Bug#931199: unblock: freeorion/0.4.8-3

[Markus Koschany]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package freeorion

Freeorion crashed when someone tried to load or save a game. We
believe this issue was resolved in version 0.4.8-3 and it would be
great if we could release Buster with this version.
This is Debian bug #930417.

Thanks,

Markus

unblock freeorion/0.4.8-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
diff -Nru freeorion-0.4.8/debian/changelog freeorion-0.4.8/debian/changelog
--- freeorion-0.4.8/debian/changelog2018-08-31 17:09:10.0 +0200
+++ freeorion-0.4.8/debian/changelog2019-06-23 01:52:26.0 +0200
@@ -1,3 +1,16 @@
+freeorion (0.4.8-3) unstable; urgency=medium
+
+  * Really fix save or load game crash. (Closes: #930417)
+
+ -- Markus Koschany   Sun, 23 Jun 2019 01:52:26 +0200
+
+freeorion (0.4.8-2) unstable; urgency=medium
+
+  * Fix save or load game crash. Thanks to Michal Mauser for the report and
+Bernhard Übelacker for the investigation. (Closes: #930417)
+
+ -- Markus Koschany   Sun, 16 Jun 2019 01:02:41 +0200
+
 freeorion (0.4.8-1) unstable; urgency=medium
 
   * New upstream version 0.4.8.
diff -Nru freeorion-0.4.8/debian/patches/debian-bug-930417.patch 
freeorion-0.4.8/debian/patches/debian-bug-930417.patch
--- freeorion-0.4.8/debian/patches/debian-bug-930417.patch  1970-01-01 
01:00:00.0 +0100
+++ freeorion-0.4.8/debian/patches/debian-bug-930417.patch  2019-06-23 
01:52:26.0 +0200
@@ -0,0 +1,147 @@
+From: Markus Koschany 
+Date: Sun, 16 Jun 2019 01:10:41 +0200
+Subject: debian-bug-930417
+
+Bug-Debian: https://bugs.debian.org/930417
+Origin: 
https://github.com/freeorion/freeorion/pull/2366/commits/1e94e406fa309c60c4b68ef08b424b65a7bd0e4d
+---
+ server/SaveLoad.cpp | 70 +
+ 1 file changed, 39 insertions(+), 31 deletions(-)
+
+diff --git a/server/SaveLoad.cpp b/server/SaveLoad.cpp
+index ecb73a3..37614d7 100644
+--- a/server/SaveLoad.cpp
 b/server/SaveLoad.cpp
+@@ -333,8 +333,13 @@ void LoadGame(const std::string& filename, 
ServerSaveGameData& server_save_game_
+ if (!ifs)
+ throw std::runtime_error(UNABLE_TO_OPEN_FILE);
+ 
+-try {
+-// first attempt binary deserialziation
++std::string signature(5, '\0');
++if (!ifs.read([0], 5))
++throw std::runtime_error(UNABLE_TO_OPEN_FILE);
++boost::iostreams::seek(ifs, 0, std::ios_base::beg);
++
++if (strncmp(signature.c_str(), "> BOOST_SERIALIZATION_NVP(ignored_save_preview_data);
+@@ -350,14 +355,10 @@ void LoadGame(const std::string& filename, 
ServerSaveGameData& server_save_game_
+ Deserialize(ia, universe);
+ 
+ DebugLogger() << "Done deserializing";
+-} catch (...) {
+-// if binary deserialization failed, try more-portable XML 
deserialization
+-
+-// reset to start of stream (attempted binary serialization will 
have consumed some input...)
+-boost::iostreams::seek(ifs, 0, std::ios_base::beg);
+-
++} else {
+ // create archive with (preallocated) buffer...
+ freeorion_xml_iarchive xia(ifs);
++DebugLogger() << "Reading XML iarchive";
+ // read from save file: uncompressed header serialized data, with 
compressed main archive string at end...
+ // deserialize uncompressed save header info
+ xia >> BOOST_SERIALIZATION_NVP(ignored_save_preview_data);
+@@ -458,18 +459,21 @@ void LoadGalaxySetupData(const std::string& filename, 
GalaxySetupData& galaxy_se
+ if (!ifs)
+ throw std::runtime_error(UNABLE_TO_OPEN_FILE);
+ 
+-try {
+-// first attempt binary deserialziation
++std::string signature(5, '\0');
++if (!ifs.read([0], 5))
++throw std::runtime_error(UNABLE_TO_OPEN_FILE);
++boost::iostreams::seek(ifs, 0, std::ios_base::beg);
++
++if (strncmp(signature.c_str(), "> BOOST_SERIALIZATION_NVP(ignored_save_preview_data);
+ ia >> BOOST_SERIALIZATION_NVP(galaxy_setup_data);
+ 
+-} catch(...) {
+-// if binary deserialization failed, try more-portable XML 
deserialization
+-
+-// reset to start of stream (attempted binary serialization will 
have consumed some input...)
+-boost::iostreams::seek(ifs, 0, std::ios_base::beg);
++} else {
++DebugLogger() << "Attempting XML deserialization...";
+ freeorion_xml_iarchive ia(ifs);
+ 
+ ia >> BOOST_SERIALIZATION_NVP(ignored_save_preview_data);
+@@ -498,8 +502,13 @@ void 

Bug#931198: unblock: warzone2100/3.2.1-4

[Markus Koschany]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package warzone2100

A segmentation fault was discovered in warzone2100 when someone tries
to host a new multiplayer game. It would be great if we still could get this
into Buster. This is Debian bug #930942.

Regards,

Markus

unblock warzone2100/3.2.1-4

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
diff -Nru warzone2100-3.2.1/debian/changelog warzone2100-3.2.1/debian/changelog
--- warzone2100-3.2.1/debian/changelog  2018-02-24 00:51:59.0 +0100
+++ warzone2100-3.2.1/debian/changelog  2019-06-26 06:49:41.0 +0200
@@ -1,3 +1,13 @@
+warzone2100 (3.2.1-4) unstable; urgency=medium
+
+  * Team upload.
+  * Move the package to salsa.debian.org.
+  * Fix segmentation fault upon multiplayer "Start Hosting Game"
+Thanks to Phil Morrell for the report and Bernhard Übelacker for the patch.
+(Closes: #930942)
+
+ -- Markus Koschany   Wed, 26 Jun 2019 06:49:41 +0200
+
 warzone2100 (3.2.1-3) unstable; urgency=medium
 
   * Team upload.
diff -Nru warzone2100-3.2.1/debian/control warzone2100-3.2.1/debian/control
--- warzone2100-3.2.1/debian/control2018-02-24 00:51:59.0 +0100
+++ warzone2100-3.2.1/debian/control2019-06-26 06:49:41.0 +0200
@@ -41,8 +41,8 @@
  zip
 Standards-Version: 4.1.3
 Homepage: http://www.wz2100.net/
-Vcs-Svn: svn://anonscm.debian.org/pkg-games/packages/trunk/warzone2100/
-Vcs-Browser: 
https://anonscm.debian.org/viewvc/pkg-games/packages/trunk/warzone2100/
+Vcs-Git: https://salsa.debian.org/games-team/warzone2100.git
+Vcs-Browser: https://salsa.debian.org/games-team/warzone2100
 
 Package: warzone2100
 Architecture: any
diff -Nru 
warzone2100-3.2.1/debian/patches/0001-Avoid-calling-EC_KEY_dup-with-null-pointer.patch
 
warzone2100-3.2.1/debian/patches/0001-Avoid-calling-EC_KEY_dup-with-null-pointer.patch
--- 
warzone2100-3.2.1/debian/patches/0001-Avoid-calling-EC_KEY_dup-with-null-pointer.patch
  1970-01-01 01:00:00.0 +0100
+++ 
warzone2100-3.2.1/debian/patches/0001-Avoid-calling-EC_KEY_dup-with-null-pointer.patch
  2019-06-26 06:49:41.0 +0200
@@ -0,0 +1,30 @@
+Description: Avoid calling EC_KEY_dup with null pointer
+
+Author: Bernhard Übelacker 
+Bug-Debian: https://bugs.debian.org/930942
+Forwarded: no
+Last-Update: 2019-06-24
+
+--- warzone2100-3.2.1.orig/lib/framework/crc.cpp
 warzone2100-3.2.1/lib/framework/crc.cpp
+@@ -245,7 +245,9 @@ EcKey::EcKey()
+ 
+ EcKey::EcKey(EcKey const )
+ {
+-  vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey);
++  vKey = nullptr;
++  if (!b.empty())
++  vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey);
+ }
+ 
+ EcKey::EcKey(EcKey &)
+@@ -262,7 +264,8 @@ EcKey::~EcKey()
+ EcKey ::operator =(EcKey const )
+ {
+   clear();
+-  vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey);
++  if (!b.empty())
++  vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey);
+   return *this;
+ }
+ 
diff -Nru warzone2100-3.2.1/debian/patches/series 
warzone2100-3.2.1/debian/patches/series
--- warzone2100-3.2.1/debian/patches/series 2018-02-24 00:51:59.0 
+0100
+++ warzone2100-3.2.1/debian/patches/series 2019-06-26 06:49:41.0 
+0200
@@ -8,3 +8,4 @@
 quickstartguide.patch
 openssl-1.1.patch
 miniupnpc-api.patch
+0001-Avoid-calling-EC_KEY_dup-with-null-pointer.patch

Bug#931186: unblock: init-system-helpers/1.57

[Michael Biebl]

debdiff attached

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
diff -Nru init-system-helpers-1.56+nmu1/debian/changelog 
init-system-helpers-1.57/debian/changelog
--- init-system-helpers-1.56+nmu1/debian/changelog  2018-12-04 
00:10:03.0 +0100
+++ init-system-helpers-1.57/debian/changelog   2019-06-21 20:56:55.0 
+0200
@@ -1,9 +1,11 @@
-init-system-helpers (1.56+nmu1) unstable; urgency=medium
+init-system-helpers (1.57) unstable; urgency=medium
 
-  * Non-maintainer upload.
-  * Add `runit-init' as alternative pre-dependency (Closes: #838480)
+  [ Dmitry Bogatov ]
+  * Document that `service` does not check /usr/sbin/policy-rc.d.
+It is an administrator interface, so it is meant to be able to start
+disabled services. (Closes: #656081)
 
- -- Dmitry Bogatov   Mon, 03 Dec 2018 23:10:03 +
+ -- Michael Biebl   Fri, 21 Jun 2019 20:56:55 +0200
 
 init-system-helpers (1.56) unstable; urgency=medium
 
diff -Nru init-system-helpers-1.56+nmu1/debian/rules 
init-system-helpers-1.57/debian/rules
--- init-system-helpers-1.56+nmu1/debian/rules  2018-12-04 00:10:03.0 
+0100
+++ init-system-helpers-1.57/debian/rules   2019-06-21 20:56:55.0 
+0200
@@ -35,7 +35,7 @@
if dpkg-vendor --derives-from ubuntu; then \
dh_gencontrol -- -Valt:sysvinit=""; \
else \
-   dh_gencontrol -- -Valt:sysvinit="| sysvinit-core | runit-init"; 
\
+   dh_gencontrol -- -Valt:sysvinit="| sysvinit-core"; \
fi
 
 %:
diff -Nru init-system-helpers-1.56+nmu1/man8/service.rst 
init-system-helpers-1.57/man8/service.rst
--- init-system-helpers-1.56+nmu1/man8/service.rst  2018-11-22 
00:15:24.0 +0100
+++ init-system-helpers-1.57/man8/service.rst   2019-06-21 20:56:55.0 
+0200
@@ -50,7 +50,8 @@
 All scripts should support at least the ``start`` and ``stop`` commands.
 As a special case, if *COMMAND* is ``--full-restart``, the script is run
 twice, first with the ``stop`` command, then with the ``start``
-command.
+command. Note, that unlike ``update-rc.d``\(8\), ``service`` does not
+check ``/usr/sbin/policy-rc.d``.
 
 ``service --status-all`` runs all init scripts, in alphabetical order, with
 the ``status`` command. The status is [ + ] for running services, [ - ] for

Bug#931186: unblock: init-system-helpers/1.57

[Michael Biebl]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

I know this is unblock request is rather late, apologies for that.

The current version of init-system-helpers in buster has a change which
was not acked by its maintainers.
The bug submitter ignored that feedback and NMUed the package anyway.

Not adding runit-init as alternative means, that when installing
runit-init, dpkg/apt will prompt you, if you really want to do that
change. Given the experience I and Martin Pitt had, when evaluating
runit, this is probably not a bad thing.
After all, the init meta package is merely a safety net to prevent users
from shooting themselves in the foot. The init meta-package doesn't
provide any functionality and serves no other purpose otherwise.

I've seen that [1] was just filed, I hope this doesn't block testing
migration

Regards,
Michael

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931181

unblock init-system-helpers/1.57

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#931143: marked as done (unblock: neovim/0.3.4-3)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 19:46:38 +0200
with message-id 
and subject line Re: Bug#931143: unblock: neovim/0.3.4-3
has caused the Debian Bug report #931143,
regarding unblock: neovim/0.3.4-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931143: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931143
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package neovim

This upload contains the rest of the fixes needed to address
CVE-2019-12735/#930024.

unblock neovim/0.3.4-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for neovim-0.3.4 neovim-0.3.4

 changelog   |   28 
 patches/0001-debcherry-fixup-patch.patch| 1066 
++
 patches/0001-vim-patch-8.1.1365-source-should-check-sandbox-10082.patch |   36 
 patches/0002-vim-patch-8.1.1365-source-should-check-sandbox-10082.patch |   36 
 patches/0003-vim-patch-8.1.0177-defining-function-in-sandbox-is-i.patch |  104 
 patches/0004-vim-patch-8.1.0189-function-defined-in-sandbox-not-t.patch |   41 
 patches/0005-vim-patch-8.1.0206-duplicate-test-function-name.patch  |   35 
 patches/0006-vim-patch-8.1.1382-error-when-editing-test-file.patch  |   59 
 patches/0007-eval-api-don-t-allow-the-API-to-be-called-in-the-san.patch |   57 
 patches/series  |8 
 10 files changed, 1433 insertions(+), 37 deletions(-)

diff -Nru neovim-0.3.4/debian/changelog neovim-0.3.4/debian/changelog
--- neovim-0.3.4/debian/changelog   2019-06-05 21:38:14.0 -0400
+++ neovim-0.3.4/debian/changelog   2019-06-26 21:21:33.0 -0400
@@ -1,3 +1,31 @@
+neovim (0.3.4-3) unstable; urgency=high
+
+  * Backport additional changes to address CVE-2019-12735 (Closes: #930024)
++ vim-patch:8.1.0177: defining function in sandbox is inconsistent
++ vim-patch:8.1.0189: function defined in sandbox not tested
++ vim-patch:8.1.0538: evaluating a modeline might invoke using a shell
+  command
++ vim-patch:8.1.0539: cannot build without the sandbox
++ vim-patch:8.1.0540: may evaluate insecure value when appending to option
++ vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error
++ vim-patch:8.1.0613: when executing an insecure function the secure flag
+  is stuck
++ vim-patch:8.1.1046: the "secure" variable is used inconsistently
++ vim-patch:8.1.0205: invalid memory access with invalid modeline
++ vim-patch:8.1.0206: duplicate test function name
++ vim-patch:8.1.0506: modeline test fails when run by root
++ vim-patch:8.1.0546: modeline test with keymap fails
++ vim-patch:8.1.0547: modeline test with keymap still fails
++ vim-patch:8.1.1366: using expressions in a modeline is unsafe
++ vim-patch:8.1.1367: can set 'modelineexpr' in modeline
++ vim-patch:8.1.1368: modeline test fails with python but without
+  pythonhome
++ vim-patch:8.1.1382: error when editing test file
++ vim-patch:8.1.1401: misspelled mkspellmem as makespellmem
+  * Backport patch to prevent use of nvim's API within the sandbox
+
+ -- James McCoy   Wed, 26 Jun 2019 21:21:33 -0400
+
 neovim (0.3.4-2) unstable; urgency=high
 
   [ Efraim Flashner ]
diff -Nru neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch 
neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch
--- neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch
1969-12-31 19:00:00.0 -0500
+++ neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch
2019-06-26 21:21:33.0 -0400
@@ -0,0 +1,1066 @@
+From d39c384696e94bd8cb4a8830f0ec2e801619a970 Mon Sep 17 00:00:00 2001
+From: James McCoy 
+Date: Wed, 26 Jun 2019 21:32:44 -0400
+Subject: [PATCH 1/7] debcherry fixup patch
+
+ed179f931 vim-patch:8.1.1401: misspelled mkspellmem as makespellmem
+- no changes against upstream or conflicts
+41a3ff9fe vim-patch:8.1.1368: modeline test fails with python but without 
pythonhome
+   

Re: Bug#931052: unblock: webkit2gtk/2.24.2-2

[Alberto Garcia]

On Thu, Jun 27, 2019 at 03:26:32PM +0300, Adrian Bunk wrote:

> > We like to support non-sse2 on i386, but we are not comfortable
> > fixing webkit2gtk at this stage of the release.
> 
> Why is this relatively small change a problem in a package where new
> upstream versions are permitted after the release of stable?

I'll try to explain again with more detail so we all understand the
nature of the proposed changes.

- WebKitGTK has several mechanisms to run JavaScript code, in brief: a
  C-based interpreter (CLoop), an assembler-based interpreter and a
  JIT compiler.

- CLoop is the slowest but it is portable and runs in all platforms.
  It's the one selected at build time when the CPU is unsupported or
  unknown.

- The other two generate CPU-specific code. In an effort to simplify
  them upstream took recently the decision to stop supporting i386
  processors without SSE2 instructions.

- Because of that, WebKitGTK 2.24.1 added a build-time check to detect
  if the compiler can generate SSE2 instructions. For the Debian case
  I had to add -msse2 -mfpmath=sse to CFLAGS, as suggested by
  upstream.

- The consequence of this is that GCC generates SSE2 instructions when
  appropriate when compiling regular C/C++ code, causing crashes like
  the one previously reported.

- However, and this is the part that I originally overlooked, only the
  C-based interpreter is working at the moment in i386. The other two
  are less actively maintained for i386, and stopped working after
  some big changes upstream in the last few months.
  
- So it is possible to remove the compile-time check for SSE2 and
  build the package without those flags in i386.

What this all means is that the only real difference between
webkit2gtk 2.24.2-1 (in buster) and 2.24.2-2 (in sid) is that, for
i386, the former is compiled with -msse2 -mfpmath=sse and the latter
is not. So for floating point operations the former uses SSE2 and the
latter uses x87. This produces some differences in rounding in some
corner cases which could have user-visible consequences.

We don't know when it is going to happen, but once upstream brings
back JIT support to i386 again we would have to make the decision to
either:

 a) keep using CLoop in order to remain compatible with non-SSE2 CPUs
(conservative approach, I'd probably support this one).
 
 b) think of a way to support both sets of users so those with more
modern processors can benefit from the additional performance of
the JIT compiler. This could involve using e.g. /usr/lib/sse2/ for
those binaries.

I hope this clarifies the situation.

Berto

Bug#931086: marked as done (bro/2.5.5-1+deb10u1 buster upload?)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 17:47:48 +0200
with message-id <20190627154746.vcjavvfubub3l...@debian.org>
and subject line Re: bro/2.5.5-1+deb10u1 buster upload?
has caused the Debian Bug report #931086,
regarding bro/2.5.5-1+deb10u1 buster upload?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931086
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal

bro/2.5.5-1 (unstable, testing) is affected by CVE-2018-16807,
CVE-2018-17019 (#908614, #908779) and bro/2.6.1+ds1-1 is still sitting
in NEW.

May I upload bro/2.5.5-1+deb10u1 to buster?

I have attached a debdiff.

Cheers,
-Hilko

diff -Nru bro-2.5.5/debian/changelog bro-2.5.5/debian/changelog
--- bro-2.5.5/debian/changelog	2019-06-25 21:26:53.0 +0200
+++ bro-2.5.5/debian/changelog	2018-09-05 16:05:40.0 +0200
@@ -1,10 +1,3 @@
-bro (2.5.5-1+deb10u1) buster; urgency=medium
-
-  * Add patches for CVE-2018-16807, CVE-2018-17019 (Closes: #908614,
-#908779)
-
- -- Hilko Bengen   Tue, 25 Jun 2019 21:26:53 +0200
-
 bro (2.5.5-1) unstable; urgency=medium
 
   * New upstream version 2.5.5
diff -Nru bro-2.5.5/debian/patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch bro-2.5.5/debian/patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch
--- bro-2.5.5/debian/patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch	2019-06-25 21:26:53.0 +0200
+++ bro-2.5.5/debian/patches/0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch	1970-01-01 01:00:00.0 +0100
@@ -1,38 +0,0 @@
-From: Jon Siwek 
-Date: Mon, 10 Sep 2018 18:06:07 -0500
-Subject: Fix potential memory leak in Kerberos scripts
-
-Reported by Maksim Shudrak.
-

-
-Stripped files:
- testing/btest/Traces/krb/optional-service-name.pcap
- testing/btest/core/leaks/krb-service-name.test
-

-
-diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.bro
-index 02abced..9621378 100644
 a/scripts/base/protocols/krb/main.bro
-+++ b/scripts/base/protocols/krb/main.bro
-@@ -140,7 +140,8 @@ event krb_as_request(c: connection, msg: KDC_Request) =5
- 
- 	c$krb$request_type = "AS";
- 	c$krb$client   = fmt("%s/%s", msg?$client_name ? msg$client_name : "", msg$service_realm);
--	c$krb$service  = msg$service_name;
-+	if ( msg?$service_name )
-+		c$krb$service  = msg$service_name;
- 
- 	if ( msg?$from )
- 		c$krb$from = msg$from;
-@@ -183,7 +184,8 @@ event krb_tgs_request(c: connection, msg: KDC_Request) =5
- 		return;
- 
- 	c$krb$request_type = "TGS";
--	c$krb$service = msg$service_name;
-+	if ( msg?$service_name )
-+		c$krb$service = msg$service_name;
- 	if ( msg?$from ) 
- 		c$krb$from = msg$from;
- 	c$krb$till = msg$till;
diff -Nru bro-2.5.5/debian/patches/0007-Fix-IRC-names-command-parsing.patch bro-2.5.5/debian/patches/0007-Fix-IRC-names-command-parsing.patch
--- bro-2.5.5/debian/patches/0007-Fix-IRC-names-command-parsing.patch	2019-06-25 21:24:57.0 +0200
+++ bro-2.5.5/debian/patches/0007-Fix-IRC-names-command-parsing.patch	1970-01-01 01:00:00.0 +0100
@@ -1,35 +0,0 @@
-From: Jon Siwek 
-Date: Wed, 12 Sep 2018 19:47:57 -0500
-Subject: Fix IRC names command parsing
-

-
-Stripped files:
- testing/btest/Traces/irc-353.pcap
- testing/btest/scripts/base/protocols/irc/names-weird.bro
- testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log
-

-
-diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc
-index a26045f..de8846c 100644
 a/src/analyzer/protocol/irc/IRC.cc
-+++ b/src/analyzer/protocol/irc/IRC.cc
-@@ -252,14 +252,15 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
- 			{
- 			vector parts = SplitWords(params, ' ');
- 
--			// Remove nick name.
--			parts.erase(parts.begin());
--			if ( parts.size() < 2 )
-+			if ( parts.size() < 3 )
- {
- Weird("irc_invalid_names_line");
- return;
- }
- 
-+			// Remove nick name.
-+			parts.erase(parts.begin());
-+
- 			string type = parts[0];
- 			string channel = parts[1];
diff -Nru bro-2.5.5/debian/patches/series bro-2.5.5/debian/patches/series
--- bro-2.5.5/debian/patches/series	2019-05-11 00:56:50.0 +0200
+++ bro-2.5.5/debian/patches/series	2018-06-17 12:44:48.0 +0200
@@ -3,5 +3,3 @@
 0003-Fix-btest-paths.patch
 0004-Port-most-of-bro-to-OpenSSL-1.1.patch
 0005-Disable-OCSP-features-that-can-t-yet-be-ported-to-Op.patch
-0006-Fix-potential-memory-leak-in-Kerberos-scripts.patch
-0007-Fix-IRC-names-command-parsing.patch

Bug#930637: unblock: monit/1:5.25.2-3+deb10u1

[Sergey B Kirpichev]

On Thu, Jun 27, 2019 at 01:40:42PM +0200, Paul Gevers wrote:
> We're sorry, but we'll be removing monit from buster shortly.

Thanks for a great release menagement!

Bug#929011: unblock: singularity-container/3.1.1+ds-1

[Afif Elghraoui]

Control: reopen -1

On June 27, 2019 9:06:41 AM EDT, Afif Elghraoui  wrote:
>
>
>On June 27, 2019 5:47:28 AM EDT, Ivo De Decker 
>wrote:
>>Hi,
>>> 
>>> So I think the two options we have is (in order of preference): 1.
>>> unblock singularity-container and let the 3.1 based version in to
>>> buster, or 2. remove singularity-container from buster.
>>
>>It's really too late for option 1. Sorry.
>>
>>I added a removal hint.
>>
>
>This request was not just filed recently. I don't understand why I'm
>being penalized for this being late--the version requested for
>unblocking as been in unstable for 43 days with no new bugs. And it's
>also a leaf package.
>
>Please reconsider.
>

I at least want to know what I could have done because, from my perspective, I 
did everything in my power to do this as quickly as possible. At the time I 
made the request, the buster release date had not yet even been set. I followed 
up on the docker bugs and offered to help and was told by the maintainer it was 
under control.

The singularity community was really looking forward to having the package in 
Debian Stable this time around.

regards
Afif

Processed: Re: Bug#929011: unblock: singularity-container/3.1.1+ds-1

[Debian Bug Tracking System]

Processing control commands:

> reopen -1
Bug #929011 {Done: Ivo De Decker } [release.debian.org] 
unblock: singularity-container/3.1.1+ds-1
Bug reopened
Ignoring request to alter fixed versions of bug #929011 to the same values 
previously set

-- 
929011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#931176: unblock: debian-cd/3.1.25

[Steve McIntyre]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-cd

This is the customary late-in-release upload so that we have the code
that we're already using from git packaged up in the release. As such,
all the code changes have already been tested and used in (for
example) the buster d-i RC2 release this week.

The debdiff command line includes several excludes for the sake of
diff size:

 * Debian-edu-full is a full package list used for the debian-edu image
   builds
 * kali-dev/kali-rolling/sid are symlinks which just add noise to the
   debdiff. Would be nice to maybe have a --no-dereference option like
   for normal diff?

debdiff attached compared to 3.1.23

unblock debian-cd/3.1.25

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for debian-cd-3.1.23 debian-cd-3.1.25

 CONF.sh   |5 -
 Makefile  |3 
 contrib/HEADER.html.in|   15 +--
 contrib/cronjob.daily |   14 ++-
 contrib/cronjob.weekly|   33 ++-
 contrib/ftp.cron  |4 
 contrib/iso_run   |2 
 contrib/testingcds|7 +
 data/buster/exclude-udebs-amd64   |3 
 data/buster/exclude-udebs-i386|4 
 data/buster/grub-theme.in |   25 +++--
 data/buster/hl_c.png  |binary
 debian/changelog  |   40 +
 tools/boot/buster/boot-arm-common |   46 --
 tools/boot/buster/boot-arm64  |   61 +++---
 tools/boot/buster/boot-armel  |   37 
 tools/boot/buster/boot-armhf  |  137 +++
 tools/boot/buster/boot-ia64   |  118 ++-
 tools/boot/buster/boot-powerpc|  164 +++---
 tools/boot/buster/boot-ppc64  |   89 
 tools/boot/buster/boot-sparc  |  129 ++---
 tools/boot/buster/boot-sparc64|  129 ++---
 tools/boot/buster/boot-x86|   48 +++
 tools/boot/buster/common.sh   |   39 +
 tools/buster/installtools.sh  |6 -
 tools/generate_di+k_list  |   18 +---
 tools/jigdo_cleanup   |   18 ++--
 tools/make_disc_trees.pl  |   15 ---
 tools/start_new_disc  |   22 -
 29 files changed, 740 insertions(+), 491 deletions(-)

diff -Nru --exclude Debian-edu-full --exclude kali-dev --exclude kali-rolling 
--exclude sid debian-cd-3.1.23/CONF.sh debian-cd-3.1.25/CONF.sh
--- debian-cd-3.1.23/CONF.sh2019-01-13 17:19:53.0 +
+++ debian-cd-3.1.25/CONF.sh2019-06-26 18:26:02.0 +0100
@@ -232,10 +232,7 @@
 # DLDVD: standard 8.5 GB dual-layer DVD
 # BD:standard 25 GB blu-ray
 # DLBD:  standard 50 GB dual-layer blu-ray
-# STICK1GB:  1GB USB stick or similar
-# STICK2GB:  2GB USB stick or similar
-# STICK4GB:  4GB USB stick or similar
-# STICK8GB:  8GB USB stick or similar
+# STICKGB:GB USB stick or similar
 # CUSTOM:up to you - specify a size to go with it (in 2K blocks)
 export DISKTYPE=CD
 #export DISKTYPE=CUSTOM
diff -Nru --exclude Debian-edu-full --exclude kali-dev --exclude kali-rolling 
--exclude sid debian-cd-3.1.23/Makefile debian-cd-3.1.25/Makefile
--- debian-cd-3.1.23/Makefile   2019-02-02 11:53:15.0 +
+++ debian-cd-3.1.25/Makefile   2019-06-26 18:26:02.0 +0100
@@ -439,6 +439,9 @@
if [ "$(EXCLUDE_686_KERNEL)"x = "1"x ] ; then \
ARCHDEFS="$$ARCHDEFS -DARCH_i386_EXCLUDE_686_KERNEL"; \
fi; \
+   if [ "$(EXCLUDE_686_PAE_KERNEL)"x = "1"x ] ; then \
+   ARCHDEFS="$$ARCHDEFS -DARCH_i386_EXCLUDE_686_PAE_KERNEL"; \
+   fi; \
if [ "$(SOURCEONLY)"x != "yes"x ] ; then \
cpp -nostdinc -P -undef $$ARCHDEFS $$VARIANTDEFS\
$$ARCHUNDEFS -U i386 -U linux -U unix \
diff -Nru --exclude Debian-edu-full --exclude kali-dev --exclude kali-rolling 
--exclude sid debian-cd-3.1.23/contrib/HEADER.html.in 
debian-cd-3.1.25/contrib/HEADER.html.in
--- debian-cd-3.1.23/contrib/HEADER.html.in 2019-02-19 18:04:32.0 
+
+++ debian-cd-3.1.25/contrib/HEADER.html.in 2019-06-26 18:26:02.0 
+0100
@@ -83,6 +83,8 @@
  writeable DVD media
 #  elif TYPEbd
  writeable Blu-Ray media
+#  elif TYPE16G
+ 16GB USB media
 #  elif TYPEdlbd
  writeable dual-layer Blu-Ray media
 #  endif
@@ -202,14 +204,11 @@
   
 #  if defined(TYPEbd) && !defined(ARCHsource) 

Re: Bug#931052: unblock: webkit2gtk/2.24.2-2

[Adrian Bunk]

On Thu, Jun 27, 2019 at 01:27:42PM +0200, Paul Gevers wrote:
> reassign 931052 release-notes
> retitle 931052 webkit2gtk not supported on non-sse2 i386 hardware
>...
> We like to support non-sse2 on i386, but we are not comfortable fixing
> webkit2gtk at this stage of the release.

Why is this relatively small change a problem in a package where
new upstream versions are permitted after the release of stable?

Doing a change in 2.24.2-2 prior to the release sounds less risky than
uploading the same change as part of 2.24.3-1~deb10u1 to buster-pu.

> Therefore, we will not unblock
> this change, but we want the release notes to mention this, so users are
> warned.

This means the default desktop is expected to have crashes due to this.

Many standalone applications like liferea or zenity (#930932)
are also expected to crash.

Please mention in all buster announcements that users on non-SSE i386 
should defer upgrading from stretch until this is fixed in the next 
point release of buster.

> Paul

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Processed: Re: Bug#930637: unblock: monit/1:5.25.2-3+deb10u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 wontfix
Bug #930637 [release.debian.org] unblock: monit/1:5.25.2-3+deb10u1
Added tag(s) wontfix.
> close -1
Bug #930637 [release.debian.org] unblock: monit/1:5.25.2-3+deb10u1
Marked Bug as done

-- 
930637: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930637
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#930637: unblock: monit/1:5.25.2-3+deb10u1

[Paul Gevers]

Control: tags -1 wontfix
Control: close -1

Hi Sergey,

We're sorry, but we'll be removing monit from buster shortly.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#930994: marked as done (unblock: piuparts/1.0.1)

[Paul Gevers]

Hi,

On 27-06-2019 13:31, Holger Levsen wrote:
> anyhow, i guess for an t-p-u upload it is too late now (???), so that sensible
> default release names will only be in buster with 10.1, right?

Correct.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#931096: unblock: mariadb-10.3/1:10.3.16-1

[Paul Gevers]

Control: tags -1 wontfix
Control: close -1

Hi Otto,

On Wed, 26 Jun 2019 10:32:53 +0300 =?UTF-8?B?T3R0byBLZWvDpGzDpGluZW4=?=
 wrote:
> Please unblock package mariadb-10.3
> 
> - New upstream release (which would get into Buster via stable-updates
> eventually anyway)

At this stage of the release (your request can after the deadline), we
prefer the upload to happen in the first point release.

Paul



signature.asc
Description: OpenPGP digital signature

Processed: Re: unblock: mariadb-10.3/1:10.3.16-1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 wontfix
Bug #931096 [release.debian.org] unblock: mariadb-10.3/1:10.3.16-1
Added tag(s) wontfix.
> close -1
Bug #931096 [release.debian.org] unblock: mariadb-10.3/1:10.3.16-1
Marked Bug as done

-- 
931096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: Bug#930994: marked as done (unblock: piuparts/1.0.1)

[Holger Levsen]

On Thu, Jun 27, 2019 at 09:51:07AM +, Debian Bug Tracking System wrote:
> If you would have only included the change of the names of the suite, we
> would have unblocked it. As it stands there are too many changes to
> accept it at this very late stage of releasing buster. Sorry.

oh well, sigh. the changes are no different than the ones let in before
and as said, in codepathes noone besides piuparts.d.o uses. sad.

anyhow, i guess for an t-p-u upload it is too late now (???), so that sensible
default release names will only be in buster with 10.1, right?


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

"... the premise [is] that privacy is about hiding a wrong. It's not.
 Privacy is an inherent human right, and a requirement for maintaining
 the human condition with dignity and respect." (Bruce Schneier)


signature.asc
Description: PGP signature

Processed: Re: Bug#931052: unblock: webkit2gtk/2.24.2-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 931052 release-notes
Bug #931052 [release.debian.org] unblock: webkit2gtk/2.24.2-2
Bug reassigned from package 'release.debian.org' to 'release-notes'.
Ignoring request to alter found versions of bug #931052 to the same values 
previously set
Ignoring request to alter fixed versions of bug #931052 to the same values 
previously set
> retitle 931052 webkit2gtk not supported on non-sse2 i386 hardware
Bug #931052 [release-notes] unblock: webkit2gtk/2.24.2-2
Changed Bug title to 'webkit2gtk not supported on non-sse2 i386 hardware' from 
'unblock: webkit2gtk/2.24.2-2'.
> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was elb...@debian.org).
> usertags 931052 - unblock
Usertags were: unblock.
Usertags are now: .
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
931052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#931052: unblock: webkit2gtk/2.24.2-2

[Paul Gevers]

reassign 931052 release-notes
retitle 931052 webkit2gtk not supported on non-sse2 i386 hardware
user release.debian@packages.debian.org
usertags 931052 - unblock
thanks

Hi Alberto,

On 25-06-2019 10:04, Alberto Garcia wrote:
> Please unblock package webkit2gtk
> 
> Upstream WebKitGTK has recently stopped supporting i386 CPUs without
> SSE2 extensions, as other browsers (Chromium, Firefox) already did a
> few years ago.
> 
> There is at least one bug report (#930932, opened two days ago) from a
> user that cannot run Zenity on a machine with an Athlon XP CPU because
> of this, and some hours ago bug #930935 was filed against webkit2gtk.
> 
> WebKit generates SSE2 instructions with its JIT compiler, and the
> build scripts also force gcc to pass the -msse2 compilation flags.
> 
> This upload disables the JIT compiler and enables the CLoop JavaScript
> interpreter, which is slower but works on all CPUs. It also removes
> the gcc SSE2 flags. Only the i386 build is affected by these changes.
> 
> Debdiff attached.
> 
> Note: the changelog includes the list of CVEs from the latest security
> advisory, published shortly after the previous release. This is purely
> informative and has no effects on the package.
> 
> unblock webkit2gtk/2.24.2-2

We like to support non-sse2 on i386, but we are not comfortable fixing
webkit2gtk at this stage of the release. Therefore, we will not unblock
this change, but we want the release notes to mention this, so users are
warned.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#931062: unblock: ionit/0.3.2+really0.2.1-2

[Benjamin Drung]

Am Donnerstag, den 27.06.2019, 10:52 +0200 schrieb Paul Gevers:
> Hi Benjamin,
> 
> On 25-06-2019 13:25, Benjamin Drung wrote:
> > The ionit.service fix for bug #919690 introduced a systemd
> > dependency
> > loop. systemd will break the loop at a (random?) place which can
> > make
> > boot behave incorrectly.
> 
> Bah. One of the big reasons why you should fix your bugs earlier.

I discovered the failing ifup@.service in January while testing and
reported #919690 against ifupdown. On 2019-06-20 I troubleshooted this
issue further and discovered that it was a configuration issue caused
by ionit running too late. Then I reassigned it and fixed ionit.

>  And to
> ask a nasty question, why didn't you spot this issue in the previous
> version?

I tested that version and checked that all systemd services were
running. Sadly the dependency loop was just mentioned in the dmesg
output. That's why I didn't saw it in my initial tests.

> > I fixed the dependency loop in ionit 0.3.2+really0.2.1-2. A debdiff
> > is
> > attached.
> > 
> > unblock ionit/0.3.2+really0.2.1-2
> 
> Unblocked, thanks.

Thanks.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de

Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss

Member of United Internet

Bug#931023: marked as done (unblock: libpaper/1.1.27)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 12:11:13 +0200
with message-id <25539112-4137-0a98-b908-6baebcfbe...@debian.org>
and subject line Re: Bug#931023: unblock: libpaper/1.1.27
has caused the Debian Bug report #931023,
regarding unblock: libpaper/1.1.27
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931023: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931023
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libpaper

1.1.26 has a circular dependency in debian/rules that skips
the creation of an important file: libpaper1.config.
The new package fixes this problem and make use of DPKG_EXPORT_BUILDFLAGS.

source debdiff is attached

unblock libpaper/1.1.27

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), 
LANGUAGE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru libpaper-1.1.26/configure.ac libpaper-1.1.27/configure.ac
--- libpaper-1.1.26/configure.ac2018-12-11 11:50:29.0 +0100
+++ libpaper-1.1.27/configure.ac2019-06-23 21:26:40.0 +0200
@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 
-AC_INIT([libpaper], [1.1.26])
+AC_INIT([libpaper], [1.1.27])
 AC_CONFIG_SRCDIR([configure.ac])
 AM_INIT_AUTOMAKE([no-define])
 AM_CONFIG_HEADER(config.h)
diff -Nru libpaper-1.1.26/debian/changelog libpaper-1.1.27/debian/changelog
--- libpaper-1.1.26/debian/changelog2018-12-11 11:50:45.0 +0100
+++ libpaper-1.1.27/debian/changelog2019-06-23 21:27:03.0 +0200
@@ -1,3 +1,10 @@
+libpaper (1.1.27) unstable; urgency=medium
+
+  * Fixed a circular dependency in debian/rules that left libpaper1.config
+not built. See #927226.
+
+ -- Giuseppe Sacco   Sun, 23 Jun 2019 21:27:03 +0200
+
 libpaper (1.1.26) unstable; urgency=medium
 
   * Check for ucf presence in the postrm script. See #916197 and #916198.
diff -Nru libpaper-1.1.26/debian/rules libpaper-1.1.27/debian/rules
--- libpaper-1.1.26/debian/rules2018-12-02 22:28:23.0 +0100
+++ libpaper-1.1.27/debian/rules2019-06-23 21:27:03.0 +0200
@@ -6,6 +6,9 @@
 
 include /usr/share/dpkg/architecture.mk
 
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
 package:= $(firstword $(shell dh_listpackages))
 prefix := $(CURDIR)/debian/tmp
 share  := /usr/share
@@ -24,20 +27,9 @@
 native_paperconf   := debian/build-native/src/paperconf
 endif
 
-cflags := -g -Wall
-ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-cflags += -O2
-else
-cflags += -O0
-endif
-
-export CFLAGS=$(cflags)
-export CXXFLAGS=$(cflags)
-
 version:= $(shell dpkg-parsechangelog | \
sed -ne 's/^Version: *\([0-9]\+:\)*//p')
 
-
 tag:
cvs tag -c -F $(subst .,_,debian_version_$(version))
 ifeq ($(findstring -,$(version)),)
@@ -57,7 +49,7 @@
 endif
touch $@
 
-build-indep:   config debian/libpaper1.config
+build-indep:   config libpaper1.config-stamp
$(MAKE) -C debian/build
 ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
$(MAKE) -C debian/build-native
@@ -67,15 +59,16 @@
 build-arch:build-indep
 build: build-arch
 
-debian/libpaper1.config: build-arch
-   exec > $@.new \
-   && sed -n '1,/^__BEGIN_PAPERSPECS__/p' $@ \
-   && $(native_paperconf) -amns \
-   && sed -n '/^__END_PAPERSPECS__/,$$p' $@
-   mv $@.new $@
+libpaper1.config-stamp:
+   exec > debian/libpaper1.config.new \
+   && sed -n '1,/^__BEGIN_PAPERSPECS__/p' debian/libpaper1.config \
+   && cat lib/paperspecs \
+   && sed -n '/^__END_PAPERSPECS__/,$$p' debian/libpaper1.config
+   mv debian/libpaper1.config.new debian/libpaper1.config
+   touch libpaper1.config-stamp
 
 clean: checkroot
-   rm -f *-stamp
+   rm -f *-stamp build-indep
[ ! -f Makefile ] || $(MAKE) distclean
rm -rf debian/build debian/build-native
dh_autoreconf_clean
--- End Message ---
--- Begin Message ---
Hi Giuseppe,

On 24-06-2019 18:59, Giuseppe Sacco wrote:
> 1.1.26 has a circular dependency in debian/rules that skips
> the creation of an important file: libpaper1.config.
> The new 

Bug#928227: marked as done (unblock: golang-golang-x-net-dev/1:0.0+git20181201.351d144+dfsg-3)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 11:58:06 +0200
with message-id 
and subject line Re: Bug#928227: unblock: 
golang-golang-x-net-dev/1:0.0+git20181201.351d144+dfsg-3
has caused the Debian Bug report #928227,
regarding unblock: golang-golang-x-net-dev/1:0.0+git20181201.351d144+dfsg-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928227
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package golang-golang-x-net-dev

Upstream has provided patches addressing security issues 
CVE-2018-17846 / CVE-2018-17847 / CVE-2018-17848
(Debian bug #911795).

This upload applies those patches.


$ debdiff  golang-golang-x-net-dev_0.0+git20181201.351d144+dfsg-2.dsc  
golang-golang-x-net-dev_0.0+git20181201.351d144+dfsg-3.dsc
diff -Nru golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog
--- golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog   
2018-12-14 21:56:28.0 +0800
+++ golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog   
2019-04-30 16:42:08.0 +0800
@@ -1,3 +1,13 @@
+golang-golang-x-net-dev (1:0.0+git20181201.351d144+dfsg-3) unstable; 
urgency=medium
+
+  * Team upload.
+  * Apply security patches (upstream commits). Closes: #911795.
+- CVE-2018-17846: commit d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
+- CVE-2018-17847, CVE-2018-17848:
+  commit 4b62a64f59f73840b9ab79204c94fee61cd1ba2c
+
+ -- Drew Parsons   Tue, 30 Apr 2019 16:42:08 +0800
+
 golang-golang-x-net-dev (1:0.0+git20181201.351d144+dfsg-2) unstable; 
urgency=medium
 
   * Remove obsolete patch for s390. Closes: #916236.
diff -Nru 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
--- 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
1970-01-01 08:00:00.0 +0800
+++ 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
2019-04-30 16:42:08.0 +0800
@@ -0,0 +1,108 @@
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001
+From: Kunpei Sakai 
+Date: Tue, 25 Sep 2018 22:55:50 +0900
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest
+ spec
+
+Fixes golang/go#27842
+
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc
+Reviewed-on: https://go-review.googlesource.com/c/137275
+Run-TryBot: Kunpei Sakai 
+TryBot-Result: Gobot Gobot 
+Reviewed-by: Nigel Tao 
+---
+ html/parse.go   | 28 ++--
+ html/parse_test.go  |  3 ++-
+ html/testdata/go/select.dat | 12 
+ 3 files changed, 36 insertions(+), 7 deletions(-)
+ create mode 100644 html/testdata/go/select.dat
+
+diff --git a/html/parse.go b/html/parse.go
+index 64a57937..488e8d3c 100644
+--- a/html/parse.go
 b/html/parse.go
+@@ -1719,8 +1719,12 @@ func inSelectIM(p *parser) bool {
+   }
+   p.addElement()
+   case a.Select:
+-  p.tok.Type = EndTagToken
+-  return false
++  if p.popUntil(selectScope, a.Select) {
++  p.resetInsertionMode()
++  } else {
++  // Ignore the token.
++  return true
++  }
+   case a.Input, a.Keygen, a.Textarea:
+   if p.elementInScope(selectScope, a.Select) {
+   p.parseImpliedToken(EndTagToken, a.Select, 
a.Select.String())
+@@ -1750,6 +1754,9 @@ func inSelectIM(p *parser) bool {
+   case a.Select:
+   if p.popUntil(selectScope, a.Select) {
+   p.resetInsertionMode()
++  } else {
++  // Ignore the token.
++  return true
+   }
+   case a.Template:
+   return inHeadIM(p)
+@@ -1775,13 +1782,22 @@ func inSelectInTableIM(p *parser) bool {
+   case StartTagToken, EndTagToken:
+   switch p.tok.DataAtom {
+   case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, 
a.Th:
+-   

Bug#928368: marked as done (transition: papi)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 12:00:54 +0200
with message-id 
and subject line Re: Bug#929318: unblock: papi/5.7.0+dfsg-1
has caused the Debian Bug report #928368,
regarding transition: papi
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928368
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi,

I recently realized that libpapi5 (5.7.0-1) is not compatible with
applications built against papi 5.6 (or any other mismatching
major.minor version) due to the runtime checks performed in
PAPI_library_init() and the way this is to be called from applications.
Applications will abort after PAPI_library_init() returned an error and
require recompilation against the current version. (I ran into this
incompatibility myself.) #928367
Upstream confirmed that they only intend to maintain ABI compatibility
for major.minor.*.* releases, but not between different minor versions.
The soname therefore should have never been libpapi.so.major but rather
libpapi.so.major.minor

Patching out the check completely is non-trivial since it is some kind
of handshake beween caller and callee (app and lib). I'm pretty sure the
ABI has not changed between 5.5 (stretch) and 5.7, but I wouldn't put my
hand into the fire for it. And upstream has no way to track ABI
independently of major.minor version, given that the runtime check
exists for a long time already.
While I could patch papi to use version 5.6.99.99 internally instead of
5.7.0.0 to restore compatibility with the snapshot we had in buster
previously (only major.minor are being compared), this would still be
incompatible with programs built on stretch which had libpapi5 5.5.*

Given the limited amount of packages involved, I'd prefer to perform a
late but proper transition libpapi5 -> libpapi5.7 for buster.

# Depends:
eztrace: libeztrace0 [amd64 arm64 armel armhf i386 mips mips64el mipsel
ppc64el]

# Build-Depends:
eztrace: libpapi-dev
eztrace-contrib/contrib: libpapi-dev
mpqc3: libpapi-dev

Only one binNMU is needed. mpqc3 links statically (will fix post buster)
and eztrace-contrib probably shares the packaging with eztrace, and IIRC
only builds some addon modules.

If I had seen this coming, I would have done the transition in time for
the 5.6 snapshot we previously had and left 5.7 for bullseye.

Ben file:

title = "papi";
is_affected = .depends ~ "libpapi5" | .depends ~ "libpapi5.7";
is_good = .depends ~ "libpapi5.7";
is_bad = .depends ~ "libpapi5";
--- End Message ---
--- Begin Message ---
On Sun, 16 Jun 2019 13:31:47 +0200 Andreas Beckmann  wrote:
> The package is in sid, built on all release architectures and I verified
> that all reverse build-depends still build on amd64.

and meanwhile it migrated to buster ... thus closing the transition bug

Andreas--- End Message ---

Bug#930994: marked as done (unblock: piuparts/1.0.1)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 11:48:38 +0200
with message-id <070ee629-a972-baf6-bf62-c82a857b4...@debian.org>
and subject line Re: Bug#930994: unblock: piuparts/1.0.1
has caused the Debian Bug report #930994,
regarding unblock: piuparts/1.0.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
930994: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930994
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package piuparts, as usual (at these times) the changes are
mostly only relevant for piuparts.debian.org, while the changes relevant 
for normal users are :

 * piuparts.conf, distros.conf: Update for buster release.
 * piuparts.py:
- Add '--max-command-output-size' option to allow overriding the default
  of 8 MB for debugging runs.
- Fix spurious failure to remove packages with names ending with '+'.

In theory also relevant (because these changes touch code everyone is
using) are also these changes:

 * piupartslib/packagesdb.py:
- Remove stale .kpr files after receiving new logs.

In theory, because these codepathes are not used in normal piuparts
usage (but only in master-server setups which TTBOMK is only used by Andreas
and me/piuparts.debian.org.)

The custom-scripts might be used by some piuparts users (not by default
though), yet I have a high confidence they are good, as we are using them since
June 6th on piuparts.d.o without any issues.

The full changelog is:

piuparts (1.0.1) unstable; urgency=medium

  [ Andreas Beckmann ]
  * piuparts.conf, distros.conf: Update for buster release.
  * piuparts.py:
- Add '--max-command-output-size' option to allow overriding the default
  of 8 MB for debugging runs.
- Run pre_remove scripts before computing packages to be removed.
- Fix spurious failure to remove packages with names ending with '+'.
  * piupartslib/packagesdb.py:
- Remove stale .kpr files after receiving new logs.
  * piuparts-slave.py:
- Generate separate tarball names for --merged-usr chroots.
- Re-exec on SIGUSR1, picking up updated code and new config sections.
  * master-bin/detect_piuparts_issues:
- Clean up stale temporary and empty files.
  * master-bin/rotate_master_logs: Delete master logs older than 90 days.
  * slave-bin/slave_reexec: New, send SIGUSR1 to all running slaves.
  * custom-scripts: Add and update several exceptions.
  * piuparts.conf.anbe: Add some more example sections.

  [ Holger Levsen ]
  * generate_daily_report: improve statistics.

 -- Holger Levsen   Tue, 18 Jun 2019 14:48:59 +0200

The full debdiff is attached, this is the diffstat:

$ debdiff piuparts_1.0.0.dsc piuparts_1.0.1.dsc | diffstat
 Makefile   
|8 
 conf/distros.conf  
|8 
 custom-scripts/scripts-broken-symlinks/post_install_extras_unbreak_symlinks
|   93 +-
 custom-scripts/scripts-debug-triggers/pre_distupgrade_debug_triggers   
|2 
 custom-scripts/scripts-debug-triggers/pre_install_debug_triggers   
|2 
 
custom-scripts/scripts-multi-distro-upgrade/pre_remove_exceptions_multi-distro-upgrade
 |   13 
 custom-scripts/scripts/is_testable_uninstallable   
|  219 -
 custom-scripts/scripts/post_distupgrade_exceptions 
|   15 
 custom-scripts/scripts/post_remove_exceptions  
|   16 
 custom-scripts/scripts/post_setup_minimize 
|2 
 custom-scripts/scripts/pre_distupgrade_allow_unauthenticated   
|2 
 custom-scripts/scripts/pre_distupgrade_exceptions  
|   24 
 custom-scripts/scripts/pre_distupgrade_zz_database-server  
|   15 
 custom-scripts/scripts/pre_install_database-server 
|   19 
 custom-scripts/scripts/pre_install_exceptions  
|   22 
 custom-scripts/scripts/pre_remove_50_find_bad_permissions  
|9 
 custom-scripts/scripts/pre_remove_exceptions   
|   33 
 debian/changelog   
|   28 
 instances/piuparts.conf-template.pejacevic   

Bug#931105: marked as done (unblock: python-periodictable/1.5.0-8)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 11:23:19 +0200
with message-id 
and subject line Re: Bug#931105: unblock: python-periodictable/1.5.0-8
has caused the Debian Bug report #931105,
regarding unblock: python-periodictable/1.5.0-8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931105
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package python-periodictable

This version fixes a broken doc package dependency.

It's in no way a critical bug, but it seems silly to release buster
with a known dependency bug when the fix is so trivial.

$ debdiff python-periodictable_1.5.0-7.dsc python-periodictable_1.5.0-8.dsc
diff -Nru python-periodictable-1.5.0/debian/changelog 
python-periodictable-1.5.0/debian/changelog
--- python-periodictable-1.5.0/debian/changelog 2018-12-30 09:27:41.0 
+0800
+++ python-periodictable-1.5.0/debian/changelog 2019-06-26 16:18:35.0 
+0800
@@ -1,3 +1,10 @@
+python-periodictable (1.5.0-8) unstable; urgency=medium
+
+  [ Stuart Prescott ]
+  * Fix typo in Suggests entry for documentation (Closes: #923744).
+
+ -- Drew Parsons   Wed, 26 Jun 2019 16:18:35 +0800
+
 python-periodictable (1.5.0-7) unstable; urgency=medium
 
   * Replace sphinx directives that have been removed in matplotlib 3
diff -Nru python-periodictable-1.5.0/debian/control 
python-periodictable-1.5.0/debian/control
--- python-periodictable-1.5.0/debian/control   2018-12-30 09:27:41.0 
+0800
+++ python-periodictable-1.5.0/debian/control   2019-06-26 16:18:35.0 
+0800
@@ -36,7 +36,7 @@
  ${python:Depends}
 Suggests:
  python-matplotlib,
- python-python-periodictable-doc
+ python-periodictable-doc
 Description: Extensible periodic table of the elements (Python 2)
  This package provides a periodic table of the elements with support
  for mass, density and xray/neutron scattering information.
@@ -67,7 +67,7 @@
  ${misc:Depends},
  ${python3:Depends}
 Suggests:
-  python-python-periodictable-doc,
+  python-periodictable-doc,
   python3-matplotlib
 Description: Extensible periodic table of the elements (Python 3)
  This package provides a periodic table of the elements with support


unblock python-periodictable/1.5.0-8

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Hi Drew,

On 26-06-2019 10:58, Drew Parsons wrote:
> It's in no way a critical bug, but it seems silly to release buster
> with a known dependency bug when the fix is so trivial.

Sorry, too late to do these kind of things. We're really focusing on
more important stuff than this.

Paul



signature.asc
Description: OpenPGP digital signature
--- End Message ---

Bug#931040: marked as done (unblock: musescore/2.3.2+dfsg2-7)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 11:12:12 +0200
with message-id 
and subject line Re: Bug#931040: unblock: musescore/2.3.2+dfsg2-7
has caused the Debian Bug report #931040,
regarding unblock: musescore/2.3.2+dfsg2-7
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931040
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package musescore

I’ve found out, from Sunday’s dev chat discussion, that MuseScore
connects to upstream’s webserver on startup (#931021), and we
generally don’t like applications to phone home without explicit
permission.

I’ve tested this with systrace and verified both the fix and the
affected versions. Please unblock if you agree this is RC.

(including a git diff, but I confirmed it’s identical to debdiff)

--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+musescore (2.3.2+dfsg2-7) unstable; urgency=high
+
+  * Disable webkit functionality (Closes: #931021)
+
+ -- Thorsten Glaser   Mon, 24 Jun 2019 18:07:46 +0200
+
 musescore (2.3.2+dfsg2-6) unstable; urgency=medium
 
   * Workaround for DEP 5 syntax in a complex case
--- a/debian/control
+++ b/debian/control
@@ -28,7 +28,6 @@ Build-Depends: cmake,
libpulse-dev,
libqt5opengl5-dev,
libqt5svg5-dev,
-   libqt5webkit5-dev,
libqt5xmlpatterns5-dev,
libsndfile1-dev (>= 1.0.25),
portaudio19-dev,
--- a/debian/rules
+++ b/debian/rules
@@ -37,6 +37,9 @@ ifneq (linux,${DEB_HOST_ARCH_OS})
 CMAKE_DEFS+=   -DBUILD_PORTMIDI=OFF
 endif
 
+# disable phoning home
+CMAKE_DEFS+=   -DBUILD_WEBKIT=OFF
+
 override_dh_auto_configure:
dh_auto_configure -- ${CMAKE_DEFS}
 


unblock musescore/2.3.2+dfsg2-7

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---
Hi Thorsten,

On 25-06-2019 03:10, Thorsten Glaser wrote:
> I’ve found out, from Sunday’s dev chat discussion, that MuseScore
> connects to upstream’s webserver on startup (#931021), and we
> generally don’t like applications to phone home without explicit
> permission.
> 
> I’ve tested this with systrace and verified both the fix and the
> affected versions. Please unblock if you agree this is RC.

Although the bug you fix is important to us, its report and the solution
came too late. The change can't get the required exposure to see if
there are no regression.

I propose you go for a stable release update in the first point release.

Paul



signature.asc
Description: OpenPGP digital signature
--- End Message ---

Bug#931001: unblock: xkeycaps/2.47-7

[Christoph Berg]

Re: Paul Gevers 2019-06-27 <9333738b-2b40-1c11-4ea4-1a968ed33...@debian.org>
> It's too late to fix this now. The deadline was Tuesday, for packages
> ready to migrate and AFAICT, this bug isn't serious enough to warrant an
> exception.

Ok, thanks for looking anyway!

Christoph

Bug#931084: marked as done (unblock: netdata/1.12.2-2)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 11:03:20 +0200
with message-id 
and subject line Re: Bug#931084: unblock: netdata/1.12.2-2
has caused the Debian Bug report #931084,
regarding unblock: netdata/1.12.2-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931084: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931084
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package netdata.

First, I'm sorry.. I'm terribly late with this and there's no excuse for
that.

Second, I seem to have miscalculated the
'last-possible-point-in-time-to-upload-to-unstable-and-migrate-to-testing-before-full-freeze'
by one hour on 2019-02-27. so netdata 1.12.2-2 which was supposed to be
the one for buster just didn't make it in time into testing before the
freeze on 2019-03-12. If I didn't make that mistake, netdata 1.12-2-2
would have migrated on its own.

Now, netdata 1.12.0-1..1.12.2-2 fixes two important things:

a) the web frontend as well as the documentation has been fixed to not
   spy on its users (via googleanalytics).

b) opt-out to send telemetry to upstream

Preferably, netdata 1.12.2-2 could be allowed to migrate to testing. If
that's not possible, both should be fixed through stable updates for
buster r1 which I'd like to avoid the extra-work for everyone.

Would you mind allow netdata to migrate at this point?

(debdiff of debian/ is attached)

Regards,
Daniel
diff -Naurp debian_1.12.0-1/changelog debian_1.12.2-2/changelog
--- debian_1.12.0-1/changelog	2019-06-25 20:27:42.597478366 +0200
+++ debian_1.12.2-2/changelog	2019-06-25 20:28:01.646098056 +0200
@@ -1,3 +1,47 @@
+netdata (1.12.2-2) unstable; urgency=medium
+
+  [ Federico Ceratto ]
+  * Add patch to remove Sign In button
+
+  [ Daniel Baumann ]
+  * When disabling the 'Sign In' button on the right side, only turn it
+off in the javascript and keep the html unmodified.
+  * Sorting patch series.
+
+ -- Daniel Baumann   Sat, 02 Mar 2019 16:46:44 +0100
+
+netdata (1.12.2-1) unstable; urgency=medium
+
+  * Merging upstream version 1.12.2.
+
+ -- Daniel Baumann   Thu, 28 Feb 2019 22:18:45 +0100
+
+netdata (1.12.1-2) unstable; urgency=medium
+
+  * Downgrading nodejs depends in netdata-plugins-nodejs to recommends as
+not all architectures have nodejs at the moment.
+
+ -- Daniel Baumann   Wed, 27 Feb 2019 22:09:05 +0100
+
+netdata (1.12.1-1) unstable; urgency=medium
+
+  [ Lennart Weller ]
+  * Add patch to remove Google Analytics from generated docs
+
+  [ Daniel Baumann ]
+  * Rediffing remove-googleanalytics.patch.
+  * Opting out by default from sending anonymous statistics (Closes: #923114).
+  * Merging upstream version 1.12.1.
+  * Refreshing remove-googleanalytics.patch for new upstream version.
+  * Updating lintian overrides.
+  * Removing currently usless depends on bash as it's still an essential
+package.
+  * Adding missing GPL-3-only license stanza in copyright file.
+  * Debranding license references in copyright.
+  * Updating TODO file.
+
+ -- Daniel Baumann   Sun, 24 Feb 2019 21:32:56 +0100
+
 netdata (1.12.0-1) unstable; urgency=medium
 
   * Merging upstream version 1.12.0.
diff -Naurp debian_1.12.0-1/control debian_1.12.2-2/control
--- debian_1.12.0-1/control	2019-06-25 20:27:42.597478366 +0200
+++ debian_1.12.2-2/control	2019-06-25 20:28:01.646098056 +0200
@@ -97,7 +97,6 @@ Section: net
 Architecture: all
 Multi-Arch: foreign
 Depends:
- bash,
  netdata-core (>= ${source:Version}) | netdata-core-no-sse (>= ${source:Version}),
  ${misc:Depends},
 Suggests:
@@ -120,8 +119,9 @@ Architecture: all
 Multi-Arch: foreign
 Depends:
  netdata-core (>= ${source:Version}) | netdata-core-no-sse (>= ${source:Version}),
- nodejs,
  ${misc:Depends},
+Recommends:
+ nodejs,
 Provides:
  netdata-plugins,
 Enhances:
diff -Naurp debian_1.12.0-1/copyright debian_1.12.2-2/copyright
--- debian_1.12.0-1/copyright	2019-06-25 20:27:42.597478366 +0200
+++ debian_1.12.2-2/copyright	2019-06-25 20:28:01.650098186 +0200
@@ -183,7 +183,7 @@ Files:
  collectors/python.d.plugin/python_modules/third_party/boinc_client.py
 Copyright: 2013 Rodrigo Silva (MestreLion) 
2017 Austin S. Hemmelgarn
-License: GPL-3.0
+License: GPL-3
 
 Files:
  collectors/python.d.plugin/python_modules/third_party/mcrcon.py
@@ -224,8 +224,8 @@ License: LGPL-3+
  You should have received a copy of the GNU Lesser General Public
  License along with this library;  If not, see .
  .
- On Debian systems, the 

Bug#931062: marked as done (unblock: ionit/0.3.2+really0.2.1-2)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 10:52:25 +0200
with message-id <29629c88-5137-f64a-835b-05ca89250...@debian.org>
and subject line Re: Bug#931062: unblock: ionit/0.3.2+really0.2.1-2
has caused the Debian Bug report #931062,
regarding unblock: ionit/0.3.2+really0.2.1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931062
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ionit

The ionit.service fix for bug #919690 introduced a systemd dependency
loop. systemd will break the loop at a (random?) place which can make
boot behave incorrectly.

I fixed the dependency loop in ionit 0.3.2+really0.2.1-2. A debdiff is
attached.

unblock ionit/0.3.2+really0.2.1-2

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de

Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss

Member of United Internet
diff -Nru ionit-0.3.2+really0.2.1/debian/changelog 
ionit-0.3.2+really0.2.1/debian/changelog
--- ionit-0.3.2+really0.2.1/debian/changelog2019-06-20 15:36:08.0 
+0200
+++ ionit-0.3.2+really0.2.1/debian/changelog2019-06-25 13:18:08.0 
+0200
@@ -1,3 +1,10 @@
+ionit (0.3.2+really0.2.1-2) unstable; urgency=medium
+
+  * Drop After=local-fs.target from ionit.service to break dependency loop
+(Closes: #931060)
+
+ -- Benjamin Drung   Tue, 25 Jun 2019 13:18:08 
+0200
+
 ionit (0.3.2+really0.2.1-1) unstable; urgency=medium
 
   * Run ionit.service before systemd-modules-load.service
diff -Nru 
ionit-0.3.2+really0.2.1/debian/patches/Drop-After-local-fs.target-from-ionit.service.patch
 
ionit-0.3.2+really0.2.1/debian/patches/Drop-After-local-fs.target-from-ionit.service.patch
--- 
ionit-0.3.2+really0.2.1/debian/patches/Drop-After-local-fs.target-from-ionit.service.patch
  1970-01-01 01:00:00.0 +0100
+++ 
ionit-0.3.2+really0.2.1/debian/patches/Drop-After-local-fs.target-from-ionit.service.patch
  2019-06-25 13:16:16.0 +0200
@@ -0,0 +1,45 @@
+From ce7c305312bb68319784e2d693955297138c273a Mon Sep 17 00:00:00 2001
+From: Benjamin Drung 
+Date: Tue, 25 Jun 2019 12:00:24 +0200
+Subject: [PATCH] Drop After=local-fs.target from ionit.service
+
+Letting `ionit.service` run before `systemd-udev-trigger.service`
+introduces a dependency loop:
+
+```
+systemd[1]: systemd-udev-trigger.service: Found ordering cycle on 
ionit.service/start
+systemd[1]: systemd-udev-trigger.service: Found dependency on 
local-fs.target/start
+systemd[1]: systemd-udev-trigger.service: Found dependency on 
local-fs-pre.target/start
+systemd[1]: systemd-udev-trigger.service: Found dependency on 
multipathd.service/start
+```
+
+`systemd-udev-trigger.service` runs before `multipathd.service` which
+runs before `local-fs-pre.target` which runs before `local-fs.target`.
+`ionit.service` wants to run before `systemd-udev-trigger.service` but
+after `local-fs.target`.
+
+Therefore drop `After=local-fs.target` from `ionit.service` to break the
+dependency loop. `/etc` and `/usr` is probably mounted inside the initrd
+already.
+
+Bug-Debian: https://bugs.debian.org/931060
+Signed-off-by: Benjamin Drung 
+---
+ ionit.service | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ionit.service b/ionit.service
+index 8f56106..4c4e1c8 100644
+--- a/ionit.service
 b/ionit.service
+@@ -2,7 +2,6 @@
+ Description=Render configuration files from Jinja templates
+ Documentation=man:ionit(1)
+ DefaultDependencies=no
+-After=local-fs.target
+ Before=ferm.service network-pre.target openibd.service shutdown.target 
sysinit.target systemd-modules-load.service systemd-udev-trigger.service
+ Wants=network-pre.target
+ RequiresMountsFor=/usr
+-- 
+2.20.1
+
diff -Nru ionit-0.3.2+really0.2.1/debian/patches/series 
ionit-0.3.2+really0.2.1/debian/patches/series
--- ionit-0.3.2+really0.2.1/debian/patches/series   2019-06-20 
13:54:04.0 +0200
+++ ionit-0.3.2+really0.2.1/debian/patches/series   2019-06-25 
13:16:39.0 +0200
@@ -1,2 +1,3 @@
 Run-ionit.service-before-systemd-modules-load.service.patch
 Run-ionit.service-before-systemd-udev-trigger.service.patch
+Drop-After-local-fs.target-from-ionit.service.patch
--- End Message ---
--- Begin Message ---
Hi Benjamin,

Bug#931016: marked as done (unblock: spacenavd/0.6-1.1)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 09:09:50 +0200
with message-id <67fc3f85-fa44-daf8-0184-f1e5e6866...@debian.org>
and subject line Re: Bug#931016: unblock: spacenavd/0.6-1.1
has caused the Debian Bug report #931016,
regarding unblock: spacenavd/0.6-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package spacenavd

spacenavd was no longer working properly due to a subtle change in kernel
behaviour. This was reported in #916610 and fixed by applying the
corresponding upstream commit.

Debdiff below.

diff -Nru spacenavd-0.6/debian/changelog spacenavd-0.6/debian/changelog
--- spacenavd-0.6/debian/changelog  2015-05-18 10:04:05.0 +
+++ spacenavd-0.6/debian/changelog  2019-06-01 11:13:33.0 +
@@ -1,3 +1,11 @@
+spacenavd (0.6-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix "conflict with /dev/input/js0" (Closes: #916610)
+- Fixed upstream in 34ddda1246ad07e8ff2e6606224e710852e3e3d8
+
+ -- Jakob Haufe   Sat, 01 Jun 2019 11:13:33 +
+
 spacenavd (0.6-1) unstable; urgency=medium
 
   * Imported Upstream version 0.6
diff -Nru spacenavd-0.6/debian/patches/series 
spacenavd-0.6/debian/patches/series
--- spacenavd-0.6/debian/patches/series 2015-05-18 10:04:05.0 +
+++ spacenavd-0.6/debian/patches/series 2019-06-01 11:04:55.0 +
@@ -1,2 +1,3 @@
 add-buildflags-to-makefile.patch
 run.patch
+skip-joystick-devices.patch
diff -Nru spacenavd-0.6/debian/patches/skip-joystick-devices.patch 
spacenavd-0.6/debian/patches/skip-joystick-devices.patch
--- spacenavd-0.6/debian/patches/skip-joystick-devices.patch1970-01-01 
00:00:00.0 +
+++ spacenavd-0.6/debian/patches/skip-joystick-devices.patch2019-06-01 
11:13:33.0 +
@@ -0,0 +1,37 @@
+Description: Skip joystick device files
+Author: John Tsiombikas 
+Origin: upstream, 
https://github.com/FreeSpacenav/spacenavd/commit/34ddda1246ad07e8ff2e6606224e710852e3e3d8
+Bug-Debian: https://bugs.debian.org/916610
+---
+commit 34ddda1246ad07e8ff2e6606224e710852e3e3d8
+Author: John Tsiombikas 
+Date:   Sat Oct 11 05:07:58 2014 +
+
+added code to skip joystick device files while parsing 
/proc/bus/input/devices
+
+
+git-svn-id: svn+ssh://svn.code.sf.net/p/spacenav/code/trunk/spacenavd@183 
ef983eb1-d774-4af8-acfd-baaf7b16a646
+
+diff --git a/src/dev_usb_linux.c b/src/dev_usb_linux.c
+index 30db579..5f4baad 100644
+--- a/src/dev_usb_linux.c
 b/src/dev_usb_linux.c
+@@ -342,11 +342,16 @@ struct usb_device_info *find_usb_devices(int 
(*match)(const struct usb_device_in
+   case 'H':
+   keyptr = strstr(cur_line, "Handlers=");
+   if(keyptr) {
+-  char *devfile, *valptr = keyptr 
+ strlen("Handlers=");
++  char *devfile = 0, *valptr = 
keyptr + strlen("Handlers=");
+   static const char *prefix = 
"/dev/input/";
+ 
+   int idx = 0;
+-  while((devfile = strtok(idx ? 0 
: valptr, " \t\v\n\r"))) {
++  while((devfile = strtok(devfile 
? 0 : valptr, " \t\v\n\r"))) {
++  if(strstr(devfile, 
"js") == devfile) {
++  /* ignore 
joystick device files, can't use them */
++  continue;
++  }
++
+   
if(!(devinfo.devfiles[idx] = malloc(strlen(devfile) + strlen(prefix) + 1))) {
+   perror("failed 
to allocate device filename buffer");
+   continue;


unblock spacenavd/0.6-1.1

-- System Information:
Debian Release: 10.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (400, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: 

Bug#931001: unblock: xkeycaps/2.47-7

[Paul Gevers]

Control: tags -1 wontfix
Control: close -1

Hi Christoph,

On 24-06-2019 13:34, Christoph Berg wrote:
> Please consider unblocking package xkeycaps. The new version properly
> cross-builds, and also passes LDFLAGS to the final linker command
> (previously, "-Wl,-z,relro" was missing).

It's too late to fix this now. The deadline was Tuesday, for packages
ready to migrate and AFAICT, this bug isn't serious enough to warrant an
exception.

Paul



signature.asc
Description: OpenPGP digital signature

Processed: Re: Bug#931001: unblock: xkeycaps/2.47-7

[Debian Bug Tracking System]

Processing control commands:

> tags -1 wontfix
Bug #931001 [release.debian.org] unblock: xkeycaps/2.47-7
Added tag(s) wontfix.
> close -1
Bug #931001 [release.debian.org] unblock: xkeycaps/2.47-7
Marked Bug as done

-- 
931001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931001
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#930975: marked as done (unblock: libmojolicious-perl/8.12+dfsg-2)

[Debian Bug Tracking System]

Your message dated Thu, 27 Jun 2019 08:54:59 +0200
with message-id 
and subject line Re: Bug#930975: unblock: libmojolicious-perl/8.12+dfsg-2
has caused the Debian Bug report #930975,
regarding unblock: libmojolicious-perl/8.12+dfsg-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
930975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package libmojolicious-perl

As of Debian 10 "buster" the system-wide default minimum supported TLS
level is 1.2. The upstream mojolicious source provides an SSL key intended
for local development testing (/CN=localhost) which does not support TLS 1.2
(it was created with RSA:1024 and SHA1 digests).

New installations of buster and migrations from stretch using the updated
openssl configuration will be affected.

Please see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929675 for the
Debian bug report.

The patch provided in libmojolicious-perl 8.12+dfsg-2 replaces the upstream
RSA:1024/SHA1 key with a new key generated for localhost using RSA:4096/SHA256
that supports TLS 1.3. No code changes are made.

$ debdiff libmojolicious-perl_8.12+dfsg-1.dsc 
libmojolicious-perl_8.12+dfsg-2.dsc
dpkg-source: warning: extracting unsigned source package 
(/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-1.dsc)
dpkg-source: warning: extracting unsigned source package 
(/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-2.dsc)
diff -Nru libmojolicious-perl-8.12+dfsg/debian/changelog 
libmojolicious-perl-8.12+dfsg/debian/changelog
--- libmojolicious-perl-8.12+dfsg/debian/changelog  2019-02-05 
17:58:40.0 +
+++ libmojolicious-perl-8.12+dfsg/debian/changelog  2019-06-23 
19:51:20.0 +0100
@@ -1,3 +1,9 @@
+libmojolicious-perl (8.12+dfsg-2) unstable; urgency=medium
+
+  * d/patches: add update-ssl-tls-certificate (Closes: #929675)
+
+ -- Nick Morrott   Sun, 23 Jun 2019 19:51:20 +0100
+
 libmojolicious-perl (8.12+dfsg-1) unstable; urgency=medium

   * Import upstream version 8.12+dfsg.
diff -Nru libmojolicious-perl-8.12+dfsg/debian/patches/series 
libmojolicious-perl-8.12+dfsg/debian/patches/series
--- libmojolicious-perl-8.12+dfsg/debian/patches/series 1970-01-01 
01:00:00.0 +0100
+++ libmojolicious-perl-8.12+dfsg/debian/patches/series 2019-06-23 
19:51:20.0 +0100
@@ -0,0 +1 @@
+update-ssl-tls-certificate
diff -Nru 
libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate 
libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate
--- libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate 
1970-01-01 01:00:00.0 +0100
+++ libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate 
2019-06-23 19:51:20.0 +0100
@@ -0,0 +1,143 @@
+Description: Update default https certificate to support TLS 1.2+
+ This patch replaces the upstream https certificate (RSA:1024, SHA1) that is
+ used for local development (CN=localhost) with a new certificate
+ (RSA:4096, SHA256) that supports the updated TLS 1.2 minimum-default-supported
+ TLS level on buster.
+Author: Nick Morrott 
+Forwarded: https://github.com/mojolicious/mojo/pull/1371
+Last-Update: 2019-06-23
+---
+--- a/lib/Mojo/IOLoop/TLS.pm
 b/lib/Mojo/IOLoop/TLS.pm
+@@ -14,8 +14,8 @@
+
+ has reactor => sub { Mojo::IOLoop->singleton->reactor }, weak => 1;
+
+-# To regenerate the certificate run this command (18.04.2012)
+-# openssl req -new -x509 -keyout server.key -out server.crt -nodes -days 7300
++# To regenerate the certificate run this command (22.06.2019)
++# openssl req -x509 -newkey rsa:4096 -nodes -sha256 -out server.crt -keyout 
server.key -days 7300 -subj '/CN=localhost'
+ my $CERT = path(__FILE__)->sibling('resources', 'server.crt')->to_string;
+ my $KEY  = path(__FILE__)->sibling('resources', 'server.key')->to_string;
+
+--- a/lib/Mojo/IOLoop/resources/server.crt
 b/lib/Mojo/IOLoop/resources/server.crt
+@@ -1,21 +1,29 @@
+ -BEGIN CERTIFICATE-
+-MIIDaTCCAtKgAwIBAgIJAI+AzotR68CTMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD
+-VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjESMBAGA1UEBxMJSGFtYmVy
+-Z2VuMRQwEgYDVQQKEwtNb2pvbGljaW91czESMBAGA1UEAxMJbG9jYWxob3N0MRsw
+-GQYJKoZIhvcNAQkBFgxzcmlAY3Bhbi5vcmcwHhcNMTIwNDE4MTczOTU5WhcNMzIw
+-NDEzMTczOTU5WjCBgDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hz
+-ZW4xEjAQBgNVBAcTCUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQ

Processed: Re: Bug#930717: unblock: pysynphot/0.9.12+dfsg-3

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> close 930717
Bug #930717 [release.debian.org] unblock: pysynphot/0.9.12+dfsg-3
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
930717: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930717
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems