from:"Mathieu Parent"

Bug#1024651: ruby-gpgme: FTBFS against libgpgme-dev >= 1.18.0-2

2022-11-23 Thread Mathieu Parent

I was hit by this, and created
https://github.com/ueno/ruby-gpgme/pull/166. Won't have much time on
this topic however.

Bug#1009428: gitlabracadabra: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p "3.9 3.10" returned exit code 13

2022-04-13 Thread Mathieu Parent

Control: tag -1 upstream
Control: forwarded -1
https://gitlab.com/gitlabracadabra/gitlabracadabra/-/merge_requests/240

On Tue, Apr 12, 2022 at 8:53 PM Lucas Nussbaum  wrote:
>
> Source: gitlabracadabra
> Version: 1.4.0
> Severity: serious
> Justification: FTBFS
> Tags: bookworm sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-20220412 ftbfs-bookworm
>
> Hi,
>
> During a rebuild of all packages in sid, your package failed to build
> on amd64.

The reason is the update of python-gitlab to v3.

Work is upstream:
https://gitlab.com/gitlabracadabra/gitlabracadabra/-/merge_requests/240

Regards
-- 
Mathieu Parent

Bug#989080: [Pkg-samba-maint] Bug#989080: cifs-utils: diff for NMU version 2:6.11-3.1

2021-07-27 Thread Mathieu Parent

Le lun. 26 juil. 2021 à 23:21, Sebastian Ramacher
 a écrit :
>
> Dear maintainer,
>
> I've prepared an NMU for cifs-utils (versioned as 2:6.11-3.1). The diff
> is attached to this message.
>

Thanks!


-- 
Mathieu Parent

Bug#987209: marked as pending in samba

2021-05-06 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #987209 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/-/commit/a3e8b050fb4bb01eeb4406c3905665d98c7f7b67


Breaks+Replaces: samba-dev (<< 2:4.11) (Closes: #987209)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/987209

Bug#987811: marked as pending in samba

2021-05-06 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #987811 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/-/commit/07be56511502e1d4eab17a703f45012b6790f6e7


Add patch for CVE-2021-20254 (Closes: #987811)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/987811

Bug#972912: [Pkg-samba-maint] Bug#972912: Incorrect fix to bug

2021-01-08 Thread Mathieu Parent

Le lun. 21 déc. 2020 à 16:06, Sven Mueller  a écrit :
>
> Well, turns out that apparently nobody else bothers with a .symbols file for 
> Python extensions. I looked at the packages for samba, numpy, mypy and 
> python-stdlib-extensions. And if the Python maintainers themselves don't do 
> it, you probably shouldn't.
>
> I attached a diff to remove the relevant file and the setup for it. I also 
> added some verbosity to the stuff debhelper does (I find it harder to debug 
> build issues without it).
> I verified that except for this symbols file going away, nothing else 
> changed. (Most notable, the main libldb-dev package still looks the same.) - 
> Verified via diffoscope which only showed expected changes (timestamps, 
> mostly)
>
> I'll see if I can turn it into a pull request on Salsa, but my git-foo is 
> weaker than it probably should be, so feel free to just apply my patch 
> yourself.
> If I create a pull request, should that include an update to debian/changelog?

Hello, just a quick note that I won't work on this for bullseye. If
you can propose a MR in salsa and test that samba builds and works,
I'll happily review it.

Regards
-- 
Mathieu Parent

Bug#972912: [Pkg-samba-maint] Bug#972912: Incorrect fix to bug

2020-12-17 Thread Mathieu Parent

Le jeu. 17 déc. 2020 à 16:48, Sven Mueller  a écrit :
>
> Hi Mathieu.

Hi,

> Just wanted to say that your fix here seems wrong:
> The symbols file says when a specific symbol for a specific lib was added.
> If I rebuild ldb against Python 3.9, it will suddenly claim that - for 
> example -  symbol PYLDB_UTIL_2.1.0@PYLDB_UTIL_2.1.0 was added to the package 
> - for the Python 3.9 specific lib - in package version 2:2.1.0 - Even though 
> that package version was not built against Python 3.9 at all.
>
> The better fix would be to explicitly build against specific Python versions 
> (python3.8-dev, python3.9-dev build dependencies) and have appropriate 
> symbols listed for both of them.
>
> Currently, if a package builds against the ldb python bindings for Python 
> 3.9, it will generate versioned dependencies that are incorrect (if all it 
> uses would be the above symbol, it would depend on python3-ldb >= 2:2.1.0 - 
> which didn't have any Python 3.9 bindings) - and fail after installation.
>
> To be fair though, I'm not even sure having the symbols file for the python 
> bindings .so files makes much sense.

OK. Could you submit a merge request fixing this? SInce the migration
to python3, the bindings are getting complicated. Any help here is
apprecciated.

Regards

Mathieu Parent

Bug#972912: marked as pending in ldb

2020-11-11 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #972912 in ldb reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/ldb/-/commit/6216bd5b2f22538334a7e51ca9e0c1cfda5b3cf7


Generate python3-ldb.symbols to build on all python3 versions (Closes: #972912)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/972912

Bug#972776: marked as pending in talloc

2020-11-10 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #972776 in talloc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/talloc/-/commit/0a8d5765c733e3ff8ffe7287526b3e392cac


d/python3-talloc.symbols: generating so suffix (Closes: #972776)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/972776

Bug#963985: marked as pending in samba

2020-07-04 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #963985 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/-/commit/a8f0336c8f5cf3df54bd7ab6e03d3a228097c402


Add patch Rename mdfind to mdsearch (Closes: #963985)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/963985

Bug#963985: Forwarded

2020-07-04 Thread Mathieu Parent

Control: forwarded -1 https://bugzilla.samba.org/show_bug.cgi?id=14431

Forwarded upstream

Regards
-- 
Mathieu Parent

Bug#963971: [Pkg-samba-maint] Bug#963971: samba-libs: libndr.so.0 gone from latest version, breaks sssd-ad-common dependency

2020-07-04 Thread Mathieu Parent

Le sam. 4 juil. 2020 à 15:15, Michael Stone  a écrit :
>
> On Sat, Jul 04, 2020 at 07:28:32AM +0200, Mathieu Parent wrote:
> >clone 963971 -1
> >tag 963971 + upstream
> >tag -1 + upstream fixed-upstream patch
> >reassign -1 sssd-ad-common
> >
> >Le lun. 29 juin 2020 à 14:48, Michael Stone  a écrit :
> >>
> >> Package: samba-libs
> >> Version: 2:4.12.3+dfsg-2
> >> Severity: critical
> >> Justification: breaks the whole system
> >>
> >> The new samba-libs package changes the soname of libndr from libndr.so.0 to
> >> libndr.so.1 without reflecting this change in the package name. 
> >> sssd-ad-common
> >> has a dependency on samba-libs (>= 2:4.11.5+dfsg) and links to libndr.so.0.
> >> When the samba-libs package is updated and libndr.so.0 disappears sssd 
> >> fails to
> >> start, which then makes a system's remote users unavailable. (Worse, this
> >> doesn't happen until the next time sssd restarts--which may not be until 
> >> the
> >> next reboot.)
> >
> >It looks to be fixed in sssd 2.3.0:
> >https://github.com/SSSD/sssd/commit/bc56b10aea999284458dcc293b54cf65288e325d
> >
> >I'm cloning this bug:
> >- on the samba side I'll add a breaks: sssd-ad-common (<< 2.3.0)
> >- on the sssd side, an update to 2.3.0+ is needed
>
> Going forward, do things using samba-libs need a strict version
> depenedency since there is no ABI version in the package name?

No, I think. According to the sssd commit, sssd 2.3 will still build
on older samba-libs.

Regards
-- 
Mathieu Parent

Bug#963971: marked as pending in samba

2020-07-03 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #963971 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/-/commit/a3504968b70842d17ee82363975d34c6f694e6ef


Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump (Closes: #963971)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/963971

Bug#963971: [Pkg-samba-maint] Bug#963971: samba-libs: libndr.so.0 gone from latest version, breaks sssd-ad-common dependency

2020-07-03 Thread Mathieu Parent

clone 963971 -1
tag 963971 + upstream
tag -1 + upstream fixed-upstream patch
reassign -1 sssd-ad-common

Le lun. 29 juin 2020 à 14:48, Michael Stone  a écrit :
>
> Package: samba-libs
> Version: 2:4.12.3+dfsg-2
> Severity: critical
> Justification: breaks the whole system
>
> The new samba-libs package changes the soname of libndr from libndr.so.0 to
> libndr.so.1 without reflecting this change in the package name. sssd-ad-common
> has a dependency on samba-libs (>= 2:4.11.5+dfsg) and links to libndr.so.0.
> When the samba-libs package is updated and libndr.so.0 disappears sssd fails 
> to
> start, which then makes a system's remote users unavailable. (Worse, this
> doesn't happen until the next time sssd restarts--which may not be until the
> next reboot.)

It looks to be fixed in sssd 2.3.0:
https://github.com/SSSD/sssd/commit/bc56b10aea999284458dcc293b54cf65288e325d

I'm cloning this bug:
- on the samba side I'll add a breaks: sssd-ad-common (<< 2.3.0)
- on the sssd side, an update to 2.3.0+ is needed

Regards
-- 
Mathieu Parent

Bug#953008: marked as pending in talloc

2020-03-05 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #953008 in talloc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/talloc/-/commit/d6d992c96ccdbbb7a80fcc4511000336cb53cde3


Merge branch 'debian-talloc-py38-ftbfs' into 'master'

Fix FTBFS with python 3.8 (Closes: #953008)

See merge request samba-team/talloc!7


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/953008

Bug#953008: marked as pending in talloc

2020-03-05 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #953008 in talloc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/talloc/-/commit/8daae50699d748090f1fc3a15adbf03d52b4336b


Fix FTBFS with python 3.8 (Closes: #953008)

- d/python3-talloc.install: update globbing for python 3.8
- d/python3-talloc.symbols*: update symbols for python 3.8


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/953008

Bug#931255: Orphaning php-horde*

2020-01-28 Thread Mathieu Parent

Le mardi 28 janvier 2020, IOhannes m zmölnig  a
écrit :
> On Tue, 28 Jan 2020 11:15:56 +0100 =?UTF-8?Q?IOhannes_m_zm=c3=b6lnig?=
>  wrote:
>> if nobody objects, i'm going to do a QA-upload to
buster/proposed-updates.
>
> https://bugs.debian.org/950018


No objection on my part. Please go ahead.

-- 
Mathieu

Bug#931255: Orphaning php-horde*

2019-10-13 Thread Mathieu Parent

Hello,

FYI, I'm orphaning php-horde-* packages. See:

https://bugs.debian.org/942282

Regards
-- 
Mathieu Parent

Bug#941750: marked as pending in samba

2019-10-05 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #941750 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/commit/f7d965c79c6c3d548d7cfc26203da44100659159


Add libwbclient-dev to samba-dev depends as samba-util was moved there (Closes: 
#941750)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/941750

Bug#941467: marked as pending in samba

2019-10-02 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #941467 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/commit/50178f6cd1de0ef874a32cecec3ea3a7ee5e1da4


Force one job during configure step with -j 1 (Closes: #941467)

Not setting -j leads to default which is number of cpus.

See 
https://salsa.debian.org/samba-team/samba/blob/478603e68024a9c352072c20e0f4f712dd4c5a1c/third_party/waf/waflib/Options.py#L177-212


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/941467

Bug#941467: fixed in samba 2:4.11.0+dfsg-7

2019-10-02 Thread Mathieu Parent

Le jeudi 3 octobre 2019, Jeremy Bicha  a écrit :
> Control: reopen 941467
>
> Oops, it looks like this fix didn't work either.

Argh!

At least ldb is now fixed.

>
> https://buildd.debian.org/status/package.php?p=samba
>
> Thanks,
> Jeremy
>

-- 
Mathieu

Bug#941467: [Pkg-samba-maint] Bug#941467: fixed in samba 2:4.11.0+dfsg-6

2019-10-02 Thread Mathieu Parent

Le mer. 2 oct. 2019 à 21:12, Paul Gevers  a écrit :
>
> Control: reopen 941467
>
> On Tue, 01 Oct 2019 21:07:24 +0000 Mathieu Parent 
> wrote:
> >  samba (2:4.11.0+dfsg-6) unstable; urgency=medium
> >  .
> >* Do not run waf configure in parallel. Fix FTBFS on arm (Closes: 
> > #941467)
>
> Apparently this wasn't enough to fix the failures, as armel, armhf and
> mipsel still FTBFS.

Only armel and armhf were affected by this FTBFS. And this is fixed in
-7 (I forgot about make lazy vars).


> Additionally mips64el and ppc64el now have an
> unfulfilled Build-Depends. This is the remaining blocker in the
> gnome-desktop3/mutter/evolution-data-server transition.

Yes. This is also in progress (ldb 2:2.0.7-3 is coming soon).


Regards

-- 
Mathieu Parent

Bug#941467: marked as pending in samba

2019-10-01 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #941467 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/commit/2b644b748283bde6d384f4abb67886fd0bea7869


Do not run waf configure in parallel. Fix FTBFS on arm (Closes: #941467)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/941467

Bug#940963: [Pkg-samba-maint] Bug#940963: samba doesn't start anymore

2019-09-23 Thread Mathieu Parent

Le dim. 22 sept. 2019 à 19:27, Elimar Riesebieter  a écrit :
>
> Control: severity -1 grave
> Control: reassign -1 samba-common-bin
>
> * Elimar Riesebieter  [2019-09-22 13:00 +0200]:
>
> > Package: samba
> > Version: 2:4.10.8+dfsg-1
> > Severity: normal
> >
> >
> > This server runs sysvinit!
> >
> > [2019/09/22 12:44:28.672896,  0] ../../source3/smbd/server.c:1850(main)
> >   server role = 'active directory domain controller' not compatible with 
> > running smbd standalone.
> >   You should start 'samba' instead, and it will control starting smbd if 
> > required
> > [2019/09/22 12:44:30.809747,  0] ../../source3/nmbd/nmbd.c:921(main)
> >   server role = 'active directory domain controller' not compatible with 
> > running nmbd standalone.
> >   You should start 'samba' instead, and it will control starting the 
> > internal nbt server
>
> /etc/init.d/samba-ad-dc calls
> 'samba-tool testparm --parameter-name="server role"' which fails
> with:
>
> Traceback (most recent call last):
>   File "/bin/samba-tool", line 33, in 
> from samba.netcmd.main import cmd_sambatool
>   File "/usr/lib/python3/dist-packages/samba/__init__.py", line 29, in 
> 
> import samba.param
> ImportError: 
> /lib/x86_64-linux-gnu/libpytalloc-util.cpython-37m-x86-64-linux-gnu.so.2: 
> version `PYTALLOC_UTIL.PY3_2.1.6' not found (required by 
> /usr/lib/python3/dist-packages/samba/param.cpython-37m-x86_64-linux-gnu.so)

Yes, talloc from samba 4.11 was uploaded, this usually doesn't
introduce pain. But this time (they dropped python2 support) it was.

Maybe a samba rebuild would help. I hope that ldb will pass NEW fast...

Regards

-- 
Mathieu Paretn

Bug#939129: marked as pending in php-horde-imap-client

2019-09-04 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #939129 in php-horde-imap-client reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/horde-team/php-horde-imap-client/commit/faf2d261964974a8ce65b40d2a82c651b5503a88


Fix SORT and THREAD command when UTF8=ACCEPT

>From 
>https://github.com/horde/Imap_Client/commit/48c4f50b78e4146c7e9a0756b5c7de77ffbb551d

Closes: #939129


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/939129

Bug#931255: Update in stable?

2019-08-29 Thread Mathieu Parent

Le jeu. 29 août 2019 à 15:39, Christoph Haas  a écrit :
>
> I would like to see this simple fix in Buster. Without it the package is 
> nearly unusable in my opinion. Do you think the release team would agree?

Yes, the release team will agree.

Unfortunately, I won't work on this soon.

Regards
-- 
Mathieu Parent

Bug#930321: php-horde-form: diff for NMU version 2.0.18-3.1

2019-06-18 Thread Mathieu Parent

Le dim. 16 juin 2019 à 17:48, Salvatore Bonaccorso  a écrit :
>
> Control: tags 930321 + pending
>
> Hi Mathieu,
>
> I've prepared an NMU for php-horde-form (versioned as 2.0.18-3.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should cancel it or feel free to override it with a maintainer upload!
>
> Decided to go ahead with a DELAYED/2 only given the approaching
> release for buster.

Thanks.

I've also pushed your changes to salsa.

Usually, the release team handle those security patches automaticaly.
Otherwise an unblock request is needed in 2 days.

Cheers
-- 
Mathieu Parent

Bug#927747: [Pkg-samba-maint] Bug#927747: bind9_dlz backend is entirely broken in Debian

2019-05-08 Thread Mathieu Parent

severity 927747 serious
thanks


Le mar. 23 avr. 2019 à 23:12, Steinar H. Gunderson  a écrit :
>
> On Tue, Apr 23, 2019 at 10:24:54PM +0200, Mathieu Parent wrote:
> > There are several issues here. Trying a summary.
> > 1. We need to patch bind9 apparmor profile (this is the cloned bug)
>
> Yes.
>
> > 2. The /var/lib/samba/bind-dns directory is created on domain
> > provision. Nothing to do here?
>
> It's not created on upgrade from stretch, though? You don't re-provision your
> domain when upgrading Samba, yet upgrading should be allowed.
>
> > 2. bind9 conf "include" should be updated. As the conffile is not
> > owned by samba all we can do is printing a message in samba preinst
> > (if include "/usr/local/samba/private/named.conf" is found in
> > /etc/named/named.conf or /etc/bind/named.conf.local)
>
> Yes.
>
> > 3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11)
>
> I _think_ samba_dnsupgradedns writes a new config fragment.
>
> > 4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when?
>
> I would assume in postinst (assuming we detect its use).
>

I've started to work on this but was unable to automate things. Will try again

Downgrading the severity as the AppArmor side is already fixed it seems in sid.

Regards

-- 
Mathieu Parent

Bug#927747: [Pkg-samba-maint] Bug#927747: bind9_dlz backend is entirely broken in Debian

2019-04-23 Thread Mathieu Parent

clone 927747 -1
reassign -1 bind9
severity -1 serious
retitle -1 bind9: Please add "/var/lib/samba/bind-dns/** rwk," to
apparmor profile
thanks


Le lun. 22 avr. 2019 à 17:30, Steinar H. Gunderson  a écrit :
>
> Package: samba
> Version: 2:4.9.5+dfsg-3
> Severity: grave
>
> Hi,

Hi,

Thanks for your detailed report.

> I upgraded a DC from stretch to buster, and DNS for AD (via bind9_dlz)
> started failing in strange ways. (In particular, when I changed the IP address
> of the DC, samba-tool dns query would return the correct addresses, but actual
> DNS lookups would return the old ones.) It turns out that upstream, bind9_dlz
> data has moved from /var/lib/samba/private to /var/lib/samba/bind-dns; 
> however,
> there's no notice about this anywhere, and the path does not exist in Debian.
> (Thus, the .conf file in use didn't even mention the BIND 9.11 .so file, much
> less load it.) Furthermore, if you try to remedy this problem yourself by
> mkdir-ing the new directory and running samba_dnsupgrade, BIND will no longer
> start due to AppArmor policies being out of date:
>
>   [84419.640664] audit: type=1400 audit(1555945763.230:88): apparmor="DENIED" 
> operation="open" profile="/usr/sbin/named" 
> name="/var/lib/samba/bind-dns/named.conf" pid=9043 comm="isc-worker" 
> requested_mask="r" denied_mask="r" fsuid=111 ouid=0
>   [84486.581899] audit: type=1400 audit(1555945830.170:89): apparmor="DENIED" 
> operation="open" profile="/usr/sbin/named" 
> name="/var/lib/samba/bind-dns/named.conf" pid=9171 comm="isc-worker" 
> requested_mask="r" denied_mask="r" fsuid=111 ouid=0
>
> Given that AppArmor now seems to be default on in buster, this breaks
> the functionality completely, even for new installations (not just for
> upgrades from stretch).
>
> I would suppose that postinst needs to check whether BIND9_DLZ is in use,
> and if so, run samba_upgradedns --dns-backend=BIND9_DLZ and then finally
> pop up a message saying that the admin will have to change the .conf path
> in named.conf.local. And the AppArmor profile will need to be fixed.
>
> Even after this, I had to run samba_dnsupdate once with --use-samba-tool,
> and then it would finally run without “dns_tkey_gssnegotiate: TKEY is
> unacceptable” the next time.

There are several issues here. Trying a summary.
1. We need to patch bind9 apparmor profile (this is the cloned bug)
2. The /var/lib/samba/bind-dns directory is created on domain
provision. Nothing to do here?
2. bind9 conf "include" should be updated. As the conffile is not
owned by samba all we can do is printing a message in samba preinst
(if include "/usr/local/samba/private/named.conf" is found in
/etc/named/named.conf or /etc/bind/named.conf.local)
3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11)
4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when?

1. I think adding this rule is ok:

+/var/lib/samba/bind-dns/** rwk,

But we may do better with something like this (to be tested and improved):

   /var/lib/samba/private/dns.keytab r,
   /var/lib/samba/private/named.conf r,
-  /var/lib/samba/private/dns/** rwk,
+ /var/lib/samba/bind-dns/*.conf r,
+ /var/lib/samba/bind-dns/dns/** rwk,
-  /etc/smb.conf r,
+  /etc/samba/smb.conf r,

Regards
-- 
Mathieu Parent

Bug#919147: [pkg-php-pear] Bug#919147: php-pear: diff for NMU version 1:1.10.6+submodules+notgz-1.1

2019-01-14 Thread Mathieu Parent

Hi Salvatore,

Please go ahead and reduce the delay !

(From phone)

Mathieu

Le dimanche 13 janvier 2019, Salvatore Bonaccorso  a
écrit :
> Control: tags 919147 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for php-pear (versioned as
> 1:1.10.6+submodules+notgz-1.1) and uploaded it to DELAYED/10. Please
> feel free to tell me if I should delay it longer.
>
> Regards,
> Salvatore
>

-- 
Mathieu

Bug#917330: Bug #917330 in ruby-kitchen-salt marked as pending

2018-12-26 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #917330 in ruby-kitchen-salt reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/ruby-team/ruby-kitchen-salt/commit/81897d3dede4497b770198bae8b7916b32dd6614


Add missing copyright holder (Closes: #917330)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/917330

Bug#915691: [Pkg-samba-maint] Samba packages broken on powerpcspe

2018-12-26 Thread Mathieu Parent

Le mer. 26 déc. 2018 à 05:43, Vojtech Ruml  a écrit :
>
> Hello,

Hello,

>
>
> Samba-common package (= 2:4.9.2+dfsg-2
>
> was not built and whole samba installation on my system is completely broken 
> now.
>
> Is it possible to resolve this situation ?

https://buildd.debian.org/status/package.php?p=samba has:

> Dependency installability problem for samba on powerpcspe:
>
> samba build-depends on:
> - glusterfs-common:powerpcspe
> glusterfs-common depends on missing:
> - liblvm2app2.2:powerpcspe (>= 2.02.176)

And glusterfs has build-dependency liblvm2-dev uninstallable on all
arches (see https://buildd.debian.org/status/package.php?p=glusterfs=sid).

Relevant bug: https://bugs.debian.org/915691 glusterfs-common -
Depends on deprecated liblvm2app

Patrick, do you intent to work on it soon? If not, I will drop
glusterfs support in Samba.

Regards

Mathieu Parent

>
>
> Thank you,
>
>
>
> Vojtech Ruml
>
>
>
> root@debian:/data# apt-get install samba
>
> Reading package lists... Done
>
> Building dependency tree
>
> Reading state information... Done
>
> Some packages could not be installed. This may mean that you have
>
> requested an impossible situation or if you are using the unstable
>
> distribution that some required packages have not yet been created
>
> or been moved out of Incoming.
>
> The following information may help to resolve the situation:
>
>
>
> The following packages have unmet dependencies:
>
> samba : Depends: samba-common (= 2:4.9.2+dfsg-2) but 2:4.9.4+dfsg-1 is to be 
> installed
>
>  Depends: samba-common-bin (= 2:4.9.2+dfsg-2) but it is not going to 
> be installed
>
> E: Unable to correct problems, you have held broken packages.
>
> root@debian:/data#
>
> ___
> Pkg-samba-maint mailing list
> pkg-samba-ma...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-samba-maint

Bug#913143: Bug #913143 in samba marked as pending

2018-11-15 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #913143 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/commit/8c1bd98589587e22e28c2195d7eca2c08c1c2b82


d/rules: Replace override_dh_perl by override_dh_perl-arch (Closes: #913143)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/913143

Bug#913143: Bug #913143 in samba marked as pending

2018-11-10 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #913143 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/commit/8c1bd98589587e22e28c2195d7eca2c08c1c2b82


d/rules: Replace override_dh_perl by override_dh_perl-arch (Closes: #913143)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/913143

Bug#899801: Bug #899801 in php-facedetect marked as pending

2018-11-05 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #899801 in php-facedetect reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/php-team/pecl/php-facedetect/commit/dc5e1d83ffd63f52bd381e4a12ba938d13938df0


Update maintainer email to team+php-p...@tracker.debian.org (Closes: #899801)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/899801

Bug#909738: Bug #909738 in php-horde-kronolith marked as pending

2018-10-08 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #909738 in php-horde-kronolith reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/horde-team/php-horde-kronolith/commit/c109086f86852292d7459d0dbbaf6afde705a301


Add patches for CVE-2017-16906 (Closes: #909737) and CVE-2017-16908 (Closes: 
#909738)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/909738

Bug#909737: Bug #909737 in php-horde-kronolith marked as pending

2018-10-08 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #909737 in php-horde-kronolith reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/horde-team/php-horde-kronolith/commit/c109086f86852292d7459d0dbbaf6afde705a301


Add patches for CVE-2017-16906 (Closes: #909737) and CVE-2017-16908 (Closes: 
#909738)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/909737

Bug#909739: Bug #909739 in php-horde marked as pending

2018-10-07 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #909739 in php-horde reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/horde-team/php-horde/commit/16addfa64ac133f9fd1adca2ededf54031167ba2


Fix CVE-2017-16907 XSS via Color field (Closes: #909739)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/909739

Bug#909800: Bug #909800 in php-horde-core marked as pending

2018-10-07 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #909800 in php-horde-core reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/horde-team/php-horde-core/commit/bd78f713ad250a45e5f4b7c326aba593502b7c73


Fix CVE-2017-16907 XSS via Color field (Closes: #909800)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/909800

Bug#906562: Bug #906562 in samba marked as pending

2018-08-19 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #906562 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/commit/f262fc54c9e3bf6fe52ca9da5ee6e04c954d1d7d


Prepend 1.4.0+really to ldb version to allow samba-dsdb-modules install 
(Closes: #906562, #906568)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/906562

Bug#906568: Bug #906568 in samba marked as pending

2018-08-19 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #906568 in samba reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/samba/commit/f262fc54c9e3bf6fe52ca9da5ee6e04c954d1d7d


Prepend 1.4.0+really to ldb version to allow samba-dsdb-modules install 
(Closes: #906562, #906568)



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/906568

Bug#906562: [Pkg-samba-maint] Bug#906562: samba-dsdb-modules not installable

2018-08-19 Thread Mathieu Parent

Le dim. 19 août 2018 à 02:09, Ivo De Decker  a écrit :
>
> Hi,
>
> On Sat, Aug 18, 2018 at 01:26:44PM +0200, Elimar Riesebieter wrote:
> > # apt install samba-dsdb-modules
> > Reading package lists... Done
> > Reading state information... Done
> > Some packages could not be installed. This may mean that you have
> > requested an impossible situation or if you are using the unstable
> > distribution that some required packages have not yet been created
> > or been moved out of Incoming.
> > The following information may help to resolve the situation:
> > samba-dsdb-modules : Depends: libldb1 (< 2:1.3.6~) but 
> > 2:1.4.0+really1.3.5-2 is to be installed
> > E: Unable to correct problems, you have held broken packages.
>
> This is caused by the revert in ldb. The code in samba the creates the ldb
> dependency handles epochs, but not the 'really' version number.


yes

> I think the
> only sensible way to handle this, is to bump the epoch for ldb.

No. We need to prepend "2:1.4.0+really" instead of only the epoch.
Will do today.

Regards

> Cheers,
>
> Ivo
>
> ___
> Pkg-samba-maint mailing list
> pkg-samba-ma...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-samba-maint



-- 
Mathieu

Bug#902883: Bug #902883 in talloc marked as pending

2018-07-14 Thread Mathieu Parent

Control: tag -1 pending

Hello,

Bug #902883 in talloc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/samba-team/talloc/commit/e91469a60fc3a99df9f83dba5f5b049ab29dd528


Revert python3 support (Reopen #802484, #814928; Closes: #902883) until it is 
ready

- Without patch: the symbols are changing too often:
  + between arches,
  + between major python versions,
  + between minor talloc versions
- All proposed patches so far break abi checking



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/902883

Bug#902883: FTBFS on arch != amd64 because different libpytalloc-util.*.so name

2018-07-02 Thread Mathieu Parent

Package: src:talloc
Version: 2.1.13-1
Severity: serious

Regression since python3 support:

[...]
dh_makeshlibs -ppython-talloc -ppython3-talloc -Xtalloc. -- -c3
dpkg-gensymbols: warning: new libraries appeared in the symbols file: 
libpytalloc-util.cpython-36m-aarch64-linux-gnu.so.2
dpkg-gensymbols: warning: some libraries disappeared in the symbols file: 
libpytalloc-util.cpython-36m-x86-64-linux-gnu.so.2
dpkg-gensymbols: warning: debian/python3-talloc/DEBIAN/symbols doesn't match 
completely debian/python3-talloc.symbols
--- debian/python3-talloc.symbols (python3-talloc_2.1.13-1_arm64)
+++ dpkg-gensymbolsYed6IE   2018-07-02 13:59:00.845850036 +
@@ -1,26 +1,26 @@
-libpytalloc-util.cpython-36m-x86-64-linux-gnu.so.2 python3-talloc #MINVER#
- 
PYTALLOC_UTIL.CPYTHON_36M_X86_64_LINUX_GNU_2.1.13@PYTALLOC_UTIL.CPYTHON_36M_X86_64_LINUX_GNU_2.1.13
 2.1.13
- PYTALLOC_UTIL.PY3_2.1.10@PYTALLOC_UTIL.PY3_2.1.10 2.1.11
- PYTALLOC_UTIL.PY3_2.1.11@PYTALLOC_UTIL.PY3_2.1.11 2.1.11
- PYTALLOC_UTIL.PY3_2.1.12@PYTALLOC_UTIL.PY3_2.1.12 2.1.12
- PYTALLOC_UTIL.PY3_2.1.13@PYTALLOC_UTIL.PY3_2.1.13 2.1.13
- PYTALLOC_UTIL.PY3_2.1.5@PYTALLOC_UTIL.PY3_2.1.5 2.1.11
- PYTALLOC_UTIL.PY3_2.1.6@PYTALLOC_UTIL.PY3_2.1.6 2.1.11
- PYTALLOC_UTIL.PY3_2.1.7@PYTALLOC_UTIL.PY3_2.1.7 2.1.11
- PYTALLOC_UTIL.PY3_2.1.8@PYTALLOC_UTIL.PY3_2.1.8 2.1.11
- PYTALLOC_UTIL.PY3_2.1.9@PYTALLOC_UTIL.PY3_2.1.9 2.1.11
- _pytalloc_check_type@PYTALLOC_UTIL.PY3_2.1.9 2.1.11
- _pytalloc_get_mem_ctx@PYTALLOC_UTIL.PY3_2.1.6 2.1.11
- _pytalloc_get_ptr@PYTALLOC_UTIL.PY3_2.1.6 2.1.11
- _pytalloc_get_type@PYTALLOC_UTIL.PY3_2.1.6 2.1.11
- pytalloc_BaseObject_PyType_Ready@PYTALLOC_UTIL.PY3_2.1.6 2.1.11
- pytalloc_BaseObject_check@PYTALLOC_UTIL.PY3_2.1.6 2.1.11
- pytalloc_BaseObject_size@PYTALLOC_UTIL.PY3_2.1.6 2.1.11
- pytalloc_Check@PYTALLOC_UTIL.PY3_2.1.5 2.1.11
- pytalloc_GenericObject_reference_ex@PYTALLOC_UTIL.PY3_2.1.9 2.1.11
- pytalloc_GenericObject_steal_ex@PYTALLOC_UTIL.PY3_2.1.9 2.1.11
- pytalloc_GetBaseObjectType@PYTALLOC_UTIL.PY3_2.1.6 2.1.11
- pytalloc_GetObjectType@PYTALLOC_UTIL.PY3_2.1.5 2.1.11
- pytalloc_reference_ex@PYTALLOC_UTIL.PY3_2.1.5 2.1.11
- pytalloc_steal@PYTALLOC_UTIL.PY3_2.1.5 2.1.11
- pytalloc_steal_ex@PYTALLOC_UTIL.PY3_2.1.5 2.1.11
+libpytalloc-util.cpython-36m-aarch64-linux-gnu.so.2 python3-talloc #MINVER#
+ 
PYTALLOC_UTIL.CPYTHON_36M_AARCH64_LINUX_GNU_2.1.13@PYTALLOC_UTIL.CPYTHON_36M_AARCH64_LINUX_GNU_2.1.13
 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.10@PYTALLOC_UTIL.PY3_2.1.10 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.11@PYTALLOC_UTIL.PY3_2.1.11 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.12@PYTALLOC_UTIL.PY3_2.1.12 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.13@PYTALLOC_UTIL.PY3_2.1.13 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.5@PYTALLOC_UTIL.PY3_2.1.5 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.6@PYTALLOC_UTIL.PY3_2.1.6 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.7@PYTALLOC_UTIL.PY3_2.1.7 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.8@PYTALLOC_UTIL.PY3_2.1.8 2.1.13-1
+ PYTALLOC_UTIL.PY3_2.1.9@PYTALLOC_UTIL.PY3_2.1.9 2.1.13-1
+ _pytalloc_check_type@PYTALLOC_UTIL.PY3_2.1.9 2.1.13-1
+ _pytalloc_get_mem_ctx@PYTALLOC_UTIL.PY3_2.1.6 2.1.13-1
+ _pytalloc_get_ptr@PYTALLOC_UTIL.PY3_2.1.6 2.1.13-1
+ _pytalloc_get_type@PYTALLOC_UTIL.PY3_2.1.6 2.1.13-1
+ pytalloc_BaseObject_PyType_Ready@PYTALLOC_UTIL.PY3_2.1.6 2.1.13-1
+ pytalloc_BaseObject_check@PYTALLOC_UTIL.PY3_2.1.6 2.1.13-1
+ pytalloc_BaseObject_size@PYTALLOC_UTIL.PY3_2.1.6 2.1.13-1
+ pytalloc_Check@PYTALLOC_UTIL.PY3_2.1.5 2.1.13-1
+ pytalloc_GenericObject_reference_ex@PYTALLOC_UTIL.PY3_2.1.9 2.1.13-1
+ pytalloc_GenericObject_steal_ex@PYTALLOC_UTIL.PY3_2.1.9 2.1.13-1
+ pytalloc_GetBaseObjectType@PYTALLOC_UTIL.PY3_2.1.6 2.1.13-1
+ pytalloc_GetObjectType@PYTALLOC_UTIL.PY3_2.1.5 2.1.13-1
+ pytalloc_reference_ex@PYTALLOC_UTIL.PY3_2.1.5 2.1.13-1
+ pytalloc_steal@PYTALLOC_UTIL.PY3_2.1.5 2.1.13-1
+ pytalloc_steal_ex@PYTALLOC_UTIL.PY3_2.1.5 2.1.13-1
dh_makeshlibs: failing due to earlier errors
debian/rules:72: recipe for target 'override_dh_makeshlibs' failed


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#880230: gerritlib: build depends on python{,3}-pbr (< 2.0) but 3.1.1-2 is to be installed

2017-11-10 Thread Mathieu Parent

2017-11-07 13:12 GMT+01:00 Adrian Bunk <b...@debian.org>:
> On Tue, Nov 07, 2017 at 09:45:49AM +0100, Mathieu Parent wrote:
[...]
>> I will ask for a removal (of gerritlib and jeepyb) unless someone step
>> in within a month as max(popcon[2 years])=4.
>
> People tend to not step up based on a comment made in some bug.
>
> Orphaning packages is the proper way to make it visible that a new
> maintainer is required (this also automatically lists them in the
> weekly WNPP email sent to debian-devel).

You are right. Done "O" in #881380.

Regards

-- 
Mathieu Parent

Bug#880230: gerritlib: build depends on python{,3}-pbr (< 2.0) but 3.1.1-2 is to be installed

2017-11-07 Thread Mathieu Parent

Control: affects 880230 + jeepyb

Hi,

2017-10-30 20:47 GMT+01:00 Adrian Bunk <b...@debian.org>:
> Source: gerritlib
> Version: 4.0+git20150319-2
> Severity: serious
> Tags: buster sid
>
> The following packages have unmet dependencies:
>  builddeps:gerritlib : Depends: python-pbr (< 2.0) but 3.1.1-2 is to be 
> installed
>Depends: python3-pbr (< 2.0) but 3.1.1-2 is to be 
> installed

Thanks for you report. FYI I won't handle this bug as I don't use
gerritlib anymore (moved to gitlab).

I will ask for a removal (of gerritlib and jeepyb) unless someone step
in within a month as max(popcon[2 years])=4.

Regards
-- 
Mathieu Parent

Bug#841250: [Pkg-php-pecl] Bug#841250: php-facedetect: FTBFS: error with opencv 3.1

2017-10-13 Thread Mathieu Parent

.Hello Mattia,

2017-10-13 19:53 GMT+02:00 Mattia Rizzolo <mat...@debian.org>:
> Control: severity -1 serious
>
> On Thu, Oct 20, 2016 at 02:18:43PM +0200, Mathieu Parent wrote:
>> > I am scheduled to transition of opencv.
>> > This package is target to transition. I tested build with opencv 3.1.
>> > As a result, this FTBFS with opencv 3.1.
>> > Because libhighgui-dev and libcv-dev has been removed from opencv 3.1 
>> > package.
>> > We need to use libopencv-dev instead of these package. And currenct
>> > package disable
>> > support of opencv 3 by patches/0002-Revert-opencv3-support.patch.
>>
>> I've local changes that work. The problem is it FTBFS opencv << 3.
>
> Thank you very much for the experimental upload!
> It really helps to have a fixed package in experimental to use during
> tests builds.
>
>> Do you have more info on the expected date of fransition?
>
> I'm about to upload opencv 3.2 to unstable, starting the transition.  So
> now this bug is becoming RC again.  Please upload the changes you
> already uploaded to experimental to unstable.


I'm currently unable to build my package because libopencv-dev
transitively depend on libopencv-imgcodecs3.2 which depend on
unavailable gdal-abi-2-2-1 (current is 2-2-2).


Regards
-- 
Mathieu Parent

Bug#868209: [Pkg-samba-maint] Bug#868209: Samba security updates uninstallable due to broken dependency of python-talloc

2017-07-14 Thread Mathieu Parent

2017-07-14 16:27 GMT+02:00 Jason Cohen <jwittlinco...@gmail.com>:
> The recent Samba security updates are uninstallable on my Jessie system. The
> problem appears to be with python-samba.
> It depends on python-talloc >= 2.1.6, but Jessie has version 2.1.2.  As a
> result, the packages cannot be updated.



a build-tim error from my side, and binNMUs for jessie and stretch
will be issued, hopefully soon.

Regards

Mathieu Parent

> Package: python-samba
> Source: samba
> Version: 2:4.2.14+dfsg-0+deb8u7
> Installed-Size: 7,250 kB
> Maintainer: Debian Samba Maintainers
> <pkg-samba-ma...@lists.alioth.debian.org>
> Provides: python2.7-samba
> Depends: python-ldb (>= 1.1.2~), python-tdb, python-ntdb, python-crypto,
> python (<< 2.8), python (>= 2.7), python:any (>= 2.6.6-7~), libattr1 (>=
> 1:2.4.46-8), libbsd0 (>= 0.0), libc6 (>= 2.14), libldb1 (>= 0.9.21),
> libpython2.7 (>= 2.7), libtalloc2 (>= 2.0.4~git20101213), libtevent0 (>=
> 0.9.16), python-talloc (>= 2.1.6), samba-libs (= 2:4.2.14+dfsg-0+deb8u7)
>
> Attempting to upgrade would result in several Samba packages being held back
> or removed:
>
> 12 packages can be upgraded. Run 'apt list --upgradable' to see them.
> root@storage-server:/etc/apt/sources.list.d# apt list --upgradable
> Listing... Done
> ctdb/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> libsmbclient/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> libwbclient0/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> python-samba/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> samba/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> samba-common/oldstable 2:4.2.14+dfsg-0+deb8u7 all [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> samba-common-bin/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable
> from: 2:4.2.14+dfsg-0+deb8u6]
> samba-dbg/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> samba-doc/oldstable 2:4.2.14+dfsg-0+deb8u7 all [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> samba-dsdb-modules/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable
> from: 2:4.2.14+dfsg-0+deb8u6]
> samba-libs/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable from:
> 2:4.2.14+dfsg-0+deb8u6]
> samba-vfs-modules/oldstable 2:4.2.14+dfsg-0+deb8u7 amd64 [upgradable
> from: 2:4.2.14+dfsg-0+deb8u6]
>
> root@storage-server:~# apt upgrade
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Calculating upgrade... The following package was automatically installed
> and is no longer required:
>   linux-image-4.9.0-0.bpo.2-amd64
> Use 'apt-get autoremove' to remove it.
> Done
> The following packages have been kept back:
>   ctdb samba samba-common samba-dbg samba-dsdb-modules
> The following packages will be upgraded:
>   libwbclient0 samba-doc
> 2 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
> Need to get 441 kB of archives.
> After this operation, 51.2 kB disk space will be freed.
>
> root@storage-server:~# apt full-upgrade
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Calculating upgrade... The following packages were automatically
> installed and are no longer required:
>   attr ctdb linux-image-4.9.0-0.bpo.2-amd64 samba-dsdb-modules
> Use 'apt-get autoremove' to remove them.
> Done
> The following packages will be REMOVED:
>   samba samba-common-bin samba-dbg
> The following packages have been kept back:
>   ctdb samba-dsdb-modules
> The following packages will be upgraded:
>   libwbclient0 samba-common samba-doc
> 3 upgraded, 0 newly installed, 3 to remove and 2 not upgraded.
> Need to get 705 kB of archives.
> After this operation, 49.8 MB disk space will be freed.
>
>
> ___
> Pkg-samba-maint mailing list
> pkg-samba-ma...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-samba-maint



-- 
Mathieu

Bug#868209: CVE-2017-11103: Orpheus' Lyre: samba uploads in progress.

2017-07-13 Thread Mathieu Parent

Hello security team,

FYI: I have uploaded jessie and stretch versions of samba to fix Orpehus' Lyre.

Changes are in the relevant branches of:
https://anonscm.debian.org/cgit/pkg-samba/samba.git

Regards

-- 
Mathieu Parent

Bug#868209: marked as pending

2017-07-13 Thread Mathieu Parent

tag 868209 pending
thanks

Hello,

Bug #868209 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=c7d56e7

---
commit c7d56e7764c64651542c95037e3c2ac0f86932d0
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Thu Jul 13 15:01:31 2017 +0200

Release 2:4.2.14+dfsg-0+deb8u7

diff --git a/debian/changelog b/debian/changelog
index 4aa3616..973bcda 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+samba (2:4.2.14+dfsg-0+deb8u7) jessie-security; urgency=high
+
+  * This is a security release in order to address the following defect:
+- CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+  (Closes: #868209)
+
+ -- Mathieu Parent <sath...@debian.org>  Thu, 13 Jul 2017 15:00:29 +0200
+
 samba (2:4.2.14+dfsg-0+deb8u6) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.

Bug#868209: [Pkg-samba-maint] Bug#868209: CVE-2017-11103: MitM attack, impersonation of the Kerberos client, known as Orpheus Lyre

2017-07-13 Thread Mathieu Parent

Hello,

I'll handle sid, stretch and jessie. With the corresponding versions:
+samba (2:4.6.5+dfsg-4) unstable; urgency=high
+samba (2:4.5.8+dfsg-2+deb9u1) stretch-security; urgency=high
+ samba (2:4.2.14+dfsg-0+deb8u7) jessie-security; urgency=high

The timing was not very good for me, but I have some time this
afternoon to commit+build+upload.

Regards

Mathieu Parent


2017-07-13 9:45 GMT+02:00 Andrew Bartlett <abart...@samba.org>:
> On Thu, 2017-07-13 at 18:05 +1200, Andrew Bartlett wrote:
>> On Thu, 2017-07-13 at 07:14 +0200, Raphael Hertzog wrote:
>> > Source: samba
>> > Severity: grave
>> > Tags: security patch
>> > Version: 2:4.1.11+dfsg-1
>> >
>> > Hi,
>> >
>> > the following vulnerability was published for samba (due to its embedded
>> > copy of heimdal). I checked the build logs for unstable and apparently it
>> > does use this copy (I don't know the status for older releases).
>> >
>> > CVE-2017-11103[0]: MitM attack, impersonation of the Kerberos client, know 
>> > as Orpheus Lyre
>> >
>> > A dedicated website is here:
>> > https://orpheus-lyre.info/
>> >
>> > The samba announce and patch are here:
>> > https://www.samba.org/samba/security/CVE-2017-11103.html
>> > https://download.samba.org/pub/samba/patches/security/samba-4.x.y-CVE-2017-11103.patch
>> >
>> > If you fix the vulnerability please also make sure to include the
>> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>> >
>> > For further information see:
>> >
>> > [0] https://security-tracker.debian.org/tracker/CVE-2017-11103
>> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
>> >
>> > Please adjust the affected versions in the BTS as needed.
>>
>> Proposed updates are in jessie and stretch branches at:
>>
>> git://git.samba.org/abartlet/samba-debian.git
>>
>> I've only built them, not tested them.  Then again, the upstream
>> patches were not manually tested either (we relied on autobuild), such
>> was the rush...
>>
>> I can upload the built binaries if you want to test them or comment.
>
> Unsigned packages (sorry) are at:
>
> https://seafile.catalyst.net.nz/d/8f9c648216c3452497cb/
>
> --
> Andrew Bartlett   http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT  http://catalyst.net.nz/services/samba
>
> ___
> Pkg-samba-maint mailing list
> pkg-samba-ma...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-samba-maint



-- 
Mathieu

Bug#868209: marked as pending

2017-07-13 Thread Mathieu Parent

tag 868209 pending
thanks

Hello,

Bug #868209 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=feb2524

---
commit feb2524d7fcc307b78d5bed5fc0ef1873a3e7e24
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Wed Jul 12 23:22:29 2017 +0200

Release 2:4.5.8+dfsg-2+deb9u1

diff --git a/debian/changelog b/debian/changelog
index 750f427..53cf863 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+samba (2:4.5.8+dfsg-2+deb9u1) stretch-security; urgency=high
+
+  * This is a security release in order to address the following defect:
+- CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+  (Closes: #868209)
+
+ -- Mathieu Parent <sath...@debian.org>  Thu, 13 Jul 2017 14:43:44 +0200
+
 samba (2:4.5.8+dfsg-2) unstable; urgency=high
 
   * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside

Bug#868209: marked as pending

2017-07-13 Thread Mathieu Parent

tag 868209 pending
thanks

Hello,

Bug #868209 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=42c2798

---
commit 42c2798393a2d284ff8a1166aba96f74cd2f56ae
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Wed Jul 12 23:06:53 2017 +0200

Release 2:4.6.5+dfsg-4

diff --git a/debian/changelog b/debian/changelog
index 427860b..b36b199 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+samba (2:4.6.5+dfsg-4) unstable; urgency=high
+
+  * This is a security release in order to address the following defects:
+- CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+  (Closes: #868209)
+  * Other fixes:
+- Remove empty samba-common.maintscript (leading to empty preinst and
+  prerm)
+
+ -- Mathieu Parent <sath...@debian.org>  Thu, 13 Jul 2017 14:38:32 +0200
+
 samba (2:4.6.5+dfsg-3) unstable; urgency=medium
 
   * Remove upstart code

Bug#858564: marked as pending

2017-04-01 Thread Mathieu Parent

tag 858564 pending
thanks

Hello,

Bug #858564 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=a42f73e

---
commit a42f73eaf1e692ff14cc645a6aa47890edfc61e9
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Sat Apr 1 17:42:00 2017 +0200

Release 2:4.5.8+dfsg-1

diff --git a/debian/changelog b/debian/changelog
index 96943d6..ab38326 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+samba (2:4.5.8+dfsg-1) unstable; urgency=high
+
+  * New upstream version
+- Drop CVE-2017-2619.patch: merged upstream
+- Fix CVE-2017-2619 regression with "follow symlink = no" (Closes: #858564)
+
+ -- Mathieu Parent <sath...@debian.org>  Sat, 01 Apr 2017 20:39:17 +0200
+
 samba (2:4.5.6+dfsg-2) unstable; urgency=high
 
   * This is a security release in order to address the following defects:

Bug#859101: marked as pending

2017-04-01 Thread Mathieu Parent

tag 859101 pending
thanks

Hello,

Bug #859101 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=0a7e378

---
commit 0a7e37892154dbef5c256ed17a0ea8b4b0abac00
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Sat Apr 1 11:10:35 2017 +0200

Re-release 2:4.2.14+dfsg-0+deb8u5

diff --git a/debian/changelog b/debian/changelog
index 57b2ce1..7c157ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,8 +21,10 @@ samba (2:4.2.14+dfsg-0+deb8u5) jessie-security; urgency=high
 - selftest: add content to files created during shadow_copy2 test
 - selftest: check file readability in shadow_copy2 test
 - selftest: test listing directories inside snapshots
+  * Fix `net ads join` freeze when run a second time (Closes: #859101) since 
4.2
+- libads: Fix deadlock when re-joining a domain and updating keytab
 
- -- Mathieu Parent <sath...@debian.org>  Thu, 30 Mar 2017 22:15:40 +0200
+ -- Mathieu Parent <sath...@debian.org>  Sat, 01 Apr 2017 11:10:22 +0200
 
 samba (2:4.2.14+dfsg-0+deb8u4) jessie-security; urgency=high

Bug#858564: Test packages fixing samba regressions

2017-03-30 Thread Mathieu Parent

Hello all,

I've prepared samba packages fixing vfs_shadowcopy2 and "follow symlink = no".

Can you test and report? (I've tested simple cases with those two options only).

Those are, signed with my key, at: https://people.debian.org/~sathieu/samba/

Regards

-- 
Mathieu Parent

Bug#858564: marked as pending

2017-03-30 Thread Mathieu Parent

tag 858564 pending
thanks

Hello,

Bug #858564 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=a88130d

---
commit a88130d25e6fddd56259044af3fb01057a39c652
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Thu Mar 30 22:15:47 2017 +0200

Release 2:4.2.14+dfsg-0+deb8u5

diff --git a/debian/changelog b/debian/changelog
index a7f1de5..57b2ce1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+samba (2:4.2.14+dfsg-0+deb8u5) jessie-security; urgency=high
+
+  * This is a security release in order to fix regressions from CVE-2017-2619
+  * Fix "follow symlink = no" (Closes: #858564)
+- s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496
+  (CVE-2017-2619).
+- s3: smbd: Fix "follow symlink = no" regression part 2.
+- s3: smbd: Fix "follow symlink = no" regression part 2.
+  * Fix shadow_copy2 (Closes: #858648, #858590)
+- vfs_shadow_copy: handle non-existant files and wildcards
+- vfs_shadow_copy2: fix crash in 4.2.x backport
+- vfs_shadow_copy2: add a blackbox test suite
+- s3: libsmb: Correctly align create contexts in a create call.
+- s3: libsmb: Add return args to clistr_is_previous_version_path().
+- s3: libsmb: Add cli_smb2_shadow_copy_data() function that gets shadow 
copy
+  info over SMB2.
+- s3: libsmb: Plumb new SMB2 shadow copy call into cli_shadow_copy_data().
+- s3: libsmb: Add the capability to find a @GMT- path in an SMB2 create and
+  transform to a timewarp token.
+- s2-selftest: run shadow_copy2 test both in NT1 and SMB3 modes
+- selftest: add content to files created during shadow_copy2 test
+- selftest: check file readability in shadow_copy2 test
+- selftest: test listing directories inside snapshots
+
+ -- Mathieu Parent <sath...@debian.org>  Thu, 30 Mar 2017 22:15:40 +0200
+
 samba (2:4.2.14+dfsg-0+deb8u4) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.

Bug#859101: [Pkg-samba-maint] Bug#859101: regression: net: security update makes `net ads join` freeze when run a second time

2017-03-30 Thread Mathieu Parent

Hi,

2017-03-30 13:12 GMT+02:00 Paul Wise <p...@debian.org>:
> Control: fixed -1 2:4.5.6+dfsg-1
>
> On Thu, 2017-03-30 at 18:30 +0800, Paul Wise wrote:
>
>> I've confirmed that the freeze does not happen on samba 4.1 using
>> snapshot.d.o. The issue still occurs with 2:4.2.14+dfsg-0+deb8u4.
>
> I've confirmed this issue does not happen with stretch 2:4.5.6+dfsg-1

Can you try this patch:
https://git.samba.org/?p=samba.git;a=commitdiff;h=38beef2ff63664d7d5805f1032bb9f69d0b965d7

(first released in 4.3.0)

Regards

-- 
Mathieu Parent

Bug#858564: Confirmed on sid

2017-03-28 Thread Mathieu Parent

On Tue, 28 Mar 2017 01:33:44 +0300 Adrian Bunk <b...@debian.org> wrote:
> Control: severity -1 grave

> I've upgraded the severity again.
>
> Quoting the original bug report:
>* What led up to the situation?
> I upgraded to 8u4 through unattended upgrades.
>
>
> Regressions in a DSA that are actually among the worst possible bugs,
> since these are supposed to be automatically deployed to production
> systems running Debian.

Really?

https://www.debian.org/Bugs/Developer#severities

Severity levels are well defined. Don't make your own definition. This
doesn't change the urgency of this bug which is very high.

I won't change the severity again.

Regards

Mathieu Parent

Bug#858564: Confirmed on sid

2017-03-26 Thread Mathieu Parent

Control: tag -1 + confirmed upstream
Control: found -1 2:4.5.6+dfsg-2
Control: severity -1 important

Hello,

I can reproduce it on sid. It has also been reproduced on master.

I've downgraded the severity: this is a regression but it doesn't
"renders package unusable", as removing "follow symlinks = no"
workarounds the problem.


Regards

-- 
Mathieu Parent

Bug#858564: [Pkg-samba-maint] Bug#858564: samba: Since 8u4, Samba does not allow files not in root directory of share

2017-03-24 Thread Mathieu Parent

Control: tag -1 + moreinfo

2017-03-23 17:41 GMT+01:00 James Bellinger <jfb1...@gmail.com>:
> Package: samba
> Version: 2:4.2.14+dfsg-0+deb8u2
> Severity: grave
> Justification: renders package unusable

Hmm... Don't over-rate a bug because it affects you.

> Dear Maintainer,

hi,

> *** Reporter, please consider answering these questions, where appropriate ***
>
>* What led up to the situation?
> I upgraded to 8u4 through unattended upgrades.
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
> (1) I attempt to create a file not in the root directory of the share.
> (2) I try to write to files not in the root directory of the share.
>* What was the outcome of this action?
> (1) Windows Explorer freezes entirely until I end task it.
> (2) It says permission denied.
>* What outcome did you expect instead?
> (1) Normally I can create files.
> (2) Normally I can access files.
>
> I have reverted back to 8u2 and am no longer experiencing problems.
> Access to the root directory of the share works fine.
>
> My smb.conf is as follows:
> (start)
> [global]
> server string = Server
> workgroup = WORKGROUP
> log level = 1
>
> interfaces = eth0 eth0:0 eth0:1 eth0:2 eth0:3
> bind interfaces only = yes
> socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=65536 SO_RCVBUF=65536
>
> server role = standalone server
> disable netbios = yes
> disable spoolss = yes
> csc policy = disable
> oplocks = no
> server min protocol = NT1
>
> passdb backend = tdbsam
> encrypt passwords = yes
> invalid users = root fsadmin
> disable netbios = yes
> disable spoolss = yes
> csc policy = disable
> oplocks = no
> server min protocol = NT1
>
> passdb backend = tdbsam
> encrypt passwords = yes
> invalid users = root fsadmin
>
> follow symlinks = no
> hide dot files = no
> wide links = no
>
> create mask = 660
> directory mask = 770
>
> vfs objects = acl_xattr streams_xattr full_audit
> full_audit:prefix = %S|%u|%I
> follow symlinks = no
> hide dot files = no
> wide links = no
>
> create mask = 660
> directory mask = 770
>
> vfs objects = acl_xattr streams_xattr full_audit
> full_audit:prefix = %S|%u|%I
> full_audit:success = mkdir open opendir rename rmdir unlink
> full_audit:failure = all !getxattr !removexattr !is_offline !readdir_att$
> full_audit:facility = LOCAL7
> full_audit:priority = ALERT
>
> map acl inherit = yes
> store dos attributes = yes
>
> browseable = no
> writeable = yes
>
> include = /etc/samba/smb.conf.%i
> (end)
>
> As an example of the IP-address specific file, here's one:
> (start)
> [hr$]
> comment = HR Server
> path = /mnt/data/hr
> force group = +AccessHR
> valid users = @AccessHR
> (end)
>
> Permissions are absolutely fine. They are essentially 770.
> AppArmor is enabled, but I disabled it and the problem still exists in 8u4.
> It does not exist in 8u2.

OK. I'm not able to reproduce the problem on a classic config, so this
comes from one of those multiple params.

Can you please reduce this config to isolate the param which failed? I
suspect one of the vfs.

Also, does a simple touch fails too? Does it fails too from a Linux
machine (via smbclient or cifs-utils)?

Regards

-- 
Mathieu Parent

Bug#852250: [lua-socket] luasocket was not compiled with UNIX sockets support

2017-02-11 Thread Mathieu Parent

2017-02-03 11:54 GMT+01:00 Michael Meskes :
>> Here is an updated version of the patch, targeting upstream.
>>
>> Can you try the attached patch with both lua-socket versions?
>> - 3.0~rc1+git+321c0c9-2
>> - 3.0~rc1+git+ac3201d-3
>
> Both seem to work, i.e. I can re-start and login to the server both
> times. Great work!

Great.

Can someone upload a fixed prosody-modules then? I won't have time in
the following weeks.

To sum up, this luasocket upload had impact on:
- ekeyd (https://bugs.debian.org/852380), a fix was uploaded DELAYED
- prosody-modules (no bug#, TODO)
- probably nginx, but only with included lua-redis (see
http://sources.debian.net/src/nginx/1.10.2-4/debian/modules/nginx-lua/t/lib/Redis.lua/?hl=727#L727)
- probably lua-redis (see
http://sources.debian.net/src/lua-redis/2.0.5~git20141117.880dda9-1/src/redis.lua/?hl=835#L835)


Regards

-- 
Mathieu

Bug#852380: Proposed ekeyd fix

2017-02-11 Thread Mathieu Parent

2017-02-08 10:08 GMT+01:00 Simon McVittie :
> On Sat, 04 Feb 2017 at 15:58:11 +, Simon McVittie wrote:
>> Since I have the hardware to be able to test ekeyd, which most DDs won't,
>> I'm intending to do an NMU with that change if nobody tells me not to.
>
> I have uploaded the attached to DELAYED/5. Please let me know if I
> should reschedule or cancel the NMU.
>
> Since there has been no maintainer response, I'm happy to reschedule this
> to 0-day if my changes are reviewed by someone who actually knows Lua :-)

Thanks.

I'm not the maintainer, so I can't say about rescheduling to 0-day.

Regards
-- 
Mathieu

Bug#852250: [lua-socket] luasocket was not compiled with UNIX sockets support

2017-02-02 Thread Mathieu Parent

2017-02-02 21:36 GMT+01:00 Mathieu Parent <math.par...@gmail.com>:
> 2017-02-02 20:36 GMT+01:00 Michael Meskes <mes...@debian.org>:
>>> Sorry, my patch was wrong
>>>
>>> local _, unix = pcall(require, "socket.unix");
>>> if unix then
>>>socket.unix = unix.stream or unix.tcp;
>>> end
>>>
>>
>> This one seems to work. Great, thank you so much.
>>
>>> Unfortunately I can't really test the patches I propose, so I beg
>>> your
>>> pardon if they are wrong.
>>
>> No worries, I'm more than willing to test. Not speaking lua myself I
>> cannot create a patch. All the more reason to be thankful for your
>> work.
>>
>>> And the patches are really for the upstream of prosody-modules, not
>>> for
>>> Debian.
>>
>> Sure, I'll forward.
>
> Thanks Enrico. I've done a similar patch (attached). Note that with
> your patch unix will always be not nil: if there is an error "_" will
> be false, and unix will be the error string.
>
> Michael, can you test my patch?

Here is an updated version of the patch, targeting upstream.

Can you try the attached patch with both lua-socket versions?
- 3.0~rc1+git+321c0c9-2
- 3.0~rc1+git+ac3201d-3

Regards
-- 
Mathieu
From 2fc74451bb344ea6dec8cbd0126b7dfc315b91a0 Mon Sep 17 00:00:00 2001
From: Mathieu Parent <math.par...@gmail.com>
Date: Wed, 25 Jan 2017 20:42:56 +0100
Subject: [PATCH] Fix compatibility problems with Unix domain sockets in newer
 versions of luasocket

---
 mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua b/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
index a6f1958..5747b8e 100644
--- a/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
+++ b/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
@@ -26,7 +26,14 @@ local m_random = math.random;
 local tostring, tonumber = tostring, tonumber;
 
 local socket = require "socket"
-pcall(require, "socket.unix");
+local ok, unix = pcall(require, "socket.unix")
+if ok then
+if type(unix) == "function" then
+   socket.unix = unix
+else
+   socket.unix = unix.stream or unix.tcp
+end
+end
 local base64 = require "util.encodings".base64;
 local b64, unb64 = base64.encode, base64.decode;
 local jid_escape = require "util.jid".escape;
-- 
2.11.0

Bug#852380: Proposed ekeyd fix

2017-02-02 Thread Mathieu Parent

Hi,

Can you try the attached patch with both lua-socket versions?
- 3.0~rc1+git+321c0c9-2
- 3.0~rc1+git+ac3201d-3

Thanks

-- 
Mathieu Parent
From 7ae3639338b643a42e3a7dd9672ab00f514debc0 Mon Sep 17 00:00:00 2001
From: Mathieu Parent <sath...@debian.org>
Date: Thu, 2 Feb 2017 23:26:03 +0100
Subject: [PATCH] Fix compatibility with changed UNIX socket API

---
 host/control.lua | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/host/control.lua b/host/control.lua
index 7b9b1b8..feeae60 100644
--- a/host/control.lua
+++ b/host/control.lua
@@ -41,13 +41,16 @@ local dos_callcount = 0
 require "socket"
 
 local have_unix_domain_sockets = false
-function tryload_unix()
-   require "socket.unix"
-   have_unix_domain_sockets = true
+local ok, unix = pcall(require, "socket.unix")
+if ok then
+   if type(unix) == "function" then
+  socket.unix = unix
+   else
+  socket.unix = unix.stream or unix.tcp
+   end
+   have_unix_domain_sockets = socket.unix ~= nil
 end
 
-pcall(tryload_unix)
-
 local protectedenv = {}
 
 -- Control socket interface
-- 
2.11.0

Bug#852250: [lua-socket] luasocket was not compiled with UNIX sockets support

2017-02-02 Thread Mathieu Parent

2017-02-02 20:36 GMT+01:00 Michael Meskes <mes...@debian.org>:
>> Sorry, my patch was wrong
>>
>> local _, unix = pcall(require, "socket.unix");
>> if unix then
>>socket.unix = unix.stream or unix.tcp;
>> end
>>
>
> This one seems to work. Great, thank you so much.
>
>> Unfortunately I can't really test the patches I propose, so I beg
>> your
>> pardon if they are wrong.
>
> No worries, I'm more than willing to test. Not speaking lua myself I
> cannot create a patch. All the more reason to be thankful for your
> work.
>
>> And the patches are really for the upstream of prosody-modules, not
>> for
>> Debian.
>
> Sure, I'll forward.

Thanks Enrico. I've done a similar patch (attached). Note that with
your patch unix will always be not nil: if there is an error "_" will
be false, and unix will be the error string.

Michael, can you test my patch?

Regards

-- 
Mathieu
From a484836665572151199954928c352215d075ef63 Mon Sep 17 00:00:00 2001
From: Mathieu Parent <math.par...@gmail.com>
Date: Wed, 25 Jan 2017 20:42:56 +0100
Subject: [PATCH] Fix compatibility problems with Unix domain sockets in newer
 versions of luasocket

---
 mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua b/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
index a6f1958..66b15d9 100644
--- a/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
+++ b/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
@@ -26,7 +26,10 @@ local m_random = math.random;
 local tostring, tonumber = tostring, tonumber;
 
 local socket = require "socket"
-pcall(require, "socket.unix");
+local ok, unix = pcall(require, "socket.unix")
+if ok then
+socket.unix = unix.stream or unix.tcp or unix
+end
 local base64 = require "util.encodings".base64;
 local b64, unb64 = base64.encode, base64.decode;
 local jid_escape = require "util.jid".escape;
-- 
2.11.0

Bug#852380: ekeyd: Does not start after luasocket upgrade

2017-01-26 Thread Mathieu Parent

On Mon, 23 Jan 2017 20:57:59 -0600 Courtney Bane
<debian-bugs-4...@cbane.org> wrote:
> Package: ekeyd
> Version: 1.1.5-6.1
> Severity: grave
> Tags: patch
> Justification: renders package unusable
>
> After the recent upgrade of the lua-socket package to version
> 3.0~rc1+git+ac3201d-2, ekeyd no longer starts if Unix domain sockets are
> used (for either the control or EGD socket). Instead, it exits with this
> error message:

Hi Courtney,

Can you please test with lua-socket 3.0~rc1+git+ac3201d-3, which
includes your fix (backported)?

Then close this one...

Thanks!

Mathieu Parent

Bug#852250: [lua-socket] luasocket was not compiled with UNIX sockets support

2017-01-25 Thread Mathieu Parent

2017-01-25 22:15 GMT+01:00 Michael Meskes :
> Control: reassign -1 lua-socket
>
> I don't think this is the way to go. There is no grave bug in prosody-modules,
> it's lua-socket that changed its API during freeze. The way I understand our
> freeze policy this is a no-go, but feel free to check with the release team.

The way you want will make prosody-modules break when someone start to
use lua-socket from stretch-backports.

The unix socket API is not stable nor documented yet [1], being tied
to an API that we know will change on buster is not very solid either.

As for the freeze definition, the updated lua-socket was uploaded
during soft freeze. I agree that this could be seen as a "transition"
as the API was changed.

Will look at a fix inside lua-socket (preserving both
compatibilities), but please relax your rules to help find a fix for
all cases.

[1]: https://github.com/diegonehab/luasocket/pull/199#issuecomment-275220892

Regards
-- 
Mathieu

Bug#852250: [lua-socket] luasocket was not compiled with UNIX sockets support

2017-01-25 Thread Mathieu Parent

Control: reassign -1 prosody-modules
Control: tag -1 + patch upstream confirmed


On Wed, 25 Jan 2017 13:04:02 +0100 Enrico Tassi
<gareuselesi...@debian.org> wrote:
> On Wed, Jan 25, 2017 at 10:24:25AM +0100, Michael Meskes wrote:
> > > Hopefully somebody is prepared to fix all rdepends.
> >
> > Or better reverts the API change.
>
> The bug is definitely important.
>
> Mathieu can you take care of it?

Can you test the attached patch on prosody-modules? It's future-proof
and inspired by Courtney's patch on ekeyd.

Regards.

Mathieu Parent
From 6e1199cd1b19361a03bbd2d2243246bd1f75921b Mon Sep 17 00:00:00 2001
From: Mathieu Parent <math.par...@gmail.com>
Date: Wed, 25 Jan 2017 20:42:56 +0100
Subject: [PATCH] Fix compatibility problems with Unix domain sockets in newer
 versions of luasocket

Inspired by a similar patch on ekeyd by Courtney Bane.
---
 mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua b/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
index a6f1958..8e2f1cf 100644
--- a/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
+++ b/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua
@@ -26,7 +26,11 @@ local m_random = math.random;
 local tostring, tonumber = tostring, tonumber;
 
 local socket = require "socket"
-pcall(require, "socket.unix");
+function tryload_unix()
+   socket.unix = require "socket.unix"
+end
+pcall(tryload_unix);
+local sock = socket.unix.stream or socket.unix.tcp or socket.unix
 local base64 = require "util.encodings".base64;
 local b64, unb64 = base64.encode, base64.decode;
 local jid_escape = require "util.jid".escape;
@@ -54,9 +58,9 @@ local function connect(socket_info)
 		conn = socket.tcp();
 		ok, err = conn:connect(socket_host, socket_port);
 		socket_path = ("%s:%d"):format(socket_host, socket_port);
-	elseif socket.unix then
+	elseif sock then
 		socket_path = socket_info;
-		conn = socket.unix();
+		conn = sock();
 		ok, err = conn:connect(socket_path);
 	else
 		err = "luasocket was not compiled with UNIX sockets support";
-- 
2.11.0

Bug#852250: [lua-socket] luasocket was not compiled with UNIX sockets support

2017-01-25 Thread Mathieu Parent

On Wed, 25 Jan 2017 13:37:41 +0100 Enrico Tassi
<gareuselesi...@debian.org> wrote:
> On Wed, Jan 25, 2017 at 10:24:25AM +0100, Michael Meskes wrote:
> > > Hopefully somebody is prepared to fix all rdepends.
> >
> > Or better reverts the API change.
>
> I gave a quick look at the problem.
>
> I don't know why Mathieu packaged a new upstream snapshot exactly,
> I hope it is not for the new unix.tcp/udp feature.  If so, reverting the
> API change is as simple as reverting
>
>   aa1b8cc9bc35e56de15eeb153c899e4c51de82a8
>
> There is just a trivial conflict on the makefile.
>
> Mathieu, does luasandbox need the new unix sockets?

Yes. I need both TCP and UDP socket.

Regards.

Mathieu Parent

Bug#734688: Logs are not rotated for a month

2016-12-26 Thread Mathieu Parent

Control: tag -1 + upstream fixed-upstream

Hello,

2016-12-26 1:29 GMT+01:00 Christoph Biedl :
> Hello everybody,
>
> looking at this old but nasty bug that must be fixed for stretch:
>
> * Trying to understand what goes wrong I wrote a small script that
>   creates a few scenarios and executes logrotate then. Run it in
>   an arbitrary directory like /tmp/ as regular user, with a single
>   parameter in the range 0 to 4. Expect a lot of failures.
>
> * In my understanding logrotate never compresses older logfiles even
>   if they are not compressed yet, this will lead to the observed
>   clashes. So I was about to write a patch that similar for Bolesław's
>   proposal detects if the target file already exists, but would
>   compress it then. However:
>
> * github[1] contains a link[2] to a patch gentoo created. At least
>   for all scenario my test script above creates, it solves the problems.
>   I'd suggest you all test it as well and report back.

The actual upstream fix for it is:
https://github.com/logrotate/logrotate/commit/fc1c3eff61edf8e9f0a4bfa980f3a6030a6b271f

And it is included in version 3.11.0.

The way forward is to update Debian package to 3.11.0.

Regards
-- 
Mathieu

Bug#848719: unblock: samba/2:4.5.2+dfsg-2

2016-12-19 Thread Mathieu Parent

Package: release.debian.org
Severity: serious
User: release.debian@packages.debian.org
Usertags: unblock

Please let package samba enter testing fast, it includes security fixes only.

unblock samba/2:4.5.2+dfsg-2

-- System Information:
Debian Release: stretch/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#820794: [Pkg-samba-maint] Bug#820794: Fixed

2016-12-19 Thread Mathieu Parent

Le 19 décembre 2016 à 17:44, Philippe Cloutier <pclout...@gvq.ca> a écrit :
[...]
> I confirm that 4.2.14+dfsg-0+deb8u2 finally actually fixes.
> 4.2.14+dfsg-0+deb8u2 has reached stable-security.

Thanks for giving us feedback.

>
> Thank you very much Mathieu.

De rien ;-)

-- 
Mathieu Parent

Bug#845929: marked as pending

2016-12-13 Thread Mathieu Parent

tag 845929 pending
thanks

Hello,

Bug #845929 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-heka/lua-sandbox.git;a=commitdiff;h=90a0d9e

---
commit 90a0d9e80f5a3142f85e01c2c84191b385f35291
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Tue Dec 13 21:33:40 2016 +0100

Release 1.2.1-3

diff --git a/debian/changelog b/debian/changelog
index d5c1ee0..9815d38 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,12 @@
-lua-sandbox (1.2.1-3) UNRELEASED; urgency=medium
+lua-sandbox (1.2.1-3) unstable; urgency=medium
 
   * Add luasandbox-binary-doc.patch
   * Update patches and mention upstream pull-requests
+  * Fix FTBFS:
+- on 32-bit (Closes: #845929), and
+- big-endian architectures (Closes: #845928)
 
- -- Mathieu Parent <math.par...@gmail.com>  Tue, 22 Nov 2016 06:50:50 +0100
+ -- Mathieu Parent <sath...@debian.org>  Tue, 13 Dec 2016 21:34:02 +0100
 
 lua-sandbox (1.2.1-2) unstable; urgency=medium

Bug#820794: [Pkg-samba-maint] Bug#820794: still visible: smbclient: "cli_list: Error: unable to parse name from info level 260" with Windows 10 shares

2016-12-07 Thread Mathieu Parent

Control: tag -1 + jessie
Control: found -1 2:4.2.14+dfsg-0+deb8u1

2016-12-07 15:07 GMT+01:00 Christian Hilgers <ch...@familie-hilgers.com>:
> Hi,
>
> I tried the fix from proposed updates and sadly I cannot confirm it is
> fixed:

Indeed, the following patch is not applied in the jessie branch:
https://attachments.samba.org/attachment.cgi?id=11971

I've applied the patch, but I've not uploaded. To the team: Are there
other important bugs to handle in jessie before uploading?

Regards
-- 
Mathieu Parent

Bug#820794: marked as pending

2016-12-07 Thread Mathieu Parent

tag 820794 pending
thanks

Hello,

Bug #820794 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=68168a5

---
commit 68168a5c57df43425bfe40a69fc28c32a08b63bf
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Wed Dec 7 21:45:45 2016 +0100

Changelog for previous commit

diff --git a/debian/changelog b/debian/changelog
index 2259e6c..edf9c25 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+samba (2:4.2.14+dfsg-0+deb8u2) UNRELEASED; urgency=medium
+
+  * Fix smbclient compatibility with Windows 10 (Closes: #820794)
+
+ -- Mathieu Parent <sath...@debian.org>  Wed, 07 Dec 2016 21:44:28 +0100
+
 samba (2:4.2.14+dfsg-0+deb8u1) jessie; urgency=high
 
   * New upstream release.

Bug#841250: Lowering severity

2016-11-17 Thread Mathieu Parent

Control: severity -1 important

Lowering severity as opencv 3.1 is still in experimental and
transition freeze has already happened.

Regards

-- 
Mathieu

Bug#841250: [Pkg-php-pecl] Bug#841250: php-facedetect: FTBFS: error with opencv 3.1

2016-10-20 Thread Mathieu Parent

2016-10-19 1:37 GMT+02:00 Nobuhiro Iwamatsu :
> Source: php-facedetect
> Version: 1.1.0+git20160406-2
> Severity: important
> Justification: fails to build from source
> Tags: patch
>
> Dear Maintainer,

Hello,

> I am scheduled to transition of opencv.
> This package is target to transition. I tested build with opencv 3.1.
> As a result, this FTBFS with opencv 3.1.
> Because libhighgui-dev and libcv-dev has been removed from opencv 3.1 package.
> We need to use libopencv-dev instead of these package. And currenct
> package disable
> support of opencv 3 by patches/0002-Revert-opencv3-support.patch.

I've local changes that work. The problem is it FTBFS opencv << 3.

Do you have more info on the expected date of fransition?

Regards

-- 
Mathieu

Bug#840298: [Pkg-samba-maint] Bug#840382: samba (2:4.4.6+dfsg-2) still crashes with libtevent0-0.31

2016-10-14 Thread Mathieu Parent

To the recipients:

Do you still have the problem when using latest packages from sid?

I cant' reproduce the problem anymore.

Thanks

Mathieu Parent

Bug#840382: [Pkg-samba-maint] Bug#840382: samba (2:4.4.6+dfsg-2) still crashes with libtevent0-0.31

2016-10-12 Thread Mathieu Parent

(please keep the bug in CC).

Hi,

2016-10-12 16:29 GMT+02:00 Rene Hogendoorn :
[...]
> Thanks for the quick response.
> Please, find a backtrace below.

Thanks

> Note, that there are several backtraces in the file because the daemon kept
> being restarted and, subsequently, failing.

yes systemd is restarting the service. Too fast IMO.

> I hope this will help you locating the issue.

This is strange, I'm not able to reproduce it anymore (since
4.4.6+dbsg-2). Are you sure that you upgraded all the samba packages?

Does nmbd crash too?

Regards
-- 
Mathieu

Bug#840382: [Pkg-samba-maint] Bug#840382: samba (2:4.4.6+dfsg-2) still crashes with libtevent0-0.31

2016-10-12 Thread Mathieu Parent

Hi,



2016-10-12 12:26 GMT+02:00 Rene Hogendoorn :
> samba (2:4.4.6+dfsg-2) still crashes with libtevent0-31; only downgrading to
> libtevent0-0.28 solves the crashes.
> Regards,

Can you provide the backtrace?

Thanks.

-- 
Mathieu

Bug#840298: marked as pending

2016-10-11 Thread Mathieu Parent

tag 840298 pending
thanks

Hello,

Bug #840298 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=b8d6c58

---
commit b8d6c5837cadc0acba0a05d15acf0578185f0974
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Wed Oct 12 05:53:49 2016 +0200

Release 2:4.4.6+dfsg-2

diff --git a/debian/changelog b/debian/changelog
index c63aa37..948addc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+samba (2:4.4.6+dfsg-2) unstable; urgency=high
+
+  * Remove uses of tevent internals. This fixes segfault.
+Closes: #840382, #840298.
+
+ -- Mathieu Parent <sath...@debian.org>  Wed, 12 Oct 2016 05:53:33 +0200
+
 samba (2:4.4.6+dfsg-1) unstable; urgency=medium
 
   * New upstream release.

Bug#840382: marked as pending

2016-10-11 Thread Mathieu Parent

tag 840382 pending
thanks

Hello,

Bug #840382 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=b8d6c58

---
commit b8d6c5837cadc0acba0a05d15acf0578185f0974
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Wed Oct 12 05:53:49 2016 +0200

Release 2:4.4.6+dfsg-2

diff --git a/debian/changelog b/debian/changelog
index c63aa37..948addc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+samba (2:4.4.6+dfsg-2) unstable; urgency=high
+
+  * Remove uses of tevent internals. This fixes segfault.
+Closes: #840382, #840298.
+
+ -- Mathieu Parent <sath...@debian.org>  Wed, 12 Oct 2016 05:53:33 +0200
+
 samba (2:4.4.6+dfsg-1) unstable; urgency=medium
 
   * New upstream release.

Bug#833164: marked as pending

2016-10-11 Thread Mathieu Parent

tag 833164 pending
thanks

Hello,

Bug #833164 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=c23bb08

---
commit c23bb08a9792d7c8662b8e3b09c9687552befdc0
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Sun Oct 9 22:09:41 2016 +0200

Changelog for previous commits

diff --git a/debian/changelog b/debian/changelog
index 5006399..ccf51da 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+samba (2:4.4.5+dfsg-4) UNRELEASED; urgency=medium
+
+  * Use epoch in samba-vfs-modules Breaks and Replaces (Closes: #833164)
+  * Only fix PIDFile in {nmbd,samba-ad-dc,smbd,winbind}.service (i.e. not
+ctdb.service) Closes: #838000.
+  * logrotate: Only reload smbd when needed. Thanks Roland Hieber.
+Closes: #838796.
+
+ -- Mathieu Parent <math.par...@gmail.com>  Sun, 09 Oct 2016 22:08:53 +0200
+
 samba (2:4.4.5+dfsg-3) unstable; urgency=medium
 
   [ Jelmer Vernooĳ ]

Bug#828137: marked as pending

2016-07-03 Thread Mathieu Parent

tag 828137 pending
thanks

Hello,

Bug #828137 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=92770f9

---
commit 92770f97ac9bae4d61264f381aec5559b15cf88c
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Mon Jun 27 21:38:19 2016 +0200

Changelog for previous commits and release 2:4.4.4+dfsg-2

diff --git a/debian/changelog b/debian/changelog
index 347a9c6..02eaf36 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+samba (2:4.4.4+dfsg-2) unstable; urgency=medium
+
+  * Mask samba-ad-dc.service unless needed (Closes: #828137)
+  * Fix kill path in systemd units (Closes: #828730)
+
+ -- Mathieu Parent <sath...@debian.org>  Mon, 27 Jun 2016 21:37:58 +0200
+
 samba (2:4.4.4+dfsg-1) unstable; urgency=medium
 
   * New upstream release.

Bug#828137: marked as pending

2016-06-29 Thread Mathieu Parent

tag 828137 pending
thanks

Hello,

Bug #828137 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=92770f9

---
commit 92770f97ac9bae4d61264f381aec5559b15cf88c
Author: Mathieu Parent <math.par...@gmail.com>
Date:   Mon Jun 27 21:38:19 2016 +0200

Changelog for previous commits and release 2:4.4.4+dfsg-2

diff --git a/debian/changelog b/debian/changelog
index 347a9c6..02eaf36 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+samba (2:4.4.4+dfsg-2) unstable; urgency=medium
+
+  * Mask samba-ad-dc.service unless needed (Closes: #828137)
+  * Fix kill path in systemd units (Closes: #828730)
+
+ -- Mathieu Parent <sath...@debian.org>  Mon, 27 Jun 2016 21:37:58 +0200
+
 samba (2:4.4.4+dfsg-1) unstable; urgency=medium
 
   * New upstream release.

Bug#828137: [Pkg-samba-maint] Bug#828137: samba does not install and fails to start

2016-06-25 Thread Mathieu Parent

Control: tag -1 + confirmed

Hi,

Thanks for reporting.

2016-06-25 12:45 GMT+02:00 Eric Valette <eric.vale...@free.fr>:
> Package: samba
> Version: 2:4.4.4+dfsg-1
> Severity: grave
> Justification: renders package unusable


> apt-get -f install
[...]
> juin 25 10:49:30 tri-yann4 systemd[1]: Starting Samba AD Daemon...
> -- Subject: L'unité (unit) samba-ad-dc.service a commencé à démarrer
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- L'unité (unit) samba-ad-dc.service a commencé à démarrer.
> juin 25 10:49:30 tri-yann4 systemd[1]: samba-ad-dc.service: Supervising 
> process 2930 which is not our child. We'll most likely not notice when it 
> exits.
> juin 25 10:49:30 tri-yann4 systemd[1]: samba-ad-dc.service: Main process 
> exited, code=exited, status=1/FAILURE
> juin 25 10:49:30 tri-yann4 systemd[1]: Failed to start Samba AD Daemon.
> -- Subject: L'unité (unit) samba-ad-dc.service a échoué
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- L'unité (unit) samba-ad-dc.service a échoué, avec le résultat failed.
> juin 25 10:49:30 tri-yann4 systemd[1]: samba-ad-dc.service: Unit entered 
> failed state.
> juin 25 10:49:30 tri-yann4 systemd[1]: samba-ad-dc.service: Failed with 
> result 'exit-code'.

I can reproduce the problem.

$ sudo systemctl status samba-ad-dc.service
Mot de passe [sudo] de mathieu :
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled;
vendor preset: enabled)
   Active: failed (Result: exit-code) since sam. 2016-06-25 19:07:12
CEST; 2h 15min ago
 Docs: man:samba(8)
   man:samba(7)
   man:smb.conf(5)
 Main PID: 20308 (code=exited, status=1/FAILURE)
   Status: "daemon failed to start: Samba detected misconfigured
'server role' and exited. Check logs for details"

juin 25 19:07:12 ultrathieu systemd[1]: Starting Samba AD Daemon...
juin 25 19:07:12 ultrathieu systemd[1]: samba-ad-dc.service:
Supervising process 20308 which is not our child. We'll most likely
not notice when it ex
juin 25 19:07:12 ultrathieu systemd[1]: samba-ad-dc.service: Main
process exited, code=exited, status=1/FAILURE
juin 25 19:07:12 ultrathieu systemd[1]: Failed to start Samba AD Daemon.
juin 25 19:07:12 ultrathieu systemd[1]: samba-ad-dc.service: Unit
entered failed state.
juin 25 19:07:12 ultrathieu systemd[1]: samba-ad-dc.service: Failed
with result 'exit-code'.


[2016/06/25 19:07:12.722665,  0] ../source4/smbd/server.c:472(binary_smbd_main)
  At this time the 'samba' binary should only be used for either:
  'server role = active directory domain controller' or to access the
ntvfs file server with 'server services = +smb' or the rpc proxy with
'dcerpc endpoint servers = remote'
  You should start smbd/nmbd/winbindd instead for domain member and
standalone file server tasks
[2016/06/25 19:07:12.723006,  0] ../lib/util/become_daemon.c:111(exit_daemon)
  STATUS=daemon failed to start: Samba detected misconfigured 'server
role' and exited. Check logs for details, error code 22

We need to replicate the init script snipset:
SERVER_ROLE=`samba-tool testparm --parameter-name="server
role"  2>/dev/null | tail -1`
if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
exit 0
fi

in the meantime, you can run:
$ sudo systemctl mask samba-ad-dc.service
$ sudo apt-get install -f

I still need to fix this in the package.

Regards

Mathieu Parent

Bug#825572: Uploaded to DELAYED/2

2016-06-07 Thread Mathieu Parent

2016-06-07 0:16 GMT+02:00 David Prévot <taf...@debian.org>:
> Hi Mathieu,

Hi David,

> On Mon, Jun 06, 2016 at 09:50:21PM +0200, Mathieu Parent wrote:
>
>> I've uploaded php-sabre-vobject (2.1.7-3) to DELAYED/2. to fix this RC
>
> Thanks for your update! No need to wait IMHO, so I just ran:
>
> dcut reschedule \
> --file=php-sabre-vobject_2.1.7-3_amd64.changes --days=0

thanks.

> FYI, there is now a buildd available for arch:all, so you could have
> simply dput the _source.changes without any binary package.

Yes I know. But I don't have yet a simple way to build this
_source.changes from "gbp buildpackage". how to ?



> Regards
>
> David

Cheers

-- 
Mathieu

Bug#825572: Uploaded to DELAYED/2

2016-06-06 Thread Mathieu Parent

 Hello David,

I've uploaded php-sabre-vobject (2.1.7-3) to DELAYED/2. to fix this RC

Cheers,
-- 
Mathieu Parent

Bug#822771: php-pear: Invalid argument supplied for foreach() in /usr/share/php/PEAR/Command.php on + XML Extension not found

2016-05-03 Thread Mathieu Parent

Control: severity -1 important

Downgrading severity as I can't reproduce.

Regards

Bug#822771: [pkg-php-pear] Bug#822771: php-pear: Invalid argument supplied for foreach() in /usr/share/php/PEAR/Command.php on + XML Extension not found

2016-04-28 Thread Mathieu Parent

Control: severity -1 major
Control: tag -1 + moreinfo unreproducible

2016-04-27 12:36 GMT+02:00 Ivan Sergio Borgonovo <ivan@gmail.com>:
> Package: php-pear
> Version: 1:1.10.1+submodules+notgz-8
> Severity: grave
> Justification: renders package unusable

Hi,

> I discovered I've the same problem described here:
> http://serverfault.com/questions/589877/pecl-command-produces-long-list-of-errors
> examining horde log files
>
> A long list of
> Invalid argument supplied for foreach() in /usr/share/pear/PEAR/...
> ending with


Can you send the complete log. I need at least the file and line number.

> PHP Warning:  require_once(/lib/Application.php): failed to open stream:
> No such file or directory in /usr/bin/horde-alarms on line 21
> PHP Fatal error:  require_once(): Failed opening required
> '/lib/Application.php' (include_path='.:/usr/share/php:') in
> /usr/bin/horde-alarms on line 21

How have you installed Horde? Using PEAR or apt?

What does aptitude search "php~i" outputs?

> This also seems to be related with some pear issue not setting horde_dir

What does pear config-get horde_dir outputs?

> Simply running
> pear list-all
> or any other pear command end up in the same list of
> Invalid argument supplied for foreach() in /usr/share/pear/PEAR/...
> ending with
> XML Extension not found

I can't reproduce.

> thanks
>
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')

You have a mix of php5 and php7. Ensure you have the corresponding
versions (for xml, ...)


> Versions of packages php-pear depends on:
> ii  php-common1:35
> ii  php-xml       1:7.0+35
> ii  php5.6-cli [php-cli]  5.6.18+dfsg-11
> ii  php7.0-xml [php-xml]  7.0.5-3

Regards


-- 
Mathieu Parent

Bug#819592: Can't complete horde webmail-install script

2016-04-07 Thread Mathieu Parent

Hi,

On Thu, 31 Mar 2016 01:43:51 +0300
=?UTF-8?B?0JXQstCz0LXQvdC40Lkg0JHQsNGF0YLQuNC9?=
<bahtin.ev...@gmail.com> wrote:
> Package: php-horde-webmail
> Version: 5.2.12-2
> Severity: grave
> Tags: sid
>
> I use only 'sid' repository. I install on 'clean' system.
> When I try to complete horde webmail installation with script
> 'webmail-install' I see this message:
>

I couldn't reproduce it.

As things are changing fast currently in sid (PHP7 transition), can
you try again?

The only problems I had are:
- PHP not enabled on Apache (#820282)
- Services_Weather had to be patched:
diff -ur /usr/share/php.orig/Services/Weather.php
/usr/share/php/Services/Weather.php
--- /usr/share/php.orig/Services/Weather.php2016-03-18
22:10:39.0 +
+++ /usr/share/php/Services/Weather.php2016-04-05 06:27:00.783244225 +
@@ -164,7 +164,7 @@

 // Create service and return
 $error = null;
-@$obj =  $classname($options, $error);
+@$obj = new $classname($options, $error);

 if (Services_Weather::isError($error)) {
     return $error;



Regards

Mathieu Parent

Bug#820094: [Pkg-php-pecl] Bug#820094: Doesn't support PHP 7

2016-04-05 Thread Mathieu Parent

2016-04-05 14:30 GMT+02:00 Ondřej Surý :
> Source: php-facedetect
> Version: 1.1.0+git20140717-2
> Severity: grave
>
> Dear maintainers,
>
> php-facedetect doesn't support PHP 7.0 and it should be either updated
> to have PHP 7.0 support (which doesn't support in upstream) or the
> package should be removed from the archive (I can fill the RM bug if
> you don't have time).

Keep it in sid only for now. I will dig into it once time permit.

Cheers
-- 
Mathieu

Bug#820091: [pkg-horde] Bug#820091: Switch from php-mongo to php-mongodb is needed

2016-04-05 Thread Mathieu Parent

2016-04-05 13:54 GMT+02:00 Ondřej Surý :
> Package: php-horde-mongo
> Version: 1.0.3-4
> Severity: grave
>
> Dear maintainers,

hello Ondřej,

> php-mongo is obsolete with PHP 7.0 and it's going to be removed from
> Debian unstable.

OK.

> This is RC bug to make sure that php-horde-mongo gets removed from
> testing, so we can remove php-mogno, and then gets updated to use the
> new mongodb extension packaged as php-mongodb.

No problem to have php-horde-mongodb removed from testing, it's a leaf package.

Just for my information, is there any plan to ship php-mongodb? Is the
API compatible?

> Cheers,

Cheers,

-- 
Mathieu

Bug#816205: tagging 816205

2016-03-30 Thread Mathieu Parent (Debian)

2016-03-28 14:44 GMT+02:00 Adam D. Barratt <a...@adam-barratt.org.uk>:
> On Mon, 2016-03-28 at 14:39 +0200, Mathieu Parent (Debian) wrote:
>> 2016-03-26 18:35 GMT+01:00 Adam D. Barratt <a...@adam-barratt.org.uk>:
>> > On Sat, 2016-03-26 at 17:14 +0100, Mathieu Parent wrote:
>> >> tags 816205 + jessie-ignore
>> >> thanks
>> >
>> > Was that discussed with anyone on the Release Team before the tag was
>> > added?
>>
>> No.I've done it to remove this bug from my UDD dashboard.
>
> I see. Please don't do that in future.

OK.

> The tags have a specific purpose (which isn't "I don't want to fix or
> see this in $release") and should only be set by, or with the agreement
> of, the Release Team. See the bolded sections of
> https://www.debian.org/Bugs/Developer#tags

OK

> Regards,
>
> Adam
>



-- 
Mathieu Parent

Bug#805222: [Pkg-php-pecl] Bug#805222: php-apcu: FTBFS: PHP Fatal error: Call to a member function getFilelist() on null

2016-03-12 Thread Mathieu Parent (Debian)

2016-03-12 22:30 GMT+01:00 Mathieu Parent (Debian) <sath...@debian.org>:
> ... About the FTBFS of PECL extensions...
[...]
> $ git bisect visualize
> commit 4a66490bdecd5e4ec2b8213e89a6e40aaa18975e
> Author: Christian Weiske <cwei...@cweiske.de>
> Date:   Mon Feb 9 23:26:33 2015 +0100
>
> Fix for PHP 7: Replace "" with "new" (new-by-reference)

And the following patch fix the FTBFS:

diff --git a/PEAR/Config.php b/PEAR/Config.php
index 5b3f1e2..7b21726 100644
--- a/PEAR/Config.php
+++ b/PEAR/Config.php
@@ -2119,10 +2119,10 @@ class PEAR_Config extends PEAR
 if ($layer == 'ftp' || !isset($this->_registry[$layer])) {
 continue;
 }
-$this->_registry[$layer] =
-new PEAR_Registry(
+$r = new PEAR_Registry(
 $this->get('php_dir', $layer,
'pear.php.net'), false, false,
 $this->get('metadata_dir', $layer, 'pear.php.net'));
+$this->_registry[$layer] = &$r;
 $this->_registry[$layer]->setConfig($this, false);
 $this->_regInitialized[$layer] = false;
 }
(still php 5.6)

Regards


-- 
Mathieu Parent

Bug#805222: [Pkg-php-pecl] Bug#805222: php-apcu: FTBFS: PHP Fatal error: Call to a member function getFilelist() on null

2016-03-12 Thread Mathieu Parent (Debian)

... About the FTBFS of PECL extensions...

2015-12-08 12:21 GMT+01:00 Ondřej Surý <ond...@sury.org>:
> JFTR this is not a correct fix and we need upstream to fix that, because
> there are two different approaches of handling packagingroot at
> different places and this is the main reason why it's causing the
> errors.
>
> PEAR_Command_Install is directly mangling the variables (channelsdir,
> etc.), but the code below resets this to default value by calling
> PEAR_Config::setInstallRoot($options['packagingroot']) followed by
> PEAR_Config::setInstallRoot(false). This needs to be made consistent.

Hello,

Bisecting lead to the following commit:

$ git bisect visualize
commit 4a66490bdecd5e4ec2b8213e89a6e40aaa18975e
Author: Christian Weiske <cwei...@cweiske.de>
Date:   Mon Feb 9 23:26:33 2015 +0100

Fix for PHP 7: Replace "" with "new" (new-by-reference)

I've attached the used bissect script.

Disclamier, I'm still using php 5.6.

-- 
Mathieu Parent


bisect.sh
Description: Bourne shell script

Bug#814809: [pkg-php-pear] Bug#814809: Moving forward with the PHP 7.0 transition [Was: phing depends on php5-xdebug, which is not available anymore]

2016-03-02 Thread Mathieu Parent

2016-02-22 20:43 GMT+01:00 Mathieu Parent <math.par...@gmail.com>:
[...]
> i.e we need php-pear to pass NEW (which include the needed fix |1])

Now that php-pear is in sid, I've uploaded newer pkg-php-tools.

Remaining lintian warnings:
E: pkg-php-tools: php-script-but-no-phpX-cli-dep usr/bin/pkgtools
E: pkg-php-tools: php-script-but-no-phpX-cli-dep
usr/share/pkg-php-tools/scripts/phppkginfo


Also, the phpunit tests need to be fixed.

Regards

-- 
Mathieu

Bug#816184: [pkg-horde] Bug#816184: php-horde-memcache depends on package that is no longer built.

2016-02-28 Thread Mathieu Parent

2016-02-28 14:45 GMT+01:00 peter green :
> Package: php-horde-memcache
> Version: 2.0.7-3
> Severity: serious


Hi,


> php-horde-memcache depends on php5-memcache which is no longer built by the
> php-memcache source package.
>
> Ubuntu seems to indicate that a no-change rebuild is enough to fix this.

This kind of bug merely affect all php packages. Please don't file
those bug reports before the PHP7 transition is finished.

Thanks

-- 
Mathieu

Bug#813406: WIP (was: Fwd: Proposed changes to jessie)

2016-02-24 Thread Mathieu Parent

Hello,

I've proposed the changes to -security, without response yet.

See below.

-- Forwarded message --
From: Mathieu Parent <math.par...@gmail.com>
Date: 2016-02-24 22:24 GMT+01:00
Subject: Re: Proposed changes to jessie
To: t...@security.debian.org


2016-02-04 15:04 GMT+01:00 Mathieu Parent <math.par...@gmail.com>:
> Hello,

Pinging again.

> I have prepared security fixes for two Horde packages:
> - php-horde: https://bugs.debian.org/813573#26 XSS vulnerability in menu bar
Debdiff at: 
http://anonscm.debian.org/cgit/pkg-horde/PEAR/php-horde.git/diff/?id2=47c6d6e6ad0836d657eee75e36ef8dbd19c843d2=112b45b0403df87828e6cd620eb0e3d4fc3c7fa9

> - php-horde-core: https://bugs.debian.org/813590#23 XSS in
> Horde_Core_VarRenderer_Html
Debdiff at: 
http://anonscm.debian.org/cgit/pkg-horde/PEAR/php-horde-core.git/diff/?id2=d79e0d5424ba76351cde56701e061f91d241ec09=a98c8cb02edaaa0378771a7f21855aaafc883785

>
> Can I upload the two packages (this is already fixed in sid)?

Waiting for your answer.

> I have also prepared a ctdb regression update, which fix CTDB behavior
> under Linux after the fix for CVE-2015-8543:
> - https://bugs.debian.org/813406#25 ctdb, raw sockets and CVE-2015-8543

See 
http://anonscm.debian.org/cgit/pkg-samba/ctdb.git/commit/?h=debian-jessie=ec4e506686578cdf13b36ce18ec98cc5307b4e64

> Can I upload it?

Same.

> Can I make the same to wheezy once jessie is uploaded?

Same.

I think keeping those issues in place is not good.

Regards
--
Mathieu Parent

1 2 3 >

1 - 100 of 230 matches

Mail list logo