Bug#928429: dpkg: trigger cycle postgresql-common -> sgml-base while upgrading from stretch to buster

2019-05-31 Thread Guillem Jover 
Hi!

On Fri, 2019-05-17 at 21:12:28 +0200, Andreas Beckmann wrote:
> On 2019-05-14 02:35, Guillem Jover wrote:
> > setup some chroot somewhere to do that.
> > 
> > I'm attaching the patch. Otherwise already built (and signed) binary
> > packages can be temporarily found at:
> > 
> >   
> 
> It would have been even easier if you had added a Packages file to the
> directory :-) (then I could have used it directly as an argument to the
> --testdebs-repo option)

I'll have that in mind for the next time. :)

> I've ran two piuparts tests upgrading from stretch to sid:
> * with your new packages: success
> * with what's in sid: failure
> 
> So your patch seems to fix this issue.

Perfect thanks.

I have queued most of the changes for the next release, which I'm
planning on cutting tomorrow night, but I've yet to decide on the
s-s-d issue. Sorry for the delays!

Thanks,
Guillem

Bug#929588: usat: source tarballs are missing the source of the configure script

2019-05-31 Thread Carsten Schoenert 
Hi,

please use 'Reply All' next time so your answer will also get into the
bug tracking system. Thanks!

Am 31.05.19 um 17:50 schrieb badd...@gmail.com:
> Ah I see.
> 
> Well, I am about to put out a new release with a lot of updates. In
> fact, the current release has some debian issues that I am working
> on. I will ensure that it is fixed in that release.

Thanks!
Once it's released the package maintainers can keep it up then.

> If I have some time, I will go back to the current release and add
> the configure.in. I am not sure where it got lost to...
I guess it's mostly about hand crafted (Make)files, otherwise at least
one part -f the -local targets should get a bit of a reworking.

Please do a reply again about some ready to use updates to this email so
the information about a new or updated archive will be announced into
the Debian issue tracker.

-- 
Regards
Carsten Schoenert

Processed: found 920339 in 0.99.2-5~bpo9+1

2019-05-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 920339 0.99.2-5~bpo9+1
Bug #920339 [matrix-synapse] matrix-synapse: installation process hangs with 
unknown reason
Marked as found in versions matrix-synapse/0.99.2-5~bpo9+1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
920339: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920339
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

2019-05-31 Thread Reinhard Tartler 
On Fri, May 31, 2019 at 5:03 PM Chris Wilson  wrote:

> Hi Reinhard,
>
> Presumably the many other affected packages have had similar difficulty in
> developing a comprehensive solution? I also wasn't aware of a time
> constraint. Not that it would have helped me much, as I was moving house,
> but it would have been good to know that there was a risk of not making
> Debian 10.
>

I'm sorry, I should have communicated that point earlier. I've been bitten
by this with other packages as well.
The release schedule is documented here:
https://wiki.debian.org/DebianBuster
The most recent update from the release team is
https://lists.debian.org/debian-devel-announce/2019/04/msg3.html - and
newer updates will be linked from https://release.debian.org/.

In short: The team is minimizing changes as much as possible, and getting
updates in becomes more and more a similar big deal as updating something
in stable.

I could create a special branch with a cut-down version of the solution,
> e.g. forcing the SecurityLevel to -1 (compatibility and warn) for the time
> being, in order to get the fix out in time for Debian 10, and then put the
> full version into backports?
>

That would be amazing, if the patch is easy to review, I'd be happy to
upload it as a distro patch based on the current package and try to get
this approved by the release team. It might even be accepted as a stable
update, depending on how invasive it is.


Thanks,
-rt

Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

2019-05-31 Thread Chris Wilson 
Hi Reinhard,

Presumably the many other affected packages have had similar difficulty in
developing a comprehensive solution? I also wasn't aware of a time
constraint. Not that it would have helped me much, as I was moving house,
but it would have been good to know that there was a risk of not making
Debian 10.

I could create a special branch with a cut-down version of the solution,
e.g. forcing the SecurityLevel to -1 (compatibility and warn) for the time
being, in order to get the fix out in time for Debian 10, and then put the
full version into backports?

Thanks, Chris.

On Fri, 31 May 2019 at 12:16, Reinhard Tartler  wrote:

> Hi Chris,
>
> On Sun, May 19, 2019 at 12:21 PM Chris Wilson 
> wrote:
>
>> Hi Reinhard and all,
>>
>> Good news, I have just finished fixing this problem, and merged it into
>> master with https://github.com/boxbackup/boxbackup/pull/36. Please could
>> you cut a new Debian package release and see if the tests pass for you? Or
>> if not, point me to the failure logs?
>>
>> If anyone wants to know more, the issue is quite complex, and there are
>> no easy answers, which is why it took so long to fix. I've done my best to
>> describe it at
>> https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates. Please
>> feel free to correct any mistakes that I've made.
>>
>
> Thanks a lot for your assistance!
>
> I've now (finally) uploaded the package to debian/experimental, the build
> logs will be available at
> https://buildd.debian.org/status/package.php?p=boxbackup=experimental
>  soon.
>
> Unfortunately, the changes are quite invasive and do not qualify for
> inclusion into "Debian testing" this late in the Debian release cycle (cf.
> https://salsa.debian.org/debian/boxbackup/commit/6017757bc079f4446aa77bc5c0855c52741280f4?w=1
> - all of which would need to be reviewed and approved by the Release Team).
> That's very unfortunate, because it very likely means that boxbackup will
> not be part of Debian 10 (buster).
>
> I am also sympathetic -- the nature of the issue seems to require such
> invasive changes and coming up with a simple, focused and reviewable fix is
> super hard.
>
> The best that we can do at this point is to get it included into
> "buster-backports" as soon as that suite opens, probably shortly after
> buster is released, which should be within (hopefully) a small number of
> weeks.
>
>
> Best,
> -rt
>
> --
> regards,
> Reinhard
>

Bug#929172: Same issue as already reported, and partially fixed

2019-05-31 Thread Diederik de Haas 
On vrijdag 31 mei 2019 21:52:38 CEST Paul Gevers wrote:
> On 31-05-2019 21:16, Diederik de Haas wrote:
> > Control: severity -1 serious
> 
> Please don't use this if you CC multiple bugs that aren't all of the
> same severity.

Sorry about that, didn't realize that it would affect CC-ed bugs too. Later on 
I send another mail to revert the inadvertent changes.

> > The fix has actually been made. But the problem is that it needs an
> > unblock ack from the d-i team (https://bugs.debian.org/928908), but after
> > 2 weeks there is still no reply.
> 
> Please have patience. D-I is busy.

Ok. I already felt that I was being annoying. I guess I got too frustrated not 
seeing any response for > 2 weeks and not knowing why.

> > When that is done, (afaik) a rebuild of the package to pick up the change
> > in libdebian-installer is needed (at least for cdebootstrap-static? which
> > I'm using).
> 
> Please file a binNMU bug already than (I didn't check if that is the
> correct course of action, but better discuss that there).

I had never done that before, but I tried here: #929820


signature.asc
Description: This is a digitally signed message part.

Bug#929819: closing 929819

2019-05-31 Thread Salvatore Bonaccorso 
close 929819 67.0-1
thanks

Processed: closing 929819

2019-05-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 929819 67.0-1
Bug #929819 [firefox] [firefox] package v67
Marked as fixed in versions firefox/67.0-1.
Bug #929819 [firefox] [firefox] package v67
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
929819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929819
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#929819: [firefox] package v67

2019-05-31 Thread jnqnfe 
Package: firefox
Version: 66.0.5-1
Severity: critical

Firefox v67 was released 10 days ago and includes critical security
fixes (as I'm sure I don't need to point out, they always do). Please
update the package on the unstable channel.

I am aware that we are currently in a freeze period for the next stable
release, but many Debian users, like myself and my family, actually run
'unstable/'Sid', and the long delays in getting critical security fixes
like this onto the unstable channel impacts our security.

I understand that perhaps using unstable may not be officially
considered a correct use of Debian, but with the exception of server
use, people don't want to wait 2 years for new major versions of
significant userland packages. I have been using this channel for some
years now and rarely experience noticeable bugs introduced on it. The
only real problem stems from freezes that delay security updates.

Regards, :)

Processed (with 1 error): Re: Same issue as already reported, and partially fixed

2019-05-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 55 grave
Bug #55 {Done: Bastian Blank } [libdebian-installer] 
libdebian-installer: Unable to parse Packages files with long lines
Ignoring request to change severity of Bug 55 to the same value.
> merge 929172 904699
Bug #929172 [cdebootstrap] cdebootstrap: buster 2019-05-18 parser_rfc822: Iek! 
Don't find end of value!
Unable to merge bugs because:
severity of #904699 is 'important' not 'serious'
blockedby of #904699 is '55' not ''
done of #904699 is 'Asbjørn Sloth Tønnesen ' not ''
Failed to merge 929172: Did not alter merged bugs.

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
55: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=55
904699: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904699
929172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929172
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#554444: Same issue as already reported, and partially fixed

2019-05-31 Thread Paul Gevers 
severity 55 grave
merge 929172 904699
thanks

Hi Diederik,

On 31-05-2019 21:16, Diederik de Haas wrote:
> Control: severity -1 serious

Please don't use this if you CC multiple bugs that aren't all of the
same severity.

> The fix has actually been made. But the problem is that it needs an unblock 
> ack 
> from the d-i team (https://bugs.debian.org/928908), but after 2 weeks there 
> is 
> still no reply.

Please have patience. D-I is busy.

> When that is done, (afaik) a rebuild of the package to pick up the change in 
> libdebian-installer is needed (at least for cdebootstrap-static? which I'm 
> using).

Please file a binNMU bug already than (I didn't check if that is the
correct course of action, but better discuss that there).

Paul



signature.asc
Description: OpenPGP digital signature

Processed: Repairing inadvertent severity changes

2019-05-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 55 grave
Bug #55 {Done: Bastian Blank } [libdebian-installer] 
libdebian-installer: Unable to parse Packages files with long lines
Severity set to 'grave' from 'serious'
> severity 904699 important
Bug #904699 {Done: Asbjørn Sloth Tønnesen } [cdebootstrap] 
W: parser_rfc822: Iek! Don't find end of value! when using sid or testing
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
55: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=55
904699: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904699
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Same issue as already reported, and partially fixed

2019-05-31 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 serious
Bug #929172 [cdebootstrap] cdebootstrap: buster 2019-05-18 parser_rfc822: Iek! 
Don't find end of value!
Severity set to 'serious' from 'normal'

-- 
929172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929172
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#554444: Same issue as already reported, and partially fixed

2019-05-31 Thread Diederik de Haas 
Control: severity -1 serious

Hi,

This is the same issue as https://bugs.debian.org/904699, which is actually an 
issue in libdebian-installer (https://bugs.debian.org/55).

The fix has actually been made. But the problem is that it needs an unblock ack 
from the d-i team (https://bugs.debian.org/928908), but after 2 weeks there is 
still no reply.
When that is done, (afaik) a rebuild of the package to pick up the change in 
libdebian-installer is needed (at least for cdebootstrap-static? which I'm 
using).

Raised the issue to be RC as cdebootstrap(-static) is pretty much useless as 
it is now if you want to install buster (or sid).
My previous attempts to push this towards a solution have been unsuccessful so 
far and I don't know what else I could do...

signature.asc
Description: This is a digitally signed message part.

Processed: Same issue as already reported, and partially fixed

2019-05-31 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 serious
Bug #904699 {Done: Asbjørn Sloth Tønnesen } [cdebootstrap] 
W: parser_rfc822: Iek! Don't find end of value! when using sid or testing
Severity set to 'serious' from 'important'

-- 
904699: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904699
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Same issue as already reported, and partially fixed

2019-05-31 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 serious
Bug #55 {Done: Bastian Blank } [libdebian-installer] 
libdebian-installer: Unable to parse Packages files with long lines
Severity set to 'serious' from 'grave'

-- 
55: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=55
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: hyantesite: test failures on most architectures

2019-05-31 Thread Debian Bug Tracking System 
Processing control commands:

> retitle -1 should hyantesite be part of buster?
Bug #888733 [src:hyantesite] hyantesite: test failures on most architectures
Changed Bug title to 'should hyantesite be part of buster?' from 'hyantesite: 
test failures on most architectures'.

-- 
888733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888733
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#888733: hyantesite: test failures on most architectures

2019-05-31 Thread Paul Gevers 
Control: retitle -1 should hyantesite be part of buster?

Hi,

On Tue, 21 May 2019 07:24:17 +0200 Andreas Tille 
wrote:
> On Mon, May 20, 2019 at 08:05:09PM +0100, Rebecca N. Palmer wrote:
> > On 19/05/2019 18:15, Andreas Tille wrote:
> > > So what is the plan to fix this bug?  Create new references to craft
> > > a valid test or ignore these tests?
> > 
> > ...or decide that something that's abandoned and doesn't follow its
> > documentation (even after the above fixes) doesn't belong in Debian stable
> > and let it be removed?  I have no strong opinion.
> > 
> > The above fix was written as part of an attempt to find fixes for all RC
> > bugs in debian-science testing; I hadn't heard of the package before seeing
> > this bug.
> 
> Same for me.  If nobody else might rise an opinion we probably let it go
> and the package will be removed now from testing.  The real usage of
> this package[1] is below 20 users (but anyway there are 20) and I'm
> intentionally CCing Debian Science user list to possibly reach some of
> these users.

If by now, you think the package should be removed, can we have an RM
bug please, such that others don't have to spend the time reading the
bug report?

Paul



signature.asc
Description: OpenPGP digital signature

Bug#929815: uglifyjs.terser does not work for any file

2019-05-31 Thread Pirate Praveen 

package: uglifyjs.terser
version: 3.14.1-1
severity: grave
justification: it does not work at all

Sample repo https://salsa.debian.org/gi-boi-guest/node-d3-fetch

Also tried in https://salsa.debian.org/js-team/node-d3-scale-chromatic 
with same error when trying to minimize dist/d3-scale-chromatic.js


$ uglifyjs.terser dist/d3-fetch.js -o dist/d3-fetch.min.js
module.js:549
   throw err;
   ^

Error: Cannot find module '../tools/exit.js'
   at Function.Module._resolveFilename (module.js:547:15)
   at Function.Module._load (module.js:474:25)
   at Module.require (module.js:596:17)
   at require (internal/module.js:11:18)
   at Object. (/usr/lib/nodejs/terser/bin/uglifyjs:6:1)
   at Module._compile (module.js:652:30)
   at Object.Module._extensions..js (module.js:663:10)
   at Module.load (module.js:565:32)
   at tryModuleLoad (module.js:505:12)
   at Function.Module._load (module.js:497:3)

Bug#929269: marked as done (coturn: overwrites database file /var/lib/turn/turndb on upgrade or reinstall)

2019-05-31 Thread Debian Bug Tracking System 
Your message dated Fri, 31 May 2019 15:18:40 +
with message-id 
and subject line Bug#929269: fixed in coturn 4.5.1.1-1.1
has caused the Debian Bug report #929269,
regarding coturn: overwrites database file /var/lib/turn/turndb on upgrade or 
reinstall
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
929269: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929269
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: coturn
Version: 4.3.1.2-1
Severity: critical
Justification: causes serious data loss

Dear Misi,

The coturn package ships /var/lib/turn/turndb as an empty SQLite
database template, thus unexpectedly overwrites it without warning on
upgrade or reinstall, destroying any data the user might have added to
it (such as user names, passwords, realms, IP addresses and so on).

Please stop shipping this file, the example (as currently shipped)
should be enough.  At most create it in the postinst if it does not
exist yet.
-- 
Thanks,
Feri.
--- End Message ---
--- Begin Message ---
Source: coturn
Source-Version: 4.5.1.1-1.1

We believe that the bug you reported is fixed in the latest version of
coturn, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb  (supplier of updated coturn package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 May 2019 15:11:04 +0100
Source: coturn
Binary: coturn coturn-dbgsym
Architecture: source amd64
Version: 4.5.1.1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team 
Changed-By: Chris Lamb 
Description:
 coturn - TURN and STUN server for VoIP
Closes: 929269
Changes:
 coturn (4.5.1.1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Don't ship the (empty) /var/lib/turn/turndb SQLite database and generate it
 on-demand in the postinst instead, avoiding overwriting it on
 upgrade/reinstall. (Closes: #929269)
Checksums-Sha1:
 23ce68d7546d76b87d32b32839586c351e652b0e 2204 coturn_4.5.1.1-1.1.dsc
 6f0554be9347aa085dc98a0babb9716e1463270f 423160 coturn_4.5.1.1.orig.tar.gz
 57eee60ad3ccfa50f6af187bae079f121c635dfd 11332 coturn_4.5.1.1-1.1.debian.tar.xz
 19441f3a5d1ff776100b9f98a033bb763a320792 1275796 
coturn-dbgsym_4.5.1.1-1.1_amd64.deb
 96676367e00532a1dfe5d0d62f186a9ef649b328 7440 
coturn_4.5.1.1-1.1_amd64.buildinfo
 b648f9c122f31f989d0cef7cb104cfb2deb5268a 357348 coturn_4.5.1.1-1.1_amd64.deb
Checksums-Sha256:
 9db50c515dced2bbafd90501ddba0a7a92c960e4ee579ac0c2e44ff399d2c901 2204 
coturn_4.5.1.1-1.1.dsc
 e020ce90ea0301213451d37099185ff25d93f97fa0f2b48bf21b2946fc3696a4 423160 
coturn_4.5.1.1.orig.tar.gz
 9369c5cc5cb444a9d85402304cf03d9521776ce7d16bc6995d4e7546adb2fb99 11332 
coturn_4.5.1.1-1.1.debian.tar.xz
 5377dc9eb5cd8a2f990e169db19ddc73b38e4f6e125741e629f61ee24e8ddd5a 1275796 
coturn-dbgsym_4.5.1.1-1.1_amd64.deb
 bfa7315e01e612fdc31b5cba28ef3f78f983a07b1c4dcd9279674ff2ebe56e5d 7440 
coturn_4.5.1.1-1.1_amd64.buildinfo
 dd2bdf9b673d1995b2b52dc54a73f47bb4426b78096c910de7805ecb482e766e 357348 
coturn_4.5.1.1-1.1_amd64.deb
Files:
 3c4d59800c6190f04410271311ca4e0a 2204 net optional coturn_4.5.1.1-1.1.dsc
 379ee380c00c4bc88c27e5fe50b8c8ab 423160 net optional coturn_4.5.1.1.orig.tar.gz
 076986c460d0db5a07a7947a2408a8c3 11332 net optional 
coturn_4.5.1.1-1.1.debian.tar.xz
 b775c75e407f66254eab90b6f1070a02 1275796 debug optional 
coturn-dbgsym_4.5.1.1-1.1_amd64.deb
 bb5d586155a4918ad972015890c6559a 7440 net optional 
coturn_4.5.1.1-1.1_amd64.buildinfo
 fa07a1e45b9ac31b01f0fbd04b5f26fc 357348 net optional 
coturn_4.5.1.1-1.1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlzqppcACgkQHpU+J9Qx
Hli6thAAswDxePjSaE7ZFAIzuWKjj4nqjsYD33Dlr8qBSmpBeJ0gpAuFQA+V1JMO
583CvKoiplPlu669IVzse/QJUvzfreUu2KfUyqzGGYSa2xYYRt4p18zc5gTR8mWI
+DJM1sdUCXaRKS2Lw0Wu7fuV4TFeiOYhnkQx0FwhGJYHswGIChEKb1zp6PAFoQi9
sg02MOoWyZcgH9RntESaLeKFVdzAJahiIgKRv5BzpZTQ0+vGFc3Ko4HZSrfOicTS
487AcAQojQcVS3yOL+AFOjXT6g6KUy+C9kUnylaFTskSI2uB8UEMBRkqrG0abbCi
cwxjbjmaU5FLHOd+1V3unyJ7H6ZDmGGDqqzj9kTGwlJDdatUWBHUNsTcmCgowyt7

