Bug#848103: ibm-3270: move from non-free to main

[Paul Wise]

Control: retitle -1 ibm-3270: move from non-free to main

On Wed, 2016-12-14 at 15:12 +0800, Paul Wise wrote:

> Also, I can't find anything non-free in the licenses, should this
> package move from non-free to main?

As discussed with waldi on IRC, Bug #388691 indicates that the GTRC
license is the only problematic license. The package has been
relicensed to a BSD license in version 3.3.9ga11, two versions after
the move from main to non-free in 3.3.7p2-1. I can't find any mention
of the problematic public use license in the current version of ib-3270 
in Debian, 3.3.14ga11-1. Everything looks 3-clause BSD licensed now.

http://x3270.bgp.nu/documentation-relnotes.html

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#729656: Bug

[Petter Reinholdtsen]

Control: retitle -1 openscap: oscap fail with "get_runlevel failed"
Control: found -1 0.9.12-1

Hm, look like this issue was misclassified in the Debian but tracker.  Sorry
about that.  It should not be classified correctly.

[ ??  2013-11-15 ]
>  When I run oscap tool to check the definition with the runlevel_test, I'll
> take the error in a runlevel_object: "get_runlevel failed".But, when I run
> the same definition in another program(jovaldi), the runlevel_object
> produces normal values.The expected result (in the oscap) is "true".
> The received result is "error". 
> I am using Debian 7.2, perl 5.18.1-4, kernel 3.2.0-4-amd64 and libc6 2.17-95.
> The example of definition which can show the error in attached file.

Do you still experience this problem?

When you mention jovaldi, are you talking about http://jovalcm.com/ >?
I was unable to find jovaldi in Debian, and there were many hits in the web
search engines.

-- 
Happy hacking
Petter Reinholdtsen

Bug#848110: openssh-server: Please add a note in the sshd_config file that UsePAM must be set to yes with systemd/logind

[Laurent Bigonville]

Package: openssh-server
Version: 1:7.3p1-5
Severity: normal

Hi,

In regard to bug #751636, shouldn't a warning be added in the
sshd_config file above the UsePAM parameter that it needs to be set to
"yes" (and have pam_systemd in the stack) otherwise it could cause some
issues?

Regards,

Laurent Bigonville

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#842794: autopkgtests fail (since perl 5.24?): Failed test 'Testing vcf-fix-ploidy .. cat ...

[Andreas Tille]

Hi,

On Tue, Nov 01, 2016 at 11:05:02AM +, Iain Lane wrote:
> I noticed in Ubuntu, where we run autopkgtests as part of britney
> migration, that vcftools fails now. You can see on ci.debian.net[0]
> 
> > not ok 26 - Testing vcf-fix-ploidy .. cat fix-ploidy.vcf | perl -I../. 
> > -MVcf /usr/bin/vcf-fix-ploidy -s fix-ploidy.samples -p fix-ploidy.txt 
> > 2>/dev/null | vcf-query -f '%POS[\t%SAMPLE %GTR %PL]\n'
> > #   Failed test 'Testing vcf-fix-ploidy .. cat fix-ploidy.vcf | perl -I../. 
> > -MVcf /usr/bin/vcf-fix-ploidy -s fix-ploidy.samples -p fix-ploidy.txt 
> > 2>/dev/null | vcf-query -f '%POS[\t%SAMPLE %GTR %PL]\n''
> > #   at ./test.t line 452.
> > # Structures begin differing at:
> > #  $got->[0] = '61098   M1 0/1 0,9,72,5,6,7 M2 0/0 
> > 0,15,140,5,6,7   F3 1 147,0,5F4 0 0,131,5M5 0/0 0,9,83,5,6,7 M6 
> > 0/0 0,6,56,5,6,7
> > # '
> > # $expected->[0] = '61098   M1 0 0,9,72,5,6,7   M2 0 0,15,140,5,6,7 
> > F3 1/1 147,0,5  F4 0/0 0,131,5  M5 0 0,9,83,5,6,7   M6 0 
> > 0,6,56,5,6,7
> > # '

Since the bug is menitoning the Perl version bump I wonder whether the
perl team would have an explanation / fix for the issue.

Kind regards

Andreas.
 
> [0] 
> https://ci.debian.net/data/packages/unstable/amd64/v/vcftools/20161028_112724.autopkgtest.log.gz

-- 
http://fam-tille.de

Bug#848111: opendnssec-enforcer-mysql: fails to upgrade from 'jessie': dpkg-maintscript-helper: error: conffile 'conf.xml' is not an absolute path

[Andreas Beckmann]

Package: opendnssec-enforcer-mysql
Version: 1:2.0.3-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'jessie'.
It installed fine in 'jessie', then the upgrade to 'stretch' fails.

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../opendnssec-enforcer-mysql_1%3a2.0.3-2_amd64.deb ...
  Unpacking opendnssec-enforcer-mysql (1:2.0.3-2) over (1:1.4.6-6) ...
  dpkg-maintscript-helper: error: conffile 'conf.xml' is not an absolute path
  dpkg: warning: subprocess old post-removal script returned error exit status 1
  dpkg: trying script from the new package instead ...
  dpkg: error processing archive 
/var/cache/apt/archives/opendnssec-enforcer-mysql_1%3a2.0.3-2_amd64.deb 
(--unpack):
   there is no script in the new version of the package - giving up
  dpkg-maintscript-helper: error: conffile 'conf.xml' is not an absolute path
  dpkg: error while cleaning up:
   subprocess installed pre-installation script returned error exit status 1


Looking at the maintainer scripts in jessie, the offending code is:

for conffile in conf kasp zonefetch zonelist; do
for ext in xml xml.sample; do
dpkg-maintscript-helper rm_conffile ${conffile}.${ext} 1.2.1.dfsg-1 -- 
"$@"
done
done

That could never have worked, these old files were never cleaned up.
Just dpkg in stretch got more strict and reports an error about it now.

Either reinstate that code (with correct paths and a bumped version),
s.t. the cleanup is attempted again or ship a dummy empty prerm script
in the package.


cheers,

Andreas


opendnssec-enforcer-mysql_1:2.0.3-2.log.gz
Description: application/gzip

Bug#729851: Update on packaging status

[Laurent Bigonville]

On Thu, 09 Jul 2015 20:33:28 +0530 Vasudev Kamath 
 wrote:

>
> Hi,

Hi,

>
> Sorry for updating the bug log this late, Since I was tied up with
> personal life and other work I couldn't update the bug log.
>
> This package is already done, and is at ¹ Since I had used CDBS for
> packaging I couldn't get a review from pkg-ime team member and after
> that I got busy with personal life and forgot about the package.
>
> So if any one wants to take up the packaging feel free to do so from
> pkg-ime repository. If you are unfamiliar with CDBS feel free to convert
> it to dh style. Also please drop me from uploaders field as I won't be
> able to do the maintenance of the package.
>
> ¹http://anonscm.debian.org/cgit/pkg-ime/ibus-typing-booster.git/
>
> Best Regards

Are there anyplans in the ime team to update the packaging of 
ibus-typing-booster?


Apparently it allows to add some nice features in GNOME3 
https://fedoramagazine.org/using-favorite-emoji-fedora-25/

Bug#824912: tracker.d.o: add an API for action items

[Raphael Hertzog]

Hi,

On Tue, 13 Dec 2016, efkin wrote:
> so my next questions are:
> 
> * should we create a dedicated app for the API (called "api")?

No opinion. I guess it depends if we want to make the API optional
in the deployment.

> * should we change the title of the issue or take it as it is and use it
> as an snowpiercer for the API development?

I would say that #756028 would likely be the best place to discuss the API
in general.

> * is it better to discuss these things on irc and then copy-paste on this
> thread?

If we discuss on IRC it's always good to make a summary by email, yes.
Then it's also possible to have the whole conversation over email.

> * i saw that the actual view design patterns are to use mainly CBV,
> should we go for coherence with this pattern in the API?

Use whatever works best for the task at hand. CBV are fine in general.

> * as this task can take some commits, is it okay to clone in my gitlab
>   acocunt and then choose from there relevant commits or can i have push
>   access to a specific branch or is it just okay for the QA Team to
>   handle patches by email?

If you contribute regularly, I would certainly welcome if you had
your own repository that I can merge from. That said I like to
have patches by email so that I can review and comment just by
reading and responding.

You could have access to the repository on alioth.debian.org,
but you would need to join the qa project. I'm not opposed to that
but I would rather wait until you have contributed a bit more
and until I know you a bit more as well.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Bug#829380: Orthanc 1.2.0

[Karsten Hilbert]

On Wed, Dec 14, 2016 at 06:49:20AM +0100, Sébastien Jodogne wrote:

> This issue is very low priority wrt. my TODO list for the upstream project.

Understandable.

> Anyone is obviously welcome to help me and contribute by packaging this
> script into the orthanc Debian package.

...

> Le 14 déc. 2016 06:42, "Andreas Tille"  a écrit :

> Do you plan to provide any upgrade script as it was asked for in
> 
>https://bugs.debian.org/829380

Actually, that bug report did not simply _ask_ for a script
but also provided a concrete suggestion which I hoped would
be looked at, obvious errors pointed out so I can fix them,
and then included in one of the next versions.

Well, once Orthanc 1.2 shows up in my sources.lst I will test
the suggested script and report back. Since I don't assume
Orthanc 1.1 -> 1.2 to actually need a database upgrade (?) I
expect the script to gracefully do nothing. If that's so I'll
confirm this here and hope to get the script included in the
debian git tree.

Karsten
-- 
GPG key ID E4071346 @ eu.pool.sks-keyservers.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346

Bug#838495: marked as done (RFS: python-cartopy/0.14.2+dfsg1-1 [ITP])

[Gianfranco Costamagna]

control: reopen -1


>Package python-cartopy has been removed from mentors.

lets wait a little more

G.

Bug#847681: packaging repository and sid diverging? Various fixes needed.

[Daniel Pocock]

On 14/12/16 08:24, Andreas Henriksson wrote:
> On Wed, Dec 14, 2016 at 08:11:52AM +0100, Daniel Pocock wrote:

>> I agree the loss of Debian packaging history is a concern, that is one
>> reason I didn't clobber the existing repository and I wrote that we can
>> blow this away if there isn't consensus about it.
> 
> Yeah, but ever more importantly now is to not get stuck on details I guess.
>


It will not be too hard to switch back and forth between the two
approaches, so lets leave the final decision on that for another couple
of weeks.

The bigger issues:

- should it live in the kernel section on alioth (where only members of
that team can commit) or collab-maint (where any DD can commit)?

- should it continue to list the kernel packaging team as the
maintainer, or is there potentially another team suitable for it?  Given
the server-side stuff is partly kernel code, there is a strong reason
for the kernel team to see all the bug reports

- does it actually work for more people?  I only did basic tests of the
new 1.3.4 package with NFS 3 and a single client in a jessie system  the
latest kernel from jessie-backports.  Somebody should probably test the
package on a system running stretch or sid and also try the NFSv4 stuff.

- does anybody have time to fully review major upstream changes?  These
are things I noticed:

Upstream now installs nfsdcltrack to /sbin - does the Debian kernel look
for it in that location too or does it want /usr/sbin/nfsdcltrack or was
that just a bug in the jessie package putting it in the wrong place?

They stopped including rpc-svcgssd in the default build as of 1.3.2 and
recommended gssproxy[1] instead.  I added the flag to enable svcgssd to
debian/rules so the package remains similar to the previous one, but I
am not using svcgssd so I haven't checked any more closely.  I notice
Robbie (added on CC) has an ITP[2] for gss-proxy, will it be in stretch?

They removed[3] gss_clnt_send_err and gss_destroy_creds - could anybody
be using those from scripts?  I simply dropped them from the .install file

Can anybody review the Ubuntu patches for the systemd unit files against
the upstream changes?  I tried to merge them and all the daemons I use
are running but maybe there is some subtle issue that I haven't noticed,
I don't work on systemd unit files every day.

Regards,

Daniel


1. https://fedorahosted.org/gss-proxy/
2. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838282
3. https://patchwork.kernel.org/patch/2985231/

Bug#830051: amide: Uses deprecated gnome-common macros/variables

[Andreas Tille]

Hi Gert,

you injected a not activated patch addressing this issue into SVN.
I tried this but it results in a help/Makefile containing

dist-check-gdu:
@HAVE_GNOME_DOC_UTILS_FALSE@<-->@echo "*** GNOME Doc Utils must be installed in 
order to make dist"
@HAVE_GNOME_DOC_UTILS_FALSE@<-->@false

which is a syntactical error

...
Making all in help
make[3]: Entering directory '/build/amide-1.0.5/help'
Makefile:699: *** missing separator.  Stop.
make[3]: Leaving directory '/build/amide-1.0.5/help'
Makefile:500: recipe for target 'all-recursive' failed
...

I'll leave this issue for people more educated in these Gnome doc
issues.

Kind regards

   Andreas.

-- 
http://fam-tille.de

Bug#848112: Python-skimage depends on unavailable package python-dask

[Ole Streicher]

package: python-skimage
version: 0.12.3-2
severity: serious

The Python 2 version of skimage depends on a package "python-dask" that
is not available in Debian.

There is a patch that make the dependency optional; however the
dependency was not removed afterwards. For Python 3, this seems to work.

Since skimage is one of the central packages, I would again ask to put
it under science|python team maintenance. Especially when under some
time pressure (upcoming freeze, combined with autoremovals of packages)
it would help a lot if the problems could be debugged within a standard
Debian developer workflow, without the need to switch to github or so.

Best regards

Ole

Bug#848077: dateutils FTBFS on many architectures with parallel build issues

[Dr. Tobias Quathamer]

Am 13.12.2016 um 21:26 schrieb Adrian Bunk:

Source: dateutils
Version: 0.4.0-1
Severity: serious

I haven't been able to reproduce this, but I assume passing
--no-parallel to dh should be enough to workaround it.


Thank you very much for this hint, I've just uploaded a new version to 
unstable.


Regards,
Tobias




signature.asc
Description: OpenPGP digital signature

Bug#848113: libcrypt-openssl-rsa-perl: binary incompatibility with libcrypt-openssl-pkcs10-perl (openssl versions)

[Niko Tyni]

Package: libcrypt-openssl-rsa-perl
Version: 0.28-4
Severity: grave
User: debian-p...@lists.debian.org
Usertags: autopkgtest

The libcrypt-openssl-pkcs10-perl recently started failing its autopkgtest
checks, as seen at
 
https://ci.debian.net/packages/libc/libcrypt-openssl-pkcs10-perl/unstable/amd64/

The package still builds successfully and passes all the tests.

It looks like there's a binary incompatibility in sid between
libcrypt-openssl-rsa-perl_0.28-4 and libcrypt-openssl-pkcs10-perl_0.16-1,
which can be reduced to

  # perl -MCrypt::OpenSSL::PKCS10 -MCrypt::OpenSSL::RSA -e 
'Crypt::OpenSSL::PKCS10->new_from_rsa(Crypt::OpenSSL::RSA->generate_key(1024))'
  Segmentation fault (core dumped)

Backtrace below. Note the different libcrypto versions. Apparently the
packages need to be built against the same openssl version; I haven't
looked into whether that's avoidable.

Filing the bug against libcrypt-openssl-rsa-perl to make sure it
doesn't enter testing as-is, but the minimal fix is to rebuild
libcrypt-openssl-pkcs10-perl.

We probably want some Breaks as well for partial upgrades,
even if they don't directly affect jessie->stretch upgrades
(because perlapi-* dependency makes sure both get upgraded there
in lockstep.) I expect the Breaks are needed on both sides to also
make sure libcrypt-openssl-pkcs10-perl doesn't get updated without
libcrypt-openssl-rsa-perl.

  Core was generated by `perl -MCrypt::OpenSSL::PKCS10 -MCrypt::OpenSSL::RSA -e 
Crypt::OpenSSL::PKCS10->'.
  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x7f596170644e in BN_clear_free () from 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
  (gdb) bt
  #0  0x7f596170644e in BN_clear_free () from 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
  #1  0x7f5961707692 in BN_MONT_CTX_free () from 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
  #2  0x7f59617d94dd in ?? () from 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
  #3  0x7f5961ff9482 in RSA_free () from 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
  #4  0x7f596202662b in ?? () from 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
  #5  0x7f5962026dd8 in EVP_PKEY_free () from 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
  #6  0x7f596235190c in XS_Crypt__OpenSSL__PKCS10_DESTROY 
(my_perl=, cv=0x55dff40e8298)
  at PKCS10.xs:374
  #7  0x55dff30fb0b0 in Perl_pp_entersub ()
  #8  0x55dff307186c in Perl_call_sv ()
  #9  0x55dff30ffd35 in ?? ()
  #10 0x55dff3100740 in Perl_sv_clear ()
  #11 0x55dff3100a80 in Perl_sv_free2 ()
  #12 0x55dff312f377 in Perl_free_tmps ()
  #13 0x55dff30796f9 in perl_run ()
  #14 0x55dff305285d in main ()
 
-- 
Niko Tyni   nt...@debian.org

Bug#847279: debian-edu-artwork: leaves diversion after upgrade from jessie

[Andreas Beckmann]

Followup-For: Bug #847279
Control: found -1 0.901-4

Hi,

the fix does not work since it is wrongly versioned:

if dpkg --compare-versions "$2" le "0.52-2"; then

That should rather be

if dpkg --compare-versions "$2" lt-nl "0.901-5~"; then

(assuming you are going to fix this in 0.901-5).

The -nl suffix causes the empty version (upon new installations) to not
compare as less than the targeted version, so that code is not run on
initial install (where it just produces some noise).


Andreas

Bug#847091: [Pkg-javascript-devel] Bug#847091: update node-extend to latest upstream release

[Paolo Greppi]

On 05/12/2016 15:44, Pirate Praveen wrote:
> On തിങ്കള്‍ 05 ഡിസംബര്‍ 2016 08:08 വൈകു, Jérémy Lal wrote:
>> Do you mean node-xtend ?
> 
> I think we missed avoiding duplication here (today I saw npm2deb warns
> about it, though node-xtend was uploaded by someone else).
> 
> $ apt-cache policy node-extend
> node-extend:
>   Installed: 2.0.0-1
>   Candidate: 2.0.0-1
>   Version table:
>  *** 2.0.0-1 500
> 500 http://debian.sil.at/debian sid/main amd64 Packages
> 100 /var/lib/dpkg/status

Assuming we want to keep node-xtend and node-extend separate, I have
prepared the update for this one in the alioth repo.

That's because also node-liftoff (which is my ITP pipeline after
node-fixed) depends on node-extend >= 3.0.0

I also activated tests and tested reverse dependencies (only
node-superagent) with pkg-ruby-extras/build. RFS !

Paolo

Bug#848114: flightgear: Allows the route manager to overwrite arbitrary files

[Florent Rougon]

Source: flightgear
Version: 3.0.0-5
Severity: grave
Tags: security upstream fixed-upstream patch
Justification: user security hole

Hello,

As already stated in several places:

  
https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/
  https://sourceforge.net/p/flightgear/mailman/message/35548661/
  
http://lists.alioth.debian.org/pipermail/pkg-fgfs-crew/2016-December/001795.html

and reported to people in charge of FlightGear both upstream (of which I am a
recent addition) and in several Linux distributions, the flightgear package
has a security bug allowing malicious Nasal code[1] to overwrite arbitrary
files the user running FlightGear has write access to, by using the property
tree to cause the route manager to save a flightplan.

This problem is, AFAICT, present in all FlightGear versions released after
October 5, 2009, which largely includes those shipped in Debian stable,
testing and unstable. It is however fixed in the upstream Git repository:

  
https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/

and I have backported this fix to FlightGear 3.0.0, i.e., the version shipped
in jessie: cf. two links given above
( and
),
the second one being more ready-to-use for Debian since it contains a debdiff
including an additional fix for build failures I encountered while testing the
fix in the jessie package.

Since all parties have already been contacted, this bug report is mainly for
tracking purposes, as advised by
.

I'm attaching here the patch for FlightGear 3.0.0 as well as the mentioned
debdiff for completeness and “self-containedness” of this report. The upstream
fix
()
can certainly be used as is for the version in unstable.

Regards

[1] Which can be embedded in aircraft, which can in their turn be installed by
users from various third-party sources.
Description: Security fix: don't allow the route manager to overwrite arbitrary files
 Since the Save function of the route manager can be triggered from Nasal with
 an arbitrary path, we must check the path before overwriting the file.
 .
 (also add a missing include that is directly needed for this commit)
Author: Florent Rougon 
Origin: upstream, https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/

--- a/src/Autopilot/route_mgr.cxx
+++ b/src/Autopilot/route_mgr.cxx
@@ -47,6 +47,7 @@
 #include 
 #include 
 
+#include 
 #include "Main/fg_props.hxx"
 #include "Navaids/positioned.hxx"
 #include 
@@ -55,6 +56,8 @@
 #include "Airports/runways.hxx"
 #include 
 #include 
+#include // fgValidatePath()
+#include 
 
 #define RM "/autopilot/route-manager/"
 
@@ -707,7 +710,23 @@ void FGRouteMgr::InputListener::valueChanged(SGPropertyNode *prop)
   mgr->loadRoute(path);
 } else if (!strcmp(s, "@SAVE")) {
   SGPath path(mgr->_pathNode->getStringValue());
-  mgr->saveRoute(path);
+  const std::string authorizedPath = fgValidatePath(path.str(),
+true /* write */);
+
+  if (!authorizedPath.empty()) {
+mgr->saveRoute(authorizedPath);
+  } else {
+const SGPath proposedPath = SGPath(globals->get_fg_home()) / "Export";
+std::string msg =
+  "The route manager was asked to write the flightplan to '" +
+  path.str() + "', but this path is not authorized for writing. " +
+  "Please choose another location, for instance in the $FG_HOME/Export "
+  "folder (" + proposedPath.str() + ").";
+
+SG_LOG(SG_AUTOPILOT, SG_ALERT, msg);
+modalMessageBox("FlightGear", "Unable to write to the specified file",
+msg);
+  }
 } else if (!strcmp(s, "@NEXT")) {
   mgr->jumpToIndex(mgr->currentIndex() + 1);
 } else if (!strcmp(s, "@PREVIOUS")) {
diff -Nru flightgear-3.0.0/debian/changelog flightgear-3.0.0/debian/changelog
--- flightgear-3.0.0/debian/changelog	2015-03-18 11:19:39.0 +0100
+++ flightgear-3.0.0/debian/changelog	2016-12-13 12:40:51.0 +0100
@@ -1,3 +1,13 @@
+flightgear (3.0.0-5+deb8u1) jessie; urgency=medium
+
+  * Add patch route-manager-secu-fix-280cd5.patch (security fix preventing
+the route manager from being able to overwrite arbitrary files
+writable by the user running FlightGear).
+  * Add patch fix-missing-lX11-in-link-commands.patch to fix an FTBFS
+failure due to -lX11 missing in two link commands.
+
+ -- Florent Rougon   Tue, 13 Dec 2016 12:40:51 +0100
+
 flightgear (3.0.0-5) unstable; urgency=high
 
   * Add patch 6a30e70.patch to better restrict file access from
diff -Nru flightgear-3.0.0/debian/patches/fix-missing-lX11-in-link-comma

Bug#838495: marked as done (RFS: python-cartopy/0.14.2+dfsg1-1 [ITP])

[Ghislain Vaillant]

On 14/12/16 08:36, Gianfranco Costamagna wrote:

control: reopen -1



Package python-cartopy has been removed from mentors.


lets wait a little more

G.



Yes, there is a new upstream version available to I'll have to refresh 
the current packaging with it.


I'll ping you when done.

Cheers,
Ghis

Bug#848115: Fails to configure: "Failed to try-restart nfs-server.service: Unit proc-fs-nfsd.mount is masked."

[Andrey Rahmatullin]

Package: nfs-kernel-server
Version: 1:1.3.4-1
Severity: serious

I've upgraded nfs-kernel-server from 1:1.2.8-9.2 to 1:1.3.4-1. It failed to
configure:

Setting up nfs-kernel-server (1:1.3.4-1) ...
Failed to try-restart nfs-server.service: Unit proc-fs-nfsd.mount is masked.
insserv: warning: current start runlevel(s) (empty) of script `nfs-kernel-
server' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `nfs-
kernel-server' overrides LSB defaults (0 1 6).
Failed to restart nfs-kernel-server.service: Unit proc-fs-nfsd.mount is masked.
invoke-rc.d: initscript nfs-kernel-server, action "restart" failed.
* nfs-server.service - NFS server and services
   Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor
preset: enabled)
   Active: active (exited) since Sun 2016-12-11 01:42:06 +05; 3 days ago
 Main PID: 984 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/nfs-server.service

Dec 11 01:42:05 belkar systemd[1]: Starting NFS server and services...
Dec 11 01:42:06 belkar systemd[1]: Started NFS server and services.
dpkg: error processing package nfs-kernel-server (--configure):
 subprocess installed post-installation script returned error exit status 1



-- Package-specific info:
-- rpcinfo --
   program vers proto   port  service
104   tcp111  portmapper
103   tcp111  portmapper
102   tcp111  portmapper
104   udp111  portmapper
103   udp111  portmapper
102   udp111  portmapper
151   udp  58998  mountd
151   tcp  43577  mountd
152   udp  47808  mountd
152   tcp  37305  mountd
153   udp  59423  mountd
153   tcp  59211  mountd
132   tcp   2049  nfs
133   tcp   2049  nfs
134   tcp   2049  nfs
1002272   tcp   2049
1002273   tcp   2049
132   udp   2049  nfs
133   udp   2049  nfs
134   udp   2049  nfs
1002272   udp   2049
1002273   udp   2049
1000211   udp  54161  nlockmgr
1000213   udp  54161  nlockmgr
1000214   udp  54161  nlockmgr
1000211   tcp  45795  nlockmgr
1000213   tcp  45795  nlockmgr
1000214   tcp  45795  nlockmgr
-- /etc/default/nfs-kernel-server --
RPCNFSDCOUNT=8
RPCNFSDPRIORITY=0
RPCMOUNTDOPTS="--manage-gids"
NEED_SVCGSSD=""
RPCSVCGSSDOPTS=""
-- /etc/exports --
/ *(ro,async,insecure,fsid=0,crossmnt,subtree_check)
-- /proc/fs/nfs/exports --
# Version 1.1
# Path Client(Flags) # IPs

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nfs-kernel-server depends on:
ii  init-system-helpers  1.46
ii  keyutils 1.5.9-9
ii  libblkid12.29-1
ii  libc62.24-8
ii  libcap2  1:2.25-1
ii  libsqlite3-0 3.15.2-1
ii  libtirpc10.2.5-1
ii  libwrap0 7.6.q-25
ii  lsb-base 9.20161125
ii  netbase  5.3
ii  nfs-common   1:1.3.4-1
ii  ucf  3.0036

nfs-kernel-server recommends no packages.

nfs-kernel-server suggests no packages.

-- debconf-show failed

Bug#848105: Bio/Coordinate/Pair.pm removed from BioPerl in version 1.00070001

[Andreas Tille]

Hi,

since I uploaded a Debian package of the latest version of BioPerl which
has removed Bio::Coordinate::Pair which was available in 1.6.924[1] the
test suite of at least one depending package in Debian are failing due
to missing Bio/Coordinate/Pair.pm.

I wonder whether there is a sensible migration path for those projects
that are relying on the old code version.

Kind regards

   Andreas.

[1] http://search.cpan.org/dist/BioPerl-1.6.924/Bio/Coordinate/Pair.pm

On Wed, Dec 14, 2016 at 08:46:23AM +0100, Chris Lamb wrote:
>   perl Build test --verbose 1
>   
>   - EXCEPTION: Bio::Root::Exception -
>   MSG: The requested glyph class, ``arrow'' is not available: Can't locate 
> Bio/Coordinate/Pair.pm in @INC (you may need to install the 
> Bio::Coordinate::Pair module) (@INC contains: . «BUILDDIR»/t/../lib 
> /home/lamby/temp/cdt.20161214084524.WfwH8dO4Qj.db.libbio-graphics-perl/libbio-graphics-perl-2.39/blib/lib
>  
> /home/lamby/temp/cdt.20161214084524.WfwH8dO4Qj.db.libbio-graphics-perl/libbio-graphics-perl-2.39/blib/arch
>  /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 
> /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 
> /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 
> /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at 
> /home/lamby/temp/cdt.20161214084524.WfwH8dO4Qj.db.libbio-graphics-perl/libbio-graphics-perl-2.39/t/../lib/Bio/Graphics/Glyph/arrow.pm
>  line 13.
>   BEGIN failed--compilation aborted at 
> «BUILDDIR»/t/../lib/Bio/Graphics/Glyph/arrow.pm line 13.
>   Compilation failed in require at (eval 43) line 2.
>   
>   STACK: Error::throw
>   STACK: Bio::Root::Root::throw /usr/share/perl5/Bio/Root/Root.pm:447
>   STACK: Bio::Graphics::Glyph::Factory::make_glyph 
> «BUILDDIR»/t/../lib/Bio/Graphics/Glyph/Factory.pm:342
>   STACK: Bio::Graphics::Glyph::make_subglyph 
> «BUILDDIR»/t/../lib/Bio/Graphics/Glyph.pm:310
>   STACK: Bio::Graphics::Glyph::new 
> «BUILDDIR»/t/../lib/Bio/Graphics/Glyph.pm:270
>   STACK: Bio::Graphics::Glyph::Factory::make_glyph 
> «BUILDDIR»/t/../lib/Bio/Graphics/Glyph/Factory.pm:346
>   STACK: Bio::Graphics::Panel::_add_track 
> «BUILDDIR»/t/../lib/Bio/Graphics/Panel.pm:414
>   STACK: Bio::Graphics::Panel::_do_add_track 
> «BUILDDIR»/t/../lib/Bio/Graphics/Panel.pm:386
>   STACK: Bio::Graphics::Panel::add_track 
> «BUILDDIR»/t/../lib/Bio/Graphics/Panel.pm:312
>   STACK: Bio::Graphics::FeatureFile::render 
> «BUILDDIR»/t/../lib/Bio/Graphics/FeatureFile.pm:675
>   STACK: t/BioGraphics.t:53
>   ---
>   # Looks like you planned 49 tests but ran 4.
>   # Looks like your test exited with 2 just after 4.
>   t/BioGraphics.t .. 
>   1..49
>   ok 1 - use GD::Image;
>   ok 2 - use Bio::Graphics::FeatureFile;
>   ok 3 - use Bio::Graphics::Panel;
>   ok 4
>   Dubious, test returned 2 (wstat 512, 0x200)
>   Failed 45/49 subtests 
>   t/Wiggle.t ... 
>   1..11
>   ok 1
>   ok 2
>   ok 3
>   ok 4
>   ok 5
>   ok 6
>   ok 7
>   ok 8
>   ok 9
>   ok 10
>   ok 11
>   ok
>   
>   Test Summary Report
>   ---
>   t/BioGraphics.t (Wstat: 512 Tests: 4 Failed: 0)
> Non-zero exit status: 2
> Parse errors: Bad plan.  You planned 49 tests but ran 4.
>   Files=2, Tests=15,  1 wallclock secs ( 0.03 usr  0.00 sys +  0.50 cusr  
> 0.04 csys =  0.57 CPU)
>   Result: FAIL
>   Failed 1/2 test programs. 0/15 subtests failed.
>   dh_auto_test: perl Build test --verbose 1 returned exit code 255
>   debian/rules:4: recipe for target 'build' failed
>   make: *** [build] Error 2
>   dpkg-buildpackage: error: debian/rules build gave error exit status 2
> 
>   […]
> 
> The full build log is attached.
> 
> 
> Regards,
> 
> -- 
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-


> ___
> Debian-med-packaging mailing list
> debian-med-packag...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging


-- 
http://fam-tille.de

Bug#835439: gdb --write segfaults on quit in _bfd_elf_strtab_finalize

[Hector Oron]

Hello,

2016-12-13 23:38 GMT+01:00 Ben Harris :
> It looks like it's already been reported upstream:
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=20948

Excellent! Thanks very much!

Regards
-- 
 Héctor Orón  -.. . -... .. .- -.   -.. . ...- . .-.. --- .--. . .-.

Bug#848116: RM: libkipi -- RoM; renamed to src:libkf5kipi

[Andreas Beckmann]

Source: libkipi
Version: 4:15.08.3-2
Severity: serious

Hi,

in piuparts I noticed some upgrade issues from jessie due to
libkipi-data still being available in stretch, but not being
installable along libkf5kipi-data.

This package should probably be removed, but there is a remaining
dependency:

Checking reverse dependencies...
# Broken Depends:
kamoso: kamoso [hurd-i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel 
powerpc]

Please reassign this bug to ftp.debian.org once that is solved, until
then this bug should trigger autoremoval from testing.


Andreas

Bug#833885: gbrowse: ships a deterministic/predictable OpenID constumer secret

[Andreas Tille]

Hi,

as far as I can see the solution for this issue would be to use a
symlink for /usr/share/perl5/GBrowse/ConfigData.pm pointing to something
like /etc/gbrowse/ConfigData.pm while the file
/etc/gbrowse/ConfigData.pm will be created in postinst.  Is this correct
and will somebody of the other Uploaders (in CC) be able to care for
this since I personally do not have any clue how to test gbrowse to
verify the correct functionality?

Kind regards

   Andreas.

-- 
http://fam-tille.de

Bug#848117: Freecell: gameplay has undesired automatic action

[Richard Hector]

Package: aisleriot
Version: 1:3.14.1-1
Severity: minor

Dear Maintainer,

Playing Freecell. When I move a card to the foundation, any available
following card will follow automatically. Eg, if I move the Ace of
clubs, and the 2 of clubs is also available, it moves too.

I have seen this as an optional timesaver in other implementations, but
it does not appear to be required by the rules (either included in the
help, or those on wikipedia). It can be useful not to do this. I note
also that undo move undoes both, so that is not a workaround.

Thanks,
Richard

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_NZ.utf8, LC_CTYPE=en_NZ.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages aisleriot depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.22.0-1
ii  gconf-service3.2.6-3
ii  gconf2   3.2.6-3
ii  guile-2.0-libs   2.0.11+1-9
ii  libatk1.0-0  2.14.0-1
ii  libc62.19-18+deb8u6
ii  libcairo-gobject21.14.0-2.1+deb8u1
ii  libcairo21.14.0-2.1+deb8u1
ii  libcanberra-gtk3-0   0.30-2.1
ii  libcanberra0 0.30-2.1
ii  libgc1c2 1:7.2d-6.4
ii  libgconf-2-4 3.2.6-3
ii  libgdk-pixbuf2.0-0   2.31.1-2+deb8u5
ii  libglib2.0-0 2.42.1-1+b1
ii  libgtk-3-0   3.14.5-1+deb8u1
ii  libpango-1.0-0   1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  librsvg2-2   2.40.5-1+deb8u2
ii  libx11-6 2:1.6.2-3

Versions of packages aisleriot recommends:
ii  yelp  3.14.1-1

Versions of packages aisleriot suggests:
pn  gnome-cards-data  

-- no debconf information

Bug#846850: mitmproxy uninstallable in current Sid and soon Stretch Testing (again)

[Sébastien Delafond]

On Dec/13, Bob Proulx wrote:
> Therefore I don't have a good idea of what to do here.  I only know
> that it is an impossible system.  I feel certain this can't be
> necessary.

While I appreciate your concern, and am also pained by seeing so many
versioned conflicts, what you *feel* is unfortunately not relevant. Let
me try to explain again why.

Upstream declares conflicts on many "recent" versions of the libraries
it depends upon. For each one of those, there are 2 cases:

  1. the versioned conflict is legitimate, and mitmproxy would indeed
 break if used with a library not satisfying the conflict. In this
 case, there is nothing we in Debian can do, except write a patch to
 support the new API exposed by the more recent version of the
 library.

  2. the versioned conflict is not legitimate, and mitmproxy works fine
 with a newer library version. In this case, the versioned conflict
 in the Debian package can be relaxed.

Whether each one of the mitmproxy dependencies falls in the first or the
second case is most definitely not a matter of feelings, but instead one
of manually checking. For each dependency. I certainly welcome help in
that department.

> Just today there are two more python packages that have been uploaded
> breaking the << dependencies of mitmproxy again.  This is inevitable.
> Do you wish us to simply keep filing individual bug reports each time
> this happens?

Yes, please: until I have more time, I intend to look at breakages *as
they happen*, and see if it can be fixed accordingly for mitmproxy to
remain in stretch.

Cheers,

--Seb

Bug#826458: gbrowse: Unescaped left brace in regex is deprecated

[Andreas Tille]

Hi Olivier and Charles,

I know you have way more Perl skills than me - so I guess this is quite
simple to fix for you both.  If you's volunteer to add a quilt patch to
Git I would care for the remaining preparation of the package.

Kind regards

   Andreas.

-- 
http://fam-tille.de

Bug#847514: Amazon::S3 vs. Net::Amazon::S3

[Alex Muntada]

Christopher Hoskin:

> I'd already done most of this at the weekend, so thought
> I might as well upload it. Hope you don't mind!

Not at all :)

Just remember that retitling a RFP bug into an ITP and
taking ownership makes it easier to see that somebody
is already working on the package.

Thanks!
Alex



signature.asc
Description: Digital signature

Bug#833997: Upstream bug reports

[Gerlof Langeveld]

Hi Martin,

The kernel that I use on the CentOS system is 4.8.12-1.el7.elrepo.x86_64
and the settings in the concerning config file that matter for this 
issue are:


#
# CPU/Task time and stats accounting
#
CONFIG_VIRT_CPU_ACCOUNTING=y
CONFIG_VIRT_CPU_ACCOUNTING_GEN=y
# CONFIG_IRQ_TIME_ACCOUNTING is not set
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
CONFIG_TASKSTATS=y
CONFIG_TASK_DELAY_ACCT=y
CONFIG_TASK_XACCT=y
CONFIG_TASK_IO_ACCOUNTING=y

The only difference with the config file being used on the Debian8 
system (4.8.4 kernel from kernel.org)
is the setting CONFIG_VIRT_CPU_ACCOUNTING_GEN (which is not set). IMHO 
this setting is not relevant for

this issue.

BTW.
In the description of bug 190271 you mention
"There is another related bug to the process accounting that I will 
report as well.".

Notice that this issue is not really related to process accounting,
but to the taskstats feature supplied by the netlink interface.

You can verify if this problem also applies to the 4.9 kernel that you 
use, you can run the program 'getdelays'
from the directory '.../Documentation/accounting' in the kernel source 
tree, like:


# ./getdelays -m 0 -d
cpumask 0 maskset 1
print delayacct stats ON
fatal reply error,  errno -22
Sent deregister mask, retval 0

The errno -22 (EINVAL) should not happen.


Best regards,
Gerlof


On 12/13/2016 05:45 PM, Martin Steigerwald wrote:

Hello.

I reported the kernel bugs

[Bug 190271] New: process accounting sometimes does not work
https://bugzilla.kernel.org/show_bug.cgi?id=190271

I did not report the other issue yet, since I am not clear whether it is a
configuration issue with the Debian kernel.

Gerlof, thank you for the config file for the Debian kernel. Is  the kernel you
use on CentOS configured in the same way? If not, do you have a config file for
it as well?

Thanks,

Bug#848119: accerciser: Accerciser is incompatible with ipython3 in unstable

[Colomban Wendling]

Package: accerciser
Version: 3.22.0-2
Severity: normal

Dear Maintainer,

The version of Accerciser is in incompatible with ipython3 in unstable, and
leads to the console plugin failing to initialize with the error:

> Traceback (most recent call last):
>   File "/usr/lib/python3/dist-packages/accerciser/plugin/plugin_manager.py", 
> line 192, in _enablePlugin
> plugin_instance.init()
>   File "/usr/share/accerciser/plugins/console.py", line 42, in init
> self.ipython_view = ipython_view.IPythonView()
>   File "/usr/share/accerciser/plugins/ipython_view.py", line 549, in __init__
> input_func=self.raw_input)
>   File "/usr/share/accerciser/plugins/ipython_view.py", line 128, in __init__
> self.IP.readline_startup_hook(self.IP.pre_readline)
> AttributeError: 'InteractiveShellEmbed' object has no attribute 
> 'readline_startup_hook'

The ipython3 from stable works (2.3.0-2).

Regards,
Colomban

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages accerciser depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.26.0-2
ii  gir1.2-atk-1.0   2.22.0-1
ii  gir1.2-gdkpixbuf-2.0 2.36.0-1
ii  gir1.2-glib-2.0  1.50.0-1
ii  gir1.2-gtk-3.0   3.22.5-1
ii  gir1.2-pango-1.0 1.40.3-3
ii  gir1.2-rsvg-2.0  2.40.16-1
ii  gir1.2-wnck-3.0  3.20.1-2
ii  ipython3 5.1.0-3
ii  python3-cairo1.10.0+dfsg-5+b1
ii  python3-pyatspi  2.20.2+dfsg-2
pn  python3:any  

accerciser recommends no packages.

accerciser suggests no packages.

-- no debconf information

Bug#848118: mysql-server-core-5.6: fails to upgrade from 'jessie' - trying to overwrite /usr/share/man/man1/innochecksum.1.gz

[Andreas Beckmann]

Package: mysql-server-core-5.6
Version: 5.6.30-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + redmine

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'jessie'.
It installed fine in 'jessie', then the upgrade to 'stretch' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package mysql-server-core-5.6.
  (Reading database ... 
(Reading database ... 17075 files and directories currently installed.)
  Preparing to unpack .../mysql-server-core-5.6_5.6.30-1_amd64.deb ...
  Unpacking mysql-server-core-5.6 (5.6.30-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/mysql-server-core-5.6_5.6.30-1_amd64.deb (--unpack):
   trying to overwrite '/usr/share/man/man1/innochecksum.1.gz', which is also 
in package mysql-server-5.5 5.5.50-0+deb8u1
  dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)

Same error as in 5.7.

This needs
  Conflicts+Replaces: mysql-server-5.5
added to the mysql-server-core-5.6 (and mysql-server-core-5.7) package.


cheers,

Andreas


redmine_3.3.1-2.log.gz
Description: application/gzip

Bug#847681: packaging repository and sid diverging? Various fixes needed.

[Sven Geggus]

Daniel Pocock schrieb am Mittwoch, den 14. Dezember um 09:38 Uhr:

> They stopped including rpc-svcgssd in the default build as of 1.3.2 and
> recommended gssproxy[1] instead.

Yes, gssproxy is a working drop-in replacement for rpc.svcgssd in case of
the nfs4-server use case.

Note, that they are mutually exclusive. Once gssproxy has been used on a
machine a reboot is requeired to go back to rpc.svcgssd again.

As I already wrote in my bug-report I consider rpc.svcgssd broken. This said
it would be a good idea to remove it from the nfs-package alltogether.
Instead a "Recommends: gssproxy" can be added.

I am currently running a custom quick-and dirty debian package of gssproxy
compiled for debian stable and the original version of nfs-common (1.2.8-9). 
I can also try running this with a backport of nfs-common 1.3.4 on my
test-vm.

For running an NFS-server /etc/gssproxy/gssproxy.conf looks like this here:
--cut--
[gssproxy]

[service/nfs-server]
  mechs = krb5
  socket = /run/gssproxy.sock
  cred_store = keytab:/etc/krb5.keytab
  trusted = yes
  kernel_nfsd = yes
  euid = 0
--cut--   

The most simple test-setup for kerberized nfs4 might be the following:
3 virtual machines: 

1. A Samba 4 ADDC
2. An nfs-server
3. An nfs-client

Machines 2 and 3 need to be bound to Samba 4 ADDC using nslcd or sssd for
UID-mapping.

Regards

Sven

-- 
Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety (Benjamin Franklin)

/me is giggls@ircnet, http://sven.gegg.us/ on the Web

Bug#848117: Acknowledgement (Freecell: gameplay has undesired automatic action)

[Richard Hector]

Apologies, I was too hasty.

The behaviour is not quite what I described; sometimes it doesn't do
that. However, I'd still like the option not to do it at all, and it
would help if the behaviour was documented, because I haven't figured it
out yet ...

I'm not sure now whether it restricts my options or not. If not, this
bug should be reclassified wishlist, I guess.

Thanks

Richard

Bug#833885: gbrowse: ships a deterministic/predictable OpenID constumer secret

[olivier sallou]

Le mer. 14 déc. 2016 à 10:19, Andreas Tille  a écrit :

> Hi,
>
> as far as I can see the solution for this issue would be to use a
> symlink for /usr/share/perl5/GBrowse/ConfigData.pm pointing to something
> like /etc/gbrowse/ConfigData.pm while the file
> /etc/gbrowse/ConfigData.pm will be created in postinst.  Is this correct
> and will somebody of the other Uploaders (in CC) be able to care for
> this since I personally do not have any clue how to test gbrowse to
> verify the correct functionality?
>

I think openid is not configured for GBrowse in Debian , so it should not
be an issue
It is true that consumersecret is generated at build time. It should not.
Linking ConfigData.pm to etc file is the correct behavior, but putting a
post install step may not be necessary. It is a config parameter and user
should update it if he wish to use openid as a configuration parameter.
It is up to the user to update this value like he wuold in other packages
for password/secret related stuff.

Olivier

>
> Kind regards
>
>Andreas.
>
> --
> http://fam-tille.de
>

Bug#847231: mysql Breaks/Replaces innochecksum

[Robie Basak]

forcemerge 847231 847992 848118
thanks

These are all the same bug.

When fixing, also see bug 840646. These should all be resolved at once.


signature.asc
Description: PGP signature

Bug#796548: closing 796548

[Ansgar Burchardt]

Control: reopen -1
Control: found -1 2.1

On Wed, 2016-12-14 at 03:40 +, Wookey wrote:
> close 796548 2.0.4

emdebian-archive-keyring 2.1 still has "Priority: important" in
d/control.  (Not in the Packages index though as the archive software
overrides the provided priority.)

Ansgar

Bug#840646: Common Breaks/Replaces fixes needed

[Robie Basak]

See bug 847231 also. It should probably be fixed at the same time.


signature.asc
Description: PGP signature

Bug#848120: ITP: python-django-etcd-settings -- config manager for Django apps based on ETCD

[Michael Fladischer]

Package: wnpp
Severity: wishlist
Owner: Michael Fladischer 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-django-etcd-settings
  Version : 0.1.11
  Upstream Author : Enrique Paz 
* URL : https://github.com/kpn-digital/django-etcd-settings
* License : Apache-2
  Programming Lang: Python
  Description : config manager for Django apps based on ETCD.

 This application allows you to extend the Django settings as configured in the
 settings.py file with:
 .
  * Environment dependent values
  * Values in different config sets, identified by name, which can be selected
on a 'per request' basis using the X-DYNAMIC-SETTINGS HTTP header
 .
 Both the added configuration values and config sets would live at ETCD,
 which will be continuously monitored by this library in order to
 transparently update your app settings upon changes.

-BEGIN PGP SIGNATURE-

iQFFBAEBCgAvFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAlhRFcIRHGZsYWRpQGRl
Ymlhbi5vcmcACgkQ/9PIi5l90WrpKAf/SAJqMKoehHx1c1iH/r1ZVsanzKb8f6eA
MxgCw62kyPuvY7buvsYGrvJRLYy0sSUyRlAiLiwjjNSFXmG7jHFo9dmRzoOQ4vkC
o7aIkVmQsnFIs5xNJex9Coqwr2zTXtGlaKIT9NDBtMBMEAXdZuNj7ZrzmbH7TNM6
IyiYMi5zGuqtsdRuMkdDmho0ARkAyAI/NZWpqthL1CeVreJVZBq7Vtwm/khKUAiX
l1Z11Szk+GB4JAiA5l0lAH2H5jn+g7Wli8JKUH61dJmueq81/oT09juNwBtj5ner
ZSpP8SlxNNYXyHqWWdi1FFcSiintMaQA8i1X6d5Uk+FYCz2nJYEx/g==
=F6fL
-END PGP SIGNATURE-

Bug#829380: Orthanc 1.2.0

[Sebastien Jodogne]

Dear Karsten,


Well, once Orthanc 1.2 shows up in my sources.lst I will test
the suggested script and report back. Since I don't assume
Orthanc 1.1 -> 1.2 to actually need a database upgrade (?) I
expect the script to gracefully do nothing.


Indeed, an upgrade of the Orthanc database is only necessary if the 
version of the DB changes. The internals are explained in the Orthanc Book:

http://book.orthanc-server.com/developers/db-versioning.html

The last modification of the DB schema was introduced in Orthanc 0.9.5 
(released on December 2nd, 2015). This means that any post-0.9.5 release 
will transparently work without having to upgrade the database. Since 
that release, the database schema is now considered as stable, and no 
upgrade should be necessary.


Furthermore, I personally feel that the upgrade process should imply a 
manual operation from the user. The official documentation of Orthanc 
clearly explains what should be done in such a case:

http://book.orthanc-server.com/users/replication.html#upgrade-the-database-schema

As a consequence, I am not convinced that providing an automated script 
is necessary. Maybe it would be sufficient to simply point to the 
section of the Orthanc Book above in the "README.Debian".


HTH,
Sébastien-

Bug#847091: [Pkg-javascript-devel] Bug#847091: update node-extend to latest upstream release

[Pirate Praveen]

On 2016, ഡിസംബർ 14 2:16:46 PM IST, Paolo Greppi  wrote:
>
>Assuming we want to keep node-xtend and node-extend separate, I have
>prepared the update for this one in the alioth repo.
>
>That's because also node-liftoff (which is my ITP pipeline after
>node-fixed) depends on node-extend >= 3.0.0
>
>I also activated tests and tested reverse dependencies (only
>node-superagent) with pkg-ruby-extras/build. RFS !

I think node-superagent only has require tests. We may need to enable tests or 
run those tests manually after updating package.json and using npm.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Bug#847091: [Pkg-javascript-devel] Bug#847091: Bug#847091: update node-extend to latest upstream release

[Pirate Praveen]

On 2016, ഡിസംബർ 14 2:16:46 PM IST, Paolo Greppi  wrote:
>That's because also node-liftoff (which is my ITP pipeline after
>node-fixed) depends on node-extend >= 3.0.0
>
I think easier option would be to see if liftoff tests pass with node-extend 
2.0 and relax dependencies in debian/control.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Bug#848122: ITP: pbcopper -- data structures, algorithms, and utilities for C++ applications

[Afif Elghraoui]

Package: wnpp
Severity: wishlist
Owner: Debian Med Packaging Team 
Control: block 847310 by -1

* Package name: pbcopper
  Version : 0.0.1
  Upstream Author : Pacific Biosciences 
* URL : https://github.com/PacificBiosciences/pbcopper
* License : BSD
  Programming Lang: C++
  Description : data structures, algorithms, and utilities for C++ 
applications

pbcopper provides general tools for C++ applications. It is developed
for use by applications of the Pacific Biosciences SMRT Analysis
suite.

This package is a dependency of unanimity. It will be maintained by the Debian 
Med team.

Bug#847681: packaging repository and sid diverging? Various fixes needed.

[Daniel Pocock]

On 14/12/16 10:31, Sven Geggus wrote:
> Daniel Pocock schrieb am Mittwoch, den 14. Dezember um 09:38 Uhr:
> 
>> They stopped including rpc-svcgssd in the default build as of 1.3.2 and
>> recommended gssproxy[1] instead.
> 
> Yes, gssproxy is a working drop-in replacement for rpc.svcgssd in case of
> the nfs4-server use case.
> 
> Note, that they are mutually exclusive. Once gssproxy has been used on a
> machine a reboot is requeired to go back to rpc.svcgssd again.
> 
> As I already wrote in my bug-report I consider rpc.svcgssd broken. This said
> it would be a good idea to remove it from the nfs-package alltogether.
> Instead a "Recommends: gssproxy" can be added.
> 

I don't mind doing that after the gssproxy is in Debian

Should the package name be gss-proxy or gssproxy?  Upstream has used
both terms.

> I am currently running a custom quick-and dirty debian package of gssproxy
> compiled for debian stable and the original version of nfs-common (1.2.8-9). 
> I can also try running this with a backport of nfs-common 1.3.4 on my
> test-vm.
> 


Would you consider uploading it or proposing it in mentors.debian.net?
Please also send details on the gss-proxy ITP bug.

> For running an NFS-server /etc/gssproxy/gssproxy.conf looks like this here:
> --cut--
> [gssproxy]
> 
> [service/nfs-server]
>   mechs = krb5
>   socket = /run/gssproxy.sock
>   cred_store = keytab:/etc/krb5.keytab
>   trusted = yes
>   kernel_nfsd = yes
>   euid = 0
> --cut--   
> 
> The most simple test-setup for kerberized nfs4 might be the following:
> 3 virtual machines: 
> 
> 1. A Samba 4 ADDC
> 2. An nfs-server
> 3. An nfs-client
> 
> Machines 2 and 3 need to be bound to Samba 4 ADDC using nslcd or sssd for
> UID-mapping.
> 


Personally, I am very unlikely to have time to do that test before the
freeze in January.  If somebody else wants to take care of the nfs4
aspects of this package that would be great.  Are there any other places
where we might find potential testers?  Maybe I will write a brief blog
linking to this bug.

Regards,

Daniel

Bug#833997: atop: process accounting does not work

[Martin Steigerwald]

Am Mittwoch, 14. Dezember 2016, 08:18:47 CET schrieb Marc Haber:
> On Tue, Dec 13, 2016 at 03:50:31PM +0100, Martin Steigerwald wrote:
> > I see. Marc, IMHO this issue should not hold back uploading new atop to
> > Debian unstable for inclusion into next Debian version. What do you
> > think?
> Agreed. I will document this in NEWS.Debian and would like to include
> kernel bugzilla and kernel mailig lists references.

I didn´t post to LKML about the bug I reported in kernel upstream bugtracker 
yet.

I ponder whether to report the second issue, the one about netlink, that 
Gerlof pointed out to the Debian bugtracker, since for Gerlof it does only 
happen with the Debian kernel and not with the CentOS kernel he tried and I 
also didn´t see this issue with my self-compiled kernel.

For that it would be good to have the configuration of the CentOS kernel, but I 
probably can also just compare my self-compiled config of 4.8.14 kernel (I 
downgraded from 4.9 kernel already again due to issues with Intel gfx driver) 
with Debian 4.8 kernel. Hmm, lets see… there are indeed some configuration 
differences related to netlink:

merkaba:~> grep NETLINK /boot/config-4.8.0-2-amd64 
CONFIG_COMPAT_NETLINK_MESSAGES=y
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_ACCT=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NF_CT_NETLINK=m
CONFIG_NF_CT_NETLINK_TIMEOUT=m
CONFIG_NF_CT_NETLINK_HELPER=m
CONFIG_NETFILTER_NETLINK_GLUE_CT=y
CONFIG_NETLINK_DIAG=m
CONFIG_SCSI_NETLINK=y
CONFIG_QUOTA_NETLINK_INTERFACE=y


merkaba:~> grep NETLINK /boot/config-4.8.14-tp520-btrfstrim+ 
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_ACCT=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NF_CT_NETLINK=m
CONFIG_NF_CT_NETLINK_TIMEOUT=m
# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
CONFIG_NETLINK_DIAG=y
CONFIG_SCSI_NETLINK=y
CONFIG_QUOTA_NETLINK_INTERFACE=y


I will be recompiling my kernel with:

CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_ACCT=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NF_CT_NETLINK=m
CONFIG_NF_CT_NETLINK_TIMEOUT=m
CONFIG_NF_CT_NETLINK_HELPER=m
CONFIG_NETFILTER_NETLINK_GLUE_CT=y
CONFIG_NETLINK_DIAG=m
CONFIG_SCSI_NETLINK=y
CONFIG_QUOTA_NETLINK_INTERFACE=y

to see if I can reproduce the issue.

I don´t know how to activate "CONFIG_COMPAT_NETLINK_MESSAGES=y".

Thanks,
-- 
Martin

Bug#784158: lightdm: /etc/environment also not read

[strk]

Package: lightdm
Version: 1.10.3-3
Followup-For: Bug #784158

Dear Maintainer,

I was configuring a systemwide http proxy

I've added http_proxy env variable to /etc/environment

X application did not see the env variable, ssh sessions did

I expected X to also see the env variable

not sure if it's the same issue as the original bug report,
anyway adding a line to /etc/pam.d/lightdm and /etc/pam.d/lightdm-autologin
to do what the comment above pam_env.so line stated did fix the issue.


-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lightdm depends on:
ii  adduser3.113+nmu3
ii  dbus   1.8.20-0+deb8u1
ii  debconf [debconf-2.0]  1.5.56
ii  libc6  2.19-18+deb8u4
ii  libgcrypt201.6.3-2+deb8u2
ii  libglib2.0-0   2.42.1-1+b1
ii  libpam-systemd 215-17+deb8u4
ii  libpam0g   1.1.8-3.1+deb8u1+b1
ii  libxcb11.10-3+b1
ii  libxdmcp6  1:1.1.1-1+b1
ii  lightdm-gtk-greeter [lightdm-greeter]  1.8.5-2

Versions of packages lightdm recommends:
ii  xserver-xorg  1:7.7+7

Versions of packages lightdm suggests:
ii  accountsservice  0.6.37-3+b1
ii  upower   0.99.1-3.2

-- Configuration Files:
/etc/lightdm/lightdm.conf changed:
[LightDM]
[SeatDefaults]
[Seat:0]
autologin-user = kodi
autologin-session = MATE
[XDMCPServer]
[VNCServer]

/etc/pam.d/lightdm changed:
auth  requisite pam_nologin.so
sessionrequired pam_env.so # [1]
auth  required pam_env.so envfile=/etc/default/locale
@include common-auth
-auth  optional pam_gnome_keyring.so
@include common-account
session  [success=ok ignore=ignore module_unknown=ignore default=bad] 
pam_selinux.so close
session  requiredpam_limits.so
session  requiredpam_loginuid.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] 
pam_selinux.so open
-session optionalpam_gnome_keyring.so auto_start
@include common-password

/etc/pam.d/lightdm-autologin changed:
auth  requisite pam_nologin.so
sessionrequired pam_env.so # [1]
auth  required pam_env.so envfile=/etc/default/locale
auth  required pam_permit.so
@include common-account
session  [success=ok ignore=ignore module_unknown=ignore default=bad] 
pam_selinux.so close
session  requiredpam_limits.so
session  requiredpam_loginuid.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] 
pam_selinux.so open
password  required pam_deny.so
@include common-password


-- debconf information:
  lightdm/daemon_name: /usr/sbin/lightdm
* shared/default-x-display-manager: lightdm

Bug#838703: libinput10: leads to a crash of X when working in a virtual tty

[Sebastian Humenda]

Hi

Emilio Pozuelo Monfort schrieb am 12.12.2016, 19:31 +0100:
>On 12/12/16 12:54, Sebastian Humenda wrote:
>> Control: reassign 838703 xserver-xorg-input-libinput
>> Control: tags 838703 +pending
>> 
>> Samuel Thibault schrieb am 09.12.2016, 20:19 +0100:
>>> This is very likely the same bug as
>>> https://bugs.freedesktop.org/show_bug.cgi?id=98464 which has a proposed
>>> patch, could you check try?
>> Thanks, that patch solves the issue.
>
>Can you try with xserver-xorg-input-libinput 0.23.0-1, which I just uploaded?
Have you applied the very same patch? If so, I have been overoptimistic. The
problem persists.

>If that doesn't help, please send a backtrace with debugging symbols to the
>upstream bug.
I'd say the issues are unrelated, I have a null pointer in a LED update
function, the upstream bug fixes something else.

What about the patch that I've submitted, is that problematic?

Thanks
Sebastian


signature.asc
Description: PGP signature

Bug#826458: gbrowse: Unescaped left brace in regex is deprecated

[olivier sallou]

Le mer. 14 déc. 2016 à 10:23, Andreas Tille  a écrit :

> Hi Olivier and Charles,
>
> I know you have way more Perl skills than me - so I guess this is quite
> simple to fix for you both.  If you's volunteer to add a quilt patch to
> Git I would care for the remaining preparation of the package.
>
I pushed a patch to fix this. Did not test with perl n experimental but
should do the job.

>
> Kind regards
>
>Andreas.
>
> --
> http://fam-tille.de
>

Bug#847350: RFS: golang-github-minio-minio-go/2.0.2+dfsg-1

[Félix Sipma]

On 2016-12-13 07:59+1100, Dmitry Smirnov wrote:
> On Monday, 12 December 2016 11:09:56 AM AEDT Félix Sipma wrote:
>> From gbp-dch(1):
>> 
>>   --id-length=N
>>  Include N digits of the commit  id  in  the
>>  changelog  entry. Default is to not include
>>  any commit ids at all.
>> 
>> So, that's already the default, right? It could be modified by the user's
>> global gbp.conf, and it affects the changelog entries, so I set it back to
>> this.
> 
> Yes, I don't want commit IDs in changelog so I explicitly state that. I've 
> started doing so after few cases when uploaders introduced needless commit ID 
> noise to changelog.
> 
>>> Basically it instructs GBP to generate/use tarball and it might be useful
>>> for "debian"-only master repository layout.

I reverted this.

>> I thinks that these should be set by the user's global gbp.conf.
> 
> I also think so. Personally I don't build packages with GBP so I shouldn't 
> care much but this fragment may be important for thouse who don't know how to 
> build package without upstream sources in master. This fragment was 
> introduced after earlier discussion in mail list when someone suggested that 
> repository layout should be compatible with GBP either through "standard" 
> layout or with gbp.conf to allow package build out of the box.
> 
>> If he
>> wants to use "export-dir = ../debian-build-area" or anything else, we
>> shouldn't override this.
> 
> I agree this is ugly but "export-dir" is important because one can't build 
> package with default settings. It is always easier to change existing 
> settings than try to find which parameter should be added.
> 
>> Does this address your concerns?
> 
> Nope. :) But those concerns wasn't really mine as it is all about helping 
> those who build packages with GBP...

I get your point, but I think we should not set this in every package using
gbp. If there is a bug in gbp, it should be reported, and not hidden by
workarounds :-). In the meantime people may have to set a minimum configuration
in their global gbp.conf. If you don't care much about this, I'll prefer to let
the package as it is now.

Thanks again for your reviews!


signature.asc
Description: PGP signature

Bug#833885: gbrowse: ships a deterministic/predictable OpenID constumer secret

[olivier sallou]

Le mer. 14 déc. 2016 à 10:41, olivier sallou  a
écrit :

> Le mer. 14 déc. 2016 à 10:19, Andreas Tille  a écrit :
>
> Hi,
>
> as far as I can see the solution for this issue would be to use a
> symlink for /usr/share/perl5/GBrowse/ConfigData.pm pointing to something
> like /etc/gbrowse/ConfigData.pm while the file
> /etc/gbrowse/ConfigData.pm will be created in postinst.  Is this correct
> and will somebody of the other Uploaders (in CC) be able to care for
> this since I personally do not have any clue how to test gbrowse to
> verify the correct functionality?
>
>
> I think openid is not configured for GBrowse in Debian , so it should not
> be an issue
> It is true that consumersecret is generated at build time. It should not.
> Linking ConfigData.pm to etc file is the correct behavior, but putting a
> post install step may not be necessary. It is a config parameter and user
> should update it if he wish to use openid as a configuration parameter.
> It is up to the user to update this value like he wuold in other packages
> for password/secret related stuff.
>

Bu the way, openid is more and more deprecated and supported by less and
less providers. so it may not worth the effort. Simply linking to etc
for user config ,if he wants to, should be necessary.
We won't be able anyway to test openid easily as it needs to get a server
and to declare the app in openid provider :-(

Olivier

>
> Olivier
>
>
> Kind regards
>
>Andreas.
>
> --
> http://fam-tille.de
>
>

Bug#838703: libinput10: leads to a crash of X when working in a virtual tty

[Emilio Pozuelo Monfort]

On 14/12/16 11:05, Sebastian Humenda wrote:
> Hi
> 
> Emilio Pozuelo Monfort schrieb am 12.12.2016, 19:31 +0100:
>> On 12/12/16 12:54, Sebastian Humenda wrote:
>>> Control: reassign 838703 xserver-xorg-input-libinput
>>> Control: tags 838703 +pending
>>>
>>> Samuel Thibault schrieb am 09.12.2016, 20:19 +0100:
 This is very likely the same bug as
 https://bugs.freedesktop.org/show_bug.cgi?id=98464 which has a proposed
 patch, could you check try?
>>> Thanks, that patch solves the issue.
>>
>> Can you try with xserver-xorg-input-libinput 0.23.0-1, which I just uploaded?
> Have you applied the very same patch? If so, I have been overoptimistic. The
> problem persists.

I haven't applied any patch.

>> If that doesn't help, please send a backtrace with debugging symbols to the
>> upstream bug.
> I'd say the issues are unrelated, I have a null pointer in a LED update
> function, the upstream bug fixes something else.

You said the patch in that upstream bug fixed your problem. That patch isn't
applied, but upstream said that other changes may have fixed this, hence why I
asked to retest.

> What about the patch that I've submitted, is that problematic?

You should send it upstream. But hopefully with a gdb backtrace, upstream can
figure it out. Let's see what happens in
https://bugs.freedesktop.org/show_bug.cgi?id=98464

Emilio

Bug#774135:

[Jeremy Visser]

I can reproduce this bug by having an ssh-agent that has no keys loaded.

$ ssh-add -L
ssh-rsa foobar jeremy@localhost

# Works fine:
$ mc sftp://myserver.local

$ ssh-add -D
All identities removed.
$ ssh-add -L
The agent has no identities.

# Broken:
$ mc sftp://myserver.local
Cannot chdir to "sftp://myserver.local/";
Resource temporarily unavailable (11)

Bug#847612: [Pkg-nagios-devel] Bug#847612: monitoring-plugins-basic lost OpenSSL support

[Jan Wagner]

Hi Sebastian,

Am 13.12.16 um 21:54 schrieb Sebastian Andrzej Siewior:
> Could someone please enlighten me what is wrong here? The dep in -2 is
>   libssl-dev | libssl1.0-dev
> which makes no sense becuase it should be either the one or the other.
> So the -2 build took libssl-dev and built against 1.1.0 successfully (as
> far as I can tell). This means that the libssl1.0-dev could be dropper
> because it was not used on the buildd.

you are true. I missed that libssl-dev in jessie is 1.0.1.

Cheers, Jan.
-- 
Never write mail to , you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS
PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y
--END GEEK CODE BLOCK--



signature.asc
Description: OpenPGP digital signature

Bug#829380: Orthanc 1.2.0

[Karsten Hilbert]

On Wed, Dec 14, 2016 at 10:43:07AM +0100, Sebastien Jodogne wrote:

> > Well, once Orthanc 1.2 shows up in my sources.lst I will test
> > the suggested script and report back. Since I don't assume
> > Orthanc 1.1 -> 1.2 to actually need a database upgrade (?) I
> > expect the script to gracefully do nothing.
> 
> Indeed, an upgrade of the Orthanc database is only necessary if the version
> of the DB changes.

I know.

> The last modification of the DB schema was introduced in Orthanc 0.9.5
> (released on December 2nd, 2015).

I recalled as much which is why I inferred that, currently,
no upgrade is necessary.

> the database schema is now considered as stable

I sure wish that to be so but there's always Famous Last Words.

> Furthermore, I personally feel that the upgrade process should imply a
> manual operation from the user.

Sure.

> As a consequence, I am not convinced that providing an automated script is 
> necessary.

No one suggested an _automated_ script.

I suggest to provide a script which calls "Orthanc -upgrade"
in the Debian-specific technically proper way _when run by
the user_. Which is what the suggested script does.

Karsten
-- 
GPG key ID E4071346 @ eu.pool.sks-keyservers.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346

Bug#750138: scap-workbench

[Petter Reinholdtsen]

[Petter Reinholdtsen]
> Is there a IRC channel where the SCAP tools in Debian are coordinated?

Perhaps we can meet on #debian-security as a start?  I notice Pierre and I
are there already.  What about the rest of you?

-- 
Happy hacking
Petter Reinholdtsen

Bug#848046: glances: upgrade fails when server is disabled

[Ingo Saitz]

On Tue, Dec 13, 2016 at 11:47:32AM -0500, Daniel Echeverry wrote:
> thanks for your report, Unfortunately I can't reproduce this issue,
> Could you confirm from which glances version are you trying to update?

>From /var/lib/dpkg.log:
2016-12-13 12:27:44 upgrade glances:all 2.6.2-2 2.7.1.1-1

So I was just upgrading from the previous glances version in unstable,
2.6.2-2. But I think the upgrade might be broken longer, Since this is
the first upgrade of this package on my system:

2016-11-12 14:49:01 install glances:all  2.6.2-2

Have you tried upgrading (using sysvinit as init) without running
glances server? The problem is, i believe, in the initscript, which gets
called as /etc/init.d/glances reload on upgrade, but exits with an error
code if the glances server is configured not to run. I have attached a
patch for the initscript, which fixes the return code from
/etc/init.d/glances reload by ignoring the failure to stop the glances
server, when none should be running.

Regards,
Ingo
-- 
 ╭─╮  Kennedy's Lemma:
╭│───╮  If you can parse Perl, you can solve the Halting Problem.
│╰─│─╯
╰──╯  http://www.perlmonks.org/?node_id=663393
--- a/etc/init.d/glances	2016-12-14 11:14:04.0 +0100
+++ b/etc/init.d/glances	2016-12-14 11:13:43.0 +0100
@@ -118,7 +118,12 @@ case "$1" in
 ;;
   *)
 # Failed to stop
-log_end_msg 1
+if [ "$RUN" != "true" ]; then
+log_action_msg "disabled by /etc/default/$NAME"
+log_end_msg 0
+else
+log_end_msg 1
+fi
 ;;
 esac
 ;;

Bug#848123: planet-venus: does not preserve the isPermalink attribute in guid tag

[Raphaël Hertzog]

Package: planet-venus
Version: 0~git9de2109-3
Severity: important

I have trying to use dlvr.it to forward the Planet Debian feed to
the @planetdebian twitter account but the feed is refused because
it is not valid.

The W3C validator often returns this error:

This feed does not validate.

line 334, column 82: guid must be a full URL, unless isPermaLink attribute 
is false (3 occurrences) [help]

... -12-11:~cjwatson/blog/cve-2015-1336.html

When you look more closely, the original RSS feed has ... but Planet's RSS feed drops the isPermalink
attribute and thus renders the feed invalid.

The problem explains this type of error too:

line 3459, column 63: Invalid character in a URI: https://danielpocock.com/322 
at https://danielpocock.com [help]

https://danielpocock.com/322 at https://danielpocock.com

See 
https://validator.w3.org/feed/check.cgi?url=http%3A%2F%2Fplanet.debian.org%2Frss20.xml
if you want to look it up by yourself.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#848124: proftpd-dev: Depends on wrong SSL version

[Hilmar Preuße]

Package: proftpd-dev
Version: 1.3.5b-1
Severity: important

Hi all,

bug could be grave, I'm not sure.

We still use the OpenSSL 1.0 suite in 1.3.5b-1. Unfortunately I forgot to
fix the dep line in d/control, so proftpd-dev still tries to pull in the
OpenSSL 1.1 line. I'll update git.

Hilmar
-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 4.8.0-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#846843: Ulogd creates log directory, log files world readable by default

[Chris Boot]

Control: tag -1 confirmed

On 03/12/2016 16:30, halfdog wrote:
> After a fresh install of ulogd2, logging directory has following
> permissions:
> 
> # ls -al /var/log/ulog
> total 8
> drwxr-xr-x  2 root root 4096 Dec  3 16:22 .
> drwxr-xr-x 10 root root 4096 Dec  3 16:22 ..
> -rw-r--r--  1 root root0 Dec  3 16:22 syslogemu.log
[snip]

Hi halfdog,

You're right, the permissions of the initially created file are
inadequate. This is corrected once the log is rotated using logrotate,
but there is of course a window during which the permissions aren't good.

Let me see what I can do to tighten up the permissions on the initial
install. Expect an update soon.

Regards,
Chris

-- 
Chris Boot
bo...@debian.org
GPG: 8467 53CB 1921 3142 C56D  C918 F5C8 3C05 D9CE 



signature.asc
Description: OpenPGP digital signature

Bug#845753: Help: r-cran-treescape does not build on i386, armel and armhf any more

[Christian Seiler]

Hi Andreas,

On 12/14/2016 08:50 AM, Christian Seiler wrote:
> I'm going to try an i386 build in a VM running a stable kernel
> and see if that does indeed change things and if I can reproduce
> the problem. Should that not be the issue though then I really
> can't reproduce the problem - and hence won't be able to debug
> it... Let's see...

Indeed: in a VM with Jessie + sbuild from jessie-backports the
build fails with a segfault:

** preparing package for lazy loading
Creating a generic function for 'toJSON' from package 'jsonlite' in package 
'googleVis'
Error: segfault from C stack overflow
* removing 
'/<>/debian/r-cran-treescape/usr/lib/R/site-library/treescape'
dh_auto_install: R CMD INSTALL -l 
/<>/debian/r-cran-treescape/usr/lib/R/site-library --clean . 
--built-timestamp='Wed, 14 Dec 2016 06:45:37 +0100' returned exit code 1

Now that I can reporduce this, I'll investigate more later.

Regards,
Christian

Bug#848112: Python-skimage depends on unavailable package python-dask

[Ghislain Vaillant]

On 14/12/16 09:59, Ole Streicher wrote:

Since skimage is one of the central packages, I would again ask to put
it under science|python team maintenance. Especially when under some
time pressure (upcoming freeze, combined with autoremovals of packages)
it would help a lot if the problems could be debugged within a standard
Debian developer workflow, without the need to switch to github or so.


I second Ole's suggestion.

Moving to team-maintenance would really help and is pretty painless if 
you are already using git for storing the debianized sources. You would 
still remain the main maintainer(s), but one-off fixes like this could 
be pushed and rolled-out quicker by anyone from the team.


Please consider it.

Ghis

Bug#848125: bash-completion: Patch to allow '+' in (ssh/know_hosts) hostnames

[Vincent Danjean]

Package: bash-completion
Version: 1:2.1-4.3
Severity: normal
Tags: patch

  Hi,

  I'm using automatic gateway with ssh (and ProxyCommand) so that
ssh gw1+gw2+host will correctly setup a connection first to gw1,
then to gw2 (via gw1 and ProxyCommand) and eventually with host
(via gw2 and ProxyCommand) whatever gw1, gw2 and host are.
  To do that, I need the '+' character in ssh hostname. It works perfectly
with ssh, scp, rsync, ... but not with bash-completion. The reason is that
the '+' is not escaped when a regexp for awk is built in _known_hosts_real.

  The patch is really simple:
===
diff --git a/bash_completion b/bash_completion
index 6d3ba76..c640278 100644
--- a/bash_completion
+++ b/bash_completion
@@ -1484,6 +1496,7 @@ _known_hosts_real()
 # Escape slashes and dots in paths for awk
 awkcur=${cur//\//\\\/}
 awkcur=${awkcur//\./\\\.}
+awkcur=${awkcur//\+/\\\+}
 curd=$awkcur
 
 if [[ "$awkcur" == [0-9]*[.:]* ]]; then
=== 

  Note that the line number to apply this patch can be a bit changed
(all Debian quilt patch are currently applied in my source tree, so git
show lots of other unrelated changes)
  I also tried to apply my one-liner patch directly to
/usr/share/bash-completion/bash-completion on my system. I can now
autocomplete hostnames with '+' in them.

  Regards,
Vincent


-- System Information:
Debian Release: stretch/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), 
(200, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, mipsel

Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bash-completion depends on:
ii  bash  4.4-2
ii  dpkg  1.18.15

bash-completion recommends no packages.

bash-completion suggests no packages.

-- no debconf information

Bug#750138: scap-workbench

[Petter Reinholdtsen]

I did a test build in unstable using the code from
git://anonscm.debian.org/users/franklin-guest/scap-workbench.git and litian
discovered these issues:

W: scap-workbench source: ambiguous-paragraph-in-dep5-copyright paragraph at 
line 22
W: scap-workbench source: missing-license-text-in-dep5-copyright Expat 
(paragraph at line 22)
W: scap-workbench source: missing-license-paragraph-in-dep5-copyright gpl-2+ 
(paragraph at line 13)
W: scap-workbench source: ancient-standards-version 3.9.6 (current is 3.9.8)

The first two are due to this typo in d/copyright:

Copyright: 2012-2013 Dan Allen 
   2012-2013 Ryan Waldron 
License: Expat

This block do not specify which files it relates to.  The GPL-2+ issue is
simply a missing license block in the file.  Once these are fixed I would be
happy to upload the package.  You might want to check out
https://wiki.debian.org/CopyrightReviewTools > to learn about tools to
check d/copyright.

I notice a new version is available from upstream.  Do you plan to update
the version in git before uploading.  The git repo seem to lack a pristine-tar
branch.  Is this intentional?
-- 
Happy hacking
Petter Reinholdtsen

Bug#848022: linux-image-4.7.0-1-grsec-amd64: fails to use hp-health. hpasmlited segfault

[KLEINDIENST Eric]

Hi,

It's not a GRSEC problem. 
We have the same issue with the non-grsec kernel (4.7.0-0.bpo.1-amd64 )

I check on HP forum and find this topic 
https://community.hpe.com/t5/Insight-Control-for-Linux/hp-health-hpasmlited-Debian-segfault/td-p/6921253

I try this workaround and it's OK.

Best regards,

-Original Message-
From: Yves-Alexis Perez [mailto:cor...@debian.org] 
Sent: mardi 13 décembre 2016 21:30
To: Network Services; 848...@bugs.debian.org
Subject: Re: Bug#848022: linux-image-4.7.0-1-grsec-amd64: fails to use 
hp-health. hpasmlited segfault

control: severity -1 important
control; tag -1 moreinfo

On Tue, 2016-12-13 at 11:18 +0100, Network Services wrote:
>    * What led up to the situation? : service hp-health won't start anymore. 

Did it ever start on a grsec kernel?
>    * What exactly did you do (or not do) that was effective (or
>  ineffective)? : package work on 3.16.0-4-amd64 kernel but crash on this
> one. Error in kern.log
> 
> 2016-12-13T11:02:28+01:00 taal kernel: : [  543.675893] x86/PAT:
> hpasmlited:32223 map pfn expected mapping type uncached-minus for [mem
> 0xdf7fe000-0xdf7fefff], got write-back
> 2016-12-13T11:02:28+01:00 taal kernel: : [  543.676037] hpasmlited[32223]:
> segfault at 0 ip 00422afb sp 03fc131c6b50 error 4 in
> hpasmlited[20+238000]

I'm not familiar with hpasmlited and how it works so you might want to explain
that. Also it's apparently not in Debian so I won't be able to provide any
help.

In any case, my guess would be that it tries to map some page RWX and PaX
won't allow that. It doesn't expect mmap or mprotect to fail and thus crashes
like that (it's a bug in hpasmlited in any case). You might want to look at
the sources if you have them, and you might want to run it under strace just
to check if that's a mmap/mprotect call failing.

Regards,
-- 
Yves-Alexis

Bug#847426: RFS: fortune-zh/2.0

[lumin]

Hi,

Uploaded updated fortune-zh package to mentors:

https://mentors.debian.net/debian/pool/main/f/fortune-zh/fortune-zh_2.0.dsc

The changes I've made can be viewed here:

https://anonscm.debian.org/git/chinese/fortune-zh.git/log/
(the latest 3 commits)

Buildlog is good although DoM-amd64 seems problematic:
http://debomatic-amd64.debian.net/distribution#unstable/fortune-zh/2.0/buildlog

Is this acceptable?

Bug#838703: libinput10: leads to a crash of X when working in a virtual tty

[Samuel Thibault]

Sebastian Humenda, on Wed 14 Dec 2016 11:05:04 +0100, wrote:
> >If that doesn't help, please send a backtrace with debugging symbols to the
> >upstream bug.
> I'd say the issues are unrelated, I have a null pointer in a LED update
> function, the upstream bug fixes something else.

The upstream bug is about a null pointer in a LED update too.

Samuel

Bug#847681: packaging repository and sid diverging? Various fixes needed.

[Sven Geggus]

Daniel Pocock schrieb am Mittwoch, den 14. Dezember um 11:01 Uhr:

> Would you consider uploading it or proposing it in mentors.debian.net?
> Please also send details on the gss-proxy ITP bug.

Robbie is the one with the ITP bug, not me :)

I just pushed my custom package data to github though:
https://github.com/giggls/gssproxy

> Personally, I am very unlikely to have time to do that test before the
> freeze in January.

Hm, I consider a non working NFS4 client/server a release critical bug.

Regards

Sven

-- 
# Turn on/off security.  Off is currently the default
(found in MongoDB default configfile)

/me is giggls@ircnet, http://sven.gegg.us/ on the Web

Bug#848126: dh-r: should use buildflags from package to be built instead of r-base

[James Cowgill]

Package: dh-r
Version: 20161130
Severity: wishlist

Hi,

While looking at a package using dh-r, I noticed that it doesn't respond
to setting funky DEB_BUILD_OPTIONS flags (eg enabling address
sanitizer). It seems that when R packages are compiled, the buildflags
which were used when r-base was compiled are used instead of the
buildflags dpkg-buildflags gives. This can be seen from the fact that
the buildflags of dh-r packages contain
"-fdebug-prefix-map=/build/r-base-...". It would be good if dh-r could
somehow override the buildflags so DEB_BUILD_OPTIONS works properly.

I am not at all familiar with the R build system - this may in fact be a
bug in r-base so please reassign it if it needs to be fixed there instead.

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#847932: hexchat-otr: FTBFS: hexchat_otr.h:18:28: fatal error: hexchat-plugin.h: No such file or directory

[Petter Reinholdtsen]

[Chris Lamb]
> hexchat-otr fails to build from source in unstable/amd64:

Thank you for letting us know.  The file seem to have moved to hexchat-dev.
-- 
Happy hacking
Petter Reinholdtsen

Bug#848093: RFS: manpages-zh/1.5.4.1-1

[Gianfranco Costamagna]

control: owner -1 !
control: tags -1 moreinfo



>manpages-zh - Chinese manual pages


lets see, even if I don't speak such language, changes seems about
packaging:
d/compat <-- still "9"

this is why you didn't drop "--with autoreconf" from rules file, right?
(please drop it)


debian/copyright.old seems useless, right?

why did you drop all the manpages?
the old package was installing a lot of stuff
https://packages.debian.org/sid/all/manpages-zh/filelist

the new one seems to install only one
http://debomatic-amd64.debian.net/distribution#unstable/fortune-zh/2.0/contents
(but they are available inside the sources)

Gianfranco

Bug#848059:

[Schöke]

Hi,

the problem is, that tomcat7 don't use the proxy.
The tomcat6 use this option on the same server...

tomcat7/javaopts: -Djava.awt.headless=true -Xmx4096m -XX:+UseConcMarkSweepGC 
-XX:MaxPermSize=1024m -XX:+UseParNewGC -XX:MaxNewSize=512m -XX:NewSize=512m 
-XX:SurvivorRatio=128 -XX:MaxTenuringThreshold=0 -XX:+UseTLAB 
-XX:+CMSClassUnloadingEnabled -Dhttp.proxySet=true 
-Dhttp.proxyHost=10.xxx.xx.xx -Dhttp.proxyPort=3128 
-Dhttps.proxyHost=10.xxx.xx.xx -Dhttps.proxyPort=3128 
-Dhttp.nonProxyHosts=*.domain.local

Tomcat Applications can't connect services over the proxy on Dhttp.proxyHost on 
Dhttp.proxyPort

regards Karsten

Bug#848127: ITP: fsm -- state machine library

[Matteo F. Vescovi]

Package: wnpp
Owner: Matteo F. Vescovi 
Severity: wishlist

* Package name: fsm
  Version : 0.2.1
  Upstream Author : Thomas Fitzsimmons 
* URL or Web page : http://elpa.gnu.org/packages/fsm.html
* License : GPL-2+
  Description : state machine library

 fsm.el is an exercise in metaprogramming inspired by gen_fsm of
 Erlang/OTP. It aims to make asynchronous programming in Emacs Lisp
 easy and fun. By "asynchronous" I mean that long-lasting tasks
 don't interfer with normal editing.

 Some people say that it would be nice if Emacs Lisp had threads
 and/or continuations. They are probably right, but there are few
 things that can't be made to run in the background using facilities
 already available: timers, filters and sentinels. As the code can
 become a bit messy when using such means, with callbacks everywhere
 and such things, it can be useful to structure the program as a
 state machine.

 In this model, a state machine passes between different "states",
 which are actually only different event handler functions. The
 state machine receives "events" (from timers, filters, user
 requests, etc) and reacts to them, possibly entering another state,
 possibly returning a value.

 The essential macros/functions are:

 define-state-machine  - create start-FOO function
 define-state  - event handler for each state (required)
 define-enter-state- called when entering a state (optional)
 define-fsm- encapsulates the above three (more sugar!)
 fsm-send  - send an event to a state machine
 fsm-call  - send an event and wait for reply

 fsm.el is similar to but different from Distel:
 http://fresh.homeunix.net/~luke/distel/>
 Emacs' tq library is a similar idea.


-- 
Matteo F. Vescovi


signature.asc
Description: PGP signature

Bug#844403: src:nfft: FTBFS on ppc64el

[Ghislain Vaillant]

On Mon, 12 Dec 2016 13:09:10 -0200 Breno Leitao  wrote:

> Sure.  Since the problem is only related to long double, you can bypass
> either all the tests on ppc64el, or, disable long double on ppc64el and keep
> the tests. Either way it should work.

In fact, I came up with a better solution. Just disable the tests for long on
ppc64el.

Let me know if it works for you.

Thank you,
Breno


Yes I was about to do the same. I'll teak your patch slightly to handle 
powerpc as well, since it suffers from the same problem as ppc64el.


Thanks for your contribution. Let me know if a long-term solution comes 
up later.


Ghis

Bug#847100: [#ICF-674-66436]: Bug#847100: Acknowledgement (mirror listing update for debian.mirror.globo.tech)

[GloboTech]

Greetings,

We are trying to update the record debian.mirror.gtcomm.net by 
debian.mirror.globo.tech since more than two weeks now, can you please see 
what's going on with this case ?
And let us know if there is anything missing on your side; Thank you in advance,

847100: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847100

GloboTech Team.


==
Sebastien Francois
System Administrator
GloboTech Communications
Phone: 1-514-907-0050
Toll Free: 1-(888)-GTCOMM1
Fax: 1-(514)-907-0750
supp...@globo.tech
https://globo.tech


Ticket Details
-
Ticket ID: ICF-674-66436
Department: Support
Type: Issue
Status: In Progress
Priority: Medium

Support Center: http://support.globo.tech/index.php?

Bug#844403: src:nfft: FTBFS on ppc64el

[Breno Leitao]

Hi Ghis,

On 12/14/2016 09:30 AM, Ghislain Vaillant wrote:
> Thanks for your contribution. Let me know if a long-term solution comes up
> later.

Sure. I closed the bug on the changelog, but, you can keep it open to track
the final and long term solution.

Bug#848127: ITP: fsm -- state machine library

[Bálint Réczey]

Hi Matteo,

2016-12-14 12:27 GMT+01:00 Matteo F. Vescovi :
> Package: wnpp
> Owner: Matteo F. Vescovi 
> Severity: wishlist
>
> * Package name: fsm

Fsm is very generic, something like elpa-fsm would be a better fit IMO.

Cheers,
Balint

>   Version : 0.2.1
>   Upstream Author : Thomas Fitzsimmons 
> * URL or Web page : http://elpa.gnu.org/packages/fsm.html
> * License : GPL-2+
>   Description : state machine library
...

Bug#847681: 847681

[Tom H]

On Tue, 13 Dec 2016 22:09:07 +0100 Andreas Henriksson  wrote:
> On Tue, Dec 13, 2016 at 09:52:10PM +0100, Daniel Pocock wrote:


>> Even if you are not sure, simply spending 10 - 15 minutes hunting for
>> an example in another project and adding the links to the bug report
>> can give another developer a head-start when they are ready to work on
>> the bug. We are a community project and every contribution, no matter
>> how small, can be helpful.
>
> I would suggest tagging these both as wontfix. Adding even more options
> to the broken concept of /etc/default just adds to the maintenance burden
> of having to carry this over via the nfs-utils_env.sh bridge.

"/etc/default/" isn't broken. It is/was broken
_in_Debian_for_certain_packages_ because a service can/could be
disabled with a variable there.

It's a legitimate and useful way to customize daemon startup.


> Both /etc/default/nfs-kernel-server and the init script are conffiles.
> Edit them directly as you see fit to suite your installation if you're
> still using this old stuff. They will not be overwritten on upgrades.
>
> On systemd there's a better concept of overriding settings so you don't
> need to (and should avoid to) deal with /etc/default anymore.

NFS has so many settings and so many sysvrc/systemd startup files that
editing them or creating overrides/drop-ins is a PitA. Especially
since an admin can check with

root@localhost ~ # egrep -v '^#|^$|NEED' /etc/default/nfs-*
/etc/default/nfs-common:STATDOPTS="--port 32765 --outgoing-port 32766"
/etc/default/nfs-kernel-server:RPCNFSDCOUNT="8 --no-nfs-version 2
--no-nfs-version 3"
/etc/default/nfs-kernel-server:RPCNFSDPRIORITY=0
/etc/default/nfs-kernel-server:RPCMOUNTDOPTS="--manage-gids
--no-nfs-version 2 --no-nfs-version 3 --port 32767"
/etc/default/nfs-kernel-server:RPCSVCGSSDOPTS="-v -k /root/test.keytab
-p /run/rpc_pipefs"
root@localhost ~ #

what's being passed to the nfs units.

The url below is the nfs upstream systemd units

http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=tree;f=systemd;hb=HEAD

where steved is Steve Dickson, an RH developer who's a systemd happy
camper. If upstream and RHEL are happy to use "/etc/sysconfig/" (the
RH "/etc/default/"), I don't see why Debian should be "plus royaliste
que le roi" and get rid of "/etc/default/" for nfs.

Ubuntu's packaged the upstream units and adapted them to the
Ubuntu/Debian setup so whoever's packaging nfs for Debian might only
need to copy the relevant "./debian/" files to the Debian source
package.

Bug#848128: RFS: rear/1.19-1 ITP: rear -- Bare metal disaster recovery and system migration framework

[Frederic Bonnard]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "rear". Previous RFS was
sponsored but got rejected by ftpmasters because one file was not DFSG
compliant (this documentation file was removed in current packaging and
source code was repacked without it).

 Package name: rear
 Version : 1.19-1
 Upstream Author : Schlomo Schapiro, Gratien D'haese, Stefan Semmelroggen, Peer 
Heinlein, Dag Wieers, Jeroen Hoekx
 URL : https://github.com/rear/rear/
 License : GPL-3+, LGPL-2.1+, GPL-2+
 Section : admin

It builds those binary packages:

  rear  - Bare metal disaster recovery and system migration framework
  rear-doc   - Bare metal disaster recovery and system migration framework 
(documentation)

To access further information about this package, please visit the following 
URL:

https://mentors.debian.net/package/rear


Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/r/rear/rear_1.19+dfsg-1.dsc

More information about rear can be obtained from http://relax-and-recover.org/

Note:
  There is a load of Info lintians but this is due to the fact that rear embeds
  skeleton files/dirs that won't be use by the system installing rear, but
  those files will be used by the rear OS created to be booted later.


Regards,
 Frederic Bonnard

Bug#848129: pie-link specs should not be passed when pie is not enabled

[Matthias Klose]

Package: dpkg-dev
Version: 1.18.15
Severity: important
Tags: sid stretch

This is seen on all architectures where pie is not enabled by default. These
specs should not be passed when pie is not in effect.  Seen only when looking at
the python2.7 ftbfs on x32.  And verified that the python2.7 build succeeds
again when the specs are not passed.

Bug#635711: monkeysphere: post-installation script returned error exit status 141

[Andreas Beckmann]

Followup-For: Bug #635711
Control: found -1 0.37-2

Hi,

this is again reproducible in jessie:

  Selecting previously unselected package monkeysphere.
(Reading database ... 8757 files and directories currently installed.)
  Preparing to unpack .../monkeysphere_0.37-2_all.deb ...
  Unpacking monkeysphere (0.37-2) ...
  Setting up monkeysphere (0.37-2) ...
  adding monkeysphere user...
  ms: setting up Monkeysphere authentication trust core...
  Failed running transition script /usr/share/monkeysphere/transitions/0.23
  dpkg: error processing package monkeysphere (--configure):
   subprocess installed post-installation script returned error exit status 141
  Errors were encountered while processing:
   monkeysphere

Repeated the test several times. It's passing sometimes and only fails
in about 3 out of 4 tries.


Andreas


msph.log.gz
Description: application/gzip

Bug#828577: The patch is upstream

[Dimitri John Ledkov]

On Tue, 06 Dec 2016 17:38:01 -0500 "Hon Ching(Vicky) Lo"
 wrote:
> On Sun, 2016-11-20 at 18:04 +0100, Pierre Chifflier wrote:
> > On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote:
> > > On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote:
> > > > Hi
> > > >
> > > > The patch is upstream:
> > > > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/
> > > >
> > > >
> > > > Thanks,
> > > > Vicky
> > >
> > > The patch above is based off the latest code in tpm-tools 1.3.9.  Please
> > > rebase to tpm-tools 1.3.9 to pick up the patch instead.  Thanks!
> > >
> >
> > Hi,
> >
> > Version 1.3.9 does not fix the build with OpenSSL 1.1. It still fails
> > with the following error:
> >
> > gcc -DHAVE_CONFIG_H -I. -I../..  -I../../include -D_LINUX -Wdate-time 
> > -D_FORTIFY_SOURCE=2  -g -O2 
> > -fdebug-prefix-map=/home/pollux/DEBIAN/TPM-TOOLS/tpm-tools=. 
> > -fstack-protector-strong -Wformat -Werror=format-security -m64 -Wall 
> > -Wno-unused -Wno-implicit-function-declaration -Wreturn-type -Wsign-compare 
> > -c -o data_import.o data_import.c
> > data_import.c: In function ‘readX509Cert’:
> > data_import.c:375:26: error: dereferencing pointer to incomplete type 
> > ‘EVP_PKEY {aka struct evp_pkey_st}’
> >   if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
> >   ^~
> > In file included from /usr/include/openssl/asn1.h:24:0,
> >  from /usr/include/openssl/rsa.h:16,
> >  from data_import.c:34:
> > data_import.c: In function ‘createRsaPubKeyObject’:
> > data_import.c:694:34: error: dereferencing pointer to incomplete type 
> > ‘RSA {aka struct rsa_st}’
> >   int  nLen = BN_num_bytes( a_pRsa->n );
> >   ^
> > Makefile:524: recipe for target 'data_import.o' failed
> >
> > OpenSSL decided not to allow access to these fields anymore. At this
> > point, I have no idea on how to fix this.
> >
> > Best regards,
> > Pierre
> >
> Hi Pierre,
>
>
> OpenCryptoki builds the TPM token that can communicate with a TPM.
> Thus, the PKCS#11 support in tpm-tools wasn't necessary.  The build
> in version 1.3.9 does not include the pkcs#11 support by default.
> If Debian enables that support by default, please disable it.
>

I have cherry-picked upstream patches for opencryptoki into
experimental and it builds against openssl 1.1 there.
Could you please update tpm-tools to 1.3.9 in experimental, and if
everything buids and is fine it should be good to go into unstable
too, no?
Or is there more porting to do in the optional code?

Note, Debian by default, enables as many features in packages as
practically useful and possible. Why should we regress feature parity
in the new release?

Regards,

Dimitri.

Bug#848130: pulseaudio-module-bluetooth: cannot switch to a2dp profile

[Mo Weng]

Package: pulseaudio-module-bluetooth
Version: 9.0-5
Severity: important
Tags: upstream

part result of "pacmd list-cards" about bt device:

name: 
properties:
...
device.api = "bluez"
...
profiles:
headset_head_unit: Headset Head Unit (HSP/HFP) (priority 20, available:
unknown)
a2dp_sink: High Fidelity Playback (A2DP Sink) (priority 10, available:
no)
off: Off (priority 0, available: yes)
==

result of "pacmd set-card-profile 7 a2dp_sink":

Failed to set card profile to 'a2dp_sink'.

==

I can see a2dp option in gnome-control-center -> sound but can't switch to it.

And when I try to swtich to a2dp_sink in blueman-manager, it shows "Failed to
change profile to a2dp_sink"



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pulseaudio-module-bluetooth depends on:
ii  bluez5.43-1
ii  libc62.24-8
ii  libcap2  1:2.25-1
ii  libdbus-1-3  1.10.14-1
ii  libpulse09.0-5
ii  libsbc1  1.3-1
ii  pulseaudio   9.0-5

pulseaudio-module-bluetooth recommends no packages.

pulseaudio-module-bluetooth suggests no packages.

-- no debconf information

Bug#848131: libmpich.so.12: cannot open shared object file: No such file or directory

[Ximin Luo]

Package: tachyon-bin-nox
Version: 0.99~b6+dsx-6
Severity: grave
Tags: patch
Justification: renders package unusable

Dear Maintainer,

This package is missing either a direct or indirect dependency libmpich12:

(unstable-amd64-sbuild)infinity0:/build/sagemath-fBCYuv/sagemath-7.4$ 
tachyon-nox
tachyon-nox: error while loading shared libraries: libmpich.so.12: cannot open 
shared object file: No such file or directory

$ apt-file search libmpich.so.12
libmpich12: /usr/lib/x86_64-linux-gnu/libmpich.so.12

After I install the package, it works.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#846385: imagemagick: Potential ABI break upstream (without SONAME change)

[roucaries bastien]

On Wed, Dec 14, 2016 at 1:28 PM, roucaries bastien
 wrote:
> On Tue, Dec 13, 2016 at 12:21 AM, Emilio Pozuelo Monfort
>  wrote:
>> On 09/12/16 22:37, roucaries bastien wrote:
>>> control: forwarded -1 https://github.com/ImageMagick/ImageMagick/issues/320
>>>
>>> Dear realease team,
>>>
>>> What is the next step?
>>
>> In which version was the ABI break introduced?
>
> It was introduced more than 2 years ago ( 6.9.2-10). One version after
> jessie what lie in unstable before jessie release.
>>
>> In general I would prefer the change to be reverted, but depending on how 
>> long
>> this has been in the archive, and in order to stay up to date for security
>> fixes, it may be best to do the soname bump.
>
> From a security point of view, I prefer recent version. I do not want
> to keep jessie version with huge patch queue for
>>
>> Can you check if your rdeps build fine against a new imagemagick?
>
> What i will do i will set on unstable the newer version with so dump
> and will begin to rebuilt on pbuilder. Normally it will be fine.

s/unstable/experimental/g
>
> I wish to have abi checker on the debian side
>
> Bastien
>>
>> Emilio

Bug#846385: imagemagick: Potential ABI break upstream (without SONAME change)

[roucaries bastien]

On Tue, Dec 13, 2016 at 12:21 AM, Emilio Pozuelo Monfort
 wrote:
> On 09/12/16 22:37, roucaries bastien wrote:
>> control: forwarded -1 https://github.com/ImageMagick/ImageMagick/issues/320
>>
>> Dear realease team,
>>
>> What is the next step?
>
> In which version was the ABI break introduced?

It was introduced more than 2 years ago ( 6.9.2-10). One version after
jessie what lie in unstable before jessie release.
>
> In general I would prefer the change to be reverted, but depending on how long
> this has been in the archive, and in order to stay up to date for security
> fixes, it may be best to do the soname bump.

>From a security point of view, I prefer recent version. I do not want
to keep jessie version with huge patch queue for
>
> Can you check if your rdeps build fine against a new imagemagick?

What i will do i will set on unstable the newer version with so dump
and will begin to rebuilt on pbuilder. Normally it will be fine.

I wish to have abi checker on the debian side

Bastien
>
> Emilio

Bug#848114: flightgear: Allows the route manager to overwrite arbitrary files

[Markus Wanner]

Control: tags -1 +pending

Hello Florent,

thanks a lot for your notification and the patch(es). Uploads to stable
(security) and unstable should follow, shortly.

Kind Regards

Markus Wanner




signature.asc
Description: OpenPGP digital signature

Bug#847681: packaging repository and sid diverging? Various fixes needed.

[Daniel Pocock]

On 14/12/16 12:12, Sven Geggus wrote:
> Daniel Pocock schrieb am Mittwoch, den 14. Dezember um 11:01 Uhr:
> 
>> Would you consider uploading it or proposing it in mentors.debian.net?
>> Please also send details on the gss-proxy ITP bug.
> 
> Robbie is the one with the ITP bug, not me :)
> 
> I just pushed my custom package data to github though:
> https://github.com/giggls/gssproxy
> 
>> Personally, I am very unlikely to have time to do that test before the
>> freeze in January.
> 
> Hm, I consider a non working NFS4 client/server a release critical bug.
> 

If it is definitely not working, you are welcome to open an RC bug, then
more members of the community can comment on the severity - but first
somebody needs to test and see if such a bug exists.

If the latest NFS / kernel combination in sid definitely won't work
without gss-proxy then you could open an RC bug against the nfs-utils
package on that basis.

Regards,

Daniel

Bug#767682: Installer still hangs when reformatting partition space, bug #767682

[Alfred Egger]

> I can confirm, that the problem still exists in the 
> debian-8.6.0-i386-DVD-1.iso image!

I can confirm that this bug came back and hangs the installer at 33%
while trying to format a partition to ext4.
I am using a preseed file to set up Debian Jessie. This preseed file
worked flawlessly before for quite a long time.

Thank you

-- 
Alfred Egger

http://dbresearch.uni-salzburg.at

Bug#779655: r22824 - in trunk/packages/invesalius/trunk/debian: . patches

[Thiago Franco de Moraes]

Hi Andreas,

The InVesalius development has been very slow in last months, because of some 
problems (non related to InVesalius) we are having to solve here. I'll try to 
show some message warning the user about InVesalius not handling these type of 
images.

Best regards.

- Original Message -
From: "Andreas Tille" 
To: "Thiago Franco Moraes" 
Cc: 779...@bugs.debian.org
Sent: Wednesday, December 14, 2016 5:28:50 AM
Subject: Re: r22824 - in trunk/packages/invesalius/trunk/debian: . patches

> On Tue, Nov 08, 2016 at 06:23:00PM +, Thiago Franco Moraes wrote:
> > Hi Andreas,
> > 
> > We are now working in a new InVesalius version. This commit to the debian
> > package is just to adapt to the new (3.1, unstable yet) invesalius version.
> > I was only antecipating the changes to make the package to version we are
> > going to release soon. Sorry if I behave incorrectly.

BTW, do you intend to fix

   https://bugs.debian.org/779655

in the new version?

Kind regards

   Andreas.

-- 
http://fam-tille.de

Bug#848093: RFS: manpages-zh/1.5.4.1-1

[Boyuan Yang]

2016-12-14 19:20 GMT+08:00 Gianfranco Costamagna :
> d/compat <-- still "9"
>
> this is why you didn't drop "--with autoreconf" from rules file, right?
> (please drop it)

Yes. Problem solved.

>
>
> debian/copyright.old seems useless, right?

Initially I wanted to keep it inside the source package, but on a second thought
it is indeed useless. Deleted.

> why did you drop all the manpages?
> the old package was installing a lot of stuff
> https://packages.debian.org/sid/all/manpages-zh/filelist
>
> the new one seems to install only one
> http://debomatic-amd64.debian.net/distribution#unstable/fortune-zh/2.0/contents
> (but they are available inside the sources)

This is fortune-zh package, not manpages-zh. (Though both are under the "Debian
Chinese Team" umbrella :-p )

Indeed I dropped ~15 man pages but there are still 200+ left.

Please visit 
http://debomatic-amd64.debian.net/distribution#unstable/manpages-zh/1.5.4.1-1/buildlog
directly.


Now packages on deb-o-matic-amd64, mentors.d.o and git repo are all
updated again.

Thanks,

Boyuan Yang

Bug#848132: most is vulnerable to a shell injection attack using LZMA-compressed files

[Alberto Garcia]

Package: most
Version: 5.0.0a-1
Severity: grave
Tags: security patch
Justification: user security hole

Hello,

the most pager can automatically open files compressed with gzip,
bzip2 and (in Debian) LZMA.

This is done using popen() and, in earlier releases of most, it was
vulnerable to a shell injection attack.

most fixed this in v5.0.0 (released in 2007), but the Debian patch
that added LZMA support (bug #466574) remains vulnerable.

It is trivial to generate a file with a certain name and content that,
when opened with most, runs arbitrary commands in the user's computer.

most is also launched by other programs as a pager for text files
(example: an e-mail client that needs to open an attachment). If any
of those programs generates a temporary file name that can be set by
an attacker, then that can be used to break into the user's machine.
I don't have any example of such program, however.

All versions of most >= 5.0.0a-1 including 5.0.0a-2.5 in Debian
(and derivatives that include the LZMA patch) are vulnerable (older
versions are vulnerable in all distros as I explained earlier).

   https://security-tracker.debian.org/tracker/CVE-2016-1253

I'm attaching the debdiff with the patch. It simply replaces single
quotes with double quotes in the command passed to popen(). Double
quotes in the filename are escaped by most in order to prevent this
kind of attacks, but this offers no protection if the file name is
enclosed in single quotes.

Regards,

Berto

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages most depends on:
ii  libc6  2.24-7
ii  libslang2  2.3.1-5

most recommends no packages.

most suggests no packages.

-- no debconf information
diff -Nru most-5.0.0a/debian/changelog most-5.0.0a/debian/changelog
--- most-5.0.0a/debian/changelog	2016-08-05 02:55:52.0 +0300
+++ most-5.0.0a/debian/changelog	2016-12-14 14:31:29.0 +0200
@@ -1,3 +1,12 @@
+most (5.0.0a-2.6) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * lzma-support.patch:
+- Fix CVE-2016-1253 (shell injection attack when opening
+  lzma-compressed files).
+
+ -- Alberto Garcia   Wed, 14 Dec 2016 14:31:29 +0200
+
 most (5.0.0a-2.5) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru most-5.0.0a/debian/patches/lzma-support.patch most-5.0.0a/debian/patches/lzma-support.patch
--- most-5.0.0a/debian/patches/lzma-support.patch	2016-07-22 01:50:23.0 +0300
+++ most-5.0.0a/debian/patches/lzma-support.patch	2016-12-14 14:25:03.0 +0200
@@ -1,3 +1,5 @@
+Index: most-5.0.0a/src/file.c
+===
 --- most-5.0.0a.orig/src/file.c
 +++ most-5.0.0a/src/file.c
 @@ -77,7 +77,7 @@ static int create_gunzip_cmd (char *cmd,
@@ -32,13 +34,15 @@
  	
  	if (cmd != NULL)
  	  {
+Index: most-5.0.0a/src/file.h
+===
 --- most-5.0.0a.orig/src/file.h
 +++ most-5.0.0a/src/file.h
 @@ -22,6 +22,7 @@
  #define MOST_MAX_FILES 4096
  #define MOST_GUNZIP_POPEN_FORMAT "gzip -dc \"%s\""
  #define MOST_BZIP2_POPEN_FORMAT "bzip2 -dc \"%s\""
-+#define MOST_LZMA_POPEN_FORMAT "lzma -dc '%s'"
++#define MOST_LZMA_POPEN_FORMAT "lzma -dc \"%s\""
  
  extern void most_reread_file (void);
  extern void most_read_to_line (int);

Bug#848133: RFS: rdup/1.1.15-1.0

[Félix Sipma]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for a NMU of "rdup". I contacted the maintainer
(js...@debian.org) two weeks ago about this NMU, but he did not answered me.

  rdup - utility to create a file list suitable for making backups

Package: rdup
Version: 1.1.15-1.0
Upstream Author: Miek Gieben 
Homepage: https://github.com/miekg/rdup
License: GPL-3
Section: utils


Download with dget:

dget -x 
https://mentors.debian.net/debian/pool/main/r/rdup/rdup_1.1.15-1.0.dsc

Or build it with gbp:

gbp clone --pristine-tar https://git.gueux.org/rdup.git
cd rdup
gbp buildpackage

Thanks.


signature.asc
Description: PGP signature

Bug#835146: dpkg: please enable bindow hardening flag by default

[Bálint Réczey]

Hi All,

2016-11-06 13:20 GMT+01:00 Bálint Réczey :
> Hi Guillem,
>
> 2016-10-27 23:49 GMT+02:00 Bálint Réczey :
>> Hi,
>>
>> 2016-10-26 13:46 GMT+02:00 Bálint Réczey :
>>> Hi,
>>>
>>> 2016-10-26 5:00 GMT+02:00 Guillem Jover :
 Hi!

 On Thu, 2016-10-20 at 03:20:59 +0200, Bálint Réczey wrote:
> For the record gcc-6/6.2.0-7 enabled bindnow for the architectures
> where PIE is enabled by default. I think enabling bindnow from dpkg
> would be better through the hardening flags because packages could
> disable it in a nicer and already established way.

 Hmm, I don't get why bindnow was enabled by default in gcc, while
 relro (I'd assume) is not enabled by default, or is that enabled by
 default now too?
>>>
>>> Default relro is enabled only on Ubuntu among other flags. Enabling
>>> bindnow was Matthias' change and we did not discuss it in advance.
>>>
>>> http://sources.debian.net/src/gcc-6/6.2.0-9/debian/rules.patch/#L134
>>>

 IMO either relro + bindnow should be enabled in gcc, or neither
 should. I'm fine either way, but I find having a hardened compiler
 is actually good, because it gives also hardened output for
 non-packaged builds!
>>>
>>> I'm OK either way. IMO those can be enabled even for non-PIE arches BTW.
>>> In the original patches I wanted to follow Debian's practice of setting
>>> flags from dpkg, but there are pros and cons on each side.
>>> Setting relro + bindnow in GCC probably results less FTBS-s in packages
>>> where flags are not passed properly, while it makes harder to disable
>>> the flags from d/rules.
>>>
>>> I would like to see bindnow enabled in Stretch and the first phase of
>>> the freeze is near. Could you two (Matthias and Guillem) please find the
>>> variant which would please both of you?
>>
>> For the record Matthias reverted setting bindnow in gcc-6/6.2.0-10, thus it
>> seems dpkg can set both.
>
> I saw you synced dpkg with GCC's default PIE settings in 1.18.11, thank you
> for that.
> Is there any particular reason for not enabling bindnow as well?
>
> Do you plan enabling it for Stretch?

I have uploaded a fixed package with the attached patch to DELAYED/10.

Cheers,
Balint
diff -Nru dpkg-1.18.15/debian/changelog dpkg-1.18.15+nmu1/debian/changelog
--- dpkg-1.18.15/debian/changelog	2016-11-16 03:28:05.0 +0100
+++ dpkg-1.18.15+nmu1/debian/changelog	2016-12-14 13:42:35.0 +0100
@@ -1,3 +1,10 @@
+dpkg (1.18.15+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Make dpkg-buildflags enable bindnow by default (Closes: #835146)
+
+ -- Balint Reczey   Wed, 14 Dec 2016 13:40:17 +0100
+
 dpkg (1.18.15) unstable; urgency=medium
 
   [ Guillem Jover ]
diff -Nru dpkg-1.18.15/man/dpkg-buildflags.man dpkg-1.18.15+nmu1/man/dpkg-buildflags.man
--- dpkg-1.18.15/man/dpkg-buildflags.man	2016-11-14 00:54:13.0 +0100
+++ dpkg-1.18.15+nmu1/man/dpkg-buildflags.man	2016-12-14 13:40:13.0 +0100
@@ -339,7 +339,7 @@
 .
 .TP
 .B bindnow
-This setting (disabled by default) adds
+This setting (enabled by default) adds
 .B \-Wl,\-z,now
 to \fBLDFLAGS\fP. During program load, all dynamic symbols are resolved,
 allowing for the entire PLT to be marked read-only (due to \fBrelro\fP
diff -Nru dpkg-1.18.15/scripts/Dpkg/Vendor/Debian.pm dpkg-1.18.15+nmu1/scripts/Dpkg/Vendor/Debian.pm
--- dpkg-1.18.15/scripts/Dpkg/Vendor/Debian.pm	2016-11-14 00:54:14.0 +0100
+++ dpkg-1.18.15+nmu1/scripts/Dpkg/Vendor/Debian.pm	2016-12-14 13:40:08.0 +0100
@@ -287,7 +287,7 @@
 	fortify => 1,
 	format => 1,
 	relro => 1,
-	bindnow => 0,
+	bindnow => 1,
 );
 my %builtin_feature = (
 pie => 1,

Bug#841194: ITP: fxlinuxprint -- PPD file and postscript filter for Fuji Xerox printer

[Roger Shimizu]

Dear Till,

>> Didier 'OdyX' Raboud  wrote:
>> > Le jeudi, 8 décembre 2016, 09.34:12 h CET Didier 'OdyX' Raboud a écrit :
>> > > * In CUPS, the PPD makes the manufacturer appear as "(Fuji Xerox)",
>> > > "Fuji Xerox" and "FX", and only as "Fuji Xerox" Model. There should
>> > > really exist a fxlinuxprint.drv as source for that PPD.
>> >
>> > The really better solution is:
>> > - (Optionally) a fxlinuxprint.drv exists, and generates …
>> > - one PPD per supported printer, with uniform and coherent Manufacturer
>> > names
>> I admit I don't understand much here.
>> If you can provide an example, that would be helpful and appreciated.
>
> Well. This is something for upstream, really. I'll let Till provide an
> example, he's much more knowledgeable in this area.

If you can kindly help to give me the example mentioned above, it'd be
appreciated.

Besides, you seems to be in ubuntu community, so could you help to handle this:
- https://bugs.launchpad.net/ubuntu/+bug/124442
It's already hit ubuntu so I think that bug can be closed.

Thank you!

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

Bug#847921: jessie-pu: package libmateweather/1.8.0-2+deb8u1

[Mike Gabriel]

Hi Adam,

On  Mo 12 Dez 2016 14:07:37 CET, Adam D. Barratt wrote:


Control: tags -1 + moreinfo

On 2016-12-12 11:30, Mike Gabriel wrote:

The weather data provider service weather.noaa.gov is a discontinued
service. This update
switches libmateweather over to using aviationweather.gov. In Debian
jessie, this fixes
the MATE weather report applet. Currently, the applet displays no  
data at all.


The BTS metadata for #846900 indicates that the bug affects the  
package in unstable as well. If that's correct, please update  
unstable first; if it's not, please fix the metadata.


Regards,

Adam


Any more feedback on this? Is anything else needed to get this j-pu  
processed further?


Thanks,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpaA5z4XXB0c.pgp
Description: Digitale PGP-Signatur

Bug#848133: RFS: rdup/1.1.15-1.0

[Andrey Rahmatullin]

On Wed, Dec 14, 2016 at 02:00:30PM +0100, Félix Sipma wrote:
> Version: 1.1.15-1.0
ITYM 1.1.15-0.1



-- 
WBR, wRAR


signature.asc
Description: PGP signature

Bug#848134: xfce4-terminal: Weird buffering problem

[Santiago Vila]

Package: xfce4-terminal
Version: 0.8.1-1
Severity: important

Dear maintainer:

Using xfce4-terminal, I do this:

ping google.com

and instead of one line per second, as usual, I get two lines every
two seconds.

The problem also happens when I ssh to some server and do

cat some-text-file.txt

Very often, but not always, I see most of the file and then it hangs.
If I press Enter then I see the remaining of the file and the result
of pressing Enter after the cat command.

I'm using "important" here because this is very very annoying.
In fact it's so annoying that I'm switching to gnome-terminal
(where the problem does not happen) until it's fixed.

Please feel free to ask me any kind of test to perform in case you
could not reproduce this in your system.

Thanks.

Bug#848130: pulseaudio-module-bluetooth: cannot switch to a2dp profile

[Felipe Sateler]

On 14 December 2016 at 09:15, Mo Weng  wrote:
> Package: pulseaudio-module-bluetooth
> Version: 9.0-5
> Severity: important
> Tags: upstream
>
> part result of "pacmd list-cards" about bt device:
>
> name: 
> properties:
> ...
> device.api = "bluez"
> ...
> profiles:
> headset_head_unit: Headset Head Unit (HSP/HFP) (priority 20, 
> available:
> unknown)
> a2dp_sink: High Fidelity Playback (A2DP Sink) (priority 10, available:
> no)
> off: Off (priority 0, available: yes)
> ==
>
> result of "pacmd set-card-profile 7 a2dp_sink":
>
> Failed to set card profile to 'a2dp_sink'.
>
> ==
>
> I can see a2dp option in gnome-control-center -> sound but can't switch to it.
>
> And when I try to swtich to a2dp_sink in blueman-manager, it shows "Failed to
> change profile to a2dp_sink"

Is there a pulseaudio process running for the gdm user? If so, what
happens if you kill it?

Maybe this is this issue: https://bugs.freedesktop.org/show_bug.cgi?id=98144

-- 

Saludos,
Felipe Sateler

Bug#783246: [php-maint] Bug#783246: php5en(dis)mod: mandatory space between semicolon and priority key

[Ondřej Surý]

Hi,

while I agree with you both that the priority parser should be more
relaxed about the whitespaces. The issue has a very easy fix - just fix
the whitespace to the "strict" format, and this change has a potential
to disrupt service for the people who already rely on the existing
strict behavior, so I don't think this is material for stable update.

However I have fixed this in next stable Debian (php-defaults_47), where
the php-helper will ignore any whitespace on the line (even the trailing
whitespace).

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Tue, Dec 13, 2016, at 22:27, J G Miller wrote:
> Package: php5-common
> Version: 5.6.28+dfsg-0+deb8u1
> Followup-For: Bug #783246
> 
> Allowing some white space on the priority line before the word priority
> and around the equals sign in the get_priority function would be most
> welcome.
> 
> This strictness results for me in duplicate symlinks with wrong
> priority 20 to keep appearing every time there is an update and
> hourly already loaded mail messages and the need for manual pruning.
> 
> --- php5/php5-helper.orig   2016-12-09 13:26:56.0 +0100
> +++ php5/php5-helper2016-12-09 13:26:56.0 +0100
> @@ -132,7 +132,7 @@
>  module_exists $modname || module_ret=$?
> 
>  if [ "$module_ret" -eq 0 ]; then
> -   priority=$(sed -ne "s/^; priority=\([0-9]\+\)$/\\1/p"
> $source_ini)
> +   priority=$(sed -ne
> "s/^;[[:space:]]*priority[[:space:]]*=[[:space:]]*\([0-9]\+\)$/\\1/p"
> $source_ini)
> [ -z "$priority" ] && priority=20
> echo $priority
> return 0
> 
> Incidentally, why the double backslash on the reference 1, viz \\1,
> rather than the normal single backslash \1?
> 
> Thanking your for your support.
> 
> 
> -- Package-specific info:
>  Additional PHP 5 information 
> 
>  PHP 5 SAPI (php5query -S): 
> fpm
> cli
> 
> -- System Information:
> Debian Release: 8.6
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: armel (armv5tel)
> 
> Kernel: Linux 3.16.0-4-kirkwood
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968)
> (ignored: LC_ALL set to C)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> ___
> pkg-php-maint mailing list
> pkg-php-ma...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

Bug#848114: flightgear: Allows the route manager to overwrite arbitrary files

[Florent Rougon]

Markus Wanner  wrote:

> Hello Florent,
>
> thanks a lot for your notification and the patch(es). Uploads to stable
> (security) and unstable should follow, shortly.

Fine, thank you, Markus!

Regards

-- 
Florent

Bug#848130: pulseaudio-module-bluetooth: cannot switch to a2dp profile

[Mo Weng]

Package: pulseaudio-module-bluetooth
Version: 9.0-5
Followup-For: Bug #848130

Felipe Sateler:

Thanks for your reply. I think what you said about pulseaudio and gdm user is
related to this issue.

I found this workaround in bug #845938:

> setfacl -m u:Debian-gdm:r /usr/bin/pulseaudio
> reboot

This fixed the issue. I think this bug can be merged into #845938.



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pulseaudio-module-bluetooth depends on:
ii  bluez5.43-1
ii  libc62.24-8
ii  libcap2  1:2.25-1
ii  libdbus-1-3  1.10.14-1
ii  libpulse09.0-5
ii  libsbc1  1.3-1
ii  pulseaudio   9.0-5

pulseaudio-module-bluetooth recommends no packages.

pulseaudio-module-bluetooth suggests no packages.

Bug#848133: RFS: rdup/1.1.15-1.0

[Félix Sipma]

On 2016-12-14 18:06+0500, Andrey Rahmatullin wrote:
> On Wed, Dec 14, 2016 at 02:00:30PM +0100, Félix Sipma wrote:
>> Version: 1.1.15-1.0
> ITYM 1.1.15-0.1

OK, package updated.

dget -x 
https://mentors.debian.net/debian/pool/main/r/rdup/rdup_1.1.15-0.1.dsc


signature.asc
Description: PGP signature