date:20170522

Bug#863188: dnssec-trigger: detect missing NSEC3 on wildcard domains and reject forwarder

2017-05-22 Thread Paul Wise

Package: dnssec-trigger
Version: 0.13-6
Severity: wishlist

I have a Turris Omnia router running TurrisOS and the Knot DNS resolver
that does not return NSEC3 records for wildcard domains. This means
that unbound on my laptop returns SERVFAIL for *.alioth.debian.org
until I run one of the workarounds listed below I think dnssec-trigger
should detect DNS resolvers that do not work with DNSSEC-signed
wildcard domains and prevent forwarding to them.

Workarounds:

unbound-control flush_zone debian.org

unbound-control forward off
unbound-control flush_zone alioth.debian.org

Debugging information:

$ dig +dnssec pkg-dns.alioth.debian.org @10.1.1.1

; <<>> DiG 9.10.3-P4-Debian <<>> +dnssec pkg-dns.alioth.debian.org @10.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6020
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;pkg-dns.alioth.debian.org. IN  A

;; ANSWER SECTION:
pkg-dns.alioth.debian.org. 569  IN  A   
5.153.231.21
pkg-dns.alioth.debian.org. 569  IN  RRSIG   A 8 
3 600 20170623114004 20170514111511 21021 alioth.debian.org. 
lOkRpm68Qfccn4r+ZXb/xx8LxS/ZSFKau+PKygvncoJxmoyEU2CiF/HF 
S6WVSgifpMCFWdYfvYQY7jS9tiF1GylmtaK/NrOCuql1xvCvA50bEI0I 
SME/AAMJt8UMAfG8SAHiUJ02mV6/fTL08DB3JvtRyhRERZzeX74/5vir 
d3tNcJ4/gAZ6bDRc7hOlBwpwgjIX3do/8ZQSzBaPCgTLMWv4x6B5ExS3 
rpWbRJE8i9EqijiebASkfCjujAx9zyyL

;; Query time: 25 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Tue May 23 13:46:55 AWST 2017
;; MSG SIZE  rcvd: 311

$ dig +dnssec pkg-dns.alioth.debian.org @4.2.2.2

; <<>> DiG 9.10.3-P4-Debian <<>> +dnssec pkg-dns.alioth.debian.org @4.2.2.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34129
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 8192
;; QUESTION SECTION:
;pkg-dns.alioth.debian.org. IN  A

;; ANSWER SECTION:
pkg-dns.alioth.debian.org. 600  IN  A   
5.153.231.21
pkg-dns.alioth.debian.org. 600  IN  RRSIG   
A 8 3 600 20170623114004 20170514111511 21021 alioth.debian.org. 
lOkRpm68Qfccn4r+ZXb/xx8LxS/ZSFKau+PKygvncoJxmoyEU2CiF/HF 
S6WVSgifpMCFWdYfvYQY7jS9tiF1GylmtaK/NrOCuql1xvCvA50bEI0I 
SME/AAMJt8UMAfG8SAHiUJ02mV6/fTL08DB3JvtRyhRERZzeX74/5vir 
d3tNcJ4/gAZ6bDRc7hOlBwpwgjIX3do/8ZQSzBaPCgTLMWv4x6B5ExS3 
rpWbRJE8i9EqijiebASkfCjujAx9zyyL

;; AUTHORITY SECTION:
skovl0gji1c2ogfbb5b9u615v0ihhr8s.alioth.debian.org. 3600 IN NSEC3 1 0 16 
0304059438 TOCPUCVAPQSTGJI187Q58IVD7SO72VQJ A RRSIG
skovl0gji1c2ogfbb5b9u615v0ihhr8s.alioth.debian.org. 3600 IN RRSIG NSEC3 8 4 
3600 20170618224548 20170509220232 21021 alioth.debian.org. 
KWsKHz6BJu2GL73WIHKCiYRi7DoyRybzcEpjbeG8GZJEcJJ+/ex3nMoX 
olHzer6EpEswsk6J4E6JHvMPpCPYnMctkbIgFYH9cztbJp2n8Y5lwPW7 
JOzMz7/tPvvJ3eBvtPdp8Z2P3XhbrZ6dFbPD4o60Q6mSciwzhBR5yCMK 
tnDXUgywYMlLiwVGyRIdPKmiSvZ+k8kkH60DTFzTSZ3mdv6lGT5tRAYi 
3EK6ATGbl4E4mrpjasbSyxDaO2gymdT9

;; Query time: 412 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Tue May 23 13:47:09 AWST 2017
;; MSG SIZE  rcvd: 636

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (860, 
'testing-proposed-updates'), (800, 'unstable-debug'), (800, 'unstable'), (790, 
'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 
'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dnssec-trigger depends on:
ii  gir1.2-networkmanager-1.0  1.6.2-3
ii  init-system-helpers1.48
ii  libc6  2.24-10
ii  libgdk-pixbuf2.0-0 2.36.5-2
ii  libglib2.0-0   2.50.3-2
ii  libgtk2.0-02.24.31-2
ii  libldns2   1.7.0-1
ii  libssl1.1  1.1.0e-2
ii  python 2.7.13-2
ii  python-gi  3.22.0-2
ii  python-lockfile1:0.12.2-2
ii  unbound1.6.0-3

dnssec-trigger recommends no packages.

dnssec-trigger suggests no packages.

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#863138: mirror submission for mirror.funkfreundelandshut.de

2017-05-22 Thread Peter Palfrader

Bastian Blank schrieb am Montag, dem 22. Mai 2017:

> On Mon, May 22, 2017 at 03:43:09PM +, Christoph van Bracht wrote:
> > Submission-Type: new
> > Site: mirror.funkfreundelandshut.de
> > Aliases: repo.dl4ste.ampr.org
> 
> I believe this resolves to an internal IP of AMPRNet?

It's not reachable on v6 for me.

Also,

weasel@orinoco:~$ host mirror.funkfreundelandshut.de
mirror.funkfreundelandshut.de is an alias for stwo.biz.
stwo.biz has address 93.104.103.29
stwo.biz has IPv6 address 2001:a61:20e6:8900:20c:29ff:fe79:ebd6
stwo.biz mail is handled by 50 localmail.stwo.biz.
stwo.biz mail is handled by 60 mailin.selfhost.de.
weasel@orinoco:~$ host 93.104.103.29
29.103.104.93.in-addr.arpa domain name pointer 
ppp-93-104-103-29.dynamic.mnet-online.de.

Is this really on a dynamic ipv4 address?

> > Trace Url: http://mirror.funkfreundelandshut.de/debian/project/trace/
> > Trace Url: 
> > http://mirror.funkfreundelandshut.de/debian/project/trace/ftp-master.debian.org
> > Trace Url: 
> > http://mirror.funkfreundelandshut.de/debian/project/trace/mirror.funkfreundelandshut.de
> 
> Please make sure you use the latest version of ftpsync[1].  We really
> don't list new mirrors that have incomplete trace files.

It's not just incomplete traces.  There's other parts missing too.

-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#857987: mirror submission for mirror.host.ag

2017-05-22 Thread Peter Palfrader

On Mon, 22 May 2017, Bastian Blank wrote:

> On Mon, May 22, 2017 at 01:11:25AM +0300, Host.AG wrote:
> > I think it has finished, the trace file looks ok.
> 
> It looks weird.
> 
> For example the first line is:
> | May 21 21:34:10 mirror ftpsync[9832]: 
> 
> Not sure how this got in there, but is does not belong there.

ping?

-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#863085: unblock: dante/1.4.1+dfsg-5 [preapproval, RC]

2017-05-22 Thread Niels Thykier

Control: tags -1 confirmed

Peter Pentchev:
> On Mon, May 22, 2017 at 06:15:00AM +, Niels Thykier wrote:
>> Control: tags -1 moreinfo
>>
>> [...]
> 
> Thanks for the quick reply!
> 
> The error handler is invoked for systemd services, too - it's part of
> an "invoke-rc.d #SCRIPT# start || #ERROR_HANDLER#" command, and invoke-rc.d
> takes care of starting the service in the init-system-dependent way.
> With systemd (as tested using strace on my laptop), invoke-rc.d runs
> systemctl directly (after checking for /run/systemd/system), and that's
> how we get to the systemd service failure.  On a SysV init system,
> invoke-rc.d would have invoked /etc/init.d/danted with the same result.
> 
> Even if invoke-rc.d did not know about systemctl, it would still have tried
> to run /etc/init.d/danted start, and then the systemd redirection in
> /lib/lsb/init-functions.d/40-systemd would have still started the systemd
> service.
> 
> G'luck,
> Peter
> 

Ack, please go ahead and remove the moreinfo tag once the package has
been uploaded and built on all relevant release architectures.

Thanks,
~Niels

Bug#773170: insserv: refuses to start postfix at boot because dnsmasq is disabled

2017-05-22 Thread Scott Kitterman

On Mon, 15 Dec 2014 11:02:27 +0100 Salvo Tomaselli  
wrote:
> Package: insserv
> Version: 1.16.0-5
> Severity: critical
> Justification: breaks unrelated software
> 
> Dear Maintainer,
> 
> insserv refuses to start postfix at boot, because I have configured dnsmasq
> to be disabled.
> 
> I don't use dnsmasq as a DNS cache, but as a DHCP server for when I create
> an ad-hoc network, so dnsmasq active or not has totally no effect on the
> ability of my system to resolve names.
> 
> As you can see, postfix can be manually started (and works fine), but it
> can't be started at boot automatically.
> 
> # systemctl enable postfix
> Synchronizing state for postfix.service with sysvinit using update-rc.d...
> Executing /usr/sbin/update-rc.d postfix defaults
> insserv: FATAL: service dnsmasq has to be enabled to use service postfix
> insserv: exiting now!
> update-rc.d: error: insserv rejected the script header
> *** Error in `systemctl': double free or corruption (fasttop): 
0x7f9c9443e9c0 ***
> Annullato
> # service postfix start
> # service dnsmasq status
> â dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
>Loaded: loaded (/lib/systemd/system/dnsmasq.service; disabled)
>   Drop-In: /run/systemd/generator/dnsmasq.service.d
>ââ50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
>Active: inactive (dead)
> # service postfix status
> â postfix.service - LSB: Postfix Mail Transport Agent
>Loaded: loaded (/etc/init.d/postfix)
>   Drop-In: /run/systemd/generator/postfix.service.d
>ââ50-postfix-$mail-transport-agent.conf
>Active: active (running) since lun 2014-12-15 10:52:31 CET; 11s ago
>   Process: 1204 ExecStart=/etc/init.d/postfix start (code=exited, 
status=0/SUCCESS)
>CGroup: /system.slice/postfix.service
>ââ1325 /usr/lib/postfix/master
>ââ1326 pickup -l -t fifo -u -c
>ââ1327 qmgr -l -t fifo -u
> 
> dic 15 10:52:31 hal9000 postfix[1204]: Starting Postfix Mail Transport 
Agent: postfix.
> dic 15 10:52:31 hal9000 systemd[1]: Started LSB: Postfix Mail Transport 
Agent.
> dic 15 10:52:31 hal9000 postfix/master[1325]: daemon started -- version 
2.11.3, configuration /etc/postfix

This should work now as of 3.1.4-5 (at least when using the default init 
system).  Please let us know if you can replicate this issue with that version 
or later.

Scott K

Bug#690246: debian-installer: initial install reboot failure to find lvm devices when hostname has a - in it

2017-05-22 Thread David H. Gutteridge

I recently used the Stretch RC 3 installer to install an LVM setup
where the hostname contains a hyphen, and I did not encounter this
issue, so perhaps it's been fixed in the intervening years?

Regards,

Dave

Bug#851143: systemd: doesn't use all the mount options from /etc/fstab when mounting on boot

2017-05-22 Thread Russell Coker

On Tue, 23 May 2017 02:49:21 AM Michael Biebl wrote:
> > Sorry for the delay in responding.  I've attached those files.
> 
> The configuration you attached doesn't seem to match up.
> E.g. the original fstab didn't have x-systemd.automount.

I've set the system to not use automount, rebooted it, and run those commands 
again.

> The ExecMount shows that mount has apparently been called as
> /bin/mount 10.10.10.1:/mailstore /mail -t nfs -o
> context=system_u:object_r:mail_spool_t:s0,x-systemd.automount
> 
> I.e. "context=system_u:object_r:mail_spool_t:s0" has been passed along
> correctly.
> 
> Are you absolutely sure it was actually systemd which has mounted
> /mailstore?

In the case of x-automount absolutely.  In the case of not using automount, 
how else would it be happening?

On Tue, 23 May 2017 03:05:59 AM Michael Biebl wrote:
> What happens, if you run
> 
> umount /mail
> mount 10.10.10.1:/mailstore /mail -t nfs -o
> context=system_u:object_r:mail_spool_t:s0,x-systemd.automount
> 
> Are the options correctly applied then?

# ls -ldZ /mail
drwxr-xr-x. 1 vmail vmail system_u:object_r:nfsd_rw_t:s0 754 May 10 12:41 
/mail
# umount /mail ; mount /mail
# ls -ldZ /mail
drwxr-xr-x. 1 vmail vmail system_u:object_r:mail_spool_t:s0 754 May 10 12:41 
/mail

Yes, it works fine.

I've also attached the latest version of /etc/fstab.

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
Where=/mail
What=10.10.10.1:/mailstore
Options=rw,relatime,seclabel,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.10.10.24,local_lock=none,addr=10.10.10.1
Type=nfs4
TimeoutUSec=1min 30s
ControlPID=0
DirectoryMode=0755
SloppyOptions=no
LazyUnmount=no
ForceUnmount=no
Result=success
UID=4294967295
GID=4294967295
ExecMount={ path=/bin/mount ; argv[]=/bin/mount 10.10.10.1:/mailstore /mail -t 
nfs -o context=system_u:object_r:mail_spool_t:s0 ; ignore_errors=no ; 
start_time=[Tue 2017-05-23 15:06:30 AEST] ; stop_time=[Tue 2017-05-23 15:06:30 
AEST] ; pid=496 ; code=exited ; status=0 }
Slice=system.slice
ControlGroup=/system.slice/mail.mount
MemoryCurrent=18446744073709551615
CPUUsageNSec=18446744073709551615
TasksCurrent=0
Delegate=no
CPUAccounting=no
CPUWeight=18446744073709551615
StartupCPUWeight=18446744073709551615
CPUShares=18446744073709551615
StartupCPUShares=18446744073709551615
CPUQuotaPerSecUSec=infinity
IOAccounting=no
IOWeight=18446744073709551615
StartupIOWeight=18446744073709551615
BlockIOAccounting=no
BlockIOWeight=18446744073709551615
StartupBlockIOWeight=18446744073709551615
MemoryAccounting=no
MemoryLow=0
MemoryHigh=18446744073709551615
MemoryMax=18446744073709551615
MemorySwapMax=18446744073709551615
MemoryLimit=18446744073709551615
DevicePolicy=auto
TasksAccounting=yes
TasksMax=4915
UMask=0022
LimitCPU=18446744073709551615
LimitCPUSoft=18446744073709551615
LimitFSIZE=18446744073709551615
LimitFSIZESoft=18446744073709551615
LimitDATA=18446744073709551615
LimitDATASoft=18446744073709551615
LimitSTACK=18446744073709551615
LimitSTACKSoft=8388608
LimitCORE=18446744073709551615
LimitCORESoft=0
LimitRSS=18446744073709551615
LimitRSSSoft=18446744073709551615
LimitNOFILE=4096
LimitNOFILESoft=1024
LimitAS=18446744073709551615
LimitASSoft=18446744073709551615
LimitNPROC=7977
LimitNPROCSoft=7977
LimitMEMLOCK=65536
LimitMEMLOCKSoft=65536
LimitLOCKS=18446744073709551615
LimitLOCKSSoft=18446744073709551615
LimitSIGPENDING=7977
LimitSIGPENDINGSoft=7977
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=18446744073709551615
LimitRTTIMESoft=18446744073709551615
OOMScoreAdjust=0
Nice=0
IOScheduling=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=5
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=inherit
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
SecureBits=0
CapabilityBoundingSet=18446744073709551615
AmbientCapabilities=0
DynamicUser=no
RemoveIPC=no
MountFlags=0
PrivateTmp=no
PrivateDevices=no
ProtectKernelTunables=no
ProtectKernelModules=no
ProtectControlGroups=no
PrivateNetwork=no
PrivateUsers=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=yes
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
RuntimeDirectoryMode=0755
MemoryDenyWriteExecute=no
RestrictRealtime=no
RestrictNamespace=2114060288
KillMode=control-group
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=mail.mount
Names=mail.mount
Requires=-.mount system.slice
Wants=network-online.target
RequiredBy=remote-fs.target
Conflicts=umount.target
Before=remote-fs.target umount.target
After=remote-fs-pre.target -.mount network.target network-online.target 
system.slice
RequiresMountsFor=/
Documentation=man:fstab(5) man:systemd-fstab-generator(8)
Description=/mail
LoadState=loaded
ActiveState=active
SubState=mounted

Bug#863187: util-linux: setarch breaks terminal handling for apt-get

2017-05-22 Thread Russell Coker

Package: util-linux
Version: 2.29.2-1
Severity: normal

When I run $(arch) at the command-line (which expands to x86_64 on my system)
I then can't run apt-get.  Below is what happens, the Abort is immediately
after running apt-get without me entering anything on the terminal.

This was particularly confusing as I didn't realise that I had even run it,
I had accidentally pasted $(arch) into the terminal and not realised that it
had launched a shell with different capabilities.

The following packages will be upgraded:
  ffmpeg ghostscript ghostscript-x libav-tools libavcodec57 libavdevice57
  libavfilter6 libavformat57 libavresample3 libavutil55 libgs9 libgs9-common
  libopendkim-dev libopendkim11 libpostproc54 libswresample2 libswscale4 login
  openvpn passwd qemu-kvm qemu-system-arm qemu-system-common qemu-system-x86
  qemu-utils screen
26 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 30.7 MB of archives.
After this operation, 70.7 kB of additional disk space will be used.
Do you want to continue? [Y/n] Abort.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages util-linux depends on:
ii  libblkid1  2.29.2-1
ii  libc6  2.24-10
ii  libfdisk1  2.29.2-1
ii  libmount1  2.29.2-1
ii  libncursesw5   6.0+20161126-1
ii  libpam0g   1.1.8-3.5
ii  libselinux12.6-3+b1
ii  libsmartcols1  2.29.2-1
ii  libsystemd0232-23
ii  libtinfo5  6.0+20161126-1
ii  libudev1   232-23
ii  libuuid1   2.29.2-1
ii  zlib1g 1:1.2.8.dfsg-5

util-linux recommends no packages.

Versions of packages util-linux suggests:
ii  dosfstools  4.1-1
ii  kbd 2.0.3-2+b1
pn  util-linux-locales  

-- debconf information excluded

Bug#863186: libtasn1-6: CVE-2017-6891

2017-05-22 Thread Salvatore Bonaccorso

Source: libtasn1-6
Version: 4.2-3
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for libtasn1-6.

CVE-2017-6891[0]:
| Two errors in the "asn1_find_node()" function (lib/parser_aux.c)
| within GnuTLS libtasn1 version 4.10 can be exploited to cause a
| stacked-based buffer overflow by tricking a user into processing a
| specially crafted assignments file via the e.g. asn1Coding utility.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
[1] 
https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484

Regards,
Salvatore

Bug#863185: tiff: CVE-2017-9147: Out of bound read in _TIFFVGetField

2017-05-22 Thread Salvatore Bonaccorso

Source: tiff
Version: 4.0.7-7
Severity: important
Tags: upstream security
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2693

Hi Laszlo,

the following vulnerability was published for tiff.

CVE-2017-9147[0]:
| LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in
| tif_dir.c, which might allow remote attackers to cause a denial of
| service (crash) via a crafted TIFF file.

Looking from the upstream bugreport at [1] and the affected code, cf.
[2] I think this should affect us. But please double check, I might
miss something?

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9147
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2693
[2] http://bugzilla.maptools.org/show_bug.cgi?id=2693#c2

Please adjust the affected versions in the BTS as needed.

Regards and thanks for your work,
Salvatore

Bug#575265: Drahý příteli,8

2017-05-22 Thread Nicdo Awo

[image: Inline image 1]

Bug#863184: unblock: opendmarc/1.3.2-2

2017-05-22 Thread Scott Kitterman

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package opendmarc

This upload fixes a policy violation about forced conffile removal and I think
we would be better off to have the change in stretch.  It isn't only a
theoretical problem.  As it is, if someone is using systemd and then switches
to sysv init the daemon will fail to start.

Scott K

unblock opendmarc/1.3.2-2
diff -u opendmarc-1.3.2/debian/changelog opendmarc-1.3.2/debian/changelog
--- opendmarc-1.3.2/debian/changelog
+++ opendmarc-1.3.2/debian/changelog
@@ -1,3 +1,10 @@
+opendmarc (1.3.2-2) unstable; urgency=medium
+
+  * Do not remove /etc/default/opendkim on upgrade since it is a conffile
+because policy 10.7.3 (Closes: #863173)
+
+ -- Scott Kitterman   Mon, 22 May 2017 18:11:58 -0400
+
 opendmarc (1.3.2-1) unstable; urgency=medium
 
   * New upstream release
diff -u opendmarc-1.3.2/debian/opendmarc.postinst opendmarc-1.3.2/debian/opendmarc.postinst
--- opendmarc-1.3.2/debian/opendmarc.postinst
+++ opendmarc-1.3.2/debian/opendmarc.postinst
@@ -38,9 +38,6 @@
 
 	# Upgrade /etc/default to systemd override files
 	if [ -d /run/systemd/system ] && [ -f /etc/default/opendmarc ]; then
-		if /lib/opendmarc/opendmarc.service.generate; then
-			rm -f /etc/default/opendmarc
-		fi
 		if [ -f /etc/tmpfiles.d/opendmarc.conf ]; then
 			systemd-tmpfiles --create /etc/tmpfiles.d/opendmarc.conf
 		fi

Bug#863183: unblock: opendkim/2.11.0~alpha-10

2017-05-22 Thread Scott Kitterman

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package opendkim

This upload fixes a policy violation about forced conffile removal and I think
we would be better off to have the change in stretch.  It isn't only a
theoretical problem.  As it is, if someone is using systemd and then switches
to sysv init the daemon will fail to start.

Scott K

unblock opendkim/2.11.0~alpha-10
diff -Nru opendkim-2.11.0~alpha/debian/changelog opendkim-2.11.0~alpha/debian/changelog
--- opendkim-2.11.0~alpha/debian/changelog	2017-01-25 10:00:10.0 -0500
+++ opendkim-2.11.0~alpha/debian/changelog	2017-05-22 18:10:16.0 -0400
@@ -1,3 +1,10 @@
+opendkim (2.11.0~alpha-10) unstable; urgency=medium
+
+  * Do not remove /etc/default/opendkim on upgrade since it is a conffile
+because policy 10.7.3 (Closes: #863055)
+
+ -- Scott Kitterman   Mon, 22 May 2017 18:08:41 -0400
+
 opendkim (2.11.0~alpha-9) unstable; urgency=medium
 
   * Set umask to 0007 in opendkim.service so opendkim socket is group readable
diff -Nru opendkim-2.11.0~alpha/debian/opendkim.postinst opendkim-2.11.0~alpha/debian/opendkim.postinst
--- opendkim-2.11.0~alpha/debian/opendkim.postinst	2016-11-07 09:07:21.0 -0500
+++ opendkim-2.11.0~alpha/debian/opendkim.postinst	2017-05-22 18:08:37.0 -0400
@@ -42,9 +42,6 @@
 
 	# Upgrade /etc/default to systemd override files
 	if [ -d /run/systemd/system ] && [ -f /etc/default/opendkim ]; then
-		if /lib/opendkim/opendkim.service.generate; then
-			rm -f /etc/default/opendkim
-		fi
 		if [ -f /etc/tmpfiles.d/opendkim.conf ]; then
 			systemd-tmpfiles --create /etc/tmpfiles.d/opendkim.conf
 		fi

Bug#853122:

2017-05-22 Thread Aizi

I've got the same bug on Asus M5A97 R2.0. On linux kernel 4.9.0-3-amd64.

-- 
Best regards,
Aizi

Bug#863089: [Piuparts-devel] Bug#863089: Please provide post-processed logs output for manpages.d.o

2017-05-22 Thread Holger Levsen

Hi Michael,

are you subscribed to this bug or do you need cc:s?

On Sun, May 21, 2017 at 06:43:54PM +0200, Michael Stapelberg wrote:
> This is in relation to https://bugs.debian.org/850917, where we added
> code to log update-alternatives calls.
> 
> Now that the calls are logged, we need to somehow make Debiman aware
> of the calls. To that end, I wrote a program which will read all
> available logs, parse all LOG-ALTERNATIVES lines, and generate a JSON
> file with the links created by the various binary packages.
 
thanks for the nice summary and proposal!

> Find the source of that program at
> https://github.com/Debian/debiman/blob/b4d79f84b34abfc59effcd85c78541ce8f572b4b/cmd/debiman-piuparts-distill/piuparts.go

looks simple and clean enough!
 
> I then ran the program like so on piuparts.debian.org:

/me really likes that pejacevic is developer accessable! ;)

> % debiman-piuparts-distill \
> -logs_dir=/srv/piuparts.debian.org/htdocs/stretch \
> -output=debiman/testing.json.gz
> 
> % debiman-piuparts-distill \
>   -logs_dir=/srv/piuparts.debian.org/htdocs/sid \
>   -output=debiman/unstable.json.gz
> 
> % debiman-piuparts-distill \
>   -logs_dir=/srv/piuparts.debian.org/htdocs/experimental \
>   -output=debiman/experimental.json.gz
> 
> % debiman-piuparts-distill \
>   -logs_dir=/srv/piuparts.debian.org/htdocs/jessie \
>   -output=debiman/stable.json.gz

ok, so only parsing 4 suites… how long did these commands run?

> I then copied debiman/*.json.gz over to manziarly.debian.org,
> re-generated the entire site, and slave alternative manpages now work
> as expected :).

hehe, nice! got an example?

> Obviously, the above was a one-off manual effort, so now we should
> discuss how we’d like to set things up for a more permanent export.

sure!

> Here’s a strawman proposal. We could:
> 
> 1. Add a crontab entry, which triggers a shell script, which will
>update debiman-piuparts-distill, then run it on the logs
>directories.

sounds good, how often would you like to run it?

> 2. Store the resulting *.json.gz files in a directory called
>/srv/piuparts.debian.org/htdocs/for-manpages.d.o

I don't really like the "for-manpages.d.o" directory name, but cannot think
of a better one either, so…

> 3. Download the files via HTTPS on manziarly.d.o.

great, so only step 1+2 are on the piuparts side :)

> Step ① requires installing the Go compiler
> (https://packages.debian.org/stretch/golang-go) on piuparts.d.o. We
> could avoid this if we’re all okay with just copying the
> debiman-piuparts-distill binary onto piuparts.d.o, but referring to
> e.g. /home/stapelberg/debiman-piuparts-distill from a cronjob within
> the piuparts git repository feels somewhat unclean.

nah, installing golang-go from jessie or jessie-backports is easy, it
just needs a patch for git.debian.org/git/mirror/debian.org.git for the files
debian/control and debian/changelog and a mail to admin@rt.d.o with the 
subject "Debian RT: .*" to generate a ticket… which golang-go version do
you want?

> Any thoughts? Would you be okay with my strawman? If so, I’ll prepare
> a patch.

Yup, seems very fine to me! Please do!

cmd/debiman-piuparts-distill/piuparts.go also could use a comments in main()
and explaining the purpose of the various functions ;-) I was just giving it 
a 2nd look after wanting to ask you to explain it/go-basics to me the next
time we met but then thought I should first try to understand it myself ;-) 
And then I noticed some more comments explaining/introducing the purpose
of the following code lines would be nice…

I suppose cmd/debiman-piuparts-distill/piuparts.go should live in master-bin
in piuparts.git or what would you propose? I don't think we wanna compile it
when building the piuparts-master package (for the Debian archive) but rather
only build it when installing on pejacevic…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#863182: php-crypt-gpg: not installable in sid

2017-05-22 Thread Ralf Treinen

Package: php-crypt-gpg
Version: 1.4.1-1
Severity: serious
User: trei...@debian.org
Usertags: edos-uninstallable

Hi,

php-crypt-gpg is currently not installable in sid since 2016-09-02, because
it depends on gnupg. However, gnupg (2.1.18-8) has a 

Breaks: php-crypt-gpg (<= 1.4.1-1)

-Ralf.

Bug#863181: unblock: debirf/0.37

2017-05-22 Thread Daniel Kahn Gillmor

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debirf

Version 0.37 contains fixes for #850080 and #833125, both of which
make debirf unusable on debian stretch.

It also includes a few smaller fixes which produce more usable and
compact debirf images.  These versions are currently being used to
produce the debirf autobuilder images at
http://debirf.cmrg.net/autobuilds/ so they have been tested, and will
continue to be tested regularly.

The debdiff between 0.36 and 0.37 is attached.

unblock debirf/0.37

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru debirf-0.36/debian/changelog debirf-0.37/debian/changelog
--- debirf-0.36/debian/changelog2016-05-08 22:37:31.0 -0400
+++ debirf-0.37/debian/changelog2017-05-18 12:10:07.0 -0400
@@ -1,3 +1,18 @@
+debirf (0.37) unstable; urgency=medium
+
+  [ JH Chatenet ]
+  * run fakeroot with bash (Closes: #850080)
+  * a0_prep-root: run insserv if installed (Closes: #833125)
+
+  [ Antoine Beaupré ]
+  * avoid crash if CDPATH is set (Closes: #848693)
+
+  [ Daniel Kahn Gillmor ]
+  * enable rootfs xz compression (Closes: #813472)
+  * Add more utilities to rescue profile (Closes: #834478)
+
+ -- Daniel Kahn Gillmor   Thu, 18 May 2017 12:10:07 
-0400
+
 debirf (0.36) unstable; urgency=medium
 
   * better systemd compatibility, prune obsolete modules
diff -Nru debirf-0.36/debian/control debirf-0.37/debian/control
--- debirf-0.36/debian/control  2016-05-08 20:23:32.0 -0400
+++ debirf-0.37/debian/control  2017-05-18 11:24:00.0 -0400
@@ -17,6 +17,7 @@
  fakechroot,
  fakeroot,
  klibc-utils,
+ xz-utils,
  ${misc:Depends}
 Recommends: grub-common (>= 1.98+20100804) | isolinux,
 lsb-release,
diff -Nru debirf-0.36/doc/example-profiles/rescue/packages 
debirf-0.37/doc/example-profiles/rescue/packages
--- debirf-0.36/doc/example-profiles/rescue/packages2016-05-08 
20:16:31.0 -0400
+++ debirf-0.37/doc/example-profiles/rescue/packages2017-05-18 
12:10:07.0 -0400
@@ -2,34 +2,51 @@
 +bonnie++
 +chntpw
 +cryptsetup
-+gddrescue
 +diskscan
++dmidecode
 +dosfstools
 +e2tools
 +eject
++ethtool
++fancontrol
 +fatresize
++flashrom
 +foremost
++gddrescue
 +grub2
 +hdparm
 +hfsplus
 +hfsprogs
 +hfsutils
++initramfs-tools-core
++inteltool
++lm-sensors
 +lsof
 +lsscsi
 +lvm2
++memtester
++msrtool
 +mtd-utils
++ntfs-3g
++nvramtool
 +parted
 +partimage
 +pciutils
++rsync
 +screen
 +scrub
 +sdparm
 +sg3-utils
 +smartmontools
 +smp-utils
++socat
++squashfs-tools
++superiotool
 +testdisk
 +testdisk
 +tofrodos
 +u-boot-tools
++usbutils
++wget
 +wipe
 +wodim
diff -Nru debirf-0.36/src/common debirf-0.37/src/common
--- debirf-0.36/src/common  2011-12-05 16:32:14.0 -0500
+++ debirf-0.37/src/common  2017-05-18 11:23:11.0 -0400
@@ -45,7 +45,7 @@
failure "Debirf fakeroot state file '$DEBIRF_FAKEROOT_STATE' does 
not exist."
fi
 # set up $PATH and $HOME as though we are superuser
-   HOME=/root 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin fakeroot -i 
"$DEBIRF_FAKEROOT_STATE" -s "$DEBIRF_FAKEROOT_STATE" "$@"
+   HOME=/root 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin bash fakeroot 
-i "$DEBIRF_FAKEROOT_STATE" -s "$DEBIRF_FAKEROOT_STATE" "$@"
 fi
 }
 export -f fakeroot_if_needed
diff -Nru debirf-0.36/src/debirf debirf-0.37/src/debirf
--- debirf-0.36/src/debirf  2016-05-08 20:27:56.0 -0400
+++ debirf-0.37/src/debirf  2017-05-18 12:10:07.0 -0400
@@ -15,6 +15,7 @@
 
 CMD=$(basename $0)
 
+unset CDPATH
 DEBIRF_COMMON=${DEBIRF_COMMON:-/usr/share/debirf/common}
 source "$DEBIRF_COMMON"
 
@@ -158,7 +159,7 @@
 
 # abort with a failure if our attempts to build the rootfs fail:
 set -o pipefail
-fakeroot_if_needed bash -c ". $DEBIRF_COMMON && 
FAKECHROOT_EXCLUDE_PATH=/does-not-exist debirf_exec sh -c 'find * | grep -v -e 
^run/ | cpio --create -H newc'" | gzip -9 > "$1"
+fakeroot_if_needed bash -c ". $DEBIRF_COMMON && 
FAKECHROOT_EXCLUDE_PATH=/does-not-exist debirf_exec sh -c 'find * | grep -v -e 
^run/ | cpio --create -H newc'" | xz -9 > "$1"
 }
 export -f pack_rootfs
 
@@ -214,7 +215,7 @@
 fi
 cd /newroot
 echo unpacking rootfs...
-gunzip - < /rootfs.cgz | cpio -i
+unxz - < /rootfs.cxz | cpio -i
 if (grep -q break=bottom /proc/cmdline); then
   echo "honoring break=bottom kernel arg"
   /bin/sh
@@ -225,9 +226,9 @@
 EOF

Bug#863178: Acknowledgement (installation-reports: x230 tablet: required BIOS upgrade)

2017-05-22 Thread Chris Chiappa

Oops, here's the partitiontable:
Disk /dev/sda: 625142448 sectors, 298.1 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): AF8F0A02-C588-4FD8-8ADF-0A06AA25C689
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 625142414
Partitions will be aligned on 2048-sector boundaries
Total free space is 5355 sectors (2.6 MiB)

Number  Start (sector)End (sector)  Size   Code  Name
   12048  206847   100.0 MiB   EF00  EFI system partition
   2  206848  468991   128.0 MiB   0C01  Microsoft reserved ...
   3  468992   176250241   83.8 GiB0700  Basic data partition
   4   595474432   596467711   485.0 MiB   2700  
   5   596469760   625141759   13.7 GiB0700  Basic data partition
   6   176250880   177227775   477.0 MiB   8300  uqbar-boot
   7   177227776   595474431   199.4 GiB   8300  uqbar-crypt

Bug#717388: [Pkg-systemd-maintainers] Bug#717388: Please enable persistent journal

2017-05-22 Thread David H. Gutteridge

Having read through the discussion in this bug report, I understand
why persistent journald logging isn't enabled in Jessie or Stretch
(both of which I've started using recently), but it would perhaps be
helpful to users coming from other distros (in my case, Fedora) if
there was more readily available documentation concerning this whole
subject. I realize there's a document that covers this in
/usr/share/doc/systemd/, but official Debian content available online
would help. (Perhaps there is some, but if so, I couldn't find
anything, only scattered blog posts. And relying upon Google to
search for Debian bug reports is sub-optimal, in my experience.)

Dave

Bug#863180: live-wrapper: Add keyboard shortcuts and revamp menus

2017-05-22 Thread Samuel Thibault

Package: live-wrapper
Version: 0.6
Severity: important
User: debian-accessibil...@lists.debian.org
Usertags: a11y

Hello,

As discussed on
https://lists.debian.org/debian-accessibility/2017/04/msg00130.html
it would be useful to have keyboard shortcuts in the live boot menu. The
attached patch implements it in both isolinux and grub. The shortcuts
are marked with '^', so that they can be implemented correctly in
syslinux. The patch also revamps the boot menu so as to integrate the
whole debian installer options (expert, rescue, auto, speech).

Samuel

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages live-wrapper depends on:
ii  debian-archive-keyring  2014.3
ii  isolinux3:6.03+dfsg-14.1
ii  python-apt  1.4.0~beta3
ii  python-cliapp   1.20160724-2
ii  python-distro-info  0.14
ii  python-requests 2.12.4-1
pn  python:any  
ii  vmdebootstrap   1.7-1
ii  xorriso 1.4.6-1+b1

live-wrapper recommends no packages.

Versions of packages live-wrapper suggests:
pn  cmdtest  

-- no debconf information

-- 
Samuel
 T'as pas de portable ?
 J'ai un nokia, dans le bassin d'arcachon
diff --git a/lwr/bootloader.py b/lwr/bootloader.py
index 69c27a2..9a0541a 100644
--- a/lwr/bootloader.py
+++ b/lwr/bootloader.py
@@ -25,28 +25,84 @@ class BootloaderConfig(object):
  'cmdline': 'boot=live components',
  'initrd': '/live/initrd.img-%s' % (version,),
 })
+for version in self.versions:
+self.entries.append({
+ 'description': 'Debian GNU/Linux Live with 
^Speech (kernel %s)' % (version,),
+ 'type': 'linux',
+ 'kernel': '/live/vmlinuz-%s' % (version,),
+ 'cmdline': 'boot=live components 
speakup.synth=soft',
+ 'initrd': '/live/initrd.img-%s' % (version,),
+})
 
 def add_installer(self, kernel, ramdisk):  # pylint: disable=no-self-use
-self.entries.append({
- 'description': 'Graphical Debian Installer',
+installcfg = BootloaderConfig(self.cdroot)
+installcfg.entries.append({
+ 'description': '^Graphical Debian Installer',
  'type': 'linux',
  'kernel': '/d-i/gtk/%s' % 
(os.path.basename(kernel),),
  'initrd': '/d-i/gtk/%s' % 
(os.path.basename(ramdisk),),
  'cmdline': 'append video=vesa:ywrap,mtrr vga=788'
 })
-self.entries.append({
- 'description': 'Debian Installer',
+installcfg.entries.append({
+ 'description': 'Debian ^Installer',
  'type': 'linux',
  'kernel': '/d-i/%s' % (os.path.basename(kernel),),
  'initrd': '/d-i/%s' % 
(os.path.basename(ramdisk),),
 })
-self.entries.append({
- 'description': 'Debian Installer with Speech 
Synthesis',
+advancedinstallcfg = BootloaderConfig(self.cdroot)
+advancedinstallcfg.entries.append({
+ 'description': 'E^xpert install',
+ 'type': 'linux',
+ 'kernel': '/d-i/%s' % (os.path.basename(kernel),),
+ 'initrd': '/d-i/%s' % 
(os.path.basename(ramdisk),),
+ 'cmdline': 'append priority=low'
+})
+advancedinstallcfg.entries.append({
+ 'description': '^Rescue mode',
+ 'type': 'linux',
+ 'kernel': '/d-i/%s' % (os.path.basename(kernel),),
+ 'initrd': '/d-i/%s' % 
(os.path.basename(ramdisk),),
+ 'cmdline': 'append rescue/enable=true'
+})
+advancedinstallcfg.entries.append({
+ 'description': '^Automated install',
+ 'type': 'linux',
+ 'kernel': '/d-i/%s' % (os.path.basename(kernel),),
+ 'initrd':

Bug#863179: apt: GPG errors on update and other operations

2017-05-22 Thread Pete Miller

Package: apt
Version: 1.4.1
Severity: important
Tags: d-i

Dear Maintainer,

I installed Stretch from the CD image to new physical hardware, and then
updated the system. I can't remember if errors started straight away, or took a
while to manifest.

See this thread for some background: https://lists.debian.org/debian-
user/2017/05/msg00311.html

Subsequently, I have run "apt update --allow-insecure-repositories", which
worked, but a subsequent "apt-get update --allow-unauthenticated" and similar
failed to update any packages due to key errors as detailed in the thread.

Running aptitude with options allowed the outstanding packages to be updated,
but the key errors persist in apt, synaptic and aptitude, even though the
correct keys seem to be installed.

I cannot force version for apt to update to version 1.4.4, so I am stuck on
1.4.1, although no similar errors are reported there.

