date:20180108

Processing commands for cont...@bugs.debian.org:

> forwarded 886683 https://github.com/spesmilo/electrum/issues/3374
Bug #886683 [electrum] electrum: Security vulnerability in electrum
Set Bug forwarded-to-address to 
'https://github.com/spesmilo/electrum/issues/3374'.
> tags 886683 + upstream fixed-upstream
Bug #886683 [electrum] electrum: Security vulnerability in electrum
Added tag(s) fixed-upstream and upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886683
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#876931: marked as done (psycopg2 FTBFS with Sphinx 1.6: Could not import extension dbapi_extension)

Your message dated Tue, 09 Jan 2018 06:04:19 +
with message-id 
and subject line Bug#876931: fixed in psycopg2 2.7.3-2
has caused the Debian Bug report #876931,
regarding psycopg2 FTBFS with Sphinx 1.6: Could not import extension 
dbapi_extension
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876931: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876931
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: psycopg2
Version: 2.7.3-1
Severity: serious

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/psycopg2.html

...
sphinx-build -b text -d _build/doctrees   . _build/text
Running Sphinx v1.6.3
making output directory...
Generating grammar tables from /usr/lib/python3.5/lib2to3/Grammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Skipping optional fixer: buffer
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Skipping optional fixer: idioms
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Skipping optional fixer: set_literal
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt
Generating grammar tables from /usr/lib/python3.5/lib2to3/PatternGrammar.txt

Processed: Bug#876931 marked as pending

Processing commands for cont...@bugs.debian.org:

> tag 876931 pending
Bug #876931 [src:psycopg2] psycopg2 FTBFS with Sphinx 1.6: Could not import 
extension dbapi_extension
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
876931: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876931
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#876931: marked as pending

2018-01-08 Thread Scott Kitterman

tag 876931 pending
thanks

Hello,

Bug #876931 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/psycopg2.git/commit/?id=4ac0466

---
commit 4ac0466e80ea6ae1c364ae4a39d6ae7f6d858986
Author: Scott Kitterman 
Date:   Tue Jan 9 00:33:29 2018 -0500

d/p/0002-Make-dbapi_extension.py-compatible-with-Sphinx-1.6.patch (Closes: 
#876931)

* d/p/0002-Make-dbapi_extension.py-compatible-with-Sphinx-1.6.patch
  (Closes: #876931)
  - Thanks to Corey Bryant for forwarding the patch from Ubuntu

diff --git a/debian/changelog b/debian/changelog
index 1c16e23..c5b2957 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+psycopg2 (2.7.3-2) unstable; urgency=medium
+
+  * d/p/0002-Make-dbapi_extension.py-compatible-with-Sphinx-1.6.patch
+(Closes: #876931)
+- Thanks to Corey Bryant for forwarding the patch from Ubuntu
+
+ -- Scott Kitterman   Tue, 09 Jan 2018 00:30:11 -0500
+
 psycopg2 (2.7.3-1) unstable; urgency=medium
 
   * New upstream release

Processed: Re: ed: ships /usr/share/info/dir.gz on arm64

Processing commands for cont...@bugs.debian.org:

> close 799702
Bug #799702 [ed] ed: ships /usr/share/info/dir.gz on arm64
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
799702: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799702
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#886704: fotoxx: unsatisfiable dep on fotoxx-common

2018-01-08 Thread Norbert Preining

Package: fotoxx
Version: 18.01.1-1
Severity: grave
Justification: renders package unusable

It seems fotoxx-common got lost but is still a dependency, so the
package is uninstallable.

Thanks

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.12 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fotoxx depends on:
ii  dcraw9.27-1+b1
ii  fotoxx-common17.08.1-1
ii  libc62.26-2
ii  libcairo21.15.8-3
ii  libchamplain-0.12-0  0.12.16-2
ii  libchamplain-gtk-0.12-0  0.12.16-2
ii  libclutter-1.0-0 1.26.2+dfsg-4
ii  libclutter-gtk-1.0-0 1.8.4-3
ii  libgcc1  1:7.2.0-19
ii  libgdk-pixbuf2.0-0   2.36.11-1
ii  libglib2.0-0 2.54.2-5
ii  libgtk-3-0   3.22.26-2
ii  libimage-exiftool-perl   10.73-1
ii  liblcms2-2   2.9-1
ii  libpango-1.0-0   1.40.14-1
ii  libpangocairo-1.0-0  1.40.14-1
ii  libpng16-16  1.6.34-1
ii  libraw16 0.18.6-1
ii  libstdc++6   7.2.0-19
ii  libtiff5 4.0.9-3
ii  xdg-utils1.1.2-1

Versions of packages fotoxx recommends:
ii  ufraw  0.22-2

Versions of packages fotoxx suggests:
ii  brasero 3.12.2-4
ii  firefox [www-browser]   57.0.4-1
ii  gimp2.8.20-1.1
ii  google-chrome-stable [www-browser]  63.0.3239.132-1
ii  hugin   2017.0.0+dfsg-1+b1
ii  imagemagick 8:6.9.7.4+dfsg-16
ii  imagemagick-6.q16 [imagemagick] 8:6.9.7.4+dfsg-16
ii  konqueror [www-browser] 4:17.08.3-2
ii  lynx [www-browser]  2.8.9dev16-2
pn  rawtherapee 
ii  w3m [www-browser]   0.5.3-35

-- no debconf information

Bug#886683: [Pkg-bitcoin-devel] Bug#886683: electrum: Security vulnerability in electrum

2018-01-08 Thread Tristan Seligmann

Control: found -1 2.4.2+dfsg1-1
Control: fixed -1 3.0.5-1

On Tue, 9 Jan 2018 at 00:21 Daniel Koszta  wrote:

> A new, fixed version is already available in debian unstable, but it
> should be included in stable and testing as soon as possible.
>

Unfortunately the version in stable is too old to be able to connect to the
current Electrum servers due to protocol incompatibilities; thus I do not
think there is a need to backport this fix to stable (if you are still
using this version successfully, it is most likely on an offline machine
that is not vulnerable to this exploit).

Testing should be updated shortly as nothing blocks the migration from
unstable: https://qa.debian.org/excuses.php?package=electrum

Processed: Re: [Pkg-bitcoin-devel] Bug#886683: electrum: Security vulnerability in electrum

Processing control commands:

> found -1 2.4.2+dfsg1-1
Bug #886683 [electrum] electrum: Security vulnerability in electrum
Marked as found in versions electrum/2.4.2+dfsg1-1.
> fixed -1 3.0.5-1
Bug #886683 [electrum] electrum: Security vulnerability in electrum
Marked as fixed in versions electrum/3.0.5-1.

-- 
886683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886683
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885889: marked as done (sasview: FTBFS: debian/sasview might not exist)

Your message dated Tue, 09 Jan 2018 03:05:16 +
with message-id 
and subject line Bug#885889: fixed in sasview 4.2.0~git20171031-3
has caused the Debian Bug report #885889,
regarding sasview: FTBFS: debian/sasview might not exist
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
885889: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885889
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: sasview
Version: 4.2.0~git20171031-2
Severity: serious
Justification: fails to build from source

Builds of sasview covering only its architecture-dependent
python-sasview binary package (as on the autobuilders, or with
dpkg-buildpackage -B) have been failing:

  dh_install
  mv debian/python-sasview/usr/bin/sasview debian/sasview/usr/bin/sasview
  mv: cannot move 'debian/python-sasview/usr/bin/sasview' to 
'debian/sasview/usr/bin/sasview': No such file or directory
  debian/rules:27: recipe for target 'override_dh_install' failed
  make[1]: *** [override_dh_install] Error 1
  make[1]: Leaving directory '/<>'
  debian/rules:16: recipe for target 'binary-arch' failed
  make: *** [binary-arch] Error 2

Could you please take a look?  You may wish to consider splitting
override_dh_install into -arch and -indep targets.

Bonus points for additionally accounting for builds that cover only
the architecture-independent packages, as with dpkg-buildpackage -A
(allowing for source-only uploads). ;-)

Thanks!

FTR, I'm classifying this bug as a regression because it would affect
any needed binary-only rebuilds for amd64.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu
--- End Message ---
--- Begin Message ---
Source: sasview
Source-Version: 4.2.0~git20171031-3

We believe that the bug you reported is fixed in the latest version of
sasview, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 885...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stuart Prescott  (supplier of updated sasview package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 07 Jan 2018 23:46:54 +1100
Source: sasview
Binary: sasview python-sasview sasview-doc
Architecture: source
Version: 4.2.0~git20171031-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers 

Changed-By: Stuart Prescott 
Description:
 python-sasview - Small Angle Scattering Analysis (Python 2)
 sasview- Small Angle Scattering Analysis suite
 sasview-doc - Small Angle Scattering Analysis (common documentation)
Closes: 885853 885889
Changes:
 sasview (4.2.0~git20171031-3) unstable; urgency=medium
 .
   * Split arch-dependent and arch-independent build paths (Closes: #885889).
   * Update to debhelper compat 11.
 - update location of documentation to /usr/share/doc/sasview.
   * Update tests to fix recently developed failure.
   * Adjust documentation building for change in doc location for
 python-sasmodels and python-bumps.
   * Skip known-broken tests in autopkgtest test.
   * Update Standards-Version to 4.1.3 (no changes required).
   * Include patch from Chris Lamb to make the build reproducible
 (Closes: #885853).
Checksums-Sha1:
 26a7dfae99c19b83c7c2fe4ce422f8e3eb7e33a9 2791 sasview_4.2.0~git20171031-3.dsc
 ab97c4880b60d43b4b63cfc1c6df664a528ec4ea 21408 
sasview_4.2.0~git20171031-3.debian.tar.xz
 2c760f519be870868657aad0d10997da700c6811 10661 
sasview_4.2.0~git20171031-3_source.buildinfo
Checksums-Sha256:
 9c1b5d5f707b8ffa641cc75d359270700fca285601d649768bccf5fff7815801 2791 
sasview_4.2.0~git20171031-3.dsc
 2415053f8cda24f003245338c004ef42545d6db82a3943abc89929dbc1898df1 21408 
sasview_4.2.0~git20171031-3.debian.tar.xz
 c5b3be14a2529be4b521ccb8c6a37fc3d880628c3ee308cf63ae33ada9401d7e 10661 
sasview_4.2.0~git20171031-3_source.buildinfo
Files:
 838afb4ad9e5b565e2904e7608f00be0 2791 science optional 
sasview_4.2.0~git20171031-3.dsc
 5deac84e594ec28cf1f1f2daae07fcc5 21408 science optional

Bug#886700: python-pyasn1-doc: fails to upgrade from 'stable' to 'sid' - trying to overwrite /usr/share/doc-base/python-pyasn1

2018-01-08 Thread Andreas Beckmann

Package: python-pyasn1-doc
Version: 0.4.2-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'stable'.
It installed fine in 'stable', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/#overwriting-files-and-replacing-packages-replaces

This test intentionally skipped 'testing' to find file overwrite
problems before packages migrate from 'unstable' to 'testing'.

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package python-pyasn1-doc.
  Preparing to unpack .../python-pyasn1-doc_0.4.2-2_all.deb ...
  Unpacking python-pyasn1-doc (0.4.2-2) ...
  dpkg: error processing archive 
/var/cache/apt/archives/python-pyasn1-doc_0.4.2-2_all.deb (--unpack):
   trying to overwrite '/usr/share/doc-base/python-pyasn1', which is also in 
package python-pyasn1 0.1.9-2
  Errors were encountered while processing:
   /var/cache/apt/archives/python-pyasn1-doc_0.4.2-2_all.deb


cheers,

Andreas


python-pyasn1=0.1.9-2_python-pyasn1-doc=0.4.2-2.log.gz
Description: application/gzip

Bug#886698: sollya-doc: fails to upgrade from 'stretch' - trying to overwrite /usr/share/doc/sollya/AUTHORS

2018-01-08 Thread Andreas Beckmann

Package: sollya-doc
Version: 6.0+ds-4
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package sollya-doc.
  Preparing to unpack .../sollya-doc_6.0+ds-4_all.deb ...
  Unpacking sollya-doc (6.0+ds-4) ...
  dpkg: error processing archive 
/var/cache/apt/archives/sollya-doc_6.0+ds-4_all.deb (--unpack):
   trying to overwrite '/usr/share/doc/sollya/AUTHORS', which is also in 
package sollya 6.0+ds-1
  Errors were encountered while processing:
   /var/cache/apt/archives/sollya-doc_6.0+ds-4_all.deb


cheers,

Andreas


sollya=6.0+ds-1_sollya-doc=6.0+ds-4.log.gz
Description: application/gzip

Bug#886367: IMPORTANT: ARE they (Chip-Makers) creasy! -- Changing CPU/MMU-Microcodes MUST NOT BE POSSIBLE outside the secured HW-Factories!

> I’m very very sorry, that you think I’m NOT understanding „Specter" and
> what this shows. - I understand this very well! ;)
> 
> *FOR YOU:*
> *==
> *
> PLEASE look at the possibilities of the new *version 57.0.4 of Firefox*.
> *With this special created release (of this browser) you can PATCH the
> Microcode* *AGAINST Specter
Let me stop you right there. This is simply not true at all. If you
would have read up on what exactly they changed in 57.0.4 of Firefox to
mitigate the Meltdown and Spectre attacks you might have seen that they
simply changed the resolution of the timing source you can get via the
javascript function performance.now() to be 20 µs.

Since both Meltdown and Spectre rely on having accurate high resolution
timing information available to the process running the attack, this
effectively leads to those attacks no longer working from within Firefox.

This has absolutely NOTHING whatsoever to do with microcode patching,
and so is absolutely irrelevant.

> But in this case (Spectre) just a "bad website" can be used to reed data from 
> other areas. This is possible because of some side-effect the current 
> Microcode has. If we can FIX that with the special version (57.0.4) of 
> Firefox, a hacker can change it back again with an other program and no one 
> knows! - After this he just need a "bad website" to get datas AGAIN.

This also fundamentally shows that you have not understood how microcode
updates work. You can't just "change it back" as microcode updates only
work in one direction, that is "the update applied needs to be newer
than the one already applied", the update revision is included in the
cryptographic signature of the microcode update. So you cannot just
apply old updates on top of new ones.

Bug#886695: svxlink-calibration-tools: fails to upgrade from 'stretch' - trying to overwrite /usr/bin/siglevdetcal

2018-01-08 Thread Andreas Beckmann

Package: svxlink-calibration-tools
Version: 15.11+20171207~git445-380e5333-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package svxlink-calibration-tools.
  Preparing to unpack 
.../svxlink-calibration-tools_15.11+20171207~git445-380e5333-1_amd64.deb ...
  Unpacking svxlink-calibration-tools (15.11+20171207~git445-380e5333-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/svxlink-calibration-tools_15.11+20171207~git445-380e5333-1_amd64.deb
 (--unpack):
   trying to overwrite '/usr/bin/siglevdetcal', which is also in package 
svxlink-server 15.11-2
  dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
  Errors were encountered while processing:
   
/var/cache/apt/archives/svxlink-calibration-tools_15.11+20171207~git445-380e5333-1_amd64.deb


cheers,

Andreas


svxlink-server=15.11-2_svxlink-calibration-tools=15.11+20171207~git445-380e5333-1.log.gz
Description: application/gzip

Bug#886367: IMPORTANT: ARE they (Chip-Makers) creasy! -- Changing CPU/MMU-Microcodes MUST NOT BE POSSIBLE outside the secured HW-Factories!

2018-01-08 Thread Patrik Lori

I’m very very sorry, that you think I’m NOT understanding „Specter" and what 
this shows. - I understand this very well! ;)

FOR YOU:
==
PLEASE look at the possibilities of the new version 57.0.4 of Firefox. With 
this special created release (of this browser) you can PATCH the Microcode 
AGAINST Specter!
 ==> So this shows, that there IS an easy way for doing Microcode changes in 
user-mode! AND this also demonstrate, that quite the same can be done to change 
the Microcode AGAIN WITHOUT to be sure the new (now may be hacked) code-change 
come from intel or NOT! —> AND to start this CHANGE you just click on a 
„special-button". If such is possible without asking for any system passwords 
THIS is a huge security problem !!!

In such a case a „user" don’t know, what’s realy going on and ALL normal OS & 
FW - checks looks to be sending green flags! 
THIS IS CREASY DANGEROUS and should NOT be possible on any secure system!

Whenever we change things, we trust on the SW-sources. THIS I UNDERSTAND VERY 
WELL.

But in this case (Spectre) just a "bad website" can be used to reed data from 
other areas. This is possible because of some side-effect the current Microcode 
has. If we can FIX that with the special version (57.0.4) of Firefox, a hacker 
can change it back again with an other program and no one knows! - After this 
he just need a "bad website" to get datas AGAIN.

PLEASE:
Before you send me your next quick answer, PLEASE read my E-Mail very carefully 
and try to understand WHAT I’m talking about.
IT IS SERIOUS and IMPORTANT. ==> I’m NOT talking about what Spectre does (this 
is clear); I’ afraid HOW we can patch the Microcode to let them NOT allow this 
AND how easy it will be to let them allow to enable this/such again.

MEMO: Linus Torvalds is also very unhappy with the actual situation!
http://www.pcgameshardware.de/CPU-Hardware-154106/News/Meltdown-Spectre-Linux-Linus-Torvalds-1247248/
 


Kind regards
Patrik
 


ifs³ Consulting+Engineering
Patrik Lori
CTO, cert. Computer Engineer & MAS-BA
Panoramastr. 6, 5625 Kallern, Switzerland
 
Web:http://www.ifs3.com 
Email:  patrik.l...@ifs3.com 
Mobile:+41 79 326 75 97
 
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is 
intended only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any unauthorised review, use, 
disclosure or distribution is prohibited. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message. If you are the intended recipient but do not wish to 
receive communications through this medium, please do advise the sender 
immediately.

> Am 08.01.2018 um 21:09 schrieb Felix Winterhalter :
> 
>> Sorry it’s NOT enough. Don’t worry I trust Intel for changing Intel CPUs; I 
>> trust AMD for changing AMD CPUs, etc. NO problem with that! - But
>> 
>> SIMPLYFYED:
>> How can Firefox 57.0.4 change the Intel CPU/MMU - Microcode if such change 
>> need a secret code signature and don’t know anything secured from my CPU?
>> 
>> If a Browser-SW can change it (I hope this SW is running in user-mode), a 
>> "tarned Hacker-SW" can change it to !!!
>> 
> I do not know where you got the impression that this is possible. As it isn't.
> 
> The Meltdown and Specter vulnerabilities have nothing whatsoever to do with 
> putting "hacked microcode" or something like that on the CPU. I suggest you 
> read up on how these vulnerabilities actually work before posting messages 
> such as this or for that matter look up what exactly microcode IS as it seems 
> you have a bit of a misconception about the nature of it.
> 
> In essence they use features that are already in the CPU in a way that allows 
> them to gain knowledge of privileged information. They don't put anything 
> malicious onto the CPU especially not something that would "stay there", 
> "hacker software", "malware" or anything of the sort. They use normal 
> operation features of modern CPUs in order to defeat higher level protection 
> mechanisms. 
>> For me this is NOT a trustful way for such an important change and need to 
>> be addressed very seriously to the HW manufactories. 
>> If your org can help for this, it’s great.
>> 
> Sooo installing updates onto your system by downloading them is also not a 
> trustful way for updates to arrive? You want to chisel those onto your 
> harddrive manually? On Windows I think every user has the right to install 
> updates even ... which makes sense in a way. 
> 
> I do not really get what your issue is. As long as you trust that a signature 
> for an update is not compromised you should be fine installing that signed 
> update ( as long as you trust updates in general ). 
> 
> Your main problem really seems to be a

Bug#886050: marked as done (openbox-gnome-session: Depends on gconf)

Your message dated Mon, 08 Jan 2018 23:50:11 +
with message-id 
and subject line Bug#886050: fixed in openbox 3.6.1-6
has caused the Debian Bug report #886050,
regarding openbox-gnome-session: Depends on gconf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
886050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openbox-gnome-session
Version: 3.6.1-5
Severity: serious
User: pkg-gnome-maintain...@lists.alioth.debian.org
Usertags: oldlibs gconf
Tags: sid buster patch

openbox-gnome-session has an apparently unnecessary dependency on
gconf2. gconf will be removed from Debian soon. (No actual patch
attached because this seems trivial to fix.)

gconf's last release was about 5 years ago. It has been replaced by
gsettings (provided in Debian by source glib2.0 ) It shouldn't be
necessary for openbox to directly depend on that either unless it's
specifically working with gsettings.

On behalf of the Debian GNOME team,
Jeremy Bicha
--- End Message ---
--- Begin Message ---
Source: openbox
Source-Version: 3.6.1-6

We believe that the bug you reported is fixed in the latest version of
openbox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mateusz Łukasik  (supplier of updated openbox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 08 Jan 2018 15:20:49 +0100
Source: openbox
Binary: openbox libobt2v5 libobrender32v5 openbox-dev gnome-panel-control 
openbox-gnome-session openbox-kde-session
Architecture: source
Version: 3.6.1-6
Distribution: unstable
Urgency: medium
Maintainer: Mateusz Łukasik 
Changed-By: Mateusz Łukasik 
Description:
 gnome-panel-control - command line utility to invoke GNOME panel run 
dialog/menu
 libobrender32v5 - rendering library for openbox themes
 libobt2v5  - parsing library for openbox
 openbox- standards-compliant, fast, light-weight and extensible window man
 openbox-dev - development files for the openbox window manager
 openbox-gnome-session - command line utility to run Openbox as GNOME session
 openbox-kde-session - command line utility to run Openbox as KDE SC session
Closes: 872983 886050
Changes:
 openbox (3.6.1-6) unstable; urgency=medium
 .
   * debian/control:
 + Move openbox-menu to Recommends. (Closes: #872983)
 + Bump dh version to 11.
 + Bump Standards-Version to 4.1.3.
   * Drop depends on gconf2: (Closes: #886050 LP: #1740420)
 + Add debian/patches/09-disable-check-gnome-version.patch.
   * Add python script to generate menu as replacent for openbox-menu.
Checksums-Sha1:
 5199e56118c75f8cc20be69ee0c028752f69c4df 2464 openbox_3.6.1-6.dsc
 e414ef0894d2a0fb21d2a137c19f67caf66d5da5 52208 openbox_3.6.1-6.debian.tar.xz
 3cb4f835ff064c0a80788270c90c26b15be43079 6189 openbox_3.6.1-6_source.buildinfo
Checksums-Sha256:
 c97b821c07d95bcba1095807f695ad59156983ccded0e1987ad51d9ae99e3edd 2464 
openbox_3.6.1-6.dsc
 b51f263bc297257721161a43d2bc2195640b5beafe43e5ccdeed72e3b5eee6ec 52208 
openbox_3.6.1-6.debian.tar.xz
 f9eb0362bd9f827b713a35e2e63856ed1895abf287cc53b4ec115e3f65e64134 6189 
openbox_3.6.1-6_source.buildinfo
Files:
 ef939385526ea57feecfc421c45a395c 2464 x11 optional openbox_3.6.1-6.dsc
 3d393d1be5a600bd4c175d204b7213db 52208 x11 optional 
openbox_3.6.1-6.debian.tar.xz
 3d895edd2acd6f2c0aea245c56553754 6189 x11 optional 
openbox_3.6.1-6_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAlpT/hYACgkQweDZLphv
fH5L1A/9E6kOusEsWl8EutOy90OZw64zmZp8jk8DcfamJB1aC2DxksC93Lrc/Qsn
Mfl8F481rokbhvqNacUEU+yMQMWqKpAgN0NSyzMOSqIrr0iFeD9QAmanfBL7fPC6
ZMoxczSQPN0vsvlaiUc4bURWQeLx0l5kvwbx/Jdg6kfY4tPRs+Q7umB1uG+vdLdf
W/6ua0Cqm3OyMf0f8BbPpEU+Xc0mce8IR0rgIXVfFSXvazIivVrRd5z3uZHnRRQM
haZvyGY0cl/Nh29heV5QKeFhAOPR2f4ysgsa7ijimuU2+iwTuDQWzTQlHAHJQ/aa
6LNWyt2QQ+R/8B6Jdamj65evpMxjBQD5fRRUpW/TUGoKh1ylEjbGKOMhp+KKTQwz
PcBGQD1qWvCbjCJVbl5dfDz+Qrj6INg+jjjGD9MWRmP/CDB0fguKbsZy0pkhvjt5

Bug#886683: electrum: Security vulnerability in electrum

2018-01-08 Thread Daniel Koszta

Package: electrum
Version: 3.0.3-1
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

Many Electrum versions are vulnerable, see
https://github.com/spesmilo/electrum/issues/3374.

A new, fixed version is already available in debian unstable, but it
should be included in stable and testing as soon as possible.



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (800, 'testing'), (500, 'stable'), (200, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=hu_HU.utf8, LC_CTYPE=hu_HU.utf8 (charmap=UTF-8), 
LANGUAGE=hu_HU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages electrum depends on:
ii  python3   3.6.4-1
ii  python3-electrum  3.0.3-1

Versions of packages electrum recommends:
ii  python3-pyqt5  5.9.2+dfsg-1

Versions of packages electrum suggests:
pn  python3-btchip  
pn  python3-trezor  
pn  python3-zbar

-- no debconf information

Bug#886431: marked as done (snapd binary-all FTBFS: install: failed to access debian/snapd///usr/lib/snapd: No such file or directory)

Your message dated Mon, 08 Jan 2018 22:05:00 +
with message-id 
and subject line Bug#886431: fixed in snapd 2.30-2
has caused the Debian Bug report #886431,
regarding snapd binary-all FTBFS: install: failed to access 
debian/snapd///usr/lib/snapd: No such file or directory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
886431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886431
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: snapd
Version: 2.30-1
Severity: serious

https://buildd.debian.org/status/fetch.php?pkg=snapd=all=2.30-1=1515103055=0

...
/usr/bin/make -C systemd install
make[3]: Entering directory '/<>/data/systemd'
# NOTE: old (e.g. 14.04) GNU coreutils doesn't -D with -t
install -d -m 0755 /<>/debian/snapd//lib/systemd/system/
install -m 0644 -t /<>/debian/snapd//lib/systemd/system/ 
snapd.refresh.service snapd.core-fixup.service snapd.autoimport.service 
snapd.snap-repair.service snapd.service snapd.system-shutdown.service 
snapd.refresh.timer snapd.snap-repair.timer snapd.socket
install -m 0755 -t /<>/debian/snapd///usr/lib/snapd 
snapd.core-fixup.sh
install: failed to access '/<>/debian/snapd///usr/lib/snapd': No 
such file or directory
Makefile:36: recipe for target 'install' failed
make[3]: *** [install] Error 1
--- End Message ---
--- Begin Message ---
Source: snapd
Source-Version: 2.30-2

We believe that the bug you reported is fixed in the latest version of
snapd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Hudson-Doyle  (supplier of updated snapd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jan 2018 10:48:20 +1300
Source: snapd
Binary: golang-github-ubuntu-core-snappy-dev golang-github-snapcore-snapd-dev 
snapd snap-confine ubuntu-core-launcher
Architecture: source
Version: 2.30-2
Distribution: unstable
Urgency: medium
Maintainer: Steve Langasek 
Changed-By: Michael Hudson-Doyle 
Description:
 golang-github-snapcore-snapd-dev - snappy development go packages.
 golang-github-ubuntu-core-snappy-dev - transitional dummy package
 snap-confine - Transitional package for snapd
 snapd  - Tool to interact with Ubuntu Core Snappy.
 ubuntu-core-launcher - Transitional package for snapd
Closes: 886431
Changes:
 snapd (2.30-2) unstable; urgency=medium
 .
   * Fix arch-all-only build. (Closes: 886431)
Checksums-Sha1:
 936cc87cf1fd4c272f425d1e9d63e7ab4af56279 3220 snapd_2.30-2.dsc
 c8fa8a5dae0c9fd6fa0d7c96940db6044ef29061 58984 snapd_2.30-2.debian.tar.xz
Checksums-Sha256:
 06e0168c7ff5196f24a1d89bba7bff121e2a31345f798e018af298fc60f2ce9e 3220 
snapd_2.30-2.dsc
 b5707a7b082ea3bea657dfc21f3bd79cb384715a1f21ca087107c943714c36d1 58984 
snapd_2.30-2.debian.tar.xz
Files:
 3bea30299481b8f99509f2252677c1d7 3220 devel optional snapd_2.30-2.dsc
 83e273c31910725740b433ca13c5f08b 58984 devel optional 
snapd_2.30-2.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJaU+daAAoJEBHfQpTMo5iTvp0P/joI+eb1+a75tVd16KMA8wK2
6HNcyd/KHzQS9a8+RTgzZCUO0ETYKfQ8naGb8CD9fPTEAs+/xWcGttT7XmV6mDJ+
KiiIeVKnM5uKiQfn5ZshlQxQbs+LgbvnELuJax3+nrNohja32LkiB3vfiXW2YkTU
ErAXhfzr7AfPgSfmAU+XbW24VpTfqCNGa5P87oANrDFwfPHfULyZ3vnuiBwzzK3M
+53OrYxjoeVFR/o1Z1FH9Qi1Cc0clNc7ksX6E2o8djRXP+BqpruK7aJrflUz2nxW
5xCzZnXrNO4u7wMJsU+VveZlSpx3BdR72W9x30EQ6fLVeGhKSfii6AIt/ToEQdYc
xwuJKt9iahigY8SB64afcyqLt5y/bymLi60PG2yQ2tZXx1hpXc73wEYUf/MPi2zP
U8w5GzrIVZaBn4jwv+zT4KvI+VdB6t9+esCt0ZOzIjWzeCSpmrt4xz+P6WfOvdTV
1jHZoMGR9yCN2O6/rcMO8wtDS+Uhxu4L/APpx7DXuDKNHX4vI1XOap90VNfSoJyW
+75JWOeEfQWEGcqKsIs5YfEQ6cE7s8xquAJ/mHHyRYb3jpmpGnEjTbshFIBJ7Qrb
JNUAW60rZBugDnZ8jBh5BlZgTy/LO9uftFNgBlN6Hsq4/Mu30jfZkUEp552qFCjN
+F5fvViqtZcEPHQrZ5lH
=hrLc
-END PGP SIGNATURE End Message ---

Bug#886572: marked as done (texstudio FTBFS: does not find quazip)

Your message dated Mon, 08 Jan 2018 22:05:11 +
with message-id 
and subject line Bug#886572: fixed in texstudio 2.12.6+debian-2
has caused the Debian Bug report #886572,
regarding texstudio FTBFS: does not find quazip
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
886572: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886572
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: texstudio
Version: 2.12.6+debian-1
Severity: serious
User: helm...@debian.org
Usertags: rebootstrap

texstudio fails to build from source, because it does not find quazip.
Tail of a build log:

| g++ -c -pipe -std=c++0x -g -O2 
-fdebug-prefix-map=/<>/texstudio-2.12.6+debian=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time 
-D_FORTIFY_SOURCE=2 -D_REENTRANT -Wall -W -fPIC -DPREFIX=\"/usr\" 
-D_QCODE_EDIT_BUILD_ -DQNFA_BUILD -DHAS_POPPLER_24 -DNO_CRASH_HANDLER 
-DNO_TESTS -DQT_NO_DEBUG -DQT_SVG_LIB -DQT_PRINTSUPPORT_LIB -DQT_UITOOLS_LIB 
-DQT_WIDGETS_LIB -DQT_GUI_LIB -DQT_NETWORK_LIB -DQT_XML_LIB -DQT_SCRIPT_LIB 
-DQT_CONCURRENT_LIB -DQT_CORE_LIB -I. -Iqtsingleapplication -Iqcodeedit/lib 
-Iqcodeedit/lib/document -Iqcodeedit/lib/widgets -Iqcodeedit/lib/qnfa 
-Ilatexparser -isystem /usr/include/quazip -Ipdfviewer -isystem 
/usr/include/hunspell -isystem /usr/include/poppler/qt5 -isystem 
/usr/include/poppler -isystem /usr/include/x86_64-linux-gnu/qt5 -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtSvg -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtPrintSupport -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtUiTools -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtWidgets -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtGui -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtNetwork -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtXml -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtScript -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtConcurrent -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtCore -I.moc -isystem /usr/include/libdrm 
-I.ui -I/usr/lib/x86_64-linux-gnu/qt5/mkspecs/linux-g++ -o 
.obj/spellerutility.o spellerutility.cpp
| spellerutility.cpp:14:10: fatal error: JlCompress.h: No such file or directory
|  #include "JlCompress.h"
| 
|   ^~
| compilation terminated.
| Makefile:4861: recipe for target '.obj/spellerutility.o' failed
| make[1]: *** [.obj/spellerutility.o] Error 1
| make[1]: *** Waiting for unfinished jobs
| make[1]: Leaving directory '/<>/texstudio-2.12.6+debian'
| dh_auto_build: make -j8 returned exit code 2
| debian/rules:12: recipe for target 'build-arch' failed
| make: *** [build-arch] Error 25
| dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit 
status 2

As you can see, it passes -isystem /usr/include/quazip, but the quazip
that is requested is found in /usr/include/quazip5.

This issue is also reproduced by the reproducible builds effort:
https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/texstudio_2.12.6+debian-1.rbuild.log

Helmut
--- End Message ---
--- Begin Message ---
Source: texstudio
Source-Version: 2.12.6+debian-2

We believe that the bug you reported is fixed in the latest version of
texstudio, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tom Jampen  (supplier of updated texstudio package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 08 Jan 2018 22:27:36 +0100
Source: texstudio
Binary: texstudio texstudio-doc texstudio-l10n
Architecture: source amd64 all
Version: 2.12.6+debian-2
Distribution: sid
Urgency: medium
Maintainer: Tom Jampen 
Changed-By: Tom Jampen 
Description:
 texstudio  - LaTeX Editor
 texstudio-doc - LaTeX Editor (doc)
 texstudio-l10n - LaTeX Editor (localization)
Closes: 886572
Changes:
 texstudio (2.12.6+debian-2) unstable; urgency=medium
 .
   * Updating 04-quazip-qt5.patch in order to specify the correct path for
 quazip5 in texstudio.pro (Closes: #886572).
   * Updating to standards version 4.1.3.
Checksums-Sha1:

Processed: reassign 878201 to src:audiocd-kio, fixed 878201 in 4:17.08.3-1 ..., fixed 886374 in 2017.20180103-2

Processing commands for cont...@bugs.debian.org:

> reassign 878201 src:audiocd-kio 4:16.08.3-1
Bug #878201 {Done: Pino Toscano } 
[kdemultimedia-kio-plugins,kdemultimedia-dev] please drop transitional packages 
kdemultimedia-kio-plugins and kdemultimedia-dev
Bug reassigned from package 'kdemultimedia-kio-plugins,kdemultimedia-dev' to 
'src:audiocd-kio'.
No longer marked as found in versions 4:16.08.3-1.
No longer marked as fixed in versions audiocd-kio/4:17.08.3-1.
Bug #878201 {Done: Pino Toscano } [src:audiocd-kio] please 
drop transitional packages kdemultimedia-kio-plugins and kdemultimedia-dev
Marked as found in versions audiocd-kio/4:16.08.3-1.
> fixed 878201 4:17.08.3-1
Bug #878201 {Done: Pino Toscano } [src:audiocd-kio] please 
drop transitional packages kdemultimedia-kio-plugins and kdemultimedia-dev
Marked as fixed in versions audiocd-kio/4:17.08.3-1.
> reassign 886374 texlive-latex-extra 2017.20180103-1
Bug #886374 {Done: Norbert Preining } 
[emboss,texlive-latex-extra] texlive-latex-extra and emboss: error when trying 
to install together
Bug reassigned from package 'emboss,texlive-latex-extra' to 
'texlive-latex-extra'.
Ignoring request to alter found versions of bug #886374 to the same values 
previously set
No longer marked as fixed in versions texlive-extra/2017.20180103-2.
Bug #886374 {Done: Norbert Preining } 
[texlive-latex-extra] texlive-latex-extra and emboss: error when trying to 
install together
Marked as found in versions texlive-extra/2017.20180103-1.
> fixed 886374 2017.20180103-2
Bug #886374 {Done: Norbert Preining } 
[texlive-latex-extra] texlive-latex-extra and emboss: error when trying to 
install together
Marked as fixed in versions texlive-extra/2017.20180103-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
878201: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878201
886374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886374
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#886676: debian-parl: needs to depend on hunspell-nl instead of myspell-nl

2018-01-08 Thread Rene Engelhard

Source: debian-parl
Version: 1.9.13
Severity: serious

Hi,

see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761032.

myspell-nl is (supposed to be) gone and renamed to hunspell-nl. Please adapt.

Regards,

Rene

Processed: severity of 886674 is important

Processing commands for cont...@bugs.debian.org:

> severity 886674 important
Bug #886674 [src:opencv] opencv: CVE-2018-5268
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed (with 1 error): Re: Bug#886674: opencv: CVE-2018-5268

Processing control commands:

> severity important
Unknown command or malformed arguments to command.

> tags -1 + upstream
Bug #886674 [src:opencv] opencv: CVE-2018-5268
Added tag(s) upstream.

-- 
886674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#886674: opencv: CVE-2018-5268

2018-01-08 Thread Salvatore Bonaccorso

Control: severity important
Control: tags -1 + upstream

Adjusting severity, got wrong before sending bug.

Regards,
Salvatore

Bug#886674: opencv: CVE-2018-5268

2018-01-08 Thread Salvatore Bonaccorso

Source: opencv
Version: 3.2.0+dfsg-1
Severity: grave
Tags: security
Forwarded: https://github.com/opencv/opencv/issues/10541

Hi,

the following vulnerability was published for opencv, please
double-check.

CVE-2018-5268[0]:
| In OpenCV 3.3.1, a heap-based buffer overflow happens in
| cv::Jpeg2KDecoder::readComponent8u in
| modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image
| file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-5268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5268

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#866495: marked as done (woo: depends on obsolete python-imaging (replace with python3-pil or python-pil))

Your message dated Mon, 08 Jan 2018 21:05:18 +
with message-id 
and subject line Bug#866495: fixed in woo 1.0+dfsg1-2
has caused the Debian Bug report #866495,
regarding woo: depends on obsolete python-imaging (replace with python3-pil or 
python-pil)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
866495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866495
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:woo
Version: 1.0+dfsg1-1
Severity: important
Tags: sid buster
User: d...@debian.org
Usertags: imaging-pillow

One or more binary packages built from this source depends on or
recommends python-imaging, which is obsolete for some years now.
Please build the source using the python-pil package. If your
package doesn't need to be built with Python2, please consider using
Python3 and depend on python3-pil.

Planning to remove python-imaging for the buster release, so the
severity of this issues might be raised.
--- End Message ---
--- Begin Message ---
Source: woo
Source-Version: 1.0+dfsg1-2

We believe that the bug you reported is fixed in the latest version of
woo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille  (supplier of updated woo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 07 Jan 2018 09:09:50 +0100
Source: woo
Binary: python-woo python3-woo
Architecture: source
Version: 1.0+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers 

Changed-By: Andreas Tille 
Description:
 python-woo - Discrete dynamic computations, esp. granular mechanics (python 2)
 python3-woo - Discrete dynamic compuations, esp. granular mechanics (python 3)
Closes: 866495
Changes:
 woo (1.0+dfsg1-2) unstable; urgency=medium
 .
   * Team upload.
   * Replace python-imaging by python-pil
 Closes: #866495
   * cme
   * debhelper 10
   * Drop unneeded "Testsuite: autopkgtest"
Checksums-Sha1:
 7566a5465bd0b33e7d6a7fb0204902bceb82815b 2342 woo_1.0+dfsg1-2.dsc
 794c24de1ea9fb2a126b0738516dbc1a2c4410f3 10148 woo_1.0+dfsg1-2.debian.tar.xz
 b7aba2803b37abd89441bf11805a9e6103ab8bd4 13877 woo_1.0+dfsg1-2_source.buildinfo
Checksums-Sha256:
 0a1ee9df013b8e79a675775408ec5a23832df23d8f48a20cc57b9d2051a8c56a 2342 
woo_1.0+dfsg1-2.dsc
 c932537269963be188140997ad81e7ba4572606be915aecd9a0741b7a8252f38 10148 
woo_1.0+dfsg1-2.debian.tar.xz
 18c79028aaf4803007e0358a885b9714227ed91bc2e105feb8f20656729cfa3d 13877 
woo_1.0+dfsg1-2_source.buildinfo
Files:
 6ffe93db060c503a62b9926e48a09e6c 2342 python optional woo_1.0+dfsg1-2.dsc
 02072d667d8f29b3a48e77308f04ce76 10148 python optional 
woo_1.0+dfsg1-2.debian.tar.xz
 026a4fd3b549670b9e19cacd384e119e 13877 python optional 
woo_1.0+dfsg1-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJCBAEBCgAsFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAlpT2LIOHHRpbGxlYUBy
a2kuZGUACgkQV4oElNHGRtG7UA//b6O/6+0kQYf8FtpubIEyBUJmuLbeGgRQ9otS
bSbErM2ZYlPJcWihaKZoJEQ/L3myxV8pedy/4+nT6Xc0JGyXX9ZhVRuirCSLTHol
dziHaYjmkE6+IAOKIWdmRO8yqbajcOOtQFbG6Gtya7wQoOEvOTywbflmFzbXUgO7
WU5IzhJicmNUvAIqN/NZ6SLfgOGlcFEE4V1ZURVhJ4VmEJVnNL0a5urXqeVe9ihn
+ISFZbW3QijXMt+DzSmW8OniMlcdyEgp+cq7GYxDT53CftAyqQOb0RXqdilCKr3e
3mIe6vUotssw4pdYSgzVjaUFHnsqJyTTxvBCgJ/e8LCOm3d7hrsy8Qo2XllyX0cq
SriBPBojnadnXoSjkNkOHSaQY0FjIB/9ir+YiFUTwDAfA/mdL4kzKVzYiSOaJTmr
Xscrf6n0XmiY9WRaASo4EEvgS8L6WLTUzqFoSZ+H/HpGGO0bX2sSrfcC3F/7mMnG
Xs3HHEELX+pVwtYLnJle678227cwQt3X4jqvJ6ATIx2cTKi0tCj4TxNxJyXKM0g/
tJ6vh01yRDLGB/0hCwTLeySm/lRg0TBp7np0h9bmEp8tzY8McZ80iUim8ZQUhG0J
jRBxujNQMWOcMtq8bV9hCSXys4yUyEn82u4JaJSJj15s2Ms8Fdrk0cYzPwupd4Q7
cnGCc+c=
=s3s9
-END PGP SIGNATURE End Message ---

Bug#886367: IMPORTANT: ARE they (Chip-Makers) creasy! -- Changing CPU/MMU-Microcodes MUST NOT BE POSSIBLE outside the secured HW-Factories!

2018-01-08 Thread Patrik Lori

Sorry it’s NOT enough. Don’t worry I trust Intel for changing Intel CPUs; I 
trust AMD for changing AMD CPUs, etc. NO problem with that! - But

SIMPLYFYED:
How can Firefox 57.0.4 change the Intel CPU/MMU - Microcode if such change need 
a secret code signature and don’t know anything secured from my CPU?

If a Browser-SW can change it (I hope this SW is running in user-mode), a 
"tarned Hacker-SW" can change it to !!!

For me this is NOT a trustful way for such an important change and need to be 
addressed very seriously to the HW manufactories. 
If your org can help for this, it’s great.

P.S: Linus Torvalds is also very unhappy with this actual situation!
http://www.pcgameshardware.de/CPU-Hardware-154106/News/Meltdown-Spectre-Linux-Linus-Torvalds-1247248/
 


Kind regards
Patrik
 


ifs³ Consulting+Engineering
Patrik Lori
CTO, cert. Computer Engineer & MAS-BA
Panoramastr. 6, 5625 Kallern, Switzerland
 
Web:http://www.ifs3.com 
Email:  patrik.l...@ifs3.com 
Mobile:+41 79 326 75 97
 
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is 
intended only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any unauthorised review, use, 
disclosure or distribution is prohibited. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message. If you are the intended recipient but do not wish to 
receive communications through this medium, please do advise the sender 
immediately.

> Am 08.01.2018 um 19:43 schrieb Felix Winterhalter :
> 
>> Second: I’m not willing to accept, that CPU/MMU - Microcode can be changed 
>> just by some OS/SW-Updates without any physical and local interventions or 
>> with a secret „ONE WAY“ passwords/ticket directly coming from the 
>> manufacture company. Otherwise "very bad hackers" are able to change the 
>> critical CPU/MMUs - Microcode to prepare some „spyglass-situation|attacks“, 
>> which NO uper-layered "Security-SW or OS“ ever can detect.
>> This is a very bad situation (even if this exist many years ago). 
>> 
> 
> You appear to have the impression that microcode updates are completely 
> unsigned code that anyone can modify. You might find this an interesting read:
> 
> http://inertiawar.com/microcode/ 
> 
> It explains how microcode updates work in general and specifically how they 
> work on Intel chips. You cannot simply perform arbitrary microcode updates on 
> a system. And microcode updates will only load if they are newer than the one 
> already applied. So you cannot just load an older insecure version of 
> microcode if an update has already been applied by either the bios or the 
> kernel. Microcode updates only increase security, they could only decrease it 
> if Intel released a microcode update that introduced a weakness and signed 
> that. At the point where you don't trust your vendor on that level anymore 
> you might as well give up on any sort of proprietary hardware that needs any 
> sort of binary blobs, which some decide to do.
> 
>> INFO:
>> It looks HPE has realized this serious security thread and developed a 
>> special ILO-Chip hat help to solve this real problem.
>> siehe: 
>> http://www.zdnet.de/88300819/schutz-vor-firmware-attacken-hpe-sichert-proliant-server-ab/?_ga=2.128992076.1543857168.1515237773-947033226.1515237773_by=5a50b18d671db879058b47d8
>>  
>> 
>>  
>> 
>> 
>> 
>> I hope other HW manufactures (DELL, IBM, CISCO, Oracle, etc.) are asap. also 
>> have/providing some solution for this problem.
>> 
> The link you have provided shows that HPE wants to make sure its firmware, 
> i.e. UEFI and components are secured. They do not talk about preventing 
> microcode updates, which I don't think this provides as those are CPU 
> features directly. I'm not sure if those can be disabled by the 
> chipset/mainboard as its basically just a special instruction sent to the CPU 
> (pretty sure they can't be prevented by that).
>

Bug#884078: marked as done (rapidjson: Source includes "bin/jsonchecker/fail1.json etc." listed in Files-Excluded header)

Your message dated Mon, 08 Jan 2018 20:51:55 +
with message-id 
and subject line Bug#884078: fixed in rapidjson 1.1.0+dfsg2-1
has caused the Debian Bug report #884078,
regarding rapidjson: Source includes "bin/jsonchecker/fail1.json etc." listed 
in Files-Excluded header
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
884078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884078
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: rapidjson
Version: 1.1.0+dfsg-3
Severity: serious
User: la...@debian.org
Usertags: files-excluded

Dear Maintainer,

rapidjson lists "bin/jsonchecker/*" in the Files-Excluded field
in debian/copyright but the source tree contains bin/jsonchecker/fail1.json
etc.

This might be a DFSG violation, or at least the upstream tarball was not
repacked as intended. Alternatively, the field is simply out of date.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- End Message ---
--- Begin Message ---
Source: rapidjson
Source-Version: 1.1.0+dfsg2-1

We believe that the bug you reported is fixed in the latest version of
rapidjson, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 884...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rene Engelhard  (supplier of updated rapidjson package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 08 Jan 2018 08:47:38 +0100
Source: rapidjson
Binary: rapidjson-dev rapidjson-doc
Architecture: source
Version: 1.1.0+dfsg2-1
Distribution: experimental
Urgency: medium
Maintainer: Rene Engelhard 
Changed-By: Rene Engelhard 
Description:
 rapidjson-dev - fast JSON parser/generator for C++ with SAX/DOM style API
 rapidjson-doc - fast JSON parser/generator for C++ (API documentation)
Closes: 884078
Changes:
 rapidjson (1.1.0+dfsg2-1) experimental; urgency=medium
 .
   * (really) remove bin/jsonchecker/* (again) (closes: #884078)
Checksums-Sha1:
 566f65285d25ee60313b953c8e35192530de3309 1880 rapidjson_1.1.0+dfsg2-1.dsc
 c46631b2ca2099fa4773279eaeee0f88efee4bcf 1033355 
rapidjson_1.1.0+dfsg2.orig.tar.gz
 c287a48efed75fc6dcd695b5a65b0803f9251d28 6816 
rapidjson_1.1.0+dfsg2-1.debian.tar.xz
 86e4806d81ebd98aaa856e2f24b20a3b79f0b1b2 5723 
rapidjson_1.1.0+dfsg2-1_source.buildinfo
Checksums-Sha256:
 7349d7aa2113da26e5850e6cdd78ce8abe5b9f2140c47487601def487d4fb99d 1880 
rapidjson_1.1.0+dfsg2-1.dsc
 92aa6402743012e5f2c3db17def1ff5273df4f3ca7a8f8ed9f1041d392c14ce7 1033355 
rapidjson_1.1.0+dfsg2.orig.tar.gz
 e0b7e84116d539a8f78a47040e52b0c65dfaf86efa1e0917bb8996751cdae18a 6816 
rapidjson_1.1.0+dfsg2-1.debian.tar.xz
 648e82bdc17a30de7c7ef75de3a871ed10196dc66aba3f49c5af90fc86aaefd9 5723 
rapidjson_1.1.0+dfsg2-1_source.buildinfo
Files:
 d719e8b1c046b0a0f7b81dc27a4ee42e 1880 libs optional rapidjson_1.1.0+dfsg2-1.dsc
 ad0d9476ba2fd588c4f11a5375579a57 1033355 libs optional 
rapidjson_1.1.0+dfsg2.orig.tar.gz
 87c871f2d5f05a844a372ea0de869794 6816 libs optional 
rapidjson_1.1.0+dfsg2-1.debian.tar.xz
 652242e1b8c834eb184921b1a3c7f969 5723 libs optional 
rapidjson_1.1.0+dfsg2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAlpT0fEACgkQCqBFcdA+
PnAhPg//fYdPHXoDW1A9JbIv4sO/H6ICb4XBi/iPml3lD6L2exFcLM3g45Qp1W5l
fF+BRzpIPGuxUnZqyr4I0+E0jK3Q7U4BblpmAAxuwRCHPnZKEhAaN2zt1C6uzarg
OoIpxXr0dMZd/gOnXRWc9s880J+/cpWUwFOCST7+BD7elio7+khD2fXIgdLQu9XR
O7T865tvlkHwStdHFO4TV/VhyKOyXgGBhi5ThVNtHQQvJ1HrWhKPJNcxFghQ0FvV
+yzFUpnSlvGmDWZecrO8B2n0pWYQGumBXjEXchhRksXG7DEYTkJtO0IaV5GJiN/V
0vlL8HMp6gSUxPHfIs+VDSgCvQ7XrzA0VebsJTDjD5j5x46QkXWzZQTvOZwyMzBn
q+nWOVjyPzJEfFbbU7BV/8l4tPX7AlGReWSmHtezQ6SxLhAE4NR3Ow5nGy10whBh
u5XiSU3XHF9AvT/l23lReuHc3k0C0VM3Ce0wsW2cFvUQpJU5tg320UNJ6+vVofjM
9Z5WKJRogkwDRTR79gwuNJvdO6zJCYAjai6rL/VTcNvyO2JzcCoqLSFZ/ASp+SXE
P0chWrPcDGPLpyX6pwy2QlANuGK31QHA91DdhmhlJHMRCBIgKRHiOZRUgTGb05ts
Jf4lj/SfIXXiwp0Y9gwHjISq5kbe/yaFXckg3dE54svubANqhvY=
=hERx
-END PGP SIGNATURE End Message ---

Bug#886432: marked as done (snapd FTBFS on 32bit: json.go:320:7: constant 9007199254740992 overflows int)

Your message dated Mon, 08 Jan 2018 20:51:11 +
with message-id 
and subject line Bug#886432: fixed in golang-gopkg-mgo.v2 2016.08.01-2
has caused the Debian Bug report #886432,
regarding snapd FTBFS on 32bit: json.go:320:7: constant 9007199254740992 
overflows int
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
886432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886432
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: snapd
Version: 2.30-1
Severity: serious

https://buildd.debian.org/status/package.php?p=snapd=sid

...
# gopkg.in/mgo.v2/bson
src/gopkg.in/mgo.v2/bson/json.go:320:7: constant 9007199254740992 overflows int
--- End Message ---
--- Begin Message ---
Source: golang-gopkg-mgo.v2
Source-Version: 2016.08.01-2

We believe that the bug you reported is fixed in the latest version of
golang-gopkg-mgo.v2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Hudson-Doyle  (supplier of updated 
golang-gopkg-mgo.v2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jan 2018 09:38:03 +1300
Source: golang-gopkg-mgo.v2
Binary: golang-gopkg-mgo.v2-dev
Architecture: source
Version: 2016.08.01-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 

Changed-By: Michael Hudson-Doyle 
Description:
 golang-gopkg-mgo.v2-dev - Go library for MongoDB
Closes: 886432
Changes:
 golang-gopkg-mgo.v2 (2016.08.01-2) unstable; urgency=medium
 .
   * Backport 
d/patches/0001-fix-integer-constant-overflow-on-32-bit-systems.patch
 from upstream to fix builds of dependencies on 32-bit systems.
 (Closes: 886432)
   * Add myself to Uploaders.
Checksums-Sha1:
 1a127e04c9ebf94984c9887ba1a39d89fe802b67 2243 
golang-gopkg-mgo.v2_2016.08.01-2.dsc
 94aadc89bd1a96d764564cd284d880088e7513fd 3812 
golang-gopkg-mgo.v2_2016.08.01-2.debian.tar.xz
Checksums-Sha256:
 45ce67b3113a07969c49d0ac5fa7406fe0474ed1f28669c171a7a99c5c41b50f 2243 
golang-gopkg-mgo.v2_2016.08.01-2.dsc
 f64332791f7ef509c2263a9c387cbaa0d0bfc15e5cda6cffd3330d6f1fc9b99e 3812 
golang-gopkg-mgo.v2_2016.08.01-2.debian.tar.xz
Files:
 896aad7299c0bde8090e4825e43e2e41 2243 devel optional 
golang-gopkg-mgo.v2_2016.08.01-2.dsc
 5584134aeb5e857ad3a856b920de6116 3812 devel optional 
golang-gopkg-mgo.v2_2016.08.01-2.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJaU9b4AAoJEBHfQpTMo5iTDWAP/1rV1Fh9opqczPoG3705aAQJ
YOo+SEnTJYiqczCiMcoEfkg3sXWjcsC3Ptq3VGjP7JR/Gchzum7XlOq6WElYr+8x
8nbn4V84WkFZbL719kxmYMaSNKQnQFtl1f7sHf0kXFntXq7ZzNUI2aSCNfjylmYu
5sCvAsgO6RujB1j0mbHEMN1R5e/xnhsEFv6eJZzFSWxN1sOdtCnbEiJ7i6SHqJhl
MLiOzQ85RaMH90zQ6BoNPUUO4R68n7ivHwy14AWYzbUdnWwNbUny4t42C5IUL6dS
p15QJkl7P6fqWzgGBcXyWvl/vPbPcn+y8fRhxmSP2cbe3+Pja+d9Tos/1ADVfvsJ
gF3NQJQariphX03N0E9N3gU7hgLDoOCXWSoto0dTewbobWG8ontWkqPSIdg2MKqA
2RETPJYg0C1SUkIYeO+QpP2YoRut/Vy2DarPrmMD/6x1szg0kyRR0iobNKjWQskA
SElP30dQqSU0ChVmgxTltXinEmJgIe9NFwny9tqTYUsDfZ37sBolD3Tvdw3xaf63
ofV+dCttANy7QbRfVlP4B7WElZywhehTr4oLkSyhyFKXmiq/yAbRJKz1jeWgKOkU
Tv65rVaUml+IsZY1pI6WmAaHDYL5Y/WHUdDaE6N+z3ZQCqGl+D6mzvL8GWUXydMH
x0pfoXbLxh2glXKM3iqk
=VvB0
-END PGP SIGNATURE End Message ---

Bug#886662: wireguard-dkms should depend on libelf-dev

2018-01-08 Thread Daniel Kahn Gillmor

On Mon 2018-01-08 13:34:53 -0500, Robert Edmonds wrote:
> You may want to hold off on fixing this in wireguard. It looks like this
> is a regression in src:linux (#886474). Given this failure is coming
> from the kernel build system apparently before the module itself even
> starts building, it would seem to affect all out-of-tree kernel module
> packages.

thx for the heads-up, Robert.  I'll hold off for the moment and keep an
eye on src:linux.

--dkg


signature.asc
Description: PGP signature

Bug#862851: vblade-persist: diff for NMU version 0.6-2.1

2018-01-08 Thread Daniel Kahn Gillmor

On Sat 2018-01-06 14:56:50 +, Luca Boccassi wrote:
> Control: tags 862851 + patch
> Control: tags 862851 + pending
>
> [Replace XX with correct value]
> Dear maintainer,
>
> I've prepared an NMU for vblade-persist (versioned as 0.6-2.1) and
> uploaded it to DELAYED/XX. Please feel free to tell me if I
> should delay it longer.

hi there! I don't know what XX is, but i appreciate your preparing the
upload.  I've orphaned vblade-persist, so feel free to take it over if
you like:

   https://bugs.debian.org/862873

all the best,

--dkg

Bug#886494: polymake: Can't locate loadable object for module Polymake::Ext in @INC

2018-01-08 Thread Niko Tyni

On Sun, Jan 07, 2018 at 05:04:17PM +0200, Niko Tyni wrote:

> The wasted stats could certainly be fixed by modifying our relevant
> changes to perl.c
>  
> https://sources.debian.org/src/perl/5.26.1-3/debian/patches/debian/mod_paths.diff/
> but I haven't looked into that properly yet.

I did this now and pushed to the 'ntyni/inc-version-list'
branch of the Debian perl git repository.

The relevant changes are

https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/debian/mod_paths.diff?h=ntyni/inc-version-list=3885251398d6e2897fa57cafe61134e4e14593ac

https://anonscm.debian.org/cgit/perl/perl.git/commit/?h=ntyni/inc-version-list=f8e4ea6058a58019e78a5c3225a6ab4a3d0c6700

A test build fixes the polymake issue and doesn't seem to break anything
major.

I'm inclined to reassign this bug to perl and close it with the above
change unless I hear arguments to the contrary.

Thanks,
-- 
Niko Tyni   nt...@debian.org

Bug#753719: ucarp: diff for NMU version 1.5.2-2.1

2018-01-08 Thread Eric Evans

[ Luca Boccassi ]

> [ ... ]
>
> I've prepared an NMU for ucarp (versioned as 1.5.2-2.1) and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.

No, that's fine; Thanks for the help Luca!

-- 
Eric Evans
eev...@debian.org

Bug#886431: snapd binary-all FTBFS: install: failed to access debian/snapd///usr/lib/snapd: No such file or directory

2018-01-08 Thread Michael Hudson-Doyle

Thanks for the report. This is fixed in git, will wait until my
gopkg.in/mgo.v2 upload for the 32 bit issues gets published before
uploading.

On 6 January 2018 at 10:59, Adrian Bunk  wrote:

> Source: snapd
> Version: 2.30-1
> Severity: serious
>
> https://buildd.debian.org/status/fetch.php?pkg=snapd;
> arch=all=2.30-1=1515103055=0
>
> ...
> /usr/bin/make -C systemd install
> make[3]: Entering directory '/<>/data/systemd'
> # NOTE: old (e.g. 14.04) GNU coreutils doesn't -D with -t
> install -d -m 0755 /<>/debian/snapd//lib/systemd/system/
> install -m 0644 -t /<>/debian/snapd//lib/systemd/system/
> snapd.refresh.service snapd.core-fixup.service snapd.autoimport.service
> snapd.snap-repair.service snapd.service snapd.system-shutdown.service
> snapd.refresh.timer snapd.snap-repair.timer snapd.socket
> install -m 0755 -t /<>/debian/snapd///usr/lib/snapd
> snapd.core-fixup.sh
> install: failed to access '/<>/debian/snapd///usr/lib/snapd':
> No such file or directory
> Makefile:36: recipe for target 'install' failed
> make[3]: *** [install] Error 1
>
>

Processed: limit source to qca2, tagging 850897, tagging 874758

Processing commands for cont...@bugs.debian.org:

> limit source qca2
Limiting to bugs with field 'source' containing at least one of 'qca2'
Limit currently set to 'source':'qca2'

> tags 850897 + pending
Bug #850897 [src:qca2] qca2: Please migrate to openssl1.1 in buster
Added tag(s) pending.
> tags 874758 + pending
Bug #874758 [libqca2-plugin-ossl] please drop transitional package 
libqca2-plugin-ossl
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
850897: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850897
874758: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874758
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#869994: proposed fix

2018-01-08 Thread Robert J. Clay

> Greetings all using FindBin and adding the current directory everywhere
> sql-ledger calls perl should fix the issue in all versions.

   I appreciate the example perl script you provided but since it's
known where the package is installing sql-ledger to, I don't think
using "FindBin" is necessary.  At least, that's what what I'm assuming
with the patch I've created for the ITA[1] I've been working on.  I
originally wrote the patch against sql-ledger 3.0.8 but will be
updating as necessary for use against the most recent version I
currently see, which is 3.2.6.


-- 
Robert J. Clay
rjc...@gmail.com
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862963

Processed: reassign 885570 to src:linux, forcibly merging 884061 885570 884116 884001

Processing commands for cont...@bugs.debian.org:

> reassign 885570 src:linux
Bug #885570 [linux-image-4.9.0-4-amd64] linux-image-4.9.0-4-amd64: display 
breakage with Intel HD Graphics 5500
Bug reassigned from package 'linux-image-4.9.0-4-amd64' to 'src:linux'.
No longer marked as found in versions linux/4.9.65-3+deb9u1.
Ignoring request to alter fixed versions of bug #885570 to the same values 
previously set
> forcemerge 884061 885570 884116 884001
Bug #884061 [src:linux] linux-image-4.9.0-4-amd64: screen scrolls wildly
Bug #885570 [src:linux] linux-image-4.9.0-4-amd64: display breakage with Intel 
HD Graphics 5500
Severity set to 'normal' from 'critical'
Marked as fixed in versions linux/4.14.7-1~bpo9+1.
The source linux and version 4.9.0-4 do not appear to match any binary packages
Marked as found in versions linux/4.9.65-3+deb9u1, linux/4.9.0-4, 
linux/4.9.65-3+deb9u2, and linux/4.9.65-3.
Added tag(s) patch.
Bug #884001 [src:linux] linux-image-4.9.0-4-amd64: Severe graphics corruption 
on intel graphics after kernel upgrade
Severity set to 'normal' from 'important'
The source linux and version 4.9.0-4 do not appear to match any binary packages
Marked as found in versions linux/4.9.0-4.
Added tag(s) patch.
Bug #884061 [src:linux] linux-image-4.9.0-4-amd64: screen scrolls wildly
Marked as fixed in versions linux/4.14.7-1~bpo9+1.
The source linux and version 4.9.0-4 do not appear to match any binary packages
Marked as found in versions linux/4.9.65-3+deb9u1, linux/4.9.0-4, and 
linux/4.9.65-3+deb9u2.
Bug #884116 [src:linux] linux-image-4.9.0-4-amd64: screen atrifacts then crash
Severity set to 'normal' from 'critical'
Marked as fixed in versions linux/4.14.7-1~bpo9+1.
The source linux and version 4.9.0-4 do not appear to match any binary packages
Marked as found in versions linux/4.9.65-3+deb9u2 and linux/4.9.65-3+deb9u1.
Added tag(s) patch.
Merged 884001 884061 884116 885570
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
884001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884001
884061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884061
884116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884116
885570: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885570
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed (with 1 error): Re: Bug#885570: Duplicate of 884061 ?

Processing control commands:

> forcemerge 884061 885570 884116 884001
Bug #884061 [src:linux] linux-image-4.9.0-4-amd64: screen scrolls wildly
Unable to merge bugs because:
package of #885570 is 'linux-image-4.9.0-4-amd64' not 'src:linux'
Failed to forcibly merge 884061: Did not alter merged bugs.


-- 
884001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884001
884061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884061
884116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884116
885570: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885570
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885570: Duplicate of 884061 ?

2018-01-08 Thread Yves-Alexis Perez

control: forcemerge 884061 885570 884116 884001
On Sun, 2017-12-31 at 01:35 +0100, Adrien Plan wrote:
> Hi,
> 
> I got the same issue on my i915 notebook (Dell E7450) and I had to boot 
> on previous kernel (linux-image-4.9.0-3-amd64)
> 
> This bug report seems the same and suggest a tested revert on commit 
> 7de694782cbe7840f2c0de6f1e70f41fc1b8b6e8 :
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884061
> 
Thanks, I'm merging the bugs. I'm currently working on 4.9.75 but I'll
investigate reverting this or identify a more proper fix when it's done.

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Bug#886367: IMPORTANT: ARE they (Chip-Makers) creasy! -- Changing CPU/MMU-Microcodes MUST NOT BE POSSIBLE outside the secured HW-Factories!

*Sorry it’s NOT enough.* Don’t worry I trust Intel for changing Intel 
CPUs; I trust AMD for changing AMD CPUs, etc. NO problem with that! - But


SIMPLYFYED:
How can Firefox 57.0.4 change the Intel CPU/MMU - Microcode if such 
change need a secret code signature and don’t know anything secured 
from my CPU?


If a Browser-SW can change it (I hope this SW is running in 
user-mode), a "tarned Hacker-SW" can change it to !!!


I do not know where you got the impression that this is possible. As it 
isn't.


The Meltdown and Specter vulnerabilities have nothing whatsoever to do 
with putting "hacked microcode" or something like that on the CPU. I 
suggest you read up on how these vulnerabilities actually work before 
posting messages such as this or for that matter look up what exactly 
microcode IS as it seems you have a bit of a misconception about the 
nature of it.


In essence they use features that are already in the CPU in a way that 
allows them to gain knowledge of privileged information. They don't put 
anything malicious onto the CPU especially not something that would 
"stay there", "hacker software", "malware" or anything of the sort. They 
use normal operation features of modern CPUs in order to defeat higher 
level protection mechanisms.
*For me this is NOT a trustful way for such an important change and 
need to be addressed very seriously to the HW manufactories.*

*If your org can help for this, it’s great.*

Sooo installing updates onto your system by downloading them is also not 
a trustful way for updates to arrive? You want to chisel those onto your 
harddrive manually? On Windows I think every user has the right to 
install updates even ... which makes sense in a way.


I do not really get what your issue is. As long as you trust that a 
signature for an update is not compromised you should be fine installing 
that signed update ( as long as you trust updates in general ).


Your main problem really seems to be a misconception about the way these 
vulnerabilities work and what exactly exploiting them entails.

Processed: reassign 886432 to src:golang-gopkg-mgo.v2

Processing commands for cont...@bugs.debian.org:

> reassign 886432 src:golang-gopkg-mgo.v2
Bug #886432 [src:snapd] snapd FTBFS on 32bit: json.go:320:7: constant 
9007199254740992 overflows int
Bug reassigned from package 'src:snapd' to 'src:golang-gopkg-mgo.v2'.
No longer marked as found in versions snapd/2.30-1.
Ignoring request to alter fixed versions of bug #886432 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886432
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885570: linux-image-4.9.0-5-amd64

2018-01-08 Thread Pierre Parent

Hi,

Same problem with linux-image-4.9.0-5-amd64.

The bad thing is: now we have the choice between being protected against 
meltdown and have terrible artifacts, or go back to linux-image-4.9.0-3-amd64, 
but being vulnerable to meltdown.

Pierre.

Processed: The debian/rules change fixes it

Processing commands for cont...@bugs.debian.org:

> tags 883986 patch
Bug #883986 [src:openscad] openscad: FTBFS on mips/mipsel: virtual memory 
exhausted: Cannot allocate memory
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
883986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#883986: openscad: FTBFS on mips/mipsel: virtual memory exhausted: Cannot allocate memory

On Sun, Dec 10, 2017 at 03:52:04AM +0100, Andreas Beckmann wrote:
> Source: openscad
> Version: 2015.03-2+dfsg-2
> Severity: serious
> Tags: sid buster
> Justification: fails to build from source (but built successfully in the past)
> 
> Hi,
> 
> openscad did run out of memory during the recent binNMU on mips/mipsel:
> 
> https://buildd.debian.org/status/package.php?p=openscad=unstable

This can be "fixed" as follows:

--- debian/rules.old2018-01-06 18:09:18.661616675 +
+++ debian/rules2018-01-06 18:09:18.661616675 +
@@ -2,6 +2,13 @@
 
 # export DH_VERBOSE=1
 
+include /usr/share/dpkg/architecture.mk
+
+# workaround for virtual memory exhaustion, see #883986
+ifneq (,$(filter $(DEB_HOST_ARCH), mips mipsel))
+export DEB_CXXFLAGS_MAINT_APPEND = -g1
+endif
+
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 UPSTREAMVERS = $(shell dpkg-parsechangelog | sed -n 's/^Version: 
\([^+~]*\).*$$/\1/p')
 

-g1 gives enough debug information for backtraces but not much more,
so for other architectures it's still preferable to have full debug
information in openscad-dbg.


The package built for me on minkus (mips porterbox) with the attached 
hack additionally applied,[1] for a proper solution instead of this 
additional hack I've opened #886670.


> Andreas

cu
Adrian

[1] it built, no clue whether or not the result also works

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

--- openscad-2015.03-2+dfsg.orig/tests/CMakeLists.txt
+++ openscad-2015.03-2+dfsg/tests/CMakeLists.txt
@@ -758,7 +758,7 @@ add_library(tests-common STATIC ${COMMON
 target_link_libraries(tests-common tests-core)
 
 add_library(tests-cgal STATIC ${CGAL_SOURCES})
-set_target_properties(tests-cgal PROPERTIES COMPILE_FLAGS "${ENABLE_OPENCSG_FLAG} -DENABLE_CGAL ${CGAL_CXX_FLAGS_INIT}")
+set_target_properties(tests-cgal PROPERTIES COMPILE_FLAGS "${ENABLE_OPENCSG_FLAG} -DENABLE_CGAL")
 target_link_libraries(tests-cgal tests-common ${CGAL_LIBRARY} ${CGAL_3RD_PARTY_LIBRARIES} ${GMP_LIBRARIES} ${MPFR_LIBRARIES})
 
 #
@@ -771,7 +771,7 @@ if (NOT NULLGL)
 endif()
 
 add_library(tests-offscreen STATIC ${OFFSCREEN_SOURCES})
-set_target_properties(tests-offscreen PROPERTIES COMPILE_FLAGS "${ENABLE_OPENCSG_FLAG} -DENABLE_CGAL ${CGAL_CXX_FLAGS_INIT}")
+set_target_properties(tests-offscreen PROPERTIES COMPILE_FLAGS "${ENABLE_OPENCSG_FLAG} -DENABLE_CGAL")
 target_link_libraries(tests-offscreen ${OPENGL_LIBRARIES} ${OPENGL_3RD_PARTY_LIBS})
 
 #
@@ -790,7 +790,7 @@ target_link_libraries(csgtexttest tests-
 # cgalcachetest
 #
 add_executable(cgalcachetest cgalcachetest.cc)
-set_target_properties(cgalcachetest PROPERTIES COMPILE_FLAGS "-DENABLE_CGAL ${CGAL_CXX_FLAGS_INIT}")
+set_target_properties(cgalcachetest PROPERTIES COMPILE_FLAGS "-DENABLE_CGAL")
 target_link_libraries(cgalcachetest tests-cgal ${GLEW_LIBRARY} ${OPENCSG_LIBRARY} ${APP_SERVICES_LIBRARY})
 
 # also run translation compilation to verify the files are without syntax errors

Bug#886670: libcgal-dev: CGAL_CXX_FLAGS_INIT contains flags that shouldn't be there

Package: libcgal-dev
Version: 4.11-2
Severity: serious
Control: block 883986 by -1

While looking into fixing #883986 I ran into the following problem
due to openscad using CGAL_CXX_FLAGS_INIT:

/usr/lib/x86_64-linux-gnu/cmake/CGAL/CGALConfig.cmake:
set(CGAL_CXX_FLAGS_INIT   "-g -O2 
-fdebug-prefix-map=/build/cgal-d6DBFP/cgal-4.11=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 
-frounding-math" )

The only flag that might be correct in this place is -frounding-math,
in case that is required for using CGAL.

Exposing flags like -fdebug-prefix-map is simply wrong.

(For #883986 the problem is the -g, that is also wrong here.)

The severity might seem inflated, but this should be fixed
for fixing the RC #883986 FTBFS in openscad.

Processed: libcgal-dev: CGAL_CXX_FLAGS_INIT contains flags that shouldn't be there

Processing control commands:

> block 883986 by -1
Bug #883986 [src:openscad] openscad: FTBFS on mips/mipsel: virtual memory 
exhausted: Cannot allocate memory
883986 was not blocked by any bugs.
883986 was not blocking any bugs.
Added blocking bug(s) of 883986: 886670

-- 
883986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883986
886670: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886670
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Version tracking fix

Processing commands for cont...@bugs.debian.org:

> fixed 866460 0.14.2+dfsg-6
Bug #866460 {Done: Andreas Tille } [src:pyfai] pyfai: depends 
on obsolete python-imaging (replace with python3-pil or python-pil)
Marked as fixed in versions pyfai/0.14.2+dfsg-6.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
866460: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866460
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#886662: wireguard-dkms should depend on libelf-dev

2018-01-08 Thread Robert Edmonds

Daniel Kahn Gillmor wrote:
> make: Entering directory '/usr/src/linux-headers-4.14.0-3-amd64'
> /usr/src/linux-headers-4.14.0-3-common/Makefile:947: *** "Cannot generate ORC 
> metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel 
> or elfutils-libelf-devel".  Stop.
> Makefile:146: recipe for target 'sub-make' failed
> make[1]: *** [sub-make] Error 2
> Makefile:8: recipe for target 'all' failed
> make: *** [all] Error 2
> make: Leaving directory '/usr/src/linux-headers-4.14.0-3-amd64'
> 0 root@sid:~# 
> 
> I'll fix this shortly.

Hi, Daniel:

You may want to hold off on fixing this in wireguard. It looks like this
is a regression in src:linux (#886474). Given this failure is coming
from the kernel build system apparently before the module itself even
starts building, it would seem to affect all out-of-tree kernel module
packages.

-- 
Robert Edmonds
edmo...@debian.org

Bug#886367: IMPORTANT: ARE they (Chip-Makers) creasy! -- Changing CPU/MMU-Microcodes MUST NOT BE POSSIBLE outside the secured HW-Factories!

*Second:* I’m not willing to accept, that CPU/MMU - Microcode can be
changed just by some OS/SW-Updates *without* any physical and local
interventions or with *a secret „ONE WAY“* passwords/ticket
*directly coming from the manufacture company*. Otherwise "very bad
hackers" are able to change the critical CPU/MMUs - Microcode to
prepare some „spyglass-situation|attacks“, which NO uper-layered
"Security-SW or OS“ ever can detect.

*This is a very bad situation (even if this exist many years ago). *

You appear to have the impression that microcode updates are completely
unsigned code that anyone can modify. You might find this an interesting
read:

http://inertiawar.com/microcode/

It explains how microcode updates work in general and specifically how
they work on Intel chips. You cannot simply perform arbitrary microcode
updates on a system. And microcode updates will only load if they are
newer than the one already applied. So you cannot just load an older
insecure version of microcode if an update has already been applied by
either the bios or the kernel. Microcode updates only increase security,
they could only decrease it if Intel released a microcode update that
introduced a weakness and signed that. At the point where you don't
trust your vendor on that level anymore you might as well give up on any
sort of proprietary hardware that needs any sort of binary blobs, which
some decide to do.

*INFO:*
It looks HPE has realized this *serious security thread* and developed
a special ILO-Chip hat help to solve this real problem.
*siehe:*
http://www.zdnet.de/88300819/schutz-vor-firmware-attacken-hpe-sichert-proliant-server-ab/?_ga=2.128992076.1543857168.1515237773-947033226.1515237773_by=5a50b18d671db879058b47d8


*I hope other HW manufactures *(DELL, IBM, CISCO, Oracle, etc.) *are
asap. also have/providing some solution for this problem.*

The link you have provided shows that HPE wants to make sure its
firmware, i.e. UEFI and components are secured. They do not talk about
preventing microcode updates, which I don't think this provides as those
are CPU features directly. I'm not sure if those can be disabled by the
chipset/mainboard as its basically just a special instruction sent to
the CPU (pretty sure they can't be prevented by that).

Processed: Merge duplicates

Processing commands for cont...@bugs.debian.org:

> reassign 886629 linux-headers-4.14.0-3-amd64
Bug #886629 [virtualbox-dkms] virtualbox-dkms: missing dependency libelf-dev
Bug reassigned from package 'virtualbox-dkms' to 'linux-headers-4.14.0-3-amd64'.
No longer marked as found in versions virtualbox/5.2.4-dfsg-2.
Ignoring request to alter fixed versions of bug #886629 to the same values 
previously set
> reassign 886662 linux-headers-4.14.0-3-amd64
Bug #886662 [wireguard-dkms] wireguard-dkms should depend on libelf-dev
Bug reassigned from package 'wireguard-dkms' to 'linux-headers-4.14.0-3-amd64'.
No longer marked as found in versions wireguard/0.0.20171221-1.
Ignoring request to alter fixed versions of bug #886662 to the same values 
previously set
> forcemerge 886474 886629 886662
Bug #886474 [linux-headers-4.14.0-3-amd64] linux-headers-4.14.0-3-amd64: 
missing dependency on libelf-dev
Bug #886510 [linux-headers-4.14.0-3-amd64] Cannot generate ORC metadata for 
CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or 
elfutils-libelf-devel
Bug #886474 [linux-headers-4.14.0-3-amd64] linux-headers-4.14.0-3-amd64: 
missing dependency on libelf-dev
Added tag(s) confirmed.
Added tag(s) confirmed.
Bug #886510 [linux-headers-4.14.0-3-amd64] Cannot generate ORC metadata for 
CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or 
elfutils-libelf-devel
Removed indication that 886510 affects dkms, nvidia-legacy-304xx-kernel-dkms, 
and broadcom-sta-dkms
Added indication that 886510 affects 
dkms,broadcom-sta-dkms,nvidia-legacy-304xx-kernel-dkms
Removed indication that 886474 affects broadcom-sta-dkms, 
nvidia-legacy-304xx-kernel-dkms, and dkms
Added indication that 886474 affects 
dkms,broadcom-sta-dkms,nvidia-legacy-304xx-kernel-dkms
Bug #886662 [linux-headers-4.14.0-3-amd64] wireguard-dkms should depend on 
libelf-dev
Added indication that 886662 affects 
dkms,broadcom-sta-dkms,nvidia-legacy-304xx-kernel-dkms
Marked as found in versions linux/4.14.12-2.
Bug #886629 [linux-headers-4.14.0-3-amd64] virtualbox-dkms: missing dependency 
libelf-dev
Severity set to 'grave' from 'serious'
Added indication that 886629 affects 
dkms,broadcom-sta-dkms,nvidia-legacy-304xx-kernel-dkms
Marked as found in versions linux/4.14.12-2.
Added tag(s) confirmed.
Merged 886474 886510 886629 886662
> affects 886474 virtualbox-dkms wireguard-dkms
Bug #886474 [linux-headers-4.14.0-3-amd64] linux-headers-4.14.0-3-amd64: 
missing dependency on libelf-dev
Bug #886510 [linux-headers-4.14.0-3-amd64] Cannot generate ORC metadata for 
CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or 
elfutils-libelf-devel
Bug #886629 [linux-headers-4.14.0-3-amd64] virtualbox-dkms: missing dependency 
libelf-dev
Bug #886662 [linux-headers-4.14.0-3-amd64] wireguard-dkms should depend on 
libelf-dev
Added indication that 886474 affects virtualbox-dkms and wireguard-dkms
Added indication that 886510 affects virtualbox-dkms and wireguard-dkms
Added indication that 886629 affects virtualbox-dkms and wireguard-dkms
Added indication that 886662 affects virtualbox-dkms and wireguard-dkms
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886474
886510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886510
886629: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886629
886662: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886662
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#886666: node-d3-shape FTBFS

Source: node-d3-shape
Version: 1.2.0-2
Severity: serious

https://buildd.debian.org/status/fetch.php?pkg=node-d3-shape=all=1.2.0-2=1515264095=0

...
   debian/rules override_dh_auto_build
make[1]: Entering directory '/<>'
webpack --config debian/webpack.config.js \
--output-library=d3 \
index.js build/d3-shape.js
Hash: 0edb256ac8d106ecf390
Version: webpack 3.5.6
Time: 3110ms
  Asset Size  Chunks Chunk Names
d3-shape.js  83.8 kB   0  [emitted]  main
   [3] ./src/offset/none.js 432 bytes {0} [built]
   [4] ./src/order/none.js 256 bytes {0} [built]
   [5] ./src/curve/linear.js 922 bytes {0} [built]
   [7] ./src/curve/basis.js 1.61 kB {0} [built]
   [8] ./src/curve/cardinal.js 1.8 kB {0} [built]
   [9] ./src/line.js 1.91 kB {0} [built]
  [11] ./src/curve/catmullRom.js 2.86 kB {0} [built]
  [12] ./src/order/ascending.js 596 bytes {0} [built]
  [13] ./src/area.js 3.46 kB {0} [built]
  [26] ./src/curve/cardinalOpen.js 1.49 kB {0} [built]
  [27] ./index.js 9.83 kB {0} [built]
  [47] ./src/offset/silhouette.js 607 bytes {0} [built]
  [48] ./src/offset/wiggle.js 1.02 kB {0} [built]
  [49] ./src/order/descending.js 406 bytes {0} [built]
  [50] ./src/order/insideOut.js 856 bytes {0} [built]
+ 37 hidden modules

ERROR in /usr/lib/nodejs/d3-path/index.js
Module not found: Error: Can't resolve './src/path' in '/usr/lib/nodejs/d3-path'
 @ /usr/lib/nodejs/d3-path/index.js 7:12-33
 @ ./src/arc.js
 @ ./index.js
debian/rules:11: recipe for target 'override_dh_auto_build' failed
make[1]: *** [override_dh_auto_build] Error 2

Bug#886664: node-d3-timer FTBFS: test failure

Source: node-d3-timer
Version: 1.0.7-3
Severity: serious

https://buildd.debian.org/status/fetch.php?pkg=node-d3-timer=all=1.0.7-3=1515230593=0

...
not ok 11 should be in range
  ---
operator: inRange
expected: [ 440, 460 ]
actual:   466
at: Test.tape.Test.inRange (/<>/test/inRange.js:4:8)
stack: |-
  Error: should be in range
  at Test.assert [as _assert] (/usr/lib/nodejs/tape/lib/test.js:224:54)
  at Test.bound [as _assert] (/usr/lib/nodejs/tape/lib/test.js:76:32)
  at Test.tape.Test.inRange (/<>/test/inRange.js:4:8)
  at Test.bound [as inRange] (/usr/lib/nodejs/tape/lib/test.js:76:32)
  at /<>/test/interval-test.js:35:44
  at Array.forEach ()
  at /<>/test/interval-test.js:35:12
  at tick (/<>/build/d3-timer.js:308:5)
  at timerFlush (/<>/build/d3-timer.js:157:48)
  at Timeout.wake [as _onTimeout] 
(/<>/build/d3-timer.js:167:5)
  ...
...
1..106
# tests 106
# pass  105
# fail  1

debian/rules:16: recipe for target 'override_dh_auto_test' failed
make[1]: *** [override_dh_auto_test] Error 123

Bug#866435: marked as done (ipe-tools: depends on obsolete python-imaging (replace with python3-pil or python-pil))

Your message dated Mon, 08 Jan 2018 18:05:14 +
with message-id 
and subject line Bug#866435: fixed in ipe-tools 1:7.2.7-1
has caused the Debian Bug report #866435,
regarding ipe-tools: depends on obsolete python-imaging (replace with 
python3-pil or python-pil)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
866435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:ipe-tools
Version: 20150406-3
Severity: important
Tags: sid buster
User: d...@debian.org
Usertags: imaging-pillow

One or more binary packages built from this source depends on or
recommends python-imaging, which is obsolete for some years now.
Please build the source using the python-pil package. If your
package doesn't need to be built with Python2, please consider using
Python3 and depend on python3-pil.

Planning to remove python-imaging for the buster release, so the
severity of this issues might be raised.
--- End Message ---
--- Begin Message ---
Source: ipe-tools
Source-Version: 1:7.2.7-1

We believe that the bug you reported is fixed in the latest version of
ipe-tools, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille  (supplier of updated ipe-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 08 Jan 2018 18:42:33 +0100
Source: ipe-tools
Binary: figtoipe ipe5toxml pdftoipe svgtoipe
Architecture: source
Version: 1:7.2.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team 

Changed-By: Andreas Tille 
Description:
 figtoipe   - convert FIG files to XML files for ipe
 ipe5toxml  - converts Ipe5 figures to an XML file readable by Ipe
 pdftoipe   - converts arbitrary PDF file to XML file readable by Ipe
 svgtoipe   - converts SVG figures to an XML file readable by Ipe
Closes: 866435
Changes:
 ipe-tools (1:7.2.7-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version (added epoch to enable real versioning)
   * Add Vcs fields
   * cme fix dpkg-control; cme fix dpkg-copyright
   * debhelper 10
   * Replace python-imaging by python-pil
 Closes: #866435
   * Enhance descriptions
   * DEP5
   * Standards-Version: 4.1.3
   * hardening=+all
   * Add watch file
Checksums-Sha1:
 a4145a24d6cf6f082af84744e4ff155706d3224d 2212 ipe-tools_7.2.7-1.dsc
 ef522fd4442d9297342b3fb263439a4f43e86097 216376 ipe-tools_7.2.7.orig.tar.gz
 fde6ba5884ca1a81a2fac4eafbc4210f8607cc6e 4132 ipe-tools_7.2.7-1.debian.tar.xz
 cda30f2ae33fcab5f0f758c6826f38ee41d12078 13368 
ipe-tools_7.2.7-1_source.buildinfo
Checksums-Sha256:
 4f4abfd6fdfcc182768c9a504194a562b58723a4fb126a3473bb48b9aa7b711d 2212 
ipe-tools_7.2.7-1.dsc
 889cb31bd8769ba111f541ba795cf53fad474aeeafbc87b7cd37c8a24b2dc6f6 216376 
ipe-tools_7.2.7.orig.tar.gz
 8e4bbb22f374b6172e1a9b59b521ce6718287e05bef78e92e45e13010774cfc9 4132 
ipe-tools_7.2.7-1.debian.tar.xz
 1a15db72e11671347e7d069eaf65fe34779130bb2015ea833ac7cdfa133d04e8 13368 
ipe-tools_7.2.7-1_source.buildinfo
Files:
 63e8d6caf572d363225026836b6e0d61 2212 graphics optional ipe-tools_7.2.7-1.dsc
 cf578b9db429a2bf24be1f82a0d2c9b9 216376 graphics optional 
ipe-tools_7.2.7.orig.tar.gz
 22cfcfeca7ae39045a7232f95d4defec 4132 graphics optional 
ipe-tools_7.2.7-1.debian.tar.xz
 9eddc054ffdc5663986f6fc194b19d9e 13368 graphics optional 
ipe-tools_7.2.7-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJCBAEBCAAsFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAlpTrvIOHHRpbGxlYUBy
a2kuZGUACgkQV4oElNHGRtG6Hg//YjhrD8YceWC09sGQnvk1FrVzMnwVgtYtY+H1
hBbPO9rBprYLDgA9140PlZr6l4cQaeCvWpJENJrwoB00WdNh/GkoJw4THNk8dpO4
gHI+etK2CfTaEhXR4FnSWpMpIVppwfgJyh/zbHnao3cxqFEK01voj0efu2cdON27
vA3q4Jkb8iTaH/0cYEZmowTnoIP4n6uCyKKQuB6UTnafx8YbnFVg2pKMWf1EYAyI
vSb4IMcHhhzD7yWRYqFGOwMp8J4KDZZutp+D+H7l6vNGsWntR7KlQaIZyzb0iin4
EuTB8hqXEFEtzTZV4SACaIavZMoTT4tnN5WW0HSAbT9LytO0+bo1L+PMX+FcY5ya
ZLfJpARJZuStGEcTccqJSKaaBfSjcejIXe7Rg+eEFjUpciaCChP5vHIgVsmj/Qsa

Bug#886663: golang-go-patricia FTBFS: cannot find package "github.com/satori/go.uuid"

Source: golang-go-patricia
Version: 2.2.6-1
Severity: serious

https://buildd.debian.org/status/fetch.php?pkg=golang-go-patricia=all=2.2.6-1=1515263839=0

...
   dh_auto_build -i -O--buildsystem=golang
cd obj-x86_64-linux-gnu && go install 
-gcflags=\"-trimpath=/<>/obj-x86_64-linux-gnu/src\" 
-asmflags=\"-trimpath=/<>/obj-x86_64-linux-gnu/src\" -v -p 1 
github.com/tchap/go-patricia/patricia
github.com/tchap/go-patricia/patricia
   dh_auto_test -i -O--buildsystem=golang
cd obj-x86_64-linux-gnu && go test -v -p 1 
github.com/tchap/go-patricia/patricia
# github.com/tchap/go-patricia/patricia
src/github.com/tchap/go-patricia/patricia/patricia_dense_test.go:12:2: cannot 
find package "github.com/satori/go.uuid" in any of:
/usr/lib/go-1.9/src/github.com/satori/go.uuid (from $GOROOT)
/<>/obj-x86_64-linux-gnu/src/github.com/satori/go.uuid 
(from $GOPATH)
FAILgithub.com/tchap/go-patricia/patricia [setup failed]
dh_auto_test: cd obj-x86_64-linux-gnu && go test -v -p 1 
github.com/tchap/go-patricia/patricia returned exit code 1
debian/rules:4: recipe for target 'build-indep' failed
make: *** [build-indep] Error 1

Bug#886367: IMPORTANT: ARE they (Chip-Makers) creasy! -- Changing CPU/MMU-Microcodes MUST NOT BE POSSIBLE outside the secured HW-Factories!

On Sat, 6 Jan 2018 13:32:30 +0100 Patrik Lori  wrote:
>
> If Intel, AMD, ARM, .. now communicating, that they can change the 
CPU/MMU-Microcode outside there secured factories; they send (with this) 
very dangerous messages to all hackers.

>
> Hackers can use "the same procedure" to do the oposit of these patches!
>
> Changing CPU/MMU-Microcodes MUST NOT BE POSSIBLE outside the secured 
HW-Factories!

>
> Otherwize, we are all in great new SECURITY-DANGER!
>
> I hope the CPU/MMU-Microcode - Patch can NOT be manipulated or 
canceled afterwards !!!

>

This has always been possible. Microcode updates have one purpose only, 
to change the way the CPU handles instructions. And there has always 
been a way to apply these updates to running processors. Usually those 
updates will be delivered along with your BIOS/UEFI versions, however 
these packages provide a way to also load them via the kernel, providing 
added security at runtime.

What you are describing is not really a new security danger whatsoever. 
If you have kernel access you have compromised the system to such a 
fundamental level already that loading older microcode would be the 
least of your problems.

I'm not really sure what your message wants to convey either? Are you 
against the practice of providing microcode updates or in general 
appalled by the fact that microcode can be changed after a CPU has been 
released (which it can since many years, how else would you fix critical 
bugs that pop up later?)? Both make absolute sense from a security 
standpoint.

Bug#886662: wireguard-dkms should depend on libelf-dev

2018-01-08 Thread Daniel Kahn Gillmor

Control: tags 886662 + confirmed

On Mon 2018-01-08 17:50:55 +0100, C. Dominik Bodi wrote:
> Package: wireguard-dkms
> Version: 0.0.20171221-1
> Severity: grave
> Justification: renders package unusable
>
> Dear Maintainer,
>
> as of today, wireguard-dkms fails to build the module for
> linux-4.14.0-3 version 4.14.12-1 if libelf-dev is not installed.
> Installing libelf-dev manually fixes the problem. I suggest adding
> libelf-dev as a dependency to the package.

I can confirm this, thanks for the report.  Here's what i'm seeing:

0 root@sid:~# apt install wireguard-dkms 
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following NEW packages will be installed:
  wireguard-dkms
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 161 kB of archives.
After this operation, 1,079 kB of additional disk space will be used.
Get:1 https://ftp-nyc.osuosl.org/debian sid/main amd64 wireguard-dkms all 
0.0.20171221-1 [161 kB]
Fetched 161 kB in 0s (1,285 kB/s)  
Selecting previously unselected package wireguard-dkms.
(Reading database ... 82872 files and directories currently installed.)
Preparing to unpack .../wireguard-dkms_0.0.20171221-1_all.deb ...
Unpacking wireguard-dkms (0.0.20171221-1) ...
Setting up wireguard-dkms (0.0.20171221-1) ...
Loading new wireguard-0.0.20171221-1 DKMS files...
Building for 4.14.0-3-amd64
Building initial module for 4.14.0-3-amd64
Error! Bad return status for module build on kernel: 4.14.0-3-amd64 (x86_64)
Consult /var/lib/dkms/wireguard/0.0.20171221-1/build/make.log for more 
information.
Scanning processes...   

Scanning linux images...

Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
0 root@sid:~# cat /var/lib/dkms/wireguard/0.0.20171221-1/build/make.log
DKMS make.log for wireguard-0.0.20171221-1 for kernel 4.14.0-3-amd64 (x86_64)
Mon Jan  8 12:32:02 EST 2018
make: Entering directory '/usr/src/linux-headers-4.14.0-3-amd64'
/usr/src/linux-headers-4.14.0-3-common/Makefile:947: *** "Cannot generate ORC 
metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or 
elfutils-libelf-devel".  Stop.
Makefile:146: recipe for target 'sub-make' failed
make[1]: *** [sub-make] Error 2
Makefile:8: recipe for target 'all' failed
make: *** [all] Error 2
make: Leaving directory '/usr/src/linux-headers-4.14.0-3-amd64'
0 root@sid:~# 

I'll fix this shortly.

Regards,

--dkg

Processed: Re: Bug#886662: wireguard-dkms should depend on libelf-dev

Processing control commands:

> tags 886662 + confirmed
Bug #886662 [wireguard-dkms] wireguard-dkms should depend on libelf-dev
Added tag(s) confirmed.

-- 
886662: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886662
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#876147: camp frequently FTBFS on 64bit big endian: camptest-qt (Failed)

2018-01-08 Thread Flavien Bridault

How can I connect to the box ?

I read on https://db.debian.org/machines.cgi it is public, but the
connection fails if I naively try to login with:

~ % ssh sakharov.debian.net
Permission denied (publickey).

Thanks.

Flavien.


Le 08/12/2017 à 10:16, John Paul Adrian Glaubitz a écrit :
> We have a new sparc64 porterbox called sakharov.debian.net. Feel free to test 
> your code there.
>
> Adrian
>
>> On Dec 8, 2017, at 9:49 AM, Andreas Tille  wrote:
>>
>> Hi Flavien,
>>
>> I have put the porter lists of the affected architectures in CC whether
>> there is somebody who has a hint for a better solution than removing
>> these architectures from the supported architectures.  This kind of
>> "random failure"[1] is quite hard to debug for somebody who is not
>> familiar for the said architectures.
>>
>> Kind regards
>>
>>   Andreas.
>>
>> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876147#20
>>
>> -- 
>> http://fam-tille.de

-- 
*Flavien BRIDAULT*
Ingénieur de Recherche

fbrida...@ircad.fr

*IRCAD France*
1, place de l'Hôpital - 67091 Strasbourg Cedex - FRANCE

http://www.ircad.fr/ 




signature.asc
Description: OpenPGP digital signature

Bug#876147: camp frequently FTBFS on 64bit big endian: camptest-qt (Failed)

2018-01-08 Thread Flavien Bridault

Ah I see maybe I should email Ben Collins 
 as stated here
https://www.debian.org/ports/sparc/porting.en.html ?


Le 08/12/2017 à 10:16, John Paul Adrian Glaubitz a écrit :
> We have a new sparc64 porterbox called sakharov.debian.net. Feel free to test 
> your code there.
>
> Adrian
>
>> On Dec 8, 2017, at 9:49 AM, Andreas Tille  wrote:
>>
>> Hi Flavien,
>>
>> I have put the porter lists of the affected architectures in CC whether
>> there is somebody who has a hint for a better solution than removing
>> these architectures from the supported architectures.  This kind of
>> "random failure"[1] is quite hard to debug for somebody who is not
>> familiar for the said architectures.
>>
>> Kind regards
>>
>>   Andreas.
>>
>> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876147#20
>>
>> -- 
>> http://fam-tille.de

-- 
*Flavien BRIDAULT*
Ingénieur de Recherche

fbrida...@ircad.fr

*IRCAD France*
1, place de l'Hôpital - 67091 Strasbourg Cedex - FRANCE

http://www.ircad.fr/ 



signature.asc
Description: OpenPGP digital signature

Bug#876147: camp frequently FTBFS on 64bit big endian: camptest-qt (Failed)

2018-01-08 Thread John Paul Adrian Glaubitz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/08/2018 06:13 PM, Flavien Bridault wrote:
> Ah I see maybe I should email Ben Collins  
>  as stated here 
> https://www.debian.org/ports/sparc/porting.en.html ?

No, that information is unfortunately outdated. We need to ask the webteam
to update the website. Thanks for the heads-up.

Do you happen to have a GPG key which has been signed by any Debian Developer
or any developer from another large Linux distribution?

Adrian

- -- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEYv+KdYTgKVaVRgAGdCY7N/W1+RMFAlpTp3cACgkQdCY7N/W1
+ROXhg/+K0rcF8XWoDdb+0AF2vYT4VTEOKQdA15aLW4TSQ3XGfwdqXE6maNwAXM7
SuqB4NzJxxTHiTXJ8QXXQ1u29yKdCqb6g/vgEwduoLC3FAfupQ+A11WkMNidrqhu
MTME4+rq24yLaNdIiE2fS+C3goTaS7raIgFY68nnL5j2x2Ptjs0BNGnJ2QPEflK9
IDMDNPPG9L2OPwQB52XtyWJODZuFANg6kKRE4OwgPMTL8aYRpQEKnLLQ2pxt4sdb
IhWivHhDGBTlkwMWpVuTseyMSEyGLBRZrXaXi5Y/5wirg72N8CzzXU8hiwphf3cm
L1dUWx45XuK9ZfmLFJ/yUzg48XPheH4AgnLto0Rvq6mIPoKCmLcrZAMVhxIPWEHw
/US9H8nu4iipmJAGaPAcwqfPCYLNhngljlPmVPvHY4pgK3Z9XiGtCvwSg7/bBfTD
vs6Ok31/+7UlCWEuXVBhS7HV/+5abpDJeMXBFZ84PgzfxcQwayNvpCdTFgZmell0
/GQ8IMUnDFpANmjZ2qtDlUuchwRdTAIxqIkie6v7JmBk3tp3CQMC0AOU29u3Psrh
8ls+bevKJeOAtaJG2fJxWnVH+h9QbM8ug8lcb3+26U2v5QShK6Nyt2yozSzU6wlc
CBMnH+8NXtQ95zU2lCZ8Qm7lgG8prKztdyJKGdx9m26Kt5tbGg4=
=1hIL
-END PGP SIGNATURE-

Processed: [bts-link] source package src:qca2

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:qca2
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> #
> user bts-link-upstr...@lists.alioth.debian.org
Setting user to bts-link-upstr...@lists.alioth.debian.org (was 
bts-link-de...@lists.alioth.debian.org).
> # remote status report for #850897 (http://bugs.debian.org/850897)
> # Bug title: qca2: Please migrate to openssl1.1 in buster
> #  * http://bugs.kde.org/show_bug.cgi?id=379810
> #  * remote status changed: CONFIRMED -> RESOLVED
> #  * remote resolution changed: (?) -> FIXED
> #  * closed upstream
> tags 850897 + fixed-upstream
Bug #850897 [src:qca2] qca2: Please migrate to openssl1.1 in buster
Added tag(s) fixed-upstream.
> usertags 850897 - status-CONFIRMED
Usertags were: status-CONFIRMED.
Usertags are now: .
> usertags 850897 + status-RESOLVED resolution-FIXED
There were no usertags set.
Usertags are now: status-RESOLVED resolution-FIXED.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
850897: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850897
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: [bts-link] source package ohcount

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package ohcount
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> #
> user bts-link-upstr...@lists.alioth.debian.org
Setting user to bts-link-upstr...@lists.alioth.debian.org (was 
bts-link-de...@lists.alioth.debian.org).
> # remote status report for #882372 (http://bugs.debian.org/882372)
> # Bug title: ohcount: CVE-2017-16926: Command injection through file names
> #  * https://github.com/blackducksoftware/ohcount/issues/57
> #  * remote status changed: open -> closed
> #  * closed upstream
> tags 882372 + fixed-upstream
Bug #882372 [ohcount] ohcount: CVE-2017-16926: Command injection through file 
names
Added tag(s) fixed-upstream.
> usertags 882372 - status-open
Usertags were: status-open.
Usertags are now: .
> usertags 882372 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
882372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882372
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#886662: wireguard-dkms should depend on libelf-dev

2018-01-08 Thread C. Dominik Bodi

Package: wireguard-dkms
Version: 0.0.20171221-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

as of today, wireguard-dkms fails to build the module for
linux-4.14.0-3 version 4.14.12-1 if libelf-dev is not installed.
Installing libelf-dev manually fixes the problem. I suggest adding
libelf-dev as a dependency to the package.

Regards,
C. Dominik Bodi

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages wireguard-dkms depends on:
ii  dkms  2.3-3

Versions of packages wireguard-dkms recommends:
ii  wireguard-tools  0.0.20171221-1

wireguard-dkms suggests no packages.

-- no debconf information

Bug#886629: virtualbox-dkms: missing dependency libelf-dev

2018-01-08 Thread Daniel Baumann

severity 886629 serious
thanks

failed for me too, bumping severity accordingly.

Regards,
Daniel

Processed: Re: virtualbox-dkms: missing dependency libelf-dev

Processing commands for cont...@bugs.debian.org:

> severity 886629 serious
Bug #886629 [virtualbox-dkms] virtualbox-dkms: missing dependency libelf-dev
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886629: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886629
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#886367: intel-microcode: coming updates for meltdown/spectre

2018-01-08 Thread Christoph Anton Mitterer

Ah I see... thanks for the information :-)


Cheers,
Chris.

Processed: tagging 886382

Processing commands for cont...@bugs.debian.org:

> tags 886382 + pending
Bug #886382 [amd64-microcode] Coming updates for meltdown/spectre
Ignoring request to alter tags of bug #886382 to the same tags previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886382: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886382
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 886367

Processing commands for cont...@bugs.debian.org:

> tags 886367 + security
Bug #886367 {Done: Henrique de Moraes Holschuh } 
[intel-microcode] intel-microcode: coming updates for meltdown/spectre
Added tag(s) security.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886367: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886367
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 886382

Processing commands for cont...@bugs.debian.org:

> tags 886382 + security
Bug #886382 [amd64-microcode] Coming updates for meltdown/spectre
Added tag(s) security.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886382: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886382
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#886367: intel-microcode: coming updates for meltdown/spectre

2018-01-08 Thread Henrique de Moraes Holschuh

On Mon, 08 Jan 2018, Christoph Anton Mitterer wrote:
> Shouldn't that go to stable security updates as well?

The current plans are for stable to wait for Intel's official microcode
update pack.

It is not like this set of microcode updates will get you anything
without the kernel IBRS and IPBP support, which is still being
stabilized.

These updates are currently necessary for people doing the kernel work
and for testing and stabilization.  Ditto for AMD microcode updates,
which I will upload soon now that the kernel support for loading them
has made it to Linux mainline.

-- 
  Henrique Holschuh

Processed: severity of 886630 is important

Processing commands for cont...@bugs.debian.org:

> severity 886630 important
Bug #886630 [src:linux] linux-image-3.2.0-5-amd64 Kernel panic after upgrading 
when use hidepid Debian wheezy
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886630
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 886382

Processing commands for cont...@bugs.debian.org:

> tags 886382 + pending
Bug #886382 [amd64-microcode] Coming updates for meltdown/spectre
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886382: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886382
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885965: FTBFS: Test: Run pylint on Python source code ... FAIL

2018-01-08 Thread Sandro Tosi

control: severity -1 normal

>> (unused-variable)" is not false : pylint3 found errors:
>> * Module distro_info_test.test_help
>> W: 30, 0: Unused variable '__class__' (unused-variable)
>> W: 30, 0: Unused variable '__class__' (unused-variable)
>> * Module distro_info_test.test_pylint
>> W: 26, 0: Unused variable '__class__' (unused-variable)
>> * Module distro_info_test.test_flake8
>> W: 23, 0: Unused variable '__class__' (unused-variable)
>> * Module distro_info_test.test_distro_info
>> W: 25, 0: Unused variable '__class__' (unused-variable)
>> W: 25, 0: Unused variable '__class__' (unused-variable)
>> W: 25, 0: Unused variable '__class__' (unused-variable)
>>
>> Tested on armhf amd64.  Log attached.
>
> Thanks for reporting it. This is a bug in pylint which reports this
> false-positive: Unused variable '__class__'

can you provide a small code snippet to replicate this problem?

-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
G+: https://plus.google.com/u/0/+SandroTosi

Processed: Re: Bug#885965: FTBFS: Test: Run pylint on Python source code ... FAIL

Processing control commands:

> severity -1 normal
Bug #885965 [pylint3] FTBFS: Test: Run pylint on Python source code ... FAIL
Severity set to 'normal' from 'serious'

-- 
885965: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885965
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885295: gpodder: Depends on unmaintained pygtk

2018-01-08 Thread Jeremy Bicha

Control: severity -1 important

On Mon, Jan 8, 2018 at 9:55 AM, tony mancill  wrote:
> Status update...  The gPodder 3.10.0 packaging is ready, but as the
> package is now built only for python3, it requires an new binary package
> python3-mygpoclient (from the existing src:mygpoclient) which is
> currently waiting in NEW [1].
>
> Does it make sense to create a bug for the new binary package and then
> block this bug on that bug?  (My hope is that adding a python3- variant to
> an existing python package won't have to spend too long in NEW.)

I don't think we need an extra bug here. I'll lower the severity of
this bug in case the NEW processing takes longer than expected.

Thanks,
Jeremy Bicha

Processed: Re: Bug#885295: gpodder: Depends on unmaintained pygtk

Processing control commands:

> severity -1 important
Bug #885295 [src:gpodder] gpodder: Depends on unmaintained pygtk
Severity set to 'important' from 'serious'

-- 
885295: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885295
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885295: gpodder: Depends on unmaintained pygtk

2018-01-08 Thread tony mancill

On Fri, Dec 29, 2017 at 10:50:17AM -0500, Jeremy Bicha wrote:
> On Fri, Dec 29, 2017 at 10:46 AM, Thomas Perl  wrote:
> > Upstream here.
> >
> > gPodder 3.10.0 (just released today) should fix that.
> 
> Thank you!

Status update...  The gPodder 3.10.0 packaging is ready, but as the
package is now built only for python3, it requires an new binary package
python3-mygpoclient (from the existing src:mygpoclient) which is
currently waiting in NEW [1].

Does it make sense to create a bug for the new binary package and then
block this bug on that bug?  (My hope is that adding a python3- variant to
an existing python package won't have to spend too long in NEW.)

Cheers,
tony

[1] https://ftp-master.debian.org/new/mygpoclient_1.8-1.html 

signature.asc
Description: PGP signature

Bug#886367: intel-microcode: coming updates for meltdown/spectre

2018-01-08 Thread Christoph Anton Mitterer

Hey.

Shouldn't that go to stable security updates as well?

Cheers,
Chris.

Bug#885633: [Debichem-devel] gnome-chemistry-utils: Please drop Build-Depends on rarian-compat

2018-01-08 Thread Daniel Leidert

Hello Andreas,

> I'd volunteer to fix this if you give me permission to move the package
> from
> SVN to Git.

Sorry, but no. If you wanna go and fix this, you can easily do this by an
NMU without touching the VCS. If that is not acceptable to you, I'll take
care of this issue myself asap.

Regards, Daniel

Bug#866454: plastex: depends on obsolete python-imaging (replace with python3-pil or python-pil)

2018-01-08 Thread Stuart Prescott

Control: tags -1 patch

The attached patch does the minimum that is required to update the package.

There's a lot more that could be done with this package (including a new 
upstream release from a few years ago) but this is a start...

-- 
Stuart Prescotthttp://www.nanonanonano.net/   stu...@nanonanonano.net
Debian Developer   http://www.debian.org/ stu...@debian.org
GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7diff -u plastex-0.9.2/debian/changelog plastex-0.9.2/debian/changelog
--- plastex-0.9.2/debian/changelog
+++ plastex-0.9.2/debian/changelog
@@ -1,3 +1,10 @@
+plastex (0.9.2-1.2) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Change dependencies from python-imaging to python-pil (Closes: #866454).
+
+ -- Stuart Prescott   Mon, 08 Jan 2018 21:40:22 +1100
+
 plastex (0.9.2-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u plastex-0.9.2/debian/control plastex-0.9.2/debian/control
--- plastex-0.9.2/debian/control
+++ plastex-0.9.2/debian/control
@@ -16,13 +16,13 @@
  libxml-libxml-perl, 
  texlive-base-bin, 
  dvipng, 
- python-imaging
+ python-pil
 Standards-Version: 3.8.3
 Homepage: http://plastex.sourceforge.net/
 
 Package: python-plastex
 Architecture: all
-Depends: ${python:Depends}, ${misc:Depends}, texlive-latex-base, dvipng, python-imaging
+Depends: ${python:Depends}, ${misc:Depends}, texlive-latex-base, dvipng, python-pil
 Recommends: python-kid, python-genshi, python-cheetah
 Description: LaTeX document processing framework in Python
  plasTeX is a collection of Python frameworks that allow you to process LaTeX

Bug#880554: xen domu freezes with kernel linux-image-4.9.0-4-amd64

2018-01-08 Thread Valentin Vidic

On Sun, Jan 07, 2018 at 07:36:40PM +0100, Hans van Kranenburg wrote:
> Recently a tool was added to "dump guest grant table info". You could
> see if it compiles on the 4.8 source and see if it works? Would be
> interesting to get some idea about how high or low these numbers are in
> different scenarios. I mean, I'm using 128, you 256, and we even don't
> know if the actual value is maybe just above 32? :]
> 
> https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=df36d82e3fc91bee2ff1681fd438c815fa324b6a

The diag tool does not build inside xen-4.8:

xen-diag.c: In function ‘gnttab_query_size_func’:
xen-diag.c:50:10: error: implicit declaration of function 
‘xc_gnttab_query_size’ [-Werror=implicit-function-declaration]
 rc = xc_gnttab_query_size(xch, );
  ^~~~

but I think the same info is available in the thread on xen-devel:

  https://www.mail-archive.com/xen-devel@lists.xen.org/msg116910.html

When the domU hangs crash reports nr_grant_frames=32. After increasing
the gnttab_max_frames=256 the domU reports using nr_grant_frames=59.

So the new default of gnttab_max_frames=64 might be a bit close to 59,
but I suppose 128 would be just as safe as 256 I currently use (if
you prefer 128).

> If this is something users are going to run into while not doing more
> unusual things like having dozens of vcpus or network interfaces, then
> changing the default could prevent hours of frustration and debugging
> for them.

Yes, the failure case is quite nasty, as the domU just hangs without
even suggesting grant frames might be the problem. Not sure if domU
can detect this situation at all?

Anyway, if the value cannot be increased, the situation should at least
be mentioned in the NEWS.Debian of the xen package.

-- 
Valentin

Processed: Re: Bug#866454: plastex: depends on obsolete python-imaging (replace with python3-pil or python-pil)

Processing control commands:

> tags -1 patch
Bug #866454 [src:plastex] plastex: depends on obsolete python-imaging (replace 
with python3-pil or python-pil)
Added tag(s) patch.

-- 
866454: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866454
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#884993: marked as done (sucrose: Please don't recommend python-sugar-toolkit)

Your message dated Mon, 08 Jan 2018 12:04:32 +
with message-id 
and subject line Bug#884993: fixed in sugar 0.112-2
has caused the Debian Bug report #884993,
regarding sucrose: Please don't recommend python-sugar-toolkit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
884993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884993
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sucrose
Version: 0.112-1
Severity: serious
Tags: buster sid

sucrose recommends python-sugar-toolkit but python-sugar-toolkit has
been removed from Debian Testing because it depends on python-rsvg
which has been removed from Debian Testing. See
https://bugs.debian.org/790158

My understanding is that it  is a RC bug for a package to recommend a
removed package because it will keep the removed package installed
after upgrade.

Thanks,
Jeremy Bicha
--- End Message ---
--- Begin Message ---
Source: sugar
Source-Version: 0.112-2

We believe that the bug you reported is fixed in the latest version of
sugar, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 884...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard  (supplier of updated sugar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 08 Jan 2018 12:54:59 +0100
Source: sugar
Binary: sucrose sugar-session python-jarabe
Architecture: source all
Version: 0.112-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Sugar Team 
Changed-By: Jonas Smedegaard 
Description:
 python-jarabe - Sugar Learning Platform - graphical shell
 sucrose- Sugar Learning Platform - Sucrose
 sugar-session - Sugar Learning Platform - window manager
Closes: 884993
Changes:
 sugar (0.112-2) unstable; urgency=medium
 .
   * Update package relations:
 + Have sugar-session recommend (not suggest) and sucrose depend on
   (not recommend) sugar-calculate-activity: No longer uses
   deprecated Glucose parts.
 + Have sucrose suggest (not recommend) deprecated Glucose parts
   python-sugar-toolkit python-sugar gtk2-engines-sugar.
   Closes: Bug#884993. Thanks to Jeremy Bicha.
   * Declare compliance with Debian Policy 4.1.3.
   * Update copyright info: Extend coverage for myself.
Checksums-Sha1:
 4d5208da06ed7b1075a2fd6e733fbd6639ae2961 2205 sugar_0.112-2.dsc
 1a894fefcabdf6c57c7928f3e4954776faef9bf9 32696 sugar_0.112-2.debian.tar.xz
 b579432a87cda99151dfa59146b9c7fd391723c0 186292 python-jarabe_0.112-2_all.deb
 136f1f78bc4c871e93c08fd325591fdf37b414df 25228 sucrose_0.112-2_all.deb
 3d5f731ae2a1dbd491a7f7962f490fd3fc42f368 548232 sugar-session_0.112-2_all.deb
 d0d24a3f4564000f492d2d3fdfc88f2f4e68e6a1 15705 sugar_0.112-2_amd64.buildinfo
Checksums-Sha256:
 2f3e799037aa1194a4e9a32c09ae61b4b0b2977a89d554a8a84cdac3a7dfb66d 2205 
sugar_0.112-2.dsc
 7a61b67724a3f1e1fe1441697e62b4672cbd570dabe964e1f837a98a348004a6 32696 
sugar_0.112-2.debian.tar.xz
 ffb855111d939c8850675891d8c7a5f022723f0b851eb95029966c658fab6639 186292 
python-jarabe_0.112-2_all.deb
 49dd68128587d93e3a455c52c403651a608c48e7471808675abcdff3969ae821 25228 
sucrose_0.112-2_all.deb
 f08536a497f5a1d0b2355d44b025d2692a360acc1f49bdee17c094764db23e62 548232 
sugar-session_0.112-2_all.deb
 2105b18a353d3b8addec78d6859fa01763fddf5976a7f576975fddeb589a78ad 15705 
sugar_0.112-2_amd64.buildinfo
Files:
 780036514a718c82298b1988507966b0 2205 x11 optional sugar_0.112-2.dsc
 67b2bfb9b34002514c973cbbe4b9e26c 32696 x11 optional sugar_0.112-2.debian.tar.xz
 6bba93be821acdd1364c06e9e8fd0875 186292 python optional 
python-jarabe_0.112-2_all.deb
 43a71f950fd46924e4a9668b5d933898 25228 metapackages optional 
sucrose_0.112-2_all.deb
 e5ff134c17a83a17651a8dfd9ca79526 548232 x11 optional 
sugar-session_0.112-2_all.deb
 8915530fc2be72dd922a1bb73b7fc4c2 15705 x11 optional 
sugar_0.112-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlpTXVAACgkQLHwxRsGg
ASHP5w//Y/ePrjsW9M0Tu8P0/mQGS5tmcdeCPJR69N3J0Qe2W4RqeMUxmPGrXZci

Bug#867185: BTS is wrong about version graph

2018-01-08 Thread Ian Jackson

Control: fixed -1 3.13
Control: fixed -1 4.1

(Let's try the BTS syntax again.0

None of the 3.x series contain the changes from 4.0.

This bug was fixed in the 3.x branch in 3.11.  That was merged into
the 4.x series in 4.1.

-- 
Ian Jackson    These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Processed: BTS is wrong about version graph

Processing control commands:

> fixed -1 3.13
Bug #867185 {Done: Ian Jackson } [dgit] dgit: 
Perl error trying to clone Gtk+
Bug #867309 {Done: Ian Jackson } [dgit] dgit: 
Use of uninitialized value $got in concatenation
Marked as fixed in versions dgit/3.13.
Marked as fixed in versions dgit/3.13.
> fixed -1 4.1
Bug #867185 {Done: Ian Jackson } [dgit] dgit: 
Perl error trying to clone Gtk+
Bug #867309 {Done: Ian Jackson } [dgit] dgit: 
Use of uninitialized value $got in concatenation
Marked as fixed in versions dgit/4.1.
Marked as fixed in versions dgit/4.1.

-- 
867185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867185
867309: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867309
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#867185: BTS is wrong about version graph

2018-01-08 Thread Ian Jackson

Control: tags -1 notfound 3.13
Control: tags -1 notfound 4.1

None of the 3.x series contain the changes from 4.0.

This bug was fixed in the 3.x branch in 3.11.  That was merged into
the 4.x series in 4.1.

-- 
Ian Jackson    These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Bug#866414: marked as done (apitrace: depends on obsolete python-imaging (replace with python3-pil or python-pil))

Your message dated Mon, 08 Jan 2018 10:24:32 +
with message-id 
and subject line Bug#866414: fixed in apitrace 7.1+git20170623.d38a69d6+repack-3
has caused the Debian Bug report #866414,
regarding apitrace: depends on obsolete python-imaging (replace with 
python3-pil or python-pil)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
866414: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866414
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:apitrace
Version: 7.1+git20170623.d38a69d6+repack-1
Severity: important
Tags: sid buster
User: d...@debian.org
Usertags: imaging-pillow

One or more binary packages built from this source depends on or
recommends python-imaging, which is obsolete for some years now.
Please build the source using the python-pil package. If your
package doesn't need to be built with Python2, please consider using
Python3 and depend on python3-pil.

Planning to remove python-imaging for the buster release, so the
severity of this issues might be raised.
--- End Message ---
--- Begin Message ---
Source: apitrace
Source-Version: 7.1+git20170623.d38a69d6+repack-3

We believe that the bug you reported is fixed in the latest version of
apitrace, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen  (supplier of updated apitrace package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 08 Jan 2018 10:00:54 +0200
Source: apitrace
Binary: apitrace apitrace-gui apitrace-tracers
Architecture: source
Version: 7.1+git20170623.d38a69d6+repack-3
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force 
Changed-By: Timo Aaltonen 
Description:
 apitrace   - tools for debugging OpenGL applications and drivers - cli fronten
 apitrace-gui - tools for debugging OpenGL applications and drivers - graphical 
f
 apitrace-tracers - tools for debugging OpenGL applications and drivers - 
application
Closes: 866414
Changes:
 apitrace (7.1+git20170623.d38a69d6+repack-3) unstable; urgency=medium
 .
   * control: Migrate to python-pil. (Closes: #866414)
Checksums-Sha1:
 956907dd563fae7bedeaf8276e679b41bb5fcd67 2413 
apitrace_7.1+git20170623.d38a69d6+repack-3.dsc
 d03a15557bf1d3b31dba457565abd4cc3de4ebe9 6648 
apitrace_7.1+git20170623.d38a69d6+repack-3.debian.tar.xz
Checksums-Sha256:
 2872faaf4dbdd0b7a5529577df35d7b5be72e9e5f1e33d0dc0aa8775605d85d4 2413 
apitrace_7.1+git20170623.d38a69d6+repack-3.dsc
 6368ff84f39812bdf0740046687e215c09410fdc3283504f2888797a7f472483 6648 
apitrace_7.1+git20170623.d38a69d6+repack-3.debian.tar.xz
Files:
 9565b9ee9fb1be56bd7c781b985de9ab 2413 graphics optional 
apitrace_7.1+git20170623.d38a69d6+repack-3.dsc
 1b1049fbb69dd8195c33fedea0b3c584 6648 graphics optional 
apitrace_7.1+git20170623.d38a69d6+repack-3.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJaUz8kAAoJEMtwMWWoiYTcirYP/j99EKIgz2BwMT9u2f7T04XL
xvo4a1HQ1kSFUisrw8zEBU5veIvCffTAVyKuLZNatCmLr06rwa3Pv79xZ/UXXQ3w
zad553KVgtk3zB/oFomA8BYWjSiNtLxWNWBGSmRpKweviDDnG362w6sEzYZ559fF
2tKYea/Fh1Tjcjdw1HTShKPpppLcOBOH0cW1CDWRnY0PE7vnwe7RVGoj7mrUH5Nn
t+HlDbSMnqC13nRwk+cddFcWGayrqzltG2bAN0NX3OS6G6WLrjhZw4zBchWJkavV
A8ycKdgRzup1F0dKCPk81Chv8+2cs+X+AOMfdu3j95PGvWYQrmyo4h3+rlS7bXXH
mtJp3/66vIfkYxVOAGYIsOLSKL15G7T7m5d6ptkcQGN5qzIbbhYWP2Bb+BNRdr/s
D6vt33zsbS/eTamgT7ULy7WCYKeUPeRYgOaK7HGqCH47et6WFaIKAD4nswfTVap2
Mf2r5uBgVsFWgQffAn1o0nGwZ2q95iRBA2EB/R/SPH/Ci+RVxkB7To08Nsobwicw
mH6VmXqUyYrs50oPxDEZzEuLMGLLFYk9ca2RF2gUQ/VIJ+KPl1xFL/njjH4+PkPT
kMzlEs09CN+tGjkoaOglcavGhma2f/lsInyVzHxCxhTgvpuxmKDRgi9nCArnfbIO
CIWLSxzg3VMYKxmTrR35
=ptEk
-END PGP SIGNATURE End Message ---

Bug#886630: linux-image-3.2.0-5-amd64 Kernel panic after upgrading when use hidepid Debian wheezy

2018-01-08 Thread Camilo Echevarne


Package: src:linux
Version: 3.2.96-3
Severity: grave
Justification: renders package unusable with hidepid proc mount option


After updating the linux-image-amd64 system package, when we try to 
mount proc with the hidepid option the server  throws a kernel panic.


mount -o remount,hidepid=2,gid=1001 /proc


** Version:

Linux hostname 3.2.0-5-amd64 #1 SMP Debian 3.2.96-3 x86_64 GNU/Linux


** Kernel log:

[  110.335792] [ cut here ]
[  110.335813] WARNING: at /build/linux-HPGG73/linux-3.2.96/kernel/ptrace.c:228 
__ptrace_may_access+0x47/0xf9()
[  110.335823] denying ptrace access check without PTRACE_MODE_*CREDS
[  110.335829] Modules linked in: xt_multiport xt_owner ipt_REJECT xt_connlimit 
xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack 
iptable_filter ip_tables x_tables lockd sunrpc lp parport loop evdev coretemp 
snd_pcm snd_page_alloc crc32c_intel snd_timer snd soundcore aesni_intel 
aes_x86_64 aes_generic pcspkr cryptd ext3 mbcache jbd xen_netfront xen_blkfront
[  110.335892] Pid: 4204, comm: bash Not tainted 3.2.0-5-amd64 #1 Debian 
3.2.96-3
[  110.335900] Call Trace:
[  110.335910]  [] ? warn_slowpath_common+0x78/0x8c
[  110.335918]  [] ? warn_slowpath_fmt+0x45/0x4a
[  110.335927]  [] ? __ptrace_may_access+0x47/0xf9
[  110.335935]  [] ? ptrace_may_access+0x24/0x36
[  110.335945]  [] ? proc_pid_permission+0x4e/0x90
[  110.335955]  [] ? inode_permission+0x65/0xd6
[  110.335963]  [] ? link_path_walk+0x7d/0x421
[  110.335971]  [] ? link_path_walk+0x2fd/0x421
[  110.335979]  [] ? path_lookupat+0x53/0x2bd
[  110.335988]  [] ? should_resched+0x5/0x23
[  110.335999]  [] ? _cond_resched+0x7/0x1c
[  110.336035]  [] ? do_path_lookup+0x1c/0x87
[  110.336049]  [] ? user_path_at_empty+0x47/0x7b
[  110.336066]  [] ? do_page_fault+0x30a/0x345
[  110.336088]  [] ? notify_remote_via_irq+0x20/0x25
[  110.336106]  [] ? test_tsk_need_resched+0xa/0x13
[  110.336127]  [] ? arch_local_irq_restore+0x7/0x8
[  110.336144]  [] ? _raw_spin_unlock_irqrestore+0xe/0xf
[  110.336161]  [] ? arch_local_irq_disable+0x7/0x8
[  110.336179]  [] ? _raw_spin_lock_irq+0xa/0x14
[  110.336197]  [] ? spin_unlock_irq+0xa/0xb
[  110.336214]  [] ? vfs_fstatat+0x32/0x60
[  110.336232]  [] ? arch_local_irq_restore+0x7/0x8
[  110.336248]  [] ? xen_mc_flush+0x13c/0x16b
[  110.336266]  [] ? sys_newstat+0x12/0x2b
[  110.336282]  [] ? page_fault+0x25/0x30
[  110.336302]  [] ? system_call_fastpath+0x16/0x1b
[  110.336317] ---[ end trace 89494c70e5dcd0b8 ]---
[  110.336342] [ cut here ]
[  110.336357] WARNING: at /build/linux-HPGG73/linux-3.2.96/kernel/ptrace.c:228 
__ptrace_may_access+0x47/0xf9()
[  110.336375] denying ptrace access check without PTRACE_MODE_*CREDS
[  110.336408] Modules linked in: xt_multiport xt_owner ipt_REJECT xt_connlimit 
xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack 
iptable_filter ip_tables x_tables lockd sunrpc lp parport loop evdev coretemp 
snd_pcm snd_page_alloc crc32c_intel snd_timer snd soundcore aesni_intel 
aes_x86_64 aes_generic pcspkr cryptd ext3 mbcache jbd xen_netfront xen_blkfront
[  110.336565] Pid: 4204, comm: bash Tainted: GW3.2.0-5-amd64 #1 
Debian 3.2.96-3
[  110.336575] Call Trace:
[  110.336583]  [] ? warn_slowpath_common+0x78/0x8c
[  110.336592]  [] ? warn_slowpath_fmt+0x45/0x4a
[  110.336601]  [] ? __ptrace_may_access+0x47/0xf9
[  110.336609]  [] ? ptrace_may_access+0x24/0x36
[  110.336618]  [] ? proc_pid_permission+0x4e/0x90
[  110.336627]  [] ? inode_permission+0x65/0xd6
[  110.336635]  [] ? link_path_walk+0x7d/0x421
[  110.336644]  [] ? link_path_walk+0x2fd/0x421
[  110.336652]  [] ? path_openat+0xac/0x33a
[  110.336660]  [] ? user_path_at_empty+0x53/0x7b
[  110.336669]  [] ? do_filp_open+0x2a/0x6e
[  110.336677]  [] ? _cond_resched+0x7/0x1c
[  110.336686]  [] ? alloc_fd+0x64/0x109
[  110.336695]  [] ? do_sys_open+0x5e/0xe5
[  110.336703]  [] ? system_call_fastpath+0x16/0x1b
[  110.336710] ---[ end trace 89494c70e5dcd0b9 ]---
[  111.176925] [ cut here ]
[  111.176949] WARNING: at /build/linux-HPGG73/linux-3.2.96/kernel/ptrace.c:228 
__ptrace_may_access+0x47/0xf9()
[  111.176959] denying ptrace access check without PTRACE_MODE_*CREDS
[  111.176966] Modules linked in: xt_multiport xt_owner ipt_REJECT xt_connlimit 
xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack 
iptable_filter ip_tables x_tables lockd sunrpc lp parport loop evdev coretemp 
snd_pcm snd_page_alloc crc32c_intel snd_timer snd soundcore aesni_intel 
aes_x86_64 aes_generic pcspkr cryptd ext3 mbcache jbd xen_netfront xen_blkfront
[  111.177033] Pid: 4283, comm: cron Tainted: GW3.2.0-5-amd64 #1 
Debian 3.2.96-3
[  111.177041] Call Trace:
[  111.177051]  [] ? warn_slowpath_common+0x78/0x8c
[  111.177060]  [] ? warn_slowpath_fmt+0x45/0x4a
[  111.177068]  [] ? __ptrace_may_access+0x47/0xf9
[  111.177077]  [] ? ptrace_may_access+0x24/0x36
[  111.177088]  [] ?

Processed: severity

Processing commands for cont...@bugs.debian.org:

> severity 886483 grave
Bug #886483 [sssd] sssd gets confused by existing config file
Severity set to 'grave' from 'minor'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
886483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: severity of 866477 is normal