Bug#917143: T-coffee: Should we roll back to 11.00.8cbe486

[Andreas Tille]

Hi,

despite some effort by Bernhard Übelacker[1] (thanks a lot Bernhard) and
the issue Liubov filed to upstream[2] (also thanks to you Liubov for
your investigation) I have the feeling that our chances are quite low to
fix this right in time for the freeze.  Since T-coffee has quite some
users I'm tempted to revert to version 11.00.8cbe486 and upload version
12 to experimental.  Does anybody have a better idea?

Kind regards

   Andreas.


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917143#14
[2] https://github.com/cbcrg/tcoffee/issues/13

-- 
http://fam-tille.de

Bug#920791: New libglm-dev

[Guus Sliepen]

Package: libglm-dev
Version: 0.9.9.3-1
Severity: grave
Justification: renders package unusable

On Tue, Jan 29, 2019 at 12:09:37AM +0100, Sylvain Beucler wrote:

> I receive lots of reports of GNU FreeDink not building with weird errors
> from GLM - and I can't reproduce locally!
> 
> I see you just made a new upload - any clue?
> 
>  * Build log: 
> https://buildd.debian.org/status/fetch.php?pkg=freedink=s390x=109.4-1=1548702166=log
>  * Build log: 
> https://buildd.debian.org/status/fetch.php?pkg=freedink=ppc64el=109.4-2=1548715950=log
>  * Build log: 
> https://buildd.debian.org/status/fetch.php?pkg=freedink=armel=109.4-2=1548716184=log

I cannot reproduce it either, but according to the logs it looks like it
might be some #defines not working properly on some architectures.

-- 
Met vriendelijke groet / with kind regards,
  Guus Sliepen 


signature.asc
Description: PGP signature

Bug#920749: [Pkg-javascript-devel] Bug#920749: popper.js: contains generated code uncertain if fully included as source

[Xavier]

Le 28/01/2019 à 18:45, Jonas Smedegaard a écrit :
> Source: popper.js
> Version: 1.14.6+ds-1
> Severity: serious
> Justification: Policy 2.1
> 
> Source package contains several files (seemingly all of them) below
>  which does not exist in upstream version tracking and therefore
> are not in the form preferred upstream, and more importantly may include
> other code than the actual source below .
> 
>  - Jonas

Upstream author does provide dist/* files in release commits (example:
https://github.com/FezVrasta/popper.js/commit/b1144cdbcb5b5ab20d281a6083ecdce475a54af1)
and remove them from master at next commit. This generated files are
readable javascript files, unminified and well commented (a sort of
webpack of packages/* files).

To reproduce build, many dependencies are needed. So the choices are:
 - doing nothing, twitter-bootstrap4 will be removed from buster with
   all its reverse dependencies
 - package many new modules (I've no time to do this)
 - decrease this severity issue

NB: upstream build can be reproduce only using yarnpkg, failed with npm:
  $ yarnpkg install
  $ yarnpkg build

Cheers,
Xavier

Bug#917758: A fix candidate

[Sergei Golovan]

Hi, Simon!

On Tue, Jan 29, 2019 at 1:05 AM Simon Josefsson  wrote:
>
> Hi Sergei!  We worked on this precisely at the same time!  I just

Nice timing!

> uploaded 2.7.0-1 which incorporates upstream's solution to this
> problem.  I think it is a cleaner approach than to patch 2.6.1, and we

Definitely, It's better to incorporate the fix upstream.

> still have time before the freeze.  Sorry for not noticing your push
> before doing the upload, but I merged your changelog entry to give you
> credit for this.  What do you think?

It's unnecessary, as long as the bug is fixed. :-)

Cheers!
-- 
Sergei Golovan

Processed: affects 919623, affects 919623, found 919623 in 2.3.4-4

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 919623 - 2.3.4-4
Bug #919623 [rssh] rssh: CVE-2019-118: Remote code execution in scp support
Removed indication that 919623 affects 2.3.4-4
> affects 919623 - 2.3.4-5
Bug #919623 [rssh] rssh: CVE-2019-118: Remote code execution in scp support
Removed indication that 919623 affects 2.3.4-5
> found 919623 2.3.4-4
Bug #919623 [rssh] rssh: CVE-2019-118: Remote code execution in scp support
Marked as found in versions rssh/2.3.4-4.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 919623 is forwarded to https://sourceforge.net/p/rssh/mailman/message/36519118/

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 919623 https://sourceforge.net/p/rssh/mailman/message/36519118/
Bug #919623 [rssh] rssh: CVE-2019-118: Remote code execution in scp support
Set Bug forwarded-to-address to 
'https://sourceforge.net/p/rssh/mailman/message/36519118/'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: retitle 919623 to rssh: CVE-2019-1000018: Remote code execution in scp support

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 919623 rssh: CVE-2019-118: Remote code execution in scp support
Bug #919623 [rssh] Remote code execution in scp support
Changed Bug title to 'rssh: CVE-2019-118: Remote code execution in scp 
support' from 'Remote code execution in scp support'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: [bts-link] source package src:matplotlib2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:matplotlib2
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #918896 (http://bugs.debian.org/918896)
> # Bug title: matplotlib2: FTBFS with Sphinx 1.8: directive u'math' is already 
> registered, it will be overridden
> #  * https://github.com/matplotlib/matplotlib/issues/13258
> #  * remote status changed: (?) -> closed
> #  * closed upstream
> tags 918896 + fixed-upstream
Bug #918896 [src:matplotlib2] matplotlib2: FTBFS with Sphinx 1.8: directive 
u'math' is already registered, it will be overridden
Added tag(s) fixed-upstream.
> usertags 918896 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
918896: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918896
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 919623 in 2.3.4-5

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 919623 2.3.4-5
Bug #919623 [rssh] Remote code execution in scp support
Marked as found in versions rssh/2.3.4-5.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: [bts-link] source package src:isight-firmware-tools

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:isight-firmware-tools
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #919415 (http://bugs.debian.org/919415)
> # Bug title: isight-firmware-tools: Build-Depends on cruft package 
> libgcrypt11-dev
> #  * 
> https://salsa.debian.org/mactel-team/isight-firmware-tools/merge_requests/1
> #  * remote status changed: opened -> merged
> #  * closed upstream
> tags 919415 + fixed-upstream
Bug #919415 [src:isight-firmware-tools] isight-firmware-tools: Build-Depends on 
cruft package libgcrypt11-dev
Added tag(s) fixed-upstream.
> usertags 919415 - status-opened
Usertags were: status-opened.
Usertags are now: .
> usertags 919415 + status-merged
There were no usertags set.
Usertags are now: status-merged.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: [bts-link] source package src:dot2tex

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:dot2tex
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #918814 (http://bugs.debian.org/918814)
> # Bug title: dot2tex: FTBFS with Sphinx 1.8: No module named pngmath
> #  * https://github.com/kjellmf/dot2tex/issues/63
> #  * remote status changed: (?) -> closed
> #  * closed upstream
> tags 918814 + fixed-upstream
Bug #918814 {Done: Sandro Tosi } [src:dot2tex] dot2tex: FTBFS 
with Sphinx 1.8: No module named pngmath
Added tag(s) fixed-upstream.
> usertags 918814 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
918814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: reopening 919623, affects 919623, affects 919623

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 919623
Bug #919623 {Done: Russ Allbery } [rssh] Remote code execution 
in scp support
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions rssh/2.3.4-9.
> affects 919623 2.3.4-5
Bug #919623 [rssh] Remote code execution in scp support
Added indication that 919623 affects 2.3.4-5
> affects 919623 2.3.4-4
Bug #919623 [rssh] Remote code execution in scp support
Added indication that 919623 affects 2.3.4-4
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: fixed 919623 in 2.3.4-9

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 919623 2.3.4-9
Bug #919623 [rssh] Remote code execution in scp support
There is no source info for the package 'rssh' at version '2.3.4-9' with 
architecture ''
Unable to make a source version for version '2.3.4-9'
Marked as fixed in versions 2.3.4-9.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#919623: marked as done (Remote code execution in scp support)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2019 05:50:04 +
with message-id 
and subject line Bug#919623: fixed in rssh 2.3.4-9
has caused the Debian Bug report #919623,
regarding Remote code execution in scp support
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rssh
Version: 2.3.4-8
Severity: grave
Tags: security upstream

https://sourceforge.net/p/rssh/mailman/message/36519118/ is the upstream
report.  The reporter indicated they asked for a CVE but didn't include it
in the message.

scp allows remote code execution inside the server environment via several
methods due to inadequate command-line verification.  This bug has been
present since the beginning of rssh.

I have a completely untested patch but haven't had time to test it yet.
Attaching it to this report for whatever it's worth.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages rssh depends on:
ii  debconf [debconf-2.0]  1.5.69
ii  libc6  2.28-4
ii  openssh-server 1:7.9p1-4

rssh recommends no packages.

Versions of packages rssh suggests:
ii  cvs 2:1.12.13+real-26
pn  makejail
pn  rdist   
ii  rsync   3.1.3-1
ii  subversion  1.10.3-1+b1

-- Configuration Files:
/etc/logcheck/ignore.d.server/rssh [Errno 13] Permission denied: 
'/etc/logcheck/ignore.d.server/rssh'
/etc/rssh.conf changed [not included]

-- debconf information excluded
diff --git a/util.c b/util.c
index 56f67ad..4dde1a0 100644
--- a/util.c
+++ b/util.c
@@ -268,6 +268,45 @@ static int rsync_e_okay( char **vec )
 }
 
 
+/*
+ * scp_okay() - take the command line and check that it is a hopefully-safe scp
+ * server command line, accepting only very specific options.
+ * Returns FALSE if the command line should not be allowed, TRUE
+ * if it is okay.
+ */
+static int scp_okay( char **vec )
+{
+   int saw_file = FALSE;
+   int saw_end  = FALSE;
+
+   for ( ; vec && *vec; vec++ ){
+   /* Allowed options. */
+   if ( !saw_end ) {
+   if ( strcmp(*vec, "-v") == 0 ) continue;
+   if ( strcmp(*vec, "-r") == 0 ) continue;
+   if ( strcmp(*vec, "-p") == 0 ) continue;
+   if ( strcmp(*vec, "-d") == 0 ) continue;
+   if ( strcmp(*vec, "-f") == 0 ) continue;
+   if ( strcmp(*vec, "-t") == 0 ) continue;
+   }
+
+   /* End of arguments.  One more argument allowed after this. */
+   if ( !saw_end && strcmp(*vec, "--") == 0 ){
+   saw_end = TRUE;
+   continue;
+   }
+
+   /* No other options allowed, but allow file starting with -. */
+   if ( *vec[0] == '-' && !saw_end ) return FALSE;
+   if ( saw_file ) return FALSE;
+   saw_file = TRUE;
+   }
+
+   /* We must have seen a single file. */
+   return saw_file;
+}
+
+
 /*
  * check_command_line() - take the command line passed to rssh, and verify
  *   that the specified command is one the user is
@@ -283,8 +322,11 @@ char *check_command_line( char **cl, ShellOptions_t *opts )
return PATH_SFTP_SERVER;
 
if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
-   /* filter -S option */
-   if ( opt_filter(cl, 'S') ) return NULL;
+   if ( !scp_okay(cl) ){
+   fprintf(stderr, "\ninsecure scp option not allowed.");
+   log_msg("insecure scp option in scp command line");
+   return NULL;
+   }
return PATH_SCP;
}
 
--- End Message ---
--- Begin Message ---
Source: rssh
Source-Version: 2.3.4-9

We believe that the bug you reported is fixed in the latest version of
rssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further 

Processed: r-cran-repr: autopkgtest regression

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> merge 920711 920712
Bug #920711 [src:r-cran-repr] r-cran-repr: autopkgtest regression
Bug #920712 [src:r-cran-repr] r-cran-repr: autopkgtest regression
Merged 920711 920712
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
920711: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920711
920712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920712
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#919442: marked as done (python-dmidecode-dbg: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2019 05:19:37 +
with message-id 
and subject line Bug#919442: fixed in python-dmidecode 3.12.2-7
has caused the Debian Bug report #919442,
regarding python-dmidecode-dbg: unhandled symlink to directory conversion: 
/usr/share/doc/PACKAGE
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919442
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-dmidecode-dbg
Version: 3.12.2-6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

an upgrade test with piuparts revealed that your package installs files
over existing symlinks and possibly overwrites files owned by other
packages. This usually means an old version of the package shipped a
symlink but that was later replaced by a real (and non-empty)
directory. This kind of overwriting another package's files cannot be
detected by dpkg.

This was observed on the following upgrade paths:

  stretch -> buster

For /usr/share/doc/PACKAGE this may not be problematic as long as both
packages are installed, ship byte-for-byte identical files and are
upgraded in lockstep. But once one of the involved packages gets
removed, the other one will lose its documentation files, too,
including the copyright file, which is a violation of Policy 12.5:
https://www.debian.org/doc/debian-policy/ch-docs.html#copyright-information

For other overwritten locations anything interesting may happen.

Note that dpkg intentionally does not replace directories with symlinks
and vice versa, you need the maintainer scripts to do this.
See in particular the end of point 4 in
https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#details-of-unpack-phase-of-installation-or-upgrade

It is recommended to use the dpkg-maintscript-helper commands
'dir_to_symlink' and 'symlink_to_dir' (available since dpkg 1.17.14)
to perform the conversion, ideally using d/$PACKAGE.maintscript.
See dpkg-maintscript-helper(1) and dh_installdeb(1) for details.


>From the attached log (scroll to the bottom...):

0m37.0s ERROR: FAIL: silently overwrites files via directory symlinks:
  /usr/share/doc/python-dmidecode-dbg/AUTHORS (python-dmidecode-dbg) != 
/usr/share/doc/python-dmidecode/AUTHORS (python-dmidecode)
/usr/share/doc/python-dmidecode-dbg -> python-dmidecode
  /usr/share/doc/python-dmidecode-dbg/AUTHORS.upstream (python-dmidecode-dbg) 
!= /usr/share/doc/python-dmidecode/AUTHORS.upstream (python-dmidecode)
/usr/share/doc/python-dmidecode-dbg -> python-dmidecode
  /usr/share/doc/python-dmidecode-dbg/README (python-dmidecode-dbg) != 
/usr/share/doc/python-dmidecode/README (python-dmidecode)
/usr/share/doc/python-dmidecode-dbg -> python-dmidecode
  /usr/share/doc/python-dmidecode-dbg/README.types (python-dmidecode-dbg) != 
/usr/share/doc/python-dmidecode/README.types (python-dmidecode)
/usr/share/doc/python-dmidecode-dbg -> python-dmidecode
  /usr/share/doc/python-dmidecode-dbg/README.upstream.gz (python-dmidecode-dbg) 
!= /usr/share/doc/python-dmidecode/README.upstream.gz (python-dmidecode)
/usr/share/doc/python-dmidecode-dbg -> python-dmidecode
  /usr/share/doc/python-dmidecode-dbg/changelog.Debian.gz 
(python-dmidecode-dbg) != /usr/share/doc/python-dmidecode/changelog.Debian.gz 
(python-dmidecode)
/usr/share/doc/python-dmidecode-dbg -> python-dmidecode
  /usr/share/doc/python-dmidecode-dbg/changelog.gz (python-dmidecode-dbg) != 
/usr/share/doc/python-dmidecode/changelog.gz (python-dmidecode)
/usr/share/doc/python-dmidecode-dbg -> python-dmidecode
  /usr/share/doc/python-dmidecode-dbg/copyright (python-dmidecode-dbg) != 
/usr/share/doc/python-dmidecode/copyright (python-dmidecode)
/usr/share/doc/python-dmidecode-dbg -> python-dmidecode


cheers,

Andreas


python-dmidecode-dbg_3.12.2-6.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: python-dmidecode
Source-Version: 3.12.2-7

We believe that the bug you reported is fixed in the latest version of
python-dmidecode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 919...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sandro Tosi  (supplier of updated python-dmidecode package)

(This message was generated automatically at their request; if you
believe that there is a 

Bug#918814: marked as done (dot2tex: FTBFS with Sphinx 1.8: No module named pngmath)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2019 05:19:11 +
with message-id 
and subject line Bug#918814: fixed in dot2tex 2.9.0-3
has caused the Debian Bug report #918814,
regarding dot2tex: FTBFS with Sphinx 1.8: No module named pngmath
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
918814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dot2tex
Version: 2.9.0-2.1
Severity: important
User: python-modules-t...@lists.alioth.debian.org
Usertags: sphinx1.8

Dear Maintainer,

dot2tex fails to build with Sphinx 1.8, currently available in experimental:

  /usr/bin/make -C docs/ html
  make[2]: Entering directory '/<>/docs'
  sphinx-build -b html -d _build/doctrees   . _build/html
  Running Sphinx v1.8.3

  Extension error:
  Could not import extension sphinx.ext.pngmath (exception: No module named 
pngmath)

The pngmath extension was deprecated in Sphinx 1.4 and has been removed [1]
in Sphinx 1.8. The recommended alternative is sphinx.ext.imgmath [2] which
also has SVG support in addition to PNG.

