Bug#1004534: Please promote version 1.38.0-1 to unstable

2022-01-29 Thread Eric Dorland 
Source: golang-google-grpc
Version: 1.27.1-1
Severity: wishlist

Please upload 1.38.0-1 to unstable so that it can be used for packages there. 
It's a requirement to upload dnscrypt-proxy 2.1.1 for example.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-1-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#991052: golang-google-grpc-dev: Outdated package

2021-09-23 Thread Eric Dorland 
Any chance at an unstable upload soon?

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#993949: dnscrypt-proxy fails to use address from DoH servers on start-up, resorts to system resolver

2021-09-09 Thread Eric Dorland 
Control: forwarded -1 https://github.com/DNSCrypt/dnscrypt-proxy/issues/1861

Thanks for the report. I've marked it forwarded upstream, and the fix
appears to be in
https://github.com/DNSCrypt/dnscrypt-proxy/commit/0f00cd27f92cee434336c6d6cde9df26286d8dbe.
 Do
you think this is serious enough to warrant cherrypicking into the
package or should we just wait for the next upstream release?

* Danny van Heumen (da...@dannyvanheumen.nl) wrote:
> Package: dnscrypt-proxy
> Version: 2.0.45+ds1-1+b5
> Severity: normal
> X-Debbugs-Cc: da...@dannyvanheumen.nl
> 
> Dear Maintainer,
> 
> A bug was recently found where DNS stamp information is used
> incorrectly to fill the resolver cache on initialization.
> 
> In short, DNS stamps of the various DNSCrypt/DoH/etc. resolvers include
> hostname and port information for finding the server. Additionally, it
> (optionally) includes an IPv4/IPv6 address to find the server without
> nameserver resolution for bootstrapping/initialization purposes, in such
> cases where it is unreliable or unavailable.
> 
> dnscrypt-proxy intends to use this address in all cases - caching the
> address with unlimited lifetime, but accidentally stored it with incorrect
> key "hostname with optional port number". Subsequently loading from a key
> "hostname" will fail to load the address from the cache.
> 
> Consequently, in all cases of DoH servers that include a port number,
> the bootstrapping address could not be loaded and dnscrypt-proxy needs to
> rely on the system resolver to look up the address anyways.
> 
> The details can be found in
> https://github.com/DNSCrypt/dnscrypt-proxy/issues/1861
> and a side-effect was under discussion at
> https://github.com/DNSCrypt/dnscrypt-proxy/discussions/1828
> 
> It is beneficial to use the DNS stamp information both for speed and
> reliability of resolution.
> 
> Kind regards,
> Danny
> 
> 
> PS: I am not familiar with bug reporting or bug handling in Debian. Please
> let me know if I should do things differently. I may be able to help if
> you want to cherry-pick the bugfix from upstream. (Although I am not
> affiliated with the project in any way.)
> 
> 
> -- System Information:
> Debian Release: 11.0
>   APT prefers stable-security
>   APT policy: (500, 'stable-security'), (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
> Kernel taint flags: TAINT_USER
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
> LANGUAGE=en_US:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages dnscrypt-proxy depends on:
> ii  adduser   3.118
> ii  libc6 2.31-13
> ii  lsb-base  11.1.0
> 
> dnscrypt-proxy recommends no packages.
> 
> Versions of packages dnscrypt-proxy suggests:
> pn  resolvconf  
> 
> -- Configuration Files:
> /etc/dnscrypt-proxy/dnscrypt-proxy.toml changed [not included]
> 
> -- no debconf information

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#992749: ITP: golang-github-powerman-deepequal -- Go package with improved reflect.DeepEqual

2021-08-22 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland 

* Package name: golang-github-powerman-deepequal
  Version : 0.1.0-1
  Upstream Author : Alex Efros
* URL : https://github.com/powerman/deepequal
* License : MIT
  Programming Lang: Go
  Description : Go package with improved reflect.DeepEqual

 Go package with improved reflect.DeepEqual Go Reference
 (https://pkg.go.dev/github.com/powerman/deepequal) CI/CD
 (https://github.com/powerman/deepequal/actions?query=workflow%3ACI%2FCD)
 Coverage Status
 (https://coveralls.io/github/powerman/deepequal?branch=master) Go Report
 Card (https://goreportcard.com/report/github.com/powerman/deepequal)
 Release (https://github.com/powerman/deepequal/releases/latest)
 .
 Most of the code is copied from Go reflect package with slight
 modifications.
 .
 Differences from reflect.DeepEqual: • If compared value implements
 .Equal(valueOfSameType) bool method then it will be called instead of
 comparing values as is.• If called Equal method will panics then whole
 DeepEqual will panics too.  This means you can use this DeepEqual method
 to correctly compare types like time.Time or decimal.Decimal, without
 taking in account unimportant differences (like time zone or exponent).

Needed for golang-github-powerman-check

Bug#989322: Patch

2021-06-14 Thread Eric Dorland 
FYI https://salsa.debian.org/debian/borgmatic/-/merge_requests/3

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#989322: Please include systemd service and timer

2021-05-31 Thread Eric Dorland 
Package: borgmatic
Version: 1.5.12-2
Severity: wishlist

Generally users of borgmatic want a low configuration overhead for their 
backups. It would be great if the sample systemd service and timers were 
included by default so less configuration was needed up front.


-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-1-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages borgmatic depends on:
ii  borgbackup 1.1.16-1
ii  python33.9.2-3
ii  python3-colorama   0.4.4-1
ii  python3-pkg-resources  52.0.0-3
ii  python3-pykwalify  1.8.0-1
ii  python3-requests   2.25.1+dfsg-2
ii  python3-ruamel.yaml0.16.12-2

borgmatic recommends no packages.

borgmatic suggests no packages.

-- no debconf information

Bug#979726: [pkg-opensc-maint] Bug#979726: opensc-pkcs11 0.21.0 breaks my vpn setup. Downgrading to 0.20.0 fixes the problem.

2021-01-10 Thread Eric Dorland 
forwarded -1 https://github.com/OpenSC/OpenSC/issues/2199
thanks

* Eric Valette (eric.vale...@free.fr) wrote:
> Package: opensc-pkcs11
> Version: 0.21.0-1
> Severity: normal
> Tags: upstream
> 
> My entreprose vpn setup use a PKI token that when 0.21.0-1 is mo more usable.
> I looked at the pcks11 options used to start openvpn in the systemd service 
> file
> 
> If I use opensc 0.21.0, the PKI led blinks and is accessed but no pkcs11-id 
> are displayed :
> 
> openvpn --pkcs11-providers p11-kit-proxy.so --show-pkcs11-ids
> 
> The following objects are available for use.
> Each object shown below may be used as parameter to
> --pkcs11-id option please remember to use single quote mark.
> 
> Downgrading to opensc 0.20.0 I get (stuff removed for confidentiality reasons)
> 
> openvpn --pkcs11-providers p11-kit-proxy.so --show-pkcs11-ids
> 
> The following objects are available for use.
> Each object shown below may be used as parameter to
> --pkcs11-id option please remember to use single quote mark.
> 
> Certificate
> DN: xxx
> Serial: xxx
> Serialized id: xxx
> 
> Certificate
> DN: xxx
> Serial: xxx
> Serialized id: xxx
> 
> Certificate
> DN: xxx
> Serial: xxx
> Serialized id: xxx
> 
> Certificate
> DN: xxx
> Serial: xxx
> Serialized id: xxx
> 
> p11-kit list-modules
> p11-kit-trust: p11-kit-trust.so
> library-description: PKCS#11 Kit Trust Module
> library-manufacturer: PKCS#11 Kit
> library-version: 0.23
> token: System Trust
> manufacturer: PKCS#11 Kit
> model: p11-kit-trust
> serial-number: 1
> hardware-version: 0.23
> flags:
> write-protected
> token-initialized
> opensc-pkcs11: opensc-pkcs11.so
> library-description: OpenSC smartcard framework
> library-manufacturer: OpenSC Project
> library-version: 0.21
> orange-dongle-aladdin: /usr/lib/libeToken.so
> library-description: SafeNet eToken PKCS#11
> library-manufacturer: SafeNet, Inc.
> library-version: 10.7
> 
> With the 0.20.0 modules
> 
> pkcs11-tool --module p11-kit-proxy.so -O
> Using slot 1 with a present token (0x12)
> 
> With 0.21.0 modules
> 
> pkcs11-tool --module p11-kit-proxy.so -O
> error: PKCS11 function C_GetSlotInfo failed: rv = CKR_FUNCTION_NOT_SUPPORTED 
> (0x54)
> 
> Abortin
> 
> Many colleage have been hit by the bug. I opened it upstream at 
> https://github.com/OpenSC/OpenSC/issues/2199
> 
> 
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 5.10.6 (SMP w/8 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
> Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /usr/bin/bash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages opensc-pkcs11 depends on:
> ii  libc6 2.31-9
> ii  libglib2.0-0  2.67.1-1
> ii  libssl1.1 1.1.1i-1
> ii  zlib1g1:1.2.11.dfsg-2
> 
> opensc-pkcs11 recommends no packages.
> 
> opensc-pkcs11 suggests no packages.
> 
> -- no debconf information
> 
> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-opensc-maint

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#979535: Please package latest upstream release

2021-01-07 Thread Eric Dorland 
Source: golang-github-miekg-dns
Severity: wishlist

There have been several new upstream releases and the newest dnscrypt-proxy 
package requires a newer version.


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-1-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#969298: Kerberos authentication broken

2020-08-31 Thread Eric Dorland 
* Ilias Tsitsimpis (ilias...@debian.org) wrote:
> Hi Eric,
> 
> On Sun, Aug 30, 2020 at 06:32PM, Eric Dorland wrote:
> > Kerberos authentication appears to be broken.
> > [...]
> > Versions of packages offlineimap depends on:
> > ii  python-imaplib2  2.57-5.1
> > ii  python-six   1.15.0-1
> > ii  python2  2.7.18-2
> > 
> > Versions of packages offlineimap recommends:
> > ii  python-socks  1.6.8+dfsg-1.1
> > 
> > Versions of packages offlineimap suggests:
> > pn  python-gssapi  
> 
> OfflineIMAP requires `python-gssapi` for Kerberos authentication, which
> is missing from your system. Could you please install `python-gssapi`
> and retry?

Ahh, it looks like python-gssapi has been removed from unstable :(

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#965995: dnscrypt-proxy: Purging fails: rm: cannot remove '/etc/dnscrypt-proxy/dnscrypt-proxy.conf.dpkg-bak': Is a directory

2020-08-31 Thread Eric Dorland 
* Axel Beckert (a...@debian.org) wrote:
> Package: dnscrypt-proxy
> Version: 2.0.44+ds1-2
> Severity: serious
> X-Debbugs-Cc: Axel Beckert 
> 
> Purging dnscrypt-proxy fails for me as follows (and IIRC I never changed
> anything from the default config, but the package might have a bit on
> history on that machine):
> 
> # dpkg --purge dnscrypt-proxy
> (Reading database ... 1190427 files and directories currently installed.)
> Purging configuration files for dnscrypt-proxy (2.0.44+ds1-2) ...
> rm: cannot remove '/etc/dnscrypt-proxy/dnscrypt-proxy.conf.dpkg-bak': Is a 
> directory
> dpkg: error processing package dnscrypt-proxy (--purge):
>  installed dnscrypt-proxy package post-removal script subprocess returned 
> error exit status 1
> Errors were encountered while processing:
>  dnscrypt-proxy
> 
> Might be just a missing "-r" to "rm" in the postrm script or so.

So this appears to be a bug related to a mess in the past where there
was a /etc/dnscrypt-proxy/dnscrypt-proxy.conf directory created at
some point. I'm using dpkg-maintscript-helper but it appears to
failing on this edge case.

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#969298: Kerberos authentication broken

2020-08-30 Thread Eric Dorland 
Package: offlineimap
Version: 7.3.3+dfsg1-1
Severity: important

Kerberos authentication appears to be broken. I believe this happened after my 
latest apt full-upgrade, though I think the only relevant package that changed 
was python-imaplib2. Debugging flag isn't giving me a lot to go on:

$ offlineimap -d ALL
WARNING:root:Using old interface name, consider using one of quiet, ttyui, 
machineui, syslog, basic, blinkenlights
OfflineIMAP 7.3.3
  Licensed under the GNU GPL v2 or any later version (with an OpenSSL exception)
INFO:OfflineImap:OfflineIMAP 7.3.3
  Licensed under the GNU GPL v2 or any later version (with an OpenSSL exception)
imaplib2 v2.57 (system), Python v2.7.18, OpenSSL 1.1.1g  21 Apr 2020
INFO:OfflineImap:imaplib2 v2.57 (system), Python v2.7.18, OpenSSL 1.1.1g  21 
Apr 2020
Now debugging for imap: IMAP protocol debugging
DEBUG:OfflineImap:Now debugging for imap: IMAP protocol debugging
Now debugging for maildir: Maildir repository debugging
DEBUG:OfflineImap:Now debugging for maildir: Maildir repository debugging
Now debugging for thread: Threading debugging
DEBUG:OfflineImap:Now debugging for thread: Threading debugging
Now debugging for : Other offlineimap related sync messages
DEBUG:OfflineImap:Now debugging for : Other offlineimap related sync messages
Account sync kuroneko:
 [thread]: Register new thread 'Account sync kuroneko' (account 'kuroneko')
DEBUG:OfflineImap:[thread]: Register new thread 'Account sync kuroneko' 
(account 'kuroneko')
 [imap]: Using authentication mechanisms ['GSSAPI', 'XOAUTH2', 'CRAM-MD5', 
'PLAIN', 'LOGIN']
DEBUG:OfflineImap:[imap]: Using authentication mechanisms ['GSSAPI', 'XOAUTH2', 
'CRAM-MD5', 'PLAIN', 'LOGIN']
 [maildir]: MaildirRepository initialized, sep is '.'
DEBUG:OfflineImap:[maildir]: MaildirRepository initialized, sep is '.'
 *** Processing account kuroneko
INFO:OfflineImap:*** Processing account kuroneko
 Establishing connection to forge.kuroneko.ca:993 (forge)
INFO:OfflineImap:Establishing connection to forge.kuroneko.ca:993 (forge)
 [imap]: forge: level 'tls_compat', version 'None'
DEBUG:OfflineImap:[imap]: forge: level 'tls_compat', version 'None'
 [imap]: Attempting GSSAPI authentication
DEBUG:OfflineImap:[imap]: Attempting GSSAPI authentication
 [imap]: Attempting PLAIN authentication
DEBUG:OfflineImap:[imap]: Attempting PLAIN authentication
Enter password for user 'eric':

Let me know if I can do something else to get info.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages offlineimap depends on:
ii  python-imaplib2  2.57-5.1
ii  python-six   1.15.0-1
ii  python2  2.7.18-2

Versions of packages offlineimap recommends:
ii  python-socks  1.6.8+dfsg-1.1

Versions of packages offlineimap suggests:
pn  python-gssapi  

-- no debconf information

Bug#964280: DDPO: lintian links no longer work

2020-07-04 Thread Eric Dorland 
Package: qa.debian.org
Severity: normal

For example, the link for the package "dnscrypt-proxy" is 
https://lintian.debian.org/reports/maintainer/eric%40debian.org.html#dnscrypt-proxy,
 which returns a 404. It looks like there are now links for source packages 
like https://lintian.debian.org/sources/dnscrypt-proxy.html that should be easy 
to use instead.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#963180: automake-1.16 could NOT build with DEB_BUILD_PROFILE=stage1

2020-07-04 Thread Eric Dorland 
Is this a bug in debhelper? If you're asking for nodoc build, why
would dh_installinfo want to install anything?

* Đoàn Trần Công Danh (sgn.d...@gmail.com) wrote:
> Package: automake
> Version: 1.16.1-4
> 
> Step to procedure:
> 
>   $ export DEB_BUILD_PROFILE=stage1
>   $ # Below is none-complete, filled all no-profiles from
>   $ # https://wiki.debian.org/BuildProfileSpec
>   $ export DEB_BUILD_PROFILES=stage1,nodoc,nocheck,nobiarch
>   $ dpkg-buildpackage
> 
> dh_installinfo complains that doc/automake-1.16.info not found.
> 
> I need this patch:
> 8<
> --- debian/rules.orig 2020-06-20 13:47:36.551860112 +0700
> +++ debian/rules  2020-06-20 13:48:07.398980348 +0700
> @@ -30,6 +30,7 @@
>  override_dh_auto_build:
>  ifeq ($(DEB_BUILD_PROFILE),stage1)
>   touch doc/automake.info
> + cp doc/automake.info doc/automake-$(version).info
>  endif
>   dh_auto_build
>  
> >8--
> 

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#948234: ITP: golang-github-hectane-go-acl -- Go library for manipulating ACLs on Windows

2020-01-05 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland 

* Package name: golang-github-hectane-go-acl
  Version : 0.0~git20190604.da78bae-1
  Upstream Author : Hectane
* URL : https://github.com/hectane/go-acl
* License : MIT 
  Programming Lang: Go
  Description : Go library for manipulating ACLs on Windows

 Manipulating ACLs (Access Control Lists) on Windows is difficult. go-acl
 wraps the Windows API functions that control access to objects,
 simplifying the process.

Bug#948233: ITP: golang-github-powerman-check -- Helpers to complement Go testing package

2020-01-05 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland 

* Package name: golang-github-powerman-check
  Version : 1.2.1-1
  Upstream Author : Alex Efros
* URL : https://github.com/powerman/check
* License : MIT
  Programming Lang: Go
  Description : Helpers to complement Go testing package

 Write Go tests with ease and fun! This package is like testify/assert
 on steroids.
 .
 Features:
   * Compelling output from failed tests.
   * Statistics with amount of passed/failed checks.
   * Colored output in terminal.
   * 100% compatible with testing package - check package just provide
 convenient wrappers for *testing.T methods and doesn't introduce
 new concepts like BDD, custom test suite or unusual execution
 flow.
   * Very easy to add your own check functions.
   * Concise, handy and consistent API, without dot-import!

Bug#933312: ITP: golang-github-cloudflare-circl -- Cloudflare Interoperable Reusable Cryptographic Library

2019-07-28 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland 

* Package name: golang-github-cloudflare-circl
  Version : 1.0.0
  Upstream Author : Cloudflare
* URL : https://github.com/cloudflare/circl
* License : BSD
  Programming Lang: Go
  Description : Cloudflare Interoperable Reusable Cryptographic Library

CIRCL is a collection of cryptographic primitives written in Go. The goal of 
this library is to be used as a tool for experimental deployment of 
cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve 
Cryptography (ECC).

Bug#922650: [pkg-opensc-maint] Bug#922650: opensc-pkcs11: fails to work with dual CAC PIV cards

2019-03-03 Thread Eric Dorland 
Hi,

I'm a bit reluctant to take sure a significant patch set that hasn't
been in a release. Can you elaborate on the consequences of not taking
it? 

* A. Maitland Bottoms (bott...@debian.org) wrote:
> Package: opensc-pkcs11
> Version: 0.19.0-1
> Severity: important
> Tags: patch
> 
> Dear Maintainer,
> 
> Recent PIV enabled CAC cards are not handled by the opensc 0.19.0
> release. Yet all current CAC cards are scheduled to enable PIV
> authentication by March 31, 2019.
> 
> For users of these cards, this bug is of grave severity.
> 
> This problem has been solved recently upstream
> https://github.com/OpenSC/OpenSC
> although the fixes have not yet been included in an upstream release.
> 
> I have cherry-picked from upstream commits a small set that provides
> working card support. It works for me using
> pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -t
> ssh-keygen -D /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
> ssh -I /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
> and Firefox browser smart card token support.
> 
> Attached is a debdiff of my test package.
> 
> I think Buster will be much better if we can release it with support
> for this use case.
> 
> Thanks,
> -Maitland
> 
> enc: opensc-pkcs11-Dual-CAC-PIV-and-PIVK-support.debdiff


> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-opensc-maint


-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#913674: release.debian.org: Regression: Recent upgrade of opensc breaks Yubikey NEO support

2018-11-15 Thread Eric Dorland 
Sorry for the delay, I'm happy to prepare a p-u upload this weekend.

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#909444: Minor security issues, CVE-2018-{16391-16393,16418-16427}

2018-09-23 Thread Eric Dorland 
Package: opensc
Version: 0.16.0-3
Severity: important
Tags: security

https://security-tracker.debian.org/tracker/source-package/opensc has the 
complete list.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opensc depends on:
ii  libc6  2.27-5
ii  libglib2.0-0   2.56.1-2
ii  libreadline7   7.0-5
ii  libssl1.1  1.1.1~~pre9-1
ii  opensc-pkcs11  0.18.0-3
ii  zlib1g 1:1.2.11.dfsg-1

Versions of packages opensc recommends:
ii  pcscd  1.8.23-3

opensc suggests no packages.

-- no debconf information

Bug#900172: GSSAPI/Kerberos authentication broken in latest version (7.2.0+dfsg1-1)

2018-05-26 Thread Eric Dorland 
Package: offlineimap
Version: 7.2.0+dfsg1-1
Severity: important

Let me know if I can provide more information.

$ offlineimap -d imap
WARNING:root:Using old interface name, consider using one of quiet, ttyui, machi
neui, syslog, basic, blinkenlights
OfflineIMAP 7.2.0
  Licensed under the GNU GPL v2 or any later version (with an OpenSSL exception)
INFO:OfflineImap:OfflineIMAP 7.2.0
  Licensed under the GNU GPL v2 or any later version (with an OpenSSL exception)
imaplib2 v2.57 (system), Python v2.7.15, OpenSSL 1.1.0h  27 Mar 2018
INFO:OfflineImap:imaplib2 v2.57 (system), Python v2.7.15, OpenSSL 1.1.0h  27 Mar
 2018
Debug mode: Forcing to singlethreaded.
INFO:OfflineImap:Debug mode: Forcing to singlethreaded.
Now debugging for imap: IMAP protocol debugging
DEBUG:OfflineImap:Now debugging for imap: IMAP protocol debugging
Now debugging for : Other offlineimap related sync messages
DEBUG:OfflineImap:Now debugging for : Other offlineimap related sync messages
Account sync kuroneko:
 [imap]: Using authentication mechanisms ['GSSAPI', 'XOAUTH2', 'CRAM-MD5', 'PLAI
N', 'LOGIN']
DEBUG:OfflineImap:[imap]: Using authentication mechanisms ['GSSAPI', 'XOAUTH2',
'CRAM-MD5', 'PLAIN', 'LOGIN']
 *** Processing account kuroneko
INFO:OfflineImap:*** Processing account kuroneko
 Establishing connection to forge.kuroneko.ca:993 (forge)
INFO:OfflineImap:Establishing connection to forge.kuroneko.ca:993 (forge)
 [imap]: forge: level 'tls_compat', version 'None'
DEBUG:OfflineImap:[imap]: forge: level 'tls_compat', version 'None'
 [imap]: Attempting GSSAPI authentication
DEBUG:OfflineImap:[imap]: Attempting GSSAPI authentication
 GSSAPI authentication failed: [UNAVAILABLE] Internal error occurred. Refer to s
erver log for more information.
WARNING:OfflineImap:GSSAPI authentication failed: [UNAVAILABLE] Internal error o
ccurred. Refer to server log for more information.
 [imap]: Attempting PLAIN authentication
DEBUG:OfflineImap:[imap]: Attempting PLAIN authentication
forge.kuroneko.ca reader:
 [imap]:   58:41.61 forge.kuroneko.ca reader last 20 log messages:
DEBUG:OfflineImap:[imap]:   58:41.61 forge.kuroneko.ca reader last 20 log messag
es:
Account sync kuroneko:
 PLAIN authentication failed: command: AUTHENTICATE => socket error:  - Too many read 0
WARNING:OfflineImap:PLAIN authentication failed: command: AUTHENTICATE => socket
 error:  - Too many read 0
 [imap]: Attempting LOGIN authentication
DEBUG:OfflineImap:[imap]: Attempting LOGIN authentication
 [imap]: Attempting IMAP LOGIN authentication
DEBUG:OfflineImap:[imap]: Attempting IMAP LOGIN authentication

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages offlineimap depends on:
ii  python   2.7.15~rc1-1
ii  python-imaplib2  2.57-1
ii  python-six   1.11.0-2

Versions of packages offlineimap recommends:
ii  python-socks  1.6.5-1

Versions of packages offlineimap suggests:
ii  python-gssapi  1.4.1-1

-- no debconf information

Bug#899161: ITP: golang-github-kardianos-service -- Run go programs as a service on major platforms.

2018-05-20 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-kardianos-service
  Version : 0.0~git20180320.615a14e-1
  Upstream Author : Daniel Theophanes
* URL : https://github.com/kardianos/service
* License : zlib
  Programming Lang: Go
  Description : Run go programs as a service on major platforms.

 service will install / un-install, start / stop, and run a program as a
 service (daemon).  Currently supports Windows XP+, Linux/(systemd | Upstart |
 SysV), and OSX/Launchd.
 .
 Windows controls services by setting up callbacks that is
 non-trivial. This is very different then other systems. This package
 provides the same API despite the substantial differences.  It also can be
 used to detect how a program is called, from an interactive terminal or
 from a service manager.

Bug#898529: ITP: golang-github-jedisct1-go-dnsstamps -- DNS Stamps library for Go

2018-05-12 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-jedisct1-go-dnsstamps
  Version : 0.0~git20180418.1e49992-1
  Upstream Author : Frank Denis
* URL : https://github.com/jedisct1/go-dnsstamps
* License : MIT
  Programming Lang: Go
  Description : DNS Stamps library for Go

DNS Stamps library for Go

Bug#895753: ITP: golang-github-k-sone-critbitgo -- crit-bit for golang and its applications (sorted map, IP routing table)

2018-04-15 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-k-sone-critbitgo
  Version : 1.1.0+git20170112.327359a-1
  Upstream Author : Keita Sone
* URL : https://github.com/k-sone/critbitgo
* License : MIT
  Programming Lang: Go
  Description : crit-bit trees for golang

 Crit-bit trees (http://cr.yp.to/critbit.html) in golang and its applications.
 .
 This implementation extended to handle the key that contains a null
 character from C implementation (https://github.com/agl/critbit).

Bug#894591: ITP: golang-github-jedisct1-go-minisign -- Minisign library for Golang

2018-04-01 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-jedisct1-go-minisign
  Version : 0.0~git20180113.f404c07-1
  Upstream Author : Frank Denis
* URL : https://github.com/jedisct1/go-minisign
* License : MIT
  Programming Lang: Go
  Description : Minisign library for Golang

 A Golang library to verify Minisign
 (https://jedisct1.github.io/minisign/) signatures.

Bug#894590: ITP: golang-github-jedisct1-go-clocksmith -- A sleep-aware-sleep() function

2018-04-01 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-jedisct1-go-clocksmith
  Version : 0.0~git20180307.c35da9b-1
  Upstream Author : Frank Denis
* URL : https://github.com/jedisct1/go-clocksmith
* License : MIT
  Programming Lang: Go
  Description : sleep-aware-sleep() function for Go

 A sleep-aware sleep() function, that doesn't pause (for too
 long) if the system goes to hibernation.

Bug#894585: ITP: golang-github-jedisct1-dlog -- A super simple logger for Go. Supports stderr, logfiles, syslog and windows event log.

2018-04-01 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-jedisct1-dlog
  Version : 0.3+git20180206.52c32ac-1
  Upstream Author : Frank Denis
* URL : https://github.com/jedisct1/dlog
* License : BSD-2-clause
  Programming Lang: Go
  Description : A super simple logger for Go

 Go's standard logger is fairly limited. As result, kazilion alternatives
 loggers have been written.
 .
 All of these are wonderful. They can make your logs look colorful and
 pretty, buffer things in complicated ways, format data for ElasticSearch,
 and more.
 .
 Cool, but all I wanted is something super dumb, that just exposes
 log.Info(), log.Error() and a couple other standard levels.
 .
 I don't need a super flexible kitchen sink. Just something super basic
 and trivial to use. I just want it to handle different log levels, and
 be able to write simple logs to stderr, to a local file, to syslog and
 to the Windows event log.
 .
 So, here's one more logging library for Go. The dumbest of them
 all. Enjoy.

Bug#894057: ITP: golang-github-jedisct1-xsecretbox -- Go implementation of crypto_secretbox_xchacha20poly1305

2018-03-25 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-jedisct1-xsecretbox
  Version : 0.0~git20180214.88b1956-1
  Upstream Author : Frank Denis
* URL : https://github.com/jedisct1/xsecretbox
* License : MIT
  Programming Lang: Go
  Description : Go implementation of crypto_secretbox_xchacha20poly1305

 xsecretbox is a Go implementation of crypto_secretbox_xchacha20poly1305.

Bug#893437: ITP: golang-github-vividcortex-godaemon -- Daemonize Go applications deviously.

2018-03-18 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-vividcortex-godaemon
  Version : 0.0~git20150910.3d9f6e0-1
  Upstream Author : VividCortex
* URL : https://github.com/VividCortex/godaemon
* License : MIT
  Programming Lang: Go
  Description : Daemonize Go applications deviously

 Daemonize Go applications with exec() instead of fork().
 .
 You can't daemonize the usual way in Go. Daemonizing is a Unix concept
 that requires some specific things (http://goo.gl/vTUsVy) you can't do
 easily in Go. But you can still accomplish the same goals if you don't
 mind that your program will start copies of itself several times, as
 opposed to using fork() the way many programmers are accustomed to doing.

Bug#893428: ITP: golang-github-facebookgo-pidfile -- Package pidfile manages pid files.

2018-03-18 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-facebookgo-pidfile
  Version : 0.0~git20150612.f242e29-1
  Upstream Author : Facebook Go
* URL : https://github.com/facebookgo/pidfile
* License : MIT
  Programming Lang: Go
  Description : Go library for managing pid files

 Package pidfile manages pid files.

Bug#893329: ITP: golang-github-facebookgo-atomicfile -- Package atomicfile provides an atomically written/replaced file.

2018-03-17 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-facebookgo-atomicfile
  Version : 0.0~git20151019.2de1f20-1
  Upstream Author : Facebook Go
* URL : https://github.com/facebookgo/atomicfile
* License : BSD
  Programming Lang: Go
  Description : Provides an atomically written/replaced file.

Package atomicfile provides the ability to write a file with an eventual rename 
on Close (using os.Rename). This allows for a file to always be in a consistent 
state and never represent an in-progress write.

NOTE: `os.Rename` may not be atomic on your operating system.

Bug#892705: ITP: golang-github-aead-chacha20 -- ChaCha20 and XChaCha20 stream ciphers

2018-03-11 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-aead-chacha20
  Version : 0.0~git20180214.c8d2937-1
  Upstream Author : Andreas Auernhammer
* URL : https://github.com/aead/chacha20
* License : MIT
  Programming Lang: Go
  Description : ChaCha20 and XChaCha20 stream ciphers go library

 The ChaCha20 stream cipher ChaCha is a stream cipher family
 created by Daniel J. Bernstein.  The most common ChaCha cipher
 is ChaCha20 (20 rounds). ChaCha20 is standardized in RFC 7539
 (https://tools.ietf.org/html/rfc7539).
 .
 This package provides implementations of three ChaCha versions: -
 ChaCha20 with a 64 bit nonce (can en/decrypt up to 2^64 * 64 bytes
 for one key-nonce combination) - ChaCha20 with a 96 bit nonce (can
 en/decrypt up to 2^32 * 64 bytes ~ 256 GB for one key-nonce combination)
 - XChaCha20 with a 192 bit nonce (can en/decrypt up to 2^64 * 64 bytes
 for one key-nonce combination)

Bug#892704: ITP: golang-github-aead-poly1305 -- The poly1305 message authentication code

2018-03-11 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: golang-github-aead-poly1305
  Version : 0.0~git20170715.6cf43fd-1
  Upstream Author : Andreas Auernhammer
* URL : https://github.com/aead/poly1305
* License : MIT
  Programming Lang: Go
  Description : The poly1305 message authentication code

 Poly1305 is a fast, one-time authentication function created by 
 Daniel J. Bernstein.  It is infeasible for an attacker to generate
 an authenticator for a message without the key.  However, a key must
 only be used for a single message. Authenticating two different
 messages with the same key allows an attacker to forge authenticators
 for other messages with the same key.

Bug#878122: [pkg-opensc-maint] Bug#878122: opensc: please enable npa-tool

2018-02-24 Thread Eric Dorland 
Control: block -1 by 891386

It looks like this requires OpenPACE to be packaged first.

* Andrew Shadura (andre...@debian.org) wrote:
> Package: opensc
> Version: 0.17.0-1
> Severity: wishlist
> 
> Dear Maintainer,
> 
> Please enable npa-tool recently added to OpenSC:
> 
> https://github.com/OpenSC/OpenSC/pull/831/commits/089c472d8f87145ee0e2f66df087615fc4af1e3d#diff-67e997bcfdac55191033d57a16d1408aR869
> 
> Thanks!
> 

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#888637: gozer: Update URL

2018-02-24 Thread Eric Dorland 
Do you have a new URL to suggest?

* Ricardo Fabian Peliquero (zh...@lasampa.com.ar) wrote:
> Package: gozer
> Version: 0.7.nofont.1-6+b1
> Severity: minor
> 
> Dear Maintainer,
> 
> Please consider updating URL in package information.
> Current URL (http://linuxbrit.co.uk/gozer/) is not reachable.
> 
> Thank you!
> 
> Ricardo
> 
> -- System Information:
> Debian Release: buster/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.15.0-rc8-amd64 (SMP w/2 CPU cores)
> Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8), 
> LANGUAGE=es_AR.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
> 
> Versions of packages gozer depends on:
> ii  giblib11.2.4-11
> ii  libc6  2.26-6
> ii  libimlib2  1.4.10-1
> 
> gozer recommends no packages.
> 
> gozer suggests no packages.
> 
> -- no debconf information

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#891386: RFP: openpace -- OpenPACE implements Extended Access Control (EAC) version 2

2018-02-24 Thread Eric Dorland 
Package: wnpp
Severity: wishlist

* Package name: openpace
  Version : 1.0.2
  Upstream Author : Frank Morgner 
* URL : https://frankmorgner.github.io/openpace/
* License : GPL3
  Programming Lang: C
  Description : OpenPACE implements Extended Access Control (EAC) version 2

OpenPACE implements Extended Access Control (EAC) version 2 as specified in
BSI TR-03110. OpenPACE comprises support for the following protocols:

* Password Authenticated Connection Establishment (PACE) Establish a secure
  channel with a strong key between two parties that only share a weak secret.
* Terminal Authentication (TA) Verify/prove the terminal's certificate (or
  rather certificate chain) and secret key.
* Chip Authentication (CA) Establish a secure channel based on the chip's
  static key pair proving its authenticy.

Furthermore, OpenPACE also supports Card Verifiable Certificates (CV
Certificates) as well as easy to use wrappers for using the established
secure channels.

Bug#884320: [pkg-opensc-maint] Bug#884320: upgrade error libp11-2 -> libp11-3

2018-01-15 Thread Eric Dorland 
Control: tags -1 unreproducible

I'm confused how this could be possible since on my machine I see:

$ sudo dpkg -L libp11-3
/.
/usr
/usr/lib
/usr/lib/x86_64-linux-gnu
/usr/lib/x86_64-linux-gnu/libp11.so.3.3.7
/usr/share
/usr/share/doc
/usr/share/doc/libp11-3
/usr/share/doc/libp11-3/changelog.Debian.gz
/usr/share/doc/libp11-3/copyright
/usr/lib/x86_64-linux-gnu/libp11.so.3

$ apt show libp11-3
Package: libp11-3
Version: 0.4.7-2
Priority: optional
Section: libs
Source: libp11
Maintainer: Debian OpenSC Maintainers <pkg-opensc-ma...@lists.alioth.debian.org>
Installed-Size: 79.9 kB
Depends: libc6 (>= 2.14), libssl1.1 (>= 1.1.0)
Homepage: https://github.com/OpenSC/libp11
Download-Size: 24.0 kB
APT-Manual-Installed: no
APT-Sources: http://ftp.us.debian.org/debian unstable/main amd64 Packages
Description: pkcs#11 convenience library
 Libp11 is a library to simplify using smart cards via PKCS#11
 modules.  It was spun of the OpenSC project but can be used with any
 pkcs#11 module.

* Matthias Klose (d...@debian.org) wrote:
> Package: libp11-3
> Version: 0.4.7-2
> Severity: serious
> Tags: sid buster
> 
> missing breaks/replaces
> 
> Unpacking libp11-3:amd64 (0.4.7-2) ...
> dpkg: error processing archive
> /tmp/apt-dpkg-install-ZbKGej/78-libp11-3_0.4.7-2_amd64.deb (--unpack):
>  trying to overwrite '/usr/lib/x86_64-linux-gnu/libp11.so.2.4.7', which is 
> also
> in package libp11-2:amd64 0.4.7-1
> Preparing to unpack .../79-libp11-dev_0.4.7-2_amd64.deb ...
> 
> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#760021: lintian: check for not wrap-and-sort formatted files

2017-09-06 Thread Eric Dorland 
* Mattia Rizzolo (mat...@debian.org) wrote:
> On Tue, Sep 05, 2017 at 09:04:45AM +0100, Chris Lamb wrote:
> > Mattia convinced me, alas. Yes, not even at the "P:" level. Perhaps I'm
> > stuck on thinking about the implementation...
> 
> Lintian recently already "regressed" in its "policy" of not being too
> nagging.  Already there are tags that I've been ignoring because too
> annoying and way too often too hard or impossible to accomplish
> (upstream gpg sig and autopkgtest come to my mind).  I do not want to
> have lintian go back to its situation of "way too noise, let's ignore
> it" that it was several years ago.

I think that's a fair sentiment but we shouldn't necessarily lump
together nagging warnings that are difficult or impossible to fix with
ones like this one that are trivial to fix (aka run wrap-and-sort).

> > Here's another possibility however: Lintian warns about things — at
> > a pedantic level — that wrap-and-sort would correct? For example,
> > trailing whitespace, etc.
> 
> I'd love it, but I believe people would just be annoyed by it.
> Have you seen uploads like this: https://tracker.debian.org/news/865454
>* Replace FIXME markers with TODO markers. Silly lintian ...
> 
> I do not want to see more of them, please let's try to stay real, even
> if I personally would like to see more cleaness around.
> 



-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#760021: lintian: check for not wrap-and-sort formatted files

2017-09-04 Thread Eric Dorland 
* Mattia Rizzolo (mat...@debian.org) wrote:
> On Thu, Aug 31, 2017 at 10:06:52AM +0100, Chris Lamb wrote:
> > > lintian: check for not wrap-and-sort formatted files
> > 
> > Good idea.
> 
> I don't think it is.
> wrap-and-sort (or the equivalent from cme) is not widely enough adopted
> as of yet.  I personally try to have all my sponsee use it, and I
> sometimes force a wrap-and-sort into NMUs, but it's still too rare.
> 
> Also, wouldn't you need to pick only one of the -t, -s, -a combinations?
> I see people disliking -t (trailing commas) also because it's not in
> policy, and arguments for and agaist -s and -a; see the wrap-and-sort
> manual if you don't understand what I'm talking about.
> And that's without considering cme's configuration.

You wouldn't necessarily have to proscribe one single wrap-and-sort
variant, you could check a number of variations and see if any of them
fit the current set of files. But yes, if policy could be more
prescriptive about what the formatting should look like that would be cool.

> > Alas, I fear that this would either require calling out to
> > wrap-and-sort (!) and diffing the result, or essentially reimplementing
> > it within Lintian itself?
> 
> You could use libconfig-model-dpkg-perl, most probably.  Therefore
> elevating cme's implementation.
> 
> Summing up: I don't think it's a practise ready to be nudged by lintian
> yet.

Not even at the pedantic level?

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#865188: patch

2017-08-12 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN madplay-0.15.2b.old/debian/control madplay-0.15.2b/debian/control
--- madplay-0.15.2b.old/debian/control	2017-08-12 15:55:52.329875682 -0400
+++ madplay-0.15.2b/debian/control	2017-08-12 15:56:23.293484589 -0400
@@ -1,7 +1,7 @@
 Source: madplay
 Priority: optional
 Section: sound
-Build-Depends: cdbs, debhelper (>= 4.1.0), gettext, zlib1g-dev, libesd0-dev, libmad0-dev (>= 0.15.0), libid3tag0-dev (>= 0.15.0), autotools-dev, libtool, autoconf, automake1.11, libasound2-dev
+Build-Depends: cdbs, debhelper (>= 4.1.0), gettext, zlib1g-dev, libesd0-dev, libmad0-dev (>= 0.15.0), libid3tag0-dev (>= 0.15.0), autotools-dev, libtool, autoconf, automake, libasound2-dev
 Maintainer: Mad Maintainers <pkg-mad-maintain...@lists.alioth.debian.org>
 Uploaders: Sam Clegg <s...@debian.org>, Kurt Roeckx <k...@roeckx.be>, Clément Stenac <zorg...@debian.org>
 Standards-Version: 3.6.1
diff -ruN madplay-0.15.2b.old/debian/rules madplay-0.15.2b/debian/rules
--- madplay-0.15.2b.old/debian/rules	2017-08-12 15:55:52.333875632 -0400
+++ madplay-0.15.2b/debian/rules	2017-08-12 15:56:46.129196251 -0400
@@ -4,9 +4,9 @@
 #export DH_VERBOSE=1
 
 DEB_AUTO_UPDATE_LIBTOOL:=pre
-DEB_AUTO_UPDATE_ACLOCAL:=1.11
-DEB_AUTO_UPDATE_AUTOHEADER:=1.11
-DEB_AUTO_UPDATE_AUTOMAKE:=1.11
+DEB_AUTO_UPDATE_ACLOCAL:=1.15
+DEB_AUTO_UPDATE_AUTOHEADER:=1.15
+DEB_AUTO_UPDATE_AUTOMAKE:=1.15
 DEB_AUTO_UPDATE_AUTOCONF:=yes
 DEB_AUTOMAKE_ARGS:=--foreign --add-missing
 


signature.asc
Description: PGP signature

Bug#865186: patch

2017-08-12 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
From 63f625565ccd7342387de3a90d8f4049ada6e81f Mon Sep 17 00:00:00 2001
From: Eric Dorland <e...@debian.org>
Date: Sat, 12 Aug 2017 15:50:07 -0400
Subject: [PATCH] Move to modern automake

---
 debian/control | 2 +-
 debian/rules   | 8 
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/debian/control b/debian/control
index 2f7f406..0cb6a03 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: autotools-dev,
  devscripts,
  cdbs (>= 0.4.106~),
  libtool,
- automake1.11,
+ automake,
  autoconf,
  debhelper,
  dh-buildinfo,
diff --git a/debian/rules b/debian/rules
index 71b08ba..570548e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -19,10 +19,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 DEB_AUTO_UPDATE_LIBTOOL = pre
-DEB_AUTO_UPDATE_ACLOCAL = 1.11
-DEB_AUTO_UPDATE_AUTOCONF = 2.68
-DEB_AUTO_UPDATE_AUTOHEADER = 2.68
-DEB_AUTO_UPDATE_AUTOMAKE = 1.11
+DEB_AUTO_UPDATE_ACLOCAL = 1.15
+DEB_AUTO_UPDATE_AUTOCONF = 2.69
+DEB_AUTO_UPDATE_AUTOHEADER = 2.69
+DEB_AUTO_UPDATE_AUTOMAKE = 1.15
 include /usr/share/cdbs/1/rules/upstream-tarball.mk
 include /usr/share//cdbs/1/rules/utils.mk
 include /usr/share/cdbs/1/class/autotools.mk
-- 
2.13.3



signature.asc
Description: PGP signature

Bug#865185: patch

2017-08-12 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN libnfsidmap-0.25.old/debian/control libnfsidmap-0.25/debian/control
--- libnfsidmap-0.25.old/debian/control	2017-08-12 15:37:47.471679352 -0400
+++ libnfsidmap-0.25/debian/control	2017-08-12 15:38:13.135350328 -0400
@@ -2,7 +2,7 @@
 Priority: optional
 Section: libs
 Maintainer: Anibal Monsalve Salazar <ani...@debian.org>
-Build-Depends: dpkg-dev (>= 1.16.1~), debhelper (>= 9), libldap2-dev, autotools-dev, automake1.11, autoconf (>= 2.68), libtool
+Build-Depends: dpkg-dev (>= 1.16.1~), debhelper (>= 9), libldap2-dev, autotools-dev, automake, autoconf (>= 2.69), libtool
 Standards-Version: 3.9.4
 Homepage: http://www.citi.umich.edu/projects/nfsv4/linux/
 


signature.asc
Description: PGP signature

Bug#865181: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN libg15render-1.3.0~svn316.old/debian/control libg15render-1.3.0~svn316/debian/control
--- libg15render-1.3.0~svn316.old/debian/control	2017-08-10 18:42:04.955046872 -0400
+++ libg15render-1.3.0~svn316/debian/control	2017-08-10 18:42:41.718609099 -0400
@@ -2,7 +2,7 @@
 Section: libs
 Priority: optional
 Maintainer: Giacomo Catenazzi <c...@debian.org>
-Build-Depends: cdbs, debhelper (>= 5), autotools-dev, libtool, automake1.11,
+Build-Depends: cdbs, debhelper (>= 5), autotools-dev, libtool, automake,
  libg15-dev, libusb-dev, libfreetype6-dev
 Standards-Version: 3.8.2
 Homepage: http://www.g15tools.com


signature.asc
Description: PGP signature

Bug#865171: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
From 8ee9c372efd69fe7ed499ff839a41f0c764f40c8 Mon Sep 17 00:00:00 2001
From: Eric Dorland <e...@debian.org>
Date: Thu, 10 Aug 2017 16:18:25 -0400
Subject: [PATCH] Move to modern automake

---
 debian/control | 2 +-
 debian/rules   | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian/control b/debian/control
index 390f631..11548fc 100644
--- a/debian/control
+++ b/debian/control
@@ -7,7 +7,7 @@ Build-Depends: cdbs,
  autotools-dev,
  devscripts,
  libtool,
- automake1.11,
+ automake,
  autoconf,
  debhelper,
  dh-buildinfo,
diff --git a/debian/rules b/debian/rules
index e34fbe4..e4ae5c7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -17,9 +17,9 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 DEB_AUTO_UPDATE_LIBTOOL = pre
-DEB_AUTO_UPDATE_AUTOCONF = 2.64
-DEB_AUTO_UPDATE_ACLOCAL = 1.11
-DEB_AUTO_UPDATE_AUTOMAKE = 1.11
+DEB_AUTO_UPDATE_AUTOCONF = 2.69
+DEB_AUTO_UPDATE_ACLOCAL = 1.15
+DEB_AUTO_UPDATE_AUTOMAKE = 1.15
 include /usr/share/cdbs/1/rules/upstream-tarball.mk
 include /usr/share/cdbs/1/rules/utils.mk
 include /usr/share/cdbs/1/class/autotools.mk
-- 
2.13.3



signature.asc
Description: PGP signature

Bug#865168: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
From fbe8584b7090e88ac9b7f639411e99d373d29413 Mon Sep 17 00:00:00 2001
From: Eric Dorland <e...@debian.org>
Date: Thu, 10 Aug 2017 15:51:36 -0400
Subject: [PATCH] Move to modern automake

---
 debian/control | 2 +-
 debian/rules   | 8 
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/debian/control b/debian/control
index 1d82d5a..45d2c4e 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Uploaders: Adrian Knoth <a...@drcomp.erfurt.thur.de>,
 	Reinhard Tartler <siret...@tauware.de>
 Build-Depends: cdbs (>= 0.4.93~),
  libtool,
- automake1.11,
+ automake,
  autoconf,
  debhelper,
  bash-completion,
diff --git a/debian/rules b/debian/rules
index 3482e13..42a4799 100755
--- a/debian/rules
+++ b/debian/rules
@@ -10,10 +10,10 @@
 #
 
 DEB_AUTO_UPDATE_LIBTOOL = pre
-DEB_AUTO_UPDATE_AUTOCONF = 2.65
-DEB_AUTO_UPDATE_AUTOHEADER = 2.65
-DEB_AUTO_UPDATE_ACLOCAL = 1.11
-DEB_AUTO_UPDATE_AUTOMAKE = 1.11
+DEB_AUTO_UPDATE_AUTOCONF = 2.69
+DEB_AUTO_UPDATE_AUTOHEADER = 2.69
+DEB_AUTO_UPDATE_ACLOCAL = 1.15
+DEB_AUTO_UPDATE_AUTOMAKE = 1.15
 
 ifneq (,$(filter stage1,$(DEB_BUILD_PROFILES)))
 export DH_OPTIONS = -Njackd1-firewire
-- 
2.13.3



signature.asc
Description: PGP signature

Bug#865167: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#865167: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
From ff99c9f4a6cabebb01ab8c95d9d815e0da5da622 Mon Sep 17 00:00:00 2001
From: Eric Dorland <e...@debian.org>
Date: Thu, 10 Aug 2017 15:33:00 -0400
Subject: [PATCH] Switch to modern automake

---
 debian/control | 2 +-
 debian/rules   | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian/control b/debian/control
index 3ed22bb..d053675 100644
--- a/debian/control
+++ b/debian/control
@@ -6,7 +6,7 @@ Uploaders: Jonas Smedegaard <d...@jones.dk>,
 Build-Depends: cdbs,
  autotools-dev,
  libtool,
- automake1.11,
+ automake,
  autoconf,
  debhelper (>= 9~),
  dh-buildinfo,
diff --git a/debian/rules b/debian/rules
index d1b6890..22969eb 100755
--- a/debian/rules
+++ b/debian/rules
@@ -18,9 +18,9 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 DEB_AUTO_UPDATE_LIBTOOL = pre
-DEB_AUTO_UPDATE_AUTOCONF = 2.68
-DEB_AUTO_UPDATE_ACLOCAL = 1.11
-DEB_AUTO_UPDATE_AUTOMAKE = 1.11
+DEB_AUTO_UPDATE_AUTOCONF = 2.69
+DEB_AUTO_UPDATE_ACLOCAL = 1.15
+DEB_AUTO_UPDATE_AUTOMAKE = 1.15
 DEB_AUTOMAKE_ARGS = --add-missing
 include /usr/share/cdbs/1/class/autotools.mk
 include /usr/share/cdbs/1/rules/debhelper.mk
-- 
2.13.3



signature.asc
Description: PGP signature

Bug#865160: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN g15mpd-1.2svn.0.svn319.old/debian/control g15mpd-1.2svn.0.svn319/debian/control
--- g15mpd-1.2svn.0.svn319.old/debian/control	2017-08-10 12:32:48.766681704 -0400
+++ g15mpd-1.2svn.0.svn319/debian/control	2017-08-10 12:35:10.293095617 -0400
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Giacomo Catenazzi <c...@debian.org>
 Build-Depends: cdbs, debhelper (>= 5), autotools-dev,
- automake1.11, libtool, libusb-dev, libfreetype6-dev,
+ automake, libtool, libusb-dev, libfreetype6-dev,
  libg15-dev, libg15daemon-client-dev, libg15render-dev,
  libmpd-dev
 Standards-Version: 3.8.1


signature.asc
Description: PGP signature

Bug#865159: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN freefem3d-1.0pre10.old/debian/control freefem3d-1.0pre10/debian/control
--- freefem3d-1.0pre10.old/debian/control	2017-08-10 12:20:09.567154622 -0400
+++ freefem3d-1.0pre10/debian/control	2017-08-10 12:21:21.946349601 -0400
@@ -6,7 +6,7 @@
 Vcs-Svn: svn://svn.debian.org/svn/debian-science/packages/freefem3d/trunk/
 Vcs-Browser: http://svn.debian.org/viewsvn/debian-science/packages/freefem3d/trunk/
 Build-Depends: cdbs (>= 0.4.23-1.1), autotools-dev, debhelper (>= 10),
- automake1.11, libtool (>= 1.5), doc-base, bison, texlive, texlive-latex-extra,
+ automake, libtool (>= 1.5), doc-base, bison, texlive, texlive-latex-extra,
  dh-autoreconf
 
 Package: freefem3d
diff -ruN freefem3d-1.0pre10.old/debian/rules freefem3d-1.0pre10/debian/rules
--- freefem3d-1.0pre10.old/debian/rules	2017-08-10 12:20:09.567154622 -0400
+++ freefem3d-1.0pre10/debian/rules	2017-08-10 12:21:35.542198316 -0400
@@ -14,9 +14,9 @@
 DEB_AC_AUX_DIR = $(DEB_SRCDIR)/m4
 DEB_CONFIGURE_EXTRA_FLAGS := --enable-optimize --disable-gui
 
-DEB_AUTO_UPDATE_ACLOCAL = 1.11
+DEB_AUTO_UPDATE_ACLOCAL = 1.15
 DEB_AUTO_UPDATE_LIBTOOL = pre -c -f
-DEB_AUTO_UPDATE_AUTOMAKE = 1.11 -a -c
+DEB_AUTO_UPDATE_AUTOMAKE = 1.15 -a -c
 DEB_AUTO_UPDATE_AUTOCONF = yes
 DEB_AUTO_UPDATE_AUTOHEADER = yes
 


signature.asc
Description: PGP signature

Bug#865157: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
From 4e6c2871454d88ec14f78ca5c3e0b0f49e331e53 Mon Sep 17 00:00:00 2001
From: Eric Dorland <e...@debian.org>
Date: Thu, 10 Aug 2017 12:06:23 -0400
Subject: [PATCH] Switch to modern automake

---
 debian/control |  5 +++--
 debian/patches/865157-automake | 13 +
 debian/patches/series  |  1 +
 debian/rules   |  2 +-
 4 files changed, 18 insertions(+), 3 deletions(-)
 create mode 100644 debian/patches/865157-automake

diff --git a/debian/control b/debian/control
index d2e9a4b..14a0332 100644
--- a/debian/control
+++ b/debian/control
@@ -7,8 +7,9 @@ Build-Depends: debhelper (>= 8.9.4),
  libpaper-dev,
  autotools-dev,
  autoconf,
- automake1.11,
- autopoint
+ automake,
+ autopoint,
+ texinfo
 Build-Conflicts: autoconf2.13, automake1.4
 Standards-Version: 3.9.2
 Vcs-Git: git://git.debian.org/git/collab-maint/enscript.git
diff --git a/debian/patches/865157-automake b/debian/patches/865157-automake
new file mode 100644
index 000..3d906b0
--- /dev/null
+++ b/debian/patches/865157-automake
@@ -0,0 +1,13 @@
+Index: enscript/configure.ac
+===
+--- enscript.orig/configure.ac	2017-08-10 12:01:11.267738765 -0400
 enscript/configure.ac	2017-08-10 12:01:25.319584336 -0400
+@@ -11,7 +11,7 @@
+ AC_PROG_CC
+ 
+ AC_USE_SYSTEM_EXTENSIONS
+-AM_C_PROTOTYPES
++AC_C_PROTOTYPES
+ 
+ AC_C_CONST
+ AC_FUNC_ALLOCA
diff --git a/debian/patches/series b/debian/patches/series
index 3ed6fc4..3471e84 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
 344750-no-gecos
 147116-ruby-hilight
 457244-octave-highlighting
+865157-automake
diff --git a/debian/rules b/debian/rules
index a6fa59f..719e58e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -10,7 +10,7 @@ override_dh_auto_clean:
 	find -name Makefile.in -exec rm {} \;
 
 override_dh_auto_configure:
-	AUTOMAKE=automake-1.11 ACLOCAL=aclocal-1.11 autoreconf -fis
+	AUTOMAKE=automake-1.15 ACLOCAL=aclocal-1.15 autoreconf -fis
 	dh_auto_configure
 
 override_dh_auto_install:
-- 
2.13.3



signature.asc
Description: PGP signature

Bug#865158: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN fam-2.7.0.old/debian/control fam-2.7.0/debian/control
--- fam-2.7.0.old/debian/control	2017-08-10 12:13:37.447504805 -0400
+++ fam-2.7.0/debian/control	2017-08-10 12:14:20.543027649 -0400
@@ -2,7 +2,7 @@
 Section: admin
 Priority: optional
 Maintainer: Chuan-kai Lin <ck...@debian.org>
-Build-Depends: debhelper (>= 9), cdbs (>= 0.4.0.1), libtool (>= 1.5-2), automake1.11, autoconf
+Build-Depends: debhelper (>= 9), cdbs (>= 0.4.0.1), libtool (>= 1.5-2), automake, autoconf
 Standards-Version: 3.9.8
 Homepage: http://oss.sgi.com/projects/fam/
 
diff -ruN fam-2.7.0.old/debian/rules fam-2.7.0/debian/rules
--- fam-2.7.0.old/debian/rules	2017-08-10 12:13:37.447504805 -0400
+++ fam-2.7.0/debian/rules	2017-08-10 12:14:05.319196236 -0400
@@ -11,9 +11,9 @@
 
 DEB_AUTOMAKE_ARGS := --add-missing
 DEB_AUTO_UPDATE_LIBTOOL := pre
-DEB_AUTO_UPDATE_ACLOCAL := 1.11
-DEB_AUTO_UPDATE_AUTOMAKE := 1.11
-DEB_AUTO_UPDATE_AUTOCONF := 2.50
+DEB_AUTO_UPDATE_ACLOCAL := 1.15
+DEB_AUTO_UPDATE_AUTOMAKE := 1.15
+DEB_AUTO_UPDATE_AUTOCONF := 2.69
 DEB_UPDATE_RCD_PARAMS := "defaults 21"
 DEB_CONFIGURE_EXTRA_FLAGS += --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)
 


signature.asc
Description: PGP signature

Bug#865155: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
From 6df25f2f3d9102bb7819d5f36bd824ed12a450ee Mon Sep 17 00:00:00 2001
From: Eric Dorland <e...@debian.org>
Date: Thu, 10 Aug 2017 11:31:45 -0400
Subject: [PATCH] Switch to automake, not automake1.11

---
 debian/control | 2 +-
 debian/rules   | 7 ---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/debian/control b/debian/control
index 828e6b2..8c9d611 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: utils
 Priority: optional
 Maintainer: Jonas Smedegaard <d...@jones.dk>
 Build-Depends: cdbs,
- automake1.11,
+ automake,
  autoconf,
  debhelper,
  dh-buildinfo
diff --git a/debian/rules b/debian/rules
index ee1bc62..463f885 100755
--- a/debian/rules
+++ b/debian/rules
@@ -18,9 +18,10 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
 # 02111-1307 USA.
 
-DEB_AUTO_UPDATE_AUTOCONF = 2.68
-DEB_AUTO_UPDATE_ACLOCAL = 1.11
-DEB_AUTO_UPDATE_AUTOMAKE = 1.11
+DEB_AUTO_UPDATE_AUTOCONF = 2.69
+DEB_AUTO_UPDATE_ACLOCAL = 1.15
+DEB_AUTO_UPDATE_AUTOMAKE = 1.15
+DEB_AUTOMAKE_ARGS = --add-missing --copy
 -include /usr/share/cdbs/1/rules/upstream-tarball.mk
 include /usr/share/cdbs/1/rules/utils.mk
 include /usr/share/cdbs/1/class/autotools.mk
-- 
2.13.3



signature.asc
Description: PGP signature

Bug#865154: patch

2017-08-10 Thread Eric Dorland 
Control: tags -1 patch


-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN cloog-ppl-0.16.1.old/debian/control cloog-ppl-0.16.1/debian/control
--- cloog-ppl-0.16.1.old/debian/control	2017-08-10 11:21:14.124652961 -0400
+++ cloog-ppl-0.16.1/debian/control	2017-08-10 11:21:54.608139562 -0400
@@ -4,7 +4,7 @@
 Uploaders: Matthias Klose <d...@debian.org>, Michael Tautschnig <m...@debian.org>
 Build-Depends: debhelper (>= 9),
   autotools-dev,
-  automake1.11,
+  automake,
   libppl-dev (>= 1:1.2),
   libgmp-dev,
   texinfo


signature.asc
Description: PGP signature

Bug#865151: patch

2017-08-08 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN aweather-0.8.1.old/debian/control aweather-0.8.1/debian/control
--- aweather-0.8.1.old/debian/control	2017-08-08 17:17:06.713891445 -0400
+++ aweather-0.8.1/debian/control	2017-08-08 17:25:38.980394503 -0400
@@ -2,10 +2,10 @@
 Priority: extra
 Maintainer: Debian Science Maintainers <debian-science-maintain...@lists.alioth.debian.org>
 Uploaders: Andy Spencer <andy753...@gmail.com>
-Build-Depends: debhelper (>= 9), automake1.11, libbz2-dev, libcairo2-dev,
- libglib2.0-dev (>= 2.14), libgrits-dev (>= 0.8), libgtk2.0-dev (>= 2.16),
- librsl-dev (>= 1.41), libsoup2.4-dev (>= 2.26), mesa-common-dev,
- libglu1-mesa-dev, libgps-dev (>= 3.0)
+Build-Depends: debhelper (>= 9), dh-autoreconf, automake, libbz2-dev,
+ libcairo2-dev, libglib2.0-dev (>= 2.14), libgrits-dev (>= 0.8),
+ libgtk2.0-dev (>= 2.16), librsl-dev (>= 1.41), libsoup2.4-dev (>= 2.26),
+ mesa-common-dev, libglu1-mesa-dev, libgps-dev (>= 3.0)
 Standards-Version: 3.9.4
 Section: science
 Homepage: http://pileus.org/aweather
diff -ruN aweather-0.8.1.old/debian/patches/series aweather-0.8.1/debian/patches/series
--- aweather-0.8.1.old/debian/patches/series	2017-08-08 17:17:06.713891445 -0400
+++ aweather-0.8.1/debian/patches/series	2017-08-08 17:35:09.758259149 -0400
@@ -1 +1,2 @@
 plugins-c99.patch
+subdir-objects.patch
diff -ruN aweather-0.8.1.old/debian/patches/subdir-objects.patch aweather-0.8.1/debian/patches/subdir-objects.patch
--- aweather-0.8.1.old/debian/patches/subdir-objects.patch	1969-12-31 19:00:00.0 -0500
+++ aweather-0.8.1/debian/patches/subdir-objects.patch	2017-08-08 17:34:47.622498324 -0400
@@ -0,0 +1,10 @@
+--- aweather-0.8.1.old/configure.ac	2017-08-08 17:17:06.705891532 -0400
 aweather-0.8.1/configure.ac	2017-08-08 17:31:44.548472713 -0400
+@@ -1,6 +1,6 @@
+ # Init and options
+ AC_INIT([aweather], [0.8.1], [andy753...@gmail.com])
+-AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability foreign])
++AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability foreign subdir-objects])
+ AC_CONFIG_HEADERS([config.h])
+ AC_CONFIG_MACRO_DIR([m4])
+ #AM_SILENT_RULES([yes])
diff -ruN aweather-0.8.1.old/debian/rules aweather-0.8.1/debian/rules
--- aweather-0.8.1.old/debian/rules	2017-08-08 17:17:06.713891445 -0400
+++ aweather-0.8.1/debian/rules	2017-08-08 17:26:24.907903377 -0400
@@ -1,6 +1,6 @@
 #!/usr/bin/make -f
 %:
-	dh $@
+	dh $@ --with autoreconf
 
 override_dh_auto_configure:
 	dh_auto_configure -- --enable-gps


signature.asc
Description: PGP signature

Bug#865150: patch

2017-08-08 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN avr-libc-2.0.0+Atmel3.6.0.old/debian/control avr-libc-2.0.0+Atmel3.6.0/debian/control
--- avr-libc-2.0.0+Atmel3.6.0.old/debian/control	2017-08-08 17:02:17.431487155 -0400
+++ avr-libc-2.0.0+Atmel3.6.0/debian/control	2017-08-08 17:02:42.159199609 -0400
@@ -3,7 +3,7 @@
 Priority: extra
 Maintainer: Hakan Ardo <ha...@debian.org>
 Standards-Version: 3.9.5
-Build-Depends: gcc-avr (>=5.4.0+Atmel3.6.0-1), binutils-avr (>=2.26.20160125+Atmel3.6.0-1), debhelper (>=5), doxygen-latex (>=1.8.7), doxygen (>=1.8.7), transfig, ghostscript, netpbm, x11-common, autotools-dev, autoconf, automake1.11, unzip
+Build-Depends: gcc-avr (>=5.4.0+Atmel3.6.0-1), binutils-avr (>=2.26.20160125+Atmel3.6.0-1), debhelper (>=5), doxygen-latex (>=1.8.7), doxygen (>=1.8.7), transfig, ghostscript, netpbm, x11-common, autotools-dev, autoconf, automake, unzip
 
 Package: avr-libc
 Architecture: all


signature.asc
Description: PGP signature

Bug#865148: [PATCH] Use automake instead of automake1.11

2017-08-08 Thread Eric Dorland 
Control: tags -1 patch

---
 debian/control | 2 +-
 debian/rules   | 8 
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/debian/control b/debian/control
index 7c2c36d..690cbea 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: libs
 Priority: optional
 Maintainer: Debian Science Maintainers 

 Uploaders: Teemu Ikonen 
-Build-Depends: cdbs (>= 0.4.52), autoconf (>= 2.61), automake1.11,
+Build-Depends: cdbs (>= 0.4.52), autoconf (>= 2.69), automake,
  libtool, debhelper (>= 7), autoconf-archive
 Standards-Version: 3.9.5
 Homepage: http://www.cs.umd.edu/~mount/ANN/
diff --git a/debian/rules b/debian/rules
index f82dc6b..460cb5e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,10 +5,10 @@
 include /usr/share/cdbs/1/rules/debhelper.mk
 include /usr/share/cdbs/1/class/autotools.mk
 
-DEB_AUTO_UPDATE_AUTOHEADER = 2.61
-DEB_AUTO_UPDATE_AUTOCONF = 2.61
-DEB_AUTO_UPDATE_ACLOCAL = 1.11
-DEB_AUTO_UPDATE_AUTOMAKE = 1.11
+DEB_AUTO_UPDATE_AUTOHEADER = 2.69
+DEB_AUTO_UPDATE_AUTOCONF = 2.69
+DEB_AUTO_UPDATE_ACLOCAL = 1.15
+DEB_AUTO_UPDATE_AUTOMAKE = 1.15
 DEB_AUTOMAKE_ARGS = --foreign --add-missing
 DEB_AUTO_UPDATE_LIBTOOL = pre
 
-- 
2.13.3

Bug#865143: patch

2017-08-08 Thread Eric Dorland 
Control: tags -1 patch

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
diff -ruN liece-2.0+0.20030527cvs.old/debian/control liece-2.0+0.20030527cvs/debian/control
--- liece-2.0+0.20030527cvs.old/debian/control	2017-08-08 12:29:56.552025270 -0400
+++ liece-2.0+0.20030527cvs/debian/control	2017-08-08 12:30:27.135685426 -0400
@@ -4,7 +4,7 @@
 Maintainer: OHASHI Akira <b...@debian.org>
 Build-Depends: cdbs,
  debhelper,
- dh-buildinfo, emacs | emacsen, autoconf, automake1.11 | automaken, gettext, libtool
+ dh-buildinfo, emacs | emacsen, autoconf, automake, gettext, libtool
 Standards-Version: 3.7.2
 
 Package: liece


signature.asc
Description: PGP signature

Bug#865142: patch

2017-08-08 Thread Eric Dorland 
Control: tags -1 patch

Attached is patch to fix this issue.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
--- diagnostics-0.3.3.old/debian/control	2017-08-08 12:20:03.046697876 -0400
+++ diagnostics-0.3.3/debian/control	2017-08-08 12:21:10.057907988 -0400
@@ -1,7 +1,7 @@
 Source: diagnostics
 Priority: extra
 Maintainer: Michael Tautschnig <m...@debian.org>
-Build-Depends: dpkg-dev (>= 1.16.0~), debhelper (>= 9), automake1.11 | automake (>= 1:1.9), pkg-config, libtool, libltdl-dev (>= 2.4.2-1~), libace-dev (>= 5.7.7-3) [!hurd-i386], dh-autoreconf
+Build-Depends: dpkg-dev (>= 1.16.0~), debhelper (>= 9), automake (>= 1:1.9), pkg-config, libtool, libltdl-dev (>= 2.4.2-1~), libace-dev (>= 5.7.7-3) [!hurd-i386], dh-autoreconf
 Standards-Version: 3.9.8
 Section: libs
 Homepage: http://forsyte.at/software/diagnostics


signature.asc
Description: PGP signature

Bug#865139: possible patch

2017-08-08 Thread Eric Dorland 
Control: tags -1 patch

Attached is a possible fix for this issue, that I can't test due to #853369.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
Index: debian/control
===
--- debian/control	(revision 27279)
+++ debian/control	(working copy)
@@ -4,7 +4,7 @@
 Maintainer: Vincent Cheng <vch...@debian.org>
 Build-Depends:
  autoconf (>= 2.59),
- automake1.11 | automake (>= 1:1.11),
+ automake (>= 1:1.11),
  debhelper (>= 9),
  dh-autoreconf,
  doxygen,


signature.asc
Description: PGP signature

Bug#865138: Possible patch

2017-08-08 Thread Eric Dorland 
Control: tags patch

Attached is possible patch that I can't test due to #853353

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
Index: debian/control
===
--- debian/control	(revision 27279)
+++ debian/control	(working copy)
@@ -4,7 +4,6 @@
 Maintainer: Vincent Cheng <vch...@debian.org>
 Build-Depends:
  audacious-dev,
- automake1.11 | automake (>= 1:1.11),
  cmake (>= 2.6),
  debhelper (>= 9),
  docbook-xml,


signature.asc
Description: PGP signature

Bug#846548: marked as pending

2017-06-07 Thread Eric Dorland 
* Julien Cristau (jcris...@debian.org) wrote:
> It's now through NEW.  The next step would be an upload to sid, with
> urgency=high, and an unblock request to the release.debian.org
> pseudopackage.

Thanks and done as you have seen. I'm guessing it's not worth it, but
should we promote libp11 0.4.4-1 as well for version parity?

> On 06/06/2017 02:26 AM, Eric Dorland wrote:
> > OK, apologies for the delay (and I know we're getting down to the
> > wire). I just uploaded libp11-openssl1.1 to experimental and of course
> > it's in NEW. If this looks ok let me know what the next steps are if
> > we want to try to get it into stretch.
> > 
> > * Julien Cristau (jcris...@debian.org) wrote:
> >> On 05/30/2017 07:16 AM, Eric Dorland wrote:
> >>> * Julien Cristau (jcris...@debian.org) wrote:
> >>>> On 05/29/2017 03:15 AM, Eric Dorland wrote:
> >>>>> * Julien Cristau (jcris...@debian.org) wrote:
> >>>>>> On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:
> >>>>>>
> >>>>>>> tag 846548 pending
> >>>>>>> thanks
> >>>>>>>
> >>>>>>> Hello,
> >>>>>>>
> >>>>>>> Bug #846548 reported by you has been fixed in the Git repository. You 
> >>>>>>> can
> >>>>>>> see the changelog below, and you can check the diff of the fix at:
> >>>>>>>
> >>>>>>> 
> >>>>>>> https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> >>>>>>>
> >>>>>> So, erm.  This seems like it would break using libengine-pkcs11-openssl
> >>>>>> in an application using libssl1.0.2.  As a SONAME bump it also seems
> >>>>>> rather inappropriate during the freeze.
> >>>>>
> >>>>> That's a good point. I was trying to provide an alternative to the
> >>>>> broken NMU that was going to be uploaded, but yes this will break
> >>>>> applications built against libssl1.0.2. It does fix using this with
> >>>>> the openssl tool however.
> >>>>>
> >>>> Right.
> >>>>
> >>>>>> I'm very interested in having this fixed in stretch so I can get the
> >>>>>> secure-boot stuff working on ftp-master, but this doesn't look like the
> >>>>>> way to go.  Not to mention that you'd have to justify the bump from
> >>>>>> 0.4.3 to 0.4.4.
> >>>>>>
> >>>>>> Can you explain your plans here?
> >>>>>
> >>>>> As you suggested in your followup, the way forward would appear to be
> >>>>> to upload a new libp11 source package that builds against
> >>>>> libssl1.0.2. I can also backport all of the changes to 0.4.3 and
> >>>>> upload to testing-proposed-updates. Does that sound reasonable?
> >>>>>
> >>>> Having read through the 0.4.4 changes I think I'd be ok with getting
> >>>> that in if you're confident.  I guess the other question is should
> >>>> libp11-dev come from the openssl1.1-using package or the
> >>>> openssl1.0.2-using one.  At this late stage I guess it's safer to stay
> >>>> with 1.0.2, and have the libp11-openssl1.1 package (or however it's
> >>>> called) only provide a libengine-pkcs11-openssl1.1 binary?
> >>>
> >>> OK, I like this plan. We should get the naming right going forward
> >>> though for the libengine-pkcs11-openssl1.1 package. Is that how other
> >>> packages are handling naming when they depend on a particular version
> >>> of openssl?
> >>>
> >> I'm not sure, to be honest.  I don't know if there are any other similar
> >> cases right now.  This package name wouldn't survive stretch in any
> >> case, I guess?
> >>
> >>> I should be able to get fixed uploads to unstable in a couple of days.
> >>>
> >> Nice.  Thanks.
> >>
> >> Cheers,
> >> Julien
> > 
> 

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#864383: unblock: libp11-openssl1.1/0.4.4-4

2017-06-07 Thread Eric Dorland 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libp11-openssl1.1

This is a new package which is adds only pkcs11 engine support for openssl 1.1.
Without this the change it can't be used with openssl 1.1 only with openssl
1.0.2 and since the openssl command is coming from 1.1 without this it would 
be a functionality regression in stretch.

Full context in #846548.

No debdiff since this is a new package.

unblock libp11-openssl1.1/0.4.4-4

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.5.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#846548: marked as pending

2017-06-05 Thread Eric Dorland 
OK, apologies for the delay (and I know we're getting down to the
wire). I just uploaded libp11-openssl1.1 to experimental and of course
it's in NEW. If this looks ok let me know what the next steps are if
we want to try to get it into stretch.

* Julien Cristau (jcris...@debian.org) wrote:
> On 05/30/2017 07:16 AM, Eric Dorland wrote:
> > * Julien Cristau (jcris...@debian.org) wrote:
> >> On 05/29/2017 03:15 AM, Eric Dorland wrote:
> >>> * Julien Cristau (jcris...@debian.org) wrote:
> >>>> On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:
> >>>>
> >>>>> tag 846548 pending
> >>>>> thanks
> >>>>>
> >>>>> Hello,
> >>>>>
> >>>>> Bug #846548 reported by you has been fixed in the Git repository. You 
> >>>>> can
> >>>>> see the changelog below, and you can check the diff of the fix at:
> >>>>>
> >>>>> 
> >>>>> https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> >>>>>
> >>>> So, erm.  This seems like it would break using libengine-pkcs11-openssl
> >>>> in an application using libssl1.0.2.  As a SONAME bump it also seems
> >>>> rather inappropriate during the freeze.
> >>>
> >>> That's a good point. I was trying to provide an alternative to the
> >>> broken NMU that was going to be uploaded, but yes this will break
> >>> applications built against libssl1.0.2. It does fix using this with
> >>> the openssl tool however.
> >>>
> >> Right.
> >>
> >>>> I'm very interested in having this fixed in stretch so I can get the
> >>>> secure-boot stuff working on ftp-master, but this doesn't look like the
> >>>> way to go.  Not to mention that you'd have to justify the bump from
> >>>> 0.4.3 to 0.4.4.
> >>>>
> >>>> Can you explain your plans here?
> >>>
> >>> As you suggested in your followup, the way forward would appear to be
> >>> to upload a new libp11 source package that builds against
> >>> libssl1.0.2. I can also backport all of the changes to 0.4.3 and
> >>> upload to testing-proposed-updates. Does that sound reasonable?
> >>>
> >> Having read through the 0.4.4 changes I think I'd be ok with getting
> >> that in if you're confident.  I guess the other question is should
> >> libp11-dev come from the openssl1.1-using package or the
> >> openssl1.0.2-using one.  At this late stage I guess it's safer to stay
> >> with 1.0.2, and have the libp11-openssl1.1 package (or however it's
> >> called) only provide a libengine-pkcs11-openssl1.1 binary?
> > 
> > OK, I like this plan. We should get the naming right going forward
> > though for the libengine-pkcs11-openssl1.1 package. Is that how other
> > packages are handling naming when they depend on a particular version
> > of openssl?
> > 
> I'm not sure, to be honest.  I don't know if there are any other similar
> cases right now.  This package name wouldn't survive stretch in any
> case, I guess?
> 
> > I should be able to get fixed uploads to unstable in a couple of days.
> > 
> Nice.  Thanks.
> 
> Cheers,
> Julien

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#846548: marked as pending

2017-05-30 Thread Eric Dorland 
* Julien Cristau (jcris...@debian.org) wrote:
[snip]
> > OK, I like this plan. We should get the naming right going forward
> > though for the libengine-pkcs11-openssl1.1 package. Is that how other
> > packages are handling naming when they depend on a particular version
> > of openssl?
> > 
> I'm not sure, to be honest.  I don't know if there are any other similar
> cases right now.  This package name wouldn't survive stretch in any
> case, I guess?

Well when openssl 1.2 comes out we might have this same problem again right?

> > I should be able to get fixed uploads to unstable in a couple of days.
> > 
> Nice.  Thanks.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#846548: marked as pending

2017-05-29 Thread Eric Dorland 
* Julien Cristau (jcris...@debian.org) wrote:
> On 05/29/2017 03:15 AM, Eric Dorland wrote:
> > * Julien Cristau (jcris...@debian.org) wrote:
> >> On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:
> >>
> >>> tag 846548 pending
> >>> thanks
> >>>
> >>> Hello,
> >>>
> >>> Bug #846548 reported by you has been fixed in the Git repository. You can
> >>> see the changelog below, and you can check the diff of the fix at:
> >>>
> >>> 
> >>> https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> >>>
> >> So, erm.  This seems like it would break using libengine-pkcs11-openssl
> >> in an application using libssl1.0.2.  As a SONAME bump it also seems
> >> rather inappropriate during the freeze.
> > 
> > That's a good point. I was trying to provide an alternative to the
> > broken NMU that was going to be uploaded, but yes this will break
> > applications built against libssl1.0.2. It does fix using this with
> > the openssl tool however.
> > 
> Right.
> 
> >> I'm very interested in having this fixed in stretch so I can get the
> >> secure-boot stuff working on ftp-master, but this doesn't look like the
> >> way to go.  Not to mention that you'd have to justify the bump from
> >> 0.4.3 to 0.4.4.
> >>
> >> Can you explain your plans here?
> > 
> > As you suggested in your followup, the way forward would appear to be
> > to upload a new libp11 source package that builds against
> > libssl1.0.2. I can also backport all of the changes to 0.4.3 and
> > upload to testing-proposed-updates. Does that sound reasonable?
> > 
> Having read through the 0.4.4 changes I think I'd be ok with getting
> that in if you're confident.  I guess the other question is should
> libp11-dev come from the openssl1.1-using package or the
> openssl1.0.2-using one.  At this late stage I guess it's safer to stay
> with 1.0.2, and have the libp11-openssl1.1 package (or however it's
> called) only provide a libengine-pkcs11-openssl1.1 binary?

OK, I like this plan. We should get the naming right going forward
though for the libengine-pkcs11-openssl1.1 package. Is that how other
packages are handling naming when they depend on a particular version
of openssl?

I should be able to get fixed uploads to unstable in a couple of days.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#846548: marked as pending

2017-05-28 Thread Eric Dorland 
* Julien Cristau (jcris...@debian.org) wrote:
> On Mon, May 22, 2017 at 03:42:57 +0000, Eric Dorland wrote:
> 
> > tag 846548 pending
> > thanks
> > 
> > Hello,
> > 
> > Bug #846548 reported by you has been fixed in the Git repository. You can
> > see the changelog below, and you can check the diff of the fix at:
> > 
> > https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> > 
> So, erm.  This seems like it would break using libengine-pkcs11-openssl
> in an application using libssl1.0.2.  As a SONAME bump it also seems
> rather inappropriate during the freeze.

That's a good point. I was trying to provide an alternative to the
broken NMU that was going to be uploaded, but yes this will break
applications built against libssl1.0.2. It does fix using this with
the openssl tool however.

> I'm very interested in having this fixed in stretch so I can get the
> secure-boot stuff working on ftp-master, but this doesn't look like the
> way to go.  Not to mention that you'd have to justify the bump from
> 0.4.3 to 0.4.4.
> 
> Can you explain your plans here?

As you suggested in your followup, the way forward would appear to be
to upload a new libp11 source package that builds against
libssl1.0.2. I can also backport all of the changes to 0.4.3 and
upload to testing-proposed-updates. Does that sound reasonable?

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#846548: [pkg-opensc-maint] Bug#846548: patch for #846548

2017-05-18 Thread Eric Dorland 
Sorry for not getting back to this sooner. I've canceled this upload
since it has the side-effect of breaking libp11 (ie it bumps it's
soname). I think the way forward would be to make that bump and
rebuild the only dependency (pam-p11) against it, but I'm not 100%
sure pam-p11 compiles with openssl 1.1. I guess this plan will require
release manager approval since it's rather a lot of changes.

* Luke Faraone (l...@faraone.cc) wrote:
> On Thu, 11 May 2017 20:33:41 -0700 Luke W Faraone <lfara...@debian.org> wrote:
> > On Thu, 11 May 2017 19:45:51 -0700 Luke W Faraone <lfara...@debian.org>
> > wrote:
> > > Attached is a patch to fix the path to the engine directory, and moves
> > > this library back to libssl-dev. (it isn't clear to me from changelog or
> > > git log why the move to 1.1 was originally reverted)
> > 
> > And of course, that patch was bogus. Attached is a orrected patch. I
> > intend to upload this to DELAYED/5 once I have a chance to test on real
> > hardware. 
> 
> Tested (attached) and uploaded accordingly.
> 
>   -- Luke

> $ openssl req -engine pkcs11 -keyform engine -new -key 
> "pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=[…];token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=PIV%20AUTH%20key;type=private"
>  -out req.pem -text -x509 -subj '/CN=Luke Faraone'
> engine "pkcs11" set.
> No private keys found.
> PKCS#11 token PIN: 
> cobalt:/tmp/tmp.1Pc1kTLqDp$ cat req.pem 
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> a7:78:4e:07:98:95:7d:95
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: CN = Luke Faraone
> Validity
> Not Before: May 13 20:07:39 2017 GMT
> Not After : Jun 12 20:07:39 2017 GMT
> Subject: CN = Luke Faraone
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
>   […]
> -BEGIN CERTIFICATE-
> […]
> -END CERTIFICATE-
> 




> _______
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint


-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#852039: [pkg-opensc-maint] Bug#852039: pam-p11: diff for NMU version 0.1.5-6.1

2017-01-23 Thread Eric Dorland 
Hi Sam,

Thanks for the patch. I'll prepare an upload for it tomorrow if you
want to hold off for a bit.

* hartm...@debian.org (hartm...@debian.org) wrote:
> Control: tags 852039 + pending
> 
> 
> Dear maintainer,
> 
> I've prepared an NMU for pam-p11 (versioned as 0.1.5-6.1) and
> uploaded it to DELAYED/2day. I realize this is a small delay, but I want the 
> changes to make it in before the freeze.  Please feel free to tell me if I
> should delay it longer.
> 
> Regards.
> diff -Nru pam-p11-0.1.5/debian/changelog pam-p11-0.1.5/debian/changelog
> --- pam-p11-0.1.5/debian/changelog2016-12-10 20:32:54.0 -0500
> +++ pam-p11-0.1.5/debian/changelog2017-01-23 15:13:19.0 -0500
> @@ -1,3 +1,10 @@
> +pam-p11 (0.1.5-6.1) unstable; urgency=medium
> +
> +  * Non-maintainer upload.
> +  * Fix segfault after token login, Closes: #852039
> +
> + -- Sam Hartman <hartm...@debian.org>  Mon, 23 Jan 2017 15:13:19 -0500
> +
>  pam-p11 (0.1.5-6) unstable; urgency=medium
>  
>* debian/control: Explicit build-deps on libssl1.0-dev.
> diff -Nru pam-p11-0.1.5/debian/patches/reread_certs_on_token_login 
> pam-p11-0.1.5/debian/patches/reread_certs_on_token_login
> --- pam-p11-0.1.5/debian/patches/reread_certs_on_token_login  1969-12-31 
> 19:00:00.0 -0500
> +++ pam-p11-0.1.5/debian/patches/reread_certs_on_token_login  2017-01-20 
> 17:23:43.0 -0500
> @@ -0,0 +1,40 @@
> +Index: pam-p11/src/pam_p11.c
> +===
> +--- pam-p11.orig/src/pam_p11.c
>  pam-p11/src/pam_p11.c
> +@@ -56,6 +56,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
> + const char *user;
> + char *password;
> + char password_prompt[64];
> ++int loggedin = 0;
> + 
> + struct pam_conv *conv;
> + struct pam_message msg;
> +@@ -119,7 +120,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
> + }
> + 
> + /* get all certs */
> +-rv = PKCS11_enumerate_certs(slot->token, , );
> ++ cert_scan: rv = PKCS11_enumerate_certs(slot->token, , );
> + if (rv) {
> + pam_syslog(pamh, LOG_ERR, "PKCS11_enumerate_certs failed");
> + rv = PAM_AUTHINFO_UNAVAIL;
> +@@ -156,7 +157,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
> + goto out;
> + }
> + 
> +-if (!slot->token->loginRequired)
> ++if (!slot->token->loginRequired ||loggedin)
> + goto loggedin;
> + 
> + /* get password */
> +@@ -209,6 +210,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
> + goto out;
> + }
> + 
> ++loggedin = 1;
> ++goto cert_scan;
> ++
> +   loggedin:
> + /* get random bytes */
> + fd = open(RANDOM_SOURCE, O_RDONLY);
> diff -Nru pam-p11-0.1.5/debian/patches/series 
> pam-p11-0.1.5/debian/patches/series
> --- pam-p11-0.1.5/debian/patches/series   2016-12-10 20:32:54.0 
> -0500
> +++ pam-p11-0.1.5/debian/patches/series   2017-01-20 17:22:14.0 
> -0500
> @@ -1 +1,2 @@
>  0001-Use-INSTALL-instead-of-libLTLIBRARIES_INSTALL.patch
> +reread_certs_on_token_login
> 
> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#851639: ITP: alacritty -- A cross-platform, GPU-accelerated terminal emulator

2017-01-16 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: alacritty
  Upstream Author : Joe Wilm <j...@jwilm.com> 
* URL : https://github.com/jwilm/alacritty
* License : Apache 2.0
  Programming Lang: Rust
  Description : A cross-platform, GPU-accelerated terminal emulator

Alacritty is the fastest terminal emulator in existence. Using the GPU for
rendering enables optimizations that simply aren't possible in other emulators.

Bug#830863: [pkg-opensc-maint] Bug#830863: opensc-pkcs11: Unable to sign

2017-01-15 Thread Eric Dorland 
Sorry I don't have your particular hardware to test with, but this
sounds similar to https://github.com/OpenSC/OpenSC/issues/942. Do you
think it could be the same issue?

* Stanimir Stoyanov (stani...@datacentrix.org) wrote:
> Package: opensc-pkcs11
> Version: 0.16.0-1
> Severity: important
> 
> Dear Maintainer,
> 
> It is about omnikey reader with CardOS smart card.
> 
> The output of OPENSC_DEBUG=2 pkcs11-tool --module /usr/lib/x86_64-linux-gnu
> /onepin-opensc-pkcs11.so -t -l:
> 
> Please enter User PIN:
> 0x7feae107d700 14:18:05.293 [onepin-opensc-pkcs11] sec.c:206:sc_pin_cmd:
> returning with: 0 (Success)
> C_SeedRandom() and C_GenerateRandom():
>   seeding (C_SeedRandom) not supported
>   seems to be OK
> Digests:
>   all 4 digest functions seem to work
>   MD5: OK
>   SHA-1: OK
>   RIPEMD160: OK
> Signatures (currently only RSA signatures)
>   testing key 0 (StampIT)
> 0x7feae107d700 14:18:10.557 [onepin-opensc-pkcs11] card-
> cardos.c:475:cardos_select_file: called
> 0x7feae107d700 14:18:10.582 [onepin-opensc-pkcs11]
> sec.c:72:sc_set_security_env: returning with: 0 (Success)
> 0x7feae107d700 14:18:10.621 [onepin-opensc-pkcs11] sec.c:44:sc_decipher:
> returning with: -1200 (Card command failed)
> 0x7feae107d700 14:18:10.630 [onepin-opensc-pkcs11] card-
> cardos.c:475:cardos_select_file: called
> 0x7feae107d700 14:18:10.723 [onepin-opensc-pkcs11]
> ctx.c:842:sc_release_context: called
> error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)
> 
> Aborting.
> 
> 
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.6.0-1-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages opensc-pkcs11 depends on:
> ii  libc62.22-13
> ii  libssl1.0.2  1.0.2h-1
> ii  zlib1g   1:1.2.8.dfsg-2+b1
> 
> opensc-pkcs11 recommends no packages.
> 
> opensc-pkcs11 suggests no packages.
> 
> -- no debconf information
> 
> _______
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#830862: [pkg-opensc-maint] Bug#830862: opensc-pkcs11: trying to overwrite '/usr/lib/x86_64-linux-gnu/pkcs11', which is also in package gnome-keyring 3.20.0-1

2017-01-15 Thread Eric Dorland 
Control: tags -1 unreproducible

Hi Stanimir,

I'm unable to reproduce this problem on my systems. Are you still
seeing this?

* Stanimir Stoyanov (stani...@datacentrix.org) wrote:
> Package: opensc-pkcs11
> Version: 0.16.0-1
> Severity: important
> 
> Dear Maintainer,
> 
> After last upgrade I'm unable to sign documents using my digital signature. 
> The
> error I'm getting is:
> 
> Preparing to unpack .../opensc-pkcs11_0.16.0-1_amd64.deb ...
> Unpacking opensc-pkcs11:amd64 (0.16.0-1) ...
> dpkg: error processing archive /var/cache/apt/archives/opensc-
> pkcs11_0.16.0-1_amd64.deb (--unpack):
>  trying to overwrite '/usr/lib/x86_64-linux-gnu/pkcs11', which is also in
> package gnome-keyring 3.20.0-1
> Selecting previously unselected package opensc.
> Preparing to unpack .../opensc_0.16.0-1_amd64.deb ...
> Unpacking opensc (0.16.0-1) ...
> Processing triggers for libc-bin (2.22-13) ...
> Processing triggers for man-db (2.7.5-1) ...
> Errors were encountered while processing:
>  /var/cache/apt/archives/opensc-pkcs11_0.16.0-1_amd64.deb
> E: Sub-process /usr/bin/dpkg returned an error code (1)

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#849631: dnscrypt-proxy 1.8.1-4 fails to start

2016-12-30 Thread Eric Dorland 
Control: tags + moreinfo unreproducible

I'm not seeing this on my system. If you upgrade what does your
dnscrypt-proxy.socket, dnscrypt-proxy.service and
/etc/dnscrypt-proxy/dnscrypt-proxy.conf files look like?

* Perl (zer0.div...@yahoo.fr) wrote:
> Package: dnscrypt-proxy
> Version: 1.7.0+dfsg-1
> Severity: serious
> Tags: upstream
> Justification: serious
> 
> Dear Maintainer,
> 
>* What led up to the situation?
>After upgrade dnscrypt-proxy, it wan't start anymore.
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
>  Working as before.
>* What was the outcome of this action?
>dnscrypt-proxy.service and dnscrypt-proxy.socket stop working.
>I get these output in journalctl:
>Dec 28 22:13:03 debian systemd[1]: dnscrypt-proxy.service: Service
>hold-off time over, scheduling restart.
>Dec 28 22:13:03 debian systemd[1]: dnscrypt-proxy.service: Start
>request repeated too quickly.
>Dec 28 22:13:03 debian systemd[1]: dnscrypt-proxy.socket: Unit
>entered failed state.
>Dec 28 22:13:03 debian systemd[1]: dnscrypt-proxy.service: Unit
>entered failed state.
>Dec 28 22:13:03 debian systemd[1]: dnscrypt-proxy.service: Failed
>with result 'start-limit-hit'.
>
>And if I feed dnscrypt-proxy command with the configuration file, I
>get in terminal:
>Dec 28 22:13:01 debian dnscrypt-proxy[1694]: Wed Dec 28 22:13:01 2016
>[INFO] + DNS Security Extensions are supported
>Dec 28 22:13:01 debian dnscrypt-proxy[1694]: Wed Dec 28 22:13:01 2016
>[INFO] + Provider supposedly doesn't keep logs
>Dec 28 22:13:01 debian systemd[1]: dnscrypt-proxy.service: Service
>hold-off time over, scheduling restart.
> 
>* What outcome did you expect instead?
>Running dnscrypt-proxy.service and dnscrypt-proxy.socket.
> 
> *** End of the template - remove these template lines ***
> 
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers unstable
>   APT policy: (990, 'unstable'), (150, 'testing'), (100, 'stable'), (5, 
> 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages dnscrypt-proxy depends on:
> ii  adduser  3.115
> ii  init-system-helpers  1.46
> ii  libc62.24-8
> ii  libltdl7 2.4.6-2
> ii  libsodium18  1.0.11-1
> ii  libsystemd0  232-8
> 
> dnscrypt-proxy recommends no packages.
> 
> Versions of packages dnscrypt-proxy suggests:
> ii  resolvconf  1.79
> 
> -- Configuration Files:
> /etc/default/dnscrypt-proxy changed:
> DNSCRYPT_PROXY_LOCAL_ADDRESS=127.0.2.1:53
> DNSCRYPT_PROXY_RESOLVER_NAME=dnscrypt.org-fr
> DNSCRYPT_PROXY_OPTIONS=""
> 
> /etc/dnscrypt-proxy/dnscrypt-proxy.conf changed:
> ResolverName=dnscrypt.org-fr

That equals sign looks problematic.

> ResolversList /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
> Daemonize yes
> PidFile /var/run/dnscrypt-proxy.pid
> User _dnscrypt-proxy
> LocalAddress 127.0.2.1:53
> EphemeralKeys yes
> MaxActiveRequests 250
> LogFile /var/log/dnscrypt-proxy.log
> LogLevel 7
> BlockIPv6 yes
> 
> 
> -- no debconf information

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#837959: New version available - 1.7.0

2016-09-15 Thread Eric Dorland 
It's already packaged and waiting in NEW.

* Michael-John Turner (m...@mjturner.net) wrote:
> Package: dnscrypt-proxy
> Version 1.6.1-1
> Severity: wishlist
> 
> Hi,
> 
> A new upstream version of dnscrypt-proxy is available - 1.7.0. It would be
> great if the Debian package could be updated to this version.
> 
> Source available from https://download.dnscrypt.org/dnscrypt-proxy/
> 
> Cheers, MJ

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#781648: dnscrypt-proxy: Default configuration doesn't work with Unbound DNS cache

2016-08-30 Thread Eric Dorland 
The latest package that's waiting in NEW will have a different
default resolver and should work fine with DNSSEC.

* har...@a-little-linux-box.at (har...@a-little-linux-box.at) wrote:
> Dear Eric Dorland,
> 
> according to the dnscrypt-resolvers.csv file these resolvers don't
> support DNSSec, so I guess this bug should be kept open - IMHO it would
> make more sense to tell users how to disable DNSSec :-/.
> 
> Kind regards
> Harald Jenny

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#781648: dnscrypt-proxy: Default configuration doesn't work with Unbound DNS cache

2016-07-30 Thread Eric Dorland 
Control: tags -1 fixed-upstream

So this should be fixable in the next release when the anycast
addresses are added for http://dnsrec.meo.ws/. 

* Ivan Vilata i Balaguer (i...@selidor.net) wrote:
> Package: dnscrypt-proxy
> Version: 1.4.3-2
> Severity: normal
> 
> Hi!  The README of ``dnscrypt-proxy`` recommends using Unbound as a DNS
> caching resolver in combination with it.  However, Unbound enables DNSSEC and
> the default configuration of ``dnscrypt-proxy`` sets
> ``DNSCRYPT_PROXY_RESOLVER_NAME=opendns`` in its default file.  The problem is
> that OpenDNS servers disable DNSSEC, which results in Unbound rejecting the
> responses coming from the proxy and name resolution failing, as explained
> here: https://forums.opendns.com/comments.php?DiscussionID=15361#Item_9
> 
> I suggest to change the default to a different one (e.g. the ``dnscrypt.eu-*``
> servers seem to work), or to add a short comment in the default file warning
> about OpenDNS servers and DNSSEC.
> 
> Thanks!
> 
> -- System Information:
> Debian Release: 8.0
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
> Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
> 
> Versions of packages dnscrypt-proxy depends on:
> ii  adduser  3.113+nmu3
> ii  init-system-helpers  1.22
> ii  libc62.19-17
> ii  libsodium13  1.0.1-1
> ii  libsystemd0  215-12
> 
> dnscrypt-proxy recommends no packages.
> 
> Versions of packages dnscrypt-proxy suggests:
> ii  resolvconf  1.76.1
> 
> -- Configuration Files:
> /etc/default/dnscrypt-proxy changed [not included]
> 
> -- no debconf information

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#823030: [pkg-opensc-maint] Bug#823030: Status

2016-07-30 Thread Eric Dorland 
* José Luis González (jlgon...@ya.com) wrote:
> On Sat, 30 Jul 2016 01:53:17 -0400
> Eric Dorland <e...@debian.org> wrote:
> 
> > Control: tags -1 moreinfo
> > 
> > What software is breaking exactly? You should not need libopensc2, it
> > was always an internal library.
> 
> It's an external package, from Spain's ID card electronic signing
> system. As far as I remember it depended on those packages.
> 
> I managed to install the external packages with packages from stable.

Is it actually linking against libopensc2?

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#823030: [pkg-opensc-maint] Bug#823030: Status

2016-07-29 Thread Eric Dorland 
Control: tags -1 moreinfo

What software is breaking exactly? You should not need libopensc2, it
was always an internal library.

* José Luis González (jlgon...@ya.com) wrote:
> Hi,
> 
> any news or feedback on this issue?
> 
> Regards,
> José
> 
> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#820444: [pkg-opensc-maint] Bug#820444: opensc-pkcs11: Segfault with cardos smartcard

2016-04-08 Thread Eric Dorland 
Thanks for the report. I'll try to do an upload with the patch this weekend.

* Laurent Bigonville (bi...@debian.org) wrote:
> tag 820444 + fixed-upstream
> forwarded 820444 https://github.com/OpenSC/OpenSC/issues/547
> thanks
> 
> Hi,
> 
> This is actually already fixed upstream, would be nice if the patch was
> cherry-picked. Not sure when the next release will happen.
> 
> Cheers,
> 
> Laurent Bigonville
> 
> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#819902: RM: automake-1.14 -- RoQA; superseded by automake-1.15

2016-04-03 Thread Eric Dorland 
* Mattia Rizzolo (mat...@debian.org) wrote:
> Package: ftp.debian.org
> X-Debbugs-CC: automake-1...@packages.debian.org
> 
> As per subject, please remove this.
> 
> Even if I wonder why we need to have different source packages for 1.14
> and 1.15, whilst the both build only one binary "automake"...

It's unclear to me why it wasn't removed automatically when it no
longer had any binary packages in the archive. Is that a bug?


-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#815004: [pkg-opensc-maint] Bug#815004: libengine-pkcs11-openssl: Engine is installed at wrong location (sparc64 as well)

2016-03-19 Thread Eric Dorland 
uot;, O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libkeyutils.so.1", O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libpcre.so.1", O_RDONLY|O_CLOEXEC) = 3
> statfs("/sys/fs/selinux", {f_type="SELINUX_MAGIC", f_bsize=4096,
> f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0,
> 0}, f_namelen=255, f_frsize=4096, f_flags=4128}) = 0
> statfs("/sys/fs/selinux", {f_type="SELINUX_MAGIC", f_bsize=4096,
> f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0,
> 0}, f_namelen=255, f_frsize=4096, f_flags=4128}) = 0
> access("/etc/selinux/config", F_OK) = 0
> access("/etc/system-fips", F_OK)= -1 ENOENT (No such file or 
> directory)
> open("/etc/pki/tls/openssl.cnf", O_RDONLY) = 3
> open("/proc/meminfo", O_RDONLY|O_CLOEXEC) = 3
> open("/usr/lib64/openssl/engines/libpkcs11.so", O_RDONLY|O_CLOEXEC) = 3
> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libp11.so.2", O_RDONLY|O_CLOEXEC) = 3
> (pkcs11) pkcs11 engine
> open("/usr/lib64/p11-kit-proxy.so", O_RDONLY|O_CLOEXEC) = 3
> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libffi.so.6", O_RDONLY|O_CLOEXEC) = 3
> open("/etc/pkcs11/pkcs11.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No
> such file or directory)
> open("/home/mator/.config/pkcs11/pkcs11.conf", O_RDONLY|O_CLOEXEC) =
> -1 ENOENT (No such file or directory)
> stat("/home/mator/.config/pkcs11/modules", 0x7ffc8a781f40) = -1 ENOENT
> (No such file or directory)
> stat("/etc/pkcs11/modules", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> open("/etc/pkcs11/modules", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
> stat("/etc/pkcs11/modules/..", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> stat("/etc/pkcs11/modules/.", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> stat("/usr/share/p11-kit/modules", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0
> open("/usr/share/p11-kit/modules",
> O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
> stat("/usr/share/p11-kit/modules/..", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0
> stat("/usr/share/p11-kit/modules/p11-kit-trust.module",
> {st_mode=S_IFREG|0644, st_size=693, ...}) = 0
> open("/usr/share/p11-kit/modules/p11-kit-trust.module", O_RDONLY|O_CLOEXEC) = 
> 4
> stat("/usr/share/p11-kit/modules/.", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0
> open("/usr/lib64/pkcs11/p11-kit-trust.so", O_RDONLY|O_CLOEXEC) = 3
> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libtasn1.so.6", O_RDONLY|O_CLOEXEC) = 3
> open("/lib64/libfreebl3.so", O_RDONLY|O_CLOEXEC) = 3
> statfs("/selinux", 0x7ffc8a782050)  = -1 ENOENT (No such file or 
> directory)
> open("/proc/mounts", O_RDONLY)  = 3
> open("/tmp/fficgaRwB", O_RDWR|O_CREAT|O_EXCL, 0600) = 3
> unlink("/tmp/fficgaRwB")= 0
>  [ available ]
> +++ exited with 0 +++
> [mator@node01 ~]$
> 
> ___
> pkg-opensc-maint mailing list
> pkg-opensc-ma...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-opensc-maint

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#814750: ITP: mtx-app -- command line utility for maXTouch devices

2016-02-14 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland <e...@debian.org>

* Package name: mtx-app
  Version : 1.26 
  Upstream Author : Atmel Corporation
* URL : https://github.com/atmel-maxtouch
* License : BSD 2-clause
  Programming Lang: C
  Description : command line utility for maXTouch devices

mxt-app is a utility for managing Atmel maXTouch touch controllers and other 
devices that support Atmel Object Based Protocol.

Needed for touchpad and touchscreen on the Chromebook Pixel 2015.

Bug#812528: Redundant argument in sprintf for postfix script

2016-01-25 Thread Eric Dorland 
* Willi Mann (wi...@debian.org) wrote:
> Hi Eric,
> 
> Am 2016-01-24 um 18:54 schrieb Eric Dorland:
> > Package: logwatch
> > Version: 7.4.1+svn20151218rev302-1
> > Severity: minor
> >
> > I'm getting the following warning when the postfix script runs:
> 
> could you verify whether attached version of the postfix script fixes
> this issue? (unpack and Copy it to
> /usr/share/logwatch/scripts/services/postfix)

Yup, looks good.


-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#812528: Redundant argument in sprintf for postfix script

2016-01-24 Thread Eric Dorland 
Package: logwatch
Version: 7.4.1+svn20151218rev302-1
Severity: minor

I'm getting the following warning when the postfix script runs:

 - Postfix Begin 

 Redundant argument in sprintf at /usr/share/logwatch/scripts/services/postfix l
ine 1382, <> line 16.
 Redundant argument in sprintf at /usr/share/logwatch/scripts/services/postfix l
ine 1382, <> line 16.
 Redundant argument in sprintf at /usr/share/logwatch/scripts/services/postfix l
ine 1382, <> line 16.
 Redundant argument in sprintf at /usr/share/logwatch/scripts/services/postfix l
ine 1382, <> line 16.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages logwatch depends on:
ii  perl5.22.1-4
ii  postfix [mail-transport-agent]  2.11.3-1+b1

Versions of packages logwatch recommends:
ii  libdate-manip-perl   6.52-1
ii  libsys-cpu-perl  0.61-1+b2
ii  libsys-meminfo-perl  0.98-1+b1

Versions of packages logwatch suggests:
pn  fortune-mod  

-- no debconf information

Bug#734442: patch

2016-01-04 Thread Eric Dorland 
* Patrick Matthäi (pmatth...@debian.org) wrote:
> 
> 
> Am 01.01.2016 um 04:09 schrieb Eric Dorland:
> >>To repeat myself: If you guys (packagers) all agree on how this file
> >>should look like, I'm fine with it too.
> >>
> >>If you want to maintain a separate unit file for Debian which is
> >>different from other distros, I'm not in a position to stop you from
> >>doing this.
> >I don't have strong feelings about this, and I'm not the
> >maintainer. I would just like this to work out of the box on Debian :)
> >Patrick what do you think?
> 
> For the Debian packaging itself it looks good for me (except of the username
> e.g.).
> Maybe we should use something like "znc-system" or "znc-daemon", since most
> znc users just have called their znc user "znc" and "_znc" is invalid.

_znc is a perfectly valid username, it's just discouraged because some
libraries make bad assumptions about what characters are valid in a
username. This shouldn't be a problem for znc. Take a look at your
system, you probably already have an _apt system user already. The
other semi-standard is for the username to have a Debian- prefix, but
IMHO this is ugly beyond all reason, and certainly isn't very
portable.

I'm not sure we can find a perfectly portable answer to what the
username should be, and perhaps a configure switch is the least
terrible solution.

> I would be happy to have got a solution with upstream and other
> distributions, so that there are no bigger differences (or bugs) between
> different distributions and upstream.

OK, I'll working on some upstream patches so that we can use the
upstream service file.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#809756: Unescaped left brace in regex is deprecated

2016-01-03 Thread Eric Dorland 
Package: logwatch
Version: 7.4.1+svn20150731rev294-1
Severity: normal

I'm seeing "Unescaped left brace in regex is deprecated, passed through in 
regex" in my logwatch reports, presumably due to the recent perl upgrade. Below 
are all the sections I'm seeing this in:

 - Amavisd-new Begin 

 Unescaped left brace in regex is deprecated, passed through in regex; marked by
<-- HERE in m/^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED
\(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: {
<-- HERE [^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]),
(?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/ at
/usr/share/logwatch/scripts/services/amavis line 2286.

 -- Amavisd-new End -

 - Postfix Begin 

 Unescaped left brace in regex is deprecated, passed through in regex; marked by
<-- HERE in m/^Config: { <-- HERE / at
/usr/share/logwatch/scripts/services/postfix line 1850.
 Redundant argument in sprintf at /usr/share/logwatch/scripts/services/postfix l
ine 1382, <> line 10.
 Redundant argument in sprintf at /usr/share/logwatch/scripts/services/postfix l
ine 1382, <> line 10.
8.862K  Bytes accepted   9,075
8.862K  Bytes delivered  9,075
    ==

2   Accepted   100.00%
    --
2   Total  100.00%
    ==

2   Removed from queue
2   Delivered


 -- Postfix End -

 - Connections (secure-log) Begin 

 Unescaped left brace in regex is deprecated, passed through in regex; marked by
<-- HERE in m/krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes { <-- HERE [
0-9]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (ISSUE|UNKNOWN_SERVER): authtime
[0-9]+, (?:etypes {rep=[0-9]+ tkt=[0-9]+ ses=[0-9]+},)? ([^ ]+) for ([^ ,]+)(?:,
)?(.*)$/ at /usr/share/logwatch/scripts/services/secure line 510.
 Unescaped left brace in regex is deprecated, passed through in regex; marked by
<-- HERE in m/krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes {[ 0-9]+}\)
([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (ISSUE|UNKNOWN_SERVER): authtime [0-9]+,
(?:etypes { <-- HERE rep=[0-9]+ tkt=[0-9]+ ses=[0-9]+},)? ([^ ]+) for ([^
,]+)(?:, )?(.*)$/ at /usr/share/logwatch/scripts/services/secure line 510.
 Unescaped left brace in regex is deprecated, passed through in regex; marked by
<-- HERE in m/krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes { <-- HERE [
0-9]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+):
(NEEDED_PREAUTH|PREAUTH_FAILED|CLIENT_NOT_FOUND): ([^ ]+) for ([^ ,]+)(?:,
)?(.*)$/ at /usr/share/logwatch/scripts/services/secure line 519.

 -- Connections (secure-log) End -

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages logwatch depends on:
ii  perl5.22.1-3
ii  postfix [mail-transport-agent]  2.11.3-1+b1

Versions of packages logwatch recommends:
ii  libdate-manip-perl   6.52-1
ii  libsys-cpu-perl  0.61-1+b2
ii  libsys-meminfo-perl  0.98-1+b1

Versions of packages logwatch suggests:
pn  fortune-mod  

-- no debconf information

Bug#734442: patch

2015-12-31 Thread Eric Dorland 
* Alexey Sokolov (ale...@asokolov.org) wrote:
> No, the reason I reverted it is
> https://github.com/znc/znc/issues/1165#issuecomment-156880251 (point 2.)

I don't really understand this argument. Using datadir (or pkgdatadir)
allows the builder to set it to whatever value they wish at build
time, how is that not generic? I think hiding the system configuration
inside of a .znc directory is surprising and IMHO we should avoid it.

You could provide a different automake variable to configure this and
default it ~/.znc. Alternatively, you could add a --system flag (or
something) to change the defaults if you really want these paths built
into the binary.

> To repeat myself: If you guys (packagers) all agree on how this file
> should look like, I'm fine with it too.
> 
> If you want to maintain a separate unit file for Debian which is
> different from other distros, I'm not in a position to stop you from
> doing this.

I don't have strong feelings about this, and I'm not the
maintainer. I would just like this to work out of the box on Debian :)
Patrick what do you think?

> I'm happy to accept changes upstream, if that makes packagers' life
> easier.

Cool. Outside of packaging, there are probably some hardening options
that would be useful to add. Have you considered adding socket
activation support, sd_notify and syslogging support to make this work
a little better with systemd? I'd be happy to contribute some
patches.

> You can join that discussion if you disagree with @seblu and @Philantrop
> 
> As for _znc username, perhaps that could be either a Debian-specific
> one-line patch, or e.g. a env variable used by ./configure...

Either of those are fine with me, but the more the service file is
configurable this way the less it makes sense to me to try to keep an
authoritative service file.

We also don't need to use _znc, but znc instead. But znc being so short
it does seem like it could conflict with an existing user on the
system.

> 29.12.2015 22:30, Eric Dorland пишет:
> > * Alexey Sokolov (ale...@asokolov.org) wrote:
> >> Hi Eric, Does the service file need to be different from the
> >> included one? 
> >> (https://github.com/znc/znc/blob/master/znc.service.in)
> > 
> > Currently it does, because the patch as is creates a _znc user
> > rather than znc to avoid namespace collision. It also uses the
> > --datadir flag to avoid the .znc directory. It also uses
> > ConditionFileNotEmpty to prevent startup if it's not configured. We
> > don't have to do these things but they all seem useful to me.
> > There's really room to go further with various systemd protection
> > settings, but I didn't want to overcomplicate the diff.
> > 
> >> Also please check the recent discussion about it at 
> >> https://github.com/znc/znc/issues/1165
> > 
> > Thanks for pointing this out. There's a lot of issues to intermixed
> > in this bug report. It looks like the reason they reverted the
> > --datadir change was because it broke existing users, which is fair
> > but we don't have that problem in Debian. I think having a unified
> > unit file would be good but I don't think that should tie hands
> > against good improvements.
> > 
> 

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#734442: patch

2015-12-29 Thread Eric Dorland 
* Alexey Sokolov (ale...@asokolov.org) wrote:
> Hi Eric,
> Does the service file need to be different from the included one?
> (https://github.com/znc/znc/blob/master/znc.service.in)

Currently it does, because the patch as is creates a _znc user rather
than znc to avoid namespace collision. It also uses the --datadir flag
to avoid the .znc directory. It also uses ConditionFileNotEmpty to
prevent startup if it's not configured. We don't have to do these
things but they all seem useful to me. There's really room to go
further with various systemd protection settings, but I didn't want to
overcomplicate the diff.

> Also please check the recent discussion about it at
> https://github.com/znc/znc/issues/1165

Thanks for pointing this out. There's a lot of issues to intermixed in
this bug report. It looks like the reason they reverted the --datadir
change was because it broke existing users, which is fair but we
don't have that problem in Debian. I think having a unified unit file
would be good but I don't think that should tie hands against good
improvements.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#734442: patch

2015-12-29 Thread Eric Dorland 
Package: znc
Version: 1.6.2-2+b1
Followup-For: Bug #734442

Here is a patch that tries to add this functionality. It adds a package, 
znc-daemon that creates a system user and runs znc under systemd. Let me know 
if you don't like this approach and how I should approach this.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages znc depends on:
ii  libc62.21-6
ii  libgcc1  1:5.3.1-4
ii  libicu55 55.1-6
ii  libsasl2-2   2.1.26.dfsg1-14+b1
ii  libssl1.0.2  1.0.2e-1
ii  libstdc++6   5.3.1-4
ii  zlib1g   1:1.2.8.dfsg-2+b1

Versions of packages znc recommends:
ii  znc-perl1.6.2-2+b1
ii  znc-python  1.6.2-2+b1
ii  znc-tcl 1.6.2-2+b1

znc suggests no packages.

-- no debconf information
diff -ruN znc-1.6.2.old/debian/control znc-1.6.2/debian/control
--- znc-1.6.2.old/debian/control	2015-12-28 16:31:23.228373031 -0500
+++ znc-1.6.2/debian/control	2015-12-29 03:25:02.657680988 -0500
@@ -2,6 +2,7 @@
 Section: net
 Priority: optional
 Build-Depends: debhelper (>= 9),
+ dh-systemd,
  libssl-dev,
  libperl-dev,
  libicu-dev,
@@ -143,3 +144,21 @@
  interface with many plugins supporting other features.
  .
  This package contains the znc Tcl extension.
+
+Package: znc-daemon
+Architecture: all
+Depends: znc (= ${binary:Version})
+Description: advanced modular IRC bouncer, system daemon
+ znc is an IRC proxy. It runs as a daemon and connects to IRC server,
+ then allows you to connect from a workstation and work as the user that
+ is logged in to the IRC server. After you disconnect, it maintains the
+ connection to the server. It acts like any normal IRC server, so you can
+ use any IRC client to connect to it.
+ .
+ Some of its features include support for multiple users, multiple clients,
+ and multiple IRC servers; playback buffers to catch up with what happened
+ while you were detached, SSL encryption, DCC proxying, and a plugin
+ interface with many plugins supporting other features.
+ .
+ This package contains the files necessary to run znc as a system daemon.
+
diff -ruN znc-1.6.2.old/debian/rules znc-1.6.2/debian/rules
--- znc-1.6.2.old/debian/rules	2015-12-28 16:31:23.228373031 -0500
+++ znc-1.6.2/debian/rules	2015-12-29 03:08:06.163862824 -0500
@@ -21,7 +21,7 @@
 	--enable-python
 
 %:
-	dh $@ --with python3
+	dh $@ --with python3,systemd
 
 override_dh_auto_configure:
 	dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_FLAGS)
@@ -56,3 +56,9 @@
 
 override_dh_strip:
 	dh_strip --dbg-package=znc-dbg
+
+override_dh_systemd_enable:
+	dh_systemd_enable --name=znc
+
+override_dh_systemd_start:
+	dh_systemd_start --restart-after-upgrade
diff -ruN znc-1.6.2.old/debian/znc-daemon.README.Debian znc-1.6.2/debian/znc-daemon.README.Debian
--- znc-1.6.2.old/debian/znc-daemon.README.Debian	1969-12-31 19:00:00.0 -0500
+++ znc-1.6.2/debian/znc-daemon.README.Debian	2015-12-29 03:21:50.511604864 -0500
@@ -0,0 +1,4 @@
+Before the system wide znc will run it needs to be configured. To create an
+initial configuration run:
+
+sudo -u _znc /usr/bin/znc --datadir=/var/lib/znc --makeconf
diff -ruN znc-1.6.2.old/debian/znc-daemon.postinst znc-1.6.2/debian/znc-daemon.postinst
--- znc-1.6.2.old/debian/znc-daemon.postinst	1969-12-31 19:00:00.0 -0500
+++ znc-1.6.2/debian/znc-daemon.postinst	2015-12-28 17:16:48.901019316 -0500
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+configure)
+if ! getent passwd _znc >/dev/null; then
+adduser --quiet --system --force-badname \
+--home /var/lib/znc _znc
+fi
+;;
+
+abort-upgrade|abort-remove|abort-deconfigure)
+;;
+
+*)
+echo "postinst called with unknown argument \`$1'" >&2
+exit 1
+;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff -ruN znc-1.6.2.old/debian/znc-daemon.znc.service znc-1.6.2/debian/znc-daemon.znc.service
--- znc-1.6.2.old/debian/znc-daemon.znc.service	1969-12-31 19:00:00.0 -0500
+++ znc-1.6.2/debian/znc-daemon.znc.service	2015-12-29 02:55:04.223796902 -0500
@@ -0,0 +1,11 @@
+[Unit]
+Description=ZNC, an advanced IRC bouncer
+After=network.target
+ConditionFileNotEmpty=/var/lib/znc/configs/znc.conf
+
+[Service]
+ExecStart=/usr/bin/znc --datadir=/var/lib/znc -f 
+User=_znc
+
+[Install]
+WantedBy=multi-user.target

Bug#809018: [Letsencrypt-devel] Bug#809018: please backport letsencrypt to jessie-backports

2015-12-27 Thread Eric Dorland 
* Axel Beckert (a...@debian.org) wrote:
> Hi,
> 
> Eric Dorland wrote:
> > Package: letsencrypt
> > Severity: wishlist
> > 
> > This may already be in the works but I couldn't find any info to
> > that effect. This would be a useful package to backport to stable.
> 
> It's definitely planned. Even before it was in NEW, the plan was
> already to get letsencrypt into stable-backports.

Excellent. I expected as much but wanted to be sure.

> That plan may have been only mentioned on IRC (at least that's where I
> know it from), but there were IIRC at least two bug reports related to
> backporting itself.

Sorry if this was a duplicate or expressed better somewhere else, I
didn't see any related reports.

> There's even the idea (brought up by myself) to make backports to
> (wheezy|oldstable)-backports-sloppy, but that's much more work than
> for Jessie and I failed on it so far.
> 
> A promising alternative for Wheezy boxes may be
> https://github.com/lukas2511/letsencrypt.sh -- which implements the
> client in pure bash (not pure bourne shell as it seems). It's under
> MIT license, but not (yet) packaged. Haven't tried it yet, though.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#809018: please backport letsencrypt to jessie-backports

2015-12-25 Thread Eric Dorland 
Package: letsencrypt
Severity: wishlist

This may already be in the works but I couldn't find any info to that effect. 
This would be a useful package to backport to stable.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#744380: dh_auto_test: set VERBOSE when running Automake tests

2015-11-26 Thread Eric Dorland 
* Niels Thykier (ni...@thykier.net) wrote:
> Control: reassign -1 debhelper,automake
> 
> On Sun, 13 Apr 2014 15:15:30 +0100 Simon McVittie <s...@debian.org> wrote:
> > Package: debhelper
> > Version: 9.20140228
> > Severity: wishlist
> > 
> > Recent versions of Automake have a new "test driver" that records test
> > output in log files rather than printing it to stdout/stderr. It is
> > not typically possible to retrieve these log files from the buildds.
> > 
> > If the environment variable VERBOSE is set to a non-empty value when
> > running such tests, this output is suppressed for successful or
> > skipped tests, but is sent to stdout for failed tests. This seems
> > like "the best of both worlds" for maintainer and buildd use: the
> > information is logged in exactly those cases where it is needed.
> > 
> > Please consider running Automake tests with VERBOSE=1.
> > 
> > Regards,
> > S
> > 
> > [...]
> 
> Hi,
> 
> On #debian-devel, it was proposed to have automake change the default to
> be more verbose on test failures.  Eric, what do you think of that idea? :)

Sounds like a reasonable idea to me, I don't perceive any problems
with it.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#802118: [pkg-opensc-maint] Bug#802118: libengine-pkcs11-openssl: Functions to set static global data may cause memory leak.

2015-10-18 Thread Eric Dorland 
* persmule (persm...@gmail.com) wrote:
> Package: libengine-pkcs11-openssl
> Version: 0.1.8-5
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Dear Maintainer,
> 
> Functions in src/engine_pkcs11.c to set static global data (set_module,
> set_pin, get_pin and set_init_args) do not free memories pointed by the
> corresponding pointers before assigning them to newly allocated
> memories, which
> may cause memory leaks if they are called more than once.
> 
> The bugs related to set_module, set_pin and get_pin are fixed on
> upstream, but
> the one of set_init_args is not.

Agreed that these are valid memory leaks but what's the security
implication? This doesn't seem obviously exploitable.

-- 
Eric Dorland <e...@kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#796863: libassa3.5-5v5 and libassa-3.5-5v5: error when trying to install together

2015-08-25 Thread Eric Dorland 
* Riley Baird (bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch) wrote:
 This is listed in the FTP master's cruft report, so if I'm correct, it
 shouldn't be necessary to request a removal from unstable.

Yeah and you have the right conflicts/replaces. I'm surprised it's
complaining about this.

-- 
Eric Dorland e...@kuroneko.ca
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: Digital signature

Bug#796007: Add redshift permission to geoclue

2015-08-18 Thread Eric Dorland 
Package: geoclue-2.0
Version: 2.1.10-2
Severity: wishlist
Tags: patch

Attached patch enables redshift to use geoclue out of the box. This makes
using redshift more seemless by not requiring any manual configuration to 
work and also it allows redshift to run with its default configuration
(it usually fails on my system with a permission denied error without this
change).

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages geoclue-2.0 depends on:
ii  adduser 3.113+nmu3
ii  libc6   2.19-19
ii  libglib2.0-02.44.1-1.1
ii  libjson-glib-1.0-0  1.0.4-1
ii  libmm-glib0 1.4.10-1
ii  libsoup2.4-12.50.0-2

Versions of packages geoclue-2.0 recommends:
ii  modemmanager   1.4.10-1
ii  wpasupplicant  2.3-2

geoclue-2.0 suggests no packages.

-- no debconf information
From 54c5a2b3d30a264cf4d103f998cbecbae851081f Mon Sep 17 00:00:00 2001
From: Eric Dorland e...@debian.org
Date: Tue, 18 Aug 2015 08:46:14 -0400
Subject: [PATCH] Add redshift permission

Allow redshift to read location from geoclue by default. Mark as a system
component so that the location icon isn't always showing and it is ambient
service like automatic timezone detection.
---
 data/geoclue.conf.in | 5 +
 1 file changed, 5 insertions(+)

diff --git a/data/geoclue.conf.in b/data/geoclue.conf.in
index e4d9e70..6c893af 100644
--- a/data/geoclue.conf.in
+++ b/data/geoclue.conf.in
@@ -75,3 +75,8 @@ users=
 allowed=true
 system=false
 users=
+
+[redshift]
+allowed=true
+system=true
+users=
-- 
2.5.0

Bug#788807: [gnome-shell-extension-redshift] Uninstallable with Gnome 3.16

2015-06-22 Thread Eric Dorland 
.git4648ad79/src/schemas/org.gnome.shell.extensions.redshift.gschema.xml
  2015-06-15 01:21:03.0 +0530
 @@ -4,7 +4,7 @@
  key name=active type=b
defaulttrue/default
summaryActivate redshift mode./summary
 -  descriptionWether redshift mode should currently be 
 active./description
 +  descriptionWhether redshift mode should currently be 
 active./description
  /key
  
  key name=location-provider type=s


-- 
Eric Dorland e...@kuroneko.ca
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: Digital signature

Bug#753163: [pkg-gnupg-maint] gnupg 2.0.27 in debian unstable, with some fixes that we might want to consider for jessie

2015-05-29 Thread Eric Dorland 
* Daniel Kahn Gillmor (d...@fifthhorseman.net) wrote:
 hey debian gnupg folks--
 
 I've uploaded gnupg2 2.0.27-2 to unstable.  This brings unstable closer
 to upstream (most of debian/patches is removed), and includes some
 debian-specific attempts to address some problems that might be relevant
 for a wider userbase.
 
 The most important changes included in 2.0.27-2 that i'd like people to
 look at are:
 
 https://anonscm.debian.org/cgit/pkg-gnupg/gnupg2.git/commit/?id=154d606ed022cee8ef1b86183f6a444d198a8a39
 
This proposes a workaround for GNOME keyring hijacking gpg-agent,
including shipping /usr/bin/gnome-keyring-unhijack-gpg-agent as an
interim measure, and suggesting its use if a hijack is detected.
(#760102 and #753163)
 
 https://anonscm.debian.org/cgit/pkg-gnupg/gnupg2.git/commit/?id=be070c6017fede8dbd3549c0071e3f0ac44bebcd
 
This imports NIIBE's upstream fix to not choke on repeated copies of
unknown key material (#787045)
 
 If folks can take a look at these changes and let me know what you think
 about them, that would be great.
 
 In particular, i want to consider the two changes above for a stable
 point release, so if you see any concerns about either of them, please
 say something.

Both seem reasonable for inclusion, particularly the second
one. Should we have a NEWS.Debian entry to explain the issues with
gnome-keyring and the existence of this script as well?

-- 
Eric Dorland e...@kuroneko.ca
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: Digital signature

Bug#785064: automake: please update to automake 1.15

2015-05-11 Thread Eric Dorland 
* Norbert Preining (prein...@logic.at) wrote:
 Package: automake
 Version: 1:1.14.1-4
 Severity: wishlist
 
 Dear auto* maintainers,
 
 some of my packages nowadays require automake 1.15, could this please be
 included in Debian.

It's uploaded and just awaiting NEW processing:
https://ftp-master.debian.org/new/automake-1.15_1%3A1.15-1.html.

-- 
Eric Dorland e...@kuroneko.ca
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: Digital signature

Bug#781648: dnscrypt-proxy: Default configuration doesn't work with Unbound DNS cache

2015-04-12 Thread Eric Dorland 
* Ivan Vilata i Balaguer (i...@selidor.net) wrote:
 Package: dnscrypt-proxy
 Version: 1.4.3-2
 Severity: normal
 
 Hi!  The README of ``dnscrypt-proxy`` recommends using Unbound as a DNS
 caching resolver in combination with it.  However, Unbound enables DNSSEC and
 the default configuration of ``dnscrypt-proxy`` sets
 ``DNSCRYPT_PROXY_RESOLVER_NAME=opendns`` in its default file.  The problem is
 that OpenDNS servers disable DNSSEC, which results in Unbound rejecting the
 responses coming from the proxy and name resolution failing, as explained
 here: https://forums.opendns.com/comments.php?DiscussionID=15361#Item_9
 
 I suggest to change the default to a different one (e.g. the ``dnscrypt.eu-*``
 servers seem to work), or to add a short comment in the default file warning
 about OpenDNS servers and DNSSEC.
 
 Thanks!

Yikes. I wasn't aware that OpenDNS did that. That does make them a
rather poor default. The reason I chose it was that it has servers all
over the place (https://www.opendns.com/data-center-locations/) and
uses anycast, so it should be fast no matter where you are
located. The dnscrypt.eu-* servers are going to be a poor choice for
folks outside of Europe.

It's unfortunate but there may be no sane default. It may be necessary
to do some debconf work here to present some options. This will
require some thought.

-- 
Eric Dorland e...@kuroneko.ca
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: Digital signature

Bug#782164: ITP: dnscrypt-wrapper -- A server-side dnscrypt proxy

2015-04-08 Thread Eric Dorland 
Package: wnpp
Severity: wishlist
Owner: Eric Dorland e...@debian.org

* Package name: dnscrypt-wrapper
  Version : 0.1.15
  Upstream Author : Yecheng Fu cofyc.jack...@gmail.com
* URL : https://github.com/Cofyc/dnscrypt-wrapper
* License : GPL v2
  Programming Lang: C
  Description : A server-side dnscrypt proxy

A dnscrypt wrapper (server-side dnscrypt proxy), which helps to add dnscrypt
support to any name resolver.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781890: RFP: dnscrypt-proxy -- Encrypts DNS traffic between the user and a DNS-Server.

2015-04-05 Thread Eric Dorland 
This has already been uploaded to unstable a few weeks ago.

-- 
Eric Dorland e...@kuroneko.ca
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: Digital signature

Bug#781631: [Pkg-gnupg-maint] Bug#781631: gnupg2: provide packaging with debug symbols for gnupg2

2015-04-01 Thread Eric Dorland 
* Daniel Kahn Gillmor (d...@fifthhorseman.net) wrote:
 On Tue 2015-03-31 18:55:26 -0400, Eric Dorland wrote:
  * Daniel Kahn Gillmor (d...@fifthhorseman.net) wrote:
  Package: gnupg2
  Version: 2.1.2-2
  Severity: wishlist
  
  It would be useful to be able to ship debug symbols for GnuPG2.
 
  Agreed, but has policy on this changed? I thought binary packages
  weren't supposed to ship -dbg packages?
 
 hm, i don't think i realized that restriction.  where is the policy for
 this?  a quick check on a local machine turns up at least wireshark-dbg
 and network-manager-dbg that ship -dbg packages for binaries.

I was just going based on memory and it's not spelled out in policy,
just the developers reference:
https://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-dbg

It recommends not building a -dbg package for programs in general but
for core infrastructure can be good candidates for debug
packages. GPG seems infrastructury enough to me :)

-- 
Eric Dorland e...@kuroneko.ca
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: Digital signature

  1   2   3   4   5   6   7   8   9   10   >