Bug#929866: funnelweb FTCBFS: hard codes the build architecture compiler "gcc"

[Helmut Grohne]

Source: funnelweb
Version: 3.2-5
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

funnelweb fails to cross build from source, because debian/rules hard
codes the build architecture compiler. The easiest way of determining
the correct compiler - using dpkg's buildtools.mk - makes funnelweb
cross buildable. Please consider applying the attached patch.

Helmut
diff --minimal -Nru funnelweb-3.2/debian/changelog 
funnelweb-3.2/debian/changelog
--- funnelweb-3.2/debian/changelog  2013-09-08 18:50:14.0 +0200
+++ funnelweb-3.2/debian/changelog  2019-05-28 16:05:02.0 +0200
@@ -1,3 +1,10 @@
+funnelweb (3.2-5.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Seed CC from dpkg's buildtools.mk. (Closes: #-1)
+
+ -- Helmut Grohne   Tue, 28 May 2019 16:05:02 +0200
+
 funnelweb (3.2-5) unstable; urgency=low
 
   * Acknowledge NMUs.
diff --minimal -Nru funnelweb-3.2/debian/rules funnelweb-3.2/debian/rules
--- funnelweb-3.2/debian/rules  2013-09-08 18:48:45.0 +0200
+++ funnelweb-3.2/debian/rules  2019-05-28 16:05:01.0 +0200
@@ -7,7 +7,7 @@
 tmpdir=$(debdir)/$(PACKAGE)
 docdir=$(tmpdir)/usr/share/doc/$(PACKAGE)
 
-CC   ?= gcc
+-include /usr/share/dpkg/buildtools.mk
 CPPFLAGS ?= $(shell dpkg-buildflags --get CPPFLAGS)
 CFLAGS   ?= $(shell dpkg-buildflags --get CFLAGS) -fno-strict-aliasing
 LDFLAGS  ?= $(shell dpkg-buildflags --get LDFLAGS)

Bug#929865: espeakup FTCBFS: does not pass cross tools to make

[Helmut Grohne]

Source: espeakup
Version: 1:0.80-15
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

espeakup fails to cross build from source, because it does not pass
cross tools to make. The easiest way of doing so - using dh_auto_build -
makes espeakup cross buildable. Please consider applying the attached
patch.

Helmut
diff --minimal -Nru espeakup-0.80/debian/changelog 
espeakup-0.80/debian/changelog
--- espeakup-0.80/debian/changelog  2019-05-18 16:37:19.0 +0200
+++ espeakup-0.80/debian/changelog  2019-06-02 07:16:24.0 +0200
@@ -1,3 +1,10 @@
+espeakup (1:0.80-15.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Let dh_auto_build pass cross tools to make. (Closes: #-1)
+
+ -- Helmut Grohne   Sun, 02 Jun 2019 07:16:24 +0200
+
 espeakup (1:0.80-15) unstable; urgency=medium
 
   * debian/espeakup-udeb.start: Wait longer for sound cards...
diff --minimal -Nru espeakup-0.80/debian/rules espeakup-0.80/debian/rules
--- espeakup-0.80/debian/rules  2019-03-29 19:03:48.0 +0100
+++ espeakup-0.80/debian/rules  2019-06-02 07:16:21.0 +0200
@@ -18,13 +18,13 @@
rm -fr espeakup-udeb
 
 override_dh_auto_build:
-   $(MAKE)
+   dh_auto_build
 
mkdir espeakup-udeb
ln *.c *.h espeakup-udeb/
ln Makefile espeakup-udeb/
 
-   CPPFLAGS="" CFLAGS="$(UDEB_CFLAGS)" $(MAKE) -C espeakup-udeb 
LDLIBS="$(UDEB_LDLIBS)" LDFLAGS="$(UDEB_LDFLAGS)"
+   CPPFLAGS="" CFLAGS="$(UDEB_CFLAGS)" dh_auto_build 
--sourcedirectory=espeakup-udeb -- LDLIBS="$(UDEB_LDLIBS)" 
LDFLAGS="$(UDEB_LDFLAGS)"
 
 override_dh_auto_install:
$(MAKE) install DESTDIR=`pwd`/debian/espeakup PREFIX=/usr

Bug#929864: mirror submission for debianmirror.una.ac.cr

[Maykol Phillips]

Package: mirrors
Severity: wishlist
User: mirr...@packages.debian.org
Usertags: mirror-submission

Submission-Type: new
Site: debianmirror.una.ac.cr
Type: leaf
Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 
kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
Archive-http: /debian/
Maintainer: Maykol Phillips 
Country: CR Costa Rica
Location: Heredia




Trace Url: http://debianmirror.una.ac.cr/debian/project/trace/
Trace Url: 
http://debianmirror.una.ac.cr/debian/project/trace/ftp-master.debian.org
Trace Url: 
http://debianmirror.una.ac.cr/debian/project/trace/debianmirror.una.ac.cr

Bug#918590:

[Wendi Barnaby]

Bug#929863: autofs: Unit file uses /var/run

[John Eikenberry]

Package: autofs
Version: 5.1.2-4
Severity: minor

While working on another issue, I triggered a systemd reload while tailing the
logs and saw this...

Jun  1 21:26:51 ivanova systemd[1]: Reloading.
Jun  1 21:26:51 ivanova systemd[1]: /lib/systemd/system/autofs.service:7: 
PIDFile= references path below legacy directory /var/run/, updating 
/var/run/autofs.pid → /run/autofs.pid; please update the unit file accordingly.

Indeed, /lib/systemd/system/autofs.service does have a /var/run reference in
it's ExecStart line..

[~]grep var/run /lib/systemd/system/autofs.service
PIDFile=/var/run/autofs.pid
ExecStart=/usr/sbin/automount $OPTIONS --pid-file /var/run/autofs.pid


-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages autofs depends on:
ii  libc62.28-10
ii  libxml2  2.9.4+dfsg1-7+b3
ii  ucf  3.0038+nmu1

Versions of packages autofs recommends:
ii  e2fsprogs   1.44.5-1
ii  kmod26-1
ii  nfs-common  1:1.3.4-2.5

autofs suggests no packages.

-- no debconf information

-- 

John Eikenberry
[ j...@zhar.net - http://zhar.net ]

"Perfection is attained, not when no more can be added, but when no more
 can be removed." -- Antoine de Saint-Exupery

Bug#929846: firefox: Fails to load https sites after today's upgrade to 67.0-3

[jim_p]

Package: firefox
Version: 67.0-3
Followup-For: Bug #929846

Upgrading libnss3 to 3.44 of unstable did fix the issue, so please add it as
dependency, like "libnss3 (>= 2:3.44)".

Also, I did not get your suggestion about setting
network.http.spdy.enabled.http2 to false. Is it a security concern?
Obviously none of the servers I am connecting to has a problem, because all
other browsers connect just fine. And I am still connected on the same network
I have been in the last 10+ years.



-- Package-specific info:

-- Extensions information
Name: Firefox Monitor
Location: /usr/lib/firefox/browser/features/fxmoni...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: Firefox Screenshots
Location: /usr/lib/firefox/browser/features/screensh...@mozilla.org.xpi
Package: firefox
Status: user-disabled

Name: Form Autofill
Location: /usr/lib/firefox/browser/features/formautof...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: uBlock Origin
Location: ${PROFILE_EXTENSIONS}/ublo...@raymondhill.net.xpi
Status: enabled

Name: Video DownloadHelper
Location: ${PROFILE_EXTENSIONS}/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Status: enabled

Name: Web Compat
Location: /usr/lib/firefox/browser/features/webcom...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: WebCompat Reporter
Location: /usr/lib/firefox/browser/features/webcompat-repor...@mozilla.org.xpi
Package: firefox
Status: user-disabled

-- Plugins information
Name: Shockwave Flash (32.0.0.192)
Location: /usr/lib/flashplayer-mozilla/libflashplayer.so
Package: flashplayer-mozilla
Status: disabled


-- Addons package information
ii  firefox 67.0-3amd64Mozilla Firefox web 
browser
ii  flashplayer-mozilla 3:32.0.0.192-dmo2 amd64Adobe Flash Player

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox depends on:
ii  debianutils   4.8.6.1
ii  fontconfig2.13.1-2
ii  libasound21.1.8-1
ii  libatk1.0-0   2.30.0-2
ii  libc6 2.28-10
ii  libcairo-gobject2 1.16.0-4
ii  libcairo2 1.16.0-4
ii  libdbus-1-3   1.12.12-1
ii  libdbus-glib-1-2  0.110-4
ii  libevent-2.1-62.1.8-stable-4
ii  libffi6   3.2.1-9
ii  libfontconfig12.13.1-2
ii  libfreetype6  2.9.1-3
ii  libgcc1   1:8.3.0-6
ii  libgdk-pixbuf2.0-02.38.1+dfsg-1
ii  libglib2.0-0  2.58.3-1
ii  libgtk-3-03.24.5-1
ii  libjsoncpp1   1.7.4-3
ii  libnspr4  2:4.21-1
ii  libnss3   2:3.44-1
ii  libpango-1.0-01.42.4-6
ii  libsqlite3-0  3.27.2-2
ii  libstartup-notification0  0.12-6
ii  libstdc++68.3.0-6
ii  libvpx5   1.7.0-3
ii  libx11-6  2:1.6.7-1
ii  libx11-xcb1   2:1.6.7-1
ii  libxcb-shm0   1.13.1-2
ii  libxcb1   1.13.1-2
ii  libxcomposite11:0.4.4-2
ii  libxdamage1   1:1.1.4-3+b3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes31:5.0.3-1
ii  libxrender1   1:0.9.10-1
ii  libxt61:1.1.5-1+b3
ii  procps2:3.3.15-2
ii  zlib1g1:1.2.11.dfsg-1

Versions of packages firefox recommends:
ii  libavcodec58  10:4.1.3-dmo1

Versions of packages firefox suggests:
pn  fonts-lmodern  
pn  fonts-stix | otf-stix  
ii  libcanberra0   0.30-7
ii  libgssapi-krb5-2   1.17-2
ii  libgtk2.0-02.24.32-3
pn  pulseaudio 

-- no debconf information

Bug#929862: x11proto-dev: core protocol spec

[Kevin Ryde]

Package: x11proto-dev
Version: 2018.4-4
Severity: wishlist

It'd be good if x11proto-dev included the core protocol spec
x11protocol.txt alongside the various extension .txt specs.
It isn't hiding elsewhere is it?, in which case a cross-ref.

x11proto-dev says Provides x11proto-core-dev where x11protocol.txt
last lived, which had me thinking to find it there.

Bug#929846: firefox: Fails to load https sites after today's upgrade to 67.0-3

[Edward Shornock]

On Sun, 2 Jun 2019 07:24:04 +0900 Mike Hommey  wrote:
> On Sat, Jun 01, 2019 at 07:59:24PM +0300, jim_p wrote:
> > Package: firefox
> > Version: 67.0-3
> > Severity: normal
> >
> > Dear Maintainer,
> >
> > After today's update to 67.0-3, firefox fails to open every https
site, popping
> > up the "NS_ERROR_NET_INADEQUATE_SECURITY" error.
> >
> > It was working as it should on 67.0-1 all these days and on 67.0-2
since this
> > morning.
>

> Try upgrading libnss3.


This solved the problem for me.

>
> Mike
>
>

Bug#929861: tkdnd: package is outdated

[Christopher Chavez]

Package: tkdnd
Version: 2.6-1.1

tkdnd in Debian is currently at version 2.6, which was released in 2012.
The latest upstream release is 2.9.2, released this year (2019). The
source code is available from GitHub:

https://github.com/petasis/tkdnd/releases

It would be great if this package can be updated. Thanks!

Bug#929860: apt-get hangs forever when invoked via timeout

[Martin Olsson]

Package: apt
Version: 1.4.9

Hi!
I've found a reproduceable bug when using 'apt-get' together with
'timeout' within a shell.

How to reproduce:

I install a system using the debian-9.9.0-amd64-xfce-CD-1.iso.
I don't install anything at all except a ssh-server (not even any
sys-utils, just the base OS and sshd).
I login and create this script /root/foo.sh:   ('bc' can be replaced
with any package)

  #!/bin/sh
  timeout 1m apt-get -y -qq install bc

I run 'chmod 755 /root/foo.sh' and then execute it:
# /root/foo.sh
Selecting previously unselected package bc.
(Reading database ... 18047 files and directories currently installed.)
Preparing to unpack .../bc_1.06.95-9+b3_amd64.deb ...
Unpacking bc (1.06.95-9+b3) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up bc (1.06.95-9+b3) ...

Here it freezes!
Nothing more happens, and it would hang forever if not my timeout
expired after a minute, making foo.sh continue.
foo.sh has nothing more to do so it terminates and I get a new prompt.

But for some reason, the tty is no longer echoing my keystrokes!
I blindly run 'echo $?' and get the response "124".
This is the return code from 'timeout' after it killed the apt-get job.


1)
What is happening here? The package is successfully installed but
apt-get never terminates.

2)
Running 'timeout 1m apt-get -y -qq install bc' directly on the
commandline works fine.
Running 'apt-get -y -qq install bc' directly in the foo.sh shell,
without any timeout, works fine.
So why doesn't apt-get terminate when started via 'timeout', when run
inside a shell?

3)
Why is the tty no longer echoing my keystrokes?

4)
I'm pretty sure my install-script in Debian 9.6 worked just fine with
'apt-get' together with 'timeout' within a shell.
That is, 'apt-get' did its job and terminated immediately and sucessfully.
Now when I install a new machine using Debian 9.9 it didn't work as expected.
So I guess the problem was introduced somewhere between Debian 9.6 and 9.9.



Anyhow... I can now reproduce the bug over and over:
I run 'reset' to get a normal tty again, purge the installed 'bc' tool
and then install it again via foo.sh:

# reset
# apt-get -y purge bc
# /root/foo.sh

Again, apt-get hangs after installing 'bc'.



(
Why do I call this a bug and not just an annoyance?
Here's my use-case (that used to work fine):

I have a script that declare a function to add a new APT source,
update and then install a package using that source:

  install_foobar() {
cd /tmp
timeout 1m wget "https://apt.foobar.com/foobar.deb; || return $?
dpkg -i foobar.deb || return $?
timeout 1m apt-get update || return $?
timeout 4m apt-get -y install foobar-agent || return $?
return 0
  }

The function is called by the script, and depending on its exit status
it does things differently:

  install_foobar || touch /root/foobar_install_failed
  if [ ! -f /root/foobar_install_failed ]; then
...perform cleanup...
...disable unnecessary services...
...create a foobar user...
...set permissions...
  fi

Now when the apt-get command timeout instead of exiting normally, code
124 is returned.
This in turn creates the 'foobar_install_failed' file, and the user
and settings, etc are not processed even though the foobar-agent
package was successfully installed.
)

Bug#929859: unblock: speech-dispatcher-contrib/0.9.0-7

[Samuel Thibault]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello,

As reported on Bug#929856, the pico speech synthesis from
speech-dispatcher-pico will not be usable just because the package does
not ship the pico.conf file which used to be shipped by the now-removed
speech-dispatcher-contrib package. This is fixed in version 0.9.0-7 as
shown in attached patch.

(along with a typo fix in the description of the
speech-dispatcher-baratinoo package, which was copied from the kali
package but not fixed accordingly).

Could you unblock this?

unblock speech-dispatcher-contrib/0.9.0-7

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 
'proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 
'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), 
(1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.1.0 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru speech-dispatcher-contrib-0.9.0/debian/changelog 
speech-dispatcher-contrib-0.9.0/debian/changelog
--- speech-dispatcher-contrib-0.9.0/debian/changelog2019-02-21 
19:08:40.0 +0100
+++ speech-dispatcher-contrib-0.9.0/debian/changelog2019-06-02 
00:29:03.0 +0200
@@ -1,3 +1,9 @@
+speech-dispatcher-contrib (0.9.0-7) unstable; urgency=medium
+
+  * speech-dispatcher-pico.install: Ship pico.conf (Closes: Bug#929856).
+
+ -- Samuel Thibault   Sun, 02 Jun 2019 00:29:03 +0200
+
 speech-dispatcher-contrib (0.9.0-6) unstable; urgency=medium
 
   * control: Fix speech-dispatcher-audio-plugins dependency.
diff -Nru speech-dispatcher-contrib-0.9.0/debian/control 
speech-dispatcher-contrib-0.9.0/debian/control
--- speech-dispatcher-contrib-0.9.0/debian/control  2019-02-21 
19:08:40.0 +0100
+++ speech-dispatcher-contrib-0.9.0/debian/control  2019-06-02 
00:29:03.0 +0200
@@ -105,8 +105,8 @@
  independent way, therefore freeing the application programmer from
  having to yet again reinvent the wheel.
  .
- This package contains the output module for the Baratinoo speech synthesizer,
- also called Kali, which needs to be installed separately.
+ This package contains the output module for the Kali speech synthesizer,
+ which needs to be installed separately.
 
 Package: speech-dispatcher-ibmtts
 Architecture: i386
diff -Nru 
speech-dispatcher-contrib-0.9.0/debian/speech-dispatcher-contrib.install 
speech-dispatcher-contrib-0.9.0/debian/speech-dispatcher-contrib.install
--- speech-dispatcher-contrib-0.9.0/debian/speech-dispatcher-contrib.install
2019-01-01 20:55:13.0 +0100
+++ speech-dispatcher-contrib-0.9.0/debian/speech-dispatcher-contrib.install
1970-01-01 01:00:00.0 +0100
@@ -1,3 +0,0 @@
-/usr/lib/speech-dispatcher-modules/sd_pico
-/usr/share/speech-dispatcher/conf/modules/pico.conf
-/etc/speech-dispatcher/modules/pico.conf
diff -Nru speech-dispatcher-contrib-0.9.0/debian/speech-dispatcher-pico.install 
speech-dispatcher-contrib-0.9.0/debian/speech-dispatcher-pico.install
--- speech-dispatcher-contrib-0.9.0/debian/speech-dispatcher-pico.install   
2019-01-26 20:40:14.0 +0100
+++ speech-dispatcher-contrib-0.9.0/debian/speech-dispatcher-pico.install   
2019-06-02 00:10:33.0 +0200
@@ -1 +1,3 @@
 usr/lib/speech-dispatcher-modules/sd_pico
+usr/share/speech-dispatcher/conf/modules/pico.conf
+etc/speech-dispatcher/modules/pico.conf

Bug#929858: RFP: node-evacuated-eslint-plugin-eslint-plugin -- An ESLint plugin for linting ESLint plugins

[Jeff Cliff]

Package: wnpp
Severity: wishlist

* Package name: node-evacuated-eslint-plugin-eslint-plugin
  Version : 1.4.0
  Upstream Author : Teddy Katz
* URL : 
http://cmyhduydktnean34wvcvs2ezfb2yvtesw3tm3bpetlem3bs22mvqo4qd.onion/
* License : MIT
  Programming Lang: javascript
  Description : An ESLint plugin for linting ESLint plugins

A linter is a tool that analyzes source code to flag programming errors, bugs, 
stylistic errors, and suspicious constructs.

node-evacuated-eslint-plugin-eslint-plugin is a plugin for linting Eslint 
plugins.  It also is an Eslint plugin itself.

node-evacuated-eslint-plugin-eslint-plugin has been evacuated from 
NSA/Microsoft github.

node-evacuated-eslint-plugin-eslint-plugin is a tool used in the eslint build 
process.

Bug#929841: crda: Failed to set regulatory domain: -7

[Ben Hutchings]

Control: tag -1 unreproducible moreinfo
Control: severity -1 normal

On Sat, 2019-06-01 at 17:11 +0200, Thorsten Glaser wrote:
> Package: crda
> Version: 3.18-1
> Severity: serious
> Justification: fails
> 
> tglase@tglase-nb:~ $ fgrep -i -e crda -e regdom /var/log/syslog
> Jun  1 17:06:26 tglase-nb vmunix: [   32.679951] systemd-udevd[2262]: Process 
> '/sbin/crda' failed with exit code 255.

Well, it works for me.  What does "iw reg get" report?

> tglase@tglase-nb:~ $ sudo cleanenv / COUNTRY=DE /sbin/crda
> Failed to set regulatory domain: -7
> 
> When called manually, its errorlevel is 249 though, not 255.
> 
> Note: “cleanenv /” does
>  cd /; /usr/bin/env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin HOME=/ "$@"

The kernel rejects unsolicited regulatory information, and that's not a
bug.

Ben.

-- 
Ben Hutchings
Experience is what causes a person to make new mistakes
instead of old ones.



signature.asc
Description: This is a digitally signed message part

Bug#929846: firefox: Fails to load https sites after today's upgrade to 67.0-3

[Mike Hommey]

On Sat, Jun 01, 2019 at 07:59:24PM +0300, jim_p wrote:
> Package: firefox
> Version: 67.0-3
> Severity: normal
> 
> Dear Maintainer,
> 
> After today's update to 67.0-3, firefox fails to open every https site, 
> popping
> up the "NS_ERROR_NET_INADEQUATE_SECURITY" error.
> 
> It was working as it should on 67.0-1 all these days and on 67.0-2 since this
> morning.

Try upgrading libnss3.

Mike

Bug#929846: firefox: Fails to load https sites after today's upgrade to 67.0-3

[Mike Hommey]

On Sat, Jun 01, 2019 at 08:48:39PM +0300, jim_p wrote:
> Package: firefox
> Version: 67.0-3
> Followup-For: Bug #929846
> 
> Setting network.http.spdy.enabled.http2 to false in about:config resolves the
> issue.

This would suggest a problem on the server you're connecting to, or
worse, on the network you're connected to.

Mike

Bug#929857: libkqueue0: fails to emulate close-on-fork or close-on-exec behavior of native kqueue

[Eric Wong]

Package: libkqueue0
Version: 2.0.3-1.1
Severity: normal
Tags: upstream

Native kqueue (tested on FreeBSD 11.2) has close-on-fork and
close-on-exec behavior.  libkqueue should follow it.

Close-on-exec is easy to do on epoll via epoll_create1
(or fcntl on Linux <2.6.27)

Close-on-fork will require pthread_atfork use.

Bug#929781: rkt: CVE-2019-10144 CVE-2019-10145 CVE-2019-10147

[Dmitry Smirnov]

On Friday, 31 May 2019 4:46:08 PM AEST Salvatore Bonaccorso wrote:
> The following vulnerabilities were published for rkt.
> 
> CVE-2019-10144[0]:
> rkt: processes run with `rkt enter` are given all capabilities during stage
> 2
> 
> CVE-2019-10145[1]:
> processes run with rkt enter do not have seccomp filtering during stage 2
> 
> CVE-2019-10147[2]:
> processes run with rkt enter are not limited by cgroups during stage 2

I do not understand how this is a vulnerability. rkt enter is an interactive 
root-only command (requires sudo or root access). IMHO interactive root 
session started by admin (e.g. to enter container for inspection, etc.) 
should not be restricted.

-- 
Best wishes,
 Dmitry Smirnov.

---

Lying is, almost by definition, a refusal to cooperate with others. It
condenses a lack of trust and trustworthiness into a single act. It is both
a failure of understanding and an unwillingness to be understood. To lie is
to recoil from relationship.
-- Sam Harris



signature.asc
Description: This is a digitally signed message part.

Bug#929856: speech-dispatcher-pico: Does not start at all by default due to missing pico.conf

[Samuel Thibault]

Package: speech-dispatcher-pico
Version: 0.9.1-1
Severity: important
Tags: a11y
Justification: renders package unusable

Hello,

On migration from the speech-dispatcher-contrib package to the
speech-dispatcher-pico package, the pico.conf was forgotten, and thus
even after installing the package, the pico voice does not show up in
choices, and the user has to create a pico.conf configuration file for
the pico voice to show up.

Samuel

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 
'proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 
'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), 
(1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.1.0 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages speech-dispatcher-pico depends on:
ii  libc6  2.28-10
ii  libdotconf01.3-0.3
ii  libglib2.0-0   2.58.3-1
ii  libltdl7   2.4.6-9
ii  libsndfile11.0.28-6
ii  libttspico01.0+git20130326-9
ii  speech-dispatcher  0.9.1-1

speech-dispatcher-pico recommends no packages.

speech-dispatcher-pico suggests no packages.

-- no debconf information

-- 
Samuel
/*
 * [...] Note that 120 sec is defined in the protocol as the maximum
 * possible RTT.  I guess we'll have to use something other than TCP
 * to talk to the University of Mars.
 * PAWS allows us longer timeouts and large windows, so once implemented
 * ftp to mars will work nicely.
 */
(from /usr/src/linux/net/inet/tcp.c, concerning RTT [retransmission timeout])

Bug#929855: unblock: libheif/1.3.2-2

[Reinhard Tartler]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libheif to address CVE-2019-11471, aka #928210 in 
Debian/buster.

unblock libheif/1.3.2-2


debdiff follows:


diff --git a/debian/changelog b/debian/changelog
index 9452979..23246df 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libheif (1.3.2-2) unstable; urgency=medium
+
+  * Team Upload
+  
+  [ Dylan Aïssi ]
+  * Add patch to fix CVE-2019-11471, Closes: #928210
+
+ -- Reinhard Tartler   Sat, 01 Jun 2019 17:56:05 -0400
+
 libheif (1.3.2-1) unstable; urgency=medium
 
   * Imported Upstream version 1.3.2
diff --git a/debian/patches/CVE-2019-11471.patch 
b/debian/patches/CVE-2019-11471.patch
new file mode 100644
index 000..767bb45
--- /dev/null
+++ b/debian/patches/CVE-2019-11471.patch
@@ -0,0 +1,60 @@
+Author: Joachim Bauch 
+Description: Fix CVE-2019-11471
+ Detect and handle recursive image references.
+ Detect non-existing referenced alpha images.
+ Detect non-existing referenced depth images.
+Origin: upstream, 
https://github.com/strukturag/libheif/commit/e89fbbe0705a4b8e755f148fd4c4c84007295d16
+  
https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014
+  
https://github.com/strukturag/libheif/commit/5a9b7f7564e158c6339f6d78a77de23720b15afd
+Bug: https://github.com/strukturag/libheif/issues/123
+ https://github.com/strukturag/libheif/issues/125
+Bug-Debian: https://bugs.debian.org/928210
+
+--- a/libheif/heif_context.cc
 b/libheif/heif_context.cc
+@@ -520,6 +520,11 @@
+"Thumbnail references another thumbnail");
+ }
+ 
++if (image.get() == master_iter->second.get()) {
++  return Error(heif_error_Invalid_input,
++   heif_suberror_Nonexisting_item_referenced,
++   "Recursive thumbnail image detected");
++}
+ master_iter->second->add_thumbnail(image);
+ 
+ remove_top_level_image(image);
+@@ -566,6 +571,16 @@
+   image->set_is_alpha_channel_of(refs[0]);
+ 
+   auto master_iter = m_all_images.find(refs[0]);
++if (master_iter == m_all_images.end()) {
++  return Error(heif_error_Invalid_input,
++   heif_suberror_Nonexisting_item_referenced,
++   "Non-existing alpha image referenced");
++}
++if (image.get() == master_iter->second.get()) {
++  return Error(heif_error_Invalid_input,
++   heif_suberror_Nonexisting_item_referenced,
++   "Recursive alpha image detected");
++}
+   master_iter->second->set_alpha_channel(image);
+ }
+ 
+@@ -576,6 +591,16 @@
+   image->set_is_depth_channel_of(refs[0]);
+ 
+   auto master_iter = m_all_images.find(refs[0]);
++if (master_iter == m_all_images.end()) {
++  return Error(heif_error_Invalid_input,
++   heif_suberror_Nonexisting_item_referenced,
++   "Non-existing depth image referenced");
++}
++if (image.get() == master_iter->second.get()) {
++  return Error(heif_error_Invalid_input,
++   heif_suberror_Nonexisting_item_referenced,
++   "Recursive depth image detected");
++}
+   master_iter->second->set_depth_channel(image);
+ 
+   auto subtypes = auxC_property->get_subtypes();
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..acd8abf
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2019-11471.patch

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#919704: fixed in distcc 3.3.2-6

[Jason Rhinelander]

On Sat, 19 Jan 2019 09:20:31 + Christian Marillat 
 wrote:

Source: distcc
Source-Version: 3.3.2-6

We believe that the bug you reported is fixed in the latest version of
distcc, which is due to be installed in the Debian FTP archive.


It looks like my previous message that reopened this bug got hidden by 
the PTS.  I reopened this because 3.3.2-8 reverted the fix: thus distcc 
doesn't work again with most of the compilers I have installed (e.g. 
clang, cross compilers).


If using the upstream Python version is not an option then please fix 
the existing script to include more compilers.



Jason Rhinelander

Bug#929854: Fails to load most HTTPS websites with error "NS_ERROR_NET_INADEQUATE_SECURITY"

[Lennart Heinrich]

Package: firefox
Version: 67.0-3
Severity: grave
Justification: renders package unusable

Dear Maintainer,

When opening a website using the HTTPS protocol many sites don't work
correctly or may not even load.
Firefox shows the error code "NS_ERROR_NET_INADEQUATE_SECURITY" when
opening pages such as "https://www.google.com;,
"https://www.amazon.com;, "https://doc.rust-lang.org; or
"https://github.githubassets.com;.
Many other pages such as "https://github.com;, "https://twitter.com; or
"https://www.twitch.tv; don't work correctly, because CSS, JavaScript or
other assets can not be loaded.
That problem happens since firefox-67.0-3, but did not happen before
with firefox-67.0-2 or earlier.

-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firefox depends on:
ii  debianutils   4.8.6.1
ii  fontconfig    2.13.1-2
ii  libasound2    1.1.8-1
ii  libatk1.0-0   2.30.0-2
ii  libc6 2.28-10
ii  libcairo-gobject2 1.16.0-4
ii  libcairo2 1.16.0-4
ii  libdbus-1-3   1.12.12-1
ii  libdbus-glib-1-2  0.110-4
ii  libevent-2.1-6    2.1.8-stable-4
ii  libffi6   3.2.1-9
ii  libfontconfig1    2.13.1-2
ii  libfreetype6  2.9.1-3
ii  libgcc1   1:8.3.0-6
ii  libgdk-pixbuf2.0-0    2.38.1+dfsg-1
ii  libglib2.0-0  2.58.3-1
ii  libgtk-3-0    3.24.5-1
ii  libjsoncpp1   1.7.4-3
ii  libnspr4  2:4.21-1
ii  libnss3   2:3.42.1-1
ii  libpango-1.0-0    1.42.4-6
ii  libsqlite3-0  3.27.2-2
ii  libstartup-notification0  0.12-6
ii  libstdc++6    8.3.0-6
ii  libvpx5   1.7.0-3
ii  libx11-6  2:1.6.7-1
ii  libx11-xcb1   2:1.6.7-1
ii  libxcb-shm0   1.13.1-2
ii  libxcb1   1.13.1-2
ii  libxcomposite1    1:0.4.4-2
ii  libxdamage1   1:1.1.4-3+b3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes3    1:5.0.3-1
ii  libxrender1   1:0.9.10-1
ii  libxt6    1:1.1.5-1+b3
ii  procps    2:3.3.15-2
ii  zlib1g    1:1.2.11.dfsg-1

Versions of packages firefox recommends:
ii  libavcodec58  7:4.1.3-1

Versions of packages firefox suggests:
pn  fonts-lmodern  
pn  fonts-stix | otf-stix  
ii  libcanberra0   0.30-7
ii  libgssapi-krb5-2   1.17-2
ii  libgtk2.0-0    2.24.32-3
ii  pulseaudio 12.2-4

-- no debconf information

Bug#929467: RFS: tfortune-1.0.0 [ITP]

[Andre Noll]

On Sat, Jun 01, 16:46, Alexis Murzeau wrote
> I think Adam meant to not implement low level makefile targets yourself,
> but use dh like this:
> ```
> #!/usr/bin/make -f
> 
> export DEB_BUILD_MAINT_OPTIONS = hardening=+all
> %:
> dh $@
> 
> override_dh_auto_configure:
> dh_auto_configure -- \
>   --bindir=\$${prefix}/games \
>   --datadir=\$${prefix}/share/games
> ```

That's indeed much simpler and seems to work as well. Thanks for
pointing this out!

Adam, do you want me to provide v3 with debian/rules changed to
something like the above?

Note, however, that building with the simple debian/rules file prints a
warning because dh_auto_configure seems to add --disable-silent-rules,
--disable-maintainer-mode and --disable-dependency-tracking to the
configure command line, which tfortune's configure doesn't know.

This seems to be a common problem. One solution is to call configure
directly, as recommended in the dh_auto_configure man page. Another way
to avoid the warning is to provide noop-stubs for the three options
in configure.ac. I'd prefer to call configure directly because this
is a bit simpler and touches only debian/rules. Opinions anybody?

Best
Andre
-- 
Max Planck Institute for Developmental Biology
Max-Planck-Ring 5, 72076 Tübingen, Germany. Phone: (+49) 7071 601 829
http://people.tuebingen.mpg.de/maan/


signature.asc
Description: PGP signature

Bug#928170: chrony: grant access rights only to the ntp_signd socket

[Vincent Blut]

Control: retitle -1 chrony: grant access rights only to the ntp_signd socket
Control: severity -1 normal
Control: tags -1 - moreinfo

Hi,

On Thu, May 16, 2019 at 04:24:59PM +0200, L. van Belle wrote:

Hai Vincent,

Yes, that is correct.

/var/lib/samba/ntp_signd/socket rw,

Is sufficient.


Great, thank you Louis!


Greetz,

Louis


Cheers,
Vincent


signature.asc
Description: PGP signature

Bug#929853: unblock: golang-github-spf13-viper/1.3.2+really1.3.1-1

[Dr. Tobias Quathamer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package golang-github-spf13-viper

This is part of the effort to re-sync golang package versions in
unstable and testing, see https://bugs.debian.org/928227

unblock golang-github-spf13-viper/1.3.2+really1.3.1-1

Regards,
Tobias
diff -Nru golang-github-spf13-viper-1.3.1/debian/changelog golang-github-spf13-viper-1.3.2+really1.3.1/debian/changelog
--- golang-github-spf13-viper-1.3.1/debian/changelog	2018-12-24 13:29:43.0 +0100
+++ golang-github-spf13-viper-1.3.2+really1.3.1/debian/changelog	2019-06-01 23:09:21.0 +0200
@@ -1,3 +1,28 @@
+golang-github-spf13-viper (1.3.2+really1.3.1-1) unstable; urgency=medium
+
+  * Team upload.
+  * Revert all changes between 1.3.2-2 and 1.3.1-1.
+See https://bugs.debian.org/928227 for a rationale.
+
+ -- Dr. Tobias Quathamer   Sat, 01 Jun 2019 23:09:21 +0200
+
+golang-github-spf13-viper (1.3.2-2) unstable; urgency=medium
+
+  * Use GetInt64 for largenum in viper_test.go to fix "constant
+765432101234567 overflows int" regression error on 32-bit platforms.
+See https://github.com/spf13/viper/issues/704 for more information.
+  * Build-Depends on dh-golang (>= 1.39~) for go.mod and go.sum inclusion
+instead of my previous use of DH_GOLANG_INSTALL_EXTRA.
+
+ -- Anthony Fok   Fri, 24 May 2019 13:00:09 -0600
+
+golang-github-spf13-viper (1.3.2-1) unstable; urgency=medium
+
+  * New upstream version 1.3.2
+  * Bump Standards-Version to 4.3.0 (no change)
+
+ -- Anthony Fok   Sun, 14 Apr 2019 03:44:26 -0600
+
 golang-github-spf13-viper (1.3.1-1) unstable; urgency=medium
 
   * New upstream version 1.3.1


signature.asc
Description: OpenPGP digital signature

Bug#924487: swig3.0-examples: Install all examples

[Torsten Landschoff]

Am 2019-03-13 14:32, schrieb Hilko Bengen:

Replacing debian/swig3.0-examples.examples with the single line
,
| Examples/*
`

will lead to the Go examples being installed along with a bunch of 
other

missing examples.


I actually wonder why on earth I listed the subfolders in the .examples 
dh file. :facepalm:


Will change as suggested.

Greetings, Torsten

Bug#920734: swig FTCBFS: does not pass --host to ./configure

[Torsten Landschoff]

Am 2019-01-28 17:26, schrieb Helmut Grohne:


swig fails to cross build from source, because it does not pass --host
to ./configure. The easiest way of doing so is letting 
dh_auto_configure

do it. That is sufficient to make swig cross buildable. Please consider
applying the attached patch.



That makes sense. Thanks for the patch! I will merge it for the next 
upload.


Greetings, Torsten

Bug#929738: [Debian GNUstep maintainers] Bug#929738: gnumail.app: gnumail freezes when i click 'info > preferences'

[Svetlana Tkachenko]

I also experience the same issue with gworkspace, clicking info > preferences 
does not open the preferences dialog. The ui continues to be responsive (i.e. 
it does not freeze).

Bug#929852: Acknowledgement (unblock: golang-github-pelletier-go-toml/1.4.0+really1.2.0-1)

[Dr. Tobias Quathamer]

... forgot the debdiff.

Regards,
Tobias
diff -Nru golang-github-pelletier-go-toml-1.2.0/debian/changelog golang-github-pelletier-go-toml-1.4.0+really1.2.0/debian/changelog
--- golang-github-pelletier-go-toml-1.2.0/debian/changelog	2018-08-24 23:19:54.0 +0200
+++ golang-github-pelletier-go-toml-1.4.0+really1.2.0/debian/changelog	2019-06-01 22:46:03.0 +0200
@@ -1,3 +1,21 @@
+golang-github-pelletier-go-toml (1.4.0+really1.2.0-1) unstable; urgency=medium
+
+  * Revert all changes between 1.2.0-1 and 1.4.0-1.
+See https://bugs.debian.org/928227 for a rationale.
+
+ -- Dr. Tobias Quathamer   Sat, 01 Jun 2019 22:46:03 +0200
+
+golang-github-pelletier-go-toml (1.4.0-1) unstable; urgency=medium
+
+  * New upstream version 1.4.0
+  * Update Maintainer email address to team+pkg...@tracker.debian.org
+  * Bump Standards-Version to 4.3.0 (no change)
+  * Update copyright years in debian/copyright
+  * Include all *.toml files as test fixtures
+  * Fix package description on currently supported TOML version 0.4.0
+
+ -- Anthony Fok   Fri, 24 May 2019 11:50:02 -0600
+
 golang-github-pelletier-go-toml (1.2.0-1) unstable; urgency=medium
 
   [ Alexandre Viau ]


signature.asc
Description: OpenPGP digital signature

Bug#929852: unblock: golang-github-pelletier-go-toml/1.4.0+really1.2.0-1

[Dr. Tobias Quathamer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package golang-github-pelletier-go-toml

This is part of the effort to re-sync golang package versions in
unstable and testing, see https://bugs.debian.org/928227

unblock golang-github-pelletier-go-toml/1.4.0+really1.2.0-1

Regards,
Tobias



signature.asc
Description: OpenPGP digital signature

Bug#929851: unblock: golang-github-alecthomas-chroma/0.6.3+really0.6.2-1

[Dr. Tobias Quathamer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package golang-github-alecthomas-chroma

This is part of the effort to re-sync golang package versions in
unstable and testing, see https://bugs.debian.org/928227

unblock golang-github-alecthomas-chroma/0.6.3+really0.6.2-1

Regards,
Tobias
diff -Nru golang-github-alecthomas-chroma-0.6.2/debian/changelog golang-github-alecthomas-chroma-0.6.3+really0.6.2/debian/changelog
--- golang-github-alecthomas-chroma-0.6.2/debian/changelog	2019-02-01 19:06:45.0 +0100
+++ golang-github-alecthomas-chroma-0.6.3+really0.6.2/debian/changelog	2019-06-01 22:27:18.0 +0200
@@ -1,3 +1,17 @@
+golang-github-alecthomas-chroma (0.6.3+really0.6.2-1) unstable; urgency=medium
+
+  * Revert all changes between 0.6.3-1 and 0.6.2-1.
+See https://bugs.debian.org/928227 for a rationale.
+
+ -- Dr. Tobias Quathamer   Sat, 01 Jun 2019 22:27:18 +0200
+
+golang-github-alecthomas-chroma (0.6.3-1) unstable; urgency=medium
+
+  * New upstream version 0.6.3
+  * Refresh 0001-Remove-MS-Windows-specific-code.patch
+
+ -- Anthony Fok   Sun, 14 Apr 2019 05:07:42 -0600
+
 golang-github-alecthomas-chroma (0.6.2-1) unstable; urgency=medium
 
   * New upstream version 0.6.2


signature.asc
Description: OpenPGP digital signature

Bug#928956: Document removal of ecryptfs-utils from Buster

[Paul Gevers]

Control: tags -1 patch

Hi all,

On Wed, 15 May 2019 13:00:52 +0100 Justin B Rye
 wrote:
> Daniel Lange wrote:
> >>   * reason for removal
> >> not essential, but it helps to understand the issue
> > #765854
> > ecryptfs cannot unmount encrypted home directories due to systemd keeping
> > the pam session active even after logout.
> > Upstream bug https://github.com/systemd/systemd/issues/8598
> > A work around (user unit file) has not been implemented and tested.
> > 
> >>   * what would be the alternative(s) available in buster
> > there is none
> 
> Does Debian really not provide any alternative mechanisms for
> filesystem encryption that users could switch over to?  A quick "apt
> search" suggests that they could try encfs...
> 
> >>   * is there a (documented) migration path
> > there is none
> 
> Sounds as if someone needs to write one, then.
>  
> > People with ecryptfs should not upgrade to Buster or enable and pin sid
> > repositories where ecryptfs-utils, libecryptfs1 and friends are still
> > available and continue to work (including the unmount bug linked above).
> 
> Is the problem a result of changes in ecryptfs-utils, PAM, systemd, or
> what?  Would upgrading systemd etc to Buster but keeping the Stretch
> version of ecryptfs-utils installed be a better or worse option than
> installing the Sid version?

In absence of other text, I am about to push the attached text to the
release-notes. I hope this isn't the final text, but at least the draft
document now mentions the problem.

Paul
diff --git a/en/issues.dbk b/en/issues.dbk
index 39642a85..481df49b 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -328,6 +328,15 @@ $ sudo update-initramfs -u
 #662960.
   
 
+
+  
+The ecryptfs-utils package
+is not part of buster due to an unfixed serious bug (#765854). At the time of writing this
+paragraph, there wasn't a clear advice to people with encryptfs,
+except not upgrading.
+  
+
   
 
   


signature.asc
Description: OpenPGP digital signature

Bug#928987: compiz: make a compiz-boxmenu package

[Samuel Thibault]

Hello,

boffi, le mar. 14 mai 2019 19:29:14 +0200, a ecrit:
> I'd like to see compiz-boxmenu
> 
> in Debian.

Could you help with this? To be able to create a package I'd need:

- a short description (up to 60 characters)
- a long description (typically a dozen lines)

Samuel

Bug#910124: network-manager-gnome: option to import/export WiFi config as a QR code

[Salvatore Bonaccorso]

hi,

On Fri, May 31, 2019 at 02:57:13PM +0200, Salvatore Bonaccorso wrote:
> Hi Michael,
> 
> Thanks for the heads-up.
> 
> On Fri, May 31, 2019 at 12:26:58PM +0200, Michael Biebl wrote:
> > Am 30.05.19 um 04:36 schrieb Paul Wise:
> > > On Wed, 2019-05-29 at 12:57 +0200, Michael Biebl wrote:
> > > 
> > >>> This has been implemented in 1.8.22.
> > >> This is apparently implemented as well.
> > > 
> > > Thanks for the notice.
> > > 
> > >> https://gitlab.gnome.org/GNOME/network-manager-applet/merge_requests/45
> > > 
> > > This appears to introduce an embedded code copy, you might want to let
> > > the security team know about that once it reaches Debian.
> > 
> > Sure.
> > 
> > Dear security team,
> > network-manager-applet 1.8.22 has been uploaded to experimental. It uses
> > an internal copy of
> > https://www.nayuki.io/page/qr-code-generator-library
> > which afaics is not (yet) packaged for Debian.
> > See
> > https://salsa.debian.org/utopia-team/network-manager-applet/blob/experimental/src/libnma/qrcodegen.c
> 
> Is that the same as src:qr-code-generator as present in unstable, cf.
> https://tracker.debian.org/pkg/qr-code-generator . 
> 
> Is the network-manager-applet embedded copy unmodified? If so it would
> be preferable if network-manager-applet could switch to the system
> one.

So src/libnma/qrcodegen.c in src:network-manager-applet/1.8.22 is the
same c/qrcodegen.c as in src:qr-code-generator/1.4.0 apart whitespace
changes.

Regards,
Salvatore

Bug#929850: buildd.debian.org: possible conflict between the "dhelp" package and the KDE packages on debian buster

[pnd23]

Package: buildd.debian.org
Severity: normal

Dear Maintainer,

KDE packages install their documentation files in /usr/share/doc/HTML on buster
(in debian 8 this was: /usr/share/doc/kde/HTML). The "dhelp" package erases
this folder when it rebuilds its index. The KHelpcenter documentation gets
erased this way.



-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF8, LC_CTYPE=nl_BE.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#929849: buildbot: CVE-2019-12300: OAuth vulnerability in using submitted authorization token for authentication

[Salvatore Bonaccorso]

Source: buildbot
Version: 2.0.1-1
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

The following vulnerability was published for buildbot.

CVE-2019-12300[0]:
| Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted
| authorization token from OAuth and uses it to authenticate a user. If
| an attacker has a token allowing them to read the user details of a
| victim, they can login as the victim.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12300
[1] 
https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication

The affected versions in [1] seem a bit missleading, because 2.x
versions up to 2.3.1 are affected as well, at least  2.0.1-1 as in
buster and sid has the problematic code.

Regards,
Salvatore

Bug#929715: strace: FTBFS: open: /dev/kvm: No such file or directory

[Steve McIntyre]

Control: tags -1 +moreinfo +unreproducible
Control: retitle -1 Bug#929715: strace: FTBFS: failure in lstat tests

Hi Lucas,

On Wed, May 29, 2019 at 04:30:05PM +0200, Lucas Nussbaum wrote:
>Source: strace
>Version: 4.26-0.2
>Severity: serious
>Tags: buster sid
>User: debian...@lists.debian.org
>Usertags: qa-ftbfs-20190529 qa-ftbfs
>Justification: FTBFS in buster on amd64
>
>Hi,
>
>During a rebuild of all packages in buster (in a buster chroot, not a
>sid chroot), your package failed to build on amd64.

Hmmm, that's odd. I've just built the current package in fresh amd64
and i386 chroots here, with no errors. Checking your log, the /dev/kvm
error is not fatal and some tests are skipped without KVM access. The
actual failures that you're seeing are from 4 stat functions, reported
several times due to the build setup:

$ grep ^FAIL: strace_4.26-0.2_testing.log  | less
FAIL: lstat.gen.test
FAIL: stat.gen.test
FAIL: lstat.gen.test
FAIL: trace_lstat.gen.test
FAIL: stat.gen.test
FAIL: trace_stat.gen.test
FAIL: trace_lstat.gen.test
FAIL: trace_stat.gen.test
FAIL: lstat.gen
FAIL: stat.gen
FAIL: trace_lstat.gen
FAIL: trace_stat.gen
FAIL: lstat.gen
FAIL: stat.gen
FAIL: trace_lstat.gen
FAIL: trace_stat.gen

so I've updated the bug title. Checking the log for more details, I'm
just seeing what *looks* like whitespace differences in the test
output. But I don't see it here on my system, which is surprising. Is
there anything at all special about your test setup that I should ba
aware of? I'm pondering if there's maybe a locale setup difference or
something, but that's just a guess OTTOMH...!

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Google-bait:   http://www.debian.org/CD/free-linux-cd
  Debian does NOT ship free CDs. Please do NOT contact the mailing
  lists asking us to send them to you.

Bug#929822: xserver-xorg-video-amdgpu: display stops updating after VT switch

[Ross Vandegrift]

Control: forwarded -1 https://bugs.freedesktop.org/show_bug.cgi?id=110808

Bug#765448: [Pkg-libvirt-maintainers] Bug#765448: libvirt-daemon-system is not installable on non-systemd system

[Guido Günther]

control tags -1 +wontfix

Hi,
On Fri, May 31, 2019 at 07:07:46PM +0300, sergio wrote:
> libvirt-daemon-system is still not installable on non-systemd system due
> to policykit-1 dependency

For the record this is due to policykit-1 -> libpam-systemd ->
systemd-shim | systemd-sysv dependency.

So it *was* installable but isn't since nobody stepped up to maintain
systemd-shim. Fix that and it will work.
 -- Guido

Bug#797096: 161616

[Charles Williams]

Bug#929846: firefox: Fails to load https sites after today's upgrade to 67.0-3

[jim_p]

Package: firefox
Version: 67.0-3
Followup-For: Bug #929846

Setting network.http.spdy.enabled.http2 to false in about:config resolves the
issue.

p.s. I am pretty sure its severity must be upgraded to "grave" and I should
have reported it as "grave" in the first place.



-- Package-specific info:

-- Extensions information
Name: Firefox Monitor
Location: /usr/lib/firefox/browser/features/fxmoni...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: Firefox Screenshots
Location: /usr/lib/firefox/browser/features/screensh...@mozilla.org.xpi
Package: firefox
Status: user-disabled

Name: Form Autofill
Location: /usr/lib/firefox/browser/features/formautof...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: uBlock Origin
Location: ${PROFILE_EXTENSIONS}/ublo...@raymondhill.net.xpi
Status: enabled

Name: Video DownloadHelper
Location: ${PROFILE_EXTENSIONS}/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Status: enabled

Name: Web Compat
Location: /usr/lib/firefox/browser/features/webcom...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: WebCompat Reporter
Location: /usr/lib/firefox/browser/features/webcompat-repor...@mozilla.org.xpi
Package: firefox
Status: user-disabled

-- Plugins information
Name: Shockwave Flash (32.0.0.192)
Location: /usr/lib/flashplayer-mozilla/libflashplayer.so
Package: flashplayer-mozilla
Status: disabled


-- Addons package information
ii  firefox 67.0-3amd64Mozilla Firefox web 
browser
ii  flashplayer-mozilla 3:32.0.0.192-dmo2 amd64Adobe Flash Player

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox depends on:
ii  debianutils   4.8.6.1
ii  fontconfig2.13.1-2
ii  libasound21.1.8-1
ii  libatk1.0-0   2.30.0-2
ii  libc6 2.28-10
ii  libcairo-gobject2 1.16.0-4
ii  libcairo2 1.16.0-4
ii  libdbus-1-3   1.12.12-1
ii  libdbus-glib-1-2  0.110-4
ii  libevent-2.1-62.1.8-stable-4
ii  libffi6   3.2.1-9
ii  libfontconfig12.13.1-2
ii  libfreetype6  2.9.1-3
ii  libgcc1   1:8.3.0-6
ii  libgdk-pixbuf2.0-02.38.1+dfsg-1
ii  libglib2.0-0  2.58.3-1
ii  libgtk-3-03.24.5-1
ii  libjsoncpp1   1.7.4-3
ii  libnspr4  2:4.21-1
ii  libnss3   2:3.42.1-1
ii  libpango-1.0-01.42.4-6
ii  libsqlite3-0  3.27.2-2
ii  libstartup-notification0  0.12-6
ii  libstdc++68.3.0-6
ii  libvpx5   1.7.0-3
ii  libx11-6  2:1.6.7-1
ii  libx11-xcb1   2:1.6.7-1
ii  libxcb-shm0   1.13.1-2
ii  libxcb1   1.13.1-2
ii  libxcomposite11:0.4.4-2
ii  libxdamage1   1:1.1.4-3+b3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes31:5.0.3-1
ii  libxrender1   1:0.9.10-1
ii  libxt61:1.1.5-1+b3
ii  procps2:3.3.15-2
ii  zlib1g1:1.2.11.dfsg-1

Versions of packages firefox recommends:
ii  libavcodec58  10:4.1.3-dmo1

Versions of packages firefox suggests:
pn  fonts-lmodern  
pn  fonts-stix | otf-stix  
ii  libcanberra0   0.30-7
ii  libgssapi-krb5-2   1.17-2
ii  libgtk2.0-02.24.32-3
pn  pulseaudio 

-- no debconf information

Bug#929848: ITP: pplpy -- Python interface to PPL

[Tobias Hansen]

Package: wnpp
Severity: wishlist
Owner: Tobias Hansen 

* Package name: pplpy
  Version : 0.8.4
  Upstream Author : Vincent Delecroix 
* URL : https://gitlab.com/videlec/pplpy
* License : GPL-3+
  Programming Lang: Python
  Description : Python interface to PPL

pplpy is a Python interface to the C++ Parma Polyhedra Library (PPL).

I'm packaging it because it is a dependency of sagemath 8.7.

Bug#929847: xserver-xorg-input-aiptek: Support of Aiptek Hyperpen 12000U as tablet

[Benjamin Tietz]

Package: xserver-xorg-input-aiptek
Version: 1:1.4.1-2+b1
Severity: normal

Dear Maintainer,

after connecting the Aiptek Hyperpen 12000U via USB, it isn't configured
out-of-the-box.

After fixing adding the device the udev hwdb (as in 
https://github.com/systemd/systemd/issues/9834)
xorg recognises the device as a slave-keyboard. To configure this as
tablet using the aiptek driver, a further configuration-file was needed:


/usr/share/X11/xorg.conf.d/70-aiptek.conf
=
Section "InputClass"
Identifier "Aiptek Hyperpen USB tablet class"
MatchUSBID "08ca:*"
MatchDevicePath "/dev/input/event*"
MatchIsTablet "true"
Driver "aiptek"
Option "Type" "stylus"
Option "USB" "on"
Option "Mode" "Absolute"
Option "HistorySize" "2"
Option "XTop" "0"
Option "YTop" "0"
Option "XBottom" "5999"
Option "YBottom" "4499"
Option "XMax" "5999"
Option "YMax" "4499"
Option "XOffset" "0"
Option "YOffset" "0"
Option "XSize" "5999"
Option "YSize" "4499"
Option "ZMin" "10"
Option "ZMax" "127"
EndSection

=

After creating this and restarting the X-server, the device was
recognized correctly.

-- Package-specific info:
X server symlink status:

lrwxrwxrwx 1 root root 13 Feb  9  2014 /etc/X11/X -> /usr/bin/Xorg
-rwxr-xr-x 1 root root 274 Oct 31  2018 /usr/bin/Xorg

VGA-compatible devices on PCI bus:
--
00:02.0 VGA compatible controller [0300]: Intel Corporation Xeon E3-1200 v3/4th 
Gen Core Processor Integrated Graphics Controller [8086:0412] (rev 06)

/etc/X11/xorg.conf does not exist.

/etc/X11/xorg.conf.d does not exist.

/etc/modprobe.d contains no KMS configuration files.

Kernel version (/proc/version):
---
Linux version 4.9.0-9-amd64 (debian-ker...@lists.debian.org) (gcc version 6.3.0 
20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13)

Xorg X server log files on system:
--
-rw-r--r-- 1 root root 69397 Jun  1 18:46 /var/log/Xorg.0.log

Contents of most recent Xorg X server log file (/var/log/Xorg.0.log):
-
[ 85928.532] 
X.Org X Server 1.19.2
Release Date: 2017-03-02
[ 85928.532] X Protocol Version 11, Revision 0
[ 85928.532] Build Operating System: Linux 4.9.0-8-amd64 x86_64 Debian
[ 85928.532] Current Operating System: Linux obelix.dresden.micronet24.de 
4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64
[ 85928.532] Kernel command line: BOOT_IMAGE=/vmlinuz-4.9.0-9-amd64 
root=/dev/mapper/obelix0-root ro quiet
[ 85928.532] Build Date: 03 November 2018  03:09:11AM
[ 85928.532] xorg-server 2:1.19.2-1+deb9u5 (https://www.debian.org/support) 
[ 85928.532] Current version of pixman: 0.34.0
[ 85928.532]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[ 85928.532] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[ 85928.532] (==) Log file: "/var/log/Xorg.0.log", Time: Sat Jun  1 14:04:11 
2019
[ 85928.532] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
[ 85928.532] (==) No Layout section.  Using the first Screen section.
[ 85928.532] (==) No screen section available. Using defaults.
[ 85928.532] (**) |-->Screen "Default Screen Section" (0)
[ 85928.532] (**) |   |-->Monitor ""
[ 85928.532] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[ 85928.532] (==) Automatically adding devices
[ 85928.532] (==) Automatically enabling devices
[ 85928.532] (==) Automatically adding GPU devices
[ 85928.532] (==) Max clients allowed: 256, resource mask: 0x1f
[ 85928.532] (WW) The directory "/usr/share/fonts/X11/cyrillic" does not exist.
[ 85928.532]Entry deleted from font path.
[ 85928.532] (==) FontPath set to:
/usr/share/fonts/X11/misc,
/usr/share/fonts/X11/100dpi/:unscaled,
/usr/share/fonts/X11/75dpi/:unscaled,
/usr/share/fonts/X11/Type1,
/usr/share/fonts/X11/100dpi,
/usr/share/fonts/X11/75dpi,
built-ins
[ 85928.532] (==) ModulePath set to "/usr/lib/xorg/modules"
[ 85928.532] (II) The server relies on udev to provide the list of input 
devices.
If no devices become available, reconfigure udev or disable 
AutoAddDevices.
[ 85928.532] (II) Loader magic: 0x558f7c740e00
[ 85928.532] (II) Module ABI versions:
[ 85928.532]X.Org ANSI C Emulation: 0.4
[ 85928.532]X.Org Video Driver: 23.0
[ 85928.532]X.Org XInput driver : 24.1
[ 85928.532]X.Org Server Extension : 10.0
[ 85928.533] (++) using VT number 7

[ 

Bug#914694:

[Arturo Borrero Gonzalez]

iptables 1.8.3-1~exp1 is already uploaded, currently waiting in the NEW queue.
The upload is for experimental, since the build depends on a newer release of
libnftnl (already in experimental), and we are at a point of the Buster freeze
that I would like to make extra sure I'm allowed to push such a big diff into
unstable.

Hopefully all this will be untangled in the upcoming weeks.

Bug#929846: firefox: Fails to load https sites after today's upgrade to 67.0-3

[jim_p]

Package: firefox
Version: 67.0-3
Severity: normal

Dear Maintainer,

After today's update to 67.0-3, firefox fails to open every https site, popping
up the "NS_ERROR_NET_INADEQUATE_SECURITY" error.

It was working as it should on 67.0-1 all these days and on 67.0-2 since this
morning.



-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox depends on:
ii  debianutils   4.8.6.1
ii  fontconfig2.13.1-2
ii  libasound21.1.8-1
ii  libatk1.0-0   2.30.0-2
ii  libc6 2.28-10
ii  libcairo-gobject2 1.16.0-4
ii  libcairo2 1.16.0-4
ii  libdbus-1-3   1.12.12-1
ii  libdbus-glib-1-2  0.110-4
ii  libevent-2.1-62.1.8-stable-4
ii  libffi6   3.2.1-9
ii  libfontconfig12.13.1-2
ii  libfreetype6  2.9.1-3
ii  libgcc1   1:8.3.0-6
ii  libgdk-pixbuf2.0-02.38.1+dfsg-1
ii  libglib2.0-0  2.58.3-1
ii  libgtk-3-03.24.5-1
ii  libjsoncpp1   1.7.4-3
ii  libnspr4  2:4.21-1
ii  libnss3   2:3.42.1-1
ii  libpango-1.0-01.42.4-6
ii  libsqlite3-0  3.27.2-2
ii  libstartup-notification0  0.12-6
ii  libstdc++68.3.0-6
ii  libvpx5   1.7.0-3
ii  libx11-6  2:1.6.7-1
ii  libx11-xcb1   2:1.6.7-1
ii  libxcb-shm0   1.13.1-2
ii  libxcb1   1.13.1-2
ii  libxcomposite11:0.4.4-2
ii  libxdamage1   1:1.1.4-3+b3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes31:5.0.3-1
ii  libxrender1   1:0.9.10-1
ii  libxt61:1.1.5-1+b3
ii  procps2:3.3.15-2
ii  zlib1g1:1.2.11.dfsg-1

Versions of packages firefox recommends:
ii  libavcodec58  10:4.1.3-dmo1

Versions of packages firefox suggests:
pn  fonts-lmodern  
pn  fonts-stix | otf-stix  
ii  libcanberra0   0.30-7
ii  libgssapi-krb5-2   1.17-2
ii  libgtk2.0-02.24.32-3
pn  pulseaudio 

-- no debconf information

Bug#929845: gnome-software: Removing an application from an app folder does not work

[seb]

Package: gnome-software
Version: 3.30.6-5
Severity: normal

I selected all the installed applications listed in the 'Utilitaires'
application folder to remove them from it. All seemed to be fine as they no
longer have the tag 'Utilitaires' but they are still in the 'Utilitaires' group
when switching to the activity overview.



-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-software depends on:
ii  appstream0.12.5-1
ii  apt-config-icons 0.12.5-1
ii  dconf-gsettings-backend [gsettings-backend]  0.30.1-2
ii  gnome-software-common3.30.6-5
ii  gsettings-desktop-schemas3.28.1-1
ii  libappstream-glib8   0.7.14-1
ii  libatk1.0-0  2.30.0-2
ii  libc62.28-10
ii  libcairo21.16.0-4
ii  libfwupd21.2.5-2
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.58.3-1
ii  libgnome-desktop-3-173.30.2.1-1
ii  libgspell-1-11.6.1-2
ii  libgtk-3-0   3.24.5-1
ii  libgtk3-perl 0.034-2
ii  libgudev-1.0-0   232-2
ii  libjson-glib-1.0-0   1.4.4-2
ii  libpackagekit-glib2-18   1.1.12-5
ii  libpolkit-gobject-1-00.105-25
ii  libsecret-1-00.18.7-1
ii  libsoup2.4-1 2.64.2-2
ii  packagekit   1.1.12-5
ii  software-properties-gtk  0.96.20.2-2

Versions of packages gnome-software recommends:
ii  fwupd  1.2.5-2

Versions of packages gnome-software suggests:
pn  apt-config-icons-hidpi 
pn  gnome-software-plugin-flatpak  
pn  gnome-software-plugin-snap 

-- no debconf information

Bug#926118: Alternative for Re: Bug#926118: unblock: libmspack/0.10.1-1

[Jens Reyer]

control: affects -1 + winetricks cabextract libmspack

Hi,

please find attached a targeted fix for #912687 (libmspack0: Regression
when extracting cabinets using -F option fixed upstream, needs to be
patched).  In my (winetricks maintainer) opinion that is the most
pressing issue with libmspack/buster.

I'm posting this now because I'm really worried about the lack of
progress with this issue.  However as stated before by me in this bug
here, and by the libmspack maintainer in #923885, we both think that
0.10.1-1 is for various reasons better, and better tested and thus risk
free.

About this alternative version here:

+libmspack (0.10.1+really0.8-0.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Revert back to libmspack/0.8-1.
+  * Add build-dependency on quilt.
+  * Add patch from upstream to fix regression when extracting cabinets
+using -F option (Closes: #912687).
+
+ -- Jens Reyer   Sat, 01 Jun 2019 14:32:06 +0200
+


1.) Versioning and targeted suite

This proposal reverts the upstream version back from 0.10 (unstable) to
0.8 (testing), therefore the "new" upstream version 0.10.1+really0.8.
For building I just symlinked the 0.8 orig.tar.

It's based directly on 0.8-1, dropping all debian/ changes (including
the changelog) since then.

So this version should be fine to go via unstable (not sure about the
reverted d/changelog)).

Alternatively we could go via testing-proposed.


2.) Code

I took only the "fix" part from the upstream commit fixing this, but not
the documentation or updated testsuite (which includes changed binaries).

I verified that the issue affecting winetricks is solved.

I assume a fix for #914794 (libmspack fails tests on big endian
architectures (s390x, mips)), reported against 0.9.1-1 is not necessary.
 However if that was caused by a change in the toolchain instead of
changes in the package, I'll also add that fix here.




I'm looking forward to get some feedback from the release team,
preferably by:

unblock libmspack/0.10.1-1

Otherwise please tell us if we should go with this version (targeting
unstable or testing-proposed?), or something else (e.g. filing bugs for
every issue fixed in 0.10.1-1)

Before (if at all) doing any upload I'll of course coordinate it with
the libmspack maintainer.

Greets
jre

diff -Nru libmspack-0.8/debian/changelog libmspack-0.10.1+really0.8/debian/changelog
--- libmspack-0.8/debian/changelog	2018-10-24 03:03:13.0 +0200
+++ libmspack-0.10.1+really0.8/debian/changelog	2019-06-01 14:32:06.0 +0200
@@ -1,3 +1,13 @@
+libmspack (0.10.1+really0.8-0.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Revert back to libmspack/0.8-1.
+  * Add build-dependency on quilt.
+  * Add patch from upstream to fix regression when extracting cabinets
+using -F option (Closes: #912687).
+
+ -- Jens Reyer   Sat, 01 Jun 2019 14:32:06 +0200
+
 libmspack (0.8-1) unstable; urgency=medium
 
   * New upstream release:
diff -Nru libmspack-0.8/debian/control libmspack-0.10.1+really0.8/debian/control
--- libmspack-0.8/debian/control	2018-04-12 12:20:00.0 +0200
+++ libmspack-0.10.1+really0.8/debian/control	2019-06-01 14:32:06.0 +0200
@@ -4,7 +4,7 @@
 Maintainer: Marc Dequènes (Duck) 
 Standards-Version: 4.1.4
 Build-Depends: dpkg-dev (>= 1.16.1.1), debhelper (>= 11)
-Build-Depends-indep: doxygen, graphviz
+Build-Depends-indep: doxygen, graphviz, quilt
 Vcs-Browser: https://salsa.debian.org/debian/libmspack
 Vcs-Git: https://salsa.debian.org/debian/libmspack.git
 Homepage: https://www.cabextract.org.uk/libmspack/
diff -Nru libmspack-0.8/debian/patches/fix-cabd_extract.patch libmspack-0.10.1+really0.8/debian/patches/fix-cabd_extract.patch
--- libmspack-0.8/debian/patches/fix-cabd_extract.patch	1970-01-01 01:00:00.0 +0100
+++ libmspack-0.10.1+really0.8/debian/patches/fix-cabd_extract.patch	2019-06-01 14:32:06.0 +0200
@@ -0,0 +1,22 @@
+Description: Fix regression when extracting cabinets using -F option
+Origin: upstream, https://github.com/kyz/libmspack/commit/2d86d4e70026cd03730ce0b00b12579c2e21620a
+Bug: https://github.com/kyz/libmspack/issues/22
+Bug-Debian: https://bugs.debian.org/912687
+
+--- a/mspack/cabd.c
 b/mspack/cabd.c
+@@ -1125,11 +1125,9 @@ static int cabd_extract(struct mscab_dec
+  *   and pass back MSPACK_ERR_READ
+  */
+ self->d->outfh = NULL;
+-if ((self->d->comp_type & cffoldCOMPTYPE_MASK) != cffoldCOMPTYPE_LZX) {
+-  if ((bytes = file->offset - self->d->offset)) {
+-  error = self->d->decompress(self->d->state, bytes);
+-  self->error = (error == MSPACK_ERR_READ) ? self->read_error : error;
+-  }
++if ((bytes = file->offset - self->d->offset)) {
++error = self->d->decompress(self->d->state, bytes);
++self->error = (error == MSPACK_ERR_READ) ? self->read_error : error;
+ }
+ 
+ /* if getting to the correct offset was error free, unpack file */
diff -Nru libmspack-0.8/debian/patches/series 

Bug#929843: unblock: debian-security-support/2019.06.01

[Holger Levsen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-security-support, it's a translation only
update:

debian-security-support (2019.06.01) unstable; urgency=medium

  * New translations:
- Swedish, thanks to Andreas Ronnquist. Closes: #929401.
- Dutch, thanks to Frans Spiesschaert. Closes: #929809.
  * Translation updates:
- Russian, thanks to Yuri Kozlov. Closes: #929384.
- Japanese, thanks to Shinichi Sakata and victory.
- Portuguese, thanks to Américo Monteiro. Closes: #929404.
- Polish, thanks to Łukasz Dulny.
- Brasilian Portuguese, thanks to Adriano Rafael Gomes. Closes: #929765.
- Italian, thanks to Beatrice Torracca. Closes: #929812.

 -- Holger Levsen   Sat, 01 Jun 2019 17:44:00 +0200

unblock debian-security-support/2019.06.01

The full debdiff is attached.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

we'll all die. make a difference while you can. disobey. smile.
diff -Nru debian-security-support-2019.05.22/debian/changelog debian-security-support-2019.06.01/debian/changelog
--- debian-security-support-2019.05.22/debian/changelog	2019-05-22 14:49:10.0 +0200
+++ debian-security-support-2019.06.01/debian/changelog	2019-06-01 17:44:00.0 +0200
@@ -1,3 +1,18 @@
+debian-security-support (2019.06.01) unstable; urgency=medium
+
+  * New translations:
+- Swedish, thanks to Andreas Ronnquist. Closes: #929401.
+- Dutch, thanks to Frans Spiesschaert. Closes: #929809.
+  * Translation updates:
+- Russian, thanks to Yuri Kozlov. Closes: #929384.
+- Japanese, thanks to Shinichi Sakata and victory.
+- Portuguese, thanks to Américo Monteiro. Closes: #929404.
+- Polish, thanks to Łukasz Dulny.
+- Brasilian Portuguese, thanks to Adriano Rafael Gomes. Closes: #929765.
+- Italian, thanks to Beatrice Torracca. Closes: #929812.
+
+ -- Holger Levsen   Sat, 01 Jun 2019 17:44:00 +0200
+
 debian-security-support (2019.05.22) unstable; urgency=medium
 
   * Mark jasperreports as end-of-life in Stretch as well. Closes: #884907.
diff -Nru debian-security-support-2019.05.22/po/it.po debian-security-support-2019.06.01/po/it.po
--- debian-security-support-2019.05.22/po/it.po	2018-03-16 15:39:59.0 +0100
+++ debian-security-support-2019.06.01/po/it.po	2019-05-31 17:53:30.0 +0200
@@ -1,13 +1,13 @@
 # Italian translation of debian-security-support debconf messages.
 # Copyright (C) 2014, debian-security-support package's copyright holder
 # This file is distributed under the same license as the debian-security-support package.
-# Beatrice Torracca , 2014, 2016.
+# Beatrice Torracca , 2014, 2016, 2019.
 msgid ""
 msgstr ""
 "Project-Id-Version: debian-security-support\n"
 "Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n"
 "POT-Creation-Date: 2016-06-07 12:13+0200\n"
-"PO-Revision-Date: 2016-05-22 12:53+0200\n"
+"PO-Revision-Date: 2019-05-31 17:34+0200\n"
 "Last-Translator: Beatrice Torracca \n"
 "Language-Team: Italian \n"
 "Language: it\n"
@@ -23,6 +23,8 @@
 "Unknown DEBIAN_VERSION $DEBIAN_VERSION. Valid values from "
 "$DEB_LOWEST_VER_ID and $DEB_NEXT_VER_ID"
 msgstr ""
+"DEBIAN_VERSION $DEBIAN_VERSION sconosciuta. Valori validi da $"
+"DEB_LOWEST_VER_ID e $DEB_NEXT_VER_ID"
 
 #: ../check-support-status.in:63
 msgid "Failed to parse the command line parameters"
@@ -39,12 +41,12 @@
 
 #: ../check-support-status.in:117
 msgid "E: Need a --type if --list is given"
-msgstr ""
+msgstr "E: Necessario --type se è specificato --list"
 
 #: ../check-support-status.in:130
 #, sh-format
 msgid "E: Unknown --type '$TYPE'"
-msgstr ""
+msgstr "E: --type '$TYPE' sconosciuto"
 
 #: ../check-support-status.in:152
 msgid "E: Cannot detect dpkg version, assuming wheezy or newer"
@@ -100,11 +102,9 @@
 "per alcuni pacchetti."
 
 #: ../check-support-status.in:320
-#, fuzzy, sh-format
+#, sh-format
 msgid "* Source:$SRC_NAME, will end on $ALERT_WHEN"
-msgstr ""
-"* Sorgente:$SRC_NAME, terminato il $ALERT_WHEN alla versione "
-"$ALERT_VERSION"
+msgstr "* Sorgente:$SRC_NAME, terminerà il $ALERT_WHEN"
 
 #: ../check-support-status.in:323
 #, sh-format
diff -Nru debian-security-support-2019.05.22/po/ja.po debian-security-support-2019.06.01/po/ja.po
--- debian-security-support-2019.05.22/po/ja.po	2018-03-16 15:39:59.0 +0100
+++ debian-security-support-2019.06.01/po/ja.po	2019-06-01 17:39:41.0 +0200
@@ -1,14 +1,14 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the debian-security-support package.
-# victory , 2014,2016.
-# 
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license 

Bug#929842: Mapbox GL plugin missing in QtLocation

[rinigus]

Package: qtlocation-opensource-src source
Version: 5.11.3+dfsg-2

Packaging of QtLocation excludes Mapbox GL plugin. Originally, it was
enforced by the presence of JSON-licensed code. These days, while
LICENSE.md does mention JSON-license, we could not find any code that would
be licensed with it.

As a developer, I would expect that all its parts (or open-source parts)
are available on the platforms that package it. So, when I want to run a
code that is calling Mapbox GL plugin, it should be possible if QtLocation
>= 5.9 is packaged. Currently, these expectations fail in Debian and
related distributions.

While discussing Mapbox GL as a part of QtLocation, we have to keep in mind
that, at this moment, QtLocation is using qt-staging branch of Mapbox GL.
Hence, the discussion would have to be related to that particular branch.

The issues pointed out by Debian maintainers are:

- large number of dependencies bundled with Mapbox GL, see deps/ in source
code
- incompatibility in qt-staging and master branches disallowing to
cherry-pick bugfixes
- lack of manpower to maintain such large package

References:

Related discussion in debian-qt-kde list, main emails:

https://lists.debian.org/debian-qt-kde/2019/06/msg0.html
https://lists.debian.org/debian-qt-kde/2019/06/msg1.html

Bug#927844: matrix-synapse: Lintian incorrect-path-for-interpreter warning

[Axel Beckert]

Control: tag -1 - upstream

Hi Linda,

Linda Lapinlampi wrote:
> Tags: upstream

Linda Lapinlampi wrote:
> Please forward the following Git patch to upstream if you could,

No. This doesn't make sense for upstream.

In doing that you would enforce upstream to expect all its users to
have the perl binary where Debian installs it. BSDs might have it at
/usr/local/bin/perl. Every perlbrew installation has it elsewhere,
too. So for upstream "#!/usr/bin/env perl" makes smore ense and for Debian
and derived distributions, "#!/usr/bin/perl" makes more sense.

Hence this is a debian-specific issue and doesn't need the "upstream"
tag.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#929666: ITP: conmon -- An OCI container runtime monitor

[Reinhard Tartler]

I think think that separation is not helping me at all, and I'd really
prefer the standard layout that gbp-buildpackage suggests:
http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.intro.html#gbp.repository
Note that the 'upstream' branch regularily gets merged into the packaging
branch. This seems to be different with your packaging style. merging the
upstream sources enables using tools such as license-reconcile, dgit, and
similar.
Thanks for your understanding.

On Thu, May 30, 2019, 06:14 Birger Schacht  wrote:.

>
> Other than that there is only
> https://github.com/containers/conmon/issues/30 that keeps the package
> from being uploaded.
>
> Yeah, that's an issue. Let's hope upstream reacts on that soon.

Best,
-rt

Bug#920339: [PATCH] Re: Bug#920339: matrix-synapse: installation process hangs with unknown reason

[Axel Beckert]

Control: retitle -1 matrix-synapse: installation process hangs under sysvinit 
due to matrix-synapse daemon not closing file descriptor from debconf
Control: tag -1 + patch

Hi again,

Axel Beckert wrote:
> > I tried to reproduce it with sysvinit and still failed :(
> 
> I just was able to reproduce it by installing matrix-synapse on a
> Raspberry Pi running Debian Sid with sysvinit as init system and it
> hangs at the configuration stage after "Config is missing
> macaroon_secret_key". (This warning is though a red herring as
> upstream withholds the fact that it will automatically generate a key
> in this case.)
[...]
> It now hangs there for about an hour.

Contents of /var/log/matrix-synapse/homeserver.log:

2019-06-01 13:01:28,548 - root - 209 - WARNING - None- * STARTING SERVER 
*
2019-06-01 13:01:28,745 - root - 212 - WARNING - None- Server 
/usr/lib/python3/dist-packages/synapse/app/homeserver.py version 0.99.2
2019-06-01 13:01:28,748 - root - 214 - INFO - None- Server hostname: 
c3pio.deuxchevaux.org
2019-06-01 13:01:29,523 - synapse.app.homeserver - 242 - WARNING - None- 
Starting daemon.
2019-06-01 13:01:29,548 - twisted - 240 - WARNING - - 
/usr/lib/python3/dist-packages/synapse/config/tls.py:300: builtins.UserWarning: 
Self-signed TLS certificates will not be accepted by Synapse 1.0. Please either 
provide a valid certificate, or use Synapse's ACME support to provision one.

The time stamps are all from the time of installation.

>From htop:

 9500 root   20   0  7684  2608  1352 S  0.0  0.3 25:57.98 ├─ SCREEN -RdU
 9501 root   20   0  7264  2512  1772 S  0.0  0.3  0:00.65 │  ├─ bash
 2658 root   20   0  178M  125M 49080 S  0.0 13.6  1:24.26 │  │  └─ 
aptitude -u
 4501 root   20   0 12616  7496  1684 S  0.0  0.8  0:00.40 │  │ ├─ dpkg 
--status-fd 66 --configure --pending
 4970 root   20   0 19836 13500  3604 S  0.0  1.4  0:01.32 │  │ │  ├─ 
perl -w /usr/share/debconf/frontend /var/lib/dpkg/info/matrix-synapse.postinst 
configure
 4502 root   20   0  1468   380   332 S  0.0  0.0  0:00.00 │  │ │  └─ 
sh -c (test -x /usr/lib/needrestart/dpkg-status && 
/usr/lib/needrestart/dpkg-status || cat > /dev/null)
 4503 root   20   0  146868 0 S  0.0  0.0  0:00.00 │  │ │ 
└─ sh -c (test -x /usr/lib/needrestart/dpkg-status && 
/usr/lib/needrestart/dpkg-status || cat > /dev/null)
 4504 root   20   0  1468   380   332 S  0.0  0.0  0:00.02 │  │ │   
 └─ sh /usr/lib/needrestart/dpkg-status
 3499 root   20   0  178M  125M 49080 S  0.0 13.6  0:00.00 │  │ └─ 
aptitude -u
[...]
 5066 matrix-sy  20   0 69700 46988  6964 S  0.0  5.0  0:19.14 ├─ python3 -m 
synapse.app.homeserver --config-path /etc/matrix-synapse/homeserver.yaml 
--config-path /etc/matrix-synapse/conf.d/ --daemonize
 5067 matrix-sy  20   0 69700 46988  6964 S  0.0  5.0  0:02.13 │  └─ python3 -m 
synapse.app.homeserver --config-path /etc/matrix-synapse/homeserver.yaml 
--config-path /etc/matrix-synapse/conf.d/ --daemonize

So synapse has already forked, the init script seems to have exited
already and even the postinst script has exited already. The question
is what causes debconf to wait?

"ps auxwwwf | fgrep -1 matrix" shows that there's a zombie process
leftover as (former) child of the debconf process:

root  4970  0.0  1.4  19836 13504 pts/0S+   13:00   0:01  |   
\_ /usr/bin/perl -w /usr/share/debconf/frontend 
/var/lib/dpkg/info/matrix-synapse.postinst configure
root  4977  0.0  0.0  0 0 pts/0Z+   13:00   0:00  | 
  \_ [matrix-synapse.] 

I suspect — based on the name part "matrix-synapse." that this zombie
was eitherr the matrix-synapse.postinst script or the
matrix-synapse.config script.

Looking with lsof what's still opened by the debconf frontend process
(pid 4970), I noticed these two pipes:

frontend 4970 root7w  FIFO0,8  0t0 1899008614 pipe
frontend 4970 root8r  FIFO0,8  0t0 1899008615 pipe

Grepping through the whole process space, I noticed that at least one
of these pipes is connected to the python3 process running
matrix-synapse which looks odd to me:

# lsof | egrep '189900861[45]'
frontend   4970   root7w FIFO0,8  
0t0 1899008614 pipe
frontend   4970   root8r FIFO0,8  
0t0 1899008615 pipe
python35066 matrix-synapse3w FIFO0,8  
0t0 1899008615 pipe
python35066  5067 python3   matrix-synapse3w FIFO0,8  
0t0 1899008615 pipe

And indeed, calling "service matrix-synapse stop" on another console
makes the hanging install process to continue.

So it seems that matrix-synapse's --daemonize doesn't properly close
file descriptors upon forking — which is likely an upstream issue.

With systemd, systemd probably covers that. With init scripts we have
start-stop-daemon to fix that, so let's do that:

diff --git a/init.d/matrix-synapse 

Bug#929841: crda: Failed to set regulatory domain: -7

[Thorsten Glaser]

Package: crda
Version: 3.18-1
Severity: serious
Justification: fails

tglase@tglase-nb:~ $ fgrep -i -e crda -e regdom /var/log/syslog
Jun  1 17:06:26 tglase-nb vmunix: [   32.679951] systemd-udevd[2262]: Process 
'/sbin/crda' failed with exit code 255.
tglase@tglase-nb:~ $ sudo cleanenv / COUNTRY=DE /sbin/crda
Failed to set regulatory domain: -7

When called manually, its errorlevel is 249 though, not 255.

Note: “cleanenv /” does
 cd /; /usr/bin/env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin HOME=/ "$@"

-- System Information:
Debian Release: 10.0
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages crda depends on:
ii  iw5.0.1-1
ii  libc6 2.28-10
ii  libnl-3-200   3.4.0-1
ii  libnl-genl-3-200  3.4.0-1
ii  libssl1.1 1.1.1b-2
ii  wireless-regdb2016.06.10-1

crda recommends no packages.

crda suggests no packages.

-- Configuration Files:
/etc/default/crda changed:
REGDOMAIN=DE


-- no debconf information

Bug#929467: RFS: tfortune-1.0.0 [ITP]

[Alexis Murzeau]

Hi,

Le 01/06/2019 à 13:36, Andre Noll a écrit :> On Fri, May 31, 17:32, Adam
Borowski wrote
>> On Fri, May 24, 2019 at 08:57:49AM +0200, Andre Noll wrote:
>>>  * Package name: tfortune
>>>Version : 1.0.0
>>
>>> git clone git://git.tuebingen.mpg.de/tfortune/
>>
>> Hi!
>> I'm afraid your packaging unnecessarily reinvents a good part of usual
>> tools, and does this wrong.  For example:
>> * directories have non-standard permissions, and this affects common
dirs as
>>   well
>
> Oops, this was indeed broken. Should be fixed now.
>
I think Adam meant to not implement low level makefile targets yourself,
but use dh like this:
```
#!/usr/bin/make -f

export DEB_BUILD_MAINT_OPTIONS = hardening=+all
%:
dh $@

override_dh_auto_configure:
dh_auto_configure -- \
  --bindir=\$${prefix}/games \
  --datadir=\$${prefix}/share/games
```

Every low level targets are handled by dh and you can override some of
them using `override_dh_*`.
Here override_dh_auto_configure override the configure step to use game
specific directories. This is what is done for the warzone2100 game package.

Actually, this simple debian/rules file above will work and let dh
handle all issues about md5, permissions, hardening CFLAGS and maybe
make the build reproducible too.

-- 
Alexis Murzeau
PGP: B7E6 0EBB 9293 7B06 BDBC  2787 E7BD 1904 F480 937F



signature.asc
Description: OpenPGP digital signature

Bug#927014: qtcreator: Menu disapear

[Lisandro Damián Nicanor Pérez Meyer]

Hi Bruno! Possibly my mistake when replying you: please always keep
the bug in CC.

On Sat, 1 Jun 2019 at 04:42, Bruno Volpi  wrote:
>
> hello,
>
> here attached  files:
>
> first one with installed package and a second one with some screen shot .
>
>
> this bug doesn't appear in gnome but only with KDE - PLasma 5
>
> I doesn't try with another language configuration.

This looks more to a configuration issues rather than a bug. The
easiest way to check is creating a new user and trying Qt Creator with
it in Plasma.

Please try that.

Bug#929839: unblock: syslog-ng/3.19.1-5

[GCS]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

I would like to update syslog-ng from 3.19.1-3 to 3.19-5 which means
two debdiffs.
The first one is very small, adding a configuration entry which is
chosen automatically but with a warning issued. Explicitly adding the
configuration prevents that extra message issued.
The second one contains several security fixes backported from stable
upstream releases.
Just to be sure, I let it age a week.

Thanks for consideration,
Laszlo/GCS
diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog
--- syslog-ng-3.19.1/debian/changelog	2019-02-04 18:47:26.0 +
+++ syslog-ng-3.19.1/debian/changelog	2019-04-22 11:02:19.0 +
@@ -1,3 +1,9 @@
+syslog-ng (3.19.1-4) unstable; urgency=medium
+
+  * Add dns_cache(no) to options (closes: #922524).
+
+ -- Laszlo Boszormenyi (GCS)   Mon, 22 Apr 2019 11:02:19 +
+
 syslog-ng (3.19.1-3) unstable; urgency=medium
 
   * Correct syslog-ng-mod-examples description (closes: #920846).
diff -Nru syslog-ng-3.19.1/debian/syslog-ng.conf syslog-ng-3.19.1/debian/syslog-ng.conf
--- syslog-ng-3.19.1/debian/syslog-ng.conf	2018-12-25 09:40:28.0 +
+++ syslog-ng-3.19.1/debian/syslog-ng.conf	2019-04-22 11:02:19.0 +
@@ -6,8 +6,8 @@
 
 # First, set some global options.
 options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
-	  owner("root"); group("adm"); perm(0640); stats_freq(0);
-	  bad_hostname("^gconfd$");
+	  dns_cache(no); owner("root"); group("adm"); perm(0640);
+	  stats_freq(0); bad_hostname("^gconfd$");
 };
 
 
diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog
--- syslog-ng-3.19.1/debian/changelog	2019-04-22 11:02:19.0 +
+++ syslog-ng-3.19.1/debian/changelog	2019-05-19 11:03:30.0 +
@@ -1,3 +1,22 @@
+syslog-ng (3.19.1-5) unstable; urgency=high
+
+  * Backport security fixes:
+- fix app-parser() per reload memory leak,
+- logger: fix leaking file handlers,
+- DNS memory leak/segfault fix,
+- cmake: add missing detection for O_LARGEFILE,
+- threaded-dest: fix integer overflow,
+- threaded-dest: move last_worker to DestDriver,
+- cmake: fix typo in HAVE_STRNLEN,
+- http: add missing free for self->body_template,
+- test_pathutils: fix leak,
+- test_file_list: fix leak,
+- template: tf_simple_func_prepare leak fix,
+- gorupingby: fix memory leak,
+- groupingby: fix invalid memory access.
+
+ -- Laszlo Boszormenyi (GCS)   Sun, 19 May 2019 11:03:30 +
+
 syslog-ng (3.19.1-4) unstable; urgency=medium
 
   * Add dns_cache(no) to options (closes: #922524).
diff -Nru syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch
--- syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch	1970-01-01 00:00:00.0 +
+++ syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch	2019-05-19 11:03:30.0 +
@@ -0,0 +1,93 @@
+From 8400d4aa419a9fe818d09c0a1fbfff173dbaff38 Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler 
+Date: Tue, 18 Dec 2018 09:52:50 +0100
+Subject: [PATCH] cfg-block: make CfgBlockGenerator instances refcounted
+
+Sometimes CfgBlock instances are constructed every time they are
+referenced (e.g. app-parser() in its construct method), in other cases
+the same generator instance is returned (e.g. those created by
+block {} statements).
+
+The shared ones were properly freed, but the dynamic kind were not.
+
+This patch adds reference counting, the followup patch will fix the leak.
+
+Signed-off-by: Balazs Scheidler 
+---
+ lib/cfg-block-generator.c | 19 +++
+ lib/cfg-block-generator.h |  4 +++-
+ lib/cfg-lexer.c   |  2 +-
+ 3 files changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/lib/cfg-block-generator.c b/lib/cfg-block-generator.c
+index 292094cb6a..c096fd38d5 100644
+--- a/lib/cfg-block-generator.c
 b/lib/cfg-block-generator.c
+@@ -51,6 +51,7 @@ cfg_block_generator_generate(CfgBlockGenerator *self, GlobalConfig *cfg, CfgArgs
+ void
+ cfg_block_generator_init_instance(CfgBlockGenerator *self, gint context, const gchar *name)
+ {
++  self->ref_cnt = 1;
+   self->context = context;
+   self->name = g_strdup(name);
+   self->format_name = cfg_block_generator_format_name_method;
+@@ -63,10 +64,20 @@ cfg_block_generator_free_instance(CfgBlockGenerator *self)
+   g_free(self->name);
+ }
+ 
++CfgBlockGenerator *
++cfg_block_generator_ref(CfgBlockGenerator *self)
++{
++  self->ref_cnt++;
++  return self;
++}
++
+ void
+-cfg_block_generator_free(CfgBlockGenerator *self)
++cfg_block_generator_unref(CfgBlockGenerator *self)
+ {
+-  if (self->free_fn)
+-self->free_fn(self);
+-  g_free(self);
++  if (--self->ref_cnt == 0)
++{
++   

Bug#929838: add option to mirror source and binary packages

[Harald Dunkel]

Package: devscripts
Version: 2.19.5

Sometimes I have to archive source and binary packages, or to pickup
packages from backports to add them to a local repository. Do you
think it would be possible to add some kind of "mirror" mode to dget
to download all, any, ${arch} binary packages and the source package
to the $CWD? Something like

dget --mirror --arch=amd64,all 
http://ftp.debian.org/debian/pool/main/g/git/git_2.20.1-1~bpo9+1.dsc

AFAICS all necessary information is in the *.dsc file.

The file modification date should be preserved as well.


Thanx in advance
Harri

Bug#929804: gnome-maps: crash when exporting map as the image

[Saša Janiška]

Bernhard Übelacker  writes:

> Could you please forward the output of this command,
> so I can compare if I test the right package versions:

$ dpkg -l | grep -E 
"libpixman|libcairo2|libchamplain|libffi6|libgjs0g|libmozjs|libglib2.0|libgtk-3|gnome-maps"
 | sort
ii  gnome-maps3.30.3-1 
amd64map application for GNOME
ii  libcairo2:amd64   1.16.0-4 
amd64Cairo 2D vector graphics library
ii  libcairo2-dbgsym:amd641.16.0-4 
amd64debug symbols for libcairo2
ii  libcairo2:i3861.16.0-4 
i386 Cairo 2D vector graphics library
ii  libchamplain-0.12-0:amd64 0.12.16-3
amd64C library providing ClutterActor to display maps
ii  libchamplain-0.12-0-dbgsym:amd64  0.12.16-3
amd64debug symbols for libchamplain-0.12-0
ii  libchamplain-gtk-0.12-0:amd64 0.12.16-3
amd64Gtk+ widget to display maps
ii  libffi6:amd64 3.2.1-9  
amd64Foreign Function Interface library runtime
ii  libffi6-dbg:amd64 3.2.1-9  
amd64Foreign Function Interface library runtime (debug symbols)
ii  libffi6:i386  3.2.1-9  
i386 Foreign Function Interface library runtime
ii  libgjs0g  1.54.3-1 
amd64Mozilla-based javascript bindings for the GNOME platform
ii  libgjs0g-dbgsym   1.54.3-1 
amd64debug symbols for libgjs0g
ii  libglib2.0-0:amd642.58.3-1 
amd64GLib library of C routines
ii  libglib2.0-0-dbgsym:amd64 2.58.3-1 
amd64debug symbols for libglib2.0-0
ii  libglib2.0-0:i386 2.58.3-1 
i386 GLib library of C routines
ii  libglib2.0-bin2.58.3-1 
amd64Programs for the GLib library
ii  libglib2.0-data   2.58.3-1 
all  Common files for GLib library
ii  libgtk-3-0:amd64  3.24.5-1 
amd64GTK+ graphical user interface library
ii  libgtk-3-0-dbgsym:amd64   3.24.5-1 
amd64debug symbols for libgtk-3-0
ii  libgtk-3-bin  3.24.5-1 
amd64programs for the GTK+ graphical user interface library
ii  libgtk-3-common   3.24.5-1 
all  common files for the GTK+ graphical user interface library
ii  libmozjs-60-0:amd64   60.2.3-3 
amd64SpiderMonkey JavaScript library
ii  libmozjs-60-0-dbgsym:amd6460.2.3-3 
amd64debug symbols for libmozjs-60-0
ii  libpixman-1-0:amd64   0.36.0-1 
amd64pixel-manipulation library for X and cairo
ii  libpixman-1-0-dbgsym:amd640.36.0-1 
amd64debug symbols for libpixman-1-0
ii  libpixman-1-0:i3860.36.0-1 
i386 pixel-manipulation library for X and cairo


Sincerely,
Gour

-- 

Bug#929837: libgdk-pixbuf2.0-dev: Memory leak viewing animated gif

[Avinash Sonawane]

Package: libgdk-pixbuf2.0-dev
Version: 2.36.5-2+deb9u2
Severity: important

Hello!

When animated gif(in this case, size 18M) is tried to be viewed, libgdk-pixbuf
leaks memory and consumes >1.87G of memory.
This bug can be reproduced either by using any of the image viewers using
libgdk-pixbuf (e.g. eog, ristretto) and/or by writing small code snippet using
the lib.


Steps to reproduce:
1.  Download the sample gif
wget -c https://raw.githubusercontent.com/mathieudutour/medium-to-own-
blog/master/docs/screencast.gif

2. Now to reproduce either open the downloaded gif with eog/ristretto or use
this small code snippet:
https://gist.github.com/mertyildiran/f2a0746fbdbce728911854a2f038ee22

3. If you are using the code snippet then please put the proper image path in
line 43. and compile as:
$ gcc gtk-gif.c $(pkg-config --cflags --libs gtk+-2.0) -o gtk-gif
and then execute gtk-gif

top o/p from sample run:
  PID USER  PR  NIVIRTRESSHR S  %CPU %MEM TIME+ COMMAND
31584 rootkea   20   0 2121372 1.875g  17340 R  13.9 50.3   0:36.04 gtk-gif

Thanks!



-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN.utf8, LC_CTYPE=en_IN.utf8 (charmap=UTF-8), LANGUAGE=en_IN:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libgdk-pixbuf2.0-dev depends on:
ii  gir1.2-gdkpixbuf-2.0  2.36.5-2+deb9u2
ii  libc6 2.24-11+deb9u4
ii  libgdk-pixbuf2.0-02.36.5-2+deb9u2
ii  libglib2.0-0  2.50.3-2
ii  libglib2.0-dev2.50.3-2
ii  libpng-dev1.6.28-1+deb9u1
ii  libpng16-16   1.6.28-1+deb9u1
ii  libx11-dev2:1.6.4-3+deb9u1
ii  shared-mime-info  1.8-1+deb9u1

libgdk-pixbuf2.0-dev recommends no packages.

libgdk-pixbuf2.0-dev suggests no packages.

-- no debconf information

Bug#929836: apt: export/exportall commands apparently useless if not parsable

[Marc Lehmann]

Package: apt
Version: 1.8.2
Severity: minor

Dear Maintainer,

I have a script that runs "apt-key exportall" for backup-reasons. The
command diverts output to a file, and now outputs the following warning:

   Warning: apt-key output should not be parsed (stdout is not a terminal)

That begs the question what export/exportall are meant for - their output
is clearly NOT human-readable but computer-parsable. If the output
is not meant to be parsed (presumably by computer program), and not
human-readable, do they have a purpose at all?

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-updates'), (500, 'stable-debug'), (500, 
'unstable'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser 3.118
ii  debian-archive-keyring  2019.1
ii  gpgv2.2.12-1
ii  libapt-pkg5.0   1.8.2
ii  libc6   2.28-10
ii  libgcc1 1:8.3.0-6
ii  libgnutls30 3.6.7-3
ii  libseccomp2 2.3.3-4
ii  libstdc++6  8.3.0-6

Versions of packages apt recommends:
ii  ca-certificates  20190110

Versions of packages apt suggests:
pn  apt-doc 
ii  aptitude0.8.11-7
ii  dpkg-dev1.19.6
ii  gnupg   2.2.12-1
ii  gnupg2  2.2.12-1
ii  powermgmt-base  1.34
ii  synaptic0.84.6

-- no debconf information

Bug#929804: gnome-maps: crash when exporting map as the image

[Bernhard Übelacker]

Control: tags -1 - moreinfo


Hello Saša Janiška,
in your last example it is visible that the crashes
do not happen every time at the exact same instruction,

Could you please forward the output of this command,
so I can compare if I test the right package versions:

dpkg -l | grep -E 
"libpixman|libcairo2|libchamplain|libffi6|libgjs0g|libmozjs|libglib2.0|libgtk-3|gnome-maps"
 | sort

Kind regards,
Bernhard



Am 01.06.19 um 08:16 schrieb Saša Janiška:
> Bernhard Übelacker  writes:
> 
>> And send another output of journalctl, that way the function
>> names for each frame will be visible.
> 
> OK, It's in the attacment.
> 
>> Did you receive this crash always calculating the same route?
> 
> Yes,
> 
>> Does it also crash if you calculate a route between some
>> other random locations?
> 
> Yes and it crashes under Wayland as well,.
> 
> 
> Sincerely,
> Gour
> 
> 
> 

Bug#929835: infinoted: -c is given as a shortcut both for --config-file and --certificate-file

[Elena ``of Valhalla'']

Package: infinoted
Version: 0.6.7-2
Severity: normal
Tags: upstream

Dear Maintainer,

in the infinoted manpage one reads:

   -c, --config-file=CONFIG-FILE
  Load  the  given  configuration  file  instead of looking at the
  standard locations.

   [...]

   -c, --certificate-file=CERTIFICATE-FILE
  The server's certificate

The program interpreters -c as --certificate-file, but at a glance it's
very easy to try to use it for --config-file, leading to unexpected and
hard to debug failures.

infinoted --help only shows -c for --certificate-file and does not list
any option for --config-file (which would be pretty convenient to have).

Thanks in advance

Bug#924147: geeqie-common: Please add Multi-Arch: foreign

[Elrond]

On Wed, May 29, 2019 at 18:16:12 +0200, Andreas Ronnquist wrote:
[...]
> Thanks for your report - I have committed a fix for this in the
> packaging git repository, so it will be fixed in the next upload after
> the Debian freeze.
[...]

Thanks!

Elrond

Bug#929834: lightdm-gtk-greeter: After locking screen, display is turned off and unlock prompt is not visible.

[Raj Kiran Grandhi]

Package: lightdm-gtk-greeter
Version: 2.0.6-1
Severity: important

Dear Maintainer,

   * What led up to the situation?

Perform a clean install of testing using the RC1 netinst CD and selected XFCE 
desktop environment. 

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Log into the system from the lightdm login window, and lock the screen.

   * What was the outcome of this action?

Screen got locked and the disply got turned off (monitor entered power save). 
No unlock prompt was displayed, but typing the password blindly unlocked the 
session.

   * What outcome did you expect instead?

Screen gets locked, and an unlock prompt is displayed.

Additional info:

After locking the screen, when the display gets turned off, switching to a 
different VT and back displays the unlock prompt as usual and everything works 
as expected. This problem does not occur when switching the greeter from 
lightdm-gtk-greeter to slick-greeter.

References:
1. https://lists.debian.org/debian-user/2019/05/msg01477.html
2. https://lists.debian.org/debian-devel/2019/06/msg0.html

Thanks,
Raj Kiran

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lightdm-gtk-greeter depends on:
ii  libc6   2.28-10
ii  libcairo2   1.16.0-4
ii  libgdk-pixbuf2.0-0  2.38.1+dfsg-1
ii  libglib2.0-02.58.3-1
ii  libgtk-3-0  3.24.5-1
ii  libindicator3-7 0.5.0-4
ii  liblightdm-gobject-1-0  1.26.0-4
ii  libx11-62:1.6.7-1

Versions of packages lightdm-gtk-greeter recommends:
ii  adwaita-icon-theme  3.30.1-1
ii  desktop-base10.0.2
ii  gnome-themes-extra  3.28-1
ii  policykit-1 0.105-25

lightdm-gtk-greeter suggests no packages.

-- no debconf information

Bug#929830: syslog shows netlink error

[Vincent Bernat]

 ❦  1 juin 2019 13:14 +02, michael-dev :

> while memory usage was increasing, syslog showed (few) lldpd[1264]:
> unable to receive netlink answer: No buffer space available messages.

I think this may be more a consequence than a cause. The code around
this message seems to correctly handle memory, even in error cases.
Does the issue repeat after a restart?
-- 
An honest tale speeds best being plainly told.
-- William Shakespeare, "Henry VI"


signature.asc
Description: PGP signature

Bug#920339: matrix-synapse: installation process hangs with unknown reason

[Axel Beckert]

Control: notfound -1 0.99.2-5~bpo9+1
Control: found -1 0.99.2-5

Hi Andrej,

Andrej Shadura wrote:
> > Still exists in the recent version. It seems that the server is spawned and
> > disowned, and the configure script waits forever for some return value 
> > which never
> > comes.
> 
> I tried to reproduce it with sysvinit and still failed :(

I just was able to reproduce it by installing matrix-synapse on a
Raspberry Pi running Debian Sid with sysvinit as init system and it
hangs at the configuration stage after "Config is missing
macaroon_secret_key". (This warning is though a red herring as
upstream withholds the fact that it will automatically generate a key
in this case.)

While the system has quite some other stuff already installed, I did
nothing else than answering the two debconf questions and answering
them with the systems FQDN and "no". I also installed most if not all of the
recommended and some of the suggested python modules. (Can lookup the
exact list if wanted.)

It now hangs there for about an hour.

With backports (with sysvinit, too) I actually don't have this kind of
issue but a different one:

Setting up matrix-synapse (0.99.2-5~bpo9+1) ...
[FAIL] TLS certificate file /etc/matrix-synapse/homeserver.tls.crt not found 
... failed!

I diffed the 0.99.2-5 and 0.99.2-5~bpo9+1 source packages and found
nothing which would explain this difference, so I assume the
differences is probably somewhere in the dependencies. (Might file a
separate bug report for that one later.)

Currently trying to figure out _why_ it hangs on Buster/Sid.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#929467: RFS: tfortune-1.0.0 [ITP]

[Andre Noll]

On Fri, May 31, 17:32, Adam Borowski wrote
> On Fri, May 24, 2019 at 08:57:49AM +0200, Andre Noll wrote:
> >  * Package name: tfortune
> >Version : 1.0.0
> 
> > git clone git://git.tuebingen.mpg.de/tfortune/
> 
> Hi!
> I'm afraid your packaging unnecessarily reinvents a good part of usual
> tools, and does this wrong.  For example:
> * directories have non-standard permissions, and this affects common dirs as
>   well

Oops, this was indeed broken. Should be fixed now.

> * gzip is invoked without -n, which renders the package non-reproducible

That was also easy enough to fix. I've added -n to both gzip commands.

> * standard build flags don't get passed to the compiler

Can you elaborate this concern? The Makefile does add $(CPPFLAGS)
and $(CFLAGS) to the cc command and $(LDFLAGS) to the linker command.
Which standard build flags don't get passed?

> * no md5sum files are generated

Fixed.

I've pushed out v2 of the t/debian branch, which addresses all
concerns except the one about the build flags. Would you please have
another look?

Thanks for your feedback
Andre
-- 
Max Planck Institute for Developmental Biology
Max-Planck-Ring 5, 72076 Tübingen, Germany. Phone: (+49) 7071 601 829
http://people.tuebingen.mpg.de/maan/


signature.asc
Description: PGP signature

Bug#922669: fixed in sqlalchemy 1.2.18+ds1-2

[Hideki Yamane]

Hi,

 Do you file unblock for sqlalchemy? 
 Or also add debian/NEWS file to indicate potential incompatibility for
 applications?

-- 
Hideki Yamane 

Bug#929833: apt: Differences in the reported value of the Provides field in apt-cache

[Alexandros Prekates]

Package: apt
Version: 1.4.9
Severity: normal

Dear Maintainer,

I noticed the following difference in the reported
'Provides' value.

$ sudo apt-cache show python3
Package: python3

Provides: python3-profiler

$ sudo apt-cache showpkg python3
...
Provides:
3.5.3-1 - python3-profiler:i386 (= ) python3:any (= 3.5.3-1) python3-profiler
(= ) python3-profiler:any (= )

I cant make sense of all those 'virtual' packages:
python3-profiler:i386 (= ) python3:any (= 3.5.3-1) python3-profiler (= )
python3-profiler:any (= )

The control file of python3_3.5.3-1_amd64.deb outputs only:
Provides: python3-profiler

Obviously those 'produced' Provides values declare sth related to
architectures.But i dont
understand the logic.

We have a package : Architecture: amd64
That package provides python3:any ?  It'd made more sense to me to provide
python3:amd64 , assuming
that there are other packages providing 'python3' 'functionality'.

Also i think that there is not other package 'providing' python3. So i cant
understand why even that virtual package exists (if we assume that showpkg
reports is also true).






-- Package-specific info:

-- apt-config dump --

APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Sandbox "";
APT::Sandbox::User "_apt";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^linux-headers-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^linux-image-extra-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^linux-signed-image-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-image-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-headers-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^gnumach-image-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^.*-modules-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^.*-kernel-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.9\.0-7-amd64$";
APT::NeverAutoRemove:: "^linux-tools-4\.9\.0-7-amd64$";
APT::VersionedKernelPackages "";
APT::VersionedKernelPackages:: "linux-image";
APT::VersionedKernelPackages:: "linux-headers";
APT::VersionedKernelPackages:: "linux-image-extra";
APT::VersionedKernelPackages:: "linux-signed-image";
APT::VersionedKernelPackages:: "kfreebsd-image";
APT::VersionedKernelPackages:: "kfreebsd-headers";
APT::VersionedKernelPackages:: "gnumach-image";
APT::VersionedKernelPackages:: ".*-modules";
APT::VersionedKernelPackages:: ".*-kernel";
APT::VersionedKernelPackages:: "linux-backports-modules-.*";
APT::VersionedKernelPackages:: "linux-tools";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "contrib/metapackages";
APT::Never-MarkAuto-Sections:: "non-free/metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Move-Autobit-Sections "";
APT::Move-Autobit-Sections:: "oldlibs";
APT::Move-Autobit-Sections:: "contrib/oldlibs";
APT::Move-Autobit-Sections:: "non-free/oldlibs";
APT::Move-Autobit-Sections:: "restricted/oldlibs";
APT::Move-Autobit-Sections:: "universe/oldlibs";
APT::Move-Autobit-Sections:: "multiverse/oldlibs";
APT::Periodic "";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Update "";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "/usr/bin/test -e 
/usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && 
/usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call 
--system --dest org.freedesktop.PackageKit --object-path 
/org/freedesktop/PackageKit --timeout 4 --method 
org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo 
> /dev/null";
APT::Update::Post-Invoke-Success:: "if /usr/bin/test -w /var/cache/app-info -a 
-e /usr/bin/appstreamcli; then appstreamcli refresh-cache > /dev/null; fi";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Architectures:: "i386";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "0";
APT::Compressor::lz4 "";
APT::Compressor::lz4::Name "lz4";
APT::Compressor::lz4::Extension ".lz4";
APT::Compressor::lz4::Binary "false";
APT::Compressor::lz4::Cost "50";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "100";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-6n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";

Bug#929830: syslog shows netlink error

[michael-dev]

Hi,

while memory usage was increasing, syslog showed (few) lldpd[1264]: 
unable to receive netlink answer: No buffer space available messages.


Regards,
M. Braun

Bug#929832: RM: simpleid/0.8.1-15

[Hideki Yamane]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Hi,

 As Bug#929575, simpleid doesn't work with PHP7.x that is shipped with
 Debian9 "stretch" and Debian10 "buster", so I propose we'll remove it.


-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), 
LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#929831: gbp import-dsc is not filtering components (multiple tarballs)

[Pirate Praveen]

package: git-buildpackage
version: 0.9.14
severity: important

Repo to reproduce https://salsa.debian.org/js-team/node-vinyl-fs

I want to remove dist/browser.js from object-assign component.

I have this in gbp.conf

[import-dsc]
filter-pristine-tar = True
filter = ['object-assign/dist/browser.js']

(tried with [import-orig] as well)

But the file does not get filtered.

Bug#929830: lldpd: Memory usage of lldpd implies memory leak

[michael-dev]

Package: lldpd
Version: 0.9.6-1
Severity: normal

Dear Maintainer,

my system was slow due to increased memory usage.
htop shows lldpd consuming 425M Res Memory, rapidly increasing.

htop output:
 1264 _lldpd 20   0  471M  425M  1428 D  2.6 69.1 121h lldpd: connected 
to e-switch-1.

So I conclude lldpd consumed to much memory possibly due to a memory leak.

Regards,
M. Braun

-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-9-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to de_DE.utf8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to de_DE.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lldpd depends on:
ii  adduser  3.115
ii  init-system-helpers  1.48
ii  libbsd0  0.8.3-1
ii  libc62.24-11+deb9u4
ii  libevent-2.0-5   2.0.21-stable-3
ii  libjansson4  2.9-1
ii  libpci3  1:3.5.2-1
ii  libreadline7 7.0-3
ii  libsensors4  1:3.4.0-4
ii  libsnmp305.7.3+dfsg-1.7+deb9u1
ii  libssl1.0.2  1.0.2r-1~deb9u1
ii  libwrap0 7.6.q-26
ii  libxml2  2.9.4+dfsg1-2.2+deb9u2
ii  lsb-base 9.20161125

lldpd recommends no packages.

Versions of packages lldpd suggests:
pn  snmpd  

-- no debconf information

Bug#929575: simpleid: Not compatible with PHP 7

[Hideki Yamane]

control: tags -1 +fixed-upstream

On Mon, 27 May 2019 00:07:55 +1000 Stuart Prescott  wrote:
> Justification: Does not work with PHP 7 in buster

> According to the upstrem bug tracker, simpleid is not compatible with PHP7,

 And he indicated upstream 1.0.2 works with PHP7, so add "fixed-upstream"
 tag.

 I propose that we'll remove simpleid package from stretch and buster
 at least, since it was too old, not cared for a long time since 2016.


-- 
Hideki Yamane 

Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

[Pirate Praveen]

package: gulp
version: 4.0.2-1
severity: grave
justification: it does not work at all
Control: tags -1 help

This is noticed with other packages build depending on gulp as well.

This repo can be used to reproduce the error 
https://salsa.debian.org/js-team/node-babel


I could not find a more verbose output (--verbose or - did not give 
any extra information). I need help fixing it.


$ dpkg-buildpackage
dpkg-buildpackage: info: source package node-babel
dpkg-buildpackage: info: source version 7.4.5-1
dpkg-buildpackage: info: source distribution UNRELEASED
dpkg-buildpackage: info: source changed by Pirate Praveen 


dpkg-buildpackage: info: host architecture amd64
dpkg-source --before-build .
fakeroot debian/rules clean
dh clean --with nodejs
  debian/rules override_dh_auto_clean
make[1]: Entering directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

dh_auto_clean
make -j1 clean
make[2]: Entering directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

rm -rf packages/*/test/tmp
rm -rf packages/*/test-fixtures.json
rm -rf codemods/*/test/tmp
rm -rf codemods/*/test-fixtures.json
rm -f .npmrc
rm -rf packages/babel-polyfill/browser*
rm -rf packages/babel-polyfill/dist
rm -rf coverage
rm -rf packages/*/npm-debug*
make[2]: Leaving directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

rm -rf node_modules packages/babel-runtime/core-js
rm -rf packages/*/node_modules
rm -rf packages/*/lib
make[1]: Leaving directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

  dh_clean
dpkg-source -b .
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building node-babel using existing 
./node-babel_7.4.5.orig-gulp-filter.tar.gz
dpkg-source: info: building node-babel using existing 
./node-babel_7.4.5.orig.tar.xz

dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: building node-babel in 
node-babel_7.4.5-1.debian.tar.xz

dpkg-source: info: building node-babel in node-babel_7.4.5-1.dsc
debian/rules build
dh build --with nodejs
  dh_update_autotools_config
  dh_auto_configure
  debian/rules override_dh_auto_build
make[1]: Entering directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

debian/generate-babel-preset-es2015.sh
make bootstrap
make[2]: Entering directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

rm -rf package-lock.json
rm -rf .changelog
rm -rf packages/*/lib
rm -rf packages/*/node_modules
rm -rf packages/*/package-lock.json
rm -rf codemods/*/lib
rm -rf codemods/*/node_modules
rm -rf codemods/*/package-lock.json
make clean
make[3]: Entering directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

rm -rf packages/*/test/tmp
rm -rf packages/*/test-fixtures.json
rm -rf codemods/*/test/tmp
rm -rf codemods/*/test-fixtures.json
rm -f .npmrc
rm -rf packages/babel-polyfill/browser*
rm -rf packages/babel-polyfill/dist
rm -rf coverage
rm -rf packages/*/npm-debug*
make[3]: Leaving directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

#yarn --ignore-engines
#./node_modules/.bin/lerna bootstrap -- --ignore-engines
make build
make[3]: Entering directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

rm -rf packages/*/test/tmp
rm -rf packages/*/test-fixtures.json
rm -rf codemods/*/test/tmp
rm -rf codemods/*/test-fixtures.json
rm -f .npmrc
rm -rf packages/babel-polyfill/browser*
rm -rf packages/babel-polyfill/dist
rm -rf coverage
rm -rf packages/*/npm-debug*
rm -rf packages/*/lib
rm -rf codemods/*/lib
gulp build
[15:37:17] Local modules not found in 
~/forge/debian/git/js-team/node-babel

[15:37:17] Try running: npm install
[15:37:17] Using globally installed gulp
[15:37:17] Using gulpfile 
~/forge/debian/git/js-team/node-babel/Gulpfile.js

[15:37:17] Starting 'build'...
[15:37:17] Cannot convert undefined or null to object
[15:37:17] To list available tasks, try running: gulp --tasks
[15:37:17] The following tasks did not complete: build
[15:37:17] Did you forget to signal async completion?
Makefile:13: recipe for target 'build' failed
make[3]: *** [build] Error 1
make[3]: Leaving directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

Makefile:160: recipe for target 'bootstrap' failed
make[2]: *** [bootstrap] Error 2
make[2]: Leaving directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

debian/rules:11: recipe for target 'override_dh_auto_build' failed
make[1]: *** [override_dh_auto_build] Error 2
make[1]: Leaving directory 
'/home/pravi/forge/debian/git/js-team/node-babel'

debian/rules:8: recipe for target 'build' failed
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit 
status 2

Bug#929828: unblock: cryptsetup/2:2.1.0-4

[Guilhem Moulin]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi there,

Unlocking LUKS2 volumes requires userspace crypto (‘algif_skcipher’ kernel
module), which cryptsetup-initramfs 2:2.1.0-3 does not copy to initramfs
images created with MODULES=dep, cf. #929616.  (Default value for $MODULES
is "most", otherwise that bug would have been of much higher severity.
Still, newly formatted devices can't be unlocked from initramfs images
created with MODULES=dep, which is a severe regression.)

In 2:2.1.0-4 we propose ‘algif_skcipher’ be included in all initramfs
images, regardless of the value of $MODULES.  Even though the module isn't
needed for LUKS1, “plain” dm-crypt, etc. we can't always determine the
header format/version at initramfs generation time (for instance the
header might be detached and on a removable media).  As of cryptsetup
2.1.x LUKS2 is the default LUKS format version, so it makes sense to
include the module unconditionally (like we've been doing for ‘aesni’
since 2:1.3.0-3, although it's possible to use a non-AES cipher, and not
all CPU have the AES instruction set).  The overhead of adding an extra
module to initramfs images should be minimal: with its dependency the
extra module adds a mere 68kiB (as of linux-image-4.19.0-5-amd64).

Debdiff between 2:2.1.0-3 and 2:2.1.0-4 attached.  This also includes a
patch by jmtd fixing the long description of cryptsetup-{bin,run}.  The
diff doesn't touch our .udeb binary packages, but X-Debbugs-CC'ing kibi
anyway as cryptsetup is also under udeb-block.

unblock cryptsetup/2:2.1.0-4
Thanks for considering its inclusion in Buster!
Cheers,
-- 
Guilhem.
diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog
--- cryptsetup-2.1.0/debian/changelog   2019-04-30 21:20:47.0 +0200
+++ cryptsetup-2.1.0/debian/changelog   2019-05-28 17:04:16.0 +0200
@@ -1,3 +1,22 @@
+cryptsetup (2:2.1.0-4) unstable; urgency=medium
+
+  [Guilhem Moulin]
+  * d/initramfs/hooks/cryptroot: Always add userspace crypto module
+('algif_skcipher' kernel module) to the initramfs.  This module is
+required for required for opening LUKS2 devices, and since 2:2.0.2-2 it's
+added to large initramfs (i.e., when the MODULES variable isn't set to
+"dep").  It's now added regardless of the value of $MODULES, as 1/ LUKS2
+is the default LUKS header format version; and 2/ we can't check at
+initramfs creation time whether there are LUKS2 devices to be opened at
+early boot stage (detached headers might not be present then).
+Closes: #929616.
+
+  [Jonathan Dowland]
+  * Update package descriptions to reflect the move of luksformat from
+cryptsetup-bin to cryptsetup-run. Closes: #928751.
+
+ -- Guilhem Moulin   Tue, 28 May 2019 17:04:16 +0200
+
 cryptsetup (2:2.1.0-3) unstable; urgency=medium
 
   * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
diff -Nru cryptsetup-2.1.0/debian/control cryptsetup-2.1.0/debian/control
--- cryptsetup-2.1.0/debian/control 2019-04-30 21:20:47.0 +0200
+++ cryptsetup-2.1.0/debian/control 2019-05-28 17:04:16.0 +0200
@@ -51,6 +51,9 @@
  automatically configuring encrypted devices at boot time via the config
  file /etc/crypttab. Additional features are cryptoroot support through
  initramfs-tools and several supported ways to read a passphrase or key.
+ .
+ This package provides the cryptdisk_start and stop wrappers and
+ luksformat.
 
 Package: cryptsetup-bin
 Architecture: linux-any
@@ -61,7 +64,8 @@
  device mapper target dm-crypt. It features integrated Linux Unified Key
  Setup (LUKS) support.
  .
- This package provides cryptsetup, cryptsetup-reencrypt and luksformat.
+ This package provides cryptsetup, cryptsetup-reencrypt, integritysetup
+ and veritysetup.
 
 Package: cryptsetup-initramfs
 Architecture: all
diff -Nru cryptsetup-2.1.0/debian/initramfs/hooks/cryptroot 
cryptsetup-2.1.0/debian/initramfs/hooks/cryptroot
--- cryptsetup-2.1.0/debian/initramfs/hooks/cryptroot   2019-04-30 
21:20:47.0 +0200
+++ cryptsetup-2.1.0/debian/initramfs/hooks/cryptroot   2019-05-28 
17:04:16.0 +0200
@@ -441,6 +441,10 @@
 CRYPTO_MODULES="${CRYPTO_MODULES:+$CRYPTO_MODULES }aesni"
 fi
 
+# add userspace crypto module (only required for opening LUKS2 devices
+# we add the module unconditionally as it's the default format)
+CRYPTO_MODULES="${CRYPTO_MODULES:+$CRYPTO_MODULES }algif_skcipher"
+
 if [ "$MODULES" = most ]; then
 for d in "$MODULESDIR"/kernel/arch/*/crypto; do
 copy_modules_dir "${d#"$MODULESDIR/"}"
@@ -449,7 +453,7 @@
 else
 if [ "$MODULES" != "dep" ]; then
 # with large initramfs, we always add a basic subset of modules
-add_crypto_modules aes algif_skcipher cbc chainiv cryptomgr krng 
sha256 xts
+add_crypto_modules aes cbc chainiv cryptomgr krng sha256 xts
 fi
 

Bug#929827: linux-image-4.19.0-5-amd64: subject.txt

[Helge Konetzka]

Package: src:linux
Version: 4.19.37-3
Severity: normal

Dear Maintainer,

running linux-image-4.19.0-5-amd64, 
it isn't possible to unload the module nouveau correctly.

* What led up to the situation?

Successfully loading nouveau in multi-user mode after boot.

* What exactly did you do (or not do) that was effective (or
 ineffective)?

Unloading the module 5s after loading.

* What was the outcome of this action?

After unloading, the module still is loaded but won't work anymore.
A stacktrace is shown caused by a general protected fault.

A complete shutdown isn't possible anymore, too.
The screen stays on. The screen shows:

[ OK ] Reached target shutdown
watchdog: watchdog0: watchdog did not stop!
... (some further lines)

My machine is a Lenovo Thinkpad T530 (with Nvidia Optimus).

Here's my command sequence to load and unload nouveau in multi-user mode:

root@debiantogo:~# lsmod | grep nouveau

root@debiantogo:~# modprobe -v nouveau
insmod /lib/modules/4.19.0-5-amd64/kernel/drivers/gpu/drm/ttm/ttm.ko 
insmod /lib/modules/4.19.0-5-amd64/kernel/drivers/platform/x86/mxm-wmi.ko 
insmod /lib/modules/4.19.0-5-amd64/kernel/drivers/gpu/drm/nouveau/nouveau.ko 

root@debiantogo:~# lsmod | grep nouveau
nouveau  2166784  0
mxm_wmi16384  1 nouveau
ttm   126976  1 nouveau
i2c_algo_bit   16384  2 i915,nouveau
drm_kms_helper200704  2 i915,nouveau
drm   483328  5 drm_kms_helper,i915,ttm,nouveau
wmi28672  3 wmi_bmof,mxm_wmi,nouveau
video  45056  3 thinkpad_acpi,i915,nouveau
button 16384  1 nouveau

root@debiantogo:~# modprobe -v -r nouveau
rmmod nouveau

root@debiantogo:~# lsmod | grep nouveau
nouveau  2166784  -1
mxm_wmi16384  1 nouveau
ttm   126976  1 nouveau
i2c_algo_bit   16384  2 i915,nouveau
drm_kms_helper200704  2 i915,nouveau
drm   483328  5 drm_kms_helper,i915,ttm,nouveau
wmi28672  3 wmi_bmof,mxm_wmi,nouveau
video  45056  3 thinkpad_acpi,i915,nouveau
button 16384  1 nouveau


-- Package-specific info:
** Version:
Linux version 4.19.0-5-amd64 (debian-ker...@lists.debian.org) (gcc version 
8.3.0 (Debian 8.3.0-7)) #1 SMP Debian 4.19.37-3 (2019-05-15)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-4.19.0-5-amd64 ro quiet 
root=UUID=0d5274b6-1a6d-4ad0-bcde-7f2ee570a400 
initrd=/boot/initrd.img-4.19.0-5-amd64 3

** Tainted: DW (640)
 * Kernel has oopsed before.
 * Taint on warning.

** Kernel log:
[  269.192268] [drm] Initialized nouveau 1.3.1 20120801 for :01:00.0 on 
minor 1
[  274.280831] [ cut here ]
[  274.280834] ida_free called for id=1090519041 which is not allocated.
[  274.280861] WARNING: CPU: 1 PID: 798 at lib/idr.c:487 ida_remove+0xc0/0x110
[  274.280863] Modules linked in: nouveau(-) mxm_wmi ttm nls_ascii nls_cp437 
vfat fat intel_rapl uvcvideo x86_pkg_temp_thermal intel_powerclamp coretemp 
videobuf2_vmalloc videobuf2_memops kvm_intel videobuf2_v4l2 
snd_hda_codec_realtek videobuf2_common cdc_mbim snd_hda_codec_generic kvm 
cdc_ncm videodev snd_hda_intel usbnet irqbypass snd_hda_codec cdc_wdm media 
cdc_acm mii iwlwifi snd_hda_core mei_wdt crct10dif_pclmul snd_hwdep 
crc32_pclmul thinkpad_acpi snd_pcm mei_me ghash_clmulni_intel mei tpm_tis 
joydev snd_timer serio_raw nvram tpm_tis_core intel_cstate cfg80211 snd pcspkr 
intel_uncore tpm soundcore iTCO_wdt pcc_cpufreq sg iTCO_vendor_support rfkill 
intel_rapl_perf rng_core ac battery evdev intel_rst wmi_bmof ip_tables x_tables 
autofs4 ext4 crc16 mbcache jbd2 crc32c_generic fscrypto ecb uas usb_storage
[  274.280938]  sd_mod i915 crc32c_intel i2c_algo_bit drm_kms_helper ahci 
libahci sdhci_pci cqhci xhci_pci libata drm sdhci e1000e firewire_ohci xhci_hcd 
mmc_core firewire_core crc_itu_t ehci_pci aesni_intel ehci_hcd i2c_i801 usbcore 
psmouse scsi_mod aes_x86_64 crypto_simd cryptd glue_helper lpc_ich wmi thermal 
usb_common video button
[  274.280975] CPU: 1 PID: 798 Comm: modprobe Not tainted 4.19.0-5-amd64 #1 
Debian 4.19.37-3
[  274.280976] Hardware name: LENOVO 24296HG/24296HG, BIOS G4ETB4WW (2.74 ) 
11/23/2018
[  274.280981] RIP: 0010:ida_remove+0xc0/0x110
[  274.280984] Code: 89 ea 48 8d 74 24 08 4c 89 e7 e8 3b 49 00 00 eb 1b 83 c3 
02 4d 89 ef 83 fb 3f 76 b3 89 ee 48 c7 c7 58 34 6c 9b e8 aa 93 97 ff <0f> 0b 48 
8b 44 24 30 65 48 33 04 25 28 00 00 00 75 2e 48 83 c4 38
[  274.280986] RSP: 0018:a4f901e3fce8 EFLAGS: 00010082
[  274.280989] RAX:  RBX: 0001 RCX: 0006
[  274.280990] RDX: 0007 RSI: 0082 RDI: 93f2ee4566b0
[  274.280992] RBP: 4101 R08: 0393 R09: 0004
[  274.280993] R10:  R11: 0001 R12: c0d410b0
[  274.280995] R13: c0d410b0 R14: 93f2ec1d7108 R15: 
[  274.280997] FS:  7fe3c27e7200() 

Bug#914694:

[Chen-Yu Tsai]

Hi,

Ran into this bug on a custom compiled 5.1.5 kernel.

iptables upstream released version 1.8.3 last week,
which includes the fix mentioned in the previous comment.
Please consider updating the package.


ChenYu

Bug#920546: dolfin: flaky autopkgtest as it times out sometimes

[Drew Parsons]

Source: dolfin
Followup-For: Bug #920546


I have a hunch the timeout problem might be related to
oversubscription of CPUs in mpi runs.

(in principle the same would apply to python MPI tests, presumeably
the python/MPI interface would "slow down" messages enough to avoid
the race condition)

I've uploaded 2018.1.0.post1-18 to print the number of available CPUs
at test time, to test if oversubscription is a plausible explanation.

Currently oversubscription is permitted at up to 2 jobs per CPU. The
demos use 3 processes each.  So if 4 CPU are available then 2 jobs
(6 processes) are run, which would be 50% oversubscribed.

If that is the case and correlates with MPI C++ timeouts, then the
next step is to strictly never oversubscribe (but if only 1 or 2 CPU
is available then the first job of 3 processes must still be
oversubscribed)

Bug#929804: gnome-maps: crash when exporting map as the image

[Saša Janiška]

Bernhard Übelacker  writes:

> And send another output of journalctl, that way the function
> names for each frame will be visible.

OK, It's in the attacment.

> Did you receive this crash always calculating the same route?

Yes,

> Does it also crash if you calculate a route between some
> other random locations?

Yes and it crashes under Wayland as well,.


Sincerely,
Gour


crash-debug.log
Description: log of the crash with debug symbols

-- 
One who sees inaction in action, and action in inaction,
is intelligent among men, and he is in the transcendental position,
although engaged in all sorts of activities.

Bug#929826: Sense limits dynamically

[積丹尼 Dan Jacobson]

Package: imagemagick-6.q16
Version: 8:6.9.10.23+dfsg-2.1

As ImageMagick does not detect how much resources the system has, but
instead relies on a hardwired file, I find the advice of
https://github.com/ImageMagick/ImageMagick/issues/396#issuecomment-319569255
is the only way to make it usable these days.