Bug#873282: ITP: emacs-memoize -- memoization functions

[Lev Lamberov]

Package: wnpp
Severity: wishlist
Owner: Lev Lamberov 

* Package name: emacs-memoize
  Version : 1.1
  Upstream Author : Christopher Wellons 
* URL : https://github.com/skeeto/emacs-memoize
* License : Unlicense
  Programming Lang: Emacs Lisp
  Description : memoization functions

This package provides memoization functions. `memoize' accepts a
symbol or a function. When given a symbol, the symbol's function
definition is memoized and installed overtop of the original function
definition. When given a function, it returns a memoized version of
that function.

Memoization takes up memory, which should be freed at some point.
Because of this, all memoization has a timeout from when the last
access was.

Bug#873281: krb5: CVE-2017-7562

[Salvatore Bonaccorso]

Source: krb5
Version: 1.12.1+dfsg-19
Severity: important
Tags: security upstream
Forwarded: https://github.com/krb5/krb5/pull/694

Hi,

the following vulnerability was published for krb5.

CVE-2017-7562[0]:
Make certauth eku module restrictive-only

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7562
[1] https://github.com/krb5/krb5/pull/694

Please adjust the affected versions in the BTS as needed, unless
completely mistaken this goes at least as well back to the version in
jessie. But it's not as bad and think does not warrant a DSA, if I
understand correctly.

Regards,
Salvatore

Bug#870888: breaks awscli 1.11.121-1

[Nicolás Alvarez]

I tried bisecting the upstream code directly from git, and got down to
the range of commits where upstream removed bundled libraries:

With requests 282b01a7c9, awscli works (v2.15.1, right before deleting
the 'packages' directory)
With requests 47f170bb35, awscli fails (pre-v2.16.0, right after
fixing the last "from .packages.urllib3.foo import Bar")

The in-between revisions don't work (ImportError: No module named
'requests.packages.urllib3.exceptions'), because the 'packages'
directory was already deleted but import statements still pointed to
it.

Note that upstream's 47f170bb35 uses the system urllib3, but fails
with both python3-urllib3 1.19.1-1 and 1.21.1-1.

I guess this is bad news for trying to figure out what causes the problem...

-- 
Nicolás

Bug#698240: build-rdeps also fails with lz4'd sources

[James McCoy]

On Fri, Aug 25, 2017 at 08:21:58PM +0100, solo-debianb...@goeswhere.com wrote:
> build-rdeps also fails with lz4'd sources, which appears to have become
> the default in sid at some point? It's the case in the "official"
> debian:sid Docker images, without any config I can see set.

I've started working on adapting this to use apt-helper.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#873010: Working on a fix

[Alexandre Viau]

I am in contact with upstream about this and we are working on providing
a fix. Meanwhile, instant messaging should still work.

Cheers.

Bug#872514: devscripts: Please add script to report on reproducibility status of installed packages

[Paul Wise]

On Sun, 20 Aug 2017 11:19:08 -0700 Chris Lamb wrote:

> Updated patch attached that adds the correct line to debian/control.

Re the use of help2man:

mapreri had concerns on IRC this might interfere with cross-builds.

I tend to think that help2man should never be used automatically,
only ever as a starting point for writing a proper manual page,
since it does not add any value over using the --help options.

For Python stuff a better option is to use sphinx and sphinx-argparse
or sphinxcontrib-autoprogram so as to not duplicate docs between the
code and the manual page.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#873017: I intend to adopt the vim-rails package

[Giovanni Tempobono]

retitle 873017 ITA: vim-rails -- vim development tools for Rails
development
owner 873017 !
thanks

Bug#867497: Update to latest snapshot and convert to Qt5

[Boyuan Yang]

Control: severity -1 important

I am raising the bug severity since Qt4 is to be removed in the Buster cycle.

This bug would be RC-level once the Qt4 removal starts.

Newer snapshot of goldendict already has good support for Qt5. Please consider 
packaging the new snapshot and migrate to Qt5.

Thanks,
Boyuan Yang

Bug#873017: I intend to adopt the vim-rails package

[Giovanni Tempobono]

retitle 873017 ITA: vim-rails -- vim development tools for Rails
development
owner 873017 !
thanks

Bug#872794: i3blocks: [cpu_usage] Handle mpstat output change

[Jason Pleau]

Hi again.

On 08/21/2017 06:41 AM, Alok Singh wrote:
> Package: i3blocks
> Version: 1.4-3+b1
> Severity: normal
> 
> Dear Maintainer,
> 
> Not sure when this happened but the regexp in cpu_usage cannot parse the
> output of mpstat anymore. Patch attached.
> 

I investigated, and this is strange, I cannot reproduce your exact issue.

Out of curiosity, did you edit the cpu_usage script by yourself? The
reason I'm asking is that the change you're proposing is already in
unstable, see here:

http://sources.debian.net/src/i3blocks/1.4-3/scripts/cpu_usage/#L34

I will however add a patch that was recently added as a PR upstream (the
script does not work with newer kernel/mpstat):
https://github.com/vivien/i3blocks/pull/252




-- 
Jason Pleau

Bug#873280: gnome-shell-extension-show-ip: does not notice when NetworkManager starts after gnome-shell

[Paul Wise]

Package: gnome-shell-extension-show-ip
Version: 4.0.1-1
Severity: normal

I had NetworkManager stopped due to restarting dbus, then logged into
GNOME and got 'IP: NM not running' from the Show IP extension. I then
restarted NetworkManager from a terminal but the Show IP extension did
not update them menu to list my new IP address.

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), 
LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-shell-extension-show-ip depends on:
ii  gnome-shell  3.22.3-3

gnome-shell-extension-show-ip recommends no packages.

gnome-shell-extension-show-ip suggests no packages.

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#873279: error messages when browsing Google Maps

[積丹尼 Dan Jacobson]

Package: firefox
Version: 55.0.2-1
Severity: minor

$ firefox maps.google.com
ATTENTION: default value of option force_s3tc_enable overridden by environment.
../../../src/intel/isl/isl.c:1370: FINISHME: validate row pitch of stencil 
surfaces

-- Package-specific info:

-- Extensions information
Name: Adblock Plus
Location: ${PROFILE_EXTENSIONS}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Status: enabled

Name: Application Update Service Helper
Location: ${PROFILE_EXTENSIONS}/aushel...@mozilla.org.xpi
Status: enabled

Name: BBSFox
Location: ${PROFILE_EXTENSIONS}/{86095750-AD15-46d8-BF32-C0789F7E6A32}.xpi
Status: user-disabled

Name: Click-to-Play staged rollout
Location: ${PROFILE_EXTENSIONS}/clicktoplay-roll...@mozilla.org.xpi
Status: enabled

Name: ColorZilla
Location: ${PROFILE_EXTENSIONS}/{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi
Status: user-disabled

Name: Compact Dark theme
Status: user-disabled

Name: Compact Light theme
Status: user-disabled

Name: Default theme
Location: 
/usr/lib/firefox/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Package: firefox
Status: enabled

Name: Element Hiding Helper for Adblock Plus
Location: ${PROFILE_EXTENSIONS}/elemhidehel...@adblockplus.org.xpi
Status: enabled

Name: Firefox Screenshots
Location: ${PROFILE_EXTENSIONS}/screensh...@mozilla.org.xpi
Status: enabled

Name: Follow-on Search Telemetry
Location: ${PROFILE_EXTENSIONS}/followonsea...@mozilla.com.xpi
Status: enabled

Name: Font Finder
Location: ${PROFILE_EXTENSIONS}/fontfin...@bendodson.com.xpi
Status: user-disabled

Name: Location Guard
Location: ${PROFILE_EXTENSIONS}/jid1-hdwplukcgqe...@jetpack.xpi
Status: enabled

Name: Multi-process staged rollout
Location: ${PROFILE_EXTENSIONS}/e10sroll...@mozilla.org.xpi
Status: enabled

Name: NoScript
Location: ${PROFILE_EXTENSIONS}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
Status: user-disabled

Name: Pocket
Location: ${PROFILE_EXTENSIONS}/fire...@getpocket.com.xpi
Status: enabled

Name: Shield Recipe Client
Location: ${PROFILE_EXTENSIONS}/shield-recipe-cli...@mozilla.org.xpi
Status: enabled

Name: Spell Checker
Location: ${PROFILE_EXTENSIONS}/gaurangns...@gmail.com.xpi
Status: enabled

Name: Stylish
Location: ${PROFILE_EXTENSIONS}/{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
Status: user-disabled

Name: United States English Spellchecker dictionary
Location: ${PROFILE_EXTENSIONS}/en...@dictionaries.addons.mozilla.org
Status: enabled

Name: Web Compat
Location: ${PROFILE_EXTENSIONS}/webcom...@mozilla.org.xpi
Status: enabled

-- Plugins information
Name: Shockwave Flash
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled


-- Addons package information
ii  firefox55.0.2-1 amd64Mozilla Firefox web browser

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages firefox depends on:
ii  debianutils   4.8.2
ii  fontconfig2.12.3-0.2
ii  libatk1.0-0   2.24.0-1
ii  libc6 2.25-0experimental1
ii  libcairo-gobject2 1.14.10-1
ii  libcairo2 1.14.10-1
ii  libdbus-1-3   1.11.16+really1.11.16-2
ii  libdbus-glib-1-2  0.108-2
ii  libevent-2.1-62.1.8-stable-4
ii  libffi6   3.3~20160224-1
ii  libfontconfig12.12.3-0.2
ii  libfreetype6  2.8-0.2
ii  libgcc1   1:7.2.0-1
ii  libgdk-pixbuf2.0-02.36.5-3
ii  libglib2.0-0  2.53.6-1
ii  libgtk-3-03.22.18-1
ii  libgtk2.0-0   2.24.31-2
ii  libhunspell-1.6-0 1.6.1-2
ii  libjsoncpp1   1.7.4-3
ii  libnspr4  2:4.16-1
ii  libnss3   2:3.32-1
ii  libpango-1.0-01.40.11-1
ii  libsqlite3-0  3.20.0-1
ii  libstartup-notification0  0.12-4+b2
ii  libstdc++67.2.0-1
ii  libvpx4   1.6.1-3
ii  libx11-6  2:1.6.4-3
ii  libx11-xcb1   2:1.6.4-3
ii  libxcb-shm0   1.12-1
ii  libxcb1   1.12-1
ii  libxcomposite11:0.4.4-2
ii  libxdamage1   1:1.1.4-3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes31:5.0.3-1
ii  libxrender1   1:0.9.10-1
ii  libxt61:1.1.5-1
ii  procps2:3.3.12-3
ii  zlib1g1:1.2.8.dfsg-5

firefox recommends no packages.

Versions of packages firefox suggests:
pn  fonts-lmodern  
pn  fonts-stix | otf-stix  
pn  libcanberra0   
ii  libgssapi-krb5-2   1.15.1-2
pn  mozplugger 

-- no debconf information

Bug#873278: gdb: core/exe mismatch warning is sometimes not accurate

[Paul Wise]

Package: gdb
Version: 7.12-6
Severity: normal
Control: found -1 8.0-1

The "warning: core file may not match specified executable file."
message is printed even for commands that have just been started and no
libraries upgraded in the meantime. OTOH this doesn't happen always.

For example, it happens with rtorrent but not busybox:

pabs@chianamo ~ $ sh -c 'sleep 5s && pkill -SEGV rtorrent' & rtorrent
[1] 19456
Caught Segmentation fault, dumping stack:
rtorrent(+0x20792) [0x564d2f2f2792]
/lib/x86_64-linux-gnu/libc.so.6(+0x33060) [0x7f0458e3b060]
/lib/x86_64-linux-gnu/libc.so.6(epoll_wait+0x33) [0x7f0458ef10b3]
/usr/lib/x86_64-linux-gnu/libtorrent.so.19(_ZN7torrent9PollEPoll4pollEi+0x15) 
[0x7f045a6e3315]
/usr/lib/x86_64-linux-gnu/libtorrent.so.19(_ZN7torrent9PollEPoll7do_pollEli+0xb7)
 [0x7f045a6e3587]
/usr/lib/x86_64-linux-gnu/libtorrent.so.19(_ZN7torrent11thread_base10event_loopEPS0_+0x110)
 [0x7f045a719650]
rtorrent(+0x1f855) [0x564d2f2f1855]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f0458e282e1]
rtorrent(+0x1ffca) [0x564d2f2f1fca]
[1]+  Donesh -c 'sleep 5s && pkill -SEGV rtorrent'
Aborted (core dumped)
pabs@chianamo ~ $ find /var/crash/ -iname *rtorrent*
/var/crash/1000/19457-1000-1000-6-1503714431-chianamo--usr-bin-rtorrent.core
pabs@chianamo ~ $ gdb -batch -n -ex 'set pagination off' -ex bt -ex 'thread 
apply all bt full' --core 
/var/crash/1000/19457-1000-1000-6-1503714431-chianamo--usr-bin-rtorrent.core 
/usr/bin/rtorrent

warning: core file may not match specified executable file.
[New LWP 19457]
[New LWP 19460]
[New LWP 19459]
...
pabs@chianamo ~ $ sh -c 'sleep 5s && pkill -SEGV busybox' & busybox sh
[1] 27106


BusyBox v1.22.1 (Debian 1:1.22.0-19+b3) built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ $ [1]+  Donesh -c 'sleep 5s && pkill -SEGV busybox'
Segmentation fault (core dumped)
pabs@chianamo ~ $ find /var/crash/ -iname *busybox*
/var/crash/1000/27107-1000-1000-11-1503715000-chianamo--bin-busybox.core
pabs@chianamo ~ $ gdb -batch -n -ex 'set pagination off' -ex bt -ex 'thread 
apply all bt full' --core 
/var/crash/1000/27107-1000-1000-11-1503715000-chianamo--bin-busybox.core 
/bin/busybox
[New LWP 27107]
Core was generated by `busybox sh'.
Program terminated with signal SIGSEGV, Segmentation fault.
...

