Bug#1001643: Re: Bug#1060913: RFS: sdaps/1.9.11-0.1 [NMU] [RC] -- scripts for data acquisition with paper-based surveys
Hi, > Here I am not a member of DebianEdu team and told if am not a member > of one team there is no reason to do team upload. > Ideally, I should contact the team to join in or tell team I am going > to fix ftbfs issue. Whether the maintainer is a team doesn't matter here (it just means I am not responsible alone for the lack of updates on the package, haha ;)). In general, you always contact the maintainer for every upload before doing an NMU, through the address from the package meta-data or by sending your changes to the BTS into the bug you are fixing. > But I got no response from there(not DebianEdu > team) in the past. Can you point me to message IDs where you requested changes to be uploaded? Ideally, you should just send the changes to the BTS bug you are fixing, and tag it "patch". -nik signature.asc Description: PGP signature
Bug#1049328: Reverting nested groups feature in Debian's GOsa²
Hi, > However, group nesting is not a feature that can be used with posixGroup > objectClass based LDAP objects (as the objectClass / schema does not support > group nesting). I really have a huge question mark about what upstream's > intention for this feature was/is... It is not a feature, but definitely possible using dynlist (we did this at Teckids before abandonning LDAP): https://www.openldap.org/faq/data/cache/1209.html Maybe GOSa expects something like that to be in place? -nik
Bug#1029076: closed by Jonas Smedegaard (reply to 1029...@bugs.debian.org) (Re: [pkg-uWSGI-devel] Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.11 / should a
Control: reopen -1 > Sorry, but I fail to see any problem here. > > uwsgi _does_ build against the default Python. Yes, but the default Python it builds against in unstable is not necessarily the default Python in testing. Right now, it is built against Python 3.11, while the default Python in testing is 3.10. Hence, it does not work in testing (have you actually tried that after my bug report?).
Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.11 / should always build against the defalt Python in testing
Package: uwsgi-plugin-python3 Version: 2.0.21-3+b1 Severity: grave Justification: renders package unusable X-Debbugs-Cc: debian-pyt...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Currently, the uWSGI Python 3 plugin is built against Python 3.11, and depends on libpython3.11. This is, to some extent, fine, as Python 3.11 is already in Debian. However, Python 3.10 is still the default Python in bookworm, and as it stands this will not change [1]. In practice, this means that without changing the interpreter and manually ensuring that the Python 3.11 environment is fully available, apps run through uWSGI do not work. So, the uWSGI plugin should in general always build against the default Python IMHO. - -nik [1] https://lists.debian.org/debian-python/2023/01/msg00010.html - -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-6-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages uwsgi-plugin-python3 depends on: ii libc6 2.36-8 ii libpython3.11 3.11.1-2 ii uwsgi-core 2.0.21-3+b1 uwsgi-plugin-python3 recommends no packages. Versions of packages uwsgi-plugin-python3 suggests: pn python3-uwsgidecorators - -- no debconf information -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCY8aedTEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3ZDoAQCYW8oE4ZgiBKkgo1lge2Az 7/qTIXGHgKAAF5kmuGTB5QD+NiuAOboj6I6ZvxRZF4o1D3vXCBr1HkqYz+piZMQO Fgc= =Y+XX -END PGP SIGNATURE-
Bug#1026827: xrdp: initially xrdp worked ok, but later it broke, and the problem was /etc/xrdp/startwm.sh that changed
Control: tags -1 + moreinfo Control: severity -1 normal Hi, > Severity: critical > Justification: breaks the whole system I doubt that very much. Are you sure that the whole system stopped working because you could not start a session in xrdp? As in, no login on the tty possible, the kernel crashing, boot failed, or the like? >* What led up to the situation? What did yo udo *before* the file was renamed? I am pretty certain that this is not something the package did. How is the syste mmanaged? Did the change happen in correlation with a package update? -nik signature.asc Description: PGP signature
Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined
Control: reassign -1 node-caniuse-lite 1.0.30001224+dfsg-2 Control: retitle -1 Broken exports in index.js Control: affects -1 node-autoprefixer Control: tags -1 + upstream fixed-upstream Control: forwarded -1 https://github.com/browserslist/caniuse-lite/issues/70 > Proposal: > > 1. Add a patch to node-autoprefixer to use the old API > 2. Add a version constraint to the node-caniuse-lite dependency in > node-autoprefixer (<< 1.0.30001226~) > 3. Report a bug against node-caniuse-lite to update to the current > upstream version, with a gentle hint on what will break if updated > 4. Once updated, drop the patch, and remove the version constraint Actually, all rdepends seem to use another import mechanism, which was not broken. Thus, reassigning to node-caniuse-lite to get it updated. -nik signature.asc Description: PGP signature
Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined
> - let autoprefixerData = { browsers: agents, prefixes: dataPrefixes } > + let autoprefixerData = { browsers: agents.agents, prefixes: dataPrefixes } It's https://github.com/browserslist/caniuse-lite/commit/fde289588b2ccb129ba3d1552134be2c78fee8b7 So, this happened with a recent update of node-autoprefixer, because the new autoprefixer relies on the new API of caniuse-lite. caniuse-lite should, and will at some point, be updated in Debian as well. However, this will break node-browserslist, because that relies on the old API. Oh the joy! Proposal: 1. Add a patch to node-autoprefixer to use the old API 2. Add a version constraint to the node-caniuse-lite dependency in node-autoprefixer (<< 1.0.30001226~) 3. Report a bug against node-caniuse-lite to update to the current upstream version, with a gentle hint on what will break if updated 4. Once updated, drop the patch, and remove the version constraint @ JavaScript team, shall I proceed with that? -nik signature.asc Description: PGP signature
Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined
Package: node-autoprefixer Version: 10.3.1.0+dfsg1+~cs14.6.19-1 Severity: grave Justification: renders package unusable autoprefixer currently does not work because it handles the agents imported from caniuse-lite wrongly: /usr/share/nodejs/autoprefixer/lib/browsers.js:64 let prefix = data.prefix_exceptions && data.prefix_exceptions[version] ^ TypeError: Cannot read property 'prefix_exceptions' of undefined at Browsers.prefix (/usr/share/nodejs/autoprefixer/lib/browsers.js:64:23) at /usr/share/nodejs/autoprefixer/lib/prefixes.js:193:54 at Array.map () at Prefixes.select (/usr/share/nodejs/autoprefixer/lib/prefixes.js:193:31) at new Prefixes (/usr/share/nodejs/autoprefixer/lib/prefixes.js:133:53) at loadPrefixes (/usr/share/nodejs/autoprefixer/lib/autoprefixer.js:111:22) at Object.prepare (/usr/share/nodejs/autoprefixer/lib/autoprefixer.js:121:22) at /usr/share/nodejs/postcss/lib/lazy-result.js:133:39 at Array.map () at new LazyResult (/usr/share/nodejs/postcss/lib/lazy-result.js:131:43) The problem comes from /usr/share/nodejs/autoprefixer/lib/autoprefixer.js: let { agents } = require('caniuse-lite') The object loaded here contains another object called agents. For me, changing line 10 fixes the issue: - let autoprefixerData = { browsers: agents, prefixes: dataPrefixes } + let autoprefixerData = { browsers: agents.agents, prefixes: dataPrefixes } I have no idea how this problem came to be, and how to properly fix it. Might be an incompatibility between the versions of autoprefixer and canisue-lite? -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages node-autoprefixer depends on: ii node-browserslist 4.17.0+~cs5.6.76-1 ii node-caniuse-lite 1.0.30001224+dfsg-2 ii node-normalize-range 0.1.2-2 ii node-postcss [node-colorette] 8.2.1+~cs5.3.23-8 ii node-postcss-value-parser 4.1.0-2 ii nodejs 12.22.5~dfsg-5 node-autoprefixer recommends no packages. node-autoprefixer suggests no packages. -- no debconf information
Bug#993935: debian-edu-ltsp-install: Netboot image exposes private data and crypto keys
Package: debian-edu-config Version: 2.11.56 Severity: critical Tags: security Justification: root security hole X-Debbugs-Cc: Debian Security Team The LTSP netboot image produced by debian-edu-ltsp-install includes full copies of files that should never leave the Debian Edu main server, if run on a so-called "combined server" (a system using the Main Server and Terminal Server profiles, as done in small installations). Among these files are full copies of, among others: - /var/lib/ldap, containing the full, unencrypted LDAP database with all private information on all users, password hashes, and Kerberos keys - /etc/krb5-kdc, containing information on decrypting Kerberos data in the LDAP database - /etc/gosa, containing the (encrypted) LDAP manager credentials, plus the key to decrypt it Any user with access to the local terminal server network can acquire the netboot image, unauthenticated, and extract the listed information from it. The issue is caused by the new LTSP system using the LTSP PnP system now in all cases, thus packing the entire mai nserver filesystem in squashfs image. The debian-edu-ltsp-install script produces a list of files to exclude from the image, which is not sufficient, most probably because it was tailored to the use case where the image is produced from a dedicated Terminal Server instead of a combined server. IMHO, the use case of the combined server cannot be fixed. The new LTSP system de facto disallows any use of a combiend server – even if we make a very carefully curated list of excluded files, any administrator would have to take care to add their own excludes for just about any file they place on the main server that was not palced there by the Debian Edu software. In fact, the whole new LTSP system seems unfit to be used on any server that is not limited to producing LTSP images, and supporting netbooting them. For now, the issue should be mitigated by carefully adding all relevant paths that are known to exist only on the main server to the exclude list, but I do not think that is a viable fix in the long term.
Bug#977988: /usr/bin/spectacle: does not start (libkImageAnnotator.so.0.3.2 not found)
Package: kde-spectacle Version: 20.12.0-1 Severity: grave File: /usr/bin/spectacle Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 After a recent update, spectacle stoppede working, and errors out on start with: spectacle: error while loading shared libraries: libkImageAnnotator.so.0.3.2: cannot open shared object file: No such file or directory Maybe it needs a binNMU? - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages kde-spectacle depends on: ii kio5.77.0-2 ii libc6 2.31-6 ii libkf5configcore5 5.77.0-2 ii libkf5configgui5 5.77.0-2 ii libkf5configwidgets5 5.77.0-2 ii libkf5coreaddons5 5.77.0-2 ii libkf5dbusaddons5 5.77.0-2 ii libkf5globalaccel-bin 5.77.0-2 ii libkf5globalaccel5 5.77.0-2 ii libkf5i18n55.77.0-2 ii libkf5kiocore5 5.77.0-2 ii libkf5kiogui5 5.77.0-2 ii libkf5kiowidgets5 5.77.0-2 ii libkf5kipi32.0.0 4:20.08.0-1 ii libkf5newstuff55.77.0-3 ii libkf5notifications5 5.77.0-2 ii libkf5purpose-bin 5.77.0-2 ii libkf5purpose5 5.77.0-2 ii libkf5service-bin 5.77.0-2 ii libkf5service5 5.77.0-2 ii libkf5waylandclient5 4:5.77.0-2 ii libkf5widgetsaddons5 5.77.0-4 ii libkf5windowsystem55.77.0-2 ii libkf5xmlgui5 5.77.0-2 ii libkimageannotator00.4.0-1 ii libqt5core5a 5.15.2+dfsg-2 ii libqt5dbus55.15.2+dfsg-2 ii libqt5gui5 5.15.2+dfsg-2 ii libqt5printsupport55.15.2+dfsg-2 ii libqt5widgets5 5.15.2+dfsg-2 ii libqt5x11extras5 5.15.2-2 ii libstdc++6 10.2.1-1 ii libxcb-cursor0 0.1.1-4 ii libxcb-image0 0.4.0-1+b3 ii libxcb-util1 0.4.0-1+b1 ii libxcb-xfixes0 1.14-2 ii libxcb11.14-2 ii qdbus-qt5 5.15.2-3 kde-spectacle recommends no packages. kde-spectacle suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl/jtdYxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pavGQ/+LbBxRuQdz7GeHZabCmTo GlYBc/60XxcqG7y1SIJdkuxPKoLz5TJrG+87Qy2U6O701g+CIgWCEUhrGWjnXuEC E2uRQj66m2R9UbIz7s4mgEV9fxfZVZwwQafEH1RXXuvWkSbaslVQuNTbgC1P5zaw C5YFNtiLuN3BAlJSa3lAi0hZUnD5+KcTzxWYKNKq2fCKd8Wex/tAd+YAeD623htS OR/CwklxtUrtPPCapMPWBhMzk5dvWpunD4A7j1WF3nptkKA2nk+Jio1qbbqUwlW/ ha/p6LByqwT9CRI4JAyFxwy62nOP1pVfraaOrB9/7fxABJmxsS0wNNUL0Hxsx5we NSO80AqM34JwRp5ho7f4ZKn9jviAIr7UvInUo46Ng3RjX8hRRw04Y/R43lv+vYQD aq2gts5t+MQB2HwM+p+4Qz/6Vn+xwkQSh4reQixIo2UoSjNsyMc0GstDzdB8ZHyc ulyFA0FEvz4AoJiSDCRuJ6tgVXqP4EI2DkdDck4H31bt7WZwYOV5MJzX93U9QXyd pt0Q8Aav4ya+A3lfRjwAvCPpDqH8PgiT5XLLF/rUB2W7z50MNO3LonJKz2UGxtgu TvzHNDPosEx0BnbX5Li0u8OgRHizttC23IbR9hld4A0o8C/iz07IbMSP8nqED6CT gNlsZMEbF2LYl9GutLcbq44= =KbJh -END PGP SIGNATURE-
Bug#951120: hydra: Non-free licence exception
Package: hydra Version: 8.8-1 Severity: serious Justification: Policy 2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The licence of hydra states: H Y D R A (c) 2001-2020 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal Licensed under AGPLv3 (see LICENSE file) Please do not use in military or secret service organizations, or for illegal purposes. The additional exception to the AGPL contradicts the Debian Free Software Guidelines. I propose moving hydra to non-free. - -nik -BEGIN PGP SIGNATURE- iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl5CoAcxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pZKDhAA2K1iunqTCF1B22PRgOwa 2Ym6t+tVFVPy4nCPtWVLhRp3RIC1F9bfrlBUExwheIRkt9hVPjBpXGlgx3nNRaN7 xueRJ8En4rtreuB4CrL9yPl60jwpa02MwKE8jHTkjz7BwaAXnEA6wK9B8wX8Mjs1 gF4zWS4guZqyWXf7KxjUfF+TYUS/5zgdtNSPwByr3HK74oP5rytjNtom1SuziPpd l2F04fBq86UhM6aXWXuZoaefs/HI9j1fL/m+xYW1ULO3GMeppNm3dRak4VNQVU3G SEZERODan/0cvmhYbr/eSYxsOQ3+/Ln1XiaxSDnPOMROjQXwf7hPtmrzIPHG7t/Y ULOnM0WCImzA3uRhDqTLH5567v9vfnTjlj0eUD68MZi0EX6sKahruZYvsI3B3lfL V3geAuti5cQVjNburzuUMnY87gt+gKfhijCyiH//iDfJsj7e116WlTX0k6CmHkLT v+5Yg9zy0IGKxOMS4a2s+Lfli5h/savJurKsZIDpoRjQ5Jq9G1znnEmxUW8ITchq obyjKa+mHfzkz/uUl1IRmoUreWWNB8DWGF0hrMKiLL0Pb7WlVm97A2Wmnqsy9GiH ESZY8kFQ5JP7WO8yW7QqTxjKv/liAmS98N/FZA4Zk8BOHbUXscVYJD6uuJElZddO Gz7dN/7gmWePDFgxPFDzwrw= =6Kcy -END PGP SIGNATURE-
