Hello, debian/mate-terminal.postinst contains this line:
x-terminal-emulator /usr/bin/mate-terminal.wrapper 30 \
That means that it "races" with lxterm for being the preferred
terminal in an installed system:
When I try to upgrade my packages it fails due to f-string in python3.4
% LANG=C sudo apt full-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly
Please unblock package expat, it fixes CVE-2018-20843 and got fixed by
Laszlo cherry-picking the upstream fix. The issue is tracked as
#931031 in the BTS:
> expat (2.2.6-2) unstable;
On Mon, Jun 24, 2019 at 10:36:31AM +0700, Nguyen Hoang Tung wrote:
> libtifiles fails to cross build because its dependency, tfdocgen package, is
> missing. Using tfdocgen:native instead of tfdocgen to cross-build can solve
> this problem.
Did you look into whether we can instead mark tfdocgen
Control: tag -1 + moreinfo
On Thu, Mar 28, 2019 at 01:14:13PM +0300, Yuriy M. Kaminskiy wrote:
> When cross-building sqlite3, it fails to detect readline: while
> actual code wants only (see src/shell.c.in),
> but configure.ac checks for ;
I am unable to reproduce this issue. The public
Please unblock package bzip2, it fixes CVE-2019-12900 (tracked as
#930886) in the BTS itself.
> bzip2 (1.0.6-9.1) unstable; urgency=high
> * Non-maintainer upload.
> * Make
Control: severity -1 wishlist
Control: retitle -1 Update GHDL packaging for newer releases
On Sun, Jun 23, 2019 at 11:57:33PM +0200, Pavel Pisa wrote:
> On Sunday 23 of June 2019 10:52:47 Jonathan McDowell wrote:
> > On Sat, Jun 22, 2019 at 12:26:36AM +0200, Pavel Pisa wrote:
> > > Source: ghdl
On Sun, Jun 09, 2019 at 08:25:37PM +0200, Paul Gevers wrote:
> Happened. Unblocked, thanks.
Hi, Paul, Niels, and Afif,
Thank you very much for taking care of this :)
I also wanted to apologise for dropping off for such a long time.
As you noticed, I was stuck with no debian-keyring update
In Bash it is possible to set a feature that runs when a command runs
called precmd to an ANSI sequence that sets a non-blinking block
cursor. This make Bash usable.
However, that fails if there is no Bash or you not have your .bashrc.
There are shell-like entitities that are needed to fix
I'm sorry if my message come out wrong, and being perceived as unfriendly.
That was not my intention, and I'm sorry that people feel that way.
Again, I was trying to say that, we were discussing the public matters that
affects the package authors, thus affects the public, and I should
Sorry it failed even with the padding, so I don't know what is failing
* Decoding a JWT signature showed that omitting the padding (as
required by one of the JWS RFC) causes a failure in base64url -d.
$ echo -n
On Tue, Jun 25, 2019 at 10:46:37AM +0900, Mike Hommey wrote:
> On Thu, Jun 13, 2019 at 05:03:33PM +0200, Olivier Tilloy wrote:
> > Ubuntu is also affected (all supported releases, from 16.04 to 19.10,
> > builds are being done in
On 6/25/19 8:26 AM, Shengjing Zhu wrote:
>>> Well, after adding this func back, the tests run and the host doesn't
>>> However the tests still can't pass in schroot, the log says:
>>> Short version: these tests need privileged permission.
>> And your schroot doesn't
On 6/23/19 5:09 PM, Paul Gevers wrote:
>> + * Non-maintainer upload.
> This I worries me. Apparently Arnaud didn't consider it appropriate to
> upload the patch and I don't see an ACK from any of the maintainers. In
> my opinion, trying to save docker.io for buster isn't appropriate via a
On Thu, Jun 13, 2019 at 05:03:33PM +0200, Olivier Tilloy wrote:
> Ubuntu is also affected (all supported releases, from 16.04 to 19.10,
> builds are being done in
> I don't have a workaround, but here are some data
On Mon, Jun 24, 2019 at 09:08:07PM +0200, Paul Gevers wrote:
> > The bug is not from upstream. Previously a file was removed from
> > upstream tarball, named engine/pkg/chrootarchive/archive_test.go, which
> > has an important init func:
> Are you saying this file is only needed for
On Thu, Jun 20, 2019 at 07:17:26AM +0200, Olivier Tilloy wrote:
> I am attaching a patch for skcms that fixes the firefox build on s390x
> and i386. Not submitted upstream yet.
Note that mips and mipsel are affected as well.
Please unblock package musescore
I’ve found out, from Sunday’s dev chat discussion, that MuseScore
connects to upstream’s webserver on startup (#931021), and we
generally don’t like
forwarded 931024 https://github.com/rackerlabs/kthresher/issues/80
On 6/24/19 7:11 PM, Julian Andres Klode wrote:
> Package: kthresher
> Severity: normal
> User: de...@lists.debian.org
> Usertags: apt-1.9.0
> According to codesearch.d.n, kthresher contains trhe line:
On Sat 2019-06-22 20:51:00 +0200, Paul Gevers wrote:
> On Tue, 14 May 2019 06:18:31 + Daniel Kahn Gillmor
>> gnupg2 (2.2.13-2) unstable; urgency=medium
>>* Correct gpg-wks-server manpage (Closes: #927431) Thanks, ju xor!
>>* Fix handling private keys with
X-Debbugs-CC: bir...@rantanplan.org, ja...@ivyleav.es
Control: forcemerge -1 930898
Hi Birger !
Thanks for your interest in getting conmon packaged. :)
Jamie (in CC) and myself are also interested in seeing it land in Debian, as
it's a dependency of podman (that we are packaging), and started
While comparing builds of musescore -6 and -7 I found unexpected
changes in the PNG files that are installed, they change the tIME
chunk to, apparently, the changelog time:
X-Debbugs-CC: only...@debian.org, ja...@ivyleav.es
Hi Dmitry !
Thanks for your interest in getting podman packaged. :)
Jamie (in CC) and myself are also interested in seeing podman land in Debian,
started working towards this, and made podman-team on Salsa.
Sorry for only informing you now,
On Tue, Jun 25, 2019 at 12:17:20AM +0100, Steve McIntyre wrote:
>The grub-efi-amd64-signed package recommends shim-signed, but the
>equivalent grub-efi-ia32-signed and grub-efi-arm64-signed packages are
>missing the same
The grub-efi-amd64-signed package recommends shim-signed, but the
equivalent grub-efi-ia32-signed and grub-efi-arm64-signed packages are
missing the same Recommends:
Simple tweak needed to the signing-template, MR ready as soon
On Tue, 25 Jun 2019 00:44:00 +0200 Alberto Garcia wrote:
> Ah I see, you're running Stretch with a backport of 2.24.2-1.
> In the meantime you can roll back to 2.22.7-1_bpo9+1, that one should
> not crash.
I didn't even notice the backported packages were installed and I'm not
tg@caas:~ $ ftp ftp.upload.debian.org
Connected to usper.debian.org.
220 ftp.upload.debian.org FTP server
Name (ftp.upload.debian.org:tg): ftp
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
On Tue, Jun 25, 2019 at 08:15:49AM +1000, Iris (Delta) wrote:
> > I just uploaded webkit2gtk 2.24.2-2, this should fix your
> > problem. I'd appreciate if you can confirm it.
> > libwebkit2gtk-4.0-37.
> This is a Stretch
On Mon, 24 Jun 2019 21:56:00 +0200 Alberto Garcia wrote:
> On Mon, Jun 24, 2019 at 09:41:27PM +1000, Iris (Delta) wrote:
> > On Mon, 24 Jun 2019 11:35:52 +0200 Alberto Garcia
> > >
> > > I suppose this won't solve the problem, but can you try to set these
> > > evironment variables (or
I am looking for a sponsor for my package "dhelp"
Package name : dhelp
Version : 0.6.26
License : GPL-2
Section : doc
It builds those binary packages:
dhelp - online help system
To access further information
After original repository signal11/hidapi was no longer maintained, it was
decided to host the fork in libusb organization:
In this new repository the development is continued and recently version 0.9.0
I seriously don't get why a metapackage for "parliamentary work" needs
to depend on libreoffice-ogltrans. Probably just because it includes
the presentation class of boxer-data and that includes it :/
This needs go away. See the eact
$ grep -ri ogltrans *
CHANGES:837f15f Fix exclude only software rasterizer: Include gvfs (fixing disk
hot-plug detection) mplayer2 and libreoffice-ogltrans. Include recommendations
Followup-For: Bug #904518
are the any news here?
SPDX-License-Identifier usage seems to be quite significant already.
-- System Information:
Great news, thanks for stepping in :-) The VCS repository is at
https://salsa.debian.org/pkg-privacy-team/pdf-redact-tools. Please let me know
if you need anything else.
On 6/24/19 11:12 PM, Kunal Mehta wrote:
> On Mon, 11 Mar 2019 18:23:15 +0100 Loic Dachary wrote:
Control: tags -1 patch
On Mon, Jun 24, 2019 at 03:52:16PM +0200, Bernhard Übelacker wrote:
> Attached patch calls EC_KEY_dup just in case of a not null key.
> With packages rebuilt in Stretch and Buster with this
> patch applied, the same crash does not manifest and a multiplayer
On Mon, 11 Mar 2019 18:23:15 +0100 Loic Dachary wrote:
> pdf-redact-tools is one of many tools journalists need to protect the
> anonymity of their sources. Despite my desire to maintain the package and my
> best efforts, I do not feel safe within Debian to do so. I kindly ask someone
On Mon, Jun 24, 2019 at 01:05:13PM +0200, Erik Schanze wrote:
> Hi all,
> this is OK for me, Because Upstream (ESR) changed programming language to
> "GO" recently (3.0.0) and this is not my cup of tea.
> I decided to orphan it, but popcorn count is low, so it should be removed.
thank you very much for your testing. Indeed the bug required more
fixing than what I did.
I did follow your steps for reproducing it, and now I have a new
package that fix it. If you want to try it, please fetch it here:
Found this bug that seems to be related:
There, the kernel option "i915.fastboot=1" is suggested to solve the problem.
I tried this on my system and it solved the problem.
Tags: security upstream
The following vulnerability was published for expat.
| In libexpat in Expat before 2.2.7, XML input including XML names that
| contain a
Control: tags -1 +forwarded
Control: forwarded -1 https://github.com/andikleen/lz4json/pull/12
On Mon, Jun 24, 2019 at 05:36:08PM +0200, Helmut Grohne wrote:
> lz4json fails to cross build from source, because it does not pass cross
> tools to make. Using dh_auto_build partially fixes that, but
Yes, I suppose it's a performance wishlist bug. But really there is no
reason for it to use stdio formatting; really the zero-padded case is
no harder to do with direct ascii manipulation than the
non-zero-padded case. (Also GCC should specialize and optimize the
stdio calls, i.e., partially
On 23/06/19 18:05, Barak A. Pearlmutter wrote:
> Package: coreutils
> Version: 8.30-3
> Severity: normal
> Was using seq to write some data to test that a cheapo enormous SD card
> isn't faking its capacity. Thought I'd use seq --equal-width just to
> make calculations easier. But jeepers
Failure to create the session is almost certainly the reason why the
processes are in wrong slice.
Note that the PID that is in journald is PID of the process who
connected to journald obtained via getpeercred. If it forks and the fd
is passed to another process, the logs will misreport the
* Package name: sfxr-qt
Version : 1.2.0
Upstream Authors: Tomas Pettersson
* URL : https://github.com/agateau/sfxr-qt
* License : MIT
Description : sound effect generator, QtQuick port
On Mon, Jun 24, 2019 at 09:41:27PM +1000, Iris (Delta) wrote:
> On Mon, 24 Jun 2019 11:35:52 +0200 Alberto Garcia wrote:
> > I suppose this won't solve the problem, but can you try to set these
> > evironment variables (or a combination thereof) and see if it works?
Hi Release Team,
Please unblock package fence-agents. Valentin Vidic has backported the
fix to address CVE-2019-10153 (#930887):
> fence-agents (4.3.3-2) unstable; urgency=high
On Mon, Jun 24, 2019 at 02:03:11PM +0200, wf...@niif.hu wrote:
> According to https://security-tracker.debian.org/tracker/CVE-2019-10153,
> the vulnerable code is not present in stretch. However, I don't
> understand why this does not count:
On 24-06-2019 00:28, Shengjing Zhu wrote:
> Now, with good reason...
> It tooks me enough hours today to figure out why the tests crash the host(as
> described in #929662, running out of pids).
> The bug is not from upstream. Previously a file was removed from
On Mon, 24 Jun 2019 09:34:17 +0200 Giuseppe Sacco
> Hello Thorsten, Voip, and Jacob,
> I think the problem has been solved in version 1.1.27, currently in
> unstable. I would really appreciate if you could test it, as well as I
> If this package passes your tests, I will ask for
creating, opening and closing a new tomb by
tomb dig -s 20 x.tomb
tomb forge --unsafe --use-urandom --tomb-pwd x x.key
tomb lock --unsafe --tomb-pwd x -k x.key -o aes-xts-plain64 x.tomb
I am on vacation for the next two weeks, please can someone else deal with the
Due to Firefox we updated/unblocked rustc 1.34.2 for Debian Testing (and the
next Debian Stable) release.
This causes two FTBFS bugs for crates which no longer build on rustc 1.34.2:
- #931002 coresimd
I am looking for a sponsor for my package "apt-transport-in-toto"
* Package name: apt-transport-in-toto
Version : 0.1.0
Upstream Author : in-toto developers
* URL :
How comes that this patch hasn't made it into Buster?
Got trapped in the systemd vs no-systemd debate instead
of providing a good package?
According to codesearch.d.n, kthresher contains trhe line:
"kernel" in pkg.section and re.match(kernel_image_regex, pkg_name)
The use of the section on packages has been deprecated ages ago, as
Version 1.6.0 is available :-)
Please unblock package libpaper
1.1.26 has a circular dependency in debian/rules that skips
the creation of an important file: libpaper1.config.
The new package fixes this problem and make
On Mon, 24 Jun 2019 10:11:21 +0700, Nguyen Hoang Tung wrote:
> Source: libcrypt-openssl-dsa-perl
> Version: 0.19
> Severity: normal
> Tags: patch
> User: helm...@debian.org
> Usertags: rebootstrap
> libcrypt-openssl-dsa-perl fails to cross build because it does not
So it looks like there's a new recon-ng working with Python 3 that is
hosted in github and that is not picked up by uscan due to
Control: tags -1 - wontfix
Control: reopen -1
On 20.06.19 13:54, Paul Gevers wrote:
> Control: tags -1 wontfix
> Control: close -1
> Hi Matthias,
> On 06-06-2019 12:01, Paul Gevers wrote:> doko, I know you are
> maintaining quite some key packages, so extra work> is probably not what
severity 930563 important
Downgrading severity since this issue is not "rendering it completely
unusable to everyone."
control: tag -1 -patch +pending
On Mon 29 Apr 2019 at 11:16am -0700, Sean Whitton wrote:
> I've written a patch to add a footnote with a list of licenses that are
> thought not to require the copying of all copyright notices into
> Debian's copyright file.
> This does not need
notfound 931021 musescore-snapshot/3.1+dfsg1-1
> Bugreport for myself and for release tracking.
MuseScore 3, which is currently sitting in experimental, intending to
hit sid after the release, is NOT affected; disabling the web centre
thingy seems to suffice.
On 6/20/19 8:42 PM, Sébastien Béhuret wrote:
> Package: hdparm
> Version: 9.58+ds-1
> Severity: serious
> Dear Maintainers,
> In this version of hdparm, a new option 'force_spindown_time' was
> introduced to set the spindown time for disks that don't support APM.
> This option is supposed
Justification: phones home
Bugreport for myself and for release tracking.
Dear release team, please indicate whether this is buster release-critical,
I will try to fix it later tonight.
On first startup, MuseScore
Hi Shengjing Zhu (et al)
I've just (finally) attempted to reproduce this on my Buster host, but
could not on this attempt. Libvirtd did not change my ip_forward setting
from 0 to 1 in the test, but I had to do so manually to re-enable VM
networking outside of the host (I don't think I did this
This was solved by:
apt autoremove virt-manager --purge
apt install virt-manager
I do not see this issue on my laptop. I think it was a fluke issue.
Thanks for your time,
Sent from my Android device with K-9 Mail. Please excuse my brevity.
A version of this was reviewed and went out on the Java team blog a
while ago, before FOSDEM.
Emmanuel Bourg wrote:
> Hans-Christoph Steiner wrote:
> Some comments on the post:
>> Include a build target in your build system that builds using only
>> libraries in Debian.
> I don't think
Tags: patch upstream
padthv1 fails to cross build from source, because configure.ac fails to
consider $ac_tool_prefix when checking for qmake. The attached patch
fixes that and makes padthv1 cross buildable.
lz4json fails to cross build from source, because it does not pass cross
tools to make. Using dh_auto_build partially fixes that, but the
upstream Makefile still hard codes pkg-config. The attached patch
Please add Breaks: webpack (<< 4.28.3~) as node-acorn 6 gets installed
otherwise in experimental (experienced when trying to build
node-dagre-d3-renderer in salsa).
Thanks for the work and for taking the time to get the bug updated with
While I think it would be fine to get an update built with python3.7 in
experimental I think it's fair to hold a bit and get some of the issues
fixed upstream, hopefully 8.01 is in a better
While working on automatic installation of virtualbox-guest-dkms in
debian-installer when running in VirtualBox VM, I have discovered
that the package installation would break debian installer.
Please unblock package spacenavd
spacenavd was no longer working properly due to a subtle change in kernel
behaviour. This was reported in #916610 and fixed by applying the
On Mon, Jun 24, 2019 at 10:46:07AM -0400, Joe B. McEntire wrote:
> Package: virt-manager
> Version: 1:2.0.0-3
> Severity: important
> Dear Maintainer,
>* What led up to the situation? Attempted to create a new VM
>* What exactly did you do (or not do) that was effective (or
* What led up to the situation? Attempted to create a new VM
* What exactly did you do (or not do) that was effective (or
ineffective)? Clicked the new VM button
* What was the outcome of this action?
I am looking for a sponsor for my package "python-securesystemslib".
* Package name: python-securesystemslib
Version : 0.11.3-1
Upstream Author : NYU Secure Systems Lab
* URL :
Control: tag -1 +pending
On Mon, Jun 24, 2019 at 10:25:11AM +0700, Nguyen Hoang Tung wrote:
> libpam-encfs fails to cross build because it does not pass cross build tools
> to make. Adding /usr/share/dpkg/buildtools.mk, using "dh_auto_build" instead
> of "$(MAKE) and re-defining the linkers
I am looking for a sponsor for my package "python-in-toto"
* Package name: python-in-toto
Version : 0.3.0-1
Upstream Author : NYU Secure Systems Lab
* URL : https://in-toto.io
* License :
I just tried to help triaging this bug.
This bug manifests in current Stretch/9.9 and
also in Buster/testing.
In the call to function setMultiStats a temporary
PLAYERSTATS object gets constructed from the
reference returned by getMultiStats.
Therefore the copy constructor of
Control: tags -1 patch pending
On Mon, Jun 24, 2019 at 10:29:56AM +0200, Alberto Garcia wrote:
> 2) Build with SSE2 completely disabled (using WTF_CPU_UNKNOWN, or
>somethig else, I'm still discussing this with the team).
Ok, this patch disables SSE2 and forces Webkit to use CLoop, the
I'd like to request gradle/4.4.1-6 to be unblocked. When fixing the gradle
package to work with OpenJDK 11 we mistakenly broke the compatibility with
OpenJDK 8 (#925225). Even if
Thank you for packaging jsonnet for Debian.
The C++ library libjsonnet++.so is missing from the current packaging.
It is needed in order to use the libjsonnet++.h header which is included
in the packaging.
I guess the reason libjsonnet++.so was not
When xpdf fails on startup (e.g. because the PDF file provided in
the command line is invalid or not supported), it does not show an
error message. Error on stderr is not sufficient because it may not
Firefox is affected by this issue:
* Package name: tensorwatch
Version : 0.8.3
Upstream Authors: Microsoft Corporation. All rights reserved.
* URL : https://github.com/microsoft/tensorwatch
* License : MIT
Description : Debug, monitor and visualize for
> Some of tags have too much false-positive rate, and some of them are not
> worth spending time. Here is incomplete list:
Neat. So, I think there are three categories here.
Firstly, tags that you feel are too high priority are likely worth
discussing in terms of adjusting that
Quoting Philipp Kern (2019-06-23 15:14:34)
> On 2019-06-21 07:51, Trek wrote:
> >> If _apt deserves a special solution, I would suggest assigning the
> >> _apt user a static uid instead of patching debootstrap.
> > it seems to me the simplest approach, from a technical point of view,
Emails read using the WebApp do not correctly save read/unread status. This has
been fixed upstream (BUG: https://jira.kopano.io/browse/KC-1444, Release:
https://kopano.com/releases/kopano-releases-may-2019/). From the release page
above, the problem
The listed URL for the external resource (homepage) for ghkl does not appear to
be functional, and simply directs back to the institutional home page
Specifically, the listed URL:
On Thu, Jun 20, 2019 at 12:05AM, Emanuele Olivetti wrote:
> Indeed, I'll be very happy to test git-annex!
Could you please test git-annex version 7.20190129-3+b1 from unstable?
I wanted to know more about the package's context and use cases.
The mentioned Home page has gone, only available at web.archive.org (and
maybe similar services).
With some research I found
I would like to ask if the following two can be added to
CHECK_RCPT_LOCAL_LOCALPARTS and / or CHECK_RCPT_REMOTE_LOCALPARTS
^.*x24 : ^.*0.44
Moritz Muehlenhoff writes:
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=1716286
According to https://security-tracker.debian.org/tracker/CVE-2019-10153,
the vulnerable code is not present in stretch. However, I don't
understand why this does not count:
On Sun, Jun 09, 2019 at 01:48:58PM +0200, Salvatore Bonaccorso wrote:
> On Sat, Jun 08, 2019 at 06:29:24PM +0200, Salvatore Bonaccorso wrote:
> > Notes on possible CVE/list splits
> > -
> After a face-to-face conversation with Daniel, Daniel
* What led up to the situation?
While trying to implement input grabbing, I noticed that the plugin
source files are duplicated:
- once in /usr/share/mate-menu/plugins
- once in
Bug 930999 on nova-common is also needed to get openstack-deploy
all-in-one be fully automatic
On Mon, 24 Jun 2019 11:35:52 +0200 Alberto Garcia wrote:
> I suppose this won't solve the problem, but can you try to set these
> evironment variables (or a combination thereof) and see if it works?
These resulted in no changes.
I also cannot
I tried to build this package in buster but it failed:
dh build-arch --buildsystem cargo
1 - 100 of 139 matches
Mail list logo