.635348] RAX:  RBX: 
88003c52eac0 RCX: 00654500
Oct 24 00:45:37 s50 kernel: [187448.635348] RDX: 0003 RSI: 
4004743a RDI: 
Oct 24 00:45:37 s50 kernel: [187448.635348] RBP: fff2 R08: 
8802 R09: 88003bcca758
Oct 24 00:45:37 s50 kernel: [187448.635348] R10: 0246 R11: 
0246 R12: 88003700d2c0
Oct 24 00:45:37 s50 kernel: [187448.635348] R13: 00654500 R14: 
0003 R15: 
Oct 24 00:45:37 s50 kernel: [187448.635348] FS:  7f160da1d700() 
GS:88003fd0() knlGS:
Oct 24 00:45:37 s50 kernel: [187448.635348] CS:  0010 DS:  ES:  CR0: 
80050033
Oct 24 00:45:37 s50 kernel: [187448.635348] CR2: 7f96f321e518 CR3: 
36d49000 CR4: 06e0
Oct 24 00:45:37 s50 kernel: [187448.635348] DR0:  DR1: 
 DR2: 
Oct 24 00:45:37 s50 kernel: [187448.635348] DR3:  DR6: 
0ff0

Bug#815916: Followup

2016-10-24 Thread Viktor Mihajlovski

On 24.10.2016 00:41, Philipp Kern wrote:
[...]
>> 
>> [1] 
>> http://changelogs.ubuntu.com/changelogs/pool/main/p/partman-base/partman-base_187ubuntu2/changelog
>>
>> 
[2]
>> http://changelogs.ubuntu.com/changelogs/pool/main/p/partman-partitioning/partman-partitioning_110ubuntu4/changelog
>
>> 
> I pushed the first one (together with another fix for extended 
> partitions) to git now. As we're currently in the process of
> cutting another debian-installer release, I'll wait with the upload
> and then push the fix to partman-partitioning after the new
> partman-base is in the archive.
> 
> Kind regards and thanks Philipp Kern
> 

Thanks, I'll verify once the new package versions show up.

-- 

Mit freundlichen Grüßen/Kind Regards
   Viktor Mihajlovski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Köderitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294

Bug#834861: cookiecutter: please make the build reproducible

2016-10-24 Thread Vincent Bernat

 ❦ 24 octobre 2016 06:41 +0100, Chris Lamb  :

>> Source: cookiecutter
>> Version: 0.7.2-1
>> Tags: patch
>
> FYI I've pinged upstream on this.

Maybe I can just build the documentation with HOME=/home/docs as an
environment variable?
-- 
ROMEO:  Courage, man; the hurt cannot be much.
MERCUTIO:   No, 'tis not so deep as a well, nor so wide
as a church-door; but 'tis enough, 'twill serve.


signature.asc
Description: PGP signature

Bug#841487: ruby-kaminari: All the files under app/ are missing

2016-10-24 Thread 李健秋

Package: ruby-kaminari
Followup-For: Bug #841487

Hi,

I've built a local package with above options specificed in debian/rules.
The obs search function works now with this local package installed.

Should I upload this package?

Best regards,
-Andrew

Bug#831917: apt-show-source: diff for NMU version 0.10+nmu5

2016-10-24 Thread Paul Wise

Control: tags 831917 + pending

I've prepared an NMU for apt-show-source (versioned as 0.10+nmu5) and
uploaded it to DELAYED/2. Please feel free to tell me if I should delay
it longer or remove it.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru apt-show-source-0.10+nmu4/debian/changelog apt-show-source-0.10+nmu5/debian/changelog
--- apt-show-source-0.10+nmu4/debian/changelog	2015-12-28 03:03:31.0 +0800
+++ apt-show-source-0.10+nmu5/debian/changelog	2016-10-24 14:49:40.0 +0800
@@ -1,3 +1,10 @@
+apt-show-source (0.10+nmu5) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add patch by Santiago Vila to fix `debuild -A` (Closes: #831917)
+
+ -- Paul Wise   Mon, 24 Oct 2016 14:49:40 +0800
+
 apt-show-source (0.10+nmu4) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru apt-show-source-0.10+nmu4/debian/rules apt-show-source-0.10+nmu5/debian/rules
--- apt-show-source-0.10+nmu4/debian/rules	2015-12-28 04:39:07.0 +0800
+++ apt-show-source-0.10+nmu5/debian/rules	2016-10-24 14:48:47.0 +0800
@@ -53,12 +53,12 @@
 		$(MAKE) pure_install DESTDIR=$(PWD)/debian/apt-show-source; \
 	fi
 
-# Build architecture-independent files here.
-binary-indep: build install
+# Build architecture-dependent files here.
+binary-arch:
 # We have nothing to do by default.
 
-# Build architecture-dependent files here.
-binary-arch: build install
+# Build architecture-independent files here.
+binary-indep: build install
 #	dh_testversion
 	dh_testdir
 	dh_testroot


signature.asc
Description: This is a digitally signed message part

Bug#834861: cookiecutter: please make the build reproducible

2016-10-24 Thread Chris Lamb

Vincent Bernat wrote:

> > FYI I've pinged upstream on this.
> 
> Maybe I can just build the documentation with HOME=/home/docs as an
> environment variable?

That could work. Might be nicer to use the patch though, otherwise we
could have duplicate workarounds once it gets released upstream. :)

Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#841882: monodevelop: TargetFramework not properly generated for Mono/.NET 4.0

2016-10-24 Thread William L. DeRieux IV

Package: monodevelop
Version: 5.10.0.871-2
Severity: important

When building a project and targeting Mono/.NET 4.0 an assemlyinfo file is
automatically generated
in the obj folder: .NETFramework\,Version\=v4.5.AssemblyAttribute.cs

The content of this file is:
// 
[assembly:
global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5",
FrameworkDisplayName = "")]

When targeting Mono/.NET 4.0 the file should be named
.NETFramework\,Version\=v4.0.AssemblyAttribute.cs
---
And the content of this file should be:
// 
[assembly:
global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0",
FrameworkDisplayName = "")]


as per: https://msdn.microsoft.com/en-
us/library/system.runtime.versioning.targetframeworkattribute(v=vs.110).aspx


I don't know if that alone would be enough.

I was writing some test code and targeting Mono/.Net 4.0 (I could target 4.5)
-- the fact that there are two seperate options
indicates, to me, that they are building against different runtime versions.

Under mono (and wine when targeting v4.0/v4.5) the code runs correctly.

However that some code (compiled aginst v4.0) will not execute on any system
where .Net 4.5 cannot be installed.

What happended is that (as with my code) the code (on Windows XP) would throw
missing method exceptions for
Marshal.SizeOf, Marshal.StructureToPtr, etc -- because instead of targeting
v4.0 is was actually built against v4.5.

I'm not sure if this was a bug, or intended behavior.



-- System Information:
Debian Release: stretch/sid
  APT prefers testing-debug
  APT policy: (1001, 'testing-debug'), (1001, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages monodevelop depends on:
ii  gnome-icon-theme  3.12.0-2
ii  gnome-terminal [x-terminal-emulator]  3.22.0-3
ii  libc6 2.24-3
ii  libcairo2 1.14.6-1+b1
ii  libfontconfig12.11.0-6.7
ii  libgconf2.0-cil   2.24.2-4
ii  libglade2.0-cil   2.12.10-6
ii  libglib2.0-0  2.50.1-1
ii  libglib2.0-cil2.12.10-6
ii  libgnome-vfs2.0-cil   2.24.2-4
ii  libgnome2.24-cil  2.24.2-4
ii  libgtk2.0-0   2.24.31-1
ii  libgtk2.0-cil 2.12.10-6
ii  libgtkspell0  2.0.16-1.1
ii  libmono-cairo4.0-cil  4.2.1.102+dfsg2-8
ii  libmono-corlib4.5-cil 4.2.1.102+dfsg2-8
ii  libmono-microsoft-build-engine4.0-cil 4.2.1.102+dfsg2-8
ii  libmono-microsoft-build-framework4.0-cil  4.2.1.102+dfsg2-8
ii  libmono-microsoft-build-utilities-v4.0-4.0-cil4.2.1.102+dfsg2-8
ii  libmono-microsoft-csharp4.0-cil   4.2.1.102+dfsg2-8
ii  libmono-posix4.0-cil  4.2.1.102+dfsg2-8
ii  libmono-sharpzip4.84-cil  4.2.1.102+dfsg2-8
ii  libmono-system-componentmodel-dataannotations4.0-cil  4.2.1.102+dfsg2-8
ii  libmono-system-configuration4.0-cil   4.2.1.102+dfsg2-8
ii  libmono-system-core4.0-cil4.2.1.102+dfsg2-8
ii  libmono-system-data-services-client4.0-cil4.2.1.102+dfsg2-8
ii  libmono-system-data4.0-cil4.2.1.102+dfsg2-8
ii  libmono-system-design4.0-cil  4.2.1.102+dfsg2-8
ii  libmono-system-drawing4.0-cil 4.2.1.102+dfsg2-8
ii  libmono-system-numerics4.0-cil4.2.1.102+dfsg2-8
ii  libmono-system-runtime-serialization4.0-cil   4.2.1.102+dfsg2-8
ii  libmono-system-runtime4.0-cil 4.2.1.102+dfsg2-8
ii  libmono-system-security4.0-cil4.2.1.102+dfsg2-8
ii  libmono-system-servicemodel4.0a-cil   4.2.1.102+dfsg2-8
ii  libmono-system-web-mvc3.0-cil 4.2.1.102+dfsg2-8
ii  libmono-system-web-razor2.0-cil   4.2.1.102+dfsg2-8
ii  libmono-system-web-services4.0-cil4.2.1.102+dfsg2-8
ii  libmono-system-web-webpages-razor2.0-cil  4.2.1.102+dfsg2-8
ii  libmono-system-web4.0-cil 4.2.1.102+dfsg2-8
ii

Bug#834861: cookiecutter: please make the build reproducible

2016-10-24 Thread Vincent Bernat

 ❦ 24 octobre 2016 07:01 +0100, Chris Lamb  :

>> Maybe I can just build the documentation with HOME=/home/docs as an
>> environment variable?
>
> That could work. Might be nicer to use the patch though, otherwise we
> could have duplicate workarounds once it gets released upstream. :)

OK, I'll apply the patch. I have another bug to fix in the package, so
the upload should be soon.
-- 
Don't comment bad code - rewrite it.
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature

Bug#831917: apt-show-source: FTBFS with dpkg-buildpackage -A: dpkg-genchanges: error: binary build with no binary artifacts found; cannot distribute

2016-10-24 Thread Paul Wise

Control: tags -1 - patch

On Thu, 21 Jul 2016 21:30:04 +0200 (CEST) Santiago Vila wrote:

> Swapped binary-* targets.
> 
> Trivial patch attached.

This patch causes `dpkg-buildpackage -B` to fail, untagging.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#831917: apt-show-source: FTBFS with dpkg-buildpackage -A: dpkg-genchanges: error: binary build with no binary artifacts found; cannot distribute

2016-10-24 Thread Paul Wise

Control: tags -1 + patch

On Mon, 24 Oct 2016 14:19:30 +0800 Paul Wise wrote:

> This patch causes `dpkg-buildpackage -B` to fail, untagging.

... but that is of course the correct thing since there are no arch-dep 
packages built by the package. I'll upload to 2-day delayed.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#841856: Upstream correction of CVE-2016-7543 is incomplete

2016-10-24 Thread Ola Lundqvist

Hi

No. If you want I can do that.

Please note that the patch I attached essentally disable the whole PS4
variable support so upstream can probably do something more intelligent.

/ Ola

Sent from a phone

Den 24 okt 2016 07:00 skrev "Salvatore Bonaccorso" :

Control: found -1 4.2+dfsg-0.1
Control: tags -1 + upstream

Hi

Adding the testcases from Ola, which were referenced at

https://lists.debian.org/debian-lts/2016/10/msg00141.html

Ola, have you reported this to upstream?

Regards,
Salvatore

Bug#841856: Upstream correction of CVE-2016-7543 is incomplete

2016-10-24 Thread Salvatore Bonaccorso

Hi Ola,

Thanks for quick followup!

On Mon, Oct 24, 2016 at 08:50:46AM +0200, Ola Lundqvist wrote:
> Hi
> 
> No. If you want I can do that.

I think that would be good, to get Chet's attention on the issue. Once
it's clear, we might need to as well request a CVE for it on
oss-security.

> Please note that the patch I attached essentally disable the whole PS4
> variable support so upstream can probably do something more intelligent.

Yep, and thus I really think we should have Chet Ramey with his
upstream hat look into it.

Thanks for your work and regards,
Salvatore

Bug#840436: selenium-firefoxdriver: Mark the package as auto-buildable and request its whitelisting on the buildd side

2016-10-24 Thread Sascha Girrulat

Hi Raphael,

thx for the hint. Ich will do some bugfixes this days.

Regards
Sascha

Am 11. Oktober 2016 17:14:42 MESZ, schrieb "Raphaël Hertzog" 
:
>Source: selenium-firefoxdriver
>Version: 2.53.2-1
>Severity: normal
>User: de...@kali.org
>Usertags: origin-kali
>
>firefox-driver was missing on i386, I just uploaded the missing binary.
>The problem is that non-free is not auto-built by default.
>
>Please have a look at
>https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#non-free-buildd
>and follow the instructions to get the package auto-built. This
>requires
>adding a special field in debian/control and then sending a mail
>to nonf...@release.debian.org.
>
>Cheers,
>-- System Information:
>Debian Release: stretch/sid
>  APT prefers unstable
>APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
>'oldstable'), (1, 'experimental')
>Architecture: amd64 (x86_64)
>Foreign Architectures: i386
>
>Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
>Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
>Shell: /bin/sh linked to /bin/dash
>Init: systemd (via /run/systemd/system)

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Bug#841888: libvte-2.90-9: Cannot use Shift-Home / Shift-End / etc. shortcuts inside client applications

2016-10-24 Thread Andre Rodier

Package: libvte-2.90-9
Version: 1:0.36.3-1
Severity: important

Dear Maintainer,

libvte comes with keyboard shortcuts pre-configured, even if we do not want to 
use them. Therefore, it is not possible to entirely use some applications 
shortcuts in editors, like emacs or vi.

These keyboard shortcuts need to be completely disabled, and delegated to clien 
applications like Gnome Terminal, etc.

   * When using emacs (or vi) in console mode, keyboard shortcuts like 
Shift-Home or Shift-End are captured by the terminal, and hidden to Emacs (or 
vi).
   * Cannot use these shortcuts in any console application!
   * These keyboard shortcuts should be left to the users. This is already 
possible with Gnome Terminal, I am sure we could remove them.


-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvte-2.90-9 depends on:
ii  libatk1.0-0  2.14.0-1
ii  libc62.19-18+deb8u6
ii  libcairo-gobject21.14.0-2.1+deb8u1
ii  libcairo21.14.0-2.1+deb8u1
ii  libgdk-pixbuf2.0-0   2.31.1-2+deb8u5
ii  libglib2.0-0 2.48.0-1~bpo8+1
ii  libgtk-3-0   3.14.5-1+deb8u1
ii  libncurses5  5.9+20140913-1+b1
ii  libpango-1.0-0   1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libtinfo55.9+20140913-1+b1
ii  libvte-2.90-common   1:0.36.3-1
ii  libx11-6 2:1.6.2-3
ii  libxext6 2:1.3.3-1

libvte-2.90-9 recommends no packages.

libvte-2.90-9 suggests no packages.

-- no debconf information

Bug#841889: grub-pc: ucf prompt that wants to change nothing except remove admin-defined config

2016-10-24 Thread Thorsten Glaser

Package: grub-pc
Version: 2.02~beta3-1
Severity: important
Justification: Policy §3.9.1

Upgrading GRUB:

Unpacking grub-pc (2.02~beta3-1) over (2.02~beta2-36) ...
[…]
Setting up grub-pc (2.02~beta3-1) ...

Then I get an ucf prompt, and the entire diff is:

Package configuration

┌─┤ Configuring grub-pc 
├─┐
│   
  │
│ Line by line differences between versions 
  │
│   
  │
│ --- /etc/default/grub root.root 0644 2016-04-21 15:08:07  
  │
│ +++ /tmp/grub.Z2QbwNev1k root.root 0644 2016-10-24 07:45:50   
  │
│ @@ -8,8 +8,6 @@   
  │
│  GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` 
  │
│  GRUB_CMDLINE_LINUX_DEFAULT=""
  │
│  GRUB_CMDLINE_LINUX="net.ifnames=0 kaslr" 
  │
│ -GRUB_DISABLE_SUBMENU=y   
  │
│ -GRUB_FONT=/usr/share/grub/FixedMisc.pf2  
  │
│   
  │
│  # Uncomment to enable BadRAM filtering, modify to suit your 
needs  │
│  # This works with Linux (no patch required) and with any kernel 
that obtains   │
│ @@ -25,7 +23,7 @@ 
  │
│  #GRUB_GFXMODE=640x480
  │
│   
  │
│  # Uncomment if you don't want GRUB to pass "root=UUID=xxx" 
parameter to Linux  │
│ -GRUB_DISABLE_LINUX_UUID=true 
  │
│ +#GRUB_DISABLE_LINUX_UUID=true
  │
│   
  │
│  # Uncomment to disable generation of recovery mode menu entries  
  │
│  #GRUB_DISABLE_RECOVERY="true"
  │
│   
  │
│   
  │
│   
  │

└─┘


This is *nothing* changed in the base config, and almost *all*
changes the local admin did reverted.

Packages, by policy, “should try to minimize the amount of prompting
they need to do”, and, furthermore, “an upgrade should not ask the same
questions again”. I also expect a package to respect the local admin’s
configuration changes, so this is border-line RC.



-- Package-specific info:

*** BEGIN /proc/mounts
/dev/mapper/vg--ci--busyapps-lv--root / ext4 
rw,noatime,errors=remount-ro,data=ordered 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

insmod part_msdos
insmod lvm
insmod ext2
set 
root='lvmid/oyV2xM-hoQ2-b7rl-EPe4-PXyD-xK4D-84vpHC/repsLU-STzJ-8acy-Edls-nW1b-qzGW-3DYbKN'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root

Bug#841890: fonts-noto: Missing Noto Emoji

2016-10-24 Thread Paul Norman

Package: fonts-noto
Version: 20160724-3
Severity: wishlist

Dear Maintainer,

The Noto font "Noto Emoji Regular" is not included in any of the fonts-noto 
packages.

It is located at 
https://github.com/googlei18n/noto-emoji/blob/master/fonts/NotoEmoji-Regular.ttf

Cross-reference 
https://github.com/gravitystorm/openstreetmap-carto/issues/2379, where it was 
reported to the OpenStreetMap Carto team.

*** End of the template - remove these template lines ***


-- Package-specific info:
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   VersionArchitecture  
 Description
+++-==-==-==-=
ii  fontconfig 2.11.0-6.7 amd64 
 generic font configuration library - support binaries
ii  libfreetype6:amd64 2.6.3-3+b1 amd64 
 FreeType 2 font engine, shared library files
ii  libxft2:amd64  2.3.2-1amd64 
 FreeType-based font drawing library for X

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fonts-noto depends on:
ii  fonts-noto-hinted  20160724-3

Versions of packages fonts-noto recommends:
ii  fonts-noto-cjk   1:1.004+repack2-1
ii  fonts-noto-mono  20160724-3
ii  fonts-noto-unhinted  20160724-3

fonts-noto suggests no packages.

-- no debconf information

Bug#841891: brickos: Patch used in NMU 0.9.0.dfsg-12.1

2016-10-24 Thread Petter Reinholdtsen


Package: brickos
Version: 0.9.0.dfsg-12.1
Severity: wishlist
Tags: patch

The attached patch was used when I NMU-ed brickos just now.  Perhaps it
is a good idea to maintain brickos in the Debian LEGO team,
https://wiki.debian.org/LegoDesigners >.

I did not add AppStream hardware mapping to the package in this NMU, but
believe it is a good idea to make sure those inserting an RCX will get
brickos as a proposal when using isenkram.

-- 
Happy hacking
Petter Reinholdtsen
diff --git a/debian/changelog b/debian/changelog
index 91f7921..d65fac6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+brickos (0.9.0.dfsg-12.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fixed arch independent build problem (Closes: #806000).
+  * Updated Standards-Version from 3.9.6 to 3.9.8.
+
+ -- Petter Reinholdtsen   Mon, 24 Oct 2016 07:45:48 +
+
 brickos (0.9.0.dfsg-12) unstable; urgency=low
 
   * Actually apply the patch for 787984. Sorry and thanks once more Maria
diff --git a/debian/control b/debian/control
index 5d313e7..43001e2 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: devel
 Priority: extra
 Maintainer: Michael Tautschnig 
 Build-Depends: debhelper (>= 9), binutils-h8300-hms (>= 2.16.1), gcc-h8300-hms (>= 1:3.4.6), sgmltools-lite, doxygen
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Homepage: http://brickos.sourceforge.net
 
 Package: brickos
diff --git a/debian/rules b/debian/rules
index 265a3e3..639c6dc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -33,6 +33,7 @@ override_dh_clean:
 
 override_dh_auto_install:
 	#  Install the package into debian/brickos.
+	mkdir -p $(CURDIR)/debian/brickos/usr/bin
 	$(MAKE) install docs-install inst_prefix=/usr prefix=$(CURDIR)/debian/brickos/usr mandir=$(CURDIR)/debian/brickos/usr/share/man
 	#  remove docs we shouldn't install
 	rm -f $(CURDIR)/debian/brickos/usr/share/doc/brickos/html/INSTALL-cygwin*

Bug#841856: Upstream correction of CVE-2016-7543 is incomplete

2016-10-24 Thread Ola Lundqvist

Hi

Thanks for fast response. I have now reported it upstream as you can see in
the mail I just sent.

Best regards

// Ola

On 24 October 2016 at 09:08, Salvatore Bonaccorso  wrote:

> Hi Ola,
>
> Thanks for quick followup!
>
> On Mon, Oct 24, 2016 at 08:50:46AM +0200, Ola Lundqvist wrote:
> > Hi
> >
> > No. If you want I can do that.
>
> I think that would be good, to get Chet's attention on the issue. Once
> it's clear, we might need to as well request a CVE for it on
> oss-security.
>
>
> > Please note that the patch I attached essentally disable the whole PS4
> > variable support so upstream can probably do something more intelligent.
>
> Yep, and thus I really think we should have Chet Ramey with his
> upstream hat look into it.
>
> Thanks for your work and regards,
> Salvatore
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#841894: fonts-noto: Noto Emoji missing

2016-10-24 Thread Sven Geggus

Package: fonts-noto
Version: 2013-04-11-2
Severity: wishlist

Hello,

is there a specific reason why not all Noto fonts are included in the
package? Currently in particular "Noto Emoji Regular" is missing which is
needed in Openstreetmap carto style.

Would be nice to have an updated package which will include them.

Regards

Sven

Bug#841856: Correction of CVE-2016-7543 is incomplete

2016-10-24 Thread Ola Lundqvist

Version: all (see note below)
Hardware: all
Operating system: Debian GNU Linux (but all should be affected)
Compiler: gcc

Hi

In CVE-2016-7543 a problem was reported that it is possible to privilege
escalate to root.
The correction as seen here
http://lists.gnu.org/archive/html/bug-bash/2016-10/msg9.html
is not complete. Well it do prevent privilege escalation to root, but it is
possible to escalate to any other user and that may be bad too.

The problem has also been reported (by me) in Debian as you can see here:
http://bugs.debian.org/841856

I have attached a tar file with exploit code. The exploit code is used like
this:
make
sudo make root
make test

Test 1 is the exploit for CVE-2016-7543
Test 2 is the exploit for this problem
Test 3 is just a reference test.

The proposed patch essentially disable the whole PS4 variable support for
all users (not only root as the patch was for CVE-2016-7543. Please let me
know if you have a better idea on how to handle this.

Version note: The attached correction is made on a 4.2 system with a patch
for CVE-2016-7543.
However it should apply on 4.4 as well.

Let me know if you need any further details.

Best regards

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---


exploit.tar.gz
Description: GNU Zip compressed data


CVE-2016-7543-bug-841856-20161023.patch
Description: Binary data

Bug#841895: apf-firewall: Apf blocks mysql connection on 127.0.0.1

2016-10-24 Thread root@webx

Package: apf-firewall
Version: 9.7+rev1-3
Severity: important

There is a daily cronjob running which is restarting apf-firewall. However, 
sometimes 
it breaks my system - to be specific - it somehow blocks connectivity for mysql 
on 127.0.0.1 
and I'm not able to connect neither command line, websites are not working, MTA 
postfix (with ispconfig) 
fails to check for table lookup (because it's connecting to with user/pass on 
127.0.0.1. Localhost 
connections are working normally. After stopped firewall with e.g. "apf -f" - 
on first F5 refresh all 
websites are working, I'm able to connect in mysql through "mysql -p -h 
127.0.0.1". This doesn't happen 
every day, it happens on random basics and always in same time around 06:26AM - 
cronjob dailys are schedules 
to run on 06:25AM. I can't reproduce the problem, but so far I know that 
stopping apf-firewal 
fixes the problem. I don't even have to restart mysql/MTA - stopping apf is 
enough. Any idea what 
could cause this?

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages apf-firewall depends on:
ii  iproute   1:3.16.0-2
ii  iptables  1.4.21-2+b1
ii  lsb-base  4.1+Debian13+nmu1
ii  wget  1.16-1

apf-firewall recommends no packages.

apf-firewall suggests no packages.

-- Configuration Files:
/etc/apf-firewall/conf.apf changed [not included]
/etc/apf-firewall/deny_hosts.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/deny_hosts.rules'
/etc/apf-firewall/ds_hosts.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/ds_hosts.rules'
/etc/apf-firewall/glob_allow.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/glob_allow.rules'
/etc/apf-firewall/glob_deny.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/glob_deny.rules'
/etc/apf-firewall/preroute.rules changed [not included]
/etc/apf-firewall/sdrop_hosts.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/sdrop_hosts.rules'
/etc/cron.daily/apf-firewall changed [not included]
/etc/default/apf-firewall changed [not included]

-- no debconf information

Bug#841882: workaround

2016-10-24 Thread William L. DeRieux IV


The thrown exceptions look like these:

ERROR: System.MissingMethodException: Method not found: 'Int32 
System.Runtime.InteropServices.Marshal.SizeOf(!!0)'.
ERROR: System.MissingMethodException: Method not found: 'Void 
System.Runtime.InteropServices.Marshal.StructureToPtr(!!0, IntPtr, 
Boolean)'.


 this are the faulting lines (in the code I'm working with) 
Int32 intTokenElevationSize = Marshal.SizeOf(tevTokenElevation);
Marshal.StructureToPtr(tevTokenElevation, pteTokenElevation, true);

 explicitly casting to object fixes the method not found error 
Int32 intTokenElevationSize = 
Marshal.SizeOf((object)tevTokenElevation);
Marshal.StructureToPtr((object)tevTokenElevation, 
pteTokenElevation, true);

Bug#834857: [Pkg-nagios-devel] Bug#834857: nagios-nrpe: please make the build reproducible

2016-10-24 Thread Alexander Wirt

On Mon, 24 Oct 2016, Chris Lamb wrote:

> Alexander Wirt wrote:
> 
> > > Would you consider applying this patch and uploading?
> >
> > The package is without a maintainer. 
> 
> Not quite sure what this means; should you orphan it, RM it, etc.? :)
oh there were several people unhappy with my decisions that thought they
would make a better maintainer. Therefore I gave up on it but none of them
ever did anything on the package. Someone (not me) should probably ask for
removal, I don't want another personal shitstorm on me. 