Bug#946797: debian-edu-config: kadm5.acl should set proper rights for users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, > Wolfgang, many thanks for this bug report and the quick fix. > I'll upload to unstable right now and will coordinate with DSA and LTS > the fixes for buster, stretch and jessie. Are you aware that, as laid out on IRC, I am already doing that? - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl33qacxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylk1KEACs5v3i94+Hopt5NNSRc+nvQTC7I4AIUsbupHWj9EpV/avKXBH5ak2C I+U8H6wtlAXQr1KkQwkKxUQYEyXwVN1swKrqJeb6cqW0jB62QizHxDMlzULh1qBw per1HXYtlK5WcpytkarmOAauWC9Hrh0EIqfQwQxywZSKWbV2IwSj5+LdKW+sVj42 +z8MzO9A+b2UHYo8KWnwq/P48FfFp0bn9unrhiqkLB2OhFsDydF0w7IB8yqecj6x QP177Po3B7Hf1ThDF4cfF/kqZQ0NenWvv7uRwNL/y4wJ7XQ0EtEsMY73iq3E/CXz YRvqttqbnNSQO0xAy8CE9jKHY9vMoL7if4NdvFYlSsJYmg+/Tw5BLaehKQRINvZh pMqDLB4kVi5gpO1Q6qGo/2+SU0+91QbPR6dwQCvcZRQ8v4KqN6GpS00mQX44DFhT S1kOr60rCYYlRtmxeqmHhyv52GRoY8iGq5KuQUnwXAm8buqy4LmzWQhAVrQk30fi oA290vBcXyTvhs8/yKGTvjnJcdmfE9V2QIZ8cA/5WbOBAEiEBtH1PoG87dUTejkD SwEq20DAK8BhCGlWofanEnDygbnvFg/ouHsYQkt6RiP9ocqxXr+J2k5ACOUCWYmo Carf26wfZ8IWPG7zUoaud68YAPSCfHi35rmRNFBt69DFeH66cLYg+Q== =SBC3 -END PGP SIGNATURE-
Bug#946797: marked as pending in debian-edu-config
Control: tag -1 pending Hello, Bug #946797 in debian-edu-config reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian-edu/debian-edu-config/commit/69dd3cf269eaa802f265cdd5b801f111d05731fe share/debian-edu-config/tools/kerberos-kdc-init: Set proper rights for users in kadm5.acl file. (Closes: #946797) Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades. Signed-off-by: Wolfgang Schweer (this message was generated automatically) -- Greetings https://bugs.debian.org/946797
Bug#931334: firefox: leaks sensitive information between private windows
Package: firefox Version: 68.0~b6-2 Severity: grave Tags: upstream security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Firefox leaks sensitive information between private windows that should normally not share personal data. I logged into my company's Google account (*sigh*) in one private window, and helpfully immediately got that account information shared with a website opened in another private window, that congratulated me for now being signed in with my Google account. Why on earth did Firefox just leak my sensitive private data to another private mode website? - -- Package-specific info: - -- Addons package information - -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv:en:de_DE:de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox depends on: ii debianutils 4.8.6.1 ii fontconfig2.13.1-2 ii libasound21.1.8-1 ii libatk1.0-0 2.30.0-2 ii libc6 2.28-10 ii libcairo-gobject2 1.16.0-4 ii libcairo2 1.16.0-4 ii libdbus-1-3 1.12.16-1 ii libdbus-glib-1-2 0.110-4 ii libevent-2.1-62.1.8-stable-4 ii libffi6 3.2.1-9 ii libfontconfig12.13.1-2 ii libfreetype6 2.9.1-3 ii libgcc1 1:8.3.0-7 ii libgdk-pixbuf2.0-02.38.1+dfsg-1 ii libglib2.0-0 2.58.3-2 ii libgtk-3-03.24.5-1 ii libjsoncpp1 1.7.4-3 ii libnspr4 2:4.21-1 ii libnss3 2:3.44.0-1 ii libpango-1.0-01.42.4-6 ii libstartup-notification0 0.12-6 ii libstdc++68.3.0-7 ii libvpx5 1.7.0-3 ii libx11-6 2:1.6.7-1 ii libx11-xcb1 2:1.6.7-1 ii libxcb-shm0 1.13.1-2 ii libxcb1 1.13.1-2 ii libxcomposite11:0.4.4-2 ii libxdamage1 1:1.1.4-3+b3 ii libxext6 2:1.3.3-1+b2 ii libxfixes31:5.0.3-1 ii libxrender1 1:0.9.10-1 ii libxt61:1.1.5-1+b3 ii procps2:3.3.15-2 ii zlib1g1:1.2.11.dfsg-1 Versions of packages firefox recommends: ii libavcodec57 7:3.4.3-1 ii libavcodec58 7:4.1.3-1 Versions of packages firefox suggests: ii fonts-lmodern 2.004.5-6 ii fonts-stix [otf-stix] 1.1.1-4 ii libcanberra0 0.30-7 ii libgssapi-krb5-2 1.17-2 ii libgtk2.0-02.24.32-3 ii pulseaudio 12.2-4 - -- no debconf information -BEGIN PGP SIGNATURE- iQKJBAEBCgBzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl0bIbsxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylodMD/oDJhm4 gRR5+4sJDL2igFZQf4igtQrEL3TWD1c9AgkP1UHIEuVKojL8MkJLA5pGKDD+kFf8 92VHtKtiTjm1UTuZoDbsAoWFW3YxblZ5zsynzfK7Csrjxt6qOIYgGyzXuumPaeYl fLsn3I3IvaCViqWBkAu1Zzi+SrhVRwaonGIW8bTCuRVq0brTB2hJvttgmhFqA9Cl qKW1AoQ6h0ZUMB64ZzY4TkBaelOmpBYCsRrHvcKATVvd6LCkuGjaU//XkWa4fuqk rp/uXpWQD/73gFU+3cKWVNQId1v05oKf+u7gy7zK6E3AJL1ztECiThHz6fOg+uHy qrYFMODjEJxDxYlveqF0naclwJem4xvi3Uuv4mRy55D/5j3Oxl06eYjN9iF6yHnc H1EPxAF74GyPnn0+uD5xNZIkV155MxIhz7OBxWkEt0h5dRFvDocdp0G6vgSo+dZf dHqSiZUSY0K7kupJjg57QFNIqjal6ocTbko5JeXPtiXW9mP1gBnZ/0APdKqjJtno fxKF8HJ5OjcsxlfoNmhinhJUmR4p6aM7I5jXxUES5SfnSCj5jZPXpxhz6HPlhdr0 IzOirUXpeGygnAkAgHgIcgcv6kUfnJlVnraKjrnljLDxwzvB4S3LRmWWEK+e5mK/ NX8DOjEvM5RhpooD2a7mufDDjaTcBaqXLfTqzQ== =nVIP -END PGP SIGNATURE-
Bug#928420: php-imagick: CVE-2019-11037
Control: tag -1 + patch pending Hi, to prevent two of my/our packages, gosa and movim, from being removed wiht php-imagick, I uploaded the attached NMU debdiff to DELAYED/2. Cheers, Nik diff -Nru php-imagick-3.4.3/debian/changelog php-imagick-3.4.3/debian/changelog --- php-imagick-3.4.3/debian/changelog 2018-10-15 21:08:12.0 +0200 +++ php-imagick-3.4.3/debian/changelog 2019-06-06 11:33:10.0 +0200 @@ -1,3 +1,10 @@ +php-imagick (3.4.3-4.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix CVE-2019-11037. (Closes: #928420) + + -- Dominik George Thu, 06 Jun 2019 11:33:10 +0200 + php-imagick (3.4.3-4) unstable; urgency=medium * Bump the required dh-php version to >= 0.33~ diff -Nru php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch --- php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch 1970-01-01 01:00:00.0 +0100 +++ php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch 2019-06-06 11:33:10.0 +0200 @@ -0,0 +1,142 @@ +From: Danack +Origin: https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445 +Subject: Fix CVE-2019-11037. + out of bounds write in ImagickKernel::addUnityKernel +Bug: https://bugs.php.net/bug.php?id=77791 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928420 +--- a/imagick-3.4.3/imagickkernel_class.c b/imagick-3.4.3/imagickkernel_class.c +@@ -229,9 +229,9 @@ PHP_METHOD(imagickkernel, frommatrix) + zval *origin_array; + HashTable *inner_array; + KernelInfo *kernel_info; +- long num_rows, num_columns; +- int previous_num_columns; +- int row, column; ++ unsigned long num_rows, num_columns; ++ unsigned int previous_num_columns = (unsigned int)-1; ++ unsigned int row, column; + + zval *pzval_outer; + zval *pzval_inner; +@@ -243,7 +243,6 @@ PHP_METHOD(imagickkernel, frommatrix) + KernelValueType *values = NULL; + double notanumber = sqrt((double)-1.0); /* Special Value : Not A Number */ + +- previous_num_columns = -1; + count = 0; + row = 0; + origin_array = NULL; +@@ -284,7 +283,7 @@ PHP_METHOD(imagickkernel, frommatrix) + values = (KernelValueType *)AcquireAlignedMemory(num_columns, num_rows*sizeof(KernelValueType)); + } + +- if (previous_num_columns != -1) { ++ if (previous_num_columns != ((unsigned int)-1)) { + if (previous_num_columns != num_columns) { + php_imagick_throw_exception(IMAGICKKERNEL_CLASS, MATRIX_ERROR_UNEVEN TSRMLS_CC); + goto cleanup; +@@ -337,6 +336,8 @@ PHP_METHOD(imagickkernel, frommatrix) + else { + HashTable *origin_array_ht; + origin_array_ht = Z_ARRVAL_P(origin_array); ++ ++ // parse the origin_x + tmp = zend_hash_index_find(origin_array_ht, 0); + if (tmp != NULL) { + ZVAL_DEREF(tmp); +@@ -346,6 +347,19 @@ PHP_METHOD(imagickkernel, frommatrix) + php_imagick_throw_exception(IMAGICKKERNEL_CLASS, MATRIX_ORIGIN_REQUIRED TSRMLS_CC); + goto cleanup; + } ++ // origin_x is unsigned, so checking for > num_columns, also ++ // checks for < 0 ++ if (origin_x>=num_columns) { ++ zend_throw_exception_ex( ++ php_imagickkernel_exception_class_entry, ++ 5 TSRMLS_CC, ++ "origin_x for matrix is outside bounds of columns: " ZEND_LONG_FMT, ++ origin_x ++ ); ++ goto cleanup; ++ } ++ ++ // parse the origin_y + tmp = zend_hash_index_find(origin_array_ht, 1); + if (tmp != NULL) { + ZVAL_DEREF(tmp); +@@ -355,6 +369,17 @@ PHP_METHOD(imagickkernel, frommatrix) + php_imagick_throw_exception(IMAGICKKERNEL_CLASS, MATRIX_ORIGIN_REQUIRED TSRMLS_CC); + goto cleanup; + } ++ // origin_y is unsigned, so checking for > num_rows, also ++ // checks for < 0 ++ if (origin_y>=num_rows) { ++ zend_throw_exception_ex( ++ php_imagickkernel_exception_class_entry, ++ 5 TSRMLS_CC, ++ "origin_y for matrix is outside bounds of rows: " ZEND_LONG_FMT, ++ origin_x ++ ); ++ goto cleanup; ++ } + } + +
Bug#929907: libgnutls30: Connections to older GnUTLS servers break
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, > Is this reproducile with gnutls-cli or is the respective server > publically accessible? It is reproducible. 1. Create a buster chroot for the server, or something similar. 2. Install gnutls-bin 3.6.6-3 and ssl-cert. 3. Start something like: gnutls-serv --echo --x509keyfile /etc/ssl/private/ssl-cert-snakeoil.key --x509certfile /etc/ssl/certs/ssl-cert-snakeoil.pem 4. Create a buster chroot for the client. 5. Install gnutls-bin 3.6.7-2 and pwgen (I used that to generate random blobs of printable data). 6. Try: pwgen 16383 | gnutls-cli --no-ca-verification --port 5556 localhost - From a size of 16383 bytes onwards, I get: |<1>| Received packet with illegal length: 16385 |<1>| Discarded message[1] due to invalid decryption *** Fatal error: A TLS record packet with invalid length was received. *** Server has terminated the connection abnormally. After upgrading the server to 3.6.7-2, the problem goes away. Actually, this might as well be an issue in 3.6.6, that was masked while clients were also 3.6.6… I don't know ;)! - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlz1locxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylrJ7D/9ji2A9+audQYrS1BYInzijlV0QBJLO3ZbAUqt0zhD0jp6Xw9gUKIpW RU/TGNCzPoXusCefCsdRZAXPHt6aMCgu0ir/oPebMqz8PfIDVoqe588E4dF608u1 /QpfpBzf2DJVfwIjuAPXHLpYL7SmCE9HRanRxR1Wdnxg7mfzhnWO0Nq0Ef7+fsvr ADMoQaQ6bXko6zS8g2+7cVcI9WURwaozErSHujBhJQjbKlAkO0hzGlpUgWYuu/gd YghSxaCIQRBuPqoF3prFRA1PkdJnJxaVBaWh15laejxxGZTbb7DRqv7MGewm+LUC oi/QsnfoZ6hdOKCCP4mGzDKn47oZuVh6ldEemhOC7RK0Gzss+1qqx5XXdcOF3Xcr brxEshkYLvSMqzLZP4JaKe8a2joTYcn42yvkszB1FlTLmBJ1sK93bRIdZQf2FYKo RT+2oLITjS9tjRbJjrfoIGzCS0UCiNkJeotYBYS33jHU94igTrLOlayNoCmCe++U KQsn+09eWnGa9jdeAE6gfGzuxz5krvG2dK2cM/+clHak53EkzRQMGX9hKOkpIa0b Bs+0bKiNbCLSQtaYx4x9vSxWJg/3XOe+TXGu6CwvYFRlTW1ZXz5uOHGvbCyFoTPK Q4bbKqP+xmcfdxibx18A2rqMsByNOiNqliC9+3PdreZ2pCPeO3X1PA== =Blay -END PGP SIGNATURE-
Bug#929907: libgnutls30: Connections to older GnUTLS servers break
Package: libgnutls30 Version: 3.6.7-3 Severity: grave Justification: renders package unusable The update to 3.6.7-3 reproducibly breaks ldap-utils (or, maybe,the ldap client library) when connecting to a server with the previous 3.6.6-2 version. I am afraid it breaks more than that. GnuTLS-secured connections are just closed with no visible reason. Seen on more than 12 systems, then went to a system that had not got the update yet. An ldapsearch works with 3.6.6-2, and fails after updating to 3.6.7-3 with the connection just being closed after reading some data from the LDAP server setill on 3.6.6-2. Upgrading GnuTLS to 3.6.7-3 on the server made the problem go away. I am setting this critical as I cannot imagine it is expected that GnuTLS clients require the server to be the exact same version. -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libgnutls30 depends on: ii libc6 2.28-10 ii libgmp10 2:6.1.2+dfsg-4 ii libhogweed43.4.1-1 ii libidn2-0 2.0.5-1 ii libnettle6 3.4.1-1 ii libp11-kit00.23.15-2 ii libtasn1-6 4.13-3 ii libunistring2 0.9.10-1 libgnutls30 recommends no packages. Versions of packages libgnutls30 suggests: pn gnutls-bin -- no debconf information
Bug#915805: NMU of swift-im
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Kevin, hi Mattia, as I needed libswiften to build something, I went fixing the most important bugs in the package so it at least builds again in current sid. Would you want me to upload these fixes as NMU, so the package is usable until you get everything else solved? Cheers, Nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlzirFkxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylsBlD/9gba9Zrqjnc0iFMqQuZnFT0vJ6PyO6faRW5KT3OszBODCx/EUIrRoy MJOqPyvyLXZznvKXJk9h569/8UIyvQFMF2sJAoIkkZN3kFMJooqyJafr5VuyBLb9 xmCtDUQvUPHRoT0g9Kzh0O9znM8DLd838yoXa1Yxwd3cg4JaQ0fQRBtZv/i67E2R iBOjmu6Dk5Adp0/TxW6L+DX1NH0PT9K+G1kx3mDm/xpWfnVw9oW59tE+M+ARKMCu 7JXEYaFNkj5vLWNm3AqXdYHLGlTHravfu2/1l96GyRnwQA1MTKmWNY6ynxz/zNmC uHcwvDKItwJBoq8Tmq9KvCLWtF+urvL8MHDxA+FfT6H/ptlLb7cFKmAj4awZ2Dbn cx+oyl2HTrzqeCu2CT99EgU7p6dHuKLkynMUhxPKDBQLvLzDDzXLBVlXAqxkszL5 H1XQTqlLIja90Rz6FXpFhhin8EI24E69/FVAPaAQPwAIgEZzCTV5gxNFRl3v7nEE 5d07XtXb3lMycjwCZurXIAEAiY0bzgsn6pYDWtog0dL6XHktyIMkE3efR0AQJC5o gyx01rZIqmVPIyxYn89t+s99PJVVO62MAWQoWyRmXAftmhUKGA8KyZmIPt2lT9YJ QZYr+UIaXQ9b7Ed1yMYQ5b/iZ1I7CMCC5txGow/YC1/kN3UdGhTGVQ== =BBKN -END PGP SIGNATURE-
Bug#924374: busybox ip --oneline displays nothing
Control: tag -1 + patch Hi, > I use LTSP which requires the following command to show a list of interfaces > in which it can use. > The following command worked in 1.27 of busybox but broke in the 1.30.1-2 > version; > busybox ip -oneline link show > > This stopped all my thin clients from booting. here's what happened: busybox upstream found out that their ip address show command, with the oneline option, includes link layer addresses, which iproute2 normally doesn't. They patched that, without realising their ip link show code ultimately calls their ip address show code. Attached debdiff reverts this change. This makes the ip address show behaviour "wrong" again, but including too much in a machine-readable output seems less broken than this regression. -nik diff -Nru busybox-1.30.1/debian/changelog busybox-1.30.1/debian/changelog --- busybox-1.30.1/debian/changelog 2019-03-02 09:11:13.0 +0100 +++ busybox-1.30.1/debian/changelog 2019-03-20 17:20:27.0 +0100 @@ -1,3 +1,10 @@ +busybox (1:1.30.1-2.1) UNRELEASED; urgency=high + + * Non-maintainer upload. + * Re-enable ip -oneline. (Closes: #924374) + + -- Dominik George Wed, 20 Mar 2019 17:20:27 +0100 + busybox (1:1.30.1-2) unstable; urgency=high * Complete the fix for [CVE-2018-20679] Closes: #918846 diff -Nru busybox-1.30.1/debian/patches/fix-ip-oneline.patch busybox-1.30.1/debian/patches/fix-ip-oneline.patch --- busybox-1.30.1/debian/patches/fix-ip-oneline.patch 1970-01-01 01:00:00.0 +0100 +++ busybox-1.30.1/debian/patches/fix-ip-oneline.patch 2019-03-20 17:20:22.0 +0100 @@ -0,0 +1,14 @@ +--- a/networking/libiproute/ipaddress.c b/networking/libiproute/ipaddress.c +@@ -570,10 +570,7 @@ int FAST_FUNC ipaddr_list_or_flush(char + } + + for (l = linfo; l; l = l->next) { +- if (no_link +- || (oneline || print_linkinfo(&l->h) == 0) +- /* ^ "ip -oneline a" does not print link info */ +- ) { ++ if (no_link || print_linkinfo(&l->h) == 0) { + struct ifinfomsg *ifi = NLMSG_DATA(&l->h); + if (G_filter.family != AF_PACKET) + print_selected_addrinfo(ifi->ifi_index, ainfo); diff -Nru busybox-1.30.1/debian/patches/series busybox-1.30.1/debian/patches/series --- busybox-1.30.1/debian/patches/series2019-03-02 09:07:28.0 +0100 +++ busybox-1.30.1/debian/patches/series2019-03-20 17:19:08.0 +0100 @@ -12,3 +12,4 @@ stop-checking-ancient-kernel-version.patch install-readlink-in-bin.patch stop-overriding-stack-alignment-on-i386.patch +fix-ip-oneline.patch signature.asc Description: PGP signature
