Bug#856117: tnef update in unstable

[Sébastien Delafond]

Hi Kevin,

those 4 security issues were fixed via DSA-3798-1 in jessie-security, by
backporting the appropriate upstream changes (thanks to Thorsten for
doing that).

I've verified 1.4.13 only contains those security fixes, and no new
major evolution or feature, so could you please prepare and upload it to
unstable ? The Security Team would then be able to ask for an unblock so
those problems also end up fixed in stretch.

Cheers,

--Seb

Bug#855378: Feed back Ubuntu branches and Delta

[Christian Ehrhardt]

On Tue, Feb 28, 2017 at 10:16 AM, Michael Tokarev  wrote:

> 17.02.2017 13:48, Christian Ehrhardt wrote:
>
> > - a) Ubuntu only fixes that can be hidden under the vendor based
> >  control-in -> control mechanism
> > - b) Fixes applying to Debian as well (only for those there will be a
> >  debian/changelog entry needed)
> >
> > Since the ubuntu-zesty-2.8 is available for you as well now this should
> come
> > down to evaluating the following list of cherry-picks for acceptance into
> > latest Debian.
> >
> > case   sha1 summary
> > a  84dc4d05d3   ubuntu acl fix dependencies changed
> > a  0d52ac1285   Make qemu-system-common depend on qemu-block-extra
> > a  b24146b825   Make qemu-utils depend on qemu-block-extra
>
> I already commented on these 3.
>
> You can  drop the last 2 of them completely, I guess.
>

Yeah, as we discussed before if we make it a recommends in general I should
certainly be able to drop the hard depends.

[...]

> a  fc0aef8d0c   let qemu-utils recommend sharutils
>
> Why qemu-utils recommends sharutils, what for?
>

Searched through history on that one as well, but this
clearly is one of those that I quoted as "Several changes were applied
but missing in the changelog so far".

Those were just pulled in by the merge commits without being
mentioned for quite a while - I just "uncovered" them.

I think it is an artifact from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820449
and can be ignored in the context of this bug (and dropped on my side)


> > b  7a257a6a46   Enable seccomp for ppc64el
>
> This one isn't for stretch, delaying for now.
> Why only ppc64el, why not other ppc variants?
>

Because ppc64el was the only one I could test/verify on.
If you can check more we can enable more, but I had no way to do so.

There actually is another fix needed along that which I intended to submit
in the next set.
But since it fits here, enabling seccomp for ppc64el needs a dependency bump

- libseccomp-dev (>> 2.1.0) [linux-amd64 linux-i386 linux-ppc64el],
+ libseccomp-dev (>= 2.3.0) [linux-amd64 linux-i386 linux-ppc64el],

You can merge that into the change, or wait for my next set of changes to
hit since
you wait on stretch+1 for that change anyway.

[...]

Thanks for all the picks already (I cut them out of my quote to streamline
a bit).
And it is clear and ok for those not for stretch to be picked later.



> So we're left with sharutils and acl changes, and seccomp on ppc.
>

I outlined on ppc/sharutils what I think on inline above.

On the acl change, while I agree the right fix is the bug you filed it is
kind of unclear when this will happen.
If not a maintenance burden for you I'd ask you to accept the minimal
change which modifies the dependencies behind an :ubunu: label only for now
(84dc4d05d3).

Checking if my timing/approach works for you:
- I thought I saw you preparing a new upload (many bugs merged / assigned,
CVEs lining up in debian-unstable branch)
- I expect (please correct me) that to be a 1:2.8+dfsg-3 upload
- If the changes discussed here would be applied there that would be great
and I wanted to remerge
  - not sure since they are no criticals for you, you might push the
changes discussed here only for the next release
  - but even if the changes we discussed here are not in there I'd plan me
to merge that for the CVEs
- After some testing I'd get back to you with any additional Delta/Fixes I
identified to be needed for 2.8.
  - preview: there is already one in my queue which is based on
http://patchwork.ozlabs.org/patch/721974/ (I can't wait that to hit next
stable)

Bug#856021: unblock: libprelude/1.0.0-11.9

[Adrian Bunk]

On Tue, Feb 28, 2017 at 11:54:05PM +0100, Emilio Pozuelo Monfort wrote:
> On 24/02/17 11:30, Adrian Bunk wrote:
> > +  * Switch from -dbg to -dbgsym.
> 
> Please avoid doing that for future unblocks.

libpreludecpp0 was split from libprelude2 to fix an RC bug.

Given the choice between either creating libpreludecpp0-dbg or letting 
"dh_strip --dbgsym-migration" do everything automatically, the latter
gave me less opportunities to screw things up.

> The rest looks good so I have unblocked it this time.

> Thanks,
> Emilio

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#856004: khtml: please build-depen on libssl1.0-dev for Stretch

[Sebastian Andrzej Siewior]

On 2017-03-01 00:50:59 [+0100], John Paul Adrian Glaubitz wrote:
> Hi!
Hi,

> The problem is that if the package was to be rebuilt now, it would be
> rebuilt with OpenSSL 1.1 and not OpenSSL 1.0 which is the original
> motivation for this bug report by Sebastian!

it already has been built with 1.1. We are done with the binNMUs for
openssl.

> Adrian

Sebastian

Bug#850490: 答复: Please consider fix this font problem before release

[张 敬强]

The character "载" can't be displayed with the following versions of 
xfonts-unifont


xfonts-unifont_7.0.06-1_all.deb
xfonts-unifont_9.0.06-2_all.deb


So the unicode font in stable version wasn't generated from xfonts-unifont.


发件人: 张 敬强
发送时间: 2017年3月1日 6:58:53
收件人: 850...@bugs.debian.org
主题: Please consider fix this font problem before release

Control: severity -1 important
Control: notfound -1 2.02-beta2-22+deb8u1

This will has a major impact on chinese or even CJK users,
so I'm changing the severity to important.

Bug#856452: gcc-7: allow disabling brig via nolang DEB_BUILD_OPTIONS

[Helmut Grohne]

Source: gcc-7
Version: 7-20170221-1
Severity: wishlist
User: helm...@debian.org
Usertags: rebootstrap

Hi Matthias,

thank you for disabling brig in stage1 and stage2. It still is rightly
enabled in the unstaged cross compiler build. Since it is not needed for
bootstrapping, I'd like to disable brig entirely. That saves build time
and human time for figuring out why it doesn't work. The gcc-N source
package typically allows doing so by passing a suitable
DEB_BUILD_OPTIONS=nolang=... variable. The attached patch allows
disabling brig by passing brig in there. Please consider applying it.

Helmut
--- a/debian/rules.defs
+++ a/debian/rules.defs
@@ -843,6 +843,7 @@
   with_brigdev := yes
   with_libhsailrt := yes
 endif
+with_brig := $(call envfilt, brig, , , $(with_brig))

 ifeq ($(with_brig),yes)
   enabled_languages += brig

Bug#850490: Please consider fix this font problem before release

[? ??]

Control: severity -1 important
Control: notfound -1 2.02-beta2-22+deb8u1

This will has a major impact on chinese or even CJK users,
so I'm changing the severity to important.

Bug#850490: Please consider fix this font problem before release

[? ??]

Control: severity -1 important
Control: notfound -1 2.02-beta2-22+deb8u1

This will has a major impact on chinese or even CJK users,
so I'm changing the severity to important.

Bug#856451: unblock: haproxy/1.7.3-1

[Vincent Bernat]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hey!

We would like to upload HAProxy 1.7.3 to unstable. This is mostly a
bugfix only release (1.7 is the current stable branch). Here is the
changelog:

- BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream
- BUILD: ssl: fix build on OpenSSL 1.0.0
- BUILD: ssl: silence a warning reported for ERR_remove_state()
- BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding 
RAND_pseudo_bytes()
- BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
- BUG/MINOR: unix: fix connect's polling in case no data are scheduled
- DOC: lua: improve links
- BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved 
keyword
- MINOR: dns: give ability to dns_init_resolvers() to close a socket when 
requested
- BUG/MAJOR: dns: restart sockets after fork()
- MINOR: chunks: implement a simple dynamic allocator for trash buffers
- BUG/MEDIUM: http: prevent redirect from overwriting a buffer
- BUG/MEDIUM: filters: Do not truncate HTTP response when body length is 
undefined
- BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
- BUG/MINOR: http: Return an error when a replace-header rule failed on the 
response
- BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested
- BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val 
HTTP/1.1'
- BUG/MEDIUM: config: reject anything but "if" or "unless" after a 
use-backend rule
- MINOR: http: don't close when redirect location doesn't start with "/"

The diffstat:

 CHANGELOG  |  21 +
 README |   2 +-
 VERDATE|   2 +-
 VERSION|   2 +-
 doc/configuration.txt  |   2 +-
 doc/lua-api/index.rst  | 141 
+++--
 examples/haproxy.spec  |   5 ++-
 include/common/chunk.h |  13 ++
 include/proto/dns.h|   2 +-
 include/proto/openssl-compat.h |  44 +-
 src/cfgparse.c |   6 +++
 src/checks.c   |   2 +-
 src/chunk.c|  25 ++-
 src/dns.c  |  18 +++-
 src/haproxy.c  |   7 ++-
 src/hlua.c |  34 --
 src/proto_http.c   | 169 
-
 src/proto_tcp.c|  30 ++---
 src/proto_uxst.c   |  27 ++-
 src/proxy.c|   2 +-
 20 files changed, 368 insertions(+), 186 deletions(-)

And attached is the diff for "src/" only. Does it sound reasonable?

unblock haproxy/1.7.3-1

- -- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(101, 'experimental-debug'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJGBAEBCAAwFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAli2ccwSHGJlcm5hdEBk
ZWJpYW4ub3JnAAoJEJWkL+g1NSX5izAP/34k9DBU01v7/NoQxrnToIZg4NCt79a/
OwiA2wjltYMcqFzuirA5GkDw+7U6GWfob72MbbMvsXaw6qW3bI2uJMTR+QPaObVQ
l8ItHH8hHMP9d+r/lXCPuwfgpHEEu1OOPStofC0l6bz0tPrW3r3ftNjIxVJfc0yf
nCm5iGM1zh2GlLPbXaSzOqvVkSRm+GG6zXDeH9nsv9DbvT/uZkESTX66eVwgl/FS
MM5g/bwQqdsR9sSpL635Syq/Mahe5VFMG9xZ53YJS+K+XGV++53d7vxQkVOBlJo8
DW4W0USVM3gB6WRNsKR0VthE45cEuwbtIe5CeN7xQO5j9HecuLQ/dCU5REJZ5O3J
Y5ks4RRspIFPbfLv70i+B1gnGzopM1HltXMVlx2AkHxr32sdrrWxGF2+gS6qH2fS
8XkD0e4QUgnLUNmoM+W6HHqYiU63qI/gLf2UdvtlxjS4c5UygnauWqgRoOmuVc9O
1esvWTsmr7LV3adysC3gaa4DUjVqP69VS2vdl+gVEBmbwzfTwLL51oNnEmMJXIpW
RukMFWktkh30KVMQQE7ZzHAL9/Zh3BxWBccGfyimG2JHV8PfRYPRHtAXqKhEbjAK
MFDNue551ZknmdunGhG3KeobyYpCtGzzkfRRgfUw50Ddt2WhF7uZKz14f8QZMvmE
aSB34fQPyX5S
=FdZa
-END PGP SIGNATURE-
diff --git a/src/cfgparse.c b/src/cfgparse.c
index db8feebbcd11..fc6e1497f129 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3984,6 +3984,12 @@ int cfg_parse_listen(const char *file, int linenum, char 
**args, int kwm)
 
err_code |= warnif_cond_conflicts(cond, 
SMP_VAL_FE_SET_BCK, file, linenum);
}
+   else if (*args[2]) {
+   Alert("parsing [%s:%d] : unexpected keyword '%s' after 
switching rule, only 'if' and 'unless' are allowed.\n",
+ file, linenum, args[2]);
+   err_code |= ERR_ALERT | ERR_FATAL;
+   goto out;
+   }
 
rule = calloc(1, sizeof(*rule));
if (!rule) {
diff --git a/src/checks.c 

Bug#856405: unblock: libdebian-installer/0.109 and others

[Niels Thykier]

Steven Chamberlain:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: debian-b...@lists.debian.org
> 
> Hi!
> 
> Attached are proposed debdiffs for anna, cdebootstrap and their
> dependency libdebian-installer (Bug #856210).
> 
> Would the release team be willing to grant unblocks for these?
> (It would also require an ACK from the d-i release manager).
> 

The changes have my blessing (with a remark further down).

(Quoted in full for KiBi's sake as I wasn't sure he had seen this)

> In the installer, net-retriever verifies the Release file with SHA256,
> but anna only validates the .udeb files with MD5, which was surprising.
> The .udeb files are extracted and then their contents may be executed
> with full privileges during the install (Bug #856211).
> 
> netboot images typically fetch .udeb files over unsecured HTTP.  Other
> install media bundles those so they need not be downloaded, but it could
> still happen if networking is configured during the install and a
> network mirror has newer versions of any required .udeb files.  (Some
> .udeb files are retrieved later, after installing the base system).
> 
> If not already considered a grave security flaw, it might be during the
> lifetime of stretch (-2022?).  Even if fixed in a point release, any
> install media created before then would remain vulnerable.
> 
> The changes to libdebian-installer are ABI-compatible, such that only
> reverse-dependencies that use the md5sum field should be affected
> (thought to be just anna and cdebootstrap).  They would FTBFS until
> patched, and already-built binaries would report a "md5sum mismatch" if
> they used this new version of the library at run-time, since the new
> SHA256 hashes would not match the MD5 hashes they expect.
> 
> unblock libdebian-installer/0.109
> unblock anna/1.58
> unblock cdebootstrap/0.7.7
> 
> Thanks!
> 
> [...]

Strictly speaking, the ".deb" variants of libdebian-installer would need
a "Breaks" and the rdeps a versioned Depends.  I am not entirely sure if
that is applicable for the udeb variants, but I assume KiBi got that
covered if he approves the change.

Thanks,
~Niels

Bug#856441: Please restore OpenRD support

[Philip Hands]

Martin Michlmayr  writes:

...
> Rick Thomas has offered to test on the OpenRD Ultimate and (I believe)
> Client.

If you can point me at relevant images, or instructions on how to build
something that is worth testing, I should have time to do tests of the
OpenRD Ultimate this week.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Bug#856450: texlive-lang-japanese: /usr/bin/kanji-config-updmap{,-sys} are not provided.

[Youhei SASAKI]

Package: texlive-lang-japanese
Version: 2016.20170123-3
Severity: serious

Dear Norbert, 

Two scripts, /usr/bin/kanji-config-updmap{,-sys}, are not provided
because of "debian/scripts.lst" doesn't follow upstream renaming:
jfontmaps -> ptex-fontmaps.

As you know, these scripts are very important for Japanese TeX users.
Please upload fixed version, and consider send unblock request.

Tiny patch attached.

Best Wishes,
Youhei


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages texlive-lang-japanese depends on:
ii  fonts-ipaexfont-gothic  00301-3
ii  fonts-ipaexfont-mincho  00301-3
ii  fonts-ipafont-gothic00303-16
ii  fonts-ipafont-mincho00303-16
ii  ruby1:2.3.3
ii  tex-common  6.06
ii  texlive-base2016.20170123-4
ii  texlive-binaries2016.20160513.41080.dfsg-1
ii  texlive-lang-cjk2016.20170123-3

texlive-lang-japanese recommends no packages.

texlive-lang-japanese suggests no packages.

Versions of packages tex-common depends on:
ii  dpkg  1.18.22
ii  ucf   3.0036

Versions of packages tex-common suggests:
ii  debhelper  10.2.5

Versions of packages texlive-lang-japanese is related to:
ii  tex-common6.06
ii  texlive-binaries  2016.20160513.41080.dfsg-1

-- no debconf information
From 3183110d13d29dc24f0f20c5902fca2a1134b77a Mon Sep 17 00:00:00 2001
From: Youhei SASAKI 
Date: Wed, 1 Mar 2017 15:58:17 +0900
Subject: [PATCH] Follow upstream renaming: jfontmaps -> ptex-fontmaps

Signed-off-by: Youhei SASAKI 
---
 debian/scripts.lst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian/scripts.lst b/debian/scripts.lst
index 38f510b1..2c5963d7 100644
--- a/debian/scripts.lst
+++ b/debian/scripts.lst
@@ -63,9 +63,9 @@ fragmaster/fragmaster.pl
 getmap/getmapdl.lua
 glossaries/makeglossaries
 glossaries/makeglossaries-lite.lua
-jfontmaps/kanji-config-updmap-sys.sh
-jfontmaps/kanji-config-updmap.pl
-jfontmaps/kanji-fontmap-creator.pl
+ptex-fontmaps/kanji-config-updmap-sys.sh
+ptex-fontmaps/kanji-config-updmap.pl
+ptex-fontmaps/kanji-fontmap-creator.pl
 kotex-utils/jamo-normalize.pl
 kotex-utils/komkindex.pl
 kotex-utils/ttf2kotexfont.pl
-- 
2.11.0

Bug#856449:

[Rostislav Pehlivanov]

Hi,

Sorry for the bug report, it turns out that upgrading to the current kernel
git master caused the issue.
You can close this bug report, I'm just hoping someone will spot this
upstream in the kernel and it'll be fixed (unless its intentional).

Bug#856449: libgtk-3-0: Dragging on a touchpad without buttons with 2 fingers no longer possible

[Rostislav Pehlivanov]

Package: libgtk-3-0
Version: 3.22.9-1
Severity: normal

Dear maintainer,

Since upgrading to version 3.22.9, dragging operations cannot be performed using
two fingers on a touchpad without any exposed buttons (e.g. where pushing the 
surface
itself is the button). What happens now is that the cursor remains stationary 
and
instead a scroll up/down action is sent.

Although this might sound like a libinput issue, this issue didn't occur after 
I upgraded
(and rebooted) libinput to 1.6.2 but only after I upgraded libgtk-3-0 from 
3.22.8 to 3.22.9.

Although lately some rather annoying (but still ignorable) issues have happened 
with changes
in behaviour (in both libinput and gnome), this issue breaks workflow when 
selecting any text,
since continuously pressing and dragging on the touchpad reduces precision and 
increases
errors.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0-youmu+ (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libgtk-3-0 depends on:
ii  adwaita-icon-theme  3.22.0-1
ii  hicolor-icon-theme  0.15-1
ii  libatk-bridge2.0-0  2.22.0-1
ii  libatk1.0-0 2.22.0-1
ii  libc6   2.24-9
ii  libcairo-gobject2   1.14.8-1
ii  libcairo2   1.14.8-1
ii  libcolord2  1.3.3-2
ii  libcups22.2.1-8
ii  libepoxy0   1.3.1-2
ii  libfontconfig1  2.11.0-6.7+b1
ii  libfreetype62.6.3-3+b2
ii  libgdk-pixbuf2.0-0  2.36.5-2
ii  libglib2.0-02.51.0-2
ii  libgtk-3-common 3.22.9-1
ii  libjson-glib-1.0-0  1.2.2-1+b1
ii  libpango-1.0-0  1.40.4-1
ii  libpangocairo-1.0-0 1.40.4-1
ii  libpangoft2-1.0-0   1.40.4-1
ii  librest-0.7-0   0.8.0-2
ii  libsoup2.4-12.56.0-2
ii  libwayland-client0  1.12.0-1
ii  libwayland-cursor0  1.12.0-1
ii  libwayland-egl1-mesa [libwayland-egl1]  17.0.0-1
ii  libx11-62:1.6.4-3
ii  libxcomposite1  1:0.4.4-2
ii  libxcursor1 1:1.1.14-1+b1
ii  libxdamage1 1:1.1.4-2+b1
ii  libxext62:1.3.3-1
ii  libxfixes3  1:5.0.3-1
ii  libxi6  2:1.7.9-1
ii  libxinerama12:1.1.3-1+b1
ii  libxkbcommon0   0.7.1-1
ii  libxml2 2.9.4+dfsg1-2.2
ii  libxrandr2  2:1.5.1-1
ii  shared-mime-info1.8-1

Versions of packages libgtk-3-0 recommends:
ii  libgtk-3-bin  3.22.9-1

Versions of packages libgtk-3-0 suggests:
ii  gvfs 1.30.3-1
ii  librsvg2-common  2.40.16-1+b1

-- no debconf information

Bug#855432: unblock: openssl/1.1.0e-1

[Cyril Brulebois]

Cyril Brulebois  (2017-02-21):
> I think that should work, yes. Please let me know when that's happened,
> and I'll do the testing as soon as possible.

This has happened, and building a netboot-gtk image with stretch udebs
and with p-u enabled got me a 1.18-4.1 version of the wget-udeb package,
with the following changes:

+libcrypto1.1-udeb
-libssl1.0.2-udeb
+libssl1.1-udeb

I've successfully tested a full installation over https, so I think it's
fine to accept wget from tpu.


KiBi.


signature.asc
Description: Digital signature

Bug#856448: gdk-pixbuf: CVE-2017-6314: Infinite loop in io-tiff.c with large size

[Salvatore Bonaccorso]

Source: gdk-pixbuf
Version: 2.31.1-2
Severity: important
Tags: upstream security
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=779020

Hi,

the following vulnerability was published for gdk-pixbuf.

CVE-2017-6314[0]:
Infinite loop in io-tiff.c

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6314

Please adjust the affected versions in the BTS as needed. No patch
upstream yet.

Regards,
Salvatore

Bug#856445: gdk-pixbuf: CVE-2017-6313: Integer underflow in io-icns.c

[Salvatore Bonaccorso]

Source: gdk-pixbuf
Version: 2.31.1-2
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for gdk-pixbuf. There is no
patch upstream yet, and from a quick skim over io-icns.c the soure is
there.

CVE-2017-6313[0]:
An dangerous integer underflow in io-icns.c

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6313

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#817193: diffoscope: failing tests: test_gzip.py::test_metadata, test_ipk.py::test_metadata, test_java.py::test_diff

[Chris Lamb]

clone 817193 -1 -2
found -1 77
retitle -1 diffoscope: test_cbfs::test_listing fails due to unexpected header 
in output
found -2 77
retitle -2 diffoscope: test_icc::test_diff fails due to locale difference in 
output
thanks

Zbigniew Jędrzejewski-Szmek wrote:


> With diffoscope-77, I get the following failures:
> (Fedora rawhide amd64 mock, export LC_CTYPE=en_US.utf8 TZ=UTC)

[…]

Thanks; have split this bug accordingly :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#856444: gdk-pixbuf: CVE-2017-6312: Possible out-of-bounds read

[Salvatore Bonaccorso]

Source: gdk-pixbuf
Version: 2.31.1-2
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=779012

Hi,

the following vulnerability was published for gdk-pixbuf.

CVE-2017-6312[0]:
Out-of-bounds read on io-ico.c

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6312

Please adjust the affected versions in the BTS as needed. There is no
patch upstream yet.

Regards,
Salvatore

Bug#853903: RFS: scap-security-guide/0.1.31-9 -- security guides and conformity checks using SCAP standard

[Petter Reinholdtsen]

The WNPP request is now created as https://bugs.debian.org/856425 >.
-- 
Happy hacking
Petter Reinholdtsen

Bug#849355: still occurs in fvwm 1:2.6.7-3

[Jaimos Skriletz]

On Tue, Feb 21, 2017 at 7:17 AM, Vincent Lefevre  wrote:
> On 2017-02-16 11:00:09 -0700, Jaimos Skriletz wrote:
>> The original bug in which the patch appears to have fixed is every
>> time a Button was added/removed from FvwmIconMan causing the window to
>> change sizes, the warning would be triggered. Now it appears to be
>> triggered for other reasons, or at least triggered far less often (as
>> in not every time).
>
> In my case, the warnings seem to occur every time a window is opened
> or closed when FvwmIconMan is started via RestartFunction. Otherwise
> not every time.
>

Strange. The patch worked for me for a while, but after doing a full
reboot of my system I now too get it triggered every time. I went and
looked at Dominik Vogt's original patch and noticed that he just did a
work around on the hints by resetting them then setting them after the
FvwmIconMan window has been resized. Seems there was a race condition
where the window wasn't done being resized by the time the window
hints were set still causing the warning to trigger.

I wrote a small patch that adds a small wait to Dominik Vogt's patch
and so far I am not getting these warnings triggered. The patch is
attached and you can find a .deb I built in stretch here

http://fvwmforums.org/fvwm-2.6.7/

patch is attached as well

jaimos
From 227d7ea2597ec3fec304c53934fcc41773ab7e89 Mon Sep 17 00:00:00 2001
From: Jaimos Skriletz 
Date: Tue, 28 Feb 2017 17:43:12 -0700
Subject: [PATCH 1/1] Wait until FvwmIconMan is resized to set window HINTS

---
 modules/FvwmIconMan/xmanager.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/modules/FvwmIconMan/xmanager.c b/modules/FvwmIconMan/xmanager.c
index 58eaaedc..b4efe890 100644
--- a/modules/FvwmIconMan/xmanager.c
+++ b/modules/FvwmIconMan/xmanager.c
@@ -439,6 +439,16 @@ static void resize_window(WinManager *man)
 }
 MyXUngrabServer(theDisplay);
   }
+
+  // Wait until the window has resised to fix the HINTS.
+  // counter is used to break an infinte loop.
+  XWindowAttributes attribs;
+  int counter = 2;
+  while ( counter && (attribs.width != man->geometry.width ||
+  attribs.height != man->geometry.height)) {
+XGetWindowAttributes(theDisplay, man->theWindow, );
+counter--;
+  }
   fix_manager_size(man, man->geometry.width, man->geometry.height);
 }
 
-- 
2.11.0

Bug#856443: mousepad: Fonts settings not working

[Khurram Mahmood]

Package: mousepad
Version: 0.4.0-4
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Normal working

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Changing the fonts size and bold etc not working.

   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mousepad depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.26.0-2
ii  libc62.24-9
ii  libglib2.0-0 2.50.2-2
ii  libgtk2.0-0  2.24.31-2
ii  libgtksourceview2.0-02.10.5-3
ii  libpango-1.0-0   1.40.3-3

mousepad recommends no packages.

mousepad suggests no packages.

-- no debconf information

Bug#698693: RFP: libclasslojure-clojure -- Clojure library to create a classloader with an alternate classpath

[Elana Hashman]

Control: retitle -1 ITP: libclasslojure-clojure -- Clojure library to 
create a classloader with an alternate classpath


Hi,

I took a stab at packaging this. This is my first package submitted to 
Debian so I don't know what I'm doing.


All the debian/ stuff can be found here: 
https://github.com/ehashman/classlojure


Let me know what you think!

- e

Bug#856442: awesome: Broken README.md link

[Nelson A. de Oliveira]

Package: awesome
Version: 4.0-1
Severity: minor

Hi!

Go to /usr/share/doc/awesome and "ls -l":

=
-rw-r--r-- 1 root root 2814 jan 19 04:25 00-authors.md
-rw-r--r-- 1 root root 2198 jan 19 04:25 01-readme.md.gz
-rw-r--r-- 1 root root 3543 jan 19 04:25 02-contributing.md
-rw-r--r-- 1 root root 4586 jan 19 04:25 changelog.Debian.gz
-rw-r--r-- 1 root root 2884 jan 19 01:24 copyright
drwxr-xr-x 6 root root 4096 fev 28 21:53 doc/
-rw-r--r-- 1 root root  243 jan 19 01:24 NEWS.Debian.gz
-rw-r--r-- 1 root root  435 jan 19 01:24 README.Debian
lrwxrwxrwx 1 root root   17 jan 19 04:25 README.md -> docs/01-readme.md
=

README.md points to a non-existent docs/01-readme.md

I guess it should point to 01-readme.md.gz and also be named README.md.gz

Thank you!

Best regards,
Nelson

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages awesome depends on:
ii  dbus-x11  1.10.16-1
ii  gir1.2-freedesktop1.50.0-1+b1
ii  gir1.2-pango-1.0  1.40.4-1
ii  libc6 2.24-9
ii  libcairo2 1.14.8-1
ii  libdbus-1-3   1.10.16-1
ii  libgdk-pixbuf2.0-02.36.5-2
ii  libglib2.0-0  2.50.3-1
ii  liblua5.1-0   5.1.5-8.1+b2
ii  libstartup-notification0  0.12-4
ii  libx11-6  2:1.6.4-3
ii  libxcb-cursor00.1.1-3
ii  libxcb-icccm4 0.4.1-1
ii  libxcb-keysyms1   0.4.0-1
ii  libxcb-randr0 1.12-1
ii  libxcb-render01.12-1
ii  libxcb-shape0 1.12-1
ii  libxcb-util0  0.3.8-3
ii  libxcb-xinerama0  1.12-1
ii  libxcb-xkb1   1.12-1
ii  libxcb-xrm0   1.0-2
ii  libxcb-xtest0 1.12-1
ii  libxcb1   1.12-1
ii  libxdg-basedir1   1.2.0-1
ii  libxkbcommon-x11-00.7.1-1
ii  libxkbcommon0 0.7.1-1
ii  lua-lgi   0.9.1-1
ii  menu  2.1.47

Versions of packages awesome recommends:
ii  feh2.18-1
pn  rlwrap 
ii  x11-xserver-utils  7.7+7

awesome suggests no packages.

-- debconf-show failed

Bug#855662: fakeroot: when msgrcv is interrupted by a signal, faked accidentally reprocesses the previous message

[Martin Dorey]

> A new bug is better

Agreed:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856439 (
fakeroot doesn't detect and handle message queue and semaphore id collision

Bug#856341: [Freewx-maint] Bug#856341: python-wxgtk3.0: Warning about wxPython is using an older C++ ABI

[Scott Talbert]

On Wed, 1 Mar 2017, Olly Betts wrote:


But the release manager gets to override your artificially inflated severity
so all that really achieves is to waste the RM's precious time.


Why was this binNMU done anyway?

Bug#856337: systemd: please support kernel 4.4, or don't hardcode dm interface versions

[Marc Lehmann]

On Tue, Feb 28, 2017 at 06:35:16PM +0100, Michael Biebl  
wrote:
> Can you elaborate where and how such data corruption can happen?
> Not being able to shutdown/detach all DM devices has been the case for
> basically forever in Debian (most prominent example if / is on LVM).
> I've never seen data corruption as a result of this.

Dmcache is good at caching random reads. when it isn't shut down cleanly,
even in writethrough ("read-only") mode, it will mark every block in
the cache as dirty and write it back. in my case, with a modest 40GB
cache for a 20TB volume, this results in hours of extremely high-seek
workloads. This stresses almost everything, the I/O subsystem, any
hardware controllers, the bus, programs which are constantly timeouting
due to the heavy I/O and so on. This can (and multiple times has) caused
latent bugs in dmcache to corrupt data which wouldn't have happened if the
cache was cleanly shut down. In the case of a larger ssd-based subsysstem
as origin device, this can also cause excessive wear.

I am not trying to pull the data corruption club here - the behaviour itself
is not directly causing corruption, it is merely asking for it. the biggest
issue for me with current kernels is that servers that are not shut down
cleanly are extremely sluggish for hours, basically unusable.

Also, I indeed initially had trouble with systemd and used a script to
clean up the dm tables (this is hard to do with systemd though, as it's
not easy to insert this at the right time during shutdown), but in jessie,
and with my current setup(s), it was able to clean up the dm targets -
maybe due to luck, so the script didn't run.

Looking at the systemd-shutdown sources (thanks for pointing those out!),
it becomes quite clear that systemd-shutdown is not even best-effort, but
more or less a nice attempt - for example, it doesn't do a topological
sort to clean up dependencies but simply does a fixed number of loops in
the hope that this resolves issues.

A topological sort would be trivial to implement - simply loop until
either no progress can be made or all devices have been shut down. That
would be a) correct and b) faster than simply looping a few times.

(I was looking at the jessie sources because most of our servers run
jessie, ignore this if it's already ifxed, otherwise, that would be an
obvious improvement :).

Greetings, and again, thanks for treating this as an actual bug.

-- 
The choice of a   Deliantra, the free code+content MORPG
  -==- _GNU_  http://www.deliantra.net
  ==-- _   generation
  ---==---(_)__  __   __  Marc Lehmann
  --==---/ / _ \/ // /\ \/ /  schm...@schmorp.de
  -=/_/_//_/\_,_/ /_/\_\ny

Bug#856337: systemd: please support kernel 4.4, or don't hardcode dm interface versions

[Marc Lehmann]

On Tue, Feb 28, 2017 at 02:55:30PM +0100, Michael Biebl  
wrote:
> >> Can you please elaborate why you filed this against systemd?
> > 
> > Because I thought systemd is what cleans up dm-targets at shutdown. 
> 
> From your initial bug report, it was not clear where exactly you got
> this message.

Sorry - to my credits, though, I did write it happens on reboot, and I am
not an expert on systemd internals (which, written in C, are very hard to
follow).

> -- 
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?

Because intelligent life on earth is already well-documented by other
means btw. :)

-- 
The choice of a   Deliantra, the free code+content MORPG
  -==- _GNU_  http://www.deliantra.net
  ==-- _   generation
  ---==---(_)__  __   __  Marc Lehmann
  --==---/ / _ \/ // /\ \/ /  schm...@schmorp.de
  -=/_/_//_/\_,_/ /_/\_\

Bug#856438: [pkg-gnupg-maint] Bug#856438: Add logcheck filters for systemd “Listening on GnuPG…” & “Closed GnuPG…” messages

[Michael[tm] Smith]

Hi Daniel,

Daniel Kahn Gillmor , 2017-02-28 18:30 -0800:
> 
> On Tue 2017-02-28 18:17:08 -0800, Michael[tm] Smith wrote:
> > Per discussion at 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850982#75
> > please consider adding the following to 
> > /etc/logcheck/ignore.d.server/systemd
> > as part of the gnupg-agent package install.
> 
> thanks for this suggestion, Michael.  I'm not sure why you're suggesting
> /etc/logcheck/ignore.d.server/systemd though.
> 
> why .../systemd in particular?  shouldn't it be .../gpg-agent ?

Yeah, no reason I know of why it must be in .../systemd

The reason I had suggested .../systemd was just that I noticed that on my system
at least, all systemd filter rules are in /etc/logcheck/ignore.d.server/systemd

So I suppose I wrongly just simply assumed the logcheck convention was to
put filters for all systemd messages in that file.

I don’t otherwise know what conventions are used by package maintainers for
deciding what filenames to put logcheck filters in, but intuitively I guess
it’d seem to make the most sense to use the same name as whatever
package the filters are specific too.

In other words, yeah, .../gpg-agent :)

-- 
Michael[tm] Smith https://sideshowbarker.net/


signature.asc
Description: PGP signature

Bug#856441: Please restore OpenRD support

[Martin Michlmayr]

Package: u-boot
Version: 2016.11+dfsg1-3
Severity: wishlist

Debian introduced OpenRD images and later removed them because the
stopped working (see #837629).

A fix has now been posted upstream:
https://lists.denx.de/pipermail/u-boot/2017-February/282676.html

I would like to kindly request that the OpenRD images be restored
for stretch.  The reasons are:

 * stretch will be the last release to include support for the armel
   architecture, so it would be good to get support for this device
   as complete as possible.
 * While Debian can be installed with the default u-boot shipped on
   the OpenRD, the one provided by Debian is much more modern.

On the other hand, there are few OpenRD users, so this is not high
priority.

I haven't spoken to the release team but in the past they have been
supportive towards changes for hardware support.

Rick Thomas has offered to test on the OpenRD Ultimate and (I believe)
Client.

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#856440: yabar: Crashes through regular system use

[Prescott]

Package: yabar
Version: 0.4.0-1
Severity: important

   I'm using yabar with bspwm, and have it set to start through my wm's
   bootstrap routine.  I hadn't noticed anything strange until I opened
   up a spreadsheet with libreoffice.  Upon opening the program, the bar
   disappeared from my screen, and a quick check of my processes shows
   that it crashed.  The second time it occured was when I was switching
   bspwm workspaces.  Below are the error messages associated with both
   crashes from my system's syslog:

   traps: yabar[16560] general protection ip:7fedec59c344
   sp:7ffcf1b11358 error:0

   [18937.190299] yabar [22385]: segfault at 0 ip 55aac6766ff84 sp
   7ffcd2bd7db0 error 4 in yabar [55aac6763+9000]


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages yabar depends on:
ii  libc62.24-9
ii  libcairo21.14.8-1
ii  libconfig9   1.5-0.3
ii  libglib2.0-0 2.50.2-2
ii  libpango-1.0-0   1.40.3-3
ii  libpangocairo-1.0-0  1.40.3-3
ii  libxcb-ewmh2 0.4.1-1
ii  libxcb-randr01.12-1
ii  libxcb1  1.12-1

yabar recommends no packages.

Versions of packages yabar suggests:
ii  fonts-font-awesome  4.7.0~dfsg-1

-- no debconf information

Bug#856438: [pkg-gnupg-maint] Bug#856438: Add logcheck filters for systemd “Listening on GnuPG…” & “Closed GnuPG…” messages

[Daniel Kahn Gillmor]

On Tue 2017-02-28 18:17:08 -0800, Michael[tm] Smith wrote:
> Per discussion at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850982#75
> please consider adding the following to /etc/logcheck/ignore.d.server/systemd
> as part of the gnupg-agent package install.

thanks for this suggestion, Michael.  I'm not sure why you're suggesting
/etc/logcheck/ignore.d.server/systemd though.

why .../systemd in particular?  shouldn't it be .../gpg-agent ?

--dkg

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

[Michael[tm] Smith]

Daniel Kahn Gillmor , 2017-02-28 16:12 -0800:
> ...
> Sure, i'd be happy to accept reasonable logcheck filters to the
> gpg-agent and dirmngr binary packages.  Please submit a separate bug
> report with the suggested filters, and i'll review them and roll them
> into the next release.

Thanks—raised at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856438

-- 
Michael[tm] Smith https://sideshowbarker.net/


signature.asc
Description: PGP signature

Bug#856439: fakeroot doesn't detect and handle message queue and semaphore id collision

[Martin Dorey]

Package: fakeroot
Version: 1.20.2-1
Severity: normal
Tags: patch

Dear Maintainer,

I'm raising this as requested by Clint in:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855662#15

Fixing that bug (fakeroot: when msgrcv is interrupted by a signal, faked
accidentally reprocesses the previous message) stopped faked from overwriting
errno, which led me to realize that my intermittent failure problem while
building several packages at once might always be due to EIDRM.  (I only had
one failure with the patched version from that bug before contriving the patch
I submit here, so I don't have a big sample size.)  That led me to realize
that faked is, by default, inventing a random number on which to base its
message queue and semaphore ids.  When it then creates the message queues and
semaphore, it doesn't check for collisions.  Here I present a patch that I
hope detects that situation and retries.  I haven't seen a failure with this
patch, but I've only been running with it since last Friday.  I was previously
seeing as little as one failure per week.  I also haven't attempted the obvious
change to fail visibly in this case, which would have given me confidence that
the diagnosis was right.  I don't know why some of build machines seem more
vulnerable than others.  I don't know why I've only seen this since they were
upgraded to Jessie.  I based the patch supplied here on:

https://anonscm.debian.org/cgit/users/clint/fakeroot.git/

I wasn't sure whether Clint was asking me to base it instead on some upstream
branch.  That was at least due to the corporate email link mangler but I'm
quite new to git and Debian packaging.  This isn't the version I'm running,
which is instead based on the Jessie version.  I'm open to persuasion for
other experiments.


-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable'), (500, 
'testing-updates'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 
'testing'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fakeroot depends on:
ii  libc62.19-18+deb8u7
ii  libfakeroot  1.20.2-1

fakeroot recommends no packages.

fakeroot suggests no packages.

-- no debconf information
diff --git a/faked.c b/faked.c
index a0f92ca..d280668 100644
--- a/faked.c
+++ b/faked.c
@@ -1305,6 +1305,7 @@ int main(int argc, char **argv){
 #ifndef FAKEROOT_FAKENET
   union semun sem_union;
   int justcleanup = 0;
+  int msgflag = IPC_CREAT|0600;
 #else /* FAKEROOT_FAKENET */
   int sd, val;
   unsigned int port = 0;
@@ -1375,29 +1376,42 @@ int main(int argc, char **argv){
 
 #ifndef FAKEROOT_FAKENET
 
-  if(!msg_key) {
-srandom(time(NULL)+getpid()*33151);
-while(!msg_key && (msg_key!=-1))  /* values 0 and -1 are treated
-	 specially by libfake */
-  msg_key=random();
-  }
+  do {
+if(!msg_key) {
+  msgflag |= IPC_EXCL;
+  srandom(time(NULL)+getpid()*33151);
+  while(!msg_key && (msg_key!=-1))  /* values 0 and -1 are treated
+   specially by libfake */
+msg_key=random();
+}
 
-  if(debug)
-fprintf(stderr,"using %li as msg key\n",(long)msg_key);
+if(debug)
+  fprintf(stderr,"using %li as msg key\n",(long)msg_key);
+
+msg_get=msgget(msg_key,msgflag);
+if (msg_get != -1)
+  msg_snd=msgget(msg_key+1,msgflag);
+if (msg_snd != -1)
+  sem_id=semget(msg_key+2,1,msgflag);
+
+if((msg_get==-1)||(msg_snd==-1)||(sem_id==-1)){
+  if (errno == EEXIST) {
+if(debug)
+  fprintf(stderr,"using %li as msg key caused a collision, trying again\n",(long)msg_key);
+cleanup(-1);
+msg_key = 0;
+continue;
+  }
+  perror("fakeroot, while creating message channels");
+  fprintf(stderr, "This may be due to a lack of SYSV IPC support.\n");
+  cleanup(-1);
+  exit(1);
+}
+  } while(msg_key == 0);
 
-  msg_get=msgget(msg_key,IPC_CREAT|0600);
-  msg_snd=msgget(msg_key+1,IPC_CREAT|0600);
-  sem_id=semget(msg_key+2,1,IPC_CREAT|0600);
   sem_union.val=1;
   semctl (sem_id,0,SETVAL,sem_union);
 
-  if((msg_get==-1)||(msg_snd==-1)||(sem_id==-1)){
-perror("fakeroot, while creating message channels");
-fprintf(stderr, "This may be due to a lack of SYSV IPC support.\n");
-cleanup(-1);
-exit(1);
-  }
-
   if(debug)
 fprintf(stderr,"msg_key=%li\n",(long)msg_key);
 

Bug#855282: debsign: support .buildinfo files

[James McCoy]

On Wed, Mar 01, 2017 at 02:58:29AM +0100, Guillem Jover wrote:
> Hi!
> 
> On Fri, 2017-02-17 at 06:08:25 +0100, Guillem Jover wrote:
> > On Thu, 2017-02-16 at 17:23:00 +, Ximin Luo wrote:
> > > Control: tags + patch
> > 
> > > I've done an initial implementation here:
> > > 
> > > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> > > 
> > > Please review!
> > 
> > I think something like the attached patch on top of your branch HEAD
> > is also needed.
> 
> Here's another patch to support the finalized format 1.0 sitting now
> in dpkg's git master, pending upload to unstable.

Merged.  Thanks!

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#856438: Add logcheck filters for systemd “Listening on GnuPG…” & “Closed GnuPG…” messages

[Michael[tm] Smith]

Package: gnupg-agent
Version: 2.1.18-3
Severity: wishlist

Per discussion at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850982#75
please consider adding the following to /etc/logcheck/ignore.d.server/systemd
as part of the gnupg-agent package install.

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG cryptographic agent and passphrase cache\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG network certificate management daemon\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG cryptographic agent and passphrase cache \(restricted\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG cryptographic agent \(access for web browsers\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG cryptographic agent \(ssh-agent emulation\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
network certificate management daemon\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
cryptographic agent and passphrase cache\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
cryptographic agent and passphrase cache \(restricted\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
cryptographic agent \(ssh-agent emulation\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
cryptographic agent \(access for web browsers\)\.$

I’ve also attached the filters in a separate file.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg-agent depends on:
ii  libassuan0  2.4.3-2
ii  libc6   2.24-9
ii  libgcrypt20 1.7.6-1
ii  libgpg-error0   1.26-2
ii  libnpth01.3-1
ii  libreadline77.0-2
ii  pinentry-curses [pinentry]  1.0.0-2

Versions of packages gnupg-agent recommends:
ii  gnupg  2.1.18-3

Versions of packages gnupg-agent suggests:
pn  dbus-user-session  
pn  libpam-systemd 
pn  pinentry-gnome3
pn  scdaemon   

-- debconf-show failed
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG cryptographic agent and passphrase cache\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG network certificate management daemon\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG cryptographic agent and passphrase cache \(restricted\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG cryptographic agent \(access for web browsers\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on 
GnuPG cryptographic agent \(ssh-agent emulation\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
network certificate management daemon\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
cryptographic agent and passphrase cache\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
cryptographic agent and passphrase cache \(restricted\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
cryptographic agent \(ssh-agent emulation\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG 
cryptographic agent \(access for web browsers\)\.$

Bug#273816: marked as done (screen blocks the output in copy/scrollback mode, leading to denial of service)

[Vincent Lefevre]

Hi,

On 2017-02-27 22:57:37 +0100, Axel Beckert wrote:
> Vincent: Can you still reproduce this issue? I'm not sure what exactly
> I should do to reproduce the bug as I have not much of an idea what
> you mean with "a server is running inside screen". Can you please
> provide an example on how to reproduce this?

This is still reproducible:

1. Start screen.

2. In it, do: while true; do touch zzz; date; done
   (One can see that the timestamp of zzz increases every second,
   e.g. with "watch -n 1 ls -l zzz" in another terminal.)

3. In screen, type C-a [ to enter copy mode.

The effect is that the timestamp of zzz is no longer updated.

Note that something like "nonblock 5" has no effect.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#855977: evince: hyperlinks not clickable - feature request: automatic links

[Jason Crain]

On Fri, Feb 24, 2017 at 12:30:50AM +0100, Petr Vanek wrote:
> I have been using Evince for years and am happy with it, but for
> whatever reason, it doesn't make links clickable in my own created
> documents, see example here: http://www.penguin.cz/~vanous/out.pdf - the
> numbers in circles have hyperlinks underneath.

This particular bug has already been reported upstream to the evince
developers at https://bugzilla.gnome.org/669107.  As such, I am closing
this bug because I do not feel that keeping it open is helpful.  If you
have further comments for this bug, please direct them to the GNOME
bugzilla.

Bug#855282: debsign: support .buildinfo files

[Guillem Jover]

Hi!

On Fri, 2017-02-17 at 06:08:25 +0100, Guillem Jover wrote:
> On Thu, 2017-02-16 at 17:23:00 +, Ximin Luo wrote:
> > Control: tags + patch
> 
> > I've done an initial implementation here:
> > 
> > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> > 
> > Please review!
> 
> I think something like the attached patch on top of your branch HEAD
> is also needed.

Here's another patch to support the finalized format 1.0 sitting now
in dpkg's git master, pending upload to unstable.

Thanks,
Guillem
From d21172ba5d15f920929892e72ccc7bd83024628f Mon Sep 17 00:00:00 2001
From: Guillem Jover 
Date: Tue, 28 Feb 2017 00:13:52 +0100
Subject: [PATCH] Add support for finalized .buildinfo format 1.0

---
 scripts/debsign.sh   | 2 +-
 scripts/dscverify.pl | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/debsign.sh b/scripts/debsign.sh
index 4b2b22cb..2eb23df5 100755
--- a/scripts/debsign.sh
+++ b/scripts/debsign.sh
@@ -462,7 +462,7 @@ fixup_control() {
 }
 
 fixup_buildinfo() {
-fixup_control '$major != 0 or $minor > 2' dsc buildinfo "$@"
+fixup_control '($major != 0 or $minor > 2) and ($major != 1 or $minor > 0)' dsc buildinfo "$@"
 }
 
 fixup_changes() {
diff --git a/scripts/dscverify.pl b/scripts/dscverify.pl
index 381ebff5..45f2c605 100755
--- a/scripts/dscverify.pl
+++ b/scripts/dscverify.pl
@@ -208,7 +208,8 @@ sub process_file {
 	$major += 0;
 	$minor += 0;
 	if ($file =~ /\.changes$/ and ($major != 1 or $minor > 8) or
-	$file =~ /\.buildinfo$/ and ($major != 0 or $minor > 2)) {
+	$file =~ /\.buildinfo$/ and (($major != 0 or $minor > 2) and
+	 ($major != 1 or $minor > 0))) {
 	xwarn "$file is an unsupported format: $format\n";
 	return;
 	}
-- 
2.12.0.rc1.440.g5b76565f74

Bug#856341: [Freewx-maint] Bug#856341: python-wxgtk3.0: Warning about wxPython is using an older C++ ABI

[Olly Betts]

On Tue, Feb 28, 2017 at 08:37:39PM -0500, Scott Talbert wrote:
> On Wed, 1 Mar 2017, Olly Betts wrote:
> 
> >>It sure would be nice to get rid of this warning which will otherwise be
> >>around for the duration of stretch.  You don't think it's worth filing a
> >>freeze exception?
> >
> >Severity "minor" means it doesn't meet the criteria:
> >
> >https://lists.debian.org/debian-devel-announce/2016/11/msg9.html
> 
> True, but as I read the bug severity levels, it could be classified as
> serious as a matter of maintainer opinion: "... or, in the package
> maintainer's or release manager's opinion, makes the package unsuitable for
> release."

But the release manager gets to override your artificially inflated severity
so all that really achieves is to waste the RM's precious time.

Cheers,
Olly

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

[Daniel Kahn Gillmor]

On Tue 2017-02-28 13:04:15 -0800, Michael[tm] Smith wrote:
> OK one small very concrete thing I think would help would be if the package
> added logcheck filters for messages the change has caused to now start
> getting logged to syslog in the following form:
>
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG 
> cryptographic agent and passphrase cache.
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG network 
> certificate management daemon.
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG 
> cryptographic agent and passphrase cache (restricted).
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG 
> cryptographic agent (access for web browsers).
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG 
> cryptographic agent (ssh-agent emulation).
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG network 
> certificate management daemon.
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic 
> agent and passphrase cache.
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic 
> agent and passphrase cache (restricted).
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic 
> agent (ssh-agent emulation).
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic 
> agent (access for web browsers).
>
> Would it be possible for the package maintainers to add logcheck filters
> for those? Should I file a separate bug to request that?

Sure, i'd be happy to accept reasonable logcheck filters to the
gpg-agent and dirmngr binary packages.  Please submit a separate bug
report with the suggested filters, and i'll review them and roll them
into the next release.

All the best,

--dkg

Bug#856341: [Freewx-maint] Bug#856341: python-wxgtk3.0: Warning about wxPython is using an older C++ ABI

[Scott Talbert]

On Wed, 1 Mar 2017, Olly Betts wrote:


This will have started because wxwidgets3.0 got binNMUed a few days ago.
I doubt we can address this for stretch though.


It sure would be nice to get rid of this warning which will otherwise be 
around for the duration of stretch.  You don't think it's worth filing a 
freeze exception?

Bug#856341: [Freewx-maint] Bug#856341: python-wxgtk3.0: Warning about wxPython is using an older C++ ABI

[Scott Talbert]

On Wed, 1 Mar 2017, Olly Betts wrote:


It sure would be nice to get rid of this warning which will otherwise be
around for the duration of stretch.  You don't think it's worth filing a
freeze exception?


Severity "minor" means it doesn't meet the criteria:

https://lists.debian.org/debian-devel-announce/2016/11/msg9.html


True, but as I read the bug severity levels, it could be classified as 
serious as a matter of maintainer opinion: "... or, in the package 
maintainer's or release manager's opinion, makes the package unsuitable 
for release."

Bug#856129: pre-approval: notmuch/0.23.6-1

[David Bremner]

Jonathan Wiltshire  writes:

> Control: tag -1 confirmed moreinfo
>
> On Sat, Feb 25, 2017 at 09:10:01AM -0400, David Bremner wrote:
>> I've appended a diff from upstream git, this also includes any debian
>> changes except finalizing the date and distribution in the
>> changelog(s).
>
> Please go ahead, and remove the moreinfo tag from this bug when it is built
> on all architectures.

Here's an updated debdiff.

I turned out my initial idea was flawed. Or gnupg is flawed. Or
something. In anycase the new debdiff is actually smaller (not counting
upstream changelog).

diff -Nru notmuch-0.23.5/bindings/python/notmuch/version.py notmuch-0.23.7/bindings/python/notmuch/version.py
--- notmuch-0.23.5/bindings/python/notmuch/version.py	2017-01-09 06:25:01.0 -0400
+++ notmuch-0.23.7/bindings/python/notmuch/version.py	2017-02-28 20:49:24.0 -0400
@@ -1,3 +1,3 @@
 # this file should be kept in sync with ../../../version
-__VERSION__ = '0.23.5'
+__VERSION__ = '0.23.7'
 SOVERSION = '4'
diff -Nru notmuch-0.23.5/debian/changelog notmuch-0.23.7/debian/changelog
--- notmuch-0.23.5/debian/changelog	2017-01-09 06:24:39.0 -0400
+++ notmuch-0.23.7/debian/changelog	2017-02-28 20:39:30.0 -0400
@@ -1,3 +1,10 @@
+notmuch (0.23.7-1) unstable; urgency=medium
+
+  * Move test suite $GNUPGHOME to /tmp to avoid problems with long build paths.
+  * Fix read-after-free bug in `notmuch new`.
+
+ -- David Bremner   Tue, 28 Feb 2017 20:39:30 -0400
+
 notmuch (0.23.5-1) unstable; urgency=medium
 
   * Remove RUNPATH from /usr/bin/notmuch
diff -Nru notmuch-0.23.5/lib/database.cc notmuch-0.23.7/lib/database.cc
--- notmuch-0.23.5/lib/database.cc	2017-01-09 06:25:01.0 -0400
+++ notmuch-0.23.7/lib/database.cc	2017-02-28 20:49:24.0 -0400
@@ -652,7 +652,7 @@
 	ref = _parse_message_id (ctx, refs, );
 
 	if (ref && strcmp (ref, message_id)) {
-	g_hash_table_insert (hash, ref, NULL);
+	g_hash_table_add (hash, ref);
 	last_ref = ref;
 	}
 }
@@ -661,7 +661,7 @@
  * reference to the database.  We should avoid making a message
  * its own parent, thus the above check.
  */
-return last_ref;
+return talloc_strdup(ctx, last_ref);
 }
 
 notmuch_status_t
diff -Nru notmuch-0.23.5/NEWS notmuch-0.23.7/NEWS
--- notmuch-0.23.5/NEWS	2017-01-09 06:25:01.0 -0400
+++ notmuch-0.23.7/NEWS	2017-02-28 20:49:24.0 -0400
@@ -1,3 +1,33 @@
+Notmuch 0.23.7 (2017-02-28)
+===
+
+Test Suite
+--
+
+Drop use of gpgconf --create-socketdir. Move $GNUPGHOME to /tmp.
+
+  It turns out the hardcoded use of /run/user in gpg doesn't work out
+  that well in some environments. The more low tech fix is to move all
+  of $GNUPGHOME to somewhere where we can control the length of the
+  paths.
+
+Notmuch 0.23.6 (2017-02-27)
+===
+
+Command Line Interface
+--
+
+Fix read-after-free bug in `notmuch new`.
+
+Test Suite
+--
+
+Use gpgconf --create-socketdir if available.
+
+  GnuPG has a facility to use sockets in /run or /var/run to avoid
+  problems with long socket paths, but this is not enabled by default
+  for GNUPGHOME other than $HOME/.gnupg. Enable it, if possible.
+
 Notmuch 0.23.5 (2017-01-09)
 ===
 
diff -Nru notmuch-0.23.5/test/test-lib-common.sh notmuch-0.23.7/test/test-lib-common.sh
--- notmuch-0.23.5/test/test-lib-common.sh	2017-01-09 06:25:01.0 -0400
+++ notmuch-0.23.7/test/test-lib-common.sh	2017-02-28 20:49:24.0 -0400
@@ -158,7 +158,6 @@
 mkdir -p "${HOME}"
 
 MAIL_DIR="${TMP_DIRECTORY}/mail"
-export GNUPGHOME="${TMP_DIRECTORY}/gnupg"
 export NOTMUCH_CONFIG="${TMP_DIRECTORY}/notmuch-config"
 
 mkdir -p "${test}"
diff -Nru notmuch-0.23.5/test/test-lib.sh notmuch-0.23.7/test/test-lib.sh
--- notmuch-0.23.5/test/test-lib.sh	2017-01-09 06:25:01.0 -0400
+++ notmuch-0.23.7/test/test-lib.sh	2017-02-28 20:49:24.0 -0400
@@ -270,6 +270,8 @@
 GIT_EXIT_OK=
 # Note: TEST_TMPDIR *NOT* exported!
 TEST_TMPDIR=$(mktemp -d "${TMPDIR:-/tmp}/notmuch-test-$$.XX")
+# Put GNUPGHOME in TMPDIR to avoid problems with long paths.
+export GNUPGHOME="${TEST_TMPDIR}/gnupg"
 trap 'trap_exit' EXIT
 trap 'trap_signal' HUP INT TERM
 
diff -Nru notmuch-0.23.5/version notmuch-0.23.7/version
--- notmuch-0.23.5/version	2017-01-09 06:29:27.0 -0400
+++ notmuch-0.23.7/version	2017-02-28 21:05:57.0 -0400
@@ -1 +1 @@
-0.23.5
+0.23.7


signature.asc
Description: PGP signature

Bug#856341: [Freewx-maint] Bug#856341: python-wxgtk3.0: Warning about wxPython is using an older C++ ABI

[Olly Betts]

On Tue, Feb 28, 2017 at 08:24:24PM -0500, Scott Talbert wrote:
> On Wed, 1 Mar 2017, Olly Betts wrote:
> >This will have started because wxwidgets3.0 got binNMUed a few days ago.
> >I doubt we can address this for stretch though.
> 
> It sure would be nice to get rid of this warning which will otherwise be
> around for the duration of stretch.  You don't think it's worth filing a
> freeze exception?

Severity "minor" means it doesn't meet the criteria:

https://lists.debian.org/debian-devel-announce/2016/11/msg9.html

Cheers,
Olly

Bug#790814: ITP: kanboard -- A PHP project management system with a kanban workflow style interface and various integrations.

[陳昌倬]

Control: owner -1 !

On Tue, Feb 28, 2017 at 07:48:55PM +, John Hackett wrote:
> Go ahead - do I need to do anything to release it to you?

I will handle it, thanks.


-- 
ChangZhuo Chen (陳昌倬) 
Debian Developer (https://nm.debian.org/public/person/czchen)
Key fingerprint = BA04 346D C2E1 FE63 C790  8793 CC65 B0CD EC27 5D5B


signature.asc
Description: PGP signature

Bug#856350: qutemol: FTBFS (#error This file requires compiler and library support)

[Olly Betts]

On Tue, Feb 28, 2017 at 06:57:43PM +0200, Adrian Bunk wrote:
> This is caused by the recent binNMU (sic) of wxwidgets3.0,
> that resulted in wx3.0-headers requiring a C++11 compiler
> (first rebuild with gcc 6 that defaults to C++11).
> 
> This breaks building of qutemol (and potentially other rdeps) that are 
> building with -std=gnu++98 to avoid C++11 FTBFS.
> 
> This should really be fixed in rdeps like qutemol, but since we
> are already inside the freeze I'd suggest the following change to 
> wxwidgets3.0 for stretch:

> -$(shell DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed dpkg-buildflags 
> --export=configure)
> +$(shell DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed 
> DEB_CXXFLAGS_MAINT_APPEND=-std=gnu++98 dpkg-buildflags --export=configure)

That seems sensible to me - it should actually be closer to the
pre-binNMU state.

Cheers,
Olly

Bug#856431: [Reportbug-maint] Bug#856431: reportbug: "x - Provide extra information" should Cc the bug submitter

[Sandro Tosi]

On Tue, Feb 28, 2017 at 6:38 PM, Samuel Thibault  wrote:
> When running e.g. reportbug -N xyz and selecting
>
> x - Provide extra information.
>
> only x...@bugs.debian.org is set as recipient,
> xyz-submit...@bugs.debian.org is not. That is not what people expect to
> happen, they expect to be sharing their experience with other reporters.
> So I'd say reportbug should put xyz-submit...@bugs.debian.org in Cc.

the discussion about where nn@b.d.o should be delivered to (the
submitted in automatic, all that contributed to the bug, as is) has
been going on for years. For example: how can you be certain that the
submitter actually cares about the discussion of the bug and it was
not just a "report and forget" (feel free to search d-devel archives
for this very same argument).

it sounds like it should be addressed in the BTS itself than reportbug

-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
G+: https://plus.google.com/u/0/+SandroTosi

Bug#856437: postgresql-plproxy: autopkgtest depends on newpid which fails to install LXD runners

[Nishanth Aravamudan]

Package: postgresql-plproxy
Version: 2.7-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu zesty ubuntu-patch

Dear Maintainer,

In Ubuntu, the attached patch was applied to achieve the following:

  * d/t/control: the newpid package fails to install in LXD
environments (relies on fs capabilities which are disallowed by the
kernel in user namespaces), so use unshare instead.

Thanks for considering the patch.

*** /tmp/tmp9Ftaz0/postgresql-plproxy_2.7-1ubuntu2.debdiff
diff -Nru postgresql-plproxy-2.7/debian/tests/control 
postgresql-plproxy-2.7/debian/tests/control
--- postgresql-plproxy-2.7/debian/tests/control 2017-02-28 10:19:53.0 
-0800
+++ postgresql-plproxy-2.7/debian/tests/control 2017-02-28 16:28:57.0 
-0800
@@ -1,3 +1,3 @@
 Tests: installcheck
-Depends: @, postgresql-server-dev-all, newpid
+Depends: @, postgresql-server-dev-all, util-linux
 Restrictions: allow-stderr needs-root
diff -Nru postgresql-plproxy-2.7/debian/tests/installcheck 
postgresql-plproxy-2.7/debian/tests/installcheck
--- postgresql-plproxy-2.7/debian/tests/installcheck2017-02-28 
10:19:53.0 -0800
+++ postgresql-plproxy-2.7/debian/tests/installcheck2017-02-28 
16:28:57.0 -0800
@@ -32,7 +32,7 @@
if ! chmod o+w $AUTOPKGTEST_TMP && \
PG_CLUSTER_CONF_ROOT=$AUTOPKGTEST_TMP \
PG_CONFIG=/usr/lib/postgresql/$v/bin/pg_config \
-   newnet pg_virtualenv -c "-p 5432 --locale C -s 
$AUTOPKGTEST_TMP" -i '--auth trust' -v $v \
+   unshare -inu pg_virtualenv -c "-p 5432 --locale C -s 
$AUTOPKGTEST_TMP" -i '--auth trust' -v $v \
make -f $PWD/Makefile installcheck; then \
head -n 500 regression.diffs
exit 1


-- System Information:
Debian Release: stretch/sid
  APT prefers zesty
  APT policy: (500, 'zesty')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Nishanth Aravamudan
Ubuntu Server
Canonical Ltd

Bug#856341: python-wxgtk3.0: Warning about wxPython is using an older C++ ABI

[Olly Betts]

On Tue, Feb 28, 2017 at 11:33:08AM +0300, Andrey Skvortsov wrote:
> If wxPython application (for example wxglade) is started, warning about
> mismatching C++ ABI is shown.
> 
> Here is simple example to reproduce the case.
> 
> $ python -c 'import wx'
> 11:15:20: Warning: Mismatch between the program and library build versions
> detected.
> The library used 3.0 (wchar_t,compiler with C++ ABI 1010,wx
> containers,compatible with 2.8),
> and wxPython used 3.0 (wchar_t,compiler with C++ ABI 1009,wx
> containers,compatible with 2.8).
> 
> Probably wxPython needs to be rebuilt to make this warning go away.

This will have started because wxwidgets3.0 got binNMUed a few days ago.
I doubt we can address this for stretch though.

Cheers,
Olly

Bug#856436: xrdp: client is not connecting when security_layer=tls

[Jacco Kwaaitaal]

Package: xrdp
Version: 0.9.1-7
Severity: normal

Dear Maintainer,

If in xrdp.ini the option security_layer=tls is configured, a client is not
able to connect. 

E.g. on the client-side using rdesktop the following error is displayed:
140464326739656:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
number:s3_pkt.c:348:
Failed to connect, SSL required by server.

The xrdp.log shows:
[20170301-01:31:33] [INFO ] A connection received from: -X- port 53758
[20170301-01:31:33] [DEBUG] Closed socket 12 (AF_INET6 -X- port 3389)
[20170301-01:31:33] [DEBUG] Closed socket 11 (AF_INET6 -X- port 3389)
[20170301-01:31:33] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20170301-01:31:33] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20170301-01:31:33] [DEBUG] Security layer: requested 1, selected 1
[20170301-01:31:33] [DEBUG] Closed socket 12 (AF_INET6 -X- port 3389)
[20170301-01:31:33] [ERROR] Listening socket is in wrong state, terminating 
listener

I have tried the option disableSSLv3=true, but that doesn't make any difference.
Other clients (remmina, xfreerdp, windows remote desktop client) won't work 
either.
The cert/key-files have umask 600 owned by root.
I have tried to explicitly choose non-SSLv3 ciphers with the option
tls_ciphers=HIGH:-SSLv3, but that didn't work.

It should be possible to reproduce this with a standard Stretch installation.

Best regards,
Jacco

-- System Information:
Debian Release: 9.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xrdp depends on:
ii  adduser  3.115
ii  init-system-helpers  1.47
ii  libc62.24-9
ii  libfuse2 2.9.7-1
ii  libjpeg62-turbo  1:1.5.1-2
ii  libopus0 1.2~alpha2-1
ii  libpam0g 1.1.8-3.5
ii  libssl1.11.1.0e-1
ii  libx11-6 2:1.6.4-3
ii  libxfixes3   1:5.0.3-1
ii  libxrandr2   2:1.5.1-1
ii  lsb-base 9.20161125
ii  ssl-cert 1.0.38

Versions of packages xrdp recommends:
ii  fuse  2.9.7-1
ii  xorgxrdp  0.9.1-7

Versions of packages xrdp suggests:
pn  guacamole  

Versions of packages xorgxrdp depends on:
ii  libc6  2.24-9
pn  xorg-input-abi-24  
ii  xserver-xorg-core [xorg-video-abi-23]  2:1.19.1-4

Versions of packages xorgxrdp recommends:
ii  xorg  1:7.7+18

Versions of packages xrdp is related to:
pn  vnc-server   
pn  xserver-xorg-legacy  

-- no debconf information

Bug#856435: libortp-dev: Old RFC still mentioned as reference

[Stéphane Bortzmeyer]

Package: libortp-dev
Version: 3.6.1-3
Severity: minor

Dear Maintainer,

The description of the package mentions RFC 1890, which has been
replaced by RFC 3551, 13 years ago.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libortp-dev depends on:
ii  libortp9  3.6.1-3

libortp-dev recommends no packages.

libortp-dev suggests no packages.

-- no debconf information

Bug#856383: libglib2.0-0: Epiphany SIGSEVs in slab_allocator_free_chunk at ././glib/gslice.c:1347

[Jason Crain]

Control: tags -1 + moreinfo

On Tue, Feb 28, 2017 at 03:31:41PM +0200, Andres Gomez wrote:
> Package: libglib2.0-0
>
> my locally built epiphany SIGSEVed in slab_allocator_free_chunk, after
> visiting several pages.

On Tue, Feb 28, 2017 at 05:41:02PM +0200, Andres Gomez wrote:
> Package: libgtk-3-0
>
> My locally built epiphany SIGSEVed in gtk_css_static_style_new_compute, after
> visiting several pages.

Both of these are more likely to be a bug in webkit or epiphany than in
glib or gtk.  For a next step, try setting the environment variable
G_SLICE=debug-blocks before running and see if you can get an abort()
closer to your bug.  If that doesn't work and you're feeling
adventurous, you can try some other things like compiling with
AddressSanitizer (-fsanitize) or running under valgrind.

The problem with memory corruption bugs is that the stack trace you've
provided only shows where the memory corruption was detected.  It
doesn't show where the memory corruption actually happened.

Bug#856152: python-apt: FTBFS: Testsuite failure

[Julian Andres Klode]

Control: severity 856152 important

On Wed, Mar 01, 2017 at 06:39:37AM +0800, Chris Lamb wrote:
> retitle 856152 python-apt: FTBFS: AptKeyError: recv from 
> 'hkp://localhost:19191' failed for 
> '0xa1bD8E9D78F7FE5C3E65D8AF8B48AD6246925553'
> thanks
> 
> Julian Andres Klode wrote:
> 
> > Retry it. Maybe it timed out or something.
> 
> I don't think this is a timeout issue, but if it is, surely the package
> build should be a little more reliable? :)

Well, it's some GPG issue, we can't figure out every GPG thing.

This works fine with an up-to-date sid chroot in sbuild, so I don't
really care, or well, can't reproduce it. Seems more like a pbuilder
related issue.

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.

Bug#856434: sbuild: Fails to build anything in Debian chroots, Ubuntu ones work fine

[Julian Andres Klode]

On Wed, Mar 01, 2017 at 01:21:22AM +0100, Julian Andres Klode wrote:
> Package: sbuild
> Version: 0.73.0-4
> Severity: important
> 
> Fails with a lot of errors for Debian chroots, but it works perfectly fine
> with Ubuntu ones. Not sure what's going wrong here. I think this has been
> going on for months, but I often forget about it because I don't do much
> binary building anymore (mostly just letting CI pass & upload source these
> days).

It's libpam-tmpdir that's breaking this somehow - no idea how, but removing
libpam-tmpdir from my system allows it to work again.


-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.

Bug#856434: sbuild: Fails to build anything in Debian chroots, Ubuntu ones work fine

[Julian Andres Klode]

Package: sbuild
Version: 0.73.0-4
Severity: important

Fails with a lot of errors for Debian chroots, but it works perfectly fine
with Ubuntu ones. Not sure what's going wrong here. I think this has been
going on for months, but I often forget about it because I don't do much
binary building anymore (mostly just letting CI pass & upload source these
days).

Attached is a complete log from a Debian chroot and the head of a build
in an ubuntu chroot

+--+
| Install build-essential  |
+--+


Setup apt archive
-

Merged Build-Depends: build-essential, fakeroot
Filtered Build-Depends: build-essential, fakeroot
dpkg-deb: building package 'sbuild-build-depends-core-dummy' in 
'/<>/resolver-jU5m8u/apt_archive/sbuild-build-depends-core-dummy.deb'.
dpkg-deb: error: failed to make temporary file (control member): No such file 
or directory
Dummy package creation failed
E: Setting up apt archive failed/usr/bin/du: cannot access '/<>': 
No such file or directory
E: read_command failed to execute du
E: Cannot determine space needed for /<> (du failed)

Setup apt archive
-

Merged Build-Depends: dose-distcheck
Filtered Build-Depends: dose-distcheck
dpkg-deb: building package 'sbuild-build-depends-dose3-dummy' in 
'/<>/resolver-jU5m8u/apt_archive/sbuild-build-depends-dose3-dummy.deb'.
dpkg-deb: error: failed to make temporary file (control member): No such file 
or directory
Dummy package creation failed
E: Setting up apt archive failedE: Failed to explain bd-uninstallable


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (900, 'unstable'), (500, 'unstable-debug'), (500, 
'buildd-unstable'), (500, 'testing'), (100, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sbuild depends on:
ii  adduser 3.115
ii  libsbuild-perl  0.73.0-4
pn  perl:any

Versions of packages sbuild recommends:
ii  autopkgtest  4.3
ii  debootstrap  1.0.88
ii  schroot  1.6.10-3

Versions of packages sbuild suggests:
ii  deborphan  1.7.28.8-0.3
ii  kmod   23-2
ii  wget   1.19.1-1

-- no debconf information

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.


python-apt_1.4.0~beta2_amd64-2017-03-01T00:15:43Z.build.gz
Description: application/gzip


python-apt_1.4.0~beta2_amd64-2017-03-01T00:14:21Z.build.gz
Description: application/gzip

Bug#856433: unblock: influxdb-python/3.0.0-2

[Alexandre Viau]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock influxdb-python 3.0.0-2. If fixes 841559 which caused FTBFS.

It failed to build because of an introduced FutureWarning which we don't
have to solve right now because the method is not yet deprecated. The
warnings were set to cause build failures by the devs to spot things
like this, but its not necessary for us. The fix is simply to ignore the
warning.

I have attached the debdiff to this email.

unblock influxdb-python/3.0.0-2

Cheers,

-- 
Alexandre Viau
av...@debian.org
diff -Nru influxdb-python-3.0.0/debian/changelog 
influxdb-python-3.0.0/debian/changelog
--- influxdb-python-3.0.0/debian/changelog  2016-06-26 15:56:28.0 
-0400
+++ influxdb-python-3.0.0/debian/changelog  2017-02-28 15:44:10.0 
-0500
@@ -1,3 +1,9 @@
+influxdb-python (3.0.0-2) unstable; urgency=medium
+
+  * Disable FurureWarnings (Closes: #841559)
+
+ -- Alexandre Viau   Tue, 28 Feb 2017 15:44:10 -0500
+
 influxdb-python (3.0.0-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru influxdb-python-3.0.0/debian/patches/ignore-future-warning.patch 
influxdb-python-3.0.0/debian/patches/ignore-future-warning.patch
--- influxdb-python-3.0.0/debian/patches/ignore-future-warning.patch
1969-12-31 19:00:00.0 -0500
+++ influxdb-python-3.0.0/debian/patches/ignore-future-warning.patch
2017-02-28 15:44:10.0 -0500
@@ -0,0 +1,22 @@
+--- a/influxdb/tests/dataframe_client_test.py
 b/influxdb/tests/dataframe_client_test.py
+@@ -28,7 +28,7 @@
+ 
+ def setUp(self):
+ # By default, raise exceptions on warnings
+-warnings.simplefilter('error', FutureWarning)
++warnings.simplefilter('ignore', FutureWarning)
+ 
+ def test_write_points_from_dataframe(self):
+ now = pd.Timestamp('1970-01-01 00:00+00:00')
+--- a/influxdb/tests/influxdb08/dataframe_client_test.py
 b/influxdb/tests/influxdb08/dataframe_client_test.py
+@@ -24,7 +24,7 @@
+ 
+ def setUp(self):
+ # By default, raise exceptions on warnings
+-warnings.simplefilter('error', FutureWarning)
++warnings.simplefilter('ignore', FutureWarning)
+ 
+ def test_write_points_from_dataframe(self):
+ now = pd.Timestamp('1970-01-01 00:00+00:00')
diff -Nru influxdb-python-3.0.0/debian/patches/series 
influxdb-python-3.0.0/debian/patches/series
--- influxdb-python-3.0.0/debian/patches/series 1969-12-31 19:00:00.0 
-0500
+++ influxdb-python-3.0.0/debian/patches/series 2017-02-28 15:44:10.0 
-0500
@@ -0,0 +1 @@
+ignore-future-warning.patch


signature.asc
Description: OpenPGP digital signature

Bug#856416: grub-efi-amd64: Updating grub-efi-amd64:amd64 to 2.02~beta3-5 is aborted with half-installed package and reboot

[John Paul Adrian Glaubitz]

Control: tags -1 moreinfo

Hi Reiner!

> Running apt-get again to complete the update, is aborted with the hint to use 
> 'dpkg --configure -a'.
> But doing so, the update is also not completed, again a reboot is done.
> Finally, this leaves the system in a half-installed mode, without no 
> automatic exit.

This looks more like a local configuration issue at first sight rather than
a bug in the grub2 package. Did you try to reproduce this issue on a freshly
installed system?

I'm also not sure I understand how the configure process was interrupted? Did it
just abort on its own or did you hit "Ctrl+C" or did your machine crash?

I'm tagging this "moreinfo" because it's currently not obvious how and when
the configure process for grub2 was interrupted.

Thanks,
Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#855446: debtags: Adding more accessibility tags

[Samuel Thibault]

Jean-Philippe MENGUAL, on mer. 01 mars 2017 00:18:53 +0100, wrote:
> I think accessibility::accessible-with::at-spi is the most transversal tag,
> and then very interesting. Other proposals you do seem for me good, but more
> difficult to do: 1st because it means a package should be tested with a 
> specific
> AT (Orca, brltty, etc).

Yes, but that's the point of the tag: knowing that somebody actually
does have checked the package. Being AT-SPI-accessible is far from
meaning being usable :)

The problem is people trying to install software, only to realize that
it's actually not accessible. At least with non-AT-SPI-accessible
software, the answer is immediate :) But with AT-SPI-accessible software
which are actually not usable, the user might be spending some time
struggling with the software before thinking "OK, it's not actually
accessible, bummer!". So that's why I'm not sure I'd want to dare
putting an accessible-via::at-spi tag, it could lead people to false
hopes, which is worse than nothing. Actually, we may prefer to use
interface::at-spi, to express that it presents the at-spi interface, and
not that it's accessible or not.

> Then because it's related to a kind of disability,

Yes.

> then will we add, once more a11y tools will exist, dasher, civikey,
> and other?

Well, we would probably restrict to what is actually in Debian.

Of course, depending on people's disability and requirements, the
usability of the software will vary, but I tend to think that there can
be a clear difference between something that is usable with e.g. Orca
braille, and which can thus be recommended for a try, and something
which is not, and thus excluded from trying.

That can also be thought of as a way to share the set of software you do
happen to be using, and that other people should probably try to use.

In the case of dasher, that's not really a screen reader, so it could be
doubtful that it'd be part of it. Dasher users could however still like
to tag the applications which happen to work fine with dasher to input
text.

> With your 1st proposal, I think it's short, easy to test with a simple 
> accerciser
> (QA could do it for example), and transversal. So I really think it's the
> best.

It's the best for getting something done, yes, but I'm afraid that that
alone can't bring good to users, but rather frustration.

Samuel

Bug#833692: pinot: links GPLv2+ code with OpenSSL

[Olly Betts]

Control: tags -1 + fixed-upstream patch

Upstream addressed this by avoiding linking libxapianbackend.so to
openssl (apparently it doesn't use it anyway):

https://github.com/FabriceColin/pinot/commit/3a40d5abe159a106f3aabaedf1a199020946b3b5

Cheers,
Olly

Bug#856432: gitlab --configure looks for postgres 9.1, but 9.6 is installed

[Joshua Clayton]

Package: gitlab
Version: 8.13.11+dfsg-4
Severity: grave
Justification: renders package unusable

Dear Maintainer,

gitlab installs, but will not complete configuration, because (at least)
it is looking for a wrong version of a postgresql extension. 
Possibly also incompatible with latest postgresql

Create database if not present
Make gitlab user owner of gitlab database...
ALTER DATABASE
Grant all priveleges to gitlab user...
GRANT
ERROR:  could not openextension control file 
"/usr/share/postgresql/9.1/extension/pg_trgm.control": No such file or directory
dpkg: error processing package gitlab (--configure):
 subprocess installed post-installation script returned error exit status 1


Tried adding a symlink from /usr/share/postgresql/9.1 -> 9.6
(I have no idea whether this is a valid thing to do in this case)

Then the error changes to 

Create database if not present
Make gitlab user owner of gitlab database...
ALTER DATABASE
Grant all priveleges to gitlab user...
GRANT
ERROR:  syntax error at or near "PARALLEL"
dpkg: error processing package gitlab (--configure):
 subprocess installed post-installation script returned error exit status 1


First encountered on stretch/testing.
Symptoms exactly the same with sid

Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 4.9.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gitlab depends on:
ii  adduser   3.115
ii  apache2 [httpd]   2.4.25-3
ii  asciidoctor   1.5.4-2
ii  bc1.06.95-9+b2
ii  bundler   1.13.6-2
ii  debconf [debconf-2.0] 1.5.60
ii  git   1:2.11.0-2
ii  gitlab-shell  3.6.6-4
ii  gitlab-workhorse  0.8.5+debian-3
ii  init-system-helpers   1.47
ii  libjs-chartjs 1.0.2-1
ii  libjs-clipboard   1.4.2-1
ii  libjs-fuzzaldrin-plus 0.3.1+git.20161008.da2cb58+dfsg-4
ii  libjs-graphael0.5+dfsg-1
ii  libjs-jquery-cookie   11-3
ii  libjs-jquery-history  11-3
ii  libjs-jquery-nicescroll   3.6.6-1
ii  lsb-base  9.20161125
ii  nodejs4.7.2~dfsg-2
ii  openssh-client1:7.4p1-6
ii  postfix [mail-transport-agent]3.1.4-4
ii  postgresql-client 9.6+179
ii  postgresql-client-9.1 [postgresql-client  9.1.23-0+deb7u1
ii  postgresql-client-9.4 [postgresql-client  9.4.9-0+deb8u1
ii  postgresql-client-9.6 [postgresql-client  9.6.2-1
ii  postgresql-contrib9.6+179
ii  rake  10.5.0-2
ii  redis-server  3:3.2.8-1
ii  ruby  1:2.3.3
ii  ruby-ace-rails-ap 4.1.1-1
ii  ruby-activerecord-session-store   1.0.0-2
ii  ruby-acts-as-taggable-on  4.0.0-2
ii  ruby-addressable  2.4.0-1
ii  ruby-after-commit-queue   1.3.0-1
ii  ruby-akismet  2.0.0-1
ii  ruby-allocations  1.0.3-1+b2
ii  ruby-asana0.4.0-1
ii  ruby-attr-encrypted   3.0.1-2
ii  ruby-babosa   1.0.2-2
ii  ruby-base32   0.3.2-3
ii  ruby-bootstrap-sass   3.3.5.1-3
ii  ruby-browser  2.2.0-2
ii  ruby-cal-heatmap-rails3.6.0+dfsg-1
ii  ruby-carrierwave  0.10.0+gh-4
ii  ruby-charlock-holmes  0.7.3+dfsg-2+b3
ii  ruby-chronic  0.10.2-3
ii  ruby-chronic-duration 0.10.6-1
ii  ruby-coffee-rails 4.1.0-2
ii  ruby-coffee-script-source 1.10.0-1
ii  ruby-connection-pool  2.2.0-1
ii  ruby-creole   0.5.0-2
ii  ruby-d3-rails 3.5.6+dfsg-1
ii  ruby-default-value-for3.0.1-1
ii  ruby-devise   4.2.0-1
ii  ruby-devise-two-factor3.0.0-2
ii  ruby-diffy3.0.6-1
ii  ruby-doorkeeper   4.2.0-3
ii  ruby-dropzonejs-rails 0.7.1-1
ii  ruby-email-reply-parser   0.5.8-1
ii  ruby-fog-aws  0.12.0-1
ii  ruby-fog-azure0.0.2-1
ii  ruby-fog-core 

Bug#856004: khtml: please build-depen on libssl1.0-dev for Stretch

[John Paul Adrian Glaubitz]

Hi!

> We shouldn't be changing the way a package builds during freeze.
> It was last built with openssl 1.0, so that's what we should have for now.

The problem is that if the package was to be rebuilt now, it would be
rebuilt with OpenSSL 1.1 and not OpenSSL 1.0 which is the original
motivation for this bug report by Sebastian!

Either way, it would be preferred to come to an agreement what to do
with this bug report now. It shouldn't remain open given the freeze.

Either close it or change the build depends to libssl1.0-dev to make
sure it's rebuilt with OpenSSL 1.0 in case a binNMU is triggered.

PS: Please keep everyone in CC. I didn't get your mail.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#823865: phpsysinfo: d/copyright is missing licenses for many files

[Axel Beckert]

Hi Ondřej,

Ondřej Surý wrote:
> d/copyright doesn't list all license holders and has wrong copyright
> for at least some files:
> 
> Please convert to machine-readable copyright file and add missing copyrights:
>  + Files: * is GPLv2+, e.g. any later version and not just GPL-2

I disagree here: After assessing all upstream files (excluding those
imported from third party tools) for license information, it is
totally unclear if the project as a whole is under

* GPLv2 only,
* under GPLv2+, or
* under any version of the GPL.

While Björn filed https://github.com/phpsysinfo/phpsysinfo/issues/120
about the license status of the graphics files specifically (and hence
is the primary upstream bug report to this Debian bug report), I've
now filed https://github.com/phpsysinfo/phpsysinfo/issues/156 upstream
and requested a clarification about the versions of the GPL under
which the project is actually licensed.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#850282: Pending fixes for bugs in the influxdb package

[pkg-go-maintainers]

tag 850282 + pending
thanks

Some bugs in the influxdb package are closed in revision
c72b959213ca374ee4697d7fab28fa5a9bf83fb8 in branch 'master' by aviau

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-go/packages/influxdb.git/commit/?id=c72b959

Commit message:

Disable TestEngine_Backup and re-enable i386 tests (Closes: #850282)

Bug#787028: systemd-cryptsetup@.service fails, although encrypted swap is enabled nevertheless

[Roland Hieber]

On 28.02.2017 23:26, Michael Biebl wrote:
> Roland, would you be willing to try that?

Sorry, I've stopped using cryptswap a while ago, and I'm not sure
whether I'll remember enough of the howtos to get it running again :-|

The GitHub PR indeed sounds a lot like the problem I had, so if no one
else bothers, I would consider this bug done.

 - Roland

Bug#856431: reportbug: "x - Provide extra information" should Cc the bug submitter

[Samuel Thibault]

Package: reportbug
Version: 7.1.5
Severity: normal

Hello,

When running e.g. reportbug -N xyz and selecting

x - Provide extra information.

only x...@bugs.debian.org is set as recipient,
xyz-submit...@bugs.debian.org is not. That is not what people expect to
happen, they expect to be sharing their experience with other reporters.
So I'd say reportbug should put xyz-submit...@bugs.debian.org in Cc.

Samuel

-- Package-specific info:
** Environment settings:
EDITOR="vim"
PAGER="less"
VISUAL="vim"
DEBEMAIL="sthiba...@debian.org"
EMAIL="samuel.thiba...@ens-lyon.org"
DEBFULLNAME="Samuel Thibault"
INTERFACE="text"

** /home/samy/.reportbugrc:
reportbug_version "2.9"
mode standard
ui text
realname "Samuel Thibault"
email "sthiba...@debian.org"
mutt
no-cc

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages reportbug depends on:
ii  apt1.4~rc1
ii  python3-reportbug  7.1.5
pn  python3:any

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail 
ii  debconf-utils  1.5.60
pn  debsums
ii  dlocate1.07+nmu1
ii  emacs24-bin-common 24.5+1-8
ii  exim4  4.88-5
ii  exim4-daemon-light [mail-transport-agent]  4.88-5
ii  file   1:5.29-3
ii  gir1.2-gtk-3.0 3.22.7-2
pn  gir1.2-vte-2.91
ii  gnupg  2.1.18-3
ii  python3-gi 3.22.0-2
ii  python3-gi-cairo   3.22.0-2
pn  python3-gtkspellcheck  
pn  python3-urwid  
ii  xdg-utils  1.1.1-1

Versions of packages python3-reportbug depends on:
ii  apt1.4~rc1
ii  file   1:5.29-3
ii  python3-debian 0.1.30
ii  python3-debianbts  2.6.1
ii  python3-requests   2.12.4-1
pn  python3:any

python3-reportbug suggests no packages.

-- no debconf information

-- 
Samuel
 FYLG> Tiens, vlà une URL qui va bien :
 FYLG> ftp://127.0.0.1/WaReZ/NiouZeS/WinDoZe/NeWSMoNGeR/SuPeR
 c'est gentil sauf que l'adresse ne fonctionne pas sa me fais une erreur
 -+- Furtif in Guide du Neuneu Usenet :  -+-

Bug#856407: [Android-tools-devel] Bug#856407: dalvik-exchange: Please depend on proguard-cli only

[Hans-Christoph Steiner]

Thanks for the info.  Sounds like something we want to support.  How do
you know which proguard can you use?  What kind of testing did you do?

Bug#856277: partially solved

[Dtux]

partially solved => no more crash, but same debug message (and more)

issue= remove all personal libraries added in config/kicad/fp-lib-table
and re-add this personal libraries with "libraries wizard"

new error message at the pcbnew startup(#840287 
)=

"Mismatch between the program and library build versions detected.
The library used 3.0 (wchar_t,compiler with C++ ABI 1010,wx 
containers,compatible with 2.8),and wxPython used 3.0 (wchar_t,compiler 
with C++ ABI 1009,wx containers,compatible with 2.8)."



WITHOUT personal lib

~$ kicad
23:06:31: Debug: Adding locale lookup path: /usr/local/share/kicad/internat
23:06:31: Debug: Using libcurl/7.52.1 GnuTLS/3.5.8 zlib/1.2.8 
libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 
librtmp/2.3

23:06:31: Debug: catoy.pro: noname.pro
23:06:49: Debug: Unrecognized accel key 'bksp', accel string ignored.
23:07:31: Debug: Adding duplicate image handler for 'PNG file'
23:07:31: Debug: Adding duplicate image handler for 'JPEG file'
23:07:31: Debug: Adding duplicate image handler for 'TIFF file'
23:07:31: Debug: Adding duplicate image handler for 'GIF file'
23:07:31: Debug: Adding duplicate image handler for 'PNM file'
23:07:31: Debug: Adding duplicate image handler for 'PCX file'
23:07:31: Debug: Adding duplicate image handler for 'IFF file'
23:07:31: Debug: Adding duplicate image handler for 'Windows icon file'
23:07:31: Debug: Adding duplicate image handler for 'Windows cursor file'
23:07:31: Debug: Adding duplicate image handler for 'Windows animated 
cursor file'

23:07:31: Debug: Adding duplicate image handler for 'TGA file'
23:07:31: Debug: Adding duplicate image handler for 'XPM file'
23:07:32: Debug: Loading project 
'/mnt/Disk2/kicad/Projets/catoy/catoy.pro' settings.

23:07:32: Debug: Skipping general section token 'links'
23:07:32: Debug: Skipping general section token 'area'
23:07:32: Debug: Skipping general section token 'drawings'
23:07:32: Debug: Skipping general section token 'tracks'
23:07:32: Debug: Skipping general section token 'zones'
23:07:32: Debug: Skipping general section token 'symbol'

==error message in pcbnew("Mismatch betweenle with 2.8).")

_

WITH re-added lib

X@deb15:~$ kicad
23:41:37: Debug: Adding locale lookup path: /usr/local/share/kicad/internat
23:41:37: Debug: Using libcurl/7.52.1 GnuTLS/3.5.8 zlib/1.2.8 
libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 
librtmp/2.3

23:41:37: Debug: catoy.pro: noname.pro
23:41:40: Debug: Unrecognized accel key 'bksp', accel string ignored.
/build/kicad-OLDpkC/kicad-4.0.5+dfsg1/common/fp_lib_table.cpp(172): 
assert "aFootprintName == (wxString) fpid.GetFootprintName()" failed in 
FootprintLoad(). [in thread 7fb1ea7fc700]



Call stack:
[00] wxOnAssert(char const*, int, char const*, char const*, char const*)
[01] 0x7fb204e77171
[02] 0x7fb204d771d5
[03] 0x7fb204d7828f
[04] 0x7fb21a316116
[05] 0x7fb219ce5424
[06] clone
/build/kicad-OLDpkC/kicad-4.0.5+dfsg1/common/fp_lib_table.cpp(172): 
assert "aFootprintName == (wxString) fpid.GetFootprintName()" failed in 
FootprintLoad(). [in thread 7fb1ea7fc700]



Call stack:
[00] wxOnAssert(char const*, int, char const*, char const*, char const*)
[01] 0x7fb204e77171
[02] 0x7fb204d771d5
[03] 0x7fb204d7828f
[04] 0x7fb21a316116
[05] 0x7fb219ce5424
[06] clone
23:42:04: Debug: Adding duplicate image handler for 'PNG file'
23:42:04: Debug: Adding duplicate image handler for 'JPEG file'
23:42:04: Debug: Adding duplicate image handler for 'TIFF file'
23:42:04: Debug: Adding duplicate image handler for 'GIF file'
23:42:04: Debug: Adding duplicate image handler for 'PNM file'
23:42:04: Debug: Adding duplicate image handler for 'PCX file'
23:42:04: Debug: Adding duplicate image handler for 'IFF file'
23:42:04: Debug: Adding duplicate image handler for 'Windows icon file'
23:42:04: Debug: Adding duplicate image handler for 'Windows cursor file'
23:42:04: Debug: Adding duplicate image handler for 'Windows animated 
cursor file'

23:42:04: Debug: Adding duplicate image handler for 'TGA file'
23:42:04: Debug: Adding duplicate image handler for 'XPM file'
23:42:05: Debug: Loading project 
'/mnt/Disk2/kicad/Projets/catoy/catoy.pro' settings.

23:42:05: Debug: Skipping general section token 'links'
23:42:05: Debug: Skipping general section token 'area'
23:42:05: Debug: Skipping general section token 'drawings'
23:42:05: Debug: Skipping general section token 'tracks'
23:42:05: Debug: Skipping general section token 'zones'
23:42:05: Debug: Skipping general section token 'symbol'

==error message in pcbnew("Mismatch betweenle with 2.8).")

Bug#856429: open-vm-tools: vgauth.service Unit File is Missing VGAuthService Option -s

[Ron Lovell]

Package: open-vm-tools
Version: 2:10.1.5-5055683-1
Severity: normal
Tags: newcomer

Dear Maintainer,

   * What led up to the situation?
 After a recent update added the vgauth.service unit file, I checked
 the status of vgauthd.service.  While it apparently starts, I noticed
 there was no logging to /var/log/vmware-vgauthsvc.log.0. Comparing
 the setup to my Rawhide and Tumbleweed installations,
 I noticed that unlike Rawhide and Tumbleweed, Debian's
 /lib/systemd/system/vgauth.service does not use the -s option to
 VGAuthService. According to the program's help info, -s causes
 it to run in daemon mode. Note that the current Debian setup is
 consistent with the sample unit file provided in BUG#855337, which
 also omits the -s option.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
 I modified /lib/systemd/system/vgauth.service to add the -s option
 on the ExecStart line: ExecStart=/usr/bin/VGAuthService -s

   * What was the outcome of this action?
 The service starts, and (significantly) it logs to
 /var/log/vmware-vgauthsvc.log.0.

   * What outcome did you expect instead?
 The workaround was as expected.

 NOTE: I'm afraid I don't have a vSphere setup to test how the vgauth
 service is working.  It is possible that without the -s option, the
 service won't work.  It is also possible that the omission was for a
 good reason that I don't know about.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages open-vm-tools depends on:
ii  init-system-helpers1.47
ii  libc6  2.24-9
ii  libdumbnet11.12-7+b1
ii  libfuse2   2.9.7-1
ii  libgcc11:6.3.0-8
ii  libglib2.0-0   2.50.3-1
ii  libicu57   57.1-5
ii  libmspack0 0.5-1
ii  libprocps6 2:3.3.12-3
ii  libssl1.0.21.0.2k-1
ii  libstdc++6 6.3.0-8
ii  libxerces-c3.1 3.1.4+debian-2
ii  libxml-security-c17v5  1.7.3-4
ii  pciutils   1:3.5.2-1

Versions of packages open-vm-tools recommends:
ii  ethtool  1:4.8-1
ii  fuse 2.9.7-1
ii  lsb-release  9.20161125
ii  zerofree 1.0.4-1

Versions of packages open-vm-tools suggests:
ii  open-vm-tools-desktop  2:10.1.5-5055683-1

-- Configuration Files:
/etc/vmware-tools/tools.conf changed:
[The file is empty, as shipped.]

-- no debconf information

Bug#856430: unblock android-sdk-meta/25.0.0+3

[Hans-Christoph Steiner]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package: android-sdk-meta

Support for some common devices was missing  in 25.0.0+1 (#814056).
This also fixes another usability bugs with the SDK license handling
that was not reported to the bug tracker.

Attached is the source debdiff.



diff --git a/51-android.rules b/51-android.rules
index 0a886c4..86a7641 100644
--- a/51-android.rules
+++ b/51-android.rules
@@ -20,6 +20,9 @@ SUBSYSTEM=="usb", ATTR{idVendor}=="109b", MODE="0664", 
GROUP="plugdev"
 SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", MODE="0664", GROUP="plugdev"
 #Huawei
 SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", MODE="0664", GROUP="plugdev"
+#Intel
+SUBSYSTEM=="usb", ATTR{idVendor}=="8087", ATTR{idProduct}=="09ef", 
MODE="0664", GROUP="plugdev"
+SUBSYSTEM=="usb", ATTR{idVendor}=="8087", ATTR{idProduct}=="0a16", 
MODE="0664", GROUP="plugdev"
 #K-Touch
 SUBSYSTEM=="usb", ATTR{idVendor}=="24e3", MODE="0664", GROUP="plugdev"
 #KT Tech
diff --git a/debian/android-sdk-common.install 
b/debian/android-sdk-common.install
index 0682357..cd7d16c 100644
--- a/debian/android-sdk-common.install
+++ b/debian/android-sdk-common.install
@@ -1 +1,2 @@
+licenses  usr/lib/android-sdk
 tools/*   usr/lib/android-sdk/tools
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index b5d2220..9ccd4a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+android-sdk-meta (25.0.0+3) unstable; urgency=medium
+
+  * udev rules for Intel tablets (Closes: #814056)
+
+ -- Hans-Christoph Steiner   Tue, 28 Feb 2017 23:48:27 +0100
+
+android-sdk-meta (25.0.0+2) unstable; urgency=medium
+
+  * Install licenses directory in android-sdk-common
+
+ -- Kai-Chung Yan   Tue, 07 Feb 2017 22:38:05 +0800
+
 android-sdk-meta (25.0.0+1) unstable; urgency=medium
 
   * Add package.xml for Build-tools and Platform-tools
diff --git a/debian/control b/debian/control
index 6bc72ca..b285ed2 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,8 @@ Section: metapackages
 Priority: optional
 Maintainer: Android Tools Maintainers 

 Uploaders: Kai-Chung Yan ,
-   Chirayu Desai 
+   Chirayu Desai ,
+   Hans-Christoph Steiner 
 Build-Depends: debhelper (>= 10), dh-exec
 Standards-Version: 3.9.8
 Vcs-Git: https://anonscm.debian.org/git/android-tools/android-sdk-meta.git
diff --git a/debian/rules b/debian/rules
index 0e1ebfd..fc93c63 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,7 +2,7 @@
 
 export BUILD_TOOLS_VERSION = 24.0.0
 PLATFORM_TOOLS_VERSION = 24.0.0
-DEB_REVISION = +1
+DEB_REVISION = +2
 
 %:
dh $@

Bug#855446: debtags: Adding more accessibility tags

[Jean-Philippe MENGUAL]

Package: debtags
Followup-For: Bug #855446

Hi,

1st, thanks Samuel to re-open this topic. I think it's an excellent and simple
idea to apply. From 2 packages, it would be very useful to know, before
installing, wether it's usable or not with an assistive techno.

I think accessibility::accessible-with::at-spi is the most transversal tag,
and then very interesting. Other proposals you do seem for me good, but more
difficult to do: 1st because it means a package should be tested with a specific
AT (Orca, brltty, etc). Then because it's related to a kind of disability, then
will we add, once more a11y tools will exist, dasher, civikey, and other?

With your 1st proposal, I think it's short, easy to test with a simple 
accerciser
(QA could do it for example), and transversal. So I really think it's the
best.

Waiting for additional feedbacks.

Best regards,

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#856427: unblock repo/1.12.37-3

[Hans-Christoph Steiner]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package: repo

It previously had bash-completion, and a build bug preventing the
upstream completion file from being installed in 1.12.37-2 (XX).

Attached is the source debdiff.

Bug#856428: unblock android-platform-system-core/1:7.0.0+r1-3

[Hans-Christoph Steiner]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package: android-platform-system-coreq

It previously had bash-completion, and a build bug preventing the
upstream completion file from being installed in 1:7.0.0+r1-2 (#856418,
#856419).  This also fixes two other usability bugs (#856001, #848852).

Attached is the source debdiff.


diff -Nru android-platform-system-core-7.0.0+r1/debian/adb.mk 
android-platform-system-core-7.0.0+r1/debian/adb.mk
--- android-platform-system-core-7.0.0+r1/debian/adb.mk 2016-12-06 
14:08:28.0 +0100
+++ android-platform-system-core-7.0.0+r1/debian/adb.mk 2017-02-28 
23:45:00.0 +0100
@@ -9,7 +9,7 @@
 SOURCES := $(foreach source, $(SOURCES), adb/$(source))
 CXXFLAGS += -std=c++14 -fpermissive
 CPPFLAGS += -Iinclude -Iadb -Ibase/include \
--DADB_REVISION='"debian"' -DADB_HOST=1 -D_GNU_SOURCE
+-DADB_REVISION='"$(DEB_VERSION)"' -DADB_HOST=1 -D_GNU_SOURCE
 LDFLAGS += -Wl,-rpath=/usr/lib/$(DEB_HOST_MULTIARCH)/android -Wl,-rpath-link=. 
\
-lpthread -L. -ladb -lbase -lcutils
 
diff -Nru android-platform-system-core-7.0.0+r1/debian/changelog 
android-platform-system-core-7.0.0+r1/debian/changelog
--- android-platform-system-core-7.0.0+r1/debian/changelog  2016-12-21 
21:45:45.0 +0100
+++ android-platform-system-core-7.0.0+r1/debian/changelog  2017-03-01 
00:00:28.0 +0100
@@ -1,3 +1,11 @@
+android-platform-system-core (1:7.0.0+r1-3) unstable; urgency=medium
+
+  * install bash-completion for adb and fastboot (Closes: #856418, #856419)
+  * use package version for adb/fastboot's --version (Closes: #856001)
+  * fix depends built from this package to same version (Closes: #848852)
+
+ -- Hans-Christoph Steiner   Tue, 28 Feb 2017 23:45:05 +0100
+
 android-platform-system-core (1:7.0.0+r1-2) unstable; urgency=medium
 
   * Build tools for working with sparse images
diff -Nru android-platform-system-core-7.0.0+r1/debian/control 
android-platform-system-core-7.0.0+r1/debian/control
--- android-platform-system-core-7.0.0+r1/debian/control2016-12-21 
21:40:05.0 +0100
+++ android-platform-system-core-7.0.0+r1/debian/control2017-03-01 
00:00:28.0 +0100
@@ -6,6 +6,7 @@
Kai-Chung Yan ,
Chirayu Desai 
 Build-Depends: android-libunwind-dev (>= 7.0.0+r1~) [amd64 i386 armel armhf 
arm64 mips mipsel mips64el],
+   bash-completion,
debhelper (>= 10),
dh-exec,
dpkg-dev (>= 1.17.14),
@@ -49,7 +50,10 @@
 Package: android-libcutils
 Section: libs
 Architecture: amd64 i386 armel armhf arm64 mips mipsel mips64el
-Depends: libbsd0, ${shlibs:Depends}, ${misc:Depends}
+Depends: android-liblog (= ${binary:Version}),
+ libbsd0,
+ ${shlibs:Depends},
+ ${misc:Depends}
 Description: Android utils library for C
  This library provides common functionalities for android related tools.
  .
@@ -75,7 +79,9 @@
 
 Package: adb
 Architecture: amd64 i386 armel armhf arm64 mips mipsel mips64el
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: android-libadb (= ${binary:Version}),
+ ${shlibs:Depends},
+ ${misc:Depends}
 Recommends: android-sdk-platform-tools-common
 Breaks: android-tools-adb
 Replaces: android-tools-adb
@@ -186,7 +192,9 @@
 Package: android-libadb
 Section: libs
 Architecture: amd64 i386 armel armhf arm64 mips mipsel mips64el
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: android-libbase (= ${binary:Version}),
+ ${shlibs:Depends},
+ ${misc:Depends}
 Description: Library for Android Debug Bridge
  This library provides APIs for accessing and controlling Android devices.
  .
@@ -208,7 +216,9 @@
 Package: android-libbase
 Section: libs
 Architecture: amd64 i386 armel armhf arm64 mips mipsel mips64el
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: android-liblog (= ${binary:Version}),
+ ${shlibs:Depends},
+ ${misc:Depends}
 Description: Android base library
  This library provides APIs for basic tasks like handling files, Unicode
  strings, logging, memory allocation, integer parsing, etc..
@@ -230,7 +240,9 @@
 Package: fastboot
 Architecture: amd64 i386 armel armhf arm64 mips mipsel mips64el
 Build-Profiles: 
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: android-libadb (= ${binary:Version}),
+ ${shlibs:Depends},
+ ${misc:Depends}
 Breaks: android-tools-fastboot
 Replaces: android-tools-fastboot
 Provides: android-tools-fastboot
diff -Nru android-platform-system-core-7.0.0+r1/debian/fastboot.mk 
android-platform-system-core-7.0.0+r1/debian/fastboot.mk
--- android-platform-system-core-7.0.0+r1/debian/fastboot.mk2016-12-08 
15:09:45.0 +0100
+++ android-platform-system-core-7.0.0+r1/debian/fastboot.mk2017-02-28 
23:45:00.0 +0100
@@ -12,7 +12,7 @@
   

Bug#856426: unblock android-platform-frameworks-base/1:7.0.0+r1-3

[Hans-Christoph Steiner]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package: android-platform-frameworks-base

It previously had bash-completion, and a build bug preventing the
upstream completion file from being installed in 1:7.0.0+r1-2 (#856420).

Attached is the source debdiff.


diff --git a/debian/changelog b/debian/changelog
index 627f98a..2befbea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+android-platform-frameworks-base (1:7.0.0+r1-3) unstable; urgency=medium
+
+  * include bash-completion for aapt (Closes: #856420)
+
+ -- Hans-Christoph Steiner   Tue, 28 Feb 2017 22:07:56 +0100
+
 android-platform-frameworks-base (1:7.0.0+r1-2) unstable; urgency=medium
 
   * Upload to unstable
diff --git a/debian/control b/debian/control
index 1c0e6f1..9d466de 100644
--- a/debian/control
+++ b/debian/control
@@ -11,6 +11,7 @@ Build-Depends: android-libcutils-dev (>= 1:7.0.0+r1),
android-libutils-dev (>= 1:7.0.0+r1),
android-libziparchive-dev (>= 1:7.0.0+r1),
android-platform-frameworks-native-headers (>= 1:7.0.0+r1),
+   bash-completion,
chrpath,
debhelper (>= 10),
dh-exec,
diff --git a/debian/rules b/debian/rules
index e65658f..16032fc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,7 +24,7 @@ debian/out/split-select:
make -f debian/split-select.mk
 
 %:
-   dh $@
+   dh $@ --with bash-completion
 
 override_dh_auto_build-arch: debian/out/aapt debian/out/aapt2 
debian/out/split-select
mkdir --parent debian/out

Bug#856425: ITP: scap-security-guide -- security guides and conformity checks using SCAP standard​

[Philippe Thierry]

Package: wnpp
Severity: wishlist
Owner: Philippe Thierry 

* Package name: scap-security-guide
  Version : 0.1.31-10
  Upstream Author : Watson Yuuma Sato 
* URL : https://www.open-scap.org/security-policies/scap-security-
guide/
* License : Unlicenced
  Programming Lang: Python, XML, XSLT
  Section : admin
  Description : security guides and conformity checks using SCAP
standard​

SCAP-security-guide works with the OpenSCAP tool, which is already
packaged in Debian.

It builds those binary packages:

 ssg-applications - SCAP Guides and benchmarks targeting applications such as
 ssg-base   - SCAP Security guide base content and documentation
 ssg-debfamilly - SCAP Guides and benchmarks targeting all deb-based
 ssg-debian - SCAP Guides and benchmarks targeting Debian 8
 ssg-otheros - SCAP Guides and benchmarks targeting other GNU/Linux

To access further information about this package, please visit the following
URL:

  https://mentors.debian.net/package/scap-security-guide

Alternatively, one can download the package with dget using this command:

  dget -x https://mentors.debian.net/debian/pool/main/s/scap-security-guide
/scap-security-guide_0.1.31-9.dsc

The goal of this package is to deploy SCAP XCCDF Benchmarks and Guides
for various targets not deployed by the OpenSCAP core package, but
supported by the SCAP-security-guide community in which I work as
contributor for Ubuntu, Debian and ANSSI best practices.

Using these guides/benchmarks, it is possible to validate conformity of
Debian-based deployment against standard security policies such as ANSSI
Best-practices, PCI-DSS, NIST SP-800... and to launch remediation
scripts when needed. Using the OpenSCAP ecosystem, it is possible to
manage the security policy of a complete infrastructure, when launching
OpenSCAP tool with the above benchmarks through ssh (for e.g.) or on VM
or docker templates.

Bug#856210: libdebian-installer: please parse SHA256 field and add it to di_* structs

[Steven Chamberlain]

Bastian Blank wrote:
> On Tue, Feb 28, 2017 at 10:00:01PM +, Steven Chamberlain wrote:
> > That differs from the latest version of my patch, and from what I sent
> > earlier today to the release team when asking about a potential unblock:
> > https://lists.debian.org/debian-release/2017/02/msg01033.html
> 
> This happens if you send incomplete patches and do uncoordinated unblock
> requests.

Maybe you just volunteered to do that, then.

You even said before you "don't have time" to write the cdebootstrap
patch, so I offered one, and the anna patch, the libdebian-installer
patch, all this after the initial discovery, triage and write-up.

Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org


signature.asc
Description: Digital signature

Bug#856021: unblock: libprelude/1.0.0-11.9

[Emilio Pozuelo Monfort]

On 24/02/17 11:30, Adrian Bunk wrote:
> +  * Switch from -dbg to -dbgsym.

Please avoid doing that for future unblocks. The rest looks good so I have
unblocked it this time.

Thanks,
Emilio

Bug#500276: reportbug: Needlessly escapes brackets to \( in realname

[Francesco Poli]

Control: fixed -1 reportbug/7.1.5


On Mon, 27 Feb 2017 20:00:48 -0500 Sandro Tosi wrote:

> On Mon, Feb 20, 2017 at 4:52 PM, Francesco Poli (wintermute)
>  wrote:
> > In my opinion, the bug report may be safely closed as fixed in
> > reportbug/7.1.5 : maybe the original submitter should be got in touch
> > with and asked to confirm that he no longer experiences the misbehavior
> > (when using version 7.1.5)...
> 
> closing then, thanks for checking!

You're welcome!
Bye.


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpsRb7f3WEeK.pgp
Description: PGP signature

Bug#856223: unblock: profanity/0.4.7-1.1

[Tomasz Buchert]

On 28/02/17 18:04, Jonathan Wiltshire wrote:
> On 2017-02-26 19:16, Tomasz Buchert wrote:
> > Control: tag -1 -moreinfo
> >
> > On 26/02/17 18:51, Jonathan Wiltshire wrote:
> > > Control: tag -1 confirmed moreinfo
> > >
> > > [...]
> > >
> > > You should close the bug in your changelog, and you do not mention the
> > > metadata changes in patch fix_spelling_error. With those corrections,
> > > please go ahead and remove the moreinfo tag from this bug.
> > >
> > > Thanks,
> >
> > Done. I attach a new debdiff as well.
> >
> > Tomasz
>
> Doesn't seem to have been uploaded?
>
> Thanks,

Hi Jonathan,
I read here [1], that:
"Prepare an upload targeting testing-proposed-updates but do not
upload it, and then contact us through an unblock bug."

I'm a bit confused.

Tomasz

[1] https://release.debian.org/stretch/freeze_policy.html


signature.asc
Description: PGP signature

Bug#856210: libdebian-installer: please parse SHA256 field and add it to di_* structs

[Bastian Blank]

On Tue, Feb 28, 2017 at 10:00:01PM +, Steven Chamberlain wrote:
> That differs from the latest version of my patch, and from what I sent
> earlier today to the release team when asking about a potential unblock:
> https://lists.debian.org/debian-release/2017/02/msg01033.html

This happens if you send incomplete patches and do uncoordinated unblock
requests.

Bastian

-- 
Bones: "The man's DEAD, Jim!"

Bug#856152: python-apt: FTBFS: Testsuite failure

[Chris Lamb]

retitle 856152 python-apt: FTBFS: AptKeyError: recv from 
'hkp://localhost:19191' failed for '0xa1bD8E9D78F7FE5C3E65D8AF8B48AD6246925553'
thanks

Julian Andres Klode wrote:

> Retry it. Maybe it timed out or something.

I don't think this is a timeout issue, but if it is, surely the package
build should be a little more reliable? :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#856424: libvcflib-tools: vcflib cannot find its programs in /usr/lib/vcflib/binaries

[John Hensley]

Package: libvcflib-tools
Version: 1.0.0~rc1+dfsg1-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

* What led up to the situation?

I installed libvcflib-tools on testing/stretch. When I ran 'vcflib', I
saw this:

$ vcflib
Usage: /usr/bin/vcflib 


   Existing programs are:   



  ls: cannot access '/usr/lib/vcflib/bin': No such file 
or directory

* What exactly did you do (or not do) that was effective (or
  ineffective)?

For now, I created a symlink from /usr/lib/vcflib/binaries to
/usr/lib/vcflib/bin.

* What was the outcome of this action?

Now vcflib can find its programs:

$ vcflib
Usage: /usr/bin/vcflib 
  Existing programs are:
abba-baba  LD plotHaps   vcf2dag
[...]

It looks like the 'keep_R_files' patch from September 2016 changed the
path to which programs are installed, while trying to keep the R
scripts from being purged by 'make clean'.

These R scripts reside in a 'scripts' directory upstream; maybe moving
them in the Debian package as well, reverting BIN_DIR in the Makefile,
and installing them from the scripts directory would fix this.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/80 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvcflib-tools depends on:
ii  libc6  2.24-9
ii  libdisorder0   0.0.2-1
ii  libfastahack0  0.0+20160702-1
ii  libgcc11:6.3.0-6
ii  libgomp1   6.3.0-6
ii  libhts11.3.2-2
ii  libsmithwaterman0  0.0+20160702-1
ii  libstdc++6 6.3.0-6
ii  libtabixpp01.0.0-2
ii  libvcflib1 1.0.0~rc1+dfsg1-1
ii  zlib1g 1:1.2.8.dfsg-5

libvcflib-tools recommends no packages.

libvcflib-tools suggests no packages.

-- no debconf information

Bug#856001: can't regenerate the upstream version

[Hans-Christoph Steiner]

We can't regenerate the upstream version since it is generated from a
git commit ID, but that git commit is not public:

fastboot/Android.mk:
fastboot_version := $(shell git -C $(LOCAL_PATH) rev-parse --short=12
HEAD 2>/dev/null)-android


https://android.googlesource.com/platform/system/core/+/0e9850346394

So I'm just going to use the package version.

Bug#854295: brltty-espeak: crashes while emitting speech

[Samuel Thibault]

Sebastian Humenda, on lun. 27 févr. 2017 14:30:19 +0100, wrote:
> Sebastian Humenda schrieb am 20.02.2017, 11:13 +0100:
> >>Ok, we can wait more, no pb :)
> >No crashes, I think it's safe.
> Ok, seems hard to reproduce. Here's another bt.

Does the change at least reduce the frequency of happening?

Samuel

Bug#787028: systemd-cryptsetup@.service fails, although encrypted swap is enabled nevertheless

[Michael Biebl]

Am 28.02.2017 um 21:39 schrieb Felipe Sateler:
> Control: forwarded -1 https://github.com/systemd/systemd/pull/5480
> 
> On Thu, 28 May 2015 00:25:49 +0200 Roland Hieber  wrote:
>> Package: systemd
>> Version: 219-10
>> Severity: normal
>>
>> Dear Maintainers,
>>
>> I have now the situation that sometimes /dev/mapper/cryptswap is enabled, as
>> reported by `swapon -s', but the unit systemd-cryptsetup@cryptswap.service 
>> fails
>> on boot, as shown by systemctl:
> 
> This sounds a lot to this patch, which was recently merged:
> 
> https://github.com/systemd/systemd/pull/5480

It should be pretty easy to test it, even without patching the sources.
I guess a drop-in snippet adding the After= ordering would be sufficient.

Roland, would you be willing to try that?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#854548: still not fixed: Correction

[Tim Fischer]

xrdp-sesman is starting, but xrdp fails to start and automatically stops 
xrdp-sesman.
output of  journalctl -xn is:

Failed at step RUNTIME_DIRECTORY spawning /usr/sbin/xrdp-sesman: File exists

Actually, "socksetup" is now called more than once, which could be avoided by 
removing one line from xrdp.service as proposed in the above patch.

Bug#706766: Diff for this fix

[Marcos Fouces]

Hello João

Could you create a patch and post it in this thread?

Thank you very much for the fix!

Greetings,

Marcos

Bug#855350: [Pkg-tigervnc-devel] Bug#855350: tigervnc-xorg-extension: Loading the tigervnc the extension makes the x server practically unusable

[Ola Lundqvist]

tags 855350 + help
thanks

Hi Kertesz and Martin

Thank you for the report and information regarding options.

The performance issue is definitely a problem. I do not have a solution at
the moment.

I have a little problem testing this myself at the moment as only have sid
in a chroot and X will not really start for me there.

So if anyone have the possibility to look into this and provide a patch
that would be excellent!

Best regards

// Ola



On 18 February 2017 at 08:12, Martin Dorey  wrote:

> > i could not find a way to actually pass options
>
> I eventually managed to get a default configured Stretch box to accept a
> remote connection using:
>
> mad@shuttle:~$ cat /usr/share/X11/xorg.conf.d/75-vnc-mad.conf
> Section "Device"
> Identifier "Device"
> EndSection
> Section "Screen"
> Identifier "Screen"
> Device "Device"
> Option "PasswordFile" "/u2/home/mad/.vnc/passwd"
> EndSection
> mad@shuttle:~$
>
> It seems, from the source, that the PasswordFile Option is only looked for
> in the Screen section and the Screen section has to have an Identifier and
> a Device, which has to refer to a Device section, which needs an
> Identifier.  Argh, but, OK, whatever.  Then I have other problems, both
> keeping the connection up and with redraw, but I fear that elaborating them
> here would be a hijack of the OP's bug, the main symptom of which - a
> horrible-sounding performance issue - I don't see with Gnome 3.
>
>
> ___
> Pkg-tigervnc-devel mailing list
> pkg-tigervnc-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-tigervnc-devel
>



-- 
 - Ola Lundqvist ---
/  o...@debian.org Folkebogatan 26  \
|  o...@inguza.com  654 68 KARLSTAD  |
|  http://inguza.com/  +46 (0)70-332 1551   |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Bug#855845: [Pkg-tigervnc-devel] Bug#855845: tigervnc-viewer: Option -LowColourLevel doesn't seem functional

[Ola Lundqvist]

Hi

Thank you for the report. I was not aware that xvnc4 had those options.

Is it possible to set a lower color level on the server side? Or do you
want this on only certain clients?
I'm quite sure you can set the color depth on the server side.

// Ola

On 22 February 2017 at 21:38, Celelibi  wrote:

> 2017-02-22 12:54 UTC+01:00, Celelibi :
> > Package: tigervnc-viewer
> > Version: 1.7.0+dfsg-6
> > Severity: normal
> >
> > Dear Maintainer,
> >
> > When I use the options "-AutoSelect=0 -FullColor=0 -LowColourLevel=1", I
> > still get a full color display.
> >
> > I used to use xvnc4viewer, which worked correctly with this option, so I
> > guess it's not a server-side problem.
> >
> > Best regards,
> > Celelibi
> >
>
> Actually it looks like tigervnc chooses automatically which block
> should have a lower color level, and I would like to force it.
>
> ___
> Pkg-tigervnc-devel mailing list
> pkg-tigervnc-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-tigervnc-devel
>



-- 
 - Ola Lundqvist ---
/  o...@debian.org Folkebogatan 26  \
|  o...@inguza.com  654 68 KARLSTAD  |
|  http://inguza.com/  +46 (0)70-332 1551   |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Bug#854548: still not fixed

[Tim Fischer]

I believe the bug is not yet fixed.
xrdp-service is now starting, but starting xrdp leads to an error.
Proposed fix is to remove the line "RuntimeDirectory=xrdp" from xrdp.service:

--- a/instfiles/xrdp.service
+++ b/instfiles/xrdp.service
@@ -7,7 +7,6 @@ After=network.target xrdp-sesman.service
 [Service]
 Type=forking
 PIDFile=/run/xrdp/xrdp.pid
-RuntimeDirectory=xrdp
 EnvironmentFile=-/etc/sysconfig/xrdp
 EnvironmentFile=-/etc/default/xrdp
 User=xrdp

Bug#856423: postgresql-plproxy: autopkgtest failures since move to newnet (2.6-2)

[Nishanth Aravamudan]

Package: postgresql-plproxy
Version: 2.7-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu zesty ubuntu-patch

Dear Maintainer,

The autopkgtests for postgresql-plproxy have been failing ever since
2.6-2 because postgres is not network namespace aware.

In Ubuntu, the attached patch was applied to achieve the following:

  * d/t/installcheck fixes:
- Passing a port to pg_virtualenv even with newnet does not avoid
  port collisions, as pg_virtualenv (via pg_createcluster) is only
  looking at the configured clusters on the filesystem, not what is
  running in the current network namespace. Set an alternative
  PG_CLUSTER_CONF_ROOT instead, and set it before we call
  pg_virtualenv.
- Set the socket directory for pg_createcluster, as we are using the
  standard port and that can lead to conflicts. This also requires
  making the AUTOPKGTEST_TMP directory world-writeable so the
  postgres user can write socket information there.


Thanks for considering the patch.

*** /tmp/tmpnVHESZ/postgresql-plproxy_2.7-1ubuntu1.debdiff
diff -Nru postgresql-plproxy-2.7/debian/tests/installcheck 
postgresql-plproxy-2.7/debian/tests/installcheck
--- postgresql-plproxy-2.7/debian/tests/installcheck2016-09-25 
14:04:41.0 -0700
+++ postgresql-plproxy-2.7/debian/tests/installcheck2017-02-28 
10:19:53.0 -0800
@@ -21,9 +21,19 @@
;;
esac
 
-   if ! newnet pg_virtualenv -c '-p 5432 --locale C' -i '--auth trust' -v 
$v \
-   make -f $PWD/Makefile \
-   installcheck PG_CONFIG=/usr/lib/postgresql/$v/bin/pg_config; 
then
+   # AUTOPKGTEST_TMP is not writeable by any user except root, but
+   # we want to use it for storing the Postgres socket
+   # Set PG_CLUSTER_CONF_ROOT, because although we are running in a
+   # network namespace (so we can reuse the default port),
+   # pg_virtualenv/pg_createcluster looks at the configured
+   # databases on the filesystem
+   # Set the socket directory because we are to re-use the port and
+   # there can be conflicts in the normal socket directory
+   if ! chmod o+w $AUTOPKGTEST_TMP && \
+   PG_CLUSTER_CONF_ROOT=$AUTOPKGTEST_TMP \
+   PG_CONFIG=/usr/lib/postgresql/$v/bin/pg_config \
+   newnet pg_virtualenv -c "-p 5432 --locale C -s 
$AUTOPKGTEST_TMP" -i '--auth trust' -v $v \
+   make -f $PWD/Makefile installcheck; then \
head -n 500 regression.diffs
exit 1
fi


-- System Information:
Debian Release: stretch/sid
  APT prefers zesty
  APT policy: (500, 'zesty')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Nishanth Aravamudan
Ubuntu Server
Canonical Ltd

Bug#856382:

[Ben Hutchings]

On Tue, 2017-02-28 at 16:06 -0400, Raymond Burkholder wrote:
> In installing today’s (2016/02/28) netbook.tar.gz:
> 
> https://d-i.debian.org/daily-images/amd64/daily/netboot/netboot.tar.gz
> 
> And installing manually via pxeboot, in the console I see:
> 
> scsi_mod: disagrees about version of symbol module_layout.
> 
> Is this related?

Yes.  But I think that should be resolved in the next daily build.

Ben.

-- 
Ben Hutchings
Never attribute to conspiracy what can adequately be explained by
stupidity.



signature.asc
Description: This is a digitally signed message part

Bug#856210: libdebian-installer: please parse SHA256 field and add it to di_* structs

[Steven Chamberlain]

Bastian Blank wrote:
> Adopted and commited to
> https://anonscm.debian.org/git/d-i/libdebian-installer.git, branch
> sha256

That differs from the latest version of my patch, and from what I sent
earlier today to the release team when asking about a potential unblock:
https://lists.debian.org/debian-release/2017/02/msg01033.html

I think we should wait for them to answer before doing anything else.

Based on KiBi's feedback I thought it better to swap sum[0] and sum[1],
and remove the SHA1 parsing also.

Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org


signature.asc
Description: Digital signature

Bug#856422: Update uploaders

[Moritz Muehlenhoff]

Source: openldap
Severity: minor

Hi,
Roland Bauerschmidt isn't a Debian developer since 2010, you can
remove him from Uploaders.

Cheers,
Moritz

Bug#849132: closed by Hilko Bengen <ben...@debian.org> (Bug#849132: fixed in google-perftools 2.5-2.1)

[Hilko Bengen]

* Adrian Bunk:

> Doesn't seem to work:
> https://buildd.debian.org/status/fetch.php?pkg=google-perftools=i386=2.5-2.1=1488295669=0

Yeah, those test scripts a bit crappier than I thought. Let's try that
again...

Cheers,
-Hilko

Bug#848299: icedove crashes with SIGPIPE in libc's send.c

[Richard Kaufhold]

Package: icedove
Version: 1:45.6.0-1~deb8u1

Dear Maintainer,

I'm not 100% sure but I think I have the same issue and I'm able to provide
a verbose stack trace. (or at least a related one)

I have included some interesting but in my oppinion unrelated warning
messages about an incomplete added caldav account.
Just that you see everything that happened from start of icedove until it
crashes.

My Laptop was in hibernation between start of icedove and the crash.

Please tell me if you need more information because I think I will be able
to recreate the crash as it happens very reliably once or twice a day.

GDB Output:

$ /usr/lib/icedove/run-mozilla.sh -g /usr/lib/icedove/icedove-bin 2>&1 |
tee /tmp/icedove-gdb-$(apt-cache show icedove |
 grep Version | awk '{ print $2 }')_$(date +%F_%T).log
MOZILLA_FIVE_HOME=/usr/lib/icedove
  LD_LIBRARY_PATH=/usr/lib/icedove:/usr/lib/icedove/plugins:/usr/lib/icedove
DISPLAY=:0
DYLD_LIBRARY_PATH=/usr/lib/icedove:/usr/lib/icedove
 LIBRARY_PATH=
   SHLIB_PATH=/usr/lib/icedove:/usr/lib/icedove
  LIBPATH=/usr/lib/icedove:/usr/lib/icedove
   ADDON_PATH=
  MOZ_PROGRAM=/usr/lib/icedove/icedove-bin
  MOZ_TOOLKIT=
moz_debug=1
 moz_debugger=
moz_debugger_args=
/usr/bin/gdb  --args /usr/lib/icedove/icedove-bin
GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/icedove/icedove-bin...Reading symbols from
/usr/lib/debug//usr/lib/icedove/icedove-bin...done.
done.
(gdb) run
Starting program: /usr/lib/icedove/icedove-bin
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
continue
[New Thread 0x7fffe7eaa700 (LWP 10060)]
[Thread 0x7fffe7eaa700 (LWP 10060) exited]

 skipping lines 

[New Thread 0x7fffd5fff700 (LWP 10082)]
[calBackendLoader] Using libical backend at
/usr/lib/icedove/extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/libical-manifest
[New Thread 0x7fffd4141700 (LWP 10083)]

 skipping lines 

[New Thread 0x7fffb9bfe700 (LWP 24770)]
[New ThWarning: There has been an error reading data for calendar: yathos
cloud.  However, this error is believed to be minor, so the program will at
tempt to continue. Error code: DAV_DAV_NOT_CALDAV. Description: The
resource at https://cloud.example.com/remote.php/caldav/ is a DAV
collection but no
t a CalDAV calendar
Warning: There has been an error reading data for calendar: yathos cloud.
However, this error is believed to be minor, so the program will attempt t
o continue. Error code: READ_FAILED. Description:
Error: [calCachedCalendar] replay action failed: null, uri=
https://cloud.example.com/remote.php/caldav/, result=2147500037,
op=[xpconnect wrapped calIO
peration]
Warning: There has been an error reading data for calendar: yathos cloud.
However, this error is believed to be minor, so the program will attempt t
o continue. Error code: DAV_DAV_NOT_CALDAV. Description: The resource at
https://cloud.example.com/remote.php/caldav/ is a DAV collection but not a
Cal
DAV calendar
Warning: There has been an error reading data for calendar: yathos cloud.
However, this error is believed to be minor, so the program will attempt t
o continue. Error code: READ_FAILED. Description:
Error: [calCachedCalendar] replay action failed: null, uri=
https://cloud.example.com/remote.php/caldav/, result=2147500037,
op=[xpconnect wrapped calIO
peration]
read 0x7fff9dfff700 (LWP 24771)]
[New Thread 0x7fff9d7fe700 (LWP 24772)]

 skipping lines 

[Thread 0x7fffbf8ff700 (LWP 28573) exited]
[New Thread 0x7fffbf8ff700 (LWP 29515)]
[New Thread 0x7fffbe4ff700 (LWP 29516)]
[New Thread 0x7fffc06ff700 (LWP 29517)]
[New Thread 0x7fffbeeff700 (LWP 29518)]
[New Thread 0x7fffbdcfe700 (LWP 29519)]

Program received signal SIGPIPE, Broken pipe.
[Switching to Thread 0x7fffdfbfe700 (LWP 10065)]
0x77bcdf0b in __libc_send (fd=50, buf=buf@entry=0x7fffbc488000,
n=n@entry=31, flags=-1, flags@entry=0)
at ../sysdeps/unix/sysv/linux/x86_64/send.c:31
31  ../sysdeps/unix/sysv/linux/x86_64/send.c: Datei oder Verzeichnis
nicht gefunden.
(gdb) continue
Continuing.

Program received signal SIGPIPE, Broken pipe.
0x77bcdf0b in __libc_send (fd=60, buf=buf@entry=0x7fffbc4dc000,
n=n@entry=31, flags=-1, flags@entry=0)
at 

Bug#850282: fixed in influxdb 1.1.1+dfsg1-3

[Santiago Vila]

found 850282 1.1.1+dfsg1-3
thanks

On Tue, 28 Feb 2017, Alexandre Viau wrote:

>* Disable tests on i386 (Closes: #850282)

Disabling all the tests on i386 is unnecessary and also it does not fix
the bug I reported at all (so, no point in using Closes here).

Instead of disabling all the tests on i386, please disable only
TestEngine_Backup instead (on all architectures).

Then yes, the package will build again for everybody.

I don't speak Go, but I would assume that the equivalent
of C's "return 0;" at the beginning of TestEngine_Backup in
tsdb/engine/tsm1/engine_test.go should do the trick.

Thanks.

Bug#856210: libdebian-installer: please parse SHA256 field and add it to di_* structs

[Bastian Blank]

On Sun, Feb 26, 2017 at 06:30:31PM +, Steven Chamberlain wrote:
> I've attached only the most minimal patch to allow reverse-depends do
> implement SHA256.  They must adapt to the new names of struct members
> *and* remember that the hash length is now different.  (The hash data is
> stored in variable-length fields but the length is not recorded in the
> structs, and the has is denoted by a magic number not an enum;  that
> could be made better, but requiring a much larger diff).

Adopted and commited to
https://anonscm.debian.org/git/d-i/libdebian-installer.git, branch
sha256

Bastian

-- 
Totally illogical, there was no chance.
-- Spock, "The Galileo Seven", stardate 2822.3

Bug#855203: hwclock-set: Synchronize from hwclock despite systemd presence

[Andreas Henriksson]

Hello Lukas Wunner,

Thanks for following up with both a new proposal and patch!

On Mon, Feb 27, 2017 at 02:34:34PM +0100, Lukas Wunner wrote:
[...]
> Okay, let's define a policy first.  How about:
> 
> (1) Users can set HWCLOCKACCESS=no in /etc/default/hwclock to prohibit
> setting the system time or time zone from any RTC.  (The parameter
> is already defined in the config file, but it's not honored by
> hwclock-set.)
> 
> (2) Users can set HCTOSYS_DEVICE in /etc/default/hwclock to constrain
> setting the system time or time zone to a specific RTC.  (Same as
> above, parameter is already defined but not honored by hwclock-set.
> This will also fix #785445.)  If this parameter is not set,
> hwclock-set will pick the first RTC that becomes available.
> 
> (3) If the kernel has already set the system time from *any* hwclock,
> we don't set it once more in hwclock-set.  (We only adjust the
> timezone.)

(3. would unfix #785445 from 2. again though, right? Maybe also support
HWCLOCKACCESS=force which skips 3. would really offer a solution
option for #785445 ? Reminder: This might also need 'force' to be
converted to simply 'yes' (default) in /etc/init.d/hwclock.sh)

> 
> (4) If systemd is present, we don't adjust the timezone once more in
> hwclock-set.
> 
> Does this work for you?  I've already coded the above up in my local repo
> but haven't tested it yet, pending your response.  (Tentative patch is
> attached.)

This sounds promising to me. (I have some nitpicks about your patch
inlined below though.)

Targeting this at Debian (doesn't suffer from the problem you're trying
to fix in any officially supported system AFAIK) we'll need to be
careful to not introduce regressions for any currently existing
configuration. (There are unfortunately many (non-default) combinations
to consider, like sysvinit, etc.)

I would very much welcome a wider review of this from interested parties
from their perspective. If you want to reach out to people that would be
very welcome help i.e. to some or all of
Debian sysvinit maintainers ,
Debian systemd Maintainers ,
Debian kernel team ,
debian-de...@lists.debian.org
... and maybe somewhere else I didn't think of.

(FYI I've already mentioned the bug report and your suggestion on the
debian systemd maintainers irc channel to try to get them interested
and giving feedback already...)

> 
> Thanks,
> 
> Lukas

> diff --git a/debian/hwclock-set b/debian/hwclock-set
> index eacf948..516563c 100755
> --- a/debian/hwclock-set
> +++ b/debian/hwclock-set
> @@ -4,10 +4,6 @@
>  
>  dev=$1
>  
> -if [ -e /run/systemd/system ] ; then
> -exit 0
> -fi
> -
>  if [ -e /run/udev/hwclock-set ]; then
>  exit 0
>  fi
> @@ -20,17 +16,33 @@ fi
>  BADYEAR=no
>  HWCLOCKACCESS=yes
>  HWCLOCKPARS=
> -HCTOSYS_DEVICE=rtc0
> +HCTOSYS_DEVICE=

This change makes the default inconsistent with /etc/init.d/hwclock.sh
and I don't see why it's needed. Can't we just drop the change?!

>  if [ -f /etc/default/hwclock ] ; then
>  . /etc/default/hwclock
>  fi
>  
> +if [ $HWCLOCKACCESS != yes -o \
> + ( -n $HCTOSYS_DEVICE -a $HCTOSYS_DEVICE != $2 ) ]

Please avoid -a and -o for pedantic checkbashism reasons, always quote
variables and (together with the previous) just use:

if [ "$HWCLOCKACCESS" != yes ] || [ "$HCTOSYS_DEVICE" != "$rtc" ) ]; then

Note: rtc=$2 should be added below dev=$1 at the top of the script...

> +exit 0
> +fi
> +
> +# If the kernel has already set the system time from the hwclock,
> +# we only adjust the timezone
> +cat /sys/class/rtc/*/hctosys 2>/dev/null | while read kernel_hctosys ; do
> +if [ $kernel_hctosys = 1 ] ; then

Please quote "$kernel_hctosys" in case of reading in something crazy/empty...

> + break
> +fi
> +done

(Maybe your way is more efficiant and not completely unreadable either,
so ok ... but what do you think about:

KERNEL_DID_HCTOSYS=no
if grep -q '^1$' /sys/class/rtc/*/hctosys 2>/dev/null ; then
KERNEL_DID_HCTOSYS=yes
fi

... plus change the condition wrapping 'hwclock ... --hctosys' below
to use the new more abstract/descriptive variable name? [1]. grep is
Essential: yes.)


> +
>  if [ yes = "$BADYEAR" ] ; then
> -/sbin/hwclock --rtc=$dev --systz --badyear
> -/sbin/hwclock --rtc=$dev --hctosys --badyear
> -else
> -/sbin/hwclock --rtc=$dev --systz
> -/sbin/hwclock --rtc=$dev --hctosys
> +badyear="--badyear"
> +fi

(Thanks for this cleanup.)

> +
> +if [ ! -e /run/systemd/system ] ; then
> +/sbin/hwclock --rtc=$dev --systz $badyear
> +fi
> +if [ $kernel_hctosys != 1 ] ; then

(Footnote [1]: if [ "$KERNEL_DID_HCTOSYS" = no ]; then)

Again, please always quote variables (I might accept not quoting
some variables that are always explicitly initialized in the script
itself, but even then why not just quote it for consistency?)

> +

Bug#753904: nslcd: Strange output looks like buffer overlow/security problem

[Blazej Floch]

I do not want to reopen old issues but this seems to be the only source for a 
similar strange log entries we were facing.

I found that any call to expand users might trigger the request to be 
generated, which is quite logical if known. Therefore this is not a bug.

For example:

$ python
import os
os.path.expanduser("~some string starting with ~ and = in it")

Will cause:

Feb 28 16:02:27  nslcd[116212]: [6feaf5]