Bug#978644: 978644

2024-05-27 Thread Laszlo 
https://github.com/dracut-ng/dracut-ng/commit/fba8622fdd06540bd2a62262e945fe66392a26d3

Bug#1068250: 1068250

2024-05-25 Thread Laszlo 
> Fedora, Arch kept calling the package dracut

Indeed, this is an important precedent. 10+ other Linux
distributions (every single one that migrated) kept the dracut name - see
https://repology.org/project/dracut/versions

dracut-ng just the name of the github repository that is meant to be a drop
in continuation of the original project. The name of the binary is still
called dracut.

Bug#887050: 887050

2024-05-25 Thread Laszlo 
> it would be nice if dracut recognized crypttab devices

Can you please try --hostonly mode for this ?

See https://manpages.debian.org/testing/dracut-core/dracut.8.en.html

Bug#1022129: 1022129

2024-05-25 Thread Laszlo 
Resolved upstream:
https://github.com/dracut-ng/dracut-ng/commit/d2ff89e24479f1b8c2a21613632a4beb58c2a182

Bug#1029324: 1029324

2024-05-25 Thread Laszlo 
Resolved upstream:
https://github.com/dracut-ng/dracut-ng/commit/2339acfaeee60d6bb26a1103db2e53bc8f9cb2d1

Bug#1068250: dracut: Consider switching to the fork dracut-ng

2024-04-05 Thread Laszlo 
Released (tagged as 100).

https://github.com/dracut-ng/dracut-ng/releases/tag/100

Thanks Thomas !

Bug#1056733: iscsiuio - iscsiuio.socket

2023-11-25 Thread Laszlo 
Package: iscsiuio

Hello,

/lib/systemd/system/iscsiuio.socket seems to be missing from the iscsiuio
package, see https://packages.debian.org/sid/amd64/iscsiuio/filelist .

Thanks,
  Laszlo

Bug#1056382: missing dependency on systemd-sysv

2023-11-23 Thread Laszlo 
Hello,

PR  https://salsa.debian.org/debian/dracut/-/merge_requests/29 .

Please let us know if this resolved it or if you have some feedback on the
PR.

Thanks,
  Laszlo

Bug#1041054: dracut-network

2023-07-20 Thread Laszlo 
Hello Team,

I opened an MR to resolve this -
https://salsa.debian.org/debian/dracut/-/merge_requests/23 .

As an upstream dracut maintainer, I'd like to add that:

1./ network-legacy is still likely the most tested and trusted dracut
networking backend. The entire dracut upstream testing is still on
network-legacy as other networking backends are not yet stable.

2./ network-manager requires dbus in initramfs, which is known to have
problems - https://github.com/dracutdevs/dracut/issues/2378

3./ Not all dracut kernel command line options are supported by all
dracut networking backends -
https://github.com/dracutdevs/dracut/issues/1876


Benjamin, if you have a chance to test other Dracut networking backends
(e.g. systemd-networkd or perhaps even connman) on Debian and report back
that would be useful both for the Debian and for the Dracut upstream
communities.

Best,
  Laszlo

Bug#994492: sg3-utils-udev should not require initramfs-tools-core

2023-06-09 Thread Laszlo 
Hello,

> This change was proposed by the Dracut maintainers.

> https://salsa.debian.org/linux-blocks-team/sg3-utils/-/merge_requests/1

Another MR proposed by a dracut maintainer to undo some of the effect of
previous MR.
https://salsa.debian.org/linux-blocks-team/sg3-utils/-/merge_requests/7

Thank you very much !

Laszlo

Bug#967921: dracut-core: cryptsetups tmpfile

2023-06-03 Thread Laszlo 
Hello,

Upstream dracut fix -
https://github.com/dracutdevs/dracut/commit/a4cc196467e45f093fab7876c1c6b40798058920

This fix is now included in sid: https://packages.debian.org/sid/dracut-core

Perhaps this issue can now be closed.

Thanks,
  Laszlo

Bug#1017039: more infos

2023-03-17 Thread Laszlo 
Hello Thomas,

I created a Debian PR for this as well

https://salsa.debian.org/debian/dracut/-/merge_requests/20

Thanks,
  Laszlo

On Mon, Mar 6, 2023 at 10:37 PM Laszlo  wrote:

> Hello Thomas,
>
> I moved the hook to pre-pivot for the overlayfs, just like the
> overlay-root debian dracut module.
>
> https://github.com/dracutdevs/dracut/pull/2269
>
> The upstream review is progress. If you have an opportunity to try the
> upstream patch and give us feedback, that would be greatly appreciated.
>
> Thanks,
>   Laszlo
>

Bug#1017039: more infos

2023-03-06 Thread Laszlo 
Hello Thomas,

I moved the hook to pre-pivot for the overlayfs, just like the overlay-root
debian dracut module.

https://github.com/dracutdevs/dracut/pull/2269

The upstream review is progress. If you have an opportunity to try the
upstream patch and give us feedback, that would be greatly appreciated.

Thanks,
  Laszlo

On Thu, Dec 22, 2022 at 4:48 PM Thomas Lange  wrote:

> I did some more tests.
>
> modules.d/90overlayfs installs the script that mounts the overlay
> using this line:
>
> inst_hook mount 01 "$moddir/mount-overlayfs.sh"
>
> But the mount hooks of dracut are not executed at all.
> Here's the part of init.log:
>
>
> /init@229(): getarg rd.break=mount -d rdbreak=mount
> /lib/dracut-lib.sh@153(getarg): debug_off
> /lib/dracut-lib.sh@23(debug_off): set +x
> /lib/dracut-lib.sh@216(getarg): return 1
> /init@232(): _i_mount=0
> /init@233(): :
> /init@234(): ismounted /sysroot
> /lib/dracut-lib.sh@525(ismounted): findmnt /sysroot
> /init@235(): usable_root /sysroot
> /lib/dracut-lib.sh@736(usable_root): local _i
> /lib/dracut-lib.sh@738(usable_root): '[' -d /sysroot ']'
> /lib/dracut-lib.sh@740(usable_root): for _i in "$1"/usr/lib*/ld-*.so
> "$1"/lib*/ld-*.so
> /lib/dracut-lib.sh@741(usable_root): '[' -e '/sysroot/usr/lib*/ld-*.so'
> ']'
> /lib/dracut-lib.sh@740(usable_root): for _i in "$1"/usr/lib*/ld-*.so
> "$1"/lib*/ld-*.so
> /lib/dracut-lib.sh@741(usable_root): '[' -e '/sysroot/lib*/ld-*.so' ']'
> /lib/dracut-lib.sh@744(usable_root): for _i in proc sys dev
> /lib/dracut-lib.sh@745(usable_root): '[' -e /sysroot/proc ']'
> /lib/dracut-lib.sh@744(usable_root): for _i in proc sys dev
> /lib/dracut-lib.sh@745(usable_root): '[' -e /sysroot/sys ']'
> /lib/dracut-lib.sh@744(usable_root): for _i in proc sys dev
> /lib/dracut-lib.sh@745(usable_root): '[' -e /sysroot/dev ']'
> /lib/dracut-lib.sh@748(usable_root): return 0
> /init@235(): break
>
>
> Because of the break this line is not executed in init.sh and the
> overlay mount script is not executed.
>
> line 238 for f in "$hookdir"/mount/*.sh; do
>
> --
> regards Thomas
>

Bug#1017039: 90overlay-root vs 90dmsquash-live

2022-12-20 Thread Laszlo 
Hello Thomas,

Happy Holidays !

Thank you so much for the follow-up and giving it a try. Since the
test seems to pass in the upstream dracut repo and fail in the debian
package version, I would be inclined to focus on the differences
upstream vs downstream.

> I can't see that the overlayfs module is executed

Can you please make sure that overlay-root is not included in initramfs.
Do you have rd.live.overlay.overlayfs=1 set on the command line ?
Can you please list the output of the dracut command when initramfs is
generated ?
Can you please perhaps post the full log ?

Perhaps best to open a bug in
https://github.com/dracutdevs/dracut/issues for this ?

Thanks,
  Laszlo


On Tue, Dec 20, 2022 at 5:37 PM Thomas Lange  wrote:
>
> >>>>> On Mon, 12 Dec 2022 17:33:18 -0500, Laszlo  
> >>>>> said:
>
> > 
> https://github.com/dracutdevs/dracut/blob/master/test/TEST-20-NFS/test.sh#L178
> I cannot reproduce that this works.
> It always mounts the nfsroot read-only, but no writeable overlayfs in
> tmpfs is available. I didn't found the problem yet, but I can't see
> that the overlayfs module is executed (rd.debug enabled and grep in 
> /run/initramfs/init.log)
>
> --
> regards thomas

Bug#1025996: dev-shm-mount dracut patch

2022-12-12 Thread Laszlo 
Package: dracut

https://salsa.debian.org/debian/dracut/-/blob/master/debian/patches/dev-shm-mount
patch was created to resolve
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637286 more than a decade
ago.

Since then it seems there was a change and the bug for "/dev/shm a symlink
to /run/shm, should be other way round" filed 5 years ago -
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851427.

>From what I can see, dropping the dev-shm-mount dracut patch would
implement the "/run/shm symlink to /dev/shm" behaviour. That would mean
less inconsistencies and less debian patches.

Is there a particular reason to continue to carry this patch around for
dracut ? What is the behaviour with initramfs-tools and systemd ?

Thanks,
  Laszlo

Bug#1017039: 90overlay-root vs 90dmsquash-live

2022-12-12 Thread Laszlo 
Hello Thomas and Team,

This is just a reminder, that the latest dracut debian package (057+157-4)
has both overlay-root and overlayfs dracut modules included in the package.
Thanks for pulling in all those changes from upstream.

I hope this is an opportunity to compare the two dracut modules and
perhaps start making steps on obsoleting the overlay-root dracut module,
which is debian specific and make more use of the overlayfs module which
are maintained (https://github.com/dracutdevs/dracut/pull/1934) and tested
upstream. As an example the Fedora live iso image is using the overlayfs
dracut module.

The overlayfs dracut module is specifically tested together with NFS as
well -
https://github.com/dracutdevs/dracut/blob/master/test/TEST-20-NFS/test.sh#L178

I expect there might be some differences between the two dracut modules, I
am here to learn about them and see what would be the next logical step.

Thanks,
  Laszlo

Bug#1016741: Wrong paths to nm-initrd-generator

2022-12-12 Thread Laszlo 
Package: dracut

Dracut upstream discussion on this -
https://github.com/dracutdevs/dracut/pull/2123

Thanks,
  Laszlo

Bug#1025951: systemd-users patch

2022-12-12 Thread Laszlo 
Hello Thomas,

The patch is for "modules.d/00systemd/module-setup.sh" file. Notice systemd
in the path for the file being patched. I do not understand how patching a
file that is only used with systemd does anything for a "non systemd
environment."

Thanks,
  Laszlo

On Mon, Dec 12, 2022 at 8:49 AM Thomas Lange  wrote:

> I guess we still need thee patch, because I gues dracut in a non
> systemd environment.
>
> --
> viele Grüße Thomas
>

Bug#1025951: systemd-users patch

2022-12-12 Thread Laszlo 
Package: dracut

I believe this patch is no longer needed -
https://salsa.debian.org/debian/dracut/-/blob/master/debian/patches/systemd-users

Related upstream change:
https://github.com/dracutdevs/dracut/commit/fec93bb22181f80056b40231fca36c422248ade0

Can you please check !

Thanks,
  Laszlo

Bug#1021431: linux-image-5.10.0-18-amd64: Broken HDMI audio for old Intel (Haswell) processor

2022-10-08 Thread Laszlo Taska 
Package: src:linux
Version: 5.10.140-1
Severity: normal
X-Debbugs-Cc: l...@gmx.com

The update to bullseye switched my kernel to 5.10. The audio over HDMI using 
i915 driver has been broken, It's playing too fast and sometimes there are 
jumps in it, I mean sooner or later parts are played. When watching a video 
then the whole playback is faster, I guess the player try to synchronize the 
audio and video stream.

I did the following tests to locate which component fails:
- If I reboot to the old buster kernel (linux-image-4.19.0-20-amd64) then no 
problem.
- If I play the sound over analog audio then no problem.
- The problem is independent if I play the audio through PulseAudio or use ALSA 
directly.

I tried some upstream kernel from testing: the same problem. I tried to google 
the issue. All I found is that Intel rewrote the audio driver for Haswell 
processors in kernel 5.10.

I picked up a video to test, its length is 54s. I played it using mpv with 
various setups. If audio was sent over HDMI then it was faster, the speed was 
not the same for different setups but using the same setups it was almost the 
same.

Fast replays:
Console, direct ALSA over HDMI, no video:
real0m41.967s
user0m35.052s
sys 0m0.733s

Console, through PulseAudio over HDMI, no video:
real0m28.731s
user0m33.298s
sys 0m0.683s

X, through PulseAudio over HDMI, with or without video:
real0m13.910s
user0m20.549s
sys 0m0.377s

X, direct ALSA over HDMI, with or without video:
real0m33.376s
user0m36.849s
sys 0m0.859s
Here I got messages: [ao/alsa] Device underrun detected.


Good replays:
X, through PulseAudio over analog audio, with or without video:
real0m53.799s
user0m42.634s
sys 0m1.018s

X, direct ALSA over analog audio, with or without video:
real0m53.812s
user0m42.584s
sys 0m1.001s

X, no audio, with video
real0m53.746s
user0m42.538s
sys 0m0.688s

Old kernel from buster (4.19.0-20-amd64), any options
real0m53.948s
user0m25.942s
sys 0m0.654s


My processor is an i5-4670, the bugreport didn't fill this info by default.


-- Package-specific info:
** Version:
Linux version 5.10.0-18-amd64 (debian-ker...@lists.debian.org) (gcc-10 (Debian 
10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP 
Debian 5.10.140-1 (2022-09-02)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-5.10.0-18-amd64 
root=UUID=18daa4e3-02d2-4abf-b065-2ded04efdc97 ro rootfstype=ext4 quiet

** Tainted: OE (12288)
 * externally-built ("out-of-tree") module was loaded
 * unsigned module was loaded

** Kernel log:
[3.122465] iTCO_vendor_support: vendor-support=0
[3.123401] sd 1:0:0:0: Attached scsi generic sg1 type 0
[3.124074] sr 5:0:0:0: Attached scsi generic sg2 type 5
[3.144287] at24 0-0051: supply vcc not found, using dummy regulator
[3.144465] input: PC Speaker as /devices/platform/pcspkr/input/input4
[3.145291] iTCO_wdt: Intel TCO WatchDog Timer Driver v1.11
[3.145318] iTCO_wdt: unable to reset NO_REBOOT flag, device disabled by 
hardware/BIOS
[3.145646] at24 0-0051: 256 byte spd EEPROM, read-only
[3.145665] at24 0-0053: supply vcc not found, using dummy regulator
[3.147578] at24 0-0053: 256 byte spd EEPROM, read-only
[3.153466] pstore: Using crash dump compression: deflate
[3.153473] pstore: Registered efi as persistent store backend
[3.160039] RAPL PMU: API unit is 2^-32 Joules, 2 fixed counters, 655360 ms 
ovfl timer
[3.160041] RAPL PMU: hw unit of domain package 2^-14 Joules
[3.160041] RAPL PMU: hw unit of domain dram 2^-14 Joules
[3.197365] cryptd: max_cpu_qlen set to 1000
[3.234756] Adding 8388604k swap on /dev/sda2.  Priority:-2 extents:1 
across:8388604k SSDscFS
[3.235155] AVX2 version of gcm_enc/dec engaged.
[3.235156] AES CTR mode by8 optimization enabled
[3.388572] snd_hda_intel :00:03.0: enabling device ( -> 0002)
[3.388718] snd_hda_intel :00:03.0: bound :00:02.0 (ops 
i915_audio_component_bind_ops [i915])
[3.389213] snd_hda_intel :00:1b.0: enabling device ( -> 0002)
[3.463151] input: HDA Intel HDMI HDMI/DP,pcm=3 as 
/devices/pci:00/:00:03.0/sound/card0/input5
[3.463183] input: HDA Intel HDMI HDMI/DP,pcm=7 as 
/devices/pci:00/:00:03.0/sound/card0/input6
[3.463211] input: HDA Intel HDMI HDMI/DP,pcm=8 as 
/devices/pci:00/:00:03.0/sound/card0/input7
[3.463237] input: HDA Intel HDMI HDMI/DP,pcm=9 as 
/devices/pci:00/:00:03.0/sound/card0/input8
[3.463262] input: HDA Intel HDMI HDMI/DP,pcm=10 as 
/devices/pci:00/:00:03.0/sound/card0/input9
[3.474935] snd_hda_codec_realtek hdaudioC1D2: autoconfig for ALC892: 
line_outs=3 (0x14/0x15/0x16/0x0/0x0) type:line
[3.474937] snd_hda_codec_realtek hdaudioC1D2:speaker_outs=0 
(0x0/0x0/0x0/0x0/0x0)
[3.474938] snd_hda_codec_realtek hdaudioC1D2:hp_outs=1 
(0x1b/0x0/0x0/0x0/0x0)
[3.474939] snd_hda_codec_realtek

Bug#1017039: 90overlay-root vs 90dmsquash-live

2022-08-14 Thread Laszlo 
On Sat, Aug 13, 2022 at 3:17 PM Thomas Lange  wrote:

> >>>>> On Fri, 12 Aug 2022 00:25:27 -0400, Laszlo 
> said:
>
> [...] overlay-root can mount a flat remote directory via NFS. Can
> dmsquash-live do this?
>

It can mount block devices but not yet NFS. Upstream dracut bug to track
this - https://github.com/dracutdevs/dracut/issues/1904

The syntax would be to use rd.live.overlay.overlayfs=1 (instead of
rootovl). I plan to follow-up if/when this is resolved upstream.

Thanks !

Bug#1017039: 90overlay-root vs 90dmsquash-live

2022-08-11 Thread Laszlo 
Package: dracut

I wanted to reach out to open a discussion about the maintenance
of 90overlay-root.

90overlay-root module is only maintained as part of the debian package and
not available in the upstream project -
https://github.com/dracutdevs/dracut/tree/master/modules.d

I believe that the functionality of 90overlay-root can be achieved with
the 90dmsquash-live module which is available upstream -
https://github.com/dracutdevs/dracut/tree/master/modules.d/90dmsquash-live

Would there be an interest for the debian dracut project to discuss relying
on 90dmsquash-live more ?

Best !
 Laszlo

Bug#973404: Same issue here

2020-11-10 Thread Laszlo KERTESZ 
Same issue. Debian testing, kernel 5.9, mic not showing up.
I enabled the 2 config options, compiled the standard kernel 5.9.1, mic is
working.

Bug#943654: anbox: GUI crashes after "starting"

2020-11-01 Thread Laszlo Frazer 
Package: anbox
Version: 0.0~git20200526-1+b2
Followup-For: Bug #943654
X-Debbugs-Cc: las...@laszlofrazer.com

Dear Maintainer,


   * What led up to the situation?

install anbox

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

 run 

 anbox session-manager

   * What was the outcome of this action?

   loading window appears for a while, disappears

   [session_manager.cpp:136@operator()] Failed to start as either binder or 
ashmem kernel drivers are not loaded

   * What outcome did you expect instead?

   session manager GUI

   Loading the modules with modprobe did not help.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.8.0-1-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_CRAP
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages anbox depends on:
ii  init-system-helpers 1.58
ii  iptables1.8.5-3
ii  libboost-filesystem1.71.0   1.71.0-7+b1
ii  libboost-iostreams1.71.01.71.0-7+b1
ii  libboost-log1.71.0  1.71.0-7+b1
ii  libboost-program-options1.71.0  1.71.0-7+b1
ii  libboost-thread1.71.0   1.71.0-7+b1
ii  libc6   2.31-4
ii  libegl1 1.3.2-1
ii  libgcc-s1   10.2.0-15
ii  libgles21.3.2-1
ii  liblxc1 1:4.0.4-5
ii  libprotobuf-lite23  3.12.3-2+b1
ii  libsdl2-2.0-0   2.0.12+dfsg1-4
ii  libsdl2-image-2.0-0 2.0.5+dfsg1-2
ii  libstdc++6  10.2.0-15
ii  libsystemd0 246.6-2
ii  lxc 1:4.0.4-5

Versions of packages anbox recommends:
ii  dbus-user-session  1.12.20-1

anbox suggests no packages.

-- no debconf information

Bug#973523: google-android-emulator-installer: No AVD manager, no AVD, no explanation of where to find these included

2020-11-01 Thread Laszlo Frazer 
Package: google-android-emulator-installer
Version: 30.0.12+1
Severity: important
X-Debbugs-Cc: las...@laszlofrazer.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

   installed google-android-emulator-installer

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

 run emumlator 

   * What was the outcome of this action?

   emulator: ERROR: No AVD specified. Use '@foo' or '-avd foo' to launch a 
virtual device named 'foo'

   * What outcome did you expect instead?

Package should depend on AVD Manager, I guess?  Or at least should tell
me what I need to do to obtain an AVD.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.8.0-1-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages google-android-emulator-installer depends on:
ii  build-essential12.8
ii  ca-certificates20200601
ii  debconf [debconf-2.0]  1.5.74
ii  dpkg-dev   1.20.5
ii  make   4.3-4
ii  po-debconf 1.0.21
ii  unzip  6.0-25
ii  wget   1.20.3-1+b3

google-android-emulator-installer recommends no packages.

google-android-emulator-installer suggests no packages.

-- debconf information:
* google-android-installers/mirror: https://dl.google.com

Bug#969638: gwyddion: Many modules (15) failed to register.

2020-09-06 Thread Laszlo Frazer 

Subject: gwyddion: Many modules (15) failed to register.
Package: gwyddion
Version: 2.55-3
Severity: grave
Justification: renders package unusable

Dear Maintainer,


   * What led up to the situation?

aptitude full-upgrade

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Started gwyddion (ineffective).

Followed instructions to remove modules and reinstall with aptitude.

   * What was the outcome of this action?

Almost all functions of Gwyddion missing from the menu.  Received message:

Many modules (15) failed to register.
Most likely Gwyddion was not upgraded correctly.  Instead, one installation was 
just overwritten with another, and now it is a mess.
Please remove completely the module directory
/usr/lib/x86_64-linux-gnu/gwyddion/modules
and reinstall Gwyddion.
See Info → Module Browser for specific errors.

This bug is also in Ubuntu and is known upstream.
https://bugs.launchpad.net/ubuntu/+source/gwyddion/+bug/1882441
http://gwyddion.net/#news-2020-07-12
2020-07-29: To get working Gwyddion packages in Ubuntu you can use the Gwyddion-SPM PPA instead of the broken distro packages (bug 1882441). The PPA 
also provides more current versions of Gwyddion.


2020-07-12: Gwyddion package in Ubuntu 20.04 (possibly other versions?) is broken, failing to load any modules at startup due to linking issue. See 
bug 1882441 in Launchpad. At present there is no known workaround aside for compilation from source code (as dscribed in the bug report).


   * What outcome did you expect instead?

Menu options present.  Thanks in advance!



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-1-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gwyddion depends on:
ii  gwyddion-common 2.55-3
ii  libc6   2.31-3
ii  libgdk-pixbuf2.0-0  2.40.0+dfsg-5
ii  libglib2.0-02.64.4-1
ii  libgomp110.2.0-6
ii  libgtk2.0-0 2.24.32-4
ii  libgtkglext11.2.0-9
ii  libgwyddion2-0  2.55-3
ii  libminizip1 1.1-8+b1
ii  libpng16-16 1.6.37-2
ii  libx11-62:1.6.10-3
ii  libxml2 2.9.10+dfsg-5+b1
ii  libxmu6 2:1.1.2-2+b3
ii  zlib1g  1:1.2.11.dfsg-2

gwyddion recommends no packages.

gwyddion suggests no packages.

-- no debconf information

Bug#933934: unmount bash completion complains about "awk: line 18: function gensub never defined"

2019-12-15 Thread Laszlo Fiat 
Hello,

The patch posted on 8 Aug, 2019 works OK.
It would be nice to either include the patch in Debian, or have the
dependency on gawk.

Bug#926889: unblock: graphviz/2.40.1-6

2019-04-11 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

Please unblock graphviz which fixes a vulnerability,
CVE-2018-10196 [1].
The debdiff which is attached contains some extra self-tests over the
fix.

Thanks for consideration,
Laszlo/GCS
[1] https://bugs.debian.org/898841
diff -Nru graphviz-2.40.1/debian/changelog graphviz-2.40.1/debian/changelog
--- graphviz-2.40.1/debian/changelog	2018-10-03 15:04:59.0 +
+++ graphviz-2.40.1/debian/changelog	2019-04-08 15:51:00.0 +
@@ -1,3 +1,10 @@
+graphviz (2.40.1-6) unstable; urgency=high
+
+  * Fix CVE-2018-10196: NULL pointer dereference in rebuild_vlists()
+(closes: #898841).
+
+ -- Laszlo Boszormenyi (GCS)   Mon, 08 Apr 2019 15:51:00 +
+
 graphviz (2.40.1-5) unstable; urgency=medium
 
   * Patch upstream _gv.so symlink creation (closes: #905209).
diff -Nru graphviz-2.40.1/debian/patches/CVE-2018-10196.patch graphviz-2.40.1/debian/patches/CVE-2018-10196.patch
--- graphviz-2.40.1/debian/patches/CVE-2018-10196.patch	1970-01-01 00:00:00.0 +
+++ graphviz-2.40.1/debian/patches/CVE-2018-10196.patch	2019-04-08 15:51:00.0 +
@@ -0,0 +1,605 @@
+diff --git a/configure.ac b/configure.ac
+index b0762993c299fcd3d9040aec19d99425132b42f2..6f743e9d23e072301bd94f58b3fb865fee804f0e 100644
+--- a/configure.ac
 b/configure.ac
+@@ -3363,6 +3363,7 @@ AC_CONFIG_FILES(Makefile
+   tests/unit_tests/lib/common/Makefile
+   tests/regression_tests/Makefile
+   tests/regression_tests/shapes/Makefile
++	tests/regression_tests/vuln/Makefile
+ 	share/Makefile
+ 	share/examples/Makefile
+ 	share/gui/Makefile
+diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c
+index dd13e936bf25d17d8baa5b3b9e089cff35c502fe..f7307d23b3ff9151b283c9b045892a80c0d6c055 100644
+--- a/lib/dotgen/conc.c
 b/lib/dotgen/conc.c
+@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g)
+ 
+ for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
+ 	lead = GD_rankleader(g)[r];
+-	if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
++	if (lead == NULL) {
++		agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r);
++		longjmp(jbuf, 1);
++	}
++	else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
+ 	agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n", 
+ 		agnameof(lead), ND_order(lead), r);
+ 	longjmp(jbuf, 1);
+diff --git a/tests/regression_tests/Makefile.am b/tests/regression_tests/Makefile.am
+index c375449ad3f30834eb10b19a6174977354d41230..c472181c13387de9c579f533e17d1a749fb0b534 100644
+--- a/tests/regression_tests/Makefile.am
 b/tests/regression_tests/Makefile.am
+@@ -1 +1 @@
+-SUBDIRS = shapes
++SUBDIRS = shapes vuln
+diff --git a/tests/regression_tests/vuln/Makefile.am b/tests/regression_tests/vuln/Makefile.am
+new file mode 100644
+index ..e58fc3cde6384a581914f92edcacd815f4738e80
+--- /dev/null
 b/tests/regression_tests/vuln/Makefile.am
+@@ -0,0 +1,2 @@
++check test rtest:
++	python vuln.py
+diff --git a/tests/regression_tests/vuln/input/nullderefrebuildlist.dot b/tests/regression_tests/vuln/input/nullderefrebuildlist.dot
+new file mode 100644
+index ..31a15a1dad27aa8a34bd47b297eb02bfdf1a6f9c
+--- /dev/null
 b/tests/regression_tests/vuln/input/nullderefrebuildlist.dot
+@@ -0,0 +1,55 @@
++digraph G {
++graph [concentrate=true];
++
++routine1;
++routine2;
++
++rfontsize=9;
++nodesep="0.4";
++ranksep="0.4";
++node [fontname=Arial, fontsize=9, shape=box];
++subgraph clustere3ffa58211d69e3db000538bf02fa1d0 { 
++label = "DriveCom Z";
++Ie3ffa58211d69e3db000538bf02fa1d0 [label="", shape=circle, style=filled, color=black, width=.2];
++Se3ffa4bf11d69e3db000538bf02fa1d0 [label="Idle"];
++Se3ffa7b011d69e3db000538bf02fa1d0 [label="Disabled"];
++subgraph clustere3ffa77611d69e3db000538bf02fa1d0 { 
++label = "Active";
++Ie3ffa77611d69e3db000538bf02fa1d0 [label="", shape=circle, style=filled, color=black, width=.2];
++Se3€fa84b11d69e3db000538bf02fa1d0 [label="Undefined"];
++Se3ffa60811d69e3db000538bf02fa1d0 [label="Wait Switch On Inhibit"];
++Se3ffa87211d69e3db000538bf02fa1d0 [label="Switch On Inhibit"];
++Se3ffa65611d69e3db000538bf02fa1d0 [label="Wait Ready To Switch On"];
++Se3ffa61c11d69e3db000538bf02fa1d0 [label="Ready To Switch On"];
++Se3ffa53211d69e3db000538bf02fa1d0 [label="Wait Switched On"];
++Se3ffa8ac11d69e3db000538bf02fa1d0 [label="Switched On"];
++Se3ffa83711d69e3db000538bf02fa1d0 [label="Wait Operation Enabled"];
++Se3ffa81011d69e3db000538bf02fa1d0

Bug#926002: unblock: zeromq3/4.3.1-4

2019-03-30 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

Unfortunately upstream of zeromq3 broke GSSAPI detection[1] in the
configure phase. It went undetected and now zeromq3 for Buster doesn't
have GSSAPI support and this is a regression since Stretch.

Luca Boccassi who is not just our fellow DD but also upstream fixed it
with a small patch. Full debdiff is attached. Please let it migrate to
Buster and have the same functionality available that's in Stretch.

Thanks for consideration,
Laszlo/GCS
[1] https://bugs.debian.org/925914
diff -Nru zeromq3-4.3.1/debian/changelog zeromq3-4.3.1/debian/changelog
--- zeromq3-4.3.1/debian/changelog	2019-01-26 12:49:45.0 +
+++ zeromq3-4.3.1/debian/changelog	2019-03-28 16:37:09.0 +
@@ -1,3 +1,10 @@
+zeromq3 (4.3.1-4) unstable; urgency=medium
+
+  [ Luca Boccassi  ]
+  * Fix GSSAPI support build (closes: #925914).
+
+ -- Laszlo Boszormenyi (GCS)   Thu, 28 Mar 2019 16:37:09 +
+
 zeromq3 (4.3.1-3) unstable; urgency=medium
 
   [ Luca Boccassi  ]
diff -Nru zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch
--- zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch	1970-01-01 00:00:00.0 +
+++ zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch	2019-03-28 16:37:09.0 +
@@ -0,0 +1,30 @@
+Author: Luca Boccassi 
+Description: gssapi pkg-config check in configure.ac does not work
+ correctly enable the definition in platform.hpp so that the
+ gssapi support is actually built in if requested and available.
+Origin: https://github.com/zeromq/libzmq/pull/3361
+--- a/configure.ac
 b/configure.ac
+@@ -472,16 +472,20 @@
+ # conditionally require libgssapi_krb5
+ if test "x$require_libgssapi_krb5_ext" != "xno"; then
+ PKG_CHECK_MODULES([gssapi_krb5], [krb5-gssapi], [
++have_gssapi_library="yes"
+ PKGCFG_NAMES_PRIVATE="$PKGCFG_NAMES_PRIVATE krb5-gssapi"
+ ], [
+ AC_CHECK_HEADERS(gssapi/gssapi_generic.h)
+ AC_SEARCH_LIBS([gss_init_sec_context], [gssapi_krb5 gssapi],
+-AC_DEFINE(HAVE_LIBGSSAPI_KRB5, [1], [Enabled GSSAPI security]),
++have_gssapi_library="yes",
+ AC_MSG_ERROR(libgssapi_krb5 is needed for GSSAPI security))
+ PKGCFG_LIBS_PRIVATE="$PKGCFG_LIBS_PRIVATE -lgssapi_krb5"
+ ])
+ fi
+-AM_CONDITIONAL(BUILD_GSSAPI, test "x$require_libgssapi_krb5_ext" != "xno")
++if test "x$have_gssapi_library" = "xyes"; then
++AC_DEFINE(HAVE_LIBGSSAPI_KRB5, [1], [Enabled GSSAPI security])
++fi
++AM_CONDITIONAL(BUILD_GSSAPI, test "x$have_gssapi_library" = "xyes")
+ 
+ # Select curve encryption library, defaults to tweetnacl
+ # To use libsodium instead, use --with-libsodium (must be installed)
diff -Nru zeromq3-4.3.1/debian/patches/series zeromq3-4.3.1/debian/patches/series
--- zeromq3-4.3.1/debian/patches/series	2019-01-26 12:49:45.0 +
+++ zeromq3-4.3.1/debian/patches/series	2019-03-28 16:37:09.0 +
@@ -3,3 +3,4 @@
 test_hardcoded_ipc_path.patch
 ppc64_atomic_intrinsics.patch
 test_pair_ipc_hurd.patch
+gssapi_pkgconfig.patch

Bug#918308: transition: botan

2019-01-04 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi RMs,

It's a small transition with only three packages: biboumi,
libqtshadowsocks and qtcreator. All three build fine with
this botan release as well.
It is also needed for proper upstream support for building botan
for armel/armhf on arm64 machines[1].

Thanks,
Laszlo/GCS
[1] https://bugs.debian.org/916970

Bug#915627: iptables: ip6tables-restore v1.8.2 (nf_tables): unknown option "--icmpv6-type" Error occurred at line: 38

2018-12-05 Thread Patrik Laszlo 
Package: iptables
Version: 1.8.2-2
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
I cannot use UFW, because as the subject says unknown option "--icmpv6-type".

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
After I updated everything to up to date in Debian Testing/Buster, I cannot use 
the UFW anymore.
ufw disable && ufw enable give that error

   * What was the outcome of this action?
UFW is not working now

   * What outcome did you expect instead?
It has been using the last 3 years with no problem with UFW


*** End of the template - remove these template lines ***


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages iptables depends on:
ii  libc62.27-8
ii  libip4tc01.8.2-2
ii  libip6tc01.8.2-2
ii  libiptc0 1.8.2-2
ii  libmnl0  1.0.4-2
ii  libnetfilter-conntrack3  1.0.7-1
ii  libnfnetlink01.0.1-3+b1
ii  libnftnl71.1.1-1
ii  libxtables12 1.8.2-2

iptables recommends no packages.

Versions of packages iptables suggests:
ii  kmod  25-2

-- no debconf information

Bug#912853: transition: icu

2018-11-04 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi RMs,

I'd like to upload ICU 63.1 which was recently released for Buster.
The packaging already bootstrapped with icu-le-hb (Layout Engine using
the HarfBuzz library) in experimental.
Rebuilding of dependent packages are in progress. I can report the
following so far.
Level 1
widelands FTBFS, but I've a patch.

Level 2
boost1.63 FTBFS due to an unrelated, Pyhon 3.7 problem probably
related to the already reported case in #902921 [1].
I think it's going to be removed thus didn't investigated further.

hfst-ospell FTBFS and while I've a patch, it's already fixed in its
new, 0.5.1 release.

mozjs60 FTBFS due to an unrelated problem, confirmed in a clean Sid
environment as well.

nodejs FTBFS on x86 only and while I've a patch it will still fail to
build due to its test suite problems already reported in #902512 [2].

openttd FTBFS on x86 only and upstream has a patch that can be
backported easily.

Other packages are in build testing. I don't expect too much problems
and fixing build failures are quite easy.

This has to be done with the Boost 1.67 transition which is already
scheduled. I don't think this would delay that too much as my testing
is done with the ICU transitioned boost1.67 package and boost-defaults
set to it.
It seems more and more applications start to use it as their ICU
dependency for Unicode 11.0 support including Firefox and Chromium
browser.
Would be nice if Buster can be shipped with this ICU release.

Regards,
Laszlo/GCS
[1] https://bugs.debian.org/902921
[2] https://bugs.debian.org/902512

Bug#904216: ITP: fuse3 -- Filesystem in Userspace (3.x version)

2018-07-21 Thread Laszlo Boszormenyi (GCS) 
Package: wnpp
Severity: wishlist
Owner: Laszlo Boszormenyi (GCS) 

* Package name: fuse3
  Version : 3.2.4
  Upstream Author : Nikolaus Rath 
* URL : https://github.com/libfuse/libfuse/wiki
* License : GPL-2, LGPL-2.1
  Programming Lang: C
  Description : Filesystem in Userspace (3.x version)

 Filesystem in Userspace (FUSE) is a simple interface for userspace
 programs to export a virtual filesystem to the Linux kernel. It also
 aims to provide a secure method for non privileged users to create
 and mount their own filesystem implementations.

Bug#903457:

2018-07-10 Thread Laszlo Boszormenyi (GCS) 
forcemerge 903145 903457
thanks

On Tue, 2018-07-10 at 10:57 +0200, Michal Arbet wrote:
> When package is installing , these errors appears below  .. : 
[...]
> These is caused because of python 3.7 where async is reserved
> python3.7 keyword.
> Please , could you fix and upload new revision ? 
 Already reported, merging the bugs.

Bug#903457:

2018-07-10 Thread Laszlo Boszormenyi (GCS) 
Control: retitle -1 python3-gevent: Package fails to install in a Python3.7 
environment
Control: severity -1 grave
Control: tags -1 +pending upstream buster sid
Control: merge -1 903145

On Tue, 2018-07-10 at 10:57 +0200, Michal Arbet wrote:
> When package is installing , these errors appears below  .. : 
> 
> 
> Setting up python3-gevent (1.2.2-2) ...
>   File "/usr/lib/python3/dist-packages/gevent/libev/corecffi.py",
> line 601
> def async(self, ref=True, priority=None):
> ^
> SyntaxError: invalid syntax
> 
>   File "/usr/lib/python3/dist-packages/gevent/threadpool.py", line
> 281
> self.async = hub.loop.async()
>  ^
> SyntaxError: invalid syntax
> 
> 
> 
> These is caused because of python 3.7 where async is reserved
> python3.7 keyword.
> Please , could you fix and upload new revision ? 
 This is in progress and will happen soon.

Bug#897165: transition: botan

2018-04-29 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Dear Release Team,

A small, incremental transition of botan 2.4 -> 2.6 as the dependent
packages are only biboumi and qtcreator. Both build fine with it.

Two things to note. For sixteen days it's still doesn't scheduled to
build on armhf, but I don't think it would have any problem. Then it
failed to build on armel due to an unrelated problem. I've already
requested a give-back just in case.

Regards,
Laszlo/GCS

Bug#895936: stretch-pu: package patch/2.7.5-1+deb9u1

2018-04-17 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi SRMs,

I'd like to fix CVE-2018-1000156 in patch for Stretch, which is an
arbitrary command execution in ed-style patches.
While it might be used for remote compromise, it would need a setup to
accept patches unconditionally. But then an attacker has an easy path
already to insert vulnerable code to source files or JavaScript
injection to HTML pages, etc. Hence it doesn't warrant a DSA on its
own, but would be good to fix in a point release.

Thanks for considering,
Laszlo/GCSdiff -Nru patch-2.7.5/debian/changelog patch-2.7.5/debian/changelog
--- patch-2.7.5/debian/changelog	2015-03-07 06:38:30.0 +
+++ patch-2.7.5/debian/changelog	2018-04-16 20:48:43.0 +
@@ -1,3 +1,10 @@
+patch (2.7.5-1+deb9u1) stretch; urgency=medium
+
+  * Fix CVE-2018-1000156: arbitrary command execution in ed-style patches
+(closes: #894993).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 16 Apr 2018 20:48:43 +
+
 patch (2.7.5-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch
--- patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch	1970-01-01 00:00:00.0 +
+++ patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch	2018-04-16 20:48:43.0 +
@@ -0,0 +1,237 @@
+From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agr...@gnu.org>
+Date: Fri, 6 Apr 2018 12:14:49 +0200
+Subject: Fix arbitrary command execution in ed-style patches
+ (CVE-2018-1000156)
+
+* src/pch.c (do_ed_script): Write ed script to a temporary file instead
+of piping it to ed: this will cause ed to abort on invalid commands
+instead of rejecting them and carrying on.
+* tests/ed-style: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+---
+ src/pch.c | 91 ---
+ tests/Makefile.am |  1 +
+ tests/ed-style| 41 +
+ 3 files changed, 108 insertions(+), 25 deletions(-)
+ create mode 100644 tests/ed-style
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
 b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include 
+ #endif
+ #include 
++#include 
+ 
+ #define INITHUNKMAX 125			/* initial dynamic allocation size */
+ 
+@@ -2387,22 +2387,28 @@ do_ed_script (char const *inname, char c
+ static char const editor_program[] = EDITOR_PROGRAM;
+ 
+ file_offset beginning_of_this_line;
+-FILE *pipefp = 0;
+ size_t chars_read;
++FILE *tmpfp = 0;
++char const *tmpname;
++int tmpfd;
++pid_t pid;
++
++if (! dry_run && ! skip_rest_of_patch)
++  {
++	/* Write ed script to a temporary file.  This causes ed to abort on
++	   invalid commands such as when line numbers or ranges exceed the
++	   number of available lines.  When ed reads from a pipe, it rejects
++	   invalid commands and treats the next line as a new command, which
++	   can lead to arbitrary command execution.  */
++
++	tmpfd = make_tempfile (, 'e', NULL, O_RDWR | O_BINARY, 0);
++	if (tmpfd == -1)
++	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
++	tmpfp = fdopen (tmpfd, "w+b");
++	if (! tmpfp)
++	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
++  }
+ 
+-if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	assert (! inerrno);
+-	*outname_needs_removal = true;
+-	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+-	fflush (stdout);
+-	pipefp = popen(buf, binary_transput ? "wb" : "w");
+-	if (!pipefp)
+-	  pfatal ("Can't open pipe to %s", quotearg (buf));
+-}
+ for (;;) {
+ 	char ed_command_letter;
+ 	beginning_of_this_line = file_tell (pfp);
+@@ -2413,14 +2418,14 @@ do_ed_script (char const *inname, char const *outname,
+ 	}
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+-	if (pipefp)
+-		if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++	if (tmpfp)
++		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 		write_fatal ();
+ 	if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ 	p_pass_comments_through = true;
+ 		while ((chars_read = get_line ()) != 0) {
+-		if (pipefp)
+-			if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++		if (tmpfp)
++			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 			write_fatal ();
+ 		if (chars_read == 2  &&  strEQ (buf, ".\n&

Bug#895935: jessie-pu: package patch/2.7.5-1+deb8u1

2018-04-17 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi OSRMs,

I'd like to fix CVE-2018-1000156 in patch for Jessie, which is an
arbitrary command execution in ed-style patches.
While it might be used for remote compromise, it would need a setup to
accept patches unconditionally. But then an attacker has an easy path
already to insert vulnerable code to source files or JavaScript
injection to HTML pages, etc. Hence it doesn't warrant a DSA on its
own, but would be good to fix in a point release.

Thanks for considering,
Laszlo/GCSdiff -Nru patch-2.7.5/debian/changelog patch-2.7.5/debian/changelog
--- patch-2.7.5/debian/changelog	2015-03-07 06:38:30.0 +
+++ patch-2.7.5/debian/changelog	2018-04-16 20:48:14.0 +
@@ -1,3 +1,10 @@
+patch (2.7.5-1+deb8u1) jessie; urgency=medium
+
+  * Fix CVE-2018-1000156: arbitrary command execution in ed-style patches
+(closes: #894993).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 16 Apr 2018 20:48:14 +
+
 patch (2.7.5-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru patch-2.7.5/debian/control patch-2.7.5/debian/control
--- patch-2.7.5/debian/control	2015-03-07 06:33:14.0 +
+++ patch-2.7.5/debian/control	2018-04-16 20:48:14.0 +
@@ -2,7 +2,7 @@
 Section: vcs
 Priority: standard
 Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
-Build-Depends: debhelper (>= 7), ed
+Build-Depends: debhelper (>= 7), ed, autoconf, automake
 Standards-Version: 3.9.6
 Homepage: http://savannah.gnu.org/projects/patch/
 Vcs-Git: git://git.debian.org/collab-maint/patch.git
diff -Nru patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch
--- patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch	1970-01-01 00:00:00.0 +
+++ patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch	2018-04-16 20:48:14.0 +
@@ -0,0 +1,237 @@
+From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agr...@gnu.org>
+Date: Fri, 6 Apr 2018 12:14:49 +0200
+Subject: Fix arbitrary command execution in ed-style patches
+ (CVE-2018-1000156)
+
+* src/pch.c (do_ed_script): Write ed script to a temporary file instead
+of piping it to ed: this will cause ed to abort on invalid commands
+instead of rejecting them and carrying on.
+* tests/ed-style: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+---
+ src/pch.c | 91 ---
+ tests/Makefile.am |  1 +
+ tests/ed-style| 41 +
+ 3 files changed, 108 insertions(+), 25 deletions(-)
+ create mode 100644 tests/ed-style
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
 b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include 
+ #endif
+ #include 
++#include 
+ 
+ #define INITHUNKMAX 125			/* initial dynamic allocation size */
+ 
+@@ -2387,22 +2387,28 @@ do_ed_script (char const *inname, char c
+ static char const editor_program[] = EDITOR_PROGRAM;
+ 
+ file_offset beginning_of_this_line;
+-FILE *pipefp = 0;
+ size_t chars_read;
++FILE *tmpfp = 0;
++char const *tmpname;
++int tmpfd;
++pid_t pid;
++
++if (! dry_run && ! skip_rest_of_patch)
++  {
++	/* Write ed script to a temporary file.  This causes ed to abort on
++	   invalid commands such as when line numbers or ranges exceed the
++	   number of available lines.  When ed reads from a pipe, it rejects
++	   invalid commands and treats the next line as a new command, which
++	   can lead to arbitrary command execution.  */
++
++	tmpfd = make_tempfile (, 'e', NULL, O_RDWR | O_BINARY, 0);
++	if (tmpfd == -1)
++	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
++	tmpfp = fdopen (tmpfd, "w+b");
++	if (! tmpfp)
++	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
++  }
+ 
+-if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	assert (! inerrno);
+-	*outname_needs_removal = true;
+-	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+-	fflush (stdout);
+-	pipefp = popen(buf, binary_transput ? "wb" : "w");
+-	if (!pipefp)
+-	  pfatal ("Can't open pipe to %s", quotearg (buf));
+-}
+ for (;;) {
+ 	char ed_command_letter;
+ 	beginning_of_this_line = file_tell (pfp);
+@@ -2413,14 +2418,14 @@ do_ed_script (char const *inname, char const *outname,
+ 	}
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+-	if (pipefp)
+-		if (! fwrite (bu

Bug#885775: It seems it is not related to apparmor

2018-01-11 Thread Laszlo KERTESZ 
On Thu, 11 Jan 2018 13:27:00 +0100 intrigeri <intrig...@debian.org> wrote:
> Control: reassign -1 linux-image-4.14.0-2-amd64
> Control: found -1 4.14.7-1
>
> Laszlo KERTESZ:
> > So it happened again with no apparmor loaded.Twice.
>
> Thanks for reporting! I'm therefore reassigning this bug to the
> affected Linux kernel package.
>
> Cheers,
> --
> intrigeri
>
>

Yes, that seems to be the most likely candidate.
Since then i installed the unstable kernel 4.14.12-2 and had no issues
since on my desktop system (AMD A8-6500 CPU, F2A88X-D3H mobo). There was
even a systemd update since and no freeze.
Although i had a freeze during an apt upgrade with the 4.14.12-2 on an
update on my work laptop (i7-7820hk cpu, Dell Precision 3520). Did not have
time to check the logs yet.

Bug#885775: It seems it is not related to apparmor

2017-12-30 Thread Laszlo KERTESZ 
So it happened again with no apparmor loaded.Twice.

I had some packages to update, i believe it was kodi, and the system froze.
Restarted, it froze again when i ran dkg --configure -a and aptitude
upgrade again.
Every time the logs show systemd reloading before the freeze.
Difference is that now there is a kernel warning before it happens.

Additionally:
I have a libvirt virtual machine running in the background. First time it
was running the usual way. The second time (after restart) i stopped the
machine
and started another one that is not used anymore for anything. The system
froze again.
After restart i only stopped the machine, no virtual machine was running.
With the kernel 4.14 i managed to finish the update.
At this point i'm not sure this is a coincidence or not.

I assume this bug report is not Apparmor-related, i assume it should belong
to the kernel, systemd or even libvirt? If you guys look at the logs maybe
you can come with a more educated guess.


This time the logs show a kernel warning before the freeze (details below).

First freeze:

Dec 31 07:41:36 laca-desktop systemd[1]: Reloading.
Dec 31 07:41:36 laca-desktop kernel: [ cut here ]
Dec 31 07:41:36 laca-desktop kernel: WARNING: CPU: 3 PID: 1 at
/build/linux-NHzxYj/linux-4.14.7/kernel/fork.c:419
__put_task_struct+0xf0/0x150
Dec 31 07:41:36 laca-desktop kernel: Modules linked in: ufs qnx4 hfsplus
hfs minix ntfs vfat msdos fat jfs xfs dm_mod fuse vhost_net vhost tap ebtab
Dec 31 07:41:36 laca-desktop kernel:  snd_hda_codec_hdmi sp5100_tco radeon
snd_hda_intel ttm snd_hda_codec snd_hda_core snd_hwdep drm_kms_helper snd
Dec 31 07:41:36 laca-desktop kernel: CPU: 3 PID: 1 Comm: systemd Tainted:
G   O4.14.0-2-amd64 #1 Debian 4.14.7-1
Dec 31 07:41:36 laca-desktop kernel: Hardware name: Gigabyte Technology
Co., Ltd. To be filled by O.E.M./F2A88X-D3H, BIOS F5 05/28/2014
Dec 31 07:41:36 laca-desktop kernel: task: 963b2d60d040 task.stack:
a872818b8000
Dec 31 07:41:36 laca-desktop kernel: RIP: 0010:__put_task_struct+0xf0/0x150
Dec 31 07:41:36 laca-desktop kernel: RSP: 0018:a872818bbda0 EFLAGS:
00010246
Dec 31 07:41:36 laca-desktop kernel: RAX:  RBX:
963b2aae0610 RCX: 0001
Dec 31 07:41:36 laca-desktop kernel: RDX: a872818bbe40 RSI:
963b2aae0610 RDI: 963b2aae0610
Dec 31 07:41:36 laca-desktop kernel: RBP: a872818bbdb0 R08:
1000 R09: 000d
Dec 31 07:41:36 laca-desktop kernel: R10: 0020 R11:
96381d9a900c R12: a872818bbf18
Dec 31 07:41:36 laca-desktop kernel: R13: 963af6cfe300 R14:
963b2aae0610 R15: 963967be1400
Dec 31 07:41:36 laca-desktop kernel: FS:  7f55a07a7980()
GS:963b3ed8() knlGS:
Dec 31 07:41:36 laca-desktop kernel: CS:  0010 DS:  ES:  CR0:
80050033
Dec 31 07:41:36 laca-desktop kernel: CR2: 55fe8ce02068 CR3:
000429ab8000 CR4: 000406e0
Dec 31 07:41:36 laca-desktop kernel: Call Trace:
Dec 31 07:41:36 laca-desktop kernel:  css_task_iter_next+0x74/0x80
Dec 31 07:41:36 laca-desktop kernel:  cgroup_procs_next+0x16/0x20
Dec 31 07:41:36 laca-desktop kernel:  cgroup_seqfile_next+0x1a/0x20
Dec 31 07:41:36 laca-desktop kernel:  kernfs_seq_next+0x27/0x60
Dec 31 07:41:36 laca-desktop kernel:  seq_read+0x2ce/0x3f0
Dec 31 07:41:36 laca-desktop kernel:  kernfs_fop_read+0x134/0x180
Dec 31 07:41:36 laca-desktop kernel:  ? security_file_permission+0x9b/0xc0
Dec 31 07:41:36 laca-desktop kernel:  __vfs_read+0x18/0x40
Dec 31 07:41:36 laca-desktop kernel:  vfs_read+0x8e/0x130
Dec 31 07:41:36 laca-desktop kernel:  SyS_read+0x55/0xc0
Dec 31 07:41:36 laca-desktop kernel:  system_call_fast_compare_end+0xc/0x97
Dec 31 07:41:36 laca-desktop kernel: RIP: 0033:0x7f55a00fe75d
Dec 31 07:41:36 laca-desktop kernel: RSP: 002b:7ffc2b9ac470 EFLAGS:
0293 ORIG_RAX: 
Dec 31 07:41:36 laca-desktop kernel: RAX: ffda RBX:
563a52159160 RCX: 7f55a00fe75d
Dec 31 07:41:36 laca-desktop kernel: RDX: 1000 RSI:
563a521c2cd0 RDI: 001c
Dec 31 07:41:36 laca-desktop kernel: RBP: 7f55a03ba440 R08:
7f55a03be188 R09: 1010
Dec 31 07:41:36 laca-desktop kernel: R10: 0020 R11:
0293 R12: 
Dec 31 07:41:36 laca-desktop kernel: R13:  R14:
001c R15: 563a521bd8f0
Dec 31 07:41:36 laca-desktop kernel: Code: 49 8b 94 24 d8 03 00 00 48 85 d2
74 06 f0 ff 4a 5c 74 2c 48 8b 3d 29 42 e5 00 4c 89 e6 e8 c9 a7 19 00 eb
Dec 31 07:41:36 laca-desktop kernel: ---[ end trace 0853c081f1f42500 ]---
Dec 31 07:41:36 laca-desktop kernel: BUG: unable to handle kernel NULL
pointer dereference at 00b0
Dec 31 07:41:36 laca-desktop kernel: IP: pids_free+0x15/0x40
Dec 31 07:41:36 laca-desktop kernel: PGD 0 P4D 0
Dec 31 07:41:36 laca-desktop kernel: Oops:  [#1] SMP
Dec 31 07:41:36 laca-desktop kernel: Modules linked in: ufs qnx4 hfsplus
hfs minix

Bug#885775: apparmor: Apparmor triggers NULL pointer dereference in kernel 4.14.7-1 when updating with aptitude

2017-12-29 Thread Kertesz Laszlo 
Package: apparmor
Version: 2.11.1-4
Severity: important

Dear Maintainer,


   * What led up to the situation?
Installed kernel 4.14 in Debian Testing and ever since at every upgrade 
where systemd or other important 
packages were upgraded the system froze with the last 2 lines in the 
system log:

Dec 29 21:25:26 laca-desktop kernel: BUG: unable to handle kernel NULL 
pointer dereference at 0005
Dec 29 21:25:26 laca-desktop kernel: IP: __task_pid_nr_ns+0xc7/0xf0

The system became unresponsive, not even the sysrq combinations were 
working
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Restarted ran dpkg --configure -a and every time the system froze
Booting with the 4.13 kernel was fine, dpkg finished its run

At the next upgrade i still got the freeze, after reboot i disabled the 
kernel security features with the kernel command line security=false

   * What was the outcome of this action?
dpkg was working fine with the kernel 4.14 too


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.65
ii  libc6  2.25-5
ii  lsb-base   9.20170808
ii  python33.6.4~rc1-2

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii  apparmor-profiles2.11.1-4
pn  apparmor-profiles-extra  
ii  apparmor-utils   2.11.1-4

-- debconf information excluded

Bug#877640: stretch-pu: package sqlite3/3.16.2-5+deb9u1

2017-10-03 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi SRMs,

I'd like to fix CVE-2017-10989 in SQLite3 for Stretch, which is a
heap-based buffer over-read via undersized RTree blobs.
It's considered remotely exploitable, still marked as no-DSA by the
Security Team. Still, worth fixing via the point update, proposed patch
is attached.

Thanks for considering,
Laszlo/GCSdiff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog
--- sqlite3-3.16.2/debian/changelog	2017-06-08 22:07:42.0 +
+++ sqlite3-3.16.2/debian/changelog	2017-10-03 16:13:44.0 +
@@ -1,3 +1,10 @@
+sqlite3 (3.16.2-5+deb9u1) stretch; urgency=medium
+
+  * Fix CVE-2017-10989 , heap-based buffer over-read via undersized RTree 
+blobs (closes: #867618).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Tue, 03 Oct 2017 16:13:44 +
+
 sqlite3 (3.16.2-5) unstable; urgency=medium
 
   * Backport fix for corruption due to REPLACE in an auto-vacuumed database.
diff -Nru sqlite3-3.16.2/debian/patches/51-CVE-2017-10989.patch sqlite3-3.16.2/debian/patches/51-CVE-2017-10989.patch
--- sqlite3-3.16.2/debian/patches/51-CVE-2017-10989.patch	1970-01-01 00:00:00.0 +
+++ sqlite3-3.16.2/debian/patches/51-CVE-2017-10989.patch	2017-10-03 16:13:44.0 +
@@ -0,0 +1,47 @@
+Index: sqlite3/ext/rtree/rtree.c
+==
+--- sqlite3/ext/rtree/rtree.c
 sqlite3/ext/rtree/rtree.c
+@@ -3207,10 +3207,14 @@
+ pRtree->zDb, pRtree->zName
+ );
+ rc = getIntFromStmt(db, zSql, >iNodeSize);
+ if( rc!=SQLITE_OK ){
+   *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
++}else if( pRtree->iNodeSize<(512-64) ){
++  rc = SQLITE_CORRUPT;
++  *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"",
++   pRtree->zName);
+ }
+   }
+ 
+   sqlite3_free(zSql);
+   return rc;
+
+Index: sqlite3/ext/rtree/rtreeA.test
+==
+--- sqlite3/ext/rtree/rtreeA.test
 sqlite3/ext/rtree/rtreeA.test
+@@ -213,8 +213,21 @@
+ } {}
+ do_corruption_tests rtreeA-6.1 {
+   1   "DELETE FROM t1 WHERE rowid = 5"
+   2   "UPDATE t1 SET x1=x1+1, x2=x2+1"
+ }
++
++#-
++# Truncated blobs in the _node table.
++#
++create_t1
++populate_t1
++sqlite3 db test.db
++do_execsql_test rtreeA-7.100 { 
++  UPDATE t1_node SET data=x'' WHERE rowid=1;
++} {}
++do_catchsql_test rtreeA-7.110 {
++  SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100;
++} {1 {undersize RTree blobs in "t1_node"}}
+ 
+ 
+ finish_test
+
diff -Nru sqlite3-3.16.2/debian/patches/series sqlite3-3.16.2/debian/patches/series
--- sqlite3-3.16.2/debian/patches/series	2017-06-08 22:07:42.0 +
+++ sqlite3-3.16.2/debian/patches/series	2017-10-03 16:13:44.0 +
@@ -13,3 +13,4 @@
 42-JSON-2_2.patch
 43-JSON-3.patch
 50-REPLACE_corruption_fix.patch
+51-CVE-2017-10989.patch

Bug#877639: jessie-pu: package sqlite3/3.8.7.1-1+deb8u3

2017-10-03 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi SRMs,

I'd like to fix CVE-2017-10989 in SQLite3 for Jessie, which is a
heap-based buffer over-read via undersized RTree blobs.
It's considered remotely exploitable, still marked as no-DSA by the
Security Team. Still, worth fixing via the point update, proposed patch
is attached.

Thanks for considering,
Laszlo/GCSdiff -Nru sqlite3-3.8.7.1/debian/changelog sqlite3-3.8.7.1/debian/changelog
--- sqlite3-3.8.7.1/debian/changelog	2016-08-25 16:10:24.0 +
+++ sqlite3-3.8.7.1/debian/changelog	2017-10-03 16:13:42.0 +
@@ -1,3 +1,10 @@
+sqlite3 (3.8.7.1-1+deb8u3) jessie; urgency=medium
+
+  * Fix CVE-2017-10989 , heap-based buffer over-read via undersized RTree
+blobs (closes: #867618).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Tue, 03 Oct 2017 16:13:42 +
+
 sqlite3 (3.8.7.1-1+deb8u2) jessie; urgency=medium
 
   * Fix CVE-2016-6153 , Tempdir Selection Vulnerability.
diff -Nru sqlite3-3.8.7.1/debian/patches/51-CVE-2017-10989.patch sqlite3-3.8.7.1/debian/patches/51-CVE-2017-10989.patch
--- sqlite3-3.8.7.1/debian/patches/51-CVE-2017-10989.patch	1970-01-01 00:00:00.0 +
+++ sqlite3-3.8.7.1/debian/patches/51-CVE-2017-10989.patch	2017-10-03 16:13:42.0 +
@@ -0,0 +1,47 @@
+Index: sqlite3/ext/rtree/rtree.c
+==
+--- sqlite3/ext/rtree/rtree.c
 sqlite3/ext/rtree/rtree.c
+@@ -3131,10 +3131,14 @@
+ pRtree->zDb, pRtree->zName
+ );
+ rc = getIntFromStmt(db, zSql, >iNodeSize);
+ if( rc!=SQLITE_OK ){
+   *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
++}else if( pRtree->iNodeSize<(512-64) ){
++  rc = SQLITE_CORRUPT;
++  *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"",
++   pRtree->zName);
+ }
+   }
+ 
+   sqlite3_free(zSql);
+   return rc;
+
+Index: sqlite3/ext/rtree/rtreeA.test
+==
+--- sqlite3/ext/rtree/rtreeA.test
 sqlite3/ext/rtree/rtreeA.test
+@@ -213,8 +213,21 @@
+ } {}
+ do_corruption_tests rtreeA-6.1 {
+   1   "DELETE FROM t1 WHERE rowid = 5"
+   2   "UPDATE t1 SET x1=x1+1, x2=x2+1"
+ }
++
++#-
++# Truncated blobs in the _node table.
++#
++create_t1
++populate_t1
++sqlite3 db test.db
++do_execsql_test rtreeA-7.100 { 
++  UPDATE t1_node SET data=x'' WHERE rowid=1;
++} {}
++do_catchsql_test rtreeA-7.110 {
++  SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100;
++} {1 {undersize RTree blobs in "t1_node"}}
+ 
+ 
+ finish_test
+
diff -Nru sqlite3-3.8.7.1/debian/patches/series sqlite3-3.8.7.1/debian/patches/series
--- sqlite3-3.8.7.1/debian/patches/series	2016-08-25 16:10:24.0 +
+++ sqlite3-3.8.7.1/debian/patches/series	2017-10-03 16:13:42.0 +
@@ -13,3 +13,4 @@
 46-CVE-2016-6153_part2.patch
 47-CVE-2016-6153_part3.patch
 50-fix_in-memory_journal.patch
+51-CVE-2017-10989.patch

Bug#865670: php7.0-fpm: The timezone Europe/Budapest is not working anymore. Europe/Paris works.

2017-06-23 Thread Patrik Laszlo 
Package: php7.0-fpm
Version: 7.0.20-2
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Is updated apt update && apt upgrade to the latest PHP and all my programs 
stopped.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
 just updated PHP. 

   * What was the outcome of this action?
root@server:~# cat /tmp/74806.php

  string(26) "2017-06-23 17:51:39.00"
  ["timezone_type"]=>
  int(3)
  ["timezone"]=>
  string(12) "Europe/Paris"
}


*** End of the template - remove these template lines ***


-- Package-specific info:
 Additional PHP 7.0 information 

 PHP 7.0 SAPI (php7.0query -S): 

 PHP 7.0 Extensions (php7.0query -M -v): 

 Configuration files: 
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions = 
pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = On
display_startup_errors = On
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
date.timezone = Europe/Paris
[filter]
[iconv]
[intl]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[Assertion]
zend.assertions = -1
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]

 /etc/php/7.0/fpm/conf.d/20-sysvmsg.ini 
extension=sysvmsg.so

 /etc/php/7.0/fpm/conf.d/20-json.ini 
extension=json.so

 /etc/php/7.0/fpm/conf.d/20-ftp.ini 
extension=ftp.so

 /etc/php/7.0/fpm/conf.d/20-calendar.ini 
extension=calendar.so

 /etc/php/7.0/fpm/conf.d/20-posix.ini 
extension=posix.so

 /etc/php/7.0/fpm/conf.d/20-xsl.ini 
extension=xsl.so

 /etc/php/7.0/fpm/conf.d/10-pdo.ini 
extension=pdo.so

 /etc/php/7.0/fpm/conf.d/20-xmlwriter.ini 
extension=xmlwriter.so

 /etc/php/7.0/fpm/conf.d/20-simplexml.ini 
extension=simplexml.so

 /etc/php/7.0/fpm/conf.d/20-sqlite3.ini 
extension=sqlite3.so

 /etc/php/7.0/fpm/conf.d/20-sysvshm.ini 
extension=sysvshm.so

Bug#863946: ITA: snappy -- fast compression/decompression library

2017-06-17 Thread Laszlo Boszormenyi (GCS) 
retitle 863946 ITA: snappy -- fast compression/decompression library
owner 863946 !
thanks

I would like to maintain it as my package, leveldb build depends on it.

Bug#856119: unblock: qpid-python

2017-02-25 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

I maintain some Qpid related packages, even if I've neglected those.
However qpid-python was in other hands and recently orphaned.
I have adopted it and made small changes to it. The compat change
may warn you, but I can assure you that the binary package is bit
identical to the one currently in Stretch (made md5sum on all files
and those match).

Please unblock it to have a maintainer in the background - debdiff is
attached.

Thanks,
Laszlo/GCSdiff -Nru qpid-python-1.35.0+dfsg/debian/changelog qpid-python-1.35.0+dfsg/debian/changelog
--- qpid-python-1.35.0+dfsg/debian/changelog	2016-10-09 20:24:29.0 +0200
+++ qpid-python-1.35.0+dfsg/debian/changelog	2017-02-21 22:44:19.0 +0100
@@ -1,3 +1,11 @@
+qpid-python (1.35.0+dfsg-2) unstable; urgency=low
+
+  * New maintainer (closes: #729207).
+  * Generalize watch file.
+  * Use debhelper level 10 in compat.
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Tue, 21 Feb 2017 21:44:19 +
+
 qpid-python (1.35.0+dfsg-1) unstable; urgency=medium
 
   * QA upload.
diff -Nru qpid-python-1.35.0+dfsg/debian/compat qpid-python-1.35.0+dfsg/debian/compat
--- qpid-python-1.35.0+dfsg/debian/compat	2016-10-09 20:24:29.0 +0200
+++ qpid-python-1.35.0+dfsg/debian/compat	2017-02-21 22:44:19.0 +0100
@@ -1 +1 @@
-9
+10
diff -Nru qpid-python-1.35.0+dfsg/debian/control qpid-python-1.35.0+dfsg/debian/control
--- qpid-python-1.35.0+dfsg/debian/control	2016-10-09 20:24:29.0 +0200
+++ qpid-python-1.35.0+dfsg/debian/control	2017-02-21 22:44:19.0 +0100
@@ -1,7 +1,7 @@
 Source: qpid-python
 Section: python
 Priority: extra
-Maintainer: Debian QA Group <packa...@qa.debian.org>
+Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
 Build-Depends: debhelper (>= 10),
dh-python,
python (>= 2.6.6-3~),
diff -Nru qpid-python-1.35.0+dfsg/debian/copyright qpid-python-1.35.0+dfsg/debian/copyright
--- qpid-python-1.35.0+dfsg/debian/copyright	2016-10-09 20:24:29.0 +0200
+++ qpid-python-1.35.0+dfsg/debian/copyright	2017-02-21 22:44:19.0 +0100
@@ -4,7 +4,7 @@
 Files-Excluded: qpid/specs/amqp-0-10.dtd
 
 Files: *
-Copyright: 2006-2016 QPID Apache team
+Copyright: 2006-2017 QPID Apache team
 License: Apache
 
 Files: qpid/specs/*
@@ -15,8 +15,9 @@
 Copyright: 2009-2012 Cajus Pollmeier <ca...@debian.org>
2013  Michael Gilbert <mgilb...@debian.org>
2013  Barry deFreese <bdefre...@debian.org>
-	   2013  Michael Banck <mba...@debian.org>
+   2013  Michael Banck <mba...@debian.org>
2016  Herbert Parentes Fortes Neto <h...@debian.org>
+   2017  Laszlo Boszormenyi (GCS) <g...@debian.org>
 License: GPL-3+
 
 License: Apache
diff -Nru qpid-python-1.35.0+dfsg/debian/rules qpid-python-1.35.0+dfsg/debian/rules
--- qpid-python-1.35.0+dfsg/debian/rules	2016-10-09 20:24:29.0 +0200
+++ qpid-python-1.35.0+dfsg/debian/rules	2017-02-21 22:44:19.0 +0100
@@ -1,10 +1,14 @@
 #!/usr/bin/make -f
+# -*- makefile -*-
 
+# Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
+
 export PYBUILD_NAME = qpid
 
+override_dh_auto_test:
+
 %:
 	dh  $@ --with python2 --buildsystem=pybuild
 
-override_dh_auto_test:
-	
+.PHONY: override_dh_auto_test
diff -Nru qpid-python-1.35.0+dfsg/debian/watch qpid-python-1.35.0+dfsg/debian/watch
--- qpid-python-1.35.0+dfsg/debian/watch	2016-10-09 20:24:29.0 +0200
+++ qpid-python-1.35.0+dfsg/debian/watch	2017-02-21 22:44:19.0 +0100
@@ -1,4 +1,3 @@
 version=4
-#http://www.apache.org/dist/qpid/([\d\.]+)/qpid-python-(.*)\.tar\.gz
 opts=dversionmangle=s/\+dfsg\d*$// \
-http://ftp.unicamp.br/pub/apache/qpid/python/([\d\.]+)/qpid-python-(.*)\.tar\.gz
+http://qpid.apache.org/download.html .*/python/.+/qpid-python-([\d\.]+)\.(?:tgz|tbz2|txz|tar\.(?:gz|bz2|xz))

Bug#856121: unblock: zeromq3

2017-02-25 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

Recently reported that the OpenPGM support of ZeroMQ doesn't work
(RC bug link[1]). Reason is that the configure switch for that was
changed a while back from 'with-system-pgm' to 'with-pgm' and it went
unnoticed.

Please unblock it and let users have OpenPGM support again. The debdiff
is attached and the change is only the mentioned configure switch.

Thanks,
Laszlo/GCS
[1] https://bugs.debian.org/856023diff -Nru zeromq3-4.2.1/debian/changelog zeromq3-4.2.1/debian/changelog
--- zeromq3-4.2.1/debian/changelog	2017-01-01 15:53:54.0 +
+++ zeromq3-4.2.1/debian/changelog	2017-02-24 17:35:03.0 +
@@ -1,3 +1,9 @@
+zeromq3 (4.2.1-3) unstable; urgency=medium
+
+  * Compile with OpenPGM support (closes: #856023).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Fri, 24 Feb 2017 17:35:03 +
+
 zeromq3 (4.2.1-2) unstable; urgency=low
 
   * Backport upstream fix for Hurd FTBFS (closes: #849860).
diff -Nru zeromq3-4.2.1/debian/rules zeromq3-4.2.1/debian/rules
--- zeromq3-4.2.1/debian/rules	2016-11-04 15:30:31.0 +
+++ zeromq3-4.2.1/debian/rules	2017-02-24 17:35:03.0 +
@@ -17,7 +17,7 @@
 	rm -f config.log
 
 override_dh_auto_configure:
-	dh_auto_configure -- --with-system-pgm --with-libsodium
+	dh_auto_configure -- --with-pgm --with-libsodium
 
 override_dh_auto_test:
 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))

Bug#856120: unblock (pre-approval): sqlite3

2017-02-25 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

There's a NULL pointer problem fixed in the 3.17.0 version of
SQLite that affects the Stretch version.
The bugreport[1] contains a proof of concept code, which doesn't crash
(it seems it doesn't have a security impact) - but still the bug marked
as severe code defect and fixed immediately. Upstream fix[2] is small,
checking the value and assign 0 if it's NULL. Then the next 'if' will
print an error message that the value can not be opened as being NULL.
The debdiff is attached and I hope the upload and later the unblock
can be approved.

Thanks for consideration,
Laszlo/GCS
[1] http://www.sqlite.org/src/tktview?name=e6e962d6b0
[2] https://www.sqlite.org/src/info/8cd1a4451cce1fe2diff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog
--- sqlite3-3.16.2/debian/changelog	2017-01-22 17:21:15.0 +
+++ sqlite3-3.16.2/debian/changelog	2017-02-13 17:31:26.0 +
@@ -1,3 +1,10 @@
+sqlite3 (3.16.2-3) unstable; urgency=medium
+
+  * Backport upstream fix to ensure that sqlite3_blob_reopen() correctly
+handles short rows.
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 13 Feb 2017 17:31:26 +
+
 sqlite3 (3.16.2-2) unstable; urgency=medium
 
   * Backport upstream fix of variable initialization in the CLI tool.
diff -Nru sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch
--- sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch	1970-01-01 00:00:00.0 +
+++ sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch	2017-02-13 17:31:26.0 +
@@ -0,0 +1,22 @@
+Description: Ensure that sqlite3_blob_reopen() correctly handles short rows
+ TODO: Put a short summary on the line above and replace this paragraph
+   * Non-maintainer upload.
+Origin: upstream, https://www.sqlite.org/src/info/8cd1a4451cce1fe2
+Author: Laszlo Boszormenyi (GCS) <g...@debian.org>
+Last-Update: 2017-02-14
+
+---
+
+--- sqlite3-3.16.2.orig/src/vdbeblob.c
 sqlite3-3.16.2/src/vdbeblob.c
+@@ -67,7 +67,9 @@ static int blobSeekToRow(Incrblob *p, sq
+   rc = sqlite3_step(p->pStmt);
+   if( rc==SQLITE_ROW ){
+ VdbeCursor *pC = v->apCsr[0];
+-u32 type = pC->aType[p->iCol];
++u32 type = pC->nHdrParsed>p->iCol ? pC->aType[p->iCol] : 0;
++testcase( pC->nHdrParsed==p->iCol );
++testcase( pC->nHdrParsed==p->iCol+1 );
+ if( type<12 ){
+   zErr = sqlite3MPrintf(p->db, "cannot open value of type %s",
+   type==0?"null": type==7?"real": "integer"
diff -Nru sqlite3-3.16.2/debian/patches/series sqlite3-3.16.2/debian/patches/series
--- sqlite3-3.16.2/debian/patches/series	2017-01-22 17:21:15.0 +
+++ sqlite3-3.16.2/debian/patches/series	2017-02-13 17:31:26.0 +
@@ -6,3 +6,4 @@
 31-increase_SQLITE_MAX_DEFAULT_PAGE_SIZE_to_32k.patch
 02-use-packaged-lempar.c.patch
 32-fix_an_uninitialized_variable_in_the_command-line_shell.patch
+35-fix-sqlite3_blob_reopen.patch

Bug#856118: unblock: graphicsmagick

2017-02-25 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

Upstream of GraphicsMagick, Bob Friesenhahn reported its vulnerability
when reading (heap buffer overread) CMYKA TIFF files[1].

The fix is small and the debdiff is attached for your convenience.
Please unblock and let it migrate to Stretch.

Thanks,
Laszlo/GCS
[1] http://www.openwall.com/lists/oss-security/2017/02/24/1diff -Nru graphicsmagick-1.3.25/debian/changelog graphicsmagick-1.3.25/debian/changelog
--- graphicsmagick-1.3.25/debian/changelog	2016-12-25 15:42:18.0 +0100
+++ graphicsmagick-1.3.25/debian/changelog	2017-02-24 20:17:41.0 +0100
@@ -1,3 +1,9 @@
+graphicsmagick (1.3.25-8) unstable; urgency=high
+
+  * Backport security fix for out of bounds access when reading CMYKA tiff.
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Fri, 24 Feb 2017 19:17:41 +
+
 graphicsmagick (1.3.25-7) unstable; urgency=medium
 
   * Add hack to build self-tests on mips* architectures.
diff -Nru graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch
--- graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch	1970-01-01 01:00:00.0 +0100
+++ graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch	2017-02-24 20:17:41.0 +0100
@@ -0,0 +1,70 @@
+# HG changeset patch
+# User Bob Friesenhahn <bfrie...@graphicsmagick.org>
+# Date 1487905610 21600
+#  Thu Feb 23 21:06:50 2017 -0600
+# Node ID 6156b4c2992d855ece6079653b3b93c3229fc4b8
+# Parent  0392c4305a4369984ec8069055acc470c0a73647
+Fix out of bounds access when reading CMYKA tiff which claims wrong samples/pixel.
+
+diff -r 0392c4305a43 -r 6156b4c2992d ChangeLog
+--- a/ChangeLog	Sun Jan 29 10:04:57 2017 -0600
 b/ChangeLog	Thu Feb 23 21:06:50 2017 -0600
+@@ -1,3 +1,10 @@
++2017-02-23  Bob Friesenhahn  <bfrie...@simple.dallas.tx.us>
++
++	* coders/tiff.c (QuantumTransferMode): Fix out of bounds
++	read/write when reading CMYKA TIFF which claims to have only 2
++	samples per pixel.  Problem was reported via email on February 15,
++	2017 by Valon Chu.
++
+ 2016-10-21 Glenn Randers-Pehrson  <glen...@simple.dallas.tx.us>
+ 
+ 	*coders/png.c (ReadOneJNGImage): Enforce spec requirement that the
+diff -r 0392c4305a43 -r 6156b4c2992d coders/tiff.c
+--- a/coders/tiff.c	Sun Jan 29 10:04:57 2017 -0600
 b/coders/tiff.c	Thu Feb 23 21:06:50 2017 -0600
+@@ -1230,8 +1230,8 @@
+   case 0:
+ if (samples_per_pixel == 1)
+   *quantum_type=GrayQuantum;
+-  else
+-*quantum_type=RedQuantum;
++else
++  *quantum_type=RedQuantum;
+ break;
+   case 1:
+ *quantum_type=GreenQuantum;
+@@ -1411,12 +1411,12 @@
+   }
+ else
+   {
+-if (image->matte)
++if (image->matte && samples_per_pixel >= 5)
+   {
+ *quantum_type=CMYKAQuantum;
+ *quantum_samples=5;
+   }
+-else
++else if (samples_per_pixel >= 4)
+   {
+ *quantum_type=CMYKQuantum;
+ *quantum_samples=4;
+diff -r 0392c4305a43 -r 6156b4c2992d www/Changelog.html
+--- a/www/Changelog.html	Sun Jan 29 10:04:57 2017 -0600
 b/www/Changelog.html	Thu Feb 23 21:06:50 2017 -0600
+@@ -35,6 +35,15 @@
+ 
+ 
+ 
++2017-02-23  Bob Friesenhahn  bfriesensimpledallastxus
++
++
++coders/tiff.c (QuantumTransferMode): Fix out of bounds
++read/write when reading CMYKA TIFF which claims to have only 2
++samples per pixel.  Problem was reported via email on February 15,
++2017 by Valon Chu.
++
++
+ 2016-10-21 Glenn Randers-Pehrson  glennrpsimpledallastxus
+ 
+ *coders/png.c (ReadOneJNGImage): Enforce spec requirement that the
diff -Nru graphicsmagick-1.3.25/debian/patches/series graphicsmagick-1.3.25/debian/patches/series
--- graphicsmagick-1.3.25/debian/patches/series	2016-12-25 15:42:18.0 +0100
+++ graphicsmagick-1.3.25/debian/patches/series	2017-02-24 20:17:41.0 +0100
@@ -8,3 +8,4 @@
 CVE-2016-8684.patch
 CVE-2016-9830.patch
 mips_link_fix.patch
+Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch

Bug#729207: ITA: qpid-python -- Python bindings for qpid/mlib

2017-02-22 Thread Laszlo Boszormenyi (GCS) 
retitle 729207 ITA: qpid-python -- Python bindings for qpid/mlib
owner 729207 !
thanks

As maintainer of other Qpid packages, I would like to update the whole
stack and keep that up-to-date.

Bug#855533: mate-dock-applet does not do anything

2017-02-19 Thread Laszlo T. 
Package: mate-dock-applet
Version: 0.75-1
Severity: important

Dear Maintainer,

The mate-dock-applet does not do anything when I add it to the panel.

repro steps:
-create new panel
-add the dock applet to the panel
-run some applications

expected:

should show the running programs

Br,
Laszlo T.



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=hu_HU.UTF-8, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mate-dock-applet depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.26.0-2
ii  gir1.2-gdkpixbuf-2.0 2.36.4-1
ii  gir1.2-glib-2.0  1.50.0-1
ii  gir1.2-gtk-3.0   3.22.7-2
ii  gir1.2-mate-panel1.16.0-2
ii  gir1.2-wnck-3.0  3.20.1-3
ii  libglib2.0-bin   2.50.2-2
ii  mate-panel   1.16.0-2
ii  python3  3.5.3-1
ii  python3-gi-cairo 3.22.0-2
ii  python3-pil  4.0.0-4
ii  python3-xdg  0.25-4

mate-dock-applet recommends no packages.

mate-dock-applet suggests no packages.

-- no debconf information

Bug#855350: tigervnc-xorg-extension: Loading the tigervnc the extension makes the x server practically unusable

2017-02-16 Thread Kertesz Laszlo 
Package: tigervnc-xorg-extension
Version: 1.7.0+dfsg-6
Severity: important

Dear Maintainer,

Symptoms after loading the libvnc.so extension:
The following is from the actual computer locally.
- lightdm starts slowly (no other clue other than takes a few times more than 
usual). visuals ok.
- I log into MATE desktop, and the input is so slow it is unusable - cursor 
moves at real time but clicking and opening 
applications has a few seconds lag. 
Applications fail to launch at startup. High cpu usage on dragging windows 
around. The actual console is practically unusable.


Also i could not find a way to actually pass options (like the ones are used by 
the standalone server) to the extension
 - tried creating a screen manually, subsection to Module but none worked. If i 
try to connect to the port the 
login is rejected with "vnc password not set". Tried setting password with 
root, under /etc/vnc/passwd without success.

xorg.conf (note that i tried only "load vnc" without subsection too but it is 
exactly the same):

Section "Module"
load "dri2"
#   load "vnc"
load "glamoregl"
SubSection "vnc"
Option "SecurityTypes" "TLSPlain"
Option "PlainUsers" "laca"
Option "localhost" "yes"
EndSubSection
EndSection

Section "Device"
Identifier "radeon"
Driver "radeon"
Option "AccelMethod" "glamor"
Option "TearFree"   "True"
Option "DRI3" "1"
EndSection

#Section "Screen"
#   Identifier "myscreen"
#   Device "radeon"
#   Option "SecurityTypes" "TLSPlain"
#   Option "PlainUsers" "laca"
#   Option "localhost" "yes"
#EndSection

Xorg log file (i did switch to VT1 and back to 7 a few times):
http://pastebin.com/31Fbiwiu



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tigervnc-xorg-extension depends on:
ii  libaudit1  1:2.6.7-1
ii  libc6  2.24-9
ii  libgcc11:6.3.0-6
ii  libgnutls303.5.8-3
ii  libjpeg62-turbo1:1.5.1-2
ii  libpam0g   1.1.8-3.5
ii  libstdc++6 6.3.0-6
ii  xserver-xorg-core  2:1.19.1-4
ii  zlib1g 1:1.2.8.dfsg-5

Versions of packages tigervnc-xorg-extension recommends:
ii  tigervnc-common  1.7.0+dfsg-6

tigervnc-xorg-extension suggests no packages.

-- no debconf information

Bug#854968: unblock: ntfs-3g

2017-02-12 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

Please unblock ntfs-3g 2016.2.22AR.1-4 as it fixes CVE-2017-0358.
The debdiff is attached for your convenience.

Thanks,
Laszlo/GCSdiff -Nru ntfs-3g-2016.2.22AR.1/debian/changelog ntfs-3g-2016.2.22AR.1/debian/changelog
--- ntfs-3g-2016.2.22AR.1/debian/changelog	2016-04-21 18:48:50.0 +
+++ ntfs-3g-2016.2.22AR.1/debian/changelog	2017-02-01 06:23:28.0 +
@@ -1,3 +1,10 @@
+ntfs-3g (1:2016.2.22AR.1-4) unstable; urgency=high
+
+  * Fix CVE-2017-0358: modprobe influence vulnerability via environment
+variables.
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Wed, 01 Feb 2017 06:23:28 +
+
 ntfs-3g (1:2016.2.22AR.1-3) unstable; urgency=low
 
   * Really fix ELIBBAD errno on kFreeBSD (closes: #821838).
diff -Nru ntfs-3g-2016.2.22AR.1/debian/patches/0003-CVE-2017-0358.patch ntfs-3g-2016.2.22AR.1/debian/patches/0003-CVE-2017-0358.patch
--- ntfs-3g-2016.2.22AR.1/debian/patches/0003-CVE-2017-0358.patch	1970-01-01 00:00:00.0 +
+++ ntfs-3g-2016.2.22AR.1/debian/patches/0003-CVE-2017-0358.patch	2017-02-01 06:23:28.0 +
@@ -0,0 +1,36 @@
+--- ntfs-3g/src/lowntfs-3g.c.ref	2016-12-31 08:56:59.011749600 +0100
 ntfs-3g/src/lowntfs-3g.c	2017-01-05 14:41:52.041473700 +0100
+@@ -4291,13 +4291,14 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+ 	struct timespec req = { 0, 1 };   /* 100 msec */
+ 	fuse_fstype fstype;
+ 
+ 	if (!stat(cmd, ) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, );
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);
+--- ntfs-3g/src/ntfs-3g.c.ref	2016-12-31 08:56:59.022518700 +0100
 ntfs-3g/src/ntfs-3g.c	2017-01-05 15:45:45.912499400 +0100
+@@ -3885,13 +3885,14 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+ 	struct timespec req = { 0, 1 };   /* 100 msec */
+ 	fuse_fstype fstype;
+ 	
+ 	if (!stat(cmd, ) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, );
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);
diff -Nru ntfs-3g-2016.2.22AR.1/debian/patches/series ntfs-3g-2016.2.22AR.1/debian/patches/series
--- ntfs-3g-2016.2.22AR.1/debian/patches/series	2016-04-20 15:51:16.0 +
+++ ntfs-3g-2016.2.22AR.1/debian/patches/series	2017-02-01 06:23:28.0 +
@@ -1,2 +1,3 @@
 0001-link-with-gpg-error.patch
 0002-kFreeBSD_ELIBBAD.patch
+0003-CVE-2017-0358.patch

Bug#853770: unblock: pyro4

2017-01-31 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

I don't want to hide that due to my mistake, pyro4 package migrated to
Stretch without the selectors34 dependency of python2-pyro4 even
packaged. It was only partly fixed with importing the selectors module
instead[1] - that fixes the client mode but the multiplexed server
still fails (the user have to change to the threadpool variant).

I see the following solutions:
1) Drop the python2 variant of Pyro4 and only ship the python3 one
   (worst case).
2) Allow the packaged selectors34 module[2] to Stretch (not yet
   uploaded) as it's an one file module.
3) Add the selectors34.py to the pyro4 package, debdiff to the Stretch
   version is attached.
4) Use the upstream commit not to fail with the import, but inform the
   user to switch to the threadpool variant with a RuntimeError[3]
   when using the Python 2 variant.

Which solution would be allowed for Stretch?

Thanks,
Laszlo/GCS
[1] https://bugs.debian.org/852245
[2] dget -x http://www.barcikacomp.hu/gcs/selectors34_1.1.0-1.dsc
[3] https://github.com/irmen/Pyro4/commit/edfdbb2ce4279d929b306d00ac8fb
c6543a0807bdiff -Nru pyro4-4.53/debian/changelog pyro4-4.53/debian/changelog
--- pyro4-4.53/debian/changelog	2017-01-06 12:45:50.0 +
+++ pyro4-4.53/debian/changelog	2017-01-31 16:56:26.0 +
@@ -1,3 +1,20 @@
+pyro4 (4.53-3) unstable; urgency=medium
+
+  * Add selectors34 to Python2 package for proper Python2 compatibility
+(closes: #852245).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Tue, 31 Jan 2017 16:56:26 +
+
+pyro4 (4.53-2) unstable; urgency=medium
+
+  * Rework Python version detection.
+  * Remove requires.txt from the installed files.
+
+  [ Marcin Kulisz <deb...@kulisz.net> ]
+  * Fix Python2 compatibility (closes: #852245).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 23 Jan 2017 21:17:56 +
+
 pyro4 (4.53-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru pyro4-4.53/debian/control pyro4-4.53/debian/control
--- pyro4-4.53/debian/control	2017-01-06 12:45:50.0 +
+++ pyro4-4.53/debian/control	2017-01-31 16:56:26.0 +
@@ -33,7 +33,7 @@
 
 Package: python2-pyro4
 Architecture: all
-Depends: python2-serpent (>= 1.16), ${misc:Depends}, ${python:Depends}
+Depends: python2-serpent (>= 1.16), python-six, ${misc:Depends}, ${python:Depends}
 Conflicts: python3-pyro4
 Replaces: python3-pyro4
 Suggests: pyro4-doc, pyro4
diff -Nru pyro4-4.53/debian/copyright pyro4-4.53/debian/copyright
--- pyro4-4.53/debian/copyright	2013-07-10 18:22:45.0 +
+++ pyro4-4.53/debian/copyright	2017-01-31 16:56:26.0 +
@@ -25,6 +25,54 @@
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  SOFTWARE.
 
+Files: debian/selectors34.py
+Copyright: Copyright (C) 2015- Berker Peksag <berker.pek...@gmail.com>
+License: PSFL-2
+ 1. This LICENSE AGREEMENT is between the Python Software Foundation
+ ("PSF"), and the Individual or Organization ("Licensee") accessing and
+ otherwise using this software ("Python") in source or binary form and
+ its associated documentation.
+ .
+ 2. Subject to the terms and conditions of this License Agreement, PSF hereby
+ grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
+ analyze, test, perform and/or display publicly, prepare derivative works,
+ distribute, and otherwise use Python alone or in any derivative version,
+ provided, however, that PSF's License Agreement and PSF's notice of copyright,
+ i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+ 2010, 2011 Python Software Foundation; All Rights Reserved" are retained in
+ Python alone or in any derivative version prepared by Licensee.
+ .
+ 3. In the event Licensee prepares a derivative work that is based on
+ or incorporates Python or any part thereof, and wants to make
+ the derivative work available to others as provided herein, then
+ Licensee hereby agrees to include in any such work a brief summary of
+ the changes made to Python.
+ .
+ 4. PSF is making Python available to Licensee on an "AS IS"
+ basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+ IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+ DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+ FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+ INFRINGE ANY THIRD PARTY RIGHTS.
+ .
+ 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+ FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+ A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+ OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+ .
+ 6. This License Agreement will automatically terminate upon a material
+ breach of its terms and conditions.
+ .
+ 7. Nothing in this License Agreeme

Bug#842942: ITA: python-leveldb -- Python wrapper for LevelDB

2017-01-26 Thread Laszlo Boszormenyi (GCS) 
retitle 842942 ITA: python-leveldb -- Python wrapper for LevelDB
owner 842942 !
thanks

As one of the LevelDB maintainers, I would like to keep this package
updated for Stretch.

Bug#849917: ITA: ivykis -- Asynchronous I/O readiness notification library

2017-01-22 Thread Laszlo Boszormenyi (GCS) 
retitle 849917 ITA: ivykis -- Asynchronous I/O readiness notification library
owner 849917 !
thanks

I would like to maintain it, as my packages syslog-ng{,-incubator}
depends on this.

Bug#851842: [Pkg-tigervnc-devel] Bug#851842: tigervnc-xorg-extension - libvnc.so fails to load with undefined symbol: gnutls_bye

2017-01-19 Thread Laszlo KERTESZ 
Removed:

libgnutls26
libgnutls-deb0-28
that had old dependencies that were not updated anymore.

libgnutls30 is the only one left (it has many dependencies).
But i still get the same error.
I even removed the "TLSPlain" security mode, changed it to "VncAuth" but
still the same.


On Thu, Jan 19, 2017 at 4:36 PM, Ola Lundqvist <o...@debian.org> wrote:

> Hi
>
> Can you try installing gnutls libraries to see if that solves the problem?
>
> // Ola
>
> On 19 January 2017 at 10:13, Kertesz Laszlo <laszlo.kert...@gmail.com>
> wrote:
> > Package: tigervnc-xorg-extension
> > Version: 1.7.0+dfsg-2
> > Severity: important
> >
> > Dear Maintainer,
> >
> > I installed tigervnc-xorg-extension package and modified xorg.conf to
> load the libvnc.so extension.
> > But it does not load, the xorg log has the following errors in it:
> >
> > [335353.500] (II) LoadModule: "vnc"
> > [335353.500] (II) Loading /usr/lib/xorg/modules/extensions/libvnc.so
> > [335353.502] (EE) Failed to load /usr/lib/xorg/modules/extensions/libvnc.so:
> /usr/lib/xorg/modules/extensions/libvnc.so: undefined symbol: gnutls_bye
> > [335353.502] (II) UnloadModule: "vnc"
> > [335353.502] (II) Unloading vnc
> > [335353.502] (EE) Failed to load module "vnc" (loader failed, 7)
> >
> > My xorg.conf:
> >
> > Section "Device"
> > Identifier "radeon"
> > Driver "radeon"
> > Option "AccelMethod" "glamor"
> > Option "TearFree"   "True"
> > Option "DRI3" "1"
> > EndSection
> >
> >
> > Section "Module"
> > Load "vnc"
> > EndSection
> >
> >
> > Section "Screen"
> > Identifier "myscreen"
> > Option "SecurityTypes" "TLSPlain"
> > Option "PlainUsers" "myuser"
> > EndSection
> >
> >
> > -- System Information:
> > Debian Release: 9.0
> >   APT prefers testing
> >   APT policy: (500, 'testing'), (2, 'unstable'), (1, 'experimental')
> > Architecture: amd64 (x86_64)
> > Foreign Architectures: i386
> >
> > Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
> > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> > Shell: /bin/sh linked to /bin/dash
> > Init: systemd (via /run/systemd/system)
> >
> > Versions of packages tigervnc-xorg-extension depends on:
> > ii  libaudit1  1:2.6.7-1
> > ii  libc6  2.24-8
> > ii  libgcc11:6.2.1-5
> > ii  libpam0g   1.1.8-3.5
> > ii  libstdc++6 6.2.1-5
> > ii  xserver-xorg-core  2:1.19.1-1
> >
> > Versions of packages tigervnc-xorg-extension recommends:
> > ii  tigervnc-common  1.7.0+dfsg-2
> >
> > tigervnc-xorg-extension suggests no packages.
> >
> > -- no debconf information
> >
> > ___
> > Pkg-tigervnc-devel mailing list
> > pkg-tigervnc-de...@lists.alioth.debian.org
> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/
> pkg-tigervnc-devel
>
>
>
> --
>  - Ola Lundqvist ---
> /  o...@debian.org Folkebogatan 26  \
> |  o...@inguza.com  654 68 KARLSTAD  |
> |  http://inguza.com/  +46 (0)70-332 1551   |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
>  ---
>

Bug#851842: tigervnc-xorg-extension - libvnc.so fails to load with undefined symbol: gnutls_bye

2017-01-19 Thread Kertesz Laszlo 
Package: tigervnc-xorg-extension
Version: 1.7.0+dfsg-2
Severity: important

Dear Maintainer,

I installed tigervnc-xorg-extension package and modified xorg.conf to load the 
libvnc.so extension.
But it does not load, the xorg log has the following errors in it:

[335353.500] (II) LoadModule: "vnc"
[335353.500] (II) Loading /usr/lib/xorg/modules/extensions/libvnc.so
[335353.502] (EE) Failed to load /usr/lib/xorg/modules/extensions/libvnc.so: 
/usr/lib/xorg/modules/extensions/libvnc.so: undefined symbol: gnutls_bye
[335353.502] (II) UnloadModule: "vnc"
[335353.502] (II) Unloading vnc
[335353.502] (EE) Failed to load module "vnc" (loader failed, 7)

My xorg.conf:

Section "Device"
Identifier "radeon"
Driver "radeon"
Option "AccelMethod" "glamor"
Option "TearFree"   "True"
Option "DRI3" "1"
EndSection


Section "Module"
Load "vnc"
EndSection


Section "Screen"
Identifier "myscreen"
Option "SecurityTypes" "TLSPlain"
Option "PlainUsers" "myuser"
EndSection


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tigervnc-xorg-extension depends on:
ii  libaudit1  1:2.6.7-1
ii  libc6  2.24-8
ii  libgcc11:6.2.1-5
ii  libpam0g   1.1.8-3.5
ii  libstdc++6 6.2.1-5
ii  xserver-xorg-core  2:1.19.1-1

Versions of packages tigervnc-xorg-extension recommends:
ii  tigervnc-common  1.7.0+dfsg-2

tigervnc-xorg-extension suggests no packages.

-- no debconf information

Bug#849909: Ok, i found the solution

2017-01-10 Thread Laszlo KERTESZ 
I modified the following lines in openssl.cnf to look like this:

default_days   = 3650 # how long to certify for
default_crl_days= 3650 # how long before next CRL

Then regenerated the CRL:

openssl ca  -gencrl -keyfile keys/ca.key -cert keys/ca.crt  -out
keys/crl.pem -config ./openssl.cnf

Now with openvpn 2.4 the clients are connecting fine.

Regards,
Laszlo Kertesz

Bug#849909: Is there a documentation that describes this behavior?

2017-01-07 Thread Laszlo KERTESZ 
Hello,
Thanks for the reply.
I did search for this issue when i encountered it but i did not find the
answer that's why i filed this bug. I also
searched for a way of regenerating the CRL but also found nothing
straightforward.
Can you point me to some documentation that describes this and the method
of regenerating the CRL in this case?
I have a few revoked certificates already in the list.
Regards,
Laszlo Kertesz

Bug#849909: openvpn: Openvpn 2.4 sees all client certificates as expired if i use crl-verify

2017-01-01 Thread Kertesz Laszlo 
Package: openvpn
Version: 2.4.0-3
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***
Since version 2.4 appeared in Testing clients cannot connect to my openvpn 
servers 
(i have 2 running on my desktop). 
They are working fine if i downgrade to 2.3.11, but 2.4 versions seem to treat 
all certificates as expired if crl-verify is enabled. 
I checked all certificates and are valid until 2021-2026.

Commenting out the crl-verify line from the server config will make it work, but
i have revoked certificates and without this option those certificates will be 
allowed to connect. 

Excerpt from server log (removed IP addresses and other personal info):

Mon Jan  2 07:37:10 2017 us=426660 1.2.3.4:36241 TLS: Initial packet from 
[AF_INET]1.2.3.4:36241, sid=66129e86 1e790a7e
Mon Jan  2 07:37:10 2017 us=466023 1.2.3.4:36241 VERIFY ERROR: depth=0, 
error=CRL has expired: C=XX, ST=XX, L=XXX, O=None, CN=mycn, 
emailAddress=my@email
Mon Jan  2 07:37:10 2017 us=466182 1.2.3.4:36241 OpenSSL: error:14089086:SSL 
routines:ssl3_get_client_certificate:certificate verify failed
Mon Jan  2 07:37:10 2017 us=466201 1.2.3.4:36241 TLS_ERROR: BIO read 
tls_read_plaintext error
Mon Jan  2 07:37:10 2017 us=466215 1.2.3.4:36241 TLS Error: TLS object -> 
incoming plaintext read error
Mon Jan  2 07:37:10 2017 us=466228 1.2.3.4:36241 TLS Error: TLS handshake failed
Mon Jan  2 07:37:10 2017 us=466290 1.2.3.4:36241 SIGUSR1[soft,tls-error] 
received, client-instance restarting


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.59
ii  init-system-helpers1.46
ii  iproute2   4.9.0-1
ii  libc6  2.24-8
ii  liblz4-1   0.0~r131-2
ii  liblzo2-2  2.08-1.2
ii  libpam0g   1.1.8-3.4
ii  libpkcs11-helper1  1.11-6
ii  libssl1.0.21.0.2j-4
ii  libsystemd0232-8
ii  lsb-base   9.20161125

Versions of packages openvpn recommends:
ii  easy-rsa  2.2.2-2

Versions of packages openvpn suggests:
ii  openssl 1.1.0c-2
pn  resolvconf  

-- debconf information:
  openvpn/create_tun: false

Bug#846613: transition: gflags

2016-12-02 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Dear Release Team,

Small transition of gflags which changed the library name from
libgflags2v5 to libgflags2.2 . These are co-installable and the
new version is in experimental, built on all release architectures,
except mips* (yet).
The affected packages are[1]:
autofdo
ceres-solver
gnss-sdr
google-glog
rocksdb

All build fine with the new gflags release as well. Hope this can be
done before the Stretch release.

Kind regards,
Laszlo/GCS
[1] https://release.debian.org/transitions/html/auto-gflags.html

Bug#846271: transition: ntfs-3g

2016-11-29 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Dear Release Team,

Mini transition of ntfs-3g which changed the library name from
libntfs-3g871 to libntfs-3g872 . These are co-installable and the
new version is in experimental, built on all release architectures.
The affected packages are[1]:
partclone
testdisk
wimlib

All build fine with the new ntfs-3g release as well. Hope this can be
done before the Stretch release.

Kind regards,
Laszlo/GCS
[1] https://release.debian.org/transitions/html/auto-ntfs-3g.html

Bug#843308: src:linux: Happened to me using a usb bluetooth dongle and a usb headset.

2016-11-15 Thread Kertesz Laszlo 
Package: src:linux
Followup-For: Bug #843308

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

using a usb bluetooth dongle and a usb headset for sound playback i had the 
following
messages in dmesg repeated at a rate of more than 1/second:

[99120.582909] AMD-Vi: Event logged [IO_PAGE_FAULT device=00:12.0 domain=0x0005 
address=0x0080 flags=0x0020]

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

- pulled the usb dongle but the dmesg messages kept spamming
- issued the "rmmod ohci_pci ; modprobe ohci_pci" command - 
this seemed to reset the usb devices (the dongle was already pulled out)
 and the spamming stopped

Did not have issues like these with the previous kernels.

My hardware is Gigabyte F2A88X-D3H mobo with AMD A8-6500 CPU

00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 
10h-1fh) Processor Root Complex
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) 
I/O Memory Management Unit
00:01.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
Richland [Radeon HD 8570D]
00:01.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Trinity HDMI Audio 
Controller
00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 
10h-1fh) Processor Root Port
00:10.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB XHCI 
Controller (rev 09)
00:10.1 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB XHCI 
Controller (rev 09)
00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller 
[AHCI mode] (rev 40)
00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI 
Controller (rev 11)
00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB EHCI 
Controller (rev 11)
00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI 
Controller (rev 11)
00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB EHCI 
Controller (rev 11)
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 16)
00:14.2 Audio device: Advanced Micro Devices, Inc. [AMD] FCH Azalia Controller 
(rev 01)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 11)
00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD] FCH PCI Bridge (rev 40)
00:14.5 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI 
Controller (rev 11)
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 
10h-1fh) Processor Function 0
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 
10h-1fh) Processor Function 1
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 
10h-1fh) Processor Function 2
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 
10h-1fh) Processor Function 3
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 
10h-1fh) Processor Function 4
00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 
10h-1fh) Processor Function 5
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 
PCI Express Gigabit Ethernet Controller (rev 06)

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#840110: ITA: jfsutils -- utilities for managing the JFS filesystem

2016-11-07 Thread Laszlo Boszormenyi (GCS) 
retitle 840110 ITA: jfsutils -- utilities for managing the JFS filesystem
owner 840110 !
thanks

I still have JFS filesystems around and would like to keep it
maintained in Stretch.

Bug#842816: nmu: syslog-ng_3.7.3-3

2016-11-01 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hi,

I ask for binNMU of syslog-ng to build with PIE with the new
toolchain. Currently it prevents fixing of syslog-ng-incubator[1] as
it can't link with one of its libraries.

Thanks,
Laszlo/GCS

nmu syslog-ng_3.7.3-3 . ANY . unstable . -m "Recompile static libraries with 
PIE"

[1] https://bugs.debian.org/839454

Bug#841638: transition: libcrypto++

2016-10-21 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

I'd like to update libcrypto++ from 5.6.4 to 5.6.5; which is a
semi-transition. Packages I've tried works with both version,
however without binNMUs those will print this:
Symbol `_ZTVN8CryptoPP23FilterWithBufferedInputE' has different size in shared 
object, consider re-linking
Symbol `_ZTVN8CryptoPP10HexEncoderE' has different size in shared object, 
consider re-linking
Symbol `_ZTVN8CryptoPP11ProxyFilterE' has different size in shared object, 
consider re-linking

This matches upstream recommendation[1]:
"maintenance release, recompile of programs recommended"

I know about #841443 [2] and it will be fixed with the new upload.

Regards,
Laszlo/GCS
[1] http://www.cryptopp.com/release565.html
[2] https://bugs.debian.org/841443

Bug#826636: This bug is NOT fixed in 1.16.0-1

2016-10-10 Thread Laszlo KERTESZ 
This bug is NOT fixed in 1.16.0-1.
On my 2 computers running Debian Testing/Stretch (one has Intel Skylake
graphics, the other AMD radeon/r600g) this bug actually started to manifest
with 1.16.0-1.

Bug#836669: Caja crashes on my computer too.

2016-09-06 Thread Laszlo KERTESZ 
I have Testing/Stretch on 2 computers, on both Caja is crashing after the
recent libgtk3 updates. I downloaded the sources and compiled it myself, it
still crashes.

dmesg:

caja[19781]: segfault at 7ffc177e3d18 ip 7fe3b627f7b6 sp
7ffc177e3d10 error 6 in libc-2.23.so[7fe3b6245000+197000]

gdb trace for the  debian repo version (it repeats):

Thread 1 "caja" received signal SIGSEGV, Segmentation fault.
__GI_strtod_l_internal (nptr=0x7f0bc0b3c21d "10",
endptr=0x7fff8baea170,
group=0, loc=0x7f0bbdd06b60 <_nl_C_locobj>) at strtod_l.c:481
481 strtod_l.c: No such file or directory.
#0  __GI_strtod_l_internal (nptr=0x7f0bc0b3c21d "10",
endptr=0x7fff8baea170, group=0, loc=0x7f0bbdd06b60 <_nl_C_locobj>)
at strtod_l.c:481
#1  0x7f0bbffc60fe in ?? ()
   from /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
#2  0x7f0bbffc77a1 in pango_font_description_from_string ()
   from /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
#3  0x7f0bc07f22d0 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#4  0x7f0bbf08036b in g_type_create_instance ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x7f0bbf06220b in ?? ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6  0x7f0bbf06411e in g_object_new_valist ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#7  0x7f0bbf0643c1 in g_object_new ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#8  0x7f0bc07f8656 in gtk_widget_get_style ()
   from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#9  0x55c10b82b77b in ?? ()
#10 0x55c10b82bf5b in ?? ()
#11 0x7f0bbf060010 in g_cclosure_marshal_VOID__OBJECTv ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x7f0bbf05d102 in ?? ()
 from /usr/lib/x86_64-linux-gnu/libgobject-2.0.soQuit
#0  __GI_strtod_l_internal (nptr=0x7f0bc0b3c21d "10",
endptr=0x7fff8baea170, group=0, loc=0x7f0bbdd06b60 <_nl_C_locobj>)
at strtod_l.c:481
#1  0x7f0bbffc60fe in ?? ()
   from /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
#2  0x7f0bbffc77a1 in pango_font_description_from_string ()
   from /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
#3  0x7f0bc07f22d0 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#4  0x7f0bbf08036b in g_type_create_instance ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x7f0bbf06220b in ?? ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6  0x7f0bbf06411e in g_object_new_valist ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#7  0x7f0bbf0643c1 in g_object_new ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#8  0x7f0bc07f8656 in gtk_widget_get_style ()
   from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#9  0x55c10b82b77b in ?? ()
#10 0x55c10b82bf5b in ?? ()
#11 0x7f0bbf060010 in g_cclosure_marshal_VOID__OBJECTv ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x7f0bbf05d102 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#13 0x7f0bbf0778dd in g_signal_emit_valist ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x7f0bbf077fcf in g_signal_emit ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#15 0x7f0bc0af2883 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#16 0x7f0bc07f8666 in gtk_widget_get_style ()
   from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#17 0x55c10b82b77b in ?? ()
#18 0x55c10b82bf5b in ?? ()
#19 0x7f0bbf060010 in g_cclosure_marshal_VOID__OBJECTv ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#20 0x7f0bbf05d102 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#21 0x7f0bbf0778dd in g_signal_emit_valist ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#22 0x7f0bbf077fcf in g_signal_emit ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#23 0x7f0bc0af2883 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#24 0x7f0bc07f8666 in gtk_widget_get_style ()
   from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#25 0x55c10b82b77b in ?? ()
#26 0x55c10b82bf5b in ?? ()

gdb for the version i compiled from 1.14.2-1 sources :

Thread 1 "caja" received signal SIGSEGV, Segmentation fault.
__GI_strtod_l_internal (nptr=0x75e1021d "10",
endptr=0x7f7ff420, group=0, loc=0x73025b60 <_nl_C_locobj>)
at strtod_l.c:481
481 strtod_l.c: No such file or directory.
#0  __GI_strtod_l_internal (nptr=0x75e1021d "10",
endptr=0x7f7ff420, group=0, loc=0x73025b60 <_nl_C_locobj>)
at strtod_l.c:481
#1  0x752a70fe in ?? () from
/usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
#2  0x752a87a1 in pango_font_description_from_string () from
/usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
#3  0x75ac62d0 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#4  0x7437c36b in g_type_create_instance () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x7435e20b in ?? () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6  0x7436011e in

Bug#836787: jessie-pu: package pypdf2/1.23+git20141008-1+deb8u1

2016-09-05 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi Release Team,

A PyPDF2 user found a DoS, an infinite loop[1]. It has a reproducer
even. This affects Jessie as well (the Sid update is just uploaded).
Upstream fix is simple[2] and the Security Team noted this as no-dsa,
but can be updated via a Jessie PU.

Proposed patch is attached.

Thanks for considering,
Laszlo/GCS
[1] https://github.com/mstamy2/PyPDF2/issues/184
[2] 
https://github.com/mstamy2/PyPDF2/commit/4fc7f9d14adb2a9b890aea2616955ec54229f48cdiff -Nru pypdf2-1.23+git20141008/debian/changelog pypdf2-1.23+git20141008/debian/changelog
--- pypdf2-1.23+git20141008/debian/changelog	2014-10-25 21:00:12.0 +
+++ pypdf2-1.23+git20141008/debian/changelog	2016-09-05 17:50:32.0 +
@@ -1,3 +1,10 @@
+pypdf2 (1.23+git20141008-1+deb8u1) jessie; urgency=medium
+
+  * Backport fix 'prevent infinite loop in readObject() function' to prevent
+DoS from upstream Git tree.
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 05 Sep 2016 17:46:41 +
+
 pypdf2 (1.23+git20141008-1) unstable; urgency=low
 
   * Upstream snapshot with various bug fixes.
diff -Nru pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch
--- pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch	1970-01-01 00:00:00.0 +
+++ pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch	2016-09-05 17:49:22.0 +
@@ -0,0 +1,25 @@
+From 48193975e5a0e48ebbb68217f8533ad2bfbdede2 Mon Sep 17 00:00:00 2001
+From: Henri Salo <henri.s...@nixu.com>
+Date: Tue, 18 Aug 2015 13:42:22 +0300
+Subject: [PATCH] Prevent infinite loop in readObject() function. Patch by
+ dhudson1. Closes mstamy2/PyPDF2#184
+
+---
+ PyPDF2/generic.py | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/PyPDF2/generic.py b/PyPDF2/generic.py
+index df1e028..657612a 100644
+--- a/PyPDF2/generic.py
 b/PyPDF2/generic.py
+@@ -82,6 +82,10 @@ def readObject(stream, pdf):
+ # comment
+ while tok not in (b_('\r'), b_('\n')):
+ tok = stream.read(1)
++# Prevents an infinite loop by raising an error if the stream is at
++# the EOF
++if len(tok) <= 0:
++raise PdfStreamError("File ended unexpectedly.")
+ tok = readNonWhitespace(stream)
+ stream.seek(-1, 1)
+ return readObject(stream, pdf)
diff -Nru pypdf2-1.23+git20141008/debian/patches/series pypdf2-1.23+git20141008/debian/patches/series
--- pypdf2-1.23+git20141008/debian/patches/series	1970-01-01 00:00:00.0 +
+++ pypdf2-1.23+git20141008/debian/patches/series	2016-09-05 17:50:00.0 +
@@ -0,0 +1 @@
+Prevent_infinite_loop_in_readObject.patch

Bug#836010: nmu: libodb_2.4.0-1

2016-08-29 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hi,

odb depends on GCC plugin loading. Uploaded a new package version,
which started to use GCC 6.2 as it's being the default compiler.
Previously it used GCC 5.1 and to prevent any problems, libodb* need
a rebuild with GCC 6 as well. First libodb itself (if I'm correct with
the syntax of britney):
nmu libodb_2.4.0-1 . ANY . unstable . -m "Rebuild with GCC 6"

When it's done, the following packages need to be rebuilt as well:
nmu libodb-boost_2.4.0-1 . ANY . unstable . -m "Rebuild with GCC 6"
nmu libodb-mysql_2.4.0-2 . ANY . unstable . -m "Rebuild with GCC 6"
nmu libodb-pgsql_2.4.0-1 . ANY . unstable . -m "Rebuild with GCC 6"
nmu libodb-qt_2.4.0-2 . ANY . unstable . -m "Rebuild with GCC 6"
nmu libodb-sqlite_2.4.0-1 . ANY . unstable . -m "Rebuild with GCC 6"

Thanks,
Laszlo/GCS

Bug#835443: jessie-pu: package sqlite3/3.8.7.1-1+deb8u2

2016-08-25 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi Release Team,

There's a vulnerability in SQLite3 [1] which was fixed in Sid and
Stretch, but not yet in Jessie. Security Team decided it's a minor
issue and doesn't warrant a DSA.

An other issue, a segfault is fixed as well on heavy 'SAVEPOINT'
usage[2][3], which affects Django.

Proposed patch is attached.

Thanks for considering,
Laszlo/GCS
[1] https://security-tracker.debian.org/tracker/CVE-2016-6153
[2] http://bugs.debian.org/835205
[3] https://www.sqlite.org/src/info/c4b9c611diff -Nru sqlite3-3.8.7.1/debian/changelog sqlite3-3.8.7.1/debian/changelog
--- sqlite3-3.8.7.1/debian/changelog	2015-05-02 07:59:48.0 +
+++ sqlite3-3.8.7.1/debian/changelog	2016-08-25 16:10:24.0 +
@@ -1,3 +1,11 @@
+sqlite3 (3.8.7.1-1+deb8u2) jessie; urgency=medium
+
+  * Fix CVE-2016-6153 , Tempdir Selection Vulnerability.
+  * Backport fix for segfault following heavy SAVEPOINT usage
+(closes: #835205).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Thu, 25 Aug 2016 16:10:24 +
+
 sqlite3 (3.8.7.1-1+deb8u1) jessie-security; urgency=high
 
   * Fix CVE-2015-3414 , use of uninitialized memory when parsing collation
diff -Nru sqlite3-3.8.7.1/debian/patches/45-CVE-2016-6153_part1.patch sqlite3-3.8.7.1/debian/patches/45-CVE-2016-6153_part1.patch
--- sqlite3-3.8.7.1/debian/patches/45-CVE-2016-6153_part1.patch	1970-01-01 00:00:00.0 +
+++ sqlite3-3.8.7.1/debian/patches/45-CVE-2016-6153_part1.patch	2016-08-25 16:10:24.0 +
@@ -0,0 +1,31 @@
+Index: sqlite3/src/os_unix.c
+==
+--- sqlite3/src/os_unix.c
 sqlite3/src/os_unix.c
+@@ -5423,10 +5423,10 @@ static const char *unixTempFileDir(void)
+ if( zDir==0 ) continue;
+ if( osStat(zDir, ) ) continue;
+ if( !S_ISDIR(buf.st_mode) ) continue;
+-if( osAccess(zDir, 07) ) continue;
+-break;
++if( osAccess(zDir, 03) ) continue;
++return zDir;
+   }
+-  return zDir;
++  return 0;
+ }
+ 
+ /*
+@@ -5446,10 +5446,11 @@ static int unixGetTempname(int nBuf, cha
+   ** using the io-error infrastructure to test that SQLite handles this
+   ** function failing. 
+   */
++  zBuf[0] = 0;
+   SimulateIOError( return SQLITE_IOERR );
+ 
+   zDir = unixTempFileDir();
+-  if( zDir==0 ) zDir = ".";
++  if( zDir==0 ) return SQLITE_IOERR_GETTEMPPATH;
+ 
+   /* Check that the output buffer is large enough for the temporary file 
+   ** name. If it is not, return SQLITE_ERROR.
diff -Nru sqlite3-3.8.7.1/debian/patches/46-CVE-2016-6153_part2.patch sqlite3-3.8.7.1/debian/patches/46-CVE-2016-6153_part2.patch
--- sqlite3-3.8.7.1/debian/patches/46-CVE-2016-6153_part2.patch	1970-01-01 00:00:00.0 +
+++ sqlite3-3.8.7.1/debian/patches/46-CVE-2016-6153_part2.patch	2016-08-25 16:10:24.0 +
@@ -0,0 +1,13 @@
+Index: sqlite3/src/os_unix.c
+==
+--- sqlite3/src/os_unix.c
 sqlite3/src/os_unix.c
+@@ -5419,7 +5419,7 @@ static const char *unixTempFileDir(void)
+   azDirs[0] = sqlite3_temp_directory;
+   if( !azDirs[1] ) azDirs[1] = getenv("SQLITE_TMPDIR");
+   if( !azDirs[2] ) azDirs[2] = getenv("TMPDIR");
+-  for(i=0; i<sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){
++  for(i=0; i<=sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){
+ if( zDir==0 ) continue;
+ if( osStat(zDir, ) ) continue;
+ if( !S_ISDIR(buf.st_mode) ) continue;
diff -Nru sqlite3-3.8.7.1/debian/patches/47-CVE-2016-6153_part3.patch sqlite3-3.8.7.1/debian/patches/47-CVE-2016-6153_part3.patch
--- sqlite3-3.8.7.1/debian/patches/47-CVE-2016-6153_part3.patch	1970-01-01 00:00:00.0 +
+++ sqlite3-3.8.7.1/debian/patches/47-CVE-2016-6153_part3.patch	2016-08-25 16:10:24.0 +
@@ -0,0 +1,35 @@
+Index: sqlite3/src/os_unix.c
+==
+--- sqlite3/src/os_unix.c
 sqlite3/src/os_unix.c
+@@ -5412,19 +5412,23 @@ static const char *unixTempFileDir(void)
+  "/tmp",
+  0/* List terminator */
+   };
+-  unsigned int i;
++  unsigned int i = 0;
+   struct stat buf;
+   const char *zDir = 0;
+ 
+   azDirs[0] = sqlite3_temp_directory;
+   if( !azDirs[1] ) azDirs[1] = getenv("SQLITE_TMPDIR");
+   if( !azDirs[2] ) azDirs[2] = getenv("TMPDIR");
+-  for(i=0; i<=sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){
+-if( zDir==0 ) continue;
+-if( osStat(zDir, ) ) continue;
+-if( !S_ISDIR(buf.st_mode) ) continue;
+-if( osAccess(zDir, 03) ) continue;
+-return zDir;
++  while(1){
++if( zDir!=0
++ && osStat(zDir, )==0
++ && S_ISDIR(buf.st_mode)
++ && osAccess(zDir, 03)==0
++){
++  return zDir;
++}
++if( i>=sizeof(azDirs)/sizeof(azDirs[0]) ) break;
++zDir = azDirs[i++];
+

Bug#835444: jessie-pu: package ovirt-guest-agent/1.0.10.2.dfsg-2+deb8u1

2016-08-25 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi Release Team,

There are two stupid bugs in ovirt-guest-agent which affects Jessie.
Both fixed in Sid + Stretch.

First is that its daemon is not started with the initscript[1]. Reason
is: it checks for executable bit on the daemon, but it's installed
without that. chmod a+x added to d/rules.

Second is that the logging is not working if daemon is started with
systemd as its log directory is not owned by the ovirtagent user[2].
To be extra safe, the chown was added to postinst.

Proposed patch is attached.

Thanks for considering,
Laszlo/GCS
[1] http://bugs.debian.org/782005
[2] http://bugs.debian.org/811481diff -Nru ovirt-guest-agent-1.0.10.2.dfsg/debian/changelog ovirt-guest-agent-1.0.10.2.dfsg/debian/changelog
--- ovirt-guest-agent-1.0.10.2.dfsg/debian/changelog	2015-02-14 11:33:40.0 +
+++ ovirt-guest-agent-1.0.10.2.dfsg/debian/changelog	2016-08-20 10:34:30.0 +
@@ -1,3 +1,10 @@
+ovirt-guest-agent (1.0.10.2.dfsg-2+deb8u1) jessie; urgency=medium
+
+  * Install ovirt-guest-agent.py executable (closes: #782005).
+  * Change owner of log directory to ovirtagent in postinst (closes: #811481).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Sat, 20 Aug 2016 10:34:30 +
+
 ovirt-guest-agent (1.0.10.2.dfsg-2) unstable; urgency=low
 
   * Rework useradd logic not to fail if gid 175 already present
diff -Nru ovirt-guest-agent-1.0.10.2.dfsg/debian/postinst ovirt-guest-agent-1.0.10.2.dfsg/debian/postinst
--- ovirt-guest-agent-1.0.10.2.dfsg/debian/postinst	2015-02-14 09:57:18.0 +
+++ ovirt-guest-agent-1.0.10.2.dfsg/debian/postinst	2016-08-20 10:34:30.0 +
@@ -12,4 +12,8 @@
 	udevadm settle
 fi
 
+chown ovirtagent:ovirtagent /var/log/ovirt-guest-agent
+[ -f /var/log/ovirt-guest-agent/ovirt-guest-agent.log ] && \
+chown ovirtagent:ovirtagent /var/log/ovirt-guest-agent/ovirt-guest-agent.log
+
 #DEBHELPER#
diff -Nru ovirt-guest-agent-1.0.10.2.dfsg/debian/rules ovirt-guest-agent-1.0.10.2.dfsg/debian/rules
--- ovirt-guest-agent-1.0.10.2.dfsg/debian/rules	2014-08-10 17:37:53.0 +
+++ ovirt-guest-agent-1.0.10.2.dfsg/debian/rules	2016-08-20 10:34:30.0 +
@@ -8,13 +8,20 @@
 export DH_OPTIONS
 #DEB_DH_INSTALLINIT_ARGS := --upstart-only
 
+PKGDIR=$(CURDIR)/debian/ovirt-guest-agent
+
 override_dh_auto_configure:
 	dh_auto_configure -- --without-sso
 
+override_dh_auto_install:
+	dh_auto_install
+	chmod a+x $(PKGDIR)/usr/share/ovirt-guest-agent/ovirt-guest-agent.py
+
 override_dh_installudev:
 	dh_installudev --priority 55
 
 %:
 	dh $@  --with autoreconf,python2
 
-.PHONY: override_dh_auto_configure override_dh_installudev
+.PHONY: override_dh_auto_configure override_dh_auto_install \
+	override_dh_installudev

Bug#831684: ITP: nsntrace -- perform network trace of a single process

2016-07-23 Thread Laszlo Boszormenyi (GCS) 
retitle 831684 ITP: nsntrace -- perform network trace of a single process
owner 831684 !
thanks

Package is ready, uploading soon.

Bug#823286: xserver-xorg-input-libinput: Significant functional regressions for touchapds vs. xserver-xorg-input-synaptics

2016-05-08 Thread Laszlo KERTESZ 
On Sun, 08 May 2016 23:08:18 +0200 Julian  wrote:
> Package: xserver-xorg-input-libinput
> Followup-For: Bug #823286
>
>
> Hello,
>
> seems like this problem bothers a lot of people (if you google there are
a lot of forum threads about this).  Mostly because this change happened
without notification and everyone's confused. There should've been a
warning during the installation that the synaptics driver will be replaced
and the configs won't work anymore. Or better: Import the existing configs.
But doing it without is pretty annoying.
> Also no tool out there seems to recognize the new drivers so you can't
create new setting. Maybe you could manually but also all manuals are
outdated now and there is no valid information available (at least not the
manuals I found, like the debian wiki). Seems like everyone got shot
between the eyes.
> The most common approach I found is to uninstall the xserver-xorg-input
packages. But that might have side effects. Also I don't think that was the
intended reaction.
>
>
> -- System Information:
> Debian Release: 8.4
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 2.6.32-042stab113.21 (SMP w/1 CPU core)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
>
>

The big issue here is that the libinput driver is limited compared to
evdev/synaptics, some features found in evdev are not available in it (i
had constant decelaration set and working fine, but in libinput i saw no
such option and couldnt set the pointer speed to the old value via xset).
The touchpad was neuthered, the hardware buttons weren't even working at
all.
Why adopt a new driver when it is inferior to the old one??

Bug#823286: xserver-xorg-input-libinput: Significant functional regressions for touchapds vs. xserver-xorg-input-synaptics

2016-05-06 Thread Laszlo KERTESZ 
I toot had this issue on a Dell Latitude laptop (Debian Testing, Mate
desktop). My custom mouse deceleration was the first issue i noticed
missing, then the touchpad clicks were gone away, then i saw that the
mouse/touchpad gui showed only mouse. I tried replicating the constant
deceleration settings but the xinput options were very limited. So i
removed the libinput diver and that was it.
Why was this functional regression done?

Bug#821440: transition: ntfs-3g

2016-04-18 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

ntfs-3g previously used a virtual library[1] that caused problems with
packages depending on it. I've created a normal, binNMU safe library
package which currently sits in experimental.
Tested the affected packages:
- partclone
- testdisk
- wimlib

All three build fine and seem to be correct with the new ntfs-3g
package. May I upload the it with the new upstream release to Sid?
Mentioned packages will need to be binNMUed.

Cheers,
Laszlo/GCS
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=79

Bug#819986: ITP: resolv-wrapper -- A wrapper for DNS name resolving or DNS faking

2016-04-04 Thread Laszlo Boszormenyi (GCS) 
retitle 819986 ITP: resolv-wrapper -- A wrapper for DNS name resolving or DNS 
faking
owner 819986 !
thanks

Package is ready, uploading soon.

Bug#819891: ITP: C3.js -- D3-based reusable chart library

2016-04-03 Thread Laszlo Boszormenyi (GCS) 
Package: wnpp
Severity: wishlist
Owner: Laszlo Boszormenyi (GCS) <g...@debian.org>

* Package name: libjs-c3
  Version : 0.4.10
  Upstream Author : Masayuki Tanaka <masayuki0...@mac.com>
* URL : https://github.com/masayuki0812/c3
* License : Expat
  Programming Lang: JavaScript
  Description : D3-based reusable chart library

C3 is a D3-based reusable chart library that enables deeper
integration of charts into web applications.

Bug#819530: transition: icu

2016-03-29 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

ICU has a new major upstream release, supporting several new things
that I would like to see in Stretch:
- CLDR[1] 28 [2] and 29 [3] support,
- Unicode 8.0.0 [4] support.

As it affects the system from Boost C++ libraries (several packages
build depends on it) to LibreOffice, it's not uploaded to experimental
even. But my local build tests on amd64 shows that Boost 1.58 could be
built and transiently some packages that build depends on Boost.
The biggest one is LibreOffice which could be built of course. In
short, I compiled ICU 57.1 and installed it -> compiled and installed
Boost 1.58 -> successfully compiled LibreOffice 5.1.2~RC1.
May I proceed with the upload, targeting experimental first?

Regards,
Laszlo/GCS
[1] http://cldr.unicode.org/index
[2] http://cldr.unicode.org/index/downloads/cldr-28
[3] http://cldr.unicode.org/index/downloads/cldr-29
[4] http://www.unicode.org/versions/Unicode8.0.0/#Summary

Bug#819529: transition: libcrypto++

2016-03-29 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

I'd like to do the libcrypto++ 5.6.1 to 5.6.3 transition. The latter is
already in experimental. Affected package maintainers are noted,
waiting for feedback. For the time being, I've rebuilt all affected
packages on amd64:
amule
armory
clementine
murasaki
pycryptopp
synergy
tegrarcm (non-free)

All built successfully and as the libcrypto++ libraries are
co-installable, binNMUs can be enough.

Cheers,
Laszlo/GCS

Bug#819528: transition: angular.js

2016-03-29 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

I don't know if the Release Team follows JavaScript library
transitions or not. But I think it's better to be aware of
angular.js (libjs-angularjs) 1.3 (in Sid) to 1.5 (in experimental)
transition. I have noted the affected package maintainers.
Giving links on the migration issues[1][2]. The packages that may
need update:
glances
grafana-data
node-sprintf-js
nqp
owncloud-music
owncloud-tasks

The owncloud modules may not be relevant as owncloud is going to be
removed from the archive. Reason is that upstream gone hostile[3] and
don't want the software in distributions.

Regards,
Laszlo/GCS
[1] https://docs.angularjs.org/guide/migration#migrating-from-1-3-to-1-
4
[2] https://docs.angularjs.org/guide/migration#migrating-from-1-4-to-1-
5
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816376

Bug#818179: This issue is resolved upstream in xorg

2016-03-21 Thread Laszlo KERTESZ 
After a bit of digging i found this issue was indeed caused by glamor in x
server 1.18.2 and it has a fixed bug in xorg:

https://bugs.freedesktop.org/show_bug.cgi?id=94554

Debian should apply this patch since it affects quite some web pages.

Bug#818179: I too have this issue on AMD card with glamor acceleration

2016-03-21 Thread Laszlo KERTESZ 
I too have this issue - for me it appeared after the xserver-xorg-core
upgrade to 2:1.18.2-1.  I run Debian Testing.
It affects firefox, firefox-esr, iceweasel, even the standard Firefox
(downloaded from the net) and seamonkey-mozilla-build (from the ubuntuzilla
PPA) exhibits this issue.
The issue cannot be reproduced with an Intel IGP (Debian Testing).

I have a Radeon HD 8570D video card (which actually uses the r600g driver
being a Richland GPU), from a A8-6500 APU. But i use the glamor
acceleration with it.

I tried new profiles firefox/firefox-esr and seamonkey but to the same
effect.
If i set in the "about:config" address "gfx.content.azure.backends" to
"skia", the issue goes away, but then font rendering is broken. No other
program outside firefox and derivates i saw exhibited this issue.

I have:

kernel 4.4.0-1-amd64 (from testing)
mesa 11.1.2-1 (from testing)
xserver-xorg 1:7.7+14 (from testing)
xserver-xorg-core 2:1.18.2-1 (from testing)
xserver-xorg-video-radeon 1:7.6.1-1+b1 (from testing)

I suspect the X server's glamor acceleration (which is used by default on
radeonsi cards) is somehow the culprit here. The 1.18.2 xserver changelog

mentions lots fixes and enhancements related to it.

Maybe this one from Keith Packard?

glamor: Use GL_RED instead of GL_ALPHA if we have texture_swizzle (v3)

Bug#815942: jzmq: FTBFS: missing header inclusion

2016-02-25 Thread Laszlo Boszormenyi (GCS) 
Source: jzmq
Version: 3.1.0-8
Severity: serious
Tags: patch
Usertags: ftbfs
Justification: FTBFS and holds back zeromq3 transition

Hi Jan,

jzmq currently FTBFS and the zeromq3 transition is just part of it.
You need to update the build dependencies and change libzmq3-dev to
libzmq5-dev. The other is a missing include in src/main/c++/Event.cpp.
zmq.hpp needs to be included for the zmq_event_t struct definition.
The attached patch as an addition to the packaging fixes this issue.

Please add this patch for jzmq to keep the transition going.
Thanks,
Laszlo/GCSDescription: add missing header of zmq.hpp
 jzmq uses structs defined in zmq.hpp
Author: Laszlo Boszormenyi (GCS) <g...@debian.org>
Last-Update: 2016-02-25

---

--- jzmq-3.1.0.orig/src/main/c++/Event.cpp
+++ jzmq-3.1.0/src/main/c++/Event.cpp
@@ -2,6 +2,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "jzmq.hpp"
 #include "util.hpp"

Bug#815685: libxs: update for libpgm 5.2 transition

2016-02-23 Thread Laszlo Boszormenyi (GCS) 
Source: libxs
Version: 1.2.0-1.1
Severity: serious
Tags: patch
Justification: FTBFS and holds back libpgm transition

The package is FTBFS now, as it looks for the previous soname of
libpgm. The fix is simple, change configure.in to look for the 5.2
soname. For clarity, patch is attached. It's tested and works as
expected.Description: look for libpgm 5.2
 Simply update the version number to look for in configure.in
Author: Laszlo Boszormenyi (GCS) <g...@debian.org>
Forwarded: no
Last-Update: 2016-02-23

---

--- libxs-1.2.0.orig/configure.ac
+++ libxs-1.2.0/configure.ac
@@ -473,7 +473,7 @@ AS_IF([test "x$with_pgm_ext" != "xno"],
 # Build with system openpgm
 AS_IF([test "x$with_system_pgm_ext" != "xno"], [
 m4_ifdef([PKG_CHECK_MODULES], [
-PKG_CHECK_MODULES([OpenPGM], [openpgm-5.1 >= 5.1])
+PKG_CHECK_MODULES([OpenPGM], [openpgm-5.2 >= 5.2])
 AC_DEFINE([XS_HAVE_OPENPGM], [1], [Have OpenPGM extension])
 LIBXS_EXTRA_CXXFLAGS="$OpenPGM_CFLAGS $LIBXS_EXTRA_CXXFLAGS"
 ],

Bug#815260: transition: libpgm

2016-02-20 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

A small transition of libpgm, its soname changed from 5.1 to 5.2 which
is already in experimental.

Affected packages are:
libxs
zeromq
zeromq3

Library packages are co-installable and can be a smooth transition.
However libxs and zeromq need sourceful uploads. The latter is not a
problem as I'm its maintainer.
The former, libxs package seems to be an abandoned one. Upstream no
longer exists, last maintainer upload[1] was in 2012 and NMUed in 2013.
The zeromq{,3} uploads will be handled by me. Of course, I can further
NMU libxs if needed or provide patch for maintainer upload.

Cheers,
Laszlo/GCS
[1] https://packages.qa.debian.org/libx/libxs/news/20120613T174733Z.htm
l

Bug#811155: ITP: paxctld -- Daemon to automatically set appropriate PaX flags

2016-01-16 Thread Laszlo Boszormenyi (GCS) 
Package: wnpp
Severity: wishlist

* Package name: paxctld
  Version : 1.0
  Upstream Author : Brad Spengler
* URL : http://grsecurity.net/
* License : GPL-2
  Programming Lang: C
  Description : Daemon to automatically set appropriate PaX flags

paxctld automatically sets appropriate PaX flags on binaries on the
system using user extended attributes.  The flags are maintained across
any updates made to the binaries listed in the paxctld configuration
file.

Bug#811207: transition: libcutl

2016-01-16 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Mini-transition of libcutl. It has 1.8 soname in Sid and 1.9 in
experimental, but I plan to upload soname 1.10 version. May I upload
it directly to Sid or should I target experimental first?
The only affected binary is odb which can be binNMUed. Libraries are
co-installable.

Ben file:

title = "libcutl;
is_affected = .depends ~ "libcutl-1.8" | .depends ~ "libcutl-1.9" | .depends ~ 
"libcutl-1.10";
is_good = .depends ~ "libcutl-1.10";
is_bad = .depends ~ "libcutl-1.8" | .depends ~ "libcutl-1.9";

Bug#801184: ITA: git-flow -- Git extension to provide a high-level branching model

2015-12-06 Thread Laszlo Boszormenyi (GCS) 
retitle 801184 ITA: git-flow -- Git extension to provide a high-level branching 
model
owner 801184 !
thanks

I should sleep more... Still would like to adopt this package this time
with a correct ITA mail.

Bug#801184: ITA: git-flow -- Git extension to provide a high-level branching model

2015-12-06 Thread Laszlo Boszormenyi (GCS) 
retitle 801184 RFA: git-flow -- Git extension to provide a high-level branching 
model
owner 801184 !
thanks

I've good connection with the previous maintainer. I'm going to use
this package heavily. Thanks for all the fish Gergely!

Bug#801707: ITA: shadow -- system login tools

2015-10-13 Thread Laszlo Boszormenyi (GCS) 
retitle 801707 ITA: shadow -- system login tools
owner 801707 !
thanks

Hi Christian,

What's up with the team behind the maintenance of shadow? Does it
still exists / active?
I would like to adopt it, but under control for the first some months
if you don't mind. First I'd like to package the new upstream release
and do some cleanup. Does it sound right with you, do you accept me as
the future maintainer?
I'm a Security Team trainee and have some cryptographic background,
but this package is vital to the system.

Regards,
Laszlo/GCS

Bug#796731: freecontact: FTBFS on mips (test suite failure)

2015-08-26 Thread Laszlo Kajan 
Hello Andreas!

On Wed, 26 Aug 2015 17:05:39 +0200 Andreas Tille ti...@debian.org wrote:
 Any chance to do a manual build on a more powerfull MIPS box which might
 not run into this problem? 

I think we should disable the test suite (override_dh_auto_test).

What do you think?

Best regards,
Laszlo



signature.asc
Description: OpenPGP digital signature

Bug#793491: ITP: rocksdb -- A persistent key-value store for fast storage environments

2015-07-26 Thread Laszlo Boszormenyi (GCS) 
retitle 793491 ITP: rocksdb -- A persistent key-value store for fast storage 
environments
owner 793491 !
thanks

The package is ready, quick local testing shows it's working. But its self test 
fails:
[ RUN  ] ColumnFamilyTest.ReadDroppedColumnFamily
db/column_family_test.cc:1101: Failure
Value of: kKeysNum * ((i == 2) ? 1 : 2)
  Actual: 1
Expected: count
Which is: 9231
terminate called after throwing an instance of 
'testing::internal::GoogleTestFailureException'
  what():  db/column_family_test.cc:1101: Failure
Value of: kKeysNum * ((i == 2) ? 1 : 2)
  Actual: 1
Expected: count
Which is: 9231
Aborted


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#792097: ITP: thrift -- software framework, for scalable cross-language services development

2015-07-11 Thread Laszlo Boszormenyi (GCS) 
Package: wnpp
Severity: wishlist

* Package name: thrift
  Version : 0.9.2
  Upstream Author : The Apache Software Foundation
* URL : https://thrift.apache.org/
* License : Apache-2.0
  Programming Lang: C++, Java, Python, PHP and others
  Description : software framework, for scalable cross-language services 
development

The Apache Thrift software framework, for scalable cross-language
services development, combines a software stack with a code generation
engine to build services that work efficiently and seamlessly between
C++, Java, Python, PHP, Ruby, Erlang, Perl, Haskell, C#, Cocoa,
JavaScript, Node.js, Smalltalk, OCaml and Delphi and other languages.

Thrift is already in the archive, but in a sliced, separate packages
version. I'm in the process to use the vanilla upstream source and build
everything from it. This is just a tracking / heads-up ITP.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#786780: Metastudent and its data (Was: Bug#786780: metastudent has circular Depends on metastudent-data)

2015-07-06 Thread Laszlo Kajan 
Hello Andreas!

On 06/07/15 13:40, Andreas Tille wrote:
 at first thanks for maintaining metastudent in the Debian Med team.  I
 guess you did not yet realised this bug report since there is no
 response in the bug log.  Please note that bugs in the Debian BTS are

I think this was fixed in metastudent-data by changing the Depends on 
metastudent (= 2.0.0) to 'Breaks: metastudent ( 2.0.0)'.
Tobias forgot to close the bug in the changelog, and apparently forgot to email 
the bug tracker as well.
@Tobi: do you remember those commands and links I sent you about this?

I will let Tobias explain the rest. In short, I think that dependency is a hard 
'Depends' on the data package, and not a 'Recommends', because
it is very unlikely that anyone but upstream would be able to generate that 
data package (@Tobi: correct me if I am wrong), and the software
will be useless without it. The reason for breaking metastudent up to 
metastudent(-data\d)? is technical: to allow uploads of a small, but more
frequently-changing non-data package, avoiding the need to upload versions of a 
large data package.

Best regards,
Laszlo



signature.asc
Description: OpenPGP digital signature

Bug#770374: ITA: socket-wrapper -- socket wrapper library

2015-06-04 Thread Laszlo Boszormenyi (GCS) 
Control: retitle -1 ITA: socket-wrapper -- socket wrapper library
Control: owner -1 !

After some discussion with Jakub, I take over this package. Thanks for
all the fish!


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#786770: ITP: libodb-pgsql -- ODB Runtime Library for PostgreSQL

2015-05-25 Thread Laszlo Boszormenyi (GCS) 
Package: wnpp
Severity: wishlist

* Package name: libodb-pgsql
  Version : 2.4.0
  Upstream Author : Code Synthesis
* URL : http://www.codesynthesis.com/products/odb/
* License : GPL-2
  Programming Lang: C++
  Description : ODB Runtime Library for PostgreSQL

ODB is an object-relational mapping (ORM) system for C++. It provides
tools, APIs, and library support that allow you to persist C++ objects to
a relational database (RDBMS) without having to deal with tables, columns,
or SQL and without manually writing any of the mapping code.

This package contains the PostgreSQL ODB runtime library. Every application
that includes code generated for the PostgreSQL database will need to link to
this library.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#786769: ITP: libodb-mysql -- ODB Runtime Library for MySQL

2015-05-25 Thread Laszlo Boszormenyi (GCS) 
Package: wnpp
Severity: wishlist

* Package name: libodb-mysql
  Version : 2.4.0
  Upstream Author : Code Synthesis
* URL : http://www.codesynthesis.com/products/odb/
* License : GPL-2
  Programming Lang: C++
  Description : ODB Runtime Library for MySQL

ODB is an object-relational mapping (ORM) system for C++. It provides
tools, APIs, and library support that allow you to persist C++ objects to
a relational database (RDBMS) without having to deal with tables, columns,
or SQL and without manually writing any of the mapping code.

This package contains the MySQL ODB runtime library. Every application
that includes code generated for the MySQL database will need to link to
this library.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#786821: ITP: libodb-qt -- Qt ODB runtime library

2015-05-25 Thread Laszlo Boszormenyi (GCS) 
Package: wnpp
Severity: wishlist
Owner: Laszlo Boszormenyi (GCS) g...@debian.org

* Package name: libodb-qt
  Version : 2.4.0
  Upstream Author : Code Synthesis
* URL : http://www.codesynthesis.com/products/odb/
* License : GPL-2
  Programming Lang: C++
  Description : ODB Runtime Library for PostgreSQL

ODB is an object-relational mapping (ORM) system for C++. It provides
tools, APIs, and library support that allow you to persist C++ objects to
a relational database (RDBMS) without having to deal with tables, columns,
or SQL and without manually writing any of the mapping code.

This package contains the Qt profile library. The Qt profile provides
support for persisting Qt smart pointers, containers, and value types
with the ODB system.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

  1   2   3   4   5   6   7   >