To me it looks like this extension is unused anyway: there are no “.. math::”
directives or “:math:” roles, and the binary package does not have any
generated PNG images. So maybe this extension can be simply removed from
extensions in conf.py.

[1]: https://github.com/sphinx-doc/sphinx/pull/4702
[2]: https://www.sphinx-doc.org/en/1.8/usage/extensions/math.html

--
Dmitry Shachnev


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: dot2tex
Source-Version: 2.9.0-3

We believe that the bug you reported is fixed in the latest version of
dot2tex, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 918...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sandro Tosi  (supplier of updated dot2tex package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 28 Jan 2019 22:39:29 -0500
Source: dot2tex
Binary: dot2tex
Architecture: source all
Version: 2.9.0-3
Distribution: unstable
Urgency: medium
Maintainer: Sandro Tosi 
Changed-By: Sandro Tosi 
Description:
 dot2tex- Graphviz to LaTeX converter
Closes: 918814
Changes:
 dot2tex (2.9.0-3) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/copyright: Use https protocol in Format field
   * d/watch: Use https protocol
 .
   [ Sandro Tosi ]
   * debian/patches/sphinx-1.8-gh-63.patch
 - fix FTBFS with sphinx 1.8 by removing pngmath extension; Closes: #918814
   * debian/control
 - bump Standards-Version to 4.3.0 (no changes needed)
   * debian/copyright
 - extend packaging copyright years
Checksums-Sha1:
 92e0b44819b63050242173773fea2d2ac9b2cac4 2012 dot2tex_2.9.0-3.dsc
 858be9f0f9746214b2e2cd388a419023bba5ce6a 6728 dot2tex_2.9.0-3.debian.tar.xz
 5cf13ad64d17ebf50b89132a89ad34cf1103740a 333432 dot2tex_2.9.0-3_all.deb
 b5937a6e601e4737a55d00d4dea7c257a0a6afc1 8168 dot2tex_2.9.0-3_amd64.buildinfo
Checksums-Sha256:
 baa52bc233390d4aa88423df247290b778e3c567524f5294622732d4f4e75f46 2012 
dot2tex_2.9.0-3.dsc
 8451dffdaad8e12616a891dd9b0f5532b4c924081cae6feab4cd631deaf285f5 6728 
dot2tex_2.9.0-3.debian.tar.xz
 623e39a91aca2acecafaa9b10c65f85353eb5d77af0c7d9443a21cdb146a9f02 333432 
dot2tex_2.9.0-3_all.deb
 c8a0d6066b2e97bbf75aaa17c7d98f0703fbf9bc02a2ea6c0483555d8b8441b7 8168 
dot2tex_2.9.0-3_amd64.buildinfo
Files:
 72ecb2891e1936ff55bc3aac8387f323 2012 graphics optional dot2tex_2.9.0-3.dsc
 9155769337dad6a73743f00e247687bf 6728 graphics optional 
dot2tex_2.9.0-3.debian.tar.xz
 61932b2f71e097f0c0158d2b6b0406c2 333432 graphics optional 
dot2tex_2.9.0-3_all.deb
 a3d7c394894d362f643cf034dccaf143 8168 graphics optional 
dot2tex_2.9.0-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEufrTGSrz5KUwnZ05h588mTgBqU8FAlxPy78ACgkQh588mTgB
qU+jow//TLKXB/M4dHP8bclNA8fss/gULs4oGh6dCSqmBXpFaXv//Vd/jcaQ8Dk0
lHXNpfu90RTvO0Swizw76/C7uVEH4GdQfMBVDiCejYt85WDyHVQX/23CPo/lxQdb
R6bry9crO4VQNvwi9GN6OWO4MvpgPCBktzniQ1TMh14Jk5KG4hFJ9tEPtuXy5gD5
ZL56oaVH3s+3yg4EBGNiRzUDnQ1LH3pTVjXqOMrhcpUoq/fo3WnV4o/niV4tU/Jw
UolXCM0jnHYcykwiqrRWERQCkSPAkKVKn1ofY0OLgbRrDKFSfb9HLqvsvQSPM6GU

Processed: Bug #919442 in python-dmidecode marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #919442 [python-dmidecode-dbg] python-dmidecode-dbg: unhandled symlink to 
directory conversion: /usr/share/doc/PACKAGE
Added tag(s) pending.

-- 
919442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919442
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#919442: Bug #919442 in python-dmidecode marked as pending

[Sandro Tosi]

Control: tag -1 pending

Hello,

Bug #919442 in python-dmidecode reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/python-team/modules/python-dmidecode/commit/349e7701bac19cb4364ba464bfb7c81576aba534


properly handle the -dbg dir-to-symlink migration; Closes: #919442


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/919442

Processed: reopening 915311

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 915311
Bug #915311 [src:dumb-init] dumb-init FTBFS on mips*: test failures
Bug 915311 is not marked as done; doing nothing.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
915311: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 915311 in 1.2.2-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 915311 1.2.2-1
Bug #915311 {Done: Dmitry Smirnov } [src:dumb-init] 
dumb-init FTBFS on mips*: test failures
Marked as found in versions dumb-init/1.2.2-1; no longer marked as fixed in 
versions dumb-init/1.2.2-1 and reopened.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
915311: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Bug #918814 in dot2tex marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #918814 [src:dot2tex] dot2tex: FTBFS with Sphinx 1.8: No module named 
pngmath
Added tag(s) pending.

-- 
918814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#918814: Bug #918814 in dot2tex marked as pending

[Sandro Tosi]

Control: tag -1 pending

Hello,

Bug #918814 in dot2tex reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/python-team/applications/dot2tex/commit/d106d21d0a0ec4079741eda03eb1728189653d7a


fix FTBFS with sphinx 1.8 by removing pngmath extension; Closes: #918814


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/918814

Bug#912310: marked as done (erlang-erlware-commons FTBFS: ERROR: eunit failed while processing /<>/erlang-erlware-commons-1.2.0+dfsg: rebar_abort)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2019 03:19:45 +
with message-id 
and subject line Bug#912310: fixed in erlang-erlware-commons 1.3.1+dfsg-1
has caused the Debian Bug report #912310,
regarding erlang-erlware-commons FTBFS: ERROR: eunit failed while processing 
/<>/erlang-erlware-commons-1.2.0+dfsg: rebar_abort
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912310: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912310
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: erlang-erlware-commons
Version: 1.2.0+dfsg-1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/package.php?p=erlang-erlware-commons=sid

...
Total: 65%
DEBUG: Reconstruct kernel [{logger_level,notice},
   {logger_sasl_compatible,false}]
DEBUG: Reconstruct rebar []
DEBUG: Reconstruct stdlib []
DEBUG: Reconstruct crypto [{fips_mode,false},{rand_cache_size,896}]
DEBUG: No processes to kill
ERROR: One or more eunit tests failed.
ERROR: eunit failed while processing 
/<>/erlang-erlware-commons-1.2.0+dfsg: rebar_abort
make[1]: *** [/usr/share/dh-rebar/make/dh-rebar.Makefile:138: rebar_eunit] 
Error 1
--- End Message ---
--- Begin Message ---
Source: erlang-erlware-commons
Source-Version: 1.3.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
erlang-erlware-commons, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nobuhiro Iwamatsu  (supplier of updated 
erlang-erlware-commons package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 29 Jan 2019 12:00:12 +0900
Source: erlang-erlware-commons
Architecture: source
Version: 1.3.1+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Erlang Packagers 
Changed-By: Nobuhiro Iwamatsu 
Closes: 912310
Changes:
 erlang-erlware-commons (1.3.1+dfsg-1) experimental; urgency=medium
 .
   * New upstream release.
   * Ignore fail of test. (Closes: #912310)
Checksums-Sha1:
 43744bc049a5f94b7df47bfde6dd971503aab736 2194 
erlang-erlware-commons_1.3.1+dfsg-1.dsc
 bf4889a87905c7ead45cbc6d8de5e75bca803f73 46576 
erlang-erlware-commons_1.3.1+dfsg.orig.tar.xz
 11c69e5eff26551893a62a7006991008cea92832 3356 
erlang-erlware-commons_1.3.1+dfsg-1.debian.tar.xz
 6b28511eead5ad4348183ac031d70dc3cd7151a9 9295 
erlang-erlware-commons_1.3.1+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 2adfe3d4fcaef312c2486d3ef61b9e17a5960042e8fdb6304a915986987088af 2194 
erlang-erlware-commons_1.3.1+dfsg-1.dsc
 615c672d8d0209bbbdcdf61ede86e097f68e86ad6631acaaff17c15ad23f10f4 46576 
erlang-erlware-commons_1.3.1+dfsg.orig.tar.xz
 b8398dcc0a0b24d868e3844459e896c22ed487ff7f5743d974cec844f03e4050 3356 
erlang-erlware-commons_1.3.1+dfsg-1.debian.tar.xz
 dca9fa7112320a3e574ede75e85abe0e3660f74ec94e2ed5c029fb74bba90aef 9295 
erlang-erlware-commons_1.3.1+dfsg-1_amd64.buildinfo
Files:
 243a02d47bd68ac0bc15a615669d63d3 2194 devel optional 
erlang-erlware-commons_1.3.1+dfsg-1.dsc
 cc046ccc48518400d74c87d0f5417dfe 46576 devel optional 
erlang-erlware-commons_1.3.1+dfsg.orig.tar.xz
 f8de49e6c6de48aedbaf672605b5a2c6 3356 devel optional 
erlang-erlware-commons_1.3.1+dfsg-1.debian.tar.xz
 dce628af951e945e561a576609b86f40 9295 devel optional 
erlang-erlware-commons_1.3.1+dfsg-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEXmKe5SMhlzV7hM9DMiR/u0CtH6YFAlxPw0IACgkQMiR/u0Ct
H6Y3Sw//ZPLSzOWjhWMNvzwe9QyXRe5/AYr+u5C0pUHJErUC46Im/48l8fIbH9tY
GI9qVBgOUC6IkaTBFnP/BZZiN/tNAEqdrMAKt2oxQFmXhQKS9Zk1iqcTbJSK8qIz
+DfR4Cr9Xu8KxIY3nYlbqJuJXcwvioW3QiCVKoZtJolOJlEdUtYKJ38AyEJH1czo
VN3h7wpgQ9h6tg/qfDeq+BbbXEwAbs4KkhV2x0M0l6LmJ/c6kSAS9/hBZPBSceWC
JtG34AiepQYsu4RRiEDoo3Vn2KzMtR3c5sG2y8uKu4AJI/UiWvjA7xaNAVPbMpV2
+6lI/FxmCmh4P3wUUIF3FhWV+qWE5bK0d5Bhw+MVnTB0CPNeo0KTIIvwc9rlAy0u
UGgwcyjmXECZvQ8+QL5QKTcZA6PIotZpzISEl3RROLEl3dcQ1EcQmdQeUohktmgX
C6ViLtdrBYUbR1XjY4/PTxmvfDDG9Zo8hJ26XxS9YIhzxvEQHVUYyOgYYIr/HWik
LXDHAwa0lpnopBMM/PwxNTi13O+3R6rJnb3GqRdT46/eMwWzcj2E1q01PJQX3Mwl
/JoaFQ+HFVnkAipgNpfV8+mDSipxmCfU4EnEWDv98kMgr3D9+7HRglXOX+O6DdhR
WXO9GKwHDU140qCEl+EtmeU/y7zM110MUGDi7OQmK3OVdiedDlE=
=wRGo
-END PGP 

Processed: [bts-link] source package src:libgd2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:libgd2
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #920728 (http://bugs.debian.org/920728)
> # Bug title: libgd2: CVE-2019-6978
> #  * https://github.com/libgd/libgd/issues/492
> #  * remote status changed: (?) -> closed
> #  * closed upstream
> tags 920728 + fixed-upstream
Bug #920728 [src:libgd2] libgd2: CVE-2019-6978
Added tag(s) fixed-upstream.
> usertags 920728 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
920728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#903751: marked as done (basket: please remove the extra libsoprano-dev build dependency)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2019 02:46:08 +
with message-id 
and subject line Bug#903751: fixed in basket 2.11~beta+git20180715.058ce7a-1
has caused the Debian Bug report #903751,
regarding basket: please remove the extra libsoprano-dev build dependency
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
903751: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903751
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: basket
Version: 2.10~beta+git20160425.b77687f-1
Severity: normal
Tags: patch

Hi,

the libsoprano-dev build dependency was added in version
2.10~beta+git20150905.faa6dce-1; it is used to enable the nepomuk
integration, which is not actually enabled since the nepomuk libraries
are not available anymore (and shared-desktop-ontologies is not
installed either).

basket builds fine without the libsoprano-dev build dependency, so
please remove it. Patch attached for it.

Thanks,
-- 
Pino
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: optional
 Maintainer: Debian KDE Extras Team 
 Uploaders: Mark Purcell , Sune Vuorela , 
Luigi Toscano 
 Build-Depends: debhelper (>= 9), pkg-kde-tools (>= 0.5), cmake, libx11-dev, 
pkg-config, libqimageblitz-dev,
- shared-mime-info, libsoprano-dev, kdelibs5-dev, kdepimlibs5-dev (>=4:4.4.3), 
libgpgme11-dev
+ shared-mime-info, kdelibs5-dev, kdepimlibs5-dev (>=4:4.4.3), libgpgme11-dev
 Homepage: http://basket.kde.org/
 Standards-Version: 3.9.8
 Vcs-Git: https://anonscm.debian.org/git/pkg-kde/kde-extras/basket.git
--- End Message ---
--- Begin Message ---
Source: basket
Source-Version: 2.11~beta+git20180715.058ce7a-1

We believe that the bug you reported is fixed in the latest version of
basket, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 903...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luigi Toscano  (supplier of updated basket package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 28 Jan 2019 22:46:57 -0300
Source: basket
Binary: basket basket-data
Architecture: source
Version: 2.11~beta+git20180715.058ce7a-1
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team 
Changed-By: Luigi Toscano 
Description:
 basket - multi-purpose note-taking application for KDE
 basket-data - data files for BasKet Notepads
Closes: 903751
Changes:
 basket (2.11~beta+git20180715.058ce7a-1) unstable; urgency=medium
 .
   [ Luigi Toscano ]
   * New git snapshot:
 - Bump version number, still use a git snapshot with additional fixes.
   * Update few metadata (URLs, emails):
 - maintainer list address (list.alioth->alioth-lists);
 - Vcs-Git/Vcs-Url (from alioth to salsa);
 - homepage (not a KDE project for a while).
   * Remove the dependency on libsoprano-dev (Closes: #903751).
 - not used anymore (no Nepomuk integration).
   Thanks Pino Toscano for the patch.
   * Various clean ups:
 - remove the trailing spaces from few packaging files
   (changelog, control, copyright, watch);
 - replace tabs with spaces in the copyright file;
 - run wrap-and-sort;
 - fix a typo in the copyright file.
   * Bump Standards-Version to 4.3.0, no changes required.
 .
   [ Lisandro Damián Nicanor Pérez Meyer ]
   * Remove last empty line in changelog as lintian detects it as a trailing
 space.
Checksums-Sha1:
 d097838caf30455333e82f3febdc901b9e4dbc46 2338 
basket_2.11~beta+git20180715.058ce7a-1.dsc
 96eb57d8ad3dcedd9077f37577e9b69097682543 2846340 
basket_2.11~beta+git20180715.058ce7a.orig.tar.xz
 df73143f22aa8d52c04cdaa480b8cfa4f6d13366 8180 
basket_2.11~beta+git20180715.058ce7a-1.debian.tar.xz
 86ec4085843a7d05f47f8566fc4dd430ee10a4d1 6053 
basket_2.11~beta+git20180715.058ce7a-1_source.buildinfo
Checksums-Sha256:
 7612f0f9b8e05d8419fb784c5f435556e68117776e23fe6a019cabbce2fcc6bd 2338 
basket_2.11~beta+git20180715.058ce7a-1.dsc
 50bd189ff26053ffe6c66ad172d1b626fe523ebe8328db0e2e6126f613c66636 2846340 
basket_2.11~beta+git20180715.058ce7a.orig.tar.xz
 20f7cdbe9c3f21846029ac52285a5f601779013ba8a5211e4d6e70fc24483906 8180 
basket_2.11~beta+git20180715.058ce7a-1.debian.tar.xz
 