Alex

> 
> 
> Regards,
> 
> -- 
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#841896: glueviz: Does not work correctly if PyQt5 is installed

2016-10-24 Thread Yannick Roehlly

Package: glueviz
Version: 0.9.0+dfsg-1
Severity: normal

Hi,

>From version 0.9.0 glue uses QtPy for the GUI.  This one selects the 
>appropriate
PyQt backend among those available, PyQt5 having the highest ranking.  But glue
seems to have problem with Qt5: one can load a dataset but the visualisation
window can't be moved or update (I talked about this with Thomas Robitaille at
ADASS).  One solution is to force the use of PyQt4; this can be done using the
QT_API environment variable, for instance adding this to the glue script:

import os
os.environ['QT_API'] = 'pyqt4'

Regards,

Yannick

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages glueviz depends on:
ii  ipython32.4.1-1
ii  ipython3-qtconsole  2.4.1-1
ii  python3-glue0.9.0+dfsg-1
ii  python3-pandas  0.19.0+git14-ga40e185-1
ii  python3-pyqt4   4.11.4+dfsg-2
pn  python3:any 

glueviz recommends no packages.

glueviz suggests no packages.

-- no debconf information

Bug#841897: apf-firewall: Apf blocks mysql connection on 127.0.0.1

2016-10-24 Thread Mislav | Maxcom


Package: apf-firewall
Version: 9.7+rev1-3
Severity: important

There is a daily cronjob running which is restarting apf-firewall. However, 
sometimes
it breaks my system - to be specific - it somehow blocks connectivity for mysql 
on 127.0.0.1
and I'm not able to connect neither command line, websites are not working, MTA 
postfix (with ispconfig)
fails to check for table lookup (because it's connecting to with user/pass on 
127.0.0.1. Localhost
connections are working normally. After stopped firewall with e.g. "apf -f" - 
on first F5 refresh all
websites are working, I'm able to connect in mysql through "mysql -p -h 
127.0.0.1". This doesn't happen
every day, it happens on random basics and always in same time around 06:26AM - 
cronjob dailys are schedules
to run on 06:25AM. I can't reproduce the problem, but so far I know that 
stopping apf-firewal
fixes the problem. I don't even have to restart mysql/MTA - stopping apf is 
enough. Any idea what
could cause this?

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages apf-firewall depends on:
ii  iproute   1:3.16.0-2
ii  iptables  1.4.21-2+b1
ii  lsb-base  4.1+Debian13+nmu1
ii  wget  1.16-1

apf-firewall recommends no packages.

apf-firewall suggests no packages.

-- Configuration Files:
/etc/apf-firewall/conf.apf changed [not included]
/etc/apf-firewall/deny_hosts.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/deny_hosts.rules'
/etc/apf-firewall/ds_hosts.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/ds_hosts.rules'
/etc/apf-firewall/glob_allow.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/glob_allow.rules'
/etc/apf-firewall/glob_deny.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/glob_deny.rules'
/etc/apf-firewall/preroute.rules changed [not included]
/etc/apf-firewall/sdrop_hosts.rules [Errno 13] Permission denied: 
u'/etc/apf-firewall/sdrop_hosts.rules'
/etc/cron.daily/apf-firewall changed [not included]
/etc/default/apf-firewall changed [not included]

-- no debconf information

Bug#840699: ninix-aya: does not work with ruby-gnome2 3.0.9-1

2016-10-24 Thread Ying-Chun Liu (PaulLiu)

Hi Higuchi,

I believe that the upstream has already fixes this issue.

In upstream's release notes:
開発環境を Ruby 2.x & Gtk+3 に移行した安定版第2版です。
Ruby-GNOME2 3.0に対応しました。
動作させるには3.0.9以降のRuby/GTK3が必要です。
(2.2.5では動作しなくなっています。)

So I'll take some time to see if I can upload it to experimental.
But it seems to me that this is not a blocker for you to upload
ruby-gnome2 directly to unstable.

Yours Sincerely,
Paul

-- 
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) 



signature.asc
Description: OpenPGP digital signature

Bug#837582: yabause: FTBFS with bindnow and PIE enabled

2016-10-24 Thread Evgeni Golov

On Mon, Sep 12, 2016 at 04:43:31PM +0200, Balint Reczey wrote:
> src/gtk/CMakeFiles/yabause-gtk.dir/build.make:713: recipe for target
> 'src/gtk/yabause-gtk' failed
> make[3]: *** [src/gtk/yabause-gtk] Error 1
> ...

08:36 < Zhenech> Guillaume, debian enabled PIE and bindnow for all builds
08:36 < Zhenech> and yabause fails now :(
08:36 < Zhenech> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837582
08:37 < Guillaume> ah yeah
08:37 < Guillaume> you need to disable the dynarec
08:37 < Guillaume> -DSH2_DYNAREC=OFF
08:37 < Zhenech> also happens with .15 (tried yesterday)
08:38 < Zhenech> what is dynarec? :)
08:38 < Guillaume> the dynamic recompiler version of SH2
08:38 < Guillaume> faster, but...
08:39 < Guillaume> not maintained
08:39 < Guillaume> and it's using a hardcoded pointer

Bug#841294: Overrule maintainer of "global" to package a new upstream version

2016-10-24 Thread Ron

On Sun, Oct 23, 2016 at 08:48:53PM +0200, Tollef Fog Heen wrote:
> ]] Ron 
> 
> > I'm appalled at the status quo.  My concern is that we don't make
> > that even worse with uninformed decisions.  In the absence of good
> > information, sometimes the best thing to do is be patient until
> > more of it arrives.
> 
> I agree with this.  On the other hand, waiting forever isn't productive
> either, which I think is where a lot of Vincent's frustration comes
> from, that it's hard to know when we've waited «long enough».

Indeed.  As I said in the initial summary I posted, I can certainly
sympathise with (and directly feel!) people's frustration with this,
it's my frustration too.  And my frustration with this is the same
sort of problem the TC has with any decision that isn't a clear cut
win-win - it doesn't really fix things to just move that frustration
to a different group of users.  It just restarts the debate with a
different group of angry players feeling hard done by, sending you
hate mail, and resorting to 'hostile' methods they hope might play
out in their favour.

So mostly for me, it had got to a point where I'd exhausted exploring
and advocating for all the obviously possible good outs - and after that
it wasn't so much a case of waiting 'long enough', but rather waiting
until something material changed which tipped the balance or reopened
the discussion with some new aspect to consider, which might make
something else actually look better overall than the status quo did.

... and it may well be that this has actually happened now with
upstream's decision to drop all support for providing a secure
system CGI of any form that people can use for this.  The upstream
code is basically now back to what it was in the 90's, with the only
way to use this being to allow execution of a generated CGI in the
same tree as the html content.  Which was already well known to be a
dangerous and ill advised idiom even back then ...

> I'm leaning towards dropping htags, since that seems to have problems
> security-wise (the idea of generated CGIs don't fill me with joy, at
> least, and hopefully not many others either), and also has a lot less
> value today than it used to back in the days.

That's the direction I'm tipping toward too.  At the very least, this
new change makes it even less desirable than it already was to ship
the new upstream version 'as is', so in the absence of other workable
suggestions, the salient question in my mind is basically boiling down
into:

 Do we just give up on htags as being a viable thing at all, drop it,
 and just worry about whether the rest of what global provides is
 actually sane enough to still ship?

 Or do we keep the current version of htags for existing users, and
 patch the things people report they are having problems with in
 the other parts?

The latter is mainly still an open question, because looking at the
new options global's gtags has added, none of them seem to be
particularly earth shattering innovations - though we still don't
actually have any answer on what is broken about the external ggtags
wrapper to know whether the new options are even related to that at
all.

So fixing that might not actually be all that hard if someone who
cares about the external tools which I don't use wants to look at
what is really broken about them, and might be the closest we get
to actually giving both sides of that something resembling a fair
compromise.  I'd certainly be prepared to review and apply any
sane patches to do that (and that's always been an open offer).

But it would still leave us with the abstract math question of
whether two half-sucks are greater or less than a whole.

And I don't know offhand whether there are any other external tools
we need to consider.  Vincent claimed there were "many frontends"
effected by this, but I don't know if that was a Rhetorical Many,
or based on a numbering system that goes {0,Many,ManyMany,...}, or
if he knows something else that he didn't detail - but nobody has
yet mentioned any other "frontends" in reports to the BTS or to me.
So if they actually exist, and do have problems, it would be good
to know what they are so we can include them in any assessment of
this too.

> Maybe the question we should ask is less «who/how many people use
> htags?» and more «what value does htags provide?».  I'm no big fan of
> arbitrarily breaking people's workflows, which we might be the result if
> we remove htags.

Yes, at the very least I think that's looking like the only metric
which we can objectively weigh up and base any decision along these
lines and its rationale upon.  I don't think we can entirely discount
existing users, but it's not looking like we're going to get any
stronger basis for a head count argument (for either side of this)
than we'd get from chicken entrails.

If we can at least tell them something like "We're really sorry,
but it's 2017, have you ever looked at doxygen?  Here's a handy
comparison." - that's a bit

Bug#841902: ITP: golang-github-voxelbrain-goptions -- flexible Go parser for command line options

2016-10-24 Thread Sascha Steinbiss

Package: wnpp
Severity: wishlist
Owner: Sascha Steinbiss 

* Package name: golang-github-voxelbrain-goptions
  Version : 2.5.11-1
  Upstream Author : voxelbrain
* URL : https://github.com/voxelbrain/goptions
* License : BSD-3-clause
  Programming Lang: Go
  Description : flexible Go parser for command line options

goptions implements a flexible parser for command line options in Go.

Key targets were the support for both long and short flag versions, mutually
exclusive flags, and verbs. Flags and their corresponding variables are defined
by the tags in a (possibly anonymous) struct.

Bug#841901: ITP: golang-github-thecreeper-go-notify -- implementation of the GNOME DBus Notifications Specification

2016-10-24 Thread Sascha Steinbiss

Package: wnpp
Severity: wishlist
Owner: Sascha Steinbiss 

* Package name: golang-github-thecreeper-go-notify
  Version : 0.0~git20160203.0.b5cd147-1
  Upstream Author : 
* URL : https://github.com/TheCreeper/go-notify
* License : BSD-2-clause
  Programming Lang: Go
  Description : Go implementation of the GNOME DBus Notifications 
Specification

The package notify provides a Go implementation of the GNOME DBus Notifications
Specification (https://developer.gnome.org/notification-spec).

This is packaged as a dependency of CoyIM.

Bug#839931: [Pkg-freeradius-maintainers] Bug#839931: freeradius-config: fails to upgrade from 'sid' - trying to overwrite /etc/freeradius/clients.conf

2016-10-24 Thread Michael Stapelberg

I think the issue is that the file(s) in question (e.g.
/etc/freeradius/hints) are marked as conffiles in freeradius
2.2.8+dfsg-0.1+b3:

# grep hints /var/lib/dpkg/info/freeradius.*
/var/lib/dpkg/info/freeradius.conffiles:/etc/freeradius/hints
/var/lib/dpkg/info/freeradius.list:/etc/freeradius/hints
/var/lib/dpkg/info/freeradius.postinst:  /etc/freeradius/hints \
/var/lib/dpkg/info/freeradius.prerm:  /etc/freeradius/hints \

When updating, the entry vanishes from freeradius.conffiles, but stays in
freeradius.list:

# dpkg -i freeradius-common_3.0.12+dfsg-1_all.deb
 freeradius_3.0.12+dfsg-1_amd64.deb libfreeradius3_3.0.12+dfsg-1_amd64.deb
freeradius-config_3.0.12+dfsg-1_amd64.deb
(Reading database ... 24462 files and directories currently installed.)
Preparing to unpack freeradius-common_3.0.12+dfsg-1_all.deb ...
Unpacking freeradius-common (3.0.12+dfsg-1) over (3.0.12+dfsg-1) ...
Preparing to unpack freeradius_3.0.12+dfsg-1_amd64.deb ...
Unpacking freeradius (3.0.12+dfsg-1) over (2.2.8+dfsg-0.1+b3) ...
dpkg: warning: unable to delete old directory
'/etc/freeradius/sites-enabled': Directory not empty
dpkg: warning: unable to delete old directory
'/etc/freeradius/sites-available': Directory not empty
dpkg: warning: unable to delete old directory '/etc/freeradius/modules':
Directory not empty
dpkg: warning: unable to delete old directory '/etc/freeradius/certs':
Directory not empty
dpkg: warning: unable to delete old directory '/etc/freeradius': Directory
not empty
Preparing to unpack libfreeradius3_3.0.12+dfsg-1_amd64.deb ...
Unpacking libfreeradius3 (3.0.12+dfsg-1) over (3.0.12+dfsg-1) ...
Preparing to unpack freeradius-config_3.0.12+dfsg-1_amd64.deb ...
Unpacking freeradius-config (3.0.12+dfsg-1) ...
dpkg: error processing archive freeradius-config_3.0.12+dfsg-1_amd64.deb
(--install):
 trying to overwrite '/etc/freeradius/hints', which is also in package
freeradius 3.0.12+dfsg-1
Setting up freeradius-common (3.0.12+dfsg-1) ...
dpkg: dependency problems prevent configuration of freeradius:
 freeradius depends on freeradius-config; however:
  Package freeradius-config is not installed.

dpkg: error processing package freeradius (--install):
 dependency problems - leaving unconfigured
Setting up libfreeradius3 (3.0.12+dfsg-1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-1) ...
Errors were encountered while processing:
 freeradius-config_3.0.12+dfsg-1_amd64.deb
 freeradius

# grep hints /var/lib/dpkg/info/freeradius.*
/var/lib/dpkg/info/freeradius.list:/etc/freeradius/hints
/var/lib/dpkg/info/freeradius.postinst:
 /etc/freeradius/mods-config/preprocess/hints \
/var/lib/dpkg/info/freeradius.prerm:
 /etc/freeradius/mods-config/preprocess/hints \

anbe, do you know how this situation should be properly handled? Do I need
to use rm_conffiles in the maintscripts?

