Bug#924856: wxpython4.0: FTBFS: sip: /<>/wxpython4.0-4.0.4+dfsg/src/wacky_ints.sip:20: Invalid type for %MappedType

[Drew Parsons]

Source: wxpython4.0
Followup-For: Bug #924856

Indeed, the changelog for sip4 4.19.14+dfsg-1 itself says: 
Bump API version to 12.6.

Dimitry, if you know you are uploading an incompatible release, then
for goodness' sake use the Transitions procedure, 
https://wiki.debian.org/Teams/ReleaseTeam/Transitions

Bug#925443: dovecot-core: systemd service references /var/run, ought be /run

[nick black]

Package: dovecot-core
Version: 1:2.3.4.1-2
Severity: normal
Tags: patch

Dear Maintainer,

My logs have the line
'PIDFile= references path below legacy directory /var/run/, updating 
/var/run/dovecot/master.pid → /run/dovecot/master.pid; please update the unit 
file accordingly'

This violates Debian Policy 9.1.4 -- only /run ought be used for this
kind of thing. Providing '--with-rundir=/run' to configure resolves the
issue. I've provided a patch.

-- Package-specific info:

dovecot configuration
-
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.18.8-x86_64-linode117 x86_64 Debian buster/sid 
# Hostname: localhost.localdomain
login_trusted_networks = 10.88.0.0/24
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
protocols = " imap pop3"
ssl = no
userdb {
  driver = passwd
}

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.8-x86_64-linode117 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dovecot-core depends on:
ii  adduser  3.118
ii  libapparmor1 2.13.2-9
ii  libbz2-1.0   1.0.6-9
ii  libc62.28-8
ii  libexttextcat-2.0-0  3.4.5-1
ii  libicu63 63.1-6
ii  liblua5.3-0  5.3.3-1.1
ii  liblz4-1 1.8.3-1
ii  liblzma5 5.2.4-1
ii  libpam-runtime   1.3.1-5
ii  libpam0g 1.3.1-5
ii  libsodium23  1.0.17-1
ii  libssl1.11.1.1b-1
ii  libstemmer0d 0+svn585-1+b2
ii  libwrap0 7.6.q-28
ii  lsb-base 10.2019031300
ii  openssl  1.1.1b-1
ii  ssl-cert 1.0.39
ii  ucf  3.0038+nmu1
ii  zlib1g   1:1.2.11.dfsg-1

dovecot-core recommends no packages.

Versions of packages dovecot-core suggests:
pn  dovecot-gssapi
ii  dovecot-imapd 1:2.3.4.1-2
pn  dovecot-ldap  
pn  dovecot-lmtpd 
pn  dovecot-lucene
pn  dovecot-managesieved  
pn  dovecot-mysql 
pn  dovecot-pgsql 
ii  dovecot-pop3d 1:2.3.4.1-2
pn  dovecot-sieve 
pn  dovecot-solr  
pn  dovecot-sqlite
pn  dovecot-submissiond   
pn  ntp   

Versions of packages dovecot-core is related to:
ii  dovecot-core [dovecot-common]  1:2.3.4.1-2
pn  dovecot-dev
pn  dovecot-gssapi 
ii  dovecot-imapd  1:2.3.4.1-2
pn  dovecot-ldap   
pn  dovecot-lmtpd  
pn  dovecot-managesieved   
pn  dovecot-mysql  
pn  dovecot-pgsql  
ii  dovecot-pop3d  1:2.3.4.1-2
pn  dovecot-sieve  
pn  dovecot-sqlite 

-- debconf information:
* dovecot-core/create-ssl-cert: false
* dovecot-core/ssl-cert-name: localhost
  dovecot-core/ssl-cert-exists:
diff -ur debian/rules debian.run/rules
--- debian/rules2019-03-14 05:02:39.0 -0400
+++ debian.run/rules2019-03-25 00:26:27.911039439 -0400
@@ -99,6 +99,7 @@
--with-lz4 \
--with-lua=plugin \
--with-sodium \
+   --with-rundir=/run \
--libdir=\$${prefix}/lib \
--libexecdir=\$${prefix}/lib \
--docdir=\$${prefix}/share/doc/dovecot-core \
diff -ur debian/rules debian.run/rules
--- debian/rules2019-03-14 05:02:39.0 -0400
+++ debian.run/rules2019-03-25 00:26:27.911039439 -0400
@@ -99,6 +99,7 @@
--with-lz4 \
--with-lua=plugin \
--with-sodium \
+   --with-rundir=/run \
--libdir=\$${prefix}/lib \
--libexecdir=\$${prefix}/lib \
--docdir=\$${prefix}/share/doc/dovecot-core \

Bug#925442: RFS: ibus-table-myanmar/0.1 [ITP][QA][NMU] -- ibus table myanmar keyboard sponsor maintainer request

[Ko Ko Ye`]

Package: sponsorship-requests
Severity: wishlist

  Dear mentors,

  I am looking for a sponsor for my package "ibus-table-myanmar"

* Package name: ibus-table-myanmar
  Version : 0.1
  Upstream Author : kokoye2007 
* URL :
https://salsa.debian.org/kokoye2007-guest/ibus-table-myanmar
* License : GPL-3
  Section : utils

  It builds those binary packages:

ibus-table-myanmar - ibus-table input method: Myanmar (dummy package)
ibus-table-burmese - ibus-table input method: Burmese
ibus-table-zawgyi - ibus-table input method: Zawgyi

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/ibus-table-myanmar


  Alternatively, one can download the package with dget using this command:

dget -x
https://mentors.debian.net/debian/pool/main/i/ibus-table-myanmar/ibus-table-myanmar_0.1.dsc

  More information about ibus-table-myanmar can be obtained from
https://launchpad.net/ibus-table-burmese.

  Changes since the last upload:

  I am fail at 2018, implement with ibus-table-chinese source.
  Please Sponsor and Suggest and Support.
  If approve, i will continue update and fix with Myanmar Ethnics Group.
 (Shan, Mon, Karen, Rakhine, Pao etc)


  Regards,
   kokoye2007
-- 

with regards *Ko Ko Ye`*

+95 97989 22022
+95 94500 22022
+95 9731 47907
kokoye2...@gmail.com
kokoye2...@ubuntu.com

skype: kokoye2007
jitsi: kokoye2007

http://ubuntu-mm.net
http://wiki.ubuntu.com/kokoye2007
http://wiki.ubuntu.com/MyanmarTeam http://loco.ubuntu.com/teams/ubuntu-mm

Bug#925375: Acknowledgement (ucf: UCF_FORCE_CONFFNEW=1 and dpkg --force-confnew broken)

[code]

It looks like setting `RETAIN_OLD=YES` "solves" at least part of my
issue, or maybe I misunderstand how `ucf` is supposed to work.

Bug#925441: unblock: linux/4.19.28-2

[Ben Hutchings]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package linux

* Upstream stable fixes for security, stability, and regressions
* Various other important fixes
* Enable additional hardware support
* Make more drivers available for use in the installer
* Enable RANDOM_TRUST_CPU to improve entropy availability
* Update trusted certificates and signing metadata to work with
  production signing service
* Fixes for build profiles and cross-builds
* [x86] Disable a.out support as it's obsolete and a security liability
* [x86] Drop fix for #865303, which no longer affects Debian's OpenJDK
* [ppc64el] Disable PCMCIA, as it was never available on this platform

The diff is too big to include, sorry.

unblock linux/4.19.28-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#925440: Feature request: support global config at "/etc/mkshrc".

[Gong S.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Package: mksh
Version: 57-1
Severity: wishlist

Can you support a global configuration file in "/etc/mkshrc"? Just like "bash".
The Android version of "mksh" already does this at "/system/etc/mkshrc".
This simplifies configuration.
("/etc/profiles" does not count as it only applies to login shells)
-
Please limit your reply to 7-bit ASCII.
I refuse to see your idiotic emoji in a terminal.
-BEGIN PGP SIGNATURE-
Version: ProtonMail
Comment: https://protonmail.com

wsBcBAEBCAAGBQJcmEtzAAoJENi1YDlFXXQf3qEH/R1VP5kC2reKD3IHzGIr
goxxSsgJY9/KH/TdA/XJ8YzQ9GYJzd7tSM7mt16PMjk9DVeRnm+8Z2/qTnT0
O14rKuM5H8UvHTv2o24FuDiIBVOYMF0JCuz1b5aHDYAkdPTDiENsf/WGcXTa
nuLdhc+/pNjKGyzEQQbcgq0wno4D9q0BNo58kgZ2h7WgKqklXZbO83k4B4+R
lN0KWhA9iw7N6v0ZnCwTGOXFuruCCEUWQJZfHV/TkU5f4mwR83M89TEkc4pS
i5uEX6pd/faiS+3W27XdmNJIb/GZPOL7VUtzz3rZIcdUl6wnQU+QvwO15ExK
xbxnUbcpY2vB1btFr5vpGXo=
=8MpC
-END PGP SIGNATURE-



publickey - pthfdr@protonmail.ch - 0xAB77ABA4.asc
Description: application/pgp-keys


publickey - pthfdr@protonmail.ch - 0xAB77ABA4.asc.sig
Description: PGP signature

Bug#925439: Add option to limit parallel download

[積丹尼 Dan Jacobson]

Package: apt
Version: 1.8.0
Severity: minor

Here we observe parallel download:

# aptitude full-upgrade
...
35% [5 firefox 33.9 MB/44.5 MB 76%] [1 google-earth-pro-stable 2,215 kB/56.5 MB 
4%]

What if we don't want parallel download?
I.e., just download one server at a time?

Well the closest setting one finds in
/usr/share/doc/apt/examples/configure-index.gz
is acquire::queuehost::limit but that doesn't govern it.

sources.list.d# grep ^deb *
google-earth-pro.list:deb http://dl.google.com/linux/earth/deb/ stable main
jidanni.list:deb http://opensource.nchc.org.tw/debian/ experimental main 
contrib non-free
jidanni.list:deb http://opensource.nchc.org.tw/debian/ unstable main contrib 
non-free

Bug#925438: Normal default output mistakenly documented as having an "e"

[積丹尼 Dan Jacobson]

Package: procps
Version: 2:3.3.15-2
Severity: minor
File: /usr/share/man/man1/ps.1.gz

Man page says

the normal default output can be produced with this: ps -eo "%p %y %x %c"

# ps|wc
  5  20 140
# ps -eo "%p %y %x %c"|wc
134 5364783
# ps -o "%p %y %x %c"|wc
  5  20 142

So we see there should be no "e" in that sentence.

But wait,
$ ps|sed q
  PID TTY  TIME CMD
$ ps -o "%p %y %x %c"|sed q
  PID TTY  TIME COMMAND

So it is still not the actual default!

Bug#925437: Add --show-format

[積丹尼 Dan Jacobson]

Package: procps
Version: 2:3.3.15-2
Severity: minor
File: /usr/share/man/man1/ps.1.gz

All of these,

  OUTPUT FORMAT CONTROL
   -c Show different scheduler information for the -l option.
   --context
  Display security context format (for SELinux).
   -f Do full-format listing. This option can be combined with many 
other UNIX-style options to add additional columns.  It also
  causes the command arguments to be printed.  When used with -L, 
the NLWP (number of threads) and LWP (thread ID) columns
  will be added.  See the c option, the format keyword args, and 
the format keyword comm.
   -F Extra full format.  See the -f option, which -F implies.
   j  BSD job control format.
   -j Jobs format.
   l  Display BSD long format.
   -l Long format.  The -y option is often useful with this.
   -M Add a column of security data.  Identical to Z (for SELinux).
   s  Display signal format.
   u  Display user-oriented format.
   v  Display virtual memory format.
   X  Register format.
   Z  Add a column of security data.  Identical to -M (for SELinux).

don't have their

   (equivalent to -o "%X %Y %Z")

mentioned.

Let's say the user tries one, likes it, except for say, one column.

Well, he has to work backwards, from the man page's cross reference of
what HEADER names correspond to what format names, to piece together
what the missing (from the man page)
   (equivalent to -o "%X %Y %Z")
hopefully is, and then finally tweak that.

Therefore, in addition to adding the
   (equivalent to -o "%X %Y %Z")
lines to the man page, please add a new option, perhaps named:

--show-format
  Just print the --format string that would be needed to achieve the
  exact same output of all the other switches (or none) given.

  Examples:
  $ ps --show-format
  "%p %y %x %c"
  $ ps --show-format -u
  "%p %y %x %c %X %Y %Z..."

In fact show the long format too. And maybe even the header strip. And
how to write it for both "personalities".

Bug#925160: request for performance test in your environment

[Aaron M. Ucko]

Osamu Aoki  writes:

> So use this 0.41-1, please.
>
> I will be curious how these affects performance.

Much better, thanks -- the hook now takes only about a second on my
system.  I have a traditional HDD with about 17,000 entries under
/usr/lib and /usr/lib/x86_64-linux-gnu.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#925423: elpa-debian-el: unable to report a bug in package reportbug

[David Bremner]

Salman Mohammadi  writes:

> Package: elpa-debian-el
> Version: 37.8
> Severity: important
>
> Dear Maintainer,
>
> I'm unable to report a bug which is affecting the package *reportbug*.
>
> Steps to reproduce:
>
> 1. M-x debian-bug
> 2. Report a bug for a [P]ackage or [F]ile: P
> 3. package name: reportbug
> 4. Severity: normal
> 5. (Very) brief summary of problem: dummy bug
>
>
> but When I click on *Send Message*, a new window in Mozilla Thunderbird
> will be shown with the following content:
>
>
> --=-=-=
> Content-Type: text/plain
>
> Package: reportbug
> Version: 7.5.2
> Severity: normal

This seems to be an upstream bug in emacs. What is your setting of the
variable message-send-mail-function (you can check with C-h v)?

If, as I suspect, it is message-send-mail-with-mailclient, then I think
I understand the problem you are seeing. Basically that function only
supports text/plain messages, while debian-bug sends it MIME.

If possible, I'd suggest using a different value of
message-send-mail-function (I think it's initialized from
send-mail-function).

d

Bug#925436: unblock: fwupdate/12-4

[Steve McIntyre]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package fwupdate

I've just made the last minor tweaks around the signing service json
setup needed for UEFI Secure Boot support in Debian. There are also a
couple of small ignorable Ubuntu packaging diffs, and the addition of
a Recommends to also pull in the -signed version when possible during
installation.

Here's the debdiff.

diff -Nru fwupdate-12/debian/changelog fwupdate-12/debian/changelog
--- fwupdate-12/debian/changelog2018-08-06 05:08:34.0 +0100
+++ fwupdate-12/debian/changelog2019-03-25 00:47:29.0 +
@@ -1,3 +1,19 @@
+fwupdate (12-4) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * debian/gen_signing_json: Update the format of the json metadata to
+match new requirements:
++ Move all the data under a new top-level "packages" key
++ Add an empty "trusted_certs" key - our binaries do not do any
+  further verification with an embedded key.
+
+  [ Mario Limonciello ]
+  * Install signed packages for secure boot automatically
+  * Use a virtual package fwupdate-signed to resolve the correct package
+  * Stop producing UEFI archive for Ubuntu signed images (LP: #1787254)
+
+ -- Steve McIntyre <93...@debian.org>  Mon, 25 Mar 2019 00:47:29 +
+
 fwupdate (12-3) unstable; urgency=medium
 
   * debian/rules: fix libexecdir location (Closes: #905549)
diff -Nru fwupdate-12/debian/control fwupdate-12/debian/control
--- fwupdate-12/debian/control  2018-08-06 05:02:24.0 +0100
+++ fwupdate-12/debian/control  2019-03-08 22:23:42.0 +
@@ -26,6 +26,7 @@
 Architecture: amd64 i386 armhf arm64
 Multi-Arch: foreign
 Depends: ${shlibs:Depends}, ${misc:Depends}, libfwup1 (= ${binary:Version}), 
efibootmgr, e2fsprogs
+Recommends: fwupdate-signed
 Description: Tools to manage UEFI firmware updates
  fwupdate provides functionality to update system firmware. It has been 
  initially designed to update firmware using UEFI capsule updates, but 
diff -Nru fwupdate-12/debian/gen_signing_json 
fwupdate-12/debian/gen_signing_json
--- fwupdate-12/debian/gen_signing_json 2018-08-06 05:02:24.0 +0100
+++ fwupdate-12/debian/gen_signing_json 2019-03-08 23:22:43.0 +
@@ -16,9 +16,14 @@
 
 rm -f $OUT
 
-printf '{"%s": {\n' "${SOURCE}" >> $OUT
-printf '  "files": [ \n' >> $OUT
-printf '{"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
-printf '  ]\n' >> $OUT
-printf '} }\n' >> $OUT
+printf '{\n' >> $OUT
+printf '  "packages": {\n' >> $OUT
+printf '"%s": {\n' "${SOURCE}" >> $OUT
+printf '  "trusted_certs": [],\n' >> $OUT
+printf '  "files": [ \n' >> $OUT
+printf '{"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
+printf '  ]\n' >> $OUT
+printf '}\n' >> $OUT
+printf '  }\n' >> $OUT
+printf '}\n' >> $OUT
 
diff -Nru fwupdate-12/debian/rules fwupdate-12/debian/rules
--- fwupdate-12/debian/rules2018-08-06 05:07:22.0 +0100
+++ fwupdate-12/debian/rules2019-03-08 22:23:42.0 +
@@ -10,7 +10,6 @@
 SB_STYLE := debian
 ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
SB_STYLE := ubuntu
-   tar_name := fwupdate_$(deb_version)_$(DEB_HOST_ARCH).tar.gz
 else
TMPLDIR  := 
debian/fwupdate-$(DEB_HOST_ARCH)-signed-template/usr/share/code-signing/fwupdate-$(DEB_HOST_ARCH)-signed-template
 endif
@@ -68,17 +67,6 @@
 
 override_dh_auto_clean:
dh_auto_clean -- EFIDIR=$(EFIDIR)
-ifeq (ubuntu,$(SB_STYLE))
-   rm -rf debian/fwupdate-images
-endif
 
 override_dh_builddeb:
dh_builddeb -- -Zxz
-ifeq (ubuntu,$(SB_STYLE))
-   mkdir -p debian/fwupdate-images/$(deb_version)
-   cp efi/fwup*.efi debian/fwupdate-images/$(deb_version)
-   echo $(deb_version) \
-   > debian/fwupdate-images/$(deb_version)/version
-   cd debian/fwupdate-images && tar czvf 
../../../$(tar_name) .
-   dpkg-distaddfile $(tar_name) raw-uefi -
-endif
diff -Nru fwupdate-12/debian/signing-template/control 
fwupdate-12/debian/signing-template/control
--- fwupdate-12/debian/signing-template/control 2018-08-06 05:02:24.0 
+0100
+++ fwupdate-12/debian/signing-template/control 2019-03-08 22:23:42.0 
+
@@ -12,6 +12,7 @@
 Package: fwupdate-SIGNARCH-signed
 Section: admin
 Architecture: SIGNARCH
+Provides: fwupdate-signed
 Depends: ${shlibs:Depends}, ${misc:Depends}, fwupdate (= SIGNVERSION)
 Description: Tools to manage UEFI firmware updates (signed)
  fwupdate provides functionality to update system firmware. It has been 


unblock fwupdate/12-4

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: 

Bug#925435: unblock: fwupd/1.2.5-2

[Steve McIntyre]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package fwupd

I've just made the last minor tweaks around the signing service json
setup needed for UEFI Secure Boot support in Debian. Here's the tiny
debdiff.

diff -Nru fwupd-1.2.5/debian/changelog fwupd-1.2.5/debian/changelog
--- fwupd-1.2.5/debian/changelog2019-02-26 22:30:52.0 +
+++ fwupd-1.2.5/debian/changelog2019-03-25 00:32:07.0 +
@@ -1,3 +1,13 @@
+fwupd (1.2.5-2) unstable; urgency=medium
+
+  * debian/gen_signing_json: Update the format of the json metadata to
+match new requirements:
++ Move all the data under a new top-level "packages" key
++ Add an empty "trusted_certs" key - our binaries do not do any
+  further verification with an embedded key.
+
+ -- Steve McIntyre <93...@debian.org>  Mon, 25 Mar 2019 00:32:07 +
+
 fwupd (1.2.5-1) unstable; urgency=medium
 
   * New upstream version (1.2.5)
diff -Nru fwupd-1.2.5/debian/gen_signing_json 
fwupd-1.2.5/debian/gen_signing_json
--- fwupd-1.2.5/debian/gen_signing_json 2019-02-26 22:29:28.0 +
+++ fwupd-1.2.5/debian/gen_signing_json 2019-03-08 23:33:13.0 +
@@ -16,9 +16,14 @@
 
 rm -f $OUT
 
-printf '{"%s": {\n' "${SOURCE}" >> $OUT
-printf '  "files": [ \n' >> $OUT
-printf '{"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
-printf '  ]\n' >> $OUT
-printf '} }\n' >> $OUT
+printf '{\n' >> $OUT
+printf '  "packages": {\n' >> $OUT
+printf '"%s": {\n' "${SOURCE}" >> $OUT
+printf '  "trusted_certs": [],\n' >> $OUT
+printf '  "files": [ \n' >> $OUT
+printf '{"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
+printf '  ]\n' >> $OUT
+printf '}\n' >> $OUT
+printf '  }\n' >> $OUT
+printf '}\n' >> $OUT
 


unblock fwupd/1.2.5-2

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#925434: nsca-ng-client: broken symlink: /usr/share/doc/nsca-ng-client/README.md -> README

[Andreas Beckmann]

Package: nsca-ng-client
Version: 1.6-1
Severity: normal
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink.

>From the attached log (scroll to the bottom...):

0m18.1s ERROR: FAIL: Broken symlinks:
  /usr/share/doc/nsca-ng-client/README.md -> README (nsca-ng-client)


cheers,

Andreas


nsca-ng-client_1.6-1.log.gz
Description: application/gzip

Bug#923527: bliss: example segfaults in gmp

[David Bremner]

Bernhard Übelacker  writes:

> Hello David Bremner,
>
> Do you still get this crash?

yes

> Is my bliss command line wrong?

it looks ok, same as mine

> Maybe something got lost in the input file,
> so you could attach it to the email?
>

ok

> Is the backtrace you copied all of the output or
> did you remove the frame in function main?

Here is the full backtrace

Program received signal SIGSEGV, Segmentation fault.
0x7fd9b3fea0f9 in __gmpz_set_si () from 
/usr/lib/x86_64-linux-gnu/libgmp.so.10
(gdb) bt
#0  0x7fd9b3fea0f9 in __gmpz_set_si () from 
/usr/lib/x86_64-linux-gnu/libgmp.so.10
#1  0x7fd9b453ac10 in bliss::AbstractGraph::search(bool, bliss::Stats&) ()
   from /usr/lib/x86_64-linux-gnu/libbliss.so.2
#2  0x7fd9b453da3c in 
bliss::AbstractGraph::find_automorphisms(bliss::Stats&, void (*)(void*, 
unsigned int, unsigned int const*), void*) () from 
/usr/lib/x86_64-linux-gnu/libbliss.so.2
#3  0x55d66f737cd0 in main (argc=2, argv=0x7ffc262cb408) at bliss.cc:297



foo.in
Description: Binary data

Bug#925433: gitlab-common: unowned files after purge (policy 6.8, 10.8): /usr/lib/tmpfiles.d/gitlab-common.conf

[Andreas Beckmann]

Package: gitlab-common
Version: 11.8.3-1
Severity: important
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package left unowned files on
the system after purge, which is a violation of policy 6.8 (or 10.8):

https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#details-of-removal-and-or-configuration-purging

Filing this as important as having a piuparts clean archive is a release
goal since lenny.

>From the attached log (scroll to the bottom...):

0m48.1s ERROR: FAIL: Package purging left files on system:
  /usr/lib/tmpfiles.d/gitlab-common.conf not owned


cheers,

Andreas


gitlab-common_11.8.3-1.log.gz
Description: application/gzip

Bug#925432: tdiary-mode: unowned files after purge (policy 6.8, 10.8): /usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/*

[Andreas Beckmann]

Package: tdiary-mode
Version: 5.0.11-2
Severity: important
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package left unowned files on
the system after purge, which is a violation of policy 6.8 (or 10.8):

https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#details-of-removal-and-or-configuration-purging

Filing this as important as having a piuparts clean archive is a release
goal since lenny.

>From the attached log (scroll to the bottom...):

1m8.3s ERROR: FAIL: Package purging left files on system:
  /usr/share/emacs/site-lisp/elpa/   not owned
  /usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/ not owned
  /usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/Install.log.gz  
 not owned
  /usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/http.el -> 
/usr/share/emacs/site-lisp/elpa-src/tdiary-mode-20170123.2324//http.elnot 
owned
  /usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/http.elc not 
owned
  
/usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/tdiary-mode-autoloads.el
 -> 
/usr/share/emacs/site-lisp/elpa-src/tdiary-mode-20170123.2324//tdiary-mode-autoloads.el
  not owned
  /usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/tdiary-mode-pkg.el 
-> 
/usr/share/emacs/site-lisp/elpa-src/tdiary-mode-20170123.2324//tdiary-mode-pkg.el
  not owned
  /usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/tdiary-mode.el -> 
/usr/share/emacs/site-lisp/elpa-src/tdiary-mode-20170123.2324//tdiary-mode.el   
   not owned
  /usr/share/emacs/site-lisp/elpa/tdiary-mode-20170123.2324/tdiary-mode.elc 
 not owned


cheers,

andreas


tdiary-mode_5.0.11-2.log.gz
Description: application/gzip

Bug#925431: openjdk-12-jre-headless,ca-certificates-java: fails to install in sid

[Andreas Beckmann]

Package: openjdk-12-jre-headless,ca-certificates-java
Severity: serious
Tags: sid
User: debian...@lists.debian.org
Usertags: piuparts
Control: found -1 12.0.0-2
Control: found -1 20190214

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Setting up ca-certificates-java (20190214) ...
  head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or 
directory
  /var/lib/dpkg/info/ca-certificates-java.postinst: line 89: java: command not 
found
  dpkg: error processing package ca-certificates-java (--configure):
   installed ca-certificates-java package post-installation script subprocess 
returned error exit status 127
  dpkg: dependency problems prevent configuration of 
openjdk-12-jre-headless:amd64:
   openjdk-12-jre-headless:amd64 depends on ca-certificates-java; however:
Package ca-certificates-java is not configured yet.
  
  dpkg: error processing package openjdk-12-jre-headless:amd64 (--configure):
   dependency problems - leaving unconfigured
  Processing triggers for libc-bin (2.28-8) ...
  Processing triggers for ca-certificates (20190110) ...
  Updating certificates in /etc/ssl/certs...
  0 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d...
  
  /etc/ca-certificates/update.d/jks-keystore: 82: 
/etc/ca-certificates/update.d/jks-keystore: java: not found
  E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
  done.
  Errors were encountered while processing:
   ca-certificates-java
   openjdk-12-jre-headless:amd64


cheers,

Andreas


openjdk-12-jre-headless_12.0.0-2.log.gz
Description: application/gzip

Bug#925430: findutils: regextype egrep repitition count doesn't work

[Chris Dunlop]

Package: findutils
Version: 4.6.0+git+20170828-2
Severity: normal

Dear Maintainer,

The repitition count doesn't work with 'find -regextype egrep'.

>From the grep man page:

Repetition
{n}The preceding item is matched exactly n times.
{n,}   The preceding item is matched n or more times.
{,m}   The preceding item is matched at most m times.  This is a GNU extension.
{n,m}  The preceding item is matched at least n times, but not more than m 
times.

E.g. with egrep:

$ echo a | egrep '^a{5}$'
a

However this doesn't work with 'find -regextype egrep', e.g.:

$ touch /tmp/a; find /tmp -maxdepth 1 -regextype egrep -name 'a{5}'

The other repitition count forms (e.g. {n,}) also don't work.

Cheers,

Chris

-- System Information:
Debian Release: buster/sid
  APT prefers bionic-updates
  APT policy: (500, 'bionic-updates'), (500, 'bionic-security'), (500, 
'bionic'), (100, 'bionic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-46-generic (SMP w/8 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages findutils depends on:
ii  libc62.27-3ubuntu1
ii  libselinux1  2.7-2build2

findutils recommends no packages.

Versions of packages findutils suggests:
ii  mlocate  0.26-2ubuntu3.1

-- no debconf information

Bug#891591: lld: broken symlink: /usr/share/man/man1/lld.1.gz -> lld-5.0.1.gz

[Andreas Beckmann]

Followup-For: Bug #891591
Control: tag -1 patch

attached patch changes this link to
/usr/share/man/man1/lld.1.gz -> ld.lld-VER.1.gz


Andreas
>From 56bf0d217e8bdfbd8b1bf25fc20dbb30be41100b Mon Sep 17 00:00:00 2001
From: Andreas Beckmann 
Date: Mon, 25 Mar 2019 00:28:01 +0100
Subject: [PATCH] fix the lld.1.gz symlink

lld-V only ships the ld.lld-V.1.gz manpage, but no lld-V.1.gz symlink
---
 debian/changelog | 1 +
 debian/rules | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index b4a1b12..6035ce4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 llvm-defaults (0.47+nmu1) UNRELEASED; urgency=medium
 
   * Non-maintainer upload.
+  * Fix the lld.1.gz symlink.  (Closes: #891591)
 
  -- Andreas Beckmann   Mon, 25 Mar 2019 00:20:21 +0100
 
diff --git a/debian/rules b/debian/rules
index 8047afc..13265a3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -224,7 +224,7 @@ install: build README substvars
for man in \
ld.lld lld; do \
dh_link -plld \
-   /usr/share/man/man1/$$man-$(PV_LLVM).1.gz \
+   /usr/share/man/man1/ld.lld-$(PV_LLVM).1.gz \
/usr/share/man/man1/$$man.1.gz ; \
done
 
-- 
2.11.0

Bug#925411: kernel-package: Not suitable for release

[Ben Hutchings]

Control: severity -1 serious

On Sun, 2019-03-24 at 16:19 -0600, Nicholas D Steeves wrote:
> Control: severity -1 important
> Justification: essential package that works flawlessly for me

This was agreed with the maintainer, so you should not override it.

The discussion is here:
https://lore.kernel.org/lkml/1551888035-13329-1-git-send-email-yamada.masah...@socionext.com/
but unfortunately Manoj's message didn't get archived there for some
reason.

[...]
> The new style kernel packaging is hard to learn how to use, and builds
> take much longer for some reason (generation of more packages?).
[...]

It sounds like you're looking at the linux source package.  I would
certainly not suggest using that for local custom packages; it's meant
for distributions.

The simple alternative is already included in the kernel tree itself:

make bindeb-pkg

It does generate some extra packages (linux-headers and linux-libc-dev) 
but that doesn't take very long.  The generated packages don't support
/etc/kernel-img.conf but they do support hooks in /etc/kernel.

> 13.018+nmu1 on buster works like it always has for me--flawlessly.  I
> built upstream vanilla 4.19.31 two days ago.

Bug #890817 also looks like it may be a big problem for current kernel
versions, but apparently you have avoided it.

Ben.

-- 
Ben Hutchings
Larkinson's Law: All laws are basically false.



signature.asc
Description: This is a digitally signed message part

Bug#925414: debian-installer: fails to install on xfs

[Cyril Brulebois]

Hey,

Colin Watson  (2019-03-24):
> On Sun, Mar 24, 2019 at 06:59:31PM +0100, Cyril Brulebois wrote:
> > This is with a daily from 2019-03-24 but I'm not sure this is due to
> > some kernel module mismatch between d-i and the installed system…
> 
> For future reference, kernel module mismatches can't cause this type
> of error.  The relevant bit of GRUB's filesystem handling runs in
> userspace, and only needs access to the block device.

Sure, it's just a common enough gotcha that's a #1 topic on my list to
check before doing anything else; I didn't mean to imply this was
particularly relevant in this specific context. Sorry for the incomplete
brain dump…

> > Installing with default ext4, with or without encrypted LVM works just
> > fine, but grub fails when trying to install on plain xfs:
> > 
> > Mar 24 17:35:57 grub-installer: info: Installing grub on '/dev/sda'
> > Mar 24 17:35:57 grub-installer: info: grub-install does not support 
> > --no-floppy
> > Mar 24 17:35:57 grub-installer: info: Running chroot /target 
> > grub-install  --force "/dev/sda"
> > Mar 24 17:35:57 grub-installer: Installing for i386-pc platform.
> > Mar 24 17:35:58 grub-installer: grub-install: error:
> > Mar 24 17:35:58 grub-installer:
> > Mar 24 17:35:58 grub-installer: unknown filesystem
> > Mar 24 17:35:58 grub-installer: .
> > Mar 24 17:35:58 grub-installer: error: Running 'grub-install  --force 
> > "/dev/sda"' failed.
> 
> The syslog shows that 2.02+dfsg1-13 was installed.  I already fixed this
> in 2.02+dfsg1-14 - it's just not in testing yet:
> 
> grub2 (2.02+dfsg1-14) unstable; urgency=medium
> 
>   * Make signed packages depend on a matching version of grub-common, in an
> attempt to prevent incorrect testing migrations (closes: #924814).
>   * Cherry-pick from upstream:
> - xfs: Accept filesystem with sparse inodes (closes: #924760).
>   * Minimise writes to EFI variable storage (closes: #891434).
> 
>  -- Colin Watson   Sat, 23 Mar 2019 09:47:10 +

OK, great.

Sorry for the noise; I didn't report it when I first encountered it a
couple of weeks ago and lost track; didn't want to do that again, so I
filed it right away before hoping into a train.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#925429: cockpit-ws: broken symlinks: /usr/share/cockpit/branding/scientific/{{logo,apple-touch-icon}.png,favicon.ico}

[Andreas Beckmann]

Package: cockpit-ws
Version: 190-1
Severity: important
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink.

>From the attached log (scroll to the bottom...):

0m22.5s ERROR: FAIL: Broken symlinks:
  /usr/share/cockpit/branding/scientific/logo.png -> 
../../../pixmaps/system-logo-white.png (cockpit-ws)
  /usr/share/cockpit/branding/scientific/favicon.ico -> /etc/favicon.png 
(cockpit-ws)
  /usr/share/cockpit/branding/scientific/apple-touch-icon.png -> 
../../../pixmaps/fedora-logo-sprite.png (cockpit-ws)


cheers,

Andreas


cockpit-ws_190-1.log.gz
Description: application/gzip

Bug#845297: bug now fixed?

[Thomas Lange]

The documentation how to do sparseCheckout is included in
the using_git web page.

IMO we can now close this bug.

-- 
regards Thomas

Bug#925428: gimp: default color scheme makes file name invisible when saving file

[Russell Coker]

Package: gimp
Version: 2.10.8-2
Severity: normal

When I try to save a file it makes the color for the entry field dark gray on
black which is almost impossible to read.  I have done a
"rm -rf .gimp-2.8/ .config/GIMP/" and the problem persists, so it seems to be
the default.

After the bug report has appeared I'll attach a screen shot.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default

Versions of packages gimp depends on:
ii  gimp-data2.10.8-2
ii  libaa1   1.4p5-46
ii  libbabl-0.1-00.1.62-1
ii  libbz2-1.0   1.0.6-9
ii  libc62.28-8
ii  libcairo21.16.0-4
ii  libfontconfig1   2.13.1-2
ii  libfreetype6 2.9.1-3
ii  libgcc1  1:8.3.0-2
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libgegl-0.4-00.4.12-2
ii  libgexiv2-2  0.10.9-1
ii  libgimp2.0   2.10.8-2
ii  libglib2.0-0 2.58.3-1
ii  libgs9   9.26a~dfsg-2
ii  libgtk2.0-0  2.24.32-3
ii  libgudev-1.0-0   232-2
ii  libharfbuzz0b2.3.1-1
ii  libheif1 1.3.2-1+b1
ii  libilmbase23 2.2.1-2
ii  libjpeg62-turbo  1:1.5.2-2+b1
ii  liblcms2-2   2.9-3
ii  liblzma5 5.2.4-1
ii  libmng1  1.0.10+dfsg-3.1+b5
ii  libmypaint-1.3-0 1.3.0-2.1
ii  libopenexr23 2.2.1-4
ii  libopenjp2-7 2.3.0-2
ii  libpango-1.0-0   1.42.4-6
ii  libpangocairo-1.0-0  1.42.4-6
ii  libpangoft2-1.0-01.42.4-6
ii  libpng16-16  1.6.36-5
ii  libpoppler-glib8 0.71.0-3
ii  librsvg2-2   2.44.10-1
ii  libstdc++6   8.3.0-2
ii  libtiff5 4.0.10-4
ii  libwebp6 0.6.1-2
ii  libwebpdemux20.6.1-2
ii  libwebpmux3  0.6.1-2
ii  libwmf0.2-7  0.2.8.4-14
ii  libx11-6 2:1.6.7-1
ii  libxcursor1  1:1.1.15-2
ii  libxext6 2:1.3.3-1+b2
ii  libxfixes3   1:5.0.3-1
ii  libxmu6  2:1.1.2-2+b2
ii  libxpm4  1:3.5.12-1
ii  xdg-utils1.1.3-1
ii  zlib1g   1:1.2.11.dfsg-1

Versions of packages gimp recommends:
ii  ghostscript  9.26a~dfsg-2

Versions of packages gimp suggests:
pn  gimp-data-extras  
pn  gimp-help-en | gimp-help  
pn  gimp-python   
pn  gvfs-backends 
ii  libasound21.1.8-1

-- no debconf information

Bug#925427: python3-monascaclient: fails to install: update-alternatives: error: alternative path /usr/bin/python3-monasca doesn't exist

[Andreas Beckmann]

Package: python3-monascaclient
Version: 1.14.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Setting up python3-monascaclient (1.14.0-1) ...
  update-alternatives: error: alternative path /usr/bin/python3-monasca doesn't 
exist
  dpkg: error processing package python3-monascaclient (--configure):
   installed python3-monascaclient package post-installation script subprocess 
returned error exit status 2
  Processing triggers for ca-certificates (20190110) ...
  Updating certificates in /etc/ssl/certs...
  0 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d...
  done.
  Errors were encountered while processing:
   python3-monascaclient


cheers,

Andreas


python3-monascaclient_1.14.0-1.log.gz
Description: application/gzip

Bug#925426: python3-muranoclient: fails to install: update-alternatives: error: alternative path /usr/bin/python3-murano doesn't exist

[Andreas Beckmann]

Package: python3-muranoclient
Version: 1.2.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Setting up python3-muranoclient (1.2.0-1) ...
  update-alternatives: error: alternative path /usr/bin/python3-murano doesn't 
exist
  dpkg: error processing package python3-muranoclient (--configure):
   installed python3-muranoclient package post-installation script subprocess 
returned error exit status 2
  Processing triggers for ca-certificates (20190110) ...
  Updating certificates in /etc/ssl/certs...
  0 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d...
  done.
  Errors were encountered while processing:
   python3-muranoclient


cheers,

andreas


python3-muranoclient_1.2.0-1.log.gz
Description: application/gzip

Bug#925425: python3-zunclient: fails to install: update-alternatives: error: alternative path /usr/bin/python3-zun doesn't exist

[Andreas Beckmann]

Package: python3-zunclient
Version: 3.3.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Setting up python3-zunclient (3.3.0-1) ...
  update-alternatives: error: alternative path /usr/bin/python3-zun doesn't 
exist
  dpkg: error processing package python3-zunclient (--configure):
   installed python3-zunclient package post-installation script subprocess 
returned error exit status 2
  Processing triggers for ca-certificates (20190110) ...
  Updating certificates in /etc/ssl/certs...
  0 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d...
  done.
  Errors were encountered while processing:
   python3-zunclient


cheers,

Andreas


python3-zunclient_3.3.0-1.log.gz
Description: application/gzip

Bug#925424: linux-image-amd64: Build the Silead touchscreen controller kernel driver

[Kai Renzig]

Package: linux-image-amd64
Version: 4.19+102
Severity: normal

Dear Maintainers,

a wide range of budget x86 tablets make use of Silead touchscreen controllers.

A driver for Silead touchscreen controllers was added to the Linux kernel a few
years ago, but it's not being built in the Debian kernel images at the moment.

To enable it, the following build configuration options would have to be set:

CONFIG_TOUCHSCREEN_SILEAD=m
CONFIG_TOUCHSCREEN_DMI=y

(https://github.com/onitake/gsl-firmware/issues/114#issuecomment-475989938)

Could you consider enabling these options for future builds?

Thank you very much!

Greetings,

Kai Renzig



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-amd64 depends on:
ii  linux-image-4.19.0-2-amd64  4.19.16-1

linux-image-amd64 recommends no packages.

linux-image-amd64 suggests no packages.

-- no debconf information

Bug#864017: release-notes: Assumes /etc/apt/sources.list is used (and not /etc/apt/sources.list.d/*.list or deb822) [general]

[Justin B Rye]

Paul Gevers wrote:
>> Justin Rye (#863975):
>>> Incidentally, the release-notes mention /etc/apt/sources.list plenty
>>> of times but never /etc/apt/sources.list.d/*.list files; and soon
>>> we'll also have the option of deb822-style .sources files - see the
>>> sources.list(5) in stretch.  We'll need to come up with a generic term
>>> and use that instead; I'd suggest "APT source-list files".
> 
> I gave this a first shot. What do you think of the attached patch
> (should we do this via Salsa merge requests)?

(I know nothing of git, and am therefore finding salsa considerably
harder to use than the old alioth setup, but I'm hoping to get it
worked out in time to contribute with the release notes.)

All of the changes in your diff look good to me, though there's a typo
here:

>
> -Lines in sources.list starting with deb ftp: and pointing 
> to debian.org
> -addresses should be changed into deb http: lines.
> +Lines in APT source-list files starting with deb ftp: 
> or
> +URIs: ftp:and pointing to debian.org
^
  extra space needed

More importantly, the FTP servers were shut down in April 2017, so
this update was required for Jessie-to-Stretch, wasn't it?  At any
rate, I find it hard to imagine very many machines as cobwebby as this
would be using a deb822-format APT config with "URIs: ftp:"!

Also, when we first mention APT configuration we need to set out what
we mean by "APT source-list files", if only by pointing at
sources.list(5).
-- 
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package

Bug#864035: deb.debian.org should be used throughout

[Justin B Rye]

Paul Gevers wrote:
>> Do we recommend using deb.debian.org as the default in
>> /etc/apt/sources.list (I think so)? If so, is that documented somewhere?
>> 
>> I think people that upgrade may have older entries and I think we should
>> suggest them to migrate, no? Where to find an authoritative answer?
> 
> What do you think of the attached patch?

It needs a couple of trivial language fixes, but it also runs into
bug #864017.  Oh - okay, while I was writing this you've commented
on that one, so I'll reply separately on that topic.

I would also suggest that we should reserve markup like apt for cases where we actually mean the
package "apt", as opposed to the package-management infrastructure in
general (aka "APT").

> diff --git a/en/upgrading.dbk b/en/upgrading.dbk
> index b779789f..f64458ca 100644
> --- a/en/upgrading.dbk
> +++ b/en/upgrading.dbk
> @@ -476,14 +476,33 @@ $ apt-forktracer | sort
>  
>
>  Adding APT Internet sources
> -
> -  TODO: [elbrus, 2019]: we now have deb.debian.org. This section could 
> do with
> -  some minor updates regarding using that.
> -
>  
> -  The default configuration is set up for installation from the main 
> Debian Internet
> -  servers, but you may wish to modify 
> /etc/apt/sources.list
> -  to use other mirrors, preferably a mirror that is closest to you in 
> network terms.
> +  The default configuration is set up for installation from the 
> +  apt CDN service, so on new installations you should always be getting
> +  packages from a server near you. As this is a relative new service, you
   ^ly
Slightly confusing use of "installation" in two different senses.

 On new installations the default is for APT to be set up to use the
  APT CDN service, which should ensure that packages are
 automatically downloaded from a server near you in network terms. As
 this is a relatively new service, older installations

> +  may have configuration that still points to one of the main 
> +  Internet servers or one of the mirrors. If you haven't done so yet, it 
> is
> +  recommended to switch over to the use of the CDN service in your apt
> +  configuration.
> +
> +
> +  To use the CDN service with  role="package">apt,
   ^^^
> +  you add this line to your /etc/apt/sources.list 
> file
 ^^^
> +  (assuming you are using main and
> +  contrib):
> +

I would recommend just:

   
To make use of the CDN service, add a line like this to your APT source
configuration (assuming you are using main and
contrib):
   

> +deb http://deb.debian.org/debian  main 
> contrib

(Yet another interacting change: we want people to start using HTTPS!
But it's much simpler to recommend that as a *post*-upgrade change.)

> +
> +  After adding your new sources, disable the previously existing
> +  deb lines in
> +  sources.list by placing a hash sign
> +  (#) in front of them.

If they've already got the right file open, there's no need to repeat
what might be a confusing filename.

 After adding your new sources, disable the previously existing
 deb lines by placing a hash sign
 (#) in front of them.

> +
> +
> +  Normally using the CDN service provides you with the best performance,
> +  however you may wish to modify sources.list to use
> +  one of the mirrors, preferably a mirror that is closest to you in 
> network
> +  terms.

The advantages normally expected from deb.debian.org are something
that should be explained above, not here - what we should be giving
here is some hint at the circumstances that might lead a user to pick
the non-default option.

   
 However, if you get better results using a specific mirror that is
 close to you in network terms, this option is still available.
   

>  
>  
>Debian mirror addresses can be found at  @@ -502,8 +521,10 @@ $ apt-forktracer | sort
>
> /debian/dists//contrib/binary-/...
>  
>  
> -  To use this mirror with apt, 
> you add this line to your
> -  sources.list file:
> +  To use this mirror with apt, 
> you
> +  add this line to your sources.list file (again,

 To configure APT to use a given mirror, add a line like this (again,

> +  assuming you are using main and
> +  contrib):
>  
>  deb /debian  main 
> contrib
>  
> @@ -511,9 +532,8 @@ $ apt-forktracer | sort
>after the release name are used to expand the path into multiple 
> directories.
>  
>  
> -  After adding your new sources, disable the previously existing
> -  deb lines in 
> sources.list by placing a
> -  hash sign (#) in front of them.
> +  Again, after adding your new sources, disable the 

Bug#923527: bliss: example segfaults in gmp

[Bernhard Übelacker]

Hello David Bremner,
I just tried to reproduce this crash, while I am not
involved in packaging and without knowledge of bliss.

I always this output:

benutzer@debian:~$ bliss myciel3.col
Generator: (2,4)(3,5)(7,9)(8,10)
Generator: (1,2)(3,4)(6,7)(8,9)
Nodes:  6
Leaf nodes: 4
Bad nodes:  0
Canrep updates: 1
Generators: 2
Max level:  2
|Aut|:  10
Total time: 0.00 seconds
benutzer@debian:~$


Do you still get this crash?
Is my bliss command line wrong?
Maybe something got lost in the input file,
so you could attach it to the email?

Is the backtrace you copied all of the output or
did you remove the frame in function main?

Kind regards,
Bernhard

Bug#925411: kernel-package: Not suitable for release

[Nicholas D Steeves]

Control: severity -1 important
Justification: essential package that works flawlessly for me

Hi,

First, I'd like to thank whoever has been maintaining kernel-package.
I depend on it, and the functionality enabled by this package is one
of the primary reasons I chose Debian over other alternatives--years
ago...  Kernel-package is a killer feature! :-) Reply follows inline.

On Sun, Mar 24, 2019 at 03:31:27PM +, Ben Hutchings wrote:
> Package: kernel-package
> Version: 13.018+nmu1
> Severity: serious
> 
> I discussed the state of kernel-package with Manoj and we agreed (see
> below) that it is not currently in a state suitable for release.
> 
> Ben.
> 
> ---
> From: Manoj Srivastava 
> Date: Thu, 7 Mar 2019 23:15:30 -0800
> Message-ID: 
> 
> To: Masahiro Yamada 
> Cc: Ben Hutchings ,  Linux Kbuild mailing list
>  , Liz Zhang ,  Lili
>  Deng , Riku Voipio ,  Michal
>  Marek ,  Linux Kernel Mailing List
>  
> Subject: Re: [PATCH] kbuild: add workaround for Debian make-kpkg
> 
> 
> Hi,
> 
>Well, if there are users, then I'll file the return bug, but I'll take a
> look to see how but rooted this is, and perhaps even try building personal
> imaged Deb packages again (I stopped doing that)
>

Count me as one of its users.  I use it because it supports old-style
manually configured .config, and it lets one quickly and easily build
a Debian-packaged custom kernel like this:

  make menuconfig
  fakeroot make-kpkg binary-arch \
--initrd --append-to-version=.${date -I}

The new style kernel packaging is hard to learn how to use, and builds
take much longer for some reason (generation of more packages?).

>If should not go into buster in it's current state. It should be killed
> dead of it can't be brought back to a working state.
>

13.018+nmu1 on buster works like it always has for me--flawlessly.  I
built upstream vanilla 4.19.31 two days ago.

>Manoj
> 
> On Thu, Mar 7, 2019, 10:43 PM Masahiro Yamada 
> wrote:
> 
> > On Fri, Mar 8, 2019 at 6:56 AM Ben Hutchings  wrote:
> > >
> > > On Wed, 2019-03-06 at 22:48 -0800, Manoj Srivastava wrote:
> > > > Hi,
> > > >
> > > >   Does this have any users?
> >
> > Recently, I received a regression report.
> > So, yes. There are users.
> >
> >
> > > > I can take a stand at making it work, but I am
> > > > unsure of there are enough people interested in make-kpkg anymore to
> > make
> > > > it worthwhile.
> > > >

Please count me as a supremely grateful user.

> > > >   There is a man pager that might be of minor interest, but that can be
> > > > taken over by the kernel team if they want
> >
> > I do not want to maintain the dying package.
> >

Why is it dying?  Do you mean the downward trend on popcon?  ISTM that
this speaks of the success of the kernel team in reducing the benefit
of a custom kernel...so a decline in relevancy for the majority of
users (plus a cultural shift), but as I see it it's still core
functionality that facilitates freedom.

Of course anyone can orphan a package at any time for any reason ;-)

> > > [...]
> > >
> > > I assume you're referring to kernel-img.conf.  I would be happy to add
> > > that to linux-base, with some clarification of which settings are
> > > understood by which packages.
> > >
> > > I take it that you don't want kernel-package to be included in buster,
> > > so can you open an RC bug to say so?
> >
> > Also, could you make sure it won't come back to bullseye or later ?
> >
> > How about Ubuntu? Is it out of your control?
> >

Where are the bugs that make this package unsuitable for release?  My
simple use case is not affected by any of
https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=kernel-package
and I don't believe this RC bug is justified.

Is there any reason why any buggy kernel-package features can't be
cut?  Removing this package unnecessarily raises the barrier of entry
to building custom kernels...a killer feature of Debian--easy custom
kernels under package management.  Of course, if Debian had a kernel
flavour that met my use case then I might not need kernel-package.
The popcon trend appears to be fairly linear and it seems that there
will still be ~2000 users of the package by the time bullseye is
released.

I've attached my homemade convenience/enhancement wrapper script,
because it's possible that it works around some of the alleged unnamed
issues; my experience with this package has been *flawless*.  This bug
seems to indicate that it's difficult to maintain, so thank you for
your exceptional work on kernel-package.


Sincerely,
Nicholas
#!/bin/bash

# build-kernel builds a linux kernel with the right version of GCC and
# asks you to install it.  It also automatically enables concurrency
# for SMP and multicore systems.
#
# Copyright (C) 2011-2018  Nicholas D Steeves 
# Distributed under the terms of the GPLv2 license.

# This script depends on sudo, kernel-package, fakeroot, and pv

linux_source="$PWD"
# linux_name=$(git rev-parse --abbrev-ref HEAD)
# linux_name="a custom name"
# 

Bug#925423: elpa-debian-el: unable to report a bug in package reportbug

[Salman Mohammadi]

Package: elpa-debian-el
Version: 37.8
Severity: important

Dear Maintainer,

I'm unable to report a bug which is affecting the package *reportbug*.

Steps to reproduce:

1. M-x debian-bug
2. Report a bug for a [P]ackage or [F]ile: P
3. package name: reportbug
4. Severity: normal
5. (Very) brief summary of problem: dummy bug


but When I click on *Send Message*, a new window in Mozilla Thunderbird
will be shown with the following content:


--=-=-=
Content-Type: text/plain

Package: reportbug
Version: 7.5.2
Severity: normal

Dear Maintainer,

-- Package-specific info:

--=-=-=
Content-Type: text/plain
Content-Disposition: attachment
Content-Description: Bug script output

** /home/salman/.reportbugrc:
reportbug_version "7.5.2"
mode novice
ui text
realname "Salman Mohammadi"
email "sal...@smoha.org"

--=-=-=
Content-Type: text/plain


*** Reporter, please consider answering these questions, where
appropriate ***

* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?

*** End of the template - remove these template lines ***


which makes it unable to send the message, because of the header. I get
the following message as the error message from BTS:

>Your message didn't have a Package: line at the very first line of the
>mail body (part of the pseudo-header), or didn't have a Package: line
>at all. Unfortunatly, this means that your message has been ignored
>completely.
>
>Without this information we are unable to categorise or otherwise deal
>with your problem report. Please _resubmit_ your report to
>sub...@bugs.debian.org and tell us which package the
>report is for. For help, check out
>https://www.debian.org/Bugs/Reporting.
>
>Your message was dated Sun, 24 Mar 2019 22:39:07 +0100 and had
>message-id 
>and subject reportbug: SOMETHING-HERE.
>The complete text of it is attached to this message.
>
>If you need any assistance or explanation please contact
>ow...@bugs.debian.org and include the the attached
>message.
>
>If you didn't send the attached message (spam was sent forging your
>from address), we apologize; please disregard this message



-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages elpa-debian-el depends on:
ii bzip2 1.0.6-9
ii dpkg 1.19.5
ii emacsen-common 3.0.4
ii reportbug 7.5.2
ii xz-utils 5.2.4-1

Versions of packages elpa-debian-el recommends:
ii emacs 1:26.1+1-3.2
ii emacs-gtk [emacs] 1:26.1+1-3.2
ii wget 1.20.1-1

elpa-debian-el suggests no packages.

-- no debconf information

--=-=-=--

Bug#925414: debian-installer: fails to install on xfs

[Colin Watson]

Control: reassign -1 src:grub2 2.02+dfsg1-13
Control: close -1 2.02+dfsg1-14
Control: merge 924760 -1

On Sun, Mar 24, 2019 at 06:59:31PM +0100, Cyril Brulebois wrote:
> This is with a daily from 2019-03-24 but I'm not sure this is due to
> some kernel module mismatch between d-i and the installed system…

For future reference, kernel module mismatches can't cause this type of
error.  The relevant bit of GRUB's filesystem handling runs in
userspace, and only needs access to the block device.

> Installing with default ext4, with or without encrypted LVM works just
> fine, but grub fails when trying to install on plain xfs:
> 
> Mar 24 17:35:57 grub-installer: info: Installing grub on '/dev/sda'
> Mar 24 17:35:57 grub-installer: info: grub-install does not support 
> --no-floppy
> Mar 24 17:35:57 grub-installer: info: Running chroot /target grub-install 
>  --force "/dev/sda"
> Mar 24 17:35:57 grub-installer: Installing for i386-pc platform.
> Mar 24 17:35:58 grub-installer: grub-install: error:
> Mar 24 17:35:58 grub-installer:
> Mar 24 17:35:58 grub-installer: unknown filesystem
> Mar 24 17:35:58 grub-installer: .
> Mar 24 17:35:58 grub-installer: error: Running 'grub-install  --force 
> "/dev/sda"' failed.

The syslog shows that 2.02+dfsg1-13 was installed.  I already fixed this
in 2.02+dfsg1-14 - it's just not in testing yet:

grub2 (2.02+dfsg1-14) unstable; urgency=medium

  * Make signed packages depend on a matching version of grub-common, in an
attempt to prevent incorrect testing migrations (closes: #924814).
  * Cherry-pick from upstream:
- xfs: Accept filesystem with sparse inodes (closes: #924760).
  * Minimise writes to EFI variable storage (closes: #891434).

 -- Colin Watson   Sat, 23 Mar 2019 09:47:10 +

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]

Bug#925422: reportbug: suggesting non-existent emacs24-bin-common or emacs25-bin-common

[Salman Mohammadi]

Package: reportbug
Version: 7.5.2
Severity: normal

Dear Maintainer,


*reportbug* suggests installing *emacs24-bin-common* or
*emacs25-bin-common*
which are both currently non-existent in Buster.

Could replacing *emacs24-bin-common | emacs25-bin-common* with
*emacs-bin-common* be an option?


-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages reportbug depends on:
ii apt 1.8.0
ii python3 3.7.2-1
ii python3-reportbug 7.5.2
ii sensible-utils 0.0.12

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn claws-mail 
pn debconf-utils 
pn debsums 
ii dlocate 1.07+nmu1
pn emacs24-bin-common | emacs25-bin-common 
ii exim4-daemon-light [mail-transport-agent] 4.92-2
ii file 1:5.35-4
ii gnupg 2.2.12-1
pn python3-urwid 
pn reportbug-gtk 
ii xdg-utils 1.1.3-1

Versions of packages python3-reportbug depends on:
ii apt 1.8.0
ii file 1:5.35-4
ii python3 3.7.2-1
ii python3-apt 1.8.4
ii python3-debian 0.1.34
ii python3-debianbts 2.8.2
ii python3-requests 2.21.0-1

python3-reportbug suggests no packages.

-- no debconf information

Bug#858837: Bug#888743: Debian vs Linux namespaces, NMU lsb-base

[Vincent Bernat]

 ❦ 24 mars 2019 14:40 +01, Didier 'OdyX' Raboud :

>> Wouldn't it break chrooted processes? But mostly, as the whole pattern
>> is broken, it seems to be a low-effort solution.
>
> Vincent: what scenario did you have in mind?

For the first part, any daemon chrooting (like HAProxy, lldpd). For the
second part, it's just killing by name is fragile. Supervisors or PID
files should be used instead. start-stop-daemon makes it easy to get a
PID file for a program not able to provide one.
-- 
Make it right before you make it faster.
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature

Bug#925266: two different versions for Jessie install media (8.11.1 for LTS, 8.11.0 for the rest)

[Steve McIntyre]

On Fri, Mar 22, 2019 at 04:14:04AM +, Ben Hutchings wrote:
>On Fri, 2019-03-22 at 00:28 +0100, Laura Arjona Reina wrote:
>> Package: www.debian.org
>> User: www.debian@packages.debian.org
>> Usertag: content lts
>> Severity: normal
>> X-Debbugs-CC: debian-...@lists.debian.org
>> 
>> Hi all
>> Install media version 8.11.1 has been created for Jessie LTS
>> architectures only, so we need to keep on offering 8.11.0 images for the
>> non-LTS arches (currently we have broken links for mips, mipsel,
>> powerpc, ppc64el and s390x because they point to non-existent 8.11.1
>> images).
>[...]
>
>Sorry about that.  I don't think we should continue to link to
>unsupported images, but I now see that we still have installer pages
>for all releases that used d-i.  In my commit
>0a388832cb4a7e9dfe1265fa04d1c441e9730e23 I intended to remove the non-
>LTS arches from the page, but that obviously didn't work.

ACK. I agree with you. At the very least, we should make it less easy
for people for find links to unsupported installation media.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Every time you use Tcl, God kills a kitten." -- Malcolm Ray

Bug#890567: buildable preliminary debian package

[Jeffrey Cliff]

available at https://notabug.org/themusicgod1/termui
Its 'example' code seems to work (if you resolve GOPATH issues).
hopefully this helps,
Jeff Cliff

Bug#924452: closed by Camm Maguire (Bug#924452: fixed in lam 7.1.4-4)

[Andreas Beckmann]

On 2019-03-24 16:51, Debian Bug Tracking System wrote:
>* debhelper compat level 9
>* standard debian build flags

These are bad changes to do during the deep freeze and will probably be
rejected by the release team.

Andreas

Bug#925312: pcscd: Does not work if "used" in wrong order

[Ludovic Rousseau]

Le 24/03/2019 à 22:05, Ludovic Rousseau a écrit :

Le 24/03/2019 à 21:19, Joerg Jaspert a écrit :

On 15351 March 1977, Ludovic Rousseau wrote:


I think I found the problem.


I think my system disagrees. :)


In my case "gpg --card-status" works only if pcscd is NOT running.
GnuPG has its own way to access the smart card readers (here a yubikey)


Its a yubikey here too.


I propose two possible solutions:
1. remove pcscd from your system but that is a drastic change. No
PC/SC application will work any more.


Not a good thing, it's there for a reason.
And I know it worked in stretch.


2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC 
interface instead



To make option 2 just edit/create the scdaemon configuration file as bellow:
$ cat ~/.gnupg/scdaemon.conf
disable-ccid


Done that. Doesn't do anything.

Logged out. Killed gpg agent (just in case). Rebooted (damn system,
maybe). Nope, nothing. Same behaviour as before.


:-(

Before you restart pcscd, can you see your YubiKey listed by the pcsc_scan 
command (from the pcsc-tools package)?
Does "gpg --card-status" works as expected?

Once you have restarted pcscd, can you see your YubiKey listed by the pcsc_scan 
command?
Does "gpg --card-status" works as expected?


What are the USB VendorID & ProductID of your YukiKey token?
You can just attach the output of lsusb.

Thanks

--
 Dr. Ludovic Rousseau

Bug#925312: pcscd: Does not work if "used" in wrong order

[Ludovic Rousseau]

Le 24/03/2019 à 21:19, Joerg Jaspert a écrit :

On 15351 March 1977, Ludovic Rousseau wrote:


I think I found the problem.


I think my system disagrees. :)


In my case "gpg --card-status" works only if pcscd is NOT running.
GnuPG has its own way to access the smart card readers (here a yubikey)


Its a yubikey here too.


I propose two possible solutions:
1. remove pcscd from your system but that is a drastic change. No
PC/SC application will work any more.


Not a good thing, it's there for a reason.
And I know it worked in stretch.


2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC 
interface instead



To make option 2 just edit/create the scdaemon configuration file as bellow:
$ cat ~/.gnupg/scdaemon.conf
disable-ccid


Done that. Doesn't do anything.

Logged out. Killed gpg agent (just in case). Rebooted (damn system,
maybe). Nope, nothing. Same behaviour as before.


:-(

Before you restart pcscd, can you see your YubiKey listed by the pcsc_scan 
command (from the pcsc-tools package)?
Does "gpg --card-status" works as expected?

Once you have restarted pcscd, can you see your YubiKey listed by the pcsc_scan 
command?
Does "gpg --card-status" works as expected?

Bye

--
 Dr. Ludovic Rousseau

Bug#925374: dns-root-data: ships an obsolete root zone signing key

[Santiago Ruano Rincón]

Control: found -1 2014060201+2
Control: found -1 2017072601~deb8u1
Control: found -1 2017072601~deb8u2
Control: found -1 2017072601~deb9u1
Control: found -1 2017072601~deb9u1

I think BTS complained because it doesn't take more than one version per
found entry.

Cheers,

 -- Santiago

El 23/03/19 a las 23:25, Daniel Kahn Gillmor escribió:
> Package: dns-root-data
> Version: 2018091102
> Severity: serious
> Control: found -1 2014060201+2 2017072601~deb8u1 2017072601~deb8u2 
> 2017072601~deb9u1 2017072601~deb9u1
> Control: fixed -1 2019031302
> 
> The versions of dns-root-data marked as "found" above ship a hash for a
> root zone key that was retired earlier this month.
> 
> I'm marking this as serious because it is the equivalent of shipping a
> certificate for a no-longer valid CA in ca-certificates.
> 
> That key is no longer being used to sign anything that i have been aware
> of, and hopefully the private elements of it have been destroyed, but we
> shouldn't ship it any longer.
> 
> Those of us on the dns team should have gotten this done earlier, but we
> all appear to have just missed it -- sorry about that!
> 
> --dkg




signature.asc
Description: PGP signature

Bug#924009: closed by Dimitrios Eftaxiopoulos (Bug not reproduced)

[Bernhard Übelacker]

Hello Dimitris, hello di dit,

I think the issue is that freefem++s configure activate
AVX instructions when the build CPU supports it.


I could reproduce the crash in a Buster amd64 qemu VM, that
unintentionally did not support AVX (while the VM host would).
That led to following backtrace:

Program terminated with signal SIGILL, Illegal instruction.
...
(gdb) bt
#0  0x5627165a7801 in C_F0::C_F0 (this=0x562716c49c20 ) at 
./../fflib/AFunction.hpp:633
#1  __static_initialization_and_destruction_0 (__initialize_p=1, 
__priority=65535) at lg.ypp:105
#2  _GLOBAL__sub_I_lg.tab.cpp(void) () at lg.ypp:989
#3  0x562716a51dd5 in __libc_csu_init ()
#4  0x7f6573ed002a in __libc_start_main (main=0x5627165a74c0 , argc=2, argv=0x7ffc53da1d48, init=0x562716a51d90 <__libc_csu_init>, 
fini=, rtld_fini=, stack_end=0x7ffc53da1d38) at 
../csu/libc-start.c:264
#5  0x5627165abcda in _start () at ../Graphics/rgraph.hpp:145


The instruction at this address is a "vpxor":

(gdb) disassemble $pc-0x20,$pc+0x20
Dump of assembler code from 0x5627165a77e1 to 0x5627165a7821:
...
   0x5627165a77fa <_GLOBAL__sub_I_lg.tab.cpp(void)+42>: lea
0x6a23ef(%rip),%rsi# 0x562716c49bf0 
=> 0x5627165a7801 <_GLOBAL__sub_I_lg.tab.cpp(void)+49>: vpxor  
%xmm0,%xmm0,%xmm0
   0x5627165a7805 <_GLOBAL__sub_I_lg.tab.cpp(void)+53>: lea
0x6a2414(%rip),%rax# 0x562716c49c20 
...
End of assembler dump.


Therefore the local rebuild worked, when the package was built
at the CPU that were using it later.

In the latest available build log [1] are compiler flags
"-mmmx -mavx" shown.

Unfortunately I saw some bugs in the debian bug tracker
that were told a "baseline violation", I never saw it somewhere
explained what exactly the cpu feature baseline is.

Best would be if this detection would take place at runtime
instead of compile time.

In the configure script there are several lines were CPU flags
are checked from /proc/cpuinfo - these might "just" be disabled
to avoid newer CPU instructions.

Therefore this bug might really be valid und might be reopened again.

Kind regards,
Bernhard


[1] 
https://buildd.debian.org/status/fetch.php?pkg=freefem%2B%2B=amd64=3.61.1%2Bdfsg1-2%2Bb1=1542831124=0

# Buster amd64 qemu VM 2019-03-24

apt update
apt dist-upgrade

apt install systemd-coredump xserver-xorg lightdm openbox devscript dpkg-dev mc 
gdb freefem++ freefem++-doc freefem++-dbgsym
apt build-dep freefem++


systemctl start lightdm

cp /usr/share/doc/freefem++/examples/examples++-tutorial/a_tutorial.edp .

FreeFem++-nw a_tutorial.edp




mkdir /tmp/source/freefem/orig -p
cd/tmp/source/freefem/orig
apt source freefem++
cd





set width 0
set pagination off
directory /tmp/source/freefem/orig/freefem++-3.61.1+dfsg1/src/fflib
directory /tmp/source/freefem/orig/freefem++-3.61.1+dfsg1/src/lglib



###


benutzer@debian:~$ FreeFem++-nw a_tutorial.edp
Ungültiger Maschinenbefehl (Speicherabzug geschrieben)

[  418.337266] traps: FreeFem++-nw[12191] trap invalid opcode ip:5627165a7801 
sp:7ffc53da1c20 error:0 in FreeFem++[562716592000+4c]

root@debian:~# coredumpctl list
TIMEPID   UID   GID SIG COREFILE  EXE
Sun 2019-03-24 17:53:20 CET   12191  1000  1000   4 present   /usr/bin/FreeFem++


root@debian:~# coredumpctl gdb 12191
   PID: 12191 (FreeFem++-nw)
   UID: 1000 (benutzer)
   GID: 1000 (benutzer)
Signal: 4 (ILL)
 Timestamp: Sun 2019-03-24 17:53:20 CET (1min 54s ago)
  Command Line: FreeFem++-nw a_tutorial.edp
Executable: /usr/bin/FreeFem++
 Control Group: /user.slice/user-1000.slice/session-5.scope
  Unit: session-5.scope
 Slice: user-1000.slice
   Session: 5
 Owner UID: 1000 (benutzer)
   Boot ID: 01f85948a1e64e6794d6e1702ad3beea
Machine ID: 32f43b50ac8c4b21941bc0b02f8e7811
  Hostname: debian
   Storage: 
/var/lib/systemd/coredump/core.FreeFem++-nw.1000.01f85948a1e64e6794d6e1702ad3beea.12191.15534464.lz4
   Message: Process 12191 (FreeFem++-nw) of user 1000 dumped core.

Stack trace of thread 12191:
#0  0x5627165a7801 n/a (FreeFem++)
#1  0x562716a51dd5 __libc_csu_init (FreeFem++)
#2  0x7f6573ed002a __libc_start_main (libc.so.6)
#3  0x5627165abcda _start (FreeFem++)

GNU gdb (Debian 8.2.1-2) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual 

Bug#925400: Processed: Bug#925400: ITP: q2cli -- Click-based command line interface for QIIME 2

[Andreas Tille]

Dear Liubov,

On Sun, Mar 24, 2019 at 09:27:55PM +0100, Liubov Chuprikova wrote:
> 
> Sorry for this mess! In the beginning, I set the bug owner to "Debian Med
> Packaging Team " (just how I
> did it earlier), but strangely it appeared truncated to "Debian Med
> Packaging Team <". I was trying to fix this a couple of times. Then I had
> tried to set the owner to "Debian Med team "
> just to see if it also would appear truncated, but it was set properly.

Ahh, OK.  Its no real problem. 
> 
> > The changelog entry which will close the bug
> > mentions your ID - so that ITP bug belongs to you and is closed by you.
> 
> Okay, next time I will set my ID then :-)

You do not even need to set something explicitly.  Just file the ITP
bug - either manually or by using

   
https://salsa.debian.org/r-pkg-team/dh-r/blob/master/scripts/itp_from_debian_dir
 
> > Just let me know if you consider the package ready for upload
> 
> Yes, I think it's ready for uploading. Thank you!

Just uploaded.  Thanks a lot for the preparation of your first package!
 
> One more thing, related to QIIME 2. I have found recently that qiime2 and
> q2cli are just frameworks for plugins [1][2] that do the real job. I am
> fine with packaging all of them but in my case, it will not be very soon.
> Are we in a big hurry to finish everything related to QIIME 2?

Just work on it if your time permits.  If there is a real user request
for a certain plugin we might see whether somebody can help.
 
> Un saludo,

Saludos

  Andreas.
 
> [1] https://docs.qiime2.org/2019.1/install/
> [2] https://anaconda.org/qiime2/repo

-- 
http://fam-tille.de

Bug#924914: pcscd: socket activation masks socket

[Ludovic Rousseau]

Le 24/03/2019 à 20:33, Mathias Behrle a écrit :

* Ludovic Rousseau: " Re: Bug#924914: pcscd: socket activation masks
   socket" (Sun, 24 Mar 2019 14:58:07 +0100):

Hello,


I fixed the problem upstream in
https://salsa.debian.org/rousseau/PCSC/commit/d627aee864c3e9ce40e375fcc0e34a7855b6f0f1

Please confirm the fix works for you.
It if is OK then I will make a new upstream release and then a new Debian
package.


Yes, that's exactliy the fix I am running and that works for me.


OK. Thanks for the confirmation.

--
 Dr. Ludovic Rousseau

Bug#925337: webext-ublock-origin: deactivated with Firefox 66

[Markus Koschany]

Control: tags -1 pending

Hello!

Am 24.03.19 um 16:52 schrieb Olivier:
> Hello,
> 
> I just found out that the manifest.json in webext-ublock-origin contains an 
> incorrect value. The value 'split' of 'incognito' is not supported in Firefox 
> (https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/
> manifest.json/incognito).
> After removing it, the Ublock extension is back.
> 
> Regards
> Olivier

Thank you! Indeed that fixes the problem.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#923330: jajuk: Fails to start with Java Runtime Environment 1.7 minimum required. You use a JVM ext.JVM@23fc625e

[Markus Koschany]

Hi,

Am 24.03.19 um 20:41 schrieb Bertrand Florat:
> Hi,
> 
> FYI, the develop branch of jajuk works with the revival of substance
> (radiance), it works for instance with radiance-substance 2.0.1.
> 
> See https://github.com/kirill-grouchnikov/radiance

Thanks for the hint. Unfortunately development in Debian is frozen at
the moment. We can't package a new upstream version or even a new
upstream project for now. Ideally we need a targeted fix to resolve this
problem.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#924156: RM: openhft-chronicle-wire/1.1.13-1

[Paul Gevers]

Control: tag -1 moreinfo

Sent to the wrong bug number...

On Sat, 23 Mar 2019 16:48:37 + Jonathan Wiltshire 
wrote:
> Control: tag -1 moreinfo
> 
> On Sat, Mar 09, 2019 at 11:17:09PM +, Andrej Shadura wrote:
> > Please remove openhft-chronicle-wire from testing, I don’t see any
> > chance of us properly solving this for Buster.
> 
> There are reverse dependencies:
> 
> | Will remove the following packages from testing:
> | 
> | libopenhft-chronicle-wire-java |   1.1.13-1 | all
> | openhft-chronicle-wire |   1.1.13-1 | source
> | 
> | Maintainer: Debian Java Maintainers 
> 
> | 
> | --- Reason ---
> | 
> | --
> | 
> | Checking reverse dependencies...
> | # Broken Depends:
> | openhft-chronicle-network: libopenhft-chronicle-network-java
> | openhft-chronicle-queue: libopenhft-chronicle-queue-java
> | 
> | # Broken Build-Depends:
> | openhft-chronicle-network: libopenhft-chronicle-wire-java
> | 
> | Dependency problem found.
> 
> Thanks,
> 
> -- 
> Jonathan Wiltshire  j...@debian.org
> Debian Developer http://people.debian.org/~jmw
> 
> 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Paul

Bug#925420: collectd: disabled mqtt in build breaks upgrades on configs with mqtt

[kent]

Source: collectd
Version: 5.8.1-1 +
Severity: important

When upgrading collectd from 5.8.0-5.2, the package becomes unable to
restart if the mqtt plugin is enabled in the configs leaving it unable
to complete the collectd and collectd-core installations.

Request to revert the disabled plugin as the referred to bugs have been
resolved.

>From the 5.8.1-1 changelog:
- Disable mqtt plugin until #911265, #911266 get fixed.

Also it appears the varnish plugin bug is also fixed from 5.8.0-5
- disable varnish plugin until #879471 gets fixed.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#925400: Processed: Bug#925400: ITP: q2cli -- Click-based command line interface for QIIME 2

[Liubov Chuprikova]

Dear Andreas,

On Sun, 24 Mar 2019 at 15:07, Andreas Tille  wrote:

> Dear Liubov,
>
> On Sun, Mar 24, 2019 at 12:30:03PM +, Debian Bug Tracking System wrote:
> > > owner 925400 Debian Med team 
> > Bug #925400 [wnpp] ITP: q2cli -- Click-based command line interface for
> QIIME 2
> > Owner changed from Liubov Chuprikova  to Debian
> Med team .
>
> While I think there is no harm done by changing the owner of this ITP
> bug its rather unusual.


Sorry for this mess! In the beginning, I set the bug owner to "Debian Med
Packaging Team " (just how I
did it earlier), but strangely it appeared truncated to "Debian Med
Packaging Team <". I was trying to fix this a couple of times. Then I had
tried to set the owner to "Debian Med team "
just to see if it also would appear truncated, but it was set properly.


> The changelog entry which will close the bug
> mentions your ID - so that ITP bug belongs to you and is closed by you.
>

Okay, next time I will set my ID then :-)

Just let me know if you consider the package ready for upload


Yes, I think it's ready for uploading. Thank you!

One more thing, related to QIIME 2. I have found recently that qiime2 and
q2cli are just frameworks for plugins [1][2] that do the real job. I am
fine with packaging all of them but in my case, it will not be very soon.
Are we in a big hurry to finish everything related to QIIME 2?

Un saludo,
Liubov

[1] https://docs.qiime2.org/2019.1/install/
[2] https://anaconda.org/qiime2/repo

Bug#925312: pcscd: Does not work if "used" in wrong order

[Joerg Jaspert]

On 15351 March 1977, Ludovic Rousseau wrote:


I think I found the problem.


I think my system disagrees. :)


In my case "gpg --card-status" works only if pcscd is NOT running.
GnuPG has its own way to access the smart card readers (here a yubikey)


Its a yubikey here too.


I propose two possible solutions:
1. remove pcscd from your system but that is a drastic change. No
PC/SC application will work any more.


Not a good thing, it's there for a reason.
And I know it worked in stretch.

2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC 
interface instead



To make option 2 just edit/create the scdaemon configuration file as bellow:
$ cat ~/.gnupg/scdaemon.conf
disable-ccid


Done that. Doesn't do anything.

Logged out. Killed gpg agent (just in case). Rebooted (damn system,
maybe). Nope, nothing. Same behaviour as before.

--
bye, Joerg

Bug#925419: librust-rustc-version-dev: typo in package description

[Jakub Wilk]

Package: librust-rustc-version-dev
Version: 0.2.3-1

a installed -> an installed

--
Jakub Wilk

Bug#925418: unblock: postfix/3.4.4-1

[Scott Kitterman]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package postfix

About the time we were switching to postfix 3.4 in Buster there were a series
of bug reports/updates from upstream.  The first one (3.4.1 was caught in the
transition from experimental to unstable/buster.  I decided to wait and see
how things went upstream before uploading/asking for another unblock.

It looks like things have calmed down, so I'd like to get 3.4.4 into buster to
address several bugs, two of which are significant.  Since this is a post-
freeze bugfix update, I've taken to using the same level of detail in debian/
changelog that I've used for the stretch pu uploads that we've been doing
(3.1.6, 3.1.8, and 3.1.9).

These are all good bug fixes to have.  The broken DANE trust anchor file
support is a serious regression in it's own right and the
reject_multi_recipient_bounce bug, while not new, seems to be more frequent or
more visible with BDAT.

Thanks for considering,

Scott K

unblock postfix/3.4.4-1
diff -Nru postfix-3.4.1/debian/changelog postfix-3.4.4/debian/changelog
--- postfix-3.4.1/debian/changelog	2019-03-07 21:51:20.0 -0500
+++ postfix-3.4.4/debian/changelog	2019-03-24 15:35:12.0 -0400
@@ -1,3 +1,31 @@
+postfix (3.4.4-1) unstable; urgency=medium
+
+  [Wietse Venema]
+
+  * 3.4.2
+- Bugfix (introduced: 20181226): broken DANE trust anchor
+  file support, caused by left-over debris from the 20181226
+  TLS library overhaul. Scott Kitterman. File: tls/tls_dane.c.
+  Closes: #924183
+- Bugfix (introduced: Postfix-1.0.1): null pointer read, while
+  logging a warning after a corrupted bounce log file. File:
+  global/bounce_log.c.
+- Bugfix (introduced: Postfix-2.9.0): null pointer read, while
+  logging a warning after a postscreen_command_filter read
+  error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
+  * 3.4.3
+- Bitrot: LINUX5s support, after some sanity checks with a
+  rawhide prerelease version. Files: makedefs, util/sys_defs.h.
+  Closes: #922477
+  * 3.4.4
+- Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
+  has been producing false rejects starting with the Postfix
+  2.2 smtpd_end_of_data_restrictons, and for the same reasons,
+  does the same with the Postfix 3.4 BDAT command. The latter
+  was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
+
+ -- Scott Kitterman   Sun, 24 Mar 2019 15:28:00 -0400
+
 postfix (3.4.1-1) unstable; urgency=medium
 
   [Scott Kitterman]
diff -Nru postfix-3.4.1/HISTORY postfix-3.4.4/HISTORY
--- postfix-3.4.1/HISTORY	2019-03-07 19:08:17.0 -0500
+++ postfix-3.4.4/HISTORY	2019-03-14 19:57:12.0 -0400
@@ -24169,3 +24169,29 @@
 	the same filename for a private key and certificate. Reported
 	by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
 	test. Files: tls/tls_certkey.c, tls/Makefile.in.
+
+20190310
+
+	Bitrot: LINUX5s support, after some sanity checks with a
+	rawhide prerelease version. Files: makedefs, util/sys_defs.h.
+
+	Bugfix (introduced: 20181226): broken DANE trust anchor
+	file support, caused by left-over debris from the 20181226
+	TLS library overhaul. By intrigeri. File: tls/tls_dane.c.
+
+	Bugfix (introduced: Postfix-1.0.1): null pointer read, while
+	logging a warning after a corrupted bounce log file. File:
+	global/bounce_log.c.
+
+	Bugfix (introduced: Postfix-2.9.0): null pointer read, while
+	logging a warning after a postscreen_command_filter read
+	error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
+
+20190312
+
+	Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
+	has been producing false rejects starting with the Postfix
+	2.2 smtpd_end_of_data_restrictons, and for the same reasons,
+	does the same with the Postfix 3.4 BDAT command. The latter
+	was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
+
diff -Nru postfix-3.4.1/makedefs postfix-3.4.4/makedefs
--- postfix-3.4.1/makedefs	2019-02-10 18:11:21.0 -0500
+++ postfix-3.4.4/makedefs	2019-03-10 19:42:59.0 -0400
@@ -557,7 +557,7 @@
 		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
 		: ${PLUGIN_LD="${CC-gcc} -shared"}
 		;;
-  Linux.[34].*)	SYSTYPE=LINUX$RELEASE_MAJOR
+ Linux.[345].*)	SYSTYPE=LINUX$RELEASE_MAJOR
 		case "$CCARGS" in
 		 *-DNO_DB*) ;;
 		 *-DHAS_DB*) ;;
diff -Nru postfix-3.4.1/src/global/bounce_log.c postfix-3.4.4/src/global/bounce_log.c
--- postfix-3.4.1/src/global/bounce_log.c	2014-12-06 20:35:33.0 -0500
+++ postfix-3.4.4/src/global/bounce_log.c	2019-03-10 17:08:20.0 -0400
@@ -264,7 +264,7 @@
 	recipient = cp + 1;
 	if ((cp = strstr(recipient, ">: ")) == 0) {
 	msg_warn("%s: malformed record: %.30s...",
-		 VSTREAM_PATH(bp->fp), cp);
+		 VSTREAM_PATH(bp->fp), recipient - 1);
 	continue;
 	}
 	*cp = 0;
diff -Nru postfix-3.4.1/src/global/mail_version.h postfix-3.4.4/src/global/mail_version.h

Bug#923330: jajuk: Fails to start with Java Runtime Environment 1.7 minimum required. You use a JVM ext.JVM@23fc625e

[Bertrand Florat]

Hi,

FYI, the develop branch of jajuk works with the revival of substance 
(radiance), it works for instance with radiance-substance 2.0.1.

See https://github.com/kirill-grouchnikov/radiance

Regards,

Bertrand

On 24/03/2019 18:14, Markus Koschany wrote:

Hi Andreas,

Am 24.03.19 um 18:09 schrieb Andreas Tille:

Hi Markus,

you have set this bug pending but the fix seems not to be uploaded until
now.  The package would have been removed from testing without my ping
of the bug (which is the only thing I intend to do here.

Kind regards

   Andreas.

I removed the pending tag shortly after I discovered another problem
with jajuk. The reported error can be easily fixed but the underlying
issue is related to the substance library. If nobody can fix the null
pointer exception, then the removal from testing is correct.

Regards,

Markus



--
_
Bertrand FLORAT
Ingénieur IT indépendant
06 52 19 16 11
http://www.florat.net
__

Bug#925417: ITP: kallisto -- near-optimal RNA-Seq quantification

[Andreas Tille]

Package: wnpp
Severity: wishlist

Subject: ITP: kallisto -- near-optimal RNA-Seq quantification
Package: wnpp
Owner: Andreas Tille 
Severity: wishlist

* Package name: kallisto
  Version : 0.45.1
  Upstream Author : Nicolas Bray, Harold Pimentel, Páll Melsted and Lior Pachter
* URL : https://pachterlab.github.io/kallisto
* License : BSD-2-Clause
  Programming Lang: C
  Description : near-optimal RNA-Seq quantification
 Kallisto is a program for quantifying abundances of transcripts from
 RNA-Seq data, or more generally of target sequences using high-throughput
 sequencing reads. It is based on the novel idea of pseudoalignment for
 rapidly determining the compatibility of reads with targets, without the
 need for alignment. On benchmarks with standard RNA-Seq data, kallisto
 can quantify 30 million human reads in less than 3 minutes on a Mac
 desktop computer using only the read sequences and a transcriptome index
 that itself takes less than 10 minutes to build. Pseudoalignment of
 reads preserves the key information needed for quantification, and
 kallisto is therefore not only fast, but also as accurate than existing
 quantification tools. In fact, because the pseudoalignment procedure is
 robust to errors in the reads, in many benchmarks kallisto significantly
 outperforms existing tools.

Remark: This package is maintained by Debian Med Packaging Team at
   https://salsa.debian.org/med-team/kallisto

Bug#911638: gwenview: missing Breaks+Replaces: gwenview-i18n

[Andreas Beckmann]

Followup-For: Bug #911638
Control: tag -1 patch pending

Hi,

I just uploaded a NMU (diff attached) to DELAYED/5 to get this bug fixed
in buster.


Andreas
diff -Nru gwenview-18.04.0/debian/changelog gwenview-18.04.0/debian/changelog
--- gwenview-18.04.0/debian/changelog   2018-04-23 06:56:17.0 +0200
+++ gwenview-18.04.0/debian/changelog   2019-03-24 16:07:37.0 +0100
@@ -1,3 +1,10 @@
+gwenview (4:18.04.0-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add Breaks+Replaces against gwenview-i18n from lenny.  (Closes: #911638)
+
+ -- Andreas Beckmann   Sun, 24 Mar 2019 16:07:37 +0100
+
 gwenview (4:18.04.0-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru gwenview-18.04.0/debian/control gwenview-18.04.0/debian/control
--- gwenview-18.04.0/debian/control 2018-04-23 06:34:28.0 +0200
+++ gwenview-18.04.0/debian/control 2019-03-24 14:11:58.0 +0100
@@ -43,8 +43,8 @@
 Architecture: any
 Depends: kinit, ${misc:Depends}, ${shlibs:Depends}
 Recommends: kamera, kio-extras, qt5-image-formats-plugins
-Breaks: ${kde-l10n:all}
-Replaces: ${kde-l10n:all}
+Breaks: ${kde-l10n:all}, gwenview-i18n
+Replaces: ${kde-l10n:all}, gwenview-i18n
 Description: image viewer
  Gwenview is an image viewer, ideal for browsing and displaying a collection of
  images.  It is capable of showing images in a full-screen slideshow view and

Bug#925416: soundkonverter thinks OggVorbis files are Opus format

[Alison Chaiken]

Package: soundkonverter
Version: 3.0.1-1
Severity: normal

Dear Maintainer,

I am trying to read OggVorbis files from a CD with soundkonverter, and
it says:

---

Some files can't be decoded.
Possible solutions are listed below.

Possible solutions for opus:
In order to decode opus files, you need to install 'opusdec'.
'opusdec' is usually in the package 'opus-tools' which should be shipped with 
your distribution.

Affected files:
audiocd:/Ogg Vorbis/Track 01.ogg?device=/dev/sr0
audiocd:/Ogg Vorbis/Track 02.ogg?device=/dev/sr0
... and 51 more files

---

Thanks for maintaining the program, which I find very useful.

-- Alison Chaiken, ali...@she-devel.com


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (700, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages soundkonverter depends on:
ii  kio 5.54.1-1
ii  libc6   2.28-8
ii  libcdparanoia0  3.10.2+debian-13
ii  libkf5cddb5 4:17.08.3-3
ii  libkf5completion5   5.54.0-1
ii  libkf5configcore5   5.54.0-1
ii  libkf5configwidgets55.54.0-1
ii  libkf5coreaddons5   5.54.0-1
ii  libkf5i18n5 5.54.0-1
ii  libkf5kdelibs4support5  5.54.0-1
ii  libkf5kiocore5  5.54.1-1
ii  libkf5kiowidgets5   5.54.1-1
ii  libkf5notifications55.54.0-1
ii  libkf5service-bin   5.54.0-1
ii  libkf5service5  5.54.0-1
ii  libkf5solid55.54.0-1
ii  libkf5textwidgets5  5.54.0-1
ii  libkf5widgetsaddons55.54.0-1
ii  libkf5xmlgui5   5.54.0-1
ii  libphonon4qt5-4 4:4.10.2-1
ii  libqt5core5a5.11.3+dfsg-5
ii  libqt5gui5  5.11.3+dfsg-5
ii  libqt5widgets5  5.11.3+dfsg-5
ii  libqt5xml5  5.11.3+dfsg-5
ii  libstdc++6  8.3.0-2
ii  libtag1v5   1.11.1+dfsg.1-0.3
ii  phonon4qt5  4:4.10.2-1

Versions of packages soundkonverter recommends:
ii  cdparanoia3.10.2+debian-13
ii  faad  2.8.8-1
ii  ffmpeg7:4.1.1-1
ii  flac  1.3.2-3
ii  kio-audiocd   4:17.08.3-1
pn  mp3gain   
ii  mplayer   2:1.3.0-8+b4
ii  mppenc1.16-1.1+b1
ii  speex 1.2~rc1.2-1+b2
pn  timidity  
ii  vorbis-tools  1.4.0-11
ii  vorbisgain0.37-2+b1
ii  wavpack   5.1.0-5

soundkonverter suggests no packages.

-- no debconf information

Bug#880638: release-notes: Document apt sandbox support [buster]

[Paul Gevers]

Control: tags -1 moreinfo

Hi all,

On Tue, 12 Feb 2019 21:34:00 + Niels Thykier  wrote:
> On Fri, 03 Nov 2017 07:37:12 +0100 Niels Thykier  wrote:
> > Package: release-notes
> > Severity: wishlist
> > 
> > --- News for apt (libapt-pkg5.0 libapt-inst2.0) ---
> > apt (1.6~alpha1) unstable; urgency=medium
> > 
> >   All methods provided by apt except for cdrom, gpgv, and rsh now
> >   use seccomp-BPF sandboxing to restrict the list of allowed system
> >   calls, and trap all others with a SIGSYS signal. Three options
> >   can be used to configure this further:
> > 
> > APT::Sandbox::Seccomp is a boolean to turn it on/off
> > APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap
> > APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to 
> > allow
> > 
> >   Also, sandboxing is now enabled for the mirror method.
> > 
> >  -- Julian Andres Klode   Mon, 23 Oct 2017 01:58:18 +0200
> > 
> > 
> > Seems like it would be prudent to mention that in the release-notes
> > for buster.
> > 
> > Thanks,
> > ~Niels
> > 
> > 
> 
> Note tos self/update: The feature is (now) *off* by default (see #890489).

So, should we still mention this? At least it should only go into the
whats-new section now.

Paul




signature.asc
Description: OpenPGP digital signature

Bug#864017: release-notes: Assumes /etc/apt/sources.list is used (and not /etc/apt/sources.list.d/*.list or deb822) [general]

[Paul Gevers]

Control: tags -1 patch

On Sat, 03 Jun 2017 11:55:37 +0200 Niels Thykier  wrote:
> Package: release-notes
> Severity: minor
> 
> Justin Rye (#863975):
> > Incidentally, the release-notes mention /etc/apt/sources.list plenty
> > of times but never /etc/apt/sources.list.d/*.list files; and soon
> > we'll also have the option of deb822-style .sources files - see the
> > sources.list(5) in stretch.  We'll need to come up with a generic term
> > and use that instead; I'd suggest "APT source-list files".

I gave this a first shot. What do you think of the attached patch
(should we do this via Salsa merge requests)?

Paul


From b66a2abe7f870c75799ef5a51add26509720e927 Mon Sep 17 00:00:00 2001
From: Paul Gevers 
Date: Sun, 24 Mar 2019 20:31:48 +0100
Subject: [PATCH] Generalize use of APT source-list files

Closes: #864017
---
 en/old-stuff.dbk | 25 ++--
 en/upgrading.dbk | 74 +---
 2 files changed, 54 insertions(+), 45 deletions(-)

diff --git a/en/old-stuff.dbk b/en/old-stuff.dbk
index 0a53d737..5967ab3b 100644
--- a/en/old-stuff.dbk
+++ b/en/old-stuff.dbk
@@ -27,9 +27,9 @@ upgraded to the latest  point release.
 
 
 
-Checking your sources list
+Checking your APT source-list files
 
-If any of the lines in your /etc/apt/sources.list
+If any of the lines in your APT source-list files
 refer to stable, it effectively
 points to  already. This might not be what you want if
 you are not ready yet for the upgrade.  If you have already run
@@ -43,28 +43,35 @@ that case you will have to decide for yourself whether you want to continue or
 not.  It is possible to downgrade packages, but that is not covered here.
 
 
-Open the file /etc/apt/sources.list with your favorite
+  Open the relevant APT source-list file, e.g.
+  /etc/apt/sources.list, with your favorite
 editor (as root) and check all lines beginning with
 deb http:, deb https:,
-deb tor+http:, deb tor+https: or
-deb ftp: for a reference to
+deb tor+http:, deb tor+https:,
+deb ftp:, URIs: http:,
+URIs: https:,
+URIs: tor+http:, URIs: tor+https: or
+URIs: ftp: for a reference to
 stable.  If you find any, change
 stable to .
 
 
   
-Lines in sources.list starting with deb ftp: and pointing to debian.org
-addresses should be changed into deb http: lines.
+Lines in APT source-list files starting with deb ftp: or
+URIs: ftp:and pointing to debian.org
+addresses should be changed into deb http: lines.
   
 
 
-If you have any lines starting with deb file:, you will have
+  If you have any lines starting with deb file: or
+  URIs: file:, you will have
 to check for yourself if the location they refer to contains an
  or a  archive.
 
 
   
-Do not change any lines that begin with deb cdrom:.
+Do not change any lines that begin with deb cdrom: or
+URIs: cdrom:.
 Doing so would invalidate the line and you would have to
 run apt-cdrom again.  Do not be alarmed if a
 cdrom: source line refers to unstable.
diff --git a/en/upgrading.dbk b/en/upgrading.dbk
index b779789f..ffaba67a 100644
--- a/en/upgrading.dbk
+++ b/en/upgrading.dbk
@@ -293,7 +293,7 @@ $ apt-forktracer | sort
   package manager aptitude.  If a package is scheduled for
   removal or update in the package manager, it might negatively impact the
   upgrade procedure.  Note that correcting this is only possible if your
-  sources.list still points to 
+  APT source-list files still point to 
   and not to stable or ; see .
 
@@ -381,7 +381,7 @@ $ apt-forktracer | sort
 
 
   If there is anything you need to fix, it is best to make sure your
-  sources.list still refers to  as explained in .
 
   
@@ -389,23 +389,23 @@ $ apt-forktracer | sort
   
 The proposed-updates section
 
-  If you have listed the proposed-updates section
-  in your /etc/apt/sources.list file, you
-  should remove it from that file before attempting to upgrade your
-  system.  This is a precaution to reduce the likelihood of
-  conflicts.
+  If you have listed the proposed-updates section in
+  your APT source-list files, you should remove it from those files before
+  attempting to upgrade your system.  This is a precaution to reduce the
+  likelihood of conflicts.
 
   
 
   
 Unofficial sources
 
-  If you have any non-Debian packages on your system, you should be aware that
-  these may be removed during the upgrade because of conflicting dependencies.
-  If these packages were installed by adding an extra package archive in your
-  /etc/apt/sources.list, you should check if that archive
-  also offers packages compiled for  and change the source line accordingly
-  at the same time as your source lines for Debian packages.
+  If you have any non-Debian packages on your system, you should be aware
+  that these may be removed during the upgrade because of conflicting
+  dependencies.  If these 

Bug#924914: pcscd: socket activation masks socket

[Mathias Behrle]

* Ludovic Rousseau: " Re: Bug#924914: pcscd: socket activation masks
  socket" (Sun, 24 Mar 2019 14:58:07 +0100):

Hello,

> I fixed the problem upstream in
> https://salsa.debian.org/rousseau/PCSC/commit/d627aee864c3e9ce40e375fcc0e34a7855b6f0f1
> 
> Please confirm the fix works for you.
> It if is OK then I will make a new upstream release and then a new Debian
> package.

Yes, that's exactliy the fix I am running and that works for me.

Cheers




-- 

Mathias Behrle ✧ Debian Developer
PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
AC29 7E5C 46B9 D0B6 1C71  7681 D6D0 9BE4 8405 BBF6

Bug#925415: linux-update-symlinks(1) refers to man page that won't be in buster

[Ben Hutchings]

Package: linux-base
Version: 4.5
Severity: important

kernel-img.conf(5) is part of kernel-common, built from
kernel-package.  However kernel-package is not in a state to be
released in buster (see #925411).

Ben.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-base depends on:
ii  debconf [debconf-2.0]  1.5.71

linux-base recommends no packages.

linux-base suggests no packages.

-- debconf-show failed

Bug#924813: [Debichem-devel] Bug#924813: the error is in the libmpich-dev package

[Michael Banck]

Hi,

thanks for looking into this.

On Sun, Mar 24, 2019 at 07:48:19PM +0100, Paul Dreik wrote:
> It bugs out on the following file
> /usr/include/x86_64-linux-gnu/mpich/mpicxx.h which is supplied by the
> libmpich-dev package.
>
> // Check for incompatible GCC versions
>
> // GCC (specifically) g++ changed the calling convention
>
> // between 3.2.3 and 3.4.3 (!!)  Normally such changes
>
> // should only occur at major releases (e.g., version 3 to 4)
>
> #ifdef __GNUC__
> # if __GNUC__ >= 8
> #  if __GNUC_MINOR__ > 2 && 2 == 2
> #  error 'Please use the same version of GCC and g++ for compiling MPICH
> and user MPI programs'
> #  endif
> # endif
> #endif
>
> I believe this bug should be moved to that package instead. Is the error
> perhaps because gcc was bumped to 8.3? I wonder if it's still relevant,
> gcc 3.4.3 was released around 2004(?) or so.
>
> Commenting out the line in the above file gets bagel to build again.

This has been fixed in mpich_3.3-3 but that has not reached testing yet,
I have filed an unblock request yesterday.

I'll see about reassiging and merging this.


Michael

Bug#924135: progress

[Thomas Lange]

I've cleanuped most cvsinore content in https://deb.li/D5uF.

Still some entries left, but I don't know if this is still needs to be
merged into gitignore.

I guess we can also remove those files:

cvsup.py
cvs-revisions
Perl/Local/Cvsinfo.pm
Perl/Local/VCS_CVS.pm

Any objections? I can do the rest of the cleanup.

-- 
regards Thomas

Bug#924813: the error is in the libmpich-dev package

[Paul Dreik]

Hi,
It bugs out on the following file
/usr/include/x86_64-linux-gnu/mpich/mpicxx.h which is supplied by the
libmpich-dev package.

// Check for incompatible GCC versions

// GCC (specifically) g++ changed the calling convention

// between 3.2.3 and 3.4.3 (!!)  Normally such changes

// should only occur at major releases (e.g., version 3 to 4)

#ifdef __GNUC__
# if __GNUC__ >= 8
#  if __GNUC_MINOR__ > 2 && 2 == 2
#  error 'Please use the same version of GCC and g++ for compiling MPICH
and user MPI programs'
#  endif
# endif
#endif



I believe this bug should be moved to that package instead. Is the error
perhaps because gcc was bumped to 8.3? I wonder if it's still relevant,
gcc 3.4.3 was released around 2004(?) or so.

Commenting out the line in the above file gets bagel to build again.

Paul

Bug#905178: apt-cacher: prompting due to modified conffiles which were not modified by the user: /etc/default/apt-cacher

[Mark Hindley]

control: tags -1 pending

Bug#925383: unblock: shorewall/5.2.3.2-1

[Roberto C . Sánchez]

tags 925383 - moreinfo
thanks

On Sun, Mar 24, 2019 at 04:39:20PM +, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
> 
> On Sat, Mar 23, 2019 at 10:09:49PM -0400, Roberto C. Sanchez wrote:
> > 5.2.3.2
> > 
> > 1)  Shorewall 5.2 automatically converts and existing 'masq' file to an
> > equivalent 'snat' file. Regrettably, Shorewall 5.2.3 broke that
> > automatic update, such that the following error message was issued:
> > 
> >Use of uninitialized value $Shorewall::Nat::raw::currentline in
> >pattern match (m//) at /usr/share/shorewall/Shorewall/Nat.pm
> >line 511, <$currentfile> line nnn.
> > 
> > and the generted 'masq' file contains only initial comments.
> > 
> > That has been corrected.
> > 
> > I have attached debdiffs for all 6 packages.
> 
> It can't be unblocked until it's in unstable; are you asking for
> pre-approval? I didn't read the diffs in detail yet but it sounds like a
> fix we'd want so I suggest you go ahead and remove the moreinfo tag when
> it's ready for review.
> 
Yes, it was my intent to request pre-approval.  My apologies for the
confusion.

Regards,

-Roberto

-- 
Roberto C. Sánchez


signature.asc
Description: PGP signature

Bug#925345: unblock: libapache2-mod-auth-mellon/0.14.2-1

[Jonathan Wiltshire]

On Sun, Mar 24, 2019 at 02:34:01PM +0100, Thijs Kinkhorst wrote:
> On Sat, March 23, 2019 16:56, Jonathan Wiltshire wrote:
> > On Sat, Mar 23, 2019 at 03:00:06PM +0100, Thijs Kinkhorst wrote:
> >> Please unblock package libapache2-mod-auth-mellon
> >>
> >> The upload contains fixes for two security issues, it is a new
> >> upstream that only contains these fixes.
> >
> > Unblocked; thanks.
> 
> Thanks, can you also age it? I assumed that "urgency=high" would do this,
> but apparently it does not.

Ah yes, during freeze urgency has no effect. Aged to 2 days.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#870641: light-locker: screen stays black after closing and opening laptop lid

[Udo Richter]

One more for the mix:


I experience this behavior in most cases when light-locker kicks in as
screen saver. Closing the lid or suspending never triggers this. i965
driver on Sandybridge CPU. Ctrl-Alt-F6-F7 brings me to a
screen-is-locked display, and after some seconds, to the actual login
prompt. Bug appeared after upgrading from stretch a few months ago.


Debian/Buster, light-locker 1.8.0-3.


I tried using the keys to change screen brightness, no effect.

Bug#925414: debian-installer: fails to install on xfs

[Cyril Brulebois]

Package: debian-installer
Severity: important

[grub2 maintainers in copy.]

This is with a daily from 2019-03-24 but I'm not sure this is due to
some kernel module mismatch between d-i and the installed system…

Installing with default ext4, with or without encrypted LVM works just
fine, but grub fails when trying to install on plain xfs:

Mar 24 17:35:57 grub-installer: info: Installing grub on '/dev/sda'
Mar 24 17:35:57 grub-installer: info: grub-install does not support 
--no-floppy
Mar 24 17:35:57 grub-installer: info: Running chroot /target grub-install  
--force "/dev/sda"
Mar 24 17:35:57 grub-installer: Installing for i386-pc platform.
Mar 24 17:35:58 grub-installer: grub-install: error:
Mar 24 17:35:58 grub-installer:
Mar 24 17:35:58 grub-installer: unknown filesystem
Mar 24 17:35:58 grub-installer: .
Mar 24 17:35:58 grub-installer: error: Running 'grub-install  --force 
"/dev/sda"' failed.

dmesg & syslog attached.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


xfs-dmesg.txt.xz
Description: application/xz


xfs-syslog.txt.xz
Description: application/xz

Bug#925392: unblock: di-netboot-assistant/0.62

[Andreas B. Mundt]

Control: tag -1 - moreinfo

Dear Jonathan,

On Sun, Mar 24, 2019 at 04:29:24PM +, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
> 
> On Sun, Mar 24, 2019 at 12:23:48PM +0300, Andreas B. Mundt wrote:
> > di-netboot-assistant 0.61.  In addition, a typo has been fixed and the
> > dh compat level has been bumped with no further changes needed.
> 
> dh compat level changes aren't appropriate, please revert this.

I've reverted the bump and uploaded 0.62, sorry for underestimating
the relevance of the dh-bump.  The debdiff from the version in buster
is now the following:


diff -Nru di-netboot-assistant-0.60/config/di-sources.list 
di-netboot-assistant-0.62/config/di-sources.list
--- di-netboot-assistant-0.60/config/di-sources.list2019-03-01 
18:50:34.0 +0300
+++ di-netboot-assistant-0.62/config/di-sources.list2019-03-24 
19:57:26.0 +0300
@@ -30,22 +30,6 @@
 oldstable-gtk  i386
https://deb.debian.org/debian/dists/oldstable/main/installer-i386/current/images/
   netboot/gtk/netboot.tar.gz
 
 ### Releases by name:
-## Debian Wheezy
-wheezy amd64   
https://deb.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/ 
netboot/netboot.tar.gz
-wheezy i386
https://deb.debian.org/debian/dists/wheezy/main/installer-i386/current/images/  
netboot/netboot.tar.gz
-wheezy ia64
https://deb.debian.org/debian/dists/wheezy/main/installer-ia64/current/images/  
netboot/netboot.tar.gz
-wheezy sparc   
https://deb.debian.org/debian/dists/wheezy/main/installer-sparc/current/images/ 
netboot/boot.img
-# Graphical Installer (GTK)
-wheezy-gtk amd64   
https://deb.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/ 
netboot/gtk/netboot.tar.gz
-wheezy-gtk i386
https://deb.debian.org/debian/dists/wheezy/main/installer-i386/current/images/  
netboot/gtk/netboot.tar.gz
-
-## Debian Jessie
-jessie amd64   
https://deb.debian.org/debian/dists/jessie/main/installer-amd64/current/images/ 
netboot/netboot.tar.gz
-jessie i386
https://deb.debian.org/debian/dists/jessie/main/installer-i386/current/images/  
netboot/netboot.tar.gz
-# Graphical Installer (GTK)
-jessie-gtk amd64   
https://deb.debian.org/debian/dists/jessie/main/installer-amd64/current/images/ 
netboot/gtk/netboot.tar.gz
-jessie-gtk i386
https://deb.debian.org/debian/dists/jessie/main/installer-i386/current/images/  
netboot/gtk/netboot.tar.gz
-
 ## Debian Stretch
 stretchamd64   
https://deb.debian.org/debian/dists/stretch/main/installer-amd64/current/images/
netboot/netboot.tar.gz
 stretchi386
https://deb.debian.org/debian/dists/stretch/main/installer-i386/current/images/ 
netboot/netboot.tar.gz
@@ -133,6 +117,22 @@
 
 # Obsolete distributions (unsupported) 
 ### Old (discontinued) distributions may work with di-netboot-assistant, or 
not!
+### Debian Jessie
+#jessieamd64   
https://archive.debian.org/debian/dists/jessie/main/installer-amd64/current/images/
 netboot/netboot.tar.gz
+#jessiei386
https://archive.debian.org/debian/dists/jessie/main/installer-i386/current/images/
  netboot/netboot.tar.gz
+## Graphical Installer (GTK)
+#jessie-gtkamd64   
https://archive.debian.org/debian/dists/jessie/main/installer-amd64/current/images/
 netboot/gtk/netboot.tar.gz
+#jessie-gtki386
https://archive.debian.org/debian/dists/jessie/main/installer-i386/current/images/
  netboot/gtk/netboot.tar.gz
+#
+### Debian Wheezy
+#wheezyamd64   
http://archive.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/
  netboot/netboot.tar.gz
+#wheezyi386
http://archive.debian.org/debian/dists/wheezy/main/installer-i386/current/images/
   netboot/netboot.tar.gz
+#wheezyia64
http://archive.debian.org/debian/dists/wheezy/main/installer-ia64/current/images/
   netboot/netboot.tar.gz
+#wheezysparc   
http://archive.debian.org/debian/dists/wheezy/main/installer-sparc/current/images/
  netboot/boot.img
+## Graphical Installer (GTK)
+#wheezy-gtkamd64   
http://archive.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/
  netboot/gtk/netboot.tar.gz
+#wheezy-gtki386
http://archive.debian.org/debian/dists/wheezy/main/installer-i386/current/images/
   netboot/gtk/netboot.tar.gz
+#
 ### Debian Squeeze
 #squeeze   amd64   
http://archive.debian.org/debian/dists/squeeze/main/installer-amd64/current/images/
 netboot/netboot.tar.gz
 #squeeze   i386
http://archive.debian.org/debian/dists/squeeze/main/installer-i386/current/images/
  netboot/netboot.tar.gz
diff -Nru di-netboot-assistant-0.60/debian/changelog 
di-netboot-assistant-0.62/debian/changelog
--- di-netboot-assistant-0.60/debian/changelog  2019-03-01 18:50:34.0 
+0300
+++ di-netboot-assistant-0.62/debian/changelog  2019-03-24 19:57:26.0 
+0300
@@ -1,3 +1,19 @@
+di-netboot-assistant (0.62) unstable; urgency=medium
+
+   * 

Bug#925409: unblock: systemd/241-2

[Cyril Brulebois]

Hi,

Michael Biebl  (2019-03-24):
> This version has a couple of fixes we'd like to see land in buster.
> The package has been in unstable without a reported regression.
[…]
> CCed debian-boot/kibi for the udeb unblock

There seem to be no new failures with the dailies, so no objection.

As usual, thanks for the poke.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#923330: jajuk: Fails to start with Java Runtime Environment 1.7 minimum required. You use a JVM ext.JVM@23fc625e

[Markus Koschany]

Hi Andreas,

Am 24.03.19 um 18:09 schrieb Andreas Tille:
> Hi Markus,
> 
> you have set this bug pending but the fix seems not to be uploaded until
> now.  The package would have been removed from testing without my ping
> of the bug (which is the only thing I intend to do here.
> 
> Kind regards
> 
>   Andreas.

I removed the pending tag shortly after I discovered another problem
with jajuk. The reported error can be easily fixed but the underlying
issue is related to the substance library. If nobody can fix the null
pointer exception, then the removal from testing is correct.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#925337: webext-ublock-origin: deactivated with Firefox 66

[Olivier]

Hello,

I just found out that the manifest.json in webext-ublock-origin contains an 
incorrect value. The value 'split' of 'incognito' is not supported in Firefox 
(https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/
manifest.json/incognito).
After removing it, the Ublock extension is back.

Regards
Olivier

Bug#923330: jajuk: Fails to start with Java Runtime Environment 1.7 minimum required. You use a JVM ext.JVM@23fc625e

[Andreas Tille]

Hi Markus,

you have set this bug pending but the fix seems not to be uploaded until
now.  The package would have been removed from testing without my ping
of the bug (which is the only thing I intend to do here.

Kind regards

  Andreas.

-- 
http://fam-tille.de

Bug#864827: Whither Zotero 5?

[Sébastien Villemot]

Le dimanche 24 mars 2019 à 05:52 -0400, Borden Rhodes a écrit :
> For the benefit of those of us less technically astute, what exactly
> is preventing Zotero 5 from being packaged and loaded into unstable
> or
> experimental?

The main reason is lack of manpower (a lot of work in the Javascript
packages need to happen first).

-- 
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  http://sebastien.villemot.name
⠈⠳⣄  http://www.debian.org


signature.asc
Description: This is a digitally signed message part

Bug#925383: unblock: shorewall/5.2.3.2-1

[Jonathan Wiltshire]

Control: tag -1 moreinfo

On Sat, Mar 23, 2019 at 10:09:49PM -0400, Roberto C. Sanchez wrote:
> 5.2.3.2
> 
> 1)  Shorewall 5.2 automatically converts and existing 'masq' file to an
> equivalent 'snat' file. Regrettably, Shorewall 5.2.3 broke that
> automatic update, such that the following error message was issued:
> 
>Use of uninitialized value $Shorewall::Nat::raw::currentline in
>pattern match (m//) at /usr/share/shorewall/Shorewall/Nat.pm
>line 511, <$currentfile> line nnn.
> 
> and the generted 'masq' file contains only initial comments.
> 
> That has been corrected.
> 
> I have attached debdiffs for all 6 packages.

It can't be unblocked until it's in unstable; are you asking for
pre-approval? I didn't read the diffs in detail yet but it sounds like a
fix we'd want so I suggest you go ahead and remove the moreinfo tag when
it's ready for review.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925413: RM: src:libthrift-java -- RoM; obsolete

[GCS]

Package: ftp.debian.org
Severity: normal

Hi FTP Masters,

Released in February, 2014 it's already five years old. Upstream has
three major and several minor releases since then. It is highly
obsoleted and shouldn't be part of Buster either.
Should be provided by src:thrift in the future to be in sync with
other language bindings of Thrift.

Regards,
Laszlo/GCS

Bug#925412: RM: src:linux-patch-grsecurity2 -- RoM; upstream closed, obsolete

[GCS]

Package: ftp.debian.org
Severity: normal

Hi FTP Masters,

GRSecurity was never open source project in all aspects. For a while,
it's only available for a subscription fee for customers.
This older patch is for kernel versions that shouldn't be used anymore.

Regards,
Laszlo/GCS

Bug#782644: Re : Bug#782644: Re : Bug#782644: Re : Bug#782644: Re : Bug#782644: xscreensaver always rejects my password

[nicolas . patrois]

Le 24/03/2019 16:17:24, Tormod Volden a écrit :

> Ah, that's likely the culprit: It is not readable by the shadow group.
> Please try:
>  sudo chgrp shadow /etc/shadow

Done.

nicolas patrois : pts noir asocial
-- 
RÉALISME

M : Qu'est-ce qu'il nous faudrait pour qu'on nous considère comme des humains ? 
Un cerveau plus gros ?
P : Non... Une carte bleue suffirait...

Bug#925392: unblock: di-netboot-assistant/0.61

[Jonathan Wiltshire]

Control: tag -1 moreinfo

On Sun, Mar 24, 2019 at 12:23:48PM +0300, Andreas B. Mundt wrote:
> di-netboot-assistant 0.61.  In addition, a typo has been fixed and the
> dh compat level has been bumped with no further changes needed.

dh compat level changes aren't appropriate, please revert this.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#864035: deb.debian.org should be used throughout

[Paul Gevers]

Control: tags -1 patch

Hi Adrian, all,

On 23-03-2019 22:29, Paul Gevers wrote:
> On Sat, 03 Jun 2017 17:14:18 +0300 Adrian Bunk  wrote:
>> "4.3.1. Adding APT Internet sources" is using mirrors
>> instead of deb.debian.org which should be used by default
>> (see section 2.2.5.).
> 
> Do we recommend using deb.debian.org as the default in
> /etc/apt/sources.list (I think so)? If so, is that documented somewhere?
> 
> I think people that upgrade may have older entries and I think we should
> suggest them to migrate, no? Where to find an authoritative answer?

What do you think of the attached patch?

Paul
From 92aa94112368b4fcc69218fcba3507b25d42af21 Mon Sep 17 00:00:00 2001
From: Paul Gevers 
Date: Sun, 24 Mar 2019 17:19:40 +0100
Subject: [PATCH] Recommend use of deb.debian.org instead of the mirrors

Closes: #864035
---
 en/upgrading.dbk  | 44 
 release-notes.ent |  1 -
 2 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/en/upgrading.dbk b/en/upgrading.dbk
index b779789f..f64458ca 100644
--- a/en/upgrading.dbk
+++ b/en/upgrading.dbk
@@ -476,14 +476,33 @@ $ apt-forktracer | sort
 
   
 Adding APT Internet sources
-
-  TODO: [elbrus, 2019]: we now have deb.debian.org. This section could do with
-  some minor updates regarding using that.
-
 
-  The default configuration is set up for installation from the main Debian Internet
-  servers, but you may wish to modify /etc/apt/sources.list
-  to use other mirrors, preferably a mirror that is closest to you in network terms.
+  The default configuration is set up for installation from the 
+  apt CDN service, so on new installations you should always be getting
+  packages from a server near you. As this is a relative new service, you
+  may have configuration that still points to one of the main 
+  Internet servers or one of the mirrors. If you haven't done so yet, it is
+  recommended to switch over to the use of the CDN service in your apt
+  configuration.
+
+
+  To use the CDN service with apt,
+  you add this line to your /etc/apt/sources.list file
+  (assuming you are using main and
+  contrib):
+
+deb http://deb.debian.org/debian  main contrib
+
+  After adding your new sources, disable the previously existing
+  deb lines in
+  sources.list by placing a hash sign
+  (#) in front of them.
+
+
+  Normally using the CDN service provides you with the best performance,
+  however you may wish to modify sources.list to use
+  one of the mirrors, preferably a mirror that is closest to you in network
+  terms.
 
 
   Debian mirror addresses can be found at 
 
-  To use this mirror with apt, you add this line to your
-  sources.list file:
+  To use this mirror with apt, you
+  add this line to your sources.list file (again,
+  assuming you are using main and
+  contrib):
 
 deb /debian  main contrib
 
@@ -511,9 +532,8 @@ $ apt-forktracer | sort
   after the release name are used to expand the path into multiple directories.
 
 
-  After adding your new sources, disable the previously existing
-  deb lines in sources.list by placing a
-  hash sign (#) in front of them.
+  Again, after adding your new sources, disable the previously existing
+  deb lines.
 
   
 
diff --git a/release-notes.ent b/release-notes.ent
index 6d350512..7cbb2bee 100644
--- a/release-notes.ent
+++ b/release-notes.ent
@@ -46,7 +46,6 @@ Remember, this is XML; the *first* definition of an ENTITY wins.
 https://lists.debian.org/;>
 https://www.debian.org/distrib/ftplist;>
 
-
 http://mirrors.kernel.org;>
 http://www.oftc.net/;>
 
-- 
2.20.1



signature.asc
Description: OpenPGP digital signature

Bug#782644: Re : Bug#782644: Re : Bug#782644: Re : Bug#782644: xscreensaver always rejects my password

[Tormod Volden]

On Sun, Mar 24, 2019 at 4:45 PM nicolas.patrois wrote:
>
> Le 24/03/2019 14:22:53, Tormod Volden a écrit :
> > Is your /etc/shadow readable by the shadow group and your
> > /sbin/unix_chkpwd setgid shadow?
>
> I think so:
>
> > ll /etc/shadow
> -rw-r- 1 root root 2512 févr. 11 19:57 /etc/shadow

Ah, that's likely the culprit: It is not readable by the shadow group.
Please try:
 sudo chgrp shadow /etc/shadow

> > ll /sbin/unix_chkpwd
> -rwxr-sr-x 1 root shadow 38620 févr. 14 08:08 /sbin/unix_chkpwd

Bug#925178: closed by Utkarsh Gupta (Bug#925178: fixed in ruby-globalid 0.4.2-1)

[Paul Gevers]

Hi all,

On 24-03-2019 07:21, Debian Bug Tracking System wrote:
>  ruby-globalid (0.4.2-1) unstable; urgency=medium
>  .
>* Team upload
>* New upstream version 0.4.2
>* Add patch to fix regression (Closes: #925178)
>* Drop patches that are merged in upstream
>* Bump debhelper compatibility level to 11
>* Bump Standards-Version to 4.3.0 (no changes needed)
>* Fix insecure URL

Thanks for the quick fix for this issue. However, due to the new
upstream version and the debhelper compatibility bump this version is
not eligible [1] for an unblock for buster.

Did rails 2:5.2.2.1+dfsg-1 break ruby-globalid or did it only break the
autopkgtest of it? I'm asking because this version of rails is fixing a
CVE's which we want in buster, but the autopkgtest failure (and the
freeze) is blocking it.

Paul

[1] https://release.debian.org/buster/freeze_policy.html



signature.asc
Description: OpenPGP digital signature

Bug#782644: Re : Bug#782644: Re : Bug#782644: Re : Bug#782644: xscreensaver always rejects my password

[nicolas . patrois]

Le 24/03/2019 14:22:53, Tormod Volden a écrit :

> It is strange that the errors are different in the two cases - I
> suppose this is two attempts at :31 and :47?.

Yes.

> Is your /etc/shadow readable by the shadow group and your
> /sbin/unix_chkpwd setgid shadow?

I think so:

> ll /etc/shadow
-rw-r- 1 root root 2512 févr. 11 19:57 /etc/shadow
> ll /sbin/unix_chkpwd
-rwxr-sr-x 1 root shadow 38620 févr. 14 08:08 /sbin/unix_chkpwd

nicolas patrois : pts noir asocial
-- 
RÉALISME

M : Qu'est-ce qu'il nous faudrait pour qu'on nous considère comme des humains ? 
Un cerveau plus gros ?
P : Non... Une carte bleue suffirait...

Bug#925411: kernel-package: Not suitable for release

[Ben Hutchings]

Package: kernel-package
Version: 13.018+nmu1
Severity: serious

I discussed the state of kernel-package with Manoj and we agreed (see
below) that it is not currently in a state suitable for release.

Ben.

---
From: Manoj Srivastava 
Date: Thu, 7 Mar 2019 23:15:30 -0800
Message-ID: 
To: Masahiro Yamada 
Cc: Ben Hutchings ,  Linux Kbuild mailing list
 , Liz Zhang ,  Lili
 Deng , Riku Voipio ,  Michal
 Marek ,  Linux Kernel Mailing List
 
Subject: Re: [PATCH] kbuild: add workaround for Debian make-kpkg


Hi,

   Well, if there are users, then I'll file the return bug, but I'll take a
look to see how but rooted this is, and perhaps even try building personal
imaged Deb packages again (I stopped doing that)

   If should not go into buster in it's current state. It should be killed
dead of it can't be brought back to a working state.

   Manoj

On Thu, Mar 7, 2019, 10:43 PM Masahiro Yamada 
wrote:

> On Fri, Mar 8, 2019 at 6:56 AM Ben Hutchings  wrote:
> >
> > On Wed, 2019-03-06 at 22:48 -0800, Manoj Srivastava wrote:
> > > Hi,
> > >
> > >   Does this have any users?
>
> Recently, I received a regression report.
> So, yes. There are users.
>
>
> > > I can take a stand at making it work, but I am
> > > unsure of there are enough people interested in make-kpkg anymore to
> make
> > > it worthwhile.
> > >
> > >   There is a man pager that might be of minor interest, but that can be
> > > taken over by the kernel team if they want
>
> I do not want to maintain the dying package.
>
>
>
> > [...]
> >
> > I assume you're referring to kernel-img.conf.  I would be happy to add
> > that to linux-base, with some clarification of which settings are
> > understood by which packages.
> >
> > I take it that you don't want kernel-package to be included in buster,
> > so can you open an RC bug to say so?
>
> Also, could you make sure it won't come back to bullseye or later ?
>
> How about Ubuntu? Is it out of your control?
>
>
>
> > Ben.
> >
> > --
> > Ben Hutchings
> > friends: People who know you well, but like you anyway.
> >
> >
>
>
> --
> Best Regards
> Masahiro Yamada
>


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kernel-package depends on:
ii  bc   1.07.1-2+b1
ii  binutils 2.31.1-15
ii  build-essential  12.6
ii  bzip21.0.6-9
ii  dpkg-dev 1.19.5
ii  file 1:5.35-4
ii  gettext  0.19.8.1-9
ii  kmod 26-1
ii  lzma 9.22-2.1
ii  po-debconf   1.0.21
ii  xmlto0.0.28-2.1
ii  xz-utils [lzma]  5.2.4-1

Versions of packages kernel-package recommends:
ii  cpio   2.12+dfsg-6
pn  docbook-utils  
ii  kernel-common  13.018+nmu1
pn  uboot-mkimage  

Versions of packages kernel-package suggests:
ii  libncurses-dev  6.1+20181013-2
pn  linux-source

-- debconf-show failed

Bug#925410: Translations of redirect page

[gusnan]

package: www.debian.org
severity: minor
thanks

On Sat, 23 Mar 2019 08:39:35 +0100,
Laura Arjona Reina wrote:

>Hi Andreas
>
>
>El 22/3/19 a las 18:03, Andreas Ronnquist escribió:
>> Hi!
>> 
>> I have "translated" the redirect in w.d.o/doc/cvs to Swedish - that
>> is
>> - copied the single line header, and added a translation-check to the
>> Swedish version.
>> 
>> This gives a Swedish version, but I see that the actual redirect
>> message isn't translated - and searching for it in the po folder
>> gives no results.
>> 
>> I have found that the original message looks like to be in
>> 
>> english/template/debian/redirect.wml
>> 
>> and in  tags, but I cannot find where I am supposed to add
>> the translation.
>> 
>> For reference: https://www.debian.org/doc/cvs.sv.html
>> 
>> How is this translation supposed to be added?  
>
>I have added the template file redirect.wml to the Makefile in
>/english/po/Makefile so the strings are included/updated in
>templates.pot when we make "make pot".
>
>Then I updated the language templates and committed.
>
>The new string to translate should appear in your templates.sv.po when
>you make "make update-po" in your /po folder.
>
>Kind regards
>> 

Unfortunately this seems like it isn't enough - I have translated the
string for Swedish, but still the message is presented in English. (See
the link above to see for yourself).

Converted to a bug-report, to easier track.

As said, I don't see this as a pressing matter, and I fully understand
if it is lower on priority-lists.

thanks for all your work!
-- Andreas Rönnquist
mailingli...@gusnan.se
andr...@ronnquist.net
gus...@debian.org

Bug#768858: [Pkg-anonymity-tools] Bug#768858: torbrowser-launcher: html5 audio does not work

[Mike Gabriel]

Hi,

On  So 24 Mär 2019 15:48:37 CET, intrigeri wrote:


Hi Mike,

Mike Gabriel:

After adding that and also commenting out the audio related lines in
/etc/apparmor.d/torbrowser.Browser.plugin-container that are already
present in recent torbrowser-launcher package, audio played fine in
torbrowser.


Thank you. I've added this to my list for the Paris BSP next week-end :)

Cheers,


Nice + Thanks for the quick response.

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpZIhu51ur1T.pgp
Description: Digitale PGP-Signatur

Bug#925409: unblock: systemd/241-2

[Michael Biebl]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package systemd

This version has a couple of fixes we'd like to see land in buster. The
package has been in unstable without a reported regression.

The changelog is

systemd (241-2) unstable; urgency=medium

  [ Martin Pitt ]
  * debian/tests/boot-smoke: Create journal and udevdb artifacts on all
failures
  * autopkgtests: Replace obsolete $ADT_* variables
  * networkd-test: Ignore failures of test_route_only_dns* in containers.
This test exposes a race condition when running in LXC, see issue #11848
for details. Until that is understood and fixed, skip the test as it's
not a recent regression. (Closes: #924539)
  * Bump Standards-Version to 4.3.0.
No changes necessary.
  * debian/tests/boot-smoke: Only check current boot for connection timeouts.
Otherwise we'll catch some
Failed to resolve group 'render': Connection timed out
messages that happen in earlier boots during VM setup, before the
"render" group is created.
Fixes https://github.com/systemd/systemd/issues/11875
  * timedated: Fix emitted value when ntp client is enabled/disabled.
Fixes a regression introduced in 241.
  * debian/tests/timedated: Check enabling/disabling NTP.
Assert that `timedatectl set-ntp` correctly controls the service, sets
the `org.freedesktop.timedate1 NTP` property, and sends the right
`PropertiesChanged` signal.
This reproduces  and
also the earlier .

  [ Michael Biebl ]
  * Disable fallback DNS servers in resolved (Closes: #923081)
  * cgtop: Fix processing of controllers other than CPU (Closes: #921280)
  * udev: Restore debug level when logging a failure in the external prog
called by IMPORT{program} (Closes: #924199)
  * core: Remove "." path components from required mount paths.
Fixes mount related failures when a user's home directory contains "/./"
(Closes: #923881)
  * udev.init: Use new s-s-d --notify-await to start udev daemon.
Fixes a race condition during startup under SysV init.
Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version
of start-stop-daemon which supports --notify-await is installed.
(Closes: #908796)
  * Make /dev/dri/renderD* accessible to group "render"
Follow upstream and make render nodes available to a dedicated system
group "render" instead of "video". Keep the uaccess tag for local,
active users.

 -- Michael Biebl   Fri, 15 Mar 2019 18:33:54 +0100


CCed debian-boot/kibi for the udeb unblock


unblock systemd/241-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#768858: [Pkg-anonymity-tools] Bug#768858: torbrowser-launcher: html5 audio does not work

[intrigeri]

Hi Mike,

Mike Gabriel:
> After adding that and also commenting out the audio related lines in 
> /etc/apparmor.d/torbrowser.Browser.plugin-container that are already 
> present in recent torbrowser-launcher package, audio played fine in 
> torbrowser.

Thank you. I've added this to my list for the Paris BSP next week-end :)

Cheers,
-- 
intrigeri

Bug#925386: release.debian.org: unblock: ruby-classifier 1.3.4-3

[Paul Gevers]

Control: tags -1 moreinfo

Hi Youhei,

On 24-03-2019 08:09, Youhei SASAKI wrote:
> Dear Release team, please unblock package ruby-classifier:
>  - Fix Vcs-field, use salsa
>  - Bump Standard Version: 4.3.0
>  - Bump compat 11
> 
> debdiff attached.

You forgot to include it, and your description is not complete. Looking
at the current changes, I don't see anything warranting an unblock. And
for sure bumping compat level at this stage is not acceptable. Please
read https://release.debian.org/buster/freeze_policy.html and see if you
want to close this bug, or convince us.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#768858: [Pkg-anonymity-tools] Bug#768858: torbrowser-launcher: html5 audio does not work

[Mike Gabriel]

Hi intrigeri,

On Sat, 15 Nov 2014 12:04:13 +0100 intrigeri  wrote:
> Control: tag -1 - moreinfo
>
> Γιώργος Πάλλας wrote (11 Nov 2014 19:17:52 GMT) :
> > Cool, I followed your hint and I just uncommented the following 
line in the apparmor

> > profile you mentioned.
>
> > #include 
>
> > Then a
> > systemctl restart apparmor
> > and htm5 audio fully working!
>
> Thanks for reporting back.
>
> > Now about the bug, I don't know how it should be handled...
>
> Let's just leave it open, as a wishlist bug tagged upstream, until
> someone comes up with a security analysis and possibly patches.
>
> Cheers,
> --
> intrigeri

I just upgraded my daily work system to buster and encountered problems 
with playing audio via html5 web-content. That is torbrowser-launcher 
0.3.1-2.


I encountered that /etc/apparmor.d/torbrowser.Browser.firefox also needs 
this line added (likely commented out by default):


```
include 
```

After adding that and also commenting out the audio related lines in 
/etc/apparmor.d/torbrowser.Browser.plugin-container that are already 
present in recent torbrowser-launcher package, audio played fine in 
torbrowser.


Thanks+Greets,
Mike

Bug#782644: Re : Bug#782644: Re : Bug#782644: xscreensaver always rejects my password

[Tormod Volden]

On Wed, Feb 27, 2019 at 3:36 PM nicolas patrois wrote:
>
> I have this for example:
> Feb  2 17:57:22 nicolas unix_chkpwd[10736]: check pass; user unknown
> Feb  2 17:57:31 nicolas unix_chkpwd[10743]: check pass; user unknown
> Feb  2 17:57:31 nicolas unix_chkpwd[10743]: password check failed for user 
> (nicolas)
> Feb  2 17:57:31 nicolas xscreensaver: pam_unix(xscreensaver:auth): 
> authentication failure; logname= uid=1000 euid=1000 tty=:0.0 ruser= rhost=  
> user=nicolas
> Feb  2 17:57:31 nicolas xscreensaver: pam_winbind(xscreensaver:auth): getting 
> password (0x0388)
> Feb  2 17:57:31 nicolas xscreensaver: pam_winbind(xscreensaver:auth): 
> pam_get_item returned a password
> Feb  2 17:57:31 nicolas xscreensaver: pam_winbind(xscreensaver:auth): 
> internal module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'nicolas')
> Feb  2 17:57:32 nicolas xscreensaver[3516]: FAILED LOGIN 1 ON DISPLAY ":0.0", 
> FOR "nicolas"
> Feb  2 17:57:34 nicolas unix_chkpwd[10744]: check pass; user unknown
> Feb  2 17:57:47 nicolas xscreensaver[3516]: pam_unix(xscreensaver:auth): 
> conversation failed
> Feb  2 17:57:47 nicolas xscreensaver[3516]: pam_unix(xscreensaver:auth): auth 
> could not identify password for [nicolas]
> Feb  2 17:57:47 nicolas xscreensaver[3516]: pam_winbind(xscreensaver:auth): 
> getting password (0x0388)
> Feb  2 17:57:47 nicolas xscreensaver[3516]: pam_winbind(xscreensaver:auth): 
> Could not retrieve user's password
> Feb  2 17:57:48 nicolas unix_chkpwd[10756]: check pass; user unknown
>

It is strange that the errors are different in the two cases - I
suppose this is two attempts at :31 and :47?.

Is your /etc/shadow readable by the shadow group and your
/sbin/unix_chkpwd setgid shadow?

Tormod

Bug#925408: needrestart: false positive: gnome-session-binary, gnome-shell

[Donald Pellegrino]

Package: needrestart
Version: 3.4-1
Severity: normal

Dear Maintainer,

After a reboot of the system, followed by a graphical login to GNOME
desktop, running GNOME Terminal and "$ sudo needrestart" gives the
following output:

---

Scanning processes...
Scanning candidates...
Scanning linux images...

Running kernel seems to be up-to-date.

Failed to check for processor microcode upgrades.

No services need to be restarted.

No containers need to be restarted.

User sessions running outdated binaries:
 don @ session #2: gnome-session-b[1126], gnome-shell[1198]

---

This appears to be a false positive report of gnome-session-binary and
gnome-session as outdated binaries. Since the system had just been
restarted, these should be up-to-date binaries.


-- Package-specific info:
needrestart output:
Your outdated processes:
firefox-esr[1944], gnome-shell[1198]



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/3 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages needrestart depends on:
ii  binutils   2.31.1-15
ii  dpkg   1.19.5
ii  gettext-base   0.19.8.1-9
ii  libintl-perl   1.26-2
ii  libmodule-find-perl0.13-1
ii  libmodule-scandeps-perl1.27-1
ii  libproc-processtable-perl  0.56-1
ii  libsort-naturally-perl 1.03-2
ii  libterm-readkey-perl   2.38-1
ii  perl   5.28.1-4
ii  xz-utils   5.2.4-1

Versions of packages needrestart recommends:
ii  libpam-systemd  241-1

Versions of packages needrestart suggests:
pn  iucode-tool  
pn  needrestart-session | libnotify-bin  

-- no debconf information

Bug#925400: Processed: Bug#925400: ITP: q2cli -- Click-based command line interface for QIIME 2

[Andreas Tille]

Dear Liubov,

On Sun, Mar 24, 2019 at 12:30:03PM +, Debian Bug Tracking System wrote:
> > owner 925400 Debian Med team 
> Bug #925400 [wnpp] ITP: q2cli -- Click-based command line interface for QIIME 
> 2
> Owner changed from Liubov Chuprikova  to Debian Med 
> team .
 
While I think there is no harm done by changing the owner of this ITP
bug its rather unusual.  The changelog entry which will close the bug
mentions your ID - so that ITP bug belongs to you and is closed by you.

Just let me know if you consider the package ready for upload

 Andreas.

-- 
http://fam-tille.de

Bug#924914: pcscd: socket activation masks socket

[Ludovic Rousseau]

Le 18/03/2019 à 20:47, Mathias Behrle a écrit :

* Ludovic Rousseau: " Re: Bug#924914: pcscd: socket activation masks
   socket" (Mon, 18 Mar 2019 18:42:21 +0100):

Hello Ludovic,


Hello,

Sorry for the delay. Your email was in the gmail spam folder :-(


Le 18/03/2019 à 11:40, Mathias Behrle a écrit :

Package: pcscd
Version: 1.8.24-1
Severity: important
Tags: patch

Dear Maintainer,


Hello,


pcscd.socket masks the socket of pcscd, which is then not available for
programs needing it (e.g. can easily reproduced by running pcsc_scan).


What are the steps to reproduce the problem?


I am running pcscd inside an LXC container (container is buster, host is
jessie). There is no problem when starting pcscd from command line: it creates
the socket. The problem appears when started by systemd. As already said it is
easy to reproduce: pcsc_scan doesn't work.
  

The additional line

SocketMode=0666

in pcscd.socket re-instates the usual socket as usually created by
pcscd.


the socket is now created by systemd, not pcscd.
Unless you have a special configuration.


The socket is only created when SocketMode=0666 is set, otherwise there is no
socket in /var/run/pcscd. May be it is a special behavior of systemd in LXC
containers.


I fixed the problem upstream in 
https://salsa.debian.org/rousseau/PCSC/commit/d627aee864c3e9ce40e375fcc0e34a7855b6f0f1

Please confirm the fix works for you.
It if is OK then I will make a new upstream release and then a new Debian 
package.

Thanks

--
 Dr. Ludovic Rousseau

Bug#925407: openjdk-8: patches to make it build on older releases

[Thorsten Glaser]

Source: openjdk-8
Version: 8u212-b01-1
Severity: wishlist
Tags: patch

Hi doko,

I’ve rebuilt the latest openjdk-8 on precise/trusty/xenial and
wheezy/jessie (seeing you’re providing the newer releases with
updates already) and found two issues (besides the testsuite
taking ages or JAVA_HOME not being set for older jtreg):

• @bd_cross@ can evaluate to empty, causing an empty line to
  appear within the first d/control paragraph, causing breakage

• dpkg-parsechangelog --show-field is not universally supported


The following diff fixes those issues:

  * Put @bd_cross@ onto same line as @bd_nss@ in d/control.in (can be empty)
  * Determine source date using backwards-compatible dpkg-parsechangelog call

--- openjdk-8-8u212-b01/debian/control.in   2019-03-17 17:08:10.0 
+0100
+++ openjdk-8-8u212-b01/debian/control.in   2019-03-21 15:49:23.0 
+0100
@@ -14,8 +14,7 @@
   @bd_openjdk@
   @bd_zero@ @bd_shark@
   @bd_syslibs@ @bd_pulsejava@ @bd_systemtap@
-  @bd_nss@
-  @bd_cross@
+  @bd_nss@ @bd_cross@
 Standards-Version: 4.3.0
 Homepage: http://openjdk.java.net/
 Vcs-Bzr: http://bazaar.launchpad.net/~openjdk/openjdk/openjdk8
--- openjdk-8-8u212-b01/debian/rules2019-03-18 14:24:20.0 +0100
+++ openjdk-8-8u212-b01/debian/rules2019-03-21 18:16:31.0 +0100
@@ -1970,7 +1971,7 @@
 hg_tag_aarch32 = jdk8u202-b08-aarch32-190124
 hg_url_aarch32 = 
http://hg.openjdk.java.net/aarch32-port/$(hg_project_aarch32)
 origdir= ../openjdk-8-$(package_version).orig
-source_date:= $(shell dpkg-parsechangelog --show-field=Date)
+source_date:= $(shell dpkg-parsechangelog | sed -n '/^Date: 
/{s///p;q;}')
 fetch-orig:
mkdir -p $(origdir)
wget -O $(origdir)/root.tar.bz2 $(hg_url)/archive/$(hg_tag).tar.bz2


Development of this patch was sponsored by ⮡ tarent and its customers.

Bug#924496: 'realloc(): invalid next size: 0x000055a779ef2170' crash when opening iPod w/ ~12000 tracks

[Bernhard Übelacker]

Control: tags + 924496 unreproducible


Hello Fred,

Am 20.03.19 um 22:22 schrieb Fred Korz:
> I loathe Heisenbugs!  Sorry for the time waste.
> 
> I tried the same IPod on my home system which runs vanilla debian
> testing and has the same version (3.4.3-2) of rhythmbox.  I could not
> reproduce the crash. Neither the rhythm box slowness nor the apparent
> memory failure happen.

Yes, such bugs are not that much fun. ;-)


> Can this be downloaded somewhere?
> 
> The name, "rodete", is "ROlling DEbian TEsting"
...
> 
> And are there debug symbols available for installation?
> 
> Yes they are.  I've installed these debug symbol packages at work
> and will install at home tonight.

I just wanted to ask if it can be downloaded publicly,
because with access to rodete's binary and debug symbol packages,
one may be able still get some more information from the backtrace
in your first message. Because in rodete the packages seem to be rebuilt,
it's not possible to use the Debian packages.

But in this case the information retrieved that way may not be that
important, because "invalid next size" might translate to "the bug
happened already some realloc/free calls before".

Kind regards,
Bernhard

Bug#925406: plasma-widgets-addons: Dictionary needs qml-module-qtwebengine

[John Scott]

Package: plasma-widgets-addons
Version: 4:5.14.5.1-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Adding the Dictionary widget to my desktop yielded
Error loading QML file: 
file:///usr/share/plasma/plasmoids/org.kde.plasma_applet_dict/contents/ui/main.qml:5:1:
 module "QtWebEngine" is not installed.
and it didn't work. Installing qml-module-qtwebengine
and logging back in fixes it.

- -- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages plasma-widgets-addons depends on:
ii  kdeplasma-addons-data   4:5.14.5.1-1
ii  kio 5.54.1-1
ii  kpackagetool5   5.54.0-1
ii  libc6   2.28-8
ii  libkf5archive5  5.54.0-1
ii  libkf5completion5   5.54.0-1
ii  libkf5configcore5   5.54.0-1
ii  libkf5configgui55.54.0-1
ii  libkf5coreaddons5   5.54.0-1
ii  libkf5i18n5 5.54.0-1
ii  libkf5iconthemes5   5.54.0-1
ii  libkf5kiocore5  5.54.1-1
ii  libkf5kiowidgets5   5.54.1-1
ii  libkf5newstuff5 5.54.0-2
ii  libkf5newstuffcore5 5.54.0-2
ii  libkf5notifications55.54.0-1
ii  libkf5plasma5   5.54.0-1
ii  libkf5service-bin   5.54.0-1
ii  libkf5service5  5.54.0-1
ii  libkf5unitconversion5   5.54.0-1
ii  libkf5widgetsaddons55.54.0-1
ii  libkf5windowsystem5 5.54.0-1
ii  libkf5xmlgui5   5.54.0-1
ii  libqt5core5a5.11.3+dfsg-5
ii  libqt5dbus5 5.11.3+dfsg-5
ii  libqt5gui5  5.11.3+dfsg-5
ii  libqt5qml5  5.11.3-4
ii  libqt5quick55.11.3-4
ii  libqt5webengine55.11.3+dfsg-2+b1
ii  libqt5webenginecore55.11.3+dfsg-2+b1
ii  libqt5widgets5  5.11.3+dfsg-5
ii  libstdc++6  8.3.0-2
ii  plasma-dataengines-addons   4:5.14.5.1-1
ii  plasma-framework5.54.0-1
ii  plasma-workspace4:5.14.5.1-1
ii  qml-module-org-kde-draganddrop  5.54.0-1
ii  qml-module-org-kde-kcoreaddons  5.54.0-1
ii  qml-module-org-kde-kio  5.54.0-1
ii  qml-module-org-kde-purpose  5.54.0-1
ii  qml-module-qtgraphicaleffects   5.11.3-2
ii  qml-module-qtquick-controls 5.11.3-2
ii  qml-module-qtquick-layouts  5.11.3-4
ii  qml-module-qtquick-window2  5.11.3-4
ii  qml-module-qtquick2 5.11.3-4
ii  qml-module-qtwebkit 5.212.0~alpha2-20

Versions of packages plasma-widgets-addons recommends:
ii  ksysguard  4:5.14.5-1

plasma-widgets-addons suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEAXEkn09uX7g8Tv8W3qerYfa4vJcFAlyXijgACgkQ3qerYfa4
vJf+DAf/S4ConUD/MCbZ5ma0TAi8ESIsQol5+gpiJmtqeLmB6JgmohyTBR7Uic23
prwdqfc/SYF7QwNkER0c2pygymH+V4dhgMjgOw5jSJyupJFbJfYO8qrfDJ6mHZUR
kqH2EgfmsBnQJL1LSkmlxAVIxuIGtlmNUWjklZf1p+9EIJU0lZ94r1GTnV9RBa1r
ZxJv8ofyNwrCHJRqIr4A7WRLwmz+98IyRGcBwxPZKsFYGIuRutY5oysInkxrCo6s
OZIW8FwQHFjHizniHmUng25zCn20JZJCKMS3TG1bCdVYDLv1MnTIakGyqkGGmNqO
6+E2SNXWeD/34Tb9B2GXPYzsZYCB6w==
=DmbA
-END PGP SIGNATURE-

Bug#925345: unblock: libapache2-mod-auth-mellon/0.14.2-1

[Thijs Kinkhorst]

On Sat, March 23, 2019 16:56, Jonathan Wiltshire wrote:
> On Sat, Mar 23, 2019 at 03:00:06PM +0100, Thijs Kinkhorst wrote:
>> Please unblock package libapache2-mod-auth-mellon
>>
>> The upload contains fixes for two security issues, it is a new
>> upstream that only contains these fixes.
>
> Unblocked; thanks.

Thanks, can you also age it? I assumed that "urgency=high" would do this,
but apparently it does not.


Cheers,
Thijs