Bug#876669: postgresql: cannot make standard postgresql clusters log to stderr or syslog

[Daniel Kahn Gillmor]

Package: postgresql
Version: 9.6+184
Severity: normal

I'm running postgresql 9.6 in a minimal virtual machine (with systemd
as pid 1), where nothing else is writing to /var/log (with the
exception of systemd-journald, when configured for non-ephemeral
logging).

however, the postgresql 9.6-main cluster is logging to
/var/log/postgresql/postgresql-9.6-main.log -- i'd rather keep the
logging centralized on this host, rather than having individual
daemons write their own logfiles.

So I'd like the cluster to log to stderr (or syslog), to have it not
have to contemplate log rotation at all.  I've uncommented the
following in /etc/postgresql/9.6/main/postgresql.conf:

log_destination = 'stderr'
logging_collector = off

but this doesn't prevent the postgres process from re-opeing
/var/log/postgresql/postgresql-9.6-main.log.  I've traced the startup
code as far as pg_ctlcluster to where it looks like it's enforcing the
logging to /var/log, but i can't figure out how to get it to stop.
And pg_ctlcluster seems to define the active logging to the filesystem
as part of the "start" subcommand :/

How can i get it to not write to these logs?

--dkg

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), 
(200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages postgresql depends on:
ii  postgresql-9.6  9.6.5-1

postgresql recommends no packages.

Versions of packages postgresql suggests:
ii  postgresql-doc  9.6+184

-- no debconf information

Bug#876668: postinst is inconsistent

[Guido Günther]

control: reopen -1

Hi,
On Sun, Sep 24, 2017 at 07:26:45PM +0200, Mattia Rizzolo wrote:
> Hi Guido!
> 
> On Sun, Sep 24, 2017 at 06:58:07PM +0200, Guido Günther wrote:
> > Package: kopano-webapp-apache2
> 
> I can't find the package you mention below in the debian archive.  There
> is a kopano source package, with a binary that suggests kopano-webapp,
> but no kopano-webapp-apache2.
> 
> I'm closing this bug, as I believe you are running something that is not
> from the debian archive.

kopano-webapp is in NEW and so I think it makes sense to use the bug
tracker already to make sure things don't get lost (or is this
considered bad practice?).
Cheers,
 -- Guido

Bug#867727: RFS: parlatype/1.5.2-1 [ITP]

[Ross Gammon]

Control: tags -1 moreinfo

Hi Gabor,

Good work. We are nearly there!

The only thing I spotted, was the lack of a docbase file to help people
fire up the docs locally:
https://www.debian.org/doc/manuals/maint-guide/dother.en.html#doc-base

Would you like to maintain this within the Debian Multimedia Team? If so:
https://wiki.debian.org/DebianMultimedia/Join
and then follow the stuff in the Develop Packaging link there (to create
the git repository etc).
We can always do this before the next upload if you prefer. Just let me
know.

Some minor things we can work on for next time:
1. Lintian complains about there being no upstream changelog. As you are
upstream, maybe you can fix this? It is a nice service to our users to
see what changed in each version without going online. The Debian
changelog only contains changes in the packaging.
2. It would be nice to add some autopkgtests. For parlatype, that might
just be to run the binary command without a file to check that it
installs & doesn't crash. For the library & gir library you can compile
a simple app against the libraries to check they compile & run OK. If
you search on Debian Codesearch you will find examples.

Regards,

Ross



signature.asc
Description: OpenPGP digital signature

Bug#876675: snapper: Avoid filling up btrfs, as it break the system?

[Petter Reinholdtsen]

Package: snapper
Version: 0.5.0-2

Hi.  I use the FreedomBox with btrfs, and it is configured to use
snapper to take regular file system snapshots.  But as you can see from
https://bugs.debian.org/876514 >, this can bring down the system
if the btrfs file system fill up.

Could snapper be changed to restrict the amount of snapshots kept in
each category based on amount of free space on the file system, to avoid
filling up the disk with snapshots?

It would be great if snapper also provided a way to easily figure out
how much disk space a given snapshot uses.

Btw, are you aware of https://tracker.debian.org/pkg/zfsnap >,
which uses an interesting way to name snapshots (with timestamp and
duration), which make it quite easy to administrate the snapshots from
the command line.  Perhaps something similar could be done by snapper?

-- 
Happy hacking
Petter Reinholdtsen

Bug#784512: Is anybody working on PySide2?

[Dominique Belhachemi]

You can find some pyside2 packages in following Ubuntu PPA

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:thopiekar/pyside-git
sudo apt-get update
apt-get install python3-pyside2



For a quick test you can try to compile the packages in Debian testing.

# compile and install shiboken2
# you need at least clang 3.9, I tried it with 4.0
sudo apt install libclang-4.0-dev llvm-4.0 clang-4.0
dget
https://answers.launchpad.net/~thopiekar/+archive/ubuntu/pyside-git/+files/shiboken2_2.0.0.dev0-0~201708271303~rev1711~pkg53~ubuntu17.10.1.dsc
dpkg-source -x
shiboken2_2.0.0.dev0-0~201708271303~rev1711~pkg53~ubuntu17.10.1.dsc
sudo mk-build-deps --install ~/shiboken2-2.0.0.dev0/debian/control
cd shiboken2-2.0.0.dev0/
# switch to clang/llvm 4.0
PATH=/usr/lib/llvm-4.0/bin:$PATH
# may have to set this in debian/rules: CLANG_INSTALL_DIR :=
"/usr/lib/llvm-4.0/"
debuild -j16
# install the shiboken packages ...


# compile and install pyside2
dget
https://answers.launchpad.net/~thopiekar/+archive/ubuntu/pyside-git/+files/pyside2_2.0.0+dev-0~201708271303~rev1779~pkg53~ubuntu17.10.1.dsc
dpkg-source -x
pyside2_2.0.0+dev-0~201708271303~rev1779~pkg53~ubuntu17.10.1.dsc
sudo mk-build-deps --install ~/pyside2-2.0.0+dev/debian/control
cd pyside2-2.0.0+dev/
rm debian/source/format
debuild -j16
# install pyside2 packages ...


# run a pyside2 examples from http://code.qt.io/cgit/pyside/examples.git
e.g.
http://code.qt.io/cgit/pyside/examples.git/tree/examples/widgets/widgets/tetrix.py

Bug#843448: linux-image-4.8.0-1-armmp-lpae: fails to boot on Odroid-Xu4 with rootfs on USB

[Vagrant Cascadian]

On 2017-09-24, Jochen Sprickerhof wrote:
> Finally I had the time and hardware available to look into this again 
> and found a better way to fix it. Applying the attached patch results in 
> a new exynos5422-odroidxu4.dtb that could simply be copied to /boot/dtbs/*/
> I've tested this with the current kernel in sid (linux-image-4.12.0-2-armmp)
> as well as stretch (linux-image-4.9.0-3-armmp). More tests welcome.

Thanks!

I'm testing the patched .dtb on linux-image-4.9.0-3-armmp-lpae on two
machines and one machine running linux-image-4.13.0-trunk-armmp-lpae.
All use USB for rootfs and a build partition, so should test USB
reasonable well. Seems to work fine so far.

Using a patched .dtb is a much easier workaround than having to
recompile the whole kernel (and follow security updates and so on)!

I'd be happy to also do some testing with newer mainline kernels, if
you'd like to CC me on patch submissions upstream.


live well,
  vagrant

> Cheers Jochen
> From 0d3552be829d5a275d549cbf6ab468bfdb026e49 Mon Sep 17 00:00:00 2001
> From: Jochen Sprickerhof 
> Date: Sun, 24 Sep 2017 08:28:12 +0200
> Subject: [PATCH] ARM: dts: exynos: Use dwc3 quirk for USB3 and LAN on Odroid
>  XU4
>
> First proposed in https://lkml.org/lkml/2015/3/18/400 and discussed
> again in https://lkml.org/lkml/2017/1/24/402.
> ---
>  arch/arm/boot/dts/exynos5422-odroidxu4.dts | 5 +
>  1 file changed, 5 insertions(+)
>
> diff --git a/arch/arm/boot/dts/exynos5422-odroidxu4.dts 
> b/arch/arm/boot/dts/exynos5422-odroidxu4.dts
> index 2faf88627a48..3861f74b2ecc 100644
> --- a/arch/arm/boot/dts/exynos5422-odroidxu4.dts
> +++ b/arch/arm/boot/dts/exynos5422-odroidxu4.dts
> @@ -43,6 +43,11 @@
>   status = "okay";
>  };
>  
> +_dwc3_0 {
> + snps,dis_u3_susphy_quirk;
> +};
> +
>  _dwc3_1 {
>   dr_mode = "host";
> + snps,dis_u3_susphy_quirk;
>  };
> -- 
> 2.14.1


signature.asc
Description: PGP signature

Bug#868082: linux-image-4.11.0-1-686: fails to boot on i386 (Soekris net5501)

[Francesco Poli]

On Sat, 26 Aug 2017 13:02:18 +0200 Francesco Poli wrote:

Control: found -1 linux/4.12.13-1

> 
> On Mon, 17 Jul 2017 09:59:38 +0200 Francesco Poli wrote:
[...]
> Hello again,
> I tested the new kernel version that has recently migrated to Debian
> testing.
> 
> Unfortunately, I get the same exact boot failure.
> 
> And no useful output on the serial console, even with
> 'earlyprintk=ttyS0' and without 'quiet':
> 
> Booting a command list
> 
>   Loading Linux 4.12.0-1-686 ...
>   Loading initial ramdisk ...
> 
> and then nothing else.

Another kernel version has just migrated to Debian testing.
Another boot failure with no useful output on the serial console, even
with 'earlyprintk=ttyS0' and without 'quiet':

Booting a command list

  Loading Linux 4.12.0-2-686 ...
  Loading initial ramdisk ...

and nothing else.

Is there anything that can be done in order to pinpoint the issue and
solve it once and for all?!?

Please let me know, thanks for your time.


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpfTBveXa5e0.pgp
Description: PGP signature

Bug#876629: stretch-pu: package db5.3/5.3.28-12+deb9u1

[Jonathan Wiltshire]

On Sun, Sep 24, 2017 at 06:27:24PM +0200, Salvatore Bonaccorso wrote:
> On Sun, Sep 24, 2017 at 02:52:03PM +0100, Jonathan Wiltshire wrote:
> > > and have it
> > > for a short time exposed as well via proposed-updates (once, and if
> > > accepted).
> > 
> > On that part I'm not so sure. If it's that urgent, why not a DSA?
> > 
> > The point release has been set for 7th October so it's not that far away.
> 
> Hmm, not sure if I then miss-explained. It's not a mather of urgency
> We decided to rather have it included via a point release, and still
> having it exposed for some testing via the stable-proposed-updates
> queues, for those having it activated and doing pre-testing before the
> point release.

Ah, fine. I was afraid you meant stable-updates (my confusion, sorry).

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#872375: lirc: irrecord segfaults when recording a button

[Alec Leamas]

On 24/09/17 16:12, Francois Gouget wrote:


Now as to why I have driver=devinput in lirc_options.conf, it's because
it's the only way I found to get my remote to work. Setting
driver=default driver does not work and if I only provide
devinput.lircd.conf and no Hauppauge_PVR350.conf file then it does not
work either.


I think you really need to take a step back here. The way you use lirc does
not match the official guidelines in [1], which you probably need to check.


Right. The default configuration and the official guidelines don't work.

* I used the devinput.lircd.conf provided by the package, together with
   driver = devinput and my remote wouldn't work.


The default configuration is, well, the default one. It's not guaranteed 
to work, but do work in a lot of cases (i. e., when the remote is 
supported by the kernel). Your statement that the official guidelines 
doesn't work needs a citation, so to speak.


I note that you seemingly havn't used mode2 (?) This is the tool to 
determine what kind of data the kernel makes available to lirc which in 
the end determines what driver to use. This is described in the 
configuration guide.




* I ran lirc-make-devinput as recommended by irrecord to generate a new
   devinput.lircd.conf file, still using driver=devinput, and the remote
   still wouldn't work.

* Seconds after I regenerated the devinput.lircd.conf with
   lirc-make-devinput, lircd complained that it is outdated:

Sep 24 01:33:47 habsheim lircd[1039]: lircd-0.10.0[1039]: Warning: Obsolete 
devinput config file used
Sep 24 01:33:47 habsheim lircd[1039]: lircd-0.10.0[1039]: Notice: Use the 
distributed devinput.lircd.dist by renaming it.
Sep 24 01:33:47 habsheim lircd[1039]: lircd-0.10.0[1039]: Notice: Or use irdb-get to 
search for "devinput" and download it.


These messages are actually misleading. I will look into this. That 
said, they are not blocking.



* With both versions of the devinput.lircd.conf lircd complained that
   all buttons were duplicated, which makes sense since they appear in
   both the devinput-32 and devinput-64 remotes.


Yes, but these are just "notice" messages. They can be ignored in this case.

* Now I finally got the remote to work with the default driver (i.e. not
   devinput (despite it being the default driver)) 


Happy to hear that it works for you!


but I had to recreate
   the remote configuration file from scratch as the one I used with lirc
   0.9.4c wouldn't work. The official guidelines don't talk about that
   incompatibility either.


Actually, there shouldn't be anything incompatible between 0.9.4c and 
0.10.0. This seems strange...



* Oh, and for the remote configuration files comment lines must have a
   '#' in the first column. Put spaces before and the configuration file
   breaks. If that's documented somewhere then I did not find where.


It's in the lircd.conf(4) manpage...


So crashes in irrecord? No one will notice that bit of brittleness.


I definitely agree that the crash is a bug. If I could reproduce it (or 
get a proper stacktrace) we might make a try to fix it. At least, we 
could augment the message with the fact that irrecord might crash. 
However, besides this the state of this bug is basically "wontfix".


--alec

Bug#876664: veusz FTBFS: test failure

[Aurelien Jarno]

On 2017-09-24 19:20, Adrian Bunk wrote:
> Source: veusz
> Version: 1.21.1-1.2
> Severity: serious
> 
> https://buildd.debian.org/status/package.php?p=veusz=sid
> 
> ...
>debian/rules override_dh_auto_test
> make[1]: Entering directory '/<>'
> set -e -x;\
> for py in 2.7; do \
>   LC_ALL=C \
>   PYTHONPATH=$(ls -d /<>/build/lib.*-$py) \
>   VEUSZ_RESOURCE_DIR=. \
>   xvfb-run -a \
>   --server-args "-screen 0 640x480x24" \
>   python$py tests/runselftest.py ;\
>   LC_ALL=C \
>   PYTHONPATH=$(ls -d /<>/build/lib.*-$py-pydebug 2>/dev/null 
> || ls -d /<>/lib.*$py-pydebug) \
>   VEUSZ_RESOURCE_DIR=. \
>   xvfb-run -a \
>   --server-args "-screen 0 640x480x24" \
>   python$py-dbg tests/runselftest.py ;\
> done
> + ls -d /<>/build/lib.linux-x86_64-2.7
> + LC_ALL=C PYTHONPATH=/<>/build/lib.linux-x86_64-2.7 
> VEUSZ_RESOURCE_DIR=. xvfb-run -a --server-args -screen 0 640x480x24 python2.7 
> tests/runselftest.py
> /usr/lib/python2.7/dist-packages/astropy/config/configuration.py:541: 
> ConfigurationMissingWarning: Configuration defaults will be used due to 
> OSError:2 on None
>   warn(ConfigurationMissingWarning(msg))
> Testing output
> 2d_irregular.vsz
>  PASS
> axis_function.vsz
>  PASS
> axis_function_linked.vsz
>  PASS
> bar_labels.vsz
> Traceback (most recent call last):
>   File "tests/runselftest.py", line 292, in 
> test_unlink=options.test_unlink)
>   File "tests/runselftest.py", line 222, in runTests
> test_unlink=test_unlink)
>   File "tests/runselftest.py", line 157, in renderVszTest
> ifc.Export(outfile)
>   File 
> "/<>/build/lib.linux-x86_64-2.7/veusz/document/commandinterface.py",
>  line 717, in Export
> e.export()
>   File 
> "/<>/build/lib.linux-x86_64-2.7/veusz/document/export.py", line 
> 112, in export
> self.exportSelfTest()
>   File 
> "/<>/build/lib.linux-x86_64-2.7/veusz/document/export.py", line 
> 271, in exportSelfTest
> self.renderPage(size, (dpi,dpi), painter)
>   File 
> "/<>/build/lib.linux-x86_64-2.7/veusz/document/export.py", line 
> 131, in renderPage
> self.doc.paintTo(helper, self.pagenumber)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/document/doc.py", 
> line 432, in paintTo
> self.basewidget.draw(painthelper, page)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/root.py", 
> line 123, in draw
> page.draw( posn, painthelper )
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/page.py", 
> line 366, in draw
> parentposn)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/widget.py", 
> line 309, in draw
> c.draw(bounds, painthelper, outerbounds=outerbounds)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/grid.py", 
> line 415, in draw
> self._drawChild(phelper, child, bounds, parentposn)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/grid.py", 
> line 376, in _drawChild
> child.draw(newbounds, phelper, outerbounds=coutbound)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/graph.py", 
> line 284, in draw
> c.draw(bounds, painthelper, outerbounds=outerbounds)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/axis.py", 
> line 1075, in draw
> self._axisDraw(posn, parentposn, outerbounds, painter, phelper)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/axis.py", 
> line 1140, in _axisDraw
> outerbounds, self.majortickscalc, texttorender)
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/axis.py", 
> line 823, in _drawTickLabels
> for parlposn, text in ticklabels:
>   File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/axis.py", 
> line 753, in generateLabelLabels
> if None not in (labels, coords):
> ValueError: The truth value of an array with more than one element is 
> ambiguous. Use a.any() or a.all()
> QPainter::end: Painter ended with 2 saved states
> debian/rules:40: recipe for target 'override_dh_auto_test' failed
> make[1]: *** [override_dh_auto_test] Error 1

This failure is due to the recent upload of numpy 1.13.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#865628: Please add information about this incompatibility to the installation/upgrading guide

[Jurij Smakov]

Hello,

I hit this issue as well after upgrading to Stretch, and I don't consider
mentioning such a major incompatibility in the bug only to be appropriate.
I have actually read the relevant parts of the upgrading guide,

https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html
https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html

but it did not mention anything about iscsitarget being deprecated, so the
resulting service interruption came as a surprise.

At a minimum, please make sure that this deprecation information is added
to the documentation above, to prevent others from hitting the same issue
unexpectedly.

Thanks.
-- 
Jurij Smakov | ju...@wooyd.org | Key ID: 43C30A7D

Bug#876587: gnutls28 FTBFS with gtk-doc-tools 1.26: gtkdoc-mktmpl is no longer available

[Andreas Metzler]

Control: forwarded -1 
https://lists.gnupg.org/pipermail/gnutls-devel/2017-September/008508.html
Control: tags -1 pending
Control: block -1 by 875975

On 2017-09-23 Adrian Bunk  wrote:
> Source: gnutls28
> Version: 3.5.15-2
> Severity: serious

> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/gnutls28.html

> ...
> Making all in reference
> make[6]: Entering directory '/build/1st/gnutls28-3.5.15/doc/reference'
>   DOC   Scanning header files
>   DOC   Rebuilding template files
> /bin/bash: gtkdoc-mktmpl: command not found
> Makefile:1671: recipe for target 'tmpl-build.stamp' failed
> make[6]: *** [tmpl-build.stamp] Error 127

Also fixed in GIT (experimental, but patch should work unmodified for
3.5).

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#876673: catdoc FTBFS on several architectures: undefined reference to `rint'

[Adrian Bunk]

Source: catdoc
Version: 1:0.95-4
Severity: serious

https://buildd.debian.org/status/package.php?p=catdoc=sid

...
gcc -o xls2csv xls2csv.o sheet.o xlsparse.o charsets.o substmap.o fileutil.o 
confutil.o numutils.o ole.o  -Wl,-z,relro
xlsparse.o: In function `float2date':
./src/xlsparse.c:763: undefined reference to `rint'
./src/xlsparse.c:763: undefined reference to `rint'
collect2: error: ld returned 1 exit status
Makefile:80: recipe for target 'xls2csv' failed
make[2]: *** [xls2csv] Error 1


Removing the -lm from the xls2csv linking caused this bug.

Bug#843448: linux-image-4.8.0-1-armmp-lpae: fails to boot on Odroid-Xu4 with rootfs on USB

[Ben Hutchings]

On Sun, 2017-09-24 at 09:52 +0200, Jochen Sprickerhof wrote:
> Hi,
> 
> Finally I had the time and hardware available to look into this again 
> and found a better way to fix it. Applying the attached patch results in 
> a new exynos5422-odroidxu4.dtb that could simply be copied to /boot/dtbs/*/
> I've tested this with the current kernel in sid (linux-image-4.12.0-2-armmp)
> as well as stretch (linux-image-4.9.0-3-armmp). More tests welcome.
> 
> @Ben: This seems unintrusive enough to be included in the next stretch 
> point release, what do you think?

I'm not applying this until it's accepted upstream.

Ben.

-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered an
expert.



signature.asc
Description: This is a digitally signed message part

Bug#876657: device-tree-compiler: Please make the build more reproducible

[Vagrant Cascadian]

Package: device-tree-compiler
Version: 1.4.2-1
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Thanks for maintaining device-tree-compiler!

While working on the Reproducible Builds effort [0], we noticed that
device-tree-compiler could not be built reproducibly. This is because it
includes the timestamp in the generated documentation.

 [0] https://reproducible-builds.org/


The following patch sets a variable that causes texlive to respect
SOURCE_DATE_EPOCH when generating documentation.

diff --git a/debian/rules b/debian/rules
index c852d3c..e3d56eb 100755
--- a/debian/rules
+++ b/debian/rules
@@ -10,6 +10,10 @@
 
 export CFLAGS = -Wall -g -fPIC
 
+# reproducible builds: Insist that documents generated with texlive
+# use SOURCE_DATE_EPOCH for timestamps.
+export FORCE_SOURCE_DATE=1
+
 include /usr/share/dpkg/architecture.mk
 ifeq ($(origin CC),default)
 export CC = $(DEB_HOST_GNU_TYPE)-gcc


This doesn't fully address reproducibility issues with
device-tree-compiler, as it is still influenced by build-path
variations, but build-path is not currently varied when testing buster.


live well,
  vagrant


signature.asc
Description: PGP signature

Bug#876659: ledger: CVE-2017-2808: Ledger CLI Account Directive Use-After-Free Vulnerability

[Salvatore Bonaccorso]

Source: ledger
Version: 3.1.2~pre1+g3a00e1c+dfsg1-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for ledger.

CVE-2017-2808[0]:
| An exploitable use-after-free vulnerability exists in the account
| parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger
| file can cause a use-after-free vulnerability resulting in arbitrary
| code execution. An attacker can convince a user to load a journal file
| to trigger this vulnerability.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2808
[1] https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#876661: git: `git add -N` confuses the rename detector

[Andrea Stacchiotti]

Package: git
Version: 1:2.14.1+next.20170914-1
Severity: minor

Dear Maintainer,

renaming a tracked file and then running `git add -N newname` seems to confuse
the
rename detection code, so that a subsequent `git status` displays a puzzling:

```
Changes not staged for commit:
  (use "git add ..." to update what will be committed)
  (use "git checkout -- ..." to discard changes in working directory)

renamed:oldname -> oldname
```

Everything works correctly if instead `git add newname` is used.

This might be a "feature" of the -N switch, but I was very confused by the faux
rename.

I attach a script that exhibits the problem, and its output on my system:

```
git init testrepo
Initialized empty Git repository in /tmp/testrepo/.git/
cd testrepo
touch orig
git add orig
git config user.name A
git config user.email B
git commit -m'orig'
[master (root-commit) 8c8431f] orig
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 orig

# Here it is
mv orig new
git add -N new
git status
Sul branch master
Changes not staged for commit:
  (use "git add ..." to update what will be committed)
  (use "git checkout -- ..." to discard changes in working directory)

renamed:orig -> orig

no changes added to commit (use "git add" and/or "git commit -a")

# Cleanup
cd ..
rm -rf testrepo
```



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), 
LANGUAGE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages git depends on:
ii  git-man  1:2.14.1+next.20170914-1
ii  libc62.24-17
ii  libcurl3-gnutls  7.55.1-1
ii  liberror-perl0.17024-1
ii  libexpat12.2.3-1
ii  libpcre2-8-0 10.22-3
ii  perl 5.26.0-8
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages git recommends:
ii  less 481-2.1
ii  openssh-client [ssh-client]  1:7.5p1-10
ii  patch2.7.5-1+b2

Versions of packages git suggests:
ii  gettext-base  0.19.8.1-4
pn  git-cvs   
pn  git-daemon-run | git-daemon-sysvinit  
pn  git-doc   
pn  git-el
pn  git-email 
pn  git-gui   
pn  git-mediawiki 
pn  git-svn   
ii  gitk  1:2.14.1+next.20170914-1
pn  gitweb

-- no debconf information
#!/bin/bash
set -ev

git init testrepo
cd testrepo
touch orig
git add orig
git config user.name A
git config user.email B
git commit -m'orig'

# Here it is
mv orig new
git add -N new
git status

# Cleanup
cd ..
rm -rf testrepo

Bug#863174: device-tree-compiler: Missing support for DT overlays

[Vagrant Cascadian]

On 2017-05-22, Sebastian Reichel wrote:
> Please update to a newer release, that supports DT overlays (Debian
> package does not support them, git master supports them). Simple
> testcase:

I have a git repository with device-tree-compiler updated to 1.4.4, as
well as numerous packaging updates:

  https://anonscm.debian.org/git/users/vagrant/device-tree-compiler.git/

It might take an hour or so for the repository to sync to the web
interface, although it was availalble directly using git.


live well,
  vagrant


signature.asc
Description: PGP signature

Bug#872652: Problems building package

[Ghislain Vaillant]

On 24/09/17 11:19, Andreas Tille wrote:

On Sun, Sep 24, 2017 at 08:39:02AM +0100, Ghislain Vaillant wrote:


Are you sure your cowbuilder setup is ok? This is usually not a good sign:


BTW, the issue happens inside the clean target which is run *before*
chrooting into cowbuilder chroot.


I have pushed a new version which gets rid of this side effect. Could 
you try again with the latest tip of the master branch?


Ghis

Bug#876670: O: polygen -- generator of random sentences from grammar definitions

[Salvo Tomaselli]

Package: wnpp
Severity: normal

I intend to orphan the polygen package.

It is written in OCaml and I really don't have the knowledge to write patches
and generally make it work.

I had adopted it because I use it, but maintaining it is not my thing really.

The package description is:
 PolyGen is a program for generating random sentences according to a grammar
 definition, that is following custom syntactical and lexical rules.
 .
 Formally, it is an interpreter of a language itself designed to define
 languages, where to interpret means executing a source program in real time
 and eventually outputting its result.
 .
 Here a source program is a grammar definition, the execution consists in the
 exploration of such grammar by selecting a random path and the result is the
 sentence built on the way.
 .
 Though PolyGen is quite a serious piece of software then, what else would be
 more noble for it than being used as a parody tool for linguistical habits,
 stereotypes and trends of this foolish era?
 .
 Principles of parody are focusing a ridiculous topic and eventually
 abstracting its rules and schemes (here in terms of a grammar definition) by
 which reproducing it through the variatio device.  And randomization is
 perfect at this purpose thanks to its purely asemantic behaviour =:)
 PolyGen is a program for generating random sentences according to a grammar
 definition, that is following custom syntactical and lexical rules.
 .
 Formally, it is an interpreter of a language itself designed to define
 languages, where to interpret means executing a source program in real time
 and eventually outputting its result.
 .
 Here a source program is a grammar definition, the execution consists in the
 exploration of such grammar by selecting a random path and the result is the
 sentence built on the way.
 .
 Though PolyGen is quite a serious piece of software then, what else would be
 more noble for it than being used as a parody tool for linguistical habits,
 stereotypes and trends of this foolish era?
 .
 Principles of parody are focusing a ridiculous topic and eventually
 abstracting its rules and schemes (here in terms of a grammar definition) by
 which reproducing it through the variatio device.  And randomization is
 perfect at this purpose thanks to its purely asemantic behaviour =:)

Bug#876667: RFS: pragha/1.3.3-1

[Lukas Schwaighofer]

Hi Gabriel,

thanks for improving upon our suggestions.

On Sun, 24 Sep 2017 15:15:41 -0300
"Gabriel F. T. Gomes"  wrote:
> Lukas,
> In that same message [1], you suggested the use of a version control
> system, but I don't know where to make it public (I know that alioth
> is being discontinued, so I'm a bit lost with this).

I hope someone here will have a suggestion where your repository can
live.

> I think I solved all other problems you pointed out.

Looks like it.  I just took another look and saw a few more minor
things:

* The upstream tarball you uploaded to mentors is not exactly the same
  one as on github:

$ cmp pragha-1.3.3.tar.gz pragha_1.3.3.orig.tar.gz 
pragha-1.3.3.tar.gz pragha_1.3.3.orig.tar.gz differ: byte 5, line 1

  If you use git and git-buildpackage, make sure to use the
  "pristine-tar" feature.  When using this, a small delta file will be
  added to a special pristine-tar branch.  This allows to reconstruct
  the original tarball exactly as it was.

* In the debian/watch file you should replace "" with
  "pragha" (it also works as is, but then the downloaded tarball is
  called "-1.3.3.tar.gz" before the symlink is created).

* in debian/patches/fix-appstream-errors.patch:
  - referencing the ITP bug here does not make sense; you should only
use "Bug-Debian" if there is a bug in the Debian BTS that is
related to the patch (for example, if someone reported in the
Debian BTS that the appstream xml data is wrong)
  - Instead here you should record the URL of your pull request:

  Bug: https://github.com/pragha-music-player/pragha/pull/125


> Last but not least, I sent this message to debian-mentors (the right
> place to ask question, right?).  Please let me know if I got this
> wrong.

I think you got everything right.  The debian-mentors list will
automatically receive messages sent to the RFS bug, so there is no need
to explicitly CC it (but it doesn't hurt either).

I'm not a Debian Developer so I cannot sponsor your upload.  I hope you
find a sponsor soon!

Regards
Lukas

Bug#876677: binutils: broken TARGET= builds trying to remove /usr/share/man

[Helmut Grohne]

Source: binutils
Version: 2.29.1-3
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

Hi Matthias,

Thank you for reinstating TARGET= support in the -3 upload.

Unfortunately, you removed two lines too much. The assignments of
p_cross and d_cross are now missing. The respective variables default to
empty and that causes the TARGET= build to try to remove /usr/share/man.

The attached patch reinstates those two variables. After applying it,
TARGET= builds work again.

Helmut
diff --minimal -Nru binutils-2.29.1/debian/changelog 
binutils-2.29.1/debian/changelog
--- binutils-2.29.1/debian/changelog2017-09-23 14:00:50.0 +0200
+++ binutils-2.29.1/debian/changelog2017-09-24 21:25:37.0 +0200
@@ -1,3 +1,10 @@
+binutils (2.29.1-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix TARGET= builds. (Closes: #-1)
+
+ -- Helmut Grohne   Sun, 24 Sep 2017 21:25:37 +0200
+
 binutils (2.29.1-3) unstable; urgency=medium
 
   * Update, taken from the 2.29 branch 20170923.
diff --minimal -Nru binutils-2.29.1/debian/rules binutils-2.29.1/debian/rules
--- binutils-2.29.1/debian/rules2017-09-23 14:00:50.0 +0200
+++ binutils-2.29.1/debian/rules2017-09-24 21:25:37.0 +0200
@@ -54,6 +54,8 @@
 p_hst = $(p_bin)-for-host
 p_bld = $(p_bin)-for-build
 
+p_cross = $(p_bin)-$(subst _,-,$(TARGET))
+
 # version used for p_bld/p_hst dependencies
 min_ver = 2.29-6
 
@@ -87,6 +89,8 @@
 d_hst = debian/$(p_hst)
 d_bld = debian/$(p_bld)
 
+d_cross = debian/$(p_cross)
+
 install_dir= install -d -m 755
 install_file   = install -m 644
 install_script = install -m 755

Bug#876676: opencsg: missing build dependency on rename

[Adrian Bunk]

Source: opencsg
Version: 1.4.0-1
Severity: serious
Tags: buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/opencsg.html

...
make[1]: Entering directory '/build/1st/opencsg-1.4.0'
# upstream ships Makefiles that get cleaned in `make distclean`;
# protect them to restore the original package.
[ -e Makefile.orig ] || rename 's/Makefile/Makefile.orig/' Makefile 
src/Makefile example/Makefile
/bin/sh: 1: rename: not found
debian/rules:14: recipe for target 'makefiles-to-safety' failed
make[1]: *** [makefiles-to-safety] Error 127
make[1]: Leaving directory '/build/1st/opencsg-1.4.0'
debian/rules:11: recipe for target 'clean' failed
make: *** [clean] Error 2

Bug#876678: goffice FTBFS with gtk-doc-tools 1.26: gtkdoc-scangobj: error: unrecognized arguments: --nogtkinit

[Adrian Bunk]

Source: goffice
Version: 0.10.32-1.1
Severity: serious
Tags: buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/goffice.html

...
touch setup-build.stamp
/bin/mkdir -p xml && ( \
echo ""; \
echo "http://bugzilla.gnome.org/enter_bug.cgi?product=libgoffice\;>"; \
echo ""; \
echo ""; \
echo ""; \
echo ""; \
echo ""; \
) > xml/gtkdocentities.ent
_source_dir='' ; \
for i in ../../goffice ; do \
_source_dir="${_source_dir} --source-dir=$i" ; \
done ; \
gtkdoc-scan --module=goffice-0.10 --ignore-headers="goffice-priv.h 
goffice-config.h goffice-features.h goffice-paths.h goffice-debug.h 
io-context-priv.h go-app.h go-object.h go-service.h go-service-impl.h 
gog-equation.h" ${_source_dir} --deprecated-guards="GOFFICE_DISABLE_DEPRECATED" 
--rebuild-types 
if grep -l '^..*$' goffice-0.10.types > /dev/null 2>&1 ; then \
scanobj_options=""; \
gtkdoc-scangobj 2>&1 --help | grep  >/dev/null "\-\-verbose"; \
if test "$?" = "0"; then \
if test "x" = "x1"; then \
scanobj_options="--verbose"; \
fi; \
fi; \
CC="/bin/bash ../../libtool --tag=CC --mode=compile x86_64-linux-gnu-gcc  
-I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include  
-Wdate-time -D_FORTIFY_SOURCE=2  -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security -Wall -g -Wall -Werror=init-self 
-Werror=missing-include-dirs -Wsign-compare -Werror=pointer-arith 
-Wchar-subscripts -Wwrite-strings -Wdeclaration-after-statement 
-Wnested-externs -Wmissing-noreturn -Werror=missing-prototypes 
-Werror=implicit-function-declaration -Wmissing-declarations -Wno-pointer-sign 
-Werror=format-security -Wstrict-prototypes -Wno-error=format-nonliteral" 
LD="/bin/bash ../../libtool --tag=CC --mode=link x86_64-linux-gnu-gcc 
-lgobject-2.0 -lglib-2.0  -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security -Wall -g -Wall -Werror=init-self 
-Werror=missing-include-dirs -Wsign-compare -Werror=pointer-arith 
-Wchar-subscripts -Wwrite-strings -Wdeclaration-after-statement 
-Wnested-externs -Wmissing-noreturn -Werror=missi
 ng-prototypes -Werror=implicit-function-declaration -Wmissing-declarations 
-Wno-pointer-sign -Werror=format-security -Wstrict-prototypes 
-Wno-error=format-nonliteral  -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,-O1 
-Wl,--as-needed -L/usr/X11R6/lib" RUN="/bin/bash ../../libtool --mode=execute" 
CFLAGS="-I../.. -I../.. -pthread -I/usr/include/libgsf-1 
-I/usr/include/librsvg-2.0 -I/usr/include/libxml2 -I/usr/include/gtk-3.0 
-I/usr/include/at-spi2-atk/2.0 -I/usr/include/at-spi-2.0 
-I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include 
-I/usr/include/gtk-3.0 -I/usr/include/gio-unix-2.0/ -I/usr/include/cairo 
-I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 
-I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pixman-1 
-I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/gdk-pixbuf-2.0 
-I/usr/include/libpng16 -I/usr/include/glib-2.0 
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include -g -O2 -fstack-protector-strong 
-Wformat -Werror=format-security
  -Wall -g -Wall -Werror=init-self -Werror=missing-include-dirs -Wsign-compare 
-Werror=pointer-arith -Wchar-subscripts -Wwrite-strings 
-Wdeclaration-after-statement -Wnested-externs -Wmissing-noreturn 
-Werror=missing-prototypes -Werror=implicit-function-declaration 
-Wmissing-declarations -Wno-pointer-sign -Werror=format-security 
-Wstrict-prototypes -Wno-error=format-nonliteral" 
LDFLAGS="../../goffice/libgoffice-0.10.la -Wl,--export-dynamic -lgmodule-2.0 
-pthread -lgsf-1 -lrsvg-2 -lm -lxslt -lxml2 -lgtk-3 -lgdk-3 -lpangocairo-1.0 
-lpango-1.0 -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 
-lgobject-2.0 -lglib-2.0 -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,-O1 
-Wl,--as-needed -L/usr/X11R6/lib" \
gtkdoc-scangobj --nogtkinit --type-init-func="g_type_init ()" 
$scanobj_options --module=goffice-0.10; \
else \
for i in goffice-0.10.args goffice-0.10.hierarchy goffice-0.10.interfaces 
goffice-0.10.prerequisites goffice-0.10.signals ; do \
test -f $i || touch $i ; \
done \
fi
usage: gtkdoc-scangobj [-h] [--version] --module MODULE [--types TYPES]
   [--type-init-func TYPE_INIT_FUNC]
   [--query-child-properties QUERY_CHILD_PROPERTIES]
   [--output-dir OUTPUT_DIR] [--cc CC] [--ld LD]
   [--cflags CFLAGS] [--ldflags LDFLAGS] [--run RUN]
   [--verbose]
gtkdoc-scangobj: error: unrecognized arguments: --nogtkinit
Makefile:670: recipe for target 'scan-build.stamp' failed
make[3]: *** [scan-build.stamp] Error 2

Bug#875688: Existing reports won't run

[John Talbut]

Same problem here, I think.

I open a .odb file.  I go to reports and select a report.  I right click
on it and select "Open" or "Edit".  In each case I get the message:

The document "*" could not be opened.
The report, "*", requires the Oracle Report Builder feature.

Further, in More details it states:

The extension is not installed.

libreoffice-report-builder (1:5.4.1-1) is, in fact, installed.

Bug#876682: libsndfile: CVE-2017-14245, CVE-2017-14246

[Markus Koschany]

Package: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for libsndfile.

CVE-2017-14245[0]:
| An out of bounds read in the function d2alaw_array() in alaw.c of
| libsndfile 1.0.28 may lead to a remote DoS attack or information
| disclosure, related to mishandling of the NAN and INFINITY
| floating-point values.

CVE-2017-14246[1]:
| An out of bounds read in the function d2ulaw_array() in ulaw.c of
| libsndfile 1.0.28 may lead to a remote DoS attack or information
| disclosure, related to mishandling of the NAN and INFINITY
| floating-point values.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14245
[1] https://security-tracker.debian.org/tracker/CVE-2017-14246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14246

Please adjust the affected versions in the BTS as needed.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#876685: mssh FTBFS with libvte-2.91-dev 0.50.0-1

[Adrian Bunk]

Source: mssh
Version: 2.2-2
Severity: serious
Tags: buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/mssh.html

...
mssh-terminal.c: In function 'mssh_terminal_start_session':
mssh-terminal.c:70:5: error: 'vte_terminal_spawn_sync' is deprecated 
[-Werror=deprecated-declarations]
 vte_terminal_spawn_sync(VTE_TERMINAL(terminal),
 ^~~
compilation terminated due to -Wfatal-errors.
cc1: all warnings being treated as errors
Makefile:378: recipe for target 'mssh-terminal.o' failed
make[3]: *** [mssh-terminal.o] Error 1

Bug#876215: linux-base: typo in linux-update-symlinks.1

[Ben Hutchings]

Control: tag -1 pending

On Tue, 2017-09-19 at 20:45 +0200, Sven Joachim wrote:
> Package: linux-base
> Version: 4.5
> Tags: patch
> 
> I wanted to get rid of the /vmlinuz and /initrd symlinks.  It took me a
> while to find out that they are managed by linux-update-symlinks, and
> then a trivial but crucial typo in the manpage did cost me even more
> time to figure out that the parameter I needed to set is called
> do_symlinks rather than no_symlinks.  Patch attached.

Right!  This is really a thinko, not a typo - we used to support a
'no_symlinks' setting which would result in file copies rather than
symlinks.  Thanks for the patch.

Ben.

-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered an
expert.



signature.asc
Description: This is a digitally signed message part

Bug#876684: libgsf FTBFS with gtk-doc-tools 1.26: gtkdoc-scangobj: error: unrecognized arguments: --nogtkinit

[Adrian Bunk]

Source: libgsf
Version: 1.14.41-1
Severity: serious
Tags: buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libgsf.html

...
gtkdoc-scan --module=gsf --ignore-headers="biff-types.h gsf-infile-msvba.h" 
${_source_dir} --deprecated-guards="GSF_DISABLE_DEPRECATED" 
if grep -l '^..*$' gsf.types > /dev/null 2>&1 ; then \
scanobj_options=""; \
gtkdoc-scangobj 2>&1 --help | grep  >/dev/null "\-\-verbose"; \
if test "$?" = "0"; then \
if test "x" = "x1"; then \
scanobj_options="--verbose"; \
fi; \
fi; \
CC="/bin/bash ../libtool --tag=CC --mode=compile gcc  
-I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include  
-Wdate-time -D_FORTIFY_SOURCE=2  -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security -Wall -Werror=init-self -Werror=missing-include-dirs 
-Wsign-compare -Werror=pointer-arith -Wchar-subscripts -Wwrite-strings 
-Wdeclaration-after-statement -Wnested-externs -Wmissing-noreturn 
-Werror=missing-prototypes -Werror=nested-externs 
-Werror=implicit-function-declaration -Wmissing-declarations -Wno-pointer-sign 
-Werror=format-security -Wstrict-prototypes -Wno-error=format-nonliteral" 
LD="/bin/bash ../libtool --tag=CC --mode=link gcc -lgobject-2.0 -lglib-2.0  -g 
-O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall 
-Werror=init-self -Werror=missing-include-dirs -Wsign-compare 
-Werror=pointer-arith -Wchar-subscripts -Wwrite-strings 
-Wdeclaration-after-statement -Wnested-externs -Wmissing-noreturn 
-Werror=missing-prototypes -Werror=nested-extern
 s -Werror=implicit-function-declaration -Wmissing-declarations 
-Wno-pointer-sign -Werror=format-security -Wstrict-prototypes 
-Wno-error=format-nonliteral  -no-undefined -Wl,-z,relro -Wl,-z,defs  -Wl,-O1  
-Wl,--as-needed" RUN="/bin/bash ../libtool --mode=execute" CFLAGS="-I.. 
-pthread -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include 
-I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security -Wall -Werror=init-self -Werror=missing-include-dirs 
-Wsign-compare -Werror=pointer-arith -Wchar-subscripts -Wwrite-strings 
-Wdeclaration-after-statement -Wnested-externs -Wmissing-noreturn 
-Werror=missing-prototypes -Werror=nested-externs 
-Werror=implicit-function-declaration -Wmissing-declarations -Wno-pointer-sign 
-Werror=format-security -Wstrict-prototypes -Wno-error=format-nonliteral" 
LDFLAGS="../gsf/libgsf-1.la -lgio-2.0 -lgobject-2.0 -lglib-2.0 -lxml2 
-no-undefined -Wl,-z,relro -Wl,-z,defs  -Wl,-O1  -Wl,--as-needed" \
gtkdoc-scangobj --nogtkinit --type-init-func="gsf_init ()"  
$scanobj_options --module=gsf; \
else \
for i in gsf.args gsf.hierarchy gsf.interfaces gsf.prerequisites 
gsf.signals ; do \
test -f $i || touch $i ; \
done \
fi
usage: gtkdoc-scangobj [-h] [--version] --module MODULE [--types TYPES]
   [--type-init-func TYPE_INIT_FUNC]
   [--query-child-properties QUERY_CHILD_PROPERTIES]
   [--output-dir OUTPUT_DIR] [--cc CC] [--ld LD]
   [--cflags CFLAGS] [--ldflags LDFLAGS] [--run RUN]
   [--verbose]
gtkdoc-scangobj: error: unrecognized arguments: --nogtkinit
Makefile:739: recipe for target 'scan-build.stamp' failed
make[4]: *** [scan-build.stamp] Error 2

Bug#876686: check-mk-config-icinga: file conflict with check-mk-common: /usr/share/check_mk/cmk/paths.py

[Andreas Beckmann]

Package: check-mk-config-icinga
Version: 1.4.0p9-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install
because it tries to overwrite other packages files.

  Selecting previously unselected package check-mk-config-icinga.
  Preparing to unpack .../check-mk-config-icinga_1.4.0p9-1_amd64.deb ...
  Unpacking check-mk-config-icinga (1.4.0p9-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/check-mk-config-icinga_1.4.0p9-1_amd64.deb (--unpack):
   trying to overwrite '/usr/share/check_mk/cmk/paths.py', which is also in 
package check-mk-common 1.4.0p9-1
  dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/check-mk-config-icinga_1.4.0p9-1_amd64.deb

cheers,

Andreas

Bug#876656: kicad: Bacport of version 4.0.8 to Jessie

[majkls]

Package: kicad
Version: 4.0.5+dfsg1-4~bpo8+1
Severity: wishlist

Dear Maintainer,

is there any chance on byckporting version 4.0.8 to debian Jessie?

Thanks,

Miloslav Semler

-- System Information:
Debian Release: 8.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kicad depends on:
ii  kicad-common4.0.5+dfsg1-4~bpo8+1
ii  libboost-context1.55.0  1.55.0+dfsg-3
ii  libboost-date-time1.55.01.55.0+dfsg-3
ii  libboost-filesystem1.55.0   1.55.0+dfsg-3
ii  libboost-iostreams1.55.01.55.0+dfsg-3
ii  libboost-locale1.55.0   1.55.0+dfsg-3
ii  libboost-program-options1.55.0  1.55.0+dfsg-3
ii  libboost-regex1.55.01.55.0+dfsg-3
ii  libboost-system1.55.0   1.55.0+dfsg-3
ii  libboost-thread1.55.0   1.55.0+dfsg-3
ii  libc6   2.19-18+deb8u10
ii  libcairo2   1.14.0-2.1+deb8u2
ii  libcurl3-gnutls 7.38.0-4+deb8u5
ii  libgcc1 1:4.9.2-10
ii  libgl1-mesa-glx [libgl1]10.3.2-1+deb8u1
ii  libglew1.10 1.10.0-3
ii  libglu1-mesa [libglu1]  9.0.0-2
ii  libgomp14.9.2-10
ii  libice6 2:1.0.9-1+b1
ii  libpython2.72.7.9-2+deb8u1
ii  libsm6  2:1.2.2-1+b1
ii  libstdc++6  4.9.2-10
ii  libwxbase3.0-0  3.0.2-1+b1
ii  libwxgtk3.0-0   3.0.2-1+b1
ii  libx11-62:1.6.2-3
ii  libxext62:1.3.3-1
ii  python  2.7.9-1
ii  python-wxgtk3.0 3.0.1.1+dfsg-2
pn  python:any  

Versions of packages kicad recommends:
ii  xsltproc  1.1.28-2+deb8u3

Versions of packages kicad suggests:
ii  extra-xdg-menus  1.0-4
pn  kicad-doc-ca | kicad-doc-de | kicad-doc-en | kicad-doc-es | kicad-d  

-- no debconf information

Bug#876664: veusz FTBFS: test failure

[Adrian Bunk]

Source: veusz
Version: 1.21.1-1.2
Severity: serious

https://buildd.debian.org/status/package.php?p=veusz=sid

...
   debian/rules override_dh_auto_test
make[1]: Entering directory '/<>'
set -e -x;\
for py in 2.7; do \
LC_ALL=C \
PYTHONPATH=$(ls -d /<>/build/lib.*-$py) \
VEUSZ_RESOURCE_DIR=. \
xvfb-run -a \
--server-args "-screen 0 640x480x24" \
python$py tests/runselftest.py ;\
LC_ALL=C \
PYTHONPATH=$(ls -d /<>/build/lib.*-$py-pydebug 2>/dev/null 
|| ls -d /<>/lib.*$py-pydebug) \
VEUSZ_RESOURCE_DIR=. \
xvfb-run -a \
--server-args "-screen 0 640x480x24" \
python$py-dbg tests/runselftest.py ;\
done
+ ls -d /<>/build/lib.linux-x86_64-2.7
+ LC_ALL=C PYTHONPATH=/<>/build/lib.linux-x86_64-2.7 
VEUSZ_RESOURCE_DIR=. xvfb-run -a --server-args -screen 0 640x480x24 python2.7 
tests/runselftest.py
/usr/lib/python2.7/dist-packages/astropy/config/configuration.py:541: 
ConfigurationMissingWarning: Configuration defaults will be used due to 
OSError:2 on None
  warn(ConfigurationMissingWarning(msg))
Testing output
2d_irregular.vsz
 PASS
axis_function.vsz
 PASS
axis_function_linked.vsz
 PASS
bar_labels.vsz
Traceback (most recent call last):
  File "tests/runselftest.py", line 292, in 
test_unlink=options.test_unlink)
  File "tests/runselftest.py", line 222, in runTests
test_unlink=test_unlink)
  File "tests/runselftest.py", line 157, in renderVszTest
ifc.Export(outfile)
  File 
"/<>/build/lib.linux-x86_64-2.7/veusz/document/commandinterface.py",
 line 717, in Export
e.export()
  File "/<>/build/lib.linux-x86_64-2.7/veusz/document/export.py", 
line 112, in export
self.exportSelfTest()
  File "/<>/build/lib.linux-x86_64-2.7/veusz/document/export.py", 
line 271, in exportSelfTest
self.renderPage(size, (dpi,dpi), painter)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/document/export.py", 
line 131, in renderPage
self.doc.paintTo(helper, self.pagenumber)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/document/doc.py", 
line 432, in paintTo
self.basewidget.draw(painthelper, page)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/root.py", 
line 123, in draw
page.draw( posn, painthelper )
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/page.py", 
line 366, in draw
parentposn)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/widget.py", 
line 309, in draw
c.draw(bounds, painthelper, outerbounds=outerbounds)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/grid.py", 
line 415, in draw
self._drawChild(phelper, child, bounds, parentposn)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/grid.py", 
line 376, in _drawChild
child.draw(newbounds, phelper, outerbounds=coutbound)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/graph.py", 
line 284, in draw
c.draw(bounds, painthelper, outerbounds=outerbounds)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/axis.py", 
line 1075, in draw
self._axisDraw(posn, parentposn, outerbounds, painter, phelper)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/axis.py", 
line 1140, in _axisDraw
outerbounds, self.majortickscalc, texttorender)
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/axis.py", 
line 823, in _drawTickLabels
for parlposn, text in ticklabels:
  File "/<>/build/lib.linux-x86_64-2.7/veusz/widgets/axis.py", 
line 753, in generateLabelLabels
if None not in (labels, coords):
ValueError: The truth value of an array with more than one element is 
ambiguous. Use a.any() or a.all()
QPainter::end: Painter ended with 2 saved states
debian/rules:40: recipe for target 'override_dh_auto_test' failed
make[1]: *** [override_dh_auto_test] Error 1

Bug#876668: postinst is inconsistent

[Guido Günther]

Package: kopano-webapp-apache2
Version: 3.3.1-1
Severity: normal

The postinst enables two apache modules (ssl and rewrite) but not
kopano-webapp itself. This is inconsistent. Either enable the whole site
or do nothing at all.
Cheers,
 -- Guido


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 
'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#876667: RFS: pragha/1.3.3-1

[Gabriel F. T. Gomes]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "pragha"

 * Package name: pragha
   Version : 1.3.3-1
   Upstream Author : Matias De lellis 
 * URL : https://pragha-music-player.github.io/
 * License : GPL-3+
   Section : sound

It builds those binary packages:

  pragha - Lightweight Music Player

To access further information about this package, please visit the following 
URL:

https://mentors.debian.net/package/pragha


Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/p/pragha/pragha_1.3.3-1.dsc


Regards,
Gabriel F. T. Gomes

Bug#876671: Upload fails with UnicodeEncodeError

[Nicholas D Steeves]

Package: dput
Version: 0.12.1
Severity: important
Control: fixed -1 dput/1.0.1-1

Hi,

Sometimes dput 0.12.1 fails to upload with the following error/traceback:

Traceback (most recent call last):
  File "/usr/bin/dput", line 11, in 
load_entry_point('dput==0.12.1', 'console_scripts', 'execute-dput')()
  File "/usr/share/dput/dput/dput.py", line 1012, in main
config, check_only, check_version, unsigned_upload, debug)
  File "/usr/share/dput/dput/dput.py", line 366, in verify_files
version_check(path, changes, debug)
  File "/usr/share/dput/dput/dput.py", line 670, in version_check
dpkg_fields = email.parser.HeaderParser().parsestr(dpkg_output)
  File "/usr/lib/python2.7/email/parser.py", line 91, in parsestr
return Parser.parsestr(self, text, True)
  File "/usr/lib/python2.7/email/parser.py", line 82, in parsestr
return self.parse(StringIO(text), headersonly=headersonly)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2019' in position 
492: ordinal not in range(128)

I just created a local backport of dput-1.0.1, and have confirmed that this bug 
is fixed in that version.  There is already a--perhaps 
unofficial--recommendation for developers on stable to use a backported 
lintian, so I think that this bug can be closed with an official backport with 
an additional--perhaps unofficial--recommendation to additionally use a 
backported dput.

Thank you,
Nicholas


-- System Information:
Debian Release: 9.1
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.88.20170921 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dput depends on:
ii  python2.7.13-2
ii  python-debian 0.1.30
ii  python-gpg1.8.0-3+b2
ii  python-pkg-resources  33.1.1-1

dput recommends no packages.

Versions of packages dput suggests:
ii  lintian 2.5.51~bpo9+1
pn  mini-dinstall   
ii  openssh-client  1:7.4p1-10+deb9u1
ii  rsync   3.1.2-1

-- Configuration Files:
/etc/dput.cf changed:
[mentors]
fqdn = mentors.debian.net
incoming = /upload
method = http
allow_unsigned_uploads = 0
progress_indicator = 2
allowed_distributions = .*
[backports]
fqdn= ftp.upload.debian.org
incoming= /pub/UploadQueue/
login   = anonymous
allow_unsigned_uploads  = 0
allow_dcut  = 1
check_version   = 1
method  = ftp
allowed_distributions   = jessie-backports
[experimental]
fqdn= ftp.upload.debian.org
incoming= /pub/UploadQueue/
login   = anonymous
allow_unsigned_uploads  = 0
allow_dcut  = 1
check_version   = 1
method  = ftp
allowed_distributions   = experimental
[unstable]
fqdn= ftp.upload.debian.org
incoming= /pub/UploadQueue/
login   = anonymous
allow_unsigned_uploads  = 0
allow_dcut  = 1
check_version   = 1
method  = ftp
allowed_distributions   = unstable


-- no debconf information

Bug#876679: RFH: pyrrd

[Elena ``of Valhalla'']

Package: wnpp
Severity: normal

pyrrd, a python interface for RRD, currently only supports python2
(#830790) and its upstream developement seems to have stopped quite some
years ago.

Since sooner or later python2 will be dropped from Debian, pyrrd will
follow, unless somebody cares about it enough to solve the situation,
probably by forking upstream and continuing developement.

Right now I'm not really using it, so I don't think I'm the right person
to start doing upstream work, altought I would be glad to continue
working on the packaging.

Currently in debian there is just one open (upstream) bug with an easy
workaround, so I don't think there is a pressing need for a premature
removal of this package, but I'd expect that it's better to start
forking upstream early instead of under a close deadline.

Bug#865001: Some analysis

[Dr. David Alan Gilbert]

I've done a little digging; firstly I think it's the same as:

   https://bugs.kde.org/show_bug.cgi?id=368494   (to which I commented
  although it's closed because it went away when the reporter updated
  their X server)
and
   https://bugzilla.redhat.com/show_bug.cgi?id=1477592
and possibly
   https://bugzilla.redhat.com/show_bug.cgi?id=1406752

I added a little debug to libkf5screen
#0  XRandRScreen::toKScreenScreen (this=0x559dd8b68980) at 
./backends/xrandr/xrandrscreen.cpp:68
screenResources = {d = 0x0}
kscreenScreen = {value = 0x559dd8b78a70, d = 0x559dd8b78b90}
#1  0x7fe0e9b18aba in XRandRConfig::toKScreenConfig (this=) 
at ./backends/xrandr/xrandrconfig.cpp:117
config = {value = 0x559dd8b7ea80, d = 0x559dd8b7eb30}
features = {i = 3}
kscreenOutputs = {d = 0x559dd8b74bb0}
#2  0x7fe0e9b14c14 in XRandR::config (this=) at 
./backends/xrandr/xrandr.cpp:205
No locals.
#3  0x559dd6d7fac6 in BackendDBusWrapper::setConfig (this=0x559dd8b69c10, 
configMap=...)
at ./src/backendlauncher/backenddbuswrapper.cpp:87
config = {value = 0x559dd8b778c0, d = 0x559dd8b77be0}
obj = {d = 0x559dd8b7ea80, o = 0x559dd8b7eb30}
#4  0x559dd6d815ef in BackendAdaptor::setConfig (in0=..., this=)
at ./obj-x86_64-linux-gnu/src/backendlauncher/backendadaptor.cpp:51
No locals.

and:
KScreen::ScreenPtr XRandRScreen::toKScreenScreen() const
{
KScreen::ScreenPtr kscreenScreen(new KScreen::Screen);
kscreenScreen->setId(m_id);
kscreenScreen->setMaxSize(m_maxSize);
kscreenScreen->setMinSize(m_minSize);
kscreenScreen->setCurrentSize(m_currentSize);

XCB::ScopedPointer 
screenResources(XRandR::screenResources());
kscreenScreen->setMaxActiveOutputsCount(screenResources->num_crtcs);

return kscreenScreen;
}

the problem is the screenResources.d is NULL
I don't know the sctructure of the KDE code to know where the right place
is to fix this.

Dave

-- 
 -Open up your eyes, open up your mind, open up your code ---   
/ Dr. David Alan Gilbert|   Running GNU/Linux   | Happy  \ 
\dave @ treblig.org |   | In Hex /
 \ _|_ http://www.treblig.org   |___/

Bug#875271: linux-image-4.9.0-3-amd64: kworker/1 stalls at exactly 100% CPU load

[Ben Hutchings]

Control: tag -1 moreinfo

On Sun, 2017-09-10 at 09:03 +0200, Klaus-J. Wolf wrote:
> Package: src:linux
> Version: 4.9.30-2+deb9u3
> Severity: important
> 
> For unknown reason, kworker/1:1 stalls with exactly 100% CPU load on CPU
> kernel 1. This has happened thrice before, after several hours of uptime.
> 
> Nothing special happened on the machine in advance, just the usual tasks.
> 
> lsof tells me no suspicious open files, but the kernel task has used
> up 317:47.60 according to top(1) and it never seems to stop. I have
> terminated every user task, so I would suppose that the kernel task has
> crashed for some reason.
> 
> In the kernel log below, I have deleted the lines showing blocked
> network, this is for privacy reasons.
> 
> -- Package-specific info:
> ** Version:
> Linux version 4.9.0-3-amd64 (debian-ker...@lists.debian.org) (gcc version 
> 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06)
> 
> ** Command line:
> BOOT_IMAGE=/vmlinuz-4.9.0-3-amd64 
> root=UUID=b073140f-d246-4131-9015-636ceb35b3b1 ro quiet
> 
> ** Tainted: PO (4097)
>  * Proprietary module has been loaded.
>  * Out-of-tree module has been loaded.
[...]

Please test whether this still happens without the Nvidia and
VirtualBox kernel modules loaded.

Ben.

-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered an
expert.



signature.asc
Description: This is a digitally signed message part

Bug#786402: New repository on github

[Elena ``of Valhalla'']

On 2017-09-20 at 11:04:00 +0200, Carlo Stemberger wrote:
> what's the difference between the two projects? Why the original author has
> forked the code? I can't find any news about the reason.

I couldn't find a clear description of the situation either; I've posted
the links with the relevant info that I could find, but I agree that
they don't have the complete picture.

My understanding is that the original author will no longer develop the
program (at least not as a FLOSS project) and that the only surviving
FLOSS project is the forked one, but I may be mistaken.

The name change also seems to be done more as a courtesy to the original
author than for a pressing need to distinguish two project, but again, I
only know what I found on the forum and linked above.

-- 
Elena ``of Valhalla''

Bug#876629: stretch-pu: package db5.3/5.3.28-12+deb9u1

[Salvatore Bonaccorso]

Hi Jonathan,

On Sun, Sep 24, 2017 at 02:52:03PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
> 
> Hi,
> 
> On Sun, Sep 24, 2017 at 09:52:06AM +0200, Salvatore Bonaccorso wrote:
> > db5.3 in stretch is affected by the CVE-2017-10140 ("Berkeley DB reads
> > DB_CONFIG from cwd)", #872436. The NMU to unstable back on end of
> > august has not raised any regression reports we would be aware of. We
> > though think it's still safer to have it via point release
> 
> Please go ahead.

Thanks, uploaded.

> 
> > and have it
> > for a short time exposed as well via proposed-updates (once, and if
> > accepted).
> 
> On that part I'm not so sure. If it's that urgent, why not a DSA?
> 
> The point release has been set for 7th October so it's not that far away.

Hmm, not sure if I then miss-explained. It's not a mather of urgency
We decided to rather have it included via a point release, and still
having it exposed for some testing via the stable-proposed-updates
queues, for those having it activated and doing pre-testing before the
point release.

Regards,
Salvatore

Bug#876656: kicad: Bacport of version 4.0.8 to Jessie

[Miloslav Semler]

Hello Carsten,
thank you for you fast reply... Yes I meant 4.0.7... sorry for a little 
confusing question. I just asked the question if there is chance to new 
version as I still using oldstable (because of some historical software).



Regards,
Miloslav

Hello majkls,

On Sun, Sep 24, 2017 at 05:13:53PM +0200, majkls wrote:

Package: kicad
Version: 4.0.5+dfsg1-4~bpo8+1
Severity: wishlist

Dear Maintainer,

is there any chance on byckporting version 4.0.8 to debian Jessie?

that will gonne be difficult. 4.0.8 is even not in testing and you
probably mean 4.0.7. :-)

But yes, there are plans for doing this for stretch and jessie. I can't
say any time window for that. Due some needed tests before a upload can
happen it's mostly a complete weekend that is needed to prepare all
things. And a upload will need to go backports NEW due new binary
package for kicad-doc-id.

Regrads
Carsten

Bug#876644: System tray icons are shown without transparency

[Evgeny Kapun]

On 24.09.2017 16:58, Dmitry Shachnev wrote:

Hi Evgeny!

On Sun, Sep 24, 2017 at 01:22:56PM +0300, Evgeny Kapun wrote:

When an application using Qt 5 has a system tray icon, areas of the icon
that should be transparent are black instead. For me, this affects
GoldenDict (after it was changed to use Qt 5 instead of Qt 4) and VLC.


Please specify what desktop environment you are using, so that we can
reproduce the bug.


I can reproduce this on LXDE. You need the task bar to have white background 
and also set it to auto-hide. When launching an application, the task bar must 
be hidden, otherwise the icon will be displayed correctly. While this may be a 
bug in LXDE, for some reason it only affects applications which use Qt 5. 
Application which use Qt 4 or GTK are not affected.

Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)

[Sebastian Andrzej Siewior]

On 2017-09-22 11:12:52 [+0200], Raphael Hertzog wrote:
> Hi,
> 
> On Thu, 21 Sep 2017, Sebastian Andrzej Siewior wrote:
> > The changes Kurt asked about is something that openssl upstream supports
> > and is something that openssl 1.1 considers the right way of doing
> > things (in contrast to the disable TLS-version X thingy which are marked
> > deprecated or going to…).
> 
> Why has it been implemented as a Debian specific patch then?

There is nothing Debian specific, except for build options used and the
patches are upstream as far as I recall.

> I don't think that upstream planned to deprecate TLS 1.0 and TLS 1.1
> at this point yet. Yes, there are methods to control which TLS versions
> you accept to use but those are optional and the default is to accept
> all TLS versions and this default effectively changed in Debian, forcing
> all applications to add code to re-enable all TLS versions.

fastly plans to disable TLS <1.2 on June 30 2018 as per PCI SSC:
  https://www.fastly.com/blog/update-our-tls-10-and-11-deprecation-plan/

which is the extended deadline:
  https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls

and Buster should be around mid-end 2019.

> > So what problems do those users see? If the package lacks 1.2 support
> > then it should be reported & fixed. If the package requries <1.2 support
> > because the remote side can't be changed then this should reported and
> > patched as well.
> 
> I think the discussions has been rather clear on the fact that the remote
> side is not always patchable (old android versions which are not
> getting updates, etc.).

and for those things where you can not update and you *want* run unpached
software and need TLS1.0 you can patch/add a switch the software in Debian to
allow TLS < 1.2 but not by default.

> > since it is unlikely that things change here. Also it is unwise to make
> > such a change two days before the release of Buster. *Now* we have the
> > time to act.
> 
> buster should not ship with TLS 1.0 and TLS 1.1 disabled.

It is not entirely disabled you just need to add a swtich (if not yet done) to
enable TLS 1.[01] on purpose. We talk here about 2019. We already have 3des
and RC4 disabled which is something you would not expect after the Jessie
release.

> Cheers,

Sebastian

Bug#876303: linux-source-4.9 kernel regression eeepc-wmi

[Ben Hutchings]

Control: tag -1 moreinfo

On Wed, 2017-09-20 at 20:22 +0200, Oscon wrote:
> Package: linux-source-4.9
> 
> Version: >=4.9.25
> 
> eeepc-wmi doesn't work with my Eee PC netbook (Asus X101) after kernel 
> upgrade 
> from 3.14.79 to 4.9.y. So some Eee WMI hotkeys don't work with the new kernel.
[...]
> I have to use eeepc-wmi.
> 
> The patch "Use acpi_dev_found() " is the cause of the problem.
[...]

How did you determine this?  It doesn't appear to make any functional
change.

Are you still putting an acpi_osi parameter on the kernel command line?

Ben.

-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered an
expert.



signature.asc
Description: This is a digitally signed message part

Bug#876660: ledger: CVE-2017-2807: Ledger CLI Tags Parsing Code Execution Vulnerability

[Salvatore Bonaccorso]

Source: ledger
Version: 3.1.2~pre1+g3a00e1c+dfsg1-1
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for ledger.

CVE-2017-2807[0]:
| An exploitable buffer overflow vulnerability exists in the tag parsing
| functionality of Ledger-CLI 3.1.1. A specially crafted journal file
| can cause an integer underflow resulting in code execution. An
| attacker can construct a malicious journal file to trigger this
| vulnerability.

There is a provided poc.dat to verify the issue/fix:

2003/12/20 Organic Co-op
  Expenses:Food:Groceries $ 37.50  ; ] [=2004/01/01]

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2807
[1] https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#876665: [argtable2] libargtable2-dev (needlessly?) depends on libargtable2-docs

[Andreas Gnau]

Package: argtable2
Version: 13-1
Severity: normal

--- Please enter the report below this line. ---

libargtable-dev2 needlessly depends on libargtable2-docs which only contains 
docs. This should probably be changed to a recommends.

--- System information. ---
Architecture: 
Kernel:   Linux 4.12.0-1-amd64

Debian Release: buster/sid
  500 unstable-debug  debug.mirrors.debian.org 
  500 unstablehttp.debian.net 
  500 testing-debug   debug.mirrors.debian.org 

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.

Bug#876666: RM: geogebra-kde -- ROM; obsolete

[Giovanni Mascellani]

Package: ftp.debian.org
Severity: normal

Package geogebra-kde will soon become obsoleted by the removal of Qt 4
support. Given that it is just a hack, pretty useless and with low
popcon, I see little point in spending time on porting it to Qt 5.
Therefore, as the maintainer, I request its removal.

Thanks, Giovanni.

Bug#868082: linux-image-4.11.0-1-686: fails to boot on i386 (Soekris net5501)

[Francesco Poli]

Control: found -1 linux/4.12.13-1

[I should have put the above control command at the beginning of my
previous message... I am doing so now.]

-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpU0JN8f3qFV.pgp
Description: PGP signature

Bug#876668: postinst is inconsistent

[Mattia Rizzolo]

On Sun, Sep 24, 2017 at 07:42:57PM +0200, Guido Günther wrote:
> kopano-webapp is in NEW and so I think it makes sense to use the bug
> tracker already to make sure things don't get lost (or is this
> considered bad practice?).

ahh ok!
Well, I don't know of best practices about this, but please always
mention it if you file bugs about packages still in NEW.  There are
people monitoring misfiled bugs (and filing a bug against a package
unknown to bugs.d.o is considered as such by debbugs), and this is what
happens otherwise :)

good work with your package :)

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#865628: [Pkg-iscsi-maintainers] Bug#865628: Please add information about this incompatibility to the installation/upgrading guide

[Christian Seiler]

Control: reassign 865628 release-notes
Control: forcemerge 865632 865628

Hi,

On 09/24/2017 06:41 PM, Jurij Smakov wrote:
> I hit this issue as well after upgrading to Stretch, and I don't
> consider mentioning such a major incompatibility in the bug only to
> be appropriate. I have actually read the relevant parts of the
> upgrading guide,> 
> https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html
> https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html
> 
> but it did not mention anything about iscsitarget being deprecated,
> so the resulting service interruption came as a surprise.
> 
> At a minimum, please make sure that this deprecation information is
> added to the documentation above, to prevent others from hitting the
> same issue unexpectedly.

I had already opened a bug report against the 'release-notes'
pseudo-package to ask for this information to be included in the
release notes back in June, including a proposed wording, which
was then improved upon by someone else:

https://bugs.debian.org/865632

Unfortunately this hasn't been added to the SVN repository yet.
I'm merging this report to avoid further confusion and I'm CC'ing
the release team to bump the priority of this issue.

Regards,
Christian

Bug#876672: e2fsprogs: FTBFS: Unknown package libblkid1-udeb given via -N/--no-package

[Daniel Schepler]

Source: e2fsprogs
Version: 1.43.6-1
Severity: serious

>From my pbuilder build log:

...
dh_testdir
dh_testroot
dh_lintian
mkdir -p /build/e2fsprogs-1.43.6/debian/libss2/usr/share/doc/libss2
mkdir -p /build/e2fsprogs-1.43.6/debian/ss-dev/usr/share/doc
ln -sf libss2 /build/e2fsprogs-1.43.6/debian/ss-dev/usr/share/doc/ss-dev
mkdir -p /build/e2fsprogs-1.43.6/debian/libcomerr2/usr/share/doc/libcomerr2
mkdir -p /build/e2fsprogs-1.43.6/debian/comerr-dev/usr/share/doc
ln -sf libcomerr2
/build/e2fsprogs-1.43.6/debian/comerr-dev/usr/share/doc/comerr-dev
mkdir -p /build/e2fsprogs-1.43.6/debian/e2fslibs/usr/share/doc/e2fslibs
mkdir -p /build/e2fsprogs-1.43.6/debian/e2fslibs-dev/usr/share/doc
ln -sf e2fslibs
/build/e2fsprogs-1.43.6/debian/e2fslibs-dev/usr/share/doc/e2fslibs-dev
dh_installdocs -Ne2fsprogs-udeb -Nlibblkid1-udeb -Nlibuuid1-udeb
dh_installdocs: Unknown package libblkid1-udeb given via
-N/--no-package, expected one of: fuse2fs e2fsck-static e2fsprogs-l10n
libcomerr2 comerr-dev libss2 ss-dev e2fsprogs-udeb e2fslibs
e2fslibs-dev e2fsprogs
dh_installdocs: Unknown package libuuid1-udeb given via
-N/--no-package, expected one of: fuse2fs e2fsck-static e2fsprogs-l10n
libcomerr2 comerr-dev libss2 ss-dev e2fsprogs-udeb e2fslibs
e2fslibs-dev e2fsprogs
dh_installdocs: unknown option or error during option parsing; aborting
debian/rules:372: recipe for target 'binary-arch' failed
make: *** [binary-arch] Error 25
dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2
-- 
Daniel Schepler

Bug#876656: kicad: Bacport of version 4.0.8 to Jessie

[Carsten Schoenert]

Hello Miloslav,

please don't do top postings. It's hard to read.

Am 24.09.2017 um 20:18 schrieb Miloslav Semler:
> Hello Carsten,
> thank you for you fast reply... Yes I meant 4.0.7... sorry for a little 
> confusing question. I just asked the question if there is chance to new 
> version as I still using oldstable (because of some historical software).

If we can provide backports for Jessie we will do that. KiCad 5 will
probably not be possible for Jessie once we have reached this version.

Note we have prepared some backports for 4.0.6 in the past that haven't
found the way into backports. At least some more recent libraries are
inside.

https://pkg-electronics.alioth.debian.org/kicad-4.0.6/

-- 
Regards
Carsten Schoenert

Bug#860554: autopkgtest: Running autopkgtest may fail due to long path

[Martin Pitt]

Control: tag -1 pending

Hello Balint,

Balint Reczey [2017-05-04  2:07 +0200]:
> -create_command = 'dpkg-source -x "%s"' % dsc_tb
> +create_command = 'dpkg-source -x "%s" src' % dsc_tb

That's a good idea.

> @@ -385,10 +385,10 @@ def build_source(kind, arg, built_binaries):
>'  ver=${srcversion:-$pkg_candidate};'
>'  dpkg --compare-versions "$ver" lt "$maxver" || 
> maxver="$ver";'
>'done;'
> -  '[ -z "$maxver" ] || maxver="=$maxver";'
> +  '[ -z "$maxver" ] || maxver="$maxver";'

This is now a no-op.

> -  'OUT=$(apt-get source -q --only-source 
> %(src)s$maxver 2>&1) || RC=$?;'
> +  'OUT=$(apt-get source -d -q --only-source 
> %(src)s=$maxver 2>&1) || RC=$?;'

This breaks (or is at least unintuitive) if $maxver is empty.

>'if [ -n "$RC" ]; then if echo "$OUT" | grep -q 
> "Unable to find a source package"; then exit 1; else exit $RC; fi; fi;'
> -  'echo "$OUT" | grep ^Get: || true' % {'src': arg})
> +  'echo "$OUT" | grep ^Get: ; dpkg-source -x 
> %(src)s_$maxver.dsc src' % {'src': arg})


I now implemented this idea in
https://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/commit/?id=762397342b
but without the $maxver changes.

Thanks!

Martin

Bug#876680: rhash-bindings: B-D on many no longer available packages

[Andreas Beckmann]

Package: rhash-bindings
Version: 1.2.10-1
Severity: serious
Justification: fails to build from source

The following packages have unmet dependencies:
 builddeps:rhash-bindings : Depends: php5-dev but it is not installable
Depends: ruby1.8 but it is not installable
Depends: ruby1.8-dev but it is not installable
Depends: ruby1.9.1 but it is not installable
Depends: ruby1.9.1-dev but it is not installable
Depends: mono-gmcs (>= 1.1.8) but it is not 
installable


Andreas

Bug#871693: RFS: tinymux/2.10.1.14-1 [RC]

[Stephen Dennis]

The latest package at mentors has the version restriction removed.

On Wed, Aug 16, 2017 at 1:03 PM, Andrey Rahmatullin  wrote:

> On Wed, Aug 16, 2017 at 01:00:21PM -0600, Stephen Dennis wrote:
> > > > > By the way, binutils (>= 2.28.0) is wrong, as 2.28-1 is not >=
> 2.28.0.
> > > > >
> > > >
> > > > Fixing.
> > > You've changed it to >= 2.25-5. Why? Also, why this restriction is
> needed?
> > >
> >
> > I don't know what the guidance is for versions, so I picked the versions
> > for Jessie (oldstable). There's nothing in the code that would prevent it
> > from being built with older versions of these dependencies.
> Then why do you have a version restriction at all?
>
> --
> WBR, wRAR
>

Bug#871693: RFS: tinymux/2.10.1.14-1 [RC]

[Stephen Dennis]

Control: tags 871693 - moreinfo


On Sun, Sep 24, 2017 at 2:16 PM, Stephen Dennis 
wrote:

> The latest package at mentors has the version restriction removed.
>
> On Wed, Aug 16, 2017 at 1:03 PM, Andrey Rahmatullin 
> wrote:
>
>> On Wed, Aug 16, 2017 at 01:00:21PM -0600, Stephen Dennis wrote:
>> > > > > By the way, binutils (>= 2.28.0) is wrong, as 2.28-1 is not >=
>> 2.28.0.
>> > > > >
>> > > >
>> > > > Fixing.
>> > > You've changed it to >= 2.25-5. Why? Also, why this restriction is
>> needed?
>> > >
>> >
>> > I don't know what the guidance is for versions, so I picked the versions
>> > for Jessie (oldstable). There's nothing in the code that would prevent
>> it
>> > from being built with older versions of these dependencies.
>> Then why do you have a version restriction at all?
>>
>> --
>> WBR, wRAR
>>
>
>

Bug#876021: libreoffice-writer: launching writer makes libreoffice crash

[Rene Engelhard]

reassign 876021 src:linux
forcemerge 865303 876021
thanks

Hi,

On Sun, Sep 24, 2017 at 02:24:20PM +0200, Jérôme Bouat wrote:
> As normal user, the following command :
> libreoffice --backtrace
> 
> Next I didn't created new Draw, Impress and Calc documents as in previous use 
> case. I directly attempted to launch writer by using the shortcut in left 
> panel for creating a new Writer document.
> 
> Libreoffice crashed and I attached the backtrace.
> 
> Do you need more information before I remove the libreoffice-wiki-publisher 
> package ?

Nah, ...

[...]
> Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault.
> _expand_stack_to (bottom=0xbf805fff  0xbf805fff>, bottom@entry=0xbf805000  0xbf805000>) at ./src/hotspot/src/os/linux/vm/os_linux.cpp:673
> 673   ./src/hotspot/src/os/linux/vm/os_linux.cpp: Aucun fichier ou dossier de 
> ce type.
> #0  _expand_stack_to (bottom=0xbf805fff  address 0xbf805fff>, bottom@entry=0xbf805000  address 0xbf805000>) at ./src/hotspot/src/os/linux/vm/os_linux.cpp:673
> #1  0xa816d7a4 in os::Linux::manually_expand_stack (t=0x1547400, 
> addr=0xbf805000 ) at 
> ./src/hotspot/src/os/linux/vm/os_linux.cpp:686
> #2  0xa8177ce8 in os::create_attached_thread (thread=0x1547400) at 
> ./src/hotspot/src/os/linux/vm/os_linux.cpp:965
> #3  os::create_main_thread (thread=0x1547400) at 
> ./src/hotspot/src/os/linux/vm/os_linux.cpp:915
> #4  0xa82ba69e in Thread::set_as_starting_thread (this=0x1547400) at 
> ./src/hotspot/src/share/vm/runtime/thread.cpp:988
> #5  Threads::create_vm (args=0xbfffd908, canTryAgain=0xbfffd767) at 
> ./src/hotspot/src/share/vm/runtime/thread.cpp:3405
> #6  0xa7f65f45 in JNI_CreateJavaVM (vm=0xbfffd8a8, penv=0xbfffdb68, 
> args=0xbfffd908) at ./src/hotspot/src/share/vm/prims/jni.cpp:5220
> #7  0xb23389a1 in ?? () from /usr/lib/libreoffice/program/libjvmfwklo.so
> #8  0xb234abf4 in jfw_startVM(JavaInfo const*, JavaVMOption*, long, 
> JavaVM_**, JNIEnv_**) () from /usr/lib/libreoffice/program/libjvmfwklo.so

... that is exactly it.

Wait for Linux and/or the JDK to be fixed. Or use amd64...

Merging with the already existing kernel bugs.

Regards,

Rene

Bug#876683: apport: FTBFS: Could not determine system package manager. Copy appropriate backends/packaging* to apport/packaging_impl.py

[Andreas Beckmann]

Source: apport
Version: experimental
Severity: serious
Justification: fails to build from source

Hi,

apport FTBFS in a current sid/experimental environment:

https://buildd.debian.org/status/package.php?p=apport=experimental

   debian/rules override_dh_auto_clean
make[1]: Entering directory '/<>'
dh_auto_clean
python setup.py clean -a
Could not determine system package manager. Copy appropriate 
backends/packaging* to apport/packaging_impl.py
dh_auto_clean: python setup.py clean -a returned exit code 1
debian/rules:10: recipe for target 'override_dh_auto_clean' failed
make[1]: *** [override_dh_auto_clean] Error 1


Andreas

Bug#876687: htpdate: Off by one hour

[Mert Dirik]

Package: htpdate
Version: 1.1.3-2
Severity: important

Dear Maintainer,

htpdate sets the clock an hour earlier than it should be set to.
htpdate version in jessie does not exhibit this behavior, as it sets it to
right time,
this behavior is new in stretch version.

Here is an example output:

$ sudo ntpdate -v 0.europe.pool.ntp.org
24 Sep 23:38:39 ntpdate[10614]: ntpdate 4.2.8p10@1.3728-o Sun May  7
22:24:40 UTC 2017 (1)
24 Sep 23:38:49 ntpdate[10614]: adjust time server 46.22.26.12 offset
0.145900 sec
$ date --utc
Sun Sep 24 20:38:56 UTC 2017
$ date
Sun Sep 24 23:38:57 +03 2017
$ /usr/sbin/htpdate -d -q www.google.com.tr www.facebook.com
www.youtube.comburst: 1 try: 1 when: 25
www.google.com.tr 24 Sep 2017 20:39:08 GMT (1.086) => -3601
burst: 1 try: 2 when: 25
www.google.com.tr 24 Sep 2017 20:39:10 GMT (0.837) => -3601
burst: 1 try: 1 when: 50
www.facebook.com  24 Sep 2017 20:39:12 GMT (0.678) => -3601
burst: 1 try: 2 when: 50
www.facebook.com  24 Sep 2017 20:39:14 GMT (0.769) => -3601
burst: 1 try: 1 when: 75
www.youtube.com   24 Sep 2017 20:39:17 GMT (0.878) => -3600
burst: 1 try: 2 when: 75
www.youtube.com   24 Sep 2017 20:39:19 GMT (0.842) => -3600
#: 3 mean: -3601 average: -3600.667
Timezone: GMT+2 (+03,+03)
Offset -3600.667 seconds
seteuid() 0






-- System Information:
Debian Release: 9.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64, armhf

Kernel: Linux 4.4.87-mert (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages htpdate depends on:
ii  libc6 2.24-11+deb9u1
ii  lsb-base  9.20161125

htpdate recommends no packages.

htpdate suggests no packages.

-- Configuration Files:
/etc/default/htpdate changed [not included]

-- no debconf information

Bug#854627: Follow up...?

[sam penny]

I'm affected by this problem, but it's been more than 7 months since any 
activity was seen on this bug report. I note that no response has been made by 
anyone representing src:wayland - does anyone watch the relevant email / list? 
Perhaps there is a different package that would be more appropriate to assign 
this to?
Sam "SammyTheSnake" Penny

Bug#876656: kicad: Bacport of version 4.0.8 to Jessie

[Nick Østergaard]

There is no such thing as 4.0.8, I guess you mean 4.0.7 FYI.

2017-09-24 17:13 GMT+02:00 majkls :

> Package: kicad
> Version: 4.0.5+dfsg1-4~bpo8+1
> Severity: wishlist
>
> Dear Maintainer,
>
> is there any chance on byckporting version 4.0.8 to debian Jessie?
>
> Thanks,
>
> Miloslav Semler
>
> -- System Information:
> Debian Release: 8.9
>   APT prefers oldstable-updates
>   APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages kicad depends on:
> ii  kicad-common4.0.5+dfsg1-4~bpo8+1
> ii  libboost-context1.55.0  1.55.0+dfsg-3
> ii  libboost-date-time1.55.01.55.0+dfsg-3
> ii  libboost-filesystem1.55.0   1.55.0+dfsg-3
> ii  libboost-iostreams1.55.01.55.0+dfsg-3
> ii  libboost-locale1.55.0   1.55.0+dfsg-3
> ii  libboost-program-options1.55.0  1.55.0+dfsg-3
> ii  libboost-regex1.55.01.55.0+dfsg-3
> ii  libboost-system1.55.0   1.55.0+dfsg-3
> ii  libboost-thread1.55.0   1.55.0+dfsg-3
> ii  libc6   2.19-18+deb8u10
> ii  libcairo2   1.14.0-2.1+deb8u2
> ii  libcurl3-gnutls 7.38.0-4+deb8u5
> ii  libgcc1 1:4.9.2-10
> ii  libgl1-mesa-glx [libgl1]10.3.2-1+deb8u1
> ii  libglew1.10 1.10.0-3
> ii  libglu1-mesa [libglu1]  9.0.0-2
> ii  libgomp14.9.2-10
> ii  libice6 2:1.0.9-1+b1
> ii  libpython2.72.7.9-2+deb8u1
> ii  libsm6  2:1.2.2-1+b1
> ii  libstdc++6  4.9.2-10
> ii  libwxbase3.0-0  3.0.2-1+b1
> ii  libwxgtk3.0-0   3.0.2-1+b1
> ii  libx11-62:1.6.2-3
> ii  libxext62:1.3.3-1
> ii  python  2.7.9-1
> ii  python-wxgtk3.0 3.0.1.1+dfsg-2
> pn  python:any  
>
> Versions of packages kicad recommends:
> ii  xsltproc  1.1.28-2+deb8u3
>
> Versions of packages kicad suggests:
> ii  extra-xdg-menus
> 1.0-4
> pn  kicad-doc-ca | kicad-doc-de | kicad-doc-en | kicad-doc-es | kicad-d
> 
>
> -- no debconf information
>
>

Bug#876656: kicad: Bacport of version 4.0.8 to Jessie

[Carsten Schoenert]

Hello majkls,

On Sun, Sep 24, 2017 at 05:13:53PM +0200, majkls wrote:
> Package: kicad
> Version: 4.0.5+dfsg1-4~bpo8+1
> Severity: wishlist
> 
> Dear Maintainer,
> 
> is there any chance on byckporting version 4.0.8 to debian Jessie?

that will gonne be difficult. 4.0.8 is even not in testing and you
probably mean 4.0.7. :-)

But yes, there are plans for doing this for stretch and jessie. I can't
say any time window for that. Due some needed tests before a upload can
happen it's mostly a complete weekend that is needed to prepare all
things. And a upload will need to go backports NEW due new binary
package for kicad-doc-id.

Regrads
Carsten

Bug#876662: s3cmd: Errors with --cache-file= and use of Python3

[Ian Campbell]

Package: s3cmd
Version: 2.0.0-1
Severity: important

Dear Maintainer,

My backup scripts invocation of s3cmd is resulting in two warnings/errors. I
report them together here since I am unsure if the second is a consequence of
the first.

First warning is:

WARNING: !!! Support for python3 is currently in a 'Work In Progress' 
state.
Please don't use s3cmd with python3 on production tasks or with sensitive 
data as unexpected behaviors could occur !!!

And the second error is:

!
An unexpected error has occurred.
  Please try reproducing the error using
  the latest s3cmd code from the git master
  branch found at:
https://github.com/s3tools/s3cmd
  and have a look at the known issues list:

https://github.com/s3tools/s3cmd/wiki/Common-known-issues-and-their-solutions
  If the error persists, please report the
  following lines (removing any private
  info as necessary) to:
   s3tools-b...@lists.sourceforge.net


!

Invoked as: /usr/bin/s3cmd --ssl --config=/path/to/config --acl-private put 
--cache-file=/path/to/cache --encrypt  s3:///
Problem: 
rc = main()
  File "/usr/bin/s3cmd", line 2915, in main
rc = cmd_func(args)
  File "/usr/bin/s3cmd", line 352, in cmd_object_put
local_list, single_file_local, exclude_list, total_size_local = 
fetch_local_list(args, is_src = True)
  File "/usr/lib/python3/dist-packages/S3/FileLists.py", line 319, in 
fetch_local_list
cache.load(cfg.cache_file)
  File "/usr/lib/python3/dist-packages/S3/HashCache.py", line 63, in load
d = pickle.load(f)
TypeError: a bytes-like object is required, not 'str'

I suspect that the cache (specified via --cache-file) is incompatible between
this version and the last.  I'm unsure if this is an s3cmd change or a
consequence of switching to Python3 (maybe pickling is not compatible?)

Reverting to 1.6.1-1 in Stretch resolves this for me.

Given the first warning (which I pressume reflects upstream's view) are we sure
it is wise to be shipping with #!/usr/bin/python3 in Debian at this point?
Given the wording which upstream has used I considered filing bug this with
severity grave or serious, but in the end I went with important, although it
seems to me that we cannot ship s3cmd in a stable release while it is printing
such a warning.

Thanks,
Ian.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf, armel, arm64

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages s3cmd depends on:
ii  python3   3.5.3-3
ii  python3-dateutil  2.6.1-1
ii  python3-magic 1:5.32-1

s3cmd recommends no packages.

s3cmd suggests no packages.

-- no debconf information

Bug#876663: sympa FTBFS: Base class package "Class::Singleton" is empty.

[Adrian Bunk]

Source: sympa
Version: 6.2.20~dfsg-1
Severity: serious

https://buildd.debian.org/status/package.php?p=sympa=sid

...
rm -f list_config.pod
Base class package "Class::Singleton" is empty.
(Perhaps you need to 'use' the module which defines that package first,
or make that module available in @INC (@INC contains: ../src/lib /etc/perl 
/usr/local/lib/aarch64-linux-gnu/perl/5.26.0 /usr/local/share/perl/5.26.0 
/usr/lib/aarch64-linux-gnu/perl5/5.26 /usr/share/perl5 
/usr/lib/aarch64-linux-gnu/perl/5.26 /usr/share/perl/5.26 
/usr/local/lib/site_perl /usr/lib/aarch64-linux-gnu/perl-base .).
 at ../src/lib/Sympa/Language.pm line 32.
BEGIN failed--compilation aborted at ../src/lib/Sympa/Language.pm line 32.
Compilation failed in require at ../src/lib/Sympa/ListOpt.pm line 33.
BEGIN failed--compilation aborted at ../src/lib/Sympa/ListOpt.pm line 33.
Compilation failed in require at ./list_config.podpl line 9.
BEGIN failed--compilation aborted at ./list_config.podpl line 9.
Makefile:665: recipe for target 'list_config.5' failed
make[2]: *** [list_config.5] Error 255
make[2]: Leaving directory '/<>/doc'
Makefile:457: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1

Bug#874887: [geogebra-kde] Future Qt4 removal from Buster

[Giovanni Mascellani]

Hi,

Il 09/09/2017 21:05, Lisandro Damián Nicanor Pérez Meyer ha scritto:>
Hi! As you might know we the Qt/KDE team are preparing to remove Qt4
> as [announced] in:
> 
> [announced] 
> 

Thanks for reporting. geogebra-kde is more or less useless, without rev
deps and with ridiculous popcon score. It is probably better to remove
it, I will file a request.

Giovanni.
-- 
Giovanni Mascellani 
Postdoc researcher - Université Libre de Bruxelles

http://poisson.phc.unipi.it/~mascellani



signature.asc
Description: OpenPGP digital signature

Bug#876667: RFS: pragha/1.3.3-1

[Gabriel F. T. Gomes]

Breno,

Lukas (CC) pointed out some problems [1] with the packaging of Pragha.
For instance, the fact that I did not open a RFS properly.  I should
have sent the RFS message to sub...@bugs.debian.org, not to #592985.

This is a proper RFS (I think I got it right this time).  :)

[1] https://lists.debian.org/debian-mentors/2017/09/msg00298.html


Lukas,

In that same message [1], you suggested the use of a version control
system, but I don't know where to make it public (I know that alioth is
being discontinued, so I'm a bit lost with this).

I think I solved all other problems you pointed out.


Last but not least, I sent this message to debian-mentors (the right
place to ask question, right?).  Please let me know if I got this wrong.

Bug#876674: p3scan: CVE-2017-14681

[Markus Koschany]

Package: p3scan
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

the following vulnerability was published for p3scan.

CVE-2017-14681[0]:
| The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file
| after dropping privileges to a non-root account, which might allow
| local users to kill arbitrary processes by leveraging access to this
| non-root account for p3scan.pid modification before a root script
| executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated
| by etc/init.d/p3scan.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14681

Please adjust the affected versions in the BTS as needed.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#876087: xscreensaver: source-less and unlicensed code at hacks/images/m6502/dmsc.asm

[Daniel Serpell]

Source: xscreensaver
Followup-For: Bug #876087

Hi!

Attached is the source to the demo, in 6502 assembly, with a GPL
license.

Thanks,

Daniel.


comp6502-20070714.tar.gz
Description: application/gzip

Bug#868082: linux-image-4.11.0-1-686: fails to boot on i386 (Soekris net5501)

[Ben Hutchings]

On Sun, 2017-09-24 at 17:54 +0200, Francesco Poli wrote:
> On Sat, 26 Aug 2017 13:02:18 +0200 Francesco Poli wrote:
> 
> Control: found -1 linux/4.12.13-1
> 
> > 
> > On Mon, 17 Jul 2017 09:59:38 +0200 Francesco Poli wrote:
> 
> [...]
> > Hello again,
> > I tested the new kernel version that has recently migrated to Debian
> > testing.
> > 
> > Unfortunately, I get the same exact boot failure.
> > 
> > And no useful output on the serial console, even with
> > 'earlyprintk=ttyS0' and without 'quiet':
> > 
> > Booting a command list
> > 
> >   Loading Linux 4.12.0-1-686 ...
> >   Loading initial ramdisk ...
> > 
> > and then nothing else.
> 
> Another kernel version has just migrated to Debian testing.
> Another boot failure with no useful output on the serial console, even
> with 'earlyprintk=ttyS0' and without 'quiet':
> 
> Booting a command list
> 
>   Loading Linux 4.12.0-2-686 ...
>   Loading initial ramdisk ...
> 
> and nothing else.
> 
> Is there anything that can be done in order to pinpoint the issue and
> solve it once and for all?!?

You could test the 4.10 kernel version from snapshot.debian.org, which
would narrow down the regresion a bit.

Ben.

> Please let me know, thanks for your time.

-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered an
expert.



signature.asc
Description: This is a digitally signed message part

Bug#876681: RFH: rst2pdf -- ReportLab-based reStructuredText to PDF renderer

[Elena ``of Valhalla'']

Package: wnpp
Severity: normal

I request assistance with maintaining the rst2pdf package.

The package description is:
 The usual way of creating PDF files from reStructuredText is by going through
 LaTeX. This tool provides an alternative by producing PDF directly using the
 ReportLab library.

rst2pdf currently only supports python2 (#826908); there was an effort
from upstream to resume developement and an issue to track supporting
python3, but apparently they have stopped again in 2016.

Since sooner or later python2 will be dropped from Debian, rst2pdf will
have to follow, unless somebody cares about it enought to solve the
situation.

I believe that rst2pdf is currently being used as a build-dependency by
the following packages, whose maintainers I'm cc-ing:

* apcupsd
* davical
* pdal

Right now, I'm not really using this package, so in case there is a need
for an upstream fork I'm not the right person do do it, but if upstream
resumes working or there is a new upstream I would be glad to continue
maintaining the package.

Bug#873187: linux-image-amd64: Missing tpm_tis module

[Ben Hutchings]

Control: reassign -1 src:linux 4.9.25-1
Control: tag -1 moreinfo

On Fri, 2017-08-25 at 13:09 +0100, Gregory Stark wrote:
> Package: linux-image-amd64
> Version: 4.9+80+deb9u1
> Severity: normal
> 
> Hi,
> 
> I find that the tpm_tis.ko module is missing in all kernel packages
> since 4.9.0-3 (which is the version in Debian 9 installers and the
> security archive). This includes all more recent kernels that I've
> tried from unstable.
>
> It was present in 4.9.0-2 which makes me wonder if it was removed due
> to some last minute security problem before the release of Debian 9.

It's still included, but built-in.

> However this is a severe problem for users of the 2013 Chromebook
> Pixel as there was a firmware bug that means suspend/resume doesn't
> work unless the tpm chip has been initialized by the module. In other
> words suspend/resume is broken on the 2013 Pixel ever since 4.9.0-3
> but worked fine previously.

Have you actually found this to be broken?  I don't believe such a
failure would be related to the tpm_tis driver, since as I said it is
still included.

> I can't find an existing bug about tpm_tis or any mention of it on the
> list. Perhaps this was done unintentionally?

We didn't deliberately change it to built-in, but this is a result of
enabling IMA.

Ben.
 
-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered an
expert.



signature.asc
Description: This is a digitally signed message part

Bug#876696: clang-6.0: clangd-6.0 error

[Damien R.]

Package: clang-6.0
Version: 1:6.0~svn311834-1
Severity: important

Launching clangd-6.0 failed with the following output:
: CommandLine Error: Option 'help-list' registered more than once!
LLVM ERROR: inconsistency in registered CommandLine options

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages clang-6.0 depends on:
ii  binutils 2.29.1-3
ii  libc62.24-17
ii  libc6-dev2.24-17
ii  libclang-common-6.0-dev  1:6.0~svn311834-1
ii  libclang1-6.01:6.0~svn311834-1
ii  libgcc-7-dev 7.2.0-7
ii  libgcc1  1:7.2.0-7
ii  libjsoncpp1  1.7.4-3
ii  libllvm6.0   1:6.0~svn311834-1
ii  libobjc-7-dev7.2.0-7
ii  libstdc++-7-dev  7.2.0-7
ii  libstdc++6   7.2.0-7
ii  libtinfo56.0+20170902-1
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages clang-6.0 recommends:
ii  llvm-6.0-dev  1:6.0~svn311834-1
ii  python2.7.14-1

Versions of packages clang-6.0 suggests:
pn  clang-6.0-doc  
pn  gnustep
pn  gnustep-devel  
pn  libomp-dev 

-- no debconf information

Bug#876698: octave-image FTBFS on 32bit: test failures

[Adrian Bunk]

Source: octave-image
Version: 2.6.1-4
Severity: serious

https://buildd.debian.org/status/package.php?p=octave-image=sid

Bug#876699: staden-io-lib FTBFS: test failures on most architectures

[Adrian Bunk]

Source: staden-io-lib
Version: 1.14.9-1
Severity: serious

https://buildd.debian.org/status/package.php?p=staden-io-lib=sid

Bug#876700: python3-pysal: fails to install: Sorry: TabError: inconsistent use of tabs and spaces in indentation (iwls.py, line 56)

[Andreas Beckmann]

Package: python3-pysal
Version: 1.14.2-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package python3-pysal.
  (Reading database ... 
(Reading database ... 10689 files and directories currently installed.)
  Preparing to unpack .../python3-pysal_1.14.2-1_all.deb ...
  Unpacking python3-pysal (1.14.2-1) ...
  Setting up python3-pysal (1.14.2-1) ...
  Sorry: TabError: inconsistent use of tabs and spaces in indentation (iwls.py, 
line 56)
  Sorry: TabError: inconsistent use of tabs and spaces in indentation (iwls.py, 
line 56)
  dpkg: error processing package python3-pysal (--configure):
   subprocess installed post-installation script returned error exit status 1
  Errors were encountered while processing:
   python3-pysal


cheers,

Andreas


python3-pysal_1.14.2-1.log.gz
Description: application/gzip

Bug#876702: haskell-language-python FTBFS: Couldn't match type `t146' with `[Either a30 [Statement SrcSpan]]'

[Adrian Bunk]

Source: haskell-language-python
Version: 0.5.4-4
Severity: serious
Tags: buster sid

Some recent change in unstable makes haskell-language-python FTBFS:

https://tests.reproducible-builds.org/debian/history/haskell-language-python.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/haskell-language-python.html

...
[17 of 23] Compiling Language.Python.Version2.Parser.Parser ( 
dist-ghc/build/Language/Python/Version2/Parser/Parser.hs, 
dist-ghc/build/Language/Python/Version2/Parser/Parser.o )

dist-ghc/build/Language/Python/Version2/Parser/Parser.hs:2171:17: error:
* Couldn't match type `t146'
 with `[Either a30 [Statement SrcSpan]]'
  `t146' is a rigid type variable bound by
the type signature for:
  happyReduce_7 :: forall t127 t143 t144 t145 t146 t147 t148 t149 t150 
t151 t152 t153 t154 t155 t156 t157 t158 t159 t160 t161 t162 t163 t164 t165 t166 
t167 t168 t169 t170 t171 t172 t173 t174 t175 t176 t177 t178 t179 t180 t181 t182 
t183 t184 t185 t186 t187 t188 t189 t190 t191 t192 t193 t194 t195 t196 t197 t198 
t199 t200 t201 t202 t203 t204 t205 t206 t207 t208 t209 t210 t211 t212 t213 t214 
t215 t216 t217 t218 t219 t220 t221 t222 t223 t224 t225 t226 t227 t228 t229 t230 
t231 t232 t233 t234 t235 t236 t237 t238 t239 t240 t241 t242 t243 t244 t245 t246 
t247 t248 t249 t250 t251 t252 t253 t254 t255 t256 t257 t258 t259 t260 t261 t262 
t263 t264 t265 t266 t267 t268 t269 t270 t271 t272.
   Happy_GHC_Exts.Int#
   -> Token
   -> Happy_GHC_Exts.Int#
   -> Happy_IntList
   -> HappyStk
(HappyAbsSyn
   t127
   t143
   t144
...

Bug#876715: virtualbox-qt: virtualbox 5.1.28 uses qt 5.9

[Pedro Ribeiro]

Package: virtualbox-qt
Version: 5.1.26-dfsg-2
Severity: normal

I'm using VirtualBox from testing on stable. I know mixing stable / testing
packages is not recommended or supported, but as I'm sure you are aware this is
the only way to get VirtualBox on Debian now.

VirtualBox 5.1.28 requires the usage of Qt 5.9, which means that I have the
upgrade the whole of Qt from 5.7 (in stable) to 5.9.

I would have no problem with this... except that Qt 5.8 and above break
compatibility with GTK themes. As a result, all my Qt apps now look like crap -
themes are not respected. Qt devs said a fix is incoming, but it has been like
this for over 2 years now (since the release of 5.8).

Is there a specific reason why the Qt version requirement changed from 5.1.26
to 5.1.28?



-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (750, 'stable'), (650, 'testing'), (600, 'unstable'), (550, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.50-unofficial+grsec+ (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages virtualbox-qt depends on:
ii  libc6 2.24-11+deb9u1
ii  libgcc1   1:6.3.0-18
ii  libgl1-mesa-glx [libgl1]  13.0.6-1+b2
ii  libqt5core5a  5.7.1+dfsg-3+b1
ii  libqt5gui55.7.1+dfsg-3+b1
ii  libqt5opengl5 5.7.1+dfsg-3+b1
ii  libqt5printsupport5   5.7.1+dfsg-3+b1
ii  libqt5widgets55.7.1+dfsg-3+b1
ii  libqt5x11extras5  5.7.1~20161021-2
ii  libstdc++66.3.0-18
ii  libx11-6  2:1.6.4-3
ii  libxcb1   1.12-1
ii  libxext6  2:1.3.3-1+b2
ii  libxinerama1  2:1.1.3-1+b3
ii  virtualbox5.1.28-dfsg-1

virtualbox-qt recommends no packages.

virtualbox-qt suggests no packages.

-- no debconf information

Bug#845925: autopkgtest boostrap qemu

[Martin Pitt]

Control: tag -1 pending

Hello Attila,

SZALAY Attila [2017-08-13  9:19 -0400]:
> I'm not 100% sure, but I have the feeling that this depends on your
> host environment. Because, I think, the debootstrap copies the
> /etc/resolv.cong file as-is to the chroot environment.

Right, so this is ought to be fixed in debootstrap itself, IMHO. But I'm fine
with a workaround in setup-testbed for the time being.

> So, my solution was, as a dirty hack, to copy the content of the
> /etc/resolv.conf into the chroot. Something like this what is attached
> to this email.

I experimented with bind mounts and other more robust approaches, but not
successfully. So I went with your approach, just slightly more compact and
robust: 
https://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/commit/?id=ba3123ca0f

Thanks,

Martin


signature.asc
Description: PGP signature

Bug#876664: veusz FTBFS: test failure

[Aurelien Jarno]

On 2017-09-24 18:42, Aurelien Jarno wrote:
> > ValueError: The truth value of an array with more than one element is 
> > ambiguous. Use a.any() or a.all()
> > QPainter::end: Painter ended with 2 saved states
> > debian/rules:40: recipe for target 'override_dh_auto_test' failed
> > make[1]: *** [override_dh_auto_test] Error 1
> 
> This failure is due to the recent upload of numpy 1.13.

I have just done another NMU to fix this issue, using a patch from
upstream. Please find the diff attached.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net
diff -Nru veusz-1.21.1/debian/changelog veusz-1.21.1/debian/changelog
--- veusz-1.21.1/debian/changelog	2017-09-24 14:36:11.0 +0200
+++ veusz-1.21.1/debian/changelog	2017-09-24 23:20:35.0 +0200
@@ -1,3 +1,10 @@
+veusz (1.21.1-1.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Backport a patch from upstream to add compatiblity with numpy 1.13.
+
+ -- Aurelien Jarno   Sun, 24 Sep 2017 23:20:35 +0200
+
 veusz (1.21.1-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru veusz-1.21.1/debian/patches/01-numpy-1.13.diff veusz-1.21.1/debian/patches/01-numpy-1.13.diff
--- veusz-1.21.1/debian/patches/01-numpy-1.13.diff	1970-01-01 01:00:00.0 +0100
+++ veusz-1.21.1/debian/patches/01-numpy-1.13.diff	2017-09-24 23:18:17.0 +0200
@@ -0,0 +1,88 @@
+commit 70447b7bc2dbd067b526569aa673f8f37407dc00
+Author: Jeremy Sanders 
+Date:   Sat Sep 17 15:25:48 2016 +0200
+
+Avoid None in list of numpy arrays
+
+diff --git a/veusz/utils/utilfuncs.py b/veusz/utils/utilfuncs.py
+index 836816d6..ffe429f8 100644
+--- a/veusz/utils/utilfuncs.py
 b/veusz/utils/utilfuncs.py
+@@ -591,3 +591,7 @@ def unescapeHDFDataName(name):
+ name = name.replace('`SL', '/')
+ name = name.replace('`BT', '`')
+ return name
++
++def allNotNone(*items):
++"""Are all the items not None."""
++return not any((x is None for x in items))
+diff --git a/veusz/widgets/axis.py b/veusz/widgets/axis.py
+index 5ef52b4c..eac54dd9 100644
+--- a/veusz/widgets/axis.py
 b/veusz/widgets/axis.py
+@@ -750,7 +750,7 @@ class Axis(widget.Widget):
+ for plotter in plotters:
+ # get label and label coordinates from plotter (if any)
+ labels, coords = plotter.getAxisLabels(dir)
+-if None not in (labels, coords):
++if labels is not None and coords is not None:
+ # convert coordinates to plotter coordinates
+ pcoords = self._graphToPlotter(coords)
+ for coord, pcoord, lab in czip(coords, pcoords, labels):
+diff --git a/veusz/widgets/point.py b/veusz/widgets/point.py
+index 2763845b..59152c68 100644
+--- a/veusz/widgets/point.py
 b/veusz/widgets/point.py
+@@ -75,14 +75,14 @@
+ def _errorBarsBox(style, xmin, xmax, ymin, ymax, xplotter, yplotter,
+   s, painter, clip):
+ """Draw box around error region."""
+-if None not in (xmin, xmax, ymin, ymax):
++if utils.allNotNone(xmin, xmax, ymin, ymax):
+ painter.setBrush( qt4.QBrush() )
+ utils.plotBoxesToPainter(painter, xmin, ymin, xmax, ymax, clip)
+ 
+ def _errorBarsBoxFilled(style, xmin, xmax, ymin, ymax, xplotter, yplotter,
+ s, painter, clip):
+ """Draw box filled region inside error bars."""
+-if None not in (xmin, xmax, ymin, ymax):
++if utils.allNotNone(xmin, xmax, ymin, ymax):
+ # filled region below
+ if not s.FillBelow.hideerror:
+ path = qt4.QPainterPath()
+@@ -102,7 +102,7 @@
+ def _errorBarsDiamond(style, xmin, xmax, ymin, ymax, xplotter, yplotter,
+   s, painter, clip):
+ """Draw diamond around error region."""
+-if None not in (xmin, xmax, ymin, ymax):
++if utils.allNotNone(xmin, xmax, ymin, ymax):
+ 
+ # expand clip by pen width (urgh)
+ pw = painter.pen().widthF()*2
+@@ -119,7 +119,7 @@
+ def _errorBarsDiamondFilled(style, xmin, xmax, ymin, ymax, xplotter, yplotter,
+ s, painter, clip):
+ """Draw diamond filled region inside error bars."""
+-if None not in (xmin, xmax, ymin, ymax):
++if utils.allNotNone(xmin, xmax, ymin, ymax):
+ if not s.FillBelow.hideerror:
+ path = qt4.QPainterPath()
+ utils.addNumpyPolygonToPath(path, clip,
+@@ -137,7 +137,7 @@
+ def _errorBarsCurve(style, xmin, xmax, ymin, ymax, xplotter, yplotter,
+ s, painter, clip):
+ """Draw curve around error region."""
+-if None not in (xmin, xmax, ymin, ymax):
++if utils.allNotNone(xmin, xmax, ymin, ymax):
+ # non-filling brush
+ painter.setBrush( qt4.QBrush() )
+ 
+@@ -160,7 +160,7 @@
+   s, painter, clip):
+ """Fill area around error region."""
+ 
+-if None not in (xmin, xmax, ymin, ymax):
++if 

Bug#876690: xorg-server FTBFS with debhelper 10.9

[Adrian Bunk]

Source: xorg-server
Version: 2:1.19.3-2
Severity: serious

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/xorg-server.html

...
   debian/rules override_dh_strip
make[1]: Entering directory '/build/1st/xorg-server-1.19.3'
dh_strip -pxserver-xorg-core --dbgsym-migration="xserver-xorg-core-dbg (<< 
2:1.19.0-3~)"
dh_strip -s -Nxserver-xorg-core -Nxserver-xorg-core-dbg
dh_strip: -s/--same-arch is deprecated; please use -a/--arch instead
dh_strip: This feature will be removed in compat 11.
dh_strip: unknown option or error during option parsing; aborting
debian/rules:297: recipe for target 'override_dh_strip' failed
make[1]: *** [override_dh_strip] Error 25


The messages are misleading (#876689), the error is for the
no longer existing package in -Nxserver-xorg-core-dbg.

Bug#876706: stretch-pu: package liblouis/3.0.0-3

[Samuel Thibault]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello,

Several CVEs have been reported against liblouis in Bug#874302. The
upstream fixes have been tested for 6 days in Debian unstable then 5
days in Debian testing.

I propose to upload them to stable too, as attached debdiff shows.

Samuel

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-debug'), (500, 'oldoldstable'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru liblouis-3.0.0/debian/changelog liblouis-3.0.0/debian/changelog
--- liblouis-3.0.0/debian/changelog 2016-09-14 00:46:35.0 +0200
+++ liblouis-3.0.0/debian/changelog 2017-09-25 01:16:30.0 +0200
@@ -1,3 +1,14 @@
+liblouis (3.0.0-3+deb9u1) stretch; urgency=medium
+
+  * debian/patches/CVE-2017-13738-and-2017-13744.patch: New patch.
+  * debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch: New
+patch
+  * debian/patches/CVE-2017-13741.patch: New patch.
+  * debian/patches/CVE-2017-13741-2.patch: New patch.
+  * debian/patches/CVE-2017-13743.patch: New patch.
+
+ -- Samuel Thibault   Mon, 25 Sep 2017 01:16:30 +0200
+
 liblouis (3.0.0-3) unstable; urgency=medium
 
   * Upload to unstable.
diff -Nru liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch 
liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch
--- liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch   
1970-01-01 01:00:00.0 +0100
+++ liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch   
2017-09-25 01:14:10.0 +0200
@@ -0,0 +1,19 @@
+From edf8ee00197e5a9b062554bdca00fe1617d257a4 Mon Sep 17 00:00:00 2001
+From: Mike Gorse 
+Date: Tue, 29 Aug 2017 16:55:29 -0500
+Subject: [PATCH] Fix possible out-of-bounds write from a \ followed by
+ multiple newlines
+
+Fixes CVE-2017-13738 and CVE-2017-13744.
+Index: liblouis-3.0.0/liblouis/compileTranslationTable.c
+===
+--- liblouis-3.0.0.orig/liblouis/compileTranslationTable.c
 liblouis-3.0.0/liblouis/compileTranslationTable.c
+@@ -573,6 +573,7 @@ getALine (FileInfo * nested)
+   if (pch == '\\' && ch == 10)
+   {
+ nested->linelen--;
++pch = ch;
+ continue;
+   }
+   if (ch == 10 || nested->linelen >= MAXSTRING)
diff -Nru 
liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch
 
liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch
--- 
liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch
1970-01-01 01:00:00.0 +0100
+++ 
liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch
2017-09-25 01:14:10.0 +0200
@@ -0,0 +1,28 @@
+From d8cfdf1ab64a4c9c6685efe45bc735f68dac618c Mon Sep 17 00:00:00 2001
+From: Mike Gorse 
+Date: Wed, 30 Aug 2017 12:53:02 -0500
+Subject: [PATCH] resolveSubtable: Fix buffer overflow parsing a malformed
+ table
+
+The subtable's name can theoretically be up to MAXSTRING characters long.
+The base name is then copied into a buffer, and the subtable's name is
+appended, so we should allocate more than MAXSTRING bytes for the buffer.
+
+Fixes CVE-2017-13739, CVE-2017-13740, and CVE-2017-13742.
+---
+ liblouis/compileTranslationTable.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: liblouis-3.0.0/liblouis/compileTranslationTable.c
+===
+--- liblouis-3.0.0.orig/liblouis/compileTranslationTable.c
 liblouis-3.0.0/liblouis/compileTranslationTable.c
+@@ -4899,7 +4899,7 @@ resolveSubtable (const char *table, cons
+ 
+   if (table == NULL || table[0] == '\0')
+ return NULL;
+-  tableFile = (char *) malloc (MAXSTRING * sizeof(char));
++  tableFile = (char *) malloc (MAXSTRING * sizeof(char) * 2);
+   
+   //
+   // First try to resolve against base
diff -Nru liblouis-3.0.0/debian/patches/CVE-2017-13741-2.patch 
liblouis-3.0.0/debian/patches/CVE-2017-13741-2.patch
--- liblouis-3.0.0/debian/patches/CVE-2017-13741-2.patch1970-01-01 
01:00:00.0 +0100
+++ liblouis-3.0.0/debian/patches/CVE-2017-13741-2.patch2017-09-25 
01:14:10.0 +0200
@@ -0,0 +1,26 @@
+commit 1e36af516478e6c07fbc919541df226aac911fd7
+Author: Christian Egli 
+Date:   Thu Aug 31 13:41:23 2017 +0200
+
+Fix a tiny 

Bug#876710: evince: File type DjVu image (image/vnd.djvu) is not supported

[Michael Biebl]

Am 25.09.2017 um 01:54 schrieb David Bremner:
> Package: evince
> Version: 3.25.92-1
> Severity: normal
> 
> Previously evince worked great for previewing djvu documents for
> me. Now when I try I get a popup with the error message in the
> subject. I'm not running Gnome, so that's possibly related.

This is a result of
https://git.gnome.org/browse/evince/commit/?id=39bd98c5fb954e3b6723370b2f6b60ea43091db3

> ii  shared-mime-info 1.8-1

Not sure if we need 1.9 for that. Given the above commit message, 1.8
should be sufficient. Or it's an issue of the file being mis-detected as
image/vnd.djvu whereas it should supposedly be image/vnd.djvu+multipage

Can you attach a test file which exhibits the problem?
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#876711: nautilus-actions: Segmentation fault on Wayland

[Recognizer]

Package: nautilus-actions
Version: 3.2.3-1+b2
Severity: important

Dear Maintainer,

nautilus-actions-config-tool show a segmentation fault (in my case when used on
wayland) here's the gdb debug report:
#0  0x7797f89d in ?? () from /usr/lib/libunique-3.0.so.0
#1  0x749a5e2d in ?? ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#2  0x7797f8fd in ?? () from /usr/lib/libunique-3.0.so.0
#3  0x749a6029 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4  0x749a810e in g_object_new_valist ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x749a83b1 in g_object_new ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6  0x5556e33d in base_iunique_init_with_name ()
#7  0x5556a6c0 in base_application_run_with_args ()
#8  0x55569438 in main ()



-- System Information:
Debian Release: 9.1
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64, armel, armhf, mips, mipsel, powerpc, ppc64el

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8), 
LANGUAGE=it_IT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nautilus-actions depends on:
ii  gconf-service3.2.6-4+b1
ii  libatk1.0-0  2.22.0-1
ii  libc62.24-11+deb9u1
ii  libcairo-gobject21.14.8-1
ii  libcairo21.14.8-1
ii  libgconf-2-4 3.2.6-4+b1
ii  libgdk-pixbuf2.0-0   2.36.5-2+deb9u1
ii  libglib2.0-0 2.50.3-2
ii  libgtk-3-0   3.22.11-1
ii  libgtop-2.0-10   2.34.2-1
ii  libice6  2:1.0.9-2
ii  libnautilus-extension1a  3.22.3-1
ii  libpango-1.0-0   1.40.5-1
ii  libpangocairo-1.0-0  1.40.5-1
ii  libsm6   2:1.2.2-1+b3
ii  libunique-3.0-0  3.0.2-2
ii  libuuid1 2.29.2-1
ii  libxml2  2.9.4+dfsg1-2.2+deb9u1

Versions of packages nautilus-actions recommends:
ii  ksh  93u+20120801-3.1

nautilus-actions suggests no packages.

-- no debconf information

Bug#751776: time: diff for NMU version 1.7-25.1

[Bob Proulx]

Hello Manuel,

Manuel A. Fernandez Montecelo wrote:
> It seems that the changelog [1] mentions "Addresses", not "Closes",
> therefore this bug report has not been closed even if the original
> problem has really been fixed.

That NMU only "addressed" bug#751776 but didn't close it because there
were several parts to it.  That upload only addressed one of them.
Please keep this open for a while longer for the other non-addressed
items.

Thanks for looking at it and the heads up however.  It motivates me to
get back to addressing the rest of the items.

Plus a general note that after a decade of being upstream dead the
time project now has a new upstream maintainer.  This is a very good
thing and I expect man portability improvements.

Bob


signature.asc
Description: PGP signature

Bug#876687: htpdate: Off by one hour

[Eriberto Mota]

Hi Mert,

Thanks for your message.

I can't reproduce it and I have a doubt about the results shown by
you. Please, send me the results for the following 'date' commands:

# ntpdate pool.ntp.org; date -u

# htpdate -s www.google.com.tr www.facebook.com www.youtube.com; date -u

Regards,

Eriberto

Bug#876462: otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS

[Markus Koschany]

On Fri, 22 Sep 2017 16:31:00 +0200 Salvatore Bonaccorso
 wrote:
[...]
> Unfortunately the patches are not referenced, so must be researched in
> the repository.

I had a look at this issue. I have found

https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85

which was introduced in version 5.0.23 that fixed the vulnerability. It
is the only commit that mentions the keywords agent and statistics but
I'm not sure if the commit is sufficient. I suggest to contact upstream
about this and ask for a clarification.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#876688: isdnutils FTBFS with debhelper 10.9

[Adrian Bunk]

Source: isdnutils
Version: 1:3.25+dfsg1-8
Severity: serious
Tags: buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/isdnutils.html

...
# Install ALL dirs into tmp also. Unfortunately there's no easy way...
mkdir -p debian/tmp/sbin
sort -u debian/*.dirs > debian/tmp.dirs
dh_installdirs -Pdebian/tmp -pisdnutils `cat debian/tmp.dirs`
dh_installdirs: Requested unknown package isdnutils via -p/--package, expected 
one of: isdnutils-base isdnutils-xtools ipppd isdnlog isdnlog-data 
isdnutils-doc isdnvbox isdnvboxclient isdnvboxserver capiutils pppdcapiplugin
dh_installdirs: unknown option or error during option parsing; aborting
debian/rules:44: recipe for target 'override_dh_auto_install' failed
make[1]: *** [override_dh_auto_install] Error 25

Bug#870539: NMU of libestr for "hardcoded Pre-Depends on multiarch-support" and "mark libestr0 and libestr-dev Multi-Arch: same"

[Manuel A. Fernandez Montecelo]

Control: tags -1 + pending


Hi,

I scheduled an NMU with delayed/15 for both bug reports:

#870539 - libestr: hardcoded Pre-Depends on multiarch-support
#840222 - mark libestr0 and libestr-dev Multi-Arch: same


debdiff attached.

If you want me to cancel it, just ask.


Cheers.
--
Manuel A. Fernandez Montecelo 

diff -Nru libestr-0.1.10/debian/changelog libestr-0.1.10/debian/changelog
--- libestr-0.1.10/debian/changelog 2016-04-18 22:15:22.0 +0200
+++ libestr-0.1.10/debian/changelog 2017-09-24 23:11:22.0 +0200
@@ -1,3 +1,15 @@
+libestr (0.1.10-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Aurelien Jarno ]
+  * Fix hardcoded Pre-Depends on multiarch-support (Closes: #870539)
+
+  [ Helmut Grohne ]
+  * Mark binary packages Multi-Arch: same (Closes: #840222)
+
+ -- Manuel A. Fernandez Montecelo   Sun, 24 Sep 2017 23:11:22 
+0200
+
 libestr (0.1.10-2) unstable; urgency=medium
 
   * Run autoreconf during build (Closes: #821447)
diff -Nru libestr-0.1.10/debian/control libestr-0.1.10/debian/control
--- libestr-0.1.10/debian/control   2016-04-18 22:11:53.0 +0200
+++ libestr-0.1.10/debian/control   2017-09-24 23:11:22.0 +0200
@@ -14,6 +14,7 @@
 Section: libdevel
 Architecture: any
 Depends: libestr0 (= ${binary:Version}), ${misc:Depends}
+Multi-Arch: same
 Description: helper functions for handling strings (headers)
  The 'libestr' library contains some essential string manipulation
  functions and more, like escaping special characters.
@@ -24,7 +25,8 @@
 Section: libs
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Pre-Depends: ${misc:Pre-Depends}, multiarch-support
+Pre-Depends: ${misc:Pre-Depends}
+Multi-Arch: same
 Description: Helper functions for handling strings (lib)
  The 'libestr' library contains some essential string manipulation
  functions and more, like escaping special characters.

Bug#839857: lzma FTCBFS: uses build architecture compiler

[Manuel A. Fernandez Montecelo]

Control: tags -1 + pending


Hi,

2016-10-05 20:49 Helmut Grohne:

Source: lzma
Version: 9.22-2
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

lzma fails to cross build from source, because it uses the build
architecture toolchain which leads to a dh_strip failure when using host
tools. Since debhelper 10.2.1, dh_auto_build knows how to pass cross
toolchains via the makefile buildsystem, so replacing the explicit make
invocations with dh_auto_build mostly fixes the cross build except for
the odd use of CXX_C instead of CC. After applying the attached patch,
lzma cross builds fine. Please consider applying it to the package.


I just uploaded an NMU with delayed/15, debdiff attached.

If you want me to cancel it just ask.


Cheers.
--
Manuel A. Fernandez Montecelo 

diff -Nru lzma-9.22/debian/changelog lzma-9.22/debian/changelog
--- lzma-9.22/debian/changelog  2012-01-08 15:15:18.0 +0100
+++ lzma-9.22/debian/changelog  2017-09-24 23:48:30.0 +0200
@@ -1,3 +1,13 @@
+lzma (9.22-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix typo in description, thanks Pascal De Vuyst (Closes: #714875)
+
+  [ Helmut Grohne ]
+  * Fix FTCBFS: Let dh_auto_build pass cross flags. (Closes: #839857)
+
+ -- Manuel A. Fernandez Montecelo   Sun, 24 Sep 2017 23:48:30 
+0200
+
 lzma (9.22-2) unstable; urgency=low
 
   * Upload to unstable.
diff -Nru lzma-9.22/debian/control lzma-9.22/debian/control
--- lzma-9.22/debian/control2011-09-03 23:38:22.0 +0200
+++ lzma-9.22/debian/control2017-09-24 23:48:30.0 +0200
@@ -14,7 +14,7 @@
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Conflicts: xz-lzma (<< 5.1.1alpha+20110809-2)
 Description: Compression and decompression in the LZMA format - command line 
utility
- The Lempel-Ziv Markov-chain Algorithm is a compression method based on
+ The Lempel-Ziv-Markov chain Algorithm is a compression method based on
  the famous LZ77 algorithm, and was first introduced by 7-Zip for use in
  7z archives.
  .
@@ -31,7 +31,7 @@
 Conflicts: lzma (<< 4.43-13)
 Replaces: lzma (<< 4.43-13)
 Description: Compression and decompression in the LZMA format - legacy utility
- The Lempel-Ziv Markov-chain Algorithm is a compression method based on
+ The Lempel-Ziv-Markov chain Algorithm is a compression method based on
  the famous LZ77 algorithm, and was first introduced by 7-Zip for use in
  7z archives.
  .
@@ -46,7 +46,7 @@
 Architecture: all
 Depends: zlib1g-dev, ${misc:Depends}
 Description: Compression and decompression in the LZMA format - development 
files
- The Lempel-Ziv Markov-chain Algorithm is a compression method based on
+ The Lempel-Ziv-Markov chain Algorithm is a compression method based on
  the famous LZ77 algorithm, and was first introduced by 7-Zip for use in
  7z archives.
  .
diff -Nru lzma-9.22/debian/rules lzma-9.22/debian/rules
--- lzma-9.22/debian/rules  2011-09-03 23:38:22.0 +0200
+++ lzma-9.22/debian/rules  2017-09-24 23:48:30.0 +0200
@@ -20,8 +20,8 @@
 export DH_OPTIONS
 
 override_dh_auto_build:
-   $(MAKE) all -C $(SRC_DIR_C) -f makefile.gcc
-   $(MAKE) all -C $(SRC_DIR_CPP) -f makefile.gcc
+   dh_auto_build -- all -C $(SRC_DIR_C) -f makefile.gcc
+   dh_auto_build -- all -C $(SRC_DIR_CPP) -f makefile.gcc CXX_C='$$(CC)'
 
 override_dh_auto_clean:
$(MAKE) clean -C $(SRC_DIR_C) -f makefile.gcc
@@ -30,4 +30,4 @@
$(SRC_DIR_CPP)/*.o $(SRC_DIR_CPP)/*.a
 
 %:
-   dh $@ 
+   dh $@ --buildsystem=makefile

Bug#876620: 3depict: missing build dependency on rename

[D Haley]

Hi,

Thanks for the report. I've pushed a change to git [1] and will request
a sponsor to upload the changes.

Relevant changesets are:
 95090e76
 f5e5835b


[1] https://anonscm.debian.org/cgit/debian-science/packages/3depict.git/

Bug#751776: time: diff for NMU version 1.7-25.1

[Manuel A. Fernandez Montecelo]

Hi all,

2015-07-22 06:59 Helmut Grohne:

Hi Bob,

On Tue, Jul 21, 2015 at 11:11:36PM -0500, Bob Proulx wrote:

I think that will be perfectly fine.  Thank you for doing that.  You
could upload it to a shorter delay if you desired to get it through
earlier.


Thanks for your positive reply appreciating my NMU. I have rescheduled
it to 0-day accordingly.


It seems that the changelog [1] mentions "Addresses", not "Closes",
therefore this bug report has not been closed even if the original
problem has really been fixed.

Should we?


[1] https://tracker.debian.org/news/699503

--
Manuel A. Fernandez Montecelo 

Bug#794158: xfsprogs FTCBFS: fails to pass --host to configure

[Manuel A. Fernandez Montecelo]

Hi Anatoly,

2017-07-26 13:38 Anatoly Pugachev:

Probably fixed in later version ?

xfsprogs-4.9.0 is current version in stable/testing and unstable.

Can we close this bug please?


You didn't explicitly include the submitter, the bug tracking system
doesn't email submitters automatically -- copying Helmut now.

I checked the changelog and there's no indication that this issue has
been fixed.


Cheers.
--
Manuel A. Fernandez Montecelo 

Bug#876708: libtorch-thnn: broken symlink: /usr/lib/x86_64-linux-gnu/lua/5.1/libTHNN.so -> ../../libTHNN.so

[Andreas Beckmann]

Package: libtorch-thnn
Version: 0~20170726-gf613412+dfsg-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink.

>From the attached log (scroll to the bottom...):

0m42.3s ERROR: FAIL: Broken symlinks:
  /usr/lib/x86_64-linux-gnu/lua/5.1/libTHNN.so -> ../../libTHNN.so

You probably want to target ../../ibTHNN.so.0 instead,
since the .so is only available in the -dev package.


cheers,

Andreas


libtorch-thnn_0~20170726-gf613412+dfsg-1.log.gz
Description: application/gzip

Bug#876709: libpreludedb FTBFS with gtk-doc-tools 1.26: gtkdoc-mktmpl is no longer available

[Thomas Andrejak]

Source: libpreludedb
Version: 3.1.0-0.1
Severity: serious

As for libprelude
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876591), please fix
gtk-doc in libpreludedb

Bug#871608: linux-image-4.9.0-3-amd64: Linux kernel should handle decreasing cpu steal clock counter gracefully

[Ben Hutchings]

Control: severity -1 important
Control: tag -1 moreinfo

On Wed, 2017-08-09 at 22:46 +0200, Michael Lass wrote:
> Package: src:linux
> Version: 4.9.30-2+deb9u3
> Severity: normal
> Tags: patch
> 
> Dear Maintainer,
> 
> running Debian Stretch as a paravirtualized guest under Xen, the kernel
> obtains its cpu steal time counter from the virtualization host. On some
> hosts, occasionally a slight decrease in the cpu steal time is returned
> which leads to an overflow of unsigned variables in the kernel and
> subsequent errors in steal time accounting (such as backwards running
> counters). This renders tools like "top" or "vmstat" broken in a way
> that the cpu utilization cannot be determined anymore.
> 
> While this is likely a bug in the virtualization environment, the kernel
> running as a guest should deal with this gracefully. I attached a patch
> to this report which fixes the errors caused by this on the guest.
> Kernel versions 4.7 and older, as well as 4.11 and newer should not be
> affected by this issue.
[...]

I agree that the kernel ought to work around this, but I'm hesitant to
add a fix that doesn't look like any upstream change.  Why and how do
you think this was fixed in 4.11?

Ben.

-- 
Ben Hutchings
If the facts do not conform to your theory, they must be disposed of.



signature.asc
Description: This is a digitally signed message part

Bug#875911: Processed: found 875911 in 5.13.0+dfsg-1~exp3

[Andreas Beckmann]

Control: found -1 5.13.0+dfsg-3
Control: notfixed -1 5.13.0+dfsg-2

On 09/22/2017 04:33 PM, Ole Streicher wrote:
> Hi Andreas,
> 
> On 22.09.2017 16:15, Debian Bug Tracking System wrote:
>> Processing commands for cont...@bugs.debian.org:
>>
>>> found 875911 5.13.0+dfsg-1~exp3
> 
> Could I ask you to explain that a bit more verbose?
> 
> The required install scripts (postinst preinst prerm) are there, so the
> conversion should work.

You shouldn't add duplicate copies of the maintainer scripts, but use
debian/$package.maintscript instead and let debhelper do the
duplication. See dh_installdeb(1) for details.
And you can omit the package name argument if it's the same as $package.

>From commit 26e01b3d20b6 I'm concluding that all the prior-versions you
used are wrong. If 5.13.0+dfsg-1 shipped a wrong version there (and
therefore the transition didn't take place when upgrading from ... to
... to 5.13.0+dfsg-1~exp3 to 5.13.0+dfsg-1), it should have been set to
5.13.0+dfsg-2~ (i.e. not the version that initially brought the change
in the filesystem, but the version that adds the correct
dpkg-maintscript-helper symlink_to_dir call) in the fixing upload of
5.13.0+dfsg-2 (so the conversion would be attempted again while
upgrading to 5.13.0+dfsg-2, but since 5.13.0+dfsg-1~exp2~ is older than
5.13.0+dfsg-1, nothing would be retried and the broken state would be
left in place).

So assuming the next upload will be 5.13.0+dfsg-4, use 5.13.0+dfsg-4~ as
the prior-version in all *.maintscript files (this will ensure the
upgrade path from stable to unstable will do the symlink_to_dir
transition once and correctly, regardless of which intermediate versions
from sid and experimental have been installed).

Reopening again, since this problem also exists in python-plplot,
libplplot-ocaml, plplot-tcl-bin, plplot-tcl-dev (found in testing->sid
and stable->sid upgrade tests). Reusing this bug report instead of
opening a new, since this is still the same issue.
(I initially filed two bugs against the same source package since I
didn't recognize libqsastime* was related to *plplot*.)


Andreas

Bug#875951: pyjwt: new upstream version available

[Daniele Tricoli]

Hi Salvatore,

On Tuesday, September 19, 2017 8:37:14 PM CEST Salvatore Bonaccorso wrote:
> Well actually I did not do that, but Moritz picked it up.

Oh, many thanks to Moritz then!
 
> If you plan to upload new version soonish I can as well cancel my NMU
> for unstable, or, preferably speed it up, by rescheduling and having
> the NMU integrated into the changelog.
> 
> What you prefer, for now I leave it in the delayed queue.

It took more time to update the package (I had also to repack orig tarball
due bytecode shipped by upstread that was making tests fails on CI - I tested
them on Debomatic) but I'm ready to upload it.
Actually I have this in the changelog:
https://anonscm.debian.org/cgit/python-modules/packages/pyjwt.git/tree/debian/changelog
But consider the line about CVE-2017-11424 a reminder: please can you speed up
and upload the NMU version? I will acknowledge the NMU updating the changelog
accordingly: removing that part and including the changelog entry from NMU.

Many thanks!

Kind regards,

-- 
 Daniele Tricoli 'eriol'
 https://mornie.org

signature.asc
Description: This is a digitally signed message part.

Bug#869806: Update

[Adam Borowski]

On Sun, Sep 24, 2017 at 11:04:35PM +, Julien Hartmann wrote:
> I updated the package from upstream release, which accounts for
> feedback from Adam. Thanks again to him for the time he took to try it
> despite not having the relevant hardware to test.
> 
>   * Compilation on non-x86 platforms should be fixed (tested on arm64).
> 
> New version is 0.5.0-1. It can be downloaded with
> 
> dget -x 
> https://mentors.debian.net/debian/pool/main/k/keyleds/keyleds_0.5.0-1.dsc

Cool!

> >> I see you're going to have trouble finding someone who can meaningfully
> >> review the package: it can't be tested without relevant hardware.  I for 
> >> one
> >> have a non-gaming Logitech keyboard, this daemon doesn't speak to it (not
> >> surprising -- no LEDs other than Num/Caps/Scroll).

For the bug log: I will _not_ sponsor this.

The way the daemon is started and integrated is quite complex, I don't
really know how it should be done, thus without a way to test any review
I can do would be worthless.  This differs from an untestable package
with generic packaging (like some s390-only thingy I just uploaded).

I'd recommend bothering someone who has a clue about udev and DE startup.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ I've read an article about how lively happy music boosts
⣾⠁⢰⠒⠀⣿⡁ productivity.  You can read it, too, you just need the
⢿⡄⠘⠷⠚⠋⠀ right music while doing so.  I recommend Skepticism
⠈⠳⣄ (funeral doom metal).

Bug#869658: linux: system freezes when dell-smm-hwmon reads fan speed

[Ben Hutchings]

On Sat, 2017-08-05 at 21:15 +0200, Carmelo C wrote:
> In my system, dell-smm-hwmon is linked to the following folder:
> 
> /sys/class/hwmon/hwmon2/
> 
> The freeze occurs only when I type the following commands:
> 
> cat /sys/class/hwmon/hwmon2/fan1_input
> cat /sys/class/hwmon/hwmon2/fan2_input
> cat /sys/class/hwmon/hwmon2/fan3_input
> 
> In these commands, the freeze does not occur:
> 
> cat /sys/class/hwmon/hwmon2/temp1_input
> cat /sys/class/hwmon/hwmon2/temp2_input
> cat /sys/class/hwmon/hwmon2/temp3_input
> cat /sys/class/hwmon/hwmon2/temp4_input
> 
> In this link, more information:
> https://bugzilla.kernel.org/show_bug.cgi?id=112021

That bug report relates to label attributes, and is fixed.  It's not
the same as this bug.

Ben.

-- 
Ben Hutchings
If the facts do not conform to your theory, they must be disposed of.



signature.asc
Description: This is a digitally signed message part

Bug#876694: clang-5.0: clangd-5.0 segfault

[Damien R.]

Package: clang-5.0
Version: 1:5.0-2
Severity: important

Launching clangd-5.0 failed with the following output:
clangd-5.0: /build/llvm-toolchain-5.0-5.0/lib/Support/CommandLine.cpp:293: void 
{anonymous}::CommandLineParser::registerCategory(llvm::cl::OptionCategory*): 
Assertion `count_if(RegisteredOptionCategories, [cat](const OptionCategory 
*Category) { return cat->getName() == Category->getName(); }) == 0 && 
"Duplicate option categories"' failed.
Aborted (core dumped

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages clang-5.0 depends on:
ii  binutils 2.29.1-3
ii  libc62.24-17
ii  libc6-dev2.24-17
ii  libclang-common-5.0-dev  1:5.0-2
ii  libclang1-5.01:5.0-2
ii  libgcc-7-dev 7.2.0-7
ii  libgcc1  1:7.2.0-7
ii  libjsoncpp1  1.7.4-3
ii  libllvm5.0   1:5.0-2
ii  libobjc-7-dev7.2.0-7
ii  libstdc++-7-dev  7.2.0-7
ii  libstdc++6   7.2.0-7
ii  libtinfo56.0+20170902-1
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages clang-5.0 recommends:
ii  llvm-5.0-dev  1:5.0-2
ii  python2.7.14-1

Versions of packages clang-5.0 suggests:
pn  clang-5.0-doc  
pn  gnustep
pn  gnustep-devel  
pn  libomp-dev 

-- no debconf information