Bug#913090: marked as done (nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845)

[Debian Bug Tracking System]

Your message dated Wed, 07 Nov 2018 07:04:04 +
with message-id 
and subject line Bug#913090: fixed in nginx 1.14.1-1
has caused the Debian Bug report #913090,
regarding nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
913090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nginx
Version: 1.10.3-1
Severity: important
Tags: security upstream
Control: found -1 1.10.3-1+deb9u1
Control: found -1 1.14.0-1

Hi,

The following vulnerabilities were published for nginx.

CVE-2018-16843[0]:
Excessive memory usage in HTTP/2

CVE-2018-16844[1]:
Excessive CPU usage in HTTP/2

CVE-2018-16845[2]:
Memory disclosure in the ngx_http_mp4_module

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-16843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843
[1] https://security-tracker.debian.org/tracker/CVE-2018-16844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844
[2] https://security-tracker.debian.org/tracker/CVE-2018-16845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nginx
Source-Version: 1.14.1-1

We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 913...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christos Trochalakis  (supplier of updated nginx 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 07 Nov 2018 07:16:00 +0200
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-full nginx-light nginx-extras 
libnginx-mod-http-geoip libnginx-mod-http-image-filter 
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream 
libnginx-mod-http-perl libnginx-mod-http-auth-pam libnginx-mod-http-lua 
libnginx-mod-http-ndk libnginx-mod-nchan libnginx-mod-http-echo 
libnginx-mod-http-upstream-fair libnginx-mod-http-headers-more-filter 
libnginx-mod-http-cache-purge libnginx-mod-http-fancyindex 
libnginx-mod-http-uploadprogress libnginx-mod-http-subs-filter 
libnginx-mod-http-dav-ext libnginx-mod-rtmp
Architecture: source
Version: 1.14.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers 

Changed-By: Christos Trochalakis 
Description:
 libnginx-mod-http-auth-pam - PAM authentication module for Nginx
 libnginx-mod-http-cache-purge - Purge content from Nginx caches
 libnginx-mod-http-dav-ext - WebDAV missing commands support for Nginx
 libnginx-mod-http-echo - Bring echo and more shell style goodies to Nginx
 libnginx-mod-http-fancyindex - Fancy indexes module for the Nginx
 libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
 libnginx-mod-http-headers-more-filter - Set and clear input and output headers 
for Nginx
 libnginx-mod-http-image-filter - HTTP image filter module for Nginx
 libnginx-mod-http-lua - Lua module for Nginx
 libnginx-mod-http-ndk - Nginx Development Kit module
 libnginx-mod-http-perl - Perl module for Nginx
 libnginx-mod-http-subs-filter - Substitution filter module for Nginx
 libnginx-mod-http-uploadprogress - Upload progress system for Nginx
 libnginx-mod-http-upstream-fair - Nginx Upstream Fair Proxy Load Balancer
 libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
 libnginx-mod-mail - Mail module for Nginx
 libnginx-mod-nchan - Fast, flexible pub/sub server for Nginx
 libnginx-mod-rtmp - RTMP support for Nginx
 libnginx-mod-stream - Stream module for Nginx
 nginx  - small, powerful, scalable web/proxy server
 nginx-common - small, powerful, scalable web/proxy server - common files
 nginx-doc  - small, powerful, scalable web/proxy server - documentation
 nginx-extras - nginx web/proxy server (extended version)
 nginx-full - nginx web/proxy server (standard version)
 nginx-light - nginx web/proxy server (basic version)
Closes: 913090
Changes:
 nginx 

Bug#913116: Fails to start without chromium-sandbox installed

[Josh Triplett]

Package: chromium
Version: 70.0.3538.67-3
Severity: grave

Without chromium-sandbox installed:

~$ chromium
[10607:10607:1106/214902.149402:FATAL:zygote_host_impl_linux.cc(116)] No usable 
sandbox! Update your kernel or see 
https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md
 for more information on developing with the SUID sandbox. If you want to live 
dangerously and need an immediate workaround, you can try using --no-sandbox.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages chromium depends on:
ii  chromium-common  70.0.3538.67-3
ii  libasound2   1.1.7-1
ii  libatk-bridge2.0-0   2.30.0-2
ii  libatk1.0-0  2.30.0-1
ii  libatomic1   8.2.0-9
ii  libavcodec58 7:4.0.3-1
ii  libavformat587:4.0.3-1
ii  libavutil56  7:4.0.3-1
ii  libc62.27-8
ii  libcairo-gobject21.16.0-1
ii  libcairo21.16.0-1
ii  libcups2 2.2.8-5
ii  libdbus-1-3  1.12.10-1
ii  libdrm2  2.4.95-1
ii  libevent-2.1-6   2.1.8-stable-4
ii  libexpat12.2.6-1
ii  libflac8 1.3.2-3
ii  libfontconfig1   2.13.1-2
ii  libfreetype6 2.8.1-2
ii  libgcc1  1:8.2.0-9
ii  libgdk-pixbuf2.0-0   2.38.0+dfsg-6
ii  libglib2.0-0 2.58.1-2
ii  libgtk-3-0   3.24.1-2
ii  libharfbuzz0b1.9.0-1
ii  libicu60 60.2-6
ii  libjpeg62-turbo  1:1.5.2-2+b1
ii  liblcms2-2   2.9-3
ii  libminizip1  1.1-8+b1
ii  libnspr4 2:4.20-1
ii  libnss3  2:3.39-1
ii  libopenjp2-7 2.3.0-1
ii  libopus0 1.3~beta+20180518-1
ii  libpango-1.0-0   1.42.4-3
ii  libpangocairo-1.0-0  1.42.4-3
ii  libpci3  1:3.5.2-1
ii  libpng16-16  1.6.34-2
ii  libpulse012.2-2
ii  libre2-4 20180901+dfsg-1
ii  libsnappy1v5 1.1.7-1
ii  libstdc++6   8.2.0-9
ii  libvpx5  1.7.0-3
ii  libwebp6 0.6.1-2
ii  libwebpdemux20.6.1-2
ii  libwebpmux3  0.6.1-2
ii  libx11-6 2:1.6.7-1
ii  libx11-xcb1  2:1.6.7-1
ii  libxcb1  1.13.1-1
ii  libxcomposite1   1:0.4.4-2
ii  libxcursor1  1:1.1.15-1
ii  libxdamage1  1:1.1.4-3
ii  libxext6 2:1.3.3-1+b2
ii  libxfixes3   1:5.0.3-1
ii  libxi6   2:1.7.9-1
ii  libxml2  2.9.4+dfsg1-7+b1
ii  libxrandr2   2:1.5.1-1
ii  libxrender1  1:0.9.10-1
ii  libxslt1.1   1.1.32-2
ii  libxss1  1:1.2.3-1
ii  libxtst6 2:1.2.3-1
ii  zlib1g   1:1.2.11.dfsg-1

chromium recommends no packages.

Versions of packages chromium suggests:
pn  chromium-driver  
pn  chromium-l10n
pn  chromium-shell   

-- no debconf information

Bug#911194: marked as done (libbtm-java: FTBFS with Java 11 due to javax.rmi removal)

[Debian Bug Tracking System]

Your message dated Wed, 07 Nov 2018 01:03:55 +
with message-id 
and subject line Bug#911194: fixed in libbtm-java 2.1.4-4
has caused the Debian Bug report #911194,
regarding libbtm-java: FTBFS with Java 11 due to javax.rmi removal
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
911194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911194
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:libbtm-java
Severity: important
Tags: sid buster
User: debian-j...@lists.debian.org
Usertags: default-java11

libbtm-java fails to build with Java 11, it's affected by the removal
of the CORBA related classes which include the javax.rmi package:


[javac] /build/libbtm-java-2.1.4/build.xml:45: warning: 'includeantruntime' 
was not set, defaulting to build.sysclasspath=last; set to false for repeatable 
builds
[javac] Using javac -source 1.5 is no longer supported, switching to 6
[javac] Using javac -target 1.5 is no longer supported, switching to 6
[javac] Compiling 136 source files to /build/libbtm-java-2.1.4/dist/classes
[javac] warning: [options] bootstrap class path not set in conjunction with 
-source 6
[javac] warning: [options] source value 6 is obsolete and will be removed 
in a future release
[javac] warning: [options] target value 1.6 is obsolete and will be removed 
in a future release
[javac] warning: [options] To suppress warnings about obsolete options, use 
-Xlint:-options.
[javac] 
/build/libbtm-java-2.1.4/src/bitronix/tm/resource/jms/JndiXAConnectionFactory.java:29:
 error: package javax.rmi does not exist
[javac] import javax.rmi.PortableRemoteObject;
[javac] ^
[javac] 
/build/libbtm-java-2.1.4/src/bitronix/tm/resource/jms/JndiXAConnectionFactory.java:216:
 error: cannot find symbol
[javac] wrappedFactory = (XAConnectionFactory) 
PortableRemoteObject.narrow(lookedUpObject, XAConnectionFactory.class);
[javac]^
[javac]   symbol:   variable PortableRemoteObject
[javac]   location: class JndiXAConnectionFactory
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] 2 errors
[javac] 4 warnings
--- End Message ---
--- Begin Message ---
Source: libbtm-java
Source-Version: 2.1.4-4

We believe that the bug you reported is fixed in the latest version of
libbtm-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 911...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated libbtm-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 07 Nov 2018 01:46:49 +0100
Source: libbtm-java
Binary: libbtm-java
Architecture: source
Version: 2.1.4-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libbtm-java - Bitronix JTA Transaction Manager
Closes: 911194
Changes:
 libbtm-java (2.1.4-4) unstable; urgency=medium
 .
   * Team upload.
   * Fixed the build failure with Java 11 (Closes: #911194)
   * Standards-Version updated to 4.2.1
   * Switch to debhelper level 11
   * Use salsa.debian.org Vcs-* URLs
Checksums-Sha1:
 f30436d404ef5cef2cd68a920d6c965b87fa8e0a 2161 libbtm-java_2.1.4-4.dsc
 2777579f402b89ee57a3a4da38f1d8bda9d8db47 4988 libbtm-java_2.1.4-4.debian.tar.xz
 4051aad2fa2e1be949182ad0886f9b9189cccfc1 10775 
libbtm-java_2.1.4-4_source.buildinfo
Checksums-Sha256:
 2827d469c39d3a140e54b5400922010b91019900860d44daca8681325ee35915 2161 
libbtm-java_2.1.4-4.dsc
 4c20b02d73dd6537905e1b2a24b4451f934bcd53b45ab6d311da40cbe9e03da0 4988 
libbtm-java_2.1.4-4.debian.tar.xz
 194e06b2f4a8331d0868971cb9599b4198ade009ef3bfc402f794286b55ebeb3 10775 
libbtm-java_2.1.4-4_source.buildinfo
Files:
 78bb3ceb32885ce7aca1fb9a7eed2e89 2161 java optional libbtm-java_2.1.4-4.dsc
 d4342dc6ac12a064eb3c30cb8c37450d 4988 java optional 

Bug#911194: Bug #911194 in libbtm-java marked as pending

[Emmanuel Bourg]

Control: tag -1 pending

Hello,

Bug #911194 in libbtm-java reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/java-team/libbtm-java/commit/29342f91b0c595376f518dde9d87813d0de12ba7


Fixed the build failure with Java 11 (Closes: #911194)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/911194

Processed: Bug #911194 in libbtm-java marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #911194 [src:libbtm-java] libbtm-java: FTBFS with Java 11 due to javax.rmi 
removal
Added tag(s) pending.

-- 
911194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911194
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#912389: marked as done (snakeyaml FTBFS with OpenJDK 11)

[Debian Bug Tracking System]

Your message dated Wed, 07 Nov 2018 00:35:00 +
with message-id 
and subject line Bug#912389: fixed in snakeyaml 1.23-1
has caused the Debian Bug report #912389,
regarding snakeyaml FTBFS with OpenJDK 11
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912389: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: snakeyaml
Version: 1.21-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/snakeyaml.html

...
[ERROR] Tests run: 2, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.013 s 
<<< FAILURE! - in org.yaml.snakeyaml.generics.ObjectValuesTest
[ERROR] testObjectValuesWithParam(org.yaml.snakeyaml.generics.ObjectValuesTest) 
 Time elapsed: 0.01 s  <<< FAILURE!
junit.framework.AssertionFailedError: class [Ljava.lang.Object; cannot be cast 
to class [Ljava.lang.String; ([Ljava.lang.Object; and [Ljava.lang.String; are 
in module java.base of loader 'bootstrap')
at 
org.yaml.snakeyaml.generics.ObjectValuesTest.testObjectValuesWithParam(ObjectValuesTest.java:93)
--- End Message ---
--- Begin Message ---
Source: snakeyaml
Source-Version: 1.23-1

We believe that the bug you reported is fixed in the latest version of
snakeyaml, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated snakeyaml package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 07 Nov 2018 01:12:28 +0100
Source: snakeyaml
Binary: libyaml-snake-java libyaml-snake-java-doc
Architecture: source
Version: 1.23-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libyaml-snake-java - YAML parser and emitter for the Java programming language
 libyaml-snake-java-doc - Documentation for SnakeYAML
Closes: 912389
Changes:
 snakeyaml (1.23-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release.
 - Fixes the test failure with Java 11 (Closes: #912389)
   * Standards-Version updated to 4.2.1
Checksums-Sha1:
 ffde0efb43f7e221bce47bc3558253469f8a7d41 2233 snakeyaml_1.23-1.dsc
 6544f5a4fce9a8b1fecf3da258736b3a61ebe068 263228 snakeyaml_1.23.orig.tar.xz
 97e8683033a529cab80077a430b494f6b5fa6701 9500 snakeyaml_1.23-1.debian.tar.xz
 4b7e809db05893578af538c079dac1a5bef28e79 15515 
snakeyaml_1.23-1_source.buildinfo
Checksums-Sha256:
 4074caff323d9d09d64f786f90611e58ded4f8bef589a750ef6aa4e6a5471a41 2233 
snakeyaml_1.23-1.dsc
 2746d5d594bcc1597bf950f76e5d191bf7722236c208bc3df5f09eabfd8e7659 263228 
snakeyaml_1.23.orig.tar.xz
 b4f4e931f206c3a55adb59e391d31a3a231de89e61fd2d98ac498c82cb831230 9500 
snakeyaml_1.23-1.debian.tar.xz
 4f4478b89c91b0673e4f75c4eb786cb3611ad177c91e2ad23a857ae650851b1b 15515 
snakeyaml_1.23-1_source.buildinfo
Files:
 db701fb5de8ea6a327bc3ecf1eb53fb5 2233 java optional snakeyaml_1.23-1.dsc
 3df78afc2f9eaf6f30a3cb53bdb5fcc3 263228 java optional 
snakeyaml_1.23.orig.tar.xz
 4187819dbdd47cfddb6fc0c4e47a5a9e 9500 java optional 
snakeyaml_1.23-1.debian.tar.xz
 513257a568ea0261c9b11e41631e3327 15515 java optional 
snakeyaml_1.23-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlviLrESHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCso30P/iJtW2hDk7TqB9mLNH9u0V0S267miA5y
HNVyIvba288rAc4oLVHJ82ElfhHkQ5/EK1owJBiLNwCRdmlhSgIKX7cGdalC/Duh
995ojOWvLlJG111iwdcWBPxerePJvPo8+te/p4uBa+flSd6/itcYguKxGKihftxq
l9HGfWaXIJkW+nxQt8j3T6sK2b5k+hbhfU3OaDVbuj7CHOLmbmKEQYE9YiLSRiMc
Ruh2G/h+uXQZ8/S6wnIVp706P/YoQs5yNVTPn2GKXNxhe3av86KtCDCJl/C/rXnW
b9uOhDgBSZybTX4hG1cA3dY/dX0oRMP7nfs/BHdugKFA0X/olyn7r3Q9s+Ylx69S
duR5V8BAnsfHmKQpQluk9vUyICO+yI64uVZD07a4AAYxRVnPuR9vEgeBlV7b5Cm5
SWpzhOSxiRTVJ/eTkfJy2cDlJ7Lc5JzBbC3S3zdlftDzJK8TaSF2ZGu7cBzb2VB3
0+rdyHPhRy31ZEobzSCpWVktgwkBzM1SX03nD471ueVy/oBsySG9re46R3qOPjVl
3L6GbwsjBqSRusf8rrNQOp+7Gu8fGsxlXjU22nlU/pKOxcuphurYhUCMPgvfLPKV
DIKHpQFJV6rT3g5gGuB7rkTwTG5Y53Lb18ityoJmRPTFZBbTtYWVT7myjAoKRYeu
LjowY0JuT457
=pb72
-END PGP SIGNATURE End Message ---

Bug#913017: marked as done (tesseract-ocr: missing Breaks+Replaces: libtesseract-dev (<< 4))

[Debian Bug Tracking System]

Your message dated Wed, 07 Nov 2018 00:19:50 +
with message-id 
and subject line Bug#913017: fixed in tesseract 4.0.0-1
has caused the Debian Bug report #913017,
regarding tesseract-ocr: missing Breaks+Replaces: libtesseract-dev (<< 4)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
913017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913017
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tesseract-ocr
Version: 4.00~git3241-1066f696-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../tesseract-ocr_4.00~git3241-1066f696-1_amd64.deb ...
  Unpacking tesseract-ocr (4.00~git3241-1066f696-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/tesseract-ocr_4.00~git3241-1066f696-1_amd64.deb 
(--unpack):
   trying to overwrite '/usr/bin/tesstrain.sh', which is also in package 
libtesseract-dev 3.04.01-5
  dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/tesseract-ocr_4.00~git3241-1066f696-1_amd64.deb


cheers,

Andreas


libtesseract-dev=3.04.01-5_tesseract-ocr=4.00~git3241-1066f696-1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: tesseract
Source-Version: 4.0.0-1

We believe that the bug you reported is fixed in the latest version of
tesseract, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 913...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Pozdnyakov  (supplier of updated tesseract package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 06 Nov 2018 19:51:59 +0300
Source: tesseract
Binary: tesseract-ocr libtesseract-dev libtesseract4 tesseract-ocr-all
Architecture: source amd64 all
Version: 4.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alexander Pozdnyakov 
Changed-By: Alexander Pozdnyakov 
Description:
 libtesseract-dev - Development files for the tesseract command line OCR tool
 libtesseract4 - Tesseract OCR library
 tesseract-ocr - Tesseract command line OCR tool
 tesseract-ocr-all - Tesseract OCR with all language and script packages
Closes: 913017
Changes:
 tesseract (4.0.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * moved sh scripts to usr/share/tesseract-ocr/ (closes: #913017)
   * URL: git://github.com/tesseract-ocr/tesseract.git
   * Branch: master
   * Commit: 51316994ccae0b48692d547030f26c0969308214
   * Date: 1540803796
   * git changelog:
   *  51316994 - 4.0.0 Release
   *  ba64aaf2 - add lstmdebug config to distribution and installation
 process
   *  125fdc3f - Add debug configuration for LSTM
Checksums-Sha1:
 7f7a9c92e9398fd903652d56ab2b3c495daefd1e 2316 tesseract_4.0.0-1.dsc
 2d72fde813c67929f3c1fe3048000fa8f1a5e962 6896044 tesseract_4.0.0.orig.tar.xz
 90f2cea3c657d0e44d71532be85c17dd1cdbb98a 37648 tesseract_4.0.0-1.debian.tar.xz
 d5ef32f5dce4a89c1718cddf82ef7c60c07d021b 1488556 
libtesseract-dev_4.0.0-1_amd64.deb
 ae37f0f38dcf43f63e6f8ad22a85cbc51ba12ad8 14556956 
libtesseract4-dbgsym_4.0.0-1_amd64.deb
 d06bbefba949281fb8984ee9aa0a9d555e865a37 1235220 
libtesseract4_4.0.0-1_amd64.deb
 64586515341e523e84fe923f26ea94579b68344a 46556 
tesseract-ocr-all_4.0.0-1_all.deb
 5b2ba2a33fc5fca772aae154df9af72fc9626b0c 5300392 
tesseract-ocr-dbgsym_4.0.0-1_amd64.deb
 8f564f87d23cf388d903fe7116f89faf7359c6ca 262120 tesseract-ocr_4.0.0-1_amd64.deb
 5b7ae27d6b0d198e506bafd05685d56aa21473c2 12086 
tesseract_4.0.0-1_amd64.buildinfo
Checksums-Sha256:
 d68567607a7ea4b7e84b1f0312d3420216910bf8daff2fe0b799d53c7252e4c4 2316 
tesseract_4.0.0-1.dsc
 b3976b2a2994b23088147d2bd80f9e1e64d4cec0d9c73c6a211f262a5d540d10 6896044 

Processed: Bug #912389 in snakeyaml marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #912389 [src:snakeyaml] snakeyaml FTBFS with OpenJDK 11
Added tag(s) pending.

-- 
912389: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#912389: Bug #912389 in snakeyaml marked as pending

[Emmanuel Bourg]

Control: tag -1 pending

Hello,

Bug #912389 in snakeyaml reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/java-team/snakeyaml/commit/f347cc23e1251e1a6798cd14598de3e805c51e56


New upstream release: Fixes the test failure with Java 11 (Closes: #912389)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/912389

Bug#912423: marked as done (libwxsqlite3-3.0-0: switch to gtk3 breaks the ABI)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 23:49:48 +
with message-id 
and subject line Bug#912423: fixed in wxsqlite3 3.4.1~dfsg-3
has caused the Debian Bug report #912423,
regarding libwxsqlite3-3.0-0: switch to gtk3 breaks the ABI
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912423: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912423
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: codelite
Version: 10.0+dfsg-3
Severity: important

Dear Maintainer,
when starting codelite the process shuts down directly when starting.
Reason:
(codelite:1081): Gtk-ERROR **: 12:48:04.992: GTK+ 2.x symbols detected. Using 
GTK+ 2.x and GTK+ 3 in the same process is not supported
Sadly I haven't been able to resolve this.





-- System Information:
Debian Release: buster/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages codelite depends on:
ii  libc6   2.27-8
ii  libclang1-6.0   1:6.0.1-9.2
ii  libgcc1 1:8.2.0-9
ii  libgtk2.0-0 2.24.32-3
ii  libssh-gcrypt-4 0.8.4-3
ii  libstdc++6  8.2.0-9
ii  libwxbase3.0-0v53.0.4+dfsg-4
ii  libwxgtk3.0-0v5 3.0.4+dfsg-4
ii  libwxsqlite3-3.0-0  3.4.1~dfsg-2

Versions of packages codelite recommends:
ii  g++   4:8.2.0-2
ii  gcc   4:8.2.0-2
ii  gdb   8.1-4+b1
ii  gnome-terminal [x-terminal-emulator]  3.30.1-1
ii  qterminal [x-terminal-emulator]   0.9.0-3
ii  rxvt-unicode [x-terminal-emulator]9.22-4
ii  wx-common 3.0.4+dfsg-4
ii  xfce4-terminal [x-terminal-emulator]  0.8.7.4-2
ii  xterm [x-terminal-emulator]   337-1

Versions of packages codelite suggests:
ii  codelite-plugins  10.0+dfsg-3

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: wxsqlite3
Source-Version: 3.4.1~dfsg-3

We believe that the bug you reported is fixed in the latest version of
wxsqlite3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS)  (supplier of updated wxsqlite3 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 06 Nov 2018 22:52:40 +
Source: wxsqlite3
Binary: libwxsqlite3-3.0-0 libwxsqlite3-3.0-dev wxsqlite3-doc
Architecture: source amd64 all
Version: 3.4.1~dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) 
Changed-By: Laszlo Boszormenyi (GCS) 
Description:
 libwxsqlite3-3.0-0 - SQLite3 C++ wrapper for use in programs based on the 
wxWidgets
 libwxsqlite3-3.0-dev - Development files for wxSQLite3
 wxsqlite3-doc - Documentation files for wxSQLite3
Closes: 912423
Changes:
 wxsqlite3 (3.4.1~dfsg-3) unstable; urgency=medium
 .
   * Revert building with GTK3 version of wxWidgets (closes: #912423).
Checksums-Sha1:
 ac49b87b93c64d8eeff7057a50751223f52bcf88 2039 wxsqlite3_3.4.1~dfsg-3.dsc
 492505b825de8a2b0e085b09efc7d80009005c86 11432 
wxsqlite3_3.4.1~dfsg-3.debian.tar.xz
 a347212586b37c791ffcac53f89c61a8ab67895b 395740 
libwxsqlite3-3.0-0-dbgsym_3.4.1~dfsg-3_amd64.deb
 b0a641598f423fdde0c9bcc2e7b093d77b23532d 69540 
libwxsqlite3-3.0-0_3.4.1~dfsg-3_amd64.deb
 ccdd3554099fa5824fa9dd3a269734d9f8110cbf 38424 
libwxsqlite3-3.0-dev_3.4.1~dfsg-3_amd64.deb
 4a17e79041bab553055c95e8119363fc07593492 106936 
wxsqlite3-doc_3.4.1~dfsg-3_all.deb
 cb4ef244001451646ab0714673e832f1c184c03c 11981 
wxsqlite3_3.4.1~dfsg-3_amd64.buildinfo
Checksums-Sha256:
 5e85927a1c5c6f971b8bf9a9d588b25e6de2c98f6a6fb6581c7fe394f7187f2a 2039 
wxsqlite3_3.4.1~dfsg-3.dsc
 4f3e723508ffd3bd9410230d1690abb2507500817f8903e3a3a2dca8f77feee2 11432 
wxsqlite3_3.4.1~dfsg-3.debian.tar.xz
 678fb2c50d3506b5eb5cc436d71b585d5e381817f12b86bceac16291040d61c0 395740 

Bug#912695: Bug#912970: fixed in apt-show-versions 0.22.9

[Uoti Urpala]

On Tue, 06 Nov 2018 11:34:18 + Christoph Martin  wrote:
>* set a higher limit for the hash stacksize in perl Storable (closes:
>  #912695, #912709, #912970, #898090)

Upgrade and reinstall still fail.

Bug#912695: Bug#912970: fixed in apt-show-versions 0.22.9

[Uoti Urpala]

On Tue, 06 Nov 2018 11:34:18 + Christoph Martin  wrote:
>* set a higher limit for the hash stacksize in perl Storable (closes:
>  #912695, #912709, #912970, #898090)

Upgrade and reinstall still fail.

Bug#913107: changeo: FTBFS (missing build-depends?)

[Santiago Vila]

Package: src:changeo
Version: 0.3.12-1
Severity: serious
Tags: ftbfs

Dear maintainer:

This package does not seem to build inside a clean chroot:

[...]
dh clean --with python3 --buildsystem=pybuild
   debian/rules override_dh_auto_clean
make[1]: Entering directory '/<>'
dh_auto_clean
I: pybuild base:217: python3.7 setup.py clean 
Please install pip before installing changeo.


Thanks.

Bug#868551: File conflict between redis-server-dbgsym and redis-tools-dbgsym

[Chris Lamb]

Chris Lamb wrote:

> > File conflict between redis-server-dbgsym and redis-tools-dbgsym
> 
> This (still) affects stable but I fear the fix:
> 
>  redis (4:4.0.0-2) unstable; urgency=medium
> 
>* Make /usr/bin/redis-server in the main redis-server package a symlink to
>  /usr/bin/redis-check-rdb in the redis-tools package.
> 
>  Whilst this prevents a wasteful duplication of a binary, it moreover
>  ensures there are no duplicate debug symbols which was preventing the
>  simultaneous installation of the redis-server-dbgsym and
>  redis-tools-dbgsym packages.
> 
>  Note that this results in the peculiar (and possibily confusing) 
> situation
>  where the main package does not have the main binary anymore, or indeed
>  any binaries whatsoever. See also the previous parallel attempt at a
>  symlink changes in 3.2.6-3 which was reverted in 3.2.8-3. Thanks to 
> Adrian
>  Bunk for the report. (Closes: #868551)
>   
> … is too invasive for a stable update. The version in stable is a
> little outdated anyway, and the backport is recommended anyway…
> 
> Thoughts?

Gentle ping on this Adrian?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#913052: marked as done (hsqldb: FTBFS with Java 11 due to JAXB removal)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 22:49:02 +
with message-id 
and subject line Bug#913052: fixed in hsqldb 2.4.1-2
has caused the Debian Bug report #913052,
regarding hsqldb: FTBFS with Java 11 due to JAXB removal
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
913052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: hsqldb
Version: 2.4.1-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/hsqldb.html

...
lib:
[javac] Compiling 64 source files to /build/1st/hsqldb-2.4.1/hsqldb/classes
[javac] warning: [options] bootstrap class path not set in conjunction with 
-source 8
[javac] 
/build/1st/hsqldb-2.4.1/hsqldb/tmp/switchedsrc/org/hsqldb/jdbc/JDBCSQLXML.java:61:
 error: package javax.xml.bind.util does not exist
[javac] import javax.xml.bind.util.JAXBResult;
[javac]   ^
[javac] 
/build/1st/hsqldb-2.4.1/hsqldb/tmp/switchedsrc/org/hsqldb/jdbc/JDBCSQLXML.java:62:
 error: package javax.xml.bind.util does not exist
[javac] import javax.xml.bind.util.JAXBSource;
[javac]   ^
[javac] 
/build/1st/hsqldb-2.4.1/hsqldb/tmp/switchedsrc/org/hsqldb/jdbc/JDBCSQLXML.java:1465:
 error: cannot find symbol
[javac] if (JAXBSource.class.isAssignableFrom(sourceClass)) {
[javac] ^
[javac]   symbol:   class JAXBSource
[javac]   location: class JDBCSQLXML
[javac] 
/build/1st/hsqldb-2.4.1/hsqldb/tmp/switchedsrc/org/hsqldb/jdbc/JDBCSQLXML.java:1686:
 error: cannot find symbol
[javac] if (JAXBResult.class.isAssignableFrom(resultClass)) {
[javac] ^
[javac]   symbol:   class JAXBResult
[javac]   location: class JDBCSQLXML
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] 4 errors
[javac] 1 warning
--- End Message ---
--- Begin Message ---
Source: hsqldb
Source-Version: 2.4.1-2

We believe that the bug you reported is fixed in the latest version of
hsqldb, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 913...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated hsqldb package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 23:33:09 +0100
Source: hsqldb
Binary: libhsqldb-java libhsqldb-java-doc hsqldb-utils
Architecture: source
Version: 2.4.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 hsqldb-utils - Java SQL database engine (utilities)
 libhsqldb-java - Java SQL database engine
 libhsqldb-java-doc - documentation for HSQLDB
Closes: 913052
Changes:
 hsqldb (2.4.1-2) unstable; urgency=medium
 .
   * Team upload.
   * Fixed the build failure with Java 11 (Closes: #913052)
   * Replaced use-system-servlet.jar.patch with a build property
   * Standards-Version updated to 4.2.1
   * Use salsa.debian.org Vcs-* URLs
Checksums-Sha1:
 923b8335cef45dd402195a39c34378c2407f2ee3 2106 hsqldb_2.4.1-2.dsc
 eb1c47e0f63cb21833253e851d4ca18c22a42959 10944 hsqldb_2.4.1-2.debian.tar.xz
 92aa1aad042af600a221bcfec59919881b1b6649 12793 hsqldb_2.4.1-2_source.buildinfo
Checksums-Sha256:
 bdc6377b0ceb8df9fd91ab9063298952f128ef1e56bbf1c0f2476b896d064897 2106 
hsqldb_2.4.1-2.dsc
 ae7e2cc4c7a9cd8b4adafe8757410410ed93f7267ee9af2389c460905bcd9500 10944 
hsqldb_2.4.1-2.debian.tar.xz
 640867bc18e7380ebf533d3fcf7314665c90a912ac3ae56bfefa13a978a24800 12793 
hsqldb_2.4.1-2_source.buildinfo
Files:
 5a4098e2d837a42ea4238380093218ef 2106 libs optional hsqldb_2.4.1-2.dsc
 df0efda7717cbee04eab0ecd2928a2bf 10944 libs optional 
hsqldb_2.4.1-2.debian.tar.xz
 78e074e07264d8269c5df7ade48ed3df 12793 libs optional 
hsqldb_2.4.1-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlviFx4SHGVib3VyZ0Bh

Processed: Bug #913052 in hsqldb marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #913052 [src:hsqldb] hsqldb: FTBFS with Java 11 due to JAXB removal
Added tag(s) pending.

-- 
913052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913052: Bug #913052 in hsqldb marked as pending

[Emmanuel Bourg]

Control: tag -1 pending

Hello,

Bug #913052 in hsqldb reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/java-team/hsqldb/commit/c913d520b44ce802572c674981b1fc3325dfbdc8


Fixed the build failure with Java 11 (Closes: #913052)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/913052

Processed: found 913095 in 1.23-1.2, tagging 913095

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 913095 1.23-1.2
Bug #913095 [mini-httpd] CVE-2018-18778
Marked as found in versions mini-httpd/1.23-1.2.
> tags 913095 + upstream fixed-upstream
Bug #913095 [mini-httpd] CVE-2018-18778
Added tag(s) upstream and fixed-upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
913095: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913095
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#912221: jabref: incompatible with openjdk 11

[Emmanuel Bourg]

Hi Tony,

Le 06/11/2018 à 21:12, tony mancill a écrit :

> XJC="java -cp 
> /usr/share/java/xml-resolver.jar:/usr/share/java/jaxb-api.jar:/usr/share/java/jaxb-core.jar:/usr/share/java/jaxb-impl.jar:/usr/share/java/jaxb-jxc.jar:/usr/share/java/jaxb-xjc.jar
>  -jar /usr/share/java/jaxb-xjc.jar"
> 
> And it dies with this exception stack, despite the xml-resolver being on
> the classpath:

The -cp parameter doesn't work with -jar, that's why you keep getting
the ClassNotFoundException. Either all the jar files are specified
behind -cp and the main class is specified on the command line (i.e.
com.sun.tools.xjc.XJCFacade for xjc), or the jar executed has a proper
Class-Path attribute in its manifest (and indeed xml-resolver.jar isn't
listed in jaxb-xjc.jar).


> Can you help me understand why this patch
> (https://salsa.debian.org/java-team/jaxb/blob/master/debian/patches/04-xml-resolver-compatibility.patch)
> was necessary?  Perhaps it's related to the failure I'm seeing?

I don't think it's related. We simply use a different version of
xml-resolver. There is this rule in debian/maven.rules:

s/com.sun.org.apache.xml.internal/xml-resolver/ s/resolver/xml-resolver/

Sun/Oracle had to change the namespace of the libraries they embedded in
the JDK to avoid conflicts. But now that JAXB is no longer in the JDK
it's not needed, and we can directly use the original library instead.


> I've also started looking at updating jaxb 2.3.1, but it will 
> take me a bit of time.

I've also started digging into jaxb to address the compatibility with
Java 11. I've considered upgrading to the version 2.3.1 but it didn't
look that straightforward despite the minor version increment. I'm not
sure the upgrade is still compatible with Java 8 for example. So I think
I'll rather aim at a minor update simply adding the dependency on
libactivation-java, and later look at an upgrade.

Emmanuel Bourg

Bug#913095: CVE-2018-18778

[Moritz Muehlenhoff]

Package: mini-httpd
Severity: grave
Tags: security

See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18778

(The package seems unmaintained, if that's the case, don't NMU,
but keep it out of buster via auto-removals (and eventual archive
removal unless adopted))

Cheers,
Moritz

Processed: severity of 913090 is grave

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 913090 grave
Bug #913090 [src:nginx] nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
913090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913051: marked as done (hsqldb1.8.0: FTBFS with Java 11 due to System.runFinalizersOnExit() removal)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 20:52:36 +
with message-id 
and subject line Bug#913051: fixed in hsqldb1.8.0 1.8.0.10+dfsg-10
has caused the Debian Bug report #913051,
regarding hsqldb1.8.0: FTBFS with Java 11 due to System.runFinalizersOnExit() 
removal
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
913051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: hsqldb1.8.0
Version: 1.8.0.10+dfsg-9
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/hsqldb1.8.0.html

...
lib:
[javac] /build/1st/hsqldb1.8.0-1.8.0.10+dfsg/build/build.xml:351: warning: 
'includeantruntime' was not set, defaulting to build.sysclasspath=last; set to 
false for repeatable builds
[javac] Compiling 40 source files to 
/build/1st/hsqldb1.8.0-1.8.0.10+dfsg/classes
[javac] Using ant.build.javac.target 1.5 is no longer supported, switching 
to 6
[javac] Using ant.build.javac.target 1.5 is no longer supported, switching 
to 6
[javac] Using ant.build.javac.source 1.5 is no longer supported, switching 
to 6
[javac] warning: [options] bootstrap class path not set in conjunction with 
-source 6
[javac] warning: [options] source value 6 is obsolete and will be removed 
in a future release
[javac] warning: [options] target value 1.6 is obsolete and will be removed 
in a future release
[javac] warning: [options] To suppress warnings about obsolete options, use 
-Xlint:-options.
[javac] 
/build/1st/hsqldb1.8.0-1.8.0.10+dfsg/src/org/hsqldb/lib/java/JavaSystem.java:163:
 error: cannot find symbol
[javac] System.runFinalizersOnExit(true);
[javac]   ^
[javac]   symbol:   method runFinalizersOnExit(boolean)
[javac]   location: class System
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] 1 error
[javac] 4 warnings
--- End Message ---
--- Begin Message ---
Source: hsqldb1.8.0
Source-Version: 1.8.0.10+dfsg-10

We believe that the bug you reported is fixed in the latest version of
hsqldb1.8.0, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 913...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rene Engelhard  (supplier of updated hsqldb1.8.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 06 Nov 2018 19:50:10 +
Source: hsqldb1.8.0
Binary: libhsqldb1.8.0-java
Architecture: source
Version: 1.8.0.10+dfsg-10
Distribution: unstable
Urgency: medium
Maintainer: Debian LibreOffice Maintainers 
Changed-By: Rene Engelhard 
Description:
 libhsqldb1.8.0-java - Java SQL database engine
Closes: 913051
Changes:
 hsqldb1.8.0 (1.8.0.10+dfsg-10) unstable; urgency=medium
 .
   * add patch from LO to fix build with Java 11 (closes: #913051)
Checksums-Sha1:
 d25da0c2c873fa8eaf9d4955350224cbb18efed4 1921 hsqldb1.8.0_1.8.0.10+dfsg-10.dsc
 f3455a3ce1608df815b3b9eb9aacc11edde40014 29604 
hsqldb1.8.0_1.8.0.10+dfsg-10.diff.gz
 fe3cbbe24c9344201f32fbc9aa2512c95a6ac0eb 13163 
hsqldb1.8.0_1.8.0.10+dfsg-10_source.buildinfo
Checksums-Sha256:
 040581531f55714968f4099f7830106f9267fd9f72ac636658030adb46537cf6 1921 
hsqldb1.8.0_1.8.0.10+dfsg-10.dsc
 148a71dd48b7c3176090bb30e79f24a022b0f4ce18cfce5c0131ff16202ffa6d 29604 
hsqldb1.8.0_1.8.0.10+dfsg-10.diff.gz
 ef9e52c9d4b1edffbca3320e077f5cbe17e5f1602162fb0956bfdd1d79dd5255 13163 
hsqldb1.8.0_1.8.0.10+dfsg-10_source.buildinfo
Files:
 e3e2dc9449fb348d85227b9f2c8ad481 1921 oldlibs optional 
hsqldb1.8.0_1.8.0.10+dfsg-10.dsc
 aefc18582a453fd43136f3063c37c0c9 29604 oldlibs optional 
hsqldb1.8.0_1.8.0.10+dfsg-10.diff.gz
 beb5e1f73f4e7eebd3e155b75643b211 13163 oldlibs optional 
hsqldb1.8.0_1.8.0.10+dfsg-10_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAlvh9SgACgkQCqBFcdA+
PnBekhAApY3A9vsE38Slp+wPC6agyKmGvRfThqOJHg0985eZ6/zF9bNXYlvviI22

Bug#912997: glusterfs: Several security vulnerabilities

[Salvatore Bonaccorso]

Hi Patrick,

On Tue, Nov 06, 2018 at 12:28:06PM +0100, Salvatore Bonaccorso wrote:
> Hi Patrick,
> 
> On Tue, Nov 06, 2018 at 11:19:03AM +0100, Salvatore Bonaccorso wrote:
> > Control: notfixed -1 4.1.5-1
> > 
> > Hi Patrick,
> > 
> > On Tue, Nov 06, 2018 at 10:52:53AM +0100, Patrick Matthäi wrote:
> > > fixed #912997 4.1.5-1
> > [...]
> > > 
> > > If I see it correct, there is no issue open here?
> > 
> > Don't think this is correct. For instance just take CVE-2018-14661,
> > this is still unresolved in 4.1.5-1 and 5.0-1. Same for
> > CVE-2018-14660, CVE-2018-14659, CVE-2018-14654, CVE-2018-14653.
> > 
> > CVE-2018-14652 seems fixed in 5.0-1, but needs double check.
> > 
> > CVE-2018-14651 is as well missing as far I can see from 4.1.5-1 and
> > 5.0-1.
> 
> Just to be clear, I'm not 100% certain but just skimmed over the
> 4.1.5-1 and 5.0-1 and that was I think the fixes are not included in
> neither 4.1.5 upstream nor 5.0.

So I had a closer look tonight, I'm trying to give some status update
all relevant links are in the security-tracker itself already tracked.

CVE-2018-14651: looks unrelsoved in both release-4.1 and release-5.
Gerrit-Review is as tracked in the security-tracker in
https://review.gluster.org/#/c/glusterfs/+/21527/ .

CVE-2018-14652: not fixed in 4.1.5, but in later commit
e2c195712a9ecbda4fa02f5308138a1257a2558a . The fix is just part of
another code change upstream as per
052849983e51a061d7fb2c3ffd74fa78bb257084 which was already in
v5.0alpha. As such my previous statement beeing fixed in 5.0-1 is
right.

CVE-2018-14653: not yet a fix in neither release-5 nor release-4.1,
just in review status in gerrit. See extracted commits in
security-tracker. I guess this is upstream still in proper review
status even if Red Hat has already scheduled updates.

CVE-2018-14654: for release-4.1 commited, but not in a released
version (5f4ae8a80543332a2e92dfa5c7f833ae7b93a664). For release-5 it
is dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 .

CVE-2018-14659 unrelesolved in release-5 and release-4.1.

CVE-2018-14660 fix under review, not yet commited to release-5 or
release-4.1 branch.

CVE-2018-14661 see review status in Gerrit. Still not yet commited to
release-5 nor release-4.1 branches.

So I think apart one CVE which is fixed in 5.0-1 all other are yet
unadressed upstream.

Regards,
Salvatore

Bug#913088: iptables: nftables layer breaks rule parameter -f , --fragment

[S. G.]

Package: iptables
Version: 1.8.1-2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

installing and activating arno-iptables-firewall today resulted in blocking any
outgoing network traffic.

Investigations showed that the -f parameter is interpreted differently with
iptables in comparison to iptables-legacy. iptables-legacy behaves like
described in the man page and how iptables 1.6.0+snapshot20161117-6 from
stretch behaves:

-f, --fragment This means that the rule only refers to second and further IPv4
fragments of fragmented packets.

iptables 1.8.1-2 in contrast seems to interpret -f as 'Apply this rule to all
packages with the Don't Fragment Flag set.

Proof:

# Test with no rules

# iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
# Warning: iptables-legacy tables present, use iptables-legacy to see
them

# iptables-legacy -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

# Ping with set Don't Fragment Flag works

# LANG=C ping -c1 -Mdo 192.168.0.28
PING 192.168.0.28 (192.168.0.28) 56(84) bytes of data.
64 bytes from 192.168.0.28: icmp_seq=1 ttl=64 time=4.16 ms

--- 192.168.0.28 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 4.158/4.158/4.158/0.000 ms

# Ping with cleared Don't Fragment Flag works

# LANG=C ping -c1 -Mdont 192.168.0.28
PING 192.168.0.28 (192.168.0.28) 56(84) bytes of data.
64 bytes from 192.168.0.28: icmp_seq=1 ttl=64 time=3.98 ms

--- 192.168.0.28 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.975/3.975/3.975/0.000 ms

# Test with rule meant to drop second and further fragments

# iptables -A OUTPUT -f -j DROP

# iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-A OUTPUT -f -j DROP
# Warning: iptables-legacy tables present, use iptables-legacy to see
them

# iptables-legacy -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

# Ping with set Don't Fragment Flag DOES NOT work

# LANG=C ping -c1 -Mdo 192.168.0.28
PING 192.168.0.28 (192.168.0.28) 56(84) bytes of data.
ping: sendmsg: Operation not permitted

--- 192.168.0.28 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

# Ping with cleared Don't Fragment Flag works

# LANG=C ping -c1 -Mdont 192.168.0.28
PING 192.168.0.28 (192.168.0.28) 56(84) bytes of data.
64 bytes from 192.168.0.28: icmp_seq=1 ttl=64 time=4.56 ms

--- 192.168.0.28 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 4.563/4.563/4.563/0.000 ms

# Test with iptables-legacy and rule meant to drop second and further fragments

# iptables -F

# iptables-legacy -F

# iptables-legacy -A OUTPUT -f -j DROP

# iptables-legacy -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A OUTPUT -f -j DROP

# Ping with set Don't Fragment Flag works

# LANG=C ping -c1 -Mdo 192.168.0.28
PING 192.168.0.28 (192.168.0.28) 56(84) bytes of data.
64 bytes from 192.168.0.28: icmp_seq=1 ttl=64 time=4.09 ms

--- 192.168.0.28 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 4.091/4.091/4.091/0.000 ms

# Ping with cleared Don't Fragment Flag works

# LANG=C ping -c1 -Mdont 192.168.0.28
PING 192.168.0.28 (192.168.0.28) 56(84) bytes of data.
64 bytes from 192.168.0.28: icmp_seq=1 ttl=64 time=4.18 ms

--- 192.168.0.28 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 4.179/4.179/4.179/0.000 ms


As most if not all network packets are sent with set Don't Fragment Flag a rule
using the -f parameter effectively blocks any network traffic.

The current behavior renders a firewall like arno-iptables-firewall unusable.

Regards,
Sven



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages iptables depends on:
ii  libc62.27-8
ii  libip4tc01.8.1-2
ii  libip6tc01.8.1-2
ii  libiptc0 1.8.1-2
ii  libmnl0  1.0.4-2
ii  libnetfilter-conntrack3  1.0.7-1
ii  libnfnetlink01.0.1-3+b1
ii  libnftnl71.1.1-1
ii  

Bug#912221: jabref: incompatible with openjdk 11

[tony mancill]

On Thu, Nov 01, 2018 at 02:22:26PM +0100, Emmanuel Bourg wrote:
> On 01/11/2018 01:54, tony mancill wrote:
> 
> > I am definitely open to (and appreciative of) your suggestions.
> 
> Hi Tony, even if the jaxb package doesn't yet provide the xjc executable
> (#905357), you can invoke it with:
> 
> java -jar /usr/share/java/jaxb-xjc.jar

Hi Emmanuel,

It doesn't seem to be quite that straight-forward.  I've spend a fair
amount of time trying to build up proper classpath, but actually trying
to use XJC to compile anything fails with classloader exceptions.  For
example, I build up a command like the following:

XJC="java -cp 
/usr/share/java/xml-resolver.jar:/usr/share/java/jaxb-api.jar:/usr/share/java/jaxb-core.jar:/usr/share/java/jaxb-impl.jar:/usr/share/java/jaxb-jxc.jar:/usr/share/java/jaxb-xjc.jar
 -jar /usr/share/java/jaxb-xjc.jar"

And it dies with this exception stack, despite the xml-resolver being on
the classpath:

> parsing a schema...
> Exception in thread "main" java.lang.AssertionError: 
> javax.xml.bind.JAXBException: Implementation of JAXB-API has not been found 
> on module path or classpath.
>  - with linked exception:
> [java.lang.ClassNotFoundException: 
> com.sun.xml.internal.bind.v2.ContextFactory]
>   at 
> com.sun.tools.xjc.reader.xmlschema.bindinfo.BindInfo.getCustomizationContext(BindInfo.java:356)
>   at 
> com.sun.tools.xjc.reader.xmlschema.bindinfo.BindInfo.getCustomizationUnmarshaller(BindInfo.java:362)
>   at 
> com.sun.tools.xjc.reader.xmlschema.bindinfo.AnnotationParserFactoryImpl$1.(AnnotationParserFactoryImpl.java:85)
>   at 
> com.sun.tools.xjc.reader.xmlschema.bindinfo.AnnotationParserFactoryImpl.create(AnnotationParserFactoryImpl.java:84)
>   at 
> com.sun.xml.xsom.impl.parser.NGCCRuntimeEx.createAnnotationParser(NGCCRuntimeEx.java:401)
>   at 
> com.sun.xml.xsom.impl.parser.state.annotation.action0(annotation.java:89)
>   at 
> com.sun.xml.xsom.impl.parser.state.annotation.enterElement(annotation.java:114)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.sendEnterElement(NGCCRuntime.java:422)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCHandler.spawnChildFromEnterElement(NGCCHandler.java:114)
>   at 
> com.sun.xml.xsom.impl.parser.state.Schema.enterElement(Schema.java:317)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.sendEnterElement(NGCCRuntime.java:422)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCHandler.revertToParentFromEnterElement(NGCCHandler.java:151)
>   at 
> com.sun.xml.xsom.impl.parser.state.foreignAttributes.enterElement(foreignAttributes.java:91)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.sendEnterElement(NGCCRuntime.java:422)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCHandler.spawnChildFromEnterElement(NGCCHandler.java:114)
>   at 
> com.sun.xml.xsom.impl.parser.state.Schema.enterElement(Schema.java:229)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.sendEnterElement(NGCCRuntime.java:422)
>   at 
> com.sun.xml.xsom.impl.parser.state.Schema.enterElement(Schema.java:273)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.sendEnterElement(NGCCRuntime.java:422)
>   at 
> com.sun.xml.xsom.impl.parser.state.Schema.enterElement(Schema.java:309)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.sendEnterElement(NGCCRuntime.java:422)
>   at 
> com.sun.xml.xsom.impl.parser.state.Schema.enterElement(Schema.java:293)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.sendEnterElement(NGCCRuntime.java:422)
>   at 
> com.sun.xml.xsom.impl.parser.state.Schema.enterElement(Schema.java:221)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.sendEnterElement(NGCCRuntime.java:422)
>   at 
> com.sun.xml.xsom.impl.parser.state.Schema.enterElement(Schema.java:257)
>   at 
> com.sun.xml.xsom.impl.parser.state.NGCCRuntime.startElement(NGCCRuntime.java:263)
>   at 
> java.xml/org.xml.sax.helpers.XMLFilterImpl.startElement(XMLFilterImpl.java:551)
>   at 
> com.sun.tools.xjc.util.SubtreeCutter.startElement(SubtreeCutter.java:108)
>   at 
> com.sun.tools.xjc.reader.ExtensionBindingChecker.startElement(ExtensionBindingChecker.java:150)
>   at 
> java.xml/org.xml.sax.helpers.XMLFilterImpl.startElement(XMLFilterImpl.java:551)
>   at 
> com.sun.tools.xjc.reader.xmlschema.parser.IncorrectNamespaceURIChecker.startElement(IncorrectNamespaceURIChecker.java:128)
>   at 
> java.xml/org.xml.sax.helpers.XMLFilterImpl.startElement(XMLFilterImpl.java:551)
>   at 
> com.sun.tools.xjc.reader.xmlschema.parser.CustomizationContextChecker.startElement(CustomizationContextChecker.java:193)
>   at 
> java.xml/org.xml.sax.helpers.XMLFilterImpl.startElement(XMLFilterImpl.java:551)
>   at 
> com.sun.tools.xjc.ModelLoader$SpeculationChecker.startElement(ModelLoader.java:455)
>   at 
> java.xml/org.xml.sax.helpers.XMLFilterImpl.startElement(XMLFilterImpl.java:551)
>   at 

Processed: Bug #913051 in hsqldb1.8.0 marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #913051 [src:hsqldb1.8.0] hsqldb1.8.0: FTBFS with Java 11 due to 
System.runFinalizersOnExit() removal
Added tag(s) pending.

-- 
913051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913051: Bug #913051 in hsqldb1.8.0 marked as pending

[Rene Engelhard]

Control: tag -1 pending

Hello,

Bug #913051 in hsqldb1.8.0 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/libreoffice-team/hsqldb1.8.0/commit/797b2c773f17d18fb56e47aae38a638db181a920


add patch from LO to fix build with Java 11 (closes: #913051)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/913051

Bug#912977: iptables: nftables layer breaks ipsec/policy keyword

[Pierre Chifflier]

On Tue, Nov 06, 2018 at 02:02:06PM +0100, Arturo Borrero Gonzalez wrote:
> Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1290
> 
> Hopefully next upstream release will contain a fix.

Hi,

Thanks Arturo.

After some more testing, it seems the bug would be less severe than it
looks:

- the (iptables) rules seems to work, the nft dump can just not show
  them (which is a bug, but less important)
  This was tested for the policy module, for OUTPUT.

- the iptables rules can be saved and reloaded as usual

- the produced nft ruleset should not be used (for ex to switch to
  nftables), as it will load without error but without the nft_compat
  keywords. This would also be a different bug.

I'm still running some more tests, but I think the severity can be
lowered.

Regards,
Pierre

Bug#913014: Bug #913014: e3 (all binaries): immediate segmentation fault

[Bernhard Übelacker]

Dear Maintainer,
just tried to reproduce this issue.

I suspected this is caused by some changes in the linux kernel,
as a up to date buster amd64 userland inside a qemu VM with following
kernel shows no problem:
Linux debian 4.16.0-2-amd64 #1 SMP Debian 4.16.12-1 (2018-05-27) x86_64 
GNU/Linux

In following kernels this is visible:
Linux debian 4.17.0-1-amd64 #1 SMP Debian 4.17.8-1 (2018-07-20) x86_64 
GNU/Linux
Linux debian 4.18.0-2-amd64 #1 SMP Debian 4.18.10-2 (2018-11-02) x86_64 
GNU/Linux
Linux debian 4.19.0-rc7-amd64 #1 SMP Debian 4.19~rc7-1~exp1 (2018-10-07) 
x86_64 GNU/Linux


benutzer@debian:~/e3/try2$ file /usr/bin/e3
/usr/bin/e3: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), 
statically linked, no section header

The file utility identifies the e3 binary as 32-bit static executable,
even in the amd64 package, probably related to it being written in assembler.


benutzer@debian:~$ objdump -x /usr/bin/e3
...
Program Header:
LOAD off0x vaddr 0x08048000 paddr 0x08048000 align 2**0
 filesz 0x3387 memsz 0x3387 flags r-x
LOAD off0x3387 vaddr 0x0804b387 paddr 0x0804b387 align 2**0
 filesz 0x memsz 0x0010dcec flags rw-


It might be related to following discussion [1] and kernel patch [2].

Getting the second header entry aligned to 0x4000, what I tried to achive in
attached patch, seems to solve the issue in my test VM.

Kind regards,
Bernhard

[1] 
https://stackoverflow.com/questions/51656713/cannot-load-custom-elf-executable-in-gdb
[2] 
https://github.com/torvalds/linux/commit/a4ff8e8620d3f4f50ac4b41e8067b7d395056843
From 5bf403ebdf25d3a2e008a6c8542ceb4d8bc28703 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= 
Date: Tue, 6 Nov 2018 18:52:41 +0100
Subject: [PATCH] Align header to avoid crash.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913014
---
 e3.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/e3.h b/e3.h
index 1615be6..25d143d 100644
--- a/e3.h
+++ b/e3.h
@@ -861,6 +861,7 @@ phdr2:	;another Elf32_Phdr starts here
 %else
 	org 0x8048000
 	ELFheader
+	times 0xC79 db 0
 %endif
 %else
 	;nothing
-- 
2.19.1

Bug#913026: libwww-curl-perl: Uninstallable on armhf due to being built against Perl 5.26 instead of 5.28

[Héctor Orón Martínez]

Hello Axel,

Thanks for the report.

Missatge de Axel Beckert  del dia dt., 6 de nov. 2018
a les 6:27:
>
> Package: libwww-curl-perl
> Version: 4.17-5
> Severity: serious
>
> Hi,
>
> it seems as if libwww-curl-perl 4.17-5 has been built for armhf in a
> outdated chroot:
>
> # apt-cache show libwww-curl-perl | egrep 'Version|Depends|Architecture|^$'
> Version: 4.17-5
> Architecture: armhf
> Depends: perl (>= 5.26.2-7+b1), perlapi-5.26.2, libc6 (>= 2.15), 
> libcurl3-gnutls (>= 7.16.2)
> ^^
> Version: 4.17-4+b3
> Architecture: armhf
> Depends: perl (>= 5.28.0-3), perlapi-5.28.0, libc6 (>= 2.15), libcurl3-gnutls 
> (>= 7.16.2)
> #
>
> (Underlining has been done manual.)
>
> Could please the armhf buildd admins chase down which buildds are
> affected (at least arm-arm-01 where this package was built) and trigger
> BinNMUs for all affected packages? (And then probably close this bug
> report.)

I have triggered nmu build for libwww-curl-perl and libre-engine-re2-perl.

Regards
-- 
 Héctor Orón  -.. . -... .. .- -.   -.. . ...- . .-.. --- .--. . .-.

Processed: closing 913026

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> close 913026
Bug #913026 [libwww-curl-perl] libwww-curl-perl: Uninstallable on armhf due to 
being built against Perl 5.26 instead of 5.28
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
913026: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913026
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913025: emacspeak: emacspeak post-installation failed

[Rémi Vanicat]

Samuel Thibault wrote:

> Control: tags -1 + help

I did CC this bug to pkg-emacsen-add...@lists.debian.org where we might
be able to help.

>
> Hello,
>
> Remi Vanicat, le mar. 06 nov. 2018 06:06:30 +0100, a ecrit:
>> When upgrading emacspeak, post-installation failed. Compile log is
>> attached. 
>
> Ewww.
>
> If someone who actually knew about and used emacs could help, it could
> be useful, as it's the 4th upload which apparently fails in some
> particular situation.

The problem seem to be on line 54 of emacspeak-clojure.el, that badly
interact with elpa-auto-complete (and its clojure-mode file (with no
.el))

replacing
  (require 'clojure-mode "clojure-mode" 'no-error)
with
  (require 'clojure-mode () 'no-error)

Should fix this problem, I will try to look at this week.

>
>> Versions of packages emacspeak depends on:
>> ii  adduser3.118
>> ii  debconf [debconf-2.0]  1.5.69
>> ii  emacs  1:25.2+1-11
>> ii  emacs-gtk [emacs]  1:25.2+1-11
>> ii  emacs251:25.2+1-11
>> ii  make   4.2.1-1.2
>> ii  perl   5.28.0-3
>> ii  tcl8.6.0+9
>> ii  tclx8.48.4.1-2
>
> To make sure, could you send your dpkg -l \*emacs\* ?

Here it is:

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ NameVersion  Architecture Description
+++-===---==
ii  emacs   1:25.2+1-11  all  GNU Emacs editor 
(metapackage)
ii  emacs-bin-common1:25.2+1-11  amd64GNU Emacs editor's 
shared, architecture dependent files
ii  emacs-common1:25.2+1-11  all  GNU Emacs editor's 
shared, architecture independent infrastructure
un  emacs-common-non-dfsg (no description available)
ii  emacs-el1:25.2+1-11  all  GNU Emacs LISP (.el) files
ii  emacs-goodies-el41.0 all  Miscellaneous add-ons for 
Emacs
un  emacs-goodies-extra-el(no description available)
ii  emacs-gtk   1:25.2+1-11  amd64GNU Emacs editor (with 
GTK+ GUI support)
un  emacs-lucid   (no description available)
un  emacs-nox (no description available)
un  emacs-snapshot(no description available)
un  emacs-wiki(no description available)
un  emacs19   (no description available)
un  emacs20   (no description available)
un  emacs21   (no description available)
un  emacs21-common(no description available)
un  emacs22   (no description available)
un  emacs22-common(no description available)
un  emacs23   (no description available)
un  emacs23-common(no description available)
un  emacs24   (no description available)
un  emacs24-bin-common(no description available)
un  emacs24-common(no description available)
ii  emacs25 1:25.2+1-11  all  GNU Emacs transitional 
package to emacs-gtk
un  emacs25-bin-common(no description available)
un  emacs25-common(no description available)
un  emacs25-nox   (no description available)
un  emacsen   (no description available)
ii  emacsen-common  3.0.4all  Common facilities for all 
emacsen
iF  emacspeak   47.0+dfsg-4  all  speech output interface 
to Emacs
ii  emacspeak-espeak-server 47.0+dfsg-4  amd64espeak synthesis server 
for emacspeak
un  emacspeak-ss  (no description available)
rc  maxima-emacs5.41.0-3 all  Computer algebra system 
-- emacs interface
un  qemacs(no description available)
un  xemacs21  (no description available)
un  xemacs21-bin  (no description available)
un  xemacs21-support  (no description available)


>
> Thanks,
> Samuel

-- 
Rémi Vanicat

Bug#912515: marked as done (libcommons-collections3-java: FTBFS with Java 11 due to ambiguous Collection.toArray() method)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 16:49:21 +
with message-id 
and subject line Bug#912515: fixed in libcommons-collections3-java 3.2.2-2
has caused the Debian Bug report #912515,
regarding libcommons-collections3-java: FTBFS with Java 11 due to ambiguous 
Collection.toArray() method
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912515
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libcommons-collections3-java
Version: 3.2.2-1
Severity: serious
Tags: ftbfs buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libcommons-collections3-java.html

...
compile.tests:
[mkdir] Created dir: 
/build/1st/libcommons-collections3-java-3.2.2/build/tests
[javac] /build/1st/libcommons-collections3-java-3.2.2/build.xml:273: 
warning: 'includeantruntime' was not set, defaulting to 
build.sysclasspath=last; set to false for repeatable builds
[javac] Compiling 203 source files to 
/build/1st/libcommons-collections3-java-3.2.2/build/tests
[javac] Using ant.build.javac.source 1.4 is no longer supported, switching 
to 6
[javac] warning: [options] bootstrap class path not set in conjunction with 
-source 6
[javac] warning: [options] source value 6 is obsolete and will be removed 
in a future release
[javac] warning: [options] To suppress warnings about obsolete options, use 
-Xlint:-options.
[javac] 
/build/1st/libcommons-collections3-java-3.2.2/src/test/org/apache/commons/collections/collection/AbstractTestCollection.java:1119:
 error: reference to toArray is ambiguous
[javac] array = collection.toArray(null);
[javac]   ^
[javac]   both method toArray(T#1[]) in Collection and method 
toArray(IntFunction) in Collection match
[javac]   where T#1,T#2 are type-variables:
[javac] T#1 extends Object declared in method toArray(T#1[])
[javac] T#2 extends Object declared in method 
toArray(IntFunction)
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] 1 error
[javac] 3 warnings
--- End Message ---
--- Begin Message ---
Source: libcommons-collections3-java
Source-Version: 3.2.2-2

We believe that the bug you reported is fixed in the latest version of
libcommons-collections3-java, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated 
libcommons-collections3-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 17:27:14 +0100
Source: libcommons-collections3-java
Binary: libcommons-collections3-java libcommons-collections3-java-doc
Architecture: source
Version: 3.2.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libcommons-collections3-java - Apache Commons Collections - Extended 
Collections API for Java
 libcommons-collections3-java-doc - Documentation for 
libcommons-collections3-java
Closes: 912515
Changes:
 libcommons-collections3-java (3.2.2-2) unstable; urgency=medium
 .
   * Fixed the build failure with Java 11 (Closes: #912515)
   * No longer build and install the test framework (never used in Debian)
   * Build with the DH sequencer instead of CDBS
   * Standards-Version updated to 4.2.1
   * Switch to debhelper level 11
   * Use salsa.debian.org Vcs-* URLs
Checksums-Sha1:
 6dd5d9069aa21c14b0f48ccff5f33ca573fe74ca 2358 
libcommons-collections3-java_3.2.2-2.dsc
 51ef3d6b32a37c29e177d9565be4e08773b9e685 7512 
libcommons-collections3-java_3.2.2-2.debian.tar.xz
 68bef4ff6ca70b938a5de355e0123a22aabc22ce 10696 
libcommons-collections3-java_3.2.2-2_source.buildinfo
Checksums-Sha256:
 b27133f005ce8cdf3326df3d7b7054099db06ecb3829872775b2d7ece9a2be25 2358 
libcommons-collections3-java_3.2.2-2.dsc
 

Bug#912515: Bug #912515 in libcommons-collections3-java marked as pending

[Emmanuel Bourg]

Control: tag -1 pending

Hello,

Bug #912515 in libcommons-collections3-java reported by you has been fixed in 
the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/java-team/libcommons-collections3-java/commit/b85ffa13f8a637d5dda543ac98b0898eea12cd8c


Fixed the build failure with Java 11 (Closes: #912515)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/912515

Processed: Bug #912515 in libcommons-collections3-java marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #912515 [src:libcommons-collections3-java] libcommons-collections3-java: 
FTBFS with Java 11 due to ambiguous Collection.toArray() method
Added tag(s) pending.

-- 
912515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912515
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#912834: marked as done (xiphos: missing build on ppc64el: suggestion to remove it there)

[Debian Bug Tracking System]

Your message dated Tue, 6 Nov 2018 17:23:07 +0100
with message-id 

and subject line Can be closed
has caused the Debian Bug report #912834,
regarding xiphos: missing build on ppc64el: suggestion to remove it there
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912834: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912834
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xiphos
Version: 4.0.7.1-4
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Dear Maintainers,

The package xiphos currently does not build on architecture ppc64el.

There is a patch for it, and this patch is in libsword.
But this libsword is not going into auto-transition mode soon.

In the mean time package xiphos as is now in testing is not linked to the 
correct libsword version.
So it won't run on testing right now.
And this was due to me not following the proper route of the transition.

A new build of xiphos was made.
That new build links to the correct libsword.
So Xiphos works with that new build.

But now a missing build on ppc64el will prevent this correctly working xiphos 
package
from being migrated to testing.

See this link:
https://qa.debian.org/excuses.php?package=xiphos

My suggestion is to now request removal of xiphos version 4.0.7.1-4
from architecture ppc64el.
So the remaining xiphos binaries will migrate to testing soon.

Is there a problem with this approach?

If there's no problem with this, I intend to move on with this.

This bug is actually to keep track of this issue.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Generally a RM request is practically a last resort and isn't needed when a
future upload will fix the problem.
-- 
Teus Benschop
teusjanne...@gmail.com
0318 712046
--- End Message ---

Bug#912477: marked as done (libcommons-collections4-java: FTBFS with Java 11 due to ambiguous Collection.toArray() method)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 16:08:37 +
with message-id 
and subject line Bug#912477: fixed in libcommons-collections4-java 4.2-1
has caused the Debian Bug report #912477,
regarding libcommons-collections4-java: FTBFS with Java 11 due to ambiguous 
Collection.toArray() method
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912477: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912477
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libcommons-collections4-java
Version: 4.1-1
Severity: serious
Tags: ftbfs buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libcommons-collections4-java.html

...
[INFO] -
[ERROR] COMPILATION ERROR : 
[INFO] -
[ERROR] 
/build/1st/libcommons-collections4-java-4.1/src/test/java/org/apache/commons/collections4/collection/AbstractCollectionTest.java:[1088,36]
 reference to toArray is ambiguous
  both method toArray(T[]) in java.util.Collection and method 
toArray(java.util.function.IntFunction) in java.util.Collection match
[INFO] 1 error
--- End Message ---
--- Begin Message ---
Source: libcommons-collections4-java
Source-Version: 4.2-1

We believe that the bug you reported is fixed in the latest version of
libcommons-collections4-java, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated 
libcommons-collections4-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 16:47:50 +0100
Source: libcommons-collections4-java
Binary: libcommons-collections4-java libcommons-collections4-java-doc
Architecture: source
Version: 4.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libcommons-collections4-java - Apache Commons Collections - Extended 
Collections API for Java
 libcommons-collections4-java-doc - Documentation for Commons Collections 4
Closes: 912477
Changes:
 libcommons-collections4-java (4.2-1) unstable; urgency=medium
 .
   * New upstream release
   * Fixed the build failure with Java 11 (Closes: #912477)
   * Added the OSGi metadata
   * Standards-Version updated to 4.2.1
   * Switch to debhelper level 11
   * Use salsa.debian.org Vcs-* URLs
   * Track and download the new releases from the GitHub mirror
Checksums-Sha1:
 bcb6b0fe0c546c706c4ccd1607178540cbbc48c1 2416 
libcommons-collections4-java_4.2-1.dsc
 0166a37b099115b58221185f39f6ff754e3c0038 445628 
libcommons-collections4-java_4.2.orig.tar.xz
 ca3cc1bbfb50206620af8bcc435dc2b81568dccc 3508 
libcommons-collections4-java_4.2-1.debian.tar.xz
 69b0c16b929089f16387c5d91acea0e7eeb0385a 15546 
libcommons-collections4-java_4.2-1_source.buildinfo
Checksums-Sha256:
 88cd7fa8cd878b7b44c7cebc333d4e3d3c68861005018a30fcf9148811becda5 2416 
libcommons-collections4-java_4.2-1.dsc
 e6b25f22128d2b5e6181d9736f313103e079366013f853061aba16e8d4feb729 445628 
libcommons-collections4-java_4.2.orig.tar.xz
 db43f174b53ae145f89b7918438ee05f2a11733d263d65fc4cb450dfab4ee1d1 3508 
libcommons-collections4-java_4.2-1.debian.tar.xz
 169627801e97eb34e14fe5721082261bb58b85e8b9af58e304a750ffc7d048d1 15546 
libcommons-collections4-java_4.2-1_source.buildinfo
Files:
 c22ba7aa42be12f3254e37692da7c3b3 2416 java optional 
libcommons-collections4-java_4.2-1.dsc
 e09b9cfa385013766aeb7f743bc58566 445628 java optional 
libcommons-collections4-java_4.2.orig.tar.xz
 72bd76d9b9efd9f8be9c328c76addb5d 3508 java optional 
libcommons-collections4-java_4.2-1.debian.tar.xz
 f8f1c4d6e5df03e4b6585f0d42395e9d 15546 java optional 
libcommons-collections4-java_4.2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlvhuN4SHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsiwMP/3iISTha7ehOhBDshVbTLaUe02MXo5fg
YASZW+sFh/c3gX3WKWC3To3xuJ13pqDjJPlxwnCLv1eOpzH2DaDbE++4grwsqAYA
WC4StSSPFUExiNfwvj0m75QhMGvXEZulcVdNRDIQ19fgVtdeO6rDPlqtzBQpYjwg

Processed: Bug #912477 in libcommons-collections4-java marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #912477 [src:libcommons-collections4-java] libcommons-collections4-java: 
FTBFS with Java 11 due to ambiguous Collection.toArray() method
Added tag(s) pending.

-- 
912477: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912477
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#912477: Bug #912477 in libcommons-collections4-java marked as pending

[Emmanuel Bourg]

Control: tag -1 pending

Hello,

Bug #912477 in libcommons-collections4-java reported by you has been fixed in 
the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/java-team/libcommons-collections4-java/commit/75e0efd533215e1db0a2ccd138e3e84cf8026f36


Fixed the build failure with Java 11 (Closes: #912477)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/912477

Bug#913070: xiphos does not run on testing - sword 1.8.1 transition needed

[Daniel Glassey]

Package: xiphos
Version: 4.0.7.1-4
Severity: grave
Justification: renders package unusable

The version in testing is linked against a library that does not exist now.

The version in unstable may fix that but the real solution is a transition.
It will need to be rebuilt against libsword-dev >= 1.8.1-6 to get the
dependency against the correct package.

Regards,
Daniel

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xiphos depends on:
ii  gconf-service 3.2.6-5
iu  libbiblesync1.1   1.1.2-5
ii  libc6 2.27-8
ii  libdbus-glib-1-2  0.110-3
ii  libgcc1   1:8.2.0-9
ii  libgconf-2-4  3.2.6-5
ii  libgdk-pixbuf2.0-02.38.0+dfsg-6
ii  libglib2.0-0  2.58.1-2
ii  libgsf-1-114  1.14.44-1
ii  libgtk-3-03.24.1-2
ii  libicu60  60.2-6
ii  libstdc++68.2.0-9
ii  libsword11v5  1.8.1-2
ii  libwebkit2gtk-4.0-37  2.22.2-1
ii  libxml2   2.9.4+dfsg1-7+b1
ii  xiphos-data   4.0.7.1-4

xiphos recommends no packages.

Versions of packages xiphos suggests:
pn  sword-text  

-- no debconf information

Bug#913068: [kodi] Please rebuild kodi against newer libavcodec

[dererk]

Package: kodi
Version: 2:17.6+dfsg1-2
Severity: serious


Dear Kodi mantainers,

Please rebuild kodi against a newer avcodec library since current
libavcodec57 is broken on Sid and transitioning to libavcodec58:

# apt install kodi kodi-bin libavcodec57
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libavcodec57 : Depends: libx264-152 but it is not installable
E: Unable to correct problems, you have held broken packages.


Thanks in advance and the great work!

Cheers,

Dererk

--- System information. ---
Architecture: 
Kernel:   Linux 4.18.0-2-amd64

Debian Release: buster/sid
  500 unstabledeb.debian.org 
  500 stable  repository.spotify.com 

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.




-- 
BOFH excuse #154:

You can tune a file system, but you can't tune a fish (from most tunefs man 
pages)

Bug#905332: debdiff

[Adam D. Barratt]

On 2018-11-06 14:43, wf...@niif.hu wrote:

Dear Security Team, please consider yourselves notified and please


debian-secur...@lists.debian.org is *not* a contact point for the 
Security Team, it's a public discussion list.


Regards,

Adam

Processed: Re: hsqldb1.8.0 FTBFS with OpenJDK 11

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 913051 hsqldb1.8.0: FTBFS with Java 11 due to 
> System.runFinalizersOnExit() removal
Bug #913051 [src:hsqldb1.8.0] hsqldb1.8.0 FTBFS with OpenJDK 11
Changed Bug title to 'hsqldb1.8.0: FTBFS with Java 11 due to 
System.runFinalizersOnExit() removal' from 'hsqldb1.8.0 FTBFS with OpenJDK 11'.
> retitle 913052 hsqldb: FTBFS with Java 11 due to JAXB removal
Bug #913052 [src:hsqldb] hsqldb FTBFS with OpenJDK 11
Changed Bug title to 'hsqldb: FTBFS with Java 11 due to JAXB removal' from 
'hsqldb FTBFS with OpenJDK 11'.
> retitle 913050 batik: FTBFS with Java 11 due to 
> SecurityManager.checkSystemClipboardAccess() removal
Bug #913050 [src:batik] batik FTBFS with OpenJDK 11
Changed Bug title to 'batik: FTBFS with Java 11 due to 
SecurityManager.checkSystemClipboardAccess() removal' from 'batik FTBFS with 
OpenJDK 11'.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
913050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913050
913051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913051
913052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913066: libengine-pkcs11-openssl: use versioned Breaks+Replaces: libengine-pkcs11-openssl1.1 (<< 0.4.9-2)

[Andreas Beckmann]

Package: libengine-pkcs11-openssl
Version: 0.4.9-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts replaces-without-breaks

Hi,

during a test with piuparts and DOSE tools I noticed your package causes
removal of files that also belong to another package.
This is caused by using Replaces without corresponding Breaks.

The installation sequence to reproduce this problem is

  apt-get install libengine-pkcs11-openssl1.1/stretch
  # (1)
  apt-get install libengine-pkcs11-openssl/sid
  apt-get remove libengine-pkcs11-openssl
  # (2)

The list of installed files at points (1) and (2) should be identical,
but the following files have disappeared:

  /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so
  /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.la
  /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so


This is a serious bug violating policy 7.6, see
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces
and also see the footnote that describes this incorrect behavior:
https://www.debian.org/doc/debian-policy/ch-relationships.html#id13

The $OFFENDER package has the following relationships with $VICTIM:

  Conflicts: n/a
  Breaks:n/a
  Replaces:  libengine-pkcs11-openssl1.1
  Provides:  libengine-pkcs11-openssl1.1


>From the attached log (scroll to the bottom...):

18m52.8s ERROR: FAIL: After purging files have disappeared:
  /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so -> pkcs11.soowned 
by: libengine-pkcs11-openssl:amd64
  /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.laowned by: 
libengine-pkcs11-openssl:amd64
  /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.soowned by: 
libengine-pkcs11-openssl:amd64

18m52.8s ERROR: FAIL: After purging files have been modified:
  /var/lib/dpkg/info/libengine-pkcs11-openssl1.1:amd64.list  not owned


cheers,

Andreas


libengine-pkcs11-openssl1.1=0.4.4-4_libengine-pkcs11-openssl=0.4.9-2.log.gz
Description: application/gzip

Processed: Re: Bug#913058: libc++1-7,libc++1-8: both ship libc++.so.1{,.0}

[Debian Bug Tracking System]

Processing control commands:

> notfound -1 1:7-8
Bug #913058 [libc++1-7,libc++1-8] libc++1-7,libc++1-8: both ship 
libc++.so.1{,.0}
There is no source info for the package 'libc++1-8' at version '1:7-8' with 
architecture ''
No longer marked as found in versions llvm-toolchain-7/1:7-8.
> fixed -1 1:7-8
Bug #913058 [libc++1-7,libc++1-8] libc++1-7,libc++1-8: both ship 
libc++.so.1{,.0}
There is no source info for the package 'libc++1-8' at version '1:7-8' with 
architecture ''
Marked as fixed in versions llvm-toolchain-7/1:7-8.

-- 
913058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913058: libc++1-7,libc++1-8: both ship libc++.so.1{,.0}

[Andreas Beckmann]

Control: notfound -1 1:7-8
Control: fixed -1 1:7-8

On 2018-11-06 15:23, Sylvestre Ledru wrote:
> yeah, this is fixed in 7. I need to upload -8 to fix that.
> https://salsa.debian.org/pkg-llvm-team/llvm-toolchain/blob/7/debian/control#L488

oops, I only checked the changelog entries for the last experimental
uploads ...



Andreas

Processed: notfound 754683 in 0.3.1, notfixed 754683 in 0.3.1-1, fixed 754683 in 0.3.1-1, tagging 881384 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfound 754683 0.3.1
Bug #754683 {Done: Nobuhiro Iwamatsu } 
[xserver-xorg-input-mtrack] xserver-xorg-input-mtrack: Pointer does not work 
properly
There is no source info for the package 'xserver-xorg-input-mtrack' at version 
'0.3.1' with architecture ''
Unable to make a source version for version '0.3.1'
No longer marked as found in versions 0.3.1.
> notfixed 754683 0.3.1-1
Bug #754683 {Done: Nobuhiro Iwamatsu } 
[xserver-xorg-input-mtrack] xserver-xorg-input-mtrack: Pointer does not work 
properly
Ignoring request to alter fixed versions of bug #754683 to the same values 
previously set
> fixed 754683 0.3.1-1
Bug #754683 {Done: Nobuhiro Iwamatsu } 
[xserver-xorg-input-mtrack] xserver-xorg-input-mtrack: Pointer does not work 
properly
Marked as fixed in versions xf86-input-mtrack/0.3.1-1.
> tags 881384 + stretch
Bug #881384 {Done: Guillem Jover } [dpkg] dpkg man page 
contains a typo in "--validate-thing string" option description
Added tag(s) stretch.
> tags 874961 + sid buster experimental
Bug #874961 {Done: Pino Toscano } [src:kmymoney] [kmymoney] 
Future Qt4 removal from Buster
Added tag(s) sid, experimental, and buster.
> notfixed 777615 3.16.6-1
Bug #777615 {Done: Simon McVittie } [libgtk-3-0] openshot: 
Huge application icon in Nautilus
No longer marked as fixed in versions libgtk-3-0/3.16.6-1.
> fixed 777615 3.16.6-1
Bug #777615 {Done: Simon McVittie } [libgtk-3-0] openshot: 
Huge application icon in Nautilus
Marked as fixed in versions gtk+3.0/3.16.6-1.
> notfixed 697861 2.0.12-1
Bug #697861 {Done: Lars Kruse } [munin-plugins-core] 
munin-plugins-coreshould suggest libxml-parser-perl
No longer marked as fixed in versions munin-plugins-core/2.0.12-1.
> fixed 697861 2.0.12-1
Bug #697861 {Done: Lars Kruse } [munin-plugins-core] 
munin-plugins-coreshould suggest libxml-parser-perl
Marked as fixed in versions munin/2.0.12-1.
> notfixed 905825 mozjs60/60.2.1-1
Bug #905825 {Done: Simon McVittie } [src:mozjs52] mozjs52: 
test failure on alpha|sparc64: Expected value 'InternalError: allocation size 
overflow', Actual value 'out of memory'
No longer marked as fixed in versions mozjs60/60.2.1-1.
> notfound 865285 1:4.2.8p12+dfsg-3
Bug #865285 {Done: Bernhard Schmidt } [sntp] sntp: Cannot 
open KoD db file /var/db/ntp-kod: No such file or directory
No longer marked as found in versions ntp/1:4.2.8p12+dfsg-3.
> found 865285 1:4.2.8p12+dfsg-3
Bug #865285 {Done: Bernhard Schmidt } [sntp] sntp: Cannot 
open KoD db file /var/db/ntp-kod: No such file or directory
Marked as found in versions ntp/1:4.2.8p12+dfsg-3 and reopened.
> tags 866712 + experimental
Bug #866712 {Done: Sam Hartman } [src:moonshot-gss-eap] 
moonshot-gss-eap FTBFS on arm64: libeap/src/utils/common.h:429:0: error: 
"__bitwise" redefined [-Werror]
Added tag(s) experimental.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
697861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697861
754683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754683
777615: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777615
865285: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865285
866712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866712
874961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874961
881384: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881384
905825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905825
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#905332: debdiff

[Ferenc Wágner]

wagner.fer...@kifu.gov.hu (Ferenc Wágner) writes:

> Christian Fischer  writes:
>
>> On Fri, 03 Aug 2018 14:42:16 +0200 wf...@niif.hu (Ferenc Wágner) wrote:
>>
>>> Unfortunately the CVE hasn't arrived yet; I'll
>>> forward it to you once it does.  My acknowledgement mail is of
>>> subject "CVE Request 548000 for CVE ID Request" from
>>> cve-requ...@mitre.org (just for the record).
>>
>> have you received a CVE for this issue yet? Tried to look around in
>> various sources but wasn't able to identify a published CVE for this
>> issue yet.
>
> I haven't received a CVE for this issue, unfortunately.  My original
> request was deflected by Mitre saying that the Apache Software
> Foundation should issue this CVE.  However, the Apache webpage states
> that they issue IDs for undisclosed vulnerabilities only.  My three
> followup mails asking for clarification remained unanswered by Mitre.
>
> To add more bad news, according to http://santuario.apache.org/ the just
> released 2.0.2 fixes a very similar bug, which might mean another DoS; I
> couldn't investigate yet.  But if it does, we'll need yet another CVE
> for that.  I'm sending out some queries.

Shibboleth upstream confirmed that it's basically more of the same
issue: 
https://alioth-lists.debian.net/pipermail/pkg-shibboleth-devel/2018-November/005382.html
"I would suggest you just attach this to the same CVE as before and
update it to reflect the versions involved."

Dear Security Team, please consider yourselves notified and please
advise how we should track/handle this.  I'm looking into backporting
the fix to the stable version 1.7.3-4+deb9u1.
-- 
Regards,
Feri

Bug#910061: marked as done (freecad: /build/freecad-XXQg0d/freecad-0.16.6712+dfsg1/src/Mod/Part/Gui/SoBrepEdgeSet.cpp:76: PartGui::SoBrepEdgeSet::SoBrepEdgeSet(): Assertion `SoBrepEdgeSet::classTypeId

[Debian Bug Tracking System]

Your message dated Tue, 6 Nov 2018 15:34:59 +0100
with message-id <20181106143459.ga7...@home.ouaza.com>
and subject line Re: Bug#910061: freecad: 
/build/freecad-XXQg0d/freecad-0.16.6712+dfsg1/src/Mod/Part/Gui/SoBrepEdgeSet.cpp:76:
 PartGui::SoBrepEdgeSet::SoBrepEdgeSet(): Assertion `SoBrepEdgeSet::classTypeId 
!= SoType::badType() && "you forgot init()!"' failed.
has caused the Debian Bug report #910061,
regarding freecad: 
/build/freecad-XXQg0d/freecad-0.16.6712+dfsg1/src/Mod/Part/Gui/SoBrepEdgeSet.cpp:76:
 PartGui::SoBrepEdgeSet::SoBrepEdgeSet(): Assertion `SoBrepEdgeSet::classTypeId 
!= SoType::badType() && "you forgot init()!"' failed.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
910061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910061
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: freecad
Severity: grave
Version: 0.16.6712+dfsg1-3

Spotted while trying to reproduce #874727:

$ LC_ALL=C DISPLAY=:0 freecad
FreeCAD 0.16, Libs: 0.16R
© Juergen Riegel, Werner Mayer, Yorik van Havre 2001-2015
  #   ###   
  ##  # #   #   #
  # ##     # #   #  #   #
    # # #  # #  #  # #  #   #
  # #      ## # #   #
  # #   ## ## # #   #  ##  ##  ##
  # #       ### # #    ##  ##  ##

Unable to revert mtime: /usr/local/share/fonts
No module named WebGui

* View->Workbench->Path
* File->New
* Click on "Creates a fixtures object" button

Path workbench activated
freecad: 
/build/freecad-XXQg0d/freecad-0.16.6712+dfsg1/src/Mod/Part/Gui/SoBrepEdgeSet.cpp:76:
 PartGui::SoBrepEdgeSet::SoBrepEdgeSet(): Assertion `SoBrepEdgeSet::classTypeId 
!= SoType::badType() && "you forgot init()!"' failed.
Abgebrochen

0.17 from experimental doesn't crash. (I couldn't find the "Path" menu
entry.)

Christoph
--- End Message ---
--- Begin Message ---
Version: 0.17+dfsg1-1

On Tue, 02 Oct 2018, Christoph Berg wrote:
> Spotted while trying to reproduce #874727:
> 
> $ LC_ALL=C DISPLAY=:0 freecad
[...]
> * View->Workbench->Path
> * File->New
> * Click on "Creates a fixtures object" button
[...]
> Path workbench activated
> freecad: 
> /build/freecad-XXQg0d/freecad-0.16.6712+dfsg1/src/Mod/Part/Gui/SoBrepEdgeSet.cpp:76:
>  PartGui::SoBrepEdgeSet::SoBrepEdgeSet(): Assertion 
> `SoBrepEdgeSet::classTypeId != SoType::badType() && "you forgot init()!"' 
> failed.
> Abgebrochen
> 
> 0.17 from experimental doesn't crash. (I couldn't find the "Path" menu
> entry.)

