Bug#929245: Caja screen glitches in multihead setups

[Kathryn Tolsen]

At first glance it appears not as that issue is related to a highly obscure
remote desktop setup my issue is local on xorg and its not merely failing
to redraw on adding my two ext displays its not drawing desktop at all in
this spot and is keeping any window that is drawn there after the window is
destroyed. I will try the icon test mentioned in comments and see about
giving some visuals.. can i send screenshots or videos or should i just
link to them on my server?

On Tue, May 21, 2019, 4:42 AM Mike Gabriel 
wrote:

> HI Kathryn,
>
> On  So 19 Mai 2019 23:29:29 CEST, Kathryn Tolsen wrote:
>
> > Package: caja
> > Version 1.20.3+b1
> >
> > Upon changing displays, such as plugging in a VGA or miniDP->HDMI display
> > to my laptop, depending on the layout, some portion of one of my screens
> > will become glitched in that when a window is minimized or moved so that
> > the caja desktop is visible, the desktop shows what used to be there in
> the
> > area that is having the issue.. this does not affect or glitch any other
> > programs or windows even caja filemanager windows, its only the caja
> > desktop which is having draw issues.
> >
> > The issue is resolvable by changing the desktop background which redraws
> > the desktop, but it reoccurs every time a display is added or removed
> when
> > there are multiple displays present. I use a Lenovo Thinkpad T440 with
> two
> > additional displays (no dock).
> >
> > Basically it is as though caja is not redrawing a portion of the desktop
> > when it becomes visible.
> >
> > I don't know if this will be easily reproducible or not, as it may be
> > specific to my hardware somehow.
>
> Can you please confirm that this is a variant of upstream bug #945 [1]?
>
> Thanks,
> Mike
>
> [1] https://github.com/mate-desktop/caja/issues/945
>
>
> --
>
> DAS-NETZWERKTEAM
> c\o Technik- und Ökologiezentrum Eckernförde
> Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
> mobile: +49 (1520) 1976 148
> landline: +49 (4354) 8390 139
>
> GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
> mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
>
>

Bug#929347: ITP: python-django-modelcluster -- clusters of models as a single unit

[Michael Fladischer]

Package: wnpp
Severity: wishlist
Owner: Michael Fladischer 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-django-modelcluster
  Version : 4.4
  Upstream Author : Matthew Westcott 
* URL : https://github.com/wagtail/django-modelcluster/
* License : BSD-3-clause
  Programming Lang: Python
  Description : clusters of models as a single unit


 django-modelcluster extends Django's foreign key relations to make it possible
 to work with a 'cluster' of related objects, without necessarily holding them
 in the database. It introduces a new type of relation, ParentalKey, where the
 related models are stored locally to the 'parent' model until the parent is
 explicitly saved. Up to that point, the related models can still be accessed
 through a subset of the QuerySet API.

This is a prerequisite for wagtailcms and I intend to maintain it as part of
DPMT.

-BEGIN PGP SIGNATURE-

iQFFBAEBCgAvFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAlzk8FkRHGZsYWRpQGRl
Ymlhbi5vcmcACgkQ/9PIi5l90WpdkwgArliGcT6jN3LgX+ve257zsOsPJ5potafK
eBVZsb5Jie/UW0T5MnP22N4TcnO7eldhX9psfXZq+TMTToRiRoRJgGAI9lkJa5XX
w0M51iaBYVZh7WaibFhWjm7RRQ7fUKQiMjIqrwY7QtgQlR2/nHZ4QPGmmgCWorRD
gA3uxBMwzELBv7KWnrxGkrhgSwNPYADdoqFA/s6VQEHRRKEzhFHm6M3eyI+CAm+P
VrMAkz1M/tc2gGhI3IKAYt1puDR84ZJ3Ezz1eQxDHnJQ0Eoh59pUpDTlg9yRaJPa
eNo8aqSWqaq5PHSr8Ktzs5cn3j3yfoNF+sVg983Y2vEsTIbTBjRN3A==
=9sC9
-END PGP SIGNATURE-

Bug#929352: curl: CVE-2019-5435: Integer overflows in curl_url_set

[Salvatore Bonaccorso]

Source: curl
Version: 7.64.0-3
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for curl.

CVE-2019-5435[0]:
Integer overflows in curl_url_set

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-5435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435
[1] https://www.openwall.com/lists/oss-security/2019/05/22/2
[2] https://curl.haxx.se/docs/CVE-2019-5435.html

Please adjust the affected versions in the BTS as needed, stretch is
afaict not affected but needs to check if we backported the
introducing commit.

Regards,
Salvatore

Bug#929268: [Pkg-samba-maint] Bug#929268: More Info

[L. van Belle]

Hai, 

Ok, well if thats the case, then the patch found by mattieu) is the correct
one. 

Yes, you can disable NT1 and yes, that might block legit access also.
That depends on your setup, where do you use what? I dont know that. 

So you could wait for that or try the these settings. 

min protocol = NT1 
max protocol = SMB2

I do advice firewall the ports also, at least until the debian patch for 4.5
is in.


Best regards, 

Louis





> -Oorspronkelijk bericht-
> Van: Pkg-samba-maint 
> [mailto:pkg-samba-maint-bounces+belle=bazuin.nl@alioth-lists.d
> ebian.net] Namens rollop...@gmail.com
> Verzonden: woensdag 22 mei 2019 8:35
> Aan: 929...@bugs.debian.org
> Onderwerp: [Pkg-samba-maint] Bug#929268: More Info
> 
> For now, the problem has only occurred with servers that have 
> SMB ports
> accessible from the outside.
> I imagine that someone (suspicious) tries to access using NT1, can I
> block access using the "min protocol" option or this could block
> authorized accesses as well?
> 
> Thanks
> 
> ___
> Pkg-samba-maint mailing list
> pkg-samba-ma...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-s
> amba-maint
> 

Bug#890127: [Bug 1829987] phpldapadmin incompatible with php-7.2 in bionic

[Lars Kollstedt]

Hi again,

for Ubuntu 18.4 bionic LTS I cherry picked the following three commits from 
https://github.com/leenooks/phpLDAPadmin 
and build the appended php-7.2-compat.patch from that:
1. 
https://github.com/leenooks/phpLDAPadmin/commit/49ef60f26b78a81dbaa9727be11ee3fb8db0b5bb
2. 
https://github.com/leenooks/phpLDAPadmin/commit/73b7795bc0b232491de35dd91ad9ea86ad34eae8
3. 
https://github.com/leenooks/phpLDAPadmin/commit/e37b498de19a5301188bc8d93b0b67d7ce717d3a

That works for me on bionic.


On newer releases this should also apply but you might need additional 
commits/patches e.g.
Fix for PHP 7.3 - deprecated continue in switch
https://github.com/leenooks/phpLDAPadmin/commit/7b1f6b5132204836a75674045309edb7005b87d2


For Ubuntu 19.10 Eoan I would suggest to upgrade to a newer upstream version 
from . As far as I can see this moved 
from sourceforge to github not long ago, and the code base of phpldapadmin 
you're relaying on seems to be quite old. ;-)

I'm also crossposting this patch suggestion to the debian bug, since the debian 
packages are still containing the same issue as far as I can see. My launchpad 
Bug for this is on 
.

Kind regargs,
Lars

-- 
Lars Kollstedt

Telefon: +49 6151 16-71027
E-Mail:  l...@man-da.de

man-da.de GmbH
Dolivostraße 11
64293 Darmstadt

Sitz der Gesellschaft: Darmstadt
Amtsgericht Darmstadt, HRB 9484
Geschäftsführer: Andreas Ebertdiff -rupN phpldapadmin-1.2.2.orig/htdocs/index.php phpldapadmin-1.2.2.new/htdocs/index.php
--- phpldapadmin-1.2.2.orig/htdocs/index.php	2011-10-27 04:07:09.0 +0200
+++ phpldapadmin-1.2.2.new/htdocs/index.php	2019-05-21 16:32:31.590908479 +0200
@@ -57,6 +57,11 @@ if (defined('CONFDIR'))
 else
 	$app['config_file'] = 'config.php';
 
+if (! is_readable($app['config_file'])) {
+	if (ob_get_level()) ob_end_clean();
+	die(sprintf("Missing configuration file %s - have you created it?",$app['config_file']));
+}
+
 # Make sure this PHP install has session support
 if (! extension_loaded('session'))
 	error('Your install of PHP appears to be missing php-session support.Please install php-session support before using phpLDAPadmin.(Dont forget to restart your web server afterwards)','error',null,true);
diff -rupN phpldapadmin-1.2.2.orig/lib/functions.php phpldapadmin-1.2.2.new/lib/functions.php
--- phpldapadmin-1.2.2.orig/lib/functions.php	2019-05-21 15:55:51.0 +0200
+++ phpldapadmin-1.2.2.new/lib/functions.php	2019-05-21 16:33:19.062398072 +0200
@@ -51,7 +51,7 @@ if (file_exists(LIBDIR.'functions.custom
 /**
  * Loads class definition
  */
-function __autoload($className) {
+function pla_autoload($className) {
 	if (file_exists(HOOKSDIR."classes/$className.php"))
 		require_once(HOOKSDIR."classes/$className.php");
 	elseif (file_exists(LIBDIR."$className.php"))
@@ -66,6 +66,12 @@ function __autoload($className) {
 			'type'=>'error'));
 }
 
+if (version_compare(phpversion(), '7.0', '>=')) {
+	spl_autoload_register('pla_autoload');
+} else {
+	eval('function __autoload($className) {pla_autoload($className);}');
+}
+
 /**
  * Strips all slashes from the specified array in place (pass by ref).
  * @param Array The array to strip slashes from, typically one of
@@ -994,6 +1000,23 @@ function get_custom_file($index,$filenam
 }
 
 /**
+ * Replacement for create_function() which is deprecated as of php 7.2
+ *
+ * @param string The function arguments
+ * @param string The function code
+ */
+function pla_create_function($args, $code) {
+	if (version_compare(phpversion(),'7.0','>=')) {
+		# anonymous functions were introduced in PHP 5.3.0
+		return eval("return function(".$args."){".$code."};");
+
+	} else {
+		# create_function is deprecated in php 7.2
+		return create_function($args, $code);
+	}
+}
+
+/**
  * Sort a multi dimensional array.
  *
  * @param array Multi demension array passed by reference
@@ -1080,7 +1103,7 @@ function masort(&$data,$sortby,$rev=0) {
 
 		$code .= 'return $c;';
 
-		$CACHE[$sortby] = create_function('$a, $b',$code);
+		$CACHE[$sortby] = pla_create_function('$a, $b',$code);
 	}
 
 	uasort($data,$CACHE[$sortby]);

Bug#929348: unblock: fastqc/0.11.8+dfsg-2

[Andreas Tille]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package fastqc


I admit this upload contains a bit more than just a simple fix.  In git
we kept some trimming of trailing whitespace done by Jelmer Vernoo as
well as his fix for the secure URI in d/copyright.

Fixing the icon path in copyright as well as fixes for the syntax in
debian/upstream/metadata should be sensible changes as well we did not
want to remove from HEAD before the actual fix of bug #897109.

So please excuse these extra but non-critical changes besides the
bug fix.

Thanks for working on the Buster release

 Andreas.

unblock fastqc/0.11.8+dfsg-2

-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru fastqc-0.11.8+dfsg/debian/changelog 
fastqc-0.11.8+dfsg/debian/changelog
--- fastqc-0.11.8+dfsg/debian/changelog 2018-10-17 19:25:09.0 +0200
+++ fastqc-0.11.8+dfsg/debian/changelog 2019-05-21 22:20:32.0 +0200
@@ -1,3 +1,20 @@
+fastqc (0.11.8+dfsg-2) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Jelmer Vernooij ]
+  * Trim trailing whitespace.
+  * Use secure copyright file specification URI.
+
+  [ Michael R. Crusoe ]
+  * debian/fastqc.desktop: Update path to the icon.
+
+  [ Dylan Aïssi ]
+  * Update d/patches/htsjdk-api.patch to fix processing
+  of SAM/BAM files (Closes: #897109). Thanks to Chris Norman.
+
+ -- Dylan Aïssi   Tue, 21 May 2019 22:20:32 +0200
+
 fastqc (0.11.8+dfsg-1) unstable; urgency=medium
 
   * New upstream release.
@@ -9,7 +26,7 @@
 fastqc (0.11.7+dfsg-1) unstable; urgency=medium
 
   [ Steffen Moeller ]
-  * debian/upstream/metadata: Added references to 
+  * debian/upstream/metadata: Added references to
 OMICtools, SciCrunch, bio.tools registries
 
   [ Andreas Tille ]
@@ -63,8 +80,8 @@
 fastqc (0.11.5+dfsg-3) unstable; urgency=medium
 
   * Team upload.
- 
-  [ Canberk Koç ] 
+
+  [ Canberk Koç ]
   * Autopkgtest added
 
   [ Andreas Tille ]
@@ -138,14 +155,14 @@
 
 fastqc (0.11.2+dfsg-1) unstable; urgency=medium
 
-  * New upstream release 
+  * New upstream release
 
  -- Olivier Sallou   Mon, 09 Jun 2014 10:41:06 +0200
 
 fastqc (0.10.1+dfsg-2) unstable; urgency=low
 
   * Add patch to fix Templates and Contaminants loading
-in non interactive mode (Closes: #697604) 
+in non interactive mode (Closes: #697604)
 
  -- Olivier Sallou   Wed, 05 Jun 2013 17:08:44 +0200
 
diff -Nru fastqc-0.11.8+dfsg/debian/copyright 
fastqc-0.11.8+dfsg/debian/copyright
--- fastqc-0.11.8+dfsg/debian/copyright 2018-10-17 19:25:09.0 +0200
+++ fastqc-0.11.8+dfsg/debian/copyright 2019-05-21 22:20:32.0 +0200
@@ -1,4 +1,4 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: FastQC
 Source: http://www.bioinformatics.babraham.ac.uk/projects/fastqc/
 Files-Excluded:
diff -Nru fastqc-0.11.8+dfsg/debian/fastqc.desktop 
fastqc-0.11.8+dfsg/debian/fastqc.desktop
--- fastqc-0.11.8+dfsg/debian/fastqc.desktop2018-10-17 19:25:09.0 
+0200
+++ fastqc-0.11.8+dfsg/debian/fastqc.desktop2019-05-21 22:20:32.0 
+0200
@@ -3,7 +3,7 @@
 Exec=fastqc
 GenericName[en_US]=FastQC quality control
 GenericName=FastQC quality control
-Icon=fastqc_icon
+Icon=/usr/share/icons/hicolor/32x32/apps/fastqc_icon.png
 Name[en_US]=FastQC quality control
 Name=FastQC quality control
 Categories=Science;Biology;
diff -Nru fastqc-0.11.8+dfsg/debian/patches/htsjdk-api.patch 
fastqc-0.11.8+dfsg/debian/patches/htsjdk-api.patch
--- fastqc-0.11.8+dfsg/debian/patches/htsjdk-api.patch  2018-10-17 
19:25:09.0 +0200
+++ fastqc-0.11.8+dfsg/debian/patches/htsjdk-api.patch  2019-05-21 
22:20:32.0 +0200
@@ -2,7 +2,7 @@
 Author: Sascha Steinbiss 
 --- a/uk/ac/babraham/FastQC/Sequence/BAMFile.java
 +++ b/uk/ac/babraham/FastQC/Sequence/BAMFile.java
-@@ -27,7 +27,9 @@ import java.util.List;
+@@ -27,7 +27,9 @@
  
  import htsjdk.samtools.CigarElement;
  import htsjdk.samtools.CigarOperator;
@@ -13,7 +13,7 @@
  import htsjdk.samtools.SAMFormatException;
  import htsjdk.samtools.SAMRecord;
  import htsjdk.samtools.ValidationStringency;
-@@ -44,7 +46,7 @@ public class BAMFile implements Sequence
+@@ -44,7 +46,7 @@
// only way to access the file pointer.
private FileInputStream fis;
  
@@ -22,22 +22,24 @@
private String name;
private Sequence nextSequence = null;
Iterator it;
-@@ -56,11 +58,10 @@ public class BAMFile implements Sequence
+@@ -56,11 +58,12 @@
name = file.getName();
this.onlyMapped = onlyMapped;
  
 -   

Bug#929353: qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources

[Salvatore Bonaccorso]

Source: qemu
Version: 1:3.1+dfsg-7
Severity: important
Tags: patch security upstream

Hi,

The following vulnerability was published for qemu.

CVE-2019-12155[0]:
qxl: null pointer dereference while releasing spice resources

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12155
[1] https://www.openwall.com/lists/oss-security/2019/05/22/1
[2] 
https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#929268: More Info

[rollop...@gmail.com]

For now, the problem has only occurred with servers that have SMB ports
accessible from the outside.
I imagine that someone (suspicious) tries to access using NT1, can I
block access using the "min protocol" option or this could block
authorized accesses as well?

Thanks

Bug#929349: ITP: python-django-split-settings -- Organize Django settings into multiple files and directories

[Michael Fladischer]

Package: wnpp
Severity: wishlist
Owner: Michael Fladischer 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-django-split-settings
  Version : 0.3.0
  Upstream Author : Nikita Sobolev, Visa Kopu, Antti Kaihola
* URL : https://github.com/sobolevn/django-split-settings/
* License : BSD-3-clause
  Programming Lang: Python
  Description : Organize Django settings into multiple files and directories

 Organize Django settings into multiple files and directories. Easily override
 and modify settings. Use wildcards in settings file paths and mark settings
 files as optional.

I do intend to maintain this as part of DPMT.

-BEGIN PGP SIGNATURE-

iQFFBAEBCgAvFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAlzk9igRHGZsYWRpQGRl
Ymlhbi5vcmcACgkQ/9PIi5l90Wp8/QgAw7dDr4UtfHLUUzTjx9rQhi2XovpEb1hl
Jp8iqhZGeEJh/nAE70sK3rgiIz/ScXmdyWPrTNv9oioViDM8g+1SmtJ8c5myvbk9
+Gm7gigB40qjl+lIb3UrmUhgeIK12pIiTe5YXuzqfP4CqEEMkvHVIpPNpnAVaNWo
y1O81e0NHWPwpYQk/eyWNAuKXOZTERnFqfYATrSbUbQ7qk91u0zxjdIzk/wM5im3
O+eRdDzdO2PjJrDaQRgLRHo1NTw6ff1eAC4eovDqEIjtFJ0XGWnUCFLkwKDdGxhT
yQJiZHm7ZqIBdTMHuXLzIs4oB6W0wEoH+nSXFDjAqWlcIlq2usHj3w==
=lTdO
-END PGP SIGNATURE-

Bug#929245: further note

[Kathryn Tolsen]

I apologize for the quoting, I'm a bit email challenged.

I just wanted to further note that with the setup as it is now, with the
background image cleared up as it was in my last screenshot, when I do
cleanup on the icons which should put them in the top left corner, I dont
see any of my icons anywhere on any of my three screens. Also I cannot
right click the desktop and get a context menu in that area even though its
no longer glitching.

Bug#929268: (no subject)

[rollop...@gmail.com]

I don't think the problem is related to the charset, the server has been
standing for several years and has never presented problems with any
file or folder.
The same identical problem has also started to occur on another server.
The error also occurs during the night when nobody works on the files.
Today, looking at the logs, I found this information, I hope they can
help you:

[2019/05/22 07:59:18.682017,  0]
../source3/smbd/negprot.c:566(reply_negprot)
  negprot protocols not 0-terminated
[2019/05/22 07:59:18.758200,  0] ../lib/util/fault.c:78(fault_report)
  ===
[2019/05/22 07:59:18.758224,  0] ../lib/util/fault.c:79(fault_report)
  INTERNAL ERROR: Signal 11 in pid 10659 (4.5.16-Debian)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2019/05/22 07:59:18.758235,  0] ../lib/util/fault.c:81(fault_report)
  ===
[2019/05/22 07:59:18.758243,  0] ../source3/lib/util.c:791(smb_panic_s3)
  PANIC (pid 10659): internal error
[2019/05/22 07:59:18.758634,  0] ../source3/lib/util.c:902(log_stack_trace)
  BACKTRACE: 25 stack frames:
   #0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1c)
[0x7f7321882c0c]
   #1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
[0x7f7321882ce0]
   #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
[0x7f7323d9f19f]
   #3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1b3b6)
[0x7f7323d9f3b6]
   #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x110e0) [0x7f73240090e0]
   #5
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbXsrv_session_create+0x2b)
[0x7f732399177b]
   #6
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(reply_sesssetup_and_X+0x967)
[0x7f7323925a17]
   #7 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x123086)
[0x7f7323963086]
   #8 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1254ba)
[0x7f73239654ba]
   #9 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1264ac)
[0x7f73239664ac]
   #10 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaea3) [0x7f73204c3ea3]
   #11 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9277) [0x7f73204c2277]
   #12 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
[0x7f73204be04d]
   #13
/usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b)
[0x7f73204be27b]
   #14 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9217) [0x7f73204c2217]
   #15
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x6c9)
[0x7f73239677d9]
   #16 /usr/sbin/smbd(+0xa7b4) [0x56342e4627b4]
   #17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaea3) [0x7f73204c3ea3]
   #18 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9277) [0x7f73204c2277]
   #19 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
[0x7f73204be04d]
   #20
/usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b)
[0x7f73204be27b]
   #21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9217) [0x7f73204c2217]
   #22 /usr/sbin/smbd(main+0x1784) [0x56342e45f4f4]
   #23 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)
[0x7f732013a2e1]
   #24 /usr/sbin/smbd(_start+0x2a) [0x56342e45f5fa]
[2019/05/22 07:59:18.758708,  0] ../source3/lib/util.c:803(smb_panic_s3)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 10659]
29  ../sysdeps/unix/sysv/linux/waitpid.c: File o directory non
esistente.
[2019/05/22 07:59:19.495423,  0] ../source3/lib/util.c:811(smb_panic_s3)
  smb_panic(): action returned status 0
[2019/05/22 07:59:19.495463,  0] ../source3/lib/dumpcore.c:303(dump_core)
  dumping core in /var/log/samba/cores/smbd

These are the latest updated packages, Is it possible that the problem
is related to one of these?
[INSTALL, DEPENDENCIES] linux-image-4.9.0-9-amd64:amd64 4.9.168-1
[UPGRADE] base-files:amd64 9.9+deb9u8 -> 9.9+deb9u9
[UPGRADE] libjs-bootstrap:amd64 3.3.7+dfsg-2+deb9u1 -> 3.3.7+dfsg-2+deb9u2
[UPGRADE] libjs-jquery:amd64 3.1.1-2 -> 3.1.1-2+deb9u1
[UPGRADE] libmariadbclient18:amd64 10.1.37-0+deb9u1 -> 10.1.38-0+deb9u1
[UPGRADE] libpng16-16:amd64 1.6.28-1 -> 1.6.28-1+deb9u1
[UPGRADE] libpq5:amd64 9.6.11-0+deb9u1 -> 9.6.12-0+deb9u1
[UPGRADE] linux-image-amd64:amd64 4.9+80+deb9u6 -> 4.9+80+deb9u7
[UPGRADE] python3-cryptography:amd64 1.7.1-3 -> 1.7.1-3+deb9u1
[UPGRADE] rsync:amd64 3.1.2-1+deb9u1 -> 3.1.2-1+deb9u2

Bug#929245: Caja screen glitches in multihead setups

[Kathryn Tolsen]

Ok well it might be related.. I attached in this case just my TV to my
minidp->hdmi and it in this instance only failed to draw a small portion to
the far right on my laptop screen, and the first image shows when I
minimized my terminal, the 2nd shows me trying to drop an icon there, the
3rd shows after I've changed the background image.

https://i.imgur.com/2SMcDv9.png
https://i.imgur.com/ygMR9Ih.png
https://i.imgur.com/xRld8Ty.jpg

The icon thing in this scenario however might not be relevant cause in the
last screenshot I am showing one of the screenshot icons being as far right
as it'll let me place it even after the issue is resolved due to a bg
change, and its still not letting me put it in that area.. I will try
generate a situation where it has a larger area.. before it was routinely
doing about 1/3 across the bottom of my 1080p laptop screen with the
configuration I was using which is a larger test area..

in this screenshot I have 3 displays configured with a much larger area
affected and the screenshot icon shown is as low as it'll let me drop it

https://i.imgur.com/dNVRuYS.jpg

and in this last screenshot, I've refreshed the desktop bg and moved that
appearance preferences all around the affected area, and as you can see its
no longer failing to redraw that area as its not showing the appearance
prefs window all over the screen, but it still will not let me drop that
screenshot icon any lower and as you can see the filename is only partially
showing where it is right now.

https://i.imgur.com/GxpidYY.jpg

so idk.. I can perhaps try more testing if someone could come up with more
ideas I tried an strace, it generated about 5mb in a short time and seemed
mostly useless. I think I'd need a special dbg version of caja to use gdb,
idk I've never used those things before but I'm more than happy to help run
this down further if I can get some guidance on how to do it.

On Wed, May 22, 2019 at 2:49 AM Kathryn Tolsen 
wrote:

> At first glance it appears not as that issue is related to a highly
> obscure remote desktop setup my issue is local on xorg and its not merely
> failing to redraw on adding my two ext displays its not drawing desktop at
> all in this spot and is keeping any window that is drawn there after the
> window is destroyed. I will try the icon test mentioned in comments and see
> about giving some visuals.. can i send screenshots or videos or should i
> just link to them on my server?
>
> On Tue, May 21, 2019, 4:42 AM Mike Gabriel <
> mike.gabr...@das-netzwerkteam.de> wrote:
>
>> HI Kathryn,
>>
>> On  So 19 Mai 2019 23:29:29 CEST, Kathryn Tolsen wrote:
>>
>> > Package: caja
>> > Version 1.20.3+b1
>> >
>> > Upon changing displays, such as plugging in a VGA or miniDP->HDMI
>> display
>> > to my laptop, depending on the layout, some portion of one of my screens
>> > will become glitched in that when a window is minimized or moved so that
>> > the caja desktop is visible, the desktop shows what used to be there in
>> the
>> > area that is having the issue.. this does not affect or glitch any other
>> > programs or windows even caja filemanager windows, its only the caja
>> > desktop which is having draw issues.
>> >
>> > The issue is resolvable by changing the desktop background which redraws
>> > the desktop, but it reoccurs every time a display is added or removed
>> when
>> > there are multiple displays present. I use a Lenovo Thinkpad T440 with
>> two
>> > additional displays (no dock).
>> >
>> > Basically it is as though caja is not redrawing a portion of the desktop
>> > when it becomes visible.
>> >
>> > I don't know if this will be easily reproducible or not, as it may be
>> > specific to my hardware somehow.
>>
>> Can you please confirm that this is a variant of upstream bug #945 [1]?
>>
>> Thanks,
>> Mike
>>
>> [1] https://github.com/mate-desktop/caja/issues/945
>>
>>
>> --
>>
>> DAS-NETZWERKTEAM
>> c\o Technik- und Ökologiezentrum Eckernförde
>> Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
>> mobile: +49 (1520) 1976 148
>> landline: +49 (4354) 8390 139
>>
>> GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
>> mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
>>
>>

Bug#929350: RFS: libt3highlight/0.4.8-1

[Gertjan Halkes]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "libt3highlight"

* Package name: libt3highlight
  Version : 0.4.8-1
  Upstream Author : Gertjan Halkes 
* URL : https://os.ghalkes.nl/t3/libt3highlight.html
* License : GPLv3
  Section : libs

It builds those binary packages:

  libt3highlight-dev - Development files for libt3highlight
  libt3highlight2 - Syntax highlighting library
  t3highlight - Command-line syntax highligher

To access further information about this package, please visit the following
URL:

https://mentors.debian.net/package/libt3highlight

Alternatively, one can download the package with dget using this command:

dget -x
https://mentors.debian.net/debian/pool/main/libt/libt3highlight/libt3highlight_0.4.8-1.dsc

Changes since the last upload:

  * New upstream release.

Regards,
  Gertjan Halkes

Bug#929351: curl: CVE-2019-5436: TFTP receive buffer overflow

[Salvatore Bonaccorso]

Source: curl
Version: 7.64.0-3
Severity: important
Tags: security upstream
Control: found -1 7.52.1-5+deb9u9
Control: found -1 7.52.1-5

Hi,

The following vulnerability was published for curl.

CVE-2019-5436[0]:
TFTP receive buffer overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-5436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436
[1] https://www.openwall.com/lists/oss-security/2019/05/22/3
[2] https://curl.haxx.se/docs/CVE-2019-5436.html

Regards,
Salvatore

Bug#929346: atril: Segmentation when launche atril on wayland on chromeos

[Julien Cervelle]

Package: atril
Version: 1.16.1-2+deb9u1
Severity: important

Dear Maintainer,

When launche, on chromeos 74 (which uses wayland)  in the linux VM, I 
have the following error:


WaylandCompositor requires eglCreateImage and eglDestroyImage.
Nested Wayland compositor could not initialize EGL
Segmentation fault

Best regards.

Julien Cervelle

-- System Information:
Debian Release: 9.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.26-03278-g71dc68f9c9d0 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages atril depends on:
ii  atril-common 1.16.1-2+deb9u1
ii  dconf-gsettings-backend [gsettings-backend]  0.26.0-2+b1
ii  libatk1.0-0  2.22.0-1
ii  libatrildocument31.16.1-2+deb9u1
ii  libatrilview31.16.1-2+deb9u1
ii  libc62.24-11+deb9u4
ii  libcairo-gobject21.14.8-1
ii  libcairo21.14.8-1
ii  libcaja-extension1   1.16.6-1+deb9u1
ii  libgail-3-0  3.22.11-1
ii  libgdk-pixbuf2.0-0   2.36.5-2+deb9u2
ii  libglib2.0-0 2.50.3-2
ii  libgtk-3-0   3.22.11-1
ii  libice6  2:1.0.9-2
ii  libjavascriptcoregtk-4.0-18  2.18.6-1~deb9u1
ii  libpango-1.0-0   1.40.5-1
ii  libpangocairo-1.0-0  1.40.5-1
ii  libsecret-1-00.18.5-3.1
ii  libsm6   2:1.2.2-1+b3
ii  libsoup2.4-1 2.56.0-2+deb9u2
ii  libwebkit2gtk-4.0-37 2.18.6-1~deb9u1
ii  libx11-6 2:1.6.4-3+deb9u1
ii  libxml2  2.9.4+dfsg1-2.2+deb9u2
ii  mate-desktop-common  1.16.2-2
ii  shared-mime-info 1.8-1+deb9u1
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages atril recommends:
ii  dbus-x11 [dbus-session-bus]  1.10.26-0+deb9u1
ii  gvfs 1.30.4-1

Versions of packages atril suggests:
pn  caja  
ii  poppler-data  0.4.7-8
pn  unrar 

-- no debconf information

Bug#903635: docker.io: use of iptables-legacy is incompatible with nftables-based iptables

[Afif Elghraoui]

Hi, Arnaud

On Fri, 10 May 2019 09:03:41 +0700 Arnaud Rebillout
 wrote:>
> As I mentioned above, there's a discussion with a work in progress to
> fix that upstream: https://github.com/docker/libnetwork/pull/2339
> 
> I don't think it will be ready in time for buster though. So I see two
> solutions going forward:
> 
> - 1 Jonathan lower the severity of the bug so that it's not RC.
> 
> - 2 I import the patch from github, even though it's work in progress. I
> will follow up and update the patch as soon as upstream release a proper
> fix, and it will be included in a point release of buster.
> 
> If I don't get any feedback from you Jonathan in the following days,
> I'll go for solution number 2 then.
> 

You hadn't Cc'd Jonathan (but I am, now) and I doubt that he's
subscribed to this bug, so he probably never saw these messages. I'm
just checking in here as a concerned maintainer of a reverse-dependency
threatened with autoremoval.

thanks and regards
Afif

-- 
Afif Elghraoui | عفيف الغراوي
https://afif.ghraoui.name

Bug#929356: debootstick fails to handle a chroot based on Ubuntu >= 18.04

[Etienne Dublé]

Package: debootstick
Version: 2.2
Severity: normal

When debootstick is run on a minimal Ubuntu 18.04 LTS chroot, it says
update-initramfs command is missing and fails.

A workaround is to have initramfs-tools package installed in the
chroot before calling debootstick. However, debootstick should
obviously take care of it it this is not the case.


-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debootstick depends on:
ii  dosfstools  4.1-2
ii  e2fsprogs   1.45.1-3
ii  gdisk   1.0.3-1.1
ii  grub-efi-amd64-bin  2.02+dfsg1-3
ii  grub-efi-ia32-bin   2.02+dfsg1-3
ii  kpartx  0.7.9-3
ii  lvm22.03.02-2
ii  qemu-user-static1:3.1+dfsg-7
ii  uuid-runtime2.33.1-0.1

debootstick recommends no packages.

Versions of packages debootstick suggests:
ii  debootstrap  1.0.114
pn  kvm  

-- no debconf information

Bug#929362: icedtea-web: IcedTea plugin is gone, and Java applets no longer load in Konqueror web browser and co

[Milko Krachounov]

Source: icedtea-web
Version: 1.6.2-3.1+deb9u1
Severity: important

Dear Maintainer,

Since version 1.6.2-3.1+deb9u1 of the icedtea-web source package in 
Stretch,
the icedtea-plugin is no longer built. As a result, NPAPI supporting 
browsers,

which include Konqueror which is included in Stretch (and also any third
party browsers such as SeaMonkey and Pale Moon) can no longer load Java
applets. As a result, after upgrading to 1.6.2-3.1+deb9u1 we can no longer
manage a certain batch of hardware requiring such (and that appears to
be the only change in this new release).

In addition, 1.6.2-3.1 has been removed from mirrors, and apt defaults to
deleting /var/cache/apt/archives, so we cannot downgrade (SURPRISING NEW
BEHAVIOURS ALL AROUND!)


-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 
'stable')

Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), 
LANGUAGE= (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#929011: unblock singularity-container - unstable vs testing-proposed-updates

[Afif Elghraoui]

Hello,

To add on to this bug report--- singularity-container is a Go package,
so its dependencies are statically linked (similar concerns as what
happened with docker.io in #927189 [1]). Should I upload to buster?

thanks and regards
Afif

1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927189

-- 
Afif Elghraoui | عفيف الغراوي
https://afif.ghraoui.name

Bug#929357: radvd systemd is disabled but runned after installation

[sergio]

Package: radvd
Version: 1:2.17-2
Severity: normal

Dear Maintainer,

1. After dist-upgrade from stretch to buster (1:2.15-2 -> 1:2.17-2)
   I need to systemctl enable radvd.service

2. After the first radvd installation it is runned but radvd.service is
   disabled, so it will no start after reboot.

Bug#929324:

[oneeyedspacefish]

I've just done some debugging, issue seems to be with debian curl, and not
just the php extension for it.
I'll open a new ticket under curl and this issue can be closed.

Bug#929358: Apparmor access violations

[Jörg Sommer]

Package: evince
Version: 3.32.0-1
Severity: normal

Hi,

while adding notes to a PDF file, I got these messages from AppArmor:

AVC apparmor="DENIED" operation="file_lock" profile="/usr/bin/evince" 
name="/home/joerg/.config/enchant/de_DE.dic" pid=… comm="evince" 
requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="file_lock" profile="/usr/bin/evince" 
name="/home/joerg/.config/enchant/de_DE.exc" pid=… comm="evince" 
requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000

Kind regards Jörg

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.0-trunk-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages evince depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.32.0-1
ii  evince-common3.32.0-1
ii  gsettings-desktop-schemas3.32.0-1
ii  libatk1.0-0  2.32.0-1
ii  libc62.28-10
ii  libcairo-gobject21.16.0-4
ii  libcairo21.16.0-4
ii  libevdocument3-4 3.32.0-1
ii  libevview3-3 3.32.0-1
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.58.3-1
ii  libgnome-desktop-3-173.32.2-1
ii  libgtk-3-0   3.24.8-1
ii  libnautilus-extension1a  3.31.90-1
ii  libpango-1.0-0   1.42.4-6
ii  libpangocairo-1.0-0  1.42.4-6
ii  libsecret-1-00.18.8-1
ii  shared-mime-info 1.10-1

Versions of packages evince recommends:
ii  dbus-user-session [default-dbus-session-bus]  1.13.10-1

Versions of packages evince suggests:
pn  gvfs 
pn  nautilus-sendto  
ii  poppler-data 0.4.9-2
ii  unrar1:5.6.6-2

-- no debconf information


signature.asc
Description: PGP signature

Bug#903635: docker.io: use of iptables-legacy is incompatible with nftables-based iptables

[Arnaud Rebillout]

On 5/22/19 3:32 PM, Afif Elghraoui wrote:
> You hadn't Cc'd Jonathan (but I am, now) and I doubt that he's
> subscribed to this bug, so he probably never saw these messages. I'm
> just checking in here as a concerned maintainer of a reverse-dependency
> threatened with autoremoval.

Hmm I'm a bit clumsy with the bugtracker, sorry, and thanks for
following up :)

Bug#929359: linux: instability on arm64 MP30-AR1 servers

[Julien Cristau]

Source: linux
Version: 4.9.168-1
Severity: important
X-Debbugs-Cc: debian-...@lists.debian.org, debian-ad...@lists.debian.org
User: debian-ad...@lists.debian.org
Usertags: needed-by-DSA-Team

Hi,

ever since the 9.9 point release conova-node01.debian.org and
conova-node02.debian.org have been unstable.  They run for an hour or
three, and then things go bad.  Rebooting back to 4.9.144-3.1 makes them
stable again.

Latest example:

May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: PingAck did not arrive in time.
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: peer( Secondary -> Unknown ) conn( Connected -> NetworkFailure ) 
pdsk( UpToDate -> DUnknown ) 
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: new current UUID 
3EA2D1FA6B3ACD47:0BEBDA613EA56FD7:D5BF70E0AA6560C5:D5BE70E0AA6560C5
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: ack_receiver terminated
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: Terminating drbd_a_resource
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: Connection closed
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: conn( NetworkFailure -> Unconnected ) 
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: receiver terminated
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: Restarting receiver thread
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: receiver (re)started
May 22 04:17:37 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: conn( Unconnected -> WFConnection ) 
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: Handshake successful: Agreed network protocol version 101
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: Feature flags enabled on protocol level: 0x7 TRIM THIN_RESYNC 
WRITE_SAME.
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: Peer authenticated using 16 bytes HMAC
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: conn( WFConnection -> WFReportParams ) 
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: drbd 
resource3: Starting ack_recv thread (from drbd_r_resource [8449])
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: drbd_sync_handshake:
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: self 
3EA2D1FA6B3ACD47:0BEBDA613EA56FD7:D5BF70E0AA6560C5:D5BE70E0AA6560C5 bits:4 
flags:0
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: peer 
0BEBDA613EA56FD6::D5BF70E0AA6560C4:D5BE70E0AA6560C5 bits:0 
flags:0
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: uuid_compare()=1 by rule 70
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: peer( Unknown -> Secondary ) conn( WFReportParams -> WFBitMapS ) 
pdsk( DUnknown -> Consistent ) 
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: send bitmap stats [Bytes(packets)]: plain 0(0), RLE 28(1), total 
28; compression: 100.0%
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: receive bitmap stats [Bytes(packets)]: plain 0(0), RLE 28(1), 
total 28; compression: 100.0%
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: helper command: /bin/true before-resync-source minor-3
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: helper command: /bin/true before-resync-source minor-3 exit code 0 
(0x0)
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: conn( WFBitMapS -> SyncSource ) pdsk( Consistent -> Inconsistent ) 
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: Began resync as SyncSource (will sync 16 KB [4 bits set]).
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: updated sync UUID 
3EA2D1FA6B3ACD47:0BECDA613EA56FD7:0BEBDA613EA56FD7:D5BF70E0AA6560C5
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: Resync done (total 1 sec; paused 0 sec; 16 K/sec)
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: updated UUIDs 
3EA2D1FA6B3ACD47::0BECDA613EA56FD7:0BEBDA613EA56FD7
May 22 04:17:38 conova-node01/conova-node01/:::217.196.149.227 kernel: 
block drbd3: conn( SyncSource -> Connected ) pdsk( Inconsistent -> UpToDate ) 
May 22 

Bug#929360: mariadb-server: --plugin-maturity=XXX doesn'r work

[Pekedev2 PBX]

Package: mariadb-server
Version: 1:10.3.13-1
Severity: normal

Dear Maintainer,

Trying to load beta maturity plugins, can't make mariadb to change the maturity 
level.
Tried to add plugin-maturity option in the config file but always shows gamma 
as the min value.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mariadb-server depends on:
ii  mariadb-server-10.3  1:10.3.13-1

mariadb-server recommends no packages.

mariadb-server suggests no packages.

-- no debconf information

Bug#928944: CVE-2019-12046: lemonldap-ng tokens allows anonymous session when stored in session DB

[Guilhem Moulin]

On Wed, 22 May 2019 at 07:34:06 +0200, Xavier wrote:
> It seems that Clément has fixed something related to that feature.
> Could you try 
> https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commit/deff50f072c64898d1204daa28c01fdcc7275ea4
>  ?

That solves the issue indeed, thanks for the pointer!  I ended up
amending the patch as attached though:

 * Not setting the ‘Access-Control-Allow-Origin: *’ header is upstream
   issue #1519, fixed in e6c034a38aa0e7dadcf0ce87809193b327fbc0e5.

 * The second to last hunk from deff50f072c64898d1204daa28c01fdcc7275ea4
   (-2134,8 +2137,10) doesn't apply, and as it's only cosmetic
   (whitespace change) I just skipped it.

Cheers,
-- 
Guilhem.
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -1049,7 +1049,7 @@ sub updatePersistentSession {
 
 }
 
-## @method void updateSession(hashRef infos, string id)
+## @method void updateSession(hashRef infos, string id, string kind)
 # Update session stored.
 # If no id is given, try to get it from cookie.
 # If the session is available, update datas with $info.
@@ -1057,9 +1057,10 @@ sub updatePersistentSession {
 # server local cache, if there are several LL::NG servers.
 # @param infos hash reference of information to update
 # @param id Session ID
+# @param kind Session kind
 # @return nothing
 sub updateSession {
-my ( $self, $infos, $id ) = @_;
+my ( $self, $infos, $id, $kind ) = @_;
 
 # Return if no infos to update
 return () unless ( ref $infos eq 'HASH' and %$infos );
@@ -1084,7 +1085,9 @@ sub updateSession {
 }
 
 # Update session in global storage
-if ( my $apacheSession = $self->getApacheSession( $id, 1 ) ) {
+if ( my $apacheSession =
+$self->getApacheSession( $id, 1, undef, $kind ) )
+{
 
 # Store updateTime
 $infos->{updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
@@ -1567,9 +1570,8 @@ sub process {
 {
 if ( ( my $code = $self->{error} ) > 0 ) {
 print $self->header(
--status=> '401 Unauthorizated',
-'-WWW-Authenticate'=> "SSO $self->{portal}",
-'-Access-Control-Allow-Origin' => '*',
+-status => '401 Unauthorizated',
+'-WWW-Authenticate' => "SSO $self->{portal}",
 );
 $self->quit;
 }
@@ -2744,7 +2746,7 @@ sub autoRedirect {
 $cdaInfos->{cookie_name} = $self->{cookieName} . "http";
 }
 
-$self->updateSession( $cdaInfos, $cdaSession->id );
+$self->updateSession( $cdaInfos, $cdaSession->id, "CDA" );
 
 $self->{urldc} .=
 ( $self->{urldc} =~ /\?/ ? '&' : '?' )


signature.asc
Description: PGP signature

Bug#892264: hy doesn't know its own version

[Debian/GNU]

retitle -1 hy doesn't know it's own version
thanks.

any news on this?


$ /usr/bin/hy --help | grep version
  -v, --version  show program's version number and exit
$ /usr/bin/hy --version
hy unknown
$

Bug#929355: debootstick: Migration script is sometimes failing

[Etienne Dublé]

Package: debootstick
Version: 2.2
Severity: important

debootstick's migration feature (OS moving from the removable
USB stick to the internal disk of the machine) will fail:
* if the target disk holds LVM volumes
* in some rare cases (the script might be chaining LVM or partx
  commands too fast)

This bug was originally reported by Dejan Muhamedagic here:
https://github.com/drakkar-lig/debootstick/issues/21


-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debootstick depends on:
ii  dosfstools  4.1-2
ii  e2fsprogs   1.45.1-3
ii  gdisk   1.0.3-1.1
ii  grub-efi-amd64-bin  2.02+dfsg1-3
ii  grub-efi-ia32-bin   2.02+dfsg1-3
ii  kpartx  0.7.9-3
ii  lvm22.03.02-2
ii  qemu-user-static1:3.1+dfsg-7
ii  uuid-runtime2.33.1-0.1

debootstick recommends no packages.

Versions of packages debootstick suggests:
ii  debootstrap  1.0.114
pn  kvm  

-- no debconf information

Bug#929361: ITP: puppet-module-debian-archvsync -- Puppet module for maintaining a Debian FTP mirror

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-debian-archvsync
  Version : 1.0.0
  Upstream Author : Thomas Goirand 
* URL : 
https://salsa.debian.org/openstack-team/puppet/puppet-module-debian-archvsync
* License : GPL-3
  Programming Lang: Puppet
  Description : Puppet module for maintaining a Debian FTP mirror

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of a Debian mirror
 using the ftpsync method.

Note: I'm the upstream! :)

Bug#929271: backports customizations are not enabled for live-build

[PICCORO McKAY Lenz]

Hi Roland.. let's forget the jessie related..  ok answering your mail:

El mié., 22 de may. de 2019 a la(s) 06:18, Roland Clobus (rclo...@rclobus.nl)
escribió:

> The title says: backports customizations are not enabled for live-build
>
yeah!


> The content says: Unrecognized command line option
> osposweb replied with: the program gives options to alter all sources of
> packages except the "backports"
>
same here! so i think it's same issue


> Issue 1: backports customizations are not enabled for live-build
>
> Regarding the Debian mirrors: as I understand, Debian nowadays has
> reduced the configuration for finding the mirrors, by using
> deb.debian.org for all current releases, architectures and geographical
> locations. The backports for stretch are there [2], and all geographical
> locations can use the same URL [3].
>
Yes, forgetting about jessie which play off soon .. affects future
compilations of live build


> However, if you need to add other repositories, the manual at section
> 8.1.5 [6] states that you need to add specific files:
> config/archives/your-repository.list.chroot and/or
> config/archives/your-repository.list.binary. Within these files you can
> write lines with the same syntax as you would do in /etc/apt/sources.list.
>
THIS WORK ONLY FOR CHROOT! must work for all the stages!


> (Note that I still have not touched chapter 8 of the manual, there are
> still some old references to alioth.debian.org.)
> So for getting access to other repositories, you should use these files,
> and not one of the command line options.
>
About older references, i can open a new bug reports for.. but for now,
this issue are only related to allow to customize backports mirrors


> I have tested backports with:
> lb config --distribution stretch
> echo "deb http://deb.debian.org/debian stretch-backports main" >
> config/archives/live.list.chroot
> echo "deb http://deb.debian.org/debian stretch-backports main" >
> config/archives/live.list.binary
> The backports are available, but grep is still at 2.27-2 instead of
> 3.3-1~bpo9+1. So I did not correctly configure apt pinning.
>
BAD MADE the pinning works but in some stages does not sync with chroot
installed

In any case, i want to use different mirrors for backports due bandwith
usage behind firewalling

Issue 2: Building a live image for jessie
>
Well in this case i there's too much work forgett, due as i exposed:
i want to use different mirrors for backports due bandwith usage behind
firewalling
for live-strecht and future live builds

Issue 3: Unrecognized command line option
> 
> Summmary: from my personal point of view, only issue 3 remains.
>
all of the documentations are out of wync that resumes the "unrecognized..."


>
> With kind regards,
> Roland Clobus
>
> [1] https://lists.debian.org/debian-devel-announce/2019/03/msg6.html
> [2] https://backports.debian.org/Instructions/
> [3] https://wiki.debian.org/DebianGeoMirror
> [4]
>
> https://salsa.debian.org/live-team/live-build/commit/dd15ade8bbdc6360816ed858253e7aaa68e4c9c2
> [5]
>
> https://salsa.debian.org/live-team/live-build/commit/68700f466c142082e7423282ca4caaf7552bf8e9
> [6]
>
> https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html#379
> [7] http://ftp.debian.org/debian/dists/jessie-updates/
>
>

Bug#929271: backports customizations are not enabled for live-build

[Roland Clobus]

Hello all,

It seems that I got confused by this bug report.

The title says: backports customizations are not enabled for live-build
The content says: Building a Jessie image
The content says: Unrecognized command line option
osposweb replied with: the program gives options to alter all sources of
packages except the "backports"

So we have 4 issues in one bug report. This means that this mail is a
rather long one...

Issue 1: backports customizations are not enabled for live-build

Regarding the Debian mirrors: as I understand, Debian nowadays has
reduced the configuration for finding the mirrors, by using
deb.debian.org for all current releases, architectures and geographical
locations. The backports for stretch are there [2], and all geographical
locations can use the same URL [3].

According to [1], the Debian project migrated the jessie-backports,
which were located at deb.debian.org/debian to the read-only archive at
archive.debian.org, which will not get updates.

According to the commits [4] and [5], which were made 6 years ago,
backports.d.o was integrated in the main mirror. Since then Debian has
been released often enough that I think that you will not need an entry
to backports.d.o any more.

However, if you need to add other repositories, the manual at section
8.1.5 [6] states that you need to add specific files:
config/archives/your-repository.list.chroot and/or
config/archives/your-repository.list.binary. Within these files you can
write lines with the same syntax as you would do in /etc/apt/sources.list.
(Note that I still have not touched chapter 8 of the manual, there are
still some old references to alioth.debian.org.)
So for getting access to other repositories, you should use these files,
and not one of the command line options.

I have tested backports with:
lb config --distribution stretch
echo "deb http://deb.debian.org/debian stretch-backports main" >
config/archives/live.list.chroot
echo "deb http://deb.debian.org/debian stretch-backports main" >
config/archives/live.list.binary

The backports are available, but grep is still at 2.27-2 instead of
3.3-1~bpo9+1. So I did not correctly configure apt pinning.

So for sufficiently recent versions of Debian, backports works fine from
my point of view.

Issue 2: Building a live image for jessie

I've attempted to create a live image using Debian testing as the host
with the following command:

lb config --distribution jessie

This fails with the following message:
W: Failed to fetch
http://deb.debian.org/debian/dists/jessie-updates/InRelease  Unable to
find expected entry 'main/source/Sources' in Release file (Wrong
sources.list entry or malformed file)

The content of jessie-updates on [7] is practically empty. Effectively
this part of the repository is disabled. The implementation of apt from
jessie is apparently not able to handle this repository, the current apt
from testing works fine.

Jessie is now oldstable, and will soon (TM) be oldoldstable. Unless you
have a compelling reason to use jessie, I would suggest to pick stretch
or perhaps even buster.

Note: lb config --distribution stretch works fine
Note: lb config --distribution buster works fine too

Issue 3: Unrecognized command line option

As noted in my first response to this bug report, I will update the
manual to match the current code. The time I spent on writing this mail
has provided me with lots of information on how to update the manual to
match the current implementation of the live-image building tools.

Issue 4: the program gives options to alter all sources of packages
except the "backports"

> [snip] the
> program gives options to alter all sources of packages except the
> "backports"... because you can alter all and not that?

I think I answered this question with the test for backports as
mentioned with issue 1. Support for backports is not in the basic
configuration of 'lb config', you need to explicitly add support for
that repository, and you can use the configuration files for that.

> I don't think that the excuse of "all are always in the same source" is
> valid, because according to the installation images as well as the
> backports images are not always coordinated between all the mirrors
> origins according to the debian notes.

I am not aware of these notes, on which URL can I find them?
It can be that local mirror will not be synced yet or only a partial
mirror, but you can always add an additional repository.

> In addition, not all the countries have excelent internet providers and
> the net service are expensive in some cases..

For that, you can use something like apt-cacher-ng during the
construction of the live image.

Summmary: from my personal point of view, only issue 3 remains.

With kind regards,
Roland Clobus

[1] https://lists.debian.org/debian-devel-announce/2019/03/msg6.html
[2] https://backports.debian.org/Instructions/
[3] https://wiki.debian.org/DebianGeoMirror
[4]

Bug#929005: superkb FTCBFS: upstream build system hard codes build architecture tools

[Octavio Alvarez]

On 5/14/19 11:12 PM, Helmut Grohne wrote:

superkb fails to cross build from source, because the upstream build
system hard codes build architecture build tools (gcc and pkg-config).
The attached patch makes these tools substitutable,


Hi, Helmut,

Thank you for the patch! I applied it upstream.


but it doesn't make
superkb cross buildable due to its use of help2man. This is harder to
solve and not fixed here. Please consider applying the attached patch
anyway and close this bug when doing so even though superkb will
continue to fail cross building.


I also implemented a help2man fix upstream. It's done in two commits:

First, in commit b364c89897 [1] I moved the help text outside of main.c 
into a separate header file.


Then, in commit 6ba0933bd0 [2] I added a help stub: a Bash script that 
when takes the -h option it just processes the help message from the 
separate message file and outputs the help message. This stub is called 
from help2man instead of the application binary.


However, I clean the Bash script in a later commit (b5a418cc40 [3]) to 
use cpp -E instead of sed to parse the .h file. This is better because 
cpp is the proper parser for an .h file. Please confirm that this use of 
cpp does not break cross-compilation.


Because this technique is architecture independent it should work for
cross-compilation without having to build twice.

The three patches are upstream. Because I have not applied those to the 
Debian package I will keep the report open.


Thank you,
Octavio.

[1] Moved the help text outside of main.c
https://gitlab.com/alvarezp2000/superkb/commit/b364c8989773d68fb116fe2a8a5fd0c27b71bc18

[2] Add and use a help2man stub
https://gitlab.com/alvarezp2000/superkb/commit/6ba0933bd06d9ac5640aac42109f98ec1c2774fd

[3] help2man/superkb: way cleaner method to use main-help-message.h
https://gitlab.com/alvarezp2000/superkb/commit/b5a418cc4020b4ba276944b178235a9fb2373d8a

Bug#929360: [debian-mysql] Bug#929360: mariadb-server: --plugin-maturity=XXX doesn'r work

[Otto Kekäläinen]

Hello!

Is this a Debian specific thing? I don't think we've done anything in
packaging related to what config arguments the software itself
accepts. Should you maybe file a bug upstream, or do some more
research around the topic?

Debian bugs is not a support channel. If you need support you can turn
to commercial vendors for example the ones listed here:
https://mariadb.org/about/service-providers/

Bug#929363: enigmail: CVE-2019-12269

[Salvatore Bonaccorso]

Source: enigmail
Version: 2:2.0.10+ds1-1
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/enigmail/bugs/983/

Hi,

The following vulnerability was published for enigmail.

CVE-2019-12269[0]:
| Enigmail before 2.0.11 allows PGP signature spoofing: for an inline
| PGP message, an attacker can cause the product to display a "correctly
| signed" message indication, but display different unauthenticated
| text.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12269
[1] https://sourceforge.net/p/enigmail/bugs/983/

Please adjust the affected versions in the BTS as needed, probably
every version as well before 2:2.0.10+dfs1-1 would be affected.

Regards,
Salvatore

Bug#929271: backports customizations are not enabled for live-build

[Michael .]

I am sorry I obviously didn't pay attention when you said and I quote
"when try to build live jessie image using strecht i got those
errors".

On 22/05/2019, PICCORO McKAY Lenz  wrote:
> obviously you Maichael do not paid attention, i repeat:
>
> 1. the bug was reported agains strecht.. i cannot build strecht image using
> different mirrors for each case!
> 2. -for low performance networks it's a good practice have differents
> mirrors so download task will be separatelly,
> 3. docummentation are obviuslly out of date, script obvouslly are out of
> date, all are obviouslly out of sync
>
> in any case, that are ilogic, iu can provide different mirror for chroot
> installer and for booststrap but not for backports? PUFFF
>
> i mean event have normal and backports in same domain.. i setup different
> origin domains sources for normal repository and backports repository...
> that's a good practice
>
> Lenz McKAY Gerardo (PICCORO)
> http://qgqlochekone.blogspot.com
>
>
> El mar., 21 de may. de 2019 a la(s) 15:16, Michael . (keltoi...@gmail.com)
> escribió:
>
>> Jessie security support ended June 17 2018. Asking the live project to
>> support a dist that is no longer security supported adds work to an
>> already huge workload.
>>
>> On 22/05/2019, PICCORO McKAY Lenz  wrote:
>> > Roland, i track back all the history and get not lost.. BUT IN ANY CASE
>> > THAT BEHAVIOUR ARE NOT VIABLE, lest see:
>> >
>> > about the commits history: seems the migration was not as espected
>> > (migrations was done good but the results are not same as xpected)
>> >
>> > the commits are :
>> >
>> https://salsa.debian.org/live-team/live-build/commit/dd15ade8bbdc6360816ed858253e7aaa68e4c9c2
>> >
>> > and also
>> >
>> https://salsa.debian.org/live-team/live-build/commit/68700f466c142082e7423282ca4caaf7552bf8e9
>> >
>> > I EXPLAIN WHY THAT COMMITS MUST BE REVERTED
>> >
>> > 1. - the mirror are track from default mirror.. so oldstable moving of
>> > backports (as seems always) are not in same repository, that made this
>> > behaviour ilogic and ridiculus, due for olstable the repository will be
>> > archived .. same for updates repository!
>> >
>> > 2. -for low performance networks it's a good practice have differents
>> > mirrors so download task will be separatelly, i mean event have normal
>> and
>> > backports in same domain.. i setup different origin domains sources for
>> > normal repository and backports repository... that's a good practice
>> >
>> > there's more reason but in my case those are enouoght
>> >
>> > Please therat that issue quick due i cannot build any jessie image
>> property
>> > or i cannot use any strecth image in good shape!
>> >
>> > Lenz McKAY Gerardo (PICCORO)
>> > http://qgqlochekone.blogspot.com
>> >
>> >
>> > El mar., 21 de may. de 2019 a la(s) 02:38, Roland Clobus
>> > (rclo...@rclobus.nl)
>> > escribió:
>> >
>> >> Hello PICCORO,
>> >>
>> >> On 20/05/2019 15:42, PICCORO McKAY Lenz wrote:
>> >> > when try to build live jessie image using strecht i got those errors
>> >> >
>> >> > lb config: unrecognized option '--mirror-chroot-updates'
>> >> > lb config: unrecognized option '--parent-mirror-binary-updates'
>> >> > lb config: unrecognized option '--parent-mirror-chroot-updates'
>> >>
>> >> When working on the documentation, I've noticed these command line
>> >> options as well. They are not present in the scripts, they are only in
>> >> the documentation.
>> >> Unfortunately due to the migration from alioth to salsa the git
>> >> history
>> >> got lost, so I cannot trace it back. I would assume that the
>> >> functionality was remove from the scripts at some time, and that
>> >> someone
>> >> forgot to update the documentation accordingly. I've downloaded the
>> >> package 1:20151215 [1], and the command line is mentioned there also
>> >> only in the documentation, which confirms my assumption.
>> >>
>> >> Instead of (re-)implementing these options, I would update the
>> >> documentation instead.
>> >>
>> >> With kind regards,
>> >> Roland Clobus
>> >>
>> >> [1] https://snapshot.debian.org/package/live-build/1%3A20151215/
>> >>
>> >>
>> >>
>> >>
>> >
>>
>

Bug#929272: nmap-common: executable distributed in nmap-common detected as malware

[Dom Sekotill]

Hello,

Granted, this is a false positive and could be fixed through other channels if 
I absolutely had to have nmap installed, but...

This a corporate antivirus which I have no ability to personally override.  
Arguing with company IT about it is more trouble than just uninstalling an only 
occasionally used tool.  I imagine arguing with the AV vendor would be even 
more 
of a headache.  Even if I did all that it wouldn't be much help for others in 
similar situations at other companies with other AV products.

The previous link I sent, to an archived discussion of this suggested 
a workaround which I think would be relatively simple to implement: distribute 
the affected files separately, as a recommended dependency. A user can then 
remove it (or not install it in the first place) if it becomes a problem and 
they don't need it.

Thanks,

Dom

Bug#929063: init: delegate selinux operation to separate binary

[Laurent Bigonville]

Le 22/05/19 à 01:45, Dmitry Bogatov a écrit :

[2019-05-18 15:00] Laurent Bigonville

I've seen that in your commit, I just don't understand why this is even
a goal.

Because I do not want to pay for what I do not use. It is matter of good
design and Unix way.


libselinux is really small and only pulls libpcre3 which is pulled by
grep (which is Essential). It's not possible today to install debian
without libselinux installed anyway.

Path of a thousand miles starts with a single step.


Also, what's your plan regarding packaging? Would that executable be
put in a separate package?

Yes, that the plan.


So let's be it clear for the record. I'll personally oppose all patches 
that would undermine the consistency and the experience of using SELinux 
in debian.


As a distribution, debian has historically always been on the side of 
enabling as many build options as possible to provide by default the 
"full experience" to the users. I think that good and consistent 
integration of different options and technologies is more beneficial for 
our users than winning 205kb on the default installation (libpcre is 
already pulled by grep and the sysvinit dependency against libsepol can 
be dropped).


Also, removing selinux support by default would require many packages to 
create different flavors (which is usually a big no-no in debian).


If people feel the urge of removing libselinux library (or other 
libraries starting with "libs") from their system that still something 
that could be done on their side at their cost ; especially that the 
current situation exists for more than 10 years (SELinux support is 
enabled by default in sysvinit and other base packages like PAM since 
2005) and is absolutely not causing any issues what's however to the 
users not enabling SELinux on their system (the library is a noop in 
that case).

Bug#929063: init: delegate selinux operation to separate binary

[Thorsten Glaser]

On Wed, 22 May 2019, Laurent Bigonville wrote:

> So let's be it clear for the record. I'll personally oppose all patches that
> would undermine the consistency and the experience of using SELinux in debian.

Erm… all the patch does is move the SELinux call into a separate
executable so that init itself does not need to be linked against
those libraries and doesn’t need to keep them resident (and will
not be affected by flaws in those libraries, keeping the attack
surface small, unlike *cough* others).

As long as that other executable will end up in the same binary
package in Debian, there will be no user-visible change save for
saving some RAM.

(I’m not quite convinced the effort is worth it, but given that
this would be changed upstream, and that there are likely other
users of the same upstream code who’re _not_ using SELinux, this
would be very welcomed by those, so I’m okay with it.)

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**

Bug#929365: qemu: CVE-2019-12247: qemu-guest-agent: integer overflow while running guest-exec command

[Salvatore Bonaccorso]

Source: qemu
Version: 1:3.1+dfsg-7
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html

Hi,

The following vulnerability was published for qemu.

CVE-2019-12247[0]:
qemu-guest-agent: integer overflow while running guest-exec command

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12247
[1] https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#929366: linux-image-4.19.0-5-octeon: usercopy: Kernel memory overwrite attempt detected (in systemd-timedated)

[Julien Cristau]

Source: linux
Version: 4.19.37-3
Severity: important
X-Debbugs-Cc: debian-ad...@lists.debian.org, debian-m...@lists.debian.org, 
syst...@packages.debian.org
User: debian-ad...@lists.debian.org
Usertags: needed-by-DSA-Team

Hi,

from mips-sil-01.debian.org's syslog:

May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 dbus-daemon[542]: 
[system] Activating via systemd: service name='org.freedesktop.timedate1' 
unit='dbus-org.freedesktop.timedate1.service' requested by ':1.12565' (uid=115 
pid=561 comm="timedatectl show ")
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 systemd[1]: 
Starting Time & Date Service...
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: usercopy: 
Kernel memory overwrite attempt detected to SLUB object 'buffer_head' (offset 
8, size 88)!
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: Kernel bug 
detected[#1]:
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: CPU: 0 
PID: 563 Comm: (imedated) Not tainted 4.19.0-5-octeon #1 Debian 4.19.37-3
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: $ 0   : 
 82a78f48 0064 417135fb8ce5871c
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: $ 4   : 
417135fb8ce5871c 80002406b678 800024074080 835b
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: $ 8   : 
0100 80020e9a4018 286f73657420 835b
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: $12   : 
 05f5e100 835b 83590b58
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: $16   : 
c2400038 0058  c2400090
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: $20   : 
82a2f630 c240 55d29698 c2400038
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: $24   : 
 82dcc9a0  
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: $28   : 
8001f9094000 8001f9097d30  82b71874
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: Hi: 
003e7cf8
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: Lo: 
72b020c49bf017bb
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: epc   : 
82b71874 usercopy_abort+0x94/0xa0
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: ra: 
82b71874 usercopy_abort+0x94/0xa0
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: Status: 
10109ce3   KX SX UX KERNEL EXL IE 
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: Cause : 
00800024 (ExcCode 09)
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: PrId  : 
000d9602 (Cavium Octeon III)
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: Modules 
linked in: mmc_block binfmt_misc ip6t_REJECT nf_reject_ipv6 nf_conntrack_ftp 
xt_CT nfnetlink_log nft_counter xt_hashlimit ipt_REJECT nf_reject_ipv4 xt_NFLOG 
xt_multiport xt_tcpudp xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 
nf_defrag_ipv4 libcrc32c nft_compat nf_tables nfnetlink sg octeon_mmc mmc_core 
8250_of leds_gpio i2c_dev octeon_rng rng_core ip_tables x_tables autofs4 ext4 
crc16 mbcache jbd2 crc32c_generic fscrypto ecb dm_mod ahci_platform 
libahci_platform libahci ahci_octeon
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: Process 
(imedated) (pid: 563, threadinfo=53386908, task=8966de24, 
tls=771b84a0)
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: Stack : 
0058 006080c0  82b50d60
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: 
77d57098 82b716c4 8000240bfb00 8001f9097df8
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: 
0058 0001 800187ea86d0 82f1f7e4
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: 
 832b 800187ea86c0 77d5a7c8
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: 
 77d3 77d57098 
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: 
7f99ca14 82a30784 0ef08000 417135fb8ce5871c
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: 
000b55d29698 000b55de72f0 55d29698 417135fb8ce5871c
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: 
55dea4c0 55de72f0 77d5a7c8 77d5a73c
May 22 11:57:53 mips-sil-01/mips-sil-01/:::86.59.118.146 kernel: 
77d3 

Bug#929373: a python-FOO-doc package should suggest/recommend python3-FOO instead of python-FOO

[Matthias Klose]

Package: lintian

Seen when trying to remove Python2 dependencies. A lot of -doc packages
recommend/suggest the Python2 package, not the Python3 one.

Additionally, I'm not sure if a recommends is really appropriate.

Bug#928164: backports work

[Thijs Kinkhorst]

Hi Frederic,

>> I would have been OK to have 2.6.0 of liblasso3 in stretch backports,
>> and I was in the believe that I had installed it. But when checking,
>> I'm still running 2.5.0-5+b1. Spooky

> I'll see about uploading 2.6.0 to backports.

That would be great. I have a backport of libapache2-mod-auth-mellon in
stretch, to allow to use SHA256 with mellon. But the signatures fail
because of https://dev.entrouvert.org/issues/10019

That is fixed in lasso 2.5.1. So having a lasso >= 2.5.1 in backports
would really help us aswell.

I can help out with the backport work if needed.


Thanks,
Thijs



signature.asc
Description: OpenPGP digital signature

Bug#929377: pcp: nutcracker module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The nutcracker module is missing.

Seems to need Perl module YAML::XS installed at build-time.

So please build-depend on libyaml-libyaml-perl.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlXzgACgkQLHwxRsGg
ASFk0w/+JtCY58v6/LnvRbCyaRjCAA+9s9f2xDKHstSR0fzrMsnie9ImnU4W1IHS
77MujIOQGSnBg3lXenLct6X7RwkBLLtVB+ZQn4ZFvtInymaxm3bNa398k3YgzSVE
oeLhCa1EiSuyPO4GuIUgoAwWQeY3u7Qric5mij2YxGOvKsPI+SHpCmzNut/bHDx8
iIXcvLy/fLmZw1hJLZpUTHtARgcrpRy/GCe3Y+JiX9kZp8YSWLdgZyk/OwxyRTHj
YXcU22JClgK3zAS7wsh30ZijuI1sI4RbdFJByqeZNbdDIyA45WEgghMYKdOHm4wt
JvNiXpxRQ7pOrjN4MgdULLcutR17ZdOHOuhP3PJPcpEbPDhupip448sDDvk7Hhm5
HVQjkY+ig4zvxANql8lNpUZ6317CyIxljZG7J9sJHaB2o6gqe4I9h9sN0gVhUOd+
sVZ7ZfMHlCpCOgah9G+g9kIKb8mJWg9Zuv2wLlMYk5wuuDt+IIIGeyJTWxCrim+u
aGxugF7s0T+1ZZftj3+7ANxkIKUy9D3fwpav6Ll3PQG2Au7Y1HvRt3kNIbQ8HyWH
XuhC1OjwAvMtcwtiIOpJL7W/l+OeHR0tTs+TMAdfCFnRUDY2OMb+uUKx++Bh7LxW
BZB18i2rJBRH/wFpDJDsrPf4WCyMx1EABivpFHvPYu3ieFZa/FI=
=j9S0
-END PGP SIGNATURE-

Bug#929380: tmpreaper: /etc/cron.daily/tmpreaper should not expand TMPREAPER_PROTECT_EXTRA shell wildcards

[Benoit Branciard]

Package: tmpreaper
Version: 1.6.13+nmu1+deb9u1+b1
Severity: normal
Tags: d-i patch

Dear Maintainer,

current version od /etc/cron.daily/tmpreaper shell-expands 
TMPREAPER_PROTECT_EXTRA content 
before passing it to /usr/sbin/tmpreaper using "--protect" option.

This may cause some patterns to be ignored by tmpreaper when using *relative* 
paths, 
if they happen to match any file in the current working directory (/root if run 
by cron).

A quick fix would be ton add a "set -o noglob" a the proper place in the script 
(as in suggested patch).

A better way would be to use a shell array to declare TMPREAPER_PROTECT_EXTRA 
items, 
but this beaks compatibility.

Suggested patch:

--- /etc/cron.daily/tmpreaper.orig  2008-05-26 18:39:01.0 +0200
+++ /etc/cron.daily/tmpreaper   2019-05-22 16:17:53.571043378 +0200
@@ -95,6 +95,7 @@
 TMPREAPER_PROTECT_EXTRA=${TMPREAPER_PROTECT_EXTRA:-''}
 TMPREAPER_DIRS=${TMPREAPER_DIRS:-'/tmp/.'}
 
+set -o noglob
 nice -n10 tmpreaper --delay=$TMPREAPER_DELAY --mtime-dir --symlinks 
$TMPREAPER_TIME  \
   $TMPREAPER_ADDITIONALOPTIONS \
   --ctime \


-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-042stab136.1 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages tmpreaper depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  libc6  2.24-11+deb9u4
ii  libmount1  2.29.2-1+deb9u1

tmpreaper recommends no packages.

tmpreaper suggests no packages.

-- Configuration Files:
/etc/tmpreaper.conf changed:
TMPREAPER_PROTECT_EXTRA='/tmp/systemd-private-*/* /var/tmp/systemd-private-*/*'
TMPREAPER_DIRS='/tmp/. /var/tmp/.'
TMPREAPER_DELAY='256'
TMPREAPER_ADDITIONALOPTIONS='--runtime=7200'


-- debconf information:
* tmpreaper/readsecurity_upgrading:
  tmpreaper/readsecurity:
* tmpreaper/TMPREAPER_TIME:
* tmpreaper/confignowexists:

Bug#929383: live-build fails if there's some updates for same kernel

[PICCORO McKAY Lenz]

Package: live-build
Version: 1:20170213
Severity: serius

when try to build live strecht image with differents mirros (i setup not
only "mirror-" also setup "parent-mirror-" due bandwicht usage behind
firewallin also optimization of my bandwicht account spend..

IN ANY CASE: noted that i have various versions of the linux-image packages
(some from security others from recent uploads) such:

linux-image-4.9.0-9-686_4.9.168-1+deb9u2_i386.deb
linux-image-4.9.0-9-686_4.9.168-1_i386.deb

this happened if i configured http://ftp.wa.au.debian.org/debian as mirror
for live-build

so then at the bvinary stage i got that error:

mv: target ‘binary/live/vmlinuz1’ is not a directory
P: Begin unmounting filesystems...
P: Saving caches...
Reading package lists... Done
Building dependency tree
Reading state information... Done


NOTED THE "‘binary/live/vmlinuz1’ that i guess must be
‘binary/live/vmlinuz’ ?

i tried various configurations but the only working if when i disable all
mirrors configurations and only use only one mirror for all the stages...
and if those mirrors are only in sync...

i think the mirror "out of sync" are not a response to the problem due the
scripts must only take the configured version that i suppot to point at the
command line such :

--linux-flavours "586 686-pae" \
--linux-packages "linux-image linux-headers" \

This does not happened with amd64 if i build jessie image but fails for all
setup of i386 using any release such stretch, buster of oldstable when te
mirrors are not in sync with most recents

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
Description: rollback the drop of the backports customizations due now merged in main repo
Author: PICCORO Lenz McKAY 

---
Origin: https://salsa.debian.org/live-team/live-build/commit/dd15ade8bbdc6360816ed858253e7aaa68e4c9c2

--- live-build-4.0.4.orig/functions/defaults.sh
+++ live-build-4.0.4/functions/defaults.sh
@@ -435,6 +435,31 @@ Set_defaults ()
 			;;
 	esac
 
+	# Setting backports mirror to fetch packages from
+	case "${LB_MODE}" in
+		debian)
+			_DISTRIBUTOR="$(lsb_release -sc)"
+			case "${_DISTRIBUTOR}" in
+jessie|wheeze)
+	LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-http://archive.debian.org/debian-backports/};
+	LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT_BACKPORTS}}"
+	;;
+*)
+	LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-http://backports.debian.org/debian-backports/};
+	LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT_BACKPORTS}}"
+	;;
+			esac
+			;;
+
+		progress-linux)
+			LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT}}"
+			;;
+		*)
+			LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-none}"
+			LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-none}"
+			;;
+	esac
+
 	# Setting mirror which ends up in the image
 	case "${LB_MODE}" in
 		debian)
@@ -489,6 +514,30 @@ Set_defaults ()
 			;;
 	esac
 
+	# Setting backports mirror which ends up in the image
+	case "${LB_MODE}" in
+		debian)
+			_DISTRIBUTOR="$(lsb_release -sc)"
+			case "${_DISTRIBUTOR}" in
+jessie|wheeze)
+	LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-http://archive.debian.org/debian-backports/};
+	LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT_BACKPORTS}}"
+	;;
+*)
+	LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-http://ftp.de.debian.org/debian-backports/};
+	LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT_BACKPORTS}}"
+	;;
+			esac
+			;;
+		progress-linux)
+			LB_MIRROR_BINARY_BACKPORTS="${LB_MIRROR_BINARY_BACKPORTS:-${LB_MIRROR_BINARY}}"
+			;;
+		*)
+			LB_PARENT_MIRROR_BINARY_BACKPORTS="${LB_PARENT_MIRROR_BINARY_BACKPORTS:-none}"
+			LB_MIRROR_BINARY_BACKPORTS="${LB_MIRROR_BINARY_BACKPORTS:-none}"
+			;;
+	esac
+
 	case "${LB_MODE}" in
 		progress-linux)
 			LB_PARENT_MIRROR_DEBIAN_INSTALLER="${LB_PARENT_MIRROR_DEBIAN_INSTALLER:-${LB_MIRROR_CHROOT}}"
--- live-build-4.0.4.orig/scripts/build/chroot_archives
+++ live-build-4.0.4/scripts/build/chroot_archives
@@ -160,11 +160,11 @@ EOF
 debian)
 	if [ "${LB_PARENT_DISTRIBUTION}" != "sid" ]
 	then
-		echo "deb ${LB_PARENT_MIRROR_CHROOT} ${LB_PARENT_DISTRIBUTION}-backports ${LIVE_IMAGE_PARENT_ARCHIVE_AREAS}" >> chroot/etc/apt/${_PARENT_FILE}
+		echo "deb ${LB_PARENT_MIRROR_CHROOT_BACKPORTS} ${LB_PARENT_DISTRIBUTION}-backports ${LIVE_IMAGE_PARENT_ARCHIVE_AREAS}" >> chroot/etc/apt/${_PARENT_FILE}
 
 		if [ "${_PASS}" = "source" ] || [ "${LB_APT_SOURCE_ARCHIVES}" = "true" ]
 		then
-			echo "deb-src ${LB_PARENT_MIRROR_CHROOT} ${LB_PARENT_DISTRIBUTION}-backports ${LIVE_IMAGE_PARENT_ARCHIVE_AREAS}" >> chroot/etc/apt/${_PARENT_FILE}
+			echo "deb-src ${LB_PARENT_MIRROR_CHROOT_BACKPORTS} ${LB_PARENT_DISTRIBUTION}-backports 

Bug#929364: live-manual out of sync with lasted bug#929271 and live-build changes

[PICCORO McKAY Lenz]

Package: live-manual

Hi i separate this issue from bug #929271 where we pointing some
misconfigurations and references out of date, including links of
documentation

El mié., 22 de may. de 2019 a la(s) 06:18, Roland Clobus
(rclo...@rclobus.nl) escribió:
>
> Issue 3: Unrecognized command line option
>
> As noted in my first response to this bug report, I will update the
> manual to match the current code. The time I spent on writing this mail
> has provided me with lots of information on how to update the manual to
> match the current implementation of the live-image building tools.

i revised the live manual and there's too many work to do.. i can help and
to get sure this are in good made i opened this bug report and please do not
close until we can check that all need references are corrected.. in
any case if think it's not necesary please close as soon as possible

i just now building images with live-build of jessie, strecht and buster
so i can check in mayor way if the results are enought

>
> I am not aware of these notes, on which URL can I find them?
> It can be that local mirror will not be synced yet or only a partial
> mirror, but you can always add an additional repository.
>

Bug#929369: ITP: ruby-referer-parser-- Library for extracting marketing attribution data from referer URLs

[Samyak Jain]

Package: wnpp
Severity: wishlist
Owner: Samyak Jain 

* Package name: ruby-referer-parser
  Version : 0.3.0
  Upstream Author : Inside Systems 
* URL : https://github.com/snowplow/referer-parser
* License : Expat
  Programming Lang: Ruby
  Description : Library for extracting marketing attribution data
from referer URLs

 Library for extracting marketing attribution data from referer URLs
 This gem intends for creation of libraries for extracting marketing
 attribution such as: search terms, from the referer (sic) URLs.
 These libraries are currently used by Snowplow
 (http://github.com/snowplow/snowplow).It act as a database  for extracting
 marketing attribution data.The referer-parser project also contains multiple
 libraries for working with the referer-parser database in different languages.


It is a dependency for loomio and hence needs to be packaged.

Thanks,
Samyak Jain

Bug#929371: pcp: bcc module is missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The bcc module is missing.

Seems it simply needs Python BCC library available at build time.

Please build-depend on python3-bpfcc


 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlU8UACgkQLHwxRsGg
ASG1kQ/+NxaxbEZN1K4VygWN0bnt3Ko37RvHztPeUEf3UaGe9JPdlZcdMQAKWjer
DZvqkxv2ArLkZnIalN6uPHrFvwrm4lTzJ9olHnuMPwzjFVz6Aw2Bs73yCX8b7xmJ
0TurpW+i5wcdS02YqM1cYR0WCp8uyL2oBVU8NjZLWFRsi0dcV/pY7f2Knlri7PgA
Ear5VQK0A0nNSX9PkS117AB4PIJ1XZ/4Qh3+xzfsV6h3suYM+965Yz8/Tok7dB3B
O0OTHlcyYdQMTHWPSV3TEu8NK3uO7lWNNUeJTzMRSxt/L5NADYlN3p/61vLO4jAl
0luWSR/p/+4+QR38wAvG74C6MEzHh9G9hM3tkXHNAan+YRwE/WUd1iZZpWnLsTut
u8TJLz4C/GCg3PiTC+52y8MbmnWrI1HmmrWIO/M29Tql2fweq5Czkw+eQFUj6ACP
DDOcMmjYA9whLWWh3U2/mkPSga+sWLEb+NcWuZ7tDgOlNEaXs4hSdX7KZAU84oDd
aSwL/OZgNdyk8ZvPcHKfxSHfZQJazipN6kM8GT6tlbNJAWfUJAdVh8klv/mr3fdz
TxpjfehUI5/OSNwe9akGElVWzmdVO+ihDnnEUR2nMklWrSq7DWRpTsEdqJjLW1TB
9t+3fjO3unhXvP0NCULnuJXgZo4kIM/HC/gH/0w6YaO+Om6oISI=
=lgs4
-END PGP SIGNATURE-

Bug#929370: unblock: lprng/3.8.B-2.2

[Sam Hartman]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package lprng

Lprng didn't run with buster dpkg because start-stop-daemon --stop got
more careful about ownership of pid files.  It also didn't really work
with systemd because systemctl start lprng failed if lpd was already
running.

Uploaded to unstable just now so probably not dinstalled.




unblock lprng/3.8.B-2.2

diff --git a/debian/changelog b/debian/changelog
index 9849a12..2854c8e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+lprng (3.8.B-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Specify executable and user to stop-start-daemon; closes security
+issue and fixes starting  with buster dpkg, Closes: #928040
+  * Use --oknodo on start so that systemd doesn't fail if lprng is already
+running, Closes: #908770
+
+ -- Sam Hartman   Wed, 22 May 2019 09:18:03 -0400
+
 lprng (3.8.B-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --git a/debian/lprng.init.in b/debian/lprng.init.in
index b4df6b7..97edabd 100644
--- a/debian/lprng.init.in
+++ b/debian/lprng.init.in
@@ -97,7 +97,7 @@ case "$1" in
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" lpd
initialise
if start-stop-daemon --start --quiet --pidfile "${PIDFILE}" \
-   --exec $DAEMON ; then
+   --oknodo --exec $DAEMON ; then
[ "$VERBOSE" != no ] && log_end_msg 0
else
[ "$VERBOSE" != no ] && log_end_msg 1
@@ -106,7 +106,8 @@ case "$1" in
;;
   stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" lpd
-   if start-stop-daemon --stop --oknodo --quiet --pidfile "${PIDFILE}" ; 
then
+   if start-stop-daemon --stop --oknodo --quiet --pidfile "${PIDFILE}" \
+   --exec $DAEMON --user daemon ; then
cleanup
[ "$VERBOSE" != no ] && log_end_msg 0
else
@@ -129,7 +130,8 @@ case "$1" in
;;
   restart|force-reload)
[ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" lpd
-   start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" 
+   start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" \
+   --exec $DAEMON --user daemon
sleep 1
initialise
start-stop-daemon --start --quiet --pidfile "${PIDFILE}" \

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (500, 'stable'), (200, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#924554: Bug#928108: unblock: unattended-upgrades/1.12 ?

[Bálint Réczey]

Control: tags -1 - moreinfo
Control: retitle -1 unblock: unattended-upgrades/1.11.1


Hi Paul,

Paul Gevers  ezt írta (időpont: 2019. máj. 21., K, 21:06):
>
> Control: tags -1 confirmed moreinfo
>
> Hi Bálint,
>
> On 21-05-2019 09:58, Bálint Réczey wrote:
...
> > Please find the the patch attached for cherry-picking only the fix for
> > #924554. If you prefer adding only this fix to Buster I will upload
> > this change to unstable then it can be let to testing.
>
> You can go ahead with that, except I prefer not to have the +deb10u1
> version as that looks weird for an unstable upload. Seem like you could
> use 1.11.1 or something along those lines.
>
> Please remove the moreinfo tag when the package built successfully.

Done, with the version number adjusted. The failing autopkgtest is not
related to this change.

Cheers,
Balint

Bug#929381: needs cdrecord binary which isn't in Debian

[Felix Zielcke]

Package: simpleburn
Version: 1.8.0-1+b3
Severity: grave

I tried burning an iso with simpleburn but it completely fails due to depending 
on cdrecord:

$ simpleburn
command: simpleburn.sh /dev/cdrom b-iso 'debian-buster-DI-rc1-amd64-netinst.iso'
/usr/bin/simpleburn.sh: line 171: cdrecord: command not found

cdrecord isn't avaible even in oldstable.

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages simpleburn depends on:
ii  cdrdao   1:1.2.4-1
ii  cdrskin  1.5.0-1
ii  icedax   9:1.1.11-3+b2
ii  libatk1.0-0  2.30.0-2
ii  libc62.28-10
ii  libcairo-gobject21.16.0-4
ii  libcairo21.16.0-4
ii  libcddb2 1.3.2-6
ii  libcdio-utils2.0.0-2
ii  libcdio182.0.0-2
ii  libdvdread4  6.0.1-1
ii  libfribidi0  1.0.5-3.1
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.58.3-1
ii  libgtk-3-0   3.24.5-1
ii  libpango-1.0-0   1.42.4-6
ii  libpangocairo-1.0-0  1.42.4-6
ii  xorriso  1.5.0-1

Versions of packages simpleburn recommends:
pn  flac
pn  mencoder
pn  mpg123  
pn  mplayer | mplayer2  
pn  normalize-audio 
pn  vorbis-tools

simpleburn suggests no packages.

-- no debconf information

Bug#929005: superkb FTCBFS: upstream build system hard codes build architecture tools

[Helmut Grohne]

On Wed, May 22, 2019 at 05:35:08AM -0500, Octavio Alvarez wrote:
> First, in commit b364c89897 [1] I moved the help text outside of main.c into
> a separate header file.

It seems to me that this commit misses the addition of the separate
header file.

> However, I clean the Bash script in a later commit (b5a418cc40 [3]) to use
> cpp -E instead of sed to parse the .h file. This is better because cpp is
> the proper parser for an .h file. Please confirm that this use of cpp does
> not break cross-compilation.

You're using the build architecture cpp. One usually expects both build
and host compilers to be available. That's fine for this use.

Helmut

Bug#929367: sqlsmith FTCBFS: broken, oudated, embedded copy of AX_BOOST_BASE

[Helmut Grohne]

Package: sqlsmith
Version: 1.2.1-1
User: helm...@debian.org
Usertags: rebootstrap

sqlsmith fails to cross build from source, because it contains a broken,
embedded, outdated copy of AX_BOOST_BASE that is affected by #872256.
Please remove the copy or update it and register it with the security
tracker.

Helmut

Bug#929362: icedtea-web: IcedTea plugin is gone, and Java applets no longer load in Konqueror web browser and co

[Emmanuel Bourg]

Hi Milko,

Le 22/05/2019 à 13:33, Milko Krachounov a écrit :

> In addition, 1.6.2-3.1 has been removed from mirrors, and apt defaults to
> deleting /var/cache/apt/archives, so we cannot downgrade

If that helps you can still download the previous binaries from
snapshot.debian.org:

   http://snapshot.debian.org/package/icedtea-web/

But Java applets are history now, there isn't much point still
supporting NPAPI. I suggest contacting the author of the applet and
requesting an alternative.

Emmanuel Bourg

Bug#929375: ITP: jarchivelib -- simple archiving and compression library for Java

[merkys]

Package: wnpp
Owner: Andrius Merkys 
Severity: wishlist

* Package name    : jarchivelib
  Version : 1.0.0
  Upstream Author : Thomas Rausch
* URL : https://rauschig.org/jarchivelib/
* License : Apache-2.0
  Programming Lang: Java
  Description : simple archiving and compression library for Java
 A simple archiving and compression library for Java that provides a
thin and
 easy-to-use API layer on top of the powerful and feature-rich
 org.apache.commons.compress.

Remark: This package is to be maintained with Debian Java Maintainers at
   https://salsa.debian.org/java-team/jarchivelib

This package is required by deepboof, which I intend to package.

-- 
Andrius Merkys
Vilnius University Institute of Biotechnology, Saulėtekio al. 7, room V325
LT-10257 Vilnius, Lithuania

Bug#929374: unblock: debian-security-support/2019.05.22

[Holger Levsen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-security-support, the trivial debdiff is
inline below. This change is only useful to have in Buster, so that we
can have this version (modulo ~deb9u1) in Stretch without breaking the
archive constraints.

(
 If you think this is non-sense/sub-optimal, please tell me a better
 plan. I'm not fully convinced this is sensible though I do think we
 should inform Stretch users about ended security support. OTOH cherry
 picking commits seems more work than this, and having the version in
 sync in the different suites also seems useful to me.
)

unblock debian-security-support/2019.05.22

$ debdiff debian-security-support_2019.05.14.dsc 
debian-security-support_2019.05.22.dsc
diff -Nru debian-security-support-2019.05.14/check-support-status.hook 
debian-security-support-2019.05.22/check-support-status.hook
--- debian-security-support-2019.05.14/check-support-status.hook
2019-05-14 11:36:45.0 +0200
+++ debian-security-support-2019.05.22/check-support-status.hook
2019-05-14 14:09:54.0 +0200
@@ -3,9 +3,7 @@
 #%# Copyright (C) 2014-2017 Christoph Biedl 
 #%# License: GPL-2.0-only
 
-# This codes duplicates "postinst configure"
-# 20190514: but why? and why all of it, eg the user creation?
-# FIXME: we should drop this after the Buster release, this is tracked as 
#928968.
+# This codes duplicates "postinst configure", see #928968 why this has to be 
done...
 
 set -e
 
diff -Nru debian-security-support-2019.05.14/debian/changelog 
debian-security-support-2019.05.22/debian/changelog
--- debian-security-support-2019.05.14/debian/changelog 2019-05-14 
11:48:37.0 +0200
+++ debian-security-support-2019.05.22/debian/changelog 2019-05-22 
14:49:10.0 +0200
@@ -1,3 +1,13 @@
+debian-security-support (2019.05.22) unstable; urgency=medium
+
+  * Mark jasperreports as end-of-life in Stretch as well. Closes: #884907.
+  * Explain in comments to check-support-status.hook and postinst that code
+needs to be present in both files as the hook could be run before
+postinst. #928968 has a longer explanation why and is used for tracking
+that this will be properly fixed eventually.
+
+ -- Holger Levsen   Wed, 22 May 2019 14:49:10 +0200
+
 debian-security-support (2019.05.14) unstable; urgency=medium
 
   * check-support-status.in: don't fail if security-support-ended.debX does
diff -Nru 
debian-security-support-2019.05.14/debian/debian-security-support.postinst 
debian-security-support-2019.05.22/debian/debian-security-support.postinst
--- debian-security-support-2019.05.14/debian/debian-security-support.postinst  
2019-05-14 11:16:42.0 +0200
+++ debian-security-support-2019.05.22/debian/debian-security-support.postinst  
2019-05-14 14:11:57.0 +0200
@@ -7,6 +7,13 @@
 USERNAME=debian-security-support
 LIB_DIR="/var/lib/$USERNAME"
 
+##
+##
+# WARNING: if you modify code here, you probably also need to modify #
+#  ../check-support-status.hook  #
+##
+##
+
 case "$1" in
 configure)
 # assert user
diff -Nru debian-security-support-2019.05.14/security-support-ended.deb9 
debian-security-support-2019.05.22/security-support-ended.deb9
--- debian-security-support-2019.05.14/security-support-ended.deb9  
2018-03-16 15:39:59.0 +0100
+++ debian-security-support-2019.05.22/security-support-ended.deb9  
2019-05-22 14:06:16.0 +0200
@@ -11,3 +11,4 @@
 #In the program's output, this is prefixed with "Details:"
 
 tomcat6  6.0.45+dfsg-1   2016-12-31  
https://lists.debian.org/debian-java/2016/01/msg00069.html
+jasperreports4.1.3+dfsg-32017-12-09  
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880467#10


Thanks.

-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Some people say that the climate crisis  is something that we all have created,
but  that is not true,  because if everyone is guilty  then no one is to blame.
And someone is to blame.  Some people, some companies,  some decision-makers in
particular, have known exactly what priceless values they have been sacrificing
to continue making unimaginable amounts of money.


signature.asc
Description: PGP signature

Bug#929368: pcp: postfix module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

postfix module is missing.

Seems auto-enabled when qshape (in package postfix) is available.

Please build-depend on postfix.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlUgEACgkQLHwxRsGg
ASH1AA//daCldiIFFret0U1OUuPzzwM4klwLl6KcAGbI+Y4NiTcAzhbb1CFKzTYR
EWPf2M/+bqI1iZrsdde9dQctyRzs+NlQbd0QbXAAxUz4KstCYZMxxIG7WhGIZi38
aQ/5LTB+NCSL8CPFWSaAmI7nS0+jgeP+yL61oriVgF/Lwh9k6IhZQaEpyDa9uC4C
UK2d4eFUClSJFpUcN3PRJHY8Wa4nCzbx0l8UF/DFt5gQMMvklujiXvKBN3eDbGy0
wObyl90PcKQF8i6yp2dwHGF4Upl0gYwf6MSqzRXwrdeI60YhLrMZZ4xl099fjfRv
DNZeHyrFvbS1VltUrhIeK5MF3jgu1rUdMELotQtbnKs0SfxpibdhmHUyNAcamYWI
pveWIc2gOo6TQ+TBQZzGOnZSCIqnTzqWJv7y53k5l+IVFi+QtEhH5rsa4A5o+Yvl
YbpkudW8B7IUCynV+TE0OL3tc0wcpEucXCTjBk4qTOOmqTr0LBNSHuy8O7r+Uy/k
qxufIYnhnz19Kq0imnDh897PLrRs+vd9537i09tXIrznyTclGL8EHSxxrPAB0re1
DMF9JyNiZvvv5GyAkaRfaACvt2hyfYuUJ9u9IuhSWUVc1UWziEDiYLcB/og8+93J
mhzwSuKArGvgv+rEZAMa/Fh8oWpGE0p8aa3d10OdDDykPzc0Fgs=
=sAhr
-END PGP SIGNATURE-

Bug#908770: NMU Diff for 3.8.B-2.2

[Sam Hartman]

Dear maintainer.
Given where we are in the release I've uploaded the following NMU to
unstable.
Obviously if you'd prefer a different fix you are welcome to revert.

diff --git a/debian/changelog b/debian/changelog
index 9849a12..2854c8e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+lprng (3.8.B-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Specify executable and user to stop-start-daemon; closes security
+issue and fixes starting  with buster dpkg, Closes: #928040
+  * Use --oknodo on start so that systemd doesn't fail if lprng is already
+running, Closes: #908770
+
+ -- Sam Hartman   Wed, 22 May 2019 09:18:03 -0400
+
 lprng (3.8.B-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --git a/debian/lprng.init.in b/debian/lprng.init.in
index b4df6b7..97edabd 100644
--- a/debian/lprng.init.in
+++ b/debian/lprng.init.in
@@ -97,7 +97,7 @@ case "$1" in
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" lpd
initialise
if start-stop-daemon --start --quiet --pidfile "${PIDFILE}" \
-   --exec $DAEMON ; then
+   --oknodo --exec $DAEMON ; then
[ "$VERBOSE" != no ] && log_end_msg 0
else
[ "$VERBOSE" != no ] && log_end_msg 1
@@ -106,7 +106,8 @@ case "$1" in
;;
   stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" lpd
-   if start-stop-daemon --stop --oknodo --quiet --pidfile "${PIDFILE}" ; 
then
+   if start-stop-daemon --stop --oknodo --quiet --pidfile "${PIDFILE}" \
+   --exec $DAEMON --user daemon ; then
cleanup
[ "$VERBOSE" != no ] && log_end_msg 0
else
@@ -129,7 +130,8 @@ case "$1" in
;;
   restart|force-reload)
[ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" lpd
-   start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" 
+   start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" \
+   --exec $DAEMON --user daemon
sleep 1
initialise
start-stop-daemon --start --quiet --pidfile "${PIDFILE}" \


signature.asc
Description: PGP signature

Bug#929271: backports customizations are not enabled for live-build

[PICCORO McKAY Lenz]

A SPECIAL NOTE ABOUT THIS:

El mié., 22 de may. de 2019 a la(s) 06:18, Roland Clobus
(rclo...@rclobus.nl) escribió:
> Issue 2: Building a live image for jessie
> Jessie is now oldstable, and will soon (TM) be oldoldstable. Unless you
> have a compelling reason to use jessie, I would suggest to pick stretch
> or perhaps even buster.
NONE OF THOSE WILL WORK WITH MY CAPTURE CARDS FRAMEGRABBER (that the
driver was removed somehwere in 4.X)
NONE OF THOSE NOW WORK IN MY Pentium II 550MHZ used to play NES and DOS games
NONE OF THOSE NOW WORK "enoucht decent" in my older machiens and i
have a lot of thems

before you says "buy newer" i remenber here that not all the countries
have lot of money to buy machines so easyle!


>
> Note: lb config --distribution stretch works fine
> Note: lb config --distribution buster works fine too
>
> Issue 3: Unrecognized command line option
>
> As noted in my first response to this bug report, I will update the
> manual to match the current code. The time I spent on writing this mail
> has provided me with lots of information on how to update the manual to
> match the current implementation of the live-image building tools.
>
> Issue 4: the program gives options to alter all sources of packages
> except the "backports"
>
> > [snip] the
> > program gives options to alter all sources of packages except the
> > "backports"... because you can alter all and not that?
>
> I think I answered this question with the test for backports as
> mentioned with issue 1. Support for backports is not in the basic
> configuration of 'lb config', you need to explicitly add support for
> that repository, and you can use the configuration files for that.
>
> > I don't think that the excuse of "all are always in the same source" is
> > valid, because according to the installation images as well as the
> > backports images are not always coordinated between all the mirrors
> > origins according to the debian notes.
>
> I am not aware of these notes, on which URL can I find them?
> It can be that local mirror will not be synced yet or only a partial
> mirror, but you can always add an additional repository.
>
> > In addition, not all the countries have excelent internet providers and
> > the net service are expensive in some cases..
>
> For that, you can use something like apt-cacher-ng during the
> construction of the live image.
>
> Summmary: from my personal point of view, only issue 3 remains.
>
> With kind regards,
> Roland Clobus
>
> [1] https://lists.debian.org/debian-devel-announce/2019/03/msg6.html
> [2] https://backports.debian.org/Instructions/
> [3] https://wiki.debian.org/DebianGeoMirror
> [4]
> https://salsa.debian.org/live-team/live-build/commit/dd15ade8bbdc6360816ed858253e7aaa68e4c9c2
> [5]
> https://salsa.debian.org/live-team/live-build/commit/68700f466c142082e7423282ca4caaf7552bf8e9
> [6]
> https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html#379
> [7] http://ftp.debian.org/debian/dists/jessie-updates/
>

Bug#929373: a python-FOO-doc package should suggest/recommend python3-FOO instead of python-FOO

[Chris Lamb]

severity 929373 wishlist
thanks

Matthias Klose wrote:

> Seen when trying to remove Python2 dependencies. A lot of -doc packages
> recommend/suggest the Python2 package, not the Python3 one.

Getcha, assuming that python3-foo exists.
 
> Additionally, I'm not sure if a recommends is really appropriate.

That… would be a different bug/request/conversation altogether. :)


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#929376: pcp: bind2 module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The bind2 module is missing.

Seems to be auto-enabled if a few Perl libraries are available at build-time.

Please build-depend on libfile-slurp-perl and libxml-libxml-perl.

Probably need to have pcp depend on same packages as well.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlXhsACgkQLHwxRsGg
ASFyYBAAkzgiQf2iZbU7JRPQ0SqDVB1HxN4Odsyt6U/hcpEblLndQXHDM73Hpkux
+208spUNPk5kAvfiG0H6BmmiPtrWu/uaFwADFZiihNkt94DC1A+cCTJpVLp1+IuE
bar4/yT2IdhGtvjsT/XdpeEtSOzJ4tHpaN9ncUS8oSboIa9LwauzkYNKwJ9qmfIi
OvenQOC3YPcthNlAoiOG88VTIsSCIoRaDyOhsQHXCGZxjNF50Ad1mpHXJk+yr3BY
5fNAanMt5nclIiHV3+GVQzCjgK8gmy6I+pxVCao2UkDiOLoxC3gmx291zY6FUl6P
RNe19izjFx/kEnqRvPIBW6r7pqNTz9vrpyKSLnR+dVduGD5sQPNW0IyQK3WWeb9H
iVgCT3hmDydOkRGWOn5TSM1zzLMNlkBtVpYOjdYJpYVczok2vrOgbJZDai3P/8Yv
gK1qH3wpxyejo/cWEndmBB9nuCUHrsmb2sCbCbiKo3wC5OBk2x/i6Gt2tmNPJqoF
YUX83jJjVuOS2+iSNrFJiHYGIMCE5huo/RHw3UiarWILhKQxtq2zH+hyasA3bra+
qiIxCCYlcMs37NdE9JRTEdUKJWZyRGHXqbybS/c6njOYhiDAQ2otBCnGPKcqgdsI
KbHCE1/TVXP0vY0Tx6kJzO8ubRyC5G2hNxYhxtWzqmuMkdytwQE=
=xC+T
-END PGP SIGNATURE-

Bug#929379: pcp: libvirt module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The libvirt module is missing.

Seems auto-enabled when Python lxml module is available at build-time.

So please build-depend on python3-lxml.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlYFwACgkQLHwxRsGg
ASFCoA/9HEhsJF+wg6nqCOV0JDBSKFx+VcVA91TA/lYZfuqfbSQVxaxYweczQxwp
6D/GXc+Nxxn4c3b5DvuDiywVl9xPYYAHQ1VIEuveOy6U5MhQjqvBgumN9EYhCwpe
U3J+1Vi3RQcwb9N0vPKMfCd4PDiNkDA/HbWc3GUpG4Ak+CTltOzEWE+U38C1jdjJ
FW0d+o2U3V7NO/NyOXD03bIzJRwbWqnhxhedK825+HULoAh7Ad+PYO6/jl//DTN0
DGtd1DL13RxXltakQV5X7nYt/ie2oFHV2XiKzVcp1knsNHkUtGcu5eG2/kEoqFcd
JT60p787xhtszUTsD+EIsYlI30lwnazndKUz5hj70XzrBC5u7EuCFg45O6CMR8xu
Ez8v36YEVCl28xMpYWFA9JDuVFjGvvY3P1t7N2oCo+OnNLAMBzdEZLN8AgXe4CRZ
VNIpr5AqLcZjcCOR69TCb86bU3vB4Niidxni6PsxKRpX8H4xzAF+pjD+0VoKmtrK
fphB/yMjTb1r1DJPZ3m1QNLHS6jT0O2PtJGmlgsX15mwhy3rqcLSMTc3cdiEEzxx
HUxglEGjumDGbDnZNT5u6LOu86OdwrRproLcWy+HkOQVLdl7EbB2LaNAMmlRMnAS
NnvImSro0yfNMD1kFNebf0BCXqVLju9LntlYcecmfXKDiL7/eLo=
=Y9Bd
-END PGP SIGNATURE-

Bug#929378: pcp: LIO module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The LIO module is missing.

Seems auto-enabled when Python module rtslib is available at build-time.

So please build-depend on python3-rtslib-fb

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlX+gACgkQLHwxRsGg
ASEhLBAAkVputGxgoJNU2Dk15guRE4HT+iZuFB9dhXnxHb/hBbKCZLKNeH7+hhkr
GA9m+VeivcA/5I8Q/iCaW0Zw6H4H6Dtzf+O8bsJ7TBEL3uDP7DVr1t9Al7eyPWaD
DbLSSoqEjZBLWBTjQeuuyaW9ry65xsnf7KMArX+Flxb0XubLfVoBCnsnFUTl0C1T
+b+P356iFGvqz5IBqM1HE3Emq35v2cUnO1fgMZOPj79LhDzSyRpcZOoKH4xgoe2Z
XiVbzmPpzeUl0nmammX6grgLQltZWC6C/DxoV51DmLMcqOY6fxytlqkEL+pGxdyW
Nuji7sqBk4TTgi69SeqFSo+Hs7csgKxG2wHECaIIgCIVZRc8+iK5wAbU+fNcOa3E
nEXGv298u6s5xW9w4RGgT9xQ1TdBoj8JahP68iStL3JhbWhEZoUucY/hN1Pa/F2N
ZTX6XDACJT907HP1LwcqD3VkldVvx5Op8GguHKCD/YrqM6csY6AORQAHE1QshXZQ
N1hhf2ojC92P2Mxx3Kytiuq9qCztaAZSpwZi3YQRXHL4+AbWdtTcVyRz657Jo8c2
5g1a1U72/QuFSppY48yxg9SZ2pM6IfzkIds3p0V4tIHa5YjcDaF92O+SmQ1oIYfT
OuB1d2XgIhyhefzXnX8rJVpTVpHCqp0zT3j20wP9hYRwbMUxE5k=
=KwN/
-END PGP SIGNATURE-

Bug#928164: backports work

[Frederic Peters]

Hi Thijs,

> >> I would have been OK to have 2.6.0 of liblasso3 in stretch backports,
> >> and I was in the believe that I had installed it. But when checking,
> >> I'm still running 2.5.0-5+b1. Spooky
> 
> > I'll see about uploading 2.6.0 to backports.
> 
> That would be great. I have a backport of libapache2-mod-auth-mellon in
> stretch, to allow to use SHA256 with mellon. But the signatures fail
> because of https://dev.entrouvert.org/issues/10019
> 
> That is fixed in lasso 2.5.1. So having a lasso >= 2.5.1 in backports
> would really help us aswell.
> 
> I can help out with the backport work if needed.

Per https://backports.debian.org/Contribute/#index3h3 I asked to be
added to the ACL but no news yet; as you are already in I'd suggest you
go ahead and upload lasso (afaik there are no technical difficulties
and I'm using a local backport at $dayjob).


cheers,

Frederic

Bug#929063: Moving SELinux check

[Jesse Smith]

On 5/22/19 11:57 AM, Thorsten Glaser wrote:
> On Wed, 22 May 2019, Jesse Smith wrote:
>
>> I don't think removing the SELinux dependency from init actually saves
>> us any RAM. Several other services link to these libraries too, so the
> Maybe, maybe not. (I’m fairly sure I’ve got some VMs without.)
>
> Other services can, however, be more easily restarted than the entire
> system, in case of a security fix for that library.
>
>

How do you think an attacker would exploit a flaw in a SELinux library
through init? SysV init doesn't interact with the user, doesn't read any
files directly after it's up and running, doesn't listen on any sockets.
About the only way to interact with PID1 is through a pipe that can only
be written to by root.

Bug#929372: pcp: systemd module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

systemd module is missing.

Seems it is auto-enabled when libsystemd-dev is available at build-time.

Please build-depend on libsystemd-dev


 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlVVwACgkQLHwxRsGg
ASEjFQ/6Ak8oh0Us7xfC0tdrO+PG3ucJ2l0mw/qQ2usEvsM9K7BrfcSciH1D3nZR
dVMW1UPahed0jdA8OqaQw+5ae2/xUZlvSh30fAIA4bhsgI3MRuMzNyGT/22e14g5
xi0yliIwSFy5igKwuDzhKzNkWjpGCkcNvedCZH/3IIbva+cXmFhC/2pjF7kRwc7A
Wi5s3uYa9l6Q7/i59mUDckUq4/1SMl9Euc1PzNacoJeTjQ8p5VhscWv8z72vf19f
6r8mp8DR84NSm4HXd+NP9emEUA/CscFoUH6yRtyc3cwrLhxyMdco5mQn7PtLsn7D
7ebJ/N/xnzEBlQjqyDY/nT05zlyN8bD9iClpLKYp3KBTWp/zYM2/cmYcbaFgI3Mc
q3zqqV+CXB1WCOYCPtO96wleWnc/18jl5s5LshRTs478/o+6geC96KaqeubT9qdp
z/SS+tWfy7nY6Fq8vWlSbasNFi4jFcvaXwVJa2LV5N9lo/HsnoTGLo0BHyM8uRSh
uX+TmCGBHTSOeuhlAUF7XkN2Byip5CFqVmeOyXsrZGUrYmiliEPPqy+4BC99RswN
Xa2/StumF0/zDEEAkIVQnQrNUj1kRffQSqh+FZiiFp5+n1tLEJMqL8POS+6wZG+5
qsl04/NFrPiVf9q1GuaEa0nO8qPRXRzKAHaFaxJ6OwL78BLs4yY=
=Doh/
-END PGP SIGNATURE-

Bug#929063: Moving SELinux check

[Jesse Smith]

On 5/21/19 8:45 PM, Dmitry Bogatov wrote:
> [2019-05-18 16:14] Jesse Smith 
>> From a practical perspective, I'm curious if there is any benefit or
>> drawback. Is this patch fixing a known bug,
>> does it significantly reduce the size of PID 1 in memory?
> Not that I really care about 1Mb of RAM, but:
>
> 152K  /lib/x86_64-linux-gnu/libselinux.so.1
> 692K  /lib/x86_64-linux-gnu/libsepol.so.1
> 460K  /lib/x86_64-linux-gnu/libpcre.so.3.13.3

I don't think removing the SELinux dependency from init actually saves
us any RAM. Several other services link to these libraries too, so the
libraries are loaded into RAM anyway and should be shared between the
various services. Unless SELinux is culled from every low-level daemon
that 1MB RAM is still going to be used.

Bug#929063: Moving SELinux check

[Thorsten Glaser]

On Wed, 22 May 2019, Jesse Smith wrote:

> I don't think removing the SELinux dependency from init actually saves
> us any RAM. Several other services link to these libraries too, so the

Maybe, maybe not. (I’m fairly sure I’ve got some VMs without.)

Other services can, however, be more easily restarted than the entire
system, in case of a security fix for that library.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**

Bug#929382: python3-lib389: dsidm posixgroup create fails due to Namespace error in cli_idm/posixgroup.py

[Jörg Behrmann]

Package: python3-lib389
Version: 1.4.0.22-1
Severity: normal
Tags: patch

When running 

dsidm  posixgroup create foo

to create the group foo, dsidm fails with a namespace error, saying that
args does not have the attribute extra.

The problem can be found in versions 1.4.0.21 and 1.4.0.22 and has been
fixed upstream.

A patch is attached.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-lib389 depends on:
ii  python3   3.7.2-1
ii  python3-argcomplete   1.8.1-1
ii  python3-argparse-manpage  1.1-1
ii  python3-dateutil  2.7.3-3
ii  python3-ldap  3.1.0-2
ii  python3-pyasn10.4.2-3
ii  python3-pyasn1-modules0.2.1-0.2
ii  python3-pytest3.10.1-2
ii  python3-six   1.12.0-1

python3-lib389 recommends no packages.

python3-lib389 suggests no packages.

-- no debconf information
--- posixgroup.py.broken2019-05-22 16:51:15.051955626 +0200
+++ posixgroup.py   2019-05-22 16:52:03.423941608 +0200
@@ -39,7 +39,7 @@
 _generic_get_dn(inst, basedn, log.getChild('_generic_get_dn'), MANY, dn, 
args)
 
 def create(inst, basedn, log, args):
-kwargs = _get_attributes(args.extra, MUST_ATTRIBUTES)
+kwargs = _get_attributes(args, MUST_ATTRIBUTES)
 _generic_create(inst, basedn, log.getChild('_generic_create'), MANY, 
kwargs, args)
 
 def delete(inst, basedn, log, args):

Bug#923930: FTBFS: FAIL test_chain

[Jeffrey Altman]

Background on this test failure.

The reason that the Heimdal 7.5.0 tests began to fail after they
previously succeeded is because the failing test relies upon an X.509
certificate that expired on March 4 2019.

Then post 7.5.0 support was added to support OpenSSL 1.1 which included
the ability to handle certificates with expiration dates post 19 Jan
2038 03:14:07 UTC.

Heimdal also updated the test suite certificates to last 500 years.
These certificates work fine on platforms with 64-bit time_t but on
platforms such as Debian Linux i386 where time_t is 32-bit, the tests
will fail.

There has been no code change to Heimdal and there is no intention to
replace the use of time_t within Heimdal for a Heimdal specific time
integer type within the Heimdal 7.x series.  Making such a change would
alter not only APIs but ABIs.  Its unclear when or if we could make such
a change for the same reasons that Debian cannot alter the size of
time_t on i386.

Jeffrey Altman
Heimdal Project Manager



smime.p7s
Description: S/MIME Cryptographic Signature

Bug#929402: unblock: debian-games/3

[Markus Koschany]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-games

debian-games is a collection of metapackages. This update reflects the
latest changes in Buster. Three packages that were recommended by
debian-games will not be part of Debian 10. They are still present in
unstable, so I have changed the recommendations to Suggests.

unblock debian-games/3

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
diff -Nru debian-games-2.6/debian/changelog debian-games-3/debian/changelog
--- debian-games-2.6/debian/changelog   2019-02-10 14:13:56.0 +0100
+++ debian-games-3/debian/changelog 2019-05-20 00:01:59.0 +0200
@@ -1,3 +1,10 @@
+debian-games (3) unstable; urgency=medium
+
+  * Suggest Netbeans, cuyo and holdingnuts because they will not be part of
+Debian 10 "Buster".
+
+ -- Markus Koschany   Mon, 20 May 2019 00:01:59 +0200
+
 debian-games (2.6) unstable; urgency=medium
 
   * games-tasks: Depend on ${misc:Depends}
diff -Nru debian-games-2.6/debian/control debian-games-3/debian/control
--- debian-games-2.6/debian/control 2019-02-10 14:13:56.0 +0100
+++ debian-games-3/debian/control   2019-05-20 00:01:59.0 +0200
@@ -387,7 +387,6 @@
 deal,
 dealer,
 gsalliere,
-holdingnuts,
 lmemory,
 openpref,
 pescetti,
@@ -401,6 +400,7 @@
 xsol
 Suggests: dds,
   gnome-games,
+  holdingnuts,
   kdegames,
   python-pydds,
   yahtzeesharp
@@ -734,9 +734,9 @@
 liblwjgl-java,
 libpixels-java,
 libsvgsalamander-java,
-libupnp-java,
-netbeans
+libupnp-java
 Suggests: freecol,
+  netbeans,
   triplea
 Description: development of games in Java
  This metapackage will install a selection of suitable tools and packages to
@@ -1247,7 +1247,6 @@
 bastet,
 blockout2,
 crack-attack,
-cuyo,
 flobopuyo,
 freealchemist,
 frozen-bubble,
@@ -1264,7 +1263,8 @@
 vitetris,
 xbubble,
 xwelltris
-Suggests: kblocks
+Suggests: cuyo,
+  kblocks
 Description: Debian's tetris-like games
  This metapackage will install tetris-like games.
 

Bug#929386: Can you please run `inject-into-salsa-git` on your local clone (Was: Bug#929386: r-cran-webgestaltr: FTBFS (missing builds-depends))

[Andreas Tille]

Hi Steffen,

can you please run `inject-into-salsa-git` on your local clone.  There is
no Git repository at

   https://salsa.debian.org/r-pkg-team/r-cran-webgestaltr

Kind regards

  Andreas.

-- 
http://fam-tille.de

Bug#929406: hdf5: libhdf5-*103-1 missing Breaks+Replaces: libhdf5-*103

[Andreas Beckmann]

Package: 
libhdf5-103-1,libhdf5-cpp-103-1,libhdf5-mpich-103-1,libhdf5-mpich-cpp-103-1,libhdf5-openmpi-103-1,libhdf5-openmpi-cpp-103-1
Version: 1.10.5+repack-1~exp6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'experimental' to 'experimental'.
It installed fine in 'experimental', then the upgrade to 'experimental' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package libhdf5-103-1:amd64.
  Preparing to unpack .../libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb ...
  Unpacking libhdf5-103-1:amd64 (1.10.5+repack-1~exp6) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb (--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.1.0', 
which is also in package libhdf5-103:amd64 1.10.5+repack-1~exp5
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb

  Selecting previously unselected package libhdf5-openmpi-103-1:amd64.
  Preparing to unpack .../libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb 
...
  Unpacking libhdf5-openmpi-103-1:amd64 (1.10.5+repack-1~exp6) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb 
(--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/libhdf5_openmpi.so.103', 
which is also in package libhdf5-openmpi-103:amd64 1.10.4+repack-10
  Selecting previously unselected package libhdf5-openmpi-cpp-103-1:amd64.
  Preparing to unpack 
.../libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb ...
  Unpacking libhdf5-openmpi-cpp-103-1:amd64 (1.10.5+repack-1~exp6) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb
 (--unpack):
   trying to overwrite 
'/usr/lib/x86_64-linux-gnu/libhdf5_openmpi_cpp.so.103.1.0', which is also in 
package libhdf5-openmpi-cpp-103:amd64 1.10.5+repack-1~exp5
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb
   
/var/cache/apt/archives/libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb


I didn't check all failures, but I assume it's the same problem in all packages.


cheers,

Andreas


libhdf5-openmpi-cpp-103=1.10.5+repack-1~exp5_libhdf5-openmpi-cpp-103-1=1.10.5+repack-1~exp6.log.gz
Description: application/gzip

Bug#717388: Volunteers needed to work on enabling persistent journal

[Martin Schröder]

Am Do., 15. Feb. 2018 um 21:55 Uhr schrieb Andreas Henriksson
:
> not great about this. Feels like overengineering. I think we
> might need something much "simpler" in the hope that if we invent less
> we'll get less stuff wrong. It should also help when we try to sell
> our solution to the systemd maintainers (and the general Debian
> community).

Just a clarification: Buster will ship without persistent journal?
Something OpenSUSE and RH have been using for years without real
problems?

Best
   Martin

Bug#929063: Path of a thousand miles starts with a single step.

[Dominick Grift]

You should probably present your real question using the proper chanells, 
instead of beating around the bush to get your foot in the door.

Does Debian want to get rid of its SELinux support, yes or no? Regardless of 
the answer to this question, i do not believe that this patch makes sense.

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get=0x3B6C5F1D2C7B6B02
Dominick Grift

Bug#929409: boinc-client: no access to /dev/dri/renderD*

[Achim Schaefer]

Package: boinc-client
Version: 7.14.2+dfsg-3
Severity: normal

Dear Maintainer,

due to missing access to /dev/dri/renderD*  the boinc-client is not able to 
"see" the GPU.
Due to this GPU computing is not possible.

root@data:/lib/udev/rules.d# LANG=C getfacl /dev/dri//renderD128 
getfacl: Removing leading '/' from absolute path names
# file: dev/dri//renderD128
# owner: root
# group: render
user::rw-
user:achim:rw-
group::rw-
mask::rw-
other::---

root@data:/lib/udev/rules.d# ls -l /dev/dri//renderD128
crw-rw+ 1 root render 226, 128 Mai 20 00:14 /dev/dri//renderD128
root@data:/lib/udev/rules.d# 

Thanks

-- Package-specific info:
-- Contents of /etc/default/boinc-client:
# This file is /etc/default/boinc-client, it is a configuration file for the
# /etc/init.d/boinc-client init script.

# Set this to 1 to enable and to 0 to disable the init script.
ENABLED="1"

# Set this to 1 to enable advanced scheduling of the BOINC core client and
# all its sub-processes (reduces the impact of BOINC on the system's
# performance).
SCHEDULE="1"

# The BOINC core client will be started with the permissions of this user.
BOINC_USER="boinc"

# This is the data directory of the BOINC core client.
BOINC_DIR="/var/lib/boinc-client"

# This is the location of the BOINC core client, that the init script uses.
# If you do not want to use the client program provided by the boinc-client
# package, you can specify here an alternative client program.
#BOINC_CLIENT="/usr/local/bin/boinc"
BOINC_CLIENT="/usr/bin/boinc"

# Here you can specify additional options to pass to the BOINC core client.
# Type 'boinc --help' or 'man boinc' for a full summary of allowed options.
#BOINC_OPTS="--allow_remote_gui_rpc"
BOINC_OPTS=""

# Scheduling options

# Set SCHEDULE="0" if prefering to run with upstream default priority
# settings.

# Nice levels. When systems are truly busy, e.g. because of too many active
# scientific applications started by the boinc client, there is a chance for
# the boinc client not to be granted sufficient opportunity to check for
# scientific applications to be alive and make the (wrong) decision to
# terminate the scientific app. This is particularly an issue with many
# apps started in parallel on modern multi-core systems and extra overheads
# for the download and uploads of files with the project servers. Another
# concern is the latency for scientific applications to communicate with the
# graphics card, which should be low. All such values should be set and
# controled from within the BOINC client. The Debian init script also sets
# extra constrains via chrt on real time performance and via ionice on 
# I/O performance, which is beyond the regular BOINC client. It then was
# too easy to use that code to also constrain minimal nice levels. We still
# think about how to best distinguish GPU applications from regular apps.
BOINC_NICE_CLIENT=10
BOINC_NICE_APP_DEFAULT=19
#BOINC_NICE_APP_GPU=5# not yet used

# ionice classes. See manpage of ionice (1) in the util-linux package.
BOINC_IONICE_CLIENT=3# idle
#BOINC_IONICE_APP_DEFAULT=3  # idle, not yet used
#BOINC_IONICE_APP_GPU=2  # best effort, not yet used


-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages boinc-client depends on:
ii  adduser3.118
ii  ca-certificates20190110
ii  debconf [debconf-2.0]  1.5.72
ii  libboinc7  7.14.2+dfsg-3
ii  libc6  2.28-10
ii  libcurl4   7.64.0-3
ii  libgcc11:8.3.0-7
ii  libstdc++6 8.3.0-7
ii  libx11-6   2:1.6.7-1
ii  libxss11:1.2.3-1
ii  lsb-base   10.2019051400
ii  python33.7.3-1
ii  zlib1g 1:1.2.11.dfsg-1

boinc-client recommends no packages.

Versions of packages boinc-client suggests:
pn  boinc-client-nvidia-cuda  
pn  boinc-client-opencl   
ii  boinc-manager 7.14.2+dfsg-3
ii  x11-xserver-utils 7.7+8

-- Configuration Files:
/etc/boinc-client/cc_config.xml changed:


1
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0


0
0

Bug#754513: Paper Submission - CFP International Conference @ University of Westminster, London, UK

[Stefania Wilson]

Dear Friends,


We would like to invite you to submit research article in the 9th Joint 
International Conference organised by Institute of Research Engineers and 
Doctors at University of Westminster, London, UK. The theme for the 2019 UK 
conference is to bring together innovative academics and industrial experts to 
a common forum. We would be delighted to have you present at this conference to 
hear what the technology experts and researchers have to share about the 
technology advancements and their impact on our daily lives.


Joint International Conference Consists of following tracks:




Track 1: 9th International Conference on Advances in Computing, Control and 
Networking - ACCN


Official Webiste: www.accn.theired.org




Track 2: 9th International Conference On Advances in Civil, Structural and 
Mechanical Engineering - ACSM


Official Webiste: www.acsm.theired.org




Track 3: 9th International Conference On Advances in Applied Science and 
Environmental Technology - ASET


Official Webiste: www.aset.theired.org




Track 4: 9th International Conference On Advances in Economics, Social Science 
and Human Behaviour Study - ESSHBS​




Official Webiste: www.esshbs.theired.org​




Conference Venue: University of Westminster, London, UK


Conference Date: 20 - 21 July 2019


Abstract/ Full Paper Submission For Review: 10 June 2019





About University of Westminster (Conference Venue):
--The University of Westminster is a public university in London, United 
Kingdom. Its antecedent institution, the Royal Polytechnic Institution, was 
founded in 1838 and was the first polytechnic institution in the UK. 
Westminster was awarded university status in 1992 meaning it could award its 
own degrees.


--Its headquarters and original campus are in Regent Street in the City of 
Westminster area of central London, with additional campuses in Fitzrovia, 
Marylebone and Harrow. It operates the Westminster International University in 
Tashkent in Uzbekistan.


--Westminster's academic activities are organised into seven faculties and 
schools, within which there are around 45 departments. The University has 
numerous centres of research excellence across all the faculties, including the 
Communication and Media Research Institute, whose research is ranked in the 
Global Top 40 by the QS World University Rankings. Westminster had an income of 
£170.4 million in 2012/13, of which £4.5 million was from research grants and 
contracts.


--Westminster is a member of the Association of Commonwealth Universities, the 
Association of MBAs, EFMD, the European University Association and Universities 
UK.


About Publication:​

All the registered papers will proudly be published by IRED-CPS and stored in 
the SEEK digital Library 

(www.seekdl.org). Each Paper will be assigned DOI (Digital Object Identifier) 
from CROSSREF. The Proc. will be submitted to ISI Thomson for Review and 
Indexing. Proc. will also be published in International Journals with ISSN 
Numbers.


Remote Presentation via Skype can also be arranged.


We would also like to share some conference photographs of previous held 
International conference that has been worldwide.


Kindly refer to the below 

Bug#929410: RANDR extension not present

[Floris Bos]

Package: tigervnc-scraping-server

Version: 1.9.0+dfsg-3


Seems the tigervnc package is missing randr support.


==

$ x0tigervncserver -SecurityTypes none

Wed May 22 22:20:30 2019
 Geometry:    Desktop geometry is set to 1024x768+0+0
 XDesktop:    Using evdev codemap

 XDesktop:    XTest extension present - version 2.2
 XDesktop:    RANDR extension not present
 XDesktop:    Will not be able to handle session resize
 Main:    Listening on port 5900
^C

==


While my system/X server certainly has the RANDR extension:


==

$ xrandr
Screen 0: minimum 320 x 200, current 1024 x 768, maximum 7680 x 7680
HDMI-1 connected primary 1024x768+0+0 (normal left inverted right x axis 
y axis) 0mm x 0mm

   1024x768  60.00*
   800x600   60.32    56.25
   848x480   60.00
   640x480   59.94

==


Think you are missing a build dependeny on the libxrandr2 library.

If HAVE_XRANDR is not set at compile time, it always prints the message 
( 
https://github.com/TigerVNC/tigervnc/blob/master/unix/x0vncserver/XDesktop.cxx#L182 
)

Bug#923930: FTBFS: FAIL test_chain

[Jeffrey Altman]

On 5/22/2019 6:25 PM, Brian May wrote:
> To me it really sounds like Heimdal is dropping support for 32 bit
> architectures then.
> 
> However Debian doesn't have the luxury of being able to drop the 32 bit
> version of Heimdal, just for the sake of a faulty test. Particularly
> when existing versions have known security issues.

Heimdal isn't dropping support for 32-bit architectures; Debian is
failing to support timestamps past 19 Jan 2038 03:14:07 UTC using the
standard integer type for time: time_t.

Heimdal uses time_t in its public api.  Therefore, we cannot simply
change from 32-bit time_t or (time_t *) in a public api and replace
it with int64_t and (int64_t *) without breaking the API and ABI
contracts.  We certainly are not going to do so in a minor release.
Even if we did Debian wouldn't accept the change in its stable
distributions because doing so would break the API and ABI contracts.

> Does this problem affect Heimdal versions < 7.5.0? It sounds like
> these version should be fine (thinking of Jessie and Stretch security
> updates here).

I'm not sure if you are asking about the 32-bit time limitation on
platforms that provide 32-bit time_t or the security vulnerabilities.

The range of affected Heimdal versions was published as part of the
CVE-2018-16860 announcement.  Quoting from that text:

== CVE ID#: CVE-2018-16860
==
== Versions:All Samba versions since Samba 4.0
==  All releases of Heimdal from 0.8 including 7.5.0
==  and any products that ship a KDC derived from one of
==  those Heimdal releases.

Since Jessie and Stretch distribute vulnerable versions of Heimdal,
Debian should update them.

The 32-bit time limitation imposed by OS platforms whose time_t is
32-bit affects all versions of Heimdal.

Our advice to Debian is to replace the certificate with one that has an
expiration date before 19 Jan 2038 03:14:07 UTC.  Otherwise, Debian will
fail to detect failures of the certificate validation code caused by
patches that might be applied to OpenSSL.

Changes to the API and ABI can occur as part of a major release such as
8.0.  These is an open issue to address the problem as part of Heimdal 8.0.

Jeffrey Altman
Heimdal Project Manager




smime.p7s
Description: S/MIME Cryptographic Signature

Bug#923930: FTBFS: FAIL test_chain

[Jeffrey Altman]

Heimdal's hx509 relies on ctime(), gmtime(), strptime() and tm2time()
all of which are constrained by glibc's concept of time.  Please advise
when Debian provides 64-bit time versions of these functions on i386.

Jeffrey Altman
Heimdal Project Manager




smime.p7s
Description: S/MIME Cryptographic Signature

Bug#926501: xpdf: continuous memory leak

[ziegler]

I can confirm this for the amd68-version. After some days of 
browsing a 300 pages pdf-dokument, the programm used ten 
gigabytes of memory.



Martin

Bug#923930: FTBFS: FAIL test_chain

[Brian May]

Jeffrey Altman  writes:

> Background on this test failure.
>
> The reason that the Heimdal 7.5.0 tests began to fail after they
> previously succeeded is because the failing test relies upon an X.509
> certificate that expired on March 4 2019.
>
> Then post 7.5.0 support was added to support OpenSSL 1.1 which included
> the ability to handle certificates with expiration dates post 19 Jan
> 2038 03:14:07 UTC.
>
> Heimdal also updated the test suite certificates to last 500 years.
> These certificates work fine on platforms with 64-bit time_t but on
> platforms such as Debian Linux i386 where time_t is 32-bit, the tests
> will fail.
>
> There has been no code change to Heimdal and there is no intention to
> replace the use of time_t within Heimdal for a Heimdal specific time
> integer type within the Heimdal 7.x series.  Making such a change would
> alter not only APIs but ABIs.  Its unclear when or if we could make such
> a change for the same reasons that Debian cannot alter the size of
> time_t on i386.

To me it really sounds like Heimdal is dropping support for 32 bit
architectures then.

However Debian doesn't have the luxury of being able to drop the 32 bit
version of Heimdal, just for the sake of a faulty test. Particularly
when existing versions have known security issues.

To solve this for the immediate short term, I am seriously considering
disabling all 6 tests that are failing (see patch below). This in turn
will solve the FTBFS bug, and allow us to solve the security issues
(which are probably more important then the tests). Hopefully this in
turn will get accepted into Buster.

Does this problem affect Heimdal versions < 7.5.0? It sounds like these
version should be fine (thinking of Jessie and Stretch security updates
here).


=== cut ===
From: Brian May 
Date: Wed, 22 May 2019 17:19:48 +1000
Subject: Disable tests that are failing due to expired cert

See https://bugs.debian.org/923930
---
 lib/hx509/Makefile.am | 3 ---
 tests/kdc/Makefile.am | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am
index bd71225..2880676 100644
--- a/lib/hx509/Makefile.am
+++ b/lib/hx509/Makefile.am
@@ -220,10 +220,7 @@ PROGRAM_TESTS =\
test_expr
 
 SCRIPT_TESTS = \
-   test_ca \
test_cert   \
-   test_chain  \
-   test_cms\
test_crypto \
test_nist   \
test_nist2  \
diff --git a/tests/kdc/Makefile.am b/tests/kdc/Makefile.am
index 57b8f9a..b4f3d77 100644
--- a/tests/kdc/Makefile.am
+++ b/tests/kdc/Makefile.am
@@ -27,13 +27,10 @@ SCRIPT_TESTS = \
check-fast \
check-kadmin \
check-hdb-mitdb \
-   check-kdc \
-   check-kdc-weak \
check-keys \
check-kpasswdd \
check-pkinit \
check-referral \
-   check-tester \
check-uu
 
 TESTS = $(SCRIPT_TESTS)
=== cut ===

-- 
Brian May 

Bug#929411: dstat: upstream discontinued due to reimplementation by RedHat

[Paul Wise]

Package: dstat
Severity: normal

Upstream wrote on github that they are discontinuing the dstat project
because RedHat reimplemented it and used the same name.

https://github.com/dagwieers/dstat/issues/170
https://www.redhat.com/en/blog/implementing-dstat-performance-co-pilot
https://news.ycombinator.com/item?id=19986646

> Since Red Hat decided to replace this utility with a complete
> framework and its own utility with the same name.
> 
> And since I have zero interest to fight a multi-billion company who
> likes replacing commands with their own. And I have been in the same
> situation before and it didn't bring any joy. And since nobody is
> picking up the towel, let's end this project here.
> 
> So long, and thanks for all the fish.
> 
> Send your bug reports to Red Hat, and good luck with the future.
> 
> Over and out.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Bug#920373: default soundfonts

[Thorsten Glaser]

Fabian Greffrath dixit:

>Hi Thorsten et al.,
>
>> Do we also wish a /usr/share/sounds/sf3/default.sf3 ? Ib^@^Yve got four
>
>I don't have a strong opinion about this. My concern is merely that we
>have at least one soundfont installed so users can play MIDI
>out-of-the-box. We can still decide wether to extend this to other formats
>once we've got an implementation for SF2 alternatives working.

True, but that would lead to major unnecessary package churn with,
in my case, about 700 MiB (compressed size) per upload. I’d prefer
to avoid that, for snapshot.d.o sanity and users on poor bandwidth
connections (i.e. Germans) ☻

>I don't see a problem with a soundfont appearing twice, once under its
>original filename and once as "default.sf2". Quite the contrary, I think

OK, /usr/share/sounds/sf[23]/default.sf[23] then.

>> Should we also make all packages providing an alternative for this
>> Provides some virtual package, for others to depend on? Ib^@^Yd suggest
>> sf2-soundfont and sf3-soundfont for naming, and SF3 soundfonts can
>> Provides both of them.
>
>Either this, or we could even introduce a real package that depends on one
>of the providers and itself provides the named symlink and the
>alternatives invocation in its maintainer scripts.

Oh, interesting. Is there prior art for this? I think it can only
add alternatives for those packages that are actually installed…

… for simplicity, I’d use this dependency though:

timgm6mb-soundfont | sf2-soundfont

(preferring the tiniest of its providers as the real alternative,
for when the package is installed in buildds)


>> Alternatives priorities could also be tricky. They can even differ
>> between default.sf2 and default.sf3b^@&
>
>I believe that if you install a several-hundred-MB soundfont package you
>did this for a reason and apparently want to use this soundfont as your
>new default. So, as a rough measure, we could probably start with
>timgm6mb-soundfont and increase priority with increasing package size.

OK, good point, although I’d decrease opl3-soundfont as it’s special-use
(and whether fluid-soundfont-gs should be included at all?) and put
MuseScore_General (actively developed) over all Fluid ones (frozen).

Going by Installed-Size in apt-cache policy:

fluid-soundfont-gs  314910  sf2 (I think)
timgm6mb-soundfont  606920  sf2 (I think)
opl3-soundfont  131891  30  sf2 (I think)
fluidr3mono-gm-soundfont23091   40   sf3
fluid-soundfont-gm  145169  50  sf2 (I think)
musescore-general-soundfont-small   39002   60   sf3
musescore-general-soundfont 83917   70   sf3
musescore-general-soundfont-lossless477837  80  sf2 (confirmed)

The sf3 ones can also fulfill sf2.

Does this look agreeable? Did I miss any (I did a search for
packages with “soundfont” in their name)? Did I misidentify
any non-SF2 ones as SF2?

>The point is that playing MIDI should immediately work out-of-the-box with
>at least fluidsynth and gstreamer if one of the packages providing the
>alternative is installed. So, I guess any SF2 soundfont providing a GM set
>should be sufficient?

Sure. Some people consider GS sufficient for MIDI, some don’t, it
really depends on what kind of music to play. Just leave out
fluid-soundfont-gs and start with timgm6mb-soundfont at 20
if we do that. Easier to change later.

>> Another point to think of: admins can locally install anyB9 other
>> soundfont by just copying it into place, and those can also serve
>> as default soundfonts. This offers two questions:
>
>In Debian, we can really only take care of other software that is in
>Debian. However, we can make it as easy as possible to use Debian's
>mechanisms for software not packaged, c.f. game-data-packager.

OK.

>> b^@" how easy is it for non-packaged things to be added to the
>>   Debian alternatives system? I think itb^@^Ys just one command,
>>   which we could document in the consumers of soundfontsb^@^Y readmes.
>
>It should be just one command, indeed, and we could document it somewhere,

Agreed.

>e.g. in the Wiki. However, this already exceeds the "it should just work"
>use case. If you care enough to install your own soundfont then probably
>it can be expected that (a) you either already figured out how to tell
>your MIDI rendering software how to use it

Changing the alternative might be easier and robuster.

> or (b) you are able to nuke the
>alternatives symlink and point a new one to your favourite soundfont
>instead.

Ouch, don’t do that…

>> This (#929185) may also affect timidity, which has its own format,
>> but with a trivial config file can support any SF2 (at least, did
>> not try SF3) soundfont:
>
>I didn't even know this! I believed timidity was still bound to the pats
>format.

It was news to me as well, but happy news.

>> Ibve opened #920373 against timidity to have sourcing this, commented
>> out, 

Bug#929408: ruby-inherited-resources: /usr/lib/ruby/vendor_ruby/generators/rails/templates/controller.rb is already shipped by ruby-jbuilder

[Andreas Beckmann]

Package: ruby-inherited-resources
Version: 1.9.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../ruby-inherited-resources_1.9.0-1_all.deb ...
  Unpacking ruby-inherited-resources (1.9.0-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb (--unpack):
   trying to overwrite 
'/usr/lib/ruby/vendor_ruby/generators/rails/templates/controller.rb', which is 
also in package ruby-jbuilder 2.7.0-1
  Errors were encountered while processing:
   /var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb


cheers,

Andreas


ruby-jbuilder=2.7.0-1_ruby-inherited-resources=1.9.0-1.log.gz
Description: application/gzip

Bug#929019: dpkg-dev: How to use Rules-Requires-Root without debhelper

[Guillem Jover]

On Wed, 2019-05-15 at 14:42:53 +0200, Santiago Vila wrote:
> On Wed, May 15, 2019 at 02:21:49PM +0200, Guillem Jover wrote:
> > > To be precise, if I apply the patch below to hello-traditional_2.10-5
> > > and do "dpkg-buildpackage -uc -us -b" in a sid chroot, I get a .deb
> > > package with all files owned by "sanvila/sanvila".

> > Ah. :) Ok let's try to see whether the current spec/doc is enough or
> > whether it'd need improvements. So it would be great if you could go
> > over /usr/share/doc/dpkg-dev/rootless-builds.txt.gz and see whether
> > you can figure it out with just that? Also assuming you were not aware
> > of that doc, where do you think it could have been referred from so
> > that it would be easy to get to?
> 
> Yes, I read the document (following a link from lintian), and no,
> I was not able to figure out.

BTW, I just recalled this is also documented now in policy, I'll file
a bug on lintian to add a reference.

> (BTW: The document speaks about "the builder", who is exactly this
> mysterious character? dpkg-deb? sbuild? the person doing the build?)

This is whatever or whoever is calling debian/rules. I've updated the
doc.

> > (Briefly checking it now again, I think it should spell out dpkg-deb's
> > --root-owner-group option on the prototyping/preparation section.)
> 
> Ok, I see it now. So, I should use Rules-Requires-Root: no and
> also add --root-owner-group to the "dpkg --build" call, right?

Yes.

> Should I also add a versioned build-depends on dpkg-dev?

You want a build-dep on dpkg >= 1.19.0 itself for the new dpkg-deb
option. I guess you could also want a build-dep on dpkg-dev >= 1.19.1
for the R³ field support, but in your specific case it does not matter
much, as either it will be supported and debian/rules will not be
called with (fake)root, or it will not be supported and it will be
called with (fake)root, which will not matter much as dpkg-deb will do
the right thing anyway.

I'm attaching the diff to the spec, but not sure whether that'd have
been enough to make this more clear?

Thanks,
Guillem
diff --git i/doc/rootless-builds.txt w/doc/rootless-builds.txt
index 0b6b9d849..3298768ec 100644
--- i/doc/rootless-builds.txt
+++ w/doc/rootless-builds.txt
@@ -48,10 +48,11 @@ The values are defined as:
  (See also "Implementation provided keywords".)
 
- When "Rules-Requires-Root" is set to , the
- builder will expose an interface that is used to run a command under
- (fake)root via the "Gain Root API". If the builder cannot provide such
- a command, it MUST behave like "Rules-Requires-Root" was set to
- "binary-targets", i.e. run "debian/rules binary" under (fake)root.
+ builder (i.e. whatever is executing debian/rules) will expose an
+ interface that is used to run a command under (fake)root via the
+ "Gain Root API". If the builder cannot provide such a command, it
+ MUST behave like "Rules-Requires-Root" was set to "binary-targets",
+ i.e. run "debian/rules binary" under (fake)root.
 
 When the builder supports this specification, it MUST notify this fact to
 the rules file via the "DEB_RULES_REQUIRES_ROOT" environment variable, with
@@ -139,12 +140,12 @@ Prototyping/preparation
 dpkg side
 -
 
-dpkg-deb --build must either default to resetting all owner/group values to
-0:0 when not run under (fake)root OR provide an interface so dh_builddeb can
-provide the owner/group value to dpkg-deb --build.
+dpkg-deb --build provides the --root-owner-group option so that dh_builddeb
+or direct calls can control the owner/group file values w/o requiring
+(fake)root.
 
-dpkg-buildpackage must export DEB_GAIN_ROOT_CMD (for starters, doing this
-unconditionally would be fine).
+dpkg-buildpackage must export DEB_GAIN_ROOT_CMD when necessary (for
+prototyping, doing this unconditionally would be fine).
 
 
 debhelper side

Bug#928809: lintian: suggest adding gitlab-ci file

[Mattia Rizzolo]

On Wed, 22 May 2019, 11:30 pm Chris Lamb,  wrote:

> (Personally, I doubt someone would fork Lintian, more likely its
> output would become less and less "trusted". But both outcomes suck.)
>

Rather, people who until at some point diligently read the whole lintian
output for every single upload they do, may just decide that it is too
bothersome to do it anymore, and STO reading it.

Bug#886855: xfce4-session: verbose logging is always enabled

[Dmitry Katsubo]

I've encountered the same problem being discussed: xfce4-session v4.12.1-6 
(Debian buster) creates ~/.xfce4-session.verbose-log even though XFSM_VERBOSE 
variable is not set.

Bug#929387: unblock: libssh/0.8.7-1 (pre-upload approval)

[Martin Pitt]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Three months ago, a new libssh upstream bug fix release 0.8.7 was done, which
fixes a dozen security issues, crashes, and other bugs:

  https://git.libssh.org/projects/libssh.git/log/?h=stable-0.8
  (the bits between 0.8.6 and 0.8.7)

(Our package already has the oldest three patches backported)
At first I wanted to cherry-pick, but honestly I think we should have all these
fixes in buster, including the "Remove SHA384 HMAC" before that hits stable.

I haven't yet uploaded this new version, as I'd like to get your approval
first. If you do approve, I'll upload it to unstable, otherwise to experimental
and later through s-p-u.

I attach the full debdiff between the current unstable/testing version and the
one I'd like to upload. If you prefer looking at it on salsa:

These are the upstream changes:
   https://salsa.debian.org/debian/libssh/commit/aab54d0cc04dd
and the corresponding packaging changes for it (dropping patches):
   https://salsa.debian.org/debian/libssh/commit/34591503a1b4b

I also added valgrinding to the autopkgtest, which exposes a bug:
   https://salsa.debian.org/debian/libssh/commit/59593bc7cf4

This bug also happens on 0.8.6 and earlier versions (not yet on 0.6.x), so this
is unrelated to this particular upstream update, but I'd still like to land it
to avoid regressions under valgrind.

Thanks for considering!

Martin Pitt
diff -Nru libssh-0.8.6/.gitlab-ci.yml libssh-0.8.7/.gitlab-ci.yml
--- libssh-0.8.6/.gitlab-ci.yml 2018-12-24 07:35:54.0 +
+++ libssh-0.8.7/.gitlab-ci.yml 2019-02-25 08:58:49.0 +
@@ -357,5 +357,5 @@
 paths:
   - obj/
 
-Debian.cross.mips-linux-gnu:
+.Debian.cross.mips-linux-gnu:
   <<: *Debian_cross_template
diff -Nru libssh-0.8.6/CMakeLists.txt libssh-0.8.7/CMakeLists.txt
--- libssh-0.8.6/CMakeLists.txt 2018-12-24 07:36:06.0 +
+++ libssh-0.8.7/CMakeLists.txt 2019-02-25 08:58:49.0 +
@@ -10,7 +10,7 @@
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)
 
-project(libssh VERSION 0.8.6 LANGUAGES C)
+project(libssh VERSION 0.8.7 LANGUAGES C)
 
 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +22,7 @@
 # Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 # Increment REVISION.
-set(LIBRARY_VERSION "4.7.3")
+set(LIBRARY_VERSION "4.7.4")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is 
checked
diff -Nru libssh-0.8.6/ChangeLog libssh-0.8.7/ChangeLog
--- libssh-0.8.6/ChangeLog  2018-12-24 07:36:06.0 +
+++ libssh-0.8.7/ChangeLog  2019-02-25 08:59:53.0 +
@@ -1,6 +1,12 @@
 ChangeLog
 ==
 
+version 0.8.7 (released 2019-02-25)
+  * Fixed handling extension flags in the server implementation
+  * Fixed exporting ed25519 private keys
+  * Fixed corner cases for rsa-sha2 signatures
+  * Fixed some issues with connector
+
 version 0.8.6 (released 2018-12-24)
   * Fixed compilation issues with different OpenSSL versions
   * Fixed StrictHostKeyChecking in new knownhosts API
diff -Nru libssh-0.8.6/debian/changelog libssh-0.8.7/debian/changelog
--- libssh-0.8.6/debian/changelog   2019-02-11 20:43:44.0 +
+++ libssh-0.8.7/debian/changelog   2019-05-22 15:48:31.0 +
@@ -1,3 +1,18 @@
+libssh (0.8.7-1) UNRELEASED; urgency=medium
+
+  * New upstream bug fix release 0.8.7.
+This fixes various crashes, buffer overflows, and other bugs.
+Drop our three backported patches, they are included in this release
+now. For details, see
+https://git.libssh.org/projects/libssh.git/log/?h=stable-0.8
+  * autopkgtest: Check ssh server under valgrind.
+This exposes a long-standing libssh bug with the curve25519-sha256 key
+exchange algorithm, causing an "incorrect signature" failure on 32 bit
+machines under valgrind. Add a hack to switch to a different algorithm,
+until this is properly investigated and reported.
+
+ -- Martin Pitt   Wed, 22 May 2019 15:48:31 +
+
 libssh (0.8.6-3) unstable; urgency=medium
 
   [ Laurent Bigonville ]
diff -Nru libssh-0.8.6/debian/patches/0001-dh-uninitialized-memory.patch 
libssh-0.8.7/debian/patches/0001-dh-uninitialized-memory.patch
--- libssh-0.8.6/debian/patches/0001-dh-uninitialized-memory.patch  
2019-02-11 20:43:44.0 +
+++ libssh-0.8.7/debian/patches/0001-dh-uninitialized-memory.patch  
1970-01-01 00:00:00.0 +
@@ -1,30 +0,0 @@
-From d028b2495d0bb2b7ae9b0af42b4377af4a964b00 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen 
-Date: Tue, 8 Jan 2019 11:32:10 +0100
-Subject: dh: Make sure we do not access uninitialized memory
-
-Signed-off-by: Jakub Jelen 
-Reviewed-by: Andreas Schneider 
-(cherry picked from commit ca62632170c311923026f978c57d2e0a0be3e0e1)

- src/dh.c | 4 
- 1 file changed, 4 insertions(+)
-
-diff --git 

Bug#929386: r-cran-webgestaltr: FTBFS (missing builds-depends)

[Santiago Vila]

Package: src:r-cran-webgestaltr
Version: 0.3.0-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in sid but it failed:


[...]
 debian/rules build-arch
dh build-arch --buildsystem R
   dh_update_autotools_config -a -O--buildsystem=R
   dh_autoreconf -a -O--buildsystem=R
   dh_auto_configure -a -O--buildsystem=R
   dh_auto_build -a -O--buildsystem=R
   dh_auto_test -a -O--buildsystem=R
   create-stamp debian/debhelper-build-stamp
 fakeroot debian/rules binary-arch
dh binary-arch --buildsystem R
   dh_testroot -a -O--buildsystem=R
   dh_prep -a -O--buildsystem=R
   dh_auto_install -a -O--buildsystem=R
I: R Package: WebGestaltR Version: 0.3.0
I: Building using R version 3.6.0-2
I: R API version: r-api-3.5
I: Using built-time from d/changelog: Mon, 18 Feb 2019 14:47:58 +0100
mkdir -p 
/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library
R CMD INSTALL -l 
/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library --clean . 
"--built-timestamp='Mon, 18 Feb 2019 14:47:58 +0100'"
ERROR: dependency 'apcluster' is not available for package 'WebGestaltR'
* removing 
'/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library/WebGestaltR'
dh_auto_install: R CMD INSTALL -l 
/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library --clean . 
"--built-timestamp='Mon, 18 Feb 2019 14:47:58 +0100'" returned exit code 1
make: *** [debian/rules:4: binary-arch] Error 2
dpkg-buildpackage: error: fakeroot debian/rules binary-arch subprocess returned 
exit status 2


Looks like a missing build-depends.

Thanks.

Bug#929389: missed virtual-package-names-list.yaml page

[Sean Whitton]

Package: www.debian.org
Severity: normal

On Wed 22 May 2019 at 08:30PM +08, laokz wrote:

> Hello all,
>
> The web page
> https://www.debian.org/doc/packaging-manuals/virtual-package-names-list.yaml
> shows "Page not found". The 2017-01 .txt version can be visited.
>
> Regards,
> laokz

I think the scripts need to be updated for the .txt->.yaml change in
debian-policy 4.3.0.0.  Thanks.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#929390: VTK 8

[Nico Schlömer]

Package: vtk7
Version:

VTK 8 is now out for about two years (June 2017). Perhaps we should
start supporting it?

Bug#929388: cloud-init: Incorrect datasource name

[Avdeev]

Package: cloud-init
Version: 0.7.9-2
Severity: normal

Dear Maintainer,

After run dpkg-reconfigure i select only "Openstack" field.
After this, into file /etc/cloud/cloud.cfg.d/90_dpkg.cfg writed
incorrect value datasource_list. Needed change "Openstack" to 
"OpenStack" for correct working cloud-init service.



-- System Information:
Debian Release: 9.9
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cloud-init depends on:
ii debconf [debconf-2.0] 1.5.61
ii gdisk 1.0.1-1
ii ifupdown 0.8.19
ii init-system-helpers 1.48
ii lsb-base 9.20161125
ii lsb-release 9.20161125
ii net-tools 1.60+git20161116.90da8a0-1
ii procps 2:3.3.12-3+deb9u1
ii python3 3.5.3-1
ii python3-configobj 5.0.6-2
ii python3-jinja2 2.8-1
ii python3-jsonpatch 1.19-4
ii python3-oauthlib 2.0.1-1
ii python3-prettytable 0.7.2-3
ii python3-requests 2.12.4-1
ii python3-six 1.10.0-3
ii python3-yaml 3.12-1

cloud-init recommends no packages.

cloud-init suggests no packages.

-- Configuration Files:
/etc/cloud/cloud.cfg changed:
disable_root: false preserve_hostname: false
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write-files
- growpart
- resizefs
- disk_setup
- mounts
- set_hostname
- update_hostname
- update_etc_hosts
- ca-certs
- rsyslog
- users-groups
- ssh
cloud_config_modules:
- emit_upstart
- ssh-import-id
- locale
- set-passwords
- grub-dpkg
- apt-pipelining
- apt-configure
- ntp
- timezone
- disable-ec2-metadata
- runcmd
- byobu
cloud_final_modules:
- package-update-upgrade-install
- fan
- puppet
- chef
- salt-minion
- mcollective
- rightscale_userdata
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message
- power-state-change
system_info:
# This will affect which distro class gets used
distro: debian
# Other config here will be given to the distro class and/or path classes
paths:
cloud_dir: /var/lib/cloud/
templates_dir: /etc/cloud/templates/
upstart_dir: /etc/init/
package_mirrors:
- arches: [default]
failsafe:
primary: http://deb.debian.org/debian
security: http://security.debian.org/
ssh_svcname: ssh


-- debconf information:
* cloud-init/datasources: Openstack

Bug#929385: ITP: sequoia -- a modern OpenPGP implementation in Rust

[Daniel Kahn Gillmor]

Package: wnpp
Severity: wishlist
Owner: Daniel Kahn Gillmor 

* Package name: sequoia
  Version : 0.7.0
  Upstream Author : Sequoia Developers 
* URL : https://www.sequoia-pgp.org/
* License : GPL
  Programming Lang: Rust
  Description : A modern OpenPGP implementation in Rust

Sequoia offers an OpenPGP interface in a modern, memory-safe language.
It offers two command-line utilities (sq and sqv) in addition to its
Rust library implementation.

In the future, it aims to to offer a C foreign function interface
(FFI) and python bindings as well.

This will likely be packaged via the Rust packaging team for now,
using the debcargo-conf workflow, which means that sequoia itself will
get broken into several distinct packages (one per crate).  I intend
to close this ITP when the "sq" command line utility enters debian,
though i consider other packages to be working toward the same goal.

Bug#929384: debian-security-support: [INTL:ru] Russian program translation update

[Yuri Kozlov]

Package: debian-security-support
Version: 2019.05.15
Severity: wishlist
Tags: l10n patch

Russian program translation update is attached.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), 
LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


ru.po.gz
Description: application/gzip

Bug#929384: debian-security-support: [INTL:ru] Russian program translation update

[Holger Levsen]

control: tags -1 + pending

On Wed, May 22, 2019 at 06:58:54PM +0300, Yuri Kozlov wrote:
> Russian program translation update is attached.

thank you!


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#929383: live-build fails if there's some updates for same kernel

[PICCORO McKAY Lenz]

El mié., 22 de may. de 2019 a la(s) 11:30, PICCORO McKAY Lenz (
mckaygerh...@gmail.com) escribió:

>
> so then at the bvinary stage i got that error:
>
> mv: target ‘binary/live/vmlinuz1’ is not a directory
> P: Begin unmounting filesystems...
> P: Saving caches...
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> }
>

i got some point int the problem seem at scritps/build/binary_syslinux

commands seems are:

mv binary/${_INITRAMFS}/vmlinuz-*-${_FLAVOUR}
binary/${_INITRAMFS}/vmlinuz${_NUMBER}

this when executing for varous flavours with different verions got into
problems due made more than one file and obviousli rest of scripts got
confused

there's others scripts in same way fails if more than one are specified, by
example
and backports repository and updates repositories are enabled:

--security true backports true updates true \
--linux-flavours "586 686-pae amd64" \
--linux-packages "linux-image linux-headers" \

will fails

Bug#923726: A lot of time wasted on previous version.

[Pipo]

Hi,

I am using Sid and had a problem using monero version v0-13-0-4.

That problem arised because that version is still available under Sid.

I noticed that it is not available in testing and stable (that is good).

I suggest that when you get a notice of a fork in any crypto-currency package,

that you delete the old version package from any version (including Sid), until 
you can

setup the new fork's version.

I do not see any good reason to keep an old version (already forked) even in 
the unstable

debian version.


https://monero.stackexchange.com/questions/11241/just-mined-with-an-old-version-v0-13-0-4-and-upgraded-to-v0-14-0-2-reward-now-m


Thank you,

-- pipo

Bug#929380: PLEASE DISCARD - this bug is irrelevant

[Benoit Branciard]

I must be somewhat short-sighted...

/etc/cron.daily/tmpreaper already has "set -f" command, which is 
equivalent to "set -o noglob".


So this report is obviously irrelevant, you can close it.

--
Benoit BRANCIARD
Service InfraStructures (SIS)
Direction du Système d'Information et des Usages Numériques (DSIUN)
Université Paris 1 Panthéon-Sorbonne
Centre Pierre Mendès France
90 rue de Tolbiac - 75634 Paris cedex 13 - France
Bur. B406 - Tél +33 1 44 07 89 68 - Fax +33 1 44 07 89 66
Accueil: +33 1 44 07 89 65 - assistance-ds...@univ-paris1.fr
http://dsi.univ-paris1.fr

Bug#929391: makexvpics FTCBFS: does not pass cross tools to make

[Helmut Grohne]

Source: makexvpics
Version: 1.0.1-3
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

makexvpics fails to cross build from source, because it does not pass
cross tools to make. The easiest way of fixing that - using
dh_auto_build - is insufficient for making makexvpics cross buildable,
as it also passes -s to install. Doing so not only breaks cross
compilation, but also DEB_BUILD_OPTIONS=nostrip as well as generation of
-dbgsym packages. The attached patch fixes all of that. Please consider
applying it.

Helmut
diff -u makexvpics-1.0.1/Makefile makexvpics-1.0.1/Makefile
--- makexvpics-1.0.1/Makefile
+++ makexvpics-1.0.1/Makefile
@@ -10,6 +10,7 @@
 PREFIX = $(DESTDIR)/usr
 BINDIR = $(PREFIX)/bin
 MANDIR = $(PREFIX)/share/man/man1
+INSTALL ?= install
 
 # You shouldn't need to modify anything below this line.
 
@@ -20,9 +21,9 @@
$(CC) $(CFLAGS) -o ppmtoxvmini ppmtoxvmini.o
 
 install: all
-   install -m 511 -s ppmtoxvmini $(BINDIR)
-   install -m 555 makexvpics.sh $(BINDIR)/makexvpics
-   install -m 444 makexvpics.1 ppmtoxvmini.1 $(MANDIR)
+   $(INSTALL) -m 511 -s ppmtoxvmini $(BINDIR)
+   $(INSTALL) -m 555 makexvpics.sh $(BINDIR)/makexvpics
+   $(INSTALL) -m 444 makexvpics.1 ppmtoxvmini.1 $(MANDIR)
 
 clean:
$(RM) *.o *~ ppmtoxvmini
diff -u makexvpics-1.0.1/debian/changelog makexvpics-1.0.1/debian/changelog
--- makexvpics-1.0.1/debian/changelog
+++ makexvpics-1.0.1/debian/changelog
@@ -1,3 +1,12 @@
+makexvpics (1.0.1-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: (Closes: #-1)
++ Let dh_auto_build pass cross tools to make.
++ Don't strip during make install.
+
+ -- Helmut Grohne   Wed, 22 May 2019 19:35:32 +0200
+
 makexvpics (1.0.1-3) unstable; urgency=medium
 
   * Update to latest policy, debhelper 9. (Closes: #817573)
diff -u makexvpics-1.0.1/debian/rules makexvpics-1.0.1/debian/rules
--- makexvpics-1.0.1/debian/rules
+++ makexvpics-1.0.1/debian/rules
@@ -19,8 +19,7 @@
 build-stamp:
dh_testdir
 
-   # Add here commands to compile the package.
-   $(MAKE)
+   dh_auto_build
#/usr/bin/docbook-to-man debian/makexvpics.sgml > makexvpics.1
 
touch build-stamp
@@ -42,7 +41,7 @@
dh_installdirs
 
# Add here commands to install the package into debian/makexvpics.
-   $(MAKE) install DESTDIR=$(CURDIR)/debian/makexvpics
+   $(MAKE) install DESTDIR=$(CURDIR)/debian/makexvpics INSTALL='install 
--strip-program=true'
 
 
 # Build architecture-independent files here.