Processed: fixed 880047 in 1.36-5.1

2019-05-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> fixed 880047 1.36-5.1
Bug #880047 {Done: Peter Palfrader } [postgrey] postgrey 
doesn't start because it can't write its pid
Marked as fixed in versions postgrey/1.36-5.1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
880047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880047
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#929588: usat: source tarballs are missing the source of the configure script

2019-05-31 Thread Carsten Schoenert 
Hi,

thanks for your quick answer!

Am 31.05.19 um 12:26 schrieb badd...@gmail.com:
> I am sending this from my other account, as your email service is blocking
> my main email telling me I have been blacklisted.
> 
> Those packages are astronomically out of date. I had problems with
> Sourceforge when they changed hands, and still have password issues.
> Use the official site:>
> http://dimlight.org/lsat/
> 
> 0.9.8.5 is the latest version.
> 
> Thanks.

O.k. that's an important information for the package maintainers.

I've looked quickly into the zipped file for the version you have
mentioned, the issue is still here also existing. I can't find a
configure.in script nor some similar autogen.sh file.

The configure script has some content that it was created from a
configure.in file.

> #! /bin/sh
> 
> # Guess values for system-dependent variables and create Makefiles.
> # Generated automatically using autoconf version 2.13 
> # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
> #
> # This configure script is free software; the Free Software Foundation
> # gives unlimited permission to copy, distribute and modify it.
> 
> # Defaults:
> ac_help=
> ac_default_prefix=/usr/local
> # Any additions from configure.in:

Please add the configure.in file to the next release or even better
update the existing archives.

> On 2019-05-30 10:58, Carsten Schoenert wrote:
> 
> Hi,
> 
> previous and the most recent release of the usat tarballs is missing the
> source for the configure script.
> 
> http://usat.sourceforge.net/code/lsat-0.9.8.2.zip
> 
> For Debian this makes the package [1 ]
> non-free due the regulation of the
> Debian Free Software Guidelines [2
> ].
> It also makes it impossible to build the package on platforms that are
> not supported by the provided configure script.
> 
> Could you please include the source for the generated configure script?
> 
> [1] https://tracker.debian.org/pkg/lsat
> [2] https://www.debian.org/social_contract.en.html#guidelines
> 

-- 
Regards
Carsten Schoenert

Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

2019-05-31 Thread Reinhard Tartler 
Hi Chris,

On Sun, May 19, 2019 at 12:21 PM Chris Wilson 
wrote:

> Hi Reinhard and all,
>
> Good news, I have just finished fixing this problem, and merged it into
> master with https://github.com/boxbackup/boxbackup/pull/36. Please could
> you cut a new Debian package release and see if the tests pass for you? Or
> if not, point me to the failure logs?
>
> If anyone wants to know more, the issue is quite complex, and there are no
> easy answers, which is why it took so long to fix. I've done my best to
> describe it at
> https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates. Please
> feel free to correct any mistakes that I've made.
>

Thanks a lot for your assistance!

I've now (finally) uploaded the package to debian/experimental, the build
logs will be available at
https://buildd.debian.org/status/package.php?p=boxbackup=experimental
 soon.

Unfortunately, the changes are quite invasive and do not qualify for
inclusion into "Debian testing" this late in the Debian release cycle (cf.
https://salsa.debian.org/debian/boxbackup/commit/6017757bc079f4446aa77bc5c0855c52741280f4?w=1
- all of which would need to be reviewed and approved by the Release Team).
That's very unfortunate, because it very likely means that boxbackup will
not be part of Debian 10 (buster).

I am also sympathetic -- the nature of the issue seems to require such
invasive changes and coming up with a simple, focused and reviewable fix is
super hard.

The best that we can do at this point is to get it included into
"buster-backports" as soon as that suite opens, probably shortly after
buster is released, which should be within (hopefully) a small number of
weeks.


Best,
-rt

-- 
regards,
Reinhard

Bug#907135: marked as done (boxbackup FTBFS with OpenSSL 1.1.1)

2019-05-31 Thread Debian Bug Tracking System 
Your message dated Fri, 31 May 2019 11:03:34 +
with message-id 
and subject line Bug#907135: fixed in boxbackup 0.13~~git20190527.g039c4a1-1
has caused the Debian Bug report #907135,
regarding boxbackup FTBFS with OpenSSL 1.1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
907135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907135
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: boxbackup
Version: 0.13~~git20180313.g16a11e86-1
Severity: serious
Tags: ftbfs
Control: block 907015 by -1

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/boxbackup.html

...
TEST: test/backupstorepatch
Removing old test files...
chmod: cannot access 'testfiles': No such file or directory
Copying new test files...
cp: cannot stat '../../../test/backupstorepatch/testfiles': No such file or 
directory
NOTICE:  Running test backupstorepatch in debug mode...
ERROR:   SSL or crypto error: loading certificates from 
testfiles/clientCerts.pem: error:140AB18F:SSL 
routines:SSL_CTX_use_certificate:ee key too small
WARNING: Exception thrown: ServerException(TLSLoadCertificatesFailed) at 
lib/server/TLSContext.cpp(93)
FAILED: Exception caught: TLSLoadCertificatesFailed
...
common: PASSED
crypto: FAILED: 1 tests failed (first at :0)
compress: PASSED
raidfile: PASSED
basicserver: FAILED: Exception caught: TLSLoadCertificatesFailed
backupstore: FAILED: Exception caught: TLSLoadCertificatesFailed
backupstorefix: FAILED: 4 tests failed (first at lib/common/Test.cpp:485)
backupstorepatch: FAILED: Exception caught: TLSLoadCertificatesFailed
backupdiff: FAILED: 1 tests failed (first at :0)
bbackupd: FAILED: Exception caught: TLSLoadCertificatesFailed
s3store: FAILED: 1 tests failed (first at :0)
httpserver: PASSED
--- End Message ---
--- Begin Message ---
Source: boxbackup
Source-Version: 0.13~~git20190527.g039c4a1-1

We believe that the bug you reported is fixed in the latest version of
boxbackup, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 907...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler  (supplier of updated boxbackup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 27 May 2019 18:40:14 -0400
Source: boxbackup
Architecture: source
Version: 0.13~~git20190527.g039c4a1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Reinhard Tartler 
Closes: 907135
Changes:
 boxbackup (0.13~~git20190527.g039c4a1-1) experimental; urgency=medium
 .
   * QA upload.
   * Update to new upstream version 0.13~~git20190527.g039c4a1 Requested by
 upstream, now uses 2048bit keys by default. Keys generated with
 earlier versions are considered "weak" and generate a warning for now.
 (Closes: #907135)
Checksums-Sha1:
 02f95b06795ed3bf920b15012859c760ce380571 2372 
boxbackup_0.13~~git20190527.g039c4a1-1.dsc
 68095ac05cbe617c6a4bc32bc4337148a3adc600 1322544 
boxbackup_0.13~~git20190527.g039c4a1.orig.tar.xz
 b095dfb38a96414288c06d76f02401629bb18dde 64684 
boxbackup_0.13~~git20190527.g039c4a1-1.debian.tar.xz
Checksums-Sha256:
 a007586db9144df1f639c198ee0d30a684114547bb21f5a465befedb9281867f 2372 
boxbackup_0.13~~git20190527.g039c4a1-1.dsc
 23c91a36f3240831bf66a522b01b486cd2552f5d4a1a78ab488c069d80f1ae5d 1322544 
boxbackup_0.13~~git20190527.g039c4a1.orig.tar.xz
 6af1b391614b5f9c2710ebb698882573a9844c57135b8fa49d3c20334eef99f4 64684 
boxbackup_0.13~~git20190527.g039c4a1-1.debian.tar.xz
Files:
 d8efbddd8ff5cdb2136db5b47d1a07df 2372 utils optional 
boxbackup_0.13~~git20190527.g039c4a1-1.dsc
 c51abb8333cc90965dd29d9323feb689 1322544 utils optional 
boxbackup_0.13~~git20190527.g039c4a1.orig.tar.xz
 518f04cae380115ae194253acae026a5 64684 utils optional 
boxbackup_0.13~~git20190527.g039c4a1-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE6n5rckvJ+/LRcetya3IL6cXPbZ4FAlzxBjoUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQa3IL6cXPbZ6foxAArHJtlKhWpQb6BA1Wq2GCEKb/Ee0/
3+sgZWPZCl/WYSNcBHXWK66d9Xe77Qmwo3Asp/DctOemdoFmNSUhOkIbNiHIPauA
4isTeO+z5dQJNNipHoUxDtDydIgjsZAPlbGK5MYgxvOCyGfwRkVizfxvwRwKcEA5
ac1/uyXcG0UWlF8cp/VOBWOwkXnoBeTxCYyHFn2MPO6L5SQsJk+9g1FzvhWPXu3F

Bug#929788: marked as done (e-antic: test suite fails on 32 bit architectures)

2019-05-31 Thread Debian Bug Tracking System 
Your message dated Fri, 31 May 2019 08:40:37 +
with message-id 
and subject line Bug#929788: fixed in e-antic 0.1.2+ds-3
has caused the Debian Bug report #929788,
regarding e-antic: test suite fails on 32 bit architectures
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
929788: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929788
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: e-antic
Version: 0.1.2+ds-2
Severity: serious
Tags: upstream
Justification: fails to build from source

FTBFS on 32 bit architectures.
Jerome


-- System Information:
Debian Release: Stretch*
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---
Source: e-antic
Source-Version: 0.1.2+ds-3

We believe that the bug you reported is fixed in the latest version of
e-antic, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jerome Benoit  (supplier of updated e-antic package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 31 May 2019 08:00:01 +
Source: e-antic
Architecture: source
Version: 0.1.2+ds-3
Distribution: experimental
Urgency: medium
Maintainer: Debian Science Maintainers 

Changed-By: Jerome Benoit 
Closes: 929788
Changes:
 e-antic (0.1.2+ds-3) experimental; urgency=medium
 .
   * FTBFS fix release (Closes: #929788), see below.
   * Debianization:
 - debian/patches/*:
   - d/p/upstream-fix-test-poly_extra-32bitarch.patch , import from
 upstream repository;
   - d/p/adhoc-fix-test-randtest.patch , introduce.
Checksums-Sha1:
 5cdfbb7d4ecff0f50d2b6bfc53d38dcceb2d59af 2861 e-antic_0.1.2+ds-3.dsc
 39b99d99c80a619d909bfb0c346bcb80d4bc11b2 9024 e-antic_0.1.2+ds-3.debian.tar.xz
 0e2d8986c69cfde26b4b898d3a38468965106e86 6601 
e-antic_0.1.2+ds-3_source.buildinfo
Checksums-Sha256:
 ccb5f62329c37504aa71237e4e06c6d8daa227250a6ffc9af70313890c847e0e 2861 
e-antic_0.1.2+ds-3.dsc
 d7c66b583fdf94b8003517613c509cddc699c1b01a10f6c5b3127ab4dd180b32 9024 
e-antic_0.1.2+ds-3.debian.tar.xz
 a4d58f47a04d4eb0a0d7812036f8ece9de97adbc192a9b17f89644bb4f6a1c8f 6601 
e-antic_0.1.2+ds-3_source.buildinfo
Files:
 235f7a027800878fc7e50158469026f1 2861 math optional e-antic_0.1.2+ds-3.dsc
 7cb5d13295391ac3e564ffc3c752b529 9024 math optional 
e-antic_0.1.2+ds-3.debian.tar.xz
 ae249006b9eb3efc9657c5eac79e2c8b 6601 math optional 
e-antic_0.1.2+ds-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQRJBAEBCgAzFiEEriiuFXEN/x2H5adiP5IZpn82xosFAlzw3/sVHGNhbGN1bHVz
QHJlem96ZXIubmV0AAoJED+SGaZ/NsaLQ2Qf/1u3ngQQ0Q1oky8WbHy7AiyPXtsI
9A0LB9N00mhNg/o+jqMyGxqVZl5CqsVZd5Zi4cafVxQ22aJkBXkB3QivZjzK25BR
Pvp6zu9DKLz6AjP8BeYkFDHsR8sKViZpzauGPZEXdBPr6KM85lsUQtPwMV/JtRuQ
VN3MKolYBRySSMK+hJXbPQ6naYvtfigRbBr05IXk8J8IMNzql1LbH7OxoZaZ0lWq
6pwXCh5TA7JTXE8j72m9/V+kxmGpejmHkggfl57/eXiSqpUN92pnvaZ55EzgMkei
TwSZsrotnemWFnY8zfHZA1FReF56vSuYP4fhoZuPoXn13MnCRyWF8gqKq3IDtYGc
0OKYR22XG4iOL69KSa/Cnb6TUP6BUxVf1wHuB+y8M67Q1vo7iEo3s4fd6vh5s//j
DwM2GhQlI5xzARjedLYBGogRzBgpRYwFbCd7Uy7Apmf9Pj/LWeQ2xcVTKK8Dtv0g
84GMqxviFUiSC7XYDeM6b4iwyndjMNvhthFgZVqJ7tOn07rKAZq5Slgt7JCmmHBN
cOwNMh5DAqLTghxHLk1s7FOeXFbx7TgEGBbsvP/2lse4vz2zzthn2b8kWxVTaMi4
Sa9mYvRGvX5hgk8Vl2PbpRmuuq8/lZknFqzJi1jNR/8aj7+PWMpD4ri458IALVJy
mjC0UTPdVMlmJwxJbJlzv6PqeUdgAG7a9QkH/dla5tYZRL/U4/iu/8YzLDtBnlCF
VsJiFFAPlBv1PbKNM6HAj4ZtmzfwecJnrQZaATD9e/7xqkS7R/lVRbPp9Lsf7ZDK
lwMHADzDqxI0QU44mFLxvIivfygchzLlIrxg+N0bS2937tVeGXM+bnjn2xzoSSd6
yigVNf03Y/sJIfavqLqssJt43GQChVwtVm9Hh2nPeb3gxq1wZvgtzYjA4FfFGwQA
6QfkKB7t6flXXMMtK7H3BwQlJvNiE1idI/kqIeSp3adWkhQ23tSFhjXr6cO/kC2H
udO7/sMbW0mM3I7XFSreNRZ/yKPzAQav2Cgh46qRO61cvVcnLN0dx24XpvW3R9et
EhlHFHvBKPqPOfs6YPASaY55eg+3Wnyw1hGBC0yQaO3VlWLHvFqSoYN/WXfy5tLU
MFysgmIH0cqRrdsXSS/AEv7mvCWlOCp654SZp9p5Icne/arJLcAfSH5DNrbM8Fb8