Thanks!

On Sat, Oct 15, 2016 at 3:15 PM, Andreas Beckmann  wrote:

> Followup-For: Bug #839931
> Control: found -1 3.0.12+dfsg-1
>
> Hi,
>
> there are still file overwrite problems in the latest version:
>
>   Preparing to unpack .../07-freeradius_3.0.12+dfsg-1_amd64.deb ...
>   Unpacking freeradius (3.0.12+dfsg-1) over (2.2.8+dfsg-0.1+b3) ...
>   dpkg: warning: unable to delete old directory 
> '/etc/freeradius/sites-enabled':
> Directory not empty
>   dpkg: warning: unable to delete old directory 
> '/etc/freeradius/sites-available':
> Directory not empty
>   dpkg: warning: unable to delete old directory '/etc/freeradius/modules':
> Directory not empty
>   dpkg: warning: unable to delete old directory '/etc/freeradius/certs':
> Directory not empty
>   dpkg: warning: unable to delete old directory '/etc/freeradius':
> Directory not empty
>   Selecting previously unselected package freeradius-config.
>   Preparing to unpack .../08-freeradius-config_3.0.12+dfsg-1_amd64.deb ...
>   Unpacking freeradius-config (3.0.12+dfsg-1) ...
>   dpkg: error processing archive /tmp/apt-dpkg-install-5B7fDA/
> 08-freeradius-config_3.0.12+dfsg-1_amd64.deb (--unpack):
>trying to overwrite '/etc/freeradius/hints', which is also in package
> freeradius 3.0.12+dfsg-1
>
>
> Andreas
>
> ___
> Pkg-freeradius-maintainers mailing list
> pkg-freeradius-maintain...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-
> freeradius-maintainers
>

-- 
Best regards,
Michael

Bug#841700: linux-image-4.7.0-1-686: upgrade from 4.7.6-1 to 4.7.8-1 prevents booting; freezes during initrd loading

2016-10-24 Thread Martin-Éric Racine

2016-10-24 5:00 GMT+03:00 Ben Hutchings :
> Control: tag -1 moreinfo
>
> On Sat, 2016-10-22 at 16:24 +0300, Martin-Éric Racine wrote:
>> Package: src:linux
>> Version: 4.7.8-1
>> Severity: important
>>
>> After upgrading from 4.7.6-1 to 4.7.8-1 this host cannot boot under
>> kernel 4 anymore. The host freezes while loading the initrd image.
>> GRUB displays "loading linux-image", followed by "loading initrd-
>> image" and then become unresponsive.  By comparison, launching kernel
>> 3.16 from the GRUB menu, kernel messages start appearing within a few
>> seconds of the "loading initrd-image" GRUB message.
>
> What's the kernel command line?

BOOT_IMAGE=/boot/vmlinuz-3.16.0-4-586
root=UUID=97b2628b-28a5-49f2-85f7-495728b3bef8 ro panic=15 pnpbios=off
cs5535audio.ac97_quirk=1 nopat quiet nosplash

> Please also get a kernel log, by replacing the 'quiet' parameter on the
> boot command line with 'earlyprintk=vga'.

This still doesn't get me past the "loading initrd image" GRUB prompt.

Martin-Éric

Bug#841893: ITP: golang-github-gotk3-gotk3 -- Go bindings for GTK3

2016-10-24 Thread Sascha Steinbiss

Package: wnpp
Severity: wishlist
Owner: Sascha Steinbiss 

* Package name: golang-github-gotk3-gotk3
  Version : GOTK3_0_2_0+git20161020.501.2caa15f-1
  Upstream Author : Conformal Systems LLC.
* URL : https://github.com/gotk3/gotk3
* License : ISC
  Programming Lang: Go
  Description : Go bindings for GTK3

The gotk3 project provides Go bindings for GTK+3 and dependent projects.   
Each component is given its own subdirectory, which is used as the 
import path for the package.   
  
Partial binding support for the following libraries is currently implemented:  
  
  - GTK+3 (3.12 and later) 
  - GDK 3 (3.12 and later) 
  - GLib 2 (2.36 and later)
  - Cairo (1.10 and later) 
  
Care has been taken for memory management to work seamlessly with Go's 
garbage collector without the need to use or understand GObject's floating 
references.

This is packaged as a dependency of CoyIM.

Bug#841892: ITP: golang-github-twstrike-otr3 -- Go implementation of the OTR 3 protocol

2016-10-24 Thread Sascha Steinbiss

Package: wnpp
Severity: wishlist
Owner: Sascha Steinbiss 

* Package name: golang-github-twstrike-otr3
  Version : 0.0~git20161015.0.744856d-1
  Upstream Author : STRIKE Team
* URL : https://github.com/twstrike/otr3
* License : GPL-3.0
  Programming Lang: Go
  Description : Go implementation of the OTR 3 protocol

OTR3 implements version 3 of the OTR standard in Go.
Implements feature parity with libotr 4.1.0.

This is packaged as a dependency for CoyIM.

Bug#790803: ITP: amp -- atomistic machine-learning potentials

2016-10-24 Thread Graham Inggs

On 24 October 2016 at 05:36, Muammar El Khatib  wrote:
> On 10/20/2016 03:28 AM, Graham Inggs wrote:
>> No, but I do have a local packaging of neural (before the name changed
>> to amp) which was working, but since the project changed to amp and
>> was re-organized, it longer works and I don't know if any of it is
>> still relevant.  I can mail it to you privately, if you wish.
>>
>
> That would be great!.

I have sent it, let me know if you didn't receive it.

> I forgot to answer that. I would love to team-maintain scalapack in
> debian-science!. I do not have too much time for maintaining it  as it
> deserves. I will read the wiki of Debian science and request to be added to
> the group.

Thanks!  Would you consider doing the same for blacs-mpi?

Bug#841899: ITP: golang-github-twstrike-gotk3adapter -- adapters and interfaces for gotk3

2016-10-24 Thread Sascha Steinbiss

Package: wnpp
Severity: wishlist
Owner: Sascha Steinbiss 

* Package name: golang-github-twstrike-gotk3adapter
  Version : 0.0~git20160819.0.3499960-1
  Upstream Author : STRIKE Team
* URL : https://github.com/twstrike/gotk3adapter
* License : GPL-3.0
  Programming Lang: Go
  Description : adapters and interfaces for gotk3

gotk3adapter contains adapters and interfaces for gotk3 in order to make
testing possible.

This is packaged as a dependency of CoyIM.

Bug#841898: ITP: golang-github-hydrogen18-stalecucumber -- Reader and writer for Python's pickle format in Golang

2016-10-24 Thread Sascha Steinbiss

Package: wnpp
Severity: wishlist
Owner: Sascha Steinbiss 

* Package name: golang-github-hydrogen18-stalecucumber
  Version : 0.0~git20161012.0.cd9ec28-1
  Upstream Author : Eric Urban
* URL : https://github.com/hydrogen18/stalecucumber
* License : BSD-2-clause
  Programming Lang: Go
  Description : Reader and writer for Python's pickle format in Golang

stalecucumber reads and writes pickled data. The format is
the same as the Python "pickle" module.

Protocols 0,1,2 are implemented. These are the versions written by the
Python 2.x series. Python 3 defines newer protocol versions, but can
write the older protocol versions so they are readable by this package.

This is packaged as a dependency of CoyIM.

Bug#841900: ITP: node-builtin-modules -- List of the Node.js builtin modules

2016-10-24 Thread Sruthi Chandran

Package: wnpp
Severity: wishlist
Owner: Sruthi Chandran 
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-builtin-modules
  Version : 1.1.1
  Upstream Author : Sindre Sorhus 
(sindresorhus.com)
* URL : https://github.com/sindresorhus/builtin-modules#readme
* License : Expat
  Programming Lang: JavaScript
  Description : List of the Node.js builtin modules

Bug#822837: lynx-cur: no longer honours preferences from /etc/lynx-cur/local.cfg

2016-10-24 Thread Thorsten Glaser

ping, the bug is still present and removes admin-defined configuration
upon upgrade from jessie, so…?

lynx-cur: no longer honours preferences from /etc/lynx-cur/local.cfg

Thanks,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Bug#793116: Info received (Bug#793116: Me too)

2016-10-24 Thread Salvo Tomaselli

In my case the issue is that if you delete /etc/machine-id, then
journald will crash.

I tracked it down with strace.

I would say it's a bug to crash if it's not available.

2016-10-21 16:39 GMT+02:00 Debian Bug Tracking System :
> Thank you for the additional information you have supplied regarding
> this Bug report.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> Your message has been sent to the package maintainer(s):
>  Debian systemd Maintainers 
>
> If you wish to submit further information on this problem, please
> send it to 793...@bugs.debian.org.
>
> Please do not send mail to ow...@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
>
> --
> 793116: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793116
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems

Bug#841840: iceweasel: regression in mathML between 38.8 and 45.4

2016-10-24 Thread Frédéric WANG

It's a bug in the Latin Modern Math fonts. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799731

-- 
Frédéric Wang




signature.asc
Description: OpenPGP digital signature

Bug#841969: /usr/share/man/de/man8/apt-get.8.gz: German man page confusion in apt-get source subcommand

2016-10-24 Thread David Kalnischkies

Hi,

thanks for the report!

On Mon, Oct 24, 2016 at 10:48:40PM +0200, Dominik George wrote:
> The German man page has a mistake in the section for the source command.
> 
> The English text says:
> 
>A specific source version can be retrieved by postfixing the
>source name with an equals and then the version to fetch,
> 
> The German text says:
> 
>Eine bestimmte Quellversion kann durch Voranstellen eines
>Gleichheitszeichens vor den Paketnamen und dann der Version zum
>Herunterladen erhalten werde,
> 
> Now, "Voranstellen" means "prefixing", which is quite the contrary of the
> English text (and the actual syntax) ;).
> 
> Fix:
> 
>Eine bestimmte Quellversion kann durch Anhängen eines
>Gleichheitszeichens an den Paketnamen und dann der Version zum
>Herunterladen erhalten werden,
> 
> Mind that I also added an -n to the last word while at it.

while I happen to be able to read and understand German as it is my
native language, let me follow the usual way of resolving l10n problems
by refering it to the responsible translator (Chris Leick) instead as he
will know best what the "state of the union" is.


Best regards

David Kalnischkies


signature.asc
Description: PGP signature

Bug#841843: printer-driver-escpr: backend can't find PPD file

2016-10-24 Thread Brian Potkin

On Mon 24 Oct 2016 at 19:46:51 +0200, Matteo Croce wrote:

> Hi,
> 
> I attach a clean error_log with loglevel set to debug.
> I ran your command, but file.out is empty.

This is because the final filter did not complete.

> I attach wf2530.log anyway

Thanks. I get exactly the same as you. It shows the system being unable
to move on to the final filter, epson-escpr-wrapper. It also appears to
show Ghostscript not carrying out a conversion with the filter
gstoraster. I have observed the same behaviour on Jessie and with other
PPDs from the same package.

  > DEBUG: OUTFORMAT="(null)", so output format will be CUPS/PWG Raster
  > PPD file not found, or PPD file is broken. Cannot get option of PIPS.ERROR: 
epson-escpr-wrapper (PID 538) stopped with status 1

  > INFO: texttopdf (PID 535) exited with no errors.
  > INFO: pdftopdf (PID 536) exited with no errors.

  > DEBUG: Ghostscript command line: /usr/bin/gs -dQUIET -dPARANOIDSAFER 
-dNOPAUSE -dBATCH -dNOINTERPOLATE -dNOMEDIAATTRS -sstdout=%stderr 
-sOutputFile=%stdout -sDEVICE=cups -r360x360 -dDEVICEWIDTHPOINTS=595 
-dDEVICEHEIGHTPOINTS=841 -dcupsBitsPerColor=8 -dcupsColorOrder=0 
-dcupsColorSpace=1 -dcupsCompression=1 -scupsPageSizeName=A4 
-I/usr/share/cups/fonts -c '<>setpagedevice' -f -_

  > INFO: Start rendering...
  > INFO: Processing page 1...
  > ERROR: Unable to open raster stream - : Broken pipe
  > Error: /ioerror in --showpage--

  > INFO: Rendering completed
  > ERROR: gstoraster (PID 537) stopped with status 1


You error_log also backs up wf2530.log by showing epson-escpr-wrapper
reporting "Cannot get option of PIPS" and

  D [24/Oct/2016:19:38:57 +0200] [Job 90] PID 32749 
(/usr/lib/cups/filter/epson-escpr-wrapper) stopped with status 1.
  D [24/Oct/2016:19:39:01 +0200] [Job 90] PID 32747 
(/usr/lib/cups/filter/gstoraster) stopped with status 1.

Unfortuately, my error_log show nothing of this. There is no mention of
PIPS and epson-escpr-wrapper and gstoraster complete successfully. I
have no explanation for this difference.