Processed: found 920547 in 4.18.20-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 920547 4.18.20-2
Bug #920547 [src:linux] Crashes every few hours
Marked as found in versions linux/4.18.20-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
920547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920731: elpa-projectile: fails to upgrade from 'stretch': projectile.el:1121:1:Error: Unknown upattern `(quote native)'

[David Bremner]

Andreas Beckmann  writes:

>   Install elpa-projectile for emacs24
>   install/projectile-2.0.0: Handling install of emacsen flavor emacs24
>   install/projectile-2.0.0: byte-compiling for emacs24
>   
>   In toplevel form:
>   projectile.el:968:1:Warning: Unused lexical argument `trash'
>   projectile.el:1121:1:Error: Unknown upattern `(quote native)'
>   ERROR: install script from elpa-projectile package failed
>   dpkg: error processing package elpa-projectile (--configure):
>subprocess installed post-installation script returned error exit status 1

>
>
> Note that this failure was observed during an
> 'apt-get upgrade && apt-get dist-upgrade' run in the 'upgrade'
> phase, while direct 'apt-get dist-upgrade' succeeds.
> This indicates that there may be some missing Breaks against
> unsupported older emacs versions ...
>

Yes, that analysis looks correct to me.  Although it is emacs24 that
"breaks" projectile in the common-sense definition of breaks. Oh well.

d

Bug#853992: marked as done (xul-ext-requestpolicy: update requestpolicy to 1.0 beta12.4 - compatibility with web extensions)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2019 01:07:13 +
with message-id 
and subject line Bug#920721: Removed package(s) from unstable
has caused the Debian Bug report #853992,
regarding xul-ext-requestpolicy: update requestpolicy to 1.0 beta12.4 - 
compatibility with web extensions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853992: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853992
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xul-ext-requestpolicy
Version: 1.0.0~beta12.3+dfsg-1
Severity: normal

Dear Maintainer,
First of all thank you for taking care of xul-ext-requestpolicy for so
long. Was just browsing today and saw that 1.0beta12.4 was introduced
few months back. The only addition according to the changelog
https://github.com/RequestPolicyContinued/requestpolicy/blob/dev-1.0/ChangeLog.md

is being compatible with WebExtensions which Mozilla is going to come
up in the next few releases.

https://wiki.mozilla.org/WebExtensions

If possible, please update it so we are ready when the new Firefox arrives.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (600, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (1, 'experimental-debug'), (1, 'experimental'), (1,
'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xul-ext-requestpolicy depends on:
ii  firefox   50.1.0-1
ii  firefox-esr   45.7.0esr-1
ii  iceweasel 45.7.0esr-1
ii  libjs-jquery  3.1.1-2

xul-ext-requestpolicy recommends no packages.

xul-ext-requestpolicy suggests no packages.

-- no debconf information


-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8
--- End Message ---
--- Begin Message ---
Version: 1.0.0~beta12.3+dfsg-1+rm

Dear submitter,

as the package requestpolicy has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/920721

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#912916: marked as done (mysql-connector-java: removal from Debian)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2019 01:06:42 +
with message-id 
and subject line Bug#920703: Removed package(s) from unstable
has caused the Debian Bug report #912916,
regarding mysql-connector-java: removal from Debian
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912916: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912916
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mysql-connector-java
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for mysql-connector-java.

CVE-2018-3258[0]:
| Vulnerability in the MySQL Connectors component of Oracle MySQL
| (subcomponent: Connector/J). Supported versions that are affected are
| 8.0.12 and prior. Easily exploitable vulnerability allows low
| privileged attacker with network access via multiple protocols to
| compromise MySQL Connectors. Successful attacks of this vulnerability
| can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8
| (Confidentiality, Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-3258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3258

Please adjust the affected versions in the BTS as needed.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Version: 5.1.45-1+rm

Dear submitter,

as the package mysql-connector-java has just been removed from the Debian 
archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/920703

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#891297: Bug #891297 in gnome-keyring marked as pending

[Jeremy Bicha]

Control: tag -1 pending

Hello,

Bug #891297 in gnome-keyring reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/gnome-team/gnome-keyring/commit/982fe41186d2b904b5df576fc9b39e2df02a9a3b


Update copyright file

Closes: #891297


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/891297

Processed: Bug #891297 in gnome-keyring marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #891297 [src:gnome-keyring] gnome-keyring: Incomplete debian/copyright?
Added tag(s) pending.

-- 
891297: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891297
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: severity of 920768 is important

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 920768 important
Bug #920768 [firejail] firejail --join no longer works
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
920768: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920768
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920768: firejail --join no longer works

[Reiner Herrmann]

On Tue, Jan 29, 2019 at 12:40:11AM +0100, Vincent Lefevre wrote:
> > What does "firejail --list" show?
> 
> 20396:vinc17:firefox-1:/usr/bin/firejail --quiet --name=firefox 
> --env=BROWSER=firefox-esr firefox-esr
> 
> But why is it called firefox-1? I have requested --name=firefox.
> This makes no sense.

It creates a firefox-1, if a sandbox called firefox was already existing
at the time it is created.
For some reason there seems to be a short-lived sandbox called firefox
created, and at the same time another one.

That's why I asked in the other mail if your firefox-esr is maybe a
symlink to to firejail.

Perhaps some debug information will give more clues.
Can you (after shutting down firefox) run the same command, but with
--debug as an argument at the beginning?


signature.asc
Description: PGP signature

Bug#920768: firejail --join no longer works

[Reiner Herrmann]

Control: tags -1 severity important

(lowering severity as I don't think that the package becomes unusable,
even if --join was not working.)

On Tue, Jan 29, 2019 at 12:33:51AM +0100, Vincent Lefevre wrote:
> On 2019-01-29 00:19:45 +0100, Vincent Lefevre wrote:
> > I have a firefox in firejail:
> > 
> > zira:~> ps -fC firejail
> > UIDPID  PPID  C STIME TTY  TIME CMD
> > vinc173524  3523  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
> > --name=firefox --env=BROWSER=firefox-esr firefox-esr
> > vinc173525  3524  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
> > --name=firefox --env=BROWSER=firefox-esr firefox-esr
> > 
> > But it is no longer possible to join it:
> > 
> > zira:~> firejail --join=firefox true
> > Error: cannot find sandbox firefox
> > zsh: exit 1 firejail --join=firefox true
> 
> Downgrading firejail to 0.9.56-2 solves the problem.

I'm not yet able to reproduce it.

In shell 1:
$ firejail --name=firefox bash
...

In shell 2:
$ firejail --list
15093:reiner:firefox:firejail --name=firefox bash
$ firejail --join=firefox
Switching to pid 15094, the first child process inside the sandbox
Child process initialized in 8.91 ms
$

Is your firefox-esr by chance a symlink back to firejail?
Can you please run:  ls -l $(which firefox-esr)

Kind regards,
  Reiner


signature.asc
Description: PGP signature

Bug#920768: firejail --join no longer works

[Vincent Lefevre]

On 2019-01-29 00:28:33 +0100, Reiner Herrmann wrote:
> On Tue, Jan 29, 2019 at 12:19:45AM +0100, Vincent Lefevre wrote:
> > I have a firefox in firejail:
> > 
> > zira:~> ps -fC firejail
> > UIDPID  PPID  C STIME TTY  TIME CMD
> > vinc173524  3523  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
> > --name=firefox --env=BROWSER=firefox-esr firefox-esr
> > vinc173525  3524  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
> > --name=firefox --env=BROWSER=firefox-esr firefox-esr
> > 
> > But it is no longer possible to join it:
> > 
> > zira:~> firejail --join=firefox true
> > Error: cannot find sandbox firefox
> > zsh: exit 1 firejail --join=firefox true
> 
> What does "firejail --list" show?

20396:vinc17:firefox-1:/usr/bin/firejail --quiet --name=firefox 
--env=BROWSER=firefox-esr firefox-esr

But why is it called firefox-1? I have requested --name=firefox.
This makes no sense.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Processed: severity of 882015 is grave

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 882015 grave
Bug #882015 [src:ldns] ldns: CVE-2017-1000231: Memory corruption in 
ldns_rr_new_frm_fp_l (double free)
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
882015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882015
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920768: firejail --join no longer works

[Vincent Lefevre]

On 2019-01-29 00:19:45 +0100, Vincent Lefevre wrote:
> I have a firefox in firejail:
> 
> zira:~> ps -fC firejail
> UIDPID  PPID  C STIME TTY  TIME CMD
> vinc173524  3523  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
> --name=firefox --env=BROWSER=firefox-esr firefox-esr
> vinc173525  3524  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
> --name=firefox --env=BROWSER=firefox-esr firefox-esr
> 
> But it is no longer possible to join it:
> 
> zira:~> firejail --join=firefox true
> Error: cannot find sandbox firefox
> zsh: exit 1 firejail --join=firefox true

Downgrading firejail to 0.9.56-2 solves the problem.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#920768: firejail --join no longer works

[Reiner Herrmann]

On Tue, Jan 29, 2019 at 12:19:45AM +0100, Vincent Lefevre wrote:
> I have a firefox in firejail:
> 
> zira:~> ps -fC firejail
> UIDPID  PPID  C STIME TTY  TIME CMD
> vinc173524  3523  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
> --name=firefox --env=BROWSER=firefox-esr firefox-esr
> vinc173525  3524  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
> --name=firefox --env=BROWSER=firefox-esr firefox-esr
> 
> But it is no longer possible to join it:
> 
> zira:~> firejail --join=firefox true
> Error: cannot find sandbox firefox
> zsh: exit 1 firejail --join=firefox true

What does "firejail --list" show?

Regards,
  Reiner


signature.asc
Description: PGP signature

Bug#909933: Bug #909933 in jekyll marked as pending

[Moritz Mühlenhoff]

On Mon, Dec 03, 2018 at 04:19:44PM +, Youhei SASAKI wrote:
> Control: tag -1 pending
> 
> Hello,
> 
> Bug #909933 in jekyll reported by you has been fixed in the
> Git repository and is awaiting an upload. You can see the commit
> message below and you can check the diff of the fix at:
> 
> https://salsa.debian.org/ruby-team/jekyll/commit/61235dd677395a4e49c3f775c664f440dbf560de

This is pending for two months, can you please upload in time
for buster?

Cheers,
Moritz

Bug#920768: firejail --join no longer works

[Vincent Lefevre]

Package: firejail
Version: 0.9.58-1
Severity: grave
Justification: renders package unusable

I have a firefox in firejail:

zira:~> ps -fC firejail
UIDPID  PPID  C STIME TTY  TIME CMD
vinc173524  3523  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
--name=firefox --env=BROWSER=firefox-esr firefox-esr
vinc173525  3524  0 Jan28 ?00:00:00 /usr/bin/firejail --quiet 
--name=firefox --env=BROWSER=firefox-esr firefox-esr

But it is no longer possible to join it:

zira:~> firejail --join=firefox true
Error: cannot find sandbox firefox
zsh: exit 1 firejail --join=firefox true

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firejail depends on:
ii  libapparmor1  2.13.2-5
ii  libc6 2.28-5

Versions of packages firejail recommends:
ii  firejail-profiles  0.9.58-1
ii  iproute2   4.20.0-2
ii  iptables   1.8.2-3
ii  xauth  1:1.0.10-1
ii  xpra   2.4.3+dfsg1-1

firejail suggests no packages.

-- no debconf information

Bug#920547: Crashes every few hours

[Toni Mueller]

Hi Ben,

On Mon, Jan 28, 2019 at 12:42:37AM +, Ben Hutchings wrote:
> On Sat, 26 Jan 2019 20:03:49 + Toni  wrote:
> > Package: src:linux
> > Version: 4.19.16-1
> > Severity: critical
> > File: linux-image-4.19.0-2-amd64
> 
> Is this a new problem with version 4.19.16-1?  Or did it happen with
> earlier versions as well?

it happened with the 4.18.* kernel as well. The machine came with Ubuntu
and 4.13 preinstalled, but I wiped it as soon as I could and installed
Debian. So I don't know if it would have worked with Ubuntu - the entire
setup was not suitable for my purposes, but I thought that 4.9 might be
too old for this hardware.

However, the machine came with a 1.3 BIOS, which I updated to 1.6 and
then to 1.7. I think, I had 4.18 together with 1.6 running, but closed
the corresponding bug report when I noticed that both a newer kernel and
a newer BIOS were available. Well, the situation compared has improved a
little, compared to that, but it is still very bad.

> When you say "data loss", are you talking about data in memory or
> corruption of files that were saved and sync'd to disk?

I mean, files on disk were destroyed. I noticed some because I use
etckeeper with git, and suddenly, I could no longer see my update
history because files in /etc/.git were corrupt to the point that no
"git fsck" or "git gc" could resurrect the tree.

> On x86 laptops thermal management is (by default) done by the system
> firmware (BIOS and management engine code).  If you didn't override
> that, and yet the CPU overheats, this is the manufacturer's fault.

Ok... In the BIOS, I set the corresponding parameter from "performance"
to "normal", which I hoped would be a more conservative setting, to
prevent exactly this problem.


Cheers,
Toni

Bug#917758: marked as done (jabberd2: FTBFS: mysql-related errors)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 22:24:50 +
with message-id 
and subject line Bug#917758: fixed in jabberd2 2.7.0-1
has caused the Debian Bug report #917758,
regarding jabberd2: FTBFS: mysql-related errors
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
917758: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917758
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jabberd2
Version: 2.6.1-3
Severity: serious
Justification: FTBFS on amd64
Tags: buster sid
Usertags: ftbfs-20181229 ftbfs-buster

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.

Relevant part (hopefully):
> make[3]: Entering directory '/<>/storage'
> /bin/bash ../libtool --quiet  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H 
> -I. -I..  -DLIBRARY_DIR=\"/usr/lib/x86_64-linux-gnu/jabberd2\" -Wdate-time 
> -D_FORTIFY_SOURCE=2 -I../c2s -I.. -g -O2 
> -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -funsigned-char -fdiagnostics-color -c -o 
> libstorage_la-storage.lo `test -f 'storage.c' || echo './'`storage.c
> /bin/bash ../libtool --quiet  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H 
> -I. -I..  -DLIBRARY_DIR=\"/usr/lib/x86_64-linux-gnu/jabberd2\" -Wdate-time 
> -D_FORTIFY_SOURCE=2 -I../c2s -I.. -g -O2 
> -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -funsigned-char -fdiagnostics-color -c -o 
> libstorage_la-object.lo `test -f 'object.c' || echo './'`object.c
> /bin/bash ../libtool --quiet  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H 
> -I. -I..   -Wdate-time -D_FORTIFY_SOURCE=2 -I../c2s -I.. -g -O2 
> -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -funsigned-char -fdiagnostics-color -c -o 
> authreg_anon.lo authreg_anon.c
> /bin/bash ../libtool --quiet  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H 
> -I. -I..   -Wdate-time -D_FORTIFY_SOURCE=2 -I../c2s -I.. -g -O2 
> -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -funsigned-char -fdiagnostics-color -c -o 
> authreg_db.lo authreg_db.c
> /bin/bash ../libtool --quiet  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H 
> -I. -I..   -Wdate-time -D_FORTIFY_SOURCE=2 -I../c2s -I.. -g -O2 
> -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -funsigned-char -fdiagnostics-color -c -o 
> storage_db.lo storage_db.c
> /bin/bash ../libtool --quiet  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H 
> -I. -I..   -Wdate-time -D_FORTIFY_SOURCE=2 -I../c2s -I.. -g -O2 
> -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -funsigned-char -fdiagnostics-color -c -o 
> storage_fs.lo storage_fs.c
> storage_fs.c: In function '_st_fs_put':
> storage_fs.c:173:64: warning: cast from 
> pointer to integer of different size [-Wpointer-to-int-cast]
>  fprintf(f, "%s %d %d\n", key, ot, 
> ((int)val != 0) ? 1 : 0);
> 
> ^
> storage_fs.c:177:63: warning: cast from 
> pointer to integer of different size [-Wpointer-to-int-cast]
>  fprintf(f, "%s %d %d\n", key, ot, 
> (int) val);
>
> ^
> storage_fs.c: In function '_st_fs_delete':
> storage_fs.c:383:34: warning: 
> '%s' directive output may be truncated writing up to 255 
> bytes into a region of size between 0 and 1023 
> [-Wformat-truncation=]
>  snprintf(file, 1024, "%s/%s", path, dirent->d_name);
>   ^~
> In file included from /usr/include/stdio.h:873,
>  from ../util/util.h:27,
>  from storage.h:38,
>  from storage_fs.c:36:
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: 
> note: '__builtin___snprintf_chk' output 
> between 2 and 1280 bytes into a destination of size 1024
>return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL 
> - 1,
>   
> ^~~~
>     __bos (__s), __fmt, 

Bug#917758: A fix candidate

[Simon Josefsson]

Hi Sergei!  We worked on this precisely at the same time!  I just
uploaded 2.7.0-1 which incorporates upstream's solution to this
problem.  I think it is a cleaner approach than to patch 2.6.1, and we
still have time before the freeze.  Sorry for not noticing your push
before doing the upload, but I merged your changelog entry to give you
credit for this.  What do you think?

