Bug#1001643: Re: Bug#1060913: RFS: sdaps/1.9.11-0.1 [NMU] [RC] -- scripts for data acquisition with paper-based surveys

[Dominik George]

Hi,

> Here I am not a member of DebianEdu team and told if am not a member
> of one team there is no reason to do team upload.
> Ideally, I should contact the team to join in or tell team I am going
> to fix ftbfs issue.

Whether the maintainer is a team doesn't matter here (it just means I am
not responsible alone for the lack of updates on the package, haha ;)).

In general, you always contact the maintainer for every upload before
doing an NMU, through the address from the package meta-data or by
sending your changes to the BTS into the bug you are fixing.

> But I got no response from there(not DebianEdu
> team) in the past.

Can you point me to message IDs where you requested changes to be
uploaded?

Ideally, you should just send the changes to the BTS bug you are fixing,
and tag it "patch".

-nik


signature.asc
Description: PGP signature

Bug#1049328: Reverting nested groups feature in Debian's GOsa²

[Dominik George]

Hi,

> However, group nesting is not a feature that can be used with posixGroup 
> objectClass based LDAP objects (as the objectClass / schema does not support 
> group nesting). I really have a huge question mark about what upstream's 
> intention for this feature was/is...

It is not a feature, but definitely possible using dynlist (we did this at 
Teckids before abandonning LDAP):

https://www.openldap.org/faq/data/cache/1209.html

Maybe GOSa expects something like that to be in place?

-nik

Bug#1029076: closed by Jonas Smedegaard (reply to 1029...@bugs.debian.org) (Re: [pkg-uWSGI-devel] Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.11 / should a

[Dominik George]

Control: reopen -1

> Sorry, but I fail to see any problem here.
>
> uwsgi _does_ build against the default Python.

Yes, but the default Python it builds against in unstable is not necessarily 
the default Python in testing.

Right now, it is built against Python 3.11, while the default Python in testing 
is 3.10. Hence, it does not work in testing (have you actually tried that after 
my bug report?).

Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.11 / should always build against the defalt Python in testing

[Dominik George]

Package: uwsgi-plugin-python3
Version: 2.0.21-3+b1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: debian-pyt...@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Currently, the uWSGI Python 3 plugin is built against
Python 3.11, and depends on libpython3.11. This is,
to some extent, fine, as Python 3.11 is already in
Debian.

However, Python 3.10 is still the default Python in
bookworm, and as it stands this will not change [1].
In practice, this means that without changing the
interpreter and manually ensuring that the Python 3.11
environment is fully available, apps run through uWSGI
do not work.

So, the uWSGI plugin should in general always build
against the default Python IMHO.

- -nik

[1] https://lists.debian.org/debian-python/2023/01/msg00010.html

- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-6-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages uwsgi-plugin-python3 depends on:
ii  libc6  2.36-8
ii  libpython3.11  3.11.1-2
ii  uwsgi-core 2.0.21-3+b1

uwsgi-plugin-python3 recommends no packages.

Versions of packages uwsgi-plugin-python3 suggests:
pn  python3-uwsgidecorators  

- -- no debconf information

-BEGIN PGP SIGNATURE-

iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCY8aedTEaaHR0cHM6Ly93
d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz
aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3ZDoAQCYW8oE4ZgiBKkgo1lge2Az
7/qTIXGHgKAAF5kmuGTB5QD+NiuAOboj6I6ZvxRZF4o1D3vXCBr1HkqYz+piZMQO
Fgc=
=Y+XX
-END PGP SIGNATURE-

Bug#1026827: xrdp: initially xrdp worked ok, but later it broke, and the problem was /etc/xrdp/startwm.sh that changed

[Dominik George]

Control: tags -1 + moreinfo
Control: severity -1 normal

Hi,

> Severity: critical
> Justification: breaks the whole system

I doubt that very much. Are you sure that the whole system stopped
working because you could not start a session in xrdp? As in, no login
on the tty possible, the kernel crashing, boot failed, or the like?

>* What led up to the situation?

What did yo udo *before* the file was renamed?

I am pretty certain that this is not something the package did.

How is the syste mmanaged?

Did the change happen in correlation with a package update?

-nik


signature.asc
Description: PGP signature

Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined

[Dominik George]

Control: reassign -1 node-caniuse-lite 1.0.30001224+dfsg-2
Control: retitle -1 Broken exports in index.js
Control: affects -1 node-autoprefixer
Control: tags -1 + upstream fixed-upstream
Control: forwarded -1 https://github.com/browserslist/caniuse-lite/issues/70

> Proposal:
> 
>  1. Add a patch to node-autoprefixer to use the old API
>  2. Add a version constraint to the node-caniuse-lite dependency in
> node-autoprefixer (<< 1.0.30001226~)
>  3. Report a bug against node-caniuse-lite to update to the current
> upstream version, with a gentle hint on what will break if updated
>  4. Once updated, drop the patch, and remove the version constraint

Actually, all rdepends seem to use another import mechanism, which was
not broken.

Thus, reassigning to node-caniuse-lite to get it updated.

-nik


signature.asc
Description: PGP signature

Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined

[Dominik George]

>   - let autoprefixerData = { browsers: agents, prefixes: dataPrefixes }
>   + let autoprefixerData = { browsers: agents.agents, prefixes: dataPrefixes }

It's
https://github.com/browserslist/caniuse-lite/commit/fde289588b2ccb129ba3d1552134be2c78fee8b7

So, this happened with a recent update of node-autoprefixer, because
the new autoprefixer relies on the new API of caniuse-lite.

caniuse-lite should, and will at some point, be updated in Debian as
well. However, this will break node-browserslist, because that relies
on the old API. Oh the joy!

Proposal:

 1. Add a patch to node-autoprefixer to use the old API
 2. Add a version constraint to the node-caniuse-lite dependency in
node-autoprefixer (<< 1.0.30001226~)
 3. Report a bug against node-caniuse-lite to update to the current
upstream version, with a gentle hint on what will break if updated
 4. Once updated, drop the patch, and remove the version constraint

@ JavaScript team, shall I proceed with that?

-nik


signature.asc
Description: PGP signature

Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined

[Dominik George]

Package: node-autoprefixer
Version: 10.3.1.0+dfsg1+~cs14.6.19-1
Severity: grave
Justification: renders package unusable

autoprefixer currently does not work because it handles the agents
imported from caniuse-lite wrongly:


  /usr/share/nodejs/autoprefixer/lib/browsers.js:64
  let prefix = data.prefix_exceptions && data.prefix_exceptions[version]
  ^

  TypeError: Cannot read property 'prefix_exceptions' of undefined
  at Browsers.prefix (/usr/share/nodejs/autoprefixer/lib/browsers.js:64:23)
  at /usr/share/nodejs/autoprefixer/lib/prefixes.js:193:54
  at Array.map ()
  at Prefixes.select (/usr/share/nodejs/autoprefixer/lib/prefixes.js:193:31)
  at new Prefixes (/usr/share/nodejs/autoprefixer/lib/prefixes.js:133:53)
  at loadPrefixes 
(/usr/share/nodejs/autoprefixer/lib/autoprefixer.js:111:22)
  at Object.prepare 
(/usr/share/nodejs/autoprefixer/lib/autoprefixer.js:121:22)
  at /usr/share/nodejs/postcss/lib/lazy-result.js:133:39
  at Array.map ()
  at new LazyResult (/usr/share/nodejs/postcss/lib/lazy-result.js:131:43)


The problem comes from /usr/share/nodejs/autoprefixer/lib/autoprefixer.js:

  let { agents } = require('caniuse-lite')

The object loaded here contains another object called agents. For me, changing 
line 10
fixes the issue:

  - let autoprefixerData = { browsers: agents, prefixes: dataPrefixes }
  + let autoprefixerData = { browsers: agents.agents, prefixes: dataPrefixes }

I have no idea how this problem came to be, and how to properly fix it. Might be
an incompatibility between the versions of autoprefixer and canisue-lite?

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages node-autoprefixer depends on:
ii  node-browserslist  4.17.0+~cs5.6.76-1
ii  node-caniuse-lite  1.0.30001224+dfsg-2
ii  node-normalize-range   0.1.2-2
ii  node-postcss [node-colorette]  8.2.1+~cs5.3.23-8
ii  node-postcss-value-parser  4.1.0-2
ii  nodejs 12.22.5~dfsg-5

node-autoprefixer recommends no packages.

node-autoprefixer suggests no packages.

-- no debconf information

Bug#993935: debian-edu-ltsp-install: Netboot image exposes private data and crypto keys

[Dominik George]

Package: debian-edu-config
Version: 2.11.56
Severity: critical
Tags: security
Justification: root security hole
X-Debbugs-Cc: Debian Security Team 

The LTSP netboot image produced by debian-edu-ltsp-install includes full copies
of files that should never leave the Debian Edu main server, if run on a 
so-called
"combined server" (a system using the Main Server and Terminal Server profiles,
as done in small installations).

Among these files are full copies of, among others:

 - /var/lib/ldap, containing the full, unencrypted LDAP database with all
   private information on all users, password hashes, and Kerberos keys
 - /etc/krb5-kdc, containing information on decrypting Kerberos data in the
   LDAP database
 - /etc/gosa, containing the (encrypted) LDAP manager credentials, plus the
   key to decrypt it

Any user with access to the local terminal server network can acquire the 
netboot
image, unauthenticated, and extract the listed information from it.

The issue is caused by the new LTSP system using the LTSP PnP system now in all
cases, thus packing the entire mai nserver filesystem in squashfs image. The
debian-edu-ltsp-install script produces a list of files to exclude from the 
image,
which is not sufficient, most probably because it was tailored to the use case 
where
the image is produced from a dedicated Terminal Server instead of a combined 
server.

IMHO, the use case of the combined server cannot be fixed. The new LTSP system 
de facto
disallows any use of a combiend server – even if we make a very carefully 
curated list
of excluded files, any administrator would have to take care to add their own 
excludes
for just about any file they place on the main server that was not palced there 
by the
Debian Edu software. In fact, the whole new LTSP system seems unfit to be used 
on any
server that is not limited to producing LTSP images, and supporting netbooting 
them.

For now, the issue should be mitigated by carefully adding all relevant paths 
that
are known to exist only on the main server to the exclude list, but I do not 
think
that is a viable fix in the long term.

Bug#977988: /usr/bin/spectacle: does not start (libkImageAnnotator.so.0.3.2 not found)

[Dominik George]

Package: kde-spectacle
Version: 20.12.0-1
Severity: grave
File: /usr/bin/spectacle
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

After a recent update, spectacle stoppede working, and errors out on start with:

  spectacle: error while loading shared libraries: libkImageAnnotator.so.0.3.2: 
cannot open shared object file: No such file or directory

Maybe it needs a binNMU?

- -- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kde-spectacle depends on:
ii  kio5.77.0-2
ii  libc6  2.31-6
ii  libkf5configcore5  5.77.0-2
ii  libkf5configgui5   5.77.0-2
ii  libkf5configwidgets5   5.77.0-2
ii  libkf5coreaddons5  5.77.0-2
ii  libkf5dbusaddons5  5.77.0-2
ii  libkf5globalaccel-bin  5.77.0-2
ii  libkf5globalaccel5 5.77.0-2
ii  libkf5i18n55.77.0-2
ii  libkf5kiocore5 5.77.0-2
ii  libkf5kiogui5  5.77.0-2
ii  libkf5kiowidgets5  5.77.0-2
ii  libkf5kipi32.0.0   4:20.08.0-1
ii  libkf5newstuff55.77.0-3
ii  libkf5notifications5   5.77.0-2
ii  libkf5purpose-bin  5.77.0-2
ii  libkf5purpose5 5.77.0-2
ii  libkf5service-bin  5.77.0-2
ii  libkf5service5 5.77.0-2
ii  libkf5waylandclient5   4:5.77.0-2
ii  libkf5widgetsaddons5   5.77.0-4
ii  libkf5windowsystem55.77.0-2
ii  libkf5xmlgui5  5.77.0-2
ii  libkimageannotator00.4.0-1
ii  libqt5core5a   5.15.2+dfsg-2
ii  libqt5dbus55.15.2+dfsg-2
ii  libqt5gui5 5.15.2+dfsg-2
ii  libqt5printsupport55.15.2+dfsg-2
ii  libqt5widgets5 5.15.2+dfsg-2
ii  libqt5x11extras5   5.15.2-2
ii  libstdc++6 10.2.1-1
ii  libxcb-cursor0 0.1.1-4
ii  libxcb-image0  0.4.0-1+b3
ii  libxcb-util1   0.4.0-1+b1
ii  libxcb-xfixes0 1.14-2
ii  libxcb11.14-2
ii  qdbus-qt5  5.15.2-3

kde-spectacle recommends no packages.

kde-spectacle suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl/jtdYxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl
c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pavGQ/+LbBxRuQdz7GeHZabCmTo
GlYBc/60XxcqG7y1SIJdkuxPKoLz5TJrG+87Qy2U6O701g+CIgWCEUhrGWjnXuEC
E2uRQj66m2R9UbIz7s4mgEV9fxfZVZwwQafEH1RXXuvWkSbaslVQuNTbgC1P5zaw
C5YFNtiLuN3BAlJSa3lAi0hZUnD5+KcTzxWYKNKq2fCKd8Wex/tAd+YAeD623htS
OR/CwklxtUrtPPCapMPWBhMzk5dvWpunD4A7j1WF3nptkKA2nk+Jio1qbbqUwlW/
ha/p6LByqwT9CRI4JAyFxwy62nOP1pVfraaOrB9/7fxABJmxsS0wNNUL0Hxsx5we
NSO80AqM34JwRp5ho7f4ZKn9jviAIr7UvInUo46Ng3RjX8hRRw04Y/R43lv+vYQD
aq2gts5t+MQB2HwM+p+4Qz/6Vn+xwkQSh4reQixIo2UoSjNsyMc0GstDzdB8ZHyc
ulyFA0FEvz4AoJiSDCRuJ6tgVXqP4EI2DkdDck4H31bt7WZwYOV5MJzX93U9QXyd
pt0Q8Aav4ya+A3lfRjwAvCPpDqH8PgiT5XLLF/rUB2W7z50MNO3LonJKz2UGxtgu
TvzHNDPosEx0BnbX5Li0u8OgRHizttC23IbR9hld4A0o8C/iz07IbMSP8nqED6CT
gNlsZMEbF2LYl9GutLcbq44=
=KbJh
-END PGP SIGNATURE-

Bug#951120: hydra: Non-free licence exception

[Dominik George]

Package: hydra
Version: 8.8-1
Severity: serious
Justification: Policy 2.1

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The licence of hydra states:

  H Y D R A

  (c) 2001-2020 by van Hauser / THC
  https://github.com/vanhauser-thc/thc-hydra
   many modules were written by David (dot) Maciejak @ gmail (dot) com
 BFG code by Jan Dlabal 

Licensed under AGPLv3 (see LICENSE file)

   Please do not use in military or secret service organizations,
  or for illegal purposes.

The additional exception to the AGPL contradicts the Debian Free Software
Guidelines.

I propose moving hydra to non-free.

- -nik

-BEGIN PGP SIGNATURE-

iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl5CoAcxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl
c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pZKDhAA2K1iunqTCF1B22PRgOwa
2Ym6t+tVFVPy4nCPtWVLhRp3RIC1F9bfrlBUExwheIRkt9hVPjBpXGlgx3nNRaN7
xueRJ8En4rtreuB4CrL9yPl60jwpa02MwKE8jHTkjz7BwaAXnEA6wK9B8wX8Mjs1
gF4zWS4guZqyWXf7KxjUfF+TYUS/5zgdtNSPwByr3HK74oP5rytjNtom1SuziPpd
l2F04fBq86UhM6aXWXuZoaefs/HI9j1fL/m+xYW1ULO3GMeppNm3dRak4VNQVU3G
SEZERODan/0cvmhYbr/eSYxsOQ3+/Ln1XiaxSDnPOMROjQXwf7hPtmrzIPHG7t/Y
ULOnM0WCImzA3uRhDqTLH5567v9vfnTjlj0eUD68MZi0EX6sKahruZYvsI3B3lfL
V3geAuti5cQVjNburzuUMnY87gt+gKfhijCyiH//iDfJsj7e116WlTX0k6CmHkLT
v+5Yg9zy0IGKxOMS4a2s+Lfli5h/savJurKsZIDpoRjQ5Jq9G1znnEmxUW8ITchq
obyjKa+mHfzkz/uUl1IRmoUreWWNB8DWGF0hrMKiLL0Pb7WlVm97A2Wmnqsy9GiH
ESZY8kFQ5JP7WO8yW7QqTxjKv/liAmS98N/FZA4Zk8BOHbUXscVYJD6uuJElZddO
Gz7dN/7gmWePDFgxPFDzwrw=
=6Kcy
-END PGP SIGNATURE-

Bug#946797: debian-edu-config: kadm5.acl should set proper rights for users

[Dominik George]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

> Wolfgang, many thanks for this bug report and the quick fix.
> I'll upload to unstable right now and will coordinate with DSA and LTS
> the fixes for buster, stretch and jessie.

Are you aware that, as laid out on IRC, I am already doing that?

- -nik
-BEGIN PGP SIGNATURE-

iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl33qacxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW
oMTylk1KEACs5v3i94+Hopt5NNSRc+nvQTC7I4AIUsbupHWj9EpV/avKXBH5ak2C
I+U8H6wtlAXQr1KkQwkKxUQYEyXwVN1swKrqJeb6cqW0jB62QizHxDMlzULh1qBw
per1HXYtlK5WcpytkarmOAauWC9Hrh0EIqfQwQxywZSKWbV2IwSj5+LdKW+sVj42
+z8MzO9A+b2UHYo8KWnwq/P48FfFp0bn9unrhiqkLB2OhFsDydF0w7IB8yqecj6x
QP177Po3B7Hf1ThDF4cfF/kqZQ0NenWvv7uRwNL/y4wJ7XQ0EtEsMY73iq3E/CXz
YRvqttqbnNSQO0xAy8CE9jKHY9vMoL7if4NdvFYlSsJYmg+/Tw5BLaehKQRINvZh
pMqDLB4kVi5gpO1Q6qGo/2+SU0+91QbPR6dwQCvcZRQ8v4KqN6GpS00mQX44DFhT
S1kOr60rCYYlRtmxeqmHhyv52GRoY8iGq5KuQUnwXAm8buqy4LmzWQhAVrQk30fi
oA290vBcXyTvhs8/yKGTvjnJcdmfE9V2QIZ8cA/5WbOBAEiEBtH1PoG87dUTejkD
SwEq20DAK8BhCGlWofanEnDygbnvFg/ouHsYQkt6RiP9ocqxXr+J2k5ACOUCWYmo
Carf26wfZ8IWPG7zUoaud68YAPSCfHi35rmRNFBt69DFeH66cLYg+Q==
=SBC3
-END PGP SIGNATURE-

Bug#946797: marked as pending in debian-edu-config

[Dominik George]

Control: tag -1 pending

Hello,

Bug #946797 in debian-edu-config reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian-edu/debian-edu-config/commit/69dd3cf269eaa802f265cdd5b801f111d05731fe


share/debian-edu-config/tools/kerberos-kdc-init:
Set proper rights for users in kadm5.acl file. (Closes: #946797)

Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades.

Signed-off-by: Wolfgang Schweer 


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/946797

Bug#931334: firefox: leaks sensitive information between private windows

[Dominik George]

Package: firefox
Version: 68.0~b6-2
Severity: grave
Tags: upstream security
Justification: user security hole

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Firefox leaks sensitive information between private windows that should 
normally not share personal data. I logged into my company's Google account 
(*sigh*) in one private window, and helpfully immediately got that account 
information shared with a website opened in another private window, that 
congratulated me for now being signed in with my Google account. Why on earth 
did Firefox just leak my sensitive private data to another private mode website?

- -- Package-specific info:


- -- Addons package information

- -- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv:en:de_DE:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firefox depends on:
ii  debianutils   4.8.6.1
ii  fontconfig2.13.1-2
ii  libasound21.1.8-1
ii  libatk1.0-0   2.30.0-2
ii  libc6 2.28-10
ii  libcairo-gobject2 1.16.0-4
ii  libcairo2 1.16.0-4
ii  libdbus-1-3   1.12.16-1
ii  libdbus-glib-1-2  0.110-4
ii  libevent-2.1-62.1.8-stable-4
ii  libffi6   3.2.1-9
ii  libfontconfig12.13.1-2
ii  libfreetype6  2.9.1-3
ii  libgcc1   1:8.3.0-7
ii  libgdk-pixbuf2.0-02.38.1+dfsg-1
ii  libglib2.0-0  2.58.3-2
ii  libgtk-3-03.24.5-1
ii  libjsoncpp1   1.7.4-3
ii  libnspr4  2:4.21-1
ii  libnss3   2:3.44.0-1
ii  libpango-1.0-01.42.4-6
ii  libstartup-notification0  0.12-6
ii  libstdc++68.3.0-7
ii  libvpx5   1.7.0-3
ii  libx11-6  2:1.6.7-1
ii  libx11-xcb1   2:1.6.7-1
ii  libxcb-shm0   1.13.1-2
ii  libxcb1   1.13.1-2
ii  libxcomposite11:0.4.4-2
ii  libxdamage1   1:1.1.4-3+b3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes31:5.0.3-1
ii  libxrender1   1:0.9.10-1
ii  libxt61:1.1.5-1+b3
ii  procps2:3.3.15-2
ii  zlib1g1:1.2.11.dfsg-1

Versions of packages firefox recommends:
ii  libavcodec57  7:3.4.3-1
ii  libavcodec58  7:4.1.3-1

Versions of packages firefox suggests:
ii  fonts-lmodern  2.004.5-6
ii  fonts-stix [otf-stix]  1.1.1-4
ii  libcanberra0   0.30-7
ii  libgssapi-krb5-2   1.17-2
ii  libgtk2.0-02.24.32-3
ii  pulseaudio 12.2-4

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQKJBAEBCgBzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl0bIbsxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p
ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylodMD/oDJhm4
gRR5+4sJDL2igFZQf4igtQrEL3TWD1c9AgkP1UHIEuVKojL8MkJLA5pGKDD+kFf8
92VHtKtiTjm1UTuZoDbsAoWFW3YxblZ5zsynzfK7Csrjxt6qOIYgGyzXuumPaeYl
fLsn3I3IvaCViqWBkAu1Zzi+SrhVRwaonGIW8bTCuRVq0brTB2hJvttgmhFqA9Cl
qKW1AoQ6h0ZUMB64ZzY4TkBaelOmpBYCsRrHvcKATVvd6LCkuGjaU//XkWa4fuqk
rp/uXpWQD/73gFU+3cKWVNQId1v05oKf+u7gy7zK6E3AJL1ztECiThHz6fOg+uHy
qrYFMODjEJxDxYlveqF0naclwJem4xvi3Uuv4mRy55D/5j3Oxl06eYjN9iF6yHnc
H1EPxAF74GyPnn0+uD5xNZIkV155MxIhz7OBxWkEt0h5dRFvDocdp0G6vgSo+dZf
dHqSiZUSY0K7kupJjg57QFNIqjal6ocTbko5JeXPtiXW9mP1gBnZ/0APdKqjJtno
fxKF8HJ5OjcsxlfoNmhinhJUmR4p6aM7I5jXxUES5SfnSCj5jZPXpxhz6HPlhdr0
IzOirUXpeGygnAkAgHgIcgcv6kUfnJlVnraKjrnljLDxwzvB4S3LRmWWEK+e5mK/
NX8DOjEvM5RhpooD2a7mufDDjaTcBaqXLfTqzQ==
=nVIP
-END PGP SIGNATURE-

Bug#928420: php-imagick: CVE-2019-11037

[Dominik George]

Control: tag -1 + patch pending

Hi,

to prevent two of my/our packages, gosa and movim, from being removed
wiht php-imagick, I uploaded the attached NMU debdiff to DELAYED/2.

Cheers,
Nik
diff -Nru php-imagick-3.4.3/debian/changelog php-imagick-3.4.3/debian/changelog
--- php-imagick-3.4.3/debian/changelog  2018-10-15 21:08:12.0 +0200
+++ php-imagick-3.4.3/debian/changelog  2019-06-06 11:33:10.0 +0200
@@ -1,3 +1,10 @@
+php-imagick (3.4.3-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2019-11037. (Closes: #928420)
+
+ -- Dominik George   Thu, 06 Jun 2019 11:33:10 +0200
+
 php-imagick (3.4.3-4) unstable; urgency=medium
 
   * Bump the required dh-php version to >= 0.33~
diff -Nru php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch 
php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch
--- php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch  
1970-01-01 01:00:00.0 +0100
+++ php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch  
2019-06-06 11:33:10.0 +0200
@@ -0,0 +1,142 @@
+From: Danack 
+Origin: 
https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445
+Subject: Fix CVE-2019-11037.
+ out of bounds write in ImagickKernel::addUnityKernel
+Bug: https://bugs.php.net/bug.php?id=77791
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928420
+--- a/imagick-3.4.3/imagickkernel_class.c
 b/imagick-3.4.3/imagickkernel_class.c
+@@ -229,9 +229,9 @@ PHP_METHOD(imagickkernel, frommatrix)
+   zval *origin_array;
+   HashTable *inner_array;
+   KernelInfo *kernel_info;
+-  long num_rows, num_columns;
+-  int previous_num_columns;
+-  int row, column;
++  unsigned long num_rows, num_columns;
++  unsigned int previous_num_columns = (unsigned int)-1;
++  unsigned int row, column;
+ 
+   zval *pzval_outer;
+   zval *pzval_inner;
+@@ -243,7 +243,6 @@ PHP_METHOD(imagickkernel, frommatrix)
+   KernelValueType *values = NULL;
+   double notanumber = sqrt((double)-1.0);  /* Special Value : Not A 
Number */
+ 
+-  previous_num_columns = -1;
+   count = 0;
+   row = 0;
+   origin_array = NULL;
+@@ -284,7 +283,7 @@ PHP_METHOD(imagickkernel, frommatrix)
+   values = (KernelValueType 
*)AcquireAlignedMemory(num_columns, num_rows*sizeof(KernelValueType));
+   }
+ 
+-  if (previous_num_columns != -1) {
++  if (previous_num_columns != ((unsigned int)-1)) {
+   if (previous_num_columns != num_columns) {
+   
php_imagick_throw_exception(IMAGICKKERNEL_CLASS, MATRIX_ERROR_UNEVEN TSRMLS_CC);
+   goto cleanup;
+@@ -337,6 +336,8 @@ PHP_METHOD(imagickkernel, frommatrix)
+   else {
+   HashTable *origin_array_ht;
+   origin_array_ht = Z_ARRVAL_P(origin_array);
++
++  // parse the origin_x
+   tmp = zend_hash_index_find(origin_array_ht, 0);
+   if (tmp != NULL) {
+   ZVAL_DEREF(tmp);
+@@ -346,6 +347,19 @@ PHP_METHOD(imagickkernel, frommatrix)
+   php_imagick_throw_exception(IMAGICKKERNEL_CLASS, 
MATRIX_ORIGIN_REQUIRED TSRMLS_CC);
+   goto cleanup;
+   }
++  // origin_x is unsigned, so checking for > num_columns, also
++  // checks for < 0
++  if (origin_x>=num_columns) {
++  zend_throw_exception_ex(
++  php_imagickkernel_exception_class_entry,
++  5 TSRMLS_CC,
++  "origin_x for matrix is outside bounds of 
columns: " ZEND_LONG_FMT,
++  origin_x
++  );
++  goto cleanup;
++  }
++
++  // parse the origin_y
+   tmp = zend_hash_index_find(origin_array_ht, 1);
+   if (tmp != NULL) {
+   ZVAL_DEREF(tmp);
+@@ -355,6 +369,17 @@ PHP_METHOD(imagickkernel, frommatrix)
+   php_imagick_throw_exception(IMAGICKKERNEL_CLASS, 
MATRIX_ORIGIN_REQUIRED TSRMLS_CC);
+   goto cleanup;
+   }
++  // origin_y is unsigned, so checking for > num_rows, also
++  // checks for < 0
++  if (origin_y>=num_rows) {
++  zend_throw_exception_ex(
++  php_imagickkernel_exception_class_entry,
++  5 TSRMLS_CC,
++  "origin_y for matrix is outside bounds of rows: 
" ZEND_LONG_FMT,
++  origin_x
++  );
++  goto cleanup;
++  }
+   }
+ 
+

Bug#929907: libgnutls30: Connections to older GnUTLS servers break

[Dominik George]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

> Is this reproducile with gnutls-cli or is the respective server
> publically accessible? 

It is reproducible.

1. Create a buster chroot for the server, or something
   similar.
2. Install gnutls-bin 3.6.6-3 and ssl-cert.
3. Start something like:
   gnutls-serv --echo --x509keyfile /etc/ssl/private/ssl-cert-snakeoil.key 
--x509certfile /etc/ssl/certs/ssl-cert-snakeoil.pem
4. Create a buster chroot for the client.
5. Install gnutls-bin 3.6.7-2 and pwgen (I used that to generate
   random blobs of printable data).
6. Try:
   pwgen 16383 | gnutls-cli --no-ca-verification --port 5556 localhost

- From a size of 16383 bytes onwards, I get:

|<1>| Received packet with illegal length: 16385
|<1>| Discarded message[1] due to invalid decryption
*** Fatal error: A TLS record packet with invalid length was received.
*** Server has terminated the connection abnormally.


After upgrading the server to 3.6.7-2, the problem goes away.

Actually, this might as well be an issue in 3.6.6, that was masked
while clients were also 3.6.6… I don't know ;)!

- -nik
-BEGIN PGP SIGNATURE-

iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlz1locxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW
oMTylrJ7D/9ji2A9+audQYrS1BYInzijlV0QBJLO3ZbAUqt0zhD0jp6Xw9gUKIpW
RU/TGNCzPoXusCefCsdRZAXPHt6aMCgu0ir/oPebMqz8PfIDVoqe588E4dF608u1
/QpfpBzf2DJVfwIjuAPXHLpYL7SmCE9HRanRxR1Wdnxg7mfzhnWO0Nq0Ef7+fsvr
ADMoQaQ6bXko6zS8g2+7cVcI9WURwaozErSHujBhJQjbKlAkO0hzGlpUgWYuu/gd
YghSxaCIQRBuPqoF3prFRA1PkdJnJxaVBaWh15laejxxGZTbb7DRqv7MGewm+LUC
oi/QsnfoZ6hdOKCCP4mGzDKn47oZuVh6ldEemhOC7RK0Gzss+1qqx5XXdcOF3Xcr
brxEshkYLvSMqzLZP4JaKe8a2joTYcn42yvkszB1FlTLmBJ1sK93bRIdZQf2FYKo
RT+2oLITjS9tjRbJjrfoIGzCS0UCiNkJeotYBYS33jHU94igTrLOlayNoCmCe++U
KQsn+09eWnGa9jdeAE6gfGzuxz5krvG2dK2cM/+clHak53EkzRQMGX9hKOkpIa0b
Bs+0bKiNbCLSQtaYx4x9vSxWJg/3XOe+TXGu6CwvYFRlTW1ZXz5uOHGvbCyFoTPK
Q4bbKqP+xmcfdxibx18A2rqMsByNOiNqliC9+3PdreZ2pCPeO3X1PA==
=Blay
-END PGP SIGNATURE-

Bug#929907: libgnutls30: Connections to older GnUTLS servers break

[Dominik George]

Package: libgnutls30
Version: 3.6.7-3
Severity: grave
Justification: renders package unusable

The update to 3.6.7-3 reproducibly breaks ldap-utils (or, maybe,the ldap
client library) when connecting to a server with the previous 3.6.6-2
version.  I am afraid it breaks more than that.  GnuTLS-secured connections
are just closed with no visible reason.

Seen on more than 12 systems, then went to a system that had not got the
update yet.  An ldapsearch works with 3.6.6-2, and fails after updating to
3.6.7-3 with the connection just being closed after reading some data from
the LDAP server setill on 3.6.6-2.  Upgrading GnuTLS to 3.6.7-3 on the
server made the problem go away.

I am setting this critical as I cannot imagine it is expected that GnuTLS
clients require the server to be the exact same version.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libgnutls30 depends on:
ii  libc6  2.28-10
ii  libgmp10   2:6.1.2+dfsg-4
ii  libhogweed43.4.1-1
ii  libidn2-0  2.0.5-1
ii  libnettle6 3.4.1-1
ii  libp11-kit00.23.15-2
ii  libtasn1-6 4.13-3
ii  libunistring2  0.9.10-1

libgnutls30 recommends no packages.

Versions of packages libgnutls30 suggests:
pn  gnutls-bin  

-- no debconf information

Bug#915805: NMU of swift-im

[Dominik George]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi Kevin, hi Mattia,

as I needed libswiften to build something, I went fixing the most important
bugs in the package so it at least builds again in current sid.

Would you want me to upload these fixes as NMU, so the package is usable
until you get everything else solved?

Cheers,
Nik
-BEGIN PGP SIGNATURE-

iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlzirFkxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW
oMTylsBlD/9gba9Zrqjnc0iFMqQuZnFT0vJ6PyO6faRW5KT3OszBODCx/EUIrRoy
MJOqPyvyLXZznvKXJk9h569/8UIyvQFMF2sJAoIkkZN3kFMJooqyJafr5VuyBLb9
xmCtDUQvUPHRoT0g9Kzh0O9znM8DLd838yoXa1Yxwd3cg4JaQ0fQRBtZv/i67E2R
iBOjmu6Dk5Adp0/TxW6L+DX1NH0PT9K+G1kx3mDm/xpWfnVw9oW59tE+M+ARKMCu
7JXEYaFNkj5vLWNm3AqXdYHLGlTHravfu2/1l96GyRnwQA1MTKmWNY6ynxz/zNmC
uHcwvDKItwJBoq8Tmq9KvCLWtF+urvL8MHDxA+FfT6H/ptlLb7cFKmAj4awZ2Dbn
cx+oyl2HTrzqeCu2CT99EgU7p6dHuKLkynMUhxPKDBQLvLzDDzXLBVlXAqxkszL5
H1XQTqlLIja90Rz6FXpFhhin8EI24E69/FVAPaAQPwAIgEZzCTV5gxNFRl3v7nEE
5d07XtXb3lMycjwCZurXIAEAiY0bzgsn6pYDWtog0dL6XHktyIMkE3efR0AQJC5o
gyx01rZIqmVPIyxYn89t+s99PJVVO62MAWQoWyRmXAftmhUKGA8KyZmIPt2lT9YJ
QZYr+UIaXQ9b7Ed1yMYQ5b/iZ1I7CMCC5txGow/YC1/kN3UdGhTGVQ==
=BBKN
-END PGP SIGNATURE-

Bug#924374: busybox ip --oneline displays nothing

[Dominik George]

Control: tag -1 + patch

Hi,

> I use LTSP which requires the following command to show a list of interfaces 
> in which it can use. 
> The following command worked in 1.27 of busybox but broke in the 1.30.1-2 
> version;
> busybox ip -oneline link show
> 
> This stopped all my thin clients from booting.

here's what happened:

busybox upstream found out that their ip address show command, with the
oneline option, includes link layer addresses, which iproute2 normally
doesn't. They patched that, without realising their ip link show code
ultimately calls their ip address show code.

Attached debdiff reverts this change. This makes the ip address show
behaviour "wrong" again, but including too much in a machine-readable
output seems less broken than this regression.

-nik
diff -Nru busybox-1.30.1/debian/changelog busybox-1.30.1/debian/changelog
--- busybox-1.30.1/debian/changelog 2019-03-02 09:11:13.0 +0100
+++ busybox-1.30.1/debian/changelog 2019-03-20 17:20:27.0 +0100
@@ -1,3 +1,10 @@
+busybox (1:1.30.1-2.1) UNRELEASED; urgency=high
+
+  * Non-maintainer upload.
+  * Re-enable ip -oneline. (Closes: #924374)
+
+ -- Dominik George   Wed, 20 Mar 2019 17:20:27 +0100
+
 busybox (1:1.30.1-2) unstable; urgency=high
 
   * Complete the fix for [CVE-2018-20679] Closes: #918846
diff -Nru busybox-1.30.1/debian/patches/fix-ip-oneline.patch 
busybox-1.30.1/debian/patches/fix-ip-oneline.patch
--- busybox-1.30.1/debian/patches/fix-ip-oneline.patch  1970-01-01 
01:00:00.0 +0100
+++ busybox-1.30.1/debian/patches/fix-ip-oneline.patch  2019-03-20 
17:20:22.0 +0100
@@ -0,0 +1,14 @@
+--- a/networking/libiproute/ipaddress.c
 b/networking/libiproute/ipaddress.c
+@@ -570,10 +570,7 @@ int FAST_FUNC ipaddr_list_or_flush(char
+   }
+ 
+   for (l = linfo; l; l = l->next) {
+-  if (no_link
+-   || (oneline || print_linkinfo(&l->h) == 0)
+-  /* ^ "ip -oneline a" does not print link info */
+-  ) {
++  if (no_link  || print_linkinfo(&l->h) == 0) {
+   struct ifinfomsg *ifi = NLMSG_DATA(&l->h);
+   if (G_filter.family != AF_PACKET)
+   print_selected_addrinfo(ifi->ifi_index, ainfo);
diff -Nru busybox-1.30.1/debian/patches/series 
busybox-1.30.1/debian/patches/series
--- busybox-1.30.1/debian/patches/series2019-03-02 09:07:28.0 
+0100
+++ busybox-1.30.1/debian/patches/series2019-03-20 17:19:08.0 
+0100
@@ -12,3 +12,4 @@
 stop-checking-ancient-kernel-version.patch
 install-readlink-in-bin.patch
 stop-overriding-stack-alignment-on-i386.patch
+fix-ip-oneline.patch


signature.asc
Description: PGP signature

Bug#921779: closing 921779

[Dominik George]

close 921779 2018.20190131-2
thanks

Bug#921272: closing 921272

[Dominik George]

close 921272 2018.20190131-2
thanks

Bug#921783: closing 921783

[Dominik George]

close 921783 2018.20190131-2
thanks

Bug#921299: closing 921299

[Dominik George]

close 921299 2018.20190131-2
thanks

Bug#920621: closing 920621

[Dominik George]

close 920621 2018.20190131-2
thanks

Bug#921789: closing 921789

[Dominik George]

close 921789 2018.20190131-2
thanks

Bug#920459: closing 920459

[Dominik George]

close 920459 2018.20190131-2
thanks

Bug#921838: closing 921838

[Dominik George]

close 921838 2018.20190131-2
thanks

Bug#921802: closing 921802

[Dominik George]

close 921802 2018.20190131-2
thanks

Bug#919344: adequate reports obsolete-conffile in openssh-client

[Dominik George]

Hi,

> This file now lives in openssh-server, since it's only needed by sshd.
> Unfortunately I'd forgotten that moving conffiles between packages
> requires some non-trivial effort, and so this is going to involve some
> complexity in maintainer scripts.

How about the attached approach?

It uses dpkg-maintscript-helper in openssh-client to remove the
conffile. dpkg-maintscript=helper does all the magic to determine
whether the file was changed by the user. Here, we use the fact that in
preinst, it only moves the file to a backup location, and this location
is different when the file is user-modified.

In postinst of openssh-server, we then check for the backup file and
move it back in place if it exists. This…

 …fixes the obsolete conffile,
 …avoids an annoying question on upgrade whether to overwrite the file,
  is it was user-modified,
 …still keeps user modifications intact.

I tested the following:


1. Only openssh-client, upgrading from 1:7.9p1-4 to 1:7.9p1-6.1
---

File gets correctly removed. If it was user-modified, it remains as
moduli.dpkg-bak unless purged.


2. openssh-client and openssh-server installed, file not modified
-

Ownership is correctly transferred to openssh-server, purging this
removes the conffile.


3. openssh-client and openssh-server installed, file user-modified
--

Ownership is correctly transferred to openssh-server, purging this
removes the conffile, user modifications remain intact.


If you like this approach, feel free to take it, or add me to the team
to do a team upload ;).

Cheers,
Nik
diff -Nru openssh-7.9p1/debian/changelog openssh-7.9p1/debian/changelog
--- openssh-7.9p1/debian/changelog  2019-02-08 17:26:35.0 +0100
+++ openssh-7.9p1/debian/changelog  2019-02-26 23:54:57.0 +0100
@@ -1,3 +1,10 @@
+openssh (1:7.9p1-6.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Correctly handle conffile move to openssh-server. (Closes: #919344)
+
+ -- Dominik George   Tue, 26 Feb 2019 23:54:57 +0100
+
 openssh (1:7.9p1-6) unstable; urgency=medium
 
   * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via
diff -Nru openssh-7.9p1/debian/openssh-client.maintscript 
openssh-7.9p1/debian/openssh-client.maintscript
--- openssh-7.9p1/debian/openssh-client.maintscript 1970-01-01 
01:00:00.0 +0100
+++ openssh-7.9p1/debian/openssh-client.maintscript 2019-02-26 
23:54:10.0 +0100
@@ -0,0 +1 @@
+rm_conffile /etc/ssh/moduli 1:7.9p1-6.1~
diff -Nru openssh-7.9p1/debian/openssh-server.postinst 
openssh-7.9p1/debian/openssh-server.postinst
--- openssh-7.9p1/debian/openssh-server.postinst2019-02-08 
17:26:35.0 +0100
+++ openssh-7.9p1/debian/openssh-server.postinst2019-02-26 
23:54:50.0 +0100
@@ -148,6 +148,11 @@
# restart it under systemd.
start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid 
--exec /usr/sbin/sshd || true
fi
+   if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \
+  [ -f /etc/ssh/moduli.dpkg-bak ]; then
+   # move backup made by preinst of openssh-client back in place
+   mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli
+   fi
 fi
 
 #DEBHELPER#


signature.asc
Description: PGP signature

Bug#919344: adequate reports obsolete-conffile in openssh-client

[Dominik George]

On Mon, 25 Feb 2019 16:59:57 + Colin Watson  wrote:
> Control: severity -1 serious
> 
> On Tue, Jan 15, 2019 at 06:44:55AM +, shirish शिरीष wrote:
> > While updating today, adequate informs me about this -
> > 
> > $ adequate openssh-client
> > openssh-client: obsolete-conffile /etc/ssh/moduli
> > 
> > Please look into this and fix the offending file.
> 
> I'm raising this to serious using maintainer discretion since I think
> this needs to be fixed for buster, though I haven't worked out exactly
> what to do yet.
> 
> This file now lives in openssh-server, since it's only needed by sshd.
> Unfortunately I'd forgotten that moving conffiles between packages
> requires some non-trivial effort, and so this is going to involve some
> complexity in maintainer scripts.
> 
> Thanks,
> 
> -- 
> Colin Watson   [cjwat...@debian.org]
> 
> 

Bug#922863: tomcat8: post-installation script subprocess failed during upgrade

[Dominik George]

Control: tag -1 + moreinfo unreproducible
Control: severity -1 important

Hi,

> During upgrade:
> 
> [...]
> Setting up tomcat8 (8.5.38-1) ...
> [ ok ] Stopping Tomcat servlet engine: tomcat8.
> [FAIL] Starting Tomcat servlet engine: tomcat8 failed!
> invoke-rc.d: initscript tomcat8, action "restart" failed.
> dpkg: error processing package tomcat8 (--configure):
>  installed tomcat8 package post-installation script subprocess returned error 
> exit status 1
> [...]
> Errors were encountered while processing:
>  tomcat8
> E: Sub-process /usr/bin/dpkg returned an error code (1)
> Setting up tomcat8 (8.5.38-1) ...
> [FAIL] Starting Tomcat servlet engine: tomcat8 failed!
> invoke-rc.d: initscript tomcat8, action "restart" failed.
> dpkg: error processing package tomcat8 (--configure):
>  installed tomcat8 package post-installation script subprocess returned error 
> exit status 1
> Errors were encountered while processing:
>  tomcat8

I cannot reproduce this under systemd.

Can you please provide more details from your system that show why this
might fail? You can edit /var/lib/dpkg/info/tomcat8.postinst and add a
set -x near the set -e at the top, then dpkg-reconfigure tomcat8, for
example.

-nik


signature.asc
Description: PGP signature

Bug#921294: No need to block buster

[Dominik George]

Control: severity 921297 normal
Control: severity 921298 normal
Control: severity 921294 normal
Control: severity 921300 normal

As the new doxygen will not make it into buster (as apparently, it
causes major breakage), there is no need to block reverse dependencies
as long as they build with the doxygen currently in buster.

(Mind that they actually do *not* currently build, but for anotehr
reason - see #921779).


signature.asc
Description: PGP signature

Bug#923125: FTBFS: cannot find files in override_dh_install

[Dominik George]

Control: tag -1 + pending
Control: tag 921761 + pending

This is due to the check for a matching Kerberos version explicitly
checks all known good versions up to 1.16, but now we have 1.17 in
Debian.

I looked at the upstream changelog and found nothing that could break
the plugin build. Addind 1.17 to the list of known good versions fixes
sssd's build.

Thus, I will upload to DELAYED/2 together with the patch for #921761.


signature.asc
Description: PGP signature

Bug#921761: sssd: FTBFS (failing tests)

[Dominik George]

Control: tag -1 + patch

The releveant upstream fix is:
https://github.com/SSSD/sssd/commit/08bba3a6e3e4e21f2e20b71cca463d50420aa9ee#diff-7adf0a00d9dca84b2fbdd1759c1ac2a6.patch

With this patch applied, the test passes again.

Unfortunately, sssd still does not build, maybe for some other
incompatibility with krb5.

I will upload sssd to DELAYED/2 once both are fixed.


signature.asc
Description: PGP signature

Bug#923125: FTBFS: cannot find files in override_dh_install

[Dominik George]

Source: sssd
Version: 1.16.3-3
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


After fixing #921761, sssd still fails to build in a clean chroot:

dh_install
dh_install: Cannot find (any matches for) 
"usr/lib/*/krb5/plugins/authdata/sssd_pac_plugin.so" (tried in ., debian/tmp)

dh_install: sssd-common missing files: 
usr/lib/*/krb5/plugins/authdata/sssd_pac_plugin.so
dh_install: Cannot find (any matches for) "usr/lib/*/sssd/sssd_pac" (tried in 
., debian/tmp)

dh_install: sssd-ad-common missing files: usr/lib/*/sssd/sssd_pac
dh_install: missing files, aborting
make[1]: *** [debian/rules:69: override_dh_install] Error 25

-BEGIN PGP SIGNATURE-

iQKJBAEBCgBzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlxybmQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p
ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTyluqqEAC9fbLv
L9q/zDG6XR/XobwSrT4YCJ7D1lEHV+N7RrgmMtWJfwoDa3GlJ6S2MS/IbgVyrFLt
44HsTUOsK7e4tr8oGUua81xPZV+29y8b4Uk09pMvtMyYrdoRFlO69hYI/8oa2pmH
9EY0usLY+fOtTw9jjr29yLEoNzDiHRik0XyjDoHqUjW/EWLwTRrRpjINVhGjHYUU
UeVkVl2lKXxtpI62+Xp2PswfrhRMDRQ1CHiJBG1IgcHyMj8Nxhmd5JLq39P+cTgg
Csbgfwp1v3JozQzUt9RDdUbp/UDx25psplhEw0ifqNeDWECQiu6h2NLcmloTsG4i
pAER62c2xcsYQzt0RqYhr90OwLddgA1XV5YE/S1NSo4sBzhaWYN4FPUimPRe6MIF
9u+wrAEmI6KpFJXYMolc4CtX7lSr8my0Jd3T84Z9dQfz39AYEtlGrznEUzNXQNhF
HnyjBOzgmG/HBTCXH4SVakG8NY5Z1heeE/UoadcCMi2ZRqPwsqT0f3s82xENoMNh
TXVjvqRN271+xQxH/qXkbNrT3jqp6IF+kbFCRJLs8mVE4ZWkkZH1/pfcHX6e52Kw
uR3ilfkdNsdoxL8jmxvWDUfPHG8aQjEt/4U/3ObDBCcwHcS9CnzwkcwXXkDX2niE
XV25Ir+LJJ0FoiqychfN/sFmd6xxD/jRuzOCuA==
=nTiW
-END PGP SIGNATURE-

Bug#921761: sssd: FTBFS (failing tests)

[Dominik George]

On Sun, Feb 24, 2019 at 12:35:02AM +0100, Dominik George wrote:
> Fedora project seems to know how to fix this, but I cannot get my head
> wrapped around how the hell you find out how they did it…
> 
>  https://bugzilla.redhat.com/show_bug.cgi?id=1645912
> 
> -nik

The fix referenced in the RedHat bug tracker in krb5 is unrelated to
this bug and does not fix it.


signature.asc
Description: PGP signature

Bug#921761: sssd: FTBFS (failing tests)

[Dominik George]

Fedora project seems to know how to fix this, but I cannot get my head
wrapped around how the hell you find out how they did it…

 https://bugzilla.redhat.com/show_bug.cgi?id=1645912

-nik


signature.asc
Description: PGP signature

Bug#921761: sssd: FTBFS (failing tests)

[Dominik George]

The error returned in line 193 of test_copy_ccache.c is "Matching credential 
not found".


signature.asc
Description: PGP signature

Bug#920029: python3-zope.proxy: ships header in /usr/include/python3.7/

[Dominik George]

Control: tag -1 + pending

NMU to DELAYED/2.

-nik


signature.asc
Description: PGP signature

Bug#916702: Merge request

[Dominik George]

Control: tag -1 + pending

On Mon, Jan 21, 2019 at 01:28:46PM -0500, Dave Steele wrote:
> Upstream upgrade available as a merge request.
> 
> https://salsa.debian.org/debian/python-freezegun/merge_requests

I checked that. The new upstream release does not change too much. I
chose to merge, test, and upload to DELAYED/2.

Maintainer, please consider moving the package to the Debian Python
Modules Team.

-nik


signature.asc
Description: PGP signature

Bug#922404: freeipmi install fails

[Dominik George]

Hi,

> Installation fails because ipmidetectd has an empty default
> configuration. Fix simply avoids to enable and start the daemon that
> will need to be configured by hand.

Building the package, lintian reported that the real culprit here is
that RUN= variables in /etc/default should not be used anymore. I thus
completed the patch by avoiding this in both optional services. See
attached. I will upload to DELAYED/5.

-nik
diff -Nru freeipmi-1.6.3/debian/changelog freeipmi-1.6.3/debian/changelog
--- freeipmi-1.6.3/debian/changelog 2019-02-02 15:50:10.0 +0100
+++ freeipmi-1.6.3/debian/changelog 2019-02-23 14:06:54.0 +0100
@@ -1,3 +1,15 @@
+freeipmi (1.6.3-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+
+  [ Antonio Galea ]
+  * Do not start ipmidetectd daemon until configured. Closes: #922404
+
+  [ Dominik George ]
+  * Use init system to handle defaults instead of RUN= (cf. lintian error).
+
+ -- Dominik George   Sat, 23 Feb 2019 14:06:54 +0100
+
 freeipmi (1.6.3-1) unstable; urgency=medium
 
   * [3f1f5ea] Updating symbols file
diff -Nru freeipmi-1.6.3/debian/freeipmi-ipmidetect.ipmidetectd.default 
freeipmi-1.6.3/debian/freeipmi-ipmidetect.ipmidetectd.default
--- freeipmi-1.6.3/debian/freeipmi-ipmidetect.ipmidetectd.default   
2019-02-02 15:50:10.0 +0100
+++ freeipmi-1.6.3/debian/freeipmi-ipmidetect.ipmidetectd.default   
1970-01-01 01:00:00.0 +0100
@@ -1,5 +0,0 @@
-#
-# Set to 'yes' after you have configured ipmidetectd.
-# See ipmidetectd.conf(5) manpage for more information.
-#
-RUN=no
diff -Nru freeipmi-1.6.3/debian/patches/deb_bmc-watchdog_noRUN 
freeipmi-1.6.3/debian/patches/deb_bmc-watchdog_noRUN
--- freeipmi-1.6.3/debian/patches/deb_bmc-watchdog_noRUN2019-02-02 
15:50:10.0 +0100
+++ freeipmi-1.6.3/debian/patches/deb_bmc-watchdog_noRUN1970-01-01 
01:00:00.0 +0100
@@ -1,12 +0,0 @@
-From: Yaroslav Halchenko 
-Subject: to be able to condition use of watchdog in the configuration
-Vendor: Debian
-
 a/etc/bmc-watchdog.sysconfig
-+++ b/etc/bmc-watchdog.sysconfig
-@@ -41,4 +41,5 @@
- #
- # For the remaining options, consult man bmc-watchdog
- #
-+RUN=no
- OPTIONS="-d -u 4 -p 0 -a 1 -F -P -L -S -O -i 900 -e 60"
diff -Nru freeipmi-1.6.3/debian/patches/series 
freeipmi-1.6.3/debian/patches/series
--- freeipmi-1.6.3/debian/patches/series2019-02-02 15:50:10.0 
+0100
+++ freeipmi-1.6.3/debian/patches/series1970-01-01 01:00:00.0 
+0100
@@ -1 +0,0 @@
-deb_bmc-watchdog_noRUN
diff -Nru freeipmi-1.6.3/debian/rules freeipmi-1.6.3/debian/rules
--- freeipmi-1.6.3/debian/rules 2019-02-02 15:50:10.0 +0100
+++ freeipmi-1.6.3/debian/rules 2019-02-23 14:03:32.0 +0100
@@ -39,9 +39,9 @@
 
: # Use Debian specific init files with "matching" names
dh_installinit -pfreeipmi-bmc-watchdog \
---name=bmc-watchdog
+--name=bmc-watchdog --no-enable --no-start
dh_installinit -pfreeipmi-ipmidetect \
---name=ipmidetectd
+--name=ipmidetectd --no-enable --no-start
dh_installinit -pfreeipmi-ipmiseld \
 --name=ipmiseld
 


signature.asc
Description: PGP signature

Bug#918916: Unicorn not reporting proper version for gemfile?

[Dominik George]

>I've checked debian's git, this patch was introduced when
>ENV["VERSION"] was required to use the gemspec. Now as the upstream
>gemspec provides the same it's not required.
>
>The problem is not in Unicorn. The problem is in gem2deb which
>generated incorrect unicorn-0.gemspec for the package.

OK... But, why was it fixed when I rebuilt with the patch?

-nik

Bug#918014: apache2: Segfault in mod_filter only wehen started by systemd

[Dominik George]

Package: apache2
Version: 2.4.37-1
Severity: grave
Justification: renders package unusable

apache2 segfaults on start, but only when started normally through systemd. 
Starting apache2 by hand with the samer command line does not result in a
segfault…

#0  0x7f6049d7c3d0 in ?? () from /usr/lib/apache2/modules/mod_filter.so
#1  0x7f604a35f088 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x7f604a31ec1a in fork () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x7f604a464855 in apr_proc_detach () from 
/usr/lib/x86_64-linux-gnu/libapr-1.so.0
#4  0x7f6049d318a4 in prefork_pre_config (p=, 
plog=, ptemp=) at prefork.c:1272
#5  0x55c1ddff31be in ap_run_pre_config (pconf=0x7f604a524028, 
plog=0x7f604a1a5028, ptemp=0x7f604a1a9028) at config.c:89
#6  0x55c1ddfcee5f in main (argc=, argv=) at 
main.c:775

-- Package-specific info:

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apache2 depends on:
ii  apache2-bin2.4.37-1
ii  apache2-data   2.4.37-1
ii  apache2-utils  2.4.37-1
ii  dpkg   1.19.2
ii  lsb-base   10.2018112800
ii  mime-support   3.61
ii  perl   5.28.1-3
ii  procps 2:3.3.15-2

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.39

Versions of packages apache2 suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  firefox-esr [www-browser]60.4.0esr-1
ii  lynx [www-browser]   2.8.9rel.1-2

Versions of packages apache2-bin depends on:
ii  libapr1  1.6.5-1+b1
ii  libaprutil1  1.6.1-3+b1
ii  libaprutil1-dbd-sqlite3  1.6.1-3+b1
ii  libaprutil1-ldap 1.6.1-3+b1
ii  libbrotli1   1.0.7-1
ii  libc62.28-2
ii  libcurl4 7.62.0-1
ii  libjansson4  2.12-1
ii  libldap-2.4-22.4.47+dfsg-1
ii  liblua5.2-0  5.2.4-1.1+b2
ii  libnghttp2-141.35.1-1
ii  libpcre3 2:8.39-11
ii  libssl1.11.1.1a-1
ii  libxml2  2.9.4+dfsg1-7+b3
ii  perl 5.28.1-3
ii  zlib1g   1:1.2.11.dfsg-1

Versions of packages apache2-bin suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  firefox-esr [www-browser]60.4.0esr-1
ii  lynx [www-browser]   2.8.9rel.1-2

Versions of packages apache2 is related to:
ii  apache2  2.4.37-1
ii  apache2-bin  2.4.37-1

-- Configuration Files:
/etc/apache2/apache2.conf changed [not included]

-- no debconf information

Bug#917791: [Pkg-xmpp-devel] Bug#917791: poezio: Missing dependency on python3-cffi

[Dominik George]

On Sun, Dec 30, 2018 at 07:38:32PM +0100, W. Martin Borgert wrote:
> On 2018-12-30 12:20, Tom Teichler wrote:
> > When starting python3-cffi is missing. Does not work at all.
> 
> I'm using poezio 0.12.1-2 (uploaded yesterday) and it works
> perfectly without python3-cffi*. Could you try that, please?

I can reproduce the issue with 0.12.1-2, and I strongly doubt it works
without cffi (except in cases where the code that uses cffi is for some
reason not executed):

$ grep -r cffi
[…]
poezio/poopt.py:from cffi import FFI

-nik


signature.asc
Description: PGP signature

Bug#915050: (gitlab) Re: Bug#915050: Keep out of testing

[Dominik George]

>> We had volatile, which, redefined properly, could help. I am trying
>to draft such a definition.
>
>Did you get a chance to work on it?

I do have this on my todo list for around Christmas.

People who know me that I deliberately leave out the year, but my intentions 
are 2018 ;).

-nik

Bug#915050: (gitlab) Re: Bug#915050: Keep out of testing

[Dominik George]

>well, Debian is using gitlab!!! so this sentence has no sense. The
>problem here
>is that is a complex software that depends of a lot of pieces and it's
>not
>easy/possible to fit the definition. So, maybe we should create another
>category
>of software.

Yes, and that Debian officially uses GitLab, from a foreign source, without 
being able to support it in Debian, does make me feel ashamed for the project.

>maybe creating another kind of repo. debian-contributuions
>debian-blabla, whatever.
>

We had volatile, which, redefined properly, could help. I am trying to draft 
such a definition.

-nik

Bug#914989: Adjust found versions

[Dominik George]

Hi,

>> It is not a regression in unstable, so it need not block the testing
>migration.

...but it needs get gitlab autoremoved from testing if not fixed :).

>I was not able to reproduce it when downgrading to ruby-grape 1.0.3
>manually.

This is correct. I hope you don't expect users to dig a package out of 
snapshots.debian.org. The issue is with the ruby-grape version currently in 
testing.

>and also
>confirm
>if restarting gitlab-sidekiq service will solve the issue. If a restart
>will solve the issue, we may need to automate that.

After downgrading to 1.0.3 restart works. It does not do so with 1.1.0.

-nik

Bug#914989: gitlab: sidekiq reacts very indignant to dependency changes, currently ruby-grape

[Dominik George]

Package: gitlab
Version: 11.3.10+dfsg-2
Severity: grave
Justification: renders package unusable

It seems that gitlab-sidekiq often breaks due to changign versions of
dependencies.  Right now, when upgrading ruby-grape to 1.1.0, sidekiq does
not start anymore because it depends on exactly 1.0.3 in its Gemfile.  The
package, however, depends on anything newer than 1.0.

I have observed this often, and it's actually why I updated gitlab to the
sid version instead of staying with the buster version, because ruby
dependencies got upgraded and sidekiq did not find them anymore.

While this report is about gitlab currently being unusable due to
ruby-grape, it might be a systemic issue.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gitlab depends on:
ii  apache2 [httpd]2.4.37-1
ii  asciidoctor1.5.7.1-1
ii  bc 1.07.1-2+b1
ii  bundler1.16.1-3
ii  bzip2  1.0.6-9
ii  dbconfig-pgsql 2.0.10
ii  debconf [debconf-2.0]  1.5.69
ii  gitlab-common  11.3.10+dfsg-2
ii  gitlab-shell   8.3.3+dfsg-1
ii  gitlab-workhorse   6.1.1+debian-3
ii  lsb-base   9.20170808
ii  nginx  1.14.1-1
ii  nginx-full [nginx] 1.14.1-1
ii  nodejs 8.11.2~dfsg-1
ii  npm5.8.0+ds6-2
ii  openssh-client 1:7.9p1-4
ii  postfix [mail-transport-agent] 3.3.1-1+b1
ii  postgresql-client  11+197
ii  postgresql-client-11 [postgresql-client]   11.1-1+b2
ii  postgresql-client-9.6 [postgresql-client]  9.6.10-0+deb9u1
ii  postgresql-contrib 11+197
ii  rake   12.3.1-3
ii  redis-server   5:5.0.2-1
ii  ruby   1:2.5.1
ii  ruby-ace-rails-ap  4.1.1-1
ii  ruby-acts-as-taggable-on   5.0.0-2
ii  ruby-addressable   2.5.2-1
ii  ruby-akismet   2.0.0-1
ii  ruby-arel  6.0.4-1
ii  ruby-asana 0.6.0-1
ii  ruby-asciidoctor-plantuml  0.0.8-1
ii  ruby-asset-sync2.4.0-1
ii  ruby-attr-encrypted3.1.0-1
ii  ruby-babosa1.0.2-2
ii  ruby-base320.3.2-3
ii  ruby-batch-loader  1.2.1-1
ii  ruby-bcrypt-pbkdf  1.0.0-2
ii  ruby-bootstrap-form2.7.0-1
ii  ruby-browser   2.5.3-1
ii  ruby-carrierwave   1.2.3-1
ii  ruby-charlock-holmes   0.7.6-1
ii  ruby-chronic   0.10.2-3
ii  ruby-chronic-duration  0.10.6-1
ii  ruby-commonmarker  0.17.9-1
ii  ruby-connection-pool   2.2.2-1
ii  ruby-creole0.5.0-2
ii  ruby-default-value-for 3.1.0-1
ii  ruby-device-detector   1.0.1-2
ii  ruby-devise4.4.3-1
ii  ruby-devise-two-factor 3.0.3-1
ii  ruby-diffy 3.2.1-1
ii  ruby-doorkeeper4.4.2-1
ii  ruby-doorkeeper-openid-connect 1.5.2-1
ii  ruby-dropzonejs-rails  0.8.2-1
ii  ruby-ed25519   1.2.4-1
ii  ruby-email-reply-trimmer   0.1.6-1
ii  ruby-escape-utils  1.2.1-1+b1
ii  ruby-excon 0.60.0-1
ii  ruby-faraday   0.13.1-2
ii  ruby-fast-blank1.0.0-1+b1
ii  ruby-flipper   0.13.0-3
pn  ruby-flipper-active-record 
pn  ruby-flipper-active-support-cache-store
ii  ruby-fog-aliyun0.2.0-1
ii  ruby-fog-aws   2.0.1-1
ii  ruby-fog-core  1.45.0-2
ii  ruby-fog-google1.8.1-2
ii  ruby-fog-local 0.3.0-1
ii  ruby-fog-openstack 0.1.6-4
ii  ruby-fog-rackspace  

Bug#909063: apacheds: package installation fails due to incorrect apacheds.service unit

[Dominik George]

Hi,

> > Patch against git master is attached. This happened during the BSP in
> > Karlsruhe, so I will NMU to DELAYED/5 tomorrow before the BSP ends if you do
> > not object, and also ask the release team about inclusion in the next point
> > release.
> 
> Thank you for the fix Dominik. Could you commit the changes to the Salsa
> repository and do a team upload instead of a NMU please?

Sure, if you accept my request to join ;).

-nik


signature.asc
Description: PGP signature

Bug#909063: apacheds: package installation fails due to incorrect apacheds.service unit

[Dominik George]

Control: tags -1 + patch
Control: user debian-rele...@lists.debian.org
Control: usertags -1 + bsp-2018-10-de-karlsruhe

Hi,

> Sep 17 18:42:47 ldap01 systemd[1]: [/lib/systemd/system/apacheds.service:11] 
> Executable path is not absolute, ignoring: ${JAVA_HOME}/bin/java ${JAVA_OPTS} 
>  -Dapacheds.controls=${ADS_CONTROLS} …}/
> Sep 17 18:42:47 ldap01 systemd[1]: apacheds.service: Service lacks both 
> ExecStart= and ExecStop= setting. Refusing.

The error here is a bit misleading (in systemd in buster, it becomes more
clear). The ExecStart command itself is not allowed to contain variables;
the solution is to wrap the call in a /bin/sh -c exec call.

Patch against git master is attached. This happened during the BSP in
Karlsruhe, so I will NMU to DELAYED/5 tomorrow before the BSP ends if you do
not object, and also ask the release team about inclusion in the next point
release.

Cheers,
Nik
From 854fbfd0a86c52ebed3ce7773ee762ee49eb69be Mon Sep 17 00:00:00 2001
From: Dominik George 
Date: Sat, 27 Oct 2018 15:33:29 +0200
Subject: [PATCH] Fix command in systemd service file.

---
 debian/apacheds.service | 17 +
 debian/changelog|  7 +++
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/debian/apacheds.service b/debian/apacheds.service
index e6de514..23efa17 100644
--- a/debian/apacheds.service
+++ b/debian/apacheds.service
@@ -8,14 +8,15 @@ Type=simple
 User=apacheds
 Group=apacheds
 EnvironmentFile=/etc/default/apacheds
-ExecStart=${JAVA_HOME}/bin/java ${JAVA_OPTS} \
--Dapacheds.controls=${ADS_CONTROLS} \
--Dapacheds.extendedOperations=${ADS_EXTENDED_OPERATIONS} \
--Dlog4j.configuration=file:${ADS_INSTANCES}/${ADS_INSTANCE}/conf/log4j.properties \
--Dapacheds.log.dir=${ADS_INSTANCES}/${ADS_INSTANCE}/log \
--cp '${ADS_HOME}/lib/*' \
-org.apache.directory.server.UberjarMain \
-${ADS_INSTANCES}/${ADS_INSTANCE}/
+ExecStart=/bin/sh -c "exec \
+${JAVA_HOME}/bin/java ${JAVA_OPTS} \
+  -Dapacheds.controls=${ADS_CONTROLS} \
+  -Dapacheds.extendedOperations=${ADS_EXTENDED_OPERATIONS} \
+  -Dlog4j.configuration=file:${ADS_INSTANCES}/${ADS_INSTANCE}/conf/log4j.properties \
+  -Dapacheds.log.dir=${ADS_INSTANCES}/${ADS_INSTANCE}/log \
+  -cp '${ADS_HOME}/lib/*' \
+  org.apache.directory.server.UberjarMain \
+  ${ADS_INSTANCES}/${ADS_INSTANCE}/"
 PrivateTmp=true
 
 [Install]
diff --git a/debian/changelog b/debian/changelog
index 4e0d8a6..73583b1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache-directory-server (2.0.0~M24-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix command in systemd service file. (Closes: #909063)
+
+ -- Dominik George   Sat, 27 Oct 2018 15:32:48 +0200
+
 apache-directory-server (2.0.0~M24-1) unstable; urgency=medium
 
   * Team upload.
-- 
2.19.1



signature.asc
Description: PGP signature

Bug#902035: Future of pygame in Debian.

[Dominik George]

Hi,

> […] tagged accordingly in the BTS […]

Oops, you are right. There are still two FTBFS bugs I failed to tag (but not
to fix).

Cheers,
Nik


signature.asc
Description: PGP signature

Bug#902036: Future of pygame in Debian.

[Dominik George]

Hi,

> pygame in Debian testing is currently python2 only, I am sure I am not
> alone in thinking this is not a good state of affairs given that pygame is
> frequently used for introducing people to programming.
> 
> pygame in sid has python3 support but is held back from migrating to
> testing by three rc bugs.  None of which have had any response from the
> maintainer.
> 
> One of those is a FTBFS with python 3.7 which is apparently fixed
> upstream.  So presumably the best thing to do about this one would be to
> update the package to the new upstream.  I may have a go at this myself
> but I'm not an expert in python packaging so I don't know how well I will
> do.
> 
> The other two are testsuite failures on architectures where frankly I
> doubt pygame has many users*.  I may also take a look at these after the
> new upstream version is dealt with but I don't think it's worth putting
> huge amounts of effort into pygame on architectures where I doubt it has
> any users and I equally don't think it should be allowed to block the
> availability of python3-pygame in testing on architectures people do
> actually care about, so if the root cause cannot be found quickly I would
> propose either disabling the tests on these architectures or requesting
> the ftpmasters remove the binaries.
> 
> Anyone have any comments or suggestions?