Bug#921779: closing 921779
close 921779 2018.20190131-2 thanks
Bug#921272: closing 921272
close 921272 2018.20190131-2 thanks
Bug#921783: closing 921783
close 921783 2018.20190131-2 thanks
Bug#921299: closing 921299
close 921299 2018.20190131-2 thanks
Bug#920621: closing 920621
close 920621 2018.20190131-2 thanks
Bug#921789: closing 921789
close 921789 2018.20190131-2 thanks
Bug#920459: closing 920459
close 920459 2018.20190131-2 thanks
Bug#921838: closing 921838
close 921838 2018.20190131-2 thanks
Bug#921802: closing 921802
close 921802 2018.20190131-2 thanks
Bug#919344: adequate reports obsolete-conffile in openssh-client
Hi, > This file now lives in openssh-server, since it's only needed by sshd. > Unfortunately I'd forgotten that moving conffiles between packages > requires some non-trivial effort, and so this is going to involve some > complexity in maintainer scripts. How about the attached approach? It uses dpkg-maintscript-helper in openssh-client to remove the conffile. dpkg-maintscript=helper does all the magic to determine whether the file was changed by the user. Here, we use the fact that in preinst, it only moves the file to a backup location, and this location is different when the file is user-modified. In postinst of openssh-server, we then check for the backup file and move it back in place if it exists. This… …fixes the obsolete conffile, …avoids an annoying question on upgrade whether to overwrite the file, is it was user-modified, …still keeps user modifications intact. I tested the following: 1. Only openssh-client, upgrading from 1:7.9p1-4 to 1:7.9p1-6.1 --- File gets correctly removed. If it was user-modified, it remains as moduli.dpkg-bak unless purged. 2. openssh-client and openssh-server installed, file not modified - Ownership is correctly transferred to openssh-server, purging this removes the conffile. 3. openssh-client and openssh-server installed, file user-modified -- Ownership is correctly transferred to openssh-server, purging this removes the conffile, user modifications remain intact. If you like this approach, feel free to take it, or add me to the team to do a team upload ;). Cheers, Nik diff -Nru openssh-7.9p1/debian/changelog openssh-7.9p1/debian/changelog --- openssh-7.9p1/debian/changelog 2019-02-08 17:26:35.0 +0100 +++ openssh-7.9p1/debian/changelog 2019-02-26 23:54:57.0 +0100 @@ -1,3 +1,10 @@ +openssh (1:7.9p1-6.1) unstable; urgency=high + + * Non-maintainer upload. + * Correctly handle conffile move to openssh-server. (Closes: #919344) + + -- Dominik George Tue, 26 Feb 2019 23:54:57 +0100 + openssh (1:7.9p1-6) unstable; urgency=medium * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via diff -Nru openssh-7.9p1/debian/openssh-client.maintscript openssh-7.9p1/debian/openssh-client.maintscript --- openssh-7.9p1/debian/openssh-client.maintscript 1970-01-01 01:00:00.0 +0100 +++ openssh-7.9p1/debian/openssh-client.maintscript 2019-02-26 23:54:10.0 +0100 @@ -0,0 +1 @@ +rm_conffile /etc/ssh/moduli 1:7.9p1-6.1~ diff -Nru openssh-7.9p1/debian/openssh-server.postinst openssh-7.9p1/debian/openssh-server.postinst --- openssh-7.9p1/debian/openssh-server.postinst2019-02-08 17:26:35.0 +0100 +++ openssh-7.9p1/debian/openssh-server.postinst2019-02-26 23:54:50.0 +0100 @@ -148,6 +148,11 @@ # restart it under systemd. start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd || true fi + if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \ + [ -f /etc/ssh/moduli.dpkg-bak ]; then + # move backup made by preinst of openssh-client back in place + mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli + fi fi #DEBHELPER# signature.asc Description: PGP signature
Bug#919344: adequate reports obsolete-conffile in openssh-client
On Mon, 25 Feb 2019 16:59:57 + Colin Watson wrote: > Control: severity -1 serious > > On Tue, Jan 15, 2019 at 06:44:55AM +, shirish शिरीष wrote: > > While updating today, adequate informs me about this - > > > > $ adequate openssh-client > > openssh-client: obsolete-conffile /etc/ssh/moduli > > > > Please look into this and fix the offending file. > > I'm raising this to serious using maintainer discretion since I think > this needs to be fixed for buster, though I haven't worked out exactly > what to do yet. > > This file now lives in openssh-server, since it's only needed by sshd. > Unfortunately I'd forgotten that moving conffiles between packages > requires some non-trivial effort, and so this is going to involve some > complexity in maintainer scripts. > > Thanks, > > -- > Colin Watson [cjwat...@debian.org] > >
Bug#922863: tomcat8: post-installation script subprocess failed during upgrade
Control: tag -1 + moreinfo unreproducible Control: severity -1 important Hi, > During upgrade: > > [...] > Setting up tomcat8 (8.5.38-1) ... > [ ok ] Stopping Tomcat servlet engine: tomcat8. > [FAIL] Starting Tomcat servlet engine: tomcat8 failed! > invoke-rc.d: initscript tomcat8, action "restart" failed. > dpkg: error processing package tomcat8 (--configure): > installed tomcat8 package post-installation script subprocess returned error > exit status 1 > [...] > Errors were encountered while processing: > tomcat8 > E: Sub-process /usr/bin/dpkg returned an error code (1) > Setting up tomcat8 (8.5.38-1) ... > [FAIL] Starting Tomcat servlet engine: tomcat8 failed! > invoke-rc.d: initscript tomcat8, action "restart" failed. > dpkg: error processing package tomcat8 (--configure): > installed tomcat8 package post-installation script subprocess returned error > exit status 1 > Errors were encountered while processing: > tomcat8 I cannot reproduce this under systemd. Can you please provide more details from your system that show why this might fail? You can edit /var/lib/dpkg/info/tomcat8.postinst and add a set -x near the set -e at the top, then dpkg-reconfigure tomcat8, for example. -nik signature.asc Description: PGP signature
Bug#921294: No need to block buster
Control: severity 921297 normal Control: severity 921298 normal Control: severity 921294 normal Control: severity 921300 normal As the new doxygen will not make it into buster (as apparently, it causes major breakage), there is no need to block reverse dependencies as long as they build with the doxygen currently in buster. (Mind that they actually do *not* currently build, but for anotehr reason - see #921779). signature.asc Description: PGP signature
Bug#923125: FTBFS: cannot find files in override_dh_install
Control: tag -1 + pending Control: tag 921761 + pending This is due to the check for a matching Kerberos version explicitly checks all known good versions up to 1.16, but now we have 1.17 in Debian. I looked at the upstream changelog and found nothing that could break the plugin build. Addind 1.17 to the list of known good versions fixes sssd's build. Thus, I will upload to DELAYED/2 together with the patch for #921761. signature.asc Description: PGP signature
Bug#921761: sssd: FTBFS (failing tests)
Control: tag -1 + patch The releveant upstream fix is: https://github.com/SSSD/sssd/commit/08bba3a6e3e4e21f2e20b71cca463d50420aa9ee#diff-7adf0a00d9dca84b2fbdd1759c1ac2a6.patch With this patch applied, the test passes again. Unfortunately, sssd still does not build, maybe for some other incompatibility with krb5. I will upload sssd to DELAYED/2 once both are fixed. signature.asc Description: PGP signature
Bug#923125: FTBFS: cannot find files in override_dh_install
Source: sssd Version: 1.16.3-3 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 After fixing #921761, sssd still fails to build in a clean chroot: dh_install dh_install: Cannot find (any matches for) "usr/lib/*/krb5/plugins/authdata/sssd_pac_plugin.so" (tried in ., debian/tmp) dh_install: sssd-common missing files: usr/lib/*/krb5/plugins/authdata/sssd_pac_plugin.so dh_install: Cannot find (any matches for) "usr/lib/*/sssd/sssd_pac" (tried in ., debian/tmp) dh_install: sssd-ad-common missing files: usr/lib/*/sssd/sssd_pac dh_install: missing files, aborting make[1]: *** [debian/rules:69: override_dh_install] Error 25 -BEGIN PGP SIGNATURE- iQKJBAEBCgBzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlxybmQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTyluqqEAC9fbLv L9q/zDG6XR/XobwSrT4YCJ7D1lEHV+N7RrgmMtWJfwoDa3GlJ6S2MS/IbgVyrFLt 44HsTUOsK7e4tr8oGUua81xPZV+29y8b4Uk09pMvtMyYrdoRFlO69hYI/8oa2pmH 9EY0usLY+fOtTw9jjr29yLEoNzDiHRik0XyjDoHqUjW/EWLwTRrRpjINVhGjHYUU UeVkVl2lKXxtpI62+Xp2PswfrhRMDRQ1CHiJBG1IgcHyMj8Nxhmd5JLq39P+cTgg Csbgfwp1v3JozQzUt9RDdUbp/UDx25psplhEw0ifqNeDWECQiu6h2NLcmloTsG4i pAER62c2xcsYQzt0RqYhr90OwLddgA1XV5YE/S1NSo4sBzhaWYN4FPUimPRe6MIF 9u+wrAEmI6KpFJXYMolc4CtX7lSr8my0Jd3T84Z9dQfz39AYEtlGrznEUzNXQNhF HnyjBOzgmG/HBTCXH4SVakG8NY5Z1heeE/UoadcCMi2ZRqPwsqT0f3s82xENoMNh TXVjvqRN271+xQxH/qXkbNrT3jqp6IF+kbFCRJLs8mVE4ZWkkZH1/pfcHX6e52Kw uR3ilfkdNsdoxL8jmxvWDUfPHG8aQjEt/4U/3ObDBCcwHcS9CnzwkcwXXkDX2niE XV25Ir+LJJ0FoiqychfN/sFmd6xxD/jRuzOCuA== =nTiW -END PGP SIGNATURE-
Bug#921761: sssd: FTBFS (failing tests)
On Sun, Feb 24, 2019 at 12:35:02AM +0100, Dominik George wrote: > Fedora project seems to know how to fix this, but I cannot get my head > wrapped around how the hell you find out how they did it… > > https://bugzilla.redhat.com/show_bug.cgi?id=1645912 > > -nik The fix referenced in the RedHat bug tracker in krb5 is unrelated to this bug and does not fix it. signature.asc Description: PGP signature
Bug#921761: sssd: FTBFS (failing tests)
Fedora project seems to know how to fix this, but I cannot get my head wrapped around how the hell you find out how they did it… https://bugzilla.redhat.com/show_bug.cgi?id=1645912 -nik signature.asc Description: PGP signature
Bug#921761: sssd: FTBFS (failing tests)
The error returned in line 193 of test_copy_ccache.c is "Matching credential not found". signature.asc Description: PGP signature
Bug#920029: python3-zope.proxy: ships header in /usr/include/python3.7/
Control: tag -1 + pending NMU to DELAYED/2. -nik signature.asc Description: PGP signature
Bug#916702: Merge request
Control: tag -1 + pending On Mon, Jan 21, 2019 at 01:28:46PM -0500, Dave Steele wrote: > Upstream upgrade available as a merge request. > > https://salsa.debian.org/debian/python-freezegun/merge_requests I checked that. The new upstream release does not change too much. I chose to merge, test, and upload to DELAYED/2. Maintainer, please consider moving the package to the Debian Python Modules Team. -nik signature.asc Description: PGP signature
Bug#922404: freeipmi install fails
Hi, > Installation fails because ipmidetectd has an empty default > configuration. Fix simply avoids to enable and start the daemon that > will need to be configured by hand. Building the package, lintian reported that the real culprit here is that RUN= variables in /etc/default should not be used anymore. I thus completed the patch by avoiding this in both optional services. See attached. I will upload to DELAYED/5. -nik diff -Nru freeipmi-1.6.3/debian/changelog freeipmi-1.6.3/debian/changelog --- freeipmi-1.6.3/debian/changelog 2019-02-02 15:50:10.0 +0100 +++ freeipmi-1.6.3/debian/changelog 2019-02-23 14:06:54.0 +0100 @@ -1,3 +1,15 @@ +freeipmi (1.6.3-1.1) unstable; urgency=high + + * Non-maintainer upload. + + [ Antonio Galea ] + * Do not start ipmidetectd daemon until configured. Closes: #922404 + + [ Dominik George ] + * Use init system to handle defaults instead of RUN= (cf. lintian error). + + -- Dominik George Sat, 23 Feb 2019 14:06:54 +0100 + freeipmi (1.6.3-1) unstable; urgency=medium * [3f1f5ea] Updating symbols file diff -Nru freeipmi-1.6.3/debian/freeipmi-ipmidetect.ipmidetectd.default freeipmi-1.6.3/debian/freeipmi-ipmidetect.ipmidetectd.default --- freeipmi-1.6.3/debian/freeipmi-ipmidetect.ipmidetectd.default 2019-02-02 15:50:10.0 +0100 +++ freeipmi-1.6.3/debian/freeipmi-ipmidetect.ipmidetectd.default 1970-01-01 01:00:00.0 +0100 @@ -1,5 +0,0 @@ -# -# Set to 'yes' after you have configured ipmidetectd. -# See ipmidetectd.conf(5) manpage for more information. -# -RUN=no diff -Nru freeipmi-1.6.3/debian/patches/deb_bmc-watchdog_noRUN freeipmi-1.6.3/debian/patches/deb_bmc-watchdog_noRUN --- freeipmi-1.6.3/debian/patches/deb_bmc-watchdog_noRUN2019-02-02 15:50:10.0 +0100 +++ freeipmi-1.6.3/debian/patches/deb_bmc-watchdog_noRUN1970-01-01 01:00:00.0 +0100 @@ -1,12 +0,0 @@ -From: Yaroslav Halchenko -Subject: to be able to condition use of watchdog in the configuration -Vendor: Debian - a/etc/bmc-watchdog.sysconfig -+++ b/etc/bmc-watchdog.sysconfig -@@ -41,4 +41,5 @@ - # - # For the remaining options, consult man bmc-watchdog - # -+RUN=no - OPTIONS="-d -u 4 -p 0 -a 1 -F -P -L -S -O -i 900 -e 60" diff -Nru freeipmi-1.6.3/debian/patches/series freeipmi-1.6.3/debian/patches/series --- freeipmi-1.6.3/debian/patches/series2019-02-02 15:50:10.0 +0100 +++ freeipmi-1.6.3/debian/patches/series1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -deb_bmc-watchdog_noRUN diff -Nru freeipmi-1.6.3/debian/rules freeipmi-1.6.3/debian/rules --- freeipmi-1.6.3/debian/rules 2019-02-02 15:50:10.0 +0100 +++ freeipmi-1.6.3/debian/rules 2019-02-23 14:03:32.0 +0100 @@ -39,9 +39,9 @@ : # Use Debian specific init files with "matching" names dh_installinit -pfreeipmi-bmc-watchdog \ ---name=bmc-watchdog +--name=bmc-watchdog --no-enable --no-start dh_installinit -pfreeipmi-ipmidetect \ ---name=ipmidetectd +--name=ipmidetectd --no-enable --no-start dh_installinit -pfreeipmi-ipmiseld \ --name=ipmiseld signature.asc Description: PGP signature
Bug#918916: Unicorn not reporting proper version for gemfile?
>I've checked debian's git, this patch was introduced when >ENV["VERSION"] was required to use the gemspec. Now as the upstream >gemspec provides the same it's not required. > >The problem is not in Unicorn. The problem is in gem2deb which >generated incorrect unicorn-0.gemspec for the package. OK... But, why was it fixed when I rebuilt with the patch? -nik
Bug#918014: apache2: Segfault in mod_filter only wehen started by systemd
Package: apache2 Version: 2.4.37-1 Severity: grave Justification: renders package unusable apache2 segfaults on start, but only when started normally through systemd. Starting apache2 by hand with the samer command line does not result in a segfault… #0 0x7f6049d7c3d0 in ?? () from /usr/lib/apache2/modules/mod_filter.so #1 0x7f604a35f088 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x7f604a31ec1a in fork () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x7f604a464855 in apr_proc_detach () from /usr/lib/x86_64-linux-gnu/libapr-1.so.0 #4 0x7f6049d318a4 in prefork_pre_config (p=, plog=, ptemp=) at prefork.c:1272 #5 0x55c1ddff31be in ap_run_pre_config (pconf=0x7f604a524028, plog=0x7f604a1a5028, ptemp=0x7f604a1a9028) at config.c:89 #6 0x55c1ddfcee5f in main (argc=, argv=) at main.c:775 -- Package-specific info: -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin2.4.37-1 ii apache2-data 2.4.37-1 ii apache2-utils 2.4.37-1 ii dpkg 1.19.2 ii lsb-base 10.2018112800 ii mime-support 3.61 ii perl 5.28.1-3 ii procps 2:3.3.15-2 Versions of packages apache2 recommends: ii ssl-cert 1.0.39 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]60.4.0esr-1 ii lynx [www-browser] 2.8.9rel.1-2 Versions of packages apache2-bin depends on: ii libapr1 1.6.5-1+b1 ii libaprutil1 1.6.1-3+b1 ii libaprutil1-dbd-sqlite3 1.6.1-3+b1 ii libaprutil1-ldap 1.6.1-3+b1 ii libbrotli1 1.0.7-1 ii libc62.28-2 ii libcurl4 7.62.0-1 ii libjansson4 2.12-1 ii libldap-2.4-22.4.47+dfsg-1 ii liblua5.2-0 5.2.4-1.1+b2 ii libnghttp2-141.35.1-1 ii libpcre3 2:8.39-11 ii libssl1.11.1.1a-1 ii libxml2 2.9.4+dfsg1-7+b3 ii perl 5.28.1-3 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]60.4.0esr-1 ii lynx [www-browser] 2.8.9rel.1-2 Versions of packages apache2 is related to: ii apache2 2.4.37-1 ii apache2-bin 2.4.37-1 -- Configuration Files: /etc/apache2/apache2.conf changed [not included] -- no debconf information
Bug#917791: [Pkg-xmpp-devel] Bug#917791: poezio: Missing dependency on python3-cffi
On Sun, Dec 30, 2018 at 07:38:32PM +0100, W. Martin Borgert wrote: > On 2018-12-30 12:20, Tom Teichler wrote: > > When starting python3-cffi is missing. Does not work at all. > > I'm using poezio 0.12.1-2 (uploaded yesterday) and it works > perfectly without python3-cffi*. Could you try that, please? I can reproduce the issue with 0.12.1-2, and I strongly doubt it works without cffi (except in cases where the code that uses cffi is for some reason not executed): $ grep -r cffi […] poezio/poopt.py:from cffi import FFI -nik signature.asc Description: PGP signature
Bug#915050: (gitlab) Re: Bug#915050: Keep out of testing
>> We had volatile, which, redefined properly, could help. I am trying >to draft such a definition. > >Did you get a chance to work on it? I do have this on my todo list for around Christmas. People who know me that I deliberately leave out the year, but my intentions are 2018 ;). -nik
Bug#915050: (gitlab) Re: Bug#915050: Keep out of testing
>well, Debian is using gitlab!!! so this sentence has no sense. The >problem here >is that is a complex software that depends of a lot of pieces and it's >not >easy/possible to fit the definition. So, maybe we should create another >category >of software. Yes, and that Debian officially uses GitLab, from a foreign source, without being able to support it in Debian, does make me feel ashamed for the project. >maybe creating another kind of repo. debian-contributuions >debian-blabla, whatever. > We had volatile, which, redefined properly, could help. I am trying to draft such a definition. -nik
Bug#914989: Adjust found versions
Hi, >> It is not a regression in unstable, so it need not block the testing >migration. ...but it needs get gitlab autoremoved from testing if not fixed :). >I was not able to reproduce it when downgrading to ruby-grape 1.0.3 >manually. This is correct. I hope you don't expect users to dig a package out of snapshots.debian.org. The issue is with the ruby-grape version currently in testing. >and also >confirm >if restarting gitlab-sidekiq service will solve the issue. If a restart >will solve the issue, we may need to automate that. After downgrading to 1.0.3 restart works. It does not do so with 1.1.0. -nik
Bug#914989: gitlab: sidekiq reacts very indignant to dependency changes, currently ruby-grape
Package: gitlab Version: 11.3.10+dfsg-2 Severity: grave Justification: renders package unusable It seems that gitlab-sidekiq often breaks due to changign versions of dependencies. Right now, when upgrading ruby-grape to 1.1.0, sidekiq does not start anymore because it depends on exactly 1.0.3 in its Gemfile. The package, however, depends on anything newer than 1.0. I have observed this often, and it's actually why I updated gitlab to the sid version instead of staying with the buster version, because ruby dependencies got upgraded and sidekiq did not find them anymore. While this report is about gitlab currently being unusable due to ruby-grape, it might be a systemic issue. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gitlab depends on: ii apache2 [httpd]2.4.37-1 ii asciidoctor1.5.7.1-1 ii bc 1.07.1-2+b1 ii bundler1.16.1-3 ii bzip2 1.0.6-9 ii dbconfig-pgsql 2.0.10 ii debconf [debconf-2.0] 1.5.69 ii gitlab-common 11.3.10+dfsg-2 ii gitlab-shell 8.3.3+dfsg-1 ii gitlab-workhorse 6.1.1+debian-3 ii lsb-base 9.20170808 ii nginx 1.14.1-1 ii nginx-full [nginx] 1.14.1-1 ii nodejs 8.11.2~dfsg-1 ii npm5.8.0+ds6-2 ii openssh-client 1:7.9p1-4 ii postfix [mail-transport-agent] 3.3.1-1+b1 ii postgresql-client 11+197 ii postgresql-client-11 [postgresql-client] 11.1-1+b2 ii postgresql-client-9.6 [postgresql-client] 9.6.10-0+deb9u1 ii postgresql-contrib 11+197 ii rake 12.3.1-3 ii redis-server 5:5.0.2-1 ii ruby 1:2.5.1 ii ruby-ace-rails-ap 4.1.1-1 ii ruby-acts-as-taggable-on 5.0.0-2 ii ruby-addressable 2.5.2-1 ii ruby-akismet 2.0.0-1 ii ruby-arel 6.0.4-1 ii ruby-asana 0.6.0-1 ii ruby-asciidoctor-plantuml 0.0.8-1 ii ruby-asset-sync2.4.0-1 ii ruby-attr-encrypted3.1.0-1 ii ruby-babosa1.0.2-2 ii ruby-base320.3.2-3 ii ruby-batch-loader 1.2.1-1 ii ruby-bcrypt-pbkdf 1.0.0-2 ii ruby-bootstrap-form2.7.0-1 ii ruby-browser 2.5.3-1 ii ruby-carrierwave 1.2.3-1 ii ruby-charlock-holmes 0.7.6-1 ii ruby-chronic 0.10.2-3 ii ruby-chronic-duration 0.10.6-1 ii ruby-commonmarker 0.17.9-1 ii ruby-connection-pool 2.2.2-1 ii ruby-creole0.5.0-2 ii ruby-default-value-for 3.1.0-1 ii ruby-device-detector 1.0.1-2 ii ruby-devise4.4.3-1 ii ruby-devise-two-factor 3.0.3-1 ii ruby-diffy 3.2.1-1 ii ruby-doorkeeper4.4.2-1 ii ruby-doorkeeper-openid-connect 1.5.2-1 ii ruby-dropzonejs-rails 0.8.2-1 ii ruby-ed25519 1.2.4-1 ii ruby-email-reply-trimmer 0.1.6-1 ii ruby-escape-utils 1.2.1-1+b1 ii ruby-excon 0.60.0-1 ii ruby-faraday 0.13.1-2 ii ruby-fast-blank1.0.0-1+b1 ii ruby-flipper 0.13.0-3 pn ruby-flipper-active-record pn ruby-flipper-active-support-cache-store ii ruby-fog-aliyun0.2.0-1 ii ruby-fog-aws 2.0.1-1 ii ruby-fog-core 1.45.0-2 ii ruby-fog-google1.8.1-2 ii ruby-fog-local 0.3.0-1 ii ruby-fog-openstack 0.1.6-4 ii ruby-fog-rackspace
Bug#909063: apacheds: package installation fails due to incorrect apacheds.service unit
Hi, > > Patch against git master is attached. This happened during the BSP in > > Karlsruhe, so I will NMU to DELAYED/5 tomorrow before the BSP ends if you do > > not object, and also ask the release team about inclusion in the next point > > release. > > Thank you for the fix Dominik. Could you commit the changes to the Salsa > repository and do a team upload instead of a NMU please? Sure, if you accept my request to join ;). -nik signature.asc Description: PGP signature
Bug#909063: apacheds: package installation fails due to incorrect apacheds.service unit
Control: tags -1 + patch Control: user debian-rele...@lists.debian.org Control: usertags -1 + bsp-2018-10-de-karlsruhe Hi, > Sep 17 18:42:47 ldap01 systemd[1]: [/lib/systemd/system/apacheds.service:11] > Executable path is not absolute, ignoring: ${JAVA_HOME}/bin/java ${JAVA_OPTS} > -Dapacheds.controls=${ADS_CONTROLS} …}/ > Sep 17 18:42:47 ldap01 systemd[1]: apacheds.service: Service lacks both > ExecStart= and ExecStop= setting. Refusing. The error here is a bit misleading (in systemd in buster, it becomes more clear). The ExecStart command itself is not allowed to contain variables; the solution is to wrap the call in a /bin/sh -c exec call. Patch against git master is attached. This happened during the BSP in Karlsruhe, so I will NMU to DELAYED/5 tomorrow before the BSP ends if you do not object, and also ask the release team about inclusion in the next point release. Cheers, Nik From 854fbfd0a86c52ebed3ce7773ee762ee49eb69be Mon Sep 17 00:00:00 2001 From: Dominik George Date: Sat, 27 Oct 2018 15:33:29 +0200 Subject: [PATCH] Fix command in systemd service file. --- debian/apacheds.service | 17 + debian/changelog| 7 +++ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/debian/apacheds.service b/debian/apacheds.service index e6de514..23efa17 100644 --- a/debian/apacheds.service +++ b/debian/apacheds.service @@ -8,14 +8,15 @@ Type=simple User=apacheds Group=apacheds EnvironmentFile=/etc/default/apacheds -ExecStart=${JAVA_HOME}/bin/java ${JAVA_OPTS} \ --Dapacheds.controls=${ADS_CONTROLS} \ --Dapacheds.extendedOperations=${ADS_EXTENDED_OPERATIONS} \ --Dlog4j.configuration=file:${ADS_INSTANCES}/${ADS_INSTANCE}/conf/log4j.properties \ --Dapacheds.log.dir=${ADS_INSTANCES}/${ADS_INSTANCE}/log \ --cp '${ADS_HOME}/lib/*' \ -org.apache.directory.server.UberjarMain \ -${ADS_INSTANCES}/${ADS_INSTANCE}/ +ExecStart=/bin/sh -c "exec \ +${JAVA_HOME}/bin/java ${JAVA_OPTS} \ + -Dapacheds.controls=${ADS_CONTROLS} \ + -Dapacheds.extendedOperations=${ADS_EXTENDED_OPERATIONS} \ + -Dlog4j.configuration=file:${ADS_INSTANCES}/${ADS_INSTANCE}/conf/log4j.properties \ + -Dapacheds.log.dir=${ADS_INSTANCES}/${ADS_INSTANCE}/log \ + -cp '${ADS_HOME}/lib/*' \ + org.apache.directory.server.UberjarMain \ + ${ADS_INSTANCES}/${ADS_INSTANCE}/" PrivateTmp=true [Install] diff --git a/debian/changelog b/debian/changelog index 4e0d8a6..73583b1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +apache-directory-server (2.0.0~M24-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix command in systemd service file. (Closes: #909063) + + -- Dominik George Sat, 27 Oct 2018 15:32:48 +0200 + apache-directory-server (2.0.0~M24-1) unstable; urgency=medium * Team upload. -- 2.19.1 signature.asc Description: PGP signature
Bug#902035: Future of pygame in Debian.
Hi, > […] tagged accordingly in the BTS […] Oops, you are right. There are still two FTBFS bugs I failed to tag (but not to fix). Cheers, Nik signature.asc Description: PGP signature
Bug#902036: Future of pygame in Debian.
Hi, > pygame in Debian testing is currently python2 only, I am sure I am not > alone in thinking this is not a good state of affairs given that pygame is > frequently used for introducing people to programming. > > pygame in sid has python3 support but is held back from migrating to > testing by three rc bugs. None of which have had any response from the > maintainer. > > One of those is a FTBFS with python 3.7 which is apparently fixed > upstream. So presumably the best thing to do about this one would be to > update the package to the new upstream. I may have a go at this myself > but I'm not an expert in python packaging so I don't know how well I will > do. > > The other two are testsuite failures on architectures where frankly I > doubt pygame has many users*. I may also take a look at these after the > new upstream version is dealt with but I don't think it's worth putting > huge amounts of effort into pygame on architectures where I doubt it has > any users and I equally don't think it should be allowed to block the > availability of python3-pygame in testing on architectures people do > actually care about, so if the root cause cannot be found quickly I would > propose either disabling the tests on these architectures or requesting > the ftpmasters remove the binaries. > > Anyone have any comments or suggestions? Yes. I am the maintainer whom you accuse of not maintaining the package. Sorry to say that, but all your assumptions are wrong - all of the bugs you mention are handled, tagged accordingly in the BTS, new uploads are prepared in the packaging repository, and fixing last issues for the upload are being coordinated with upstream, keeping the buster release schedule in mind: https://github.com/pygame/pygame/issues/543 Anything more I can do for you? Cheers, Nik signature.asc Description: PGP signature
Bug#900447: Build against freerdp2
Hi, > > I agree with Moritz's proposal. I have been working on a patch at Hamburg > > miniDebConf, but the patch is only 20% ready and really not my business, > > neither my expertise (as this is upstream work, and last time I spoke to > > Nik, upstream was not too enthusiastic about porting to freerdp2, as he > > said). > > > > @Nik: Can you disable RDP support for now in Guacomole some time soon? If > > not, I will do that as a Team Upload next week. > > Friendly ping :-) Well, if we disable RDP support, we can as well remove Guacamole. RDP is what people use it for, I have never heard of anyone using it only for VNC. -nik signature.asc Description: PGP signature
Bug#902186: CVE-2018-12689
Control: tags -1 + moreinfo Control: severity -1 important Heisann, On Sat, Jun 23, 2018 at 10:45:39AM +0200, Moritz Muehlenhoff wrote: > Package: phpldapadmin > Severity: grave > Tags: security > > Please see > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12689 I am triaging this bug report because of a request of a user to get phpLDAPAdmin into testing again, and the maintainer seems to be unresponsive. Doing so, I found that in my opinion, the CVE is invalid. Neither of the PoC works. PoC 1 (server_id parameter) does not work because the parameter is verified using is_numeric before being passed on to anything special. PoC 2 makes phpLDAPAdmin simply display "Invalid DN syntax for user". No matter what, I was not able to get anything out of phpLDAPAdmin with the information in the CVE and the refereces exploit. Thus, I am lowering the priority of this bug report to important and asking you to provide more information on how to produce the behaviour claimed in the CVE report. Ha det bra, Nik
Bug#908595: krb5-subdomain and ms-subdomain update policy rules ineffective
Package: libbind9-160 Version: 1:9.11.4.P2+dfsg-1 Severity: grave Tags: security upstream patch Forwarded: security-offi...@isc.org Control: found -1 1:9.11.4.P1+dfsg-1 Control: found -1 1:9.11.4+dfsg-4 Hi, I discovered the following security bug in bind9 a few weeks ago, and responsibly disclosed it to the ISC security officer. Unfortunately, until today they did not acknowledge it is a security issue - in contrast, they proved that they do not fully understand the issue, and now have added a new feature in the 9.11.4.P2 release which wrongly addresses this security issue. The issue is with DDNS update policies using Kerberos, namely the krb5-subdomain and ms-subdomain update policies for TKEY-GSSAPI. The documentation states, and has always stated, the following: krb5-self - This rule takes a Kerberos machine principal (host/machine@REALM) for machine in REALM and and converts it machine.realm allowing the machine to update machine.realm. The REALM to be matched is specified in the identity field. The name field should be set to "." krb5-subdomain -- This rule takes a Kerberos machine principal (host/machine@REALM) for machine in REALM and converts it to machine.realm allowing the machine to update subdomains of machine.realm. The REALM to be matched is specified in the identity field. The name field should be set to "." https://ftp.isc.org/isc/bind9/9.11.4-P1/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies (I am referring to both krb5-* and ms-* when saying krb5-* in the following.) Now the issue is the following (at least in all revisions of bind 9.10 and 9.11, *including the recently released 9.11.4.P1 and .P2*: krb5-self works a documented, and allows any client showing a valid Kerberos ticket for machine.realm to update exactly machine.realm. However, krb5-subdomain is missing the documented check completely - *it allows updating all records*. To be more precise, it checks the name of the record to be updated against the name field, instead of, as documented, against the machine name from the Kerberos identity. If a BIND TKEY update policy is configured as described in the manual, with the administrator intending to allow machines to update records below their own hostname, they are indeed granting full access to the whole zonem because the documented Kerberos name check is missing. The ISC security officer claims the following: The documented update policy was never intended to work like documented. It was intended to work like th ecode does, only checking against the configured name field instead of the Kerberos machine name. This is not a security issue - it is a documentation bug. I have raised concerns about these views with the ISC because it has some implications that I will not believe to be correct: There already is a check called subdomai n(without krb5-) that allows updating subdomains of the configured name. It can also take a Kerberos principal name as TKEY identity - in that case it allows updating the subdomain given in the name field if a client shows a valid Kerberos ticket for the principal in the identity field. This is what the ISC claims to be the intention of krb5-subdomain - I do, however, doubt that the person adding the krb5-subdomain check intended to add a new check that does the same as the existing subdomain check. (I also doubt that the person intended to duplicate an existing check, then accidentally added documentation stating the contrary.) The code for krb5-subdomain *does* go through all the hassle to extract the machine name from the given Kerberos identity - it then ignores the result and always returns TRUE instead of checking the record to be updated against the machine name it just got hold of with so much work. I do doubt that the person writing the original code, in addition to the above, intentionally added this code handling a Kerberos identity, then always returning TRUE, resulting in the check to do the same as the normal subdomain check - only with 100 lines of string manipulation resulting in a no-op wrapped around it. Even after explaining all this to the ISC, they decided to not fix these checks to do what they are documented (and obviously intended) to do. Instead, in 9.11.4.P1, they added *new* checks called krb5-subself and ms-subself that do what krb5-subdomain and ms-subdomain were intended to do, and sold this as a new feature (they also did not mention my research and patching efforts doing so, they just told the world they added a cool new feature - THANK YOU 💖!). The broken -subdomain checks were kept as they are, including the broken documentation. Even if the ISC intends to keep the broken checks (which, again, are duplicates of a more simple check, with tons of string manipulation code wrapped around), I still consider this a serious security issue because with the checks not doing what the documentation says for many
Bug#904453: python3-sleekxmpp: Syntax error on installation with Python 3.7
Package: python3-sleekxmpp Version: 1.3.3-3 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The code uses reserved keywords as funtion names: File "/usr/lib/python3/dist-packages/sleekxmpp/plugins/xep_0009/remote.py", line 430 def async(self, callback): ^ SyntaxError: invalid syntax async cannot be a name in Python 3.7 and onwards, thus installation fails with Python 3.7 as default python3. - -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-sleekxmpp depends on: ii libjs-sphinxdoc 1.7.6-1 ii python3 3.6.6-1 ii python3-dnspython 1.15.0-1 ii python3-pyasn1 0.4.2-3 ii python3-pyasn1-modules 0.2.1-0.2 Versions of packages python3-sleekxmpp recommends: ii python3-dateutil 2.6.1-1 ii python3-gnupg 0.4.3-1 ii python3-socks 1.6.5-1 python3-sleekxmpp suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAltXLGUxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylixPD/9mwqzw 5Swn5xlv07vLxogI7JKJu/9ZS/J/eH2N7HF4+kS7UtNwpb9MpyM+u2aTm+4HXGje Rth48S8zL0mv/6jRonmeuM6AhbGzpX4l58iDWX7N+q9mcnVmUjpm3XEr7TstfaHl V2Zf4FPRDs7S59+fVBYoEzYDqHaBRd3jE81rx6BRxY3vgscw7Og1NRJk8eubTBmT P57b8j4EEluJJXS6eEj5+AT8OymaYaPOcaV0STiici5Ugtc8PvauumcEnjnICbCa SY1uqY+A5oHET61Js3lmZP7VfDngt4hJNJpos4tRWjg4WJWPE12Ml+fdRMIBqEvE WutpIL4tHCC8mBaXXk1w2EN6J7bXegtZLAr8QbbG20yW9Qmhedg//rIeVuBWrZFR 3W/g5Xm2RGrOMdrSHw/VPTXwxrtqNULT2tnaOf6gd2ioHjrfRiMqopJ4QC5jUBsn ymnfP0ZqPsNynLcaJ+Re/UvllQJVafvV34Ag+ufBg5UtkZMaLAJB7gPCzEOJoMwv SLwSRV6xmmlmy1P21AQP56yrZXwUpaSo4Oju4Mb/Vvwyz7OW362qRM7giS6SWP6I q+JYR+YhWzkLdsY1V3HMk15FYyPzIHdyYn0v1hfWl/4zYDLYUNwwcAhHKeV0dQ47 q9Z93A9opg0Us01ipSI4UXwkBr0SiAhgI1OjQA== =6M3H -END PGP SIGNATURE-
Bug#900879: bind9-dyndb-ldap: does not work with current bind9 anymore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 06, 2018 at 11:54:04AM +0200, Dominik George wrote: > This plugin only works with the old dyndb patch for BIND, but not with > the DynDB interface in the version now included in BIND upstream. Seems that is not the case, but the plugin needs to be rebuilt against BIND 9.11.3, which seems not to work right now: https://pagure.io/bind-dyndb-ldap/issue/176 - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCABPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlsXs7UxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTyljzPD/49i+nyVE7DNFWyM/BRiMW4J7ZWUduUqLcoA9BUY9M0VLjQHjaWfdNk k9l277SrwVaGHgpgOKau8StmsZOkEnhJW0MV6b4TUIiykglM6+4vjWukS+MK7Pxj ErpBdwVpE30YL0/MVm+JnmUnbHgdX6qr7KPNU439bHNujBnHjW8o3Pj7aAKuYjFl vq5I09awmcfPX+jt+NzAkkp6DGp+t0BFP+OYcdqHwBzLhL/XWeNzQnvu88OvwJwa q2cgovXoiSgO6XmnuXZCMfJPVUE6YNULbljczCahtOHToFruqEE71J+z5we/cdfl c6vwFHc7C7WupHSnZc9nbP3kGLinB2qZRoVdrxvSV23Y8/mKNHdG3e4y6k0SAUXP aTP5xiudT7DWsL6dWVSDcpOZqBtv5CgT8eFkIYr64CbSECXZfHS1pZowK+SygQFH SVy3pIJpWRyYd2fxJKfwYDF6vMgKae3UG+4zZftxhfld4n0ugr9CV/kZkH+i2c7r jNmSZhjfWEIlL0/S9TceH9yCfKQWdPDRSKoStqAjTA8ZGvDd8B2E/u4RaylrDfZx OsQtPjkUkuHR+onKJm+G3jsinD9HFRWcRT4JlbfykZBJQLya9NVxstSF6/rse53+ wj+4qrXgVVPpDGyZ82zKADN0AYgzV0NunWNXlc6WZde45+r8iz70oQ== =jhea -END PGP SIGNATURE-
Bug#900879: bind9-dyndb-ldap: does not work with current bind9 anymore
Package: bind9-dyndb-ldap Version: 11.1-3 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This plugin only works with the old dyndb patch for BIND, but not with the DynDB interface in the version now included in BIND upstream. - -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.16.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bind9-dyndb-ldap depends on: ii bind9 1:9.11.3+dfsg-1 ii libc6 2.27-3 ii libdns1100 1:9.11.3+dfsg-1 ii libisc169 1:9.11.3+dfsg-1 ii libkrb5-3 1.16-2 ii libldap-2.4-2 2.4.46+dfsg-5 ii libuuid1 2.32-0.1 bind9-dyndb-ldap recommends no packages. bind9-dyndb-ldap suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlsXrzQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYSQRAA2BHdTJjrzalbFRsedVhMjBqAGYJc TstiWl+x7MYZideTiy6FbvgazBTu/DJFioAmcn4jxo+4QV2t1HP3QjjhtNtD4h4Z PZMVs7sfEUUP3dble0njZZUilhKShD82caWozcI1sfgxHelzZvaYRXfSUULuce41 PkayYQAwJrYr84rSPTdN2POYBP3dOj4oz7tZ1N9vVbelLWCdWYkXEWqWR572FUSX TdgTvtIJ6gC8wXt1xJJaQ0NTh09X7wouk6oUJldh7ey1JA18lLC5MWqjar5FDPVR UANFF8y68PCRj9WxyzyKHLmZPRnOrYgV4aMhUEstqAwQwwCPXFVMPRx/2nb8Er7l ikKMMDvVbDWDdEt61sOksGb7QGUc25o8utKxzFlaFgdNbIZFTWBNRTwhDhfYaW/m ccyS0CoIzULpqe8pcMewTQL4S4J8HnN1mx/QTgcVT8Z4c6c0rMn/ks/og4/DDzdq ULKEwYxuwsQrCq5OSJso/OTGwORwTmhCXV4B/E6+KWhzjVRefkZNAXeCCQqEZOMA oKECg1tHYM/2JSHN9a8/orLHIo457VlLOM6Wk6C6vkEBS33CqnT+FG+kG53pEWR/ 3rnjfj0mvlgrsaGnvUPUAYbTCehF1DvCMjlsnRYQVN/Se7MzNAlPRbgy65fR13Fy M5enAIfrwZCPJcs= =iGc4 -END PGP SIGNATURE-
Bug#900447: Build against freerdp2
Control: reassign -1 guacamole-server Control: merge 888321 -1 Hi, > This bug is for tracking the efforts of porting guacamole-client to > FreeRDP v2. guacamole-client has nothing to do with freerdp. ITYM guacamole-server, which also already has a bug for that ☺. -nik signature.asc Description: PGP signature
Bug#894560: pygame: Don't drop python2 package
Control: tags -1 + pending Hi, the next upload in a couple of days will re-introduce the python 2 package. -nik signature.asc Description: PGP signature
Bug#894560: pygame: Don't drop python2 package
Hi, > Your latest upload drops the python-pygame pacakge but I count 35 > packages in Debian Testing that depend on it. Please restore the > python-pygame package until all those packages no longer depend on it. > > Even without a bug being filed, I believe the broken dependency issue > would have prevented this package from migrating to Testing. So, what's the use of that? I do not target for testing - I target for buster and for sid. Neither pygame nor its dependencies, using Python 2, will survive the buster release cycle, so there is no point in forcefully keeping it around in testing. And as you said: Non of this will transition until the problem is solved (either by removal of the dependencies or their switch to Python 3). All that will happen with and without the Python 2 version of Pygame. -nik signature.asc Description: PGP signature
Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual
Source: debian-edu-install Version: 1.916 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I spent two days trying to install Debian Edu (combined server) in a virtual machine. I started with 100 GiB hard disk, then tried 150 GiB, and finally 220 GiB. The LTSP chroot installation always fails with no space left in /opt/var/cache/apt. Installing Debain Edu is not possible. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr7nQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pb2bxAAvIZSU7BE0+ucGg5SEzrzvk0GHzuv OfhwhpxuggDzKgTf2vq5fsEXm9DafxyIXhq9ZfYgbGCRqXlWbO3hjlmneZx1OCzt ow3kpLZJy5LwerRYe2lYlJY8O8ZYnKPUMuWxblpVCU9tQUXw/+edtmu+KGRNcEmX L8u5/y1LNp5846Xb9wSKgJP93DaYInUndv9+i9EOGps+uoZlO67yyDgYJUJmmkJf 0q9zoU7KBOO2fJv8i1rcbxmgNaT9gcqZLtlLXPvFUm526ipZHT1nktteHJQEtwqf KNhGA2tsNwxJrWJgnJG/Vtppwj9wgbdJ9q9cPxVqS9sLVi3hoUPeDRA6kBVmkebB nbxDLI8tl5DtdR6FLQKOT8nfich9V5XDmW4379jCL+g7P+ixigBiWLouwMwnBCr/ EpBK8Qwv0KCnRhs9geC9i5HBpU4oKB4nJr5L24jEy9kbwaduN1w3mpRQZ81WtsCC MdYEmJl0VhW4UH5MYjxrkPZ1lI5b9f4pSFI5wmA1FGSC12+swTWFWKY3ivVhObDE exQfsdRUhuLj4NpPVvE3rIqxLOCAi75X5R9/cdJ5uMxyG0kzUwzi87dv9VIBy+FT 0SpH1QYhSz/ORRA4FjlDBn726Bwk6OpudECPn1JMBoziZ6k/ASwSfSG74q8MPDRI 70iu0yXdiLct/3M= =HyOM -END PGP SIGNATURE-
Bug#876459: needrestart: Non-interactive mode not being detected properly
Hi Patrick, > I regularly see this bug cause important PostgreSQL databases to be > restarted on Debian stable. > > Can you please make sure to provide an update for the next Debian point > release? If you need help doing so, feel free to say that. Any news/opinion on that? If I do not hear anything from you within this week, I will start negotiating with therelease team about the patch for the next point release. Cheers, Nik signature.asc Description: PGP signature
Bug#867558: flask-ldapconn FTBFS: build dependencies python-ldap3/python3-ldap3 are only available in more recent versions
Control: tags -1 + upstream > builddeps:flask-ldapconn : Depends: python-ldap3 (< 2.0~) but it is not > going to be installed > Depends: python3-ldap3 (< 2.0~) but it is not > going to be installed ldap3 version 2 requires a complete rewrite. Upstream tracks this at https://github.com/rroemhild/flask-ldapconn/20 -nik signature.asc Description: PGP signature
Bug#871910: marked as pending
tag 871910 pending thanks Hello, Bug #871910 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/python-modules/packages/pygame.git/commit/?id=a6f8d3d --- commit a6f8d3d63dcdfe1bf3a32f1141d4e4ceddd040b2 Author: Dominik George Date: Sat Dec 16 21:13:00 2017 +0100 Update dependency on timgm6mb-soundfont. (Closes: #871910) diff --git a/debian/changelog b/debian/changelog index bccc8d8..e89b2ef 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +pygame (1.9.3+dfsg-3) unstable; urgency=medium + + * Update dependency on timgm6mb-soundfont. (Closes: #871910) + + -- Dominik George Sat, 16 Dec 2017 21:12:22 +0100 + pygame (1.9.3+dfsg-2) unstable; urgency=medium * License review to update d/copyright.
Bug#882463: Wheezy update of xrdp?
Hi, > Would you like to take care of this yourself? Not really. Go ahead ☺. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#882463: marked as pending
tag 882463 pending thanks Hello, Bug #882463 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/pkg-remote/xrdp.git/commit/?id=d852069 --- commit d8520695e237c8853380e247e82d22d155c8b7e3 Author: Dominik George Date: Fri Dec 15 02:05:25 2017 +0100 Add patch for CVE-2017-16927. diff --git a/debian/changelog b/debian/changelog index ce894b1..b430e2a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +xrdp (0.9.1-9+deb9u2) stretch-security; urgency=high + + * Fix CVE-2017-16927. (Closes: #882463) + + -- Dominik George Fri, 15 Dec 2017 02:05:40 +0100 + xrdp (0.9.1-9+deb9u1) stretch; urgency=medium * Fix high CPU load on SSL shutdown. (Closes: #876976)
Bug#882463: marked as pending
tag 882463 pending thanks Hello, Bug #882463 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/pkg-remote/xrdp.git/commit/?id=690b1ae --- commit 690b1aea2b21dde4d82c154d0f132c5348bd24e9 Author: Dominik George Date: Fri Dec 15 02:10:06 2017 +0100 Add patch for CVE-2017-16927. diff --git a/debian/changelog b/debian/changelog index a6c0ade..355b3db 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ xrdp (0.9.4-2) UNRELEASED; urgency=medium [ Dominik George ] * Fix typo in previous changelog. + * Fix CVE-2017-16927. (Closes: #882463) [ Thorsten Glaser ] * Place missing log_end_msg in init script. @@ -10,7 +11,7 @@ xrdp (0.9.4-2) UNRELEASED; urgency=medium * Cherry-pick missing parts from experimental branch. * Fix another typo in previous changelog. - -- Thorsten Glaser Tue, 10 Oct 2017 20:21:09 +0200 + -- Dominik George Fri, 15 Dec 2017 02:10:18 +0100 xrdp (0.9.4-1) unstable; urgency=medium
Bug#882463: marked as pending
tag 882463 pending thanks Hello, Bug #882463 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/pkg-remote/xrdp.git/commit/?id=180d149 --- commit 180d1495f0729e6afdda2e60c1c0aeaf2bec05b5 Author: Dominik George Date: Fri Dec 15 02:05:25 2017 +0100 Add patch for CVE-2017-16927. diff --git a/debian/changelog b/debian/changelog index ce894b1..422df4c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +xrdp (0.9.1-9+deb9u2) stretch; urgency=medium + + * Fix CVE-2017-16927. (Closes: #882463) + + -- Dominik George Fri, 15 Dec 2017 02:05:40 +0100 + xrdp (0.9.1-9+deb9u1) stretch; urgency=medium * Fix high CPU load on SSL shutdown. (Closes: #876976)
Bug#882085: [cowsay] Package includes ASCII representation of Zoophilia
> In fact, the package was installed since I have turned on install > suggests. If this was done on purpose or accident is not open for debate. It is. I'm sorry, but in fact, your concern should be that you are obviously unable to control what you install on your system. You can read a handbook on this topic - but please leave unrelated maintainers alone - they are not the support crew for your personal system's administration. The fix is to purge the package and look and think next time you install packages. -nik
Bug#873271: pam-krb5-migrate: install paths are wrong
Source: pam-krb5-migrate Version: 0.0.11-4 Severity: grave Justification: renders package unusable Both the PAM modules and the pam config are installed into sub-directories instead of their correct places. This makes the package unusable without moving files in system locations around beforehand. -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#863701: sympa: insists that cookie has changed when it hasn't
Hi, > In this case the head command might not be in the path Sympa is seeing. Could > you please test if > `/usr/bin/head ...` works for you? Yes, it does. -nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/
Bug#863701: sympa: insists that cookie has changed when it hasn't
Hi, >The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian >package, >so this hasn't changed? Confirmed. > >What are the permissions of the cookie file? 640 owned by sympa:sympa I have placed debugging prints into Conf.pm and found that $current is empty right at the beginning of cookie_changed. It seems the `head... command is not evaluated. I placed the cookie in the config file directly, which makes it working again. -nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/
Bug#863701: sympa: insists that cookie has changed when it hasn't
Package: sympa Version: 6.2.16~dfsg-3 Severity: grave Justification: renders package unusable SYMPA suddenly refuses to start with: May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter has changed. You may have severe inconsitencies into password storage. Restore previous cookie or write some tool to re-encrypt password in database and check spools contents (look at /etc/sympa/cookies.history file). at /usr/lib/sympa/bin/sympa_msg.pl line 310. May 30 09:35:20 terra sympa_msg.pl[22389]: at /usr/lib/sympa/bin/sympa_msg.pl line 310. May 30 09:35:20 terra sympa_msg.pl[22389]: main::_load() called at /usr/lib/sympa/bin/sympa_msg.pl line 87 Now, while I see why this protection is in place, unfortunately, the cookie has not changed. Neither has the parameter in the config file changed (checked with etckeeper), nor has the contents of the cookie file changed (checked with etckeeper), nor is anything different in cookies.history. SYMPA just decided to block startup. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sympa depends on: ii adduser 3.115 ii ca-certificates 20161130+nmu1 ii dbconfig-common 2.0.8 ii debconf [debconf-2.0] 1.5.60 ii fonts-font-awesome4.7.0~dfsg-1 ii init-system-helpers 1.48 ii libarchive-zip-perl 1.59-1 ii libc6 2.24-10 ii libcgi-fast-perl 1:2.12-1 ii libcgi-pm-perl4.35-1 ii libclass-singleton-perl 1.5-1 ii libcrypt-openssl-x509-perl1.8.7-3 ii libcrypt-smime-perl 0.19-2 ii libdatetime-format-mail-perl 0.4030-1 ii libdbd-csv-perl 0.4900-1 ii libdbd-mysql-perl 4.041-2 ii libdbd-pg-perl3.5.3-1+b2 ii libdbd-sqlite3-perl 1.54-1 ii libdbi-perl 1.636-1+b1 ii libfcgi-perl 0.78-2 ii libfile-copy-recursive-perl 0.38-1 ii libfile-nfslock-perl 1.27-1 ii libhtml-format-perl 2.12-1 ii libhtml-stripscripts-parser-perl 1.03-1 ii libhtml-tree-perl 5.03-2 ii libintl-perl 1.26-2 ii libio-stringy-perl2.111-2 ii libjs-jquery 3.1.1-2 ii libjs-jquery-migrate-11.4.1-1 ii libjs-jquery-placeholder 2.3.1-2 ii libjs-jquery-ui 1.12.1+dfsg-4 ii libjs-modernizr 2.6.2+ds1-1 ii libjs-twitter-bootstrap 2.0.2+dfsg-10 ii libmail-dkim-perl 0.40-1 ii libmailtools-perl 2.18-1 ii libmime-charset-perl 1.012-2 ii libmime-encwords-perl 1.014.3-2 ii libmime-lite-html-perl1.24-2 ii libmime-tools-perl5.508-1 ii libmsgcat-perl1.03-6+b3 ii libnet-cidr-perl 0.18-1 ii libnet-dns-perl 1.07-1 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl 1.9022-1 ii libregexp-common-perl 2016060801-1 ii libsoap-lite-perl 1.20-1 ii libtemplate-perl 2.24-1.2+b3 ii libterm-progressbar-perl 2.18-1 ii libunicode-linebreak-perl 0.0.20160702-1+b1 ii libxml-libxml-perl2.0128+dfsg-1+b1 ii lsb-base 9.20161125 ii mhonarc 2.6.19-2 ii perl 5.24.1-2 pn perl:any ii postfix [mail-transport-agent]3.1.4-4 ii rsyslog [system-log-daemon] 8.24.0-1 ii sqlite3 3.16.2-3 Versions of packages sympa recommends: ii apache2-suexec-pristine [apache2-suexec] 2.4.25-3 ii doc-base 0.10.7 ii libapache2-mod-fcgid 1:2.3.9-1+b1 pn libcrypt-ciphersaber-perl ii libio-socket-ssl-perl 2.044-1 ii locales 2.24-10 ii logrotate 3.11.0-0.1 ii postgresql9.6+181 Versions of packages sympa suggests: ii apache2 [httpd-cgi] 2.4.25-3 pn libauthcas-perl pn libdbd-odbc-perl pn libdbd-oracle-perl -- Configuration Files: /etc/sympa/auth.conf changed [not included] -- debconf information excluded
Bug#863631: sympa: trashes configuration on update without asking
Package: sympa Version: 6.2.16~dfsg-3 Severity: critical Justification: causes serious data loss The upgrade to 6.2.16~dfsg-3 from 6.2.16~dfsg-2 in stretch just ditched SYMPA's config files on my system, leaving it in a broken way, even in such a broken way that users who tried sending mails did not receive an error and thought things went through. I think some actions would even have led to destruction of database data. I have no idea why the maintainer scripts decided to do that. I recovered from etckeeper and a system backup. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sympa depends on: ii adduser 3.115 ii ca-certificates 20161130+nmu1 ii dbconfig-common 2.0.8 ii debconf [debconf-2.0] 1.5.60 ii fonts-font-awesome4.7.0~dfsg-1 ii init-system-helpers 1.48 ii libarchive-zip-perl 1.59-1 ii libc6 2.24-10 ii libcgi-fast-perl 1:2.12-1 ii libcgi-pm-perl4.35-1 ii libclass-singleton-perl 1.5-1 ii libcrypt-openssl-x509-perl1.8.7-3 ii libcrypt-smime-perl 0.19-2 ii libdatetime-format-mail-perl 0.4030-1 ii libdbd-csv-perl 0.4900-1 ii libdbd-mysql-perl 4.041-2 ii libdbd-pg-perl3.5.3-1+b2 ii libdbd-sqlite3-perl 1.54-1 ii libdbi-perl 1.636-1+b1 ii libfcgi-perl 0.78-2 ii libfile-copy-recursive-perl 0.38-1 ii libfile-nfslock-perl 1.27-1 ii libhtml-format-perl 2.12-1 ii libhtml-stripscripts-parser-perl 1.03-1 ii libhtml-tree-perl 5.03-2 ii libintl-perl 1.26-2 ii libio-stringy-perl2.111-2 ii libjs-jquery 3.1.1-2 ii libjs-jquery-migrate-11.4.1-1 ii libjs-jquery-placeholder 2.3.1-2 ii libjs-jquery-ui 1.12.1+dfsg-4 ii libjs-modernizr 2.6.2+ds1-1 ii libjs-twitter-bootstrap 2.0.2+dfsg-10 ii libmail-dkim-perl 0.40-1 ii libmailtools-perl 2.18-1 ii libmime-charset-perl 1.012-2 ii libmime-encwords-perl 1.014.3-2 ii libmime-lite-html-perl1.24-2 ii libmime-tools-perl5.508-1 ii libmsgcat-perl1.03-6+b3 ii libnet-cidr-perl 0.18-1 ii libnet-dns-perl 1.07-1 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl 1.9022-1 ii libregexp-common-perl 2016060801-1 ii libsoap-lite-perl 1.20-1 ii libtemplate-perl 2.24-1.2+b3 ii libterm-progressbar-perl 2.18-1 ii libunicode-linebreak-perl 0.0.20160702-1+b1 ii libxml-libxml-perl2.0128+dfsg-1+b1 ii lsb-base 9.20161125 ii mhonarc 2.6.19-2 ii perl 5.24.1-2 pn perl:any ii postfix [mail-transport-agent]3.1.4-4 ii rsyslog [system-log-daemon] 8.24.0-1 ii sqlite3 3.16.2-3 Versions of packages sympa recommends: ii apache2-suexec-pristine [apache2-suexec] 2.4.25-3 ii doc-base 0.10.7 ii libapache2-mod-fcgid 1:2.3.9-1+b1 pn libcrypt-ciphersaber-perl ii libio-socket-ssl-perl 2.044-1 ii locales 2.24-10 ii logrotate 3.11.0-0.1 ii postgresql9.6+181 Versions of packages sympa suggests: ii apache2 [httpd-cgi] 2.4.25-3 pn libauthcas-perl pn libdbd-odbc-perl pn libdbd-oracle-perl -- Configuration Files: /etc/sympa/auth.conf changed [not included] -- debconf information excluded
Bug#856489: opendmarc: defaults file vanished
Package: opendmarc Version: 1.3.2~Beta1-2 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The /etc/defaults/opendmarc file has vanished, although it is still referenced in README.Debian. The systemd service file also shows no signs of ever reading this file. - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages opendmarc depends on: ii adduser 3.115 ii libbsd0 0.8.3-1 ii libc6 2.24-9 ii libmilter1.0.1 8.15.2-8 ii libopendmarc2 1.3.2~Beta1-2 ii libspf2-2 1.2.10-7+b1 ii lsb-base9.20161125 ii publicsuffix20170223.0049-1 Versions of packages opendmarc recommends: pn libdbd-mysql-perl ii libdbi-perl 1.636-1+b1 ii libhttp-message-perl 6.11-1 ii libopendbx1 1.4.6-11 ii libopendbx1-mysql 1.4.6-11 ii libswitch-perl2.17-2 ii perl 5.24.1-1 pn perl:any opendmarc suggests no packages. - -- Configuration Files: /etc/default/opendmarc [Errno 2] Datei oder Verzeichnis nicht gefunden: '/etc/default/opendmarc' /etc/opendmarc.conf changed [not included] - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAli24HQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pblhxAAuQwlHprMZv3veerum2PQpijOHkQh mTowKgbLdlIVz4K7S9VSgWEFkjlLEvd3Yg5ivcEq9cuu0Lr+LmFAsZILkooHXY4C kvKrsHetRa//lAiozm6WFhqPn7QELKwW5usKbxOy/cdrV9e7a7WZPAjjHwhztQYR 5UGNrHVBhl4Aox7w0qINmbxeamxpj3JKYJIN4IPSezpfkM4AaCnhTsA2TNw1ONhZ PxPDfZ7Zs2145sCgkzHIv3sV7QRN6TstMQzlWhG+JungnohJhFdrTCOk1zH9SvaP wOHw+l5H70fElw2ugzTjdi5LpK7pGzqlLFgLoKpf0aJnATAfHwsAGrz+eguhIGfT kxY9PVWoPPjt/uOfczpZ6HrVDXYKQIxs9xD7wnDKpX7urhYgNn9TKUZ9Cc+imqYI GDUom0XyB8Y/dD2FF7EihM4/s8vquBMdq+UWzd2ucf6A0QROjaNq1lr3XpOuaI9+ nS8EqASprymQxwvAR6umRX4ilkwMshai0qWZWxC1L2m0uAXBy+Y1jDSUYmJJPc/3 dxbq6O74K1W+Y3Ny0cco8wF8SwGd56M+rwcAJsSYCRvTQwkQJSsWbyaFJAJMj6UB iBf/Zqnb6nDUrhx7EVcoG4BbYIrtXdIMu4uC5Bx54a7JYv/V/nEcU+i2SH/lBufh DGEZwPM/jR6YxVg= =tWkp -END PGP SIGNATURE-
Bug#856488: opendmarc: does not honor Socket config key anymore
Package: opendmarc Version: 1.3.2~Beta1-2 Severity: grave Justification: renders package unusable At some point, OpenDMARC stopped honouring the Socket option in its config file. This results in 127.0.0.1:12302 never being bound with the configuration file attached. -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages opendmarc depends on: ii adduser 3.115 ii libbsd0 0.8.3-1 ii libc6 2.24-9 ii libmilter1.0.1 8.15.2-8 ii libopendmarc2 1.3.2~Beta1-2 ii libspf2-2 1.2.10-7+b1 ii lsb-base9.20161125 ii publicsuffix20170223.0049-1 Versions of packages opendmarc recommends: pn libdbd-mysql-perl ii libdbi-perl 1.636-1+b1 ii libhttp-message-perl 6.11-1 ii libopendbx1 1.4.6-11 ii libopendbx1-mysql 1.4.6-11 ii libswitch-perl2.17-2 ii perl 5.24.1-1 pn perl:any opendmarc suggests no packages. -- Configuration Files: /etc/default/opendmarc [Errno 2] Datei oder Verzeichnis nicht gefunden: '/etc/default/opendmarc' /etc/opendmarc.conf changed: PidFile /var/run/opendmarc.pid RejectFailures false Syslog true UMask 0002 UserID opendmarc:opendmarc PublicSuffixList /usr/share/publicsuffix/ Socket inet:12302@127.0.0.1 -- no debconf information
Bug#856002: sddm: only shows white screen
Hi, > sddm logs the output to the syslog, please check that, and possibly the > Xorg.0.log, for errors. Which video card are you using? Nothing suspicious in the logs. I am using an Intel HD Graphics 4400 something-whatever-on-board thingy. > Also, could you test sddm 0.14.0-1 (which is currently available in > experimental)? 0.14.0-1 indeed works. And when starting, it loaded some default them and complaint that the breeze theme could not be found and I in turn found that the sddm-theme-breeze package was not installed. Maybe that's the issue with 0.13.0 as well and it simply fails to complain? -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#856002: sddm: only shows white screen
Package: sddm Version: 0.13.0-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 sddm only shows a white screen after starting. sddm.log remains empty. - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages sddm depends on: ii adduser 3.115 ii debconf [debconf-2.0] 1.5.60 ii libc6 2.24-9 ii libgcc1 1:6.3.0-8 ii libpam0g 1.1.8-3.5 ii libqt5core5a 5.7.1+dfsg-3+b1 ii libqt5dbus5 5.7.1+dfsg-3+b1 ii libqt5gui55.7.1+dfsg-3+b1 ii libqt5network55.7.1+dfsg-3+b1 ii libqt5qml55.7.1-2 ii libqt5quick5 5.7.1-2 ii libstdc++66.3.0-8 ii libsystemd0 232-18 ii libxcb-xkb1 1.12-1 ii libxcb1 1.12-1 ii qml-module-qtquick2 5.7.1-2 ii sddm-theme-maui [sddm-theme] 0.13.0-1 Versions of packages sddm recommends: ii libpam-systemd 232-18 Versions of packages sddm suggests: ii libpam-kwallet5 5.8.4-1 - -- debconf information: sddm/daemon_name: /usr/bin/sddm * shared/default-x-display-manager: sddm -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAliv5/MxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pa4dhAAu92VeDU2/G6aNHsVmszdw3T8JvIx 3gO5KJ7oFCe4i5QxtTWnQZghhMCF9kmgeGwJ87fLNKgp/50QQNUnR0RIyE4gDwKe BTUSs6K4hyKBIz/giaLCYTOlTIxW7BjhzefNISekkg9/fNqCuECUbD4AzRYuZ0Wc 9/1kqIVakdaPzkqLeY21cACMQvJcbCQb6F1u60eoCc3rTGW7R1kGCfgcMxz8PJ/2 tREO/ItXm/vwEqHH+QeuHgweuNkZjzPF2LUlEJRDRX6E5CO3RzmgKUY6fQP7mO0Q QigBNKoy0erFZIsSY04GH47kHmhoPHuViRX5XJacpbrSfwR5SJRFiEIOdTwBcnHU Eu2qX231yhDNxqCjEwDUvDONlCe8+xh5UYwmFzg2SInligi4NjcR+aHXHLitUp5D SKTlPxB1g7uLu9wIxtKnKegGAPzNWlTh6/j/eqX7DzuCpJSkSAUYB411aiqxYVc4 VqOvvNgPOIGwgsWreOSBnEOMfVy2dMIrvnc60zObJwIMF5HQBz/vAw+cJxYsbVg4 RELCkh9vQviG5HAr7xaa69WhSeZiGfrueGfSpUjKjlAMBa2nBuFkZ6mMbW0fwwLC wvK02OfUECMYgj+C2NjHdBU1nahmdk6vIQ+7vVZCi2g43qeQb4pO8PGr/Xof+loL /Gsq9JWW7yxQc3w= =/8H0 -END PGP SIGNATURE-
Bug#855383: warning: gstate underflow in content stream and 100% CPU
Package: mupdf Version: 1.9a+ds1-3 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Since the last update, MuPDF refuses to display (at least) PDFs created with pdflatex and ghostscript. It only outputs… warning: gstate underflow in content stream …then hangs at 100% CPU load. According to strace, it seems to hang in a noop loop and does not call any syscalls anymore. You can find an example PDF at https://www.teckids.org/docs/public/material/computer-intro_allgemein_01_ab_maschinen-und-anweisungen.pdf - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages mupdf depends on: ii libc62.24-9 ii libfreetype6 2.6.3-3+b1 ii libharfbuzz0b1.4.2-1 ii libjbig2dec0 0.13-4 ii libjpeg62-turbo 1:1.5.1-2 ii libopenjp2-7 2.1.2-1.1 ii libx11-6 2:1.6.4-3 ii libxext6 2:1.3.3-1 ii zlib1g 1:1.2.8.dfsg-5 mupdf recommends no packages. Versions of packages mupdf suggests: ii mupdf-tools 1.9a+ds1-2 - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlim5FsxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYIbRAAo876nr+hSRnL/V1wR3EV8BVhGdRL M8+HAUjlI56KMWyjr7w7RQLHxt/YYQuD27s0us6UF+6KnFZg7HmAbE4vuZILFO0z WFSExgs1Lbd4MiLupqBaEUJvG6lAXGzv6JSMwot7t/x1Dc2bAtsJSaeb7pt8Vu/L wGHppMB72T1tj/Ty/N+p/0MX0hxDtMW7pOlKQYjVGsgQCUELj3AI2gjosFVzkjEL +OPwDMQfNNpDsy0FhQ55butkwIMi0YPn89T4XoIfDB8RB5EEvQzqFBl3y5cVTrVG Q45yIpfPCgikV/AvGlnHG5fru+sXcTxZRCBd9uMzpj8V/zmS9qxOwDb2RAHibq39 ee0ZjB4I8LTcUBBOa9/dFEQk51T20QHUuM54OsHn39L/MTYiCx0PD+kSkNjy63Q+ ExkWssmeAYCpPTSOXWjE9hodyTfW8+0K3kSmyswajpSvtNBw7dTsyvAbAIQWxB+z WeOvQBUv6dxStwqu2W2HBWA5lbXiMfmBJCEr/ZypA35TQ3wIRH8L2taThtmhAT9Y 60gnPDl8qUyj2T2i4Ie9AbJwpPNOZwmJ1NVIgdc9f4pxsL5UY7dKsK0e84QDID9z wnZq+0p4dhgiDlvy+aE0dQVNHBkocROFCu2prWQldSw8FiRpz621HtyZ+g347A8y CevRltaJFCASv2Y= =E4wx -END PGP SIGNATURE-
Bug#854548: marked as pending
tag 854548 pending thanks Hello, Bug #854548 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=pkg-remote/xrdp.git;a=commitdiff;h=1d67bb8 --- commit 1d67bb891ccb3d27b99bf4fde1720135a1f464ce Author: Dominik George Date: Thu Feb 9 12:48:35 2017 +0100 Ensure creation of /run directory. diff --git a/debian/changelog b/debian/changelog index 1ddbfb1..f545629 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +xrdp (0.9.1-5) unstable; urgency=medium + + * Ensure creation of /run directory. (Closes: #854548) + + -- Dominik George Thu, 09 Feb 2017 12:47:36 +0100 + xrdp (0.9.1-4) unstable; urgency=high [ Thorsten Glaser ]
Bug#853258: docker.io: uses sleep to query user in maintainer script
Source: docker.io Version: 1.11.2~ds1-6 Severity: serious Justification: Policy 3.9.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 One of the maintainer scripts asks the user whether it is ok to “nuke” docker containers using a message followed by a sleep. Please use a debconf-compatible interface to query the user if you are really interested in whether they want to remove the data or not. An example on how to do that is the slapd package which uses debconf to determine what happens with the data files. - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/lksh Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAliPoqQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYgkRAAmQDIPN1uxudKGNwm7qJsyiz4uHk4 SutC4jouuLAOPBOFn/wPYVWA0MJIAhZHLgtrEuZhcrFUens98t2KbTbDdZiyc+v/ q74kKGYhHp7fvEI27BJBC9j/johvW/0o/tjR5kInb+LnakQmV8ZM9Y55r+a2Kc6J 7zxx+EvfB+Pbtd5CqgNaVvAEuuOUtObbxcKoBaoKV3Glmsm9gQ+VwfgafPYATUKb 48RcMJgSKIouNShHGABU5/w4zR3VyqB3D7LhTqTSz2TbOiGErfIz7tNyZsfHs2sO m5diAWQqwJtIDQ3Tr+ILztME2tHsOPEtxy5/ozxWKRBEz4q1AqxT5EHynwtDnKBI KLj83BGna90bqGp7jGrZQzvK0NA9JPB53Vkzu3ztY+/OfEUHdpDH6d8/VYEHMV99 3rVlPPyGhG2GqzOsUWWNfo6G+4XsKLy/akelmrDjPzKYsFEpTbvJtorRtQn3tg0l gOsPDvIPTFuWS/8706AZZFn7bYjWNJMfOOjjtvugK+AJYTNT1gBU1AIWUYJooqwA OOf60sjX79fmqFLoV9IU1JPWlbZrDOkIxS2a7VbH/9B5VaGfq6bGGKtsDOPQk+4o oR5NQdOguQ8xyWXhCyJfwZbtozk90Ks5S8FP8Zlsoj1u/E1yePsgk3DCZLWpUkbH oKI6TRxIooqy77k= =htX2 -END PGP SIGNATURE-
Bug#853248: docker.io: cannot be purged (at least not on first try)
Package: docker.io Version: 1.11.2~ds1-6 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I installed docker.io, installed one container, then tried to purge it, and it threw a ton of errors: Nuking /var/lib/docker ... (if this is wrong, press Ctrl+C NOW!) + sleep 10 + rm -rf /var/lib/docker rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/17bd2058e0c6500de157d98d3acd24c2033a5e235334f6c722f27de9726f24b5' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/f854eed3f31f47134fef808751b83e208f95c4713b1de46865eb6a04d8d39a0b' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/45dcb011776a42fec68ff77e92ef62fcebb136e763e55f581283bfe2569885cd' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/cff61050f95cf10dfd417e3d16db15904475761c2ac680514600ce60debfc418' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/32bfc43e8cd071561ebfd18759a1ba0a6537588d78560ae3eeb9780bdbf78449' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/7d0f8d237cfac29c1bf6f6c59b383c8cddfd3a023fe7a6399addfb730db870e9' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/5e56d9aa249a35a3c0e80c20ed350e101222dd581ffaf753b647aeee8384a057' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/565ab17724c2e6864440eac46c0051057b4eaeddc1e50186151c7e5b3f1aa49f' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/5463bb1e44b7c9947094f55bc6a57f010cadd88d3ff18c85b5bf91ac6e4e161c' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/1ae32dcf02f3df40c2c4c00db37b4c1a97bd102f360384f331a9987a0deb4372-init' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/1ae32dcf02f3df40c2c4c00db37b4c1a97bd102f360384f331a9987a0deb4372' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/4a5d314da2f1afddf4b273ba1aa0f96e5cba71c1db3a0849c39ee249ba88cfe3-init' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/4a5d314da2f1afddf4b273ba1aa0f96e5cba71c1db3a0849c39ee249ba88cfe3' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/2f77df1fc8fb25a943b8239a4cf23978fc2a925e4064f4fb34f29550ac6b5cec' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/6c014eb5592de9fc5c761369114f243f265d1a4301abe28dd967b6899a6ad32a' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/3ec8ac286040fdbe70b1d82bbc2262220af18f25cbb3f1e536cf2b5ccb6ad59e' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/e9613fa25d1f2c84590a942fbba2a5a8ca73616d1f23964509fbf643fe7af9c2' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/05ff0430528877b3fa5d0d0bb4e170947c96b1bb894fd932716f8d37206beee5' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/0b7503d21eb2c3074bb7b2e53ab5b267732636cc8883f620fdb19fed60705fae-init' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/0b7503d21eb2c3074bb7b2e53ab5b267732636cc8883f620fdb19fed60705fae' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/3f0d3d140ce1aca1e2877e6efded1031f015be66bb82add6dece45230022abe1' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/651c590d0c6c45a3a284e2ad35ada6951e8fc58a5fa1fbb6efad2603a8543a93' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/3b6b17a52d8f4a9e898a83bdf548ef05717ffa58d8aa8caf7af03b7a7142a58a' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/f638cdc7ff61328c43d4f95aa3ee5f7f0ad19c4203a3199c141abf6a94854f18' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/02ae34a9a927ca609e9a97869ae66036cd1e260f5668c5f892e81bdf57953ae8' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/31d21807cbda6d21c7406e2dd11760f17482a92a11e879d13692c4f1b6fe9f0f' ist nicht möglich: Die Operation ist nicht erlaubt rm: das Entfernen von '/var/lib/docker/btrfs/subvolumes/963cde303511ab74c22a14
Bug#852557: Acknowledgement (bucklespring: FTBFS on non-linux architectures)
Control: severity -1 normal Not RC because no supported architectures. -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#852557: bucklespring: FTBFS on non-linux architectures
Source: bucklespring Version: 1.4.0-1 Severity: serious Tags: upstream Justification: fails to build from source (but built successfully in the past) Control: forwarded -1 https://github.com/zevv/bucklespring/issues/44 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 bucklespring only implements the scan() function for Windows, macOS and Linux, which means the package cannot build on non-linux architectures in Debian: gcc -o buckle main.o scan-linux.o scan-windows.o scan-mac.o -fPIE -pie -Wl,-z,relro -Wl,-z,now -g -lalure -lopenal -lXtst -lX11 main.o: In function ain': ./main.c:143: undefined reference to can' ./main.c:109: undefined reference to en_console' collect2: error: ld returned 1 exit status - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/lksh Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAliIqxsxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbgJQ/+O/PjLJByqdSR9BW30a31EXP6y8io I/pslikalBgjxdq/+WwaJiQzOI+sr38tMxHqC02YyxK2MuKBVieIIgUc5sEu71Z2 rKIL2pKPXdKsHkqE4IUASCOlrKK4Y14lHe3WvA7RDuk1HTWKcbRyGoCjqoflZVaq LlXk1WVdAIPkWSM4fR9O1NieQWcniu0F1iwtYd6W9tZIkhJnlG0+XYHLlpq+kUwN 6M+KSbwbG3b+UKdaq2wH+aCe3FINK4Ueu28iwdkgmK3C4laF9WWYZ09nDZ24yWUD XLOIcoAuqqWsCftJQGAEY+cCNF3y9EjI8kFdcqEWV0pKRCoeECmteBQuPevRtWWK IPeMp4UkF/pCTYiSD2lydfARk0c01IHSaOyfgZXuP1Y0uSK5PTEfqsjJWGDEKoPd oKo20bn/wCgp9y9AlyPvDn5P6xMdt3+AORQ+TiTkMH1lOEfsKe0+83YujMpepB/M cRJDKVH0CvtQ/ZbSW4l/F2ZfVuG8zPv3S8FhTvSPjzIAqZ5OUJYu6xzXckURR9m2 EKx7BH+lqsd0VJ5R8tWLQi+YJorcyexrfLYHehEtG4Vb5kFVn1ZvSvTrKpySMbdb 8oNNZFPg1QLeN6m2V7EEKf2bF0nqEncBfRakTSDcTaVuvanW7ETOiaZ7tJ8DdjZS uDVgNqwsZhGoW9I= =awqR -END PGP SIGNATURE-
Bug#848287: marked as pending
tag 848287 pending thanks Hello, Bug #848287 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=python-modules/packages/python-testing.mysqld.git;a=commitdiff;h=027f21f --- commit 027f21f157c3af9601fd743430d151b5a2372001 Author: Dominik George Date: Wed Jan 25 14:12:34 2017 +0100 dch -i. diff --git a/debian/changelog b/debian/changelog index b5247fb..fe1935f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +python-testing.mysqld (1.4.0-2) unstable; urgency=medium + + * Build-Depend / Depend on default-mysql-server. (Closes: #848287) ++ Now works with MariaDB. ++ Does not depend on mysql-client anymore. + + -- Dominik George Wed, 25 Jan 2017 14:11:07 +0100 + python-testing.mysqld (1.4.0-1) unstable; urgency=low * Initial release. (Closes: #838581)
Bug#734101: Info received (libjs-jquery-mobile: New Release)
I am working on fixing this in time for the freeze. -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#848287: Fwd: osmalchemy is marked for autoremoval from testing
Hi, obviously, you raised the severity of the bug mentioned below to serious without providing any justification. I am still waiting for… …some official decision that this huge change will be made during the freeze without a transition, …the MySQL/MariaDB maintainers to fix their packages. Concerning the latter, both upstream mariadb and the maintainers here claim that mariadb is a drop-in replacement for mysql, but it turns out it isn't as they decided to change the default behaviour in a very incompatible way. The maintainers do not appear to be able to advise others on the unadvertised breakage they created by crippling the UNIX socket in mariadb by default. Right now, dropping MySQL support everywhere seems to be the only viable solution. Do we need the tech-ctte to get this settled? Cheers, Nik Ursprüngliche Nachricht Von: Debian testing autoremoval watch Gesendet: 12. Januar 2017 05:39:08 MEZ An: osmalch...@packages.debian.org Betreff: osmalchemy is marked for autoremoval from testing osmalchemy 0.1.+2-2 is marked for autoremoval from testing on 2017-02-10 It (build-)depends on packages with these RC bugs: 848287: python-testing.mysqld: (build-)depends on mysql-{client,server}
Bug#850317: reportbug: crashes when attaching a .tar.gz
Package: reportbug Version: 7.1.2 Severity: grave Justification: causes non-serious data loss -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 When attaching a gzip'ed tarball to a bug report, reportbug crashes without writing the drafted bug report anywhere: application/gzip; charset=binary Traceback (most recent call last): File "/usr/bin/reportbug", line 2233, in main() File "/usr/bin/reportbug", line 1107, in main return iface.user_interface() File "/usr/bin/reportbug", line 2224, in user_interface self.options.envelopefrom) File "/usr/lib/python3/dist-packages/reportbug/submit.py", line 209, in send_report (message, failed) = mime_attach(body, attachments, charset, body_charset) File "/usr/lib/python3/dist-packages/reportbug/submit.py", line 177, in mime_attach email.Encoders.encode_base64(part) AttributeError: module 'email' has no attribute 'Encoders' - -- Package-specific info: ** Environment settings: EDITOR="jupp" PAGER="less" DEBEMAIL="n...@naturalnet.de" DEBFULLNAME="Dominik George" INTERFACE="text" ** /home/nik/.reportbugrc: reportbug_version "6.4.3" mode advanced ui text realname "Dominik George" email "n...@naturalnet.de" smtphost "shore.naturalnet.de:587" smtpuser "nik" smtptls - -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/lksh Init: systemd (via /run/systemd/system) Versions of packages reportbug depends on: ii apt1.4~beta2 ii python3-reportbug 7.1.2 pn python3:any reportbug recommends no packages. Versions of packages reportbug suggests: pn claws-mail ii debconf-utils 1.5.59 pn debsums pn dlocate ii emacs24-bin-common 24.5+1-7.1 ii file1:5.29-2 ii gir1.2-gtk-3.0 3.22.5-1 ii gir1.2-vte-2.91 0.46.1-1 ii gnupg 2.1.17-2 ii postfix [mail-transport-agent] 3.1.3-6 ii python3-gi 3.22.0-2 pn python3-gtkspellcheck pn python3-urwid ii xdg-utils 1.1.1-1 Versions of packages python3-reportbug depends on: ii apt1.4~beta2 ii file 1:5.29-2 ii python3-debian 0.1.29 ii python3-debianbts 2.6.1 ii python3-requests 2.12.4-1 pn python3:any python3-reportbug suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlhususxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbruhAAhPRFobJ3P2swV99KSKB1Fwhk/NhW 0z1Jk3tFJEj7IqMkuemNzurWBfMOiOgyGqblPBzkaoAavrkMlI38isbpP/cBoI/4 4/q6T4Ou7DogHkXCeENm3C7JKfuLX7I0PLrZV4sWnasQxK5IFKLI5amc8vnipSmF k1ls1MQrEe5nGA480Qqa19BXWxfkbVFIGndxKFFdMf+NtbuWk5FWdR7gbsB/Pz66 3hbinSuVUH166x3qAlSXheUPV3zWhhVNZ+CM++7ixqR7UA7khjn9peYDr8VWQQ6J 574tKH5Kw3467mw9HANFBoPuEqWA/xlnYFbmxVS3OVD1dKmUK1GFXlx1teZOcjK6 FAzCEIBWk6qUGsOXeglfhS2D6IHa9E6nQbT9GYeMRy/ApL71Xf8mu1eLNPPOFFem m9B4yp4RXu4K1Xuhfn/zuIahRY85e+rZ0trtLjV8+/IQlzjPtbYvlR8von9ngYZ/ mG5QkpOWznHHmowvScPUoJMoGuNgDRanRO8HJFhf018VoEadfAaUWd7zMw49JdYj IphpH/bedoCMqc6b+0kySLoD/npKivku50LQyg6bGMHuPX2c4Lb746/1+kU8RiI8 Ry6yTjtyAKVSVdKMKQhBxB08nPJ+OE9t7MIWDTfuw64wkhDl2X5AJKcIDyUsr01B Gm6doB3yOAIZXC8= =3Abt -END PGP SIGNATURE-
Bug#849958: openmolar: Does not start; missing QtWebkit
Package: openmolar Version: 0.6.2-2 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Traceback (most recent call last): File "/usr/bin/openmolar", line 30, in main.run() File "/usr/share/openmolar/openmolar/main.py", line 122, in run chosen_func() File "/usr/share/openmolar/openmolar/main.py", line 65, in main from openmolar.qt4gui import maingui File "/usr/share/openmolar/openmolar/qt4gui/maingui.py", line 49, in from openmolar.qt4gui.fees import fees_module File "/usr/share/openmolar/openmolar/qt4gui/fees/fees_module.py", line 49, in from openmolar.qt4gui.printing import om_printing File "/usr/share/openmolar/openmolar/qt4gui/printing/om_printing.py", line 63, in from openmolar.qt4gui.dialogs.print_record_dialog import PrintRecordDialog File "/usr/share/openmolar/openmolar/qt4gui/dialogs/print_record_dialog.py", line 26, in from PyQt4 import QtGui, QtCore, QtWebKit ImportError: cannot import name QtWebKit I also cannot find QtWebkit from PyQt4 for Python 2 in Debian. - -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/lksh Init: systemd (via /run/systemd/system) Versions of packages openmolar depends on: ii python 2.7.13-1 ii python-mysqldb 1.3.7-1+b1 ii python-qscintilla2 2.9.3+dfsg-4 ii python-qt4 4.11.4+dfsg-2 pn python:any ii xdg-utils 1.1.1-1 openmolar recommends no packages. Versions of packages openmolar suggests: pn mysql-server | mariadb-server - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlhqhL0xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pblQRAAoWuhLnQwud7CUzVh2t9nFtKFaWFR ZGbSNj2qGZmh6AK3uRmKTycstXORY5v7Em2B9FCausjKxhdcXagiOpSAxwxw+YHv AfNE1qrPlLqVC3Y0obE5tCsbw4tpDHQ6eHB2zzSTeJwNJSZvZ1SNG3FH1C+BBllh uRZ3uAVQHG1ZSWIwR5HkQlGLrOIChhGVtRhxJwC0BOMjBp88tl573fQw2HjKKMwn 2uX+OrKN5XjgQmnRRfieP03yQEVhWJx1nJz0sXFGje9R685Z/VUJoUzXuYS20pr8 XDLSo3/IMARxfHAy6m12SyWLwvMkMjj7UhsfzBMLN0N2MVKwB+D/i3xHq27azRwQ FWQEZGrdspGdbW8CY+tcdaw0op4rBtlLVXHaAFsQlqcOjx020i0uNkw3B1pDltaH hTeubUw//yxx4kQCwhFLy2oZnH+mxBGSWZLVy7briz26Udo0UfywP9Ka20R1PUuc AkzdfZkQq3J3KxZFj9o+0r4R4UjtqE+zqDlpcZ2naT+wynAG/IlQBQ6501v6zAxO Ldjn38u5dwEuR6IEaAh4HLGW2R8ABeRvVRWCdPUZCIFK9oMh7iitJbtu+86qUkn/ WSRr8ZJyKRUVT5E+6oxs7WwUk59vXlw1zItWnzSJwiRMuj62ecEXIu/AUEVW1CI8 e+mz3luLiQnS0uY= =tZjD -END PGP SIGNATURE-
Bug#848287: python-testing.mysqld: (build-)depends on mysql-{client,server}
Control: severity -1 important Hi, > We're aiming at dropping mysql from testing/stretch because of concerns from > the > security team. See email threads in debian-release@ and pkg-mysql-maint@. ok, that changes things. It's very unfortunate that this was not really announced anywhere. Still, lowering severity as this, per se, is not an RC bug. This package depends on mysql-server, and this is reality, and there is nothing that prevents it from doing so if it does for a good reason. In the case that mysql-server is removed from testing, so will this package, anyway. I am trying to port it to mariadb, though. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#848287: python-testing.mysqld: (build-)depends on mysql-{client,server}
Hi, > You should have kept me in Cc if you wanted me to see your reply and have a > chance to reply. sorry, I just cannot remember that the Debian BTS does not automatically notify the submitter ☹. So, I have several problems: * I cannot find the formal transition for this. * I cannot see that mysql-server will be removed from stretch. As a matter of sad fact, testing.mysqld does not work with mariadb right now. What is wrong with depending on mysql-server, given that mysql-server will still exist although mariadb will become the default? -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#848287: python-testing.mysqld: (build-)depends on mysql-{client,server}
Control: severity -1 important Hi, > Your package (build-)depends on mysql-server/client. Since we're > transitioning to mariadb as the default mysql provider, you should > switch your build dependencies and dependencies to something like: > > default-mysql-server | virtual-mysql-server, default-mysql-client | > virtual-mysql-client > > I have seen in your override that you have forwarded this upstream. > I am filing this anyway to keep track of this along with the rest of the > packages. Lowering priority to important (you said "should"). As we are in a transition freeze and nothing along that lines will happen to stretch, I do not see why this should remove python-testing.mysqld and all packages that depend on it from testing. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#849022: trac-accountmanager: does not work with Trac >= 1.1
Package: trac-accountmanager Version: 0.4.4-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This version of the plugin does not work with the new DB API in Trac 1.1. See https://trac-hacks.org/ticket/11915 -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlha8f8xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZnZA/+NQcXF0H5Fq8uCQ+0NzxWxynhTGYu cC37RxtnsGLT56W/BhHf3TkfKUOgtTCQkxoQN+GhNFHAcDRhS+7lN1Xa9UC3vzUq kPtMphMfNJxr9goRmOoTQQTIYzVtsJunK/0uNDJ5QbHRgWfj6Lnvp+YyiEdqVTs/ j7sc1IYkDrtaiVCCWV9ETFPwbE3EZ0dbzeGL/6ut+v4bBWFffIk+9baTF58D0Pg2 JZU3hl0aJbM88lWl3lKf7YE1t/PV1dT8F4IYW5+f0VsHKnvZsqFNObNhTy6Rmmjy l6GMLkE0c7oaNVrtkKnFtaBP5jqBDO7IeG7nSb7cFFKj0aZpVW4AJlv11xf77Gh4 8AatkVhl7eiiZgBImEbuUcn66izxezi3vWCssYlFVC5AWyGDsrZ/0iT+6w0eBleO UcHn2DsseynbcgJLGYQV44cqwEdsxCmIhIeOpwkgANsWcqzpdV7vhAJrKJMJ6GRP 5exgFlVCJrw/9OdmSYmLz402HemyYv8Id/CsppfV/w9Nrg/cciGQIY9Ro4aqoCRx SLqzNtEX9rm2g/YwETZRQB+T1VBH8Xtaf1Th/maf2iG38GQVRfSdBlaC6UiReho9 +Juo1QsgUOSWcNwdokdHpJXPbqHXYZpFc6XKMKGPWZNW2bAv4QeX4rVyeGY9jqHk cPY5RUsRPjReynM= =wcVj -END PGP SIGNATURE-
Bug#846160: marked as pending
tag 846160 pending thanks Hello, Bug #846160 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=pkg-remote/packages/xrdp.git;a=commitdiff;h=afd0706 --- commit afd070691d2e7d2ec9032896a173d36493d3f75b Author: Dominik George Date: Mon Nov 28 21:05:16 2016 +0100 Remove X log redirection. diff --git a/debian/changelog b/debian/changelog index 66d3d2e..38f5b16 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +xrdp (0.9.1~20161126+git589b29f-2) UNRELEASED; urgency=medium + + * Remove X log redirection to /dev/null. (Closes: #846160) + + -- Dominik George Mon, 28 Nov 2016 20:52:06 +0100 + xrdp (0.9.1~20161126+git589b29f-1) unstable; urgency=medium * New upstream commit picked.
Bug#841726: ipython3: importing something from ipython has side effects
> There's no need to check this specific instance, it's just one example of a > potential side-effects that mean importing everything is, alas, by design > broken. Don't forget all the other import-time monkey-patching, etc. too. Totally agreed. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Contributor LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#841726: Acknowledgement (ipython3: importing something from ipython has side effects)
Control: reassign -1 python3-ipdb 0.10.1-1 Oh, I was actually wrong in that this is IPython's mistake… The root cause is ipdb, which causes misbehaviour in both the core interpreter and IPython ;)! Sorry, IPython. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Contributor LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#841726: ipython3: importing something from ipython has side effects
Hi, > > Besides speech-dispatcher, against which I also reported a bug, I do not > > have any packages on my system that show such behaviour. > > Oh, really? But surely some of them adjust sys.path (probably the most > common?) as well as importing shared libraries and running stuff like > ``apt_pkg.init_config()``. > > The side-effects might be more subtle but they are still, alas, side- > effects. Yep. That's not good either, but it doesn't make unrelated software, let alone the core interpreter, misbehave (i.e. take control from it). I wouldn't open an RC bug against python-apt because it calls init_config(), but I did against speech-dispatcher because it configures argparse and consumes sys.args and I did against ipython bacause it takes control over parts of the core interpreter. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Contributor LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#841726: ipython3: importing something from ipython has side effects
> Not at all. This is the only way to get a list of all available Python > packages, and it is even what core Python's help("modules") does. And no, I do not like that either ☹. But it's a matter of sad fact. -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Contributor LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#841726: ipython3: importing something from ipython has side effects
Hi, > Many, many Python packages have import-time side-effects that are > far more suble than this. Whilst this a regrettable state of affairs, > fixing them all is just not possible anymore. Well, this bug report is about this specific bug, not all bugs of this kind. > > A script that imports all packages installed on a system as you > suggest seems to be the problem, rather than ipython itself. Not at all. This is the only way to get a list of all available Python packages, and it is even what core Python's help("modules") does. So, when ipython is installed, running help("modules") in a pure python3 interpreter modifes the execution environment for good, in such a way that it drops to an IPython shell at any point as it likes. Besides speech-dispatcher, against which I also reported a bug, I do not have any packages on my system that show such behaviour. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Contributor LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature