date:20170504

Bug#788546: Mr Neil Trotter

2017-05-04 Thread Mr Neil Trotter

Eine Spende von 1 Million Britische Pfund zu Ihnen in gutem Glauben

Bug#861738: [scr329614] podofo - 0.9.5

2017-05-04 Thread cve-request

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

> [Suggested description]
> The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in
> base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote
> attackers to cause a denial of service (heap-based buffer over-read)
> or possibly have unspecified other impact via a crafted PDF file.
> 
> --
> 
> [Vulnerability Type]
> heap-based buffer over-read
> 
> --
> 
> [Affected Product Code Base]
> podofo - 0.9.5
> 
> --
> 
> [Affected Component]
> PdfXRefStreamParserObject::ReadXRefStreamEntry(src/base/PdfXRefStreamParserObject.cpp:224)
> 
> --
> 
> [Attack Type]
> Remote
> 
> --
> 
> [Attack Vectors]
> via a crafted pdf file
> 
> --
> 
> [Reference]
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738
> 
> --
> 
> [Discoverer]
> Xiang Xiaobo of VARAS@IIE

Use CVE-2017-8787.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJZDAEZAAoJEHb/MwWLVhi20RAP/3iSSjw0o4nngQi0CYe7Wjj8
X/bb7YczHNPPWRp7kjkysatfx5pzLkSIs0fbhvZbafZSvB6wwqtfYC5QutWj+kEx
wK86SKbngMM9vt1APRvnBs9gm9cBWzkGAozy7G/7e/ABKfDdx2byx9hiiBsw+rDu
ljtXn+4dSwzaZlSpVWL1GS5GdYKTMHkBSfB89x/O5bspelvT72twxonFhPxk4gJl
96FgIR1lAIka4s7pUQri0asM26F9OAEdGpVoY3DRv4kL2imUAghtC06VkDey9j5F
VzfBwaIiK/x1Qiq2BHe2jclIPzDV1ncJr4iPBK9vvcSsbEDIsK5W4PVxOST+cZXk
M73NnynvxX8xJ4lcaBaLXz7p4HcM9G4/vAGz64C0fLl/AWY0zQ95dGEXQSNV1blm
DIG1fhu9oKjeKPgeORdlIISAQ8rfbuqPptdUeEUX+kh+O5jGutw6SrFJxzX2x8hz
dwox3XTjkvUl3QezsFI0Cp6tMM5dvgmZAldW3HNiB5fAvsCy4EAmfolPHckXpEmG
MuzXtKUKVtfz2gZEyudGxxkHKPdTM6Uorh8xqTu1TA37xKt6ZwRt0Ftm6AFTvCZf
fARVmbmzvPjUk9BhtalpU9dTwSakqXgYIH7VyCsnDU3985rwXV53q008tp7YEWz7
XrRo8TYll9zJJwDHE7W0
=YCNg
-END PGP SIGNATURE-

Bug#448059: Uses hard-coded ANSI color codes

2017-05-04 Thread Lumin

Control: tags -1 + wontfix

It has past about ten years. No one had complained about
the hardcoded ANSI color. Besides, a terminal emulator which
is able to support Chinese characters are likely to support
ANSI color codes too.

I have no intention on fixing this, hence marking this bug as wontfix.

Bug#861871: luajit 2.1.0 beta3 available

2017-05-04 Thread Lumin

Package: luajit
Version: 2.1.0~beta2+dfsg-3
Severity: wishlist

As shown at https://github.com/LuaJIT/LuaJIT/releases ,
the beta3 version is available now.

Please consider to update the package.

Bug#861870: gitlab: CVE-2017-8778

2017-05-04 Thread Salvatore Bonaccorso

Source: gitlab
Version: 8.13.11+dfsg1-3
Severity: grave
Tags: upstream security
Forwarded: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471

Hi,

the following vulnerability was published for gitlab. Please note I
was not able to verfy that affects back 8.13.11, and the merge request
has restricted access. Can you confirm 8.13.11+dfsg1-3 is affected as
well?

CVE-2017-8778[0]:
| GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5
| has XSS via a SCRIPT element in an issue attachment or avatar that is
| an SVG document.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8778

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#861869: Missing keyboard-key-*.svg icons

2017-05-04 Thread Gunnar Hjalmarsson


Also reported here:

https://bugzilla.gnome.org/show_bug.cgi?id=782198

--
Gunnar Hjalmarsson
https://launchpad.net/~gunnarhj

Bug#861868: installation script /usr/lib/emacsen-common/packages/install/ilisp not idempotent

2017-05-04 Thread Adam Di Carlo

Package: ilisp
Version: 5.12.0+cvs.2004.12.26-23
Severity: normal
Tags: patch

The installation script at
/usr/lib/emacsen-common/packages/install/ilisp contains 'ln -s'
(lacking the -f option) which means it fails to be idempotent.

To demonstrate, suppose the package failed to install (see #850072 for
instance).  In this case, successively running 'dpkg --configure
ilisp' to try to get things to work will start failing on the 'ln -s'.

Here is a patch, very simple stuff:

--- /usr/lib/emacsen-common/packages/install/ilisp.orig 2017-05-04 
22:26:39.707085697 -0400
+++ /usr/lib/emacsen-common/packages/install/ilisp  2017-05-04 
22:26:29.851048093 -0400
@@ -39,9 +39,9 @@
 cd ${ELDIR}
 ELFILES=*.el
 cd ${ELCDIR}
-ln -s ${ELRELDIR}/*.el ./
+ln -sf ${ELRELDIR}/*.el ./
 cd extra
-ln -s ../${ELRELDIR}/extra/*.el ./
+ln -sf ../${ELRELDIR}/extra/*.el ./
 cd ..
 
 LOG=$(tempfile);


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (1001, 'testing'), (300, 'unstable-debug'), (300, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ilisp depends on:
ii  common-lisp-controller  7.10
ii  debconf [debconf-2.0]   1.5.60
ii  emacsen-common  2.0.8

Versions of packages ilisp recommends:
ii  ilisp-doc  5.12.0+cvs.2004.12.26-23

Versions of packages ilisp suggests:
ii  cltl   1.0.26
ii  emacs2525.1+1-4
ii  hyperspec  1.30+nmu2

-- debconf information excluded

-- debsums errors found:
debsums: changed file /usr/lib/emacsen-common/packages/install/ilisp (from 
ilisp package)
debsums: changed file /usr/share/emacs/site-lisp/ilisp/ilisp-mak.el (from ilisp 
package)

Bug#861869: Missing keyboard-key-*.svg icons

2017-05-04 Thread Gunnar Hjalmarsson


Package: gnome-user-guide
Version: 3.22.0-1

Forwarding the Ubuntu bug .

This page:

https://help.gnome.org/users/gnome-help/stable/keyboard-shortcuts-set.html

links to a bunch of keyboard-key-*.svg icons which don't exist. The 
icons are not present in the gnome-user-guide package either, but they 
exist in upstream git:


https://git.gnome.org/browse/gnome-user-docs/tree/gnome-help/C/figures

--
Gunnar Hjalmarsson
https://launchpad.net/~gunnarhj

Bug#850072: ilisp: Fail to install into emacs25

2017-05-04 Thread Adam Di Carlo


I also experienced this bug, although the sympoms are slightly
different:

 pwd
/usr/share/emacs25/site-lisp/ilisp

 cat path.el
(setq load-path (cons "." load-path) byte-compile-warnings nil)
(load "ilisp-mak.el")

 sudo emacs25 -q -batch -l path.el
Loading /usr/share/emacs25/site-lisp/ilisp/ilisp-mak.el (source)...
ILISP Compilation: starting.
Loading /usr/share/emacs25/site-lisp/ilisp/ilcompat.el (source)...
Loading /usr/share/emacs25/site-lisp/ilisp/ilfsf25.el (source)...
;;; Emacs Version fsf-25
ILISP Compilation: unrecognized Emacs version fsf-25


-- 
...Adam Di Carlo......

Bug#850072: ilisp: Fail to install into emacs25

2017-05-04 Thread Adam Di Carlo


severity 850072 important
tags 850072 + patch
thanks

To justify the "important" severity: the package fails to install if
emacs25 is also installed.

The problem is trivially fixable, patch attached.

-- 
...Adam Di Carlo......
--- /usr/share/emacs/site-lisp/ilisp/ilisp-mak.el.orig	2016-12-25 11:38:08.0 -0500
+++ /usr/share/emacs/site-lisp/ilisp/ilisp-mak.el	2017-05-04 22:10:12.543307842 -0400
@@ -46,6 +46,8 @@
(byte-compile-file "illuc19.el"))
   ((eq +ilisp-emacs-version-id+ 'xemacs)
(byte-compile-file "ilxemacs.el"))
+  ((eq +ilisp-emacs-version-id+ 'fsf-25)
+   (byte-compile-file "ilfsf25.el"))
   ((eq +ilisp-emacs-version-id+ 'fsf-24)
(byte-compile-file "ilfsf24.el"))
   ((eq +ilisp-emacs-version-id+ 'fsf-23)

Bug#861781: www.debian.org: updating Debian memberships in other organisations information

2017-05-04 Thread Paul Wise

On Fri, 2017-05-05 at 09:38 +0800, Raphael Hertzog wrote:
> On Thu, 04 May 2017, Paul Wise wrote:
> > Reconfirm the involvement of these representatives:
> > SchoolForge (representatives: Ben Armstrong*, Raphaël Hertzog)
> 
> You can drop me as representative here.

Since Ben is retired from Debian and Raphaël has said he is no longer
involved in SchoolForge, are any of the DebianEdu folks interested in
having Debian re-join SchoolForge and representing Debian there?

http://www.schoolforge.net/
https://www.debian.org/misc/memberships

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

signature.asc
Description: This is a digitally signed message part

Bug#755202: network-manager: keeps creating and using new connection "eth0" that does not work

2017-05-04 Thread Daniel Reichelt

PS: a very crude workaround for this:

# cat /etc/default/NetworkManager
if [ -z "$(ip -4 addr list dev eth0)" ] && [ -n "$(ip -6 addr list dev
eth0)" ]
then
ip link set down dev eth0
ip addr flush dev eth0
fi



signature.asc
Description: OpenPGP digital signature

Bug#755202: network-manager: keeps creating and using new connection "eth0" that does not work

2017-05-04 Thread Daniel Reichelt

Hi folks,

here are some more insights into this mystery:

My "victim" box:

- kvm-guest: jessie, task-xfce-desktop, sysvinit instead of systemd
- running with -net nic,model=rtl8139 -net tap
- connected to br0 of the kvm host which also contains the host's eth0
- the guest's /etc/network/interfaces or NM-config were left unchanged
after jessie-netinstall


In the guest, I did:

# touch /etc/.legacy-bootordering

and tweaked /etc/init.d/rc to display `ip addr list` and a debug login
shell after the execution of every single init script. Now, after
/etc/rcS.d/S03udev got executed, udev modprobe'd 8139too/8139cp for the
virtual Realtec nic.

What *really* surprised me: The output of `ip addr list` after S03udev
finished showed different link states across different boot processes.
AFAICT the Realtek's link state after modprobing is determined by fair
dice roll. I couldn't infer any relation between the link state after
modprobing and

- a freshly invoked kvm guest
- shutdown -r from within the guest
- echo b >/proc/sysrq-trigger from within the guest
- "system_reset" sent to the qemu_system-x86_64 process's control socket

- the link state prior to any of these four variants to reboot



As a consequence I could observe:

- When the link state was DOWN after modprobing, of course no v6 SLAAC
happened and NM configured eth0 just fine with both v4 and v6.

- When the link state was UP after modprobing, SLAAC happened which
triggered NM's "undesired behavior" to "connection-assume" eth0.
(This case then easily becomes a race-condition with concurrent
execution of the init scripts.)



Judging whether this is an error in this specific driver or in the Linux
networking layer goes way over my head. At the very least I can say that
I'm completely baffled by this observation.



Cheers

Daniel



signature.asc
Description: OpenPGP digital signature

Bug#861838: About the LDAP server we are connecting to....

2017-05-04 Thread Ryan Tandy


Does gnutls-cli have the same problem?

apt-get install gnutls-bin
gnutls-cli -p 636 ldi.s.uw.edu --x509cafile=/etc/ssl/certs/ca-certificates.crt

Bug#861867: unblock: debsums/2.2.1

2017-05-04 Thread Axel Beckert

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debsums 2.2.1.

It mitigates an issue with false positives in piuparts. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689508#67 and the
following comments.

Andreas Beckmann verified with a previously known false positive that
the patch works as expected, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689508#103

debdiff | diffstat against 2.2 from Debian Testing:

 debian/changelog   |   16 +++
 debsums|9 +++-
 man/debsums.1  |3 +
 man/po/de.po   |  117 +---
 man/po/debsums.pot |  115 ---
 man/po/es.po   |  116 
 man/po/fr.po   |  117 +---
 man/po/pt.po   |  116 
 man/po/pt_BR.po|  118 +
 man/po/ru.po   |  117 +---
 man/po/sv.po   |  117 +---
 11 files changed, 543 insertions(+), 418 deletions(-)

All the files under man/po/ are generated files and most changes in
there are updated line numbers.

debdiff against 2.2 from Debian Testing (without regenerated po files):

diff -Nru debsums-2.2/debian/changelog debsums-2.2.1/debian/changelog
--- debsums-2.2/debian/changelog2017-01-21 21:37:12.0 +0100
+++ debsums-2.2.1/debian/changelog  2017-05-03 02:49:52.0 +0200
@@ -1,3 +1,19 @@
+debsums (2.2.1) unstable; urgency=low
+
+  * Release umodified as 2.2.1 and upload to unstable. Thanks to Andreas
+Beckmann for testing the release candidate!
+
+ -- Axel Beckert   Wed, 03 May 2017 02:49:52 +0200
+
+debsums (2.2.1~rc1) experimental; urgency=low
+
+  * Ignore obsolete conffiles by default (c.f. #689508). Based on patch by
+Andreas Beckmann, but with option to disable the ignoring of obsolete
+conffiles.
+  * Regenerate po-files.
+
+ -- Axel Beckert   Sun, 30 Apr 2017 18:14:35 +0200
+
 debsums (2.2) unstable; urgency=medium
 
   [ Andreas Beckmann ]
diff -Nru debsums-2.2/debsums debsums-2.2.1/debsums
--- debsums-2.2/debsums 2017-01-21 19:51:36.0 +0100
+++ debsums-2.2.1/debsums   2017-05-03 02:47:48.0 +0200
@@ -78,6 +78,7 @@
   is configured
  --no-prelink report changed ELF files even if prelink is
   configured
+ --no-ignore-obsolete don't ignore obsolete conffiles.
  --help   print this help, then exit
  --versionprint version number, then exit
 EOT
@@ -98,6 +99,7 @@
 'locale-purge!'=> \my $localepurge,
 'prelink!' => \my $prelink,
 'ignore-permissions' => \my $ignore_permissions,
+'ignore-obsolete!'  => \my $ignore_obsolete,
 g  => sub { $gen_opt = 'missing' },
 help   => sub { print $help; exit },
 version=> sub { print version_info(); exit },
@@ -206,6 +208,9 @@
 ($prelink) = grep -x, map +("$_.bin", $_), '/usr/sbin/prelink';
 }
 
+# default is to use ignore obsolete conffiles, see #689508
+$ignore_obsolete = 1 unless defined $ignore_obsolete;
+
 $silent++ if $changed;
 
 my @debpath = '.';
@@ -262,7 +267,9 @@
 $package_name{$field{"Package"}} = $field{"binary:Package"};
 }
 $installed{$field{"binary:Package"}}{Conffiles} = {
-map m!^\s*/(\S+)\s+([\da-f]+)!, split /\n/, $field{Conffiles}
+map m!^\s*/(\S+)\s+([\da-f]+)!,
+grep { not ($ignore_obsolete and / obsolete$/) }
+split /\n/, $field{Conffiles}
 } if $field{Conffiles};
 
 for (split /,\s*/, $field{Replaces})
diff -Nru debsums-2.2/man/debsums.1 debsums-2.2.1/man/debsums.1
--- debsums-2.2/man/debsums.1   2016-05-09 17:04:38.0 +0200
+++ debsums-2.2.1/man/debsums.1 2017-05-03 02:47:48.0 +0200
@@ -105,6 +105,9 @@
 .BR \-\-ignore\-permissions
 Treat permission errors as warnings when running as non-root.
 .TP
+.BR \-\-no\-ignore\-obsolete
+Disable the ignoring of obsolete conffiles.
+.TP
 .B \-\-help
 .PD 0
 .TP

Full debdiff attached, too.

So please...

unblock debsums/2.2.1

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), 
(500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 
'buildd-experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)


debsums_2.2_2.2.1.dsc.full-debdiff.gz
Description:

Bug#833193: RFS: chapel/1.15-1 [ITP]

2017-05-04 Thread Sean Whitton

Dear Lumin,

On Thu, May 04, 2017 at 02:06:10PM +, Lumin wrote:
> I quickly went through the packaging, and had some comments about it:

Thank you for your input.  I agree with all of it except:

> * debian/changelog:
>   currently Debian is still in the deep freeze stage, I'd recommend
> you upload to experimental
>   first. Besides, experimental is more fault-tolerant.

This is not needed for completely NEW packages.  We should upload this
to unstable.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#861866: debian-live: Please add brltty

2017-05-04 Thread Samuel Thibault

Package: debian-live
Severity: normal

Hello,

To make the debian live CD accessible not only via speech, but also via
braille, it is enough to simply include the brltty package, which would
only take 8MB more.

Thanks,
Samuel

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Samuel
$ du temp.iso 
2,0Ttemp.iso
$ ls temp.iso -l
-r-xr-xr-x1 samy thibault  16E 2003-03-22 14:44 temp.iso*
 -+- je vous dirai pas la marque de mon disque dur, na :p -+-

Bug#861840: thunderbird: gmail authentication broken

2017-05-04 Thread Eliot Blennerhassett

Looks like this is the same bug
https://bugzilla.mozilla.org/show_bug.cgi?id=1359297
(contains patches, marked resolved)

I am experiencing this bug after changing google password.
thunderbird package version 1:45.8.0-3 (debian 9)



-- 
Eliot

Bug#861865: libtiff5: regression - new warning: Invalid tag "Predictor"

2017-05-04 Thread Grant McLean

Package: libtiff5
Version: 4.0.3-12.3+deb8u3
Severity: normal

Dear Maintainer,

As of today, we are getting this warning:

  Invalid tag "Predictor" (not supported by codec). (_TIFFVGetField)

* What led up to the situation?

  The upgrade of libtiff5:amd from libtiff5:4.0.3-12.3+deb8u2 to
  4.0.3-12.3+deb8u3 has caused a new warning to be emitted when creating TIFF
  files.

  We know it was this specific package because:

  * our test server logs from yesterday do not include the warning
  * a dist-upgrade this morning upgraded only one package: libtiff5
  * our test server logs today now include the warning
  * the test server is running the same jobs as yesterday
  * we can reproduce the warning with test commands on other servers which
have been updated but not when using the same commands on servers which
are still running 4.0.3-12.3+deb8u2

The following two commands create a JPG file (a rectangle of solid color) and
then convert the JPG to a TIFF.  The warning is produced by the second command:

  $ gm convert -size 100x100 xc:#00 rect.jpg
  $ gm convert -colorspace RGB rect.jpg rect.tif
  gm convert: rect.tif: Invalid tag "Predictor" (not supported by codec).
  (_TIFFVGetField).

Both of these commands use the GraphicsMagick 'gm' command but that command is
using libtiff.

Regards
Grant McLean

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_NZ.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libtiff5 depends on:
ii  libc6  2.19-18+deb8u7
ii  libjbig0   2.1-3.1
ii  libjpeg62-turbo1:1.3.1-12
ii  liblzma5   5.1.1alpha+20120614-2+b3
ii  multiarch-support  2.19-18+deb8u7
ii  zlib1g 1:1.2.8.dfsg-2+b1

libtiff5 recommends no packages.

libtiff5 suggests no packages.

-- no debconf information

Bug#861864: grdesktop: No clean way to pass custom rdesktop options

2017-05-04 Thread Aaron M. Ucko

Package: grdesktop
Version: 0.23+d040330-3+b1
Severity: wishlist
Tags: upstream

It would be great if grdesktop could provide a clean interface for
passing rdesktop options that aren't in grdesktop's standard
repertoire.  (FWIW, I'm specifically interested in -r scard.)  I've
found that I could get custom options to go through by adding them to
the Computer: field, but that's a hack and makes its way into
rdesktop's window title.  I'd much prefer a dedicated field for this
purpose, presumably under Extended.

Thanks!

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (300, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages grdesktop depends on:
ii  gconf-service 3.2.6-4+b1
ii  gconf23.2.6-4+b1
ii  libart-2.0-2  2.3.21-2
ii  libatk1.0-0   2.22.0-1
ii  libbonobo2-0  2.32.1-3+b1
ii  libbonoboui2-02.24.5-4
ii  libc6 2.24-10
ii  libcairo2 1.14.8-1
ii  libfontconfig12.11.0-6.7+b1
ii  libfreetype6  2.6.3-3.2
ii  libgconf-2-4  3.2.6-4+b1
ii  libgdk-pixbuf2.0-02.36.5-2
ii  libglib2.0-0  2.50.3-2
ii  libgnome-2-0  2.32.1-5+b1
ii  libgnomecanvas2-0 2.30.3-3
ii  libgnomeui-0  2.24.5-3.1
ii  libgnomevfs2-01:2.24.4-6.1+b2
ii  libgtk2.0-0   2.24.31-2
ii  libice6   2:1.0.9-2
ii  liborbit-2-0  1:2.14.19-2+b1
ii  libpango-1.0-01.40.5-1
ii  libpangocairo-1.0-0   1.40.5-1
ii  libpangoft2-1.0-0 1.40.5-1
ii  libpopt0  1.16-10+b2
ii  libsm62:1.2.2-1+b3
ii  rarian-compat [scrollkeeper]  0.8.1-6+b1
ii  rdesktop  1.8.3-2+b1
ii  scrollkeeper  0.8.1-6

grdesktop recommends no packages.

grdesktop suggests no packages.

-- no debconf information

Bug#860976: linux: [arm64] Enable support for Rockchip systems

2017-05-04 Thread Vagrant Cascadian

On 2017-04-22, Vagrant Cascadian wrote:
> Please add the following options to enable Rockchip support on arm64.
>
> Tested on a firefly-rk3399 using linux 4.11.0-rc7 to boot stretch
> debian-installer.

Updated patch, tested with 4.11.0-trunk:

diff --git a/debian/config/arm64/config b/debian/config/arm64/config
index d44595123..d0e0631ed 100644
--- a/debian/config/arm64/config
+++ b/debian/config/arm64/config
@@ -51,6 +51,7 @@ CONFIG_ARCH_HISI=y
 CONFIG_ARCH_MESON=y
 CONFIG_ARCH_MVEBU=y
 CONFIG_ARCH_QCOM=y
+CONFIG_ARCH_ROCKCHIP=y
 CONFIG_ARCH_SEATTLE=y
 CONFIG_ARCH_TEGRA=y
 CONFIG_ARCH_THUNDER=y
@@ -104,6 +105,7 @@ CONFIG_IPMI_SSIF=m
 ## file: drivers/clk/Kconfig
 ##
 CONFIG_COMMON_CLK_XGENE=y
+CONFIG_COMMON_CLK_RK808=y
 
 ##
 ## file: drivers/clk/hisilicon/Kconfig
@@ -260,6 +262,7 @@ CONFIG_I2C_DESIGNWARE_PLATFORM=m
 CONFIG_I2C_MESON=m
 CONFIG_I2C_MV64XXX=m
 CONFIG_I2C_QUP=m
+CONFIG_I2C_RK3X=m
 CONFIG_I2C_TEGRA=m
 CONFIG_I2C_THUNDERX=m
 CONFIG_I2C_CROS_EC_TUNNEL=m
@@ -270,6 +273,12 @@ CONFIG_I2C_XGENE_SLIMPRO=m
 ##
 CONFIG_QCOM_SPMI_IADC=m
 CONFIG_QCOM_SPMI_VADC=m
+CONFIG_ROCKCHIP_SARADC=m
+
+##
+## file: drivers/iio/imu/inv_mpu6050/Kconfig
+##
+CONFIG_INV_MPU6050_I2C=m
 
 ##
 ## file: drivers/input/keyboard/Kconfig
@@ -314,6 +323,7 @@ CONFIG_MFD_CROS_EC_SPI=m
 CONFIG_MFD_HI655X_PMIC=m
 CONFIG_MFD_MAX77620=y
 CONFIG_MFD_QCOM_RPM=m
+CONFIG_MFD_RK808=m
 CONFIG_MFD_SPMI_PMIC=m
 
 ##
@@ -339,11 +349,13 @@ CONFIG_MMC_QCOM_DML=m
 CONFIG_MMC_SDHCI_PLTFM=m
 CONFIG_MMC_SDHCI_TEGRA=m
 CONFIG_MMC_SDHCI_IPROC=m
+CONFIG_MMC_SDHCI_OF_ARASAN=m
 CONFIG_MMC_MESON_GX=m
 CONFIG_MMC_SDHCI_MSM=m
 CONFIG_MMC_SPI=m
 CONFIG_MMC_DW=m
 CONFIG_MMC_DW_K3=m
+CONFIG_MMC_DW_ROCKCHIP=m
 CONFIG_MMC_SUNXI=m
 
 ##
@@ -457,6 +469,7 @@ CONFIG_STMMAC_PLATFORM=m
 CONFIG_DWMAC_GENERIC=m
 CONFIG_DWMAC_IPQ806X=m
 CONFIG_DWMAC_MESON=m
+CONFIG_DWMAC_RK=m
 
 ##
 ## file: drivers/net/fddi/Kconfig
@@ -518,6 +531,7 @@ CONFIG_QCOM_QFPROM=m
 CONFIG_PCI_HISI=y
 CONFIG_PCIE_QCOM=y
 CONFIG_PCIE_ARMADA_8K=y
+CONFIG_PCIE_ROCKCHIP=y
 
 ##
 ## file: drivers/pci/host/Kconfig
@@ -538,6 +552,9 @@ CONFIG_PHY_QCOM_IPQ806X_SATA=m
 CONFIG_PHY_XGENE=m
 CONFIG_PHY_QCOM_UFS=m
 CONFIG_PHY_MESON8B_USB2=m
+CONFIG_PHY_ROCKCHIP_INNO_USB2=m
+CONFIG_PHY_ROCKCHIP_EMMC=m
+CONFIG_PHY_ROCKCHIP_PCIE=m
 
 ##
 ## file: drivers/phy/tegra/Kconfig
@@ -566,6 +583,12 @@ CONFIG_CHROME_PLATFORMS=y
 CONFIG_CROS_KBD_LED_BACKLIGHT=m
 
 ##
+## file: drivers/power/avs/Kconfig
+##
+CONFIG_POWER_AVS=y
+CONFIG_ROCKCHIP_IODOMAIN=m
+
+##
 ## file: drivers/power/reset/Kconfig
 ##
 CONFIG_POWER_RESET_HISI=y
@@ -587,6 +610,7 @@ CONFIG_CHARGER_QCOM_SMBB=m
 CONFIG_PWM=y
 CONFIG_PWM_BCM2835=m
 CONFIG_PWM_MESON=m
+CONFIG_PWM_ROCKCHIP=m
 CONFIG_PWM_TEGRA=m
 
 ##
@@ -594,10 +618,12 @@ CONFIG_PWM_TEGRA=m
 ##
 CONFIG_REGULATOR=y
 CONFIG_REGULATOR_FIXED_VOLTAGE=m
+CONFIG_REGULATOR_FAN53555=m
 CONFIG_REGULATOR_GPIO=m
 CONFIG_REGULATOR_HI655X=m
 CONFIG_REGULATOR_MAX77620=m
 CONFIG_REGULATOR_PWM=m
+CONFIG_REGULATOR_RK808=m
 CONFIG_REGULATOR_QCOM_RPM=m
 CONFIG_REGULATOR_QCOM_SMD_RPM=m
 CONFIG_REGULATOR_QCOM_SPMI=m
@@ -629,6 +655,7 @@ CONFIG_RTC_DRV_EFI=y
 CONFIG_RTC_DRV_PL031=y
 CONFIG_RTC_DRV_SUN6I=y
 CONFIG_RTC_DRV_PM8XXX=m
+CONFIG_RTC_DRV_RK808=y
 CONFIG_RTC_DRV_TEGRA=y
 CONFIG_RTC_DRV_XGENE=y
 
@@ -659,6 +686,11 @@ CONFIG_QCOM_SMSM=m
 CONFIG_QCOM_WCNSS_CTRL=m
 
 ##
+## file: drivers/soc/rockchip/Kconfig
+##
+CONFIG_ROCKCHIP_PM_DOMAINS=y
+
+##
 ## file: drivers/soc/tegra/Kconfig
 ##
 CONFIG_ARCH_TEGRA_132_SOC=y
@@ -689,6 +721,7 @@ CONFIG_THERMAL=y
 CONFIG_CPU_THERMAL=y
 CONFIG_HISI_THERMAL=m
 CONFIG_QCOM_SPMI_TEMP_ALARM=m
+CONFIG_ROCKCHIP_THERMAL=m
 
 ##
 ## file: drivers/thermal/qcom/Kconfig
@@ -830,6 +863,11 @@ CONFIG_SND_HDA_TEGRA=m
 CONFIG_SND_SOC=m
 
 ##
+## file: sound/soc/generic/Kconfig
+##
+CONFIG_SND_SIMPLE_CARD=m
+
+##
 ## file: sound/soc/bcm/Kconfig
 ##
 CONFIG_SND_BCM2835_SOC_I2S=m
@@ -841,6 +879,12 @@ CONFIG_SND_SOC_QCOM=m
 CONFIG_SND_SOC_APQ8016_SBC=m
 
 ##
+## file: sound/soc/rockchip/Kconfig
+##
+CONFIG_SND_SOC_ROCKCHIP=m
+CONFIG_SND_SOC_ROCKCHIP_I2S=m
+
+##
 ## file: sound/soc/tegra/Kconfig
 ##
 CONFIG_SND_SOC_TEGRA=m


signature.asc
Description: PGP signature

Bug#849754: RFS: guerillabackup/0.0.0-1

2017-05-04 Thread halfdog

Hi Andreas,

It took me quite a while to address all your remarks...

Andreas Henriksson wrote:
> Hello halfdog,
> 
> Thanks for your interest in debian packaging
> 
> On Fri, Dec 30, 2016 at 03:16:55PM +, halfdog wrote:
> > Package: sponsorship-requests
> > Severity: normal
> > 
> > Dear mentors,
> > 
> > I am looking for a sponsor for my package "guerillabackup"
> [...]
> >   dget -x https://mentors.debian.net/debian/pool/main/g/guerillabackup/guer
> illabackup_0.0.0-1.dsc
> [...]
> > 
> > As also stated in comment to https://mentors.debian.net/package/guerillabac
> kup
> > to avoid reviewers wasting time searching for dirty little package
> > secrets, here are some pointers to things, I had problems with,
> > when creating the package. Reviewers might disagree with my proposed
> > solution, any feedback is very welcome!
> > 
> > * Upstream Debian file templates: to support building of native
> >   packages using only the upstream source, Debian package files
> >   and build instructions are included already in upstream. To
> >   avoid duplication of them when not (yet) needed, they are copied
> >   within "rules" in target "override_dh_auto_configure"
> 
> Not a fan here. :P
> From a Debian(-only) perspective this complicates things for no
> real gain. If you package things in Debian it's probably very
> unlikely people will get their packages from elsewhere, specially
> if they need to both build it themselves and follow a procedure
> for doing so that's completely alien.. (but what do I know
> about the actual problem you're trying to solve.)

I only hoped to perform some dedup, but ...

> I'm hoping DEP14 can instead be a replacement solution
> for handling this (and also other reasons).

... if I understand http://dep.debian.net/deps/dep14/ correctly,
building for different vendors in future should follow another
scheme anyway, where deduplication is not an option. So I removed
that stuff and duplicated all relevant upstream debian/* files
to the non-native Debian quilt files also.

> > * (Re)starting units on upgrade: As stated in documentation, two
> >   services can be used also from commandline (on demand) or as
> >   non-root user, depending on end user use cases. Thus it is intended,
> >   that the two systemd units are not enabled by default. Also
> >   a user may start them manually without enabling them. With upgrade
> >   following problem may arise: with standard debhelper means it
> >   was not possible to
> >   1) stop all running units and
> >   2) after update start only those, that were running beforehand.
> >   Solution:
> >   1) do not use debhelper for stopping/starting of units,
> >   2) find out in "prerm" which units are currently running, stop them and
> >   3) in "postinst" start only those, that were running in step 1)
> 
> Pretty please do not try to reinvent systemd integration on your own.
> This is just way to easy to get wrong. If the current helpers does
> not work for you it's either likely because you're using them wrong
> and/or because they should be improved. Anything else is likely just
> causing extra work and pain.
> 
> Please swing by either the irc channel or contact the mailing list
> for the Debian systemd maintainers. They're very skilled and usually
> happy to help (time permitting). They are likely also the people
> you need to get to review your package anyway if you invent your
> own maintainer script scheme.

I tried to get response from the mailing list, see
http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2017-March/014551.html
Also got to the IRC channel "#debian-systemd" with same result.

As there are no responses proposing better solutions and the conditional
service restarting code works as expected, I would propose keeping
the current solution until bugreports are received. If insufficient,
I would try to contact them again.

> > * Use of .pyc files: As I do not fully understand the consequences
> >   of using .pyc files, especially in conditions where backup might
> >   be more important, e.g. when disks start already failing and
> >   py/pyc files might fall out of sync, I decided not to use them
> >   until I understand the possible risks. As codebase is very small
> >   and program is long-running, overhead from JIT-compiling should
> >   be not an issue.
> 
> Not an expert on python packaging myself, but I think Debian python
> packaging helpers should generate postinst code to automatically
> generate the .pyc files on install. I guess the reason you can't
> ship them is because then you need to build them with the lowest
> supported capability set of the architecture (which itself is
> likely hard to do). In short, the debian way is to just rm *.pyc *.pyo
> and trust the helpers to do the right thing.

Same argument as with security considerations below: availability,
stability in those bordercases might not be a relevant issue for
the first version of the package. So .pyc objects are now generated
the same

Bug#813764: linux-source-3.16: "Dazed and confused, but trying to continue" on X10SDV-TLN4F while using perf top

2017-05-04 Thread Daniel Bakken

I can reproduce this bug on Intel Broadwell processors by running "perf top" 
and another cpu intensive process like "stress -c 8". Within 5 minutes, the 
kernel reports an unexpected NMI:


[2005170.748842] Uhhuh. NMI received for unknown reason 01 on CPU 70.
[2005170.748882] Do you have a strange power saving mode enabled?
[2005170.748900] Dazed and confused, but trying to continue


-- Hardware
CPU: Intel Xeon E5-2695 v4
RAM: 512GB DDR4 2400MHz
System: Supermicro B10DRT

-- Operating System
Debian Release: 8.7
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64
Init: systemd

Bug#861863: override: stegosuite:graphics/optional

2017-05-04 Thread Markus Koschany

Package: ftp.debian.org
Severity: normal

Hi,

please change the override of stegosuite to graphics/optional. The
prior suite was java and although the program is written in Java, it
is a steganography tool and should be part of the graphics suite. See
Debian bug 829258 for more information.

Regards,

Markus

Bug#861862: ITP: chess.app -- Chess for GNUstep

2017-05-04 Thread gurkan


Package: wnpp
Severity: wishlist

* Package name: chess.app
  Version : 2.8
  Upstream Author : NeXT Computer, Apple Software, Gregory Casamento, 
Riccardo Mottola
* URL : 
https://github.com/gnustep/gap/tree/master/ported-apps/Games/Chess
* License : AS-IS without warranty (see Chess.m) and GNU Chess 
GPL

  Description : Chess for GNUstep
 This applications allows you to play chess on a pseudo 3d board. The 
engine

behind is GNU chess.

A working package should soon be available at 
http://sid.ethz.ch/debian/chess.app/

For the curious, a screenshot: http://www.aiei.ch/chess.png

Bug#859912: open-infrastructure-locales-c.utf-8: provides the locales and locales-all packages, but not their functionality

2017-05-04 Thread Mike Hommey

reopen 859912
thanks

On Sun, Apr 09, 2017 at 12:53:40PM +0200, Daniel Baumann wrote:
> severity 859912 normal
> thanks
> 
> 
> Hi,
> 
> thanks for your report.
> 
> On 04/09/17 10:12, Sven Joachim wrote:
> > Your package has a 'Provides' for locales and locales-all but without
> > actually providing any of the functionality of these packages.
> 
> yes, this is the purpose of the package (see rational in the manpage).
> 
> > This makes many packages build-depending on either of those FTBFS.  Here is 
> > a
> > random example from bgoffice-computer-terms:
> 
> given that apt handels this properly, I don't think this is a problem:
> 
>   * apt install locales or apt install locales-all will always install
> the actual packages, not the one providing it.
> 
>   * packages declaring a depends or build-depends against
> locales/locales-all, will get locales/locales-all pulled in,
> not open-infrastructure-locales-c.utf-8

That's not true on experimental buildds:
- firefox and firefox-esr have a build-dependency on locales
- the buildd logs show open-infrastructure-locales-c.utf-8 is pulled
  instead.

Mike

Bug#851551:

2017-05-04 Thread Hidden Chain

They fixed it in these two versions:

http://www.paramiko.org/changelog.html#1.17.4

http://www.paramiko.org/changelog.html#1.18.2

I would like so much to see this fixed, how I could help?

Bug#861861: telegram-desktop: use locale setting

2017-05-04 Thread Salvo Tomaselli

Package: telegram-desktop
Version: 1.0.29-1
Severity: normal

Dear Maintainer,

the UI has a setting to pick the locale, but really it should just read whatever
locale the session is using and apply that, if the translation is available, 
rather
than having me manually do that.

Best

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages telegram-desktop depends on:
ii  libavcodec57 7:3.2.4-1
ii  libavformat577:3.2.4-1
ii  libavutil55  7:3.2.4-1
ii  libc62.24-10
ii  libgcc1  1:6.3.0-16
ii  libglib2.0-0 2.50.3-2
ii  libminizip1  1.1-8+b1
ii  libopenal1   1:1.17.2-4+b2
ii  libqt5core5a [qtbase-abi-5-7-1]  5.7.1+dfsg-3+b1
ii  libqt5gui5   5.7.1+dfsg-3+b1
ii  libqt5network5   5.7.1+dfsg-3+b1
ii  libqt5widgets5   5.7.1+dfsg-3+b1
ii  libssl1.0.2  1.0.2k-1
ii  libstdc++6   6.3.0-16
ii  libswresample2   7:3.2.4-1
ii  libswscale4  7:3.2.4-1
ii  libx11-6 2:1.6.4-3
ii  qt5-image-formats-plugins5.7.1~20161021-2
ii  zlib1g   1:1.2.8.dfsg-5

telegram-desktop recommends no packages.

telegram-desktop suggests no packages.

-- no debconf information

Bug#861860: unblock: apt/1.4.2

2017-05-04 Thread Julian Andres Klode

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package apt

This is the second much talked about timer change. Basically, in an
effort to reduce the load on the mirrors while keeping upgrades running
at a predictable time, we split the systemd timer into two, update (and
download) running anytime during the day; and unattended-upgrade running
in the 6..7am period. (On the Ubuntu side, we intend to backport this into
the current stable releases using systemd-based apt timers, BTW).

Also fixes a typo in the bash completion for apt(8).

(The attached debdiff uses -w, as the indentation in the script changed
 due to the ifs. That's more readable this way).

unblock apt/1.4.2

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (900, 'unstable'), (500, 'unstable-debug'), (500, 
'testing-proposed-updates'), (500, 'buildd-unstable'), (500, 'testing'), (100, 
'experimental'), (1, 'experimental-debug')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.
diff -Nru -w apt-1.4.1/CMakeLists.txt apt-1.4.2/CMakeLists.txt
--- apt-1.4.1/CMakeLists.txt	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.2/CMakeLists.txt	2017-05-04 22:52:10.0 +0200
@@ -172,7 +172,7 @@
 # Configure some variables like package, version and architecture.
 set(PACKAGE ${PROJECT_NAME})
 set(PACKAGE_MAIL "APT Development Team ")
-set(PACKAGE_VERSION "1.4.1")
+set(PACKAGE_VERSION "1.4.2")
 
 if (NOT DEFINED DPKG_DATADIR)
   execute_process(COMMAND ${PERL_EXECUTABLE} -MDpkg -e "print $Dpkg::DATADIR;"
diff -Nru -w apt-1.4.1/completions/bash/apt apt-1.4.2/completions/bash/apt
--- apt-1.4.1/completions/bash/apt	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.2/completions/bash/apt	2017-05-04 22:52:10.0 +0200
@@ -158,7 +158,7 @@
 ' -- "$cur" ) )
 return 0
 ;;
-clean|autocleean)
+clean|autoclean)
 COMPREPLY=( $( compgen -W '
 -s --simulate --dry-run
 ' -- "$cur" ) )
diff -Nru -w apt-1.4.1/debian/apt-daily.service apt-1.4.2/debian/apt-daily.service
--- apt-1.4.1/debian/apt-daily.service	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.2/debian/apt-daily.service	2017-05-04 22:52:10.0 +0200
@@ -1,9 +1,9 @@
 [Unit]
-Description=Daily apt activities
+Description=Daily apt download activities
 Documentation=man:apt(8)
 ConditionACPower=true
 
 [Service]
 Type=oneshot
-ExecStart=/usr/lib/apt/apt.systemd.daily
+ExecStart=/usr/lib/apt/apt.systemd.daily update
 
diff -Nru -w apt-1.4.1/debian/apt-daily.timer apt-1.4.2/debian/apt-daily.timer
--- apt-1.4.1/debian/apt-daily.timer	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.2/debian/apt-daily.timer	2017-05-04 22:52:10.0 +0200
@@ -1,11 +1,11 @@
 [Unit]
-Description=Daily apt activities
+Description=Daily apt download activities
 After=network-online.target
 Wants=network-online.target
 
 [Timer]
-OnCalendar=*-*-* 6:00
-RandomizedDelaySec=60m
+OnCalendar=*-*-* 6,18:00
+RandomizedDelaySec=12h
 Persistent=true
 
 [Install]
diff -Nru -w apt-1.4.1/debian/apt-daily-upgrade.service apt-1.4.2/debian/apt-daily-upgrade.service
--- apt-1.4.1/debian/apt-daily-upgrade.service	1970-01-01 01:00:00.0 +0100
+++ apt-1.4.2/debian/apt-daily-upgrade.service	2017-05-04 22:52:10.0 +0200
@@ -0,0 +1,9 @@
+[Unit]
+Description=Daily apt upgrade and clean activities
+Documentation=man:apt(8)
+ConditionACPower=true
+After=apt-daily.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/lib/apt/apt.systemd.daily install
diff -Nru -w apt-1.4.1/debian/apt-daily-upgrade.timer apt-1.4.2/debian/apt-daily-upgrade.timer
--- apt-1.4.1/debian/apt-daily-upgrade.timer	1970-01-01 01:00:00.0 +0100
+++ apt-1.4.2/debian/apt-daily-upgrade.timer	2017-05-04 22:52:10.0 +0200
@@ -0,0 +1,11 @@
+[Unit]
+Description=Daily apt upgrade and clean activities
+After=apt-daily.timer
+
+[Timer]
+OnCalendar=*-*-* 6:00
+RandomizedDelaySec=60m
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff -Nru -w apt-1.4.1/debian/apt.systemd.daily apt-1.4.2/debian/apt.systemd.daily
--- apt-1.4.1/debian/apt.systemd.daily	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.2/debian/apt.systemd.daily	2017-05-04 22:52:10.0 +0200
@@ -292,6 +292,16 @@
 
 #  main 
 
+# Maintain a lock on fd 3, so we can't run the script twice at the same
+# time.
+LOCKFD=3
+eval $(apt-config shell

Bug#823120: [pkg-ntp-maintainers] Bug#823120: Bug#823120: not fixed in the released version

2017-05-04 Thread Kurt Roeckx

On Thu, May 04, 2017 at 09:45:42PM +0200, Bernhard Schmidt wrote:
> On Wed, May 03, 2017 at 09:51:27AM +0200, Christian Ehrhardt wrote:
> 
> Hi,
> 
> > I was checking 1:4.2.8p10+dfsg-1 that should have fixed this.
> 
> No, 1:4.2.8p10+dfsg-1+exp1 (in experimental) should have fixed this, it
> has not landed in sid yet (due to being in deep freeze etc)
> > 
> > But still:
> > # apt-get install ntpdate ntp
> > [...]
> > Get:2 http://cdn-fastly.deb.debian.org/debian sid/main amd64 ntpdate amd64
> > 1:4.2.8p10+dfsg-1 [72.1 kB]
> > # ntpdate-debian
> > 3 May 07:44:16 ntpdate[2169]: no servers can be used, exiting
> > 
> > Issue still being the same with the change not applied:
> > # grep pool /etc/ntp.conf
> > pool 0.debian.pool.ntp.org iburst
> > pool 1.debian.pool.ntp.org iburst
> > pool 2.debian.pool.ntp.org iburst
> > pool 3.debian.pool.ntp.org iburst
> > 
> > # grep pool /usr/sbin/ntpdate-debian
> > 
> 
> Kurt, this is the only change in experimental I would consider to fix
> for Stretch, especially since it has been fixed once and got lost
> somewhere. What do you think?

And maybe in jessie too.


Kurt

Bug#861824: ledger -f sample.dat org does not print org mode output

2017-05-04 Thread Hans Freitag

Hi,

Sorry, typical PEBKAC.

I did not understand that I had to press tab after loading that table,
and I was more confused by the Manual part where I was told to write
journals into an Org mode file.

Thanks for your help.

regards
Hans


On 04.05.2017 20:05, David Bremner wrote:
> Hans Freitag  writes:
> 
>> Package: ledger
>> Version: 3.1.2~pre1+g3a00e1c+dfsg1-2+b1
>> Severity: normal
>>
>> Dear Maintainer,
>>
>> Accourding to the manual i should geht some orgmode styled output when using
>> *.org instead I am getting this:
>>
>> zem@samsung1:~$ ledger -f sample-ledger.dat org
>> |Date|Code|Payee|X|Account|Amount|Total|Note|
>> |-|
>> |||<20>|<20>|
>> |04-May-01||Checking balance|*|Assets:Bank:Checking|$1,000.00|$1,000.00|
>> *|Equity:Opening Balances|$-1,000.00|$0.00|
>> |04-May-03||Investment balance|*|Assets:Brokerage|50 AAPL|50 AAPL|
>> *|Equity:Opening Balances|$-1,500.00|$-1,500.00|
>> |||50 AAPL|
>> |04-May-14||Páy dày|*|Assets:Bank:Checking|500.00€|$-1,500.00|
>> |||50 AAPL|
>> |||500.00€|
>> *|Income:Salary|-500.00€|$-1,500.00|
>> |||50 AAPL|
> 
> This looks like an org-mode table to me (if you fix some of the line
> breaks, you can test by loading into org-mode and hitting tab). So I
> guess it's doing what the documentation promises.  I'm not sure what an
> appropriate request should be to upstream; it sounds like a completely
> new output format.
>

Bug#830482: [Pkg-clamav-devel] Bug#830482: Fresh installation causes freshclam to to fail

2017-05-04 Thread Sebastian Andrzej Siewior

On 2017-04-02 23:27:38 [-0700], T. Joseph Carter wrote:
> I don't know if I will hit upon the issue in this bug or not, but I'll
> offer what I've just found in case it may be useful:
> 
> I found freshclam to fail freshly installed with the error message
> indicated in this bug.  Here is my freshclam.conf upon installation:

I will try to reproduce this myself over the weekend. The original
reported never came back to me. Just for the record: You run stable or
testing? And all you did was just a plain install? And you do have
systemd as default.

Sebastian

Bug#861637: sassphp: src:sassphp explicitly creates a php7.0 binary package

2017-05-04 Thread Ondřej Surý


Yes, correct.

Also you can kill the warnings and $(mkdir should be $(shell mkdir

I need to fix that in tideways package...

Ondřej


On 4 May 2017 21:00:21 Nish Aravamudan  wrote:


On 04.05.2017 [10:40:50 +0200], Ondřej Surý wrote:

Source: sassphp
Followup-For: Bug #861637

Rhonda,

like in the attached patch.

Sorry for not having a better documentation, but I am extremely bad at
documenting my own work.  (Would be happy to accept any patches that
makes the documentation of dh-php better though.)


I think there is one mistake in the patch, unrelated to my other
comment:

diff --git a/debian/php7.0-sassphp.php b/debian/php-sassphp.php
similarity index 50%
rename from debian/php7.0-sassphp.php
rename to debian/php-sassphp.php
index b102494..228bf89 100644
--- a/debian/php7.0-sassphp.php
+++ b/debian/php-sassphp.php
@@ -1,2 +1 @@
-mod modules/sass.so
 mod debian/sass.ini

I believe the file should be debian/php-sass.php ? To match what is in
d/control. Without this, it appear that php-sass only contains the .so
file, but there is no /etc/php/7.1/mods-available/sass.ini created.

Thanks,
Nish

Bug#861859: reportbug doesn't know the existence of psuedopackage 'manpages.debian.org' please correct it.

2017-05-04 Thread shirish शिरीष

Package: reportbug
Version: 7.1.6
Severity: normal

Dear Maintainer,
Please see the below reportbug instance -

[$] reportbug manpages.debian.org --severity=normal
 [1:09:30]
*** Welcome to reportbug.  Use ? for help at prompts. ***
Note: bug reports are publicly archived (including the email address
of the submitter).
Detected character set: UTF-8
Please change your locale if this is incorrect.

Using 'shirish ' as your from address.
Getting status for manpages.debian.org...
W: Unable to locate package manpages.debian.org
No matching source or binary packages.
A package named "manpages.debian.org" does not appear to be installed;
do you want to search for a similar-looking filename in an installed
package [Y|n|q|?]? y
Finding package for 'manpages.debian.org'...
No packages match.
This package does not appear to be installed; continue with this
report [y|N|q|?]? q

As can be seen reportbug fails to find the new psuedopackage
manpages.debian.org . Please fix it so bugs can be filed against that
psuedopackage using reportbug (offline) i.e.

-- Package-specific info:
** Environment settings:
PAGER="less"
INTERFACE="text"

** /home/shirish/.reportbugrc:
reportbug_version "7.1.4"
mode standard
ui text
offline
email "shir...@deb.org"
no-cc
header "X-Debbugs-CC: shir...@deb.org"
smtphost shirish.deb.org
editor "leafpad"

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (600, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (1, 'experimental-debug'), (1, 'experimental'), (1,
'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages reportbug depends on:
ii  apt1.4.1
ii  python3-reportbug  7.1.6
pn  python3:any

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail 
ii  debconf-utils  1.5.60
ii  debsums2.2
ii  dlocate1.07+nmu1
ii  emacs24-bin-common 24.5+1-10
ii  exim4  4.89-2
ii  exim4-daemon-light [mail-transport-agent]  4.89-2
ii  file   1:5.29-3
ii  gir1.2-gtk-3.0 3.22.11-1
ii  gir1.2-vte-2.910.46.1-1
ii  gnupg  2.1.18-6
ii  python3-gi 3.22.0-2
ii  python3-gi-cairo   3.22.0-2
ii  python3-gtkspellcheck  4.0.5-1
pn  python3-urwid  
ii  xdg-utils  1.1.1-1

Versions of packages python3-reportbug depends on:
ii  apt1.4.1
ii  file   1:5.29-3
ii  python3-debian 0.1.30
ii  python3-debianbts  2.6.1
ii  python3-requests   2.12.4-1
pn  python3:any

python3-reportbug suggests no packages.

-- no debconf information


-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#861858: cacti fails to create symlinks when upgrading from jessie to stretch

2017-05-04 Thread Paul Gevers

Package: cacti
Version: 0.8.8h+ds1-8
Severity: important

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Cacti version 0.8.8h+ds1-8 replaced the embedded jstree JavaScript with a
dependency on the (new) libjs-jquery-jstree package. Instead of having the
files in its own directory tree it now provides symlinks to the jstree
package. However, dpkg doesn't convert dirs to links or vice-versa
automatically and cacti didn't take care of it, so upgrading from anywhere
between 0.8.8a+dfsg-1 (inclusive) and 0.8.8h+ds1-8 (exclusive) to 0.8.8h+ds1-8
or later causes loss of the theme files (CSS and figures), preventing the
device tree to collapse. This includes the upgrade from Jessie to Stretch.

The new link is:
/usr/share/cacti/site/include/js/themes -> ../../../../javascript/jstree/themes

Original report found on the cacti forum in a complaint about the Ubuntu
upgrade (no https): http://forums.cacti.net/viewtopic.php?f=21=57313

- -- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'experimental'), 
(200, 'testing'), (50, 'experimental'), (50, 'testing'), (1, 'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cacti depends on:
ii  dbconfig-mysql  2.0.8
ii  debconf [debconf-2.0]   1.5.60
ii  javascript-common   11
ii  libapache2-mod-php  1:7.0+49
ii  libapache2-mod-php7.0 [libapache2-mod-php]  7.0.16-3
ii  libjs-jquery3.1.1-2
ii  libjs-jquery-cookie 11-3
ii  libjs-jquery-jstree 3.3.3+dfsg1-1
ii  libjs-jquery-ui 1.12.1+dfsg-4
ii  libjs-jquery-ui-theme-ui-lightness  1.12.1+dfsg-1
ii  libphp-adodb5.20.9-1
pn  perl:any
ii  php-cli 1:7.0+49
ii  php-mbstring1:7.0+49
ii  php-mysql   1:7.0+49
ii  php-snmp1:7.0+49
ii  php-xml 1:7.0+49
ii  php7.0-cli [php-cli]7.0.16-3
ii  php7.0-mbstring [php-mbstring]  7.0.16-3
ii  php7.0-mysql [php-mysqlnd]  7.0.16-3
ii  php7.0-snmp [php-snmp]  7.0.16-3
ii  php7.0-xml [php-xml]7.0.16-3
ii  rrdtool 1.6.0-1+b2
ii  snmp5.7.3+dfsg-1.7
ii  ucf 3.0036

Versions of packages cacti recommends:
ii  apache2 [httpd] 2.4.25-3
ii  iputils-ping3:20161105-1
ii  logrotate   3.11.0-0.1
ii  mariadb-server-10.1 [virtual-mysql-server]  10.1.22-3

Versions of packages cacti suggests:
ii  moreutils  0.60-1
pn  php-ldap   

- -- debconf information:
  cacti/mysql/method: Unix socket
  cacti/remote/port:
  cacti/dbconfig-upgrade: true
  cacti/database-type: mysql
  cacti/remove-error: abort
  cacti/purge: false
  cacti/dbconfig-remove: true
* cacti/mysql/admin-user: root
  cacti/remote/host: localhost
  cacti/internal/reconfiguring: false
  cacti/passwords-do-not-match:
  cacti/upgrade-error: abort
  cacti/dbconfig-reinstall: false
* cacti/webserver: apache2
  cacti/db/dbname: cacti
  cacti/install-error: abort
  cacti/upgrade-backup: true
  cacti/missing-db-package-error: abort
  cacti/db/app-user: cacti@localhost
  cacti/internal/skip-preseed: false
  cacti/remote/newhost:
* cacti/dbconfig-install: true

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAlkLhpQACgkQnFyZ6wW9
dQogmAgAqgIW/7qaAliVmeAYs7dY6emCArSNQZuuuk1Ss8TEviyZYCH6ItlCRg/d
HcIzbzuBYREM/n2s6rWJ0iIQyMdKrQiFVZTh5xSmDaomb7RcRyxNc/A1Zphv0XGY
56E0DSL5aYwVS1F5BQuR+2rj9JTHg/lM3aU56U9ppFwD2AoR+Wqr/1qY3UvX6xKM
S6/Zu0MTUeWta5xyHTgCbhAfm6Yi/JLETGHoRyZg8CZKh01KDL+adR9L+zxdtXKS
DXKFYCgmFsssBZ4xIYma4p2nN4Wdm5E4+kPJP+aeIWslZjr/G/xMY24GLm8p6nL1
rHffPNgIF1vaeyCrR3Ou+v98oz3J0A==
=Kzy1
-END PGP SIGNATURE-

Bug#861824: ledger -f sample.dat org does not print org mode output

2017-05-04 Thread David Bremner

Hans Freitag  writes:

> Package: ledger
> Version: 3.1.2~pre1+g3a00e1c+dfsg1-2+b1
> Severity: normal
>
> Dear Maintainer,
>
> Accourding to the manual i should geht some orgmode styled output when using
> *.org instead I am getting this:
>
> zem@samsung1:~$ ledger -f sample-ledger.dat org
> |Date|Code|Payee|X|Account|Amount|Total|Note|
> |-|
> |||<20>|<20>|
> |04-May-01||Checking balance|*|Assets:Bank:Checking|$1,000.00|$1,000.00|
> *|Equity:Opening Balances|$-1,000.00|$0.00|
> |04-May-03||Investment balance|*|Assets:Brokerage|50 AAPL|50 AAPL|
> *|Equity:Opening Balances|$-1,500.00|$-1,500.00|
> |||50 AAPL|
> |04-May-14||Páy dày|*|Assets:Bank:Checking|500.00€|$-1,500.00|
> |||50 AAPL|
> |||500.00€|
> *|Income:Salary|-500.00€|$-1,500.00|
> |||50 AAPL|

This looks like an org-mode table to me (if you fix some of the line
breaks, you can test by loading into org-mode and hitting tab). So I
guess it's doing what the documentation promises.  I'm not sure what an
appropriate request should be to upstream; it sounds like a completely
new output format.

Bug#861857: chromium: when posting an inaccessible file as part of a form submission chromium claims the remote site is not accessible

2017-05-04 Thread Michal Suchanek

Package: chromium
Version: 58.0.3029.81-1
Severity: normal

Hello,

I tried to attach a log file as part of a bugzilla bug report form and
the log file is not accessible from my user account. The result is
chromium claims that form post url is inaccessible while in fact the
submitted local file is inaccessible.

Please correct the error message

Thanks

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (700, 'stable'), (600, 'oldstable'), (171, 
'unstable'), (151, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages chromium depends on:
ii  libasound2   1.1.3-5
ii  libatk1.0-0  2.22.0-1
ii  libavcodec57 7:3.2.4-1
ii  libavformat577:3.2.4-1
ii  libavutil55  7:3.2.4-1
ii  libc62.24-10
ii  libcairo21.14.8-1
ii  libcups2 2.2.1-8
ii  libdbus-1-3  1.10.18-1
ii  libevent-2.0-5   2.0.21-stable-3
ii  libexpat12.2.0-2
ii  libflac8 1.3.2-1
ii  libfontconfig1   2.11.0-6.7+b1
ii  libfreetype6 2.6.3-3.2
ii  libgcc1  1:6.3.0-14
ii  libgdk-pixbuf2.0-0   2.36.5-2
ii  libglib2.0-0 2.50.3-2
ii  libgtk2.0-0  2.24.31-2
ii  libharfbuzz0b1.4.2-1
ii  libicu57 57.1-6
ii  libjpeg62-turbo  1:1.5.1-2
ii  libminizip1  1.1-8+b1
ii  libnspr4 2:4.12-6
ii  libnss3  2:3.26.2-1
ii  libpango-1.0-0   1.40.5-1
ii  libpangocairo-1.0-0  1.40.5-1
ii  libpng16-16  1.6.28-1
ii  libpulse010.0-1
ii  libre2-3 20170101+dfsg-1
ii  libsnappy1v5 1.1.3-3
ii  libstdc++6   6.3.0-14
ii  libvpx4  1.6.1-3
ii  libwebp6 0.5.2-1
ii  libwebpdemux20.5.2-1
ii  libx11-6 2:1.6.4-3
ii  libx11-xcb1  2:1.6.4-3
ii  libxcb1  1.12-1
ii  libxcomposite1   1:0.4.4-2
ii  libxcursor1  1:1.1.14-1+b4
ii  libxdamage1  1:1.1.4-2+b3
ii  libxext6 2:1.3.3-1+b2
ii  libxfixes3   1:5.0.3-1
ii  libxi6   2:1.7.9-1
ii  libxml2  2.9.4+dfsg1-2.2
ii  libxrandr2   2:1.5.1-1
ii  libxrender1  1:0.9.10-1
ii  libxslt1.1   1.1.29-2.1
ii  libxss1  1:1.2.2-1
ii  libxtst6 2:1.2.3-1
ii  x11-utils7.7+3+b1
ii  xdg-utils1.1.1-1
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages chromium recommends:
ii  fonts-liberation  1:1.07.4-2

Versions of packages chromium suggests:
pn  chromium-driver
pn  chromium-l10n  
pn  chromium-shell 
pn  chromium-widevine  

-- no debconf information

Bug#861856: oping: CSV output uses locale decimal separator

2017-05-04 Thread Tollef Fog Heen

Package: oping
Version: 1.9.0-1+b1
Severity: normal

When running noping -O foo.csv 127.0.0.1, I get file output like:

1493922621,709,"127.0.0.1",11,28

This is somewhat unfortunate, since it's not really comma separated
values any more.

(My locale has «,» as its decimal separator.)

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages oping depends on:
ii  libc6 2.24-10
ii  libncursesw5  6.0+20161126-1
ii  liboping0 1.9.0-1+b1
ii  libtinfo5 6.0+20161126-1

oping recommends no packages.

oping suggests no packages.

-- no debconf information

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Bug#861180: shc: infinite loop does not work properly

2017-05-04 Thread Eriberto

Control: severity 861180 normal

2017-05-04 16:30 GMT-03:00 Tong Sun :
> Hi Eriberto,

Hi,

> Do you still want to mark the Severity: as grave
> after Jörg Sommer has explained in
> https://github.com/neurobin/shc/issues/23#issuecomment-299035820
> that there is a workaround?

I tested this workaround yesterday. Setting normal.

Cheers,

Eriberto

Bug#823120: [pkg-ntp-maintainers] Bug#823120: not fixed in the released version

2017-05-04 Thread Bernhard Schmidt

On Wed, May 03, 2017 at 09:51:27AM +0200, Christian Ehrhardt wrote:

Hi,

> I was checking 1:4.2.8p10+dfsg-1 that should have fixed this.

No, 1:4.2.8p10+dfsg-1+exp1 (in experimental) should have fixed this, it
has not landed in sid yet (due to being in deep freeze etc)
> 
> But still:
> # apt-get install ntpdate ntp
> [...]
> Get:2 http://cdn-fastly.deb.debian.org/debian sid/main amd64 ntpdate amd64
> 1:4.2.8p10+dfsg-1 [72.1 kB]
> # ntpdate-debian
> 3 May 07:44:16 ntpdate[2169]: no servers can be used, exiting
> 
> Issue still being the same with the change not applied:
> # grep pool /etc/ntp.conf
> pool 0.debian.pool.ntp.org iburst
> pool 1.debian.pool.ntp.org iburst
> pool 2.debian.pool.ntp.org iburst
> pool 3.debian.pool.ntp.org iburst
> 
> # grep pool /usr/sbin/ntpdate-debian
> 

Kurt, this is the only change in experimental I would consider to fix
for Stretch, especially since it has been fixed once and got lost
somewhere. What do you think?

Bernhard


signature.asc
Description: Digital signature

Bug#861838: About the LDAP server we are connecting to....

2017-05-04 Thread Matthew B. Weatherford



The LDAP server we are connecting to is  openldap 2.4.40 and sasl 
2.1.26  provided by CentOS7


All the centos 7 clients work perfectly connecting to it

Bug#861840:

2017-05-04 Thread Christopher Howard

Here you can see the OAuth attempt fail

-1804604608[96cfdd80]: try to log in
-1804604608[96cfdd80]: IMAP auth: server caps 0xc080c1625, pref
0x8, failed 0x0, avail caps 0x8
-1804604608[96cfdd80]: (GSSAPI = 0x100, CRAM = 0x2, NTLM =
0x10, MSN = 0x20, PLAIN = 0x1000,
  LOGIN = 0x2, old-style IMAP login = 0x4, auth external IMAP login =
0x2000, OAUTH2 = 0x8)
-1804604608[96cfdd80]: trying auth method 0x8
-1804604608[96cfdd80]: IMAP: trying auth method 0x8
-1804604608[96cfdd80]: XOAUTH2 auth
-1804604608[96cfdd80]: OAuth2 failed
-1804604608[96cfdd80]: authlogin failed
-1804604608[96cfdd80]: marking auth method 0x8 failed

If there is something else you are looking for I'll need help knowing what
to search for.

Be aware you won't be able to reproduce this problem with a gmail account
that is already authenticated over oauth. You have to clear that
authentication first somehow. In my case it was a password reset, but I
suppose you could also create a temporary profile and try to recreate the
Thunderbird/Icedove account.

Some of the other bug reports I linked to indicate this may not be problem
in some countries (I am in the USA). Perhaps having something to do with
the sign-in portal used.

Bug#861180: shc: infinite loop does not work properly

2017-05-04 Thread Tong Sun

Hi Eriberto,

Do you *still* want to mark the Severity: as grave
after *Jörg Sommer *has explained in https://github.com/neurobin/
shc/issues/23#issuecomment-299035820
that there is a workaround?

Marking Severity: as grave will make

shc 3.8.9b-1 for* autoremoval from testing on **2017-05-24*

Would it a better option to mark it not so sever, so that for those people
depending on shc, can still use it, using the workaround?

FTR, the workaround is,

setarch `uname -m` -R $SHELL. That will spawn a shell with ASLR disabled,
and any command you run from that shell will also have ASLR disabled.

On Sun, Apr 30, 2017 at 3:48 PM, Tong Sun 
wrote:

>
> On Sat, Apr 29, 2017 at 7:45 PM, Eriberto 
> wrote:
>
>> I did some tests and I have news. I downloaded the versions 3.8.6 and
>> 3.8.7 from upstream homepage and I did a 'make' inside a Sid jail.
>> After this, I compiled a shell script. The script compiled by 3.8.6
>> version worked fine, but the script from 3.8.7 (and newer) fails
>> (infinite loop).
>>
>
> Oh, that's indeed a good news.
>
> There are two major fixes after versions 3.8.6
>
> - Bug on 64bit systems with expiration dates.
> - Fixing a long standing bug making the source not hidden.
>
> Both are big issues, and I vaguely remember that expiration date was an
> issue biting me. I think we need to do more testing before making any
> decision.
>
> Also, CCing *Giacomo Picconi* to see if he has any ideas about the bug
> and fix.
>
> Thanks
>
>

Bug#861855: php7.0-fpm: Uses kill without depending on procps

2017-05-04 Thread Adrian Heine

Package: php7.0-fpm
Version: 7.0.16-3
Severity: serious
Justification: Policy 3.5

/lib/systemd/system/php7.0-fpm.service contains:
```
ExecReload=/bin/kill -USR2 $MAINPID
```
procps is not Essential.

Bug#861854: cups: AS400 cups-lpd submitted multi-copy jobs stalling

2017-05-04 Thread Eric Masson

Package: cups
Version: 1.7.5-11+deb8u1
Severity: normal

Dear Maintainer,

I'm facing the issue reported in 2007 in bug #410760
Any spool file sent to a debian host using cups-ldp with multiple copies result 
in
the following : the printer prints the first copy only then stalls.
The status of the printer is "Waiting for job to complete..." and remains that 
way.
The printjob itself stays in the queue in state "processing since...".
I can provide debug logs on request.

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cups depends on:
ii  cups-client1.7.5-11+deb8u1
ii  cups-common1.7.5-11+deb8u1
ii  cups-core-drivers  1.7.5-11+deb8u1
ii  cups-daemon1.7.5-11+deb8u1
ii  cups-filters   1.0.61-5+deb8u3
ii  cups-ppdc  1.7.5-11+deb8u1
ii  cups-server-common 1.7.5-11+deb8u1
ii  debconf [debconf-2.0]  1.5.56
ii  ghostscript9.06~dfsg-2+deb8u4
ii  libavahi-client3   0.6.31-5
ii  libavahi-common3   0.6.31-5
ii  libc-bin   2.19-18+deb8u7
ii  libc6  2.19-18+deb8u7
ii  libcups2   1.7.5-11+deb8u1
ii  libcupscgi11.7.5-11+deb8u1
ii  libcupsimage2  1.7.5-11+deb8u1
ii  libcupsmime1   1.7.5-11+deb8u1
ii  libcupsppdc1   1.7.5-11+deb8u1
ii  libgcc11:4.9.2-10
ii  libstdc++6 4.9.2-10
ii  libusb-1.0-0   2:1.0.19-1
ii  lsb-base   4.1+Debian13+nmu1
ii  poppler-utils  0.26.5-2+deb8u1
ii  procps 2:3.3.9-9

Versions of packages cups recommends:
ii  avahi-daemon 0.6.31-5
ii  colord   1.2.1-1+b2
ii  cups-filters [ghostscript-cups]  1.0.61-5+deb8u3
ii  printer-driver-gutenprint5.2.10-3

Versions of packages cups suggests:
ii  cups-bsd   1.7.5-11+deb8u1
pn  cups-pdf   
ii  foomatic-db-compressed-ppds [foomatic-db]  20150411-1
ii  hplip  3.16.11+repack0-1~bpo8+1
ii  printer-driver-hpcups  3.16.11+repack0-1~bpo8+1
pn  smbclient  
ii  udev   215-17+deb8u6

-- debconf information:
  cupsys/raw-print: true
  cupsys/backend: lpd, socket, usb, snmp, dnssd

Bug#861853: cacti defaults to the wrong rrdtool (and the current rrdtool version isn't even available)

2017-05-04 Thread Paul Gevers

Package: cacti
Version: 0.8.8h+ds1-9
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

After a fresh install of cacti, the rrdtool version recorded is 1.0.x. This
should have been 1.6.x (which isn't available) and failing that at least the
highest available version.

- -- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'experimental'), 
(200, 'testing'), (50, 'experimental'), (50, 'testing'), (1, 'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cacti depends on:
ii  dbconfig-mysql  2.0.8
ii  debconf [debconf-2.0]   1.5.60
ii  javascript-common   11
ii  libapache2-mod-php  1:7.0+49
ii  libapache2-mod-php7.0 [libapache2-mod-php]  7.0.16-3
ii  libjs-jquery3.1.1-2
ii  libjs-jquery-cookie 11-3
ii  libjs-jquery-jstree 3.3.3+dfsg1-1
ii  libjs-jquery-ui 1.12.1+dfsg-4
ii  libjs-jquery-ui-theme-ui-lightness  1.12.1+dfsg-1
ii  libphp-adodb5.20.9-1
pn  perl:any
ii  php-cli 1:7.0+49
ii  php-mbstring1:7.0+49
ii  php-mysql   1:7.0+49
ii  php-snmp1:7.0+49
ii  php-xml 1:7.0+49
ii  php7.0-cli [php-cli]7.0.16-3
ii  php7.0-mbstring [php-mbstring]  7.0.16-3
ii  php7.0-mysql [php-mysqlnd]  7.0.16-3
ii  php7.0-snmp [php-snmp]  7.0.16-3
ii  php7.0-xml [php-xml]7.0.16-3
ii  rrdtool 1.6.0-1+b2
ii  snmp5.7.3+dfsg-1.7
ii  ucf 3.0036

Versions of packages cacti recommends:
ii  apache2 [httpd] 2.4.25-3
ii  iputils-ping3:20161105-1
ii  logrotate   3.11.0-0.1
ii  mariadb-server-10.1 [virtual-mysql-server]  10.1.22-3

Versions of packages cacti suggests:
ii  moreutils  0.60-1
pn  php-ldap   

- -- debconf information:
  cacti/missing-db-package-error: abort
  cacti/dbconfig-reinstall: false
  cacti/internal/reconfiguring: false
  cacti/dbconfig-remove: true
  cacti/dbconfig-upgrade: true
  cacti/upgrade-error: abort
  cacti/purge: false
  cacti/internal/skip-preseed: false
* cacti/mysql/admin-user: root
  cacti/database-type: mysql
  cacti/remote/host: localhost
  cacti/upgrade-backup: true
  cacti/mysql/method: Unix socket
  cacti/install-error: abort
  cacti/remove-error: abort
  cacti/remote/newhost:
  cacti/passwords-do-not-match:
  cacti/db/dbname: cacti
* cacti/webserver: apache2
  cacti/remote/port:
* cacti/dbconfig-install: true
  cacti/db/app-user: cacti@localhost

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAlkLfNIACgkQnFyZ6wW9
dQp4Ugf/VQyqftzw3Efs/zEQJUnks8cq6mB8b80ev7z15ZKT+EitGC7DWkoa8xmh
hWG8ZNnO6e4aFG/cHynSWb6Dy/uFdU2bRT+syIUu6BAOiB14q4SwiysdZOuPU2o2
aXL+pqocylLOopEE4MObNeRZRvsW5gdf2pc7LJ/ewQBx1Jd6i5fW99Rhi9TiRcD6
t21oBHigcbgtLo8oPEJXyiBCdoKETp70WnOVg2rCGsq0sBuw6XJ3uAQ8wo+rcctV
9DjctaWY3z1nvCh40opZ9DEXcaQFLtM6mmJiY1lPHeQlX0QjcERDLfaKbIAjrjQ3
XvaFUNoTcrB8ys4hLzxdo6UcO19yrw==
=Z6Pq
-END PGP SIGNATURE-

Bug#861637: sassphp: src:sassphp explicitly creates a php7.0 binary package

2017-05-04 Thread Nish Aravamudan

On 04.05.2017 [10:40:50 +0200], Ondřej Surý wrote:
> Source: sassphp
> Followup-For: Bug #861637
> 
> Rhonda,
> 
> like in the attached patch.
> 
> Sorry for not having a better documentation, but I am extremely bad at
> documenting my own work.  (Would be happy to accept any patches that
> makes the documentation of dh-php better though.)

I think there is one mistake in the patch, unrelated to my other
comment:

diff --git a/debian/php7.0-sassphp.php b/debian/php-sassphp.php
similarity index 50%
rename from debian/php7.0-sassphp.php
rename to debian/php-sassphp.php
index b102494..228bf89 100644
--- a/debian/php7.0-sassphp.php
+++ b/debian/php-sassphp.php
@@ -1,2 +1 @@
-mod modules/sass.so
 mod debian/sass.ini

I believe the file should be debian/php-sass.php ? To match what is in
d/control. Without this, it appear that php-sass only contains the .so
file, but there is no /etc/php/7.1/mods-available/sass.ini created.

Thanks,
Nish

Bug#849769: [mipsel]: string.sub sometimes returns incorrect slice

2017-05-04 Thread James McCoy

On Sat, Jan 14, 2017 at 02:55:22PM -0500, James McCoy wrote:
> On Fri, Dec 30, 2016 at 02:25:27PM -0500, James McCoy wrote:
> > Neovim's test suite was periodically failing on mipsel and after looking
> > into it, it turns out that luajit sometimes incorrectly handles
> > str:sub(i, j).
> 
> This was fixed upstream in 62af10152433c45e5d83e442538fabf1f57f189b.

2.0.5 and 2.1.0-beta3 contain this fix.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#861443: ora2pg: please make the build reproducible

2017-05-04 Thread Niels Thykier

Control: tags -1 fixed-upstream

On Thu, 04 May 2017 17:35:00 + Niels Thykier  wrote:
> Control: tags -1 moreinfo
> 
> [...]
> 
> Hi Chris,
> 
> I suspect your patch is wrong because the original code is wrong as well.
> 
> $$ in postgres SQL is (often?) used to delimit the definition of
> triggers and functions.  Therefore, I think you rather want the $$ to be
> literal $$ in the config file rather than a ("random") number.
> 
> Thanks,
> ~Niels
> 
> 

Checked and it is fixed upstream in 18.1:

"""
  - Fix shell replacement of $$ in function definition in Makefile.PL
embedded configuration file. Thanks to kuzmaka for the report.
"""

Thanks,
~Niels

Bug#861637: sassphp: src:sassphp explicitly creates a php7.0 binary package

2017-05-04 Thread Nish Aravamudan

On Thu, May 4, 2017 at 11:40 AM, Ondřej Surý  wrote:
> That's:
>
> PECL_SOURCE=$(filter-out debian $(DIR_TARGETS),$(wildcard *)) +$(foreach
> ver,$(DH_PHP_VERSIONS),$(eval PECL_SOURCE_$(ver) := $(PECL_SOURCE)))
>
> So something else must be going on there. I have successfully built sass for
> coinstallable php 5.6, 7.0 and 7.1.

PEBKAC, sorry! Was manually copying the patch in and missed a hunk.

Bug#861838: [Pkg-openldap-devel] Bug#861838: more information

2017-05-04 Thread Ryan Tandy


Control: reassign -1 libldap-2.4-2 2.4.40+dfsg-1
Control: tag -1 moreinfo

Hi Matthew,

Thanks for the report, and for this additional info.

Sounds like you've found a bug, maybe in libldap, maybe in GnuTLS.

What's your LDAP server running?

I haven't seen anything like this personally. Not sure exactly where to 
start with trying to replicate it locally. I'll try out a longer cert 
chain like you have and see what happens with the larger packet sizes.


On Thu, May 04, 2017 at 11:28:43AM -0700, Matthew B. Weatherford wrote:

ldapsearch and ldapwhoami return "Can't contact LDAP server (-1)"
on higher debug level (-d2) , it looks like there is a tls_read 
want/got mismatch.

Debug output below.

This is also broken in debian 8 but same commands work properly in 
Debian 7  and the tls_read want/got mismatch does not occur on debian 
7



The key piece here, no matter whether I use password auth or CERT auth 
on debian 8/9 is that I always see an early debug (-d2 flag) message 
like this:


  tls_read: want=16384, got=14475

so there is a mismatch in the tls_read.  I'll paste the whole debug 
after the fold


On Debian 7 there is no such mismatch in the debug output and 
everything works.


Should this be reported as a SASL broken bug instead?  nlscd and sssd 
are also non functional.


Matt



root@ldi-deb9-test:~/UW-LDI# ./ldiauth
ldap_write: want=31, written=31
 :  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31 
0w...1.3.6.1

 0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_read: want=8, got=8
 :  30 0c 02 01 01 78 07 0a 0x..
ldap_read: want=6, got=6
 :  01 00 04 00 04 00 ..
tls_write: want=238, written=238
 :  16 03 01 00 e9 01 00 00  e5 03 03 59 0b 70 61 ad 
...Y.pa.
 0010:  a4 10 d9 f9 90 b2 b1 55  03 7f dc 9c d4 df 23 29 
...U..#)
 0020:  c3 48 0e 97 67 5e 43 12  08 bf 49 00 00 72 c0 2c 
.H..g^C...I..r.,
 0030:  c0 87 cc a9 c0 ad c0 0a  c0 24 c0 73 c0 2b c0 86 
.$.s.+..
 0040:  c0 ac c0 09 c0 23 c0 72  c0 08 c0 30 c0 8b cc a8 
.#.r...0
 0050:  c0 14 c0 28 c0 77 c0 2f  c0 8a c0 13 c0 27 c0 76 
...(.w./.'.v
 0060:  c0 12 00 9d c0 7b c0 9d  00 35 00 3d 00 84 00 c0 
.{...5.=
 0070:  00 9c c0 7a c0 9c 00 2f  00 3c 00 41 00 ba 00 0a 
...z.../.<.A
 0080:  00 9f c0 7d cc aa c0 9f  00 39 00 6b 00 88 00 c4 
...}.9.k
 0090:  00 9e c0 7c c0 9e 00 33  00 67 00 45 00 be 00 16 
...|...3.g.E
 00a0:  01 00 00 4a 00 17 00 00  00 16 00 00 00 05 00 05 
...J
 00b0:  01 00 00 00 00 ff 01 00  01 00 00 23 00 00 00 0a 
...#
 00c0:  00 0c 00 0a 00 17 00 18  00 19 00 15 00 13 00 0b 

 00d0:  00 02 01 00 00 0d 00 16  00 14 04 01 04 03 05 01 


 00e0:  05 03 06 01 06 03 03 01  03 03 02 01 02 03 ..
tls_read: want=5, got=5
 :  16 03 03 40 00 ...@.
tls_read: want=16384, got=14475
 :  02 00 00 53 03 03 41 2d  92 aa 79 c5 6a 80 42 8c 
...S..A-..y.j.B.
 0010:  f4 e2 60 75 bc 4f 01 a8  4f 6d 7c 32 27 08 ed 70 
..`u.O..Om|2'..p
 0020:  45 92 e6 4b 40 d9 20 34  85 bd 62 41 05 e5 81 c7   E..K@. 
4..bA
 0030:  a1 36 b4 6d bf 20 01 c8  49 70 40 0d c2 e7 19 23   .6.m. 
..Ip@#
 0040:  88 4f d4 57 0a 6d a8 c0  30 00 00 0b ff 01 00 01 
.O.W.m..0...
 0050:  00 00 0b 00 02 01 00 0b  00 15 57 00 15 54 00 05 
..W..T..
 0060:  96 30 82 05 92 30 82 04  7a a0 03 02 01 02 02 11 
.0...0..z...
 0070:  00 93 4f 82 f2 2d 6d cc  64 0f ce a1 57 97 a1 35 
..O..-m.d...W..5
 0080:  90 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00 
.0...*.H
 0090:  30 76 31 0b 30 09 06 03  55 04 06 13 02 55 53 31 
0v1.0...UUS1
 00a0:  0b 30 09 06 03 55 04 08  13 02 4d 49 31 12 30 10 
.0...UMI1.0.
 00b0:  06 03 55 04 07 13 09 41  6e 6e 20 41 72 62 6f 72 ..UAnn 
Arbor
 00c0:  31 12 30 10 06 03 55 04  0a 13 09 49 6e 74 65 72 
1.0...UInter
 00d0:  6e 65 74 32 31 11 30 0f  06 03 55 04 0b 13 08 49 
net21.0...UI
 00e0:  6e 43 6f 6d 6d 6f 6e 31  1f 30 1d 06 03 55 04 03 
nCommon1.0...U..
 00f0:  13 16 49 6e 43 6f 6d 6d  6f 6e 20 52 53 41 20 53 ..InCommon 
RSA S
 0100:  65 72 76 65 72 20 43 41  30 1e 17 0d 31 37 30 34   erver 
CA0...1704
 0110:  31 31 30 30 30 30 30 30  5a 17 0d 32 30 30 34 31 
1100Z..20041
 0120:  30 32 33 35 39 35 39 5a  30 81 a1 31 0b 30 09 06 
0235959Z0..1.0..
 0130:  03 55 04 06 13 02 55 53  31 0e 30 0c 06 03 55 04 
.UUS1.0...U.
 0140:  11 13 05 39 38 31 39 35  31 0b 30 09 06 03 55 04 
...981951.0...U.
 0150:  08 13 02 57 41 31 10 30  0e 06 03 55 04 07 13 07 
...WA1.0...U
 0160:  53 65 61 74 74 6c 65 31  19 30 17 06 03 55 04 09 
Seattle1.0...U..
 0170:  13 10 34 35 34 35 20 31  35 74 68 20 41 76 65 20   ..4545 
15th Ave
 0180:  4e 45 31 21 30 1f 06 03  55 04 0a 13 18 55 6e 69 
NE1!0...UUni
 0190:  76 65 72 73 69 74 79 20  6f 66 20 57 61 73 68 69 versity of 
Washi
 01a0:  6e 67 74 6f 6e 31 0e 30  0c 06 03 55 04 0b 13 05 
ngton1.0...U
 01b0:  55 57 2d 49 54 31 15 30  13 06 03 55 04 03 13 0c

Bug#861637: sassphp: src:sassphp explicitly creates a php7.0 binary package

2017-05-04 Thread Ondřej Surý


That's:

PECL_SOURCE=$(filter-out debian $(DIR_TARGETS),$(wildcard *)) +$(foreach 
ver,$(DH_PHP_VERSIONS),$(eval PECL_SOURCE_$(ver) := $(PECL_SOURCE)))


So something else must be going on there. I have successfully built sass 
for coinstallable php 5.6, 7.0 and 7.1.


Cheers,
Ondřej


On 4 May 2017 6:28:02 p.m. Nish Aravamudan  
wrote:



Hi Ondřej,

It appears that this patch assumes a normal PECL extension and I'm not
sure sass is one?

The build eventually fails with:
cp -a undefined build-7.1
cp: cannot stat 'undefined': No such file or directory
/usr/share/dh-php/pkg-pecl.mk:60: recipe for target 'configure-7.1-stamp' 
failed

make[1]: *** [configure-7.1-stamp] Error 1

from dh-php.mk:

configure-%-stamp:
cp -a $(PECL_SOURCE_$(*)) $(SOURCE_DIR)

$(foreach ver,$(DH_PHP_VERSIONS),$(eval PECL_SOURCE_$(ver) := $(if
$(PACKAGE_XML_$(ver)),$(shell xml2 < $(PACKAGE_XML_$(ver)) | sed -ne
"s,^/package/name=,,p")-$(shell xml2 < $(PACKAGE_XML_$(ver)) | sed -ne
"s,^/package/version/release=,,p"),undefined)))

Since there is no package.xml, this results in undefined? In a quick
look through pkg-pecl.mk, I'm not seeing an obvious override for this
case?

Also, should the above resulting in undefined be a fatal error since
the build is going to eventually fail (and maybe with a better
message: "unable to determine PECL source version from package.xml"?)

Bug#861838: more information

2017-05-04 Thread Matthew B. Weatherford


ldapsearch and ldapwhoami return "Can't contact LDAP server (-1)"
on higher debug level (-d2) , it looks like there is a tls_read want/got 
mismatch.

Debug output below.

This is also broken in debian 8 but same commands work properly in 
Debian 7  and the tls_read want/got mismatch does not occur on debian 7



The key piece here, no matter whether I use password auth or CERT auth 
on debian 8/9 is that I always see an early debug (-d2 flag) message 
like this:


   tls_read: want=16384, got=14475

so there is a mismatch in the tls_read.  I'll paste the whole debug 
after the fold


On Debian 7 there is no such mismatch in the debug output and everything 
works.


Should this be reported as a SASL broken bug instead?  nlscd and sssd 
are also non functional.


Matt



root@ldi-deb9-test:~/UW-LDI# ./ldiauth
ldap_write: want=31, written=31
  :  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31 
0w...1.3.6.1

  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_read: want=8, got=8
  :  30 0c 02 01 01 78 07 0a 0x..
ldap_read: want=6, got=6
  :  01 00 04 00 04 00 ..
tls_write: want=238, written=238
  :  16 03 01 00 e9 01 00 00  e5 03 03 59 0b 70 61 ad 
...Y.pa.
  0010:  a4 10 d9 f9 90 b2 b1 55  03 7f dc 9c d4 df 23 29 
...U..#)
  0020:  c3 48 0e 97 67 5e 43 12  08 bf 49 00 00 72 c0 2c 
.H..g^C...I..r.,
  0030:  c0 87 cc a9 c0 ad c0 0a  c0 24 c0 73 c0 2b c0 86 
.$.s.+..
  0040:  c0 ac c0 09 c0 23 c0 72  c0 08 c0 30 c0 8b cc a8 
.#.r...0
  0050:  c0 14 c0 28 c0 77 c0 2f  c0 8a c0 13 c0 27 c0 76 
...(.w./.'.v
  0060:  c0 12 00 9d c0 7b c0 9d  00 35 00 3d 00 84 00 c0 
.{...5.=
  0070:  00 9c c0 7a c0 9c 00 2f  00 3c 00 41 00 ba 00 0a 
...z.../.<.A
  0080:  00 9f c0 7d cc aa c0 9f  00 39 00 6b 00 88 00 c4 
...}.9.k
  0090:  00 9e c0 7c c0 9e 00 33  00 67 00 45 00 be 00 16 
...|...3.g.E
  00a0:  01 00 00 4a 00 17 00 00  00 16 00 00 00 05 00 05 
...J
  00b0:  01 00 00 00 00 ff 01 00  01 00 00 23 00 00 00 0a 
...#
  00c0:  00 0c 00 0a 00 17 00 18  00 19 00 15 00 13 00 0b 

  00d0:  00 02 01 00 00 0d 00 16  00 14 04 01 04 03 05 01 


  00e0:  05 03 06 01 06 03 03 01  03 03 02 01 02 03 ..
tls_read: want=5, got=5
  :  16 03 03 40 00 ...@.
tls_read: want=16384, got=14475
  :  02 00 00 53 03 03 41 2d  92 aa 79 c5 6a 80 42 8c 
...S..A-..y.j.B.
  0010:  f4 e2 60 75 bc 4f 01 a8  4f 6d 7c 32 27 08 ed 70 
..`u.O..Om|2'..p
  0020:  45 92 e6 4b 40 d9 20 34  85 bd 62 41 05 e5 81 c7   E..K@. 
4..bA
  0030:  a1 36 b4 6d bf 20 01 c8  49 70 40 0d c2 e7 19 23   .6.m. 
..Ip@#
  0040:  88 4f d4 57 0a 6d a8 c0  30 00 00 0b ff 01 00 01 
.O.W.m..0...
  0050:  00 00 0b 00 02 01 00 0b  00 15 57 00 15 54 00 05 
..W..T..
  0060:  96 30 82 05 92 30 82 04  7a a0 03 02 01 02 02 11 
.0...0..z...
  0070:  00 93 4f 82 f2 2d 6d cc  64 0f ce a1 57 97 a1 35 
..O..-m.d...W..5
  0080:  90 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00 
.0...*.H
  0090:  30 76 31 0b 30 09 06 03  55 04 06 13 02 55 53 31 
0v1.0...UUS1
  00a0:  0b 30 09 06 03 55 04 08  13 02 4d 49 31 12 30 10 
.0...UMI1.0.
  00b0:  06 03 55 04 07 13 09 41  6e 6e 20 41 72 62 6f 72 ..UAnn 
Arbor
  00c0:  31 12 30 10 06 03 55 04  0a 13 09 49 6e 74 65 72 
1.0...UInter
  00d0:  6e 65 74 32 31 11 30 0f  06 03 55 04 0b 13 08 49 
net21.0...UI
  00e0:  6e 43 6f 6d 6d 6f 6e 31  1f 30 1d 06 03 55 04 03 
nCommon1.0...U..
  00f0:  13 16 49 6e 43 6f 6d 6d  6f 6e 20 52 53 41 20 53 ..InCommon 
RSA S
  0100:  65 72 76 65 72 20 43 41  30 1e 17 0d 31 37 30 34   erver 
CA0...1704
  0110:  31 31 30 30 30 30 30 30  5a 17 0d 32 30 30 34 31 
1100Z..20041
  0120:  30 32 33 35 39 35 39 5a  30 81 a1 31 0b 30 09 06 
0235959Z0..1.0..
  0130:  03 55 04 06 13 02 55 53  31 0e 30 0c 06 03 55 04 
.UUS1.0...U.
  0140:  11 13 05 39 38 31 39 35  31 0b 30 09 06 03 55 04 
...981951.0...U.
  0150:  08 13 02 57 41 31 10 30  0e 06 03 55 04 07 13 07 
...WA1.0...U
  0160:  53 65 61 74 74 6c 65 31  19 30 17 06 03 55 04 09 
Seattle1.0...U..
  0170:  13 10 34 35 34 35 20 31  35 74 68 20 41 76 65 20   ..4545 
15th Ave
  0180:  4e 45 31 21 30 1f 06 03  55 04 0a 13 18 55 6e 69 
NE1!0...UUni
  0190:  76 65 72 73 69 74 79 20  6f 66 20 57 61 73 68 69 versity of 
Washi
  01a0:  6e 67 74 6f 6e 31 0e 30  0c 06 03 55 04 0b 13 05 
ngton1.0...U
  01b0:  55 57 2d 49 54 31 15 30  13 06 03 55 04 03 13 0c 
UW-IT1.0...U
  01c0:  6c 64 69 2e 73 2e 75 77  2e 65 64 75 30 82 01 22 
ldi.s.uw.edu0.."
  01d0:  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03 
0...*.H.
  01e0:  82 01 0f 00 30 82 01 0a  02 82 01 01 00 c1 67 6e 
0.gn
  01f0:  bf 31 34 05 5c fd 8f 6a  03 0c 19 4d ef e3 4f 40 
.14.\..j...M..O@
  0200:  f3 4d f0 25 b0 aa fc 29  a2 c0 db 8d d5 3d 53 f8 
.M.%...).=S.
  0210:  e8 80 d4 18 c0 5b 5d a3  8b e4 63 57 49 c6 b5 3b 
.[]...cWI..;
  0220:  c7 94 9b 21 9f

Bug#861849: kopanocore: d/p/OpenSSL-Make-SSLv2-conditional.patch has obvious logic bug

2017-05-04 Thread Carsten Schoenert

Hello Nishanth,

On Thu, May 04, 2017 at 10:53:01AM -0700, Nishanth Aravamudan wrote:

> The d/p/OpenSSL-Make-SSLv2-conditional.patch appears to be logiclly
> buggy:
> 
> In the case that SSL_TXT_SSLV2 is true, the 'else if' blocks have no
> contents and result in syntax errors.
> 
> As Ubuntu has not yet migrated OpenSSL versions, and kopanocore is
> auto-synced, this results in a FTBFS on Ubuntu 17.10.
> 
> I believe both #ifdef SSL_TXT_SSLV2 should contain a last line of
> 
> ssl_proto = 0x02;

this patch is obsolete in recent upstream kopanocore versions. We
waiting currently for a recent version of gsoap to work on kopanocore
8.3.x

https://bugs.debian.org/859932

So this bug report will be pending until we can upload newer versions of
kopanocore.

Regards
Carsten

Bug#861851: munin-plugins-core: netstat plugin does not report active connections

2017-05-04 Thread Simone Rossetto

Package: munin-plugins-core
Version: 2.0.33-1
Severity: normal
Tags: patch

Dear Maintainer,

the netstat plugin does not report active connections because the awk
filter (line 106) searches for 'active connections ope' while the
output of 'netstat -s' (for the current net-tools version
1.60+git20161116.90da8a0-1 in testing) is 'active connection ope'
without the 's' in 'connection'.


Regards
Simone



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (12, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#861850: request: please add a keyboard shortcut to pause the game

2017-05-04 Thread Brian Minton

Package: gnome-nibbles
Version: 1:3.22.2.2-1
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Maintainer,

When playing this game, my hands are on the keyboard. However, when I
would like to pause the game, I have to take my hands off the keyboard,
to move the mouse pointer to the Pause button.  I'd like to be able to
use a keystroke to pause the game.

thanks,
Brian Minton

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-nibbles depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.26.0-2+b1
ii  libc62.24-10
ii  libcanberra-gtk3-0   0.30-3
ii  libclutter-1.0-0 1.26.0+dfsg-3
ii  libclutter-gtk-1.0-0 1.8.2-2
ii  libgdk-pixbuf2.0-0   2.36.5-2
ii  libgee-0.8-2 0.18.1-1
ii  libglib2.0-0 2.50.3-2
ii  libgnome-games-support-1-2   1.2.1-1
ii  libgtk-3-0   3.22.12-1
ii  libpango-1.0-0   1.40.5-1

Versions of packages gnome-nibbles recommends:
ii  yelp  3.22.0-1

gnome-nibbles suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQT5xLt2Dng/DewQpoprjrOgZc+6qQUCWQtuNwAKCRBrjrOgZc+6
qXlVAP9/LtWn33xe7Ug14rcchFEp3Id8JaQQr/HWBwJ/oZ8wOAD/TqGBnwo7XaDi
ub6hrbaD56jdZA0/U/Oh6zbZ+A9jwoKIdQQBFggAHRYhBO7QFYAT3C5tbgAepDe5
UHrP8gFuBQJZC25DAAoJEDe5UHrP8gFuy6UBAPfpAn4ogWxEldXhc+hsMxJrTRVt
MCujVLFqYTM3SdU2AQCzAhXXjygrSxBIXi3Ad8AK920JPt9n7/DEJgrXi8nFCQ==
=myzl
-END PGP SIGNATURE-

Bug#861849: kopanocore: d/p/OpenSSL-Make-SSLv2-conditional.patch has obvious logic bug

2017-05-04 Thread Nishanth Aravamudan

Package: kopanocore
Severity: normal

Dear Maintainer,

The d/p/OpenSSL-Make-SSLv2-conditional.patch appears to be logiclly
buggy:

In the case that SSL_TXT_SSLV2 is true, the 'else if' blocks have no
contents and result in syntax errors.

As Ubuntu has not yet migrated OpenSSL versions, and kopanocore is
auto-synced, this results in a FTBFS on Ubuntu 17.10.

I believe both #ifdef SSL_TXT_SSLV2 should contain a last line of

ssl_proto = 0x02;

-- 
Nishanth Aravamudan
Ubuntu Server
Canonical Ltd

Bug#861848: unblock: golang-github-cznic-fileutil/0.0~git20150708.0.1c9c88f-2

2017-05-04 Thread Dr. Tobias Quathamer


Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package golang-github-cznic-fileutil

The package has an FTBFS bug on 32 bit architectures, which is fixed 
with this upload.


unblock golang-github-cznic-fileutil/0.0~git20150708.0.1c9c88f-2

Regards,
Tobias
diff -Nru golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/changelog golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/changelog
--- golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/changelog	2016-02-08 01:34:48.0 +0100
+++ golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/changelog	2017-05-04 06:03:57.0 +0200
@@ -1,3 +1,18 @@
+golang-github-cznic-fileutil (0.0~git20150708.0.1c9c88f-2) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Tim Potter ]
+  * debian/control:
+- Add me to uploaders.
+
+  [ Roger Shimizu ]
+  * debian/patches:
+- Add a patch from upstream to fix FTBFS on 32-bit system.
+  (Closes: #860660).
+
+ -- Roger Shimizu   Thu, 04 May 2017 13:03:57 +0900
+
 golang-github-cznic-fileutil (0.0~git20150708.0.1c9c88f-1) unstable; urgency=medium
 
   * Initial release (Closes: #813950).
diff -Nru golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/control golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/control
--- golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/control	2016-02-07 01:31:44.0 +0100
+++ golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/control	2017-05-04 06:03:57.0 +0200
@@ -2,7 +2,7 @@
 Section: devel
 Priority: extra
 Maintainer: Debian Go Packaging Team 
-Uploaders: Dmitry Smirnov 
+Uploaders: Dmitry Smirnov , Tim Potter 
 Build-Depends: debhelper (>= 9),
dh-golang,
golang-go,
diff -Nru golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/patches/0001-TestPuch-Fix-32-bit-issues.-Closes-16.patch golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/patches/0001-TestPuch-Fix-32-bit-issues.-Closes-16.patch
--- golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/patches/0001-TestPuch-Fix-32-bit-issues.-Closes-16.patch	1970-01-01 01:00:00.0 +0100
+++ golang-github-cznic-fileutil-0.0~git20150708.0.1c9c88f/debian/patches/0001-TestPuch-Fix-32-bit-issues.-Closes-16.patch	2017-05-04 06:03:57.0 +0200
@@ -0,0 +1,162 @@
+From 90cf820aafe8f7df39416fdbb932029ff99bd1ab Mon Sep 17 00:00:00 2001
+From: Jan Mercl <0xj...@gmail.com>
+Date: Wed, 22 Mar 2017 22:50:52 +0100
+Subject: [PATCH] TestPuch: Fix 32-bit issues. Closes #16.
+
+---
+ fileutil_arm.go | 2 ++
+ fileutil_darwin.go  | 2 ++
+ fileutil_freebsd.go | 2 ++
+ fileutil_linux.go   | 2 ++
+ fileutil_netbsd.go  | 2 ++
+ fileutil_openbsd.go | 2 ++
+ fileutil_plan9.go   | 2 ++
+ fileutil_solaris.go | 2 ++
+ fileutil_windows.go | 2 ++
+ punch_test.go   | 6 ++
+ 10 files changed, 24 insertions(+)
+
+diff --git a/fileutil_arm.go b/fileutil_arm.go
+index 9410d1b..c7b54f0 100644
+--- a/fileutil_arm.go
 b/fileutil_arm.go
+@@ -9,6 +9,8 @@ import (
+ 	"os"
+ )
+ 
++const hasPunchHole = false
++
+ // PunchHole deallocates space inside a file in the byte range starting at
+ // offset and continuing for len bytes. Not supported on ARM.
+ func PunchHole(f *os.File, off, len int64) error {
+diff --git a/fileutil_darwin.go b/fileutil_darwin.go
+index c2b7628..5d939b2 100644
+--- a/fileutil_darwin.go
 b/fileutil_darwin.go
+@@ -11,6 +11,8 @@ import (
+ 	"os"
+ )
+ 
++const hasPunchHole = false
++
+ // PunchHole deallocates space inside a file in the byte range starting at
+ // offset and continuing for len bytes. Not supported on OSX.
+ func PunchHole(f *os.File, off, len int64) error {
+diff --git a/fileutil_freebsd.go b/fileutil_freebsd.go
+index cefec0c..5a76993 100644
+--- a/fileutil_freebsd.go
 b/fileutil_freebsd.go
+@@ -11,6 +11,8 @@ import (
+ 	"os"
+ )
+ 
++const hasPunchHole = false
++
+ // PunchHole deallocates space inside a file in the byte range starting at
+ // offset and continuing for len bytes. Unimplemented on FreeBSD.
+ func PunchHole(f *os.File, off, len int64) error {
+diff --git a/fileutil_linux.go b/fileutil_linux.go
+index 8babfc5..a894cb7 100644
+--- a/fileutil_linux.go
 b/fileutil_linux.go
+@@ -15,6 +15,8 @@ import (
+ 	"syscall"
+ )
+ 
++const hasPunchHole = true
++
+ func n(s []byte) byte {
+ 	for i, c := range s {
+ 		if c < '0' || c > '9' {
+diff --git a/fileutil_netbsd.go b/fileutil_netbsd.go
+index ca778d6..d641021 100644
+--- a/fileutil_netbsd.go
 b/fileutil_netbsd.go
+@@ -11,6 +11,8 @@ import (
+ 	"os"
+ )
+ 
++const hasPunchHole = false
++
+ // PunchHole deallocates space inside a file in the byte range starting at
+ // offset and continuing for len bytes. Similar to FreeBSD, this is
+ // unimplemented.
+diff --git

Bug#730621: Still an issue

2017-05-04 Thread Dominic Hargreaves

This is still happening with Debian testing, when trying to install
Mathematica. Creating /usr/share/desktop-directories by hand fixed the
problem.

Thanks,
Dominic.

Bug#861659: Xen package security updates for jessie 4.4, XSA-213, XSA-214

2017-05-04 Thread Ian Jackson

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, 
XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 06:19:07PM +0100, Ian Jackson wrote:
> > I need to check the armhf build, since there are conflicts there.  I
> > don't think I can conveniently test the armhf version.
> 
> You mean CVE-2016-9815-CVE-2016-9818? We can simply leave them
> unfixed/ignored I guess, it's not that there's any arm-based cloud
> hosting companies running jessie on arm :-)

No.  I mean XSA-213, which doesn't have a CVE because MITRE :-/.

Ian.

Bug#861443: ora2pg: please make the build reproducible

2017-05-04 Thread Niels Thykier

Control: tags -1 moreinfo

On Sat, 29 Apr 2017 09:08:22 +0100 Chris Lamb  wrote:
> Source: ora2pg
> Version: 18.0-1
> Severity: wishlist
> Tags: patch
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: randomness
> X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
> 
> Hi,
> 
> Whilst working on the Reproducible Builds effort [0], we noticed
> that ora2pg could not be built reproducibly.
> 
> This is because it encodes the build process's current PID in the
> default configuration file.
> 
> 
> Patch attached.
> 
>  [0] https://reproducible-builds.org/
> 
> 
> Regards,
> 
> -- 
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Hi Chris,

I suspect your patch is wrong because the original code is wrong as well.

$$ in postgres SQL is (often?) used to delimit the definition of
triggers and functions.  Therefore, I think you rather want the $$ to be
literal $$ in the config file rather than a ("random") number.

Thanks,
~Niels

Bug#861659: Xen package security updates for jessie 4.4, XSA-213, XSA-214

2017-05-04 Thread Moritz Muehlenhoff

On Thu, May 04, 2017 at 06:19:07PM +0100, Ian Jackson wrote:
> Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, 
> XSA-213, XSA-214"):
> > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> > > Should I put jessie-security in the debian/changelog and dgit push it
> > > (ie, from many people's pov, dput it) ?
> > 
> > Yes, the distribution line should be jessie-security, but please send
> > a debdiff to t...@security.debian.org for a quick review before
> > uploading (I have no idea whether dgit supports security-master).
> 
> I'll send you a debdiff, thanks.  I guess I'll find out whether dgit
> does work or not.
> 
> I need to check the armhf build, since there are conflicts there.  I
> don't think I can conveniently test the armhf version.

You mean CVE-2016-9815-CVE-2016-9818? We can simply leave them unfixed/ignored
I guess, it's not that there's any arm-based cloud hosting companies
running jessie on arm :-)

Cheers,
Moritz

Bug#861536: runit-init: Cannot reboot or shutdown after installing (or removing) the package.

2017-05-04 Thread John Paul Adrian Glaubitz

Hi Matthew!

>  I ran `apt install runit-init` and then attempted to reboot with
> `/sbin/reboot`, `/sbin/poweroff`, `init 0` & `init 6`, all to no
> effect; no error messages were returned and the exit status of all of
> the commands was zero.

This happens because the computer is still running systemd as the init
process and any runit commands will therefore not work until the computer
has been rebooted with runit as the init system.

I also don't think there is a trivial way to solve this problem. And,
after all, with systemd being the default and supported init system
on Debian as per GR decision, you are on your own anyways when you
decided to switch to one of the alternative init systems.

And since runit is not officially supported to be the init system in
Debian, I don't think this bug qualifies as release critical either.

I'd be tempted to lower the severity to 'normal'.

Thanks,
Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#861847: mouse and keyboard freeze - virtio/spice/windows

2017-05-04 Thread jean-philippe constantin


Package: qemu-system-x86
Version: 1:2.1+dfsg-12+deb8u6

Environment:
Host debian and windows guest
Virtio drivers
Spice
package 64 bits

Description:
scrolling (with a scroll wheel mouse) down and up during a long time 
(ten minutes more or less) a long file (7.5Gb, 315 pages, Adobe Acrobat 
Reader) or a long html page (with firefox) : mouse and keyboard freeze. 
The guest OS runs always.


Reproductible: yes but randomly

Host:
debian jessie
libvirt: 1.2.9.9
virt-manager: 1.0.1
qemu-kvm: 1:2.1
uname -a: Linux debian 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 
(2017-03-07) x86_64 GNU/Linux
virtio-win-0.1.126.iso dowloaded from the windows virtio drivers project 
(fedoraproject.org)


Note: same bug with the previous virtio-win packages.

Guest:
windows server 2012
Memory: 16Gb
Video qxl: 64Mb
Qemu Guest agent: qemu-ga-x64.msi 02-04-2017
Spice guest tools: 0.1-100
  RHEV Spice Agent:29.3.2015 (vdagent.exe,vdservice.exe)

/var/log/libvirt/qemu/vm.log:

2017-05-01 00:01:08.468+: starting up
LC_ALL=C 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
QEMU_AUDIO_DRV=spice /usr/bin/kvm -name ws2012 -S
-machine pc-1.1,accel=kvm,usb=off -cpu 
Nehalem,+invtsc,+rdtscp,+dca,+pdcm,+xtpr,+tm2,+est,+vmx,+ds_cpl,+monitor,+dtes64,+pbe,+tm,+ht,
+ss,+acpi,+ds,+vme -m 16384 -realtime mlock=off -smp 
4,sockets=4,cores=1,threads=1 -uuid 586323c5-080a-4746-860e-9c8b11278891
-no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/ws2012.monitor,server,nowait 

-mon chardev=charmonitor,id=monitor,mode=control -rtc 
base=localtime,driftfix=slew -global kvm-pit.lost_tick_policy=discard
 -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global 
PIIX4_PM.disable_s4=1 -boot strict=on
-device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device 
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5
 -device 
ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2
 -device ahci,id=ahci0,bus=pci.0,addr=0x9 -device 
virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -drive file=/dev/sr0,
if=none,id=drive-ide0-0-1,readonly=on,format=raw -device 
ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1
-drive 
file=/home/jpc/Téléchargements/virtio-win-0.1.135.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw 

-device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive 
file=/var/lib/libvirt/images/sbs2012-1.img,if=none,id=drive-virtio-disk0,
format=raw,cache=none -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 

-netdev tap,fd=24,id=hostnet0,vhost=on,vhostfd=25 -device 
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:65:72:73,bus=pci.0,addr=0x3 

-chardev pty,id=charserial0 -device 
isa-serial,chardev=charserial0,id=serial0 -chardev 
spicevmc,id=charchannel0,name=vdagent
-device 
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 

-chardev 
socket,id=charchannel1,path=/var/lib/libvirt/qemu/channel/target/ws2012.org.qemu.guest_agent.0,server,nowait 

-device 
virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0 

-device usb-tablet,id=input0 -spice 
port=5900,addr=127.0.0.1,disable-ticketing,seamless-migration=on
-device 
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 
-device intel-hda,id=sound0,bus=pci.0,addr=0x4
-device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev 
spicevmc,id=charredir0,name=usbredir -device 
usb-redir,chardev=charredir0,id=redir0
 -chardev spicevmc,id=charredir1,name=usbredir -device 
usb-redir,chardev=charredir1,id=redir1 -chardev 
spicevmc,id=charredir2,name=usbredir
-device usb-redir,chardev=charredir2,id=redir2 -chardev 
spicevmc,id=charredir3,name=usbredir -device 
usb-redir,chardev=charredir3,id=redir3
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -global 
qxl-vga.guestdebug=3 -msg timestamp=on


2017-05-04T14:13:34.078820Z qemu-system-x86_64: virtio-serial-bus: 
Unexpected port id 2426994688 for device virtio-serial0.0
2017-05-04T14:13:54.093482Z qemu-system-x86_64: virtio-serial-bus: 
Unexpected port id 209475280 for device virtio-serial0.0
2017-05-04T14:14:13.516683Z qemu-system-x86_64: virtio-serial-bus: Guest 
failure in adding device virtio-serial0.0

Bug#861659: Xen package security updates for jessie 4.4, XSA-213, XSA-214

2017-05-04 Thread Ian Jackson

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, 
XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> > Should I put jessie-security in the debian/changelog and dgit push it
> > (ie, from many people's pov, dput it) ?
> 
> Yes, the distribution line should be jessie-security, but please send
> a debdiff to t...@security.debian.org for a quick review before
> uploading (I have no idea whether dgit supports security-master).

I'll send you a debdiff, thanks.  I guess I'll find out whether dgit
does work or not.

I need to check the armhf build, since there are conflicts there.  I
don't think I can conveniently test the armhf version.

Ian.

Bug#861846: bash-completion: autoclean is misspelled

2017-05-04 Thread Matt Kraai

Package: apt
Version: 1.4.1
Severity: minor

Dear Maintainer,

In the section of the apt Bash completion file that completes
command-specific options, "autoclean" is misspelled as "autocleean".
This prevents autoclean's command-specific options from being
completed.

The attached patch fixes this.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  adduser 3.115
ii  debian-archive-keyring  2014.3
ii  gpgv2.1.18-6
ii  init-system-helpers 1.48
ii  libapt-pkg5.0   1.4.1
ii  libc6   2.24-10
ii  libgcc1 1:6.3.0-16
ii  libstdc++6  6.3.0-16

Versions of packages apt recommends:
ii  gnupg  2.1.18-6

Versions of packages apt suggests:
pn  apt-doc 
ii  dpkg-dev1.18.23
ii  powermgmt-base  1.31+nmu1
pn  python-apt  
ii  synaptic0.84.2

-- no debconf information
>From 1c88a0e622462f5a963d8e65c409415c9d769cb1 Mon Sep 17 00:00:00 2001
From: Matt Kraai 
Date: Thu, 4 May 2017 11:07:34 -0600
Subject: [PATCH] bash-completion: Fix spelling of autoclean

---
 completions/bash/apt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/completions/bash/apt b/completions/bash/apt
index f7dd61f3b..07bebc9a3 100644
--- a/completions/bash/apt
+++ b/completions/bash/apt
@@ -158,7 +158,7 @@ _apt()
 ' -- "$cur" ) )
 return 0
 ;;
-clean|autocleean)
+clean|autoclean)
 COMPREPLY=( $( compgen -W '
 -s --simulate --dry-run
 ' -- "$cur" ) )
-- 
2.11.0

Bug#861845: src:python-argh: pytest minimum version missing in build-depends

2017-05-04 Thread Scott Kitterman

Package: src:python-argh
Version: 0.26.2-1
Severity: normal

Dear Maintainer,

I was attempting a local backport of the testing version of python-argh to
jessie and it failed to build with the following error:

Traceback (most recent call last):
  File "setup.py", line 114, in 
'Topic :: Software Development :: Libraries :: Python Modules',
  File "/usr/lib/python2.7/distutils/core.py", line 151, in setup
dist.run_commands()
  File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
self.run_command(cmd)
  File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
  File "/usr/lib/python2.7/dist-packages/setuptools/command/test.py", line 142, 
in run
self.with_project_on_sys_path(self.run_tests)
  File "/usr/lib/python2.7/dist-packages/setuptools/command/test.py", line 122, 
in with_project_on_sys_path
func()
  File "setup.py", line 68, in run_tests
errno = pytest.main(self.test_args)
  File "/usr/lib/python2.7/dist-packages/_pytest/config.py", line 32, in main
config = _prepareconfig(args, plugins)
  File "/usr/lib/python2.7/dist-packages/_pytest/config.py", line 85, in 
_prepareconfig
pluginmanager=pluginmanager, args=args)
  File "/usr/lib/python2.7/dist-packages/_pytest/core.py", line 413, in __call__
return self._docall(methods, kwargs)
  File "/usr/lib/python2.7/dist-packages/_pytest/core.py", line 424, in _docall
res = mc.execute()
  File "/usr/lib/python2.7/dist-packages/_pytest/core.py", line 315, in execute
res = method(**kwargs)
  File "/usr/lib/python2.7/dist-packages/_pytest/helpconfig.py", line 27, in 
pytest_cmdline_parse
config = __multicall__.execute()
  File "/usr/lib/python2.7/dist-packages/_pytest/core.py", line 315, in execute
res = method(**kwargs)
  File "/usr/lib/python2.7/dist-packages/_pytest/config.py", line 636, in 
pytest_cmdline_parse
self.parse(args)
  File "/usr/lib/python2.7/dist-packages/_pytest/config.py", line 747, in parse
self._preparse(args)
  File "/usr/lib/python2.7/dist-packages/_pytest/config.py", line 714, in 
_preparse
self.pluginmanager.consider_setuptools_entrypoints()
  File "/usr/lib/python2.7/dist-packages/_pytest/core.py", line 179, in 
consider_setuptools_entrypoints
plugin = ep.load()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2190, in load
['__name__'])
  File "/usr/lib/python2.7/dist-packages/pytest_timeout.py", line 36, in 

@pytest.hookimpl
AttributeError: 'module' object has no attribute 'hookimpl'
E: pybuild pybuild:256: test: plugin distutils failed with: exit code=1: 
python2.7 setup.py test
dh_auto_test: pybuild --test -i python{version} -p 2.7 --dir . returned exit 
code 13
debian/rules:13: recipe for target 'build' failed
make: *** [build] Error 13
dpkg-buildpackage: error: debian/rules build gave error exit status 2

I did some investigation and hookimpl is available in pytest versions newer
than 2.8.0.  See [1] for another module that had the same issue.

Fortunately for me there is already a pytest 3.0.3 backport available.  Once I
installed that manually, the package builds fine on jessie.  Please document
the miniumum version requirement for python-pytest and python3-pytest in the
package build-depends.

Scott K

[1] 
https://bitbucket.org/nikratio/python-llfuse/issues/94/document-minimum-required-pytest-version

Bug#861812: ITP: node-evp-bytestokey -- secure key derivation algorithm from openssl

2017-05-04 Thread Martin Bagge / brother

Bastien ROUCARIES :

> * Package name: node-evp-bytestokey
>
>  EVP_BytesToKey() derives a key and IV from various parameters. type
> is the cipher to derive the key and IV for. md is the message digest
> to use. The salt parameter is used as a salt in the derivation: it
> should point to an 8 byte buffer or NULL if no salt is used. data is a
> buffer containing datal bytes which is used to derive the keying data.
> count is the iteration count to use. The derived key and IV will be
> written to key and iv respectively.
>  .
>  Node.js is an event-based server-side JavaScript engine.
>
> That description is more of a manual than a helpful package description.

Bug#861659: Xen package security updates for jessie 4.4, XSA-213, XSA-214

2017-05-04 Thread Moritz Muehlenhoff

On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, 
> XSA-213, XSA-214"):
> > On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> > > I have fixed these in stretch but the jessie package remains unfixed.
> > > I think I may be able to find some backports somewhere.  Would that be
> > > useful ?  Is anyone else working on this ?
> > 
> > Yes, please!
> 
> Working on it now.  What shall I do with my resulting package ?
> 
> Should I put jessie-security in the debian/changelog and dgit push it
> (ie, from many people's pov, dput it) ?

Yes, the distribution line should be jessie-security, but please send
a debdiff to t...@security.debian.org for a quick review before
uploading (I have no idea whether dgit supports security-master).

Cheers,
Moritz

Bug#861844: unblock: xrdp/0.9.1-9

2017-05-04 Thread Dominik George

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please unblock package xrdp

This package updates the security fix in 0.9.1-8, which turned out to be 
incomplete.

diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
- --- xrdp-0.9.1/debian/changelog   2017-04-24 20:14:36.0 +0200
+++ xrdp-0.9.1/debian/changelog 2017-05-04 18:59:10.0 +0200
@@ -1,3 +1,9 @@
+xrdp (0.9.1-9) unstable; urgency=high
+
+  * Revisit incomplete fix for CVE-2017-6967. (Closes: #858143)
+
+ -- Dominik George   Thu, 04 May 2017 18:59:10 +0200
+
 xrdp (0.9.1-8) unstable; urgency=medium
 
   * Fix CVE-2017-6967. (Closes: #858143, #855536)
diff -Nru xrdp-0.9.1/debian/patches/cve-2017-6967.diff 
xrdp-0.9.1/debian/patches/cve-2017-6967.diff
- --- xrdp-0.9.1/debian/patches/cve-2017-6967.diff  2017-04-24 
20:14:36.0 +0200
+++ xrdp-0.9.1/debian/patches/cve-2017-6967.diff2017-05-04 
18:59:04.0 +0200
@@ -3,6 +3,8 @@
 Subject: [PATCH] sesman: move auth/pam calls to main process
 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858143
 Origin: 
https://github.com/neutrinolabs/xrdp/commit/4b8a33e087ee9cf5556b40b717cd7e8ff243b3c3
+Reviewed-By: Dominik George 
+Reviewed-By: Thorsten Glaser 
 
 --- a/sesman/scp_v0.c
 +++ b/sesman/scp_v0.c
@@ -89,3 +91,46 @@
  g_free(slist);
  }
  
+--- a/sesman/session.c
 b/sesman/session.c
+@@ -335,7 +335,6 @@ session_start_sessvc(int xpid, int wmpid
+ g_sigterm(xpid);
+ g_sigterm(wmpid);
+ g_sleep(1000);
+-auth_end(data);
+ g_exit(0);
+ }
+ 
+@@ -490,6 +489,7 @@ session_start_fork(tbus data, tui8 type,
+ return 0;
+ }
+ 
++auth_start_session(data, display);
+ pid = g_fork(); /* parent is fork from tcp accept,
+child forks X and wm, then becomes scp */
+ 
+@@ -548,7 +548,6 @@ session_start_fork(tbus data, tui8 type,
+ else if (wmpid == 0)
+ {
+ wait_for_xserver(display);
+-auth_start_session(data, display);
+ pampid = g_fork(); /* parent waits, todo
+   child becomes wm */
+ if (pampid == -1)
+@@ -639,7 +638,6 @@ session_start_fork(tbus data, tui8 type,
+ else
+ {
+ g_waitpid(pampid);
+-auth_stop_session(data);
+ g_deinit();
+ g_exit(0);
+ }
+@@ -967,6 +965,8 @@ session_kill(int pid)
+ 
+ if (tmp->item->pid == pid)
+ {
++auth_stop_session(tmp->item->data);
++auth_end(tmp->item->data);
+ /* deleting the session */
+ log_message(LOG_LEVEL_INFO, "++ terminated session:  username %s, 
display :%d.0, session_pid %d, ip %s", tmp->item->name, tmp->item->display, 
tmp->item->pid, tmp->item->client_ip);
+ g_free(tmp->item);


unblock xrdp/0.9.1-9

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlkLYAMxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYRAw//bw6MocflTzsylMfGLlakD7gaZCzF
6DGjfgTRVuycCBT8kkGcIutG1ZEnQLW62JXKDfpzPomvyyNbE49TqxosNrMR1/kd
Gb13bVA989K3VSZEVmxV9MgQIz9NbnetdkBvgbmNwDlqcwnyhSLX5VwE+NhOcDF2
rU+uhhvjIbHpqer7bJAo7iyKAC4kEffNs1gQkEvvc8/BYGqOD6l+3glE3rbjGE1k
li5/uo0jBpo1Dexn6n0Q0Q7L/yUmXiuy8+1/2hVBWgMVB+r2Rp2XK4+lsZMp4WV+
9NoTGMtSEDduZxXOQcVPaljO6cNfMEoQVwUcv/KStTx24lCCWdtus1Yk7X0ie1D3
WeVX2yFZdBU/AT2qWzI2iODRaddLOtTMXtVGlXUqnp0+uTtv1EUOrJMAJoaXpKQY
WZ6mR+LBZXPFBd6gkPq0p8lxvK0PVwl/fbZPXSH2vr8LJfJdDwXajMRrIWgWmfXv
3PYdjkGCqtNZeKcC0uzu9bXHyFFfFqm2BGGzhziC1ReutZ4BnmdxJa6LtYor8WRf
rsMsyL0T+uF/lJofmkuQs30OZExxc0qVnFiLxP57AZnJrO7GfUfUL4zkx9nP/dJr
Xtf8VST/dwhDYUj4Q7PjVGmbIAdgWzR5ZkR6yNejiidpI8mWzVv0vaJGK3m3Ky6f
vHyxYjeok7czajA=
=4M+b
-END PGP SIGNATURE-

Bug#861659: Xen package security updates for jessie 4.4, XSA-213, XSA-214

2017-05-04 Thread Ian Jackson

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, 
XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> > I have fixed these in stretch but the jessie package remains unfixed.
> > I think I may be able to find some backports somewhere.  Would that be
> > useful ?  Is anyone else working on this ?
> 
> Yes, please!

Working on it now.  What shall I do with my resulting package ?

Should I put jessie-security in the debian/changelog and dgit push it
(ie, from many people's pov, dput it) ?

Ian.

Bug#861659: Xen package security updates for jessie 4.4, XSA-213, XSA-214

2017-05-04 Thread Moritz Muehlenhoff

On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> Ian Jackson writes ("64bit PV guest breakout [XSA-213]"):
> > Source: xen
> > Version: 4.4.1-9
> > Severity: important
> > Tags: security upstream fixed-upstream
> > 
> > See
> >   https://xenbits.xen.org/xsa/advisory-213.html
> 
> Ian Jackson writes ("grant transfer allows PV guest to elevate privileges 
> [XSA-214]"):
> > Source: xen
> > Version: 4.4.1-9
> > Severity: important
> > Tags: security upstream fixed-upstream
> > 
> > See
> >   https://xenbits.xen.org/xsa/advisory-214.html
> 
> I have fixed these in stretch but the jessie package remains unfixed.
> I think I may be able to find some backports somewhere.  Would that be
> useful ?  Is anyone else working on this ?

Yes, please!

Cheers,
Moritz

Bug#861843: unblock: (pre-approval) hplip/3.16.11+repack0-3

2017-05-04 Thread Didier 'OdyX' Raboud

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

I plan to upload hplip with a simple fix for #861731 (UnicodeDecodeError on
some filenames) that has apparently been committed upstream.

This is the changelog entry:
>   [ Gaurav Sood ]
>   * Fix handling of unicode filenames in sixext.py
> (Closes: #861731, LP: #1480152)

Please see the attached debdiff
diff -Nru hplip-3.16.11+repack0/debian/changelog 
hplip-3.16.11+repack0/debian/changelog
--- hplip-3.16.11+repack0/debian/changelog  2017-01-30 21:36:12.0 
+0100
+++ hplip-3.16.11+repack0/debian/changelog  2017-05-04 18:35:44.0 
+0200
@@ -1,3 +1,11 @@
+hplip (3.16.11+repack0-3) unstable; urgency=low
+
+  [ Gaurav Sood ]
+  * Fix handling of unicode filenames in sixext.py
+(Closes: #861731, LP: #1480152)
+
+ -- Didier Raboud   Thu, 04 May 2017 18:35:44 +0200
+
 hplip (3.16.11+repack0-2) unstable; urgency=medium
 
   [ Brian Potkin ]
diff -Nru hplip-3.16.11+repack0/debian/gbp.conf 
hplip-3.16.11+repack0/debian/gbp.conf
--- hplip-3.16.11+repack0/debian/gbp.conf   2017-01-30 19:42:12.0 
+0100
+++ hplip-3.16.11+repack0/debian/gbp.conf   2017-05-04 18:34:48.0 
+0200
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch = debian/master
+debian-branch = debian/stretch
 upstream-branch = upstream/latest
 pristine-tar = True
 
diff -Nru hplip-3.16.11+repack0/debian/.git-dpm 
hplip-3.16.11+repack0/debian/.git-dpm
--- hplip-3.16.11+repack0/debian/.git-dpm   2017-01-30 19:42:12.0 
+0100
+++ hplip-3.16.11+repack0/debian/.git-dpm   2017-05-04 18:34:48.0 
+0200
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-23ef661a83d0a96ba61be2eef3ac502a2c000724
-23ef661a83d0a96ba61be2eef3ac502a2c000724
+602e2d8fb42cf4b62bf245702f314fecf6a2227c
+602e2d8fb42cf4b62bf245702f314fecf6a2227c
 eafc834119e19d43010499f9205cd5f4485973f4
 eafc834119e19d43010499f9205cd5f4485973f4
 hplip_3.16.11+repack0.orig.tar.xz
diff -Nru 
hplip-3.16.11+repack0/debian/patches/0024-Fix-handling-of-unicode-filenames-in-sixext.py.patch
 
hplip-3.16.11+repack0/debian/patches/0024-Fix-handling-of-unicode-filenames-in-sixext.py.patch
--- 
hplip-3.16.11+repack0/debian/patches/0024-Fix-handling-of-unicode-filenames-in-sixext.py.patch
  1970-01-01 01:00:00.0 +0100
+++ 
hplip-3.16.11+repack0/debian/patches/0024-Fix-handling-of-unicode-filenames-in-sixext.py.patch
  2017-05-04 18:34:48.0 +0200
@@ -0,0 +1,29 @@
+From 602e2d8fb42cf4b62bf245702f314fecf6a2227c Mon Sep 17 00:00:00 2001
+From: Gaurav Sood 
+Date: Thu, 4 May 2017 18:32:08 +0200
+Subject: Fix handling of unicode filenames in sixext.py
+
+LP: #1480152
+Closes: #861731
+---
+ base/sixext.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/base/sixext.py b/base/sixext.py
+index 0bf4fc4f4..311bf72c6 100644
+--- a/base/sixext.py
 b/base/sixext.py
+@@ -110,11 +110,11 @@ if PY3:
+ 
+ 
+ def to_string_utf8(s):
+-return s.decode("utf-8")
++return s.decode("utf-8", 'ignore')
+ 
+ 
+ def to_string_latin(s):
+-return s.decode("latin-1")
++return s.decode("latin-1", 'ignore')
+ 
+ 
+ def to_unicode(s, enc=None):
diff -Nru hplip-3.16.11+repack0/debian/patches/series 
hplip-3.16.11+repack0/debian/patches/series
--- hplip-3.16.11+repack0/debian/patches/series 2017-01-30 19:42:12.0 
+0100
+++ hplip-3.16.11+repack0/debian/patches/series 2017-05-04 18:34:48.0 
+0200
@@ -21,3 +21,4 @@
 0021-Fix-erroneous-tabs-in-hpps-python-code.patch
 0022-Add-include-cups-ppd.h-in-various-places-as-CUPS-2.2.patch
 0023-Fix-list-wrapping-in-scan.py-to-fix-generated-manpag.patch
+0024-Fix-handling-of-unicode-filenames-in-sixext.py.patch

Bug#861842: snort 2.9.7 is EOL upstream

2017-05-04 Thread Lee Garrett

Source: snort
Version: 2.9.7.0-5
Severity: grave
Justification: renders package unusable

Dear maintainer,

The version of snort in Debian testing/sid has reached EOL in March [0], making 
it difficult to provide security updates or rule updates over the lifecycle of
stretch. Since no newer version is packaged yet and stretch is deep into the
freeze, I suggest removing the package from stretch.

[0]
http://blog.snort.org/2017/03/snort-2976-is-end-of-life.html
https://snort.org/eol

Regards,
Lee

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (101, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#861840: thunderbird: gmail authentication broken

2017-05-04 Thread Carsten Schoenert

Hello Christopher,

On Thu, May 04, 2017 at 08:15:59AM -0800, Christopher Howard wrote:
> Subject: thunderbird: gmail authentication broken
> Package: thunderbird
> Severity: important
> 
> Dear Maintainer,
> 
> When attempting to authenticate a google email account, i get stuck at
> the google sign-in page. It requests the email account but the Next
> button and More options buttons do not work. This is a known probably
> caused by a google oauth change of some sort which has been fixed in
> upstream thunderbird:
> 
> https://askubuntu.com/questions/910327/thunderbird-stuck-at-google-sign-in
> https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

I haven't such problems with TB in stretch or jessie. Both versions are
currently 45.8.0-3, we doesn't have TB 52.x ready for upload.

Can you please start thunderbird from the cli by using some extra
environment variables and check what's maybe blocking or not working?

https://wiki.debian.org/Icedove#Debugging_Icedove_Activity

Please substitute 'icedove' with 'thunderbird' if haven't installed the
icedove package.

Before posting here please ensure you don't have any sensible data in
there.

Regards
Carsten

Bug#861637: sassphp: src:sassphp explicitly creates a php7.0 binary package

2017-05-04 Thread Nish Aravamudan

Hi Ondřej,

It appears that this patch assumes a normal PECL extension and I'm not
sure sass is one?

The build eventually fails with:
cp -a undefined build-7.1
cp: cannot stat 'undefined': No such file or directory
/usr/share/dh-php/pkg-pecl.mk:60: recipe for target 'configure-7.1-stamp' failed
make[1]: *** [configure-7.1-stamp] Error 1

from dh-php.mk:

configure-%-stamp:
cp -a $(PECL_SOURCE_$(*)) $(SOURCE_DIR)

$(foreach ver,$(DH_PHP_VERSIONS),$(eval PECL_SOURCE_$(ver) := $(if
$(PACKAGE_XML_$(ver)),$(shell xml2 < $(PACKAGE_XML_$(ver)) | sed -ne
"s,^/package/name=,,p")-$(shell xml2 < $(PACKAGE_XML_$(ver)) | sed -ne
"s,^/package/version/release=,,p"),undefined)))

Since there is no package.xml, this results in undefined? In a quick
look through pkg-pecl.mk, I'm not seeing an obvious override for this
case?

Also, should the above resulting in undefined be a fatal error since
the build is going to eventually fail (and maybe with a better
message: "unable to determine PECL source version from package.xml"?)

Bug#861841: kmail depends on gnupg2, a deprecated package

2017-05-04 Thread Francois Gouget

Package: kmail
Version: 4:16.04.3-3
Severity: normal

Dear Maintainer,

kmail depends on gnupg2 which is a dummy transitional package.
It should should depend on gnupg and possibly allow gnupg2 as
an alternative.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kmail depends on:
ii  akonadi-server   4:16.04.3-4
ii  kdepim-runtime   4:16.04.2-2+b2
ii  kdepimlibs-data  4:16.04.2-2
ii  kf5-kdepimlibs-kio-plugins   4:16.04.2-2
ii  kio  5.28.0-2
ii  libc62.24-10
ii  libgcc1  1:6.3.0-14
ii  libkf5akonadiagentbase5  4:16.04.3-4
ii  libkf5akonadicalendar5   16.04.2-2
ii  libkf5akonadicontact54:16.04.2-2
ii  libkf5akonadicore5   4:16.04.3-4
ii  libkf5akonadimime5   4:16.04.2-2
ii  libkf5akonadisearch-plugins  16.04.3-1+b2
ii  libkf5akonadisearchdebug516.04.3-1+b2
ii  libkf5akonadiwidgets54:16.04.3-4
ii  libkf5alarmcalendar5 16.04.2-2
ii  libkf5archive5   5.28.0-2
ii  libkf5bookmarks5 5.28.0-1
ii  libkf5calendarcore5  4:16.04.2-1
ii  libkf5calendarsupport5   4:16.04.2-2
ii  libkf5calendarutils5 16.04.3-1
ii  libkf5codecs55.28.0-1+b2
ii  libkf5completion55.28.0-1
ii  libkf5configcore55.28.0-2
ii  libkf5configgui5 5.28.0-2
ii  libkf5configwidgets5 5.28.0-2
ii  libkf5contacts5  16.04.2-1
ii  libkf5coreaddons55.28.0-2
ii  libkf5crash5 5.28.0-1
ii  libkf5dbusaddons55.28.0-1
ii  libkf5followupreminder5  4:16.04.2-2
ii  libkf5gpgmepp-pthread5   16.04.3-2+b2
ii  libkf5gravatar5  4:16.04.2-2
ii  libkf5guiaddons5 5.28.0-1
ii  libkf5i18n5  5.28.0-2
ii  libkf5iconthemes55.28.0-2
ii  libkf5identitymanagement516.04.2-1
ii  libkf5incidenceeditor-bin16.04.2-2+b2
ii  libkf5incidenceeditor5   16.04.2-2+b2
ii  libkf5itemmodels55.28.0-2
ii  libkf5itemviews5 5.28.0-1
ii  libkf5jobwidgets55.28.0-2
ii  libkf5kcmutils5  5.28.0-2
ii  libkf5kdelibs4support5   5.28.0-1
ii  libkf5kiocore5   5.28.0-2
ii  libkf5kiofilewidgets55.28.0-2
ii  libkf5kiowidgets55.28.0-2
ii  libkf5kmanagesieve5  4:16.04.3-2+b2
ii  libkf5kontactinterface5  16.04.2-1
ii  libkf5ksieveui5  4:16.04.3-2+b2
ii  libkf5libkdepim-plugins  4:16.04.2-3
ii  libkf5libkdepim5 4:16.04.2-3
ii  libkf5libkleo5   4:16.04.2-1
ii  libkf5mailcommon-plugins 4:16.04.2-2
ii  libkf5mailcommon54:16.04.2-2
ii  libkf5mailimporter5  4:16.04.2-2
ii  libkf5mailtransport5 16.04.2-3
ii  libkf5messagecomposer5   4:16.04.3-2
ii  libkf5messagecore5   4:16.04.3-2
ii  libkf5messagelist5   4:16.04.3-2
ii  libkf5messageviewer5 4:16.04.3-2
ii  libkf5mime5  16.04.2-1
ii  libkf5notifications5 5.28.0-1
ii  libkf5notifyconfig5  5.28.0-1
ii  libkf5parts5 5.28.0-1
ii  libkf5pimcommon-plugins  4:16.04.2-2
ii  libkf5pimcommon5 4:16.04.2-2
ii  libkf5pimtextedit5   16.04.2-1
ii  libkf5sendlater5 4:16.04.2-2
ii  libkf5service-bin5.28.0-1
ii  libkf5service5   5.28.0-1
ii  libkf5sonnetui5  5.28.0-2
ii  libkf5templateparser54:16.04.3-2
ii  libkf5textwidgets5   5.28.0-1
ii  libkf5wallet-bin 5.28.0-3
ii  libkf5wallet55.28.0-3
ii  libkf5widgetsaddons5 5.28.0-2
ii  libkf5windowsystem5  5.28.0-2
ii  libkf5xmlgui55.28.0-1
ii  libqt5core5a 5.7.1+dfsg-3+b1
ii  libqt5dbus5  5.7.1+dfsg-3+b1
ii  libqt5gui5   5.7.1+dfsg-3+b1
ii  libqt5network5   5.7.1+dfsg-3+b1
ii  libqt5widgets5   5.7.1+dfsg-3+b1
ii  libqt5xml5   5.7.1+dfsg-3+b1
ii  libstdc++6   6.3.0-14

Versions of packages kmail recommends:
ii  accountwizard   4:16.04.3-3
ii  gnupg-agent 2.1.18-6
ii  gnupg2  2.1.18-6
ii  kdepim-addons   16.04.3-1
ii  kdepim-doc  4:16.04.3-3
ii  kdepim-themeeditors 4:16.04.3-3
ii  ktnef   4:16.04.3-3
ii  pinentry-gnome3 [pinentry-x11]  1.0.0-2
ii  pinentry-gtk2 [pinentry-x11]1.0.0-2

Versions of packages kmail suggests:
ii  clamav0.99.2+dfsg-6+b1
ii  kaddressbook  4:16.04.3-3
pn  kleopatra 
ii  procmail

Bug#861840: thunderbird: gmail authentication broken

2017-05-04 Thread Christopher Howard

Subject: thunderbird: gmail authentication broken
Package: thunderbird
Severity: important

Dear Maintainer,

When attempting to authenticate a google email account, i get stuck at the
google sign-in page. It requests the email account but the Next button and
More
options buttons do not work. This is a known probably caused by a google
oauth
change of some sort which has been fixed in upstream thunderbird:

https://askubuntu.com/questions/910327/thunderbird-stuck-at-google-sign-in
https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-
native-apps.html



-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages thunderbird depends on:
ii  debianutils   4.4+b1
ii  fontconfig2.11.0-6.3+deb8u1
ii  libasound21.0.28-1
ii  libatk1.0-0   2.14.0-1
ii  libc6 2.19-18+deb8u7
ii  libcairo2 1.14.0-2.1+deb8u2
ii  libdbus-1-3   1.8.22-0+deb8u1
ii  libdbus-glib-1-2  0.102-1
ii  libevent-2.0-52.0.21-stable-2+deb8u1
ii  libffi6   3.1-2+b2
ii  libfontconfig12.11.0-6.3+deb8u1
ii  libfreetype6  2.5.2-3+deb8u2
ii  libgcc1   1:4.9.2-10
ii  libgdk-pixbuf2.0-02.31.1-2+deb8u5
ii  libglib2.0-0  2.42.1-1+b1
ii  libgtk2.0-0   2.24.25-3+deb8u1
ii  libhunspell-1.3-0 1.3.3-3
ii  libpango-1.0-01.36.8-3
ii  libpangocairo-1.0-0   1.36.8-3
ii  libpangoft2-1.0-0 1.36.8-3
ii  libpixman-1-0 0.32.6-3
ii  libstartup-notification0  0.12-4
ii  libstdc++64.9.2-10
ii  libx11-6  2:1.6.2-3
ii  libxcomposite11:0.4.4-1
ii  libxdamage1   1:1.1.4-2+b1
ii  libxext6  2:1.3.3-1
ii  libxfixes31:5.0.1-2+b2
ii  libxrender1   1:0.9.8-1+b1
ii  libxt61:1.1.4-1+b1
ii  psmisc22.21-2
ii  x11-utils 7.7+2
ii  zlib1g1:1.2.8.dfsg-2+b1

Versions of packages thunderbird recommends:
ii  hunspell-en-us [hunspell-dictionary]  20070829-6+deb8u1
ii  lightning 1:45.8.0-3~deb8u1

Versions of packages thunderbird suggests:
pn  apparmor  
pn  fonts-lyx 
ii  libgssapi-krb5-2  1.12.1+dfsg-19+deb8u2

-- no debconf information

Bug#861838: ldap-utils: ldapsearch and ldapwhoami cannot connect to ldaps server

2017-05-04 Thread root

Package: ldap-utils
Version: 2.4.40+dfsg-1+deb8u2
Severity: normal

Dear Maintainer,

On a fresh install of Debian 8,  I cannot get ldapsearch or ldapwhoami to 
connect to an LDAPS
server.  There appears to be some TLS happening, and a connections is made, 
but then it fails without any useful error messages on debug level 1.


contents of /etc/ldap/ldap.conf:

TLS_CACERT  /etc/ssl/certs/ca-certificates.crt

# MattW 04/19/2017 - Added the following
TLS_REQCERT  allow
SSL start_tls



root@ldi-deb8-test:~/UW-LDI# !ldapsearch
ldapsearch -d1  -Z  -H ldap://ldi.s.uw.edu -W  -D 
cn=unitAdmin,ou=auth,ou=csde,dc=ldi,dc=uw,dc=edu -LLL -s base -b 
cn=unitAdmin,ou=auth,ou=csde,dc=ldi,dc=uw,dc=edu
ldap_url_parse_ext(ldap://ldi.s.uw.edu)
ldap_create
ldap_url_parse_ext(ldap://ldi.s.uw.edu:389/??base)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldi.s.uw.edu:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 69.91.245.42:389
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect: 
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 4
ldap_result ld 0x7f9918572860 msgid 1
wait4msg ld 0x7f9918572860 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f9918572860 msgid 1 all 1
** ld 0x7f9918572860 Connections:
* host: ldi.s.uw.edu  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Thu May  4 08:08:31 2017


** ld 0x7f9918572860 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f9918572860 request count 1 (abandoned 0)
** ld 0x7f9918572860 Response Queue:
   Empty
  ld 0x7f9918572860 response count 0
ldap_chkResponseList ld 0x7f9918572860 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f9918572860 NULL
ldap_int_select
read1msg: ld 0x7f9918572860 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x7f9918572860 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x7f9918572860 0 new referrals
read1msg:  mark request completed, ld 0x7f9918572860 msgid 1
request done: ld 0x7f9918572860 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
Enter LDAP Password: 
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 74 bytes to sd 4
ldap_result ld 0x7f9918572860 msgid 2
wait4msg ld 0x7f9918572860 msgid 2 (infinite timeout)
wait4msg continue ld 0x7f9918572860 msgid 2 all 1
** ld 0x7f9918572860 Connections:
* host: ldi.s.uw.edu  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Thu May  4 08:08:38 2017


** ld 0x7f9918572860 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f9918572860 request count 1 (abandoned 0)
** ld 0x7f9918572860 Response Queue:
   Empty
  ld 0x7f9918572860 response count 0
ldap_chkResponseList ld 0x7f9918572860 msgid 2 all 1
ldap_chkResponseList returns ld 0x7f9918572860 NULL
ldap_int_select
read1msg: ld 0x7f9918572860 msgid 2 all 1
ber_get_next
ldap_err2string
ldap_result: Can't contact LDAP server (-1)
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 1 1
ldap_free_connection: actually freed
root@ldi-deb8-test:~/UW-LDI# 



root@ldi-deb8-test:~/UW-LDI# ldapwhoami -d1 -H 'ldaps://ldi.s.uw.edu' -w 
'passwerd' -D cn=unitAdmin,ou=auth,ou=csde,ou=ldi,ou=uw,ou=edu  
ldap_url_parse_ext(ldaps://ldi.s.uw.edu)
ldap_create
ldap_url_parse_ext(ldaps://ldi.s.uw.edu:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldi.s.uw.edu:636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 128.208.178.146:636
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect: 
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 74 bytes to sd 4
ldap_result ld 0x7f80d936b820 msgid 1
wait4msg ld 0x7f80d936b820 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f80d936b820 msgid 1 all 1
** ld 0x7f80d936b820 Connections:
* host: ldi.s.uw.edu  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Thu May  4 08:35:31 2017


** ld 0x7f80d936b820 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f80d936b820 request count 1 (abandoned 0)
** ld 0x7f80d936b820 Response Queue:
   Empty
  ld 0x7f80d936b820 response count 0
ldap_chkResponseList ld 0x7f80d936b820 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f80d936b820 NULL
ldap_int_select
read1msg: ld 0x7f80d936b820 msgid 1 all 1

Bug#861839: firefox: Where is firefox 53 ?

2017-05-04 Thread Jacques-Pascal Deplaix

Package: firefox
Severity: important

Dear Maintainers,

Since april 20th, the firefox package is stuck at version 52 (precisely 
53.0.is.52.0.2-1) in Sid.
Usually each versions are well packaged 1 or 2 days after the official release 
but for this one, it is still on 52.
Seeing the changelog, I can see "The "oops, I uploaded 53 to unstable instead 
of experimental" release.".
Why ? It is not released on experimental yet and stable releases are usually 
packaged for Sid not experimental.

Where is firefox 53 ?

Cheers,

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#861659: Xen package security updates for jessie 4.4, XSA-213, XSA-214

2017-05-04 Thread Ian Jackson

Ian Jackson writes ("64bit PV guest breakout [XSA-213]"):
> Source: xen
> Version: 4.4.1-9
> Severity: important
> Tags: security upstream fixed-upstream
> 
> See
>   https://xenbits.xen.org/xsa/advisory-213.html

Ian Jackson writes ("grant transfer allows PV guest to elevate privileges 
[XSA-214]"):
> Source: xen
> Version: 4.4.1-9
> Severity: important
> Tags: security upstream fixed-upstream
> 
> See
>   https://xenbits.xen.org/xsa/advisory-214.html

I have fixed these in stretch but the jessie package remains unfixed.
I think I may be able to find some backports somewhere.  Would that be
useful ?  Is anyone else working on this ?

Ian.

Bug#861837: libxen, libxen-dev: install libxenvchan library

2017-05-04 Thread Santiago R.R.

Source: xen
Version: 4.4.1-9+deb8u3
Severity: wishlist

Hi,

Qubes-OS related software requires libxenvchan from xen [0]. AFAIU, it is built
by default (as found in buildd.d.o), but the Debian package doesn't install it.
Could you please include it?

[0] https://github.com/QubesOS/qubes-issues/issues/2739

Thanks!

Santiago

Bug#861789: Please provide database.target as a synchronization point for applications providing databases and needing databases

2017-05-04 Thread Christian Hofstaedtler

How will a database.target solve anything in those not so uncommon
setups:

- database is remote

or

- one database needs another to start?

Please consider: if you end up with a solution that only works
for 90% of installations - fails on 10% - is that actually
solving your problem?

C.

Bug#843021: wiki page

2017-05-04 Thread Paolo Greppi

As this is a complex package, I have created a dedicated page in the wiki:
https://wiki.debian.org/Javascript/Nodejs/Tasks/yarn

Bug#858539: ca-certificates: Contains untrusted StartCom and WoSign certificates

2017-05-04 Thread Chris Lamb

severity 858539 serious
thanks


We should not release stretch with these certificates; not only would
it be embarrassing to do so given that they have ceased to work in
modern browsers for some time, we are also simply putting our users
at risk.

Whilst there will be more CA screwups in the future, we should release
with our reasonable best effort, which surely means "just" removing
these.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#860444: seems to be fine now

2017-05-04 Thread Jeffrey Cliff

odd
it's marked as
reproducible

at 2017-04-23 16:26 UTC
this issue can be probably closed, though I'll be keeping an eye on it to
make sure it doesn't fail again.

Bug#861834: libtirpc: CVE-2017-8779

2017-05-04 Thread Salvatore Bonaccorso

Control: clone -1 -2
Control: reassign -2 src:ntirpc 1.4.3-3
Control: retitle -2 ntirpc: CVE-2017-8779

On Thu, May 04, 2017 at 05:01:11PM +0200, Salvatore Bonaccorso wrote:
> Source: libtirpc
> Version: 0.2.5-1
> Severity: grave
> Tags: security upstream patch
> Justification: user security hole
> Control: clone -1 -2
> Control: reassign -2 src:rpcbind
> Control: found -2 0.2.1-6
> 
> Hi,
> 
> the following vulnerability was published for libtirpc.
> 
> CVE-2017-8779[0]:
> | rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through
> | 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC
> | data size during memory allocation for XDR strings, which allows remote
> | attackers to cause a denial of service (memory consumption with no
> | subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

The same issue is affecting as well ntirpc. Thus cloning the bug.

Regards,
Salvatore

Bug#850327: W: APT had planned for dpkg to do more than it reported back (3 vs 7).

2017-05-04 Thread Robie Basak

On Thu, May 04, 2017 at 10:59:54PM +0800, 積丹尼 Dan Jacobson wrote:
> All I know is now apt says "APT had planned for dpkg to do more than it
> reported back (3 vs 7)." which is a separate issue...

If that's what you're reporting, then surely this is a bug in apt or
dpkg rather than in src:mysql-5.7? Or, if it is caused by the maintainer
script failure, then it is surely a duplicate of bug 843959.

signature.asc
Description: PGP signature

Bug#850327: W: APT had planned for dpkg to do more than it reported back (3 vs 7).

2017-05-04 Thread 積丹尼 Dan Jacobson

All I know is now apt says "APT had planned for dpkg to do more than it
reported back (3 vs 7)." which is a separate issue...

Bug#861834: libtirpc: CVE-2017-8779

2017-05-04 Thread Salvatore Bonaccorso

Source: libtirpc
Version: 0.2.5-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
Control: clone -1 -2
Control: reassign -2 src:rpcbind
Control: found -2 0.2.1-6

Hi,

the following vulnerability was published for libtirpc.

CVE-2017-8779[0]:
| rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through
| 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC
| data size during memory allocation for XDR strings, which allows remote
| attackers to cause a denial of service (memory consumption with no
| subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

Note: that the rpcbind version needs to be build with a fixed version
of libtirpc, as it needs some new code in libtircp.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
[1] http://www.openwall.com/lists/oss-security/2017/05/03/12
[2] https://github.com/guidovranken/rpcbomb/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#861822: suricata: feature wishes for suricata

2017-05-04 Thread Jason Ish

On Thu, 04 May 2017 13:20:49 +0200 "Hans-J. Ullrich" 
wrote:
> Package: suricata
> Version: 3.2.1-1
> Severity: wishlist
>
> Dear Maintainer,
>
> first, please apologize, as I am new to suricata. Before I used snort,
but I believe, suricata is now more modern.
>
> As this is a wishlist, just allow me shortly to describe, what I am
missing:
>
> 1. On my netbook I regularly change the interface, which is connected to
the internet. So maybe some day I need eth0, the next day wlan0 and also
ppp0 (via UMTS) is often in use.
>
> I want suricata check all the interfaces. All shall have the same
ruleset. How can I tell suricata to do so, if possible at all? One solution
may be, to create and start suricata with a seperate configuration for
eth0, one for wlan0 and one for ppp0. But that is annoying. In snort it was
possible, just to tell which interfaces shall be included, it was very
easy. Hope there is a same easy way in suricata.
>
> 2. I could not find, how to get alerted, when suricata detects bad
traffic. IMO suricata.log might show it, but I want to be alerted as fast
as possible. My idea and suggestion for this problem: Please add a
configuration file for "logcheck", that recognizes an active attack. I
believe, also suricata is using keywords in its log, which shows an active
attack. Good idea?
>
> 3. I found no GUI for managing and configuring suricata. A little Google
search brought me to snorby, which is for snort, but shall also be usable
for suricata. IMO the GUI does not need a web interface, a simple ncurses
interface will be fine enough. Do you know about such one? This point is
not so important, but would be nice to have.

You may also want to check it out EveBox. It can run without any external
database (it can use SQLite). Its just an alert/event viewer though,
whereas Scirius is a rule management tool.

https://evebox.org/

Bug#861832: RFS: golang-github-serenize-snaker/0.0~git20170425.0.1c7f653-1 [ITP]

2017-05-04 Thread Diego M . Rodriguez



Package: sponsorship-requests
Severity: wishlist

  Dear mentors,

  I am looking for a sponsor for my package "golang-github-serenize-snaker"

 * Package name: golang-github-serenize-snaker
   Version : 0.0~git20170425.0.1c7f653-1
   Upstream Author : Serenize UG 
 * URL : https://github.com/serenize/snaker
 * License : Expat
   Section : devel

  It builds those binary packages:

golang-github-serenize-snaker-dev - Convert camel cased strings to snake 
case and back

  To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/golang-github-serenize-snaker


  Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/g/golang-github-serenize-snaker/golang-github-serenize-snaker_0.0~git20170425.0.1c7f653-1.dsc

  Changes since the last upload:

  * Initial release (Closes: #861827)


  Regards,
   Diego M. Rodriguez

Bug#861831: RFS: golang-github-viki-org-dnscache/0.0~git20130720.0.c70c1f2-1 [ITP]

2017-05-04 Thread Diego M . Rodriguez



Package: sponsorship-requests
Severity: wishlist

  Dear mentors,

  I am looking for a sponsor for my package "golang-github-viki-org-dnscache"

 * Package name: golang-github-viki-org-dnscache
   Version : 0.0~git20130720.0.c70c1f2-1
   Upstream Author : Viki Inc. 
 * URL : https://github.com/viki-org/dnscache
 * License : Expat
   Section : devel

  It builds those binary packages:

golang-github-viki-org-dnscache-dev - DNS cache for Go

  To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/golang-github-viki-org-dnscache


  Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/g/golang-github-viki-org-dnscache/golang-github-viki-org-dnscache_0.0~git20130720.0.c70c1f2-1.dsc

  Or on the following repository:

https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-viki-org-dnscache.git

  Changes since the last upload:

* Initial release (Closes: #861825)

  Regards,
   Diego M. Rodriguez

Bug#850327: W: APT had planned for dpkg to do more than it reported back (3 vs 7).

2017-05-04 Thread Robie Basak

Hi,

On Fri, Jan 06, 2017 at 06:35:41AM +0800, 積丹尼 Dan Jacobson wrote:
> If one has mysql disabled. (Why have it running 24 a day?!?!)

Isn't this a duplicate of bug 843959 that you already filed yourself a
couple of months earlier? Is there any reason I shouldn't mark it as a
duplicate?

Robie


signature.asc
Description: PGP signature

Bug#850327: still broken

2017-05-04 Thread 積丹尼 Dan Jacobson

found 850327 5.7.18-1
thanks

Setting up mysql-server-5.7 (5.7.18-1) ...
mysql_upgrade: Got error: 2002: Can't connect to local MySQL server through 
socket '/var/run/mysqld/mysqld.sock' (2) while connecting to the MySQL server
Upgrade process encountered error and will not continue.
mysql_upgrade failed with exit status 11
dpkg: error processing package mysql-server-5.7 (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of mysql-server:
 mysql-server depends on mysql-server-5.7; however:
  Package mysql-server-5.7 is not configured yet.

dpkg: error processing package mysql-server (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 mysql-server-5.7
 mysql-server
Current status: 0 (+0) broken, 4 (-77) upgradable, 1703 (-7) new.
# systemctl start mysql; systemctl enable mysql; aptitude install
# systemctl start mysql; systemctl enable mysql; aptitude install
Synchronizing state of mysql.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable mysql
The following partially installed packages will be configured:
  mysql-server  mysql-server-5.7
The following packages will NOT be UPGRADED:
  gdal-bin  libgdal20{a}  python-gdal  python-sip
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
Do you want to continue? [Y/n/?]
Setting up mysql-server-5.7 (5.7.18-1) ...
Checking if update is needed.
Checking server version.
Running queries to upgrade MySQL server.
Checking system database.
mysql.columns_priv OK
mysql.db   OK
mysql.engine_cost  OK
mysql.eventOK
mysql.func OK
mysql.general_log  OK
mysql.gtid_executedOK
mysql.help_categoryOK
mysql.help_keyword OK
mysql.help_relationOK
mysql.help_topic   OK
mysql.innodb_index_stats   OK
mysql.innodb_table_stats   OK
mysql.ndb_binlog_index OK
mysql.plugin   OK
mysql.proc OK
mysql.procs_priv   OK
mysql.proxies_priv OK
mysql.server_cost  OK
mysql.servers  OK
mysql.slave_master_infoOK
mysql.slave_relay_log_info OK
mysql.slave_worker_infoOK
mysql.slow_log OK
mysql.tables_priv  OK
mysql.time_zoneOK
mysql.time_zone_leap_secondOK
mysql.time_zone_name   OK
mysql.time_zone_transition OK
mysql.time_zone_transition_typeOK
mysql.user OK
The sys schema is already up to date (version 1.5.1).
Checking databases.
sys.sys_config OK
Upgrade process completed successfully.
Checking if update is needed.
Setting up mysql-server (5.7.18-1) ...
W: APT had planned for dpkg to do more than it reported back (3 vs 7).
   Affected packages: mysql-server-5.7:amd64

Current status: 0 (+0) broken, 4 (+0) upgradable, 1703 (+0) new.
# aptitude install
#

Bug#861486: julia: FTBFS on mips64el (segmentation fault)

2017-05-04 Thread Graham Inggs

Possibly related to bug #684344 in libopenblas-base: please install 
OpenMP version.

Bug#861251: telegram-desktop: please unset QT_QPA_PLATFORMTHEME

2017-05-04 Thread Graham Inggs


Hi Maintainer

Have you had a chance to look at this yet?

I have received a report from a Xubuntu user that this patch works there.

Regards
Graham

Bug#833193: RFS: chapel/1.15-1 [ITP]

2017-05-04 Thread Lumin

Hello guys,

I quickly went through the packaging, and had some comments about it:
(I didn't carefully read your previous discussion and I have no
permission to upload)

* debian/changelog:
  currently Debian is still in the deep freeze stage, I'd recommend
you upload to experimental
  first. Besides, experimental is more fault-tolerant.

* chapel-doc.install:
  you may want to provide some room for users to install several
versions of chapel at the
  same time, but I'd recommend the way similar to gcc/llvm packaging does.
  you may want to install stuff like this:
/usr/share/doc/chapel/1.15/stuff
/usr/share/doc/chapel/1.16/stuff
  but this should be better:
/usr/share/doc/chapel-1.15/stuff
/usr/share/doc/chapel-1.16/stuff
  for example:
/usr/share/doc/gcc-{5,6}

* control:
  * Vcs-* fields are your *packaging repo* instead of upstream git repo.
  * python2.7: since python policy recommends python3 for new
packages, could you please
also provide a python3 version if upstream supports it?

* rules:
  * dh compat 10 has parallel build as default, you can optionally
bump compat to 10. Before
you are really about to do that, check debhelper(7) first for the
checklist from v9->v10.
  * it seems that util/quickstart/setchplenv.bash is just exporting
some environt variables
for the use of buildsystem. exporting these variables in rules
instead of sourcing with
bash should be better, and in this way you can gain more control
from rules, including
the CHPL_LLVM flag which seems to be a key of one of your TODO.

This chapel 1.15 package was succesfully built on my laptop and a
simple helloworld
example is working.

-- 
Best,
Lumin

Bug#835260: recommends non existing package

2017-05-04 Thread Gianfranco Costamagna

control: tags -1 patch fixed-upstream
> rhash (and librhash0) recommends libssl1.0.0. It has a list of
> libcrypto.so.XX names and tries to load a few crypto algos from
> libcrypto at runtime via dlopen() if it can fine the library. With
> libssl1.0.0 gone this does not work anymore. The 1.0.2 suffix is not
> part of the list.
> 

trivial patch:

https://github.com/rhash/RHash/commit/8c7078393690674da67d3c639384d446c3b02dee

G.



signature.asc
Description: OpenPGP digital signature

Bug#810029: librhash-dev: Additional ';' in #defined symbols in rhash.h

2017-05-04 Thread Gianfranco Costamagna

control: tags -1 patch fixed-upstream
> #define rhash_set_openssl_mask(mask) rhash_transmit(RMSG_SET_OPENSSL_MASK, 
> NULL, mask, 0);
> #define rhash_get_openssl_mask() rhash_transmit(RMSG_GET_OPENSSL_MASK, NULL, 
> 0, 0);
> 
this is already fixed upstream in v1.3.4 and this commit
https://github.com/rhash/RHash/commit/d839a1a853f22b8cfd26c2006ee5481739ea1114

G.



signature.asc
Description: OpenPGP digital signature

1 2 >

1 - 100 of 166 matches

Mail list logo