I tried to reproduce with 0.17 as well, I was able to enable the "path"
workbench but I could not find the button "Creates a fixtures object".

I guess this bug is no longer relevant now that 0.17 is in unstable so I'm
closing it. If it's still present, then somebody must update the
instructions to reproduce it. In any case, there's no reason
to block the package from migrating to testing so if it gets reopened
it should likely be downgraded to important.

Right now there's no freecad at all in testing due to this bug which
is worse than having a freecad that crashes in some very special case.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/--- End Message ---

Bug#913058: libc++1-7,libc++1-8: both ship libc++.so.1{,.0}

[Sylvestre Ledru]

Le 06/11/2018 à 14:34, Andreas Beckmann a écrit :

Package: libc++1-7,libc++1-8
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

 From the attached log (scroll to the bottom...):

   Selecting previously unselected package libc++abi1-8:amd64.
   Preparing to unpack .../libc++abi1-8_1%3a8~svn343154-1_amd64.deb ...
   Unpacking libc++abi1-8:amd64 (1:8~svn343154-1) ...
   dpkg: error processing archive 
/var/cache/apt/archives/libc++abi1-8_1%3a8~svn343154-1_amd64.deb (--unpack):
trying to overwrite '/usr/lib/x86_64-linux-gnu/libc++abi.so.1', which is 
also in package libc++abi1-7:amd64 1:7-8
   Selecting previously unselected package libc++1-8:amd64.
   Preparing to unpack .../libc++1-8_1%3a8~svn343154-1_amd64.deb ...
   Unpacking libc++1-8:amd64 (1:8~svn343154-1) ...
   dpkg: error processing archive 
/var/cache/apt/archives/libc++1-8_1%3a8~svn343154-1_amd64.deb (--unpack):
trying to overwrite '/usr/lib/x86_64-linux-gnu/libc++.so.1', which is also 
in package libc++1-7:amd64 1:7-8
   Errors were encountered while processing:
/var/cache/apt/archives/libc++abi1-8_1%3a8~svn343154-1_amd64.deb
/var/cache/apt/archives/libc++1-8_1%3a8~svn343154-1_amd64.deb


You probably want to use C/R/B on a virtual package similar to what is
done in python-clang-7:

   Conflicts+Replaces+Provides: libc++1-x.y



yeah, this is fixed in 7. I need to upload -8 to fix that.
https://salsa.debian.org/pkg-llvm-team/llvm-toolchain/blob/7/debian/control#L488

S

Bug#884029: closed by Laurent Bigonville (Bug#884029: fixed in libtirpc 1.1.4-0.1)

[Andreas Beckmann]

On 2018-10-17 11:06, Debian Bug Tracking System wrote:
>  libtirpc (1.1.4-0.1) experimental; urgency=medium

>* Create a new libtirpc-common package and move /etc/netconfig and
>  netconfig.5 to it, do not conflit with libtirpc1 to ease the
>  co-installation of libtirpc1 and libtirpc3 (Closes: #884029)

The transition is now finished, please add the corresponding
  Breaks: libtirpc1
to stop triggering failures in my replaces-without-breaks tests.


Thanks

Andreas

Bug#912261: clojure: FTBFS with Java 11 due to overloaded Collection.toArray() method

[Elana Hashman]

The patch to fix this was already applied to clojure1.8. I just need to
do it for 1.9.

I've been sick all weekend or else this'd be done already. Now instead I
am drowning in AUTORM emails :'(

Cheers,

- e


signature.asc
Description: Digital signature

Bug#913051: hsqldb1.8.0 FTBFS with OpenJDK 11

[rene . engelhard]

Am 6. November 2018 12:54:10 MEZ schrieb Adrian Bunk :
>Source: hsqldb1.8.0
>Version: 1.8.0.10+dfsg-9
>Severity: serious
>Tags: ftbfs
>
>https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/hsqldb1.8.0.html
>
>...
>lib:
>[javac] /build/1st/hsqldb1.8.0-1.8.0.10+dfsg/build/build.xml:351:
>warning: 'includeantruntime' was not set, defaulting to
>build.sysclasspath=last; set to false for repeatable builds
>[javac] Compiling 40 source files to
>/build/1st/hsqldb1.8.0-1.8.0.10+dfsg/classes
>[javac] Using ant.build.javac.target 1.5 is no longer supported,
>switching to 6
>[javac] Using ant.build.javac.target 1.5 is no longer supported,
>switching to 6
>[javac] Using ant.build.javac.source 1.5 is no longer supported,
>switching to 6
>[javac] warning: [options] bootstrap class path not set in conjunction
>with -source 6
>[javac] warning: [options] source value 6 is obsolete and will be
>removed in a future release
>[javac] warning: [options] target value 1.6 is obsolete and will be
>removed in a future release
>[javac] warning: [options] To suppress warnings about obsolete options,
>use -Xlint:-options.
>[javac]
>/build/1st/hsqldb1.8.0-1.8.0.10+dfsg/src/org/hsqldb/lib/java/JavaSystem.java:163:
>error: cannot find symbol
>[javac] System.runFinalizersOnExit(true);
>[javac]   ^
>[javac]   symbol:   method runFinalizersOnExit(boolean)
>[javac]   location: class System
>[javac] Note: Some input files use or override a deprecated API.
>[javac] Note: Recompile with -Xlint:deprecation for details.
>[javac] Note: Some input files use unchecked or unsafe operations.
>[javac] Note: Recompile with -Xlint:unchecked for details.
>[javac] 1 error
>[javac] 4 warnings

Hi,

sigh, ok. Thankfully this only means copying
https://cgit.freedesktop.org/libreoffice/core/commit/external/hsqldb/patches/hsqldb-runFinalizersOnExit.patch?id=1d3f2ed0606cc971513dab5932ec7d1dd2a15f90
 ...

Regards

René
-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

Processed: found 913058 in 1:7-8, found 913058 in 1:8~svn343154-1, found 913058 in 1:7-9~exp1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 913058 1:7-8
Bug #913058 [libc++1-7,libc++1-8] libc++1-7,libc++1-8: both ship 
libc++.so.1{,.0}
There is no source info for the package 'libc++1-8' at version '1:7-8' with 
architecture ''
Marked as found in versions llvm-toolchain-7/1:7-8.
> found 913058 1:8~svn343154-1
Bug #913058 [libc++1-7,libc++1-8] libc++1-7,libc++1-8: both ship 
libc++.so.1{,.0}
There is no source info for the package 'libc++1-7' at version 
'1:8~svn343154-1' with architecture ''
Marked as found in versions llvm-toolchain-snapshot/1:8~svn343154-1.
> found 913058 1:7-9~exp1
Bug #913058 [libc++1-7,libc++1-8] libc++1-7,libc++1-8: both ship 
libc++.so.1{,.0}
There is no source info for the package 'libc++1-8' at version '1:7-9~exp1' 
with architecture ''
Marked as found in versions llvm-toolchain-7/1:7-9~exp1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
913058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#909545: marked as done (SSL CERTIFICATE_VERIFY_FAILED when using gs (Google Cloud Storage) backend.)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 13:52:00 +
with message-id 
and subject line Bug#909545: fixed in python-boto 2.44.0-1.1
has caused the Debian Bug report #909545,
regarding SSL CERTIFICATE_VERIFY_FAILED when using gs (Google Cloud Storage) 
backend.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
909545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909545
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-boto
Version: 2.44.0-1
Severity: normal


Not sure if boto, or duplicity issue.


duplicity with GS was working fine for year or two, and started failing few 
weeks ago.

Now it takes few minutes on any command, and then errors out:

Cleaning older backups
Traceback (innermost last):
  File "/usr/bin/duplicity", line 1567, in 
with_tempdir(main)
  File "/usr/bin/duplicity", line 1553, in with_tempdir
fn()
  File "/usr/bin/duplicity", line 1392, in main
action = commandline.ProcessCommandLine(sys.argv[1:])
  File "/usr/lib/python2.7/dist-packages/duplicity/commandline.py", line 1127, 
in ProcessCommandLine
globals.backend = backend.get_backend(args[0])
  File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line 223, in 
get_backend
obj = get_backend_object(url_string)
  File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line 209, in 
get_backend_object
return factory(pu)
  File "/usr/lib/python2.7/dist-packages/duplicity/backends/_boto_single.py", 
line 166, in __init__
self.resetConnection()
  File "/usr/lib/python2.7/dist-packages/duplicity/backends/_boto_single.py", 
line 191, in resetConnection
location=self.my_location)
  File "/usr/lib/python2.7/dist-packages/boto/gs/connection.py", line 95, in 
create_bucket
data=get_utf8_value(data))
  File "/usr/lib/python2.7/dist-packages/boto/s3/connection.py", line 668, in 
make_request
retry_handler=retry_handler
  File "/usr/lib/python2.7/dist-packages/boto/connection.py", line 1071, in 
make_request
retry_handler=retry_handler)
  File "/usr/lib/python2.7/dist-packages/boto/connection.py", line 1030, in 
_mexe
raise ex
 SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
(_ssl.c:726)



gsutil still works for me.

I have system certificates from Debian and they are updated afaik.




-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.18.0-1-amd64 (SMP w/12 CPU cores)
Locale: LANG=pl_PL.utf8, LC_CTYPE=pl_PL.utf8 (charmap=UTF-8), 
LANGUAGE=pl_PL.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python-boto depends on:
ii  python   2.7.15-3
ii  python-requests  2.18.4-2
ii  python-six   1.11.0-2

python-boto recommends no packages.

python-boto suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: python-boto
Source-Version: 2.44.0-1.1

We believe that the bug you reported is fixed in the latest version of
python-boto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 909...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior  (supplier of updated 
python-boto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 04 Nov 2018 12:37:23 +0100
Source: python-boto
Binary: python-boto python3-boto
Architecture: source
Version: 2.44.0-1.1
Distribution: unstable
Urgency: medium
Maintainer: Eric Evans 
Changed-By: Sebastian Andrzej Siewior 
Description:
 python-boto - Python interface to Amazon's Web Services - Python 2.x
 python3-boto - Python interface to Amazon's Web Services - Python 3.x
Closes: 909545
Changes:
 python-boto (2.44.0-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Add SNI support. Thanks to Witold Baryluk for testing (Closes: #909545).
Checksums-Sha1:
 6b3c6bebb6f84c5e2410f9123f55218421ebaa76 2124 python-boto_2.44.0-1.1.dsc
 b9a647b988804499117c40c052722cf45374c5bb 7283 python-boto_2.44.0-1.1.diff.gz

Bug#913058: libc++1-7,libc++1-8: both ship libc++.so.1{,.0}

[Andreas Beckmann]

Package: libc++1-7,libc++1-8
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package libc++abi1-8:amd64.
  Preparing to unpack .../libc++abi1-8_1%3a8~svn343154-1_amd64.deb ...
  Unpacking libc++abi1-8:amd64 (1:8~svn343154-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libc++abi1-8_1%3a8~svn343154-1_amd64.deb (--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/libc++abi.so.1', which is 
also in package libc++abi1-7:amd64 1:7-8
  Selecting previously unselected package libc++1-8:amd64.
  Preparing to unpack .../libc++1-8_1%3a8~svn343154-1_amd64.deb ...
  Unpacking libc++1-8:amd64 (1:8~svn343154-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libc++1-8_1%3a8~svn343154-1_amd64.deb (--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/libc++.so.1', which is also 
in package libc++1-7:amd64 1:7-8
  Errors were encountered while processing:
   /var/cache/apt/archives/libc++abi1-8_1%3a8~svn343154-1_amd64.deb
   /var/cache/apt/archives/libc++1-8_1%3a8~svn343154-1_amd64.deb


You probably want to use C/R/B on a virtual package similar to what is
done in python-clang-7:

  Conflicts+Replaces+Provides: libc++1-x.y


The following files are shipped by both packages:

  usr/lib/x86_64-linux-gnu/libc++.so.1
  usr/lib/x86_64-linux-gnu/libc++.so.1.0


Similar problems exist between these package pairs:

  libc++abi1-7/libc++abi1-8
  libomp5-7/libomp5-8

The corresponding clashes in the -dev packages should automatically
be solved once the library packages are no longer co-installable.


cheers,

Andreas


libc++1-7=1%7-8_libc++1-8=1%8~svn343154-1.log.gz
Description: application/gzip

Bug#912834: RM - ROM [architecture]

[Teus Benschop]

See the bug at:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912834

for more information.

-- 
Teus Benschop
teusjanne...@gmail.com
0318 712046

Bug#907396: [Pkg-giraffe-maintainers] Bug#907396: kopano-server: Tools all fail with: MAPI error 80040111 (MAPI_E_LOGON_FAILED)

[David Gabriel]

Thanks for the update Guido! Not sure if I'm going to build this whole thing 
myself, but good to know that is going to be fixed eventually.



br,

david

<>

Processed: Re: Bug#912977: iptables: nftables layer breaks ipsec/policy keyword

[Debian Bug Tracking System]

Processing control commands:

> forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1290
Bug #912977 [iptables] iptables: nftables layer breaks ipsec/policy keyword
Set Bug forwarded-to-address to 
'https://bugzilla.netfilter.org/show_bug.cgi?id=1290'.

-- 
912977: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912977
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#912977: iptables: nftables layer breaks ipsec/policy keyword

[Arturo Borrero Gonzalez]

Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1290

Hopefully next upstream release will contain a fix.

Bug#913011: marked as done (eboard: add Conflicts: eboard-extras-pack1)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 12:49:51 +
with message-id 
and subject line Bug#913011: fixed in eboard 1.1.3-0.2
has caused the Debian Bug report #913011,
regarding eboard: add Conflicts: eboard-extras-pack1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
913011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: eboard
Version: 1.1.3-0.1
Severity: important

Dear Maintainer,

since version 1.1.3-0.1 eboard has merged with eboard-extras-pack1,
which is now useless, obsolete and in conflict with eboard. When trying
to install eboard with the extras pack package installed it bailed out
with the following:

Preparing to unpack .../eboard_1.1.3-0.1_amd64.deb ...
Unpacking eboard (1.1.3-0.1) over (1.1.1-6.1+b1) ...
dpkg: error processing archive
/var/cache/apt/archives/eboard_1.1.3-0.1_amd64.deb (--unpack):
 trying to overwrite '/usr/share/games/eboard/Alpha.png', which is also
in package eboard-extras-pack1 2-3
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/eboard_1.1.3-0.1_amd64.deb

Therefore a "Conflict: eboard-extras-pack1" line looks appropriate.

Of course purging eboard-extras-pack1 worked around the problem, and it
should be removed from Debian as well, but this is another report.

Cheers,
Gabriele :-)
--- End Message ---
--- Begin Message ---
Source: eboard
Source-Version: 1.1.3-0.2

We believe that the bug you reported is fixed in the latest version of
eboard, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 913...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated eboard package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 13:05:34 +0100
Source: eboard
Binary: eboard
Architecture: source
Version: 1.1.3-0.2
Distribution: unstable
Urgency: medium
Maintainer: Vincent Legout 
Changed-By: Markus Koschany 
Description:
 eboard - GTK+ chessboard program
Closes: 913011
Changes:
 eboard (1.1.3-0.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Update Breaks and Replaces for eboard-extras-pack1 because
 the extra pack is included in eboard now. (Closes: #913011)
Checksums-Sha1:
 7b8e6fbb647030e83c48ca374ce4a89768c533ba 1890 eboard_1.1.3-0.2.dsc
 cfe2200c2cedf9754e61860d5e6624f33352d159 15796 eboard_1.1.3-0.2.debian.tar.xz
 ec14da9ffc9bc53cd2387e432d68d3eaba0d934f 10813 eboard_1.1.3-0.2_amd64.buildinfo
Checksums-Sha256:
 1b9abbc3d51d81d6747559c42d0e5cc0109b793dbf0f2e4fb9806d9e7d7c1f89 1890 
eboard_1.1.3-0.2.dsc
 df9a1fdf0cedf592364643aefedaa5ecd1f35a79050c8a6c10bfd9be02354cb3 15796 
eboard_1.1.3-0.2.debian.tar.xz
 8d3bf58994bbfa1530be3149e6790f2879c37a07055de3cfc6c9074541351c78 10813 
eboard_1.1.3-0.2_amd64.buildinfo
Files:
 54d2f1a193a0020cb1489b27eea0a1c8 1890 games optional eboard_1.1.3-0.2.dsc
 cc85f4117b556a68c0ad8a5ab9092177 15796 games optional 
eboard_1.1.3-0.2.debian.tar.xz
 8670727c841c6ce8f37801c1a99564b5 10813 games optional 
eboard_1.1.3-0.2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvhiplfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk/JUQALh/YXMPVTAVdbZCwKQ1D3WdoVypRMZfaWYN
5I44h0KRyslBt2/3+pPB1TOYwWeovgE2o55146pnvDP7eRpnk0GzLcQ0OIGI7/xe
sLuiGPdFvPlTCW6R+5m3aYpAM58kJD2mVOFclMoxvodm8FiufC2lmYvl6hxV4zO0
GOPTGlcJHqKpMT5vGLz1NGXNIWcIxqiYtja2AU4thZ1/5YNf4nm8mLMdNBwikEq4
vUTr/nSVyh85LBVsrI+Z53DThX5CM46JOqj7K4V61onerQjmf44S6rIyrOgctLfj
yTAuijPAZENu0c+kaeow7pJucmv+1IrijQ9jCXaEmF8e51RG0OkQ9StyMNWWlCST
jHoZWvnuaTg+VgAHHhI0OtytjHfVuwnO/ttNEn30S8Rr3bx4tpp489Eej+Vh6ttH
cXgni3sh6EjYwADolsvy4LYbSDFBt+p8pYtSpbUDIVI+A0qNyHuq/BW9fUPgQn7H
HCcZZL4cFx0vFVC5N3QUy11SGLhy52fplqs8PFin8iBp/PcBRubY/lRp9U8D6e9k
hI9gwpaXrDRSCw/r1NgK/MhHrMzxClVgQ//vZKCmvfsPn7TEnPzXMnJpvbR6n9fY
VhUMXZ8gxcm7qIwvCUchNwSLDRg8SozglByuFoEk3YHK1/BjM2P+Lp3k3XRq8k2E
U8vMafWt
=XETX
-END PGP SIGNATURE End Message ---

Processed: retitle 913050 to batik FTBFS with OpenJDK 11

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 913050 batik FTBFS with OpenJDK 11
Bug #913050 [src:batik] batik FTBFs with OpenJDK 11
Changed Bug title to 'batik FTBFS with OpenJDK 11' from 'batik FTBFs with 
OpenJDK 11'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
913050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913053: src:haskell-cabal-helper: ftbfs

[Clint Adams]

Package: src:haskell-cabal-helper
Version: 0.8.0.2-1
Severity: serious

Someone will need to package cabal-plan to update to a modern version.

Processed: Re: eboard: add Conflicts: eboard-extras-pack1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 pending
Bug #913011 [eboard] eboard: add Conflicts: eboard-extras-pack1
Added tag(s) pending.

-- 
913011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913011: eboard: add Conflicts: eboard-extras-pack1

[Markus Koschany]

Control: tags -1 pending

Thanks for reporting. The extra packs are included in eboard now. I have
updated the Breaks and Replaces fields in debian/control and I am going
to request the removal of eboard-extras-pack1 from Debian.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#912977: iptables: nftables layer breaks ipsec/policy keyword

[Yves-Alexis Perez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, 2018-11-05 at 13:08 +0100, Pierre Chifflier wrote:
> Package: iptables
> Version: 1.8.1-2
> Severity: grave
> Tags: security
> Justification: breaks rules, inserts pass-all rules
> X-Debbugs-Cc: t...@security.debian.org, 
> secure-testing-t...@lists.alioth.debian.org
> 
> Hi,
> 
> The debian package for iptables now transparently converts inserted
> rules to nftables, which is great.
> 
> However, some keywords are not supported (like the 'policy' keyword for
> IPsec transforms). The bad part is, these rules are inserted
> *without* the matches, which makes in some cases your firewall useless.
> 
> For ex:
> # iptables -F
> # iptables -A OUTPUT -m policy --dir out --pol ipsec --strict --mode tunnel
> -o eth0 -j ACCEPT
> # echo $?
> 0
> # nft list ruleset
> 
>   chain OUTPUT {
>   type filter hook output priority 0; policy accept;
>   oifname "eth0"  counter packets 90 bytes 26085 accept
>   }
> }
> 
> As you can see, the inserted rule allows everything, while the expected
> behavior would be 'only if going through an IPsec tunnel'.
> Even worse: inserting the rule did not fail.
> 
> Until the 'ipsec' (or 'secpath') keyword works properly (and supports
> all options), an acceptable behavior would be to reject the rule if one
> or more keywords are not supported by nftables.

Hi all,

actually, I think it would make sense to actually bail out early with and
error if any rule or keyword is unsupported by the nftable backend. I've
noticed the behavior because it was announced in NEWS.Debian (and I have apt-
listchanges) and I assume it'll be put in the Buster release notes, but I
think the executable itself (or maybe the kernel part) shouldn't silently
ignore stuff, because indeed it can open holes in the firewall and break
user/admin expectations.

Regards,
- -- 
Yves-Alexis
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlvhgm8ACgkQ3rYcyPpX
RFvd8AgA61EMEQiHhYmV+5I8DvUCuOaHQkW23pQQeN5jYMc8qE3QW3BX7NDhvOFc
xeKSeft4zc5uzGV4K3UvaD0g3F1rq1FqaSLpUYWxO27B59y5etvMz8x9k+GZn2gh
3ZHOb2PmnwTl3sj99F5gdzTI6aDU/50ceHPC1C+Z0fBL5aXElAcO9tzvxP1oGMr/
u1t3teLPNPuuuM4s32s8IUaiiUvJ3IBAuv4J/h3qzMixWyki+XNq3slrxHGARLL3
KY78QAfu7MkvJ6B3iiMuDzgfRYyYy/PZJl9B4aqX+rmRE4mFKAftGCvFix+0EGBB
EPzws0ExVehsLkOBCgTAj0OQeuVXNA==
=XxmO
-END PGP SIGNATURE-

Processed: retitle 913050 to batik FTBFs with OpenJDK 11

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 913050 batik FTBFs with OpenJDK 11
Bug #913050 [src:batik] batik FTBFs with OpenJDK 11
Ignoring request to change the title of bug#913050 to the same title
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
913050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913052: hsqldb FTBFS with OpenJDK 11

[Adrian Bunk]

Source: hsqldb
Version: 2.4.1-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/hsqldb.html

...
lib:
[javac] Compiling 64 source files to /build/1st/hsqldb-2.4.1/hsqldb/classes
[javac] warning: [options] bootstrap class path not set in conjunction with 
-source 8
[javac] 
/build/1st/hsqldb-2.4.1/hsqldb/tmp/switchedsrc/org/hsqldb/jdbc/JDBCSQLXML.java:61:
 error: package javax.xml.bind.util does not exist
[javac] import javax.xml.bind.util.JAXBResult;
[javac]   ^
[javac] 
/build/1st/hsqldb-2.4.1/hsqldb/tmp/switchedsrc/org/hsqldb/jdbc/JDBCSQLXML.java:62:
 error: package javax.xml.bind.util does not exist
[javac] import javax.xml.bind.util.JAXBSource;
[javac]   ^
[javac] 
/build/1st/hsqldb-2.4.1/hsqldb/tmp/switchedsrc/org/hsqldb/jdbc/JDBCSQLXML.java:1465:
 error: cannot find symbol
[javac] if (JAXBSource.class.isAssignableFrom(sourceClass)) {
[javac] ^
[javac]   symbol:   class JAXBSource
[javac]   location: class JDBCSQLXML
[javac] 
/build/1st/hsqldb-2.4.1/hsqldb/tmp/switchedsrc/org/hsqldb/jdbc/JDBCSQLXML.java:1686:
 error: cannot find symbol
[javac] if (JAXBResult.class.isAssignableFrom(resultClass)) {
[javac] ^
[javac]   symbol:   class JAXBResult
[javac]   location: class JDBCSQLXML
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] 4 errors
[javac] 1 warning

Bug#913050: batik FTBFs with OpenJDK 11

[Adrian Bunk]

Source: batik
Version: 1.10-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/batik.html

...
[INFO] -
[ERROR] COMPILATION ERROR : 
[INFO] -
[ERROR] 
/build/1st/batik-1.10/batik-swing/src/main/java/org/apache/batik/swing/gvt/JGVTComponent.java:[1275,35]
 error: cannot find symbol
  symbol:   method checkSystemClipboardAccess()
  location: variable securityManager of type SecurityManager
[INFO] 1 error

Bug#913051: hsqldb1.8.0 FTBFS with OpenJDK 11

[Adrian Bunk]

Source: hsqldb1.8.0
Version: 1.8.0.10+dfsg-9
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/hsqldb1.8.0.html

...
lib:
[javac] /build/1st/hsqldb1.8.0-1.8.0.10+dfsg/build/build.xml:351: warning: 
'includeantruntime' was not set, defaulting to build.sysclasspath=last; set to 
false for repeatable builds
[javac] Compiling 40 source files to 
/build/1st/hsqldb1.8.0-1.8.0.10+dfsg/classes
[javac] Using ant.build.javac.target 1.5 is no longer supported, switching 
to 6
[javac] Using ant.build.javac.target 1.5 is no longer supported, switching 
to 6
[javac] Using ant.build.javac.source 1.5 is no longer supported, switching 
to 6
[javac] warning: [options] bootstrap class path not set in conjunction with 
-source 6
[javac] warning: [options] source value 6 is obsolete and will be removed 
in a future release
[javac] warning: [options] target value 1.6 is obsolete and will be removed 
in a future release
[javac] warning: [options] To suppress warnings about obsolete options, use 
-Xlint:-options.
[javac] 
/build/1st/hsqldb1.8.0-1.8.0.10+dfsg/src/org/hsqldb/lib/java/JavaSystem.java:163:
 error: cannot find symbol
[javac] System.runFinalizersOnExit(true);
[javac]   ^
[javac]   symbol:   method runFinalizersOnExit(boolean)
[javac]   location: class System
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] 1 error
[javac] 4 warnings

Processed: forcibly merging 913035 913041

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forcemerge 913035 913041
Bug #913035 [src:python-memprof] python-memprof fails its autopkg tests with 
Pyhton 3.7
Bug #913041 [src:python-memprof] python-memprof fails its autopkg tests with 
Python 3.7
Merged 913035 913041
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
913035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913035
913041: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913041
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#912695: marked as done (apt-show-versions: breaks "apt-get update" and uninstallable after Perl 5.28 upgrade)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:18 +
with message-id 
and subject line Bug#912970: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912970,
regarding apt-show-versions: breaks "apt-get update" and uninstallable after 
Perl 5.28 upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912970: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912970
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: apt-show-versions
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

after the Perl 5.28 upgrade, if apt-show-versions (0.22.8) is installed, "apt-
get update" fails with:

# apt-get update
Hit:1 https://repo.skype.com/deb stable InRelease
Ign:2 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:3 http://ftp.debian.org/debian sid InRelease
Hit:4 http://dl.google.com/linux/chrome/deb stable Release
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'test -x
/usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i'
E: Sub-process returned an error code

The error can be reproduced by running:

# apt-show-versions -i
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.

Workaround is to uninstall apt-show-versions with:

apt-get purge apt-show-versions

Following this removal, "apt-get update" works normally.

Attempting to reinstall apt-show-versions fails with:

# apt-get install apt-show-versions
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  apt-show-versions
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 32.1 kB of archives.
After this operation, 93.2 kB of additional disk space will be used.
Get:1 http://ftp.debian.org/debian sid/main amd64 apt-show-versions all 0.22.8
[32.1 kB]
Fetched 32.1 kB in 3s (10.2 kB/s)
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Selecting previously unselected package apt-show-versions.
(Reading database ... 257503 files and directories currently installed.)
Preparing to unpack .../apt-show-versions_0.22.8_all.deb ...
Unpacking apt-show-versions (0.22.8) ...
Setting up apt-show-versions (0.22.8) ...
** initializing cache. This may take a while **
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.
dpkg: error processing package apt-show-versions (--configure):
 installed apt-show-versions package post-installation script subprocess
returned error exit status 25
Processing triggers for man-db (2.8.4-2+b1) ...
Errors were encountered while processing:
 apt-show-versions
E: Sub-process /usr/bin/dpkg returned an error code (1)

Clean up with:

apt-get purge apt-show-versions

Kind regards,
Ben.



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt-show-versions depends on:
ii  apt  1.7.0
ii  libapt-pkg-perl  0.1.34+b1
ii  perl [libstorable-perl]  5.28.0-3

apt-show-versions recommends no packages.
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: 

Bug#912709: marked as done (Max. recursion depth with nested structures exceeded)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:18 +
with message-id 
and subject line Bug#912709: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912709,
regarding Max. recursion depth with nested structures exceeded
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912709: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912709
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: 0.22.8
Severity: grave

# apt-show-versions
Max. recursion depth with nested structures exceeded at 
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at 
/usr/bin/apt-show-versions line 271.

Works fine when non-root though.

P.S.,
# apt-show-versions -i
Max. recursion depth with nested structures exceeded at 
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at 
/usr/bin/apt-show-versions line 271.

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages apt-show-versions depends on:
ii  apt  1.7.0
ii  libapt-pkg-perl  0.1.34+b1
ii  perl [libstorable-perl]  5.28.0-3

apt-show-versions recommends no packages.

apt-show-versions suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 11:32:25 +0100
Source: apt-show-versions
Binary: apt-show-versions
Architecture: source all
Version: 0.22.9
Distribution: unstable
Urgency: medium
Maintainer: Christoph Martin 
Changed-By: Christoph Martin 
Description:
 apt-show-versions - lists available package versions with distribution
Closes: 898090 912695 912709 912970
Changes:
 apt-show-versions (0.22.9) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/changelog: Remove trailing whitespaces
   * d/rules: Remove trailing whitespaces
 .
   [ Christoph Martin ]
   * set a higher limit for the hash stacksize in perl Storable (closes:
 #912695, #912709, #912970, #898090)
Checksums-Sha1:
 ab3d45d30d5629870c8ece76aa9e9ce86f2ea911 1662 apt-show-versions_0.22.9.dsc
 62c9161385c898a2f4837775f1791c855ed65d11 35449 apt-show-versions_0.22.9.tar.gz
 dcd7cde721b78d8673848386a2364dc039cf4f9a 32388 apt-show-versions_0.22.9_all.deb
 26abf1e4272ccf590b0e43783a19eca0c30c96dc 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Checksums-Sha256:
 8fb5d6da5a9ca34f5c2f33ea220c387cfd823b780df21b57721e05b5ae71caba 1662 
apt-show-versions_0.22.9.dsc
 da68438e1aa6e80d0513e228100dfa5c51035eb168b76de079d562615da30f9c 35449 
apt-show-versions_0.22.9.tar.gz
 7d00de86d5c6b56bd8eefc745601c47c1cc671ee1402864684866f38e400e3e7 32388 
apt-show-versions_0.22.9_all.deb
 f37edc708eb4ef3f8518f4a1d88c6daf866f94b316a3ff30454cdd4336523c3a 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Files:
 c2ad6e18a7f4c50fcdd2eaed0e7b15c8 1662 admin optional 
apt-show-versions_0.22.9.dsc
 89740122e534783d300b537aec93bd21 35449 admin optional 
apt-show-versions_0.22.9.tar.gz
 e952280e09c5bdd051cdcb0ddacfc170 32388 admin optional 
apt-show-versions_0.22.9_all.deb
 38991dad73be05c9a75ba29516cd9aed 6618 admin optional 
apt-show-versions_0.22.9_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOfrwsFcJT/ueFKkqgMEJ8ujseQEFAlvhdJUACgkQgMEJ8ujs
eQHBTQ//fnFi/w8Ak4ev8Q9ox2d6nfhZfxSGwAlcTyvY1FwcwxlwsgJKoowf7xJa
14oXD5NJoo7MHAB6n6AlMvg51IqyiaU899CfWZ+Tpgqp9e7LmsQ7hLO8NqWGM7UF
Z+1vH9goxLvEr1+5Luw4j2visRw7X5EcytEFKcXeXiVJI9bnjUtBymqvePUZG/Fx

Bug#912709: marked as done (Max. recursion depth with nested structures exceeded)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:18 +
with message-id 
and subject line Bug#912970: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912970,
regarding Max. recursion depth with nested structures exceeded
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912970: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912970
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: 0.22.8
Severity: grave

# apt-show-versions
Max. recursion depth with nested structures exceeded at 
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at 
/usr/bin/apt-show-versions line 271.

Works fine when non-root though.

P.S.,
# apt-show-versions -i
Max. recursion depth with nested structures exceeded at 
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at 
/usr/bin/apt-show-versions line 271.

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages apt-show-versions depends on:
ii  apt  1.7.0
ii  libapt-pkg-perl  0.1.34+b1
ii  perl [libstorable-perl]  5.28.0-3

apt-show-versions recommends no packages.

apt-show-versions suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 11:32:25 +0100
Source: apt-show-versions
Binary: apt-show-versions
Architecture: source all
Version: 0.22.9
Distribution: unstable
Urgency: medium
Maintainer: Christoph Martin 
Changed-By: Christoph Martin 
Description:
 apt-show-versions - lists available package versions with distribution
Closes: 898090 912695 912709 912970
Changes:
 apt-show-versions (0.22.9) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/changelog: Remove trailing whitespaces
   * d/rules: Remove trailing whitespaces
 .
   [ Christoph Martin ]
   * set a higher limit for the hash stacksize in perl Storable (closes:
 #912695, #912709, #912970, #898090)
Checksums-Sha1:
 ab3d45d30d5629870c8ece76aa9e9ce86f2ea911 1662 apt-show-versions_0.22.9.dsc
 62c9161385c898a2f4837775f1791c855ed65d11 35449 apt-show-versions_0.22.9.tar.gz
 dcd7cde721b78d8673848386a2364dc039cf4f9a 32388 apt-show-versions_0.22.9_all.deb
 26abf1e4272ccf590b0e43783a19eca0c30c96dc 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Checksums-Sha256:
 8fb5d6da5a9ca34f5c2f33ea220c387cfd823b780df21b57721e05b5ae71caba 1662 
apt-show-versions_0.22.9.dsc
 da68438e1aa6e80d0513e228100dfa5c51035eb168b76de079d562615da30f9c 35449 
apt-show-versions_0.22.9.tar.gz
 7d00de86d5c6b56bd8eefc745601c47c1cc671ee1402864684866f38e400e3e7 32388 
apt-show-versions_0.22.9_all.deb
 f37edc708eb4ef3f8518f4a1d88c6daf866f94b316a3ff30454cdd4336523c3a 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Files:
 c2ad6e18a7f4c50fcdd2eaed0e7b15c8 1662 admin optional 
apt-show-versions_0.22.9.dsc
 89740122e534783d300b537aec93bd21 35449 admin optional 
apt-show-versions_0.22.9.tar.gz
 e952280e09c5bdd051cdcb0ddacfc170 32388 admin optional 
apt-show-versions_0.22.9_all.deb
 38991dad73be05c9a75ba29516cd9aed 6618 admin optional 
apt-show-versions_0.22.9_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOfrwsFcJT/ueFKkqgMEJ8ujseQEFAlvhdJUACgkQgMEJ8ujs
eQHBTQ//fnFi/w8Ak4ev8Q9ox2d6nfhZfxSGwAlcTyvY1FwcwxlwsgJKoowf7xJa
14oXD5NJoo7MHAB6n6AlMvg51IqyiaU899CfWZ+Tpgqp9e7LmsQ7hLO8NqWGM7UF
Z+1vH9goxLvEr1+5Luw4j2visRw7X5EcytEFKcXeXiVJI9bnjUtBymqvePUZG/Fx

Bug#912695: marked as done (apt-show-versions: breaks "apt-get update" and uninstallable after Perl 5.28 upgrade)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:17 +
with message-id 
and subject line Bug#912695: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912695,
regarding apt-show-versions: breaks "apt-get update" and uninstallable after 
Perl 5.28 upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: apt-show-versions
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

after the Perl 5.28 upgrade, if apt-show-versions (0.22.8) is installed, "apt-
get update" fails with:

# apt-get update
Hit:1 https://repo.skype.com/deb stable InRelease
Ign:2 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:3 http://ftp.debian.org/debian sid InRelease
Hit:4 http://dl.google.com/linux/chrome/deb stable Release
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'test -x
/usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i'
E: Sub-process returned an error code

The error can be reproduced by running:

# apt-show-versions -i
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.

Workaround is to uninstall apt-show-versions with:

apt-get purge apt-show-versions

Following this removal, "apt-get update" works normally.

Attempting to reinstall apt-show-versions fails with:

# apt-get install apt-show-versions
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  apt-show-versions
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 32.1 kB of archives.
After this operation, 93.2 kB of additional disk space will be used.
Get:1 http://ftp.debian.org/debian sid/main amd64 apt-show-versions all 0.22.8
[32.1 kB]
Fetched 32.1 kB in 3s (10.2 kB/s)
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Selecting previously unselected package apt-show-versions.
(Reading database ... 257503 files and directories currently installed.)
Preparing to unpack .../apt-show-versions_0.22.8_all.deb ...
Unpacking apt-show-versions (0.22.8) ...
Setting up apt-show-versions (0.22.8) ...
** initializing cache. This may take a while **
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.
dpkg: error processing package apt-show-versions (--configure):
 installed apt-show-versions package post-installation script subprocess
returned error exit status 25
Processing triggers for man-db (2.8.4-2+b1) ...
Errors were encountered while processing:
 apt-show-versions
E: Sub-process /usr/bin/dpkg returned an error code (1)

Clean up with:

apt-get purge apt-show-versions

Kind regards,
Ben.



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt-show-versions depends on:
ii  apt  1.7.0
ii  libapt-pkg-perl  0.1.34+b1
ii  perl [libstorable-perl]  5.28.0-3

apt-show-versions recommends no packages.
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: 

Bug#912695: marked as done (apt-show-versions: breaks "apt-get update" and uninstallable after Perl 5.28 upgrade)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:18 +
with message-id 
and subject line Bug#912709: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912709,
regarding apt-show-versions: breaks "apt-get update" and uninstallable after 
Perl 5.28 upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912709: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912709
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: apt-show-versions
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

after the Perl 5.28 upgrade, if apt-show-versions (0.22.8) is installed, "apt-
get update" fails with:

# apt-get update
Hit:1 https://repo.skype.com/deb stable InRelease
Ign:2 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:3 http://ftp.debian.org/debian sid InRelease
Hit:4 http://dl.google.com/linux/chrome/deb stable Release
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'test -x
/usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i'
E: Sub-process returned an error code

The error can be reproduced by running:

# apt-show-versions -i
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.

Workaround is to uninstall apt-show-versions with:

apt-get purge apt-show-versions

Following this removal, "apt-get update" works normally.

Attempting to reinstall apt-show-versions fails with:

# apt-get install apt-show-versions
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  apt-show-versions
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 32.1 kB of archives.
After this operation, 93.2 kB of additional disk space will be used.
Get:1 http://ftp.debian.org/debian sid/main amd64 apt-show-versions all 0.22.8
[32.1 kB]
Fetched 32.1 kB in 3s (10.2 kB/s)
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Selecting previously unselected package apt-show-versions.
(Reading database ... 257503 files and directories currently installed.)
Preparing to unpack .../apt-show-versions_0.22.8_all.deb ...
Unpacking apt-show-versions (0.22.8) ...
Setting up apt-show-versions (0.22.8) ...
** initializing cache. This may take a while **
Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-
gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 271.
dpkg: error processing package apt-show-versions (--configure):
 installed apt-show-versions package post-installation script subprocess
returned error exit status 25
Processing triggers for man-db (2.8.4-2+b1) ...
Errors were encountered while processing:
 apt-show-versions
E: Sub-process /usr/bin/dpkg returned an error code (1)

Clean up with:

apt-get purge apt-show-versions

Kind regards,
Ben.



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt-show-versions depends on:
ii  apt  1.7.0
ii  libapt-pkg-perl  0.1.34+b1
ii  perl [libstorable-perl]  5.28.0-3

apt-show-versions recommends no packages.
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: 

Bug#912709: marked as done (Max. recursion depth with nested structures exceeded)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:17 +
with message-id 
and subject line Bug#912695: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912695,
regarding Max. recursion depth with nested structures exceeded
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: 0.22.8
Severity: grave

# apt-show-versions
Max. recursion depth with nested structures exceeded at 
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at 
/usr/bin/apt-show-versions line 271.

Works fine when non-root though.

P.S.,
# apt-show-versions -i
Max. recursion depth with nested structures exceeded at 
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at 
/usr/bin/apt-show-versions line 271.

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages apt-show-versions depends on:
ii  apt  1.7.0
ii  libapt-pkg-perl  0.1.34+b1
ii  perl [libstorable-perl]  5.28.0-3

apt-show-versions recommends no packages.

apt-show-versions suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 11:32:25 +0100
Source: apt-show-versions
Binary: apt-show-versions
Architecture: source all
Version: 0.22.9
Distribution: unstable
Urgency: medium
Maintainer: Christoph Martin 
Changed-By: Christoph Martin 
Description:
 apt-show-versions - lists available package versions with distribution
Closes: 898090 912695 912709 912970
Changes:
 apt-show-versions (0.22.9) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/changelog: Remove trailing whitespaces
   * d/rules: Remove trailing whitespaces
 .
   [ Christoph Martin ]
   * set a higher limit for the hash stacksize in perl Storable (closes:
 #912695, #912709, #912970, #898090)
Checksums-Sha1:
 ab3d45d30d5629870c8ece76aa9e9ce86f2ea911 1662 apt-show-versions_0.22.9.dsc
 62c9161385c898a2f4837775f1791c855ed65d11 35449 apt-show-versions_0.22.9.tar.gz
 dcd7cde721b78d8673848386a2364dc039cf4f9a 32388 apt-show-versions_0.22.9_all.deb
 26abf1e4272ccf590b0e43783a19eca0c30c96dc 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Checksums-Sha256:
 8fb5d6da5a9ca34f5c2f33ea220c387cfd823b780df21b57721e05b5ae71caba 1662 
apt-show-versions_0.22.9.dsc
 da68438e1aa6e80d0513e228100dfa5c51035eb168b76de079d562615da30f9c 35449 
apt-show-versions_0.22.9.tar.gz
 7d00de86d5c6b56bd8eefc745601c47c1cc671ee1402864684866f38e400e3e7 32388 
apt-show-versions_0.22.9_all.deb
 f37edc708eb4ef3f8518f4a1d88c6daf866f94b316a3ff30454cdd4336523c3a 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Files:
 c2ad6e18a7f4c50fcdd2eaed0e7b15c8 1662 admin optional 
apt-show-versions_0.22.9.dsc
 89740122e534783d300b537aec93bd21 35449 admin optional 
apt-show-versions_0.22.9.tar.gz
 e952280e09c5bdd051cdcb0ddacfc170 32388 admin optional 
apt-show-versions_0.22.9_all.deb
 38991dad73be05c9a75ba29516cd9aed 6618 admin optional 
apt-show-versions_0.22.9_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOfrwsFcJT/ueFKkqgMEJ8ujseQEFAlvhdJUACgkQgMEJ8ujs
eQHBTQ//fnFi/w8Ak4ev8Q9ox2d6nfhZfxSGwAlcTyvY1FwcwxlwsgJKoowf7xJa
14oXD5NJoo7MHAB6n6AlMvg51IqyiaU899CfWZ+Tpgqp9e7LmsQ7hLO8NqWGM7UF
Z+1vH9goxLvEr1+5Luw4j2visRw7X5EcytEFKcXeXiVJI9bnjUtBymqvePUZG/Fx

Bug#912970: marked as done (Max. recursion depth with nested structures exceeded)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:17 +
with message-id 
and subject line Bug#912695: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912695,
regarding Max. recursion depth with nested structures exceeded
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: 0.22.8

On *buster*, we get as root:
# apt-show-versions -i
Max. recursion depth with nested structures exceeded at
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at
/usr/bin/apt-show-versions line 271.

As non-root, we get no issue:
$ apt-show-versions -i
2to3:all/testing 3.6.7-1 uptodate
...
zstd:amd64/buster 1.3.5+dfsg-1+10.0 uptodate

This issue affects "apt update" process:
# apt update
Hit:1 http://security.debian.org testing/updates InRelease
...
Hit:6 https://download.docker.com/linux/debian buster InRelease


Fetched 7,338 B in 1s (8,431 B/s)
Max. recursion depth with nested structures exceeded at
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at
/usr/bin/apt-show-versions line 271.
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'test -x
/usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i'
E: Sub-process returned an error code

Reinstalling apt-show-versions throws the same error.

This issue happened with the upgrade to perl & 5.28.0-3.
-- 
Jean-Christophe
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 11:32:25 +0100
Source: apt-show-versions
Binary: apt-show-versions
Architecture: source all
Version: 0.22.9
Distribution: unstable
Urgency: medium
Maintainer: Christoph Martin 
Changed-By: Christoph Martin 
Description:
 apt-show-versions - lists available package versions with distribution
Closes: 898090 912695 912709 912970
Changes:
 apt-show-versions (0.22.9) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/changelog: Remove trailing whitespaces
   * d/rules: Remove trailing whitespaces
 .
   [ Christoph Martin ]
   * set a higher limit for the hash stacksize in perl Storable (closes:
 #912695, #912709, #912970, #898090)
Checksums-Sha1:
 ab3d45d30d5629870c8ece76aa9e9ce86f2ea911 1662 apt-show-versions_0.22.9.dsc
 62c9161385c898a2f4837775f1791c855ed65d11 35449 apt-show-versions_0.22.9.tar.gz
 dcd7cde721b78d8673848386a2364dc039cf4f9a 32388 apt-show-versions_0.22.9_all.deb
 26abf1e4272ccf590b0e43783a19eca0c30c96dc 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Checksums-Sha256:
 8fb5d6da5a9ca34f5c2f33ea220c387cfd823b780df21b57721e05b5ae71caba 1662 
apt-show-versions_0.22.9.dsc
 da68438e1aa6e80d0513e228100dfa5c51035eb168b76de079d562615da30f9c 35449 
apt-show-versions_0.22.9.tar.gz
 7d00de86d5c6b56bd8eefc745601c47c1cc671ee1402864684866f38e400e3e7 32388 
apt-show-versions_0.22.9_all.deb
 f37edc708eb4ef3f8518f4a1d88c6daf866f94b316a3ff30454cdd4336523c3a 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Files:
 c2ad6e18a7f4c50fcdd2eaed0e7b15c8 1662 admin optional 
apt-show-versions_0.22.9.dsc
 89740122e534783d300b537aec93bd21 35449 admin optional 
apt-show-versions_0.22.9.tar.gz
 e952280e09c5bdd051cdcb0ddacfc170 32388 admin optional 
apt-show-versions_0.22.9_all.deb
 38991dad73be05c9a75ba29516cd9aed 6618 admin optional 
apt-show-versions_0.22.9_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOfrwsFcJT/ueFKkqgMEJ8ujseQEFAlvhdJUACgkQgMEJ8ujs
eQHBTQ//fnFi/w8Ak4ev8Q9ox2d6nfhZfxSGwAlcTyvY1FwcwxlwsgJKoowf7xJa
14oXD5NJoo7MHAB6n6AlMvg51IqyiaU899CfWZ+Tpgqp9e7LmsQ7hLO8NqWGM7UF
Z+1vH9goxLvEr1+5Luw4j2visRw7X5EcytEFKcXeXiVJI9bnjUtBymqvePUZG/Fx
gTcfjDUQrZX5HMfR8YAO5ZdGTsO9hNOsG6JCcHuODi7LeGyshgfj0/5bGvSBcrBn

Bug#912970: marked as done (Max. recursion depth with nested structures exceeded)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:18 +
with message-id 
and subject line Bug#912970: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912970,
regarding Max. recursion depth with nested structures exceeded
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912970: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912970
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: 0.22.8

On *buster*, we get as root:
# apt-show-versions -i
Max. recursion depth with nested structures exceeded at
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at
/usr/bin/apt-show-versions line 271.

As non-root, we get no issue:
$ apt-show-versions -i
2to3:all/testing 3.6.7-1 uptodate
...
zstd:amd64/buster 1.3.5+dfsg-1+10.0 uptodate

This issue affects "apt update" process:
# apt update
Hit:1 http://security.debian.org testing/updates InRelease
...
Hit:6 https://download.docker.com/linux/debian buster InRelease


Fetched 7,338 B in 1s (8,431 B/s)
Max. recursion depth with nested structures exceeded at
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at
/usr/bin/apt-show-versions line 271.
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'test -x
/usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i'
E: Sub-process returned an error code

Reinstalling apt-show-versions throws the same error.

This issue happened with the upgrade to perl & 5.28.0-3.
-- 
Jean-Christophe
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 11:32:25 +0100
Source: apt-show-versions
Binary: apt-show-versions
Architecture: source all
Version: 0.22.9
Distribution: unstable
Urgency: medium
Maintainer: Christoph Martin 
Changed-By: Christoph Martin 
Description:
 apt-show-versions - lists available package versions with distribution
Closes: 898090 912695 912709 912970
Changes:
 apt-show-versions (0.22.9) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/changelog: Remove trailing whitespaces
   * d/rules: Remove trailing whitespaces
 .
   [ Christoph Martin ]
   * set a higher limit for the hash stacksize in perl Storable (closes:
 #912695, #912709, #912970, #898090)
Checksums-Sha1:
 ab3d45d30d5629870c8ece76aa9e9ce86f2ea911 1662 apt-show-versions_0.22.9.dsc
 62c9161385c898a2f4837775f1791c855ed65d11 35449 apt-show-versions_0.22.9.tar.gz
 dcd7cde721b78d8673848386a2364dc039cf4f9a 32388 apt-show-versions_0.22.9_all.deb
 26abf1e4272ccf590b0e43783a19eca0c30c96dc 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Checksums-Sha256:
 8fb5d6da5a9ca34f5c2f33ea220c387cfd823b780df21b57721e05b5ae71caba 1662 
apt-show-versions_0.22.9.dsc
 da68438e1aa6e80d0513e228100dfa5c51035eb168b76de079d562615da30f9c 35449 
apt-show-versions_0.22.9.tar.gz
 7d00de86d5c6b56bd8eefc745601c47c1cc671ee1402864684866f38e400e3e7 32388 
apt-show-versions_0.22.9_all.deb
 f37edc708eb4ef3f8518f4a1d88c6daf866f94b316a3ff30454cdd4336523c3a 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Files:
 c2ad6e18a7f4c50fcdd2eaed0e7b15c8 1662 admin optional 
apt-show-versions_0.22.9.dsc
 89740122e534783d300b537aec93bd21 35449 admin optional 
apt-show-versions_0.22.9.tar.gz
 e952280e09c5bdd051cdcb0ddacfc170 32388 admin optional 
apt-show-versions_0.22.9_all.deb
 38991dad73be05c9a75ba29516cd9aed 6618 admin optional 
apt-show-versions_0.22.9_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOfrwsFcJT/ueFKkqgMEJ8ujseQEFAlvhdJUACgkQgMEJ8ujs
eQHBTQ//fnFi/w8Ak4ev8Q9ox2d6nfhZfxSGwAlcTyvY1FwcwxlwsgJKoowf7xJa
14oXD5NJoo7MHAB6n6AlMvg51IqyiaU899CfWZ+Tpgqp9e7LmsQ7hLO8NqWGM7UF
Z+1vH9goxLvEr1+5Luw4j2visRw7X5EcytEFKcXeXiVJI9bnjUtBymqvePUZG/Fx
gTcfjDUQrZX5HMfR8YAO5ZdGTsO9hNOsG6JCcHuODi7LeGyshgfj0/5bGvSBcrBn

Bug#912970: marked as done (Max. recursion depth with nested structures exceeded)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 11:34:18 +
with message-id 
and subject line Bug#912709: fixed in apt-show-versions 0.22.9
has caused the Debian Bug report #912709,
regarding Max. recursion depth with nested structures exceeded
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912709: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912709
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-show-versions
Version: 0.22.8

On *buster*, we get as root:
# apt-show-versions -i
Max. recursion depth with nested structures exceeded at
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at
/usr/bin/apt-show-versions line 271.

As non-root, we get no issue:
$ apt-show-versions -i
2to3:all/testing 3.6.7-1 uptodate
...
zstd:amd64/buster 1.3.5+dfsg-1+10.0 uptodate

This issue affects "apt update" process:
# apt update
Hit:1 http://security.debian.org testing/updates InRelease
...
Hit:6 https://download.docker.com/linux/debian buster InRelease


Fetched 7,338 B in 1s (8,431 B/s)
Max. recursion depth with nested structures exceeded at
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at
/usr/bin/apt-show-versions line 271.
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'test -x
/usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i'
E: Sub-process returned an error code

Reinstalling apt-show-versions throws the same error.

This issue happened with the upgrade to perl & 5.28.0-3.
-- 
Jean-Christophe
--- End Message ---
--- Begin Message ---
Source: apt-show-versions
Source-Version: 0.22.9

We believe that the bug you reported is fixed in the latest version of
apt-show-versions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin  (supplier of updated apt-show-versions 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 11:32:25 +0100
Source: apt-show-versions
Binary: apt-show-versions
Architecture: source all
Version: 0.22.9
Distribution: unstable
Urgency: medium
Maintainer: Christoph Martin 
Changed-By: Christoph Martin 
Description:
 apt-show-versions - lists available package versions with distribution
Closes: 898090 912695 912709 912970
Changes:
 apt-show-versions (0.22.9) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/changelog: Remove trailing whitespaces
   * d/rules: Remove trailing whitespaces
 .
   [ Christoph Martin ]
   * set a higher limit for the hash stacksize in perl Storable (closes:
 #912695, #912709, #912970, #898090)
Checksums-Sha1:
 ab3d45d30d5629870c8ece76aa9e9ce86f2ea911 1662 apt-show-versions_0.22.9.dsc
 62c9161385c898a2f4837775f1791c855ed65d11 35449 apt-show-versions_0.22.9.tar.gz
 dcd7cde721b78d8673848386a2364dc039cf4f9a 32388 apt-show-versions_0.22.9_all.deb
 26abf1e4272ccf590b0e43783a19eca0c30c96dc 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Checksums-Sha256:
 8fb5d6da5a9ca34f5c2f33ea220c387cfd823b780df21b57721e05b5ae71caba 1662 
apt-show-versions_0.22.9.dsc
 da68438e1aa6e80d0513e228100dfa5c51035eb168b76de079d562615da30f9c 35449 
apt-show-versions_0.22.9.tar.gz
 7d00de86d5c6b56bd8eefc745601c47c1cc671ee1402864684866f38e400e3e7 32388 
apt-show-versions_0.22.9_all.deb
 f37edc708eb4ef3f8518f4a1d88c6daf866f94b316a3ff30454cdd4336523c3a 6618 
apt-show-versions_0.22.9_amd64.buildinfo
Files:
 c2ad6e18a7f4c50fcdd2eaed0e7b15c8 1662 admin optional 
apt-show-versions_0.22.9.dsc
 89740122e534783d300b537aec93bd21 35449 admin optional 
apt-show-versions_0.22.9.tar.gz
 e952280e09c5bdd051cdcb0ddacfc170 32388 admin optional 
apt-show-versions_0.22.9_all.deb
 38991dad73be05c9a75ba29516cd9aed 6618 admin optional 
apt-show-versions_0.22.9_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOfrwsFcJT/ueFKkqgMEJ8ujseQEFAlvhdJUACgkQgMEJ8ujs
eQHBTQ//fnFi/w8Ak4ev8Q9ox2d6nfhZfxSGwAlcTyvY1FwcwxlwsgJKoowf7xJa
14oXD5NJoo7MHAB6n6AlMvg51IqyiaU899CfWZ+Tpgqp9e7LmsQ7hLO8NqWGM7UF
Z+1vH9goxLvEr1+5Luw4j2visRw7X5EcytEFKcXeXiVJI9bnjUtBymqvePUZG/Fx
gTcfjDUQrZX5HMfR8YAO5ZdGTsO9hNOsG6JCcHuODi7LeGyshgfj0/5bGvSBcrBn

Bug#912997: glusterfs: Several security vulnerabilities

[Salvatore Bonaccorso]

Hi Patrick,

On Tue, Nov 06, 2018 at 11:19:03AM +0100, Salvatore Bonaccorso wrote:
> Control: notfixed -1 4.1.5-1
> 
> Hi Patrick,
> 
> On Tue, Nov 06, 2018 at 10:52:53AM +0100, Patrick Matthäi wrote:
> > fixed #912997 4.1.5-1
> [...]
> > 
> > If I see it correct, there is no issue open here?
> 
> Don't think this is correct. For instance just take CVE-2018-14661,
> this is still unresolved in 4.1.5-1 and 5.0-1. Same for
> CVE-2018-14660, CVE-2018-14659, CVE-2018-14654, CVE-2018-14653.
> 
> CVE-2018-14652 seems fixed in 5.0-1, but needs double check.
> 
> CVE-2018-14651 is as well missing as far I can see from 4.1.5-1 and
> 5.0-1.

Just to be clear, I'm not 100% certain but just skimmed over the
4.1.5-1 and 5.0-1 and that was I think the fixes are not included in
neither 4.1.5 upstream nor 5.0.

Regards,
Salvatore

Bug#907396: [Pkg-giraffe-maintainers] Bug#907396: kopano-server: Tools all fail with: MAPI error 80040111 (MAPI_E_LOGON_FAILED)

[Guido Günther]

Hi,
On Tue, Nov 06, 2018 at 11:54:13AM +0100, David Gabriel wrote:
>Hi guys,
> 
>any news on how to resolve this error? We're in the process of upgrading
>an old zarafa setup and ran into this problem too. Error happens with an
>import of an old zarafa database as well as with a fresh install.

An upload that fixes this is pending. Vcs-git. You can build a package
form there and try that:

https://salsa.debian.org/giraffe-team/kopanocore

Cheers,
 -- Guido

Bug#907396: kopano-server: Tools all fail with: MAPI error 80040111 (MAPI_E_LOGON_FAILED)

[David Gabriel]

Hi guys,



any news on how to resolve this error? We're in the process of upgrading an old 
zarafa setup and ran into this problem too. Error happens with an import of an 
old zarafa database as well as with a fresh install.



br,

david

<>

Processed: notfixed 804392 in 1:8.1.0+r23-2, notfixed 910104 in 2.14.0-4, reassign 912315 to audacious-plugins ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # unconfuse the bts
> notfixed 804392 1:8.1.0+r23-2
Bug #804392 [adb] android-tools-adb: conffiles not removed
No longer marked as fixed in versions 1:8.1.0+r23-2.
> notfixed 910104 2.14.0-4
Bug #910104 {Done: Paul Gevers } [src:hypre] hypre: 
autopkgtest times out most of the times
No longer marked as fixed in versions 2.14.0-4.
> reassign 912315 audacious-plugins 3.9-1
Bug #912315 {Done: Alf Gaida } [audacious] 
audacious-plugins >= 3.10 missed
Bug reassigned from package 'audacious' to 'audacious-plugins'.
No longer marked as found in versions audacious/3.10-1.
No longer marked as fixed in versions audacious-plugins/3.10-1.
Bug #912315 {Done: Alf Gaida } [audacious-plugins] 
audacious-plugins >= 3.10 missed
Marked as found in versions audacious-plugins/3.9-1.
> fixed 912315 3.10-1
Bug #912315 {Done: Alf Gaida } [audacious-plugins] 
audacious-plugins >= 3.10 missed
Marked as fixed in versions audacious-plugins/3.10-1.
> reopen 903866
Bug #903866 {Done: Debian FTP Masters } 
[python-clang-4.0,python-lldb-4.0] python-{clang,lldb}-4.0: missing 
Breaks+Replaces against python-clang-3.[45], python-lldb-3.5
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions 1:4.0.1-10+rm.
> reassign 912914 src:gap-float,src:gap-grape,src:gap-io,src:gap-openmath
Bug #912914 {Done: Jerome Benoit } [src:gap gap/4r9p3-2] 
gap breaks multiple autopkgtests
Warning: Unknown package 'gap/4r9p3-2'
Bug reassigned from package 'src:gap gap/4r9p3-2' to 
'src:gap-float,src:gap-grape,src:gap-io,src:gap-openmath'.
Ignoring request to alter found versions of bug #912914 to the same values 
previously set
No longer marked as fixed in versions gap-float/0.9.1+ds-3, 
gap-openmath/11.4.2+ds-1, gap-grape/4.8.1+ds-2, and gap-io/4.5.4+ds-2.
> fixed 912914 gap-float/0.9.1+ds-3
Bug #912914 {Done: Jerome Benoit } 
[src:gap-float,src:gap-grape,src:gap-io,src:gap-openmath] gap breaks multiple 
autopkgtests
Marked as fixed in versions gap-float/0.9.1+ds-3.
> fixed 912914 gap-grape/4.8.1+ds-2
Bug #912914 {Done: Jerome Benoit } 
[src:gap-float,src:gap-grape,src:gap-io,src:gap-openmath] gap breaks multiple 
autopkgtests
Marked as fixed in versions gap-grape/4.8.1+ds-2.
> fixed 912914 gap-io/4.5.4+ds-2
Bug #912914 {Done: Jerome Benoit } 
[src:gap-float,src:gap-grape,src:gap-io,src:gap-openmath] gap breaks multiple 
autopkgtests
Marked as fixed in versions gap-io/4.5.4+ds-2.
> fixed 912914 gap-openmath/11.4.2+ds-1
Bug #912914 {Done: Jerome Benoit } 
[src:gap-float,src:gap-grape,src:gap-io,src:gap-openmath] gap breaks multiple 
autopkgtests
Marked as fixed in versions gap-openmath/11.4.2+ds-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
804392: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804392
903866: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903866
910104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910104
912315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912315
912914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912914
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913044: hy fails its tests with Python3.7

[Matthias Klose]

Package: src:hy
Version: 0.12.1-2
Severity: serious
Tags: sid buster
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update

hy fails its tests with Python3.7:

autopkgtest [02:33:32]: test nose3: [---
nose.plugins.cover: ERROR: Coverage not available: unable to import coverage 
module
..E...E..E.Hy
1


==
ERROR: NATIVE: test slicing sequence
--
Traceback (most recent call last):
  File "/tmp/autopkgtest.sX5wU3/build.3F6/src/hy/contrib/sequences.hy", line 47,
in __iter__
(yield (get self index))
  File "/tmp/autopkgtest.sX5wU3/build.3F6/src/hy/contrib/sequences.hy", line 41,
in __getitem__
(.append (. self cache) (.func self (. self high-water
  File
"/tmp/autopkgtest.sX5wU3/build.3F6/src/tests/native_tests/contrib/sequences.hy",
line 51, in _hy_anon_fn_5
[True (end-sequence)]))
  File "/tmp/autopkgtest.sX5wU3/build.3F6/src/hy/contrib/sequences.hy", line 79,
in end_sequence
(raise (IndexError "list index out of range")))
IndexError: list index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/tmp/autopkgtest.sX5wU3/build.3F6/src/hy/contrib/sequences.hy", line 50,
in __iter__
(raise StopIteration
StopIteration

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
  File "/usr/lib/python3/dist-packages/nose/util.py", line 620, in newfunc
return func(*arg, **kw)
  File
"/tmp/autopkgtest.sX5wU3/build.3F6/src/tests/native_tests/contrib/sequences.hy",
line 56, in test_slicing_sequence
(assert (= (list (rest shorty))
RuntimeError: generator raised StopIteration

==
ERROR: NATIVE: testing the take-nth function
--
Traceback (most recent call last):
  File "/tmp/autopkgtest.sX5wU3/build.3F6/src/hy/core/language.hy", line 429, in
_hy_anon_fn_68
(next citer
StopIteration

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
  File "/usr/lib/python3/dist-packages/nose/util.py", line 620, in newfunc
return func(*arg, **kw)
  File "/tmp/autopkgtest.sX5wU3/build.3F6/src/tests/native_tests/core.hy", line
546, in test_take_nth
(setv res (list (take-nth 2 [1 2 3 4 5 6 7])))
RuntimeError: generator raised StopIteration

==
ERROR: Test pyc compilation.
--
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
  File "/tmp/autopkgtest.sX5wU3/build.3F6/src/tests/importer/test_pyc.py", line
17, in test_pyc
mod = imp.load_compiled('pyc', cfile)
  File "/usr/lib/python3.7/imp.py", line 191, in load_compiled
module = _load(spec)
  File "", line 696, in _load
  File "", line 677, in _load_unlocked
  File "", line 724, in exec_module
  File "", line 1005, in get_code
  File "", line 467, in _classify_pyc
ImportError: invalid flags 1541385218 in 'pyc'

--
Ran 447 tests in 53.975s

FAILED (errors=3)

Bug#912695: apt-show-versions: breaks "apt-get update" and uninstallable after Perl 5.28 upgrade

[Christoph Martin]

Am 04.11.18 um 20:43 schrieb Niko Tyni:
> On Sun, Nov 04, 2018 at 06:09:36PM +0100, Salvatore Bonaccorso wrote:
>  
>> This is likely due to the perl upstream change around/with
>> https://perl5.git.perl.org/perl.git/commitdiff/c0e3b4b51cabf15ed8fc5f564dfeea31c25f5239
>> .
>>
>> It can be workarounded by either setting higher limits for
>> recursion_limit/recursion_limit_hash or disable it with -1
>>
>> $Storable::recursion_limit=-1;
>> $Storable::recursion_limit_hash=-1;
>>
>> but I'm not sure this will be the right solution.
> 
> Thanks. I've filed #912900 about this on the Perl side. Christoph:
> please use these workarounds at least for now. Apologies for the trouble.
> 
> Also, please let us know at p...@packages.debian.org when a workaround
> is in Debian. We can then add dependency metadata on the perl side to
> make sure apt-show-versions gets always upgraded before perl.

I had a look into the Storable/Limit.pm files in the different Debian
architectures:

> /tmp/usr/lib/aarch64-linux-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 7236
> /tmp/usr/lib/arm-linux-gnueabi/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 13458
> /tmp/usr/lib/arm-linux-gnueabihf/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 12991
> /tmp/usr/lib/i386-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 10466
> /tmp/usr/lib/i386-kfreebsd-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 10464
> /tmp/usr/lib/i386-linux-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 10462
> /tmp/usr/lib/mips-linux-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 8756
> /tmp/usr/lib/mips64el-linux-gnuabi64/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 6718
> /tmp/usr/lib/mipsel-linux-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 8750
> /tmp/usr/lib/powerpc64le-linux-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 5061
> /tmp/usr/lib/s390x-linux-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 4039
> /tmp/usr/lib/x86_64-kfreebsd-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 8557
> /tmp/usr/lib/x86_64-linux-gnu/perl/5.28.0/Storable/Limit.pm:$Storable::recursion_limit_hash
>  = 8552

The limits were calculated on build time. So they are different on each
architecture. I don't think this is the correct approach.

For apt-show-version I experimented with different values of and
succeded with the following:

$Storable::recursion_limit_hash = 65536;

> Longer term, I'm not sure Storable is the best tool for this (a cache
> of apt list contents.) AFAICS you're reading the whole data structure
> in memory even when you need just one entry? You might want to look at
> the various Cache / CHI modules, or even just plain GDBM_File.

apt-show-versions needs more optimizations and enhancements. Patches are
welcome.

Christoph

-- 

Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber/XMPP: mar...@jabber.uni-mainz.de




signature.asc
Description: OpenPGP digital signature

Bug#913041: python-memprof fails its autopkg tests with Python 3.7

[Matthias Klose]

Package: src:python-memprof
Version: 0.3.4-1
Severity: serious
Tags: sid buster

python-memprof fails its autopkg tests with Python 3.7.  The autopkg tests find
the memprof module in the source package, and are using that.  You should copy
the testsuite to a temporary directory, cd to it and run the tess from there.


autopkgtest [18:17:30]: test python3-testsuite: [---
/usr/lib/python3/dist-packages/matplotlib/__init__.py:107: DeprecationWarning:
Using or importing the ABCs from 'collections' instead of from 'collections.abc'
is deprecated, and in 3.8 it will stop working
  from collections import MutableMapping
/usr/lib/python3/dist-packages/matplotlib/rcsetup.py:20: DeprecationWarning:
Using or importing the ABCs from 'collections' instead of from 'collections.abc'
is deprecated, and in 3.8 it will stop working
  from collections import Iterable, Mapping
/usr/lib/python3/dist-packages/matplotlib/colors.py:53: DeprecationWarning:
Using or importing the ABCs from 'collections' instead of from 'collections.abc'
is deprecated, and in 3.8 it will stop working
  from collections import Sized
E
==
ERROR: test_demo (test1.Test)
--
Traceback (most recent call last):
  File "/tmp/autopkgtest.UUFbqF/build.kzG/src/testsuite/test1.py", line 28, in
test_demo
import demo
  File "/tmp/autopkgtest.UUFbqF/build.kzG/src/examples/demo.py", line 19, in

from memprof import *
  File "/tmp/autopkgtest.UUFbqF/build.kzG/src/memprof/__init__.py", line 17, in

from .memprof import *
  File "/tmp/autopkgtest.UUFbqF/build.kzG/src/memprof/memprof.py", line 25, in

from .getsize import getSize, isInteresting
ModuleNotFoundError: No module named 'memprof.getsize'

--
Ran 1 test in 0.793s

FAILED (errors=1)
autopkgtest [18:17:32]: test python3-testsuite: ---]

Bug#912695: apt-show-versions workarounds

[積丹尼 Dan Jacobson]

Alas I found it isn't too simple to make a drop in replacement
to get plain
$ apt-show-versions
output using dpkg, aptitude, etc.
And I have embedded apt-show-versions into too many scripts.

OK I submitted
Bug#913039: Acknowledgement (add --no-cache)
but that won't fix the cronjob error though...

Processed: Re: Bug#912566: sparse FTBFS with llvm/clang 7

[Debian Bug Tracking System]

Processing control commands:

> tags -1 - moreinfo unreproducible
Bug #912566 [sparse] sparse FTBFS with llvm/clang 7
Removed tag(s) moreinfo and unreproducible.
> reassign -1 llvm-7 1:7-9~exp1
Bug #912566 [sparse] sparse FTBFS with llvm/clang 7
Bug reassigned from package 'sparse' to 'llvm-7'.
Ignoring request to alter found versions of bug #912566 to the same values 
previously set
Ignoring request to alter fixed versions of bug #912566 to the same values 
previously set
Bug #912566 [llvm-7] sparse FTBFS with llvm/clang 7
Marked as found in versions llvm-toolchain-7/1:7-9~exp1.
> severity -1 serious
Bug #912566 [llvm-7] sparse FTBFS with llvm/clang 7
Severity set to 'serious' from 'important'
> unblock 912164 by -1
Bug #912164 [release.debian.org] transition: llvm-defaults
912164 was blocked by: 912163 912563 912561 893189 912162 912566 912564
912164 was blocking: 912163
Removed blocking bug(s) of 912164: 912566
> affects -1 src:sparse
Bug #912566 [llvm-7] sparse FTBFS with llvm/clang 7
Added indication that 912566 affects src:sparse

-- 
912164: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912164
912566: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912566
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#912997: glusterfs: Several security vulnerabilities

[Debian Bug Tracking System]

Processing control commands:

> notfixed -1 4.1.5-1
Bug #912997 [glusterfs] glusterfs: Several security vulnerabilities
There is no source info for the package 'glusterfs' at version '4.1.5-1' with 
architecture ''
Unable to make a source version for version '4.1.5-1'
No longer marked as fixed in versions 4.1.5-1.

-- 
912997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#912997: glusterfs: Several security vulnerabilities

[Salvatore Bonaccorso]

Control: notfixed -1 4.1.5-1

Hi Patrick,

On Tue, Nov 06, 2018 at 10:52:53AM +0100, Patrick Matthäi wrote:
> fixed #912997 4.1.5-1
[...]
> 
> If I see it correct, there is no issue open here?

Don't think this is correct. For instance just take CVE-2018-14661,
this is still unresolved in 4.1.5-1 and 5.0-1. Same for
CVE-2018-14660, CVE-2018-14659, CVE-2018-14654, CVE-2018-14653.

CVE-2018-14652 seems fixed in 5.0-1, but needs double check.

CVE-2018-14651 is as well missing as far I can see from 4.1.5-1 and
5.0-1.

Regards,
Salvatore

Bug#913040: python-opcua fails its autopkg tests

[Matthias Klose]

Package: python-opcua
Version: 0.98.5-1
Severity: serious
Tags: sid buster

python-opcua fails its autopkg tests:, apparently the py3 test is also missing
some dependencies.

autopkgtest [21:50:07]: test basic-import-py2: [---
No handlers could be found for logger "opcua.client.client"

Pure Python OPC-UA library

autopkgtest [21:50:08]: test basic-import-py2: ---]
basic-import-py2 FAIL stderr: No handlers could be found for logger
"opcua.client.client"
autopkgtest [21:50:08]: test basic-import-py2:  - - - - - - - - - - results - -
- - - - - - - -
autopkgtest [21:50:08]: test basic-import-py2:  - - - - - - - - - - stderr - - -
- - - - - - -
No handlers could be found for logger "opcua.client.client"
autopkgtest [21:50:08]: test basic-import-py3: preparing testbed
Reading package lists...
Building dependency tree...
Reading state information...
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up autopkgtest-satdep (0) ...
(Reading database ... 14133 files and directories currently installed.)
Removing autopkgtest-satdep (0) ...
autopkgtest [21:50:13]: test basic-import-py3: [---
cryptography is not installed, use of crypto disabled
cryptography is not installed, use of crypto disabled

Pure Python OPC-UA library

autopkgtest [21:50:14]: test basic-import-py3: ---]
autopkgtest [21:50:14]: test basic-import-py3:  - - - - - - - - - - results - -
- - - - - - - -
basic-import-py3 FAIL stderr: cryptography is not installed, use of crypto
disabled
autopkgtest [21:50:14]: test basic-import-py3:  - - - - - - - - - - stderr - - -
- - - - - - -
cryptography is not installed, use of crypto disabled
cryptography is not installed, use of crypto disabled
autopkgtest [21:50:14]:  summary
basic-import-py2 FAIL stderr: No handlers could be found for logger
"opcua.client.client"
basic-import-py3 FAIL stderr: cryptography is not installed, use of crypto
disabled

Bug#894112: marked as done (libqalculate14-data: missing Breaks+Replaces: libqalculate6-data)

[Debian Bug Tracking System]

Your message dated Tue, 06 Nov 2018 10:00:26 +
with message-id 
and subject line Bug#894112: fixed in libqalculate 2.8.0-1
has caused the Debian Bug report #894112,
regarding libqalculate14-data: missing Breaks+Replaces: libqalculate6-data
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
894112: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894112
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libqalculate14-data
Version: 2.2.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package libqalculate14-data.
  Preparing to unpack .../libqalculate14-data_2.2.1-1_all.deb ...
  Unpacking libqalculate14-data (2.2.1-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libqalculate14-data_2.2.1-1_all.deb (--unpack):
   trying to overwrite '/usr/share/locale/fr/LC_MESSAGES/libqalculate.mo', 
which is also in package libqalculate6-data 0.9.10-1
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/libqalculate14-data_2.2.1-1_all.deb


cheers,

Andreas


libqalculate6-data=0.9.10-1_libqalculate14-data=2.2.1-1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: libqalculate
Source-Version: 2.8.0-1

We believe that the bug you reported is fixed in the latest version of
libqalculate, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 894...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Legout  (supplier of updated libqalculate package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 31 Oct 2018 06:05:01 +0100
Source: libqalculate
Binary: qalc libqalculate20 libqalculate20-data libqalculate-dev 
libqalculate-doc
Architecture: source amd64 all
Version: 2.8.0-1
Distribution: experimental
Urgency: medium
Maintainer: Vincent Legout 
Changed-By: Vincent Legout 
Description:
 libqalculate-dev - Powerful and easy to use desktop calculator - development
 libqalculate-doc - Powerful and easy to use desktop calculator - documentation
 libqalculate20 - Powerful and easy to use desktop calculator - library
 libqalculate20-data - Powerful and easy to use desktop calculator - data
 qalc   - Powerful and easy to use command line calculator
Closes: 894112
Changes:
 libqalculate (2.8.0-1) experimental; urgency=medium
 .
   * New upstream version
   * Bump soname to 20
 - rename lib and data packages
 - libqalculate20: add Breaks and Replaces on libqalculate14
 - libqalculate20-data: add Breaks and Replaces on older -data packages
   (Closes: #894112)
   * Add Build-Depends on doxygen and build documentation with it
 - thanks to James Lu 
   * Add 2018 in debian/copyright
   * Standards-Version 4.2.1
   * Add Vcs fields to salsa
Checksums-Sha1:
 1507894206d78da5c84f9a6fe113683763987303 2303 libqalculate_2.8.0-1.dsc
 98b6a2fac92813eaef7a7921116a6258a4a728ef 1952001 libqalculate_2.8.0.orig.tar.gz
 c7318b11a8946be2886f869c9a44c1389398fb0b 7056 
libqalculate_2.8.0-1.debian.tar.xz
 96b1c3bd6fe6455026fdd66bc0a112020b8f 1053016 
libqalculate-dev_2.8.0-1_amd64.deb
 7aeaa7114a72394ff432ce17740667c413d9f42c 346840 
libqalculate-doc_2.8.0-1_all.deb
 c868259790a5cc49bb5b7d0459323ed7f92a31e4 144236 
libqalculate20-data_2.8.0-1_all.deb
 5ace168de9685745cfe3349730dc883cba658620 7497972 
libqalculate20-dbgsym_2.8.0-1_amd64.deb
 c4606feeaa13f96c1a8bef96dfad598d0dacfb0c 1015744 
libqalculate20_2.8.0-1_amd64.deb
 fa79aafe511b3580e1c0f8e078554e57ba590c21 10212 
libqalculate_2.8.0-1_amd64.buildinfo
 3b1e439a6f675b106f3142a562697679ac4d7d62 788932 qalc-dbgsym_2.8.0-1_amd64.deb
 163c7fd69d3a981a4e69b97baa0115351e720e52 157828 qalc_2.8.0-1_amd64.deb
Checksums-Sha256:
 

Bug#913037: dulwich fails to build on s390x using Python 3.7

[Matthias Klose]

Package: src:dulwich
Version: 0.19.6-2
Severity: serious
Tags: sid buster

dulwich fails to build on s390x using Python 3.7. Endianess issue?

PYTHONHASHSEED=random PYTHONPATH=/<> python3 -m unittest
dulwich.tests.test_suite
...s..s..s.sss.s..E.ss./<>/dulwich/tests/compat/utils.py:135:
ResourceWarning: unclosed 
  p = subprocess.Popen(args, env=env, **popen_kwargs)
/<>/dulwich/tests/compat/utils.py:135: ResourceWarning: unclosed
file <_io.BufferedReader
name='local/.git/objects/pack/pack-f24e9574628e0e791aad98c454328069cfd8e0bd.pack'>
  p = subprocess.Popen(args, env=env, **popen_kwargs)
.ss.sss.sssss
==
ERROR: test_simple (dulwich.tests.test_porcelain.PushTests)
--
Traceback (most recent call last):
  File "/<>/dulwich/tests/test_porcelain.py", line 724, in 
test_simple
self.assertEqual(r_clone[b'HEAD'].id, self.repo[refs_path].id)
  File "/<>/dulwich/repo.py", line 528, in __getitem__
return self.object_store[self.refs[name]]
  File "/<>/dulwich/object_store.py", line 119, in __getitem__
type_num, uncomp = self.get_raw(sha)
  File "/<>/dulwich/object_store.py", line 461, in get_raw
raise KeyError(hexsha)
KeyError: b'a031515918b815701865df2363092b8d577d765f'

--
Ran 1268 tests in 60.038s

FAILED (errors=1, skipped=63)
make[2]: *** [Makefile:32: check] Error 1
make[2]: Leaving directory '/<>'
make[1]: *** [debian/rules:28: override_dh_auto_test] Error 2
make[1]: Leaving directory '/<>'
make: *** [debian/rules:15: build-arch] Error 2

Bug#913036: dulwich fails to build everywhere

[Matthias Klose]

Package: src:dulwich
Version: 0.19.7-1
Severity: serious
Tags: sid buster

[...]
'build/bdist.linux-amd64' does not exist -- can't clean it
'build/scripts-3.7' does not exist -- can't clean it
I: pybuild base:217: python3.6 setup.py clean
Traceback (most recent call last):
  File "setup.py", line 87, in 
description = f.read()
  File "/usr/lib/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc4 in position 2125:
ordinal not in range(128)
E: pybuild pybuild:338: clean: plugin distutils failed with: exit code=1:
python3.6 setup.py clean
dh_auto_clean: pybuild --clean -i python{version} -p "3.7 3.6" returned exit 
code 13
make[1]: *** [debian/rules:21: override_dh_auto_clean] Error 25
make[1]: Leaving directory '/<>'
make: *** [debian/rules:15: clean] Error 2

Bug#912695: /etc/cron.daily/apt-show-versions errors

[積丹尼 Dan Jacobson]

Also every day:
> "A" == Anacron   writes:
A> /etc/cron.daily/apt-show-versions:
A> Max. recursion depth with nested structures exceeded at 
/usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at 
/usr/bin/apt-show-versions line 271.
A> run-parts: /etc/cron.daily/apt-show-versions exited with return code 25

Bug#912997: glusterfs: Several security vulnerabilities

[Patrick Matthäi]

fixed #912997 4.1.5-1
thanks

Hi


Am 05.11.2018 um 19:09 schrieb Markus Koschany:
> Package: glusterfs
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for glusterfs.
>
> CVE-2018-14651[0]:
> | It was found that the fix for CVE-2018-10927, CVE-2018-10928,
> | CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A
> | remote, authenticated attacker could use one of these flaws to execute
> | arbitrary code, create arbitrary files, or cause denial of service on
> | glusterfs server nodes via symlinks to relative paths.
>
> CVE-2018-14652[1]:
> | The Gluster file system through versions 3.12 and 4.1.4 is vulnerable
> | to a buffer overflow in the 'features/index' translator via the code
> | handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function.
> | A remote authenticated attacker could exploit this on a mounted volume
> | to cause a denial of service.
>
> CVE-2018-14653[2]:
> | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable
> | to a heap-based buffer overflow in the '__server_getspec' function via
> | the 'gf_getspec_req' RPC message. A remote authenticated attacker
> | could exploit this to cause a denial of service or other potential
> | unspecified impact.
>
> CVE-2018-14654[3]:
> | The Gluster file system through version 4.1.4 is vulnerable to abuse
> | of the 'features/index' translator. A remote attacker with access to
> | mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY'
> | xattrop to create arbitrary, empty files on the target server.
>
> CVE-2018-14659[4]:
> | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable
> | to a denial of service attack via use of the
> | 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker
> | could exploit this by mounting a Gluster volume and repeatedly calling
> | 'setxattr(2)' to trigger a state dump and create an arbitrary number
> | of files in the server's runtime directory.
>
> CVE-2018-14660[5]:
> | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2
> | which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote,
> | authenticated attacker could use this flaw to create multiple locks
> | for single inode by using setxattr repetitively resulting in memory
> | exhaustion of glusterfs server node.
>
> CVE-2018-14661[6]:
> | It was found that usage of snprintf function in feature/locks
> | translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster
> | Storage, was vulnerable to a format string attack. A remote,
> | authenticated attacker could use this flaw to cause remote denial of
> | service.
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-14651
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14651
> [1] https://security-tracker.debian.org/tracker/CVE-2018-14652
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14652
> [2] https://security-tracker.debian.org/tracker/CVE-2018-14653
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14653
> [3] https://security-tracker.debian.org/tracker/CVE-2018-14654
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14654
> [4] https://security-tracker.debian.org/tracker/CVE-2018-14659
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14659
> [5] https://security-tracker.debian.org/tracker/CVE-2018-14660
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14660
> [6] https://security-tracker.debian.org/tracker/CVE-2018-14661
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14661
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
>
> Markus
>

If I see it correct, there is no issue open here?

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: http://www.linux-dev.org/
E-Mail: pmatth...@debian.org
patr...@linux-dev.org
*/




signature.asc
Description: OpenPGP digital signature

Processed: Re: glusterfs: Several security vulnerabilities

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed #912997 4.1.5-1
Bug #912997 [glusterfs] glusterfs: Several security vulnerabilities
There is no source info for the package 'glusterfs' at version '4.1.5-1' with 
architecture ''
Unable to make a source version for version '4.1.5-1'
Marked as fixed in versions 4.1.5-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
912997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#913035: python-memprof fails its autopkg tests with Pyhton 3.7

[Matthias Klose]

Package: src:python-memprof
Version: 0.3.4-1
Severity: serious
Tags: sid buster

python-memprof fails its autopkg tests with Pyhton 3.7:

autopkgtest [18:17:30]: test python3-testsuite: [---
/usr/lib/python3/dist-packages/matplotlib/__init__.py:107: DeprecationWarning:
Using or importing the ABCs from 'collections' instead of from 'collections.abc'
is deprecated, and in 3.8 it will stop working
  from collections import MutableMapping
/usr/lib/python3/dist-packages/matplotlib/rcsetup.py:20: DeprecationWarning:
Using or importing the ABCs from 'collections' instead of from 'collections.abc'
is deprecated, and in 3.8 it will stop working
  from collections import Iterable, Mapping
/usr/lib/python3/dist-packages/matplotlib/colors.py:53: DeprecationWarning:
Using or importing the ABCs from 'collections' instead of from 'collections.abc'
is deprecated, and in 3.8 it will stop working
  from collections import Sized
E
==
ERROR: test_demo (test1.Test)
--
Traceback (most recent call last):
  File "/tmp/autopkgtest.UUFbqF/build.kzG/src/testsuite/test1.py", line 28, in
test_demo
import demo
  File "/tmp/autopkgtest.UUFbqF/build.kzG/src/examples/demo.py", line 19, in

from memprof import *
  File "/tmp/autopkgtest.UUFbqF/build.kzG/src/memprof/__init__.py", line 17, in

from .memprof import *
  File "/tmp/autopkgtest.UUFbqF/build.kzG/src/memprof/memprof.py", line 25, in

from .getsize import getSize, isInteresting
ModuleNotFoundError: No module named 'memprof.getsize'

--
Ran 1 test in 0.793s

FAILED (errors=1)
autopkgtest [18:17:32]: test python3-testsuite: ---]

Bug#912695: apt-show-versions perhaps shouldn't force caching in the first place

[積丹尼 Dan Jacobson]

Maybe if the caching behavior was made non-default,
then I wouldn't need su -c apt-show-versions nobody
to avoid the error, and also no more daily errors from cron too.