My print queue was set up (all on one line) with

  lpadmin -p wf2530 -v file:/home/brian/wf2530 -E 
-m 
escpr:/0/cups/model/epson-inkjet-printer-escpr/Epsom-WF-2530_Series-epson-escpr-en-ppd

and I printed with

  lp -d wf2530 /etc/nsswitch.conf

You could try this to see whether it gets printing going for you.

Cheers,

Brian.

Bug#841973: Pending fixes for bugs in the libastro-fits-cfitsio-perl package

2016-10-24 Thread pkg-perl-maintainers

tag 841973 + pending
thanks

Some bugs in the libastro-fits-cfitsio-perl package are closed in
revision 9a06b774b549edf2b2d1f5b1b713bc20efa05312 in branch 'master'
by gregor herrmann

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages/libastro-fits-cfitsio-perl.git/commit/?id=9a06b77

Commit message:

Fix autopkgtest.

Add debian/tests/pkg-perl/smoke-files with the required files.

Closes: #841973

Bug#841650: apt-listbugs: [INTL:nl] Dutch po file for the apt-listbugs package

2016-10-24 Thread Frans Spiesschaert

Hi Francesco,

Francesco Poli schreef op ma 24-10-2016 om 23:18 [+0200]:
> On Fri, 21 Oct 2016 20:31:20 +0200 Frans Spiesschaert wrote:
> 
> [...] 
> > Please find attached the Dutch po file for the apt-listbugs package.
> [...]
> I have one question:
> 
>   #: ../lib/aptlistbugs/logic.rb:412
>   msgid "Are you sure you want to install/upgrade the above packages?"
>   msgstr ""
>   "Weet u zeker dat u bovenstaande programma's wilt installeren/opwaarderen?"
> 
> Is this translation consistent with the rest?
> It seems to me that "packages" has been translated as "pakketten"
> elsewhere (rather than "programma's")...
> Please confirm or specify a better translation for the string, so that
> I can modify it in the .po file.

Thanks for noticing this. You are completely right. I made a real
mistake. It should definitely be:

"Weet u zeker dat u bovenstaande pakketten wilt
installeren/opwaarderen?"



-- 
Cheers,
Frans





signature.asc
Description: This is a digitally signed message part

Bug#831562: ftp.debian.org: Allow source-only uploads to NEW when caused by minor changes in binary packaging

2016-10-24 Thread Daniel Kahn Gillmor

Control: reopen 831562
Control: tags 831562 + wontfix

On Mon 2016-10-24 16:27:56 -0400, Joerg Jaspert wrote:
> No. We use the binary packages to review and as such need them.

well, that's too bad.

> Actually, if you feel like reopening, do so and set it wontfix.

I think i've done this properly.  feel free to adjust!

> This could be done if someone sets up and runs an autobuilder for NEW.
> As this must be *strictly* limited, it won't integrate into the usual
> frameworks.

Can you describe what these strict limitations should be?  That would
probably help anyone who comes along later interested in understanding
the scope of work involved.

> Loads of work. None of us up to it for the forseable future.

that's too bad, but i guess people will just continue working around the
process by immediately re-uploading source-only packages after packages
make it through NEW :/

All the best,

--dkg


signature.asc
Description: PGP signature

Bug#841980: nodejs should recommend ca-certificates

2016-10-24 Thread Daniel Lo Nigro

Package: nodejs
Version: 4.6.0~dfsg-2
Severity: normal

Dear Maintainer,

When CA certificates are not available, Node.js scripts that try to connect
to remote servers using TLS/SSL fail with "Error: unable to get local
issuer certificate".

Other packages that rely on TLS (such as wget and libcurl3-gnutls)
recommend the ca-certificates package, so nodejs should probably also do
this.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (750, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-openvz-042stab108.8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nodejs depends on:
ii  libc62.23-4
ii  libgcc1  1:6.1.1-10
ii  libicu57 57.1-2
ii  libssl1.0.2  1.0.2h-1
ii  libstdc++6   6.1.1-10
ii  libuv1   1.9.1-1
ii  zlib1g   1:1.2.8.dfsg-2+b1

nodejs recommends no packages.

nodejs suggests no packages.

-- no debconf information

Bug#841294: Overrule maintainer of "global" to package a new upstream version

2016-10-24 Thread Ian Jackson

So in summary, the maintainer has:

 * Not packaged the new upstream version due to concerns about a
   feature which is not present in the current Debian version and
   which could therefore be removed from a new-upstream-version upload
   without causing a regression in Debian;

 * Explicitly and repeatedly blocked other people who wanted to do the
   work to upload the new version (possibly with the troublesome
   feature removed);

 * Failed to engage positively with all of the many people who have
   enquired about the question;

 * Specifically, failed to give clear and constructive directions to
   those willing to do the work;

The above have been carrying on for many many years.  There has been
no upload for six years.  Most recently:

 * The maintainer has completely ignored a bug filed in March where
   sseveral people request an update and where it is obvious that
   no-one really understands the problem.

It is not necessary to decide whether the CGI feature should be
disabled, or should ideally be fixed.  It is in fact not necessary to
make any difficult technical analyses to conclude that the maintainer
has made a massive net negative contribution to this package.  They
have done this solely by virtue of their position as the Debian
maintainer.  The maintainer has abused the maintainer's gatekeeper
role.

There are people ready and willing to do the work, who are currently
blocked.  Giving this package to a new maintainer is a no-brainer.


If the TC will not depose a maintainer in circumstances like these,
what will it take ?


Please do not come to a "negotiated settlement" which leaves the
current maintainer in charge.  The effect of that is that all the
constructive and useful people will be subject to the arbitrary whims
of the the current maintainer.

If the TC's decision, in such a clear case of abuse of power, is to
leave the problem maintainer in charge, that is a decision to allow
that person to continue to block people if they feel like it.

With the TC's current attitude, it takes desperation (as well as
determination and courage) to take a matter like this to the TC.  If
you have anything left to lose, taking this kind of dispute to the TC
is a very risky step: the TC is not likely to get rid of a despot, and
despots do not react well to challenges to their authority.  So the
petitioner (who probably cares about the package) is still under the
maintainer's thumb, but they have annoyed the maintainer.

Please would the TC prove me wrong.  (For a change.)


Ian.
(quite frustrated)

-- 
Ian Jackson    These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Bug#841650: apt-listbugs: [INTL:nl] Dutch po file for the apt-listbugs package

2016-10-24 Thread Francesco Poli

On Fri, 21 Oct 2016 20:31:20 +0200 Frans Spiesschaert wrote:

[...] 
> Please find attached the Dutch po file for the apt-listbugs package. 
> It has been submitted for review to the debian-l10n-dutch mailing list. 
> Please add it to your next package revision. 
[...]

Hello Frans,
thanks for the new translation.

I have one question:

  #: ../lib/aptlistbugs/logic.rb:412
  msgid "Are you sure you want to install/upgrade the above packages?"
  msgstr ""
  "Weet u zeker dat u bovenstaande programma's wilt installeren/opwaarderen?"

Is this translation consistent with the rest?
It seems to me that "packages" has been translated as "pakketten"
elsewhere (rather than "programma's")...
Please confirm or specify a better translation for the string, so that
I can modify it in the .po file.

Please note that I know nothing about the Dutch language, hence I may
well be completely off-track.

-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

pgpIpPs1GJya9.pgp
Description: PGP signature

Bug#841949: Acknowledgement (minidlna: Minidlna fails to display AVI files)

2016-10-24 Thread raphael truc

Finally, installing libavifile did the trick, it was probably removed when
doing apt autoremove.
Maybe it should be a dependance
Sorry for the noise

Raphael

2016-10-24 20:51 GMT+02:00 Debian Bug Tracking System :

> Thank you for filing a new Bug report with Debian.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> Your message has been sent to the package maintainer(s):
>  Alexander GQ Gerasiov 
>
> If you wish to submit further information on this problem, please
> send it to 841...@bugs.debian.org.
>
> Please do not send mail to ow...@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
>
> --
> 841949: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841949
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>

Bug#841976: ITP: puppet-module-camptocamp-kmod -- Puppet module for managing kmod configuration

2016-10-24 Thread Thomas Goirand

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-camptocamp-kmod
  Version : 2.1.1
  Upstream Author : Raphaël Pinson 
* URL : https://github.com/camptocamp/puppet-kmod
* License : Apache-2.0
  Programming Lang: Puppet
  Description : Puppet module for managing kmod configuration

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module handles kernel module loading and configuration. It is perfect for
 manipulating things in /etc/modprobe.d/.conf.

Bug#686490: closed by Axel Beckert <a...@debian.org> (Bug#686490: fixed in aiccu 20070115-16)

2016-10-24 Thread Axel Beckert

Hi Barak,

Barak A. Pearlmutter wrote:
> Because it has potential security implications, I just pushed a
> debian/README.source to the collab-maint repo describing how the
> debian/fedora patches can be updated, after doing so.

Thanks. I'm not yet sure if they will be of use for me, but if so, the
README.source will surely help.

I also added and pushed a changelog entry documenting the addition.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#841985: seabios: Please update to last release (1.9.3)

2016-10-24 Thread Laurent Bigonville

Package: seabios
Version: 1.8.2-1
Severity: wishlist

Hi,

There is apparently a new release for seabios, shouldn't this version be
packaged in debian?

https://www.seabios.org/Releases#SeaBIOS_1.9.3

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- no debconf information

Bug#841983: haskell-cryptonite: Fix alignment of blocks in sha3_update()

2016-10-24 Thread Clint Adams

On Mon, Oct 24, 2016 at 05:01:26PM -0700, Steve Langasek wrote:
> In Ubuntu, we've observed a build failure of haskell-cryptonite on armhf
> owing to the fact that our armhf builders run on an arm64 kernel which
> raises SIGBUS on unaligned access.  While most of the hash implementations
> have compatible alignment assumptions, SHA3 uses 64-bit blocks, which
> triggers this problem.

Should this go upstream as well?

Bug#841984: tracker.debian.org: comment appears on tracker pages

2016-10-24 Thread Cyril Brulebois

Package: tracker.debian.org
Severity: important
Tags: patch

Hi,

Michael Biebl noticed this message appears on pages like [1]:
|{# A hidden modal which would display a list of email addresses, allowing 
the user to choose which one to subscribe to the package. #} 

 1. https://tracker.debian.org/pkg/dpkg

Looking at the git history, it seems a comment going multiline triggered
this. Proposal to fix that attached.


KiBi.
>From 6d37120adefe7eb22f585db6e12dc612c0c94f51 Mon Sep 17 00:00:00 2001
From: Cyril Brulebois 
Date: Tue, 25 Oct 2016 01:59:53 +0200
Subject: [PATCH] Fix multiline comment.

This fixes a regression introduced in:
| commit 3f029d09d27ba2fb656c34fa63d5d13edcb1caf1
| Author: Ben Finney 
| Date:   Tue Oct 11 16:23:29 2016 +1100
|
| Rephrase all gendered references to the user, to be gender-neutral.

since the {# foo #} syntax is only for single line comments.
---
 distro_tracker/core/templates/core/package.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/distro_tracker/core/templates/core/package.html b/distro_tracker/core/templates/core/package.html
index d861f27..fadedab 100644
--- a/distro_tracker/core/templates/core/package.html
+++ b/distro_tracker/core/templates/core/package.html
@@ -67,10 +67,10 @@
 {% endblock %}
 
 {% block page-content %}
-{#
+{% comment %}
   A hidden modal which would display a list of email addresses,
   allowing the user to choose which one to subscribe to the package.
-#}
+{% endcomment %}
 {% spaceless %}
 
   
-- 
2.1.4

Bug#841979: jessie-pu: package minissdpd/1.2.20130907-3

2016-10-24 Thread James Cowgill

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-CC: Thomas Goirand 

Hi,

The attached debdiff fixes #816759 (minissdpd: CVE-2016-3178
CVE-2016-3179) for jessie. Both CVEs are taged 'no-DSA' by the security
team.

Thanks,
James

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500,
'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru minissdpd-1.2.20130907/debian/changelog 
minissdpd-1.2.20130907/debian/changelog
--- minissdpd-1.2.20130907/debian/changelog 2014-07-14 08:02:57.0 
+0100
+++ minissdpd-1.2.20130907/debian/changelog 2016-10-24 22:46:46.0 
+0100
@@ -1,3 +1,15 @@
+minissdpd (1.2.20130907-3+deb8u1) jessie; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759)
+The minissdpd daemon contains a improper validation of array index
+vulnerability (CWE-129) when processing requests sent to the Unix
+socket at /var/run/minissdpd.sock the Unix socket can be accessed
+by an unprivileged user to send invalid request causes an
+out-of-bounds memory access that crashes the minissdpd daemon.
+
+ -- James Cowgill   Mon, 24 Oct 2016 22:46:46 +0100
+
 minissdpd (1.2.20130907-3) unstable; urgency=medium
 
   * Removed $all from init.d script.
diff -Nru minissdpd-1.2.20130907/debian/patches/CVE-2016-3178.patch 
minissdpd-1.2.20130907/debian/patches/CVE-2016-3178.patch
--- minissdpd-1.2.20130907/debian/patches/CVE-2016-3178.patch   1970-01-01 
01:00:00.0 +0100
+++ minissdpd-1.2.20130907/debian/patches/CVE-2016-3178.patch   2016-10-24 
22:43:23.0 +0100
@@ -0,0 +1,95 @@
+Description: Fix CVE-2016-3178
+ buffer overflow while handling negative length request
+Author: Salva Peiró 
+Origin: upstream, 
https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
+Bug-Debian: https://bugs.debian.org/816759
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/minissdpd.c
 b/minissdpd.c
+@@ -555,7 +555,7 @@ void processRequest(struct reqelem * req
+   type = buf[0];
+   p = buf + 1;
+   DECODELENGTH_CHECKLIMIT(l, p, buf + n);
+-  if(p+l > buf+n) {
++  if(l > (unsigned)(buf+n-p)) {
+   syslog(LOG_WARNING, "bad request (length encoding)");
+   goto error;
+   }
+@@ -661,7 +661,7 @@ void processRequest(struct reqelem * req
+   goto error;
+   }
+   DECODELENGTH_CHECKLIMIT(l, p, buf + n);
+-  if(p+l > buf+n) {
++  if(l > (unsigned)(buf+n-p)) {
+   syslog(LOG_WARNING, "bad request (length encoding)");
+   goto error;
+   }
+@@ -679,7 +679,7 @@ void processRequest(struct reqelem * req
+   newserv->usn[l] = '\0';
+   p += l;
+   DECODELENGTH_CHECKLIMIT(l, p, buf + n);
+-  if(p+l > buf+n) {
++  if(l > (unsigned)(buf+n-p)) {
+   syslog(LOG_WARNING, "bad request (length encoding)");
+   goto error;
+   }
+@@ -697,7 +697,7 @@ void processRequest(struct reqelem * req
+   newserv->server[l] = '\0';
+   p += l;
+   DECODELENGTH_CHECKLIMIT(l, p, buf + n);
+-  if(p+l > buf+n) {
++  if(l > (unsigned)(buf+n-p)) {
+   syslog(LOG_WARNING, "bad request (length encoding)");
+   goto error;
+   }
+--- a/testminissdpd.c
 b/testminissdpd.c
+@@ -45,6 +45,23 @@ void printresponse(const unsigned char *
+ #define SENDCOMMAND(command, size) write(s, command, size); \
+   printf("Command written type=%u\n", (unsigned)command[0]);
+ 
++int connect_unix_socket(const char * sockpath)
++{
++  int s;
++  struct sockaddr_un addr;
++
++  s = socket(AF_UNIX, SOCK_STREAM, 0);
++  addr.sun_family = AF_UNIX;
++  strncpy(addr.sun_path, sockpath, sizeof(addr.sun_path));
++  if(connect(s, (struct sockaddr *), sizeof(struct sockaddr_un)) < 
0) {
++  fprintf(stderr, "connecting to %s : ", addr.sun_path);
++  perror("connect");
++  exit(1);
++  }
++  printf("Connected to %s\n", addr.sun_path);
++  return s;
++}
++
+ /* test program for minissdpd */
+ int
+ main(int argc, char * * argv)
+@@ -52,6 +69,7 @@ main(int argc, char * * argv)
+   char command1[] = 
"\x01\x00urn:schemas-upnp-org:device:InternetGatewayDevice";
+   char command2[] =

Bug#841498: also affects exposure tone curve widgets

2016-10-24 Thread nemo Inis

Just FYI for anyone googling for a reason for symptoms:

This bug (i.e., rawtherapee 4.2.1241 is incompatible with GTK 3.22) also makes 
the rawtherapee
exposure tone curve widgets unusable: they don't refresh properly, so the 
curves become unreadable.

Best to downgrade to 4.2.0 until support for GTK 3.22 is added

Bug#841983: haskell-cryptonite: Fix alignment of blocks in sha3_update()

2016-10-24 Thread Steve Langasek

Package: haskell-cryptonite
Version: 0.20-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu zesty ubuntu-patch

Hi Clint,

In Ubuntu, we've observed a build failure of haskell-cryptonite on armhf
owing to the fact that our armhf builders run on an arm64 kernel which
raises SIGBUS on unaligned access.  While most of the hash implementations
have compatible alignment assumptions, SHA3 uses 64-bit blocks, which
triggers this problem.

Please consider applying the attached patch to the Debian package.

Strangely, it appears that this build failure is unrelated to the build
failure seen on sparc64; so this only benefits users who happen to have the
same set of kernel settings for armhf on Debian.  (It's possible that
skipping the unaligned traps is also a performance benefit, but that's
probably not true on all architectures and I have not tried to measure the
effect.)

Thanks,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
diff -Nru haskell-cryptonite-0.20/debian/patches/crypto-buffer-alignment.patch haskell-cryptonite-0.20/debian/patches/crypto-buffer-alignment.patch
--- haskell-cryptonite-0.20/debian/patches/crypto-buffer-alignment.patch	1969-12-31 16:00:00.0 -0800
+++ haskell-cryptonite-0.20/debian/patches/crypto-buffer-alignment.patch	2016-10-24 16:53:07.0 -0700
@@ -0,0 +1,51 @@
+Author: Steve Langasek 
+Description: fix alignment of memory blocks used by SHA3
+ SHA3 works in 64-bit chunks, but the incoming data pointer can be at any
+ address.  Copy our data to an aligned address, to avoid SIGBUS on certain
+ platforms.
+ .
+ This is not the only alignment issue in the code, but it is the one that
+ manifests as SIGBUS on the most architectures.
+
+Index: haskell-cryptonite-0.20/cbits/cryptonite_sha3.c
+===
+--- haskell-cryptonite-0.20.orig/cbits/cryptonite_sha3.c
 haskell-cryptonite-0.20/cbits/cryptonite_sha3.c
+@@ -23,6 +23,7 @@
+  */
+ 
+ #include 
++#include 
+ #include 
+ #include "cryptonite_bitfn.h"
+ #include "cryptonite_sha3.h"
+@@ -107,6 +108,7 @@ void cryptonite_sha3_init(struct sha3_ct
+ void cryptonite_sha3_update(struct sha3_ctx *ctx, const uint8_t *data, uint32_t len)
+ {
+ 	uint32_t to_fill;
++	uint64_t *data_aligned = NULL;
+ 
+ 	to_fill = ctx->bufsz - ctx->bufindex;
+ 
+@@ -124,6 +126,13 @@ void cryptonite_sha3_update(struct sha3_
+ 		ctx->bufindex = 0;
+ 	}
+ 
++	/* fix up alignment if necessary */
++	if (len && (unsigned long) data & 7) {
++		data_aligned = malloc(len);
++		memcpy(data_aligned, data, len);
++		data = (uint8_t *) data_aligned;
++	}
++
+ 	/* process as much ctx->bufsz-block */
+ 	for (; len >= ctx->bufsz; len -= ctx->bufsz, data += ctx->bufsz)
+ 		sha3_do_chunk(ctx->state, (uint64_t *) data, ctx->bufsz / 8);
+@@ -133,6 +142,7 @@ void cryptonite_sha3_update(struct sha3_
+ 		memcpy(ctx->buf + ctx->bufindex, data, len);
+ 		ctx->bufindex += len;
+ 	}
++	free(data_aligned);
+ }
+ 
+ void cryptonite_sha3_finalize(struct sha3_ctx *ctx, uint32_t hashlen, uint8_t *out)
diff -Nru haskell-cryptonite-0.20/debian/patches/series haskell-cryptonite-0.20/debian/patches/series
--- haskell-cryptonite-0.20/debian/patches/series	1969-12-31 16:00:00.0 -0800
+++ haskell-cryptonite-0.20/debian/patches/series	2016-10-24 16:53:06.0 -0700
@@ -0,0 +1 @@
+crypto-buffer-alignment.patch

Bug#840469: dh_sysuser: should add a dependency to "perl-modules" to remove sysuser.

2016-10-24 Thread Russ Allbery

Dmitry Bogatov  writes:

> It is unfortunate. I am considering following patch:

>   --- a/postrm-sysuser.sh
>   +++ b/postrm-sysuser.sh
>   @@ -3,6 +3,8 @@
>if [ "$1" = purge ] ; then
>   rm -f "$store/$package"
>   if [ $(count_files_in "$store") = 1 ] ; then
>   -   deluser --force --remove-home "$username"
>   +   home=$(getent passwd "$username"| cut -d: -f6)
>   +   deluser --force "$username"
>   +   rm -fr --preserve-root --one-file-system -- "$home"
>   fi
>fi

> but I am scared to invoke `rm -fr' with root. I beleive, that deluser would
> handle it better then me.

I would be pretty scared about that too.  It would make me very nervous.
I think you'd at least want to put some sanity checks here.  I could see a
local sysadmin changing the home directory of a system user to / or some
other catastrophic location.

-- 
Russ Allbery (r...@debian.org)

Bug#841987: twine-register missing

2016-10-24 Thread Andrew Pollock

Package: twine
Version: 1.3.1-1
Severity: important

Dear Maintainer,

   I was trying to register a new project using twine
   I ran the command below
   It failed alluding to the absence of twine-register
   I did not expect this failure to occur


apollock@carbonite:~/piptest$ twine register 
dist/pypi_security_check-1.0-py2.py3-none-any.whl 
Traceback (most recent call last):
  File "/usr/bin/twine", line 9, in 
load_entry_point('twine==1.3.1', 'console_scripts', 'twine')()
  File "/usr/lib/python3/dist-packages/twine/__main__.py", line 24, in main
return dispatch(sys.argv[1:])
  File "/usr/lib/python3/dist-packages/twine/cli.py", line 41, in dispatch
p = subprocess.Popen(["twine-{0}".format(args.command)] + args.args)
  File "/usr/lib/python3.4/subprocess.py", line 859, in __init__
restore_signals, start_new_session)
  File "/usr/lib/python3.4/subprocess.py", line 1457, in _execute_child
raise child_exception_type(errno_num, err_msg)
FileNotFoundError: [Errno 2] No such file or directory: 'twine-register'



-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages twine depends on:
ii  python3   3.4.2-2
ii  python3-pkginfo   1.1-2
ii  python3-requests  2.4.3-6
pn  python3:any   

twine recommends no packages.

twine suggests no packages.

-- no debconf information

Bug#841981: nodejs should recommend ca-certificates

2016-10-24 Thread Jérémy Lal

2016-10-25 1:43 GMT+02:00 Daniel Lo Nigro :

> Apart from that, is there a good reason to use Recommend instead of Depend
>> ?
>
>
> I'm not sure. wget and libcurl3-gnutls both "Recommend" rather than
> "Depend" on ca-certificates. I think it's because wget still mostly works
> without it, it's just TLS/SSL connections that fail. Node.js behaves the
> same way, all of Node.js works without ca-certificates except for TLS
> connections.
>
>
I'm leaning toward Depend, because upstream bundles certificates (and the
nodejs debian package patches upstream to use ca-certificates instead),
users expect the usual certificates independently of how they installed
nodejs.

Jérémy

Bug#841401: chromium: doesn't update extensions

2016-10-24 Thread Joachim Breitner

Hi,

On Thu, 20 Oct 2016 11:08:14 +0200 Bruno Bierbaumer 
 Debian's Chromium package doesn't seem to be able to update the
installed extensions.
> Both the automatic update mechanism and manually triggering "Update
extensions now" in chrome://extensions/ don't work.
> 
> The raw Chromium build from https://download-chromium.appspot.com/ is
able to update the extensions.

I can confirm this behaviour.

Joachim
-- 

Joachim “nomeata” Breitner
Debian Developer
  nome...@debian.org • https://people.debian.org/~nomeata
  XMPP: nome...@joachim-breitner.de • GPG-Key: 0xF0FBF51F
  https://www.joachim-breitner.de/

signature.asc
Description: This is a digitally signed message part

Bug#527932: 0.4.5 released

2016-10-24 Thread Gianfranco Costamagna

control: fixed -1 0.5.2-0.2
control: close -1

> 
> 0.4.5 was released Apr 10th:

in experimental :)

G.



signature.asc
Description: OpenPGP digital signature

Bug#841974: libguestfs-tools: Appliance get stuck

2016-10-24 Thread Hilko Bengen

Control: reassign -1 qemu
Control: forcemerge -1 840853

* Laurent Bigonville:

> When running libguestfs-test-tool (and also from virt-manager) the
> appliance get stuck at some point.

Thank you for diagnosing the bug. You are right, linuxboot_dma.bin is
missing, this is a problem in qemu.

Cheers,
-Hilko

Bug#712228: fun with sudden pie

2016-10-24 Thread Clint Adams

Control: severity 712228 serious

In theory this is fixed with 8.0.1-6, but who knows?

Bug#841983: haskell-cryptonite: Fix alignment of blocks in sha3_update()

2016-10-24 Thread Steve Langasek

On Tue, Oct 25, 2016 at 12:08:12AM +, Clint Adams wrote:
> On Mon, Oct 24, 2016 at 05:01:26PM -0700, Steve Langasek wrote:
> > In Ubuntu, we've observed a build failure of haskell-cryptonite on armhf
> > owing to the fact that our armhf builders run on an arm64 kernel which
> > raises SIGBUS on unaligned access.  While most of the hash implementations
> > have compatible alignment assumptions, SHA3 uses 64-bit blocks, which
> > triggers this problem.

> Should this go upstream as well?

I would think so, yes.

Thanks,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Bug#816759: minissdpd: CVE-2016-3178 CVE-2016-3179

2016-10-24 Thread James Cowgill

Control: tags -1 pending

Hi,

I have uploaded the attached NMU to fix this bug. It was mostly based on
the fix already present in wheezy-lts (the CVE patches are identical).
I've done some basic testing of the patches and it fixes the buffer
overflow which can be triggered as described earlier in the bugreport.

I'll see what I can do about fixing this in jessie as well.

Thanks,
James
diff -Nru minissdpd-1.2.20130907/debian/changelog 
minissdpd-1.2.20130907/debian/changelog
--- minissdpd-1.2.20130907/debian/changelog 2016-07-13 19:12:39.0 
+0100
+++ minissdpd-1.2.20130907/debian/changelog 2016-10-24 08:54:59.0 
+0100
@@ -1,3 +1,15 @@
+minissdpd (1.2.20130907-3.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759)
+The minissdpd daemon contains a improper validation of array index
+vulnerability (CWE-129) when processing requests sent to the Unix
+socket at /var/run/minissdpd.sock the Unix socket can be accessed
+by an unprivileged user to send invalid request causes an
+out-of-bounds memory access that crashes the minissdpd daemon.
+
+ -- James Cowgill   Mon, 24 Oct 2016 08:54:59 +0100
+
 minissdpd (1.2.20130907-3.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru minissdpd-1.2.20130907/debian/patches/CVE-2016-3178.patch 
minissdpd-1.2.20130907/debian/patches/CVE-2016-3178.patch
--- minissdpd-1.2.20130907/debian/patches/CVE-2016-3178.patch   1970-01-01 
01:00:00.0 +0100
+++ minissdpd-1.2.20130907/debian/patches/CVE-2016-3178.patch   2016-10-24 
08:54:59.0 +0100
@@ -0,0 +1,95 @@
+Description: Fix CVE-2016-3178
+ buffer overflow while handling negative length request
+Author: Salva Peiró 
+Origin: upstream, 
https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
+Bug-Debian: https://bugs.debian.org/816759
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/minissdpd.c
 b/minissdpd.c
+@@ -555,7 +555,7 @@ void processRequest(struct reqelem * req
+   type = buf[0];
+   p = buf + 1;
+   DECODELENGTH_CHECKLIMIT(l, p, buf + n);
+-  if(p+l > buf+n) {
++  if(l > (unsigned)(buf+n-p)) {
+   syslog(LOG_WARNING, "bad request (length encoding)");
+   goto error;
+   }
+@@ -661,7 +661,7 @@ void processRequest(struct reqelem * req
+   goto error;
+   }
+   DECODELENGTH_CHECKLIMIT(l, p, buf + n);
+-  if(p+l > buf+n) {
++  if(l > (unsigned)(buf+n-p)) {
+   syslog(LOG_WARNING, "bad request (length encoding)");
+   goto error;
+   }
+@@ -679,7 +679,7 @@ void processRequest(struct reqelem * req
+   newserv->usn[l] = '\0';
+   p += l;
+   DECODELENGTH_CHECKLIMIT(l, p, buf + n);
+-  if(p+l > buf+n) {
++  if(l > (unsigned)(buf+n-p)) {
+   syslog(LOG_WARNING, "bad request (length encoding)");
+   goto error;
+   }
+@@ -697,7 +697,7 @@ void processRequest(struct reqelem * req
+   newserv->server[l] = '\0';
+   p += l;
+   DECODELENGTH_CHECKLIMIT(l, p, buf + n);
+-  if(p+l > buf+n) {
++  if(l > (unsigned)(buf+n-p)) {
+   syslog(LOG_WARNING, "bad request (length encoding)");
+   goto error;
+   }
+--- a/testminissdpd.c
 b/testminissdpd.c
+@@ -45,6 +45,23 @@ void printresponse(const unsigned char *
+ #define SENDCOMMAND(command, size) write(s, command, size); \
+   printf("Command written type=%u\n", (unsigned)command[0]);
+ 
++int connect_unix_socket(const char * sockpath)
++{
++  int s;
++  struct sockaddr_un addr;
++
++  s = socket(AF_UNIX, SOCK_STREAM, 0);
++  addr.sun_family = AF_UNIX;
++  strncpy(addr.sun_path, sockpath, sizeof(addr.sun_path));
++  if(connect(s, (struct sockaddr *), sizeof(struct sockaddr_un)) < 
0) {
++  fprintf(stderr, "connecting to %s : ", addr.sun_path);
++  perror("connect");
++  exit(1);
++  }
++  printf("Connected to %s\n", addr.sun_path);
++  return s;
++}
++
+ /* test program for minissdpd */
+ int
+ main(int argc, char * * argv)
+@@ -52,6 +69,7 @@ main(int argc, char * * argv)
+   char command1[] = 
"\x01\x00urn:schemas-upnp-org:device:InternetGatewayDevice";
+   char command2[] = 
"\x02\x00uuid:fc4ec57e-b051-11db-88f8-0060085db3f6::upnp:rootdevice";
+   char command3[] = { 0x03, 0x00 };
++const char bad_command4[] = { 0x04, 0x01, 0x60, 0x8f, 0xff, 0xff, 
0xff, 0x7f};
+   struct sockaddr_un addr;
+   int s;
+   int i;
+@@ -89,6 +107,15 @@ main(int argc, char * * argv)
+   n = read(s, buf, sizeof(buf));
+   printf("Response received %d bytes\n", (int)n);

Bug#841977: libomxil-bellagio0: binaries shipped in shared library package

2016-10-24 Thread Andreas Cadhalpun

Package: libomxil-bellagio0
Version: 0.9.3-3
Severity: serious
Justification: Debian Policy section 8.2

Dear Maintainer,

libomxil-bellagio0 includes binaries and manual pages:
 * /usr/bin/omxregister-bellagio
 * /usr/bin/omxregister-bellagio-0
 * /usr/share/man/man1/omxregister-bellagio.1.gz
 * /usr/share/man/man1/omxregister-bellagio-0.1.gz

These filenames are not versioned. After a soname bump, the new
library package will thus conflict with libomxil-bellagio0.
Such behavior is forbidden by Debian Policy section 8.2:
"If your package contains files whose names do not change with each
change in the library shared object version, you must not put them
in the shared library package. Otherwise, several versions of the
shared library cannot be installed at the same time without filename
clashes, making upgrades and transitions unnecessarily difficult."

Also libomxil-bellagio0 runs omxregister-bellagio upon installation,
which means it is not installable on a foreign architecture.

Best regards,
Andreas

Bug#841863: transition: nvidia-cuda-toolkit

2016-10-24 Thread Emilio Pozuelo Monfort

Control: tags -1 confirmed

On 24/10/16 12:20, Graham Inggs wrote:
> On 24/10/16 00:04, Emilio Pozuelo Monfort wrote:
>> On 23/10/16 23:54, Andreas Beckmann wrote:
>>> Rdepends as I remember them (coccia is currently missing dak due to the
>>> ongoing ftp-master move):
>>>
>>> eztrace-contrib
>>> hwloc-contrib
>>> starpu-contrib
>>> pycuda
>>
>> Do they build fine with CUDA 8.0?
> 
> The nvidia-cuda-toolkit 8.0 transition was done in Ubuntu recently.
> 
> eztrace-contrib 1.1-5-1 - no changes needed
> hwloc-contrib 1.11.3-2 - no changes needed
> starpu-contrib 1.1.4+dfsg-6 - not in testing due to #837911,
> 1.2.0+dfsg-1 is in NEW with a fix.  Ubuntu's 1.1.5-0 needed no
> changes.
> pycuda 2016.1.2+git20160809-1 - included patch from upstream (attached)

OK, go ahead.

Cheers,
Emilio

Bug#841911: transition: pari

2016-10-24 Thread Emilio Pozuelo Monfort

Hi,

On 24/10/16 13:44, Bill Allombert wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> Dear release team, I would like to upgrade PARI to the upcoming 2.9.0
> stable version, which bump the soname of libpari-gmp-tls4 to
> libpari-gmp-tls5.
> 
> libpari-gmp-tls5 is in the NEW queue.
> 
> There are very few packages that build against libpari (I found only
> two: lcalc and eclib).

Do they build against the new version?

Cheers,
Emilio

Bug#841981: nodejs should recommend ca-certificates

2016-10-24 Thread Daniel Lo Nigro

>
> Apart from that, is there a good reason to use Recommend instead of Depend
> ?


I'm not sure. wget and libcurl3-gnutls both "Recommend" rather than
"Depend" on ca-certificates. I think it's because wget still mostly works
without it, it's just TLS/SSL connections that fail. Node.js behaves the
same way, all of Node.js works without ca-certificates except for TLS
connections.

Bug#841916: Acknowledgement (locales: Fix for #663203 introduced problems to the date_fmt for en_AU locale)

2016-10-24 Thread Kevin Pulo

In the meantime, a workaround is to edit /usr/share/i18n/locales/en_AU
to adjust date_fmt appropriately, and then run

localedef -f UTF-8 -i en_AU en_AU.UTF-8

as root.

Without root, the procedure is (something like) take a copy of
/usr/share/i18n/locales/en_AU, edit it, run

localedef -f UTF-8 -i ./en_AU ~/locales/en_AU.UTF-8

and then set $LOCPATH to ~/locales.

Kev

Bug#841499: uscan: support searching in multiple directories for matching files

2016-10-24 Thread Paul Wise

On Tue, 2016-10-25 at 01:54 +0900, Osamu Aoki wrote:

> If we do not do this, we need to loop over scanning many pages... Not a
> good idea.  Can you think of non-invasive change?

As I said in the original bug report, scan each directory in descending
order of version until at least one file was found. 

In the normal case this change will not change the behaviour of uscan
at all since a file will be matched on the first directory.

Only in watch files where uscan fails to find a file in the first
directory will my proposal change the behaviour.

For the most common case (RCs in the first directory and releases in
the second), uscan will only download one extra page.

For the cases where the file part of the regex does not match any file
in any subdirectory, we can limit it to 5 requests by default, with a
0.5 second delay between them to reduce impact.

> How about scanning https://cmake.org/download/

That is only a workaround for this uscan flaw.

> Most HTTP site has this kind of page.

I've encountered a number of cases over the years on mentors IRC and
other places where this wasn't possible.

The cmake one and most others only show the latest release, which means
that I can't use uscan to download a particular version.

> I think complicating page scanning mechanism

It isn't much of a complication at all really:

On error, if we scanned a directory, go back and scan the next
directory. Possibly with a configurable limit of scanned dirs.

> FTP

FTP has nothing to do with this issue, why do you mention it?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

signature.asc
Description: This is a digitally signed message part

Bug#841982: ssh: Allow StrictModes inside a Match User block

2016-10-24 Thread Peter Chubb

Package: ssh
Version: 1:6.7p1-5+deb8u3
Severity: wishlist

Dear Maintainer,

It'd be really nice to be able to turn StrictModes off in sshd_config only 
for particular users.  But currently, StrictModes is not permitted inside 
a Match User block.

-- System Information:
Debian Release: 8.5
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages ssh depends on:
ii  dpkg1.17.27
ii  openssh-client  1:6.7p1-5+deb8u3
ii  openssh-server  1:6.7p1-5+deb8u3

ssh recommends no packages.

ssh suggests no packages.

-- no debconf information

Bug#527932: [Pkg-lirc-maint] Bug#527932: 0.4.5 released

2016-10-24 Thread Alec Leamas




On 24/10/16 23:22, Gianfranco Costamagna wrote:

control: fixed -1 0.5.2-0.2
control: close -1



0.4.5 was released Apr 10th:


But not this year:

* Fri Apr 10 2009 Ján ONDREJ (SAL)  - 0.4.5-1


--a

Bug#841877: Don't recommend contacting base-passwd maintainer for dynamic UIDs

2016-10-24 Thread Russ Allbery

Colin Watson  writes:
> On Sun, Oct 23, 2016 at 08:00:23PM -0700, Sean Whitton wrote:

>> Policy section "Permissions and owners" probably shouldn't recommend
>> contacting the base-passwd maintainer when selecting a username for a
>> dynamically-allocated UID created by a postinst maintscript.  It should
>> continue to recommend contacting the base-passwd maintainer when the
>> postinst script needs to create a static UID.

> I (obviously) agree.  How about this patch?  I'm seeking seconds for
> this proposal.

> diff --git a/policy.sgml b/policy.sgml
> index 9cd182b..ab4f736 100644
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -9610,9 +9610,7 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
> that a dynamically allocated id can be used.  In this case
> you should choose an appropriate user or group name,
> discussing this on debian-devel and checking
> -   with the  -   they do not wish you to use a statically allocated id
> -   instead.  When this has been checked you must arrange for
> +   that it is unique.  When this has been checked you must arrange for
> your package to create the user or group if necessary using
> adduser in the preinst or
> postinst script (again, the latter is to be

Seconded.

-- 
Russ Allbery (r...@debian.org)

Bug#841981: nodejs should recommend ca-certificates

2016-10-24 Thread Jérémy Lal

2016-10-25 0:26 GMT+02:00 Daniel Lo Nigro :

> Package: nodejs
> Version: 4.6.0~dfsg-2
> Severity: normal
>
> Dear Maintainer,
>
> When CA certificates are not available, Node.js scripts that try to
> connect to remote servers using TLS/SSL fail with "Error: unable to get
> local issuer certificate".
>
> Other packages that rely on TLS (such as wget and libcurl3-gnutls)
> recommend the ca-certificates package, so nodejs should probably also do
> this.
>
>
This is a mistake - nodejs-dev got the dependency instead of nodejs.

Apart from that, is there a good reason to use Recommend instead of Depend ?

Jérémy

Bug#841978: ITP: opcua-client-gui -- simple OPC-UA GUI client

2016-10-24 Thread W. Martin Borgert

Package: wnpp
Severity: wishlist
Owner: "W. Martin Borgert" 

* Package name: opcua-client-gui
  Version : 0.4.5
  Upstream Author : Olivier Roulet-Dubonnet 
* URL : https://github.com/FreeOpcUa/opcua-client-gui
* License : GPL3
  Programming Lang: Python
  Description : simple OPC-UA GUI client

Basic functionalities are implemented including subscribing for
data changes and events, write variable values, listing attributes
and references.

Note: This program depends on opcua-widgets
(https://github.com/FreeOpcUa/opcua-widgets).

Bug#719330: [Debian-science-sagemath] Jmol transition?

2016-10-24 Thread Ximin Luo

OK, I've figured it out. You can build everything from scratch, like this:

1. Build and install java2script:

https://github.com/infinity0/java2script/blob/j2s-eclipse-3.8/Makefile

2. SVN clone the following:

# 14.6.4_2016.10.23
svn://svn.code.sf.net/p/jmol/code/trunk/Jmol@21227
svn://svn.code.sf.net/p/jspecview/svn/dev2/JSpecView@1735
svn://svn.code.sf.net/p/jspecview/svn/dev2/JSpecViewLib@1735
svn://svn.code.sf.net/p/jsmol/code/trunk@926 JSmol

(We'll need upstream's co-operation to automate this part for future releases; 
ATM I have to figure out the correct revisions myself.)

3. Then:

cd JSpecViewLib && ant
cd JSpecView && ant make-application-jar
cd Jmol && ant
cd JSmol && ant -f build_11_fromjmol.xml
cd JSmol && ant -f build_12_fromjspecview.xml
eclipse -nosplash -application net.sf.j2s.ui.cmdlineApi -cmd build 
-path $$PWD/JSmol
cd JSmol && ant -f build_13_tojs.xml
cd Jmol && ant all

To properly package this for Debian we'll have to also replace the bundled 
jars/zips/tar.gzs but this is a much more straightforward task and the existing 
packaging already does quite a lot of this.

We do have an ugly build-dependency on Eclipse (incredibly out-of-date in 
Debian), but that can't be helped.

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

Bug#834857: [Pkg-nagios-devel] Bug#834857: nagios-nrpe: please make the build reproducible

2016-10-24 Thread Chris Lamb

Hi Alexander,

> oh there were several people unhappy with my decisions that thought they
> would make a better maintainer. Therefore I gave up on it but none of them
> ever did anything on the package. Someone (not me) should probably ask for
> removal, I don't want another personal shitstorm on me. 

Sorry to hear that. I'll leave this with you folks.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#834988: twitter-bootstrap3: please make the build reproducible

2016-10-24 Thread Chris Lamb

Antonio Terceiro wrote:

> Unfortunately this patch does not fix the issue as the file it changes
> is not actually used in the Debian build.

Interesting. Could you elaborate? I would have tested it at the time, I
would hope!

Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#841981: nodejs should recommend ca-certificates

2016-10-24 Thread Daniel Lo Nigro

Package: nodejs
Version: 4.6.0~dfsg-2
Severity: normal

Dear Maintainer,

When CA certificates are not available, Node.js scripts that try to connect to 
remote servers using TLS/SSL fail with "Error: unable to get local issuer 
certificate".

Other packages that rely on TLS (such as wget and libcurl3-gnutls) recommend 
the ca-certificates package, so nodejs should probably also do this.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (750, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-openvz-042stab108.8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nodejs depends on:
ii  libc62.23-4
ii  libgcc1  1:6.1.1-10
ii  libicu57 57.1-2
ii  libssl1.0.2  1.0.2h-1
ii  libstdc++6   6.1.1-10
ii  libuv1   1.9.1-1
ii  zlib1g   1:1.2.8.dfsg-2+b1

nodejs recommends no packages.

nodejs suggests no packages.

-- no debconf information

Bug#841986: RFP: pytmx -- pytmx is a map loader for python/pygame designed for games.

2016-10-24 Thread shirish शिरीष

Package: wnpp
Severity: wishlist

* Package name: pytmx
  Version : 3.20
  Upstream Author : bitcraft 
* URL : https://github.com/bitcraft/PyTMX
* License : LGPL3
  Programming Lang: Python
  Description : pytmx is a map loader for python/pygame designed for games

 It provides smart tile loading with a fast and efficient storage
base. Not only does it correctly handle most Tiled object types, it
also will load metadata for them so you can modify your maps and
objects in Tiled instead of modifying your source code.

New support for pysdl2 and pyglet! Check it out!

Because PyTMX was built with games in mind, it differs slightly from
Tiled in a few minor aspects:

Layers not aligned to the grid are not supported.
Some object metadata attribute names are not supported (see
"Reserved Names")

PyTMX strives to balance performance and flexibility. Feel free to use
the classes provided in pytmx.py as superclasses for your own maps, or
simply load the data with PyTMX and copy the data into your own
classes with the api.

There is no save feature. Once the map is loaded, it will be up to you
to provide a way to save changes to the map. I've used the pickle
module with good results.

I need to clarify a few things:

pytmx is not a rendering engine
pytmx is not the Tiled Map Editor

This is used by a game I wanna play https://github.com/dulsi/Tuxemon .
The library/map loader could either be maintained by the games team
or/and the python-maintainers or python-modules-maintainers team.
Either of the above may be a good fit.

-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#837374: opendkim: opendkim.service.generate may alter opendkim.service

2016-10-24 Thread Scott Kitterman

On Monday, October 24, 2016 11:43:58 PM you wrote:
> On Mon, Oct 24, 2016 at 02:03:57PM -0400, Scott Kitterman wrote:
> > Unfortunately, systemd doesn't support a broad enough set of options to
> > properly support /etc/default with a static service file.  It only changes
> > the file if the administrator has changed the /etc/default file, so I
> > think this is OK.
> 
> The proper way to dynamically generate a systemd unit is a generator:
> 
> https://www.freedesktop.org/software/systemd/man/systemd.generator.html
> 
> However, if every Debian package implemented its own generator script
> to support full customization via the sysvinit default files, rather
> than suggesting override files in /etc/systemd/system/.d/,
> we would converge to the same mess as with sysvinit scripts before.
> 
> I will follow up asking the Debian systemd maintainers for advice,
> since the question of default files is relevant for many packages.

Generating it in the postinst is what I plan on doing, although I don't think 
the systemd facilities for doing so are sufficient.  I wouldn't mind finding 
out I'm wrong.  

As long as Debian is supporting both sysvinit and systemd, I don't think the 
package should change behavior when the init system is changed.  That means 
reading /etc/default, so I'll be interested to see what you find out.

Scott K

Bug#841990: dgit: source package not included in changes file with --gbp

2016-10-24 Thread Sean Whitton

Package: dgit
Version: 2.7
Severity: normal

`dgit --gbp build` and `dgit gbp-build` fail to include the source
package in the changes file.  Sample output:

hephaestus ~/src/classic-theme-restorer % dgit --gbp build
Format `3.0 (quilt)', need to check/update patch stack
examining quilt state (multiple patches, gbp mode)
dgit: split brain (separate dgit view) may be needed (--quilt=gbp).
dgit view: found cached (commit id b74de7acfc128939674bd8efbc51f72c79d095b6)
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building classic-theme-restorer using existing 
./classic-theme-restorer_1.5.8.1.orig.tar.xz
dpkg-source: info: building classic-theme-restorer in 
classic-theme-restorer_1.5.8.1-1.debian.tar.xz
dpkg-source: info: building classic-theme-restorer in 
classic-theme-restorer_1.5.8.1-1.dsc
changelog will contain changes since 1.5.8-1
dpkg-genchanges: info: including full source code in upload

dgit: Building, or cleaning with rules target, in patches-unapplied tree.
dgit: Have to apply the patches - making the tree dirty.
dgit: (Consider specifying --clean=git and (or) using dgit sbuild.)

dpkg-source: info: applying patch-README-for-Debian.patch
dpkg-buildpackage: info: source package classic-theme-restorer
dpkg-buildpackage: info: source version 1.5.8.1-1
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Sean Whitton 

 dpkg-source -i\.git/ -I.git --before-build classic-theme-restorer
dpkg-buildpackage: info: host architecture i386
 debian/rules build
[elided]
dpkg-deb: building package 'xul-ext-classic-theme-restorer' in 
'../xul-ext-classic-theme-restorer_1.5.8.1-1_all.deb'.
 dpkg-genchanges --build=any,all -v1.5.8-1 
>../classic-theme-restorer_1.5.8.1-1_i386.changes
dpkg-genchanges: info: binary-only upload (no source code included)
 dpkg-source -i\.git/ -I.git --after-build classic-theme-restorer
dpkg-source: info: unapplying patch-README-for-Debian.patch
dpkg-buildpackage: info: binary-only upload (no source included)
dgit: Unapplying patches again to tidy up the tree.
dgit ok: build successful

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.5.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dgit depends on:
ii  ca-certificates   20160104
ii  coreutils 8.25-2
ii  curl  7.50.1-1
ii  devscripts2.16.8
ii  dpkg-dev  1.18.10
ii  dput  0.10.3
ii  git [git-core]1:2.9.3-1
ii  git-buildpackage  0.8.5
ii  libdpkg-perl  1.18.10
ii  libjson-perl  2.90-1
ii  liblist-moreutils-perl0.416-1+b1
ii  libperl5.24 [libdigest-sha-perl]  5.24.1~rc3-3
ii  libtext-iconv-perl1.7-5+b4
ii  libwww-perl   6.15-1
ii  perl  5.24.1~rc3-3

Versions of packages dgit recommends:
ii  openssh-client [ssh-client]  1:7.3p1-1

Versions of packages dgit suggests:
ii  sbuild  0.71.0-2

-- no debconf information

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#837374: opendkim: opendkim.service.generate may alter opendkim.service

2016-10-24 Thread Scott Kitterman

On Saturday, September 10, 2016 10:56:16 PM Peter Colberg wrote:
> Package: opendkim
> Version: 2.10.3-5
> Severity: important
> 
> Dear Maintainer,
> 
> The opendkim systemd service executes as part of ExecStartPre a script
> that potentially alters /lib/systemd/system/opendkim.service whenever
> /etc/default/opendkim changes. This breaks the verification of the
> package contents using, for instance, debsums.
> 
> Could you please ship a static systemd unit using EnvironmentFile?
> 
> Instead of $EXTRAAFTER, you could suggest the following to users:
> 
> ~~~
> If you are using OpenDKIM with SQL datasets it might be necessary to start
> OpenDKIM after the database servers. For example, if using both MariaDB and
> PostgreSQL, run "systemctl edit opendkim.service" and add the following:
> 
> [Unit]
> After=mariadb.service postgresql.service
> ~~~

Actually I think I have a reasonable solution for this.

Scott K

Bug#837374: opendkim: opendkim.service.generate may alter opendkim.service

2016-10-24 Thread Scott Kitterman

On Saturday, September 10, 2016 10:56:16 PM Peter Colberg wrote:
> Package: opendkim
> Version: 2.10.3-5
> Severity: important
> 
> Dear Maintainer,
> 
> The opendkim systemd service executes as part of ExecStartPre a script
> that potentially alters /lib/systemd/system/opendkim.service whenever
> /etc/default/opendkim changes. This breaks the verification of the
> package contents using, for instance, debsums.
> 
> Could you please ship a static systemd unit using EnvironmentFile?
> 
> Instead of $EXTRAAFTER, you could suggest the following to users:
> 
> ~~~
> If you are using OpenDKIM with SQL datasets it might be necessary to start
> OpenDKIM after the database servers. For example, if using both MariaDB and
> PostgreSQL, run "systemctl edit opendkim.service" and add the following:
> 
> [Unit]
> After=mariadb.service postgresql.service

Unfortunately, systemd doesn't support a broad enough set of options to 
properly support /etc/default with a static service file.  It only changes the 
file if the administrator has changed the /etc/default file, so I think this 
is OK.

Scott K

Bug#837375: opendkim: create group-accessible runtime directory

2016-10-24 Thread Scott Kitterman

On Saturday, September 10, 2016 11:00:49 PM Peter Colberg wrote:
> Source: opendkim
> Version: 2.10.3-5
> Severity: normal
> 
> Dear Maintainer,
> 
> The permissions of /var/run/opendkim are set to 0700, which prohibits
> users belonging to the group "opendkim" from accessing the unix socket.
> 
> Instead of using custom ExecStartPre stanzes, you can create the
> temporary directory using systemd-tmpfiles by shipping a file
> /etc/tmpfiles.d/opendkim.conf that contains the following line:
> 
> d /var/run/opendkim 0710 opendkim opendkim - -

I extended the current method rather than do this so that changing the values 
in /etc/default still works.  Thanks for the report.

Scott K

Bug#837177: icedove: the feed url could not be found

2016-10-24 Thread Carsten Schoenert

Hello Jens,

On Mon, Oct 24, 2016 at 10:22:58PM +0200, Jens Reyer wrote:
> Hi again,
> 
> I again had issues subscribing to a feed getting only the meaningless
> error message "The Feed URL could not be found. Please check the name
> and try again".
> 
> So I tested a new version of the patches from the upstream bug: now I
> got a meaningful error message ("[URL] uses an invalid security
> certificate.") and was offered to add a security certificate
> exception. Problem solved.
> 
> The changes have been committed upstream by now (Target Milestone:
> Thunderbird 52.0).

thanks for figuring out and adding additional information to thisd bug
report.
I'm currently unsure if we will fins to include this upstream changes
into the next uploads as we are preparing the switch back to thunderbird
packages. The plan is to serve Thunderbird packages for the Stretch
release.

Regards
Carsten

Bug#841992: reboot-notifier: Blacklist packages

2016-10-24 Thread Charles Atkinson

Package: reboot-notifier
Version: 0.5~bpo8+1
Severity: wishlist

Dear Maintainer,

Please consider adding a feature to blacklist packages so reboot-notifier 
does not notify reboot required for those packages.

The use case is a Xen server which may have several kernel packages for use by
itself and its DomUs.  Only when the kernel it is using is upgraded is a reboot
required.  It would be nice to be able to configure reboot-notifier with a list
of packages (in this case, kernels) which is should not notify about.

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages reboot-notifier depends on:
ii  bsd-mailx [mailx]   8.1.2-0.20141216cvs-2
ii  postfix [mail-transport-agent]  2.11.3-1

reboot-notifier recommends no packages.

reboot-notifier suggests no packages.

-- Configuration Files:
/etc/cron.daily/reboot-notifier changed [not included]

-- no debconf information

1 2 3 4 >

1 - 100 of 351 matches

Mail list logo