Bug#702030: Please automatically enable AppArmor when the userspace tools are installed

[intrigeri]

Hi Jonas & team,

thanks for your interest!

Jonas Meurer:
> Since we hit the Buster freeze today and apparmor still is enabled per
> default in Buster (yay \o/ ) due to a Recommends by the linux-image
> package, I think this bugreport became moot and can be closed, right?

> Same probably holds true for #754730.

Before closing these 2 bugs, I wanted to wait for Buster to be
actually released with this change: there's still a possibility that
enough new RC bugs lead the Release Team to ask the src:linux
maintainers to revert the aforementioned Recommends (+ the kernel
config bits that enable AppArmor by default).

But perhaps I'm a tad too cautious :) Happy to let you make the
decision with this in mind. We can always reopen bugs anyway.

> If that's correct, then https://wiki.debian.org/AppArmor/HowToUse should
> be updated as well, particularly the paragraph "Enable AppArmor".

Good catch, done. You might be also interested in #874873.

> I also filed a merge request against release notes, adding a short
> paragraph about AppArmor being enabled per default in Buster, reviews
> welcome:

> https://salsa.debian.org/ddp-team/release-notes/merge_requests/6

Funny race condition: I've just filed #924450. See you there :)

Cheers,
-- 
intrigeri

Bug#924420: fonts-myanmar: We need RFS

[kokoye2007]

Package: fonts-myanmar
Version: 0.1-1
Followup-For: Bug #924420

  Subject: RFS: fonts-myanmar/0.1-1 [ITP] -- Prease Sponsor for myanmar-font 
pack


  Package: sponsorship-requests
  Severity: wishlist

  Dear mentors,

  I am looking for a sponsor for my package "fonts-myanmar"

 * Package name: fonts-myanmar
   Version : 0.1-1
   Upstream Author : kokoye2007 
 * URL : https://salsa.debian.org/kokoye2007-guest/fonts-myanmar/
 * License : GPL3
   Section : fonts

  It builds those binary packages:

fonts-myanmar - Myanmar fonts collection
fonts-myanmar-zawgyi - Myanmar font Zawgyi One v2008;
fonts-myanmar-myanmar3 - Myanmar fonts Myanmar3
fonts-myanmar-myanmarcensus - Myanmar fonts Myanmar Census
fonts-myanmar-pyidaungsu - fonts Pyidaungsu
fonts-myanmar-unicode - Myanmar Unicode fonts
fonts-myanmar-ayar - Myanmar fonts ayar
fonts-myanmar-angoun - Myanmar fonts angoun
fonts-myanmar-chatulight - Myanmar fonts chatulight
fonts-myanmar-chatu - Myanmar fonts chatu
fonts-myanmar-gantgaw - Myanmar fonts gantgaw
fonts-myanmar-khyay - Myanmar fonts khyay
fonts-myanmar-kuttar - Myanmar fonts kuttar
fonts-myanmar-nayone - Myanmar fonts nayone
fonts-myanmar-njaun - Myanmar fonts njaun
fonts-myanmar-pauklay - Myanmar fonts pauklay
fonts-myanmar-phetsot - Myanmar fonts phetsot
fonts-myanmar-phikselsmooth - Myanmar fonts phikselsmooth
fonts-myanmar-phiksel - Myanmar fonts phiksel
fonts-myanmar-ponenyet - Myanmar fonts ponenyet
fonts-myanmar-sabae - Myanmar fonts sabae
fonts-myanmar-sagar - Myanmar fonts sagar
fonts-myanmar-sanpya - Myanmar fonts sanpya
fonts-myanmar-squarelight - Myanmar fonts squarelight
fonts-myanmar-tagu - Myanmar fonts tagu
fonts-myanmar-thuriya - Myanmar fonts thuriya
fonts-myanmar-waso - Myanmar fonts waso
fonts-myanmar-yinmar - Myanmar fonts yinmar
fonts-myanmar-myanmarsanspro - Myanmar fonts Myanmar Sans Pro
fonts-myanmar-namkhone - Myanmar shan fonts Namkhone
fonts-myanmar-mon - Myanmar mon fonts MON3 Anonta 1

  To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/fonts-myanmar


  Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/f/fonts-myanmar/fonts-myanmar_0.1-1.dsc

  More information about fonts-myanmar can be obtained from
https://salsa.debian.org/kokoye2007-guest/fonts-myanmar/

https://code.launchpad.net/~kokoye2007/ttf-burmese-fonts/ttf-burmese-fonts

  Changes since the last upload:

  we fix 
infomation 
New Maintainer Guide Line
New Packages Guide Line
and Follow 
DFSG, Social Contract

but we still need sponsor and ask again.
  #896887  #899260 #924039 #923710

  Regards,
   kokoye2007

Bug#924451: sitesummary-client: Causes daily email from cron on machine with HW RAID

[Petter Reinholdtsen]

Package: sitesummary-client
Version: 0.1.28
Severity: important
Tags: patch

One of my machines send out a cron email every night with this message:

/etc/cron.daily/sitesummary-client:
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The source is in hdparm when collect.d/system is asking every hard drive
for information, and the HW RAID drives refuse to give out any
information.  This is what it look like for one of the disks:

# hdparm -I /dev/sdm

/dev/sdm:
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0b 00 00 00 00 20 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

ATA device, with non-removable media
Standards:
Likely used: 1
Configuration:
Logical max current
cylinders   0   0
heads   0   0
sectors/track   0   0
--
Logical/Physical Sector size:   512 bytes
device size with M = 1024*1024:   0 MBytes
device size with M = 1000*1000:   0 MBytes 
cache/buffer size  = unknown
Capabilities:
IORDY not likely
Cannot perform double-word IO
R/W multiple sector transfer: not supported
DMA: not supported
PIO: pio0 
#

The following change solve the issue, by throwing away any errors from
hdparm:

diff --git a/collect.d/system b/collect.d/system
index c70447d..b36000a 100644
--- a/collect.d/system
+++ b/collect.d/system
@@ -44,7 +44,7 @@ fi
 
 # Collect hard disk information
 for diskdev in $(grep 'sd.$' /proc/partitions|awk '{print $4}'|sort); do
-hdparm -I /dev/$diskdev || true
+hdparm -I /dev/$diskdev 2>/dev/null || true
 done > hdparm-I
 
 # Collect zfs hard disk information too

I set severity to important for now, but it could be argued that this is
release critical, as it can fill up /var/ and cause a system error if
no-one is checking the emails regularly.

-- 
Happy hacking
Petter Reinholdtsen

Bug#499796: initscripts: rootfs over nfs hangs at reboot

[Pierre Ynard]

> Well, let's start with something. What about this patch, that reuses
> /etc/default/halt? I believe it is, maybe not most principal, but
> solution to bug at hand.

Looks good to me

-- 
Pierre Ynard

Bug#924452: lam4-dev: mpi alternative incompatible with current openmpi, mpich

[Andreas Beckmann]

Package: lam4-dev
Version: 7.1.4-3.1
Severity: serious
Tags: sid buster

Installing lam4-dev after libopenmpi-dev results in messed up
alternatives:

# apt-get install libopenmpi-dev
# ls -la /etc/alternatives/mpi /usr/include/mpi /usr/bin/mpicc
ls: cannot access '/usr/include/mpi': No such file or directory
lrwxrwxrwx 1 root root 22 Mar 13 07:32 /etc/alternatives/mpi -> 
/usr/bin/mpicc.openmpi
lrwxrwxrwx 1 root root 21 Mar 13 07:32 /usr/bin/mpicc -> /etc/alternatives/mpi

# apt-get install lam4-dev
# ls -la /etc/alternatives/mpi /usr/include/mpi /usr/bin/mpicc
ls: cannot access '/usr/bin/mpicc': No such file or directory
lrwxrwxrwx 1 root root 22 Mar 13 07:44 /etc/alternatives/mpi -> 
/usr/bin/mpicc.openmpi
lrwxrwxrwx 1 root root 21 Mar 13 07:44 /usr/include/mpi -> /etc/alternatives/mpi

I'll try to clean this up.


Andreas

Bug#924257: docker.io: Misses to install some golang packages

[Arnaud Rebillout]

On 3/13/19 6:05 AM, Reinhard Tartler wrote:
> I've implemented the change and confirmed that the attached patch does allow 
> github.com/openstack/imagebuilder to be built successfully. As suggested, 
> I've tried to push to salsa, but it seems I'm not permissioned to do so 
> (docker.io is not under the go-team umbrella):
>
>   $ git push 
>   GitLab: You are not allowed to push code to this project.
>   fatal: Could not read from remote repository.
>
> Would you be able to upload the patch to experimental anytime soon? If it 
> helped, I'd be happy to upload this patch as an NMU to experimental myself. 
> Please let me know what works for you best.

I just pushed on the experimental branch, with some additional details
afterwards. I also updated the docker package to latest version 18.09.3.

I'd be happy if you could upload to experimental, I don't think I have
the permissions for that.

Thanks!

  Arnaud

Bug#703844: proposed wording

[Pierre Ynard]

> +# Bring networking down before halting/rebooting system. Set to "yes" or 
> "no".
> +NETDOWN=yes

I'm worried that people might get confused and wrongly think that they
need this otherwise `/etc/init.d/networking stop` won't be called.
Perhaps change "before" to "right before" and add something like: "You
should only need this to handle issues with Wake-on-LAN or network
filesystems."

-- 
Pierre Ynard

Bug#884553: Foreign architecture package support for linux kernel flavours patch

[Raphael Hertzog]

On Tue, 12 Mar 2019, adrian15 wrote:
> Is it ok for merging in Debian GIT or is there anything that I can improve?

I think it's OK if this was tested and if it doesn't break anything.
Do you have commit rights to apply it yourself?

If not, you might want to submit a merge request. You might want to
improve the commit's description to explain why it's enough to accept
the arch qualifier... i.e. other parts of the code already deal with
it properly.

Cheers,

> Date: Fri, 15 Dec 2017 17:22:57 +
> Subject: [PATCH] Fixed foreign architecture package support to linux kernel
>  flavours
> 
> This problem originated in Stretch where amd64 kernel is not part of i386 
> repo.
> So it needs to be fetched from amd64 repo.
> 
> So first of all you need to enable amd64 foreign architecture in your i386 
> system
> thanks to:
> 
> dpkg --add-architecture amd64
> apt-get update
> .
> 
> Once you have done this thanks to this commit
> now you can set linux flavours ( --linux-flavours ) as:
> 
> "686 amd64:amd64"
> 
> in a i386 system and it will install the amd64 kernel alongside the i386 
> system's 686 kernel.
> ---
>  functions/defaults.sh| 24 
>  manpages/en/lb_config.1  |  2 +-
>  scripts/build/chroot_linux-image |  2 +-
>  scripts/build/config |  6 +++---
>  4 files changed, 21 insertions(+), 13 deletions(-)
> 
> diff --git a/functions/defaults.sh b/functions/defaults.sh
> index c48955104..c1ca10258 100755
> --- a/functions/defaults.sh
> +++ b/functions/defaults.sh
> @@ -407,27 +407,27 @@ Set_defaults ()
>   # Setting linux flavour string
>   case "${LB_ARCHITECTURES}" in
>   arm64)
> - LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-arm64}"
> + 
> LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-arm64}"
>   ;;
>  
>   armel)
>   # armel will have special images: one rootfs image and 
> many additional kernel images.
>   # therefore we default to all available armel flavours
> - LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-marvell}"
> + 
> LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-marvell}"
>   ;;
>  
>   armhf)
>   # armhf will have special images: one rootfs image and 
> many additional kernel images.
>   # therefore we default to all available armhf flavours
> - LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-armmp 
> armmp-lpae}"
> + 
> LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-armmp armmp-lpae}"
>   ;;
>  
>   amd64)
> - LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-amd64}"
> + 
> LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-amd64}"
>   ;;
>  
>   i386)
> -LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-686-pae}"
> +
> LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-686-pae}"
>   ;;
>  
>   ia64)
> @@ -438,7 +438,7 @@ Set_defaults ()
>   ;;
>  
>   *)
> - 
> LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-itanium}"
> + 
> LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-itanium}"
>   ;;
>   esac
>   ;;
> @@ -451,7 +451,7 @@ Set_defaults ()
>   ;;
>  
>   *)
> - 
> LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-powerpc64 powerpc}"
> + 
> LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-powerpc64 
> powerpc}"
>   ;;
>   esac
>   ;;
> @@ -464,7 +464,7 @@ Set_defaults ()
>   ;;
>  
>   *)
> - 
> LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-s390x}"
> + 
> LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-s390x}"
>   ;;
>   esac
>   ;;
> @@ -475,6 +475,14 @@ Set_defaults ()
>   ;;
>   esac
>  
> + LB_LINUX_FLAVOURS=""
> + for FLAVOUR in ${LB_LINUX_FLAVOURS_WITH_ARCH}
> + do
> + ARCH_FILTERED_FLAVOUR="$(echo ${FLAVOUR} | awk -F':' '{print 
> $1}')"
> + LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS} 
> ${ARCH_FILTERED_FLAVOUR}"
> + done
> +
> +
>   # Set linux packages
>   LB_LINUX_PACKAGES="${LB_LINUX_PACKAGES:-linux-image}"
>  
> diff --git a/manpages/en/lb_co

Bug#916375: [debian-mysql] Bug#916375: apache2: Segmentation fault when mod_perl.so is loaded

[Otto Kekäläinen]

Control: tags -1 moreinfo

Hello!

Can you still reproduce this with latest versions of MariaDB 10.3.13
and mod_perl ?

Bug#895131: linux-perf: Add libopencsd support to perf

[Gregor Riepl]

> This change made src:linux BD-Uninstallable on sparc64 [1] as
> the package libopencsd doesn't build there [2].
>
> Since this library is ARM-specific anyway, wouldn't it make
> more sense to have this build-dependency on ARM targets only?

libopencsd does build fine on other architectures, though.

According to this[1], the fix should be simply replacing -fpic with -fPIC.


[1] https://lists.debian.org/debian-sparc/2014/07/msg00037.html

Bug#694986: flash-kernel: postinst modifies /etc/default/rcS

[Pierre Ynard]

> * What will break if FSCKFIX=yes will be set on by default?

There's an open bug for changing the default to yes, #637087.
Reportedly, what might break is MD/LVM setups if fsck gets mistakenly
run with -y on the wrong device; the discussion about this is rather
unconclusive.

> By the way neither -a nor -y mentioned in fsck(8) (but mentioned in
> fsck.ext4(8)). Is it okay?

It was removed from fsck(8):

https://salsa.debian.org/debian/util-linux/commit/7208ef864bf903ae4eb16491e7cfd24cf792baad

> fsck: remove fs-specific options from man page

Even then it stated:

> Options to different filesystem-specific fsck's are not standardized.
> If in doubt, please consult the man pages of the filesystem-specific
> checker. Although not guaranteed, the following options are supported
> by most filesystem checkers:

So I think there's some kind of issue with passing -a or -y in the
general case; hopefully they are at least silently ignored by most
implementations, aren't they?

-- 
Pierre Ynard

Bug#895131: linux-perf: Add libopencsd support to perf

[John Paul Adrian Glaubitz]

On 3/13/19 5:14 PM, Gregor Riepl wrote:
>> Since this library is ARM-specific anyway, wouldn't it make
>> more sense to have this build-dependency on ARM targets only?
> 
> libopencsd does build fine on other architectures, though.
> 
> According to this[1], the fix should be simply replacing -fpic with -fPIC.

I guess we could do this. I just find it odd that a profiling library for
ARM is a build dependency on all architectures.

I'll look into fixing libopencsd.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#924453: linux-image-4.19.0-2-arm64: please enable driver for AMD Seattle RNG

[Ard Biesheuvel]

Package: src:linux
Version: 4.19.16-1
Severity: normal

Dear Maintainer,

Please enable the following Kconfig options in the arm64 kernels:

CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_SP_CCP=y
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m

This is needed to gain access to the crypto accelerator in the ARM Seattle
arm64 SoC, which also implements the platform's random number generator. Since
the platform does not have any other entropy sources, the lack of access to the
on-SoC RNG causes boot delays, SSH logins that time out etc etc



-- Package-specific info:
** Kernel log: boot messages should be attached


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: arm64 (aarch64)

Kernel: Linux 5.0.1+ (SMP w/8 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages linux-image-4.19.0-2-arm64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.133
ii  kmod26-1
ii  linux-base  4.5

Versions of packages linux-image-4.19.0-2-arm64 recommends:
ii  apparmor 2.13.2-9
pn  firmware-linux-free  
pn  irqbalance   

Versions of packages linux-image-4.19.0-2-arm64 suggests:
pn  debian-kernel-handbook  
pn  linux-doc-4.19  

Versions of packages linux-image-4.19.0-2-arm64 is related to:
ii  firmware-amd-graphics 20190114-1
pn  firmware-atheros  
pn  firmware-bnx2 
pn  firmware-bnx2x
pn  firmware-brcm80211
pn  firmware-cavium   
pn  firmware-intel-sound  
pn  firmware-intelwimax   
pn  firmware-ipw2x00  
pn  firmware-ivtv 
pn  firmware-iwlwifi  
pn  firmware-libertas 
pn  firmware-linux-nonfree
pn  firmware-misc-nonfree 
pn  firmware-myricom  
pn  firmware-netxen   
pn  firmware-qlogic   
pn  firmware-realtek  
pn  firmware-samsung  
pn  firmware-siano
pn  firmware-ti-connectivity  
pn  xen-hypervisor

-- no debconf information

Bug#924454: unblock: swi-prolog/8.0.2+dfsg-3

[Lev Lamberov]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package swi-prolog

8.0.2+dfsg-1 was already unblocked (see, #924083), but after the
unblock there were an RC bug discovered (broken symlinks), so I had to
upload 8.0.2+dfsg-2 to fix it. The fix in 8.0.2+dfsg-2 was not enough
for all architectures, that's why together with upstream we
implemented another fix, which was added to 8.0.2+dfsg-3. Also, in
8.0.2+dfsg-2 there was another bug fixed (symlink to non-existent
file).

Please, find attached debdiff between 8.0.2+dfsg-1 and 8.0.2+dfsg-2,
and also debdiff between 8.0.2+dfsg-2 and 8.0.2+dfsg-3.

Regards,
Lev Lamberov

unblock swi-prolog/8.0.2+dfsg-3

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), 
LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru swi-prolog-8.0.2+dfsg/debian/changelog 
swi-prolog-8.0.2+dfsg/debian/changelog
--- swi-prolog-8.0.2+dfsg/debian/changelog  2019-03-09 10:26:08.0 
+0500
+++ swi-prolog-8.0.2+dfsg/debian/changelog  2019-03-10 20:09:57.0 
+0500
@@ -1,3 +1,10 @@
+swi-prolog (8.0.2+dfsg-2) unstable; urgency=medium
+
+  * Remove broken link to nonexistent file (Closes: #924154)
+  * Fix broken link to libjpl.so (Closes: #924219)
+
+ -- Lev Lamberov   Sun, 10 Mar 2019 20:09:57 +0500
+
 swi-prolog (8.0.2+dfsg-1) unstable; urgency=medium
 
   * New upstream stable version 8.0.2+dfsg
diff -Nru swi-prolog-8.0.2+dfsg/debian/rules swi-prolog-8.0.2+dfsg/debian/rules
--- swi-prolog-8.0.2+dfsg/debian/rules  2019-03-09 10:26:08.0 +0500
+++ swi-prolog-8.0.2+dfsg/debian/rules  2019-03-10 20:09:57.0 +0500
@@ -84,7 +84,7 @@
 
# Link libjpl.so from the JNI directory so java can load it without 
LD_LIBRARY_PATH
mkdir -p $(CURDIR)/debian/swi-prolog-java/$(JNIDIR)
-   ln -s $(PLBASE)/lib/$(DEB_BUILD_ARCH)/libjpl.so \
+   ln -s 
$(PLBASE)/lib/$(DEB_TARGET_GNU_CPU)-$(DEB_TARGET_ARCH_OS)/libjpl.so \
  $(CURDIR)/debian/swi-prolog-java/$(JNIDIR)/
 
 override_dh_install:
diff -Nru swi-prolog-8.0.2+dfsg/debian/swi-prolog-x.links 
swi-prolog-8.0.2+dfsg/debian/swi-prolog-x.links
--- swi-prolog-8.0.2+dfsg/debian/swi-prolog-x.links 2019-03-09 
10:26:08.0 +0500
+++ swi-prolog-8.0.2+dfsg/debian/swi-prolog-x.links 2019-03-10 
20:09:57.0 +0500
@@ -1,3 +1,2 @@
-usr/lib/swi-prolog/xpce/pl/xpce.rc usr/lib/swi-prolog/xpce.rc
 usr/lib/swi-prolog/swipl.rc usr/lib/swi-prolog/prolog.rc
 usr/bin/swipl usr/bin/xpce
diff -Nru swi-prolog-8.0.2+dfsg/debian/changelog 
swi-prolog-8.0.2+dfsg/debian/changelog
--- swi-prolog-8.0.2+dfsg/debian/changelog  2019-03-10 20:09:57.0 
+0500
+++ swi-prolog-8.0.2+dfsg/debian/changelog  2019-03-12 14:52:05.0 
+0500
@@ -1,3 +1,10 @@
+swi-prolog (8.0.2+dfsg-3) unstable; urgency=medium
+
+  * Add better handling of symlink creation (by means of CMake).
+It is a proper way of fixing #924219
+
+ -- Lev Lamberov   Tue, 12 Mar 2019 14:52:05 +0500
+
 swi-prolog (8.0.2+dfsg-2) unstable; urgency=medium
 
   * Remove broken link to nonexistent file (Closes: #924154)
diff -Nru swi-prolog-8.0.2+dfsg/debian/patches/jpl-install.diff 
swi-prolog-8.0.2+dfsg/debian/patches/jpl-install.diff
--- swi-prolog-8.0.2+dfsg/debian/patches/jpl-install.diff   1970-01-01 
05:00:00.0 +0500
+++ swi-prolog-8.0.2+dfsg/debian/patches/jpl-install.diff   2019-03-12 
14:52:05.0 +0500
@@ -0,0 +1,43 @@
+From: Jan Wielemaker 
+Subject: Handle symlink creation by means of CMake
+
+We need it if we want to avoid that people that use JPL to embed
+Prolog in Java (which seems popular) have to set LD_LIBRARY_PATH.
+
+--- a/CMakeLists.txt
 b/CMakeLists.txt
+@@ -45,6 +45,9 @@ option(INSTALL_TESTS
+"Install script and files needed to run tests of the final 
installation"
+OFF)
+ 
++set(JNIDIR ""
++CACHE STRING "Directory for linking Java JNI components")
++
+ if(NOT SWIPL_SHARED_LIB)
+   set(CMAKE_ENABLE_EXPORTS ON)
+ endif()
+--- a/packages/jpl/CMakeLists.txt
 b/packages/jpl/CMakeLists.txt
+@@ -68,6 +68,9 @@ set(JPLCONFIG)
+ if(APPLE)
+   set(JPLCONFIG jpl_config.pl)
+   set(JPLTYPE SHARED)
++  set(JPLEXT ${CMAKE_SHARED_LIBRARY_SUFFIX})
++else()
++  set(JPLEXT ${CMAKE_SHARED_MODULE_SUFFIX})
+ endif()
+ 
+ if(WIN32)
+@@ -84,6 +87,12 @@ swipl_plugin(
+ C_INCLUDE_DIR ${JNI_INCLUDE_DIRS}
+ PL_LIBS jpl.pl ${JPLCONFIG})
+ 
++if(JNIDIR)
++install(DIRECTORY DESTINATION ${JNIDIR})
++ilink(${CMAKE_INSTALL_PREFIX}/${SWIPL_INSTALL_ARCH_LIB}/${jpl_module}${JPLEXT}
++  ${JNIDIR}/${jpl_

Bug#924455: unblock: cjs/3.8.0-5

[Maximiliano Curia]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package cjs

The cjs version currently in testing fails to build from source due to a 
couple of external symbol changes (#923903), this was fixed in unstable with 
the version 3.8.0-5.


unblock cjs/3.8.0-5

-- System Information:
Debian Release: buster/sid
 APT prefers testing-debug
 APT policy: (700, 'testing-debug'), (700, 'testing'), (600, 'stable-updates'), 
(600, 'stable-debug'), (600, 'proposed-updates'), (600, 'stable'), (500, 
'buildd-unstable'), (50, 'unstable-debug'), (50, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--
"Nothing ever goes away." -- Commoner's Law of Ecology
Saludos /\/\ /\ >< `/
diff -Nru cjs-3.8.0/debian/changelog cjs-3.8.0/debian/changelog
--- cjs-3.8.0/debian/changelog  2018-08-07 14:51:35.0 +0200
+++ cjs-3.8.0/debian/changelog  2019-03-11 22:35:50.0 +0100
@@ -1,3 +1,14 @@
+cjs (3.8.0-5) unstable; urgency=medium
+
+  [ Maximiliano Curia ]
+  * Update symbols files.
+Thanks to Santiago Vila for the report (Closes: 923903)
+
+  [ Jeremy Bicha ]
+  * debian/libcjs0.symbols: Mark a symbol as optional that disappears on 
ppc64el with -O3
+
+ -- Maximiliano Curia   Mon, 11 Mar 2019 22:35:50 +0100
+
 cjs (3.8.0-4) unstable; urgency=medium
 
   [ Maximiliano Curia ]
diff -Nru cjs-3.8.0/debian/libcjs0.symbols cjs-3.8.0/debian/libcjs0.symbols
--- cjs-3.8.0/debian/libcjs0.symbols2018-08-07 14:51:35.0 +0200
+++ cjs-3.8.0/debian/libcjs0.symbols2019-03-11 22:35:50.0 +0100
@@ -18,7 +18,7 @@
  _Z27gjs_cairo_pattern_get_protoP9JSContext@Base 3.4.4
  
_Z27gjs_cairo_surface_constructP9JSContextN2JS6HandleIP8JSObjectEEP14_cairo_surface@Base
 3.4.4
  _Z27gjs_cairo_surface_get_protoP9JSContext@Base 3.4.4
- 
_Z27gjs_object_require_propertyIPN2JS6RootedIP8JSObjectEEEbP9JSContextNS0_6HandleIS3_EEPKc14GjsConstStringT_@Base
 3.4.4
+ 
(optional=gccO3ppc64el)_Z27gjs_object_require_propertyIPN2JS6RootedIP8JSObjectEEEbP9JSContextNS0_6HandleIS3_EEPKc14GjsConstStringT_@Base
 3.4.4
  
_Z27gjs_object_require_propertyP9JSContextN2JS6HandleIP8JSObjectEEPKcNS2_I4jsidEENS1_13MutableHandleINS1_5ValueEEE@Base
 3.4.4
  
_Z27gjs_object_require_propertyP9JSContextN2JS6HandleIP8JSObjectEEPKcNS2_I4jsidEENS1_13MutableHandleIS4_EE@Base
 3.4.4
  
_Z27gjs_object_require_propertyP9JSContextN2JS6HandleIP8JSObjectEEPKcNS2_I4jsidEEP13GjsAutoJSChar@Base
 3.8.0
@@ -114,7 +114,7 @@
  _ZN9GjsModule8finalizeEP8JSFreeOpP8JSObject@Base 3.8.0
  _ZN9GjsModule9class_opsE@Base 3.8.0
  
(optional=templinst|arch=amd64)_ZNSt10_HashtableImSt4pairIKm11GjsAutoCharESaIS3_ENSt8__detail10_Select1stESt8equal_toImESt4hashImENS5_18_Mod_range_hashingENS5_20_Default_ranged_hashENS5_20_Prime_rehash_policyENS5_17_Hashtable_traitsILb0ELb0ELb121_M_insert_unique_nodeEmmPNS5_10_Hash_nodeIS3_Lb0EEEm@Base
 3.8.0
- 
(optional=templinst|arch=!amd64)_ZNSt10_HashtableImSt4pairIKm11GjsAutoCharESaIS3_ENSt8__detail10_Select1stESt8equal_toImESt4hashImENS5_18_Mod_range_hashingENS5_20_Default_ranged_hashENS5_20_Prime_rehash_policyENS5_17_Hashtable_traitsILb0ELb0ELb19_M_rehashEmRS1_@Base
 3.8.0
+ 
(optional=templinst)_ZNSt10_HashtableImSt4pairIKm11GjsAutoCharESaIS3_ENSt8__detail10_Select1stESt8equal_toImESt4hashImENS5_18_Mod_range_hashingENS5_20_Default_ranged_hashENS5_20_Prime_rehash_policyENS5_17_Hashtable_traitsILb0ELb0ELb19_M_rehashEmRS1_@Base
 3.8.0
  
(optional=templinst|arch=!amd64)_ZNSt10_HashtableIySt4pairIKy11GjsAutoCharESaIS3_ENSt8__detail10_Select1stESt8equal_toIyESt4hashIyENS5_18_Mod_range_hashingENS5_20_Default_ranged_hashENS5_20_Prime_rehash_policyENS5_17_Hashtable_traitsILb0ELb0ELb19_M_rehashEjRKj@Base
 3.8.0
  
(optional=templinst|subst|arch=!amd64)_ZNSt10_HashtableI{uint64_t}St4pairIK{uint64_t}11GjsAutoCharESaIS3_ENSt8__detail10_Select1stESt8equal_toI{uint64_t}ESt4hashI{uint64_t}ENS5_18_Mod_range_hashingENS5_20_Default_ranged_hashENS5_20_Prime_rehash_policyENS5_17_Hashtable_traitsILb0ELb0ELb121_M_insert_unique_nodeE{size_t}{size_t}PNS5_10_Hash_nodeIS3_Lb0EEE@Base
 3.8.0
  
(optional=templinst|subst)_ZNSt10_HashtableI{uint64_t}St4pairIK{uint64_t}11GjsAutoCharESaIS3_ENSt8__detail10_Select1stESt8equal_toI{uint64_t}ESt4hashI{uint64_t}ENS5_18_Mod_range_hashingENS5_20_Default_ranged_hashENS5_20_Prime_rehash_policyENS5_17_Hashtable_traitsILb0ELb0ELb15clearEv@Base
 3.8.0
@@ -124,8 +124,10 @@
  _ZNSt3setImSt4lessImESaImEED1Ev@Base 3.4.4
  _ZNSt3setImSt4lessImESaImEED2Ev@Base 3.4.4
  
_ZNSt5dequeIN11ToggleQueue4ItemESaIS1_EE8_M_eraseESt15_Deque_iteratorIS1_RS1_PS1_E@Base
 3.4.4
- 
_ZNSt5d

Bug#924456: linux-image-4.19.0-2-arm64: please enable accelerated arm64 crypto drivers

[Ard Biesheuvel]

Package: src:linux
Version: 4.19.16-1
Severity: normal

Dear Maintainer,

Please consider enabling the following Kconfig options for arm64 kernels

CONFIG_CRYPTO_SHA256_ARM64=m
CONFIG_CRYPTO_SHA512_ARM64=m
CONFIG_CRYPTO_SHA512_ARM64_CE=m
CONFIG_CRYPTO_SHA3_ARM64=m
CONFIG_CRYPTO_SM3_ARM64_CE=m
CONFIG_CRYPTO_SM4_ARM64_CE=m
CONFIG_CRYPTO_AES_ARM64=m
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
CONFIG_CRYPTO_CHACHA20_NEON=m
CONFIG_CRYPTO_NHPOLY1305_NEON=m
CONFIG_CRYPTO_AES_ARM64_BS=m

and if appropriate

CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m

(which depends on whether T10DIF support is enabled)

Note that in the case of AES, this is not just a matter of performance - NEON
and bit sliced AES routines implement the AES cipher in a time invariant
matter, and so without them, arm64 CPUs that do not implement the crypto
extensions (such as the Raspberry Pi3) are forced to fall back on the generic,
table based C implementation.




-- Package-specific info:
** Kernel log: boot messages should be attached


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: arm64 (aarch64)

Kernel: Linux 5.0.1+ (SMP w/8 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages linux-image-4.19.0-2-arm64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.133
ii  kmod26-1
ii  linux-base  4.5

Versions of packages linux-image-4.19.0-2-arm64 recommends:
ii  apparmor 2.13.2-9
pn  firmware-linux-free  
pn  irqbalance   

Versions of packages linux-image-4.19.0-2-arm64 suggests:
pn  debian-kernel-handbook  
pn  linux-doc-4.19  

Versions of packages linux-image-4.19.0-2-arm64 is related to:
ii  firmware-amd-graphics 20190114-1
pn  firmware-atheros  
pn  firmware-bnx2 
pn  firmware-bnx2x
pn  firmware-brcm80211
pn  firmware-cavium   
pn  firmware-intel-sound  
pn  firmware-intelwimax   
pn  firmware-ipw2x00  
pn  firmware-ivtv 
pn  firmware-iwlwifi  
pn  firmware-libertas 
pn  firmware-linux-nonfree
pn  firmware-misc-nonfree 
pn  firmware-myricom  
pn  firmware-netxen   
pn  firmware-qlogic   
pn  firmware-realtek  
pn  firmware-samsung  
pn  firmware-siano
pn  firmware-ti-connectivity  
pn  xen-hypervisor

-- no debconf information

Bug#910902: Please test again: resolveip and Akonadi for a freash installation

[Otto Kekäläinen]

Fix for this pending at
https://salsa.debian.org/mariadb-team/mariadb-10.3/commits/bugfix/910902-move-resolveip-to-server-core

Bug#895131: linux-perf: Add libopencsd support to perf

[Gregor Riepl]

> I guess we could do this. I just find it odd that a profiling library for
> ARM is a build dependency on all architectures.
> 
> I'll look into fixing libopencsd.

The library seems to also include a decoder for (debug?) traces, which may be
useful on other archs as well.

Anyway, I reported the issue upstream:
https://github.com/Linaro/OpenCSD/issues/16

Bug#922277: su: write errors to STDERR not STDOUT

[積丹尼 Dan Jacobson]

Well it might as well write it to both STDOUT and STDERR then.

Bug#919833: 90% of shell scripts probably don't have a .sh extension

[積丹尼 Dan Jacobson]

> "GFTG" == Gabriel F T Gomes  writes:

GFTG> You could be right (specially since bash completes any filename),
GFTG> however, where did you get this statistic from?

OK, maybe even less,
$ file /usr/bin/*|grep -c shell\ script
194
$ ls /usr/bin/*.sh
/usr/bin/gettext.sh

But that's just my system.

Bug#924457: geany-plugins: Please update to 1.34

[Christoph Reiter]

Source: geany-plugins
Severity: wishlist

Dear Maintainer,

In current sid geany-plugins can't be installed for the last two weeks because
geany was updated to 1.34.

Please consider updating geany-plugins to 1.34 as well.

Thanks for working on geany packaging!



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (900, 'testing'), (500, 'unstable-debug'), 
(500, 'testing-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#702030: Please automatically enable AppArmor when the userspace tools are installed

[Jonas Meurer]

Hi intrigeri,

intrigeri:
> Jonas Meurer:
>> Since we hit the Buster freeze today and apparmor still is enabled per
>> default in Buster (yay \o/ ) due to a Recommends by the linux-image
>> package, I think this bugreport became moot and can be closed, right?
> 
>> Same probably holds true for #754730.
> 
> Before closing these 2 bugs, I wanted to wait for Buster to be
> actually released with this change: there's still a possibility that
> enough new RC bugs lead the Release Team to ask the src:linux
> maintainers to revert the aforementioned Recommends (+ the kernel
> config bits that enable AppArmor by default).
> 
> But perhaps I'm a tad too cautious :) Happy to let you make the
> decision with this in mind. We can always reopen bugs anyway.

Nope, you're right. Probably it's better to wait for the release of
buster. Since the bugreport didn't have any updates since 2017, I
thought it would have been obsolete and abandoned. I'm totally fine with
waiting for the buster release before closing it.

>> If that's correct, then https://wiki.debian.org/AppArmor/HowToUse should
>> be updated as well, particularly the paragraph "Enable AppArmor".
> 
> Good catch, done. You might be also interested in #874873.

Thanks!

>> I also filed a merge request against release notes, adding a short
>> paragraph about AppArmor being enabled per default in Buster, reviews
>> welcome:
> 
>> https://salsa.debian.org/ddp-team/release-notes/merge_requests/6
> 
> Funny race condition: I've just filed #924450. See you there :)

Hehe, that's funny indeed. Maybe you want to review my proposed patch, I
would appreciate that.

Cheers
 jonas




signature.asc
Description: OpenPGP digital signature

Bug#924458: node-js-beautify: please make the build reproducible

[Chris Lamb]

Source: node-js-beautify
Version: 1.7.5+dfsg-2
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: environment
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed
that node-js-beautify could not be built reproducibly.

This is because it will vary the output depending on which shell
is configured as /bin/sh due to the use of {foo,bar} expansion
in the debian/rules file.

Patch attached.

 [0] https://reproducible-builds.org/


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- a/debian/rules  2019-03-13 08:43:02.751269395 +
--- b/debian/rules  2019-03-13 08:47:13.658536269 +
@@ -3,6 +3,7 @@
 
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
+export SHELL=/bin/bash
 export NODE_PATH=debian/node_modules
 
 %:

Bug#895131: linux-perf: Add libopencsd support to perf

[Gregor Riepl]

Sorry, I did not see the full scope of this bug. Removing the forwarded tag.

John: Feel free to add the upstream bug if you report a new one for the
sparc64 issue.
Thanks!

Bug#924459: transition: libdmtx

[Simon McVittie]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Control: block -1 by 908815
X-Debbugs-Cc: Roberto Lumbreras 

As discussed with jmw at the Cambridge BSP, libdmtx0a has broken ABI
without changing its SONAME (#908815). Judging by the name, this isn't the
first time. The quickest way to a correct situation in buster seems to
be a transition to a new binary package name libdmtx0b that represents
the new ABI, which is currently waiting in NEW for experimental.

Ben file:

title = "libdmtx";
is_affected = .depends ~ "libdmtx0a" | .depends ~ "libdmtx0b";
is_good = .depends ~ "libdmtx0b";
is_bad = .depends ~ "libdmtx0a";

Only a few packages are affected:

dmtx-utils: dmtx-utils
openrpt: libopenrpt1v5
 openrpt
postbooks: postbooks
prison-kf5: libkf5prison5
visp: libvisp-detection3.1

In addition, dmtx-utils 0.7.6-1.1 will need to be unblocked (it just
removes a hard-coded libdmtx0a dependency so that the binNMU will be
installable: #924254). I've verified that dmtx-utils 0.7.6-1.1, when
rebuilt against libdmtx0b, gets a libdmtx0b (>= 0.7.5) dependency and
passes some simple tests.

For future Debian releases, it would be helpful if the maintainer of
libdmtx could teach their upstream about ABIs[1], and be extra-careful
to check for compatibility when importing new upstream releases. Adding
autopkgtests might also be useful: if updating libdmtx had caused the
old dmtx-utils to fail its tests, then we might have detected this sooner.

Thanks,
smcv

[1] Maybe useful:

https://events.static.linuxfound.org/sites/events/files/slides/Binary_Compatibility_for_library_devs.pdf

Bug#924460: linux-image-4.19.0-0.bpo.2-amd64: Weird hangs on AMD Ryzen

[Anton Ivanov]

Package: src:linux
Version: 4.19.16-1~bpo9+1
Severity: important

Dear Maintainer,

Occasional hangs, under X only. During the hang no new processes can be
spawned from any terminal windows in the X session, windows which use DRM
like firefox, thunderbird, etc do not update. Windows can be moved and
it is possible to switch to a new desktop.

At the same time the rest of the machine works fine. Switching to a text
console works fine and any processes launched from there also work fine.
Firefox and other processes relying on DRM during the hang are shown in
D state.

The machine recovers by itself in less than a minute. The hang frequency
is once in a 3-4 hours.

I am using an up-todate out of tree it87 version to get the right sensors
on the MB. The bug shows both with and without this driver.

I also had to pull the most recent firmware from kernel.org for the video.

The bug is not observed when using a plug-in video card (Nvidia Quadro 290
NVS) so this looks like something related to DRM or amdgpu power management.

-- Package-specific info:
** Version:
Linux version 4.19.0-0.bpo.2-amd64 (debian-ker...@lists.debian.org) (gcc 
version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1)) #1 SMP Debian 4.19.16-1~bpo9+1 
(2019-02-07)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-4.19.0-0.bpo.2-amd64 
root=UUID=3db3d925-a3d9-4c1d-b63d-c087261f1fb2 ro quiet

** Tainted: WOE (12800)
 * Taint on warning.
 * Out-of-tree module has been loaded.
 * Unsigned module has been loaded.

** Kernel log:
[665617.595702] CR2: 557931720f18 CR3: 00024536e000 CR4: 
003406e0
[665617.595703] Call Trace:
[665617.595751]  optc1_lock+0x9e/0xb0 [amdgpu]
[665617.595796]  dcn10_pipe_control_lock.part.25+0x2d/0x70 [amdgpu]
[665617.595840]  dcn10_apply_ctx_for_surface+0xdf/0x540 [amdgpu]
[665617.595883]  ? hubbub1_verify_allow_pstate_change_high+0x82/0x1a0 [amdgpu]
[665617.595924]  dc_commit_state+0x23d/0x550 [amdgpu]
[665617.595963]  ? set_freesync_on_streams.part.7+0xce/0x2c0 [amdgpu]
[665617.596002]  ? mod_freesync_set_user_enable+0x16d/0x1b0 [amdgpu]
[665617.596046]  amdgpu_dm_atomic_commit_tail+0x33e/0xe60 [amdgpu]
[665617.596079]  ? amdgpu_bo_pin_restricted+0x68/0x280 [amdgpu]
[665617.596083]  ? _cond_resched+0x16/0x40
[665617.596085]  ? wait_for_completion_timeout+0x3b/0x1a0
[665617.596087]  ? refcount_inc_checked+0x5/0x30
[665617.596119]  ? amdgpu_bo_ref+0x17/0x20 [amdgpu]
[665617.596127]  commit_tail+0x3d/0x70 [drm_kms_helper]
[665617.596133]  drm_atomic_helper_commit+0xb4/0x120 [drm_kms_helper]
[665617.596147]  drm_atomic_connector_commit_dpms+0xe5/0xf0 [drm]
[665617.596159]  drm_mode_obj_set_property_ioctl+0x247/0x290 [drm]
[665617.596170]  ? drm_connector_set_obj_prop+0x80/0x80 [drm]
[665617.596181]  drm_connector_property_set_ioctl+0x3e/0x60 [drm]
[665617.596191]  drm_ioctl_kernel+0xaa/0xf0 [drm]
[665617.596194]  ? sock_write_iter+0x87/0x100
[665617.596204]  drm_ioctl+0x2ff/0x390 [drm]
[665617.596215]  ? drm_connector_set_obj_prop+0x80/0x80 [drm]
[665617.596217]  ? do_iter_write+0xd6/0x180
[665617.596248]  amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
[665617.596251]  do_vfs_ioctl+0xa2/0x640
[665617.596254]  ? do_sigaction+0xad/0x1e0
[665617.596256]  ksys_ioctl+0x70/0x80
[665617.596258]  __x64_sys_ioctl+0x16/0x20
[665617.596260]  do_syscall_64+0x55/0x110
[665617.596262]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[665617.596264] RIP: 0033:0x7fb56083a017
[665617.596265] Code: 00 00 00 48 8b 05 81 7e 2b 00 64 c7 00 26 00 00 00 48 c7 
c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 
f0 ff ff 73 01 c3 48 8b 0d 51 7e 2b 00 f7 d8 64 89 01 48
[665617.596266] RSP: 002b:7ffd64cbfd08 EFLAGS: 3246 ORIG_RAX: 
0010
[665617.596267] RAX: ffda RBX:  RCX: 
7fb56083a017
[665617.596268] RDX: 7ffd64cbfd40 RSI: c01064ab RDI: 
000e
[665617.596269] RBP: 7ffd64cbfd40 R08: 556b0190 R09: 
556aff1154d0
[665617.596270] R10:  R11: 3246 R12: 
c01064ab
[665617.596270] R13: 000e R14: 556afdb28fb0 R15: 
556afd86d580
[665617.596272] ---[ end trace 070aabde88b649c0 ]---
[665929.195580] [drm:generic_reg_wait [amdgpu]] *ERROR* REG_WAIT timeout 1us * 
10 tries - optc1_lock line:628
[665929.195675] WARNING: CPU: 4 PID: 15694 at 
/build/linux-qcc0VE/linux-4.19.16/drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c:254
 generic_reg_wait+0xe5/0x150 [amdgpu]
[665929.195676] Modules linked in: 8021q garp mrp stp llc nls_utf8 isofs uas 
usb_storage fuse ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs dm_mod cpuid 
nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache binfmt_misc eeepc_wmi 
asus_wmi sparse_keymap rfkill wmi_bmof nls_ascii uvcvideo nls_cp437 amdkfd vfat 
videobuf2_vmalloc videobuf2_memops fat videobuf2_v4l2 videobuf2_common 
efi_pstore videodev edac_mce_amd snd_usb_audio media amdgpu 
snd_hda_codec_realtek kvm_amd snd_hda_codec_generic joydev ccp snd_usbmidi_lib 
snd_rawmidi rng_core snd_

Bug#924461: unblock: waagent/2.2.34-3

[Bastian Blank]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package waagent.  It fixes one security problem.

diff --git a/debian/changelog b/debian/changelog
index b1bc553..06df3b6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+waagent (2.2.34-3) unstable; urgency=medium
+
+  * Set proper access rights on swap file.
+CVE-2019-0804
+
+ -- Bastian Blank   Tue, 12 Mar 2019 09:34:51 +0100
+
 waagent (2.2.34-2) unstable; urgency=medium
 
   * Disable all tests, they need a real system. (closes: #918943)
diff --git a/debian/patches/cve-2019-0804.patch 
b/debian/patches/cve-2019-0804.patch
new file mode 100644
index 000..3b2948d
--- /dev/null
+++ b/debian/patches/cve-2019-0804.patch
@@ -0,0 +1,149 @@
+From: Bastian Blank 
+Date: Mon, 11 Mar 2019 13:18:04 +
+Subject: Set proper access rights on swap file
+
+CVE-2019-0804
+---
+ azurelinuxagent/daemon/resourcedisk/default.py | 31 --
+ azurelinuxagent/daemon/resourcedisk/freebsd.py |  5 +
+ tests/distro/test_resourceDisk.py  | 31 ++
+ 3 files changed, 56 insertions(+), 11 deletions(-)
+
+diff --git a/azurelinuxagent/daemon/resourcedisk/default.py 
b/azurelinuxagent/daemon/resourcedisk/default.py
+index ce1309c..3e879f4 100644
+--- a/azurelinuxagent/daemon/resourcedisk/default.py
 b/azurelinuxagent/daemon/resourcedisk/default.py
+@@ -16,6 +16,7 @@
+ #
+ 
+ import os
++import stat
+ import re
+ import subprocess
+ import sys
+@@ -214,16 +215,27 @@ class ResourceDiskHandler(object):
+ else:
+ return 'mount {0} {1}'.format(partition, mount_point)
+ 
++@staticmethod
++def check_existing_swap_file(swapfile, swaplist, size):
++if swapfile in swaplist and os.path.isfile(swapfile) and 
os.path.getsize(swapfile) == size:
++logger.info("Swap already enabled")
++# restrict access to owner (remove all access from group, others)
++swapfile_mode = os.stat(swapfile).st_mode
++if swapfile_mode & (stat.S_IRWXG | stat.S_IRWXO):
++swapfile_mode = swapfile_mode & ~(stat.S_IRWXG | stat.S_IRWXO)
++logger.info("Changing mode of {0} to {1:o}".format(swapfile, 
swapfile_mode))
++os.chmod(swapfile, swapfile_mode)
++return True
++
++return False
++
+ def create_swap_space(self, mount_point, size_mb):
+ size_kb = size_mb * 1024
+ size = size_kb * 1024
+ swapfile = os.path.join(mount_point, 'swapfile')
+ swaplist = shellutil.run_get_output("swapon -s")[1]
+ 
+-if swapfile in swaplist \
+-and os.path.isfile(swapfile) \
+-and os.path.getsize(swapfile) == size:
+-logger.info("Swap already enabled")
++if self.check_existing_swap_file(swapfile, swaplist, size):
+ return
+ 
+ if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size:
+@@ -274,13 +286,18 @@ class ResourceDiskHandler(object):
+ # Probable errors:
+ #  - OSError: Seen on Cygwin, libc notimpl?
+ #  - AttributeError: What if someone runs this under...
++fd = None
++
+ try:
+-with open(filename, 'w') as f:
+-os.posix_fallocate(f.fileno(), 0, nbytes)
+-return 0
++fd = os.open(filename, os.O_CREAT | os.O_WRONLY | 
os.O_EXCL, stat.S_IRUSR | stat.S_IWUSR)
++os.posix_fallocate(fd, 0, nbytes)
++return 0
+ except:
+ # Not confident with this thing, just keep trying...
+ pass
++finally:
++if fd is not None:
++os.close(fd)
+ 
+ # fallocate command
+ ret = shellutil.run(
+diff --git a/azurelinuxagent/daemon/resourcedisk/freebsd.py 
b/azurelinuxagent/daemon/resourcedisk/freebsd.py
+index ece166b..3d37285 100644
+--- a/azurelinuxagent/daemon/resourcedisk/freebsd.py
 b/azurelinuxagent/daemon/resourcedisk/freebsd.py
+@@ -130,10 +130,7 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
+ swapfile = os.path.join(mount_point, 'swapfile')
+ swaplist = shellutil.run_get_output("swapctl -l")[1]
+ 
+-if swapfile in swaplist \
+-and os.path.isfile(swapfile) \
+-and os.path.getsize(swapfile) == size:
+-logger.info("Swap already enabled")
++if self.check_existing_swap_file(swapfile, swaplist, size):
+ return
+ 
+ if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size:
+diff --git a/tests/distro/test_resourceDisk.py 
b/tests/distro/test_resourceDisk.py
+index 4c185ee..3259836 100644
+--- a/tests/distro/test_resourceDisk.py
 b/tests/distro/test_resourceDisk.py
+@@ -19,

Bug#922938: RFS: python-css-parser/1.0.4-1~bpo9+1

[Chris Lamb]

Nicholas D Steeves wrote:

> > > If you have a minute would you please sponsor this backport
> > 
> > Please drop the "new-package-should-not-package-python2-module"
> > override and move the justification to the changelog.
> > 
> > It should be clear from this tag's description that this is override
> > is inappropriate and, IIRC, explicitly not requested.
> > 
> 
> Oops, I missed that :-$  Just to confirm: you'd like me to make this
> change to the stretch-backport (after which it will no longer be a
> no-change backport), and also the branch for sid, which would not be
> uploaded until buster is released?

Sure.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-

Bug#924462: node-opencv: please make the build reproducible

[Chris Lamb]

Source: node-opencv
Version: 6.0.0+git20180416.cfc96ba0-2
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed
that node-opencv could not be built reproducibly.

This is because it ships nondeterministic examples that are generated
in the tests and subsequently installed in the binary under a "tmp"
directory.

Patch attached.

 [0] https://reproducible-builds.org/


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- a/debian/rules  2019-03-13 08:41:32.113952961 +
--- b/debian/rules  2019-03-13 09:11:37.525328936 +
@@ -35,6 +35,9 @@
rm -rf node_modules
rm -rf build
 
+override_dh_installexamples:
+   dh_installexamples -Xtmp/
+
 DEB_UPSTREAM_VERSION := $(shell echo $(DEB_VERSION) | sed -e 's/-[^-]*$$//')
 GIT_URL = https://github.com/peterbraden/node-opencv.git
 get-orig-source:

Bug#920339: reproducing

[sergio]

On Sat, 2 Mar 2019 13:32:36 +0100 Andrej Shadura  
wrote:



Unless you tell me how to reproduce this issue, I’m going to keep it closed.

Have you tried to install it on system with sysv-rc?

I can give you access to virtual host.

--
sergio.

Bug#924464: unblock: cl-fad/20180430-3

[Sébastien Villemot]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package cl-fad. The version in unstable fixes #923666, by simply
marking an autopkgtest as flaky. Debdiff attached.

unblock cl-fad/20180430-3

Thanks,

--
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  http://sebastien.villemot.name
⠈⠳⣄  http://www.debian.org
diff -Nru cl-fad-20180430/debian/changelog cl-fad-20180430/debian/changelog
--- cl-fad-20180430/debian/changelog2019-02-14 14:33:05.0 +0100
+++ cl-fad-20180430/debian/changelog2019-03-04 14:24:52.0 +0100
@@ -1,3 +1,10 @@
+cl-fad (20180430-3) unstable; urgency=medium
+
+  * Mark the autopkgtest for clisp as flaky. It often segfaults.
+(Closes: #923666)
+
+ -- Sébastien Villemot   Mon, 04 Mar 2019 14:24:52 +0100
+
 cl-fad (20180430-2) unstable; urgency=medium
 
   * Move maintenance to Debian Common Lisp Team.
diff -Nru cl-fad-20180430/debian/tests/control 
cl-fad-20180430/debian/tests/control
--- cl-fad-20180430/debian/tests/control2019-02-14 14:27:59.0 
+0100
+++ cl-fad-20180430/debian/tests/control2019-03-04 14:23:51.0 
+0100
@@ -8,4 +8,4 @@
 
 Test-Command: clisp -norc debian/tests/runtests.lisp
 Depends: @, clisp
-Restrictions: allow-stderr
+Restrictions: allow-stderr, flaky

Bug#924465: unblock: pre-approval for openipmi/2.0.25-2 patch

[Thomas Goirand]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

I've been using OpenIPMI's ipmi_sim, which simulates IPMI on a KVM virtual
machine, though it suffered from a very small buffer line for the VM
configuration.

In #923873, I proposed a fix to this, which is simply:

-#define MAX_CONFIG_LINE 1024
+#define MAX_CONFIG_LINE 10240

in lanserv/OpenIPMI/serv.h, increasing the maximum command line to 10K instead
of the original 1K.

Would the release team be ok to accept such a fix in Buster?

Cheers,

Thomas Goirand (zigo)

Bug#924466: unblock: python3-ldappool/2.3.1-1 and Keystone 2:14.0.1-2

[Thomas Goirand]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

We have discovered a bug in Keystone, where it failed with Python3 and the
LDAP backend. The fix, provided by upstream, includes upgrading ldappool to
2.3.1, and adding a patch to Keystone. This fix has been carefully tested by
the reporter of the problem.

Please unblock both package python3-ldappool/2.3.1-1 and Keystone/2:14.0.1-2
to migrate to Buster.

Cheers,

Thomas Goirand (zigo)

Bug#924467: unblock: openblas/0.3.5+ds-3

[Sébastien Villemot]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package openblas. The version in unstable fixes #923607 (FTBFS
when build host CPU is not detected).

Some bits of context:

OpenBLAS is an efficient implementation of BLAS (an API for numerical linear
algebra routines), that provides specialized kernels (with some assembly) for
different CPU micro-architectures.

On amd64, arm64 and i386, the selection of the kernel is done at runtime, after
detecting the CPU version (on other arches, the package is compiled with a
single kernel, compatible with the arch baseline).

It turns out that CPU detection is also done at build time, if the TARGET build
variable is not set, for initializing a few variables. This triggers an FTBFS
if the CPU is unknown to the build system.

The fix consist in building with TARGET=GENERIC (a dummy generic CPU
micro-archictecture). This also requires a small patch to make this works.

The debdiff is attached.

unblock openblas/0.3.5+ds-3

Thanks,

--
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  http://sebastien.villemot.name
⠈⠳⣄  http://www.debian.org
diff -Nru openblas-0.3.5+ds/debian/changelog openblas-0.3.5+ds/debian/changelog
--- openblas-0.3.5+ds/debian/changelog  2019-02-09 10:38:22.0 +0100
+++ openblas-0.3.5+ds/debian/changelog  2019-03-11 10:18:39.0 +0100
@@ -1,3 +1,13 @@
+openblas (0.3.5+ds-3) unstable; urgency=medium
+
+  * Fix FTBFS when CPU of the build machine is not detected (amd64, arm64, 
i386)
+- pass TARGET=GENERIC when building with DYNAMIC_ARCH=1
+- target-generic.patch: new patch taken from upstream, makes the above
+  possible
+(Closes: #923607)
+
+ -- Sébastien Villemot   Mon, 11 Mar 2019 10:18:39 +0100
+
 openblas (0.3.5+ds-2) unstable; urgency=medium
 
   * skylakex-dgemm.patch: new patch, fixes DGEMM regression on SkylakeX.
diff -Nru openblas-0.3.5+ds/debian/patches/series 
openblas-0.3.5+ds/debian/patches/series
--- openblas-0.3.5+ds/debian/patches/series 2019-02-09 10:35:46.0 
+0100
+++ openblas-0.3.5+ds/debian/patches/series 2019-03-11 10:07:18.0 
+0100
@@ -6,3 +6,4 @@
 matgen-symbols-not-included.patch
 order-files.patch
 skylakex-dgemm.patch
+target-generic.patch
diff -Nru openblas-0.3.5+ds/debian/patches/target-generic.patch 
openblas-0.3.5+ds/debian/patches/target-generic.patch
--- openblas-0.3.5+ds/debian/patches/target-generic.patch   1970-01-01 
01:00:00.0 +0100
+++ openblas-0.3.5+ds/debian/patches/target-generic.patch   2019-03-11 
10:09:06.0 +0100
@@ -0,0 +1,20 @@
+Description: Make TARGET=GENERIC compatible with DYNAMIC_ARCH=1
+Origin: backport, 
https://github.com/xianyi/OpenBLAS/commit/5b95534afcc80d54f51bd766b617fd3f494ec65a
+Bug: https://github.com/xianyi/OpenBLAS/issues/2048
+Bug-Debian: https://bugs.debian.org/923607
+Last-Update: 2019-03-11
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+diff --git a/kernel/Makefile.L3 b/kernel/Makefile.L3
+index eafcfb1b..bf5fffe8 100644
+--- a/kernel/Makefile.L3
 b/kernel/Makefile.L3
+@@ -24,7 +24,7 @@ ifeq ($(TARGET), LOONGSON3B)
+ USE_TRMM = 1
+ endif
+ 
+-ifeq ($(TARGET), GENERIC)
++ifeq ($(CORE), GENERIC)
+ USE_TRMM = 1
+ endif
+ 
diff -Nru openblas-0.3.5+ds/debian/rules openblas-0.3.5+ds/debian/rules
--- openblas-0.3.5+ds/debian/rules  2018-12-07 15:31:18.0 +0100
+++ openblas-0.3.5+ds/debian/rules  2019-03-04 15:11:28.0 +0100
@@ -11,10 +11,11 @@
 # Build generic package with hardcoded max number of threads of 64
 GENERIC_OPTIONS := NUM_THREADS=64
 
-# On x86 archs, enable dynamic arch selection
+# On x86 and arm64 archs, enable dynamic arch selection
+# TARGET=GENERIC is needed to avoid FTBFS when CPU detectin fails (see #923607)
 ENABLE_DYNAMIC_ARCHS := amd64 arm64 i386 kfreebsd-amd64 kfreebsd-i386
 ifneq (,$(findstring $(DEB_HOST_ARCH),$(ENABLE_DYNAMIC_ARCHS)))
-   GENERIC_OPTIONS += DYNAMIC_ARCH=1 DYNAMIC_OLDER=1
+   GENERIC_OPTIONS += DYNAMIC_ARCH=1 DYNAMIC_OLDER=1 TARGET=GENERIC
 endif
 
 # For other archs, there is no dynamic arch selection. To avoid selecting a

Bug#924468: unblock: puppet/5.5.10-2

[Apollon Oikonomopoulos]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package puppet

puppet 5.5.10-2 (already in unstable) fixes an issue whereby the Puppet 
master deserializes incoming agent reports producing variable output, 
depending on the availability of a specific package in the system 
(ruby-multi-json). This in turn can cause certain report processors 
(notably PuppetDB) to fail. See #923976 for details.

Full source debdiff against testing attached.

Regards,
Apollon

unblock puppet/5.5.10-2
diff -Nru puppet-5.5.10/debian/changelog puppet-5.5.10/debian/changelog
--- puppet-5.5.10/debian/changelog  2019-01-16 10:56:17.0 +0200
+++ puppet-5.5.10/debian/changelog  2019-03-12 12:51:05.0 +0200
@@ -1,3 +1,9 @@
+puppet (5.5.10-2) unstable; urgency=medium
+
+  * Make sure oj does not use BigDecimals on data load (Closes: #923976)
+
+ -- Apollon Oikonomopoulos   Tue, 12 Mar 2019 12:51:05 
+0200
+
 puppet (5.5.10-1) unstable; urgency=medium
 
   * New upstream bugfix release; see
diff -Nru 
puppet-5.5.10/debian/patches/0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch
 
puppet-5.5.10/debian/patches/0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch
--- 
puppet-5.5.10/debian/patches/0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch
1970-01-01 02:00:00.0 +0200
+++ 
puppet-5.5.10/debian/patches/0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch
2019-03-12 12:51:05.0 +0200
@@ -0,0 +1,35 @@
+From: Apollon Oikonomopoulos 
+Date: Sun, 10 Mar 2019 01:22:29 +0200
+Subject: Avoid BigDecimals when loading JSON using Oj
+
+This is already done for JrJackson and needs to be done for Oj as well
+to avoid sending malformed reports to PuppetDB.
+
+Bug-Debian: https://bugs.debian.org/923976
+---
+ lib/puppet/util/json.rb | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/puppet/util/json.rb b/lib/puppet/util/json.rb
+index 6baea59..ba2491b 100644
+--- a/lib/puppet/util/json.rb
 b/lib/puppet/util/json.rb
+@@ -32,13 +32,16 @@ module Puppet::Util
+ def self.load(string, options = {})
+   if defined? MultiJson
+ begin
+-  # This ensures that JrJackson will parse very large or very small
++  # This ensures that JrJackson and Oj will parse very large or very 
small
+   # numbers as floats rather than BigDecimals, which are serialized as
+   # strings by the built-in JSON gem and therefore can cause schema 
errors,
+   # for example, when we are rendering reports to JSON using 
`to_pson` in
+   # PuppetDB.
+-  if MultiJson.adapter.name == "MultiJson::Adapters::JrJackson"
++  case MultiJson.adapter.name
++  when "MultiJson::Adapters::JrJackson"
+ options[:use_bigdecimal] = false
++  when "MultiJson::Adapters::Oj"
++options[:bigdecimal_load] = :float
+   end
+ 
+   MultiJson.load(string, options)
diff -Nru puppet-5.5.10/debian/patches/series 
puppet-5.5.10/debian/patches/series
--- puppet-5.5.10/debian/patches/series 2018-11-09 09:54:47.0 +0200
+++ puppet-5.5.10/debian/patches/series 2019-03-12 12:51:05.0 +0200
@@ -6,3 +6,4 @@
 0007-Fix-service-listing-and-enable-disable-in-Debian.patch
 0008-fix-locale-loading.patch
 reproducible-build.patch
+0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch

Bug#924469: RM: python-fabulous-doc/-1 -- ROM; Leftover package after docs are back in main package.

[Jonathan Carter]

Package: ftp.debian.org
Severity: normal

Dear ftpmaster

Please remove python-fabulous-doc (0.3.0+dfsg1-2) from unstable, since the docs 
are now shipped along with they python3 only package python3-fabulous.

thanks,

-Jonathan

Bug#924471: unblock: aptfs/2:0.13.1-1

[Chris Lamb]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock aptfs/2:0.13.1-1 for buster. This will fix:

  https://bugs.debian.org/923811

… and prevent an AUTORM from testing. This is via the following minor
typo fix:

  
https://salsa.debian.org/lamby/aptfs/commit/48b64c5d38ca74c0ef319fccc7a24865726bcefe.patch

The full debdiff is attached, however.

I do spot I semi-automatically bumped the Standards-Version when
performing the upload last week without (!) considering the freeze. If
it helps, I am both upstream and Debian maintainer for this project.

unblock aptfs/2:0.13.1-1


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-diffstat for aptfs-0.13.0 aptfs-0.13.1

 PKG-INFO |2 +-
 debian/changelog |7 +++
 debian/control   |2 +-
 mount.aptfs  |2 +-
 setup.py |2 +-
 5 files changed, 11 insertions(+), 4 deletions(-)

diff -Nru aptfs-0.13.0/debian/changelog aptfs-0.13.1/debian/changelog
--- aptfs-0.13.0/debian/changelog   2018-07-24 12:55:54.0 +0100
+++ aptfs-0.13.1/debian/changelog   2019-03-06 09:52:48.0 +
@@ -1,3 +1,10 @@
+aptfs (2:0.13.1-1) unstable; urgency=medium
+
+  * New upstream release. (Closes: #923811)
+  * Bump Standards-Version to 4.3.0.
+
+ -- Chris Lamb   Wed, 06 Mar 2019 09:52:48 +
+
 aptfs (2:0.13.0-1) unstable; urgency=medium
 
   * New upstream release:
diff -Nru aptfs-0.13.0/debian/control aptfs-0.13.1/debian/control
--- aptfs-0.13.0/debian/control 2018-07-24 12:55:54.0 +0100
+++ aptfs-0.13.1/debian/control 2019-03-06 09:52:48.0 +
@@ -6,7 +6,7 @@
  debhelper (>= 11),
  dh-python,
  python,
-Standards-Version: 4.1.5
+Standards-Version: 4.3.0
 Homepage: https://chris-lamb.co.uk/projects/aptfs
 Vcs-Git: https://salsa.debian.org/lamby/pkg-aptfs.git
 Vcs-Browser: https://salsa.debian.org/lamby/pkg-aptfs
diff -Nru aptfs-0.13.0/mount.aptfs aptfs-0.13.1/mount.aptfs
--- aptfs-0.13.0/mount.aptfs2018-07-24 11:34:28.0 +0100
+++ aptfs-0.13.1/mount.aptfs2019-03-06 09:47:06.0 +
@@ -60,7 +60,7 @@
 val = raw in ('true', 'yes', 'y', '1', 'on')
 setattr(server, x, val)
 
-for x in ('max_unpackaged_packages',):
+for x in ('max_unpacked_packages',):
 val = int(getattr(server, x))
 setattr(server, x, val)
 
diff -Nru aptfs-0.13.0/PKG-INFO aptfs-0.13.1/PKG-INFO
--- aptfs-0.13.0/PKG-INFO   2018-07-24 11:47:44.0 +0100
+++ aptfs-0.13.1/PKG-INFO   2019-03-06 09:49:13.0 +
@@ -1,6 +1,6 @@
 Metadata-Version: 1.0
 Name: aptfs
-Version: 0.13.0
+Version: 0.13.1
 Summary: UNKNOWN
 Home-page: UNKNOWN
 Author: Chris Lamb
diff -Nru aptfs-0.13.0/setup.py aptfs-0.13.1/setup.py
--- aptfs-0.13.0/setup.py   2018-07-24 11:47:43.0 +0100
+++ aptfs-0.13.1/setup.py   2019-03-06 09:48:32.0 +
@@ -21,7 +21,7 @@
 
 setup(
 name='aptfs',
-version='0.13.0',
+version='0.13.1',
 author="Chris Lamb",
 author_email="la...@debian.org",
 packages=(

Bug#924470: unblock: slime/2:2.23+dfsg-2

[Sébastien Villemot]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package slime. The version in unstable fixes #923786, by
adapting the Recommends field to the new Emacs package layout in Buster. 

Debdiff attached.

unblock slime/2:2.23+dfsg-2

Thanks,

--
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  http://sebastien.villemot.name
⠈⠳⣄  http://www.debian.org
diff -Nru slime-2.23+dfsg/debian/changelog slime-2.23+dfsg/debian/changelog
--- slime-2.23+dfsg/debian/changelog2018-12-23 18:56:18.0 +0100
+++ slime-2.23+dfsg/debian/changelog2019-03-07 09:21:47.0 +0100
@@ -1,3 +1,10 @@
+slime (2:2.23+dfsg-2) unstable; urgency=medium
+
+  * Use emacs metapackage in Recommends, instead of obsolete emacs24* and
+emacs25* packages. (Closes: #923786)
+
+ -- Sébastien Villemot   Thu, 07 Mar 2019 09:21:47 +0100
+
 slime (2:2.23+dfsg-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru slime-2.23+dfsg/debian/control slime-2.23+dfsg/debian/control
--- slime-2.23+dfsg/debian/control  2018-12-23 18:55:20.0 +0100
+++ slime-2.23+dfsg/debian/control  2019-03-07 09:19:49.0 +0100
@@ -22,7 +22,7 @@
 Architecture: all
 Depends: ${misc:Depends},
  ${elpa:Depends}
-Recommends: cl-swank (= ${source:Version}), info | info-browser, emacs25 | 
emacs24 (>= 24.3) | emacs24-lucid (>= 24.3) | emacs24-nox (>= 24.3)
+Recommends: cl-swank (= ${source:Version}), info | info-browser, emacs (>= 46)
 Suggests: hyperspec
 Description: Superior Lisp Interaction Mode for Emacs (client)
  SLIME is the Superior Lisp Interaction Mode for Emacs.

Bug#924473: duc: FTBFS (dh_installman: Cannot find "debian/build-nox/doc/duc.1")

[Santiago Vila]

Package: src:duc
Version: 1.4.3-5
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-arch
dh build-arch --with autoreconf
   dh_update_autotools_config -a
   dh_autoreconf -a
configure.ac:22: installing './compile'
configure.ac:19: installing './install-sh'
configure.ac:19: installing './missing'
Makefile.am: installing './depcomp'
   debian/rules override_dh_auto_configure
make[1]: Entering directory '/<>'
dh_auto_configure --builddirectory=/<>/debian/build -- 
--enable-dependency-tracking CFLAGS="-g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -fPIE" LDFLAGS="-Wl,-z,relro -Wl,-z,now -Wl,--as-needed 
-fPIE -pie"
cd debian/build && ../../configure --build=x86_64-linux-gnu 
--prefix=/usr --includedir=\${prefix}/include --mandir=\${prefix}/share/man 
--infodir=\${prefix}/share/info --sysconfdir=/etc --localstatedir=/var 
--disable-silent-rules --libdir=\${prefix}/lib/x86_64-linux-gnu 
--libexecdir=\${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode 
--disable-dependency-tracking --enable-dependency-tracking "CFLAGS=-g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -fPIE" "LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed 
-fPIE -pie"
configure: WARNING: unrecognized options: --disable-maintainer-mode
checking for a BSD-compatible install... /usr/bin/install -c

[... snipped ...]

gcc -DHAVE_CONFIG_H -I. -I../..   -Wdate-time -D_FORTIFY_SOURCE=2 -Isrc/libduc 
-Isrc/libduc-graph -Isrc/glad -g -O2 -fdebug-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIE -MT 
src/duc/cmd-ui.o -MD -MP -MF $depbase.Tpo -c -o src/duc/cmd-ui.o 
../../src/duc/cmd-ui.c &&\
mv -f $depbase.Tpo $depbase.Po
depbase=`echo src/duc/cmd-xml.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DHAVE_CONFIG_H -I. -I../..   -Wdate-time -D_FORTIFY_SOURCE=2 -Isrc/libduc 
-Isrc/libduc-graph -Isrc/glad -g -O2 -fdebug-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIE -MT 
src/duc/cmd-xml.o -MD -MP -MF $depbase.Tpo -c -o src/duc/cmd-xml.o 
../../src/duc/cmd-xml.c &&\
mv -f $depbase.Tpo $depbase.Po
depbase=`echo src/duc/ducrc.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DHAVE_CONFIG_H -I. -I../..   -Wdate-time -D_FORTIFY_SOURCE=2 -Isrc/libduc 
-Isrc/libduc-graph -Isrc/glad -g -O2 -fdebug-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIE -MT 
src/duc/ducrc.o -MD -MP -MF $depbase.Tpo -c -o src/duc/ducrc.o 
../../src/duc/ducrc.c &&\
mv -f $depbase.Tpo $depbase.Po
depbase=`echo src/duc/main.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DHAVE_CONFIG_H -I. -I../..   -Wdate-time -D_FORTIFY_SOURCE=2 -Isrc/libduc 
-Isrc/libduc-graph -Isrc/glad -g -O2 -fdebug-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIE -MT 
src/duc/main.o -MD -MP -MF $depbase.Tpo -c -o src/duc/main.o 
../../src/duc/main.c &&\
mv -f $depbase.Tpo $depbase.Po
gcc -Isrc/libduc -Isrc/libduc-graph -Isrc/glad -g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -fPIE  -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -fPIE 
-pie -o duc src/libduc/buffer.o src/libduc/db.o src/libduc/db-tokyo.o 
src/libduc/db-kyoto.o src/libduc/db-leveldb.o src/libduc/db-sqlite3.o 
src/libduc/db-lmdb.o src/libduc/dir.o src/libduc/duc.o src/libduc/index.o 
src/libduc/canonicalize.o src/libduc/varint.o src/glad/glad.o 
src/libduc-graph/graph.o src/libduc-graph/graph-cairo.o 
src/libduc-graph/graph-opengl.o src/libduc-graph/graph-svg.o 
src/libduc-graph/graph-html.o src/duc/cmd-cgi.o src/duc/cmd-graph.o 
src/duc/cmd-gui.o src/duc/cmd-guigl.o src/duc/cmd-index.o src/duc/cmd-info.o 
src/duc/cmd-ls.o src/duc/cmd-ui.o src/duc/cmd-xml.o src/duc/ducrc.o 
src/duc/main.o -ltokyocabinet  -lncursesw -lm 
make[3]: Entering directory '/<>/debian/build-nox'
 /bin/mkdir -p '/<>/debian/build-nox.inst/usr/bin'
  /usr/bin/install -c duc '/<>/debian/build-nox.inst/usr/bin'
/usr/bin/make  install-exec-hook
make[4]: Entering directory '/<>/debian/build-nox'
/sbin/ldconfig || :;
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission 
denied
make[4]: Leaving directory '/<>/debian/build-nox'
 /bin/mkdir -p '/<>/debian/build-nox.inst/usr/share/man/man1'
 /usr/bin/install -c -m 644 ../../doc/duc.1 
'/<>/debian/build-nox.inst/usr/share/man/man1'
make[3]: Leaving directory '/<>/debian/build-nox'
make[2]: Leaving directory '/<>/debian/build-nox'
cp -r doc /<>/debian/build-nox/
rm -f /<>/debian/build-nox/doc/duc.1
/usr/bin/make -C /<>/debian/build-nox/doc
make[2]: Entering directory '/<>/debian/build-nox/doc'
../duc manual > options.txt
sed -e "//r options.txt" -e "//d" < manual.txt > duc.md
ronn --style=toc,80c duc.md
 roff: ./duc.md.1 
 html: ./duc.md.1.html   

Bug#924474: lxqt-qtplugin: FTBFS (dh_auto_configure fails)

[Santiago Vila]

Package: src:lxqt-qtplugin
Version: 0.14.0-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-arch
dh build-arch --buildsystem cmake
   dh_update_autotools_config -a -O--buildsystem=cmake
   dh_autoreconf -a -O--buildsystem=cmake
   debian/rules override_dh_auto_configure
make[1]: Entering directory '/<>'
dh_auto_configure --\
-DCMAKE_BUILD_TYPE=RelWithDebInfo
cd obj-x86_64-linux-gnu && cmake -DCMAKE_INSTALL_PREFIX=/usr 
-DCMAKE_BUILD_TYPE=None -DCMAKE_INSTALL_SYSCONFDIR=/etc 
-DCMAKE_INSTALL_LOCALSTATEDIR=/var -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON 
-DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON -DCMAKE_INSTALL_RUNSTATEDIR=/run 
"-GUnix Makefiles" -DCMAKE_VERBOSE_MAKEFILE=ON 
-DCMAKE_INSTALL_LIBDIR=lib/x86_64-linux-gnu -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
-- The C compiler identification is GNU 8.3.0
-- The CXX compiler identification is GNU 8.3.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info

[... snipped ...]

Feature record: CXX_FEATURE:0cxx_deleted_functions
Feature record: CXX_FEATURE:0cxx_digit_separators
Feature record: CXX_FEATURE:0cxx_enum_forward_declarations
Feature record: CXX_FEATURE:0cxx_explicit_conversions
Feature record: CXX_FEATURE:0cxx_extended_friend_declarations
Feature record: CXX_FEATURE:0cxx_extern_templates
Feature record: CXX_FEATURE:0cxx_final
Feature record: CXX_FEATURE:0cxx_func_identifier
Feature record: CXX_FEATURE:0cxx_generalized_initializers
Feature record: CXX_FEATURE:0cxx_generic_lambdas
Feature record: CXX_FEATURE:0cxx_inheriting_constructors
Feature record: CXX_FEATURE:0cxx_inline_namespaces
Feature record: CXX_FEATURE:0cxx_lambdas
Feature record: CXX_FEATURE:0cxx_lambda_init_captures
Feature record: CXX_FEATURE:0cxx_local_type_template_args
Feature record: CXX_FEATURE:0cxx_long_long_type
Feature record: CXX_FEATURE:0cxx_noexcept
Feature record: CXX_FEATURE:0cxx_nonstatic_member_init
Feature record: CXX_FEATURE:0cxx_nullptr
Feature record: CXX_FEATURE:0cxx_override
Feature record: CXX_FEATURE:0cxx_range_for
Feature record: CXX_FEATURE:0cxx_raw_string_literals
Feature record: CXX_FEATURE:0cxx_reference_qualified_functions
Feature record: CXX_FEATURE:0cxx_relaxed_constexpr
Feature record: CXX_FEATURE:0cxx_return_type_deduction
Feature record: CXX_FEATURE:0cxx_right_angle_brackets
Feature record: CXX_FEATURE:0cxx_rvalue_references
Feature record: CXX_FEATURE:0cxx_sizeof_member
Feature record: CXX_FEATURE:0cxx_static_assert
Feature record: CXX_FEATURE:0cxx_strong_enums
Feature record: CXX_FEATURE:1cxx_template_template_parameters
Feature record: CXX_FEATURE:0cxx_thread_local
Feature record: CXX_FEATURE:0cxx_trailing_return_types
Feature record: CXX_FEATURE:0cxx_unicode_literals
Feature record: CXX_FEATURE:0cxx_uniform_initialization
Feature record: CXX_FEATURE:0cxx_unrestricted_unions
Feature record: CXX_FEATURE:0cxx_user_literals
Feature record: CXX_FEATURE:0cxx_variable_templates
Feature record: CXX_FEATURE:0cxx_variadic_macros
Feature record: CXX_FEATURE:0cxx_variadic_templates
dh_auto_configure: cd obj-x86_64-linux-gnu && cmake -DCMAKE_INSTALL_PREFIX=/usr 
-DCMAKE_BUILD_TYPE=None -DCMAKE_INSTALL_SYSCONFDIR=/etc 
-DCMAKE_INSTALL_LOCALSTATEDIR=/var -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON 
-DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON -DCMAKE_INSTALL_RUNSTATEDIR=/run 
"-GUnix Makefiles" -DCMAKE_VERBOSE_MAKEFILE=ON 
-DCMAKE_INSTALL_LIBDIR=lib/x86_64-linux-gnu -DCMAKE_BUILD_TYPE=RelWithDebInfo 
.. returned exit code 1
make[1]: *** [debian/rules:12: override_dh_auto_configure] Error 2
make[1]: Leaving directory '/<>'
make: *** [debian/rules:9: build-arch] Error 2
dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit 
status 2


(The above is just how the build ends and not necessarily the most relevant 
part)

The build was made in my autobuilder with "dpkg-buildpackage -A"
and it also fails here:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/lxqt-qtplugin.html

where you can get a full build log if you need it.

If this is really a bug in one of the build-depends, please use reassign and 
affects,
so that this is still visible in the BTS web page for this package.

Thanks.

Bug#924475: [xterm] ATR_ITALIC is not always rendered properly when using core X fonts

[Andrey ``Bass'' Shcheglov]

Package: xterm
Version: 327-2
Severity: normal

--- Please enter the report below this line. ---

When using core X fonts (from the X server), Xterm attempts to infer the
oblique (-o-) version from the regular font in order to render
italicized text.

Not all fonts, however, have the oblique versions, providing italic ones
(-i-) instead. At run time, this results in the following message
displayed to stderr:

> xterm: cannot load font '-monotype-courier
> new-medium-o-*-*-17-120-100-100-m-100-koi8-r'
> xterm: cannot load font '-monotype-courier
> new-medium-o-*-*-17-120-100-100-m-100-koi8-r'
> xterm: cannot load font '-monotype-courier
> new-medium-o-*-*-17-120-100-100-m-100-koi8-r'
> xterm: cannot load font '-monotype-courier
> new-medium-o-*-*-17-120-100-100-m-100-koi8-r'

When looking for the italic font, Xterm should attempt both
alternatives, in order.

Alternatively, it would make sense to have X resource(s) available,
allowing to explicitly specify italic version(s) for font1 through font6.

--- System information. ---
Architecture:
Kernel: Linux 4.9.0-8-amd64

Debian Release: 9.3
500 xenial package.perforce.com
500 trusty package.perforce.com
500 stable-updates ftp.ru.debian.org
500 stable security.debian.org
500 stable ftp.ru.debian.org
500 precise package.perforce.com
500 oldstable-updates ftp.ru.debian.org
500 oldstable security.debian.org
500 oldstable ftp.ru.debian.org
500 oldoldstable-updates ftp.ru.debian.org
500 oldoldstable security.debian.org
500 oldoldstable ftp.ru.debian.org
500 bionic ppa.launchpad.net
100 stretch-backports ftp.ru.debian.org

--- Package information. ---
Depends (Version) | Installed
===-+-=
xbitmaps | 1.1.1-2
libc6 (>= 2.15) |
libfontconfig1 (>= 2.11) |
libice6 (>= 1:1.0.0) |
libtinfo5 (>= 6) |
libutempter0 (>= 1.1.5) |
libx11-6 |
libxaw7 |
libxft2 (>> 2.1.1) |
libxinerama1 |
libxmu6 |
libxpm4 |
libxt6 |


Recommends (Version) | Installed
=-+-===
x11-utils | 7.7+3+b1


Suggests (Version) | Installed
==-+-===
xfonts-cyrillic | 1:1.0.4



signature.asc
Description: OpenPGP digital signature

Bug#912549: icedtea-web FTBFS with OpenJDK 11

[Andreas Tille]

On Tue, Mar 12, 2019 at 11:41:22AM +0100, Andreas Tille wrote:
> Michael Crusoe has suggested a workaround[1].  What do you think about
> this?

In case there is no answer to this question I assume it is OK to
upload the workaround.  Hope you agree with this.

Kind regards

   Andreas.
 
 
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912549#10

-- 
http://fam-tille.de

Bug#923666: cl-fad: flaky autopkgtest, segfaults most of the time

[Sébastien Villemot]

Le dimanche 03 mars 2019 à 15:29 +0100, Paul Gevers a écrit :
> On 03-03-2019 15:24, Sébastien Villemot wrote:
> > Do you think it is worth making this change now, given that I'll have
> > to ask for an unblock?
> 
> I'll process the unblock if this is the only change you make, yes.

Unblock request filed as #924464.

-- 
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  http://sebastien.villemot.name
⠈⠳⣄  http://www.debian.org


signature.asc
Description: This is a digitally signed message part

Bug#870406: Any news for this bug?

[Andreas Tille]

Hi,

I just realised that several reverse dependencies of mpg321 are in
danger of getting autoremoved from testing.

Kind regards

 Andreas.

-- 
http://fam-tille.de

Bug#923695: libczmq-dev: pkg-config --cflags libczmq.pc fails without uuid-dev and libsystemd-dev installed

[Luca Boccassi]

On Wed, 2019-03-13 at 02:00 +, John Morris wrote:
> Package: czmq
> Version: 4.2.0-1
> Followup-For: Bug #923695
> 
> Dear Maintainer,
> 
> The version 4.2.0-2 pushed to Sid fixes this problem, but the problem
> still exists in Buster, still at 4.2.0-1.
> 
> Thanks!

It will migrate to buster tomorrow or the day after

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#924476: neutron-dynamic-routing-common not doing db migrations

[Michal Arbet]

Package: neutron-dynamic-routing-common
Version: 2:13.0.0-1

Hi,

Neutron-dynamic-routing should run db migration for neutron subproject
dynamic-routing as other neutron subprojects [ neutron-fwaas,
neutron-vpnaas , etc ... ] in postinst script .

Postinst is not present  now and neutron-dynamic-routing is not working as
there is old db layout which doesn't match modified code.

Thanks,
Michal

Bug#921901: ruby-voight-kampff: FTBFS (expected: < 0.002, got: 0.002076509001199156)

[Andreas Tille]

Hi,

I tried to reproduce this issue and need to admit I can not reproduce
that timing problem (I would assume that might depend from the hardware
used for the build.  However

  apt-get source ruby-voight-kampff
  cd ruby-voight-kampff
  pdebuild

leaded to:

...
┌──┐
│ Run tests for ruby2.5 from debian/ruby-tests.rake│
└──┘

RUBYLIB=/build/ruby-voight-kampff-1.1.3/debian/ruby-voight-kampff/usr/lib/ruby/vendor_ruby:.
 
GEM_PATH=debian/ruby-voight-kampff/usr/share/rubygems-integration/all:/var/lib/gems/2.5.0:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.5.0:/usr/share/rubygems-integration/2.5.0:/usr/share/rubygems-integration/all
 ruby2.5 -S rake -f debian/ruby-tests.rake
rspec

An error occurred while loading 
./spec/controllers/replicants_controller_spec.rb.
Failure/Error: require 'rspec/rails'

NameError:
  uninitialized constant Capybara::VERSION
# ./spec/spec_helper.rb:7:in `'
# ./spec/controllers/replicants_controller_spec.rb:1:in `'

An error occurred while loading ./spec/lib/voight_kampff/rack_request_spec.rb.
Failure/Error: Combustion.initialize! :action_controller

RuntimeError:
  Application has been already initialized.
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/application.rb:360:in
 `initialize!'
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/railtie.rb:190:in
 `public_send'
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/railtie.rb:190:in
 `method_missing'
# 
/usr/share/rubygems-integration/all/gems/combustion-1.0.0/lib/combustion.rb:32:in
 `initialize!'
# ./spec/spec_helper.rb:5:in `'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:291:in
 `require'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:291:in
 `block in require'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:257:in
 `load_dependency'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:291:in
 `require'
# ./spec/lib/voight_kampff/rack_request_spec.rb:1:in `'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:285:in
 `load'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:285:in
 `block in load'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:257:in
 `load_dependency'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:285:in
 `load'

An error occurred while loading ./spec/lib/voight_kampff/test_spec.rb.
Failure/Error: Combustion.initialize! :action_controller

RuntimeError:
  Application has been already initialized.
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/application.rb:360:in
 `initialize!'
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/railtie.rb:190:in
 `public_send'
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/railtie.rb:190:in
 `method_missing'
# 
/usr/share/rubygems-integration/all/gems/combustion-1.0.0/lib/combustion.rb:32:in
 `initialize!'
# ./spec/spec_helper.rb:5:in `'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:291:in
 `require'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:291:in
 `block in require'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:257:in
 `load_dependency'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:291:in
 `require'
# ./spec/lib/voight_kampff/test_spec.rb:1:in `'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:285:in
 `load'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:285:in
 `block in load'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:257:in
 `load_dependency'
# 
/usr/share/rubygems-integration/all/gems/activesupport-5.2.2/lib/active_support/dependencies.rb:285:in
 `load'

An error occurred while loading ./spec/lib/voight_kampff_spec.rb.
Failure/Error: Combustion.initialize! :action_controller

RuntimeError:
  Application has been already initialized.
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/application.rb:360:in
 `initialize!'
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/railtie.rb:190:in
 `public_send'
# 
/usr/share/rubygems-integration/all/gems/railties-5.2.2/lib/rails/railtie.rb:190:in
 `method_missing'
# 
/usr/share/rubygems-integration/all/gems/combustion-1.0.0/lib/c

Bug#924478: gbp pq import regression: duplicates MIME-Version, Content-Type, Content-Transfer-Encoding as pseudo-header

[Simon McVittie]

Package: git-buildpackage
Version: 0.9.13
Severity: normal
Tags: patch

Steps to reproduce:

* Have a package in git, with patches containing non-ASCII metadata.
  Good examples include https://anonscm.debian.org/git/pkg-utopia/policykit.git
  master, at commit 4f1d21c3 (debian/0.105-25), and
  https://salsa.debian.org/gnome-team/gnome-keyring.git debian/buster,
  at commit ab353ae9 (debian/3.28.2-5).
  The same issue seems to be visible in the unblock diff quoted in
  ,
  so this isn't only affecting me.
* gbp pq drop
* gbp pq import
* Look at git log. In policykit-1, affected commits include
  "CVE-2015-3218: backend: Handle invalid object paths in
  RegisterAuthenticationAgent". In gnome-keyring, affected commits include
  "gkm-mock: Also store objects in the order they are taken".
* gbp pq export
* Look at the patches. In policykit-1, affected patches include
  debian/patches/0.113/00git_invalid_object_paths.patch.
  In gnome-keyring, affected patches include
  debian/patches/gkm-mock-Also-store-objects-in-the-order-they-are-taken.patch.

Expected result:

No semantically significant changes to patches

Actual result:

`gbp pq import` treats the MIME-Version, Content-Type and
Content-Transfer-Encoding as though they were semantically significant
parts of the patch metadata (rather than merely an artifact of the email
transport) and prepends them to the long commit message:

> $ git log patch-queue/debian/buster
...
> commit 4169ffaaf4498facee2bbf8c65292761b1d740e2
> Author: Iain Lane 
> Date:   2019-01-30 14:34:51 +
> 
> gkm-mock: Also store objects in the order they are taken
> 
> MIME-Version: 1.0
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: 8bit
> 
> With GLib 2.59, the `test-login-auto` test fails:
...

As a result, after `gbp pq export`, the MIME-Version, Content-Type and
Content-Transfer-Encoding in the email header get duplicated into new
pseudo-headers, like this (note the same fields still present in the
email header, just before the added lines):

> $ git diff
...
> --- 
> a/debian/patches/gkm-mock-Also-store-objects-in-the-order-they-are-taken.patch
> +++ 
> b/debian/patches/gkm-mock-Also-store-objects-in-the-order-they-are-taken.patch
> @@ -5,6 +5,10 @@ MIME-Version: 1.0
>  Content-Type: text/plain; charset="utf-8"
>  Content-Transfer-Encoding: 8bit
>
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset="utf-8"
> +Content-Transfer-Encoding: 8bit
> +
>  With GLib 2.59, the `test-login-auto` test fails:
>
>Gcr-CRITICAL **: 14:34:24.126: expected prompt property 'choice-label'

Proposed patch attached.

Regards,
smcv

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1, 
'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-3-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages git-buildpackage depends on:
ii  devscripts 2.19.3
ii  git1:2.20.1-2
ii  man-db 2.8.5-2
ii  python33.7.2-1
ii  python3-dateutil   2.7.3-3
ii  python3-pkg-resources  40.8.0-1
ii  sensible-utils 0.0.12

Versions of packages git-buildpackage recommends:
ii  cowbuilder0.88
ii  pbuilder  0.230.2
ii  pristine-tar  1.46
ii  python3-requests  2.21.0-1
ii  sbuild0.78.1-1

Versions of packages git-buildpackage suggests:
pn  python3-notify2  
ii  sudo 1.8.27-1
ii  unzip6.0-22

-- no debconf information
>From 7f74448f8688d18e87b74543041392dd32261d15 Mon Sep 17 00:00:00 2001
From: Simon McVittie 
Date: Wed, 13 Mar 2019 10:19:03 +
Subject: [PATCH] Dep3Patch: Ignore MIME headers

Otherwise, if we import a patch containing non-ASCII characters
exported by `gbp pq export` or `git format-patch` using DEP-3
syntax, we'd misinterpret these fields as semantically significant
and copy them into pseudo-headers, causing them to be duplicated
in the commit's long description.

Signed-off-by: Simon McVittie 
---
 gbp/patch_series.py | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/gbp/patch_series.py b/gbp/patch_series.py
index c47f4b6..7b561e6 100644
--- a/gbp/patch_series.py
+++ b/gbp/patch_series.py
@@ -255,6 +255,16 @@ class Dep3Patch(Patch):
 changes += add_date(v)
 elif k == 'long_desc':
 pass
+elif k in (
+'content-transfer-encoding',
+'content-type',
+'mime-version',
+ 

Bug#923772: Solved in new upstream version: Adapter removal test suite fails in i386 architecture with strange replacement of "(" by "'" (#35)

[Andreas Tille]

Hi,

the issue was fixed upstream in a new release (Mikkel, thanks a lot
for the quick and helpful solution).

The new release does contain more things than just a fix for that very
problem but other changes (for instance "Port to python3").  I admit my
prefered fix for this bug would be to simply ask ftpmaster for removal
of the i386 port instead of undergo a tricky extration of the solution
in the changed code base.

Alternatively the issue could be documented in README.Debian for i386
and the specific test ignored on this architecture.  In this case I'd
leave the bug open but decrease severity to important and fix it by the
new upstream version after Buster release.  (Please check the Debian bug
log[1] or upstream issue tracker to draw a founded decision how much
this might affect practical usage on an architecture that has most
probably zero users for this kind of software.)

Please tell me what you considered the prefered method (removal of i386
build or ignore test failure) given that no new upstream versions are
accepted in Freeze.

Kind regards

   Andreas.


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923772#19

- Forwarded message from Mikkel Schubert  -

Date: Tue, 12 Mar 2019 10:09:17 -0700
From: Mikkel Schubert 
To: MikkelSchubert/adapterremoval 
Cc: Andreas Tille , Author 
Subject: Re: [MikkelSchubert/adapterremoval] Test suite fails in i386 
architecture with strange replacement of "(" by "'" (#35)

I predict that I'll release a new version of AdapterRemoval 5 minutes ago. ;)

-- 
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
https://github.com/MikkelSchubert/adapterremoval/issues/35#issuecomment-472093296

- End forwarded message -

-- 
http://fam-tille.de

Bug#924479: unblock: fai/5.8.3

[Thomas Lange]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package fai


The changes from 5.8.1 to 5.8.3 are fixing the piuparts RC bug #924227.
In fai-mirror the hardcoded release name stretch was replaced by a
regex. In other configuration files stretch was now replaced by buster.
In conf/NFSROOT two package names were replaced by smaller
alternatives and I had to add the gpg package for the DEBIAN_10 and
DEBIAN_11 environments. Other changes are documentation updates.



diff -Nru fai-5.8.1/bin/fai-mirror fai-5.8.3/bin/fai-mirror
--- fai-5.8.1/bin/fai-mirror2018-05-28 11:21:24.0 +0200
+++ fai-5.8.3/bin/fai-mirror2019-03-07 20:52:42.0 +0100
@@ -5,7 +5,7 @@
 # fai-mirror -- create and manage a partial mirror for FAI
 #
 # This script is part of FAI (Fully Automatic Installation)
-# (c) 2004-2018, Thomas Lange, la...@informatik.uni-koeln.de
+# (c) 2004-2019, Thomas Lange, la...@informatik.uni-koeln.de
 #
 #*
 # This program is free software; you can redistribute it and/or modify
@@ -259,7 +259,7 @@
 fi
 
 # check if backports are used
-bpo=$(awk '/^deb .+-backports / {print $3}' $aptcache/etc/apt/sources.list)
+bpo=$(egrep '^deb ' $aptcache/etc/apt/sources.list | grep -P -o 
'\S+-backports')
 
 if [ -f "$aptpref" ]; then
 cp "$aptpref" $aptcache/etc/apt/preferences
@@ -317,7 +317,7 @@
 EOF
 
 # maybe using reprepro pulls it's possible to move instead of copy the packages
- reprepro -b $mirrordir includedeb stretch-backports 
$archivedir/*~bpo[0-9]*+[0-9-]*_*.deb
+ reprepro -b $mirrordir includedeb $bpo 
$archivedir/*~bpo[0-9]*+[0-9-]*_*.deb
  rm -f $archivedir/*~bpo[0-9]*+[0-9-]*_*.deb
 fi
 
diff -Nru fai-5.8.1/conf/NFSROOT fai-5.8.3/conf/NFSROOT
--- fai-5.8.1/conf/NFSROOT  2019-02-08 23:27:37.0 +0100
+++ fai-5.8.3/conf/NFSROOT  2019-03-11 14:53:27.0 +0100
@@ -7,9 +7,9 @@
 dump reiserfsprogs xfsprogs xfsdump btrfs-progs  dosfstools
 hwinfo hdparm smartmontools
 subversion rdate
-emacs25-nox
+zile
 numactl
-dnsutils
+udns-utils
 netcat-traditional nmap
 pxelinux syslinux-common # in jessie we need both
 ca-certificates # for get-config-dir-https and apt-transport-https
@@ -54,7 +54,7 @@
 grub-pc
 efibootmgr
 linux-image-amd64
-#linux-image-amd64/stretch-backports # if you want to use a newer kernel
+#linux-image-amd64/buster-backports # if you want to use a newer kernel
 
 PACKAGES install-norec ARM64
 grub-efi-arm64
@@ -70,7 +70,7 @@
 apt-transport-https
 
 PACKAGES install-norec DEBIAN_10
-fdisk
+fdisk gpg
 
 PACKAGES install-norec DEBIAN_11
-fdisk
+fdisk gpg
diff -Nru fai-5.8.1/conf/nfsroot.conf fai-5.8.3/conf/nfsroot.conf
--- fai-5.8.1/conf/nfsroot.conf 2018-03-10 21:42:17.0 +0100
+++ fai-5.8.3/conf/nfsroot.conf 2019-03-11 14:25:38.0 +0100
@@ -1,7 +1,7 @@
 # For a detailed description see nfsroot.conf(5)
 
 # " " for debootstrap
-FAI_DEBOOTSTRAP="stretch http://deb.debian.org/debian";
+FAI_DEBOOTSTRAP="buster http://deb.debian.org/debian";
 FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
 
 NFSROOT=/srv/fai/nfsroot
diff -Nru fai-5.8.1/conf/sources.list fai-5.8.3/conf/sources.list
--- fai-5.8.1/conf/sources.list 2018-03-10 21:42:17.0 +0100
+++ fai-5.8.3/conf/sources.list 2019-03-11 14:25:38.0 +0100
@@ -1,8 +1,8 @@
 # These lines should work for many sites
 
-deb http://deb.debian.org/debian stretch main contrib non-free
-deb http://deb.debian.org/debian-security stretch/updates main contrib non-free
-#deb http://deb.debian.org/debian stretch-backports main contrib non-free
+deb http://deb.debian.org/debian buster main contrib non-free
+deb http://deb.debian.org/debian-security buster/updates main contrib non-free
+#deb http://deb.debian.org/debian buster-backports main contrib non-free
 
-# repository that may contain newer fai packages for stretch
-deb [trusted=yes] http://fai-project.org/download stretch koeln
+# repository that may contain newer fai packages for buster
+deb [trusted=yes] http://fai-project.org/download buster koeln
diff -Nru fai-5.8.1/debian/changelog fai-5.8.3/debian/changelog
--- fai-5.8.1/debian/changelog  2019-02-14 15:44:08.0 +0100
+++ fai-5.8.3/debian/changelog  2019-03-12 17:03:56.0 +0100
@@ -1,3 +1,22 @@
+fai (5.8.3) unstable; urgency=medium
+
+   * fai-server.prerm: add test, Closes: #924227
+   * NFSROOT: add gpg for buster and beyond
+
+ -- Thomas Lange   Tue, 12 Mar 2019 17:03:56 +0100
+
+fai (5.8.2) unstable; urgency=low
+
+  * NFSROOT,nfsroot.conf,sources.list,mkdebmirror: change defaults
+to buster
+  * fai-mirror: better regex for matching the backports name,
+do not use hardcoded release name
+  * conf/NFSROOT: replace big packages with smaller replacements
+  * README.build-sources: fix git command
+  * README: major rewrite
+
+ -- Thomas Lange   Thu, 07 Mar 2019 22:29:46 +0100
+
 fai (5.8.1) unstable; urgency=low
 

Bug#919833: 90% of shell scripts probably don't have a .sh extension

[Gabriel F. T. Gomes]

On Wed, Mar 13 2019, 積丹尼 Dan Jacobson wrote:
> 
> OK, maybe even less,
> $ file /usr/bin/*|grep -c shell\ script
> 194
> $ ls /usr/bin/*.sh
> /usr/bin/gettext.sh

This only means that a very tiny fraction of shell scripts *inside*
/usr/bin have .sh extension.  Anyhow, thanks for the clarification.

I'll take your suggestion upstream and see what it has to say about it.

Bug#924060: Serious regression in systemd 215-17+deb8u10

[Markus Koschany]

Control: tags -1 pending

Hi,

Am 11.03.19 um 23:16 schrieb Michael Biebl:
[...]
> 
> Thanks, Markus.
> 
> Also big thanks to the debian-lts team in general for backporting those
> security fixes for the systemd package in old-stable.

I could reproduce the memory leak with valgrind following the steps
provided by Dan. Indeed this issue is also known as CVE-2019-3815. I am
going to upload a new revision of systemd in Jessie now. Thank you all
for your feedback.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#924480: unblock: debian-edu/2.10.47

[Wolfgang Schweer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu

debian-edu 2.10.47 (already in unstable) adjusts some meta-packages' Recommends
and Suggests, reflecting the actual package availability in testing.

As Debian Edu uses the blends-dev framework, only packages that are actually in
testing are recommended, otherwise those are downgraded to Suggests.
This had been the case with debian-installer-10-netboot-{amd64,i386}.
Holger Levsen uploaded debian-edu 2.10.47 to unstable as soon as
debian-installer-netboot-images 20190118 migrated to testing (2019-03-11).

Due to the blends-dev mechanism also the previously suggested packages lmms and
fotoxx are now recommended.

Because both eclipse and eclipse-cdt have been removed from testing and unstable
they have been removed even as Suggests.

Full source debdiff against testing attached.

Regards,
Wolfgang

unblock debian-edu/2.10.47
diff -Nru debian-edu-2.10.46/debian/changelog 
debian-edu-2.10.47/debian/changelog
--- debian-edu-2.10.46/debian/changelog 2019-01-27 15:39:25.0 +0100
+++ debian-edu-2.10.47/debian/changelog 2019-03-11 15:54:12.0 +0100
@@ -1,3 +1,15 @@
+debian-edu (2.10.47) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * tasks/development: Drop removed packages eclipse and eclipse-cdt.
+  * tasks/main-server: Recommend (instead of suggest)
+debian-installer-10-netboot-(amd64|i386), with this offline installations
+via PXE boot are finally possible using our BD image.
+
+  * debian/control: Update after running 'make dist'.
+
+ -- Holger Levsen   Mon, 11 Mar 2019 15:54:12 +0100
+
 debian-edu (2.10.46) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-2.10.46/debian/control debian-edu-2.10.47/debian/control
--- debian-edu-2.10.46/debian/control   2019-01-27 15:39:25.0 +0100
+++ debian-edu-2.10.47/debian/control   2019-03-11 15:54:12.0 +0100
@@ -240,6 +240,7 @@
 education-misc,
 education-music,
 education-physics,
+fotoxx,
 hexchat,
 kdeedu,
 mtpaint,
@@ -250,8 +251,7 @@
 task-lxde-desktop
 Suggests: education-development,
   education-primaryschool,
-  education-video,
-  fotoxx
+  education-video
 Description: Debian Edu LXDE desktop applications
  This metapackage depends on various LXDE components and lightweight
  desktop applications that are useful for teachers and their students.
@@ -274,6 +274,7 @@
 education-misc,
 education-music,
 education-physics,
+fotoxx,
 galculator,
 kdeedu,
 lightdm,
@@ -284,8 +285,7 @@
 task-lxqt-desktop
 Suggests: education-development,
   education-primaryschool,
-  education-video,
-  fotoxx
+  education-video
 Description: Debian Edu LXQt desktop applications
  This metapackage depends on various LXQt components and lightweight
  desktop applications that are useful for teachers and their students.
@@ -484,9 +484,7 @@
 subversion,
 thonny,
 umbrello
-Suggests: eclipse,
-  eclipse-cdt,
-  swi-prolog,
+Suggests: swi-prolog,
   swi-prolog-doc,
   tcl8.6-dev,
   tk8.6-dev
@@ -689,6 +687,8 @@
  education-tasks (= ${binary:Version})
 Recommends: apache2,
 bind9,
+debian-installer-10-netboot-amd64,
+debian-installer-10-netboot-i386,
 dovecot-gssapi,
 dovecot-imapd,
 education-networked,
@@ -744,8 +744,6 @@
 tftpd-hpa
 Suggests: apache2-doc,
   calamaris,
-  debian-installer-10-netboot-amd64,
-  debian-installer-10-netboot-i386,
   default-mysql-client,
   dlint,
   dnswalk,
@@ -837,6 +835,7 @@
 gtick,
 hydrogen,
 lingot,
+lmms,
 mcp-plugins,
 musescore,
 nted,
@@ -849,8 +848,7 @@
 timgm6mb-soundfont,
 tuxguitar
 Suggests: festival,
-  lilypond,
-  lmms
+  lilypond
 Description: Debian Edu music and sound applications
  This metapackage depends on various applications that can be used to
  teach music.
diff -Nru debian-edu-2.10.46/tasks/development 
debian-edu-2.10.47/tasks/development
--- debian-edu-2.10.46/tasks/development2019-01-27 15:39:25.0 
+0100
+++ debian-edu-2.10.47/tasks/development2019-03-11 15:54:12.0 
+0100
@@ -36,10 +36,6 @@
  gambas3,
 
 Recommends:
- eclipse,
- eclipse-cdt,
-
-Recommends:
  bwbasic,
 
 Recommends:

Bug#921319: stretch-pu: package iptables-persistent/1.0.4+nmu2

[gustavo panizzo]

Hi release team

any update on this? can I have this for the next point release or before
the distribution is archived?

thanks!

--
IRC: gfa
GPG: 0X44BB1BA79F6C6333

Bug#921319: stretch-pu: package iptables-persistent/1.0.4+nmu2

[Adam D. Barratt]

On 2019-03-13 11:04, gustavo panizzo wrote:

Hi release team

any update on this? can I have this for the next point release or 
before

the distribution is archived?


Sarcasm really isn't necessary here, and doesn't help encourage people 
to deal with your request.


(I assume that was your intent, given "before the distribution is 
archived", as that won't be for at least another few years.)


Regards,

Adam

Bug#895131: linux-perf: Add libopencsd support to perf

[Ben Hutchings]

Control: notforwarded -1

On Wed, 2019-03-13 at 05:01 +0100, John Paul Adrian Glaubitz wrote:
> Package: src:linux
> Followup-For: Bug #895131
> User: debian-sp...@lists.debian.org
> Usertags: sparc64
> 
> Hello!
> 
> This change made src:linux BD-Uninstallable on sparc64 [1] as
> the package libopencsd doesn't build there [2].
> 
> Since this library is ARM-specific anyway, wouldn't it make
> more sense to have this build-dependency on ARM targets only?

Please open a *new* bug for this.

Ben.

-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered
an expert.




signature.asc
Description: This is a digitally signed message part

Bug#921319: stretch-pu: package iptables-persistent/1.0.4+nmu2

[gustavo panizzo]

Hi

On Wed, Mar 13, 2019 at 11:10:34AM +, Adam D. Barratt wrote:

On 2019-03-13 11:04, gustavo panizzo wrote:

Hi release team

any update on this? can I have this for the next point release or 
before

the distribution is archived?


Sarcasm really isn't necessary here, and doesn't help encourage people 
to deal with your request.


Sorry if it came as sarcasm, it wasn't my intention at all. really.

I would like to have this update before stretch moves to oldstable,
that's what I meant. Apologies for the poor wording.



(I assume that was your intent, given "before the distribution is 
archived", as that won't be for at least another few years.)


Regards,

Adam


--
IRC: gfa
GPG: 0X44BB1BA79F6C6333

Bug#830307: virt-manager: Virt-manager uses qemu-system-i386 /usr/lib/xen/bin

[Dejan Muhamedagic]

Package: virtinst
Version: 1:2.0.0-3
Followup-For: Bug #830307

Just to report that this is still an issue on Buster. Apparently
creating the links (ln -s) helps, just like RH did as shown in
that bugzilla.

Thanks!


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-rt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages virtinst depends on:
ii  e2fsprogs 1.44.5-1
ii  genisoimage   9:1.1.11-3+b2
ii  gir1.2-libosinfo-1.0  1.2.0-1
ii  python3   3.7.2-1
ii  python3-distutils 3.7.2-3
ii  python3-gi3.30.4-1
ii  python3-libvirt   5.0.0-1
ii  python3-libxml2   2.9.4+dfsg1-7+b3
ii  python3-requests  2.20.0-2

Versions of packages virtinst recommends:
ii  qemu-utils   1:3.1+dfsg-4
ii  virt-viewer  7.0-1

virtinst suggests no packages.

-- no debconf information

Bug#924481: unblock: celery/4.2.1-3

[Scott Kitterman]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package celery

Celery 4.2.1-3 fixes RC bug #923719.

I didn't upload this package, but I'm filing the unblock request because the
uploader asked me to due to lack of time this week to do it themselves.

The package was uploaded before final freeze was in effect, so it's not a
completely minimal change, but the other changes are minor and do not present
a regression risk.

If you'd prefer the fix re-uploaded without the other changes, please let us
know.

unblock celery/4.2.1-3
diff -Nru celery-4.2.1/debian/changelog celery-4.2.1/debian/changelog
--- celery-4.2.1/debian/changelog	2018-09-27 02:06:32.0 -0400
+++ celery-4.2.1/debian/changelog	2019-03-07 16:14:11.0 -0500
@@ -1,3 +1,13 @@
+celery (4.2.1-3) unstable; urgency=medium
+
+  * Integrate py37-skip-tests patch into gbp-pq.
+  * Add patch to relax version requirements on billiard (Closes:
+#923719).
+  * Clean up pytest artifacts to allow two builds in a row.
+  * Bump Standards-Version to 4.3.0.
+
+ -- Michael Fladischer   Thu, 07 Mar 2019 22:14:11 +0100
+
 celery (4.2.1-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru celery-4.2.1/debian/clean celery-4.2.1/debian/clean
--- celery-4.2.1/debian/clean	2018-09-26 07:02:43.0 -0400
+++ celery-4.2.1/debian/clean	2019-03-07 16:14:11.0 -0500
@@ -3,3 +3,7 @@
 test.db
 celery.egg-info/requires.txt
 celery.egg-info/PKG-INFO
+celery.egg-info/SOURCES.txt
+.pytest_cache/README.md
+.pytest_cache/v/cache/nodeids
+.pytest_cache/v/cache/stepwise
diff -Nru celery-4.2.1/debian/control celery-4.2.1/debian/control
--- celery-4.2.1/debian/control	2018-09-26 07:02:43.0 -0400
+++ celery-4.2.1/debian/control	2019-03-07 16:14:11.0 -0500
@@ -56,7 +56,7 @@
  python3-vine,
  texlive-latex-base,
  texlive-latex-extra,
-Standards-Version: 4.1.4
+Standards-Version: 4.3.0
 Vcs-Browser: https://salsa.debian.org/python-team/modules/celery
 Vcs-Git: https://salsa.debian.org/python-team/modules/celery.git
 Homepage: http://www.celeryproject.org/
diff -Nru celery-4.2.1/debian/patches/0010-Relax-version-requirements-on-billiard.patch celery-4.2.1/debian/patches/0010-Relax-version-requirements-on-billiard.patch
--- celery-4.2.1/debian/patches/0010-Relax-version-requirements-on-billiard.patch	1969-12-31 19:00:00.0 -0500
+++ celery-4.2.1/debian/patches/0010-Relax-version-requirements-on-billiard.patch	2019-03-07 16:14:11.0 -0500
@@ -0,0 +1,17 @@
+From: Michael Fladischer 
+Date: Thu, 7 Mar 2019 17:50:22 +0100
+Subject: Relax version requirements on billiard.
+
+---
+ requirements/default.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/requirements/default.txt b/requirements/default.txt
+index 11d527f..e3f626c 100644
+--- a/requirements/default.txt
 b/requirements/default.txt
+@@ -1,3 +1,3 @@
+ pytz>dev
+-billiard>=3.5.0.2,<3.6.0
++billiard>=3.5.0.2
+ kombu>=4.2.0,<5.0
diff -Nru celery-4.2.1/debian/patches/py37-skip-tests.diff celery-4.2.1/debian/patches/py37-skip-tests.diff
--- celery-4.2.1/debian/patches/py37-skip-tests.diff	2018-09-26 07:12:51.0 -0400
+++ celery-4.2.1/debian/patches/py37-skip-tests.diff	2019-03-07 16:14:11.0 -0500
@@ -1,9 +1,16 @@
-Description: skip some tests that fail with py 3.7
-Author: Matthias Klose 
+From: Matthias Klose 
+Date: Thu, 7 Mar 2019 17:49:54 +0100
+Subject: skip some tests that fail with py 3.7
+
 Bug: https://github.com/celery/celery/issues/4913
+---
+ t/unit/worker/test_loops.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
 
 celery-4.2.1.orig/t/unit/worker/test_loops.py
-+++ celery-4.2.1/t/unit/worker/test_loops.py
+diff --git a/t/unit/worker/test_loops.py b/t/unit/worker/test_loops.py
+index 5c96175..b0a323c 100644
+--- a/t/unit/worker/test_loops.py
 b/t/unit/worker/test_loops.py
 @@ -4,7 +4,7 @@ import errno
  import socket
  
diff -Nru celery-4.2.1/debian/patches/series celery-4.2.1/debian/patches/series
--- celery-4.2.1/debian/patches/series	2018-09-26 07:11:58.0 -0400
+++ celery-4.2.1/debian/patches/series	2019-03-07 16:14:11.0 -0500
@@ -7,3 +7,4 @@
 0008-Python-3.7-compat-issues-4852.patch
 0008-Added-compatibility-with-python-3.7-4902.patch
 py37-skip-tests.diff
+0010-Relax-version-requirements-on-billiard.patch

Bug#924257: docker.io: Misses to install some golang packages

[Reinhard Tartler]

On 3/13/19 3:54 AM, Arnaud Rebillout wrote:
> On 3/13/19 6:05 AM, Reinhard Tartler wrote:
>> I've implemented the change and confirmed that the attached patch does allow 
>> github.com/openstack/imagebuilder to be built successfully. As suggested, 
>> I've tried to push to salsa, but it seems I'm not permissioned to do so 
>> (docker.io is not under the go-team umbrella):
>>
>>   $ git push 
>>   GitLab: You are not allowed to push code to this project.
>>   fatal: Could not read from remote repository.
>>
>> Would you be able to upload the patch to experimental anytime soon? If it 
>> helped, I'd be happy to upload this patch as an NMU to experimental myself. 
>> Please let me know what works for you best.
> 
> I just pushed on the experimental branch, with some additional details
> afterwards. I also updated the docker package to latest version 18.09.3.
> 
> I'd be happy if you could upload to experimental, I don't think I have
> the permissions for that.

I'd be more than happy to upload this update on your behalf, but I'm running 
into technical issues.


1. It seems that the experimental branch fails to update debian/changelog. I've 
done so myself, please cf. to the attached patch
2. I am unable to build the source package:

>> gbp buildpackage -S
cat: VERSION: No such file or directory
cat: VERSION: No such file or directory
debian/rules:27: *** Missing DOCKER_GITCOMMIT - see 
debian/upstream-version-gitcommits.  Stop.
gbp:error: 'fakeroot debian/rules clean' failed: it exited with 2


I also tried to skip the cleaning step, but then I'm running into the issue of 
not finding the original tarballs:

>> gbp buildpackage --git-ignore-branch -d -nc --git-clean=true
gbp:info: Tarballs 'docker.io_18.09.3+dfsg1.orig.tar.gz' not found at 
'../tarballs/'
gbp:warning: Pristine-tar branch "pristine-tar" not found
gbp:error: Pristine-tar couldn't checkout 
"docker.io_18.09.3+dfsg1.orig.tar.gz": fatal: Path 
'docker.io_18.09.3+dfsg1.orig.tar.gz.delta' does not exist in 
'refs/remotes/salsa/pristine-tar'
pristine-tar: git show 
refs/remotes/salsa/pristine-tar:docker.io_18.09.3+dfsg1.orig.tar.gz.delta failed
zsh: exit 1 gbp buildpackage --git-ignore-branch -d -nc --git-clean=true

Possibly there are some unpushed commits on your computer? In either case, 
could you please update debian/changelog in experimental, and provide me with a 
link to your pre-built *source* package? I'd be happy to testbuild it here, 
ensure that github:openstack/imagebuilder still works, and sponsor the upload 
to experimental.

Cheers,
-rt
From 342fae58dfcc46f5a0d1ef2ac1ff9fc46ce04d8b Mon Sep 17 00:00:00 2001
From: Reinhard Tartler 
Date: Wed, 13 Mar 2019 07:40:48 -0400
Subject: [PATCH] debian/changelog: update

---
 debian/changelog | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 0994f1fa..f28a2adc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,14 @@
-docker.io (18.09.3+dfsg1-1) UNRELEASED; urgency=medium
+docker.io (18.09.3+dfsg1-1) experimental; urgency=medium
 
+  [ Arnaud Rebillout ]
   * New upstream release [March 2019].
+  * github-golang-docker-docker-dev: fix go-metrics install path.
+  * github-golang-docker-docker-dev: add replaces/breaks on docker-go-metrics-dev.
+
+  [ Reinhard Tartler ]
+  * github-golang-docker-docker-dev: add missing sources (Closes: #924257)
 
- -- Arnaud Rebillout   Wed, 06 Mar 2019 07:57:20 +0700
+ -- Arnaud Rebillout   Wed, 13 Mar 2019 07:40:05 -0400
 
 docker.io (18.09.1+dfsg1-5) unstable; urgency=medium
 
-- 
2.11.0

Bug#924482: cyrus-imapd: Invisible subfolders for admins after upgrade from 2.5 to 3.0

[Robbert Kouprie]

Package: cyrus-imapd
Version: 3.0.8-4
Severity: normal

Dear Maintainer,

   * What led up to the situation?
- Package upgrade from 2.5.11-1+b2 to 3.0.8-4.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
- Just regular apt upgrade

   * What was the outcome of this action?
- One of my users, who is configured as admin in imapd.conf, lost 
visibility of all his subfolders after the upgrade. Inbox works normally 
though. This is not a client issue, the subfolders are not visible in 
ThunderbirdAndroid Gmail client, Alpine and cyradm. Reconstructing does not fix 
the issue. After removing this user from the admins config option, all 
subfolders reappear in all clients.

   * What outcome did you expect instead?
- Having a working mailbox including subfolders for all my users, admin 
or not.

Thanks,
Robbert


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (102, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cyrus-imapd depends on:
ii  cyrus-common  3.0.8-4
ii  dpkg  1.19.5
ii  libc6 2.28-8
ii  libcom-err2   1.44.5-1
ii  libsasl2-22.1.27+dfsg-1
ii  libssl1.1 1.1.1b-1
ii  libwrap0  7.6.q-28
ii  zlib1g1:1.2.11.dfsg-1

cyrus-imapd recommends no packages.

cyrus-imapd suggests no packages.

-- no debconf information

Bug#924397: corekeeper: insecure use of world-writable /var/crash

[Jakub Wilk]

+   if [ ! -e $(script) ; then chmod 1777 debian/corekeeper/var/crash ; fi


This never does anything, because closing square bracket is missing:

  /bin/sh: 1: [: missing ]

Also, it looks like dpkg doesn't update directory permissions on 
upgrade. Ugh. :-(


--
Jakub Wilk

Bug#781128: security.debian.org: GeoDNS load balancing of Debian Security mirrors + out of date mirrors means you cant patch

[Demetris Demetriou]

This bug has been sitting for 4 years and isn't actually a bug, a mirror 
was just slow to sync. After many years of using Debian, I can say that 
when I see this happening (once or twice so far) I usually check the 
next day for the update and it's there.



I'm proposing that this bug is closed.

Bug#924401: base-files fails postinst when base-passwd is unpacked

[Johannes Schauer]

Hi Santiago,

Quoting Santiago Vila (2019-03-12 23:43:02)
> > > Do any of them still don't know that base-passwd should be configured
> > > first because otherwise any other package using root (be it base-files or
> > > any other) will fail? I think this was already settled in the last
> > > discussion we had about this several years ago.
> > multistrap doesn't take care of this and you can provoke a
> > base-files.postinst failure this way.
> In such case I would say that as a bootstrapping tool it's not doing its job
> properly.
> 
> The first rule of a bootstrapping tool is that it has to work.
> (And there are actually no other rules. As far as it does its job,
> you are allowed to do all sorts of dirty hacks).
> 
> Bootstrapping tools exist so that we don't have to worry about
> dependencies on essential packages. It has always been my opinion that
> if we start to do hacks here and there so that bootstrapping tools
> work properly, we are already doing it wrong.
> 
> > [,,,] Just because debootstrap encodes a ton of hacks to make things barely
> > work (and break every so often) doesn't mean we have to maintain them until
> > eternity.
> I would say: Just because people writing new bootstrapping tools seem to
> forget the lessons learned from previous bootstrapping tools, we have to
> learn again what bootstrapping really means: It's not adding hacks to the
> normal packages, it's concentrating all the hacks in the bootstrapping tools,
> so that we can keep ordinary packages clean of hacks.
> 
> (Or at least that's what I think it was the idea behind the essential
> definition).

I'm writing as the author of another "bootstrapping tool", namely mmdebstrap
which currently (really accidentally only) does not suffer from this bug but
might happen to be affected by it in the future.

I would especially like to challenge your view that (if I understood it
correctly) all the magic for getting from nothing to a Debian chroot should be
encoded in a bootstrapping script or program. You are right that currently this
is how it's done but I'd like to convince you that maybe it would be worth
reevaluating how we are currently doing this because maybe there is a better
way to do it.

Let me also point out here, that debootstrap has a place even in a world where
all the magic (the things you call hacks twice above) were moved into the
individual packages instead of being encoded in a central bootstrapping script.
This is because we will still need something that would be considered a hack
from the Debian perspective when we create a Debian chroot on systems that are
not Debian. My tool mmdebstrap for example will likely only work on Debian or
derivatives because it requires apt to be installed.

Lets look at the bigger picture: we have an archive with multiple software
components we call packages on some remote server and locally we have a fresh
empty directory which we somehow want to populate with the functionality that
these software components provide. The question is: what would be the best way
to do it? Or what would be a good engineering solution to this problem?

I claim (and that's where I want to challenge your view) that a better
engineering solution than the status quo in Debian would be to let each of
these software components (or packages) encode their requirements in a way that
lets a bootstrapping tool solve the installation task without involving the
other components and thus solve the chicken-and-egg problem of bootstrapping.
If this were possible, we can achieve a number of benefits which I'll be
getting to in a bit. That this *is* possible is shown by [guillem]'s mail to
this bug report. Another approach would be to use functionality of packages
installed on the outside of the chroot to fulfill requirements of the packages
inside the new chroot [detached chroot].

[guillem] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924401#35
[detached chroot] https://wiki.debian.org/Teams/Dpkg/Spec/InstallBootstrap

So if you can accept that it is technically achievable to create a component
based operating system with only very little "magic" in the bootstrapping tools
but all required information about interaction of even essential packages in
the components itself, then we can achieve multiple benefits:

 - solving dependencies is a complex matter [sudoku] and implementing a
   software that can handle NP-complete [np-complete] problem instances is not
   trivial (see code of apt, aptitude, dose, aspcud...). Existing tools like
   (c)debootstrap only understand just enough about package dependencies that
   they happen to be able to install a very minimal system. The status quo is
   to not add many packages via the --include option but install them via apt
   inside the chroot after debootstrap is done (#768062, #878961). If we could
   use existing tools that have a better understanding of Debian dependencies
   (like apt, aptitude, dose...) for bootstrapping a Debian chroot then we
   could:

 

Bug#924483: unblock: packaging-tutorial/0.24

[Lucas Nussbaum]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package packaging-tutorial

This update contains mostly translation updates (+ very minor fixes).
The package is Arch:all, contains only documentation, and has no reverse
dependencies. So the risk is close to zero.

Sorry for missing the deadline.

debdiff attached.

unblock packaging-tutorial/0.24

-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (400, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.18.0-0.bpo.1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#923781: Set locale to C for a build

[Sergei Golovan]

Hi!

Apparently, python-tesserocr tests don't work if the system locale
differs from "C". The simple patch fixes this FTBFS:


--- a/debian/rules
+++ b/debian/rules
@@ -5,6 +5,7 @@

 export PYBUILD_NAME=tesserocr
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export LC_ALL=C

 %:
dh $@ --with python3 --buildsystem=pybuild


(I've tried setting LANG, but it wouldn't be sufficient for some reason.)

Cheers!
-- 
Sergei Golovan

Bug#924484: nvidia-cuda-toolkit: nvidia-cuda-dev should depend on libnvidia-ml1

[Graham Inggs]

Source: nvidia-cuda-toolkit
Version: 9.2.148-6
Affects: -1 + src:nvtop

Hi Maintainers

I noticed in the packaging of nvtop [1], an explicit build-dependency on 
libnvidia-ml1:


Build-Depends: debhelper (>=12), cmake (>=3.1), nvidia-cuda-dev, 
libnvidia-ml1, libncurses-dev,


Since the headers for this library are shipped in nvidia-cuda-dev, 
should nvidia-cuda-dev depend on libnvidia-ml1?


Regards
Graham


[1] https://salsa.debian.org/nvidia-team/nvtop

Bug#918339: dovecot: diff for NMU version 1:2.3.4.1-1.1

[Laurent Bigonville]

Control: tags 918339 + patch
Control: tags 918339 + pending


Dear maintainer,

I've prepared an NMU for dovecot (versioned as 1:2.3.4.1-1.1) and
uploaded it to DELAYED/3. Please feel free to tell me if I
should delay it longer.

Regards.

diff -Nru dovecot-2.3.4.1/debian/changelog dovecot-2.3.4.1/debian/changelog
--- dovecot-2.3.4.1/debian/changelog2019-02-05 15:19:12.0 +0100
+++ dovecot-2.3.4.1/debian/changelog2019-03-13 13:12:49.0 +0100
@@ -1,3 +1,12 @@
+dovecot (1:2.3.4.1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/patches/avoid-double-closing-mysql.patch: Fix double closing of the
+connection in the mysql driver, this should fix the crash in the dovecot
+auth process, taken from upstream (Closes: #918339)
+
+ -- Laurent Bigonville   Wed, 13 Mar 2019 13:12:49 +0100
+
 dovecot (1:2.3.4.1-1) unstable; urgency=high
 
   * [bebf0b4] New upstream version 2.3.4.1
diff -Nru dovecot-2.3.4.1/debian/patches/avoid-double-closing-mysql.patch 
dovecot-2.3.4.1/debian/patches/avoid-double-closing-mysql.patch
--- dovecot-2.3.4.1/debian/patches/avoid-double-closing-mysql.patch 
1970-01-01 01:00:00.0 +0100
+++ dovecot-2.3.4.1/debian/patches/avoid-double-closing-mysql.patch 
2019-03-13 13:09:24.0 +0100
@@ -0,0 +1,36 @@
+From 3c5101ffdd2a8115e03ed7180d53578765dea4c9 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi 
+Date: Tue, 4 Dec 2018 14:40:04 +0200
+Subject: [PATCH] driver-mysql: Avoid double-closing MySQL connection
+
+Fixes double-free
+---
+ src/lib-sql/driver-mysql.c | 8 ++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib-sql/driver-mysql.c b/src/lib-sql/driver-mysql.c
+index c87e825e4b..5dd1c3124f 100644
+--- a/src/lib-sql/driver-mysql.c
 b/src/lib-sql/driver-mysql.c
+@@ -173,7 +173,9 @@ static int driver_mysql_connect(struct sql_db *_db)
+ static void driver_mysql_disconnect(struct sql_db *_db)
+ {
+   struct mysql_db *db = (struct mysql_db *)_db;
+-  mysql_close(db->mysql);
++  if (db->mysql != NULL)
++  mysql_close(db->mysql);
++  db->mysql = NULL;
+ }
+ 
+ static int driver_mysql_parse_connect_string(struct mysql_db *db,
+@@ -311,7 +313,9 @@ static void driver_mysql_deinit_v(struct sql_db *_db)
+   _db->no_reconnect = TRUE;
+   sql_db_set_state(&db->api, SQL_DB_STATE_DISCONNECTED);
+ 
+-  mysql_close(db->mysql);
++  if (db->mysql != NULL)
++  mysql_close(db->mysql);
++  db->mysql = NULL;
+ 
+   sql_connection_log_finished(_db);
+   event_unref(&_db->event);
diff -Nru dovecot-2.3.4.1/debian/patches/series 
dovecot-2.3.4.1/debian/patches/series
--- dovecot-2.3.4.1/debian/patches/series   2019-02-05 15:19:12.0 
+0100
+++ dovecot-2.3.4.1/debian/patches/series   2019-03-13 13:09:51.0 
+0100
@@ -9,3 +9,4 @@
 ssl-dh-params-location.patch
 lib-master-test-event-stats-Use-PRIu64-format.patch
 debian-changes
+avoid-double-closing-mysql.patch

Bug#924397: corekeeper: insecure use of world-writable /var/crash

[Paul Wise]

On Wed, 2019-03-13 at 13:11 +0100, Jakub Wilk wrote:

> This never does anything, because closing square bracket is missing:

Fixed locally.

> Also, it looks like dpkg doesn't update directory permissions on 
> upgrade. Ugh. :-(

Hmm, so the upgrade has to deal with that automatically in a variety of
situations. This is going to be annoying, maybe it should just change
the permissions in the postinst based on the core pattern sysctl?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Bug#924483: unblock: packaging-tutorial/0.24

[Lucas Nussbaum]

On 13/03/19 at 13:16 +0100, Lucas Nussbaum wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package packaging-tutorial
> 
> This update contains mostly translation updates (+ very minor fixes).
> The package is Arch:all, contains only documentation, and has no reverse
> dependencies. So the risk is close to zero.
> 
> Sorry for missing the deadline.
> 
> debdiff attached.

Or at least I thought it was.
Here it is.

Lucas


packaging-tutorial_0.22_0.24.debdiff.gz
Description: application/gzip

Bug#924397: corekeeper: insecure use of world-writable /var/crash

[Paul Wise]

On Wed, 2019-03-13 at 13:11 +0100, Jakub Wilk wrote:

> Also, it looks like dpkg doesn't update directory permissions on 
> upgrade. Ugh. :-(

dpkg maintainers, do you know if this is a known bug or intentional?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Bug#497471: sarge images have syslinux binaries without source

[Demetris Demetriou]

This bug is reported against a very old version of Debian, please close it.

Bug#922064: [Pkg-salt-team] Bug#922064: Please restore previous version

[Benjamin Drung]

Am Samstag, den 02.03.2019, 09:58 +0100 schrieb Dirk Heinrichs:
> Hi,
> 
> since the Salt master is still not starting, could the Salt packages
> at
> least be rolled back to the previous version until the problem is
> solved?

Rolling back the salt package does not help, because this bug is inside
psutil.

For further debugging, can change _pslinux.py and run it again:

diff --git a/psutil/_pslinux.py b/psutil/_pslinux.py
index 41be6665..aa0a7940 100644
--- a/usr/lib/python3/dist-packages/psutil/_pslinux.py
+++ b/usr/lib/python3/dist-packages/psutil/_pslinux.py
@@ -401,7 +401,9 @@ def virtual_memory():
 with open_binary('%s/meminfo' % get_procfs_path()) as f:
 for line in f:
 fields = line.split()
-mems[fields[0]] = int(fields[1]) * 1024
+print("line: %r, fields: %r" % (line, fields))
+if fields:
+mems[fields[0]] = int(fields[1]) * 1024
 
 # /proc doc states that the available fields in /proc/meminfo vary
 # by architecture and compile options, but these 3 values are also

and let me know the output?

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de

Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss

Member of United Internet

Bug#924401: base-files fails postinst when base-passwd is unpacked

[Santiago Vila]

On Wed, Mar 13, 2019 at 01:15:02PM +0100, Johannes Schauer wrote:

> I'm not advocating for doing "hacks here and there so that bootstrapping tools
> work properly" as you put it but that we think about the question of whether
> maybe there is a better way to populate an empty directory with software
> components that does not require as much magic as currently has to be supplied
> by tools like debootstrap. The result would not be "hacks here and there" but 
> a
> cleaner and more robust setup procedure.
> 
> So what I want you to take away from this long mail is: maybe we should
> re-think the way we are currently creating a Debian chroot because maybe there
> exists a different approach that would give us benefits that are actually
> important to our users and make maintaining the universal operating system
> easier?

Sounds good in theory, but I'd like to know what kind of new
architecture are you thinking of, how would it be implemented,
or how would it work in practice.

For example, for people bootstrapping new architectures,
we introduced build-stages (afaik now called build-profiles).
(The  in gettext, for example).

Maybe in the same line we could add a special Depends field only
meaningful for bootstrapping tools? Is this the sort of thing you have
in mind?

I would certainly consider a lot cleaner to add a new field to
base-files in the form "Bootstrap-Depends: base-passwd" than
converting all chowns in postinst to use integer numbers.

Thanks.

Bug#864827: zotero-standalone: ask for removal?

[Félix Sipma]

Package: zotero-standalone
Version: 4.0.29.16+dfsg-1
Followup-For: Bug #864827

It may be time to ask for removal... What do you think?


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages zotero-standalone depends on:
ii  firefox  65.0.1-1
ii  firefox-esr  60.5.1esr-1

zotero-standalone recommends no packages.

zotero-standalone suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#924421: ld.gold searches for non-existent -lug, eventually crashes

[Matthias Klose]

Control: tags -1 + moreinfo

On 12.03.19 21:02, Eduard Bloch wrote:
> Package: binutils-x86-64-linux-gnu
> Version: 2.32-5
> Severity: normal
> 
> Hi,
> 
> I tried to optimize the build of apt-cacher-ng a little bit, and I found
> that I have not used -Wl,threads with gold. So I "fixed" this and then
> it started crashing. Apparently linking shared libraries works, but
> executables segfaults. Tried with current sid (version 2.31, I think)
> and experimental, same problem.
> 
> While trying to reproduce, I run into the following (and not sure why
> omiting -Wl,threads makes this go away, but something with -lug looks
> fishy).

what is -Wl,threads supposed to do? Should be -Wl,--threads

> (gdb) run -plugin /usr/lib/gcc/x86_64-linux-gnu/8/liblto_plugin.so -plug
> Starting program: /usr/bin/ld.gold -plugin 
> /usr/lib/gcc/x86_64-linux-gnu/8/liblto_plugin.so -plug
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> /usr/bin/ld.gold: error: cannot find -lug

I suspect the run line is incomplete.

Bug#924486: ITP: node-nodemailer -- Node.js library to send mails

[Xavier Guimard]

Package: wnpp
Severity: wishlist
Owner: Xavier Guimard 

* Package name: node-nodemailer
  Version : 5.1.1
  Upstream Author : Andris Reinman
* URL : https://nodemailer.com/
* License : Expat
  Programming Lang: Javascript
  Description : Node.js library to send mails

Nodemailer is a module for Node.js applications to allow easy as cake email
sending. The project got started back in 2010 when there was no sane option
to send email messages, today it is the solution most Node.js users turn to
by default.

Nodemailer is the most SMTP client used in Node world (npmjs gives 729.780
weekly downloads and 2746 dependents)

Bug#924487: swig3.0-examples: Install all examples

[Hilko Bengen]

Source: swig
Version: 3.0.12-2
Severity: normal
Tags: patch

Dear Maintainer,

while looking for Go-related examples, I found that those are not
installed as part of the

Replacing debian/swig3.0-examples.examples with the single line
,
| Examples/*
`

will lead to the Go examples being installed along with a bunch of other
missing examples.

Also adding
,
| builddir/Examples/*
`

would take care of #779860, too.

Cheers,
-Hilko

Bug#921662: dput: Fails to install Bash completion scripts

[Emilio Pozuelo Monfort]

Control: tags -1 pending

On Sun, 10 Feb 2019 11:26:32 +1100 Ben Finney  wrote:
> Control: severity -1 minor
> Control: tags -1 + confirmed
> Control: retitle -1 dput: Fails to install Bash completion scripts
> Control: summary -1 0
> 
> The ‘dput’ binary package as of version 1.0.3 does not include the
> Bash completion scripts for commands.
> 
> On 07-Feb-2019, Antoine Beaupre wrote:
> > Some time ago, dput could autocomplete remote endpoints. […] Now
> > that stopped working, I'm not sure why.
> 
> My attempt to reproduce shows that there is *no* Bash completion
> script installed for ‘dput’ (nor ‘dcut’).
> 
> This means there is also no Bash completion for the specific command
> options. What do you get when you try this:
> 
> $ dput --s[TAB]
> 
> That should, if Bash completion is working correctly, complete the
> ‘--simulate’ option.

I am also bitten by this, so I had a look at the source and found the fix, only
to find later that it had already been fixed in git:

https://salsa.debian.org/debian/dput/commit/f2d1703f9f69ab515abc51232e41796bc5ce4d63

Can we get this uploaded to sid so it has a chance to be included in buster?

Thanks,
Emilio

Bug#924488: CUDA 10.1 is now available

[Graham Inggs]

Source: nvidia-cuda-toolkit
Version: 9.2.148-6
Severity: wishlist

Hi Maintainers

CUDA 10.1.105 was released at the end of February, 2019.
The minimum NVIDIA driver version is bumped to 418.39 and support is 
added for GCC 8 and Clang 7.


Despite it being past freeze for Buster, there is some interest in 
upgrading to this version, as it allows for the removal of GCC 7.


I've provisionally filed an unblock request (#924070) and the release 
team have not yet replied "NO!". :)


I have started looking at the packaging, and was hoping for only minor 
changes from 10.0 to 10.1.  I've already found that the ~2.3GB .run file 
for amd64, that previously contained separate .run files for the 
drivers, the toolkit and the samples, of which we only distributed the 
toolkit .run file, now only contains a .run file for the drivers and a 
bunch of files for the rest.  I recall something in the licensing about 
only being able to distribute the files as downloadable from NVIDIA, but 
I wasn't able to find it again now.


For now, I switched to using the .deb files for amd64, but found at 
least the embedded Java Runtime Environment is missing.  As expected, 
the SOVERSION of libraries was bumped to 10.1, but some changed to 10. 
I wasn't sure whether to name all the binary packages 10.1 to keep our 
packaging simpler, or try to make Lintian happy and have them match the 
SOVERSION.


Using a local build of CUDA 10.1, I have been able to rebuild all 
reverse-dependencies; caffe-contrib, eztrace-contrib, hwloc-contrib, 
pycuda and starpu-contrib.  Only caffe-contrib and starpu-contrib 
required minor changes to switch from gcc-7/g++-7 to the default 8.


Regards
Graham

Bug#924489: linux-image-4.19.0-1-amd64: OS freeze on a Lenovo Thinkpad A485

[ldng]

Package: src:linux
Version: 4.19.13-1
Severity: important
Tags: upstream

Dear Maintainer,

normal use of Firefox browsin led to a full laptop lock up.
I could not do anything but reboot.
Note: Edited kernel log section as reportbug did not picked the relevant
section.


-- Package-specific info:
** Version:
Linux version 4.19.0-1-amd64 (debian-ker...@lists.debian.org) (gcc version
8.2.0 (Debian 8.2.0-13)) #1 SMP Debian 4.19.13-1 (2018-12-30)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-4.19.0-1-amd64
root=UUID=ef99a64a-dc51-410f-9031-add6fa7d6271 ro quiet splash
psmouse.synaptics_intertouch=1 iommu=pt

** Tainted: C (1024)
 * Module from drivers/staging has been loaded.

** Kernel log:
[4.881854] r8822be: module is from the staging directory, the quality is
unknown, you have been warned.
[4.883648] snd_hda_intel :06:00.1: enabling device ( -> 0002)
[4.883893] snd_hda_intel :06:00.1: Handle vga_switcheroo audio client
[4.886320] snd_hda_intel :06:00.6: enabling device ( -> 0002)
[4.892620] r8822be :02:00.0: enabling device ( -> 0003)
[4.901405] input: HD-Audio Generic HDMI/DP,pcm=3 as
/devices/pci:00/:00:08.1/:06:00.1/sound/card0/input10
[4.901710] input: HD-Audio Generic HDMI/DP,pcm=7 as
/devices/pci:00/:00:08.1/:06:00.1/sound/card0/input11
[4.901816] input: HD-Audio Generic HDMI/DP,pcm=8 as
/devices/pci:00/:00:08.1/:06:00.1/sound/card0/input12
[4.912982] r8822be: Using firmware rtlwifi/rtl8822befw.bin
[4.916407] r8822be :02:00.0: firmware: direct-loading firmware
rtlwifi/rtl8822befw.bin
[4.924792] snd_hda_codec_realtek hdaudioC1D0: autoconfig for ALC257:
line_outs=1 (0x14/0x0/0x0/0x0/0x0) type:speaker
[4.924800] snd_hda_codec_realtek hdaudioC1D0:speaker_outs=0
(0x0/0x0/0x0/0x0/0x0)
[4.924803] snd_hda_codec_realtek hdaudioC1D0:hp_outs=1
(0x21/0x0/0x0/0x0/0x0)
[4.924806] snd_hda_codec_realtek hdaudioC1D0:mono: mono_out=0x0
[4.924808] snd_hda_codec_realtek hdaudioC1D0:inputs:
[4.924811] snd_hda_codec_realtek hdaudioC1D0:  Mic=0x19
[4.924814] snd_hda_codec_realtek hdaudioC1D0:  Internal Mic=0x12
[4.932145] ieee80211 phy0: Selected rate control algorithm 'rtl_rc'
[4.933371] r8822be: rtlwifi: wireless switch is on
[4.950162] kvm: Nested Virtualization enabled
[4.950171] kvm: Nested Paging enabled
[4.950172] SVM: Virtual VMLOAD VMSAVE supported
[4.950173] SVM: Virtual GIF supported
[4.953592] MCE: In-kernel MCE decoding enabled.
[4.956373] EDAC amd64: Node 0: DRAM ECC disabled.
[4.956374] EDAC amd64: ECC disabled in the BIOS or no ECC capability,
module will not load.
[4.956374]  Either enable ECC checking or force module loading by setting
'ecc_enable_override'.
[4.956374]  (Note that use of the override may cause unknown side effects.)
[4.962093] uvcvideo: Found UVC 1.00 device Integrated Camera (04f2:b604)
[4.972625] uvcvideo 4-2.4:1.0: Entity type for entity Realtek Extended
Controls Unit was not initialized!
[4.972629] uvcvideo 4-2.4:1.0: Entity type for entity Extension 4 was not
initialized!
[4.972631] uvcvideo 4-2.4:1.0: Entity type for entity Processing 2 was not
initialized!
[4.972632] uvcvideo 4-2.4:1.0: Entity type for entity Camera 1 was not
initialized!
[4.972816] input: Integrated Camera: Integrated C as
/devices/pci:00/:00:08.1/:06:00.4/usb4/4-2/4-2.4/4-2.4:1.0/input/input14
[4.972945] usbcore: registered new interface driver uvcvideo
[4.972947] USB Video Class driver (1.1.1)
[4.979156] input: HDA Digital PCBeep as
/devices/pci:00/:00:08.1/:06:00.6/sound/card1/input13
[4.979503] input: HD-Audio Generic Mic as
/devices/pci:00/:00:08.1/:06:00.6/sound/card1/input15
[4.979621] input: HD-Audio Generic Headphone as
/devices/pci:00/:00:08.1/:06:00.6/sound/card1/input16
[4.987326] audit: type=1400 audit(1552471484.968:2): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="libreoffice-senddoc"
pid=452 comm="apparmor_parser"
[4.988168] audit: type=1400 audit(1552471484.968:3): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="libreoffice-xpdfimport"
pid=450 comm="apparmor_parser"
[4.990464] audit: type=1400 audit(1552471484.972:4): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="nvidia_modprobe" pid=455
comm="apparmor_parser"
[4.990472] audit: type=1400 audit(1552471484.972:5): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="nvidia_modprobe//kmod"
pid=455 comm="apparmor_parser"
[4.991196] audit: type=1400 audit(1552471484.972:6): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="/usr/sbin/ntpd" pid=454
comm="apparmor_parser"
[4.994194] audit: type=1400 audit(1552471484.976:7): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="system_tor" pid=451
comm="apparmor_parser"
[   

Bug#886896: rkhunter: false positive warning sshd protocol 1

[Demetris Demetriou]

Running rkhunter (v1.4.2) from stretch on multiple servers.

SSH protocol 1 was removed in the openssh version that ships with 
stretch (v7.4): 
https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-May/035069.html



That being said: I'm running with a commented #ALLOW_SSH_PROT_V1=0 
(which is the default upstream). According to the documentation: A value 
of '0' indicates that the use of SSH-1 is not allowed.



Offending line: 
https://sources.debian.org/src/rkhunter/1.4.6-5/files/rkhunter.conf/ 
line 323.


Bug resolution: change the line to the default value of 0 and comment it 
out for future use (basically pull the line straight from upstream).

Bug#924490: X11 freezes when mpv is started with vaapi and laptop is connected to external displays

[Alexander Huemer]

Source: xorg
Severity: important

Hi

I use mpv with intel graphics and enabeld vaapi decoding to watch
videos. This is working as intended if I use my laptop regularly (not in
the dock).
When it is placed in the dock and connected to the two displayport
displays normal X11 operation works as expected as well, though when I
start mpv with vaapi that freezes X11 and I have to kill it from a
console or ssh connection and restart it to resume my day.
mpv with disabled vaapi works normally also in the dock.

-Alex

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'experimental'), (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xserver-xorg depends on:
ii  x11-xkb-utils  7.7+4
ii  xkb-data   2.26-2
ii  xserver-xorg-core  2:1.20.3-1
ii  xserver-xorg-input-all 1:7.7+19
ii  xserver-xorg-input-evdev [xorg-driver-input]   1:2.10.6-1
ii  xserver-xorg-input-libinput [xorg-driver-input]0.28.2-1
ii  xserver-xorg-input-mouse [xorg-driver-input]   1:1.9.3-1
ii  xserver-xorg-input-synaptics [xorg-driver-input]   1.9.1-1
ii  xserver-xorg-input-wacom [xorg-driver-input]   0.34.99.1-1
ii  xserver-xorg-video-all 1:7.7+19
ii  xserver-xorg-video-amdgpu [xorg-driver-video]  18.1.99+git20190207-1
ii  xserver-xorg-video-ati [xorg-driver-video] 1:18.1.99+git20190207-1
ii  xserver-xorg-video-cirrus [xorg-driver-video]  1:1.5.3-1+b3
ii  xserver-xorg-video-fbdev [xorg-driver-video]   1:0.5.0-1
ii  xserver-xorg-video-intel [xorg-driver-video]   2:2.99.917+git20180925-2
ii  xserver-xorg-video-mach64 [xorg-driver-video]  6.9.6-1
ii  xserver-xorg-video-mga [xorg-driver-video] 1:2.0.0-1
ii  xserver-xorg-video-neomagic [xorg-driver-video]1:1.3.0-1
ii  xserver-xorg-video-nouveau [xorg-driver-video] 1:1.0.16-1
ii  xserver-xorg-video-openchrome [xorg-driver-video]  1:0.6.0-3+b1
ii  xserver-xorg-video-qxl [xorg-driver-video] 0.1.5-2+b1
ii  xserver-xorg-video-r128 [xorg-driver-video]6.12.0-1
ii  xserver-xorg-video-radeon [xorg-driver-video]  1:18.1.99+git20190207-1
ii  xserver-xorg-video-savage [xorg-driver-video]  1:2.3.9-2
ii  xserver-xorg-video-sisusb [xorg-driver-video]  1:0.9.7-1+b1
ii  xserver-xorg-video-tdfx [xorg-driver-video]1:1.4.7-1+b1
ii  xserver-xorg-video-trident [xorg-driver-video] 1:1.3.8-1+b1
ii  xserver-xorg-video-vesa [xorg-driver-video]1:2.4.0-1
ii  xserver-xorg-video-vmware [xorg-driver-video]  1:13.3.0-2

Versions of packages xserver-xorg recommends:
ii  libgl1-mesa-dri  18.3.4-1
ii  xserver-xorg-legacy  2:1.20.3-1



signature.asc
Description: PGP signature

Bug#924491: python-tftpy: Incorrectly raises TypeError instead of the appropriate Timeout exception

[Chris Malton]

Package: python-tftpy
Version: 0.6.0-1
Severity: important

Dear Maintainer,

Upstream have fixed a relatively serious bug in relation to what happens
when a timeout occurs.

A TypeError is raised incorrectly, when a tftpy.TftpShared.TftpTimeout
should be raised.

Please see https://github.com/msoulier/tftpy/issues/37 for full details.

I believe this bug was fixed in 0.6.1 (upstream) which has been out
since 2013.  

Our specific use case is in monitoring our TFTP servers and our monitoring 
script uses tftpy to monitor that the TFTP server is still serving, this 
bug leads to incorrect states on our monitoring due to the wrong exception 
being raised.

Please could you consider packaging 0.6.1 or 0.6.2 which fixes this bug.

-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python-tftpy depends on:
ii  python 2.7.13-2
ii  python2.7  2.7.13-2+deb9u3

python-tftpy recommends no packages.

python-tftpy suggests no packages.

-- no debconf information

Bug#906144: libmypaint-common: drop Conflicts: mypaint-data

[Thorsten Glaser]

severity 906144 serious
reassign 906144 libmypaint-common
found 906144 1.3.0-2.1
thanks

As documented in #894757, gimp and mypaint not being coïnstallable is
clearly RC.

I’ve just poked around: it’s *only* the libmypaint.mo files that
are affected, that is, the translation files of the *library*.
Does GIMP use them at all? If not, they likely can be dropped from
GIMP’s fork of the library.

Otherwise, perhaps a solution can be made where the libmypaint.mo
files are moved into a separate package and depended on by both
libmypaint-common and mypaint-data, shipping a superset, if needed.

A quick hack would be a Replaces. (Downside is, when the package
carrying the Replaces is removed the other needs a reinstall to
restore its version of the files.)

Also consider that having both installable, but one lacking some
translations, might be preferable over not being able to install
both.

Anyway, the current situation is somewhat untenable for a release,
and a coworker justifiedly complains about it…

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*

**!!! NEU !!!** Mit der **tarent Academy** bieten wir ab sofort auch Trainings
und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und
Zukunftstechnologien an. Besuchen Sie uns
auf [www.tarent.de/academy](http://www.tarent.de/academy). Wir freuen uns auf
Ihren Kontakt.

*

Bug#924490: Acknowledgement (X11 freezes when mpv is started with vaapi and laptop is connected to external displays)

[Alexander Huemer]

Attached is a log file of an mpv run that caused a freeze.
[   0.003][v][cplayer] mpv 0.29.1 Copyright © 2000-2018 mpv/MPlayer/mplayer2 
projects
[   0.003][v][cplayer]  built on UNKNOWN
[   0.003][v][cplayer] ffmpeg library versions:
[   0.003][v][cplayer]libavutil   56.14.100 (runtime 56.22.100)
[   0.003][v][cplayer]libavcodec  58.18.100 (runtime 58.35.100)
[   0.003][v][cplayer]libavformat 58.12.100 (runtime 58.20.100)
[   0.003][v][cplayer]libswscale  5.1.100 (runtime 5.3.100)
[   0.003][v][cplayer]libavfilter 7.16.100 (runtime 7.40.101)
[   0.003][v][cplayer]libswresample   3.1.100 (runtime 3.3.100)
[   0.003][v][cplayer] ffmpeg version: 4.1.1-1
[   0.003][v][cplayer] 
[   0.003][v][cplayer] Configuration: ./waf configure --prefix=/usr 
--libdir=/usr/lib/x86_64-linux-gnu --confdir=/etc/mpv 
--zshdir=/usr/share/zsh/vendor-completions --enable-cdda --enable-dvdnav 
--enable-dvdread --enable-libmpv-shared --enable-libsmbclient --enable-sdl2 
--enable-sndio --enable-zsh-comp --disable-build-date --enable-dvbin
[   0.003][v][cplayer] List of enabled features: 52arch alsa asm atomics caca 
cdda cplayer cplugins debug-build drm drmprime dvbin dvdnav dvdread 
dvdread-common egl-drm egl-helpers egl-x11 fchmod ffmpeg gbm gbm.h gl 
gl-wayland gl-x11 glibc-thread-name glob glob-posix gnuc gpl iconv jack jpeg 
lcms2 libaf libarchive libass libass-osd libav-any libavcodec libavdevice 
libbluray libdl libm libmpv-shared librt libsmbclient linux-fstatfs lua 
optimize oss-audio plain-gl posix posix-or-mingw posix-spawn posix-spawn-native 
pthreads pulse rubberband sdl2 sndio stdatomic uchardet vaapi vaapi-drm 
vaapi-egl vaapi-glx vaapi-wayland vaapi-x-egl vaapi-x11 vdpau vdpau-gl-x11 vt.h 
vulkan wayland wayland-protocols x11 xv zlib zsh-comp
[   0.003][v][cplayer] Command line options: '--no-config' '-vo=vaapi' 
'--msg-level=all=v' '--log-file=debian_sucks.log' 'video.mp4'
[   0.003][v][cplayer] mpv 0.29.1 Copyright © 2000-2018 mpv/MPlayer/mplayer2 
projects
[   0.003][v][cplayer]  built on UNKNOWN
[   0.003][v][cplayer] ffmpeg library versions:
[   0.003][v][cplayer]libavutil   56.14.100 (runtime 56.22.100)
[   0.004][v][cplayer]libavcodec  58.18.100 (runtime 58.35.100)
[   0.004][v][cplayer]libavformat 58.12.100 (runtime 58.20.100)
[   0.004][v][cplayer]libswscale  5.1.100 (runtime 5.3.100)
[   0.004][v][cplayer]libavfilter 7.16.100 (runtime 7.40.101)
[   0.004][v][cplayer]libswresample   3.1.100 (runtime 3.3.100)
[   0.004][v][cplayer] ffmpeg version: 4.1.1-1
[   0.004][v][cplayer] 
[   0.004][v][cplayer] Configuration: ./waf configure --prefix=/usr 
--libdir=/usr/lib/x86_64-linux-gnu --confdir=/etc/mpv 
--zshdir=/usr/share/zsh/vendor-completions --enable-cdda --enable-dvdnav 
--enable-dvdread --enable-libmpv-shared --enable-libsmbclient --enable-sdl2 
--enable-sndio --enable-zsh-comp --disable-build-date --enable-dvbin
[   0.004][v][cplayer] List of enabled features: 52arch alsa asm atomics caca 
cdda cplayer cplugins debug-build drm drmprime dvbin dvdnav dvdread 
dvdread-common egl-drm egl-helpers egl-x11 fchmod ffmpeg gbm gbm.h gl 
gl-wayland gl-x11 glibc-thread-name glob glob-posix gnuc gpl iconv jack jpeg 
lcms2 libaf libarchive libass libass-osd libav-any libavcodec libavdevice 
libbluray libdl libm libmpv-shared librt libsmbclient linux-fstatfs lua 
optimize oss-audio plain-gl posix posix-or-mingw posix-spawn posix-spawn-native 
pthreads pulse rubberband sdl2 sndio stdatomic uchardet vaapi vaapi-drm 
vaapi-egl vaapi-glx vaapi-wayland vaapi-x-egl vaapi-x11 vdpau vdpau-gl-x11 vt.h 
vulkan wayland wayland-protocols x11 xv zlib zsh-comp
[   0.004][d][cplayer] Setting option 'config' = 'no' (flags = 8)
[   0.004][d][cplayer] Setting option 'vo' = 'vaapi' (flags = 8)
[   0.004][d][cplayer] Setting option 'msg-level' = 'all=v' (flags = 8)
[   0.004][d][cplayer] Setting option 'log-file' = 'debian_sucks.log' (flags = 
8)
[   0.005][d][global] user path: 'debian_sucks.log' -> 'debian_sucks.log'
[   0.005][d][osc] Loading lua script @osc.lua...
[   0.005][d][ytdl_hook] Loading lua script @ytdl_hook.lua...
[   0.005][d][stats] Loading lua script @stats.lua...
[   0.005][v][cplayer] Waiting for scripts...
[   0.005][d][osc] loading mp.defaults
[   0.005][d][ytdl_hook] loading mp.defaults
[   0.005][d][stats] loading mp.defaults
[   0.006][d][osc] loading @osc.lua
[   0.006][d][stats] loading @stats.lua
[   0.006][d][ytdl_hook] loading @ytdl_hook.lua
[   0.008][d][ytdl_hook] reading options for ytdl_hook 
[   0.008][v][ytdl_hook] script-opts/ytdl_hook.conf not found. 
[   0.008][v][ytdl_hook] lua-settings/ytdl_hook.conf not found. 
[   0.008][d][stats] reading options for stats 
[   0.008][v][stats] script-opts/stats.conf not found. 
[   0.008][v][stats] lua-settings/stats.conf not found. 
[   0.009][d][osc] reading options for osc 
[   0.009][v][osc] script-opts/osc.conf not found. 
[   0.009][v][osc] lua-settings/osc.conf not foun

Bug#924257: docker.io: Misses to install some golang packages

[Arnaud Rebillout]

On 3/13/19 6:47 PM, Reinhard Tartler wrote:
> Possibly there are some unpushed commits on your computer? In either case, 
> could you please update debian/changelog in experimental, and provide me with 
> a link to your pre-built *source* package? I'd be happy to testbuild it here, 
> ensure that github:openstack/imagebuilder still works, and sponsor the upload 
> to experimental.


I just pushed your patch to experimental, thanks again, and sorry for
the back and forth. I don't have permissions to give you access to this
repo, let me CC Dmitry so that he can give you permissions.

I didn't forget any commit, it's just that the package doesn't build
with gbp, the pristine-tar and upstream branches are not used anymore.
There's a procedure to know, nothing complicated, but nothing obvious
either. Here comes the magic:

  # Clean the place if need be
  git clean -dfx && git reset --hard

  # Import and unpack upstream sources (will trigger uscan and download
orig tarballs if need be)
  origtargz --unpack && ./debian/unpack-components.sh

  # Build with your favorite tool
  dpkg-buildpackage -S -us -uc -i --no-check-builddeps 


That's it, that should give you a source package.

Cheers!

  Arnaud

Bug#921732: NMU diff for hg-git 0.8.12-1.1

[Julien Cristau]

Hi,

I'll be uploading a NMU for hg-git in a minute.  debdiff below, also
pushed to
https://salsa.debian.org/python-team/applications/hg-git/merge_requests/1

Cheers,
Julien


diff -Nru hg-git-0.8.12/debian/changelog hg-git-0.8.12/debian/changelog
--- hg-git-0.8.12/debian/changelog  2019-01-10 15:26:54.0 +0100
+++ hg-git-0.8.12/debian/changelog  2019-03-13 15:43:48.0 +0100
@@ -1,3 +1,10 @@
+hg-git (0.8.12-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix for compatibility with mercurial 4.9 (closes: #921732).
+
+ -- Julien Cristau   Wed, 13 Mar 2019 15:43:48 +0100
+
 hg-git (0.8.12-1) unstable; urgency=medium
 
   * Team upload
diff -Nru hg-git-0.8.12/debian/patches/fix-test-capitalisation.patch 
hg-git-0.8.12/debian/patches/fix-test-capitalisation.patch
--- hg-git-0.8.12/debian/patches/fix-test-capitalisation.patch  2019-01-10 
13:57:00.0 +0100
+++ hg-git-0.8.12/debian/patches/fix-test-capitalisation.patch  1970-01-01 
01:00:00.0 +0100
@@ -1,44 +0,0 @@
-Description: Fix capitalisation mismatches in tests
-Author: Daniel Watkins 
-Forwarded: no
-Last-Update: 2018-06-07
-
 a/tests/test-git-clone.t
-+++ b/tests/test-git-clone.t
-@@ -51,8 +51,8 @@
-   abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent'
-   [255]
-   $ hg clone 'git+ssh://fakehost|rm${IFS}nonexistent/path' 2>&1 >/dev/null | 
grep -v ^devel-warn:
--  ssh: * fakehost%7crm%24%7bifs%7dnonexistent* (glob)
-+  ssh: * fakehost%7Crm%24%7BIFS%7Dnonexistent* (glob)
-   abort: git remote error: The remote server unexpectedly closed the 
connection.
-   $ hg clone 'git+ssh://fakehost%7Crm${IFS}nonexistent/path' 2>&1 >/dev/null 
| grep -v ^devel-warn:
--  ssh: * fakehost%7crm%24%7bifs%7dnonexistent* (glob)
-+  ssh: * fakehost%7Crm%24%7BIFS%7Dnonexistent* (glob)
-   abort: git remote error: The remote server unexpectedly closed the 
connection.
 a/tests/test-pull.t
-+++ b/tests/test-pull.t
-@@ -366,8 +366,8 @@
-   abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent'
-   [255]
-   $ hg pull 'git+ssh://fakehost|shellcommand/path' 2>&1 >/dev/null | grep -v 
^devel-warn:
--  ssh: * fakehost%7cshellcommand* (glob)
-+  ssh: * fakehost%7Cshellcommand* (glob)
-   abort: git remote error: The remote server unexpectedly closed the 
connection.
-   $ hg pull 'git+ssh://fakehost%7Cshellcommand/path' 2>&1 >/dev/null | grep 
-v ^devel-warn:
--  ssh: * fakehost%7cshellcommand* (glob)
-+  ssh: * fakehost%7Cshellcommand* (glob)
-   abort: git remote error: The remote server unexpectedly closed the 
connection.
 a/tests/test-push.t
-+++ b/tests/test-push.t
-@@ -211,8 +211,8 @@
-   abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent'
-   [255]
-   $ hg push 'git+ssh://fakehost|rm%20nonexistent/path' 2>&1 >/dev/null | grep 
-v ^devel-warn:
--  ssh: * fakehost%7crm%20nonexistent* (glob)
-+  ssh: * fakehost%7Crm%20nonexistent* (glob)
-   abort: git remote error: The remote server unexpectedly closed the 
connection.
-   $ hg push 'git+ssh://fakehost%7Crm%20nonexistent/path' 2>&1 >/dev/null | 
grep -v ^devel-warn:
--  ssh: * fakehost%7crm%20nonexistent* (glob)
-+  ssh: * fakehost%7Crm%20nonexistent* (glob)
-   abort: git remote error: The remote server unexpectedly closed the 
connection.
diff -Nru hg-git-0.8.12/debian/patches/hg49-compat.patch 
hg-git-0.8.12/debian/patches/hg49-compat.patch
--- hg-git-0.8.12/debian/patches/hg49-compat.patch  1970-01-01 
01:00:00.0 +0100
+++ hg-git-0.8.12/debian/patches/hg49-compat.patch  2019-03-13 
15:34:02.0 +0100
@@ -0,0 +1,264 @@
+diff --git a/hggit/compat.py b/hggit/compat.py
+--- a/hggit/compat.py
 b/hggit/compat.py
+@@ -4,6 +4,7 @@ from mercurial import (
+ phases,
+ templatekw,
+ url,
++ui as hgui,
+ util as hgutil,
+ )
+ 
+@@ -204,3 +205,15 @@ class templatekeyword(object):
+ templatekw.keywords.update({name: func})
+ return func
+ return decorate
++
++if hgutil.safehasattr(hgui.ui, 'makeprogress'):
++def progress(ui, topic, pos, item="", unit="", total=None):
++progress = ui.makeprogress(topic, unit, total)
++if pos is not None:
++progress.update(pos, item=item)
++else:
++progress.complete()
++else:
++# <= hg-48
++def progress(ui, topic, pos, item="", unit="", total=None):
++ui.progress(topic, pos, item="", unit="", total=None)
+diff --git a/hggit/git_handler.py b/hggit/git_handler.py
+--- a/hggit/git_handler.py
 b/hggit/git_handler.py
+@@ -93,13 +93,13 @@ class GitProgress(object):
+ self.lasttopic = topic
+ 
+ pos, total = map(int, m.group(1, 2))
+-self.ui.progress(topic, pos, total=total)
++compat.progress(self.ui, topic, pos, total=total)
+ else:
+ self.flush(msg)
+ 
+ def flush(self, msg=None):
+ if self.lasttopic:
+-self.ui.progress(self.lasttopic

Bug#918806: /usr/bin/mail.mailutils: Pipe text to mail and attach a csv sets content type to application/octet-stream not multipart/mixed

[Daniel Kahn Gillmor]

Control: found 918806 3.5-2

On Wed 2019-01-09 14:16:09 +, Jason Davey wrote:
> Command
> ===
> echo "body text" | /usr/bin/mail -s "some subject" -A "somefile.csv" 
> m...@email.com

I can confirm that the same misbehavior happens when invoked as "mailx",
fwiw.  This is actually a data loss issue, because the body text sent on
stdin is entirely discarded.  As such, i'd consider even elevating this
to a release-critical bug report.

fwiw, if i try to be clever and get it to consider the incoming text by
using:

   mailx --content-type=text/plain --attach-fd=0 -s 'some subject' -A 
somefile.csv m...@example.com

then i end up with an extremely weird multipart/mixed structure:

[…]
Content-Type: multipart/mixed; boundary="225007733-1552488518=:22450"
Subject: this is a test
To: 
X-Mailer: mail (GNU Mailutils 3.5)
Message-Id: <20190313144838.daaf420...@fifthhorseman.net>
Date: Wed, 13 Mar 2019 10:48:38 -0400 (EDT)
From: Daniel Kahn Gillmor 

--225007733-1552488518=:22450
Content-Type: text/plain; charset=UTF-8
Content-Disposition: attachment
Content-ID: <20190313104838.2245...@alice.fifthhorseman.net>
Content-Transfer-Encoding: quoted-printable


--225007733-1552488518=:22450
Content-Type: text/plain; charset=UTF-8
Content-Disposition: attachment
Content-Transfer-Encoding: base64
Content-ID: <20190313104838.2245...@alice.fifthhorseman.net>

bW9ua2V5IG1hbiB0ZXN0aW5nCg==
--225007733-1552488518=:22450
Content-Type: text/plain; charset=UTF-8; name="hi.txt"
Content-Disposition: attachment; filename="hi.txt"
Content-Transfer-Encoding: base64
Content-ID: <20190313104838.2245...@alice.fifthhorseman.net>

aGkK
--225007733-1552488518=:22450--


Regards,

--dkg

Bug#918806: version 3.5: mail/mailx discard message body when attachment is supplied

[Daniel Kahn Gillmor]

Hi GNU Mailutils developers--

Are you aware of this report in debian about mail discarding stdin when
being used to send an e-mail with an attachment?

https://bugs.debian.org/918806

I can confirm that it's happening with mailutils 3.5, but have not
tested 3.6 against it, and i see no mention of the fix of such a severe
bug in the NEWS file in the 3.6 tarball.

It would be great to get some feedback on the debian bug report about
how/whether this is already known or fixed upstream.

Thanks for many years of great functionality in Mailutils!

Regards,

--dkg


signature.asc
Description: PGP signature

Bug#924492: nmu: ppx-deriving-yojson_3.1-4

[Ralf Treinen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu ppx-deriving-yojson_3.1-4 . kfreebsd-i386 kfreebsd-amd64 . unstable . -m 
"rebuild against libppx-deriving-ocaml-dev 4.2.1-3+b1"

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#924493: stretch-pu: package publicsuffix/20190221.0923-0+deb9u1

[Daniel Kahn Gillmor]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Control: affects -1 src:publicsuffix

Please consider an update to publicsuffix in debian stretch.

This package reflects the state of the network, and keeping it current
is useful for all the packages that depend on it.

The debdiff from the previous version in stretch is attached.

This proposed release is also available at the
"publicsuffix_debian/20190221.0923-0+deb9u1" tag on the "debian/stretch" branch 
at
the git repo for publicsuffix packaging:

https://salsa.debian.org/debian/publicsuffix

Please followup on this ticket to confirm whether I should upload this
revision to stretch.



publicsuffix_20181030.1007-0+deb9u1_20190221.0923-0+deb9u1.debdiff.gz
Description: application/gzip


signature.asc
Description: PGP signature

Bug#896070: gitlint FTBFS: FAIL: test_target

[Nicholas Brown]

This has been fixed upstream in the newly released 0.11.0
https://github.com/jorisroovers/gitlint/releases
https://github.com/jorisroovers/gitlint/archive/v0.11.0.tar.gz
https://github.com/jorisroovers/gitlint/issues/78

Bug#924494: chrony fails to start when seccomp enabled on armel

[Leigh Brown]

Package: chrony
Version: 3.4-3
Severity: important
Tags: patch upstream

Dear Maintainer,

chrony on armel does not start due to seccomp not allowing all required
system calls.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: armel (armv5tel)

Kernel: Linux 4.19.0-2-marvell
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages chrony depends on:
ii  adduser  3.118
ii  init-system-helpers  1.56+nmu1
ii  iproute2 4.20.0-2
ii  libc62.28-8
ii  libcap2  1:2.25-2
ii  libedit2 3.1-20181209-1
ii  libnettle6   3.4.1-1
ii  libseccomp2  2.3.3-4
ii  lsb-base 10.2018112800
ii  ucf  3.0038+nmu1

chrony recommends no packages.

Versions of packages chrony suggests:
pn  dnsutils 
pn  networkd-dispatcher  

-- no debconf information
--- chrony-3.4.orig/sys_linux.c
+++ chrony-3.4/sys_linux.c
@@ -504,8 +504,8 @@ SYS_Linux_EnableSystemCallFilter(int lev
 SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64), SCMP_SYS(unlink),
 /* Socket */
 SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), 
SCMP_SYS(getsockopt),
-SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg),
+SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg),SCMP_SYS(recv),
-SCMP_SYS(sendmmsg), SCMP_SYS(sendmsg), SCMP_SYS(sendto),
+SCMP_SYS(sendmmsg), SCMP_SYS(sendmsg), SCMP_SYS(sendto),SCMP_SYS(send),
 /* TODO: check socketcall arguments */
 SCMP_SYS(socketcall),
 /* General I/O */

Bug#914455: gitlint: New version availiable

[Nicholas Brown]

Version 0.11.0 has now also been released.
This version contains a fix for Debian Bug #896070 which should also allow
the package to be migrated from SID to Testing.
https://tracker.debian.org/news/958621/gitlint-removed-from-testing/

Bug#922032: nvidia-driver: Actually, my GTX 960 Nvidia card is one GTX 550

[Marcelo Santana]

Dear maintainer,

Today I was able to spend more time and figuring out what was going on
with my Nvidia card.

In fact it's a fake GTX 960, it's a GTX 550. I could confirme it
installing the 390 legacy driver that is running without any issue.

So, you can close this bug. My sincere apologize for making you waste
your time with it.

Regards,
Marcelo Santana


pgpQsqX5XBuRu.pgp
Description: Assinatura digital OpenPGP

Bug#924398: corekeeper can be confused with whitespace in executable names

[Jakub Wilk]

* Paul Wise , 2019-03-13, 08:54:
The majorly broken thing is, unfortunately, the Linux kernel. It does 
argument splitting only _after_ it expanded the macros.


I think that this is a bug in the Linux kernel that needs to be fixed, 
would you mind sending either a bug or a patch for this issue?


Yes, I think this is something that should be ultimately fixed on the 
kernel side.


I looked briefly at the source (fs/coredump.c, grep for 
"format_corename" and "argv_split"), but unfortunately it's not trivial 
to fix. I'm afraid my kernel fu is too weak to write a patch.


I might file a bug at some point, but feel free to beat me to it. :-)

If the executable name contains spaces, you will get more than 2 or 3 
arguments. On kernels that don't support %d, this allows an attacker 
to control the "owner" variable.


On a second thought, the faked owner would always start with pid, uid, 
gid and so on... There's not much damage you could do this way. The 
worst you could is to pollute /var/crash with bogus root-owned 
directories.



I think I can workaround this using this core pattern:

kernel.core_pattern = |/usr/lib/corekeeper/dump %u %d -- 
%p-%u-%g-%s-%t-%h-%E.core


The core pattern and the dump executable will be out-of-sync at least 
for a brief moment during upgrade (possibly much longer if the user 
modified the conffile and kept the old one on upgrade), so it's 
desirable to keep the original order of arguments.


We could append or prepend a character to %d to make sure the argument 
won't disappear after %-expansion, for example:


  |/usr/lib/corekeeper/dump +%d %u %p-%u-%g-%s-%t-%h-%E.core

Keeping the number of arguments (almost) constant should also make 
parsing easier.


--
Jakub Wilk

Bug#924450: [pkg-apparmor] Bug#924450: Bug#924450: apparmor: Write Buster release notes snippet about AppArmor

[Christian Boltz]

Hello,

Am Mittwoch, 13. März 2019, 07:51:23 CET schrieb intrigeri:
> Actually Jonas (Cc'ed) already submitted something:
> https://salsa.debian.org/ddp-team/release-notes/merge_requests/6

Looks mostly good to me, with one exception:

... like network access, ...

AFAIK [1] support for enforcing network rules is not available in Debian 
yet, therefore it's probably a good idea to remove the "network" part 
from the text.

If you want to have some items for your list, you can add
- capability
- rlimit (aka ulimit)
- ptrace (since kernel 4.13)
- mount (since kernel 4.14)
- signal (also since kernel 4.14)


Regards,

Christian Boltz

[1] I'm not a Debian expert, and enjoy having the kernel patch to 
enforce network rules in the openSUSE kernel since years ;-)
-- 
As you may guess from my comments I do not prefer to ask user to
something unless it is really critical like that computer will explode
or if beer getting warm. [Josef Reidinger in yast-devel]


signature.asc
Description: This is a digitally signed message part.

Bug#924495: shimdandy: FTBFS (Could not resolve dependencies for project org.projectodd.shimdandy:shimdandy-impl:jar:1.2.0)

[Santiago Vila]

Package: src:shimdandy
Version: 1.2.0-2
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep
   dh_update_autotools_config -i
   dh_autoreconf -i
   dh_auto_configure -i
mh_patchpoms -plibshimdandy-java --debian-build --keep-pom-version 
--maven-repo=/<>/debian/maven-repo
   dh_auto_build -i
/usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
-Dproperties.file.manual=/<>/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian 
-Dmaven.repo.local=/<>/debian/maven-repo --batch-mode package 
-DskipTests -Dnotimestamp=true -Dlocale=en_US
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by 
com.google.inject.internal.cglib.core.$ReflectUtils$1 
(file:/usr/share/maven/lib/guice.jar) to method 
java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of 
com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal 
reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Scanning for projects...
[INFO] 
[INFO] Reactor Build Order:
[INFO] 
[INFO] shimdandy-api  [jar]
[INFO] shimdandy-impl [jar]
[INFO] shimdandy-parent   [pom]
[INFO] 
[INFO] ---< org.projectodd.shimdandy:shimdandy-api >---
[INFO] Building shimdandy-api 1.2.0   [1/3]
[INFO] [ jar ]-
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ 
shimdandy-api ---
[WARNING] Using platform encoding (ANSI_X3.4-1968 actually) to copy filtered 
resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory 
/<>/api/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.8.0:compile (default-compile) @ 
shimdandy-api ---
[INFO] Changes detected - recompiling the module!
[WARNING] File encoding has not been set, using platform encoding 
ANSI_X3.4-1968, i.e. build is platform dependent!
[INFO] Compiling 1 source file to /<>/api/target/classes
[INFO] 
/<>/api/src/main/java/org/projectodd/shimdandy/ClojureRuntimeShim.java:
 
/<>/api/src/main/java/org/projectodd/shimdandy/ClojureRuntimeShim.java
 uses or overrides a deprecated API.
[INFO] 
/<>/api/src/main/java/org/projectodd/shimdandy/ClojureRuntimeShim.java:
 Recompile with -Xlint:deprecation for details.
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ 
shimdandy-api ---
[INFO] Not copying test resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.8.0:testCompile (default-testCompile) @ 
shimdandy-api ---
[INFO] Not compiling test sources
[INFO] 
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ shimdandy-api ---
[INFO] Tests are skipped.
[INFO] 
[INFO] --- maven-jar-plugin:3.1.1:jar (default-jar) @ shimdandy-api ---
[INFO] Building jar: /<>/api/target/shimdandy-api-1.2.0.jar
[INFO] 
[INFO] --< org.projectodd.shimdandy:shimdandy-impl >---
[INFO] Building shimdandy-impl 1.2.0  [2/3]
[INFO] [ jar ]-
[WARNING] The POM for org.clojure:clojure:jar:1.9.x is missing, no dependency 
information available
[INFO] 
[INFO] Reactor Summary for shimdandy-parent 1.2.0:
[INFO] 
[INFO] shimdandy-api .. SUCCESS [  7.225 s]
[INFO] shimdandy-impl . FAILURE [  0.052 s]
[INFO] shimdandy-parent ... SKIPPED
[INFO] 
[INFO] BUILD FAILURE
[INFO] 
[INFO] Total time:  7.974 s
[INFO] Finished at: 2019-03-13T12:17:20Z
[INFO] 
[ERROR] Failed to execute goal on project shimdandy-impl: Could not resolve 
dependencies for project org.projectodd.shimdandy:shimdandy-impl:jar:1.2.0: 
Cannot access central (https://repo.maven.apache.org/maven2) in offline mode 
and the artifact org.clojure:clojure:jar:1.9.x has 

Bug#924397: corekeeper: insecure use of world-writable /var/crash

[Sven Joachim]

On 2019-03-13 20:29 +0800, Paul Wise wrote:

> On Wed, 2019-03-13 at 13:11 +0100, Jakub Wilk wrote:
>
>> Also, it looks like dpkg doesn't update directory permissions on 
>> upgrade. Ugh. :-(
>
> dpkg maintainers, do you know if this is a known bug or intentional?

Both, see #515211[1].

Cheers,
   Sven


1. https://bugs.debian.org/515211