Thanks, Pete Miller



-- Package-specific info:

-- apt-config dump --

APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "true";
APT::Install-Suggests "0";
APT::Sandbox "";
APT::Sandbox::User "_apt";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^linux-image-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^linux-headers-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^linux-headers-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^linux-image-extra-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^linux-image-extra-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^linux-signed-image-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^linux-signed-image-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-image-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-image-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-headers-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-headers-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^gnumach-image-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^gnumach-image-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^.*-modules-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^.*-modules-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^.*-kernel-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^.*-kernel-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.9\.0-3-amd64$";
APT::NeverAutoRemove:: "^linux-tools-4\.9\.0-2-amd64$";
APT::NeverAutoRemove:: "^linux-tools-4\.9\.0-3-amd64$";
APT::VersionedKernelPackages "";
APT::VersionedKernelPackages:: "linux-image";
APT::VersionedKernelPackages:: "linux-headers";
APT::VersionedKernelPackages:: "linux-image-extra";
APT::VersionedKernelPackages:: "linux-signed-image";
APT::VersionedKernelPackages:: "kfreebsd-image";
APT::VersionedKernelPackages:: "kfreebsd-headers";
APT::VersionedKernelPackages:: "gnumach-image";
APT::VersionedKernelPackages:: ".*-modules";
APT::VersionedKernelPackages:: ".*-kernel";
APT::VersionedKernelPackages:: "linux-backports-modules-.*";
APT::VersionedKernelPackages:: "linux-tools";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "contrib/metapackages";
APT::Never-MarkAuto-Sections:: "non-free/metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Move-Autobit-Sections "";
APT::Move-Autobit-Sections:: "oldlibs";
APT::Move-Autobit-Sections:: "contrib/oldlibs";
APT::Move-Autobit-Sections:: "non-free/oldlibs";
APT::Move-Autobit-Sections:: "restricted/oldlibs";
APT::Move-Autobit-Sections:: "universe/oldlibs";
APT::Move-Autobit-Sections:: "multiverse/oldlibs";
APT::Periodic "";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Update "";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "/usr/bin/test -e /usr/share/dbus-1/system-
services/org.freedesktop.PackageKit.service && /usr/bin/test -S
/var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest
org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout
4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null;
/bin/echo > /dev/null";
APT::Update::Post-Invoke-Success:: "if /usr/bin/test -w /var/cache/app-info -a
-e /usr/bin/appstreamcli; then appstreamcli refresh-cache > /dev/null; fi";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "0";
APT::Compressor::lz4 "";
APT::Compressor::lz4::Name "lz4";

Bug#863178: installation-reports: x230 tablet: required BIOS upgrade

2017-05-22 Thread Chris Chiappa

Package: installation-reports
Severity: normal

-- Package-specific info:

Boot method: USB
Image version: 
https://cdimage.debian.org/cdimage/stretch_di_rc3/amd64/iso-cd/debian-stretch-DI-rc3-amd64-netinst.iso
Date: 

Machine: IBM Thinkpad X230 Tablet
Partitions: 


Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [O]
Detect network card:[O]
Configure network:  [O]
Detect CD:  [O]
Load installer modules: [O]
Clock/timezone setup:   [O]
User/password setup:[O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[ ]
Install tasks:  [ ]
Install boot loader:[ ]
Overall install:[ ]

Comments/Problems:

New-to-me x230 tablet.  Neither the Jessie installer nor the Stretch
RC3 installer would boot - I would get a black screen with some
flickering pixels in the upper right when GRUB tried to load Linux.
Tried a bit of fiddling with the default vga= param to no avail.
Noticed the BIOS was from 2013, used Windows to flash it to the latest
(GCETA6WW (2.66), 04/20/2017).  Both installers ran fine after that.

The network I was installing from requires a proxy.  It *felt* like
after I entered incorrect proxy information the first time (lacking
http:// qualification) that subsequent entries didn't update the
configuration properly.  But, I might have done something wrong here.

Wireless of course did not work immediately, but ethernet was fine.

Installed to lvm-on-luks for the first time after shrinking Windows
partition to near minimum.  Using te manual partioner, it was a bit
confusing getting the order of operations right.  In particular, as a
newbie, it wasn't obvious whether I should do lvm-on-luks or
luks-on-lvm.

--

Please make sure that the hardware-summary log file, and any other
installation logs that you think would be useful are attached to this
report. Please compress large files using gzip.

Once you have filled out this report, mail it to sub...@bugs.debian.org.

==
Installer lsb-release:
==
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="9 (stretch) - installer build 20170407"
X_INSTALLATION_MEDIUM=cdrom

==
Installer hardware-summary:
==
uname -a: Linux uqbar 4.9.0-2-amd64 #1 SMP Debian 4.9.18-1 (2017-03-30) x86_64 
GNU/Linux
lspci -knn: 00:00.0 Host bridge [0600]: Intel Corporation 3rd Gen Core 
processor DRAM Controller [8086:0154] (rev 09)
lspci -knn: Subsystem: Lenovo Device [17aa:2203]
lspci -knn: 00:02.0 VGA compatible controller [0300]: Intel Corporation 3rd Gen 
Core processor Graphics Controller [8086:0166] (rev 09)
lspci -knn: Subsystem: Lenovo Device [17aa:2203]
lspci -knn: 00:14.0 USB controller [0c03]: Intel Corporation 7 Series/C210 
Series Chipset Family USB xHCI Host Controller [8086:1e31] (rev 04)
lspci -knn: Subsystem: Lenovo Device [17aa:2203]
lspci -knn: Kernel driver in use: xhci_hcd
lspci -knn: Kernel modules: xhci_pci
lspci -knn: 00:16.0 Communication controller [0780]: Intel Corporation 7 
Series/C216 Chipset Family MEI Controller #1 [8086:1e3a] (rev 04)
lspci -knn: Subsystem: Lenovo Device [17aa:2203]
lspci -knn: 00:19.0 Ethernet controller [0200]: Intel Corporation 82579LM 
Gigabit Network Connection [8086:1502] (rev 04)
lspci -knn: Subsystem: Lenovo Device [17aa:21f3]
lspci -knn: Kernel driver in use: e1000e
lspci -knn: Kernel modules: e1000e
lspci -knn: 00:1a.0 USB controller [0c03]: Intel Corporation 7 Series/C216 
Chipset Family USB Enhanced Host Controller #2 [8086:1e2d] (rev 04)
lspci -knn: Subsystem: Lenovo Device [17aa:2203]
lspci -knn: Kernel driver in use: ehci-pci
lspci -knn: Kernel modules: ehci_pci
lspci -knn: 00:1b.0 Audio device [0403]: Intel Corporation 7 Series/C216 
Chipset Family High Definition Audio Controller [8086:1e20] (rev 04)
lspci -knn: Subsystem: Lenovo Device [17aa:2203]
lspci -knn: 00:1c.0 PCI bridge [0604]: Intel Corporation 7 Series/C216 Chipset 
Family PCI Express Root Port 1 [8086:1e10] (rev c4)
lspci -knn: Kernel driver in use: pcieport
lspci -knn: 00:1c.1 PCI bridge [0604]: Intel Corporation 7 Series/C210 Series 
Chipset Family PCI Express Root Port 2 [8086:1e12] (rev c4)
lspci -knn: Kernel driver in use: pcieport
lspci -knn: 00:1c.2 PCI bridge [0604]: Intel Corporation 7 Series/C210 Series 
Chipset Family PCI Express Root Port 3 [8086:1e14] (rev c4)
lspci -knn: Kernel driver in use: pcieport
lspci -knn: 00:1d.0 USB controller [0c03]: Intel Corporation 7 Series/C216 
Chipset Family USB Enhanced Host Controller #1 [8086:1e26] (rev 04)
lspci -knn: Subsystem: Lenovo Device [17aa:2203]
lspci -knn: Kernel driver in use: ehci-pci
lspci -knn: Kernel modules: ehci_pci
lspci -knn: 00:1f.0 ISA bridge [0601]: Intel

Bug#846278: light-locker fails to unlock

2017-05-22 Thread Kit Haines

Package: light-locker
Version: 1.7.0-3
Followup-For: Bug #846278

Dear Maintainer,

> Please try with another desktop environment, like Xfce.

I am experiencing this issue on fresh xfce installations of
stretch. I've needed to disable lightlocker to get around it. As this
is a default configuration, this bug is grave - the package should not
release like this.

Thanks in advance,
- Kit


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages light-locker depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.26.0-2+b1
ii  libc62.24-10
ii  libcairo21.14.8-1
ii  libdbus-1-3  1.10.18-1
ii  libdbus-glib-1-2 0.108-2
ii  libglib2.0-0 2.50.3-2
ii  libgtk-3-0   3.22.11-1
ii  libpango-1.0-0   1.40.5-1
ii  libpangocairo-1.0-0  1.40.5-1
ii  libsystemd0  232-23
ii  libx11-6 2:1.6.4-3
ii  libxext6 2:1.3.3-1+b2
ii  libxss1  1:1.2.2-1
ii  lightdm  1.18.3-1

light-locker recommends no packages.

light-locker suggests no packages.

-- no debconf information

Bug#820194: nasm: please make the build reproducible (font ordering in documentation)

2017-05-22 Thread Jordan Justen

Control: owner -1 !

I rebased your patch. Some portions of the patch seem to have been
adopted upstream. I need to verify that it still fixes the issue.

https://anonscm.debian.org/cgit/collab-maint/nasm.git/commit/?id=6ca604a0


signature.asc
Description: signature

Bug#862753: Fwd: mpg123 crashes in Remote mode if FORMAT command issued when file loaded but not started playback

2017-05-22 Thread Thomas Orgis

Am Wed, 17 May 2017 08:13:32 +0200
schrieb Thomas Orgis : 

> Confirmed with current upstream mpg123 1.24.0:
> 
> $ mpg123 -R -o dummy
> @R MPG123 (ThOr) v8
> LP some_file.mp3
> @I ID3v2.title:some title
> @I ID3v2.artist:some band
> @I ID3v2.year:2017
> @I ID3v2.comment:whatever
> @I ID3v2.genre:some_style
> @P 1
> FORMAT
> @FORMAT 44100 2
> pause
> @P 2
> main: [src/mpg123.c:809] error: Deep trouble! Cannot flush to my output 
> anymore!
> 08:09|sturbolzen:~$ 

This should be fixed in the upcoming 1.25.0. Please test the
https://mpg123.org/snapshot .

$ src/mpg123 -R -o test
@R MPG123 (ThOr) v8
lp /home/thomas/daten/projekte/mosin_nagant/forced_to_kill_thor.mp3
@I forced_to_kill_thor
@P 1
format
@FORMAT 44100 2
p
@P 2
@S 1.0 3 44100 Stereo 0 417 2 0 0 0 128 0 0
@F 0 7335 0.00 191.61
@F 0 7335 0.00 191.61
@F 1 7335 0.03 191.61
@F 2 7334 0.05 191.58
@F 3 7333 0.08 191.56

I finally resorted to introducing new API to libmpg123 to avoid the
interference of FORMAT with the main playback loop.


Alrighty then,

Thomas


pgpRzfBh4L8fu.pgp
Description: Digitale Signatur von OpenPGP

Bug#863177: live-wrapper: Braille and speech support

2017-05-22 Thread Samuel Thibault

Package: live-wrapper
Version: 0.6
Severity: important

Hello,

For braille and speech support in the live images, one would need the
brltty, espeakup and alsa-utils packages.  The attached patch adds them.

Samuel

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages live-wrapper depends on:
ii  debian-archive-keyring  2014.3
ii  isolinux3:6.03+dfsg-14.1
ii  python-apt  1.4.0~beta3
ii  python-cliapp   1.20160724-2
ii  python-distro-info  0.14
ii  python-requests 2.12.4-1
pn  python:any  
ii  vmdebootstrap   1.7-1
ii  xorriso 1.4.6-1+b1

live-wrapper recommends no packages.

Versions of packages live-wrapper suggests:
pn  cmdtest  

-- no debconf information

-- 
Samuel
 ya(ka|ma|to)* ca existe une fois sur 2 au japon, c'est facile ;-)
 -+- #ens-mim au japon -+-
diff --git a/hooks/customise.sh b/hooks/customise.sh
index acc6a02..f0ac188 100755
--- a/hooks/customise.sh
+++ b/hooks/customise.sh
@@ -17,7 +17,7 @@ cat /etc/resolv.conf > ${rootdir}/etc/resolv.conf
 
 prepare_apt_source "${LWR_MIRROR}" "${LWR_DISTRIBUTION}"
 
-chroot ${rootdir} apt-get -y install initramfs-tools live-boot live-config 
${LWR_TASK_PACKAGES} ${LWR_EXTRA_PACKAGES} task-laptop task-english 
libnss-myhostname
+chroot ${rootdir} apt-get -y install initramfs-tools live-boot live-config 
${LWR_TASK_PACKAGES} ${LWR_EXTRA_PACKAGES} brltty espeakup alsa-utils 
task-laptop task-english libnss-myhostname
 
 # Temporary fix for #843983
 chroot ${rootdir} chmod 755 /

Bug#863095: screen: syntax changed for -L argument, effectively an API change :/

2017-05-22 Thread Daniel Kahn Gillmor

On Tue 2017-05-23 00:43:01 +0200, Axel Beckert wrote:
> Control: tag -1 + patch moreinfo
>
> Daniel and others who might be affected by that regression: Please
> test the patch at the end of the mail if it suffices to fix your issue
> with regards the API and if it doesn't cause any other regressions.

I've tested git commit fd125417bafe21915f1160428cdd4daae6300f6a from
https://anonscm.debian.org/git/collab-maint/screen.git and i believe it
resolves the issue for me.  Thanks for your prompt action!

I owe you the beverage of your choosing the next time i see you, Axel :)

  --dkg

signature.asc
Description: PGP signature

Bug#863095: screen: syntax changed for -L argument, effectively an API change :/

2017-05-22 Thread Daniel Kahn Gillmor

On Sun 2017-05-21 21:03:36 +0200, Axel Beckert wrote:
> Control: forwarded -1 http://savannah.gnu.org/bugs/?50440

hey, thanks for finding that, Axel!

> Can you check if this is fixed in screen 4.5.1-3 from Debian
> Experimental? Because according to the upstream bug report
> http://savannah.gnu.org/bugs/?50440 this should be fixed in 4.5.1.

yes, i can confirm that it is fixed by 4.5.1-3.

my test is pretty simple:

touch $(pwd)/screenrc
screen -L -c $(pwd)/screenrc

> If so, I'll try to cherry-pick the according upstream commits. Seem to
> be these commits:
>
> Code change:
> http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=18193bc7b237d66a076fffa21d4308dbb4f83cc5
>
> Documentation updates:
> http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=13183da34eaf9efb3c6b47371c08ff786eaf712b
>  
> http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=a38de4e6627f01cad43cff57490fd80a988b8e18
> http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=74c5883c47d84154e322dc18adbafbe7af5795b3

I haven't tested with these commits cherry-picked myself, but it sounds
like you're on the right track.

much appreciation for the rapid diagnosis!

 --dkg


signature.asc
Description: PGP signature

Bug#822914: dpkg: Please add support for new architecture "riscv64" (RISC-V 64 bits little-endian)

2017-05-22 Thread Manuel A. Fernandez Montecelo

... and 1+ year later...

2016-05-04 2:03 GMT+02:00 Guillem Jover :
>
> On Fri, 2016-04-29 at 19:26:50 +0100, Manuel A. Fernandez Montecelo wrote:
>
>> - the support in the toolchain projects has not been merged yet,
>>  althought it's been planned for some time and can start at any moment
>>
>>  I understand if you don't want to enable support yet for this reason,
>>  I can ping the bug when that happens.
>
> Yes, I'd rather wait. I'm marking the bug as moreinfo, please remove
> the tag when the upstreaming is complete.

GCC (present in 7.x) and binutils (2.28 onwards, actually before that
in Debian due to backported patches to 2.27) have been upstreamed,
glibc and Linux (among others) are missing.

Do you still prefer to wait until all bits are upstreamed?  Aurelient
Jarno told me several times that it would be important to be have
support in stable releases, otherwise people like DSA are a bit more
reluctant (or gives them more work) to install from backports or
similar, for the bits of infrastructure which need support.

Cheers.
-- 
Manuel A. Fernandez Montecelo

Bug#863176: debian-edu-config: missing entries in Makefile break exim4 configuration

2017-05-22 Thread Wolfgang Schweer

Package: debian-edu-config
Version: 1.927
Severity: serious

The exim4 tools added to fix the broken exim4 security are missing due 
to forgotten Makefile entries.

Wolfgang


signature.asc
Description: PGP signature

Bug#863095: screen: syntax changed for -L argument, effectively an API change :/

2017-05-22 Thread Axel Beckert

Control: tag -1 + patch moreinfo

Hi again,

Daniel and others who might be affected by that regression: Please
test the patch at the end of the mail if it suffices to fix your issue
with regards the API and if it doesn't cause any other regressions.

Axel Beckert wrote:
> Axel Beckert wrote:
> > > but if you have any pre-existing code that does something like:
> > > 
> > > screen -L -c foo.screenrc
> > > 
> > > then it fails in 4.5.0 because it doesn't like -c as an argument to
> > > -L.
[...]
> > Seem to be these commits:
> > 
> > Code change:
> > http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=18193bc7b237d66a076fffa21d4308dbb4f83cc5
> 
> Unfortunately this commit doesn't apply to 4.5.0. But I noticed
> there's an earlier and much smaller commit which explicitly targets the
> API regression:
> 
> http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=c14e05e7c36c64d85198ed0fc89177427ece48d4
> 
> I'll check if that also suffice.

Unfortunately not. While it seems to suffice for case reported at
upstream, it does not suffice for your case:

Calling "screen -L -c foo.screenrc" with that patch applied starts a
screen session, which immediately shows the message "Cannot exec
'foo.screenrc': No such file or directory" in the status line and then
exits again.

But as far as I understand the code it was just forgetten to revert
the two counters if the argument after -L starts with a dash. So
adding

  av--;
  ac++;

(and curly braces) to that if clause seems to do it for my quick
tests.

Full patch as planned:

Origin: c14e05e7c36c64d85198ed0fc89177427ece48d4
Author: Alexander Naumov 
Description: Ignore logfile's name that begins with the "-" symbol
 This fixes the API:
 .
 To enable logging we use -L option. But in case of
 default logfile name (screenlog.0) we will need to
 define it anyway. Because screen will try to interpret
 next option as a parameter for -L option (which is
 logfile name). It will fails ALWAYS, because next
 parameter will always start with "-" symbol...
 what is not permited for logfile name of course.
 .   
 For example:
 .
 $ screen -L -D -m ./configure
 .
 In this case logfile name is screenlog.0, because "-D"
 will not be interpreted by screen as a name of logfile.
Bug-Debian: https://bugs.debian.org/863095
Bug: https://savannah.gnu.org/bugs/?50440
Reviewd-By: Axel Beckert 

--- a/doc/screen.1
+++ b/doc/screen.1
@@ -262,8 +262,8 @@
 tells
 .I screen
 to turn on automatic output logging for the windows. By default, logfile's name
-is screenlog.1. You can sets new name: add it right after -L option e.g. 
"screen
--L my_logfile".
+is screenlog.0. You can set new name: add it right after -L option e.g. "screen
+-L my_logfile". Keep in mind that name can not start with "-" symbol.
 .TP 5
 .B \-m
 causes
--- a/doc/screen.texinfo
+++ b/doc/screen.texinfo
@@ -334,7 +334,9 @@

 @item -L
 Tell @code{screen} to turn on automatic output logging for the
-windows.
+windows. By default, logfile's name is screenlog.0. You can set new name:
+add it right after -L option e.g. "screen -L my_logfile". Keep in mind
+that name can not start with "-" symbol.

 @item -m
 Tell @code{screen} to ignore the @code{$STY} environment variable.  When
--- a/screen.c
+++ b/screen.c
@@ -669,8 +669,11 @@
   case 'L':
 if (--ac != 0) {
   screenlogfile = SaveStr(*++av);
-  if (screenlogfile[0] == '-')
-Panic(0, "-L: logfile name can not start with \"-\" symbol");
+  if (screenlogfile[0] == '-') {
+screenlogfile = SaveStr("screenlog.%n");
+av--;
+ac++;
+  }
   if (strlen(screenlogfile) > PATH_MAX)
 Panic(0, "-L: logfile name too long. (max. %d char)", 
PATH_MAX);
 }

You can also checkout the whole source package with that patch from
the branch "stretch-planned" in the packaging git repo:

https://anonscm.debian.org/cgit/collab-maint/screen.git/log/?h=stretch-planned

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

signature.asc
Description: Digital signature

Bug#862794: [Packaging] Bug#862794: munin-plugins-core needs to depend on package time or http_loadtime plugin breaks

2017-05-22 Thread Holger Levsen

Hi,

thanks for your bug report!

On Wed, May 17, 2017 at 06:33:49AM +0200, DoubleHP wrote:
> If you refuse to add this dep, you want to remove http_loadtime from
> auto-install…

no, the time package should probably be suggested but not be depended upon,
*maybe* recommended by the plugin-packages of munin 3.0…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#863175: u-boot-rpi: Please add support for "fdt apply"

2017-05-22 Thread Sebastian Reichel

Package: u-boot-rpi
Version: 2016.11+dfsg1-4
Severity: wishlist

Hi,

Please enable support for DT overlays for the RPi U-Boot:

https://github.com/u-boot/u-boot/commit/e6628ad7b99b285b25147366c68a7b956e362878

-- Sebastian

Bug#863174: device-tree-compiler: Missing support for DT overlays

2017-05-22 Thread Sebastian Reichel

Package: device-tree-compiler
Version: 1.4.2-1
Severity: normal

Hi,

Please update to a newer release, that supports DT overlays (Debian
package does not support them, git master supports them). Simple
testcase:

--
/dtc-v1/;
/plugin/;
/ { };
--

-- Sebastian

Bug#862051: Refer #862051 to ctte (WAS: nodejs-legacy: possibly drop this package, now that ax25-node has been removed?)

2017-05-22 Thread Philip Hands

Margarita Manterola  writes:

> Hi,
>
> Unfortunately the initial reassign message didn't make it to the debian-ctte
> list, so quoting it here for context:
>
>> Control: retitle -1 Rename nodejs back to node for buster, now that
>> ax25-node has been removed?
>
>> Dear tech-ctte,
>> 
>> In 2012, the decision was made to rename Node.js' "node" name to
>> nodejs-legacy, and transition the existing "node" package to ax25-node.
>> However, ax25-node (and the "node" package following) were removed in
>> 2015 citing lack of activity:
>> https://packages.qa.debian.org/n/node.html
>> 
>> Thus, would it be possible to revert the original decision, and rename
>> nodejs back to node in the next Debian release? Doing so would make
>> working with JavaScript programs outside of Debian a lot easier, as
>> projects tend to hardcode the "node" interpreter name.
>
> I have just re-read parts of the discussion from 2012 (it was a very long and
> heated discussion that spanned multiple bugs and mailing lists).
>
> Part of the reasoning that was taken into account when deciding that neither 
> the
> old node nor the new node would keep the node command line was that "node" is
> too common of a name to be a good command line name.
>
> This is still true today.  However, 5 years after the initial decision, the 
> use
> of Node.js has kept growing to the point that it is by far the most expected
> meaning of the word "node" in the IT context.
>
> This, compounded with the fact that the old node will be gone in stretch, 
> means
> that it makes sense for nodejs to become node.
>
> Does anyone think differently?

Assuming that we're only talking about the name of the binary that the
nodejs package installs (rather than renaming the package itself), then
I think it is reasonable for nodejs-legacy to effectively be merged into
the nodejs package.

I presume we'd want to continue providing /usr/bin/nodejs for people
that have switched to using that, so that might as well continue to be
the name of the binary, since that gives us a 'node' symlink that is
self-documenting.

If ax25-node reenters the archive at some point, that should now be no
problem, since AIUI it now provides only an ax25-node binary (which is
not directly run by users).

Is there any need to have a versioned Conflicts against old versions of
ax25-node/node?

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Bug#863172: Xen crash when rebooting

2017-05-22 Thread Nicolas DEFFAYET

Package: xen-hypervisor-4.4-amd64
Version: 4.4.1-9+deb8u9
Severity: normal

System: Dell PowerEdge R730xd


Issue
-

Xen crash when rebooting.

[1026816.942084] systemd-shutdown[1]: Rebooting.
[1026817.087565] reboot: Restarting system
(XEN) Domain 0 shutdown: rebooting machine.
(XEN) [ Xen-4.4.1  x86_64  debug=n  Not tainted ]
(XEN) CPU:0
(XEN) RIP:e008:[<7a2565cb>] 7a2565cb
(XEN) RFLAGS: 00010246   CONTEXT: hypervisor
(XEN) rax:    rbx:    rcx:
800f8040
(XEN) rdx: 0003   rsi: 001526f0   rdi:
82d0802c
(XEN) rbp: 002020638000   rsp: 82d0802c7cc8   r8:

(XEN) r9:     r10:    r11:
800f8040
(XEN) r12:    r13: 0061   r14:
fee1dead
(XEN) r15: 7fff7dc6dd50   cr0: 80050033   cr4:
001526f0
(XEN) cr3: 001033a4e000   cr2: 800f8040
(XEN) ds:    es:    fs:    gs:    ss: e010   cs: e008
(XEN) Xen stack trace from rsp=82d0802c7cc8:
(XEN)0046 82d08014ca14 831033b0
00103ff9d002
(XEN)83103fff3901 00018025fa80 83103fff39a0
7a257895
(XEN)800f8040 001d000100a0 831033b0
82d08025fa80
(XEN)83103fff39a0 7a2568e3 000f8040
000f002e
(XEN)0001 82d08014d565 83103fff3a6c
7a2560cb
(XEN)000f8040 831033b000e0 001d00a0
82d080166690
(XEN)0001 feda8000 82d0802c
7a24fca8
(XEN)7fff7dc6dd50 7a186b18 7a186b18
0002
(XEN)0017 7a24f8c4 7a186b28
0003
(XEN) 0001 0206
0003
(XEN)002020638000 ff00 
82d080222a1d
(XEN)efff8310  

(XEN)0061  fffe
82d08018395d
(XEN)82d0802c  0001
0001
(XEN)831033c5a000 831033c5a138 fee1dead
82d080105059
(XEN)  28121969
8184a540
(XEN)0002 82d080127451 0001e030
000e
(XEN)880102b0083a c966d448 880102b0083c
83006d317000
(XEN)28121969 82d0802201b9 c966d400
c966d44c
(XEN)880102b0083c c966d448 28121969

(XEN) Xen call trace:
(XEN)[<7a2565cb>] 7a2565cb
(XEN)[] invalidate_sync+0x1b4/0x280
(XEN)[] io_apic_read_remap_rte+0x25/0x260
(XEN)[] io_apic_read+0/0x60
(XEN)[] efi_reset_system+0x2d/0x60
(XEN)[] machine_restart+0xbd/0x1f0
(XEN)[] domain_shutdown+0xd9/0xf0
(XEN)[] do_sched_op+0x1c1/0x480
(XEN)[] syscall_enter+0xa9/0xae
(XEN) 
(XEN) Pagetable walk from 800f8040:
(XEN)  L4[0x000] = 001033a4d063 
(XEN)  L3[0x002] =  
(XEN) 
(XEN) 
(XEN) Panic on CPU 0:
(XEN) FATAL PAGE FAULT
(XEN) [error_code=]
(XEN) Faulting linear address: 800f8040
(XEN) 
(XEN) 
(XEN) Reboot in five seconds...

The only way to reboot the machine after this crash is to power cycle.


How reproduce
-

Install Debian Jessie x64 and xen-system-amd64 on Dell PowerEdge R730xd.
Try to reboot the machine with the command reboot.
You will get the crash.

The issue is only on Dell PowerEdge R730xd model. Dell PowerEdge
R510/R520 didn't have the issue.



-- 
Nicolas DEFFAYET

Bug#852780: [sage-packaging] Cantor sage backend

2017-05-22 Thread Ximin Luo

(+CC the debian bug)

Antonio Rojas:
> El lunes, 22 de mayo de 2017 18:56:00 (CEST) Ximin Luo escribió:
>> Has anyone had any success in making this work? In Debian we're suffering 
>> from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852780 at the moment.
>>
>> I'm not sure how Cantor is interfacing with Sage; and in Debian we do patch 
>> away a lot of CLI options relating to Sage-the-distro, similar to what 
>> Gentoo does.
>>
> 
> Hi,
>  I fixed the version detection in 16.12:
>  
> https://cgit.kde.org/cantor.git/commit/?id=8d3d07a683ca6758eada1cd8442047401c0fa83d
> 
>  However, interfacing with Sage is completely broken since the ipython 5.0 
> upgrade. Cantor uses KPtyProcess to read Sage's output, and the new ipython 
> highlighting confuses it (it can't interpret the ANSI codes). I guess the 
> easiest fix would be to add a flag to the sage command that would force 
> ipython to run in --simple-prompt mode, and make Cantor run sage with that 
> flag.
>  Also note that there is an ongoing Google SOC project about rewriting 
> Cantor's interface with its backends, so this may be fixed in the process.
> 

Thanks for the info. I had a play around, unfortunately --simple-prompt won't 
be sufficient.

1. I edited /usr/lib/python2.7/dist-packages/sage/repl/configuration.py to 
force _allow_ansi to always return False, which forces simple_prompt=True and 
term_title=False.

2. Then I binary-edited the regexp string in 
/usr/lib/x86_64-linux-gnu/qt5/plugins/cantor/backends/cantor_sagebackend.so to 
instead say '.[a-zA-Z\W].+\s+(\d+)\.(\d+)' - i.e. a hack that effectively 
removes the first parentheses so the broken code works "correctly" for 7.6.

Now cantor detects sage's version correctly, but then fails because of 
https://github.com/ipython/ipython/issues/9816


found version:  ("[.. banner ANSI codes and box drawing characters ..] SageMath 
version 7.6", "7", "6")
using the current set of commands
out:  "[..]  SageMath version 7.6, Release Date: 2017-03-25  [..]\r\nIn [1]: In 
[2]: In [3]: In [4]: In [5]: In [6]: In [7]: In [8]: In [9]: TMP_DIR 
/home/infinity0/.sage/temp/pdeb1/30547\r\nIn [10]: In [11]: In [12]:   File 
\"\", line 1\r\ndef 
__cantor_enable_typesetting(enable):\r\n
^\r\nSyntaxError: unexpected EOF while parsing\r\n\r\nIn [13]:   File 
\"\", line 1\r\nif(enable==true):\r\n
 ^\r\nSyntaxError: unexpected EOF while parsing\r\n\r\nIn [14]: In 
[15]:   File \"\", line 1\r\nelse:\r\n   
^\r\nSyntaxError: invalid syntax\r\n\r\nIn [16]: In [17]: In [17]: 
END_OF_INIT\r\nIn [18]: "


You get the same error when doing this manually with sage (with _allow_ansi 
hacked to be False as above):


$ sage
[.. banner ..]
In [1]: def __cantor_enable_typesetting(enable):
  File "", line 1
def __cantor_enable_typesetting(enable):
^
SyntaxError: unexpected EOF while parsing


REPLs generally support multiline input (e.g. Python itself) so unless the GSoC 
student specifically wants Cantor+Sage to work, we'll have to try to figure out 
how to push ipython to fix their simple-prompt...

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

Bug#863095: screen: syntax changed for -L argument, effectively an API change :/

2017-05-22 Thread Axel Beckert

Control: found -1 4.5.0-1
Control: fixed -1 4.5.1-1

Hi Daniel,

Axel Beckert wrote:
> Control: tag -1 + upstream fixed-upstream confirmed
> > but if you have any pre-existing code that does something like:
> > 
> > screen -L -c foo.screenrc
> > 
> > then it fails in 4.5.0 because it doesn't like -c as an argument to
> > -L.
> 
> Can you check if this is fixed in screen 4.5.1-3 from Debian
> Experimental? Because according to the upstream bug report
> http://savannah.gnu.org/bugs/?50440 this should be fixed in 4.5.1.

I just checked with that example and an empty foo.screenrc and I can
confirm that this is fixed in Debian Experimental.

> If so, I'll try to cherry-pick the according upstream commits. Seem to
> be these commits:
> 
> Code change:
> http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=18193bc7b237d66a076fffa21d4308dbb4f83cc5

Unfortunately this commit doesn't apply to 4.5.0. But I noticed
there's an earlier and much smaller commit which explicitly targets the
API regression:

http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=c14e05e7c36c64d85198ed0fc89177427ece48d4

I'll check if that also suffice. I'd though be happy if you could have
a look over this commit and tell me if you also think that this commit
is already sufficient.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#863170: ITP: libayatana-appindicator -- Ayatana Application Indicators

2017-05-22 Thread Mike Gabriel

Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

* Package name: libayatana-appindicator
  Version : 0.5.0
  Upstream Author : Mike Gabriel 
Ted Gould 
Cody Russel 
* URL : https://github.com/ArcticaProject/libayatana-appindicator
* License : GPL, LGPL
  Programming Lang: C
  Description : Ayatana Application Indicators

 With Aytana Application Indicators you can build indicator applets
 for modern desktops.
 .
 The upstream project has been formed from Ubuntu's libappindicator
 project in order to make it available on Ubuntu and non-Ubuntu platforms
 alike. Thus, all Ubuntu-specfic patches have been removed/replaced.
 .
 The purpose of Ayatana Indicators is providing a generic approach for
 indicator support, so that all available Linux distributions can benefit
 from the indicators concept.

Bug#863171: claws-mail: new upstream fixes a number of memory leaks

2017-05-22 Thread Stephen Kitt

Package: claws-mail
Version: 3.14.1-3+b1
Severity: wishlist

Dear Maintainer,

It would be great to have 3.15 in experimental — it fixes quite a few
large memory leaks (amazingly, tens of gigabytes on my system).

Regards,

Stephen


-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (500, 'stable'), (200, 
'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages claws-mail depends on:
ii  libatk1.0-0  2.22.0-1
ii  libc62.24-10
ii  libcairo21.14.8-1
ii  libcompfaceg11:1.5.2-5+b2
ii  libdb5.3 5.3.28-12+b1
ii  libdbus-1-3  1.10.18-1
ii  libdbus-glib-1-2 0.108-2
ii  libenchant1c2a   1.6.0-11+b1
ii  libetpan17   1.6-2
ii  libfontconfig1   2.11.0-6.7+b1
ii  libfreetype6 2.6.3-3.2
ii  libgdk-pixbuf2.0-0   2.36.5-2
ii  libglib2.0-0 2.50.3-2
ii  libgnutls30  3.5.8-5
ii  libgtk2.0-0  2.24.31-2
ii  libice6  2:1.0.9-2
ii  libldap-2.4-22.4.44+dfsg-4+b1
ii  liblockfile1 1.14-1+b1
ii  libpango-1.0-0   1.40.5-1
ii  libpangocairo-1.0-0  1.40.5-1
ii  libpangoft2-1.0-01.40.5-1
ii  libpisock9   0.12.5-dfsg-2+b3
ii  libsasl2-2   2.1.27~101-g0780600+dfsg-3
ii  libsm6   2:1.2.2-1+b3
ii  xdg-utils1.1.1-1
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages claws-mail recommends:
ii  aspell-en [aspell-dictionary]  2016.11.20-0-0.1
ii  aspell-fr [aspell-dictionary]  0.50-3-8
ii  claws-mail-i18n3.14.1-3
ii  xfonts-100dpi  1:1.0.4+nmu1
ii  xfonts-100dpi-transcoded   1:1.0.4+nmu1
ii  xfonts-75dpi   1:1.0.4+nmu1
ii  xfonts-75dpi-transcoded1:1.0.4+nmu1

Versions of packages claws-mail suggests:
ii  chromium [www-browser] 58.0.3029.81-1
ii  claws-mail-doc 3.14.1-3
ii  claws-mail-tools   3.14.1-3
ii  firefox-esr [www-browser]  45.9.0esr-1
ii  gedit  3.22.0-2
ii  lynx [www-browser] 2.8.9dev11-1
ii  mousepad   0.4.0-4
ii  w3m [www-browser]  0.5.3-34

-- no debconf information

Bug#863108: RFS: minecraft-installer/0.1-1 [ITP] -- Unofficial way to easily install game

2017-05-22 Thread Carlos Donizete Froes

Em seg, 2017-05-22 às 12:55 -0400, PICCORO McKAY Lenz escreveu:
> interesting, but seems more complicated in background download more software 
> rather than reall
> need! a complete JDK either a JRE!

I'm sorry but I did not understand your doubt.

For the game to work it is necessary to have the OpenJDK Java runtime 
(default-jre) installed, which
when seeing me comes standard in almost all GNU/Linux distributions.

https://packages.debian.org/stretch/default-jre

> i need a java runtime to play a game that its native compiled? sound strange 
> but in any case, user
> never be know right?

It's an installer, not a game in itself.

Any questions about installing the game, check out my project on GitHub.

https://github.com/coringao/minecraft-installer

Thanks!

-- 
⢀⣴⠾⠻⢶⣦⠀ Carlos Donizete Froes [a.k.a coringao]
⣾⠁⢠⠒⠀⣿⡁ - https://wiki.debian.org/coringao
⢿⡄⠘⠷⠚⠋⠀ GPG: 4096R/B638B780
⠈⠳⣄⠀⠀⠀  2157 630B D441 A775 BEFF  D35F FA63 ADA6 B638 B780

signature.asc
Description: This is a digitally signed message part

Bug#863108: RFS: minecraft-installer/0.1-1 [ITP] -- Unofficial way to easily install game

2017-05-22 Thread Carlos Donizete Froes

Em seg, 2017-05-22 às 12:55 -0400, PICCORO McKAY Lenz escreveu:
> interesting, but seems more complicated in background download more software 
> rather than reall
> need! a complete JDK either a JRE!

I'm sorry but I did not understand your doubt.

For the game to work it is necessary to have the OpenJDK Java runtime 
(default-jre) installed, which
when seeing me comes standard in almost all GNU/Linux distributions.

https://packages.debian.org/stretch/default-jre

> i need a java runtime to play a game that its native compiled? sound strange 
> but in any case, user
> never be know right?

It's an installer, not a game in itself.

Any questions about installing the game, check out my project on GitHub.

https://github.com/coringao/minecraft-installer

Thanks!


-- 
⢀⣴⠾⠻⢶⣦⠀ Carlos Donizete Froes [a.k.a coringao]
⣾⠁⢠⠒⠀⣿⡁ - https://wiki.debian.org/coringao
⢿⡄⠘⠷⠚⠋⠀ GPG: 4096R/B638B780
⠈⠳⣄⠀⠀⠀  2157 630B D441 A775 BEFF  D35F FA63 ADA6 B638 B780

signature.asc
Description: This is a digitally signed message part

Bug#792934: libebook-tools-perl: install_driver(SQLite) failed: Can't locate DBD/SQLite.pm in @INC [NMU pending, again]

2017-05-22 Thread Axel Beckert

Hi Adrian and Zed,

Adrian Bunk wrote:
> > +  * Add missing dependency on libdbd-sqlite3-perl. (Closes: #792934)
> 
> This fix is not part of the debdiff, and the pacakge in stretch does not 
> have the dependency.

Adrian: Thanks for noticing. I indeed missed that.

I've prepared a new NMU as 0.5.4-1.3 which should really fix this and
uploaded it to DELAYED/2.

Zed: Please tell me if you prefer to fix this yourself or if I should
fast-forward it.

Traditional debdiff:

diff -u libebook-tools-perl-0.5.4/debian/changelog 
libebook-tools-perl-0.5.4/debian/changelog
--- libebook-tools-perl-0.5.4/debian/changelog
+++ libebook-tools-perl-0.5.4/debian/changelog
@@ -1,3 +1,11 @@
+libebook-tools-perl (0.5.4-1.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Really add missing dependency on libdbd-sqlite3-perl. Thanks to Adrian
+Bunk for noticing. (Closes: #792934)
+
+ -- Axel Beckert   Mon, 22 May 2017 22:59:07 +0200
+
 libebook-tools-perl (0.5.4-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u libebook-tools-perl-0.5.4/debian/control 
libebook-tools-perl-0.5.4/debian/control
--- libebook-tools-perl-0.5.4/debian/control
+++ libebook-tools-perl-0.5.4/debian/control
@@ -9,7 +9,7 @@
 
 Package: libebook-tools-perl
 Architecture: any
-Depends: perl (>= 5.10.1), libarchive-zip-perl, libbit-vector-perl, 
libconfig-inifiles-perl, libdate-manip-perl, libdbi-perl, 
libencode-detect-perl, libfile-mimeinfo-perl, libfile-slurp-perl, 
libfile-which-perl, libhtml-parser-perl, libimage-size-perl, 
liblingua-en-nameparse-perl, liblist-moreutils-perl, libmojolicious-perl (>= 
3), libossp-uuid-perl, libpalm-perl, libstring-crc32-perl, libtie-ixhash-perl, 
libtime-local-perl, libwww-perl, libxml-twig-perl, txt2html, ${misc:Depends}
+Depends: perl (>= 5.10.1), libarchive-zip-perl, libbit-vector-perl, 
libconfig-inifiles-perl, libdate-manip-perl, libdbd-sqlite3-perl, libdbi-perl, 
libencode-detect-perl, libfile-mimeinfo-perl, libfile-slurp-perl, 
libfile-which-perl, libhtml-parser-perl, libimage-size-perl, 
liblingua-en-nameparse-perl, liblist-moreutils-perl, libmojolicious-perl (>= 
3), libossp-uuid-perl, libpalm-perl, libstring-crc32-perl, libtie-ixhash-perl, 
libtime-local-perl, libwww-perl, libxml-twig-perl, txt2html, ${misc:Depends}
 Description: E-Book manipulation tool and Perl libraries
  EBook-Tools contains a library and a command-line tool for unpacking,
  creating, correcting, and repacking electronic books.

Word-based debdiff ("{+ ... +}" are additions):

diff -u libebook-tools-perl-0.5.4/debian/changelog 
libebook-tools-perl-0.5.4/debian/changelog
--- libebook-tools-perl-0.5.4/debian/changelog
+++ libebook-tools-perl-0.5.4/debian/changelog
@@ -1,3 +1,11 @@
 libebook-tools-perl {+(0.5.4-1.3) unstable; urgency=medium
 
   * Non-maintainer upload.
   * Really add missing dependency on libdbd-sqlite3-perl. Thanks to Adrian
 Bunk for noticing. (Closes: #792934)
 
  -- Axel Beckert   Mon, 22 May 2017 22:59:07 +0200
 
 libebook-tools-perl+} (0.5.4-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u libebook-tools-perl-0.5.4/debian/control 
libebook-tools-perl-0.5.4/debian/control
--- libebook-tools-perl-0.5.4/debian/control
+++ libebook-tools-perl-0.5.4/debian/control
@@ -9,7 +9,7 @@
 
 Package: libebook-tools-perl
 Architecture: any
 Depends: perl (>= 5.10.1), libarchive-zip-perl, libbit-vector-perl, 
libconfig-inifiles-perl, libdate-manip-perl, {+libdbd-sqlite3-perl,+} 
libdbi-perl, libencode-detect-perl, libfile-mimeinfo-perl, libfile-slurp-perl, 
libfile-which-perl, libhtml-parser-perl, libimage-size-perl, 
liblingua-en-nameparse-perl, liblist-moreutils-perl, libmojolicious-perl (>= 
3), libossp-uuid-perl, libpalm-perl, libstring-crc32-perl, libtie-ixhash-perl, 
libtime-local-perl, libwww-perl, libxml-twig-perl, txt2html, ${misc:Depends}
 Description: E-Book manipulation tool and Perl libraries
  EBook-Tools contains a library and a command-line tool for unpacking,
  creating, correcting, and repacking electronic books.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE


signature.asc
Description: Digital signature

Bug#863169: chromium: Chromium notification freeze mouse

2017-05-22 Thread Georgios Pediaditis

Package: chromium
Version: 58.0.3029.81-1
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Im running a chromium plugin (signal private messenger).
when the signal messenger is running on a different workspace and i get 
a message a notification appears
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
i tried to click on the notification that apeared.
   * What was the outcome of this action?
the mouse coursor freezes and i cant click anywhere. 
   * What outcome did you expect instead?
i expected to pop up signal window.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages chromium depends on:
ii  libasound2   1.1.3-5
ii  libatk1.0-0  2.22.0-1
ii  libavcodec57 7:3.2.4-1
ii  libavformat577:3.2.4-1
ii  libavutil55  7:3.2.4-1
ii  libc62.24-10
ii  libcairo21.14.8-1
ii  libcups2 2.2.1-8
ii  libdbus-1-3  1.10.18-1
ii  libevent-2.0-5   2.0.21-stable-3
ii  libexpat12.2.0-2
ii  libflac8 1.3.2-1
ii  libfontconfig1   2.11.0-6.7+b1
ii  libfreetype6 2.6.3-3.2
ii  libgcc1  1:6.3.0-18
ii  libgdk-pixbuf2.0-0   2.36.5-2
ii  libglib2.0-0 2.50.3-2
ii  libgtk2.0-0  2.24.31-2
ii  libharfbuzz0b1.4.2-1
ii  libicu57 57.1-6
ii  libjpeg62-turbo  1:1.5.1-2
ii  libminizip1  1.1-8+b1
ii  libnspr4 2:4.12-6
ii  libnss3  2:3.26.2-1
ii  libpango-1.0-0   1.40.5-1
ii  libpangocairo-1.0-0  1.40.5-1
ii  libpng16-16  1.6.28-1
ii  libpulse010.0-1
ii  libre2-3 20170101+dfsg-1
ii  libsnappy1v5 1.1.3-3
ii  libstdc++6   6.3.0-18
ii  libvpx4  1.6.1-3
ii  libwebp6 0.5.2-1
ii  libwebpdemux20.5.2-1
ii  libx11-6 2:1.6.4-3
ii  libx11-xcb1  2:1.6.4-3
ii  libxcb1  1.12-1
ii  libxcomposite1   1:0.4.4-2
ii  libxcursor1  1:1.1.14-1+b4
ii  libxdamage1  1:1.1.4-2+b3
ii  libxext6 2:1.3.3-1+b2
ii  libxfixes3   1:5.0.3-1
ii  libxi6   2:1.7.9-1
ii  libxml2  2.9.4+dfsg1-2.2
ii  libxrandr2   2:1.5.1-1
ii  libxrender1  1:0.9.10-1
ii  libxslt1.1   1.1.29-2.1
ii  libxss1  1:1.2.2-1
ii  libxtst6 2:1.2.3-1
ii  x11-utils7.7+3+b1
ii  xdg-utils1.1.1-1
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages chromium recommends:
ii  fonts-liberation  1:1.07.4-2

Versions of packages chromium suggests:
pn  chromium-driver
pn  chromium-l10n  
pn  chromium-shell 
pn  chromium-widevine  

-- no debconf information

Bug#721430: crosstool-ng, startpoint for further effort

2017-05-22 Thread Chris Packham

On 23/05/17 09:05, Geert Stappers wrote:
> Hello Chris,
> 
> On Mon, May 22, 2017 at 10:15:52PM +0200, Geert Stappers wrote:
>> On Sun, May 21, 2017 at 09:10:03PM +, Chris Packham wrote:
>>>
>>> I think I need to at least update my PR against the latest released
>>> version
>>
>> OK
> 
> I have a git clone of https://github.com/cpackham/crosstool-ng.git
> found the patch for the PR.
> 
> I'll join it with my work from yesterday.
> 
> And we have to find a way how we join effort.
> 

OK let me know if you need any help. I think the patch should rebase 
cleanly against https://github.com/crosstool-ng/crosstool-ng.git master.

Bug#721430: crosstool-ng, startpoint for further effort

2017-05-22 Thread Geert Stappers

Hello Chris,

On Mon, May 22, 2017 at 10:15:52PM +0200, Geert Stappers wrote:
> On Sun, May 21, 2017 at 09:10:03PM +, Chris Packham wrote:
> > 
> > I think I need to at least update my PR against the latest released 
> > version
> 
> OK

I have a git clone of https://github.com/cpackham/crosstool-ng.git
found the patch for the PR.

I'll join it with my work from yesterday.

And we have to find a way how we join effort.

Groeten
Geert Stappers
-- 
Leven en laten leven

signature.asc
Description: Digital signature

Bug#863166:

2017-05-22 Thread Alex Gaynor

This is also enabled in Ubuntu 16.04, being disabled in Debian can result
in some confusing debugging sessions

-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6

Bug#760992: debian-installer: i18n: doesn't load keyboard layout that was just set

2017-05-22 Thread Tamás Tardos

Hello,

I'm not sure whether anyone is reading this since if I understood the
conversation at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844611 correctly,
this package is currently already orphaned.

In any case, I revisited this report that I made some years ago and I
can confirm that this happens in current stable too.

Steps to reproduce:
1. Download
debian-live-8.8.0-amd64-xfce-desktop.iso
or
debian-live-8.8.0-amd64-lxde-desktop.iso
(other live desktops were not tested)
2. Write it to a USB key with
cp  /dev/sdX
sync
(burning to DVD not tested, but I see no reason why this shouldn't be
reproducible there)
3. Boot it, select "Live (amd64)" option at bootloader, which takes us
to the graphical desktop
4. Click the icon on the desktop to launch the installer
5. Select English as installer language
6. Select United States as country
7. Select Hungarian or German as keyboard layout (German only tested in lxde)
8. Wait through network configuration
9. In the text field for hostname, type some characters which reveals
layout hasn't changed from the original US one.

Even when I select German/Hungarian as installation language and
Deutchland/Magyarország as country beforehand, and then set the
keyboard layout to Deutch/magyar, the bug still happens.

The bug does not appear:
if we do not boot to the live system but instead boot to "Install
(amd64)" or "Graphical install" directly.

So this is a bug in the live system (maybe the way the keyboard layout
is set in these desktop environments conflicts with the installer
setting it?), but I am not sure that this is the right package this
bug belongs to (although probably, since people reassigned it from
debian-installer and the debian-live pseudo-package...)

Best regards,
Tamás

2014-09-11 0:29 GMT+02:00 Samuel Thibault :
> Control: reassign -1 debian-live
>
> Tamás Tardos, le Wed 10 Sep 2014 00:03:44 +0200, a écrit :
>> Hi and thanks for your quick responses.
>>
>> The exact ISOs are:
>> debian-live-7.6.0-amd64-xfce-desktop.iso
>> debian-live-7.6.0-amd64-kde-desktop+nonfree.iso
>>
>> With both of these I'm able to reproduce the bug by booting into the
>> live system, selecting the installer launcher and running it. After I set
>> my keymap, it remains English.
>>
>> However, I found out that this bug doesn't occur if I directly boot into the
>> installation (either the graphical or the text-based) from the same disk.
>>
>> So if I select "Live" at boot time, I get only English keymap, but if I
>> select "Install", it sets my layout correctly.
>
> Ah, this is a bug in debian-live then, not the installer. I have just
> tried with an old debian-live-7.2-i386-lxde-desktop.iso image I had on
> my harddisk, there was no bug there. Perhaps the difference is 7.2 vs
> 7.6, perhaps the difference is lxde vs xfce/kde.
>
> Samuel

Bug#863168: ismrmrd FTBFS on armhf: 1 failure is detected in the test module "ISMRMRD Unit Tests"

2017-05-22 Thread Adrian Bunk

Source: ismrmrd
Version: 1.3.3-1
Severity: important

https://buildd.debian.org/status/fetch.php?pkg=ismrmrd=armhf=1.3.3-1=1480195858=0

...
make -f tests/CMakeFiles/check.dir/build.make tests/CMakeFiles/check.dir/build
make[4]: Entering directory '/«PKGBUILDDIR»/obj-arm-linux-gnueabihf'
cd /«PKGBUILDDIR»/obj-arm-linux-gnueabihf/tests && ./test_ismrmrd
Running 25 test cases...
Entering test module "ISMRMRD Unit Tests"
/«PKGBUILDDIR»/tests/test_acquisitions.cpp(7): Entering test suite 
"AcquisitionsTest"
/«PKGBUILDDIR»/tests/test_acquisitions.cpp(11): Entering test case 
"test_acquisition_header"
unknown location(0): fatal error: in 
"AcquisitionsTest/test_acquisition_header": memory access violation at address: 
0xbecd3b6a: invalid address alignment
/«PKGBUILDDIR»/tests/test_acquisitions.cpp(130): last checkpoint
Test is aborted
/«PKGBUILDDIR»/tests/test_acquisitions.cpp(11): Leaving test case 
"test_acquisition_header"; testing time: 8619us
Test is aborted
/«PKGBUILDDIR»/tests/test_acquisitions.cpp(7): Leaving test suite 
"AcquisitionsTest"; testing time: 8703us
Test is aborted
Leaving test module "ISMRMRD Unit Tests"; testing time: 8795us

*** 1 failure is detected in the test module "ISMRMRD Unit Tests"
tests/CMakeFiles/check.dir/build.make:60: recipe for target 
'tests/CMakeFiles/check' failed
make[4]: *** [tests/CMakeFiles/check] Error 201

Bug#863167: gbp: crash when trying to sign when not in a branch

2017-05-22 Thread Mattia Rizzolo

Package: git-buildpackage
Severity: important
Version: 0.8.15

This works in 0.8.12.2 but doesn't in 0.8.15:

a@warren ~/devel/debian/RFS/lecm/lecm (git)-[bd00960...] % gbp buildpackage 
--git-tag-only --git-clean=true --git-ignore-new --git-ignore-branch
gbp:warning: Old style config section [git-buildpackage] found please rename to 
[buildpackage]
Traceback (most recent call last):
  File "/usr/bin/gbp", line 151, in 
sys.exit(supercommand())
  File "/usr/bin/gbp", line 147, in supercommand
return module.main(args)
  File "/usr/lib/python2.7/dist-packages/gbp/scripts/buildpackage.py", line 
797, in main
if is_pq_branch(branch):
  File "/usr/lib/python2.7/dist-packages/gbp/scripts/common/pq.py", line 47, in 
is_pq_branch
return [False, True][branch.startswith(PQ_BRANCH_PREFIX)]
AttributeError: 'NoneType' object has no attribute 'startswith'


-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#863166: aufs-dkms: Please enable CONFIG_AUFS_XATTR

2017-05-22 Thread Geoffrey Thomas


Package: aufs-dkms
Version: 4.9+20161219-1

Hi maintainer,

Can you enable CONFIG_AUFS_XATTR in config.mk for aufs? This allows aufs 
to support file capabilities (getcap/setcap) in aufs filesystems. Support 
has existed in aufs since early 2015 but the flag is off by default.


The lack of this option is a problem for Docker users:
https://github.com/moby/moby/issues/5650
https://stackoverflow.com/questions/44117543/getcap-setcap-not-working-in-docker-container-with-debian-stretch-host

I've tested that setting `CONFIG_AUFS_XATTR = y` in config.mk, and 
rebuilding the DKMS module, causes running getcap inside Docker to start 
working.


If it's possible to get this enabled for Stretch (either in the release or 
via stretch-backports), that would be very helpful -- it looks like the 
config option only enables setxattr etc. to be used on aufs inodes, so the 
risk of regressions is pretty low.


Thanks,
--
Geoffrey Thomas
https://ldpreload.com
geo...@ldpreload.com

Bug#863165: nova-consoleproxy: syntax error in /etc/init.d/nova-xenvncproxy

2017-05-22 Thread Valentin Vidic

Package: nova-consoleproxy
Version: 2:14.0.0-4
Severity: normal

Dear Maintainer,

Starting one of the services in the package reports a syntax error:

# /etc/init.d/nova-xenvncproxy start
/etc/init.d/nova-xenvncproxy: line 27: [: missing `]'

The problem is in the following if statement:

# If SERVICE_FILE is set, we're generating the .service file, and we don't want 
to exit
if ! [ "${NOVA_CONSOLE_PROXY_TYPE}" = "xenvnc" ] && [ -z "${SERVICE_FILE}"; then
exit 0
fi

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages nova-consoleproxy depends on:
ii  debconf [debconf-2.0]  1.5.60
ii  lsb-base   9.20161125
ii  nova-common2:14.0.0-4
ii  novnc  1:0.4+dfsg+1+20131010+gitf68af8af3d-6
pn  python:any 
ii  spice-html50.1.7-1
ii  websockify 0.8.0+dfsg1-7

nova-consoleproxy recommends no packages.

nova-consoleproxy suggests no packages.

-- debconf information:
  nova-consoleproxy/daemon_type: spicehtml5

Bug#695545: Bug#721430: crosstool-ng, startpoint for further effort

2017-05-22 Thread Geert Stappers

On Sun, May 21, 2017 at 09:10:03PM +, Chris Packham wrote:
> On 21/05/17 22:21, Geert Stappers wrote:
> > 
> > Hi all who care about crosstool-ng,
> > 
> > So there was packaging done.
> > It was on version 1.17. Current version is 1.23
> > 
> > What could be a start point for further effort
> > on getting crosstool-ng in Debian?
> 
> That's kind of where I'm stuck. I last updated the packaging against 
> 1.22. Ran though lintian and made some updates.
> 
> https://github.com/crosstool-ng/crosstool-ng/pull/352
> 
> The crosstool-ng maintainer and I had some questions about what 
> dependencies need spelling out explicitly.
> 
> I also wanted to know how seriously to treat some lintian warnings. In 
> particular because much of ct-ng is shell scripts lintian thinks it 
> should be a noarch package but it also uses kconfig which must be 
> compiled for a specific architecture.
> 
> What I really wanted was some feedback as to where to go next.
> 
> https://lists.debian.org/debian-wnpp/2016/02/msg00895.html
> 
> I think I need to at least update my PR against the latest released 
> version

OK


> (although technically the packaging can live outside of 
> crosstool-ng proper).

Yes, packaging can live outside upstream.


Groeten
Geert Stappers
Who will do follow-up on this e-mail with empty CC list
-- 
Leven en laten leven


signature.asc
Description: Digital signature

Bug#863160: DDPO: Packages erroneously listed under experimental

2017-05-22 Thread Adam D. Barratt

On Mon, 2017-05-22 at 21:02 +0200, Dr. Tobias Quathamer wrote:
> I've noticed that some packages on the DDPO website are erroneously 
> listed with an experimental version.

That depends on your definition of erroneous. The source packages /are/
listed in experimental's Sources file, because:

> Here are some examples, taken from
> .
> 
> 
> 1. Package golang-github-pelletier-go-buffruneio
> (listed in section "main"):
> 
> The package is shown with the version "0.0~git20160124.0.df1e16f-1" for 
> testing, unstable, and experimental, although it was never part of 
> experimental.

Package: golang-github-pelletier-go-buffruneio
Binary: golang-github-pelletier-go-buffruneio-dev
Version: 0.0~git20160124.0.df1e16f-1
...
Extra-Source-Only: yes

and this is the result of

Package: gobgpd
Source: gobgp
Version: 1.18-1
Installed-Size: 27540
Maintainer: Debian Go Packaging Team 

Architecture: amd64
Built-Using: golang-1.7 (= 1.7.4-2), golang-fsnotify (= 1.4.2-1), 
golang-github-armon-go-radix (= 0.0~git20150602.0.fbd82e8-1), 
golang-github-hashicorp-hcl (= 0.0~git20161215.0.80e628d-1), 
golang-github-magiconair-properties (= 1.7.0-2), 
golang-github-mitchellh-mapstructure (= 0.0~git20161204.0.5a0325d-1), 
golang-github-pelletier-go-buffruneio (= 0.0~git20160124.0.df1e16f-1), ...

Regards,

Adam

Bug#860963: e2guardian does not start automatically at system startup

2017-05-22 Thread Mike Gabriel


Hi Peter,

On  Sa 22 Apr 2017 20:46:00 CEST, Peter Tuharsky wrote:


Package: e2guardian
Version: 3.4.0.3-1
Severity: important

Dear Maintainer,

I'm attempting to run e2guardian. I have succesfully installed the  
package, set

up configuration so that it can be started manually using the script in
/etc/init.d and it works.

However, the daemon does not start during system startup. I even don't see a
line in syslog.

What could be wrong?


If your system has "systemd" has PID 1, then use

  systemctl enable e2guardian

to enable e2guardian at boot time. Does that help?

If you have "init" as PID 1, try

  update-rc.d e2guardian defaults

Both commands need root priveleges.

Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgprSt3_K1HYN.pgp
Description: Digitale PGP-Signatur

Bug#863160: DDPO: Packages erroneously listed under experimental

2017-05-22 Thread Mattia Rizzolo

Control: retitle -1 DDPO should filter out packages with Extra-Source-Only:yes
Control: user qa.debian@packages.debian.org
Control: usertag -1 ddpo

On Mon, May 22, 2017 at 09:02:27PM +0200, Dr. Tobias Quathamer wrote:
> I've noticed that some packages on the DDPO website are erroneously listed
> with an experimental version.
> 
> Here are some examples, taken from
> .
> 
> 
> 1. Package golang-github-pelletier-go-buffruneio
>(listed in section "main"):
> 
> The package is shown with the version "0.0~git20160124.0.df1e16f-1" for
> testing, unstable, and experimental, although it was never part of
> experimental.

Before anyone wonders, this is a case of ESO; from experimental's
Sources:

Package: golang-github-pelletier-go-buffruneio
Binary: golang-github-pelletier-go-buffruneio-dev
Version: 0.0~git20160124.0.df1e16f-1
Maintainer: Debian Go Packaging Team 

Uploaders: Dr. Tobias Quathamer 
Build-Depends: debhelper (>= 10), dh-golang, golang-any
Architecture: all
Standards-Version: 3.9.8
Format: 3.0 (quilt)
Files:
 0c5a8583aafb33c1b585fbbce55bc877 2446 
golang-github-pelletier-go-buffruneio_0.0~git20160124.0.df1e16f-1.dsc
 5659c7dcae1914fd18d08082400a8ac1 2712 
golang-github-pelletier-go-buffruneio_0.0~git20160124.0.df1e16f.orig.tar.xz
 e21a083729b4aabb5123170ecaa6d4b0 1696 
golang-github-pelletier-go-buffruneio_0.0~git20160124.0.df1e16f-1.debian.tar.xz
Vcs-Browser: 
https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-pelletier-go-buffruneio.git
Vcs-Git: 
https://anonscm.debian.org/git/pkg-go/packages/golang-github-pelletier-go-buffruneio.git
Checksums-Sha256:
 77c9f8ada17f5204c88c6541660b5bf7d739206e16f1cccd8d72cb59fa4f4b6f 2446 
golang-github-pelletier-go-buffruneio_0.0~git20160124.0.df1e16f-1.dsc
 8f65722d8509e887ffc81e176f5e25bbedf67b91e33e308248535e575746e0e6 2712 
golang-github-pelletier-go-buffruneio_0.0~git20160124.0.df1e16f.orig.tar.xz
 5400ed4dad2b888c0c5841c59c99aeb6f1c7b661dec13eae76dbe94e0208362e 1696 
golang-github-pelletier-go-buffruneio_0.0~git20160124.0.df1e16f-1.debian.tar.xz
Homepage: https://github.com/pelletier/go-buffruneio
Go-Import-Path: github.com/pelletier/go-buffruneio
Package-List: 
 golang-github-pelletier-go-buffruneio-dev deb devel extra arch=all
Extra-Source-Only: yes
Directory: pool/main/g/golang-github-pelletier-go-buffruneio
Priority: extra
Section: misc

> 2. Package golang-github-pelletier-go-toml
> 3. Package golang-github-spf13-viper
> 4. Package golang-google-api

same.

> I've tried to look into the source code for that page, but in the end, I got
> stuck. It seems to me that the PHP script (developer.php) is correct, but it
> gets the wrong data.

It doesn't get wrong data, it should just filter ESO packages out.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

signature.asc
Description: PGP signature

Bug#863163: ITP: jinja2-mode -- Emacs major mode for editing jinja2 code

2017-05-22 Thread Lev Lamberov

Package: wnpp
Owner: Lev Lamberov 
Severity: wishlist

* Package name: jinja2-mode
  Version : 0.2
  Upstream Author : Florian Mounier 
* URL or Web page : https://github.com/paradoxxxzero/jinja2-mode
* License : GPL-3+
  Programming Lang: Emacs Lisp
  Description : Emacs major mode for editing jinja2 code

The package provides an Emacs major mode for jinja2 with:

 - syntax highlighting
 - sgml/html integration
 - indentation (working with sgml)

Bug#863164: ITP: pydub -- Manipulate audio with a simple and easy high level interface

2017-05-22 Thread Josue Ortega

Package: wnpp
Severity: wishlist
Owner: Josue Ortega 

*Package name: pydub
 Version: 0.19.0
 Upstream Author: James Robert 
*URL: http://pydub.com/
*Licence: MIT
Programming Lang: Python
Description: Manipulate audio with a simple and easy high level interface

---
Josue Ortega
«Happy Hacking»
http://josueortega.org

signature.asc
Description: PGP signature

Bug#862855: e2guardian: Google Chrome changed certificate requirements making mitm unusable

2017-05-22 Thread Mike Gabriel


Hi Jose,

On  Mi 17 Mai 2017 19:11:53 CEST, JoseTorres wrote:


Package: e2guardian
Version: 3.4.0.3
Severity: important

Dear Maintainer,

Please refer to e2guardian github Issues:
https://github.com/e2guardian/e2guardian/issues/216
Bug was fixed in e2guardian v 4.1


I left a comment with the upstream bug #216. Hopefully, someone from  
upstream makes another backport to the 3.4 branch.


Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpOQ7cKaw9lJ.pgp
Description: Digitale PGP-Signatur

Bug#846549: Packer 1.0 available

2017-05-22 Thread Michael-John Turner


Hi,

Things have moved on since this bug report - Packer 1.0 is now available 
(and has been since the beginning of April, 2017).


An updated package would be great :)

Cheers, MJ 
--
Michael-John Turner * m...@mjturner.net * http://mjturner.net/

Bug#863162: ksmtuned: Should this be a native package?

2017-05-22 Thread Michael-John Turner


Package: ksmtuned
Version: 4.20150325+b1
Severity: minor

ksmtuned is currently packaged as a native Debian package. Is this
correct?

The mentors FAQ[1] suggests perhaps not:
Default to making packages non-native. You should only use a native
Debian package when it is clear that the package would not be useful
outside the context of a Debian system, and would never be distributed
except packaged for Debian or its derivatives.

[1] 
https://wiki.debian.org/DebianMentorsFaq#What_is_the_difference_between_a_native_Debian_package_and_a_non-native_package.3F

Cheers, MJ

-- System Information:
Debian Release: 8.8
 APT prefers stable
 APT policy: (990, 'stable'), (750, 'testing'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#863161: unblock: debconf/1.5.61

2017-05-22 Thread Colin Watson

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock debconf 1.5.61.  As explained by Niko in #863071, this
prepares the ground for Perl 5.26, to simplify future stretch -> buster
upgrades.

diff -Nru debconf-1.5.60/Debconf/TmpFile.pm debconf-1.5.61/Debconf/TmpFile.pm
--- debconf-1.5.60/Debconf/TmpFile.pm   2011-02-02 00:08:31.0 +
+++ debconf-1.5.61/Debconf/TmpFile.pm   2017-05-21 18:04:56.0 +0100
@@ -10,6 +10,7 @@
 use strict;
 use IO::File;
 use Fcntl;
+use File::Temp;
 
 =head1 DESCRIPTION
 
@@ -32,8 +33,7 @@
 sub open {
my $fh; # will be autovivified
my $ext=shift || '';
-   do { $filename=POSIX::tmpnam().$ext }
-   until sysopen($fh, $filename, O_WRONLY|O_TRUNC|O_CREAT|O_EXCL, 0600);
+   ($fh, $filename) = File::Temp::tempfile(SUFFIX => $ext);
return $fh;
 }
 
diff -Nru debconf-1.5.60/debian/changelog debconf-1.5.61/debian/changelog
--- debconf-1.5.60/debian/changelog 2017-01-20 12:58:59.0 +
+++ debconf-1.5.61/debian/changelog 2017-05-21 18:08:30.0 +0100
@@ -1,3 +1,11 @@
+debconf (1.5.61) unstable; urgency=medium
+
+  [ Niko Tyni ]
+  * Use File::Temp instead of the deprecated POSIX::tmpnam() in
+Debconf::TmpFile (closes: #863071).
+
+ -- Colin Watson   Sun, 21 May 2017 18:08:30 +0100
+
 debconf (1.5.60) unstable; urgency=medium
 
   [ Christian Perrier ]
diff -Nru debconf-1.5.60/debian/control debconf-1.5.61/debian/control
--- debconf-1.5.60/debian/control   2016-01-27 10:59:07.0 +
+++ debconf-1.5.61/debian/control   2017-05-21 18:07:55.0 +0100
@@ -12,7 +12,7 @@
 
 Package: debconf
 Priority: important
-Pre-Depends: perl-base (>= 5.6.1-4)
+Pre-Depends: perl-base (>= 5.20.1-3~)
 Conflicts: cdebconf (<< 0.96), debconf-tiny, apt (<< 0.3.12.1), menu (<= 
2.1.3-1), dialog (<< 0.9b-20020814-1), whiptail (<< 0.51.4-11), whiptail-utf8 
(<= 0.50.17-13), debconf-utils (<< 1.3.22)
 Provides: debconf-2.0
 Replaces: debconf-tiny

unblock debconf/1.5.61

-- 
Colin Watson   [cjwat...@debian.org]


signature.asc
Description: Digital signature

Bug#863154: dbconfig-common: dbc_sql_substitution should be evaluated on upgrades, not only on installations

2017-05-22 Thread Paul Gevers

Hi Jörg,

On 22-05-17 20:46, Jörg Steffens wrote:
> we are using dbconfig-common for packaging Bareos.

Great.

> It would help us, if dbconfig-common would also evaluate the
> dbc_sql_substitution setting on upgrades, not only on installs.

Sounds good (without any investigation on my part)

> A patch for this functionality is included.

Great. Except that because dbconfig is implemented in sh, you need to
check the exit value of every command line (and no, set -e doesn't
guarantee that already; that is why all these "|| return $?" are there).

> If you decide *NOT* to include it, please update the documentation for
> dbc_sql_substitution, so people get aware, that this behavior is intended.

Will do, but I expect that won't be needed.

> My current workaround is to run scripts/upgrade/NUMBER, which uses dbconfig-
> generate-include to create data/upgrade-dbadmin/NUMBER.

Looks ugly.

> Of course, this requires that dbconfig-common continues to executes upgrades 
> in
> this order (scripts/upgrade, data/upgrade-dbadmin, data/upgrade), which is not
> guranteed. Please consider to keep this order, as we use build Bareos also for
> older distributions (Debian 7, Ubuntu 12.04).

I should probably document the order. I think multiple things are
relying on it albeit the documentation says it can change.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#863158: perftest FTBFS on mips*/armel/armhf: get_cycles not implemented for this architecture

2017-05-22 Thread Adrian Bunk

Source: perftest
Version: 3.4+0.6.gc3435c2-1
Severity: important

https://buildd.debian.org/status/package.php?p=perftest

...
make  all-am
make[2]: Entering directory '/«BUILDDIR»/perftest-3.4+0.6.gc3435c2'
gcc -DHAVE_CONFIG_H -I.   -Wdate-time -D_FORTIFY_SOURCE=2  -g -Wall 
-D_GNU_SOURCE -O3 -g -O2 
-fdebug-prefix-map=/«BUILDDIR»/perftest-3.4+0.6.gc3435c2=. 
-fstack-protector-strong -Wformat -Werror=format-security -c -o src/get_clock.o 
src/get_clock.c
In file included from /usr/include/arm-linux-gnueabihf/sys/time.h:21:0,
 from src/get_clock.c:43:
/usr/include/features.h:148:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE 
are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
 # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
   ^~~
In file included from src/get_clock.c:48:0:
src/get_clock.h:101:2: warning: #warning get_cycles not implemented for this 
architecture: attempt asm/timex.h [-Wcpp]
 #warning get_cycles not implemented for this architecture: attempt asm/timex.h
  ^~~
src/get_clock.h:102:23: fatal error: asm/timex.h: No such file or directory
 #include 
   ^
compilation terminated.
Makefile:786: recipe for target 'src/get_clock.o' failed
make[2]: *** [src/get_clock.o] Error 1

Bug#863159: zstd: New upstream version with multithreading support

2017-05-22 Thread Andreas Kotes

Package: zstd
Version: 1.1.2-1
Severity: wishlist

Dear Maintainer,

https://github.com/facebook/zstd/releases has a new release (1.2.0),
sporting Multi-Threading support directly in zstd (instead of just via
pzst), making it worth bugging you about it for a moment *cough* :)

The code present there can also far either be dpkg-buildpackaged on
older Debian & Ubuntu versions, making this a very selfish ask ...

Please consider packaging it sometime soon - thank you :)

Thanks in advance!

  count

-- System Information:
Debian Release: 8.8
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages zstd depends on:
ii  libc6   2.24-10
ii  libgcc1 1:6.3.0-18
ii  libstdc++6  6.3.0-18
ii  libzstd11.1.2-1

zstd recommends no packages.

zstd suggests no packages.

-- no debconf information

-- 
Andreas 'count' Kotes
Taming computers for humans since 1990.
"Don't ask what the world needs. Ask what makes you come alive, and go do it.
Because what the world needs is people who have come alive." -- Howard Thurman

Bug#863160: DDPO: Packages erroneously listed under experimental

2017-05-22 Thread Dr. Tobias Quathamer


Package: qa.debian.org
Severity: minor

Dear Maintainer,

I've noticed that some packages on the DDPO website are erroneously 
listed with an experimental version.


Here are some examples, taken from
.


1. Package golang-github-pelletier-go-buffruneio
   (listed in section "main"):

The package is shown with the version "0.0~git20160124.0.df1e16f-1" for 
testing, unstable, and experimental, although it was never part of 
experimental.



2. Package golang-github-pelletier-go-toml
   (listed in section "main"):

Same as above with a different version, of course.


3. Package golang-github-spf13-viper
   (listed in section "Sponsored/other uploads"):

The package is shown with "0.0~git20161213.0.5ed0fc3-3" in testing and 
unstable, and also with a *lower* version "0.0~git20161213.0.5ed0fc3-2" 
in experimental. The package was never part of experimental.



4. Package golang-google-api
   (listed in section "Sponsored/other uploads"):

Same as above, *lower* version in experimental than unstable.


I've tried to look into the source code for that page, but in the end, I 
got stuck. It seems to me that the PHP script (developer.php) is 
correct, but it gets the wrong data.


I think the file /srv/qa.debian.org/data/ddpo/results/archive.db on 
qa.debian.org already has the wrong data, but I was not able to really 
understand and debug the perl script "extract_archive.pl".


I hope someone (myon?) can have a look and
maybe spot an obvious bug ... :-)

Regards,
Tobias



signature.asc
Description: OpenPGP digital signature

Bug#863157: ITP: curvedns -- DNS/DNSCurve forwarding name server

2017-05-22 Thread Stéphane Neveu

Package: wnpp
Severity: wishlist
Owner: Stephane Neveu 

Dear mentors,

I am looking for a sponsor for my package "curvedns"

* Package name: curvedns
  Version : 0.87-1
  Upstream Author :  Harm Van Tilborg, Jeroen Scheerder, Lieuwe Jan Koning
* URL : http://curvedns.on2it.net/ [1]
* License : BSD-2-clause
  Programming Lang: C
  Section :  Net
  Description :  DNS/DNSCurve forwarding name server

It builds those binary packages:

curvedns : DNS/DNSCurve forwarding name server
curvedns-keygen :  Generates a keypair for curvedns
To access further information about this package, please visit the
following  URL:

https://mentors.debian.net/package/curvedns [2]

Alternatively, one can download the package with dget using this
command:

dget -x 
https://mentors.debian.net/debian/pool/main/c/curvedns/curvedns_0.87-1.dsc

Regards,

Bug#863147: gnutls28: GNU Guile bindings are missing

2017-05-22 Thread Andreas Metzler

Control: tags -1 wontfix

On 2017-05-22 Dmitry Alexandrov <321...@gmail.com> wrote:
> Source: gnutls28
> Version: 3.5.8-5
> Severity: normal

> Dear Maintainers, this is a thing you are undoubtedly aware of, however
> I have to report it as an issue at least for the sake of googleability.

> Providing Guile bindings for GNUTLS (‘guile-gnutls’ package) was dropped
> [0] more than a year ago due to issues [1][2] with building farm and it
> is no longer available till today.

> May I hope that you will give that package a next try?

> [0] 
> https://anonscm.debian.org/git/pkg-gnutls/gnutls.git/commit/?id=ebb7130b47dc08311c1de2c189758a73bbaeca27
> [1] https://bugs.debian.org/805863
> [2] https://bugs.debian.org/821457

I do not expect so. The reason for removal was never fixed.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#863156: lrzip: CVE-2017-8842: divide-by-zero in bufRead::get

2017-05-22 Thread Salvatore Bonaccorso

Source: lrzip
Version: 0.631-1
Severity: important
Tags: upstream security
Forwarded: https://github.com/ckolivas/lrzip/issues/66

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8842[0]:
| The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in
| lrzip 0.631 allows remote attackers to cause a denial of service
| (divide-by-zero error and application crash) via a crafted archive.

ASAN_OPTIONS="detect_leaks=0" ./lrzip -t /root/poc/00228-lrzip-fpe-bufRead-get 
Decompressing...
ASAN:DEADLYSIGNAL
=
==14170==ERROR: AddressSanitizer: FPE on unknown address 0x00459dca (pc 
0x00459dca bp 0x7f0defc37a90 sp 0x7f0defc37a70 T1)
#0 0x459dc9 in bufRead::get() libzpaq/libzpaq.h:468
#1 0x44de34 in libzpaq::Decompresser::findBlock(double*) 
libzpaq/libzpaq.cpp:1236
#2 0x44e45b in libzpaq::decompress(libzpaq::Reader*, libzpaq::Writer*) 
libzpaq/libzpaq.cpp:1363
#3 0x445c2c in zpaq_decompress libzpaq/libzpaq.h:538
#4 0x428c2e in zpaq_decompress_buf stream.c:453
#5 0x430e60 in ucompthread stream.c:1534
#6 0x7f0e456a6493 in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#7 0x7f0e44b4c93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE libzpaq/libzpaq.h:468 in bufRead::get()
Thread T1 created by T0 here:
#0 0x7f0e45f38f59 in __interceptor_pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
#1 0x4267f8 in create_pthread stream.c:133
#2 0x4325f0 in fill_buffer stream.c:1673
#3 0x4333d5 in read_stream stream.c:1755
#4 0x421d21 in read_u8 runzip.c:55
#5 0x422983 in read_header runzip.c:144
#6 0x423fd2 in runzip_chunk runzip.c:314
#7 0x4244a8 in runzip_fd runzip.c:382
#8 0x411378 in decompress_file lrzip.c:826
#9 0x409b39 in main main.c:669
#10 0x7f0e44a842b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

==14170==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8842
[1] https://github.com/ckolivas/lrzip/issues/66

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#863155: lrzip: CVE-2017-8843: NULL pointer dereference in join_pthread

2017-05-22 Thread Salvatore Bonaccorso

Source: lrzip
Severity: important
Tags: upstream security
Forwarded: https://github.com/ckolivas/lrzip/issues/69

Hi,

the following vulnerability was published for lrzip. Filling this to
track upstream development and possible fix.

CVE-2017-8843[0]:
| The join_pthread function in stream.c in liblrzip.so in lrzip 0.631
| allows remote attackers to cause a denial of service (NULL pointer
| dereference and application crash) via a crafted archive.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8843
[1] https://github.com/ckolivas/lrzip/issues/69

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#856351: parse_vt_settings: Cannot open /dev/tty0 (Permission denied)

2017-05-22 Thread Harald Dunkel

Any news on this?

Motivated by #862706 I kicked out my nvidia graphics card in my PC
at home and gave Intel graphics a try, just to find out that I am
struck by this problem again. Even worse, startx doesn't work, either.
Installing and reinstalling xserver-xorg-legacy didn't help :-(.

Sorry to say, but my PC in the office (Testing) with proprietary
nvidia driver installed is not affected.


Regards
Harri

Bug#863154: dbconfig-common: dbc_sql_substitution should be evaluated on upgrades, not only on installations

2017-05-22 Thread Jörg Steffens

Package: dbconfig-common
Version: 2.0.4ubuntu1
Severity: wishlist
Tags: upstream patch

Dear Maintainer,

we are using dbconfig-common for packaging Bareos.

It would help us, if dbconfig-common would also evaluate the
dbc_sql_substitution setting on upgrades, not only on installs.

A patch for this functionality is included.

If you decide *NOT* to include it, please update the documentation for
dbc_sql_substitution, so people get aware, that this behavior is intended.

My current workaround is to run scripts/upgrade/NUMBER, which uses dbconfig-
generate-include to create data/upgrade-dbadmin/NUMBER.

Of course, this requires that dbconfig-common continues to executes upgrades in
this order (scripts/upgrade, data/upgrade-dbadmin, data/upgrade), which is not
guranteed. Please consider to keep this order, as we use build Bareos also for
older distributions (Debian 7, Ubuntu 12.04).



-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (700, 'xenial-updates'), (700, 'xenial'), (500, 'xenial-security')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-77-generic (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dbconfig-common depends on:
ii  debconf [debconf-2.0]  1.5.58ubuntu1
ii  ucf3.0036

dbconfig-common recommends no packages.

Versions of packages dbconfig-common suggests:
pn  dbconfig-mysql | dbconfig-pgsql | dbconfig-sqlite | dbconfig-sqlite  

-- debconf information excluded
>From a8b2829d63e9386925e21fd4b4819b52719ba15b Mon Sep 17 00:00:00 2001
From: Joerg Steffens 
Date: Mon, 22 May 2017 16:20:30 +0200
Subject: [PATCH 1/2] evaluate dbc_sql_substitution also on upgrades

Until now, dbc_sql_substitution has only be evaluated on installations.
This changes uses it also for sql upgrades.
---
 dpkg/postinst | 22 +++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/dpkg/postinst b/dpkg/postinst
index 6e54c3b..dfeb4c1 100644
--- a/dpkg/postinst
+++ b/dpkg/postinst
@@ -409,7 +409,7 @@ _dbc_find_upgrades(){
 ## be applied, that is assumed to have been done by _dbc_find_upgrades().
 ##
 _dbc_apply_upgrades(){
-local f vers sqlfile admsqlfile scriptfile
+local f vers sqlfile admsqlfile scriptfile tsubstfile error_msg_upgrade
 _dbc_debug "_dbc_apply_upgrades() $@"
 # check for new upgrades in these three locations
 vers="$1"
@@ -432,14 +432,30 @@ _dbc_apply_upgrades(){
 _dbc_asuser=""
 if [ -f "$admsqlfile" ]; then
 dbc_logline "applying upgrade admin sql for $dbc_oldversion -> $vers"
-$dbc_sqlfile_cmd $admsqlfile || dbc_upgrade_error "processing $admsqlfile" || return $?
+tsubstfile=$admsqlfile
+error_msg_upgrade="processing $admsqlfile"
+if [ "$dbc_sql_substitutions" ]; then
+tsubstfile=$(dbc_mktemp)
+/usr/sbin/dbconfig-generate-include -f template -o template_infile=$admsqlfile $dbc_packageconfig > $tsubstfile
+error_msg_upgrade="processing $admsqlfile (translated: $tsubstfile)"
+fi
+$dbc_sqlfile_cmd $tsubstfile || dbc_upgrade_error "$error_msg_upgrade" || return $?
+[ "$dbc_sql_substitutions" ] && rm -f $tsubstfile
 [ "$dbc_tried_again" ] && return 0
 fi
 
 if [ -f "$sqlfile" ]; then
 _dbc_asuser="yes"
 dbc_logline "applying upgrade sql for $dbc_oldversion -> $vers"
-$dbc_sqlfile_cmd $sqlfile || dbc_upgrade_error "processing $sqlfile" || return $?
+tsubstfile=$sqlfile
+error_msg_upgrade="processing $sqlfile"
+if [ "$dbc_sql_substitutions" ]; then
+tsubstfile=$(dbc_mktemp)
+/usr/sbin/dbconfig-generate-include -f template -o template_infile=$sqlfile $dbc_packageconfig > $tsubstfile
+error_msg_upgrade="processing $sqlfile (translated: $tsubstfile)"
+fi
+$dbc_sqlfile_cmd $tsubstfile || dbc_upgrade_error "$error_msg_upgrade" || return $?
+[ "$dbc_sql_substitutions" ] && rm -f $tsubstfile
 [ "$dbc_tried_again" ] && return 0
 _dbc_asuser=""
 fi
-- 
2.7.4

>From 19488752ee73aed132a9ce0a56c3ed65332b6cb6 Mon Sep 17 00:00:00 2001
From: Joerg Steffens 
Date: Mon, 22 May 2017 16:22:46 +0200
Subject: [PATCH 2/2] test dbc_sql_substitution on package upgrade

---
 examples/buildpackages.sh|   2 +-
 examples/db-test-pgsql-2.2/COPYING   | 340 +++
 examples/db-test-pgsql-2.2/README|  11 +
 examples/db-test-pgsql-2.2/debian/changelog  |  82 ++
 examples/db-test-pgsql-2.2/debian/compat |   1 +
 examples/db-test-pgsql-2.2/debian/config |  12 +
 examples/db-test-pgsql-2.2/debian/control|  15 +
 examples/db-test-pgsql-2.2/debian/copyright  |  25 ++

Bug#846548: marked as pending

2017-05-22 Thread Julien Cristau

On Mon, May 22, 2017 at 20:32:47 +0200, Julien Cristau wrote:

> On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:
> 
> > tag 846548 pending
> > thanks
> > 
> > Hello,
> > 
> > Bug #846548 reported by you has been fixed in the Git repository. You can
> > see the changelog below, and you can check the diff of the fix at:
> > 
> > https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> > 
> So, erm.  This seems like it would break using libengine-pkcs11-openssl
> in an application using libssl1.0.2.  As a SONAME bump it also seems
> rather inappropriate during the freeze.
> 
> I'm very interested in having this fixed in stretch so I can get the
> secure-boot stuff working on ftp-master, but this doesn't look like the
> way to go.  Not to mention that you'd have to justify the bump from
> 0.4.3 to 0.4.4.
> 
> Can you explain your plans here?
> 
I wonder if the only way out for stretch isn't to have two separate
source packages, one with an engine built for libssl1.0.2, and the other
for libssl1.1.

Cheers,
Julien

Bug#863153: lrzip: CVE-2017-8844: heap-based buffer overflow write in read_1g

2017-05-22 Thread Salvatore Bonaccorso

Source: lrzip
Version: 0.631-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ckolivas/lrzip/issues/70

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8844[0]:
| The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows
| remote attackers to cause a denial of service (heap-based buffer
| overflow and application crash) or possibly have unspecified other
| impact via a crafted archive.

./lrzip -t /root/poc/00232-lrzip-heapoverflow-read_1g 
Decompressing...
=
==13952==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x6020ef13 at pc 0x7fe0d6a35965 bp 0x7fff12b23c70 sp 0x7fff12b23420
WRITE of size 8 at 0x6020ef13 thread T0
#0 0x7fe0d6a35964 in read (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x48964)
#1 0x42aa75 in read_1g stream.c:731
#2 0x42ac71 in read_buf stream.c:774
#3 0x432110 in fill_buffer stream.c:1648
#4 0x4333d5 in read_stream stream.c:1755
#5 0x422073 in read_vchars runzip.c:79
#6 0x42304e in unzip_match runzip.c:208
#7 0x423d4b in runzip_chunk runzip.c:329
#8 0x4244a8 in runzip_fd runzip.c:382
#9 0x411378 in decompress_file lrzip.c:826
#10 0x409b39 in main main.c:669
#11 0x7fe0d55692b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#12 0x4032e9 in _start (/root/lrzip-0.631/lrzip+0x4032e9)

0x6020ef13 is located 0 bytes to the right of 3-byte region 
[0x6020ef10,0x6020ef13)
allocated by thread T0 here:
#0 0x7fe0d6aaed28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x431ff2 in fill_buffer stream.c:1643
#2 0x4333d5 in read_stream stream.c:1755
#3 0x422073 in read_vchars runzip.c:79
#4 0x42304e in unzip_match runzip.c:208
#5 0x423d4b in runzip_chunk runzip.c:329
#6 0x4244a8 in runzip_fd runzip.c:382
#7 0x411378 in decompress_file lrzip.c:826
#8 0x409b39 in main main.c:669
#9 0x7fe0d55692b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0x48964) in read
Shadow bytes around the buggy address:
  0x0c047fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9de0: fa fa[03]fa fa fa fd fd fa fa fd fa fa fa fd fd
  0x0c047fff9df0: fa fa 00 00 fa fa 04 fa fa fa 03 fa fa fa 05 fa
  0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:   fa
  Heap right redzone:  fb
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack partial redzone:   f4
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==13952==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8844
[1] https://github.com/ckolivas/lrzip/issues/70

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#863136: Acknowledgement (ITP: sphinx-autorun -- code execution extension for Sphinx)

2017-05-22 Thread Félix Sipma

The developer added a BSD-2-Clause license.


signature.asc
Description: PGP signature

Bug#863138: mirror submission for mirror.funkfreundelandshut.de

2017-05-22 Thread Bastian Blank

Control: retitle -1 mirror submission for mirror.funkfreundelandshut.de 
[tracefile-info syncscript non-standard-path]

Hi Christoph

Thank you for mirroring Debian.

However I have some questions about this listing.

On Mon, May 22, 2017 at 03:43:09PM +, Christoph van Bracht wrote:
> Submission-Type: new
> Site: mirror.funkfreundelandshut.de
> Aliases: repo.dl4ste.ampr.org

I believe this resolves to an internal IP of AMPRNet?

> Archive-architecture: amd64 armhf i386

We are a bit reluctant to list partial mirrors, especially in regions
with good coverage.

> Archive-http: /debian/
> CDImage-http: /debian-releases/

You may want to move that to /debian-cd/, like everyone else.

> Archive-upstream: mirror.netcologne.de
> CDImage-upstream: mirror.netcologne.de
> Updates: four
> Maintainer: Christoph van Bracht 

Is there more then one person behind this address?

> Trace Url: http://mirror.funkfreundelandshut.de/debian/project/trace/
> Trace Url: 
> http://mirror.funkfreundelandshut.de/debian/project/trace/ftp-master.debian.org
> Trace Url: 
> http://mirror.funkfreundelandshut.de/debian/project/trace/mirror.funkfreundelandshut.de

Please make sure you use the latest version of ftpsync[1].  We really
don't list new mirrors that have incomplete trace files.

Regards,
Bastian

[1]: http://ftp.debian.org/debian/project/ftpsync/ftpsync-current.tar.gz
-- 
Landru! Guide us!
-- A Beta 3-oid, "The Return of the Archons", stardate 3157.4

Bug#857986: [Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

2017-05-22 Thread Jonas Smedegaard

Quoting Pirate Praveen (2017-05-22 16:10:32)
> On തിങ്കള്‍ 22 മെയ് 2017 06:41 വൈകു, Jonas Smedegaard wrote:
>> ...for the _initial_ packaging work.
>> 
>> We are package *maintainers*.
>
> If you have not realized, we are discussing about maintaining an 
> existing package. I think you have also not realized the meaning of 
> team maintained packages. The person who did the initial package need 
> not be the maintainer of the packager for ever. When there is enough 
> interest in the package, it will remain maintained else it gets 
> removed.

Exactly: Packages poorly _maintained_ should be removed.  E.g. npm!

My point in previous post was that focusing only on the workload for 
_initial_ packaging masks the actual real workload, which is being 
discussed here!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#863151: lrzip: CVE-2017-8845: invalid memory read in lzo_decompress_buf

2017-05-22 Thread Salvatore Bonaccorso

Source: lrzip
Severity: important
Tags: upstream security
Forwarded: https://github.com/ckolivas/lrzip/issues/68

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8845[0]:
| The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in
| lrzip 0.631, allows remote attackers to cause a denial of service
| (invalid memory read and application crash) via a crafted archive.

Filling this downstream in the Debian BTS, with foward to the upstream
one so we can track any possible conclusion + fix.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8845
[1] https://github.com/ckolivas/lrzip/issues/68

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#863150: lrzip: CVE-2017-8846: use-after-free in read_stream (stream.c)

2017-05-22 Thread Salvatore Bonaccorso

Source: lrzip
Severity: important
Tags: security upstream
Forwarded: https://github.com/ckolivas/lrzip/issues/71

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8846[0]:
| The read_stream function in stream.c in liblrzip.so in lrzip 0.631
| allows remote attackers to cause a denial of service (use-after-free
| and application crash) via a crafted archive.

I'm not 100% certain I can confirm the issue on lrzip. There looks
there is definitively a possible issue, but I was not able to follow
the full code, to confirm. Thus filling for this one just a but with
the respective upstream reference. We might need to wait for the
upstream patch to confirm.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8846
[1] https://github.com/ckolivas/lrzip/issues/71

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#846548: marked as pending

2017-05-22 Thread Julien Cristau

On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:

> tag 846548 pending
> thanks
> 
> Hello,
> 
> Bug #846548 reported by you has been fixed in the Git repository. You can
> see the changelog below, and you can check the diff of the fix at:
> 
> https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> 
So, erm.  This seems like it would break using libengine-pkcs11-openssl
in an application using libssl1.0.2.  As a SONAME bump it also seems
rather inappropriate during the freeze.

I'm very interested in having this fixed in stretch so I can get the
secure-boot stuff working on ftp-master, but this doesn't look like the
way to go.  Not to mention that you'd have to justify the bump from
0.4.3 to 0.4.4.

Can you explain your plans here?

Thanks,
Julien

Bug#863149: libgpgmepp-dev: please split the qtgpgme(pp) stuff out

2017-05-22 Thread Rene Engelhard

Package: libgpgmepp-dev
Version: 1.8.0-3
Severity: wishlist

Hi,

# apt-cache show libgpgmepp-dev
Package: libgpgmepp-dev
Source: gpgme1.0 (1.8.0-3)
Version: 1.8.0-3+b2
Installed-Size: 3626
Maintainer: Debian GnuPG Maintainers 
Architecture: amd64
Replaces: kdepimlibs5-dev
Depends: libgpgmepp6 (= 1.8.0-3+b2), libqgpgme7 (= 1.8.0-3+b2), qtbase5-dev
 ^^
Recommends: libgpgmepp-doc (= 1.8.0-3+b2)
Breaks: kdepimlibs5-dev
Description: C++ and Qt bindings for GPGME (development files)
Description-md5: d409b90b546df24f9e29efdc20935e54
Homepage: https://www.gnupg.org/related_software/gpgme/
Tag: devel::library, role::devel-lib
Section: libdevel
Priority: optional
Filename: pool/main/g/gpgme1.0/libgpgmepp-dev_1.8.0-3+b2_amd64.deb
Size: 415202
MD5sum: 5509c6463400a5c90874e6aa47699a0b
SHA256: e8e5a6c4476097bf43ad92f27d50516c637d65d1e719dbd8ce865a3f436516e0

# apt-cache show libqgpgme7
Package: libqgpgme7
Source: gpgme1.0
Version: 1.9.0-2
Installed-Size: 1102
Maintainer: Debian GnuPG Maintainers 
Architecture: amd64
Depends: libassuan0 (>= 2.0.1), libc6 (>= 2.14), libgcc1 (>= 1:3.0), 
libgpg-error0 (>= 1.14), libgpgme11 (>= 1.1.2), libgpgmepp6 (>= 1.9.0), 
libqt5core5a (>= 5.9.0~beta), libstdc++6 (>= 5.2)
Description: library for GPGME integration with Qt
Description-md5: 0d569a713cd9a1fb2465f4dd9add5f06
Multi-Arch: same
Homepage: https://www.gnupg.org/related_software/gpgme/
Tag: role::shared-lib
Section: libs
Priority: optional
Filename: pool/main/g/gpgme1.0/libqgpgme7_1.9.0-2_amd64.deb
Size: 281176
MD5sum: 123161754815e3e54c9baf5dc7aee735
SHA256: 000b1416292629e33ba8e4be0e6ab9733cae93acc6f01af4c8d631820e6b37bb

Package: libqgpgme7
Source: gpgme1.0 (1.8.0-3)
Version: 1.8.0-3+b2
Installed-Size: 1071
Maintainer: Debian GnuPG Maintainers 
Architecture: amd64
Depends: libassuan0 (>= 2.0.1), libc6 (>= 2.14), libgcc1 (>= 1:3.0), 
libgpg-error0 (>= 1.14), libgpgme11 (>= 1.1.2), libgpgmepp6 (>= 1.8.0), 
libqt5core5a (>= 5.7.0), libstdc++6 (>= 5.2)

 
^^
Description: library for GPGME integration with Qt
Description-md5: 0d569a713cd9a1fb2465f4dd9add5f06
Multi-Arch: same
Homepage: https://www.gnupg.org/related_software/gpgme/
Tag: role::shared-lib
Section: libs
Priority: optional
Filename: pool/main/g/gpgme1.0/libqgpgme7_1.8.0-3+b2_amd64.deb
Size: 249492
MD5sum: 62848d7da08b6382fd4d9906b7e3da95
SHA256: a04c35af7517e72cf71865758659c2fd14a6efdbbb2c7e11927666556fea6422

I don't exactly like the Qt5 dependency.

While not being a problem per se it makes the build-dependency footprint of
stuff only using the non-Qt parts bigger than needed.

So far this was no issue since

# grep-dctrl -FDepends gpgmepp -sPackage 
/var/lib/apt/lists/httpredir.debian.org_debian_dists_unstable_main_binary-amd64_Packages
Package: libgpgmepp-dev
Package: libqgpgme7
Package: libkf5gpgmepp-dev
Package: libkf5qgpgme5
Package: kaddressbook
Package: kmail
Package: libkf5messagecomposer5
Package: libkf5messageviewer5
Package: kleopatra
Package: libkf5wallet-bin
Package: libkwalletbackend5-5
Package: libkf5libkleo-dev
Package: libkf5libkleo5

(only KDE5 stuff using Qt5 anyways.)

but starting from LibreOffice 5.4 we have libreoffice-core having a
build-dependency on libgpgmepp-dev and LibreOffice (still, yes, I consider
that a bug, but..) uses Qt4/KDE for -kde, not Qt5.

Can the qgpgme(pp) stuff split out to an own -dev (As was already done
with the library itself.) and only that one be made depedant on libqgpgme7?
( This would probably require a transition and the above apps changing their
Build-Depends:, but..)

Regards,

Rene

Bug#863148: unblock: shadow/1:4.4-4.1

2017-05-22 Thread Salvatore Bonaccorso

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi

Please unblock package shadow

It fixes a regression introduced in the last upload, from the fix for
CVE-2017-2616. If su recieves a signal like SIGTERM, it was not
propagated to the child.

Changelog:

+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+This is a regression fix for CVE-2017-2616. If su receives a signal like
+SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso   Wed, 17 May 2017 13:59:59 +0200

unblock shadow/1:4.4-4.1

Regards,
Salvatore
diff -Nru shadow-4.4/debian/changelog shadow-4.4/debian/changelog
--- shadow-4.4/debian/changelog 2017-02-24 01:50:13.0 +0100
+++ shadow-4.4/debian/changelog 2017-05-17 13:59:59.0 +0200
@@ -1,3 +1,12 @@
+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+This is a regression fix for CVE-2017-2616. If su receives a signal like
+SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso   Wed, 17 May 2017 13:59:59 +0200
+
 shadow (1:4.4-4) unstable; urgency=high
 
   * su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
diff -Nru 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
--- 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
  1970-01-01 01:00:00.0 +0100
+++ 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
  2017-05-17 13:59:59.0 +0200
@@ -0,0 +1,29 @@
+From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 14 May 2017 17:58:10 +0200
+Subject: [PATCH] Reset pid_child only if waitpid was successful.
+
+Do not reset the pid_child to 0 if the child process is still
+running. This else-condition can be reached with pid being -1,
+therefore explicitly test this condition.
+
+This is a regression fix for CVE-2017-2616. If su receives a
+signal like SIGTERM, it is not propagated to the child.
+
+Reported-by: Radu Duta 
+Signed-off-by: Tobias Stoeckmann 
+---
+ src/su.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/su.c
 b/src/su.c
+@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
+   /* wake child when resumed */
+   kill (pid, SIGCONT);
+   stop = false;
+-  } else {
++  } else if (   (pid_t)-1 != pid) {
+   pid_child = 0;
+   }
+   } while (!stop);
diff -Nru shadow-4.4/debian/patches/series shadow-4.4/debian/patches/series
--- shadow-4.4/debian/patches/series2017-02-24 01:50:13.0 +0100
+++ shadow-4.4/debian/patches/series2017-05-17 13:59:59.0 +0200
@@ -6,6 +6,8 @@
 0006-French-manpage-translation.patch
 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
 0008-su-properly-clear-child-PID.patch
+301-Reset-pid_child-only-if-waitpid-was-successful.patch
+
 # These patches are only for the testsuite:
 #900_testsuite_groupmems
 #901_testsuite_gcov

Bug#863147: gnutls28: GNU Guile bindings are missing

2017-05-22 Thread Dmitry Alexandrov

Source: gnutls28
Version: 3.5.8-5
Severity: normal

Dear Maintainers, this is a thing you are undoubtedly aware of, however
I have to report it as an issue at least for the sake of googleability.

Providing Guile bindings for GNUTLS (‘guile-gnutls’ package) was dropped
[0] more than a year ago due to issues [1][2] with building farm and it
is no longer available till today.

May I hope that you will give that package a next try?

[0] 
https://anonscm.debian.org/git/pkg-gnutls/gnutls.git/commit/?id=ebb7130b47dc08311c1de2c189758a73bbaeca27
[1] https://bugs.debian.org/805863
[2] https://bugs.debian.org/821457

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Bug#863146: [libreoffice-kde] Menu graphics corrupted (breeze style)

2017-05-22 Thread B.M.

Package: libreoffice-kde
Version: 1:5.2.7-1
Severity: normal

libreoffice-style-breeze is installed.

If libreoffice-kde is not installed, no KDE dialogs are used (as expected), but 
the menus look correct.
If libreoffice-kde is installed, KDE dialogs are used (as expected), but the 
menus are somehow corrupted, please see the two attachments to understand what 
I mean.


--- System information. ---
Architecture: 
Kernel:   Linux 4.9.0-3-amd64

Debian Release: 9.0
  500 testing security.debian.org 
  500 testing ftp.ch.debian.org 

--- Package information. ---
Depends (Version) | Installed
=-+-=
libreoffice-core(= 1:5.2.7-1) | 1:5.2.7-1
kde-runtime   (>> 4:4.10) | 4:16.08.3-2
libc6(>= 2.4) | 2.24-10
libgcc1(>= 1:3.0) | 1:6.3.0-18
libgl1-mesa-glx   | 13.0.6-1+b2
 OR libgl1| 
libglew2.0(>= 1.12.0) | 2.0.0-3+b1
libglib2.0-0  (>= 2.15.0) | 
libglu1-mesa  | 
 OR libglu1   | 
libice6  (>= 1:1.0.0) | 
libicu57 (>= 57.1-1~) | 
libkdecore5  (>= 4:4.3.4) | 
libkdeui5(>= 4:4.3.4) | 
libkfile4(>= 4:4.3.4) | 
libkio5  (>= 4:4.3.4) | 
libqt4-network (>= 4:4.8) | 
libqtcore4 (>= 4:4.8) | 
libqtgui4(>= 4:4.8.0) | 
libsm6| 
libstdc++6 (>= 5) | 
libx11-6  | 
libxext6  | 
uno-libs3(>= 4.4.0~alpha) | 
ure   | 


Recommends(Version) | Installed
===-+-===
libreoffice-style-breeze| 1:5.2.7-1


Suggests   (Version) | Installed
-+-===
kmail| 4:16.04.3-3
konqueror| 4:16.08.3-1

Bug#863145: lrzip: CVE-2017-8847: NULL pointer dereference in bufRead::get

2017-05-22 Thread Salvatore Bonaccorso

Source: lrzip
Version: 0.631-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ckolivas/lrzip/issues/67

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8847[0]:
| The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in
| lrzip 0.631 allows remote attackers to cause a denial of service (NULL
| pointer dereference and application crash) via a crafted archive.

./lrzip -t /root/poc/00229-lrzip-nullptr-bufRead-get 
Decompressing...
Inconsistent length after decompression. Got 0 bytes, expected 2
ASAN:DEADLYSIGNAL
=
==15340==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 
0x00459ef1 bp 0x7f4bf3031a90 sp 0x7f4bf3031a70 T2)
#0 0x459ef0 in bufRead::get() libzpaq/libzpaq.h:485
#1 0x44de34 in libzpaq::Decompresser::findBlock(double*) 
libzpaq/libzpaq.cpp:1236
#2 0x44e45b in libzpaq::decompress(libzpaq::Reader*, libzpaq::Writer*) 
libzpaq/libzpaq.cpp:1363
#3 0x445c2c in zpaq_decompress libzpaq/libzpaq.h:538
#4 0x428c2e in zpaq_decompress_buf stream.c:453
#5 0x430e60 in ucompthread stream.c:1534
#6 0x7f4c48e05493 in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#7 0x7f4c482ab93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libzpaq/libzpaq.h:485 in bufRead::get()
Thread T2 created by T0 here:
#0 0x7f4c49697f59 in __interceptor_pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
#1 0x4267f8 in create_pthread stream.c:133
#2 0x4325f0 in fill_buffer stream.c:1673
#3 0x4333d5 in read_stream stream.c:1755
#4 0x422b76 in unzip_literal runzip.c:162
#5 0x423ccb in runzip_chunk runzip.c:320
#6 0x4244a8 in runzip_fd runzip.c:382
#7 0x411378 in decompress_file lrzip.c:826
#8 0x409b39 in main main.c:669
#9 0x7f4c481e32b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

==15340==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8847

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#851143: systemd: doesn't use all the mount options from /etc/fstab when mounting on boot

2017-05-22 Thread Michael Biebl

Am 22.05.2017 um 18:49 schrieb Michael Biebl:
> The ExecMount shows that mount has apparently been called as
> /bin/mount 10.10.10.1:/mailstore /mail -t nfs -o
> context=system_u:object_r:mail_spool_t:s0,x-systemd.automount

What happens, if you run

umount /mail
mount 10.10.10.1:/mailstore /mail -t nfs -o 
context=system_u:object_r:mail_spool_t:s0,x-systemd.automount

Are the options correctly applied then?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#863108: RFS: minecraft-installer/0.1-1 [ITP] -- Unofficial way to easily install game

2017-05-22 Thread PICCORO McKAY Lenz

interesting, but seems more complicated in background download more
software rather than reall need! a complete JDK either a JRE!

i need a java runtime to play a game that its native compiled? sound
strange but in any case, user never be know right?

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

2017-05-22 10:45 GMT-04:00 Carlos Donizete Froes :

> Sorry for the noise. :-(
>>
>
> It's all right! I'm waiting for a sponsor for my package.
>
>
> Thanks!
>
>
> --
> ⢀⣴⠾⠻⢶⣦⠀ Carlos Donizete Froes [a.k.a coringao]
> ⣾⠁⢠⠒⠀⣿⡁ - https://wiki.debian.org/coringao
> ⢿⡄⠘⠷⠚⠋⠀ GPG: 4096R/B638B780
> ⠈⠳⣄⠀⠀⠀  2157 630B D441 A775 BEFF  D35F FA63 ADA6 B638 B780
>
>

Bug#863144: conky: seqfaults

2017-05-22 Thread Michael Rasmussen

Package: conky
Version: 1.10.6-1
Severity: important

Dear Maintainer,

Conky seqfaults after a while.

 *** Error in `conky': corrupted double-linked list: 0x55b3d50056e0 ***
=== Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7f76ab6b6bcb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7f76ab6bcf96]
/lib/x86_64-linux-gnu/libc.so.6(+0x7731c)[0x7f76ab6bd31c]
/lib/x86_64-linux-gnu/libc.so.6(+0x78cda)[0x7f76ab6becda]
/lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7f76ab6c0d84]
conky(_Z11do_gradientimm+0x65)[0x55b3d33e6a45]
conky(_Z20draw_each_line_innerPcii+0x1127)[0x55b3d33ed987]
conky(+0x3f554)[0x55b3d33ee554]
conky(+0x3fafa)[0x55b3d33eeafa]
conky(+0x414c1)[0x55b3d33f04c1]
conky(main+0x960)[0x55b3d33e19b0]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f76ab6662b1]
conky(_start+0x2a)[0x55b3d33e5faa]

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages conky depends on:
ii  conky-all  1.10.6-1

conky recommends no packages.

conky suggests no packages.

-- debconf-show failed



This mail was virus scanned and spam checked before delivery.
This mail is also DKIM signed. See header dkim-signature.

Bug#862355: Fixit

2017-05-22 Thread Mevludin Zeciri

Hi Debian can somebody fix this problem.

Bug#863081: getting crosstool-ng in Debian

2017-05-22 Thread Geert Stappers

On Sun, May 21, 2017 at 10:03:00PM +0200, Julien Cristau wrote:
> On Sun, May 21, 2017 at 16:19:51 +0200, Geert Stappers wrote:
> 
> > Package: release.debian.org
> > 
> > 
> > Hello Release team,
> > 
> > On getting package `crosstool-ng` in Debian,
> > where  ( {unstable|stable|exprimental} ) and
> > when ( {any time|after date } ) should it be uploaded?

where: unstable
when: any time


> > I'm asking now ( during freeze ) because
> > previous there was nothing to upload.  The ITP is
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721430
> > 
> > It is a new package that wouldn't break other packages.
> > 
> I have no idea what you're trying to ask, sorry.  This doesn't sound
> like it has anything to do with the release team.

Mostly asking for a clue ...

Meanwhile I understand that getting crosstool-ng in Debian
starts with an upload to unstable.
Freeze, or not, doesn't matter.  Old ITP neither.


> Cheers,
> Julien

Thanks


Groeten
Geert Stappers
-- 
Leven en laten leven

Bug#851143: systemd: doesn't use all the mount options from /etc/fstab when mounting on boot

2017-05-22 Thread Michael Biebl

Am 22.05.2017 um 16:35 schrieb Russell Coker:
> reopen 851143
> thanks
> 
>>> Could you attach the output of
>>> systemctl status mail.mount
>>> systemctl show mail.mount
>>
>> Since I don't have a selinux enabled system so I could try and reproduce
>> this and no further information was provided, I'm closing this bug report.
>>
>> Please reopen if you are available to debug this further.
> 
> Sorry for the delay in responding.  I've attached those files.
> 

The configuration you attached doesn't seem to match up.
E.g. the original fstab didn't have x-systemd.automount.


The ExecMount shows that mount has apparently been called as
/bin/mount 10.10.10.1:/mailstore /mail -t nfs -o
context=system_u:object_r:mail_spool_t:s0,x-systemd.automount

I.e. "context=system_u:object_r:mail_spool_t:s0" has been passed along
correctly.

Are you absolutely sure it was actually systemd which has mounted
/mailstore?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#863143: wicd pm script prevents wireless wake on lan (WoWLAN) from working

2017-05-22 Thread Scott Barker

Package: wicd
Version: 1.7.4+tb2-3
Severity: normal

Dear Maintainer,

The pm-utils script provided with wicd prevents wireless wake on lan from 
working:

  - /usr/lib/pm-utils/sleep.d/55wicd runs /usr/share/wicd/daemon/suspend.py

  - /usr/share/wicd/daemon/suspend.py invokes the Disconnect and SetSuspend 
methods
in /usr/share/wicd/daemon/wicd-daemon.py

  - The SetSuspend method in /usr/share/wicd/daemon/wicd-daemon.py also
invokes the Disconnect method in /usr/share/wicd/daemon/wicd-daemon.py

  - The Disconnect method in /usr/share/wicd/daemon/wicd-daemon.py invokes
the Wireless.Disconnect() method in 
/usr/lib/python2.7/dist-packages/wicd/networking.py

  - The Wireless.Disconnect() method in 
/usr/lib/python2.7/dist-packages/wicd/networking.py
takes down the wireless interface, which disassociates it from the
access point, making wireless wake on lan impossible.

Over-riding or blacklisting 55wicd fixes the problem, but it would probably
be better to change one of the python methods involved to check the state of
wireless wake on lan (as set by sudo iw phy0 wowlan enable ...) before
taking the interface down completely.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages wicd depends on:
ii  wicd-daemon 1.7.4+tb2-3
ii  wicd-gtk [wicd-client]  1.7.4+tb2-3

wicd recommends no packages.

wicd suggests no packages.

Versions of packages wicd-gtk depends on:
ii  python-glade2  2.24.0-5.1
ii  python-gtk22.24.0-5.1
pn  python:any 
ii  wicd-daemon1.7.4+tb2-3

Versions of packages wicd-gtk recommends:
ii  gksu   2.0.2-9+b1
pn  python-notify  

Versions of packages wicd-daemon depends on:
ii  adduser  3.115
ii  dbus 1.10.18-1
ii  debconf  1.5.60
ii  ethtool  1:4.8-1+b1
ii  iproute2 4.9.0-1
ii  iputils-ping 3:20161105-1
ii  isc-dhcp-client  4.3.5-3
ii  lsb-base 9.20161125
ii  net-tools1.60+git20161116.90da8a0-1
ii  psmisc   22.21-2.1+b2
ii  python-dbus  1.2.4-1+b1
ii  python-gobject   3.22.0-2
ii  python-wicd  1.7.4+tb2-3
pn  python:any   
ii  wireless-tools   30~pre9-12+b1
ii  wpasupplicant2:2.4-1

Versions of packages wicd-daemon recommends:
ii  rfkill  0.5-1+b1
ii  wicd-gtk [wicd-client]  1.7.4+tb2-3

Versions of packages wicd-daemon suggests:
ii  pm-utils  1.4.1-17

Versions of packages python-wicd depends on:
pn  python:any  

-- debconf information:
* wicd/users:

Bug#863142: eclipse-titan FTBFS on arm*/ppc64el/s390x: fatal error: RT1/PreGenRecordOf.hh: No such file or directory

2017-05-22 Thread Adrian Bunk

Source: eclipse-titan
Version: 6.1.0-1
Severity: important

https://buildd.debian.org/status/package.php?p=eclipse-titan

...
  (dep)  DebuggerUI.cc
In file included from DebuggerUI.cc:16:0:
Debugger.hh:23:33: fatal error: RT1/PreGenRecordOf.hh: No such file or directory
 #include "RT1/PreGenRecordOf.hh"
 ^
compilation terminated.
...

Bug#863140: libretro-desmume FTBFS everywhere except armhf and x86: src/utils/AsmJit/x86/x86cpuinfo.cpp:151:56: error: impossible constraint in asm

2017-05-22 Thread Adrian Bunk

Source: libretro-desmume
Version: 0.9.11+git20160819+dfsg1-1
Severity: important

https://buildd.debian.org/status/package.php?p=libretro-desmume

...
g++ -g 
-fdebug-prefix-map=/«BUILDDIR»/libretro-desmume-0.9.11+git20160819+dfsg1=. 
-fstack-protector-strong -Wformat -Werror=format-security -DHAVE_JIT -DNDEBUG 
-O3 -D__LIBRETRO__ -fpermissive -fPIC -Isrc/libretro-common/include -Isrc 
-Isrc/libretro  -Wdate-time -D_FORTIFY_SOURCE=2  -c -o 
src/utils/AsmJit/x86/x86cpuinfo.o src/utils/AsmJit/x86/x86cpuinfo.cpp
src/utils/AsmJit/x86/x86cpuinfo.cpp: In function 'void 
AsmJit::x86CpuId(uint32_t, AsmJit::X86CpuId*)':
src/utils/AsmJit/x86/x86cpuinfo.cpp:151:56: error: impossible constraint in 
'asm'
   __myCpuId(out->eax, out->ebx, out->ecx, out->edx, in);
^
: recipe for target 'src/utils/AsmJit/x86/x86cpuinfo.o' failed
make[2]: *** [src/utils/AsmJit/x86/x86cpuinfo.o] Error 1

Bug#861282: [No Subject]

2017-05-22 Thread JD Friedrikson

Here are the four patches that are related to this issue:

https://github.com/hashicorp/packer/commit/28ee60d216e49d565d654443b57295ce37197db1
https://github.com/hashicorp/packer/commit/249cb690e04477582aefadf4350a087bf4e33a87
https://github.com/hashicorp/packer/commit/ee5d13611fb8aca1f1014f9bcd65c18fffdd1b2b
https://github.com/hashicorp/packer/commit/a0052fdb687f80ac07e67d7a0f39dcf3a66e32dd

28ee60d216e49d565d654443b57295ce37197db1 is the patch that is currently 
packaged with debian

249cb690e04477582aefadf4350a087bf4e33a87 concerns vendor files which Debian 
doesn't appear to carry as part of the source package

ee5d13611fb8aca1f1014f9bcd65c18fffdd1b2b and 
a0052fdb687f80ac07e67d7a0f39dcf3a66e32dd both concern drivers to proprietary 
software (which Debian also does not seem to carry) so both need to be trimmed 
before applying

After removing the references to missing files, 
a0052fdb687f80ac07e67d7a0f39dcf3a66e32dd works just fine.

ee5d13611fb8aca1f1014f9bcd65c18fffdd1b2b is the one I'm having trouble with 
currently as it's failing for openstack's and amazon's ssh.go files. Not sure 
what changes we're carrying for those as I haven't dug too deep, but that's 
where I'm at now.

JD

Bug#670991: rsync 3.1

2017-05-22 Thread Stefan Kisdaroczi

Hi,

this happens if you run debmirror as root using rsync. rsync uses the
uid:gid from the server if run as root.
rsync 3.1 added the Options --usermap/--groupmap/--chown [1]. The
rsync version in Jessie is 3.1.1.

So, if you really need to run debmirror as root you can add
"--chown=x:y" to --rsync-options:
$ sudo debmirror --rsync-options="-aIL --partial --chown=me:me" ...

IMO this bug can be closed. Only happens if run as root with rsync on
wheezy and older.

Regards
Stefan

[1] https://download.samba.org/pub/rsync/src/rsync-3.1.0-NEWS

Bug#863141: new version available upstream

2017-05-22 Thread Jeffrey Cliff

Package: mnemosyne
Version: 2.4-0.1

mnemosyne version 2.4.1 is available upstream and has fixes to bugs such as
ubuntu   ( https://bugs.launchpad.net/ubuntu/+source/mnemosyne/+bug/1692326
https://bugs.launchpad.net/ubuntu/+source/mnemosyne/+bug/1690856 )

Bug#863100: How to setup debugging for vim-utlisnips

2017-05-22 Thread Yukiharu YABUKI

Dear maintainer.

I investigated this issue.

This issue come from wrong 'set comments' option.
bbox in all.snippets (in this version) expects some tuples.
but _purse_comments returns blank.

I also check upstream
https://github.com/honza/vim-snippets/blob/master/UltiSnips/all.snippets

It had already changed this program. (Yes, Still I have not used this yet)

I'll close this bug.

Because:
(1) I found that this issue come from all.snippets in vim-snippets
package.
(2) I should check vim-ultisnips and vim-snippets in sid.

And I quit investigating this version vim-snippets.

But I'd like to write how to debug vim-ultisnips. This procedure can be
shorter your debug time.

01.. I backuped vim-ultisnips and vim-snippets.
02. I'd like to embededd debug sentence
03.  Set 'from UltiSnips.debug import debug' in debug program.
04. set debug("hello world")
05. run ultisnips (triggered, program)
06. check /tmp/file.txt

if you want to know more detail. please read
 UltiShips/debug.py

Happy Hacking.

Best
Yukiharu.

--
++++++++++++++
Yukiharu Yabuki (矢吹幸治)  I use Debian GNU/Linux
mail: yab...@netfort.gr.jp
クレクレタコラは好き / クレクレタコだはイヤ
++++++++++++++


pgprtrC0vXNQ_.pgp
Description: PGP signature

Bug#857986: [Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

2017-05-22 Thread Jonathan Wiltshire


On 2017-05-22 15:19, Jérémy Lal wrote:

2017-05-22 16:10 GMT+02:00 Pirate Praveen :


On തിങ്കള്‍ 22 മെയ് 2017 06:41 വൈകു,
Jonas Smedegaard wrote:

...for the _initial_ packaging work.

We are package *maintainers*.


If you have not realized, we are discussing about maintaining an
existing package. I think you have also not realized the meaning of
team
maintained packages. The person who did the initial package need not
be
the maintainer of the packager for ever. When there is enough
interest
in the package, it will remain maintained else it gets removed.


I did the initial npm packaging. At that moment i was optimistic
upstream wouldn't add or change dependencies too much. I was wrong,
npm is constantly adding/removing modules through the months and
years, requiring a lot of maintainer work to keep up.
I think Jonas was pointing out that updating npm today won't actually
solve any issue regarding npm maintenance. Some company should fund
that work.

Jérémy


Can this discussion please not be on debian-release? Thanks.



--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

 i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits

Bug#860689: blockdiag: FTBFS on i386: E: Build killed with signal TERM after 150 minutes of inactivity

2017-05-22 Thread Changwoo Ryu

reassign 860689 blockdiag
retitle 860689 Missing Build-Depends on libmagickcore extra lib
thanks

blockdiag should fix its own Build-Depends.

Currently python*-wand does not depends on the ImageMagick
libmagickcore extra lib. This can be in debate but it is intended.



2017-05-14 9:22 GMT+09:00 Changwoo Ryu :
> Sorry for the late response.
>
> Please try to build blockdiag with libmagickcore-6.q16-3-extra
> package. This extra lib has the SVG codec.

1 2 >

1 - 100 of 169 matches

Mail list logo