/Simon

On Tue, 2019-01-29 at 00:50 +0300, Sergei Golovan wrote:
> Hi Simon,
> 
> I've pushed a possible fix for this bug:
> https://salsa.debian.org/xmpp-team/jabberd2/commit/c2d181c5eed5b2d83d
> e99eb87626253fe512f019
> 
> If it's okay to you, I could upload it.
> 
> Cheers!

signature.asc
Description: This is a digitally signed message part

Bug#917758: A fix candidate

[Sergei Golovan]

Hi Simon,

I've pushed a possible fix for this bug:
https://salsa.debian.org/xmpp-team/jabberd2/commit/c2d181c5eed5b2d83de99eb87626253fe512f019

If it's okay to you, I could upload it.

Cheers!
-- 
Sergei Golovan

Bug#920733: marked as done (freedink: missing Breaks+Replaces: freedink-engine (<< 109.4))

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 21:35:29 +
with message-id 
and subject line Bug#920733: fixed in freedink 109.4-2
has caused the Debian Bug report #920733,
regarding freedink: missing Breaks+Replaces: freedink-engine (<< 109.4)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
920733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920733
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: freedink
Version: 109.4-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

From the attached log (scroll to the bottom...):

  Preparing to unpack .../freedink_109.4-1_all.deb ...  

   Unpacking freedink 
(109.4-1) ...   

  dpkg: error processing archive 
/var/cache/apt/archives/freedink_109.4-1_all.deb (--unpack):

   trying to overwrite 
'/usr/share/metainfo/freedink.appdata.xml', which is also in package 
freedink-engine 109.2-1 
   Errors were encountered while 
processing: 

/var/cache/apt/archives/freedink_109.4-1_all.deb

  

cheers,

Andreas


freedink-engine=109.2-1_freedink=109.4-1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: freedink
Source-Version: 109.4-2

We believe that the bug you reported is fixed in the latest version of
freedink, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 920...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvain Beucler  (supplier of updated freedink package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 28 Jan 2019 21:54:00 +0100
Source: freedink
Binary: freedink freedink-engine freedink-engine-dbgsym
Architecture: source amd64 all
Version: 109.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team 
Changed-By: Sylvain Beucler 
Description:
 freedink   - humorous top-down adventure and role-playing game
 freedink-engine - humorous top-down adventure and role-playing game (engine)
Closes: 920733
Changes:
 freedink (109.4-2) unstable; urgency=medium
 .
   * Use Breaks to move Appstream file from freedink-engine to
 freedink (Closes: #920733)
Checksums-Sha1:
 643cf6e7e27231e146a97faf7d852955d877adbb 2006 freedink_109.4-2.dsc
 eec65364c05f5a33da3f5dae6a26929c1be8b240 42992 freedink_109.4-2.debian.tar.xz
 3feba27982080a5fcfca1725c2cf6c571f369260 1987152 
freedink-engine-dbgsym_109.4-2_amd64.deb
 bbf5549123ea2078823abbb6d5145249c9c53eeb 272360 
freedink-engine_109.4-2_amd64.deb
 ad8449a31d731a9ff653818e54a5ebcbcd5c38fa 58872 freedink_109.4-2_all.deb
 aca4aca3679222c6745b85816240d31e75e16217 11819 freedink_109.4-2_amd64.buildinfo
Checksums-Sha256:
 544641a0bf764cd7c5c2adee72aa88b5c1f3b44fdf146d22f70e7905727e42c7 2006 
freedink_109.4-2.dsc
 cff7367677bf209bedc0973b8a2b35a1a5128d52f1f42b0e8658102b53ff5109 42992 
freedink_109.4-2.debian.tar.xz
 4025d0d27155b672e56d3779c05831e7dd8e9dc09968b1d96670c6d3dae0c8a1 1987152 

Bug#919817: marked as done (mysql-5.7: Security fixes from the January 2019 CPU)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 20:56:52 +
with message-id 
and subject line Bug#919817: fixed in mysql-5.7 5.7.25-1
has caused the Debian Bug report #919817,
regarding mysql-5.7: Security fixes from the January 2019 CPU
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919817: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919817
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mysql-5.7
Version: 5.7.24-3
Severity: grave
Tags: security upstream
Justification: user security hole

Hi

Details at
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mysql-5.7
Source-Version: 5.7.25-1

We believe that the bug you reported is fixed in the latest version of
mysql-5.7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 919...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Tangvald  (supplier of updated mysql-5.7 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 22 Jan 2019 08:03:45 +0100
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev mysql-client-core-5.7 
mysql-client-5.7 mysql-server-core-5.7 mysql-server-5.7 mysql-server 
mysql-client mysql-testsuite mysql-testsuite-5.7 mysql-source-5.7
Architecture: source
Version: 5.7.25-1
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers 
Changed-By: Lars Tangvald 
Description:
 libmysqlclient-dev - MySQL database development files
 libmysqlclient20 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 mysql-client - MySQL database client (metapackage depending on the latest 
versio
 mysql-client-5.7 - MySQL database client binaries
 mysql-client-core-5.7 - MySQL database core client binaries
 mysql-server - MySQL database server (metapackage depending on the latest 
versio
 mysql-server-5.7 - MySQL database server binaries and system database setup
 mysql-server-core-5.7 - MySQL database server binaries
 mysql-source-5.7 - MySQL source
 mysql-testsuite - MySQL regression tests
 mysql-testsuite-5.7 - MySQL 5.7 testsuite
Closes: 919817
Changes:
 mysql-5.7 (5.7.25-1) unstable; urgency=high (security fixes)
 .
   * Imported upstream version 5.7.25 to fix security issues:
 - 
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
 - CVE-2018-0734 CVE-2019-2420 CVE-2019-2434 CVE-2019-2455
 - CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503
 - CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529
 - CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-2537
 (Closes: #919817)
Checksums-Sha1:
 f268bdacf122c1cee2c22b24178943c925fe39e3 3229 mysql-5.7_5.7.25-1.dsc
 cbec35bbe2f2540232105a307770c432380be352 49107578 mysql-5.7_5.7.25.orig.tar.gz
 ff3b9a8a74ce38fa89ce45794fc4770b373918ac 156756 
mysql-5.7_5.7.25-1.debian.tar.xz
Checksums-Sha256:
 23c71f834fcefd5766b130243558844d578e51858271f5f10231e19ae92bf3bd 3229 
mysql-5.7_5.7.25-1.dsc
 354c427c8679c6a4774f60723ea211e54b4383307764d240940f960d110bf5cf 49107578 
mysql-5.7_5.7.25.orig.tar.gz
 40c4d766d4c154c54982fba3e6683279fdc11bb8ca89cdcb596415645d827e94 156756 
mysql-5.7_5.7.25-1.debian.tar.xz
Files:
 7d30f684b59316b3112a58b955fc7380 3229 database optional mysql-5.7_5.7.25-1.dsc
 db53cbcc972276cec7a450b042956c57 49107578 database optional 
mysql-5.7_5.7.25.orig.tar.gz
 31fe0ce87d8e78cbbc072319179f07b2 156756 database optional 
mysql-5.7_5.7.25-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJcT1+fAAoJEOVkucJ1vdUu5rwP/28rKR43o3juNnlnlfeqFoTp
rbDnvtF1ltcoEDK52PsRZp3m4W6bI3DqtMy5pYTVklwKsB2hy7CaiLije/OqDqHo
fSry/lAiOkh43VqFKYpgCBgDcMeMUVrTeZKsJI1k0WQk+NKeHPxm+r9Fz8Q6GCOg
U5tXsw+AVug7w2VJpwB4LbW3LcuZ7vH+Hd19dwtUbxVM4J1+1zCE6h48K6C0F8oW
VuHGvyH1Ltmw1zEgi9BjWBTmzvySqBO8UtKfObs3px7Xzjy3qH5pKlYUXfFOWyAg
3JHI8QNSrV+n4O7kGq8uPQ2uPNHFj8DwRElQakKvJUdTbkwnKIHgj7k/MKcYxO2P
F2W6Kn7SLixSvaQwKqCTogEi/HYLOJDyOPTVxM/GZjjv8W25KUj89YUz4wS+YU9W
FjoOhGW81GGXLnNWUMWRNk3FJM4Gm9WriNlKJ2vmWGFlwR1Utfe4Q9jfgrv2+RRM

Bug#920337: python3-igraph: ships header in /usr/include/python3.7

[Hugo Lefeuvre]

Hi,

I had a look into this issue. It does _not_ look like a bug in the
python-igraph packaging to me.

Nicolas suggested to patch debian/patches/3.7/distutils-install-layout.diff
from python3-stdlib-extensions.

It does in fact look like the actual issue:

+'unix_local': {
+'purelib': '$base/local/lib/python$py_version_short/dist-packages',
+'platlib': '$platbase/local/lib/python$py_version_short/dist-packages',
+'headers': '$base/local/include/python$py_version_short/$dist_name',
+'scripts': '$base/local/bin',
+'data'   : '$base/local',
+},
+'deb_system': {
+'purelib': '$base/lib/python3/dist-packages',
+'platlib': '$platbase/lib/python3/dist-packages',
+'headers': '$base/include/python$py_version_short/$dist_name',
+'scripts': '$base/bin',
+'data'   : '$base',
+},

These headers entries seem wrong to me, $abiflags is missing.

should be respectively

'$base/local/include/python$py_version_short$abiflags/$dist_name'

and

'$base/include/python$py_version_short$abiflags/$dist_name'

Matthias: should we open a python3-stdlib-extensions bug ? Do you think
this issue can be fixed in time for Buster or should we upload a temporary
fix for python-igraph ?

cheers,
Hugo

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C


signature.asc
Description: PGP signature

Bug#900269: marked as done (ifupdown: last version breaks upgrade)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 20:53:22 +
with message-id 
and subject line Bug#900269: fixed in ifupdown 0.8.35
has caused the Debian Bug report #900269,
regarding ifupdown: last version breaks upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
900269: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900269
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ifupdown
Version: 0.8.34
Severity: critical
Justification: breaks the whole system

Dear Maintainer,

I now have been experiency three freeze during apt upgrade on three
machines with the lattest update.

When upgrading, you're stuck with the last message in console "setting up
ifupdown" and nothing else. The machine dropped its ip address but
seems to fails to acquire a new one. and stay like this for minutes.

running ifup (if you still logged on another console) barks because of
lock in /run.

The problem is that headless machine with servers are then unmanageable
without physical access.


-- Package-specific info:
--- /etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
#auto lo 
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp
  hostname r-x-ceva6380

iface wlan0 inet dhcp
  pre-up  /etc/network/WirelessLanStartLiveBox.sh wlan0
  hostname r-x-ceva6380
  post-down /etc/network/WirelessLanStopLiveBox.sh wlan0


--- up and down scripts installed:
/etc/network/if-down.d:
total 8
-rwxr-xr-x 1 root root 372 Mar 17  2014 openvpn
-rwxr-xr-x 1 root root 111 Feb  8  2010 umountnfs
lrwxrwxrwx 1 root root  32 May  7 19:57 wpasupplicant -> 
../../wpa_supplicant/ifupdown.sh

/etc/network/if-post-down.d:
total 4
lrwxrwxrwx 1 root root   23 Apr 27 12:59 avahi-daemon -> ../if-up.d/avahi-daemon
lrwxrwxrwx 1 root root   29 Apr  8 23:06 bridge -> /lib/bridge-utils/ifupdown.sh
-rwxr-xr-x 1 root root 1409 Mar 24  2016 wireless-tools
lrwxrwxrwx 1 root root   32 May  7 19:57 wpasupplicant -> 
../../wpa_supplicant/ifupdown.sh

/etc/network/if-pre-up.d:
total 12
lrwxrwxrwx 1 root root   29 Apr  8 23:06 bridge -> /lib/bridge-utils/ifupdown.sh
-rwxr-xr-x 1 root root  344 Jun  7  2010 ethtool
-rwxr-xr-x 1 root root 4178 Mar 24  2016 wireless-tools
lrwxrwxrwx 1 root root   32 May  7 19:57 wpasupplicant -> 
../../wpa_supplicant/ifupdown.sh

/etc/network/if-up.d:
total 32
-rwxr-xr-x 1 root root  484 Mar  6  2013 avahi-daemon
-rwxr-xr-x 1 root root 1685 Sep 22  2014 ethtool
-rwxr-xr-x 1 root root 4958 Jun  8  2014 mountnfs
-rwxr-xr-x 1 root root  109 Feb  8  2010 mountnfs.dpkg-old
-rwxr-xr-x 1 root root  900 Apr 28  2016 ntpdate
-rwxr-xr-x 1 root root  972 Mar 30  2017 openssh-server
-rwxr-xr-x 1 root root  385 Jul  7  2015 openvpn
lrwxrwxrwx 1 root root   32 May  7 19:57 wpasupplicant -> 
../../wpa_supplicant/ifupdown.sh


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.43 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF8), LANGUAGE= (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages ifupdown depends on:
ii  adduser   3.117
ii  iproute2  4.16.0-4
ii  libc6 2.27-3
ii  lsb-base  9.20170808

Versions of packages ifupdown recommends:
ii  isc-dhcp-client [dhcp-client]  4.3.5-4

Versions of packages ifupdown suggests:
ii  ppp 2.4.7-2+2
pn  rdnssd  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: ifupdown
Source-Version: 0.8.35

We believe that the bug you reported is fixed in the latest version of
ifupdown, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 900...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guus Sliepen  (supplier of updated ifupdown package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 28 Jan 2019 

Bug#918149: terminator in buster

[Julián Moreno Patiño]

Hello Markus,

This package is team maintained, you are welcome at board.

At the moment I am a little bit busy. Just go ahead with your NMU to
fix the RC bug.

Kind regards,

El dom., 27 ene. 2019 a las 7:00, Markus Frosch
() escribió:
>
> Hey all,
> is anyone taking care about the RC bug [2] in terminator[1] for upcoming
> buster?
>
> I plan to do an NMU over the next days, if no one says stop.
>
> I've seen that Emilio did some Python 3 work in experimental, is that
> ready for unstable? What's the upstream work on this?
>
> Maybe I'm going to adopt the package as well, since I'm using
> terminator. Anyone opposes that?
>
> Cheers
> Markus Frosch
>
> [1] https://tracker.debian.org/pkg/terminator
> [2] https://bugs.debian.org/918149
>
> --
> mar...@lazyfrosch.de / lazyfro...@debian.org
> https://lazyfrosch.de
>


-- 
Julián Moreno Patiño
Debian Developer
 .''`. Debian GNU/{Linux,KfreeBSD}
: :' : Free Operating Systems
`. `'  http://debian.org/
  `-   GPG Fingerprint:
C2C8 904E 314C D8FA 041D 9B00 D5FD FC15 6168 BF60
Registered GNU Linux User ID 488513

Bug#918434: marked as done (golint: FTBFS (failing tests))

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 20:53:10 +
with message-id 
and subject line Bug#918434: fixed in golint 0.0+git20181214.8f45f77-1
has caused the Debian Bug report #918434,
regarding golint: FTBFS (failing tests)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
918434: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918434
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:golint
Version: 0.0+git20161013.3390df4-2
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-arch
dh build-arch --buildsystem=golang --with=golang
   dh_update_autotools_config -a -O--buildsystem=golang
   dh_auto_configure -a -O--buildsystem=golang
   dh_auto_build -a -O--buildsystem=golang
cd obj-x86_64-linux-gnu && go install 
-gcflags=all=\"-trimpath=/<>/golint-0.0\+git20161013.3390df4/obj-x86_64-linux-gnu/src\"
 
-asmflags=all=\"-trimpath=/<>/golint-0.0\+git20161013.3390df4/obj-x86_64-linux-gnu/src\"
 -v -p 1 github.com/golang/lint github.com/golang/lint/golint
errors
internal/cpu
internal/bytealg
internal/race
runtime/internal/atomic
runtime/internal/sys
runtime
sync/atomic

[... snipped ...]

go/parser
text/tabwriter
go/printer
container/heap
encoding/binary
math/rand
math/big
go/constant
go/types
bufio
path
regexp/syntax
regexp
net/url
text/template/parse
text/template
go/doc
log
context
os/exec
go/build
text/scanner
golang.org/x/tools/go/gcimporter15
github.com/golang/lint
flag
github.com/golang/lint/golint
   dh_auto_test -a -O--buildsystem=golang
cd obj-x86_64-linux-gnu && go test -vet=off -v -p 1 
github.com/golang/lint github.com/golang/lint/golint
=== RUN   TestAll
--- FAIL: TestAll (0.04s)
lint_test.go:94: Lint failed at errorf.go:29; /should 
replace.*t\.Error\(fmt\.Sprintf\(\.\.\.\)\).*t\.Errorf\(\.\.\.\)/ did not match
lint_test.go:94: Lint failed at time.go:11; /Msec.*\*time.Duration/ did not 
match
lint_test.go:94: Lint failed at time.go:13; /Secs.*time.Duration/ did not 
match
lint_test.go:94: Lint failed at var-decl.go:18; 
/should.*\*http\.ServeMux.*inferred/ did not match
lint_test.go:94: Lint failed at var-decl.go:74; /should omit.*io\.Writer/ 
did not match
=== RUN   TestLine
--- PASS: TestLine (0.00s)
=== RUN   TestLintName
--- PASS: TestLintName (0.00s)
=== RUN   TestExportedType
--- PASS: TestExportedType (0.00s)
FAIL
FAILgithub.com/golang/lint  0.043s
?   github.com/golang/lint/golint   [no test files]
dh_auto_test: cd obj-x86_64-linux-gnu && go test -vet=off -v -p 1 
github.com/golang/lint github.com/golang/lint/golint returned exit code 1
make: *** [debian/rules:4: build-arch] Error 1
dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit 
status 2


The build was made in my autobuilder with "dpkg-buildpackage -B"
but it also fails here:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/golint.html

where you can get a full build log if you need it.

If this is really a bug in one of the build-depends, please use reassign and 
affects,
so that this is still visible in the BTS web page for this package.

Thanks.
--- End Message ---
--- Begin Message ---
Source: golint
Source-Version: 0.0+git20181214.8f45f77-1

We believe that the bug you reported is fixed in the latest version of
golint, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 918...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martín Ferrari  (supplier of updated golint package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 28 Jan 2019 20:30:26 +
Source: golint
Architecture: source
Version: 0.0+git20181214.8f45f77-1
Distribution: unstable
Urgency: high
Maintainer: Debian Go Packaging Team 

Changed-By: Martín Ferrari 
Closes: 918434
Changes:
 golint (0.0+git20181214.8f45f77-1) unstable; urgency=high
 .
   [ Alexandre Viau ]
   * Point Vcs-* urls to salsa.debian.org.
 .
   [ Martín Ferrari ]
   

Bug#920639: solfege: Does not start

[François Mazen]

Hello,

thanks a lot for reporting this issue. 

It seems that the behavior of python3 webbrowser module changed with
python 3.7.2 release.
A simple fix is to call webbrowser.get() before using the module.

--- a/solfege/mainwin.py
+++ b/solfege/mainwin.py
@@ -25,6 +25,7 @@
 # debian etch system, the browser does will freeze solfege until
 # I close the browser window.
 try:
+webbrowser.get()
 i = webbrowser._tryorder.index("x-www-browser")
 webbrowser._tryorder.append(webbrowser._tryorder[i])
 del webbrowser._tryorder[i]

A patch is attached, and I'll generate a new package as soon as
possible.

Best Regards,
François


--- a/solfege/mainwin.py
+++ b/solfege/mainwin.py
@@ -25,6 +25,7 @@
 # debian etch system, the browser does will freeze solfege until
 # I close the browser window.
 try:
+webbrowser.get()
 i = webbrowser._tryorder.index("x-www-browser")
 webbrowser._tryorder.append(webbrowser._tryorder[i])
 del webbrowser._tryorder[i]


signature.asc
Description: This is a digitally signed message part

Processed: spice: diff for NMU version 0.14.0-1.3

[Debian Bug Tracking System]

Processing control commands:

> tags 920762 + patch
Bug #920762 [src:spice] spice: CVE-2019-3813: Off-by-one error in array access 
in spice/server/memslot.c
Added tag(s) patch.
> tags 920762 + pending
Bug #920762 [src:spice] spice: CVE-2019-3813: Off-by-one error in array access 
in spice/server/memslot.c
Added tag(s) pending.

-- 
920762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920762
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920762: spice: diff for NMU version 0.14.0-1.3

[Salvatore Bonaccorso]

Control: tags 920762 + patch
Control: tags 920762 + pending

Dear maintainer,

I've prepared an NMU for spice (versioned as 0.14.0-1.3) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
diff -Nru spice-0.14.0/debian/changelog spice-0.14.0/debian/changelog
--- spice-0.14.0/debian/changelog	2018-10-11 23:41:48.0 +0200
+++ spice-0.14.0/debian/changelog	2019-01-28 13:04:44.0 +0100
@@ -1,3 +1,11 @@
+spice (0.14.0-1.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * memslot: Fix off-by-one error in group/slot boundary check (CVE-2019-3813)
+(Closes: #920762)
+
+ -- Salvatore Bonaccorso   Mon, 28 Jan 2019 13:04:44 +0100
+
 spice (0.14.0-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru spice-0.14.0/debian/patches/memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch spice-0.14.0/debian/patches/memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch
--- spice-0.14.0/debian/patches/memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch	1970-01-01 01:00:00.0 +0100
+++ spice-0.14.0/debian/patches/memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch	2019-01-28 13:04:44.0 +0100
@@ -0,0 +1,46 @@
+From 6eff47e72cb2f23d168be58bab8bdd60df49afd0 Mon Sep 17 00:00:00 2001
+From: Christophe Fergeau 
+Date: Thu, 29 Nov 2018 14:18:39 +0100
+Subject: [spice-server] memslot: Fix off-by-one error in group/slot boundary
+ check
+
+RedMemSlotInfo keeps an array of groups, and each group contains an
+array of slots. Unfortunately, these checks are off by 1, they check
+that the index is greater or equal to the number of elements in the
+array, while these arrays are 0 based. The check should only check for
+strictly greater than the number of elements.
+
+For the group array, this is not a big issue, as these memslot groups
+are created by spice-server users (eg QEMU), and the group ids used to
+index that array are also generated by the spice-server user, so it
+should not be possible for the guest to set them to arbitrary values.
+
+The slot id is more problematic, as it's calculated from a QXLPHYSICAL
+address, and such addresses are usually set by the guest QXL driver, so
+the guest can set these to arbitrary values, including malicious values,
+which are probably easy to build from the guest PCI configuration.
+
+This patch fixes the arrays bound check, and adds a test case for this.
+
+Signed-off-by: Christophe Fergeau 
+---
+
+--- a/server/memslot.c
 b/server/memslot.c
+@@ -99,14 +99,14 @@ unsigned long memslot_get_virt(RedMemSlo
+ MemSlot *slot;
+ 
+ *error = 0;
+-if (group_id > info->num_memslots_groups) {
++if (group_id >= info->num_memslots_groups) {
+ spice_critical("group_id too big");
+ *error = 1;
+ return 0;
+ }
+ 
+ slot_id = memslot_get_id(info, addr);
+-if (slot_id > info->num_memslots) {
++if (slot_id >= info->num_memslots) {
+ print_memslots(info);
+ spice_critical("slot_id %d too big, addr=%" PRIx64, slot_id, addr);
+ *error = 1;
diff -Nru spice-0.14.0/debian/patches/series spice-0.14.0/debian/patches/series
--- spice-0.14.0/debian/patches/series	2018-10-11 23:41:48.0 +0200
+++ spice-0.14.0/debian/patches/series	2019-01-28 13:04:44.0 +0100
@@ -1,2 +1,3 @@
 Fix-flexible-array-buffer-overflow.patch
 refresh-tests-pki-keys.patch
+memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch

Processed: Bug #918434 in golint marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #918434 [src:golint] golint: FTBFS (failing tests)
Added tag(s) pending.

-- 
918434: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918434
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#918434: Bug #918434 in golint marked as pending

[Martín Ferrari]

Control: tag -1 pending

Hello,

Bug #918434 in golint reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/go-team/packages/golint/commit/4b93b44bb4c84c5d79a352f018ec76598b8d780b


debian/control: Depend on latest x/tools. Closes: #918434 (raising urgency).


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/918434

Bug#920733: freedink: missing Breaks+Replaces: freedink-engine (<< 109.4)

[b...@debian.org]

Hi,

On 28/01/2019 21:11, Andreas Beckmann wrote:
> On 2019-01-28 20:45, b...@debian.org wrote:
>> Hi,
>>
>> Would you mind detailing how you invoke piuparts so it gives that error?
> input comes from some script using dose to find potential candidates for
> file overwrites problems across distros
>
>> I've been running it for an hour and I only get successes (or false
>> positives about font dirs that I skipped with
>> --warn-on-leftovers-after-purge).
>> The logs you provide apparently initializes a server by installing
>> "hello" and running then seem to do special tests that are different
>> from e.g. https://piuparts.debian.org/sid/source/f/freedink.html .
> then some scripts generate more scripts to perform several partial
> upgrade scenarios within piuparts ... until one fails
>
> everything is running manually on a local machine ... I should get this
> automated on an official host ... it's hard to catch faulty packages
> before they migrate after two days ...

Hmm, I was about to add piuparts to my upstream release procedures but I
see this would miss this kind of bug anyway, so it's probably not worth
the time and effort.


>> This, so I can thoroughly reproduce the bug(s)
> apt-get install freedink-engine/buster freedink/sid
If I only did this check (which I already did - hence why I wrote
/thoroughly/), we'll certainly run into yet another corner case and
we'll both waste time.

Hence why I'd like to run checks before uploading.
Right now I'm just in a stressful situation where I'll do an upload and
maybe I'll have another SERIOUS bug coming out of nowhere a couple days
later and my package threatened for removal again.


>> (unless you have a working patch, that is).
> See Subject?
This is not a patch, merely a pointer.
Also both
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces
and https://wiki.debian.org/PackageTransition don't give the same
directions for this bug (change 1 package vs. change 2 packages).

- Sylvain

Bug#920733: freedink: missing Breaks+Replaces: freedink-engine (<< 109.4)

[Andreas Beckmann]

On 2019-01-28 20:45, b...@debian.org wrote:
> Hi,
> 
> Would you mind detailing how you invoke piuparts so it gives that error?

input comes from some script using dose to find potential candidates for
file overwrites problems across distros

> I've been running it for an hour and I only get successes (or false
> positives about font dirs that I skipped with
> --warn-on-leftovers-after-purge).
> The logs you provide apparently initializes a server by installing
> "hello" and running then seem to do special tests that are different
> from e.g. https://piuparts.debian.org/sid/source/f/freedink.html .

then some scripts generate more scripts to perform several partial
upgrade scenarios within piuparts ... until one fails

everything is running manually on a local machine ... I should get this
automated on an official host ... it's hard to catch faulty packages
before they migrate after two days ...

> This, so I can thoroughly reproduce the bug(s)

apt-get install freedink-engine/buster freedink/sid

> and test my fixes

> (unless
> you have a working patch, that is).

See Subject?


Andreas

Processed: spice: CVE-2019-3813: Off-by-one error in array access in spice/server/memslot.c

[Debian Bug Tracking System]

Processing control commands:

> found -1 0.12.8-2.1+deb9u2
Bug #920762 [src:spice] spice: CVE-2019-3813: Off-by-one error in array access 
in spice/server/memslot.c
Marked as found in versions spice/0.12.8-2.1+deb9u2.
> found -1 0.12.8-2.1
Bug #920762 [src:spice] spice: CVE-2019-3813: Off-by-one error in array access 
in spice/server/memslot.c
Marked as found in versions spice/0.12.8-2.1.
> fixed -1 0.12.8-2.1+deb9u3
Bug #920762 [src:spice] spice: CVE-2019-3813: Off-by-one error in array access 
in spice/server/memslot.c
The source 'spice' and version '0.12.8-2.1+deb9u3' do not appear to match any 
binary packages
Marked as fixed in versions spice/0.12.8-2.1+deb9u3.

-- 
920762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920762
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920762: spice: CVE-2019-3813: Off-by-one error in array access in spice/server/memslot.c

[Salvatore Bonaccorso]

Source: spice
Version: 0.14.0-1.2
Severity: grave
Tags: security upstream
Control: found -1 0.12.8-2.1+deb9u2
Control: found -1 0.12.8-2.1
Control: fixed -1 0.12.8-2.1+deb9u3

Hi,

The following vulnerability was published for spice.

CVE-2019-3813[0]:
Off-by-one error in array access in spice/server/memslot.c

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-3813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3813
[1] https://www.openwall.com/lists/oss-security/2019/01/28/2

Regards,
Salvatore

Bug#920733: freedink: missing Breaks+Replaces: freedink-engine (<< 109.4)

[b...@debian.org]

Hi,

Would you mind detailing how you invoke piuparts so it gives that error?
I've been running it for an hour and I only get successes (or false
positives about font dirs that I skipped with
--warn-on-leftovers-after-purge).
The logs you provide apparently initializes a server by installing
"hello" and running then seem to do special tests that are different
from e.g. https://piuparts.debian.org/sid/source/f/freedink.html .

This, so I can thoroughly reproduce the bug(s) and test my fixes (unless
you have a working patch, that is).

- Sylvain

On 28/01/2019 17:21, Andreas Beckmann wrote:
> Package: freedink
> Version: 109.4-1
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
>
> Hi,
>
> during a test with piuparts I noticed your package fails to upgrade from
> 'testing'.
> It installed fine in 'testing', then the upgrade to 'sid' fails
> because it tries to overwrite other packages files without declaring a
> Breaks+Replaces relation.
>
> See policy 7.6 at
> https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces
>
> From the attached log (scroll to the bottom...):
>
>   Preparing to unpack .../freedink_109.4-1_all.deb ...
>   
>Unpacking freedink 
> (109.4-1) ... 
>   
>   dpkg: error processing archive 
> /var/cache/apt/archives/freedink_109.4-1_all.deb (--unpack):  
>   
>trying to overwrite 
> '/usr/share/metainfo/freedink.appdata.xml', which is also in package 
> freedink-engine 109.2-1   
>  Errors were encountered while 
> processing:   
>   
> /var/cache/apt/archives/freedink_109.4-1_all.deb  
>   
>   
> 
>
> cheers,
>
> Andreas

Processed: affects 918167

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 918167 compactheader
Bug #918167 [xul-ext-compactheader] Broken in stable
Added indication that 918167 affects compactheader
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
918167: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918167
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920760: libpam-modules: does not ensure that pam-auth-update gets called after the package was configured

[Andreas Beckmann]

Package: libpam-modules
Version: 1.1.8-4
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts  

 

While on initial install there is a defined ordering between
libpam-modules and libpam-runtime, these two packages may be upgraded in
any order.

I noticed this bug because piuparts complained on some stretch->buster
upgrade paths that /var/lib/pam/seen was not matching the reference
chroot. Looking in depth the "mkhomedir" entry was missing.

This is the upgrade order for some libpam* packages, the first block is
for creating the reference chroot, the second one for the actual test
that failed:

$ grep -E 'starting over|(Setting up|Unpacking) libpam' /tmp/pamlog.bad.log 

   
  Unpacking libpam0g:amd64 (1.1.8-4) over (1.1.8-3.6) ...
  Setting up libpam0g:amd64 (1.1.8-4) ...
  Unpacking libpam-modules-bin (1.1.8-4) over (1.1.8-3.6) ...
  Setting up libpam-modules-bin (1.1.8-4) ...
  Unpacking libpam-modules:amd64 (1.1.8-4) over (1.1.8-3.6) ...
  Setting up libpam-modules:amd64 (1.1.8-4) ...
  Unpacking libpam-runtime (1.1.8-4) over (1.1.8-3.6) ...
  Setting up libpam-runtime (1.1.8-4) ...
1m19.2s INFO: Notice: package selections and meta data from target distro 
saved, now starting over from source distro. See the description of 
--save-end-meta and --end-meta to learn why this is neccessary and how to 
possibly avoid it.
  Unpacking libpam-runtime (1.1.8-4) over (1.1.8-3.6) ...
  Setting up libpam-runtime (1.1.8-4) ...
  Unpacking libpam0g:amd64 (1.1.8-4) over (1.1.8-3.6) ...
  Setting up libpam0g:amd64 (1.1.8-4) ...
  Unpacking libpam-modules-bin (1.1.8-4) over (1.1.8-3.6) ...
  Setting up libpam-modules-bin (1.1.8-4) ...
  Unpacking libpam-modules:amd64 (1.1.8-4) over (1.1.8-3.6) ...
  Setting up libpam-modules:amd64 (1.1.8-4) ...

So pam-auth-upgrade got called with all the old packages installed.
Only thereafter libpam-modules got unpacked that brought a new
pam-config: /usr/share/pam-configs/mkhomedir

This may be harmless in this case (the new module is disabled by
default), but in general libpam-modules should ensure that any updated
configuration it delivers gets processed by pam-auth-update.

One option would be to have libpam-runtime
  Depends: libpam-modules (>= ${source:Version})
but that would still allow partial upgrades of libpam-modules over an
old libpam-runtime version (that does not get updated).

Another option could be to add trigger support to libpam-runtime and
have libpam-modules.postinst trigger libpam-runtime.


The full log from the failing case is attached.
The only difference between success and failure is the way the upgrade
is performed, which changes the order of upgrading the packages:
GOOD: apt-get dist-upgrade
BAD:  apt-get upgrade && apt-get dist-upgrade


Andreas


pamlog.bad.log.gz
Description: application/gzip

Bug#912187: ca-certificates-java: Wrong jvm options for armhf

[Markus Koschany]

On Sun, 28 Oct 2018 22:53:56 +0100 =?UTF-8?Q?Gero_M=c3=bcller?=
 wrote:
> Package: ca-certificates-java
> Version: 20170531+nmu1
> 
> On armhf the server JVM is not available. But the postinst script
> assumes so and uses it to setup a temporary configuration in
> /etc/java-8-openjdk/jvm-armhf.cfg
> The installation of openjdk-8-jre-headless therefore fails!

[...]

This bug was apparently "fixed" in version 20170929 but then the change
was reverted in 20170930. Both versions were marked as fixed. The
severity is still "serious" and it is not clear from reading the
changelog whether version 20170930 addresses the problem

@Matthias

Can this bug report be closed or should it be reassigned to OpenJDK? You
reverted the previous fix here

https://salsa.debian.org/java-team/ca-certificates-java/commit/53651f7939e6f35694ee31e5ef0376f1bfce7e55

Markus



signature.asc
Description: OpenPGP digital signature

Bug#864657: ca-certificates-java: Can we have fix for this in Stretch as well, please.

[Markus Koschany]

On Wed, 23 Jan 2019 21:27:09 +0100 Markus Koschany  wrote:
> Of course I meant default-jre-headless | java7-runtime-headless.


If nobody objects, I will implement this change tomorrow.



signature.asc
Description: OpenPGP digital signature

Bug#919763: adios: armhf FTBFS when built on arm64

[Steve McIntyre]

On Mon, Jan 28, 2019 at 10:34:54AM -0800, Steve Langasek wrote:
>On Mon, Jan 28, 2019 at 12:45:22PM +, Steve McIntyre wrote:
>> Hi Alastair,
>
>> On Mon, Jan 28, 2019 at 09:50:30AM +, Alastair McKinstry wrote:
>
>> >Yes, thanka for this patch. I'm reluctant to consider that binaries built on
>> >armhf failing on arm64 is an _RC Bug_, but its definitely undesirable.
>
>> It's not *yet* RC, but it's going to go that way soon. Our plan is to
>> switch to building for armel and armhf using arm64 machines before too
>> long, which would reliably break all packages with bugs like this.
>
>If it were only about the buildds, then Alastair's solution (disabling the
>testsuite on this arch), though suboptimal, would probably be acceptable.
>But I think it is increasingly likely that people who are running armhf
>Debian binaries will be doing so on 64-bit chips with 64-bit kernels, where
>unaligned fixups will not happen.
>
>This is also the configuration that android 32-bit kernels shipped in since
>forever.
>
>So there is a small but significant and increasing set of configurations
>where armhf binaries need to avoid unalign access in order to be useful.

Yup, agreed also. People should also *not* be disabling test suites
that are showing real issues being found!

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
< liw> everything I know about UK hotels I learned from "Fawlty Towers"

Bug#919763: adios: armhf FTBFS when built on arm64

[Steve Langasek]

On Mon, Jan 28, 2019 at 12:45:22PM +, Steve McIntyre wrote:
> Hi Alastair,

> On Mon, Jan 28, 2019 at 09:50:30AM +, Alastair McKinstry wrote:

> >Yes, thanka for this patch. I'm reluctant to consider that binaries built on
> >armhf failing on arm64 is an _RC Bug_, but its definitely undesirable.

> It's not *yet* RC, but it's going to go that way soon. Our plan is to
> switch to building for armel and armhf using arm64 machines before too
> long, which would reliably break all packages with bugs like this.

If it were only about the buildds, then Alastair's solution (disabling the
testsuite on this arch), though suboptimal, would probably be acceptable.
But I think it is increasingly likely that people who are running armhf
Debian binaries will be doing so on 64-bit chips with 64-bit kernels, where
unaligned fixups will not happen.

This is also the configuration that android 32-bit kernels shipped in since
forever.

So there is a small but significant and increasing set of configurations
where armhf binaries need to avoid unalign access in order to be useful.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Bug#920740: Should crda be shipped in buster?

[Ben Hutchings]

Control: severity -1 wishlist
Control: tag -1 - buster sid

On Mon, 2019-01-28 at 18:49 +0200, Adrian Bunk wrote:
> Package: crda
> Severity: serious
> Tags: buster sid
> 
> Since commit 007f6c5e6eb45 the kernel supports regdb loading
> without crda.
> 
> crda could be removed from buster after:
> - supporting kernel direct loading in wireless-regdb (#892229)
> - replace the Recommends: crda in iw and network-manager with
>   versioned recommends on wireless-regdb
> - remove the Suggests from wireless-regdb
> 
> wireless-regdb in bullseye could then drop the regdb for crda
> and add a Breaks: crda.

This is all wrong, we don't enable direct loading yet.

Ben.

-- 
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
 - Albert Camus




signature.asc
Description: This is a digitally signed message part

Processed: Re: Bug#920740: Should crda be shipped in buster?

[Debian Bug Tracking System]

Processing control commands:

> severity -1 wishlist
Bug #920740 [crda] Should crda be shipped in buster?
Severity set to 'wishlist' from 'serious'
> tag -1 - buster sid
Bug #920740 [crda] Should crda be shipped in buster?
Removed tag(s) sid and buster.

-- 
920740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920740
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: severity of 892475 is wishlist

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 892475 wishlist
Bug #892475 [wireless-regdb] Please upgrade to last release (2017-12-23)
Severity set to 'wishlist' from 'serious'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
892475: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892475
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920751: node-cosmiconfig has never been installable

[Steve Langasek]

Package: node-cosmiconfig
Version: 3.1.0-2
Severity: grave
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu disco

Dear Pirate,

The node-cosmiconfig package has never been installable in Debian.  It
depends on node-parse-json (>= 3.0.0), which has never existed
(node-parse-json 2.2.0-1 is the first and only version uploaded to the
archive).

Since this package has been broken in unstable now for over a year with no
action, I'm filing this bug report so that the issue perhaps gets on
someone's radar.

There are also three other packages which depend on node-cosmiconfig and so
are in turn uninstallable: node-postcss-load-{config,options,plugins}.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Bug#920750: libparanamer-java FTBFS with recent OpenJDK

[Adrian Bunk]

Source: libparanamer-java
Version: 2.8-4
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libparanamer-java.html

...
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar (attach-javadoc) on 
project paranamer: MavenReportException: Error while generating Javadoc: 
[ERROR] Exit code: 1 - javadoc: error - The code being documented uses modules 
but the packages defined in https://docs.oracle.com/javase/1.5.0/docs/api/ are 
in the unnamed module.


For background see
https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no=919798#125

Bug#920749: popper.js: contains generated code uncertain if fully included as source

[Jonas Smedegaard]

Source: popper.js
Version: 1.14.6+ds-1
Severity: serious
Justification: Policy 2.1

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Source package contains several files (seemingly all of them) below
 which does not excist in upstream version tracking and therefore
are not in the form preferred upstream, and more importantly may include
other code than the actual source below .

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlxPP8IACgkQLHwxRsGg
ASFK1hAAriXMDCIrGsMdyAicI0pRWZ5nWGeeQa0Sn5WLev+PFE9GcuykxDVQtdv5
0tVfziLSg9l66YNjc0nzxsPMChX0emu2LmJXXJltpX816NkrmwZUBg0xuJleZ3zl
2DTTBmmE3rvS9WJ+qjtcTM8r/YtosWwXXqooTe+MVaKaD9mQWC63iak8NYUc27pW
rduq11FOzalZHW4jOcLorYA1PrfaUr67JGNWNPZCkcKm9KPAN0Z9sjhofmkEqKXP
A+06IwxVgfK9PiijScSSWKzQSVfCi1RF5nMJciDWMJmUePDu7+9vSyxaJJcsQcBt
aWau9Hy/Akb0J/SRdMV6fS8mhTo2xF5SDEDjxxp7X3AZ8vn9EdnQFvdFrbsIoj5d
4TinMiZfgexMy8Asve2tGRUOszDsyVEMziNopI40yslSIq3RYXrlSAu/Mh0mt/l4
fmdZXcqlsnS8XtT5iNHBxjQ+e/wliIxATz7qztBhjoV1uHkUmO8YvzJyFJu38aVv
AEu2LXHf2vpGHcwUKaqXnen+PDeCOGg+j5OsAI6g/NfSlaxTid6ZUojZUK+mVCw9
2v1rQyR3BHGatNabaE31tXnRSZO5EOFG4nTs5rQDgxQIpWFgwWgwPFSysPBNE8Fh
OwDSFkfX/gfCXebygXRTbQP2MQ+M9WrDxkZ5JJfIybgGhNXu6j8=
=Ndgg
-END PGP SIGNATURE-

Bug#920747: dirgra FTBFS with recent OpenJDK

[Adrian Bunk]

Source: dirgra
Version: 0.3-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/dirgra.html

...
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar (default-cli) on 
project dirgra: MavenReportException: Error while generating Javadoc: 
[ERROR] Exit code: 1 - javadoc: error - The code being documented uses modules 
but the packages defined in https://docs.oracle.com/javase/6/docs/api/ are in 
the unnamed module.


For background see
https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no=919798#125

Bug#920748: jnr-posix FTBFS with recent OpenJDK

[Adrian Bunk]

Source: jnr-posix
Version: 3.0.45-2
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/jnr-posix.html

...
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:3.0.1:jar (attach-javadocs) on 
project jnr-posix: MavenReportException: Error while generating Javadoc: 
[ERROR] Exit code: 1 - Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
[ERROR] javadoc: error - The code being documented uses modules but the 
packages defined in https://docs.oracle.com/javase/6/docs/api/ are in the 
unnamed module.


For background see
https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no=919798#125

Bug#918380: marked as done (FTBFS: test failures with new Web::API)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 17:21:25 +
with message-id 
and subject line Bug#918380: fixed in libmail-chimp3-perl 0.06-1
has caused the Debian Bug report #918380,
regarding FTBFS: test failures with new Web::API
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
918380: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918380
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libmail-chimp3-perl
Version: 0.04-2
Severity: serious
Tags: upstream ftbfs
Justification: fails to build from source
Forwarded: https://github.com/jdigory/p5-Mail-Chimp3/issues/4

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

As also seen on ci.debian.net and cpantesters, libmail-chimp3-perl's
tests fail with libweb-api-perl 2.3-1.

   dh_auto_test
make -j4 test TEST_VERBOSE=1
make[1]: Entering directory '/build/libmail-chimp3-perl-0.04'
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" 
"-e" "undef *Test::Harness::Switches; test_harness(1, 'blib/lib', 'blib/arch')" 
t/*.t
#   Failed test 'use Mail::Chimp3;'
#   at t/01_load.t line 3.
# Tried to use 'Mail::Chimp3'.
# Error:  You cannot overwrite a locally defined method (api_version) with 
a reader at /build/libmail-chimp3-perl-0.04/blib/lib/Mail/Chimp3.pm line 664.
# Compilation failed in require at t/01_load.t line 3.
# BEGIN failed--compilation aborted at t/01_load.t line 3.
# Looks like you failed 1 test of 1.
t/01_load.t .. 
not ok 1 - use Mail::Chimp3;
1..1
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests 
#   Failed test 'use Mail::Chimp3;'
#   at t/02_basic.t line 3.
# Tried to use 'Mail::Chimp3'.
# Error:  You cannot overwrite a locally defined method (api_version) with 
a reader at /build/libmail-chimp3-perl-0.04/blib/lib/Mail/Chimp3.pm line 664.
# Compilation failed in require at t/02_basic.t line 3.
# BEGIN failed--compilation aborted at t/02_basic.t line 3.
Attribute (base_url) is required
# Tests were run but no plan was declared and done_testing() was not seen.
# Looks like your test exited with 255 just after 1.
t/02_basic.t . 
not ok 1 - use Mail::Chimp3;
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 1/1 subtests 
t/03_live.t .. skipped: $ENV{MAILCHIMP_APIKEY} not set, skipping 
live tests
t/author-critic.t  skipped: these tests are for testing by the author
t/author-pod-coverage.t .. skipped: these tests are for testing by the author
t/author-pod-syntax.t  skipped: these tests are for testing by the author

Test Summary Report
- ---
t/01_load.t(Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
t/02_basic.t   (Wstat: 65280 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 255
  Parse errors: No plan found in TAP output
Files=6, Tests=2,  1 wallclock secs ( 0.06 usr  0.01 sys +  0.60 cusr  0.07 
csys =  0.74 CPU)
Result: FAIL
Failed 2/6 test programs. 2/2 subtests failed.
make[1]: *** [Makefile:849: test_dynamic] Error 255
make[1]: Leaving directory '/build/libmail-chimp3-perl-0.04'
dh_auto_test: make -j4 test TEST_VERBOSE=1 returned exit code 2


Cheers,
gregor

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAlww49BfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgY0sQ/9HR0R/hOTQi4zqrQIAzJ7MvXTEcOhS7kiJwwxInzeDHpPHw+Grz/FkrFN
d0L9uOsQVJDv3R8gPuqW5EvSF5P4bqPEdwzMh+Q8aCa59Ms+COWHOK5RjKpiAe2B
5sMzKvtL2fJjEXMZ0dxJNCBdtXpoZeChKMGEeYg4ekiDh+WyCiRVsOJsGm6WMIER
9r3oXaA8jXMlj1EOt5F5nZr8mWEJNki+e9ktDbBNkjNK/X8yTEf3I4K/6jjO+PKc
K+UgNDTREGZNVR7l0WYdoCxBw4agKV6QeAfvwe3JcRFxar8t9jbPdAOROl2FtHFU
6jWTqt5SJ2X8y4qUDDTcGp+KT1ygltylZrmEqWgiq30UhihBIjJDOh59ZHV3uJZV
gZPw2Kq8B0pGrwx/g58pH3XcUGeL/2s+ZP07lFn32+5FRFqfP6tGRhWR2cUw2otN
PBPePHe3BaRna41RBhgfRb+xriPvcdSsePu952f0KyVUCKSHAyequBFXz6SW6Qhr
g5I1VlhEuL3fQmd5bfihzH6yIe7yJWne7TqNRDsK+KkHcA5XNvC3RTeUFy+YFYfZ
ufq/ddqoxJqqAk2C2jn7cv04XHXLxmGKu7Gv+eJjNXdiXExM8Fz0tUWR5l9g2o5O
z+otUD0G1ibsIfAAYrv5YHDiqYR2TsjaWZ+O3fFjFwrzI6G60uo=
=ypDi
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: libmail-chimp3-perl
Source-Version: 0.06-1

We believe that the bug you reported is fixed in the latest version of
libmail-chimp3-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 

Processed: Bug #920744 in request-tracker4 marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #920744 [request-tracker4] request-tracker4: fails to upgrade from stretch: 
Can't locate Cpanel/JSON/XS.pm
Added tag(s) pending.

-- 
920744: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920744
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920744: Bug #920744 in request-tracker4 marked as pending

[Dominic Hargreaves]

Control: tag -1 pending

Hello,

Bug #920744 in request-tracker4 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/request-tracker-team/request-tracker4/commit/97ed2abbbdaf8d4da26616690cd554b109556ec6


Add missing dependencies on libcpanel-json-xs-perl (Closes: #920744)

I think missing this out from the previous commit was probably deliberate,
but based on flawed logic. It is safe and necessary to declare this
dependency to reflect the fact we are invoking it by name.


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/920744

Processed: request-tracker4: fails to upgrade from stretch: Can't locate Cpanel/JSON/XS.pm

[Debian Bug Tracking System]

Processing control commands:

> affects -1 + rt4-extension-jsgantt
Bug #920744 [request-tracker4] request-tracker4: fails to upgrade from stretch: 
Can't locate Cpanel/JSON/XS.pm
Added indication that 920744 affects rt4-extension-jsgantt

-- 
920744: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920744
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920740: Should crda be shipped in buster?

[Adrian Bunk]

Package: crda
Severity: serious
Tags: buster sid

Since commit 007f6c5e6eb45 the kernel supports regdb loading
without crda.

crda could be removed from buster after:
- supporting kernel direct loading in wireless-regdb (#892229)
- replace the Recommends: crda in iw and network-manager with
  versioned recommends on wireless-regdb
- remove the Suggests from wireless-regdb

wireless-regdb in bullseye could then drop the regdb for crda
and add a Breaks: crda.

Processed: severity of 892475 is serious

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 892475 serious
Bug #892475 [wireless-regdb] Please upgrade to last release (2017-12-23)
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
892475: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892475
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920733: freedink: missing Breaks+Replaces: freedink-engine (<< 109.4)

[Andreas Beckmann]

Package: freedink
Version: 109.4-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

From the attached log (scroll to the bottom...):

  Preparing to unpack .../freedink_109.4-1_all.deb ...  

   Unpacking freedink 
(109.4-1) ...   

  dpkg: error processing archive 
/var/cache/apt/archives/freedink_109.4-1_all.deb (--unpack):

   trying to overwrite 
'/usr/share/metainfo/freedink.appdata.xml', which is also in package 
freedink-engine 109.2-1 
   Errors were encountered while 
processing: 

/var/cache/apt/archives/freedink_109.4-1_all.deb

  

cheers,

Andreas


freedink-engine=109.2-1_freedink=109.4-1.log.gz
Description: application/gzip

Bug#919231: [Pkg-salt-team] Bug#919231: salt-master: Upgrade Stretch -> Buster: permission denied on certain files/directories

[Benjamin Drung]

Hi,

Am Sonntag, den 13.01.2019, 23:00 +0100 schrieb Stijn Segers:
> Package: salt-master
> Version: 2018.3.3+dfsg1-2
> Severity: important
> 
> Dear Maintainer,
> 
> Upgrading salt-master from its Stretch version to Buster (whole
> system was
> upgraded) breaks the Salt master.
> 
> [...]
> Permission denied: '/var/cache/salt/master/.salt_key'
> 
> [...]
> Permission denied: '/var/lib/salt/pki/master/minions'

The salt master service in /lib/systemd/system/salt-master.service is
configured as following:

[Service]
User=salt
Group=salt
CacheDirectory=salt/master
RuntimeDirectory=salt
StateDirectory=salt/pki/master

Which means that systemd should take care to correctly set the
permission in /var/cache/salt/master, /run/salt, and
/var/lib/salt/pki/master.

This might be a systemd bug. Further troubleshooting is needed...

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de

Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss

Member of United Internet

Bug#920731: elpa-projectile: fails to upgrade from 'stretch': projectile.el:1121:1:Error: Unknown upattern `(quote native)'

[Andreas Beckmann]

Package: elpa-projectile
Version: 2.0.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails.

>From the attached log (scroll to the bottom...):

  Setting up elpa-projectile (2.0.0-1) ...
  Install elpa-epl for emacs24
  install/epl-0.9: Handling install of emacsen flavor emacs24
  install/epl-0.9: byte-compiling for emacs24
  Install emacsen-common for emacs24
  emacsen-common: Handling install of emacsen flavor emacs24
  Wrote /etc/emacs24/site-start.d/00debian-vars.elc
  Wrote /usr/share/emacs24/site-lisp/debian-startup.elc
  Install elpa-pkg-info for emacs24
  install/pkg-info-0.6: Handling install of emacsen flavor emacs24
  install/pkg-info-0.6: byte-compiling for emacs24
  Install elpa-projectile for emacs24
  install/projectile-2.0.0: Handling install of emacsen flavor emacs24
  install/projectile-2.0.0: byte-compiling for emacs24
  
  In toplevel form:
  projectile.el:968:1:Warning: Unused lexical argument `trash'
  projectile.el:1121:1:Error: Unknown upattern `(quote native)'
  ERROR: install script from elpa-projectile package failed
  dpkg: error processing package elpa-projectile (--configure):
   subprocess installed post-installation script returned error exit status 1


Note that this failure was observed during an
'apt-get upgrade && apt-get dist-upgrade' run in the 'upgrade'
phase, while direct 'apt-get dist-upgrade' succeeds.
This indicates that there may be some missing Breaks against
unsupported older emacs versions ...


cheers,

Andreas


elpa-projectile_2.0.0-1.log.gz
Description: application/gzip

Bug#918323: marked as done (unattended-upgrades: tried to upgrade package with conffile prompt)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 15:59:54 +
with message-id 
and subject line Bug#918323: fixed in unattended-upgrades 1.10
has caused the Debian Bug report #918323,
regarding unattended-upgrades: tried to upgrade package with conffile prompt
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
918323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918323
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: unattended-upgrades
Version: 1.9
Severity: serious

unattended-upgrades tried to upgrade a package (lvm2) with a conffile
prompt and failed because conffile prompts require user input. This
meant that the upgrade of lvm2 failed and was the system was left in a
partially broken state. Normally unattended-upgrades refuses to upgrade
packages that need conffile prompts, so this seems like a regression.

I've included the full log with debug info below:

Unattended upgrade result: All upgrades installed 

Warning: A reboot is required to complete this upgrade, or a previous one.

Packages that attempted to upgrade:
 antlr4 cppcheck dh-golang dmeventd dmsetup gir1.2-secret-1 
 gnome-shell-extension-suspend-button gnome-shell-extension-weather 
 hub kpartx libantlr4-runtime-java libcdr-0.1-1 
 libdevmapper-event1.02.1 libdevmapper1.02.1 
 libdevmapper1.02.1-dbgsym libetonyek-0.1-1 libqxp-0.0-0 
 libsecret-1-0 libsecret-1-0-dbgsym libsecret-common libsecret-tools 
 libwpd-0.10-10 lvm2 python-sqlalchemy 

Packages with upgradable origin but kept back:
 gimp gimp-data libgimp2.0 

Package installation log:
Log started: 2019-01-04  12:49:36
[master 31e4f0db] saving uncommitted changes in /etc prior to apt run
 1 file changed, 0 insertions(+), 0 deletions(-)
 rewrite debdelta/gnupg/random_seed (100%)
apt-listchanges: Reading changelogs...
apt-listchanges: Mailing root: apt-listchanges: changelogs for chianamo
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 460811 files and directories currently installed.)
Preparing to unpack .../libdevmapper1.02.1-dbgsym_2%3a1.02.155-1_amd64.deb ...
Unpacking libdevmapper1.02.1-dbgsym:amd64 (2:1.02.155-1) over (2:1.02.145-4.1) 
...
Preparing to unpack .../dmsetup_2%3a1.02.155-1_amd64.deb ...
Unpacking dmsetup (2:1.02.155-1) over (2:1.02.145-4.1) ...
Setting up dmsetup (2:1.02.155-1) ...
update-initramfs: deferring update (trigger activated)
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 460811 files and directories currently installed.)
Preparing to unpack .../libdevmapper1.02.1_2%3a1.02.155-1_amd64.deb ...
Unpacking libdevmapper1.02.1:amd64 (2:1.02.155-1) over (2:1.02.145-4.1) ...
Setting up libdevmapper1.02.1:amd64 (2:1.02.155-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 460811 files and directories currently installed.)
Preparing to unpack .../00-antlr4_4.7.1-1_all.deb ...
Unpacking antlr4 (4.7.1-1) over (4.6-2) ...
Preparing to unpack .../01-libantlr4-runtime-java_4.7.1-1_all.deb ...
Unpacking libantlr4-runtime-java (4.7.1-1) over (4.6-2) ...
Preparing to unpack .../02-cppcheck_1.86-1_amd64.deb ...
Unpacking 

Bug#920359: marked as done (obitools: ships ecoPCR(1), ecofind(1) manpages already shipped in the ecopcr package)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 15:53:14 +
with message-id 
and subject line Bug#920359: fixed in obitools 1.2.12+dfsg-2
has caused the Debian Bug report #920359,
regarding obitools: ships ecoPCR(1), ecofind(1) manpages already shipped in the 
ecopcr package
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
920359: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920359
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: obitools
Version: 1.2.12+dfsg-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package obitools.
  Preparing to unpack .../obitools_1.2.12+dfsg-1_amd64.deb ...
  Unpacking obitools (1.2.12+dfsg-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/obitools_1.2.12+dfsg-1_amd64.deb (--unpack):
   trying to overwrite '/usr/share/man/man1/ecoPCR.1.gz', which is also in 
package ecopcr 1.0.0+dfsg-1
  Errors were encountered while processing:
   /var/cache/apt/archives/obitools_1.2.12+dfsg-1_amd64.deb


cheers,

Andreas


ecopcr=1.0.0+dfsg-1_obitools=1.2.12+dfsg-1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: obitools
Source-Version: 1.2.12+dfsg-2

We believe that the bug you reported is fixed in the latest version of
obitools, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 920...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille  (supplier of updated obitools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 28 Jan 2019 16:24:48 +0100
Source: obitools
Binary: obitools
Architecture: source
Version: 1.2.12+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team 

Changed-By: Andreas Tille 
Description:
 obitools   - programs to analyze NGS data in a DNA metabarcoding context
Closes: 920359
Changes:
 obitools (1.2.12+dfsg-2) unstable; urgency=medium
 .
   * Drop ecoPCR.1.gz and ecofind.1 from package
 Closes: #920359
   * Section: science
Checksums-Sha1:
 a21e19278d3442851ecfa0de2c6d03c9127c3703 2108 obitools_1.2.12+dfsg-2.dsc
 bbc83548688ddbbc2c5d8dcb5d7a9724fa68761e 18384 
obitools_1.2.12+dfsg-2.debian.tar.xz
Checksums-Sha256:
 718484a09d1481fe0bdea4f4f1248f34c5334a8dafa6b1e704f433e145034d40 2108 
obitools_1.2.12+dfsg-2.dsc
 0cad16667f157eb54dcb9ec7ea6fd68f9ec869742430a8b61e9db519fe4bba0b 18384 
obitools_1.2.12+dfsg-2.debian.tar.xz
Files:
 b7af6177ad5dfdae440eb5b1a8782071 2108 science optional 
obitools_1.2.12+dfsg-2.dsc
 3e5042a8a631352af78cbb64253c4909 18384 science optional 
obitools_1.2.12+dfsg-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJFBAEBCAAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAlxPICwRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtEy4w//XXr8XbftpjnD1bX3DojKbJDGOS7yBj7K
hW8CVR/96iSgH9eEjfLwHNgLV/X9PvuW7zfXqN6APMi6lcY2FXv0mD9l94e6sHGX
Eor5AZIA/9EscGQlrfbHtvkAvXJGd8C69lcqJpkiJ77WEj6fBANas1mUR11KXll3
RGuBu2t/bT2+Rc1b9Rx0HHvB6LWaJiQoYPt3brLndxYEtzsJQO/bZNFs4mi3sf9D
N0PkqnOm41jGDaUo5cUh0tEWOzH8zvO0Cte8oY9iiW4juKuEarARX/La22PP8Ygo
09dydYxIGHyiHFniG7laTvRxS9PEDFsERkpei9ZFQdsQPG5H7jpdqfP/gLNlbUIL
fbsYR5y8ilCwAG+CILkBaHhcAMwB8DWgHHttQ4Z4TzFMN+CYEoeViUsq8bUg+q77
4ZM0lG12TpmwqJvJ+ixM1fmmQUhqXpDbe1xSQGJ+Sc9earEcwllu+Yp5j9CaMvt0
yA6QJrB5ZE1wFcqGmMitTibF3o8HGUS4rd8nLssLPZ0lXX1w+uKNdwG6cHv9ngyx
B7Am4r5DGJJCUzEVljZUOkfsnu5INEWZZFovwXwGIx0m/vyR90pjf+w9ZndfCtPF
xQyQLrIkCH8rsgcG7pVfxeWPc0p3waTkgHiOfj01+mZMvWETqDuOcfMpBX6o6XVU
HgwkgDxwDh4=
=6WYw
-END PGP SIGNATURE End Message ---

Processed: severity of 918736 is grave

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 918736 grave
Bug #918736 [src:libthrift-java] libthrift-java: CVE-2018-1320
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
918736: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918736
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#891698: cause removed, but not closing it myself

[Moritz Mühlenhoff]

On Sat, Mar 17, 2018 at 01:42:03AM +0100, Adam Borowski wrote:
> I wrote:
> > The daemon's init script has the following line:
> > apm_available || exit 0
> > which makes it always silently fail, as apm_available contains:
> 
> > # APM support was removed from kernel 2.6.40 in 2011.
> > exit 1
> 
> > The comment is untrue:
> > ./config/i386/config:CONFIG_APM=m
> > but regardless whether APM still works or not, the daemon will not.
> 
> I've changed apm_available to actually check /proc/apm again, which on the
> face value fixes this bug.  However: the daemon was completely unusable for
> 4 years, yet no one said a thing.  Thus, I'll leave it to you to actually
> close the bug (or do nothing and let the package get autoremoved from
> Buster).
> 
> Also, laptops have a much shorter lifespan than desktops or servers: the
> chances of a 20 years battery to still work are about nil, other components
> are also more fragile and harder to replace.  Thus, if any such laptops are
> still alive, they probably are stationary, thus without much use for APM.
> 
> Having APM in the kernel is still useful (needed for poweroff), but, with no
> one noticing the daemon broken, you might consider sending it off to a nice
> pasture.  You know your package far better than me...

I've filed a removal bug now.

Cheers,
Moritz

Bug#920728: libgd2: CVE-2019-6978

[Salvatore Bonaccorso]

Source: libgd2
Version: 2.2.5-5
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/libgd/libgd/issues/492

Hi,

The following vulnerability was published for libgd2.

CVE-2019-6978[0]:
| The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the
| gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
| NOTE: PHP is unaffected.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-6978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978
[1] https://github.com/libgd/libgd/issues/492

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#906811: marked as done (FTBFS: libconfig.h: No such file or directory)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 15:49:44 +
with message-id 
and subject line Bug#906811: fixed in blasr 5.3.2+dfsg-1
has caused the Debian Bug report #906811,
regarding FTBFS: libconfig.h: No such file or directory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
906811: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906811
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: blasr
Version: 5.3+0-2
Severity: serious
Justification: FTBFS

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

When recompiling blasr for unstable it FTBFS with:

make[1]: Leaving directory '/<>'
   debian/rules override_dh_auto_build   
make[1]: Entering directory '/<>'
dh_auto_build 
make -j1 "INSTALL=install --strip-program=true"
make[2]: Entering directory '/<>'
make[2]: git: Command not found
g++ -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include/pbseq -g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -O3 -g -DSHA1_7=\"\" -std=c++0x -pedantic -Wall -We
xtra -Wno-div-by-zero -Wno-overloaded-virtual -MMD -MP -fno-builtin-malloc 
-fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free 
-fno-omit-frame-pointer  -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include/pbseq
/alignment -I/usr/include/pbseq/hdf -I/usr/include/pbseq/pbdata -I/usr/include 
-I/usr/include/hdf5/serial -I/usr/include/htslib -I/usr/include/boost  -c -o 
Blasr.o Blasr.cpp
In file included from iblasr/BlasrMiscs.hpp:4,
 from Blasr.cpp:3:  
iblasr/BlasrHeaders.h:24:10: fatal error: libconfig.h: No such file or directory
 #include
  ^
compilation terminated.
make[2]: *** [: Blasr.o] Error 1

Full log attached.

Thanks,

_g.

- -- System Information:
Distributor ID: PureOS
Description:PureOS GNU/Linux 8
Release:8
Codename:   green
Architecture: x86_64

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages blasr depends on:
ii  libc62.27-5
ii  libgcc1  1:8.2.0-3
ii  libhdf5-100  1.10.0-patch1+docs-4+b2
ii  libhdf5-cpp-100  1.10.0-patch1+docs-4+b2
pn  libhts2  
pn  libpbbam 
pn  libpbseq 
ii  libstdc++6   8.2.0-3
ii  zlib1g   1:1.2.11.dfsg-1

blasr recommends no packages.

blasr suggests no packages.

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAlt8Cu8ACgkQ7+hsbH/+
z4OhTQf/bZPsdSP7SzdhPH4n7kRghAx0aH+hiRpMbwIV+KbBKrFglcVV4G6X9LJM
eAI2ovx0mk27VKLPjKFA7eYkin5j3JxEvKDrSiqwu4xk7YAtHf/4rfMIJfLs1za2
oXqaWkc7GlKhX834A+0B2kxCOnmOLLETOXAoPzJl0+TFt3Ec5uJbXQSd6QLF0iJO
LTm4zx8kl/3KXxQPZUHkQibC/B6G5vDHl2KoXNnAqQHqyDjFrFE5wglu4mUV/u0X
2kVaNezD7+o1HGqLEOTKXFT9rLH13EWoL79/Tcblr66jjJdgn36tFqHggVc74d5v
42+SK5GWyaR5yXNPH27mj1NS/RSF7g==
=0mhM
-END PGP SIGNATURE-


blasr_5.3+0-2_amd64-2018-08-21T11:40:43Z.build.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: blasr
Source-Version: 5.3.2+dfsg-1

We believe that the bug you reported is fixed in the latest version of
blasr, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 906...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille  (supplier of updated blasr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 28 Jan 2019 16:10:36 +0100
Source: blasr
Binary: blasr
Architecture: source
Version: 5.3.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team 

Changed-By: Andreas Tille 
Description:
 blasr  - mapping single-molecule sequencing reads
Closes: 906811
Changes:
 blasr (5.3.2+dfsg-1) unstable; urgency=medium
 .
   * Team upload
 .
   [ Andreas Tille ]
   * New upstream version
   * Build-Depends: libpbdata-dev
 Closes: #906811
   * d/watch: point to Github since upstream is now tagging releases
   * Point Vcs fields to salsa.debian.org
   * debhelper 12
   * Standards-Version: 

Processed: block 920037 with 893227 900299 894360 894353 915540

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> block 920037 with 893227 900299 894360 894353 915540
Bug #920037 [src:openjdk-8] Don't include in buster
920037 was blocked by: 920726 920723 920725 920714
920037 was not blocking any bugs.
Added blocking bug(s) of 920037: 893227, 894353, 915540, 900299, and 894360
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
920037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920037
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920726: openrocket: Depends on openjdk-8-jre which will not be in buster

[Andreas Beckmann]

Package: openrocket
Version: 15.03.4
Severity: serious
Control: block 920037 with -1

Hi,

buster will ship with openjdk-11 only.


Andreas

Processed: openrocket: Depends on openjdk-8-jre which will not be in buster

[Debian Bug Tracking System]

Processing control commands:

> block 920037 with -1
Bug #920037 [src:openjdk-8] Don't include in buster
920037 was blocked by: 920725 920723 920714
920037 was not blocking any bugs.
Added blocking bug(s) of 920037: 920726

-- 
920037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920037
920726: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920726
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#920725: pki-base-java: Depends on openjdk-8-jre-headless which will not be in buster

[Andreas Beckmann]

Package: pki-base-java
Version: 10.6.8-2
Severity: serious
Control: block 920037 with -1

Hi,

buster will ship with openjdk-11 only.


Andreas

Processed: pki-base-java: Depends on openjdk-8-jre-headless which will not be in buster

[Debian Bug Tracking System]

Processing control commands:

> block 920037 with -1
Bug #920037 [src:openjdk-8] Don't include in buster
920037 was blocked by: 920714 920723
920037 was not blocking any bugs.
Added blocking bug(s) of 920037: 920725

-- 
920037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920037
920725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920725
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#919876: marked as done (javadoc: The code being documented uses modules but the packages defined in … are in the unnamed module)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 15:12:56 +
with message-id 
and subject line Bug#919876: fixed in java-string-similarity 0.24-2
has caused the Debian Bug report #919876,
regarding javadoc: The code being documented uses modules but the packages 
defined in … are in the unnamed module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
919876: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919876
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:java-string-similarity
Version: 0.24-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep --buildsystem=maven
   dh_update_autotools_config -i -O--buildsystem=maven
   dh_autoreconf -i -O--buildsystem=maven
   dh_auto_configure -i -O--buildsystem=maven
mh_patchpoms -plibjava-string-similarity-java --debian-build 
--keep-pom-version --maven-repo=/<>/debian/maven-repo
   dh_auto_build -i -O--buildsystem=maven
/usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
-Dproperties.file.manual=/<>/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian 
-Dmaven.repo.local=/<>/debian/maven-repo --batch-mode package 
javadoc:jar javadoc:aggregate -DskipTests -Dnotimestamp=true -Dlocale=en_US
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by 
com.google.inject.internal.cglib.core.$ReflectUtils$1 
(file:/usr/share/maven/lib/guice.jar) to method 
java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of 
com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal 
reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Scanning for projects...
[INFO] 
[INFO] < info.debatty:java-string-similarity >-
[INFO] Building java-string-similarity 0.24
[INFO] [ jar ]-
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ 
java-string-similarity ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /<>/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.8.0:compile (default-compile) @ 
java-string-similarity ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 25 source files to /<>/target/classes
Use of target 1.5 is no longer supported, switching to 1.7
Use of source 1.5 is no longer supported, switching to 1.7
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ 
java-string-similarity ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 2 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.8.0:testCompile (default-testCompile) @ 
java-string-similarity ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 15 source files to /<>/target/test-classes
Use of target 1.5 is no longer supported, switching to 1.7
Use of source 1.5 is no longer supported, switching to 1.7
[INFO] 
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ 
java-string-similarity ---
[INFO] Tests are skipped.
[INFO] 
[INFO] --- maven-jar-plugin:3.1.1:jar (default-jar) @ java-string-similarity ---
[INFO] Building jar: /<>/target/java-string-similarity-0.24.jar
[INFO] 
[INFO] --- maven-javadoc-plugin:3.0.1:jar (attach-javadocs) @ 
java-string-similarity ---
[INFO] Adding the --ignore-source-errors option
[INFO] 
Loading source files for package info.debatty.java.stringsimilarity...
Loading source files for package info.debatty.java.stringsimilarity.examples...
Loading source files for package 
info.debatty.java.stringsimilarity.experimental...
Loading source files for package 
info.debatty.java.stringsimilarity.interfaces...
Constructing Javadoc information...
Standard Doclet version 11.0.2
Building tree for all the packages and classes...
Generating 
/<>/target/apidocs/info/debatty/java/stringsimilarity/CharacterSubstitutionInterface.html...
Generating 

Bug#882287: xul-ext-noscript: new upstream version

[Moritz Mühlenhoff]

On Wed, Oct 03, 2018 at 05:20:51PM +0200, Moritz Mühlenhoff wrote:
> On Mon, Sep 17, 2018 at 01:13:18PM +0400, Jerome BENOIT wrote:
> > Please consider to the new upstream version 10
> > given that the current version of noscript provided in Stretch
> > does not work with  firefox-esr 60.2 recently brought in Stretch.
> 
> What's the plan for noscript in stretch? Is a backport of the
> web extension planned for stretch or should it be removed in the
> next point release? (This was also require a backport of dh_webext
> to stretch it seems).

Since no followup happened, I've just filed a removal bug for noscript
in stable for the next point release. 

Cheers,
Moritz

Processed: virtualbox: Build-Depends on openjdk-8 which will not be in buster

[Debian Bug Tracking System]

Processing control commands:

> block 920037 with -1
Bug #920037 [src:openjdk-8] Don't include in buster
920037 was blocked by: 920714
920037 was not blocking any bugs.
Added blocking bug(s) of 920037: 920723

-- 
920037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920037
920723: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920723
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#918374: marked as done (ganeti: FTBFS with Sphinx 1.8: cannot import name Directive)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 15:08:56 +
with message-id 
and subject line Bug#918374: fixed in ganeti 2.16.0-4
has caused the Debian Bug report #918374,
regarding ganeti: FTBFS with Sphinx 1.8: cannot import name Directive
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
918374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918374
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ganeti
Version: 2.16.0-3
Severity: important
User: python-modules-t...@lists.alioth.debian.org
Usertags: sphinx1.8

Dear Maintainer,

ganeti fails to build with Sphinx 1.8, currently available in experimental:

  [...] /<>/./autotools/docpp < man/ganeti-cleaner.rst > 
man/ganeti-cleaner.gen ;\
  ./autotools/check-man-references man/ganeti-cleaner.gen; \
  trap - EXIT
  Traceback (most recent call last):
File "/<>/./autotools/docpp", line 39, in 
  from ganeti.build import sphinx_ext
File "/tmp/gntbuild.KJeJdC3e/ganeti/build/sphinx_ext.py", line 50, in 

  from sphinx.directives import Directive
  ImportError: cannot import name Directive

The Directive class should be imported from docutils.parsers.rst module,
not from sphinx.directives.

--
Dmitry Shachnev


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: ganeti
Source-Version: 2.16.0-4

We believe that the bug you reported is fixed in the latest version of
ganeti, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 918...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos  (supplier of updated ganeti package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 28 Jan 2019 11:37:36 +0200
Source: ganeti
Binary: ganeti ganeti-2.16 ganeti-haskell-2.16 ganeti-htools ganeti-htools-2.16 
ganeti-doc python-ganeti-rapi python3-ganeti-rapi ganeti-testsuite
Architecture: source
Version: 2.16.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Ganeti Team 
Changed-By: Apollon Oikonomopoulos 
Description:
 ganeti - cluster virtualization manager
 ganeti-2.16 - cluster virtualization manager - Python components
 ganeti-doc - cluster virtualization manager - documentation
 ganeti-haskell-2.16 - cluster virtualization manager - Haskell components
 ganeti-htools - cluster virtualization manager - tools (stand-alone)
 ganeti-htools-2.16 - cluster virtualization manager - tools for Ganeti 2.16
 ganeti-testsuite - cluster virtualization manager - test suite
 python-ganeti-rapi - cluster virtualization manager - RAPI client library
 python3-ganeti-rapi - cluster virtualization manager - RAPI client library 
(Python 3)
Closes: 918374 920685 920686
Changes:
 ganeti (2.16.0-4) unstable; urgency=medium
 .
   * Fix FTBFS with sphinx 1.8 (Closes: #918374)
   * Bump Standards-Version to 4.3.0; no changes needed
   * Detect arch-dependent libc/linux header values (Closes: #920685, #920686)
   * Fix process control with start-stop-daemon from dpkg 1.19.4
Checksums-Sha1:
 1a2cec8f5fce3ad64cf3c1dad14b5a7a8fab 3483 ganeti_2.16.0-4.dsc
 fc8db26e40d7b94ca0f1e93947f5e71b17db276b 61240 ganeti_2.16.0-4.debian.tar.xz
 e20f2bb655d6734cc5952ec603a377ed63155491 14433 ganeti_2.16.0-4_source.buildinfo
Checksums-Sha256:
 b72ec92b9f76a99cc291d2a9e5f9a66c7beeedaf9da5753a9a475c3fa8137a66 3483 
ganeti_2.16.0-4.dsc
 c247d31dcba24186869fd656cef98f499c09da374bd5622e4fb04cfa50550665 61240 
ganeti_2.16.0-4.debian.tar.xz
 650aa55f2814a518f780ba0847b6ba933479a26b8573ea582bf4de8df4ec81cc 14433 
ganeti_2.16.0-4_source.buildinfo
Files:
 19441869d78e1c2c846942a1069f0487 3483 admin optional ganeti_2.16.0-4.dsc
 a94276edcbd498288d3b11cfb0cdff4b 61240 admin optional 
ganeti_2.16.0-4.debian.tar.xz
 9c9415224689d4dbe9e767c259788f2d 14433 admin optional 
ganeti_2.16.0-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJHBAEBCAAxFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlxO9IITHGFwb2lrb3NA
ZGViaWFuLm9yZwAKCRD1GxjHICSCJBwYD/47Ztb0pTw5MT6mIalSZPh+U4nq/+Rs
BOxusaVsvwL2W2fnAywolm3k7abikBC4X42zfad6CNZABJ6/f6//TvuO6s/dZTo0
4X/XDM8sfdKE9K0rd5+Jfxt1jIbjfOvrEmNWmRmfhkC+J5T08ZcPemzhSlCeJ10B

Bug#918415: marked as done (golang-golang-x-tools FTBFS with Go 1.11)

[Debian Bug Tracking System]

Your message dated Mon, 28 Jan 2019 15:10:45 +
with message-id 
and subject line Bug#918415: fixed in golang-golang-x-tools 
1:0.0~git20190125.d66bd3c+ds-1
has caused the Debian Bug report #918415,
regarding golang-golang-x-tools FTBFS with Go 1.11
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
918415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-golang-x-tools
Version: 1:0.0~git20180501.d3e4ceb5+ds-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/golang-golang-x-tools.html

...
=== RUN   TestGuru
testdata/src/softerrs/main.go:8:6: i declared but not used
--- FAIL: TestGuru (115.50s)
guru_test.go:301: Guru tests for testdata/src/referrers/main.go failed: 
exit status 1.
--- testdata/src/referrers/main.golden  2019-01-03 12:48:16.976984149 
-1200
+++ testdata/src/referrers/main.got 2019-01-03 12:50:41.761147882 
-1200
@@ -56,5 +56,5 @@
 
  @referrers ref-type-U 
 references to type U int
-open nosuchfile.y: no such file or directory (+ 1 more refs in this 
file)
+open testdata/src/referrers/nosuchfile.y: no such file or directory (+ 
1 more refs in this file)
...
=== RUN   TestImportTestdata
--- FAIL: TestImportTestdata (1.15s)
gcimporter_test.go:93: testPath(./testdata/exports): reading export data: 
testdata/exports.o: cannot import, possibly version skew (unknown export format 
version -1 ("i\x00\x83")) - reinstall package
=== RUN   TestVersionHandling
--- PASS: TestVersionHandling (0.00s)
=== RUN   TestImportStdLib
--- FAIL: TestImportStdLib (0.02s)
gcimporter_test.go:93: testPath(archive/tar): reading export data: 
/usr/lib/go-1.11/pkg/linux_amd64/archive/tar.a: cannot import, possibly version 
skew (unknown export format version -1 
("i\x00\x8c\x16\xc1/!$GOROOT/src/archive/tar/common.go\x00\bTypeflag\x04Name\bLinkname\x04Size\x04Mode\x03Uid\x03Gid\x05Uname\x05Gname\aModTime\x04Time\x04time"))
 - reinstall package
gcimporter_test.go:93: testPath(archive/zip): reading export data: 
/usr/lib/go-1.11/pkg/linux_amd64/archive/zip.a: cannot import, possibly version 
skew (unknown export format version -1 
("i\x00\xe0$\xb9E!$GOROOT/src/archive/zip/reader.go\x00\x01r\bReaderAt\x02io\x04File\aComment\rdecompressors\fDecompressor\x04init\x01z\x06Reader\x04size\x14RegisterDecompressor\x06method\x05dcomp\fdecompressor\aesc:0x1\x01f\x02os\x05Close\x02rc"))
 - reinstall package
gcimporter_test.go:110: testing time used up
gcimporter_test.go:240: tested 0 imports
=== RUN   TestImportedTypes
--- FAIL: TestImportedTypes (0.09s)
gcimporter_test.go:275: reading export data: 
/usr/lib/go-1.11/pkg/linux_amd64/math.a: cannot import, possibly version skew 
(unknown export format version -1