Bug#929788: e-antic: test suite fails on 32 bit architectures

2019-05-31 Thread Jerome Benoit 
Package: e-antic
Version: 0.1.2+ds-2
Severity: serious
Tags: upstream
Justification: fails to build from source

FTBFS on 32 bit architectures.
Jerome


-- System Information:
Debian Release: Stretch*
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#929283: zookeeper: CVE-2019-0201: information disclosure vulnerability

2019-05-31 Thread Salvatore Bonaccorso 
Hi Tony,

On Thu, May 30, 2019 at 06:47:33AM -0700, tony mancill wrote:
> On Mon, May 27, 2019 at 10:07:38PM -0700, tony mancill wrote:
> > On Sun, May 26, 2019 at 08:58:29PM +0200, Moritz Mühlenhoff wrote:
> > > Looks fine, but can you please also include the test case upstream added?
> > > Given that it's quite complex to reconstruct the specific affected ZK 
> > > setup,
> > > we should at least ship/run the test case.
> > 
> > I will prepare an upload for 3.4.13 in testing/unstable soon - should be
> > in the next day or so.
> 
> As an update...
> 
> Regarding the upload of a patched 3.4.13 for buster and unstable,
> cherry-picking and adapting the upstream patch from the 3.4.14 branch is
> straight-forward and complete [1].  The package is building, etc.
> 
> The delay is that the tests for the Debian package aren't in a state
> where they are easy to run.  This predates this issue, going back to the
> changes made when netty 3.9 was removed from Debian.  Since the changes
> to the packaging and patches to re-enable tests would be extensive (I am
> still working through them), I'm not certain that they will be suitable
> for an upload during the freeze.  At a minimum, I intend to get them
> working locally and push a branch so that others can verify, as well as
> run the updated ZK through some local smoke-testing that validates the
> ACL change.

Thanks for giving an update on the state!

Regards,
Salvatore

Bug#929781: rkt: CVE-2019-10144 CVE-2019-10145 CVE-2019-10147

2019-05-31 Thread Salvatore Bonaccorso 
Source: rkt
Version: 1.30.0+dfsg-7
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/rkt/rkt/issues/3998

Hi,

The following vulnerabilities were published for rkt.

CVE-2019-10144[0]:
rkt: processes run with `rkt enter` are given all capabilities during stage 2

CVE-2019-10145[1]:
processes run with rkt enter do not have seccomp filtering during stage 2

CVE-2019-10147[2]:
processes run with rkt enter are not limited by cgroups during stage 2

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-10144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10144
[1] https://security-tracker.debian.org/tracker/CVE-2019-10145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10145
[2] https://security-tracker.debian.org/tracker/CVE-2019-10147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10147
[3] https://github.com/rkt/rkt/issues/3998
[4] https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/

Regards,
Salvatore

Processed: severity of 929780 is important

2019-05-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 929780 important
Bug #929780 [src:linux] linux-image-4.19.0-5-amd64: xps13 crashes on 
suspend/resume with latest kernel
Severity set to 'important' from 'critical'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
929780: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929780
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems