Bug#1007183: buster-pu: package libphp-adodb/5.20.14-1

2022-03-12 Thread Jean-Michel Vourgère 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal

Hello

I'd like to patch CVE-2021-3850

The one-line patch is already released in sid, and in old-old-security
as version 5.20.9-1+deb9u1 thanks to the ELTS team.

The patch, from upstream, removes the detection of a string being 
already quoted. This results in the proper escaping always taking place.
Note that this function is only called for escaping pg_connect arguments.

Is that ok?

Tell me if you think it's better to upload in buster-security.diff -Nru libphp-adodb-5.20.14/debian/changelog libphp-adodb-5.20.14/debian/changelog
--- libphp-adodb-5.20.14/debian/changelog	2019-01-07 07:18:32.0 +0100
+++ libphp-adodb-5.20.14/debian/changelog	2022-03-12 21:40:01.0 +0100
@@ -1,3 +1,10 @@
+libphp-adodb (5.20.14-1+deb10u1) buster; urgency=high
+
+  * Add patch to prevent auth bypass with PostgreSQL
+connections. (Fixes: CVE-2021-3850) (Closes: #1004376)
+
+ -- Jean-Michel Vourgère   Sat, 12 Mar 2022 21:40:01 +0100
+
 libphp-adodb (5.20.14-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru libphp-adodb-5.20.14/debian/patches/CVE-2021-3850.patch libphp-adodb-5.20.14/debian/patches/CVE-2021-3850.patch
--- libphp-adodb-5.20.14/debian/patches/CVE-2021-3850.patch	1970-01-01 01:00:00.0 +0100
+++ libphp-adodb-5.20.14/debian/patches/CVE-2021-3850.patch	2022-02-06 09:56:10.0 +0100
@@ -0,0 +1,26 @@
+From 952de6c4273d9b1e91c2b838044f8c250c29 Mon Sep 17 00:00:00 2001
+From: Damien Regad 
+Date: Mon, 10 Jan 2022 09:41:32 +0100
+Subject: [PATCH] Prevent auth bypass with PostgreSQL connections
+
+Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability
+(CVE-2021-3850).
+
+This is a minimalistic approach to patch the issue, to reduce the risk
+of causing regressions in the legacy stable branch.
+
+Fixes #793
+---
+ drivers/adodb-postgres64.inc.php | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/adodb-postgres64.inc.php
 b/drivers/adodb-postgres64.inc.php
+@@ -51,7 +51,6 @@
+ {
+ 	$len = strlen($s);
+ 	if ($len == 0) return "''";
+-	if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted
+ 
+ 	return "'".addslashes($s)."'";
+ }
diff -Nru libphp-adodb-5.20.14/debian/patches/series libphp-adodb-5.20.14/debian/patches/series
--- libphp-adodb-5.20.14/debian/patches/series	1970-01-01 01:00:00.0 +0100
+++ libphp-adodb-5.20.14/debian/patches/series	2022-02-06 09:55:43.0 +0100
@@ -0,0 +1 @@
+CVE-2021-3850.patch


signature.asc
Description: This is a digitally signed message part.

Bug#1007181: bullseye-pu: package libphp-adodb/5.20.19-1

2022-03-12 Thread Jean-Michel Vourgère 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bullseye
Severity: normal

Hello

I'd like to patch CVE-2021-3850

The one-line patch is already released in sid, and in old-old-security
as version 5.20.9-1+deb9u1 thanks to the ELTS team.

The patch, from upstream, removes the detection of a string being 
already quoted. This results in the proper escaping always taking place.
Note that this function is only called for escaping pg_connect arguments.

Is that ok?

Tell me if you think it's better to upload in bullseye-security.diff -Nru libphp-adodb-5.20.19/debian/changelog libphp-adodb-5.20.19/debian/changelog
--- libphp-adodb-5.20.19/debian/changelog	2020-12-19 08:08:01.0 +0100
+++ libphp-adodb-5.20.19/debian/changelog	2022-03-12 18:50:26.0 +0100
@@ -1,3 +1,10 @@
+libphp-adodb (5.20.19-1+deb11u1) bullseye; urgency=high
+
+  * Add patch to prevent auth bypass with PostgreSQL
+connections. (Fixes: CVE-2021-3850) (Closes: #1004376)
+
+ -- Jean-Michel Vourgère   Sat, 12 Mar 2022 18:50:26 +0100
+
 libphp-adodb (5.20.19-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru libphp-adodb-5.20.19/debian/patches/CVE-2021-3850.patch libphp-adodb-5.20.19/debian/patches/CVE-2021-3850.patch
--- libphp-adodb-5.20.19/debian/patches/CVE-2021-3850.patch	1970-01-01 01:00:00.0 +0100
+++ libphp-adodb-5.20.19/debian/patches/CVE-2021-3850.patch	2022-02-06 09:56:10.0 +0100
@@ -0,0 +1,26 @@
+From 952de6c4273d9b1e91c2b838044f8c250c29 Mon Sep 17 00:00:00 2001
+From: Damien Regad 
+Date: Mon, 10 Jan 2022 09:41:32 +0100
+Subject: [PATCH] Prevent auth bypass with PostgreSQL connections
+
+Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability
+(CVE-2021-3850).
+
+This is a minimalistic approach to patch the issue, to reduce the risk
+of causing regressions in the legacy stable branch.
+
+Fixes #793
+---
+ drivers/adodb-postgres64.inc.php | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/adodb-postgres64.inc.php
 b/drivers/adodb-postgres64.inc.php
+@@ -51,7 +51,6 @@
+ {
+ 	$len = strlen($s);
+ 	if ($len == 0) return "''";
+-	if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted
+ 
+ 	return "'".addslashes($s)."'";
+ }
diff -Nru libphp-adodb-5.20.19/debian/patches/series libphp-adodb-5.20.19/debian/patches/series
--- libphp-adodb-5.20.19/debian/patches/series	1970-01-01 01:00:00.0 +0100
+++ libphp-adodb-5.20.19/debian/patches/series	2022-02-06 09:55:43.0 +0100
@@ -0,0 +1 @@
+CVE-2021-3850.patch


signature.asc
Description: This is a digitally signed message part.

Bug#817130: README.Debian refers to non-existent /etc/default/pulseaudio

2022-03-08 Thread Jean-Michel Vourgère 
An update would be welcome, indeed.

I have a clock that plays a sound every hour. It is run from the crontab, and
I need pulse audio when no user is logged in.

This is just an example where the use of a system-wide pulseaudio instance
comes handy.

For the reference, here's the leny file pointed at.# Start the PulseAudio sound server in system mode.
# (enables the pulseaudio init script - requires that users be in the
# pulse-access group)
# System mode is not the recommended way to run PulseAudio as it has some
# limitations (such as no shared memory access) and could potentially allow
# users to disconnect or redirect each others' audio streams. The
# recommended way to run PulseAudio is as a per-session daemon. For GNOME/KDE/
# Xfce sessions in Ubuntu Lucid/10.04, /etc/xdg/autostart/pulseaudio.desktop
# handles this function of automatically starting PulseAudio on login, and for
# it to work correctly your user must *not* have "autospawn = no" set in
# ~/.pulse/client.conf (or in /etc/pulse/client.conf). By default, autospawn
# is enabled. For other sessions, you can simply start PulseAudio with
# "pulseaudio --daemonize".
# 0 = don't start in system mode, 1 = start in system mode
PULSEAUDIO_SYSTEM_START=0

# Prevent users from dynamically loading modules into the PulseAudio sound
# server. Dynamic module loading enhances the flexibility of the PulseAudio
# system, but may pose a security risk.
# 0 = no, 1 = yes
DISALLOW_MODULE_LOADING=1

Bug#1004140: [certbot-apache] Bad SSLHonorCipherOrder

2022-01-21 Thread Jean-Michel Vourgère 
Package: python3-certbot-apache
Version: 1.10.1-1
Tags: security upstream patch

Hello

letsencrypt apache configuration snippet contains:
SSLHonorCipherOrder off

which is:
1/ Apache default value
2/ The worst value

As a consequence, even is you upgraded your apache configuration, if you use
letsencrypt, depending of the order of your includes, you may end up with your
changes being overwritten for the worst possible value.

Please enable SSLHonorCipherOrder
Or at the very least stop resetting it!

You can have a look at /etc/apache2/mods-available/ssl.conf to understand the
pros and cons.

Note that disabling that option results in web site being flagged as unsecured 
by most tools.
See testssl package and the result:
> Has server cipher order? no (NOT ok)

Attached is a (trivial) patch.

Thank you for maintaining this package.Description: Don't force remove robust cipher order
 See /etc/apache2/mods-available/ssl.conf

Author: Jean-Michel Vourgère 
Bug-Debian: https://bugs.debian.org/
Forwarded: no
Reviewed-By: 
Last-Update: 2022-01-21

--- 
python-certbot-apache-1.10.1.orig/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
+++ 
python-certbot-apache-1.10.1/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
@@ -9,7 +9,7 @@ SSLEngine on
 # Intermediate configuration, tweak to your needs
 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 SSLCipherSuite  
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-SSLHonorCipherOrder off
-SSLHonorCipherOrder on
 SSLSessionTickets   off
 
 SSLOptions +StrictRequire


signature.asc
Description: This is a digitally signed message part.

Bug#994747: gnome-calendar: Please suggest gnome-online-accounts

2021-09-20 Thread Jean-Michel Vourgère 
Package: gnome-calendar
Version: 3.38.2-1
Severity: wishlist

Dear Maintainer,

When I click on "add online accounts", nothing happens here.

Please consider adding a Suggest: dependency on group-online-accounts
package.

Thanks

-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-calendar depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.38.0-2
ii  gsettings-desktop-schemas3.38.0-2
ii  libc62.31-13
ii  libcairo21.16.0-5
ii  libdazzle-1.0-0  3.38.0-1
ii  libecal-2.0-13.38.3-1
ii  libedataserver-1.2-253.38.3-1
ii  libedataserverui-1.2-2   3.38.3-1
ii  libgeoclue-2-0   2.5.7-3
ii  libglib2.0-0 2.66.8-1
ii  libgoa-1.0-0b3.38.0-3
ii  libgtk-3-0   3.24.24-4
ii  libgweather-3-16 3.36.1-3
ii  libhandy-0.0-0   0.0.13-3
ii  libical3 3.0.9-2
ii  libpango-1.0-0   1.46.2-3
ii  libpangocairo-1.0-0  1.46.2-3
ii  libsoup2.4-1 2.72.0-2

Versions of packages gnome-calendar recommends:
ii  evolution-data-server  3.38.3-1

gnome-calendar suggests no packages.

-- no debconf information

Bug#992255: openvpn fails in a container (missing cgroup2 support)

2021-08-16 Thread Jean-Michel Vourgère 
Package: lxc-templates
Version: 3.0.4-5
Severity: normal
Affects: openvpn

Dear Maintainer,

After upgrading to bullseye, my container with openvpn failed to start.

The syslog error message is:
ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
and indeed "cat /dev/net/tun" fails with that same error.

I traced the problem to cgroup2 migration.

Adding
lxc.cgroup2.devices.allow = c 10:200 rwm
in my container config file fixed the issue.

I believe cgroup2 support should be added generally in
/usr/share/lxc/config/debian.common.conf
with keys for both cgroup1 and cgroup2 in a way that is similar to 
/usr/share/lxc/config/common.conf

Please add cgroup2 support.

Thank you


signature.asc
Description: This is a digitally signed message part.

Bug#990221: lxc-debian fails with »debian-distro-info: command not found«

2021-08-16 Thread Jean-Michel Vourgère 
lxc-templates recommends packages distro-info

You really should install it, as recommended, unless you don't want to install 
any debian based container.

signature.asc
Description: This is a digitally signed message part.

Bug#991316: clamav: Freshclam exhaust diff download quotas before switching to full downloads

2021-07-20 Thread Jean-Michel Vourgère 
Package: clamav
Version: 0.103.2+dfsg-0+deb10u1
Severity: normal

Dear Maintainer,

Clamav no longer download updates on my server.

I am in a situation where I get message:
Incremental update failed, trying to download daily.cvd

However, freshclam tried so hard to download the diff that I get quick
out every time from the mirror with the error:

Tue Jul 20 15:45:49 2021 -> ^Can't download daily.cvd from 
https://database.clamav.net/daily.cvd
Tue Jul 20 15:45:49 2021 -> ^FreshClam received error code 429 from the ClamAV 
Content Delivery Network (CDN).
Tue Jul 20 15:45:49 2021 -> This means that you have been rate limited by the 
CDN.
Tue Jul 20 15:45:49 2021 ->  1. Run FreshClam no more than once an hour to 
check for updates.
Tue Jul 20 15:45:49 2021 -> FreshClam should check DNS first to see if an 
update is needed.
Tue Jul 20 15:45:49 2021 ->  2. If you have more than 10 hosts on your network 
attempting to download,
Tue Jul 20 15:45:49 2021 -> it is recommended that you set up a private 
mirror on your network using
Tue Jul 20 15:45:49 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) 
to save bandwidth on the
Tue Jul 20 15:45:49 2021 -> CDN and your own network.
Tue Jul 20 15:45:49 2021 ->  3. Please do not open a ticket asking for an 
exemption from the rate limit,
Tue Jul 20 15:45:49 2021 -> it will not be granted.
Tue Jul 20 15:45:49 2021 -> ^You are on cool-down until after: 2021-07-20 
19:45:49
Tue Jul 20 15:45:49 2021 -> *Current working dir is /var/lib/clamav/
Tue Jul 20 15:45:49 2021 -> *check_for_new_database_version: Local copy of main 
found: main.cld.
Tue Jul 20 15:45:49 2021 -> *query_remote_database_version: main.cvd version 
from DNS: 61
Tue Jul 20 15:45:49 2021 -> main database available for update (local version: 
59, remote version: 61)

See attached full log.

I expected freshclam to give up retrying patching the database and switch
to full download *before* hitting the rate limitation. Every time it gives up 
and
switch to full download, it is too late and the full download fails too.

As a result, freshclam is totally broken here.

-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
---
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "6"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "12"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "1"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "1"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled

Bug#990702: matrix-mirage: 'invite' KeyError exception

2021-07-05 Thread Jean-Michel Vourgère 
Package: matrix-mirage
Version: 0.6.4~dfsg+~hsluv1.0.0-4
Severity: important

Dear Maintainer,

Every time I start mirage, I get that message:

Traceback (most recent call last):
  File "qrc:/src/backend/matrix_client.py", line 399, in _start
await self.sync_task
  File "/usr/lib/python3/dist-packages/nio/client/async_client.py", line 1130, 
in sync_forever
sync_response = await self.sync(use_timeout, use_filter, since, full_state, 
presence)
  File "/usr/lib/python3/dist-packages/nio/client/async_client.py", line 1003, 
in sync
response = await self._send(
  File "qrc:/src/backend/matrix_client.py", line 251, in _send
response = await super()._send(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/nio/client/async_client.py", line 717, 
in _send
resp = await self.create_matrix_response(
  File "/usr/lib/python3/dist-packages/nio/client/async_client.py", line 504, 
in create_matrix_response
resp = response_class.from_dict(parsed_dict, *data)
  File "/usr/lib/python3/dist-packages/nio/responses.py", line 170, in wrapper
return f(cls, parsed_dict, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/nio/responses.py", line 1745, in 
from_dict
rooms = SyncResponse._get_room_info(parsed_dict["rooms"])
  File "/usr/lib/python3/dist-packages/nio/responses.py", line 1688, in 
_get_room_info
for room_id, room_dict in parsed_dict["invite"].items():
KeyError: 'invite'

Such an error occur every 30 second or so.

If I ignore it, nothing happens. I only have a big circle turning in the
window.

The package became totally unusable for me.


-- System Information:
Debian Release: 11.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages matrix-mirage depends on:
ii  libc6   2.31-12
ii  libgcc-s1   10.2.1-6
ii  libqt5core5a5.15.2+dfsg-7
ii  libqt5gui5  5.15.2+dfsg-7
ii  libqt5qml5  5.15.2+dfsg-6
ii  libqt5quick55.15.2+dfsg-6
ii  libqt5quickcontrols2-5  5.15.2+dfsg-2
ii  libqt5widgets5  5.15.2+dfsg-7
ii  libstdc++6  10.2.1-6
ii  libx11-62:1.7.1-1
ii  libxss1 1:1.2.3-1
ii  python3 3.9.2-3
ii  python3-aiofiles0.6.0-2
ii  python3-appdirs 1.4.4-1
ii  python3-blist   1.3.6-7+b1
ii  python3-cairosvg2.5.0-1.1
ii  python3-html-sanitizer  1.9.1-2
ii  python3-lxml4.6.3-1
ii  python3-magic   2:0.4.20-3
ii  python3-matrix-nio  0.16.0-1
ii  python3-mistune 0.8.4-4
ii  python3-pil 8.1.2+dfsg-0.1
ii  python3-pymediainfo 5.0.3-1
ii  qml-module-io-thp-pyotherside   1.5.9-2+b3
ii  qml-module-qt-labs-folderlistmodel  5.15.2+dfsg-6
ii  qml-module-qt-labs-platform 5.15.2+dfsg-2
ii  qml-module-qt-labs-qmlmodels5.15.2+dfsg-6
ii  qml-module-qtav 1.13.0+ds-3+b2
ii  qml-module-qtgraphicaleffects   5.15.2-2
ii  qml-module-qtquick-controls25.15.2+dfsg-2
ii  qml-module-qtquick-dialogs  5.15.2-2
ii  qml-module-qtquick-layouts  5.15.2+dfsg-6
ii  qml-module-qtquick-shapes   5.15.2+dfsg-6
ii  qml-module-qtquick-window2  5.15.2+dfsg-6
ii  qml-module-qtquick2 5.15.2+dfsg-6

Versions of packages matrix-mirage recommends:
ii  fonts-hack 3.003-3
ii  fonts-roboto-unhinted  2:0~20170802-3
ii  qt5-image-formats-plugins  5.15.2-2

matrix-mirage suggests no packages.

-- no debconf information

Bug#977730: [Pkg-privacy-maintainers] Bug#977730: torbrowser-launcher: Signature verification failed, key expired

2021-05-03 Thread Jean-Michel Vourgère 
This was fixed a few day after submitting the report, as far as I can remember.
May be an upstream issue with the update url?
Fell free to close the report.

signature.asc
Description: This is a digitally signed message part.

Bug#986575: mdbtools ftbfs with -O3

2021-04-09 Thread Jean-Michel Vourgère 
On Wednesday, 7 April 2021 21:52:17 CEST you wrote:
> https://launchpadlibrarian.net/532289912/buildlog_ubuntu-hirsute-ppc64el.mdbtools_0.9.2-2ubuntu1_BUILDING.txt.gz

Regarding the use of deprecated g_memdup, Evan Miller fixed that upstream in 
0.9.2
https://github.com/mdbtools/mdbtools/commit/fe0175aa6398a8fbde051cdce5d69de1de2d4489
that will be released soonish.

Regarding the error: ‘%-12s’ directive argument is null
I can confirm this is not a gcc-11 specific issue as it also occurs with gcc-10 
(4:10.2.1-1 from bullseye) when you modify the d/rules to include "export 
DEB_CFLAGS_MAINT_APPEND=-O3" like you did.
I still think this is a compiler issue. Don't you share that point of view?

signature.asc
Description: This is a digitally signed message part.

Bug#986575: mdbtools ftbfs with -O3

2021-04-07 Thread Jean-Michel Vourgère 
Hello Matthias

This looks like another problem with the compiler (I had no feedback from you 
regarding #984230)

Here's the code:
mdb_get_objtype_string(int obj_type)
{
static const char *type_name[] = {"Form",
"Table",
"Macro",
"System Table",
"Report",
"Query",
"Linked Table",
"Module",
"Relationship",
"Unknown 0x09",
"User Info",
"Database"
};

if (obj_type >= (int)(sizeof(type_name)/sizeof(type_name[0]))) {
return NULL;
} else {
return type_name[obj_type];
}
}

(...)
for (i=0;inum_catalog;i++) {
entry = g_ptr_array_index(mdb->catalog,i);
printf("Type: %-12s", 
mdb_get_objtype_string(entry->object_type));
}

Yelding:
error: ‘%-12s’ directive argument is null

But the mdb is read from a file, and I can't see why and how the compiler would 
decide/know the entry is out of range in g_ptr_array_index and assume 
mdb_get_objtype_string would return NULL anyway...

Regarding the second issue, I can't see errors being redirected to null.
Are you building the package with a tool such as debuild?

signature.asc
Description: This is a digitally signed message part.

Bug#984230: mdbtools: ftbfs with GCC-11

2021-03-03 Thread Jean-Michel Vourgère 
Hello Matthias

Are you positive this is an issue in the code?

I mean, basically, something like
void func(size_t *_lin) {
   *_lin = 42;
}
is now a problem?
It looks weird, and the explanation message points to unrelated types, and 
talks about accessing array[0] with the size being 1..

Could it be a compiler issue?

On Wednesday, 3 March 2021 17:15:26 CET Matthias Klose wrote:
> Package: src:mdbtools
> Version: 0.9.1-1
> Severity: normal
> Tags: sid bookworm
> User: debian-...@lists.debian.org
> Usertags: ftbfs-gcc-11
> 
> [This bug is not targeted to the upcoming bullseye release]
> 
> Please keep this issue open in the bug tracker for the package it
> was filed for.  If a fix in another package is required, please
> file a bug for the other package (or clone), and add a block in this
> package. Please keep the issue open until the package can be built in
> a follow-up test rebuild.
> 
> The package fails to build in a test rebuild on at least amd64 with
> gcc-11/g++-11, but succeeds to build with gcc-10/g++-10. The
> severity of this report will be raised before the bookworm release,
> so nothing has to be done for the bullseye release.
> 
> The full build log can be found at:
> http://people.debian.org/~doko/logs/20210228/filtered/gcc11/mdbtools_0.9.1-1_unstable_gcc11.log
> The last lines of the build log are at the end of this report.
> 
> To build with GCC 11, either set CC=gcc-11 CXX=g++-11 explicitly,
> or install the gcc, g++, gfortran, ... packages from experimental.
> 
>   apt-get -t=experimental install g++ 
> 
> Common build failures are new warnings resulting in build failures with
> -Werror turned on, or new/dropped symbols in Debian symbols files.
> For other C/C++ related build failures see the porting guide at
> http://gcc.gnu.org/gcc-11/porting_to.html
> 
> GCC 11 defaults to the GNU++17 standard.  If your package installs
> header files in /usr/include, please don't work around C++17 issues
> by choosing a lower C++ standard for the package build, but fix these
> issues to build with the C++17 standard.
> 
> [...]
> make[4]: Entering directory '/<>/src/sql'
> /bin/bash ../../libtool  --tag=CC   --mode=compile gcc 
> -DPACKAGE_NAME=\"mdbtools\" -DPACKAGE_TARNAME=\"mdbtools\" 
> -DPACKAGE_VERSION=\"0.9.1\" -DPACKAGE_STRING=\"mdbtools\ 0.9.1\" 
> -DPACKAGE_BUGREPORT=\"https://github.com/mdbtools/mdbtools/issues\; 
> -DPACKAGE_URL=\"https://github.com/mdbtools/mdbtools\; -DPACKAGE=\"mdbtools\" 
> -DVERSION=\"0.9.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 
> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 
> -DLT_OBJDIR=\".libs/\" -DSTDC_HEADERS=1 -DHAVE_FCNTL_H=1 -DHAVE_LIMITS_H=1 
> -DHAVE_UNISTD_H=1 -DHAVE_WORDEXP_H=1 
> -DHAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME=1 -DHAVE_LIBREADLINE=1 
> -DHAVE_READLINE_READLINE_H=1 -DHAVE_READLINE_HISTORY=1 
> -DHAVE_READLINE_HISTORY_H=1 -DHAVE_STRPTIME=1 -DHAVE_FMEMOPEN=1 
> -DHAVE_GMTIME_R=1 -DHAVE_VASPRINTF=1 -DHAVE_ICONV=1 -DICONV_CONST= 
> -DHAVE_ATTRIBUTE_ALIAS=1 -DSIZEOF_LONG_INT=8 -DHAVE_LONG_LONG=1 -I.   
> -Wdate-time -D_FORTIFY_SOURCE=2 -I../../include -I/usr/include/glib-2.0 
> -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DHAVE_GLIB=1 -g -O2 
> -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -DSQL -Wall -Werror -DUNIXODBC -c -o mdbsql.lo 
> mdbsql.c
> /bin/bash ../../libtool  --tag=CC   --mode=compile gcc 
> -DPACKAGE_NAME=\"mdbtools\" -DPACKAGE_TARNAME=\"mdbtools\" 
> -DPACKAGE_VERSION=\"0.9.1\" -DPACKAGE_STRING=\"mdbtools\ 0.9.1\" 
> -DPACKAGE_BUGREPORT=\"https://github.com/mdbtools/mdbtools/issues\; 
> -DPACKAGE_URL=\"https://github.com/mdbtools/mdbtools\; -DPACKAGE=\"mdbtools\" 
> -DVERSION=\"0.9.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 
> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 
> -DLT_OBJDIR=\".libs/\" -DSTDC_HEADERS=1 -DHAVE_FCNTL_H=1 -DHAVE_LIMITS_H=1 
> -DHAVE_UNISTD_H=1 -DHAVE_WORDEXP_H=1 
> -DHAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME=1 -DHAVE_LIBREADLINE=1 
> -DHAVE_READLINE_READLINE_H=1 -DHAVE_READLINE_HISTORY=1 
> -DHAVE_READLINE_HISTORY_H=1 -DHAVE_STRPTIME=1 -DHAVE_FMEMOPEN=1 
> -DHAVE_GMTIME_R=1 -DHAVE_VASPRINTF=1 -DHAVE_ICONV=1 -DICONV_CONST= 
> -DHAVE_ATTRIBUTE_ALIAS=1 -DSIZEOF_LONG_INT=8 -DHAVE_LONG_LONG=1 -I.   
> -Wdate-time -D_FORTIFY_SOURCE=2 -I../../include -I/usr/include/glib-2.0 
> -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DHAVE_GLIB=1 -g -O2 
> -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -DSQL -Wall -Werror -DUNIXODBC -c -o parser.lo 
> parser.c
> test -f lexer.c || /bin/bash ../../build-aux/ylwrap lexer.l lex.yy.c lexer.c 
> -- flex  -i -8
> /bin/bash ../../libtool  --tag=CC   --mode=compile gcc 
> -DPACKAGE_NAME=\"mdbtools\" -DPACKAGE_TARNAME=\"mdbtools\" 
> -DPACKAGE_VERSION=\"0.9.1\"

Bug#977324: doesn't run: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren'

2021-02-04 Thread Jean-Michel Vourgère 
Control: severity -1 grave
Control: tag -1 + patch

Hi

Same issue here: ocrfeeder crashes immediately when started, and is unusable. 
So I'm raising the severity.

The good news is that the patch works like a charm.

signature.asc
Description: This is a digitally signed message part.

Bug#916692: ITA: cuyo

2021-01-03 Thread Jean-Michel Vourgère 
Hello Emmanuel

Do you still plan to adopt cuyo?

signature.asc
Description: This is a digitally signed message part.

Bug#977730: torbrowser-launcher: Signature verification failed, key expired

2020-12-19 Thread Jean-Michel Vourgère 
Package: torbrowser-launcher
Version: 0.3.3-3
Severity: important

Dear Maintainer,

When installing on a fresh bullseye, torbrowser is downloaded, then this
message is printed:

> SIGNATURE VERIFICATION FAILED
> 
> Error Code: 110775B5(...)FF07E2: Key expired
>
> You might be under attack, there might be a network problem, or you
> might be missing a recently added Tor Browser verification key.
>
> A copy of Tor (...)

I expected the download to succeed, obviously.

Thanks

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages torbrowser-launcher depends on:
ii  ca-certificates20200601
ii  gnupg  2.2.20-1
ii  libdbus-glib-1-2   0.110-5
ii  python33.9.0-4
ii  python3-gpg1.14.0-1+b2
ii  python3-packaging  20.4-1
ii  python3-pyqt5  5.15.2+dfsg-1+b1
ii  python3-requests   2.24.0+dfsg-1
ii  python3-socks  1.7.1+dfsg-1

Versions of packages torbrowser-launcher recommends:
ii  tor  0.4.4.6-1

Versions of packages torbrowser-launcher suggests:
ii  apparmor  2.13.5-1+b2

-- no debconf information

Bug#977465: d/control: Please move Homepage: from binary package to source package

2020-12-15 Thread Jean-Michel Vourgère 
Package: coreutils
Version: 8.32-4+b1
Severity: wishlist

Dear Maintainer,

I wanted to repport a man issue, and it took be a while to find upstream
homepage (shame on me).

Anyway, it would have been easier if
https://tracker.debian.org/pkg/coreutils
had shown the url.

Please consider moving
> Homepage: http://gnu.org/software/coreutils
higher in the d/control file, from the binary package to the source
package.

Thanks

Bug#973751: util-linux: flock --conflict-exit-code returns number modulus 255

2020-11-08 Thread Jean-Michel Vourgère 
tag -1 + upstream

Done.
I was lazy looking where exactly to report that.
And thank you for pointing out this is a system limitation.

signature.asc
Description: This is a digitally signed message part.

Bug#973751: util-linux: flock --conflict-exit-code returns number modulus 255

2020-11-04 Thread Jean-Michel Vourgère 
Package: util-linux
Version: 2.36-3+b2
Severity: normal

Dear Maintainer,

When using flock --nonblock --conflict-exit-code 600 on a locked file, the
returned value is 88.

I expected it to be 600.

This can re reproducted by runing:
$ flock --nonblock --conflict-exit-code 600 test.lock -c "sleep 10"&
a few times in a shell.

flock should fail immediatly if the number parameter is out of
acceptable range and will never be returned.

Additionnally, flock(1) should document the fact that number must be <=
255.


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages util-linux depends on:
ii  libaudit1  1:2.8.5-3.1
ii  libblkid1  2.36-3+b2
ii  libc6  2.31-4
ii  libcap-ng0 0.7.9-2.2
ii  libcrypt1  1:4.4.17-1
ii  libmount1  2.36-3+b2
ii  libpam0g   1.3.1-5
ii  libselinux13.1-2+b1
ii  libsmartcols1  2.36-3+b2
ii  libsystemd0246.6-2
ii  libtinfo6  6.2+20200918-1
ii  libudev1   246.6-2
ii  libuuid1   2.36-3+b2
ii  login  1:4.8.1-1
ii  zlib1g 1:1.2.11.dfsg-2

util-linux recommends no packages.

Versions of packages util-linux suggests:
ii  dosfstools  4.1-2
ii  kbd 2.3.0-3
ii  util-linux-locales  2.36-3

-- no debconf information

Bug#968384: mdbtools: Consider switching to active fork

2020-09-02 Thread Jean-Michel Vourgère 
Evan Miller just got write access to the original repository [1] that Debian is 
following.
There now is a redirection from https://github.com/brianb/mdbtools to 
https://github.com/mdbtools/mdbtools on the Microsoft side.
He's planning to merge everything there [2] soon.
Debian urls should be updated.

[1] https://github.com/brianb/mdbtools
[1] https://github.com/mdbtools/mdbtools/pull/162

signature.asc
Description: This is a digitally signed message part.

Bug#956969: linphone: SIP account registration says "Go back" but there is no such button

2020-04-17 Thread Jean-Michel Vourgère 
Package: linphone
Version: 3.12.0-3
Severity: normal

Dear Maintainer,

Using the Account assistant:

On the window "This assistant will help you...", I clic on "Forward"

On the next window I choose "Create an account on linphone.org", then I
clic "Foward" (not Back)

On the next window I enter email, usename, password and I clic "Apply".

Next window says "Error, account is not validated, username already used
or server unreachable. Please go back and try again".

The problem is there is no "Go back" button then. The only button is
"Forward" and it is disabled.

I expected to have a "Back" button on a window that says "Go back",
obviously.

Thank you for taking care of linphone. :)


-- System Information:
Debian Release: 10.3
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linphone depends on:
ii  libatk1.0-0  2.30.0-2
ii  libbctoolbox10.6.0-2+b2
ii  libbelcard1  1.0.2-1
ii  libbellesip0 1.6.3-5
ii  libbzrtp01.0.6-3
ii  libc62.28-10
ii  libcairo21.16.0-4
ii  libgcc1  1:8.3.0-6
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.58.3-2+deb10u2
ii  libgtk2.0-0  2.24.32-3
ii  libmediastreamer-base10  1:2.16.1-4+b1
ii  libmediastreamer-voip10  1:2.16.1-4+b1
ii  libnotify4   0.7.7-4
ii  libortp131:1.0.2-1
ii  libpango-1.0-0   1.42.4-7~deb10u1
ii  libpangocairo-1.0-0  1.42.4-7~deb10u1
ii  libpangoft2-1.0-01.42.4-7~deb10u1
ii  libpangoxft-1.0-01.42.4-7~deb10u1
ii  libsqlite3-0 3.27.2-3
ii  libstdc++6   8.3.0-6
ii  libudev1 241-7~deb10u3
ii  libxml2  2.9.4+dfsg1-7+b3
ii  linphone-nogtk   3.12.0-3
ii  zlib1g   1:1.2.11.dfsg-1

linphone recommends no packages.

Versions of packages linphone suggests:
ii  yelp  3.31.90-1

-- no debconf information

Bug#913046: libjs-cryptojs: Please upgrade to 3.1.9

2020-02-13 Thread Jean-Michel Vourgère 
Version 4.0 is out.

signature.asc
Description: This is a digitally signed message part.

Bug#950881: duply: Autoset trust of keys always fails

2020-02-07 Thread Jean-Michel Vourgère 
Package: duply
Version: 2.1-1
Severity: normal
Tags: patch

Dear Maintainer,

I occasionally restore servers by installing a basic Debian server,
recovering the /root/.duply and then use duply restore.
However, then, I don't have a gnupg home, so that that keys are imported on
first run. This works fine.
However, then, the key needs to be trusted, and it *always* fail.

Step to reproduce:

mv .gnupg .gnupg.bak
duply ... status

You then get something like:
> Encryption public key 'DEBF3E88927A9346' not found.
> Import keyfile '/root/.duply/hosname/gpgkey.DEBF3E88927A9346.pub.asc' to 
> keyring (OK)
> Import keyfile '/root/.duply/hosname/gpgkey.DEBF3E88927A9346.sec.asc' to 
> keyring (OK)
> Autoset trust of key 'DEBF3E88927A9346' to ultimate (FAILED)
> For duply to work you have to set the trust level
> with the command "trust" to "ultimate" (5) now.
> Exit the edit mode of gpg with "quit".
> Running gpg to manually edit key 'D790F566D0CC0472'Secret key is available.

This is really annoying.

I traced back the issue to the function gpg_fingerprint that's not working.

The attached patch fixes the issue.

Thank you for taking care of duply :)

-- System Information:
Debian Release: 10.3
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages duply depends on:
ii  duplicity  0.7.18.2-1
ii  gnupg  2.2.12-1+deb10u1

duply recommends no packages.

Versions of packages duply suggests:
ii  openssh-client  1:7.9p1-10+deb10u2

-- no debconf information--- /usr/bin/duply.orig	2018-11-17 22:27:30.0 +
+++ /usr/bin/duply	2020-02-07 16:07:04.261144459 +
@@ -1100,7 +1100,7 @@
 
 # see 'How to specify a user ID' on gpg manpage
 function gpg_fingerprint {
-  local PRINT=$(gpg $GPG_OPTS --fingerprint "$1" 2>&1|awk -F= 'NR==2{gsub(/ /,"",$2);$2=toupper($2); if ( $2 ~ /^[A-F0-9]+$/ && length($2) == 40 ) print $2; else exit 1}') \
+  local PRINT=$(gpg $GPG_OPTS --fingerprint "$1" 2>&1|awk -F= 'NR==2{gsub(/ /,"",$1);$2=toupper($1); if ( $1 ~ /^[A-F0-9]+$/ && length($1) == 40 ) print $1; else exit 1}') \
 && [ -n "$PRINT" ] && echo $PRINT && return 0
   return 1
 }


signature.asc
Description: This is a digitally signed message part.

Bug#804766: inetutils-inetd: please support ipv6

2020-01-04 Thread Jean-Michel Vourgère 
On Wed, 11 Nov 2015 03:48:10 -0800, you wrote:
> inetd does not listen on IPv6 ports, only IPv4.

Actually, you can use "tcp6" rather than "tcp" to have a service work on both 
ipv4 & ipv6.

Too bad this is undocumented, and that the default inetd.conf uses ipv4-only 
in its comments (examples).

signature.asc
Description: This is a digitally signed message part.

Bug#948168: inetutils-inetd: Typo in inetd.8 : s/--remote/--resolve

2020-01-04 Thread Jean-Michel Vourgère 
Package: inetutils-inetd
Version: 2:1.9.4-7
Severity: minor

Dear Maintainer,

man inetd says:

> --resolve
> Resolve local and remote IP addresses and pass them to the server
> program via TCPLOCALHOST and TCPREMOTEHOST environment variables.
> See ENVIRONMENT below. This option implies --environment.

but latter:

> In addition, if given the --remote option, inetd will set the following
> environment variables:
>
> TCPLOCALHOST: the DNS name of TCPLOCALIP.
>
> TCPREMOTEHOST: the DNS name of TCPREMOTEIP.

Moreover:
> # inetutils-inetd --environment --remote
> inetutils-inetd: unrecognized option '--remote'

So I guess the --remote is a typo for --resolve.

Please consider fixing debian/local/man/inetd.8

Thank you


-- System Information:
Debian Release: 10.2
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-7-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages inetutils-inetd depends on:
ii  libc62.28-10
ii  lsb-base 10.2019051400
ii  rsyslog [system-log-daemon]  8.1901.0-1
ii  tcpd 7.6.q-28
ii  update-inetd 4.49

inetutils-inetd recommends no packages.

inetutils-inetd suggests no packages.

-- no debconf information

Bug#947956: duplicity: mega backend fails to create directory

2020-01-02 Thread Jean-Michel Vourgère 
Package: duplicity
Version: 0.7.18.2-1
Severity: normal
Tags: patch upstream

Dear Maintainer,

When using mega backend for the first time, the initial directory
creation fails:

> --- Start running command BKP at 18:08:19.874 ---
> 1577988500 ERROR torsocks[13151]: Unable to resolve. Status reply: 4 (in 
> socks5_recv_resolve_reply() at socks5.c:677)
> mkdir: hostname
> Reading globbing filelist /root/.duply/hostname/exclude
> megals: /Root/hostname
> Local and Remote metadata are synchronized, no sync needed.
> megals: /Root/hostname
> Last full backup date: none
> Last full backup is too old, forcing full backup
> Reuse configured PASSPHRASE as SIGN_PASSPHRASE
> megarm: duplicity-full.20200102T180820Z.vol1.difftar.gpg
> megaput: duplicity-full.20200102T180820Z.vol1.difftar.gpg
> Attempt 1 failed. BackendException: Error running 'megaput -u 
> em...@example.net -p mypassword --no-progress --path 
> /Root/hostname/duplicity-full.20200102T180820Z.vol1.difftar.gpg 
> /tmp/duplicity-yolDd8-tempdir/mktemp-idQtpH-2': returned 1, with output:
> 
> ERROR: Upload failed for '/tmp/duplicity-yolDd8-tempdir/mktemp-idQtpH-2': 
> Parent directory doesn't exist: /Root/hostname
> ^C18:08:27.223 Task 'BKP' failed with exit code '4'.

Running megamkdir manually fixes the issue.

This is actually easy to fix, it's just a typo calling _make_dir while
the class function, just above, is named _makedir.

Attached is a patch.

I did check the problem is still present in the development tree.

Thank you

-- System Information:
Debian Release: 10.2
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages duplicity depends on:
ii  gnupg 2.2.12-1+deb10u1
ii  libc6 2.28-10
ii  librsync1 0.9.7-10+b1
ii  python2.7.16-1
ii  python-fasteners  0.12.0-3
ii  python-lockfile   1:0.12.2-2

Versions of packages duplicity recommends:
ii  python-oauthlib  2.1.0-1
ii  python-paramiko  2.4.2-0.1
ii  python-pexpect   4.6.0-1
ii  python-urllib3   1.24.1-1
ii  rsync3.1.3-6

Versions of packages duplicity suggests:
pn  lftp
pn  ncftp   
pn  python-boto 
pn  python-cloudfiles   
pn  python-gdata
pn  python-pip  
pn  python-swiftclient  
pn  tahoe-lafs  

-- no debconf information
--- duplicity/backends/megabackend.py	2020-01-02 18:33:17.129411886 +0100
+++ duplicity/backends/megabackend.py	2020-01-02 19:12:47.004365142 +0100
@@ -94,7 +94,7 @@
 for folder in path:
 p = p + u'/' + folder
 try:
-self._make_dir(p)
+self._makedir(p)
 except:
 pass
 


signature.asc
Description: This is a digitally signed message part.

Bug#947317: uscan: Please allow .gitattributes override

2019-12-24 Thread Jean-Michel Vourgère 
Package: devscripts
Version: 2.19.5+deb10u1
Severity: wishlist

Dear Maintainer,

I'm packaging phppgadmin[1]. Upstream provides several nice test suites,
but they are strip from the official release tarball using a
.gitattributes file with export-ignore lines[2].

Tests include a lot of files, like selenium core-lib. In turn, selenium
bundle many external libraries.
It makes sense to me that the final user doesn't want the full test suite
deployed. So I fell unconfortable asking upstream to change their way of not
releasing all this.

However, I do want to get these files, at least in the source, so I can
run unit tests.

Uscan already provides a nice way to use upstream git. However, uscan calls
"git archive" that also takes into account the .gitattributes file, so that
it also removes the "/tests" files.

Right now, I'm building a orig file using "git deborig" [3]. This is
quite ugly.

I believe it would be easy for uscan to override or ignore this
.gitattributes file, like "git deborig" does. That would help a lot.

Please provide a way to override / ignore / patch upstream .gitattributes.

Hint: git archive have an option --worktree-attributes, that allows such
override [4]. As far as I known, uscan doesn't provide a way to run code
between "git clone" and "git archive".

[1] https://tracker.debian.org/pkg/phppgadmin
[2] https://github.com/phppgadmin/phppgadmin/blob/master/.gitattributes
[3] 
https://salsa.debian.org/postgresql/phppgadmin/blob/debian/sid/debian/README.source
[4] https://manpages.debian.org/buster/git-man/git-archive.1.en.html

-- Package-specific info:

--- /etc/devscripts.conf ---

--- ~/.devscripts ---
Not present

-- System Information:
Debian Release: 10.2
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages devscripts depends on:
ii  dpkg-dev  1.19.7
ii  fakeroot  1.23-1
ii  file  1:5.35-4+deb10u1
ii  gnupg 2.2.12-1+deb10u1
ii  gpgv  2.2.12-1+deb10u1
ii  libc6 2.28-10
ii  libfile-homedir-perl  1.004-1
ii  libfile-which-perl1.23-1
ii  libipc-run-perl   20180523.0-1
ii  libmoo-perl   2.003004-2
ii  libwww-perl   6.36-2
ii  patchutils0.3.4-2
ii  perl  5.28.1-6
ii  python3   3.7.3-1
ii  sensible-utils0.0.12
ii  wdiff 1.2.2-2+b1

Versions of packages devscripts recommends:
ii  apt 1.8.2
ii  at  3.1.23-1
ii  curl7.64.0-4
ii  dctrl-tools 2.24-3
ii  debian-keyring  2019.02.25
ii  dput1.0.3
ii  equivs  2.2.0
ii  libdistro-info-perl 0.21
ii  libdpkg-perl1.19.7
ii  libencode-locale-perl   1.05-1
ii  libgit-wrapper-perl 0.048-1
ii  libgitlab-api-v4-perl   0.16-1
ii  liblist-compare-perl0.53-1
ii  liblwp-protocol-https-perl  6.07-2
ii  libsoap-lite-perl   1.27-1
ii  libstring-shellquote-perl   1.04-1
ii  libtry-tiny-perl0.30-1
ii  liburi-perl 1.76-1
ii  licensecheck3.0.31-3
ii  lintian 2.15.0
ii  man-db  2.8.5-2
ii  patch   2.7.6-3+deb10u1
ii  python3-apt 1.8.4
ii  python3-debian  0.1.35
ii  python3-magic   2:0.4.15-2
ii  python3-requests2.21.0-1
ii  python3-unidiff 0.5.4-1
ii  python3-xdg 0.25-5
ii  strace  4.26-0.2
ii  unzip   6.0-23+deb10u1
ii  wget1.20.1-1.1
ii  xz-utils5.2.4-1

Versions of packages devscripts suggests:
pn  adequate  
pn  autopkgtest   
pn  bls-standalone
ii  bsd-mailx [mailx] 8.1.2-0.20180807cvs-1
ii  build-essential   12.6
pn  check-all-the-things  
pn  cvs-buildpackage  
ii  debhelper 12.1.1
pn  devscripts-el 
pn  diffoscope
pn  disorderfs
pn  dose-extra
pn  duck  
pn  faketime  
pn  gnuplot   
pn  how-can-i-help
ii  libauthen-sasl-perl   2.1600-1
pn  libdbd-pg-perl
ii  libfile-desktopentry-perl

Bug#940656: [Pkg-privacy-maintainers] Bug#940656: black screen after upgrade

2019-10-23 Thread Jean-Michel Vourgère 
Control: notforwarded -1

On Wednesday, 23 October 2019 13:01:53 CEST intrigeri wrote:
> To me, it looks like you're affected by #942901 rather than #940656.

You are right, sorry for the noise.

signature.asc
Description: This is a digitally signed message part.

Bug#940656: black screen after upgrade

2019-10-23 Thread Jean-Michel Vourgère 
Control: forwarded -1 https://trac.torproject.org/projects/tor/ticket/32215

I got the same issue, running buster
All windows are black here.

start-tor-browser --verbose shows:
[21969, Main Thread] WARNING: failed to open shm: Permission denied: file 
/var/tmp/build/firefox-d051ff6e2f60/ipc/chromium/src/base/shared_memory_posix.cc,
 line 142
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: Failed to lock new back 
buffer. (t=0.466201) [GFX1-]: Failed to lock new back buffer.

"aa-disable /etc/apparmor.d/torbrowser.Browser.firefox" fixes the issue.

"aa-audit /etc/apparmor.d/torbrowser.Browser.firefox" makes syslog show:
Oct 23 12:11:23 deimos kernel: [48692.792047] audit: type=1400 
audit(1571825483.423:757): apparmor="DENIED" operation="mknod" 
profile="torbrowser_firefox" name="/dev/shm/org.mozilla.ipc.23967.0" pid=23967 
comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 oui

Fixed by adding
/dev/shm/org.mozilla.*.* rw,
to /etc/apparmor.d/torbrowser.Browser.firefox

signature.asc
Description: This is a digitally signed message part.

Bug#942827: buster-pu: package ndppd/0.2.5-4+deb10u1

2019-10-22 Thread Jean-Michel Vourgère 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal

Dear RT

In buster, ndppd has a world writable pid file. This prevent the daemon
to be stop/restarted, which is a real pain when you set it up.

I would like to backport the fix from testing. Attached the proposal.

Do you think this is ok?

-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enableddiff -Nru ndppd-0.2.5/debian/changelog ndppd-0.2.5/debian/changelog
--- ndppd-0.2.5/debian/changelog	2018-11-16 17:26:06.0 +0100
+++ ndppd-0.2.5/debian/changelog	2019-10-17 10:21:15.0 +0200
@@ -1,3 +1,12 @@
+ndppd (0.2.5-4+deb10u1) buster; urgency=medium
+
+  * Patch to avoid word writable pid file, that was breaking daemon init
+scripts. (Closes: #942117)
+  * postinst script fixing pid file permissions for pre 0.2.5-4+deb10u1
+running daemons.
+
+ -- Jean-Michel Vourgère   Thu, 17 Oct 2019 10:21:15 +0200
+
 ndppd (0.2.5-4) unstable; urgency=medium
 
   * Migrated vcs to salsa.
diff -Nru ndppd-0.2.5/debian/patches/pid_perms ndppd-0.2.5/debian/patches/pid_perms
--- ndppd-0.2.5/debian/patches/pid_perms	1970-01-01 01:00:00.0 +0100
+++ ndppd-0.2.5/debian/patches/pid_perms	2019-10-16 22:48:06.0 +0200
@@ -0,0 +1,28 @@
+Description: Umask pid file permissions
+ Pid file was created with default 666 permissions. This causes security
+ issues when trying to stop the process. init stopped working because
+ start-stop-daemon(8) refuses to handle these nasty permissions, since dpkg
+ version 1.19.3.
+Author: Jean-Michel Vourgère 
+Bug-Debian: https://bugs.debian.org/942117
+Bug: https://github.com/DanielAdolfsson/ndppd/issues/56
+Forwarded: yes
+Last-Update: 2019-10-12
+
+Index: ndppd-0.2.5/src/ndppd.cc
+===
+--- ndppd-0.2.5.orig/src/ndppd.cc
 ndppd-0.2.5/src/ndppd.cc
+@@ -274,10 +274,12 @@ int main(int argc, char* argv[], char* e
+ return -1;
+ 
+ if (!pidfile.empty()) {
++mode_t old_umask = umask(022);
+ std::ofstream pf;
+ pf.open(pidfile.c_str(), std::ios::out | std::ios::trunc);
+ pf << getpid() << std::endl;
+ pf.close();
++umask(old_umask);
+ }
+ 
+ // Time stuff.
diff -Nru ndppd-0.2.5/debian/patches/series ndppd-0.2.5/debian/patches/series
--- ndppd-0.2.5/debian/patches/series	1970-01-01 01:00:00.0 +0100
+++ ndppd-0.2.5/debian/patches/series	2019-10-16 22:48:06.0 +0200
@@ -0,0 +1 @@
+pid_perms
diff -Nru ndppd-0.2.5/debian/postinst ndppd-0.2.5/debian/postinst
--- ndppd-0.2.5/debian/postinst	1970-01-01 01:00:00.0 +0100
+++ ndppd-0.2.5/debian/postinst	2019-10-17 10:19:32.0 +0200
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+  configure)
+if [ -n "$2" ] && dpkg --compare-versions "$2" lt-nl 0.2.5-4+deb10u1
+then
+  # Buster version can't be stopped. See #942117
+  if [ -f /var/run/ndppd.pid ]
+  then
+chmod 644 /var/run/ndppd.pid
+  fi
+fi
+  ;;
+esac
+
+#DEBHELPER#


signature.asc
Description: This is a digitally signed message part.

Bug#886181: rrdtool: Please switch to automatic dbgsym package

2019-10-19 Thread Jean-Michel Vourgère 
Control: tag -1 - wontfix + pending

I tried to enable the automatic debug symbol packages, with the python debug 
interface in a new python3-rrdtool-dbg package. However, lintian complains:
W: rrdtool changes: package-builds-dbg-and-dbgsym-variants python3-rrdtool-
{dbg,dbgsym}
N:
N:This package appears to build both -dbg and -dbgsym variants of a
N:package. Only one package should contain the debug symbols
N:
N:Usually the -dbg should be dropped in favour of the -dbgsym. However, in
N:some cases (e.g. Python modules) the -dbg contains more than just the
N:debug symbols. In these cases the -dbgsym should not be built.
N:
N:Refer to the dh_strip(1) manual page and
N:https://wiki.debian.org/AutomaticDebugPackages for details.
N:
N:Severity: normal, Certainty: certain
N:
N:Check: changes-file, Type: changes

So I did automatic symbols for all packages but python3-rrdtool, that will 
keep the old style -dbg package.

https://salsa.debian.org/rrdtool-team/rrdtool/commit/
fd6a82c71b50062a93a8a019c77a42129de1761f

Comments are welcome.

signature.asc
Description: This is a digitally signed message part.

Bug#942639: fix build with Python3.8 + unusual packaging of the debug extension

2019-10-19 Thread Jean-Michel Vourgère 
Hi again

On Saturday, 19 October 2019 12:29:47 CEST Matthias Klose wrote:
> The attached patch fixes the build with Python3.8.
> 
> Noticing that you package both the normal and the debug extension module in
> the same package python3-rrdtool.  The latter should be packaged into a
> python-rrdtool-dbg package.

Could you explain a bit more how is this a problem for python 3.8?

Buster version has:
  python3-rrdtool.install:
  usr/lib/python3*/dist-packages/rrdtool*[0-9]m-*.so

  rrdtool-dbg.install:
  usr/lib/python3*/dist-packages/rrdtool*[0-9]dm-*.so


After switching to automatic debug symbols with an extra python -dbg package:
  python3-rrdtool.install:
  usr/lib/python3*/dist-packages/rrdtool*[0-9]m-*.so

  python3-rrdtool-dbg.install:
  usr/lib/python3*/dist-packages/rrdtool*[0-9]dm-*.so

(This now generates a python3-rrdtool-dbg-dbgsym package)


But I fail to see how this helps with python 3.8. Are the .so name changed? 
How so?

I tried to look at your upload of twisted, but it looks like you forgot to 
push your changes, and twisted_18.9.0-4.dsc is not in the pool yet.

signature.asc
Description: This is a digitally signed message part.

Bug#942639: fix build with Python3.8 + unusual packaging of the debug extension

2019-10-19 Thread Jean-Michel Vourgère 
Hello Matthias

Thank for your bug report and patch.

Actually, I've been putting the rrdtool*[0-9]dm-*.so file in the general old 
school rrdtool-dbg package. I'm still using non automatic debug symbols, 
because of that damned file. I'll switch to automatic debug symbols at the 
same time. :)

You suggested I use python-rrdtool-dbg, but I suppose you mean python3-
rrdtool-dbg, right? I am unsure of naming convention, and the archive seems to 
have an ugly mix of names.

signature.asc
Description: This is a digitally signed message part.

Bug#942137: postgresql-common: strech/buster upgrades fail with error 'invalid value for parameter "lc_time"'

2019-10-11 Thread Jean-Michel Vourgère 
Control: tag -1 - moreinfo

Hi Christoph

My English locale en_GB.UTF-8 is working fine. It is my default locale, 
defined either at installation, or by dpkg-reconfigure locales.

Each time I do a major Debian dist-upgrade (7/8, 8/9 and 9/10), I get many 
such perl warnings. It has never been a real issue, but for the flood of my 
terminal.

Attached is the beginning of my term.log and my /etc/postgresql/9.6/main/
postgresql.conf.

You'll notice that packages locales and perl-modules are unpacked really 
early, but are configured later. These annoying warnings stops when they are 
configured.

You'll notice that I have:
lc_messages = 'en_GB.UTF-8' # locale for system error message
# strings
lc_monetary = 'en_GB.UTF-8' # locale for monetary formatting
lc_numeric = 'en_GB.UTF-8'  # locale for number formatting
#lc_time = 'en_GB.UTF-8' # locale for time formatting


The only problem is lc_time. One must comment out the line for postgres9.6 to 
start during the dist-upgrade. The other lines like lc_messages, lc_monetary 
and lc_numeric are not a problem.

I upgraded 5 different postgresql servers, and I had to edit the 
postgresql.conf in the middle of the update on all 5 of them! Not doing so 
causes the whole dist-upgrade to fail with other nastier side-effect. This is 
not an isolated issue!

You suggested that I redo a "dpkg-reconfigure locales". I don't think I could 
do that in the middle of a dist-upgrade! I assure you that my locale is 
working fine before and after the upgrade, even if it's broken during the 
dist-upgrade!

You can very probably reproduce the problem by installing a stretch using 
locale en_GB.UTF-8, then install postgres (You should then get a 
lc_time='en_GB.UTF-8' in postgresql.conf) and libnss, then do a dist-upgrade 
accepting all automatic restarts when required.

Fell free to tell me how I can help to pinpoint the issue.Log started: 2019-10-10  19:09:28
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 73431 files and directories currently installed.)
Preparing to unpack .../libc-l10n_2.28-10_all.deb ...
Unpacking libc-l10n (2.28-10) over (2.24-11+deb9u4) ...
Preparing to unpack .../locales_2.28-10_all.deb ...
Unpacking locales (2.28-10) over (2.24-11+deb9u4) ...
dpkg: systemd-shim: dependency problems, but removing anyway as you requested:
 libpam-systemd:amd64 depends on systemd-shim (>= 10-3~) | systemd-sysv; however:
  Package systemd-shim is to be removed.
  Package systemd-sysv is not installed.

(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 73450 files and directories currently installed.)
Removing systemd-shim (10-3) ...
Removing 'diversion of /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service to /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service.systemd by systemd-shim'
dpkg: sysvinit-core: dependency problems, but removing anyway as you requested:
 init depends on systemd-sysv | sysvinit-core; however:
  Package systemd-sysv is not installed.
  Package sysvinit-core is to be removed.

Removing sysvinit-core (2.88dsf-59.9) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 73417 files and directories currently installed.)
Preparing to unpack .../systemd-sysv_241-7~deb10u1_amd64.deb ...
Unpacking systemd-sysv (241-7~deb10u1) ...
Setting up systemd-sysv (241-7~deb10u1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading

Bug#942137: postgresql-common: strech/buster upgrades fail with error 'invalid value for parameter "lc_time"'

2019-10-10 Thread Jean-Michel Vourgère 
Package: postgresql-common
Version: 200+deb10u2
Severity: normal

Dear Maintainer,

When upgrading from stretch to buster, the nss upgrade offers restart
the affected services, that is postgresql.

Then we get the message:
┌─Configuring libc6:amd64┐
│ Failure restarting some services for GNU libc upgrade  │
││
│ The following services could not be restarted for the GNU libc library │
│ upgrade:   │
││
│ postgresql │
││
│ You will need to start these manually by running 'invoke-rc.d │
│ start'.│
││
││
├┤
│ <  OK  >   │
└┘

Running "/etc/init.d/postgresql start" manually, one gets:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_GB.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
[] Starting PostgreSQL 9.6 database server: main[] perl: warning: 
Setting locale failed. perl: warning: Please check that your locale settings: 
LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_GB.UTF-8" are supported and 
installed on your system. perl: warning: Falling back to the standard locale 
("C"). The PostgreSQL server failed to start. Please check the log output: 
2019-10-10 20:10:39 BST [21355-1] LOG: invalid value for parameter "lc_time": 
"en_GB.UTF-8" 2019-10-10 20:10:39 BST [21355-2] FATAL: configuration file 
"/etc/postgresq[FAIL/main/postgresql.conf" contains errors ... failed!
 failed!

If I comment out the line "lc_time" in
/etc/postgresql/9.6/main/postgresql.conf then every thing is fine.

I expected libc to upgrade smoothly without having to patch
postgresql.conf file.

-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages postgresql-common depends on:
ii  adduser   3.118
ii  debconf [debconf-2.0] 1.5.71
ii  lsb-base  10.2019051400
ii  postgresql-client-common  200+deb10u2
ii  procps2:3.3.15-2
ii  ssl-cert  1.0.39
ii  ucf   3.0038+nmu1

Versions of packages postgresql-common recommends:
ii  e2fsprogs  1.44.5-1+deb10u2
ii  logrotate  3.14.0-4

Versions of packages postgresql-common suggests:
ii  libjson-perl  4.02000-1

-- debconf information excluded

Bug#941980: pod2man: Please convert zero-width space (u200B) to \:

2019-10-08 Thread Jean-Michel Vourgère 
Package: perl
Version: 5.28.1-6
Severity: normal
File: /usr/bin/pod2man

Dear Maintainer,

I'm using pod to generate man files in package rrdtool.

I had an issue with long man lines such as:
BIvnameE>=IrrdfileE>:Ids-nameE>:ICFE>[:step=IstepE>][:start=ItimeE>][:end=ItimeE>][:reduce=IBE>][:daemon=IaddressE>]
that results lintian "manpage-has-errors-from-man": can't break line.

That I fixed that by inserting unicode zero-width-space characters 200B:
BIvnameE>=IrrdfileE>:Ids-nameE>:ICFE>[:step=IstepE>][:start=ItimeE>]E<0x200B>[:end=ItimeE>]E<0x200B>[:reduce=IBE>]E<0x200B>[:daemon=IaddressE>]

I expected pod2man to generate the corect \: escape sequence, but it
did not.

Right now, as a work around, I'm using in my make file:
pod2man ... --utf8 $< | sed -e $$'s|\u200B|:|g' > $@

This is working great.

However, it would be nice if pod2man would generate automatically the \:
escape sequences, so that I don't have to sed the output!

One could argue that man should handle the "\u200B" character correctly,
but it seems logical to have pod2man do the escape as it would works both
with and without utf-8 encoding.

Thank you!

-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages perl depends on:
ii  dpkg   1.19.7
ii  libperl5.285.28.1-6
ii  perl-base  5.28.1-6
ii  perl-modules-5.28  5.28.1-6

Versions of packages perl recommends:
ii  netbase  5.6

Versions of packages perl suggests:
pn  libb-debug-perl 
pn  liblocale-codes-perl
pn  libterm-readline-gnu-perl | libterm-readline-perl-perl  
ii  make4.2.1-1.2
ii  perl-doc5.28.1-6

-- no debconf information

Bug#941727: phppgadmin expects jquery version 1.8

2019-10-04 Thread Jean-Michel Vourgère 
Package: phppgadmin
Version: 7.12.0+ds-1
Severity: normal

javascript fails on several pages with the message
TypeError: $(...).live is not a function

This is because Debian ships with jqery 3.3 while the package expect
jquery 1.8

Bug#938414: rrdtool: Python2 removal in sid/bullseye

2019-09-05 Thread Jean-Michel Vourgère 
Control: tags -1 - pending
Control: reassign -1 ftp.debian.org
Control: retitle -1 RM: python-rrdtool -- ROM; python2 removal

rrdtool no longer builds package python-rrdtool.

Please remove that binary package from the archive.

signature.asc
Description: This is a digitally signed message part.

Bug#938414: rrdtool python2 removal

2019-09-05 Thread Jean-Michel Vourgère 
Hi Andreas

On Wednesday, 4 September 2019 22:00:54 CEST Andreas Henriksson wrote:
> Control: tags -1 + pending

Thanks. I should have done that earlier! I hope you did not loose too much 
time because of that. :/

> I noticed two things you might want to adress though:
> - the dh-python build-dependency was removed. This package contains the
>   dh_python3 helper which the package still seems to be using, so
>   removing this build-dependency was likely a mistake.

python3-all-dbg and python3-all-dev both depends on dh-python, so this is no 
big deal.
But it looks cleaner to explicitly require it, thanks.

> - The debian/changelog should be changed from "(See: #938414)" to
>   "(Closes: #938414)" so that this bug report gets closed automatically
>   when the fixed package is uploaded.

That's on purpose.
See https://wiki.debian.org/Python/2Removal

signature.asc
Description: This is a digitally signed message part.

Bug#936499: eyefiserver: Python2 removal in sid/bullseye

2019-08-30 Thread Jean-Michel Vourgère 
Control: reassign -1 ftp.debian.org
Control: retitle -1 RM: eyefiserver -- removal triggered by the Python2 removal

Please remove eyefiserver from the archive:


The project is dead upstream. I could not find anyone working on the python3
version.

popcon is 17.

eyefi cards - SD cards with embedded wifi chips for automatic pics uploads - 
no longer are popular.

I fell porting the whole thing to python3 is not worth the effort. But if
someone reads this and want to give it a try, I can sponsor him.


Thank you


signature.asc
Description: This is a digitally signed message part.

Bug#935419: RM: python-django-session-security/2.6.5+dfsg-1 -- ROM; cruft

2019-08-22 Thread Jean-Michel Vourgère 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Hello

Due to #933034, I believe I need manual decrufting:

source package django-session-security 2.6.5+dfsg-2 no longer builds
  binary package(s): python-django-session-security

Please remove python-django-session-security/2.6.5+dfsg-1 from testing so that
django-session-security 2.6.5+dfsg-2 can migrate from sid to testing.

https://qa.debian.org/madison.php?package=django-session-security=debian===bullseye=on
 django-session-security | 2.6.5+dfsg-1 | bullseye | source
 python-django-session-security  | 2.6.5+dfsg-1 | bullseye | all
 python3-django-session-security | 2.6.5+dfsg-1 | bullseye | all

The binary only removal itself is because of python2 removal (#931659).

Bug#932985: [932985] Please remove Python 2 support

2019-07-28 Thread Jean-Michel Vourgère 
Hi Thomas

Thank you for your patch. I just made an upload based on it.

I had to remove python3-django-session-security.install since pybuild put the 
files directly in the correct location.

Also I changed your sphinx changes. Originally:

> override_dh_auto_build:
>   dh_auto_build -O--buildsystem=python_distutils

Your version
> override_dh_sphinxdoc:
> ifeq (,$(findstring nodoc, $(DEB_BUILD_OPTIONS)))
>   python3 setup.py build_sphinx
>   dh_sphinxdoc
> endif
doesn't quite work as dh_sphinxdoc run after dh_install, that fails because 
the files are not there.

My final version:
> override_dh_auto_build:
>   dh_auto_build
> ifeq (,$(findstring nodoc, $(DEB_BUILD_OPTIONS)))
>   python3 setup.py build_sphinx
> endif
works, and doesn't mix the build systems, which I believe was your point.

If you have a better idea, it will be welcome.

Thanks again

signature.asc
Description: This is a digitally signed message part.

Bug#931464: movim: deamon start "--no-ansi" option doesn't work

2019-07-05 Thread Jean-Michel Vourgère 
Package: movim
Version: 0.14.1-5
Severity: normal

Dear Maintainer,

I just tried buster's movim.

I have a black background and
 php daemon.php start --url=https://movim.nirgal.com/ --port=8080 --no-ansi -vvv
prints text in dark blue over black, which is unreadable.

I expected --no-ansi to disable the colors.

Thank you for taking care of movim. :)

-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#929776: unblock: rrdtool/1.7.1-2

2019-05-31 Thread Jean-Michel Vourgère 
Control: tags -1 -moreinfo

Version 1.7.1-2 is now installed on all major architectures.

signature.asc
Description: This is a digitally signed message part.

Bug#929776: unblock: rrdtool/1.7.1-2

2019-05-30 Thread Jean-Michel Vourgère 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please allow me to add an upstream patch in order to fix segfaults in rrdtool 
daemon, that occurs when xport'ing an non-existent RRD file.

unblock rrdtool/1.7.1-2
diff -Nru rrdtool-1.7.1/debian/changelog rrdtool-1.7.1/debian/changelog
--- rrdtool-1.7.1/debian/changelog	2019-02-07 17:08:22.0 +0100
+++ rrdtool-1.7.1/debian/changelog	2019-05-30 22:28:06.0 +0200
@@ -1,3 +1,9 @@
+rrdtool (1.7.1-2) unstable; urgency=medium
+
+  * Cherry pick commit from 1.7.2 to prevent daemon segfault. 
+
+ -- Jean-Michel Vourgère   Thu, 30 May 2019 22:28:06 +0200
+
 rrdtool (1.7.1-1) unstable; urgency=medium
 
   * New upstream version (Closes: #891491, #898184):
diff -Nru rrdtool-1.7.1/debian/patches/segfault-xport rrdtool-1.7.1/debian/patches/segfault-xport
--- rrdtool-1.7.1/debian/patches/segfault-xport	1970-01-01 01:00:00.0 +0100
+++ rrdtool-1.7.1/debian/patches/segfault-xport	2019-05-30 22:28:06.0 +0200
@@ -0,0 +1,21 @@
+From: themylogin 
+Subject: fix segfault on non-existent RRD file when using rrdcached
+ fix segfault on non-existent RRD file when using rrdcached + rrdtool xport
+ (like 814ca69 does for rrdtool graph)
+Applied-Upstream: https://github.com/oetiker/rrdtool-1.x/commit/24b922a2eae193d5d44c01a75786aca4b277a4db
+Date: Wed, 27 Mar 2019 18:09:55 +0100
+Reviewed-by: Tobias Oetiker 
+
+Index: rrdtool/src/rrd_xport.c
+===
+--- rrdtool.orig/src/rrd_xport.c
 rrdtool/src/rrd_xport.c
+@@ -231,7 +231,7 @@ static int rrd_xport_fn(
+ 
+ 
+ /* pull the data from the rrd files ... */
+-if (data_fetch(im) == -1)
++if (data_fetch(im) != 0)
+ return -1;
+ 
+ /* evaluate CDEF  operations ... */
diff -Nru rrdtool-1.7.1/debian/patches/series rrdtool-1.7.1/debian/patches/series
--- rrdtool-1.7.1/debian/patches/series	2019-02-07 16:21:22.0 +0100
+++ rrdtool-1.7.1/debian/patches/series	2019-05-30 22:28:06.0 +0200
@@ -1,2 +1,3 @@
 no-rpath-for-ruby
 breaks-long-man-lines
+segfault-xport


signature.asc
Description: This is a digitally signed message part.

Bug#927952: duply: ssh connection fails when known_hosts doesn't exists

2019-04-25 Thread Jean-Michel Vourgère 
Package: duply
Version: 1.11.3-1
Severity: normal

Dear Maintainer,

On a freshly installed stretch server, on first run, when using ssh, duply
(or a dependency) fails if file known_hosts doesn't exist.

I expected duply to create the file if it's missing.

A simple work around is to connect using ssh first, so that the file is
created.

Here are the log:

$ duply hostname status
Start duply v1.11.3, time is 2019-04-25 09:46:42.
Using profile '/root/.duply/hostname'.
Using installed duplicity version 0.7.11, python 2.7.13, gpg 2.1.18 (Home: 
/root/.gnupg), awk 'mawk 1.3.3 Nov 1996, Copyright (C) Michael D. Brennan', 
grep 'grep (GNU grep) 2.27', bash '4.4.12(1)-release (x86_64-pc-linux-gnu)'.
Autoset found secret key of first GPG_KEY entry '785A86B399C9BD78' for signing.
Checking TEMP_DIR '/tmp' is a folder and writable (OK)
Test - Encrypt to '785A86B399C9BD78' & Sign with '785A86B399C9BD78' (OK)
Test - Decrypt (OK)
Test - Compare (OK)
Cleanup - Delete '/tmp/duply.9853.1556185603_*'(OK)
Backup PUB key '785A86B399C9BD78' to profile. (OK)
Write file 'gpgkey.785A86B399C9BD78.pub.asc' (OK)
Backup SEC key '785A86B399C9BD78' to profile. (OK)
Write file 'gpgkey.785A86B399C9BD78.sec.asc' (OK)

INFO:

duply exported new keys to your profile.
You should backup your changed profile folder now and store it in a safe place.


--- Start running command STATUS at 09:46:43.401 ---
The authenticity of host 'ouqo6z3ijgz7sn7k.onion' can't be established.
SSH-RSA key fingerprint is
ce:2c:7d:15:8a:d0:ea:86:8c:fe:e9:cc:7d:c1:8d:f8.
Are you sure you want to continue connecting (yes/no)? yes
BackendException: ssh connection to u...@mybackupserver.com:22
failed: [Errno 2] No such file or directory: '/root/.ssh/known_hosts'
09:46:54.361 Task 'STATUS' failed with exit code '23'.
--- Finished state FAILED 'code 23' at 09:46:54.361 - Runtime
00:00:10.959 ---



-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages duply depends on:
ii  duplicity  0.7.11-1
ii  gnupg  2.1.18-8~deb9u4

duply recommends no packages.

Versions of packages duply suggests:
ii  openssh-client  1:7.4p1-10+deb9u6

-- no debconf information

Bug#805596: dnsmasq: Fails to resolve cloudflare.com domains with dnssec

2019-03-26 Thread Jean-Michel Vourgère 
Shouldn't this report be closed or at least tagged as fixed in stretch?

signature.asc
Description: This is a digitally signed message part.

Bug#923726: monero: Monero requires update to work after March 9th

2019-03-04 Thread Jean-Michel Vourgère 
Package: monero
Version: 0.13.0.4-1~bpo9+1
Severity: important

Dear Maintainer,

Monero protocol will be updated on March the 9th [1].

The version 0.13 in Debian will cease to work then.

Please package version 0.14 or backport the changes.

[1] https://github.com/monero-project/monero/releases
Or see banner at https://ww.getmonero.org/ pointing at
https://www.reddit.com/r/Monero/comments/ap6iiw/monero_will_fork_at_block_1788000_march_9th/

-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages monero depends on:
ii  libboost-chrono1.62.0   1.62.0+dfsg-4
ii  libboost-date-time1.62.01.62.0+dfsg-4
ii  libboost-filesystem1.62.0   1.62.0+dfsg-4
ii  libboost-program-options1.62.0  1.62.0+dfsg-4
ii  libboost-regex1.62.01.62.0+dfsg-4
ii  libboost-serialization1.62.01.62.0+dfsg-4
ii  libboost-system1.62.0   1.62.0+dfsg-4
ii  libboost-thread1.62.0   1.62.0+dfsg-4
ii  libc6   2.24-11+deb9u4
ii  libgcc1 1:6.3.0-18+deb9u1
ii  libhidapi-libusb0   0.8.0~rc1+git20140818.d17db57+dfsg-1
ii  libminiupnpc10  1.9.20140610-4
ii  libreadline77.0-3
ii  libsodium18 1.0.11-2
ii  libssl1.1   1.1.0j-1~deb9u1
ii  libstdc++6  6.3.0-18+deb9u1
ii  libunbound2 1.6.0-3+deb9u2
ii  libzmq5 4.2.1-4+deb9u1

monero recommends no packages.

monero suggests no packages.

-- no debconf information

Bug#920441: libjs-cryptojs: Doesn't decrypt output from openssl enc anymore

2019-01-25 Thread Jean-Michel Vourgère 
Package: libjs-cryptojs
Version: 3.1.2+dfsg-2
Severity: normal

Dear Maintainer,

Up to jessie, one could encrypt something using openssl:

echo "This is a test" | openssl enc -aes-256-cbc -pass pass:mypassphrase -e 
-base64

and decrypt it using crypto-js

var plaintext = 
CryptoJS.AES.decrypt("U2FsdGVkX1+xT6Jz+c3NLK7zo1OpCBONwFRDOJaWurQ=", 
"mypassphrase" );


This doesn't work with openssl from stretch onward, since openssl is no longer 
using md5.

evpkdf.js contains: "hasher: MD5"


It is possible to work around by adding "-md md5" to openssl calls.
cryptojs should be compatible with openssl defaults.


-- System Information:
Debian Release: 9.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

libjs-cryptojs depends on no packages.

Versions of packages libjs-cryptojs recommends:
ii  javascript-common  11

libjs-cryptojs suggests no packages.

-- no debconf information

Bug#916845: needrestart: README.nagios.md refers to undistributed file ex/nagios/needrestart-nagios

2018-12-19 Thread Jean-Michel Vourgère 
Package: needrestart
Version: 3.3-2
Severity: normal

Dear Maintainer,

Please distribute de ex/nagios/needrestart-nagios as documentation.
It is missing.

Alternatively, it would make sense to copy it directly in
/etc/sudoers.d/ since it is only for user nagios and it include the -p
parameter that prevent automatic restarts. Some people might disagree, though.

Thank you :)

Bug#902444: findutils: -print0 breaks -name conditions

2018-06-26 Thread Jean-Michel Vourgère 
Package: findutils
Version: 4.6.0+git+20161106-2
Severity: normal

Dear Maintainer,

I am runing periodically
> find "$dir" -type f -print0 ! -name clamav.log | xargs -0 clamdscan 
> -log="$dir/clamav.log"

But the file clamav.log is added to the list while it should be
excluded.

I traced the issue to a -print0 problem.

> find -type f -print0 ! -name clamav.log
do not remove clamav.log from the list

> find -type f ! -name clamav.log
works ok.

I expected the -print0 option not to change the logic of the -name
conditions.

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages findutils depends on:
ii  libc62.24-11+deb9u3
ii  libselinux1  2.6-3+b3

findutils recommends no packages.

Versions of packages findutils suggests:
ii  mlocate  0.26-2

-- no debconf information

Bug#902275: haproxy: resolvers nameserver doesn't support IPv6

2018-06-24 Thread Jean-Michel Vourgère 
Source: haproxy 
Version: 1.7.5-2 
Severity: normal 
 
Dear Maintainer, 

I tried to enable dns check in my proxy and this works:
-- 8< 
resolvers mydns
nameserver dnsmasq 127.0.0.1:53
-- 8< 

However, my first tries where
nameserver dnsmasq [::1]:53
and
nameserver dnsmasq ::1:53
and
nameserver dnsmasq localhost:53

All of these attemps resulted in this error:
 Starting [mydns/dnsmasq] nameserver: can't connect socket.

I did check that my local dns is working properly as
dig +short localhost @::1 ANY
works ok.

I expected to be able to enter a v6 address.

-- System Information: 
Debian Release: 9.4 
  APT prefers stable-updates 
  APT policy: (500, 'stable-updates'), (500, 'stable') 
Architecture: amd64 (x86_64) 
 
Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores) 
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8) 
Shell: /bin/sh linked to /bin/dash 
Init: sysvinit (via /sbin/init)


signature.asc
Description: This is a digitally signed message part.

Bug#894444: needrestart doesn't restart services anymore

2018-06-18 Thread Jean-Michel Vourgère 
Hi

Sorry for the long delay anwsering.

>> I am using it with unattended-upgrades.
>> (...)
>> I expected needrestart to automatically reload the services using obsolete
>> libssl, like it used to.

> This is triggered by the bugfix for Debian Bug#876459 and is
> intentional (upstream's point of view).
> (...)
> The behavior before 2.11-3+deb9u1 was a bug and has been fixed in
> stretch's point release 9.4.

Wow...

I expected my system to continue installing security updates AND enabling
them by restarting the affected services when needed.

I find that Debian 9.4 release news "needrestart - Fix switching to list
mode if debconf is run non-interactively" message is inadequate:
There should be a huge fat warning telling people that their system is no
longer protected by security upgrades; and that default behavior of
needrestart is to do nothing!

Please consider adding a debian/NEWS file.

> You could change the default mode to automaticly restart (that also
> effects the interactive mode). (Hint: with needrestart 3.0 it is
> possible to set the NEEDRESTART_MODE environment variable to override
> needrestart's restart mode... might be used in the unattended-upgrade
> cronjob).

This did the trick for me, without enabling backports:

--- /etc/apt/apt.conf.d/99needrestart.orig  2018-06-18 15:29:27.913148439 
+
+++ /etc/apt/apt.conf.d/99needrestart   2018-06-18 15:29:42.337066054 +
@@ -5,4 +5,4 @@
 # was no error during installation.
 #
 
-DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && 
/usr/lib/needrestart/apt-pinvoke || true"; };
+DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && 
/usr/lib/needrestart/apt-pinvoke -ra || true"; };



Thank you for your detailed answer and for taking care of needrestart! <3

signature.asc
Description: This is a digitally signed message part.

Bug#900807: duplicity: Typo in manual

2018-06-05 Thread Jean-Michel Vourgère 
Package: duplicity
Version: 0.7.11-1
Severity: minor

Dear Maintainer,

duplicity(1) contains in "OPERATION AND DATA FORMATS":
> It should not necessary to read this section to use duplicity.

I suggest:
> It should not be necessary to read this section to use duplicity.
or even:
> It is not necessary to read this section to use duplicity.

Thank your for taking care of duplicity!

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages duplicity depends on:
ii  libc62.24-11+deb9u3
ii  librsync10.9.7-10+b1
ii  python   2.7.13-2
ii  python-lockfile  1:0.12.2-2

Versions of packages duplicity recommends:
ii  python-oauthlib  2.0.1-1
ii  python-paramiko  2.0.0-1
ii  python-urllib3   1.19.1-1
ii  rsync3.1.2-1+deb9u1

Versions of packages duplicity suggests:
pn  lftp
pn  ncftp   
pn  python-boto 
pn  python-cloudfiles   
pn  python-gdata
pn  python-swiftclient  
pn  tahoe-lafs  

-- no debconf information

Bug#885874: ITP: node-raphael -- JavaScript library to work with vector graphics

2018-04-11 Thread Jean-Michel Vourgère 
Hi praveen

You added the "blocks", so I guess you know that package is already in the 
archive:

https://packages.qa.debian.org/raphael

Shouldn't we close that bug?

For you information, raphael has just been orphaned.
https://bugs.debian.org/895407

signature.asc
Description: This is a digitally signed message part.

Bug#894441: dpkg-buildpackage: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries. Breaks M-A:same

2018-04-05 Thread Jean-Michel Vourgère 
On Friday, 30 March 2018 15:02:31 CEST Chris Lamb wrote:
> [ https://lists.debian.org/debian-security/2017/05/msg00011.html ]

On Friday, 30 March 2018 20:15:33 CEST Sven Joachim wrote:
> [ https://bugs.debian.org/843773 ]

Thanks a lot guys for pointing out that issue!

Basically, when doing bin-nmus, we really want to bump the mtime of the 
distributed files. Not doing so results in some backups programs (rsync...) to 
loose updates. Other programs restarting services on libraries updates 
(needrestart...) would also be affected.


So, during compilation:
SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries
because it breaks Multi-Arch:same on bin-nmu.

During dpkg-deb (:
SOURCE_DATE_EPOCH must *not* ignore bin-nmu changelog entries
because it would break software relying on files mtime.

Doh!

In https://bugs.debian.org/843773#75 Ian Jackson propose to introduce a 
BUILD_DATE_EPOCH (= time of sbuild binnmu invocation) be prefered over 
SOURCE_DATE_EPOCH by dpkg-deb.

That would work, wouldn't it?

signature.asc
Description: This is a digitally signed message part.

Bug#788574: libjs-raphael: Watch file doesn't work

2018-04-05 Thread Jean-Michel Vourgère 
Attached is an updated versionversion=3
https://github.com/DmitryBaranovskiy/raphael/releases \
.*[^n]/(?:|v|version-|version|release-|r|REL_|rel-|raphael(?:_|-))(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)


signature.asc
Description: This is a digitally signed message part.

Bug#894603: logrotate: file size changed while zipping

2018-04-02 Thread Jean-Michel Vourgère 
Control: tag -1 forwarded https://bugzilla.netfilter.org/show_bug.cgi?id=1240

Hi

I filed a bug report upstream. We are not using their logrotate conf file, but 
they are similar.

signature.asc
Description: This is a digitally signed message part.

Bug#894603: logrotate: file size changed while zipping

2018-04-02 Thread Jean-Michel Vourgère 
Package: ulogd2
Version: 2.0.5-5
Severity: normal

Hello Chris,

I got this email from cron:

> /etc/cron.daily/logrotate:
> error: Compressing program wrote following message to stderr when
> compressing log /var/log/ulog/syslogemu.log.1:
> gzip: stdin: file size changed while zipping

I suspect last log entries are lost.
This is an unwanted message in anycase.
One solution would be to add delaycompress in the logrotate script, I suppose.

Cheers

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages ulogd2 depends on:
ii  adduser  3.115
ii  init-system-helpers  1.48
ii  libc62.24-11+deb9u3
ii  libmnl0  1.0.4-2
ii  libnetfilter-acct1   1.0.2-1.1
ii  libnetfilter-conntrack3  1.0.6-2
ii  libnetfilter-log11.0.1-1.1
ii  libnfnetlink01.0.1-3
ii  lsb-base 9.20161125

ulogd2 recommends no packages.

Versions of packages ulogd2 suggests:
pn  ulogd2-dbi  
pn  ulogd2-json 
pn  ulogd2-mysql
pn  ulogd2-pcap 
pn  ulogd2-pgsql
pn  ulogd2-sqlite3  

-- Configuration Files:
/etc/ulogd.conf [Errno 13] Permission denied: '/etc/ulogd.conf'

-- no debconf information


signature.asc
Description: This is a digitally signed message part.

Bug#894444: needrestart doesn't restart services anymore

2018-03-30 Thread Jean-Michel Vourgère 
Package: needrestart
Version: 2.11-3+deb9u1
Severity: normal

Dear Maintainer,

Here, needrestart recently stopped working automatically in stable.

I am using it with unattended-upgrades.

After libssl upgrade this morning, unattended-upgrades-dpkg.log says things 
like:
systemctl restart nagios-nrpe-server.service

But a ps show that the service has not been restarted for 2 weeks:
nagios 880  0.0  0.1  23912  4084 ?Ss   Mar13   1:08 /usr/sbin/
nrpe -c /etc/nagios/nrpe.cfg -f

If I run needrestart manually, I am asked whether or not I want to restart 
nagios-nrpe-server.service (cute curse interface). If I answer yes, the 
services are properly restarted.
nagios   21026  0.3  0.1  23912  4316 ?Ss   12:10   0:00 /usr/sbin/
nrpe -c /etc/nagios/nrpe.cfg -f

I expected needrestart to automatically reload the services using obsolete 
libssl, like it used to.

This bug has major security impact on all my servers, obviously. Luckilly 
nagios plugin mode show which servers are affected and need to be restarted 
manually.

-- Package-specific info:
needrestart output:
Running kernel seems to be up-to-date.
Services to be restarted:
 systemctl restart ntp.service
 systemctl restart ssh.service
No containers need to be restarted.
No user sessions are running outdated binaries.



-- System Information:
Debian Release: 9.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages needrestart depends on:
ii  dpkg   1.18.24
ii  gettext-base   0.19.8.1-2
ii  libintl-perl   1.26-2
ii  libmodule-find-perl0.13-1
ii  libmodule-scandeps-perl1.23-1
ii  libproc-processtable-perl  0.53-2
ii  libsort-naturally-perl 1.03-1
ii  libterm-readkey-perl   2.37-1
ii  perl   5.24.1-3+deb9u2
ii  xz-utils   5.2.2-1.2+b1

Versions of packages needrestart recommends:
ii  libpam-systemd  232-25+deb9u2

Versions of packages needrestart suggests:
pn  needrestart-session | libnotify-bin  

-- no debconf information
Log started: 2018-03-30  06:53:40
Preconfiguring packages ...
(Reading database ... ^M(Reading database ... 5%^M(Reading database ... 10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading database ... 25%^M(Reading database ... 30%^M(Reading database ... 35%^M(Reading database ... 40%^M(Reading database ... 45%^M(Reading database ... 50%^M(Reading database ... 55%^M(Reading database ... 60%^M(Reading database ... 65%^M(Reading database ... 70%^M(Reading database ... 75%^M(Reading database ... 80%^M(Reading database ... 85%^M(Reading database ... 90%^M(Reading database ... 95%^M(Reading database ... 100%^M(Reading database ... 47196 files and directories currently installed.)
Preparing to unpack .../libssl1.0.2_1.0.2l-2+deb9u3_amd64.deb ...
Unpacking libssl1.0.2:amd64 (1.0.2l-2+deb9u3) over (1.0.2l-2+deb9u2) ...
Preparing to unpack .../libssl1.1_1.1.0f-3+deb9u2_amd64.deb ...
Unpacking libssl1.1:amd64 (1.1.0f-3+deb9u2) over (1.1.0f-3+deb9u1) ...
Preparing to unpack .../openssl_1.1.0f-3+deb9u2_amd64.deb ...
Unpacking openssl (1.1.0f-3+deb9u2) over (1.1.0f-3+deb9u1) ...
Setting up libssl1.0.2:amd64 (1.0.2l-2+deb9u3) ...
Processing triggers for libc-bin (2.24-11+deb9u3) ...
Setting up libssl1.1:amd64 (1.1.0f-3+deb9u2) ...
Setting up openssl (1.1.0f-3+deb9u2) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for libc-bin (2.24-11+deb9u3) ...
Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The resize program didn't work. The stty program didn't work. at /usr/share/perl5/NeedRestart/UI.pm line 50.
Running kernel seems to be up-to-date.
Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The resize program didn't work. The stty program didn't work. at /usr/share/perl5/NeedRestart/UI.pm line 50.
Services to be restarted:
 systemctl restart nagios-nrpe-server.service
 systemctl restart ntp.service
 systemctl restart ssh.service
Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The resize program didn't work. The stty program didn't work. at /usr/share/perl5/NeedRestart/UI.pm line 50.
Services being skipped:
 systemctl restart apt-daily-upgrade.service
Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The resize program didn't work. The stty program didn't work. at /usr/share/perl5/NeedRestart/UI.pm line 50.
No containers need to be restarted.
Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The

Bug#894441: dpkg-buildpackage: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries. Breaks M-A:same

2018-03-30 Thread Jean-Michel Vourgère 
Package: dpkg-dev
Version: 1.19.0.5
Severity: important
Justification: Make unrelated packages violate multi-arch specs

Dear Maintainer,

When doing bin-nmu, each architecture gets its own d/changelog entry like:


rrdtool (1.7.0-1+b1) sid; urgency=low, binary-only=yes
  * Binary-only non-maintainer upload for arm64; no source changes.
  * Rebuild without ruby2.3 support.
 -- arm Build Daemon (arm-conova-01)   Tue, 27 Mar 2018 12:27:33 +


rrdtool (1.7.0-1+b1) sid; urgency=low, binary-only=yes
  * Binary-only non-maintainer upload for armhf; no source changes.
  * Rebuild without ruby2.3 support.
 -- armhf / armel Build Daemon (hoiby)   
Wed, 28 Mar 2018 08:13:09 +


As a result, when building rrdtool +b1 on arm64 [1] we have:
SOURCE_DATE_EPOCH="1522153653"
while on armhf [2] we have:
SOURCE_DATE_EPOCH="154789"

This causes the packages librrds-perl - that uses pod2man - to get /usr/share/
man/man3/RRDs.3pm.gz having different files on different architectures:
On amd64 architecture:
.TH RRDs 3pm "2018-03-27" "perl v5.26.1" "User Contributed Perl Documentation"
On armhf architecture:
.TH RRDs 3pm "2018-03-28" "perl v5.26.1" "User Contributed Perl Documentation"

This in turn results in the package no longer being Multi-arch:same after the 
bin-nmus, as reported by 

Since a bin-nmu can occur for a single architecture, I believe the best course 
of action would be to change dpkg-buildpackage behavior to keep previous 
SOURCE_DATE_EPOCH when building a bin-nmu'ed package. This could be achive by 
ignoring the entries in d/changelog that contain the "binary-only=yes" tag 
when setting SOURCE_DATE_EPOCH.
Note that I did not test this solution. WB team input would be great at this 
point.

Appologies for the severity. While multi-arch is not part of the policy 
(#749826), I guess it is used wildly-enough to justify this. Fell free to 
adjust, obviously.

See also https://lists.debian.org/debian-wb-team/2018/03/msg00040.html

[1] https://buildd.debian.org/status/fetch.php?
pkg=rrdtool=arm64=1.7.0-1%2Bb1=1522153882=0
[2] https://buildd.debian.org/status/fetch.php?
pkg=rrdtool=armhf=1.7.0-1%2Bb1=155293=0

signature.asc
Description: This is a digitally signed message part.

Bug#885744: mdbtools-gmdb: Depends on libgnomeui

2018-02-19 Thread Jean-Michel Vourgère 
Control: tags -1 +help

I'm unable to port gmdb to gtk-3. Mostly by lack of knowledge.

If someone propose a patch, I can very probably push it upstream, that would 
be nice.

My plan is to remove gmdb package and to package only the drivers and command 
line tools. Honestly, I boldly guess most people are using the gui to export 
the data to another free database system, and that can be accomplished using 
the command line.

signature.asc
Description: This is a digitally signed message part.

Bug#890466: Please giveback rrdtool + questions on vs92

2018-02-15 Thread Jean-Michel Vourgère 
Hello

There was a weird issue during last compilation of rrdtool on m68k.
Basically, isinf(1.0/sin(0.0)) returned false.

Could we please retry the build, in order to rule out any transient failure. 
(Yes, it sounds stupid, but in my experience, this things happen ...)

gb rrdtool_1.7.0-1 . m68k

If the error is confirmed, it may come from a bug in gcc or in the emulator.
See https://bugs.debian.org/890466
Do you know whether vs92 builder is a native m68k processor, or an emulator, 
and if so wich emulator? Or could you point me to where I can get that 
information?

Thanks!

signature.asc
Description: This is a digitally signed message part.

Bug#888495: check_haproxy_stats: Please change default location admin sock

2018-02-14 Thread Jean-Michel Vourgère 
Control: tags -1 +patch

Trivial patch attached
Description: Change haproxy default socket to match debian haproxy
 haproxy enables admin socket at /var/run/haproxy/admin.sock by default since 1.5~dev24-2.
 .
 This fixes the default location to work out of the box.
Bug-Debian: https://bugs.debian.org/888495
Forwarded: not-needed
Author: Jean-Michel Vourgère <nir...@debian.org>
Last-Update: 2018-02-14

--- a/check_haproxy_stats/check_haproxy_stats.pl
+++ b/check_haproxy_stats/check_haproxy_stats.pl
@@ -57,7 +57,7 @@
 in list.
 
 -s, --sock, --socket
-Use named UNIX socket instead of default (/var/run/haproxy.sock)
+Use named UNIX socket instead of default (/var/run/haproxy/admin.sock)
 
 -w, --warning
 Set warning threshold for sessions number to the specified percentage (see -c)
@@ -114,7 +114,7 @@
 # Defaults
 my $swarn = 80.0;
 my $scrit = 90.0;
-my $sock  = "/var/run/haproxy.sock";
+my $sock  = "/var/run/haproxy/admin.sock";
 my $dump;
 my $proxy;
 my $help;


signature.asc
Description: This is a digitally signed message part.

Bug#890286: rrdcached: "gmetad RRD_update [...] rrdcached: Permission denied" if limited socket specified first

2018-02-14 Thread Jean-Michel Vourgère 
Hi Chad

Thank you for your detailed report.

Before I dig more into it, can you double check there is no other instance of 
rrdcached running, and using the same socket location?

I think rrdcached was disabled by default on jessie, and was enabled by 
default on stretch. And since you are using the default rrdcached socket 
location /var/run/rrdcached.sock there might be a conflict there.

signature.asc
Description: This is a digitally signed message part.

Bug#889883: dh-lua: Please disable --silent in libtool calls

2018-02-08 Thread Jean-Michel Vourgère 
Package: dh-lua
Version: 24
Severity: wishlist
Tag: patch
 
Hello Enrico 
 
My rrdtool package uses dh-lua. I get a bunch of compiler-flags-hidden 
warnings in build log scanner [1], from package blhc.
 
If you don't mind too much the extra verbosity, please consider removing 
--silent from the libtool calls. Having complete build logs help 
detecting hazardous compilation options, globaly.

FYI, #628515 talks about setting this conditionally, but this is just a 
proposal at the moment, as far as I know.

Patch attached.

Cheers

[1] https://qa.debian.org/bls/packages/r/rrdtool.html
--- /usr/share/dh-lua/make/dh-lua.Makefile.single.orig	2018-02-08 09:38:33.240629090 +
+++ /usr/share/dh-lua/make/dh-lua.Makefile.single	2018-02-08 09:38:42.776798990 +
@@ -44,7 +44,7 @@
 LUA=lua$(LUA_VERSION)
 C_TEST_FILE=$(DH_LUA_SUPPORT_FILES)test/$(LUA_VERSION)/app.c
 PREFIX=$(DESTDIR)/usr/
-LBTL=libtool --silent --tag=CC
+LBTL=libtool --tag=CC
 ifeq "$(LUA_SOURCES_MANGLER)" ""
 	LUA_SOURCES_MANGLER:=cat
 endif


signature.asc
Description: This is a digitally signed message part.

Bug#886181: rrdtool: Please switch to automatic dbgsym package

2018-02-02 Thread Jean-Michel Vourgère 
Control: severity -1 wishlist

Hello Jeremy

On Tuesday, 2 January 2018 16:35:32 CET you wrote:
> Please drop the -dbg package and use an automatic dbgsym packge instead.
> https://wiki.debian.org/AutomaticDebugPackages

Right now, the rrdtool contains more than the debug symbols, it also contains 
rrdtool.x86_64-linux-gnu_d.so and similar [1], which are the python debug 
version of the .so. This file is generated automatically by the helpers, like 
in many python native libraries.

What do you think should be done with that file?

Should we move it to its own python-rrdtool-dbg? And python3-rrdtool-dbg? And 
it would generate packages python-rrdtool-dbg-dbgsym and so on...

This looks like a bad idea, doesn't it?

Unless maybe you know a trick to disable the automatic choice of the files in 
a -dbgsym package so that this file is included there? I'm not even sure this 
is the appropriate thing to do...

[1] https://packages.debian.org/sid/amd64/rrdtool-dbg/filelist

signature.asc
Description: This is a digitally signed message part.

Bug#888495: check_haproxy_stats: Please change default location admin sock

2018-01-26 Thread Jean-Michel Vourgère 
Package: nagios-plugins-contrib
Version: 21.20170222
Severity: minor

Dear Maintainer,

Running
/usr/lib/nagios/plugins/check_haproxy_stats
returns:
> Unable to connect to haproxy socket: connect: No such file or directory at 
> /usr/lib/nagios/plugins/check_haproxy_stats line 144.

/usr/lib/nagios/plugins/check_haproxy_stats --help
says:
> -s, --sock, --socket
>   Use named UNIX socket instead of default (/var/run/haproxy.sock)

/usr/lib/nagios/plugins/check_haproxy_stats -s /var/run/haproxy/admin.sock
runs ok.

Please change default socket location to match debian default.
See haproxy (1.5~dev24-2) changelog at
http://metadata.ftp-master.debian.org/changelogs/main/h/haproxy/unstable_changelog
and commit at
https://anonscm.debian.org/cgit/pkg-haproxy/haproxy.git/commit/?id=8b77d5e324bb11466a3e10cd4885234f9cbf8a61

Thank you!

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

nagios-plugins-contrib depends on no packages.

Versions of packages nagios-plugins-contrib recommends:
ii  bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u4
ii  binutils   2.28-5
pn  freeipmi-tools 
ii  libc6  2.24-11+deb9u1
pn  libdata-validate-domain-perl   
pn  libdata-validate-ip-perl   
pn  libdate-manip-perl 
pn  libdbd-mysql-perl  
ii  libio-socket-ssl-perl  2.044-1
ii  libipc-run-perl0.94-1
ii  liblocale-gettext-perl 1.07-3+b1
pn  liblwp-useragent-determined-perl   
pn  libmail-imapclient-perl
pn  libmemcached11 
pn  libmemcachedutil2  
pn  libmonitoring-plugin-perl | libnagios-plugin-  
pn  libnet-cups-perl   
ii  libnet-dns-perl1.07-1
pn  libnet-dns-sec-perl
ii  libnet-smtp-ssl-perl   1.04-1
pn  libnet-smtp-tls-perl   
pn  libnet-smtpauth-perl   
pn  libnet-snmp-perl   
ii  libnet-ssleay-perl 1.80-1
pn  libreadonly-perl   
pn  libredis-perl  
ii  libtimedate-perl   2.3000-2
pn  libvarnishapi1 
pn  libwebinject-perl  
pn  libxml-simple-perl 
pn  libyaml-syck-perl  
ii  lsof   4.89+dfsg-0.1
pn  nagios-plugins-basic   
ii  openssl1.1.0f-3+deb9u1
ii  perl   5.24.1-3+deb9u2
ii  perl-base [libsocket-perl] 5.24.1-3+deb9u2
ii  python 2.7.13-2
pn  python-pymongo 
pn  ruby | ruby-interpreter
pn  snmp   
ii  whois  5.2.17~deb9u1

Versions of packages nagios-plugins-contrib suggests:
pn  backuppc   
pn  cciss-vol-status   
pn  expect 
pn  libsys-virt-perl   
ii  moreutils  0.60-1
pn  mpt-status 
pn  nagios-plugin-check-multi  
pn  percona-toolkit
pn  perl-doc   
ii  python2.7  2.7.13-2+deb9u2
pn  smstools

Bug#883912: lxc-create(1) incorrectly says default fstype is ext4

2017-12-09 Thread Jean-Michel Vourgère 
Package: lxc
Version: 1:2.0.7-2
Severity: minor

Dear Maintainer,

man lxc-create says:
> --fstype FSTYPE will create an FSTYPE filesystem on the LV, rather than the
> default, which is ext4.

However, when a container is created with lvm without the --fstype option
it gets an ext3 partition.

In src/lxc/bdev/lxclvm.c, in lvm_create:
> fstype = specs->fstype;
> if (!fstype)
> fstype = DEFAULT_FSTYPE;

In src/lxc/bdev/bdev.h:
> #define DEFAULT_FSTYPE "ext3"

I expected the manual to say the default is ext3, not ext4.

Cheers

-- System Information:
Debian Release: 9.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages lxc depends on:
ii  init-system-helpers  1.48
ii  libapparmor1 2.11.0-3
ii  libc62.24-11+deb9u1
ii  libcap2  1:2.25-1
ii  libgnutls30  3.5.8-5+deb9u3
ii  liblxc1  1:2.0.7-2
ii  libseccomp2  2.3.1-2.1
ii  libselinux1  2.6-3+b3
ii  lsb-base 9.20161125
ii  python3  3.5.3-1
ii  python3-lxc  1:2.0.7-2

Versions of packages lxc recommends:
ii  bridge-utils  1.5-13+deb9u1
ii  debootstrap   1.0.89
ii  dirmngr   2.1.18-8~deb9u1
ii  dnsmasq-base  2.76-5+deb9u1
ii  gnupg 2.1.18-8~deb9u1
ii  iptables  1.6.0+snapshot20161117-6
ii  libpam-cgfs   2.0.7-1
ii  lxcfs 2.0.7-1
ii  openssl   1.1.0f-3+deb9u1
ii  rsync 3.1.2-1
ii  uidmap1:4.4-4.1

Versions of packages lxc suggests:
pn  apparmor 
pn  btrfs-tools  
ii  lvm2 2.02.168-2

-- no debconf information

Bug#881700: python-moinmoin: Apache2.4 requires .conf extension in sites-available

2017-11-14 Thread Jean-Michel Vourgère 
Package: python-moinmoin
Version: 1.9.9-1
Severity: minor

Dear Maintainer,

In README.Debian, on line 34, it is suggested one create a file
/etc/apache2/sites-available/mywiki.
But this doesn't work since apache upgraded to 2.4.
File needs to be named /etc/apache2/sites-available/mywiki.conf

This is the only change. Note that "a2ensite mywiki" on line 57 is ok without
the extension.

Bug#881043: needrestart: nagios plugin mode issues invalid output when non root

2017-11-07 Thread Jean-Michel Vourgère 
Package: needrestart
Version: 2.11-3
Severity: normal
Tags: patch

Dear Maintainer,

I tried running "needstart -p" from nagios-nrpe-server using
command[check_restart]=/usr/sbin/needrestart -p

My icinga dashbord then shows "UNKOWN NRPE: Unable to read output".

I expected to read "UNKOWN - This plugin needs to be run as root!".


Calling manually
/usr/lib/nagios/plugins/check_nrpe -H targethost -c check_restart
on the icinga server results in
UNKOWN NRPE: Unable to read output

Calling manually "/usr/sbin/needrestart -p" as nagios user on the targethost
results in
UNKN - This plugin needs to be run as root!
being sent to STDERR and not to STDOUT.

This is an NRPE protocol implementation error.

The following patch fixes the issue:

--- needrestart-2.11.orig/needrestart
+++ needrestart-2.11/needrestart
@@ -198,7 +198,7 @@ print STDERR "$LOGPREF needrestart v$Nee
 my $uid = $<;
 if($uid) {
 if($opt_p) {
-   print STDERR "UNKN - This plugin needs to be run as root!\n";
+   print "UNKN - This plugin needs to be run as root\n";
exit 3;
 }




Thank you for taking care of needrestart. <3

Bug#869892: Using sysv, lxc-start fails while trying to create cgroup

2017-10-22 Thread Jean-Michel Vourgère 
On Saturday, 21 October 2017 17:08:42 CEST Evgeni Golov wrote:
> Hi,
> 
> On Fri, Oct 20, 2017 at 03:09:34PM +0200, Jean-Michel Vourgère wrote:
> > > I guess in your case the systemd binary is installed (but not used as
> > > init) and thus the dependency did not trigger?
> > 
> > Exactly. cgroupfs-mount was not installed and installing it fixed my
> > issue.
> > 
> > Maybe the dependency could be adjusted?
> > What about
> > 
> > Depends: cgroupfs-mount | systemd-sysv
> > 
> > ?
> > 
> > When you install sysvinit-core, systemd-sysv gets removed. And vice-versa.
> 
> my understanding (and I might be wrong) is that one should not use
> sysvinit-core and systemd-sysv in Depends, but their sysvinit and
> systemd as these are enough to use them as init (by calling
> init=/lib/whatver).
> 
> on the other hand, cgroupfs-mount is a noop when systemd is init, so we
> could just depend on it, uncoditionally. what do you think?

That works for me.

In my opinion, both init systems should provide a system in the same state. 
The issue is womewhat larger than lxc, and we should probably ask outside for 
a proper fix. But I fear there still is a lot of stress around, with the new 
default init system, and I am tired just thinking about geting into that topic 
again... :(

signature.asc
Description: This is a digitally signed message part.

Bug#869892: Using sysv, lxc-start fails while trying to create cgroup

2017-10-20 Thread Jean-Michel Vourgère 
> > I finally had it working by adding
> > "cgroup  /sys/fs/cgroup  cgroup  defaults  0   0"
> > to my /etc/fstab
> > 
> > A little note in /usr/share/doc or elsewhere would be nice.
> 
> This is why liblxc1 has a "Depends: cgroupfs-mount | systemd", as
> cgroupfs-mount should be used to mount cgroupfs on non-systemd systems.
> (I say should, as it is perfectly fine to do it otherwise, just
> cgroupfs-mount is what we have tested).
> 
> I guess in your case the systemd binary is installed (but not used as
> init) and thus the dependency did not trigger?

Exactly. cgroupfs-mount was not installed and installing it fixed my issue.

Maybe the dependency could be adjusted?
What about
Depends: cgroupfs-mount | systemd-sysv
?

When you install sysvinit-core, systemd-sysv gets removed. And vice-versa.

signature.asc
Description: This is a digitally signed message part.

Bug#758557: network-manager: not authorized to control networking

2017-10-20 Thread Jean-Michel Vourgère 
I had a simmilar issue.

I'm using sysvinit-core since systemd no longer supports rcS scripts like my 
firewall.

I fixed the issue by removing
> none  /sys/fs/cgroup  cgroup  defaults  0   0
from my /etc/fstab, that I had to add in the first place for lxc to work.

Here, this means that lxc doesn't work anymore when I can edit connections; 
and that I can't edit connections when I reactivate the line to use lxc...

signature.asc
Description: This is a digitally signed message part.

Bug#879111: ddclient: nsupdate sends A records when using ipv6 addresses

2017-10-19 Thread Jean-Michel Vourgère 
Package: ddclient
Version: 3.8.3-1.1
Severity: normal

Dear Maintainer,

I'm using a config file like this:
--- 8< ---
usev6=if, if=tunipred

protocol=nsupdate
server=dnsmaster.nirgal.com
password=/root/dyndns/Kdynamic.test.+163+31401.key
zone=dyn.nirgal.com
ttl=60
test.dyn.nirgal.com
--- 8< ---

But this fails with this message:

--- 8< ---
DEBUG:get_ip: using if, tunipred reports 2001:123:456:789::1
INFO: forcing updating test.dyn.nirgal.com because no cached entry exists.
DEBUG:
DEBUG: nic_nsupdate_update ---
INFO: setting IP address to 2001:123:456:789::1 for test.dyn.nirgal.com
UPDATE:   updating test.dyn.nirgal.com
UPDATE:   nsupdate command is: /usr/bin/nsupdate -k 
/root/dyndns/Kdynamic.test.+163+31401.key -d
UPDATE:   nsupdate instructions are:
UPDATE:server dnsmaster.nirgal.com
UPDATE:zone dyn.nirgal.com.
UPDATE:update delete test.dyn.nirgal.com. A
UPDATE:update add test.dyn.nirgal.com. 60 A 2001:123:456:789::1
UPDATE:send
Creating key...
19-Oct-2017 16:55:37.705 dns_rdata_fromtext: buffer-0x7fa7ab69a590:1: near 
'2001:123:456:789::1': bad dotted quad
invalid rdata format: bad dotted quad
syntax error
ddclient: failed closing | /usr/bin/nsupdate -k 
/root/dyndns/Kdynamic.test.+163+31401.key -d.()
FAILED:   updating test.dyn.nirgal.com
--- 8< ---

The commands are wrongs because ipv6 requieres  records and not A records.

If I change A by  in /usr/sbin/ddclient on lines 4062 and 4063, the program
now works correctly for IPv6 (but obviously it is then broken for IPv4).


--- /usr/sbin/ddclient  2017-10-19 16:55:25.896653060 +0200
+++ /usr/sbin/ddclient6 2017-10-19 17:02:50.108664579 +0200
@@ -4059,8 +4059,8 @@
 EoINSTR1
foreach (@hosts) {
$instructions .= <

Bug#878752: smartmontools: Missing file /usr/share/docs/smartmontools/WARNINGS

2017-10-16 Thread Jean-Michel Vourgère 
Package: smartmontools
Version: 6.5+svn4324-1
Severity: minor

Dear Maintainer,

File /usr/share/doc/smartmontools/README.Debian says:

"
Please read the file WARNINGS in this directory.
"

Either the file is missing or the README.Debian should be udated.

Thank you for taking care of smart. :)

-- System Information:
Debian Release: 9.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages smartmontools depends on:
ii  debianutils  4.8.1.1
ii  init-system-helpers  1.48
ii  libc62.24-11+deb9u1
ii  libcap-ng0   0.7.7-3+b1
ii  libgcc1  1:6.3.0-18
ii  libselinux1  2.6-3+b3
ii  libstdc++6   6.3.0-18
ii  lsb-base 9.20161125

Versions of packages smartmontools recommends:
ii  mailutils [mailx]  1:3.1.1-1

Versions of packages smartmontools suggests:
pn  gsmartcontrol   
pn  smart-notifier  

-- Configuration Files:
/etc/default/smartmontools changed:
start_smartd=yes


-- no debconf information

Bug#875686: history.cgi misses jquery.min.js

2017-09-13 Thread Jean-Michel Vourgère 
Package: icinga2-classicui
Version: 2.6.0-2
Severity: normal

Hello

In the "Host Alert History" pages, the html contains an include on /icinga2-
classicui/jquery/jquery.min.js that returns a 404.

May be this is why the "Select a day ..." link doesn't work.

If I press the "Earlier Archive" link, I can go back day by day.

To reproduce, I click on a host detail, then I follow the "View Alert History 
For This Host" for that host.

Maybe an Alias misses on /usr/share/javascript/jquery/ from libjs-jquery ?

Cheers

Bug#870628: Please warn about slow starts on USB

2017-08-04 Thread Jean-Michel Vourgère 
I'm using a USB3.1 stick, according to its marking. And its connector is blue.

Attached is a "lsusb -v" output, with the stick plugged in. I boot from the 
"Transcend Information, Inc. JetFlash" device, that looks like it's connected 
to a usb2 there. I'm mistaken, ain't I? The target computer has a mix of usb1 
and usb2 ports.Bus 008 Device 004: ID 8564:1000 Transcend Information, Inc. JetFlash
Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 413c:2003 Dell Computer Corp. Keyboard
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 03f0:0c4a Hewlett-Packard 
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 008 Device 004: ID 8564:1000 Transcend Information, Inc. JetFlash
Device Descriptor:
  bLength18
  bDescriptorType 1
  bcdUSB   2.10
  bDeviceClass0 (Defined at Interface level)
  bDeviceSubClass 0 
  bDeviceProtocol 0 
  bMaxPacketSize064
  idVendor   0x8564 Transcend Information, Inc.
  idProduct  0x1000 JetFlash
  bcdDevice   11.00
  iManufacturer   1 JetFlash
  iProduct2 Mass Storage Device
  iSerial 3 25W462G5CWFKZRK5
  bNumConfigurations  1
  Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength   32
bNumInterfaces  1
bConfigurationValue 1
iConfiguration  0 
bmAttributes 0x80
  (Bus Powered)
MaxPower  300mA
Interface Descriptor:
  bLength 9
  bDescriptorType 4
  bInterfaceNumber0
  bAlternateSetting   0
  bNumEndpoints   2
  bInterfaceClass 8 Mass Storage
  bInterfaceSubClass  6 SCSI
  bInterfaceProtocol 80 Bulk-Only
  iInterface  0 
  Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01  EP 1 OUT
bmAttributes2
  Transfer TypeBulk
  Synch Type   None
  Usage Type   Data
wMaxPacketSize 0x0200  1x 512 bytes
bInterval   0
  Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82  EP 2 IN
bmAttributes2
  Transfer TypeBulk
  Synch Type   None
  Usage Type   Data
wMaxPacketSize 0x0200  1x 512 bytes
bInterval   0
Binary Object Store Descriptor:
  bLength 5
  bDescriptorType15
  wTotalLength   22
  bNumDeviceCaps  2
  USB 2.0 Extension Device Capability:
bLength 7
bDescriptorType16
bDevCapabilityType  2
bmAttributes   0x0002
  Link Power Management (LPM) Supported
  SuperSpeed USB Device Capability:
bLength10
bDescriptorType16
bDevCapabilityType  3
bmAttributes 0x00
wSpeedsSupported   0x000c
  Device can operate at High Speed (480Mbps)
  Device can operate at SuperSpeed (5Gbps)
bFunctionalitySupport   2
  Lowest fully-functional device speed is High Speed (480Mbps)
bU1DevExitLat   4 micro seconds
bU2DevExitLat   4 micro seconds
Device Status: 0x
  (Bus Powered)

Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Device Descriptor:
  bLength18
  bDescriptorType 1
  bcdUSB   2.00
  bDeviceClass9 Hub
  bDeviceSubClass 0 Unused
  bDeviceProtocol 0 Full speed (or root) hub
  bMaxPacketSize064
  idVendor   0x1d6b Linux Foundation
  idProduct  0x0002 2.0 root hub
  bcdDevice4.09
  iManufacturer   3 Linux 4.9.0-3-amd64 ehci_hcd
  iProduct2 EHCI Host Controller
  iSerial 1 :00:1d.7
  bNumConfigurations  1
  Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength   25
bNumInterfaces  1
bConfigurationValue 1
iConfiguration  0 
bmAttributes 0xe0
  Self Powered
  Remote Wakeup
MaxPower0mA
Interface Descriptor:
  bLength 9
  bDescriptorType 4
  bInterfaceNumber0
  bAlternateSetting   0
  bNumEndpoints   1
  bInterfaceClass 9 Hub

Bug#870628: Please warn about slow starts on USB

2017-08-03 Thread Jean-Michel Vourgère 
Package: installation-guide-amd64
Severity: normal

Hello

I recently installed form scratch a Stretch to an old computer using an USB
stick.

The "boot menu" show and I hit enter for "Graphical Install". And then I
though it crashed. Twice. The keys don't make the menu move. Caps lock key
doesn't work.
It actually took 2'10" to show next menu "Select a language".

I believe section "5.1.1 Booting from USB Memory Stick" should warn
about possible big delays.

Bug#770171: sshd jail fails when system solely relies on systemd journal for logging

2017-08-01 Thread Jean-Michel Vourgère 
For people looking for an easy work around:

apt-get install rsyslog

will ensure sshd is logged as usual.

Bug#869892: Using sysv, lxc-start fails while trying to create cgroup

2017-07-27 Thread Jean-Michel Vourgère 
I finally had it working by adding
"cgroup  /sys/fs/cgroup  cgroup  defaults  0   0"
to my /etc/fstab

A little note in /usr/share/doc or elsewhere would be nice.

Bug#869892: Using sysv, lxc-start fails while trying to create cgroup

2017-07-27 Thread Jean-Michel Vourgère 
Package: lxc
Version: 1:2.0.7-2
Severity: normal

Dear Maintainer,

When trying to start a container, I get these errors:
# lxc-start -n test -F 
lxc-start: cgroups/cgfs.c: lxc_cgroupfs_create: 901 Could not find writable 
mount point for cgroup hierarchy 11 while trying to create cgroup.
lxc-start: cgroups/cgfs.c: cgroup_rmdir: 209 Device or resource busy - 
cgroup_rmdir: failed to delete 
/sys/fs/cgroup/systemd//user.slice/user-0.slice/session-1.scope
lxc-start: cgroups/cgfs.c: cgroup_rmdir: 209 Device or resource busy - 
cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice/user-0.slice
lxc-start: cgroups/cgfs.c: cgroup_rmdir: 209 Device or resource busy - 
cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice
lxc-start: cgroups/cgfs.c: cgroup_rmdir: 209 Device or resource busy - 
cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd/
lxc-start: start.c: lxc_spawn: 1108 Failed creating cgroups.
lxc-start: start.c: __lxc_start: 1346 Failed to spawn container "test".
lxc-start: tools/lxc_start.c: main: 366 The container failed to start.
lxc-start: tools/lxc_start.c: main: 370 Additional information can be obtained 
by setting the --logfile and --logpriority options.

If I enable systemd, lxc starts working. But then I have issues with other 
software, so I don't want to do that.

Attached are my mounts, since I have the feeling this is related.

Do I need some special systemd related cgroups for lxc, now?

A few pointers in the documentation would be nice. :)

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages lxc depends on:
ii  init-system-helpers  1.48
ii  libapparmor1 2.11.0-3
ii  libc62.24-11+deb9u1
ii  libcap2  1:2.25-1
ii  libgnutls30  3.5.8-5+deb9u2
ii  liblxc1  1:2.0.7-2
ii  libseccomp2  2.3.1-2.1
ii  libselinux1  2.6-3+b1
ii  lsb-base 9.20161125
ii  python3  3.5.3-1
ii  python3-lxc  1:2.0.7-2

Versions of packages lxc recommends:
ii  bridge-utils  1.5-13
ii  debootstrap   1.0.89
ii  dirmngr   2.1.18-6
ii  dnsmasq-base  2.76-5+b1
ii  gnupg 2.1.18-6
ii  iptables  1.6.0+snapshot20161117-6
ii  libpam-cgfs   2.0.7-1
ii  lxcfs 2.0.7-1
ii  openssl   1.1.0f-3
ii  rsync 3.1.2-1
ii  uidmap1:4.4-4.1

Versions of packages lxc suggests:
pn  apparmor 
pn  btrfs-tools  
ii  lvm2 2.02.168-2

-- no debconf information
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs 
(rw,nosuid,relatime,size=882696k,nr_inodes=220674,mode=755)
devpts on /dev/pts type devpts 
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs 
(rw,nosuid,noexec,relatime,size=179012k,nr_inodes=223761,mode=755)
/dev/mapper/debian_vg-debug--disk on / type ext4 
(rw,relatime,errors=remount-ro,data=ordered)
tmpfs on /run/lock type tmpfs 
(rw,nosuid,nodev,noexec,relatime,size=5120k,nr_inodes=223761)
pstore on /sys/fs/pstore type pstore (rw,relatime)
tmpfs on /run/shm type tmpfs 
(rw,nosuid,nodev,noexec,relatime,size=358000k,nr_inodes=223761)
/dev/sda1 on /boot type ext4 (rw,relatime,data=ordered)
rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
cgroup on /sys/fs/cgroup type tmpfs 
(rw,relatime,size=12k,nr_inodes=223761,mode=755)
lxcfs on /var/lib/lxcfs type fuse.lxcfs 
(rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
xenfs on /proc/xen type xenfs (rw,relatime)
systemd on /sys/fs/cgroup/systemd type cgroup 
(rw,nosuid,nodev,noexec,relatime,release_agent=/run/cgmanager/agents/cgm-release-agent.systemd,name=systemd)
tmpfs on /run/user/0 type tmpfs 
(rw,nosuid,nodev,relatime,size=138716k,nr_inodes=173398,mode=700)
  lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_create:901 - Could not find writable mount point for cgroup hierarchy 11 while trying to create cgroup.
  lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice/user-0.slice/session-5.scope
  lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice/user-0.slice
  lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice
  lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Device or resource busy - cgroup_rmdir: failed to delete

Bug#845232: Error on Jessie installation

2017-07-04 Thread Jean-Michel Vourgère 
Control: retitle -1 Enabling AppArmor is not documented
Control: tag -1 - unreproducible
Control: severity -1 minor

On Tuesday 04 July 2017 09:36:44 intrigeri wrote:
> Ping?

Ops, sorry for the delay.

AppArmor was indeed not enabled.

I was unable to find any kind of documentation in Jessie about how this works.
So basically, the package is useless unless you download the source or go to 
the internet.

I expected to see a copy of https://wiki.debian.org/AppArmor/HowToUse or at 
least some of it like the section "Enable AppArmor" and possibly others in 
/u/s/doc/

I downgraded the severity to minor. Fell free to downgrade further.

Bug#862663: amavis shoud suggest unrar-free instead of unrar

2017-05-15 Thread Jean-Michel Vourgère 
Package: amavisd-new
Version: 1:2.10.1-4
Severity: minor

Dear maintainer,

amavis currently suggest installation on unrar, which is unavailable in
Debian.

On startup, log file says:
"No ext program for   .rar, tried: unrar-free"

 which seems to indicate that unrar-free is supported. It should be added
in the dependencies as a suggests:, possibly replacing unrar, or at least as
an alternative.

Thank you for taking care of amavis

Cheers

-- System Information:
Debian Release: 8.8
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#860088: Please improve --numeric-owner documentation

2017-04-11 Thread Jean-Michel Vourgère 
Package: tar
Version: 1.27.1-2+deb8u1
Severity: wishlist

Dear maintainer

tar manual says about --numeric-owner:
"always use numbers for user/group names"

I find this difficult to understand.

Is that option usefull for both archiving and extracting?

If the option is not used, on archiving, are both uid and login name stored in 
the tar file?

I'll find the information somehow. But I believe it should be part of the 
manual. At least a line, please.

Thank you for taking care of tar :)


-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages tar depends on:
ii  libacl1  2.2.52-2
ii  libc62.19-18+deb8u7
ii  libselinux1  2.3-2

tar recommends no packages.

Versions of packages tar suggests:
ii  bzip21.0.6-7+b3
pn  ncompress
pn  tar-scripts  
ii  xz-utils 5.1.1alpha+20120614-2+b3

-- debconf-show failed

Bug#852422: Please stop yelling about deprecation

2017-01-24 Thread Jean-Michel Vourgère 
Package: duplicity
Version: 0.6.24-1
Severity: normal

Hello

I run Jessie.

Since I updated python-crypto to 2.6.1-5+deb8u1 [1] duplicity prints warnings
every time it runs. Like most user, I suppose, I run from cron. This means I
now receive a daily spam with:
/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py:141: 
FutureWarning: CTR mode needs counter parameter, not IV
  self._cipher = factory.new(key, *args, **kwargs)

I expected program used normally not to emit deprecation warnings.

[1] 
https://tracker.debian.org/media/packages/p/python-crypto/changelog-2.6.1-5%2Bdeb8u1

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages duplicity depends on:
ii  libc62.19-18+deb8u7
ii  librsync10.9.7-10
ii  python   2.7.9-1
ii  python-lockfile  1:0.8-2

Versions of packages duplicity recommends:
ii  python-oauthlib  0.6.3-1
ii  python-paramiko  1.15.1-1
ii  python-urllib3   1.9.1-3
ii  rsync3.1.1-3

Versions of packages duplicity suggests:
pn  lftp
pn  ncftp   
pn  python-boto 
pn  python-cloudfiles   
pn  python-gdata
pn  python-swiftclient  
pn  tahoe-lafs

Bug#845232: Error on Jessie installation

2016-11-21 Thread Jean-Michel Vourgère 
Package: apparmor
Version: 2.9.0-3
Severity: normal

When installing AppArmor on Jessie, on gets:

Preconfiguring packages ...
Selecting previously unselected package libapparmor1:amd64.
(Reading database ... 420149 files and directories currently installed.)
Preparing to unpack .../libapparmor1_2.9.0-3_amd64.deb ...
Unpacking libapparmor1:amd64 (2.9.0-3) ...
Selecting previously unselected package libapparmor-perl.
Preparing to unpack .../libapparmor-perl_2.9.0-3_amd64.deb ...
Unpacking libapparmor-perl (2.9.0-3) ...
Selecting previously unselected package apparmor.
Preparing to unpack .../apparmor_2.9.0-3_amd64.deb ...
Unpacking apparmor (2.9.0-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u5) ...
Setting up libapparmor1:amd64 (2.9.0-3) ...
Setting up libapparmor-perl (2.9.0-3) ...
Setting up apparmor (2.9.0-3) ...
update-rc.d: warning: start and stop actions are no longer supported; falling 
back to defaults
[] Starting AppArmor profiles:[] Mounting securityfs on 
/sys/kernel/security...[info] Insufficient privileges to change profiles..
 failed!
invoke-rc.d: initscript apparmor, action "start" failed.
Processing triggers for libc-bin (2.19-18+deb8u6) ...
Processing triggers for systemd (215-17+deb8u5) ...
Press Return to continue.

I expected not to have warning about "Insufficient privileges", and I expected
action "start" to succeed, obviously. ^^

-- System Information:
Debian Release: 8.6
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  initramfs-tools0.120+deb8u2
ii  libapparmor-perl   2.9.0-3
ii  libc6  2.19-18+deb8u6
ii  lsb-base   4.1+Debian13+nmu1
ii  python33.4.2-2

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-docs
pn  apparmor-profiles
pn  apparmor-profiles-extra  
pn  apparmor-utils   

-- debconf-show failed

Bug#837428: Re: jessie-pu: package libphp-adodb/5.15-1

2016-11-07 Thread Jean-Michel Vourgère 
Control: tags -1 - moreinfo
Control: retitle -1 jessie-pu: package libphp-adodb/5.15-1+deb8u1

On Monday 31 October 2016 21:48:15 Adam D. Barratt wrote:
> (...) an upload to jessie needs to be built in a _jessie_ environment.

Ok. Will do.


> +libphp-adodb (5.15-1+deb8u1) jessie; urgency=medium
> +
> +  * Upload to jessie.
> +
> + -- Jean-Michel Vourgère <nir...@debian.org>  Sun, 11 Sep 2016 16:13:54
> +0200 +
> +libphp-adodb (5.15-1+deb7u1) wheezy; urgency=medium
> +
> +  * Cherry pick of upstream patches:
> +- d/patch/pdo-qstr-sql-injection. Closes: #837211
> +- d/patch/cve-2016-4855. Closes: #837418
> 
> That's an unusual way of forming the changelog. Why not simply a 5.15-1
> +deb8u1 stanza listing the changes, on top of 5.15-1? In fact, given
> that the +deb7u1 stanza doesn't match what actually got uploaded to
> wheezy-security, please drop it.

Ok.

Here's a new debdiff.
Please note that #837211 finally got its own CVE number.

Is that ok to upload, now, please?diff -Nru libphp-adodb-5.15/debian/changelog libphp-adodb-5.15/debian/changelog
--- libphp-adodb-5.15/debian/changelog	2012-02-27 04:43:29.0 +0100
+++ libphp-adodb-5.15/debian/changelog	2016-11-07 16:28:04.0 +0100
@@ -1,3 +1,11 @@
+libphp-adodb (5.15-1+deb8u1) jessie; urgency=high
+
+  * Cherry pick of upstream patches:
+- d/patch/cve-2016-7405. Closes: #837211
+- d/patch/cve-2016-4855. Closes: #837418
+
+ -- Jean-Michel Vourgère <nir...@debian.org>  Mon, 07 Nov 2016 16:26:52 +0100
+
 libphp-adodb (5.15-1) unstable; urgency=low
 
   * New upstream release
diff -Nru libphp-adodb-5.15/debian/patches/cve-2016-4855 libphp-adodb-5.15/debian/patches/cve-2016-4855
--- libphp-adodb-5.15/debian/patches/cve-2016-4855	1970-01-01 01:00:00.0 +0100
+++ libphp-adodb-5.15/debian/patches/cve-2016-4855	2016-11-07 16:09:04.0 +0100
@@ -0,0 +1,36 @@
+Description: CVE-2016-4855: XSS vulnerability in old test script
+ This issue was reported by JPCERT Coordination Center (JPCERT/CC) with
+ reference JVN#48237713.
+ .
+ The root cause is a foreach loop processing all GET parameters and
+ blindly assigning them to variables, allowing an attacker to
+ replace contents of global variables.
+ .
+ This limits variable processing using a regex matching those used in
+ testdatabases.inc.php (i.e. beginning with 'test' or 'no').
+ .
+ Debian is not dirrectly affected by this, since test.php is only
+ shipped in /usr/share/doc/libphp-adodb/examples/.
+Author: Damien Regad <dre...@mantisbt.org>
+Origin: upstream, https://github.com/ADOdb/ADOdb/commit/ecb93d8c1
+Bug: https://github.com/ADOdb/ADOdb/issues/274
+Bug-Debian: https://bugs.debian.org/837418
+Reviewed-By: Jean-Michel Vourgère <nir...@debian.org>
+Last-Update: 2016-10-11
+
+--- libphp-adodb-5.12.orig/tests/test.php
 libphp-adodb-5.12/tests/test.php
+@@ -1714,8 +1714,11 @@ if (sizeof($_GET) == 0) $testmysql = tru
+ 
+ 
+ foreach($_GET as $k=>$v)  {
+-	//global $$k;
+-	$$k = $v;
++	// XSS protection (see Github issue #274) - only set variables for
++	// expected get parameters used in testdatabases.inc.php
++	if(preg_match('/^(test|no)\w+$/', $k)) {
++		$$k = $v;
++	}
+ }	
+ 
+ ?>
diff -Nru libphp-adodb-5.15/debian/patches/cve-2016-7405 libphp-adodb-5.15/debian/patches/cve-2016-7405
--- libphp-adodb-5.15/debian/patches/cve-2016-7405	1970-01-01 01:00:00.0 +0100
+++ libphp-adodb-5.15/debian/patches/cve-2016-7405	2016-11-07 16:09:04.0 +0100
@@ -0,0 +1,49 @@
+Description: PDO: fix incorrect quoting allowing SQL injection
+ The PDO driver was relying on ADOConnection::qstr() for quoting strings.
+ An application relying on qstr() to manually prepare SQL statements
+ rather than using parameterized queries may be vulnerable to SQL
+ injection attacks, as demonstrated by @jdavidlists.
+ .
+ This commit delegates string quoting to PDO::quote() when a connection
+ is available. If not, it simply replaces single quotes by the value of
+ $replaceQuote property.
+Author: Damien Regad <dre...@mantisbt.org>
+Origin: upstream, https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
+Bug: https://github.com/ADOdb/ADOdb/issues/226
+Bug-Debian: https://bugs.debian.org/837211
+Reviewed-By: Jean-Michel Vourgère <nir...@debian.org>
+Last-Update: 2016-09-10
+
+--- libphp-adodb-5.20.6.orig/drivers/adodb-pdo.inc.php
 libphp-adodb-5.20.6/drivers/adodb-pdo.inc.php
+@@ -518,6 +518,30 @@ class ADODB_pdo extends ADOConnection {
+ 	{
+ 		return ($this->_connectionID) ? $this->_connectionID->lastInsertId() : 0;
+ 	}
++
++	/**
++	 * Quotes a string to be sent to the database.
++	 * If we have an active connection, delegates quoting to the underlying
++	 * PDO object. Otherwise, replace "'" by the value of $replaceQuote (same
++	 * behavior as mysqli driver)
++	 * @param string  $sThe string to quote
++	 * @param boolean $magic_quotes

Bug#839732: example reports "error: no such option: --cleanup"

2016-10-04 Thread Jean-Michel Vourgère 
Package: duplicity
Version: 0.6.24-1
Severity: minor
Tags: patch

Hi

When playing with debian/examples/system-backup file, one get this:
duplicity: error: no such option: --cleanup

The fix is trivial:

--- debian/examples/system-backup   2016-10-04 10:19:52.121567637 +
+++ debian/examples/system-backup   2016-10-04 10:24:18.315599406 +
@@ -93,7 +93,7 @@
 fi
 
 # Delete files related to failed backups
-PASSPHRASE=$GPG_PASSWORD duplicity --cleanup --verbosity 1 --sftp-command 
"$SFTP" scp://$SSH_HOST/$HOSTNAME
+PASSPHRASE=$GPG_PASSWORD duplicity cleanup --verbosity 1 --sftp-command 
"$SFTP" scp://$SSH_HOST/$HOSTNAME
 
 # Delete old expired backups
 PASSPHRASE=$GPG_PASSWORD duplicity --force --remove-older-than $OLDAGE 
--verbosity 1 --sftp-command "$SFTP" scp://$SSH_HOST/$HOSTNAME


Thanks :)

-- System Information:
Debian Release: 8.6
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages duplicity depends on:
ii  libc62.19-18+deb8u6
ii  librsync10.9.7-10
ii  python   2.7.9-1
ii  python-lockfile  1:0.8-2

Versions of packages duplicity recommends:
ii  python-oauthlib  0.6.3-1
ii  python-paramiko  1.15.1-1
ii  python-urllib3   1.9.1-3
ii  rsync3.1.1-3

Versions of packages duplicity suggests:
pn  lftp
pn  ncftp   
pn  python-boto 
pn  python-cloudfiles   
pn  python-gdata
pn  python-swiftclient  
pn  tahoe-lafs  

-- no debconf information

Bug#839712: Please add links in d/control

2016-10-04 Thread Jean-Michel Vourgère 
Control: retitle -1 Please move Homepage: in d/control
Control: reopen -1

Hi

It doesn't show in the PTS because the Homepage: field need to be in the source 
package, not in the binary one. Please consider moving it to the first 
paragraph, like most package do.

Examples:
https://packages.qa.debian.org/dump shows homepage in right links box
https://packages.qa.debian.org/duplicity doesn't

same thing for tracker.debian.org/pkg/duplicity

This is not a policy requirement, it's just the way tools work... There is 
only one Homepage per orig.tar (source).
Fell free to re-close the report if you like, I won't reopen it twice.

Thank you for taking care of duplicity :*


On Tuesday 04 October 2016 19:09:44 you wrote:
> On Tue, 04 Oct 2016 11:03:12 +0200, Jean-Michel Vourgère writes:
> >Could you please add to d/control
> >Homepage: http://duplicity.nongnu.org/
> >or similar URI.
> 
> this has been present since just about forever.
> 
> >Also, it would be nice to have Vcs-*: fields if you are using a git or
> >similar tool for packaging.
> 
> no vcs is used.
> 
> regards
> az


signature.asc
Description: This is a digitally signed message part.

Bug#839712: Please add links in d/control

2016-10-04 Thread Jean-Michel Vourgère 
Package: duplicity
Version: 0.6.24-1
Severity: wishlist

Hi

Could you please add to d/control
Homepage: http://duplicity.nongnu.org/
or similar URI.

Also, it would be nice to have Vcs-*: fields if you are using a git or
similar tool for packaging.

Thanks :)

-- System Information:
Debian Release: 8.6
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages duplicity depends on:
ii  libc62.19-18+deb8u6
ii  librsync10.9.7-10
ii  python   2.7.9-1
ii  python-lockfile  1:0.8-2

Versions of packages duplicity recommends:
ii  python-oauthlib  0.6.3-1
ii  python-paramiko  1.15.1-1
ii  python-urllib3   1.9.1-3
ii  rsync3.1.1-3

Versions of packages duplicity suggests:
pn  lftp
pn  ncftp   
pn  python-boto 
pn  python-cloudfiles   
pn  python-gdata
pn  python-swiftclient  
pn  tahoe-lafs  

-- no debconf information

Bug#826930: Default browser changed to chromium after iceweasel->firefox migration

2016-06-10 Thread Jean-Michel Vourgère 
Mike Hommey wrote:
> When clicking on a link in what application? GNOME? KDE? using what
> settings?

That was liferea configured with default settings: "Use x-www-browser".
Sorry about the fuzziness.

I am using xfce.

>> Here's the result of "update-alternatives --config x-www-browser":
>> There are 3 choices for the alternative x-www-browser (providing 
>> /usr/bin/x-www-browser).
>>   SelectionPath  Priority   Status
>> 
>> * 0/usr/bin/iceweasel 70auto mode
>>   1/usr/bin/chromium  40manual mode
>>   2/usr/bin/firefox-esr   70manual mode
>>   3/usr/bin/iceweasel 70manual mode
>>
>> I expected alternatives to be changed automatically.
> 
>>From the output from update-alternatives, there is nothing wrong,
> assuming the iceweasel package is still installed, and there is nothing
> in your report that would explain why iceweasel is not being used.


Iceweasel package is still there indeed.
$ ls -l /usr/bin/iceweasel
/usr/bin/iceweasel -> ../lib/firefox-esr/firefox-esr

I could reproduce the bug with command line "x-www-browser".
But now I can't anymore: x-www-browser does launch firefox ok.

Looking at the alternatives, I see nothing wrong either.

Fell free to close this report, as I am not able to reproduce this.

Bug#826930: Default browser changed to chromium after iceweasel->firefox migration

2016-06-10 Thread Jean-Michel Vourgère 
Package: firefox-esr
Version: 45.2.0esr-1~deb8u1
Severity: normal

Hi

After upgrading to debian 8.5, iceweasel became rebranded into firefox.

However, now, when I click on a link, chromium is starting.

Here's the result of "update-alternatives --config x-www-browser":
There are 3 choices for the alternative x-www-browser (providing 
/usr/bin/x-www-browser).
  SelectionPath  Priority   Status

* 0/usr/bin/iceweasel 70auto mode
  1/usr/bin/chromium  40manual mode
  2/usr/bin/firefox-esr   70manual mode
  3/usr/bin/iceweasel 70manual mode

I expected alternatives to be changed automatically.

Thanks

-- Addons package information
ii  firefox-esr45.2.0esr-1~ amd64Mozilla Firefox web browser - Ext
ii  xul-ext-adbloc 2.6.6+dfsg-1 all  advertisement blocking extension 
ii  xul-ext-certif 2.0.14-4 all  Certificate Monitor for Iceweasel
ii  xul-ext-cookie 1.2.0-1  all  manage cookies in a whitelist-bas
ii  xul-ext-firetr 0.5.3~rc1+df all  system tray extension for Iceweas
ii  xul-ext-grease 2.2-2all  customization of webpages with us
ii  xul-ext-https- 4.0.2-3  all  extension to force the use of HTT
ii  xul-ext-https- 091-1all  extension that detects valid HTTP
ii  xul-ext-liveht 0.17-3   all  Adds information about the HTTP h
ii  xul-ext-toggle 1.8-1all  status bar icon to toggle between
ii  xul-ext-uppity 1.5.8-3  all  toolbar button to "go up" on the 
ii  xul-ext-y-u-no 2013052401-2 all  browser extension to make securit

-- System Information:
Debian Release: 8.5
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages firefox-esr depends on:
ii  debianutils   4.4+b1
ii  fontconfig2.11.0-6.3
ii  libasound21.0.28-1
ii  libatk1.0-0   2.14.0-1
ii  libc6 2.19-18+deb8u4
ii  libcairo2 1.14.0-2.1+deb8u1
ii  libdbus-1-3   1.8.20-0+deb8u1
ii  libdbus-glib-1-2  0.102-1
ii  libevent-2.0-52.0.21-stable-2
ii  libffi6   3.1-2+b2
ii  libfontconfig12.11.0-6.3
ii  libfreetype6  2.5.2-3+deb8u1
ii  libgcc1   1:4.9.2-10
ii  libgdk-pixbuf2.0-02.31.1-2+deb8u5
ii  libglib2.0-0  2.42.1-1+b1
ii  libgtk2.0-0   2.24.25-3+deb8u1
ii  libhunspell-1.3-0 1.3.3-3
ii  libpango-1.0-01.36.8-3
ii  libsqlite3-0  3.8.7.1-1+deb8u1
ii  libstartup-notification0  0.12-4
ii  libstdc++64.9.2-10
ii  libx11-6  2:1.6.2-3
ii  libxcomposite11:0.4.4-1
ii  libxdamage1   1:1.1.4-2+b1
ii  libxext6  2:1.3.3-1
ii  libxfixes31:5.0.1-2+b2
ii  libxrender1   1:0.9.8-1+b1
ii  libxt61:1.1.4-1+b1
ii  procps2:3.3.9-9
ii  zlib1g1:1.2.8.dfsg-2+b1

Versions of packages firefox-esr recommends:
ii  gstreamer1.0-libav 1:1.4.5-dmo1
ii  gstreamer1.0-plugins-good  1.4.4-2

Versions of packages firefox-esr suggests:
ii  fonts-lmodern  2.004.4-5
ii  fonts-stix [otf-stix]  1.1.1-1
ii  libcanberra0   0.30-2.1
ii  libgnomeui-0   2.24.5-3
ii  libgssapi-krb5-2   1.12.1+dfsg-19+deb8u2
pn  mozplugger 

-- no debconf information

Bug#826630: ITA?

2016-06-09 Thread Jean-Michel Vourgère 
Hi

> Would it be too much to ask to rebase your changes and push them to
> the collab-maint repository?

Unfortunately, your repository was based on git-import-dscs where all
the history is lost.
So I think you'd better merge your repo with mine rather than the opposite.

Moreover, your repository doesn't have a pristine-tar and the git
snapshot you made is not available upstream. I currently had no way to
package was is on collab-maint.

So I boldly moved collab-maint/sshfp.git to sshfp-maxy.git, pushed the
QA I prepared yesterday before I discovered you started to work on the
package months ago.

The only interesting thing I saw was
876ca3d32be41c793a0f57fd91dd6adf5fb11fc4 "Refresh patches". You might
want to keep that one.

I just uploaded a QA.

I apologize for the mess. julien's packages should have been orphaned
when he lost his dd status back in 2014, sshfp should not have been
orphaned since you still are active, collab-maint should have a fork of
git://git.kirya.net/debian/sshfp and so no...
This is quite frustrating. ... But the time I spent on these issues is
just too much. I'm done.

I do hope nevertheless that it will not prevent you from adopting the
package.

Remember to delete collab-maint/sshfp-maxy.git when it's no longer needed.

-- 
Nirgal

Bug#826630: ITA?

2016-06-07 Thread Jean-Michel Vourgère 
Hi

I just noticed that you set up a repository on collab-maint with an
upstream git snapshot.
https://anonscm.debian.org/cgit/collab-maint/sshfp.git/

Please retitle this bug indicating an ITA (
https://www.debian.org/devel/wnpp/ ), or I will publish the NMU I
prepared today, that contain my 2013 & 2014 patches.

This evening, I also made a bunch of changes for a QA upload, almost
identical to those you did 2 months ago... A bit frustrating of course ^^

Bug#821514: PHP 7.0 Transition

2016-06-04 Thread Jean-Michel Vourgère 
Control: tags -1 - wontfix

I believe wonfix is not the proper way to orphan a package.

Patches exists for ubuntu.

Bug#825647: ocsinventory-server: prompting due to modified conffiles which were not modified by the user: /etc/apache2/conf-available/ocsinventory-server.conf

2016-06-01 Thread Jean-Michel Vourgère 
Mmm, actually, on squeeze, the password was generated randomly. :)

Unforunatly,  this means there is no easy way to detect whether the user
changed the /etc file or not (It was not a conffile then).

Bug#825647: ocsinventory-server: prompting due to modified conffiles which were not modified by the user: /etc/apache2/conf-available/ocsinventory-server.conf

2016-06-01 Thread Jean-Michel Vourgère 
Here's a first diagnostic:

When doing a squeeze => wheezy => jessie upgrade test, one gets:


  Setting up ocsinventory-server (2.0.5-1.3) ...
  Preserving your changes in
/etc/apache2/conf-available/ocsinventory-server.conf
  Changing 'require "SOAP_USER"' by 'require user "SOAP_USER"'
  Backup is available in ocsinventory-server.conf.old
  apache2_invoke: Enable configuration ocsinventory-server

When doing a wheezy => jessie upgrade test, one gets:
=
  Setting up ocsinventory-server (2.0.5-1.3) ...
  apache2_invoke: Enable configuration ocsinventory-server


The "preserving your change" is wrong and is the root of the problem.


=
= Diagnostic
=

Squeeze
---
1.02.2-1.1 postinst configure is quite complex. In unattended mode, it
will generate a /etc/ocsinventory/ocsinventory.conf when it doesn't
exists, using debconf, template
/usr/share/ocsinventory-server/files/ocsinventory.conf and a bunch of
sed commands.
(
https://anonscm.debian.org/cgit/collab-maint/ocsinventory-server.git/tree/debian/ocsinventory-server.postinst?h=debian/1.02.2-1.1
)
The resulting /etc/ocsinventory/ocsinventory.conf file with
024b0d2e135eb4810e3ff1316ce1e3db
(unfortunatly, I'm testing with xen and it looks like old squeeze is not
longer supported by xen-tools. So I could only test 1.02.2-1.1 in
wheezy. This hash should be double checked)


Wheezy
--
2.0.5-1.1 /usr/share/ocsinventory-server/files/ocsinventory.conf =>
024b0d2e135eb4810e3ff1316ce1e3db

2.0.5-1.1 postinst configure does:
  if [ ! -f /etc/ocsinventory/ocsinventory.conf ]; then
cp /usr/share/ocsinventory-server/files/ocsinventory.conf
/etc/ocsinventory/ocsinventory.conf
  fi

Lenny
-
2.0.5-1.3 postinst configure does:
  if [ $(md5sum /etc/ocsinventory/ocsinventory.conf | cut -d \  -f 1) =
'024b0d2e135eb4810e3ff1316ce1e3db' ]; then
# file unchanged since wheezy
rm /etc/ocsinventory/ocsinventory.conf
  else
echo Preserving your changes in
/etc/apache2/conf-available/ocsinventory-server.conf
mv /etc/ocsinventory/ocsinventory.conf
/etc/apache2/conf-available/ocsinventory-server.conf
echo "Changing 'require \"SOAP_USER\"' by 'require user \"SOAP_USER\"'"
sed -i.old 's/require "SOAP_USER"/require user "SOAP_USER"/'
/etc/apache2/conf-available/ocsinventory-server.conf
echo Backup is available in ocsinventory-server.conf.old
  fi


=> Lenny postinst configure also discard postinst whose hash is
024b0d2e135eb4810e3ff1316ce1e3db .

Bug#823034: transition: rrdtool

2016-05-21 Thread Jean-Michel Vourgère 
Hi

Last package using librrd4 is collectd.

It should no longer FTBFS on most archs (bug #822397 was fixed in linux
headers earlier this week).

The binnmu should be given back.


https://ftp-master.debian.org/cruft-report-daily.txt
https://release.debian.org/transitions/html/auto-rrdtool.html
https://buildd.debian.org/status/package.php?p=collectd

Bug#669856: iptotal: transition towards Apache 2.4

2016-05-19 Thread Jean-Michel Vourgère 
Control: tags -1 + patch

Hello Ignace

Attached is a patch for #669856

Also available  at https://github.com/ghantoos/debian-iptotal/pull/1
(Beware postrm is removed and not emptied)

Ping me if you need a sponsor.
commit 728020da9537f720cefff974d1fcb2289faec362
Author: Jean-Michel Vourgère <nir...@debian.org>
Date:   Thu May 19 11:23:16 2016 +0200

Migate to apache2.4 (#669856)

diff --git a/debian/README.debian b/debian/README.debian
index 2968c93..c7ab309 100644
--- a/debian/README.debian
+++ b/debian/README.debian
@@ -1,11 +1,3 @@
-Using iptotal with Apache2:

-An apache configuration file template is shipped with this package. In order to
-use it, it should be symlinked inside apache2's configuration folder:
-  $ sudo ln -s /etc/iptotal/apache.conf /etc/apache2/conf.d/
-Then reload apache2 configuration:
-  $ sudo /etc/init.d/apache2 reload
-
 Note concerning iptotal's data directory:
 -
 Some important changes have been applied to iptotal's data directory over the
diff --git a/debian/apache.conf b/debian/apache.conf
deleted file mode 100644
index 0fd7805..000
--- a/debian/apache.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-Alias /iptotal /var/lib/iptotal/
-
-
-Options +FollowSymLinks
-AllowOverride None
-order allow,deny
-allow from all
-DirectoryIndex template.html
-
diff --git a/debian/control b/debian/control
index fc81377..b8b635e 100644
--- a/debian/control
+++ b/debian/control
@@ -3,20 +3,25 @@ Section: admin
 Priority: extra
 Maintainer: Ignace Mouzannar <mouzan...@gmail.com>
 DM-Upload-Allowed: yes
-Build-Depends: debhelper (>= 7.0.50~), libpcap-dev, rrdtool, autotools-dev 
(>=20100122.1)
+Build-Depends: autotools-dev (>=20100122.1),
+   debhelper (>= 7.0.50~),
+   dh-apache2,
+   libpcap-dev,
+   rrdtool
 Standards-Version: 3.9.2
 Homepage: http://sourceforge.net/projects/iptotal
 
 Package: iptotal
 Architecture: any
-Depends: rrdtool, tcpdump, apache2 | httpd, ${shlibs:Depends}, ${misc:Depends}
+Depends: rrdtool, tcpdump, ${misc:Depends}, ${shlibs:Depends}
+Recommends: ${misc:Recommends}
 Description: monitor for IP traffic, not requiring SNMP
  iptotal is yet another IP traffic monitor. It listens to a network interface 
in
  non-promiscuous mode, and measures IP bandwidth usage. After the specified
  number of seconds, the average throughput is printed at total, input and 
output
  usage.
- . 
+ .
  The utility can be used to measure bandwidth usage without the need for an 
SNMP
  daemon.  In combination with a simple script and rrdtool it can be used to
  present the measured data in graphical format e.g. through a web interface.
- The package contains www + CGI sample files. 
+ The package contains www + CGI sample files.
diff --git a/debian/install b/debian/install
index 2344372..47e35c7 100644
--- a/debian/install
+++ b/debian/install
@@ -1,3 +1,2 @@
-debian/apache.conf /etc/iptotal/
 debian/iptotal/var/lib/iptotal/template.html /usr/share/iptotal/www/
 debian/iptotal/var/lib/iptotal/images/ /usr/share/iptotal/www/
diff --git a/debian/iptotal.apache2 b/debian/iptotal.apache2
new file mode 100644
index 000..db3cf62
--- /dev/null
+++ b/debian/iptotal.apache2
@@ -0,0 +1 @@
+conf debian/iptotal.conf
diff --git a/debian/iptotal.conf b/debian/iptotal.conf
new file mode 100644
index 000..4e2c0b8
--- /dev/null
+++ b/debian/iptotal.conf
@@ -0,0 +1,8 @@
+Alias /iptotal /var/lib/iptotal/
+
+
+Options +FollowSymLinks
+AllowOverride None
+Require all granted
+DirectoryIndex template.html
+
diff --git a/debian/postinst b/debian/postinst
index e382ae8..fb67bf7 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -47,7 +47,13 @@ case "$1" in
 done
 
 # change ownership to www-data
-   chown -R www-data:www-data /var/lib/iptotal/*
+chown -R www-data:www-data /var/lib/iptotal/*
+
+# enable cgi
+if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
+. /usr/share/apache2/apache2-maintscript-helper
+apache2_invoke enmod cgi
+fi
;;
 
abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/postrm b/debian/postrm
deleted file mode 100644
index 1719405..000
--- a/debian/postrm
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case "$1" in
-   purge|remove)
-   # reload apache2 configuration
-   invoke-rc.d apache2 reload
-   ;;
-
-   upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-
-   ;;
-
-   *) 
-   echo "postrm called with unknown argument \`$1'" >&2
-   exit 1
-   ;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/rules b/debian/rules
index dca67c1..68a0e33 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,7 +1,7 @@
 #!/usr/bin/make -f
 
 %:
-   dh --with autotools_dev $@
+   dh

  1   2   3   4   >