Bug#868483: cross-config: cross-config files missing for multiple architectures

[Helmut Grohne]

Control: severity -1 serious

On Sat, May 25, 2019 at 02:13:39AM +0100, Wookey wrote:
> > I think this should be fixed asap, ideally in buster. Do you agree with
> > bumping this bug to rcness?
> 
> Yes

Bumped.

> > Do you also agree with removing all ac_cv_sizeof_*? (At a later time)
> 
> If they are no longer needed by builds, yes. Do packages actually get
> these from the compiler now or does something else populate these
> variables when crossing?

"Recent" autotools gained an AC_COMPUTE_INT to determine the value of a
compile time integral expression. During native compilation it is
essentially printf("%d", ...). For cross compilation autotools
implements it using bisection on char "somearray[integral_expression <
test_value ? 1 : -1];". Repeatedly compiling such programs allows
deducing the value as negatively sized arrays yield a compilation
failure. AC_CHECK_SIZEOF is not implemented using AC_COMPUTE_INT.

Very old configure scripts may still need ac_cv_sizeof_*. The last one I
knew was blt #772590. I don't think we have an old-enough autoconf in
the archive, so any package that fails now is missing source.

For these reasons, I think that continuing to maintain ac_cv_sizeof_* is
not reasonable. And if we do so, we should generate them using
AC_CHECK_SIZEOF at build time. Or just remove them.

Helmut

Bug#929504: ITP: odysseus-web-browser -- A web browser focusing on decentralized discovery

[Adrian Lyall Cochrane]

Package: wnpp
Severity: wishlist
Owner: Adrian Lyall Cochrane 

* Package name: odysseus-web-browser
  Version : 1.5.17
  Upstream Author : Adrian Cochrane 
* URL : http://odysseus.adrian.geek.nz/
* License : GPL
  Programming Lang: Vala
  Description : A web browser focusing on decentralized discovery

A simple and performant yet powerful window onto the open decentralized web

Odysseus is a convenient and privacy-respecting web browser, that increasingly,
gently, and unobtrusively guides you wherever you want to go online.

Through this well thought out simplicity Odysseus lets you focus on the
webpages that matter to you.

High-level features:

* Tabbed web browsing
* Find-in-page
* Downloads
* Opens non-webpage links in 3rd party apps, or suggests ones to install
* DuckDuckGo integration
* Browser history
* Topsites with initial hand-curated recommendations
These features are completed to a high degree of polish.

---

I created my own web browser in order to experiment with relying on
decentralized protocols like webfeeds, SKOS, OpenSearch, and links for
discovery webpage rather than centralized websites. I have heard significant
interest from people online to have it packaged for Debian-based systems.

As such I'm keen to manage a Debian package for my work.

Bug#884999: debhelper: Please default Rules-Require-Root to no

[Hideki Yamane]

Hi,

On Fri, 24 May 2019 10:47:22 -0700
Sean Whitton  wrote:
> (surely we are a very long way from r-r-r: no for every package?)

 I don't think so since lintian info about "should-specify-rules-requires-root"
 containts only 98 packages.
 https://lintian.debian.org/tags/should-specify-rules-requires-root.html

 mandatory "r-r-r: no" in dpkg-dev and full rebuild shows exact numbers
 to be dealt with, IMO.


-- 
Hideki Yamane 

Bug#926242: jenkins.debian.org: Please test reproducibility status of Debian Installer images

[Vagrant Cascadian]

On 2019-05-18, Chris Lamb wrote:
>> Now, regarding building d-i as a normal package, I hit a bit of a
>> readblock because it fails while trying to download the files in the
>> nodes running in the future.
>
> Sounds about right:
>
>   
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/debian-installer.html
>
> get-packages udeb  
> make[10]: 'sources.list.udeb' is up to date.
> Get:3 copy:/build/debian-installer-20190410/2nd/build localudebs/ 
> Packages [20 B]
...
> Get:4 http://cdn-fastly.deb.debian.org/debian buster InRelease [163 kB]
> Reading package lists...
> E: Release file for http://deb.debian.org/debian/dists/buster/InRelease 
> is expired (invalid since 391d 12h 5min 44s). Updates for this repository 
> will not be applied.
>
>> What d-i does it copying the url from the host's (or, well, the
>> chroot's) /etc/apt/sources.list, but it seems it doesn't also pick up an
>> eventual [check-valid-until=no] placed on the same line :\
>
> Nod. Any further thoughts on this? It would be great to see where we
> are at here...

Colin Watson removed it back in 2011:

  
https://salsa.debian.org/installer-team/debian-installer/commit/fa965c32ca8bfa2ff14886c6f0dca131532815c7

commit fa965c32ca8bfa2ff14886c6f0dca131532815c7
Author: Colin Watson 
Date:   Mon Mar 14 18:08:25 2011 +

Skip the option field in sources.list lines, if present.
   

diff --git a/build/util/gen-sources.list.udeb 
b/build/util/gen-sources.list.udeb   
index e86b4fa66..9f140100e 100755
--- a/build/util/gen-sources.list.udeb
+++ b/build/util/gen-sources.list.udeb
@@ -36,6 +36,7 @@ get_mirrors() {
[ -s $file ] || continue
grep '^deb[[:space:]]' $file | \
   grep -v '^deb[[:space:]]\+cdrom:' | \
   
+  sed 's,^deb \[[^]]*\] ,deb ,' | \
   grep -v 
'\(security.debian.org\|volatile.debian.\(net\|org\)\)' | \ 

   grep '[[:space:]]main' | \
   awk '{print $1 " " $2}' | \


Happen to remember what it breaks to have these present? If it was a
workaround, perhaps it is no longer needed?


live well,
  vagrant


signature.asc
Description: PGP signature

Bug#905272: guile-gnutls: The guile-gnutls package is absent from the distribution

[Vagrant Cascadian]

Control: tags 905272 patch

On 2018-08-05, Andreas Metzler wrote:
> On 2018-08-02 Renge  wrote:
>> The guile-gnutls package is absent, yet it is still included in the
>> gnutls distribution.
>> Would it be packaged again?
>
> Hello,
>
> no I do not expect so, reasons for removal were never fixed. (Build
> errors, test suite error. Possibly caused by bugs in GNU guile itself.)

The old packages were built with guile-2.0, and guile-2.2 is now in
Debian. With the attached patch re-enabling guile-gnutls built against
guile 2.2, it builds and passes the test suite for me:

make[6]: Entering directory '/<>/b4deb/guile'
PASS: tests/errors.scm
PASS: tests/pkcs-import-export.scm
PASS: tests/anonymous-auth.scm
PASS: tests/session-record-port.scm
PASS: tests/x509-certificates.scm
PASS: tests/priorities.scm
PASS: tests/srp-base64.scm
PASS: tests/x509-auth.scm

Testsuite summary for GnuTLS 3.6.7

# TOTAL: 8
# PASS:  8
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0

make[6]: Leaving directory '/<>/b4deb/guile'


Would you consider re-enabling at least in experimental to test if the
issues have since been fixed?


live well,
  vagrant

From e0e9fe872603ddf8329dbf811c0403860e965d63 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Thu, 16 May 2019 04:37:42 -0700
Subject: [PATCH] Add back guile-gnutls. - Add guile-2.2-dev to Build-Depends.

---
 debian/control  | 27 ++-
 debian/guile-gnutls.install |  2 ++
 debian/rules|  9 +++--
 3 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 debian/guile-gnutls.install

diff --git a/debian/control b/debian/control
index f56e2b8..63ead65 100644
--- a/debian/control
+++ b/debian/control
@@ -15,6 +15,7 @@ Build-Depends:
  datefudge ,
  debhelper-compat (=11),
  freebsd-net-tools [kfreebsd-i386 kfreebsd-amd64] ,
+ guile-2.2-dev,
  libcmocka-dev ,
  libgmp-dev (>= 2:6),
  libidn2-dev,
@@ -56,7 +57,7 @@ Depends:
  libtasn1-6-dev,
  nettle-dev (>= 3.4.1~rc1),
  ${misc:Depends}
-Suggests: gnutls-bin, gnutls-doc
+Suggests: gnutls-doc, gnutls-bin, guile-gnutls
 Conflicts: gnutls-dev
 Replaces: gnutls-dev
 Multi-Arch: same
@@ -149,6 +150,30 @@ Description: GNU TLS library - documentation and examples
  .
  This package contains all the GnuTLS documentation.
 
+Package: guile-gnutls
+# everything except ia64 - Field must be single line, unfolded!
+Architecture: amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc ppc64el s390 s390x sparc hurd-i386
+Section: lisp
+Depends: ${misc:Depends},${shlibs:Depends}, guile-2.2
+Description: GNU TLS library - GNU Guile bindings
+ GnuTLS is a portable library which implements the Transport Layer
+ Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram
+ Transport Layer Security (DTLS 1.0, 1.2) protocols.
+ .
+ GnuTLS features support for:
+  - TLS extensions: server name indication, max record size, opaque PRF
+input, etc.
+  - authentication using the SRP protocol.
+  - authentication using both X.509 certificates and OpenPGP keys.
+  - TLS Pre-Shared-Keys (PSK) extension.
+  - Inner Application (TLS/IA) extension.
+  - X.509 and OpenPGP certificate handling.
+  - X.509 Proxy Certificates (RFC 3820).
+  - all the strong encryption algorithms (including SHA-256/384/512 and
+Camellia (RFC 4132)).
+ .
+ This package contains the GNU Guile 2.2 modules.
+
 Package: libgnutlsxx28
 Architecture: any
 Depends:
diff --git a/debian/guile-gnutls.install b/debian/guile-gnutls.install
new file mode 100644
index 000..e9cea96
--- /dev/null
+++ b/debian/guile-gnutls.install
@@ -0,0 +1,2 @@
+debian/tmp/usr/lib/*/guile/*/guile-gnutls*.so*
+debian/tmp/usr/share/guile/site
diff --git a/debian/rules b/debian/rules
index 8c7300c..b6e231b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -19,11 +19,15 @@ endif
 AMCONFBUILDINDEP := $(shell if dh_listpackages | grep -q gnutls-doc ; \
 	then echo "--enable-gtk-doc" ; \
 	else echo "--disable-gtk-doc --disable-doc"; fi)
+AMCONFBUILDGUILE := $(shell if dh_listpackages | grep -q guile-gnutls ; \
+	then \
+	echo " --enable-guile --with-guile-site-dir=/usr/share/guile/site" ;\
+	else echo " --disable-guile" ; fi)
 
 CONFIGUREARGS = \
 	--enable-ld-version-script --enable-cxx \
 	--disable-rpath \
-	--enable-libdane --without-tpm --disable-guile \
+	--enable-libdane --without-tpm \
 	--enable-openssl-compatibility \
 	--disable-silent-rules \
 	--with-unbound-root-key-file=/usr/share/dns/root.key \
@@ -31,6 +35,7 @@ CONFIGUREARGS = \
 	--with-packager=Debian \
 	--with-packager-bug-reports=http://bugs.debian.org/ \
 	--with-packager-version=$(DEB_VERSION) \
+	$(AMCONFBUILDGUILE)
 
 BDIR = -O--builddirectory=b4deb
 
@@ -47,7 +52,7 @@ override_dh_makeshlibs:
 	

Bug#884999: debhelper: Please default Rules-Require-Root to no

[Sean Whitton]

Hello,

On Fri 24 May 2019 at 08:43PM +00, Niels Thykier wrote:

> FYI, debhelper is *not* in control of the default for r-r-r (as stated
> in the quoted text).  Therefore, "Changing debhelper'r default" cannot
> be the solution here.

Ah, indeed.  I should have written "the default in our package build
toolchain" as I didn't really mean to distinguish between dpkg and
debhelper in making my point.

Thank you for pointing out the error.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#926182: Patch: Use alternatives system for guile-2.2-dev binaries

[Rob Browning]

Rob Browning  writes:

> I'm not certain, but I'm planning to work on guile over the next week.
> If so, I should be able to take a look.

Just as an update, I obviously didn't get to it earlier this week, but
I'm looking in to it now.

After I poke around a bit, I suspect the next step will be to contact
the release managers to see what they think about any proposed changes
because of course if they're not in favor, then the changes may have to
wait.

I expect I'll be able to report back in a couple of days.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#929501: lintian: missing-dep-for-interpreter guile: very outdated guile versions

[Vagrant Cascadian]

Package: lintian
Version: 2.14.0
Severity: normal
Tags: patch

While packaging a new guile package, I got an error about missing
dependencies that have been removed since before stretch!

  E: guile-ssh: missing-dep-for-interpreter guile => guile | guile-1.6 |
  guile-1.8 (usr/bin/ssshd.scm) #!/usr/bin/guile

guile-1.6 was last present in wheezy.
guile-1.8 was last present in jessie.
guile-2.0 is available jessie-buster.
guile-2.2 is available in buster.

An untested patch attached which updates to guile-2.0 and guile-2.2.


Though guile-2.0 should probably be discouraged for new packages, as
there are bug reports requesting to migrate to 2.0 on a handful of
packages, for example:

  https://bugs.debian.org/885188


Maybe that should be a lintian check as well?


live well,
  vagrant

From 9e4e6219b29fc1f246e5c1216fa9476f612fafb1 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Fri, 24 May 2019 15:39:31 -0700
Subject: [PATCH] versioned-interpreters: Add guile 2.0 and 2.2, remove 1.6 and
 1.8.

Guile version 1.6 was dropped in jessie, and 1.8 was dropped in
stretch.
---
 data/scripts/versioned-interpreters | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/scripts/versioned-interpreters b/data/scripts/versioned-interpreters
index 7e140590d..afd4274c8 100644
--- a/data/scripts/versioned-interpreters
+++ b/data/scripts/versioned-interpreters
@@ -69,7 +69,7 @@
 #
 
 
-guile   => /usr/bin, guile-([\d.]+), guile-$1, 1.6 1.8,
+guile   => /usr/bin, guile-([\d.]+), guile-$1, 2.0 2.2,
 jruby   => /usr/bin, jruby([\d.]+), jruby$1, 1.0 1.1 1.2
 lua => /usr/bin, lua([\d.]+), lua$1, 40 50 5.1 5.2
 octave  => /usr/bin, octave([\d.]+), octave$1, 3.0 3.2
-- 
2.20.1



signature.asc
Description: PGP signature

Bug#916326: %5Bnetwork-manager%5D

[piobair]

Package%3A network-manager%0D%0AVersion%3A 1.6.2-3%2Bdeb9u2%0D%0A%0D%0A--- 
Please enter the report below this line. ---%0D%0A%0D%0A%0D%0A--- System 
information. ---%0D%0AArchitecture%3A %0D%0AKernel%3A   Linux 4.9.0-9-
amd64%0D%0A%0D%0ADebian Release%3A 9.9%0D%0A  500 stable  
security.debian.org %0D%0A  500 stable  ftp.us.debian.org %0D%0A%0D
%0A--- Package information. ---%0D%0ADepends  %28Version
%29 | Installed%0D%0A==-%2B-=
%0D%0Alibaudit1 %28>= 1%3A2.2.1%29 | 1%3A2.6.7-2%0D
%0Alibbluetooth3%28>= 4.91%29 | 5.43-2%2Bdeb9u1%0D%0Alibc6  
  
%28>= 2.17%29 | 2.24-11%2Bdeb9u4%0D%0Alibglib2.0-0   %28>= 
2.43.2%29 | 2.50.3-2%0D%0Alibgnutls30 %28>= 3.5.0%29 | 
3.5.8-5%2Bdeb9u4%0D%0Alibgudev-1.0-0%28>= 165%29 | 230-3%0D
%0Alibjansson4 %28>= 2.0.1%29 | 2.9-1%0D%0Alibmm-glib0  
   
%28>= 1.0.0%29 | 1.6.4-1%0D%0Alibndp0   %28>= 1.2%29 | 
1.6-1%2Bb1%0D%0Alibnewt0.52| 0.52.19-1%2Bb1%0D
%0Alibnl-3-200%28>= 3.2.21%29 | 3.2.27-2%0D%0Alibnm0
 
%28>= 1.5.90%29 | 1.6.2-3%2Bdeb9u2%0D%0Alibpolkit-agent-1-0  %28>= 
0.99%29 | 0.105-18%2Bdeb9u1%0D%0Alibpolkit-gobject-1-0   %28>= 0.104%29 | 
0.105-18%2Bdeb9u1%0D%0Alibreadline7  %28>= 6.0%29 | 7.0-3%0D
%0Alibselinux1  %28>= 1.32%29 | 2.6-3%2Bb3%0D%0Alibsoup2.4-1
 
%28>= 2.40%29 | 2.56.0-2%2Bdeb9u2%0D%0Alibsystemd0   %28>= 
221%29 | 232-25%2Bdeb9u11%0D%0Alibteamdctl0  %28>= 1.9%29 | 
1.26-1%2Bb1%0D%0Alibuuid1 %28>= 2.16%29 | 
2.29.2-1%2Bdeb9u1%0D%0Ainit-system-helpers %28>= 1.18~%29 | 1.48%0D
%0Alsb-base   %28>= 3.2-14%29 | 9.20161125%0D%0Awpasupplicant   
  
%28>= 0.7.3-1%29 | 2%3A2.4-1%2Bdeb9u3%0D%0Adbus%28>= 
1.1.2%29 | 1.10.26-0%2Bdeb9u1%0D%0Audev   | 
232-25%2Bdeb9u11%0D%0Aadduser| 3.115%0D
%0Alibpam-systemd | 232-25%2Bdeb9u11%0D%0Apolicykit-1   
 
| 0.105-18%2Bdeb9u1%0D%0A%0D%0A%0D%0ARecommends%28Version%29 | 
Installed%0D%0A===-%2B-%0D
%0Appp | 2.4.7-1%2B4%0D%0Adnsmasq-base  
  
| 2.76-5%2Bdeb9u2%0D%0Aiptables| 
1.6.0%2Bsnapshot20161117-6%0D%0Amodemmanager| 
1.6.4-1%0D%0Acrda| 3.18-1%0D%0Aisc-dhcp-client  
   
%28>= 4.1.1-P1-4%29 | 4.3.5-3%2Bdeb9u1%0D%0Aiputils-arping  
| 3%3A20161105-1%0D%0A%0D%0A%0D%0ASuggests   %28Version%29 | Installed
%0D%0A-%2B-===%0D%0Alibteam-utils   
 
|
root@kilroy/# iplink show 
|4: wlx9cefd5fdec63:  mtu 1500 qdisc mq 
state DOWN mode DORMANT group default qlen 1000
link/ether 1a:6f:41:91:ab:a7 brd ff:ff:ff:ff:ff:ff
root@kilroy:/# modinfo rt2800usb |grep 5372
alias:  usb:v148Fp5372d*dc*dsc*dp*ic*isc*ip*in*
root@kilroy:/# nmcli dev wifi connect "C" password "inclludes)`"
> 
> ^C
root@kilroy/# iwconfig
wlx9cefd5fdec63  IEEE 802.11  ESSID:off/any  
  Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
  Retry short limit:7   RTS thr:off   Fragment thr:off
  Encryption key:off
  Power Management:off

Note that nmcli provides a prompt after supplying a password. ??
A previous installation of network-manager was space delimited, i.e. did not 
require quotes for the ESSID or password. Also, the previous edition (which 
still works on a different machine) lists C(wlx9cefd5fdec63) 
for the ESSID in the network manager GUI
Net result is that although several WiFi signals are shown, the package will 
not connect.

Bug#702577: Would like to resolve this issue

[Antonio Terceiro]

On Fri, May 24, 2019 at 10:17:00PM +0530, Manas Kashyap wrote:
> Hola ,
> I would like to work on this issue and get it resolved .

I'm not sure we really want to do this.

Bundler is now bundled together with Ruby 2.6 as a "default gem", so it
does not make sense for us to expect upstream code to no contain usage
of bundler. We will have to live alongside bundler, and learn how to
deal with it.


signature.asc
Description: PGP signature

Bug#929397: ftp.d.o: please upload LTS .buildinfo files to ftp-master

[Holger Levsen]

Hi Chris,

On Thu, May 23, 2019 at 07:22:57AM +0100, Chris Lamb wrote:
> > | for ftp.d.o there's a cronjob running as my user on 
> > coccia.d.o,
> >   which surely is a hack, but works for now. […]
> Would a "clean" dak-based solution…
> > Also please note that this bug will only become relevant when Stretch
> > becomes LTS as only dpkg from stretch (and newer) produces .buildinfo
> > files.
> … mean this is easily implemented for LTS too by "simply" updating the
> version of dak to this hypothetical version?

I don't think so, but I really don't know that much about dak and how
it's set up.

But since filing this bug one thing has occured to me: Debian LTS
uploads now go to security-master, thus this is more or less the same
problem as "#862538: security.debian.org: Please POST .buildinfo files
to buildinfo.debian.net".


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#929357: radvd systemd is disabled but runned after installation

[sergio]

On 25/05/2019 00:24, Geert Stappers wrote:


> Please do understand that radvd is not a webserver nor a database
> engine like postgress.
> 
> For radvd is no default configuration available that is harmless for
> all sites where `apt install radvd` is done.
> 
> That in other words:  Starting radvd upon install with some "works
> for me configuration" is considered HARMFULL.

So it must not be started after `apt install radvd`.


> I do understand the wish that radvd should be started upon install
> like Apache, nginx or Postgress as we are used to in Debian. But I
> don't know with which sane default configuration.
> 
> Leaving ticket open for a while  in case a good config shows up.

The default configuration should be:

interface  {
AdvSendAdvert on;
prefix ::/64 {};
};

Interface  should be asked by debconf during installation process.



But really there is one more issue, prompted me to open this bug:
I've dist-upgraded the host, with configured radvd. From stretch
with sysvinit to buster with systemd. After dist-upgrade I was need to
enable radvd manually with systemctl enable radvd.service.


-- 
sergio.

Bug#929357: radvd systemd is disabled but runned after installation

[Geert Stappers]

On Fri, May 24, 2019 at 08:56:21AM +0300, sergio wrote:
> 
> radvd should be enabled so it will be started at boot time
> 
> or
> 
> it should not not start after the installation
> 
> 
> I'm for the first.
> 


Please do understand that radvd is not a webserver
nor a database engine like postgress.

For radvd is no default configuration available
that is harmless for all sites where `apt install radvd` is done.

That in other words:  Starting radvd upon install with
some "works for me configuration" is considered HARMFULL.


I do understand the wish that radvd should be started upon
install like Apache, nginx or Postgress as we are used to in Debian.
But I don't know with which sane default configuration.


Leaving ticket open for a while  in case a good config shows up.


Regards
Geert Stappers


signature.asc
Description: PGP signature

Bug#929245: further note

[Kathryn Tolsen]

ok well its not huge deal just would like to see mulihead support improve
which is why i reported it. there is a patch upstream with regard to
desktop icons in caja that was proposed and never merged.. that also is
useful because it allows the icons to go on primary display even if its not
0,0.. which was a big deal when i tried enabling my fathers tv fo use for
video output when his monitor is to the right and his icons wouldnt stay on
right display dven when it was primary.

On Fri, May 24, 2019, 4:14 PM Mike Gabriel 
wrote:

> Hi Kathryn,
>
> On  Mi 22 Mai 2019 09:37:49 CEST, Kathryn Tolsen wrote:
>
> > I apologize for the quoting, I'm a bit email challenged.
> >
> > I just wanted to further note that with the setup as it is now, with the
> > background image cleared up as it was in my last screenshot, when I do
> > cleanup on the icons which should put them in the top left corner, I dont
> > see any of my icons anywhere on any of my three screens. Also I cannot
> > right click the desktop and get a context menu in that area even though
> its
> > no longer glitching.
>
> I cannot promise anything for Caja in Debian 10, but MATE in general
> is not handling all XRANDR / XINERAMA events gracefully and glitches
> occur (also in the screensaver component).
>
> I hope that I'll be able to spend some time of it over the summer.
> Maybe others find time to address this earlier.
>
> Sorry for this vague outlook,
> Mike
> --
>
> DAS-NETZWERKTEAM
> c\o Technik- und Ökologiezentrum Eckernförde
> Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
> mobile: +49 (1520) 1976 148
> landline: +49 (4354) 8390 139
>
> GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
> mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
>
>

Bug#904132: ITP: browsh -- Fully interactive, realtime, and modern text-based browser

[Paride Legovini]

Control: retitle 904132 RFP: browsh -- Fully interactive, realtime, and modern 
text-based browser

I don't think I'll have time to work on this in the short term,
so I'm demoting this bug to a RFP.

Paride

Bug#884999: debhelper: Please default Rules-Require-Root to no

[Niels Thykier]

Sean Whitton:
> Hello,
> 
> On Fri 24 May 2019 at 01:42PM +09, Hideki Yamane wrote:
> 
>> Hi,
>>
 In summary: The debhelper fundamentally cannot affect whether
 Rules-Requires-Root: no is default or not.  The debhelper compat level
 system is the wrong interface to do this as well.

 That said, in a distant future, I hope we can flip the default of
 Rules-Requires-Root.  But when that comes, it will not be via a
 debhelper compat level AFAICT.
>>
>>  If we want to implement "Rules-Requires-Root: no" mandatory,
>>  is it dpkg-dev and policy issue?
> 
> Requiring maintainers to put `Rules-Requires-Root: no` in every single
> d/control file would be a debian-policy bug, yes.
> 
> Changing debhelper's default, if that remainder overrideable by the
> maintainer, would not be.
> 
> (surely we are a very long way from r-r-r: no for every package?)
> 

FYI, debhelper is *not* in control of the default for r-r-r (as stated
in the quoted text).  Therefore, "Changing debhelper'r default" cannot
be the solution here.

Thanks,
~Niels

Bug#903759: [Debian-med-packaging] Bug#903759: 903759: marking as pending

[Andrius Merkys]

Hi Graham,

I will upload soon. Became DD only recently, did not revisit my fixes to
upload the packages.

Thanks for noticing,
Andrius

On Fri, 24 May 2019, 23:18 Graham Inggs,  wrote:

> Hi Andrius
>
> On Sat, 9 Mar 2019 at 14:45, Andrius Merkys 
> wrote:
> > the bug is fixed in salsa, marking the bug as pending.
>
> Is there a reason not to upload?
>
> Do you need a sponsor?
>
> Regards
> Graham
>

Bug#929500: unblock: nx-libs/2:3.5.99.19-3

[Mike Gabriel]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nx-libs

++ Add 0003_xkbUtils.c-Catch-division-by-zero.patch.
+  Catch occasional division-by-zero error. (Closes: #929498).

Users reported division by zero errors, see
https://github.com/ArcticaProject/nx-libs/issues/808

++ Add 0004_libNX_X11-add-additional-checks-for-dpy-and-xkb.patch.
+  Don't reference dpy nor xkb if undefined. (Closes: #929499).

Users reported crashes in XKeycodeToKeysym()
https://github.com/ArcticaProject/nx-libs/issues/801

Thanks+Greets,
Mike


unblock nx-libs/2:3.5.99.19-3

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru nx-libs-3.5.99.19/debian/changelog nx-libs-3.5.99.19/debian/changelog
--- nx-libs-3.5.99.19/debian/changelog  2019-05-12 11:08:25.0 +0200
+++ nx-libs-3.5.99.19/debian/changelog  2019-05-24 22:27:02.0 +0200
@@ -1,7 +1,17 @@
+nx-libs (2:3.5.99.19-3) unstable; urgency=medium
+
+  * debian/patches (cherry-picked from upstream):
++ Add 0003_xkbUtils.c-Catch-division-by-zero.patch.
+  Catch occasional division-by-zero error. (Closes: #929498).
++ Add 0004_libNX_X11-add-additional-checks-for-dpy-and-xkb.patch.
+  Don't reference dpy nor xkb if undefined. (Closes: #929499).
+
+ -- Mike Gabriel   Fri, 24 May 2019 22:27:02 +0200
+
 nx-libs (2:3.5.99.19-2) unstable; urgency=medium
 
   * debian/patches (cherry-picked from upstream):
-+ Add 0001_nxagent-Determine-nxagentProgName-only-once.patch. Keep flavour 
++ Add 0001_nxagent-Determine-nxagentProgName-only-once.patch. Keep flavour
   mode (i.e., running as nxagent or x2goagent) after session resumptions.
   (Closes: #928760).
 + Add 0002_nxdialog-bin-nxdialog-Fix-error-dialog-type-not-supp.patch.
diff -Nru 
nx-libs-3.5.99.19/debian/patches/0003_xkbUtils.c-Catch-division-by-zero.patch 
nx-libs-3.5.99.19/debian/patches/0003_xkbUtils.c-Catch-division-by-zero.patch
--- 
nx-libs-3.5.99.19/debian/patches/0003_xkbUtils.c-Catch-division-by-zero.patch   
1970-01-01 01:00:00.0 +0100
+++ 
nx-libs-3.5.99.19/debian/patches/0003_xkbUtils.c-Catch-division-by-zero.patch   
2019-05-24 21:53:48.0 +0200
@@ -0,0 +1,28 @@
+From 4df77fe73fe03dc3098190f3702c0d5ab415968a Mon Sep 17 00:00:00 2001
+From: Ulrich Sibiller 
+Date: Wed, 15 May 2019 19:42:29 +0200
+Subject: [PATCH 1/2] xkbUtils.c: Catch division by zero
+
+Fixes ArcticaProject/nx-libs#808
+---
+ nx-X11/programs/Xserver/xkb/xkbUtils.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/nx-X11/programs/Xserver/xkb/xkbUtils.c 
b/nx-X11/programs/Xserver/xkb/xkbUtils.c
+index 028f32454..21a5ce76a 100644
+--- a/nx-X11/programs/Xserver/xkb/xkbUtils.c
 b/nx-X11/programs/Xserver/xkb/xkbUtils.c
+@@ -685,6 +685,10 @@ unsigned  act;
+   else group= newGroup;
+   }
+   else {
++#ifdef NXAGENT_SERVER
++/* we have seen division by zero here */
++if (ctrls->num_groups != 0)
++#endif
+   group%= ctrls->num_groups;
+   }
+ }
+-- 
+2.20.1
+
diff -Nru 
nx-libs-3.5.99.19/debian/patches/0004_libNX_X11-add-additional-checks-for-dpy-and-xkb.patch
 
nx-libs-3.5.99.19/debian/patches/0004_libNX_X11-add-additional-checks-for-dpy-and-xkb.patch
--- 
nx-libs-3.5.99.19/debian/patches/0004_libNX_X11-add-additional-checks-for-dpy-and-xkb.patch
 1970-01-01 01:00:00.0 +0100
+++ 
nx-libs-3.5.99.19/debian/patches/0004_libNX_X11-add-additional-checks-for-dpy-and-xkb.patch
 2019-05-24 21:53:48.0 +0200
@@ -0,0 +1,44 @@
+From 20353e96a390a029f7b3b18fc7ddd82eae98b935 Mon Sep 17 00:00:00 2001
+From: Ulrich Sibiller 
+Date: Wed, 15 May 2019 19:54:24 +0200
+Subject: [PATCH 2/2] libNX_X11: add additional checks for dpy and xkb
+
+We have seen crashes during session shutdown/connection problems
+here. These patches should avoid them. There's no proper way to test
+them, but they should do no harm..
+
+Fixes ArcticaProject/nx-libs#801
+Fixes https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=695
+---
+ nx-X11/lib/src/xkb/XKBBind.c | 14 ++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/nx-X11/lib/src/xkb/XKBBind.c b/nx-X11/lib/src/xkb/XKBBind.c
+index 068e8f2a0..ffe5ad9d7 100644
+--- a/nx-X11/lib/src/xkb/XKBBind.c
 b/nx-X11/lib/src/xkb/XKBBind.c
+@@ -108,7 +108,21 @@ XKeycodeToKeysym(Display *dpy,
+ 
+ _XkbCheckPendingRefresh(dpy, dpy->xkb_info);
+ 
++#ifdef NX_TRANS_SOCKET
++/*
++   check again, we have seen cases where the connection broke
++   during 

Bug#903759: [Debian-med-packaging] Bug#903759: 903759: marking as pending

[Graham Inggs]

Hi Andrius

On Sat, 9 Mar 2019 at 14:45, Andrius Merkys  wrote:
> the bug is fixed in salsa, marking the bug as pending.

Is there a reason not to upload?

Do you need a sponsor?

Regards
Graham

Bug#929245: further note

[Mike Gabriel]

Hi Kathryn,

On  Mi 22 Mai 2019 09:37:49 CEST, Kathryn Tolsen wrote:


I apologize for the quoting, I'm a bit email challenged.

I just wanted to further note that with the setup as it is now, with the
background image cleared up as it was in my last screenshot, when I do
cleanup on the icons which should put them in the top left corner, I dont
see any of my icons anywhere on any of my three screens. Also I cannot
right click the desktop and get a context menu in that area even though its
no longer glitching.


I cannot promise anything for Caja in Debian 10, but MATE in general  
is not handling all XRANDR / XINERAMA events gracefully and glitches  
occur (also in the screensaver component).


I hope that I'll be able to spend some time of it over the summer.  
Maybe others find time to address this earlier.


Sorry for this vague outlook,
Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpGBdHQzOTeE.pgp
Description: Digitale PGP-Signatur

Bug#929499: Crash in XKeycodeToKeysym()

[Mike Gabriel]

Package: src:nx-libs
Version: 2:3.5.99.19-2
Severity: important
Tags: patch fixed-upstream
Forwarded: https://github.com/ArcticaProject/nx-libs/issues/801

In libnx-x11, it was found that pointers (dpy, xkb) are referenced  
without them being checked for being NULL or valid object pointers.


This was fixed by this upstream PR:
https://github.com/ArcticaProject/nx-libs/pull/809

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

>From 20353e96a390a029f7b3b18fc7ddd82eae98b935 Mon Sep 17 00:00:00 2001
From: Ulrich Sibiller 
Date: Wed, 15 May 2019 19:54:24 +0200
Subject: [PATCH 2/2] libNX_X11: add additional checks for dpy and xkb

We have seen crashes during session shutdown/connection problems
here. These patches should avoid them. There's no proper way to test
them, but they should do no harm..

Fixes ArcticaProject/nx-libs#801
Fixes https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=695
---
 nx-X11/lib/src/xkb/XKBBind.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/nx-X11/lib/src/xkb/XKBBind.c b/nx-X11/lib/src/xkb/XKBBind.c
index 068e8f2a0..ffe5ad9d7 100644
--- a/nx-X11/lib/src/xkb/XKBBind.c
+++ b/nx-X11/lib/src/xkb/XKBBind.c
@@ -108,7 +108,21 @@ XKeycodeToKeysym(Display *dpy,
 
 _XkbCheckPendingRefresh(dpy, dpy->xkb_info);
 
+#ifdef NX_TRANS_SOCKET
+/*
+   check again, we have seen cases where the connection broke
+   during CheckPendingEvents(), followed by a crash when accessing
+   dpy. See https://github.com/ArcticaProject/nx-libs/issues/801
+*/
+if (_XkbUnavailable(dpy))
+return _XKeycodeToKeysym(dpy, kc, col);
+#endif
+
 xkb = dpy->xkb_info->desc;
+#ifdef NX_TRANS_SOCKET
+if (xkb == NULL)
+return _XKeycodeToKeysym(dpy, kc, col);
+#endif
 if ((kc < xkb->min_key_code) || (kc > xkb->max_key_code))
 return NoSymbol;
 
-- 
2.20.1



pgpdxSxTzb0Fm.pgp
Description: Digitale PGP-Signatur

Bug#929498: Division by zero error

[Mike Gabriel]

Package: src:nx-libs
Severity: important
Version: 2:3.5.99.19-2
Tags: patch fixed-upstream
Forwareded: https://github.com/ArcticaProject/nx-libs/issues/808

On the nx-libs upstream issue tracker, an occasional division-by-zero  
error in nxagent's xkb extension got recently reported.


The issue has been fixed upstream by this PR:
https://github.com/ArcticaProject/nx-libs/pull/809

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

>From 4df77fe73fe03dc3098190f3702c0d5ab415968a Mon Sep 17 00:00:00 2001
From: Ulrich Sibiller 
Date: Wed, 15 May 2019 19:42:29 +0200
Subject: [PATCH 1/2] xkbUtils.c: Catch division by zero

Fixes ArcticaProject/nx-libs#808
---
 nx-X11/programs/Xserver/xkb/xkbUtils.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/nx-X11/programs/Xserver/xkb/xkbUtils.c 
b/nx-X11/programs/Xserver/xkb/xkbUtils.c
index 028f32454..21a5ce76a 100644
--- a/nx-X11/programs/Xserver/xkb/xkbUtils.c
+++ b/nx-X11/programs/Xserver/xkb/xkbUtils.c
@@ -685,6 +685,10 @@ unsigned   act;
else group= newGroup;
}
else {
+#ifdef NXAGENT_SERVER
+ /* we have seen division by zero here */
+ if (ctrls->num_groups != 0)
+#endif
group%= ctrls->num_groups;
}
 }
-- 
2.20.1



pgpT6XD6qfudT.pgp
Description: Digitale PGP-Signatur

Bug#929497: ITP: virulencefinder -- identify virulence genes in total or partial sequenced isolates of bacteria

[Andreas Tille]

Package: wnpp
Severity: wishlist

Subject: ITP: virulencefinder -- identify virulence genes in total or partial 
sequenced isolates of bacteria
Package: wnpp
Owner: Andreas Tille 
Severity: wishlist

* Package name: virulencefinder
  Version : 0.0+git20190402.4812325
  Upstream Author : Ole Lund, Technical University of Denmark
* URL : https://bitbucket.org/genomicepidemiology/virulencefinder
* License : Apache-2.0
  Programming Lang: Python
  Description : identify virulence genes in total or partial sequenced 
isolates of bacteria
 The VirulenceFinder service contains one Python script
 virulencefinder.py which is the script of the latest version of the
 VirulenceFinder service. VirulenceFinder identifies viruelnce genes in
 total or partial sequenced isolates of bacteria - at the moment only E.
 coli, Enterococcus, S. aureus and Listeria are available.

Remark: This package is maintained by Debian Med Packaging Team at
   https://salsa.debian.org/med-team/virulencefinder

Bug#929496: ITP: python-cgecore -- Python3 module for the Center for Genomic Epidemiology

[Andreas Tille]

Package: wnpp
Severity: wishlist

Subject: ITP: python-cgecore -- Python3 module for the Center for Genomic 
Epidemiology
Package: wnpp
Owner: Andreas Tille 
Severity: wishlist

* Package name: python-cgecore
  Version : 1.4.4
  Upstream Author : Center for Genomic Epidemiology
* URL : https://bitbucket.org/genomicepidemiology/cge_core_module/
* License : Apache-2.0
  Programming Lang: Python
  Description : Python3 module for the Center for Genomic Epidemiology
 This Python3 module contains classes and functions needed to run the
 service wrappers and pipeline scripts developed by the Center for
 Genomic Epidemiology.

Remark: This package is maintained by Debian Med Packaging Team at
   https://salsa.debian.org/med-team/python-cgecore

Bug#928026: Bug#928227: technical solutions enabling binNMUs in the security archive (support of golang packages)

[Ansgar]

Paul Gevers writes:
> On 20-05-2019 09:06, Ansgar wrote:
>> I though about importing the full source to security-master already for
>> a different reason: `Built-Using` leads to a similar problem as binNMUs
>> in that uploads require source that is not already present in the
>> archive.
>> 
>> It is not necessary to push all sources to the public mirrors.
>
> Does this mean you think it is feasible to do/fix this in the near future?

Importing sources once is probably doable; writing something to continue
updating them (at point release time and similar) takes more time which
I currently can't commit to.

There is also the question of storage: the full buster source is
something like 60 GB+, but security-master only has 63 GB free storage
right now (need to check with DSA by how much that could increase).
Though we might need more storage over the lifetime of Buster anyway as
eventually oldstable will have debug symbols too...

If storage is a problem, we would need to look at importing only
subsets, but I don't really like treating packages differently.

Ansgar

Bug#625847: Newer unattended-upgrades mails even if there aren't packages on hold

[Bálint Réczey]

Hi Sean,

Sean Whitton  ezt írta (időpont: 2019. máj.
24., P, 19:45):
>
> Hello Balint,
>
> On Thu 23 May 2019 at 09:19PM +02, Bálint Réczey wrote:
>
> > I believe what you would like to see fixed is described in #924554,
> > which is already scheduled to be in Buster.
>
> Thank you for this fix!
>
> Maybe #625847 should be closed?
>
> I'm sorry for not doing enough homework to figure this out myself for a
> second time this month.

No problem. :-) The bugs need a bit of gardening, too, to have fewer
overlapping ones.

This bug is very old (hence it is not about the regression) and in my
interpretation it asks for something different from #924554 thus I
think this is not fully fixed yet.

Cheers,
Balilnt

Bug#929495: libpam-tmpdir: too strict permissions on /tmp/user may lead to errors in other programs

[Andrey Bondarenko]

Package: libpam-tmpdir
Version: 0.09+b2
Severity: normal

Dear Maintainer,

pam_tmpdir creates /tmp/user with strict permissions (drwx--x--x root:root)
Some programs report unwanted permission denied errors while walking from 
temporary file in $TMP to /. For example error appears in gwenview.

To reproduce error you first need to enable Sidebar with active Folders tab.
Then you need to create screenshot from Spectacle and export it to gwenview.
Gewnview will try to build full tree from screenshot image in $TMP and report
error "Could not enter folder /tmp/user".

Is there are good reason for removing world readable permissions from /tmp/user
by default? If defaults cannot be changed, is it possible to make it 
configurable
option so local administrator can decide what permissions use for /tmp/user?


-- System Information:
Debian Release: 9.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpam-tmpdir depends on:
ii  libc6   2.24-11+deb9u4
ii  libpam-runtime  1.1.8-3.6
ii  libpam0g1.1.8-3.6

libpam-tmpdir recommends no packages.

libpam-tmpdir suggests no packages.

-- no debconf information

Bug#929494: Workaround

[Ian Jackson]

Tollef Fog Heen writes ("Bug#929494: Workaround"):
> You can use
>   Header set Content-Type "text/plain" "expr=-z%{CONTENT_TYPE}"
> instead (from http://httpd.apache.org/docs/current/mod/mod_headers.html)

This is *much* better of course.

> Maybe this should be added to docs.

Yes, please.  Ideally next to the documentation for DefaultType.

Not because people who did have DefaultType should use this, but
because that's where you end up if you search the docs for "default".

Thanks,
Ian.

-- 
Ian JacksonThese opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Bug#924132: runit: Add support for runit in init-system-helpers

[Felipe Sateler]

Hi Lorenz

On Tue, May 21, 2019, 11:42 Lorenzo Puliti  wrote:

> Control: reassign 924132 init-system-helpers
>
> Dear init-system-helpers Maintainers,
>
>  here are a series of 5 commits that add support for runit-init into
>  'update-rc.d', 'invoke-rc.d' and 'service' scripts.
>
>
> https://salsa.debian.org/Lorenzo.ru.g-guest/init-system-helpers/commits/runit
>
>  This has been already reviewed by Dmitry Bogatov.
>  If you don't have further question or requirements, can you upload to
> experimental
>  and then, after Buster release, to unstable?
>

Could you post the patches as a salsa MR? It would make for easier review.


Saludos

Bug#884999: debhelper: Please default Rules-Require-Root to no

[Sean Whitton]

Hello,

On Fri 24 May 2019 at 01:42PM +09, Hideki Yamane wrote:

> Hi,
>
>> > In summary: The debhelper fundamentally cannot affect whether
>> > Rules-Requires-Root: no is default or not.  The debhelper compat level
>> > system is the wrong interface to do this as well.
>> >
>> > That said, in a distant future, I hope we can flip the default of
>> > Rules-Requires-Root.  But when that comes, it will not be via a
>> > debhelper compat level AFAICT.
>
>  If we want to implement "Rules-Requires-Root: no" mandatory,
>  is it dpkg-dev and policy issue?

Requiring maintainers to put `Rules-Requires-Root: no` in every single
d/control file would be a debian-policy bug, yes.

Changing debhelper's default, if that remainder overrideable by the
maintainer, would not be.

(surely we are a very long way from r-r-r: no for every package?)

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#625847: Newer unattended-upgrades mails even if there aren't packages on hold

[Sean Whitton]

Hello Balint,

On Thu 23 May 2019 at 09:19PM +02, Bálint Réczey wrote:

> I believe what you would like to see fixed is described in #924554,
> which is already scheduled to be in Buster.

Thank you for this fix!

Maybe #625847 should be closed?

I'm sorry for not doing enough homework to figure this out myself for a
second time this month.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#929483: robocode: Class not found program wont start

[Bardot Jérôme]

Le 24/05/2019 à 17:00, Markus Koschany a écrit :
> Control: severity -1 grave
>
> On Fri, 24 May 2019 13:45:04 +0200 Bardot Jerome
>  wrote:
> [...]
>> Can't find robocode.core-1.x.jar module near to robocode.jar
>> Class path: /usr/share/java/robocode.jar
> Thanks for reporting. This is another Java 11 issue. It seems we have to
> explicitly add some jar files to the classpath now. This is also known
> upstream as
>
> https://sourceforge.net/p/robocode/bugs/407/
>
> I will prepare an update for Buster soon.
>
> Regards,
>
> Markus
>
Nice thx a lot for your efforts



0x053A41EF03878A98.asc
Description: application/pgp-keys

Bug#929494: Please can we have DefaultType back

[Ian Jackson]

Package: apache2
Version: 2.4.25-3+deb9u7

I have just perpetrated this:


  ForceType text/plain


which is just awful.  This is an insane way to spell this, and it also
means I have to repeat all of the file extensions which my system
might work with, rather than using the handy list in mime.types.

My system is a CI system which generates largely textual logfiles,
whose filenames do not, and should not, generally end in .txt.  So in
my context, a default file type is absolutely correct.  It ought to be
supported.

(And type-sniffing is definitely wrong here.)

I understand that DefaultType was previously needed basically
everywhere, but is now not usually recommended.  That's fine.  I don't
mind if I have to write ReallyDefaultTypeIPromiseIKnowWhatImDoing.

Thanks,
Ian.

-- 
Ian JacksonThese opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Bug#929493: totem crashes on startup due to protocol error

[Jorge Gonzalez]

Package: totem
Version: 3.30.0-4
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Normal update via apt-get update && upgrade

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Launching totem from GNOME or console doesn't work, throws the
following error:
Gdk-Message: 18:52:28.873: Error 71 (Protocol error) dispatching to
Wayland display.

To launch totem from the console the following has to be executed:
GDK_BACKEND=x11 totem

   * What was the outcome of this action?
If launched without GDK_BACKEND=x11 the alreday mentioned error is
shown:
Gdk-Message: 18:52:28.873: Error 71 (Protocol error) dispatching to
Wayland display.

If launched with GDK_BACKEND=x11 it plays one video but no videos can
be played drag-and-dropping.

   * What outcome did you expect instead?
Normal totem opening and video playing.



-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages totem depends on:
ii  grilo-plugins-0.3   0.3.8-2
ii  gsettings-desktop-schemas   3.28.1-1
ii  gstreamer1.0-clutter-3.03.0.26-2
ii  gstreamer1.0-plugins-base   1.14.4-1
ii  gstreamer1.0-plugins-good   1.14.4-1
ii  gstreamer1.0-x  1.14.4-1
ii  libc6   2.28-10
ii  libcairo2   1.16.0-4
ii  libgdk-pixbuf2.0-0  2.38.1+dfsg-1
ii  libglib2.0-02.58.3-1
ii  libgstreamer-plugins-base1.0-0  1.14.4-1
ii  libgstreamer1.0-0   1.14.4-1
ii  libgtk-3-0  3.24.5-1
ii  libnautilus-extension1a 3.30.5-1
ii  libpango-1.0-0  1.42.4-6
ii  libpangocairo-1.0-0 1.42.4-6
ii  libtotem-plparser18 3.26.2-1
ii  libtotem0   3.30.0-4
ii  libx11-62:1.6.7-1
ii  totem-common3.30.0-4

Versions of packages totem recommends:
ii  gstreamer1.0-libav 1.15.0.1+git20180723+db823502-2
ii  gstreamer1.0-plugins-bad   1.14.4-1+b1
ii  gstreamer1.0-plugins-ugly  1.14.4-1
ii  gstreamer1.0-pulseaudio1.14.4-1
ii  totem-plugins  3.30.0-4

Versions of packages totem suggests:
pn  gnome-codec-install  

-- no debconf information

Bug#929492: iwyu: Requests to add forward declaration which is in file

[Charlemagne Lasse]

Package: iwyu
Version: 7.0-3
Forwarded: 
https://github.com/include-what-you-use/include-what-you-use/issues/682
Tags: buster sid
X-Debbugs-CC: Kim Grasman 

Problem can reproduced via (please check the first line):

struct foobar;

struct foobar *test(struct foobar *asd)
{
return asd;
}

And then iwyu tells me:

$ iwyu test.c

test.c should add these lines:
struct foobar;

test.c should remove these lines:

The full include-list for test.c:
struct foobar;
---

Something which is already there. Now adding the line again:

struct foobar;
struct foobar;
struct foobar *test(struct foobar *asd)
{
return asd;
}

But it tells me now again that I should add this line again:

$ iwyu test.c

test.c should add these lines:
struct foobar;

test.c should remove these lines:

The full include-list for test.c:
struct foobar;
---

This currently breaks iwyu for me in Debian Buster

Bug#702577: Would like to resolve this issue

[Manas Kashyap]

Hola ,
I would like to work on this issue and get it resolved .

Bug#929491: [src:vlc] crashes at entering DVD menu

[Alex Volkov]

Package: src:vlc
Version: 3.0.6-0+deb9u1
Severity: important

--- Please enter the report below this line. ---

"Floating poing exception", similar to this ancient bug: https://
forum.videolan.org/viewtopic.php?t=24848


--- System information. ---
Architecture: 
Kernel:   Linux 4.19.28-bootes0-iommu-p-1000

Debian Release: 9.9
  991 stable  security.debian.org 
  991 stable  ftp.fi.debian.org 
  990 stretch-backports ftp.debian.org 
  500 stable  dl.google.com 
  500 stable  deb.torproject.org 
  101 stable-backports www.deb-multimedia.org 
  101 stable  www.deb-multimedia.org 
  100 testing ftp.fi.debian.org 

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.

Bug#927347: voctomix-outcasts: don't use hardcoded filenames in /tmp - even for testing

[Holger Levsen]

Hi Carl,

On Thu, May 23, 2019 at 07:04:59PM -0500, Carl Karsten wrote:
> deleted one file, fixed the other.

cool, thanks!

> And addressed this from #dc-v
> (11:13:09 AM) olasd: CarlFK: why did you add a deinterlace in
> https://github.com/CarlFK/voctomix-outcasts/commit/174b1c9fd77f5f49f4040e0747e70ca8f39c7c39
> (11:14:19 AM) olasd: it makes the loop wobblwobble

nice. that's present since v0.6.0?

> tested, and made some notes about how to test
> https://github.com/CarlFK/voctomix-outcasts/blob/master/tests/README.md

nice

> Can you package please?
> https://github.com/CarlFK/voctomix-outcasts/releases/tag/v0.9.0

If you could also sign your tags, that would be great! (git tag -s)

> As always, thank you for your help.

my pleasure!

for now I'm uploading this just to experimental as the changes for
ingest.py are a bit too big for aiming for buster at this time, I
believe. if the videoteam thinks otherwise, eg due to the wobblewobble
being present in buster atm, please tell me.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#841230: moveirulzhd

[Mahesh Kpm]

Bug#929440: spacezero FTCBFS: builds for the wrong architecture

[mariano]

Thanks for the patch. 

added to the svn version: spacezero 0.87.16

El jue, 23-05-2019 a las 15:45 +0200, Helmut Grohne escribi??:
> Source: spacezero
> Version: 0.80.06-1
> Tags: patch
> User: helm...@debian.org
> Usertags: rebootstrap
> 
> spacezero fails to cross build from source, because it does not pass
> cross tools to make. The easiest way of fixing that - using
> dh_auto_build - does not entirely fix the build. The upstream
> Makefile
> hard codes the build architecture pkg-config. The attached patch
> makes
> spacezero cross buildable. Please consider applying it.
> 
> Helmut

Bug#906728: linux-perf-4.17: "perf report" fails with "failed to process sample"

[Ben Hutchings]

On Fri, 2019-05-24 at 14:57 +0200, Vladimír Čunát wrote:
> Hello!  For others who stumble on this...
> 
> I got this message when my perf version didn't match the running kernel,
> and it disappeared when I fixed that.  (It was on a different distro
> than Debian - NixOS, but I don't expect distro is really relevant for
> this problem.)

Debian doesn't have that problem, because it uses a wrapper script to
select the right version for the running kernel.

Ben.

-- 
Ben Hutchings
This sentence contradicts itself - no actually it doesn't.




signature.asc
Description: This is a digitally signed message part

Bug#929490: thunar: Fails to start with "Failed to register: Timeout was reached"

[Bardot Jerome]

Package: thunar
Version: 1.8.4-1
Severity: important

Dear Maintainer,

For a reason not really clear for me sometimes i can’t start thunar anymore.

About my config :
I use i3 and in my conf file :

bindsym $mod+Shift+k exec thunar

It permit to start thunar with mod+Shift+k shortcut


This bug is also references on arch : https://bugs.archlinux.org/task/60229

I have a custom action in thunar, i don’t know if it can be related :
xterm -hold -e cd "%f"

also when the error (this time not check others) I have some defunct services.

$ ps axo stat,ppid,pid,comm | grep -w defunct
Z 1158  1170 sh 
Z 1906  1911 pmdaproc 
Z 1906  1917 pmdakvm 
Z 1906 14097 pmdaproc 
Z 1906 14099 pmdaxfs 
Z 1906 14101 pmdalinux 
Z 1906 14102 pmdakvm 


A
$ killall thunar

"fix" the trouble.



-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages thunar depends on:
ii  desktop-file-utils  0.23-4
ii  exo-utils   0.12.4-1
ii  libatk1.0-0 2.30.0-2
ii  libc6   2.28-10
ii  libcairo2   1.16.0-4
ii  libexo-2-0  0.12.4-1
ii  libgdk-pixbuf2.0-0  2.38.1+dfsg-1
ii  libglib2.0-02.58.3-1
ii  libgtk-3-0  3.24.5-1
ii  libgudev-1.0-0  232-2
ii  libice6 2:1.0.9-2
ii  libnotify4  0.7.7-4
ii  libpango-1.0-0  1.42.4-6
ii  libsm6  2:1.2.3-1
ii  libthunarx-3-0  1.8.4-1
ii  libxfce4ui-2-0  4.12.1-3
ii  libxfce4util7   4.12.1-3
ii  libxfconf-0-2   4.12.1-1
ii  shared-mime-info1.10-1
ii  thunar-data 1.8.4-1

Versions of packages thunar recommends:
ii  dbus-x11 [dbus-session-bus]  1.12.12-1
ii  gvfs 1.38.1-3
ii  libcairo-gobject21.16.0-4
ii  libpangocairo-1.0-0  1.42.4-6
ii  libxfce4panel-2.0-4  4.12.2-1
ii  policykit-1-gnome [polkit-1-auth-agent]  0.105-7
ii  thunar-volman0.9.1-1
ii  tumbler  0.2.3-1
ii  udisks2  2.8.1-4
ii  xdg-user-dirs0.17-2

Versions of packages thunar suggests:
ii  thunar-archive-plugin 0.4.0-2
ii  thunar-media-tags-plugin  0.3.0-2

-- no debconf information

Bug#929483: robocode: Class not found program wont start

[Markus Koschany]

Control: severity -1 grave

On Fri, 24 May 2019 13:45:04 +0200 Bardot Jerome
 wrote:
[...]
> Can't find robocode.core-1.x.jar module near to robocode.jar
> Class path: /usr/share/java/robocode.jar

Thanks for reporting. This is another Java 11 issue. It seems we have to
explicitly add some jar files to the classpath now. This is also known
upstream as

https://sourceforge.net/p/robocode/bugs/407/

I will prepare an update for Buster soon.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#929487: unblock: dmarc-cat/0.9.2-4

[Antoine Beaupré]

Control: retitle -1 unblock: dmarc-cat/0.9.2-4

The right package version is actually -4, I have tried to upload the -3
back into unstable, but that failed, naturally...

So please:

unblock dmarc-cat/0.9.2-4

The debdiff is almost identical, except for the extra changelog entry.

diff -Nru dmarc-cat-0.9.2/debian/changelog dmarc-cat-0.9.2/debian/changelog
--- dmarc-cat-0.9.2/debian/changelog2019-05-21 10:13:55.0 -0400
+++ dmarc-cat-0.9.2/debian/changelog2019-05-24 10:45:11.0 -0400
@@ -1,3 +1,15 @@
+dmarc-cat (0.9.2-4) unstable; urgency=medium
+
+  * upload to unstable
+
+ -- Antoine Beaupré   Fri, 24 May 2019 10:45:11 -0400
+
+dmarc-cat (0.9.2-3) experimental; urgency=medium
+
+  * fix autopkgtest missing build-tree requirement
+
+ -- Antoine Beaupré   Thu, 23 May 2019 14:51:42 -0400
+
 dmarc-cat (0.9.2-2) unstable; urgency=medium
 
   * move test suite to autopkgtest because of network access (Closes:
diff -Nru dmarc-cat-0.9.2/debian/tests/control 
dmarc-cat-0.9.2/debian/tests/control
--- dmarc-cat-0.9.2/debian/tests/control2019-05-21 10:13:55.0 
-0400
+++ dmarc-cat-0.9.2/debian/tests/control2019-05-24 10:45:11.0 
-0400
@@ -1,2 +1,3 @@
 Test-command: HOME=$AUTOPKGTEST_TMP dh_auto_test -O--buildsystem=golang
 Depends: @, @builddeps@
+Restrictions: build-needed

Bug#929488: buster: system hangs on shutdowwn

[Michael Biebl]

Control: tags -1 + moreinfo

Am 24.05.19 um 16:19 schrieb gilles.nau...@laposte.net:
> Package: systemd-sysv
> Version: 241-3
> Debain Version: buster
> Severity: important
> 
> Dear maintainers:
> 
> I tried to upgrade my laptop from Stretch to Buster.( I use lightldm for
> login and Xface  as DM).
> On shutdown, the screen freezes and I have to power off my laptop manually.
> I found that the command "lspci" hangs also the system.
> I went back to Stretch and run "lshw" command : you will find the result
> at the end of my message.
> I have the same behavior with the Debian-Live-buster DVD : so, I can
> execute complementary command in order to find out where is the bug.


Can you please change the kernel command and remove the "quiet"
parameter and instead add "systemd.log_level=debug"

Then shutdown and make a screenshot when it hangs.
Which command did you use to shutdown the system?

If lspci freezes your system, you might have a kernel problem.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#929480: systemd: systemctl hangs while starting services waiting for systemd-tty-ask-password-agent

[Michael Biebl]

Control: tags -1 + moreinfo unreproducible

Am 24.05.19 um 12:12 schrieb root:
> Package: systemd
> Version: 232-25+deb9u11
> Severity: important
> 
> Dear Maintainer,
> 
> * What led up to the situation?
> Fresh install of Raspbian.
> 
> * What exactly did you do (or not do) that was effective (or ineffective)?
> Installed gpsd, chrony. Then tried to restart chronyd from ssh.
> 
> * What was the outcome of this action?
> systemctl hangs while starting chronyd waiting for 
> systemd-tty-ask-password-agent what shouldn't happen, because root does not 
> need to be asked for passwords.
> 
> * What outcome did you expect instead?
> systemctl starting chronyd (or other services) regardless waiting for any 
> password entry.
> 
> This bug is a regression. It was reported about four years ago, fixed. And 
> now it is there again.

Unfortunately, I can't reproduce the problem, so it will be hard to
further diagnose it. Can you reproduce the issue (reliably)?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#929476: Debian 9 installation.

[Lennart Sorensen]

On Fri, May 24, 2019 at 11:10:43AM +0200, mb wrote:
> Package: installation-reports
> 
> Boot method: USB pen drive prepared in Windows10 with RUFUS (MBR, GPT, iso, 
> dd: always same problem) or with UBUNTU 18 dd command
> Image version: 
> https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-9.9.0-amd64-DVD-1.iso
>   
> 
> Date: from 19 May to 24 May 2019
> 
> Machine: Acer spin 3
> Processor: I3
> Memory: 8 GByte
> Partitions: unallocated 52 GByte on sdd disk for dual boot with Windows10 Home
> 
> Output of lspci -knn (or lspci -nn):
> 
> Base System Installation Checklist:
> [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it
> 
> Initial boot:   [O ]
> Detect network card:[ ]
> Configure network:  [ ]
> Detect CD:  [E ]
> Load installer modules: [ ]
> Detect hard drives: [ ]
> Partition hard drives:  [ ]
> Install base system:[ ]
> Clock/timezone setup:   [ ]
> User/password setup:[ ]
> Install tasks:  [ ]
> Install boot loader:[ ]
> Overall install:[ ]
> 
> Comments/Problems:
> 
> The installation in Graphic mode after the language, country and locales 
> stops because cannot find the CD.
> It is not clear what is such "CD"? All installation software isn't in 
> thedebian-9.9.0-amd64-DVD-1.iso  
> 
>   file loaded on the USB pen drive?
> 
> Googled a lot, it seems most of people face a lot of trouble with Debian 
> installation but no solutions available.
> Is this Debian only for very expert users? I'm Using UBUNTU since 2012, even 
> when I was a complete newbie I succeed into dual boot installation,
> With Debian it seems I have to spend months for learning very advanced 
> knowledge or gathering information.
> I understood Debian was an operating  system accessible to everybody not 
> dedicated to very specialized Information technology people only.

Most people don't have a problem installing.  Of course searching will
mostly find the people that did have problems since people without
problems usually don't post anything to say "everything worked fine".

That laptop is very new and it is possible some part of the hardware
isn't supported by the kernel in Debian 9.  It was released in 2017
after all, quite a bit before that laptop existed.

You could try the installer for testing (The Debian 10 in development
right now) to see if that works better.  I suspect Debian 10 will make
it out sometime this year.

-- 
Len Sorensen

Bug#929489: mmdebstrap: Although proot is installed, mmdebstrap chooses fakeroot mode

[Christoph Groth]

Package: mmdebstrap
Version: 0.4.1-3
Severity: normal

Thanks a lot for mmdebstrap, it's extremely useful!

I noticed a minor problem with it.  According to the manpage, if proot is
installed, mmdebstrap should chooose proot-mode by default.  I do not observe
this behavior.  When I explicitly give the option --mode=proot everything works
and I can enter the resulting chroot with proot.  But if I do not give this
option, fakeroot mode is chosen.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8), LANGUAGE=en_US:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mmdebstrap depends on:
ii  apt   1.8.1
ii  perl  5.28.1-6
ii  perl-doc  5.28.1-6

Versions of packages mmdebstrap recommends:
ii  arch-test   0.15-2
ii  fakechroot  2.19-3.2
ii  fakeroot1.23-1
ii  mount   2.33.1-0.1
ii  uidmap  1:4.5-1.1

Versions of packages mmdebstrap suggests:
pn  binfmt-support
ii  dpkg-dev  1.19.6
ii  proot 5.1.0-1.3
pn  qemu-user 
pn  qemu-user-static  

-- no debconf information

Bug#929488: buster: system hangs on shutdowwn

[gilles . naulin]

Package: systemd-sysv 
Version: 241-3 
Debain Version: buster 
Severity: important 

Dear maintainers: 

I tried to upgrade my laptop from Stretch to Buster.( I use lightldm for login 
and Xface as DM). 
On shutdown, the screen freezes and I have to power off my laptop manually. 
I found that the command "lspci" hangs also the system. 
I went back to Stretch and run "lshw" command : you will find the result at the 
end of my message. 
I have the same behavior with the Debian-Live-buster DVD : so, I can execute 
complementary command in order to find out where is the bug. 
Thank in advance 
Regards 
Gilles 



lshw: 
description: Notebook 
product: GV62 8RE (16JE.1) 
vendor: Micro-Star International Co., Ltd. 
version: REV:1.0 
serial: 9S716JE32022ZI421 
width: 64 bits 
capabilities: smbios-3.1 dmi-3.1 smp vsyscall32 
configuration: boot=normal chassis=notebook family=GV sku=16JE.1 
uuid=1C47C0B3-1054-4365-8705-C14E515B845E 
*-core 
description: Motherboard 
product: MS-16JE 
vendor: Micro-Star International Co., Ltd. 
physical id: 0 
version: REV:1.0 
serial: BSS-0123456789 
slot: Default string 
*-firmware 
description: BIOS 
vendor: American Megatrends Inc. 
physical id: 1 
version: E16JEIMS.105 
date: 04/11/2018 
size: 64KiB 
capacity: 15MiB 
capabilities: pci upgrade shadowing cdboot bootselect edd int13floppy1200 
int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial 
int17printer acpi usb biosbootspecification uefi 
*-memory 
description: System Memory 
physical id: 3b 
slot: System board or motherboard 
size: 8GiB 
*-bank:0 
description: SODIMM DDR4 Synchronous 2667 MHz (0.4 ns) 
product: M471A1K43BB1-CRC 
vendor: Samsung 
physical id: 0 
serial: 986AB4BE 
slot: ChannelA-DIMM0 
size: 8GiB 
width: 64 bits 
clock: 2667MHz (0.4ns) 
*-bank:1 
description: [empty] 
physical id: 1 
slot: ChannelA-DIMM1 
*-bank:2 
description: [empty] 
physical id: 2 
slot: ChannelB-DIMM0 
*-bank:3 
description: [empty] 
physical id: 3 
slot: ChannelB-DIMM1 
*-cache:0 
description: L1 cache 
physical id: 46 
slot: L1 Cache 
size: 256KiB 
capacity: 256KiB 
capabilities: synchronous internal write-back unified 
configuration: level=1 
*-cache:1 
description: L2 cache 
physical id: 47 
slot: L2 Cache 
size: 1MiB 
capacity: 1MiB 
capabilities: synchronous internal write-back unified 
configuration: level=2 
*-cache:2 
description: L3 cache 
physical id: 48 
slot: L3 Cache 
size: 8MiB 
capacity: 8MiB 
capabilities: synchronous internal write-back unified 
configuration: level=3 
*-cpu 
description: CPU 
product: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz 
vendor: Intel Corp. 
physical id: 49 
bus info: cpu@0 
version: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz 
serial: To Be Filled By O.E.M. 
slot: U3E1 
size: 4GHz 
capacity: 4005MHz 
width: 64 bits 
clock: 100MHz 
capabilities: x86-64 fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic 
sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe 
syscall nx pdpe1gb rdtscp constant_tsc art arch_perfmon pebs bts rep_good nopl 
xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est 
tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt 
tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb 
invpcid_single ibrs ibpb stibp kaiser tpr_shadow vnmi flexpriority ept vpid 
fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap 
clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp 
hwp_notify hwp_act_window hwp_epp cpufreq 
configuration: cores=4 enabledcores=4 threads=8 
*-pci 
description: Host bridge 
product: Intel Corporation 
vendor: Intel Corporation 
physical id: 100 
bus info: pci@:00:00.0 
version: 07 
width: 32 bits 
clock: 33MHz 
*-pci:0 
description: PCI bridge 
product: Skylake PCIe Controller (x16) 
vendor: Intel Corporation 
physical id: 1 
bus info: pci@:00:01.0 
version: 07 
width: 32 bits 
clock: 33MHz 
capabilities: pci pm msi pciexpress normal_decode bus_master cap_list 
configuration: driver=pcieport 
resources: irq:122 ioport:4000(size=4096) memory:a300-a40f 
ioport:9000(size=301989888) 
*-display UNCLAIMED 
description: VGA compatible controller 
product: GP106M [GeForce GTX 1060] 
vendor: NVIDIA Corporation 
physical id: 0 
bus info: pci@:01:00.0 
version: a1 
width: 64 bits 
clock: 33MHz 
capabilities: pm msi pciexpress vga_controller bus_master cap_list 
configuration: latency=0 
resources: memory:a300-a3ff memory:9000-9fff 
memory:a000-a1ff ioport:4000(size=128) memory:a400-a407 
*-display UNCLAIMED 
description: VGA compatible controller 
product: Intel Corporation 
vendor: Intel Corporation 
physical id: 2 
bus info: pci@:00:02.0 
version: 00 
width: 64 bits 
clock: 33MHz 
capabilities: pciexpress msi pm vga_controller bus_master cap_list 
configuration: latency=0 
resources: memory:a200-a2ff memory:8000-8fff 
ioport:5000(size=64) 

Bug#929430: marked as pending in lintian

[Felix Lechner]

My apologies for the remarks about Ubuntu. I introduced this error
with commit 546c0d36. With some luck, it will be fixed with this merge
request: https://salsa.debian.org/lintian/lintian/merge_requests/203

Bug#929487: unblock: dmarc-cat/0.9.2-3

[Antoine Beaupre]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package dmarc-cat

The previous -2 unblock you did (thanks for that!) was fine, but the
autopkgtest suite I introduced was buggy. -3 fixes that problem with a
one-line change. The tests were first checked in experimental (which I
should have done with the first upload as well...):

https://ci.debian.net/packages/d/dmarc-cat/unstable/amd64/

debdiff:

diff -Nru dmarc-cat-0.9.2/debian/changelog dmarc-cat-0.9.2/debian/changelog
--- dmarc-cat-0.9.2/debian/changelog2019-05-21 10:13:55.0 -0400
+++ dmarc-cat-0.9.2/debian/changelog2019-05-23 14:51:42.0 -0400
@@ -1,3 +1,9 @@
+dmarc-cat (0.9.2-3) unstable; urgency=medium
+
+  * fix autopkgtest missing build-tree requirement
+
+ -- Antoine Beaupré   Thu, 23 May 2019 14:51:42 -0400
+
 dmarc-cat (0.9.2-2) unstable; urgency=medium
 
   * move test suite to autopkgtest because of network access (Closes:
diff -Nru dmarc-cat-0.9.2/debian/tests/control 
dmarc-cat-0.9.2/debian/tests/control
--- dmarc-cat-0.9.2/debian/tests/control2019-05-21 10:13:55.0 
-0400
+++ dmarc-cat-0.9.2/debian/tests/control2019-05-23 14:51:42.0 
-0400
@@ -1,2 +1,3 @@
 Test-command: HOME=$AUTOPKGTEST_TMP dh_auto_test -O--buildsystem=golang
 Depends: @, @builddeps@
+Restrictions: build-needed

unblock dmarc-cat/0.9.2-3

-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#929486: unblock: debootstick/2.3

[Etienne Dublé]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debootstick

Package 2.3 of debootstick was just uploaded to experimental by my sponsor 
(Vincent Danjean).
If you accept this unblock request, he will upload it to unstable.

This release compiles three bug fixes I hope buster users can get:
1- Bug#928080 - A fix about migration mode (long timeouts on LVM commands, was 
mostly unusable)
2- Bug#929355 - A fix about sporadic failures with LVM commands
3- Bug#929356 - A fix for debootstick to work with a chroot based on Ubuntu >= 
18.04

Severity of bugs 1 and 2 is "important".
Bug 3 was reported with severity "normal". However, fixing it just meant 
updating two
constant values (see attachment "fix-3.diff"), and it improves significantly 
the usability of
the software. So I hope this fix can be included.
If not, I can rebuild the package.

The debdiff is attached.
For clarity, I also attached a separate diff file showing code changes related 
to each of the 3 fixes.

Thanks.

unblock debootstick/2.3

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru debootstick-2.2/debian/changelog debootstick-2.3/debian/changelog
--- debootstick-2.2/debian/changelog2019-03-08 12:48:40.0 +
+++ debootstick-2.3/debian/changelog2019-05-22 12:03:47.0 +
@@ -1,3 +1,11 @@
+debootstick (2.3) unstable; urgency=medium
+
+  * Fix new LVM versions hanging in migration procedure (closes: Bug#928080).
+  * Fix migration script sometimes failing (closes: Bug#929355).
+  * Fix handling of chroots based on Ubuntu >= 18.04 (closes: Bug#929356).
+
+ -- Etienne Dublé   Wed, 22 May 2019 13:56:42 +
+
 debootstick (2.2) unstable; urgency=medium
 
   * Fix new LVM versions hanging in chroot (closes: Bug#923852).
diff -Nru debootstick-2.2/debootstick debootstick-2.3/debootstick
--- debootstick-2.2/debootstick 2019-03-08 12:40:46.0 +
+++ debootstick-2.3/debootstick 2019-05-22 12:03:47.0 +
@@ -5,7 +5,7 @@
 IMAGE_SIZE_MARGIN_KB=0  # fs size estimation is enough pessimistic
 MKSQUASHFS_OPTS="-b 1M -comp xz"
 ONE_GIGABYTE_KB=$((1024*1024))
-MAX_WORK_IMAGE_OVERHEAD_KB=$ONE_GIGABYTE_KB
+MAX_WORK_IMAGE_OVERHEAD_KB=$((2*ONE_GIGABYTE_KB))
 DEBUG=0
 DD="dd status=none"
 DBSTCK_DIR="/usr/share/debootstick"
@@ -290,8 +290,8 @@
 echo done
 release_image draft # not needed anymore
 
-# add the dbstck.conf file
-cat > $final_rootfs_mountpoint/dbstck.conf << EOF
+# complete the dbstck.conf file
+cat >> $final_rootfs_mountpoint/dbstck.conf << EOF
 STICK_OS_ID=$STICK_OS_ID
 USE_LVM=$(target_use_lvm)
 SYSTEM_TYPE=$system_type
diff -Nru debootstick-2.2/scripts/create-image/common/finalize 
debootstick-2.3/scripts/create-image/common/finalize
--- debootstick-2.2/scripts/create-image/common/finalize2018-03-15 
08:56:17.0 +
+++ debootstick-2.3/scripts/create-image/common/finalize2019-05-22 
11:50:39.0 +
@@ -9,8 +9,9 @@
 rm -rf proc/* sys/* dev/* tmp/* \
 $(find run -type f) var/cache/* var/lock
 
-# move the existing init
-mv sbin/init sbin/init.orig
-cd sbin
-ln -s /opt/debootstick/live/init/first-init.sh init
+# install debootstick init hook on getty command
+getty_command="$(realpath --relative-to . "$(readlink -f sbin/getty)")"
+mv "$getty_command" "${getty_command}.orig"
+ln -s /opt/debootstick/live/init/getty-hook.sh "$getty_command"
+echo "GETTY_COMMAND=$getty_command" >> dbstck.conf
 }
diff -Nru debootstick-2.2/scripts/create-image/target/pc/packages 
debootstick-2.3/scripts/create-image/target/pc/packages
--- debootstick-2.2/scripts/create-image/target/pc/packages 2018-03-15 
08:56:17.0 +
+++ debootstick-2.3/scripts/create-image/target/pc/packages 2019-05-22 
12:03:47.0 +
@@ -2,7 +2,7 @@
 
 custom_packages()
 {
-echo grub-pc
+echo grub-pc initramfs-tools
 }
 
 kernel_default_package()
diff -Nru debootstick-2.2/scripts/live/init/first-init.sh 
debootstick-2.3/scripts/live/init/first-init.sh
--- debootstick-2.2/scripts/live/init/first-init.sh 2018-03-15 
08:56:17.0 +
+++ debootstick-2.3/scripts/live/init/first-init.sh 2019-05-22 
11:50:39.0 +
@@ -8,17 +8,8 @@
 # if error, run a shell
 trap '[ "$?" -eq 0 ] || fallback_sh' EXIT
 
-# we will need /proc and /sys
-[ -e /proc/self ] || mount_proc=1
-[ -e /sys/class ] || mount_sys=1
-[ "$mount_proc" = "1" ] && mount -t proc none /proc
-[ "$mount_sys" = "1" ] && mount -t sysfs none /sys
-
-# remount / read-write
-mount -o remount,rw /
-
-# lvm may need this directory to run properly

Bug#929466: freeradius: CVE-2019-10143: privilege escalation due to insecure logration

[Kentaro Hayashi]

Maybe attached patch fixes the issue.

Regards,
diff -Nru freeradius-3.0.17+dfsg/debian/changelog freeradius-3.0.17+dfsg/debian/changelog
--- freeradius-3.0.17+dfsg/debian/changelog	2019-04-23 06:23:36.0 +0900
+++ freeradius-3.0.17+dfsg/debian/changelog	2019-05-24 22:15:19.0 +0900
@@ -1,3 +1,11 @@
+freeradius (3.0.17+dfsg-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Cherry-Pick upstream commits to fix CVE-2019-10143 (Mitigate
+privilege escalation due to insecure lotation settings) (Closes: #929466)
+
+ -- Kentaro Hayashi   Fri, 24 May 2019 13:15:19 +
+
 freeradius (3.0.17+dfsg-1.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nru freeradius-3.0.17+dfsg/debian/freeradius.logrotate freeradius-3.0.17+dfsg/debian/freeradius.logrotate
--- freeradius-3.0.17+dfsg/debian/freeradius.logrotate	2019-04-23 06:23:36.0 +0900
+++ freeradius-3.0.17+dfsg/debian/freeradius.logrotate	2019-05-24 22:15:19.0 +0900
@@ -9,6 +9,7 @@
 	notifempty
 
 	copytruncate
+	su freerad freerad
 }
 
 # (in order)
@@ -28,6 +29,7 @@
 	notifempty
 
 	nocreate
+	su freerad freerad
 }
 
 # There are different detail-rotating strategies you can use.  One is
@@ -47,4 +49,5 @@
 	notifempty
 
 	nocreate
+	su freerad freerad
 }
diff -Nru freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch
--- freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch	1970-01-01 09:00:00.0 +0900
+++ freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch	2019-05-24 22:15:19.0 +0900
@@ -0,0 +1,40 @@
+su to radiusd user/group when rotating logs
+
+The su directive to logrotate ensures that log rotation happens under the
+owner of the logs. Otherwise, logrotate runs as root:root, potentially
+enabling privilege escalation if a RCE is discovered against the
+FreeRADIUS daemon.
+--- a/redhat/freeradius-logrotate
 b/redhat/freeradius-logrotate
+@@ -9,6 +9,7 @@
+ missingok
+ compress
+ delaycompress
++su radiusd radiusd
+ 
+ #
+ #  The main server log
+--- a/scripts/logrotate/freeradius
 b/scripts/logrotate/freeradius
+@@ -17,6 +17,7 @@
+ 	notifempty
+ 
+ 	copytruncate
++	su radiusd radiusd
+ }
+ 
+ # (in order)
+@@ -34,6 +35,7 @@
+ 	notifempty
+ 
+ 	nocreate
++	su radiusd radiusd
+ }
+ 
+ # There are different detail-rotating strategies you can use.  One is
+@@ -53,4 +55,5 @@
+ 	notifempty
+ 
+ 	nocreate
++	su radiusd radiusd
+ }
diff -Nru freeradius-3.0.17+dfsg/debian/patches/series freeradius-3.0.17+dfsg/debian/patches/series
--- freeradius-3.0.17+dfsg/debian/patches/series	2019-04-23 06:23:36.0 +0900
+++ freeradius-3.0.17+dfsg/debian/patches/series	2019-05-24 22:15:19.0 +0900
@@ -10,3 +10,4 @@
 snakeoil-certs.diff
 CVE-2019-11234-1.patch
 CVE-2019-11234-2.patch
+CVE-2019-10143.patch

Bug#929485: libtensorflow-dev: Missing dependency - package depends on libprotoc-dev

[Stefan Weil]

Package: libtensorflow-dev
Version: 1.10.1+dfsg-A2+b1
Severity: normal

Builds fail because of missing header files if libprotoc-dev is not installed:

/usr/include/tensorflow/core/platform/default/protobuf.h:23:10: fatal 
error: google/protobuf/compiler/importer.h: No such file or directory
 #include "google/protobuf/compiler/importer.h"

The missing file can be found in package libprotoc-dev:

libprotoc-dev: /usr/include/google/protobuf/compiler/importer.h

Installation of that package fixes the build. Therefore I suggest to add it as 
a required package.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/16 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libtensorflow-dev depends on:
ii  libgrpc++-dev1.16.1-1
ii  libprotobuf-dev  3.6.1.3-2
ii  libtensorflow-cc1.10 1.10.1+dfsg-A2+b1
ii  libtensorflow-framework1.10  1.10.1+dfsg-A2+b1
ii  libtensorflow1.101.10.1+dfsg-A2+b1
ii  llvm-7-dev   1:7.0.1-8

libtensorflow-dev recommends no packages.

Versions of packages libtensorflow-dev suggests:
pn  tensorflow-doc  

-- no debconf information

Bug#929063: SELinux integration in sysVinit

[Stephen Smalley]

On 5/24/19 9:00 AM, Jason Zaman wrote:

Bigon asked me to forward this so its part of the bug tracker.

On Fri, May 24, 2019 at 08:55:22PM +0800, Jason Zaman wrote:

On Fri, May 24, 2019 at 01:17:00PM +0200, Laurent Bigonville wrote:

Hello,

There is currently some discussion at [0] about SELinux integration in
sysVinit and the fact that somebody wants to delegate the loading of the
policy to an other binary than PID1.

Has somebody a remark or an objection to that proposal?


I object too. There is a *huge* change in functionality. Originally if
you boot with SELinux enforcing, there are only two things that can
happen. Either you end up with the policy loaded or the machine halts.

In the new patch, an attacker can just chmod -x /sbin/selinux-check then
next boot there will be no selinux enabled.

if (access(SELINUX_CHECK, X_OK) != 0) fails, the machine will continue
to boot without SELinux enabled. There is no difference between a user
without /sbin/selinux-check on purpose and an attacker just chmod -x'd
the tool.


NB even amending the patch to use F_OK still leaves one vulnerable to an 
attacker doing rm /sbin/selinux-check to silently disable SELinux on 
reboot.  And you can't assume that anyone who can do that can already 
modify or replace /sbin/init; under existing policies /sbin/init has its 
own distinct SELinux type, which would not be assigned to 
/sbin/selinux-check by default (and probably shouldn't be even in newer 
policies since it is the entrypoint type for the init domain).




SELinux does not protect /sbin anywhere near as much as /etc/selinux
(and doing that would probably be impossible). You'd need to check if
selinux is enabled and enforcing before skipping the loading ... which
is done by calling is_selinux_enabled() which needs linking to
libselinux. The important part of the original design is not
selinux_init_load_policy(), its is_selinux_enabled().

If someone really wants to run sysvinit without libselinux then just
switch to Gentoo, if you're on a non-selinux profile then you dont have
libselinux.so. But I'd definitely not want to have this patch in Gentoo
either.

-- Jason



I already gave my POV regarding SELinux integration in debian.

Kind regards,

Laurent Bigonville

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929063

Bug#929484: Please drop dependency against libselinux and libsepol

[Laurent Bigonville]

Source: dmraid
Version: 1.0.0.rc16-8
Severity: minor

Hi,

dmraid is linking against libselinux and libsepol bug AFAICS, it's not
using any of their symbols.

I'm not sure why dmraid started linking against libselinux in the first
place, I looked at a really old version of the package in the archive
(0.9.9+1.0.0.rc9-1 form 2005) and it was the same, just linking against
libselinux with using any symbols.

I think it's safe to say that these (build-)dependencies can be dropped

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#927348: unblock: salt/2018.3.4+dfsg1-2

[Benjamin Drung]

Hi Paul,

Am Dienstag, den 14.05.2019, 20:13 +0200 schrieb Paul Gevers:
> Hi Benjamin,
> 
> On 14-05-2019 13:13, Benjamin Drung wrote:
> > Hi Paul,
> > 
> > Am Freitag, den 10.05.2019, 20:40 +0200 schrieb Paul Gevers:
> > > Control: tags -1 moreinfo
> > > 
> > > So, all in all, I don't want to unblock the new upstream with
> > > your
> > > packaging, we're too late in the cycle and the version really
> > > doesn't
> > > match the freeze policy. However, I am offering you an upload
> > > based
> > > on the version currently in buster via t-p-u. If you go that
> > > route,
> > > please only fix bugs 919849, 928337, 922352, 924763, the
> > > LC_ALL=C.UTF-8 item and the systemd issue. Please fix 919849
> > > without
> > > switching your build to sphinxdoc, that isn't appropriate at this
> > > moment.
> > 
> > Okay. So you prefer an upload to t-p-u or can I just revert those
> > rejected changes (typos fixes and using dh_sphinxdoc) and do
> > another
> > upload to unstable?
> 
> I would prefer an upload to unstable if you also revert to the
> previous
> upstream tar ball (e.g. using the +really version syntax).

I prepared the relevant changes in the master-proposed branch:
https://salsa.debian.org/salt-team/salt/commits/master-proposed

Attached a diff between 2018.3.4~git20180207+dfsg1-1 from testing and
the proposed 2018.3.4+dfsg1-6 created with:

git diff debian/2018.3.4_git20180207+dfsg1-1..master-proposed -- debian

I tested this proposed version that it builds and that the
documentation works as expected (including the search) and that all
needed files are there and that it contains to broken symlinks.

While testing I found and fixed another instance of privacy breach:
https://salsa.debian.org/salt-team/salt/commit/08a00aaa4670d0713ec55c0d23d25e64ad85e624
(privacy breach is not part of the policy yet, see #726998)
Let me know if this change is acceptable or not.

I would like to upload that proposed version to unstable. If you
insists of staying with the 2018.3.4~git20180207+dfsg1 snapshot, I will
rebase this patch on top of 2018.3.4~git20180207+dfsg1 and prepare the
upload for t-p-u.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de

Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss

Member of United Internet
diff --git a/debian/changelog b/debian/changelog
index e1942d9d..9d0dfca3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,65 @@
+salt (2018.3.4+dfsg1-6) unstable; urgency=medium
+
+  * Revert changes that were rejected by the release team:
+- Drop fixing various spelling mistakes
+- Drop using jquery.js from sphinx
+- Drop using dh_sphinxdoc
+- Drop patch to set script type explicitly to text/javascript
+  * doc: Use local Open Sans fonts instead of querying Google
+to fix possible privacy breach
+
+ -- Benjamin Drung   Fri, 24 May 2019 15:01:45 +0200
+
+salt (2018.3.4+dfsg1-5) unstable; urgency=medium
+
+  * Cherry-pick upstream patch to fix edge case when minion ID is a
+16-character string (Closes: #928337)
+
+ -- Benjamin Drung   Thu, 02 May 2019 13:23:44 +0200
+
+salt (2018.3.4+dfsg1-4) unstable; urgency=medium
+
+  * Cherry-pick upstream patch to fix retrieving systemd version (for 241-3)
+
+ -- Benjamin Drung   Fri, 26 Apr 2019 16:38:39 +0200
+
+salt (2018.3.4+dfsg1-3) unstable; urgency=medium
+
+  [ Benjamin Drung ]
+  * tests: Drop copying missing templates directory
+  * salt-doc: Install favicon in document root and do not compress it
+  * salt-doc: Fix JavaScript symlinks to bootstrap (Closes: #919849)
+  * doc: Set script type explicitly to text/javascript
+  * Use jquery.js from sphinx
+  * Symlink vendor JavaScript files before building
+  * Use dh_sphinxdoc
+
+  [ Steffen Kockel ]
+  * doc: Fix logo link to point to contents.html
+  * doc: Ensure searchtools.js gets included (to fix the search)
+
+ -- Benjamin Drung   Thu, 25 Apr 2019 13:39:10 +0200
+
+salt (2018.3.4+dfsg1-2) unstable; urgency=medium
+
+  * Fix test_xen_virtual on kernels with no Xen support (Closes: #922352)
+  * Expose tornado4 as tornado for zmq.eventloop.ioloop (Closes: #924763)
+
+ -- Benjamin Drung   Wed, 17 Apr 2019 20:26:11 +0200
+
+salt (2018.3.4+dfsg1-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Refresh patches
+  * Fix various spelling mistakes
+  * Drop NOTICE from salt-common (the upstream tarball does not contain it)
+  * Skip SampleConfTest and ExtendTestCase if the required sample conf or
+templates directories are missing
+  * Run tests with LC_ALL=C.UTF-8
+  * Remove unused minified documentation CSS files
+
+ -- Benjamin Drung   Fri, 05 Apr 2019 13:58:40 +0200
+
 salt (2018.3.4~git20180207+dfsg1-1) unstable; urgency=medium
 
   * New upstream pre-release snapshot.
diff 

Bug#928883: libzorpll-dev: add Breaks

[Chris Lamb]

tags 928883 + pending patch
thanks

I've uploaded libzorpll 7.0.1.0~alpha1-1.1 to DELAYED/5:
  
  libzorpll (7.0.1.0~alpha1-1.1) unstable; urgency=medium
  
* Non-maintainer upload.
* Apply patch from Andreas Beckmann to add "Breaks" on libzorpll-6.0-10-dev
  and libssl1.0-dev for smoother upgrades from stretch. This resulted from
  the switch from libssl1.0-dev to libssl-dev. (Closes: #928883)

The full debdiff is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
diffstat for libzorpll-7.0.1.0~alpha1 libzorpll-7.0.1.0~alpha1

 changelog |9 +
 control   |2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff -Nru libzorpll-7.0.1.0~alpha1/debian/changelog 
libzorpll-7.0.1.0~alpha1/debian/changelog
--- libzorpll-7.0.1.0~alpha1/debian/changelog   2018-10-10 21:21:22.0 
+0100
+++ libzorpll-7.0.1.0~alpha1/debian/changelog   2019-05-24 14:06:05.0 
+0100
@@ -1,3 +1,12 @@
+libzorpll (7.0.1.0~alpha1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch from Andreas Beckmann to add "Breaks" on libzorpll-6.0-10-dev
+and libssl1.0-dev for smoother upgrades from stretch. This resulted from
+the switch from libssl1.0-dev to libssl-dev. (Closes: #928883)
+
+ -- Chris Lamb   Fri, 24 May 2019 14:06:05 +0100
+
 libzorpll (7.0.1.0~alpha1-1) unstable; urgency=medium
 
   * New upstream version (Closes: #859055)
diff -Nru libzorpll-7.0.1.0~alpha1/debian/control 
libzorpll-7.0.1.0~alpha1/debian/control
--- libzorpll-7.0.1.0~alpha1/debian/control 2018-10-10 21:21:22.0 
+0100
+++ libzorpll-7.0.1.0~alpha1/debian/control 2019-05-24 14:06:05.0 
+0100
@@ -34,7 +34,7 @@
 Package: libzorpll-7.0-1-dev
 Section: libdevel
 Replaces: libzorpll-dev ( << 6.0.8.0-1)
-Breaks: libzorpll-dev ( << 6.0.8.0-1)
+Breaks: libzorpll-dev ( << 6.0.8.0-1), libzorpll-6.0-10-dev, libssl1.0-dev
 Conflicts: libzorpll-6.0-8-dev
 Architecture: any
 Depends: libzorpll-7.0-1 (= ${binary:Version}), ${misc:Depends}, 
libglib2.0-dev, libcap-dev [linux-any], libssl-dev

Bug#929108: unblock / tpu approval: gmsh/4.1.3+ds1-2

[Ivo De Decker]

Control: tags -1 confirmed moreinfo

Hi Ansgar,

On Fri, May 17, 2019 at 11:12:59AM +0200, Ansgar Burchardt wrote:
> gmsh has an old path to OpenCASCADE include files (#927808); this is
> easy to fix (see attached diff).
> 
> Rebuilding the package also changes a dependency on amd64 (libgmsh4.1
> depends on `libhdf5-openmpi-103 (>= 1.8.13)` instead of `libhdf5-103`
> after the rebuild); however this matches the dependency on i386.
> 
> However gmsh was updated to a new upstream release in unstable on
> 2019-03-02 with a small fix on 2019-03-04; this missed the freeze date
> slightly.
> 
> Do you prefer an upload via t-p-u or should I prepare a gmsh
> 4.1.5+really4.1.3+ds1-1 upload for unstable?

An upload to unstable would be preferred. So please go ahead with that and
remove the moreinfo tag from this bug once it is in unstable.

Thanks,

Ivo

Bug#906728: linux-perf-4.17: "perf report" fails with "failed to process sample"

[Vladimír Čunát]

Hello!  For others who stumble on this...

I got this message when my perf version didn't match the running kernel,
and it disappeared when I fixed that.  (It was on a different distro
than Debian - NixOS, but I don't expect distro is really relevant for
this problem.)

--Vladimir

Bug#929063: SELinux integration in sysVinit

[Jason Zaman]

Bigon asked me to forward this so its part of the bug tracker.

On Fri, May 24, 2019 at 08:55:22PM +0800, Jason Zaman wrote:
> On Fri, May 24, 2019 at 01:17:00PM +0200, Laurent Bigonville wrote:
> > Hello,
> > 
> > There is currently some discussion at [0] about SELinux integration in 
> > sysVinit and the fact that somebody wants to delegate the loading of the 
> > policy to an other binary than PID1.
> > 
> > Has somebody a remark or an objection to that proposal?
> 
> I object too. There is a *huge* change in functionality. Originally if
> you boot with SELinux enforcing, there are only two things that can
> happen. Either you end up with the policy loaded or the machine halts.
> 
> In the new patch, an attacker can just chmod -x /sbin/selinux-check then
> next boot there will be no selinux enabled.
> 
> if (access(SELINUX_CHECK, X_OK) != 0) fails, the machine will continue
> to boot without SELinux enabled. There is no difference between a user
> without /sbin/selinux-check on purpose and an attacker just chmod -x'd
> the tool.
> 
> SELinux does not protect /sbin anywhere near as much as /etc/selinux
> (and doing that would probably be impossible). You'd need to check if
> selinux is enabled and enforcing before skipping the loading ... which
> is done by calling is_selinux_enabled() which needs linking to
> libselinux. The important part of the original design is not
> selinux_init_load_policy(), its is_selinux_enabled().
> 
> If someone really wants to run sysvinit without libselinux then just
> switch to Gentoo, if you're on a non-selinux profile then you dont have
> libselinux.so. But I'd definitely not want to have this patch in Gentoo
> either.
> 
> -- Jason
> 
> 
> > I already gave my POV regarding SELinux integration in debian.
> > 
> > Kind regards,
> > 
> > Laurent Bigonville
> > 
> > [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929063
> > 

Bug#929430: marked as pending in lintian

[Chris Lamb]

Hi Felix,

> >  Note that we were fine autopkgtest-wise in 2.13.0 if that helps.
> 
> Looking at this status page: 
> http://autopkgtest.ubuntu.com/packages/lintian/eoan/amd64 it seems that 
> 2.13.0 is not actually fine on eoan. Am I missing something?

Sorry, I meant 2.13.0 in Debian... but I'm wrong on that too:

  https://ci.debian.net/packages/l/lintian/testing/amd64/

… so 2.12.0 appears to be the last working version. Does that help?


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#929461: light-locker: Wont unlock or wake screen - have to pkill light-locker after ctrl-alt-f1

[Yves-Alexis Perez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

control: forcemerge 846278 -1

On Thu, 2019-05-23 at 16:17 -0700, Matt Weatherford wrote:
> When screen locks on Dell Optiplex 9020 w/latest BIOS, i cannot wake it with 
> keypresses or mouse movements
> have to ctrl-alt-f1 to console, then monitor wakes up. If I ctrl-alt-f7 back 
> to grapical console, I get a message about waking up soon - so something is 
> on that screen - but it never wakes.
> I have to pkill light-locker in order to continue - then everything works 
> again
Hi,

use Ctr-Alt-F8 to get to the unlock screen. That's a duplicate of #846278

Regards,
- -- 
Yves-Alexis
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlzn3rAACgkQ3rYcyPpX
RFshKQgA2M1Ehb4txHxygsfitEuWZMLoiDSNJxYFTvQjBDq7wXJtXLpUjlN7Kil8
5pU7dCpx1kf8uUNGuwCvu/eaxbGeUNxsnqWgfZgT6oQ0vUF3p8zCW8QX/ig1Qic3
JHtYGpBI2+WjR/Y2PAuESyIWjeBbhHz1v098iVKBmSJ3ZL5d9w4VPnKi6yRAAAYr
wWNks7gVnbMmCxh3gfgiwjA3wKRbX8RfmtJEfmAce1YskX48jsuV6iMijpm92N+G
lp4MNtNJrbZ6rajDDv74zOK8ssoMQbW5fkA7Hun7n3I0CJ83GD9yhTs5dhFY6eff
3Qt7HXcPFMaFz5LIKa955waqkiZc/Q==
=VKAH
-END PGP SIGNATURE-

Bug#929401: debian-security-support: Updated Swedish translation

[Holger Levsen]

On Wed, May 22, 2019 at 10:27:22PM +0200, Andreas Ronnquist wrote:
> Please find attached a Swedish translation of the
> debian-security-support package.

cool, thank you, added to git!


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

In Europe there are people prosecuted by courts because they saved other people
from drowning in the  Mediterranean Sea.  That is almost as absurd  as if there
were people being prosecuted because they save humans from drowning in the sea.


signature.asc
Description: PGP signature

Bug#929404: debian-security-support: [INTL:pt] Updated Portuguese translation

[Holger Levsen]

On Wed, May 22, 2019 at 09:42:32PM +0100, Américo Monteiro wrote:
> Updated Portuguese translation for  debian-security-support messages

obrigado & commited to git!


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#929483: robocode: Class not found program wont start

[Bardot Jerome]

Package: robocode
Version: 1.9.3.3-2
Severity: important

Dear Maintainer,



   * What led up to the situation?
The start of the program.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
I try to start robocode from the command line.

   * What was the outcome of this action?

java.lang.ClassNotFoundException: net.sf.robocode.core.RobocodeMainBase
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:471)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
at net.sf.robocode.security.HiddenAccess.init(HiddenAccess.java:86)
at
net.sf.robocode.security.HiddenAccess.robocodeMain(HiddenAccess.java:279)
at robocode.Robocode.main(Robocode.java:27)

Can't find robocode.core-1.x.jar module near to robocode.jar
Class path: /usr/share/java/robocode.jar

   * What outcome did you expect instead?
The program start




-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages robocode depends on:
ii  default-jre [java7-runtime] 2:1.11-71
ii  libcodesize-java1.2-1
ii  libpicocontainer-java   2.15+repack-1
ii  openjdk-11-jre [java7-runtime]  11.0.3+1-1
ii  openjdk-8-jre [java7-runtime]   8u212-b01-1~deb9u1

Versions of packages robocode recommends:
ii  default-jdk  2:1.11-71
ii  default-jdk-doc  2:1.11-71

Versions of packages robocode suggests:
pn  eclipse   
ii  netbeans  10.0-3

-- no debconf information

Bug#929459: sl works for me

[Hendrikus van Woerden]

Hello.

Mark as solved.

Root user dosen't load paths /usr/local/games:/usr/games.

Works with other than user id 0.

Kind Regards
Hendrikus van Woerden

Juhani Numminen kirjoitti 24.5.2019 klo 7.07:

Package: sl
Followup-For: Bug #929459
Control: tags -1 moreinfo

Hello,

On my system 'apt install sl' does provide the sl binary. Here are the package
contents for reference. One can see there's /usr/games/sl. I think /usr/games
is in the default $PATH.

$ dpkg -l sl

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ NameVersion  Architecture Description
+++-===---
ii  sl  3.03-17+b2   amd64Correct you if 
you type `sl' by mistake

$ dpkg -L sl

/.
/usr
/usr/games
/usr/games/sl
/usr/games/sl-h
/usr/share
/usr/share/doc
/usr/share/doc/sl
/usr/share/doc/sl/README
/usr/share/doc/sl/README.Debian
/usr/share/doc/sl/README.jp
/usr/share/doc/sl/README.sl-h.jp
/usr/share/doc/sl/changelog.Debian.amd64.gz
/usr/share/doc/sl/changelog.Debian.gz
/usr/share/doc/sl/copyright
/usr/share/man
/usr/share/man/de
/usr/share/man/de/man6
/usr/share/man/de/man6/LS.6.gz
/usr/share/man/de/man6/sl-h.6.gz
/usr/share/man/de/man6/sl.6.gz
/usr/share/man/de.UTF-8
/usr/share/man/de.UTF-8/man6
/usr/share/man/de.UTF-8/man6/LS.6.gz
/usr/share/man/de.UTF-8/man6/sl-h.6.gz
/usr/share/man/de.UTF-8/man6/sl.6.gz
/usr/share/man/ja
/usr/share/man/ja/man6
/usr/share/man/ja/man6/LS.6.gz
/usr/share/man/ja/man6/sl-h.6.gz
/usr/share/man/ja/man6/sl.6.gz
/usr/share/man/ja.UTF-8
/usr/share/man/ja.UTF-8/man6
/usr/share/man/ja.UTF-8/man6/LS.6.gz
/usr/share/man/ja.UTF-8/man6/sl-h.6.gz
/usr/share/man/ja.UTF-8/man6/sl.6.gz
/usr/share/man/man6
/usr/share/man/man6/LS.6.gz
/usr/share/man/man6/sl-h.6.gz
/usr/share/man/man6/sl.6.gz
/usr/games/LS


-- System Information:
Debian Release: 9.9
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-0.bpo.4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sl depends on:
ii  libc62.24-11+deb9u4
ii  libncurses5  6.0+20161126-1+deb9u2
ii  libtinfo56.0+20161126-1+deb9u2

sl recommends no packages.

sl suggests no packages.

-- no debconf information

Bug#929482: cacti: After apt-get install cacti, the installation stated something old version DB(?) and does not proceed.

[ISHIKAWA,chiaki]

Package: cacti
Version: 1.2.2+ds1-2
Severity: normal
Tags: a11y d-i

Dear Maintainer,

*** Reporter, please consider answering these questions, where 
appropriate ***


   * What led up to the situation?

 apt-get install cacti

     which I performed a few hours ago.


   * What exactly did you do (or not do) that was effective (or
 ineffective)?

 After the installation, the cacti installer stated the following 
error message and won't proceed.



Determining localhost credentials from /etc/mysql/debian.cnf: succeeded.
dbconfig-common: writing config to /etc/dbconfig-common/cacti.conf
Replacing config file /etc/dbconfig-common/cacti.conf with new version
Replacing config file /etc/cacti/debian.php with new version
checking privileges on database cacti for cacti@localhost: user creation 
needed.

granting access to database cacti for cacti@localhost: success.
verifying access for cacti@localhost: success.
dbconfig-common: dumping mysql database cacti to 
/var/tmp/cacti.cacti.2019-05-24-18.09.mysql.gISAIk.

database does not exist.
dbconfig-common: dropping old mysql database cacti.
dropping database cacti: database does not exist.
creating database cacti: success.
verifying database cacti exists: success.
populating database via administrative sql...  done.
populating database via sql...  done.
dbconfig-common: flushing administrative password
Running cli/upgrade_database.php as part of package update...
You are attempting to install cacti 1.2.2 onto a 0.6.x database.
To continue, you must create a new database, import 'cacti.sql' into it,
and    update 'include/config.php' to point to the new database.

   I tried a few things. But the installer repeated stated that
   You are attempting to install cacti 1.2.2 onto a 0.6.x database.
   ...
   even if
   -  I removed the package (get-apt remove cacti)
   and RECREATE the database cacti on the fly during the installation.
  At this stage http://MYHOST/cacti/ returns an error message to
  the tune of
  make sure php data  module is installed property,
  database is created, etc.

   - Or create a database 'cactinew', and edited config.php (in this
 case, and run dpkg-reconfigure cacti, the web response changes to
 Not Found

 The requested URL /cacti/ was not found on this server.
 Apache/2.4.38 (Debian) Server at 192.168.0.30 Port 80

 This I think is the failure of cacti package. It seems to miss a
 post-inst file or something.
 See the log snippet below.

    I created a database ('root' user), and I modified the
    following files to accommodate the user and database names.
    vi /etc/cacti/debian.php
    vi /usr/share/cacti/site/include/config.php

   Note the error during dpkg-reconfigure cacti: the log says
   dbconfig-generate-include: not found

    root@ip030:/var/lib/mysql# mysql -u root cacti3 < 
/usr/share/doc/cacti/cacti.sql

    root@ip030:/var/lib/mysql# !vi
    vi /etc/cacti/debian.php
    root@ip030:/var/lib/mysql# vi /etc/cacti/debian.php
    root@ip030:/var/lib/mysql# /usr/sbin/dpkg-reconfigure cacti
    Determining localhost credentials from /etc/mysql/debian.cnf: 
succeeded.

    dbconfig-common: writing config to /etc/dbconfig-common/cacti.conf
    Replacing config file /etc/dbconfig-common/cacti.conf with new 
version
 ***   /var/lib/dpkg/info/cacti.postinst: 677: 
/var/lib/dpkg/info/cacti.postinst: dbconfig-generate-include: not found

    dbconfig-common: flushing administrative password
    Running cli/upgrade_database.php as part of package update...
    You are attempting to install cacti 1.2.2 onto a 0.6.x database.
    To continue, you must create a new database, import 'cacti.sql' 
into it,

    and    update 'include/config.php' to point to the new database.

    I cannot get out of this cycle.

   * What was the outcome of this action?

Failed installation of cacti.


 * What outcome did you expect instead?

    I expected the URL https://HOST/cacti to return cacti 
installation page.




-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/6 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), 
LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cacti depends on:
ii  dbconfig-common   2.0.11
ii  dbconfig-mysql    2.0.11
ii  debconf [debconf-2.0] 1.5.71
ii  fonts-dejavu-core 2.37-1
ii  fonts-dejavu-extra    2.37-1
ii  fonts-fork-awesome    1.1.5+ds1-2
ii  javascript-common 11
ii  

Bug#929481: Preseed on buster does not use extra repository

[Jose M Calhariz]

Package: installation-reports

Boot method: CD
Image version: debian-testing-amd64-netinst-20190522-5.iso
Date: 2019/05/23 18:40

Machine: KVM/QEMU amd64
Partitions: empty


Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [O]
Detect network card:[O]
Configure network:  [O]
Detect CD:  [O]
Load installer modules: [O]
Clock/timezone setup:   [O]
User/password setup:[O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[O]
Install tasks:  [O]
Install boot loader:[O]
Overall install:[E]

Comments/Problems:

I think the preseed for buster have changes from stretch and possibly
bugs.  This time I wanted to test the addition of an extra repository
to install software not in Debian.  But I can not make the installer
add the extra repo for installing the extra package.

deb http://www.calhariz.com/deb-ppa stretch main

Is a repo with only one deb file.  If I use the preseed in
www.calhariz.com to install stretch everything goes OK and I have the
extra package installed.  An almost same file does not work for buster.

diff -u stretch/preseed.cfg buster/preseed.cfg
--- stretch/preseed.cfg 2019-05-23 19:00:04.867300896 +0200
+++ buster/preseed.cfg  2019-05-23 19:20:06.542149304 +0200
@@ -55,7 +55,7 @@
 #d-i passwd/user-default-groups string audio cdrom video
 
 # Uncomment this if you don't want to use a network mirror.
-d-i apt-setup/use_mirror boolean false
+d-i apt-setup/use_mirror boolean true
 # Select which update services to use; define the mirrors to be used.
 # Values shown below are the normal defaults.
 d-i apt-setup/services-select multiselect



Kind regards
Jose M Calhariz


-- 
--
O que há de novo no windows 98:
Sistema de Arquivos
A nova FAT do Windows 98 garante que você não precise mais se incomodar
com a segurança do seu computador. O novo Scandisk faz com que seus arquivos
ocultos não sejam encontrados nem mesmo pelo próprio sistema operacional.
No caso de perda de um arquivo importante do sistema, o Windows 98
diagnostica e executa o Format C: automaticamente. Mais de 300 funções do
sistema tentarão impedir que você faça seu Winchester se comunicar com outro,
seja por cabo externo ou pelo próprio gabinete.


hardware-summary.gz
Description: application/gzip
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="10 (buster) - installer build 20190522-00:02:51"
X_INSTALLATION_MEDIUM=cdrom


partman.gz
Description: application/gzip


status.gz
Description: application/gzip


syslog.gz
Description: application/gzip


signature.asc
Description: PGP signature

Bug#929479: linux-image-4.19.0-5-amd64: Causes Xorg/modesetting dead displays due "failed to set mode: Invalid argument"

[Pekka Paalanen]

Package: src:linux
Version: 4.19.37-3
Severity: important

Dear Maintainer,

upgrading from linux-image-4.19.0-2-amd64 to linux-image-4.19.0-5-amd64 makes
Xorg with the modesetting driver unable to drive the two monitors I have
connected. If I reboot back to 4.19.0-2, Xorg/modesetting works fine.

The issue in Xorg manifests as the fbcon image never being replaced with the X
desktop image. I can see the cursor moving on top of the frozen fbcon image,
and Xorg remains running. If I kill my window manager, Xorg quits gracefully
and I'm back at fbcon as normal.

The relevant error message in Xorg log is:

(EE) modeset(0): failed to set mode: Invalid argument

I have heard rumours that the modesetting driver's atomic KMS path would be
poorly written and work only by accident. However, according to the kernel
regression rules, if upgrading the kernel causes something to fail, it is the
kernel's fault, hence reporting this against the kernel package.

It is quite possible the problem is related to multiple monitors on Intel
graphics.


Thanks,
pq

-- Package-specific info:
** Version:
Linux version 4.19.0-5-amd64 (debian-ker...@lists.debian.org) (gcc version 
8.3.0 (Debian 8.3.0-7)) #1 SMP Debian 4.19.37-3 (2019-05-15)

** Command line:
BOOT_IMAGE=/vmlinuz-4.19.0-5-amd64 root=/dev/mapper/eldfell--vg-eldfell--root 
ro video=HDMI-A-1:1600x1200R quiet

** Not tainted

** Kernel log:
[   11.729204] systemd[1]: Set hostname to .
[   11.828574] systemd[1]: Listening on udev Control Socket.
[   11.829216] systemd[1]: Listening on LVM2 poll daemon socket.
[   11.829297] systemd[1]: Listening on udev Kernel Socket.
[   11.829384] systemd[1]: Listening on fsck to fsckd communication Socket.
[   11.829556] systemd[1]: Set up automount Arbitrary Executable File Formats 
File System Automount Point.
[   11.829673] systemd[1]: Listening on Journal Audit Socket.
[   11.829726] systemd[1]: Started Dispatch Password Requests to Console 
Directory Watch.
[   11.848510] EXT4-fs (dm-2): re-mounted. Opts: errors=remount-ro
[   11.861153] lp: driver loaded but no devices found
[   11.863877] ppdev: user-space parallel port driver
[   11.929770] input: Power Button as 
/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input5
[   11.929781] ACPI: Power Button [PWRB]
[   11.930562] input: Power Button as 
/devices/LNXSYSTM:00/LNXPWRBN:00/input/input6
[   11.930575] ACPI: Power Button [PWRF]
[   11.961003] iTCO_vendor_support: vendor-support=0
[   11.961880] iTCO_wdt: Intel TCO WatchDog Timer Driver v1.11
[   11.961918] iTCO_wdt: Found a 9 Series TCO device (Version=2, TCOBASE=0x1860)
[   11.961980] iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)
[   11.998920] input: PC Speaker as /devices/platform/pcspkr/input/input7
[   11.999113] EFI Variables Facility v0.08 2004-May-17
[   12.007924] RAPL PMU: API unit is 2^-32 Joules, 4 fixed counters, 655360 ms 
ovfl timer
[   12.007926] RAPL PMU: hw unit of domain pp0-core 2^-14 Joules
[   12.007926] RAPL PMU: hw unit of domain package 2^-14 Joules
[   12.007927] RAPL PMU: hw unit of domain dram 2^-14 Joules
[   12.007928] RAPL PMU: hw unit of domain pp1-gpu 2^-14 Joules
[   12.010444] sd 3:0:0:0: Attached scsi generic sg0 type 0
[   12.014107] sd 4:0:0:0: Attached scsi generic sg1 type 0
[   12.014152] sr 7:0:0:0: Attached scsi generic sg2 type 5
[   12.014191] sd 9:0:0:0: Attached scsi generic sg3 type 0
[   12.014221] sd 9:0:0:1: Attached scsi generic sg4 type 0
[   12.014247] sd 9:0:0:2: Attached scsi generic sg5 type 0
[   12.014270] sd 9:0:0:3: Attached scsi generic sg6 type 0
[   12.027185] pstore: Registered efi as persistent store backend
[   12.079704] snd_hda_intel :00:03.0: enabling device ( -> 0002)
[   12.079844] snd_hda_intel :00:1b.0: enabling device ( -> 0002)
[   12.113415] snd_hda_codec_realtek hdaudioC1D0: autoconfig for ALC892: 
line_outs=3 (0x14/0x15/0x16/0x0/0x0) type:line
[   12.113417] snd_hda_codec_realtek hdaudioC1D0:speaker_outs=0 
(0x0/0x0/0x0/0x0/0x0)
[   12.113419] snd_hda_codec_realtek hdaudioC1D0:hp_outs=1 
(0x1b/0x0/0x0/0x0/0x0)
[   12.113420] snd_hda_codec_realtek hdaudioC1D0:mono: mono_out=0x0
[   12.113421] snd_hda_codec_realtek hdaudioC1D0:dig-out=0x11/0x1e
[   12.113422] snd_hda_codec_realtek hdaudioC1D0:inputs:
[   12.113423] snd_hda_codec_realtek hdaudioC1D0:  Front Mic=0x19
[   12.113424] snd_hda_codec_realtek hdaudioC1D0:  Rear Mic=0x18
[   12.113425] snd_hda_codec_realtek hdaudioC1D0:  Line=0x1a
[   12.129814] input: HDA Intel PCH Front Mic as 
/devices/pci:00/:00:1b.0/sound/card1/input8
[   12.129846] input: HDA Intel PCH Rear Mic as 
/devices/pci:00/:00:1b.0/sound/card1/input9
[   12.129875] input: HDA Intel PCH Line as 
/devices/pci:00/:00:1b.0/sound/card1/input10
[   12.129901] input: HDA Intel PCH Line Out Front as 
/devices/pci:00/:00:1b.0/sound/card1/input11
[   12.129928] input: HDA Intel PCH Line Out Surround as 

Bug#927667: gnome: please confirm or revert choice of Wayland for default desktop

[Jonathan Dowland]

reassign 927667 gdm3
tags 927667 +patch
thanks

On Fri, May 10, 2019 at 10:26:07AM +0100, Jonathan Dowland wrote:

Two ways of resolving this are: Either the default GNOME3 session in Debian
switched back to Xorg, or the default desktop session is switched away from
GNOME; but I would much prefer the former.


The attached debdiff (bringing back the similar change from 2016) seems
to work for me (tested in a VM) but I would appreciate any additional
testing that folks could spare.

The debdiff is an NMU but I currently have no plans to upload it as such.

Also available at:
   https://salsa.debian.org/gnome-team/gdm/merge_requests/8

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄
commit 049dc7f4142850ae34ea530b5447175dd8a3834e
Author: Jonathan Dowland 
Date:   Thu May 23 16:43:14 2019 +0100

postpone switch to Wayland as default, again

This is a repeat of 569d7f50fe3a06908886cefc5168126197fec570 from
2016, postponing the switch to Wayland for the default Debian
desktop. See #927667 for discussion.

diff --git a/debian/changelog b/debian/changelog
index fc06f058..d2e936f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+gdm3 (3.30.2-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Re-introduce debian/patches/09_default_session.patch, switching the
+default session back to "default", postponing a move to Wayland by
+default for Buster. Closes: #927667.
+
+ -- Jonathan Dowland   Fri, 24 May 2019 10:52:17 +0100
+
 gdm3 (3.30.2-3) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/09_default_session.patch b/debian/patches/09_default_session.patch
new file mode 100644
index ..d41fc744
--- /dev/null
+++ b/debian/patches/09_default_session.patch
@@ -0,0 +1,19 @@
+Description: Prefer (Xorg-based) desktop session
+ Default to "default.desktop" session, postponing a switch to
+ Wayland for the default Debian desktop.
+
+Origin: commit:569d7f50fe3a06908886cefc5168126197fec570
+Bug-Debian: https://bugs.debian.org/927667
+
+index ca06608c..3276b902 100644
+--- a/daemon/gdm-session.c
 b/daemon/gdm-session.c
+@@ -560,7 +560,7 @@ get_fallback_session_name (GdmSession *self)
+ }
+ }
+ 
+-name = g_strdup ("gnome");
++name = g_strdup ("default");
+ if (get_session_command_for_name (self, name, NULL)) {
+ g_free (self->priv->fallback_session_name);
+ self->priv->fallback_session_name = name;
diff --git a/debian/patches/series b/debian/patches/series
index 69745241..87fece76 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,6 +2,7 @@ manager-don-t-kill-timed-login-session-immediately-after-.patch
 manager-session-Add-some-debugging-around-starting-reauth.patch
 session-Don-t-allow-greeter-operations-on-an-running-sess.patch
 GdmManager-Don-t-perform-timed-login-if-session-gets-star.patch
+09_default_session.patch
 16_xserver_path.patch
 90_config_comments.patch
 91_dconf_database_path.patch

Bug#929478: unblock: live-tasks/0.7

[jonathan]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package live-tasks

This upload addresses the following metapackage issues:

  * Add ibus-m17n to live-task-localisation
(Closes: #866391)

  * Replace inetutils-ping with iputils-ping
(Closes: #924211)

  * Make live-task-standard depend on libnss-systemd
(Closes: #924214)

  * Use new new logind virtual packages
(Closes: #925331)

thanks,

-Jonathan

Bug#928967: unblock: needrestart/3.4-4

[Patrick Matthäi]

Am 14.05.2019 um 19:45 schrieb Jonathan Wiltshire:
> Control: tag -1 moreinfo
>
> On Tue, May 14, 2019 at 11:25:57AM +0200, Patrick Matthäi wrote:
>> +needrestart (3.4-3~bpo9+1) stretch-backports; urgency=medium
>> +
>> +  * Rebuild for stretch-backports.
>> +
>> + -- Patrick Matthäi   Wed, 24 Apr 2019 10:04:02 +0200
>> +
> This changelog entry should not be present; 3.4-3~bpo9+1 is not an
> ancestor of 3.4-4.
>
> Thanks,

Wow. For me it is important to have the whole history present in the
changelog. That this is a blocker...

So just for this I have uploaded now 3.4-5 which is more funnier, since
now the 3.4-3~bpo9+1 changelog entry is mentioned twice:

 needrestart (3.4-5) unstable; urgency=medium
 .
   * Remove 3.4-3~bpo9+1 changelog entry.

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: http://www.linux-dev.org/
E-Mail: pmatth...@debian.org
patr...@linux-dev.org
*/

Bug#903635: docker.io: use of iptables-legacy is incompatible with nftables-based iptables

[Jonathan Dowland]

Hi Arnaud - sorry I missed your messages until now.

On Fri, May 10, 2019 at 09:03:41AM +0700, Arnaud Rebillout wrote:

As I mentioned above, there's a discussion with a work in progress to
fix that upstream: https://github.com/docker/libnetwork/pull/2339

I don't think it will be ready in time for buster though. So I see two
solutions going forward:

- 1 Jonathan lower the severity of the bug so that it's not RC.


I'd rather not do that, because I think RC is the right classification;
*but* I don't feel necessarily (given the circumstances) that docker.io
should be removed from Buster, so can I instead suggest we request that
this bug is ignored for Buster? I think we need to ask the release team
to do that (and tag accordingly) but I'll double-check the procedure.


- 2 I import the patch from github, even though it's work in progress. I
will follow up and update the patch as soon as upstream release a proper
fix, and it will be included in a point release of buster.



If I don't get any feedback from you Jonathan in the following days,
I'll go for solution number 2 then.


I bow to your judgement as maintainer as to whether the partial fix is
worth applying on its own. Will the patch in #2339 address the specific
issue of what happens on package install?

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄

Bug#929477: ITP: Tool to administrate an association

[Mechtilde Stehmann]

Subject: ITP: Tool to administrate an association
Package: wnpp
Version: N/A; reported 2011-04-28
Severity: wishlist

* Package name : jverein
Version : 2.8.16
upstream Author : Heiner Jostkleigrewe heiner(at)jost-net.de
* URL : https://github.com/jverein/jverein
* License : GPL v3
Description : Tool to administrate an association

JVerein is an open source association administration with a connection
to the homebanking software Hibiscus, which is also under open source
license. The implementation is done with Java. The procedure
thus guaranteed on many platforms. Jameica is used as the GUI framework.

Please also include as much relevant information as possible.
Please also include as much relevant information as possible.
For example, consider answering the following questions:
- why is this package useful/relevant?

In Germany there are many small associations (esp. in the Free Software
community) which want to be administrated by Free Software

- do you use it?

Yes I use it for administration an association

- how do you plan to maintain it?

I want to maintain it inside the Java-Team
(https://salsa.debian.org/java-team)


-- System Information

-- 
Mechtilde Stehmann
## Debian Developer
## PGP encryption welcome
## F0E3 7F3D C87A 4998 2899  39E7 F287 7BBA 141A AD7F





signature.asc
Description: OpenPGP digital signature

Bug#929128: fonts-noto-cjk: not recognized by lualatex until mktexlsr

[Norbert Preining]

Hi all,

> It is a dpkg trigger on /u/s/fonts as far as I remember. That is, if files 
> are installed there the postins if tex-common should be called and the 
> necessary actions taken.

Sorry, completely wrong. We only have interest (dpkg-interest) in
/u/share/texmf/fonts etc.

So nothing will be triggered.

Matsumoto-san, I am actually surprised that mktexlsr call fixed it,
since luatex doesn't use ls-R files.

Do you have a way to reproduce this behaviour?

Best

Norbert

--
PREINING Norbert   http://www.preining.info
Accelia Inc. +JAIST +TeX Live +Debian Developer
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#929475: "webext-privacy-badger" should only recommend "fonts-open-sans"

[Protesilaos Stavrou]

Package: webext-privacy-badger
Version: 2019.2.19-1
Severity: wishlist

Dear Maintainer,

I believe the package "webext-privacy-badger" in Buster should not 
depend on "fonts-open-sans".  The latter can be defined as a recommended 
package instead.

Looking at Privacy Badger's source code (via `apt download`) it appears 
that "Open Sans" is only used on "firstRun.html".  That font is defined 
in /usr/share/webext/privacy-badger/skin/css/firstRun.css

A fallback "sans-serif" font is specified as well, meaning that the text 
will be displayed properly even without package "fonts-open-sans".

Thank you for your attention!

Best regards,
Protesilaos

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages webext-privacy-badger depends on:
ii  fonts-open-sans  1.11-1

Versions of packages webext-privacy-badger recommends:
ii  chromium 73.0.3683.75-1
ii  firefox-esr  60.6.3esr-1

webext-privacy-badger suggests no packages.

Bug#929472: facedetect: Facedetect can depend only on opencv-data instead of libopencv-dev

[Dominik Stadler]

Package: facedetect
Version: 0.1-2
Severity: normal
Tags: patch

This package currently has libopencv-dev as a runtime-dependency.

However the README states that either opencv-data or libopencv-dev need to
be installed.

In fact, when scanning the sources of the package, it seems only stuff from
/usr/share/opencv
is required, which is provided by opencv-data.

So the dependencies of facedetect can be reduced a lot by only depending on
opencv-data.

Otherwise many development packages are dragged in as part of
libopencv-data.

This also resolves #856593 as it would make the actually required
dependency on opencv-data explicit

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/1 CPU core)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages facedetect depends on:
ii  libopencv-dev   3.2.0+dfsg-6
ii  python3 3.7.2-1
ii  python3-opencv  3.2.0+dfsg-6

Versions of packages facedetect recommends:
ii  imagemagick  8:6.9.10.23+dfsg-2.1
ii  imagemagick-6.q16 [imagemagick]  8:6.9.10.23+dfsg-2.1

facedetect suggests no packages.

-- no debconf information
From 716a5bc890389c3ca9877a01738bcb280ac3b465 Mon Sep 17 00:00:00 2001
From: Dominik Stadler 
Date: Thu, 23 May 2019 19:27:19 +0200
Subject: [PATCH] Replace dependency on libopencv-dev with opencv-data

---
 debian/control | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index fd73cbb..c31695c 100644
--- a/debian/control
+++ b/debian/control
@@ -15,7 +15,7 @@ Package: facedetect
 Architecture: any
 Depends: ${misc:Depends},
  ${python3:Depends},
- libopencv-dev,
+ opencv-data,
  python3,
  python3-opencv
 Recommends: imagemagick
-- 
2.17.1

Bug#929473: sssd-kcm: talloc_abort call via schedule_fd_processing

[Sam Morris]

Package: sssd-kcm
Version: 1.16.3-3.1
Severity: important

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Having installed sssd-kcm and setting default_ccache_name = KCM: in
krb5.conf, after running kinit and klist a few times I started getting
the following crash:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x7f7ce3493535 in __GI_abort () at abort.c:79
#2  0x7f7ce3a8b621 in talloc_abort (reason=0x7f7ce3a99070 "Bad talloc magic 
value - unknown value")
at ../talloc.c:500
#3  0x7f7ce3a8b591 in talloc_abort_unknown_value () at ../talloc.c:529
#4  talloc_chunk_from_ptr (ptr=0x55db7c89de20) at ../talloc.c:529
#5  _talloc_free (ptr=0x55db7c89de20, location=0x55db7b05b27a 
"../src/util/tev_curl.c:449") at ../talloc.c:1747
#6  0x55db7b0378fb in schedule_fd_processing (multi=, 
timeout_ms=0, userp=)
at ../src/util/tev_curl.c:449
#7  0x7f7ce3af78cc in update_timer (multi=multi@entry=0x55db7c89d4a0) at 
multi.c:2941
#8  0x7f7ce3af8f76 in curl_multi_add_handle (data=0x55db7dcc6b80, 
multi=0x55db7c89d4a0) at multi.c:500
#9  curl_multi_add_handle (multi=0x55db7c89d4a0, data=0x55db7dcc6b80) at 
multi.c:376
#10 0x55db7b037fa9 in tcurl_request_send 
(mem_ctx=mem_ctx@entry=0x55db7c8aade0, ev=ev@entry=0x55db7c839830,
tcurl_ctx=tcurl_ctx@entry=0x55db7c89d480, 
tcurl_req=tcurl_req@entry=0x55db7dcc91d0, timeout=timeout@entry=5)
at ../src/util/tev_curl.c:700
#11 0x55db7b038a98 in tcurl_http_send (mem_ctx=0x55db7c8aade0, 
ev=ev@entry=0x55db7c839830,
tcurl_ctx=0x55db7c89d480, method=method@entry=TCURL_HTTP_GET,
socket_path=socket_path@entry=0x55db7b0534a3 "/var/run/secrets.socket", 
url=,
headers=0x55db7b0759b0 , body=0x0, timeout=5) at 
../src/util/tev_curl.c:1017
#12 0x55db7b02d659 in sec_list_send (mem_ctx=, 
ev=ev@entry=0x55db7c839830,
client=client@entry=0x55db7c89a7d0, secdb=) at 
../src/responder/kcm/kcmsrv_ccache_secrets.c:163
#13 0x55db7b02dc4e in sec_get_ccache_send (mem_ctx=, 
ev=ev@entry=0x55db7c839830,
secdb=secdb@entry=0x55db7c89a440, client=client@entry=0x55db7c89a7d0, 
name=name@entry=0x55db7c89d300 "1000",
uuid=uuid@entry=0x7fff37adda30 "") at 
../src/responder/kcm/kcmsrv_ccache_secrets.c:482
#14 0x55db7b02e16d in ccdb_sec_getbyname_send (mem_ctx=, 
ev=0x55db7c839830, db=,
client=0x55db7c89a7d0, name=0x55db7c89d300 "1000") at 
../src/responder/kcm/kcmsrv_ccache_secrets.c:1275
#15 0x55db7b025e39 in kcm_ccdb_getbyname_send (mem_ctx=, 
ev=ev@entry=0x55db7c839830,
db=0x55db7c89a220, client=0x55db7c89a7d0, name=0x55db7c89d300 "1000")
at ../src/responder/kcm/kcmsrv_ccache.c:692
#16 0x55db7b02fa6e in kcm_op_get_cred_by_uuid_send (mem_ctx=, ev=0x55db7c839830,
op_ctx=0x55db7dcc9110) at ../src/responder/kcm/kcmsrv_ops.c:1099
#17 0x55db7b02e9f3 in kcm_cmd_queue_done (subreq=0x0) at 
../src/responder/kcm/kcmsrv_ops.c:196
#18 0x7f7ce3aa7479 in tevent_common_invoke_immediate_handler 
(im=0x55db7c838460, removed=removed@entry=0x0)
at ../tevent_immediate.c:165
#19 0x7f7ce3aa74a3 in tevent_common_loop_immediate 
(ev=ev@entry=0x55db7c839830) at ../tevent_immediate.c:202
#20 0x7f7ce3aace5b in epoll_event_loop_once (ev=0x55db7c839830, 
location=)
at ../tevent_epoll.c:917
#21 0x7f7ce3aab2d7 in std_event_loop_once (ev=0x55db7c839830,
location=0x7f7ce36e8178 "../src/util/server.c:725") at 
../tevent_standard.c:110
#22 0x7f7ce3aa67e4 in _tevent_loop_once (ev=ev@entry=0x55db7c839830,
location=location@entry=0x7f7ce36e8178 "../src/util/server.c:725") at 
../tevent.c:772
#23 0x7f7ce3aa6a2b in tevent_common_loop_wait (ev=0x55db7c839830,
location=0x7f7ce36e8178 "../src/util/server.c:725") at ../tevent.c:895
#24 0x7f7ce3aab277 in std_event_loop_wait (ev=0x55db7c839830,
location=0x7f7ce36e8178 "../src/util/server.c:725") at 
../tevent_standard.c:141
#25 0x7f7ce36c38e3 in server_loop () from 
/usr/lib/x86_64-linux-gnu/sssd/libsss_util.so
#26 0x55db7b022c70 in main (argc=, argv=) at 
../src/responder/kcm/kcm.c:318

In sssd_kcm.log we have only the following message:

(Fri May 24 09:13:18 2019) [sssd[kcm]] [talloc_log_fn] (0x0010): Bad talloc 
magic value - unknown value

... putting debug_level=9 in the [kcm] section of sssd.conf doesn't
cause any more detailed messages to be logged.

- -- System Information:
Debian Release: 10.0
  APT prefers testing-debug
  APT policy: (550, 'testing-debug'), (550, 'testing'), (520, 
'unstable-debug'), (520, 'unstable'), (510, 'experimental-debug'), (510, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sssd-kcm depends on:
ii  libc62.28-10

Bug#929471: i2p: French debconf templates translation

[Jean-Philippe MENGUAL]

Package: i2p
Version: N/A
Severity: wishlist
Tags: patch l10n

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


Please find attached the french debconf templates translation, proofread
by the debian-l10n-french mailing list contributors.

This file should be put as debian/po/fr.po in your package build tree.

Regards


-- System Information:
Debian Release: 10.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
# translation of i2p po debconf to French
# French translation of the i2p's po debconf
# Traduction des messages de debconf pour l paquet i2p
# Copyright (C) 2012 à 2019
# This file is distributed under the same license as the PACKAGE package.
#
# Translators:
# Boxoa590, 2012
# Towinet, 2013,2015
# syl_, 2015
# French language coordinator , 2017
# Stéphane Moureau, 2017
msgid ""
msgstr ""
"Project-Id-Version: I2P\n"
"Report-Msgid-Bugs-To: i...@packages.debian.org\n"
"POT-Creation-Date: 2017-11-12 14:01+\n"
"PO-Revision-Date: 2019-05-11 09:59+0200\n"
"Last-Translator: Jean-Philippe MENGUAL \n"
"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"

#. Type: boolean
#. Description
#: ../i2p.templates:2001
msgid "Should the I2P router be started at boot?"
msgstr "Faut-il lancer le routeur I2P au démarrage ?"

#. Type: boolean
#. Description
#: ../i2p.templates:2001
msgid ""
"The I2P router can be run as a daemon that starts automatically when your "
"computer boots up. This is the recommended configuration."
msgstr ""
"Le routeur I2P peut être exécuté comme un démon automatiquement quand "
"l’ordinateur démarre. C'est la configuration recommandée."

#. Type: string
#. Description
#: ../i2p.templates:3001
msgid "I2P daemon user:"
msgstr "Utilisateur du démon d’I2P :"

#. Type: string
#. Description
#: ../i2p.templates:3001
msgid ""
"By default I2P is configured to run under the account i2psvc when running as "
"a daemon. To use an **existing** I2P profile you may enter a different "
"account name here. For example, if your previous I2P installation is at /"
"home/user/i2p, you may enter 'user' here."
msgstr ""
"Par défaut, I2P est configuré pour fonctionner avec le compte i2psvc quand "
"il fonctionne comme démon. Pour utiliser un profil d’I2P **existant**, vous "
"pouvez saisir ici un nom de compte différent. Par exemple, si votre "
"installation précédente d’I2P se trouve dans /home/utilisateur/i2p, vous 
pouvez "
"saisir l’utilisateur ici."

#. Type: string
#. Description
#: ../i2p.templates:3001
msgid ""
"Very important: If a user other than the default of 'i2psvc' is entered "
"here, the chosen username *MUST* already exist."
msgstr ""
"Très important : si un utilisateur autre que le compte « i2psvc » par défaut "
"est saisi ici, le nom d’utilisateur choisi *DOIT* déjà exister."

#. Type: string
#. Description
#: ../i2p.templates:4001
msgid "Memory that can be allocated to I2P:"
msgstr "Mémoire pouvant être allouée à I2P :"

#. Type: string
#. Description
#: ../i2p.templates:4001
msgid "By default, I2P will only be allowed to use up to 128MB of RAM."
msgstr ""
"Par défaut, I2P ne sera autorisé à utiliser que jusqu’à 128 Mo de mémoire "
"vive."

#. Type: string
#. Description
#: ../i2p.templates:4001
msgid ""
"High bandwidth routers, as well as routers with a lot of active torrents / "
"plugins, may need to have this value increased."
msgstr ""
"Cette valeur peut nécessiter d’être augmentée pour les routeurs à haut débit, 
ainsi "
"que pour les routeurs ayant beaucoup de torrents ou de greffons actifs."

#. Type: boolean
#. Description
#: ../i2p.templates:5001
msgid "Should the I2P daemon be confined with AppArmor?"
msgstr "Faut-il exécuter le démon I2P confiné avec AppArmor ?"

#. Type: boolean
#. Description
#: ../i2p.templates:5001
msgid ""
"With this option enabled I2P will be sandboxed with AppArmor, restricting "
"which files and directories may be accessed by I2P."
msgstr ""
"Si cette option est activée, I2P sera exécuté dans un bac à sable avec "
"AppArmor, restreignant l’accès par I2P à des fichiers et répertoires "
"particuliers."

Bug#929283: zookeeper: CVE-2019-0201: information disclosure vulnerability

[Chris Lamb]

tags 929283 + patch
thanks

Hi Moritz,

> > > zookeeper: CVE-2019-0201: information disclosure vulnerability
> > 
> > Happy to prepare an update for stretch; I plan to do one for jessie
> > LTS (which, helpfully, has the same version...)
> 
> Sounds good, we should fix that in Stretch. I've just added the reference
> to the upstream commit in the 3.4 branch to the Security Tracker.

Thanks. Here is my diff:

diff --git a/debian/changelog b/debian/changelog
index ea8c13e..6e92313 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+zookeeper (3.4.9-3+deb9u2) stretch-security; urgency=high
+
+  * CVE-2019-0201: Prevent an information disclosure vulnerability where users
+who were not authorised to read data were able to view the access control
+list. (Closes: #929283)
+
+ -- Chris Lamb   Fri, 24 May 2019 08:57:53 +0100
+
 zookeeper (3.4.9-3+deb9u1) stretch-security; urgency=high
 
   * Team upload.
diff --git a/debian/patches/CVE-2019-11579.patch 
b/debian/patches/CVE-2019-11579.patch
new file mode 100644
index 000..e4c314c
--- /dev/null
+++ b/debian/patches/CVE-2019-11579.patch
@@ -0,0 +1,57 @@
+--- 
zookeeper-3.4.9.orig/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java
 
zookeeper-3.4.9/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java
+@@ -20,6 +20,7 @@ package org.apache.zookeeper.server;
+ 
+ import java.io.IOException;
+ import java.nio.ByteBuffer;
++import java.util.ArrayList;
+ import java.util.List;
+ 
+ import org.apache.jute.Record;
+@@ -32,6 +33,7 @@ import org.apache.zookeeper.KeeperExcept
+ import org.apache.zookeeper.KeeperException.SessionMovedException;
+ import org.apache.zookeeper.ZooDefs.OpCode;
+ import org.apache.zookeeper.data.ACL;
++import org.apache.zookeeper.data.Id;
+ import org.apache.zookeeper.data.Stat;
+ import org.apache.zookeeper.proto.CreateResponse;
+ import org.apache.zookeeper.proto.ExistsRequest;
+@@ -308,10 +310,35 @@ public class FinalRequestProcessor imple
+ GetACLRequest getACLRequest = new GetACLRequest();
+ ByteBufferInputStream.byteBuffer2Record(request.request,
+ getACLRequest);
++DataNode n = 
zks.getZKDatabase().getNode(getACLRequest.getPath());
++if (n == null) {
++throw new KeeperException.NoNodeException();
++}
++PrepRequestProcessor.checkACL(zks, 
zks.getZKDatabase().aclForNode(n),
++ZooDefs.Perms.READ | ZooDefs.Perms.ADMIN,
++request.authInfo);
++
+ Stat stat = new Stat();
+-List acl = 
+-zks.getZKDatabase().getACL(getACLRequest.getPath(), stat);
+-rsp = new GetACLResponse(acl, stat);
++List acl =
++zks.getZKDatabase().getACL(getACLRequest.getPath(), 
stat);
++try {
++PrepRequestProcessor.checkACL(zks, 
zks.getZKDatabase().aclForNode(n),
++ZooDefs.Perms.ADMIN,
++request.authInfo);
++rsp = new GetACLResponse(acl, stat);
++} catch (KeeperException.NoAuthException e) {
++List acl1 = new ArrayList(acl.size());
++for (ACL a : acl) {
++if ("digest".equals(a.getId().getScheme())) {
++Id id = a.getId();
++Id id1 = new Id(id.getScheme(), 
id.getId().replaceAll(":.*", ":x"));
++acl1.add(new ACL(a.getPerms(), id1));
++} else {
++acl1.add(a);
++}
++}
++rsp = new GetACLResponse(acl1, stat);
++}
+ break;
+ }
+ case OpCode.getChildren: {
diff --git a/debian/patches/series b/debian/patches/series
index 9dd03d0..c0b9747 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@
 09-spell-check.patch
 10-CVE-2017-5637.patch
 CVE-2018-8012.patch
+CVE-2019-11579.patch


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#929363: enigmail: CVE-2019-12269

[Salvatore Bonaccorso]

Source: enigmail
Source-Version: 2:2.0.11+ds1-1

On Wed, May 22, 2019 at 02:25:42PM +0200, Salvatore Bonaccorso wrote:
> Source: enigmail
> Version: 2:2.0.10+ds1-1
> Severity: important
> Tags: security upstream
> Forwarded: https://sourceforge.net/p/enigmail/bugs/983/
> 
> Hi,
> 
> The following vulnerability was published for enigmail.
> 
> CVE-2019-12269[0]:
> | Enigmail before 2.0.11 allows PGP signature spoofing: for an inline
> | PGP message, an attacker can cause the product to display a "correctly
> | signed" message indication, but display different unauthenticated
> | text.

This issue was adressed 2.0.11 upstream, closing manually.

Regards,
Salvatore

Bug#929470: facedetect: Facedetect can depend on opencv-data instead of libopencv-dev

[Dominik Stadler]

Package: facedetect
Version: 0.1-2
Severity: normal
Tags: patch

This package currently has libopencv-dev as a runtime-dependency. 

However the README states that either opencv-data or libopencv-dev need to be 
installed.

In fact, when scanning the sources of the package, it seems only stuff from 
/usr/share/opencv 
is required, which is provided by opencv-data.

So the dependencies of facedetect can be reduced a lot by only depending on 
opencv-data. 

Otherwise many development packages are dragged in as part of libopencv-data.


-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/1 CPU core)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages facedetect depends on:
ii  libopencv-dev   3.2.0+dfsg-6
ii  python3 3.7.2-1
ii  python3-opencv  3.2.0+dfsg-6

Versions of packages facedetect recommends:
ii  imagemagick  8:6.9.10.23+dfsg-2.1
ii  imagemagick-6.q16 [imagemagick]  8:6.9.10.23+dfsg-2.1

facedetect suggests no packages.

-- no debconf information
>From 716a5bc890389c3ca9877a01738bcb280ac3b465 Mon Sep 17 00:00:00 2001
From: Dominik Stadler 
Date: Thu, 23 May 2019 19:27:19 +0200
Subject: [PATCH] Replace dependency on libopencv-dev with opencv-data

---
 debian/control | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index fd73cbb..c31695c 100644
--- a/debian/control
+++ b/debian/control
@@ -15,7 +15,7 @@ Package: facedetect
 Architecture: any
 Depends: ${misc:Depends},
  ${python3:Depends},
- libopencv-dev,
+ opencv-data,
  python3,
  python3-opencv
 Recommends: imagemagick
-- 
2.17.1

Bug#929128: fonts-noto-cjk: not recognized by lualatex until mktexlsr

[Norbert Preining]

Sorry for brevity, traveling with daughter intercontinental.

It is a dpkg trigger on /u/s/fonts as far as I remember. That is, if files are 
installed there the postins if tex-common should be called and the necessary 
actions taken.

I will look into it and see what is the reason, my guess is that it is not 
mktexlsr but some mtxrun invocation that is necessary.

More later

Norbert

On May 24, 2019 7:04:31 AM GMT+02:00, Hideki Yamane  
wrote:
>Hi,
>
>On Fri, 24 May 2019 13:15:46 +0900 (JST)
>Ryutaroh Matsumoto  wrote:
>> "postinst" scripts are very different between
>> fonts-ipaexfont-mincho and fonts-noto-cjk.
>
> Yes, but it's for obsolete config and alternatives.
>
>
>> mktexlsr in installation of a font package is executed
>> as a trigger to tex-common as we often see
>> "Processing triggers for tex-common", if I understand it
>> correctly. 
>
> How is this triggered?


--
PREINING Norbert http://www.preining.info
Accelia Inc. + JAIST + TeX Live + Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#929387: unblock: libssh/0.8.7-1

[Martin Pitt]

Control: retitle -1 unblock: libssh/0.8.7-1
Control: tag -1 -moreinfo

Hello Niels,

Niels Thykier [2019-05-23  6:13 +]:
> Please go ahead with the upload (with the debdiff attached to your
> initial mail in the bug) and remove the moreinfo tag once it is in
> unstable ready to be unblocked (e.g. autopkgtests have succeeded).

Done. Builds and excuses are happy (https://tracker.debian.org/pkg/libssh) and
autopkgtests have run (https://ci.debian.net/packages/libs/libssh/).

Thanks,

Martin

Bug#929469: systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"

[Raphaël Hertzog]

Package: systemd
Version: 241-3
Severity: serious
File: systemd-networkd
User: de...@kali.org
Usertags: origin-kali

I upgraded an (OVH) dedicated server to Debian buster with systemd 241-3 and
while it rebooted correctly, the network did not came back. Looking into
the logs I saw the following messages:

May 20 12:37:10 euterpe systemd-networkd[756]: eno3: Could not bring up 
interface: Invalid argument
May 20 12:37:14 euterpe systemd-networkd[756]: eno3: Gained carrier
May 20 12:37:14 euterpe systemd-networkd[756]: eno3: could not set address: 
Permission denied

The configuration in use is the following:
$ cat /etc/systemd/network/50-default.network
# This file sets the IP configuration of the primary (public) network device.
# You can also see this as "OSI Layer 3" config.
# It was created by the OVH installer, please be careful with modifications.
# Documentation: man systemd.network or 
https://www.freedesktop.org/software/systemd/man/systemd.network.html

[Match]
MACAddress=ac:1f:6b:67:cd:e8

[Network]
Description=network interface on public network, with default route
DHCP=no
Address=54.39.104.6/24
Gateway=54.39.104.254
#IPv6AcceptRA=false
NTP=ntp.ovh.net
DNS=127.0.0.1
DNS=213.186.33.99
DNS=2001:41d0:3:163::1
Gateway=2607:5300:0203:39ff:ff:ff:ff:ff

[Address]
Address=2607:5300:0203:3906::/64

[Route]
Destination=2607:5300:0203:39ff:ff:ff:ff:ff
Scope=link

$ cat /etc/systemd/network/50-public-interface.link
# This file configures the relation between network device and device name.
# You can also see this as "OSI Layer 2" config.
# It was created by the OVH installer, please be careful with modifications.
# Documentation: man systemd.link or 
https://www.freedesktop.org/software/systemd/man/systemd.link.html

[Match]
MACAddress=ac:1f:6b:67:cd:e8

[Link]
Description=network interface on public network, with default route
MACAddressPolicy=persistent
NamePolicy=kernel database onboard slot path mac
#Name=eth0  # name under which this interface is known under OVH rescue 
system
#Name=eno3  # name under which this interface is probably known by systemd

The ethernet card is the following:
$ lspci -v
[...]
03:00.0 Ethernet controller: Intel Corporation Ethernet Connection X552/X557-AT 
10GBASE-T
Subsystem: Super Micro Computer Inc Ethernet Connection X552/X557-AT 
10GBASE-T
Flags: bus master, fast devsel, latency 0, IRQ 11
Memory at 383fffc0 (64-bit, prefetchable)
Memory at 383fffe04000 (64-bit, prefetchable)
Expansion ROM at fb18 [disabled]
Capabilities: [40] Power Management version 3
Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
Capabilities: [a0] Express Endpoint, MSI 00

03:00.1 Ethernet controller: Intel Corporation Ethernet Connection X552/X557-AT 
10GBASE-T
Subsystem: Super Micro Computer Inc Ethernet Connection X552/X557-AT 
10GBASE-T
Flags: bus master, fast devsel, latency 0, IRQ 10
Memory at 383fffa0 (64-bit, prefetchable)
Memory at 383fffe0 (64-bit, prefetchable)
Expansion ROM at fb10 [disabled]
Capabilities: [40] Power Management version 3
Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
Capabilities: [a0] Express Endpoint, MSI 00
[...]

It is handled by the "ixgbe" kernel driver:
$ grep ixgbe /var/log/kern.log:
May 23 21:19:38 euterpe kernel: [1.896199] ixgbe: Intel(R) 10 Gigabit PCI 
Express Network Driver - version 5.1.0-k
May 23 21:19:38 euterpe kernel: [1.908671] ixgbe: Copyright (c) 1999-2016 
Intel Corporation.
May 23 21:19:38 euterpe kernel: [3.471556] ixgbe :03:00.0: Multiqueue 
Enabled: Rx Queue count = 8, Tx Queue count = 8 XDP Queue count = 0
May 23 21:19:38 euterpe kernel: [3.619415] ixgbe :03:00.0: MAC: 5, PHY: 
7, PBA No: 023A00-000
May 23 21:19:38 euterpe kernel: [3.628980] ixgbe :03:00.0: 
ac:1f:6b:67:cd:e8
May 23 21:19:38 euterpe kernel: [3.689232] ixgbe :03:00.0: Intel(R) 10 
Gigabit Network Connection
May 23 21:19:38 euterpe kernel: [5.487530] ixgbe :03:00.1: Multiqueue 
Enabled: Rx Queue count = 8, Tx Queue count = 8 XDP Queue count = 0
May 23 21:19:38 euterpe kernel: [5.627263] ixgbe :03:00.1: MAC: 5, PHY: 
7, PBA No: 023A00-000
May 23 21:19:38 euterpe kernel: [5.634459] ixgbe :03:00.1: 
ac:1f:6b:67:cd:e9
May 23 21:19:38 euterpe kernel: [5.696963] ixgbe :03:00.1: Intel(R) 10 
Gigabit Network Connection
May 23 21:19:38 euterpe kernel: [5.707134] ixgbe :03:00.1 eno4: renamed 
from eth1
May 23 21:19:38 euterpe kernel: [5.733678] ixgbe :03:00.0 eno3: renamed 
from eth0
May 23 21:19:39 euterpe kernel: [   22.934955] ixgbe :03:00.0: registered 
PHC device on eno3
May 23 21:19:43 euterpe kernel: [   27.453172] ixgbe :03:00.0 eno3: NIC 
Link is Up 1 Gbps, Flow Control: None


Trying to narrow 

Bug#929468: wolfssl: CVE-2019-11873

[Salvatore Bonaccorso]

Source: wolfssl
Version: 3.15.3+dfsg-2
Severity: grave
Tags: security upstream

Hi,

The following vulnerability was published for wolfssl.

CVE-2019-11873[0]:
| wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when
| a current identity size is greater than a client identity size. An
| attacker sends a crafted hello client packet over the network to a
| TLSv1.3 wolfSSL server. The length fields of the packet: record
| length, client hello length, total extensions length, PSK extension
| length, total identity length, and identity length contain their
| maximum value which is 2^16. The identity data field of the PSK
| extension of the packet contains the attack data, to be stored in the
| undefined memory (RAM) of the server. The size of the data is about 65
| kB. Possibly the attacker can perform a remote code execution attack.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-11873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11873

Please adjust the affected versions in the BTS as needed, could you
double check 3.15.3 is affected.

Regards,
Salvatore

Bug#929266: axis: CVE-2019-0227

[Sylvain Beucler]

Hi!

On Thu, May 23, 2019 at 11:42:51PM +0200, Markus Koschany wrote:
> On Mon, 20 May 2019 12:20:31 +0200 Sylvain Beucler  wrote:
> > Package: axis
> > X-Debbugs-CC: t...@security.debian.org
> > Tags: security
> > 
> > The following vulnerability was published for axis.
> > 
> > CVE-2019-0227[0]:
> > | A Server Side Request Forgery (SSRF) vulnerability affected the Apache
> > | Axis 1.4 distribution that was last released in 2006. Security and bug
> > | commits commits continue in the projects Axis 1.x Subversion
> > | repository, legacy users are encouraged to build from source. The
> > | successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not
> > | vulnerable to this issue.
> > 
> > The vulnerable 'StockQuoteService.jws' is not present in Debian binary
> > packages, however a SSRF mitigation was also committed [1].
> 
> I believe the SSRF mitigation should be viewed in the context of the
> vulnerable StockQuoteService.jws file.

AFAIU the vulnerable StockQuoteService.jws is fixed by its removal,
and similar XMLUtils-based services need the mitigation.
In either case the root SSRF issue is not fixed.


> Since we don't ship this file in
> our binary packages, I think it is correct to mark the issue as
> unimportant. However I agree it is sensible to change
> uconn.setInstanceFollowRedirects(true) to
> uconn.setInstanceFollowRedirects(false).
> 
> I don't think it is likely that this issue is somehow exploited when
> using our Debian package. We use axis mainly as a build-dependency for
> other packages. We could change the default for
> uconn.setInstanceFollowRedirects in Buster but keep it this way in
> Jessie and Stretch.

I trust your judgement on this.


> It is nice to know that there is ongoing work on axis1. I think we could
> update this package after the freeze and track the new upstream
> development at
> 
> https://github.com/apache/axis1-java/

The canonical repo is at
https://svn.apache.org/viewvc/axis/axis1/java/trunk/
(it would be good it Apache updated their SVN page..)

Cheers!
Sylvain

Bug#929467: RFS: tfortune-1.0.0 [ITP]

[Andre Noll]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "tfortune":

 * Package name: tfortune
   Version : 1.0.0
   Upstream Author : Andre Noll 
 * URL : http://people.tuebingen.mpg.de/maan/tfortune/
 * License : GPLv3
   Section : games

It builds the following binary package:

tfortune - fortune cookies with tags

About: tfortune is a re-implementation of the venerable fortune
program with a couple of additional features for epigram selection
and management. It depends on the lopsub library which was recently
uploaded to unstable but has no other unusual requirements.

Quoting from the above web page:

Like fortune(1), tfortune is a Unix command line utility which prints
a random epigram. Epigrams are stored as plain text files, but they
must be annotated with tags to make full use of the features which
tfortune offers over other implementations.

Tfortune has a built-in matching language for epigrams. User-supplied
tag expressions define subsets of admissible epigrams. If a tag
expression is given, epigrams are picked from the admissible subset
only.

You can grab a copy by running

git clone git://git.tuebingen.mpg.de/tfortune/

This will get you three branches: master, pu, and t/debian

The t/debian branch contains a two of commits on top of master which
add the debian/ directory with the usual files in it. The commands

git checkout origin/t/debian
git archive --prefix tfortune-1.0.0/ @ | xz > 
../tfortune_1.0.0.orig.tar.xz
dpkg-buildpackage

should work as expected. This has been tested on debian-9, debian-10
and debian-11.

Thanks
Andre
-- 
Max Planck Institute for Developmental Biology
Max-Planck-Ring 5, 72076 Tübingen, Germany. Phone: (+49) 7071 601 829
http://people.tuebingen.mpg.de/maan/


signature.asc
Description: PGP signature

Bug#923930: FTBFS: FAIL test_chain

[Brian May]

Jeffrey Altman  writes:

> The following commit has been merged to heimdal-7-1-branch.
>
> ...
>
> commit 8ed97b8583e000288b40a14efb901cbaf4c5d5c7 (origin/heimdal-7-1-branch)
> Author: Quanah Gibson-Mount 
> Date:   Thu May 23 15:06:33 2019 +
>
> Regenerate certs so that they expire before the 2038 armageddon so the
> test suite will pass on 32-bit operating systems until the underlying
> issues can be resolved.
>

Thanks for this.
-- 
Brian May 

Bug#888548: kismet: Update to a more recent version

[Sophie Brun]

Hi,

Upstream released finally a new version (and it's not a beta version).
See https://www.kismetwireless.net/downloads/:
the new version is 2019-04-R1

It would be great to have the new version in Debian.

Thanks!

Regards,

Sophie

On Thu, 6 Dec 2018 20:56:35 + Daniel Moran  wrote:
> Hi,
> 
> The Kismet downloads page now shows a new version.
> 
> Would it be possible to update the Kismet package?
> Or would a "Kismet-Beta" package be a better option?
> 
> Thanks,
> Dan
> 
> On Sat, 27 Jan 2018 23:47:13 +0100 Nikos Andrikos
>  wrote:
> > Hi Thomas,
> > 
> > From what I see there is no newer release in the downloads page:
> > https://www.kismetwireless.net/download.shtml
> > 
> > Do you think there are changes to be included in a new release?
> > If yes, we should contact upstream in order to ask them about.
> > 
> > Kind regards,
> > Nick

Bug#929462: systemd-journal-remote: systemd-journal-upload user missing

[Martin Pitt]

Hello Paul,

Paul Emmerich [2019-05-24  2:24 +0200]:
> May 22 07:23:34 ceph06 systemd[40869]: systemd-journal-upload.service: Failed 
> at step USER spawning /usr/local/bin/update-journal-configuration.sh: No such 
> process

^ What does this script do? This is clearly a local customization, and if it
relies on the name of the dynamic user, then you may well just miss
libnss-systemd.

Martin

Bug#929466: freeradius: CVE-2019-10143: privilege escalation due to insecure logration

[Salvatore Bonaccorso]

Source: freeradius
Version: 3.0.17+dfsg-1.1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/FreeRADIUS/freeradius-server/pull/2666

Hi,

The following vulnerability was published for freeradius.

CVE-2019-10143[0]:
privilege escalation due to insecure logration

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-10143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10143
[1] https://github.com/FreeRADIUS/freeradius-server/pull/2666

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#929128: fonts-noto-cjk: not recognized by lualatex until mktexlsr

[Ryutaroh Matsumoto]

>> mktexlsr in installation of a font package is executed
>> as a trigger to tex-common as we often see
>> "Processing triggers for tex-common", if I understand it
>> correctly. 
> 
>  How is this triggered?

For the case of "fonts-ipaex-mincho",
"apt-get install texlive-full" installs "fonts-ipaex-mincho"
and "texlive-fonts-recommended" by the dependency.
Then the "postinst" in "texlive-fonts-recommended"
runs "update-texmf-config map", which in turn runs
"mktexlsr".

That's my understanding.

Ryutaroh

From: Hideki Yamane 
Subject: Re: Bug#929128: fonts-noto-cjk: not recognized by lualatex until 
mktexlsr
Date: Fri, 24 May 2019 14:04:31 +0900

> Hi,
> 
> On Fri, 24 May 2019 13:15:46 +0900 (JST)
> Ryutaroh Matsumoto  wrote:
>> "postinst" scripts are very different between
>> fonts-ipaexfont-mincho and fonts-noto-cjk.
> 
>  Yes, but it's for obsolete config and alternatives.
> 
> 
>> mktexlsr in installation of a font package is executed
>> as a trigger to tex-common as we often see
>> "Processing triggers for tex-common", if I understand it
>> correctly. 
> 
>  How is this triggered?
> 
> 
> -- 
> Hideki Yamane 

Bug#929465: Missed icons in dmz-cursor-theme

[Ivan Romanov]

Package: dmz-cursor-theme
Version: 0.4.5
Tags: patch

I'm maintainer of dmz-cursor-themes package in Fedora. This package
based on Debian packages sources. I don't know how it works in Debian
but in Fedora some cursors was missed. I Added extra symbolic links to
fix this. Also I enabled *hand1* icon becouse pointer hand is not
correct for dragging operation. Package in Fedora
https://src.fedoraproject.org/rpms/dmz-cursor-themes/tree/master

==

diff --git a/DMZ-Black/pngs/make.sh b/DMZ-Black/pngs/make.sh
index c5bd90d..08eeccf 100755
--- a/DMZ-Black/pngs/make.sh
+++ b/DMZ-Black/pngs/make.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 mkdir ../xcursors
 xcursorgen left_ptr_watch.in ../xcursors/left_ptr_watch
-#xcursorgen hand1.in ../xcursors/hand1
+xcursorgen hand1.in ../xcursors/hand1
 xcursorgen hand2.in ../xcursors/hand2
 xcursorgen left_ptr.in ../xcursors/left_ptr
 #xcursorgen center_ptr.in ../xcursors/center_ptr
@@ -76,7 +76,6 @@ ln -sfcross
diamond_cross ln -sfhand2
9d800788f1b08800ae810202380a0822 ln -sf
hand2   e29285e634086352946a0e7090d73106
ln -sfhand2 hand -ln -sf
hand2   hand1 ln -sf
grabbingfleur ln -sfquestion_arrow
d9ce0ab605698f320427677b458ad60b ln -sfquestion_arrow
5c6cd98b3f3ebcb1f9c7f1c204630408 @@ -97,5 +96,32 @@ ln -sf
sb_v_double_arrow v_double_arrow ln -sfsb_v_double_arrow
2870a09082c103050810ffde0204 ln -sfv_double_arrow
81600681408080010102 #ln -sfcenter_ptr
centre_ptr +ln -sfleft_ptr  default
+ln -sfhand  pointer
+ln -sfleft_ptr_watchprogress
+ln -sfwatch wait
+ln -sfxterm text
+ln -sfdnd-link  alias
+ln -sfcrossed_circlenot-allowed
+ln -sfhand1 grab
+ln -sfsb_h_double_arrow col-resize
+ln -sfsb_v_double_arrow row-resize
+ln -sftop_side  n-resize
+ln -sfright_sidee-resize
+ln -sfbottom_side   s-resize
+ln -sfleft_side w-resize
+ln -sftop_right_corner  ne-resize
+ln -sftop_left_corner   nw-resize
+ln -sfbottom_left_corner sw-resize
+ln -sfbottom_right_corner se-resize
+ln -sfsb_h_double_arrow ew-resize
+ln -sfsb_v_double_arrow ns-resize
+ln -sffd_double_arrow   nesw-resize
+ln -sfbd_double_arrow   nwse-resize
+ln -sfbd_double_arrow   size_fdiag
+ln -sffd_double_arrow   size_bdiag
+ln -sfsb_h_double_arrow size_hor
+ln -sfsb_v_double_arrow size_ver
+ln -sffleur size_all
 
 #cp -RPv * /usr/share/icons/dmz-aa/cursors/
diff --git a/DMZ-White/pngs/make.sh b/DMZ-White/pngs/make.sh
index 882a398..80120cc 100755
--- a/DMZ-White/pngs/make.sh
+++ b/DMZ-White/pngs/make.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 mkdir ../xcursors
 xcursorgen left_ptr_watch.in ../xcursors/left_ptr_watch
-#xcursorgen hand1.in ../xcursors/hand1
+xcursorgen hand1.in ../xcursors/hand1
 xcursorgen hand2.in ../xcursors/hand2
 xcursorgen left_ptr.in ../xcursors/left_ptr
 #xcursorgen center_ptr.in ../xcursors/center_ptr
@@ -76,7 +76,6 @@ ln -sfcross
diamond_cross ln -sfhand2
9d800788f1b08800ae810202380a0822 ln -sf
hand2   e29285e634086352946a0e7090d73106
ln -sfhand2 hand -ln -sf
hand2   hand1 ln -sf
grabbingfleur ln -sfquestion_arrow
d9ce0ab605698f320427677b458ad60b ln -sfquestion_arrow
5c6cd98b3f3ebcb1f9c7f1c204630408 @@ -97,5 +96,32 @@ ln -sf
sb_v_double_arrow v_double_arrow ln -sfsb_v_double_arrow
2870a09082c103050810ffde0204 ln -sfv_double_arrow
81600681408080010102 #ln -sfcenter_ptr
centre_ptr +ln -sfleft_ptr  default
+ln -sfhand  pointer
+ln -sfleft_ptr_watchprogress
+ln -sfwatch wait
+ln -sfxterm text
+ln -sfdnd-link  alias
+ln -sfcrossed_circlenot-allowed
+ln -sfhand1 grab
+ln -sfsb_h_double_arrow col-resize
+ln -sfsb_v_double_arrow row-resize
+ln -sftop_side  n-resize
+ln -sfright_sidee-resize
+ln -sfbottom_side   s-resize
+ln -sfleft_side w-resize
+ln -sftop_right_corner  ne-resize
+ln -sftop_left_corner   nw-resize
+ln -sfbottom_left_corner sw-resize
+ln -sfbottom_right_corner se-resize
+ln -sfsb_h_double_arrow ew-resize
+ln -sfsb_v_double_arrow ns-resize
+ln -sffd_double_arrow   nesw-resize
+ln -sfbd_double_arrow   nwse-resize
+ln -sfbd_double_arrow   size_fdiag
+ln -sffd_double_arrow   size_bdiag
+ln -sfsb_h_double_arrow size_hor
+ln -sfsb_v_double_arrow size_ver
+ln -sffleur size_all
 
 #cp -RPv * /usr/share/icons/Vanilla-DMZ/cursors/

Bug#929464: libreoffice-writer: [Table] Can’t create rowspan=2 cells as I wish

[Stuart Prescott]

Hi Nicolas,

> I’d like to create tables with odd cells with rowspan=2, just like below:
> 
> +-+-+
> 
> +-+ |
> 
> | +-+
> 
> +-+ |
> 
> +-+-+
> 
> LO-writer destroys the too large cells.

As a work-around for the time being, you can make this pattern if you include 
a 3rd column in the table. You can't delete the third column or the remaining 
cells get merged as you say, but you can set the 3rd column to approximately 
zero size and make its borders invisible.

cheers
Stuart

-- 
Stuart Prescotthttp://www.nanonanonano.net/   stu...@nanonanonano.net
Debian Developer   http://www.debian.org/ stu...@debian.org
GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7

Bug#929464: libreoffice-writer: [Table] Can’t create rowspan=2 cells as I wish

[Nicolas Patrois]

Package: libreoffice-writer
Version: 1:6.1.5-3
Severity: wishlist
Tags: upstream

Dear Maintainer,

I’d like to create tables with odd cells with rowspan=2, just like below:

+-+-+
| | |
+-+ |
| | |
| +-+
| | |
+-+ |
| | |
+-+-+

LO-writer destroys the too large cells.



-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.17.0-3-686-pae (SMP w/3 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR:fr:en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreoffice-writer depends on:
ii  libabw-0.1-1   0.1.2-1
ii  libc6  2.28-10
ii  libe-book-0.1-10.1.3-1+b2
ii  libepubgen-0.1-1   0.1.1-1
ii  libetonyek-0.1-1   0.1.9-1
ii  libgcc11:8.3.0-7
ii  libicu63   63.1-6
ii  liblangtag10.6.2-1
ii  libmwaw-0.3-3  0.3.14-1
ii  libodfgen-0.1-10.1.7-1
ii  libreoffice-base-core  1:6.1.5-3
ii  libreoffice-core   1:6.1.5-3
ii  librevenge-0.0-0   0.0.4-6
ii  libstaroffice-0.0-00.0.6-1
ii  libstdc++6 8.3.0-7
ii  libwpd-0.10-10 0.10.3-1
ii  libwpg-0.3-3   0.3.3-1
ii  libwps-0.4-4   0.4.10-1
ii  libxml22.9.4+dfsg1-7+b3
ii  uno-libs3  6.1.5-3
ii  ure6.1.5-3
ii  zlib1g 1:1.2.11.dfsg-1

Versions of packages libreoffice-writer recommends:
ii  libreoffice-math  1:6.1.5-3

Versions of packages libreoffice-writer suggests:
ii  default-jre [java6-runtime] 2:1.11-71
ii  fonts-crosextra-caladea 20130214-2
ii  fonts-crosextra-carlito 20130920-1
ii  libreoffice-base1:6.1.5-3
ii  libreoffice-java-common 1:6.1.5-3
ii  openjdk-10-jre [java6-runtime]  10.0.2+13-2
ii  openjdk-11-jre [java6-runtime]  11.0.4+2-1
ii  openjdk-8-jre [java6-runtime]   8u212-b01-1
ii  openjdk-9-jre [java6-runtime]   9.0.4+12-4
ii  sun-java6-jre [java6-runtime]   6.26-3

Versions of packages libreoffice-core depends on:
ii  fontconfig2.13.1-2
ii  fonts-opensymbol  2:102.10+LibO6.1.5-3
ii  libboost-date-time1.67.0  1.67.0-13
ii  libboost-locale1.67.0 1.67.0-13
ii  libc6 2.28-10
ii  libcairo2 1.16.0-4
ii  libclucene-contribs1v52.3.3.4+dfsg-1
ii  libclucene-core1v52.3.3.4+dfsg-1
ii  libcmis-0.5-5v5   0.5.2-1
ii  libcups2  2.2.10-6
ii  libcurl3-gnutls   7.64.0-3
ii  libdbus-1-3   1.12.14-1
ii  libdbus-glib-1-2  0.110-4
ii  libdconf1 0.30.1-2
ii  libeot0   0.01-5
ii  libepoxy0 1.5.3-0.1
ii  libexpat1 2.2.6-1
ii  libexttextcat-2.0-0   3.4.5-1
ii  libfontconfig12.13.1-2
ii  libfreetype6  2.9.1-3
ii  libgcc1   1:8.3.0-7
ii  libglib2.0-0  2.58.3-1
ii  libgpgmepp6   1.12.0-6
ii  libgraphite2-31.3.13-7
ii  libharfbuzz-icu0  2.3.1-1
ii  libharfbuzz0b 2.3.1-1
ii  libhunspell-1.7-0 1.7.0-2
ii  libhyphen02.8.8-7
ii  libice6   2:1.0.9-2
ii  libicu63  63.1-6
ii  libjpeg62-turbo   1:1.5.2-2+b1
ii  liblcms2-22.9-3
ii  libldap-2.4-2 2.4.47+dfsg-3
ii  libmythes-1.2-0   2:1.2.4-3
ii  libneon27-gnutls  0.30.2-3
ii  libnspr4  2:4.21-1
ii  libnss3   2:3.42.1-1
ii  libnumbertext-1.0-0   1.0.5-1
ii  libodfgen-0.1-1   0.1.7-1
ii  liborcus-0.14-0   0.14.1-6
ii  libpng16-16   1.6.36-6
ii  libpoppler82  0.71.0-4
ii  librdf0   1.0.17-1.1+b1
ii  libreoffice-common1:6.1.5-3
ii  librevenge-0.0-0  0.0.4-6
ii  libsm62:1.2.3-1
ii  libstdc++68.3.0-7
ii  libx11-6  2:1.6.7-1
ii  libxext6  2:1.3.3-1+b2
ii  libxinerama1  2:1.1.4-2
ii  libxml2   2.9.4+dfsg1-7+b3
ii  libxmlsec11.2.27-2
ii  libxmlsec1-nss1.2.27-2
ii  libxrandr22:1.5.1-1
ii  libxrender1   1:0.9.10-1
ii  libxslt1.11.1.32-2
ii  uno-libs3 6.1.5-3
ii  ure   6.1.5-3
ii  zlib1g1:1.2.11.dfsg-1

Versions of packages libreoffice-core recommends:
ii  libpaper-utils  1.1.26

-- no debconf information

Bug#929462: systemd-journal-remote: systemd-journal-upload user missing

[Michael Biebl]

Control: tags -1 = moreinfo unreproducible
Control: severity -1 normal

Am 24.05.19 um 02:24 schrieb Paul Emmerich:
> Package: systemd-journal-remote
> Version: 241-3
> Severity: grave
> Justification: renders package unusable
> Tags: newcomer
> 
> Dear Maintainer,
> 
> we are maintaining a Debian live image that uses systemd-journal-remote to
> send log files to a log collector. The systemd-journal-upload unit fails
> to start on buster:
> 
> May 22 07:23:34 ceph06 systemd[1]: Starting Journal Remote Upload Service...
> May 22 07:23:34 ceph06 systemd[40869]: systemd-journal-upload.service: Failed 
> to determine user credentials: No such process
> May 22 07:23:34 ceph06 systemd[40869]: systemd-journal-upload.service: Failed 
> at step USER spawning /usr/local/bin/update-journal-configuration.sh: No such 
> process
> 
> It tries to run as user systemd-journal-upload which seems to be missing.

I can't reproduce the problem in a buster VM.
systemd-journal-upload.service uses
DynamicUser, so it is not necessary to allocate a static system user.

Do you have libnss-systemd installed? If not, does it help if you
install it?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#929357: radvd systemd is disabled but runned after installation

[sergio]

On 24/05/2019 08:18, Geert Stappers wrote:

> Please elaborate what the next upload of radvd to the Debian apt archive
> should do different that the current version.


radvd should be enabled so it will be started at boot time

or

it should not not start after the installation


I'm for the first.


-- 
sergio.