Yes. I am the maintainer whom you accuse of not maintaining the package.

Sorry to say that, but all your assumptions are wrong - all of the bugs you
mention are handled, tagged accordingly in the BTS, new uploads are prepared
in the packaging repository, and fixing last issues for the upload are being
coordinated with upstream, keeping the buster release schedule in mind:

  https://github.com/pygame/pygame/issues/543

Anything more I can do for you?

Cheers,
Nik


signature.asc
Description: PGP signature

Bug#900447: Build against freerdp2

[Dominik George]

Hi,

> > I agree with Moritz's proposal. I have been working on a patch at Hamburg
> > miniDebConf, but the patch is only 20% ready and really not my business,
> > neither my expertise (as this is upstream work, and last time I spoke to
> > Nik, upstream was not too enthusiastic about porting to freerdp2, as he
> > said).
> > 
> > @Nik: Can you disable RDP support for now in Guacomole some time soon? If
> > not, I will do that as a Team Upload next week.
> 
> Friendly ping :-)

Well, if we disable RDP support, we can as well remove Guacamole. RDP is
what people use it for, I have never heard of anyone using it only for VNC.

-nik


signature.asc
Description: PGP signature

Bug#902186: CVE-2018-12689

[Dominik George]

Control: tags -1 + moreinfo
Control: severity -1 important

Heisann,

On Sat, Jun 23, 2018 at 10:45:39AM +0200, Moritz Muehlenhoff wrote:
> Package: phpldapadmin
> Severity: grave
> Tags: security
> 
> Please see
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12689

I am triaging this bug report because of a request of a user to get
phpLDAPAdmin into testing again, and the maintainer seems to be unresponsive.

Doing so, I found that in my opinion, the CVE is invalid. Neither of the PoC
works.

 PoC 1 (server_id parameter) does not work because the parameter is verified
 using is_numeric before being passed on to anything special.

 PoC 2 makes phpLDAPAdmin simply display "Invalid DN syntax for user".

No matter what, I was not able to get anything out of phpLDAPAdmin with the
information in the CVE and the refereces exploit. Thus, I am lowering the
priority of this bug report to important and asking you to provide more
information on how to produce the behaviour claimed in the CVE report.

Ha det bra,
Nik

Bug#908595: krb5-subdomain and ms-subdomain update policy rules ineffective

[Dominik George]

Package: libbind9-160
Version: 1:9.11.4.P2+dfsg-1
Severity: grave
Tags: security upstream patch
Forwarded: security-offi...@isc.org
Control: found -1 1:9.11.4.P1+dfsg-1
Control: found -1 1:9.11.4+dfsg-4

Hi,

I discovered the following security bug in bind9 a few weeks ago, and
responsibly disclosed it to the ISC security officer. Unfortunately, until
today they did not acknowledge it is a security issue - in contrast, they
proved that they do not fully understand the issue, and now have added a new
feature in the 9.11.4.P2 release which wrongly addresses this security
issue.

The issue is with DDNS update policies using Kerberos, namely the
krb5-subdomain and ms-subdomain update policies for TKEY-GSSAPI. The
documentation states, and has always stated, the following:


  krb5-self
  -

  This rule takes a Kerberos machine principal (host/machine@REALM) for
  machine in REALM and and converts it machine.realm allowing the machine to
  update machine.realm.  The REALM to be matched is specified in the identity
  field.  The name field should be set to "."


  krb5-subdomain
  --

  This rule takes a Kerberos machine principal (host/machine@REALM) for
  machine in REALM and converts it to machine.realm allowing the machine to
  update subdomains of machine.realm.  The REALM to be matched is specified in
  the identity field.  The name field should be set to "."

https://ftp.isc.org/isc/bind9/9.11.4-P1/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies


(I am referring to both krb5-* and ms-* when saying krb5-* in the
following.)

Now the issue is the following (at least in all revisions of bind 9.10 and
9.11, *including the recently released 9.11.4.P1 and .P2*:

krb5-self works a documented, and allows any client showing a valid Kerberos
ticket for machine.realm to update exactly machine.realm.

However, krb5-subdomain is missing the documented check completely - *it
allows updating all records*. To be more precise, it checks the name of the
record to be updated against the name field, instead of, as documented,
against the machine name from the Kerberos identity.

If a BIND TKEY update policy is configured as described in the manual, with
the administrator intending to allow machines to update records below their
own hostname, they are indeed granting full access to the whole zonem
because the documented Kerberos name check is missing.


The ISC security officer claims the following:

  The documented update policy was never intended to work like documented.
  It was intended to work like th ecode does, only checking against the
  configured name field instead of the Kerberos machine name.

  This is not a security issue - it is a documentation bug.

I have raised concerns about these views with the ISC because it has some
implications that I will not believe to be correct:

  There already is a check called subdomai n(without krb5-) that allows
  updating subdomains of the configured name. It can also take a Kerberos
  principal name as TKEY identity - in that case it allows updating the
  subdomain given in the name field if a client shows a valid Kerberos
  ticket for the principal in the identity field. This is what the ISC
  claims to be the intention of krb5-subdomain - I do, however, doubt that
  the person adding the krb5-subdomain check intended to add a new check
  that does the same as the existing subdomain check.

  (I also doubt that the person intended to duplicate an existing check,
  then accidentally added documentation stating the contrary.)

  The code for krb5-subdomain *does* go through all the hassle to extract
  the machine name from the given Kerberos identity - it then ignores the
  result and always returns TRUE instead of checking the record to be
  updated against the machine name it just got hold of with so much work.
  I do doubt that the person writing the original code, in addition to
  the above, intentionally added this code handling a Kerberos identity,
  then always returning TRUE, resulting in the check to do the same as the
  normal subdomain check - only with 100 lines of string manipulation
  resulting in a no-op wrapped around it.


Even after explaining all this to the ISC, they decided to not fix these
checks to do what they are documented (and obviously intended) to do.
Instead, in 9.11.4.P1, they added *new* checks called krb5-subself and
ms-subself that do what krb5-subdomain and ms-subdomain were intended to do,
and sold this as a new feature (they also did not mention my research and
patching efforts doing so, they just told the world they added a cool new
feature - THANK YOU 💖!). The broken -subdomain checks were kept as they
are, including the broken documentation.

Even if the ISC intends to keep the broken checks (which, again, are
duplicates of a more simple check, with tons of string manipulation code
wrapped around), I still consider this a serious security issue because with
the checks not doing what the documentation says for many 

Bug#904453: python3-sleekxmpp: Syntax error on installation with Python 3.7

[Dominik George]

Package: python3-sleekxmpp
Version: 1.3.3-3
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The code uses reserved keywords as funtion names:

  File "/usr/lib/python3/dist-packages/sleekxmpp/plugins/xep_0009/remote.py", 
line 430
def async(self, callback):
^
SyntaxError: invalid syntax


async cannot be a name in Python 3.7 and onwards, thus installation fails
with Python 3.7 as default python3.


- -- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-sleekxmpp depends on:
ii  libjs-sphinxdoc 1.7.6-1
ii  python3 3.6.6-1
ii  python3-dnspython   1.15.0-1
ii  python3-pyasn1  0.4.2-3
ii  python3-pyasn1-modules  0.2.1-0.2

Versions of packages python3-sleekxmpp recommends:
ii  python3-dateutil  2.6.1-1
ii  python3-gnupg 0.4.3-1
ii  python3-socks 1.6.5-1

python3-sleekxmpp suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAltXLGUxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p
ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylixPD/9mwqzw
5Swn5xlv07vLxogI7JKJu/9ZS/J/eH2N7HF4+kS7UtNwpb9MpyM+u2aTm+4HXGje
Rth48S8zL0mv/6jRonmeuM6AhbGzpX4l58iDWX7N+q9mcnVmUjpm3XEr7TstfaHl
V2Zf4FPRDs7S59+fVBYoEzYDqHaBRd3jE81rx6BRxY3vgscw7Og1NRJk8eubTBmT
P57b8j4EEluJJXS6eEj5+AT8OymaYaPOcaV0STiici5Ugtc8PvauumcEnjnICbCa
SY1uqY+A5oHET61Js3lmZP7VfDngt4hJNJpos4tRWjg4WJWPE12Ml+fdRMIBqEvE
WutpIL4tHCC8mBaXXk1w2EN6J7bXegtZLAr8QbbG20yW9Qmhedg//rIeVuBWrZFR
3W/g5Xm2RGrOMdrSHw/VPTXwxrtqNULT2tnaOf6gd2ioHjrfRiMqopJ4QC5jUBsn
ymnfP0ZqPsNynLcaJ+Re/UvllQJVafvV34Ag+ufBg5UtkZMaLAJB7gPCzEOJoMwv
SLwSRV6xmmlmy1P21AQP56yrZXwUpaSo4Oju4Mb/Vvwyz7OW362qRM7giS6SWP6I
q+JYR+YhWzkLdsY1V3HMk15FYyPzIHdyYn0v1hfWl/4zYDLYUNwwcAhHKeV0dQ47
q9Z93A9opg0Us01ipSI4UXwkBr0SiAhgI1OjQA==
=6M3H
-END PGP SIGNATURE-

Bug#900879: bind9-dyndb-ldap: does not work with current bind9 anymore

[Dominik George]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Jun 06, 2018 at 11:54:04AM +0200, Dominik George wrote:
> This plugin only works with the old dyndb patch for BIND, but not with
> the DynDB interface in the version now included in BIND upstream.

Seems that is not the case, but the plugin needs to be rebuilt against BIND
9.11.3, which seems not to work right now: 
https://pagure.io/bind-dyndb-ldap/issue/176

- -nik
-BEGIN PGP SIGNATURE-

iQJlBAEBCABPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlsXs7UxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW
oMTyljzPD/49i+nyVE7DNFWyM/BRiMW4J7ZWUduUqLcoA9BUY9M0VLjQHjaWfdNk
k9l277SrwVaGHgpgOKau8StmsZOkEnhJW0MV6b4TUIiykglM6+4vjWukS+MK7Pxj
ErpBdwVpE30YL0/MVm+JnmUnbHgdX6qr7KPNU439bHNujBnHjW8o3Pj7aAKuYjFl
vq5I09awmcfPX+jt+NzAkkp6DGp+t0BFP+OYcdqHwBzLhL/XWeNzQnvu88OvwJwa
q2cgovXoiSgO6XmnuXZCMfJPVUE6YNULbljczCahtOHToFruqEE71J+z5we/cdfl
c6vwFHc7C7WupHSnZc9nbP3kGLinB2qZRoVdrxvSV23Y8/mKNHdG3e4y6k0SAUXP
aTP5xiudT7DWsL6dWVSDcpOZqBtv5CgT8eFkIYr64CbSECXZfHS1pZowK+SygQFH
SVy3pIJpWRyYd2fxJKfwYDF6vMgKae3UG+4zZftxhfld4n0ugr9CV/kZkH+i2c7r
jNmSZhjfWEIlL0/S9TceH9yCfKQWdPDRSKoStqAjTA8ZGvDd8B2E/u4RaylrDfZx
OsQtPjkUkuHR+onKJm+G3jsinD9HFRWcRT4JlbfykZBJQLya9NVxstSF6/rse53+
wj+4qrXgVVPpDGyZ82zKADN0AYgzV0NunWNXlc6WZde45+r8iz70oQ==
=jhea
-END PGP SIGNATURE-

Bug#900879: bind9-dyndb-ldap: does not work with current bind9 anymore

[Dominik George]

Package: bind9-dyndb-ldap
Version: 11.1-3
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

This plugin only works with the old dyndb patch for BIND, but not with
the DynDB interface in the version now included in BIND upstream.

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bind9-dyndb-ldap depends on:
ii  bind9  1:9.11.3+dfsg-1
ii  libc6  2.27-3
ii  libdns1100 1:9.11.3+dfsg-1
ii  libisc169  1:9.11.3+dfsg-1
ii  libkrb5-3  1.16-2
ii  libldap-2.4-2  2.4.46+dfsg-5
ii  libuuid1   2.32-0.1

bind9-dyndb-ldap recommends no packages.

bind9-dyndb-ldap suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlsXrzQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYSQRAA2BHdTJjrzalbFRsedVhMjBqAGYJc
TstiWl+x7MYZideTiy6FbvgazBTu/DJFioAmcn4jxo+4QV2t1HP3QjjhtNtD4h4Z
PZMVs7sfEUUP3dble0njZZUilhKShD82caWozcI1sfgxHelzZvaYRXfSUULuce41
PkayYQAwJrYr84rSPTdN2POYBP3dOj4oz7tZ1N9vVbelLWCdWYkXEWqWR572FUSX
TdgTvtIJ6gC8wXt1xJJaQ0NTh09X7wouk6oUJldh7ey1JA18lLC5MWqjar5FDPVR
UANFF8y68PCRj9WxyzyKHLmZPRnOrYgV4aMhUEstqAwQwwCPXFVMPRx/2nb8Er7l
ikKMMDvVbDWDdEt61sOksGb7QGUc25o8utKxzFlaFgdNbIZFTWBNRTwhDhfYaW/m
ccyS0CoIzULpqe8pcMewTQL4S4J8HnN1mx/QTgcVT8Z4c6c0rMn/ks/og4/DDzdq
ULKEwYxuwsQrCq5OSJso/OTGwORwTmhCXV4B/E6+KWhzjVRefkZNAXeCCQqEZOMA
oKECg1tHYM/2JSHN9a8/orLHIo457VlLOM6Wk6C6vkEBS33CqnT+FG+kG53pEWR/
3rnjfj0mvlgrsaGnvUPUAYbTCehF1DvCMjlsnRYQVN/Se7MzNAlPRbgy65fR13Fy
M5enAIfrwZCPJcs=
=iGc4
-END PGP SIGNATURE-

Bug#900447: Build against freerdp2

[Dominik George]

Control: reassign -1 guacamole-server
Control: merge 888321 -1

Hi,

> This bug is for tracking the efforts of porting guacamole-client to
> FreeRDP v2.

guacamole-client has nothing to do with freerdp.  ITYM guacamole-server,
which also already has a bug for that ☺.

-nik


signature.asc
Description: PGP signature

Bug#894560: pygame: Don't drop python2 package

[Dominik George]

Control: tags -1 + pending

Hi,

the next upload in a couple of days will re-introduce the python 2 package.

-nik


signature.asc
Description: PGP signature

Bug#894560: pygame: Don't drop python2 package

[Dominik George]

Hi,

> Your latest upload drops the python-pygame pacakge but I count 35
> packages in Debian Testing that depend on it. Please restore the
> python-pygame package until all those packages no longer depend on it.
> 
> Even without a bug being filed, I believe the broken dependency issue
> would have prevented this package from migrating to Testing.

So, what's the use of that?

I do not target for testing - I target for buster and for sid.  Neither
pygame nor its dependencies, using Python 2, will survive the buster release
cycle, so there is no point in forcefully keeping it around in testing.  And
as you said: Non of this will transition until the problem is solved (either
by removal of the dependencies or their switch to Python 3).

All that will happen with and without the Python 2 version of Pygame.

-nik


signature.asc
Description: PGP signature

Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual

[Dominik George]

Source: debian-edu-install
Version: 1.916
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I spent two days trying to install Debian Edu (combined server) in a
virtual machine. I started with 100 GiB hard disk, then tried 150 GiB,
and finally 220 GiB. The LTSP chroot installation always fails with no
space left in /opt/var/cache/apt.

Installing Debain Edu is not possible.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr7nQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pb2bxAAvIZSU7BE0+ucGg5SEzrzvk0GHzuv
OfhwhpxuggDzKgTf2vq5fsEXm9DafxyIXhq9ZfYgbGCRqXlWbO3hjlmneZx1OCzt
ow3kpLZJy5LwerRYe2lYlJY8O8ZYnKPUMuWxblpVCU9tQUXw/+edtmu+KGRNcEmX
L8u5/y1LNp5846Xb9wSKgJP93DaYInUndv9+i9EOGps+uoZlO67yyDgYJUJmmkJf
0q9zoU7KBOO2fJv8i1rcbxmgNaT9gcqZLtlLXPvFUm526ipZHT1nktteHJQEtwqf
KNhGA2tsNwxJrWJgnJG/Vtppwj9wgbdJ9q9cPxVqS9sLVi3hoUPeDRA6kBVmkebB
nbxDLI8tl5DtdR6FLQKOT8nfich9V5XDmW4379jCL+g7P+ixigBiWLouwMwnBCr/
EpBK8Qwv0KCnRhs9geC9i5HBpU4oKB4nJr5L24jEy9kbwaduN1w3mpRQZ81WtsCC
MdYEmJl0VhW4UH5MYjxrkPZ1lI5b9f4pSFI5wmA1FGSC12+swTWFWKY3ivVhObDE
exQfsdRUhuLj4NpPVvE3rIqxLOCAi75X5R9/cdJ5uMxyG0kzUwzi87dv9VIBy+FT
0SpH1QYhSz/ORRA4FjlDBn726Bwk6OpudECPn1JMBoziZ6k/ASwSfSG74q8MPDRI
70iu0yXdiLct/3M=
=HyOM
-END PGP SIGNATURE-

Bug#876459: needrestart: Non-interactive mode not being detected properly

[Dominik George]

Hi Patrick,

> I regularly see this bug cause important PostgreSQL databases to be
> restarted on Debian stable.
> 
> Can you please make sure to provide an update for the next Debian point
> release? If you need help doing so, feel free to say that.

Any news/opinion on that?

If I do not hear anything from you within this week, I will start
negotiating with therelease team about the patch for the next point
release.

Cheers,
Nik


signature.asc
Description: PGP signature

Bug#867558: flask-ldapconn FTBFS: build dependencies python-ldap3/python3-ldap3 are only available in more recent versions

[Dominik George]

Control: tags -1 + upstream

>  builddeps:flask-ldapconn : Depends: python-ldap3 (< 2.0~) but it is not 
> going to be installed
> Depends: python3-ldap3 (< 2.0~) but it is not 
> going to be installed

ldap3 version 2 requires a complete rewrite. Upstream tracks this at
https://github.com/rroemhild/flask-ldapconn/20

-nik


signature.asc
Description: PGP signature

Bug#871910: marked as pending

[Dominik George]

tag 871910 pending
thanks

Hello,

Bug #871910 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/pygame.git/commit/?id=a6f8d3d

---
commit a6f8d3d63dcdfe1bf3a32f1141d4e4ceddd040b2
Author: Dominik George 
Date:   Sat Dec 16 21:13:00 2017 +0100

Update dependency on timgm6mb-soundfont. (Closes: #871910)

diff --git a/debian/changelog b/debian/changelog
index bccc8d8..e89b2ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+pygame (1.9.3+dfsg-3) unstable; urgency=medium
+
+  * Update dependency on timgm6mb-soundfont. (Closes: #871910)
+
+ -- Dominik George   Sat, 16 Dec 2017 21:12:22 +0100
+
 pygame (1.9.3+dfsg-2) unstable; urgency=medium
 
   * License review to update d/copyright.

Bug#882463: Wheezy update of xrdp?

[Dominik George]

Hi,

> Would you like to take care of this yourself?

Not really. Go ahead ☺.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#882463: marked as pending

[Dominik George]

tag 882463 pending
thanks

Hello,

Bug #882463 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-remote/xrdp.git/commit/?id=d852069

---
commit d8520695e237c8853380e247e82d22d155c8b7e3
Author: Dominik George 
Date:   Fri Dec 15 02:05:25 2017 +0100

Add patch for CVE-2017-16927.

diff --git a/debian/changelog b/debian/changelog
index ce894b1..b430e2a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.1-9+deb9u2) stretch-security; urgency=high
+
+  * Fix CVE-2017-16927. (Closes: #882463)
+
+ -- Dominik George   Fri, 15 Dec 2017 02:05:40 +0100
+
 xrdp (0.9.1-9+deb9u1) stretch; urgency=medium
 
   * Fix high CPU load on SSL shutdown. (Closes: #876976)

Bug#882463: marked as pending

[Dominik George]

tag 882463 pending
thanks

Hello,

Bug #882463 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-remote/xrdp.git/commit/?id=690b1ae

---
commit 690b1aea2b21dde4d82c154d0f132c5348bd24e9
Author: Dominik George 
Date:   Fri Dec 15 02:10:06 2017 +0100

Add patch for CVE-2017-16927.

diff --git a/debian/changelog b/debian/changelog
index a6c0ade..355b3db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ xrdp (0.9.4-2) UNRELEASED; urgency=medium
 
   [ Dominik George ]
   * Fix typo in previous changelog.
+  * Fix CVE-2017-16927. (Closes: #882463)
 
   [ Thorsten Glaser ]
   * Place missing log_end_msg in init script.
@@ -10,7 +11,7 @@ xrdp (0.9.4-2) UNRELEASED; urgency=medium
   * Cherry-pick missing parts from experimental branch.
   * Fix another typo in previous changelog.
 
- -- Thorsten Glaser   Tue, 10 Oct 2017 20:21:09 +0200
+ -- Dominik George   Fri, 15 Dec 2017 02:10:18 +0100
 
 xrdp (0.9.4-1) unstable; urgency=medium
 

Bug#882463: marked as pending

[Dominik George]

tag 882463 pending
thanks

Hello,

Bug #882463 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-remote/xrdp.git/commit/?id=180d149

---
commit 180d1495f0729e6afdda2e60c1c0aeaf2bec05b5
Author: Dominik George 
Date:   Fri Dec 15 02:05:25 2017 +0100

Add patch for CVE-2017-16927.

diff --git a/debian/changelog b/debian/changelog
index ce894b1..422df4c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.1-9+deb9u2) stretch; urgency=medium
+
+  * Fix CVE-2017-16927. (Closes: #882463)
+
+ -- Dominik George   Fri, 15 Dec 2017 02:05:40 +0100
+
 xrdp (0.9.1-9+deb9u1) stretch; urgency=medium
 
   * Fix high CPU load on SSL shutdown. (Closes: #876976)

Bug#882085: [cowsay] Package includes ASCII representation of Zoophilia

[Dominik George]

> In fact, the package was installed since I have turned on install
> suggests. If this was done on purpose or accident is not open for debate.

It is. I'm sorry, but in fact, your concern should be that you are obviously 
unable to control what you install on your system. You can read a handbook on 
this topic - but please leave unrelated maintainers alone - they are not the 
support crew for your personal system's administration.

The fix is to purge the package and look and think next time you install 
packages.

-nik

Bug#873271: pam-krb5-migrate: install paths are wrong

[Dominik George]

Source: pam-krb5-migrate
Version: 0.0.11-4
Severity: grave
Justification: renders package unusable

Both the PAM modules and the pam config are installed into
sub-directories instead of their correct places. This makes the package
unusable without moving files in system locations around beforehand.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#863701: sympa: insists that cookie has changed when it hasn't

[Dominik George]

Hi,

> In this case the head command might not be in the path Sympa is seeing. Could 
> you please test if
> `/usr/bin/head ...` works for you?

Yes, it does.

-nik

-- 
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/

Bug#863701: sympa: insists that cookie has changed when it hasn't

[Dominik George]

Hi,

>The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian
>package,
>so this hasn't changed?

Confirmed.

>
>What are the permissions of the cookie file?

640 owned by sympa:sympa

I have placed debugging prints into Conf.pm and found that $current is empty 
right at the beginning of cookie_changed. It seems the `head... command is not 
evaluated.

I placed the cookie in the config file directly, which makes it working again.

-nik
-- 
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/

Bug#863701: sympa: insists that cookie has changed when it hasn't

[Dominik George]

Package: sympa
Version: 6.2.16~dfsg-3
Severity: grave
Justification: renders package unusable

SYMPA suddenly refuses to start with:

May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter 
has changed. You may have severe inconsitencies into password storage. Restore 
previous cookie or write some tool to re-encrypt password in database and check 
spools contents (look at /etc/sympa/cookies.history file). at 
/usr/lib/sympa/bin/sympa_msg.pl line 310.
May 30 09:35:20 terra sympa_msg.pl[22389]:  at /usr/lib/sympa/bin/sympa_msg.pl 
line 310.
May 30 09:35:20 terra sympa_msg.pl[22389]: main::_load() called at 
/usr/lib/sympa/bin/sympa_msg.pl line 87

Now, while I see why this protection is in place, unfortunately, the
cookie has not changed. Neither has the parameter in the config file
changed (checked with etckeeper), nor has the contents of the cookie
file changed (checked with etckeeper), nor is anything different in
cookies.history.

SYMPA just decided to block startup.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sympa depends on:
ii  adduser   3.115
ii  ca-certificates   20161130+nmu1
ii  dbconfig-common   2.0.8
ii  debconf [debconf-2.0] 1.5.60
ii  fonts-font-awesome4.7.0~dfsg-1
ii  init-system-helpers   1.48
ii  libarchive-zip-perl   1.59-1
ii  libc6 2.24-10
ii  libcgi-fast-perl  1:2.12-1
ii  libcgi-pm-perl4.35-1
ii  libclass-singleton-perl   1.5-1
ii  libcrypt-openssl-x509-perl1.8.7-3
ii  libcrypt-smime-perl   0.19-2
ii  libdatetime-format-mail-perl  0.4030-1
ii  libdbd-csv-perl   0.4900-1
ii  libdbd-mysql-perl 4.041-2
ii  libdbd-pg-perl3.5.3-1+b2
ii  libdbd-sqlite3-perl   1.54-1
ii  libdbi-perl   1.636-1+b1
ii  libfcgi-perl  0.78-2
ii  libfile-copy-recursive-perl   0.38-1
ii  libfile-nfslock-perl  1.27-1
ii  libhtml-format-perl   2.12-1
ii  libhtml-stripscripts-parser-perl  1.03-1
ii  libhtml-tree-perl 5.03-2
ii  libintl-perl  1.26-2
ii  libio-stringy-perl2.111-2
ii  libjs-jquery  3.1.1-2
ii  libjs-jquery-migrate-11.4.1-1
ii  libjs-jquery-placeholder  2.3.1-2
ii  libjs-jquery-ui   1.12.1+dfsg-4
ii  libjs-modernizr   2.6.2+ds1-1
ii  libjs-twitter-bootstrap   2.0.2+dfsg-10
ii  libmail-dkim-perl 0.40-1
ii  libmailtools-perl 2.18-1
ii  libmime-charset-perl  1.012-2
ii  libmime-encwords-perl 1.014.3-2
ii  libmime-lite-html-perl1.24-2
ii  libmime-tools-perl5.508-1
ii  libmsgcat-perl1.03-6+b3
ii  libnet-cidr-perl  0.18-1
ii  libnet-dns-perl   1.07-1
ii  libnet-ldap-perl  1:0.6500+dfsg-1
ii  libnet-netmask-perl   1.9022-1
ii  libregexp-common-perl 2016060801-1
ii  libsoap-lite-perl 1.20-1
ii  libtemplate-perl  2.24-1.2+b3
ii  libterm-progressbar-perl  2.18-1
ii  libunicode-linebreak-perl 0.0.20160702-1+b1
ii  libxml-libxml-perl2.0128+dfsg-1+b1
ii  lsb-base  9.20161125
ii  mhonarc   2.6.19-2
ii  perl  5.24.1-2
pn  perl:any  
ii  postfix [mail-transport-agent]3.1.4-4
ii  rsyslog [system-log-daemon]   8.24.0-1
ii  sqlite3   3.16.2-3

Versions of packages sympa recommends:
ii  apache2-suexec-pristine [apache2-suexec]  2.4.25-3
ii  doc-base  0.10.7
ii  libapache2-mod-fcgid  1:2.3.9-1+b1
pn  libcrypt-ciphersaber-perl 
ii  libio-socket-ssl-perl 2.044-1
ii  locales   2.24-10
ii  logrotate 3.11.0-0.1
ii  postgresql9.6+181

Versions of packages sympa suggests:
ii  apache2 [httpd-cgi]  2.4.25-3
pn  libauthcas-perl  
pn  libdbd-odbc-perl 
pn  libdbd-oracle-perl   

-- Configuration Files:
/etc/sympa/auth.conf changed [not included]

-- debconf information excluded

Bug#863631: sympa: trashes configuration on update without asking

[Dominik George]

Package: sympa
Version: 6.2.16~dfsg-3
Severity: critical
Justification: causes serious data loss

The upgrade to 6.2.16~dfsg-3 from 6.2.16~dfsg-2 in stretch just ditched
SYMPA's config files on my system, leaving it in a broken way, even in
such a broken way that users who tried sending mails did not receive an
error and thought things went through. I think some actions would even
have led to destruction of database data.

I have no idea why the maintainer scripts decided to do that. I
recovered from etckeeper and a system backup.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sympa depends on:
ii  adduser   3.115
ii  ca-certificates   20161130+nmu1
ii  dbconfig-common   2.0.8
ii  debconf [debconf-2.0] 1.5.60
ii  fonts-font-awesome4.7.0~dfsg-1
ii  init-system-helpers   1.48
ii  libarchive-zip-perl   1.59-1
ii  libc6 2.24-10
ii  libcgi-fast-perl  1:2.12-1
ii  libcgi-pm-perl4.35-1
ii  libclass-singleton-perl   1.5-1
ii  libcrypt-openssl-x509-perl1.8.7-3
ii  libcrypt-smime-perl   0.19-2
ii  libdatetime-format-mail-perl  0.4030-1
ii  libdbd-csv-perl   0.4900-1
ii  libdbd-mysql-perl 4.041-2
ii  libdbd-pg-perl3.5.3-1+b2
ii  libdbd-sqlite3-perl   1.54-1
ii  libdbi-perl   1.636-1+b1
ii  libfcgi-perl  0.78-2
ii  libfile-copy-recursive-perl   0.38-1
ii  libfile-nfslock-perl  1.27-1
ii  libhtml-format-perl   2.12-1
ii  libhtml-stripscripts-parser-perl  1.03-1
ii  libhtml-tree-perl 5.03-2
ii  libintl-perl  1.26-2
ii  libio-stringy-perl2.111-2
ii  libjs-jquery  3.1.1-2
ii  libjs-jquery-migrate-11.4.1-1
ii  libjs-jquery-placeholder  2.3.1-2
ii  libjs-jquery-ui   1.12.1+dfsg-4
ii  libjs-modernizr   2.6.2+ds1-1
ii  libjs-twitter-bootstrap   2.0.2+dfsg-10
ii  libmail-dkim-perl 0.40-1
ii  libmailtools-perl 2.18-1
ii  libmime-charset-perl  1.012-2
ii  libmime-encwords-perl 1.014.3-2
ii  libmime-lite-html-perl1.24-2
ii  libmime-tools-perl5.508-1
ii  libmsgcat-perl1.03-6+b3
ii  libnet-cidr-perl  0.18-1
ii  libnet-dns-perl   1.07-1
ii  libnet-ldap-perl  1:0.6500+dfsg-1
ii  libnet-netmask-perl   1.9022-1
ii  libregexp-common-perl 2016060801-1
ii  libsoap-lite-perl 1.20-1
ii  libtemplate-perl  2.24-1.2+b3
ii  libterm-progressbar-perl  2.18-1
ii  libunicode-linebreak-perl 0.0.20160702-1+b1
ii  libxml-libxml-perl2.0128+dfsg-1+b1
ii  lsb-base  9.20161125
ii  mhonarc   2.6.19-2
ii  perl  5.24.1-2
pn  perl:any  
ii  postfix [mail-transport-agent]3.1.4-4
ii  rsyslog [system-log-daemon]   8.24.0-1
ii  sqlite3   3.16.2-3

Versions of packages sympa recommends:
ii  apache2-suexec-pristine [apache2-suexec]  2.4.25-3
ii  doc-base  0.10.7
ii  libapache2-mod-fcgid  1:2.3.9-1+b1
pn  libcrypt-ciphersaber-perl 
ii  libio-socket-ssl-perl 2.044-1
ii  locales   2.24-10
ii  logrotate 3.11.0-0.1
ii  postgresql9.6+181

Versions of packages sympa suggests:
ii  apache2 [httpd-cgi]  2.4.25-3
pn  libauthcas-perl  
pn  libdbd-odbc-perl 
pn  libdbd-oracle-perl   

-- Configuration Files:
/etc/sympa/auth.conf changed [not included]

-- debconf information excluded

Bug#856489: opendmarc: defaults file vanished

[Dominik George]

Package: opendmarc
Version: 1.3.2~Beta1-2
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The /etc/defaults/opendmarc file has vanished, although it is still
referenced in README.Debian. The systemd service file also shows no
signs of ever reading this file.

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opendmarc depends on:
ii  adduser 3.115
ii  libbsd0 0.8.3-1
ii  libc6   2.24-9
ii  libmilter1.0.1  8.15.2-8
ii  libopendmarc2   1.3.2~Beta1-2
ii  libspf2-2   1.2.10-7+b1
ii  lsb-base9.20161125
ii  publicsuffix20170223.0049-1

Versions of packages opendmarc recommends:
pn  libdbd-mysql-perl 
ii  libdbi-perl   1.636-1+b1
ii  libhttp-message-perl  6.11-1
ii  libopendbx1   1.4.6-11
ii  libopendbx1-mysql 1.4.6-11
ii  libswitch-perl2.17-2
ii  perl  5.24.1-1
pn  perl:any  

opendmarc suggests no packages.

- -- Configuration Files:
/etc/default/opendmarc [Errno 2] Datei oder Verzeichnis nicht gefunden: 
'/etc/default/opendmarc'
/etc/opendmarc.conf changed [not included]

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAli24HQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pblhxAAuQwlHprMZv3veerum2PQpijOHkQh
mTowKgbLdlIVz4K7S9VSgWEFkjlLEvd3Yg5ivcEq9cuu0Lr+LmFAsZILkooHXY4C
kvKrsHetRa//lAiozm6WFhqPn7QELKwW5usKbxOy/cdrV9e7a7WZPAjjHwhztQYR
5UGNrHVBhl4Aox7w0qINmbxeamxpj3JKYJIN4IPSezpfkM4AaCnhTsA2TNw1ONhZ
PxPDfZ7Zs2145sCgkzHIv3sV7QRN6TstMQzlWhG+JungnohJhFdrTCOk1zH9SvaP
wOHw+l5H70fElw2ugzTjdi5LpK7pGzqlLFgLoKpf0aJnATAfHwsAGrz+eguhIGfT
kxY9PVWoPPjt/uOfczpZ6HrVDXYKQIxs9xD7wnDKpX7urhYgNn9TKUZ9Cc+imqYI
GDUom0XyB8Y/dD2FF7EihM4/s8vquBMdq+UWzd2ucf6A0QROjaNq1lr3XpOuaI9+
nS8EqASprymQxwvAR6umRX4ilkwMshai0qWZWxC1L2m0uAXBy+Y1jDSUYmJJPc/3
dxbq6O74K1W+Y3Ny0cco8wF8SwGd56M+rwcAJsSYCRvTQwkQJSsWbyaFJAJMj6UB
iBf/Zqnb6nDUrhx7EVcoG4BbYIrtXdIMu4uC5Bx54a7JYv/V/nEcU+i2SH/lBufh
DGEZwPM/jR6YxVg=
=tWkp
-END PGP SIGNATURE-

Bug#856488: opendmarc: does not honor Socket config key anymore

[Dominik George]

Package: opendmarc
Version: 1.3.2~Beta1-2
Severity: grave
Justification: renders package unusable

At some point, OpenDMARC stopped honouring the Socket option in its
config file. This results in 127.0.0.1:12302 never being bound with the
configuration file attached.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opendmarc depends on:
ii  adduser 3.115
ii  libbsd0 0.8.3-1
ii  libc6   2.24-9
ii  libmilter1.0.1  8.15.2-8
ii  libopendmarc2   1.3.2~Beta1-2
ii  libspf2-2   1.2.10-7+b1
ii  lsb-base9.20161125
ii  publicsuffix20170223.0049-1

Versions of packages opendmarc recommends:
pn  libdbd-mysql-perl 
ii  libdbi-perl   1.636-1+b1
ii  libhttp-message-perl  6.11-1
ii  libopendbx1   1.4.6-11
ii  libopendbx1-mysql 1.4.6-11
ii  libswitch-perl2.17-2
ii  perl  5.24.1-1
pn  perl:any  

opendmarc suggests no packages.

-- Configuration Files:
/etc/default/opendmarc [Errno 2] Datei oder Verzeichnis nicht gefunden: 
'/etc/default/opendmarc'
/etc/opendmarc.conf changed:
PidFile /var/run/opendmarc.pid
RejectFailures false
Syslog true
UMask 0002
UserID opendmarc:opendmarc
PublicSuffixList /usr/share/publicsuffix/
Socket inet:12302@127.0.0.1

-- no debconf information

Bug#856002: sddm: only shows white screen

[Dominik George]

Hi,

> sddm logs the output to the syslog, please check that, and possibly the
> Xorg.0.log, for errors. Which video card are you using?

Nothing suspicious in the logs. I am using an Intel HD Graphics 4400
something-whatever-on-board thingy.

> Also, could you test sddm 0.14.0-1 (which is currently available in
> experimental)?

0.14.0-1 indeed works. And when starting, it loaded some default them
and complaint that the breeze theme could not be found and I in turn
found that the sddm-theme-breeze package was not installed. Maybe that's
the issue with 0.13.0 as well and it simply fails to complain?

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#856002: sddm: only shows white screen

[Dominik George]

Package: sddm
Version: 0.13.0-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

sddm only shows a white screen after starting. sddm.log remains empty.

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sddm depends on:
ii  adduser   3.115
ii  debconf [debconf-2.0] 1.5.60
ii  libc6 2.24-9
ii  libgcc1   1:6.3.0-8
ii  libpam0g  1.1.8-3.5
ii  libqt5core5a  5.7.1+dfsg-3+b1
ii  libqt5dbus5   5.7.1+dfsg-3+b1
ii  libqt5gui55.7.1+dfsg-3+b1
ii  libqt5network55.7.1+dfsg-3+b1
ii  libqt5qml55.7.1-2
ii  libqt5quick5  5.7.1-2
ii  libstdc++66.3.0-8
ii  libsystemd0   232-18
ii  libxcb-xkb1   1.12-1
ii  libxcb1   1.12-1
ii  qml-module-qtquick2   5.7.1-2
ii  sddm-theme-maui [sddm-theme]  0.13.0-1

Versions of packages sddm recommends:
ii  libpam-systemd  232-18

Versions of packages sddm suggests:
ii  libpam-kwallet5  5.8.4-1

- -- debconf information:
  sddm/daemon_name: /usr/bin/sddm
* shared/default-x-display-manager: sddm

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAliv5/MxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pa4dhAAu92VeDU2/G6aNHsVmszdw3T8JvIx
3gO5KJ7oFCe4i5QxtTWnQZghhMCF9kmgeGwJ87fLNKgp/50QQNUnR0RIyE4gDwKe
BTUSs6K4hyKBIz/giaLCYTOlTIxW7BjhzefNISekkg9/fNqCuECUbD4AzRYuZ0Wc
9/1kqIVakdaPzkqLeY21cACMQvJcbCQb6F1u60eoCc3rTGW7R1kGCfgcMxz8PJ/2
tREO/ItXm/vwEqHH+QeuHgweuNkZjzPF2LUlEJRDRX6E5CO3RzmgKUY6fQP7mO0Q
QigBNKoy0erFZIsSY04GH47kHmhoPHuViRX5XJacpbrSfwR5SJRFiEIOdTwBcnHU
Eu2qX231yhDNxqCjEwDUvDONlCe8+xh5UYwmFzg2SInligi4NjcR+aHXHLitUp5D
SKTlPxB1g7uLu9wIxtKnKegGAPzNWlTh6/j/eqX7DzuCpJSkSAUYB411aiqxYVc4
VqOvvNgPOIGwgsWreOSBnEOMfVy2dMIrvnc60zObJwIMF5HQBz/vAw+cJxYsbVg4
RELCkh9vQviG5HAr7xaa69WhSeZiGfrueGfSpUjKjlAMBa2nBuFkZ6mMbW0fwwLC
wvK02OfUECMYgj+C2NjHdBU1nahmdk6vIQ+7vVZCi2g43qeQb4pO8PGr/Xof+loL
/Gsq9JWW7yxQc3w=
=/8H0
-END PGP SIGNATURE-

Bug#855383: warning: gstate underflow in content stream and 100% CPU

[Dominik George]

Package: mupdf
Version: 1.9a+ds1-3
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Since the last update, MuPDF refuses to display (at least) PDFs created
with pdflatex and ghostscript.

It only outputs…

warning: gstate underflow in content stream

…then hangs at 100% CPU load. According to strace, it seems to hang in a
noop loop and does not call any syscalls anymore.

You can find an example PDF at
https://www.teckids.org/docs/public/material/computer-intro_allgemein_01_ab_maschinen-und-anweisungen.pdf

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mupdf depends on:
ii  libc62.24-9
ii  libfreetype6 2.6.3-3+b1
ii  libharfbuzz0b1.4.2-1
ii  libjbig2dec0 0.13-4
ii  libjpeg62-turbo  1:1.5.1-2
ii  libopenjp2-7 2.1.2-1.1
ii  libx11-6 2:1.6.4-3
ii  libxext6 2:1.3.3-1
ii  zlib1g   1:1.2.8.dfsg-5

mupdf recommends no packages.

Versions of packages mupdf suggests:
ii  mupdf-tools  1.9a+ds1-2

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlim5FsxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYIbRAAo876nr+hSRnL/V1wR3EV8BVhGdRL
M8+HAUjlI56KMWyjr7w7RQLHxt/YYQuD27s0us6UF+6KnFZg7HmAbE4vuZILFO0z
WFSExgs1Lbd4MiLupqBaEUJvG6lAXGzv6JSMwot7t/x1Dc2bAtsJSaeb7pt8Vu/L
wGHppMB72T1tj/Ty/N+p/0MX0hxDtMW7pOlKQYjVGsgQCUELj3AI2gjosFVzkjEL
+OPwDMQfNNpDsy0FhQ55butkwIMi0YPn89T4XoIfDB8RB5EEvQzqFBl3y5cVTrVG
Q45yIpfPCgikV/AvGlnHG5fru+sXcTxZRCBd9uMzpj8V/zmS9qxOwDb2RAHibq39
ee0ZjB4I8LTcUBBOa9/dFEQk51T20QHUuM54OsHn39L/MTYiCx0PD+kSkNjy63Q+
ExkWssmeAYCpPTSOXWjE9hodyTfW8+0K3kSmyswajpSvtNBw7dTsyvAbAIQWxB+z
WeOvQBUv6dxStwqu2W2HBWA5lbXiMfmBJCEr/ZypA35TQ3wIRH8L2taThtmhAT9Y
60gnPDl8qUyj2T2i4Ie9AbJwpPNOZwmJ1NVIgdc9f4pxsL5UY7dKsK0e84QDID9z
wnZq+0p4dhgiDlvy+aE0dQVNHBkocROFCu2prWQldSw8FiRpz621HtyZ+g347A8y
CevRltaJFCASv2Y=
=E4wx
-END PGP SIGNATURE-

Bug#854548: marked as pending

[Dominik George]

tag 854548 pending
thanks

Hello,

Bug #854548 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-remote/xrdp.git;a=commitdiff;h=1d67bb8

---
commit 1d67bb891ccb3d27b99bf4fde1720135a1f464ce
Author: Dominik George 
Date:   Thu Feb 9 12:48:35 2017 +0100

Ensure creation of /run directory.

diff --git a/debian/changelog b/debian/changelog
index 1ddbfb1..f545629 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.1-5) unstable; urgency=medium
+
+  * Ensure creation of /run directory. (Closes: #854548)
+
+ -- Dominik George   Thu, 09 Feb 2017 12:47:36 +0100
+
 xrdp (0.9.1-4) unstable; urgency=high
 
   [ Thorsten Glaser ]

Bug#853258: docker.io: uses sleep to query user in maintainer script

[Dominik George]

Source: docker.io
Version: 1.11.2~ds1-6
Severity: serious
Justification: Policy 3.9.1

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

One of the maintainer scripts asks the user whether it is ok to “nuke”
docker containers using a message followed by a sleep.

Please use a debconf-compatible interface to query the user if you are
really interested in whether they want to remove the data or not.

An example on how to do that is the slapd package which uses debconf to
determine what happens with the data files.

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/lksh
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAliPoqQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYgkRAAmQDIPN1uxudKGNwm7qJsyiz4uHk4
SutC4jouuLAOPBOFn/wPYVWA0MJIAhZHLgtrEuZhcrFUens98t2KbTbDdZiyc+v/
q74kKGYhHp7fvEI27BJBC9j/johvW/0o/tjR5kInb+LnakQmV8ZM9Y55r+a2Kc6J
7zxx+EvfB+Pbtd5CqgNaVvAEuuOUtObbxcKoBaoKV3Glmsm9gQ+VwfgafPYATUKb
48RcMJgSKIouNShHGABU5/w4zR3VyqB3D7LhTqTSz2TbOiGErfIz7tNyZsfHs2sO
m5diAWQqwJtIDQ3Tr+ILztME2tHsOPEtxy5/ozxWKRBEz4q1AqxT5EHynwtDnKBI
KLj83BGna90bqGp7jGrZQzvK0NA9JPB53Vkzu3ztY+/OfEUHdpDH6d8/VYEHMV99
3rVlPPyGhG2GqzOsUWWNfo6G+4XsKLy/akelmrDjPzKYsFEpTbvJtorRtQn3tg0l
gOsPDvIPTFuWS/8706AZZFn7bYjWNJMfOOjjtvugK+AJYTNT1gBU1AIWUYJooqwA
OOf60sjX79fmqFLoV9IU1JPWlbZrDOkIxS2a7VbH/9B5VaGfq6bGGKtsDOPQk+4o
oR5NQdOguQ8xyWXhCyJfwZbtozk90Ks5S8FP8Zlsoj1u/E1yePsgk3DCZLWpUkbH
oKI6TRxIooqy77k=
=htX2
-END PGP SIGNATURE-

Bug#853248: docker.io: cannot be purged (at least not on first try)

[Dominik George]

Package: docker.io
Version: 1.11.2~ds1-6
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I installed docker.io, installed one container, then tried to purge it,
and it threw a ton of errors:

Nuking /var/lib/docker ...
  (if this is wrong, press Ctrl+C NOW!)

+ sleep 10

+ rm -rf /var/lib/docker
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/17bd2058e0c6500de157d98d3acd24c2033a5e235334f6c722f27de9726f24b5'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/f854eed3f31f47134fef808751b83e208f95c4713b1de46865eb6a04d8d39a0b'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/45dcb011776a42fec68ff77e92ef62fcebb136e763e55f581283bfe2569885cd'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/cff61050f95cf10dfd417e3d16db15904475761c2ac680514600ce60debfc418'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/32bfc43e8cd071561ebfd18759a1ba0a6537588d78560ae3eeb9780bdbf78449'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/7d0f8d237cfac29c1bf6f6c59b383c8cddfd3a023fe7a6399addfb730db870e9'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/5e56d9aa249a35a3c0e80c20ed350e101222dd581ffaf753b647aeee8384a057'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/565ab17724c2e6864440eac46c0051057b4eaeddc1e50186151c7e5b3f1aa49f'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/5463bb1e44b7c9947094f55bc6a57f010cadd88d3ff18c85b5bf91ac6e4e161c'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/1ae32dcf02f3df40c2c4c00db37b4c1a97bd102f360384f331a9987a0deb4372-init'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/1ae32dcf02f3df40c2c4c00db37b4c1a97bd102f360384f331a9987a0deb4372'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/4a5d314da2f1afddf4b273ba1aa0f96e5cba71c1db3a0849c39ee249ba88cfe3-init'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/4a5d314da2f1afddf4b273ba1aa0f96e5cba71c1db3a0849c39ee249ba88cfe3'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/2f77df1fc8fb25a943b8239a4cf23978fc2a925e4064f4fb34f29550ac6b5cec'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/6c014eb5592de9fc5c761369114f243f265d1a4301abe28dd967b6899a6ad32a'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/3ec8ac286040fdbe70b1d82bbc2262220af18f25cbb3f1e536cf2b5ccb6ad59e'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/e9613fa25d1f2c84590a942fbba2a5a8ca73616d1f23964509fbf643fe7af9c2'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/05ff0430528877b3fa5d0d0bb4e170947c96b1bb894fd932716f8d37206beee5'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/0b7503d21eb2c3074bb7b2e53ab5b267732636cc8883f620fdb19fed60705fae-init'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/0b7503d21eb2c3074bb7b2e53ab5b267732636cc8883f620fdb19fed60705fae'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/3f0d3d140ce1aca1e2877e6efded1031f015be66bb82add6dece45230022abe1'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/651c590d0c6c45a3a284e2ad35ada6951e8fc58a5fa1fbb6efad2603a8543a93'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/3b6b17a52d8f4a9e898a83bdf548ef05717ffa58d8aa8caf7af03b7a7142a58a'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/f638cdc7ff61328c43d4f95aa3ee5f7f0ad19c4203a3199c141abf6a94854f18'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/02ae34a9a927ca609e9a97869ae66036cd1e260f5668c5f892e81bdf57953ae8'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/31d21807cbda6d21c7406e2dd11760f17482a92a11e879d13692c4f1b6fe9f0f'
 ist nicht möglich: Die Operation ist nicht erlaubt
rm: das Entfernen von 
'/var/lib/docker/btrfs/subvolumes/963cde303511ab74c22a14

Bug#852557: Acknowledgement (bucklespring: FTBFS on non-linux architectures)

[Dominik George]

Control: severity -1 normal

Not RC because no supported architectures.

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#852557: bucklespring: FTBFS on non-linux architectures

[Dominik George]

Source: bucklespring
Version: 1.4.0-1
Severity: serious
Tags: upstream
Justification: fails to build from source (but built successfully in the past)
Control: forwarded -1 https://github.com/zevv/bucklespring/issues/44

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

bucklespring only implements the scan() function for Windows, macOS and
Linux, which means the package cannot build on non-linux architectures
in Debian:

gcc -o buckle  main.o scan-linux.o scan-windows.o scan-mac.o  -fPIE -pie 
-Wl,-z,relro -Wl,-z,now -g -lalure -lopenal -lXtst -lX11 
main.o: In function 
ain':
./main.c:143: undefined reference to can'
./main.c:109: undefined reference to en_console'
collect2: error: ld returned 1 exit status

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/lksh
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAliIqxsxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbgJQ/+O/PjLJByqdSR9BW30a31EXP6y8io
I/pslikalBgjxdq/+WwaJiQzOI+sr38tMxHqC02YyxK2MuKBVieIIgUc5sEu71Z2
rKIL2pKPXdKsHkqE4IUASCOlrKK4Y14lHe3WvA7RDuk1HTWKcbRyGoCjqoflZVaq
LlXk1WVdAIPkWSM4fR9O1NieQWcniu0F1iwtYd6W9tZIkhJnlG0+XYHLlpq+kUwN
6M+KSbwbG3b+UKdaq2wH+aCe3FINK4Ueu28iwdkgmK3C4laF9WWYZ09nDZ24yWUD
XLOIcoAuqqWsCftJQGAEY+cCNF3y9EjI8kFdcqEWV0pKRCoeECmteBQuPevRtWWK
IPeMp4UkF/pCTYiSD2lydfARk0c01IHSaOyfgZXuP1Y0uSK5PTEfqsjJWGDEKoPd
oKo20bn/wCgp9y9AlyPvDn5P6xMdt3+AORQ+TiTkMH1lOEfsKe0+83YujMpepB/M
cRJDKVH0CvtQ/ZbSW4l/F2ZfVuG8zPv3S8FhTvSPjzIAqZ5OUJYu6xzXckURR9m2
EKx7BH+lqsd0VJ5R8tWLQi+YJorcyexrfLYHehEtG4Vb5kFVn1ZvSvTrKpySMbdb
8oNNZFPg1QLeN6m2V7EEKf2bF0nqEncBfRakTSDcTaVuvanW7ETOiaZ7tJ8DdjZS
uDVgNqwsZhGoW9I=
=awqR
-END PGP SIGNATURE-

Bug#848287: marked as pending

[Dominik George]

tag 848287 pending
thanks

Hello,

Bug #848287 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-testing.mysqld.git;a=commitdiff;h=027f21f

---
commit 027f21f157c3af9601fd743430d151b5a2372001
Author: Dominik George 
Date:   Wed Jan 25 14:12:34 2017 +0100

dch -i.

diff --git a/debian/changelog b/debian/changelog
index b5247fb..fe1935f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+python-testing.mysqld (1.4.0-2) unstable; urgency=medium
+
+  * Build-Depend / Depend on default-mysql-server. (Closes: #848287)
++ Now works with MariaDB.
++ Does not depend on mysql-client anymore.
+
+ -- Dominik George   Wed, 25 Jan 2017 14:11:07 +0100
+
 python-testing.mysqld (1.4.0-1) unstable; urgency=low
 
   * Initial release. (Closes: #838581)

Bug#734101: Info received (libjs-jquery-mobile: New Release)

[Dominik George]

I am working on fixing this in time for the freeze.

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#848287: Fwd: osmalchemy is marked for autoremoval from testing

[Dominik George]

Hi,

obviously, you raised the severity of the bug mentioned below to serious 
without providing any justification.

I am still waiting for…

…some official decision that this huge change will be made during the freeze 
without a transition,
…the MySQL/MariaDB maintainers to fix their packages.

Concerning the latter, both upstream mariadb and the maintainers here claim 
that mariadb is a drop-in replacement for mysql, but it turns out it isn't as 
they decided to change the default behaviour in a very incompatible way.

The maintainers do not appear to be able to advise others on the unadvertised 
breakage they created by crippling the UNIX socket in mariadb by default.

Right now, dropping MySQL support everywhere seems to be the only viable 
solution.

Do we need the tech-ctte to get this settled?

Cheers,
Nik


 Ursprüngliche Nachricht 
Von: Debian testing autoremoval watch 
Gesendet: 12. Januar 2017 05:39:08 MEZ
An: osmalch...@packages.debian.org
Betreff: osmalchemy is marked for autoremoval from testing

osmalchemy 0.1.+2-2 is marked for autoremoval from testing on 2017-02-10

It (build-)depends on packages with these RC bugs:
848287: python-testing.mysqld: (build-)depends on mysql-{client,server}

Bug#850317: reportbug: crashes when attaching a .tar.gz

[Dominik George]

Package: reportbug
Version: 7.1.2
Severity: grave
Justification: causes non-serious data loss

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

When attaching a gzip'ed tarball to a bug report, reportbug crashes
without writing the drafted bug report anywhere:

application/gzip; charset=binary

Traceback (most recent call last):
  File "/usr/bin/reportbug", line 2233, in 
main()
  File "/usr/bin/reportbug", line 1107, in main
return iface.user_interface()
  File "/usr/bin/reportbug", line 2224, in user_interface
self.options.envelopefrom)
  File "/usr/lib/python3/dist-packages/reportbug/submit.py", line 209, in 
send_report
(message, failed) = mime_attach(body, attachments, charset, body_charset)
  File "/usr/lib/python3/dist-packages/reportbug/submit.py", line 177, in 
mime_attach
email.Encoders.encode_base64(part)
AttributeError: module 'email' has no attribute 'Encoders'

- -- Package-specific info:
** Environment settings:
EDITOR="jupp"
PAGER="less"
DEBEMAIL="n...@naturalnet.de"
DEBFULLNAME="Dominik George"
INTERFACE="text"

** /home/nik/.reportbugrc:
reportbug_version "6.4.3"
mode advanced
ui text
realname "Dominik George"
email "n...@naturalnet.de"
smtphost "shore.naturalnet.de:587"
smtpuser "nik"
smtptls

- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/lksh
Init: systemd (via /run/systemd/system)

Versions of packages reportbug depends on:
ii  apt1.4~beta2
ii  python3-reportbug  7.1.2
pn  python3:any

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail  
ii  debconf-utils   1.5.59
pn  debsums 
pn  dlocate 
ii  emacs24-bin-common  24.5+1-7.1
ii  file1:5.29-2
ii  gir1.2-gtk-3.0  3.22.5-1
ii  gir1.2-vte-2.91 0.46.1-1
ii  gnupg   2.1.17-2
ii  postfix [mail-transport-agent]  3.1.3-6
ii  python3-gi  3.22.0-2
pn  python3-gtkspellcheck   
pn  python3-urwid   
ii  xdg-utils   1.1.1-1

Versions of packages python3-reportbug depends on:
ii  apt1.4~beta2
ii  file   1:5.29-2
ii  python3-debian 0.1.29
ii  python3-debianbts  2.6.1
ii  python3-requests   2.12.4-1
pn  python3:any

python3-reportbug suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlhususxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbruhAAhPRFobJ3P2swV99KSKB1Fwhk/NhW
0z1Jk3tFJEj7IqMkuemNzurWBfMOiOgyGqblPBzkaoAavrkMlI38isbpP/cBoI/4
4/q6T4Ou7DogHkXCeENm3C7JKfuLX7I0PLrZV4sWnasQxK5IFKLI5amc8vnipSmF
k1ls1MQrEe5nGA480Qqa19BXWxfkbVFIGndxKFFdMf+NtbuWk5FWdR7gbsB/Pz66
3hbinSuVUH166x3qAlSXheUPV3zWhhVNZ+CM++7ixqR7UA7khjn9peYDr8VWQQ6J
574tKH5Kw3467mw9HANFBoPuEqWA/xlnYFbmxVS3OVD1dKmUK1GFXlx1teZOcjK6
FAzCEIBWk6qUGsOXeglfhS2D6IHa9E6nQbT9GYeMRy/ApL71Xf8mu1eLNPPOFFem
m9B4yp4RXu4K1Xuhfn/zuIahRY85e+rZ0trtLjV8+/IQlzjPtbYvlR8von9ngYZ/
mG5QkpOWznHHmowvScPUoJMoGuNgDRanRO8HJFhf018VoEadfAaUWd7zMw49JdYj
IphpH/bedoCMqc6b+0kySLoD/npKivku50LQyg6bGMHuPX2c4Lb746/1+kU8RiI8
Ry6yTjtyAKVSVdKMKQhBxB08nPJ+OE9t7MIWDTfuw64wkhDl2X5AJKcIDyUsr01B
Gm6doB3yOAIZXC8=
=3Abt
-END PGP SIGNATURE-

Bug#849958: openmolar: Does not start; missing QtWebkit

[Dominik George]

Package: openmolar
Version: 0.6.2-2
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Traceback (most recent call last):
  File "/usr/bin/openmolar", line 30, in 
main.run()
  File "/usr/share/openmolar/openmolar/main.py", line 122, in run
chosen_func()
  File "/usr/share/openmolar/openmolar/main.py", line 65, in main
from openmolar.qt4gui import maingui
  File "/usr/share/openmolar/openmolar/qt4gui/maingui.py", line 49, in 
from openmolar.qt4gui.fees import fees_module
  File "/usr/share/openmolar/openmolar/qt4gui/fees/fees_module.py", line 49, in 

from openmolar.qt4gui.printing import om_printing
  File "/usr/share/openmolar/openmolar/qt4gui/printing/om_printing.py", line 
63, in 
from openmolar.qt4gui.dialogs.print_record_dialog import PrintRecordDialog
  File "/usr/share/openmolar/openmolar/qt4gui/dialogs/print_record_dialog.py", 
line 26, in 
from PyQt4 import QtGui, QtCore, QtWebKit
ImportError: cannot import name QtWebKit


I also cannot find QtWebkit from PyQt4 for Python 2 in Debian.

- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/lksh
Init: systemd (via /run/systemd/system)

Versions of packages openmolar depends on:
ii  python  2.7.13-1
ii  python-mysqldb  1.3.7-1+b1
ii  python-qscintilla2  2.9.3+dfsg-4
ii  python-qt4  4.11.4+dfsg-2
pn  python:any  
ii  xdg-utils   1.1.1-1

openmolar recommends no packages.

Versions of packages openmolar suggests:
pn  mysql-server | mariadb-server  

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlhqhL0xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pblQRAAoWuhLnQwud7CUzVh2t9nFtKFaWFR
ZGbSNj2qGZmh6AK3uRmKTycstXORY5v7Em2B9FCausjKxhdcXagiOpSAxwxw+YHv
AfNE1qrPlLqVC3Y0obE5tCsbw4tpDHQ6eHB2zzSTeJwNJSZvZ1SNG3FH1C+BBllh
uRZ3uAVQHG1ZSWIwR5HkQlGLrOIChhGVtRhxJwC0BOMjBp88tl573fQw2HjKKMwn
2uX+OrKN5XjgQmnRRfieP03yQEVhWJx1nJz0sXFGje9R685Z/VUJoUzXuYS20pr8
XDLSo3/IMARxfHAy6m12SyWLwvMkMjj7UhsfzBMLN0N2MVKwB+D/i3xHq27azRwQ
FWQEZGrdspGdbW8CY+tcdaw0op4rBtlLVXHaAFsQlqcOjx020i0uNkw3B1pDltaH
hTeubUw//yxx4kQCwhFLy2oZnH+mxBGSWZLVy7briz26Udo0UfywP9Ka20R1PUuc
AkzdfZkQq3J3KxZFj9o+0r4R4UjtqE+zqDlpcZ2naT+wynAG/IlQBQ6501v6zAxO
Ldjn38u5dwEuR6IEaAh4HLGW2R8ABeRvVRWCdPUZCIFK9oMh7iitJbtu+86qUkn/
WSRr8ZJyKRUVT5E+6oxs7WwUk59vXlw1zItWnzSJwiRMuj62ecEXIu/AUEVW1CI8
e+mz3luLiQnS0uY=
=tZjD
-END PGP SIGNATURE-

Bug#848287: python-testing.mysqld: (build-)depends on mysql-{client,server}

[Dominik George]

Control: severity -1 important

Hi,

> We're aiming at dropping mysql from testing/stretch because of concerns from 
> the
> security team. See email threads in debian-release@ and pkg-mysql-maint@.

ok, that changes things.

It's very unfortunate that this was not really announced anywhere.

Still, lowering severity as this, per se, is not an RC bug. This package
depends on mysql-server, and this is reality, and there is nothing that
prevents it from doing so if it does for a good reason.

In the case that mysql-server is removed from testing, so will this
package, anyway.

I am trying to port it to mariadb, though.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#848287: python-testing.mysqld: (build-)depends on mysql-{client,server}

[Dominik George]

Hi,

> You should have kept me in Cc if you wanted me to see your reply and have a
> chance to reply.

sorry, I just cannot remember that the Debian BTS does not automatically
notify the submitter ☹.

So, I have several problems:

 * I cannot find the formal transition for this.
 * I cannot see that mysql-server will be removed from stretch.

As a matter of sad fact, testing.mysqld does not work with mariadb right
now.

What is wrong with depending on mysql-server, given that mysql-server
will still exist although mariadb will become the default?

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#848287: python-testing.mysqld: (build-)depends on mysql-{client,server}

[Dominik George]

Control: severity -1 important

Hi,

> Your package (build-)depends on mysql-server/client. Since we're
> transitioning to mariadb as the default mysql provider, you should
> switch your build dependencies and dependencies to something like:
> 
> default-mysql-server | virtual-mysql-server, default-mysql-client | 
> virtual-mysql-client
> 
> I have seen in your override that you have forwarded this upstream.
> I am filing this anyway to keep track of this along with the rest of the
> packages.

Lowering priority to important (you said "should").

As we are in a transition freeze and nothing along that lines will
happen to stretch, I do not see why this should remove
python-testing.mysqld and all packages that depend on it from testing.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#849022: trac-accountmanager: does not work with Trac >= 1.1

[Dominik George]

Package: trac-accountmanager
Version: 0.4.4-1
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

This version of the plugin does not work with the new DB API in Trac 1.1.

See https://trac-hacks.org/ticket/11915

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlha8f8xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZnZA/+NQcXF0H5Fq8uCQ+0NzxWxynhTGYu
cC37RxtnsGLT56W/BhHf3TkfKUOgtTCQkxoQN+GhNFHAcDRhS+7lN1Xa9UC3vzUq
kPtMphMfNJxr9goRmOoTQQTIYzVtsJunK/0uNDJ5QbHRgWfj6Lnvp+YyiEdqVTs/
j7sc1IYkDrtaiVCCWV9ETFPwbE3EZ0dbzeGL/6ut+v4bBWFffIk+9baTF58D0Pg2
JZU3hl0aJbM88lWl3lKf7YE1t/PV1dT8F4IYW5+f0VsHKnvZsqFNObNhTy6Rmmjy
l6GMLkE0c7oaNVrtkKnFtaBP5jqBDO7IeG7nSb7cFFKj0aZpVW4AJlv11xf77Gh4
8AatkVhl7eiiZgBImEbuUcn66izxezi3vWCssYlFVC5AWyGDsrZ/0iT+6w0eBleO
UcHn2DsseynbcgJLGYQV44cqwEdsxCmIhIeOpwkgANsWcqzpdV7vhAJrKJMJ6GRP
5exgFlVCJrw/9OdmSYmLz402HemyYv8Id/CsppfV/w9Nrg/cciGQIY9Ro4aqoCRx
SLqzNtEX9rm2g/YwETZRQB+T1VBH8Xtaf1Th/maf2iG38GQVRfSdBlaC6UiReho9
+Juo1QsgUOSWcNwdokdHpJXPbqHXYZpFc6XKMKGPWZNW2bAv4QeX4rVyeGY9jqHk
cPY5RUsRPjReynM=
=wcVj
-END PGP SIGNATURE-

Bug#846160: marked as pending

[Dominik George]

tag 846160 pending
thanks

Hello,

Bug #846160 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-remote/packages/xrdp.git;a=commitdiff;h=afd0706

---
commit afd070691d2e7d2ec9032896a173d36493d3f75b
Author: Dominik George 
Date:   Mon Nov 28 21:05:16 2016 +0100

Remove X log redirection.

diff --git a/debian/changelog b/debian/changelog
index 66d3d2e..38f5b16 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.1~20161126+git589b29f-2) UNRELEASED; urgency=medium
+
+  * Remove X log redirection to /dev/null. (Closes: #846160)
+
+ -- Dominik George   Mon, 28 Nov 2016 20:52:06 +0100
+
 xrdp (0.9.1~20161126+git589b29f-1) unstable; urgency=medium
 
   * New upstream commit picked.

Bug#841726: ipython3: importing something from ipython has side effects

[Dominik George]

> There's no need to check this specific instance, it's just one example of a
> potential side-effects that mean importing everything is, alas, by design
> broken. Don't forget all the other import-time monkey-patching, etc. too.

Totally agreed.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Contributor

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#841726: Acknowledgement (ipython3: importing something from ipython has side effects)

[Dominik George]

Control: reassign -1 python3-ipdb 0.10.1-1

Oh, I was actually wrong in that this is IPython's mistake…

The root cause is ipdb, which causes misbehaviour in both the core
interpreter and IPython ;)!

Sorry, IPython.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Contributor

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#841726: ipython3: importing something from ipython has side effects

[Dominik George]

Hi,

> > Besides speech-dispatcher, against which I also reported a bug, I do not
> > have any packages on my system that show such behaviour.
> 
> Oh, really?  But surely some of them adjust sys.path (probably the most
> common?) as well as importing shared libraries and running stuff like
> ``apt_pkg.init_config()``.
> 
> The side-effects might be more subtle but they are still, alas, side-
> effects.

Yep.  That's not good either, but it doesn't make unrelated software, let
alone the core interpreter, misbehave (i.e. take control from it).

I wouldn't open an RC bug against python-apt because it calls init_config(),
but I did against speech-dispatcher because it configures argparse and
consumes sys.args and I did against ipython bacause it takes control over
parts of the core interpreter.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Contributor

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#841726: ipython3: importing something from ipython has side effects

[Dominik George]

> Not at all.  This is the only way to get a list of all available Python
> packages, and it is even what core Python's help("modules") does.

And no, I do not like that either ☹.  But it's a matter of sad fact.

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Contributor

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#841726: ipython3: importing something from ipython has side effects

[Dominik George]

Hi,

> Many, many Python packages have import-time side-effects that are
> far more suble than this. Whilst this a regrettable state of affairs,
> fixing them all is just not possible anymore.

Well, this bug report is about this specific bug, not all bugs of this kind.

> 
> A script that imports all packages installed on a system as you
> suggest seems to be the problem, rather than ipython itself.

Not at all.  This is the only way to get a list of all available Python
packages, and it is even what core Python's help("modules") does.  So, when
ipython is installed, running help("modules") in a pure python3 interpreter
modifes the execution environment for good, in such a way that it drops to
an IPython shell at any point as it likes.

Besides speech-dispatcher, against which I also reported a bug, I do not
have any packages on my system that show such behaviour.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Contributor

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature