Bug#852751: [cryptkeeper] Sets the same password "p" for everything independently of user input

[Tony Sultana]

Will a conflict encfs still permit use of cryptkeeper with existing encfs 
folders?  If yes, then that may be a good approach. 

Another approach, probably out of scope, would be to disable New Folder 
functionality in cryptkeeper and instruct users to the shell with encfs.⁣

Tony

On Feb 1, 2017, 3:57 PM, at 3:57 PM, Eduard Bloch  wrote:
>Hallo,
>* Francesco Namuri [Tue, Jan 31 2017, 06:06:01PM]:
>
>> > Yes, I agree that it's easily discoverable--which is why I'm
>concerned
>> > that simply removing the entire functionality of the package
>without
>> > any kind of notification to the user isn't the best way to address
>the
>> > problem. Again: removing the package simply ensures that people
>> > upgrading to stretch will either end up with a cryptkeeper package
>> > that exhibits this bug, or will remove their cryptkeeper package
>and
>> > not know how to access their stored data, right?
>> > 
>> > Mike Stone
>> 
>> Hello Mike,
>> thanks for the comments.
>> 
>> This issue only affectes the cryptkeeper working with encfs 1.9.1-3,
>in
>> stable we have 1.7.4-5 that works as cryptkeeper expects.
>> 
>> People that upgrades from jessie to stretch simple "loses"
>cryptkeeper,
>> package, of course they are still able to access their stored data
>using
>> encfs or any other frontend to it.
>> 
>> IMHO it's better to remove the program in any envrionment that is
>affected
>> by this issue, putting a note in the README or also on the debconf
>isn't
>> enough to balance the gravity of the issue. Users can think they lost
>data
>> because of a wrong password, or even worst they can trust on a
>worthless
>> data encryption.
>
>Also many thanks from my side...
>
>So I guess I better upload an encfs package which simply conflicts with
>cryptkeeper or does anyone have a better idea?
>
>Best Regards,
>Eduard.

Bug#846002: blends-tasks must be priority:standard and not make a mess out of tasksel menu

[Sam Hartman]

Hi, first, you've made the point that you were hoping the TC would help
the blends team and the d-i team work together.
I think that Phil's suggestions for a technical approach are quite good,
and I hope that will move forward in the buster cycle.

With regard to stretch, I honestly don't think there is anything that we
can do that we believe that we should do.
Some of us think Cyril might  being overly conservative in his initial
decision.  I suspect though that we almost all believe that now is way
too late.
Also, I think all the TC members believe that Cyril is the one who
ultimately should have made the is it too late decision for stretch.
I don't think there's more information he could have been given that
would have helped with that.

"You'll get what you want, but not in the time line you want," is a
frustrating outcome.
However, it is the kind of compromise that is often right in this
situation.


> "Ole" == Ole Streicher  writes:

Ole> Yea, I should improve my reading skills for english. This is my
Ole> misunderstanding. However, if this refers to the number of
Ole> votes within TC (right?), counting that would have been part of
Ole> the decision.

The TC has to vote in order to override someone or to use its
constitutional powers.  The TC doesn't need to "vote" in order to decide
to support an existing decision; we can do this by consensus.

We didn't need to hold a vote for me to read the discussion and have
high personal confidence that there would be insufficient votes to
support your position.  marga proposed closing the bug--deciding by
consensus.  No one on the TC .objected to doing that.  That's a fairly
good sign in our processes it is the right decision.  She ended up
deciding to call for a vote.  Based on the results of that vote it seems
fairly clear it would have been reasonable to close the vote by
consensus as well.

Votes are kind of a crappy way to  make such decisions.


signature.asc
Description: PGP signature

Bug#854067: ITP : node-prepend-http -- Prepend `http://` to humanized URLs like todomvc.com and localhost

[Ben Finney]

Shirish Togarla  writes:

>   Description : Prepend `http://` to humanized URLs like todomvc.com
> and localhost

This is not written as a noun phrase describing the package. Also, there
is no longer description to give enough information to the reader.

When writing the ITP, please take the time to write a proper package
description. See the Debian Developer's Reference, §6.2.1 – 6.2.3.

Please note that it is often a mistake to copy the text from the
upstream work. Write the description of the Debian package to meet
Debian's guidelines.

-- 
 \ “For every complex problem, there is a solution that is simple, |
  `\   neat, and wrong.” —Henry L. Mencken |
_o__)  |
Ben Finney 

Bug#854081: decopy: Stops in middle of repo.

[shirish शिरीष]

Package: decopy
Version: 0.2-1
Severity: important

Dear Maintainer,
I was trying the tool in the same repo. The allacrost repo.

[$] hg paths
[1:07:30]

default = https://bitbucket.org/allacrost/allacrost

I made a /debian sub-directory to simulate that the repo. is a source
directory of a debian package.

I gave this flags while trying it out -

┌─[shirish@debian] - [~/games/allacrost] - [10086]
└─[$] decopy --debug --group-by copyright

It runs for sometime and then for some unexplicable reason it stops as
can be seen in the attached file.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (600, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (1, 'experimental-debug'), (1, 'experimental'), (1,
'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages decopy depends on:
ii  bzip2   1.0.6-8+b1
ii  exiv2   0.25-3
ii  python3-debian  0.1.29
ii  python3-xdg 0.25-4
pn  python3:any 
ii  xz-utils5.2.2-1.2

decopy recommends no packages.

decopy suggests no packages.

-- no debconf information


-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8
┌─[shirish@debian] - [~/games/allacrost] - [10086]
└─[$] decopy --debug --group-by copyright   
 [18:54:45]
[DEBUG] Listing .
[DEBUG] Ignoring directory .deps as requested
[DEBUG] Ignoring directory .hg as requested
[DEBUG] Listing ./mus
[DEBUG] Listing ./lib
[DEBUG] Listing ./debian
[DEBUG] Listing ./src
[DEBUG] Listing ./src/luabind
[DEBUG] Listing ./src/luabind/luabind
[DEBUG] Listing ./src/luabind/luabind/detail
[DEBUG] Listing ./src/luabind/src
[DEBUG] Listing ./src/common
[DEBUG] Listing ./src/common/gui
[DEBUG] Listing ./src/common/global
[DEBUG] Listing ./src/engine
[DEBUG] Listing ./src/engine/video
[DEBUG] Listing ./src/engine/script
[DEBUG] Listing ./src/engine/audio
[DEBUG] Listing ./src/editor
[DEBUG] Listing ./src/modes
[DEBUG] Listing ./src/modes/menu
[DEBUG] Listing ./src/modes/map
[DEBUG] Listing ./src/modes/shop
[DEBUG] Listing ./src/modes/save
[DEBUG] Listing ./src/modes/boot
[DEBUG] Listing ./src/modes/battle
[DEBUG] Listing ./game
[DEBUG] Ignoring directory .deps as requested
[DEBUG] Listing ./game/autom4te.cache
[DEBUG] Listing ./game/txt
[DEBUG] Listing ./img
[DEBUG] Listing ./img/backdrops
[DEBUG] Listing ./img/backdrops/battle
[DEBUG] Listing ./img/sprites
[DEBUG] Listing ./img/sprites/objects
[DEBUG] Listing ./img/sprites/characters
[DEBUG] Listing ./img/sprites/creatures
[DEBUG] Listing ./img/sprites/enemies
[DEBUG] Listing ./img/misc
[DEBUG] Listing ./img/misc/editor_tools
[DEBUG] Listing ./img/logos
[DEBUG] Listing ./img/tilesets
[DEBUG] Listing ./img/portraits
[DEBUG] Listing ./img/portraits/full
[DEBUG] Listing ./img/portraits/face
[DEBUG] Listing ./img/portraits/damage
[DEBUG] Listing ./img/portraits/locations
[DEBUG] Listing ./img/effects
[DEBUG] Listing ./img/icons
[DEBUG] Listing ./img/icons/actors
[DEBUG] Listing ./img/icons/actors/characters
[DEBUG] Listing ./img/icons/actors/enemies
[DEBUG] Listing ./img/icons/items
[DEBUG] Listing ./img/icons/armor
[DEBUG] Listing ./img/icons/weapons
[DEBUG] Listing ./img/icons/effects
[DEBUG] Listing ./img/icons/battle
[DEBUG] Listing ./img/fonts
[DEBUG] Listing ./img/menus
[DEBUG] Listing ./autom4te.cache
[DEBUG] Listing ./HoA.xcodeproj
[DEBUG] Listing ./lua
[DEBUG] Listing ./lua/graphics
[DEBUG] Listing ./lua/graphics/particles
[DEBUG] Listing ./lua/test
[DEBUG] Listing ./lua/data
[DEBUG] Listing ./lua/data/actors
[DEBUG] Listing ./lua/data/config
[DEBUG] Listing ./lua/data/tilesets
[DEBUG] Listing ./lua/data/skills
[DEBUG] Listing ./lua/data/maps
[DEBUG] Listing ./lua/data/effects
[DEBUG] Listing ./lua/data/inventory
[DEBUG] Listing ./lua/scripts
[DEBUG] Listing ./lua/scripts/maps
[DEBUG] Listing ./lua/scripts/battles
[DEBUG] Listing ./lua/scripts/custom
[DEBUG] Listing ./snd
[DEBUG] Listing ./txt
[DEBUG] Listing ./m4
[DEBUG] Listing ./doc
[DEBUG] Type for ./COPYING is: text/x-copying
[DEBUG] Parsed ./COPYING: [1989-1991, Free Software Foundation, Inc, 1959, 
Temple Place, Suite 330, Boston, MA 02111-1307 USA], dict_values(['GPL-2+'])
[DEBUG] Type for ./LICENSES is: text/plain
[DEBUG] Parsed ./LICENSES: [], dict_values(['GPL-2'])
[DEBUG] Type for ./shake.o is: application/x-object
[DEBUG] Parsed ./shake.o: [], dict_values([])
[DEBUG] Type for ./battle_finish.o is: application/x-object
[DEBUG] Parsed ./battle_finish.o: [], dict_values([])
[DEBUG] Type for ./main_options.o is: application/x-object
[DEBUG] Parsed 

Bug#854005: [pkg-gnupg-maint] Bug#854005: ssh-agent no longer works

[Wouter Verhelst]

On Sat, Feb 04, 2017 at 01:30:52AM +0900, NIIBE Yutaka wrote:
> Wouter Verhelst  wrote:
> > wouter@gangtai:~$ cat .gnupg/scdaemon.conf
> > reader-port O2 Micro Oz776 01 00
> > log-file /home/wouter/.gnupg/scdaemon.log
> > pcsc-driver libpcsclite.so
> 
> Ah... I think that I enbugged a bug for PC/SC, and scdaemon with PC/SC
> is somehow broken in 2.1.18.  Please try with internal CCID driver of
> GnuPG.  I mean, don't use PC/SC service.

Heh.

I can try if it makes you happy, but I can't use it long-term, or my day
job will become sorely problematic :-)

> >> I'm now at NRT airport to BRU.
> >
> > Interesting. I live 10 minutes away (by train) from that airport :-)
> >
> > I take it you'll be at FOSDEM? I'll be giving a talk in the
> > IaaS/Virtualization devroom at 14:00 on saturday[1]. If it helps, I'll
> > have my laptop with me (and a few cardreaders too, probably); we can
> > then debug things face to face if you want me to.
> >
> > [1] https://fosdem.org/2017/schedule/event/iaas_netblodev/
> 
> Yes, I'll be at FOSDEM.  It's good if we can debug things after your
> talk.

Sure, I'll make sure to have all my stuff so we can look at it in
detail.

-- 
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
   people in the world who think they really understand all of its rules,
   and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12

Bug#853052: widelands: Wrong names for some buildings (e.g. Ranger's Hut)

[Hans Joachim Desserud]

forwarded 853052 https://bugs.launchpad.net/widelands/+bug/1652923
thanks

Thanks for reporting. :)

As you mention, the issue seems "limited" to the en_GB translation.
This has also been reported upstream, see link above.

--
mvh / best regards
Hans Joachim Desserud
http://desserud.org

Bug#851667: #851667 "fix" breaks openjdk 8 on Jessie

[David Joseph Guzsik]

It's not like me or my users wanted to use ElasticSearch anyway...
Who on earth thought this was a good idea?!

Bug#854061: [Debian-ports-devel] Bug#854061: Lack of hardening=+pie gives unwanted, unsilenceable noisy compiler output

[Thorsten Glaser]

James Clarke dixit:

>As far as I can tell, no progress has been made on this issue since the
>few discussions on debian-devel[0]. The current state is not desirable,

I agree. I think everyone agreed that GCC should handle hardening
and dpkg should not pass the -specs= stuff any longer.

>and in fact is causing at least one crucial package, cmake, to FTBFS

Indeed. I porter-uploaded it for x32 by downgrading dpkg first
which made the build succeed.

bye,
//mirabilos
-- 
“ah that reminds me, thanks for the stellar entertainment that you and certain
other people provide on the Debian mailing lists │ sole reason I subscribed to
them (I'm not using Debian anywhere) is the entertainment factor │ Debian does
not strike me as a place for good humour, much less German admin-style humour”

Bug#853935: rephrase: No more works with gpg2 and causes one pinentry popup per guess

[Axel Beckert]

Control: tags -1 + patch

Hi,

Axel Beckert wrote:
> > the 2.1.x version of GnuPG (which is what will offer /usr/bin/gpg in
> > debian stretch) stores its secret key material in a different way
> > (~/.gnupg/private-keys-v1.d) than gpg1 does (~/.gnupg/secring.gpg).  If
> > you want rephrase to recover a partially-known passphrase against gpg
> > 2.1.x, having one that "works" against gpg1 isn't going to be useful at
> > all.
[...]
> > A better short-term fix would be to add "--pinentry-mode", "loopback" to
> > the arguments passed to the gpg invocations in rephrase.c.
> 
> I'll try to come up with a patch for that.

The attached patch works for me with gpg aka gpg2.

I'd also upload it as NMU in case I don't hear from the Debian
Forensics team in time before a potential removal from testing (or if
the team prefers the NMU).

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
commit befaa3010553b8b3046481487200a17e560e509c
Author: Axel Beckert 
Date:   Fri Feb 3 20:22:30 2017 +0100

Add patch to unconditionally call gpg with "--pinentry-mode loopback"

Closes: #853935

diff --git a/debian/changelog b/debian/changelog
index c75e1c0..51db79c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+rephrase (0.2-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add patch to unconditionally call gpg with "--pinentry-mode loopback".
+(Closes: #853935)
+
+ -- Axel Beckert   Thu, 02 Feb 2017 11:29:59 +0100
+
 rephrase (0.2-1) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/02_minimal_gpg2_support.patch b/debian/patches/02_minimal_gpg2_support.patch
new file mode 100644
index 000..47f1b47
--- /dev/null
+++ b/debian/patches/02_minimal_gpg2_support.patch
@@ -0,0 +1,23 @@
+Description: Make rephrase working with gpg2
+Author: Axel Beckert  after an idea by Daniel Kahn Gillmor 
+Bug-Debian: https://bugs.debian.org/853935
+
+--- a/rephrase.c
 b/rephrase.c
+@@ -63,14 +63,14 @@
+ struct profile profiles[] = {
+   {
+ "--gpg-key",
+-{ GPG, "--default-key", "%1", "--passphrase-fd", "0", "--batch", "--no-tty", "--dry-run", "--clearsign", "/dev/null", NULL },
++{ GPG, "--pinentry-mode", "loopback", "--default-key", "%1", "--passphrase-fd", "0", "--batch", "--no-tty", "--dry-run", "--clearsign", "/dev/null", NULL },
+ 1,
+ 0,
+ -1
+   },
+   {
+ "--gpg-symmetric",
+-{ GPG, "--passphrase-fd", "0", "--batch", "--no-tty", "--decrypt", "%1", NULL },
++{ GPG, "--pinentry-mode", "loopback", "--passphrase-fd", "0", "--batch", "--no-tty", "--decrypt", "%1", NULL },
+ 1,
+ 0,
+ -1
diff --git a/debian/patches/series b/debian/patches/series
index 99e88ef..96f7bb0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 01_fix_bin_path.patch
+02_minimal_gpg2_support.patch


signature.asc
Description: Digital signature

Bug#854086: unblock: commons-math3/3.6.1-2

[tony mancill]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package commons-math3

The bug addresses a FTBFS bug [1] that arose quite late in the release
cycle due to changes in the javadoc tooling.  The build error being
addressed is:

> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-javadoc-plugin:2.10.4:jar (default-cli)
> on project commons-math3: MavenReportException: Error while generating
> Javadoc:
> [ERROR] Exit code: 1 - javadoc: error - Argument for -header contains 
> JavaScript.
> [ERROR] Use --allow-script-in-comments to allow use of JavaScript.

The source debdiff against the version in testing is attached.  The
debdiff consists of adding --allow-script-in-comments to an existing
build patch and also the updates that came 'quilt refresh' while
generating the patch.

unblock commons-math3/3.6.1-2

Thank you for your consideration!
Cheers,
tony

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852880
diff -Nru commons-math3-3.6.1/debian/changelog commons-math3-3.6.1/debian/changelog
--- commons-math3-3.6.1/debian/changelog	2016-03-26 16:43:25.0 -0700
+++ commons-math3-3.6.1/debian/changelog	2017-02-03 10:14:20.0 -0800
@@ -1,3 +1,11 @@
+commons-math3 (3.6.1-2) unstable; urgency=medium
+
+  * Team upload.
+  * Update 03_libjs-mathjax.patch to add --allow-script-in-comments to
+maven-javadoc-plugin invocation to address FTBFS. (Closes: #852880)
+
+ -- tony mancill   Fri, 03 Feb 2017 10:14:20 -0800
+
 commons-math3 (3.6.1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru commons-math3-3.6.1/debian/patches/03_libjs-mathjax.patch commons-math3-3.6.1/debian/patches/03_libjs-mathjax.patch
--- commons-math3-3.6.1/debian/patches/03_libjs-mathjax.patch	2016-03-26 16:32:04.0 -0700
+++ commons-math3-3.6.1/debian/patches/03_libjs-mathjax.patch	2017-02-03 10:14:20.0 -0800
@@ -11,16 +11,17 @@
  
 --- a/pom.xml
 +++ b/pom.xml
-@@ -539,7 +539,7 @@
+@@ -534,7 +534,8 @@
  org.apache.maven.plugins
  maven-javadoc-plugin
  
 -  -header script type=text/javascript src=http://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML/script;
 +  -header script type=text/javascript src=file:///usr/share/javascript/mathjax/MathJax.js?config=TeX-AMS-MML_HTMLorMML/script
++  --allow-script-in-comments
  

  
-@@ -690,7 +690,7 @@
+@@ -685,7 +686,7 @@
  org.apache.maven.plugins
  maven-javadoc-plugin
  
@@ -31,7 +32,7 @@
  
 --- a/src/site/site.xml
 +++ b/src/site/site.xml
-@@ -81,7 +81,7 @@
+@@ -83,7 +83,7 @@
  
  
  


signature.asc
Description: PGP signature

Bug#854053: coreutils: improve 2x-3x sha256sum performance on ppc64le due to current gcc optimization bug

[Mike Hodson]

Hi All,

I'm not sure if this is the bug you are referring to; it would appear to
have started 10 years ago and affects far more than 4.9>7? Or did someone
perhaps revert a patch that may have come from this?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=32523 is the bug that was
first found in 2007... It seems to have perpetuated for quite a while if
this is the initial root instance.

Mike




On Fri, Feb 3, 2017 at 11:37 AM, Gustavo Serra Scalet <
gustavo.sca...@eldorado.org.br> wrote:

>
>
> > -Original Message-
> > From: Michael Stone [mailto:mst...@debian.org]
> > Sent: sexta-feira, 3 de fevereiro de 2017 11:38
> > To: Gustavo Serra Scalet 
> > Cc: 854...@bugs.debian.org; coreut...@gnu.org
> > Subject: Re: Bug#854053: coreutils: improve 2x-3x sha256sum performance
> > on ppc64le due to current gcc optimization bug
> >
> > On Fri, Feb 03, 2017 at 11:22:28AM -0200, Gustavo Serra Scalet wrote:
> > >The sha256sum provided by coreutils (without openssl) is performing
> > >poorly with versions >= 4.9 until 7.0 (currently under development).
> > >The reason for that is the -fschedule-insns optimization that is used
> > >with -O2. By simply deactivating it, there is a performance improvement
> > >of
> > >2 to 3 times.
> > >
> > >I'm attaching a patch that demonstrate that behavior but it lacks this
> > >condition:
> > >* If ppc64le
> > >* If gcc being used is >= 4.9 and < 7.0
> > >
> > >Notes:
> > >1) gcc-7 is not affected by this bug (verified on 20170129 snapshot).
> > >2) clang is not affected by this bug (verified on v3.8 and v3.9).
> > >3) strangely the sha512 is not affected by this.
> >
> > Sounds good in theory, just needs conditionals. :) For debian we can
> > just assume the compiler version and remove the patch when a newer
> > compiler is available as a dependency, but making it conditional on ppc
> > seems essential. Upstream would probably want some kind of compiler
> > based test.
>
> Seems good to me.
>
> > My understanding is that just adding this option to cflags
> > when building on the appropriate architecture wouldn't work, because it
> > would negatively impact other code, is that correct?
>
> Yes, I wouldn't add this CFLAG for the whole package, but only for the
> lib/sha256.o target (that's what my patch is doing).
>
> For that target, I see a better performance without that optimization than
> with it. Normally nobody shuts off optimization to improve performance but,
> as I said, it is a bug that happens on this target and it affects gcc
> versions >= 4.9 and < 7.0.
>
> If you see a different way out, or a more neat approach, please advise.
>
> >
> > Mike Stone
> >
> > (additional context quoted below)
> >
> > >Below a demonstration of how it performs:
> > >
> > >===
> > >$ (./configure && make -j9) > /dev/null && time src/sha256sum
> > >~/ubuntu-16.10-server-ppc64el.iso
> > >configure: WARNING: libacl development library was not found or not
> > usable.
> > >configure: WARNING: GNU coreutils will be built without ACL support.
> > >configure: WARNING: libattr development library was not found or not
> > usable.
> > >configure: WARNING: GNU coreutils will be built without xattr support.
> > >configure: WARNING: libcap library was not found or not usable.
> > >configure: WARNING: GNU coreutils will be built without capability
> > support.
> > >configure: WARNING: libgmp development library was not found or not
> > usable.
> > >configure: WARNING: GNU coreutils will be built without GMP support.
> > >src/who.c: In function 'print_user':
> > >src/who.c:454:20: warning: initialization discards 'const' qualifier
> > from pointer target type [-Wdiscarded-qualifiers]
> > > int   *a = utmp_ent->ut_addr_v6;
> > >^~~~
> > >d14bdb413ea6cdc8d9354fcbc37a834b7de0c23f992deb0c6764d0fd5d65408e
> > >/home/gut/ubuntu-16.10-server-ppc64el.iso
> > >
> > >real0m18.670s
> > >user0m16.566s
> > >sys 0m0.745s
> > >
> > >$ # now with the following patch:
> > >$ diff Makefile.in ../Makefile.in
> > >8989c8989
> > >< @am__fastdepCC_TRUE@  $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c
> > >-o $@ $< &&\
> > >---
> > >> @am__fastdepCC_TRUE@  $(COMPILE) $$([ "$@" == "lib/sha256.o" ] &&
> > >> echo "-fno-schedule-insns") -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@
> > >> $< &&\
> > >$ cp ../Makefile.in Makefile.in
> > >$ (./configure && make -j9) > /dev/null && time src/sha256sum
> > >~/ubuntu-16.10-server-ppc64el.iso
> > >configure: WARNING: libacl development library was not found or not
> > usable.
> > >configure: WARNING: GNU coreutils will be built without ACL support.
> > >configure: WARNING: libattr development library was not found or not
> > usable.
> > >configure: WARNING: GNU coreutils will be built without xattr support.
> > >configure: WARNING: libcap library was not found or not usable.
> > >configure: WARNING: GNU coreutils will be built without capability
> > support.
> > 

Bug#854083: fail2ban: tail option on logpath lines

[SysCo Lol]

Package: fail2ban
Version: 0.8.13-1
Severity: important

Dear Maintainer,

In jail.conf, a logpath line with a space separated 'tail' word no longer 
works, as
it worked in wheezy.

jail.conf extract:

[apache-urls]
enabled = true
filter = apache-urls
action = iptables-multiport[name=ApacheURLs, port="http,https"]
logpath = /var/log/apache2/*log tail
bantime = 900
findtime = 30
maxretry = 15


On restart, fail2ban fail to restart and syslog reads

Feb  3 20:44:57 atlas fail2ban[804]: ERROR  No file(s) found for glob 
/var/log/apache2/*log tail
Feb  3 20:44:57 atlas fail2ban[804]: ERROR  Failed during configuration: Have 
not found any log file for apache-urls jail
Feb  3 20:44:57 atlas fail2ban[804]: failed!

It works well on wheezy with standard fail2ban package.

Best regards

Lol

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages fail2ban depends on:
ii  lsb-base4.1+Debian13+nmu1
pn  python:any  

Versions of packages fail2ban recommends:
ii  iptables  1.4.21-2+b1
ii  python-pyinotify  0.9.4-1
ii  whois 5.2.7

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]8.1.2-0.20141216cvs-2
ii  python-gamin 0.1.10-4.1
ii  rsyslog [system-log-daemon]  8.4.2-1+deb8u2

-- Configuration Files:
/etc/fail2ban/jail.conf changed [not included]

-- no debconf information

Bug#851797: Processed: RFAs are severity normal

[Axel Beckert]

Control: severity -1 wishlist

Hi Adrian,

Debian Bug Tracking System wrote:
> Processing commands for cont...@bugs.debian.org:
> > severity 851797 normal
> Bug #851797 [wnpp] RFA: dphys-config -- Tool to distribute config files by 
> fetching them
> Severity set to 'normal' from 'wishlist'

It might be the default severity of RFAs, but I'm not aware of any
rule saying that an RFA _must_ be of severity "normal".

This RFA was deliberately set to wishlist, so I'm setting back to
wishlist herewith.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#852398: To load extensions

[Édouard WILLISSECK]

This workaround works great thanks !

I hope we'll get a proper fix soon though.


On Wed, 01 Feb 2017 00:29:50 + Alok Singh 
wrote:
> Copying this over from #851692. A method of enabling extensions
without
> re-compiling Chromium. Not saying it is ideal
> 
> 1. Find your extensions:
> They are in
$XDG_CONFIG_DIR/chromium//Extensions//
> 
> For example, uBlock is at
>
/home/alok/.config/chromium/Default/Extensions/cjpalhdlnbpafiamejdnhcph
jbkeiagm/1.9.4_0
> 
> 2. Create a file in /etc/chromium.d/enable-extensions with the
content
> export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --load-extension= from above>"
> 
> 3. You have to create multiple lines of the form above for each
profile.
> Note that you will have to update this file when the extension
version
> changes. If you have the same extension in multiple profiles, you
will have
> make explicit entries for it as per step 2.
> 
> -- 
> —
> Alok

Bug#852959: [pkg-go] Bug#852959: prometheus FTBFS on armhf: github.com/prometheus/prometheus/storage/local fails

[Martín Ferrari]

severity 852959 important
thanks


So I finally asked ftpmaster to remove the armhf packages (#848357), to
allow prometheus to migrate and be released with Stretch. This bug still
exists, and I will fix it as soon as the current version migrates to
testing, but it does not affect the architectures that are going to be
released. So I am lowering the severity for now.

Thanks for reporting.


On 28/01/17 11:58, Adrian Bunk wrote:
> Source: prometheus
> Version: 1.5.0+ds-1
> Severity: serious
> 
> https://buildd.debian.org/status/fetch.php?pkg=prometheus=armhf=1.5.0%2Bds-1=1485604675=0
> 
> ...
> goroutine 10024 [chan receive]:
> github.com/prometheus/prometheus/storage/local.(*MemorySeriesStorage).handleEvictList.func1(0x4b165ad0)
>   
> /«BUILDDIR»/prometheus-1.5.0+ds/build/src/github.com/prometheus/prometheus/storage/local/storage.go:1075
>  +0x30
> created by 
> github.com/prometheus/prometheus/storage/local.(*MemorySeriesStorage).handleEvictList
>   
> /«BUILDDIR»/prometheus-1.5.0+ds/build/src/github.com/prometheus/prometheus/storage/local/storage.go:1077
>  +0x358
> exit status 2
> FAIL  github.com/prometheus/prometheus/storage/local  288.359s
> ...
> ___
> Pkg-go-maintainers mailing list
> pkg-go-maintain...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers
> 


-- 
Martín Ferrari (Tincho)

Bug#854084: binaryornot: Non-determistically FTBFS due to unreliable timing in tests

[Chris Lamb]

Source: binaryornot
Version: 0.4.0-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Dear Maintainer,

binaryornot's testsuite appears to use method timing/benchmarking in
such a way that it will non-deterministically FTBFS:

  […]
  
  ==
  ERROR: test_never_crashes (tests.test_check.TestDetectionProperties)
  --
  Traceback (most recent call last):
File "«BUILDDIR»/tests/test_check.py", line 180, in test_never_crashes
  def test_never_crashes(self, data):
File "/usr/lib/python2.7/dist-packages/hypothesis/core.py", line 438, in 
wrapped_test
  HealthCheck.too_slow,
File "/usr/lib/python2.7/dist-packages/hypothesis/core.py", line 306, in 
fail_health_check
  raise FailedHealthCheck(message)
  FailedHealthCheck: Data generation is extremely slow: Only produced 10 valid 
examples in 0.33 seconds (0 invalid ones and 1 exceeded maximum size). Try 
decreasing size of the data you're generating (with e.g.average_size or 
max_leaves parameters).
  See https://hypothesis.readthedocs.io/en/latest/healthchecks.html for more 
information about this. If you want to disable just this health check, add 
HealthCheck.too_slow to the suppress_health_check settings for this test.
  
  --
  Ran 43 tests in 0.557s
  
  FAILED (errors=1, expected failures=1)
  Test failed: 
  error: Test failed: 
  E: pybuild pybuild:283: test: plugin distutils failed with: exit code=1: 
python2.7 setup.py test 
  dh_auto_test: pybuild --test -i python{version} -p 2.7 returned exit code 13
  debian/rules:7: recipe for target 'build' failed
  make: *** [build] Error 25
  dpkg-buildpackage: error: debian/rules build gave error exit status 2

  […]

The full build log is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-


binaryornot.0.4.0-1.unstable.amd64.log.txt.gz
Description: Binary data

Bug#854085: yash: FTBFS:

[Chris Lamb]

Source: yash
Version: 2.44-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Dear Maintainer,

yash fails to build from source in unstable/amd64:

  […]

 dh_auto_test
make -j1 test VERBOSE=1
  make[1]: Entering directory '«BUILDDIR»'
  make[2]: Entering directory '«BUILDDIR»/builtins'
  make[2]: Nothing to be done for 'all'.
  make[2]: Leaving directory '«BUILDDIR»/builtins'
  make[2]: Entering directory '«BUILDDIR»/lineedit'
  make[2]: Nothing to be done for 'all'.
  make[2]: Leaving directory '«BUILDDIR»/lineedit'
  make[2]: Entering directory '«BUILDDIR»/tests'
  rm -rf alias-p.trs andor-p.trs arith-p.trs async-p.trs bg-p.trs break-p.trs 
builtins-p.trs case-p.trs cd-p.trs cmdsub-p.trs command-p.trs comment-p.trs 
continue-p.trs dot-p.trs errexit-p.trs error-p.trs eval-p.trs exec-p.trs 
exit-p.trs export-p.trs fg-p.trs fnmatch-p.trs for-p.trs fsplit-p.trs 
function-p.trs getopts-p.trs grouping-p.trs if-p.trs input-p.trs job-p.trs 
kill-p.trs lineno-p.trs nop-p.trs option-p.trs param-p.trs path-p.trs 
pipeline-p.trs ppid-p.trs quote-p.trs read-p.trs readonly-p.trs redir-p.trs 
return-p.trs set-p.trs shift-p.trs signal-p.trs simple-p.trs test-p.trs 
testtty-p.trs tilde-p.trs trap-p.trs umask-p.trs unset-p.trs until-p.trs 
wait-p.trs while-p.trs alias-y.trs andor-y.trs arith-y.trs array-y.trs 
async-y.trs bg-y.trs bindkey-y.trs brace-y.trs break-y.trs builtins-y.trs 
case-y.trs cd-y.trs cmdsub-y.trs command-y.trs complete-y.trs continue-y.trs 
dirstack-y.trs disown-y.trs dot-y.trs echo-y.trs errexit-y.trs error-y.trs 
eval-y.trs exec-y.trs exit-y.trs export-y.trs fc-y.trs fg-y.trs for-y.trs 
fsplit-y.trs function-y.trs getopts-y.trs grouping-y.trs hash-y.trs help-y.trs 
history-y.trs historyx-y.trs if-y.trs job-y.trs jobs-y.trs kill-y.trs 
lineno-y.trs option-y.trs param-y.trs pipeline-y.trs printf-y.trs prompt-y.trs 
pwd-y.trs quote-y.trs random-y.trs read-y.trs readonly-y.trs redir-y.trs 
return-y.trs set-y.trs settty-y.trs shift-y.trs signal-y.trs simple-y.trs 
startup-y.trs suspend-y.trs test-y.trs tilde-y.trs times-y.trs trap-y.trs 
typeset-y.trs ulimit-y.trs umask-y.trs unset-y.trs until-y.trs wait-y.trs 
while-y.trs
  make[3]: Entering directory '«BUILDDIR»/tests'
  ./resetsig ../yash ./run-test.sh ../yash alias-p.tst
  ../yash: parameter `LANG' is not set
  Makefile:65: recipe for target 'alias-p.trs' failed
  make[3]: *** [alias-p.trs] Error 2
  make[3]: Leaving directory '«BUILDDIR»/tests'
  Makefile:45: recipe for target 'test' failed
  make[2]: *** [test] Error 2
  make[2]: Leaving directory '«BUILDDIR»/tests'
  Makefile:116: recipe for target 'test' failed
  make[1]: *** [test] Error 2
  make[1]: Leaving directory '«BUILDDIR»'
  dh_auto_test: make -j1 test VERBOSE=1 returned exit code 2
  debian/rules:16: recipe for target 'build' failed
  make: *** [build] Error 2
  dpkg-buildpackage: error: debian/rules build gave error exit status 2

  […]

The full build log is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-


yash.2.44-1.unstable.amd64.log.txt.gz
Description: Binary data

Bug#853990: Acknowledgement (Add prompt for iSCSI initiator name in installer)

[Philip Hands]

Kevin Otte  writes:

>> which I've just rebased and then tweaked to use a here document:
>> 
>>   
>> https://anonscm.debian.org/cgit/d-i/partman-iscsi.git/log/?h=pu/iscsi-initiator-prompt
>
> The here document needs to be left justified, lest the target file end
> up with the indentation. See finish.d/iscsi_settings:69 et al.

I'm always torn on this one.

I like pretty code, so I used <<- (which strips out leading TABs from
the here doc) so it will actually do the right thing as it is now.

However, it only takes someone that doesn't know about that subtlety to
carelessly edit the file and turn TABs into spaces to break things and
create a hard to notice bug, so perhaps I should have left the '-' and
the TABs out, as you suggest.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Bug#854082: grub-installer: grub-xen fails to install on i386 or amd64 PV guest

[Sergio Gelato]

Package: grub-installer
Version: 1.136
Severity: serious

The grub installation step reproducibly fails using the latest stretch d-i
on both i386 and amd64 Xen PV guests. The logs indicate that grub-install is
looking for /usr/lib/grub/i386-pc instead of /usr/lib/grub/i386-xen, and
similarly on amd64.

I think the problem was introduced by
commit 66f75b7069aeba05eab776b5ac18dffa6874b5f3 .
Shouldn't amd64:grub-xen and i386:grub-xen read amd64/*:grub-xen and
i386/*:grub-xen, respectively, when matching against $ARCH:$grub_package ?

Bug#854088: blender: Blender python support does not find the numpy module

[Zachary Brown]

Package: blender
Version: 2.78.a+dfsg0-4
Severity: normal

Dear Maintainer,

I'm writing blender add-ons using python. Recently I tried to import the numpy
module, but blender reported that no such module could be found. I know I have
the numpy debian package installed.

I downloaded the latest version of blender from blender.org, and it found the
numpy module just fine.

Be well,
Zack



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages blender depends on:
ii  blender-data  2.78.a+dfsg0-4
ii  fonts-dejavu  2.37-1
ii  libavcodec57  7:3.2.2-2
ii  libavdevice57 7:3.2.2-2
ii  libavformat57 7:3.2.2-2
ii  libavutil55   7:3.2.2-2
ii  libboost-atomic1.62.0 1.62.0+dfsg-4
ii  libboost-chrono1.62.0 1.62.0+dfsg-4
ii  libboost-date-time1.62.0  1.62.0+dfsg-4
ii  libboost-filesystem1.62.0 1.62.0+dfsg-4
ii  libboost-iostreams1.62.0  1.62.0+dfsg-4
ii  libboost-locale1.62.0 1.62.0+dfsg-4
ii  libboost-regex1.62.0  1.62.0+dfsg-4
ii  libboost-system1.62.0 1.62.0+dfsg-4
ii  libboost-thread1.62.0 1.62.0+dfsg-4
ii  libc6 2.24-8
ii  libfftw3-double3  3.3.5-3
ii  libfontconfig12.11.0-6.7
ii  libfreetype6  2.6.3-3+b1
ii  libgcc1   1:6.3.0-5
ii  libgl1-mesa-glx [libgl1]  13.0.3-1
ii  libglew2.02.0.0-3
ii  libglu1-mesa [libglu1]9.0.0-2.1
ii  libgomp1  6.3.0-5
ii  libilmbase12  2.2.0-11
ii  libjack-jackd2-0 [libjack-0.125]  1.9.10+20150825git1ed50c92~dfsg-4+b1
ii  libjemalloc1  3.6.0-9
ii  libjpeg62-turbo   1:1.5.1-2
ii  libopenal11:1.17.2-4
ii  libopencolorio1v5 1.0.9~dfsg0-6
ii  libopenexr22  2.2.0-11
ii  libopenimageio1.6 1.6.17~dfsg0-1+b2
ii  libopenjp2-7  2.1.2-1.1
ii  libopenvdb3.2 3.2.0-2.1
ii  libpcre3  2:8.39-2
ii  libpng16-16   1.6.28-1
ii  libpython3.5  3.5.3-1
ii  libsndfile1   1.0.27-1
ii  libspnav0 0.2.3-1
ii  libstdc++66.3.0-5
ii  libswscale4   7:3.2.2-2
ii  libtbb2   4.3~20150611-2
ii  libtiff5  4.0.7-5
ii  libx11-6  2:1.6.4-2
ii  libxi62:1.7.8-2
ii  libxml2   2.9.4+dfsg1-2.2
ii  libxxf86vm1   1:1.1.4-1
pn  python3:any   
ii  zlib1g1:1.2.8.dfsg-4

blender recommends no packages.

blender suggests no packages.

-- no debconf information

Bug#853809: unblock: e2fsprogs/1.43.4-2

[Emilio Pozuelo Monfort]

On 01/02/17 04:48, Theodore Y. Ts'o wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package e2fsprogs
> 
> 1.43.4 is the new upstream version of e2fsprogs which fixes a RC bug
> (#840733: e2fsprogs contains non-free file).  n.b., the non-free file is
> only used in a regression test and isn't actually included in any
> binary.  There are also a number of important bug fixes that I'd really
> like to get into stretch.  See the debian changelog or [1] for more
> details.
> 
> [1] http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.4
> 
> Note: there is a udeb involved since this will also require a d-i
> release manager unblock.  I'm unclear whether there is a separate
> process for requesting that particlar unblock.  Please advise.
> 
> I just uploaded 1.43.4-2 to sid today, so it will be five days old when
> the Stretch Freeze hits.  So I'm filing this bug now as a heads up,
> since unless the release schedule slips, this isn't going to meet the
> mandatory 10 day delay which was announced in December.

This seems fine to me, unblocked. Cc'ing debian-boot@/Cyril for the udeb 
unblock.

Cheers,
Emilio

Bug#854005: [pkg-gnupg-maint] Bug#854005: Bug#854005: ssh-agent no longer works

[Wouter Verhelst]

On Sat, Feb 04, 2017 at 01:56:08AM +0900, NIIBE Yutaka wrote:
> NIIBE Yutaka  wrote:
> > Ah... I think that I enbugged a bug for PC/SC, and scdaemon with PC/SC
> > is somehow broken in 2.1.18.  Please try with internal CCID driver of
> > GnuPG.  I mean, don't use PC/SC service.
> 
> Or, please add:
> 
>   disable-ccid
> 
> in your scdaemon.conf if you want to use PC/SC service with scdaemon of
> 2.1.18.

At first glance that doesn't seem to fix it, but I haven't tested it much.

-- 
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
   people in the world who think they really understand all of its rules,
   and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12

Bug#851819: ERROR: wget failed to download http://people.debian.org/~bartm/...

[Leo L. Schwab]

Package: flashplugin-nonfree
Version: 1:3.7
Followup-For: Bug #851819

  ___ _   _   _ 
|  _ \_ _| \ | |/ ___| |
| |_) | ||  \| | |  _| |
|  __/| || |\  | |_| |_|
|_|  |___|_| \_|\(_)


$ sudo update-flashplugin-nonfree --install --verbose
options :  --install --verbose --
temporary directory: /tmp/flashplugin-nonfree.S4CJ9z75AC
importing public key ...
selected action = --install
installed version = 24.0.0.186
upstream version = 24.0.0.194
wgetoptions= -nd -P .   -v --progress=dot:default 
downloading 
http://people.debian.org/~bartm/flashplugin-nonfree/D5C0FC14/fp.24.0.0.194.sha512.amd64.pgp.asc
 ...
URL transformed to HTTPS due to an HSTS policy
--2017-02-03 12:42:35--  
https://people.debian.org/~bartm/flashplugin-nonfree/D5C0FC14/fp.24.0.0.194.sha512.amd64.pgp.asc
Resolving people.debian.org (people.debian.org)... 5.153.231.30, 
2001:41c8:1000:21::21:30
Connecting to people.debian.org (people.debian.org)|5.153.231.30|:443... 
connected.
HTTP request sent, awaiting response... 404 Not Found
2017-02-03 12:42:36 ERROR 404: Not Found.

cleaning up temporary directory /tmp/flashplugin-nonfree.S4CJ9z75AC ...
ERROR: wget failed to download 
http://people.debian.org/~bartm/flashplugin-nonfree/D5C0FC14/fp.24.0.0.194.sha512.amd64.pgp.asc
More information might be available at:
  http://wiki.debian.org/FlashPlayer




-- Package-specific info:
Debian version: 9.0
Architecture: amd64
Package version: 1:3.7
Adobe Flash Player version: LNX 24,0,0,186
MD5 checksums:
a618a20ef0bf4f463960134486a2ed7b  
/var/cache/flashplugin-nonfree/flash_player_npapi_linux.x86_64.tar.gz
29c85bc8504422120cf89702986ff8e1  
/var/cache/flashplugin-nonfree/get-upstream-version.pl
82cd4f82b2023fad1d43092de8e002a7  
/var/cache/flashplugin-nonfree/install_flash_player_11_linux.x86_64.tar.gz
52d5e951bafcdb493d1a980a62c0f80e  
/usr/lib/flashplugin-nonfree/libflashplayer.so
Alternatives:
flash-mozilla.so - auto mode
  link best version is /usr/lib/flashplugin-nonfree/libflashplayer.so
  link currently points to 
/usr/lib/flashplugin-nonfree/libflashplayer.so
  link flash-mozilla.so is /usr/lib/mozilla/plugins/flash-mozilla.so
/usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50
lrwxrwxrwx 1 root root 34 Aug  4  2016 
/usr/lib/mozilla/plugins/flash-mozilla.so -> /etc/alternatives/flash-mozilla.so
/usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to 
/etc/alternatives/flash-mozilla.so

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages flashplugin-nonfree depends on:
ii  binutils   2.27.90.20170124-2
ii  ca-certificates20161130
ii  debconf [debconf-2.0]  1.5.60
ii  gnupg  2.1.18-3
ii  gnupg2 2.1.18-3
ii  libatk1.0-02.22.0-1
ii  libcairo2  1.14.8-1
ii  libcurl3-gnutls7.52.1-2
ii  libfontconfig1 2.11.0-6.7
ii  libfreetype6   2.6.3-3+b1
ii  libgcc11:6.3.0-5
ii  libglib2.0-0   2.50.2-2
ii  libgtk2.0-02.24.31-2
ii  libnspr4   2:4.12-6
ii  libnss32:3.26.2-1
ii  libpango1.0-0  1.40.3-3
ii  libstdc++6 6.3.0-5
ii  libx11-6   2:1.6.4-3
ii  libxext6   2:1.3.3-1
ii  libxt6 1:1.1.5-1
ii  wget   1.18-4

flashplugin-nonfree recommends no packages.

Versions of packages flashplugin-nonfree suggests:
pn  firefox-esr
ii  fonts-dejavu   2.37-1
pn  hal-flash  
pn  iceweasel  
pn  konqueror-nsplugins
ii  ttf-mscorefonts-installer  3.6
pn  ttf-xfree86-nonfree

-- no debconf information

Bug#831059: lists.debian.org: Permanently banned users cannot send positive contributions to lists.debian.org

[Javier Serrano Polo]

El dv 03 de 02 de 2017 a les 11:25 -0600, Don Armstrong va escriure:
> communicated by Debian community members

Thanks for the answer, since it provides some kind of procedure.
However, bothering community members does not seem a way to improve
Debian. May I open a bug report about my case myself and elaborate?


smime.p7s
Description: S/MIME cryptographic signature

Bug#854030: sweethome3d: Consider adding '-Dsun.java2d.opengl=true' startup option

[Markus Koschany]

On Fri, 03 Feb 2017 10:16:33 +0100 Alessio Gaeta  wrote:
> Package: sweethome3d
> Version: 5.3+dfsg-2
> Severity: wishlist
> 
> Dear Maintainer,
> 
> SH3D 2D interface is very slow and lagging, at least on my machine (an 8 cores
> Intel i7, not exaclty a low-end one). Adding '-Dsun.java2d.opengl=true' to
> startup options (in /usr/share/sweethome3d/sweethome3d.sh) made it usable.
> 
> I know that OpenGL acceleration is always problematic, and I don't know hot 
> its
> support is in OpenJDK (I'm using the Oracle JDK), but OpenGL is already used
> for the 3d view, after all, and in a CAD is a must (drawing a wall with the
> mouse pointer jumping back and forth is a real pain...).

Hello,

thanks for the report. I haven't noticed any performance issues with
Sweethome3d and OpenJDK in the past and I use a rather poor video card
for nowadays standards (Radeon HD 6450 using the Gallium OpenGL
renderer). I haven't tested the Oracle JDK though. We can test your
proposed setting when Stretch is released. I will add it to JAVA_ARGS in
/usr/bin/sweethome3d which seems to be the appropriate place for this
package.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#853269: reportbug: attempting to use gtk2 interface on text console segfaults, should fallback to text

[Nis Martensen]

> reportbug should fallback to the text ui if run from a text console.

Here is a patch that implements this.

Regards, Nis
>From a2da701d8f1fa1a5b33392a6ee8b4d16171466ce Mon Sep 17 00:00:00 2001
From: Nis Martensen 
Date: Wed, 1 Feb 2017 23:28:51 +0100
Subject: [PATCH 4/4] gtk2_ui: without graphical display, fall back to text UI

---
 reportbug/ui/gtk2_ui.py | 4 
 1 file changed, 4 insertions(+)

diff --git a/reportbug/ui/gtk2_ui.py b/reportbug/ui/gtk2_ui.py
index 3d74a7a..23d598b 100644
--- a/reportbug/ui/gtk2_ui.py
+++ b/reportbug/ui/gtk2_ui.py
@@ -22,6 +22,10 @@
 
 from reportbug.exceptions import UINotImportable
 
+import os
+if not ('DISPLAY' in os.environ or 'WAYLAND_DISPLAY' in os.environ):
+raise UINotImportable('No graphical display detected, falling back to text UI.')
+
 try:
 import gi
 
-- 
2.1.4

Bug#846002: Call for votes on resolution for #846002 (blends-tasks)

[Sam Hartman]

I vote A -> FD for the blends-tasks vote.


signature.asc
Description: PGP signature

Bug#854040: unblock: iptables/1.6.1

[Niels Thykier]

Control: tags -1 moreinfo

Arturo Borrero Gonzalez:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear release team,
> 
> thanks for your awesome work with Debian. I really appreciate it.
> 
> In debian stretch/sid, we currently have iptables 1.6.0+snapshot20161117-5.
> 
> Upstream has released iptables 1.6.1, but by the time of the upstream release
> I had no time to upload to unstable due to our freeze and the 10 days
> testing migration delay.
> 
> I, hereby, ask for permission to upload iptables 1.6.1 to unstable targeting
> debian stretch.
> 
> This request is previous to any effort by my side to package this new
> upstream release, so I have no debdiff or the like.
> However, I have counted that our package is ~17 commits behind the upstream
> code.
> 
> There are no hidden interests in this request. Please, decide according
> to your needs and the needs of Stretch.
> 

Hi Arturo,

Thanks for bring this up.

Without any additional information, it is hard for us to review this
request.  The easiest for us is if you attach a source debdiff between
testing and unstable plus the change log to the request.

Thanks,
~Niels

Bug#756253: Data in /sys/fs/pstore

[Paolo Cavallini]

I have this [0]. Should/can I remove something?
Please let me know if I can be of help.
All the best.
===
[0]
-r--r--r-- 1 root root 1740 mag 23  2015 dmesg-efi-143240377201001
-r--r--r-- 1 root root 1796 mag 23  2015 dmesg-efi-143240377302001
-r--r--r-- 1 root root 1714 mag 23  2015 dmesg-efi-143240377303001
-r--r--r-- 1 root root 1765 mag 23  2015 dmesg-efi-143240377304001
-r--r--r-- 1 root root 1787 mag 23  2015 dmesg-efi-143240377305001
-r--r--r-- 1 root root 1807 mag 23  2015 dmesg-efi-143240377306001
-r--r--r-- 1 root root 1779 mag 23  2015 dmesg-efi-143240377307001
-r--r--r-- 1 root root 1797 mag 23  2015 dmesg-efi-143240377308001
-r--r--r-- 1 root root 1746 mag 23  2015 dmesg-efi-143240377309001
-r--r--r-- 1 root root 1771 mag 23  2015 dmesg-efi-143240377310001
-r--r--r-- 1 root root 1824 mag 23  2015 dmesg-efi-143240377311001
-r--r--r-- 1 root root 1817 mag 23  2015 dmesg-efi-143240377312001
-r--r--r-- 1 root root 1818 mag 23  2015 dmesg-efi-143240377313001
-r--r--r-- 1 root root 1771 mag 23  2015 dmesg-efi-143240377314001
-r--r--r-- 1 root root 1772 mag 23  2015 dmesg-efi-143240377315001
-r--r--r-- 1 root root  994 ott 16  2015 dmesg-efi-144499093501001
-r--r--r-- 1 root root 1768 ott 16  2015 dmesg-efi-144499093501002
-r--r--r-- 1 root root 1019 ott 16  2015 dmesg-efi-144499093502001
-r--r--r-- 1 root root 1576 ott 16  2015 dmesg-efi-144499093502002
-r--r--r-- 1 root root  942 ott 16  2015 dmesg-efi-144499093503001
-r--r--r-- 1 root root 1267 ott 16  2015 dmesg-efi-144499093503002
-r--r--r-- 1 root root  758 ott 16  2015 dmesg-efi-144499093504001
-r--r--r-- 1 root root 1785 ott 16  2015 dmesg-efi-144499093504002
-r--r--r-- 1 root root  973 ott 16  2015 dmesg-efi-144499093505001
-r--r--r-- 1 root root 1823 ott 16  2015 dmesg-efi-144499093505002
-r--r--r-- 1 root root  935 ott 16  2015 dmesg-efi-144499093506001
-r--r--r-- 1 root root 1773 ott 16  2015 dmesg-efi-144499093506002
-r--r--r-- 1 root root  962 ott 16  2015 dmesg-efi-144499093507001
-r--r--r-- 1 root root 1821 ott 16  2015 dmesg-efi-144499093507002
-r--r--r-- 1 root root  994 ott 16  2015 dmesg-efi-144499093508001
-r--r--r-- 1 root root 1810 ott 16  2015 dmesg-efi-144499093508002
-r--r--r-- 1 root root  940 ott 16  2015 dmesg-efi-144499093509001
-r--r--r-- 1 root root 1814 ott 16  2015 dmesg-efi-144499093509002
-r--r--r-- 1 root root  934 ott 16  2015 dmesg-efi-144499093510001
-r--r--r-- 1 root root 1785 ott 16  2015 dmesg-efi-144499093510002
-r--r--r-- 1 root root  947 ott 16  2015 dmesg-efi-144499093511001
-r--r--r-- 1 root root 1820 ott 16  2015 dmesg-efi-144499093511002
-r--r--r-- 1 root root 1786 ott 16  2015 dmesg-efi-144499093512002
-r--r--r-- 1 root root 1780 ott 16  2015 dmesg-efi-144499093513002
-r--r--r-- 1 root root 1812 ott 16  2015 dmesg-efi-144499093514002
-r--r--r-- 1 root root 1748 ott 16  2015 dmesg-efi-144499093515002
-r--r--r-- 1 root root 1789 ott 16  2015 dmesg-efi-144499093516002
-r--r--r-- 1 root root  945 ott 19  2015 dmesg-efi-144526454201001
-r--r--r-- 1 root root 1017 ott 19  2015 dmesg-efi-144526454202001
-r--r--r-- 1 root root  816 ott 19  2015 dmesg-efi-144526454203001
-r--r--r-- 1 root root  548 ott 19  2015 dmesg-efi-144526454204001
-r--r--r-- 1 root root 1007 ott 19  2015 dmesg-efi-144526454205001
-r--r--r-- 1 root root  959 ott 19  2015 dmesg-efi-144526454206001
-r--r--r-- 1 root root  953 ott 19  2015 dmesg-efi-144526454207001
-r--r--r-- 1 root root  979 ott 19  2015 dmesg-efi-144526454208001
-r--r--r-- 1 root root 1018 ott 19  2015 dmesg-efi-144526454209001
-r--r--r-- 1 root root  986 ott 19  2015 dmesg-efi-144526454210001
-r--r--r-- 1 root root  991 ott 19  2015 dmesg-efi-144526454211001
-r--r--r-- 1 root root 1760 ott 22  2015 dmesg-efi-144549255204002

-- 
Paolo Cavallini - www.faunalia.eu
QGIS & PostGIS courses: http://www.faunalia.eu/training.html
https://www.google.com/trends/explore?date=all=IT=qgis,arcgis

Bug#854022: closed by Sandro Tosi <mo...@debian.org> (Re: [Reportbug-maint] Bug#854022: Not able anymore to contact debian bts)

[Axel Beckert]

Control: reopen -1
Control: reassign -1 bugs.debian.org

Hi Sandro,

Debian Bug Tracking System wrote:
> On Fri, Feb 3, 2017 at 2:12 AM, Klaus Ethgen  wrote:
> > Unable to connect to Debian BTS (error: "SSLError(1, '[SSL:
> > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)')");
> > continue [y|N|?]?
> 
> sounds like a problem with the BTS, please contact them; closing as invalid

That's no reason to close a bug! Next time, please reassign such bugs
accordingly instead. TIA!

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#853767: installation-guide_20161031_welcome: [INTL:nl] Dutch po file

[Frans Spiesschaert]

Hi Holger,

Holger Wansing schreef op do 02-02-2017 om 21:44 [+0100]:
> Hi Frans,
> 
> it's fine to see a d-i manual translation update for Dutch, after Dutch
> being orphaned for a long time.
> 
> I have activated the build for i386 in Dutch on 
> http://d-i.alioth.debian.org/manual/. Might help for proofreading or such.

Nice.

> It would be great if you could work on the Dutch d-i manual further.

I intend to do so, but at a slow pace and not specifically aiming at the
Stretch release.

> (It's probably to late for Stretch, but maybe a target for Buster?)
> 
> 
> Regards
> Holger
> 
> 
> 

-- 
Cheers,
Frans



signature.asc
Description: This is a digitally signed message part

Bug#826551: [Pkg-puppet-devel] RFP: puppetdb-termini -- Enable a Puppet master to connect to PuppetDB

[micah]

Hi,

Apollon Oikonomopoulos  writes:
>  - puppet 4.8.2-1 will (hopefully) migrate to testing tomorrow, 3 days 
>before the Freeze. This will be the first version in Stretch 
>supporting Puppet 3 clients.

This has migrated. I've upgraded my Stretch puppet4 server to 4.8.2-1
and am testing it.

Unfortunately, I've already found a problem. If I have a new puppet3
node and I do:

root@puppetdb:~# puppet agent -t
Exiting; no certificate found and waitforcert is disabled
root@puppetdb:~#

It doesn't generate a CSR, there is no /var/lib/puppet/ssl
directory. Yes, this is puppet3 that is failing here, but I suspect it
is because it is not getting the right response from the master.

On the master, I see nothing in the puppet logs, but I do see in the
apache logs:

newpuppetmaster:8140 0.0.0.0 - - [03/Feb/2017:08:41:30 -0800] "GET 
/production/certificate/puppetdb? HTTP/1.1" 404 5361 "-" "Ruby"

but nothing else. The puppetmaster has no certs pending to be signed and
only has one cert signed (the puppetmaster itself). There is nothing in
/var/lib/puppet/ssl on the master besides the puppetmaster cert bits.

I'm wondering if this works for others, or if maybe this part of the
puppet3 compatibility was missed?

micah


signature.asc
Description: PGP signature

Bug#854005: [pkg-gnupg-maint] Bug#854005: Bug#854005: ssh-agent no longer works

[NIIBE Yutaka]

NIIBE Yutaka  wrote:
> Ah... I think that I enbugged a bug for PC/SC, and scdaemon with PC/SC
> is somehow broken in 2.1.18.  Please try with internal CCID driver of
> GnuPG.  I mean, don't use PC/SC service.

Or, please add:

disable-ccid

in your scdaemon.conf if you want to use PC/SC service with scdaemon of
2.1.18.
-- 

Bug#853935: rephrase: No more works with gpg2 and causes one pinentry popup per guess

[Axel Beckert]

Control: tags -1 - patch

Hi Daniel,

thanks for your insight on that topic.

Daniel Kahn Gillmor wrote:
> > I think to solve this issue for Debian Stretch in the short term,
> > rephrase needs to
> >
> > 1) depend on "gnupg1" instead of "gnupg", and
> > 2) replace all calls to "gpg" with "gpg1".
> >
> > The following patch fixes the issue for me and also reports the correct
> > passphrase if it was under the given variants.
> 
> I don't think this is a sensible change, given the purpose of rephrase.
> 
> the 2.1.x version of GnuPG (which is what will offer /usr/bin/gpg in
> debian stretch) stores its secret key material in a different way
> (~/.gnupg/private-keys-v1.d) than gpg1 does (~/.gnupg/secring.gpg).  If
> you want rephrase to recover a partially-known passphrase against gpg
> 2.1.x, having one that "works" against gpg1 isn't going to be useful at
> all.

I see that one of my assumptions was wrong:

I do seem to be able to do --export-secret-subkeys without a
passphrase in some cases and can import those again with gpg1, but I
can't do that with --export-secret-keys. So my idea to export them
with gpg2 and import them with gpg1 and then use rephrase won't work.

> A better short-term fix would be to add "--pinentry-mode", "loopback" to
> the arguments passed to the gpg invocations in rephrase.c.

I'll try to come up with a patch for that.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#853990: Acknowledgement (Add prompt for iSCSI initiator name in installer)

[Kevin Otte]

> which I've just rebased and then tweaked to use a here document:
> 
>   
> https://anonscm.debian.org/cgit/d-i/partman-iscsi.git/log/?h=pu/iscsi-initiator-prompt

The here document needs to be left justified, lest the target file end
up with the indentation. See finish.d/iscsi_settings:69 et al.

-- Kevin

Bug#826551: [Pkg-puppet-devel] RFP: puppetdb-termini -- Enable a Puppet master to connect to PuppetDB

[Apollon Oikonomopoulos]

On 11:55 Fri 03 Feb , micah wrote:
> 
> Hi,
> 
> Apollon Oikonomopoulos  writes:
> >  - puppet 4.8.2-1 will (hopefully) migrate to testing tomorrow, 3 days 
> >before the Freeze. This will be the first version in Stretch 
> >supporting Puppet 3 clients.
> 
> This has migrated. I've upgraded my Stretch puppet4 server to 4.8.2-1
> and am testing it.
> 
> Unfortunately, I've already found a problem. If I have a new puppet3
> node and I do:
> 
> root@puppetdb:~# puppet agent -t
> Exiting; no certificate found and waitforcert is disabled
> root@puppetdb:~#
> 
> It doesn't generate a CSR, there is no /var/lib/puppet/ssl
> directory. Yes, this is puppet3 that is failing here, but I suspect it
> is because it is not getting the right response from the master.
> 
> On the master, I see nothing in the puppet logs, but I do see in the
> apache logs:
> 
> newpuppetmaster:8140 0.0.0.0 - - [03/Feb/2017:08:41:30 -0800] "GET 
> /production/certificate/puppetdb? HTTP/1.1" 404 5361 "-" "Ruby"
> 
> but nothing else. The puppetmaster has no certs pending to be signed and
> only has one cert signed (the puppetmaster itself). There is nothing in
> /var/lib/puppet/ssl on the master besides the puppetmaster cert bits.
> 
> I'm wondering if this works for others, or if maybe this part of the
> puppet3 compatibility was missed?

>From the looks of it, you're using a Webrick puppetmaster. You should 
switch to puppet-master-passenger instead :)

Apollon

Bug#853151: linux-image-4.9.0-0.bpo.1-amd64: Also on linux-image-4.9.0-0.bpo.1-amd64

[Charles Curley]

Package: src:linux
Followup-For: Bug #853151

Dear Maintainer,

   * What led up to the situation?

apt-get dist-upgrade on Debian GNU/Linux 8.7 (jessie) lead to installation of 
linux-image-4.9.0-0.bpo.1-amd64.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

I rebooted to the new kernel.

   * What was the outcome of this action?

Networking failed. The network would get a connection, then operate briefly, 
then fail to operate. Re-inserting the kernel module brought only brief relief. 
("rmmod rtl8192ce ; sleep 2 ; modprobe rtl8192ce")

Rebooting to the previous kernel, linux-image-4.8.0-0.bpo.2-amd64, resolved the 
issue. I toggled between the two kernels several times to isolate the problem.

   * What outcome did you expect instead?

A working network.

I have preserved syslog for this morning. Let me know if you need it or 
portions of it. It's an 11 mb file, so I hesitate to attach it.


-- Package-specific info:
** Kernel log: boot messages should be attached

** Model information
sys_vendor: LENOVO
product_name: 4242W9B
product_version: ThinkPad T520
chassis_vendor: LENOVO
chassis_version: Not Available
bios_vendor: LENOVO
bios_version: 8AET51WW (1.31 )
board_vendor: LENOVO
board_name: 4242W9B
board_version: Not Available

** Network interface configuration:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# # The primary network interface
# allow-hotplug eth0
# iface eth0 inet dhcp
# Commented out so network manager can manage this and wlan1.

** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor 
Family DRAM Controller [8086:0104] (rev 09)
Subsystem: Lenovo Device [17aa:21cf]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 

00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd Generation Core 
Processor Family Integrated Graphics Controller [8086:0126] (rev 09) (prog-if 
00 [VGA controller])
Subsystem: Lenovo Device [17aa:21cf]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- 
SERR- TAbort- SERR- TAbort- SERR- TAbort- Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Express (v2) Root Port (Slot+), MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: Report errors: Correctable- Non-Fatal- Fatal- 
Unsupported-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr+ 
TransPend-
LnkCap: Port #1, Speed 5GT/s, Width x1, ASPM L0s L1, Exit 
Latency L0s <1us, L1 <16us
ClockPM- Surprise- LLActRep+ BwNot-
LnkCtl: ASPM L0s L1 Enabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s, Width x0, TrErr- Train- SlotClk+ 
DLActive- BWMgmt- ABWMgmt-
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- 
Surprise-
Slot #0, PowerLimit 10.000W; Interlock- NoCompl+
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- 
LinkChg-
Control: AttnInd Unknown, PwrInd Unknown, Power- 
Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet- 
Interlock-
Changed: MRL- PresDet- LinkState-
RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- 
CRSVisible-
RootCap: CRSVisible-
RootSta: PME ReqID , PMEStatus- PMEPending-
DevCap2: Completion Timeout: Range BC, TimeoutDis+, LTR-, OBFF 
Not Supported ARIFwd-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, 
OBFF Disabled ARIFwd-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
 Transmit Margin: Normal Operating Range, 
EnterModifiedCompliance- ComplianceSOS-
 Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -3.5dB, 
EqualizationComplete-, EqualizationPhase1-
 EqualizationPhase2-, EqualizationPhase3-, 
LinkEqualizationRequest-
Capabilities: [80] MSI: Enable- Count=1/1 Maskable- 64bit-
Address:   Data: 
Capabilities: [90] Subsystem: Lenovo 

Bug#854053: coreutils: improve 2x-3x sha256sum performance on ppc64le due to current gcc optimization bug

[Gustavo Serra Scalet]

> -Original Message-
> From: Michael Stone [mailto:mst...@debian.org]
> Sent: sexta-feira, 3 de fevereiro de 2017 11:38
> To: Gustavo Serra Scalet 
> Cc: 854...@bugs.debian.org; coreut...@gnu.org
> Subject: Re: Bug#854053: coreutils: improve 2x-3x sha256sum performance
> on ppc64le due to current gcc optimization bug
> 
> On Fri, Feb 03, 2017 at 11:22:28AM -0200, Gustavo Serra Scalet wrote:
> >The sha256sum provided by coreutils (without openssl) is performing
> >poorly with versions >= 4.9 until 7.0 (currently under development).
> >The reason for that is the -fschedule-insns optimization that is used
> >with -O2. By simply deactivating it, there is a performance improvement
> >of
> >2 to 3 times.
> >
> >I'm attaching a patch that demonstrate that behavior but it lacks this
> >condition:
> >* If ppc64le
> >* If gcc being used is >= 4.9 and < 7.0
> >
> >Notes:
> >1) gcc-7 is not affected by this bug (verified on 20170129 snapshot).
> >2) clang is not affected by this bug (verified on v3.8 and v3.9).
> >3) strangely the sha512 is not affected by this.
> 
> Sounds good in theory, just needs conditionals. :) For debian we can
> just assume the compiler version and remove the patch when a newer
> compiler is available as a dependency, but making it conditional on ppc
> seems essential. Upstream would probably want some kind of compiler
> based test.

Seems good to me.
 
> My understanding is that just adding this option to cflags
> when building on the appropriate architecture wouldn't work, because it
> would negatively impact other code, is that correct?

Yes, I wouldn't add this CFLAG for the whole package, but only for the 
lib/sha256.o target (that's what my patch is doing).

For that target, I see a better performance without that optimization than with 
it. Normally nobody shuts off optimization to improve performance but, as I 
said, it is a bug that happens on this target and it affects gcc versions >= 
4.9 and < 7.0.

If you see a different way out, or a more neat approach, please advise.

> 
> Mike Stone
> 
> (additional context quoted below)
> 
> >Below a demonstration of how it performs:
> >
> >===
> >$ (./configure && make -j9) > /dev/null && time src/sha256sum
> >~/ubuntu-16.10-server-ppc64el.iso
> >configure: WARNING: libacl development library was not found or not
> usable.
> >configure: WARNING: GNU coreutils will be built without ACL support.
> >configure: WARNING: libattr development library was not found or not
> usable.
> >configure: WARNING: GNU coreutils will be built without xattr support.
> >configure: WARNING: libcap library was not found or not usable.
> >configure: WARNING: GNU coreutils will be built without capability
> support.
> >configure: WARNING: libgmp development library was not found or not
> usable.
> >configure: WARNING: GNU coreutils will be built without GMP support.
> >src/who.c: In function 'print_user':
> >src/who.c:454:20: warning: initialization discards 'const' qualifier
> from pointer target type [-Wdiscarded-qualifiers]
> > int   *a = utmp_ent->ut_addr_v6;
> >^~~~
> >d14bdb413ea6cdc8d9354fcbc37a834b7de0c23f992deb0c6764d0fd5d65408e
> >/home/gut/ubuntu-16.10-server-ppc64el.iso
> >
> >real0m18.670s
> >user0m16.566s
> >sys 0m0.745s
> >
> >$ # now with the following patch:
> >$ diff Makefile.in ../Makefile.in
> >8989c8989
> >< @am__fastdepCC_TRUE@  $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c
> >-o $@ $< &&\
> >---
> >> @am__fastdepCC_TRUE@  $(COMPILE) $$([ "$@" == "lib/sha256.o" ] &&
> >> echo "-fno-schedule-insns") -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@
> >> $< &&\
> >$ cp ../Makefile.in Makefile.in
> >$ (./configure && make -j9) > /dev/null && time src/sha256sum
> >~/ubuntu-16.10-server-ppc64el.iso
> >configure: WARNING: libacl development library was not found or not
> usable.
> >configure: WARNING: GNU coreutils will be built without ACL support.
> >configure: WARNING: libattr development library was not found or not
> usable.
> >configure: WARNING: GNU coreutils will be built without xattr support.
> >configure: WARNING: libcap library was not found or not usable.
> >configure: WARNING: GNU coreutils will be built without capability
> support.
> >configure: WARNING: libgmp development library was not found or not
> usable.
> >configure: WARNING: GNU coreutils will be built without GMP support.
> >src/who.c: In function 'print_user':
> >src/who.c:454:20: warning: initialization discards 'const' qualifier
> from pointer target type [-Wdiscarded-qualifiers]
> > int   *a = utmp_ent->ut_addr_v6;
> >^~~~
> >d14bdb413ea6cdc8d9354fcbc37a834b7de0c23f992deb0c6764d0fd5d65408e
> >/home/gut/ubuntu-16.10-server-ppc64el.iso
> >
> >real0m5.903s
> >user0m5.560s
> >sys 0m0.255s
> 
> >--- Makefile.in  2016-11-30 16:34:55.0 -0200
> >+++ ../Makefile.in   2017-02-03 09:33:17.93600 

Bug#854078: network-manager: nm-online returns before network devices got an address

[Uwe Kleine-König]

Package: network-manager
Version: 1.4.4-1
Severity: serious
Tags: upstream
Justification: affects other packages
Control: forwarded -1 https://bugzilla.gnome.org/show_bug.cgi?id=777831

Hello,

this is to track this bug in the Debian BTS. It is already reported
upstream.

tftpd-hpa has in it's init script

Required-Start:   $local_fs $remote_fs $syslog $network

Still adding to it in do_start()

ip a > /tmp/tftpd-addr-info

results in this content of the above file

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: wlp2s0:  mtu 1500 qdisc mq state DOWN 
group default qlen 1000
link/ether e6:82:ab:03:8f:6c brd ff:ff:ff:ff:ff:ff

That is, tftpd is started before network is ready. When I log into the
machine, network is available, so the problem is really that nm-online
doesn't block long enough.

Best regards
Uwe

Bug#854022: Not able anymore to contact debian bts)

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Fr den  3. Feb 2017 um 19:56 schrieb Don Armstrong:
> As near as I can tell, the certificates for the BTS are just fine:
> 
> % openssl s_client -showcerts -connect bugs.debian.org:443  x509 -text|grep -e verify -e GMT -i   
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> depth=0 CN = bugs.debian.org
> verify return:1
> DONE
> Not Before: Jan  6 10:58:00 2017 GMT
> Not After : Apr  6 10:58:00 2017 GMT

Ah, so debian changed the CA? Was that published somewhere? I do not
usually trust certificates coming from a different CA.

> So if you're getting this error, it's either that reportbug is
> connecting to the wrong URI, you don't have the appropriate CAs
> installed, or something else is going on.

Well, as I told, I do not trust CAs per default. I usually check
certificates very good. As good as possible. And I cannot find any
documentation that debian switched or want to switch.

So, yes, that might be the reason, but please do document that proper.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliU1aYACgkQpnwKsYAZ
9qyG/AwAmUC6bPFTaEflheY7hiW8ixBFHUzthgna1qMkE0VnMdfLHnB/xea5FAem
gnf3HgPoZxBenGWDfqjnfNIr6d8ILBntho4EpiCTPIhmOX3XQ4tKgpAa/ezgiBZv
wKWbWg3++6Ynd+2vrrgKJX8BjqOkW6nB1nB8dF/MbmWnft3GKa62sGvhHTYTXYom
OT/6nb4VaKdzOqxmr3BGFV043+U01eluUWYqwIPphs4Bs35c6B+MVfP4k2ZqyJFI
yYqyWnj6bk25PHYgsKFbMtcO6xBjXT5Myk2sA2P8Iq8oe6pqrgnh+B6STbPqx+gr
HqcgAVwvtsYnhwoLynbe0EptM9AAZG01HVfEoJmdU3bNBQuLSAF33gqUmR2GMncX
v/iYGifE9df+FqPYet5uDQ++JjEUTbKGsmyIuV/Ihfw9Lnrim6LGM00VzinLGjoO
p29mPGPFuZG+/isWTqk2Bdc1ff2voo7WqTaUbSnd0ZKZREZ9hE7kVQ+o5wcJyB9S
CZnuw35p
=0sEI
-END PGP SIGNATURE-

Bug#853937: Bug#854059: texlive-base: failure during texlive-lang-japanese jessie->stretch upgrade test

[Norbert Preining]

reassign 854059 texlive-lang-japanese
reassign 853937 texlive-lang-japanese
severity 854059 serious
severity 853937 serious
merge 852611 854059 853937
thanks

Hi Andreas, hi Karl,

already reported and will hopefully be fixed by src:texlive-base
transitioning to testing soon.

Norbert

--
PREINING Norbert   http://www.preining.info
Accelia Inc. +JAIST +TeX Live +Debian Developer
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#854074: gcc-6: please enable PIE hardening flags by default on kfreebsd-*

[Steven Chamberlain]

Hi,

Matthias Klose wrote:
> [CCing porters, please also leave feedback in #835148 for non-release 
> architectures]

Since that bug is done/closed/actioned, I've cloned a new one for this
request.

> On 29.09.2016 21:39, Niels Thykier wrote:
> > As agreed on during the [meeting], if there are no major concerns to
> > this proposal in general within a week, I shall file a bug against GCC
> > requesting PIE by default on all release architectures (with backing
> > porters).

I think we are ready for this now;  please enable PIE by default on
kfreebsd-* when it is practical (or rather, allow dpkg-buildflags to
enable it).

Thanks,
Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org


signature.asc
Description: Digital signature

Bug#848574: openmpi: frequent segfault in linker on mips64el

[James Cowgill]

Hi,

So I have been looking at this on and off for some time now but I've
been unable to make much progress on it.

Whatever the bug is, it's causing heap corruption which causes
things to segfault before MPI_Init returns. While most of the time it
segfaults, sometimes it prints other openmpi errors, and sometimes
glibc aborts due to detecting heap corruption.

There is probably a threading data race issue here as well. If I run
the test program on an idle machine with "taskset 1" (so it only runs
on 1 CPU) then the errors go away. I expect this is the reason why the
specific error message is not 100% reproducible for me.

On Mon, 23 Jan 2017 23:20:23 +0800 YunQiang Su  wrote:
> It is quite strange that it won't fail if run with gdb.

I guess this is due to gdb slowing down certain threads.

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#853937: Bug#854059: texlive-base: failure during texlive-lang-japanese jessie->stretch upgrade test

[Karl Fogel]

Norbert Preining  writes:
>reassign 854059 texlive-lang-japanese
>reassign 853937 texlive-lang-japanese
>severity 854059 serious
>severity 853937 serious
>merge 852611 854059 853937
>thanks
>
>Hi Andreas, hi Karl,
>
>already reported and will hopefully be fixed by src:texlive-base
>transitioning to testing soon.

Thank you, Norbert.  Will keep an eye out for it.

Bug#854009: soundmodem: starts kiss device with incorrect permissions

[Bdale Garbee]

Dave Hibberd  writes:

> I think dialout is an easier group to deal with for those of us who are
> using hardware TNCs also - it means everything is caught by the same
> group. I don't much fancy writing udev rules to catch every TNC when we
> can just treat them like a serial port.

I agree that group dialout is the right choice here.

Bdale


signature.asc
Description: PGP signature

Bug#852702: [pkg-gnupg-maint] Bug#852702: [gnupg2] gpg: OpenPGP card not available: No such device after upgrade to 2.1.18-3

[NIIBE Yutaka]

Shin Ice  writes:
> Package: gnupg2
> Version: 2.1.18-3
> Severity: important
>
> --- Please enter the report below this line. ---
>
> Hi,
>
> after upgrading gnupg2 (and related) to version 2.1.18-3 the yubikey 4
> can't be used. On a different system (still sid) with version 2.1.16-3
> all works as desired and designed.
>
> $ gpg2 --card-status
> gpg: selecting openpgp failed: No such device
> gpg: OpenPGP card not available: No such device

I think that I enbugged scdaemon.  Could you please try to put
a line in your .gnupg/scdaemon.conf?

--- .gnupg/scdaemon.conf
disable-ccid
---

-- 

Bug#854030: sweethome3d: Consider adding '-Dsun.java2d.opengl=true' startup option

[Markus Koschany]

On Fri, 03 Feb 2017 10:16:33 +0100 Alessio Gaeta  wrote:
> Package: sweethome3d
> Version: 5.3+dfsg-2
> Severity: wishlist
> 
> Dear Maintainer,
> 
> SH3D 2D interface is very slow and lagging, at least on my machine (an 8 cores
> Intel i7, not exaclty a low-end one). Adding '-Dsun.java2d.opengl=true' to
> startup options (in /usr/share/sweethome3d/sweethome3d.sh) made it usable.
> 
> I know that OpenGL acceleration is always problematic, and I don't know hot 
> its
> support is in OpenJDK (I'm using the Oracle JDK), but OpenGL is already used
> for the 3d view, after all, and in a CAD is a must (drawing a wall with the
> mouse pointer jumping back and forth is a real pain...).

Hello,

thanks for the report. I haven't noticed any performance issues with
Sweethome3d and OpenJDK in the past and I use a rather poor video card
for nowadays standards (Radeon HD 6450 using the Gallium OpenGL
renderer). I haven't tested the Oracle JDK though. We can test your
proposed setting when Stretch is released. I will add it to JAVA_ARGS in
/usr/bin/sweethome3d which seems to be the appropriate place for this
package.

Regards,

Markus





signature.asc
Description: OpenPGP digital signature

Bug#854072: unblock: vagrant-mutate/1.2.0-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vagrant-mutate

This update fixes a RC bug, adds a DEP-8 smoke test, and adds a missing
dependency on vagrant. the debdiff against the version currently in
testing is attached.

unblock vagrant-mutate/1.2.0-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru vagrant-mutate-1.2.0/debian/changelog vagrant-mutate-1.2.0/debian/changelog
--- vagrant-mutate-1.2.0/debian/changelog	2016-09-24 15:27:25.0 -0300
+++ vagrant-mutate-1.2.0/debian/changelog	2017-02-02 11:47:08.0 -0200
@@ -1,3 +1,12 @@
+vagrant-mutate (1.2.0-3) unstable; urgency=medium
+
+  * Team upload.
+  * debian/rules: install using the Rubygems layout (Closes: #853962)
+  * Add dependency on vagrant
+  * Add DEP-8 smoke test
+
+ -- Antonio Terceiro   Thu, 02 Feb 2017 11:47:08 -0200
+
 vagrant-mutate (1.2.0-2) unstable; urgency=medium
 
   * requires qemu-img from qemu-utils to work
diff -Nru vagrant-mutate-1.2.0/debian/control vagrant-mutate-1.2.0/debian/control
--- vagrant-mutate-1.2.0/debian/control	2016-09-24 15:22:21.0 -0300
+++ vagrant-mutate-1.2.0/debian/control	2017-02-02 11:47:08.0 -0200
@@ -19,6 +19,7 @@
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: ruby | ruby-interpreter,
  qemu-utils,
+ vagrant,
  ${misc:Depends},
  ${shlibs:Depends}
 Description: convert vagrant boxes to work with different providers
diff -Nru vagrant-mutate-1.2.0/debian/rules vagrant-mutate-1.2.0/debian/rules
--- vagrant-mutate-1.2.0/debian/rules	2016-09-05 15:31:29.0 -0300
+++ vagrant-mutate-1.2.0/debian/rules	2017-02-02 11:47:08.0 -0200
@@ -3,6 +3,7 @@
 include /usr/share/dpkg/default.mk
 
 export GEM2DEB_TEST_RUNNER = --check-dependencies
+export DH_RUBY = --gem-install
 
 %:
 	dh $@ --buildsystem=ruby --with ruby
diff -Nru vagrant-mutate-1.2.0/debian/tests/control vagrant-mutate-1.2.0/debian/tests/control
--- vagrant-mutate-1.2.0/debian/tests/control	1969-12-31 21:00:00.0 -0300
+++ vagrant-mutate-1.2.0/debian/tests/control	2017-02-02 11:47:08.0 -0200
@@ -0,0 +1,2 @@
+Tests: virtualbox2libvirt
+Depends: @, distro-info
diff -Nru vagrant-mutate-1.2.0/debian/tests/virtualbox2libvirt vagrant-mutate-1.2.0/debian/tests/virtualbox2libvirt
--- vagrant-mutate-1.2.0/debian/tests/virtualbox2libvirt	1969-12-31 21:00:00.0 -0300
+++ vagrant-mutate-1.2.0/debian/tests/virtualbox2libvirt	2017-02-02 11:47:08.0 -0200
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+exec 2>&1
+set -exu
+
+release=$(debian-distro-info --stable)
+box=debian/${release}64
+
+if [ -z "${ADTTMP:-}" ]; then
+  ADTTMP=$(mktemp -d)
+  trap "rm -rf $ADTTMP" INT TERM EXIT
+fi
+
+vagrant plugin list
+vagrant global-status
+
+vagrant box add --force --provider virtualbox $box
+vagrant mutate $box libvirt


signature.asc
Description: PGP signature

Bug#826551: [Pkg-puppet-devel] RFP: puppetdb-termini -- Enable a Puppet master to connect to PuppetDB

[micah]

Apollon Oikonomopoulos  writes:

>> On the master, I see nothing in the puppet logs, but I do see in the
>> apache logs:
>> 
>> newpuppetmaster:8140 0.0.0.0 - - [03/Feb/2017:08:41:30 -0800] "GET 
>> /production/certificate/puppetdb? HTTP/1.1" 404 5361 "-" "Ruby"
>> 
>> but nothing else. The puppetmaster has no certs pending to be signed and
>> only has one cert signed (the puppetmaster itself). There is nothing in
>> /var/lib/puppet/ssl on the master besides the puppetmaster cert bits.
>> 
>> I'm wondering if this works for others, or if maybe this part of the
>> puppet3 compatibility was missed?
>
> From the looks of it, you're using a Webrick puppetmaster. You should 
> switch to puppet-master-passenger instead :)

Hmmm, I've got that installed:

ii  puppet-master-passenger  4.8.2-1 all
  configuration management system, scalable master service

and apache is configured to use it:

lrwxrwxrwx 1 root root 37 Feb  3 09:45 puppet-master.conf -> 
../sites-available/puppet-master.conf
root@newpuppetmaster:/etc/apache2/sites-enabled# 

and it is running:

root 10853  0.0  0.0 105732  7860 ?Ss   09:46   0:00 
/usr/sbin/apache2 -k start
root 10854  0.0  0.1 474520  9792 ?Ssl  09:46   0:00 Passenger 
watchdog
root 10857  0.0  0.1 1174672 11580 ?   Sl   09:46   0:00 Passenger core
nobody   10862  0.0  0.1 483104 11400 ?Sl   09:46   0:00 Passenger 
ust-router
www-data 10880  0.4  0.0 523892  6680 ?Sl   09:46   0:00 
/usr/sbin/apache2 -k start
www-data 10881  0.6  0.0 589428  6672 ?Sl   09:46   0:00 
/usr/sbin/apache2 -k start
puppet   10945  7.1  0.6 157664 56976 ?Sl   09:46   0:01 Passenger 
AppPreloader: /usr/share/puppet/rack/puppet-master
puppet   10967  0.2  0.6 292752 53796 ?Sl   09:46   0:00 Passenger 
RubyApp: /usr/share/puppet/rack/puppet-master

am I missing something here?

micah

Bug#854022: Not able anymore to contact debian bts)

[Don Armstrong]

Control: reassign -1 reportbug
Control: tag -1 moreinfo
Control: severity -1 minor

On Fri, 03 Feb 2017, Axel Beckert wrote:
> Debian Bug Tracking System wrote:
> > On Fri, Feb 3, 2017 at 2:12 AM, Klaus Ethgen  wrote:
> > > Unable to connect to Debian BTS (error: "SSLError(1, '[SSL:
> > > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)')");
> > > continue [y|N|?]?
> > 
> > sounds like a problem with the BTS, please contact them; closing as
> > invalid

As near as I can tell, the certificates for the BTS are just fine:

% openssl s_client -showcerts -connect bugs.debian.org:443 https://www.donarmstrong.com

There is no mechanical problem so difficult that it cannot be solved
by brute strength and ignorance.
 -- William's Law

Bug#836862: libreswan: /etc/ipsec.conf is already shipped by strongswan-starter

[Daniel Kahn Gillmor]

Control: clone 836862 -1
Control: reassign -1 src:strongswan
Control: retitle -1 strongswan-starter should Provide: ike-server, not 
strongswan-charon

On Tue 2016-09-06 11:46:29 -0400, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package fails to upgrade from
> 'sid' to 'experimental'.
> It installed fine in 'sid', then the upgrade to 'experimental' fails
> because it tries to overwrite other packages files.
>
> See policy 7.6 at
> https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces
>
>>From the attached log (scroll to the bottom...):
>
>   Selecting previously unselected package libreswan.
>   Preparing to unpack .../43-libreswan_3.18-1_amd64.deb ...
>   Unpacking libreswan (3.18-1) ...
>   dpkg: error processing archive 
> /tmp/apt-dpkg-install-za7Gyz/43-libreswan_3.18-1_amd64.deb (--unpack):
>trying to overwrite '/etc/ipsec.conf', which is also in package 
> strongswan-starter 5.5.0-1
>   dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
>
>
> Using Breaks+Replaces would most likely be the wrong solution here.
> If the conffile can be shared by both packages (hopefully it does),
> it should be factored out into a separate package instead and both
> users should add a dependency on this new package.

I'd have expected strongswan-starter to declare itself an "ike-server"
package, so that the existing breaks/replaces/provides trio would here.

ike-server is a virtual package like mail-transport-agent which is
provided by the packages:

 ike
 racoon
 isakmpd
 strongswan-charon
 libreswan

only one of these can be functional on a system at any time anyway.

I'm suprised to see that strongswan-charon is the package providing
ike-server, if stronswan-starter is the package that contains the system
integration.

Here's the current contents of strongswan-charon:

usr/share/strongswan/templates/config/strongswan.d/charon.conf
usr/share/strongswan/templates/config/strongswan.d/charon-logging.conf
usr/share/doc/strongswan-charon/copyright
usr/share/doc/strongswan-charon/changelog.gz
usr/share/doc/strongswan-charon/changelog.Debian.gz
usr/share/doc/strongswan-charon/NEWS.Debian.gz
usr/lib/ipsec/charon
etc/strongswan.d/charon.conf
etc/strongswan.d/charon-logging.conf
etc/apparmor.d/usr.lib.ipsec.charon

None of these are system integration bits, and i don't think this
package should be labeled as the thing that Provides: ike-server.  (i
note that strongswan-charon Depends: strongswan-starter, but i'm not
sure i understand why those deps are in that order instead of the other
way around.

Anyway, i'll make libreswan explicitly conflict with strongswan-starter
to resolve 836862, but hopefully this cloned bug can be resolved on the
strongswan side.

Regards,

-dkg


signature.asc
Description: PGP signature

Bug#854046: dh-make-perl: Incorrect dependencies created from List::Util

[Niko Tyni]

On Fri, Feb 03, 2017 at 12:47:10PM +, Carnë Draug wrote:
> Package: dh-make-perl
> Version: 0.93
> Severity: normal
> 
> dh-make-perl creates this weird dependency line if there is
> a dependency on List::Util:
> 
>  libperl5.24:amd64 (>= 1.45) | libscalar-list-utils-perl (>= 1.45) | 
> perl-base (>= 1.45)

Thanks.

This should read either something like

 libscalar-list-utils-perl (>= 1.45) | perl-base (>= 5.25.1)

or alternatively just

 libscalar-list-utils-perl (>= 1.45)

In particular, libperl5.xx is always wrong and should be transformed to
'perl' or 'perl-base' instead, with some version mangling as well.

Looks like Debian::Control::FromCPAN::find_debs_for_modules() needs to
be smarter about newer versions of core modules. Currently it just sees
that it's not in core for the current Perl, and goes ahead to look for
it in the package file lists, without giving any special handling to
the src:perl packages.

Sorry, no patch :)
-- 
Niko

Bug#853947: [Swan-dev] Bug#853947: libreswan FTBFS on mips and mipsel: error: "_ABI64" is not defined [-Werror=undef]

[Daniel Kahn Gillmor]

On Thu 2017-02-02 20:26:26 -0500, Paul Wouters wrote:
> Can you try the attached patch?
>
> Totally untested, because I don't have that build environment, and based
> on some random googling :)
>
> Paul
> diff --git a/lib/libswan/nss_copies.c b/lib/libswan/nss_copies.c
> index b90bbf0..16976db 100644
> --- a/lib/libswan/nss_copies.c
> +++ b/lib/libswan/nss_copies.c
> @@ -3,6 +3,10 @@
>   * file, You can obtain one at http://mozilla.org/MPL/2.0/.
>   */
>  
> +#ifdef _MIPS_SIM
> +# include 
> +#endif
> +
>  #include 
>  #include 
>  #include "nss_copies.h"

I've tried this as
bugfix-853947/0010-Try-to-include-the-correct-headers-on-MIPS.patch in
3.19-2, and it does not seem to resolve the build problems on mips and
mipsel:

https://buildd.debian.org/status/fetch.php?pkg=libreswan=mips=3.19-2=1486145635=0

ends with:

cc -g -O2 -fdebug-prefix-map=/«PKGBUILDDIR»=. -fstack-protector-strong -Wformat 
-Werror=format-security -I/«PKGBUILDDIR»/lib/libcrypto/libsha2 
-I/«PKGBUILDDIR»/lib/libcrypto/libaes_xcbc -I/«PKGBUILDDIR»/ports/linux/include 
-I/«PKGBUILDDIR»/ports/linux/include -I/«PKGBUILDDIR»/ports/linux/include -I. 
-I/«PKGBUILDDIR»/linux/net/ipsec -I/«PKGBUILDDIR»/linux/include 
-I/«PKGBUILDDIR» -DPFKEYV2  -I/usr/include/nss -I/usr/include/nspr 
-I/«PKGBUILDDIR»/include -I/«PKGBUILDDIR»/ports/linux/include 
-I/«PKGBUILDDIR»/ports/linux/include -I/«PKGBUILDDIR»/ports/linux/include 
-std=gnu99  -g -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector-all -fno-strict-aliasing -fPIE -DPIE -DFORCE_PR_ASSERT 
-DDNSSEC -DLIBCURL -DLDAP_VER=3 -DHAVE_NM -DUSE_MD5 -DUSE_SHA2 -DUSE_SHA1 
-DUSE_AES -DUSE_3DES -DUSE_CAMELLIA -DUSE_SERPENT -DUSE_TWOFISH -DUSE_CAST 
-DUSE_RIPEMD -DFIPSPRODUCTCHECK=\"/etc/system-fips\" 
-DIPSEC_CONF=\"/etc/ipsec.conf\" -DIPSEC_CONFDDIR=\"/etc/ipsec.d\" 
-DIPSEC_NSSDIR=\"/var/lib/ipsec/nss\" -DIPSEC_CONFDIR=\"/etc\" 
-DIPSEC_EXECDIR=\"/usr/lib/ipsec\" -DIPSEC_SBINDIR=\"/usr/sbin\" 
-DIPSEC_VARDIR=\"/var\" -DPOLICYGROUPSDIR=\"/etc/ipsec.d/policies\" 
-DIPSEC_SECRETS_FILE=\"/etc/ipsec.secrets\" -DRETRANSMIT_INTERVAL_DEFAULT="500" 
-DUSE_FORK=1 -DUSE_VFORK=0 -DUSE_DAEMON=0 -DUSE_PTHREAD_SETSCHEDPRIO=1 
-DGCC_LINT -DALLOW_MICROSOFT_BAD_PROPOSAL -Werror -Wall -Wextra -Wformat 
-Wformat-nonliteral -Wformat-security -Wundef -Wmissing-declarations 
-Wredundant-decls -Wnested-externs  -I/«PKGBUILDDIR»/lib/libcrypto/libsha2 
-I/«PKGBUILDDIR»/lib/libcrypto/libaes_xcbc -I/«PKGBUILDDIR»/ports/linux/include 
-I/«PKGBUILDDIR»/ports/linux/include -I/«PKGBUILDDIR»/ports/linux/include 
-I/«PKGBUILDDIR»/ports/linux/include -I. -I/«PKGBUILDDIR»/linux/net/ipsec 
-I/«PKGBUILDDIR»/linux/include -I/«PKGBUILDDIR» -DPFKEYV2  -I/usr/include/nss 
-I/usr/include/nspr -I/«PKGBUILDDIR»/include 
-I/«PKGBUILDDIR»/ports/linux/include -I/«PKGBUILDDIR»/ports/linux/include 
-I/«PKGBUILDDIR»/ports/linux/include -I/«PKGBUILDDIR»/ports/linux/include 
-std=gnu99  -g -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector-all -fno-strict-aliasing -fPIE -DPIE -DFORCE_PR_ASSERT 
-DDNSSEC -DLIBCURL -DLDAP_VER=3 -DHAVE_NM -DUSE_MD5 -DUSE_SHA2 -DUSE_SHA1 
-DUSE_AES -DUSE_3DES -DUSE_CAMELLIA -DUSE_SERPENT -DUSE_TWOFISH -DUSE_CAST 
-DUSE_RIPEMD -DFIPSPRODUCTCHECK=\"/etc/system-fips\" 
-DIPSEC_CONF=\"/etc/ipsec.conf\" -DIPSEC_CONFDDIR=\"/etc/ipsec.d\" 
-DIPSEC_NSSDIR=\"/var/lib/ipsec/nss\" -DIPSEC_CONFDIR=\"/etc\" 
-DIPSEC_EXECDIR=\"/usr/lib/ipsec\" -DIPSEC_SBINDIR=\"/usr/sbin\" 
-DIPSEC_VARDIR=\"/var\" -DPOLICYGROUPSDIR=\"/etc/ipsec.d/policies\" 
-DIPSEC_SECRETS_FILE=\"/etc/ipsec.secrets\" -DRETRANSMIT_INTERVAL_DEFAULT="500" 
-DUSE_FORK=1 -DUSE_VFORK=0 -DUSE_DAEMON=0 -DUSE_PTHREAD_SETSCHEDPRIO=1 
-DGCC_LINT -DALLOW_MICROSOFT_BAD_PROPOSAL -Werror -Wall -Wextra -Wformat 
-Wformat-nonliteral -Wformat-security -Wundef -Wmissing-declarations 
-Wredundant-decls -Wnested-externs  -I/«PKGBUILDDIR»/ports/linux/include 
-I/«PKGBUILDDIR»/ports/linux/include -I/«PKGBUILDDIR»/ports/linux/include 
-I/«PKGBUILDDIR»/ports/linux/include  \
-MMD -MF ./base64_rsa_pubkey.d \
-o ./base64_rsa_pubkey.o \
-c /«PKGBUILDDIR»/lib/libswan/base64_rsa_pubkey.c
In file included from /usr/include/nspr/prtypes.h:26:0,
 from /usr/include/nss/seccomon.h:17,
 from /usr/include/nss/nss.h:34,
 from /«PKGBUILDDIR»/lib/libswan/base64_rsa_pubkey.c:21:
/usr/include/nspr/prcpucfg.h:511:18: error: "_ABI64" is not defined 
[-Werror=undef]
 #if _MIPS_SIM == _ABI64
  ^~
cc1: all warnings being treated as errors
../../../mk/depend.mk:28: recipe for target 'base64_rsa_pubkey.o' failed


and it's the same thing on mipsel:

https://buildd.debian.org/status/fetch.php?pkg=libreswan=mipsel=3.19-2=1486145643=0

--dkg


signature.asc
Description: PGP signature

Bug#854079: firefox-esr: firefox dies immediately on arm64

[Aaro Koskinen]

Package: firefox-esr
Version: 45.7.0esr-1
Severity: important

Dear Maintainer,

Firefox crashes right after startup:

$ time firefox
Xlib:  extension "RANDR" missing on display ":0".
Segmentation fault

real0m12.336s
user0m10.940s
sys 0m0.703s

$ time firefox-esr -safe-mode
Xlib:  extension "RANDR" missing on display ":0".
Segmentation fault

real0m21.269s
user0m11.961s
sys 0m0.678s

$ MOZILLA_DISABLE_PLUGINS=1 firefox-esr
Xlib:  extension "RANDR" missing on display ":0".
Segmentation fault

$ gdb --args firefox-esr
GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "aarch64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from firefox-esr...Reading symbols from 
/usr/lib/debug//usr/lib/firefox-esr/firefox-esr...done.
done.
(gdb) set pagination off
(gdb) run
Starting program: /usr/bin/firefox-esr 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".

Xlib:  extension "RANDR" missing on display ":0".
[New Thread 0x7fb1aff1e0 (LWP 20176)]
[New Thread 0x7fafbff1e0 (LWP 20181)]
[New Thread 0x7fb21531e0 (LWP 20182)]
[New Thread 0x7faf3ff1e0 (LWP 20183)]
[New Thread 0x7faebff1e0 (LWP 20184)]
[New Thread 0x7fae9ff1e0 (LWP 20185)]
[New Thread 0x7fae7ff1e0 (LWP 20186)]
[New Thread 0x7fae5ff1e0 (LWP 20187)]
[New Thread 0x7fae3ff1e0 (LWP 20188)]
[New Thread 0x7fae1ff1e0 (LWP 20189)]
[New Thread 0x7fadfff1e0 (LWP 20190)]
[New Thread 0x7faddff1e0 (LWP 20191)]
[New Thread 0x7facbff1e0 (LWP 20192)]
[New Thread 0x7fabfff1e0 (LWP 20193)]
[New Thread 0x7fab7ff1e0 (LWP 20194)]

Thread 1 "firefox-esr" received signal SIGSEGV, Segmentation fault.
0x007fb7d10b08 in memcpy () from /lib/aarch64-linux-gnu/libc.so.6
(gdb) 
(gdb) bt full
#0  0x007fb7d10b08 in memcpy () from /lib/aarch64-linux-gnu/libc.so.6
No symbol table info available.
#1  0x0056b740 in memcpy (__len=304, __src=0x7fb1bf0570, 
__dest=) at /usr/include/aarch64-linux-gnu/bits/string3.h:53
No locals.
#2  huge_ralloc (oldsize=, size=, ptr=) at 
/build/firefox-esr-uN3dxy/firefox-esr-45.7.0esr/memory/mozjemalloc/jemalloc.c:5250
copysize = 304
#3  iralloc (size=312, ptr=0x7fb1bf0570) at 
/build/firefox-esr-uN3dxy/firefox-esr-45.7.0esr/memory/mozjemalloc/jemalloc.c:4944
oldsize = 304
#4  realloc (ptr=0x7fb1bf0570, size=312) at 
/build/firefox-esr-uN3dxy/firefox-esr-45.7.0esr/memory/mozjemalloc/jemalloc.c:6420
ret = 
#5  0x007fb32d7410 in g_realloc () from 
/lib/aarch64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#6  0x007fb33beb74 in ?? () from /lib/aarch64-linux-gnu/libgobject-2.0.so.0
No symbol table info available.
#7  0x007fb2a31848 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

-- Package-specific info:

-- Extensions information
Name: Default theme
Location: 
/usr/lib/firefox-esr/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Package: firefox-esr
Status: enabled

Name: Firefox Hello Beta
Location: ${PROFILE_EXTENSIONS}/l...@mozilla.org.xpi
Status: enabled

-- Plugins information

-- Addons package information
ii  firefox-esr45.7.0esr-1  arm64Mozilla Firefox web browser - Ext

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: arm64 (aarch64)

Kernel: Linux 4.9.0-rpi3-los_47cf70 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox-esr depends on:
ii  debianutils   4.8.1
ii  fontconfig2.11.0-6.7
ii  libasound21.1.2-1
ii  libatk1.0-0   2.22.0-1
ii  libc6 2.24-9
ii  libcairo2 1.14.8-1
ii  libdbus-1-3   1.10.14-1
ii  libdbus-glib-1-2  0.108-2
ii  libevent-2.0-52.0.21-stable-2.1
ii  libffi6   3.2.1-6
ii  libfontconfig12.11.0-6.7
ii  libfreetype6  2.6.3-3+b1
ii  libgcc1   1:6.3.0-5
ii  libgdk-pixbuf2.0-02.36.4-1
ii  libglib2.0-0  2.50.2-2
ii  libgtk2.0-0   2.24.31-1
ii  libhunspell-1.4-0 1.4.1-2+b1
ii  libnspr4  2:4.12-6
ii  libnss3   

Bug#854080: [kdevelop] crash at import of very small project

[Georg Gast]

Package: kdevelop
Version: 4:5.0.1-2
Severity: normal

--- Please enter the report below this line. ---
kdevelop crashes after it imported or started a fresh project.

When i start it in a console, i get this output

georg@hammerhead:/tmp$ kdevelop
kdevelop.documentation.qthelp: qmake query returned error: ""
Invalid return type in method "core"
Invalid return type in method "extensions"
/bin/cat:
/home/georg/.local/share/kdevelop/sessions/{8601bb00--411e-8aba-81d44578c17e}/default.sh:
Datei oder Verzeichnis nicht gefunden
Invalid return type in method "core"
Invalid return type in method "extensions"
No node found for item that was just removed:
QUrl("file:///home/georg/p1.tar.gz")
"Allgemeine Projektverwaltung" ()
"CMake-Projektverwaltung" ("CMakeLists.txt")
"Eigenes Build-System" ()
"Projektverwaltung mit eigenem Makefile" ("GNUmakefile", "Makefile",
"makefile", "GNUmakefile.*", "Makefile.*", "makefile.*")
"QMake-Projektverwaltung" ("*.pro")
"Allgemeine Projektverwaltung" ()
"CMake-Projektverwaltung" ("CMakeLists.txt")
"Eigenes Build-System" ()
"Projektverwaltung mit eigenem Makefile" ("GNUmakefile", "Makefile",
"makefile", "GNUmakefile.*", "Makefile.*", "makefile.*")
"QMake-Projektverwaltung" ("*.pro")
"Allgemeine Projektverwaltung" ()
"CMake-Projektverwaltung" ("CMakeLists.txt")
"Eigenes Build-System" ()
"Projektverwaltung mit eigenem Makefile" ("GNUmakefile", "Makefile",
"makefile", "GNUmakefile.*", "Makefile.*", "makefile.*")
"QMake-Projektverwaltung" ("*.pro")
"Allgemeine Projektverwaltung" ()
"CMake-Projektverwaltung" ("CMakeLists.txt")
"Eigenes Build-System" ()
"Projektverwaltung mit eigenem Makefile" ("GNUmakefile", "Makefile",
"makefile", "GNUmakefile.*", "Makefile.*", "makefile.*")
"QMake-Projektverwaltung" ("*.pro")
"Allgemeine Projektverwaltung" ()
"CMake-Projektverwaltung" ("CMakeLists.txt")
"Eigenes Build-System" ()
"Projektverwaltung mit eigenem Makefile" ("GNUmakefile", "Makefile",
"makefile", "GNUmakefile.*", "Makefile.*", "makefile.*")
"QMake-Projektverwaltung" ("*.pro")
"Allgemeine Projektverwaltung" ()
"CMake-Projektverwaltung" ("CMakeLists.txt")
"Eigenes Build-System" ()
"Projektverwaltung mit eigenem Makefile" ("GNUmakefile", "Makefile",
"makefile", "GNUmakefile.*", "Makefile.*", "makefile.*")
"QMake-Projektverwaltung" ("*.pro")
Ninja plugin installed but ninja is not installed.


kdevplatform.shell: Could not load plugin "KDevNinjaBuilder" , it
reported the error: "" Disabling the plugin now.

KCrash: crashing... crashRecursionCounter = 2


KCrash: Application Name = kdevelop path = /usr/bin pid = 24921


KCrash: Arguments: /usr/bin/kdevelop


KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi
from kdeinit

sock_file=/run/user/1000/kdeinit5__0





[1]+  Angehalten  kdevelop



--- System information. ---
Architecture: Kernel:   Linux 4.9.0-1-amd64

Debian Release: 9.0
  500 testing ftp.de.debian.org   500 stable  dl.google.com
--- Package information. ---
Depends (Version) | Installed
=-+-
kdevelop-data  (>= 4:5.0.1-2) | 4:5.0.1-2
kdevplatform10-libs(>= 5.0.1) | 5.0.3-1
libc6   (>= 2.14) | libclang1-3.8
(>= 3.8) | libgcc1
(>= 1:3.0) | libkasten3controllers3 (>= 4:14.12.0) |
libkasten3core3(>= 4:14.12.0) |
libkasten3okteta1controllers1  (>= 4:14.12.0) |
libkasten3okteta1core1 (>= 4:14.12.0) |
libkasten3okteta1gui1  (>= 4:14.12.0) | libkf5completion5
 (>= 4.97.0) | libkf5configcore5 (>=
4.98.0) | libkf5configgui5  (>= 4.97.0) |
libkf5configwidgets5  (>= 4.96.0) | libkf5coreaddons5
 (>= 5.16.0) | libkf5crash5  (>=
5.15.0) | libkf5declarative5(>= 4.96.0) |
libkf5i18n5   (>= 4.97.0) | libkf5iconthemes5
 (>= 4.96.0) | libkf5itemviews5  (>=
4.96.0) | libkf5jobwidgets5 (>= 4.96.0) |
libkf5kiocore5(>= 4.96.0) | libkf5kiowidgets5
 (>= 4.96.0) | libkf5newstuff5   (>=
4.95.0) | libkf5parts5  (>= 4.96.0) |
libkf5texteditor5 | libkf5threadweaver5
 (>= 4.98.0) | libkf5widgetsaddons5  (>=
4.96.0) | libkf5xmlgui5 (>= 4.96.0) |
libprocesscore7  (>= 4:5.3.0) | libprocessui7
 (>= 5.2.50+git) | libqt5core5a  (>=
5.6.0~beta) | libqt5dbus5(>= 5.4.0) |
libqt5gui5 (>= 5.4.0) | libqt5help5
 (>= 5.6.0~beta) | libqt5network5
(>= 5.4.0) | libqt5quickwidgets5(>= 5.3.0) |
libqt5webkit5  

Bug#854093: [ARM64] kexec fails to load compressed kernel.

[Manoj Iyer]

Package: kexec-tools
Version: 2.0.14-1
Tags: arm64
Severity: important
Usertags: arm64

kexec-tools has a build dependency on libz-dev on ARM64 architecture. 
It can use interfaces from libz-dev to uncompress a compressed kernel. 
If this built without libz-dev kexec will not be able to uncompress a 
compressed kernel.

Bug#854094: libreswan FTBFS on x32 due to missing

[Daniel Kahn Gillmor]

Package: libreswan
Version: 3.19-2
X-Debbugs-Cc: x...@buildd.debian.org, swan-...@lists.libreswan.org

Hi Debian x32 builders--

I note that libreswan is failing to build from source on the x32
platform due to a missing sys/time.h:

https://buildd.debian.org/status/fetch.php?pkg=libreswan=x32=3.19-2=1486146097=0

…
/<>/linux/include/libreswan.h:44:22: fatal error: sys/time.h: No 
such file or directory
 #include 
  ^

the code in linux/include/libreswan.h is just:

 42 #if !defined(__KERNEL__)
 43 
 44 #include 
 45 #include 
 46 

It builds on other debian platforms without a problem.  Is something
significantly different on x32 that we should know about?

  --dkg


signature.asc
Description: PGP signature

Bug#852285: Wrong subject, the missing lib should be in multipath-udeb

[Cyril Brulebois]

Control: reassign -1 disk-detect
Control: retitle -1 disk-detect: tries to load obsolete dm-emc module

Hi,

Allan Jacobsen  (2017-01-24):
> I looked into this a little more, and the missing lib should be in
> multipath-udeb, I have made a bugreport for this.

So that was reported as:
  #852431 -- installer broken: multipath-udeb depends on missing 
libmpathcmd.so.0

and fixed, that's why I'm stealing the bug report for the dm-emc part.

> The problem with dm-emc is easily fixed, patch is attached.

Yeah, that seems to be matching an old bug report in other components:
  https://bugs.debian.org/567014

I think I'll go for removing dm-emc right away; we can add other things
if needed.


KiBi.


signature.asc
Description: Digital signature

Bug#854089: zpaq: missing external preprocessor for min.cfg

[Ben Longbons]

Package: zpaq
Version: 1.10-3
Severity: normal

Dear Maintainer,

The executable `lzppre` is not shipped, so using the included min.cfg
does not work. It is included in the source package, but not built or
installed.

mid.cfg (default) and max.cfg work just fine.

$ zpaq c/usr/share/doc/zpaq/examples/min.cfg output.min.zpaq input
4.264 MB memory required.
lzppre 18 20 127 2 96 input ./output.min.zpaq.zpaq.pre ... sh: 1: lzppre: not 
found
./output.min.zpaq.zpaq.pre: No such file or directory
Archive output.min.zpaq not updated
Process time 0.01 sec. Wall time 0 sec.

-Ben


-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unreleased'), (500, 'unstable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32, arm64

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages zpaq depends on:
ii  libc6   2.24-9
ii  libgcc1 1:7-20161201-1
ii  libstdc++6  7-20161201-1

zpaq recommends no packages.

zpaq suggests no packages.

-- no debconf information

Bug#853855: (no subject)

[Emmanuel Kasper]

Le 03/02/2017 à 23:55, Cyril Brulebois a écrit :
> Ian Campbell  (2017-02-03):
>> On Fri, 2017-02-03 at 15:51 +0100, Emmanuel Kasper wrote:
>>> Actually on further research, net.ifnames and most dot-containing
>>> parameters are not here for the kernel, but to configure on boot
>>> various systemd components,
>>
>> d-i doesn't use systemd, does it?
> 
> It certainly doesn't right now.

From
https://packages.debian.org/sid/udev-udeb

d-i has udev built from systemd source.

The parameters from
https://www.freedesktop.org/software/systemd/man/systemd-udevd.service.html#
can be be passed to the udev service of the installer (notice the
abundance of dots in those parameter :)



signature.asc
Description: OpenPGP digital signature

Bug#854091: speech-dispatcher-pico cannot be installed in unstable

[Adrian Bunk]

Package: speech-dispatcher-pico
Version: 0.8.6-1
Severity: serious


# apt-get install speech-dispatcher-pico
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 speech-dispatcher-pico : Depends: speech-dispatcher (= 0.8.6-1) but it is not 
going to be installed
E: Unable to correct problems, you have held broken packages.
#


This dependency seems far to strict, it would even break on a binNMU
of either package.

Bug#834303: calibre: Unhandled exception when editing books

[Douglas Perkins]

As mentioned, sometime in the last few months, this bug was fixed (at 
least for me).  Please mark it closed.  Thanks, all!

Bug#853905: [pkg-gnupg-maint] Bug#853905: Ships incorrect /usr/lib/systemd/user/sockets.target.wants files, makes disabling impossible

[Daniel Kahn Gillmor]

On Fri 2017-02-03 09:02:47 -0500, Yuri D'Elia wrote:
> On Fri, Feb 03 2017, Michael Biebl wrote:
>>> When gpg is used via command line, the agent is started automatically
>>> and then it's left sitting there. But for a system without seats, the
>>> agent doesn't make sense. It shouldn't be running.
>>
>> That doesn't make sense. Even if you stop the sockets, once you use gpg,
>> gpg-agent will be auto-started as well, just using a different mechanism.
>
> It this also true also when --no-autostart is in use?

In this case, gpg-agent will not be automatically started, but if it
needs any information from the secret keyring (which is the only reason
it ever tries to auto-launch gpg-agent in the first place), it will
fail.

What are you doing with gpg?  if whatever you're doing needs the secret
keyring, the agent will be launched.  if it doesn't need the secret
keyring, the agent will not be launched.

With gpg-agent as a systemd user service, when the user completely logs
out of the system, any services launched (socket-activated or otherwise)
will be stopped automatically.

OTOH, if gpg-agent is auto-launched by gpg (not managed as a systemd
user service), there is no robust standard way to ensure that the agent
gets terminated at logout.

Yuri, it sounds like you've got a particular scenario that you don't
like, and you're trying lots of things to change it, but i don't
understand what the scenario is.

Can you try to distill the problem you're seeing into a repeatable
pattern?  I have a minimal server running debian testing.  when i log
into it with ssh, and use gpg with secret key material, the gpg-agent is
spawned by systemd's socket activation, and remains supervised by
systemd.

When i log out, the gpg-agent process gets terminated cleanly by
systemd.

What's the problem?

   --dkg


signature.asc
Description: PGP signature

Bug#854099: cinnamon: Date and Time Settings --> Network Time fails (silently) without installing ntp

[Thomas Nyberg]

Package: cinnamon
Version: 2.2.16-5
Severity: normal

Dear Maintainer,

   * What led up to the situation?

My clock was displaying the wrong time.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

First I set the Date and Time Settings to use Network Time, but it doesn't
work. It appears to work, but the next time you check the settings it shows up
as OFF again. Apparently it doesn't work unless the ntp package is installed. I
installed that and it worked.

I read online that some people thought adding ntp as a dependency was a bit
heavy for this, but as it stands the error causes this to fail silently (which
is very confusing). I think at minimum a box should appear when you try to
click Network Time ON, but I'm personally not sure how I could implement that.
I could certainly attach a patch adding ntp as a dependency, but I wasn't sure
if maybe the maintainers were purposefully leaving that off.

Thanks for your work for debian.

Cheers,
Thomas

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cinnamon depends on:
ii  caribou  0.4.15-1
ii  cinnamon-common  2.2.16-5
ii  cinnamon-control-center  2.2.11-4
ii  cinnamon-desktop-data2.2.3-3
ii  cinnamon-screensaver 2.2.4-6
ii  cinnamon-session 2.2.2-5
ii  cinnamon-settings-daemon 2.2.4.repack-7+deb8u1
ii  cjs  2.2.2-2
ii  cups-pk-helper   0.2.5-2+b1
ii  dconf-gsettings-backend [gsettings-backend]  0.22.0-1
ii  gir1.2-accountsservice-1.0   0.6.37-3+b1
ii  gir1.2-caribou-1.0   0.4.15-1
ii  gir1.2-clutter-1.0   1.20.0-1
ii  gir1.2-cmenu-3.0 2.2.0-3
ii  gir1.2-cogl-1.0  1.18.2-3
ii  gir1.2-gconf-2.0 3.2.6-3
ii  gir1.2-gdkpixbuf-2.0 2.31.1-2+deb8u5
ii  gir1.2-gkbd-3.0  3.6.0-1
ii  gir1.2-glib-2.0  1.42.0-2.2
ii  gir1.2-gnomebluetooth-1.03.14.0-2
ii  gir1.2-gnomedesktop-3.0  3.14.1-1
ii  gir1.2-gtk-3.0   3.14.5-1+deb8u1
ii  gir1.2-gtkclutter-1.01.6.0-1
ii  gir1.2-javascriptcoregtk-3.0 2.4.9-1~deb8u1
ii  gir1.2-meta-muffin-0.0   2.2.6-4
ii  gir1.2-networkmanager-1.00.9.10.0-7
ii  gir1.2-nmgtk-1.0 0.9.10.0-2
ii  gir1.2-pango-1.0 1.36.8-3
ii  gir1.2-polkit-1.00.105-15~deb8u2
ii  gir1.2-soup-2.4  2.48.0-1
ii  gir1.2-upowerglib-1.00.99.1-3.2
ii  gir1.2-webkit-3.02.4.9-1~deb8u1
ii  gkbd-capplet 3.6.0-1
ii  gnome-icon-theme-symbolic3.12.0-1
ii  gnome-session-bin3.14.0-2
ii  gnome-settings-daemon3.14.2-3
ii  gnome-themes-standard3.14.2.2-1
ii  gsettings-desktop-schemas3.14.1-1
ii  libatk1.0-0  2.14.0-1
ii  libc62.19-18+deb8u6
ii  libcairo21.14.0-2.1+deb8u1
ii  libcanberra0 0.30-2.1
ii  libcinnamon-menu-3-0 2.2.0-3
ii  libcjs0  2.2.2-2
ii  libclutter-1.0-0 1.20.0-1
ii  libcogl-pango20  1.18.2-3
ii  libcogl-path20   1.18.2-3
ii  libcogl201.18.2-3
ii  libcroco30.6.8-3+b1
ii  libdbus-glib-1-2 0.102-1
ii  libgdk-pixbuf2.0-0   2.31.1-2+deb8u5
ii  libgirepository-1.0-11.42.0-2.2
ii  libgl1-mesa-glx [libgl1] 10.3.2-1+deb8u1
ii  libglib2.0-0 2.42.1-1+b1
ii  libgstreamer1.0-01.4.4-2
ii  libgtk-3-0   3.14.5-1+deb8u1
ii  libjs-jquery 1.7.2+dfsg-3.2
ii  libmozjs185-1.0  1.8.5-1.0.0+dfsg-4.3
ii  libmuffin0   2.2.6-4
ii  libpango-1.0-0   

Bug#854098: Vnc4 is now a transitional package to tigervnc

[Ola Lundqvist]

Package: epoptes

Hi

Just a heads-up that vnc4 is not a transitional package to tigervnc.
You may want to:
1) Depend directly on tigervnc instead.
2) Test that your package actually work with tigervnc.

Best regards

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#853260: unblock: lcmaps-plugins-voms/1.6.2-2.1

[Emilio Pozuelo Monfort]

On 30/01/17 21:53, Sebastian Andrzej Siewior wrote:
> diff -Nru lcmaps-plugins-voms-1.6.2/debian/patches/series 
> lcmaps-plugins-voms-1.6.2/debian/patches/series
> --- lcmaps-plugins-voms-1.6.2/debian/patches/series   2013-11-12 
> 16:23:41.0 +0100
> +++ lcmaps-plugins-voms-1.6.2/debian/patches/series   2017-01-29 
> 21:47:44.0 +0100
> @@ -1,2 +1,3 @@
>  
>  
> +openssl11.patch

Some ugly whitespace, and not the nicest patch, but it's debug output as you 
say...

Unblocked.

Emilio

Bug#853089: unblock: cinnamon/3.2.7-2 cinnamon-desktop-data/3.2.4-4

[Emilio Pozuelo Monfort]

On 29/01/17 18:37, Margarita Manterola wrote:
> On 2017-01-29 18:34, Emilio Pozuelo Monfort wrote:
>>> I'm attaching the debdiff for both packages for their version currently in
>>> testing (and unstable).  I'd like to have confirmation that the packages 
>>> will be
>>> unblocked before uploading them.
>> Did you forgot to attach those?
> 
> *sigh* Indeed, I did. I have attached them now.

Go ahead.

Emilio

Bug#853855: (no subject)

[Cyril Brulebois]

Ian Campbell  (2017-02-03):
> On Fri, 2017-02-03 at 15:51 +0100, Emmanuel Kasper wrote:
> > Actually on further research, net.ifnames and most dot-containing
> > parameters are not here for the kernel, but to configure on boot
> > various systemd components,
> 
> d-i doesn't use systemd, does it?

It certainly doesn't right now.


KiBi.


signature.asc
Description: Digital signature

Bug#853809: unblock: e2fsprogs/1.43.4-2

[Cyril Brulebois]

Emilio Pozuelo Monfort  (2017-02-03):
> This seems fine to me, unblocked. Cc'ing debian-boot@/Cyril for the
> udeb unblock.

No objections in principle, but it'd be nice to have d-i tested against
the latest version. Will try to look into it over the next few days.


KiBi.


signature.asc
Description: Digital signature

Bug#851585: [Pkg-nagios-devel] Bug#851585: icinga2-ido-mysql: fails to upgrade from 'jessie': mysql said: ERROR 1067 (42000) at line 10: Invalid default value for 'status_update_time'

[Emilio Pozuelo Monfort]

Control: severity -1 important

On 31/01/17 17:41, Markus Frosch wrote:
> Hello Release team
> - top post for referencing-
> 
> I'd like to ask you about views of this bug.
> 
> We can do the following:
> 
> 1) Update icinga2 to 2.6.1 which includes some other useful changes (see 
> below)
> 2) stretch-ignore the bug, since MySQL 5.7 won't be included in stretch
>(Problem: backports might make a problem then)

If this only happens with mysql-5.7 but not with mariadb-10.1, then this is not
RC. Downgrading. Please bump again if it also happens with mariadb.

It would still be nice to fix this, obviously.

> I could also patch some of the crashing issues, but would rather prefer 2.6.1
> as a cleaner update to maintain in stretch.

Please file an unblock bug with a debdiff or a diff to the new upstream version.

Thanks,
Emilio

Bug#834303: calibre: Unhandled exception when editing books

[Nicholas D Steeves]

On Thu, 1 Sep 2016 19:36:26 +0200 Andreas Metzler  wrote:
>
> On 2016-08-14 Douglas Perkins  wrote:
>>
>> After an upgrade a few days ago, I can no longer edit books using Calibre.
>>
>> I open Calibre, open the editing window, and so far so good. Now I
>> double click on an xhtml file, and instead of the file opening for
>> editing, I get the following error.
> [...]
>> TypeError: connect() failed between contentsChange(int,int,int) and 
>> reformat_blocks()

> This was fixed upstream with
> https://github.com/kovidgoyal/calibre/commit/0e11f80cf6b17a4c526dd9b5ed6abb3d020bfadc

Thus it should have been fixed in upstream v2.65.0 and Debian's
2.71.0+dfsg-1.  Would someone please confirm, tag this bug as fixed
calibre/2.71.0+dfsg-1 and/or close this bug, if appropriate?  'seems
like can can be :-)

Cheers,
Nicholas

Bug#851261: compiles but doesn't work, not our fault

[Adam Borowski]

On Fri, Feb 03, 2017 at 11:03:49AM +, Radovan Birdic wrote:
> > Do any non-ancient machines run 32-bit kernels on MIPS these days?  As far
> > as I know, they don't, thus fixing this FTBFS is rather pointless without
> > fixing COMPAT ioctls on the kernel side first.
> 
> Yes, there are 32-bit MIPS machines.
> We tested duperemove on CI20 (mipsel with 32-bit kernel) and it works
> correctly.

Right, thanks for letting us know.  Then, it joins the club with 32/32 bit
powerpc and m68k, both of which also share the FTBFS with 32-bit mips*.

I happened to do some data mining on the "System Information" part of bug
reports recently, and thus can provide some stats.  Bug reports provide
data on contributors rather than users, but that's good too.  In 2016 (plus
a smaller half of Jan 2017) on relevant archs:
powerpc (ppc)33
powerpc (ppc64)   9
mipsel (mips64)   4
mipsel (mips) 1
mips (mips64) 2
mips (mips)   0
mips on amd64 2
m68k  0
Total:13178

so especially powerpc would want this fixed.


Meow!
-- 
Autotools hint: to do a zx-spectrum build on a pdp11 host, type:
  ./configure --host=zx-spectrum --build=pdp11

Bug#854082: grub-installer: grub-xen fails to install on i386 or amd64 PV guest

[Cyril Brulebois]

Hi Sergio,

Sergio Gelato  (2017-02-03):
> Package: grub-installer
> Version: 1.136
> Severity: serious
> 
> The grub installation step reproducibly fails using the latest stretch d-i
> on both i386 and amd64 Xen PV guests. The logs indicate that grub-install is
> looking for /usr/lib/grub/i386-pc instead of /usr/lib/grub/i386-xen, and
> similarly on amd64.
> 
> I think the problem was introduced by
> commit 66f75b7069aeba05eab776b5ac18dffa6874b5f3 .
> 
> Shouldn't amd64:grub-xen and i386:grub-xen read amd64/*:grub-xen and
> i386/*:grub-xen, respectively, when matching against $ARCH:$grub_package ?

Since ARCH is set through archdetect, and since archdetect.c (in
hw-detect) has this as final code:

printf("%s/%s\n", CPU_TEXT, subarch);

… it seems to me we really should be checking for something like what
you're suggesting.

Would you be interested in helping test an image with this fix included?
I can build an amd64 netinst and upload that for your to try.


KiBi.


signature.asc
Description: Digital signature

Bug#853855: (no subject)

[Ian Campbell]

On Fri, 2017-02-03 at 15:51 +0100, Emmanuel Kasper wrote:
> Actually on further research, net.ifnames and most dot-containing
> parameters are not here for the kernel, but to configure on boot
> various systemd components,

d-i doesn't use systemd, does it?

Ian.

Bug#850982: [pkg-gnupg-maint] Bug#850982: closed by Daniel Kahn Gillmor <d...@fifthhorseman.net> (Bug#850982: fixed in gnupg2 2.1.17-6)

[Daniel Kahn Gillmor]

On Sat 2017-01-28 11:48:05 -0500, Yuri D'Elia wrote:
> On Wed, Jan 18 2017, Debian Bug Tracking System wrote:
>> Their explanation is attached below along with your original report.
>> If this explanation is unsatisfactory and you have not received a
>> better one in a separate message then please contact Daniel Kahn Gillmor 
>>  by
>> replying to this email.
>
> I'm not completely satisfied, unfortunately.
> I'd like to disable this service for *all* users by default on servers.
>
> It seems there's no systemctl command for this.

Sure there is, you can use --global to affect user services for all
users.  This creates the symlinks in /etc/systemd/user.

> You can mask the service by creating links in /etc/systemd/user/, but
> then each user session generates the following warning:
>
>   gpg-agent.socket: Cannot add dependency job, ignoring: Unit 
> gpg-agent.socket is masked.

Yes, that's true.  I'm not sure i understand your concern though, or why
you want these things masked.  Can you explain what you're aiming to
avoid?

If the user doesn't try to use the agent, no gpg-agent will be launched.
If the user tries to use the agent from gpg or related tools anyway,
then the agent will be auto-launched (by gpg!) even if you've disabled
the systemd socket.  What's the harm in leaving the sockets enabled?

--dkg


signature.asc
Description: PGP signature

Bug#854094: libreswan FTBFS on x32 due to missing

[Daniel Schepler]

On Fri, Feb 3, 2017 at 3:29 PM, Daniel Kahn Gillmor
 wrote:
> Package: libreswan
> Version: 3.19-2
> X-Debbugs-Cc: x...@buildd.debian.org, swan-...@lists.libreswan.org
>
> Hi Debian x32 builders--
>
> I note that libreswan is failing to build from source on the x32
> platform due to a missing sys/time.h:
>
> https://buildd.debian.org/status/fetch.php?pkg=libreswan=x32=3.19-2=1486146097=0
>
> …
> /<>/linux/include/libreswan.h:44:22: fatal error: sys/time.h: No 
> such file or directory
>  #include 
>   ^
>
> the code in linux/include/libreswan.h is just:
>
>  42 #if !defined(__KERNEL__)
>  43
>  44 #include 
>  45 #include 
>  46
>
> It builds on other debian platforms without a problem.  Is something
> significantly different on x32 that we should know about?

It's trying to build with -m64, which would be a cross build for amd64
rather than a native build for x32.  (So, the immediate symptom is
caused by the compiler looking for sys/time.h in
/usr/include/x86_64-linux-gnu and not finding it there because
libc6-dev-amd64 isn't installed.)
-- 
Daniel

Bug#854096: The default depth should really be changed

[Ola Lundqvist]

Package: tigervncserver
Severity: important

The default depth 32 is not really suitable for usual operation. There
are quite a few clients that bug (crashes with this) out and the
protocol get a lot of extra overhead that should not be needed.

Quote from another bug report:
"I see - how are the poor users going to work out that they need to
try -depth 24, per the warning in man xtigervnc, to get their, eg
Java, text rendered properly? "

and:
"I have tested -depth 32 with some applications and it really is a
problem, i.e., VMware workstation bugs out with this setting. I think
we should switch the default to -depth 24."

Best regards

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#854062: xournal: Hangs upon pressing Ctrl-S (for saving)

[Carlo Segre]

Hi Philipp:

I have not observed this problem on my sid system.  I have the following 
packages installed and Ctrl-S and Ctrl-Q work fine.


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xournal depends on:
ii  ghostscript-x9.20~dfsg-1
ii  libart-2.0-2 2.3.21-2
ii  libatk1.0-0  2.22.0-1
ii  libc62.24-9
ii  libcairo21.14.8-1
ii  libfontconfig1   2.11.0-6.7
ii  libfreetype6 2.6.3-3+b1
ii  libgdk-pixbuf2.0-0   2.36.4-1
ii  libglib2.0-0 2.50.2-2
ii  libgnomecanvas2-02.30.3-3
ii  libgtk2.0-0  2.24.31-1
ii  libpango-1.0-0   1.40.3-3
ii  libpangocairo-1.0-0  1.40.3-3
ii  libpangoft2-1.0-01.40.3-3
ii  libpoppler-glib8 0.48.0-2
ii  zlib1g   1:1.2.8.dfsg-4

It also works with kernel 4.8.0-2-amd64.  That is the only difference I 
see.


Carlo

On Fri, 3 Feb 2017, Philipp Marek wrote:


Package: xournal
Version: 1:0.4.8-1
Severity: normal

Steps to reproduce:

1) Start xournal with some PDF file
   # xournal /tmp/foo.pdf
2) Press Ctrl-S

No window asking for a filename, Ctrl-Q, the other keybindings, and the
mouse don't work anymore.

This is really awful - working without saving is worse than not working ;/


xournal did work fine in the past, so perhaps it's some other part of the
system it tries to communicate with that's not responding?!


-- System Information:
Debian Release: 9.0
 APT prefers testing
 APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xournal depends on:
ii  ghostscript-x9.20~dfsg-1
ii  libart-2.0-2 2.3.21-2
ii  libatk1.0-0  2.22.0-1
ii  libc62.24-9
ii  libcairo21.14.8-1
ii  libfontconfig1   2.11.0-6.7
ii  libfreetype6 2.6.3-3+b1
ii  libgdk-pixbuf2.0-0   2.36.4-1
ii  libglib2.0-0 2.50.2-2
ii  libgnomecanvas2-02.30.3-3
ii  libgtk2.0-0  2.24.31-1
ii  libpango-1.0-0   1.40.3-3
ii  libpangocairo-1.0-0  1.40.3-3
ii  libpangoft2-1.0-01.40.3-3
ii  libpoppler-glib8 0.48.0-2
ii  libx11-6 2:1.6.4-3
ii  zlib1g   1:1.2.8.dfsg-4

xournal recommends no packages.

xournal suggests no packages.

-- no debconf information



--
Carlo U. Segre -- Duchossois Leadership Professor of Physics
Interim Chair, Department of Chemistry
Director, Center for Synchrotron Radiation Research and Instrumentation
Illinois Institute of Technology
Voice: 312.567.3498Fax: 312.567.3494
se...@iit.edu   http://phys.iit.edu/~segre   se...@debian.org

Bug#853727: unblock: limnoria/2017.01.10-1

[Emilio Pozuelo Monfort]

On 31/01/17 12:14, Mattia Rizzolo wrote:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package limnoria.
> 
> It is a new upstream, yes, but
> 1) it's a leaf package
> 2) it has a very extensive testsuite
> 3) the changes are so minimal...
> 4) it fixes the only bug this package has ;)
> 
> Attached a debdiff against the current version in stretch.
> 
> unblock limnoria/2017.01.10-1

Done, but now you owe me two RC bug fixes.

Cheers,
Emilio

Bug#853770: unblock: pyro4

[Emilio Pozuelo Monfort]

On 31/01/17 19:18, Laszlo Boszormenyi (GCS) wrote:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi Release Team,
> 
> I don't want to hide that due to my mistake, pyro4 package migrated to
> Stretch without the selectors34 dependency of python2-pyro4 even
> packaged. It was only partly fixed with importing the selectors module
> instead[1] - that fixes the client mode but the multiplexed server
> still fails (the user have to change to the threadpool variant).
> 
> I see the following solutions:
> 1) Drop the python2 variant of Pyro4 and only ship the python3 one
>(worst case).
> 2) Allow the packaged selectors34 module[2] to Stretch (not yet
>uploaded) as it's an one file module.
> 3) Add the selectors34.py to the pyro4 package, debdiff to the Stretch
>version is attached.
> 4) Use the upstream commit not to fail with the import, but inform the
>user to switch to the threadpool variant with a RuntimeError[3]
>when using the Python 2 variant.
> 
> Which solution would be allowed for Stretch?

bootstrap-vz depends on python2-pyro4, so we can't just drop it.

I don't like 2, I'd rather add a new source than embed this inside pyro.

Please upload selectors34 and I'll see about granting an exception to fix this
RC bug.

Cheers,
Emilio

Bug#851667: #851667 "fix" breaks openjdk 8 on Jessie

[DJDavid98]

​For anyone else having issues with installing Java 8 now, I managed to get
back up and running by using Oracle's official version of Java.

​For convenience here's a list of commands one has to run to get Java 8
working on their Debian Jessie machine​ (until this issue gets resolved):

echo -e "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial
main\ndeb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main"
> /etc/apt/sources.list.d/webupd8team-java.list
sudo apt-get update
sudo apt-get install oracle-java8-installer
echo "JAVA_HOME=\"/usr/lib/jvm/java-8-oracle\"" > /etc/environment
source /etc/environment

Bug#854090: gcc-6: Please enable PIE hardening flags by default on sparc*

[James Clarke]

Package: gcc-6
User: debian-sp...@lists.debian.org
Usertags: sparc64
X-Debbugs-Cc: debian-sp...@lists.debian.org

Please enable PIE by default on sparc and sparc64.

Regards,
James

Bug#853927: debian-installer: Hang in os-prober in "dmsetup create -r osprober-linux-sda1"

[Scott Leggett]

On 2017-02-03.13:42, Cyril Brulebois wrote:
> 
> This is rather strange. Are you sure it was hanging on the *sda1* partition?
> 

Yep - at least, the title of the bug shows the command that was blocking
(I waited 5 min or so for it before killing it..)

> The LVM fix was about adding this codepath:
> | elif [ "$types" = LVM2_member ]; then
> | debug "$1 is an LVM member; skipping"
> | exit 0
> 
> right after this one:
> | elif [ "$types" = crypto_LUKS ]; then
> | debug "$1 is a LUKS partition; skipping"
> | exit 0
> 
> and we seem to have a crypto_LUKS partition as sda1, so I'm not sure why
> the dmsetup create thing was even attempted. Adding Colin & Ivo to cc,
> maybe they'll have an answer.
> 
> Direct crypto_LUKS looks like something we should be supporting, even if
> that's not something one can achieve with a guided setup; so I'd
> consider this less urgent than the LVM fix we needed to release Stretch
> RC 2, yet nice to fix.

A couple more data points:

I've used the Stretch RC1 installer without issue on another workstation
with a somewhat similar disk layout - the difference being that it had
only one physical drive (one LVM physical volume on a single crypto_LUKS
device).

I've also installed Jessie on several machines with a very similar
partitioning layout as in this bug report (two drives) without issue.

-- 
Regards,
Scott.


signature.asc
Description: PGP signature

Bug#854082: grub-installer: grub-xen fails to install on i386 or amd64 PV guest

[Cyril Brulebois]

Cyril Brulebois  (2017-02-03):
> Would you be interested in helping test an image with this fix
> included? I can build an amd64 netinst and upload that for your to
> try.

If you're so inclined, here's an image with grub-installer 1.137,
including the change you've suggested:
  https://mraw.org/~kibi/debian-stretch-rc2+xen.iso (~ 300 MB)

sha1sum: 61cca963a5d3bf3cbb33d802b2e337be0f16f643

[Note: This image will be removed from my server once the bug has been
addressed.]

BTW, I think the issue might have been triggered by having the following
line as the first entry of the “case” statement:

*:grub|*:grub-pc|*:grub-efi*|sparc:grub-ieee1275|ppc64el/*:grub-ieee1275)

One might not realize the first part is an “full” architecture,
following the arch/subarch formatn.

Speaking of which, the “sparc:grub-ieee1275” part probably doesn't work…


KiBi.


signature.asc
Description: Digital signature

Bug#853935: rephrase: No more works with gpg2 and causes one pinentry popup per guess

[Daniel Kahn Gillmor]

On Fri 2017-02-03 14:46:43 -0500, Axel Beckert wrote:
> The attached patch works for me with gpg aka gpg2.
>
> I'd also upload it as NMU in case I don't hear from the Debian
> Forensics team in time before a potential removal from testing (or if
> the team prefers the NMU).

Awesome.  This is very much appreciated, Axel!

 --dkg


signature.asc
Description: PGP signature

Bug#852758: procps: pkill returns success on failure due to operation not permitted

[Craig Small]

tags 852758 upstream fixed-upstream
thankyou

On Fri, Jan 27, 2017 at 2:21 PM Adrian Riordan <
adrian.rior...@beyondcron.com> wrote:

> When trying kill a process with insufficient privileges (see blow), pkill
> displays the error message “... failed: Operation not permitted”, but
> returns 0. Surely it should return 3?

Hi Adrian,
  Thankyou for the bug report.  This is definitely inconsistent with the
other kill type programs and 0 is not the right answer!

3 isn't the right either because not being able to kill something is not
fatal; you may have 2 processes and can kill one and not the other.  The
other programs use 1 so we have used this for pkill too.

The upstream commit is at
https://gitlab.com/procps-ng/procps/commit/625d0809daa5b666d9f5834bebcdc458799221f3

 - Craig

-- 
Craig Small (@smallsees)   http://dropbear.xyz/ csmall at : enc.com.au
Debian GNU/Linux   http://www.debian.org/   csmall at : debian.org
GPG fingerprint:5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5

Bug#854092: Multiple security issues in libevent

[Guido Günther]

Package: libevent
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for libevent.

CVE-2016-10197[0]
CVE-2016-10196[1]
CVE-2016-10195[2]

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
[1] https://security-tracker.debian.org/tracker/CVE-2016-10196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
[2] https://security-tracker.debian.org/tracker/CVE-2016-10195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195

Please adjust the affected versions in the BTS as needed.

Cheers,
 -- Guido

Bug#854093: [PATCH] [ARM64] kexec fails to load compressed kernel.

[Manoj Iyer]

Attached is a patch that adds compressed kernel support for ARM64. Debian 
does not ship compressed kernels, the test results below show that 
original functionality is maintained. Please review and apply to 
kexec-tools package.


== Before Patch ==
kexec-tools (1:2.0.14-1)

root@debian:/home/ubuntu# kexec -l /boot/vmlinuz-4.9.0-1-arm64 
--initrd=/boot/initrd.img-4.9.0-1-arm64 
--append="root=UUID=010a5260-8c6d-444c-82cd-6cf9b0cbc120 ro"
root@debian:/home/ubuntu# kexec -e

Debian GNU/Linux 9 debian ttyAMA0

debian login: [   26.369875] kexec_core: Starting new kernel
[0.00] Booting Linux on physical CPU 0x0
[0.00] Linux version 4.9.0-1-arm64 (debian-ker...@lists.debian.org) 
(gcc version 6.2.1 20161124 (Debian 6.2.1-5) ) #1 SMP Debian 4.9.2-2+kexec.1 
(2017-01-25)
[0.00] Boot CPU: AArch64 Processor [510f8000]
[0.00] efi: Getting EFI parameters from FDT:
[0.00] efi: EFI v2.60 by EDK II
[0.00] efi:  SMBIOS 3.0=0x13bdb  ACPI 2.0=0x1386d  
MEMATTR=0x13af01898

[  OK  ] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 debian ttyAMA0

debian login:


== After Patch ==
kexec-tools (1:2.0.14-1.1)

root@debian:/home/ubuntu# kexec -l /boot/vmlinuz-4.9.0-1-arm64 
--initrd=/boot/initrd.img-4.9.0-1-arm64 
--append="root=UUID=010a5260-8c6d-444c-82cd-6cf9b0cbc120 ro"
root@debian:/home/ubuntu# kexec -e

Debian GNU/Linux 9 debian ttyAMA0

debian login: [ 1669.265708] kexec_core: Starting new kernel
[0.00] Booting Linux on physical CPU 0x0
[0.00] Linux version 4.9.0-1-arm64 (debian-ker...@lists.debian.org) 
(gcc version 6.2.1 20161124 (Debian 6.2.1-5) ) #1 SMP Debian 4.9.2-2+kexec.1 
(2017-01-25)
[0.00] Boot CPU: AArch64 Processor [510f8000]
[0.00] efi: Getting EFI parameters from FDT:
[0.00] efi: EFI v2.60 by EDK II
[0.00] efi:  SMBIOS 3.0=0x13bdb  ACPI 2.0=0x1386d  
MEMATTR=0x13af01898
[0.00] psci: probing for conduit method from DT.
[0.00] psci: PSCIv0.2 detected in firmware.
[0.00] psci: Using standard PSCI v0.2 function IDs
[0.00] psci: Trusted OS migration not required

.
[  OK  ] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 debian ttyAMA0

debian login:

Thanks
--

Manoj Iyer
Ubuntu/Canonical
ARM Servers - Cloud
diff -Nru kexec-tools-2.0.14/debian/changelog kexec-tools-2.0.14/debian/changelog
--- kexec-tools-2.0.14/debian/changelog	2017-01-25 14:36:57.0 -0500
+++ kexec-tools-2.0.14/debian/changelog	2017-02-03 18:53:35.0 -0500
@@ -1,3 +1,9 @@
+kexec-tools (1:2.0.14-1.1) UNRELEASED; urgency=medium
+
+  * Enable compressed kernel support for ARM64 (Closes: #854093)
+
+ -- Manoj Iyer   Fri, 03 Feb 2017 18:53:35 -0500
+
 kexec-tools (1:2.0.14-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru kexec-tools-2.0.14/debian/control kexec-tools-2.0.14/debian/control
--- kexec-tools-2.0.14/debian/control	2017-01-25 14:36:57.0 -0500
+++ kexec-tools-2.0.14/debian/control	2017-02-03 18:53:35.0 -0500
@@ -3,7 +3,7 @@
 Homepage: http://kernel.org/pub/linux/utils/kernel/kexec/
 Priority: optional
 Maintainer: Khalid Aziz 
-Build-Depends: debhelper (>= 7.0.0), dh-autoreconf, gnu-efi (>=3.0a-4)[ia64], libz-dev[ia64], po-debconf
+Build-Depends: debhelper (>= 7.0.0), dh-autoreconf, gnu-efi (>=3.0a-4)[ia64], libz-dev [arm64 ia64], po-debconf
 Standards-Version: 3.9.8
 
 Package: kexec-tools

Bug#854095: RM: tigervnc [armel armhf] -- ROM; FTBFS

[Ola Lundqvist]

Package: ftp.debian.org

I'd like you to remove some binary packages from testing as it
prevents tigervnc from entering
testing.

Please remove:
tigervnc-common
tigervnc-scraping-server
tigervnc-standalone-server
tigervnc-viewer
tigervnc-xorg-extension
from armel and armhf.

Best regards

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#854097: unblock tigervnc/1.7.0+dfsg-5

[Ola Lundqvist]

Subject: unblock: tigervnc/1.7.0+dfsg-5
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package tigervnc

The reasons for the unblock request are:
- Solving an important bug regarding default depth. #854096.
- Solving an issue preventing libvnc.so from being loaded. #851842.
  Without this one of the binary packages is essentially useless.
- Solved CVE-2017-5581 #852213.

There are also some other cleanup made in debian/rules. It is not
documented in the changelog but it was very useful when fixing
#851842.

Three debdiffs attached. One for each release after the one in testing.

unblock tigervnc/1.7.0+dfsg-5

-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---


3.debdiff
Description: Binary data


2.debdiff
Description: Binary data


1.debdiff
Description: Binary data

Bug#852788: versions of broken dependent software

[j.wuttke]

Package: cmake
Version: 3.7.2-1

Package: libreoffice
Version: 1:5.2.4-2

Bug#854026: ITP: python-scrapy-djangoitem -- Scrapy extension to write scraped items using Django models

[Michael Fladischer]

Package: wnpp
Severity: wishlist
Owner: Michael Fladischer 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-scrapy-djangoitem
  Version : 1.1.1
  Upstream Author : Scrapy developers
* URL : https://github.com/scrapy-plugins/scrapy-djangoitem
* License : BSD-3-clause
  Programming Lang: Python
  Description : Scrapy extension to write scraped items using Django models

 scrapy-djangoitem is an extension that allows you to define Scrapy items using
 existing Django models. This utility provides a new class, named DjangoItem,
 that you can use as a regular Scrapy item and link it to a Django model with
 its django_model attribute.

-BEGIN PGP SIGNATURE-

iQFFBAEBCgAvFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAliUQvwRHGZsYWRpQGRl
Ymlhbi5vcmcACgkQ/9PIi5l90WpA7gf/cVU6h1PsIy67dH7RWsoyGkvWe0zWTpJp
VRWmOGwpSsjEWY43HUl+ohAK8PYL4wG/8Fs1rGpSuPE1/Pgc88t0UnP3v3jk2ApO
OJjdNlhuCZUf8XXuOkVaL9xKwJGx8sxGqrWZt/KRJGnq9JtZvxgoYITPwb4JScLB
3QXgKYAYWoRRCsVCnunrScv0eab1XdLSnzNYoRG/lTe4uvDMlQEP0BvJ4drSz9vR
ydXR6hCz28EzmDDSt3Rvrmj2LxgKHlMx2Hz+akwnBitoOM5YgPtl9ykVBMebaRjt
61208qg3HvlI492BMLoP+fszHWT1Vbg53qcWyMzL9GRD6dBIOUdTkw==
=nSef
-END PGP SIGNATURE-

Bug#853134: Pending fixes for bugs in the svgsalamander package

[pkg-java-maintainers]

tag 853134 + pending
thanks

Some bugs in the svgsalamander package are closed in revision
975eaafa1bc3696ecf70b417de6109cf94094645 in branch '  wheezy' by Bas
Couwenberg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/svgsalamander.git/commit/?id=975eaaf

Commit message:

Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).

(closes: #853134)

Bug#727651: keepass2: need of debug output?

[Wojciech Błaszczuk]

I'm not a maintainer ;) but...

If you really don't like it you still edit that file...:
vim /usr/bin/keepass2

...like that...:

exec /usr/bin/cli /usr/lib/keepass2/KeePass.exe "$@" 2> /dev/null >
/dev/null

;)

On Thu, 12 May 2016 20:28:35 +0100 Sam Kuper 
wrote:
> Package: keepass2
> Version: 2.28+dfsg-1
> Followup-For: Bug #727651
>
> Dear Maintainer,
>
> I am experiencing what seems to be the same bug: unnecessary debug ouput,
and
> an unhandled exception upon quitting:
>
> $ keepass2 &
> $ SendMessage (33554474, 0x112c, 0x4, 0x4)
> SendMessage (33554468, 0x101f, (nil), (nil))
> SendMessage (0, 0x1203, (nil), 0xbff79650)
> SendMessage (0, 0x1204, (nil), 0xbff79650)
> SendMessage (0, 0x1203, 0x1, 0xbff79650)
> SendMessage (0, 0x1204, 0x1, 0xbff79650)
> SendMessage (0, 0x1203, 0x2, 0xbff79650)
> SendMessage (0, 0x1204, 0x2, 0xbff79650)
> SendMessage (0, 0x1203, 0x3, 0xbff79650)
> SendMessage (0, 0x1204, 0x3, 0xbff79650)
> SendMessage (0, 0x1203, 0x4, 0xbff79650)
> SendMessage (0, 0x1204, 0x4, 0xbff79650)
> SendMessage (33554468, 0x101f, (nil), (nil))
> SendMessage (0, 0x1203, (nil), 0xbff79610)
> SendMessage (0, 0x1204, (nil), 0xbff79610)
> SendMessage (0, 0x1203, 0x1, 0xbff79610)
> SendMessage (0, 0x1204, 0x1, 0xbff79610)
> SendMessage (0, 0x1203, 0x2, 0xbff79610)
> SendMessage (0, 0x1204, 0x2, 0xbff79610)
> SendMessage (0, 0x1203, 0x3, 0xbff79610)
> SendMessage (0, 0x1204, 0x3, 0xbff79610)
> SendMessage (0, 0x1203, 0x4, 0xbff79610)
> SendMessage (0, 0x1204, 0x4, 0xbff79610)
> SendMessage (33554468, 0x101f, (nil), (nil))
> SendMessage (0, 0x1203, (nil), 0xbff7a2a0)
> SendMessage (0, 0x1204, (nil), 0xbff7a2a0)
> SendMessage (0, 0x1203, 0x1, 0xbff7a2a0)
> SendMessage (0, 0x1204, 0x1, 0xbff7a2a0)
> SendMessage (0, 0x1203, 0x2, 0xbff7a2a0)
> SendMessage (0, 0x1204, 0x2, 0xbff7a2a0)
> SendMessage (0, 0x1203, 0x3, 0xbff7a2a0)
> SendMessage (0, 0x1204, 0x3, 0xbff7a2a0)
> SendMessage (0, 0x1203, 0x4, 0xbff7a2a0)
> SendMessage (0, 0x1204, 0x4, 0xbff7a2a0)
> SendMessage (33554460, 0x444, 0x1, 0x9b9ffa0)
> SendMessage (33554460, 0x444, 0x1, 0x9bcb780)
> SendMessage (33554460, 0x444, 0x1, 0x9bb9c50)
> SendMessage (33554460, 0x444, 0x1, 0x9bb9c50)
> SendMessage (33554460, 0x444, 0x1, 0x9c0ae58)
> SendMessage (33554460, 0x444, 0x1, 0x9c0ae58)
> SendMessage (33554460, 0x444, 0x1, 0x9c2cd90)
> SendMessage (33554460, 0x444, 0x1, 0x9c2cd90)
>
> Unhandled Exception:
> System.ArgumentException: A null reference or invalid value was found
[GDI+ status: InvalidParameter]
>   at System.Drawing.GDIPlus.CheckStatus (Status status) [0x0] in
:0
>   at System.Drawing.Graphics.GdipMeasureString (IntPtr graphics,
System.String text, System.Drawing.Font font, System.Drawing.RectangleF&
layoutRect, IntPtr stringFormat) [0x0] in :0
>   at System.Drawing.Graphics.MeasureString (System.String text,
System.Drawing.Font font, Int32 width, System.Drawing.StringFormat format)
[0x0] in :0
>   at (wrapper remoting-invoke-with-check)
System.Drawing.Graphics:MeasureString
(string,System.Drawing.Font,int,System.Drawing.StringFormat)
>   at System.Windows.Forms.TextRenderer.MeasureTextInternal
(IDeviceContext dc, System.String text, System.Drawing.Font font, Size
proposedSize, TextFormatFlags flags, Boolean useMeasureString) [0x0] in
:0

Bug#854028: unblock: svgsalamander/1.1.1+dfsg-2

[Bas Couwenberg]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package svgsalamander

It contains a patch by Vincent Privat to fix CVE-2017-5617 (#853134).

unblock svgsalamander/1.1.1+dfsg-2

Kind Regards,

Bas
diff -Nru svgsalamander-1.1.1+dfsg/debian/changelog 
svgsalamander-1.1.1+dfsg/debian/changelog
--- svgsalamander-1.1.1+dfsg/debian/changelog   2016-08-22 08:31:39.0 
+0200
+++ svgsalamander-1.1.1+dfsg/debian/changelog   2017-02-03 08:39:45.0 
+0100
@@ -1,3 +1,11 @@
+svgsalamander (1.1.1+dfsg-2) unstable; urgency=medium
+
+  * Team upload.
+  * Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
+(closes: #853134)
+
+ -- Bas Couwenberg   Fri, 03 Feb 2017 08:39:45 +0100
+
 svgsalamander (1.1.1+dfsg-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru 
svgsalamander-1.1.1+dfsg/debian/patches/0007-CVE-2017-5617-Allow-only-data-scheme.patch
 
svgsalamander-1.1.1+dfsg/debian/patches/0007-CVE-2017-5617-Allow-only-data-scheme.patch
--- 
svgsalamander-1.1.1+dfsg/debian/patches/0007-CVE-2017-5617-Allow-only-data-scheme.patch
 1970-01-01 01:00:00.0 +0100
+++ 
svgsalamander-1.1.1+dfsg/debian/patches/0007-CVE-2017-5617-Allow-only-data-scheme.patch
 2017-02-02 07:34:34.0 +0100
@@ -0,0 +1,109 @@
+Description: Fix CVE-2017-5617: svgSalamander SSRF (Server-Side Request 
Forgery)
+ See: http://www.openwall.com/lists/oss-security/2017/01/27/3
+Author: Vincent Privat
+Origin: https://josm.openstreetmap.de/changeset/11526/josm
+Bug: https://github.com/blackears/svgSalamander/issues/11
+Bug-Debian: https://bugs.debian.org/853134
+
+--- a/svg-core/src/main/java/com/kitfox/svg/ImageSVG.java
 b/svg-core/src/main/java/com/kitfox/svg/ImageSVG.java
+@@ -112,21 +112,10 @@ public class ImageSVG extends Renderable
+ if (getPres(sty.setName("xlink:href")))
+ {
+ URI src = sty.getURIValue(getXMLBase());
++// CVE-2017-5617: Allow only data scheme
+ if ("data".equals(src.getScheme()))
+ {
+ imageSrc = new URL(null, src.toASCIIString(), new 
Handler());
+-} else
+-{
+-try
+-{
+-imageSrc = src.toURL();
+-} catch (Exception e)
+-{
+-
Logger.getLogger(SVGConst.SVG_LOGGER).log(Level.WARNING,
+-"Could not parse xlink:href " + src, e);
+-//e.printStackTrace();
+-imageSrc = null;
+-}
+ }
+ }
+ } catch (Exception e)
+@@ -134,32 +123,33 @@ public class ImageSVG extends Renderable
+ throw new SVGException(e);
+ }
+ 
+-diagram.getUniverse().registerImage(imageSrc);
+-
+-//Set widths if not set
+-BufferedImage img = diagram.getUniverse().getImage(imageSrc);
+-if (img == null)
++if (imageSrc != null)
+ {
+-xform = new AffineTransform();
+-bounds = new Rectangle2D.Float();
+-return;
+-}
++diagram.getUniverse().registerImage(imageSrc);
+ 
+-if (width == 0)
+-{
+-width = img.getWidth();
+-}
+-if (height == 0)
+-{
+-height = img.getHeight();
+-}
++//Set widths if not set
++BufferedImage img = diagram.getUniverse().getImage(imageSrc);
++if (img == null)
++{
++xform = new AffineTransform();
++bounds = new Rectangle2D.Float();
++return;
++}
+ 
+-//Determine image xform
+-xform = new AffineTransform();
+-//xform.setToScale(this.width / img.getWidth(), this.height / 
img.getHeight());
+-//xform.translate(this.x, this.y);
+-xform.translate(this.x, this.y);
+-xform.scale(this.width / img.getWidth(), this.height / 
img.getHeight());
++if (width == 0)
++{
++width = img.getWidth();
++}
++if (height == 0)
++{
++height = img.getHeight();
++}
++
++//Determine image xform
++xform = new AffineTransform();
++xform.translate(this.x, this.y);
++xform.scale(this.width / img.getWidth(), this.height / 
img.getHeight());
++}
+ 
+ bounds = new Rectangle2D.Float(this.x, this.y, this.width, 
this.height);
+ }
+@@ -328,16 +318,14 @@ public class ImageSVG extends Renderable
+ {
+ URI src = sty.getURIValue(getXMLBase());
+ 
+-URL newVal;
++URL newVal = null;
++// CVE-2017-5617: Allow only data scheme
+ if ("data".equals(src.getScheme()))
+ 

Bug#715152: Re: Bug#715152: Info received (Bug#715152: keepass2: Crash when entering numbers in bépo.)

[Wojciech Błaszczuk]

I have a guess.

Could you try this fix?

VVV

As Windows.Forms is not longer activly maintained, here is a workaround
(Thanks to mengesh)

Add --verify-all to the mono command in the /usr/bin/keepass file.

#!/bin/shexec mono --verify-all /usr/share/keepass/KeePass.exe "$@"
^^^

found here and for me works with the issue mentioned here:
https://sourceforge.net/p/keepass/bugs/1545/#1618



On Mon, 26 Aug 2013 12:41:56 +0200 Guillaume Seren 
wrote:
> On 06/07/2013 13:36, Debian Bug Tracking System wrote:
> > If you wish to submit further information on this problem, please
> > send it to 715...@bugs.debian.org.
>
> Hi,
> I am still having the issue, and I would like to add some more
information.
>
> I think it may be related to mono.
>
>
> Stacktrace:
>
>   at  <0x>
>   at (wrapper managed-to-native)
> System.Windows.Forms.X11Keyboard.Xutf8LookupString
>
(intptr,System.Windows.Forms.XEvent&,byte[],int,intptr&,System.Windows.Forms.XLookupStatus&)
> <0x>
>   at System.Windows.Forms.X11Keyboard.LookupString
>
(System.Windows.Forms.XEvent&,int,System.Windows.Forms.XKeySym&,System.Windows.Forms.XLookupStatus&)
> <0x0009b>
>   at System.Windows.Forms.X11Keyboard.ToUnicode (int,int,string&)
<0x002ef>
>   at System.Windows.Forms.X11Keyboard.TranslateMessage
> (System.Windows.Forms.MSG&) <0x00127>
>   at System.Windows.Forms.XplatUIX11.TranslateMessage
> (System.Windows.Forms.MSG&) <0x0001b>
>   at System.Windows.Forms.XplatUI.TranslateMessage
> (System.Windows.Forms.MSG&) <0x0001a>
>   at System.Windows.Forms.Application.RunLoop
> (bool,System.Windows.Forms.ApplicationContext) <0x00a0b>
>   at System.Windows.Forms.Form.ShowDialog
> (System.Windows.Forms.IWin32Window) <0x00787>
>   at System.Windows.Forms.Form.ShowDialog () <0x00013>
>   at (wrapper remoting-invoke-with-check)
> System.Windows.Forms.Form.ShowDialog () <0x>
>   at KeePass.UI.UIUtil.ShowDialogAndDestroy (System.Windows.Forms.Form)
> <0x0001f>
>   at KeePass.Forms.MainForm.OnEntryAdd (object,System.EventArgs) <0x002eb>
>   at KeePass.Forms.MainForm.OnPwListKeyDown
> (object,System.Windows.Forms.KeyEventArgs) <0x00233>
>   at (wrapper delegate-invoke)
> .invoke_void__this___object_KeyEventArgs
> (object,System.Windows.Forms.KeyEventArgs) <0x>
>   at System.Windows.Forms.Control.OnKeyDown
> (System.Windows.Forms.KeyEventArgs) <0x00052>
>   at KeePass.UI.CustomListViewEx.OnKeyDown
> (System.Windows.Forms.KeyEventArgs) <0x00057>
>   at System.Windows.Forms.Control.ProcessKeyEventArgs
> (System.Windows.Forms.Message&) <0x00084>
>   at System.Windows.Forms.Control.ProcessKeyMessage
> (System.Windows.Forms.Message&) <0x0003f>
>   at System.Windows.Forms.Control.WmKeys (System.Windows.Forms.Message&)
> <0x00018>
>   at System.Windows.Forms.Control.WndProc
> (System.Windows.Forms.Message&) <0x0032f>
>   at System.Windows.Forms.ListView.WndProc
> (System.Windows.Forms.Message&) <0x00077>
>   at System.Windows.Forms.Control/ControlWindowTarget.OnMessage
> (System.Windows.Forms.Message&) <0x0001a>
>   at System.Windows.Forms.Control/ControlNativeWindow.WndProc
> (System.Windows.Forms.Message&) <0x0002b>

Bug#771441: [syslinux] Bug#771441: [PATCH tftpd-hpa] tftpd: don't use AI_CANONNAME and AI_ADDRCONFIG to resolve addresses for bind

[Uwe Kleine-König]

On Fri, Feb 03, 2017 at 03:40:32PM +1030, Ron wrote:
> On Thu, Feb 02, 2017 at 02:22:47PM +0100, Uwe Kleine-König wrote:
> > On Thu, Feb 02, 2017 at 04:08:49PM +1030, Ron via Syslinux wrote:
> >
> > > The use of AI_PASSIVE here is a placebo.  That flag has no effect unless
> > > address was NULL, and if that was true, neither of the hunks here would
> > > actually be executed in the first place.
> > 
> > Right. Today it only has an effect if the first argument to getaddrinfo
> > is NULL. The intension (IIUC) is that it should be used when you plan to
> > feed the result to bind (opposed to connect).
> 
> What do you mean by "Today"?  Both SuSv4 and the Linux man page are
> unequivocal about the _only_ use of that flag being to special case
> a NULL address (meaning 'this machine') to return either the wildcard
> address or the LOOPBACK address.

I had in mind that at some point in the future (say with ipv8 or
802.11t-2042) the flag might mean more. I'd say the intension is to use
AI_PASSIVE if you plan to listen on this address, so it seemed right to
use it.  But I'm willing to restrict the discussion to the removing of
AI_ADDRCONFIG.

> > > Using AI_CANONNAME here should be harmless at worst.  So the only actual
> > > change is to drop AI_ADDRCONFIG - the flag which limits getaddrinfo to
> > > returning only the address families that are actually supported by the
> > > configured interfaces on the system.  And ordinarily that would seem to
> > > be a fairly uncontroversially Good Thing to do, for both connecting and
> > > listening sockets.
> > 
> > The downside of using AI_ADDRCONFIG is that it makes binding to 0.0.0.0
> > (or ::) fail when no interface is up yet.
> 
> That seems to be where we disagree.  I don't see it as a 'downside' that
> if you explicitly say "I want to bind to IPv4 addresses" (or IPv6), and
> you don't actually have any, that this should fail early and loudly to
> warn you about either misconfiguration, or some other more serious
> failure, occurring.

If I want to bind to 0.0.0.0 and no interface (but lo which might be
good enough for me) is up this might be intensionally. This way I might
be able to speed up system boot because I don't have to wait until all
interfaces are up before I start the daemon. Of course this doesn't help
if I configure tftp to listen on an explicit address, but that's a
different problem that's out of scope of my patch.

> If you passed a name instead of a numeric address, you'd only get the
> address families the machine actually supported.  If you pass a numeric
> address in a particular family, you get a sanity check that it's valid.
> 
> If you (personally) don't care about that, just don't pass an explicit
> address.
> 
> The downsides of not using AI_ADDRCONFIG can't be remedied so easily.

IMHO AI_ADDRCONFIG is at best an optimisation for programs that use a
socket to connect(2). It's not that sensible for sockets to listen.

Consider I do:

tftpd -a tftpd.mycompany.com:tftpd

and tftpd.mycompany.com resolves to both an ipv4 and an ipv6 address. If
the server has an ipv4 problem it just starts to listen on the ipv6
address with AI_ADDRCONFIG. Does this sound wrong only for me?

> > If we can agree in principle I can rework the patch to make one change
> > per patch:
> 
> I'm far less concerned about the format of the patch, than the details
> of what it's actually hoping to achieve.
> 
> If all of the reasons for doing this are just different ways of saying
> "if we do less sanity checking, then misconfiguration and broken tools
> won't annoy me as often" - that's not very compelling.

I tried hard to show good reasons that this is not the motivation for
this change. I don't say "drop all sanity checking", I'm only saying
"don't refuse to work as good as you can".

> Doubly not so when there already is a way you can configure this for
> your own use which does already bypass them.  Simply disabling that
> for everyone and every configuration isn't a good answer.
> 
> > > So unless upstream sees this differently, I still think we'd need to see
> > > some stronger rationale for why that isn't a Good Thing in this particular
> > > case than just "Dropping that flag hides a real bug in NetworkManager".
> > 
> > This is not the (only) reason for me. This is mostly only how it showed
> > up for some people, but still there are more IMHO good reasons to fix
> > it:
> > 
> >  - inconsistent behaviour when no interface is up: -a 0.0.0.0 fails,
> >-a :: fails, not passing -a doesn't fail and makes tftpd bind to all
> >interfaces.
> 
> I don't see how that is 'inconsistent'?  If you ask for an explicit
> address (family) you get a sanity check that (support for it) is
> available.  If you say you don't care, then tftpd doesn't either.

If I don't pass -a that's not "I don't care" but "bind to 0.0.0.0 and
::". To make it more explicit:

 - If the admin requests 0.0.0.0 this is denied because there is no ipv4
   address on any interface.
 - If 

Bug#854029: RM: yocto-reader -- ROM; unmaintained upstream

[Loic Dachary]

Package: ftp.debian.org
Severity: normal

I would like to remove yocto-reader from the Debian archive.
It has been unmaintained in Debian and upstream for years.

-- 
Loïc Dachary, Artisan Logiciel Libre

Bug#854025: calendar-exchange-provider: Accepting Event does not work any more in 3.9

[Anders Boström]

Package: calendar-exchange-provider
Version: 3.9.0-1
Severity: important

Hi!

After upgrade from 3.8 to 3.9, accepting events does not work any
more. It seems to be a known upstream issuee, see
https://github.com/Ericsson/exchangecalendar/issues/542

As suggested in
https://github.com/Ericsson/exchangecalendar/issues/549
patching
/usr/share/xul-ext/calendar-exchange-provider/interfaces/exchangeCalendar/mivExchangeCalendar.js
 

and changing the lines
---
input.proposeStart = 
cal.toRFC3339(proposeStart.getInTimezone(this.globalFunctions.ecUTC()));
input.proposeEnd   = cal.toRFC3339(proposeEnd.getInTimezone(  
this.globalFunctions.ecUTC()));
---

to
---
if ( proposeStart )
{ input.proposeStart = 
cal.toRFC3339(proposeStart.getInTimezone(this.globalFunctions.ecUTC())); }
if ( proposeEnd )
{ input.proposeEnd   = cal.toRFC3339(proposeEnd.getInTimezone(  
this.globalFunctions.ecUTC()));  }
---

fixes the problem for me.

/ Anders

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (94, 
'proposed-updates'), (60, 'testing'), (45, 'testing-proposed-updates'), (40, 
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=sv_SE.utf8, LC_CTYPE=sv_SE.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to sv_SE.UTF8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages calendar-exchange-provider depends on:
ii  icedove   1:45.6.0-1~deb8u1
ii  iceowl-extension  1:45.6.0-1~deb8u1

calendar-exchange-provider recommends no packages.

calendar-exchange-provider suggests no packages.

-- no debconf information

-- debsums errors found:
debsums: changed file 
/usr/share/xul-ext/calendar-exchange-provider/interfaces/exchangeCalendar/mivExchangeCalendar.js
 (from calendar-exchange-provider package)

Bug#853134: Pending fixes for bugs in the svgsalamander package

[pkg-java-maintainers]

tag 853134 + pending
thanks

Some bugs in the svgsalamander package are closed in revision
c78ebe2de2e70bc6b69600f1c5878951013f4ba1 in branch '  jessie' by Bas
Couwenberg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/svgsalamander.git/commit/?id=c78ebe2

Commit message:

Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).

(closes: #853134)