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), 
LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gdb depends on:
ii  libbabeltrace-ctf1  1.5.3-1
ii  libbabeltrace1  1.5.3-1
ii  libc6   2.24-15
ii  libexpat1   2.2.3-1
ii  liblzma55.2.2-1.3
ii  libncurses5 6.0+20170715-2
ii  libpython3.53.5.4-2
ii  libreadline77.0-3
ii  libtinfo5   6.0+20170715-2
ii  zlib1g  1:1.2.8.dfsg-5

Versions of packages gdb recommends:
ii  libc6-dbg [libc-dbg]  2.24-15

Versions of packages gdb suggests:
ii  gdb-doc7.12-2
ii  gdbserver  7.12-6

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#872867: is ISO-3166 really the optimal list for our users?

[Ben Hutchings]

On Fri, 2017-08-25 at 19:31 -0600, Ben Hildred wrote:
> > On Fri, Aug 25, 2017 at 6:04 PM, Ben Hutchings  wrote:
> 
> > On Fri, 2017-08-25 at 13:13 -0600, Ben Hildred wrote:
> > > Lets Throw out this crazy idea for consideration: Drop support for all
> > > countries.
> > > 
> > > To start off this will not actually be completely possible because of
> > > broadcast regulations, but if you limit it to wireless networking (and
> > > other radio application) configuration, we can then define a country as a
> > > broadcast regulation scope.
> > 
> > [...]
> > 
> > So far as I know, the installer doesn't configure the country for
> > wireless regulations.  This is fine so long as you use Managed mode, as
> > the wireless stack can just follow whatever the AP says.  (For other
> > modes, it might still be unnecessary as the wireless device normally
> > has a country code in NVRAM, besides which many countries share either
> > ETSI or FCC rules.)
> > 
> > This only makes it easier as there are fewer regulatory regions, although
> 
> there have been proposals to run-time configure regulatory compliance of
> wifi for travelers.

I'm not sure which proposals you're talking about.  So far as I can
see, that already works in Linux, and I maintain the packages that
support it...

Ben.

-- 
Ben Hutchings
One of the nice things about standards is that there are so many of
them.



signature.asc
Description: This is a digitally signed message part

Bug#872514: devscripts: Please add script to report on reproducibility status of installed packages

[James McCoy]

On Sun, Aug 20, 2017 at 11:19:08AM -0700, Chris Lamb wrote:
> Hi,
> 
> > devscripts: Please add script to report on reproducibility
> > status of installed packages
> 
> Updated patch attached that adds the correct line to debian/control.

Thanks for working on the new script!  I had looked at it earlier but
realized (due to mapreri's nudging) that I hadn't followed up about it.

I think it's a good addition to devscripts, so definitely welcome it
being included.  I only had a couple small comments.

Is it intentional that the cache file is named bz rather than bz2?  I
know .bz is recognized by the relevant tools, but it seems .bz2 is the
more typical form.

README needs to be updated with information about the new script.  It
basically follows the same format as the long description in
debian/control.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#872626: python-statistics is already in experimental

[Ben Finney]

On 26-Aug-2017, Hugo Lefeuvre wrote:

> I'm currently facing issues with my GnuPG key which prevent me from
> uploading this package to unstable (I'm waiting for the next keyring
> update to replace my key).

Sorry to learn of the roadblock.

> If you want to co-maintain this package, feel free to add your name
> to the Uploaders field and upload it to unstable.

My motivation is to have the package as a dependency for ‘pyethapp’
which I am working on.

> Some things you should notice, however:
>  * This is a Python 2 package only
>  * Upstream is planning to make a Python 3.{0,2}, but I think it's
>not going to happen soon unless you ping him/open a bug report.

Some more issues (some of these are issues I've reported upstream):

* The GitHub repository has only one release made available
  , and
  has none of the versions from the PyPI page
  .

* The version at GitHub, version “3.4.0b3”, is not available
  at PyPI 
  .

  So for distributions depending on the version at PyPI, currently
  “1.0.3.5”, it's not clear that they will work correctly with this
  later version.

* The Debian package version does not mangle the version to place
  “3.4.0b3” earlier than (what will presumably be released later as)
  “3.4.0”. When upstream makes a “3.4.0” release, it will sort
  *earlier* in Debian than the existing upstream version “3.4.0b3”.

  This can be corrected with an appropriate change to the version
  string for future Debian releases, but that doesn't solve the issue
  for the already-released “3.4.0b3-1”.

What are your thoughts on addressing these?

-- 
 \ “Every decent man is ashamed of the government he lives under.” |
  `\ —Henry L. Mencken |
_o__)  |
Ben Finney 


signature.asc
Description: PGP signature

Bug#873277: sometimes environment variables do not expand

[積丹尼 Dan Jacobson]

Package: bash-completion
Version: 1:2.1-4.3

Normally $BR expands to $BROWSER for me. Except here!:
$ apt-cache show $@|perl -wlne 'print for /http\S+/g'|sort -u|xargs $BR

Bug#872867: is ISO-3166 really the optimal list for our users?

[Ben Hildred]

On Fri, Aug 25, 2017 at 6:04 PM, Ben Hutchings  wrote:

> On Fri, 2017-08-25 at 13:13 -0600, Ben Hildred wrote:
> > Lets Throw out this crazy idea for consideration: Drop support for all
> > countries.
> >
> > To start off this will not actually be completely possible because of
> > broadcast regulations, but if you limit it to wireless networking (and
> > other radio application) configuration, we can then define a country as a
> > broadcast regulation scope.
> [...]
>
> So far as I know, the installer doesn't configure the country for
> wireless regulations.  This is fine so long as you use Managed mode, as
> the wireless stack can just follow whatever the AP says.  (For other
> modes, it might still be unnecessary as the wireless device normally
> has a country code in NVRAM, besides which many countries share either
> ETSI or FCC rules.)
>
> This only makes it easier as there are fewer regulatory regions, although
there have been proposals to run-time configure regulatory compliance of
wifi for travelers.

Ben.
>
> --
> Ben Hutchings
> One of the nice things about standards is that there are so many of
> them.
>
>


-- 
--
Ben Hildred
Automation Support Services

Bug#873276: liboggz: Make source package bootstrappable

[Daniel Schepler]

Source: liboggz
Version: 1.1.1-5
Severity: wishlist

Since liboggz and vorbis-tools both Build-Depend on each other, there
is a cycle here that needs to be broken for the packages to be
bootstrappable.  Probably, if debian/rules were fixed to respect
DEB_BUILD_OPTIONS=nocheck, then the Build-Depends for liboggz could be
adjusted to "..., vorbis-tools " which would break the
cycle.
-- 
Daniel Schepler

Bug#840257: ITP: mali-driver -- Mali GPU binary drivers

[Wookey]

I've just uploaded mali-midgard, which is the first part of this
project to be ready. That is the kernel driver for the midgard (and
bifrost) series GPUs (6xx, 7xx). In practice it only works on the
Rockchip rk3288 SoC currently as that's the only one with DTB support.

Support will be expanded to other hardware over time, and the binary
drivers uploaded too fairly soon.

Thanks very much to Guillaume Tucker who did nearly all the
heavy-lifting for this.

Wookey
-- 
Principal hats:  Linaro, Debian, Wookware, ARM
http://wookware.org/


signature.asc
Description: Digital signature

Bug#873275: always segfaults at start due to QSslSocket

[積丹尼 Dan Jacobson]

Package: qgis
Version: 2.14.18+dfsg-1
Severity: grave

# apt-get install qgis
$ qgis
Warning: QSslSocket: cannot resolve CRYPTO_num_locks
Warning: QSslSocket: cannot resolve CRYPTO_set_id_callback
Warning: QSslSocket: cannot resolve CRYPTO_set_locking_callback
Warning: QSslSocket: cannot resolve sk_free
Warning: QSslSocket: cannot resolve sk_num
Warning: QSslSocket: cannot resolve sk_pop_free
Warning: QSslSocket: cannot resolve sk_value
Warning: QSslSocket: cannot resolve SSL_library_init
Warning: QSslSocket: cannot resolve SSL_load_error_strings
Warning: QSslSocket: cannot resolve X509_get_notAfter
Warning: QSslSocket: cannot resolve X509_get_notBefore
Warning: QSslSocket: cannot resolve SSLv2_client_method
Warning: QSslSocket: cannot resolve SSLv23_client_method
Warning: QSslSocket: cannot resolve SSLv2_server_method
Warning: QSslSocket: cannot resolve SSLv23_server_method
Warning: QSslSocket: cannot resolve X509_STORE_CTX_get_chain
Warning: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_noconf
Warning: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_conf
Warning: QSslSocket: cannot resolve SSLeay
Warning: QSslSocket: cannot call unresolved function SSL_library_init
Warning: QSslSocket: cannot call unresolved function SSLv23_client_method
Warning: QSslSocket: cannot call unresolved function sk_num
Warning: QSslSocket: cannot call unresolved function X509_get_notBefore
Warning: QSslSocket: cannot call unresolved function X509_get_notAfter
Segmentation fault

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages qgis depends on:
ii  libc6   2.25-0experimental1
ii  libexpat1   2.2.3-1
ii  libgcc1 1:7.2.0-1
ii  libgdal20 [gdal-abi-2-2-1]  2.2.1+dfsg-2+b1
ii  libgeos-c1v53.5.1-3
ii  libgsl232.4+dfsg-6
ii  libgslcblas02.4+dfsg-6
ii  libpq5  10~beta3-1
ii  libproj12   4.9.3-2
ii  libqca2 2.1.3-1
ii  libqgis-analysis2.14.18 2.14.18+dfsg-1
ii  libqgis-app2.14.18  2.14.18+dfsg-1
ii  libqgis-core2.14.18 2.14.18+dfsg-1
ii  libqgis-gui2.14.18  2.14.18+dfsg-1
ii  libqgis-networkanalysis2.14.18  2.14.18+dfsg-1
ii  libqscintilla2-12v5 2.9.3+dfsg-4+b1
ii  libqt4-network  4:4.8.7+dfsg-12
ii  libqt4-sql  4:4.8.7+dfsg-12
ii  libqt4-svg  4:4.8.7+dfsg-12
ii  libqt4-xml  4:4.8.7+dfsg-12
ii  libqtcore4  4:4.8.7+dfsg-12
ii  libqtgui4   4:4.8.7+dfsg-12
ii  libqtwebkit42.3.4.dfsg-9.1
ii  libqwt6abi1 6.1.2-6
ii  libspatialindex4v5  1.8.5-5
ii  libspatialite7  4.4.0~rc1-1~exp2
ii  libsqlite3-03.20.0-1
ii  libstdc++6  7.2.0-1
ii  python-qgis 2.14.18+dfsg-1
ii  qgis-common 2.14.18+dfsg-1
ii  qgis-providers  2.14.18+dfsg-1

Versions of packages qgis recommends:
pn  qgis-plugin-grass
pn  qgis-provider-grass  

Versions of packages qgis suggests:
ii  gpsbabel  1.5.3-2

-- no debconf information

Bug#873274: add --with-suggests --without-suggests

[積丹尼 Dan Jacobson]

Package: aptitude
Version: 0.8.9-1
Severity: wishlist

There is already
--with-recommends
--without-recommends
Please add
--with-suggests
--without-suggests
even if one can get the same affect via -o 

Bug#873273: line 382 says this -

[shirish शिरीष]

Dear sharing, sharing a bit of context from few earlier lines as well.

   grep {
 $state eq $_
 } @statefollow
   } sort keys %{$results{$deptype}}
 );
  # I feel the need to explain this hairy double grep argument.
  # We need to pass an array of package names to show_rdepends,
  # which will recursively follow them for further processing.
  # However, we want to filter this list so that we have the
  # inner join of @statefollow and the state of each package.
  # Hence, the double grep.
}

But as shared above, the expected behaviour of listing of
builds-depends and their build-depends is not available.

Please fix the same.

-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#873273: apt-rdepends: Deep recursion on subroutine "main::show_rdepends" at /usr/bin/apt-rdepends line 382.

[shirish शिरीष]

Package: apt-rdepends
Version: 1.3.0-6
Severity: normal

Dear Maintainer,
I was trying -

 apt-rdepends --build-depends qbittorrent >
apt-rdepends-builds-depends-qbittorrent.txt
  [1:52:57]
Reading package lists... Done
Building dependency tree
Reading state information... Done
Deep recursion on subroutine "main::show_rdepends" at
/usr/bin/apt-rdepends line 382.
Deep recursion on subroutine "main::show_rdepends" at
/usr/bin/apt-rdepends line 382.
Deep recursion on subroutine "main::show_rdepends" at
/usr/bin/apt-rdepends line 382.
Deep recursion on subroutine "main::show_rdepends" at
/usr/bin/apt-rdepends line 382.
Deep recursion on subroutine "main::show_rdepends" at
/usr/bin/apt-rdepends line 382.
Deep recursion on subroutine "main::show_rdepends" at
/usr/bin/apt-rdepends line 382.
Deep recursion on subroutine "main::show_rdepends" at
/usr/bin/apt-rdepends line 382.

when was hit with the above messages. Please fix this regression.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (600, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (1, 'experimental-debug'), (1, 'experimental'), (1,
'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt-rdepends depends on:
ii  libapt-pkg-perl  0.1.33
ii  perl 5.26.0-5

apt-rdepends recommends no packages.

Versions of packages apt-rdepends suggests:
ii  graphviz  2.38.0-17+b2

-- no debconf information

-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#872867: is ISO-3166 really the optimal list for our users?

[Ben Hutchings]

On Fri, 2017-08-25 at 13:13 -0600, Ben Hildred wrote:
> Lets Throw out this crazy idea for consideration: Drop support for all
> countries.
> 
> To start off this will not actually be completely possible because of
> broadcast regulations, but if you limit it to wireless networking (and
> other radio application) configuration, we can then define a country as a
> broadcast regulation scope.
[...]

So far as I know, the installer doesn't configure the country for
wireless regulations.  This is fine so long as you use Managed mode, as
the wireless stack can just follow whatever the AP says.  (For other
modes, it might still be unnecessary as the wireless device normally
has a country code in NVRAM, besides which many countries share either
ETSI or FCC rules.)

Ben.

-- 
Ben Hutchings
One of the nice things about standards is that there are so many of
them.



signature.asc
Description: This is a digitally signed message part

Bug#872626: python-statistics is already in experimental

[Hugo Lefeuvre]

Hi Ben,

> > python-statistics is already in experimental:
> >   https://tracker.debian.org/pkg/python-statistics
> 
> Thank you.
> 
> Hugo, what is needed to get this package into Unstable?

I'm currently facing issues with my GnuPG key which prevent me from
uploading this package to unstable (I'm waiting for the next keyring
update to replace my key).

If you want to co-maintain this package, feel free to add your name to
the Uploaders field and upload it to unstable.

Some things you should notice, however:
 * This is a Python 2 package only
 * Upstream is planning to make a Python 3.{0,2}, but I think it's not
   going to happen soon unless you ping him/open a bug report.

Cheers,
 Hugo

-- 
 Hugo Lefeuvre (hle)|www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA


signature.asc
Description: PGP signature

Bug#872299: gnome-orca: Orca segfaults on startup

[Samuel Thibault]

Hello,

Tim Smith, on jeu. 24 août 2017 18:44:35 -0400, wrote:
> Unfortunately, there is a new problem: there is no audio.

But do you have braille?

Not getting audio can either means audio doesn't work, or Orca doesn't
get information to speak. We need to find out which that is.

>   The console output shows several errors:
> 
> /usr/lib/python3/dist-packages/pyatspi/Accessibility.py:184: Warning:
> g_object_unref: assertion 'G_IS_OBJECT (object)' failed
>   Atspi.Event.host_application = property(fget=lambda x:
> x.source.get_application())
> 
> (orca:8089): Gtk-CRITICAL **: gtk_notebook_get_tab_label: assertion 'list !=
> NULL' failed
> 
> /usr/lib/python3/dist-packages/pyatspi/Accessibility.py:41: Warning:
> g_object_unref: assertion 'G_IS_OBJECT (object)' failed
>   len=self.get_child_count()

Uh.

This looks like AT-SPI itself doesn't look good. Could you try to get

  http://people.debian.org/~sthibault/check-a11y.tgz

unpack it, run

  make check -k

and send us the output?

Samuel

Bug#873074: cdrom: Mirror chosen in expert install will not be written to sources.list

[Steve McIntyre]

On Thu, Aug 24, 2017 at 11:33:19AM +0200, Daniel wrote:
>Package: cdrom
>Severity: normal
>Tags: d-i
>
>Dear Maintainer,
>
>   * What led up to the situation?
>
>installed debian stretch dvd image (from usb flashdrive), used
>installer in expert mode, chosen mirror ftp.halifax.rwth-aachen.de,
>protocol http
>
>   * What was the outcome of this action?
>
>After installation, there is an entry in file /etc/apt/sources.list
>for the cd image but not for the mirror.
>
>   * What outcome did you expect instead?
>
>mirror chosen during installation is written to sources.list

Hi Daniel,

I'd absolutely expect this to work in d-i as you expect. Could you
share the installer syslog from your machine please, so we can see
what's happened?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Because heaters aren't purple!" -- Catherine Pitt

Bug#873272: ITP: r-cran-blob -- GNU R S3 Class for Representing Vectors of Binary Data ('BLOBS')

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: r-cran-blob
  Version : 1.1.0
  Upstream Author : Kirill Müller 
* URL : https://cran.r-project.org/package=blob
* License : GPL
  Programming Lang: GNU R
  Description : GNU R S3 Class for Representing Vectors of Binary Data 
('BLOBS')
 R's raw vector is useful for storing a single binary object.
 What if you want to put a vector of them in a data frame? The blob
 package provides the blob object, a list of raw vectors, suitable for
 use as a column in data frame.


Remark: This package is needed to upgrade r-cran-rsqlite to the latest
upstream version.  It will be maintained by the Debian Med team at
   svn://anonscm.debian.org/debian-med/trunk/packages/R/r-cran-blob/trunk/

Bug#873271: pam-krb5-migrate: install paths are wrong

[Dominik George]

Source: pam-krb5-migrate
Version: 0.0.11-4
Severity: grave
Justification: renders package unusable

Both the PAM modules and the pam config are installed into
sub-directories instead of their correct places. This makes the package
unusable without moving files in system locations around beforehand.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#868558: nmu: multiple r-* packages

[Dirk Eddelbuettel]

severity 868558 serious
quit

On 19 August 2017 at 13:14, Dirk Eddelbuettel wrote:
| 
| Dear release team,
| 
| Gentle poke.  We still need this set of NMUs to get R 3.4.1 into testing.
| 
| "Ask me anything" -- What (if anything) is missing?  How can I help?

Setting severity to 'serious' which is what the one for r-base is tagged with
at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861333

I need your help here, and have not really heard from anyone.  Now that the
release and debconf are in the past, can we _please_ get to this?

Dirk

| 
| Dirk
| 
| -- 
| http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

-- 
http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#872879: wmaker menu lost most of my apps

[Doug Torrance]

On 08/22/2017 03:39 PM, ano...@users.sourceforge.net wrote:

On Tue, Aug 22, 2017 at 08:58:01AM -0400, Doug Torrance wrote:

What are the contents of your ~/GNUstep/Defaults/WMRootMenu


One line:

/etc/GNUstep/Defaults/menu.hook

Removing ~/GNUstep/Defaults/WMRootMenu brings back some/most of the
applications, although all the submenus are somewhat annoyingly nested
under an "Applications" submenu.

Also, /etc/GNUstep/Defaults/menu.hook doesn't exist.


and /etc/GNUstep/Defaults/WMRootMenu?


One line:

"menu.hook"


Does the file /usr/share/WindowMaker/menu.hook exist? Is it a symbolic link
to /etc/GNUstep/Defaults/plmenu.Debian?  (For some reason, they're not
showing up in the filelist [1], even though they ought to...)


Yes, and yes.


Ok, great!  So it seems like the issue was that the WMRootMenu in your 
home directory was no longer pointing to the correct file.


Do you think the correct fix to this bug would be better documentation 
for the change?  Or something else?


Thanks!
Doug

Bug#873270: ITP: r-cran-bit -- GNU R class for vectors of 1-bit booleans

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: r-cran-bit
  Version : 1.1-12
  Upstream Author : Jens Oehlschlägel 
* URL : https://cran.r-project.org/package=bit
* License : GPL
  Programming Lang: GNU R
  Description : GNU R class for vectors of 1-bit booleans
 This GNU R package provides bitmapped vectors of booleans (no NAs),
 coercion from and to logicals, integers and integer subscripts;
 fast boolean operators and fast summary statistics.
 With 'bit' vectors you can store true binary booleans {FALSE,TRUE} at the
 expense of 1 bit only, on a 32 bit architecture this means factor 32 less
 RAM and ~ factor 32 more speed on boolean operations. Due to overhead of
 R calls, actual speed gain depends on the size of the vector: expect gains
 for vectors of size > 1 elements. Even for one-time boolean operations
 it can pay-off to convert to bit, the pay-off is obvious, when such
 components are used more than once.
 Reading from and writing to bit is approximately as fast as accessing
 standard logicals - mostly due to R's time for memory allocation. The package
 allows to work with pre-allocated memory for return values by calling .Call()
 directly: when evaluating the speed of C-access with pre-allocated vector
 memory, coping from bit to logical requires only 70% of the time for copying
 from logical to logical; and copying from logical to bit comes at a
 performance penalty of 150%. the package now contains further classes for
 representing logical selections: 'bitwhich' for very skewed selections and
 'ri' for selecting ranges of values for chunked processing. All three index
 classes can be used for subsetting 'ff' objects (ff-2.1-0 and higher).


Remark: This package is needed to upgrade r-cran-rsqlite to the latest
upstream version.  It will be maintained by the Debian Med team at
  svn://anonscm.debian.org/debian-med/trunk/packages/R/r-cran-bit/trunk/

Bug#873269: ITP: r-cran-bit64 -- GNU R S3 Class for Vectors of 64bit Integers

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: r-cran-bit64
  Version : 0.9-7
  Upstream Author : Jens Oehlschlägel 
* URL : https://cran.r-project.org/package=bit64
* License : GPL
  Programming Lang: GNU R
  Description : GNU R S3 Class for Vectors of 64bit Integers
 Package 'bit64' provides serializable S3 atomic 64bit (signed) integers.
 These are useful for handling database keys and exact counting in +-2^63.
 WARNING: do not use them as replacement for 32bit integers, integer64 are not
 supported for subscripting by R-core and they have different semantics when
 combined with double, e.g. integer64 + double => integer64.
 Class integer64 can be used in vectors, matrices, arrays and data.frames.
 Methods are available for coercion from and to logicals, integers, doubles,
 characters and factors as well as many elementwise and summary functions.
 Many fast algorithmic operations such as 'match' and 'order' support
 interactive data exploration and manipulation and optionally leverage caching.


Remark: This package is needed to upgrade r-cran-rsqlite to the latest upstream
version and will be maintained by the Debian Med team at
svn://anonscm.debian.org/debian-med/trunk/packages/R/r-cran-bit64/trunk/

Bug#869993: Acknowledgement (git-debrebase downstream autorebaser wishlist/spec)

[Ian Jackson]

The branch
  git+ssh://tunnel.chiark.greenend.org.uk//home/ianmdlvl/public-git/dgit.git
  wip.rebase.for-mcv.v1
now contains a prototype of this feature.  NB, rebasing branch.
Also, I haven't run the full dgit test suite on it even once so
it may contain changes that break dgit proper.

I tested it ad-hoc with a rune like this:
  ~/things/Dgit/dgit/using-these git-debrebase downstream-rebase-launder-v0 
HEAD~10

The command line API should be considered unstable.  We'll probably
give this thing a better name, in particular.

Ian.

Bug#869955: warning with perl 5.26

[Bob Proulx]

Hello Francois,

Francois Mescam wrote:
> I've made some test about this error and to trim to 200 caracters the string
> I modify line 923 to :
> 
> $str =~ s/^(.{0,200}).*$/$1/gs;
> 
> With perl 5.26 there no warning and it gives the result explained by the
> comment.

This modification does truncate the string and does match the comment
but this is still different behavior from the upstream spamassassin
which failed to match and did not previously truncate the lines to
200.  Therefore this change will be a diviation from the behavior we
have had previously.

You are now the test pilot flying the modified aircraft for the first
time.  :-)

Here is my test case.

$ perl -V | head -n1
Summary of my perl5 (revision 5 version 26 subversion 0) configuration:

$ perl -le '$str="12345";$str=~s/^(.{,2}).*$/$1/gs;print $str;'
Unescaped left brace in regex is deprecated here (and will be fatal in Perl 
5.30), passed through in regex; marked by <-- HERE in m/^(.{ <-- HERE ,2}).*$/ 
at -e line 1.
12345

$ perl -le '$str="12345";$str=~s/^(.{0,2}).*$/$1/gs;print $str;'
12

$ perl -le '$str="12345";$str=~s/^(.{2}).*$/$1/gs;print $str;'
12

And also on 5.20.2 in Stable.  Same result in both versions.  Both the
version that warns about this case and older versions that did not warn.

$ perl -V | head -n1
Summary of my perl5 (revision 5 version 20 subversion 2) configuration:

$ perl -le '$str="12345";$str=~s/^(.{,2}).*$/$1/gs;print $str;'
12345

$ perl -le '$str="12345";$str=~s/^(.{0,2}).*$/$1/gs;print $str;'
12

$ perl -le '$str="12345";$str=~s/^(.{2}).*$/$1/gs;print $str;'
12

As you can see ".{,2}" doesn't match and does not truncate the string.
Changing that to ".{0,2}" does truncate the string and as you say does
match the comment.  But the previous version of perl and spamassassin
did not match and the previous result was that the string was NOT
truncated.

Making the change you suggest is all well and good but behaves
differently from the upstream spamassassin due to the addition of 200
character truncation that didn't exist before.

Bob


signature.asc
Description: PGP signature

Bug#873267: Updating the manpages-fr-extra Uploaders list

[Mattia Rizzolo]

Source: manpages-fr-extra
Version: 20151231
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Simon Paillard  has not been working on
the manpages-fr-extra package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873268: Updating the po4a Uploaders list

[Mattia Rizzolo]

Source: po4a
Version: 0.51-1
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Simon Paillard  has not been working on
the po4a package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873266: Updating the manpages-fr Uploaders list

[Mattia Rizzolo]

Source: manpages-fr
Version: 3.65d1p1-1
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Simon Paillard  has not been working on
the manpages-fr package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873265: Updating the manpages Uploaders list

[Mattia Rizzolo]

Source: manpages
Version: 4.12-2
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Simon Paillard  has not been working on
the manpages package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873264: Updating the debian-faq Uploaders list

[Mattia Rizzolo]

Source: debian-faq
Version: 8.1
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Simon Paillard  has not been working on
the debian-faq package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873185: Review/Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf

[Michael Biebl]

Am 25.08.2017 um 13:54 schrieb Michael Biebl:
> Package: systemd
> Version: 234-2
> 
> This file was added as a stop-gap solution for stretch, containing
> ConditionFileIsExecutable=!/usr/sbin/ntpd
> ConditionFileIsExecutable=!/usr/sbin/openntpd
> ConditionFileIsExecutable=!/usr/sbin/chronyd
> ConditionFileIsExecutable=!/usr/sbin/VBoxService

ntp, openntpd and chronyd all ship native service files in buster using
Conflicts=systemd-timesyncd.service

So only virtualbox-guest-utils remains, for which I've filed
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873263

I'd say we should go ahead and drop
systemd-timesyncd.service.d/disable-with-time-daemon.conf and don't wait
for virtualbox to get #873263 fixed.

Thoughts, objections?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#873263: Bug#812522: Disable systemd-timesyncd in VirtualBox guests

[Michael Biebl]

On Sun, 24 Jan 2016 19:40:57 +0100 Michael Biebl  wrote:
> Am 24.01.2016 um 17:19 schrieb Sam Morris:
> > Package: systemd
> > Version: 228-4
> > Severity: wishlist
> > File: 
> > /lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf
> > 
> > The 'virtualbox-guest-utils' service provides time synchronization with
> > the host when run inside VirtualBox. It might be worth adding
> > ConditionFileIsExecutable=!/usr/sbin/VBoxService to
> > disable-with-time-daemon.conf.
> > 
> 
> I'd like to see
> /lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf
> go away, once chrony, opentpd and ntp ship proper native .service files.
> So I'd rather not see more stuff added there.
> 
> I think this should either be added to systemd upstream to have
> ConditionVirtualization=!oracle
> 
> But I running under VBox virtualization does not necessarily mean, the
> VboxService is running inside the host.
> 
> So I would really like to see this fixed properly instead, by having
> virtualbox ship a native service file which has a
> Conflicts=systemd-timesyncd.service
> 
> We won't get there by adding more workarounds to the systemd package.

chrony, ntp and openntpd have all been fixed to ship native service
files which have Conflicts=systemd-timesyncd.service

I plan to drop
/lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf,
so I'll leave it up to virtualbox-guest-utils to add a proper native
service file.

Regards,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#873262: user cannot startx session

[Eggert Ehmke]

Package: xorg

I upgraded a system from jessie to stretch. It is a kiosk system without a 
window 
manager that starts one single application directly via startx. The dedicated 
user could 
not start the session after the upgrade.

With Debian jessie, there were no problems.

I got these errors:
Fatal server error:(EE) xf86OpenConsole: Cannot open virtual console 1 
(Permission 
denied)(EE)(EE)Please consult the The X.Org Foundation support at 
http://wiki.x.org[1]


The solution was to issue this command:
chmod ug+s /usr/lib/xorg/Xorg

I found it in a related Ubuntu bug report:
https://bugs.launchpad.net/ubuntu/+source/xinit/+bug/1562219

Regards
Eggert


[1] http://wiki.x.org

Bug#830973: minizinc executable is missing

[Christian G. Warden]

mzn-fzn does not appear to function the same as the minizinc
executable.

I've attached a model with which the minizinc executable included in
the upstream release works, but which fails using mzn-fzn:

$ mzn-fzn color.mzn
unknown file:
MiniZinc: type error: assignment value for `Bing' has invalid type-inst: 
expected `COLOR', actual `int'
=ERROR=

$ ~/Tools/MiniZincIDE-2.1.5-bundle-linux-x86_64/minizinc color.mzn
Si = BLUE;
Yan = GREEN;
Yu = PINK;
Xu = YELLOW;
Qing = BLUE;
Ji = PINK;
You = BLUE;
Bing = GREEN;
Yong = PINK;
Liang = GREEN;
Yi = BLUE;
Jing = GREEN;
Yang = BLUE;
Jiao = PINK;
--
enum COLOR = {GREEN, BLUE, PINK, YELLOW};

var COLOR: Si;
var COLOR: Yan; 
var COLOR: Yu;
var COLOR: Xu; 
var COLOR: Qing;
var COLOR: Ji; 
var COLOR: You;
var COLOR: Bing; 
var COLOR: Yong;
var COLOR: Liang; 
var COLOR: Yi;
var COLOR: Jing; 
var COLOR: Yang;
var COLOR: Jiao;

constraint Liang != Yong;
constraint Yong != Yi;
constraint Yong != Jing;
constraint Yong != Si;
constraint Yi != Jing;
constraint Yi != Jiao;
constraint Jiao != Jing;
constraint Jiao != Yang;
constraint Jing != Yang;
constraint Jing != Yong;
constraint Jing != Si;
constraint Jing != Yu;
constraint Yang != Yu;
constraint Yang != Xu;
constraint Yu != Si;
constraint Yu != Yan;
constraint Yu != Xu;
constraint Xu != Yan;
constraint Xu != Qing;
constraint Yan != Si;
constraint Yan != Ji;
constraint Yan != Ji;
constraint Yan != Qing;
constraint Qing != Ji;
constraint Ji != You;
constraint Ji != Bing;
constraint Ji != Si;
constraint You != Bing;
constraint Bing != Si;

solve satisfy;

Bug#872577: debootstrap: Handle existing /dev

[Dan Nicholson]

On Tue, Aug 22, 2017 at 10:23 AM, Dan Nicholson  wrote:
>
> That certainly helps, but it doesn't cover everything since the
> mkdir's and ln's could fail. Those are easier to handle by adding -p
> and -f, respectively, but that's a subtle change in behavior for ln
> relative to the mknod change. In the mknod case, an existing device is
> left as is. In the ln case, it would be forcefully overwritten.

Attached is a patch to handle all the potentially failing cases. I
tested this by running debootstrap once, wiping everything the target
except /dev, and running debootstrap again. It succeeded. As mentioned
above, an existing device is skipped while the symlinks are forcefully
overwritten. That seems inconsistent, but I'm not sure it matters. I
could easily change the mknod function to forcefully remove, too.
From 5e97c8d293764015fae25085cb884c5bf265207a Mon Sep 17 00:00:00 2001
From: Dan Nicholson 
Date: Fri, 25 Aug 2017 15:44:26 -0500
Subject: [PATCH] Handle existing /dev (Closes: #872577)

When devices.tar.gz was being used, the devices would be written into
place with tar. This has the effect that the devices would be merged
into an existing /dev in the target. setup_devices_simple() does not
handle this case and fails when /dev already exists.

Normally, the target would be empty and this wouldn't be an issue.
However, some tools that use debootstrap to initialize a target depended
on the old behavior. In particular, the obs-build package used for OBS
sets up a minimal /dev in the generic prep code before using debootstrap
to install packages needed for building debian packages.

Allow for existing devices, directories and symlinks by skipping
existing devices and directories and forcefully overwriting existing
symlinks.
---
 functions | 39 ++-
 1 file changed, 26 insertions(+), 13 deletions(-)

diff --git a/functions b/functions
index 3cfa0d4..877cdbd 100644
--- a/functions
+++ b/functions
@@ -1161,26 +1161,39 @@ setup_dynamic_devices () {
 	esac
 }
 
+# Create a device node if it does not exist. By default, the mode is 666.
+mknod_if_needed () {
+	local device="$1"
+	local type="$2"
+	local major="$3"
+	local minor="$4"
+	local mode="${5:-666}"
+
+	if [ ! -e "$device" ]; then
+		mknod -m "$mode" "$device" "$type" "$major" "$minor"
+	fi
+}
+
 setup_devices_simple () {
 	# The list of devices that can be created in a container comes from
 	# src/core/cgroup.c in the systemd source tree.
-	mknod -m 666 $TARGET/dev/null	c 1 3
-	mknod -m 666 $TARGET/dev/zero	c 1 5
-	mknod -m 666 $TARGET/dev/full	c 1 7
-	mknod -m 666 $TARGET/dev/random	c 1 8
-	mknod -m 666 $TARGET/dev/urandom	c 1 9
-	mknod -m 666 $TARGET/dev/tty	c 5 0
-	mkdir $TARGET/dev/pts/ $TARGET/dev/shm/
+	mknod_if_needed $TARGET/dev/null	c 1 3
+	mknod_if_needed $TARGET/dev/zero	c 1 5
+	mknod_if_needed $TARGET/dev/full	c 1 7
+	mknod_if_needed $TARGET/dev/random	c 1 8
+	mknod_if_needed $TARGET/dev/urandom	c 1 9
+	mknod_if_needed $TARGET/dev/tty	c 5 0
+	mkdir -p $TARGET/dev/pts/ $TARGET/dev/shm/
 	# Inside a container, we might not be allowed to create /dev/ptmx.
 	# If not, do the next best thing.
-	if ! mknod -m 666 $TARGET/dev/ptmx c 5 2; then
+	if ! mknod_if_needed $TARGET/dev/ptmx c 5 2; then
 		warning MKNOD "Could not create /dev/ptmx, falling back to symlink. This chroot will require /dev/pts mounted with ptmxmode=666"
-		ln -s pts/ptmx $TARGET/dev/ptmx
+		ln -sf pts/ptmx $TARGET/dev/ptmx
 	fi
-	ln -s /proc/self/fd   $TARGET/dev/fd
-	ln -s /proc/self/fd/0 $TARGET/dev/stdin
-	ln -s /proc/self/fd/1 $TARGET/dev/stdout
-	ln -s /proc/self/fd/2 $TARGET/dev/stderr
+	ln -sf /proc/self/fd   $TARGET/dev/fd
+	ln -sf /proc/self/fd/0 $TARGET/dev/stdin
+	ln -sf /proc/self/fd/1 $TARGET/dev/stdout
+	ln -sf /proc/self/fd/2 $TARGET/dev/stderr
 }
 
 setup_devices_fakechroot () {
-- 
2.5.5

Bug#873261: RFS: node-when/3.7.8+ds-1 [ITP]

[Julien Puydt]

Package: sponsorship-requests
Severity: wishlist
Owner: Bastien Roucaries 

  Dear mentors,

  I am looking for a sponsor for my package "node-when"

 * Package name: node-when
   Version : 3.7.8+ds-1
   Upstream Author : Brian Cavalier
 * URL : https://github.com/cujojs/when/issues
 * License : Expat
   Section : javascript

  It builds those binary packages:

node-when  - Async tools and when() implementation for Node.js

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/node-when

  Alternatively, one can download the package with dget using this command:

dget -x
https://mentors.debian.net/debian/pool/main/n/node-when/node-when_3.7.8+ds-1.dsc

  It is packaged within the Debian Javascript Maintainers team:
Vcs-Git: https://anonscm.debian.org/git/pkg-javascript/node-when.git
Vcs-Browser:
https://anonscm.debian.org/cgit/pkg-javascript/node-when.git

Thanks,

Snark on #debian-js

Bug#873260: upx-ucl: segmentation fault

[Jakub Wilk]

Package: upx-ucl
Version: 3.94-2

upx crashes while testing integrity of the attached file:

  $ upx -tqq crash.upx
  Segmentation fault

Backtrace:

  #0  0x565dc504 in N_BELE_RTP::BEPolicy::get32 (this=0x5671e8e4 
, p=0x86a2745c) at bele_policy.h:114
  #1  0x565933df in Packer::get_te32 (this=0x56723e18, p=0x86a2745c) at 
packer.h:296
  #2  PackLinuxElf32::elf_find_section_type (type=11, this=0x56723e18) at 
p_lx_elf.cpp:1453
  #3  PackLinuxElf32::PackLinuxElf32help1 (this=0x56723e18, f=0xc9a8) at 
p_lx_elf.cpp:256
  #4  0x5659378b in PackLinuxElf32Be::PackLinuxElf32Be (f=0xc9a8, 
this=0x56723e18) at p_lx_elf.h:345
  #5  PackLinuxElf32armBe::PackLinuxElf32armBe (this=0x56723e18, f=0xc9a8) 
at p_lx_elf.cpp:4158
  #6  0x565c94e8 in PackMaster::visitAllPackers (func=, f=, 
o=, user=) at packmast.cpp:194
  #7  0x565c98aa in PackMaster::getUnpacker (f=0xc9a8) at packmast.cpp:244
  #8  0x565c997c in PackMaster::test (this=0xcac8) at packmast.cpp:269
  #9  0x565dd157 in do_one_file (iname=, oname=) 
at work.cpp:175
  #10 0x565dd38a in do_files (i=2, argc=, argv=) 
at work.cpp:300
  #11 0x56562e23 in main (argc=, argv=) at 
main.cpp:1535

Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/

-- System Information:
Architecture: i386

Versions of packages upx-ucl depends on:
ii  libc6   2.24-14
ii  libgcc1 1:7.2.0-1
ii  libstdc++6  7.2.0-1
ii  libucl1 1.03+repack-4
ii  zlib1g  1:1.2.8.dfsg-5

--
Jakub Wilk


crash.upx.gz
Description: application/gzip

Bug#873128: texlive-lang-arabic: XEPERSIAN PROBLEM WITH FONTSPEC ON DEBIAN STABLE

[Hilmar Preuße]

On 25.08.2017 20:53, Hilmar Preuße wrote:

Hi,

> I'm able to reproduce the problem in stable. So the problem is fixed in
> unstable.
> 
> (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/book-xepersian.def)
> ! Undefined control sequence.
> \setlatintextfont code ..._fontspec_pass_args:nnn
> 
> \__xepersian_setlatintextf...
> l.878 ...{lmromanslant10-bold}]{lmroman10-regular}
>   %
> ? s
> OK, entering \scrollmode...
> 
> Hilmar
> 
According to Debian policy I could close the issue, as it is fixed in
unstable. However you could have a look at [1] and test if upgrading to
v17.3 solves your problem. Install it in local texmf tree.

Hilmar

[1]
http://qa.parsilatex.com/23816/undefined-sequence-setlatintextfont-_fontspec_pass_args
-- 
#206401 http://counter.li.org

Bug#873257: nss: CVE-2017-11696: heap-buffer-overflow (write of size 65544) in __hash_open

[Salvatore Bonaccorso]

Source: nss
Version: 2:3.26-1
Severity: important
Tags: upstream security
Forwarded: https://bugzilla.mozilla.org/show_bug.cgi?id=1360778

Hi,

the following vulnerability was published for nss.

CVE-2017-11696[0]:
|heap-buffer-overflow (write of size 65544) in __hash_open
|(lib/dbm/src/hash.c:241)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11696

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#871697: Unfortunately patch does not work

[Andreas Tille]

Hi,

I tried to implement the suggested patch[1] but there is a syntax error
thrown.  Any hint how to fix this would be welcome.  Feel free to commit
right to Debian Med Git - ACLs are set for DDs.

Kind regards

   Andreas.

[1] 
https://anonscm.debian.org/git/debian-med/jellyfish.git/tree/debian/patches/portability.patch

-- 
http://fam-tille.de

Bug#873259: nss: CVE-2017-11698: heap-buffer-overflow (write of size 2) in __get_page (lib/dbm/src/h_page.c:704)

[Salvatore Bonaccorso]

Source: nss
Version: 2:3.26-1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779

Hi,

the following vulnerability was published for nss.

CVE-2017-11698[0]:
|heap-buffer-overflow (write of size 2) in __get_page
|(lib/dbm/src/h_page.c:704)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11698

Please adjust the affected versions in the BTS as needed.



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#863015: Patch for reproducible builds breaks build time test

[Andreas Tille]

Hi Chris,

thanks for the patch (and sorry for taking so much time to respond).
Unfurtunately if I activate the patch[1] one test
(unit_tests/unit_tests.sh) fails which is not the case if the patch
is deactivated in debian/patches/series:

...
PASS: tests/large_key.sh
PASS: tests/parallel_hashing.sh
FAIL: unit_tests/unit_tests.sh
===
   jellyfish 2.2.6: ./test-suite.log
===

# TOTAL: 13
# PASS:  9
# SKIP:  3
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
...


It might be that the test relies somehow on the date in the json file.

Should I report this to upstream or do you want to investigate into the
test suite?  I admit I'm overwhelmed with gcc-7 and other bugs and will
not manage to track this down in any sensible time frame.

Kind regards and thanks in any case for the reprodicible build effort

 Andreas.


[1] 
https://anonscm.debian.org/git/debian-med/jellyfish.git/tree/debian/patches/reproducible.patch

-- 
http://fam-tille.de

Bug#873258: nss: CVE-2017-11697: Floating Point Exception in __hash_open (hash.c:229)

[Salvatore Bonaccorso]

Source: nss
Version: 2:3.26-1
Severity: important
Tags: upstream security
Forwarded: https://bugzilla.mozilla.org/show_bug.cgi?id=1360900

Hi,

the following vulnerability was published for nss.

CVE-2017-11697[0]:
Floating Point Exception in __hash_open (hash.c:229)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11697

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#873256: nss: CVE-2017-11695: heap-buffer-overflow (write of size 8) in alloc_segs

[Salvatore Bonaccorso]

Source: nss
Version: 2:3.26-1
Severity: important
Tags: upstream security
Forwarded: https://bugzilla.mozilla.org/show_bug.cgi?id=1360782

Hi,

the following vulnerability was published for nss.

CVE-2017-11695[0]:
|heap-buffer-overflow (write of size 8) in alloc_segs
|(lib/dbm/src/hash.c:1105)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11695

Regards,
Salvatore

Bug#872622: ITP: bandage -- Bioinformatics Application for Navigating De novo Assembly Graphs Easily

[Cédric Lood]

Thank you for the suggestion, the control file has been updated accordingly.

Best,
Cedric

From: Andreas Tille 
Sent: Sunday, August 20, 2017 9:30 AM
To: Cédric Lood; 872...@bugs.debian.org; Debian Med Project List
Subject: Re: Bug#872622: ITP: bandage -- Bioinformatics Application for 
Navigating De novo Assembly Graphs Easily

Hi Cédric,

thanks for the ITP.  I notice that the information inside this bug
report is more verbose than the package description in your
debian/control file.  I recommend to make d/control the same level
ov verbosity.

Kind regards

 Andreas.

On Sat, Aug 19, 2017 at 03:06:03PM +0200, Cedric Lood wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Debian Med 
>
> * Package name: bandage
>   Version : 0.8.1
>   Upstream Author : Ryan R. Wick 
> * URL : https://github.com/rrwick/Bandage/
> * License : GPL3
>   Programming Lang: C++
>   Description : Bioinformatics Application for Navigating De novo 
> Assembly Graphs Easily
>
> Bandage is a GUI program that allows users to interact with the assembly 
> graphs made by de novo
> assemblers such as Velvet, SPAdes, MEGAHIT and others.
>
> De novo assembly graphs contain not only assembled contigs but also the 
> connections between
> those contigs, which were previously not easily accessible. Bandage 
> visualises assembly graphs,
> with connections, using graph layout algorithms. Nodes in the drawn graph, 
> which represent
> contigs, can be automatically labelled with their ID, length or depth. Users 
> can interact with
> the graph by moving, labelling and colouring nodes. Sequence information can 
> also be extracted
> directly from the graph viewer. By displaying connections between contigs, 
> Bandage opens up new
> possibilities for analysing and improving de novo assemblies that are not 
> possible by looking at
> contigs alone.
>
> More information and download links are on the Bandage website: 
> rrwick.github.io/Bandage
>
> The package is relevant to the field of genome assembly and will be 
> maintained by the Debian Med
> team.
>
>

--
http://fam-tille.de

Bug#873255: FTBFS with Java 9: equivalence build system

[Chris West]

Source: slashtime
Version: 0.5.13
Severity: normal
User: debian-j...@lists.debian.org
Usertags: default-java9
Tags: patch

This package fails to build with default-jdk pointing to openjdk-9-jdk.
The wiki has some common problems and their solutions:
https://wiki.debian.org/Java/Java9Pitfalls

As mentoned on the wiki, this is caused by the equivalence build system.
I have sent upstream a patch, which should apply for us too:
https://github.com/afcowie/slashtime/pull/1

Build log:

Check Java virtual machines:
 - System java VM  can't parse version

Select compiler:   javac
Select runtime:failed



Cheers,
Chris.

Bug#873254: classes.jsa is not removed on package uninstall

[Evgeny Kapun]

Package: openjdk-9-jre-headless
Version: 9~b181-4

File /usr/lib/jvm/java-9-openjdk-amd64/lib/server/classes.jsa is created by 
postinst script and not removed when the package is uninstalled.

Bug#873253: FTBFS with Java 9

[Chris West]

Source: starjava-util
Version: 1.0+2017.03.17
Severity: normal
User: debian-j...@lists.debian.org
Usertags: default-java9

This package fails to build with default-jdk pointing to openjdk-9-jdk.
The wiki has some common problems and their solutions:
https://wiki.debian.org/Java/Java9Pitfalls

The code is using a class which is no longer public, due to having copy-
pasted some Java 4 code into their codebase and edit it. It looks like
the class may not be relevant on Java >4, and may never have been relevant
on anything except Windows, so we may be able to delete it, even if upstream
don't.

Build log:

[javac] 
/build/starjava-util-1.0+2017.03.17/src/main/uk/ac/starlink/util/gui/BasicFileChooser.java:49:
 error: package sun.awt.shell is not visible
[javac] import sun.awt.shell.ShellFolder;
[javac]   ^
[javac]   (package sun.awt.shell is declared in module java.desktop, which 
does not export it)


Cheers,
Chris.

Bug#873252: Can't opendir($fh, '.../debian/...-doc/usr/share/doc/libpirl-java/api/unnamed package'): No such file or directory at .../Javahelper/Java.pm line 115

[Chris West]

Package: javatools
Version: 0.61
Severity: normal
User: debian-j...@lists.debian.org
Usertags: default-java9

Hi,

Javahelper seems to be getting confused by javadoc in a couple of
packages, but only on Java 9. The javadoc appears* to build correctly,
but javahelper gets towards the end then fails to find it:

...
Creating destination directory: "debian/_jh_build.javadoc/api/"
...
100 warnings
...
   jh_exec
   jh_depends
Can't opendir($fh, 
'/build/pirl-2.3.8/debian/libpirl-java-doc/usr/share/doc/libpirl-java/api/unnamed
 package'): No such file or directory at 
/usr/share/perl5/Debian/Javahelper/Java.pm line 115
debian/rules:9: recipe for target 'binary' failed


Currently known affected packages:
 * jcm
 * pirl
 * terraintool

If this is a bug in packages, please update the wiki as more packages
might show this error after other problems are fixed; I know I've seen
this error in at least one other package:
https://wiki.debian.org/Java/Java9Pitfalls

Cheers,
Chris.

Bug#873204: libneon27-gnutls: Certificate verification error: signed using insecure algorithm...

[GCS]

Hi Emmanuel,

On Fri, Aug 25, 2017 at 4:31 PM, Emmanuel Fleury
 wrote:
> I am using sitecopy for very long to push my modification on my website
> through WebDAV/SSL and everything was well until a few months ago.
>
> Then, sitecopy started to refuse to write on the remote server issuing
> the following error statement:
>
> Certificate verification error: signed using insecure algorithm
>
> After a few research in the code of sitecopy, I manage to focus a bit
> more on the origin of the problem. Here is an excerpt of an ltrace from
> an erroneous run on sitecopy:
[...]
> The error start to appear around the call to ne_ssl_set_verify().
 The actual place is in src/ne_gnutls.c line 938, check_certificate()
function. It calls gnutls_certificate_verify_peers2() on line 961 and
the value of 'status' is GNUTLS_CERT_INSECURE_ALGORITHM.

> In fact, I looked at other tools to update my website and got similar
> problem when trying to access the WebDAVs file-system. For example, the
> tool fuserdav was issuing the exact same error:
 As expected as the certificate is the same and it's using an insecure
algorithm for its signature.

> Yet, the certificate of the web server seems to be okay when checked
> with gnutls-cli:
 The certificate is valid and fine, this is also expected.

> $ gnutls-cli --ca-verification --verbose www.labri.fr
[...]
 Please note that here you are checking www instead of webdav and as I
see, these have different certifications.

> My belief is that if gnutls seems to consider this certificate as
> 'valid' and if sitecopy of fuserdav are both failing when asking to
> libneon, then the bug must be in libneon... i.e. somewhere in between...
 The certificates seem to be valid, but one of the signatures
considered insecure - however I don't know which and why.

> So, did I miss something or is there really a serious bug here ?
> (it may be possible that the certificate is flawed...but I wonder why
> only libneon is seeing it as "wrong" then.
 Please don't mix the two things: certificate is valid, but uses an
insecure algorithm for its signature.

> Feel free to ask me more details if needed!
 I think you should ask someone who is better with GnuTLS. I can't see
the reason. :(
Maybe it's related to the connection ifself? Please see the detailed
log for a working site:
$ gnutls-cli-debug www.google.com
It has TLS 1.0, 1.1 and 1.2 support. For your site:
$ gnutls-cli-debug webdav.labri.fr

Fails in the end with:
Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 and TLS 1.2
It seems your site has a problem. Thus I plan to close this bug in
some days as it's clear that it's not a Neon bug. The error comes from
GnuTLS and it seems to be right. Maybe your site uses SSLv2 which was
disabled as it's flawed in a variety of ways.

Hope this helps,
Laszlo/GCS

Bug#873251: RM? FTBFS with Java 9, lib with no rdeps

[Chris West]

Source: tiger-types
Version: 1.4-1
Severity: wishlist
User: debian-j...@lists.debian.org
Usertags: default-java9

This package fails to build with default-jdk pointing to openjdk-9-jdk,
although it would probably be trivial to fix.

It has no reverse dependencies in sid, as far as I can see.

Can we RM it?

Cheers,
Chris.

Bug#873249: FTBFS with Java 9: javadoc classpath with maven?

[Chris West]

Source: uimaj
Version: 2.10.0
Severity: normal
User: debian-j...@lists.debian.org
Usertags: default-java9

This package fails to build with default-jdk pointing to openjdk-9-jdk.
The wiki has some common problems and their solutions:
https://wiki.debian.org/Java/Java9Pitfalls

A number of packages seem to be failing to find classes during their
javadoc build, but they are mostly ant based and I was hoping it was
just bugs in the build file, not a scary change in the way the javadoc
tool works. I have no idea what's going on here.

If you work it out, please update the wiki!


Build log:

[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:2.10.4:aggregate (default-cli) on 
project uimaj: An error has occurred in JavaDocs report generation: 
[ERROR] Exit code: 1 - 
/build/uimaj-2.10.0/uimaj-examples/src/main/java/org/apache/uima/examples/xmi/XmiEcoreCasConsumer.java:44:
 error: package org.eclipse.emf.common.util does not exist
[ERROR] import org.eclipse.emf.common.util.URI;
...


Example from an ant build (velocity-tools):

  [javadoc] Constructing Javadoc information...
  [javadoc] 
/build/velocity-tools-2.0/src/main/java/org/apache/velocity/tools/ClassUtils.java:39:
 error: package org.apache.velocity.util does not exist



Cheers,
Chris.

Bug#873250: FTBFS with Java 9: overrides core packages

[Chris West]

Source: xml-commons-external
Version: 1.4.01
Severity: normal
User: debian-j...@lists.debian.org
Usertags: default-java9

This package fails to build with default-jdk pointing to openjdk-9-jdk.

It is trying to provide/override core classes, at source/compile time.
I'm not sure what the support status of this is. Compiling seems to
actually work, the build actually only crashes out during javadoc. Maybe
it's a bad example of this problem.

This package is still used (fop, freeplane, batik, xerces), despite not
apparently having had any updates since 2002. It must be doing something...

If you find a generic solution to this problem, please update the wiki:
https://wiki.debian.org/Java/Java9Pitfalls


Build log:

Constructing Javadoc information...
./javax/xml/XMLConstants.java:20: error: package exists in another module: 
java.xml
package javax.xml;
^
./org/w3c/dom/Attr.java:13: error: package exists in another module: java.xml
package org.w3c.dom;
^
./org/w3c/dom/CDATASection.java:13: error: package exists in another module: 
java.xml
package org.w3c.dom;


Cheers,
Chris.

Bug#872944: www.debian.org: Debian Policy Manual not fully published

[Sean Whitton]

On Fri, Aug 25 2017, Laura Arjona Reina wrote:

> My concern is about doing the right thing... making our web visitors
> run javascript code from sid in their browsers does not sound right
> for me.
>
> Would you (Debian Policy Team) consider acceptable to leave the website 
> version
> of the manual as it is now, without any javascript?

I am sympathetic to your concern.

I'd want us to generate output that doesn't try to load any JavaScript,
though, rather than publishing something which we expect to be buggy.
[1] looks like a good starting point.

Russ: do you agree?  If so, we can file a bug against policy to produce
output without javascript, and block this bug by that one.

[1] 
https://stackoverflow.com/questions/31951553/customizing-sphinx-to-avoid-generating-search-box

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#698240: build-rdeps also fails with lz4'd sources

[solo-debianbugs]

Control: severity -1 important

build-rdeps also fails with lz4'd sources, which appears to have become
the default in sid at some point? It's the case in the "official"
debian:sid Docker images, without any config I can see set.

As the tool is broken on a default install, without me having changed
any configuration, this bug is Important.

Chris.

Bug#873248: astroid: please rename source package e.g. to python-astroid

[Jonas Smedegaard]

Package: astroid
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

I am preparing a new Debian package which has the upstream project name
"Astroid" and provides the binary "astroid".

None of that collides with src:astroid, but Adrian Bunk kindly warned
(see bug#873202) that our bugtracker gets easily confused when a
source package exist and also a binary package by same name but
belonging to different source package.

I therefore suggest that src:python be renamed to avoid confusion.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlmgepwACgkQLHwxRsGg
ASGBLA//Y2mXRgyQ5K8jX5U9J+mbENjRMTIXtVNlyXsPWnqUgANbxRZWA3tieXs4
OAJNkrfVl7dLHwjVtfgrbvINQVhbeCuMQtOvMbGURjfBwlAF/gXjaMcJesrHmamK
+aboQEnOsY8n9qSKrBjWIjeCKon+yv+8/9JP+axt0LAktsu/xLlHXveGSCKeBDLb
/47OQuzQf+/vMEOPHr4kGKa7AqkJt0Jp7tT0TLdVb7ljRF1+mGyEYK62yFbw4RKs
ZEQRkVllv1I9fPjHTzS/QGbHum3xy3aziYrxIjC86fMBAYaimgHYySNY+JZ2piJ1
hPCuFnY1QTiz6ZCT3m0uM5c5BoOrPm1Z1zOnSV+wqY8Mf5nzshZ5tokrE7bCJBZp
m19vF40HjuJqbl+tDCbGyS/iiX+SDdlVcCdZUeVYVpWBC0u7gh/fPXOPKHStRX83
mIRBXpqZTdYwHvZCc8o8yZoh21Imj76PtDAinO5xB3e7mFaF/6JqBep4Dtekv1Hx
cn69UYaI8UOC+z2AVGLmkrLYiyzbdkrEfRM/U40nj0ufndTQNTfWK5fMl0Wz9nTc
7WXYeMf6ZhePEpeBY7HPw3zoxGFWk5ZyL2RAuZzHbrtTv5fSr9fyoBTyGgbL6VFU
JGIrx5Jy5Xy0+oaRmxJH0U173T+gJ+Yn9jOc8ibtVP2acSR2wXo=
=y5/r
-END PGP SIGNATURE-

Bug#872867: is ISO-3166 really the optimal list for our users?

[Ben Hildred]

Lets Throw out this crazy idea for consideration: Drop support for all
countries.

To start off this will not actually be completely possible because of
broadcast regulations, but if you limit it to wireless networking (and
other radio application) configuration, we can then define a country as a
broadcast regulation scope.

This leaves a number of localization issues, starting with language, but
language is already cross border in many cases. Language is also asked as
the first question so it stays the first question.  In many cases number
format can be derived from language, and in those cases where it cannot
there is a significant group who needs to deal with multiple number
formats, so separate question.

Dates and times are a major issue (aside from time zones which both divide
and span countries) date names tend to come from language but date order
does not and this provides a good excuse to standardise on year month day
as the default (of course allowing user customization, but there are fewer
ways to format a date than countries).

As far as I know Debian does not have any configuration of measurements
(aside from paper size and display resolution) but this is becoming less of
an issue as there are no longer any international differences in the
definition of an inch (although some countries have multiple definitions)
and meters and inches are hard to confuse so this is getting simpler by the
year.

Mirrors and be grouped by city, which works better for both big countries
(with multiple geographically diverse mirrors), small countries (that may
not have a mirror) and border regions (the closest mirror may be in another
country) and there are multiple efforts to have automatic mirror selection,
so with private mirrors, this comes down to three choices: use a mirror
network, pick nearest mirror, or use a private mirror.

I have probably missed other localization issues, but by and large we can
just treat them as configuration issues and the only time a country name
comes into play is when dealing with the few configuration issues that are
regulated by statute making the list of countries not an issue of local
pride but of laws accommodated so a country only needs placed on the list
if there is a regulation to be accommodated and the list gets much smaller.

-- 
--
Ben Hildred
Automation Support Services

Bug#871987: [Pkg-openssl-devel] Bug#871987: openvpn

[Kurt Roeckx]

On Fri, Aug 25, 2017 at 11:07:16PM +0800, Gedalya wrote:
> I tried openssl 1.1.0f-5 and it is indeed better with e.g. s_client.

After the upload I've been wondering if I should change it to
default set the minimum version to 1.0 again.


> However, I've locally built openvpn (and pkcs11-helper) with openssl 1.1.0.
> I'm not sure whether this is a bug with openvpn or an issue with this latest
> patch to openssl, but I've tried both these settings:
> 
> tls-version-min 1.0
> tls-version-max 1.0
> 
> in an openvpn client config, connecting to an old server supporting only
> TLS 1.0, and it doesn't work. It did of course work with with openssl 
> 1.1.0f-3.
> with 1.1.0f-5, I get:

openvpn doesn't seem to make use of the
SSL_CTX_set_min_proto_version() function yet. I've attached a
patch that I didn't even try to compile that I think should do the
right thing.


Kurt

--- src/openvpn/ssl_openssl.c.bak	2017-08-25 20:47:07.613021515 +0200
+++ src/openvpn/ssl_openssl.c	2017-08-25 20:56:45.152987547 +0200
@@ -215,6 +215,19 @@
 #endif
 }
 
+/* convert internal version number to openssl version number */
+static int
+openssl_tls_version(int ver)
+{
+if (ver == TLS_VER_1_0)
+return TLS1_VERSION;
+else if (ver == TLS_VER_1_1)
+return TLS1_1_VERSION;
+else if (ver == TLS_VER_1_2)
+return TLS1_2_VERSION;
+return 0;
+}
+
 void
 tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
 {
@@ -232,6 +245,14 @@
 
 tls_ver_max =
 (ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK;
+
+#if OPENSSL_VERSION_NUMBER >= 0x1010
+SSL_CTX_set_min_proto_version(ctx->ctx, openssl_tls_version(tls_ver_min));
+if (tls_ver_max <= TLS_VER_UNSPEC)
+{
+SSL_CTX_set_max_proto_version(ctx->ctx, openssl_tls_version(tls_ver_max));
+}
+#else /* OPENSSL_VERSION_NUMBER >= 0x1010*/
 if (tls_ver_max <= TLS_VER_UNSPEC)
 {
 tls_ver_max = tls_version_max();
@@ -253,6 +274,7 @@
 sslopt |= SSL_OP_NO_TLSv1_2;
 }
 #endif
+#endif /* OPENSSL_VERSION_NUMBER */
 #ifdef SSL_OP_NO_COMPRESSION
 /* Disable compression - flag not available in OpenSSL 0.9.8 */
 sslopt |= SSL_OP_NO_COMPRESSION;

Bug#873247: FTBFS with Java 9: javax.activation has gone

[Chris West]

Source: xmlstreambuffer
Version: 1.5.4
Severity: normal
User: debian-j...@lists.debian.org
Usertags: default-java9

This package fails to build with default-jdk pointing to openjdk-9-jdk.

javax.activation.DataSource has been removed in Java 9.

What are we doing about this? Patching packages to have extra dependencies
on some artifact that provides it? Um...

The wiki currently has a section about this, but no solution.
When there's a solution, please update the wiki so others can copy you:
https://wiki.debian.org/Java/Java9Pitfalls


Build log:

Caused by: java.lang.ClassNotFoundException: javax.activation.DataSource
  at 
java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:582)

Cheers,
Chris.

Bug#873246: tilix: Missing dependency python-nautilus

[Stefan Tatschner]

Package: tilix
Version: 1.6.4-1
Severity: normal

Dear Maintainer,

the tilix terminal package provides a nautilus shortcut to open a
terminal in the current directory. This shortcut is implemented as a
nautilus python plugin. This plugin depends on the "python-nautilus"
package. Since the python file is included in tilix, IMO
"python-nautilus" should be listed in the dependency list. I am not sure
if it should be in recommends or suggests, but it should be somewhere.

Stefan


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tilix depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.26.0-2+b1
ii  libc62.24-14
ii  libgtkd-3-0  3.6.5-2
ii  libphobos2-ldc72 1:1.2.0-1
ii  libvted-3-0  3.6.5-2
ii  libx11-6 2:1.6.4-3
ii  tilix-common 1.6.4-1

tilix recommends no packages.

tilix suggests no packages.

-- no debconf information

Bug#873244: pyjwt: CVE-2017-11424: Incorrect handling of PEM-encoded public keys

[Salvatore Bonaccorso]

Source: pyjwt
Version: 1.4.2-1
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/jpadilla/pyjwt/pull/277
Control: found -1 0.2.1-1+deb8u1

Hi,

the following vulnerability was published for pyjwt.

CVE-2017-11424[0]:
| In PyJWT 1.5.0 and below the `invalid_strings` check in
| `HMACAlgorithm.prepare_key` does not account for all PEM encoded
| public keys. Specifically, the PKCS1 PEM encoded format would be
| allowed because it is prefaced with the string `-BEGIN RSA PUBLIC
| KEY-` which is not accounted for. This enables
| symmetric/asymmetric key confusion attacks against users using the
| PKCS1 PEM encoded public keys, which would allow an attacker to craft
| JWTs from scratch.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11424

Please adjust the affected versions in the BTS as needed. I think this
should be present as well in 0.2.1-1+deb8u1.

Regards,
Salvatore

Bug#871709: mercurial: CVE-2017-1000115: path traversal via symlink

[Peter Linss]

Any chance of getting this fix backported to stretch?

Bug#873245: FTBFS with Java 9

[Chris West]

Source: yecht
Version: 1.1
Severity: normal
User: debian-j...@lists.debian.org
Usertags: default-java9
Tags: patch

This package fails to build with default-jdk pointing to openjdk-9-jdk.
The wiki has some common problems and their solutions:
https://wiki.debian.org/Java/Java9Pitfalls

I have sent upstream a patch:
https://github.com/jruby/yecht/pull/2

Build log:

[ERROR] /build/yecht-1.1/ext/ruby/src/java/YechtService.java:[21,41] reference 
to Module is ambiguous
[ERROR]   both class org.yecht.ruby.Module in org.yecht.ruby and class 
java.lang.Module in java.lang match
[ERROR] 


Cheers,
Chris.

Bug#873162: duplicity: missing dependency to gpg

[Alexander Zangerl]

On Fri, 25 Aug 2017 06:57:11 +, Markus Kasten writes:
>installing duplicity on a system without having gpg installed leaves the
>duplicity tool in a broken state.

gnupg is 'priority: important'
https://www.debian.org/doc/debian-policy/index.html#priorities
so it should normally be installed.

however, strictly speaking, only 'essential' packages are officially
exempt from listing as dependencies, so i'll fix this in the next upload.

regards
az


-- 
Alexander Zangerl + GPG Key 2FCCF66BB963BD5F + http://snafu.priv.at/
One of the main advantages of Unix over, say, MVS, is the 
tremendous number of features Unix lacks.  -- Chris Torek


signature.asc
Description: Digital Signature

Bug#873128: texlive-lang-arabic: XEPERSIAN PROBLEM WITH FONTSPEC ON DEBIAN STABLE

[Hilmar Preuße]

On 25.08.2017 07:56, حسن عابدی wrote:

Hi,

> (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/loadingorder-xepersian.def
> ) (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/listings-xepersian.def)
> (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/algorithmic-xepersian.def)
>  (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/algorithm-xepersian.def)
> (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/footnote-xepersian.def)
> (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/framed-xepersian.def)
> (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/hyperref-xepersian.def)
> (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/tocloft-xepersian.def)
> (/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/book-xepersian.def)!
> Undefined control sequence.\setlatintextfont code
> ..._fontspec_pass_args:nnn
>   
> \__xepersian_setlatintextf...
> l.878 ...{lmromanslant10-bold}]{lmroman10-regular}
>   %
> 
I'm able to reproduce the problem in stable. So the problem is fixed in
unstable.

(/usr/share/texlive/texmf-dist/tex/xelatex/xepersian/book-xepersian.def)
! Undefined control sequence.
\setlatintextfont code ..._fontspec_pass_args:nnn

\__xepersian_setlatintextf...
l.878 ...{lmromanslant10-bold}]{lmroman10-regular}
  %
? s
OK, entering \scrollmode...

Hilmar
-- 
http://www.hilmar-preusse.de.vu/   #206401 http://counter.li.org

Bug#824679: still using transitional package dependency, will become uninstallable

[Andreas Henriksson]

Control: severity 862850 important
Control: severity 862848 important
Control: severity 824679 important
Control: severity 841001 important
Control: severity 862847 important

Hello!

A gentle reminder that the dropping of the transitional iproute package
(which has now been obsolete for several releases) is imminent. This
will result in your package becoming uninstallable if the reported issue
is still not fixed.

Regards,
Andreas Henriksson

Bug#872626: python-statistics is already in experimental

[Ben Finney]

On 25-Aug-2017, Debian Bug Tracking System wrote:
> Date: Fri, 25 Aug 2017 21:19:50 +0300
> From: Adrian Bunk 
> […]
> 
> python-statistics is already in experimental:
>   https://tracker.debian.org/pkg/python-statistics

Thank you.

Hugo, what is needed to get this package into Unstable?

-- 
 \  “The entertainment industry calls DRM "security" software, |
  `\ because it makes them secure from their customers.” —Cory |
_o__) Doctorow, 2014-02-05 |
Ben Finney 


signature.asc
Description: PGP signature

Bug#873243: pkg-kde-tools: pkgkde-vcs tag do not handle distribution names

[Sandro Knauß]

Package: pkg-kde-tools
Version: 0.15.24
Severity: normal
Control: tag -1 +patch

Hey,

i actually uploading the fixes for jessie and stretch for CVE-2017-9604.
#869573
#869574
#869577

and therefor I have in the distribution field stretch/jessie and this is
not handled.
$pkgkde-vcs tag -s
pkgkde-vcs: fatal: invalid Debian distribution for tagging - stretch

or
$pkgkde-vcs tag -s
pkgkde-vcs: fatal: invalid Debian distribution for tagging - jessie

My fast patch:

--- /tmp/pkgkde-vcs 2017-08-25 20:29:09.0 +0200
+++ /usr/bin/pkgkde-vcs 2017-08-25 20:28:33.574350984 +0200
@@ -153,7 +153,7 @@
 {
 local distro
 test -n "$1" || distro="$DEB_DISTRIBUTION"
-if [ "$(expr match "$distro" 
'^\(\(stable\|testing\)\(-security\|-proposed-updates\)\|\(squeeze\|wheezy\|\)-backports\|stable\|unstable\|experimental\)$')"
 = "$distro" ]; then
+if [ "$(expr match "$distro" 
'^\(\(stable\|testing\)\(-security\|-proposed-updates\)\|\(squeeze\|wheezy\|stretch\|jessie\)-backports\|stable\|unstable\|experimental\|stretch\|jessie\)$')"
 = "$distro" ]; then
 return 0
 fi
 return 1

Best Regards,

sandro

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'oldstable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pkg-kde-tools depends on:
ii  libdpkg-perl  1.18.24
ii  perl  5.26.0-5
ii  python3   3.5.3-3

Versions of packages pkg-kde-tools recommends:
ii  dpkg-dev 1.18.24
ii  libwww-perl  6.15-2

Versions of packages pkg-kde-tools suggests:
ii  cdbs   0.4.152
ii  debhelper  10.7.2

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/bin/pkgkde-vcs (from pkg-kde-tools package)

Bug#873202: ITP: astroid -- graphical notmuch email client

[Adrian Bunk]

On Fri, Aug 25, 2017 at 04:22:17PM +0200, Jonas Smedegaard wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Jonas Smedegaard 
> 
> * Package name: astroid
>   Version : 0.9.1
>   Upstream Author : Gaute Hope 
> * URL : http://astroidmail.github.io/
> * License : GPL-3+
>   Programming Lang: C++
>   Description : graphical notmuch email client
>...

Note that the source package name is already taken in Debian:
  https://tracker.debian.org/pkg/astroid

But the binary package name is still available.

(The BTS has a poor handling of source and binary packages of the same
 name in different source packages, but that shouldn't be a blocker.)

>  - Jonas

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#873230: ITP: openvpn-auth-script -- OpenVPN script authentication module

[Troy Ready]

On Fri, Aug 25, 2017 at 9:39 AM, Bernhard Schmidt  wrote:

> On Fri, Aug 25, 2017 at 09:20:47AM -0700, Troy Ready wrote:
>
> Hi Troy,
>
> > * Package name: openvpn-auth-script
> >   Version : 0.0.1
> >   Upstream Author : Caius Durling 
> > * URL : https://github.com/fac/auth-script-openvpn
> > * License : Apache 2.0
> >   Programming Lang: C
> >   Description : OpenVPN script authentication module
> >
> > Runs an external script to decide whether to authenticate a user or not.
> > Useful for checking 2FA on VPN auth attempts as it doesn't block the
> > main openvpn process, unlike passing the script to the
> > auth-user-pass-verify flag.
> >
> > This plugin provides a significant improvement over the native OpenVPN
> > script auth functionality. I would love to see it included in Debian,
> > and would be happy to maintain it myself or as part of a team.
>
> Jörg Frings-Fürst and me have recently taken over the openvpn
> maintenance. There is no formal team yet (mainly due to no need and
> waiting for the Alioth replacement to form), but please do feel very
> much invited to join forces here.
>
> Bernhard
>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Awesome; glad to help in any way I can.

I have a debianized source repo of this ready to review at
https://github.com/troyready/auth-script-openvpn/tree/debian (debian branch)

 -Troy
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAlmgaZwACgkQwvJxYGTPVWkj2wCbBFdF7N6qMqC/k9lazSlqbQNh
z7IAn2fe7waM07+pF7q2gqzxCyd6qiST
=GdXA
-END PGP SIGNATURE-

Bug#869573: Bug#869577: stretch-pu: package kf5-messagelib/4:16.04.3-3

[Salvatore Bonaccorso]

Hi Sandro,

On Fri, Aug 25, 2017 at 07:49:05PM +0200, Sandro Knauß wrote:
> Hello security team,
> 
> just for you to mention the bug:
> 869573
> when updated will fix CVE-2017-9604 for jessie.
> 
> and the bugs
> 869574
> 869577
> will fix CVE-2017-9604 for stretch.
> 
> I saw at [1] that I've forgotten to send you this message.
> 
> See the discussion on 864804, why this is handled via pu.

Thanks for the heads up. We are tracking those already and will update
the security-tracker once the point releases have happened.

Thank you for taking care of those,

Regards,
Salvatore

Bug#873201: openssh-client: command line parsing with -- between option and non-option arguments completely broken

[Vincent Lefevre]

On 2017-08-25 16:57:58 +, Thorsten Glaser wrote:
> Vincent Lefevre dixit:
> 
> >The ssh manpage doesn't mention the support of "--".
> 
> It’s common and POSIX utility syntax, though, *and* it’s apparently
> somewhat supported, just in a very broken way.

It seems that ssh assumes that the argument after "--" is not
an option (vs any argument for usual commands).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#873180: RFS: node-cp/0.2.0-1 [ITP]

[Bastien Roucaries]

Control: tags -1 + moreinfo


Why not use fs-extra ?

Le 25 août 2017 13:06:06 GMT+02:00, Julien Puydt  a 
écrit :
>Package: sponsorship-requests
>Severity: wishlist
>
>  Dear mentors,
>
>  I am looking for a sponsor for my package "node-cp"
>
> * Package name: node-cp
>   Version : 0.2.0-1
>   Upstream Author : Stephen Mathieson
> * URL : https://github.com/stephenmathieson/node-cp
> * License : Expat
>   Section : web
>
>  It builds those binary packages:
>
>node-cp- File copy for Node.js
>
>  To access further information about this package, please visit the
>following URL:
>
>  https://mentors.debian.net/package/node-cp
>
>
>Alternatively, one can download the package with dget using this
>command:
>
>dget -x
>https://mentors.debian.net/debian/pool/main/n/node-cp/node-cp_0.2.0-1.dsc
>
>  I will maintain it within the Debian Javascript Maintainer team:
>Vcs-Git: https://anonscm.debian.org/git/pkg-javascript/node-cp.git
>Vcs-Browser: https://anonscm.debian.org/cgit/pkg-javascript/node-cp.git
>
>Thanks,
>
>Snark on #debian-js

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

Bug#873183: qgis-providers seems needing libspatialite.so.5 but this librarie isn't available in stretch repositories

[Jürgen E . Fischer]

forwarded 873183 https://issues.qgis.org/issues/17072
thanks

Hi Mathieu,

On Fri, 25. Aug 2017 at 14:39:40 +0200, Mathieu Denat wrote:
> For information, I encountered the same problem with the debian repositories
> (stretch), but i deduce that the package provides from 3rd party.
> So, I report this bug at qgis developpment team.

Thanks.  For references: the ticket is https://issues.qgis.org/issues/17072.

But I can't reproduce the problem on a clean installation of stretch - so
this might be a local issue.


Jürgen

-- 
Jürgen E. Fischer norBIT GmbH   Tel. +49-4931-918175-31
Dipl.-Inf. (FH)   Rheinstraße 13Fax. +49-4931-918175-50
Software Engineer D-26506 Norden   http://www.norbit.de


signature.asc
Description: PGP signature

Bug#793057: ITP: godot -- open source MIT licensed game engine

[Francesco Poli]

On Mon, 7 Aug 2017 21:43:43 -0400 Kienan Stewart wrote:

> I've had a first pass at creating a package for godot :
> https://mentors.debian.net/package/godot
[...]
> Once I find some time to clear up the lintian warnings, I'll do
> the RFS procedure
[...]

Hello Kienan,
I am a Debian user and contributor interested in seeing Godot packaged
for Debian.

I am afraid I won't have time to actively helping you out in the
packaging effort, but I would like to throw some suggestions in...


I read your three comments on the above-cited mentors.d.o page.


As far as the possible-gpl-code-linked-with-openssl Lintian warning
is concerned, I guess it's really caused by the debian/* licensing.
The general suggestion here is to license debian/* files not only in a
DFSG-free manner, but also at least as permissively as the upstream
software package.
Since Godot is mainly released under the terms of the Expat (MIT)
license, I would recommend you to re-license the debian/* files under
those same terms.

Moreover, I noticed that the upstream github repository includes
a file (named COPYRIGHT.txt) which (except for an initial comment)
seems to be formatted following the machine readable debian/copyright
file specification.
That file could be a good starting point to build the actual
debian/copyright file for the Debian package, of course without
forgetting to check against the actual package content!

I think that thirdparty/* projects should be purged from the orig.tar
archive (after making them unused, obviously!).
If you manage to do so, then you should not need to document their
licensing status. You should just document that they have been removed
by repacking the orig.tar archive...


Regarding the godot2 / godot3 split: if the two are installable side
by side, with no conflict whatsoever, and they are mutually
incompatible, then I think they should be packaged separately as godot2
and godot3, with distinct executable binaries.
But I would first concentrate on one version only (the stable one,
or maybe the alpha one, assuming it is usable enough: you get to
decide...).


Regarding the man pages, I would recommend you report upstream that
they are missing. If upstream developers do not consider this to be
a bug, I would suggest you to write the man pages on the basis of
upstream documentation and to contribute them back upstream
(under the same licensing terms as Godot).
Please see
https://www.debian.org/doc/debian-policy/#manual-pages


That's all, I hope my comments may be of some help.

Thank you for your effort to package Godot for Debian!
Looking forward to seeing the package uploaded to unstable
and ready to be tested.

Bye!


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpB2KZzlU6LQ.pgp
Description: PGP signature

Bug#869573: Bug#869577: stretch-pu: package kf5-messagelib/4:16.04.3-3

[Sandro Knauß]

Hello security team,

just for you to mention the bug:
869573
when updated will fix CVE-2017-9604 for jessie.

and the bugs
869574
869577
will fix CVE-2017-9604 for stretch.

I saw at [1] that I've forgotten to send you this message.

See the discussion on 864804, why this is handled via pu.

Best Regards,

sandro

[1] https://security-tracker.debian.org/tracker/CVE-2017-9604

--

On Dienstag, 22. August 2017 21:18:23 CEST Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2017-08-21 at 18:04 +0200, Sandro Knauß wrote:
> > now I rebuilt the package with the attached debdif on a sbuild -d stretch-
> > amd64 and tried kontact under a virtualbox.
> 
> Please go ahead.
> 
> Regards,
> 
> Adam



signature.asc
Description: This is a digitally signed message part.

Bug#873242: ITP: ruby-lograge -- Tame Rails' multi-line logging into a single line per request

[Pirate Praveen]

Package: wnpp
Severity: wishlist
Owner: Pirate Praveen 

from rubygems.org/gems/lograge
dependency of gitlab 9.5









signature.asc
Description: OpenPGP digital signature

Bug#873167: ITP: node-cp -- File copy for Node.js

[Bastien Roucaries]

Le 25 août 2017 10:53:19 GMT+02:00, Julien Puydt  a 
écrit :
>X-Debbugs-Cc: debian-de...@lists.debian.org
>Package: wnpp
>Severity: wishlist
>Owner: Julien Puydt 
>
>* Package name: node-cp
>  Version : 0.2.0
>  Upstream Author : Stephen Matieson
>* URL : https://github.com/stephenmathieson/node-cp
>* License : Expat
>  Programming Lang: Javascript
>  Description : File copy for Node.js
> This module provides synchronous file copy from a source path
> to a destination path.
>
>I need it to work on packages providing unicode data in Node.js, using
>the existing unicode-data package to generate "bindings", and plan to
>package it within the Debian Javascript Maintainers team.
>
>Snark on #debian-js
Patch and use fs-extra
-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

Bug#873241: cockpit: failing autopkgtests related to phantomjs

[Jeremy Bicha]

Source: cockpit
Version: 148-1
Severity: important

cockpit's autopkgtests are failing on Ubuntu 17.10 "artful" now.

http://autopkgtest.ubuntu.com/packages/c/cockpit/artful/amd64

Error: PhantomJS or driver broken

Notably, Qt 5.9 migrated to artful several hours ago and it looks like
phantomjs uses the Qt WebKit engine.


Thanks,
Jeremy Bicha

Bug#873201: openssh-client: command line parsing with -- between option and non-option arguments completely broken

[Thorsten Glaser]

Colin Watson dixit:

>I have forwarded your report upstream as

Thanks.

>https://bugzilla.mindrot.org/show_bug.cgi?id=2766.  If you can, please
>(if necessary) create an account on that Bugzilla instance and add

Hm, that bugzilla was not listed on their site either. But for a
drive-by bugreport I’m not very inclined to create an account
somewhere which I’ll forget later anyway.


Vincent Lefevre dixit:

>The ssh manpage doesn't mention the support of "--".

It’s common and POSIX utility syntax, though, *and* it’s apparently
somewhat supported, just in a very broken way.

bye,
//mirabilos
-- 
Yes, I hate users and I want them to suffer.
-- Marco d'Itri on gmane.linux.debian.devel.general

Bug#873239: Updating the mlgmp Uploaders list

[Mattia Rizzolo]

Source: mlgmp
Version: 20021123-19
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Mike Furr  has not been working on
the mlgmp package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873232: O: wmressel -- Dock app to change X11 resolutions

[Mattia Rizzolo]

Package: wnpp

The current maintainer of wmressel, Mike Furr ,
is apparently not active anymore.  Therefore, I orphan this package now.

Maintaining a package requires time and skills. Please only adopt this
package if you will have enough time and attention to work on it.

If you want to be the new maintainer, please see
https://www.debian.org/devel/wnpp/#howto-o for detailed
instructions how to adopt a package properly.

Some information about this package:

Package: wmressel
Binary: wmressel
Version: 0.8-5.2
Maintainer: Mike Furr 
Build-Depends: debhelper (>= 5), libgtk2.0-dev, libxext-dev, libxpm-dev, 
libsm-dev, libice-dev, libx11-dev, libxi-dev, libxxf86vm-dev, libxt-dev, 
libxinerama-dev
Architecture: any
Standards-Version: 3.7.2
Format: 1.0
Files:
 12248ef32531c7e9800626e9dc8be1a5 1721 wmressel_0.8-5.2.dsc
 c3eda3323206921ce13508795e4584f1 40583 wmressel_0.8.orig.tar.gz
 c00a4042c28f6f119af18340dc428626 58755 wmressel_0.8-5.2.diff.gz
Checksums-Sha256:
 5331911ccf54bccb827968d6ff024fa3c75d336ce41bc537ce90ddd16a307259 1721 
wmressel_0.8-5.2.dsc
 3b60a879d505d057817ef7f1b4e812d80f62b679ecc3bbac86a6999dbbd81d9a 40583 
wmressel_0.8.orig.tar.gz
 6fd364c53ce323934b595bc34f19cf0a76f0f3f800edf66c34f0785598f18127 58755 
wmressel_0.8-5.2.diff.gz
Package-List: 
 wmressel deb x11 optional arch=any
Directory: pool/main/w/wmressel
Priority: source
Section: x11

Package: wmressel
Source: wmressel (0.8-5.2)
Version: 0.8-5.2+b1
Installed-Size: 59
Maintainer: Mike Furr 
Architecture: amd64
Depends: libatk1.0-0 (>= 1.12.4), libc6 (>= 2.3), libcairo2 (>= 1.2.4), 
libfontconfig1 (>= 2.11), libfreetype6 (>= 2.2.1), libgdk-pixbuf2.0-0 (>= 
2.22.0), libglib2.0-0 (>= 2.16.0), libgtk2.0-0 (>= 2.8.0), libice6 (>= 
1:1.0.0), libpango-1.0-0 (>= 1.14.0), libpangocairo-1.0-0 (>= 1.14.0), 
libpangoft2-1.0-0 (>= 1.14.0), libsm6, libx11-6, libxext6, libxi6, 
libxinerama1, libxpm4, libxxf86vm1
Description: Dock app to change X11 resolutions
Description-md5: 6d15171e4a9944c6dedd3ea10ed24739
Tag: interface::graphical, interface::x11, role::program, scope::utility,
 suite::gnustep, uitoolkit::gtk, use::configuring, x11::applet
Section: x11
Priority: optional
Filename: pool/main/w/wmressel/wmressel_0.8-5.2+b1_amd64.deb
Size: 15240
MD5sum: c40615191440b27545beed05b47fd3bd
SHA256: 462c42a124ac4a00e6141c3b7075a8bb48cf60d36030b229df41ffd06ddb8df4


-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873233: Updating the perl4caml Uploaders list

[Mattia Rizzolo]

Source: perl4caml
Version: 0.9.5-5
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Mike Furr  has not been working on
the perl4caml package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873235: Updating the omake Uploaders list

[Mattia Rizzolo]

Source: omake
Version: 0.9.8.5-3-9
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Mike Furr  has not been working on
the omake package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873240: redshift-gtk: redshift doesn't launch either when launching in the console or at start of computer

[Paul Compagnon]

Package: redshift-gtk
Version: 1.11-1
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation? just installing the package and try to
launch it
   * What exactly did you do (or not do) that was effective (or
 ineffective)? try to launch it in th terminal
   * What was the outcome of this action? The redshift command was just
executing without doing nothing
   * What outcome did you expect instead? Launching of redshift program

*** End of the template - remove these template lines ***



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages redshift-gtk depends on:
pn  gir1.2-appindicator3-0.1  
ii  python3   3.5.3-3
ii  python3-gi3.22.0-2+b1
ii  python3-xdg   0.25-4
ii  redshift  1.11-1

Versions of packages redshift-gtk recommends:
ii  at-spi2-core  2.24.1-1

redshift-gtk suggests no packages.

Bug#873238: Updating the ocaml-getopt Uploaders list

[Mattia Rizzolo]

Source: ocaml-getopt
Version: 0.0.20040811-10
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Mike Furr  has not been working on
the ocaml-getopt package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873237: Updating the ocaml-reins Uploaders list

[Mattia Rizzolo]

Source: ocaml-reins
Version: 0.1a-7
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Mike Furr  has not been working on
the ocaml-reins package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873236: Updating the ocamlcreal Uploaders list

[Mattia Rizzolo]

Source: ocamlcreal
Version: 0.7-6
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Mike Furr  has not been working on
the ocamlcreal package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#873234: Updating the otags Uploaders list

[Mattia Rizzolo]

Source: otags
Version: 4.02.2-2
Severity: minor
User: m...@qa.debian.org
Usertags: mia-teammaint

Mike Furr  has not been working on
the otags package for quite some time.

We are tracking their status in the MIA team and would like to ask you
to remove them from the Uploaders list of the package so we can close
that part of the file.

(If the person is listed as Maintainer, what we are asking is to please
step in as a new maintainer.)

Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature