Bug#1070867: lists.debian.org: debconf25-team

[Daniel Lange]

Why don't you just use debconf-team? You are welcome to discuss there.

Bug#1057714: htop: newlines in cmdline rendered as U+FFFD

[Daniel Lange]

Control: forwarded -1 https://github.com/htop-dev/htop/issues/1346

You found two issues here, which we track upstream as

https://github.com/htop-dev/htop/issues/1345 and
https://github.com/htop-dev/htop/issues/1346

Thank you very much for submitting your bug report.

/DLange

Bug#1057466: htop: CPU limit Regression in htop 3.2.2 caused by patch in deb package (?)

[Daniel Lange]

Am 05.12.23 um 17:43 schrieb Claudio Kuenzler:
I guess I fail to see the reason why this patch (removing LXC handling) 
was implemented. What was the bug being the reason to apply this patch?


The processors shown were not necessarily the ones running the load, 
easily seen by not matching temp and speed measurements.

Bug#1057466: htop: CPU limit Regression in htop 3.2.2 caused by patch in deb package (?)

[Daniel Lange]

The rationale is given on top of the patch that you found 
(001_remove_lxc_special_handling.patch) and the matching commit




We don't have any better LXC handling, so I opted for showing the 
reality (visible CPUs that the container cannot schedule load on) over 
the bugs we had otherwise.


You created upstream #1332 but did not try the latest htop main branch, 
did you? I suspect it will be the same but would be nice to confirm.
NB: There has been some improvements in the cgroup name handling for LXC 
since the 3.2.2 release.

Bug#1034145: htop: Sort does not work?

[Daniel Lange]

Am 10.04.23 um 13:00 schrieb ael:

Using F6/sort option, I find that the list is usually sorted by PID
regardless of whetehr I have chooseb other choices. I usually want a
sort by CP usage or Memory.

This seems to be a problem with the user interface: ncurses?. Using the -s 
option
as in
$ htop -s PERCENT_CPU
it sorts as expected.


Can you delete / move away your ~/.config/htoprc (which htop is not 
running) and try again?


On Debian testing, same versions, I cannot reproduce the issue at the 
moment.

Bug#1008727: bpftrace still does not work with probe offsets

[Daniel Lange]

Package: bpftrace
Version: 0.14.1-2
Severity: normal


root@debiansid:~# bpftrace --version
bpftrace v0.14.1

root@debiansid:~# bpftrace --info
System
  OS: Linux 5.16.0-6-amd64 #1 SMP PREEMPT Debian 5.16.18-1 (2022-03-29)
  Arch: x86_64

Build
  version: v0.14.1
  LLVM: 13.0.1
  ORC: v2
  foreach_sym: yes
  unsafe uprobe: no

  bfd: no
 ^
 This would have to be yes if the dependency on libbfd-dev had been 
picked up properly.


 [...]

HAVE_BFD_DISASM does not seem to be set in cmake during build despite 
the work in #975867 (add libbfd-dev as build dep).


I.e. this still results in errors like:

ERROR: Can't check if uprobe is in proper place (compiled without 
(k|u)probe offset support): /root/hello:main+19

Bug#1004582: htop: New upstream release (3.1.2, 2021 Nov 30)

[Daniel Lange]

Am 30.01.22 um 20:13 schrieb Florian Ernst:

| * Rework the libsensors parsing on Linux
which fixes


https://github.com/htop-dev/htop/issues/806
and
https://github.com/htop-dev/htop/issues/863
are the reasons I have not updated htop in sid yet.
Waiting for these to get fixed.

Bug#889632: --nice works just --dry-run was changed to behave differently

[Daniel Lange]

Testing with a `sleep 60` shows the nice level to be set correctly.
Just --dry-run doesn't show command prefixes any more.

(tested with the latest upstream as I looked at the source due to #915541)

Bug#273323: scripting solution

[Daniel Lange]

This works reasonably well:

curl "https://www.debian.org/social_contract.en.html; |\
sed '/^/,/^<\/div> /{//!b};d' |\
pandoc -f html -t latex -V geometry:a4paper,margin=2cm -o social_contract.pdf

Bug#782636: Upstreamed, will be in future htop 3.1.0 (not yet released)

[Daniel Lange]

Control: outlook -1 htop 3.1.0 will contain this feature

Hey Stephane,

I just wanted to point out

https://github.com/htop-dev/htop/pull/627

that has been merged upstream.

The next htop release will be 3.1.0 and contain this (and lots more).

Best regards,
Daniel

Bug#983352: htop: Hardware dependent?

[Daniel Lange]

Control: forwarded -1 https://github.com/htop-dev/htop/issues/529

Am 22.02.21 um 22:43 schrieb rv:

Hope I'm not spamming...


Your bug report is of high quality and thus definitely not spam.

But you had already found the upstream bug report and reported your info 
there, too.
That is more useful than a Debian bug as there is nothing we can do 
about this via packaging htop better.


After the bullseye release there will be more users with VIA Eden or AMD 
Phenom processors where htop does currently not show temperatures. So 
may be they find this bug and not create duplicates. We can always hope :).

Bug#980731: htop: Please switch Build-Depends to libsensors-dev (from libsensors4-dev)

[Daniel Lange]

Control: tags -1 + pending
Control: outlook -1 will be fixed in 3.0.5-3

Hi Aurélien,

thanks for the heads-up.

This has been fixed in

https://salsa.debian.org/debian/htop/-/commit/a2c3cef0dfdefe2d12b25c185f33f80d0a17068f

which should be in the next upload (3.0.5-3), likely before the soft freeze 
kicks in and affects migrations.

Kind regards,
Daniel


Am 21.01.21 um 08:09 schrieb Aurelien Jarno:
> Package: htop
> Version: 3.0.3-2
> Severity: wishlist
> User: aure...@debian.org
> Usertags: libsensors-dev-transition
> 
> Dear maintainer,
> 
> ukui-panel build-depends on libsensors4-dev, the development package
> from lm-sensors. For historical reasons the development package is
> versioned. Following the transition of the library to libsensors5, it
> made sense to rename the development package to libsensors-dev.
> 
> In that regard a libsensors4-dev is now a transitional package depending
> on libsensors-dev. Your package therefore still builds fine. I plan to
> remove this transitional package a bit after the bullseye release, so
> there is no urgency (yet) to do the change, especially with the freeze
> coming. I however prefer to warn a bit in advance. The change should
> just be a matter of running:
> 
>sed -i -e 's/libsensors4-dev/libsensors-dev/g' debian/control
> 
> Thanks,
> Aurelien
> 

Bug#961097: htop: segfaults after ^Z+fg on x32

[Daniel Lange]

severity 961097 minor
user debian-...@lists.debian.org
usertag 961097 port-x32
--

Nab,

thank you very much for submitting that.
As it's a x32 issue, I have added the appropriate usertag.
It's an unofficial port and has lots of alignment / struct size issues 
which may be the case here as well.


Let's see whether the x32 team pick it up.

Best regards,
Daniel

Bug#765854: eCryptfs in Buster / Bullseye (bug #765854, #936465)

[Daniel Lange]

Hi folks,

we have the issue that eCryptfs has not made it into Buster and has 
fallen out of testing due to bug #765854.


To me it seems the most easy solution is from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765854#107
as non-interactive logins don't have any passphrase to unlock an 
encrypted home dir anyways.


Additionally we have #936465 now (Python2 dependency).
This is tracked upstream at
https://bugs.launchpad.net/ecryptfs/+bug/1871236

So questions:

@Martin, Dustin:
Is there still upstream support for eCryptfs?
I.e. will you resolve the LP bug linked above?
libecryptfs.py is just a SWIG generated wrapper.
So this probably trivial. But somebody that actually uses the 
python-bindings would be needed to test.


Any comments on the best solution from the ones offered in Debian bug 
#765854?


@Laszlo, Julian:
Do we want to get eCryptfs back into Bullseye so Stretch users can 
upgrade there (or may be document a work-around with testing packages, 
or we do a stable update for these folks)?

I'd really like to offer a solution to users of eCryptfs in Debian.

Some data from popcon:

Package Users
--- -
ecryptfs-utils   1278
libecryptfs1 1122
python-ecryptfs16

Kind regards,
Daniel

Bug#945580: lists.debian.org: Please add anisa@dc.o to debconf-sponsors-team@l.d.o

[Daniel Lange]

Package: lists.debian.org
Severity: wishlist
User: lists.debian@packages.debian.org
Usertags: newlist

Please add

an...@debconf.org

to the debconf-sponsors-team mailing list.

Thanks,
Daniel



signature.asc
Description: OpenPGP digital signature

Bug#940251: lists.debian.org: Please add three additional people to debconf-sponsors-team@l.d.o

[Daniel Lange]

Package: lists.debian.org
Severity: wishlist
User: lists.debian@packages.debian.org
Usertags: newlist

Please add

kap...@debian.org
tzaf...@debian.org
kar...@campus.technion.ac.il

to the debconf-sponsors-team mailing list.

I double checked the existing subscribers (thanks for the list Don!)
and they are all still valid to be kept.

Thanks,
Daniel

Bug#933324: htop: Process names update incorrectly if the new name is shorter

[Daniel Lange]

Control: forcemerge 933065 -1

This has already been reported as #933065.
Please try to not create duplicate bug reports.

Thanks,
Daniel

Bug#933065: htop: Old process name bleeds through when “Update progress names” is checked

[Daniel Lange]

Control: tags -1 + patch
Control: forwarded -1 https://github.com/hishamhm/htop/pull/812

Am 26.07.19 um 12:00 schrieb Willem Mulder:

Package: htop
Version: 2.2.0-1+b1
Severity: minor

Dear Maintainer,

When the box “Update process names on every refresh” is checked and the
new name of a process is shorter than the old name, the old name ‘bleeds
through’.

This was caused by failing to insert a NULL byte, and has already been
fixed upstream in https://github.com/hishamhm/htop/pull/812.


Thank you very much for the report.

Greetings from Curitiba where DebConf19 is currently taking place
Daniel

Bug#897047: Fedora has the background story and timeline

[Daniel Lange]

https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/thread/EC6I35ILFICKY5W5XTHYJC6UH36B2UQS/

Thursday, 2018-04-19 seems to be the license change date

Bug#908678: Split file repo v2

[Daniel Lange]

as requested in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908678#139
we have created a data/CVE/.list repo ("v2") during MiniDebConf HH

It is mirrored at Salsa:
https://salsa.debian.org/dlange/debian_security_security-tracker_split_files_v2

Bug#908678: Update on the security-tracker git discussion

[Daniel Lange]

Am 06.06.19 um 07:31 schrieb Salvatore Bonaccorso:

Could you again point me to your splitted up variant mirror?


https://git.faster-it.de/debian_security_security-tracker_split_files/

Bug#928938: cronic: Add option to report on return status only

[Daniel Lange]

Hi Dave

Am 13.05.19 um 18:46 schrieb Dave Page:

We have locally patched our cronic to support an option, -r, which will
cause cronic to only generate a report if the return code is nonzero,
even if there is STDERR output. We submit it for your consideration.


Thank you very much for sharing your patch and the rationale for it.

I've asked Chuck (CC), the upstream author, whether he wants to add this 
feature into his software.


Let's see what he says.

Kind regards,
Daniel

Bug#928956: Document removal of ecryptfs-utils from Buster

[Daniel Lange]

Am 14.05.19 um 08:54 schrieb Andrei POPESCU:

  * reason for removal
not essential, but it helps to understand the issue

#765854
ecryptfs cannot unmount encrypted home directories due to systemd 
keeping the pam session active even after logout.

Upstream bug https://github.com/systemd/systemd/issues/8598
A work around (user unit file) has not been implemented and tested.


  * what would be the alternative(s) available in buster

there is none


  * is there a (documented) migration path

there is none

People with ecryptfs should not upgrade to Buster or enable and pin sid 
repositories where ecryptfs-utils, libecryptfs1 and friends are still 
available and continue to work (including the unmount bug linked above).


CC'd jak (original bug submitter) and gcs (maintainer) in case they can 
add something. May be we can get the user unit file approach tested and 
if working into a point release and/or backports?

Bug#928956: Document removal of ecryptfs-utils from Buster

[Daniel Lange]

Package: release-notes
Severity: important

Due to #765854 ecryptfs-utils has been removed from Buster.
The kernel module (ecryptfs.ko) is still built but depending on the 
upgrade path users will be unable to mount their encrypted home 
directories (pam module, ecryptfs-mount-private missing).

So they should probably be strongly advised to not upgrade.

Bug#923675: Add related bug #916690 info

[Daniel Lange]

This is related to #916690.

getrandom() essentially blocks during many use cases where the system
does not have enough entropy. This is somewhat mitigated by the Debian 
kernel now trusting the RDRAND (CONFIG_RANDOM_TRUST_CPU) for AMD64 
(https://lists.debian.org/debian-devel/2019/02/msg00170.html) which has 
this CPU instruction on somewhat recent hardware. Other architectures 
and a number of virtualization setups on AMD64 are still running into 
this issue.


The Debian Installer variant of this issue is the hardest* to solve.
So I fear we're in "add it to the release notes"-land again.

For Bullseye (or a point release) we should solve the problem more 
comprehensively.


* The Debian Installer media cannot have a (carried over consecutive 
boots) seed file embedded. This makes it the hardest case to solve as 
one needs to "reach out" for entropy sources.
Downloading some random bytes from {random.org | random.debian.org} and 
feeding to the entropy pool proper (ioctl RNDADDENTROPY) would solve 
this for networked hosts, able to reach such an external entropy source. 
Of course there is an attack vector added by reaching out to the net. So 
this would need proper configurability to make it safe to use. Note: we 
cannot use cryptography to protect this ... the PRNG is the very thing 
in need of proper initialization here.
And for non-network hosts or ones shielded from the Internet and not run 
in a proper data center environment (that would probably supply a 
random.the-hoster.tld service) this will not improve the situation.


Thorsten Glaser (CC) has produced a prototype early-rng-init-tools (cf. 
https://lists.debian.org/debian-devel/2019/02/msg00327.html) which could 
be extended to try reading entropy off the network when it doesn't have 
a carried-over seed (as in the Debian Installer case).

Bug#921840: Upload necessary before March 2nd (Buster hard freeze), Bug #921840 NOAA URL -> https

[Daniel Lange]

Hoi Kees,

could you please upload a new version of Metar before March 2nd as the 
Buster hard freeze is coming up March 12 and the current delay is 10 
days for packages to transition to testing.


Bug #921840 is the related Debian bug.

If you currently don't have the time, I can NMU but you have everything 
ready in your Github repo already.


Vriendelijke groet,
Daniel

Bug#908678: Update on the security-tracker git discussion

[Daniel Lange]

Zobel brought up the security-tracker git discussion in the 
#debian-security irc channel again and I'd like to record a few of the 
items touched there for others that were not present:


DLange has a running mirror of the git repo with split files since three 
months. This is based on anarcat's scripts published previously in this 
bug. The rewriting mirror repo works flawlessly. All history is retained 
sans gpg commit signatures.


Corsac noted that "redoing the tooling is a pain" and anarcat and DLange 
iterated we are willing to help fix the tools. But we need a commitment 
from the security-team that the migration to a split file repo is 
wanted. And we need a prioritized list of tools that need to be 
split-files enabled.


The discussion iterated that "moving elsewhere" doesn't really fix the 
underlying git-usage issue. So while this would take load off salsa, it 
will not improve clone times and hamper collaboration with Debian people 
outside the security team.


Still - to gain some data - DLange tried to push the security-tracker 
repo to github. This bails out as the history contains a file > 100MB 
(hard limit for Github):


remote: error: GH001: Large files detected. You may want to try Git 
Large File Storage - https://git-lfs.github.com.

[..]
remote: error: File data/CVE/allitems.html is 111.44 MB; this exceeds 
GitHub's file size limit of 100.00 MB


So we would have to re-write history for pushing to GitHub. Commits from 
2017-12-29 that introduce "data/CVE/allitems.html" and drop it again 
would need to be modified. Technically all commits after these have to 
be re-written as well. I have not tested whether Github supports 
refs/replace substitutes which would be a work-around.


As noticeable on Salsa and per 
https://gitlab.com/gitlab-com/support-forum/issues/230 Gitlab does not 
enforce per-file size limits.
But the pain of hosting and using this repo is not really different for 
any Gitlab instance.


So that means self-hosting of a non-split-file repo would probably have 
to be on a security DSA machine or similar.


Again, as said above, discussion participants outside the security team 
would prefer a commitment to split the offending data/CVE/list file into 
annual chunks, enable the tooling and stay on salsa.

Bug#690227: Plans for Netatalk for Buster?

[Daniel Lange]

> Hi Jonas,
> 
> I was wondering what your plans are for Netatalk in Buster?
> 1) stay on 2.2.x
> 2) adopt the newer packages for 3.1.x (still maintained at
>https://github.com/adiknoth/netatalk-debian as per bug #690227)
> 3) RM netatalk

Please re-post these excellent questions to 690...@bugs.debian.org!


 - Jonas

Bug#765854: Plans for Netatalk for Buster?

[Daniel Lange]

> Hi Jonas,
> 
> I was wondering what your plans are for Netatalk in Buster?
> 1) stay on 2.2.x
> 2) adopt the newer packages for 3.1.x (still maintained at
>https://github.com/adiknoth/netatalk-debian as per bug #690227)
> 3) RM netatalk

Please re-post these excellent questions to 690...@bugs.debian.org!


 - Jonas

Bug#765854: Related systemd upstream issue

[Daniel Lange]

https://github.com/systemd/systemd/issues/8598
(Title: systemd-user doesn't properly close its PAM session)

Bug#908678: Testing the filter-branch scripts

[Daniel Lange]

Am 13.11.18 um 23:09 schrieb Moritz Muehlenhoff:
> The current data structure works very well for us and splitting the files
> has many downsides.

Could you detail what those many downsides are besides the scripts that
need to be amended?

Bug#908678: Testing the filter-branch scripts

[Daniel Lange]

> The Python job finished successfully here after 10 hours.
6h40 mins here as I ported your improved logic to the python2 version :).

# git filter-branch --tree-filter '/usr/bin/python2 /split-by-year.pyc' HEAD
Rewrite 1169d256b27eb7244273671582cc08ba88002819 (68356/68357) (24226 seconds 
passed, remaining 0 predicted)
Ref 'refs/heads/master' was rewritten

The tree-filter blows up the .git/objects store to 13G though.
But nothing a git gc can't fix.

> 
> I did some tests on the new git repository. Cloning the repository from
> scratch takes around 2 minutes (the original repo: 21 minutes).
Confirmed.

> So that's about it. I have not done a thorough job at checking the
> actual *integrity* of the results. It's difficult, considering CVE
> identifiers are not sequential in the data/CVE/list file, so a naive
> diff like this will fail:
> 
> $ diff -u <(cat 
> ../security-tracker-full-test-filtered-bis/data/CVE/list.{2019,2018,2017,2016,2015,2014,2013,2012,2011,2010,2009,2008,2007,2006,2005,2004,2003,2002,2001,2000,1999}
>  ) data/CVE/list | diffstat
>  list |106562 
> +--
>  1 file changed, 53281 insertions(+), 53281 deletions(-)
> 
> But at least the numbers add up: it looks like no line is lost. And
> indeed, it looks like all CVEs add up:
> 
> $ diff -u <(cat 
> ../security-tracker-full-test-filtered-bis/data/CVE/list.{2019,2018,2017,2016,2015,2014,2013,2012,2011,2010,2009,2008,2007,2006,2005,2004,2003,2002,2001,2000,1999}
>  | grep ^CVE | sort -n ) <( grep ^CVE data/CVE/list | sort -n  ) | diffstat
>  0 files changed
> 
> A cursory look at the diff seems to indicate it is clean, however.

I uploaded "my" version to https://people.debian.org/~dlange/
so people can poke the log and diffs and see whether there are any
issues left.

> I looked at splitting that file per CVE. That did not scale and just
> created new problems. But splitting by *year* seems like a very
> efficient switch, and I think it would be worth pursuing that idea
> forward.

The tools in bin/ would need a brush through. I.e. throw away the
unused ones and amend the ones that are used on data/CVE/* to learn
about the split files.

Bug#908678: Testing the filter-branch scripts

[Daniel Lange]

Antoine,

thank you very much for your filter-branch scripts.

I tested each:

1) the golang version:
It completes after 3h36min:

# git filter-branch --tree-filter '/split-by-year' HEAD
Rewrite a09118bf0a33f3721c0b8f6880c4cbb1e407a39d (68282/68286) (12994 seconds 
passed, remaining 0 predicted)
Ref 'refs/heads/master' was rewritten

But it doesn't Close() the os.OpenFile handles so ...
all data/CVE/list. files are 0 bytes long. Sic!

I can reproduce that just running the golang executable
against a current checkout of data/CVE/list.

# go version
go version go1.10.3 linux/amd64
(Stretch backport golang-go 2:1.10~5~bpo9+1)

2.1) the Python version
You claim #!/usr/bin/python3 in the shebang, so I tried that first:

# git filter-branch --tree-filter '/usr/bin/python3 
/__pycache__/split-by-year.cpython-35.pyc' HEAD
Rewrite 990d3c4bbb49308fb3de1e0e91b9ba5600386f8a (1220/68293) (41 seconds 
passed, remaining 2254 predicted)
  Traceback (most recent call last):
  File "split-by-year.py", line 13, in 
  File "/usr/lib/python3.5/codecs.py", line 321, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf6 in position 5463: 
invalid start byte
tree filter failed: /usr/bin/python3 /__pycache__/split-by-year.cpython-35.pyc

The offending commit is:
* 990d3c4bbb - Rename sarge-checks data to something not specific to sarge, 
since we're working on etch now.
  Sorry for the probable annoyance, but it had to be done. (13 years ago) [Joey 
Hess]

There will be many more like this, so for Python3
this needs needs to be made unicode-agnostic.

Notice I compiled the .py to .pyc which makes it
much faster and thus well usable.

2.2) Python, when a string was a string .. Python2
Your code is actually Python2, so why not give that a try:

# git filter-branch --tree-filter '/usr/bin/python2 /split-by-year.pyc' HEAD
Rewrite b59da20b82011ffcfa6c4a453de9df58ee036b2c (2516/68293) (113 seconds 
passed, remaining 2954 predicted)
  Traceback (most recent call last):
  File "split-by-year.py", line 18, in 
yearly = 'data/CVE/list.{:d}'.format(year)
NameError: name 'year' is not defined
tree filter failed: /usr/bin/python2 /split-by-year.pyc

The offending commit is:
* b59da20b82 - claim (13 years ago) [Moritz Muehlenhoff]
| diff --git a/data/CVE/list b/data/CVE/list
| index 7b5d1d21d6..cdf0b74dd0 100644
| --- a/data/CVE/list
| +++ b/data/CVE/list
| @@ -1,3 +1,4 @@
| +begin claimed by jmm
|  CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 
before ...)
|   TODO: check
|  CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) 
ip_nat_proto_udp.c in ...)
| @@ -34,6 +35,7 @@ CVE-2005-3260 (Multiple cross-site scripting (XSS) 
vulnerabilities in ...)
|   TODO: check
|  CVE-2005-3259 (Multiple SQL injection vulnerabilities in 
versatileBulletinBoard (vBB) ...)
|   TODO: check
| +end claimed by jmm
|  CVE-2005- [Insecure caching of user id in mantis]
|   - mantis  (bug #330682; unknown)
|  CVE-2005- [Filter information disclosure in mantis]

As you see the line "+begin claimed by jmm" breaks the too simplistic parser 
logic.
Unfortunately dry-running against a current version of data/CVE/list such 
errors do not show up.
The "violations" of the file format are transient and buried in history.

Best,
Daniel

Bug#913073: lists.debian.org: Please add terceiro to debconf-sponsors-team@l.d.o

[Daniel Lange]

Package: lists.debian.org
Severity: wishlist
User: lists.debian@packages.debian.org
Usertags: newlist

Please add Antonio Terceiro (terceiro@d.o) to the debconf-sponsors-team
mailing list.

Thanks,
Daniel



signature.asc
Description: OpenPGP digital signature

Bug#911059: reportbug: Behaviour on lowercase and UPPERCASE package names is inconsistent

[Daniel Lange]

Package: reportbug
Version: 7.1.7+deb9u2
Severity: normal
Control: found -1 reportbug/7.5.0

reportbug does rather not work consistently when using UPPERCASE package names, 
e.g.:

# reportbug -p WNPP
Warning: no reportbug configuration found.  Proceeding in novice mode.
Detected character set: us-ascii
Please change your locale if this is incorrect.

Using 'Daniel Lange ' as your from address.
Getting status for WNPP...
W: Unable to locate package WNPP
No matching source or binary packages.
A package named "WNPP" does not appear to be installed; do you want to search 
for a similar-looking filename in an installed
package [Y|n|q|?]? 
[..]

vs. the intended behaviour on lowercase "wnpp".

# reportbug -p wnpp

Warning: no reportbug configuration found.  Proceeding in novice mode.
Detected character set: us-ascii
Please change your locale if this is incorrect.

Using 'Daniel Lange ' as your from address.
Will send report to Debian (per lsb_release).
What sort of request is this? (If none of these things mean anything to you, or 
you are trying to report a bug in an existing
package, please press Enter to exit reportbug.)

1 ITP  This is an `Intent To Package'. Please submit a package description 
along with copyright and URL in such a report.
2 OThe package has been `Orphaned'. It needs a new maintainer as soon as 
possible.
3 RFA  This is a `Request for Adoption'. Due to lack of time, resources, 
interest or something similar, the current maintainer is
   asking for someone else to maintain this package. They will maintain it 
in the meantime, but perhaps not in the best
   possible way. In short: the package needs a new maintainer.
4 RFH  This is a `Request For Help'. The current maintainer wants to continue 
to maintain this package, but they need some help
   to do this because their time is limited or the package is quite big and 
needs several maintainers.
5 RFP  This is a `Request For Package'. You have found an interesting piece of 
software and would like someone else to maintain
   it for Debian. Please submit a package description along with copyright 
and URL in such a report.

Choose the request type: 
[..]

Now the Pseudo-package name is WNPP, not wnpp.

Similar problem:

# reportbug -p Reportbug # notice the uppercase R
Warning: no reportbug configuration found.  Proceeding in novice mode.
Detected character set: UTF-8
Please change your locale if this is incorrect.

Using 'Daniel Lange ' as your from address.
Getting status for Reportbug...
Checking for newer versions at madison...
Will send report to Debian (per lsb_release).
Querying Debian BTS for reports on Reportbug (source)...
216 bug reports found:

Bugs with severity important
1) #709862  reportbug: GTK interface crashes on continue from package 
selection
2) #711404  reportbug's GTK interface crashes if spelling dictionaries for 
the current locale are missing
3) #717563  reportbug: web access thru proxy not available
4) #848208  GUI segfaults when trying to collect system information  
[RESOLVED]
5) #849124  Reportbug 7.1.1 doesnt start (ValueError: Namespace Vte not 
available + another error)  [RESOLVED]
6) #850733  Crashes with "TypeError: GObject.__init__() takes exactly 0 
arguments (1 given)"  [RESOLVED]
[..]

vs.

# reportbug -p reportbug # notice the lowercase r
Warning: no reportbug configuration found.  Proceeding in novice mode.
Detected character set: UTF-8
Please change your locale if this is incorrect.

Using 'Daniel Lange ' as your from address.
Getting status for reportbug...
Checking for newer versions at madison...

Your version (7.1.7+deb9u2) of reportbug appears to be out of date.
The following newer release(s) are available in the Debian archive:
  testing: 7.5.0
  unstable: 7.5.0
Do you still want to file a report [y|N|q|?]? 
[..]

Reportbug should do the right thing, regardless of case.
So probably lowercasing package names given before processing.

Bug#910492: Forwarded and patched upstream

[Daniel Lange]

Control: forwarded -1 https://github.com/hishamhm/htop/issues/841
Control: tags -1 + pending patch
Control: outlook -1 bug forwarded upstream and patch available

Gong,

thank you very much for the bug report, I have forwarded and patched it
upstream. The next version in Debian will contain a fix.

Best regards,
Daniel

Bug#908678: Some more thoughts and some tests on the security-tracker git repo

[Daniel Lange]

The main issue is that we need to get clone and diff+render operations
back into normal time frames. The salsa workers (e.g. to render a
diff) time out after 60s. Similar time constraints are put onto other
rendering frond-ends. Actually you can easily get Apache to segfault
if you do not time-constrain cgi/fcgi type processes.
But that's out of scope here.

Back on topic:

Just splitting the file will not do. We need to (unfortunately)
somehow "get rid" of the history (delta-resolution) walks in git:

# test setup limits: Network bw: 200 MBit, client system: 4 core

$ time git clone https://.../debian_security_security-tracker
Klone nach 'debian_security_security-tracker' ...
remote: Counting objects: 334274, done.
remote: Compressing objects: 100% (67288/67288), done.
remote: Total 334274 (delta 211939), reused 329399 (delta 208905)
Empfange Objekte: 100% (334274/334274), 165.46 MiB | 21.93 MiB/s, 
Fertig.
Löse Unterschiede auf: 100% (211939/211939), Fertig.

real14m13,159s
user27m23,980s
sys 0m17,068s

# Run the tool already available to split the main CVE/list
# file into annual files. Thanks Raphael Geissert!
$ bin/split-by-year

# remove the old big CVE/list file
$ git rm data/CVE/list

# get the new files into git
$ git add data/CVE/list.*
$ git commit --all
[master a06d3446ca] Remove list and commit bin/split-by-year results
 21 files changed, 342414 insertions(+), 342414 deletions(-)
 delete mode 100644 data/CVE/list
 create mode 100644 data/CVE/list.1999
 create mode 100644 data/CVE/list.2000
 create mode 100644 data/CVE/list.2001
 create mode 100644 data/CVE/list.2002
 create mode 100644 data/CVE/list.2003
 create mode 100644 data/CVE/list.2004
 create mode 100644 data/CVE/list.2005
 create mode 100644 data/CVE/list.2006
 create mode 100644 data/CVE/list.2007
 create mode 100644 data/CVE/list.2008
 create mode 100644 data/CVE/list.2009
 create mode 100644 data/CVE/list.2010
 create mode 100644 data/CVE/list.2011
 create mode 100644 data/CVE/list.2012
 create mode 100644 data/CVE/list.2013
 create mode 100644 data/CVE/list.2014
 create mode 100644 data/CVE/list.2015
 create mode 100644 data/CVE/list.2016
 create mode 100644 data/CVE/list.2017
 create mode 100644 data/CVE/list.2018

# this one is fast:
$ git push

# create a new clone
$ time git clone 
https://.../debian_security_security-tracker_split_files test-clone
Klone nach 'test-clone' ...
remote: Counting objects: 334298, done.
remote: Compressing objects: 100% (67312/67312), done.
remote: Total 334298 (delta 211943), reused 329399 (delta 208905)
Empfange Objekte: 100% (334298/334298), 168.91 MiB | 21.28 MiB/s, 
Fertig.
Löse Unterschiede auf: 100% (211943/211943), Fertig.

real14m35,444s
user27m45,500s
sys 0m21,100s

--> so splitting alone doesn't help. Git is not clever enough to not run
through the deltas of not to be checked-out files.

git 2.18's git2 wire protocol could be used with server-side filtering
but that's an awful hack. Telling people to

git clone --depth 1 #(shallow)

like Guido advises is easier and more reliable for the clone use-case.
For the original repo that will take ~1.5s, for a split-by-year repo ~0.2s.

There are tools to split git files and keep the history
e.g. https://github.com/potherca-bash/git-split-file
but we'd need (to create) one that also zaps the old deltas.
So really "rewrite history" as the git folks tend to call this.
git filter-branch can do this. But it would get somewhat complex and murky
with commits that span CVE/list-year and list-year+1 which are at least 21 for
2018+2017, 19 for 2017+2016 and ~10 for previous year combos.
So I wouldn't put too much effort into that path.

In any case, a repo with just the split files but no maintained history clones
in ~12s in the above test setup. It also brings the (bare) repo down from 3,3GB
to 189MB. So the issue is really the data/CVE/list file.

That said, data/DSA/list is 14575 lines. That seems to not bother git too much
yet. Still if things get re-structured, this file may be worth a look, too.

To me the most reasonable path forward unfortunately looks like start a new repo
for 2019+ and "just" import the split files or single-record files as mentioned
by pabs but not the git/svn/cvs history. The old repo would - of course - stay
around but frozen at a deadline.

Corsac also mentioned on IRC that the repo could be hosted outside of Gitlab.
That would reduce the pressure for some time.
But cgit and other git frontends (as well as 

Bug#908494: Confirmed, reproducible on plain Stretch

[Daniel Lange]

o No Lightning (icon, menu) after upgrade to 60.0-3~deb9u1 despite the
add-on being loaded
o No Lightning in a newly created profile
o apt purge thunderbird-l10n-de
  -> removes icedove-l10n-de* thunderbird-l10n-de*
o Lightning is back (and Thunderbird obviously now in English)

reversal test:
o apt install thunderbird-l10n-de
  -> installs thunderbird-l10n-de
o Lightning is gone (=no icon, no menu) again

Bug#908636: htop: Feature request: enable delayacct support in htop build

[Daniel Lange]

Hi Rich,

thank you very much for the wishlist request.

Some background for others:
https://andrestc.com/post/linux-delay-accounting/
https://github.com/hishamhm/htop/issues/665

Needs CONFIG_TASK_DELAY_ACCT=y which is set for the default kernels in
Debian.

B-DEP pkg-config, libnl-3-dev, libnl-genl-3-dev
R-DEP libnl-3, libnl-genl-3

delayacct (used to) oops on low mem
https://lkml.org/lkml/2018/7/24/828

Feature only available to root users (CAP_SYS_ADMIN).

I'll consider enabling the feature for the next release of htop
depending on buster freeze timings. There are quite some other
interesting features in the queue but this will make for a bit risky
htop release next time.

Best regards,
Daniel

Bug#907308: Bug depends on glibc version

[Daniel Lange]

as discussed with jwilk on irc:

This bug depends on the (g)libc version:

* stock Stretch is unaffected (libc6-2.24-11+deb9u3)
* Stretch with glibc from unstable (libc6-2.27-5) is affected
* stock Ubuntu 18.04.1 (libc6-2.27-3ubuntu1) is affected

Bug#901889: Bug#901890: Bug#901889: displays "Page not found" error when user not logged in

[Daniel Lange]

Am 20.06.2018 um 23:05 schrieb Daniel Pocock:
> What is the package / software being used for the current DebConf?

A Django application called wafer:
https://github.com/CTPUG/wafer

Bug#889693: Bug already reported upstream

[Daniel Lange]

Control: forwarded -1 https://github.com/hishamhm/htop/issues/733

Seems to be perror() called when it shouldn't ("Success" is the message
for exit(0)).

NB: This is terminfo / terminal dependant (reproducible under xterm in
Debian Stretch, will not bug out when run, e.g. under gdb).

Bug#889634: New upstream Version 2.1.0

[Daniel Lange]

Control: severity -1 wishlist
Control: tags -1 + pending
Control: outlook -1 htop 2.1.0 is being packaged

We're packaging it and should have it in sid by end of next week.
That should be well before the import sync freeze for Bionic Beaver
(planned for March 1st).

Bug#878894: Moderation

[Daniel Lange]

as per discussion with formorer and input from cate:
Please use the DD+DM keyring to allow signed posts to this ML.
We may ask listmasters some time in the future to amend this with a
(currently not existing) DebConf keyring in case there is a DCxy that
has a significant need for this (e.g. not sufficiently many active
DDs/DMs in their team).

Bug#878894: lists.debian.org: Request for migration of mailing list: debconf-announce

[Daniel Lange]

Am 17.10.2017 um 16:58 schrieb Alexander Wirt:
> Who should be the moderator(s)?
jcc, OdyX, lucas, stefanor, DLange (=DebConf committee)

> What about old data or subscribers? 
That will be provided by Ganneff as with the other lists to be migrated

Bug#878914: lists.debian.org: Request for migration of mailing list: debconf-team

[Daniel Lange]

Package: lists.debian.org
Severity: wishlist

Name: debconf-team

Rationale:
As per 
https://www.mail-archive.com/debconf-team@lists.debconf.org/msg14555.html Task 
#2 and DSA RT #6925:
We are migrating the DebConf mailing lists from locally run hardware / software 
to DSA / listmasters.

Short description:
DebConf Organizer Team List

Long description:
The list for the organizer team to discuss anything non-confidential related to 
DebConf.

Category: Debconf

Subscription policy: open

Post policy: open

Web Archive: yes

Subscriber list and archive will be provided by Ganneff

Bug#878915: lists.debian.org: Request for migration of mailing list: debconf-video

[Daniel Lange]

Package: lists.debian.org
Severity: wishlist

Name: debconf-video

Rationale:
As per 
https://www.mail-archive.com/debconf-team@lists.debconf.org/msg14555.html Task 
#2 and DSA RT #6925:
We are migrating the DebConf mailing lists from locally run hardware / software 
to DSA / listmasters.

Short description:
DebConf Video Team List

Long description:
The list for taping and streaming DebConfs, Mini-DebConfs and similar formats.

Category: Debconf

Subscription policy: open

Post policy: open

Web Archive: yes

Subscriber list and archive will be provided by Ganneff

Bug#878898: lists.debian.org: Request for migration of mailing list: debconf-sponsors-team

[Daniel Lange]

Package: lists.debian.org
Severity: wishlist

Name: debconf-sponsors-team

Rationale:
As per 
https://www.mail-archive.com/debconf-team@lists.debconf.org/msg14555.html Task 
#2 and DSA RT #6925:
We are migrating the DebConf mailing lists from locally run hardware / software 
to DSA / listmasters.

Short description:
DebConf Sponsors Team List

Long description:
List for the sponsor and budget handling team for DebConf. This list is 
restricted and some information may be confidential.

Category: Debconf

Subscription policy: closed
Approvers (initial list): DLange, zumbi, olasd

Post policy: open

Web Archive: yes (only for subscribers)

Subscriber list and archive will be provided by Ganneff

Bug#878897: lists.debian.org: Request for migration of mailing list: debconf-discuss

[Daniel Lange]

Package: lists.debian.org
Severity: wishlist

Name: debconf-discuss

Rationale:
As per 
https://www.mail-archive.com/debconf-team@lists.debconf.org/msg14555.html Task 
#2 and DSA RT #6925:
We are migrating the DebConf mailing lists from locally run hardware / software 
to DSA / listmasters.

Short description:
Discussions about Debconf

Long description:
General purpose discussion list for all participants and interested people.

Category: Debconf

Subscription policy: open

Post policy: open

Web Archive: yes

Bug#878894: lists.debian.org: Request for migration of mailing list: debconf-announce

[Daniel Lange]

Package: lists.debian.org
Severity: wishlist

Name: debconf-announce

Rationale:
As per 
https://www.mail-archive.com/debconf-team@lists.debconf.org/msg14555.html Task 
#2 and DSA RT #6925:
We are migrating the DebConf mailing lists from locally run hardware / software 
to DSA / listmasters.

Short description:
Debconf Announcements

Long description:
Important news about Debconf. This list is a *MUST* for everyone, organizer or 
participant. Postings are moderated, discussion happens at 
debconf-disc...@lists.debian.org

Category: Debconf

Subscription policy: open

Post policy: moderated

Web Archive: yes

Bug#876087: xscreensaver: source-less and unlicensed code at hacks/images/m6502/dmsc.asm

[Daniel Lange]

Hi Daniel,

thank you very much.

All the best,
Daniel

Bug#876087: Source code and license of dmsc.asm

[Daniel Lange]

Hi,

your acme code dmsc.asm is used in xscreensaver by Jamie Zawinski.

Apparently there have been issues filed before at very Freedom oriented
distributions that the file is not clearly licensed and the source code
is not shipped with it. E.g. at https://labs.parabola.nu/issues/131 .

This has boiled up to Debian now at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876087
and I think the obvious thing is to ask you:

Could you please release this file under a DFSG compatible license
(https://www.debian.org/legal/licenses/) and provide the source e.g. as
a comment to the bug report and/or via email to Jamie (CC)?

Thank you for your consideration!

Best regards,
Daniel

Bug#864336: htop replaces CPU1/2/3/4/5/6/7/8 meter with CPU AVG meter after switching to tree view, quitting, and reopening

[Daniel Lange]

Am 15.06.2017 um 02:00 schrieb Ben Gladstone:
> I agree it's really strange and it doesn't make sense to me either why
> it would be doing that. I thought maybe it had something to do with my
> F5 key, maybe if there was another keybinding I forgot about. But nope,
> it has the same behavior when I use the mouse to click on tree mode too.
> I'll play around with it and see if I can get a clearer picture on the
> conditions that cause it

Pressing F5 is the critical hint. I changed tree view view the Setup
menu and then you don't see that behaviour. But changing with F5 I can
reproduce it as well. Very strange!
I'll forward upstream.

Bug#864336: htop replaces CPU1/2/3/4/5/6/7/8 meter with CPU AVG meter after switching to tree view, quitting, and reopening

[Daniel Lange]

O.k., so the htoprc files show exactly what you described in prose.

Unfortunately(?) it works for me in Jessie, I installed the same
backports-kernel that you have etc. Can't reproduce.

The config file reading logic doesn't look like it could drop "(1)"
either. And it doesn't care about tree mode or not for the meters.

I hope somebody sees the same odd behaviour and can shed some light on this.

Bug#864336: htop replaces CPU1/2/3/4/5/6/7/8 meter with CPU AVG meter after switching to tree view, quitting, and reopening

[Daniel Lange]

Control: severity -1 minor

Hi Ben,

thanks a lot for submitting the bug report.
I can't verify the issue here. I can create and persist a "CPU 2" meter
all I want and it shows up independent of tree view or not.

Could you look at .config/htop/htoprc and possibly move that out of the
way so htop creates a fresh one. Does that "fix" the issue?

Kind regards,
Daniel

Bug#864672: htop FTCBFS: python-minimal build dependency not installable

[Daniel Lange]

Hi Helmut,

thank you very much for the patch.
I applied it to our collab-maint repo so it will be in the next htop release 
for testing/Buster.

https://anonscm.debian.org/cgit/collab-maint/htop.git/commit/?id=ba3d665468e9752a81a50bb2df7639950e0a3c77

Kind regards,
Daniel

Bug#860281: tapecalc -h still calls the program "add" which was the upstream name

[Daniel Lange]

Package: tapecalc
Version: 20070214-2
Severity: minor

# tapecalc -h
Usage: add [options] [scripts]
[..]

The program is called add upstream
http://invisible-island.net/add/add.html

Bug#859762: autokey-gtk: fix set_text() to stop autokey-gtk hanging when using selection / clipboard functions

[Daniel Lange]

Package: autokey-gtk
Version: 0.90.4-1
Severity: important
Tags: upstream, patch

autokey-gtk hangs when using the selection / clipboard functions as GTK wants a 
length argument added to set_text().
-1 means "use size() to find out yourself".

Sample autokey script:

clipboard.fill_clipboard("Debian rocks")
keyboard.send_keys("+v")

Sample error:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/autokey/service.py", line 454, in 
execute
exec script.code in scope
  File "", line 11, in 
  File "/usr/lib/python2.7/dist-packages/autokey/scripting.py", line 837, in 
fill_clipboard
self.clipBoard.set_text(contents.encode("utf-8"))
TypeError: set_text() takes exactly 3 arguments (2 given)

The bug is reported upstream:
https://code.google.com/archive/p/autokey/issues/212
https://code.google.com/archive/p/autokey/issues/197

Fedora has better info and a partial(*) patch:
https://bugzilla.redhat.com/show_bug.cgi?id=1089695
https://bugzilla.redhat.com/show_bug.cgi?id=1229371

(*) one of five lines that need fixing

A complete patch (that includes a lot of whitespace cleanup as well) is 
available at 
https://github.com/autokey/autokey/commit/cf466fb30422a5e9074e48063c7f7ca7d7533021
 .

grep -- "^diff\|set_text" cf466fb30422a5e9074e48063c7f7ca7d7533021.patch 

Subject: [PATCH] Add length arg to gtk clipboard set_text which is mandatory
* add -1 arg to Gtk.Clipboard.set_text
diff --git a/src/lib/interface.py b/src/lib/interface.py
-self.clipBoard.set_text(self.__savedClipboard)
+self.clipBoard.set_text(self.__savedClipboard, -1)
-self.selection.set_text(string.encode("utf-8"))
+self.selection.set_text(string.encode("utf-8"), -1)
-self.clipBoard.set_text(string.encode("utf-8"))
+self.clipBoard.set_text(string.encode("utf-8"), -1)
diff --git a/src/lib/scripting.py b/src/lib/scripting.py
-self.selection.set_text(string.encode("utf-8"))
+self.selection.set_text(string.encode("utf-8"), -1)
-self.clipBoard.set_text(contents.encode("utf-8"))
+self.clipBoard.set_text(contents.encode("utf-8"), -1)

^-- this is the gist of the patch

Bug#804078: Patch available

[Daniel Lange]

Control: tags -1 + patch

https://github.com/lilydjwg/pssh/commit/86e308c6bd62b3422d3e5a95ef1d330ce167171d
has patches for the issues Jakub mentioned.

Rebasing on that upstream would also solve multiple other (documentation) 
issues.
As I'm not sure what upstream you (want to) follow, I did not tag 
fixed-upstream.
The Google-code homepage is archived (read: dead) as all of Google-code is.

Bug#573177: Status update

[Daniel Lange]

Control: tags -1 + patch

In the Jessie version (2.3.1-1), which is also the latest version in sid, 
parallel-scp works with multiple source files.

For parallel-rsync there is a patch available at
https://github.com/lilydjwg/pssh/commit/25de15b0e4f72d658f7783c32a905edd72ee383b
that adds the functionality to rsync multiple source files in one go.

Bug#793106: htop: malfunctions with TERM=linux-16color [was: Some processes running seem to be ‘hidden’ (i.e not showing - except when highlighted)]

[Daniel Lange]

Control: severity -1 minor
Control: tags -1 moreinfo

TERM=xterm-256color htop # works in xterm from Jessie. No issues.
TERM=linux-16color htop # works, looks ugly (underlines)

So this all works as intended. Obviously a bad choice of terminal
emulation will lead to ugly rendering. I *assume* the original reporter
also had a weird combination of the TERM variable and terminal
application and that led to only highlighted lines rendering readably.

It is not possible for htop to render correctly in all cases where
people have broken terminfo, esp. people sshing from Macs etc.

Bug#793106: htop: malfunctions with TERM=linux-16color [was: Some processes running seem to be ‘hidden’ (i.e not showing - except when highlighted)]

[Daniel Lange]

Thank you very much for the detailed analysis.

> I just hit this myself, and narrowed down the cause to running with
> TERM=linux-16color.

How can I reproduce the issue on Debian Linux?

Bug#839907: Minimal diff

[Daniel Lange]

I don't mind either way.

Attached is a minimal diff that will - of course - not make a current
build tool chain happy ("dh_builddeb: This package will soon FTBFS; time
to fix it!").

But it fixes the immediate issue of making the program usable again.


diff -Nru metar-20061030.1/debian/changelog metar-20061030.1/debian/changelog
--- metar-20061030.1/debian/changelog   2016-10-19 19:08:25.0 +0200
+++ metar-20061030.1/debian/changelog   2016-10-19 19:08:25.0 +0200
@@ -1,3 +1,10 @@
+metar (20061030.1-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * Import patch for new METAR URL from Kees Leune (Closes: #839907)
+
+ -- Daniel Lange <dl@usrlocal.de>  Wed, 19 Oct 2016 19:00:00 +0200
+
 metar (20061030.1-2) unstable; urgency=low
 
   * Build-Depends on libcurl3-gnutls-dev instead of libcurl3-dev
diff -Nru metar-20061030.1/src/metar.h metar-20061030.1/src/metar.h
--- metar-20061030.1/src/metar.h2006-04-05 22:30:28.0 +0200
+++ metar-20061030.1/src/metar.h2016-10-19 19:08:25.0 +0200
@@ -24,7 +24,7 @@
 #define  METAR_MAXSIZE 512
 
 /* where to fetch reports */
-#define  METARURL 
"http://weather.noaa.gov/pub/data/observations/metar/stations;
+#define  METARURL "http://tgftp.nws.noaa.gov/data/observations/metar/stations;
 
 /* clouds */
 typedef struct {

Bug#839907: jessie-pu: package metar/20061030.1-2+b3

[Daniel Lange]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

The NOAA weather service changed the URL for their service so metar fails
as reported (and fixed) in #833655 for unstable/testing.
The package is only usable with an URL-override by setting the METAURL
environment variable as is.

The backport of the minimum set of changes from 20061030.1-2.2 is a bit
lengthy as this includes debhelper -> dh / quilt to get the patches to apply
cleanly and stay with what we have in testing / unstable.

I've left the dependency on libcurl3-gnutls-dev which will install
libcurl4-gnutls-dev automatically on build-deps on Jessie 8.6.
This is the dependency in the current sid package as well.
Please advise if this should better be libcurl4-gnutls-dev.

Notes:

Apparently some dh magic cleans the COPYRIGHT file (GPLv2).
This needs adding or ignoring for building the source deb.

The d/changelog should add a mention the bug-number this email creates.

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru metar-20061030.1/config.guess metar-20061030.1/config.guess
--- metar-20061030.1/config.guess   2016-10-06 11:11:04.0 +0200
+++ metar-20061030.1/config.guess   1970-01-01 01:00:00.0 +0100
@@ -1,1500 +0,0 @@
-#! /bin/sh
-# Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
-#   Inc.
-
-timestamp='2006-07-02'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-
-# Originally written by Per Bothner .
-# Please send patches to .  Submit a context
-# diff and a properly formatted ChangeLog entry.
-#
-# This script attempts to guess a canonical system name similar to
-# config.sub.  If it succeeds, it prints the system name on stdout, and
-# exits with 0.  Otherwise, it exits with 1.
-#
-# The plan is that this can be called by configure scripts if you
-# don't specify an explicit build system type.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION]
-
-Output the configuration name of the system \`$me' is run on.
-
-Operation modes:
-  -h, --help print this help, then exit
-  -t, --time-stamp   print date of last modification, then exit
-  -v, --version  print version number, then exit
-
-Report bugs and patches to ."
-
-version="\
-GNU config.guess ($timestamp)
-
-Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 
2002, 2003, 2004, 2005
-Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
-  case $1 in
---time-stamp | --time* | -t )
-   echo "$timestamp" ; exit ;;
---version | -v )
-   echo "$version" ; exit ;;
---help | --h* | -h )
-   echo "$usage"; exit ;;
--- ) # Stop option processing
-   shift; break ;;
-- )# Use stdin as input.
-   break ;;
--* )
-   echo "$me: invalid option $1$help" >&2
-   exit 1 ;;
-* )
-   break ;;
-  esac
-done
-
-if test $# != 0; then
-  echo "$me: too many arguments$help" >&2
-  exit 1
-fi
-
-trap 'exit 1' 1 2 15
-
-# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
-# compiler to aid in system detection is discouraged as it requires
-# temporary files to be created and, as you can see below, it is a
-# headache to deal with in a portable fashion.
-
-# Historically, `CC_FOR_BUILD' used 

Bug#827304: unable to reproduce the issue on three AMD64 systems

[Daniel Lange]

Control: tags -1 unreproducible

I've tried to reproduce the issue for 48h on three AMD64 systems I've
happened to have around here temporarily with fresh Debian testing
installs. Got to use the opportunity. One of the systems was used for
heavy editing, the two other for occasional editing with lots of idle
times. The theme was set to oblivion on mousepad invocation as
instructed by the bug submitter.
There were no crashes and no uninstructed switch of themes.
The memory consumption was also bound and only changed when editing and
saving.

So this look like an issue that may have been specific to the affected
system. As there have been no confirmations in three months either,
I suggest reducing the bug severity.

Bug#834502: Suggest to remove this old version

[Daniel Lange]

tcpcopy 0.6.3 relies on ip_queue support that has been removed from the
Linux kernel >= 3.5.0.

tcpcopy 0.7.0+ knows about nfqueue for kernels >= 3.5.0.

The current version of tcpcopy is 1.0.0 released 03.08.2015.

I suggest removing this old version from testing / sid.
(It will be auto-removed due to the RC bug from Stretch.)

NB1: intercept and tcpcopy have been split into separate repositories
upstream.
NB2: Ubuntu dropped the version 0.6.3 for the raring release (13.04),
cf. LP: #1163290
(https://bugs.launchpad.net/ubuntu/+source/tcpcopy/+bug/1163290)

Bug#835666: [htop] Mouse wheel scrolling does not work

[Daniel Lange]

Control: severity -1 wishlist

This needs compiling against libncurses(w)6 which is not available in
Debian yet.
The libncursesw5 you are using from testing is currently compiled with
--with-abi-version=5.

So mouse wheel scrolling at ABI level 6 is not intended to work in
Debian yet.
Bugs #230990 and #788610 have details on the issues with libncurses and
the symbol versioning.




signature.asc
Description: OpenPGP digital signature

Bug#834502: Proposed NMU, debdiff attached

[Daniel Lange]

Control: tags -1 + patch

The buffer overflow results from strings that are too short for a strcpy to 
always succeed.

Patch from 

 attached.

The input word is guaranteed to be at most STRINGSIZE-1 in length. One of the
mangle operations involves duplicating the input word, resulting in a string
twice the length to be accommodated by both area variables.

Howard Guo  2016-08-17

diff -rupN 3/lib/rules.c 3-patched/lib/rules.c
--- 3/lib/rules.c	2016-08-16 14:16:24.033261876 +0200
+++ 3-patched/lib/rules.c	2016-08-17 13:57:14.485782894 +0200
@@ -434,9 +434,8 @@ Mangle(input, control)		/* returns a poi
 {
 int limit;
 register char *ptr;
-static char area[STRINGSIZE];
-char area2[STRINGSIZE];
-area[0] = '\0';
+static char area[STRINGSIZE * 2] = {0};
+char area2[STRINGSIZE * 2] = {0};
 strcpy(area, input);
 
 for (ptr = control; *ptr; ptr++)

Bug#833655: Proposed NMU, debdiff attached

[Daniel Lange]

Control: tags -1 + patch

Cherrypicked the METAURL change from
<https://github.com/keesL/metar/commit/6ce5ef8960d9e669a7583d215f3b222f7f272aa7>

diff -Nru metar-20061030.1/debian/changelog metar-20061030.1/debian/changelog
--- metar-20061030.1/debian/changelog   2016-07-16 13:11:56.0 +0200
+++ metar-20061030.1/debian/changelog   2016-08-22 16:26:06.0 +0200
@@ -1,3 +1,10 @@
+metar (20061030.1-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Import patch for new METAR URL from Kees Leune. Closes: #833655
+
+ -- Daniel Lange <dl@usrlocal.de>  Mon, 22 Aug 2016 16:25:57 +0200
+
 metar (20061030.1-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru metar-20061030.1/debian/patches/fix-metarurl 
metar-20061030.1/debian/patches/fix-metarurl
--- metar-20061030.1/debian/patches/fix-metarurl1970-01-01 
01:00:00.0 +0100
+++ metar-20061030.1/debian/patches/fix-metarurl2016-08-22 
16:25:14.0 +0200
@@ -0,0 +1,24 @@
+From 6ce5ef8960d9e669a7583d215f3b222f7f272aa7 Mon Sep 17 00:00:00 2001
+From: keesL <k...@leune.org>
+Date: Mon, 8 Aug 2016 09:51:25 -0400
+Subject: [PATCH] Updated default URL from which to get metars. NOTE. This also
+ updated the protocol from FTP to HTTP
+Origin: upstream, 
https://github.com/keesL/metar/commit/6ce5ef8960d9e669a7583d215f3b222f7f272aa7
+
+---
+ src/metar.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/metar.h b/src/metar.h
+index c55d92d..b2537fc 100644
+--- a/src/metar.h
 b/src/metar.h
+@@ -24,7 +24,7 @@
+ #define  METAR_MAXSIZE 512
+ 
+ /* where to fetch reports */
+-#define  METARURL 
"http://weather.noaa.gov/pub/data/observations/metar/stations;
++#define  METARURL "http://tgftp.nws.noaa.gov/data/observations/metar/stations;
+ 
+ /* clouds */
+ typedef struct {
diff -Nru metar-20061030.1/debian/patches/series 
metar-20061030.1/debian/patches/series
--- metar-20061030.1/debian/patches/series  2016-07-16 13:03:57.0 
+0200
+++ metar-20061030.1/debian/patches/series  2016-08-22 16:25:31.0 
+0200
@@ -1 +1,2 @@
 fix-pod-errors
+fix-metarurl

Bug#822963: htop 2.0.2 released upstream

[Daniel Lange]

Control: outlook -1 htop 2.0.2 is being packaged

htop 2.0.2 has been tagged upstream incl. the reproducible-build patch and a 
few warning fixes from Debian lintian
Testing & packaging should be ready middle of next week.

Bug#822963: RB patch merged upstream

[Daniel Lange]

Your patch has been applied upstream in
https://github.com/hishamhm/htop/commit/c37be409a99441b2edcace1152eb2fe7cb2a8074
and will be in the next release.

Bug#821747: Patch merged upstream

[Daniel Lange]

Your patch has been applied upstream in
https://github.com/hishamhm/htop/commit/cdc91b0b33f6b2d91cc60ded64d95aa33364606f
and will be in the next release.

Thanks again jrtc27.

Bug#822963: htop: please make the build reproducible (timestamps)

[Daniel Lange]

Control: tags -1 +pending

Hi Alexis,

that patch is from Graham (CC) and we have it both already in
https://anonscm.debian.org/cgit/collab-maint/htop.git/commit/?id=cef9e7933e5c9704eaa5a6330067967f32e52798
and sent upstream (https://github.com/hishamhm/htop/pull/476).

Were waiting for upstream to apply the patch and will make it available in 
Debian on the next release of the package.

Kind regards,
Daniel


Am 29.04.2016 um 15:05 schrieb Alexis Bienvenüe:
> Source: htop
> Version: 2.0.1-1
> Severity: wishlist
> Tags: patch upstream
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: timestamps
> X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org
> 
> Dear Maintainer,
> 
> While working on the “reproducible builds” effort [1], we have noticed
> that 'htop' could not be built reproducibly.
> 
> The attached patch honours the SOURCE_DATE_EPOCH environment
> variable [2] to get a reproducible copyright year.
> Once applied, htop can be built reproducibly in our current
> experimental framework.
> 
> Regards,
> Alexis Bienvenüe.
> 
>   [1]: https://wiki.debian.org/ReproducibleBuilds
>   [2]: https://reproducible-builds.org/specs/source-date-epoch/
> 

Bug#822233: devscripts: Uscan warning output breaks UDD and tracker.d.o

[Daniel Lange]

Package: devscripts
Version: 2.15.3
Severity: normal
Usertags: uscan

uscan outputs
"No upstream tarball downloaded.  No further processing with 
mk_origtargz ..."

and exits with error code 1.

This is a warning and not an error and wrong, too, as the source would 
be downloadable:

uscan --download-current-version will result in

>[..]
>Newest version on remote site is 2.0.1, local version is 2.0.1
> => Forcing download as requested
>-- Downloading updated package htop-2.0.1.tar.gz
>-- Checking for common possible upstream OpenPGP signatures
>-- Successfully downloaded updated package htop-2.0.1.tar.gz
>-- Successfully symlinked /htop-2.0.1.tar.gz to /htop_2.0.1.orig.tar.gz.
>-- Scan finished
which is fine.

The result of this warning-as-error is then e.g.:
https://tracker.debian.org/pkg/htop

>Action needed
>Problems while searching for a new upstream version
> [Severity] high
>uscan had problems while searching for a new upstream version:
>No upstream tarball downloaded.  No further processing with 
mk_origtargz ...


So kindly please fix uscan and update in jessie-backports for DSA use 
(which will then fix UDD and tracker.d.o again).

Bug#821904: htop: please add option to "freeze/unfreeze" display

[Daniel Lange]

lsof screens should only refresh on pressing F5.
The strace screen can be toggled scrolling with F8 and F9 toggles 
tracing on and off.


If you copy & paste from the mail htop screen adding a longer refresh 
delay may help. See man htop (-d option).

Bug#821747: Patch applied, thank you

[Daniel Lange]

Control: severity -1 normal
Control: tags -1 + pending

Your patch has been applied as
https://anonscm.debian.org/cgit/collab-maint/htop.git/commit/?id=467eb8588b08f4beba50120ff9f312331dae47b1
and will be in the next release.

Thanks jrtc27!

Bug#820331: cronic: uses very predictable temporary files

[Daniel Lange]

Am 10.04.2016 18:46, schrieb Salvatore Bonaccorso:
CVE-2016-3992 has been assigned for this issue. Can you forward this 
to upstream and as well include the CVE id reference in 
debian/changelog when fixing this issue? 
Upstream has already fixed yesterday and I packaged the v3 for Debian 
this morning.

It's just waiting for Graham to upload. I'm a mere mortal, I can't :).

Bug#789548: summit.debconf.org: typo on web page

[Daniel Lange]

Fixed in commit #e56e7e0

Thank you very much for the heads up Faheem.

Am 22.06.2015 um 09:51 schrieb Faheem Mitha:

Package: summit.debconf.org
Severity: minor

In http://debconf15.debconf.org/registration.xhtml described is
mis-spelled a couple of times as decribed (missing 's').

 Regards, Faheem

-- System Information:
Debian Release: 8.1
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 
'stable'), (500, 'oldstable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)





--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#789548: summit.debconf.org: typo on web page

[Daniel Lange]

Fixed in #e56e7e0 and pushed to website


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#768896: Upstream fix in Gnome (link to commit / patch)

[Daniel Lange]

Link to upstream commit / patch:
https://bugzilla.gnome.org/show_bug.cgi?id=739178


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#768896: Upstream fix in Gnome (link to commit / patch)

[Daniel Lange]

Second try :)
https://git.gnome.org/browse/gnome-shell/commit/?id=c3bf4a3


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#768896: Upstream fix in Gnome

[Daniel Lange]

Fixed upstream in:
https://bugzilla.gnome.org/show_bug.cgi?id=739178

Patch needs to be backported to Debian Gnome.


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#768896: possible fix. NOT WORKING

[Daniel Lange]

The proposed fix from Adi doesn't work here.
Problem still exists with a freshly upgraded wheezy - jessie Nvidia system.
No issues in wheezy. Same black/white stripes pattern as described by 
everybody else here.


gsettings set org.gnome.desktop.background picture-uri 
'file:///usr/share/backgrounds/gnome/FootFall.png'


as a really ugly workaround after each resume.


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#780462: summit.debian.org: T-Shirt sizes uses (e.g.) large vs female large

[Daniel Lange]

Hi,

and also please add sizes up to 5XL which are common these days.
And XS which is also common. The world gets more diverse. In all aspects.

Greets,
DL

Am 14.03.2015 um 13:45 schrieb Niels Thykier:

Package: summit.debconf.org

Hi,

The T-shirt sizes field in the registration field gives the following
options:

  * Small ... Extra extra large
  * Female small ... Female extra extra large
  * No shirt selected

I suspect this would be more gender neutral if we had Male small
... Male extra extra large in the first group.

~Niels





--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org