date:20141209

Processing commands for cont...@bugs.debian.org:

 severity 770655 serious
Bug #770655 [src:git] git FTBFS: failure in t9500-gitweb-standalone-no-errors.sh
Severity set to 'serious' from 'important'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
770655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770655
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772630: djmount fails to build from source

2014-12-09 Thread Patrick Häcker

Package: djmount
Version: 0.71-6
Severity: serious
Justification: Policy 4.9 (Package does not successfully run build)

Dear Maintainer,

djmount FTBFS on Jessie (amd64) during linking. The last warning before the 
error:

fuse_main.c: In function ‘main’:
fuse_main.c:621:2: warning: implicit declaration of function 
‘UpnpSetLogFileNames’ [-Wimplicit-function-declaration]
  UpnpSetLogFileNames (/dev/null, /dev/null);

The error:

/usr/bin/ld: log.o: relocation R_X86_64_32 against `.bss' can not be used when 
making a shared object; recompile with -fPIC
log.o: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
Makefile:477: recipe for target 'djmount' failed

Kind regards
Patrick

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'stable'), (500, 
'testing-proposed-updates'), (400, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages djmount depends on:
ii  fuse2.9.3-15+b1
ii  libc6   2.19-13
ii  libfuse22.9.3-15+b1
ii  libtalloc2  2.1.1-2
ii  libupnp61:1.6.19+git20141001-1

djmount recommends no packages.

djmount suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772632: OpenSSL security/interop recommendations

2014-12-09 Thread Daniel Pocock

Package: repro
Version: 1.9.7-1
Severity: serious

After discussion on debian-security, two specific issues have been
identified[1] that have an impact on security support and
interoperability with TLS:

a) avoiding the TLSv1_method in the OpenSSL API and just using SSLv23_method

b) not trying to use TLS 1.2 when acting as a client as there are
sometimes problems with the way some servers respond[2]

Point (a) was fixed more comprehensively in the upstream 1.9.8 release
but can be fixed with a more concise and targetted patch for jessie.

Point (b) was not addressed upstream yet but is also trivial to address
in a manner that is suitable for the freeze process.


1. https://lists.debian.org/debian-security/2014/12/msg00032.html

2. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051#28


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771092: libuuid1: moreinfo

2014-12-09 Thread Andreas Henriksson

Hello again Niels!

On Tue, Dec 09, 2014 at 06:32:18AM +0100, Niels Thykier wrote:
[...]
  The buildd chroot upgrade seems to run the migration code and then
  somehow throw away all the resulting user/group modifications, so that
  on next package upgrade the migration runs again (and again, ...).
  
 
 This seems like plausible explanation given we tend to use throw-away
 chroots or lvm-snapshots.  So if this problem only appears on buildds
 (or in other throw-ways environments), I guess you are just missing a
 Depends after all.
 
 We can have the buildds upgraded post Jessie, before you remove the
 migration code.  I cannot recommend it now, as gcc has a new version in
 unstable that could cause issues for other packages (that could pick up
 a dependency on the newer gcc).
[...]

I have absolutely no idea how the buildds work, but I imagine it's
overall somewhat similar to how pbuilder handles chroots.

ie. throw away chroots for builds, a pristine chroot as a base.

With pbuilder you simply pbuilder --update to update the pristine
chroot without throwing away the changes.

This second part is not working correctly on the buildds, as they keep
the upgraded package but throws away the usermod/groupmod changes done
in the maintainer scripts.

This means the throwaway chroot comes with a pre-installed
version of src:util-linux packages which should have already done
the migration of the user, but hasn't

Are you saying that the buildds somehow copies the user/group
database from the host (which is not yet running jessie?)?
That would be weird

I could add a pre-condition check in postinst to detect if we are
upgrading *from* a version which should already have migrated but
somehow haven't and bail out. I guess that would be an effective way
to halt all buildds and I bet the release team wouldn't appreciate that
right now... On the other hand I bet it would be an effective way of
getting attention and feedback on the issue. :P

Not sure how to proceed from here. Do we even know if this issue is
isolated to only the Debian buildds? If so, I guess we could argue
that the chroots provided are corrupt and buildd admins gets to
fix up the mess when we open up Stretch.

Regards,
Andreas Henriksson


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772127: marked as done (many qemu-system-* targets does not work due to missing firmware)

Your message dated Tue, 09 Dec 2014 11:04:21 +
with message-id e1xyiab-00043w...@franck.debian.org
and subject line Bug#772127: fixed in qemu 2.1+dfsg-10
has caused the Debian Bug report #772127,
regarding many qemu-system-* targets does not work due to missing firmware
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772127: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772127
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: qemu-system
Version: 2.1+dfsg-3
Severity: serious

Many qemu-system-* system-mode emulators don't work anymore because
they can't find firmware files.

For example, many even non-x86 systems can have PCI VGA/video cards,
which needs firmware (vgabios).  Alpha, mips*, ppc*, sparc64 (besides
x86) are example architectures which use vgabios - either just stdvga
or several variants.

Aarch64, alpha, arm, mips*, ppc*, sh4*, sparc64 use pxe boot roms.

This has been partially broken since 1.3.0+dfsg-5exp version, when a
monolythic qemu-system package has been split into several arch-specific
subpackages.  At that time, everything worked as long as qemu-system-x86
package has been installed, since it provided the required symlinks in
/usr/share/qemu/ and other packages was able to find firmware using these
symlinks.  Not ideal solution ofcourse, but since -x86 is almost always
installed, this bug hasn't been noticed before.

And all these systems are completely broken since 2.1+dfsg-3, when
firmware handling has been modified in debian qemu package and qemu-system-x86
does not provide the symlinks anymore.

The solution is to set standard search path for all systems, not depending
on the architecture, and add recommends/suggests on seabios and ipxe-qemu
packages to these systems.

/mjt
---End Message---
---BeginMessage---
Source: qemu
Source-Version: 2.1+dfsg-10

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev m...@tls.msk.ru (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 09 Dec 2014 13:47:36 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm 
qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user 
qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 2.1+dfsg-10
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team pkg-qemu-de...@lists.alioth.debian.org
Changed-By: Michael Tokarev m...@tls.msk.ru
Description:
 qemu   - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 772127
Changes:
 qemu (2.1+dfsg-10) unstable; urgency=medium
 .
   * make (debian-specific) x86 data path (with seabios and ipxe
 in it) non-x86-specific, since other arches use firmware
 files too (Closes: #772127)
   * add seabios to Recommends to qemu-system-misc, qemu-system-mips,
 qemu-system-ppc and qemu-system-sparc packages, because these
 packages contains emulators using vgabios which is part of
 seabios package (#772127).
   * add ipxe-qemu to Recommends to qemu-system-misc, qemu-system-arm,
 qemu-system-mips, qemu-system-ppc, qemu-system-sparc packages,
 because

Bug#772623: imapfilter: Fails to connect to imap mailboxes

2014-12-09 Thread Francesco P. Lovergine

severity 772623 important
tag 772623 + moreinfo
thanks

It seems a problem due to your specific configuration. 
Please provide config.lua and a verbose session.

On Tue, Dec 09, 2014 at 10:04:40AM +0100, Johannes Fichtinger wrote:
 Package: imapfilter
 Version: 1:2.5.2-2
 Severity: grave
 Justification: renders package unusable
 
 Dear Maintainer,
 
 After a recent update of Debian testing, imapfilter fails to login into 
 mailboxes. The following error message is shown: 
 
 imapfilter: error while initiating connection to IMAPSERVER at port 993
 imapfilter: login request to MYACCOUNT failed
 
 Before the most recent system updates in testing, i.e. before the 8/12/2014 
 3:00 CET, everything worked well. Please note that login to the very same 
 mailboxes from other emailclients on the same machine works flawlessly.
 
 There is a new version available upstream - maybe packaging that one could 
 help for this issue?
 
 I am more than happy to provide you with additional info if requested.
 
 
 -- System Information:
 Debian Release: 8.0
   APT prefers testing
   APT policy: (500, 'testing')
 Architecture: amd64 (x86_64)
 
 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
 Shell: /bin/sh linked to /bin/dash
 Init: sysvinit (via /sbin/init)
 
 Versions of packages imapfilter depends on:
 ii  libc62.19-13
 ii  liblua5.2-0  5.2.3-1.1
 ii  libpcre3 1:8.35-3.1
 ii  libssl1.0.0  1.0.1j-1
 
 imapfilter recommends no packages.
 
 imapfilter suggests no packages.
 
 -- no debconf information
 
 

-- 
Francesco P. Lovergine


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#772623: imapfilter: Fails to connect to imap mailboxes

Processing commands for cont...@bugs.debian.org:

 severity 772623 important
Bug #772623 [imapfilter] imapfilter: Fails to connect to imap mailboxes
Severity set to 'important' from 'grave'
 tag 772623 + moreinfo
Bug #772623 [imapfilter] imapfilter: Fails to connect to imap mailboxes
Added tag(s) moreinfo.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
772623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#753219: (no subject)

2014-12-09 Thread Erwan Prioul


Dear Maintainer,

The attached patch fix the line separator issue (thx to Juhani) and also 
replaces autotools-dev with dh-autoreconf (to follow this 
recommandation[1]).


Thanks for considering the patch.

Erwan Prioul.


[1] 
https://wiki.debian.org/qa.debian.org/FTBFS#A2014-01-21_using_dh-autoreconf_during_the_build
diff -Naur a/debian/control b/debian/control
--- a/debian/control2014-09-11 15:19:25.432629600 +0200
+++ b/debian/control2014-09-11 15:58:31.768504894 +0200
@@ -4,7 +4,7 @@
 Maintainer: Mohammed Sameer msam...@debian.org
 Build-Depends: autoconf,
automake1.11,
-   autotools-dev,
+   dh-autoreconf,
debhelper (= 7.1),
iso-codes,
libbz2-dev,
diff -Naur a/debian/patches/fix_tooltip_crash.patch 
b/debian/patches/fix_tooltip_crash.patch
--- a/debian/patches/fix_tooltip_crash.patch2014-09-11 15:19:25.456629598 
+0200
+++ b/debian/patches/fix_tooltip_crash.patch2014-09-11 15:34:16.460582242 
+0200
@@ -1,4 +1,5 @@
-Use the new Gtk::Tooltip API instead of the old Gtk::Tooltips API--- 
a/src/toolbar.cc
+Use the new Gtk::Tooltip API instead of the old Gtk::Tooltips API
+--- a/src/toolbar.cc
 +++ b/src/toolbar.cc
 @@ -94,26 +94,21 @@
  #endif
diff -Naur a/debian/patches/replace_fribidi-config_pkg-config.patch 
b/debian/patches/replace_fribidi-config_pkg-config.patch
--- a/debian/patches/replace_fribidi-config_pkg-config.patch2014-09-11 
15:19:25.456629598 +0200
+++ b/debian/patches/replace_fribidi-config_pkg-config.patch2014-09-11 
15:34:16.460582242 +0200
@@ -1,4 +1,5 @@
-fribidi only ships fribidi.pc now. Patched configure.in--- a/configure.in
+fribidi only ships fribidi.pc now. Patched configure.in
+--- a/configure.in
 +++ b/configure.in
 @@ -145,14 +145,8 @@
  fi
diff -Naur a/debian/rules b/debian/rules
--- a/debian/rules  2014-09-11 15:19:25.444629599 +0200
+++ b/debian/rules  2014-09-11 15:42:45.264555200 +0200
@@ -4,9 +4,10 @@
 #export DH_VERBOSE=1
 
 export AUTOMAKE = automake-1.11
+export ACLOCAL = aclocal-1.11
 
 %:
-   dh $@ --with quilt,autotools_dev
+   dh $@ --with quilt,autoreconf
 
 override_dh_auto_configure:
autoreconf -i

Bug#766670: RC bug in stable and oldstable for getmail4

2014-12-09 Thread Osamu Aoki

Hi,

On Mon, Dec 08, 2014 at 03:41:57PM +0100, Raphael Hertzog wrote:
 Hi,
 
 On Mon, 08 Dec 2014, Osamu Aoki wrote:
  Si I should change getmail4 (4.46.0-1~deb7u1) wheezy-security as:
   * Version: 4.46.0-1~deb6u1   change
   * target: squeeze-security   change
 
 target is squeeze-lts in fact but there are no queues in front of that
 repository, what you upload is directly installed (like in unstable).

Fixed this and ...
 * Policy changed to 3.9.1 from 3.9.4
 * unknown-field-in-control multi-arch -- removed stanza
 
  Looks like it is not so complicated :-)

I initially thought --with python2 was not available but it is
available. Backporting was not so difficult after all. 

 Feel free to make the package available somewhere and I can take care of
 sending it together with the Debian LTS Advisory on
 debian-lts-annou...@lists.debian.org.

OK.  I signed with my latest GPG key with the new debsign command in
jessie.

I made a big tarball containing all files and debdiff results:
   https://people.debian.org/~osamu/debmake-140721.tar.xz

Debdiffs included are against wheezy-security package.

Regards,

Osamu


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: severity of 721737 is grave

Processing commands for cont...@bugs.debian.org:

 severity 721737 grave
Bug #721737 [nis] nis: segfault in yppasswd when using shadow
Severity set to 'grave' from 'normal'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
721737: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721737
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#766670: RC bug in stable and oldstable for getmail4

2014-12-09 Thread Osamu Aoki

On Tue, Dec 09, 2014 at 10:05:08PM +0900, Osamu Aoki wrote:
...

 OK.  I signed with my latest GPG key with the new debsign command in
 jessie.

Note:
 Package itself is build in the squeeze chroot as expected.  
 Only the signiture was made under jessie.

Osamu


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770695: Found fix


On Sat, 6 Dec 2014, Chris Gilbert wrote:


Hey guys,

I banged away at this for a bit, not fully familiar with package development.



Thanks so much for working on this.  Your effort is greatly appreciated.


I found through copious use of echos near the end I found it was
simply hanging once complete, and ps showed it waiting for no obvious
reason.

I was able to resolve this by adding a db_stop to the end of the
postinst script.


Yes it is debconf which is hanging but why? After -6 there should be no 
more debconf questions in the package.  Yet you have clearly shown that 
debconf is in fact waiting for a question in some cases.  Perhaps there is 
a more complete/cleaner solution but for now I have added back the call to 
db_stop as you suggest in -9 which I shall be uploading shortly.  Please 
test it and let me know if it solves the problem.


--
Jaldhar H. Vyas jald...@debian.org


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#768730: python-mne REMOVED from testing

2014-12-09 Thread Yaroslav Halchenko


On Tue, 09 Dec 2014, Alexandre Gramfort wrote:
 hi,

 yes I have seen this sad news.

 Let me know what I can do to help. I've sent the patch to fix v0.8.4
 in a previous thread.

patches are nice... for me what is even better a complete state of
endeavors with a tested to be built package (and a pointer to .dsc
package).  That is how I guess I have missed that note about patch
pointing to a commit -- just was busy (and traveling then at SfN where
we hosted (Neuro)Debian booth -- lots of pamphlets with mne-python found
their interested readers btw)

if someone preps/tests -- I can upload and buzz debian-release (unless
now rested Andreas wants to take over).  If they do not agree to
accept -- no harm is done in my world:

 Otherwise we could package v0.8.6 which hopefully fixes the error.

which is already available from NeuroDebian and that is what I care a
bit more ATM than about jessie unfortunately -- shortage of time and
lack of eager motivation due to some preceding events and already a good
set of worthwhile packages/versions not being part of the stock jessie.

-- 
Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Research Scientist,Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834   Fax: +1 (603) 646-1419
WWW:   http://www.linkedin.com/in/yarik


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770695: Dovecot-core unable to finish its installation


On Fri, 5 Dec 2014, Bob Proulx wrote:



How would previous changes to that file explain the current hang upon
a --reinstall?  At the present time the only changes I have
outstanding are in the 10-mail.conf file.



My theory was that somehow ucf was not registering that file in its 
database but never mind thats not it.


Debian user Chris Gilbert did some testing on his own and found that 
explicitly stopping debconf prevents the hang.  From my understanding of 
how it is supposed to work that shouldn't be necessary but apparently it 
works so lets try it.  I have prepared -9 which I shall be uploading 
shortly.  Please try it and let me know if it works.


--
Jaldhar H. Vyas jald...@debian.org


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: your mail

Processing commands for cont...@bugs.debian.org:

 reassign 772114 iceweasel 31.3.0esr-1~deb7u1
Bug #772114 [zotero-standalone] zotero-standalone: zotero does not start anymore
Bug reassigned from package 'zotero-standalone' to 'iceweasel'.
No longer marked as found in versions zotero-standalone-build/4.0.22-1~bpo70+1.
Ignoring request to alter fixed versions of bug #772114 to the same values 
previously set
Bug #772114 [iceweasel] zotero-standalone: zotero does not start anymore
Marked as found in versions iceweasel/31.3.0esr-1~deb7u1.

End of message, stopping processing here.

Please contact me if you need assistance.
-- 
772114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772114
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770695: Dovecot-core unable to finish its installation

We may have a possible solution.  I shall shortly be uploading -9.  Please 
try it and let me know if it works for you.


--
Jaldhar H. Vyas jald...@debian.org


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772639: squirrelmail: Can't login courier imap server

2014-12-09 Thread Tomoo Nomura

Package: squirrelmail
Version: 2:1.4.23~svn20120406-2
Severity: serious
Tags: patch
Justification: 4

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

When login from squirrelmail to imap server, the server rejects the request due 
to Unknown user or invalid password.
The reason is that squirrelmail sents incorrect password to the server.
Squirrelmail gets the password through encryption and decryption. In a process 
of decription, squirrelmail drops some characters of the password.

Here is the patch.
*** strings.php.orig2014-12-09 22:08:47.0 +0900
--- strings.php 2014-12-09 22:17:06.0 +0900
***
*** 470,476 
  
  $encrypted = base64_decode ($string);
  $decrypted = '';
! for ($i = 0; $i  strlen ($encrypted); $i++) {
  $decrypted .= chr (ord($encrypted[$i]) ^ ord($pad[$i]));
  }
  return $decrypted;
--- 470,481 
  
  $encrypted = base64_decode ($string);
  $decrypted = '';
! /* The length must be that of before encryption.
!The original, however, counts that of after encryption. 
!It is necessary to count the real length here.
!   2014-12-09 Tomoo Nomura */
! for ($i = 0; $i  100; $i++) {
! if ( $encrypted[$i] ==  ) break;
  $decrypted .= chr (ord($encrypted[$i]) ^ ord($pad[$i]));
  }
  return $decrypted;



-- System Information:
Debian Release: 7.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages squirrelmail depends on:
ii  apache2  2.2.22-13+deb7u3
ii  apache2-mpm-prefork [httpd]  2.2.22-13+deb7u3
ii  libapache2-mod-php5  5.4.4-14+deb7u12
ii  perl 5.14.2-21+deb7u1
ii  php5 5.4.4-14+deb7u12

Versions of packages squirrelmail recommends:
ii  ispell3.3.02-6
ii  php5-common [php5-mhash]  5.4.4-14+deb7u12
ii  squirrelmail-locales  1.4.18-20090526-1
ii  squirrelmail-viewashtml   3.8-3

Versions of packages squirrelmail suggests:
ii  courier-imap [imap-server]  4.10.0-20120615-1
pn  imapproxy   none
pn  php-pearnone
ii  php5-ldap   5.4.4-14+deb7u12
pn  php5-recode none
pn  squirrelmail-decode none

-- Configuration Files:
/etc/squirrelmail/filters_setup.php changed:
?php
/**
 * Message and Spam Filter Plugin - Setup script
 *
 * This plugin filters your inbox into different folders based upon given
 * criteria.  It is most useful for people who are subscibed to mailing lists
 * to help organize their messages.  The argument stands that filtering is
 * not the place of the client, which is why this has been made a plugin for
 * SquirrelMail.  You may be better off using products such as Sieve or
 * Procmail to do your filtering so it happens even when SquirrelMail isn't
 * running.
 *
 * If you need help with this, or see improvements that can be made, please
 * email me directly at the address above.  I definately welcome suggestions
 * and comments.  This plugin, as is the case with all SquirrelMail plugins,
 * is not directly supported by the developers.  Please come to me off the
 * mailing list if you have trouble with it.
 *
 * Also view plugins/README.plugins for more information.
 *
 * @version $Id: setup.php 14248 2012-01-02 00:18:17Z pdontthink $
 * @copyright (c) 1999-2012 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @package plugins
 * @subpackage filters
 */
/** SquirrelMail required files. */
require_once(SM_PATH . 'plugins/filters/filters.php');
/**
 * Imap connection control
 *
 * Set this to true if you have problems -- check the README file
 * Note:  This doesn't work all of the time (No idea why)
 *Seems to be related to UW
 * @global bool $UseSeparateImapConnection
 */
global $UseSeparateImapConnection;
$UseSeparateImapConnection = false;
/**
 * User level spam filters control
 *
 * Set this to false if you do not want the user to be able to enable
 * spam filters
 * @global bool $AllowSpamFilters
 */
global $AllowSpamFilters;
$AllowSpamFilters = true;
/**
 * SpamFilters YourHop Setting
 *
 * Set this to a string containing something unique to the line in the
 * header you want me to find IPs to scan the databases with.  For example,
 * All the email coming IN from the internet to my site has a line in
 * the header that looks like (all on one line):
 * Received: [from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net
 *[216.136.171.252]) by firewall.persistence.com (SYSADMIN-antispam
 * 0.2) with
 * Since this line indicates the FIRST hop the email takes into my network,
 * I set my SpamFilters_YourHop to 'by firewall.persistence.com' but

Bug#770695: Dovecot-core unable to finish its installation


On Sun, 7 Dec 2014, Michael Hatzold wrote:



This bug report applies to the latest ***four versions*** of dovecot-core 
(and

maybe to dovecot-imapd), no problems with earlier versions:


They are all using the same postinst code.  Let us concentrate on 2.2.13 
for now as this is the version that will go into Jessie.  I have prepared 
2.2.13-9 which I shall be uploading (to unstable) shortly.  Please try it 
and let me know if it fixes the problem.  If it does, I will prepare a new 
version of 2.2.15 (still for experimental.)



--
Jaldhar H. Vyas jald...@debian.org


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772641: apt: E: Setting TIOCSCTTY for slave fd fd failed when run as a session leader

2014-12-09 Thread Apollon Oikonomopoulos

Package: apt
Version: 1.0.9.4
Severity: serious
Justification: Regression, breaks other software (e.g. puppet)

Dear Maintainer,

apt 1.0.9.4 does not work correctly when run as a session leader, 
reporting a failed ioctl on the pty used by dpkg. When called by puppet, 
it emits the following output:

  Error: Execution of '/usr/bin/apt-get -q -y -o 
DPkg::Options::=--force-confold install ntpdate' returned : Reading package 
lists...
  Building dependency tree...
  Reading state information...
  Recommended packages:
lockfile-progs
  The following NEW packages will be installed:
ntpdate
  0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  Need to get 0 B/74.1 kB of archives.
  After this operation, 233 kB of additional disk space will be used.
  E: Setting TIOCSCTTY for slave fd 18 failed! - ioctl (1: Operation not 
permitted)
  Selecting previously unselected package ntpdate.
  (Reading database ... 46412 files and directories currently installed.)
  Preparing to unpack .../ntpdate_1%3a4.2.6.p5+dfsg-3.1+b1_amd64.deb ...
  Unpacking ntpdate (1:4.2.6.p5+dfsg-3.1+b1) ...
  Processing triggers for man-db (2.7.0.2-3) ...
  E: Setting TIOCSCTTY for slave fd 18 failed! - ioctl (1: Operation not 
permitted)
  Setting up ntpdate (1:4.2.6.p5+dfsg-3.1+b1) ...

Apart from the error message, it also appears that apt is trying to close its
own control terminal, thus SIGHUP'ing itself, signaling an unclean exit:

23631 open(/dev/pts/2, O_RDWR|O_CLOEXEC) = 19
...
23631 close(19) = 0
23631 close(18) = 0
23631 --- SIGHUP {si_signo=SIGHUP, si_code=SI_KERNEL} ---
23631 +++ killed by SIGHUP +++

This has the side-effect of puppet marking the package installation as failed
and all downstream dependencies as unsatisfied.

This behavior was introduced in commit 299aea924c and can be trivially 
reproduced using setsid:

 # setsid -w apt-get install sm /dev/null
 Reading package lists... Done
 Building dependency tree   
 Reading state information... Done
 The following NEW packages will be installed:
   sm
 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded.
 Need to get 0 B/21,3 kB of archives.
 After this operation, 108 kB of additional disk space will be used.
 dpkg-preconfigure: unable to re-open stdin: No such file or directory
 E: Setting TIOCSCTTY for slave fd 38 failed! - ioctl (1: Operation not 
permitted)
 Selecting previously unselected package sm.
 (Reading database ... 411612 files and directories currently installed.)
 Preparing to unpack .../archives/sm_0.22.1-2_amd64.deb ...
 Unpacking sm (0.22.1-2) ...
 Processing triggers for hicolor-icon-theme (0.13-1) ...
 Processing triggers for man-db (2.7.0.2-3) ...
 Processing triggers for menu (2.1.47) ...
 Processing triggers for mime-support (3.57) ...
 Processing triggers for desktop-file-utils (0.22-1) ...
 E: Setting TIOCSCTTY for slave fd 38 failed! - ioctl (1: Operation not 
permitted)
 Setting up sm (0.22.1-2) ...
 Processing triggers for menu (2.1.47) ...
 setsid: child 5136 did not exit normally: Success
 
Regards,
Apollon

-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2014.3
ii  gnupg   1.4.18-4
ii  libapt-pkg4.12  1.0.9.4
ii  libc6   2.19-13
ii  libgcc1 1:4.9.1-19
ii  libstdc++6  4.9.1-19

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc none
ii  aptitude0.6.11-1+b1
ii  dpkg-dev1.17.21
ii  python-apt  0.9.3.11

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770448: marked as done (Setting up libpam-modules-bin (1.1.8-3.1) hangs forever)

Your message dated Tue, 9 Dec 2014 15:17:32 +0100
with message-id 20141209141732.ga28...@gaara.hadrons.org
and subject line Re: Bug#770448: reassigning to dpkg (Setting up 
libpam-modules-bin (1.1.8-3.1) hangs forever with dpkg using 100% cpu)
has caused the Debian Bug report #770448,
regarding Setting up libpam-modules-bin (1.1.8-3.1) hangs forever
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
770448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
package: libpam-modules-bin
version: 1.1.8-3.1
severity: important
x-debbugs-cc: upgrade-repo...@bugs.debian.org
User: debian...@lists.debian.org
Usertags: jenkins

https://jenkins.debian.net/view/d-i_manual/job/chroot-installation_wheezy_install_education-thin-client-server_upgrade_to_jessie/5/console
and 
https://jenkins.debian.net/view/d-i_manual/job/chroot-installation_wheezy_install_education-workstation_upgrade_to_jessie/5/console
(and several attempts before) hang forever at 

Preparing to unpack .../libpam-modules-bin_1.1.8-3.1_amd64.deb ...
Unpacking libpam-modules-bin (1.1.8-3.1) over (1.1.3-7.1) ...
Replacing files in old package libpam-modules:amd64 (1.1.3-7.1) ...
Setting up libpam-modules-bin (1.1.8-3.1) ...

I don't see any useful hint whats happening when looking at the processes:

29258 ?S  0:00  \_ /bin/sh -xe /tmp/hudson8147454957601885791.sh
29272 ?S  0:00  |   \_ /bin/bash 
/srv/jenkins/bin/chroot-installation.sh wheezy education-thin-client-server 
jessie
29308 ?S  0:00  |   \_ /usr/bin/python 
/srv/jenkins/bin/setsid.py /tmp/jenkins-script-ObHlitjD wheezy 
education-thin-client-server jessie
29325 ?Ss 0:00  |   \_ /bin/bash 
/tmp/jenkins-script-ObHlitjD wheezy education-thin-client-server jessie
39022 ?S  0:00  |   \_ sudo chroot 
/chroots/chroot-installation-wheezy.yru9xUhsR /tmp/tmp.7L3G0jVHmA
39023 ?S  0:00  |   \_ /bin/sh 
/tmp/tmp.7L3G0jVHmA
12963 ?S  0:08  |   \_ apt-get -yf 
dist-upgrade
57306 ?R124:55  |   \_ /usr/bin/dpkg 
--status-fd 17 --unpack --auto-deconfigure 
/var/cache/apt/archives/libpam-modules_1.1.8-3.1_amd64.deb

/proc is mounted inside the chroot but nothing else:

root@jenkins:~# mount|grep chroot-installation-wheezy.yru9xUhsR
/proc on /srv/workspace/chroots/chroot-installation-wheezy.yru9xUhsR/proc type 
proc (rw,relatime)
binfmt_misc on 
/srv/workspace/chroots/chroot-installation-wheezy.yru9xUhsR/proc/sys/fs/binfmt_misc
 type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
root@jenkins:~# 

(I'm using plain /usr/sbin/chroot here, not /usr/bin/schroot.)

OTOH, 
https://piuparts.debian.org/wheezy2jessie/pass/libpam-modules-bin_1.1.8-3.1.log
does the upgrade just fine, so maybe this bug should only be of severity 
important,
filing as such, please upgrade the severity if you think thats appropriate.

Thanks for maintaining pam!


signature.asc
Description: This is a digitally signed message part.
---End Message---
---BeginMessage---
Version: 1.17.22

On Sun, 2014-12-07 at 13:43:36 +0100, Niels Thykier wrote:
 On 2014-12-07 12:50, Holger Levsen wrote:
  control: severity -1 serious
  control: reassign -1 dpkg

  reassigning to dpkg, as this is the hanging process here. Several people 
  have 
  now reported they have seen this issue on there systems... (here and also 
  via 
  irc.)
  
  If you disagree please reassign to upgrade-reports, not qa.debian.org.

 For reference, dpkg is upgraded to 1.17.21 before the problem occurs.
 
 It is possible that this is fixed in dpkg 1.17.22 (which is not in Jessie).

I've confirmed now on Christian Grothoff's box that this was fixed in
dpkg 1.17.22, with commit 9a9ba74915876449b1fe20d4b76ab759f7d09d86
for #768852.

(Thanks Christian for the access, it was a very helpful and quick way
to reproduce this, instead of having to download GiBs of data over the
net, and wait hours for the thing to install and upgrade. I've only
fixed the immediate apt issue and gotten dpkg 1.17.22 installed, w/o
doing the full dist-upgrade, I've cleaned after myself, and you can
remove my access now, thanks again!)

Regards,
Guillem---End Message---

Bug#772644: MiniUPnPd is vulnerable to DNS rebinding attacks

2014-12-09 Thread Thomas Goirand

Package: miniupnpd
Version: 1.8.20140523-3
Severity: grave
Tags: security patch

Stephen Röttger from Google did a security audit of MiniUPnPd, and found a few
issues, all now fixed upstream.

Extract from private messages who were forwarded to me (but which is fine to
disclose since there's already some public commits.

 MiniUPnP is vulnerable to DNS rebinding attacks which allows an attacker to
 trigger upnp actions through a malicious website. Wikipedia describes the
 attack quite well: http://en.wikipedia.org/wiki/DNS_rebinding.
 To mitigate this attack, MiniUPnP should check if the request's host header
 either contains an IP address or the hostname of the device.
 
 Besides that, I found a few memory corruption vulnerabilities in the code.

Fixes:

https://github.com/miniupnp/miniupnp/commit/d00b75782e7d73e78d0b935cee6f4873bc48c9e8
https://github.com/miniupnp/miniupnp/commit/7c91c4e933e96b913b72685d093126d282b87db6

Some memory corruption fix:

https://github.com/miniupnp/miniupnp/commit/e6bc04aa06341fa4df3ccae87a167e9adf816911

A buffer overrun in ParseHttpHeaders() fix:

https://github.com/miniupnp/miniupnp/commit/dd39ecaa935a9c23176416b38a3b80d577f21048

Added check if BuildHeader_upnphttp() failed to allocate memory:

https://github.com/miniupnp/miniupnp/commit/ec94c5663fe80dd6ceea895c73e2be66b1ef6bf4

I'm following-up with an upload in a few minutes.
Cheers,

Thomas Goirand (zigo)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772649: unblock: miniupnpd/1.8.20140523-4 (security fix)

2014-12-09 Thread Thomas Goirand

Package: release.debian.org
Severity: grave
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

I have just uploaded a new version of MiniUPnPd which fixes 5 issues that have
been found after a security audit from someone at Google.

Please unblock miniupnpd/1.8.20140523-4.

Cheers,

Thomas Goirand (zigo)
diff -Nru miniupnpd-1.8.20140523/debian/changelog miniupnpd-1.8.20140523/debian/changelog
--- miniupnpd-1.8.20140523/debian/changelog	2014-11-04 09:01:40.0 +
+++ miniupnpd-1.8.20140523/debian/changelog	2014-12-09 14:37:29.0 +
@@ -1,3 +1,9 @@
+miniupnpd (1.8.20140523-4) unstable; urgency=high
+
+  * Fixes multiple vulnerabilities (Closes: #772644).
+
+ -- Thomas Goirand z...@debian.org  Tue, 09 Dec 2014 22:29:04 +0800
+
 miniupnpd (1.8.20140523-3) unstable; urgency=medium
 
   * Do not install the configuration file in /etc/miniupnpd, use /usr/share
diff -Nru miniupnpd-1.8.20140523/debian/patches/0010_fix_upnp_add_inboundpinhole.patch miniupnpd-1.8.20140523/debian/patches/0010_fix_upnp_add_inboundpinhole.patch
--- miniupnpd-1.8.20140523/debian/patches/0010_fix_upnp_add_inboundpinhole.patch	1970-01-01 00:00:00.0 +
+++ miniupnpd-1.8.20140523/debian/patches/0010_fix_upnp_add_inboundpinhole.patch	2014-12-09 14:37:29.0 +
@@ -0,0 +1,43 @@
+Description: miniupnpd/upnppinhole.c: fix upnp_add_inboundpinhole()
+ check inet_pton() return
+Author: Thomas Bernard miniu...@free.fr
+Origin: upstream, https://github.com/miniupnp/miniupnp/commit/d00b75782e7d73e78d0b935cee6f4873bc48c9e8.patch
+Date: Tue, 9 Dec 2014 10:52:26 +0100
+Bug-Debian: https://bugs.debian.org/772644
+Last-Update: 2014-12-09
+
+diff --git a/upnppinhole.c b/miniupnpd/upnppinhole.c
+index 08f1cf6..932bc11 100644
+--- a/upnppinhole.c
 b/upnppinhole.c
+@@ -88,10 +88,10 @@ upnp_check_outbound_pinhole(int proto, int * timeout)
+ #endif
+ 
+ /* upnp_add_inboundpinhole()
+- * returns: 0 on success
+- *  -1 failed to add pinhole
+- *  -2 already created
+- *  -3 inbound pinhole disabled
++ * returns:  1 on success
++ *  -1 Pinhole space exhausted
++ *  -4 invalid arguments
++ * -42 not implemented
+  * TODO : return uid on success (positive) or error value (negative)
+  */
+ int
+@@ -109,10 +109,11 @@ upnp_add_inboundpinhole(const char * raddr,
+ 	unsigned int timestamp;
+ 	struct in6_addr address;
+ 
+-	if(inet_pton(AF_INET6, iaddr, address)  0)
+-	{
+-		syslog(LOG_ERR, inet_pton(%s) : %m, iaddr);
+-		return 0;
++	r = inet_pton(AF_INET6, iaddr, address);
++	if(r = 0) {
++		syslog(LOG_ERR, inet_pton(%d, %s, %p) FAILED,
++		   AF_INET6, iaddr, address);
++		return -4;
+ 	}
+ 	current = time(NULL);
+ 	timestamp = current + leasetime;
diff -Nru miniupnpd-1.8.20140523/debian/patches/0020_check_inet_aton_return.patch miniupnpd-1.8.20140523/debian/patches/0020_check_inet_aton_return.patch
--- miniupnpd-1.8.20140523/debian/patches/0020_check_inet_aton_return.patch	1970-01-01 00:00:00.0 +
+++ miniupnpd-1.8.20140523/debian/patches/0020_check_inet_aton_return.patch	2014-12-09 14:37:29.0 +
@@ -0,0 +1,22 @@
+Description: miniupnpd/upnpredirect.c:  check inet_aton() return
+Author: Thomas Bernard miniu...@free.fr
+Origin: upstream, https://github.com/miniupnp/miniupnp/commit/7c91c4e933e96b913b72685d093126d282b87db6.patch
+Date: Tue, 9 Dec 2014 10:53:52 +0100
+Bug-Debian: https://bugs.debian.org/772644
+Last-Update: 2014-12-09
+
+diff --git a/upnpredirect.c b/upnpredirect.c
+index 5a50c6d..28560ab 100644
+--- a/upnpredirect.c
 b/upnpredirect.c
+@@ -268,8 +268,8 @@ upnp_redirect(const char * rhost, unsigned short eport,
+ 	unsigned int timestamp;
+ 
+ 	proto = proto_atoi(protocol);
+-	if(inet_aton(iaddr, address)  0) {
+-		syslog(LOG_ERR, inet_aton(%s) : %m, iaddr);
++	if(inet_aton(iaddr, address) = 0) {
++		syslog(LOG_ERR, inet_aton(%s) FAILED, iaddr);
+ 		return -1;
+ 	}
+ 
diff -Nru miniupnpd-1.8.20140523/debian/patches/0030_fix_potential_memory_corruption_in_upnpsoap.c_GetListOfPortMappings.patch miniupnpd-1.8.20140523/debian/patches/0030_fix_potential_memory_corruption_in_upnpsoap.c_GetListOfPortMappings.patch
--- miniupnpd-1.8.20140523/debian/patches/0030_fix_potential_memory_corruption_in_upnpsoap.c_GetListOfPortMappings.patch	1970-01-01 00:00:00.0 +
+++ miniupnpd-1.8.20140523/debian/patches/0030_fix_potential_memory_corruption_in_upnpsoap.c_GetListOfPortMappings.patch	2014-12-09 14:37:29.0 +
@@ -0,0 +1,41 @@
+Subject: miniupnpd/upnpsoap.c: fix potential memory corruption in upnpsoap.c/GetListOfPortMappings()
+ Credits goes to Stephen Röttger of the Google Security Team for identifying
+ the vulnerabilities
+Author: Thomas Bernard miniu...@free.fr
+Origin: upstream, https://github.com/miniupnp/miniupnp/commit/e6bc04aa06341fa4df3ccae87a167e9adf816911.patch
+Bug-Debian: https://bugs.debian.org/772644
+Date: Tue, 9 Dec 2014 11:01:37 +0100
+
+Index: miniupnpd/upnpsoap.c

Processed: Re: Bug#771496: overwrites user changes to configuration file /etc/dpkg-cross/cross-compile on upgrade (violates 10.7.3)

Processing control commands:

 severity -1 serious
Bug #771496 [dpkg-cross] overwrites user changes to configuration file 
/etc/dpkg-cross/cross-compile on upgrade (violates 10.7.3)
Severity set to 'serious' from 'minor'

-- 
771496: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771496
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: severity of 772649 is normal

Processing commands for cont...@bugs.debian.org:

 severity 772649 normal
Bug #772649 [release.debian.org] unblock: miniupnpd/1.8.20140523-4 (security 
fix)
Severity set to 'normal' from 'grave'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
772649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772649
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: machine is completely unusable

Processing commands for cont...@bugs.debian.org:

 severity 771661 grave
Bug #771661 [linux-image-3.16-0.bpo.3-686-pae] qemu-kvm: kernel crash on guest 
while pegged at 100% cpu
Severity set to 'grave' from 'important'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
771661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770695: marked as done (Dovecot-core unable to finish its installation)

Your message dated Tue, 09 Dec 2014 15:20:02 +
with message-id e1xyma2-0004uu...@franck.debian.org
and subject line Bug#770695: fixed in dovecot 1:2.2.13-9
has caused the Debian Bug report #770695,
regarding Dovecot-core unable to finish its installation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
770695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: dovecot-core
Version: 1:2.2.13-6
Severity: critical




Hello,

I'm trying to install dovecot on Jessie, but it's unable to install
properly. There are two distinct problems:

Missing SSL certificate, as reported in #732263

Broken post-install script (this report).

the installer is stuck with this process:

root@mailserver-1:~# dpkg --configure -a
Setting up dovecot-core (1:2.2.13-6) ...
Starting IMAP/POP3 mail server: dovecot.

ps -fax shows this:
 8651 pts/3S+ 0:00  \_ dpkg --configure -a
 8652 pts/3S+ 0:00  \_ /usr/bin/perl -w
/usr/share/debconf/frontend /var/lib/dpkg/info/dovecot-core.postinst
configure
 8658 pts/3Z+ 0:00  \_ [dovecot-core.po] defunct
10116 ?Ss 0:00 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
10119 ?S  0:00  \_ dovecot/anvil
10120 ?S  0:00  \_ dovecot/log
10122 ?S  0:00  \_ dovecot/config


It seems there's something wanting to ask questions, but nothing shows
up on the screen…


dpkg -l | grep dovecot:
iF  dovecot-core 1:2.2.13-6  amd64

System information:
Distributor ID: Debian
Description:Debian GNU/Linux testing (jessie)
Release:testing
Codename:   jessie

Running in a Vagrant box (Virtualbox provider).

Cheers,

C.
---End Message---
---BeginMessage---
Source: dovecot
Source-Version: 1:2.2.13-9

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jaldhar H. Vyas jald...@debian.org (supplier of updated dovecot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 09 Dec 2014 06:17:23 -0500
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd 
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap 
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source i386
Version: 1:2.2.13-9
Distribution: unstable
Urgency: high
Maintainer: Dovecot Maintainers jaldhar-dove...@debian.org
Changed-By: Jaldhar H. Vyas jald...@debian.org
Description:
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dbg - secure POP3/IMAP server - debug symbols
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 770695
Changes:
 dovecot (1:2.2.13-9) unstable; urgency=high
 .
   * [5b689f6] Made some overlooked configuration files into conffiles;
 deleted excess files from /usr/share/doc/dovecot-core.
   * [83f2fc4] Explicitly stop debconf in dovecot-core postinst which hopefully
 fixes the last of the install hangs.
 Thanks to Chris Gilbert zeke.gilb...@gmail.com (Closes: #770695)
Checksums-Sha1:
 4e5b30a14688e42cbe4a23521b9943eb7b02a248 2883 dovecot_2.2.13-9.dsc
 59451ab641d946e077b5078c5a4afbb7288d1ebe 733796 dovecot_2.2.13-9.debian.tar.xz
 13e3d17c29d3ae8a349f4d548edbaaf5ccd4c757 2820940 dovecot-core_2.2.13-9_i386.deb

Bug#772644: marked as done (MiniUPnPd is vulnerable to DNS rebinding attacks)

Your message dated Tue, 09 Dec 2014 15:24:22 +
with message-id e1xymee-0005es...@franck.debian.org
and subject line Bug#772644: fixed in miniupnpd 1.8.20140523-4
has caused the Debian Bug report #772644,
regarding MiniUPnPd is vulnerable to DNS rebinding attacks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772644
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: miniupnpd
Version: 1.8.20140523-3
Severity: grave
Tags: security patch

Stephen Röttger from Google did a security audit of MiniUPnPd, and found a few
issues, all now fixed upstream.

Extract from private messages who were forwarded to me (but which is fine to
disclose since there's already some public commits.

 MiniUPnP is vulnerable to DNS rebinding attacks which allows an attacker to
 trigger upnp actions through a malicious website. Wikipedia describes the
 attack quite well: http://en.wikipedia.org/wiki/DNS_rebinding.
 To mitigate this attack, MiniUPnP should check if the request's host header
 either contains an IP address or the hostname of the device.
 
 Besides that, I found a few memory corruption vulnerabilities in the code.

Fixes:

https://github.com/miniupnp/miniupnp/commit/d00b75782e7d73e78d0b935cee6f4873bc48c9e8
https://github.com/miniupnp/miniupnp/commit/7c91c4e933e96b913b72685d093126d282b87db6

Some memory corruption fix:

https://github.com/miniupnp/miniupnp/commit/e6bc04aa06341fa4df3ccae87a167e9adf816911

A buffer overrun in ParseHttpHeaders() fix:

https://github.com/miniupnp/miniupnp/commit/dd39ecaa935a9c23176416b38a3b80d577f21048

Added check if BuildHeader_upnphttp() failed to allocate memory:

https://github.com/miniupnp/miniupnp/commit/ec94c5663fe80dd6ceea895c73e2be66b1ef6bf4

I'm following-up with an upload in a few minutes.
Cheers,

Thomas Goirand (zigo)
---End Message---
---BeginMessage---
Source: miniupnpd
Source-Version: 1.8.20140523-4

We believe that the bug you reported is fixed in the latest version of
miniupnpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand z...@debian.org (supplier of updated miniupnpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 09 Dec 2014 22:29:04 +0800
Source: miniupnpd
Binary: miniupnpd
Architecture: source amd64
Version: 1.8.20140523-4
Distribution: unstable
Urgency: high
Maintainer: Thomas Goirand z...@debian.org
Changed-By: Thomas Goirand z...@debian.org
Description:
 miniupnpd  - UPnP and NAT-PMP daemon for gateway routers
Closes: 772644
Changes:
 miniupnpd (1.8.20140523-4) unstable; urgency=high
 .
   * Fixes multiple vulnerabilities (Closes: #772644).
Checksums-Sha1:
 7c99b4f3e625eadba029ffa6c296a0d692f6a952 1923 miniupnpd_1.8.20140523-4.dsc
 f85e7e9a43e72f2fab3c24736beb31cc6c61fee7 17224 
miniupnpd_1.8.20140523-4.debian.tar.xz
 3e9fb3de77c0707abd230833e527ed86fe1b2eb3 84254 
miniupnpd_1.8.20140523-4_amd64.deb
Checksums-Sha256:
 d5d040c188609f8f02c67c7f45562697d4cd0631077a1e43fd3a1773195d2484 1923 
miniupnpd_1.8.20140523-4.dsc
 f256de94d0adde40eddd65430c54512d106ccfa200dfb3032ecbc78a4271fd2e 17224 
miniupnpd_1.8.20140523-4.debian.tar.xz
 33945fbfb594000e6b6bb4a0d6568d2571ba0490db1023a9cb673d0d51b0827c 84254 
miniupnpd_1.8.20140523-4_amd64.deb
Files:
 7b49f982edececb1a06d1df0c5919095 1923 net optional miniupnpd_1.8.20140523-4.dsc
 bcc5630370db874263dd6fee72f30326 17224 net optional 
miniupnpd_1.8.20140523-4.debian.tar.xz
 ff547b42e61bab5915b094ddecaa8a59 84254 net optional 
miniupnpd_1.8.20140523-4_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJUhwtaAAoJENQWrRWsa0P+Nq4P/2iyYfge8JT9Nn79ls4VlFzC
mmkNnFPOrNk//gQ+DYZga6OnyO2u76eS4GQGZCf5m3pr018J3j++vMgFYWUYGJJq
G0S49KtgsTjIRgzWiykj5z/vw+i8+kAzUKD3G8DWIAGmUjr9MnNsUsWYG3Sp3eG8
DgQz8iz9GfIkj6lRxkwsqjORrEMlU6D9gDjAXbo+OTuvnZsrzG205a2e8Dte/Qxr
WyTVLjljjq2cN5VPa/F+0VWJSNgAOqF2o1K3Ec1IiBC07En+4mQFrNkXRa0WgZHn
hP6uLuo08n9N0yI4ek0eKsfgHaSUZYcd8/YElV8955fQD2YPr+8Ivq973Dum7BUg
Upi3qEQucoyYVvEBSSdba/IvvxYE3+KXs1RrNv3tdbCfvPZZ0o5NE9J4O+kveMmK

Bug#721737: nis: segfault in yppasswd when using shadow

2014-12-09 Thread Mark Brown

severity 721737 normal
kthxbye

On Tue, Dec 09, 2014 at 02:18:52PM +0100, Goswin von Brederlow wrote:
 Not being able to change the password is a security problem. Raising severity
 to grave.

Please don't inflate severities pointlessly; there are simple solutions
to this like changing passwords by logging into a specific system to do
so which people will doubtless have adopted in the decade or so this has
been present if they are affected.


signature.asc
Description: Digital signature

Processed: Re: Bug#721737: nis: segfault in yppasswd when using shadow

Processing commands for cont...@bugs.debian.org:

 severity 721737 normal
Bug #721737 [nis] nis: segfault in yppasswd when using shadow
Severity set to 'normal' from 'grave'
 kthxbye
Stopping processing here.

Please contact me if you need assistance.
-- 
721737: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721737
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772630: djmount fails to build from source

2014-12-09 Thread Andrey Rahmatullin

Control: tags -1 + unreproducible moreinfo

On Tue, Dec 09, 2014 at 11:28:35AM +0100, Patrick Häcker wrote:
 djmount FTBFS on Jessie (amd64) during linking. The last warning before the 
 error:
 
 fuse_main.c: In function ‘main’:
 fuse_main.c:621:2: warning: implicit declaration of function 
 ‘UpnpSetLogFileNames’ [-Wimplicit-function-declaration]
   UpnpSetLogFileNames (/dev/null, /dev/null);
 
 The error:
 
 /usr/bin/ld: log.o: relocation R_X86_64_32 against `.bss' can not be used 
 when making a shared object; recompile with -fPIC
 log.o: error adding symbols: Bad value
 collect2: error: ld returned 1 exit status
 Makefile:477: recipe for target 'djmount' failed
I cannot reproduce this on current sid. Please provide a full build log.


-- 
WBR, wRAR


signature.asc
Description: Digital signature

Processed: Re: Bug#772630: djmount fails to build from source

Processing control commands:

 tags -1 + unreproducible moreinfo
Bug #772630 [djmount] djmount fails to build from source
Added tag(s) unreproducible and moreinfo.

-- 
772630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772630
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: notfound 772622 in 1.5.1-1

Processing commands for cont...@bugs.debian.org:

 notfound 772622 1.5.1-1
Bug #772622 [src:unbound] CVE-2014-8602: denial of service with endless 
delegations
Ignoring request to alter found versions of bug #772622 to the same values 
previously set
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
772622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772622
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: found 772622 in 1.4.22-2

Processing commands for cont...@bugs.debian.org:

 found 772622 1.4.22-2
Bug #772622 [src:unbound] CVE-2014-8602: denial of service with endless 
delegations
Marked as found in versions unbound/1.4.22-2.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
772622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772622
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr

2014-12-09 Thread Vincent Lefevre

Hi,

On 2014-12-08 13:45:12 +0100, Vasyl Kaigorodov wrote:
 Hello,
 
 A buffer overflow was reported [1] in mpfr.
 This is due to incorrect GMP documentation for mpn_set_str about the
 size of a buffer (discussion is at [1]; first fix in the GMP
 documentation is at [2]). This bug is present in the MPFR versions
 from 2.1.0 (adding mpfr_strtofr) to this one, and can be detected by
 running make check in a 32-bit ABI under GNU/Linux with alloca
 disabled (this is currently possible by using the --with-gmp-build
 configure option where alloca has been disabled in the GMP build). It
 is fixed by the strtofr patch [3].
 Corresponding changeset in the 3.1 branch: 9110 [4].
 
 [1]: https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html
 [2]: https://gmplib.org/repo/gmp-5.1/raw-rev/d19172622a74
 [3]: http://www.mpfr.org/mpfr-3.1.2/patch11
 [4]: https://gforge.inria.fr/scm/viewvc.php?view=revroot=mpfrrevision=9110

The corresponding changeset is 9243, with URL:

  https://gforge.inria.fr/scm/viewvc.php?view=revroot=mpfrrevision=9243

Regards,

-- 
Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/
100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: found 772622 in 1.4.17-3+deb7u1

Processing commands for cont...@bugs.debian.org:

 found 772622 1.4.17-3+deb7u1
Bug #772622 [src:unbound] CVE-2014-8602: denial of service with endless 
delegations
Marked as found in versions unbound/1.4.17-3+deb7u1.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
772622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772622
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771501: pygopherd: diff for NMU version 2.0.18.3+nmu4

2014-12-09 Thread gregor herrmann

On Tue, 09 Dec 2014 00:06:42 -0800, Cameron Norman wrote:

  I have supplied a more minimal NMU to fix #771501 that does not mess with
  the gophermap file other than installing it if it was not there before.
  Where is this new patch? It seems that I don't see it right now :)
 Doh! Attached now :)

Thanks!

First NMU cancelled, new one re-uploaded to DELAYED/5 again.


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT  SPI, fellow of the Free Software Foundation Europe
   `-   NP: Ben Weaver: Like A Wound


signature.asc
Description: Digital Signature

Bug#772622: CVE-2014-8602: denial of service with endless delegations

2014-12-09 Thread Robert Edmonds

Yves-Alexis Perez wrote:
 Hi,
 
 as you may already know, a vulnerability in several recursive DNS
 implementations (bind, pdns-recursor and unbound, maybe others) has been
 found by a research.
 
 For unbound, it has been assigned CVE-2014-8602 and more information can
 be found on the mailing list post at
 https://unbound.net/pipermail/unbound-users/2014-December/003662.html
 
 It's not crystal clear which versions are currently vulnerable so at
 first sight I'd say all. Can you prepare updated packages for Wheezy,
 Jessie/Sid including only the patch linked in the above mail?

 For Wheezy you need to build with -sa (since it's the first security
 upload) and target wheezy-security distribution. Then you send us the
 debdiff so we can have a quick check, and after our ACK you can upload
 to security-master and we release the DSA.
 
 For Jessie, you'll have to make a minimal upload to sid, and ask an
 unblock to the release team.
 
 Don't forget to put the CVE number in the changelog.
 
 If you need any help with the above, don't hesitate to contact us.

AFAIK, all versions prior to 1.5.1 are affected.

I'll work on backporting the fix to the versions in wheezy and
jessie/sid.

Thanks!

-- 
Robert Edmonds
edmo...@debian.org


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771501: pygopherd: diff for NMU version 2.0.18.3+nmu4

2014-12-09 Thread gregor herrmann

Dear maintainer,

Cameron Norman has prepared a second version of an NMU for pygopherd
(versioned as 2.0.18.3+nmu4) and I've uploaded it again to DELAYED/5.
Please feel free to tell me if I should delay it longer.

Regards.

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT  SPI, fellow of the Free Software Foundation Europe
   `-   NP: Ben Weaver: Like A Wound
diff -Nru pygopherd-2.0.18.3+nmu3/debian/changelog pygopherd-2.0.18.3+nmu4/debian/changelog
--- pygopherd-2.0.18.3+nmu3/debian/changelog	2013-06-30 14:30:23.0 +0200
+++ pygopherd-2.0.18.3+nmu4/debian/changelog	2014-12-09 17:28:12.0 +0100
@@ -1,3 +1,10 @@
+pygopherd (2.0.18.3+nmu4) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Copy gophermap from /usr/share, not /usr/share/doc (Closes: #771501)
+
+ -- Cameron Norman camerontnor...@gmail.com  Mon, 08 Dec 2014 17:25:38 -0800
+
 pygopherd (2.0.18.3+nmu3) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru pygopherd-2.0.18.3+nmu3/debian/dirs pygopherd-2.0.18.3+nmu4/debian/dirs
--- pygopherd-2.0.18.3+nmu3/debian/dirs	2008-03-02 22:51:01.0 +0100
+++ pygopherd-2.0.18.3+nmu4/debian/dirs	2014-12-09 17:28:12.0 +0100
@@ -1,2 +1,3 @@
 usr/bin
 usr/sbin
+usr/share/pygopherd
diff -Nru pygopherd-2.0.18.3+nmu3/debian/postinst pygopherd-2.0.18.3+nmu4/debian/postinst
--- pygopherd-2.0.18.3+nmu3/debian/postinst	2008-04-10 15:56:55.0 +0200
+++ pygopherd-2.0.18.3+nmu4/debian/postinst	2014-12-09 17:28:12.0 +0100
@@ -67,7 +67,7 @@
   if ! test -d $HOMEDIR; then
 mkdir $HOMEDIR
   fi
-  cp /usr/share/doc/pygopherd/examples/gophermap $HOMEDIR/gophermap
+  cp /usr/share/pygopherd/gophermap $HOMEDIR/gophermap
   chown -R gopher.gopher $HOMEDIR
 fi
 
diff -Nru pygopherd-2.0.18.3+nmu3/debian/rules pygopherd-2.0.18.3+nmu4/debian/rules
--- pygopherd-2.0.18.3+nmu3/debian/rules	2013-06-30 14:30:23.0 +0200
+++ pygopherd-2.0.18.3+nmu4/debian/rules	2014-12-09 17:28:12.0 +0100
@@ -75,6 +75,7 @@
 	mv debian/pygopherd/usr/bin/pygopherd \
 		debian/pygopherd/usr/sbin/pygopherd
 	rm debian/pygopherd/etc/pygopherd/mime.types
+	cp examples/gophermap debian/pygopherd/usr/share/pygopherd/gophermap
 	cp pygfarm/*.pyg debian/pygfarm/usr/share/pygfarm
 	chown root.root debian/pygfarm/usr/share/pygfarm/*
 	chmod 0755 debian/pygfarm/usr/share/pygfarm/*


signature.asc
Description: Digital Signature

Processed: Re: Bug#768751: ecb: FTBFS in jessie

Processing control commands:

 tags -1 - help + pending patch upstream
Bug #768751 [src:ecb] ecb: FTBFS in jessie
Removed tag(s) help.
Bug #768751 [src:ecb] ecb: FTBFS in jessie
Added tag(s) pending and patch.
 reassign -1 emacs24 24.4+1-4
Bug #768751 [src:ecb] ecb: FTBFS in jessie
Bug reassigned from package 'src:ecb' to 'emacs24'.
No longer marked as found in versions ecb/2.40+git20140216-1.
Ignoring request to alter fixed versions of bug #768751 to the same values 
previously set
Bug #768751 [emacs24] ecb: FTBFS in jessie
Marked as found in versions emacs24/24.4+1-4.

-- 
768751: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768751
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#768751: ecb: FTBFS in jessie

2014-12-09 Thread Balint Reczey

Control: tags -1 - help + pending patch upstream
Control: reassign -1 emacs24 24.4+1-4

On 11/27/2014 12:31 PM, Bálint Réczey wrote:
 Control: tags -1 help
 
 2014-11-11 21:05 GMT+01:00 Bálint Réczey bal...@balintreczey.hu:
 Control: tags -1 confirmed

 Hi Lucas,

 2014-11-09 8:31 GMT+01:00 Lucas Nussbaum lu...@lucas-nussbaum.net:
 Source: ecb
 Version: 2.40+git20140216-1
 Severity: serious
 Tags: jessie sid
 User: debian...@lists.debian.org
 Usertags: qa-ftbfs-20141108 qa-ftbfs
 Justification: FTBFS in jessie on amd64

 Hi,

 During a rebuild of all packages in jessie (in a jessie chroot, not a
 sid chroot), your package failed to build on amd64.

 Relevant part (hopefully):
 make[2]: Entering directory '/ĢBUILDDIRģ/ecb-2.40+git20140216'
 Makefile:38: Makefile.conf not found. Using defaults for Linux!
 Makefile:39: Create Makefile.conf from Makefile.conf.template to override 
 the defaults.
 Byte-compiling ECB with LOADPATH= ...
 emacs -batch -no-site-file -l ecb-compile-script --eval '(ecb-byte-compile 
 t)'
 ECB 2.40 uses CEDET 2.0 (contains semantic 2.2, eieio 1.4, speedbar 1.0).
 All requirements for ECB 2.40 fulfilled - Enjoy it!
 ...
 Wrote /ĢBUILDDIRģ/ecb-2.40+git20140216/ecb-winman-support.elc
 Wrote /ĢBUILDDIRģ/ecb-2.40+git20140216/ecb.elc
 Wrote /ĢBUILDDIRģ/ecb-2.40+git20140216/silentcomp.elc
 Wrote /ĢBUILDDIRģ/ecb-2.40+git20140216/tree-buffer.elc
 Args out of range: 0
 make[2]: *** [ecb] Error 255

 The full build log is available from:

 http://aws-logs.debian.net/ftbfs-logs/2014/11/08/ecb_2.40+git20140216-1_jessie.log
 It seems the latest emacs24 upload introduced some Elisp changes breaking 
 ECB.
 I will try to fix it for the release, but if someone is more familiar
 with the changes then feel free to check the regression.

 Cheers,
 Balint
 
 I'm not sure if I can debug and fix this by 5 Dec, when the package is
 scheduled for removal from testing.
 If you are familiar with elisp please take a look.
It turned out to be an Emacs bug already fixed upstream.
Please see the attached NMU diff which fixes.
I'm uploading the fixed package to DELAYED/10 today.

Cheers,
Balint

diff -Nru emacs24-24.4+1/debian/changelog emacs24-24.4+1/debian/changelog
--- emacs24-24.4+1/debian/changelog	2014-10-25 21:41:42.0 +0200
+++ emacs24-24.4+1/debian/changelog	2014-12-09 16:25:45.0 +0100
@@ -1,3 +1,11 @@
+emacs24 (24.4+1-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Cherry-pick 0009-lisp-startup.el-command-line.patch to fix handling
+nil elements in load-path (Closes: #768751)
+
+ -- Balint Reczey bal...@balintreczey.hu  Tue, 09 Dec 2014 16:24:27 +0100
+
 emacs24 (24.4+1-4) unstable; urgency=medium
 
   * Update emacsen-common dependency as per policy.
diff -Nru emacs24-24.4+1/debian/patches/0009-lisp-startup.el-command-line.patch emacs24-24.4+1/debian/patches/0009-lisp-startup.el-command-line.patch
--- emacs24-24.4+1/debian/patches/0009-lisp-startup.el-command-line.patch	1970-01-01 01:00:00.0 +0100
+++ emacs24-24.4+1/debian/patches/0009-lisp-startup.el-command-line.patch	2014-12-09 16:26:58.0 +0100
@@ -0,0 +1,20 @@
+From edfdb22f674312389ccf5d5e37efa4d3f1516994 Mon Sep 17 00:00:00 2001
+From: Glenn Morris r...@gnu.org
+Date: Sun, 9 Nov 2014 23:12:37 -0800
+Subject: [PATCH] * lisp/startup.el (command-line): Handle nil elements in
+ load-path.
+
+---
+ lisp/startup.el | 1 +
+ 1 file changed, 1 insertions(+)
+
+--- a/lisp/startup.el
 b/lisp/startup.el
+@@ -1336,6 +1336,7 @@
+   (let (warned)
+ (dolist (dir load-path)
+   (and (not warned)
++	   (stringp dir)
+ 	   (string-match-p /[._]emacs\\.d/?\\' dir)
+ 	   (string-equal (file-name-as-directory (expand-file-name dir))
+ 			 (expand-file-name user-emacs-directory))
diff -Nru emacs24-24.4+1/debian/patches/series emacs24-24.4+1/debian/patches/series
--- emacs24-24.4+1/debian/patches/series	2014-10-25 21:40:41.0 +0200
+++ emacs24-24.4+1/debian/patches/series	2014-12-09 16:26:50.0 +0100
@@ -6,3 +6,4 @@
 0006-Look-for-NEWS-in-order-to-find-etc-rather-than-GNU.patch
 0007-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
 0008-A-race-to-create-info-has-been-eliminated.patch
+0009-lisp-startup.el-command-line.patch

Bug#771496: overwrites user changes to configuration file /etc/dpkg-cross/cross-compile on upgrade (violates 10.7.3)

2014-12-09 Thread Neil Williams

On Tue, 9 Dec 2014 15:50:40 +0100
Helmut Grohne hel...@subdivi.de wrote:

 Control: severity -1 serious
 
 On Mon, Dec 08, 2014 at 06:39:07PM +, Neil Williams wrote:
  On Sun, 7 Dec 2014 15:22:08 +0100
  gregor herrmann gre...@debian.org wrote:
   Yes but it does it wrong.
  
  There are no user-supported values in that file, it only stores
  debconf information.
 
 You are saying that dpkg-cross does not support the Debian policy?

Yes, dpkg-cross was never policy compliant from the original design up.
Everything it does is against the spirit of policy if not the letter.
It's a series of gross unsupportable embedded hacks and I long ago gave
up any idea of fixing it. It's like the Hydra and until someone finally
lets it die it will continue spawning new monstrous heads in protest at
not being allowed to die in peace.

 Clearly, /etc/dpkg-cross/cross_compile is a configuration file and
 clearly local changes are not currently preserved. This makes the
 package unfit for release.

Fine, then let it get auto-removed. It's essentially been unmaintained
for over a year, it causes chaos across the installation and makes more
hacks like xapt necessary. This behaviour isn't new for Jessie.

  Any change on dpkg-cross behaviour caused by that file is
  a separate bug.
 
 I agree with this. /etc/dpkg-cross/cross_compile should not exist. But
 as long as it does exist, it must follow the rules of the Debian
 policy.

Little else of the package bothers with policy why this tiny
wrinkle?
 
 I believe that the best solution to this problem is to remove
 /etc/dpkg-cross/cross-compile (and .sample) from the package.

Or just let the package skip Jessie.
 
  dpkg-cross is essentially unmaintained and I'd rather it was
  orphaned - it has been dead for some time and the only real purpose
  for having the package after Jessie will be
  the /etc/dpkg-cross/cross-config.* files, not cross-compile. Any
  package relying on /etc/dpkg-cross/cross-compile for anything
  except the default arch already set in debconf is buggy.
 
 You are missing an important aspect here: dpkg-cross is currently the
 only way to build a cross compiler from src:gcc-4.9. It seems a bit
 premature to me to declare that functionality obsolete before moving
 gcc to a different method. You may want to (re)discuss this with the
 gcc maintainer: He does not seem to be aware of this deprecation and
 declares dpkg-cross supported.

dpkg-cross was deprecated in Lenny. It has not been supported since
shortly after the Wheezy release.

The only data from dpkg-cross which is worth having in Jessie is
the /etc/dpkg-cross/cross-config.* files. If Policy violations in
the rest of the package which have been ignored for multiple releases
already mean that dpkg-cross gets removed from testing, it will only be
these data files which are missed.

If there's much more discussion on this non-issue then I'll file the RM
bug against unstable (including xapt and emdebian-crush). I'll let
someone else worry about whether it is worth fixing one tiny hack in the
stinking pile of gross hacks across the rest of the package. This really
is unnecessary - there is no real bug here. It's a nonsense - whacking
packages with the Policy sledgehammer just because we can.

Fine, if this is so important that it requires the package to be
removed, I've already spent more time on this than I can spare for
dpkg-cross maintenance this cycle. Let it die in peace. We've been
whipping this particular dead horse for two release cycles already.

RIP dpkg-cross, you will not be missed.

-- 


Neil Williams
=
http://www.linux.codehelp.co.uk/



pgpzZH9v1Vmvb.pgp
Description: OpenPGP digital signature

Bug#772657: ttf-cjk-compact: build-depends on ruby1.8

Source: ttf-cjk-compact
Version: 1.20
Severity: serious
Tags: jessie
User: trei...@debian.org
Usertags: edos-uninstallable

Hi,

ttf-cjk-compact build-depends on ruby1.8, which does not exist in jessie.
In fact, ruby1.8 was removed from testing on 2014-03-13.

-Ralf.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772658: proll: build-depends on sparc-utils

Source: proll
Version: 18-6
Severity: serious
Tags: jessie
User: trei...@debian.org
Usertags: edos-uninstallable

Hi,

proll build-depends on sparc-utils, which does not exist in jessie (it
was removed from testing on 2014-04-27).

-Ralf.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772659: kfreebsd-8: build-depends on gcc-4.6

Source: kfreebsd-8
Version: 8.3-6+deb7u1
Severity: serious
Tags: jessie
User: trei...@debian.org
Usertags: edos-uninstallable

Hi, kfreebsd-8 build-depends on gcc-4.6, which does not exist in jessie.

-Ralf.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772657: ttf-cjk-compact: build-depends on ruby1.8

2014-12-09 Thread Cyril Brulebois

Ralf Treinen trei...@pps.univ-paris-diderot.fr (2014-12-09):
 Source: ttf-cjk-compact
 Version: 1.20
 Severity: serious
 Tags: jessie
 User: trei...@debian.org
 Usertags: edos-uninstallable
 
 Hi,
 
 ttf-cjk-compact build-depends on ruby1.8, which does not exist in jessie.
 In fact, ruby1.8 was removed from testing on 2014-03-13.

It really would be nice not to remove packages that are still
build-depended on, especially when no bug reports are being filed.

One month into the freeze isn't exactly the right time to attempt a 1.8
to 1.9 (or whatever else is current this week) ruby transition in d-i
packages.

Can you please fix whatever tool you're using to make sure this doesn't
happen again? (Wild guess, dak rm vs. udebs?)

Mraw,
KiBi.


signature.asc
Description: Digital signature

Bug#771501: pygopherd: diff for NMU version 2.0.18.3+nmu4

2014-12-09 Thread John Goerzen

Thanks everyone for your work on this.  I apologize for being so
swamped.  It is nice to feel so helped out!

John

On 12/09/2014 10:34 AM, gregor herrmann wrote:
 On Tue, 09 Dec 2014 00:06:42 -0800, Cameron Norman wrote:

 I have supplied a more minimal NMU to fix #771501 that does not mess with
 the gophermap file other than installing it if it was not there before.
 Where is this new patch? It seems that I don't see it right now :)
 Doh! Attached now :)
 Thanks!

 First NMU cancelled, new one re-uploaded to DELAYED/5 again.


 Cheers,
 gregor



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772659: marked as done (kfreebsd-8: build-depends on gcc-4.6)

Your message dated Tue, 9 Dec 2014 18:43:26 +0100
with message-id 20141209174326.ga21...@betterave.cristau.org
and subject line Re: Bug#772659: kfreebsd-8: build-depends on gcc-4.6
has caused the Debian Bug report #772659,
regarding kfreebsd-8: build-depends on gcc-4.6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772659: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772659
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: kfreebsd-8
Version: 8.3-6+deb7u1
Severity: serious
Tags: jessie
User: trei...@debian.org
Usertags: edos-uninstallable

Hi, kfreebsd-8 build-depends on gcc-4.6, which does not exist in jessie.

-Ralf.
---End Message---
---BeginMessage---
On Tue, Dec  9, 2014 at 18:36:25 +0100, Ralf Treinen wrote:

 Source: kfreebsd-8
 Version: 8.3-6+deb7u1
 Severity: serious
 Tags: jessie
 User: trei...@debian.org
 Usertags: edos-uninstallable
 
 Hi, kfreebsd-8 build-depends on gcc-4.6, which does not exist in jessie.
 
kfreebsd-8 is not in jessie either.  Please filter out
extra-sources-only from your checks.

Cheers,
Julien


signature.asc
Description: Digital signature
---End Message---

Bug#772659: kfreebsd-8: build-depends on gcc-4.6

2014-12-09 Thread Cyril Brulebois

Ralf Treinen trei...@pps.univ-paris-diderot.fr (2014-12-09):
 Source: kfreebsd-8
 Version: 8.3-6+deb7u1
 Severity: serious
 Tags: jessie
 User: trei...@debian.org
 Usertags: edos-uninstallable
 
 Hi, kfreebsd-8 build-depends on gcc-4.6, which does not exist in jessie.

kfreebsd-9 went away during the transition to kfreebsd-10, and I guess
kfreebsd-8 was overlooked/forgotten about because it wasn't being
transitioned from. Should probably go away from the archive entirely?

Mraw,
KiBi.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed (with 1 errors): your mail

Processing commands for cont...@bugs.debian.org:

 forcemerge 768751 768658
Bug #768751 [emacs24] ecb: FTBFS in jessie
Unable to merge bugs because:
package of #768658 is 'ecb' not 'emacs24'
Failed to forcibly merge 768751: Did not alter merged bugs

 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
768658: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768658
768751: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768751
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: your mail

Processing commands for cont...@bugs.debian.org:

 reassign 768658 emacs24
Bug #768658 [ecb] ecb: install upgrade fails
Bug reassigned from package 'ecb' to 'emacs24'.
No longer marked as found in versions ecb/2.40+git20140216-1.
Ignoring request to alter fixed versions of bug #768658 to the same values 
previously set
 forcemerge 768751 768658
Bug #768751 [emacs24] ecb: FTBFS in jessie
Bug #768658 [emacs24] ecb: install upgrade fails
Severity set to 'serious' from 'important'
Marked as found in versions emacs24/24.4+1-4.
Added tag(s) sid, pending, jessie, and patch.
Merged 768658 768751
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
768658: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768658
768751: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768751
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771661: machine is completely unusable

2014-12-09 Thread Ben Hutchings

Control: retitle -1 VM becomes unresponsive - soft lockup, RCU stall
Control: severity -1 important
Control: reassign -1 src:linux
Control: tag -1 moreinfo

On Tue, 2014-12-09 at 14:53 +, Toni Mueller wrote:
  severity 771661 grave
 thanks

Sorry, no, you've only seen one broken VM.

Also, this is assigned to linux-image-3.16-0.bpo.3-686-pae but the
screenshot you attached shows that package being newly installed.
Therefore it is not the kernel you were running at the time you first
saw this problem.

Did you subsequently boot into that kernel?

 Hi,
 
 I guess the same would apply to #771602, but I would like to not go
 the extra five miles to reproduce it there. In any case, a kernel
 that maxes out the CPU immediately after start while doing nothing
 is not entirely production quality (although I have very good
 experiences with it in other settings).
 
 I'd likely be happy to produce more evidence if you can give me
 useful directions.

We would need a more complete kernel log.  You could use an emulated
serial console to get this.

How much memory does this VM have?  Does it have a swap file?

 Oh, as a side note: The VM thus maxed out cannot be shut down with
 
 $ virsh shutdown nameofvm
 
 but only with killing the kvm process.

That's a graceful shutdown, which is expected to fail if the guest OS
has become unresponsive.  You should use the 'virsh destroy' command to
forcefully shut down a VM.

Ben.

-- 
Ben Hutchings
Q.  Which is the greater problem in the world today, ignorance or apathy?
A.  I don't know and I couldn't care less.


signature.asc
Description: This is a digitally signed message part

Processed: Re: Bug#771661: machine is completely unusable

Processing control commands:

 retitle -1 VM becomes unresponsive - soft lockup, RCU stall
Bug #771661 [linux-image-3.16-0.bpo.3-686-pae] qemu-kvm: kernel crash on guest 
while pegged at 100% cpu
Changed Bug title to 'VM becomes unresponsive - soft lockup, RCU stall' from 
'qemu-kvm: kernel crash on guest while pegged at 100% cpu'
 severity -1 important
Bug #771661 [linux-image-3.16-0.bpo.3-686-pae] VM becomes unresponsive - soft 
lockup, RCU stall
Severity set to 'important' from 'grave'
 reassign -1 src:linux
Bug #771661 [linux-image-3.16-0.bpo.3-686-pae] VM becomes unresponsive - soft 
lockup, RCU stall
Bug reassigned from package 'linux-image-3.16-0.bpo.3-686-pae' to 'src:linux'.
Ignoring request to alter found versions of bug #771661 to the same values 
previously set
Ignoring request to alter fixed versions of bug #771661 to the same values 
previously set
 tag -1 moreinfo
Bug #771661 [src:linux] VM becomes unresponsive - soft lockup, RCU stall
Added tag(s) moreinfo.

-- 
771661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771797: marked as done (liblldb-3.5: does not ship SONAME link /usr/lib/triplet/liblldb.so.1 - liblldb-3.5.so.1)

Your message dated Tue, 09 Dec 2014 18:38:47 +
with message-id e1xypgn-0006by...@franck.debian.org
and subject line Bug#771797: fixed in llvm-toolchain-3.5 1:3.5-8
has caused the Debian Bug report #771797,
regarding liblldb-3.5: does not ship SONAME link 
/usr/lib/triplet/liblldb.so.1 - liblldb-3.5.so.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
771797: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771797
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: liblldb-3.5
Version: 1:3.5-6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package does not ship the
SONAME link for its library (Policy 8.1).
That link got created later by ldconfig.

The package ships

liblldb-3.5.so - liblldb-3.5.so.1
liblldb-3.5.so.1

but the SONAME is liblldb.so.1

Setting the severity to serious since this file was previously shipped
by at least one other package (lldb-3.3) but liblldb-3.5 misses
appropriate Breaks/Conflicts+Replaces. (#769113)
https://packages.debian.org/search?suite=sidarch=anymode=pathsearchon=contentskeywords=liblldb.so.1

The LLVM SONAMES look quite messy, but this seems to be resolved finally
in 3.6 which changes the SONAME to liblldb-3.6.so.

In this context it is even more important to ship that link and
have appropriate Conflicts.

From the attached log (scroll to the bottom...):

0m48.2s DEBUG: Starting command: ['chroot', '/tmp/piupartss/tmpkOV8jD', 
'tmp/scripts/pre_remove_40_find_unowned_lib_links']
0m51.6s DUMP: 
  UNOWNED SYMLINK /usr/lib/x86_64-linux-gnu/liblldb.so.1 - liblldb-3.5.so.1
0m51.6s DEBUG: Command ok: ['chroot', '/tmp/piupartss/tmpkOV8jD', 
'tmp/scripts/pre_remove_40_find_unowned_lib_links']


cheers,

Andreas


liblldb-3.5_1:3.5-6.log.gz
Description: application/gzip
---End Message---
---BeginMessage---
Source: llvm-toolchain-3.5
Source-Version: 1:3.5-8

We believe that the bug you reported is fixed in the latest version of
llvm-toolchain-3.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 771...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvestre Ledru sylves...@debian.org (supplier of updated llvm-toolchain-3.5 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 08 Dec 2014 20:10:00 +0100
Source: llvm-toolchain-3.5
Binary: clang-3.5 clang-format-3.5 cpp11-migrate-3.5 clang-modernize-3.5 
clang-3.5-doc libclang1-3.5 libclang1-3.5-dbg libclang-3.5-dev 
libclang-common-3.5-dev python-clang-3.5 clang-3.5-examples libllvm3.5 
libllvm3.5-dbg llvm-3.5 llvm-3.5-runtime llvm-3.5-dev llvm-3.5-tools 
libllvm-3.5-ocaml-dev llvm-3.5-doc llvm-3.5-examples lldb-3.5 liblldb-3.5 
python-lldb-3.5 liblldb-3.5-dev lldb-3.5-dev
Architecture: source amd64 all
Version: 1:3.5-8
Distribution: unstable
Urgency: medium
Maintainer: LLVM Packaging Team pkg-llvm-t...@lists.alioth.debian.org
Changed-By: Sylvestre Ledru sylves...@debian.org
Description:
 clang-3.5  - C, C++ and Objective-C compiler (LLVM based)
 clang-3.5-doc - C, C++ and Objective-C compiler (LLVM based) - Documentation
 clang-3.5-examples - Clang examples
 clang-format-3.5 - Tool to format C/C++/Obj-C code
 clang-modernize-3.5 - Tool to convert C++98 and C++03 code to C++11
 cpp11-migrate-3.5 - Tool to convert C++98 and C++03 code to C++11
 libclang-3.5-dev - clang library - Development package
 libclang-common-3.5-dev - clang library - Common development package
 libclang1-3.5 - C interface to the clang library
 libclang1-3.5-dbg - clang library
 liblldb-3.5 - Next generation, high-performance debugger, library
 liblldb-3.5-dev - Next generation, high-performance debugger - Header files
 libllvm-3.5-ocaml-dev - Modular compiler and toolchain technologies, OCaml 
bindings
 libllvm3.5 - Modular compiler and toolchain technologies, runtime library
 libllvm3.5-dbg - Modular compiler and toolchain technologies, debugging 
libraries
 lldb-3.5   - Next generation, high-performance debugger
 lldb-3.5-dev - transitional dummy package to liblldb-3.5-dev
 llvm-3.5   - Modular compiler and toolchain technologies
 llvm-3.5-dev -

Bug#772612: kmail: Sent message opened for editing by default and can be removed from sent by saving

2014-12-09 Thread Diane Trout

Hello,

I tried to duplicate this with 4.14.1. 

I had to hit T in order to actually edit the message, and then if I make a 
change and save it, the save button says Save to Draft, for me the 
modified message moved to the Drafts folder.

By any chance is the modified message now in the draft folder for you?

Diane Trout


On Tuesday, December 09, 2014 09:04:44 Shai Berger wrote:
 Package: kmail
 Version: 4:4.14.2-2
 Severity: grave
 Justification: causes non-serious data loss
 
 Dear Maintainer,
 
 Double-click a message in any folder; unlike in kmail1, the message
 opens as editable (in kmail1 this was only true for Outbox).
 
 However, if the message is opened from the sent-mail folder, then --
 just like with outbox -- it is also removed from the list. When you
 close the message, as with any editable, you are offered to discard
 the changes or save as draft. If you discard, all is well; but if
 you save as draft, it is removed permanently from the sent folder,
 losing the data that the message was sent.
 
 
 -- System Information:
 Debian Release: 8.0
   APT prefers unstable
   APT policy: (500, 'unstable'), (500, 'testing')
 Architecture: amd64 (x86_64)
 
 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
 Shell: /bin/sh linked to /bin/dash
 Init: systemd (via /run/systemd/system)
 
 Versions of packages kmail depends on:
 ii  kde-runtime   4:4.14.2-1
 ii  kdepim-runtime4:4.14.2-2
 ii  kdepimlibs-kio-plugins4:4.14.2-2
 ii  libakonadi-calendar4  4:4.14.2-2
 ii  libakonadi-contact4   4:4.14.2-2
 ii  libakonadi-kde4   4:4.14.2-2
 ii  libakonadi-kmime4 4:4.14.2-2
 ii  libakonadiprotocolinternals1  1.13.0-2
 ii  libc6 2.19-13
 ii  libcalendarsupport4   4:4.14.2-2
 ii  libfollowupreminder4  4:4.14.2-2
 ii  libgcc1   1:4.9.2-5
 ii  libgpgme++2   4:4.14.2-2
 ii  libgrantlee-core0 0.4.0-2
 ii  libincidenceeditorsng44:4.14.2-2
 ii  libkabc4  4:4.14.2-2
 ii  libkalarmcal2 4:4.14.2-2
 ii  libkcalcore4  4:4.14.2-2
 ii  libkcalutils4 4:4.14.2-2
 ii  libkcmutils4  4:4.14.2-4
 ii  libkdecore5   4:4.14.2-4
 ii  libkdepim44:4.14.2-2
 ii  libkdeui5 4:4.14.2-4
 ii  libkio5   4:4.14.2-4
 ii  libkleo4  4:4.14.2-2
 ii  libkmanagesieve4  4:4.14.2-2
 ii  libkmime4 4:4.14.2-2
 ii  libknewstuff3-4   4:4.14.2-4
 ii  libknotifyconfig4 4:4.14.2-4
 ii  libkontactinterface4a 4:4.14.2-2
 ii  libkparts44:4.14.2-4
 ii  libkpgp4  4:4.14.2-2
 ii  libkpimidentities44:4.14.2-2
 ii  libkpimtextedit4  4:4.14.2-2
 ii  libkpimutils4 4:4.14.2-2
 ii  libkprintutils4   4:4.14.2-4
 ii  libksieveui4  4:4.14.2-2
 ii  libktnef4 4:4.14.2-2
 ii  libmailcommon44:4.14.2-2
 ii  libmailimporter4  4:4.14.2-2
 ii  libmailtransport4 4:4.14.2-2
 ii  libmessagecomposer4   4:4.14.2-2
 ii  libmessagecore4   4:4.14.2-2
 ii  libmessagelist4   4:4.14.2-2
 ii  libmessageviewer4 4:4.14.2-2
 ii  libpimcommon4 4:4.14.2-2
 ii  libqt4-dbus   4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
 ii  libqt4-network4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
 ii  libqt4-xml4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
 ii  libqtcore44:4.8.6+git64-g5dc8b2b+dfsg-2+b1
 ii  libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
 ii  libqtwebkit4  2.3.4.dfsg-3
 ii  libsendlater4 4:4.14.2-2
 ii  libsolid4 4:4.14.2-4
 ii  libstdc++64.9.2-5
 ii  libtemplateparser44:4.14.2-2
 ii  perl  5.20.1-3
 
 Versions of packages kmail recommends:
 ii  gnupg-agent   2.0.26-3
 ii  gnupg22.0.26-3
 ii  pinentry-gtk2 [pinentry-x11]  0.8.3-2
 
 Versions of packages kmail suggests:
 ii  bogofilter 1.2.4+dfsg1-3
 pn  clamav | f-prot-installer  none
 ii  kaddressbook   4:4.14.2-2
 pn  kleopatra  none
 ii  procmail   3.22-23
 ii  spambayes  1.1b1-1
 
 -- no debconf information

Bug#745819: zoneminder experimental

2014-12-09 Thread Chris Bell




-- 
Chris Bell www.chrisbell.org.uk
Date: Mon, 8 Dec 2014 17:54:13 + (GMT)
From: Chris Bell chrisb...@chrisbell.org.uk
Subject: zoneminder experimental
To: vagr...@debian.org
Cc: p...@northern-ridge.com.au

I am not a competent programmer, but have been trying to figure out why the
experimental version of zoneminder is not building correctly. 
Hope this is of some use.

I have noticed that two packages listed under Depends are shown as not
available
   
   libarchive-tar-perl
   libmodule-load-perl
   
but both are now provided by
   
   perl-modules

which is not listed under Build-Depends or Depends, but is required by perl
as a Depend, so does it need to be listed here?

I have noticed that there are some Build-Depends which are available in
jessie and sid, but have Depends on specific lib versions different from
those listed under zoneminder Depends. Will they get fixed during a new
build?

libavcodec-dev
   Req: libavcodec56 or libavcodec-extra-56
   not libavcodec55 or libavcodec-extra-55
   
libavformat-dev
   Req: libavformat56
   not libavformat55
   
libavutil-dev
   Req: libavutil54
   not libavutil53

libavdevice-dev
   Req: libavdevice55
   not libavdevice54

libswscale-dev
   Req: libswscale3
   not libswscale2 



I have also noticed:

Build-Depends: libgnutls-openssl-dev  which is a virtual package provided by
libgnutls28-dev
   which in jessie and sid lists
   dep: libgnutls-deb0-28
   dep: libgnutls-openssl27
   dep: libgnutlsxx28
   
dep: libgnutls26 (= 2.12.17-0) GNU TLS library - runtime library 
   Not listed in jessie or sid, replaced by
   in jessie and sid libgnutls-deb0-28 (3.3.8-5)
   in jessie and sid: libgnutlsxx28
   also available in sid: libgnutls28

dep: libgcrypt11 (= 1.5.1) LGPL Crypto library - runtime library
   also available in jessie and sid: libcrypt20

dep: libjpeg8 (= 8c) Independent JPEG Group's JPEG runtime library
   also available in jessie and sid: libjpeg9

dep: libstdc++6 (= 4.1.1) [not armel, armhf] GNU Standard C++ Library v3
dep: libstdc++6 (= 4.4.0) [armel, armhf]
   all are listed simply as libsdc++6 in jessie and sid



-- 
Chris Bell www.chrisbell.org.uk
Microsoft sells you Windows ... Linux gives you the whole house.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770655: git FTBFS: failure in t9500-gitweb-standalone-no-errors.sh

2014-12-09 Thread Reiner Herrmann

Package: git
Version: 1:2.1.3-1
Followup-For: Bug #770655

The warning was introduced in CGI.pm because of a possible vulnerability [1].
According to [2], gitweb is not actually affected by this vulnerability, but
the commit can be used as a workaround to prevent the warning.
With the patch applied the test ran successfully and I was able to build
the packages.

[1]: http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-
applications/
[2]: https://github.com/git/git/commit/13dbf46a397260675a16b506314b0b2ed9713bbb



-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.17.3 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages git depends on:
ii  git-man  1:2.1.3-1
ii  libc62.19-13
ii  libcurl3-gnutls  7.38.0-3
ii  liberror-perl0.17-1.1
ii  libexpat12.1.0-6+b3
ii  libpcre3 2:8.35-3.3
ii  perl-modules 5.20.1-3
ii  zlib1g   1:1.2.8.dfsg-2+b1

Versions of packages git recommends:
ii  less 458-3
ii  openssh-client [ssh-client]  1:6.7p1-3
ii  patch2.7.1-6
ii  rsync3.1.1-2+b1

Versions of packages git suggests:
ii  gettext-base  0.19.3-2
pn  git-arch  none
pn  git-cvs   none
pn  git-daemon-run | git-daemon-sysvinit  none
pn  git-doc   none
pn  git-elnone
ii  git-email 1:2.1.3-1
pn  git-gui   none
pn  git-mediawiki none
pn  git-svn   none
ii  gitk  1:2.1.3-1
pn  gitwebnone

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772657: ttf-cjk-compact: build-depends on ruby1.8

2014-12-09 Thread Christian Hofstaedtler

* Cyril Brulebois k...@debian.org [141209 18:41]:
 Ralf Treinen trei...@pps.univ-paris-diderot.fr (2014-12-09):
  Source: ttf-cjk-compact
  Version: 1.20
  Severity: serious
  Tags: jessie
  User: trei...@debian.org
  Usertags: edos-uninstallable
  
  Hi,
  
  ttf-cjk-compact build-depends on ruby1.8, which does not exist in jessie.
  In fact, ruby1.8 was removed from testing on 2014-03-13.
 
 It really would be nice not to remove packages that are still
 build-depended on, especially when no bug reports are being filed.
 
 One month into the freeze isn't exactly the right time to attempt a 1.8
 to 1.9 (or whatever else is current this week) ruby transition in d-i
 packages.

AFAICT, ttf-cjk-compact 1.20 is not in jessie or sid.
ttf-cjk-compact 1.23 from jessie/sid depends on ruby, not ruby1.8.

From here it looks like there was no bug filed because 1.21 already
fixed this issue (in 2013) without us needing to file an additional
bug.

Best,
-- 
 ,''`.  Christian Hofstaedtler z...@debian.org
: :' :  Debian Developer
`. `'   7D1A CFFA D9E0 806C 9C4C  D392 5C13 D6DB 9305 2E03
  `-



pgpJAxlzqyqTp.pgp
Description: PGP signature

Bug#772657: marked as done (ttf-cjk-compact: build-depends on ruby1.8)

Your message dated Tue, 9 Dec 2014 21:00:32 +0100
with message-id 20141209200032.ga3...@mail.waldi.eu.org
and subject line Re: Bug#772657: ttf-cjk-compact: build-depends on ruby1.8
has caused the Debian Bug report #772657,
regarding ttf-cjk-compact: build-depends on ruby1.8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772657: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772657
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: ttf-cjk-compact
Version: 1.20
Severity: serious
Tags: jessie
User: trei...@debian.org
Usertags: edos-uninstallable

Hi,

ttf-cjk-compact build-depends on ruby1.8, which does not exist in jessie.
In fact, ruby1.8 was removed from testing on 2014-03-13.

-Ralf.
---End Message---
---BeginMessage---
On Tue, Dec 09, 2014 at 06:25:42PM +0100, Ralf Treinen wrote:
 Source: ttf-cjk-compact
 Version: 1.20
 Tags: jessie

This version is not in jessie, only in wheezy.

Bastian

-- 
If I can have honesty, it's easier to overlook mistakes.
-- Kirk, Space Seed, stardate 3141.9---End Message---

Bug#772612: kmail: Sent message opened for editing by default and can be removed from sent by saving

2014-12-09 Thread Shai Berger

Hi,

On Tuesday 09 December 2014 11:12:42 Diane Trout wrote:
 Hello,
 
 I tried to duplicate this with 4.14.1.
 
 I had to hit T in order to actually edit the message, and then if I make a
 change and save it, the save button says Save to Draft, for me the
 modified message moved to the Drafts folder.
 
 By any chance is the modified message now in the draft folder for you?

Yes, it is. I might have considered it not-really-data-loss, if the behavior 
had only been specifically triggered by editing the message. But:

A) I definitely (just checked again) didn't need to press T (which is labeled 
in the menu as Edit message). On the other hand, double-click behaves as T 
for me in other folders as well. Is there a setting I messed up? I couldn't 
find anything looking relevant.

B) I expect behavior in sent-messages to be the same as, say, inbox, where the 
message, even if selected for editing, is not changed or removed, but a new 
copy of it is created and edited.

The message moving to the draft folder is already losing its sent status and 
sent date/time, and is highly likely to lose the message itself as well (if 
the user did not expect or notice that the draft takes the place of the old 
sent message).

Thanks,
Shai.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772657: ttf-cjk-compact: build-depends on ruby1.8

On Tue, Dec 09, 2014 at 08:51:52PM +0100, Christian Hofstaedtler wrote:
 * Cyril Brulebois k...@debian.org [141209 18:41]:
  Ralf Treinen trei...@pps.univ-paris-diderot.fr (2014-12-09):
   Source: ttf-cjk-compact
   Version: 1.20
   Severity: serious
   Tags: jessie
   User: trei...@debian.org
   Usertags: edos-uninstallable
   
   Hi,
   
   ttf-cjk-compact build-depends on ruby1.8, which does not exist in jessie.
   In fact, ruby1.8 was removed from testing on 2014-03-13.
  
  It really would be nice not to remove packages that are still
  build-depended on, especially when no bug reports are being filed.
  
  One month into the freeze isn't exactly the right time to attempt a 1.8
  to 1.9 (or whatever else is current this week) ruby transition in d-i
  packages.
 
 AFAICT, ttf-cjk-compact 1.20 is not in jessie or sid.
 ttf-cjk-compact 1.23 from jessie/sid depends on ruby, not ruby1.8.

In fact, the jessie Sources file contains both 1.20 and 1.23. Which means 
there is indeed no bug against ttf-cjk-compact.

However, this seems still strange to me. I know that sid may contain
temporarily multiple versions of the same package, but I don't think
that this is OK for testing.

Ralf.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772657: ttf-cjk-compact: build-depends on ruby1.8

2014-12-09 Thread Christian Hofstaedtler

* Adam D. Barratt a...@adam-barratt.org.uk [141209 21:05]:
 On Tue, 2014-12-09 at 20:51 +0100, Christian Hofstaedtler wrote:
  * Cyril Brulebois k...@debian.org [141209 18:41]:
   Ralf Treinen trei...@pps.univ-paris-diderot.fr (2014-12-09):
Source: ttf-cjk-compact
Version: 1.20
Tags: jessie

  AFAICT, ttf-cjk-compact 1.20 is not in jessie or sid.
  ttf-cjk-compact 1.23 from jessie/sid depends on ruby, not ruby1.8.
 
 It's still in sid's Sources file, but marked as Extra-Source-Only.
 AFAICS, that's due to us having bumped stable's
 debian-installer-netboot-images (which was quite legitimately built
 against ttf-cjk-compact 1.20 and ruby1.8) in to sid and jessie during
 the last point release.

rmadison and dak ls (on coccia) both don't show any indication of
ttf-cjk-compact 1.20 being 'in' jessie/sid.
The BTS also thinks 1.20 as being in stable, and 1.23 being the
jessie/sid version.

apt-cache showsrc was showing me an 1.20 source package, but I
disregarded it with I may have wheezy sources configured in this
VM.

If the common tools fail at showing this, then I'm really at a loss
of tools and would like to request improvements to these tools.

 This is not a bug in the package, nor anything that can be fixed other
 than by a source upload of d-i-n-i for sid. I'm therefore going to close
 this report.
 
 (In general, it's worth checking such things aren't purely E-S-O: yes.)

Thanks for the explanation.

C.

-- 
 ,''`.  Christian Hofstaedtler z...@debian.org
: :' :  Debian Developer
`. `'   7D1A CFFA D9E0 806C 9C4C  D392 5C13 D6DB 9305 2E03
  `-



pgpSUEMDztWkY.pgp
Description: PGP signature

Bug#772657: ttf-cjk-compact: build-depends on ruby1.8

On Tue, Dec 09, 2014 at 08:04:50PM +, Adam D. Barratt wrote:
 On Tue, 2014-12-09 at 20:51 +0100, Christian Hofstaedtler wrote:
  * Cyril Brulebois k...@debian.org [141209 18:41]:
   Ralf Treinen trei...@pps.univ-paris-diderot.fr (2014-12-09):
Source: ttf-cjk-compact
Version: 1.20
Severity: serious
Tags: jessie
User: trei...@debian.org
Usertags: edos-uninstallable

Hi,

ttf-cjk-compact build-depends on ruby1.8, which does not exist in 
jessie.
In fact, ruby1.8 was removed from testing on 2014-03-13.
   
   It really would be nice not to remove packages that are still
   build-depended on, especially when no bug reports are being filed.
   
   One month into the freeze isn't exactly the right time to attempt a 1.8
   to 1.9 (or whatever else is current this week) ruby transition in d-i
   packages.
  
  AFAICT, ttf-cjk-compact 1.20 is not in jessie or sid.
  ttf-cjk-compact 1.23 from jessie/sid depends on ruby, not ruby1.8.
 
 It's still in sid's Sources file, but marked as Extra-Source-Only.
 AFAICS, that's due to us having bumped stable's
 debian-installer-netboot-images (which was quite legitimately built
 against ttf-cjk-compact 1.20 and ruby1.8) in to sid and jessie during
 the last point release.
 
 This is not a bug in the package, nor anything that can be fixed other
 than by a source upload of d-i-n-i for sid. I'm therefore going to close
 this report.
 
 (In general, it's worth checking such things aren't purely E-S-O: yes.)

OK. Julien pointed me already to E-S-O in the context of a different
case where I had reported missing build-depends. Sorry for the noise,
I'll refine my script.

-Ralf.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: package non-functional without non-Debian install

Processing control commands:

 severity 769912 grave
Bug #769912 [fdroidserver] fdroidserver does not use Debian-provided utilities
Severity set to 'grave' from 'important'

-- 
769912: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769912
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: your mail

Processing commands for cont...@bugs.debian.org:

 tags 761140 - pending
Bug #761140 [python-enable] pytimechart fails to start
Removed tag(s) pending.
 block 761140 by 772668
Bug #761140 [python-enable] pytimechart fails to start
761140 was not blocked by any bugs.
761140 was not blocking any bugs.
Added blocking bug(s) of 761140: 772668

End of message, stopping processing here.

Please contact me if you need assistance.
-- 
761140: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761140
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: severity of 771466 is important

Processing commands for cont...@bugs.debian.org:

 severity 771466 important
Bug #771466 [nagios3] CVE-2013-7108 CVE-2013-7205
Severity set to 'important' from 'grave'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
771466: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771466
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772673: libjerasure-dev: missing dependency on libgf-complete-dev

2014-12-09 Thread Dmitry Smirnov

Package: libjerasure-dev
Version: 2.0.0-1
Severity: serious

libjerasure-dev installs file galois.h which contains

#include gf_complete.h

gf_complete.h is provided by libgf-complete-dev hence
libjerasure-dev should depend on libgf-complete-dev.

Missing dependency may cause FTBFS in depending packages, like below:


/usr/include/jerasure/galois.h:43:25: fatal error: gf_complete.h: No such file 
or directory 
 #include gf_complete.h 
 ^ 
compilation terminated. 


-- 
Best wishes,
 Dmitry Smirnov
 GPG key : 4096R/53968D1B

---

There is no such thing as public opinion. There is only published opinion.
-- Winston Churchill


signature.asc
Description: This is a digitally signed message part.

Bug#772114: zotero-standalone: zotero does not start anymore

2014-12-09 Thread W Forum W


Any information yet??


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772657: ttf-cjk-compact: build-depends on ruby1.8

2014-12-09 Thread Bastian Blank

On Tue, Dec 09, 2014 at 09:16:50PM +0100, Ralf Treinen wrote:
 In fact, the jessie Sources file contains both 1.20 and 1.23. Which means 
 there is indeed no bug against ttf-cjk-compact.

It is marked with
| Extra-Source-Only: yes
So it is only there to fullfil source requirements with a Built-Using
declaration.

 However, this seems still strange to me. I know that sid may contain
 temporarily multiple versions of the same package, but I don't think
 that this is OK for testing.

Different problem.  Unstable can have binary packages of different
version on different architectures and the corresponding sources.

Bastian

-- 
First study the enemy.  Seek weakness.
-- Romulan Commander, Balance of Terror, stardate 1709.2


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#769216: djangorestframework: FTBFS in jessie: unsatisfiable build-dependencies: python-django-guardian (= 1.1.1), python3-django-guardian (= 1.1.1)

2014-12-09 Thread Brian May

On 24 November 2014 at 09:25, Brian May br...@microcomaustralia.com.au
wrote:

 Looks like django-guardian was removed due to bug 763222.

 https://bugs.debian.org/763222

 Which is a pain, I thought I had fixed all build issues in 755598.

 Will have a look into 763222.


It looks likely my fixed version of django-guardian will get into Jessie.
See #770779. This will mean this bug can be closed.

Note however that if any more RC bugs are found in django-guardian, it is
unlikely that they will get into Jessie; it is more likely that the package
will get removed from Jessie.
-- 
Brian May br...@microcomaustralia.com.au

Bug#768678: no subject

2014-12-09 Thread Potter, Tim (Cloud Services)

Hi everyone.  Can this bug be closed out?  I don't think marking it as
pending is good enough to fix auto-removed build-dependencies on
ruby-faraday.

I've checked the dependent bug mentioned, 770728, and the two packages
mentioned (ruby-em-hiredis and ruby-em-synchrony) transitioned to testing
in late November.  ruby-faraday is a build dependency for one of my
packages, ruby-elasticsearch, and the QA page still says that it will be
auto removed by this bug.



Regards,

Tim.


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772114: zotero-standalone: zotero does not start anymore

2014-12-09 Thread Mike Hommey

On Fri, Dec 05, 2014 at 09:53:09AM +, Michele Cane wrote:
 Hi,
 
 If I am correct this is an issue with iceweasel. For some reason iceweasel
 version results as 10.0.12 instead of 31.3.
 I do not have access to a stable machine right now. I'll try to test it
 later tonight but I think I'll assign this bug to the iceweasel package.

Where would that 10.0.12 version come from? I don't see it coming from
iceweasel, there must be something fishy with how zotero starts up, and
my guess is that the bug reporter has xulrunner 10.0.0.12 on their
machine.

Mike


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: reassign 772114 to zotero-standalone

Processing commands for cont...@bugs.debian.org:

 reassign 772114 zotero-standalone
Bug #772114 [iceweasel] zotero-standalone: zotero does not start anymore
Bug reassigned from package 'iceweasel' to 'zotero-standalone'.
No longer marked as found in versions iceweasel/31.3.0esr-1~deb7u1.
Ignoring request to alter fixed versions of bug #772114 to the same values 
previously set
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
772114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772114
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#748728: marked as done (id-utils and libuser: error when trying to install together)

Your message dated Tue, 09 Dec 2014 22:36:00 +
with message-id e1xytnw-br...@franck.debian.org
and subject line Bug#748728: fixed in libuser 1:0.60~dfsg-1.1
has caused the Debian Bug report #748728,
regarding id-utils and libuser: error when trying to install together
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
748728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748728
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libuser,id-utils
Version: libuser/1:0.60~dfsg-1
Version: id-utils/4.6+git20120811-4
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite

Date: 2014-05-20
Architecture: amd64
Distribution: sid

Hi,

automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:


Selecting previously unselected package libffi6:amd64.
(Reading database ... 10936 files and directories currently installed.)
Preparing to unpack .../libffi6_3.1~rc1+r3.0.13-12_amd64.deb ...
Unpacking libffi6:amd64 (3.1~rc1+r3.0.13-12) ...
Selecting previously unselected package libglib2.0-0:amd64.
Preparing to unpack .../libglib2.0-0_2.40.0-3_amd64.deb ...
Unpacking libglib2.0-0:amd64 (2.40.0-3) ...
Selecting previously unselected package id-utils.
Preparing to unpack .../id-utils_4.6+git20120811-4_amd64.deb ...
Unpacking id-utils (4.6+git20120811-4) ...
Selecting previously unselected package libuser1.
Preparing to unpack .../libuser1_1%3a0.60~dfsg-1_amd64.deb ...
Unpacking libuser1 (1:0.60~dfsg-1) ...
Selecting previously unselected package libuser.
Preparing to unpack .../libuser_1%3a0.60~dfsg-1_amd64.deb ...
Unpacking libuser (1:0.60~dfsg-1) ...
dpkg: error processing archive 
/var/cache/apt/archives/libuser_1%3a0.60~dfsg-1_amd64.deb (--unpack):
 trying to overwrite '/usr/share/man/man1/lid.1.gz', which is also in package 
id-utils 4.6+git20120811-4
Processing triggers for install-info (5.2.0.dfsg.1-3) ...
Processing triggers for man-db (2.6.7.1-1) ...
Errors were encountered while processing:
 /var/cache/apt/archives/libuser_1%3a0.60~dfsg-1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)


This is a serious bug as it makes installation fail, and violates
sections 7.6.1 and 10.1 of the policy. An optimal solution would
consist in only one of the packages installing that file, and renaming
or removing the file in the other package. Depending on the
circumstances you might also consider Replace relations or file
diversions. If the conflicting situation cannot be resolved then, as a
last resort, the two packages have to declare a mutual
Conflict. Please take into account that Replaces, Conflicts and
diversions should only be used when packages provide different
implementations for the same functionality.

Here is a list of files that are known to be shared by both packages
(according to the Contents file for sid/amd64, which may be
slightly out of sync):

  /usr/share/man/man1/lid.1.gz

This bug has been filed against both packages. If you, the maintainers of
the two packages in question, have agreed on which of the packages will
resolve the problem please reassign the bug to that package. You may then
also register in the BTS that the other package is affected by the bug.

-Ralf.

PS: for more information about the detection of file overwrite errors
of this kind see http://edos.debian.net/file-overwrites/.
---End Message---
---BeginMessage---
Source: libuser
Source-Version: 1:0.60~dfsg-1.1

We believe that the bug you reported is fixed in the latest version of
libuser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 748...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Micha Lenk mi...@debian.org (supplier of updated libuser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 09 Dec 2014 22:11:03 +
Source: libuser
Binary: libuser libuser1-dev libuser1 python-libuser
Architecture: source amd64
Version: 1:0.60~dfsg-1.1
Distribution: unstable
Urgency: medium
Maintainer: Ghe Rivero g...@debian.org
Changed-By: Micha Lenk mi...@debian.org

Processed: unarchiving 506348, notfixed 506348 in tau/2.16.4-1.3

Processing commands for cont...@bugs.debian.org:

 severity 506348 serious
Bug #506348 {Done: Anibal Monsalve Salazar ani...@debian.org} [tau] 
CVE-2008-5157: allows local users to overwrite arbitrary files via a symlink 
attack
Severity set to 'serious' from 'important'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
506348: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506348
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#769545: marked as done (python3-websocket: dist-packages/tests/init.py conflict)

Your message dated Tue, 09 Dec 2014 22:49:22 +
with message-id e1xytas-0002fy...@franck.debian.org
and subject line Bug#769545: fixed in python-ghost 0.1b6+git20141209-1
has caused the Debian Bug report #769545,
regarding python3-websocket: dist-packages/tests/__init__.py conflict
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
769545: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769545
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: python3-websocket
Version: 0.18.0-1
Severity: serious
Justification: Policy 6.6 (4)

python3-websocket ships the overly generic path
/usr/lib/python3/dist-packages/tests/__init__.py, leading to de facto
conflicts with similarly broken packages.  Please either install these
tests somewhere less likely to cause trouble or omit them altogether.
(It looks like python-websocket already does the latter.)

Thanks!
---End Message---
---BeginMessage---
Source: python-ghost
Source-Version: 0.1b6+git20141209-1

We believe that the bug you reported is fixed in the latest version of
python-ghost, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 769...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
W. Martin Borgert deba...@debian.org (supplier of updated python-ghost 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 09 Dec 2014 09:05:43 +
Source: python-ghost
Binary: python-ghost python3-ghost
Architecture: source all
Version: 0.1b6+git20141209-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team 
python-modules-t...@lists.alioth.debian.org
Changed-By: W. Martin Borgert deba...@debian.org
Description:
 python-ghost - webkit web client library
 python3-ghost - webkit web client library
Closes: 769545 772604
Changes:
 python-ghost (0.1b6+git20141209-1) unstable; urgency=low
 .
   * Use Python 3 fixes from upstream.
   * Fix build error (Closes: #772604).
   * Remove more test files from binary package (Closes: #769545).
Checksums-Sha1:
 65a44d2ebbbd1ffc20fc730655c1b6f5137a688f 2215 
python-ghost_0.1b6+git20141209-1.dsc
 aedcb2fc3a1b2152fd8e44393714750116e7bfdf 69329 
python-ghost_0.1b6+git20141209.orig.tar.gz
 f7f7934dd1f28f43fa1c45f6e5d9d9929cdaa40a 2452 
python-ghost_0.1b6+git20141209-1.debian.tar.xz
 15e0d9f74a2d05a5e56131726d79f7fa235046b8 13824 
python-ghost_0.1b6+git20141209-1_all.deb
 74fecb33045565d0c331663b459cd8ece01ff9f5 13576 
python3-ghost_0.1b6+git20141209-1_all.deb
Checksums-Sha256:
 0871b8c14bdc74b7fbd1f7bbac2fb193bd07374d9a80d42dfaec787eaaf5a35c 2215 
python-ghost_0.1b6+git20141209-1.dsc
 ccf52350acf5a08080e78ccf23534c589015f623cc6aa1a3966187fefd4d28bd 69329 
python-ghost_0.1b6+git20141209.orig.tar.gz
 2b58ff13f59e7a3618df165834464cb283c73de27dd2df6629e761b1800241f2 2452 
python-ghost_0.1b6+git20141209-1.debian.tar.xz
 b31e3c143da24b67af8aa27f90a678979703bf5a18945d0f5b3af73af032f85b 13824 
python-ghost_0.1b6+git20141209-1_all.deb
 df5f7c104421fc6b4ced8fba3d8597b39c13004d70464a30239e7ec7de7c5d6e 13576 
python3-ghost_0.1b6+git20141209-1_all.deb
Files:
 13c50865a90b495bd5011b3d7198b425 2215 python optional 
python-ghost_0.1b6+git20141209-1.dsc
 b0bbf687ad3802ac3ced0ee9029af3b7 69329 python optional 
python-ghost_0.1b6+git20141209.orig.tar.gz
 1c5be3e80142ca66cb17b408b96b1eaa 2452 python optional 
python-ghost_0.1b6+git20141209-1.debian.tar.xz
 bd239769ab614eb33ef762b910910c7f 13824 python optional 
python-ghost_0.1b6+git20141209-1_all.deb
 24d85c3bf2924b94d34bb4ae32610de8 13576 python optional 
python3-ghost_0.1b6+git20141209-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJUh3qmAAoJEOPgocKGuWPqrp0QAK8b3VjLiAD81PGFE+uO9Z/+
21lx/pBBAniQLWGdi0Y17kBynJ1+t2DDVqTj7ImfPgwQtr8+GSdbpSTc0AMEsnGV
35i8f485+DBKU0eSECfedKMSvNUAxNiZSWrO4eyL3ZT4NOKGzjzBBj9VUntJM4DK
9FPWZb577pBT2cxcLhmvePSraYEVdsgXlFsK3/EBxQ3Ly6sEX2eqjsTD38HtgVgS
ZoAPMhyzol6va4+bjY/Yjyz6cwfCK35w43agejhfxn2WkCUHpjGB/TJlJtn5ouDI
0Eg6fDh5e3RKeOl5QrmmgZMX9kqJWeI9A9AAwDj1nUCWn7LnpnyevJjb221Ps0IE
hv+sZ9ZkoyzEG9tprzE60sS4sGzKPu6bOr4ftdYwASl+krzV8mCDGriqsdn59N5Y
/9qOdk8VV8EUOCIUv3QmUaI/rlG0DncDL2QyfkXCPVYLPORBkwYl7lvaJsKcYXKM

Bug#772604: marked as done (src:python-ghost: please do not use --with quilt in debian/rules)

Your message dated Tue, 09 Dec 2014 22:49:22 +
with message-id e1xytas-0002g4...@franck.debian.org
and subject line Bug#772604: fixed in python-ghost 0.1b6+git20141209-1
has caused the Debian Bug report #772604,
regarding src:python-ghost: please do not use --with quilt in debian/rules
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772604: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772604
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: src:python-ghost
Version: 0.1b6-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Dear Maintainer,

The python-ghost package currently FTBFS due to the inclusion of --with quilt 
in debian/rules without the corresponding build dependency on quilt. However, 
since this is a 3.0 (quilt) package, you can just remove the --with quilt 
altogether, and it will still apply the patches properly.

I noticed that there is another error on clean after fixing this, so please 
look into that before uploading this fix.

Thanks,
Logan Rosen

-- System Information:
Debian Release: jessie/sid
  APT prefers vivid-updates
  APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid'), 
(100, 'vivid-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-25-generic (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
---End Message---
---BeginMessage---
Source: python-ghost
Source-Version: 0.1b6+git20141209-1

We believe that the bug you reported is fixed in the latest version of
python-ghost, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
W. Martin Borgert deba...@debian.org (supplier of updated python-ghost 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 09 Dec 2014 09:05:43 +
Source: python-ghost
Binary: python-ghost python3-ghost
Architecture: source all
Version: 0.1b6+git20141209-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team 
python-modules-t...@lists.alioth.debian.org
Changed-By: W. Martin Borgert deba...@debian.org
Description:
 python-ghost - webkit web client library
 python3-ghost - webkit web client library
Closes: 769545 772604
Changes:
 python-ghost (0.1b6+git20141209-1) unstable; urgency=low
 .
   * Use Python 3 fixes from upstream.
   * Fix build error (Closes: #772604).
   * Remove more test files from binary package (Closes: #769545).
Checksums-Sha1:
 65a44d2ebbbd1ffc20fc730655c1b6f5137a688f 2215 
python-ghost_0.1b6+git20141209-1.dsc
 aedcb2fc3a1b2152fd8e44393714750116e7bfdf 69329 
python-ghost_0.1b6+git20141209.orig.tar.gz
 f7f7934dd1f28f43fa1c45f6e5d9d9929cdaa40a 2452 
python-ghost_0.1b6+git20141209-1.debian.tar.xz
 15e0d9f74a2d05a5e56131726d79f7fa235046b8 13824 
python-ghost_0.1b6+git20141209-1_all.deb
 74fecb33045565d0c331663b459cd8ece01ff9f5 13576 
python3-ghost_0.1b6+git20141209-1_all.deb
Checksums-Sha256:
 0871b8c14bdc74b7fbd1f7bbac2fb193bd07374d9a80d42dfaec787eaaf5a35c 2215 
python-ghost_0.1b6+git20141209-1.dsc
 ccf52350acf5a08080e78ccf23534c589015f623cc6aa1a3966187fefd4d28bd 69329 
python-ghost_0.1b6+git20141209.orig.tar.gz
 2b58ff13f59e7a3618df165834464cb283c73de27dd2df6629e761b1800241f2 2452 
python-ghost_0.1b6+git20141209-1.debian.tar.xz
 b31e3c143da24b67af8aa27f90a678979703bf5a18945d0f5b3af73af032f85b 13824 
python-ghost_0.1b6+git20141209-1_all.deb
 df5f7c104421fc6b4ced8fba3d8597b39c13004d70464a30239e7ec7de7c5d6e 13576 
python3-ghost_0.1b6+git20141209-1_all.deb
Files:
 13c50865a90b495bd5011b3d7198b425 2215 python optional 
python-ghost_0.1b6+git20141209-1.dsc
 b0bbf687ad3802ac3ced0ee9029af3b7 69329 python optional 
python-ghost_0.1b6+git20141209.orig.tar.gz
 1c5be3e80142ca66cb17b408b96b1eaa 2452 python optional 
python-ghost_0.1b6+git20141209-1.debian.tar.xz
 bd239769ab614eb33ef762b910910c7f 13824 python optional 
python-ghost_0.1b6+git20141209-1_all.deb
 24d85c3bf2924b94d34bb4ae32610de8 13576 python optional 
python3-ghost_0.1b6+git20141209-1_all.deb

-BEGIN PGP

Bug#772417: Re: Bug#772417: Re: Bug#772417: desktop-base: debian/copyright file needs to be updated

2014-12-09 Thread Aurélien COUDERC

Le 08/12/2014 11:38, Francesco Poli a écrit :
The following part looks problematic:

| The Lines KSplash theme is © 2013 Martin Klapetek, © 2014 Aurélien Couderc
| under the GPLv2 with artwork from Juliette Taka Belin, Nuno Pinheiro under
the
| GPLv2 license.

First of all, the artwork by Juliette is not under the GPL v2 or any
later version, not under the GPL v2 (only).
But the question is: are the other artwork also under the GPL v2 or any
later version? It's not too clear from the description, but, *in case*
the Lines KSplash theme is derived from the artwork by Juliette which
is based on the Debian “Open Use” Logo (with the “Debian” label), we
could again face the issue due to LGPLv3 / GPLv2 incompatibility...
Please check with the relevant copyright holders and update the
debian/copyright file accordingly.
After checking :
- we’re talking about the script that is © 2013 Martin Klapetek, © 2014
Aurélien Couderc under the GPLv2+ (not just v2)
- the artwork is a from Juliette Taka Belin (GPLv2+) and the Oxygen Icon
Theme contributors (LGPLv3+)

http://metadata.ftp-master.debian.org/changelogs//main/o/oxygen-icons/oxygen-icons_4.14.0-1_copyright

I propose the following :
| The Lines KSplash script is © 2013 Martin Klapetek, © 2014 Aurélien
Couderc
| under the GPLv2 or any later version.
|
| The artwork for the Lines KSplash theme is © 2014 Juliette Taka Belin
under
| the GPLv2 or any later version and © 2007-2014 from the Oxygen Icon Theme
| contributors under the LGPLv3 or any later version.

And we were missing the 2012 copyright for Eshat Cakar for login box of
the Lines KDM themes :
https://wiki.debian.org/DebianArt/Themes/Roj
that is not Adrien’s work as I thought but Eshat’s (fortunately under
GPLv2+).

There may be issues with the following parts, as well:

| The Joy GDM is © 2012 Paul Tagliamonte GPLv2, with work
| from all the previous authors of that file, and artwork from Adrien Aubourg
under
| the GPLv3 license.
|
| The Joy KDM theme is © 2012 Eshat Cakar and © 2010 Roman Shtylman GPLv2
| with artwork from Adrien Aubourg under the GPLv3 license.
|
| The Joy KSplash theme is © 2012 Eshat Cakar, Nuno Pinheiro, Riccardo
Iaconelli GPLv2
| with artwork from Adrien Aubourg under the GPLv3 license.
|
| The Joy grub theme is © 2012 Paul Tagliamonte GPLv2, using artwork from
Adrien
| Aubourg licensed under GPLv3 license.

Any of these four themes may be troublesome, if is a work derived from
GPLv3 artwork and from GPLv2 parts is created.
Since the Joy artwork by Adrien Aubourg was previously licensed under
the GPLv2 and has subsequently been re-licensed under the GPLv3
(without modifying the artwork itself, if I understand correctly:
please confirm!), then we may solve the issues with these four themes
by stating that: The Joy theme is © 2012 Adrien Aubourg and released
under the GPL license, version 2 or 3.
Adrien nicely accepted to relicense the Joy theme under the GPLv2+ so it
solves the incompatibilities. I’ll update the copyrights.
https://wiki.debian.org/DebianArt/Themes/Joy
As Adrien mentioned, it would be good to impose GPLv2+ for future theme
contributions to avoid headaches for too many people.

Then I propose dropping :

That « theme » is the grub background and like the Joy wallpaper is
strictly based on Adrien’s work + debian open logo without debian, so
it’s already covered by the global copyright statement about the Joy theme.
I see the statement as more noise than information.

I also removed mentions of the « splashy » spacefun theme as splashy is
not used anymore on recent desktops.

Another issue could be:

| Spacefun plymouth theme is © 2010 Aurelien Couderc and released under the
GPLv3
| license, using artwork from Valessio S. Brito.

I am not sure: is the part of the Spacefun plymouth theme that's
copyrighted by you a script that loads Valessio's artwork? Or is
something that combines with Valessio's artwork, thus creating a whole
work derived from both parts?
In the former case I can see no problems; in the latter case, there's
again an incompatibility issue (GPLv2 vs. GPLv3).
Hard to say really. The copyright is for the script, the script uses
artwork elements to build what’s displayed, where do we stand ?…
Anyway I hereby relicense the script under the GPLv2+, and will update
the script and copyright file accordingly.

All that is committed to the repository, would you mind reviewing again
the latest version ?
(Revision 342).

Thanks,
--Aurélien

signature.asc
Description: OpenPGP digital signature

Bug#770695: Dovecot-core unable to finish its installation

2014-12-09 Thread Michael Hatzold


Hi

I downgraded to 2.2.13-9

Still hanging after these lines:


**
Vorbereitung zum Entpacken von .../dovecot-imapd_1%3a2.2.13-9_amd64.deb ...
[ ok ] Stopping IMAP/POP3 mail server: dovecot.
Entpacken von dovecot-imapd (1:2.2.13-9) über (1:2.2.15-1) ...
dpkg: Warnung: Version 1:2.2.15-1 des Paketes dovecot-core wird durch
ältere Version 1:2.2.13-9 ersetzt
Vorbereitung zum Entpacken von .../dovecot-core_1%3a2.2.13-9_amd64.deb ...
[ ok ] Stopping IMAP/POP3 mail server: dovecot.
Entpacken von dovecot-core (1:2.2.13-9) über (1:2.2.15-1) ...
Trigger für man-db (2.7.0.2-4) werden verarbeitet ...
Trigger für siduction-dynamic-dms (2014.08.06) werden verarbeitet ...
dovecot-core (1:2.2.13-9) wird eingerichtet ...

Creating config file /etc/dovecot/dovecot-dict-auth.conf.ext with new
version

Creating config file /etc/dovecot/conf.d/auth-dict.conf.ext with new
version
[ ok ] Starting IMAP/POP3 mail server: dovecot.
dovecot-imapd (1:2.2.13-9) wird eingerichtet ...
Trigger für dovecot-core (1:2.2.13-9) werden verarbeitet ...
[ ok ] Restarting IMAP/POP3 mail server: dovecot.
[ ok ] Starting IMAP/POP3 mail server: dovecot.

**


I waited more than 5 minutes, then killed dpkg which gave this output:


**
E: Sub-process /usr/bin/dpkg exited unexpectedly
W: Operation wurde unterbrochen, bevor sie beendet werden konnte.
E: Problem executing scripts DPkg::Post-Invoke 'adequate --help /dev/null
21 || exit 0; exec adequate --debconf --user nobody --pending'
E: Sub-process returned an error code

**



dpkg --configure -a didn't work due the dpkg lock. While searching for  
other processes which might be in the way htop showed me a file called  
dovecot-core.po where the S column was marked Z . (I have no clue  
what this means or whether or not this is valuable info, I telling you  
anyway I case it is).


After a reboot I could issue dpkg --configure -a which then configured  
dovecot-core, started the IMAP server and returned to the prompt.



Let me know if you need further info or testing.


Thanks


MH


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770695: Dovecot-core unable to finish its installation


reopen 770695
severity 770695 grave
thanks

On Tue, 9 Dec 2014, Michael Hatzold wrote:



dpkg --configure -a didn't work due the dpkg lock. While searching for 
other processes which might be in the way htop showed me a file called 
dovecot-core.po where the S column was marked Z . (I have no clue what 
this means or whether or not this is valuable info, I telling you anyway I 
case it is).


It is.  Unfortunately it makes the problem even more mysterious.  That is 
the localization file for debconf questions.  It was removed from the 
package several versions ago.  The question is why is it still there?


What is the output of:

debconf-show dovecot-core



After a reboot I could issue dpkg --configure -a which then configured 
dovecot-core, started the IMAP server and returned to the prompt.


So you did not reboot after previous installs?  Perhaps the .po file was 
cached somehow?  I will ask some more experienced Debian people if they 
have any insight into what could be happening.


--
Jaldhar H. Vyas jald...@debian.org


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#770695: Dovecot-core unable to finish its installation

Processing commands for cont...@bugs.debian.org:

 reopen 770695
Bug #770695 {Done: jald...@debian.org (Jaldhar H. Vyas)} [dovecot-core] 
Dovecot-core unable to finish its installation
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions dovecot/1:2.2.13-9.
 severity 770695 grave
Bug #770695 [dovecot-core] Dovecot-core unable to finish its installation
Severity set to 'grave' from 'critical'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
770695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772622: marked as done (CVE-2014-8602: denial of service with endless delegations)

Your message dated Tue, 09 Dec 2014 23:24:39 +
with message-id e1xyu91-0007zr...@franck.debian.org
and subject line Bug#772622: fixed in unbound 1.4.22-3
has caused the Debian Bug report #772622,
regarding CVE-2014-8602: denial of service with endless delegations
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772622
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: unbound
Severity: grave
Tags: security
Justification: user security hole

Hi,

as you may already know, a vulnerability in several recursive DNS
implementations (bind, pdns-recursor and unbound, maybe others) has been
found by a research.

For unbound, it has been assigned CVE-2014-8602 and more information can
be found on the mailing list post at
https://unbound.net/pipermail/unbound-users/2014-December/003662.html

It's not crystal clear which versions are currently vulnerable so at
first sight I'd say all. Can you prepare updated packages for Wheezy,
Jessie/Sid including only the patch linked in the above mail?

For Wheezy you need to build with -sa (since it's the first security
upload) and target wheezy-security distribution. Then you send us the
debdiff so we can have a quick check, and after our ACK you can upload
to security-master and we release the DSA.

For Jessie, you'll have to make a minimal upload to sid, and ask an
unblock to the release team.

Don't forget to put the CVE number in the changelog.

If you need any help with the above, don't hesitate to contact us.

Regards,
-- 
Yves-Alexis Perez
Debian security team

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
---End Message---
---BeginMessage---
Source: unbound
Source-Version: 1.4.22-3

We believe that the bug you reported is fixed in the latest version of
unbound, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Robert Edmonds edmo...@debian.org (supplier of updated unbound package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 09 Dec 2014 17:52:08 -0500
Source: unbound
Binary: unbound unbound-anchor unbound-host libunbound2 libunbound-dev 
python-unbound
Architecture: amd64 source
Version: 1.4.22-3
Distribution: unstable
Urgency: medium
Maintainer: Robert S. Edmonds edmo...@debian.org
Changed-By: Robert Edmonds edmo...@debian.org
Closes: 772622
Description: 
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound2 - library implementing DNS resolution and validation
 python-unbound - library implementing DNS resolution and validation (Python 
bindin
 unbound- validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Changes:
 unbound (1.4.22-3) unstable; urgency=medium
 .
   * Fix CVE-2014-8602: denial of service by making resolver chase endless
 series of delegations; closes: #772622.
Checksums-Sha1: 
 42653c3ea0c5e1775148236039775495910824e6 2277 unbound_1.4.22-3.dsc
 3a637c813988cca7730df3cfe041a08abebe800d 13432 unbound_1.4.22-3.debian.tar.xz
 a110708edcfce2540beae282d1bfeeb823395999 485648 unbound_1.4.22-3_amd64.deb
 46132644e7b0c2fc61e0569468f345f36f907c74 97740 
unbound-anchor_1.4.22-3_amd64.deb
 8a5645549932ff245aede1342a93801b9e11af1b 99506 unbound-host_1.4.22-3_amd64.deb
 4266f7f9fab130efb9b9c1e1e4181b93be038cf5 300418 libunbound2_1.4.22-3_amd64.deb
 b10e597ac2af99f3875a125119855a6b2aa4bc7b 4692058 
libunbound-dev_1.4.22-3_amd64.deb
 1d69b9686a72dd2b30ab783dd35fe8ca290b41bd 110450 
python-unbound_1.4.22-3_amd64.deb
Checksums-Sha256: 
 ee9bf434705f13663528595fec79c0ec5b4d00cb89548ba872d7f1340fdd06e9 2277 
unbound_1.4.22-3.dsc

Bug#506348: marked as done (CVE-2008-5157: allows local users to overwrite arbitrary files via a symlink attack)

Your message dated Tue, 09 Dec 2014 23:35:32 +
with message-id e1xyujy-0001dq...@franck.debian.org
and subject line Bug#506348: fixed in tau 2.17.3.1.dfsg-4
has caused the Debian Bug report #506348,
regarding CVE-2008-5157: allows local users to overwrite arbitrary files via a 
symlink attack
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
506348: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506348
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: tau
Version: 2.16.4-1.1
Severity: important
Tags: security

Hi,

The following CVE (Common Vulnerabilities  Exposures) id was published for 
tau.

CVE-2008-5157[1]:
 tau 2.16.4 allows local users to overwrite arbitrary files via a symlink
 attack on a (1) /tmp/makefile.tau.*.# or (2) /tmp/makefile.tau*.#
 temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc
 scripts.

If you fix the vulnerability please also make sure to include the CVE id in 
the changelog entry.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5157
     http://security-tracker.debian.net/tracker/CVE-2008-5157

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net


signature.asc
Description: This is a digitally signed message part.
---End Message---
---BeginMessage---
Source: tau
Source-Version: 2.17.3.1.dfsg-4

We believe that the bug you reported is fixed in the latest version of
tau, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 506...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yann Dirson dir...@debian.org (supplier of updated tau package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 09 Dec 2014 23:46:49 +0100
Source: tau
Binary: tau tau-racy python-tau tau-examples
Architecture: source all amd64
Version: 2.17.3.1.dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Yann Dirson dir...@debian.org
Changed-By: Yann Dirson dir...@debian.org
Description:
 python-tau - Tuning and Analysis Utilities - support for python profiling/trac
 tau- Tuning and Analysis Utilities - base profiling/tracing toolkit
 tau-examples - Tuning and Analysis Utilities - examples
 tau-racy   - Tuning and Analysis Utilities - Tcl/tk profiler GUI
Closes: 506348 772374 772375 772376
Changes:
 tau (2.17.3.1.dfsg-4) unstable; urgency=medium
 .
   * Fix echo -e bashisms (Closes: #772376).
   * Use bash for scripts needing pushd/popd (Closes: #772374).
   * Avoid  bashism (Closes: #772375).
   * Fix the CVE-2008-5157 fix: the adjustement in 2.17.3.1.dfsg-1 resulted
 in non-working scripts, where the 2.16.4-1.3 had been incomplete.
 OTOH those scripts are not useful today since the package is not built
 against PDT, so do not ship them at all.
   * Fix similar tmpfile symlink attack in taucc, taucxx, tauf90 (Really
 closes: #506348)
Checksums-Sha1:
 c7b652fc41aad622e145094d63197f0248132cda 1424 tau_2.17.3.1.dfsg-4.dsc
 e062e9d0f29b2cc9013cfdcbeeeb5da8f451ca15 18236 
tau_2.17.3.1.dfsg-4.debian.tar.xz
 26f79dac6e370d6efee5a261a6af64c50e4b8f5b 91586 tau-racy_2.17.3.1.dfsg-4_all.deb
 d16d29afe4ebcb6df9090cdd61fe003a102cf860 136976 
tau-examples_2.17.3.1.dfsg-4_all.deb
 55ec552f40af0806d2051a39d437c1888b4c3473 344484 tau_2.17.3.1.dfsg-4_amd64.deb
 7755f2e93ad810e4d583f438536855df20b8d1e0 30972 
python-tau_2.17.3.1.dfsg-4_amd64.deb
Checksums-Sha256:
 24238ff90e3e89580c854c409f9a53bb44c24296596b992fd0612fb3a50a6fbf 1424 
tau_2.17.3.1.dfsg-4.dsc
 afc31fd7f78c458700a56581ce63beb26f0dfd98943b741dbad07d64fc3cf506 18236 
tau_2.17.3.1.dfsg-4.debian.tar.xz
 7cbebcac08c81b8a3339c562567da4a5e5cdb9aa573175dee232609f7aee174b 91586 
tau-racy_2.17.3.1.dfsg-4_all.deb
 79bc35ab5e6fe82544d51c417e0e5ec6943e77f75732cd873f8e69f9f94b71cd 136976 
tau-examples_2.17.3.1.dfsg-4_all.deb
 359281def9dd81030936f7ae778457e832ba2fd6ac313d416aa9c796858ae7b9 344484 
tau_2.17.3.1.dfsg-4_amd64.deb
 8acde676dd0f249dd3ac6040ecaaa7c433bb2ea449cb18a07aac9841a3f8c60c 30972 
python-tau_2.17.3.1.dfsg-4_amd64.deb
Files:
 c808f16d8618c990db2baa18e1bf48e6 1424 devel optional tau_2.17.3.1.dfsg-4.dsc
 41426b6a493dd204ae03a0f4e266a341 18236 devel optional

Bug#772376: marked as done (tau: bashism in /bin/sh script)

Your message dated Tue, 09 Dec 2014 23:35:33 +
with message-id e1xyujz-0001dm...@franck.debian.org
and subject line Bug#772376: fixed in tau 2.17.3.1.dfsg-4
has caused the Debian Bug report #772376,
regarding tau: bashism in /bin/sh script
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772376
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: tau
Severity: serious
Version: 2.17.3.1.dfsg-3
User: debian-rele...@lists.debian.org
Usertags: goal-dash

Hi,

I've ran checkbashisms (from the 'devscripts' package) over the whole
archive and I found that your package has a /bin/sh script that uses a
bashism.

checkbashisms' output:
 possible bashism in ./usr/bin/tau_cc line 33 (echo -e):
 echo -e   -optVerbose\t\t\tTurn on verbose debugging message
 possible bashism in ./usr/bin/tau_cc line 34 (echo -e):
 echo -e   -optDetectMemoryLeaks\t\tTrack mallocs/frees using TAU's
 memory wrapper
 possible bashism in ./usr/bin/tau_cc line 35 (echo -e):
 echo -e   -optPdtGnuFortranParser\tSpecify the GNU gfortran PDT 
parser
 gfparse instead of f95parse
 possible bashism in ./usr/bin/tau_cc line 36 (echo -e):
 echo -e   -optPdtCleanscapeParser\tSpecify the Cleanscape Fortran
 parser
 possible bashism in ./usr/bin/tau_cc line 37 (echo -e):
 echo -e   -optTauSelectFile=\\\t\tSpecify selective instrumentation
 file for tau_instrumentor
 possible bashism in ./usr/bin/tau_cc line 38 (echo -e):
 echo -e   -optPreProcess\t\tPreprocess the source code before 
parsing.
 Uses /usr/bin/cpp -P by default.
 possible bashism in ./usr/bin/tau_cc line 39 (echo -e):
 echo -e   -optKeepFiles\t\t\tDoes not remove intermediate .pdb and
 .inst.* files 
 possible bashism in ./usr/bin/tau_cc line 40 (echo -e):
 echo -e   -optShared\t\t\tUse shared library version of TAU.
 possible bashism in ./usr/bin/tau_cc line 41 (echo -e):
 echo -e   -optCompInst\t\t\tUse compiler-based instrumentation.
 possible bashism in ./usr/bin/tau_cc line 42 (echo -e):
 echo -e   -optPDTInst\t\t\tUse PDT-based instrumentation.
 possible bashism in ./usr/bin/tau_cxx line 33 (echo -e):
 echo -e   -optVerbose\t\t\tTurn on verbose debugging message
 possible bashism in ./usr/bin/tau_cxx line 34 (echo -e):
 echo -e   -optDetectMemoryLeaks\t\tTrack mallocs/frees using TAU's
 memory wrapper
 possible bashism in ./usr/bin/tau_cxx line 35 (echo -e):
 echo -e   -optPdtGnuFortranParser\tSpecify the GNU gfortran PDT 
parser
 gfparse instead of f95parse
 possible bashism in ./usr/bin/tau_cxx line 36 (echo -e):
 echo -e   -optPdtCleanscapeParser\tSpecify the Cleanscape Fortran
 parser
 possible bashism in ./usr/bin/tau_cxx line 37 (echo -e):
 echo -e   -optTauSelectFile=\\\t\tSpecify selective instrumentation
 file for tau_instrumentor
 possible bashism in ./usr/bin/tau_cxx line 38 (echo -e):
 echo -e   -optPreProcess\t\tPreprocess the source code before 
parsing.
 Uses /usr/bin/cpp -P by default.
 possible bashism in ./usr/bin/tau_cxx line 39 (echo -e):
 echo -e   -optKeepFiles\t\t\tDoes not remove intermediate .pdb and
 .inst.* files 
 possible bashism in ./usr/bin/tau_cxx line 40 (echo -e):
 echo -e   -optShared\t\t\tUse shared library version of TAU.
 possible bashism in ./usr/bin/tau_cxx line 41 (echo -e):
 echo -e   -optCompInst\t\t\tUse compiler-based instrumentation.
 possible bashism in ./usr/bin/tau_cxx line 42 (echo -e):
 echo -e   -optPDTInst\t\t\tUse PDT-based instrumentation.
 possible bashism in ./usr/bin/tau_f90 line 33 (echo -e):
 echo -e   -optVerbose\t\t\tTurn on verbose debugging message
 possible bashism in ./usr/bin/tau_f90 line 34 (echo -e):
 echo -e   -optDetectMemoryLeaks\t\tTrack mallocs/frees using TAU's
 memory wrapper
 possible bashism in ./usr/bin/tau_f90 line 35 (echo -e):
 echo -e   -optPdtGnuFortranParser\tSpecify the GNU gfortran PDT 
parser
 gfparse instead of f95parse
 possible bashism in ./usr/bin/tau_f90 line 36 (echo -e):
 echo -e   -optPdtCleanscapeParser\tSpecify the Cleanscape Fortran
 parser
 possible bashism in ./usr/bin/tau_f90 line 37 (echo -e):
 echo -e   -optTauSelectFile=\\\t\tSpecify selective instrumentation
 file for tau_instrumentor
 possible bashism in ./usr/bin/tau_f90 line 38 (echo -e):
 echo -e   -optPreProcess\t\tPreprocess the source code before 
parsing.
 Uses /usr/bin/cpp -P by default.
 possible bashism in ./usr/bin/tau_f90 line 39 (echo -e):
 echo -e   -optKeepFiles\t\t\tDoes not remove intermediate .pdb and
 .inst.* files

Bug#772622: CVE-2014-8602: denial of service with endless delegations

2014-12-09 Thread Robert Edmonds

Yves-Alexis Perez wrote:
 For Wheezy you need to build with -sa (since it's the first security
 upload) and target wheezy-security distribution. Then you send us the
 debdiff so we can have a quick check, and after our ACK you can upload
 to security-master and we release the DSA.

OK, see attached debdiff for unbound 1.4.17-3+deb7u2.

 For Jessie, you'll have to make a minimal upload to sid, and ask an
 unblock to the release team.

unbound 1.4.22-3 uploaded, unblock request in #772684.

-- 
Robert Edmonds
edmo...@debian.org
diff -Nru unbound-1.4.17/debian/changelog unbound-1.4.17/debian/changelog
--- unbound-1.4.17/debian/changelog 2014-06-02 16:00:34.0 -0400
+++ unbound-1.4.17/debian/changelog 2014-12-09 18:35:51.0 -0500
@@ -1,3 +1,10 @@
+unbound (1.4.17-3+deb7u2) wheezy-security; urgency=medium
+
+   * Fix CVE-2014-8602: denial of service by making resolver chase endless
+ series of delegations; closes: #772622.
+
+ -- Robert Edmonds edmo...@debian.org  Tue, 09 Dec 2014 18:34:57 -0500
+
 unbound (1.4.17-3+deb7u1) stable-proposed-updates; urgency=low
 
   [ Helmut Grohne ]
diff -Nru unbound-1.4.17/debian/patches/debian-changes 
unbound-1.4.17/debian/patches/debian-changes
--- unbound-1.4.17/debian/patches/debian-changes2014-06-02 
16:01:10.0 -0400
+++ unbound-1.4.17/debian/patches/debian-changes2014-12-09 
18:38:40.0 -0500
@@ -5,12 +5,12 @@
  information below has been extracted from the changelog. Adjust it or drop
  it.
  .
- unbound (1.4.17-3+deb7u1) stable-proposed-updates; urgency=low
+ unbound (1.4.17-3+deb7u2) wheezy-security; urgency=medium
  .
-   [ Helmut Grohne ]
-   * Fix crash when using DNSSEC and num-threads  1; closes: #691528.
-Author: Robert S. Edmonds edmo...@debian.org
-Bug-Debian: http://bugs.debian.org/691528
+* Fix CVE-2014-8602: denial of service by making resolver chase endless
+  series of delegations; closes: #772622.
+Author: Robert Edmonds edmo...@debian.org
+Bug-Debian: http://bugs.debian.org/772622
 
 ---
 The information above should follow the Patch Tagging Guidelines, please
@@ -112,6 +112,151 @@
if(!ah(dp, E.ROOT-SERVERS.NET., 192.203.230.10)) return 0;
if(!ah(dp, F.ROOT-SERVERS.NET., 192.5.5.241))   return 0;
if(!ah(dp, G.ROOT-SERVERS.NET., 192.112.36.4))  return 0;
+--- unbound-1.4.17.orig/iterator/iterator.c
 unbound-1.4.17/iterator/iterator.c
+@@ -117,6 +117,7 @@ iter_new(struct module_qstate* qstate, i
+   iq-query_restart_count = 0;
+   iq-referral_count = 0;
+   iq-sent_count = 0;
++  iq-target_count = NULL;
+   iq-wait_priming_stub = 0;
+   iq-refetch_glue = 0;
+   iq-dnssec_expected = 0;
+@@ -444,6 +445,26 @@ handle_cname_response(struct module_qsta
+   return 1;
+ }
+ 
++/** create target count structure for this query */
++static void
++target_count_create(struct iter_qstate* iq)
++{
++  if(!iq-target_count) {
++  iq-target_count = (int*)calloc(2, sizeof(int));
++  /* if calloc fails we simply do not track this number */
++  if(iq-target_count)
++  iq-target_count[0] = 1;
++  }
++}
++
++static void
++target_count_increase(struct iter_qstate* iq, int num)
++{
++  target_count_create(iq);
++  if(iq-target_count)
++  iq-target_count[1] += num;
++}
++
+ /**
+  * Generate a subrequest.
+  * Generate a local request event. Local events are tied to this module, and
+@@ -515,6 +536,10 @@ generate_sub_request(uint8_t* qname, siz
+   subiq = (struct iter_qstate*)subq-minfo[id];
+   memset(subiq, 0, sizeof(*subiq));
+   subiq-num_target_queries = 0;
++  target_count_create(iq);
++  subiq-target_count = iq-target_count;
++  if(iq-target_count)
++  iq-target_count[0] ++; /* extra reference */
+   subiq-num_current_queries = 0;
+   subiq-depth = iq-depth+1;
+   outbound_list_init(subiq-outlist);
+@@ -1341,6 +1366,12 @@ query_for_targets(struct module_qstate*
+ 
+   if(iq-depth == ie-max_dependency_depth)
+   return 0;
++  if(iq-depth  0  iq-target_count 
++  iq-target_count[1]  MAX_TARGET_COUNT) {
++  verbose(VERB_QUERY, request has exceeded the maximum 
++  number of glue fetches %d, iq-target_count[1]);
++  return 0;
++  }
+ 
+   iter_mark_cycle_targets(qstate, iq-dp);
+   missing = (int)delegpt_count_missing_targets(iq-dp);
+@@ -1470,6 +1501,7 @@ processLastResort(struct module_qstate*
+   return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
+   }
+   iq-num_target_queries += qs;
++  target_count_increase(iq, qs);
+   if(qs != 0) {
+   qstate-ext_state[id] = module_wait_subquery;
+   return 0; /* and wait for them */
+@@ -1479,6

Bug#770695: Dovecot-core unable to finish its installation

2014-12-09 Thread Michael Hatzold


Am 10.12.2014, 00:17 Uhr, schrieb Jaldhar H. Vyas jald...@debian.org:


It seems dovecot-core.po is only runing during install/upgrade, because  
now it's not listed in htop.




What is the output of:

debconf-show dovecot-core


as root: nothing
as user: ~$ debconf-show dovecot-core
debconf: DbDriver passwords warning: could not open  
/var/cache/debconf/passwords.dat: Keine Berechtigung


(keine Berechtigung = no permission)






After a reboot I could issue dpkg --configure -a which then  
configured dovecot-core, started the IMAP server and returned to the  
prompt.


So you did not reboot after previous installs?


Sure I did reboot after previous installs, I had to. Otherwise I couldn't  
finish dist-upgrades which I interrupted when I killed dpkg due to the  
hanging dovecot-core install/upgrade. It is always the same procedure:  
dovcote-core install/upgrade hangs, I kill dpkg, apt-get dist-upgrade  
and/or dpkg --configure -a won't work, I reboot and try to finish the  
install or dist-upgrade doing whatever is necessary  (dpkg --configure  
-a, apt-get dist-upgrade, apt-get -f install) .


Thanks

MH


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772673: libjerasure-dev: missing dependency on libgf-complete-dev

2014-12-09 Thread Andrea Claudi

Hello,
This patch should solve the problem reported by Dmitry.
I tested it compiling a dummy program including galois.h and gcc gives no 
error.

Hope this helps.

Regards.
Andreadiff -Nru jerasure-2.0.0/debian/changelog jerasure-2.0.0/debian/changelog
--- jerasure-2.0.0/debian/changelog	2014-06-16 19:18:55.0 +0200
+++ jerasure-2.0.0/debian/changelog	2014-12-10 01:03:15.0 +0100
@@ -1,3 +1,11 @@
+jerasure (2.0.0-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/control: add Depends on libgf-complete-dev for
+libjerasure-dev (Closes: #772673).
+
+ -- Andrea Claudi a.cla...@univpm.it  Wed, 10 Dec 2014 01:01:05 +0100
+
 jerasure (2.0.0-1) unstable; urgency=low
 
   * Initial release (Closes: #750766).
diff -Nru jerasure-2.0.0/debian/control jerasure-2.0.0/debian/control
--- jerasure-2.0.0/debian/control	2014-06-16 19:18:55.0 +0200
+++ jerasure-2.0.0/debian/control	2014-12-10 01:01:01.0 +0100
@@ -14,7 +14,9 @@
 Package: libjerasure-dev
 Section: libdevel
 Architecture: any
-Depends: libjerasure2 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
+Depends: libjerasure2 (= ${binary:Version}),
+ libgf-complete-dev,
+ ${misc:Depends}, ${shlibs:Depends}
 Description: forward error correction erasure channel library - development files
  In information theory, an erasure code is a forward error correction (FEC)
  code for the binary erasure channel, which transforms a message of symbols

Processed: #772673

Processing commands for cont...@bugs.debian.org:

 tags 772673 + patch
Bug #772673 [libjerasure-dev] libjerasure-dev: missing dependency on 
libgf-complete-dev
Added tag(s) patch.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
772673: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772673
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770695: Dovecot-core unable to finish its installation

2014-12-09 Thread Michael Hatzold





happening.  Can you run something like this:

DEBCONF_DEBUG=.* dpkg -i dovecot_core_2.2.13-9_i386.deb 21 debconf.log

(Untested.  You may need to adjust it slightly.) Then please send me  
debconf.log.




I ran this command:

~# LANG=C DEBCONF_DEBUG=.* dpkg -i  
/var/cache/apt/archives/dovecot-core_1%3a2.2.13-9_amd64.deb   debconf.log




And the content of debconf.log is:

*
~# cat debconf.log
(Reading database ... 213349 files and directories currently installed.)
Preparing to unpack .../dovecot-core_1%3a2.2.13-9_amd64.deb ...
Stopping IMAP/POP3 mail server: dovecot.
Unpacking dovecot-core (1:2.2.13-9) over (1:2.2.13-9) ...
Setting up dovecot-core (1:2.2.13-9) ...
Processing triggers for man-db (2.7.0.2-4) ...
Processing triggers for siduction-dynamic-dms (2014.08.06) ...
*

MH


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770695: Dovecot-core unable to finish its installation