Bug#1007183: buster-pu: package libphp-adodb/5.20.14-1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: buster Severity: normal Hello I'd like to patch CVE-2021-3850 The one-line patch is already released in sid, and in old-old-security as version 5.20.9-1+deb9u1 thanks to the ELTS team. The patch, from upstream, removes the detection of a string being already quoted. This results in the proper escaping always taking place. Note that this function is only called for escaping pg_connect arguments. Is that ok? Tell me if you think it's better to upload in buster-security.diff -Nru libphp-adodb-5.20.14/debian/changelog libphp-adodb-5.20.14/debian/changelog --- libphp-adodb-5.20.14/debian/changelog 2019-01-07 07:18:32.0 +0100 +++ libphp-adodb-5.20.14/debian/changelog 2022-03-12 21:40:01.0 +0100 @@ -1,3 +1,10 @@ +libphp-adodb (5.20.14-1+deb10u1) buster; urgency=high + + * Add patch to prevent auth bypass with PostgreSQL +connections. (Fixes: CVE-2021-3850) (Closes: #1004376) + + -- Jean-Michel Vourgère Sat, 12 Mar 2022 21:40:01 +0100 + libphp-adodb (5.20.14-1) unstable; urgency=medium * New upstream version. diff -Nru libphp-adodb-5.20.14/debian/patches/CVE-2021-3850.patch libphp-adodb-5.20.14/debian/patches/CVE-2021-3850.patch --- libphp-adodb-5.20.14/debian/patches/CVE-2021-3850.patch 1970-01-01 01:00:00.0 +0100 +++ libphp-adodb-5.20.14/debian/patches/CVE-2021-3850.patch 2022-02-06 09:56:10.0 +0100 @@ -0,0 +1,26 @@ +From 952de6c4273d9b1e91c2b838044f8c250c29 Mon Sep 17 00:00:00 2001 +From: Damien Regad +Date: Mon, 10 Jan 2022 09:41:32 +0100 +Subject: [PATCH] Prevent auth bypass with PostgreSQL connections + +Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability +(CVE-2021-3850). + +This is a minimalistic approach to patch the issue, to reduce the risk +of causing regressions in the legacy stable branch. + +Fixes #793 +--- + drivers/adodb-postgres64.inc.php | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/adodb-postgres64.inc.php b/drivers/adodb-postgres64.inc.php +@@ -51,7 +51,6 @@ + { + $len = strlen($s); + if ($len == 0) return "''"; +- if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted + + return "'".addslashes($s)."'"; + } diff -Nru libphp-adodb-5.20.14/debian/patches/series libphp-adodb-5.20.14/debian/patches/series --- libphp-adodb-5.20.14/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ libphp-adodb-5.20.14/debian/patches/series 2022-02-06 09:55:43.0 +0100 @@ -0,0 +1 @@ +CVE-2021-3850.patch signature.asc Description: This is a digitally signed message part.
Bug#1007181: bullseye-pu: package libphp-adodb/5.20.19-1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: bullseye Severity: normal Hello I'd like to patch CVE-2021-3850 The one-line patch is already released in sid, and in old-old-security as version 5.20.9-1+deb9u1 thanks to the ELTS team. The patch, from upstream, removes the detection of a string being already quoted. This results in the proper escaping always taking place. Note that this function is only called for escaping pg_connect arguments. Is that ok? Tell me if you think it's better to upload in bullseye-security.diff -Nru libphp-adodb-5.20.19/debian/changelog libphp-adodb-5.20.19/debian/changelog --- libphp-adodb-5.20.19/debian/changelog 2020-12-19 08:08:01.0 +0100 +++ libphp-adodb-5.20.19/debian/changelog 2022-03-12 18:50:26.0 +0100 @@ -1,3 +1,10 @@ +libphp-adodb (5.20.19-1+deb11u1) bullseye; urgency=high + + * Add patch to prevent auth bypass with PostgreSQL +connections. (Fixes: CVE-2021-3850) (Closes: #1004376) + + -- Jean-Michel Vourgère Sat, 12 Mar 2022 18:50:26 +0100 + libphp-adodb (5.20.19-1) unstable; urgency=medium * New upstream version. diff -Nru libphp-adodb-5.20.19/debian/patches/CVE-2021-3850.patch libphp-adodb-5.20.19/debian/patches/CVE-2021-3850.patch --- libphp-adodb-5.20.19/debian/patches/CVE-2021-3850.patch 1970-01-01 01:00:00.0 +0100 +++ libphp-adodb-5.20.19/debian/patches/CVE-2021-3850.patch 2022-02-06 09:56:10.0 +0100 @@ -0,0 +1,26 @@ +From 952de6c4273d9b1e91c2b838044f8c250c29 Mon Sep 17 00:00:00 2001 +From: Damien Regad +Date: Mon, 10 Jan 2022 09:41:32 +0100 +Subject: [PATCH] Prevent auth bypass with PostgreSQL connections + +Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability +(CVE-2021-3850). + +This is a minimalistic approach to patch the issue, to reduce the risk +of causing regressions in the legacy stable branch. + +Fixes #793 +--- + drivers/adodb-postgres64.inc.php | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/adodb-postgres64.inc.php b/drivers/adodb-postgres64.inc.php +@@ -51,7 +51,6 @@ + { + $len = strlen($s); + if ($len == 0) return "''"; +- if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted + + return "'".addslashes($s)."'"; + } diff -Nru libphp-adodb-5.20.19/debian/patches/series libphp-adodb-5.20.19/debian/patches/series --- libphp-adodb-5.20.19/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ libphp-adodb-5.20.19/debian/patches/series 2022-02-06 09:55:43.0 +0100 @@ -0,0 +1 @@ +CVE-2021-3850.patch signature.asc Description: This is a digitally signed message part.
Bug#817130: README.Debian refers to non-existent /etc/default/pulseaudio
An update would be welcome, indeed. I have a clock that plays a sound every hour. It is run from the crontab, and I need pulse audio when no user is logged in. This is just an example where the use of a system-wide pulseaudio instance comes handy. For the reference, here's the leny file pointed at.# Start the PulseAudio sound server in system mode. # (enables the pulseaudio init script - requires that users be in the # pulse-access group) # System mode is not the recommended way to run PulseAudio as it has some # limitations (such as no shared memory access) and could potentially allow # users to disconnect or redirect each others' audio streams. The # recommended way to run PulseAudio is as a per-session daemon. For GNOME/KDE/ # Xfce sessions in Ubuntu Lucid/10.04, /etc/xdg/autostart/pulseaudio.desktop # handles this function of automatically starting PulseAudio on login, and for # it to work correctly your user must *not* have "autospawn = no" set in # ~/.pulse/client.conf (or in /etc/pulse/client.conf). By default, autospawn # is enabled. For other sessions, you can simply start PulseAudio with # "pulseaudio --daemonize". # 0 = don't start in system mode, 1 = start in system mode PULSEAUDIO_SYSTEM_START=0 # Prevent users from dynamically loading modules into the PulseAudio sound # server. Dynamic module loading enhances the flexibility of the PulseAudio # system, but may pose a security risk. # 0 = no, 1 = yes DISALLOW_MODULE_LOADING=1
Bug#1004140: [certbot-apache] Bad SSLHonorCipherOrder
Package: python3-certbot-apache Version: 1.10.1-1 Tags: security upstream patch Hello letsencrypt apache configuration snippet contains: SSLHonorCipherOrder off which is: 1/ Apache default value 2/ The worst value As a consequence, even is you upgraded your apache configuration, if you use letsencrypt, depending of the order of your includes, you may end up with your changes being overwritten for the worst possible value. Please enable SSLHonorCipherOrder Or at the very least stop resetting it! You can have a look at /etc/apache2/mods-available/ssl.conf to understand the pros and cons. Note that disabling that option results in web site being flagged as unsecured by most tools. See testssl package and the result: > Has server cipher order? no (NOT ok) Attached is a (trivial) patch. Thank you for maintaining this package.Description: Don't force remove robust cipher order See /etc/apache2/mods-available/ssl.conf Author: Jean-Michel Vourgère Bug-Debian: https://bugs.debian.org/ Forwarded: no Reviewed-By: Last-Update: 2022-01-21 --- python-certbot-apache-1.10.1.orig/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf +++ python-certbot-apache-1.10.1/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf @@ -9,7 +9,7 @@ SSLEngine on # Intermediate configuration, tweak to your needs SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 -SSLHonorCipherOrder off -SSLHonorCipherOrder on SSLSessionTickets off SSLOptions +StrictRequire signature.asc Description: This is a digitally signed message part.
Bug#994747: gnome-calendar: Please suggest gnome-online-accounts
Package: gnome-calendar Version: 3.38.2-1 Severity: wishlist Dear Maintainer, When I click on "add online accounts", nothing happens here. Please consider adding a Suggest: dependency on group-online-accounts package. Thanks -- System Information: Debian Release: 11.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gnome-calendar depends on: ii dconf-gsettings-backend [gsettings-backend] 0.38.0-2 ii gsettings-desktop-schemas3.38.0-2 ii libc62.31-13 ii libcairo21.16.0-5 ii libdazzle-1.0-0 3.38.0-1 ii libecal-2.0-13.38.3-1 ii libedataserver-1.2-253.38.3-1 ii libedataserverui-1.2-2 3.38.3-1 ii libgeoclue-2-0 2.5.7-3 ii libglib2.0-0 2.66.8-1 ii libgoa-1.0-0b3.38.0-3 ii libgtk-3-0 3.24.24-4 ii libgweather-3-16 3.36.1-3 ii libhandy-0.0-0 0.0.13-3 ii libical3 3.0.9-2 ii libpango-1.0-0 1.46.2-3 ii libpangocairo-1.0-0 1.46.2-3 ii libsoup2.4-1 2.72.0-2 Versions of packages gnome-calendar recommends: ii evolution-data-server 3.38.3-1 gnome-calendar suggests no packages. -- no debconf information
Bug#992255: openvpn fails in a container (missing cgroup2 support)
Package: lxc-templates Version: 3.0.4-5 Severity: normal Affects: openvpn Dear Maintainer, After upgrading to bullseye, my container with openvpn failed to start. The syslog error message is: ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1) and indeed "cat /dev/net/tun" fails with that same error. I traced the problem to cgroup2 migration. Adding lxc.cgroup2.devices.allow = c 10:200 rwm in my container config file fixed the issue. I believe cgroup2 support should be added generally in /usr/share/lxc/config/debian.common.conf with keys for both cgroup1 and cgroup2 in a way that is similar to /usr/share/lxc/config/common.conf Please add cgroup2 support. Thank you signature.asc Description: This is a digitally signed message part.
Bug#990221: lxc-debian fails with »debian-distro-info: command not found«
lxc-templates recommends packages distro-info You really should install it, as recommended, unless you don't want to install any debian based container. signature.asc Description: This is a digitally signed message part.
Bug#991316: clamav: Freshclam exhaust diff download quotas before switching to full downloads
Package: clamav Version: 0.103.2+dfsg-0+deb10u1 Severity: normal Dear Maintainer, Clamav no longer download updates on my server. I am in a situation where I get message: Incremental update failed, trying to download daily.cvd However, freshclam tried so hard to download the diff that I get quick out every time from the mirror with the error: Tue Jul 20 15:45:49 2021 -> ^Can't download daily.cvd from https://database.clamav.net/daily.cvd Tue Jul 20 15:45:49 2021 -> ^FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN). Tue Jul 20 15:45:49 2021 -> This means that you have been rate limited by the CDN. Tue Jul 20 15:45:49 2021 -> 1. Run FreshClam no more than once an hour to check for updates. Tue Jul 20 15:45:49 2021 -> FreshClam should check DNS first to see if an update is needed. Tue Jul 20 15:45:49 2021 -> 2. If you have more than 10 hosts on your network attempting to download, Tue Jul 20 15:45:49 2021 -> it is recommended that you set up a private mirror on your network using Tue Jul 20 15:45:49 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Tue Jul 20 15:45:49 2021 -> CDN and your own network. Tue Jul 20 15:45:49 2021 -> 3. Please do not open a ticket asking for an exemption from the rate limit, Tue Jul 20 15:45:49 2021 -> it will not be granted. Tue Jul 20 15:45:49 2021 -> ^You are on cool-down until after: 2021-07-20 19:45:49 Tue Jul 20 15:45:49 2021 -> *Current working dir is /var/lib/clamav/ Tue Jul 20 15:45:49 2021 -> *check_for_new_database_version: Local copy of main found: main.cld. Tue Jul 20 15:45:49 2021 -> *query_remote_database_version: main.cvd version from DNS: 61 Tue Jul 20 15:45:49 2021 -> main database available for update (local version: 59, remote version: 61) See attached full log. I expected freshclam to give up retrying patching the database and switch to full download *before* hitting the rate limitation. Every time it gives up and switch to full download, it is too late and the full download fails too. As a result, freshclam is totally broken here. -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf --- AlertExceedsMax disabled PreludeEnable disabled PreludeAnalyzerName = "ClamAV" LogFile = "/var/log/clamav/clamav.log" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" ConcurrentDatabaseReload = "yes" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "6" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled ScanPE = "yes" ScanELF = "yes" ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" HeuristicAlerts = "yes" HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" AlertBrokenExecutables disabled AlertBrokenMedia disabled AlertEncrypted disabled StructuredCCOnly disabled AlertEncryptedArchive disabled AlertEncryptedDoc disabled AlertOLE2Macros disabled AlertPhishingSSLMismatch disabled AlertPhishingCloak disabled AlertPartitionIntersection disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ForceToDisk disabled MaxScanTime = "12" MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "1" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "1" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" PCREMaxFileSize = "26214400" OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessExcludeUname disabled
Bug#990702: matrix-mirage: 'invite' KeyError exception
Package: matrix-mirage Version: 0.6.4~dfsg+~hsluv1.0.0-4 Severity: important Dear Maintainer, Every time I start mirage, I get that message: Traceback (most recent call last): File "qrc:/src/backend/matrix_client.py", line 399, in _start await self.sync_task File "/usr/lib/python3/dist-packages/nio/client/async_client.py", line 1130, in sync_forever sync_response = await self.sync(use_timeout, use_filter, since, full_state, presence) File "/usr/lib/python3/dist-packages/nio/client/async_client.py", line 1003, in sync response = await self._send( File "qrc:/src/backend/matrix_client.py", line 251, in _send response = await super()._send(*args, **kwargs) File "/usr/lib/python3/dist-packages/nio/client/async_client.py", line 717, in _send resp = await self.create_matrix_response( File "/usr/lib/python3/dist-packages/nio/client/async_client.py", line 504, in create_matrix_response resp = response_class.from_dict(parsed_dict, *data) File "/usr/lib/python3/dist-packages/nio/responses.py", line 170, in wrapper return f(cls, parsed_dict, *args, **kwargs) File "/usr/lib/python3/dist-packages/nio/responses.py", line 1745, in from_dict rooms = SyncResponse._get_room_info(parsed_dict["rooms"]) File "/usr/lib/python3/dist-packages/nio/responses.py", line 1688, in _get_room_info for room_id, room_dict in parsed_dict["invite"].items(): KeyError: 'invite' Such an error occur every 30 second or so. If I ignore it, nothing happens. I only have a big circle turning in the window. The package became totally unusable for me. -- System Information: Debian Release: 11.0 APT prefers testing APT policy: (500, 'testing'), (100, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-7-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages matrix-mirage depends on: ii libc6 2.31-12 ii libgcc-s1 10.2.1-6 ii libqt5core5a5.15.2+dfsg-7 ii libqt5gui5 5.15.2+dfsg-7 ii libqt5qml5 5.15.2+dfsg-6 ii libqt5quick55.15.2+dfsg-6 ii libqt5quickcontrols2-5 5.15.2+dfsg-2 ii libqt5widgets5 5.15.2+dfsg-7 ii libstdc++6 10.2.1-6 ii libx11-62:1.7.1-1 ii libxss1 1:1.2.3-1 ii python3 3.9.2-3 ii python3-aiofiles0.6.0-2 ii python3-appdirs 1.4.4-1 ii python3-blist 1.3.6-7+b1 ii python3-cairosvg2.5.0-1.1 ii python3-html-sanitizer 1.9.1-2 ii python3-lxml4.6.3-1 ii python3-magic 2:0.4.20-3 ii python3-matrix-nio 0.16.0-1 ii python3-mistune 0.8.4-4 ii python3-pil 8.1.2+dfsg-0.1 ii python3-pymediainfo 5.0.3-1 ii qml-module-io-thp-pyotherside 1.5.9-2+b3 ii qml-module-qt-labs-folderlistmodel 5.15.2+dfsg-6 ii qml-module-qt-labs-platform 5.15.2+dfsg-2 ii qml-module-qt-labs-qmlmodels5.15.2+dfsg-6 ii qml-module-qtav 1.13.0+ds-3+b2 ii qml-module-qtgraphicaleffects 5.15.2-2 ii qml-module-qtquick-controls25.15.2+dfsg-2 ii qml-module-qtquick-dialogs 5.15.2-2 ii qml-module-qtquick-layouts 5.15.2+dfsg-6 ii qml-module-qtquick-shapes 5.15.2+dfsg-6 ii qml-module-qtquick-window2 5.15.2+dfsg-6 ii qml-module-qtquick2 5.15.2+dfsg-6 Versions of packages matrix-mirage recommends: ii fonts-hack 3.003-3 ii fonts-roboto-unhinted 2:0~20170802-3 ii qt5-image-formats-plugins 5.15.2-2 matrix-mirage suggests no packages. -- no debconf information
Bug#977730: [Pkg-privacy-maintainers] Bug#977730: torbrowser-launcher: Signature verification failed, key expired
This was fixed a few day after submitting the report, as far as I can remember. May be an upstream issue with the update url? Fell free to close the report. signature.asc Description: This is a digitally signed message part.
Bug#986575: mdbtools ftbfs with -O3
On Wednesday, 7 April 2021 21:52:17 CEST you wrote: > https://launchpadlibrarian.net/532289912/buildlog_ubuntu-hirsute-ppc64el.mdbtools_0.9.2-2ubuntu1_BUILDING.txt.gz Regarding the use of deprecated g_memdup, Evan Miller fixed that upstream in 0.9.2 https://github.com/mdbtools/mdbtools/commit/fe0175aa6398a8fbde051cdce5d69de1de2d4489 that will be released soonish. Regarding the error: ‘%-12s’ directive argument is null I can confirm this is not a gcc-11 specific issue as it also occurs with gcc-10 (4:10.2.1-1 from bullseye) when you modify the d/rules to include "export DEB_CFLAGS_MAINT_APPEND=-O3" like you did. I still think this is a compiler issue. Don't you share that point of view? signature.asc Description: This is a digitally signed message part.
Bug#986575: mdbtools ftbfs with -O3
Hello Matthias This looks like another problem with the compiler (I had no feedback from you regarding #984230) Here's the code: mdb_get_objtype_string(int obj_type) { static const char *type_name[] = {"Form", "Table", "Macro", "System Table", "Report", "Query", "Linked Table", "Module", "Relationship", "Unknown 0x09", "User Info", "Database" }; if (obj_type >= (int)(sizeof(type_name)/sizeof(type_name[0]))) { return NULL; } else { return type_name[obj_type]; } } (...) for (i=0;inum_catalog;i++) { entry = g_ptr_array_index(mdb->catalog,i); printf("Type: %-12s", mdb_get_objtype_string(entry->object_type)); } Yelding: error: ‘%-12s’ directive argument is null But the mdb is read from a file, and I can't see why and how the compiler would decide/know the entry is out of range in g_ptr_array_index and assume mdb_get_objtype_string would return NULL anyway... Regarding the second issue, I can't see errors being redirected to null. Are you building the package with a tool such as debuild? signature.asc Description: This is a digitally signed message part.
Bug#984230: mdbtools: ftbfs with GCC-11
Hello Matthias Are you positive this is an issue in the code? I mean, basically, something like void func(size_t *_lin) { *_lin = 42; } is now a problem? It looks weird, and the explanation message points to unrelated types, and talks about accessing array[0] with the size being 1.. Could it be a compiler issue? On Wednesday, 3 March 2021 17:15:26 CET Matthias Klose wrote: > Package: src:mdbtools > Version: 0.9.1-1 > Severity: normal > Tags: sid bookworm > User: debian-...@lists.debian.org > Usertags: ftbfs-gcc-11 > > [This bug is not targeted to the upcoming bullseye release] > > Please keep this issue open in the bug tracker for the package it > was filed for. If a fix in another package is required, please > file a bug for the other package (or clone), and add a block in this > package. Please keep the issue open until the package can be built in > a follow-up test rebuild. > > The package fails to build in a test rebuild on at least amd64 with > gcc-11/g++-11, but succeeds to build with gcc-10/g++-10. The > severity of this report will be raised before the bookworm release, > so nothing has to be done for the bullseye release. > > The full build log can be found at: > http://people.debian.org/~doko/logs/20210228/filtered/gcc11/mdbtools_0.9.1-1_unstable_gcc11.log > The last lines of the build log are at the end of this report. > > To build with GCC 11, either set CC=gcc-11 CXX=g++-11 explicitly, > or install the gcc, g++, gfortran, ... packages from experimental. > > apt-get -t=experimental install g++ > > Common build failures are new warnings resulting in build failures with > -Werror turned on, or new/dropped symbols in Debian symbols files. > For other C/C++ related build failures see the porting guide at > http://gcc.gnu.org/gcc-11/porting_to.html > > GCC 11 defaults to the GNU++17 standard. If your package installs > header files in /usr/include, please don't work around C++17 issues > by choosing a lower C++ standard for the package build, but fix these > issues to build with the C++17 standard. > > [...] > make[4]: Entering directory '/<>/src/sql' > /bin/bash ../../libtool --tag=CC --mode=compile gcc > -DPACKAGE_NAME=\"mdbtools\" -DPACKAGE_TARNAME=\"mdbtools\" > -DPACKAGE_VERSION=\"0.9.1\" -DPACKAGE_STRING=\"mdbtools\ 0.9.1\" > -DPACKAGE_BUGREPORT=\"https://github.com/mdbtools/mdbtools/issues\; > -DPACKAGE_URL=\"https://github.com/mdbtools/mdbtools\; -DPACKAGE=\"mdbtools\" > -DVERSION=\"0.9.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 > -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 > -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 > -DLT_OBJDIR=\".libs/\" -DSTDC_HEADERS=1 -DHAVE_FCNTL_H=1 -DHAVE_LIMITS_H=1 > -DHAVE_UNISTD_H=1 -DHAVE_WORDEXP_H=1 > -DHAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME=1 -DHAVE_LIBREADLINE=1 > -DHAVE_READLINE_READLINE_H=1 -DHAVE_READLINE_HISTORY=1 > -DHAVE_READLINE_HISTORY_H=1 -DHAVE_STRPTIME=1 -DHAVE_FMEMOPEN=1 > -DHAVE_GMTIME_R=1 -DHAVE_VASPRINTF=1 -DHAVE_ICONV=1 -DICONV_CONST= > -DHAVE_ATTRIBUTE_ALIAS=1 -DSIZEOF_LONG_INT=8 -DHAVE_LONG_LONG=1 -I. > -Wdate-time -D_FORTIFY_SOURCE=2 -I../../include -I/usr/include/glib-2.0 > -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DHAVE_GLIB=1 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -DSQL -Wall -Werror -DUNIXODBC -c -o mdbsql.lo > mdbsql.c > /bin/bash ../../libtool --tag=CC --mode=compile gcc > -DPACKAGE_NAME=\"mdbtools\" -DPACKAGE_TARNAME=\"mdbtools\" > -DPACKAGE_VERSION=\"0.9.1\" -DPACKAGE_STRING=\"mdbtools\ 0.9.1\" > -DPACKAGE_BUGREPORT=\"https://github.com/mdbtools/mdbtools/issues\; > -DPACKAGE_URL=\"https://github.com/mdbtools/mdbtools\; -DPACKAGE=\"mdbtools\" > -DVERSION=\"0.9.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 > -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 > -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 > -DLT_OBJDIR=\".libs/\" -DSTDC_HEADERS=1 -DHAVE_FCNTL_H=1 -DHAVE_LIMITS_H=1 > -DHAVE_UNISTD_H=1 -DHAVE_WORDEXP_H=1 > -DHAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME=1 -DHAVE_LIBREADLINE=1 > -DHAVE_READLINE_READLINE_H=1 -DHAVE_READLINE_HISTORY=1 > -DHAVE_READLINE_HISTORY_H=1 -DHAVE_STRPTIME=1 -DHAVE_FMEMOPEN=1 > -DHAVE_GMTIME_R=1 -DHAVE_VASPRINTF=1 -DHAVE_ICONV=1 -DICONV_CONST= > -DHAVE_ATTRIBUTE_ALIAS=1 -DSIZEOF_LONG_INT=8 -DHAVE_LONG_LONG=1 -I. > -Wdate-time -D_FORTIFY_SOURCE=2 -I../../include -I/usr/include/glib-2.0 > -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DHAVE_GLIB=1 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -DSQL -Wall -Werror -DUNIXODBC -c -o parser.lo > parser.c > test -f lexer.c || /bin/bash ../../build-aux/ylwrap lexer.l lex.yy.c lexer.c > -- flex -i -8 > /bin/bash ../../libtool --tag=CC --mode=compile gcc > -DPACKAGE_NAME=\"mdbtools\" -DPACKAGE_TARNAME=\"mdbtools\" > -DPACKAGE_VERSION=\"0.9.1\"
Bug#977324: doesn't run: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren'
Control: severity -1 grave Control: tag -1 + patch Hi Same issue here: ocrfeeder crashes immediately when started, and is unusable. So I'm raising the severity. The good news is that the patch works like a charm. signature.asc Description: This is a digitally signed message part.
Bug#916692: ITA: cuyo
Hello Emmanuel Do you still plan to adopt cuyo? signature.asc Description: This is a digitally signed message part.
Bug#977730: torbrowser-launcher: Signature verification failed, key expired
Package: torbrowser-launcher Version: 0.3.3-3 Severity: important Dear Maintainer, When installing on a fresh bullseye, torbrowser is downloaded, then this message is printed: > SIGNATURE VERIFICATION FAILED > > Error Code: 110775B5(...)FF07E2: Key expired > > You might be under attack, there might be a network problem, or you > might be missing a recently added Tor Browser verification key. > > A copy of Tor (...) I expected the download to succeed, obviously. Thanks -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing'), (100, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages torbrowser-launcher depends on: ii ca-certificates20200601 ii gnupg 2.2.20-1 ii libdbus-glib-1-2 0.110-5 ii python33.9.0-4 ii python3-gpg1.14.0-1+b2 ii python3-packaging 20.4-1 ii python3-pyqt5 5.15.2+dfsg-1+b1 ii python3-requests 2.24.0+dfsg-1 ii python3-socks 1.7.1+dfsg-1 Versions of packages torbrowser-launcher recommends: ii tor 0.4.4.6-1 Versions of packages torbrowser-launcher suggests: ii apparmor 2.13.5-1+b2 -- no debconf information
Bug#977465: d/control: Please move Homepage: from binary package to source package
Package: coreutils Version: 8.32-4+b1 Severity: wishlist Dear Maintainer, I wanted to repport a man issue, and it took be a while to find upstream homepage (shame on me). Anyway, it would have been easier if https://tracker.debian.org/pkg/coreutils had shown the url. Please consider moving > Homepage: http://gnu.org/software/coreutils higher in the d/control file, from the binary package to the source package. Thanks
Bug#973751: util-linux: flock --conflict-exit-code returns number modulus 255
tag -1 + upstream Done. I was lazy looking where exactly to report that. And thank you for pointing out this is a system limitation. signature.asc Description: This is a digitally signed message part.
Bug#973751: util-linux: flock --conflict-exit-code returns number modulus 255
Package: util-linux Version: 2.36-3+b2 Severity: normal Dear Maintainer, When using flock --nonblock --conflict-exit-code 600 on a locked file, the returned value is 88. I expected it to be 600. This can re reproducted by runing: $ flock --nonblock --conflict-exit-code 600 test.lock -c "sleep 10"& a few times in a shell. flock should fail immediatly if the number parameter is out of acceptable range and will never be returned. Additionnally, flock(1) should document the fact that number must be <= 255. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages util-linux depends on: ii libaudit1 1:2.8.5-3.1 ii libblkid1 2.36-3+b2 ii libc6 2.31-4 ii libcap-ng0 0.7.9-2.2 ii libcrypt1 1:4.4.17-1 ii libmount1 2.36-3+b2 ii libpam0g 1.3.1-5 ii libselinux13.1-2+b1 ii libsmartcols1 2.36-3+b2 ii libsystemd0246.6-2 ii libtinfo6 6.2+20200918-1 ii libudev1 246.6-2 ii libuuid1 2.36-3+b2 ii login 1:4.8.1-1 ii zlib1g 1:1.2.11.dfsg-2 util-linux recommends no packages. Versions of packages util-linux suggests: ii dosfstools 4.1-2 ii kbd 2.3.0-3 ii util-linux-locales 2.36-3 -- no debconf information
Bug#968384: mdbtools: Consider switching to active fork
Evan Miller just got write access to the original repository [1] that Debian is following. There now is a redirection from https://github.com/brianb/mdbtools to https://github.com/mdbtools/mdbtools on the Microsoft side. He's planning to merge everything there [2] soon. Debian urls should be updated. [1] https://github.com/brianb/mdbtools [1] https://github.com/mdbtools/mdbtools/pull/162 signature.asc Description: This is a digitally signed message part.
Bug#956969: linphone: SIP account registration says "Go back" but there is no such button
Package: linphone Version: 3.12.0-3 Severity: normal Dear Maintainer, Using the Account assistant: On the window "This assistant will help you...", I clic on "Forward" On the next window I choose "Create an account on linphone.org", then I clic "Foward" (not Back) On the next window I enter email, usename, password and I clic "Apply". Next window says "Error, account is not validated, username already used or server unreachable. Please go back and try again". The problem is there is no "Go back" button then. The only button is "Forward" and it is disabled. I expected to have a "Back" button on a window that says "Go back", obviously. Thank you for taking care of linphone. :) -- System Information: Debian Release: 10.3 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-0.bpo.2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages linphone depends on: ii libatk1.0-0 2.30.0-2 ii libbctoolbox10.6.0-2+b2 ii libbelcard1 1.0.2-1 ii libbellesip0 1.6.3-5 ii libbzrtp01.0.6-3 ii libc62.28-10 ii libcairo21.16.0-4 ii libgcc1 1:8.3.0-6 ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 ii libglib2.0-0 2.58.3-2+deb10u2 ii libgtk2.0-0 2.24.32-3 ii libmediastreamer-base10 1:2.16.1-4+b1 ii libmediastreamer-voip10 1:2.16.1-4+b1 ii libnotify4 0.7.7-4 ii libortp131:1.0.2-1 ii libpango-1.0-0 1.42.4-7~deb10u1 ii libpangocairo-1.0-0 1.42.4-7~deb10u1 ii libpangoft2-1.0-01.42.4-7~deb10u1 ii libpangoxft-1.0-01.42.4-7~deb10u1 ii libsqlite3-0 3.27.2-3 ii libstdc++6 8.3.0-6 ii libudev1 241-7~deb10u3 ii libxml2 2.9.4+dfsg1-7+b3 ii linphone-nogtk 3.12.0-3 ii zlib1g 1:1.2.11.dfsg-1 linphone recommends no packages. Versions of packages linphone suggests: ii yelp 3.31.90-1 -- no debconf information
Bug#913046: libjs-cryptojs: Please upgrade to 3.1.9
Version 4.0 is out. signature.asc Description: This is a digitally signed message part.
Bug#950881: duply: Autoset trust of keys always fails
Package: duply Version: 2.1-1 Severity: normal Tags: patch Dear Maintainer, I occasionally restore servers by installing a basic Debian server, recovering the /root/.duply and then use duply restore. However, then, I don't have a gnupg home, so that that keys are imported on first run. This works fine. However, then, the key needs to be trusted, and it *always* fail. Step to reproduce: mv .gnupg .gnupg.bak duply ... status You then get something like: > Encryption public key 'DEBF3E88927A9346' not found. > Import keyfile '/root/.duply/hosname/gpgkey.DEBF3E88927A9346.pub.asc' to > keyring (OK) > Import keyfile '/root/.duply/hosname/gpgkey.DEBF3E88927A9346.sec.asc' to > keyring (OK) > Autoset trust of key 'DEBF3E88927A9346' to ultimate (FAILED) > For duply to work you have to set the trust level > with the command "trust" to "ultimate" (5) now. > Exit the edit mode of gpg with "quit". > Running gpg to manually edit key 'D790F566D0CC0472'Secret key is available. This is really annoying. I traced back the issue to the function gpg_fingerprint that's not working. The attached patch fixes the issue. Thank you for taking care of duply :) -- System Information: Debian Release: 10.3 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages duply depends on: ii duplicity 0.7.18.2-1 ii gnupg 2.2.12-1+deb10u1 duply recommends no packages. Versions of packages duply suggests: ii openssh-client 1:7.9p1-10+deb10u2 -- no debconf information--- /usr/bin/duply.orig 2018-11-17 22:27:30.0 + +++ /usr/bin/duply 2020-02-07 16:07:04.261144459 + @@ -1100,7 +1100,7 @@ # see 'How to specify a user ID' on gpg manpage function gpg_fingerprint { - local PRINT=$(gpg $GPG_OPTS --fingerprint "$1" 2>&1|awk -F= 'NR==2{gsub(/ /,"",$2);$2=toupper($2); if ( $2 ~ /^[A-F0-9]+$/ && length($2) == 40 ) print $2; else exit 1}') \ + local PRINT=$(gpg $GPG_OPTS --fingerprint "$1" 2>&1|awk -F= 'NR==2{gsub(/ /,"",$1);$2=toupper($1); if ( $1 ~ /^[A-F0-9]+$/ && length($1) == 40 ) print $1; else exit 1}') \ && [ -n "$PRINT" ] && echo $PRINT && return 0 return 1 } signature.asc Description: This is a digitally signed message part.
Bug#804766: inetutils-inetd: please support ipv6
On Wed, 11 Nov 2015 03:48:10 -0800, you wrote: > inetd does not listen on IPv6 ports, only IPv4. Actually, you can use "tcp6" rather than "tcp" to have a service work on both ipv4 & ipv6. Too bad this is undocumented, and that the default inetd.conf uses ipv4-only in its comments (examples). signature.asc Description: This is a digitally signed message part.
Bug#948168: inetutils-inetd: Typo in inetd.8 : s/--remote/--resolve
Package: inetutils-inetd Version: 2:1.9.4-7 Severity: minor Dear Maintainer, man inetd says: > --resolve > Resolve local and remote IP addresses and pass them to the server > program via TCPLOCALHOST and TCPREMOTEHOST environment variables. > See ENVIRONMENT below. This option implies --environment. but latter: > In addition, if given the --remote option, inetd will set the following > environment variables: > > TCPLOCALHOST: the DNS name of TCPLOCALIP. > > TCPREMOTEHOST: the DNS name of TCPREMOTEIP. Moreover: > # inetutils-inetd --environment --remote > inetutils-inetd: unrecognized option '--remote' So I guess the --remote is a typo for --resolve. Please consider fixing debian/local/man/inetd.8 Thank you -- System Information: Debian Release: 10.2 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-7-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages inetutils-inetd depends on: ii libc62.28-10 ii lsb-base 10.2019051400 ii rsyslog [system-log-daemon] 8.1901.0-1 ii tcpd 7.6.q-28 ii update-inetd 4.49 inetutils-inetd recommends no packages. inetutils-inetd suggests no packages. -- no debconf information
Bug#947956: duplicity: mega backend fails to create directory
Package: duplicity Version: 0.7.18.2-1 Severity: normal Tags: patch upstream Dear Maintainer, When using mega backend for the first time, the initial directory creation fails: > --- Start running command BKP at 18:08:19.874 --- > 1577988500 ERROR torsocks[13151]: Unable to resolve. Status reply: 4 (in > socks5_recv_resolve_reply() at socks5.c:677) > mkdir: hostname > Reading globbing filelist /root/.duply/hostname/exclude > megals: /Root/hostname > Local and Remote metadata are synchronized, no sync needed. > megals: /Root/hostname > Last full backup date: none > Last full backup is too old, forcing full backup > Reuse configured PASSPHRASE as SIGN_PASSPHRASE > megarm: duplicity-full.20200102T180820Z.vol1.difftar.gpg > megaput: duplicity-full.20200102T180820Z.vol1.difftar.gpg > Attempt 1 failed. BackendException: Error running 'megaput -u > em...@example.net -p mypassword --no-progress --path > /Root/hostname/duplicity-full.20200102T180820Z.vol1.difftar.gpg > /tmp/duplicity-yolDd8-tempdir/mktemp-idQtpH-2': returned 1, with output: > > ERROR: Upload failed for '/tmp/duplicity-yolDd8-tempdir/mktemp-idQtpH-2': > Parent directory doesn't exist: /Root/hostname > ^C18:08:27.223 Task 'BKP' failed with exit code '4'. Running megamkdir manually fixes the issue. This is actually easy to fix, it's just a typo calling _make_dir while the class function, just above, is named _makedir. Attached is a patch. I did check the problem is still present in the development tree. Thank you -- System Information: Debian Release: 10.2 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages duplicity depends on: ii gnupg 2.2.12-1+deb10u1 ii libc6 2.28-10 ii librsync1 0.9.7-10+b1 ii python2.7.16-1 ii python-fasteners 0.12.0-3 ii python-lockfile 1:0.12.2-2 Versions of packages duplicity recommends: ii python-oauthlib 2.1.0-1 ii python-paramiko 2.4.2-0.1 ii python-pexpect 4.6.0-1 ii python-urllib3 1.24.1-1 ii rsync3.1.3-6 Versions of packages duplicity suggests: pn lftp pn ncftp pn python-boto pn python-cloudfiles pn python-gdata pn python-pip pn python-swiftclient pn tahoe-lafs -- no debconf information --- duplicity/backends/megabackend.py 2020-01-02 18:33:17.129411886 +0100 +++ duplicity/backends/megabackend.py 2020-01-02 19:12:47.004365142 +0100 @@ -94,7 +94,7 @@ for folder in path: p = p + u'/' + folder try: -self._make_dir(p) +self._makedir(p) except: pass signature.asc Description: This is a digitally signed message part.
Bug#947317: uscan: Please allow .gitattributes override
Package: devscripts Version: 2.19.5+deb10u1 Severity: wishlist Dear Maintainer, I'm packaging phppgadmin[1]. Upstream provides several nice test suites, but they are strip from the official release tarball using a .gitattributes file with export-ignore lines[2]. Tests include a lot of files, like selenium core-lib. In turn, selenium bundle many external libraries. It makes sense to me that the final user doesn't want the full test suite deployed. So I fell unconfortable asking upstream to change their way of not releasing all this. However, I do want to get these files, at least in the source, so I can run unit tests. Uscan already provides a nice way to use upstream git. However, uscan calls "git archive" that also takes into account the .gitattributes file, so that it also removes the "/tests" files. Right now, I'm building a orig file using "git deborig" [3]. This is quite ugly. I believe it would be easy for uscan to override or ignore this .gitattributes file, like "git deborig" does. That would help a lot. Please provide a way to override / ignore / patch upstream .gitattributes. Hint: git archive have an option --worktree-attributes, that allows such override [4]. As far as I known, uscan doesn't provide a way to run code between "git clone" and "git archive". [1] https://tracker.debian.org/pkg/phppgadmin [2] https://github.com/phppgadmin/phppgadmin/blob/master/.gitattributes [3] https://salsa.debian.org/postgresql/phppgadmin/blob/debian/sid/debian/README.source [4] https://manpages.debian.org/buster/git-man/git-archive.1.en.html -- Package-specific info: --- /etc/devscripts.conf --- --- ~/.devscripts --- Not present -- System Information: Debian Release: 10.2 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages devscripts depends on: ii dpkg-dev 1.19.7 ii fakeroot 1.23-1 ii file 1:5.35-4+deb10u1 ii gnupg 2.2.12-1+deb10u1 ii gpgv 2.2.12-1+deb10u1 ii libc6 2.28-10 ii libfile-homedir-perl 1.004-1 ii libfile-which-perl1.23-1 ii libipc-run-perl 20180523.0-1 ii libmoo-perl 2.003004-2 ii libwww-perl 6.36-2 ii patchutils0.3.4-2 ii perl 5.28.1-6 ii python3 3.7.3-1 ii sensible-utils0.0.12 ii wdiff 1.2.2-2+b1 Versions of packages devscripts recommends: ii apt 1.8.2 ii at 3.1.23-1 ii curl7.64.0-4 ii dctrl-tools 2.24-3 ii debian-keyring 2019.02.25 ii dput1.0.3 ii equivs 2.2.0 ii libdistro-info-perl 0.21 ii libdpkg-perl1.19.7 ii libencode-locale-perl 1.05-1 ii libgit-wrapper-perl 0.048-1 ii libgitlab-api-v4-perl 0.16-1 ii liblist-compare-perl0.53-1 ii liblwp-protocol-https-perl 6.07-2 ii libsoap-lite-perl 1.27-1 ii libstring-shellquote-perl 1.04-1 ii libtry-tiny-perl0.30-1 ii liburi-perl 1.76-1 ii licensecheck3.0.31-3 ii lintian 2.15.0 ii man-db 2.8.5-2 ii patch 2.7.6-3+deb10u1 ii python3-apt 1.8.4 ii python3-debian 0.1.35 ii python3-magic 2:0.4.15-2 ii python3-requests2.21.0-1 ii python3-unidiff 0.5.4-1 ii python3-xdg 0.25-5 ii strace 4.26-0.2 ii unzip 6.0-23+deb10u1 ii wget1.20.1-1.1 ii xz-utils5.2.4-1 Versions of packages devscripts suggests: pn adequate pn autopkgtest pn bls-standalone ii bsd-mailx [mailx] 8.1.2-0.20180807cvs-1 ii build-essential 12.6 pn check-all-the-things pn cvs-buildpackage ii debhelper 12.1.1 pn devscripts-el pn diffoscope pn disorderfs pn dose-extra pn duck pn faketime pn gnuplot pn how-can-i-help ii libauthen-sasl-perl 2.1600-1 pn libdbd-pg-perl ii libfile-desktopentry-perl
Bug#940656: [Pkg-privacy-maintainers] Bug#940656: black screen after upgrade
Control: notforwarded -1 On Wednesday, 23 October 2019 13:01:53 CEST intrigeri wrote: > To me, it looks like you're affected by #942901 rather than #940656. You are right, sorry for the noise. signature.asc Description: This is a digitally signed message part.
Bug#940656: black screen after upgrade
Control: forwarded -1 https://trac.torproject.org/projects/tor/ticket/32215 I got the same issue, running buster All windows are black here. start-tor-browser --verbose shows: [21969, Main Thread] WARNING: failed to open shm: Permission denied: file /var/tmp/build/firefox-d051ff6e2f60/ipc/chromium/src/base/shared_memory_posix.cc, line 142 Crash Annotation GraphicsCriticalError: |[0][GFX1-]: Failed to lock new back buffer. (t=0.466201) [GFX1-]: Failed to lock new back buffer. "aa-disable /etc/apparmor.d/torbrowser.Browser.firefox" fixes the issue. "aa-audit /etc/apparmor.d/torbrowser.Browser.firefox" makes syslog show: Oct 23 12:11:23 deimos kernel: [48692.792047] audit: type=1400 audit(1571825483.423:757): apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/dev/shm/org.mozilla.ipc.23967.0" pid=23967 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 oui Fixed by adding /dev/shm/org.mozilla.*.* rw, to /etc/apparmor.d/torbrowser.Browser.firefox signature.asc Description: This is a digitally signed message part.
Bug#942827: buster-pu: package ndppd/0.2.5-4+deb10u1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: buster Severity: normal Dear RT In buster, ndppd has a world writable pid file. This prevent the daemon to be stop/restarted, which is a real pain when you set it up. I would like to backport the fix from testing. Attached the proposal. Do you think this is ok? -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enableddiff -Nru ndppd-0.2.5/debian/changelog ndppd-0.2.5/debian/changelog --- ndppd-0.2.5/debian/changelog 2018-11-16 17:26:06.0 +0100 +++ ndppd-0.2.5/debian/changelog 2019-10-17 10:21:15.0 +0200 @@ -1,3 +1,12 @@ +ndppd (0.2.5-4+deb10u1) buster; urgency=medium + + * Patch to avoid word writable pid file, that was breaking daemon init +scripts. (Closes: #942117) + * postinst script fixing pid file permissions for pre 0.2.5-4+deb10u1 +running daemons. + + -- Jean-Michel Vourgère Thu, 17 Oct 2019 10:21:15 +0200 + ndppd (0.2.5-4) unstable; urgency=medium * Migrated vcs to salsa. diff -Nru ndppd-0.2.5/debian/patches/pid_perms ndppd-0.2.5/debian/patches/pid_perms --- ndppd-0.2.5/debian/patches/pid_perms 1970-01-01 01:00:00.0 +0100 +++ ndppd-0.2.5/debian/patches/pid_perms 2019-10-16 22:48:06.0 +0200 @@ -0,0 +1,28 @@ +Description: Umask pid file permissions + Pid file was created with default 666 permissions. This causes security + issues when trying to stop the process. init stopped working because + start-stop-daemon(8) refuses to handle these nasty permissions, since dpkg + version 1.19.3. +Author: Jean-Michel Vourgère +Bug-Debian: https://bugs.debian.org/942117 +Bug: https://github.com/DanielAdolfsson/ndppd/issues/56 +Forwarded: yes +Last-Update: 2019-10-12 + +Index: ndppd-0.2.5/src/ndppd.cc +=== +--- ndppd-0.2.5.orig/src/ndppd.cc ndppd-0.2.5/src/ndppd.cc +@@ -274,10 +274,12 @@ int main(int argc, char* argv[], char* e + return -1; + + if (!pidfile.empty()) { ++mode_t old_umask = umask(022); + std::ofstream pf; + pf.open(pidfile.c_str(), std::ios::out | std::ios::trunc); + pf << getpid() << std::endl; + pf.close(); ++umask(old_umask); + } + + // Time stuff. diff -Nru ndppd-0.2.5/debian/patches/series ndppd-0.2.5/debian/patches/series --- ndppd-0.2.5/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ ndppd-0.2.5/debian/patches/series 2019-10-16 22:48:06.0 +0200 @@ -0,0 +1 @@ +pid_perms diff -Nru ndppd-0.2.5/debian/postinst ndppd-0.2.5/debian/postinst --- ndppd-0.2.5/debian/postinst 1970-01-01 01:00:00.0 +0100 +++ ndppd-0.2.5/debian/postinst 2019-10-17 10:19:32.0 +0200 @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) +if [ -n "$2" ] && dpkg --compare-versions "$2" lt-nl 0.2.5-4+deb10u1 +then + # Buster version can't be stopped. See #942117 + if [ -f /var/run/ndppd.pid ] + then +chmod 644 /var/run/ndppd.pid + fi +fi + ;; +esac + +#DEBHELPER# signature.asc Description: This is a digitally signed message part.
Bug#886181: rrdtool: Please switch to automatic dbgsym package
Control: tag -1 - wontfix + pending I tried to enable the automatic debug symbol packages, with the python debug interface in a new python3-rrdtool-dbg package. However, lintian complains: W: rrdtool changes: package-builds-dbg-and-dbgsym-variants python3-rrdtool- {dbg,dbgsym} N: N:This package appears to build both -dbg and -dbgsym variants of a N:package. Only one package should contain the debug symbols N: N:Usually the -dbg should be dropped in favour of the -dbgsym. However, in N:some cases (e.g. Python modules) the -dbg contains more than just the N:debug symbols. In these cases the -dbgsym should not be built. N: N:Refer to the dh_strip(1) manual page and N:https://wiki.debian.org/AutomaticDebugPackages for details. N: N:Severity: normal, Certainty: certain N: N:Check: changes-file, Type: changes So I did automatic symbols for all packages but python3-rrdtool, that will keep the old style -dbg package. https://salsa.debian.org/rrdtool-team/rrdtool/commit/ fd6a82c71b50062a93a8a019c77a42129de1761f Comments are welcome. signature.asc Description: This is a digitally signed message part.
Bug#942639: fix build with Python3.8 + unusual packaging of the debug extension
Hi again On Saturday, 19 October 2019 12:29:47 CEST Matthias Klose wrote: > The attached patch fixes the build with Python3.8. > > Noticing that you package both the normal and the debug extension module in > the same package python3-rrdtool. The latter should be packaged into a > python-rrdtool-dbg package. Could you explain a bit more how is this a problem for python 3.8? Buster version has: python3-rrdtool.install: usr/lib/python3*/dist-packages/rrdtool*[0-9]m-*.so rrdtool-dbg.install: usr/lib/python3*/dist-packages/rrdtool*[0-9]dm-*.so After switching to automatic debug symbols with an extra python -dbg package: python3-rrdtool.install: usr/lib/python3*/dist-packages/rrdtool*[0-9]m-*.so python3-rrdtool-dbg.install: usr/lib/python3*/dist-packages/rrdtool*[0-9]dm-*.so (This now generates a python3-rrdtool-dbg-dbgsym package) But I fail to see how this helps with python 3.8. Are the .so name changed? How so? I tried to look at your upload of twisted, but it looks like you forgot to push your changes, and twisted_18.9.0-4.dsc is not in the pool yet. signature.asc Description: This is a digitally signed message part.
Bug#942639: fix build with Python3.8 + unusual packaging of the debug extension
Hello Matthias Thank for your bug report and patch. Actually, I've been putting the rrdtool*[0-9]dm-*.so file in the general old school rrdtool-dbg package. I'm still using non automatic debug symbols, because of that damned file. I'll switch to automatic debug symbols at the same time. :) You suggested I use python-rrdtool-dbg, but I suppose you mean python3- rrdtool-dbg, right? I am unsure of naming convention, and the archive seems to have an ugly mix of names. signature.asc Description: This is a digitally signed message part.
Bug#942137: postgresql-common: strech/buster upgrades fail with error 'invalid value for parameter "lc_time"'
Control: tag -1 - moreinfo Hi Christoph My English locale en_GB.UTF-8 is working fine. It is my default locale, defined either at installation, or by dpkg-reconfigure locales. Each time I do a major Debian dist-upgrade (7/8, 8/9 and 9/10), I get many such perl warnings. It has never been a real issue, but for the flood of my terminal. Attached is the beginning of my term.log and my /etc/postgresql/9.6/main/ postgresql.conf. You'll notice that packages locales and perl-modules are unpacked really early, but are configured later. These annoying warnings stops when they are configured. You'll notice that I have: lc_messages = 'en_GB.UTF-8' # locale for system error message # strings lc_monetary = 'en_GB.UTF-8' # locale for monetary formatting lc_numeric = 'en_GB.UTF-8' # locale for number formatting #lc_time = 'en_GB.UTF-8' # locale for time formatting The only problem is lc_time. One must comment out the line for postgres9.6 to start during the dist-upgrade. The other lines like lc_messages, lc_monetary and lc_numeric are not a problem. I upgraded 5 different postgresql servers, and I had to edit the postgresql.conf in the middle of the update on all 5 of them! Not doing so causes the whole dist-upgrade to fail with other nastier side-effect. This is not an isolated issue! You suggested that I redo a "dpkg-reconfigure locales". I don't think I could do that in the middle of a dist-upgrade! I assure you that my locale is working fine before and after the upgrade, even if it's broken during the dist-upgrade! You can very probably reproduce the problem by installing a stretch using locale en_GB.UTF-8, then install postgres (You should then get a lc_time='en_GB.UTF-8' in postgresql.conf) and libnss, then do a dist-upgrade accepting all automatic restarts when required. Fell free to tell me how I can help to pinpoint the issue.Log started: 2019-10-10 19:09:28 (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73431 files and directories currently installed.) Preparing to unpack .../libc-l10n_2.28-10_all.deb ... Unpacking libc-l10n (2.28-10) over (2.24-11+deb9u4) ... Preparing to unpack .../locales_2.28-10_all.deb ... Unpacking locales (2.28-10) over (2.24-11+deb9u4) ... dpkg: systemd-shim: dependency problems, but removing anyway as you requested: libpam-systemd:amd64 depends on systemd-shim (>= 10-3~) | systemd-sysv; however: Package systemd-shim is to be removed. Package systemd-sysv is not installed. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73450 files and directories currently installed.) Removing systemd-shim (10-3) ... Removing 'diversion of /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service to /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service.systemd by systemd-shim' dpkg: sysvinit-core: dependency problems, but removing anyway as you requested: init depends on systemd-sysv | sysvinit-core; however: Package systemd-sysv is not installed. Package sysvinit-core is to be removed. Removing sysvinit-core (2.88dsf-59.9) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73417 files and directories currently installed.) Preparing to unpack .../systemd-sysv_241-7~deb10u1_amd64.deb ... Unpacking systemd-sysv (241-7~deb10u1) ... Setting up systemd-sysv (241-7~deb10u1) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading
Bug#942137: postgresql-common: strech/buster upgrades fail with error 'invalid value for parameter "lc_time"'
Package: postgresql-common Version: 200+deb10u2 Severity: normal Dear Maintainer, When upgrading from stretch to buster, the nss upgrade offers restart the affected services, that is postgresql. Then we get the message: ┌─Configuring libc6:amd64┐ │ Failure restarting some services for GNU libc upgrade │ ││ │ The following services could not be restarted for the GNU libc library │ │ upgrade: │ ││ │ postgresql │ ││ │ You will need to start these manually by running 'invoke-rc.d │ │ start'.│ ││ ││ ├┤ │ < OK > │ └┘ Running "/etc/init.d/postgresql start" manually, one gets: perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_GB.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). [] Starting PostgreSQL 9.6 database server: main[] perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_GB.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). The PostgreSQL server failed to start. Please check the log output: 2019-10-10 20:10:39 BST [21355-1] LOG: invalid value for parameter "lc_time": "en_GB.UTF-8" 2019-10-10 20:10:39 BST [21355-2] FATAL: configuration file "/etc/postgresq[FAIL/main/postgresql.conf" contains errors ... failed! failed! If I comment out the line "lc_time" in /etc/postgresql/9.6/main/postgresql.conf then every thing is fine. I expected libc to upgrade smoothly without having to patch postgresql.conf file. -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages postgresql-common depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.71 ii lsb-base 10.2019051400 ii postgresql-client-common 200+deb10u2 ii procps2:3.3.15-2 ii ssl-cert 1.0.39 ii ucf 3.0038+nmu1 Versions of packages postgresql-common recommends: ii e2fsprogs 1.44.5-1+deb10u2 ii logrotate 3.14.0-4 Versions of packages postgresql-common suggests: ii libjson-perl 4.02000-1 -- debconf information excluded
Bug#941980: pod2man: Please convert zero-width space (u200B) to \:
Package: perl Version: 5.28.1-6 Severity: normal File: /usr/bin/pod2man Dear Maintainer, I'm using pod to generate man files in package rrdtool. I had an issue with long man lines such as: BIvnameE>=IrrdfileE>:Ids-nameE>:ICFE>[:step=IstepE>][:start=ItimeE>][:end=ItimeE>][:reduce=IBE>][:daemon=IaddressE>] that results lintian "manpage-has-errors-from-man": can't break line. That I fixed that by inserting unicode zero-width-space characters 200B: BIvnameE>=IrrdfileE>:Ids-nameE>:ICFE>[:step=IstepE>][:start=ItimeE>]E<0x200B>[:end=ItimeE>]E<0x200B>[:reduce=IBE>]E<0x200B>[:daemon=IaddressE>] I expected pod2man to generate the corect \: escape sequence, but it did not. Right now, as a work around, I'm using in my make file: pod2man ... --utf8 $< | sed -e $$'s|\u200B|:|g' > $@ This is working great. However, it would be nice if pod2man would generate automatically the \: escape sequences, so that I don't have to sed the output! One could argue that man should handle the "\u200B" character correctly, but it seems logical to have pod2man do the escape as it would works both with and without utf-8 encoding. Thank you! -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages perl depends on: ii dpkg 1.19.7 ii libperl5.285.28.1-6 ii perl-base 5.28.1-6 ii perl-modules-5.28 5.28.1-6 Versions of packages perl recommends: ii netbase 5.6 Versions of packages perl suggests: pn libb-debug-perl pn liblocale-codes-perl pn libterm-readline-gnu-perl | libterm-readline-perl-perl ii make4.2.1-1.2 ii perl-doc5.28.1-6 -- no debconf information
Bug#941727: phppgadmin expects jquery version 1.8
Package: phppgadmin Version: 7.12.0+ds-1 Severity: normal javascript fails on several pages with the message TypeError: $(...).live is not a function This is because Debian ships with jqery 3.3 while the package expect jquery 1.8
Bug#938414: rrdtool: Python2 removal in sid/bullseye
Control: tags -1 - pending Control: reassign -1 ftp.debian.org Control: retitle -1 RM: python-rrdtool -- ROM; python2 removal rrdtool no longer builds package python-rrdtool. Please remove that binary package from the archive. signature.asc Description: This is a digitally signed message part.
Bug#938414: rrdtool python2 removal
Hi Andreas On Wednesday, 4 September 2019 22:00:54 CEST Andreas Henriksson wrote: > Control: tags -1 + pending Thanks. I should have done that earlier! I hope you did not loose too much time because of that. :/ > I noticed two things you might want to adress though: > - the dh-python build-dependency was removed. This package contains the > dh_python3 helper which the package still seems to be using, so > removing this build-dependency was likely a mistake. python3-all-dbg and python3-all-dev both depends on dh-python, so this is no big deal. But it looks cleaner to explicitly require it, thanks. > - The debian/changelog should be changed from "(See: #938414)" to > "(Closes: #938414)" so that this bug report gets closed automatically > when the fixed package is uploaded. That's on purpose. See https://wiki.debian.org/Python/2Removal signature.asc Description: This is a digitally signed message part.
Bug#936499: eyefiserver: Python2 removal in sid/bullseye
Control: reassign -1 ftp.debian.org Control: retitle -1 RM: eyefiserver -- removal triggered by the Python2 removal Please remove eyefiserver from the archive: The project is dead upstream. I could not find anyone working on the python3 version. popcon is 17. eyefi cards - SD cards with embedded wifi chips for automatic pics uploads - no longer are popular. I fell porting the whole thing to python3 is not worth the effort. But if someone reads this and want to give it a try, I can sponsor him. Thank you signature.asc Description: This is a digitally signed message part.
Bug#935419: RM: python-django-session-security/2.6.5+dfsg-1 -- ROM; cruft
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hello Due to #933034, I believe I need manual decrufting: source package django-session-security 2.6.5+dfsg-2 no longer builds binary package(s): python-django-session-security Please remove python-django-session-security/2.6.5+dfsg-1 from testing so that django-session-security 2.6.5+dfsg-2 can migrate from sid to testing. https://qa.debian.org/madison.php?package=django-session-security=debian===bullseye=on django-session-security | 2.6.5+dfsg-1 | bullseye | source python-django-session-security | 2.6.5+dfsg-1 | bullseye | all python3-django-session-security | 2.6.5+dfsg-1 | bullseye | all The binary only removal itself is because of python2 removal (#931659).
Bug#932985: [932985] Please remove Python 2 support
Hi Thomas Thank you for your patch. I just made an upload based on it. I had to remove python3-django-session-security.install since pybuild put the files directly in the correct location. Also I changed your sphinx changes. Originally: > override_dh_auto_build: > dh_auto_build -O--buildsystem=python_distutils Your version > override_dh_sphinxdoc: > ifeq (,$(findstring nodoc, $(DEB_BUILD_OPTIONS))) > python3 setup.py build_sphinx > dh_sphinxdoc > endif doesn't quite work as dh_sphinxdoc run after dh_install, that fails because the files are not there. My final version: > override_dh_auto_build: > dh_auto_build > ifeq (,$(findstring nodoc, $(DEB_BUILD_OPTIONS))) > python3 setup.py build_sphinx > endif works, and doesn't mix the build systems, which I believe was your point. If you have a better idea, it will be welcome. Thanks again signature.asc Description: This is a digitally signed message part.
Bug#931464: movim: deamon start "--no-ansi" option doesn't work
Package: movim Version: 0.14.1-5 Severity: normal Dear Maintainer, I just tried buster's movim. I have a black background and php daemon.php start --url=https://movim.nirgal.com/ --port=8080 --no-ansi -vvv prints text in dark blue over black, which is unreadable. I expected --no-ansi to disable the colors. Thank you for taking care of movim. :) -- System Information: Debian Release: 9.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#929776: unblock: rrdtool/1.7.1-2
Control: tags -1 -moreinfo Version 1.7.1-2 is now installed on all major architectures. signature.asc Description: This is a digitally signed message part.
Bug#929776: unblock: rrdtool/1.7.1-2
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please allow me to add an upstream patch in order to fix segfaults in rrdtool daemon, that occurs when xport'ing an non-existent RRD file. unblock rrdtool/1.7.1-2 diff -Nru rrdtool-1.7.1/debian/changelog rrdtool-1.7.1/debian/changelog --- rrdtool-1.7.1/debian/changelog 2019-02-07 17:08:22.0 +0100 +++ rrdtool-1.7.1/debian/changelog 2019-05-30 22:28:06.0 +0200 @@ -1,3 +1,9 @@ +rrdtool (1.7.1-2) unstable; urgency=medium + + * Cherry pick commit from 1.7.2 to prevent daemon segfault. + + -- Jean-Michel Vourgère Thu, 30 May 2019 22:28:06 +0200 + rrdtool (1.7.1-1) unstable; urgency=medium * New upstream version (Closes: #891491, #898184): diff -Nru rrdtool-1.7.1/debian/patches/segfault-xport rrdtool-1.7.1/debian/patches/segfault-xport --- rrdtool-1.7.1/debian/patches/segfault-xport 1970-01-01 01:00:00.0 +0100 +++ rrdtool-1.7.1/debian/patches/segfault-xport 2019-05-30 22:28:06.0 +0200 @@ -0,0 +1,21 @@ +From: themylogin +Subject: fix segfault on non-existent RRD file when using rrdcached + fix segfault on non-existent RRD file when using rrdcached + rrdtool xport + (like 814ca69 does for rrdtool graph) +Applied-Upstream: https://github.com/oetiker/rrdtool-1.x/commit/24b922a2eae193d5d44c01a75786aca4b277a4db +Date: Wed, 27 Mar 2019 18:09:55 +0100 +Reviewed-by: Tobias Oetiker + +Index: rrdtool/src/rrd_xport.c +=== +--- rrdtool.orig/src/rrd_xport.c rrdtool/src/rrd_xport.c +@@ -231,7 +231,7 @@ static int rrd_xport_fn( + + + /* pull the data from the rrd files ... */ +-if (data_fetch(im) == -1) ++if (data_fetch(im) != 0) + return -1; + + /* evaluate CDEF operations ... */ diff -Nru rrdtool-1.7.1/debian/patches/series rrdtool-1.7.1/debian/patches/series --- rrdtool-1.7.1/debian/patches/series 2019-02-07 16:21:22.0 +0100 +++ rrdtool-1.7.1/debian/patches/series 2019-05-30 22:28:06.0 +0200 @@ -1,2 +1,3 @@ no-rpath-for-ruby breaks-long-man-lines +segfault-xport signature.asc Description: This is a digitally signed message part.
Bug#927952: duply: ssh connection fails when known_hosts doesn't exists
Package: duply Version: 1.11.3-1 Severity: normal Dear Maintainer, On a freshly installed stretch server, on first run, when using ssh, duply (or a dependency) fails if file known_hosts doesn't exist. I expected duply to create the file if it's missing. A simple work around is to connect using ssh first, so that the file is created. Here are the log: $ duply hostname status Start duply v1.11.3, time is 2019-04-25 09:46:42. Using profile '/root/.duply/hostname'. Using installed duplicity version 0.7.11, python 2.7.13, gpg 2.1.18 (Home: /root/.gnupg), awk 'mawk 1.3.3 Nov 1996, Copyright (C) Michael D. Brennan', grep 'grep (GNU grep) 2.27', bash '4.4.12(1)-release (x86_64-pc-linux-gnu)'. Autoset found secret key of first GPG_KEY entry '785A86B399C9BD78' for signing. Checking TEMP_DIR '/tmp' is a folder and writable (OK) Test - Encrypt to '785A86B399C9BD78' & Sign with '785A86B399C9BD78' (OK) Test - Decrypt (OK) Test - Compare (OK) Cleanup - Delete '/tmp/duply.9853.1556185603_*'(OK) Backup PUB key '785A86B399C9BD78' to profile. (OK) Write file 'gpgkey.785A86B399C9BD78.pub.asc' (OK) Backup SEC key '785A86B399C9BD78' to profile. (OK) Write file 'gpgkey.785A86B399C9BD78.sec.asc' (OK) INFO: duply exported new keys to your profile. You should backup your changed profile folder now and store it in a safe place. --- Start running command STATUS at 09:46:43.401 --- The authenticity of host 'ouqo6z3ijgz7sn7k.onion' can't be established. SSH-RSA key fingerprint is ce:2c:7d:15:8a:d0:ea:86:8c:fe:e9:cc:7d:c1:8d:f8. Are you sure you want to continue connecting (yes/no)? yes BackendException: ssh connection to u...@mybackupserver.com:22 failed: [Errno 2] No such file or directory: '/root/.ssh/known_hosts' 09:46:54.361 Task 'STATUS' failed with exit code '23'. --- Finished state FAILED 'code 23' at 09:46:54.361 - Runtime 00:00:10.959 --- -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages duply depends on: ii duplicity 0.7.11-1 ii gnupg 2.1.18-8~deb9u4 duply recommends no packages. Versions of packages duply suggests: ii openssh-client 1:7.4p1-10+deb9u6 -- no debconf information
Bug#805596: dnsmasq: Fails to resolve cloudflare.com domains with dnssec
Shouldn't this report be closed or at least tagged as fixed in stretch? signature.asc Description: This is a digitally signed message part.
Bug#923726: monero: Monero requires update to work after March 9th
Package: monero Version: 0.13.0.4-1~bpo9+1 Severity: important Dear Maintainer, Monero protocol will be updated on March the 9th [1]. The version 0.13 in Debian will cease to work then. Please package version 0.14 or backport the changes. [1] https://github.com/monero-project/monero/releases Or see banner at https://ww.getmonero.org/ pointing at https://www.reddit.com/r/Monero/comments/ap6iiw/monero_will_fork_at_block_1788000_march_9th/ -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages monero depends on: ii libboost-chrono1.62.0 1.62.0+dfsg-4 ii libboost-date-time1.62.01.62.0+dfsg-4 ii libboost-filesystem1.62.0 1.62.0+dfsg-4 ii libboost-program-options1.62.0 1.62.0+dfsg-4 ii libboost-regex1.62.01.62.0+dfsg-4 ii libboost-serialization1.62.01.62.0+dfsg-4 ii libboost-system1.62.0 1.62.0+dfsg-4 ii libboost-thread1.62.0 1.62.0+dfsg-4 ii libc6 2.24-11+deb9u4 ii libgcc1 1:6.3.0-18+deb9u1 ii libhidapi-libusb0 0.8.0~rc1+git20140818.d17db57+dfsg-1 ii libminiupnpc10 1.9.20140610-4 ii libreadline77.0-3 ii libsodium18 1.0.11-2 ii libssl1.1 1.1.0j-1~deb9u1 ii libstdc++6 6.3.0-18+deb9u1 ii libunbound2 1.6.0-3+deb9u2 ii libzmq5 4.2.1-4+deb9u1 monero recommends no packages. monero suggests no packages. -- no debconf information
Bug#920441: libjs-cryptojs: Doesn't decrypt output from openssl enc anymore
Package: libjs-cryptojs Version: 3.1.2+dfsg-2 Severity: normal Dear Maintainer, Up to jessie, one could encrypt something using openssl: echo "This is a test" | openssl enc -aes-256-cbc -pass pass:mypassphrase -e -base64 and decrypt it using crypto-js var plaintext = CryptoJS.AES.decrypt("U2FsdGVkX1+xT6Jz+c3NLK7zo1OpCBONwFRDOJaWurQ=", "mypassphrase" ); This doesn't work with openssl from stretch onward, since openssl is no longer using md5. evpkdf.js contains: "hasher: MD5" It is possible to work around by adding "-md md5" to openssl calls. cryptojs should be compatible with openssl defaults. -- System Information: Debian Release: 9.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) libjs-cryptojs depends on no packages. Versions of packages libjs-cryptojs recommends: ii javascript-common 11 libjs-cryptojs suggests no packages. -- no debconf information
Bug#916845: needrestart: README.nagios.md refers to undistributed file ex/nagios/needrestart-nagios
Package: needrestart Version: 3.3-2 Severity: normal Dear Maintainer, Please distribute de ex/nagios/needrestart-nagios as documentation. It is missing. Alternatively, it would make sense to copy it directly in /etc/sudoers.d/ since it is only for user nagios and it include the -p parameter that prevent automatic restarts. Some people might disagree, though. Thank you :)
Bug#902444: findutils: -print0 breaks -name conditions
Package: findutils Version: 4.6.0+git+20161106-2 Severity: normal Dear Maintainer, I am runing periodically > find "$dir" -type f -print0 ! -name clamav.log | xargs -0 clamdscan > -log="$dir/clamav.log" But the file clamav.log is added to the list while it should be excluded. I traced the issue to a -print0 problem. > find -type f -print0 ! -name clamav.log do not remove clamav.log from the list > find -type f ! -name clamav.log works ok. I expected the -print0 option not to change the logic of the -name conditions. -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages findutils depends on: ii libc62.24-11+deb9u3 ii libselinux1 2.6-3+b3 findutils recommends no packages. Versions of packages findutils suggests: ii mlocate 0.26-2 -- no debconf information
Bug#902275: haproxy: resolvers nameserver doesn't support IPv6
Source: haproxy Version: 1.7.5-2 Severity: normal Dear Maintainer, I tried to enable dns check in my proxy and this works: -- 8< resolvers mydns nameserver dnsmasq 127.0.0.1:53 -- 8< However, my first tries where nameserver dnsmasq [::1]:53 and nameserver dnsmasq ::1:53 and nameserver dnsmasq localhost:53 All of these attemps resulted in this error: Starting [mydns/dnsmasq] nameserver: can't connect socket. I did check that my local dns is working properly as dig +short localhost @::1 ANY works ok. I expected to be able to enter a v6 address. -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) signature.asc Description: This is a digitally signed message part.
Bug#894444: needrestart doesn't restart services anymore
Hi Sorry for the long delay anwsering. >> I am using it with unattended-upgrades. >> (...) >> I expected needrestart to automatically reload the services using obsolete >> libssl, like it used to. > This is triggered by the bugfix for Debian Bug#876459 and is > intentional (upstream's point of view). > (...) > The behavior before 2.11-3+deb9u1 was a bug and has been fixed in > stretch's point release 9.4. Wow... I expected my system to continue installing security updates AND enabling them by restarting the affected services when needed. I find that Debian 9.4 release news "needrestart - Fix switching to list mode if debconf is run non-interactively" message is inadequate: There should be a huge fat warning telling people that their system is no longer protected by security upgrades; and that default behavior of needrestart is to do nothing! Please consider adding a debian/NEWS file. > You could change the default mode to automaticly restart (that also > effects the interactive mode). (Hint: with needrestart 3.0 it is > possible to set the NEEDRESTART_MODE environment variable to override > needrestart's restart mode... might be used in the unattended-upgrade > cronjob). This did the trick for me, without enabling backports: --- /etc/apt/apt.conf.d/99needrestart.orig 2018-06-18 15:29:27.913148439 + +++ /etc/apt/apt.conf.d/99needrestart 2018-06-18 15:29:42.337066054 + @@ -5,4 +5,4 @@ # was no error during installation. # -DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke || true"; }; +DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke -ra || true"; }; Thank you for your detailed answer and for taking care of needrestart! <3 signature.asc Description: This is a digitally signed message part.
Bug#900807: duplicity: Typo in manual
Package: duplicity Version: 0.7.11-1 Severity: minor Dear Maintainer, duplicity(1) contains in "OPERATION AND DATA FORMATS": > It should not necessary to read this section to use duplicity. I suggest: > It should not be necessary to read this section to use duplicity. or even: > It is not necessary to read this section to use duplicity. Thank your for taking care of duplicity! -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages duplicity depends on: ii libc62.24-11+deb9u3 ii librsync10.9.7-10+b1 ii python 2.7.13-2 ii python-lockfile 1:0.12.2-2 Versions of packages duplicity recommends: ii python-oauthlib 2.0.1-1 ii python-paramiko 2.0.0-1 ii python-urllib3 1.19.1-1 ii rsync3.1.2-1+deb9u1 Versions of packages duplicity suggests: pn lftp pn ncftp pn python-boto pn python-cloudfiles pn python-gdata pn python-swiftclient pn tahoe-lafs -- no debconf information
Bug#885874: ITP: node-raphael -- JavaScript library to work with vector graphics
Hi praveen You added the "blocks", so I guess you know that package is already in the archive: https://packages.qa.debian.org/raphael Shouldn't we close that bug? For you information, raphael has just been orphaned. https://bugs.debian.org/895407 signature.asc Description: This is a digitally signed message part.
Bug#894441: dpkg-buildpackage: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries. Breaks M-A:same
On Friday, 30 March 2018 15:02:31 CEST Chris Lamb wrote: > [ https://lists.debian.org/debian-security/2017/05/msg00011.html ] On Friday, 30 March 2018 20:15:33 CEST Sven Joachim wrote: > [ https://bugs.debian.org/843773 ] Thanks a lot guys for pointing out that issue! Basically, when doing bin-nmus, we really want to bump the mtime of the distributed files. Not doing so results in some backups programs (rsync...) to loose updates. Other programs restarting services on libraries updates (needrestart...) would also be affected. So, during compilation: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries because it breaks Multi-Arch:same on bin-nmu. During dpkg-deb (: SOURCE_DATE_EPOCH must *not* ignore bin-nmu changelog entries because it would break software relying on files mtime. Doh! In https://bugs.debian.org/843773#75 Ian Jackson propose to introduce a BUILD_DATE_EPOCH (= time of sbuild binnmu invocation) be prefered over SOURCE_DATE_EPOCH by dpkg-deb. That would work, wouldn't it? signature.asc Description: This is a digitally signed message part.
Bug#788574: libjs-raphael: Watch file doesn't work
Attached is an updated versionversion=3 https://github.com/DmitryBaranovskiy/raphael/releases \ .*[^n]/(?:|v|version-|version|release-|r|REL_|rel-|raphael(?:_|-))(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) signature.asc Description: This is a digitally signed message part.
Bug#894603: logrotate: file size changed while zipping
Control: tag -1 forwarded https://bugzilla.netfilter.org/show_bug.cgi?id=1240 Hi I filed a bug report upstream. We are not using their logrotate conf file, but they are similar. signature.asc Description: This is a digitally signed message part.
Bug#894603: logrotate: file size changed while zipping
Package: ulogd2 Version: 2.0.5-5 Severity: normal Hello Chris, I got this email from cron: > /etc/cron.daily/logrotate: > error: Compressing program wrote following message to stderr when > compressing log /var/log/ulog/syslogemu.log.1: > gzip: stdin: file size changed while zipping I suspect last log entries are lost. This is an unwanted message in anycase. One solution would be to add delaycompress in the logrotate script, I suppose. Cheers -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages ulogd2 depends on: ii adduser 3.115 ii init-system-helpers 1.48 ii libc62.24-11+deb9u3 ii libmnl0 1.0.4-2 ii libnetfilter-acct1 1.0.2-1.1 ii libnetfilter-conntrack3 1.0.6-2 ii libnetfilter-log11.0.1-1.1 ii libnfnetlink01.0.1-3 ii lsb-base 9.20161125 ulogd2 recommends no packages. Versions of packages ulogd2 suggests: pn ulogd2-dbi pn ulogd2-json pn ulogd2-mysql pn ulogd2-pcap pn ulogd2-pgsql pn ulogd2-sqlite3 -- Configuration Files: /etc/ulogd.conf [Errno 13] Permission denied: '/etc/ulogd.conf' -- no debconf information signature.asc Description: This is a digitally signed message part.
Bug#894444: needrestart doesn't restart services anymore
Package: needrestart Version: 2.11-3+deb9u1 Severity: normal Dear Maintainer, Here, needrestart recently stopped working automatically in stable. I am using it with unattended-upgrades. After libssl upgrade this morning, unattended-upgrades-dpkg.log says things like: systemctl restart nagios-nrpe-server.service But a ps show that the service has not been restarted for 2 weeks: nagios 880 0.0 0.1 23912 4084 ?Ss Mar13 1:08 /usr/sbin/ nrpe -c /etc/nagios/nrpe.cfg -f If I run needrestart manually, I am asked whether or not I want to restart nagios-nrpe-server.service (cute curse interface). If I answer yes, the services are properly restarted. nagios 21026 0.3 0.1 23912 4316 ?Ss 12:10 0:00 /usr/sbin/ nrpe -c /etc/nagios/nrpe.cfg -f I expected needrestart to automatically reload the services using obsolete libssl, like it used to. This bug has major security impact on all my servers, obviously. Luckilly nagios plugin mode show which servers are affected and need to be restarted manually. -- Package-specific info: needrestart output: Running kernel seems to be up-to-date. Services to be restarted: systemctl restart ntp.service systemctl restart ssh.service No containers need to be restarted. No user sessions are running outdated binaries. -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages needrestart depends on: ii dpkg 1.18.24 ii gettext-base 0.19.8.1-2 ii libintl-perl 1.26-2 ii libmodule-find-perl0.13-1 ii libmodule-scandeps-perl1.23-1 ii libproc-processtable-perl 0.53-2 ii libsort-naturally-perl 1.03-1 ii libterm-readkey-perl 2.37-1 ii perl 5.24.1-3+deb9u2 ii xz-utils 5.2.2-1.2+b1 Versions of packages needrestart recommends: ii libpam-systemd 232-25+deb9u2 Versions of packages needrestart suggests: pn needrestart-session | libnotify-bin -- no debconf information Log started: 2018-03-30 06:53:40 Preconfiguring packages ... (Reading database ... ^M(Reading database ... 5%^M(Reading database ... 10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading database ... 25%^M(Reading database ... 30%^M(Reading database ... 35%^M(Reading database ... 40%^M(Reading database ... 45%^M(Reading database ... 50%^M(Reading database ... 55%^M(Reading database ... 60%^M(Reading database ... 65%^M(Reading database ... 70%^M(Reading database ... 75%^M(Reading database ... 80%^M(Reading database ... 85%^M(Reading database ... 90%^M(Reading database ... 95%^M(Reading database ... 100%^M(Reading database ... 47196 files and directories currently installed.) Preparing to unpack .../libssl1.0.2_1.0.2l-2+deb9u3_amd64.deb ... Unpacking libssl1.0.2:amd64 (1.0.2l-2+deb9u3) over (1.0.2l-2+deb9u2) ... Preparing to unpack .../libssl1.1_1.1.0f-3+deb9u2_amd64.deb ... Unpacking libssl1.1:amd64 (1.1.0f-3+deb9u2) over (1.1.0f-3+deb9u1) ... Preparing to unpack .../openssl_1.1.0f-3+deb9u2_amd64.deb ... Unpacking openssl (1.1.0f-3+deb9u2) over (1.1.0f-3+deb9u1) ... Setting up libssl1.0.2:amd64 (1.0.2l-2+deb9u3) ... Processing triggers for libc-bin (2.24-11+deb9u3) ... Setting up libssl1.1:amd64 (1.1.0f-3+deb9u2) ... Setting up openssl (1.1.0f-3+deb9u2) ... Processing triggers for man-db (2.7.6.1-2) ... Processing triggers for libc-bin (2.24-11+deb9u3) ... Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The resize program didn't work. The stty program didn't work. at /usr/share/perl5/NeedRestart/UI.pm line 50. Running kernel seems to be up-to-date. Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The resize program didn't work. The stty program didn't work. at /usr/share/perl5/NeedRestart/UI.pm line 50. Services to be restarted: systemctl restart nagios-nrpe-server.service systemctl restart ntp.service systemctl restart ssh.service Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The resize program didn't work. The stty program didn't work. at /usr/share/perl5/NeedRestart/UI.pm line 50. Services being skipped: systemctl restart apt-daily-upgrade.service Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The resize program didn't work. The stty program didn't work. at /usr/share/perl5/NeedRestart/UI.pm line 50. No containers need to be restarted. Unable to get Terminal Size. The TIOCGWINSZ ioctl didn't work. The COLUMNS and LINES environment variables didn't work. The
Bug#894441: dpkg-buildpackage: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries. Breaks M-A:same
Package: dpkg-dev Version: 1.19.0.5 Severity: important Justification: Make unrelated packages violate multi-arch specs Dear Maintainer, When doing bin-nmu, each architecture gets its own d/changelog entry like: rrdtool (1.7.0-1+b1) sid; urgency=low, binary-only=yes * Binary-only non-maintainer upload for arm64; no source changes. * Rebuild without ruby2.3 support. -- arm Build Daemon (arm-conova-01) Tue, 27 Mar 2018 12:27:33 + rrdtool (1.7.0-1+b1) sid; urgency=low, binary-only=yes * Binary-only non-maintainer upload for armhf; no source changes. * Rebuild without ruby2.3 support. -- armhf / armel Build Daemon (hoiby)Wed, 28 Mar 2018 08:13:09 + As a result, when building rrdtool +b1 on arm64 [1] we have: SOURCE_DATE_EPOCH="1522153653" while on armhf [2] we have: SOURCE_DATE_EPOCH="154789" This causes the packages librrds-perl - that uses pod2man - to get /usr/share/ man/man3/RRDs.3pm.gz having different files on different architectures: On amd64 architecture: .TH RRDs 3pm "2018-03-27" "perl v5.26.1" "User Contributed Perl Documentation" On armhf architecture: .TH RRDs 3pm "2018-03-28" "perl v5.26.1" "User Contributed Perl Documentation" This in turn results in the package no longer being Multi-arch:same after the bin-nmus, as reported by Since a bin-nmu can occur for a single architecture, I believe the best course of action would be to change dpkg-buildpackage behavior to keep previous SOURCE_DATE_EPOCH when building a bin-nmu'ed package. This could be achive by ignoring the entries in d/changelog that contain the "binary-only=yes" tag when setting SOURCE_DATE_EPOCH. Note that I did not test this solution. WB team input would be great at this point. Appologies for the severity. While multi-arch is not part of the policy (#749826), I guess it is used wildly-enough to justify this. Fell free to adjust, obviously. See also https://lists.debian.org/debian-wb-team/2018/03/msg00040.html [1] https://buildd.debian.org/status/fetch.php? pkg=rrdtool=arm64=1.7.0-1%2Bb1=1522153882=0 [2] https://buildd.debian.org/status/fetch.php? pkg=rrdtool=armhf=1.7.0-1%2Bb1=155293=0 signature.asc Description: This is a digitally signed message part.
Bug#885744: mdbtools-gmdb: Depends on libgnomeui
Control: tags -1 +help I'm unable to port gmdb to gtk-3. Mostly by lack of knowledge. If someone propose a patch, I can very probably push it upstream, that would be nice. My plan is to remove gmdb package and to package only the drivers and command line tools. Honestly, I boldly guess most people are using the gui to export the data to another free database system, and that can be accomplished using the command line. signature.asc Description: This is a digitally signed message part.
Bug#890466: Please giveback rrdtool + questions on vs92
Hello There was a weird issue during last compilation of rrdtool on m68k. Basically, isinf(1.0/sin(0.0)) returned false. Could we please retry the build, in order to rule out any transient failure. (Yes, it sounds stupid, but in my experience, this things happen ...) gb rrdtool_1.7.0-1 . m68k If the error is confirmed, it may come from a bug in gcc or in the emulator. See https://bugs.debian.org/890466 Do you know whether vs92 builder is a native m68k processor, or an emulator, and if so wich emulator? Or could you point me to where I can get that information? Thanks! signature.asc Description: This is a digitally signed message part.
Bug#888495: check_haproxy_stats: Please change default location admin sock
Control: tags -1 +patch Trivial patch attached Description: Change haproxy default socket to match debian haproxy haproxy enables admin socket at /var/run/haproxy/admin.sock by default since 1.5~dev24-2. . This fixes the default location to work out of the box. Bug-Debian: https://bugs.debian.org/888495 Forwarded: not-needed Author: Jean-Michel Vourgère <nir...@debian.org> Last-Update: 2018-02-14 --- a/check_haproxy_stats/check_haproxy_stats.pl +++ b/check_haproxy_stats/check_haproxy_stats.pl @@ -57,7 +57,7 @@ in list. -s, --sock, --socket -Use named UNIX socket instead of default (/var/run/haproxy.sock) +Use named UNIX socket instead of default (/var/run/haproxy/admin.sock) -w, --warning Set warning threshold for sessions number to the specified percentage (see -c) @@ -114,7 +114,7 @@ # Defaults my $swarn = 80.0; my $scrit = 90.0; -my $sock = "/var/run/haproxy.sock"; +my $sock = "/var/run/haproxy/admin.sock"; my $dump; my $proxy; my $help; signature.asc Description: This is a digitally signed message part.
Bug#890286: rrdcached: "gmetad RRD_update [...] rrdcached: Permission denied" if limited socket specified first
Hi Chad Thank you for your detailed report. Before I dig more into it, can you double check there is no other instance of rrdcached running, and using the same socket location? I think rrdcached was disabled by default on jessie, and was enabled by default on stretch. And since you are using the default rrdcached socket location /var/run/rrdcached.sock there might be a conflict there. signature.asc Description: This is a digitally signed message part.
Bug#889883: dh-lua: Please disable --silent in libtool calls
Package: dh-lua Version: 24 Severity: wishlist Tag: patch Hello Enrico My rrdtool package uses dh-lua. I get a bunch of compiler-flags-hidden warnings in build log scanner [1], from package blhc. If you don't mind too much the extra verbosity, please consider removing --silent from the libtool calls. Having complete build logs help detecting hazardous compilation options, globaly. FYI, #628515 talks about setting this conditionally, but this is just a proposal at the moment, as far as I know. Patch attached. Cheers [1] https://qa.debian.org/bls/packages/r/rrdtool.html --- /usr/share/dh-lua/make/dh-lua.Makefile.single.orig 2018-02-08 09:38:33.240629090 + +++ /usr/share/dh-lua/make/dh-lua.Makefile.single 2018-02-08 09:38:42.776798990 + @@ -44,7 +44,7 @@ LUA=lua$(LUA_VERSION) C_TEST_FILE=$(DH_LUA_SUPPORT_FILES)test/$(LUA_VERSION)/app.c PREFIX=$(DESTDIR)/usr/ -LBTL=libtool --silent --tag=CC +LBTL=libtool --tag=CC ifeq "$(LUA_SOURCES_MANGLER)" "" LUA_SOURCES_MANGLER:=cat endif signature.asc Description: This is a digitally signed message part.
Bug#886181: rrdtool: Please switch to automatic dbgsym package
Control: severity -1 wishlist Hello Jeremy On Tuesday, 2 January 2018 16:35:32 CET you wrote: > Please drop the -dbg package and use an automatic dbgsym packge instead. > https://wiki.debian.org/AutomaticDebugPackages Right now, the rrdtool contains more than the debug symbols, it also contains rrdtool.x86_64-linux-gnu_d.so and similar [1], which are the python debug version of the .so. This file is generated automatically by the helpers, like in many python native libraries. What do you think should be done with that file? Should we move it to its own python-rrdtool-dbg? And python3-rrdtool-dbg? And it would generate packages python-rrdtool-dbg-dbgsym and so on... This looks like a bad idea, doesn't it? Unless maybe you know a trick to disable the automatic choice of the files in a -dbgsym package so that this file is included there? I'm not even sure this is the appropriate thing to do... [1] https://packages.debian.org/sid/amd64/rrdtool-dbg/filelist signature.asc Description: This is a digitally signed message part.
Bug#888495: check_haproxy_stats: Please change default location admin sock
Package: nagios-plugins-contrib Version: 21.20170222 Severity: minor Dear Maintainer, Running /usr/lib/nagios/plugins/check_haproxy_stats returns: > Unable to connect to haproxy socket: connect: No such file or directory at > /usr/lib/nagios/plugins/check_haproxy_stats line 144. /usr/lib/nagios/plugins/check_haproxy_stats --help says: > -s, --sock, --socket > Use named UNIX socket instead of default (/var/run/haproxy.sock) /usr/lib/nagios/plugins/check_haproxy_stats -s /var/run/haproxy/admin.sock runs ok. Please change default socket location to match debian default. See haproxy (1.5~dev24-2) changelog at http://metadata.ftp-master.debian.org/changelogs/main/h/haproxy/unstable_changelog and commit at https://anonscm.debian.org/cgit/pkg-haproxy/haproxy.git/commit/?id=8b77d5e324bb11466a3e10cd4885234f9cbf8a61 Thank you! -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) nagios-plugins-contrib depends on no packages. Versions of packages nagios-plugins-contrib recommends: ii bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u4 ii binutils 2.28-5 pn freeipmi-tools ii libc6 2.24-11+deb9u1 pn libdata-validate-domain-perl pn libdata-validate-ip-perl pn libdate-manip-perl pn libdbd-mysql-perl ii libio-socket-ssl-perl 2.044-1 ii libipc-run-perl0.94-1 ii liblocale-gettext-perl 1.07-3+b1 pn liblwp-useragent-determined-perl pn libmail-imapclient-perl pn libmemcached11 pn libmemcachedutil2 pn libmonitoring-plugin-perl | libnagios-plugin- pn libnet-cups-perl ii libnet-dns-perl1.07-1 pn libnet-dns-sec-perl ii libnet-smtp-ssl-perl 1.04-1 pn libnet-smtp-tls-perl pn libnet-smtpauth-perl pn libnet-snmp-perl ii libnet-ssleay-perl 1.80-1 pn libreadonly-perl pn libredis-perl ii libtimedate-perl 2.3000-2 pn libvarnishapi1 pn libwebinject-perl pn libxml-simple-perl pn libyaml-syck-perl ii lsof 4.89+dfsg-0.1 pn nagios-plugins-basic ii openssl1.1.0f-3+deb9u1 ii perl 5.24.1-3+deb9u2 ii perl-base [libsocket-perl] 5.24.1-3+deb9u2 ii python 2.7.13-2 pn python-pymongo pn ruby | ruby-interpreter pn snmp ii whois 5.2.17~deb9u1 Versions of packages nagios-plugins-contrib suggests: pn backuppc pn cciss-vol-status pn expect pn libsys-virt-perl ii moreutils 0.60-1 pn mpt-status pn nagios-plugin-check-multi pn percona-toolkit pn perl-doc ii python2.7 2.7.13-2+deb9u2 pn smstools
Bug#883912: lxc-create(1) incorrectly says default fstype is ext4
Package: lxc Version: 1:2.0.7-2 Severity: minor Dear Maintainer, man lxc-create says: > --fstype FSTYPE will create an FSTYPE filesystem on the LV, rather than the > default, which is ext4. However, when a container is created with lvm without the --fstype option it gets an ext3 partition. In src/lxc/bdev/lxclvm.c, in lvm_create: > fstype = specs->fstype; > if (!fstype) > fstype = DEFAULT_FSTYPE; In src/lxc/bdev/bdev.h: > #define DEFAULT_FSTYPE "ext3" I expected the manual to say the default is ext3, not ext4. Cheers -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages lxc depends on: ii init-system-helpers 1.48 ii libapparmor1 2.11.0-3 ii libc62.24-11+deb9u1 ii libcap2 1:2.25-1 ii libgnutls30 3.5.8-5+deb9u3 ii liblxc1 1:2.0.7-2 ii libseccomp2 2.3.1-2.1 ii libselinux1 2.6-3+b3 ii lsb-base 9.20161125 ii python3 3.5.3-1 ii python3-lxc 1:2.0.7-2 Versions of packages lxc recommends: ii bridge-utils 1.5-13+deb9u1 ii debootstrap 1.0.89 ii dirmngr 2.1.18-8~deb9u1 ii dnsmasq-base 2.76-5+deb9u1 ii gnupg 2.1.18-8~deb9u1 ii iptables 1.6.0+snapshot20161117-6 ii libpam-cgfs 2.0.7-1 ii lxcfs 2.0.7-1 ii openssl 1.1.0f-3+deb9u1 ii rsync 3.1.2-1 ii uidmap1:4.4-4.1 Versions of packages lxc suggests: pn apparmor pn btrfs-tools ii lvm2 2.02.168-2 -- no debconf information
Bug#881700: python-moinmoin: Apache2.4 requires .conf extension in sites-available
Package: python-moinmoin Version: 1.9.9-1 Severity: minor Dear Maintainer, In README.Debian, on line 34, it is suggested one create a file /etc/apache2/sites-available/mywiki. But this doesn't work since apache upgraded to 2.4. File needs to be named /etc/apache2/sites-available/mywiki.conf This is the only change. Note that "a2ensite mywiki" on line 57 is ok without the extension.
Bug#881043: needrestart: nagios plugin mode issues invalid output when non root
Package: needrestart Version: 2.11-3 Severity: normal Tags: patch Dear Maintainer, I tried running "needstart -p" from nagios-nrpe-server using command[check_restart]=/usr/sbin/needrestart -p My icinga dashbord then shows "UNKOWN NRPE: Unable to read output". I expected to read "UNKOWN - This plugin needs to be run as root!". Calling manually /usr/lib/nagios/plugins/check_nrpe -H targethost -c check_restart on the icinga server results in UNKOWN NRPE: Unable to read output Calling manually "/usr/sbin/needrestart -p" as nagios user on the targethost results in UNKN - This plugin needs to be run as root! being sent to STDERR and not to STDOUT. This is an NRPE protocol implementation error. The following patch fixes the issue: --- needrestart-2.11.orig/needrestart +++ needrestart-2.11/needrestart @@ -198,7 +198,7 @@ print STDERR "$LOGPREF needrestart v$Nee my $uid = $<; if($uid) { if($opt_p) { - print STDERR "UNKN - This plugin needs to be run as root!\n"; + print "UNKN - This plugin needs to be run as root\n"; exit 3; } Thank you for taking care of needrestart. <3
Bug#869892: Using sysv, lxc-start fails while trying to create cgroup
On Saturday, 21 October 2017 17:08:42 CEST Evgeni Golov wrote: > Hi, > > On Fri, Oct 20, 2017 at 03:09:34PM +0200, Jean-Michel Vourgère wrote: > > > I guess in your case the systemd binary is installed (but not used as > > > init) and thus the dependency did not trigger? > > > > Exactly. cgroupfs-mount was not installed and installing it fixed my > > issue. > > > > Maybe the dependency could be adjusted? > > What about > > > > Depends: cgroupfs-mount | systemd-sysv > > > > ? > > > > When you install sysvinit-core, systemd-sysv gets removed. And vice-versa. > > my understanding (and I might be wrong) is that one should not use > sysvinit-core and systemd-sysv in Depends, but their sysvinit and > systemd as these are enough to use them as init (by calling > init=/lib/whatver). > > on the other hand, cgroupfs-mount is a noop when systemd is init, so we > could just depend on it, uncoditionally. what do you think? That works for me. In my opinion, both init systems should provide a system in the same state. The issue is womewhat larger than lxc, and we should probably ask outside for a proper fix. But I fear there still is a lot of stress around, with the new default init system, and I am tired just thinking about geting into that topic again... :( signature.asc Description: This is a digitally signed message part.
Bug#869892: Using sysv, lxc-start fails while trying to create cgroup
> > I finally had it working by adding > > "cgroup /sys/fs/cgroup cgroup defaults 0 0" > > to my /etc/fstab > > > > A little note in /usr/share/doc or elsewhere would be nice. > > This is why liblxc1 has a "Depends: cgroupfs-mount | systemd", as > cgroupfs-mount should be used to mount cgroupfs on non-systemd systems. > (I say should, as it is perfectly fine to do it otherwise, just > cgroupfs-mount is what we have tested). > > I guess in your case the systemd binary is installed (but not used as > init) and thus the dependency did not trigger? Exactly. cgroupfs-mount was not installed and installing it fixed my issue. Maybe the dependency could be adjusted? What about Depends: cgroupfs-mount | systemd-sysv ? When you install sysvinit-core, systemd-sysv gets removed. And vice-versa. signature.asc Description: This is a digitally signed message part.
Bug#758557: network-manager: not authorized to control networking
I had a simmilar issue. I'm using sysvinit-core since systemd no longer supports rcS scripts like my firewall. I fixed the issue by removing > none /sys/fs/cgroup cgroup defaults 0 0 from my /etc/fstab, that I had to add in the first place for lxc to work. Here, this means that lxc doesn't work anymore when I can edit connections; and that I can't edit connections when I reactivate the line to use lxc... signature.asc Description: This is a digitally signed message part.
Bug#879111: ddclient: nsupdate sends A records when using ipv6 addresses
Package: ddclient Version: 3.8.3-1.1 Severity: normal Dear Maintainer, I'm using a config file like this: --- 8< --- usev6=if, if=tunipred protocol=nsupdate server=dnsmaster.nirgal.com password=/root/dyndns/Kdynamic.test.+163+31401.key zone=dyn.nirgal.com ttl=60 test.dyn.nirgal.com --- 8< --- But this fails with this message: --- 8< --- DEBUG:get_ip: using if, tunipred reports 2001:123:456:789::1 INFO: forcing updating test.dyn.nirgal.com because no cached entry exists. DEBUG: DEBUG: nic_nsupdate_update --- INFO: setting IP address to 2001:123:456:789::1 for test.dyn.nirgal.com UPDATE: updating test.dyn.nirgal.com UPDATE: nsupdate command is: /usr/bin/nsupdate -k /root/dyndns/Kdynamic.test.+163+31401.key -d UPDATE: nsupdate instructions are: UPDATE:server dnsmaster.nirgal.com UPDATE:zone dyn.nirgal.com. UPDATE:update delete test.dyn.nirgal.com. A UPDATE:update add test.dyn.nirgal.com. 60 A 2001:123:456:789::1 UPDATE:send Creating key... 19-Oct-2017 16:55:37.705 dns_rdata_fromtext: buffer-0x7fa7ab69a590:1: near '2001:123:456:789::1': bad dotted quad invalid rdata format: bad dotted quad syntax error ddclient: failed closing | /usr/bin/nsupdate -k /root/dyndns/Kdynamic.test.+163+31401.key -d.() FAILED: updating test.dyn.nirgal.com --- 8< --- The commands are wrongs because ipv6 requieres records and not A records. If I change A by in /usr/sbin/ddclient on lines 4062 and 4063, the program now works correctly for IPv6 (but obviously it is then broken for IPv4). --- /usr/sbin/ddclient 2017-10-19 16:55:25.896653060 +0200 +++ /usr/sbin/ddclient6 2017-10-19 17:02:50.108664579 +0200 @@ -4059,8 +4059,8 @@ EoINSTR1 foreach (@hosts) { $instructions .= <
Bug#878752: smartmontools: Missing file /usr/share/docs/smartmontools/WARNINGS
Package: smartmontools Version: 6.5+svn4324-1 Severity: minor Dear Maintainer, File /usr/share/doc/smartmontools/README.Debian says: " Please read the file WARNINGS in this directory. " Either the file is missing or the README.Debian should be udated. Thank you for taking care of smart. :) -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages smartmontools depends on: ii debianutils 4.8.1.1 ii init-system-helpers 1.48 ii libc62.24-11+deb9u1 ii libcap-ng0 0.7.7-3+b1 ii libgcc1 1:6.3.0-18 ii libselinux1 2.6-3+b3 ii libstdc++6 6.3.0-18 ii lsb-base 9.20161125 Versions of packages smartmontools recommends: ii mailutils [mailx] 1:3.1.1-1 Versions of packages smartmontools suggests: pn gsmartcontrol pn smart-notifier -- Configuration Files: /etc/default/smartmontools changed: start_smartd=yes -- no debconf information
Bug#875686: history.cgi misses jquery.min.js
Package: icinga2-classicui Version: 2.6.0-2 Severity: normal Hello In the "Host Alert History" pages, the html contains an include on /icinga2- classicui/jquery/jquery.min.js that returns a 404. May be this is why the "Select a day ..." link doesn't work. If I press the "Earlier Archive" link, I can go back day by day. To reproduce, I click on a host detail, then I follow the "View Alert History For This Host" for that host. Maybe an Alias misses on /usr/share/javascript/jquery/ from libjs-jquery ? Cheers
Bug#870628: Please warn about slow starts on USB
I'm using a USB3.1 stick, according to its marking. And its connector is blue. Attached is a "lsusb -v" output, with the stick plugged in. I boot from the "Transcend Information, Inc. JetFlash" device, that looks like it's connected to a usb2 there. I'm mistaken, ain't I? The target computer has a mix of usb1 and usb2 ports.Bus 008 Device 004: ID 8564:1000 Transcend Information, Inc. JetFlash Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 007 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 002: ID 413c:2003 Dell Computer Corp. Keyboard Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 002: ID 03f0:0c4a Hewlett-Packard Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 008 Device 004: ID 8564:1000 Transcend Information, Inc. JetFlash Device Descriptor: bLength18 bDescriptorType 1 bcdUSB 2.10 bDeviceClass0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize064 idVendor 0x8564 Transcend Information, Inc. idProduct 0x1000 JetFlash bcdDevice 11.00 iManufacturer 1 JetFlash iProduct2 Mass Storage Device iSerial 3 25W462G5CWFKZRK5 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 32 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0x80 (Bus Powered) MaxPower 300mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber0 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 8 Mass Storage bInterfaceSubClass 6 SCSI bInterfaceProtocol 80 Bulk-Only iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes2 Transfer TypeBulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes2 Transfer TypeBulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Binary Object Store Descriptor: bLength 5 bDescriptorType15 wTotalLength 22 bNumDeviceCaps 2 USB 2.0 Extension Device Capability: bLength 7 bDescriptorType16 bDevCapabilityType 2 bmAttributes 0x0002 Link Power Management (LPM) Supported SuperSpeed USB Device Capability: bLength10 bDescriptorType16 bDevCapabilityType 3 bmAttributes 0x00 wSpeedsSupported 0x000c Device can operate at High Speed (480Mbps) Device can operate at SuperSpeed (5Gbps) bFunctionalitySupport 2 Lowest fully-functional device speed is High Speed (480Mbps) bU1DevExitLat 4 micro seconds bU2DevExitLat 4 micro seconds Device Status: 0x (Bus Powered) Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Device Descriptor: bLength18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass9 Hub bDeviceSubClass 0 Unused bDeviceProtocol 0 Full speed (or root) hub bMaxPacketSize064 idVendor 0x1d6b Linux Foundation idProduct 0x0002 2.0 root hub bcdDevice4.09 iManufacturer 3 Linux 4.9.0-3-amd64 ehci_hcd iProduct2 EHCI Host Controller iSerial 1 :00:1d.7 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 25 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xe0 Self Powered Remote Wakeup MaxPower0mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 9 Hub
Bug#870628: Please warn about slow starts on USB
Package: installation-guide-amd64 Severity: normal Hello I recently installed form scratch a Stretch to an old computer using an USB stick. The "boot menu" show and I hit enter for "Graphical Install". And then I though it crashed. Twice. The keys don't make the menu move. Caps lock key doesn't work. It actually took 2'10" to show next menu "Select a language". I believe section "5.1.1 Booting from USB Memory Stick" should warn about possible big delays.
Bug#770171: sshd jail fails when system solely relies on systemd journal for logging
For people looking for an easy work around: apt-get install rsyslog will ensure sshd is logged as usual.
Bug#869892: Using sysv, lxc-start fails while trying to create cgroup
I finally had it working by adding "cgroup /sys/fs/cgroup cgroup defaults 0 0" to my /etc/fstab A little note in /usr/share/doc or elsewhere would be nice.
Bug#869892: Using sysv, lxc-start fails while trying to create cgroup
Package: lxc Version: 1:2.0.7-2 Severity: normal Dear Maintainer, When trying to start a container, I get these errors: # lxc-start -n test -F lxc-start: cgroups/cgfs.c: lxc_cgroupfs_create: 901 Could not find writable mount point for cgroup hierarchy 11 while trying to create cgroup. lxc-start: cgroups/cgfs.c: cgroup_rmdir: 209 Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice/user-0.slice/session-1.scope lxc-start: cgroups/cgfs.c: cgroup_rmdir: 209 Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice/user-0.slice lxc-start: cgroups/cgfs.c: cgroup_rmdir: 209 Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice lxc-start: cgroups/cgfs.c: cgroup_rmdir: 209 Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd/ lxc-start: start.c: lxc_spawn: 1108 Failed creating cgroups. lxc-start: start.c: __lxc_start: 1346 Failed to spawn container "test". lxc-start: tools/lxc_start.c: main: 366 The container failed to start. lxc-start: tools/lxc_start.c: main: 370 Additional information can be obtained by setting the --logfile and --logpriority options. If I enable systemd, lxc starts working. But then I have issues with other software, so I don't want to do that. Attached are my mounts, since I have the feeling this is related. Do I need some special systemd related cgroups for lxc, now? A few pointers in the documentation would be nice. :) -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages lxc depends on: ii init-system-helpers 1.48 ii libapparmor1 2.11.0-3 ii libc62.24-11+deb9u1 ii libcap2 1:2.25-1 ii libgnutls30 3.5.8-5+deb9u2 ii liblxc1 1:2.0.7-2 ii libseccomp2 2.3.1-2.1 ii libselinux1 2.6-3+b1 ii lsb-base 9.20161125 ii python3 3.5.3-1 ii python3-lxc 1:2.0.7-2 Versions of packages lxc recommends: ii bridge-utils 1.5-13 ii debootstrap 1.0.89 ii dirmngr 2.1.18-6 ii dnsmasq-base 2.76-5+b1 ii gnupg 2.1.18-6 ii iptables 1.6.0+snapshot20161117-6 ii libpam-cgfs 2.0.7-1 ii lxcfs 2.0.7-1 ii openssl 1.1.0f-3 ii rsync 3.1.2-1 ii uidmap1:4.4-4.1 Versions of packages lxc suggests: pn apparmor pn btrfs-tools ii lvm2 2.02.168-2 -- no debconf information sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,relatime,size=882696k,nr_inodes=220674,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=179012k,nr_inodes=223761,mode=755) /dev/mapper/debian_vg-debug--disk on / type ext4 (rw,relatime,errors=remount-ro,data=ordered) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,nr_inodes=223761) pstore on /sys/fs/pstore type pstore (rw,relatime) tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=358000k,nr_inodes=223761) /dev/sda1 on /boot type ext4 (rw,relatime,data=ordered) rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime) cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,size=12k,nr_inodes=223761,mode=755) lxcfs on /var/lib/lxcfs type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other) xenfs on /proc/xen type xenfs (rw,relatime) systemd on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/run/cgmanager/agents/cgm-release-agent.systemd,name=systemd) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=138716k,nr_inodes=173398,mode=700) lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_create:901 - Could not find writable mount point for cgroup hierarchy 11 while trying to create cgroup. lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice/user-0.slice/session-5.scope lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice/user-0.slice lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd//user.slice lxc-start 20170727110253.578 ERRORlxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Device or resource busy - cgroup_rmdir: failed to delete
Bug#845232: Error on Jessie installation
Control: retitle -1 Enabling AppArmor is not documented Control: tag -1 - unreproducible Control: severity -1 minor On Tuesday 04 July 2017 09:36:44 intrigeri wrote: > Ping? Ops, sorry for the delay. AppArmor was indeed not enabled. I was unable to find any kind of documentation in Jessie about how this works. So basically, the package is useless unless you download the source or go to the internet. I expected to see a copy of https://wiki.debian.org/AppArmor/HowToUse or at least some of it like the section "Enable AppArmor" and possibly others in /u/s/doc/ I downgraded the severity to minor. Fell free to downgrade further.
Bug#862663: amavis shoud suggest unrar-free instead of unrar
Package: amavisd-new Version: 1:2.10.1-4 Severity: minor Dear maintainer, amavis currently suggest installation on unrar, which is unavailable in Debian. On startup, log file says: "No ext program for .rar, tried: unrar-free" which seems to indicate that unrar-free is supported. It should be added in the dependencies as a suggests:, possibly replacing unrar, or at least as an alternative. Thank you for taking care of amavis Cheers -- System Information: Debian Release: 8.8 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#860088: Please improve --numeric-owner documentation
Package: tar Version: 1.27.1-2+deb8u1 Severity: wishlist Dear maintainer tar manual says about --numeric-owner: "always use numbers for user/group names" I find this difficult to understand. Is that option usefull for both archiving and extracting? If the option is not used, on archiving, are both uid and login name stored in the tar file? I'll find the information somehow. But I believe it should be part of the manual. At least a line, please. Thank you for taking care of tar :) -- System Information: Debian Release: 8.7 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages tar depends on: ii libacl1 2.2.52-2 ii libc62.19-18+deb8u7 ii libselinux1 2.3-2 tar recommends no packages. Versions of packages tar suggests: ii bzip21.0.6-7+b3 pn ncompress pn tar-scripts ii xz-utils 5.1.1alpha+20120614-2+b3 -- debconf-show failed
Bug#852422: Please stop yelling about deprecation
Package: duplicity Version: 0.6.24-1 Severity: normal Hello I run Jessie. Since I updated python-crypto to 2.6.1-5+deb8u1 [1] duplicity prints warnings every time it runs. Like most user, I suppose, I run from cron. This means I now receive a daily spam with: /usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py:141: FutureWarning: CTR mode needs counter parameter, not IV self._cipher = factory.new(key, *args, **kwargs) I expected program used normally not to emit deprecation warnings. [1] https://tracker.debian.org/media/packages/p/python-crypto/changelog-2.6.1-5%2Bdeb8u1 -- System Information: Debian Release: 8.7 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages duplicity depends on: ii libc62.19-18+deb8u7 ii librsync10.9.7-10 ii python 2.7.9-1 ii python-lockfile 1:0.8-2 Versions of packages duplicity recommends: ii python-oauthlib 0.6.3-1 ii python-paramiko 1.15.1-1 ii python-urllib3 1.9.1-3 ii rsync3.1.1-3 Versions of packages duplicity suggests: pn lftp pn ncftp pn python-boto pn python-cloudfiles pn python-gdata pn python-swiftclient pn tahoe-lafs
Bug#845232: Error on Jessie installation
Package: apparmor Version: 2.9.0-3 Severity: normal When installing AppArmor on Jessie, on gets: Preconfiguring packages ... Selecting previously unselected package libapparmor1:amd64. (Reading database ... 420149 files and directories currently installed.) Preparing to unpack .../libapparmor1_2.9.0-3_amd64.deb ... Unpacking libapparmor1:amd64 (2.9.0-3) ... Selecting previously unselected package libapparmor-perl. Preparing to unpack .../libapparmor-perl_2.9.0-3_amd64.deb ... Unpacking libapparmor-perl (2.9.0-3) ... Selecting previously unselected package apparmor. Preparing to unpack .../apparmor_2.9.0-3_amd64.deb ... Unpacking apparmor (2.9.0-3) ... Processing triggers for man-db (2.7.0.2-5) ... Processing triggers for systemd (215-17+deb8u5) ... Setting up libapparmor1:amd64 (2.9.0-3) ... Setting up libapparmor-perl (2.9.0-3) ... Setting up apparmor (2.9.0-3) ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults [] Starting AppArmor profiles:[] Mounting securityfs on /sys/kernel/security...[info] Insufficient privileges to change profiles.. failed! invoke-rc.d: initscript apparmor, action "start" failed. Processing triggers for libc-bin (2.19-18+deb8u6) ... Processing triggers for systemd (215-17+deb8u5) ... Press Return to continue. I expected not to have warning about "Insufficient privileges", and I expected action "start" to succeed, obviously. ^^ -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages apparmor depends on: ii debconf [debconf-2.0] 1.5.56 ii initramfs-tools0.120+deb8u2 ii libapparmor-perl 2.9.0-3 ii libc6 2.19-18+deb8u6 ii lsb-base 4.1+Debian13+nmu1 ii python33.4.2-2 apparmor recommends no packages. Versions of packages apparmor suggests: pn apparmor-docs pn apparmor-profiles pn apparmor-profiles-extra pn apparmor-utils -- debconf-show failed
Bug#837428: Re: jessie-pu: package libphp-adodb/5.15-1
Control: tags -1 - moreinfo Control: retitle -1 jessie-pu: package libphp-adodb/5.15-1+deb8u1 On Monday 31 October 2016 21:48:15 Adam D. Barratt wrote: > (...) an upload to jessie needs to be built in a _jessie_ environment. Ok. Will do. > +libphp-adodb (5.15-1+deb8u1) jessie; urgency=medium > + > + * Upload to jessie. > + > + -- Jean-Michel Vourgère <nir...@debian.org> Sun, 11 Sep 2016 16:13:54 > +0200 + > +libphp-adodb (5.15-1+deb7u1) wheezy; urgency=medium > + > + * Cherry pick of upstream patches: > +- d/patch/pdo-qstr-sql-injection. Closes: #837211 > +- d/patch/cve-2016-4855. Closes: #837418 > > That's an unusual way of forming the changelog. Why not simply a 5.15-1 > +deb8u1 stanza listing the changes, on top of 5.15-1? In fact, given > that the +deb7u1 stanza doesn't match what actually got uploaded to > wheezy-security, please drop it. Ok. Here's a new debdiff. Please note that #837211 finally got its own CVE number. Is that ok to upload, now, please?diff -Nru libphp-adodb-5.15/debian/changelog libphp-adodb-5.15/debian/changelog --- libphp-adodb-5.15/debian/changelog 2012-02-27 04:43:29.0 +0100 +++ libphp-adodb-5.15/debian/changelog 2016-11-07 16:28:04.0 +0100 @@ -1,3 +1,11 @@ +libphp-adodb (5.15-1+deb8u1) jessie; urgency=high + + * Cherry pick of upstream patches: +- d/patch/cve-2016-7405. Closes: #837211 +- d/patch/cve-2016-4855. Closes: #837418 + + -- Jean-Michel Vourgère <nir...@debian.org> Mon, 07 Nov 2016 16:26:52 +0100 + libphp-adodb (5.15-1) unstable; urgency=low * New upstream release diff -Nru libphp-adodb-5.15/debian/patches/cve-2016-4855 libphp-adodb-5.15/debian/patches/cve-2016-4855 --- libphp-adodb-5.15/debian/patches/cve-2016-4855 1970-01-01 01:00:00.0 +0100 +++ libphp-adodb-5.15/debian/patches/cve-2016-4855 2016-11-07 16:09:04.0 +0100 @@ -0,0 +1,36 @@ +Description: CVE-2016-4855: XSS vulnerability in old test script + This issue was reported by JPCERT Coordination Center (JPCERT/CC) with + reference JVN#48237713. + . + The root cause is a foreach loop processing all GET parameters and + blindly assigning them to variables, allowing an attacker to + replace contents of global variables. + . + This limits variable processing using a regex matching those used in + testdatabases.inc.php (i.e. beginning with 'test' or 'no'). + . + Debian is not dirrectly affected by this, since test.php is only + shipped in /usr/share/doc/libphp-adodb/examples/. +Author: Damien Regad <dre...@mantisbt.org> +Origin: upstream, https://github.com/ADOdb/ADOdb/commit/ecb93d8c1 +Bug: https://github.com/ADOdb/ADOdb/issues/274 +Bug-Debian: https://bugs.debian.org/837418 +Reviewed-By: Jean-Michel Vourgère <nir...@debian.org> +Last-Update: 2016-10-11 + +--- libphp-adodb-5.12.orig/tests/test.php libphp-adodb-5.12/tests/test.php +@@ -1714,8 +1714,11 @@ if (sizeof($_GET) == 0) $testmysql = tru + + + foreach($_GET as $k=>$v) { +- //global $$k; +- $$k = $v; ++ // XSS protection (see Github issue #274) - only set variables for ++ // expected get parameters used in testdatabases.inc.php ++ if(preg_match('/^(test|no)\w+$/', $k)) { ++ $$k = $v; ++ } + } + + ?> diff -Nru libphp-adodb-5.15/debian/patches/cve-2016-7405 libphp-adodb-5.15/debian/patches/cve-2016-7405 --- libphp-adodb-5.15/debian/patches/cve-2016-7405 1970-01-01 01:00:00.0 +0100 +++ libphp-adodb-5.15/debian/patches/cve-2016-7405 2016-11-07 16:09:04.0 +0100 @@ -0,0 +1,49 @@ +Description: PDO: fix incorrect quoting allowing SQL injection + The PDO driver was relying on ADOConnection::qstr() for quoting strings. + An application relying on qstr() to manually prepare SQL statements + rather than using parameterized queries may be vulnerable to SQL + injection attacks, as demonstrated by @jdavidlists. + . + This commit delegates string quoting to PDO::quote() when a connection + is available. If not, it simply replaces single quotes by the value of + $replaceQuote property. +Author: Damien Regad <dre...@mantisbt.org> +Origin: upstream, https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 +Bug: https://github.com/ADOdb/ADOdb/issues/226 +Bug-Debian: https://bugs.debian.org/837211 +Reviewed-By: Jean-Michel Vourgère <nir...@debian.org> +Last-Update: 2016-09-10 + +--- libphp-adodb-5.20.6.orig/drivers/adodb-pdo.inc.php libphp-adodb-5.20.6/drivers/adodb-pdo.inc.php +@@ -518,6 +518,30 @@ class ADODB_pdo extends ADOConnection { + { + return ($this->_connectionID) ? $this->_connectionID->lastInsertId() : 0; + } ++ ++ /** ++ * Quotes a string to be sent to the database. ++ * If we have an active connection, delegates quoting to the underlying ++ * PDO object. Otherwise, replace "'" by the value of $replaceQuote (same ++ * behavior as mysqli driver) ++ * @param string $sThe string to quote ++ * @param boolean $magic_quotes
Bug#839732: example reports "error: no such option: --cleanup"
Package: duplicity Version: 0.6.24-1 Severity: minor Tags: patch Hi When playing with debian/examples/system-backup file, one get this: duplicity: error: no such option: --cleanup The fix is trivial: --- debian/examples/system-backup 2016-10-04 10:19:52.121567637 + +++ debian/examples/system-backup 2016-10-04 10:24:18.315599406 + @@ -93,7 +93,7 @@ fi # Delete files related to failed backups -PASSPHRASE=$GPG_PASSWORD duplicity --cleanup --verbosity 1 --sftp-command "$SFTP" scp://$SSH_HOST/$HOSTNAME +PASSPHRASE=$GPG_PASSWORD duplicity cleanup --verbosity 1 --sftp-command "$SFTP" scp://$SSH_HOST/$HOSTNAME # Delete old expired backups PASSPHRASE=$GPG_PASSWORD duplicity --force --remove-older-than $OLDAGE --verbosity 1 --sftp-command "$SFTP" scp://$SSH_HOST/$HOSTNAME Thanks :) -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages duplicity depends on: ii libc62.19-18+deb8u6 ii librsync10.9.7-10 ii python 2.7.9-1 ii python-lockfile 1:0.8-2 Versions of packages duplicity recommends: ii python-oauthlib 0.6.3-1 ii python-paramiko 1.15.1-1 ii python-urllib3 1.9.1-3 ii rsync3.1.1-3 Versions of packages duplicity suggests: pn lftp pn ncftp pn python-boto pn python-cloudfiles pn python-gdata pn python-swiftclient pn tahoe-lafs -- no debconf information
Bug#839712: Please add links in d/control
Control: retitle -1 Please move Homepage: in d/control Control: reopen -1 Hi It doesn't show in the PTS because the Homepage: field need to be in the source package, not in the binary one. Please consider moving it to the first paragraph, like most package do. Examples: https://packages.qa.debian.org/dump shows homepage in right links box https://packages.qa.debian.org/duplicity doesn't same thing for tracker.debian.org/pkg/duplicity This is not a policy requirement, it's just the way tools work... There is only one Homepage per orig.tar (source). Fell free to re-close the report if you like, I won't reopen it twice. Thank you for taking care of duplicity :* On Tuesday 04 October 2016 19:09:44 you wrote: > On Tue, 04 Oct 2016 11:03:12 +0200, Jean-Michel Vourgère writes: > >Could you please add to d/control > >Homepage: http://duplicity.nongnu.org/ > >or similar URI. > > this has been present since just about forever. > > >Also, it would be nice to have Vcs-*: fields if you are using a git or > >similar tool for packaging. > > no vcs is used. > > regards > az signature.asc Description: This is a digitally signed message part.
Bug#839712: Please add links in d/control
Package: duplicity Version: 0.6.24-1 Severity: wishlist Hi Could you please add to d/control Homepage: http://duplicity.nongnu.org/ or similar URI. Also, it would be nice to have Vcs-*: fields if you are using a git or similar tool for packaging. Thanks :) -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages duplicity depends on: ii libc62.19-18+deb8u6 ii librsync10.9.7-10 ii python 2.7.9-1 ii python-lockfile 1:0.8-2 Versions of packages duplicity recommends: ii python-oauthlib 0.6.3-1 ii python-paramiko 1.15.1-1 ii python-urllib3 1.9.1-3 ii rsync3.1.1-3 Versions of packages duplicity suggests: pn lftp pn ncftp pn python-boto pn python-cloudfiles pn python-gdata pn python-swiftclient pn tahoe-lafs -- no debconf information
Bug#826930: Default browser changed to chromium after iceweasel->firefox migration
Mike Hommey wrote: > When clicking on a link in what application? GNOME? KDE? using what > settings? That was liferea configured with default settings: "Use x-www-browser". Sorry about the fuzziness. I am using xfce. >> Here's the result of "update-alternatives --config x-www-browser": >> There are 3 choices for the alternative x-www-browser (providing >> /usr/bin/x-www-browser). >> SelectionPath Priority Status >> >> * 0/usr/bin/iceweasel 70auto mode >> 1/usr/bin/chromium 40manual mode >> 2/usr/bin/firefox-esr 70manual mode >> 3/usr/bin/iceweasel 70manual mode >> >> I expected alternatives to be changed automatically. > >>From the output from update-alternatives, there is nothing wrong, > assuming the iceweasel package is still installed, and there is nothing > in your report that would explain why iceweasel is not being used. Iceweasel package is still there indeed. $ ls -l /usr/bin/iceweasel /usr/bin/iceweasel -> ../lib/firefox-esr/firefox-esr I could reproduce the bug with command line "x-www-browser". But now I can't anymore: x-www-browser does launch firefox ok. Looking at the alternatives, I see nothing wrong either. Fell free to close this report, as I am not able to reproduce this.
Bug#826930: Default browser changed to chromium after iceweasel->firefox migration
Package: firefox-esr Version: 45.2.0esr-1~deb8u1 Severity: normal Hi After upgrading to debian 8.5, iceweasel became rebranded into firefox. However, now, when I click on a link, chromium is starting. Here's the result of "update-alternatives --config x-www-browser": There are 3 choices for the alternative x-www-browser (providing /usr/bin/x-www-browser). SelectionPath Priority Status * 0/usr/bin/iceweasel 70auto mode 1/usr/bin/chromium 40manual mode 2/usr/bin/firefox-esr 70manual mode 3/usr/bin/iceweasel 70manual mode I expected alternatives to be changed automatically. Thanks -- Addons package information ii firefox-esr45.2.0esr-1~ amd64Mozilla Firefox web browser - Ext ii xul-ext-adbloc 2.6.6+dfsg-1 all advertisement blocking extension ii xul-ext-certif 2.0.14-4 all Certificate Monitor for Iceweasel ii xul-ext-cookie 1.2.0-1 all manage cookies in a whitelist-bas ii xul-ext-firetr 0.5.3~rc1+df all system tray extension for Iceweas ii xul-ext-grease 2.2-2all customization of webpages with us ii xul-ext-https- 4.0.2-3 all extension to force the use of HTT ii xul-ext-https- 091-1all extension that detects valid HTTP ii xul-ext-liveht 0.17-3 all Adds information about the HTTP h ii xul-ext-toggle 1.8-1all status bar icon to toggle between ii xul-ext-uppity 1.5.8-3 all toolbar button to "go up" on the ii xul-ext-y-u-no 2013052401-2 all browser extension to make securit -- System Information: Debian Release: 8.5 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages firefox-esr depends on: ii debianutils 4.4+b1 ii fontconfig2.11.0-6.3 ii libasound21.0.28-1 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-18+deb8u4 ii libcairo2 1.14.0-2.1+deb8u1 ii libdbus-1-3 1.8.20-0+deb8u1 ii libdbus-glib-1-2 0.102-1 ii libevent-2.0-52.0.21-stable-2 ii libffi6 3.1-2+b2 ii libfontconfig12.11.0-6.3 ii libfreetype6 2.5.2-3+deb8u1 ii libgcc1 1:4.9.2-10 ii libgdk-pixbuf2.0-02.31.1-2+deb8u5 ii libglib2.0-0 2.42.1-1+b1 ii libgtk2.0-0 2.24.25-3+deb8u1 ii libhunspell-1.3-0 1.3.3-3 ii libpango-1.0-01.36.8-3 ii libsqlite3-0 3.8.7.1-1+deb8u1 ii libstartup-notification0 0.12-4 ii libstdc++64.9.2-10 ii libx11-6 2:1.6.2-3 ii libxcomposite11:0.4.4-1 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes31:5.0.1-2+b2 ii libxrender1 1:0.9.8-1+b1 ii libxt61:1.1.4-1+b1 ii procps2:3.3.9-9 ii zlib1g1:1.2.8.dfsg-2+b1 Versions of packages firefox-esr recommends: ii gstreamer1.0-libav 1:1.4.5-dmo1 ii gstreamer1.0-plugins-good 1.4.4-2 Versions of packages firefox-esr suggests: ii fonts-lmodern 2.004.4-5 ii fonts-stix [otf-stix] 1.1.1-1 ii libcanberra0 0.30-2.1 ii libgnomeui-0 2.24.5-3 ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2 pn mozplugger -- no debconf information
Bug#826630: ITA?
Hi > Would it be too much to ask to rebase your changes and push them to > the collab-maint repository? Unfortunately, your repository was based on git-import-dscs where all the history is lost. So I think you'd better merge your repo with mine rather than the opposite. Moreover, your repository doesn't have a pristine-tar and the git snapshot you made is not available upstream. I currently had no way to package was is on collab-maint. So I boldly moved collab-maint/sshfp.git to sshfp-maxy.git, pushed the QA I prepared yesterday before I discovered you started to work on the package months ago. The only interesting thing I saw was 876ca3d32be41c793a0f57fd91dd6adf5fb11fc4 "Refresh patches". You might want to keep that one. I just uploaded a QA. I apologize for the mess. julien's packages should have been orphaned when he lost his dd status back in 2014, sshfp should not have been orphaned since you still are active, collab-maint should have a fork of git://git.kirya.net/debian/sshfp and so no... This is quite frustrating. ... But the time I spent on these issues is just too much. I'm done. I do hope nevertheless that it will not prevent you from adopting the package. Remember to delete collab-maint/sshfp-maxy.git when it's no longer needed. -- Nirgal
Bug#826630: ITA?
Hi I just noticed that you set up a repository on collab-maint with an upstream git snapshot. https://anonscm.debian.org/cgit/collab-maint/sshfp.git/ Please retitle this bug indicating an ITA ( https://www.debian.org/devel/wnpp/ ), or I will publish the NMU I prepared today, that contain my 2013 & 2014 patches. This evening, I also made a bunch of changes for a QA upload, almost identical to those you did 2 months ago... A bit frustrating of course ^^
Bug#821514: PHP 7.0 Transition
Control: tags -1 - wontfix I believe wonfix is not the proper way to orphan a package. Patches exists for ubuntu.
Bug#825647: ocsinventory-server: prompting due to modified conffiles which were not modified by the user: /etc/apache2/conf-available/ocsinventory-server.conf
Mmm, actually, on squeeze, the password was generated randomly. :) Unforunatly, this means there is no easy way to detect whether the user changed the /etc file or not (It was not a conffile then).
Bug#825647: ocsinventory-server: prompting due to modified conffiles which were not modified by the user: /etc/apache2/conf-available/ocsinventory-server.conf
Here's a first diagnostic: When doing a squeeze => wheezy => jessie upgrade test, one gets: Setting up ocsinventory-server (2.0.5-1.3) ... Preserving your changes in /etc/apache2/conf-available/ocsinventory-server.conf Changing 'require "SOAP_USER"' by 'require user "SOAP_USER"' Backup is available in ocsinventory-server.conf.old apache2_invoke: Enable configuration ocsinventory-server When doing a wheezy => jessie upgrade test, one gets: = Setting up ocsinventory-server (2.0.5-1.3) ... apache2_invoke: Enable configuration ocsinventory-server The "preserving your change" is wrong and is the root of the problem. = = Diagnostic = Squeeze --- 1.02.2-1.1 postinst configure is quite complex. In unattended mode, it will generate a /etc/ocsinventory/ocsinventory.conf when it doesn't exists, using debconf, template /usr/share/ocsinventory-server/files/ocsinventory.conf and a bunch of sed commands. ( https://anonscm.debian.org/cgit/collab-maint/ocsinventory-server.git/tree/debian/ocsinventory-server.postinst?h=debian/1.02.2-1.1 ) The resulting /etc/ocsinventory/ocsinventory.conf file with 024b0d2e135eb4810e3ff1316ce1e3db (unfortunatly, I'm testing with xen and it looks like old squeeze is not longer supported by xen-tools. So I could only test 1.02.2-1.1 in wheezy. This hash should be double checked) Wheezy -- 2.0.5-1.1 /usr/share/ocsinventory-server/files/ocsinventory.conf => 024b0d2e135eb4810e3ff1316ce1e3db 2.0.5-1.1 postinst configure does: if [ ! -f /etc/ocsinventory/ocsinventory.conf ]; then cp /usr/share/ocsinventory-server/files/ocsinventory.conf /etc/ocsinventory/ocsinventory.conf fi Lenny - 2.0.5-1.3 postinst configure does: if [ $(md5sum /etc/ocsinventory/ocsinventory.conf | cut -d \ -f 1) = '024b0d2e135eb4810e3ff1316ce1e3db' ]; then # file unchanged since wheezy rm /etc/ocsinventory/ocsinventory.conf else echo Preserving your changes in /etc/apache2/conf-available/ocsinventory-server.conf mv /etc/ocsinventory/ocsinventory.conf /etc/apache2/conf-available/ocsinventory-server.conf echo "Changing 'require \"SOAP_USER\"' by 'require user \"SOAP_USER\"'" sed -i.old 's/require "SOAP_USER"/require user "SOAP_USER"/' /etc/apache2/conf-available/ocsinventory-server.conf echo Backup is available in ocsinventory-server.conf.old fi => Lenny postinst configure also discard postinst whose hash is 024b0d2e135eb4810e3ff1316ce1e3db .
Bug#823034: transition: rrdtool
Hi Last package using librrd4 is collectd. It should no longer FTBFS on most archs (bug #822397 was fixed in linux headers earlier this week). The binnmu should be given back. https://ftp-master.debian.org/cruft-report-daily.txt https://release.debian.org/transitions/html/auto-rrdtool.html https://buildd.debian.org/status/package.php?p=collectd
Bug#669856: iptotal: transition towards Apache 2.4
Control: tags -1 + patch Hello Ignace Attached is a patch for #669856 Also available at https://github.com/ghantoos/debian-iptotal/pull/1 (Beware postrm is removed and not emptied) Ping me if you need a sponsor. commit 728020da9537f720cefff974d1fcb2289faec362 Author: Jean-Michel Vourgère <nir...@debian.org> Date: Thu May 19 11:23:16 2016 +0200 Migate to apache2.4 (#669856) diff --git a/debian/README.debian b/debian/README.debian index 2968c93..c7ab309 100644 --- a/debian/README.debian +++ b/debian/README.debian @@ -1,11 +1,3 @@ -Using iptotal with Apache2: -An apache configuration file template is shipped with this package. In order to -use it, it should be symlinked inside apache2's configuration folder: - $ sudo ln -s /etc/iptotal/apache.conf /etc/apache2/conf.d/ -Then reload apache2 configuration: - $ sudo /etc/init.d/apache2 reload - Note concerning iptotal's data directory: - Some important changes have been applied to iptotal's data directory over the diff --git a/debian/apache.conf b/debian/apache.conf deleted file mode 100644 index 0fd7805..000 --- a/debian/apache.conf +++ /dev/null @@ -1,9 +0,0 @@ -Alias /iptotal /var/lib/iptotal/ - - -Options +FollowSymLinks -AllowOverride None -order allow,deny -allow from all -DirectoryIndex template.html - diff --git a/debian/control b/debian/control index fc81377..b8b635e 100644 --- a/debian/control +++ b/debian/control @@ -3,20 +3,25 @@ Section: admin Priority: extra Maintainer: Ignace Mouzannar <mouzan...@gmail.com> DM-Upload-Allowed: yes -Build-Depends: debhelper (>= 7.0.50~), libpcap-dev, rrdtool, autotools-dev (>=20100122.1) +Build-Depends: autotools-dev (>=20100122.1), + debhelper (>= 7.0.50~), + dh-apache2, + libpcap-dev, + rrdtool Standards-Version: 3.9.2 Homepage: http://sourceforge.net/projects/iptotal Package: iptotal Architecture: any -Depends: rrdtool, tcpdump, apache2 | httpd, ${shlibs:Depends}, ${misc:Depends} +Depends: rrdtool, tcpdump, ${misc:Depends}, ${shlibs:Depends} +Recommends: ${misc:Recommends} Description: monitor for IP traffic, not requiring SNMP iptotal is yet another IP traffic monitor. It listens to a network interface in non-promiscuous mode, and measures IP bandwidth usage. After the specified number of seconds, the average throughput is printed at total, input and output usage. - . + . The utility can be used to measure bandwidth usage without the need for an SNMP daemon. In combination with a simple script and rrdtool it can be used to present the measured data in graphical format e.g. through a web interface. - The package contains www + CGI sample files. + The package contains www + CGI sample files. diff --git a/debian/install b/debian/install index 2344372..47e35c7 100644 --- a/debian/install +++ b/debian/install @@ -1,3 +1,2 @@ -debian/apache.conf /etc/iptotal/ debian/iptotal/var/lib/iptotal/template.html /usr/share/iptotal/www/ debian/iptotal/var/lib/iptotal/images/ /usr/share/iptotal/www/ diff --git a/debian/iptotal.apache2 b/debian/iptotal.apache2 new file mode 100644 index 000..db3cf62 --- /dev/null +++ b/debian/iptotal.apache2 @@ -0,0 +1 @@ +conf debian/iptotal.conf diff --git a/debian/iptotal.conf b/debian/iptotal.conf new file mode 100644 index 000..4e2c0b8 --- /dev/null +++ b/debian/iptotal.conf @@ -0,0 +1,8 @@ +Alias /iptotal /var/lib/iptotal/ + + +Options +FollowSymLinks +AllowOverride None +Require all granted +DirectoryIndex template.html + diff --git a/debian/postinst b/debian/postinst index e382ae8..fb67bf7 100644 --- a/debian/postinst +++ b/debian/postinst @@ -47,7 +47,13 @@ case "$1" in done # change ownership to www-data - chown -R www-data:www-data /var/lib/iptotal/* +chown -R www-data:www-data /var/lib/iptotal/* + +# enable cgi +if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then +. /usr/share/apache2/apache2-maintscript-helper +apache2_invoke enmod cgi +fi ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/debian/postrm b/debian/postrm deleted file mode 100644 index 1719405..000 --- a/debian/postrm +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -set -e - -case "$1" in - purge|remove) - # reload apache2 configuration - invoke-rc.d apache2 reload - ;; - - upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 diff --git a/debian/rules b/debian/rules index dca67c1..68a0e33 100755 --- a/debian/rules +++ b/debian/rules @@ -1,7 +1,7 @@ #!/usr/bin/make -f %: - dh --with autotools_dev $@ + dh