Bug#886861: ring: abort with assertion failed: (_gtk_rbtree_is_nil (tree->root))

[Petter Reinholdtsen]

This issue is very annoying.  Is there anything that can be done to
avoid the crash?  Is there something wrong with my phone book I can
change.

-- 
Happy hacking
Petter Reinholdtsen

Bug#891882: (no subject)

[Patrick Brunschwig]

I will add the following default preference in Enigmail:

pref("extensions.enigmail.pEpAutoDownload", true);

If the value is set to false, then Enigmail will not attempt to download
pEp at all.

Bug#890944: new packages should not receive emails before email alias is created

[Luca Falavigna]

Hi Raphaël,

2018-03-04 21:15 GMT+01:00 Raphael Hertzog :
> No, @packages.qa.debian.org never forwarded to
> @packages.debian.org. It's the other way around.

Ah, noted. Thanks for clarifying.

> It works for whatever you want. Ansgar asked me a few questions on
> this topic recently and he said that DAK was already mailing the
> maintainer directly so he would certainly just mail the maintainer +
> dispatch@tracker.d.o in all cases and never use
> @packages.debian.org.

OK. Can you please indicate which header is used to reference the
source package when sending mails to dispatch@tracker.d.o? I suppose
dak is already generating it anyway, but double-checking won't hurt
:-)

-- 
Cheers,
Luca

Bug#879751: [PATCH] init scripts: Do not kill per-domain qemu processes.

[Kojedzinszky Richárd]

Dear Ian,

For some reason, I've missed your reply. We are using the scripts with the 
same two lines removed, and I can confirm it works as expected, a simple 
upgrade now will not stop existing, running qemu processes.


Thanks for your efforts.

Regards,
Kojedzinszky Richárd
Euronet Magyarorszag Informatika Zrt.

On Fri, 23 Feb 2018, Ian Jackson wrote:


Date: Fri, 23 Feb 2018 17:11:12 +
From: Ian Jackson 
To: Kojedzinszky Richárd 
Cc: 879...@bugs.debian.org
Subject: Re: [PATCH] init scripts: Do not kill per-domain qemu processes.

Richard, thanks for your perseverence.
Can you please test the patch I have just sent to the bug ?

You should be able to
 patch <0001-init-scripts-Do-not-kill-per-domain-qemu-processes.patch 
/etc/init.d/xen

It WFM.  That is, I checked that it kills the global qemu but leaves
a domU one alone.

I am considering shipping this change in a stable update for Xen 4.8.

Ian.

Bug#892084: dosfstools: fsck.vfat crashes or hangs when processing corrupted filesystems

[Lionel Debroux]

Package: dosfstools
Version: 4.1-1
Severity: normal

Dear Maintainer,

In late 2017 and early 2018, I used afl to stress test fsck.vfat 
from the latest dosfstools release.

The unwanted outcome was a bunch of crashes, caused by e.g. 32-byte 
OOB writes on the heap. They're caused by memset, and all occurrences 
of memset in the source package use a value of zero, so I don't know 
how this particular issue could be exploitable beyond DoS.
These OOB writes are still worth fixing nevertheless, even if caused 
by nonsensical data.

I sent you an e-mail to your maintainer address on December 24th, 
2017. Some samples were attached. I sent another e-mail on February 
19th, mentioning more issues (e.g. a hang for 3+ minutes) but without 
sending new samples, and I didn't receive a reply either.
No fixes have appeared in the Git repo on Github since the end of 
December.
I know that e-mails can get lost in delivery somewhere, it's already 
happened to me during conversations with the upstream maintainers of 
some libraries / programs proved buggy by zzuf, afl or honggfuzz...


Regards,
Lionel Debroux.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf, armel, arm64, mips

Kernel: Linux 4.14.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dosfstools depends on:
ii  libc6 2.27-1
ii  libudev1  237-4

dosfstools recommends no packages.

dosfstools suggests no packages.

-- no debconf information

Bug#887413: [pkg-dhcp-devel] Bug#891786: isc-dhcp: diff for NMU version 4.3.5-3.1

[Salvatore Bonaccorso]

Hi Mike,

On Sun, Mar 04, 2018 at 04:47:10PM -0500, Michael Gilbert wrote:
> On Sun, Mar 4, 2018 at 3:44 PM, Salvatore Bonaccorso wrote:
> > I've prepared an NMU for isc-dhcp (versioned as 4.3.5-3.1) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I
> > should delay it longer.
> 
> Hi Salvatore,
> 
> Some meaningless whitespace is touched, but otherwise your patches
> look correct.  Please feel free to remove the delay.

Thank you, I rescheduled it!

Regards,
Salvatore

Bug#818759: network-manager-gnome: Unencrypted private Keys are insecure

[Andrei Audzei]

Sorry, bit of info about versions


network-manager/stable,now 1.6.2-3 amd64 [installed]
network-manager-gnome/stable,now 1.4.4-1 amd64 [installed]


On Mon, 5 Mar 2018 01:19:56 -0500 Andrei Audzei 
wrote:
> I have the same message when I try to use encrypted user key for wifi
> connection (TLS, WPA & WPA2 Enterprise).
>
> I found a mention about fresh same issue on
>
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1339607?comments=all
,
> and one point of last (#16) comment can be a  root of trouble.
>
> On my laptop I use full disk encryption LVM. So, I moved my protected key
> to mounted USB flash - and wifi connection works fine! I think, that
> problem in disk encryption. Can you approve this and fix it?

Bug#818759: network-manager-gnome: Unencrypted private Keys are insecure

[Andrei Audzei]

I have the same message when I try to use encrypted user key for wifi
connection (TLS, WPA & WPA2 Enterprise).

I found a mention about fresh same issue on
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1339607?comments=all,
and one point of last (#16) comment can be a  root of trouble.

On my laptop I use full disk encryption LVM. So, I moved my protected key
to mounted USB flash - and wifi connection works fine! I think, that
problem in disk encryption. Can you approve this and fix it?

Bug#864388: pulseaudio: Regression - sound audibly distorted for Creative Soundblaster Live

[Peter Tuharsky]

Package: pulseaudio
Version: 10.0-1+deb9u1
Followup-For: Bug #864388

The bug is also present on external USB 24-bit soundcard Creative Soundblaster
Audigy NX 2 (SB0300).



-- Package-specific info:
File '/etc/default/pulseaudio' does not exist


-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=sk_SK.UTF-8, LC_CTYPE=sk_SK.UTF-8 (charmap=UTF-8), 
LANGUAGE=sk_SK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pulseaudio depends on:
ii  adduser  3.115
ii  libasound2   1.1.3-5
ii  libasound2-plugins   1:1.1.4-dmo1
ii  libc62.24-11+deb9u1
ii  libcap2  1:2.25-1
ii  libdbus-1-3  1.10.24-0+deb9u1
ii  libgcc1  1:6.3.0-18+deb9u1
ii  libice6  2:1.0.9-2
ii  libltdl7 2.4.6-2
ii  liborc-0.4-0 1:0.4.26-2
ii  libpulse010.0-1+deb9u1
ii  libsm6   2:1.2.2-1+b3
ii  libsndfile1  1.0.27-3
ii  libsoxr0 0.1.2-2
ii  libspeexdsp1 1.2~rc1.2-1+b2
ii  libstdc++6   6.3.0-18+deb9u1
ii  libsystemd0  232-25+deb9u1
ii  libtdb1  1.3.11-2
ii  libudev1 232-25+deb9u1
ii  libwebrtc-audio-processing1  0.3-1
ii  libx11-6 2:1.6.4-3
ii  libx11-xcb1  2:1.6.4-3
ii  libxcb1  1.12-1
ii  libxtst6 2:1.2.3-1
ii  lsb-base 9.20161125
ii  pulseaudio-utils 10.0-1+deb9u1

Versions of packages pulseaudio recommends:
ii  rtkit  0.11-4+b1

Versions of packages pulseaudio suggests:
pn  paman
pn  paprefs  
pn  pavucontrol  
pn  pavumeter
ii  udev 232-25+deb9u1

-- no debconf information
# This file is part of PulseAudio.
#
# PulseAudio is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PulseAudio is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with PulseAudio; if not, see .

## Configuration file for PulseAudio clients. See pulse-client.conf(5) for
## more information. Default values are commented out.  Use either ; or # for
## commenting.

; default-sink =
; default-source =
; default-server =
; default-dbus-server =

; autospawn = yes
; daemon-binary = /usr/bin/pulseaudio
; extra-arguments = --log-target=syslog

; cookie-file =

; enable-shm = yes
; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 
MiB

; auto-connect-localhost = no
; auto-connect-display = no
# This file is part of PulseAudio.
#
# PulseAudio is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PulseAudio is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with PulseAudio; if not, see .

## Configuration file for the PulseAudio daemon. See pulse-daemon.conf(5) for
## more information. Default values are commented out.  Use either ; or # for
## commenting.

; daemonize = no
; fail = yes
; allow-module-loading = yes
; allow-exit = yes
; use-pid-file = yes
; system-instance = no
; local-server-type = user
; enable-shm = yes
; enable-memfd = yes
; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 
MiB
; lock-memory = no
; cpu-limit = no

; high-priority = yes
; nice-level = -11

; realtime-scheduling = yes
; realtime-priority = 5

; exit-idle-time = 20
; scache-idle-time = 20

; dl-search-path = (depends on architecture)

; load-default-script-file = yes
; default-script-file = /etc/pulse/default.pa

; log-target = auto
; log-level = notice
; log-meta = no
; log-time = no
; log-backtrace = 0

; resample-method = speex-float-1
; enable-remixing = yes
; enable-lfe-remixing = no
; lfe-crossover-freq = 0

; flat-volumes = yes

; rlimit-fsize = -1
; rlimit-data = -1
; 

Bug#880014: Call for Votes for new TC member

[Gunnar Wolf]

Didier 'OdyX' Raboud dijo [Sun, Mar 04, 2018 at 11:44:45AM +0100]:
> I call for votes on the following ballot to fill a vacant seat in the TC. The 
> voting period starts immediately and lasts for up to one week, or until the 
> outcome is no longer in doubt (§6.3.1).
> 
> ===BEGIN
> The Technical Committee recommends that Simon McVittie  be
> appointed by the Debian Project Leader to the Technical Committee.
> 
> S: Recommend to Appoint Simon McVittie 
> F: Further Discussion
> ===END

I vote:

S > F


signature.asc
Description: PGP signature

Bug#892083: smplayer: recodes filenames to wrong encoding

[Oleg Broytman]

Package: smplayer
Version: 16.11.0~ds0-1+deb9u1
Severity: normal
Tags: l10n

Dear Maintainer, for many years I was using smplayer quite happily,
thank you very much!

But recently I upgraded to Debian 9 stretch and now I have a problem
playing files where filename or path is in koi8-r encoding (I use
ru_RU.KOI8-R locale). When I try to play such a file smplayer reports
"Cannot start mpv". In the smplayer's log I see the file name/path
recoded to a wrong encoding. I'm not sure but it seems smplayer
re-encodes file paths from the current locale to utf-8 and pass the
re-encoded name to mpv, that what I suspect.

I experimented a bit and found smplayer plays files with utf-8 names
without a problem. For many reasons I don't want to recode my file/dir
names and switch to utf-8. So now I have to play files directly with
mpv.

I don't know if it's Debian-specific or upstream bug.

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-6-686-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R), LANGUAGE=C 
(charmap=KOI8-R)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages smplayer depends on:
ii  libc6 2.24-11+deb9u1
ii  libgcc1   1:6.3.0-18+deb9u1
ii  libgl1-mesa-glx [libgl1]  13.0.6-1+b2
ii  libqt5core5a  5.7.1+dfsg-3+b1
ii  libqt5dbus5   5.7.1+dfsg-3+b1
ii  libqt5gui55.7.1+dfsg-3+b1
ii  libqt5network55.7.1+dfsg-3+b1
ii  libqt5script5 5.7.1~20161021+dfsg-2
ii  libqt5widgets55.7.1+dfsg-3+b1
ii  libqt5xml55.7.1+dfsg-3+b1
ii  libstdc++66.3.0-18+deb9u1
ii  libx11-6  2:1.6.4-3
ii  libxext6  2:1.3.3-1+b2
ii  mpv   1:0.27.2-dmo1+deb9u1
ii  zlib1g1:1.2.8.dfsg-5

Versions of packages smplayer recommends:
pn  smplayer-l10n
pn  smplayer-themes  

smplayer suggests no packages.

-- no debconf information

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.

Bug#452035: Please reconsider this issue

[Russell Coker]

https://etbe.coker.com.au/2018/03/05/compromised-guest-account/

I just had one of my systems compromised.  While I did stuff up, if the 
default had been to have AllowUsers I would have set it to only allow desired 
ssh users and everything would have been fine.

I suggest that the default configuration should only allow root logins (which 
by default means public key access as the default is to not allow root login 
with password).  That gives the minimal useful functionality and it's not 
difficult to figure out which field to edit to add more users if desired.

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/

Bug#842926: musescore: Segment violation when Musescore opens with wizard (start center) active

[Thorsten Glaser]

retitle 842926 musescore: Segment violation when Musescore opens with wizard 
(start center) active
thanks

Hi,

does this still occur?

If so, I have a hunch that this will be fixed
in 2.2~pre20180302+dfsg1-1 (which will be uploaded
after ftpmaster process the other two NEW packages).

If not, please close the bug ;-)

Thanks,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Bug#892082: debian-installer: PCMCIA cards not assigned resources on DELL Latitude CPx J650GT

[Selina Gross]

Package: debian-installer
Version: debian-9.3.0-i386-netinst.iso
Severity: normal

Dear Maintainer,

trying to install using the network installer CD, it fails autodetecting the 
network card. The NIC cannot be manually detected either using the F2 console 
of the installer, as it does not get assigned resources.

The problem appears to be specific to this laptop, since the same installer CD 
works flawlessly on another (newer) laptop using the same NIC.
Possibly the issue relates to the PCMCIA bridge (lspci reports it as):

00:03.0 CardBus bridge: Texas Instruments PCI1225 (rev 01)
00:03.1 CardBus bridge: Texas Instruments PCI1225 (rev 01)

Maybe the issue appears only in conjunction with 5V 16 bit cards (I have no 
others to test).


Observations:
The driver "yenta_socket" gets loaded and assigns an IRQ (IRQ 11 in this case) 
to the bridge itself, which then correctly reports that cards are inserted.

Then, however, nothing is done about the cards, IOW, there is no indication in 
e.g. dmesg that they are assigned resources.

Network card detection then fails to find the NIC (but other cards, like a 
modem aren't assigned resources either). The driver (pcnet_cs in this case) can 
be modprobed manually and loads, but does not work either.

Unloading and re-loading the pcmcia, yenta etc. modules does not change this 
behaviour, nor does forcing yenta_socket to ignore the BIOS settings, or 
removing and re-inserting the cards.

Upgrading the BIOS to the latest version (V16 from 2003) did not change this, 
either.

After completing the installation without network access, when the resulting 
minimal system boots, the cards do get properly initialized, assigned 
resources, and are then detected normally by pcnet_cs (or the relevant drivers) 
and work normally. This suggests that the issue lies with the installer script 
and not with the drivers themselves.


Thank you for your continued efforts and kind regards!


-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-6-686-pae (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#875236: [x2goclient] Future Qt4 removal from Buster

[Boyuan Yang]

Hi Mike,

Recently I found that package x2goclient in Debian co-maintained by you is
affected by Qt4's removal currently. [1] Luckily, the packaging of
x2goclient is pretty
active and you are the latest packager.

We really want to remove Qt4 from Debian Buster and x2goclient seems to support
building against Qt5. Could you please consider switching to Qt5 in
the following
uploads so that we could move one step closer to Qt4 Removal?

If you encounter any difficulties with this migration, don't hesitate
to raise it up in this
bug report. [2]

Thanks!

--
Regards,
Boyuan Yang

[1] https://wiki.debian.org/Qt4Removal
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875236

Bug#891258: wvSummary Segmentation fault (core dumped) when ran on any supported file format.

[Paul Wise]

Control: severity -1 important
Control: forwarded -1 ircs://irc.gnome.org/abiword

On Fri, 23 Feb 2018 21:22:06 + Beau Moore wrote:

> Severity: grave
> Justification: renders package unusable

This is not the case since...

> When running wvSummary on any supported file format a Segmentaiton fault 
> occurs.

wvSummary is not the only program in wv and the other
programs do
not segfault on the same documents.

I've mentioned this bug on the abiword IRC channel but
I suggest that you file a bug in the upstream bugzilla:

https://www.abisource.com/support/bugs/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#891937: mailman3-suite: Hyperkitty tries to connect postgres on system using sqlite

[Markus Gschwendt]

cat /etc/mailman3/mailman3-suite.py

# This file is imported by the Mailman Suite. It is used to override
# the default settings from /usr/share/mailman3-suite/settings.py.

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '5S/5OIURrBJcaoB3xFK+lorJ+Rnb1GdTN3jVx9RGwKJZkjDz'

ADMINS = (
 ('Mailman Suite Admin', 'root@localhost'),
)

# Hosts/domain names that are valid for this site; required if DEBUG is
False
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
# Set to '*' per default in the Deian package to allow all hostnames.
Mailman3
# is meant to run behind a webserver reverse proxy anyway.
ALLOWED_HOSTS = [
#"localhost",  # Archiving API from Mailman, keep it.
# "lists.your-domain.org",
# Add here all production URLs you may have.
'*'
]

# Mailman API credentials
MAILMAN_REST_API_URL = 'http://localhost:8001'
MAILMAN_REST_API_USER = 'restadmin'
MAILMAN_REST_API_PASS = 'x'
MAILMAN_ARCHIVER_KEY = 'x'
MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')

# Application definition

INSTALLED_APPS = (
'hyperkitty',
'postorius',
'django_mailman3',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'django_gravatar',
'paintstore',
'compressor',
'haystack',
'django_extensions',
'django_q',
'allauth',
'allauth.account',
'allauth.socialaccount',
#'django_mailman3.lib.auth.fedora',
#'allauth.socialaccount.providers.openid',
#'allauth.socialaccount.providers.github',
#'allauth.socialaccount.providers.gitlab',
#'allauth.socialaccount.providers.google',
#'allauth.socialaccount.providers.facebook',
#'allauth.socialaccount.providers.twitter',
#'allauth.socialaccount.providers.stackexchange',
)


# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases

DATABASES = {
'default': {
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or
'oracle'.
'ENGINE': 'django.db.backends.sqlite3',
#'ENGINE': 'django.db.backends.postgresql_psycopg2',
#'ENGINE': 'django.db.backends.mysql',
# DB name or path to database file if using sqlite3.
'NAME': '/var/lib/mailman3/web/mailman3suite.db.db',
# The following settings are not used with sqlite3:
'USER': '',
'PASSWORD': '',
# HOST: empty for localhost through domain sockets or
'127.0.0.1' for
# localhost through TCP.
'HOST': '',
# PORT: set to empty string for default.
'PORT': '',
# OPTIONS: Extra parameters to use when connecting to the
database.
'OPTIONS': {
# Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
# https://docs.djangoproject.com/en/1.11/ref/
# databases/#setting-sql-mode
#'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
},
}
}


# If you're behind a proxy, use the X-Forwarded-Host header
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forward
ed-host
USE_X_FORWARDED_HOST = True

# And if your proxy does your SSL encoding for you, set
SECURE_PROXY_SSL_HEADER
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-
header
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')

# Other security settings
# SECURE_SSL_REDIRECT = True
# If you set SECURE_SSL_REDIRECT to True, make sure the
SECURE_REDIRECT_EXEMPT
# contains at least this line:
# SECURE_REDIRECT_EXEMPT = [
# "archives/api/mailman/.*",  # Request from Mailman.
# ]
# SESSION_COOKIE_SECURE = True
# SECURE_CONTENT_TYPE_NOSNIFF = True
# SECURE_BROWSER_XSS_FILTER = True
# CSRF_COOKIE_SECURE = True
# CSRF_COOKIE_HTTPONLY = True
# X_FRAME_OPTIONS = 'DENY'


# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True
USE_L10N = True
USE_TZ = True


# Set default domain for email addresses.
EMAILNAME = 'x.xx'

# If you enable internal authentication, this is the address that the
emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-emai
l
# DEFAULT_FROM_EMAIL = "mailing-li...@you-domain.org"
DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)

# If you enable email reporting for error messages, this is where those
emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVE

Bug#891881: mailman3-suite: On system using exim (no postfix install) the list create script tries to create postfix aliases

[Markus Gschwendt]

The problem exists even after a reboot.

If i run
grep postfix -r /etc/mailman3/
i get nothing back.

Bug#892077: rakarrack: Segfaults after jackd upgrade

[BenWiederhake.GitHub]

Hello,

my best guess is that in Looper.C:63, the access of the field `Ppreset` 
reads uninitialized memory.


Manual workaround: Add `Ppreset = 0;` at the top and hope that this 
value makes any sense.


Works for me.

Cheers,
Ben Wiederhake

Bug#892081: cuetag: does not support CUE files with BOM in the beginning

[Dmitry Eremin-Solenikov]

Package: cuetools
Version: 1.4.0-2+b1
Severity: normal

When running cuetag over a file with BOM characters in the beginning,
cuetag fails with following messages:

bad character '�'
bad character '�'
bad character '�'
bad character 'R'
bad character 'E'
bad character 'M'
24: syntax error
cueprint: error: unable to parse input file `foobar.cue'


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cuetools depends on:
ii  id3v2   0.1.12+dfsg-1
ii  libc6   2.26-6
ii  python-mutagen  1.38-1

Versions of packages cuetools recommends:
ii  flac  1.3.2-1
ii  vorbis-tools  1.4.0-10.1

cuetools suggests no packages.

-- no debconf information

Bug#892076: man-db: man doesn't show any pages, just empty screen and status line

[Colin Watson]

Control: retitle -1 man-db: fails to exec groff tools under seccomp on 
3.14.79-117 arm64 kernel

On Mon, Mar 05, 2018 at 12:11:48AM +0100, Erik Könnecke wrote:
> After the upgrade of the man-db package, man stopped showing man
> pages, only empty screen with the status line

Thanks for your report.  I have a few follow-up questions to try to
narrow this down:

 * Where exactly did you get this kernel from?  If you also know where I
   could find the source code for it, that would be helpful too.  The
   only place I could find any mention of this kernel version on the
   internet was an odroid repository that seems to be lacking source
   code (so may well be a GPL violation ...).

 * Does setting MAN_DISABLE_SECCOMP=1 in the environment work around the
   bug?  (I think it probably will, and I still want to investigate even
   if that's the case, but I need to make sure.)

 * The particular error here (EPERM from execve) is a strange symptom.
   Normally it only happens when trying to execute a set-id program
   under certain other conditions.  Could you please show me the output
   of "ls -l /usr/bin/preconv"?

 * It's possible that this particular error is happening partly because
   you're running the program under strace: sometimes debugging tools
   affect the outcome.  To make sure that I don't spend too much time
   getting confused by this possibility, could you please show me the
   full output of "PIPELINE_DEBUG=1 man --debug man" (not under strace)?

I may have further questions after this, but the above should let me
make a better guess as to what to ask next.

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]

Bug#892080: bash-completion: cvs log ($mode=log) case disappeared?

[Tim Connors]

Package: bash-completion
Version: 1:2.1-4.3
Severity: normal

I'm sure 'cvs log 

Bug#888531: transition: ruby2.5 - binNMU round #4

[Antonio Terceiro]

Hi,

I just uploaded ruby-defaults 1:2.5.0 making the switch in unstable.
Binaries should be available in a few hours from now.

Please binNMU the following packages:

broccoli-ruby
dislocker
geos
graphviz
kross-interpreters
libprelude
marisa
nbdkit
ngraph-gtk
notmuch
redland-bindings
rubyluabridge
ruby-standalone
subtle
subversion
treil
vim
vim-command-t

Pending:

obexftpneeds a fix to be released in gem2deb 0.38
uwsgi  #892074 [S  |  ] [src:uwsgi] uwsgi: FTBFS with ruby2.5 as default
weechat#892072 [S|+|  ] [src:weechat] weechat: build against ruby2.5


signature.asc
Description: PGP signature

Bug#892079: rakarrack: Cannot compile due to -Werror=format-security

[BenWiederhake.GitHub]

control: close -1
thanks

Hello,

I'm sorry, apparently this is already fixed in the actual current 
version.  It appears that the git repo is older than whatever apt-get 
source serves.


Cheers,
Ben Wiederhake

Bug#889668: Please install fstrim.timer (but disabled!)

[cruncher]

Package: util-linux
Version: 2.31.1-0.4
Followup-For: Bug #889668

Hi

Goal: Not running fstrim automatically

I have no idea how this is normally handled, but the fstrim.timer/service
should NOT be enabled by default (or at least use maybe /etc/default/fstrim to
have the setting unchanged after every update).

Right now i have to manually disable it after each update on every machine as
it is unneeded or even unwanted on some/most machines (useless on encrypted
ssds, even "harming" for the ssd and security).

Therefore it would be nice if we could have i.e. a settings file
like "/etc/default/fstrim" where we can set & let the settings there
permanently, or have a separate fstrim package (when package is installed
fstrim runs weekly, if not installed nothing happens).

Regards



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages util-linux depends on:
ii  fdisk  2.31.1-0.4
ii  libblkid1  2.31.1-0.4
ii  libc6  2.27-1
ii  libmount1  2.31.1-0.4
ii  libpam0g   1.1.8-3.7
ii  libselinux12.7-2+b1
ii  libsmartcols1  2.31.1-0.4
ii  libsystemd0237-4
ii  libtinfo5  6.1-1
ii  libudev1   237-4
ii  libuuid1   2.31.1-0.4
ii  zlib1g 1:1.2.8.dfsg-5

util-linux recommends no packages.

Versions of packages util-linux suggests:
ii  dosfstools  4.1-1
ii  kbd 2.0.4-2
ii  util-linux-locales  2.31.1-0.4

-- no debconf information

Bug#892079: rakarrack: Cannot compile due to -Werror=format-security

[Ben Wiederhake]

Package: rakarrack
Version: 0.6.1-4+b2
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Dear Maintainer,

tl;dr: Remove `-Werror`!

History: I'm trying to rebuild rakarrack (#892077), and write a lot about it
(#892078).

Steps to reproduce: Install dependencies, run your favorite package-building-
command.  This will eventually invoke:

cd src/
g++ -DHAVE_CONFIG_H -I. -I. -I.   -Wdate-time -D_FORTIFY_SOURCE=2
-Wall -msse2 -mfpmath=sse  -ffast-math -pipe  -fsigned-char
-I/usr/include/freetype2 -g -O2 -fdebug-prefix-
map=/home/eispin/workspace/rakarrack-rebuild/rakarrack=. -fstack-protector-
strong -Wformat -Werror=format-security -c -o rakarrack.o rakarrack.cxx

Expected behavior: execute successfully, just like all the other steps.

Actual behavior: Fails with the message:

rakarrack.cxx:22892:37: error: format not a string literal and no
format arguments [-Werror=format-security]
   ok=fl_choice(temp2,"No","Yes",NULL);
 ^
This bugreport and the following link to a blog post are good arguments to
disable `-Werror=` for this project.

http://blog.schmorp.de/2016-02-27-tidbits-for-the-love-of-god-dont-use-
werror.html

Manual workaround: I'll try to remove `-Werror=` from the Makefile, unless I
have to open more bugreports for this package.

Cheers,
Ben Wiederhake



-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500, 
'stable-debug'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rakarrack depends on:
ii  jackd 5
ii  libasound21.1.3-5
ii  libc6 2.26-6
ii  libfltk1.11.1.10-23
ii  libfontconfig12.12.6-0.1
ii  libfreetype6  2.8.1-2
ii  libgcc1   1:8-20180218-1
ii  libjack-jackd2-0 [libjack-0.125]  1.9.12~dfsg-2
ii  libsamplerate00.1.9-1
ii  libsndfile1   1.0.28-4
ii  libstdc++68-20180218-1
ii  libx11-6  2:1.6.4-3
ii  libxft2   2.3.2-1+b2
ii  libxpm4   1:3.5.12-1
ii  libxrender1   1:0.9.10-1
ii  zlib1g1:1.2.8.dfsg-5

rakarrack recommends no packages.

rakarrack suggests no packages.

-- no debconf information

Bug#892078: rakarrack: Forgotten build-dep: Needs dpatch

[Ben Wiederhake]

Package: rakarrack
Version: 0.6.1-4+b2
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Dear Maintainer,

tl;dr: Add 'dpatch' to Build-Depends or similar.

History: I wanted to rebuild rakarrack from source in order to debug a problem
(#892077).
I guess that once upon a time, having cdbs implied that dpatch is available,
too.  This is not true anymore.

Reproducible steps:
- New system, have build-essential, devscripts, and many others available.
- Download dependencies: `sudo apt-get build-dep rakarrack`
- Download sources: `apt-get source rakarrack` (in fact I cloned the git repo)
- Build binary: `fakeroot ./debian/rules binary`

Expected behavior: Creates binary
Actual behavior: Fails with `make: dpatch: Command not found`.

Cheers,
Ben Wiederhake



-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500, 
'stable-debug'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rakarrack depends on:
ii  jackd 5
ii  libasound21.1.3-5
ii  libc6 2.26-6
ii  libfltk1.11.1.10-23
ii  libfontconfig12.12.6-0.1
ii  libfreetype6  2.8.1-2
ii  libgcc1   1:8-20180218-1
ii  libjack-jackd2-0 [libjack-0.125]  1.9.12~dfsg-2
ii  libsamplerate00.1.9-1
ii  libsndfile1   1.0.28-4
ii  libstdc++68-20180218-1
ii  libx11-6  2:1.6.4-3
ii  libxft2   2.3.2-1+b2
ii  libxpm4   1:3.5.12-1
ii  libxrender1   1:0.9.10-1
ii  zlib1g1:1.2.8.dfsg-5

rakarrack recommends no packages.

rakarrack suggests no packages.

-- no debconf information

Bug#892077: rakarrack: Segfaults after jackd upgrade

[Ben Wiederhake]

Package: rakarrack
Version: 0.6.1-4+b2
Severity: important

Dear Maintainer,

tl;dr: rakarrack always and immediately segfaults.

History: Today I upgraded a lot of packages, including jack.
For some reason I restarted rakarrack, and now I cannot start it again.

Expected behavior: Open GUI and start work.
Actual behavior: Immediate Segfault on start.

My best guess is that some update to jack changed the ABI somewhere, and
rakarrack just needs to be re-built.  I have not tested this yet.

Backtrace: See below.

Cheers,
Ben Wiederhake


Backtrace:

(gdb) run
Starting program: /usr/bin/rakarrack
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

rakarrack 0.6.1 - Copyright (c) Josep Andreu - Ryan Billing - Douglas
McClendon - Arnout Engelen
Try 'rakarrack --help' for command-line options.
[New Thread 0x77fb2700 (LWP 26628)]
[New Thread 0x77f31700 (LWP 26629)]

Thread 1 "rakarrack" received signal SIGSEGV, Segmentation fault.
Looper::setpreset (this=this@entry=0x55aa1d50, npreset=-186351280) at
../../src/Looper.C:361
361 ../../src/Looper.C: Datei oder Verzeichnis nicht gefunden.
(gdb) thread apply all bt

Thread 3 (Thread 0x77f31700 (LWP 26629)):
#0  0x766a0d38 in __libc_read (fd=5, buf=0x77f30d40, nbytes=4)
at ../sysdeps/unix/sysv/linux/read.c:26
#1  0x75d459be in ?? () from /usr/lib/x86_64-linux-gnu/libjack.so.0
#2  0x75d48fc1 in ?? () from /usr/lib/x86_64-linux-gnu/libjack.so.0
#3  0x75d44756 in ?? () from /usr/lib/x86_64-linux-gnu/libjack.so.0
#4  0x7669751a in start_thread (arg=0x77f31700) at
pthread_create.c:465
#5  0x74b8c3ef in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x77fb2700 (LWP 26628)):
#0  0x7669d7fd in futex_wait_cancelable (private=,
expected=0, futex_word=0x55866b78)
at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x55866b20,
cond=0x55866b50) at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x55866b50, mutex=0x55866b20) at
pthread_cond_wait.c:655
#3  0x75d4511c in ?? () from /usr/lib/x86_64-linux-gnu/libjack.so.0
#4  0x75d3cd95 in ?? () from /usr/lib/x86_64-linux-gnu/libjack.so.0
#5  0x75d44756 in ?? () from /usr/lib/x86_64-linux-gnu/libjack.so.0
#6  0x7669751a in start_thread (arg=0x77fb2700) at
pthread_create.c:465
#7  0x74b8c3ef in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x77fb3740 (LWP 26624)):
#0  Looper::setpreset (this=this@entry=0x55aa1d50, npreset=-186351280)
at ../../src/Looper.C:361
#1  0x555ebdfa in Looper::Looper (this=0x55aa1d50,
efxoutl_=0x55866ba0, efxoutr_=0x55867bb0, size=1)
at ../../src/Looper.C:63
#2  0x555bf71e in RKR::RKR (this=0x7fee3600) at
../../src/process.C:270
#3  0x555699db in main (argc=1, argv=0x7fffe078) at
../../src/main.C:96
(gdb)



-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500, 
'stable-debug'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rakarrack depends on:
ii  jackd 5
ii  libasound21.1.3-5
ii  libc6 2.26-6
ii  libfltk1.11.1.10-23
ii  libfontconfig12.12.6-0.1
ii  libfreetype6  2.8.1-2
ii  libgcc1   1:8-20180218-1
ii  libjack-jackd2-0 [libjack-0.125]  1.9.12~dfsg-2
ii  libsamplerate00.1.9-1
ii  libsndfile1   1.0.28-4
ii  libstdc++68-20180218-1
ii  libx11-6  2:1.6.4-3
ii  libxft2   2.3.2-1+b2
ii  libxpm4   1:3.5.12-1
ii  libxrender1   1:0.9.10-1
ii  zlib1g1:1.2.8.dfsg-5

rakarrack recommends no packages.

rakarrack suggests no packages.

-- no debconf information

Bug#892075: RFS: pikopixel.app/1.0-b9a-1

[Yavor Doganov]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "pikopixel.app".

 * Package name: pikopixel.app
   Version : 1.0-b9a-1
   Upstream Author : Josh Freeman 
 * URL : http://twilightedge.com/mac/pikopixel/
 * License : AGPL-3+
   Section : gnustep

It builds this binary package:

pikopixel.app - Program to draw and edit pixel art images

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/pikopixel.app

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/p/pikopixel.app/pikopixel.app_1.0-b9a-1.dsc

Or clone the Git repository at:

  https://salsa.debian.org/gnustep-team/pikopixel.app

Changes since the last upload:

  * Team upload.
  * New upstream release.
  * Compress the upstream tarball.
  * debian/compat: Bump to 11.
  * debian/rules: Pass --sourcedirectory=PikoPixel to dh.  Remove optim
conditional definition, already defined in config.mk.  Enable all
hardening.
(override_dh_auto_build): Replace $(MAKE) with dh_auto_build.
(override_dh_link): Install the upstream .desktop file.
  * debian/control (Build-Depends): Require gnustep-make >= 2.7.0-3 for
the optim variable definition.  Bump debhelper to >= 11.
(Vcs-Git, Vcs-Browser): New fields.
(Standards-Version): Claim compliance with 4.1.3.
  * debian/patches/desktop-file.patch: New, fix some lintian warnings.
  * debian/patches/series: New file.
  * debian/docs: Delete, not necessary for README.Debian.

Bug#892074: uwsgi: FTBFS with ruby2.5 as default

[Antonio Terceiro]

Source: uwsgi
Version: 2.0.15-10.2
Severity: serious
Justification: fails to build from source

I am about to upload ruby-defaults to unstable, switching the default
Ruby to ruby2.5. With that in place, uwsgi fails to build from source
like this:

[...]
 CFLAGS="-g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" 
LDFLAGS="-Wl,-z,relro" python uwsgiconfig.py -v --plugin plugins/rack_ruby23 
debian/buildconf/uwsgi-plugin.ini rack_ruby23
using profile: debian/buildconf/uwsgi-plugin.ini
detected include path: ['/usr/lib/gcc/x86_64-linux-gnu/7/include', 
'/usr/local/include', '/usr/lib/gcc/x86_64-linux-gnu/7/include-fixed', 
'/usr/include/x86_64-linux-gnu', '/usr/include']
*** uWSGI building and linking plugin plugins/rack_ruby23 ***
Error: unable to find directory 'plugins/rack_ruby23'
make: *** [debian/rules:450: debian/stamp-uwsgi-plugin-rack-ruby2.3] Error 1
dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit 
status 2
[...]

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#892073: transition: poppler

[Emilio Pozuelo Monfort]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Control: tags -1 confirmed

Hi,

I started the poppler transition. It took me a while because the Qt 4
library got dropped in this release, and there were a few rdeps. Those
are fixed now, either by switching to Qt 5 or by dropping poppler support.

There's also the libpoppler SONAME bump. All rdeps build fine except for
pdf2djvu and xpdf. I'll file bugs for those.

Cheers,
Emilio

Bug#892072: weechat: build against ruby2.5

[Antonio Terceiro]

Source: weechat
Version: 1.9.1-1
Severity: serious
Justification: will FTBFS soon
Tags: patch

Hi,

I am about to upload ruby-defaults to unstable, switching the default
Ruby to ruby2.5, and ruby2.3 support will be removed right after that.
Please consider applying the attached patch, obtained from upstream.

Even better: please work with upstream to be able to build against the
default ruby, instead of hardcoding a list of ruby versions. Otherwise,
every time there is a Ruby transition, weechat will be a blocker.
Hunting down these issues is quite time consuming.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
From cb98f528301c422bdf990bdba1108e53a86ea4db Mon Sep 17 00:00:00 2001
From: Jakub Jirutka 
Date: Tue, 26 Dec 2017 18:30:18 +0100
Subject: [PATCH] core: add detection for Ruby 2.5

---
 cmake/FindRuby.cmake | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmake/FindRuby.cmake b/cmake/FindRuby.cmake
index 673dde716..49bce219a 100644
--- a/cmake/FindRuby.cmake
+++ b/cmake/FindRuby.cmake
@@ -33,7 +33,7 @@ endif()
 
 find_package(PkgConfig)
 if(PKG_CONFIG_FOUND)
-  pkg_search_module(RUBY ruby-2.4 ruby-2.3 ruby-2.2 ruby-2.1 ruby-2.0 ruby-1.9 ruby-1.8)
+  pkg_search_module(RUBY ruby-2.5 ruby-2.4 ruby-2.3 ruby-2.2 ruby-2.1 ruby-2.0 ruby-1.9 ruby-1.8)
 endif()
 
 if(RUBY_FOUND)
@@ -41,7 +41,7 @@ if(RUBY_FOUND)
   mark_as_advanced(RUBY_LIB)
 else()
   find_program(RUBY_EXECUTABLE
-NAMES ruby2.4.0 ruby240 ruby2.4 ruby2.3.0 ruby230 ruby2.3 ruby23 ruby2.2.3 ruby223 ruby2.2.2 ruby222 ruby2.2.1 ruby221 ruby2.2.0 ruby220 ruby2.2 ruby22 ruby2.1.7 ruby217 ruby2.1.6 ruby216 ruby2.1.5 ruby215 ruby2.1.4 ruby214 ruby2.1.3 ruby213 ruby2.1.2 ruby212 ruby2.1.1 ruby211 ruby2.1.0 ruby210 ruby2.1 ruby21 ruby2.0 ruby20 ruby1.9.3 ruby193 ruby1.9.2 ruby192 ruby1.9.1 ruby191 ruby1.9 ruby19 ruby1.8 ruby18 ruby
+NAMES ruby2.5.0 ruby250 ruby2.5 ruby2.4.0 ruby240 ruby2.4 ruby2.3.0 ruby230 ruby2.3 ruby23 ruby2.2.3 ruby223 ruby2.2.2 ruby222 ruby2.2.1 ruby221 ruby2.2.0 ruby220 ruby2.2 ruby22 ruby2.1.7 ruby217 ruby2.1.6 ruby216 ruby2.1.5 ruby215 ruby2.1.4 ruby214 ruby2.1.3 ruby213 ruby2.1.2 ruby212 ruby2.1.1 ruby211 ruby2.1.0 ruby210 ruby2.1 ruby21 ruby2.0 ruby20 ruby1.9.3 ruby193 ruby1.9.2 ruby192 ruby1.9.1 ruby191 ruby1.9 ruby19 ruby1.8 ruby18 ruby
 PATHS /usr/bin /usr/local/bin /usr/pkg/bin
 )
   if(RUBY_EXECUTABLE)


signature.asc
Description: PGP signature

Bug#892071: abcde: Some CDs which exist on musicbrainz are not found on CD lookup

[Adam Baker]

Package: abcde
Version: 2.8.1-1
Severity: important
Tags: upstream

Dear Maintainer,

When running an action that includes tag and using the default musicbrainz
option for CDDBMETHOD, abcde failed to find about half of the ten CDs I tried.
These were all discs that I verified are in the musicbrainz database and which
an earlier release of abcde had successfully looked up.

This appears to be the same issue as upstream bug
https://abcde.einval.com/bugzilla/show_bug.cgi?id=54

After cherry picking the fix from
https://git.einval.com/cgi-
bin/gitweb.cgi?p=abcde.git;a=patch;h=42ce0cff4d76ad80de7adb54d517de8cb9c72a94
it works as expected



-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (2, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages abcde depends on:
ii  cd-discid 1.4-1+b1
ii  cdparanoia3.10.2+debian-11
ii  flac  1.3.2-1
ii  lame  3.99.5+repack1-9+b2
ii  vorbis-tools  1.4.0-10+b1
ii  wget  1.18-5+deb9u1

Versions of packages abcde recommends:
ii  bsd-mailx 8.1.2-0.20160123cvs-4
ii  glyrc 1.0.9-1
ii  imagemagick   8:6.9.7.4+dfsg-11+deb9u4
ii  imagemagick-6.q16 [imagemagick]   8:6.9.7.4+dfsg-11+deb9u4
ii  libmusicbrainz-discid-perl0.03-6+b2
ii  libperl5.24 [libdigest-sha-perl]  5.24.1-3+deb9u2
ii  libwebservice-musicbrainz-perl0.93-1.1
ii  vorbis-tools  1.4.0-10+b1

Versions of packages abcde suggests:
pn  atomicparsley
pn  distmp3  
ii  eject2.1.5+deb1+cvs20081104-13.2
ii  eyed30.7.10-1
pn  id3  
pn  id3v2
pn  mkcue
pn  mp3gain  
pn  normalize-audio  
pn  vorbisgain   

-- no debconf information

Bug#879805: Bug 879805

[debbug . dovecot . imap . zlib . nospam . plz]

On Sun, Mar 04, 2018 at 23:40:32 +0200, Apollon Oikonomopoulos wrote:
> Good catch, this appears to be the following commit:
> https://github.com/dovecot/core/commit/c27f060a08d3bbf89fadd58baf61f5ba97a47e3a
> 
> > Is there a chance that the "mbox,zlib" fix from 2.2.33 could be included in 
> > a
> > later Debian 9.x point release? I'm not keen on running a backports package
> > that does not appear to get timely security updates.
> 
> Yes, I could include this in a stable update. Would you be willing to 
> test the proposed update?
> 

I can try! If an armel(!) binary .deb is available, it should be fairly easy 
to test here.

Bug#892070: stretch-pu: package obs-build/20160921-1

[Hector Oron]

Hello,

  I just realized I have attached debdiff for wrong version, attached
debdiff for version against stable.

Regards

2018-03-04 23:13 GMT+01:00 Héctor Orón Martínez :
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian@packages.debian.org
> Usertags: pu
>
> Hello,
>
>   I would like to push security fix into stable for `obs-build`.
>   The patch fixes CVE-2017-14804 as described in #887306.
>   Please consider the following patch attached.
>
> Regards
>
> -- System Information:
> Debian Release: buster/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: armhf
>
> Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=ca_AD.utf8, LC_CTYPE=ca_AD.utf8 (charmap=UTF-8), 
> LANGUAGE=ca_AD:ca (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled



-- 
 Héctor Orón  -.. . -... .. .- -.   -.. . ...- . .-.. --- .--. . .-.



-- Would you like to make a donation towards the upcoming Debian conference?
   Brochure: 
https://media.debconf.org/dc18/fundraising/debconf18_sponsorship_brochure_en.pdf

   ** https://debconf18.debconf.org/sponsors/become-a-sponsor/ **


diff -Nru obs-build-20160921/debian/changelog obs-build-20160921/debian/changelog
--- obs-build-20160921/debian/changelog	2016-09-23 15:49:42.0 +0200
+++ obs-build-20160921/debian/changelog	2018-03-04 23:18:00.0 +0100
@@ -1,3 +1,11 @@
+obs-build (20160921-1+deb9u1) stretch; urgency=medium
+
+  * CVE-2017-14804 (Closes: #887306)
+- Improve extractbuild to avoid write to files in the host system.
+- debian/patches/Improve-sanity-checks-in-extractbuild.patch: add new
+
+ -- Héctor Orón Martínez   Sun, 04 Mar 2018 23:18:00 +0100
+
 obs-build (20160921-1) unstable; urgency=medium
 
   [ Andrew Lee (李健秋) ]
diff -Nru obs-build-20160921/debian/patches/Improve-sanity-checks-in-extractbuild.patch obs-build-20160921/debian/patches/Improve-sanity-checks-in-extractbuild.patch
--- obs-build-20160921/debian/patches/Improve-sanity-checks-in-extractbuild.patch	1970-01-01 01:00:00.0 +0100
+++ obs-build-20160921/debian/patches/Improve-sanity-checks-in-extractbuild.patch	2018-03-04 23:16:40.0 +0100
@@ -0,0 +1,34 @@
+From fc36b1c95afbe11e65fd1ed6f75c1824cdb26230 Mon Sep 17 00:00:00 2001
+Message-Id: 
+From: Marcus Huewe 
+Date: Sun, 26 Nov 2017 20:25:48 +0100
+Subject: [PATCH] Improve sanity checks in extractbuild
+
+A \0 in a symlink target can be used to write to a file in the host
+system. For the same reason, we do not allow to process a file more
+than once. A \0 in a filename makes no sense, hence forbid it.
+---
+ extractbuild | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: obs-build-20160921/extractbuild
+===
+--- obs-build-20160921.orig/extractbuild
 obs-build-20160921/extractbuild
+@@ -74,6 +74,8 @@ while () {
+   my ($filetype, $file, $filesize, $blksize, @blocks) = split(/ /);
+   die("invalid input '$_'\n") unless defined($file);
+   $file =~ s/%([a-fA-F0-9]{2})/chr(hex($1))/ge;
++  die("bad file '$file' (contains \\0)\n") if $file =~ /\0/;
++  die("already processed: $file\n") if $done{$file};
+   die("bad file '$file'\n") if "/$file/" =~ /\/\.{0,2}\//s;
+   if ($file =~ /^(.*)\//s) {
+ die("file without directory: $file\n") unless $done{$1} && $done{$1} eq 'd';
+@@ -88,6 +90,7 @@ while () {
+ my $target = $filesize;
+ die("symlink without target\n") unless defined $target;
+ $target =~ s/%([a-fA-F0-9]{2})/chr(hex($1))/ge;
++die("bad symlink: $target (contains \\0)\n") if $target =~ /\0/;
+ die("bad symlink: $target\n") if "/$target/" =~ /\/\.?\//s;
+ if ("/$target/" =~ /^(\/\.\.)+\/(.*?)$/s) {
+   my ($head, $tail) = ($1, $2);
diff -Nru obs-build-20160921/debian/patches/series obs-build-20160921/debian/patches/series
--- obs-build-20160921/debian/patches/series	2016-09-23 07:04:44.0 +0200
+++ obs-build-20160921/debian/patches/series	2018-03-04 23:17:33.0 +0100
@@ -1,2 +1,4 @@
 0001-Use-obs-build-in-locations-and-executable-names-inst.patch
 0010_find-perm_slash.diff
+
+Improve-sanity-checks-in-extractbuild.patch

Bug#783607: test subjects

[Stefan Skoglund]

bitsavers.org has a number of files (scans) of ibm documents:

this: 
http://bitsavers.trailing-edge.com/pdf/ibm/370x/GA27-3051-3_Introduction_to_the_IBM_3704_and_3705_Communications_Controllers_Jul76.pdf

breaks in okular and evince but gv is able to show it.
Page 8 (in the index) is a white page.

What is visible in evince is the title paget !

Bug#783607: evince/poppler version

[Stefan Skoglund]

The fail is in my case on jessie

stefan@hpdc7k:~$ apt-cache  policy evince
evince:
  Installerad: 3.14.1-2+deb8u2
  Kandidat:3.14.1-2+deb8u2
  Versionstabell:
 *** 3.14.1-2+deb8u2 0
500 http://ftp.se.debian.org/debian/ jessie/main amd64 Packages
500 http://security.debian.org/ jessie/updates/main amd64
Packages
100 /var/lib/dpkg/status

stefan@hpdc7k:~$ apt-cache policy libpoppler46
libpoppler46:
  Installerad: 0.26.5-2+deb8u3
  Kandidat:0.26.5-2+deb8u3
  Versionstabell:
 *** 0.26.5-2+deb8u3 0
500 http://security.debian.org/ jessie/updates/main amd64
Packages
100 /var/lib/dpkg/status
 0.26.5-2+deb8u1 0
500 http://ftp.se.debian.org/debian/ jessie/main amd64 Packages
stefan@hpdc7k:~$ apt-cache policy poppler-data
poppler-data:
  Installerad: 0.4.7-1
  Kandidat:0.4.7-1
  Versionstabell:
 *** 0.4.7-1 0
500 http://ftp.se.debian.org/debian/ jessie/main amd64 Packages
100 /var/lib/dpkg/status
-

Bug#892070: stretch-pu: package obs-build/20160921-1

[Héctor Orón Martínez]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello,

  I would like to push security fix into stable for `obs-build`.
  The patch fixes CVE-2017-14804 as described in #887306.
  Please consider the following patch attached.

Regards

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=ca_AD.utf8, LC_CTYPE=ca_AD.utf8 (charmap=UTF-8), LANGUAGE=ca_AD:ca 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru obs-build-20170201/debian/changelog 
obs-build-20170201/debian/changelog
--- obs-build-20170201/debian/changelog 2017-08-04 23:24:36.0 +0200
+++ obs-build-20170201/debian/changelog 2018-03-04 23:05:06.0 +0100
@@ -1,3 +1,11 @@
+obs-build (20170201-3+deb9u1) stretch; urgency=medium
+
+  * CVE-2017-14804 (Closes: #887306)
+- Improve extractbuild to avoid write to files in the host system.
+- debian/patches/Improve-sanity-checks-in-extractbuild.patch: add new
+
+ -- Héctor Orón Martínez   Sun, 04 Mar 2018 23:05:06 +0100
+
 obs-build (20170201-3) unstable; urgency=medium
 
   [ Sjoerd Simons ]
diff -Nru 
obs-build-20170201/debian/patches/Improve-sanity-checks-in-extractbuild.patch 
obs-build-20170201/debian/patches/Improve-sanity-checks-in-extractbuild.patch
--- 
obs-build-20170201/debian/patches/Improve-sanity-checks-in-extractbuild.patch   
1970-01-01 01:00:00.0 +0100
+++ 
obs-build-20170201/debian/patches/Improve-sanity-checks-in-extractbuild.patch   
2018-03-04 23:01:56.0 +0100
@@ -0,0 +1,34 @@
+From fc36b1c95afbe11e65fd1ed6f75c1824cdb26230 Mon Sep 17 00:00:00 2001
+Message-Id: 

+From: Marcus Huewe 
+Date: Sun, 26 Nov 2017 20:25:48 +0100
+Subject: [PATCH] Improve sanity checks in extractbuild
+
+A \0 in a symlink target can be used to write to a file in the host
+system. For the same reason, we do not allow to process a file more
+than once. A \0 in a filename makes no sense, hence forbid it.
+---
+ extractbuild | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: obs-build-20160921/extractbuild
+===
+--- obs-build-20160921.orig/extractbuild
 obs-build-20160921/extractbuild
+@@ -74,6 +74,8 @@ while () {
+   my ($filetype, $file, $filesize, $blksize, @blocks) = split(/ /);
+   die("invalid input '$_'\n") unless defined($file);
+   $file =~ s/%([a-fA-F0-9]{2})/chr(hex($1))/ge;
++  die("bad file '$file' (contains \\0)\n") if $file =~ /\0/;
++  die("already processed: $file\n") if $done{$file};
+   die("bad file '$file'\n") if "/$file/" =~ /\/\.{0,2}\//s;
+   if ($file =~ /^(.*)\//s) {
+ die("file without directory: $file\n") unless $done{$1} && $done{$1} eq 
'd';
+@@ -88,6 +90,7 @@ while () {
+ my $target = $filesize;
+ die("symlink without target\n") unless defined $target;
+ $target =~ s/%([a-fA-F0-9]{2})/chr(hex($1))/ge;
++die("bad symlink: $target (contains \\0)\n") if $target =~ /\0/;
+ die("bad symlink: $target\n") if "/$target/" =~ /\/\.?\//s;
+ if ("/$target/" =~ /^(\/\.\.)+\/(.*?)$/s) {
+   my ($head, $tail) = ($1, $2);
diff -Nru obs-build-20170201/debian/patches/series 
obs-build-20170201/debian/patches/series
--- obs-build-20170201/debian/patches/series2017-08-04 23:24:36.0 
+0200
+++ obs-build-20170201/debian/patches/series2018-03-04 23:03:58.0 
+0100
@@ -15,3 +15,4 @@
 HACK-Make-glibc-build.patch
 debootstrap-generate-apt-caches.patch
 
+Improve-sanity-checks-in-extractbuild.patch

Bug#891511: ip route flush all does not work any more

[Luca Boccassi]

On Mon, 26 Feb 2018 12:05:05 +0100 Wolfgang Walter  wrote:
> Package: iproute2
> Version: 4.15.0-2
> 
> Hello,
> 
> after upgrading iproute2 from 4.14.1-2 to 4.15.0-2
> 
>   ip route flush all
> 
> seems not to work any more. It does not remove all ipv4 routes from
the main 
> table as it did before. Downgrading to 4.14.1-2 fixes the problem.
> 
> Basically 4.15.0-2 removes the default route, but other routes are
not 
> removed.
> 
> What still works is
> 
>   ip route flush table main 
> 
> 
> Another thing which changed is that
> 
>   ip route ls all
> 
> now does not show anything but the default route whereas it used to
show all 
> routes of the main table.

Hi,

Yes can confirm, it's easily reproduced.

Stephen, do you know if is this a known change in behaviour?

With 4.14.0:

$ ip route ls all
default via 192.168.1.1 dev wlp2s0 proto static metric 600 
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.5 metric 600 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

With 4.15.0:

$ ip route ls all
default via 192.168.1.1 dev wlp2s0 proto static metric 600

Further tests with 4.15.0:

$ ip route ls table main
default via 192.168.1.1 dev wlp2s0 proto static metric 600 
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.5 metric 600 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 
$ sudo ip route flush all
$ ip route ls all
$ ip route ls table main
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.5 metric 600 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 

$ sudo ip route add default via 192.168.1.1
$ ip route ls table main
default via 192.168.1.1 dev wlp2s0 
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.5 metric 600 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 
$ ip route ls all
default via 192.168.1.1 dev wlp2s0 
$ sudo ip route flush table main
$ ip route ls all
$ ip route ls table main
$

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#892069: puppet-lint: rake task only runs lint on modules inside spec/fixtures

[Gabriel Filion]

Package: puppet-lint
Version: 2.3.3-1
Severity: normal

Hello!

I was trying to use puppet-lint from this package to run lint as a rake
task to automate tests, and I found out that it would only run the lint
checks on .pp files inside modules present in spec/fixtures/modules/*

If I set the task's configuration to ignore some paths, it does not
change anything. In my Rakefile I have:

require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp", 
"pkg/**/*.pp"]


I've found out that configuration being ignored was already reported
upstream:

https://github.com/rodjek/puppet-lint/commit/0f2e2db90d5a14382eafbdfebff74048a487372f

However, the fix in that commit is already present in the code deployed
by the debian package.

If I use the workaround proposed as a comment on that commit (instead of
the above line starting with "PuppetLint.configuration"), then the lint
checks run as expected with the ignored paths set as I want them:

Rake::Task[:lint].clear
PuppetLint::RakeTask.new :lint do |config|
  config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp", "pkg/**/*.pp"]
end

So there must be something in the puppet-lint code that that makes it
ignore configuration set in the Rakefile, but I'm not proficient enough
in ruby to debug where this is happening.

Cheers

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_CA.utf8), LANGUAGE=en_CA.utf8 (charmap=UTF-8) (ignored: LC_ALL set to 
en_CA.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages puppet-lint depends on:
ii  ruby  1:2.5~1

puppet-lint recommends no packages.

Versions of packages puppet-lint suggests:
ii  rake  12.3.0-1

-- no debconf information

Bug#891785: [pkg-dhcp-devel] Bug#891786: isc-dhcp: diff for NMU version 4.3.5-3.1

[Michael Gilbert]

On Sun, Mar 4, 2018 at 3:44 PM, Salvatore Bonaccorso wrote:
> I've prepared an NMU for isc-dhcp (versioned as 4.3.5-3.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

Hi Salvatore,

Some meaningless whitespace is touched, but otherwise your patches
look correct.  Please feel free to remove the delay.

Best wishes,
Mike

Bug#879805: Bug 879805

[Apollon Oikonomopoulos]

On 13:22 Sun 04 Mar , debbug.dovecot.imap.zlib.nospam@sub.noloop.net 
wrote:
> I was also hit hard by this bug after a recent upgrade from debian 8.x to
> debian 9.x.
> 
> Dovecot spams the following lines multiple times per second and my .gz
> compressed mbox archives do not appear to work properly over imap:
> 
> Mar  3 18:37:28 hostname dovecot: imap(username): Panic: file istream-zlib.c: 
> line 416 (i_stream_zlib_seek): assertion failed: (ret == -1)
> Mar  3 18:37:28 hostname dovecot: imap(username): Fatal: master: 
> service(imap): child 2768 killed with signal 6 (core dumps disabled)
> 
> It would appear that Dovecot 2.2.33 contains a likely fix, based on
> https://www.dovecot.org/doc/NEWS 
> "mbox, zlib: Fix assert-crash when accessing compressed mbox"

Good catch, this appears to be the following commit:

https://github.com/dovecot/core/commit/c27f060a08d3bbf89fadd58baf61f5ba97a47e3a
> 
> Stretch only contains 2.2.27, but there is a 2.2.33.2-1~bpo9+1 in
> stretch-backports. It looks like the stretch-backports package was last
> uploaded on 15 Nov 2017, so it probably does not contain the security fixes
> included in DSA-4130-1 which was published on 02 Mar 2018.

No, it doesn't. I have a backport of 2.2.34 ready to upload, once 2.2.34 
hits testing, which should be tomorrow morning. 

> Is there a chance that the "mbox,zlib" fix from 2.2.33 could be included in a
> later Debian 9.x point release? I'm not keen on running a backports package
> that does not appear to get timely security updates.

Yes, I could include this in a stable update. Would you be willing to 
test the proposed update?

Regards,
Apollon

Bug#891986: mate-desktop does not depend on marco

[Alex ARNAUD]

Control: close -1

Le 03/03/2018 à 18:55, Alex a écrit :

when I start mate it does not start a WM as marco is not installed but
mate-wm tries to launch it. I did "apt install mate-desktop" to see if
it is not fully installed but all dependencies were there and it said
nothing to install.


Thank you Alex for the report, we're happy to see you helping Debian.

Why do you think mate-desktop should do that, the description is 
"Library with common API for various MATE modules".



One of the meta packages should depend on marco.


Yes, it's already the case, mate-desktop is not a meta package. The 
package you expect is mate-desktop-environment. You could also install 
it easily from the tasksel command in root or from the installation CD 
of Debian.


I hope my answer has helped you to figure out the issue. I close the bug 
because I assume it's not a bug. Let me know if you think I should 
reopen it.


Best regards,
Alex ARNAUD.

Bug#892068: codespell: Please package the new upstream version

[Georg Faerber]

Package: codespell
Version:  1.8-1

Dear maintainer,

Please package the new upstream version, currently 1.11.0.

In case you aren't interested anymore in this package, please say so, I
would like to help.

Thanks for your work and all the best,
Georg


signature.asc
Description: Digital signature

Bug#888315: reproducing this bug

[Rob van den Berg]

Hi,

I have no other machine with debian testing (buster).
I do have the same crash with other apps.
I'm developing some audio plugins and the gui crashes always in the same way on 
this laptop (stacktrace attached). I tried blender just because I guessed it 
uses the same libs and I wanted to see if it crashed too.

I wanted to install some -dbg package but couldn't find one. Also not exactly 
sure which to install :-)

Note: I did run ubuntu 16.04 on this machine before and then I didn't have this 
problem.

Really liking debian, hate to 'revert' to ubuntu 16.04 or an older debian. 
Other things (networking for example) are much, much better.

Please let me know how I can help any further.

Cheers Rob



-- 
Rob van den Berg 
Starting program: /usr/bin/blender 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xa3fffb40 (LWP 13436)]
[New Thread 0xa2bffb40 (LWP 13437)]
[New Thread 0xa4deab40 (LWP 13441)]
[New Thread 0xa4d69b40 (LWP 13442)]
[Thread 0xa4d69b40 (LWP 13442) exited]
[Thread 0xa4deab40 (LWP 13441) exited]
[New Thread 0xa1bffb40 (LWP 13446)]
[Thread 0xa1bffb40 (LWP 13446) exited]
[New Thread 0xa4deab40 (LWP 13447)]
[New Thread 0xa4d69b40 (LWP 13448)]
[New Thread 0xa4ce8b40 (LWP 13449)]
[New Thread 0xa37feb40 (LWP 13450)]
[New Thread 0xa1bffb40 (LWP 13451)]
[Thread 0xa1bffb40 (LWP 13451) exited]

Thread 1 "blender" received signal SIGSEGV, Segmentation fault.
0xa4c63257 in ?? ()

Thread 10 (Thread 0xa37feb40 (LWP 13450)):
#0  0xb7fd7cf9 in __kernel_vsyscall ()
#1  0xb66dd900 in futex_wait_cancelable (private=, expected=0, 
futex_word=0xa2ffdeb4) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#2  __pthread_cond_wait_common (abstime=0x0, mutex=0xa2ffde28, cond=0xa2ffde88) 
at pthread_cond_wait.c:502
#3  __pthread_cond_wait (cond=0xa2ffde88, mutex=0xa2ffde28) at 
pthread_cond_wait.c:655
#4  0xb78718ac in ?? () from /usr/lib/i386-linux-gnu/libopenal.so.1
#5  0xb78c0c70 in ?? () from /usr/lib/i386-linux-gnu/libopenal.so.1
#6  0xb66d7326 in start_thread (arg=0xa37feb40) at pthread_create.c:465
#7  0xb3fea306 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 9 (Thread 0xa4ce8b40 (LWP 13449)):
#0  0xb7fd7cf9 in __kernel_vsyscall ()
#1  0xb3fe5787 in syscall () at ../sysdeps/unix/sysv/linux/i386/syscall.S:29
#2  0xb76511f1 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#3  0xb762b490 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#4  0xb762e464 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#5  0xb762a45b in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#6  0xb7629b85 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#7  0xb764e908 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#8  0xb66d7326 in start_thread (arg=0xa4ce8b40) at pthread_create.c:465
#9  0xb3fea306 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 8 (Thread 0xa4d69b40 (LWP 13448)):
#0  0xb7fd7cf9 in __kernel_vsyscall ()
#1  0xb66e182b in __libc_read (fd=12, buf=0xa4d6807c, nbytes=4) at 
../sysdeps/unix/sysv/linux/read.c:26
#2  0xb7650437 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#3  0xb7654acd in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#4  0xb764e908 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#5  0xb66d7326 in start_thread (arg=0xa4d69b40) at pthread_create.c:465
#6  0xb3fea306 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 7 (Thread 0xa4deab40 (LWP 13447)):
#0  0xb7fd7cf9 in __kernel_vsyscall ()
#1  0xb66dd900 in futex_wait_cancelable (private=, expected=0, 
futex_word=0xa1d1526c) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#2  __pthread_cond_wait_common (abstime=0x0, mutex=0xa1d15228, cond=0xa1d15244) 
at pthread_cond_wait.c:502
#3  __pthread_cond_wait (cond=0xa1d15244, mutex=0xa1d15228) at 
pthread_cond_wait.c:655
#4  0xb764f95a in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#5  0xb7641f69 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#6  0xb764e908 in ?? () from /usr/lib/i386-linux-gnu/libjack.so.0
#7  0xb66d7326 in start_thread (arg=0xa4deab40) at pthread_create.c:465
#8  0xb3fea306 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 3 (Thread 0xa2bffb40 (LWP 13437)):
#0  0xb7fd7cf9 in __kernel_vsyscall ()
#1  0xb66e0876 in futex_abstimed_wait_cancelable (private=0, abstime=0x0, 
expected=1, futex_word=0xa44757e4)
at ../sysdeps/unix/sysv/linux/futex-internal.h:205
#2  do_futex_wait (sem=sem@entry=0xa44757e4, abstime=0x0) at 
sem_waitcommon.c:115
#3  0xb66e0957 in __new_sem_wait_slow (sem=0xa44757e4, abstime=0x0) at 
sem_waitcommon.c:282
#4  0xb639d773 in IlmThread_2_2::Semaphore::wait() () from 
/usr/lib/i386-linux-gnu/libIlmThread-2_2.so.23
#5  0xb639c9d4 in ?? () from /usr/lib/i386-linux-gnu/libIlmThread-2_2.so.23
#6  0xb66d7326 in start_thread (arg=0xa2bffb40) at pthread_create.c:465
#7  0xb3fea306 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 2 (Thread 0xa3fffb40 

Bug#884004: mumudvb: DVR Read error : Value too large for defined data type (Probably kernel driver problem)

[Brice Dubost]

Hello

Please try with MuMuDVB 2, as well as the buffering options in there.

I have implemented a buffer inside MuMuDVB to empty the kernel buffer
and decrease such issues

Unfortunately, due to the lack of a maintainer I don't have MuMuDVB 2
in debian, You'll have to compile it yourself

Brice

2017-12-10 6:16 GMT-05:00 Benoit Panizzon :
> Package: mumudvb
> Version: 1.7.1-1+b1
> Severity: normal
>
> Dear Maintainer,
>
> I am using an RTL2838 DVB Stick to experiment around with multicast streaming.
>
> When I capture the full transponder with mumdvb I get this error:
>
> DVR Read error : Value too large for defined data type
>
> And the stream has a hicpu every time this error occurs, about once per 
> second.
>
> Google tells me others observe the same problem and it is caused by a too 
> smal receive
> buffer in the kernel. So I don't know if this can be fixed on the mumudvb 
> side or
> if a kernel patch is required.
>
> https://ubuntuforums.org/showthread.php?t=2262966=2
> https://mailman.videolan.org/pipermail/dvblast-devel/2013-July/001203.html
>
> -Benoît-
>
>
> -- System Information:
> Debian Release: buster/sid
>   APT prefers testing
>   APT policy: (500, 'testing'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.13.0-1-amd64 (SMP w/2 CPU cores)
> Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), 
> LANGUAGE=de_CH:de (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages mumudvb depends on:
> ii  adduser   3.116
> ii  dvb-apps  1.1.1+rev1500-1.1+b1
> ii  libc6 2.25-2
>
> mumudvb recommends no packages.
>
> Versions of packages mumudvb suggests:
> pn  dvbtune  
>
> -- no debconf information

Bug#892049: dovecot post-install fails

[Apollon Oikonomopoulos]

Control: tags -1 unreproducible moreinfo
Control: severity -1 normal

Hi,

On 16:46 Sun 04 Mar , dAgeCKo wrote:
> Trying to install dovecot on debian 9.2 leaded to error during the
> post-install process, leading to dovecot partially installed and
> non-working, resulting in an unusable program (all dovecot packages),
> resulting in making a server unusable for email services.
> 
> Note also that the system is up-to-date (with aptitute update and aptitute
> upgrade).

Thanks for the report. Unfortunately, I'm unable to reproduce this in a 
clean stretch environment, so I'm downgrading to normal for the time 
being.

> Mar 04 15:34:10 utopia dovecot[55800]: Error: service(imap-login): 
> listen(*, 143) failed: Address already in use

So, there's something else listening on IMAP port 143 and

> root@utopia:/etc/exim4# netstat -lapute | grep 143
 ^ this command will never show it, because the port will show up as 
  "imap" and not 143, since you didn't pass the -n flag.

Please try ss -nptl | grep 143 (or netstat -an | grep 143).

Regards,
Apollon

Bug#892067: RFS: vnstat/1.18-1

[Christian Göttsche]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "vnstat"

 * Package name: vnstat
   Version : 1.18-1
   Upstream Author : Teemu Toivola 
 * URL : https://humdi.net/vnstat/
 * License : GPL2
   Section : net

It builds those binary packages:

  vnstat - console-based network traffic monitor
  vnstati- image output support for vnStat

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/vnstat

Alternatively, one can download the package with dget using this command:

  dget -x https://mentors.debian.net/debian/pool/main/v/vnstat/vnstat_1.18-1.dsc

The source of the package can be found at https://github.com/cgzones/vnstat_deb.

Changes since the last upload:

  vnstat (1.18-1) unstable; urgency=medium

  * New upstream version 1.18

  * debian/
- vnstat.service: add 3s timeout for auto-restart (Closes: #814542)
- patches/
  + rebase and drop upstream applied ones
  + (hopefully) fix kfreebsd build warning
- bump to compat level 11 and standards version 4.1.3
- watch: switch to github url for encrypted connection
 and check signature
- vnstat.postinst: do not run chown recursively (thanks to Lintian)
- upstream/metadata: supply minimal metadata
- debian/control: use https url for project homepage

 -- Christian Göttsche   Sun, 04 Mar 2018 21:34:00 +0100


Regards,
   Christian Göttsche


p.s.:
Due to checking the release file signature, I am getting the Lintian
warning `orig-tarball-missing-upstream-signature`.
How do I solve this? (I am using git-buildpackage)

Bug#887873: linux-image-4.9.0-5-marvell: frequent "usercopy: kernel memory overwrite attempt detected" on QNAP NAS (ARM)

[Andrew Lunn]

On Sun, Mar 04, 2018 at 06:41:57PM +0100, Martin Michlmayr wrote:
> A Debian user reported the following issue on QNAP TS-119P II with
> 4.9.65:
> 
> * Menno Finlay-Smits  [2018-01-21 23:08]:
> > Rsyncing files between 2 HDDs on a QNAP 119p with a fresh, minimal install 
> > of
> > stretch NAS (armel) causes the kernel to fail after ~20mins with a kernel
> > memory overwrite attempt (full error below). 

Please can you give me the exact rsync command being used. Having a
unix domain socket seems a bit odd for rsync'ing files on the same
machine.

Thanks
Andrew

Bug#887413: isc-dhcp: diff for NMU version 4.3.5-3.1

[Salvatore Bonaccorso]

Control: tags 887413 + patch
Control: tags 887413 + pending
Control: tags 891785 + patch
Control: tags 891785 + pending
Control: tags 891786 + patch
Control: tags 891786 + pending

Dear maintainer,

I've prepared an NMU for isc-dhcp (versioned as 4.3.5-3.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

You will note I included as well in the diff the part with respect of
the unittests. I was unable to get a setup working so that i can run
those to verify the fixes specifically with the unittest added. But I
opted in to keep those for benefit of any fetching the source and able
to run the unittests.

Regards,
Salvatore
diff -Nru isc-dhcp-4.3.5/debian/changelog isc-dhcp-4.3.5/debian/changelog
--- isc-dhcp-4.3.5/debian/changelog	2017-01-09 05:55:32.0 +0100
+++ isc-dhcp-4.3.5/debian/changelog	2018-03-04 21:35:31.0 +0100
@@ -1,3 +1,13 @@
+isc-dhcp (4.3.5-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413)
+  * Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785)
+  * Correct buffer overrun in pretty_print_option (CVE-2018-5732)
+(Closes: #891786)
+
+ -- Salvatore Bonaccorso   Sun, 04 Mar 2018 21:35:31 +0100
+
 isc-dhcp (4.3.5-3) unstable; urgency=medium
 
   * Add support for read-only /etc (closes: #642544).
diff -Nru isc-dhcp-4.3.5/debian/patches/CVE-2017-3144.patch isc-dhcp-4.3.5/debian/patches/CVE-2017-3144.patch
--- isc-dhcp-4.3.5/debian/patches/CVE-2017-3144.patch	1970-01-01 01:00:00.0 +0100
+++ isc-dhcp-4.3.5/debian/patches/CVE-2017-3144.patch	2018-03-04 21:35:31.0 +0100
@@ -0,0 +1,47 @@
+From: Thomas Markwalder 
+Date: Thu, 7 Dec 2017 11:23:36 -0500
+Subject: [master] Plugs a socket descriptor leak in OMAPI
+Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
+Bug: https://bugs.isc.org/Public/Bug/Display.html?id=46767
+Bug-Debian: https://bugs.debian.org/887413
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-3144
+
+Merges in rt46767.
+---
+
+diff --git a/omapip/buffer.c b/omapip/buffer.c
+index 6e0621b5..a21f0a80 100644
+--- a/omapip/buffer.c
 b/omapip/buffer.c
+@@ -565,6 +565,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
+ 			omapi_buffer_dereference (, MDL);
+ 		}
+ 	}
++
++	/* If we had data left to write when we're told to disconnect,
++	* we need recall disconnect, now that we're done writing.
++	* See rt46767. */
++	if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
++		omapi_disconnect (h, 1);
++		return ISC_R_SHUTTINGDOWN;
++	}
++
+ 	return ISC_R_SUCCESS;
+ }
+ 
+diff --git a/omapip/message.c b/omapip/message.c
+index ee15d821..37abbd25 100644
+--- a/omapip/message.c
 b/omapip/message.c
+@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
+ }
+ 
+ #ifdef DEBUG_PROTOCOL
+-static const char *omapi_message_op_name(int op) {
++const char *omapi_message_op_name(int op) {
+ 	switch (op) {
+ 	case OMAPI_OP_OPEN:return "OMAPI_OP_OPEN";
+ 	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
+-- 
+2.16.2
+
diff -Nru isc-dhcp-4.3.5/debian/patches/CVE-2018-5732.patch isc-dhcp-4.3.5/debian/patches/CVE-2018-5732.patch
--- isc-dhcp-4.3.5/debian/patches/CVE-2018-5732.patch	1970-01-01 01:00:00.0 +0100
+++ isc-dhcp-4.3.5/debian/patches/CVE-2018-5732.patch	2018-03-04 21:35:31.0 +0100
@@ -0,0 +1,144 @@
+From: Thomas Markwalder 
+Date: Sat, 10 Feb 2018 12:15:27 -0500
+Subject: [master] Correct buffer overrun in pretty_print_option
+Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d
+Bug: https://bugs.isc.org/Public/Bug/Display.html?id=47139
+Bug-Debian: https://bugs.debian.org/891786
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-5732
+
+Merges in rt47139.
+---
+
+diff --git a/common/options.c b/common/options.c
+index 6f23bc15..fc0e0889 100644
+--- a/common/options.c
 b/common/options.c
+@@ -1776,7 +1776,8 @@ format_min_length(format, oc)
+ 
+ 
+ /* Format the specified option so that a human can easily read it. */
+-
++/* Maximum pretty printed size */
++#define MAX_OUTPUT_SIZE 32*1024
+ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
+ 	struct option *option;
+ 	const unsigned char *data;
+@@ -1784,8 +1785,9 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
+ 	int emit_commas;
+ 	int emit_quotes;
+ {
+-	static char optbuf [32768]; /* XXX */
+-	static char *endbuf = [sizeof(optbuf)];
++	/* We add 128 byte pad so we don't have to add checks everywhere. */
++	static char optbuf [MAX_OUTPUT_SIZE + 128]; /* XXX */
++	static char *endbuf = optbuf + MAX_OUTPUT_SIZE;
+ 	int hunksize = 0;
+ 	int opthunk = 0;
+ 	int hunkinc = 0;
+@@ -2211,7 +2213,14 @@ 

Bug#892066: ruby-crb-blast FTBFS: test failures

[Adrian Bunk]

Source: ruby-crb-blast
Version: 0.6.9-1
Severity: serious

https://buildd.debian.org/status/fetch.php?pkg=ruby-crb-blast=all=0.6.9-1=1520009847=0

...
┌──┐
│ Run tests for ruby2.3 from debian/ruby-tests.rake│
└──┘

RUBYLIB=/<>/debian/ruby-crb-blast/usr/lib/ruby/vendor_ruby:. 
GEM_PATH=debian/ruby-crb-blast/usr/share/rubygems-integration/all:/var/lib/gems/2.3.0:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.3.0:/usr/share/rubygems-integration/2.3.0:/usr/share/rubygems-integration/all
 ruby2.3 -S rake -f debian/ruby-tests.rake
/usr/bin/ruby2.3 -w -I"test"  
"/usr/lib/ruby/vendor_ruby/rake/rake_test_loader.rb" "test/test_test.rb" 
"test/test_bin.rb" "test/test_test.rb" "test/test_test2.rb" 
"test/test_test3.rb" -v
/<>/debian/ruby-crb-blast/usr/lib/ruby/vendor_ruby/crb-blast/crb-blast.rb:348:
 warning: shadowing outer local variable - name
/<>/debian/ruby-crb-blast/usr/lib/ruby/vendor_ruby/crb-blast/crb-blast.rb:348:
 warning: shadowing outer local variable - seq
/usr/lib/ruby/vendor_ruby/fixwhich.rb:3: warning: assigned but unused variable 
- e
/usr/lib/ruby/vendor_ruby/threach.rb:7: warning: `*' interpreted as argument 
prefix
/usr/lib/ruby/vendor_ruby/threach.rb:13: warning: shadowing outer local 
variable - i
/<>/test/test_test3.rb:28: warning: assigned but unused variable - 
blaster
/<>/test/test_test3.rb:44: warning: assigned but unused variable - 
dbs
/<>/test/test_test3.rb:45: warning: assigned but unused variable - 
run
/<>/test/test_test3.rb:46: warning: assigned but unused variable - 
load
Loaded suite /usr/lib/ruby/vendor_ruby/rake/rake_test_loader
Started
Test2CRBBlast: 
  test: crb-blast should add secondary hits. :  E
===
Error: test: crb-blast should add secondary hits. (Test2CRBBlast):
  RuntimeError: BLAST Error:
  USAGE
blastn [-h] [-help] [-import_search_strategy filename]
  [-export_search_strategy filename] [-task task_name] [-db database_name]
  [-dbsize num_letters] [-gilist filename] [-seqidlist filename]
  [-negative_gilist filename] [-negative_seqidlist filename]
  [-entrez_query entrez_query] [-db_soft_mask filtering_algorithm]
  [-db_hard_mask filtering_algorithm] [-subject subject_input_file]
  [-subject_loc range] [-query input_file] [-out output_file]
  [-evalue evalue] [-word_size int_value] [-gapopen open_penalty]
  [-gapextend extend_penalty] [-perc_identity float_value]
  [-qcov_hsp_perc float_value] [-max_hsps int_value]
  [-xdrop_ungap float_value] [-xdrop_gap float_value]
  [-xdrop_gap_final float_value] [-searchsp int_value]
  [-sum_stats bool_value] [-penalty penalty] [-reward reward] [-no_greedy]
  [-min_raw_gapped_score int_value] [-template_type type]
  [-template_length int_value] [-dust DUST_options]
  [-filtering_db filtering_database]
  [-window_masker_taxid window_masker_taxid]
  [-window_masker_db window_masker_db] [-soft_masking soft_masking]
  [-ungapped] [-culling_limit int_value] [-best_hit_overhang float_value]
  [-best_hit_score_edge float_value] [-window_size int_value]
  [-off_diagonal_range int_value] [-use_index boolean] [-index_name string]
  [-lcase_masking] [-query_loc range] [-strand strand] [-parse_deflines]
  [-outfmt format] [-show_gis] [-num_descriptions int_value]
  [-num_alignments int_value] [-line_length line_length] [-html]
  [-max_target_seqs num_sequences] [-num_threads int_value] [-remote]
  [-version]
  
  DESCRIPTION
 Nucleotide-Nucleotide BLAST 2.7.1+

Bug#892000: nm.debian.org: Key is not update properly

[KAction]

control: close -1

> > > Maybe it worth documenting, from what exactly keyserver does nm.debian.org
> > > fetch information?
> > 
> > I have done a --recv-keys from pgp.mit.edu and pushed to sks-keyservers
> > and then triggered a refresh on nm.d.o, and it's now shown.
> > 
> > > What constitutes 'very soon'? My expires in two months. Is it considered
> > > soon? And if it is, what expiration time is recommended?
> > 
> > Two months is definitely two short. 
> > [...]

Thank you! I changed expire date, uploaded to sks-keyservers, and now
nm.debian.org is satisfied.

Bug#892065: flashrom: Please package new upstream version 1.0

[Elena ``of Valhalla'']

Package: flashrom
Version: 0.9.9+r1954-1+b1
Severity: wishlist

Dear Maintainer,

After a couple of years, upstream has released a new version, 1.0.

It doesn't have huge changes (https://www.flashrom.org/Flashrom/1.0),
but it would be nice to have it packaged in debian.

Thanks for your work.

Bug#892064: dm-writeboost-dkms: Unable to compile with kernel 4.15

[mtths]

Package: dm-writeboost-dkms
Version: 2.2.8-1
Severity: normal
Tags: upstream

Dear Maintainer,

while trying to install the new packages linux-image-4.15.0-1-amd64 and
linux-headers-4.15.0-1-amd64 the build of dm-writeboost-dkms failed (cf.
attached log). This can cause a trouble if a filesystem on dm-writeboost is not
mountable during boot.
The problem is already known upstream and will be fixed in version 2.2.9.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dm-writeboost-dkms depends on:
ii  dkms  2.3-3

Versions of packages dm-writeboost-dkms recommends:
ii  dmsetup 2:1.02.145-4.1
ii  kmod25-1
ii  writeboost  1.20160718-1

dm-writeboost-dkms suggests no packages.

-- no debconf information
DKMS make.log for dm-writeboost-2.2.8 for kernel 4.15.0-1-amd64 (x86_64)
So 4. Mär 20:19:50 CET 2018
make -C /lib/modules/4.15.0-1-amd64/build 
M=/var/lib/dkms/dm-writeboost/2.2.8/build modules
make[1]: Verzeichnis „/usr/src/linux-headers-4.15.0-1-amd64“ wird betreten
make -C /usr/src/linux-headers-4.15.0-1-amd64 
KBUILD_SRC=/usr/src/linux-headers-4.15.0-1-common \
-f /usr/src/linux-headers-4.15.0-1-common/Makefile modules
test -e include/generated/autoconf.h -a -e include/config/auto.conf || (
\
echo >&2;   \
echo >&2 "  ERROR: Kernel configuration is invalid.";   \
echo >&2 " include/generated/autoconf.h or include/config/auto.conf are 
missing.";\
echo >&2 " Run 'make oldconfig && make prepare' on kernel src to fix 
it.";  \
echo >&2 ;  \
/bin/false)
mkdir -p /var/lib/dkms/dm-writeboost/2.2.8/build/.tmp_versions ; rm -f 
/var/lib/dkms/dm-writeboost/2.2.8/build/.tmp_versions/*
make -f /usr/src/linux-headers-4.15.0-1-common/scripts/Makefile.build 
obj=/var/lib/dkms/dm-writeboost/2.2.8/build
   gcc-7 
-Wp,-MD,/var/lib/dkms/dm-writeboost/2.2.8/build/.dm-writeboost-target.o.d  
-nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/7/include 
-I/usr/src/linux-headers-4.15.0-1-common/arch/x86/include 
-I./arch/x86/include/generated  
-I/usr/src/linux-headers-4.15.0-1-common/include -I./include 
-I/usr/src/linux-headers-4.15.0-1-common/arch/x86/include/uapi 
-I./arch/x86/include/generated/uapi 
-I/usr/src/linux-headers-4.15.0-1-common/include/uapi 
-I./include/generated/uapi -include 
/usr/src/linux-headers-4.15.0-1-common/include/linux/kconfig.h  
-I/var/lib/dkms/dm-writeboost/2.2.8/build 
-I/var/lib/dkms/dm-writeboost/2.2.8/build -D__KERNEL__ -Wall -Wundef 
-Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common 
-fshort-wchar -Werror-implicit-function-declaration -Wno-format-security 
-std=gnu89 -fno-PIE -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 
-falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 
-mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone 
-mcmodel=kernel -funit-at-a-time -DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 
-DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 
-DCONFIG_AS_SSSE3=1 -DCONFIG_AS_CRC32=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 
-DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -pipe 
-Wno-sign-compare -fno-asynchronous-unwind-tables 
-mindirect-branch=thunk-extern -mindirect-branch-register -DRETPOLINE 
-fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation 
-Wno-format-overflow -Wno-int-in-bool-context -O2 
--param=allow-store-data-races=0 -DCC_HAVE_ASM_GOTO -Wframe-larger-than=2048 
-fstack-protector-strong -Wno-unused-but-set-variable 
-Wno-unused-const-variable -fno-var-tracking-assignments -g -pg -mfentry 
-DCC_USING_FENTRY -Wdeclaration-after-statement -Wno-pointer-sign 
-fno-strict-overflow -fno-stack-check -fconserve-stack -Werror=implicit-int 
-Werror=strict-prototypes -Werror=date-time -Werror=incompatible-pointer-types 
-Werror=designated-init  -DMODULE  -DKBUILD_BASENAME='"dm_writeboost_target"'  
-DKBUILD_MODNAME='"dm_writeboost"' -c -o 
/var/lib/dkms/dm-writeboost/2.2.8/build/.tmp_dm-writeboost-target.o 
/var/lib/dkms/dm-writeboost/2.2.8/build/dm-writeboost-target.c
   gcc-7 
-Wp,-MD,/var/lib/dkms/dm-writeboost/2.2.8/build/.dm-writeboost-metadata.o.d  
-nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/7/include 
-I/usr/src/linux-headers-4.15.0-1-common/arch/x86/include 
-I./arch/x86/include/generated  
-I/usr/src/linux-headers-4.15.0-1-common/include -I./include 
-I/usr/src/linux-headers-4.15.0-1-common/arch/x86/include/uapi 
-I./arch/x86/include/generated/uapi 
-I/usr/src/linux-headers-4.15.0-1-common/include/uapi 
-I./include/generated/uapi -include 

Bug#890944: new packages should not receive emails before email alias is created

[Raphael Hertzog]

Hi,

On Sun, 04 Mar 2018, Luca Falavigna wrote:
> Well, recent changes just changed email to
> @packages.debian.org, so I'm not convinced this is a bug in
> dak itself.
> 
> Could it be the small delay while processing mails to
> @packages.qa.debian.org (which are then forwarded to
> @packages.debian.org) could have hidden this for ages?

No, @packages.qa.debian.org never forwarded to
@packages.debian.org. It's the other way around.

@packages.qa.debian.org is the old PTS variant
of dispa...@tracker.debian.org and is nowadays just forwarding
to the latter.

> Anyway, does the solution to use dispatch@p.d.o works for source NEW,
> or for binary-NEW too?

It works for whatever you want. Ansgar asked me a few questions on
this topic recently and he said that DAK was already mailing the
maintainer directly so he would certainly just mail the maintainer +
dispatch@tracker.d.o in all cases and never use
@packages.debian.org.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Bug#892063: cpputest: FTBFS on hppa - __canonicalize_funcptr_for_compare (0xdeadbeef)

[John David Anglin]

Source: cpputest
Version: 3.8-7
Severity: normal

Dear Maintainer,

The build fails running CppUTestTests:
./CppUTestTests
!!..!..!..!..!
..!..!..!..!..!.!!.!..!...
..!..!..!make[2]: *** [Makefile:3402: tdd] Segmentation fault

Full log is here:
https://buildd.debian.org/status/fetch.php?pkg=cpputest=hppa=3.8-7=1520189685=0

Running under gdb:

Breakpoint 1, 0x000d7c24 in __canonicalize_funcptr_for_compare ()
(gdb) p/x $r26
$1 = 0xdeadbeef
(gdb) bt
#0  0x000d7c24 in __canonicalize_funcptr_for_compare ()
#1  0x000d637c in UtestShell::assertFunctionPointersEqual (
this=0x17b2fc 
,
 expected=,
actual=, text=0xee948 "Failed because it failed",
fileName=, lineNumber=, testTerminator=...)
at src/CppUTest/Utest.cpp:475
#2  0x00095f64 in 
TEST_UnitTestMacros_FUNCTIONPOINTERS_EQUAL_TEXTBehavesAsProperMacro_Test::testBody
 (this=) at tests/TestUTestMacro.cpp:734
#3  0x000d3ebc in helperDoTestBody (data=)
at src/CppUTest/Utest.cpp:92
#4  0x000d75b8 in PlatformSpecificSetJmpImplementation (
function=@0x16e6d2: 0xd3e98 , data=0x1891d0)
at src/Platforms/Gcc/UtestPlatform.cpp:144
#5  0x000d4474 in Utest::run (this=0xdeadbeef) at src/CppUTest/Utest.cpp:575

(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x000d7c50 in __canonicalize_funcptr_for_compare ()
(gdb) disass $pc-16,$pc+16
Dump of assembler code from 0xd7c40 to 0xd7c60:
   0x000d7c40 <__canonicalize_funcptr_for_compare+40>:  copy r26,r3
   0x000d7c44 <__canonicalize_funcptr_for_compare+44>:  addil L%9000,dp,r1
   0x000d7c48 <__canonicalize_funcptr_for_compare+48>:  ldw 488(r1),r21
   0x000d7c4c <__canonicalize_funcptr_for_compare+52>:  depwi 0,31,2,r3
=> 0x000d7c50 <__canonicalize_funcptr_for_compare+56>:  ldw 0(r3),ret0
   0x000d7c54 <__canonicalize_funcptr_for_compare+60>:  ldo 10(ret0),r20
   0x000d7c58 <__canonicalize_funcptr_for_compare+64>:  cmpb,= r21,r20,0xd7c70 
<__canonicalize_funcptr_for_compare+88>
   0x000d7c5c <__canonicalize_funcptr_for_compare+68>:  ldil L%-3ff2000,r31
End of assembler dump.

It looks like __canonicalize_funcptr_for_compare needs to be improved to
prevent access fault on garbage pointer, but maybe there's something that
can be done in cpputest.

Regards,
Dave Anglin

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable')
Architecture: hppa (parisc64)

Kernel: Linux 4.14.23+ (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=C 
(charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#889936: survex: FTBFS with proj 5.0.0

[Olly Betts]

Control: clone -1 -2
Control: reassign -2 libproj13
Control: retitle -2 libproj13: PROJ4 version 5 ignores +vunits
Control: block -1 by -2

On Thu, Feb 08, 2018 at 10:55:00PM +0100, Bas Couwenberg wrote:
> Your package FTBFS due to missing compatibility with Proj 5.0.0:
> 
>  ./csbadsdfix.svx:2: error: Station "1" fixed before CS command first used
>  ./csbadsdfix.svx:3:5: error: Unknown coordinate system
>   *cs EPSG:-1
>   ^~~
>  ./csbadsdfix.svx:4:5: error: Unknown coordinate system
>   *cs ERSI:1234
>   ^
>  ./csbadsdfix.svx:5:5: error: Unknown coordinate system
>   *cs EUR79Z31
>   ^~~~
[...]

This isn't the problem (these testcases are testing that we reject
coordinate systems which aren't valid, so these errors are expected and
correct).

The test failure seems to be actually due to the new PROJ4 ignoring
+vunits entirely and can be reproduced without involving Survex by
using cs2cs:

$ echo 36000 83000 5250|cs2cs +proj=tmerc +lat_0=0 +lon_0=13d20 +k=1 +x_0=0 
+y_0=-520 +ellps=bessel 
+towgs84=577.326,90.129,463.919,5.137,1.474,5.297,2.4232 +vunits=ft +to 
+proj=tmerc +lat_0=0 +lon_0=13d20 +k=1 +x_0=0 +y_0=-520 +ellps=bessel 
+towgs84=577.326,90.129,463.919,5.137,1.474,5.297,2.4232 
36000.0083000.00 5250.00

In older versions this converted the altitude from feet to metres, and
the output was:

36000.0083000.00 1600.20

Cheers,
Olly

Bug#816685: logcheck-database: Patch to fix postfix logcheck

[CJ Fearnley]

Package: logcheck-database
Version: 1.3.18
Followup-For: Bug #816685

Dear Maintainer,

Logcheck was sending postfix disconnects which should not be flagged
as issues. Investigation shows (as previous reporters have confirmed)
that the log output has changed.

This patch for /etc/logcheck/ignore.d.server/postfix appears to fix
the problem. Though I cannot be sure that I missed one of the obscure
SMTP commands that postfix supports. Perhaps someone can look into the
postfix code to determine if more commands need to be added to this
improved regex.

--- postfix 2018-03-04 13:50:44.877543168 -0500
+++ /etc/logcheck/ignore.d.server/postfix   2018-03-04 14:35:24.378710297 
-0500
@@ -97,7 +97,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
(NOQUEUE|[[:xdigit:]]+): reject: (HE|EH)LO from 
[^[:space:]]+\[[[:digit:].]{7,15}\]: [45][[:digit:]]{2}( 
[45](\.[[:digit:]]){2})? <[^[:space:]]*>: Helo command rejected: .+; 
proto=E?SMTP helo=<[^[:space:]]+>$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
(NOQUEUE|[[:xdigit:]]+): reject: [[:upper:]]+ from [^[:space:]]+: 550( 
5\.1\.[01])? <[^[:space:]]*>: (Sender|Recipient) address rejected: User unknown 
in ((local|relay) recipient|virtual alias) table;( from=<[^[:space:]]*> 
to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
(NOQUEUE|[[:xdigit:]]+): reject: [[:upper:]]+ from [^[:space:]]+: 450( 
4\.1\.8)? <[^>]*>: Sender address rejected: Domain not found;( from=<[^>]*> 
to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
(dis)?connect from [^[:space:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
(dis)?connect from [^[:space:]]+(|( 
((eh|he)lo|mail|rcpt|data|rset|noop|etrn|auth|starttls|unknown|quit)=[0-9]+(/[0-9]+)?)*
 commands=[0-9]+(/[0-9]+)?)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
NOQUEUE: discard: RCPT from [^[:space:]]+: <[^[:space:]]*>: .+; 
from=[^[:space:]]+ to=[^[:space:]]+ proto=E?SMTP helo=<[^[:space:]]+>$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
NOQUEUE: milter-reject: MAIL from [-._[:alnum:]]+\[[.[:digit:]]+\]: 451 
4\.(7\.1 Service unavailable|3\.2 AV system temporarily overloaded) - (please 
)?try (again )?later; proto=E?SMTP helo=<[^[:space:]]+>$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
NOQUEUE: milter-reject: MAIL from [^[:space:]]+: .+; from=[^[:space:]]+ 
proto=E?SMTP helo=<[^[:space:]]+>$

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-5-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#891931: [pkg-gnupg-maint] Bug#891931: Bug#891931: gnupg: semantic change of the package to a meta-package results in upgrade bloat

[Werner Koch]

On Sun,  4 Mar 2018 16:23, d...@fifthhorseman.net said:

> the binary, "gnupg" refer to "gpg" plus the traditional "gpg-agent" and
> "dirmngr", and then some complete "gnupg-all" wihch depends on

You need to include at least gpgconf because this is an important tool.
Not only for gpgme (which requires it to not fallback to gpg1) but also
in regard to many howtos.  Also gpg-connect-agent is very useful and
often mentioned in replies to questions.  gpg-wks-client is also build
by default, but that could in theory be bundled with dirmngr.

As you write, it is soon getting more and more complicated.  To me only
separating out dirmngr and gpg-wks-tools in a, say, gnupg-network may
make some sense soto support users who don't want any network access.


Salam-Shalom,

   Werner


-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp7T0jEyBQzF.pgp
Description: PGP signature

Bug#891982: xchat: Intent to file removal bug

[Antoine Beaupre]

On Sun, Mar 04, 2018 at 05:50:15PM +0100, John Paul Adrian Glaubitz wrote:
> >> I don't think a rant posted on reddit by the author of a fork
> >> is justified enough to ask for a package to be removed from
> >> the archive.
> > 
> > The author posted his opinion to his personal blog and did not
> > directly start the reddit discussion. Also, that author is the subject
> > matter expert here and I think we should give due deference to his
> > understanding of the security issues present in xchat for which he did
> > not seek CVE designations.
> 
> If he is an expert, why didn't he even bother posting a single valid
> example where xchat is insecure and posing a risk to its users.
> 
> If there are valid vulnerabilities, it shouldn't a problem to list
> them.

So in response to this request, I have contacted TingPing regarding his
claims, to try and clarify which security issues he has found in XChat
during the maintenance of hexchat. He was kind enough to respond
with a few examples.

He pointed at 4 recent commits fixing remote crashes when connecting to
an untrusted IRC server:

https://github.com/hexchat/hexchat/commit/f4a592c4f0364d35068bca9f2634946750340356
https://github.com/hexchat/hexchat/commit/a3db4e577307742965f5ba75daf03146164bd211
https://github.com/hexchat/hexchat/commit/6e4fc09ce005db965523ef8930ea51ca429815a2
https://github.com/hexchat/hexchat/commit/f6333b592b0d574d68e96d04a09a6cae956ee6c3

Those have been discovered by fuzzing and are generally not possible to
trigger by other users but could be abused by a hostile server to
trigger a crash in Xchat. In general, he said that most issues were
"mostly" in that domain, but he doesn't exclude crashes triggered by
other users which would be more worrisome.

I hope this answers the demand of proving the claims of security issues
more clearly.
 
Have a nice day!

A.


signature.asc
Description: PGP signature

Bug#863875: linux-image-4.11.xx-kirkwood: sata_mv.ko for kirkwood-SoC does no longer work starting from linux 4.11

[Martin Michlmayr]

What about 4.15 from unstable?  Is that working for you?

Which Kirkwood platform are you on?

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#874364: gnome: Gnome keyboard layout setting influences system-wide keyboard layout unpredictably

[iiro]

Now I have investigated the problem further. My findings here:

1) The per-user layout influences the console layout when there is only one 
user. This in itself is somewhat reasonable, if little confusing to someone who 
has used to the old UNIX model that normal user cannot edit system-wide 
settings.
2) What is written in above propagates to the LUKS passphrase prompt only when 
the initrd regeneration is triggered, e. g. after kernel upgrade. The prompt 
does not echo the passphrase, nor does not show the keyboard layout that is 
being used.
3) If user selects an "extra" keyboard layout after enabling them in GNOME by 
running "gsettings set org.gnome.desktop.input-sources show-all-sources true", 
it will will propagate to the console properly, but NOT to the GDM. This makes 
it even more confusing.
4) By using auditd, I have determined that the process editing the 
/etc/default/keyboard is systemd-localed.

Bug#723042: QNAP still not booting

[Martin Michlmayr]

* Christoph Egger  [2018-03-04 20:19]:
> I have since then retired the QNAP

The bug is quite old and I'm not aware of any boot issues on the QNAP
TS-41x so I think it's best to close this report.  Ok?

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#723042: QNAP still not booting

[Christoph Egger]

On Sunday 4 March 2018 18:28:39 CET Martin Michlmayr wrote:
> * Christoph Egger  [2014-08-22 21:32]:
> > FWIW it still doesn't boot. I'll buy a jtag adapter post-debconf so I
> > can get anything out of it that might b usefull
> 
> This bug report is quite old.
> 
> There are users running Debian jessie (3.16) and stretch (4.9)
> successfully on QNAP TS-41x hardware.
> 
> Do you still have problems?

I have since then retired the QNAP

  Christoph

Bug#886538: Problem also occours in current version of ubuntu 18.04

[Michael Fritscher]

I've the problem also with the version 0.16 found in Ubuntu 18.04. But
as a workaround, you can switch to the workbench "complete".

Best regards,
Michael Fritscher

Bug#892061: gamera: FTBFS on hppa - test_rle.test_rle1 ... xargs: env: terminated by signal 11

[John David Anglin]

Source: gamera
Version: 1:3.4.2+git20160808.1725654-2
Severity: normal

Dear Maintainer,

Build fails here:

test_plugins.TestPlugins.test_plugin_zernike_moments ... ok
test_rect.test_rect ... ok
test_rle.test_rle1 ... xargs: env: terminated by signal 11
make: *** [debian/rules:45: build/build-stamp] Error 125
dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit 
status 2

Build finished at 2018-03-04T18:40:11Z

Full log is here:
https://buildd.debian.org/status/fetch.php?pkg=gamera=hppa=1%3A3.4.2%2Bgit20160808.1725654-2=1520188850=0

>From console, it appears that there is a NULL pointer dereference:
do_page_fault() command='python2.7' type=15 address=0x000a in 
_gui_support.so[f36fa000+25000]
trap #15: Data TLB miss fault

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable')
Architecture: hppa (parisc64)

Kernel: Linux 4.14.23+ (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=C 
(charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#718199: linux-image-3.9-0.bpo.1-kirkwood: mv643xx driver slow

[Martin Michlmayr]

* Christoph Egger  [2013-07-28 15:44]:
>   I've upgraded the kernel on my QNAP to 3.9. Unfortunately, network
> is now stuck around 1 MBit/s and I'm seeing lots of error messages in
> syslog like the ones below:
> 
> [  203.642744] mv643xx_eth_port mv643xx_eth_port.0 eth0: received packet 
> spanning multiple descriptors
> [  203.642783] mv643xx_eth_port mv643xx_eth_port.0 eth0: received packet 
> spanning multiple descriptors

Do you still have problems with current kernels?

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#887873: linux-image-4.9.0-5-marvell: frequent "usercopy: kernel memory overwrite attempt detected" on QNAP NAS (ARM)

[Andrew Lunn]

On Sun, Mar 04, 2018 at 06:41:57PM +0100, Martin Michlmayr wrote:
> A Debian user reported the following issue on QNAP TS-119P II with
> 4.9.65:
> 
> * Menno Finlay-Smits  [2018-01-21 23:08]:
> > Rsyncing files between 2 HDDs on a QNAP 119p with a fresh, minimal install 
> > of
> > stretch NAS (armel) causes the kernel to fail after ~20mins with a kernel
> > memory overwrite attempt (full error below). 
> > 
> > This happens reliably for any large rsync attempt. I have about 1TB of data 
> > to
> > copy between these 2 HDDs and have not managed to copy more than ~2% of the
> > total amount.
> > 
> > ** Kernel log:
> > 
> > [ 2775.213733] usercopy: kernel memory overwrite attempt detected to 
> > c29454e0 () (4294802208 bytes)

Not seen this before.

My first thought is that this actually looks like a userspace
problem. Userspace is passing 4294802208 bytes to the kernel. But the
kernel should of already sanity checked that before trying to copy it
into kernel space. This is also a Unix domain socket, which sounds odd
for rsync. And this is all generic code, nothing specific to kirkwood.

Has there been any similar reports on other targets?

Andrew

> > [ 2775.224095] [ cut here ]
> > [ 2775.228728] kernel BUG at 
> > /build/linux-myVvPm/linux-4.9.65/mm/usercopy.c:75!
> > [ 2775.235800] Internal error: Oops - BUG: 0 [#1] ARM
> > [ 2775.240604] Modules linked in: marvell ehci_orion mvmdio mv643xx_eth 
> > ehci_hcd of_mdio fixed_phy xhci_pci xhci_hcd marvell_cesa des_generic sg 
> > usbcore libphy m25p80 spi_nor orion_wdt usb_common kirkwood_thermal evdev 
> > gpio_keys ip_tables x_tables ipv6 autofs4 ext4 crc16 jbd2 crc32c_generic 
> > fscrypto ecb mbcache sd_mod sata_mv libata scsi_mod
> > [ 2775.271023] CPU: 0 PID: 601 Comm: rsync Not tainted 4.9.0-5-marvell #1 
> > Debian 4.9.65-3+deb9u2
> > [ 2775.279582] Hardware name: Marvell Kirkwood (Flattened Device Tree)
> > [ 2775.285870] task: c0d496c0 task.stack: d5ffe000
> > [ 2775.290418] PC is at __check_object_size+0x120/0x1d8
> > [ 2775.295401] LR is at __check_object_size+0x120/0x1d8
> > [ 2775.300382] pc : []lr : []psr: 6013
> >sp : d5fffdb8  ip :   fp : d508
> > [ 2775.311908] r10: d5ffe000  r9 : fffd7b20  r8 : c29454e0
> > [ 2775.317148] r7 : c291d000  r6 :   r5 : fffd7b20  r4 : c29454e0
> > [ 2775.323697] r3 : c0554fa0  r2 : c055a20c  r1 : c055094c  r0 : 0065
> > [ 2775.330247] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment 
> > none
> > [ 2775.337405] Control: 0005397f  Table: 1481  DAC: 0051
> > [ 2775.343168] Process rsync (pid: 601, stack limit = 0xd5ffe190)
> > [ 2775.349020] Stack: (0xd5fffdb8 to 0xd600)
> > [ 2775.353390] fda0:   
> > c04623b8 fffd7b20
> > [ 2775.361598] fdc0: 000294e8 fffd7b20 1000 d5fffec0 c29454e0 c0202360 
> > 0008 008eafe8
> > [ 2775.369812] fde0: dfc4a380 c291c000 0051 6908 d5fffec0 8000 
> > 0008 0008
> > [ 2775.378026] fe00: 1000  c0c26b40 1008 c0495cf7 c02fc3d0 
> > c0c26b40 d5fffec0
> > [ 2775.386240] fe20: d5fffec0  8008 c0c26b40 df782d80 d5fffeb8 
> > 0001 
> > [ 2775.394445] fe40: df782b40 c03a21d0 d5fffe64 0003 de65b2c0 8000 
> > 0008 8008
> > [ 2775.402651] fe60: 5a644f89      
> >  
> > [ 2775.410866] fe80: d2bebb80 d5fffeb8 de65b2c0 de65b2c0 df79caa0 008c1b00 
> > d5ffe000 
> > [ 2775.419080] fea0: 00512e6c c02ee92c d510 d528 de65b2c0 c02ee9cc 
> >  
> > [ 2775.427294] fec0: 0001 0008 8000 d508 0001 3b9aa9ee 
> >  
> > [ 2775.435499] fee0: 0040 d528   df79caa0 d588 
> > 8008 c0114048
> > [ 2775.443705] ff00: 8008  008c1b00 8008 0001  
> > 8008 d508
> > [ 2775.451909] ff20: 0001 3b9aa9ee df79caa0    
> >  
> > [ 2775.460116] ff40:    df79caa0 8008  
> > d588 c0114cb4
> > [ 2775.468321] ff60: df79caa0 008c1b00 8008 df79caa0 df79caa0 008c1b00 
> > 8008 c000f704
> > [ 2775.476527] ff80: d5ffe000 c0115b68   8008 00512e6c 
> > bedfb878 bedfb7f8
> > [ 2775.484733] ffa0: 0004 c000f560 00512e6c bedfb878 0004 008c1b00 
> > 8008 008c1b00
> > [ 2775.492947] ffc0: 00512e6c bedfb878 bedfb7f8 0004 00520a80 00512e84 
> > 0051095c 00512e6c
> > [ 2775.501161] ffe0:  bedfb69c 004c6978 b6ea3d1c 4010 0004 
> > 624f 624f
> > [ 2775.509384] [] (__check_object_size) from [] 
> > (copy_page_from_iter+0x2e8/0x3d0)
> > [ 2775.518388] [] (copy_page_from_iter) from [] 
> > (skb_copy_datagram_from_iter+0xfc/0x188)
> > [ 2775.527997] [] (skb_copy_datagram_from_iter) from [] 
> > (unix_stream_sendmsg+0x208/0x2f8)
> > [ 2775.537691] [] 

Bug#892058: debian-keyring: please automatically send reminder emails to people whose keys will expire soon

[Ximin Luo]

Package: debian-keyring
Version: 2018.01.24
Severity: wishlist
Tags: patch

Dear Maintainer,

For security, I set a short validity period on my key and renew this every year
by repeatedly extending the expiry date. However I keep forgetting to send the
key to keyring.debian.org, and it's the second time this has happened. Since
the keyring-maint team usually updates debian-keyring once a month, it means I
can't do any uploads for a month, which is pretty inconvenient.

I've attached a script that prints the soon-to-expire keys from 
debian-keyring.gpg.
You can run it like this:

$ ./dd-expiry "2 months" now
5394479DD3524C51 1520360331 2018-03-06T19:18:51+01:00
88237A6A53AB1B2E 1521137128 2018-03-15T19:05:28+01:00
2FD8BEDAC020EED1 1521756999 2018-03-22T23:16:39+01:00
FF55C8F4DAE92422 1522357905 2018-03-29T23:11:45+02:00
6C8F74AE87700B7E 1522940258 2018-04-05T16:57:38+02:00
9AF46B3025771B31 1523261856 2018-04-09T10:17:36+02:00
8CBF9A322861A790 1523450637 2018-04-11T14:43:57+02:00
D04BA3A00125D5C0 1523561253 2018-04-12T21:27:33+02:00
792152527B75921E 1524162229 2018-04-19T20:23:49+02:00
AB645F406286A7D0 1524227017 2018-04-20T14:23:37+02:00
965522B9D49AE731 1524351803 2018-04-22T01:03:23+02:00
9EDCC991D9AB457E 1524389562 2018-04-22T11:32:42+02:00
025AFE95AC9DF31B 1524721803 2018-04-26T07:50:03+02:00
0ABA650372FD9571 1524748809 2018-04-26T15:20:09+02:00
003A1A2DAA41085F 1525086689 2018-04-30T13:11:29+02:00
3F9219A67F36C68B 1525192781 2018-05-01T18:39:41+02:00
39091E8123CE1C09 1525312214 2018-05-03T03:50:14+02:00

It would be good if you could hook up the output of this script to an automatic
email reminder script, that emails those people to renew their keys.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

debian-keyring depends on no packages.

Versions of packages debian-keyring recommends:
ii  gnupg  2.2.5-1

debian-keyring suggests no packages.

-- no debconf information
#!/bin/sh
set -e
later=$(date -d "${1:-2 months}" +%s)
earlier=$(date -d "${2:-@0}" +%s)
now=$(date +%s)
gpg 2>/dev/null \
  --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg \
  --with-colons --fixed-list-mode --keyid-format=long \
  --list-keys |
grep ^pub |
cut -d: -f5,7 |
tr : ' ' | {
while read key exp; do
  if [ -n "$exp" -a "0$exp" -lt "$later" -a "0$exp" -gt "$earlier" ]; then
echo $key $exp $(date -d "@$exp" -Is);
  fi;
done
if [ "$earlier" -lt "$now" ]; then
  echo "--now--- $now $(date -Is)";
fi
} |
sort -k2

Bug#892059: apt-listchanges: [INTL:ru] Updated Russian translation

[Lev Lamberov]

Package: apt-listchanges
Version: 3.16
Severity: wishlist
Tags: l10n patch

Dear Maintainer,

please find the updated Russian translation of apt-listchanges
attached. The translation was updated by Galina Anikina
, the update was discussed in debian-l10n-russian
mailing list.

Regards,
Lev Lamberov

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), 
LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt-listchanges depends on:
ii  apt1.6~beta1
ii  debconf [debconf-2.0]  1.5.65
ii  debianutils4.8.4
ii  python33.6.4-1
ii  python3-apt1.4.0~beta3+b1
ii  python3-debconf1.5.65
ii  ucf3.0038

apt-listchanges recommends no packages.

Versions of packages apt-listchanges suggests:
ii  chromium [www-browser] 62.0.3202.89-1
ii  elinks [www-browser]   0.12~pre6-13
ii  exim4-daemon-light [mail-transport-agent]  4.90.1-1
ii  firefox [www-browser]  58.0.1-1+b1
ii  lynx [www-browser] 2.8.9dev16-3
ii  python3-gi 3.26.1-2
ii  rxvt-unicode [x-terminal-emulator] 9.22-3
ii  xterm [x-terminal-emulator]331-1

-- debconf information:
* apt-listchanges/email-format: text
* apt-listchanges/confirm: false
* apt-listchanges/reverse: false
* apt-listchanges/headers: false
* apt-listchanges/email-address: root
* apt-listchanges/frontend: pager
  apt-listchanges/no-network: false
* apt-listchanges/which: news
* apt-listchanges/save-seen: true
From 5667ddec9618a0d467c67293078f77361a68c6b4 Mon Sep 17 00:00:00 2001
From: Lev Lamberov 
Date: Sun, 4 Mar 2018 23:58:55 +0500
Subject: [PATCH] Update Russian translation

---
 po/ru.po | 171 ++-
 1 file changed, 93 insertions(+), 78 deletions(-)

diff --git a/po/ru.po b/po/ru.po
index 7630d5d..a14b606 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -12,20 +12,22 @@
 # Ilgiz Kalmetev , 2003.
 # Yuri Kozlov , 2008.
 # Sergey Alyoshin , 2014.
+# Galina Anikina , 2018.
+#
 msgid ""
 msgstr ""
 "Project-Id-Version: apt-listchanges NEW\n"
 "Report-Msgid-Bugs-To: apt-listchan...@packages.debian.org\n"
 "POT-Creation-Date: 2017-07-08 22:48+0200\n"
-"PO-Revision-Date: 2014-03-22 21:51+0400\n"
-"Last-Translator: Sergey Alyoshin \n"
-"Language-Team: Russian \n"
+"PO-Revision-Date: 2018-03-04 23:48+0500\n"
+"Last-Translator: Galina Anikina \n"
+"Language-Team: Debian L10n Russian \n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: KBabel 1.11.4\n"
-"Plural-Forms:  nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"X-Generator: Poedit 2.0.6\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
 
 #: ../apt-listchanges.py:62
@@ -36,7 +38,7 @@ msgstr "Неизвестный просмотрщик: %s"
 #: ../apt-listchanges.py:79
 #, python-format
 msgid "Cannot reopen /dev/tty for stdin: %s"
-msgstr ""
+msgstr "Не могу переоткрыть /dev/tty для стандартного потока ввода: %s"
 
 #: ../apt-listchanges.py:125
 #, python-format
@@ -54,11 +56,11 @@ msgstr "Замечания справочного характера"
 
 #: ../apt-listchanges.py:137
 msgid "apt-listchanges: News"
-msgstr "apt-listchanges: новости"
+msgstr "apt-listchanges: Новости"
 
 #: ../apt-listchanges.py:138
 msgid "apt-listchanges: Changelogs"
-msgstr "apt-listchanges: журнал изменений"
+msgstr "apt-listchanges: Журналы изменений"
 
 #: ../apt-listchanges.py:144
 #, python-format
@@ -68,7 +70,7 @@ msgstr "apt-listchanges: новости о %s"
 #: ../apt-listchanges.py:145
 #, python-format
 msgid "apt-listchanges: changelogs for %s"
-msgstr "apt-listchanges: журнал изменений %s"
+msgstr "apt-listchanges: журналы изменений %s"
 
 #: ../apt-listchanges.py:151
 msgid "Didn't find any valid .deb archives"
@@ -82,29 +84,31 @@ msgstr "%s: будет установлен заново"
 #: ../apt-listchanges.py:195
 #, python-format
 msgid "%(pkg)s: Version %(version)s has already been seen"
-msgstr "%(pkg)s: Version %(version)s уже встречалась"
+msgstr "%(pkg)s: Версия %(version)s уже встречалась"
 
 #: ../apt-listchanges.py:199
-#, fuzzy, python-format
+#, python-format
 #| msgid "%(pkg)s: Version %(version)s has already been seen"
 msgid ""
 "%(pkg)s: 

Bug#892060: Modifying archived bugs via blocks should fail before starting to block, rather than in the middle

[Don Armstrong]

Package: debbugs
Severity: normal

While putting blocking into #885135, #885310 was archived, so all
subsequent bugs were not properly blocked.

This should either fail early, and block no bugs, or skip the archived
bugs, and block the rest of the bugs.

-- 
Don Armstrong  https://www.donarmstrong.com

[T]he question of whether Machines Can Think, [...] is about as
relevant as the question of whether Submarines Can Swim.
 -- Edsger W. Dijkstra "The threats to computing science"

Bug#891661: maven: missing Depends on libcommons-cli-java

[Thorsten Glaser]

Hi Stephen,

>> Installing that library fixes it, so it’s just a missing Depends.
>
>Thanks for reporting this Thorsten, the dependency is present in
>version 3.5.2-2 (via libmaven3-core-java).

indeed it is, thanks. I guess that version had not hit my
mirror yet when I reported that, and the changelog did not
hint at it either.

bye,
//mirabilos
-- 
If Harry Potter gets a splitting headache in his scar
when he’s near Tom Riddle (aka Voldemort),
does Tom get pain in the arse when Harry is near him?
-- me, wondering why it’s not Jerry Potter………

Bug#877869: kirkwood-t5325.dts fixes for poweroff and sound device detection issues on HP T5325

[Martin Michlmayr]

* Kamal Wickramanayake  [2017-10-06 14:13]:
> I haven't submitted the changes to upstream. Appreciate if you release
> the package with a corrected kirkwood-t5325.dtb.

Can you please submit or get "bodhi" (or whoever wrote the patch) to
submit the patches upstream.  This is how it would flow into the
Debian kernel.

MAINTAINERS in the kernel source lists the maintainers for
ARM/Marvell Kirkwood

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#718196: linux-image-3.9-0.bpo.1-kirkwood: mv_cesa broken

[Martin Michlmayr]

* Ben Hutchings  [2013-07-28 21:31]:
> > FWIW:
> > http://lists.infradead.org/pipermail/linux-arm-kernel/2012-September/122873.html
> 
> Those fixes were applied in 3.10 and then backported in 3.9.9 and
> 3.2.48.

Sounds like this bug can be closed?

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#891855: fonts-monoid: installs no less than 4000 font files!

[Fabian Greffrath]

Hi again,

Am Sonntag, den 04.03.2018, 16:41 +0100 schrieb Fabian Greffrath:
> Alright, then I suggest to remove the Dollar, 0, 1, l and NoCalt
> variants as well, as there is currently no way to explicitely select
> them anyway.

I have pushed my changes so far to GIT. Please review and speak up if
you have any objections against this package split-up.

Cheers,

 - Fabian


signature.asc
Description: This is a digitally signed message part

Bug#892057: Fwd: Re: TS-x09 fails to boot when obtaining MAC

[Martin Michlmayr]

Fix:
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=13a55372b64e00e564a08d785ca87bd9d454ba30

- Forwarded message from Andrew Lunn  -

Date: Sun, 4 Mar 2018 19:17:41 +0100
From: Andrew Lunn 
To: Martin Michlmayr 
Cc: Gregory Clement , 
andriy.shevche...@linux.intel.com, linux-arm-ker...@lists.infradead.org
Subject: Re: TS-x09 fails to boot when obtaining MAC
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, 
DKIM_VALID_AU,T_RP_MATCHES_RCVD,T_SPF_HELO_TEMPERROR
autolearn=ham autolearn_force=no version=3.4.1

On Sun, Mar 04, 2018 at 06:20:18PM +0100, Martin Michlmayr wrote:
> Several Debian users reported that Debian 9 (4.9 kernel) fails to boot
> on their QNAP TS-x09 wheras Debian 8 (3.16) works fine.  One user
> provided the following kernel log with earlyprintk.  I suspect the
> issue was introduced in 4904dbda41c860fd117b20f3c48adb2780eee37e.

Hi Martin

Please see commit

13a55372b64e00e564a08d785ca87bd9d454ba30 in DaveM's net repo. This
should make its way to stable.

   Andrew

- End forwarded message -

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#891242: libquazip binary-any FTBFS: mv: cannot stat 'debian/*-doc/usr/share/doc/*-dev/html': No such file or directory

[Sergio Durigan Junior]

On Friday, February 23 2018, Adrian Bunk wrote:

> https://buildd.debian.org/status/package.php?p=libquazip=sid
>
> ...
> dh_installdocs
> find debian -name "*.md5" -delete
> # somehow the docs are installed to libquazip-dev which is not good since 
> there are two -dev packages
> mv debian/*-doc/usr/share/doc/*-dev/html debian/*-doc/usr/share/doc/*-doc
> mv: cannot stat 'debian/*-doc/usr/share/doc/*-dev/html': No such file or 
> directory
> make[1]: *** [debian/rules:65: override_dh_installdocs] Error 1

I looked into this and couldn't reproduce it locally, even after trying
building the package using different strategies.  The only thing I can
imagine could make any difference is to use $(CURDIR) in order to make
'mv' operate on fullpaths:

  mv $(CURDIR)/debian/*-doc/usr/share/doc/*-dev/html 
$(CURDIR)/debian/*-doc/usr/share/doc/*-doc
  rm -rf $(CURDIR)/debian/*-doc/usr/share/doc/*-dev

But I don't really see how this could help.  I'll see if I have more
time later to continue investigating.

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#891281: DO NOT use file format of /bin/sh for x32 detection!

[Thorsten Glaser]

On Sun, 4 Mar 2018, Earnie wrote:

> supplied.  As you say "it's a userland-only architecture" then it is up
> to userland to specify and not rely on the conveniences.  Allowing the

… eh, no. Also, I don’t think you understand the problem.

> precedent here will open up a maintenance nightmare.

More architectures like this are coming. This is easy.

> When specifying --build config.guess doesn't execute.  

Yes, I know.

> However config.sub does to try to normalize the triplet. And
> config.sub can be used to supply what you're looking to do.

No, it can’t.

In fact, I have, after sleeping over it, come to the
conclusion that, asides from distro-specific tools like
dpkg, the compiler targetting the system on which the
program is built is the ONLY tool exactly knowing what
the build system is, so I believe, now more strongly
than before, that CC_FOR_BUILD is correct here.

> > For --host= checking the compiler is an absolute must,
> > though. --target= must be manually passed, so that’s
> > indeed not needing consideration.
> 
> The --host is used to specify the unique build system set to use for a
> cross build environment.  In other words the executable being built will
> be hosted on the specified --host.  If the compiler doesn't exist to
> create those binaries then you need to create the build system.  The
> --target is used to build the build systems that create binaries for
> specified --host systems.

I think we have a communication problem here. You seem
to not understand what I write and insist on giving me
a rundown of the build/host/target flags.


Let me tl;dr for you:

• --target= is orthogonal to the x32 detection problem,
  because, if it differs from the other tuples, it must
  be given by hand anyway

• --host= must check the (possibly cross) compiler

• --build= after much consideration also must check
  the (not-cross) compiler


bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*

**Besuchen Sie uns auf der EuroCIS!**
27. Februar bis 01. März 2018, Messe Düsseldorf / **Halle 10,** ** Stand
F15**
Leading Trade Fair for Retail Technology
[www.tarent.de/eurocis](http://www.tarent.de/eurocis)

Wir empfehlen unsere Vorträge

?Preisbeobachtung, Händlermonitoring, Plagiaterkennung: Ihre
Wettbewerbsvorteile?
am 27. Februar, 14:00 Uhr im EuroCIS Forum / Halle 10, Stand F04

?Internet of Things ? Der Handel im Wandel?
am 01. März, 11:30 Uhr im Omnichannel Forum / Halle 10, Stand A70

*

**Visit us at EuroCIS!** 27th February to 1st March, 2018, Messe
Düsseldorf
/ **Hall 10,** ** Booth F15**
Leading Trade Fair for Retail Technology
[www.tarent.de/eurocis](http://www.tarent.de/eurocis)

We recommend our presentations

?Your view on prices, retailers and plagiarism: Competitive advantages
with
monitoring apps?
on 27th February, 2 pm at EuroCIS Forum / Hall 10, Booth F04

?Internet of Things ? Retailing in a Changing World?
on 1st March, 11:30 am at Omnichannel Forum / Hall 10, Booth A70

*

Bug#891882: For distributions managing dependencies like Debian, online software updates have to be switched off

[Volker Birk]

Hi,

the function for online software updates is meant to be switched on on
platforms only, which do not sport a dependency system, like Microsoft
Windows.

Platforms like Debian are expected to switch off online software updates
completely. They're neither helpful nor wanted.

Instead, it is necessary for such platforms to support packaging of the
following p≡p components:

- p≡p engine
- p≡p JSON adapter (in case of Debian)

Later on, p≡p JSON adapter will be replaced by p≡p Free Desktop adapter,
which is meant to sport the JSON interface as well as Qt and a newly
added dbus interface.

Yours,
VB.
-- 
Volker Birk, p≡p project
mailto:v...@pep-project.org
https://prettyeasyprivacy.com
https://pep.foundation


signature.asc
Description: PGP signature

Bug#892057: QNAP TS-x09 fails to boot (when obtaining MAC)

[Martin Michlmayr]

Package: linux
Version: 4.9.65-3
Severity: important

A number of Debian users reported that Debian stretch doesn't boot on
their QNAP TS-x09 whereas jessie works fine, e.g.

https://forum.qnap.com/viewtopic.php?f=147=138368
https://lists.debian.org/debian-arm/2018/02/msg00070.html

Debian user "Mopox" just sent me a log which I forwarded upstream.
(Unfortunately before I filed this bug... I'll update this bug later.)

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#892032: jessie-pu: package wayland/1.6.0-2

[Héctor Orón Martínez]

Hello,

2018-03-04 15:44 GMT+01:00 Emilio Pozuelo Monfort :
> On 04/03/18 12:46, Héctor Orón Martínez wrote:
>>
>> diff --git a/debian/changelog b/debian/changelog
>> index 645a4bc..b6409a8 100644
>> --- a/debian/changelog
>> +++ b/debian/changelog
>> @@ -1,3 +1,14 @@
>> +wayland (1.6.0-2+deb8u1) stretch; urgency=medium
>
> Distribution should be jessie.

Ouch! Right. Find new version attached


-- 
 Héctor Orón  -.. . -... .. .- -.   -.. . ...- . .-.. --- .--. . .-.
From c9f4eb1998a3b390c8b03df7c84f83608a3418fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Or=C3=B3n=20Mart=C3=ADnez?= 
Date: Sun, 4 Mar 2018 12:29:17 +0100
Subject: [PATCH] debian/patches/CVE-2017-16612.patch: fix cursor integer
 overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Héctor Orón Martínez 
---
 debian/changelog| 11 +
 debian/patches/CVE-2017-16612.patch | 47 +
 debian/patches/series   |  1 +
 3 files changed, 59 insertions(+)
 create mode 100644 debian/patches/CVE-2017-16612.patch
 create mode 100644 debian/patches/series

diff --git a/debian/changelog b/debian/changelog
index 645a4bc..0379671 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+wayland (1.6.0-2+deb8u1) jessie; urgency=medium
+
+  * debian/patches/CVE-2017-16612.patch: (Closes: #889681)
+- libXcursor before 1.1.15 has various integer overflows that could lead
+  to heap buffer overflows when processing malicious cursors, e.g., with
+  programs like GIMP. It is also possible that an attack vector exists
+  against the related code in cursor/xcursor.c in Wayland through
+  1.14.0.
+
+ -- Héctor Orón Martínez   Sun, 04 Mar 2018 12:27:36 +0100
+
 wayland (1.6.0-2) unstable; urgency=medium
 
   * Switch back to use upstream tarball.
diff --git a/debian/patches/CVE-2017-16612.patch b/debian/patches/CVE-2017-16612.patch
new file mode 100644
index 000..9d91f70
--- /dev/null
+++ b/debian/patches/CVE-2017-16612.patch
@@ -0,0 +1,47 @@
+commit 5d201df72f3d4f4cb8b8f75f980169b03507da38
+Author: Tobias Stoeckmann 
+Date:   Tue Nov 28 21:38:07 2017 +0100
+
+cursor: Fix heap overflows when parsing malicious files.
+
+It is possible to trigger heap overflows due to an integer overflow
+while parsing images.
+
+The integer overflow occurs because the chosen limit 0x1 for
+dimensions is too large for 32 bit systems, because each pixel takes
+4 bytes. Properly chosen values allow an overflow which in turn will
+lead to less allocated memory than needed for subsequent reads.
+
+See also: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
+Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=103961
+
+Signed-off-by: Tobias Stoeckmann 
+[Pekka: add link to the corresponding libXcursor commit]
+Signed-off-by: Pekka Paalanen 
+
+diff --git a/cursor/xcursor.c b/cursor/xcursor.c
+index ca41c4a..689c702 100644
+--- a/cursor/xcursor.c
 b/cursor/xcursor.c
+@@ -202,6 +202,11 @@ XcursorImageCreate (int width, int height)
+ {
+ XcursorImage*image;
+ 
++if (width < 0 || height < 0)
++   return NULL;
++if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
++   return NULL;
++
+ image = malloc (sizeof (XcursorImage) +
+ 		width * height * sizeof (XcursorPixel));
+ if (!image)
+@@ -482,7 +487,8 @@ _XcursorReadImage (XcursorFile		*file,
+ if (!_XcursorReadUInt (file, ))
+ 	return NULL;
+ /* sanity check data */
+-if (head.width >= 0x1 || head.height > 0x1)
++if (head.width > XCURSOR_IMAGE_MAX_SIZE  ||
++	head.height > XCURSOR_IMAGE_MAX_SIZE)
+ 	return NULL;
+ if (head.width == 0 || head.height == 0)
+ 	return NULL;
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..4c42ec7
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2017-16612.patch
-- 
2.16.2

Bug#826994: Updated Patch for 0.7.6-1

[Chris Dos]

I've attached the updated patch to compile against 0.7.6-1.
diff --git a/debian/rules b/debian/rules
index f445b58..ecb9448 100755
--- a/debian/rules
+++ b/debian/rules
@@ -112,6 +112,31 @@ override_dh_auto_install:
 	chmod a-x $(CURDIR)/debian/tmp/etc/zfs/zfs-functions
 	chmod a-x $(CURDIR)/debian/tmp/etc/default/zfs
 
+override_dh_installinit:
+	@# Install the /etc/init.d/zfs-import script.
+	dh_installinit -pzfsutils-linux --onlyscripts --name=zfs-import \
+	--no-restart-on-upgrade --no-start
+
+	@# Install the /etc/init.d/zfs-mount script.
+	dh_installinit -pzfsutils-linux --onlyscripts --name=zfs-mount \
+	--no-restart-on-upgrade --no-start
+
+	@# Install the /etc/init.d/zfs-share script.
+	# Disabled, as it does not start on install due to zfs-zed not
+	# being installed yet, and zfs-zed depends on zfsutils-linux.
+	# Error report:
+	# insserv: Service zfs-zed has to be enabled to start service zfs-share
+	# insserv: exiting now!
+	#dh_installinit -pzfsutils-linux --onlyscripts --name=zfs-share \
+	#  --no-restart-on-upgrade --no-start
+
+	@# Add a dummy (link to /dev/null) for zfs-import.service
+	ln -s /dev/null $(CURDIR)/debian/zfsutils-linux/lib/systemd/system/zfs-import.service
+
+	@# Install the ZED init file.
+	dh_installinit -pzfs-zed --onlyscripts --name=zfs-zed \
+	--no-restart-on-upgrade --no-start
+
 override_dh_dkms:
	dh_dkms -V $(DEB_VERSION_UPSTREAM)
 
diff --git a/debian/zfs-zed.install b/debian/zfs-zed.install
index b7c1fa9..998471b 100644
--- a/debian/zfs-zed.install
+++ b/debian/zfs-zed.install
@@ -1,4 +1,5 @@
 etc/zfs/zed.d/*
+etc/init.d/zfs-zed
 lib/systemd/system/zfs-zed.service
 usr/lib/*/zfs/zed.d/*
 usr/sbin/zed
diff --git a/debian/zfsutils-linux.install b/debian/zfsutils-linux.install
index b985ade..2cc4cb4 100644
--- a/debian/zfsutils-linux.install
+++ b/debian/zfsutils-linux.install
@@ -1,6 +1,8 @@
 ../tree/zfsutils-linux/* /
 etc/default/zfs
 etc/zfs/zfs-functions
+etc/init.d/zfs-import
+etc/init.d/zfs-mount
 etc/zfs/zpool.d/
 lib/systemd/system-preset/
 lib/systemd/system/zfs-import-cache.service
diff --git a/etc/init.d/zfs-zed.in b/etc/init.d/zfs-zed.in
index d0086ee..a5bb2e3 100755
--- a/etc/init.d/zfs-zed.in
+++ b/etc/init.d/zfs-zed.in
@@ -10,6 +10,8 @@
 # Provides:  zfs-zed
 # Required-Start:zfs-mount
 # Required-Stop: zfs-mount
+# Required-Start:$local_fs zfs-mount
+# Required-Stop: $local_fs zfs-mount
 # Default-Start: 2 3 4 5
 # Default-Stop:  0 1 6
 # X-Stop-After:  zfs-share
diff --git a/etc/init.d/zfs-functions.in b/etc/init.d/zfs-functions.in
index 97f2ea0..589cb6d 100644
--- a/etc/init.d/zfs-functions.in
+++ b/etc/init.d/zfs-functions.in
@@ -89,7 +89,7 @@ fi
 
 # Paths to what we need
 ZFS="@sbindir@/zfs"
-ZED="@sbindir@/zed"
+ZED="/usr/sbin/zed"
 ZPOOL="@sbindir@/zpool"
 ZPOOL_CACHE="@sysconfdir@/zfs/zpool.cache"
 

Bug#891987: [Pkg-emacsen-addons] Bug#891987: dh-make-elpa: better handling of debhelper version

[Sean Whitton]

control: tag -1 -patch +moreinfo +help
control: retitle -1 Use debhelper compat level 11

Hello,

On Sun, Mar 04 2018, Lev Lamberov wrote:

> I cannot confirm that I reviewed all the changes carefully enough, but
> as I can see nothing needs to be changed about ELPA packages. By the
> way, since dh 11 was released (that is, its status changed from beta
> to, well... production?) I use it for my ELPA packages and I had no
> issues with it.

Okay.  I'd prefer to be conservative here and not update the default
compat until we have confirmed there aren't other changes required.

It's not as if compat 11 brings elpa packages a pile of benefits, AFAIK,
so let's avoid breaking anything.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#887873: linux-image-4.9.0-5-marvell: frequent "usercopy: kernel memory overwrite attempt detected" on QNAP NAS (ARM)

[Martin Michlmayr]

A Debian user reported the following issue on QNAP TS-119P II with
4.9.65:

* Menno Finlay-Smits  [2018-01-21 23:08]:
> Rsyncing files between 2 HDDs on a QNAP 119p with a fresh, minimal install of
> stretch NAS (armel) causes the kernel to fail after ~20mins with a kernel
> memory overwrite attempt (full error below). 
> 
> This happens reliably for any large rsync attempt. I have about 1TB of data to
> copy between these 2 HDDs and have not managed to copy more than ~2% of the
> total amount.
> 
> ** Kernel log:
> 
> [ 2775.213733] usercopy: kernel memory overwrite attempt detected to c29454e0 
> () (4294802208 bytes)
> [ 2775.224095] [ cut here ]
> [ 2775.228728] kernel BUG at 
> /build/linux-myVvPm/linux-4.9.65/mm/usercopy.c:75!
> [ 2775.235800] Internal error: Oops - BUG: 0 [#1] ARM
> [ 2775.240604] Modules linked in: marvell ehci_orion mvmdio mv643xx_eth 
> ehci_hcd of_mdio fixed_phy xhci_pci xhci_hcd marvell_cesa des_generic sg 
> usbcore libphy m25p80 spi_nor orion_wdt usb_common kirkwood_thermal evdev 
> gpio_keys ip_tables x_tables ipv6 autofs4 ext4 crc16 jbd2 crc32c_generic 
> fscrypto ecb mbcache sd_mod sata_mv libata scsi_mod
> [ 2775.271023] CPU: 0 PID: 601 Comm: rsync Not tainted 4.9.0-5-marvell #1 
> Debian 4.9.65-3+deb9u2
> [ 2775.279582] Hardware name: Marvell Kirkwood (Flattened Device Tree)
> [ 2775.285870] task: c0d496c0 task.stack: d5ffe000
> [ 2775.290418] PC is at __check_object_size+0x120/0x1d8
> [ 2775.295401] LR is at __check_object_size+0x120/0x1d8
> [ 2775.300382] pc : []lr : []psr: 6013
>sp : d5fffdb8  ip :   fp : d508
> [ 2775.311908] r10: d5ffe000  r9 : fffd7b20  r8 : c29454e0
> [ 2775.317148] r7 : c291d000  r6 :   r5 : fffd7b20  r4 : c29454e0
> [ 2775.323697] r3 : c0554fa0  r2 : c055a20c  r1 : c055094c  r0 : 0065
> [ 2775.330247] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment 
> none
> [ 2775.337405] Control: 0005397f  Table: 1481  DAC: 0051
> [ 2775.343168] Process rsync (pid: 601, stack limit = 0xd5ffe190)
> [ 2775.349020] Stack: (0xd5fffdb8 to 0xd600)
> [ 2775.353390] fda0:   
> c04623b8 fffd7b20
> [ 2775.361598] fdc0: 000294e8 fffd7b20 1000 d5fffec0 c29454e0 c0202360 
> 0008 008eafe8
> [ 2775.369812] fde0: dfc4a380 c291c000 0051 6908 d5fffec0 8000 
> 0008 0008
> [ 2775.378026] fe00: 1000  c0c26b40 1008 c0495cf7 c02fc3d0 
> c0c26b40 d5fffec0
> [ 2775.386240] fe20: d5fffec0  8008 c0c26b40 df782d80 d5fffeb8 
> 0001 
> [ 2775.394445] fe40: df782b40 c03a21d0 d5fffe64 0003 de65b2c0 8000 
> 0008 8008
> [ 2775.402651] fe60: 5a644f89      
>  
> [ 2775.410866] fe80: d2bebb80 d5fffeb8 de65b2c0 de65b2c0 df79caa0 008c1b00 
> d5ffe000 
> [ 2775.419080] fea0: 00512e6c c02ee92c d510 d528 de65b2c0 c02ee9cc 
>  
> [ 2775.427294] fec0: 0001 0008 8000 d508 0001 3b9aa9ee 
>  
> [ 2775.435499] fee0: 0040 d528   df79caa0 d588 
> 8008 c0114048
> [ 2775.443705] ff00: 8008  008c1b00 8008 0001  
> 8008 d508
> [ 2775.451909] ff20: 0001 3b9aa9ee df79caa0    
>  
> [ 2775.460116] ff40:    df79caa0 8008  
> d588 c0114cb4
> [ 2775.468321] ff60: df79caa0 008c1b00 8008 df79caa0 df79caa0 008c1b00 
> 8008 c000f704
> [ 2775.476527] ff80: d5ffe000 c0115b68   8008 00512e6c 
> bedfb878 bedfb7f8
> [ 2775.484733] ffa0: 0004 c000f560 00512e6c bedfb878 0004 008c1b00 
> 8008 008c1b00
> [ 2775.492947] ffc0: 00512e6c bedfb878 bedfb7f8 0004 00520a80 00512e84 
> 0051095c 00512e6c
> [ 2775.501161] ffe0:  bedfb69c 004c6978 b6ea3d1c 4010 0004 
> 624f 624f
> [ 2775.509384] [] (__check_object_size) from [] 
> (copy_page_from_iter+0x2e8/0x3d0)
> [ 2775.518388] [] (copy_page_from_iter) from [] 
> (skb_copy_datagram_from_iter+0xfc/0x188)
> [ 2775.527997] [] (skb_copy_datagram_from_iter) from [] 
> (unix_stream_sendmsg+0x208/0x2f8)
> [ 2775.537691] [] (unix_stream_sendmsg) from [] 
> (sock_sendmsg+0x3c/0x50)
> [ 2775.545903] [] (sock_sendmsg) from [] 
> (sock_write_iter+0x8c/0xb4)
> [ 2775.553771] [] (sock_write_iter) from [] 
> (new_sync_write+0xc0/0xe4)
> [ 2775.561810] [] (new_sync_write) from [] 
> (vfs_write+0xc0/0x194)
> [ 2775.569414] [] (vfs_write) from [] 
> (SyS_write+0x44/0x7c)
> [ 2775.576497] [] (SyS_write) from [] 
> (ret_fast_syscall+0x0/0x38)
> [ 2775.584098] Code: e59f10a0 01a01000 e59f009c ebff04bf (e7f001f2)
> [ 2775.590218] ---[ end trace 9c6c6370c712b384 ]---

> 
> ** Network status:
> *** IP interfaces and addresses:
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
> default qlen 1
> 

Bug#723042: QNAP still not booting

[Martin Michlmayr]

* Christoph Egger  [2014-08-22 21:32]:
> FWIW it still doesn't boot. I'll buy a jtag adapter post-debconf so I
> can get anything out of it that might b usefull

This bug report is quite old.

There are users running Debian jessie (3.16) and stretch (4.9)
successfully on QNAP TS-41x hardware.

Do you still have problems?

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#889396: Pending fixes for bugs in the maven package

[pkg-java-maintainers]

tag 889396 + pending
thanks

Some bugs in the maven package are closed in revision
c05e4f4a584fe32980c7963cd8f28fe77e5ee84a in branch 'master' by
Stephen Kitt

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/maven.git/commit/?id=c05e4f4

Commit message:

Update uploaders (closes: #889396)

Signed-off-by: Stephen Kitt 

Bug#892056: ITP: r-cran-emmeans -- GNU R estimated marginal means, aka least-squares means

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: r-cran-emmeans
  Version : 1.1.2
  Upstream Author : Russell Lenth 
* URL : https://cran.r-project.org/package=emmeans
* License : GPL
  Programming Lang: GPL
  Description : GNU R estimated marginal means, aka least-squares means
 Obtain estimated marginal means (EMMs) for many linear, generalized
 linear, and mixed models. Compute contrasts or linear functions of EMMs,
 trends, and comparisons of slopes. Plots and compact letter displays.
 Least-squares means are discussed, and the term "estimated marginal means"
 is suggested, in Searle, Speed, and Milliken (1980) Population marginal means
 in the linear model: An alternative to least squares means, The American
 Statistician 34(4), 216-221 .


Remark: This package is needed to upgrade r-cran-afex to the latest upstream
version.  It will be maintained by the r-pkg team at
https://salsa.debian.org/r-pkg-team/r-cran-emmeans

Bug#891810: hplip not installable without systemd

[Brian Potkin]

On Sun 04 Mar 2018 at 15:44:12 +0100, Didier 'OdyX' Raboud wrote:

> Le dimanche, 4 mars 2018, 13.54:27 h CET Jonas Smedegaard a écrit :
> > Is PolicyKit _required_ for _all_ uses of hplip?
> 
> Good question. I'll admit I was put off my the (exhausting) 'systemd' 
> argument, and hadn't checked what exactly was done with PolicyKit.
> 
> My reading is that PolicyKit is used to grant privilege to run `hp-plugin` 
> for 
> plugin download, thereby avoiding the need for sudo.
> 
> So no, definitely not _required_.
> 
> > Otherwise I believe hplip should only recommend policykit: The purpose
> > of "Recommends" is to permit "exotic" uses, which I believe this is -
> > unless hplip *cannot* work *at* *all* wothout PolicyKit in place.
> 
> We don't agree on what constitutes "exotic" use of hplip. Oh well… I suspect 
> a 
> Recommends is good enough. I'll upload that demotion later today. Just don't 
> expect that demotion to withhold too many "I can't run hp-plugin" bugs. :)

Most users install recommended packages. Those that don't (like me)
have to face the consequences.

Moving to something else brought up in this report: is it really
necessary for the hpps filter to be in hplip? Could it not be put
in printer-driver-postscript-hp as is done for the filter hpcups
in printer-driver-hpcups. (And - if you are in an energetic mood :)
there is #890930 too).

Regards,

Brian.

Bug#891281: DO NOT use file format of /bin/sh for x32 detection!

[Earnie]

On 3/3/2018 10:13 PM, Thorsten Glaser wrote:
> On Thu, 1 Mar 2018, James Clarke wrote:
> 
>> x32, so it's not a *pure* system, but build=host=target=x32.
> 
> Well, “pure” x32 systems don’t exist, as it’s a userland-only
> architecture, the kernel is simply amd64 for example. Same for
> arm64ilp32 and arm64/aarch64 and perhaps(?) MIPS n32/n64.
> 
> Worse, x32 users are expected to run mixed (Multi-Arch)
> systems, usually with amd64, though mine uses i386 for
> those binaries not working with x32 yet.
> 

Having re-read the thread in the online archive, I don't see any
indication of what the uname parts are but that doesn't matter.  The
only purpose for config.guess is as a convenience when no --build is
supplied.  As you say "it's a userland-only architecture" then it is up
to userland to specify and not rely on the conveniences.  Allowing the
precedent here will open up a maintenance nightmare.

> But this is not even the case here: the x32 binary of any
> utility built with klibc is indistinguishable from the
> amd64 binary of the same utility built with klibc because
> klibc treats x32 as amd64.
> 

Same comment as above.

> 
> For --build= I agree checking the compiler isn’t usually
> necessary, and the build system should be similar enough
> to amd64, so checking a binary is a somewhat(!) sensible
> approach. I’d suggest checking the uname binary, since
> it’s unlikely to be built into the shell and called from
> config.guess anyway, or perhaps $CC, although that could
> have arguments so only its first word.
> 

When specifying --build config.guess doesn't execute.  However
config.sub does to try to normalize the triplet.  And config.sub can be
used to supply what you're looking to do.

According the the GNU Coding Standard, I should be able to do the
following and get a corresponding triplet for the build:
$ configure linux-amd64ilp32

This doesn't give you the convenience of config.guess but does allow for
specifying to configure what you're trying to accomplish.

> 
> For --host= checking the compiler is an absolute must,
> though. --target= must be manually passed, so that’s
> indeed not needing consideration.
> 

The --host is used to specify the unique build system set to use for a
cross build environment.  In other words the executable being built will
be hosted on the specified --host.  If the compiler doesn't exist to
create those binaries then you need to create the build system.  The
--target is used to build the build systems that create binaries for
specified --host systems.

-- 
Earnie

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

[Moritz Mühlenhoff]

On Thu, Feb 15, 2018 at 09:53:25PM +0530, Pirate Praveen wrote:
> On വ്യാഴം 15 ഫെബ്രുവരി 2018 12:07 രാവിലെ, Moritz Mühlenhoff wrote:
> > What's the status?
> > Cheers,
> > Moritz
> Some cve patches are backported, but help is welcome,
> https://salsa.debian.org/ruby-team/gitlab/tree/master-8-13

We're now almost two months in after the upstream security
release. If this still isn't ready, that's a sign to me
that we can' reasonably support it, so the next best option
is to end-of-life it and eventually ask for it's removal
from stretch.

Cheers,
Moritz

Bug#892055: ITP: keepass2-plugin-keepasshttp -- KeePass plugin to expose password entries securely over HTTP

[Julian Taylor]

Package: wnpp
Severity: wishlist
Owner: Julian Taylor 

* Package name: keepass2-plugin-keepasshttp
  Version : 1.8.4.2
  Upstream Author : Perry Nguyen 
* URL : https://github.com/pfn/keepass
* License : GPL3
  Programming Lang: C#
  Description : KeePass plugin to expose password entries securely over HTTP

 KeePassHttp is a plugin for KeePass 2.x and provides a secure means of
 exposing KeePass entries via HTTP for clients to consume.
 Features:
  - returns all matching entries for a given URL 
  - updates entries
  - secure exchange of entries
  - notifies user if entries are delivered
  - user can allow or deny access to single entries
  - works only if the database is unlocked
  - request for unlocking the database if it is locked while connecting
  - searches in all opened databases (if user activates this feature)
  - Whenever events occur, the user is prompted either by tray notification or
requesting interaction (allow/deny/remember).



signature.asc
Description: OpenPGP digital signature

Bug#892054: [spacefm] v1.0.6 available

[OmegaPhil]

Package: spacefm
Version: 1.0.5-2
Severity: wishlist

Quick ping to indicate the next version of SpaceFM has been released:
https://ignorantguru.github.io/spacefm/news.html#1.0.6



signature.asc
Description: OpenPGP digital signature

Bug#891982: xchat: Intent to file removal bug

[John Paul Adrian Glaubitz]

On 03/04/2018 05:26 PM, Jeremy Bicha wrote:
> 1. "in the maintainer's opinion, makes the package unsuitable for release" [1]

Didn't you say there is no longer an upstream maintainer?

Please note we have had similar cases with other packages where the maintainer
of a forked project or the original project was attacking the fork or vice
versa. This alone isn't an argument.

> 2. "introduces a security hole on systems where you install the packages" [2]

That's why I was specifically asking for a particular issue you are seeing
with the bug. Again, the maintainer of the fork ranting alone is not
a justification enough.

> 3. Multiple copies of the same code base [3]

There are so many other multiple copies of code in Debian (i.e. xemacs21)
that this single leaf package doesn't really make a difference.

> 4. Although not specified in Debian Policy, I believe the Debian
> Project generally does not wish to see "unmaintainable" software in
> Debian, especially if there are maintainable alternatives.

I don't see how this package is unmaintainable. Do you think that
Gianfranco is not up to the job to take care of a simple package like
xchat?

Are we now questioning the skills of each other in public?

> 5. I'm definitely nitpicking here, but the new Debian maintainer did
> not completely follow the Developers Reference practice for
> re-introducing a package by filing an ITP and CCing debian-devel. [4]
> Therefore, in my opinion, the Debian project never collectively agreed
> to xchat's reintroduction to Debian.

Yes, you are nitpicking. Because the Debian Project doesn't have to
give their consent to let a package in the archive. That's the job
of Debian's FTP masters.

>> I don't think a rant posted on reddit by the author of a fork
>> is justified enough to ask for a package to be removed from
>> the archive.
> 
> The author posted his opinion to his personal blog and did not
> directly start the reddit discussion. Also, that author is the subject
> matter expert here and I think we should give due deference to his
> understanding of the security issues present in xchat for which he did
> not seek CVE designations.

If he is an expert, why didn't he even bother posting a single valid
example where xchat is insecure and posing a risk to its users.

If there are valid vulnerabilities, it shouldn't a problem to list
them.

>> As long as there aren't any serious policy or security issues,
>> Debian usually doesn't impose any limitations on what packages
>> get maintained in the archive and which not.
> 
> Yes, I'm well aware of your position since I've read the reddit discussion.
> 
> However, your characterization of Debian's practice is inaccurate. For
> instance, I'm helping to remove hundreds of packages from Debian right
> now. The packages often are maintained more or less in Debian but have
> had no upstream development for years. [5]

Wasn't there recently a discussion on debian-devel that was started
that people were complaining about packages getting removed way too
quickly?

I really don't think that your reasoning is acceptable. None of the
the points you mentioned above list actual problems. Both you and
the maintainer of the fork fail to list any actual vulnerabilities.

And, to be honest, I would find it more constructive to take care
of packages like mozjs52 which have are far more important than
a leaf package like xchat yet they haven't seen any fixes and uploads
for months with bug reports remaining unanswered.

Thanks,
Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#892053: libtcod-dev: Debian Buster: external/pstdint.h not found

[Matthew Lugg]

Package: libtcod-dev
Version: 1.6.4+dfsg-2
Severity: important
Tags: patch

Dear Maintainer,

   When attempting to use a project which makes use of libtcod, I
   encountered the error `external/pstdint.h: No such file or
   directory`. This is an issue in libtcod_portability.h which affects
   Debian Buster and potentially other versions (untested). It can be
   easily resolved by changing `#include external/pstdint.h` on line
   138 to `#include pstdint.h`.

   Thanks!

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libtcod-dev depends on:
ii  libtcod0  1.6.4+dfsg-2

libtcod-dev recommends no packages.

libtcod-dev suggests no packages.

-- no debconf information

Bug#891956: log eclipse no starting -ClassNotFoundException:

[Gustavo Castro]

!SESSION Fri Mar 02 18:36:55 CST 2018 
--

!ENTRY org.eclipse.equinox.launcher 4 0 2018-03-02 18:36:55.263
!MESSAGE Exception launching the Eclipse Platform:
!STACK
java.lang.ClassNotFoundException: 
org.eclipse.core.runtime.adaptor.EclipseStarter

    at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:626)
    at org.eclipse.equinox.launcher.Main.basicRun(Main.java:584)
    at org.eclipse.equinox.launcher.Main.run(Main.java:1438)
    at org.eclipse.equinox.launcher.Main.main(Main.java:1414)

Bug#891982: xchat: Intent to file removal bug

[Jeremy Bicha]

On Sun, Mar 4, 2018 at 10:14 AM, John Paul Adrian Glaubitz
 wrote:
> Could you provide any references to bug reports which indicates
> that there are problems with the xchat package which make it
> unfit for release or violate against any of the points mentioned
> in the Debian Policy?

1. "in the maintainer's opinion, makes the package unsuitable for release" [1]

2. "introduces a security hole on systems where you install the packages" [2]

3. Multiple copies of the same code base [3]

4. Although not specified in Debian Policy, I believe the Debian
Project generally does not wish to see "unmaintainable" software in
Debian, especially if there are maintainable alternatives.

5. I'm definitely nitpicking here, but the new Debian maintainer did
not completely follow the Developers Reference practice for
re-introducing a package by filing an ITP and CCing debian-devel. [4]
Therefore, in my opinion, the Debian project never collectively agreed
to xchat's reintroduction to Debian.

> I don't think a rant posted on reddit by the author of a fork
> is justified enough to ask for a package to be removed from
> the archive.

The author posted his opinion to his personal blog and did not
directly start the reddit discussion. Also, that author is the subject
matter expert here and I think we should give due deference to his
understanding of the security issues present in xchat for which he did
not seek CVE designations.

> As long as there aren't any serious policy or security issues,
> Debian usually doesn't impose any limitations on what packages
> get maintained in the archive and which not.

Yes, I'm well aware of your position since I've read the reddit discussion.

However, your characterization of Debian's practice is inaccurate. For
instance, I'm helping to remove hundreds of packages from Debian right
now. The packages often are maintained more or less in Debian but have
had no upstream development for years. [5]


References
--
[1] https://release.debian.org/buster/rc_policy.txt
Specifically, Sven Hoexter, as acting Maintainer, made this
determination in https://bugs.debian.org/811007

[2] https://release.debian.org/buster/rc_policy.txt

[3] Somewhat addressed in Debian Policy § 4.13 and its footnote

[4] § 5.9.6 and § 5.9.1
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#reintroducing-pkgs
Which also says "It may indicate that the best way forward is to
switch to some other piece of software instead of reintroducing the
package. "

[5] https://lists.debian.org/debian-devel/2018/02/msg00169.html

Thanks,
Jeremy Bicha

Bug#873218: FTBFS with Java 9

[Alexandre Rossi]

Hi,

>> This package fails to build with default-jdk pointing to openjdk-9-jdk.
>
> The new upstream version 4.8.2 seems to build well. Can you confirm this?

This is fixed for me, feel free to reopen if I'm mistaken.

Alex

Bug#892052: Please add support for the flit build system

[Julien Puydt]

Package: dh-python
Version: 2.20170125
Severity: wishlist

The flit build system is for trivial packages, so it would be nice if
pybuild could auto-detect its use and do things itself.

I have had good results with the following code in d/rules for the
terminado package:

export PYBUILD_NAME=terminado
export PYBUILD_SYSTEM=custom
export PYBUILD_DISABLE=configure build clean
export PYBUILD_INSTALL_ARGS=mkdir -p
{destdir}/usr/lib/python{version}/dist-packages/ && \
  cp -R $(PYBUILD_NAME) {destdir}/usr/lib/python{version}/dist-packages/
&& \
  sed -e 's/VERSION/$(VERSION)/g' debian/$(PYBUILD_NAME).egg-info > \

{destdir}/usr/lib/python{version}/dist-packages/$(PYBUILD_NAME)-$(VERSION).egg-info

with the following in d/terminado.egg-info:
Metadata-Version: 1.2
Name: terminado
Version: VERSION
Summary: Terminals served to term.js using Tornado websockets
Home-page: https://github.com/jupyter/terminado
License: BSD-2-clause
Author: Jupyter development team
Description: UNKNOWN
Platform: UNKNOWN

which could probably be auto-generated using the content of
pyproject.toml and $(PYBUILD_NAME)/__init__.py (to get the version).

Thanks,

Snark on #debian-python

Bug#892051: prelude-utils: fails to upgrade from 'stable' to 'sid' - trying to overwrite /etc/prelude/default/client.conf

[Andreas Beckmann]

Package: prelude-utils
Version: 4.1.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'stable'.
It installed fine in 'stable', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/#overwriting-files-and-replacing-packages-replaces

This test intentionally skipped 'testing' to find file overwrite
problems before packages migrate from 'unstable' to 'testing'.

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package prelude-utils.
  Preparing to unpack .../prelude-utils_4.1.0-1_amd64.deb ...
  Unpacking prelude-utils (4.1.0-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/prelude-utils_4.1.0-1_amd64.deb (--unpack):
   trying to overwrite '/etc/prelude/default/client.conf', which is also in 
package libprelude2 1.0.0-11.9
  dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/prelude-utils_4.1.0-1_amd64.deb


cheers,

Andreas


libprelude2=1.0.0-11.9_prelude-utils=4.1.0-1.log.gz
Description: application/gzip

Bug#892050: python3-panko: missing Breaks+Replaces: python-panko (<< 3.1.0-3)

[Andreas Beckmann]

Package: python3-panko
Version: 3.1.0-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package python3-panko.
  Preparing to unpack .../84-python3-panko_3.1.0-3_all.deb ...
  Unpacking python3-panko (3.1.0-3) ...
  dpkg: error processing archive 
/tmp/apt-dpkg-install-GqeDoy/84-python3-panko_3.1.0-3_all.deb (--unpack):
   trying to overwrite '/usr/bin/panko-api', which is also in package 
python-panko 3.1.0-2
  Errors were encountered while processing:
   /tmp/apt-dpkg-install-GqeDoy/84-python3-panko_3.1.0-3_all.deb


cheers,

Andreas


python-panko=3.1.0-2_python3-panko=3.1.0-3.log.gz
Description: application/gzip