Bug#870894: mirror submission for mirror.nbtelecom.com.br

[Pedro Alves]

Package: mirrors
Severity: wishlist
User: mirr...@packages.debian.org
Usertags: mirror-submission

Submission-Type: new
Site: mirror.nbtelecom.com.br
Aliases: mirror.nbtelecom.com.br
Type: leaf
Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 
kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
Archive-http: /debian/
CDImage-http: /debian/
CDImage-rsync: debian/
Archive-upstream: sft.if.usp.br
CDImage-upstream: sft.if.usp.br
Updates: four
Maintainer: Pedro Alves 
Country: BR Brazil
Location: Rio de Janeiro




Trace Url: http://mirror.nbtelecom.com.br/debian/project/trace/
Trace Url: 
http://mirror.nbtelecom.com.br/debian/project/trace/ftp-master.debian.org
Trace Url: 
http://mirror.nbtelecom.com.br/debian/project/trace/mirror.nbtelecom.com.br

Trace Url: http://mirror.nbtelecom.com.br/debian/project/trace/
Trace Url: 
http://mirror.nbtelecom.com.br/debian/project/trace/cdimage.debian.org
Trace Url: 
http://mirror.nbtelecom.com.br/debian/project/trace/mirror.nbtelecom.com.br

Bug#870893: remove .grep-dctrl-banner-shown

[積丹尼 Dan Jacobson]

Package: dctrl-tools
Version: 2.24-2+b1
Severity: wishlist

On http://antti-juhani.kaijanaho.fi/blog/en/debian/banner.comments
it says it will be removed soon.

OK, then could you also remove all the
-rw-r--r-- 1 0 2003-08-15  .grep-dctrl-banner-shown
littering everyone's accounts?

No I'm not sure of the best way to do it.

Bug#867331: still impossible to shut down

[Thorsten Glaser]

reopen 867331
thanks

Now I still can’t shutdown with Ctrl-Alt-Del on the console
because getty catches the hostname input molly-guard wants…

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Bug#870892: debhelper: Tries building "Architecture: all" despite --binary-arch (regression compat 11).

[Jens Reyer]

Package: debhelper
Version: 10.7.2
Severity: normal

Hi,

I'm trying to build wine in compat 11, but the --binary-arch build fails
on the binary package wine, which is "Architecture: all" - so it
shouldn't be built at all here.

I'm not sure if this is related to (the fix for) #863887 (debhelper:
Broken handling of -indep/-arch override target in 10.3+)

The same build works in compat 10.

Just tell me if you need more information.

Greets
jre



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (500, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages debhelper depends on:
ii  autotools-dev20161112.1
ii  binutils 2.29-3
ii  dh-autoreconf14
ii  dh-strip-nondeterminism  0.038-1
ii  dpkg 1.18.24
ii  dpkg-dev 1.18.24
ii  file 1:5.30-1
ii  libdpkg-perl 1.18.24
ii  man-db   2.7.6.1-2
ii  perl 5.26.0-5
ii  po-debconf   1.0.20

debhelper recommends no packages.

Versions of packages debhelper suggests:
pn  dh-make  

-- no debconf information

Bug#865592: chromium version 59: xml/xslt pages crashe in aw, Snap!

[Philippe Cochy]

Le samedi 05 août 2017 à 02:25 -0400, Michael Gilbert a écrit :
> I am not able to reproduce this with the latest version in unstable
> 60.0.3112.78-1.  Could you try this version?
Hi.

I tried: I got the same problem.

Also I am still unable to take a crash report and send it to Google. 
Would you know how to do it? It seems to me that the option is
available with Chrome but not with Chromium. (see comment 9 on 
https://bugs.chromium.org/p/chromium/issues/detail?id=736026 )

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages chromium depends on:
ii  chromium-common  60.0.3112.78-1
ii  libasound2   1.1.3-5
ii  libatk1.0-0  2.22.0-1
ii  libavcodec57 7:3.3.3-1
ii  libavformat577:3.3.3-1
ii  libavutil55  7:3.3.3-1
ii  libc62.24-11+deb9u1
ii  libcairo21.14.8-1
ii  libcups2 2.2.1-8
ii  libdbus-1-3  1.10.18-1
ii  libevent-2.0-5   2.0.21-stable-3
ii  libexpat12.2.0-2+deb9u1
ii  libflac8 1.3.2-1
ii  libfontconfig1   2.12.3-0.2
ii  libfreetype6 2.6.3-3.2
ii  libgcc1  1:6.3.0-18
ii  libgdk-pixbuf2.0-0   2.36.5-2
ii  libglib2.0-0 2.50.3-2
ii  libgtk2.0-0  2.24.31-2
ii  libharfbuzz0b1.4.2-1
ii  libicu57 57.1-6
ii  libjpeg62-turbo  1:1.5.1-2
ii  libminizip1  1.1-8+b1
ii  libnspr4 2:4.12-6
ii  libnss3  2:3.26.2-1.1
ii  libopus0 1.2~alpha2-1
ii  libpango-1.0-0   1.40.5-1
ii  libpangocairo-1.0-0  1.40.5-1
ii  libpng16-16  1.6.28-1
ii  libpulse010.0-1+deb9u1
ii  libre2-3 20170101+dfsg-1
ii  libsnappy1v5 1.1.3-3
ii  libstdc++6   6.3.0-18
ii  libvpx4  1.6.1-3
ii  libwebp6 0.5.2-1
ii  libwebpdemux20.5.2-1
ii  libwebpmux3  0.6.0-3
ii  libx11-6 2:1.6.4-3
ii  libx11-xcb1  2:1.6.4-3
ii  libxcb1  1.12-1
ii  libxcomposite1   1:0.4.4-2
ii  libxcursor1  1:1.1.14-1+b4
ii  libxdamage1  1:1.1.4-2+b3
ii  libxext6 2:1.3.3-1+b2
ii  libxfixes3   1:5.0.3-1
ii  libxi6   2:1.7.9-1
ii  libxml2  2.9.4+dfsg1-2.2
ii  libxrandr2   2:1.5.1-1
ii  libxrender1  1:0.9.10-1
ii  libxslt1.1   1.1.29-2.1
ii  libxss1  1:1.2.2-1
ii  libxtst6 2:1.2.3-1
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages chromium recommends:
ii  fonts-liberation  1:1.07.4-2

Versions of packages chromium suggests:
pn  chromium-driver
pn  chromium-l10n  
pn  chromium-shell 
pn  chromium-widevine  

-- no debconf information

Bug#870891: molly-guard: guards against successful reboot

[Thorsten Glaser]

Package: molly-guard
Version: 0.7
Severity: normal

Related to #867331 the “reboot -d -f -i” from /etc/rc6.d/K10reboot
also triggers a keyboard-interactive question.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages molly-guard depends on:
ii  procps  2:3.3.12-3

molly-guard recommends no packages.

molly-guard suggests no packages.

-- Configuration Files:
/etc/molly-guard/rc changed:
ALWAYS_QUERY_HOSTNAME=true


-- no debconf information

Bug#870690: [Pkg-octave-devel] Bug#870690: Bug#870690: octave: always rebuild files generated from actual sources

[Mike Miller]

On Sat, Aug 05, 2017 at 14:37:54 +0200, Rafael Laboissière wrote:
> What about adding a debian/clean file?

Thanks for the pointer, I haven't used this file before.

> I do not think that is necessary to fiddle with Files-Excluded in
> d/copyright.  This field is actually useful for building "dfsg" tarballs,
> which is not the case here.

Good, thanks.

With debian/clean, I get a successful build. Updated patch attached.

The files AUTHORS, BUGS, and INSTALL.OCTAVE at the top level could be
rebuilt from source, but are not dependencies of the 'all' target, so
I'm leaving them as-is for now.

The plot images in the doc/interpreter directory are built by Octave,
but are best built in a fully functional OpenGL environment, so I'm
leaving them alone.

Now, I get the following messages

dpkg-source: warning: ignoring deletion of file etc/icons/octave-logo.ico, 
use --include-removal to override
dpkg-source: warning: ignoring deletion of file scripts/DOCSTRINGS, use 
--include-removal to override
…

Should I also look at adding corresponding file patterns to
extend-diff-ignore in debian/source/options to avoid these warnings?
This file is also new to me.

Thanks for your help,

-- 
mike


signature.asc
Description: PGP signature

Bug#870890: apg; please make the build reproducible (timestamps)

[jathan]

Source: apg
Version: 2.2.3.dfsg.1-4
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi!

While working on the “reproducible builds” effort [1], we have noticed
that apg could not be built reproducibly.

The attached patch clamps the timestamps to the changelog timestamp when
creating the source archive. Once applied, apg can be built reproducibly
in our current experimental framework.

 [1]: https://wiki.debian.org/ReproducibleBuilds

-- 
Por favor evita enviarme adjuntos en formato de word o powerpoint, si
quieres saber porque lee esto:
http://www.gnu.org/philosophy/no-word-attachments.es.html
¡Cámbiate a GNU/Linux! http://getgnulinux.org/es
diff -Nru apg-2.2.3.dfsg.1/debian/changelog apg-2.2.3.dfsg.1/debian/changelog
--- apg-2.2.3.dfsg.1/debian/changelog   2016-08-05 05:04:46.0 -0500
+++ apg-2.2.3.dfsg.1/debian/changelog   2017-08-05 20:52:19.0 -0500
@@ -1,3 +1,10 @@
+apg (2.2.3.dfsg.1-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix timestamps_in_tarball reproducible build issue. 
+
+ -- Jonathan Bustillos   Sat, 05 Aug 2017 
20:52:19 -0500
+
 apg (2.2.3.dfsg.1-4) unstable; urgency=low
 
   * add patch from Steve Langasek to use correct compiler (Closes: #734870)
diff -Nru apg-2.2.3.dfsg.1/debian/rules apg-2.2.3.dfsg.1/debian/rules
--- apg-2.2.3.dfsg.1/debian/rules   2016-08-05 05:04:46.0 -0500
+++ apg-2.2.3.dfsg.1/debian/rules   2017-08-05 20:49:26.0 -0500
@@ -1,5 +1,6 @@
 #!/usr/bin/make -f
 
+SOURCE_DATE := $(shell dpkg-parsechangelog --show-field=Date)
 DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 
@@ -19,6 +20,7 @@
make install INSTALL_PREFIX=$(CURDIR)/debian/apg/usr
mv $(CURDIR)/debian/apg/usr/bin/apg $(CURDIR)/debian/apg/usr/lib/apg/apg
tar --create --file - --directory $(CURDIR)/php/apgonline/ . \
+ --clamp-mtime --mtime="$(SOURCE_DATE)" \
  --mode=u=rwX,go=rX --sort=name | gzip --no-name > php.tar.gz
install -D --mode=0644 php.tar.gz 
$(CURDIR)/debian/apg/usr/share/doc/apg/php.tar.gz
rm php.tar.gz


signature.asc
Description: OpenPGP digital signature

Bug#870889: Depends: libc-bin (> 2.25) but 2.24-14 is installed

[積丹尼 Dan Jacobson]

Package: locales
Severity: important

 locales : Depends: libc-bin (> 2.25) but 2.24-14 is installed
The following actions will resolve these dependencies:

 Keep the following packages at their current version:
1) locales [2.24-14 (now, unstable)]


-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.11.0-2-686-pae (SMP w/1 CPU core)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), 
LANGUAGE=zh_TW.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages locales depends on:
ii  debconf1.5.63
ii  libc-bin   2.24-14
ii  libc-l10n  2.25-0experimental0

locales recommends no packages.

locales suggests no packages.

-- debconf information:
* locales/locales_to_be_generated: en_US ISO-8859-1, en_US.UTF-8 UTF-8, zh_CN 
GB2312, zh_TW BIG5, zh_TW.UTF-8 UTF-8
* locales/default_environment_locale: None

Bug#870888: breaks awscli 1.11.121-1

[Jamie Heilman]

Package: python3-requests
Version: 2.18.1-1
Severity: important

With this version installed (and python3-urllib3 1.21.1-1), aws cli
just spits out:

'AWSHTTPSConnection' object has no attribute 'ssl_context'

downgrading to 2.12.4-1 restores normal functionality.  I haven't
looked to see if awscli is playing dirty pool and fiddling with things
that were never part of a guaranteed API, if that's the case, reassign
as necessary.

Bug#862644: Pending fixes for bugs in the libproc-syncexec-perl package

[pkg-perl-maintainers]

tag 862644 + pending
thanks

Some bugs in the libproc-syncexec-perl package are closed in revision
c315101de2ec7a17d861079efba54d85be1aafb5 in branch 'master' by
Christoph Biedl

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages/libproc-syncexec-perl.git/commit/?id=c315101

Commit message:

Put under the pkg-perl umbrella. Closes: #862644

Bug#870882: Mention where to send bug reports

[積丹尼 Dan Jacobson]

Package: libsecret-tools
Version: 0.18.5-3.1
Severity: minor
File: /usr/share/man/man1/secret-tool.1.gz

Add a section to mention where to send bug reports.

Bug#870884: add a FILES section

[積丹尼 Dan Jacobson]

Package: gnome-keyring
Version: 3.20.1-1
Severity: wishlist
File: /usr/share/man/man1/gnome-keyring-daemon.1.gz

Add a FILES section to say where the keyring(s) live(s).

Bug#870887: python-udatetime: FTBFS: Invalid RFC3339 date-time string

[Aaron M. Ucko]

Source: python-udatetime
Version: 0.0.12-1
Severity: important
Tags: upstream
Justification: fails to build from source

Builds of python-udatetime for a number of architectures failed, as
excerpted below (modulo some varation in elapsed time) and detailed at
https://buildd.debian.org/status/logs.php?pkg=python-udatetime=0.0.12-1.
Specifically, these failures occurred on armel, armhf, mips, mipsel,
and the non-release architectures hppa, powerpc, ppc64, and sparc64.
I'm not sure offhand why those specific architectures encountered
these errors; I doubt the buildd's native timezone is relevant, since
I see a successful mips64el build at mipsel-manda01 and a failed
mipsel build at mipsel-manda03, which is presumably at the same data
center.

Could you please take a look?

Thanks!

==
ERROR: test_from_and_to_string (test_udatetime.Test)
--
Traceback (most recent call last):
  File "/«PKGBUILDDIR»/.pybuild/pythonX.Y_2.7/build/test/test_udatetime.py", 
line 36, in test_from_and_to_string
dt = udatetime.from_string(rfc3339)
ValueError: Invalid RFC3339 date-time string. Time invalid.

==
ERROR: test_ok_from_string (test_udatetime.Test)
--
Traceback (most recent call last):
  File "/«PKGBUILDDIR»/.pybuild/pythonX.Y_2.7/build/test/test_udatetime.py", 
line 156, in test_ok_from_string
udatetime.from_string(r),
ValueError: Invalid RFC3339 date-time string. Time invalid.

==
ERROR: test_tzone (test_udatetime.Test)
--
Traceback (most recent call last):
  File "/«PKGBUILDDIR»/.pybuild/pythonX.Y_2.7/build/test/test_udatetime.py", 
line 162, in test_tzone
dt = udatetime.from_string(rfc3339)
ValueError: Invalid RFC3339 date-time string. Time invalid.

--
Ran 10 tests in 0.022s

FAILED (errors=3)

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#870886: 'passward' spelled wrong

[積丹尼 Dan Jacobson]

Package: libsecret-tools
Version: 0.18.5-3.1
Severity: minor
File: /usr/share/man/man1/secret-tool.1.gz

'attirbute', 'passward' spelled wrong.

Bug#870885: Mention the word "Gnome"

[積丹尼 Dan Jacobson]

Package: libsecret-tools
Version: 0.18.5-3.1
Severity: minor
File: /usr/share/man/man1/secret-tool.1.gz

Mention somewhere on this man page if it is related to Gnome.
Mention somewhere on this man page if it is related to a certain keyring.

Bug#870881: Add --list-obsolete-timestamp-files, --delete-obsolete-timestamp-files

[積丹尼 Dan Jacobson]

Package: anacron
Version: 2.3-24
Severity: wishlist

Man page says

   Timestamp files are created in the spool  directory  for  each  job  in
   anacrontab.  These  are  never  removed  automatically  by anacron, and
   should be removed by hand if a job is no longer being scheduled.

However with a hundred of them it is accident prone to figure out which are
still being used or not visually.

Also if this needs to be done on a hundred machines it becomes tedious.

Therefore please at least add new functionality:

--list-obsolete-timestamp-files
--delete-obsolete-timestamp-files

Bug#870883: Add FILES section

[積丹尼 Dan Jacobson]

Package: libsecret-tools
Version: 0.18.5-3.1
Severity: minor
File: /usr/share/man/man1/secret-tool.1.gz

Add a FILES section, to state what files this program operates upon.

Bug#870880: ITP: browse-kill-ring-el -- interactively insert items from kill-ring

[Lev Lamberov]

Вс 06 авг 2017 @ 00:33 Lev Lamberov :

>   Upstream Author : Colin Watson  (original author)

Sorry, a mistake. The original author is Colin Walters
.

Regards,
Lev Lamberov

Bug#870880: ITP: browse-kill-ring-el -- interactively insert items from kill-ring

[Lev Lamberov]

Package: wnpp
Owner: Lev Lamberov 
Severity: wishlist

* Package name: browse-kill-ring-el
  Version : 2.0.0
  Upstream Author : Colin Watson  (original author)
Andrew Burgess  (current maintainer)
Toon Claes  (current maintainer)
Christopher Monsanto  (current maintainer)
* URL or Web page : https://github.com/browse-kill-ring/browse-kill-ring
* License : GPL-2+
  Programming Lang: Emacs Lisp
  Description : interactively insert items from kill-ring

Ever feel that 'C-y M-y M-y M-y ...' is not a great way of trying to
find that piece of text you know you killed a while back? Then
browse-kill-ring.el is for you.

Note that the command keeps track of the last window displayed to handle
insertion of chosen text; this might have unexpected consequences if you
do 'M-x browse-kill-ring', then switch your window configuration, and
try to use the same *Kill Ring* buffer again.

Bug#870356: fixed

[Henri Salo]

This is fixed in 1.15 release.

Bug#798476: Returning to the requirement that Uploaders: contain humans

[Russ Allbery]

Adrian Bunk  writes:
> On Fri, Aug 04, 2017 at 02:57:49PM -0700, Russ Allbery wrote:

>> but regardless of that discussion, machine-readable team information is
>> not something we have now.

> Policy says that Uploaders should list all co-maintainers.

Your understanding of Policy is incorrect.  (This is one of the few topics
in this thread where I can put on my Policy Editor hat and say that this
isn't just a matter of opinion.)

Policy says that all co-maintainers *who are not included in the
Maintainer* field should be listed in Uploaders, which obviously means
that team members do not have to be listed there since they're included in
the Maintainer field.

The only reason why anyone gets added to Uploaders from a Policy
perspective for a team-maintained package is the statement under
discussion here:

This is normally an optional field, but if the Maintainer control
field names a group of people and a shared email address, the
Uploaders field must be present and must contain at least one human
with their personal email address.

*At least one human.*  Not everyone on the team.  And note how this
specifically talks about how the Maintainer field can represent a *group*
of people.

Team membership information does not exist in a machine-readable form
right now.  You have misunderstood the meaning of Uploaders and it is
leading you to draw a bunch of other erroneous conclusions.

-- 
Russ Allbery (r...@debian.org)   

Bug#798476: Returning to the requirement that Uploaders: contain humans

[Russ Allbery]

Tobias Frost  writes:
> Am Donnerstag, den 03.08.2017, 11:58 -0700 schrieb Russ Allbery:

>> Or track MIA teams, which in a lot of ways is a much easier problem,
>> and seems like a worthwhile problem to solve anyway.

> No, because with a $TEAM you have to expand it to $TEAM_MEMBERS and
> check them individually.

Well, as I've already said, I don't agree with this approach for finding
MIA teams.  I'm not sure if you disagree for reasons you're not saying, or
if you just didn't see that message, or if I missed another message from
you explaining why you disagree.

Anyway, I truly don't understand why you can't determine MIA teams based
on whether their packages are maintained.  Team-maintained packages not
being uploaded translates into the team being MIA (regardless of the MIA
status of individual members).  I think it's in a lot of respects much
more straightforward than MIA maintainers, since you don't have to worry
about voting and other maintainer privileges and access.  And with most
teams there will be fewer edge cases where there are legitimate reasons
for all of their packages to have just not needed an upload, since teams
are less likely to only have a single leaf package.

-- 
Russ Allbery (r...@debian.org)   

Bug#870879: ITP: fortune-anarchism -- anarchist quotes for fortune

[spectranaut]

Package: wnpp
Owner: Valerie R Young 
Severity: wishlist

* Package name: fortune-anarchism
  Version : 1.2
  Upstream Author : none
* URL : https://notabug.org/PangolinTurtle/BLAG-fortune
* License : public domain
  Programming Lang: text
  Description : anarchist quotes for fortune

This package provides a set of anarchist quotes in the fortune database
format.

Bug#870878: ITP: ufolib -- Low-level UFO reader and writer

[魏銘廷]

Package: wnpp
Severity: wishlist
Owner: =?utf-8?b?WWFvIFdlaSAo6a2P6YqY5bu3KQ==?= 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: ufolib
  Version : 2.1.0
  Upstream Author : Unified Font Object
* URL : https://github.com/unified-font-object/ufoLib
* License : BSD
  Programming Lang: Python
  Description : Low-level UFO reader and writer

This is a UFO font reader and writer. Some of the fonts building from
source requires libraries that requires this, such as defcon (#806513)
and mutatormath (#806503).

-BEGIN PGP SIGNATURE-

iQJCBAEBCAAsFiEE/tVDSEUoffJikxSJz7v84LdPGxQFAlmGTx8OHG13ZWlAbHhk
ZS5vcmcACgkQz7v84LdPGxQx0RAAkRP1Nxpg/M7472RPZtutDvaQNhl3vgjbJrfv
w17bL5fgFVmIdb9RynpZd2Cbr/EdFsPqae9NWYysGWb8/lKGPt6K/KoZ5O4qqhd+
MqLp7Xs5GyX8IagY72t7zwmOOMIpRimkoqODyvaqhVq8ImKmFCOj6RjZxFnNJlNm
4HtAS1umvenaoAP6s/vCvitMRCliXXOTq4fcvITfL3yLEyNR5fZYrQZjIxk2jFPm
zGEZFi0Np6odZyjBGFj2GXjhr0hG0kCQ7fqN9bdedQHm9pn7TC3rkhx8JVZNNvtU
HjFMu8AAjpDSwLNNHllyBC+soWXc+xwzZib/4btxIcHDbIW86i0f4AB25BX4Jimi
38tMOwZU24SolPTY4a/NTbBg0XzF2DucpyJfXGCeykaVOFSoUQdn1ZYSxJldJ9iT
vlZrF086/3+5alWK5tFledGBW/CxzMbxl6dA+Nc18GKaOfsfCEqfYFm0OhG4qr8q
+X6cRV5U6VJDVnXL8lJ7Q3sEwycGF9W+c712i+1qCdtrGJp2UgmaOWsOBe8jSSqn
ZoqtaG0O8I10GgkG5OXT8lFp+Ge0PLO+KB9QjQODqfOKya0T1NtwiEunw/fxp5Y6
go2zB95Urjw63+XXOJkqNpwmAIcQDU0wL1xKcn8EyxX+NIgD/rb1Mpu4A9mU6KHb
gNShjqk=
=s9Kc
-END PGP SIGNATURE-

Bug#870877: ITP: trapperkeeper-scheduler-clojure -- Trapperkeeper service for scheduling background tasks

[Apollon Oikonomopoulos]

Package: wnpp
Severity: wishlist
Owner: Apollon Oikonomopoulos 

* Package name: trapperkeeper-scheduler-clojure
  Version : 0.7.1
  Upstream Author : Puppet Labs Inc
* URL : http://github.com/puppetlabs/trapperkeeper-scheduler
* License : Apache-2.0
  Programming Lang: Clojure
  Description : Trapperkeeper service for scheduling background tasks

Trapperkeeper-scheduler is a Trapperkeeper service that provides a simple API
for scheduling potentially recurring background tasks. Other Trapperkeeper
services may specify a dependency on the Scheduler service and then use its
functions to schedule and cancel jobs to be run on background. 

This is a dependency for PuppetDB and Puppet Server.

Bug#870875: ITP: fonts-alegreya-sans -- Humanist sans-serif font designed by Juan Pablo del Peral

[Yao Wei]

Alternatively we can use this commit to achieve BFS:
https://github.com/huertatipografica/Alegreya-Sans/commit/e870e363e24b3fea3466de93514282987892b82c


signature.asc
Description: PGP signature

Bug#750946: Upstream dev of HTML::HTML5::Parser

[Kjetil Kjernsmo]

Hi all!

I just noticed https://bugs.debian.org/750946 since my Test::RDF depends on 
HTML::HTML5::Parser (though, I don't quite understand how that dependency 
arises) and I would be affected by a removal. 

I haven't looked at the problem itself, but I would just like to report 
that the upstream dev, Toby Inkster has recently resumed development after  
a hiatus, so all hope isn't lost. 

Best,

Kjetil

Bug#869745: enigmail: Enigmail stopped working after the update on Debian Jessie

[Daniel Bareiro]

Please mark as duplicate with #869774.

This issue has already been solved in that other bug report.

Kind regards,

-- 
Ing. Daniel Bareiro

Opción Libre - Soberanía tecnológica para su empresa
WWW: http://www.opcion-libre.com.ar
Tel: +54 11 5235-3090
Correo-e: conta...@opcion-libre.com.ar



signature.asc
Description: OpenPGP digital signature

Bug#870678: winff autopkgtests fail with ffmpeg 3.3.3: No such filter: 'asyncts'

[Paul Gevers]

Control: severity -1 normal

On 03-08-17 21:32, Steve Langasek wrote:
> I've confirmed that this autopkgtest is testing the same presets.xml which
> is installed by winff in the winff-data package, so it appears that this
> will genuinely cause winff to fail at runtime (i.e., this is not just a bug
> in the test).  I'm therefore marking it 'grave'.  Feel free to downgrade if
> you think this is wrong - it looks like only the presets for three Nokia
> devices are affected.

The autopkgtest is meant to catch changes in ffmpeg/libav. As it affects
only a very limited set of presets, and the user can relatively easy
work around this, I downgrade this to normal. Winff will not fail, the
conversion using this preset will fail.

This is more severe for Ubuntu though, as I do recognize, but for Debian
this is a normal bug.

> I would tag this bug 'sid', except that since autopkgtests don't gate
> testing in Debian, this autopkgtest regression does not stop the new ffmpeg
> from migrating to testing and breaking winff there.

Ack.

> I don't know the fix for this issue, as I'm not conversant with ffmpeg and
> so am not sure how to map the existing asyncts filter settings to the
> recommended af_aresample filter.  There does not appear to be a fix upstream
> for this yet in the winff github repo.

The most trivial way to fix it quickly is by just dropping the argument.
I'll try to fix it smarter. Upstream is basically in maintenance only
mode. Debian is one of the main reasons for changes (I make them). This
ffmpeg change is such a change.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#870876: tracker.debian.org: make subscription easier to upstreams with many packages

[Alex Muntada]

Package: tracker.debian.org
Severity: wishlist

Dear Maintainers,
some time ago one particular upstream for several Perl modules
asked me if there's a way to easily subscribe to all packages
related to them automatically, i.e. an opt-in subscription for
upstreams that they could just check on or off and if a new
package appears and they're the upstream, then tracker would
automatically subscribe them to that package.

Most pkg-perl packages have a debian/upstream/metadata that
could be used to obtain the upstream author, but I guess it
could be fetched from metacpan also. That could work for other
upstream distribution systems like pypi, rubygems, npm, etc.

Cheers!
Alex


-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)



signature.asc
Description: PGP signature

Bug#870875: ITP: fonts-alegreya-sans -- Humanist sans-serif font designed by Juan Pablo del Peral

[魏銘廷]

Package: wnpp
Severity: wishlist
Owner: =?utf-8?b?WWFvIFdlaSAo6a2P6YqY5bu3KQ==?= 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: fonts-alegreya-sans
  Version : 2.001
  Upstream Author : Juan del Peral 
* URL : http://www.huertatipografica.com/en/fonts/alegreya-sans-ht
* License : OFL-1.1
  Description : Humanist sans serif family, part of Alegreya "super family"

This font is built using Glyphs, so it may be blocked by bug #868005 if
BFS is necessary.

This is the logo font used for DebConf18.

-BEGIN PGP SIGNATURE-

iQJCBAEBCAAsFiEE/tVDSEUoffJikxSJz7v84LdPGxQFAlmGO3AOHG13ZWlAbHhk
ZS5vcmcACgkQz7v84LdPGxTUkhAAvI3HmrGpFk/IuRTjrNiuxd7faIsfVMyA3v/p
exa+o7JD9uCNW+qprNx2yPx0Zq93zsiMc42EJSIiqSdzlSOPv6BU7pgANByG39LH
3kzcu9nrR/ZgDPIOMjrO33xVtz6DFkgwspwDdU0Gh5jdIV99rrJ4HMOVKB4eILrG
0O5zAf0jWpxZ/GHnt1qQAdDfb24ChSd1lcbN30UphDvmvrig/BMHPI24ZyuUgFmg
8dtGhZqkGIjN01SaSO90t8JAtjoWdPSfN4erU9ak9+WgJGTAwcmpoNZdVn4RenR0
03FBvJO1fy1nAUmYFpgrH5ofGBJ0YzaxSsyaGU2SbVDMi+kNy2F8/p1PLnnJ296i
ULTnIlKoHi5aaG/dpxwuhz/P0Cd4DyrKCPu7XhIQKULu+wXLVdydKncafZ67FprA
bKyZLq3os0Us+/qa/HOkNbU2BgE6lQUC2eAY/7dB+sa2apSCk+sfnXAezIgRvSIJ
XS74CXTCu6Oye0N7onSWOUkmLVFbXAUHt7vbgxbIJ4Lz7NnLKkVjJCDs/vUDFueu
QAAE+Q1hRH91tJ1bFnCzZgxXhvcWXXABwsD3FU01crk0GN41aUhCPvCGyKlH4oHw
z4dXrCZK6b5RR4x9U/P8ZJJ819SYxp9rtdEsewHWHUmxaiS5fyj5EAG0mi11GbCs
DK2W5HA=
=fYTu
-END PGP SIGNATURE-

Bug#853533: magics++ FTBFS with g++ 7.1 -- compiler bug, fixed in 7.2 branch

[Adrian Bunk]

Control: reassign -1 g++-7 7-20170126-1
Control: affects -1 src:magics++
Control: fixed -1 7.1.0-10
Control: close -1


On Wed, Jul 12, 2017 at 02:59:05PM +0100, Alastair McKinstry wrote:
> Hi,
> 
> This FTBFS with g++-7 is a known bug in gcc 7.1 ;
> 
> see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81204
> 
> Resolved in gcc-7 branch. Either a cherry-pick of the patch, or 7.2
> release of gcc needed.

Confirmed that it is fixed with the latest gcc-7:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/magics++.html

> Best regards
> 
> Alastair

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#870874: support sound on ltsp clients with pulseaudio

[Holger Levsen]

package: debian-edu-config
version: 1.930
severity: wishlist

< pere> a quick look in debian-edu-config make me believe ESPEAKER is the 
secret word to 
look for, and /usr/sbin/debian-edu-ltsp-audiodivert and 
/etc/desktop-profiles/debian-edu-config.listing are the places to 
update.  
PULSE_SERVER seem to be the equivalent pulseaudio environment variable, 
but a 
~/.pulse_cookie file might be related too.  given that the latter is 
already 
mentioned in /usr/sbin/debian-edu-ltsp-audiodivert, I would guess ltsp 
already 
have pulseaudio support...


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#853613: pinfo: ftbfs with GCC-7

[Adrian Bunk]

Control: reassign -1 gcc-7 7.1.0-12
Control: affects -1 src:pinfo
Control: retitle -1 gcc-7 with -Os: undefined references to inline functions

On Tue, Jan 31, 2017 at 09:35:06AM +, Matthias Klose wrote:
>...
> /bin/bash ../libtool --tag=CC --mode=link x86_64-linux-gnu-gcc  -Wall -g -Os  
>  -o pinfo  pinfo-pinfo.o pinfo-colors.o pinfo-datatypes.o 
> pinfo-filehandling_functions.o pinfo-mainfunction.o pinfo-manual.o 
> pinfo-menu_and_note_utils.o pinfo-parse_config.o pinfo-regexp_search.o 
> pinfo-signal_handler.o pinfo-utils.o pinfo-video.o pinfo-initializelinks.o 
> pinfo-printinfo.o-lreadline  -L/usr/lib -lncursesw  -L/usr/lib -lncursesw
> mkdir .libs
> x86_64-linux-gnu-gcc -Wall -g -Os -o pinfo pinfo-pinfo.o pinfo-colors.o 
> pinfo-datatypes.o pinfo-filehandling_functions.o pinfo-mainfunction.o 
> pinfo-manual.o pinfo-menu_and_note_utils.o pinfo-parse_config.o 
> pinfo-regexp_search.o pinfo-signal_handler.o pinfo-utils.o pinfo-video.o 
> pinfo-initializelinks.o pinfo-printinfo.o  -lreadline -L/usr/lib -lncursesw
> pinfo-filehandling_functions.o: In function `opendirfile':
> /<>/pinfo-0.6.9/src/filehandling_functions.c:620: undefined 
> reference to `builddircommand'
> /<>/pinfo-0.6.9/src/filehandling_functions.c:649: undefined 
> reference to `builddircommand'
> pinfo-filehandling_functions.o: In function `openinfo':
> /<>/pinfo-0.6.9/src/filehandling_functions.c:818: undefined 
> reference to `buildcommand'
> pinfo-initializelinks.o: In function `initializelinks':
> /<>/pinfo-0.6.9/src/initializelinks.c:466: undefined reference 
> to `exists_in_tag_table'
> /<>/pinfo-0.6.9/src/initializelinks.c:743: undefined reference 
> to `exists_in_tag_table'
> collect2: error: ld returned 1 exit status
> Makefile:356: recipe for target 'pinfo' failed
> make[3]: *** [pinfo] Error 1
>...

This looks like a gcc bug, testcase:

$ cat test4.c
int a;

inline void builddircommand(void)
{
a++;
}

int main()
{
builddircommand();
return 0;
}
$ gcc-6 -O2 -Wall test4.c
$ gcc-6 -Os -Wall test4.c
$ gcc -O2 -Wall test4.c
$ gcc -Os -Wall test4.c
/tmp/ccbei4dK.o: In function `main':
test4.c:(.text.startup+0x5): undefined reference to `builddircommand'
collect2: error: ld returned 1 exit status
$ 

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#869856: openssl: FTBFS: Testsuite failures

[Kurt Roeckx]

On Sat, Aug 05, 2017 at 09:03:41PM +0200, Sebastian Andrzej Siewior wrote:
> control: tags -1 patch fixed-upstream pending
> control: forwaded -1 https://github.com/openssl/openssl/issues/3562
> 
> On 2017-07-27 19:06:19 [-0700], Daniel Schepler wrote:
> > It appears so.  (Though I did have to apply it by hand as there was no
> > "clientsession" line for patch to sync to in hunk #2.)
> 
> okay. So we have fix a which will be part of 1.1.0g and I don't see a reason
> to upload it right away. So I suggest to wait until upstream releases
> something new.

I planned to break things by disabling TLS 1.0 and 1.1, which I
might upload soon. I guess I can fix that at the same time.


Kurt

Bug#870873: exiv2: FTBFS: some symbols or patterns disappeared in the symbols file

[Jakub Wilk]

Source: exiv2
Version: 0.26-1
Severity: serious
Justification: fails to build from source

exiv2 FTBFS on i386:
|dh_makeshlibs -a -O--parallel -O--buildsystem=cmake
| dpkg-gensymbols: warning: some new symbols appeared in the symbols file: see 
diff output below
| dpkg-gensymbols: warning: some symbols or patterns disappeared in the symbols 
file: see diff output below
| dpkg-gensymbols: warning: debian/libexiv2-26/DEBIAN/symbols doesn't match 
completely debian/libexiv2-26.symbols
| --- debian/libexiv2-26.symbols (libexiv2-26_0.26-1_i386)
| +++ dpkg-gensymbolsVBtVbw 2017-07-17 10:37:38.321705782 +
| @@ -135,8 +135,10 @@
|   _Z12xdefaultNameB5cxx11@Base 0.26
|   _Z13DetectAltTextP8XMP_Node@Base 0.26
|   
_Z13FindChildNodeP8XMP_NodePKcbPN9__gnu_cxx17__normal_iteratorIPS0_St6vectorIS0_SaIS0_@Base
 0.26
| - 
_Z13ToUTF16NativePKhmPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 
0.26
| - 
_Z13ToUTF32NativePKhmPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 
0.26
| + 
_Z13ToUTF16NativePKhjPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 
0.26-1
| +#MISSING: 0.26-1# 
_Z13ToUTF16NativePKhmPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 
0.26
| + 
_Z13ToUTF32NativePKhjPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 
0.26-1
| +#MISSING: 0.26-1# 
_Z13ToUTF32NativePKhmPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 
0.26
[snip - lot's of other symbols missing]
| dh_makeshlibs: failing due to earlier errors
| debian/rules:6: recipe for target 'binary-arch' failed
| make: *** [binary-arch] Error 2

Full build log:
https://buildd.debian.org/status/fetch.php?pkg=exiv2=i386=0.26-1=1500287864

--
Jakub Wilk

Bug#870872: tracker.debian.org: Server Error (500) when using a new SSO cert

[Alex Muntada]

Package: tracker.debian.org
Severity: normal

Dear Maintainers,
I was using my SSO guest-account certificate from alioth just fine
in https://tracker.debian.org/pkg/libpod-pom-view-restructured-perl
and then decided it was time to switch to a new SSO debian account
certificate. So created a new certificate for me in sso.debian.org,
then went to the previous URL but I got a 500 error status from the
tracker.

However, the new certificate did actually work fine after restarting
firefox. I'm not sure if this was a transient error or some other
issue with firefox instead, but I just wanted to let you know.

Cheers!
Alex


-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)



signature.asc
Description: PGP signature

Bug#867980: aptitude: [INTL:nl] Dutch po file for the aptitude package's documentation

[Manuel A. Fernandez Montecelo]

Control: tags -1 + pending


2017-07-10 22:27 Frans Spiesschaert:

 
 
Package: aptitude 
Severity: wishlist 
Tags: l10n patch 
 
 
Dear Maintainer, 
 
===

Please find attached the updated Dutch po file for the aptitude
package's documentation. It has been submitted for review to the 
debian-l10n-dutch mailing list. Please add it to your next package 
revision. It should be put as "doc/po4a/po/nl.po" in your package build
tree. 
===
 



Thanks, applied!


--
Manuel A. Fernandez Montecelo 

Bug#853316: aptitude: ftbfs with GCC-7

[Manuel A. Fernandez Montecelo]

Control: tags -1 + pending


Hi,

2017-01-31 10:29 Matthias Klose:

Package: src:aptitude
Version: 0.8.5-1
Severity: normal
Tags: sid buster
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-7


Fix applied and pending to upload, thanks!

--
Manuel A. Fernandez Montecelo 

Bug#870871: Reduce recommended package on php-horde-util

[Mike Gabriel]

Package: php-horde-util
Severity: wishlist

Dear maintainer,

I am working on a project that depends on php-horde-string.

When installing php-horde-string, I get this pile of co-installed  
packages (taken from Debian stretch):


```
[mike@minobo ~]$ sudo apt-get install php-horde-util
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  ckeditor3 libmemcached11 libmemcachedutil2 php-apcu php-apcu-bc  
php-bz2 php-codecoverage php-curl php-deepcopy  
php-doctrine-instantiator php-file-iterator
  php-geoip php-horde-activesync php-horde-alarm php-horde-auth  
php-horde-autoloader php-horde-browser php-horde-cache php-horde-cli  
php-horde-compress
  php-horde-compress-fast php-horde-constraint php-horde-controller  
php-horde-core php-horde-crypt php-horde-crypt-blowfish  
php-horde-css-parser
  php-horde-cssminify php-horde-data php-horde-date php-horde-dav  
php-horde-db php-horde-editor php-horde-elasticsearch  
php-horde-exception php-horde-form
  php-horde-group php-horde-hashtable php-horde-history  
php-horde-http php-horde-icalendar php-horde-idna php-horde-image  
php-horde-imap-client php-horde-imsp
  php-horde-injector php-horde-javascriptminify  
php-horde-kolab-format php-horde-kolab-server php-horde-kolab-session  
php-horde-kolab-storage php-horde-ldap
  php-horde-listheaders php-horde-lock php-horde-log  
php-horde-logintasks php-horde-lz4 php-horde-mail php-horde-mapi  
php-horde-memcache php-horde-mime
  php-horde-mime-viewer php-horde-nls php-horde-notification  
php-horde-oauth php-horde-pack php-horde-perms php-horde-prefs  
php-horde-queue php-horde-routes
  php-horde-scribe php-horde-secret php-horde-serialize  
php-horde-service-twitter php-horde-sessionhandler php-horde-share  
php-horde-smtp
  php-horde-socket-client php-horde-spellchecker php-horde-stream  
php-horde-stream-filter php-horde-stream-wrapper php-horde-support  
php-horde-template
  php-horde-test php-horde-text-filter php-horde-text-flowed  
php-horde-thrift php-horde-token php-horde-translation php-horde-tree  
php-horde-url php-horde-vfs
  php-horde-view php-http php-http-request php-igbinary  
php-image-text php-imagick php-imap php-mbstring php-mcrypt  
php-memcached php-msgpack php-mysql
  php-net-dns2 php-net-imap php-net-url php-net-url2 php-nrk-predis  
php-numbers-words php-pecl-http php-phpdocumentor-reflection-docblock  
php-phpspec-prophecy
  php-propro php-raphf php-sabre-dav php-sabre-vobject php-seclib  
php-ssh2 php-text-captcha php-text-figlet php-text-languagedetect  
php-text-password
  php-text-template php-tidy php-timer php-token-stream php-xml-svg  
php7.0-bz2 php7.0-curl php7.0-imap php7.0-mbstring php7.0-mcrypt  
php7.0-mysql php7.0-tidy
  phpunit phpunit-code-unit-reverse-lookup phpunit-comparator  
phpunit-diff phpunit-environment phpunit-exporter phpunit-global-state  
phpunit-mock-object
  phpunit-object-enumerator phpunit-recursion-context  
phpunit-resource-operations phpunit-version

Suggested packages:
  php-xdebug php-horde-javascriptminify-jsmin  
php-horde-text-filter-jsmin php-dflydev-markdown php-erusev-parsedown  
php-gmp php-compat phpunit-dbunit

  php-invoker php-uopz
Recommended packages:
  php-horde-mongo php-pam php-sasl php-xcache php-lzf php-oci8  
php-horde-stringprep php-idn

The following NEW packages will be installed:
  ckeditor3 libmemcached11 libmemcachedutil2 php-apcu php-apcu-bc  
php-bz2 php-codecoverage php-curl php-deepcopy  
php-doctrine-instantiator php-file-iterator
  php-geoip php-horde-activesync php-horde-alarm php-horde-auth  
php-horde-autoloader php-horde-browser php-horde-cache php-horde-cli  
php-horde-compress
  php-horde-compress-fast php-horde-constraint php-horde-controller  
php-horde-core php-horde-crypt php-horde-crypt-blowfish  
php-horde-css-parser
  php-horde-cssminify php-horde-data php-horde-date php-horde-dav  
php-horde-db php-horde-editor php-horde-elasticsearch  
php-horde-exception php-horde-form
  php-horde-group php-horde-hashtable php-horde-history  
php-horde-http php-horde-icalendar php-horde-idna php-horde-image  
php-horde-imap-client php-horde-imsp
  php-horde-injector php-horde-javascriptminify  
php-horde-kolab-format php-horde-kolab-server php-horde-kolab-session  
php-horde-kolab-storage php-horde-ldap
  php-horde-listheaders php-horde-lock php-horde-log  
php-horde-logintasks php-horde-lz4 php-horde-mail php-horde-mapi  
php-horde-memcache php-horde-mime
  php-horde-mime-viewer php-horde-nls php-horde-notification  
php-horde-oauth php-horde-pack php-horde-perms php-horde-prefs  
php-horde-queue php-horde-routes
  php-horde-scribe php-horde-secret php-horde-serialize  
php-horde-service-twitter php-horde-sessionhandler php-horde-share  
php-horde-smtp
  php-horde-socket-client php-horde-spellchecker php-horde-stream  
php-horde-stream-filter php-horde-stream-wrapper php-horde-support  
php-horde-template
  php-horde-test 

Bug#867226: aptitude seems dependency problems when there are none

[Manuel A. Fernandez Montecelo]

Hi,

2017-07-04 23:24 Nikolaus Rath:


However, according to aptitude, there is something seriously wrong:

$ aptitude
# Select Actions -> Cancel pending actions


Note that the behaviour of this changed in the last few versions, 0.8
series I think, and that it doesn't cancel actions saved in previous
sessions.



This is annoying, because I would like to use aptitude to perform
some actions - yet there is no way to do so without making lots
of other changes to my system.


Looks to me that there are actions saved from previous sessions (e.g. an
upgrade of some packages, or request to install some new ones), and then
got stuck due to problems of interdependencies between packages
(e.g. the backports not able to link with some of the libraries; or
clang-3.5 from unstable not being compatible with libraries that need to
be installed).

If you still haven't found a solution by now, or in future situations,
you might want to try "aptitude keep-all" in the command line, or ":" in
the root of the trees in the UI, and then perform the actions that you
intended.

Other than that, I cannot see any indication that aptitude gets confused
with dependency problems per se, so I am not sure what you mean with the
title of the bug report, can you please clarify?


Cheers.
--
Manuel A. Fernandez Montecelo 

Bug#868553: or even 2.4

[Lee Garrett]

That's not quite related to the Debian package, but upstream always has the
development branch of the documentation up. So you will often see
documentation to module and features that aren't in the current stable
release. There have been some complaints about it to upstream, but it's
probably better to just be aware of that when reading the docs.

Regarding ansible 2.3.1 I've already updated it in the packaging git
repository, and there will be an upload to unstable in the next few days.

On 05/08/17 15:54, Geert Stappers wrote:
> 
> Hi,
> 
> While reading http://docs.ansible.com/ansible/latest/proxmox_module.html
> I saw "(added in 2.4)"
> 
> But currently no sign of 2.4 at https://github.com/ansible/ansible/releases
> 
>  
> Groeten
> Geert Stappers
> 

Bug#859780: debian-edu: remove education-lang-??-desktop-kde metapackages for Buster

[Petter Reinholdtsen]

I no longer remember the details, but I have vague memories of the idea
behind these tasks/metapackages being to have a mechanism to only install
the relevant KDE translation packages when installing KDE.  No idea if it
was ever done for all or any languages, but it seem like a good idea to
avoid having to pull in KDE translations when installing LXDE or XFCE. :)

Perhaps it is already solved some other way?  I do not know.  Perhaps something
to check out and verify before removing them?

-- 
Happy hacking
Petter Reinholdtsen

Bug#869766: kmix: output volume level from analogue input changes randomly

[Maximiliano Curia]

Control: block -1 by 674936

¡Hola Arthur!

This is a known issue, please disable the flat-volumes option in pulseaudio 
adding a line:

flat-volumes = no
to /etc/pulse/daemon.conf

Happy hacking,
--
"The cheapest, fastest and most reliable components of a computer system are
those that aren't there."
-- Gordon Bell
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Bug#870870: libxml2: CVE-2017-0663: Heap buffer overflow in xmlAddID

[Salvatore Bonaccorso]

Source: libxml2
Version: 2.9.1+dfsg1-5
Severity: important
Tags: patch security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=780228

Hi,

the following vulnerability was published for libxml2.

CVE-2017-0663[0]:
| A remote code execution vulnerability in libxml2 could enable an
| attacker using a specially crafted file to execute arbitrary code
| within the context of an unprivileged process. This issue is rated as
| High due to the possibility of remote code execution in an application
| that uses this library. Product: Android. Versions: 4.4.4, 5.0.2,
| 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-0663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
[1] https://bugzilla.gnome.org/show_bug.cgi?id=780228
[2] 
https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1462225
https://bugzilla.redhat.com/show_bug.cgi?id=1462225#c2
https://bugzilla.redhat.com/show_bug.cgi?id=1462225#c3
[4] https://bugzilla.novell.com/show_bug.cgi?id=1044337

Regards,
Salvatore

Bug#870869: Segfault during libc-l10n install on kirkwood (armel)

[Peter Mogensen]

Package: base-installer
Version: 1.169

While trying to install stretch on a QNAP 419PII, the installation 
consistently fails with a segfault in dpkg when it tries to install 
locales and libc-l10n.


I install using the method described here:
http://www.cyrius.com/debian/kirkwood/qnap/ts-41x/install/

Using the kernel-6282, (even though the kirkwood-qnap script can't 
auto-detect the right kernel version on a 419PII)


kernel/initrd md5sum:
e923a276eb14e6c5b58c283b30ea5d95  flash-debian
3bf2ade97a4ca7f853ff20a058313b17  initrd
286116d8b838ab5abfb069bc79f7cf09  kernel-6281
436b54c0d0299833c3ed58444c158fae  kernel-6282
6fb0e16e925c9412dc7f165477790304  model

I'm installating the root file system to an external USB3 disk using
manual install (to preserve my RAID system on the main disks)

System information:
===
# cat /proc/cpuinfo
processor   : 0
model name  : Feroceon 88FR131 rev 1 (v5l)
BogoMIPS: 1974.27
Features: swp half thumb fastmult edsp
CPU implementer : 0x56
CPU architecture: 5TE
CPU variant : 0x2
CPU part: 0x131
CPU revision: 1

Hardware: Marvell Kirkwood (Flattened Device Tree)
Revision: 
Serial  : 
=
# lspci -knn
00:01.0 PCI bridge [0604]: Marvell Technology Group Ltd. Device 
[11ab:6282] (rev 01)
00:02.0 PCI bridge [0604]: Marvell Technology Group Ltd. Device 
[11ab:6282] (rev 01)
01:00.0 SCSI storage controller [0100]: Marvell Technology Group Ltd. 
88SX7042 PCI-e 4-port SATA-II [11ab:7042] (rev 02)

Subsystem: Marvell Technology Group Ltd. Device [11ab:11ab]
Kernel driver in use: sata_mv
Kernel modules: sata_mv
02:00.0 USB controller [0c03]: Etron Technology, Inc. EJ168 USB 3.0 Host 
Controller [1b6f:7023] (rev 01)
Subsystem: Etron Technology, Inc. EJ168 USB 3.0 Host Controller 
[1b6f:7023]

Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci
=
# cat /sys/bus/soc/devices/soc0/family
Marvell
# cat /sys/bus/soc/devices/soc0/soc_id
6282
# cat /sys/bus/soc/devices/soc0/revision
1
=
/var/log/syslog of the install:
Aug  5 15:18:21 debootstrap: Creating /etc/network/interfaces.
Aug  5 15:18:22 debootstrap: Created symlink 
/etc/systemd/system/multi-user.target.wants/networking.service -> 
/lib/systemd/system/networking.service.
Aug  5 15:18:22 debootstrap: Created symlink 
/etc/systemd/system/network-online.target.wants/networking.service -> 
/lib/systemd/system/networking.service.

Aug  5 15:18:22 debootstrap: Setting up apt-utils (1.4.7) ...
Aug  5 15:18:22 debootstrap: Setting up debconf-i18n (1.5.61) ...
Aug  5 15:18:22 debootstrap: Setting up whiptail (0.52.19-1+b1) ...
Aug  5 15:18:22 debootstrap: Setting up gnupg (2.1.18-6) ...
Aug  5 15:18:22 debootstrap: Setting up libgnutls30:armel 
(3.5.8-5+deb9u2) ...

Aug  5 15:18:22 debootstrap: Setting up wget (1.18-5) ...
Aug  5 15:18:22 debootstrap: Setting up tasksel (3.39) ...
Aug  5 15:18:24 debootstrap: Setting up tasksel-data (3.39) ...
Aug  5 15:18:24 debootstrap: Processing triggers for libc-bin 
(2.24-11+deb9u1) ...
Aug  5 15:18:24 debootstrap: Processing triggers for systemd 
(232-25+deb9u1) ...
Aug  5 15:18:24 apt-install: Queueing package qcontrol for later 
installation
Aug  5 15:18:25 base-installer: Ign:1 http://ftp.dk.debian.org/debian 
stretch InRelease
Aug  5 15:18:25 base-installer: Hit:2 http://ftp.dk.debian.org/debian 
stretch Release
Aug  5 15:18:25 base-installer: Get:4 http://ftp.dk.debian.org/debian 
stretch/main Translation-en [5393 kB]

Aug  5 15:18:36 base-installer: Fetched 5393 kB in 11s (481 kB/s)
Aug  5 15:18:36 base-installer: Reading package lists...
Aug  5 15:18:45 base-installer:
Aug  5 15:18:48 in-target: Reading package lists...
Aug  5 15:18:48 in-target:
Aug  5 15:18:48 in-target: Building dependency tree...
Aug  5 15:18:49 in-target:
Aug  5 15:18:50 in-target: The following additional packages will be 
installed:

Aug  5 15:18:50 in-target:   libc-l10n
Aug  5 15:18:50 in-target: The following NEW packages will be installed:
Aug  5 15:18:50 in-target:   libc-l10n locales
Aug  5 15:18:50 in-target: 0 upgraded, 2 newly installed, 0 to remove 
and 0 not upgraded.

Aug  5 15:18:50 in-target: Need to get 4109 kB of archives.
Aug  5 15:18:50 in-target: After this operation, 13.8 MB of additional 
disk space will be used.
Aug  5 15:18:50 in-target: Get:1 http://ftp.dk.debian.org/debian 
stretch/main armel libc-l10n all 2.24-11+deb9u1 [820 kB]
Aug  5 15:18:50 in-target: Get:2 http://ftp.dk.debian.org/debian 
stretch/main armel locales all 2.24-11+deb9u1 [3290 kB]

Aug  5 15:18:53 in-target: Preconfiguring packages ...
Aug  5 15:18:53 in-target: Fetched 4109 kB in 0s (4657 kB/s)
Aug  5 15:18:53 in-target: Selecting previously unselected 

Bug#870868: minidlna - new rescan functionality is not documented/used

[H.-Dirk Schmitt]

Package: minidlna
Version: 1.2.0+dfsg-1


In minidlna 1.2 the new rescan functionality is available, which helps to avoid
a long running rebuild of the database.
E.g. on my system it takes several hours to do a full rebuild.

The rescan functionality is enabled with the '-r' command line argument.

This is not documented in the 'man 1 minidlnad' man page.

My advice is to enable it as default in '/etc/default/minidlna'
  # Additional options that are passed to the daemon
  DAEMON_OPTS="-r"

Bug#870867: libxml2: CVE-2017-7375: Missing validation for external entities in xmlParsePEReference

[Salvatore Bonaccorso]

Source: libxml2
Version: 2.9.1+dfsg1-5
Severity: important
Tags: patch upstream security

Hi,

the following vulnerability was published for libxml2.

CVE-2017-7375[0]:
Missing validation for external entities in xmlParsePEReference

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
[1] https://bugzilla.gnome.org/show_bug.cgi?id=780691
[2] 
https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1462203
[4] https://bugzilla.novell.com/show_bug.cgi?id=1044894

Regards,
Salvatore

Bug#870866: dvd+rw-tools FTCBFS: uses the build architecture compiler

[Helmut Grohne]

Source: dvd+rw-tools
Version: 7.1-11.1
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

dvd+rw-tools fails to cross build from source, because it uses the build
architecture compiler. Indirecting the explicit $(MAKE) invocations
through dh_auto_build fixes that as debhelper knows how to pass cross
compilers to $(MAKE). Please consider applying the attached patch.

Helmut
diff --minimal -Nru dvd+rw-tools-7.1/debian/changelog 
dvd+rw-tools-7.1/debian/changelog
--- dvd+rw-tools-7.1/debian/changelog   2016-11-11 16:11:36.0 +0100
+++ dvd+rw-tools-7.1/debian/changelog   2017-08-05 22:35:26.0 +0200
@@ -1,3 +1,11 @@
+dvd+rw-tools (7.1-11.2) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Let dh_auto_build pass cross compilers to $(MAKE). Closes:
+#-1.
+
+ -- Helmut Grohne   Sat, 05 Aug 2017 22:35:26 +0200
+
 dvd+rw-tools (7.1-11.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --minimal -Nru dvd+rw-tools-7.1/debian/rules dvd+rw-tools-7.1/debian/rules
--- dvd+rw-tools-7.1/debian/rules   2016-11-11 16:09:42.0 +0100
+++ dvd+rw-tools-7.1/debian/rules   2017-08-05 22:35:20.0 +0200
@@ -14,9 +14,9 @@
 build-stamp:
dh_testdir
 
-   CFLAGS="$(CFLAGS)" $(MAKE) WARN=-DI_KNOW_ALL_ABOUT_SUDO
-   CFLAGS="$(CFLAGS)" $(MAKE) +btcflash
-   CFLAGS="$(CFLAGS)" $(MAKE) rpl8
+   CFLAGS="$(CFLAGS)" dh_auto_build -- WARN=-DI_KNOW_ALL_ABOUT_SUDO
+   CFLAGS="$(CFLAGS)" dh_auto_build -- +btcflash
+   CFLAGS="$(CFLAGS)" dh_auto_build -- rpl8
sed -n "/^%changelog$$/,$$ p" dvd+rw-tools.spec > ChangeLog
 
touch $@

Bug#870865: libxml2: CVE-2017-7376: Incorrect limit used for port values

[Salvatore Bonaccorso]

Source: libxml2
Version: 2.9.1+dfsg1-5
Severity: important
Tags: upstream security
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=780690

Hi,

the following vulnerability was published for libxml2.

CVE-2017-7376[0]:
Incorrect limit used for port values

Note though that a concern was raised in for the upstrem commit [4],
that a negative port in the URL would make the URL invalid. The
upstream bug is not yet opened.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
[1] https://bugzilla.gnome.org/show_bug.cgi?id=780690
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1462216
[3] https://bugzilla.novell.com/show_bug.cgi?id=1044887
[4] 
https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#870864: bmon FTCBFS: uses the build architecture pkg-config

[Helmut Grohne]

Source: bmon
Version: 1:4.0-4
Tags: upstream patch
User: helm...@debian.org
Usertags: rebootstrap

bmon fails to cross build from source, because it uses the build
architecture pkg-config. After switching detection to
PKG_PROG_PKG_CONFIG (which considers $ac_tool_prefix), cross builds
succeed. Please consider applying the attached patch.

Helmut
diff --minimal -Nru bmon-4.0/debian/changelog bmon-4.0/debian/changelog
--- bmon-4.0/debian/changelog   2017-07-03 09:26:55.0 +0200
+++ bmon-4.0/debian/changelog   2017-08-05 22:28:30.0 +0200
@@ -1,3 +1,10 @@
+bmon (1:4.0-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Add cross.patch (Closes: #-1)
+
+ -- Helmut Grohne   Sat, 05 Aug 2017 22:28:30 +0200
+
 bmon (1:4.0-4) unstable; urgency=low
 
   * Remove patch 02-hurd-ftbfs again. hurd misses some functions required by
diff --minimal -Nru bmon-4.0/debian/patches/cross.diff 
bmon-4.0/debian/patches/cross.diff
--- bmon-4.0/debian/patches/cross.diff  1970-01-01 01:00:00.0 +0100
+++ bmon-4.0/debian/patches/cross.diff  2017-08-05 22:28:30.0 +0200
@@ -0,0 +1,18 @@
+From: Helmut Grohne 
+Subject: consider $ac_tool_prefix for pkg-config
+
+Index: bmon-4.0/configure.ac
+===
+--- bmon-4.0.orig/configure.ac
 bmon-4.0/configure.ac
+@@ -62,8 +62,8 @@
+ AC_CHECK_FUNCS(strchr strdup strerror strncasecmp strstr strtol)
+ AC_CHECK_FUNCS(uname getdate)
+ 
+-AC_PATH_PROG([PKG_CONFIG], [pkg-config], [no])
+-AS_IF([test "x$PKG_CONFIG" = "xno"],[
++PKG_PROG_PKG_CONFIG
++AS_IF([test "x$PKG_CONFIG" = "x"],[
+AC_MSG_ERROR([
+   *** The pkg-config script could not be found. Make sure it is
+   *** in your path, or set the PKG_CONFIG environment variable
diff --minimal -Nru bmon-4.0/debian/patches/series 
bmon-4.0/debian/patches/series
--- bmon-4.0/debian/patches/series  2017-07-03 09:26:55.0 +0200
+++ bmon-4.0/debian/patches/series  2017-08-05 22:28:30.0 +0200
@@ -1 +1,2 @@
 01-bsd-ftbfs.diff
+cross.diff

Bug#870863: Incorrect character widths in M+ 2m

[Sam Dukhovni]

Package: fonts-mplus
Version: 062-1

My terminal refuses to display the characters 'B', 'D', 'P', 'R', and
'y' in M+ 2m, and uses a fallback font for those characters.
Examining the font file with xfd, the affected characters have width
16, while all the other printable ASCII characters have width 8.

Bug#870862: directfb FTCBFS: configure: error: Could not find a directfb-csource in your PATH

[Helmut Grohne]

Source: directfb
Version: 1.2.10.0-9
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

directfb fails to cross build from source:

| checking for directfb-csource... no
| configure: error: Could not find a directfb-csource in your PATH

It seems that for cross builds directfb expects to be able to run a
system-provided directfb-csource. That lives in libdirectfb-bin. So
directfb is missing a cross-specific dependency on libdirectfb-bin.
Since it wants to run directfb-csource, it needs to be installed for the
build architecture. That can be achieved by either marking the
libdirectfb-bin dependency with :native or by marking libdirectfb-bin
Multi-Arch: foreign. I think the latter is appropriate here, because
libdirectfb-bin contains only command line utilities. As far as I
understand their behaviour does not depend on the architecture of the
package. If that statement is wrong, it must not be marked M-A:foreign.
Please consider applying the attached patch after verifying that
M-A:foreign is indeed correct on libdirectfb-bin.

Helmut
diff --minimal -Nru directfb-1.2.10.0/debian/changelog 
directfb-1.2.10.0/debian/changelog
--- directfb-1.2.10.0/debian/changelog  2017-01-30 20:56:58.0 +0100
+++ directfb-1.2.10.0/debian/changelog  2017-08-05 22:10:01.0 +0200
@@ -1,3 +1,12 @@
+directfb (1.2.10.0-9.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: (Closes: #-1)
++ Add missing cross build dependency on libdirectfb-bin.
++ Mark libdirectfb-bin Multi-Arch: foreign.
+
+ -- Helmut Grohne   Sat, 05 Aug 2017 22:10:01 +0200
+
 directfb (1.2.10.0-9) unstable; urgency=medium
 
   * debian/libdirectfb-1.2-9.install: Fix architecture-based filter to
diff --minimal -Nru directfb-1.2.10.0/debian/control 
directfb-1.2.10.0/debian/control
--- directfb-1.2.10.0/debian/control2017-01-30 20:53:05.0 +0100
+++ directfb-1.2.10.0/debian/control2017-08-05 22:10:01.0 +0200
@@ -6,6 +6,7 @@
 Build-Depends:
  debhelper (>= 10),
  dh-exec,
+ libdirectfb-bin ,
  libfreetype6-dev,
  libgl1-mesa-dev,
  libjpeg-dev,
@@ -61,6 +62,7 @@
 
 Package: libdirectfb-bin
 Architecture: any
+Multi-Arch: foreign
 Depends:
  ${misc:Depends},
  ${shlibs:Depends}

Bug#870672: cdimage.debian.org: Cannot install packages from update DVD for Stretch 9.1.0

[Nicholas Dreyer]

On Sat, 5 Aug 2017 20:57:04 +0100 Steve McIntyre <st...@einval.com>
wrote:
> [ Hint: Please CC 870...@bugs.debian.org so that other people can see
>   responses in tbe BTS too... ]

Sorry, I failed to because I somehow erroneously thought you had
replied to me privately.  Am attaching (again) the logs I sent to you
before, hoping they will be visible to all.  Will see soon enough . . .Reading package lists...
Building dependency tree...
Reading state information...
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 0 B/1,263 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 cdrom://[Debian GNU/Linux 9.1.1 Update DVD 20170805: i386 DVD 1] stretch/main i386 apt i386 1.4.7 [1,263 kB]
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 145357 files and directories currently installed.)
Preparing to unpack .../main/a/apt/apt_1.4.7_i386.deb ...
Unpacking apt (1.4.7) over (1.4.7) ...
Setting up apt (1.4.7) ...
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Ign:1 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-1 20170617-14:24] stretch InRelease
Ign:2 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch InRelease
Ign:3 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-3 20170617-14:24] stretch InRelease
Ign:4 cdrom://[Debian GNU/Linux 9.1.1 Update DVD 20170805: i386 DVD 1] stretch InRelease
Ign:5 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-1 20170617-14:24] stretch Release
Ign:6 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch Release
Ign:7 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-3 20170617-14:24] stretch Release
Ign:8 cdrom://[Debian GNU/Linux 9.1.1 Update DVD 20170805: i386 DVD 1] stretch Release
Hit:9 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-1 20170617-14:24] stretch/main i386 Packages
Ign:10 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-1 20170617-14:24] stretch/main all Packages
Ign:11 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-1 20170617-14:24] stretch/main Translation-en_US
Hit:12 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-1 20170617-14:24] stretch/main Translation-en
Hit:13 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/contrib i386 Packages
Ign:14 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/contrib all Packages
Ign:15 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/contrib Translation-en_US
Hit:16 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/contrib Translation-en
Ign:9 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-1 20170617-14:24] stretch/main i386 Packages
Hit:17 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/main i386 Packages
Ign:12 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-1 20170617-14:24] stretch/main Translation-en
Ign:18 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/main all Packages
Ign:13 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/contrib i386 Packages
Ign:19 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/main Translation-en_US
Ign:16 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/contrib Translation-en
Hit:20 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/main Translation-en
Ign:17 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/main i386 Packages
Ign:21 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-3 20170617-14:24] stretch/contrib all Packages
Ign:20 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-2 20170617-14:24] stretch/main Translation-en
Hit:22 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-3 20170617-14:24] stretch/contrib i386 Packages
Ign:22 cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official i386 DVD Binary-3 20

Bug#798476: Returning to the requirement that Uploaders: contain humans

[gregor herrmann]

On Sat, 05 Aug 2017 21:20:37 +0200, Ole Streicher wrote:

> > So far I've seen mostly voices from people working in teams in this
> > thread who are in favour of dropping the required Uploaders field.
> So, if you want to count votes: I am working in teams (mainly Debian
> Astro), and I would favour keeping it -- 

Perfectly fine, thanks for adding your point of view.

(And just to be sure: The proposal is not to forbid or drop the
field, just to make it optional instead of required for teams, so
each team would be free to keep it and use it according to their
policy and needs.)


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#798476: Returning to the requirement that Uploaders: contain humans

[Ole Streicher]

gregor herrmann  writes:
> On Sat, 05 Aug 2017 21:39:40 +0300, Adrian Bunk wrote:
>
>> Regarding the first point, most large teams do have have the concept of 
>> package ownership inside the team. 
>
> Maybe, maybe not.
> So far I've seen mostly voices from people working in teams in this
> thread who are in favour of dropping the required Uploaders field.

So, if you want to count votes: I am working in teams (mainly Debian
Astro), and I would favour keeping it -- exactly for the reasons Adrian
wrote: In Debian Astro, most packages are practically maintained by 
a single person, who should also feel responsible. Team maintenance at
this stage gives the possibility to contribute to the git repository,
and to ease "NMU"s. d/changelog is not the proper solution, since it
contains the person who did the last upload, independent of whether it
was a team upload or a take-over. And incrementally investigating
d/changelog to find the last non-team-upload (which also may be done by
mistake) does not sound very smart.

There is the concept of "people feeling responsible for a
team-maintained package" which is not identical to the team itself. This
difference should be documented, and since it is the same kind of
information as the original Maintainer: field, I see no reason to put it
into a different place.

Best regards

Ole




signature.asc
Description: Digital Signature

Bug#857758: [PKG-IRC-Maintainers] Bug#857758: inspircd writes everything to logfile twice with default configuration

[Christoph Biedl]

tags 857758 confirmed patch
thanks

Daniel Haid wrote...

> the default configuration gives inspircd a --logfile argument
> in addition to the  section in the config file, which leads
> to everything being logged twice.

Seems removing the explicit --logfile from the command line (both in
.init and .service) is a bad idea: inspircd would want to write to an
inaccessible file then, I gave up since adding --log-dir to ./configure
isn't sufficient.

So it seems easier to remove that from the configuration:

--- a/debian/inspircd.conf
+++ b/debian/inspircd.conf
@@ -94,11 +94,6 @@
  somaxconn="128"
  netbuffersize="10240">
 
-
-
 

At a first glance, this does the right thing. But might result in other
surprises.

Christoph


signature.asc
Description: Digital signature

Bug#855118: wrk: only loops and burns CPU

[Robert Edmonds]

Christos Trochalakis wrote:
> I plan to upload it as an nmu on Monday unless Robert wants to prepare
> the upload himself. I have just pushed those fixes to the packaging repo
> (nmu branch).
> 
> https://anonscm.debian.org/cgit/collab-maint/wrk.git/log/?h=nmu

Thanks, just uploaded these changes as 4.0.2-2.

-- 
Robert Edmonds
edmo...@debian.org

Bug#870861: polari FTBFS: test failure

[Adrian Bunk]

Source: polari
Version: 3.22.2-1
Severity: serious
Tags: buster sid

Some recent change in unstable makes polari FTBFS:

https://tests.reproducible-builds.org/debian/history/polari.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/polari.html

...
   dh_auto_test
make -j16 check VERBOSE=1
make[1]: Entering directory '/build/1st/polari-3.22.2'
Making check in src
make[2]: Entering directory '/build/1st/polari-3.22.2/src'
make[2]: Nothing to be done for 'check'.
make[2]: Leaving directory '/build/1st/polari-3.22.2/src'
Making check in data
make[2]: Entering directory '/build/1st/polari-3.22.2/data'
Making check in appdata
make[3]: Entering directory '/build/1st/polari-3.22.2/data/appdata'
/usr/bin/msgfmt --xml --template org.gnome.Polari.appdata.xml.in -d ../../po -o 
org.gnome.Polari.appdata.xml
if test -f "org.gnome.Polari.appdata.xml"; then d=; else d="./"; fi; \
if test -n "/usr/bin/appstream-util"; \
then /usr/bin/appstream-util --nonet validate 
${d}org.gnome.Polari.appdata.xml; fi \
&& touch org.gnome.Polari.appdata.valid
org.gnome.Polari.appdata.xml: 
(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.

(appstream-util:23509): dconf-CRITICAL **: unable to create directory 
'/nonexistent/first-build/.cache/dconf': Permission denied.  dconf will not 
work properly.
FAILED:
? attribute-invalid :  is invalid [HighContast]
Validation of files failed
Makefile:513: recipe for target 'org.gnome.Polari.appdata.valid' failed
make[3]: *** [org.gnome.Polari.appdata.valid] Error 1
make[3]: Leaving directory '/build/1st/polari-3.22.2/data/appdata'
Makefile:563: recipe for target 'check-recursive' failed
make[2]: *** [check-recursive] Error 1
make[2]: Leaving directory '/build/1st/polari-3.22.2/data'
Makefile:463: recipe for target 'check-recursive' failed
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory '/build/1st/polari-3.22.2'
dh_auto_test: make -j16 check VERBOSE=1 returned exit code 2
debian/rules:9: recipe for target 'build' failed
make: *** [build] Error 2

Bug#870672: cdimage.debian.org: Cannot install packages from update DVD for Stretch 9.1.0

[Steve McIntyre]

[ Hint: Please CC 870...@bugs.debian.org so that other people can see
  responses in tbe BTS too... ]

On Sat, Aug 05, 2017 at 12:47:01PM -0700, Nicholas Dreyer wrote:
>Hi Steve:
>
>Your fix looks good for the i386 test I just did, the details of which
>are attached.

Cool, thanks for verifying!

>I do not understand the (apparently bogus) warnings about non-existent
>Release files, but they do not seem represent any real trouble.

ACK. AFAICS that's most likely due to the DVDs not including
signatures. That's a separate issue and a much harder change...

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Google-bait:   http://www.debian.org/CD/free-linux-cd
  Debian does NOT ship free CDs. Please do NOT contact the mailing
  lists asking us to send them to you.

Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114

[Salvatore Bonaccorso]

Source: openjfx
Version: 8u131-b11-1
Severity: grave
Tags: upstream security

Hi,

the following vulnerabilities were published for openjfx.

CVE-2017-10086[0] and CVE-2017-10114[1].

Unfortunately it's no more details possilby know as shared via [2],
which states that the supported versions vulnerable are 7u141 and
8u131. The severity is probably as well overrated for this bugreport
and a DSA not deserved. But bug should help tracking the fix for
future unstable upload.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-10086
[1] https://security-tracker.debian.org/tracker/CVE-2017-10114
[2] 
http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#867641: More information needed?

[Brad Spencer]

Please let me know if any more information is needed about this bug 
report or how I can help resolve it.  Thanks.


--
Brad Spencer

Bug#870859: jaaa FTCBFS: hardcodes the build architecture compiler in one place

[Helmut Grohne]

Source: jaaa
Version: 0.8.4-3
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

jaaa fails to cross build from source, because its final link step hard
codes the build architecture compiler (g++) in the upstream build
system. After making that substitutable, it cross builds successfully.
Please consider applying the attached patch.

Helmut
diff --minimal -Nru jaaa-0.8.4/debian/changelog jaaa-0.8.4/debian/changelog
--- jaaa-0.8.4/debian/changelog 2016-12-22 13:52:44.0 +0100
+++ jaaa-0.8.4/debian/changelog 2017-08-05 21:53:50.0 +0200
@@ -1,3 +1,10 @@
+jaaa (0.8.4-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Do not hard code g++. (Closes: #-1)
+
+ -- Helmut Grohne   Sat, 05 Aug 2017 21:53:50 +0200
+
 jaaa (0.8.4-3) unstable; urgency=medium
 
   * Set dh 10.
diff --minimal -Nru jaaa-0.8.4/debian/patches/jaaa-rzr.patch 
jaaa-0.8.4/debian/patches/jaaa-rzr.patch
--- jaaa-0.8.4/debian/patches/jaaa-rzr.patch2013-08-12 21:34:53.0 
+0200
+++ jaaa-0.8.4/debian/patches/jaaa-rzr.patch2017-08-05 21:53:31.0 
+0200
@@ -4,11 +4,11 @@
  Makefile |   10 +-
  1 file changed, 5 insertions(+), 5 deletions(-)
 
 Index: jaaa/source/Makefile
 ===
 --- jaaa.orig/source/Makefile  2013-08-07 13:38:13.937342777 +0200
 +++ jaaa/source/Makefile   2013-08-07 14:01:17.176201895 +0200
-@@ -19,13 +19,13 @@
+@@ -19,26 +19,27 @@
  #  --
  
  
@@ -25,7 +25,14 @@
  LDFLAGS += -L/usr/X11R6/$(LIBDIR)
  LDLIBS += -lzita-alsa-pcmi -lclthreads -lclxclient -lpthread -lfftw3f -ljack 
-lasound -lpthread -lXft -lX11 -lrt
  
-@@ -39,6 +39,7 @@
+ 
+ JAAA_O = jaaa.o styles.o spectwin.o audio.o rngen.o
+ jaaa: $(JAAA_O)
+-  g++ $(LDFLAGS) -o $@ $(JAAA_O) $(LDLIBS)
++  $(CXX) $(LDFLAGS) -o $@ $(JAAA_O) $(LDLIBS)
+ 
+ $(JAAA_O):
+ -include $(JAAA_O:%.o=%.d)
  
  
  install:  jaaa

Bug#868553: or even 2.4

[Geert Stappers]

Hi,

While reading http://docs.ansible.com/ansible/latest/proxmox_module.html
I saw "(added in 2.4)"

But currently no sign of 2.4 at https://github.com/ansible/ansible/releases

 
Groeten
Geert Stappers
-- 
Leven en laten leven

Bug#859606: RFS: gnome-shell-extension-tilix-dropdown/5-1 ITP: 858259 -- launch tilix in quake-mode from gnome-shell

[Al Nikolov]

Hi Jonathan.

As for:

Version:    5-1
Uploaded:   2017-04-06 17:15

* schemas

- The upstream tarball contains a build artifact (`gschemas.compiled`)
which you shall remove from the original package and generally work
with the upstream about, so that it would not be published.

- The ideal install location for schemas is `usr/share/glib-
2.0/schemas`. The package `libglib2.0-0` installs a File trigger and
will compile `gschemas.compiled` automatically, so you don't have to do
it on your own, or build-depending on `libglib2.0-bin`.

- You should recommend `gnome-tweak-tool`.

Apart from that, looks sane.


signature.asc
Description: This is a digitally signed message part

Bug#870858: inspircd: Optionally disable colors in output

[Christoph Biedl]

Source: inspircd
Version: 2.0.23-2
Severity: wishlist
Tags: upstream

Dear Maintainer,

it seems inspircd unconditionally prints colored messages upon startup,
creating lines like

| #033[1;32mInspire Internet Relay Chat Server#033[0m

in the log files. While purely cosmetical, it was nice if this could be
disabled. As far as I understand the source code, there is no option yet
to achive that.

Cheers,
Christoph



signature.asc
Description: Digital signature

Bug#870856: soundtouch: CVE-2017-9259

[Salvatore Bonaccorso]

Source: soundtouch
Version: 1.9.2-2
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for soundtouch.

CVE-2017-9259[0]:
| The TDStretch::acceptNewOverlapLength function in
| source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote
| attackers to cause a denial of service (memory allocation error and
| application crash) via a crafted wav file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9259

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#870857: soundtouch: CVE-2017-9260

[Salvatore Bonaccorso]

Source: soundtouch
Version: 1.9.2-2
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for soundtouch.

CVE-2017-9260[0]:
| The TDStretchSSE::calcCrossCorr function in
| source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote
| attackers to cause a denial of service (heap-based buffer over-read and
| application crash) via a crafted wav file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9260

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#870855: itop FTCBFS: uses the build architecture compiler and strip

[Helmut Grohne]

Source: itop
Version: 0.1-4
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

itop fails to cross build from source, because it uses the build
architecture compiler and strips during build with the build
architecture strip. The host architecture compiler can be supplied by
dh_auto_build to $(MAKE) and stripping should be deferred to dh_strip to
get reasonable -dbgsym packages. After fixing both, itop cross builds
successfully. Please consider applying the attached patch.

Helmut
diff -u itop-0.1/debian/rules itop-0.1/debian/rules
--- itop-0.1/debian/rules
+++ itop-0.1/debian/rules
@@ -17,7 +17,7 @@
 
 build-stamp: configure-stamp 
dh_testdir
-   $(MAKE)
+   dh_auto_build
touch $@
 
 clean:
diff -u itop-0.1/debian/changelog itop-0.1/debian/changelog
--- itop-0.1/debian/changelog
+++ itop-0.1/debian/changelog
@@ -1,3 +1,12 @@
+itop (0.1-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: (Closes: #-1)
++ Let dh_auto_build pass cross compilers to $(MAKE).
++ Do not strip during build.
+
+ -- Helmut Grohne   Sat, 05 Aug 2017 21:40:49 +0200
+
 itop (0.1-4) unstable; urgency=low
 
   * Removed debian/docs, hello Ubuntu! (Closes: #489956)
diff -u itop-0.1/debian/control itop-0.1/debian/control
--- itop-0.1/debian/control
+++ itop-0.1/debian/control
@@ -2,7 +2,7 @@
 Section: admin
 Priority: extra
 Maintainer: Jose Parrella 
-Build-Depends: debhelper (>= 5)
+Build-Depends: debhelper (>= 7)
 Standards-Version: 3.8.0
 Homepage: http://www.hunz.org/
 
only in patch2:
unchanged:
--- itop-0.1.orig/src/Makefile
+++ itop-0.1/src/Makefile
@@ -4,7 +4,6 @@
 
 itop: itop.c
$(CC) -o itop itop.c
-   strip itop
 
 clean:
rm -f itop *.o *~

Bug#870854: soundtouch: CVE-2017-9258

[Salvatore Bonaccorso]

Source: soundtouch
Version: 1.9.2-2
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for soundtouch. There is as
well CVE-2017-9259 and CVE-2017-9260, but since I have not verified if
the issues are all commont back to jessie, fill individual bugs. OTOH
I do not think they deserve a DSA, let us know though if you disagree.

CVE-2017-9258[0]:
| The TDStretch::processSamples function in
| source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote
| attackers to cause a denial of service (infinite loop and CPU
| consumption) via a crafted wav file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9258

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#860396: retitle mozjs38 ITP to mozjs52

[Jeremy Bicha]

On Sat, Aug 5, 2017 at 3:31 PM, Maximiliano Curia
 wrote:
> I'm also interested in a newer version of mozjs (for cinnamon), please let
> me know if you need a hand packaging it (and/or if you are at DebConf).

Hi, I'm not at DebConf, but others from the Debian GNOME team are.

Packaging of mozjs52 is already done at
https://anonscm.debian.org/git/pkg-gnome/mozjs52.git

Jordi sponsored it into the new queue. Hopefully, it won't take long
too there because it's required to get a newer gnome-shell.

Maybe Cinnamon will be able to follow GNOME to port to mozjs52 soon?

The Debian GNOME team isn't interested in uploading mozjs38, but the
packaging is in the mozjs38.git repo if you need it (it was needed for
Ubuntu 17.04).

Thanks,
Jeremy Bicha

Bug#870852: rubocop: CVE-2017-8418

[Salvatore Bonaccorso]

Source: rubocop
Version: 0.48.1+dfsg-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/bbatsov/rubocop/issues/4336

Hi,

the following vulnerability was published for rubocop.

CVE-2017-8418[0]:
| RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing
| local users to exploit this to tamper with cache files belonging to
| other users.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8418
[1] https://github.com/bbatsov/rubocop/issues/4336

Regards,
Salvatore

Bug#870851: inspircd: Misleading default motd

[Christoph Biedl]

Source: inspircd
Version: 2.0.23-2
Severity: minor
Tags: patch

Dear Maintainer,

the shipped motd file contains a recommendation to edit the file that
contains this very message. Unfortunately, the file name isn't correct.
Trival patch below.

Cheers,

Christoph

--- a/debian/inspircd.motd
+++ b/debian/inspircd.motd
@@ -1 +1 @@
-Please edit /etc/inspircd/motd
+Please edit /etc/inspircd/inspircd.motd



signature.asc
Description: Digital signature

Bug#870853: captures unqualified compiler in tclConfig.sh variable TCL_CC

[Helmut Grohne]

Package: tcl8.6-dev
Version: 8.6.6+dfsg-1
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap
Control: affects -1 + src:tcl-signal

The build of tcl8.6 captures the ./configure detected CC into a variable
TCL_CC stored in tclConfig.sh in tcl8.6-dev. Other packages end up
sourcing that file in ./configure and use TCL_CC for building (e.g.
tcl-signal). Since tcl8.6-dev uses "gcc" (i.e. the build architecture
compiler), such packages fail to cross build. tclConfig.sh (being an
architecture dependent file) should use an architecture-qualified
compiler, i.e. one with the host architecture prefix. The attached patch
ensures that tcl8.6's ./configure uses such a qualified CC. Please
consider applying it.

Helmut
diff --minimal -Nru tcl8.6-8.6.6+dfsg/debian/changelog 
tcl8.6-8.6.6+dfsg/debian/changelog
--- tcl8.6-8.6.6+dfsg/debian/changelog  2016-07-28 05:15:50.0 +0200
+++ tcl8.6-8.6.6+dfsg/debian/changelog  2017-08-05 21:30:21.0 +0200
@@ -1,3 +1,10 @@
+tcl8.6 (8.6.6+dfsg-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Arch-qualify TCL_CC. (closes: #-1)
+
+ -- Helmut Grohne   Sat, 05 Aug 2017 21:30:21 +0200
+
 tcl8.6 (8.6.6+dfsg-1) unstable; urgency=medium
 
   * New upstream release.
diff --minimal -Nru tcl8.6-8.6.6+dfsg/debian/rules 
tcl8.6-8.6.6+dfsg/debian/rules
--- tcl8.6-8.6.6+dfsg/debian/rules  2016-07-28 05:05:40.0 +0200
+++ tcl8.6-8.6.6+dfsg/debian/rules  2017-08-05 21:30:16.0 +0200
@@ -10,6 +10,10 @@
 LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
 export LDFLAGS
 
+ifeq ($(origin CC),default)
+CC = $(DEB_HOST_GNU_TYPE)-gcc
+endif
+
 ifeq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
 # See bug #446335 for -fno-unit-at-a-time
 ifeq ($(DEB_HOST_ARCH), hppa)
@@ -33,6 +37,7 @@
TCL_PACKAGE_PATH="/usr/local/lib/tcltk /usr/local/share/tcltk \
  /usr/lib/tcltk/$(DEB_HOST_MULTIARCH) /usr/lib/tcltk 
/usr/share/tcltk \
  /usr/lib/tcltk/tcl$(v) /usr/lib" \
+   CC="$(CC)" \
CFLAGS="$(CFLAGS)" \
CPPFLAGS="$(CPPFLAGS)" \
TCL_SHLIB_LD_EXTRAS="-Wl,-soname,\$${TCL_LIB_FILE}" \

Bug#860396: retitle mozjs38 ITP to mozjs52

[Maximiliano Curia]

¡Hola Jeremy!

El 2017-08-04 a las 21:35 -0400, Jeremy Bicha escribió:

Control: retitle -1 ITP: mozjs52 -- SpiderMonkey JavaScript library


The Debian GNOME team is skipping mozjs38 and going straight to 
mozjs52. mozjs52 is part of GNOME 3.26 and is the JavaScript engine 
from Firefox 52 ESR, the only ESR supported at this time.



The packaging is derived from Debian's mozjs24 packaging.


The debian/copyright is from Firefox but with parts that don't apply 
to this smaller source package removed.


I'm also interested in a newer version of mozjs (for cinnamon), please let me 
know if you need a hand packaging it (and/or if you are at DebConf).


Happy hacking,
--
"There are two major products that come out of Berkeley: LSD and BSD.
We don't believe this to be a coincidence."
-- Jeremy S. Anderson
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Bug#870850: ruby-pkg-config FTBFS: Failure: test_libs_only_l(PkgConfigTest)

[Adrian Bunk]

Source: ruby-pkg-config
Version: 1.2.3-2
Severity: serious

Some recent change in unstable makes ruby-pkg-config FTBFS:

https://tests.reproducible-builds.org/debian/history/ruby-pkg-config.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ruby-pkg-config.html

...
┌──┐
│ Run tests for ruby2.3 from debian/ruby-tests.rb  │
└──┘

RUBYLIB=/build/1st/ruby-pkg-config-1.2.3/debian/ruby-pkg-config/usr/lib/ruby/vendor_ruby:.
 
GEM_PATH=debian/ruby-pkg-config/usr/share/rubygems-integration/all:/var/lib/gems/2.3.0:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.3.0:/usr/share/rubygems-integration/2.3.0:/usr/share/rubygems-integration/all
 ruby2.3 debian/ruby-tests.rb
Loaded suite debian/ruby-tests
Started
Did not match, retry with sorting
.Did not match, retry with sorting
F
===
Failure: test_libs_only_l(PkgConfigTest)
/build/1st/ruby-pkg-config-1.2.3/test/test_pkg_config.rb:50:in 
`test_libs_only_l'
 47: result = pkg_config("cairo-png", "--libs-only-l")
 48: msvc_result = result.gsub(/-l(cairo|png[0-9]+)\b/, '\1.lib')
 49: assert_not_equal(msvc_result, result)
  => 50: assert_equal(msvc_result, @cairo_png.libs_only_l)
 51:   end
 52: 
 53:   def test_libs_only_L
<"cairo.lib png16.lib -lz">(US-ASCII) expected but was
<"cairo.lib png16.lib z.lib">(UTF-8)

diff:
? cairo.lib png16.lib - lz 
? z. ib
  
? Encoding: US -ASCII
?TF 8
===
.

Finished in 11.707630081 seconds.
--
11 tests, 30 assertions, 1 failures, 0 errors, 0 pendings, 0 omissions, 0 
notifications
90.9091% passed
--
0.94 tests/s, 2.56 assertions/s
ERROR: Test "ruby2.3" failed. Exiting.
dh_auto_install: dh_ruby --install 
/build/1st/ruby-pkg-config-1.2.3/debian/ruby-pkg-config returned exit code 1
debian/rules:15: recipe for target 'binary' failed
make: *** [binary] Error 1

Bug#870849: ruby-kramdown-rfc2629 FTBFS with ruby-kramdown 1.14.0-1

[Adrian Bunk]

Source: ruby-kramdown-rfc2629
Version: 1.0.36-1
Severity: serious
Tags: buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ruby-kramdown-rfc2629.html

...
GEM_PATH=debian/ruby-kramdown-rfc2629/usr/share/rubygems-integration/all:/var/lib/gems/2.3.0:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.3.0:/usr/share/rubygems-integration/2.3.0:/usr/share/rubygems-integration/all
 ruby2.3 -e gem\ \"kramdown-rfc2629\"
/usr/lib/ruby/2.3.0/rubygems/dependency.rb:319:in `to_specs': Could not find 
'kramdown' (~> 1.12.0) - did find: [kramdown-1.14.0] (Gem::LoadError)
...

Bug#870772: libgsl misses some breaks/replaces

[Dirk Eddelbuettel]

On 5 August 2017 at 06:49, Dirk Eddelbuettel wrote:
| On 5 August 2017 at 12:35, Guillem Jover wrote:
| | Strictly speaking, libgslcblas does have a SONAME:
| | 
| |   $ objdump -p /usr/lib/x86_64-linux-gnu/libgslcblas.so.0 | grep SONAME
| | SONAME   libgslcblas.so.0
| | 
| | which means to me that it should guarantee some ABI stability,
| 
| Yes. I have never seen it change its soname in all these years.
| 
| | otherwise this library should become a private library by using RPATH,
| | or be folded into the main libgsl library?
| | 
| | And IMO, splitting this library appears as the only correct solution
| | here, because:
| | 
| |   - Both shared libraries have different SONAMEs that's (I'm assuming)
| | why you've had to keep adding Replaces against the old packages when
| | bumping the SONAME for the main library.
| |   - This causes transition problems, as both old and new main library
| | packages cannot be installed at the same time, even though by
| | themselves alone there would be no filesystem conflicts. Which in
| | turn means we cannot have a mix of packages linking against the
| | old and new libraries, or in worse conditions a mix of a new -dev
| | using the new librs with some other packages using the old libs.
| |   - If (but I'm not sure if that's possible) one can link only against
| | the libgslcblas library, that would cause breakage in case the
| | SONAME gets bumped as as the package is not keyed on that, and
| | programs linked against the old SONAME would stop working.
| 
| I agree. It's a bit more work, but the better fix.
|  
| | > But it is probably
| | > easier to go with 'Breaks: ' as you suggest.
| | 
| | I'd consider that the wrong fix TBH.
| | 
| | > The thing that is unpleasant is that we probably need to keep adding the 
old
| | > soname libraries to debian/control as this progresses.
| | 
| | Not anymore after the libraries have been split. Or perhaps I don't
| | understand your concern?
| 
| Yes, it should help with that.
| 
| Thanks for the input!

Now done, and upgrade tested on Debian testing and unstable. Seems to work.

Let's hope it doesn't longer in NEW for too long.

Thanks for the suggestions and discussion; this was really helpful.

Dirk

-- 
http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#870848: jackson-databind: CVE-2017-7525: Deserialization vulnerability via readValue method of ObjectMapper

[Salvatore Bonaccorso]

Source: jackson-databind
Version: 2.8.6-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/FasterXML/jackson-databind/issues/1599

Hi,

the following vulnerability was published for jackson-databind.

CVE-2017-7525[0]:
Deserialization vulnerability via readValue method of ObjectMapper

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Upstream tracking is at [2].

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525
[1] https://github.com/FasterXML/jackson-databind/issues/1599
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7525

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#869658: linux: system freezes when dell-smm-hwmon reads fan speed

[Carmelo C]

In my system, dell-smm-hwmon is linked to the following folder:

/sys/class/hwmon/hwmon2/

The freeze occurs only when I type the following commands:

cat /sys/class/hwmon/hwmon2/fan1_input
cat /sys/class/hwmon/hwmon2/fan2_input
cat /sys/class/hwmon/hwmon2/fan3_input

In these commands, the freeze does not occur:

cat /sys/class/hwmon/hwmon2/temp1_input
cat /sys/class/hwmon/hwmon2/temp2_input
cat /sys/class/hwmon/hwmon2/temp3_input
cat /sys/class/hwmon/hwmon2/temp4_input

In this link, more information:
https://bugzilla.kernel.org/show_bug.cgi?id=112021

Bug#870676: ffmpeg requires NEON on armhf, which is not part of the ARMv7 ABI

[Steve Langasek]

Control: forcemerge 870622 -1

Hi James,

On Sat, Aug 05, 2017 at 02:40:12PM -0400, James Cowgill wrote:

> > The latest release of ffmpeg enables NEON support by default when building
> > on armhf; however, NEON support is not a standard part of the ARMv7 ABI, and
> > Debian supports running armhf on chips that do not implement NEON.

> > Using NEON based on runtime detection of support for it is fine, but the
> > existing ffmpeg implementation doesn't appear to do this, instead using NEON
> > based on build-time configuration with no fallback.

> Are you sure this is true? I tried running the failing test on abel.d.o
> (which AFAIK does not have NEON) and harris (which does). The test only
> caused ffmpeg to crash on harris, which seems to suggest that the
> runtime NEON detection is working properly.

Nope, not sure at all, I only know what I saw from code inspection where I
failed to find where the code falls back on non-NEON systems.

I see you're right that abel does not have NEON (it's not exposed in
/proc/cpuinfo feature flags for the CPU), so if ffmpeg runs without crashing
there, I guess that's pretty clear evidence that there is a runtime fallback
that I overlooked.

> These are the commands to reproduce the autopkgtest fail if you want to
> try it:

> ffmpeg -f lavfi -i testsrc=s=32x32:d=0.1 -strict -2 -c:v libx264rgb -f avi 
> libx264rgb.avi -y -hide_banner -nostdin
> ffmpeg -strict -2 -i libx264rgb.avi -t 1 -c:v rawvideo -c:a pcm_s32le -f nut 
> /dev/null -y -hide_banner -nostdin

> > This issue was noticed in Ubuntu only because the autopkgtests for ffmpeg
> > and x264 triggered an unaligned access in the NEON code, which is *also* not
> > a portable assumption on armhf; however, if the NEON code had not had any
> > unaligned access, the fact that NEON was used would have gone unnoticed on
> > Ubuntu infrastructure.
> > 
> >   http://autopkgtest.ubuntu.com/packages/f/ffmpeg/artful/armhf
> >   http://autopkgtest.ubuntu.com/packages/x/x264/artful/armhf
> > 
> > (And if upstream does fix their code to support runtime detection of NEON
> > support, then there will be a different bug for us to worry about fixing!)
> 
> This is #870622 BTW. If possible, I would much rather fix these bugs
> without having to disable all the NEON optimizations.

So, marking this bug as a duplicate of the real bug (the unaligned trap
problem due to binutils).

Thanks,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Bug#870847: xdiskusage FTCBFS: uses the build architecture compiler

[Helmut Grohne]

Source: xdiskusage
Version: 1.48-10.1
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

xdiskusage fails to cross build from source, because it uses the build
architecture toolchain. For such an old configure, the preferred way is
exporting CC/CXX. After doing so, xdiskusage cross builds successfully.
Please consider applying the attached patch.

Helmut
diff --minimal -Nru xdiskusage-1.48/debian/changelog 
xdiskusage-1.48/debian/changelog
--- xdiskusage-1.48/debian/changelog2012-05-27 14:01:35.0 +0200
+++ xdiskusage-1.48/debian/changelog2017-08-05 20:59:30.0 +0200
@@ -1,3 +1,11 @@
+xdiskusage (1.48-10.2) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Let dh_auto_configure pass cross compilers to ./configure
+(Closes: #-1).
+
+ -- Helmut Grohne   Sat, 05 Aug 2017 20:59:30 +0200
+
 xdiskusage (1.48-10.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff --minimal -Nru xdiskusage-1.48/debian/rules xdiskusage-1.48/debian/rules
--- xdiskusage-1.48/debian/rules2010-04-03 19:51:47.0 +0200
+++ xdiskusage-1.48/debian/rules2017-08-05 20:59:30.0 +0200
@@ -7,10 +7,16 @@
 TMPDIR =   $(CURDIR)/debian/$(PACKAGE)
 INSTALL=   install
 
+include /usr/share/dpkg/architecture.mk
 include /usr/share/quilt/quilt.make
 
 DEB_CONFIGURE_EXTRA_FLAGS := --x-libraries=/usr/X11R6/lib 
--x-includes=/usr/X11R6/include
 
+ifeq ($(origin CXX),default)
+CXX = $(DEB_HOST_GNU_TYPE)-g++
+endif
+export CXX
+
 CFLAGS = -Wall -g
 LDFLAGS = -Wl,--as-needed
 

Bug#798476: Returning to the requirement that Uploaders: contain humans

[gregor herrmann]

On Sat, 05 Aug 2017 21:39:40 +0300, Adrian Bunk wrote:

> Regarding the first point, most large teams do have have the concept of 
> package ownership inside the team. 

Maybe, maybe not.
So far I've seen mostly voices from people working in teams in this
thread who are in favour of dropping the required Uploaders field.

> A reason why "generate Uploaders based on team member information 
> stored in a core package of the team" sounds like a reasonable solution
> to me is that I think a solution is required only for a handful large
> teams.

- Team membership is easily available for teams which use Alioth. [0]
- Does this suggestion mean we should put 140 people in Uploaders? [0]
  And/or sync Alioth project membership to a package regularly?

[0] https://alioth.debian.org/projects/pkg-perl/


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#869856: openssl: FTBFS: Testsuite failures

[Sebastian Andrzej Siewior]

control: tags -1 patch fixed-upstream pending
control: forwaded -1 https://github.com/openssl/openssl/issues/3562

On 2017-07-27 19:06:19 [-0700], Daniel Schepler wrote:
> It appears so.  (Though I did have to apply it by hand as there was no
> "clientsession" line for patch to sync to in hunk #2.)

okay. So we have fix a which will be part of 1.1.0g and I don't see a reason
to upload it right away. So I suggest to wait until upstream releases
something new.

Sebastian

Bug#853529: lordsawar: ftbfs with GCC-7

[Markus Koschany]

Control: tags -1 pending patch

This issue is fixed in Git. I will upload a new revision next week.

Bug#870523: linux-image-4.11.0-1-amd64 confirmed broken on another computer

[Bastian Blank]

On Sat, Aug 05, 2017 at 08:22:36PM +0200, Gilles Sadowski wrote:
> I've just upgraded another computer from "jessie" to "stretch"; this
> installed 4.11.0-1 by default, and on that machine the problem immediately

No, it does not and never will. 4.11.0-1 is testing and unstable, aka
Buster and Sid.

> $ uname -a
> Linux night 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64 
> GNU/Linux
> That one seems to work, for now...

This is the kernel from Stretch, so you are good.

Bastian

-- 
Actual war is a very messy business.  Very, very messy business.
-- Kirk, "A Taste of Armageddon", stardate 3193.0

Bug#798476: Returning to the requirement that Uploaders: contain humans

[Adrian Bunk]

One thing that is worth discussing here:

For how many teams would it bring real benefits if they no longer 
have to maintain team membership information in every source packages?

My guesstimate is that these might perhaps be 5 teams.

Why is my guestimate so low?

It only brings real benefits for teams:
1. that do not have a concept of package ownership inside the team, and
2. that maintain many packages.

Regarding the second point, there clearly is a real amount of work 
removing a person from the Uploaders of hundreds of packages.
But when a team maintains only 5 packages this is no longer a problem.

Regarding the first point, most large teams do have have the concept of 
package ownership inside the team. Sometimes with well-defined semantics 
regarding the differences between putting the team in Maintainer and the 
human in Uploaders, or putting the human in Maintainer and the team in 
Uploaders. For these teams it is no question that Uploaders is useful.

A reason why "generate Uploaders based on team member information 
stored in a core package of the team" sounds like a reasonable solution
to me is that I think a solution is required only for a handful large
teams.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#870676: ffmpeg requires NEON on armhf, which is not part of the ARMv7 ABI

[James Cowgill]

Hi Steve,

On 03/08/17 21:03, Steve Langasek wrote:
> Package: ffmpeg
> Version: 7:3.3.3-1
> Severity: important
> Tags: patch
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu artful ubuntu-patch autopkgtest
> 
> Dear maintainers,
> 
> The latest release of ffmpeg enables NEON support by default when building
> on armhf; however, NEON support is not a standard part of the ARMv7 ABI, and
> Debian supports running armhf on chips that do not implement NEON.
> 
> Using NEON based on runtime detection of support for it is fine, but the
> existing ffmpeg implementation doesn't appear to do this, instead using NEON
> based on build-time configuration with no fallback.

Are you sure this is true? I tried running the failing test on abel.d.o
(which AFAIK does not have NEON) and harris (which does). The test only
caused ffmpeg to crash on harris, which seems to suggest that the
runtime NEON detection is working properly.

These are the commands to reproduce the autopkgtest fail if you want to
try it:

ffmpeg -f lavfi -i testsrc=s=32x32:d=0.1 -strict -2 -c:v libx264rgb -f avi 
libx264rgb.avi -y -hide_banner -nostdin
ffmpeg -strict -2 -i libx264rgb.avi -t 1 -c:v rawvideo -c:a pcm_s32le -f nut 
/dev/null -y -hide_banner -nostdin

> This issue was noticed in Ubuntu only because the autopkgtests for ffmpeg
> and x264 triggered an unaligned access in the NEON code, which is *also* not
> a portable assumption on armhf; however, if the NEON code had not had any
> unaligned access, the fact that NEON was used would have gone unnoticed on
> Ubuntu infrastructure.
> 
>   http://autopkgtest.ubuntu.com/packages/f/ffmpeg/artful/armhf
>   http://autopkgtest.ubuntu.com/packages/x/x264/artful/armhf
> 
> (And if upstream does fix their code to support runtime detection of NEON
> support, then there will be a different bug for us to worry about fixing!)

This is #870622 BTW. If possible, I would much rather fix these bugs
without having to disable all the NEON optimizations.

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#870252: pkg-perl-autopkgtest: skip t/00-compile/*.t

[gregor herrmann]

On Fri, 04 Aug 2017 17:42:47 -0400, Alex Muntada wrote:

> gregor herrmann:
> > A quick glance at the commit says: looks good!
> Looks good to me, too.

So I guess we could upload the package with this change?
Who wants to do it?

Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#798476: Returning to the requirement that Uploaders: contain humans

[Holger Levsen]

On Sat, Aug 05, 2017 at 09:05:46PM +0300, Adrian Bunk wrote:
> > I think using the uploaders: field to guess who's a team member is just a
> > work-around / an estimate, as we have nothing better.
> It is the official place to list co-maintainers.

you keep repeating this but its still broken by design.

> > ;tl;dr: I think we need a better system to manage team membership in Debian.
> > (Ab)using the uploaders: field gives an estimate or datapoint today, but we
> > have other means to gather this data.
> 
> No, we do not have currently any other means to gather who is considered 
> a team member by a team.
> 
> And that's the problem.
 
then it's time to fix this and not hold on to a band-aid solution which causes
grief.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#863089: Please provide post-processed logs output for manpages.d.o

[Holger Levsen]

On Sat, Aug 05, 2017 at 08:17:26PM +0200, Michael Stapelberg wrote:
> All done. Find attached the updated patch series (I hope that was what we
> needed, I’m losing track over what is already merged and what isn’t).

those all seems to be merged.

still missing: a fix for the Makefile so that your golang stuff aint tried
to be build on the slaves…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#870747: update-rc.d: enabling a default-disabled service fails: "foo Default-Start contains no runlevels, aborting."

[Felipe Sateler]

On Fri, Aug 4, 2017 at 2:32 PM, Daniel Kahn Gillmor
 wrote:
> Package: init-system-helpers
> Version: 1.49
> Severity: normal
> Tags: patch
>
> i have a system service that is disabled by default.  the local
> administrator is expected to do some not insignificant configuration
> (often using tools shipped in the package) before the service can be
> enabled.
>
> This service prefers an empty Default-Start: line, and a full
> Default-Stop: line.  The administrator is expected to enable it with
> "update-rc.d foo enable" when they're ready.

These two are incompatible. `update-rc.d foo enable` means "leave
links as per defined in the Default-Start/Stop lines", thus it won't
work because you have all-stop defaults.

I think you are redefining what Default-Start means. My undestanding
is it means: 'To enable this service, create these links'. Your patch
would turn it into something like: 'These links should be created at
package installation time'. These are not the same, and it is entirely
sane to have a package not install the enable links at install time.

I don't think update-rc.d should codify policy, it should be a dumb
mechanism to alter the symlink farm.

I think the correct fix is #857452, plus changing your init script to
have Default-start: 2 3 4 5.

#857452: update-rc.d: please provide a defaults-disabled option

-- 

Saludos,
Felipe Sateler

Bug#870523: linux-image-4.11.0-1-amd64 confirmed broken on another computer

[Gilles Sadowski]

Hi.

I've just upgraded another computer from "jessie" to "stretch"; this
installed 4.11.0-1 by default, and on that machine the problem immediately
showed up:
 * load average going up within seconds after the boot
 * trying to install "nvidia-legacy-check" led to "apt" hanging (and and
   next reboot, it reported the package as broken, wanting to reinstall it
   before removing it leading to hanging again...)

$ uname -a
Linux night 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64 
GNU/Linux

That one seems to work, for now...

Regards,
Gilles
   

Bug#870615: debian-installer: FTBFS on armhf: missing firefly-rk3288/u-boot.img

[Cyril Brulebois]

Vagrant Cascadian <vagr...@debian.org> (2017-08-05):
> Looks like either no version, or an older version was installed:
> 
>   https://d-i.debian.org/daily-images/armhf/20170805-00:05/build_hd-media.log
>   dpkg-checkbuilddeps: error: Unmet build dependencies: u-boot-rockchip (>= 
> 2017.07+dfsg1-3)

Oh right, I only looked at the bottom of the output. For some reason,
the dpkg-checkbuilddeps error didn't prevent the build to go through and
test building other targets… Sorry for the noise. Will keep an eye on
this.


KiBi.


signature.asc
Description: Digital signature

Bug#870846: Update to standards version 4.0.0

[Phil Wyett]

Package: live-wrapper
Severity: important

Version: 0.6

Attached is a patch that updates live-wrapper for standards version 4.0.0.

Added doc package to suggests. Not really needed, but good practice.

All other data related to updating to version 4.0.0 do not affect live-wrapper

Regards

Phil

-- 
*** If this is a mailing list, I am subscribed, no need to CC me.***

Playing the game for the games sake.

Web: https://kathenas.org

Twitter: kathenasorg

Instagram: kathenasorgdiff --git a/debian/control b/debian/control
index f17fd64..ea4bf6d 100644
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Build-Depends: debhelper (>= 9),
python-setuptools,
python-sphinx,
vmdebootstrap (>= 1.7-1+nmu1)
-Standards-Version: 3.9.8
+Standards-Version: 4.0.0
 Vcs-Browser: https://anonscm.debian.org/cgit/debian-live/live-wrapper.git
 Vcs-Git: https://anonscm.debian.org/git/debian-live/live-wrapper.git
 Homepage: https://debian-live.alioth.debian.org/live-wrapper/
@@ -26,7 +26,8 @@ Depends: ${misc:Depends},
  python-distro-info,
  squashfs-tools,
  xorriso
-Suggests: cmdtest
+Suggests: cmdtest,
+  live-wrapper-doc
 Description: Wrapper for vmdebootstrap for creating live images
  live-wrapper is a wrapper around vmdebootstrap to install a live Debian
  system into an ISO image, which can be used by booting from optical media or a


signature.asc
Description: This is a digitally signed message part

Bug#869936: reportbug: ImportError: No module named 'requests.packages.urllib3'

[John David Anglin]

Package: reportbug
Version: 7.1.7
Followup-For: Bug #869936

Dear Maintainer,

Fixed by reinstalling python3-six;
apt-get --reinstall install python3-six

Regards,
Dave Anglin

-- Package-specific info:
** Environment settings:
INTERFACE="text"

** /home/dave/.reportbugrc:
reportbug_version "5.0"
mode standard
ui text
realname "John David Anglin"
email "dave.ang...@bell.net"

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable')
Architecture: hppa (parisc64)

Kernel: Linux 4.13.0-rc3+ (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8), 
LANGUAGE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages reportbug depends on:
ii  apt1.5~beta1
ii  python33.5.3-3
ii  python3-reportbug  7.1.7

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail  
ii  debconf-utils   1.5.63
pn  debsums 
pn  dlocate 
ii  emacs24-bin-common  24.5+1-11
ii  file1:5.30-1
ii  gir1.2-gtk-3.0  3.22.17-1
pn  gir1.2-vte-2.91 
ii  gnupg   2.1.18-8
ii  postfix [mail-transport-agent]  3.2.2-1
ii  python3-gi  3.22.0-2+b1
pn  python3-gi-cairo
pn  python3-gtkspellcheck   
pn  python3-urwid   
ii  xdg-utils   1.1.1-1

Versions of packages python3-reportbug depends on:
ii  apt1.5~beta1
ii  file   1:5.30-1
ii  python33.5.3-3
ii  python3-debian 0.1.30
ii  python3-debianbts  2.6.1
ii  python3-requests   2.18.1-1

python3-reportbug suggests no packages.

-- no debconf information

Bug#870844: RFA: pytest-xdist -- Pytest plugin for distributed testing

[Daniel Stender]

Package: wnpp
Severity: normal

I'm seeking for someboy to adopt pytest-xdist [1]. This has been moved to DPMT 
recently,
if you are a member of this team please just proceed adopting this, otherwise 
contact me
first (ideally, this should be kept).

Thanks,
DS

[1] https://packages.qa.debian.org/p/pytest-xdist.html

-- 
4096R/DF5182C8 (sten...@debian.org)
http://www.danielstender.com/



signature.asc
Description: OpenPGP digital signature

Bug#870845: Various fixes for coding standards etc.

[Phil Wyett]

Package: live-wrapper
Severity: important

Version: 0.6

Attached are some patches for live-wrapper git head.

bootloader.py
=

* Change 'f' to 'langlist_file'. More human readable and linting friendly.

cdroot.py
==

* Update class to use modern style.
* Add file head text. Based on original commit.

Both patches include minor trailing white space cleaning

Regards

Phil

-- 
*** If this is a mailing list, I am subscribed, no need to CC me.***

Playing the game for the games sake.

Web: https://kathenas.org

Twitter: kathenasorg

Instagram: kathenasorgdiff --git a/lwr/bootloader.py b/lwr/bootloader.py
index 69c27a2..b0c0cb3 100644
--- a/lwr/bootloader.py
+++ b/lwr/bootloader.py
@@ -51,11 +51,11 @@ class BootloaderConfig(object):
 # FIXME: need declarative paths
 self.versions = detect_kernels(self.cdroot)
 self.versions.sort(reverse=True)
-with open('/usr/share/live-wrapper/languagelist', 'r') as f:
-lines = f.readlines()
-lang_lines = [ line for line in lines if not line.startswith('#') ]
+with open('/usr/share/live-wrapper/languagelist', 'r') as langlist_file:
+lines = langlist_file.readlines()
+lang_lines = [line for line in lines if not line.startswith('#')]
 for line in lang_lines:
-language = line.split(';') 
+language = line.split(';')
 for version in self.versions:
 self.entries.append({
  'description': '%s (%s)' % (language[1], language[0],),
diff --git a/lwr/cdroot.py b/lwr/cdroot.py
index 24d24eb..134ad72 100644
--- a/lwr/cdroot.py
+++ b/lwr/cdroot.py
@@ -1,8 +1,13 @@
+# live-wrapper - Wrapper for vmdebootstrap for creating live images
+# (C) Iain R. Learmonth 2015 
+# See COPYING for terms of usage, modification and redistribution.
+#
+# lwr/cdroot.py - cdroot helpers
 
 import os
 import tempfile
 
-class CDRoot:
+class CDRoot(object):
 def __init__(self, path=None):
 if not path:
 self.path = tempfile.mkdtemp()
@@ -13,6 +18,6 @@ class CDRoot:
 
 def __getitem__(self, i):
 return CDRoot(os.path.join(self.path, i))
-
+
 def __str__(self):
 return self.path


signature.asc
Description: This is a digitally signed message part

Bug#858531: RFS: delight/1.5-1 ITP

[Al Nikolov]

Hi Dmitry.

As for:

Version:    1.5-1
Uploaded:   2017-03-22 09:41

Looks good, except an issue with `debian/watch`:

> al@think:~/debian/delight-1.5$ LANG=C uscan --report-status
> uscan info: uscan (version 2.17.6+deb9u1) See uscan(1) for help
> uscan info: Scan watch files in .
> uscan info: Check debian/watch and debian/changelog in .
> uscan info: package="delight" version="1.5-1" (as seen in
> debian/changelog)
> uscan info: package="delight" version="1.5" (no epoch/revision)
> uscan info: ./debian/changelog sets package="delight" version="1.5"
> uscan info: Process ./debian/watch (package=delight version=1.5)
> uscan info: opts: mode=git
> uscan info: line: https://git.savannah.nongnu.org/git/delight.git
> refs/tags/v([\d\.\d\.]+) debian
> uscan info: Parsing mode=git
> uscan info: line: https://git.savannah.nongnu.org/git/delight.git
> refs/tags/v([\d\.\d\.]+) debian
> uscan info: Last orig.tar.* tarball version (from debian/changelog):
> 1.5
> uscan info: Last orig.tar.* tarball version (dversionmangled): 1.5
> uscan info: Execute: git ls-remote https://git.savannah.nongnu.org/gi
> t/delight.git
> uscan info: Found the following matching refs:
>  HEAD ()
>  refs/heads/master ()
>  refs/tags/1.00 ()
>  refs/tags/1.01 ()
>  refs/tags/1.02 ()
>  refs/tags/1.03 ()
>  refs/tags/1.04 ()
>  refs/tags/1.05 ()
>  refs/tags/1.5 ()
> uscan info: Upstream URL (downloadurlmangled):
>    https://git.savannah.nongnu.org/git/delight.git HEAD
> uscan info: Download filename (filenamemangled): delight-.tar.xz
> dpkg: error: version '1:-0' has bad syntax: version number is empty
> dpkg: error: version '1:-0' has bad syntax: version number is empty
> uscan: Newest version of delight on remote site is , local version is
> 1.5
> uscan:=> Newer package available from
>   https://git.savannah.nongnu.org/git/delight.git HEAD
> uscan info: Scan finished

signature.asc
Description: This is a digitally signed message part