Bug#825250: Smarty3 (3.1.21) is not compatible with PHP7

[Pehr Söderman]

Package: smarty3
Version: 3.1.21-1.1

The version of Smarty3 (3.1.21-1.1) provided is not fully compatible with PHP7. 
PHP7 support seems to be in Smarty3 > 3.1.28. There are multiple symptoms of 
this, perhaps most obvious that the templates do not compile if you add a call 
to register plugin. I encountered this first in Ubuntu, but it seems relevant 
to Debian as well. 

Here is a stack trace, to get an idea of how things fail, when trying to use 
registerPlugin in smarty3 3.1.21.
Notice: Array to string conversion in 
/usr/share/php/smarty3/sysplugins/smarty_internal_templatecompilerbase.php on 
line 415

Notice: Undefined property: template::$Array in 
/usr/share/php/smarty3/sysplugins/smarty_internal_templatecompilerbase.php on 
line 415

Fatal error: Uncaught Error: Function name must be a string in 
/usr/share/php/smarty3/sysplugins/smarty_internal_templatecompilerbase.php:415
Stack trace:
#0 /usr/share/php/smarty3/sysplugins/smarty_internal_templateparser.php(3585): 
Smarty_Internal_TemplateCompilerBase->compileTag('asset_url', Array)
#1 /usr/share/php/smarty3/sysplugins/smarty_internal_templateparser.php(4413): 
Smarty_Internal_Templateparser->yy_r32()
#2 /usr/share/php/smarty3/sysplugins/smarty_internal_templateparser.php(4515): 
Smarty_Internal_Templateparser->yy_reduce(32)
#3 
/usr/share/php/smarty3/sysplugins/smarty_internal_smartytemplatecompiler.php(118):
 Smarty_Internal_Templateparser->doParse(3, '}')
#4 
/usr/share/php/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(283):
 Smarty_Internal_SmartyTemplateCompiler->doCompile('...')
#5 /usr/share/php/smarty3/sysplugins/smarty_internal_template.php(197): 
Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(Smarty_Internal_Template))
#6 /usr/share/php/smarty3/sysplugins/sm in 
/usr/share/php/smarty3/sysplugins/smarty_internal_templatecompilerbase.php on 
line 415

Bug#825184: Please which tasks should be installed at a default installation of the blend

[Bas Couwenberg]

On 2016-05-25 08:39, Andreas Tille wrote:

On Tue, May 24, 2016 at 10:44:02PM +0200, Sebastiaan Couwenberg wrote:


I'm not sure if there is much interest in have Debian GIS as an option
in the Debian Installer amongst our users.


How can you ask for the opinion of users who would just learn about
Debian GIS since it has an entry in the installer?


In the context of this issue, I'm mostly interested in the existing 
users of Debian GIS packages.


I don't think D-I is a good place to learn about new things in Debian, 
that should happen before the installer is booted or after installation 
when the system is explored.


I'd love to have a good mechanism to survey our users about their needs, 
but I suspect that would be more beneficial in Ubuntu where more of the 
userbase resides.


Kind Regards,

Bas

Bug#825249: network-manager: NM can not specify a MAC address for a bridge interface

[J Mo]

Package: network-manager
Version: 1.2.2-1
Severity: normal

It is, apparently, not possible to specify the layer 2 MAC address which a 
virtual bridge interface will use. It appears to randomly re-use a MAC address 
of one of it's bridged ports (slaves).

I don't think wishlist is an appropriate severity for this bug. This is 
fundamentally broken with how layer 2 bridging should work. The bridge address 
should not change based upon the availability (up/down status) of a single 
port. If a switch from any vendor (Netgear, Cisco, Juniper) did this, it would 
be broken.

It would probably be best for a semi-random address to be generated, stored in 
configuration, and applied to the interface.



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages network-manager depends on:
ii  adduser3.114
ii  dbus   1.10.8-1
ii  init-system-helpers1.33
ii  isc-dhcp-client4.3.4-1
ii  libaudit1  1:2.5.2-1
ii  libbluetooth3  5.36-1+b1
ii  libc6  2.22-7
ii  libglib2.0-0   2.48.1-1
ii  libgnutls303.4.11-4
ii  libgudev-1.0-0 230-3
ii  libmm-glib01.4.14-1
ii  libndp01.6-1
ii  libnewt0.520.52.18-3
ii  libnl-3-2003.2.27-1
ii  libnm0 1.2.2-1
ii  libpam-systemd 229-6
ii  libpolkit-agent-1-00.105-15
ii  libpolkit-gobject-1-0  0.105-15
ii  libreadline6   6.3-8+b4
ii  libselinux12.5-3
ii  libsoup2.4-1   2.54.1-1
ii  libsystemd0229-6
ii  libteamdctl0   1.24-1
ii  libuuid1   2.28-5
ii  lsb-base   9.20160110
ii  policykit-10.105-15
ii  udev   229-6
ii  wpasupplicant  2.3-2.3

Versions of packages network-manager recommends:
ii  crda3.13-1+b1
ii  dnsmasq-base2.75-1
ii  iptables1.6.0-2
ii  iputils-arping  3:20150815-2
ii  modemmanager1.4.14-1
ii  ppp 2.4.7-1+2

Versions of packages network-manager suggests:
pn  libteam-utils  

-- Configuration Files:
/etc/NetworkManager/NetworkManager.conf changed [not included]

-- no debconf information

Bug#824968: bubblewrap: --dev and --unshare-user don't work together

[Simon McVittie]

On Sat, 21 May 2016 at 23:56:35 +0100, Simon McVittie wrote:
> However, combining "--dev /dev" with "--unshare-user" fails on Debian
> kernels with their default configuration (kernel.unprivileged_userns_clone=0);
> in particular, this breaks flatpak-builder. Alex Larsson has proposed
> patches upstream for this issue, which I have applied to the embedded
> copy of bubblewrap in flatpak 0.6.0-2.

Alex's patches in flatpak 0.6.0-2 and 0.6.1 had a regression: they did not
retain CAP_NET_ADMIN, breaking --unshare-net.

Updated patchset corresponding to flatpak 0.6.2 attached, together with
a new automated test to assert that the regression is fixed.

As before, this is also available in git form from:
ssh://git.debian.org/git/users/smcv/bubblewrap.git

Regards,
S
>From d8cbc3d8e3f43e56f43285f6fe4cb2c923f794cc Mon Sep 17 00:00:00 2001
From: Simon McVittie 
Date: Sat, 21 May 2016 17:31:10 +0100
Subject: [PATCH 06/11] Add patches from upstream bug 71 to make --dev coexist
 with --unshare-user

---
 debian/changelog   |   2 +
 debian/patches/Add-unshare-user-try.patch  |  57 ++
 ...tuid-no-unprivileged-user-namespaces-work.patch | 197 +
 debian/patches/series  |   2 +
 4 files changed, 258 insertions(+)
 create mode 100644 debian/patches/Add-unshare-user-try.patch
 create mode 100644 debian/patches/Make-setuid-no-unprivileged-user-namespaces-work.patch
 create mode 100644 debian/patches/series

diff --git a/debian/changelog b/debian/changelog
index 00aad10..77fece6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ bubblewrap (0~git160513-3) UNRELEASED; urgency=medium
   * Increase Priority to optional, because this tool is likely to be
 depended on by gnome-software (via Flatpak) in future
   * debian/gbp.conf: add DEP-14-style git-buildpackage configuration
+  * Add patches from upstream bug 71 to make --dev coexist with
+--unshare-user
 
  -- Simon McVittie   Sat, 21 May 2016 15:10:56 +0100
 
diff --git a/debian/patches/Add-unshare-user-try.patch b/debian/patches/Add-unshare-user-try.patch
new file mode 100644
index 000..1053ad7
--- /dev/null
+++ b/debian/patches/Add-unshare-user-try.patch
@@ -0,0 +1,57 @@
+From: Alexander Larsson 
+Date: Fri, 20 May 2016 15:13:57 +0200
+Subject: Add --unshare-user-try
+
+This optionally enables user namespaces, but ignores it if its
+not supported by the kernel.
+
+Note: For this to make any sense, bwrap has to be setuid,
+because unprivileged use requires user namespaces.
+
+Bug: https://github.com/projectatomic/bubblewrap/pull/71
+---
+ bubblewrap.c | 10 ++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/bubblewrap.c b/bubblewrap.c
+index 59407a7..6c4664e 100644
+--- a/bubblewrap.c
 b/bubblewrap.c
+@@ -148,6 +148,7 @@ usage (int ecode, FILE *out)
+"--versionPrint version\n"
+"--args FDParse nul-separated args from FD\n"
+"--unshare-user   Create new user namespace (may be automatically implied if not setuid)\n"
++   "--unshare-user-try   Create new user namespace if possible else continue by skipping it\n"
+"--unshare-ipcCreate new ipc namespace\n"
+"--unshare-pidCreate new pid namespace\n"
+"--unshare-netCreate new network namespace\n"
+@@ -840,6 +841,7 @@ read_priv_sec_op (int  read_socket,
+ 
+ char *opt_chdir_path = NULL;
+ bool opt_unshare_user = FALSE;
++bool opt_unshare_user_try = FALSE;
+ bool opt_unshare_pid = FALSE;
+ bool opt_unshare_ipc = FALSE;
+ bool opt_unshare_net = FALSE;
+@@ -955,6 +957,10 @@ parse_args_recurse (int*argcp,
+ {
+   opt_unshare_user = TRUE;
+ }
++  else if (strcmp (arg, "--unshare-user-try") == 0)
++{
++  opt_unshare_user_try = TRUE;
++}
+   else if (strcmp (arg, "--unshare-ipc") == 0)
+ {
+   opt_unshare_ipc = TRUE;
+@@ -1327,6 +1333,10 @@ main (intargc,
+   if (!is_privileged)
+ opt_unshare_user = TRUE;
+ 
++  if (opt_unshare_user_try &&
++  stat ("/proc/self/ns/user", &sbuf) == 0)
++opt_unshare_user = TRUE;
++
+   if (argc == 0)
+ usage (EXIT_FAILURE, stderr);
+ 
diff --git a/debian/patches/Make-setuid-no-unprivileged-user-namespaces-work.patch b/debian/patches/Make-setuid-no-unprivileged-user-namespaces-work.patch
new file mode 100644
index 000..ec18f7e
--- /dev/null
+++ b/debian/patches/Make-setuid-no-unprivileged-user-namespaces-work.patch
@@ -0,0 +1,197 @@
+From: Alexander Larsson 
+Date: Fri, 20 May 2016 14:59:43 +0200
+Subject: Make setuid + no-unprivileged user namespaces work
+
+On e.g. debian by default unprivileged namespaces are not allowed.
+Typically the setuid mode is then used. However, if /dev is mounted
+(and thus devpts) then we need to do some workaround in ho

Bug#825184: Please which tasks should be installed at a default installation of the blend

[Andreas Tille]

On Tue, May 24, 2016 at 10:44:02PM +0200, Sebastiaan Couwenberg wrote:
> 
> I'm not sure if there is much interest in have Debian GIS as an option
> in the Debian Installer amongst our users.

How can you ask for the opinion of users who would just learn about
Debian GIS since it has an entry in the installer? 

Kind regards

  Andreas.

-- 
http://fam-tille.de

Bug#822397: FTBFS: configure: error: "Some plugins are missing dependencies

[Sebastian Harl]

On Sat, May 21, 2016 at 04:46:01PM +0200, Santiago Vila wrote:
> I'm making the usual tidy up here:
> 
> Reassign to linux because that's where the real bug was.
> Affects because it made this package to FTBFS.

Thanks!

-- 
Sebastian "tokkee" Harl +++ GnuPG-ID: 0x2F1FFCC7 +++ http://tokkee.org/

Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin



signature.asc
Description: Digital signature

Bug#825119: [a...@debian.org: Re: Bug#825119: jmodeltest: creates world writable /var/log/jmodeltest]

[Andreas Tille]

Hi Diego,

I received a bug report about the way I've choosen to enable logging for
jmodeltest.  Since in the dist.dir is under /usr and you should be able
to mount /usr readonly you can not write logging files there.  So I
decided to do the logging to /var/log/jmodeltest and did the mistake
to set permissions to 777 instead to 1777 (see below or the full bug
report[1]).

Before I might upload a fix I would like to know the role of these
logfiles, its intention and whether you might consider using mktemp to
safely create log names with unpredictable names.

Another solution would be to keep the logs in users homes in case the
log is for the single user anyway.

Kind regards

 Andreas.

[1] https://bugs.debian.org/825119

- Forwarded message from Andreas Beckmann  -

Date: Tue, 24 May 2016 18:19:04 +0200
From: Andreas Beckmann 
To: Andreas Tille , 825...@bugs.debian.org
Subject: Re: Bug#825119: jmodeltest: creates world writable /var/log/jmodeltest

On 2016-05-24 17:10, Andreas Tille wrote:
> Hi Andreas,
> 
> thanks for running these tests.  Could you be please be more verbose in
> how far it is a problem if a program enables users to write logs on a
> collective place which is the intention of enabling users to write
> there?
> 
> I confirm that its possible for other users to delete / change logs.
> Well, yes, that could happen but its not security relevant in my eyes.
> Any better suggestion is welcome.

Perhaps you want 1777?

Are the logfile names predictable? Created in a safe way?

eve $ ln -sf /home/bob/important.file /var/log/jmodeltest/bob.log
bob $ run_jmodeltest  # overwrites /home/bob/important.file ?


Andreas



- End forwarded message -

-- 
http://fam-tille.de

Bug#742429: Patch to install packages using PackageKit

[Sunil Mohan Adapa]

Hello,

Here is an experimental patch to perform package installation using
PackageKit.  I have tested it for success and error conditions but there
are corner cases such as inserting devices during package installation
and parallel package installation that I haven't tested.  I expect them
to work fine by the way.

One thing to consider about PackageKit is that it does not show progress
dialogs like aptdaemon.  But I have left some code in there to collect
progress information that can be used to show progress dialogs if necessary.

-- 
Sunil

From 7ee652f3fc6b09e1fdf9cba706d562128de2c247 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa 
Date: Wed, 25 May 2016 11:29:58 +0530
Subject: [PATCH] Implement package installation using PackageKit

- Based on code from FreedomBox UI - Plinth.  I am the original author
  of the code and I here by license it under the same license as
  isenkram package: GNU GPL v2 or later.

- When trying to install packages, a dialog is shown to the user asking
  for administrator password to allow for package installation.

- PackageKit does not provide package installation progress bars like
  aptdaemon.  So, use libnotify to show a message at the start and end
  of installation.
---
 isenkramd | 181 +-
 1 file changed, 179 insertions(+), 2 deletions(-)

diff --git a/isenkramd b/isenkramd
index 7eee84d..ac5028d 100755
--- a/isenkramd
+++ b/isenkramd
@@ -40,6 +40,8 @@ gi.require_version('GUdev', '1.0')
 from gi.repository import GUdev
 gi.require_version('Notify', '0.7')
 from gi.repository import Notify
+gi.require_version('PackageKitGlib', '1.0')
+from gi.repository import PackageKitGlib as packagekit
 
 import isenkram.lookup
 
@@ -49,6 +51,10 @@ from aptdaemon.gtk3widgets import AptErrorDialog, \
  AptProgressDialog
 import aptdaemon.errors
 
+
+use_apt_daemon = False
+
+
 class AptDaemonGUIClient(object):
 
 """Provides a graphical interface to aptdaemon."""
@@ -102,6 +108,173 @@ class AptDaemonGUIClient(object):
 self.loop.run()
 
 
+class PackageException(Exception):
+"""A package operation has failed."""
+
+def __init__(self, error_string=None, error_details=None, *args, **kwargs):
+"""Store packagekit error string and details."""
+super(PackageException, self).__init__(*args, **kwargs)
+
+self.error_string = error_string
+self.error_details = error_details
+
+def __str__(self):
+"""Return the strin representation of the exception."""
+return 'PackageException(error_string="{0}", error_details="{1}")' \
+.format(self.error_string, self.error_details)
+
+
+class PackageKitInstaller(object):
+"""Helper to install packages using PackageKit."""
+
+def __init__(self, package_names):
+"""Initialize transaction object.
+
+Set most values to None until they are sent as progress update.
+"""
+self.package_names = package_names
+
+# Progress
+self.allow_cancel = None
+self.percentage = None
+self.status = None
+self.status_string = None
+self.flags = None
+self.package = None
+self.package_id = None
+self.item_progress = None
+self.role = None
+self.caller_active = None
+self.download_size_remaining = None
+self.speed = None
+
+def get_id(self):
+"""Return a identifier to use as a key in a map of transactions."""
+return frozenset(self.package_names)
+
+def __str__(self):
+"""Return the string representation of the object"""
+return ('Transaction(packages={0}, allow_cancel={1}, status={2}, '
+' percentage={3}, package={4}, item_progress={5})').format(
+self.package_names, self.allow_cancel, self.status_string,
+self.percentage, self.package, self.item_progress)
+
+def notify_and_install(self):
+"""Notify, start installation and then notify success/error."""
+start_notification = Notify.Notification(
+summary='Installing packages',
+body='Instaling packages - {packages}'.format(
+packages=', '.join(self.package_names)))
+start_notification.set_timeout(1)
+start_notification.show()
+
+error = None
+try:
+self.install()
+except PackageException as exception:
+error = exception
+
+start_notification.close()
+if not error:
+final_notification = Notify.Notification(
+summary='Installation successful',
+body='Packages have been successfully installed - {packages}'.
+format(packages=', '.join(self.package_names)))
+else:
+final_notification = Notify.Notification(
+summary='Installation failed',
+body='Error installing packages: {st

Bug#758116: Patch to install packages using PackageKit

[Sunil Mohan Adapa]

Hello,

Here is an experimental patch to perform package installation using
PackageKit.  I have tested it for success and error conditions but there
are corner cases such as inserting devices during package installation
and parallel package installation that I haven't tested.  I expect them
to work fine by the way.

One thing to consider about PackageKit is that it does not show progress
dialogs like aptdaemon.  But I have left some code in there to collect
progress information that can be used to show progress dialogs if necessary.

-- 
Sunil
From 7ee652f3fc6b09e1fdf9cba706d562128de2c247 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa 
Date: Wed, 25 May 2016 11:29:58 +0530
Subject: [PATCH] Implement package installation using PackageKit

- Based on code from FreedomBox UI - Plinth.  I am the original author
  of the code and I here by license it under the same license as
  isenkram package: GNU GPL v2 or later.

- When trying to install packages, a dialog is shown to the user asking
  for administrator password to allow for package installation.

- PackageKit does not provide package installation progress bars like
  aptdaemon.  So, use libnotify to show a message at the start and end
  of installation.
---
 isenkramd | 181 +-
 1 file changed, 179 insertions(+), 2 deletions(-)

diff --git a/isenkramd b/isenkramd
index 7eee84d..ac5028d 100755
--- a/isenkramd
+++ b/isenkramd
@@ -40,6 +40,8 @@ gi.require_version('GUdev', '1.0')
 from gi.repository import GUdev
 gi.require_version('Notify', '0.7')
 from gi.repository import Notify
+gi.require_version('PackageKitGlib', '1.0')
+from gi.repository import PackageKitGlib as packagekit
 
 import isenkram.lookup
 
@@ -49,6 +51,10 @@ from aptdaemon.gtk3widgets import AptErrorDialog, \
  AptProgressDialog
 import aptdaemon.errors
 
+
+use_apt_daemon = False
+
+
 class AptDaemonGUIClient(object):
 
 """Provides a graphical interface to aptdaemon."""
@@ -102,6 +108,173 @@ class AptDaemonGUIClient(object):
 self.loop.run()
 
 
+class PackageException(Exception):
+"""A package operation has failed."""
+
+def __init__(self, error_string=None, error_details=None, *args, **kwargs):
+"""Store packagekit error string and details."""
+super(PackageException, self).__init__(*args, **kwargs)
+
+self.error_string = error_string
+self.error_details = error_details
+
+def __str__(self):
+"""Return the strin representation of the exception."""
+return 'PackageException(error_string="{0}", error_details="{1}")' \
+.format(self.error_string, self.error_details)
+
+
+class PackageKitInstaller(object):
+"""Helper to install packages using PackageKit."""
+
+def __init__(self, package_names):
+"""Initialize transaction object.
+
+Set most values to None until they are sent as progress update.
+"""
+self.package_names = package_names
+
+# Progress
+self.allow_cancel = None
+self.percentage = None
+self.status = None
+self.status_string = None
+self.flags = None
+self.package = None
+self.package_id = None
+self.item_progress = None
+self.role = None
+self.caller_active = None
+self.download_size_remaining = None
+self.speed = None
+
+def get_id(self):
+"""Return a identifier to use as a key in a map of transactions."""
+return frozenset(self.package_names)
+
+def __str__(self):
+"""Return the string representation of the object"""
+return ('Transaction(packages={0}, allow_cancel={1}, status={2}, '
+' percentage={3}, package={4}, item_progress={5})').format(
+self.package_names, self.allow_cancel, self.status_string,
+self.percentage, self.package, self.item_progress)
+
+def notify_and_install(self):
+"""Notify, start installation and then notify success/error."""
+start_notification = Notify.Notification(
+summary='Installing packages',
+body='Instaling packages - {packages}'.format(
+packages=', '.join(self.package_names)))
+start_notification.set_timeout(1)
+start_notification.show()
+
+error = None
+try:
+self.install()
+except PackageException as exception:
+error = exception
+
+start_notification.close()
+if not error:
+final_notification = Notify.Notification(
+summary='Installation successful',
+body='Packages have been successfully installed - {packages}'.
+format(packages=', '.join(self.package_names)))
+else:
+final_notification = Notify.Notification(
+summary='Installation failed',
+body='Error installing packages: {str

Bug#758116: Patch to install packages using PackageKit

[Sunil Mohan Adapa]

On 05/25/2016 11:42 AM, Sunil Mohan Adapa wrote:
> Hello,
> 
> Here is an experimental patch to perform package installation using
> PackageKit.  I have tested it for success and error conditions but there
> are corner cases such as inserting devices during package installation
> and parallel package installation that I haven't tested.  I expect them
> to work fine by the way.

Sorry, I sent the patch to the wrong bug.  Please ignore.

-- 
Sunil




signature.asc
Description: OpenPGP digital signature

Bug#823378: fixed in sshguard 1.6.4-2

[T.A. van Roermund]

I think one more optimization is needed. By adding the '-n' option, 
reverse DNS lookups are prevented. Without this option, (re-)starting 
the daemon may take a very long time.


So I propose to change the two lines to:

iptables -n -L INPUT | grep -q sshguard || iptables -w -I INPUT -j 
sshguard 2> /dev/null
ip6tables -n -L INPUT | grep -q sshguard || ip6tables -w -I INPUT -j 
sshguard 2> /dev/null

Bug#825147: nailgun-agent and fuel-nailgun-agent: error when trying to install together

[Ralf Treinen]

Bonjour Thomas,

On Tue, May 24, 2016 at 10:16:47PM +0200, Thomas Goirand wrote:
> On 05/24/2016 07:59 AM, Ralf Treinen wrote:
> > Package: fuel-nailgun-agent,nailgun-agent
> > Version: fuel-nailgun-agent/9.0+dfsg1-1
> > Version: nailgun-agent/3.9.2-1.1
> > Severity: serious
> > User: trei...@debian.org
> > Usertags: edos-file-overwrite

> > Preparing to unpack .../nailgun-agent_3.9.2-1.1_all.deb ...
> > Unpacking nailgun-agent (3.9.2-1.1) ...
> > dpkg: error processing archive 
> > /var/cache/apt/archives/nailgun-agent_3.9.2-1.1_all.deb (--unpack):
> >  trying to overwrite '/usr/bin/nailgun-agent', which is also in package 
> > fuel-nailgun-agent 9.0+dfsg1-1
> 
> This bug can be closed, as I'm asking the FTP masters to remove
> nailgun-agent (as fuel-nailgun-agent is the rename of it).

don't you need proper Replaces/Conflict then, in order to ensure a transition
from nailgun-agent to fuel-nailgun-agent ?

-Ralf.

Bug#654924: Re: Helping with tigervnc 1.5.0

[Martin Dorey]

I'm concerned why /etc/vnc.conf and /usr/bin/tigervncserver set a depth of 32.  
Per man Xtigervnc, that will cause problems for applications, problems that 
I've just described in a little more detail at 
http://stackoverflow.com/a/37428300/18096.  I think it should be 24, a setting 
which doesn't prevent applications from using transparency.

I'm also mildly bemused as to why /usr/bin/tigervncserver's default for 
-localhost is yes, again unlike the default for the underlying Xtigervnc.  I 
can imagine there being an argument that default security should be locked 
down.  Perhaps I'm just lacking in imagination as to why I might want to 
connect to localhost.

> Getting the llvmpipe part to work was a challenge.  I failed on the first 
> system I tried, which had an nvidia :0.

In the perhaps unlikely event that there's anyone in the same boat, I succeeded 
with:

sudo update-alternatives --set glx /usr/lib/mesa-diverted
sudo update-initramfs -u

... though I eventually went into production setting this before starting 
tigervncserver:

LD_LIBRARY_PATH=/usr/lib/mesa-diverted/x86_64-linux-gnu:$LD_LIBRARY_PATH

Bug#825203: pidgin-sipe: segfault

[Jakub Adam]

Hi,

On 05/24/2016 04:24 PM, George B. wrote:
> I could not find a sipe debug package, so backtrace may not be very useful

pidgin-sipe has switched to automatic debug packages [1]. You should add
the repository listed at [1] matching your distribution and install 
pidgin-sipe-dbgsym.

I think this is a crash in Sipe, but proper 'bt full' with debug symbols would
come useful.

Regards,

Jakub

[1] https://wiki.debian.org/AutomaticDebugPackages



signature.asc
Description: OpenPGP digital signature

Bug#825236: RFS: openfst/1.5.3-1 -- weighted finite-state transducers library

[Sean Whitton]

Dear Giulio,

Could you explain why openfst is in experimental, but not in sid?  Since
the upstream version is >1, it seems odd that you don't consider it
stable enough.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#825248: hgview-curses: Patch updated

[Zhang Jingqiang]

Package: hgview-curses
Version: 1.9.0-1
Followup-For: Bug #825248

Hello,
"echars" is of wrong type "tuple" in previous pacth, updated with this new patch


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'work'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages hgview-curses depends on:
ii  hgview-common 1.9.0-1
ii  python2.7.11-1
ii  python-pygments   2.1.3+dfsg-1
ii  python-pyinotify  0.9.5-1
ii  python-urwid  1.3.1-2+b1

hgview-curses recommends no packages.

hgview-curses suggests no packages.

-- no debconf information
--- /usr/lib/python2.7/dist-packages/hgviewlib/curses/graphlog.py.orig	2016-05-25 12:52:57.196775537 +0800
+++ /usr/lib/python2.7/dist-packages/hgviewlib/curses/graphlog.py	2016-05-25 13:22:33.085859338 +0800
@@ -312,6 +312,10 @@
 # some support of obsolete relation display
 # assert -2 < coldiff < 2
 assert height > 0
+
+echars = []
+echars.extend(('|', ' ') * (ncols + coldiff))
+
 if coldiff == -1:
 _fixlongrightedges(edges)
 # add_padding_line says whether to rewrite
@@ -323,7 +327,7 @@
 # nodeline is the line containing the node character (typically o)
 nodeline = ["|", " "] * idx
 nodeline.extend([('GraphLog.node', char), " "])
-nodeline.extend(_getnodelineedgestail(idx, state[1], ncols, coldiff,
+nodeline.extend(_getnodelineedgestail(echars, idx, state[1], ncols, coldiff,
 state[0], fix_nodeline_tail))
 # shift_interline is the line containing the non-vertical
 # edges between this entry and the next
@@ -340,7 +344,7 @@
 shift_interline.extend(n_spaces * [" "])
 shift_interline.extend([edge_ch, " "] * (ncols - idx - 1))
 # draw edges from the current node to its parents
-_drawedges(edges, nodeline, shift_interline)
+_drawedges(echars, edges, nodeline, shift_interline)
 # lines is the list of all graph lines to print
 lines = [nodeline]
 if add_padding_line:

Bug#824553: qemu-nbd: devices for partitions are not created

[Michael Tokarev]

25.05.2016 03:40, Igor Liferenko wrote:
> I figured it out:
> 
> Everything is done exactly as before, but now it is necessary to use
> "partprobe", like this:
> 
>   sudo modprobe nbd max_part=16
>   sudo qemu-nbd -c /dev/nbd0 newcd-qemu.qcow2
>   sudo partprobe /dev/nbd0

Try installing older version of qemu-utils, or just download
the .deb file from snapshot.debian.org and run qemu-nbd binary.

Thanks,

/mjt

Bug#825248: hgview-curses: Patch needed to work with mercurial 3.8.2

[Zhang Jingqiang]

Package: hgview-curses
Version: 1.9.0-1
Severity: important
Tags: patch

Hello,
mercurial 3.8.2 breaks hgview-curses, as function _getnodelineedgestail and 
_drawedges
in file /usr/lib/python2.7/dist-packages/mercurial/graphmod.py add new arg 
"echars".

I make a simple patch to workaround that, though I don't know exactly what 
should be in "echars".
Anyhow the simple patch works for my usecase.

Thanks 

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'work'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages hgview-curses depends on:
ii  hgview-common 1.9.0-1
ii  python2.7.11-1
ii  python-pygments   2.1.3+dfsg-1
ii  python-pyinotify  0.9.5-1
ii  python-urwid  1.3.1-2+b1

hgview-curses recommends no packages.

hgview-curses suggests no packages.

-- no debconf information
--- /usr/lib/python2.7/dist-packages/hgviewlib/curses/graphlog.py.orig	2016-05-25 12:52:57.196775537 +0800
+++ /usr/lib/python2.7/dist-packages/hgviewlib/curses/graphlog.py	2016-05-25 13:08:11.051555423 +0800
@@ -312,6 +312,9 @@
 # some support of obsolete relation display
 # assert -2 < coldiff < 2
 assert height > 0
+
+echars = ('|', ' ') * (ncols + coldiff)
+
 if coldiff == -1:
 _fixlongrightedges(edges)
 # add_padding_line says whether to rewrite
@@ -323,7 +326,7 @@
 # nodeline is the line containing the node character (typically o)
 nodeline = ["|", " "] * idx
 nodeline.extend([('GraphLog.node', char), " "])
-nodeline.extend(_getnodelineedgestail(idx, state[1], ncols, coldiff,
+nodeline.extend(_getnodelineedgestail(echars, idx, state[1], ncols, coldiff,
 state[0], fix_nodeline_tail))
 # shift_interline is the line containing the non-vertical
 # edges between this entry and the next
@@ -340,7 +343,7 @@
 shift_interline.extend(n_spaces * [" "])
 shift_interline.extend([edge_ch, " "] * (ncols - idx - 1))
 # draw edges from the current node to its parents
-_drawedges(edges, nodeline, shift_interline)
+_drawedges(echars, edges, nodeline, shift_interline)
 # lines is the list of all graph lines to print
 lines = [nodeline]
 if add_padding_line:

Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1

[Salvatore Bonaccorso]

Hi,

On Tue, May 24, 2016 at 09:41:48PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2016-05-16 at 17:30 +0200, Salvatore Bonaccorso wrote:
> > libksba in jessie is affected by some CVEs which do not neccessarly
> > seem to need a DSA. I would like to propose the attached
> > debdiff/update for libksba via the next jessie point release.
> > 
> > Would you accept that upload? I took the git commits without
> > modifying, thus the first patch as well updates the copyright years
> > notice in one file. I can drop that if you prefer.
> > 
> > The "Fix an OOB read access in _ksba_dn_to_str" patch is an addition
> > to CVE-2016-4356 required. If we do not apply that one libskba will be
> > affected by CVE-2016-4574.
> 
> Please go ahead.

Thank you Adam; uploaded.

Regards,
Salvatore

Bug#812831: closed by Michael Lustfield ()

[Alexandre Kouznetsov]

Hello.

Sorry, I have overlooked your response from 2016-02-16, just got this 
e-mail notifying about report closure.


I have made sure my sistem is up to date and tested the condition again, 
with the same result:


# dpkg -la | grep nginx
ii  nginx-common  1.6.2-5+deb8u1  allsmall, powerful, scalable 
web/proxy server - common files
ii  nginx-extras  1.6.2-5+deb8u1  amd64  nginx web/proxy server 
(extended version)

# service nginx configtest
[ ok ] Testing nginx configuration:.
# echo $?
0
# echo "}" >> /etc/nginx/sites-enabled/default
# service nginx configtest
[FAIL] Testing nginx configuration: failed!
# echo $?
0

I have upgraded my Nginx to jessie-backports verision. The issue seems 
to be corrected.


root@aeapi-dev:~# dpkg -la | grep nginx
ii  nginx-common  1.9.10-1~bpo8+1  allsmall, powerful, scalable 
web/proxy server - common files
ii  nginx-extras  1.9.10-1~bpo8+1  amd64  nginx web/proxy server 
(extended version)

# service nginx configtest
[ ok ] Testing nginx configuration:.
# echo $?
0
# echo "}" >> /etc/nginx/sites-enabled/default
# service nginx configtest
[FAIL] Testing nginx configuration: failed!
# echo $?
1

Is there any chance that the version 1.6.2-5+deb8u1 from stable 
repository gets fixed?


Greetings and thank you.

El 24/05/16 a las 20:27, Debian Bug Tracking System escribió:

This is an automatic notification regarding your Bug report
which was filed against the nginx-common package:

#812831: nginx-common: testconfig returns 0 even on failure

It has been closed by Michael Lustfield .

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Michael Lustfield 
 by
replying to this email.

Bug#825247: xpdf: command line option -z zoom is ignored

[Drew Parsons]

Package: xpdf
Version: 3.04-1
Severity: normal

>From the man page, command line option -z  should control the
initial zoom when xpdf loads up a file.  But it does nothing, whether
 is a number (percentage) or text (page,height).

Bug #737628 reports that the X resource: Xpdf.initialZoom is also
broken.  I don't know if the patch suggested for that bug will also
fix this -z command line bug.

The initialZoom option in the xpdfrc file does work successfully.


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xpdf depends on:
ii  libc6 2.22-9
ii  libgcc1   1:6.1.1-4
ii  libpoppler57  0.38.0-3
ii  libstdc++66.1.1-4
ii  libx11-6  2:1.6.3-1
ii  libxm42.3.4-10+b1
ii  libxt61:1.1.5-1

Versions of packages xpdf recommends:
ii  cups-bsd   2.1.3-5
ii  gsfonts-x110.24
ii  poppler-data   0.4.7-7
ii  poppler-utils  0.38.0-3

xpdf suggests no packages.

-- no debconf information

Bug#824902: tar: -X / --exclude-from silent failure

[Ben Caradoc-Davies]

Upstream indicates that that exclude options are now position dependent. 
Exchanging the order of the include and excludes options gives the 
desired behaviour with tar 1.29-1:


$ tar zcvvfXT - excludes includes > /dev/null
drwxrwx--- ben/ben 0 2016-05-21 14:39 base/
drwxrwx--- ben/ben 0 2016-05-21 14:40 base/dir-1/
-rw-rw ben/ben 0 2016-05-21 14:40 base/dir-1/file-1

See:
http://lists.gnu.org/archive/html/bug-tar/2016-05/msg00022.html
http://lists.gnu.org/archive/html/bug-tar/2016-05/msg00023.html

 Forwarded Message 
Subject: Re: [Bug-tar] tar 1.29 bug: tar ignores --exclude option
Date: Wed, 25 May 2016 15:35:30 +1200
From: Ben Caradoc-Davies 
To: Sergey Poznyakoff 
CC: bug-...@gnu.org

On 26/05/16 09:05, Sergey Poznyakoff wrote:
> Hi Ben,
> The --exclude option is position-sensitive, which means it applies to
> any arguments or options appearing after it in the command line.
> Therefore the correct tar invocation is:
>tar zcvvfXT - excludes includes
> Please see 3.4.4 "Position-Sensitive Options"[1], for details.
> Regards,
> Sergey
> [1] http://www.gnu.org/software/tar/manual/html_section/tar_22.html

Thanks very much Sergey. I can confirm that changing the order of the
excludes and includes, as you indicated above, gives me the desired
behaviour with tar 1.29:

$ tar zcvvfXT - excludes includes > /dev/null
drwxrwx--- ben/ben 0 2016-05-21 14:39 base/
drwxrwx--- ben/ben 0 2016-05-21 14:40 base/dir-1/
-rw-rw ben/ben 0 2016-05-21 14:40 base/dir-1/file-1

Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Bug#825246: insufficient arguments to --pages

[積丹尼 Dan Jacobson]

Package: qpdf
Version: 6.0.0-2

file:///usr/share/doc/qpdf/qpdf-manual.html#ref.invocation says
"This makes it possible to easily combine all pages in a set of files
with a command like qpdf --empty out.pdf --pages *.pdf --."

$ qpdf --empty out.pdf --pages *.pdf --

qpdf: insufficient arguments to --pages

Usage: qpdf [options] infile outfile
For detailed help, run qpdf --help

Bug#825245: cannot input anything in Text object

[Chang, MingDien]

Package: dia
Version: 0.97.3-1+b1
Severity: important

The 'Text' object cannot be input anything directly.
However, the paste function, backspace, and delete works in Text object.



-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dia depends on:
ii  dia-common   0.97.3-1
ii  dia-libs 0.97.3-1+b1
ii  libart-2.0-2 2.3.21-2
ii  libatk1.0-0  2.20.0-1
ii  libc62.22-9
ii  libcairo21.14.6-1+b1
ii  libfontconfig1   2.11.0-6.4
ii  libfreetype6 2.6.3-3+b1
ii  libgdk-pixbuf2.0-0   2.34.0-1
ii  libglib2.0-0 2.48.1-1
ii  libgtk2.0-0  2.24.30-1.1
ii  libpango-1.0-0   1.40.1-1
ii  libpangocairo-1.0-0  1.40.1-1
ii  libpangoft2-1.0-01.40.1-1
ii  libpng16-16  1.6.21-5
ii  libxml2  2.9.3+dfsg1-1
ii  zlib1g   1:1.2.8.dfsg-2+b1

Versions of packages dia recommends:
ii  dia-shapes   0.6.0-1
ii  gsfonts-x11  0.24

dia suggests no packages.

-- no debconf information

Bug#825137: general: Please add ISSE to Debian repositories http://isse.sourceforge.net/

[Nicholas Bryan]

Hi Olivier,

Thanks for your message.

Unfortunately, I haven't been able to work on ISSE since January 2014 and
was the only coder/developer. I don't foresee my circumstances changing
anytime soon and, as such, would consider the project dead upstream.

That being said, if there's a serious developer out there that has an
interest in keeping the project going, I would be more than happy to
discuss further.

In addition to bug fixes, there are a few obvious improvements that would
make a significant difference and justify inclusion in a larger package
distribution.  Improvements include better handling of large files and a
basic plugin architecture (somewhat started).

Hope that helps.

Best Regards,
Nick











On Tue, May 24, 2016 at 5:56 AM,  wrote:

> (@debian people: copying the devs of ISSE here)
>
> Hi Nicholas, Gautham and Ge,
>
> there is a current discussion about getting ISSE in the debian repo as you
> can read on https://bugs.debian.org/825137
>
> It would great if you can comment on the "is it dead or alive upstream ?"
> part of the discussion.
>
> By advance,
> Thanks
> Olivier
>
>
>


-- 
Nick

Bug#825163: texlive-bibtex-extra: Not compatible with biber 2.4-1

[Norbert Preining]

tags 825163 + pending
thanks

> Biber 2.4-1 is the version of biber currently available for Debian. Upstream
> already has version 2.5, which "should be used in conjunction with biblatex
> 3.4", the current version of biblatex in Debian.

Indeed, breaks are adjusted, and new biber version will be uploaded soon.

Norbert

--
PREINING Norbert + TeX Live & Debian Developer + http://www.preining.info
GPG: 0x860CDC13fp: F7D8 A928 26E3 16A1 9FA0  ACF0 6CAC A448 860C DC13

Bug#825243: qtchooser tries to overwrite /usr/share/qtchooser/qt5-x86_64-linux-gnu.conf also in libqt5core5a

[Diederik de Haas]

Control: severity -1 serious
Control: merge -1 825111


signature.asc
Description: This is a digitally signed message part.

Bug#825243: qtchooser tries to overwrite /usr/share/qtchooser/qt5-x86_64-linux-gnu.conf also in libqt5core5a

[Diederik de Haas]

Control: -1 severity serious
Control: -1 merge 825111

On Wednesday 25 May 2016 02:31:38 Vincent Lefevre wrote:
> trying to overwrite '/usr/share/qtchooser/qt5-x86_64-linux-gnu.conf', which
> is also in package libqt5core5a:amd64 5.6.0+dfsg-2+b1 

Sounds like the same bug as #825111


signature.asc
Description: This is a digitally signed message part.

Bug#823435:

[Michael Lustfield]

I'm really happy I read this prior to another similar but not
identical bug report.

Thanks for the patches! I will try to review/test/commit tonight.

Bug#819751:

[Michael Lustfield]

I'm a bit surprised your tool had access issues when it was running as
root. Your solution may work initially, but I expect you'll see
problems in the long run because of the way nginx workers interact
with these files.

I can do some testing and try to come up with a better solution, but I
don't imagine root:adm will be a workable solution.

Bug#820505: wiki fails to create

[TheSin]

I’m going to assume this is the issue.

  # Returns the Gollum::Wiki object.
  def wiki
@wiki ||= begin
  Gollum::Wiki.new(path_to_repo)
rescue Gollum::NoSuchPathError
  create_repo!
end
  end

the dir in this call needs to be a git repo according to 
https://github.com/gollum/gollum-lib

# Create a new Gollum::Wiki object by initializing it with the path to the
# Git repository.
wiki = Gollum::Wiki.new("my-gollum-repo.git")
# => 

So I think the dir should be made into a git repo, then use Gollum::Wiki.new on 
it.  I’m not super versed in ruby so I’m still researching how to do this, but 
it’s my current guess.

Bug#820505: wiki fails to create

[TheSin]

Just installed gitlab (which wasn’t easy), but I’m seeing the same issue.  any 
progress here? anything I can test to try and get this up and running, really 
need the wiki for project docu and such.  Maybe we need to update the version 
of gitlab?  I’m going through commits now, but we are behind upstream by lots 
of version so that means lots of commits to check though to try and find a 
fix/patch for it.  So thought I’d ask here first.

Bug#825073: Syntax errors diff

[Chris]

If it's at all helpful, I've made a diff of what Renzo used
for a fix and verified that it works on my system.

--- librtlsdr0.rules.bak	2016-05-24 21:01:30.855978222 -0400
+++ /lib/udev/rules.d/60-librtlsdr0.rules	2016-05-24 21:03:39.255570240 -0400
@@ -16,124 +16,124 @@
 # MODE="0664", GROUP="plugdev"
 
 # original RTL2832U vid/pid (hama nano, for example)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc.
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # DigitalNow Quad DVB-T PCI-E card (4x FC0012?)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0413", ATTRS{idProduct}=="6680", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0413", ATTRS{idProduct}=="6680", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Leadtek WinFast DTV Dongle mini D (FC0012)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0413", ATTRS{idProduct}=="6f0f", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0413", ATTRS{idProduct}=="6f0f", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Genius TVGo DVB-T03 USB dongle (Ver. B)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0458", ATTRS{idProduct}=="707f", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0458", ATTRS{idProduct}=="707f", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec Cinergy T Stick Black (rev 1) (FC0012)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00a9", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00a9", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec NOXON rev 1 (FC0013)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b3", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b3", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec Deutschlandradio DAB Stick (FC0013)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b4", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b4", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec NOXON DAB Stick - Radio Energy (FC0013)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b5", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b5", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec Media Broadcast DAB Stick (FC0013)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b7", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b7", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec BR DAB Stick (FC0013)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b8", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b8", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec WDR DAB Stick (FC0013)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b9", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00b9", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec MuellerVerlag DAB Stick (FC0013)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00c0", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00c0", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec Fraunhofer DAB Stick (FC0013)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00c6", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00c6", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec Cinergy T Stick RC (Rev.3) (E4000)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00d3", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660", GROUP="plugdev"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00d3", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
 
 # Terratec T Stick PLUS (E4000)
-SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ccd", ATTRS{idProduct}=="00d7", ENV{ID_SOFTWARE_RADIO}=1, MODE="0660"

Bug#777683: e1000e driver, empty TX queue after IP drop causes dev_watchdog

[S Egbert]

I too have the same problem on Debian as 3 others do.

As a former Ethernet driver developer, I noticed that the queue is empty 
when the interrupt was fired.  And that it appeared hung in the Linux 
qdisc portion at Interrupt context, to a point of having watchdog timer 
expiring.


My relevant details is:
Dell OptiPlex 980
3.16.0-4-amd64
linux/3.16.7-ckt25-2 (2016-04-08) x86_64
Intel Gigabit Ethernet 82578DM Gigabit Network Connection (rev 05)


From what I've gathered from the following potentially duplicate bug  
#798512 and Intel Community Forums:


1 - It isn't CPU-related
2.  This error happened in the following Linux kernel versions:
a. 3.16.0-4-amd64
b. 3.19.5 (source: Intel communities)
c. 4.3+70~bpo8+1
b. 3.16.7-ckt11-1
3. This error does NOT happen in the following Linux kernel versions 
(take this with a grain of salt, for we haven't a reliable repeatable 
bug inducement yet):

a. 3.16.7-ckt20-1+deb8u4
4. Intel driver used but still have error
   b. 3.3.3-NAPI
5. Intel hardware having this problem
  a. Intel I217-V (rev 04) (onboard) (has lspci SERR-)
  b. Intel 82578DM (rev 05) (onboard)  (has lspci SERR+)
  c. Intel Corporation 82579V Gigabit Network Connection (rev 05) (onboard)
6. Linux network
   a.  eth0:  mtu 1500 qdisc 
pfifo_fast state UP group default qlen 1000
   b. eth0:  mtu 1500 qdisc pfifo_fast 
master br0 state UP mode DEFAULT group default qlen 1000



So far, common thread of the alike problems is the following (more 
reports will eliminate a few):

1.  e1000e driver
2.  ip link using 'qdisc' and 'pfifo_fast' option
2.  onboard Ethernet (PCI-related?)
3. Starting at Linux 3.16.0
4.  IP outgoing packets dropped was non-zero (mostly 32 packets)
4.  share similar call stack backtrace:

Bug #777683 call stack backtrace

[ 295.041406]  [] ? dump_stack+0x41/0x51 [ 
295.041417] [] ? warn_slowpath_common+0x77/0x90 [ 
295.041420] [] ? warn_slowpath_fmt+0x4c/0x50 [ 
295.041425] [] ? mod_timer+0x127/0x1e0 [ 295.041430] 
[] ? dev_watchdog+0x236/0x240 [ 295.041433] 
[] ? dev_graft_qdisc+0x70/0x70 [ 295.041436] 
[] ? call_timer_fn+0x31/0x100 [ 295.041439] 
[] ? dev_graft_qdisc+0x70/0x70 [ 295.041442] 
[] ? run_timer_softirq+0x209/0x2f0 [ 295.041445] 
[] ? __do_softirq+0xf1/0x290 [ 295.041448] 
[] ? irq_exit+0x95/0xa0 [ 295.041451] 
[] ? smp_apic_timer_interrupt+0x45/0x60 [ 295.041455] 
[] ? apic_timer_interrupt+0x6d/0x80 [ 295.041456] 
 [] ? get_next_timer_interrupt+0x1d6/0x250 [ 
295.041465] [] ? cpuidle_enter_state+0x4f/0xc0 [ 
295.041468] [] ? cpuidle_enter_state+0x48/0xc0 [ 
295.041472] [] ? cpu_startup_entry+0x2f8/0x400 [ 
295.041475] [] ? start_kernel+0x492/0x49d [ 
295.041478] [] ? set_init_arg+0x4e/0x4e [ 295.041480] 
[] ? early_idt_handlers+0x120/0x120 [ 295.041483] 
[] ? x86_64_start_kernel+0x14d/0x15c [ 295.041485] 
---[ end trace aaf46f7eeccba58f ]--- [ 295.041502] e1000e :00:19.0 
eth-office: Reset adapter unexpectedly


Intel Community Forums (Intel 3.3.3-NAPI driver):
(source: https://communities.intel.com/message/305442#305442)

[] ? dump_stack+0x40/0x57
[] ? warn_slowpath_common+0x81/0xb0
[] ? warn_slowpath_fmt+0x5c/0x80
[] ? dev_watchdog+0x229/0x240
[] ? dev_deactivate_queue.constprop.34+0x60/0x60
[] ? call_timer_fn+0x30/0xf0
[] ? dev_deactivate_queue.constprop.34+0x60/0x60
[] ? run_timer_softirq+0x17d/0x2b0
[] ? __do_softirq+0x107/0x270
[] ? irq_exit+0x86/0x90
[] ? smp_apic_timer_interrupt+0x3e/0x50
[] ? apic_timer_interrupt+0x82/0x90

[] ? cpuidle_enter_state+0xe8/0x220
[] ? cpuidle_enter_state+0xc3/0x220
[] ? cpu_startup_entry+0x294/0x350
[] ? start_secondary+0x150/0x190

Debian Bug #798512

] ? warn_slowpath_common+0x77/0x90
] ? warn_slowpath_fmt+0x4c/0x50
] ? mod_timer+0x127/0x1e0
] ? dev_watchdog+0x236/0x240
] ? dev_graft_qdisc+0x70/0x70
] ? call_timer_fn+0x31/0x100
] ? dev_graft_qdisc+0x70/0x70
] ? run_timer_softirq+0x209/0x2f0
] ? __do_softirq+0xf1/0x290
] ? irq_exit+0x95/0xa0

My /var/log/message (3.6.14):
dmesg: e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k
dmesg: e1000e :00:19.0: Interrupt Throttling Rate (ints/sec) set to 
dynamic conservative mode

dmesg: e1000e :00:19.0 eth0: Detected Hardware Unit Hang:
May 24 18:44:55 sandbay kernel: [  840.766377]   
[] ? dump_stack+0x5d/0x78
May 24 18:44:55 sandbay kernel: [  840.766391] [] ? 
warn_slowpath_common+0x77/0x90
May 24 18:44:55 sandbay kernel: [  840.766396] [] ? 
warn_slowpath_fmt+0x4c/0x50
May 24 18:44:55 sandbay kernel: [  840.766410] [] ? 
dev_watchdog+0x236/0x240
May 24 18:44:55 sandbay kernel: [  840.766418] [] ? 
dev_graft_qdisc+0x70/0x70
May 24 18:44:55 sandbay kernel: [  840.766424] [] ? 
call_timer_fn+0x31/0x100
May 24 18:44:55 sandbay kernel: [  840.766435] [] ? 
dev_graft_qdisc+0x70/0x70
May 24 18:44:55 sandbay kernel: [  840.766439] [] ? 
run_timer_softirq+0x209/0x2f0
May 24 18:44:55 sandbay kernel: [  840.766444] [] ? 
__do_softirq+0xf1/0x290
May 24 18:44:55 sandbay kernel: [  840.766452] [] ? 
irq_exit+0x95/0xa0
May 24 18:44:55 sandbay kerne

Bug#756900: #756900: nfs-utils: NFS 1.3 fixes NFS systemd integration

[Trent W. Buck]

I recently upgraded my NFSv3 clients from wheezy to jessie, and they just DID 
NOT WORK.
The NFS sysvinit init scripts had dependency cycles & race conditions when used 
under systemd.
I ended up writing my own systemd units for the parts I needed (foo.mount, 
statd, & rpcbind),
and disabling the rest.

While working on that, I discovered that upstream has already solved this 
problem.
nfs-utils 1.3.x includes native systemd integration.

This week I went to upgrade my NFSv3 server to stretch (from pre-systemd).
I was disappointed to discover that Debian STILL doesn't have nfs-utils 1.3.x.
I guess I'll have to write my own systemd units again! :-/

If upgrading nfs-utils right now will cause problems, I totally get that.
Keeping things working is a lot harder for all of Debian than for just me.
But can someone please at least reply and say what the blockers ARE?

This ticket has been open for nearly TWO YEARS, with no reply.
This makes it hard for me to manage $boss's expectations.


PS: some of my jessie issues were in rpcbind, not nfs-utils.
#806336 looks particularly relevant; which also appears to be ignored.

PPS: maybe this issue HAS been discussed, just somewhere else.
Due to the maintainer archive link on https://tracker.debian.org/pkg/nfs-utils,
I checked https://lists.debian.org/debian-kernel/, but I found nothing.
I also found nothing in "wnpp-check nfs-utils".

Bug#825244: nslcd: Allow arbitrary maps via getent.ldap(1)

[Daniel Richard G.]

Package: nslcd
Version: 0.9.6-3
Severity: wishlist

I would like for it to be possible to configure nslcd so that
getent.ldap(1) can return information not covered by the current maps.
Here are three use cases:

1. Alternate "home" directories. I'm in a company subdivision where
   employees have departmental home directories, something like

 map passwd homeDirectory "/home/$sAMAccountName"

   where /home is NFS-mounted from our own server. But there is also
   another set of homedirs, ones that are global to the company but are
   tightly quota-bound and thus not as useful. I want to have an autofs
   mount for these so that they are accessible, but I need to query a
   "unixHomeDirectory" attribute in LDAP (homedirs are spread across
   multiple servers so I can't just construct a path from the username)
   and the "homeDirectory" slot is already spoken for.

   For now, I am (ab)using the "userPassword" attribute in the "shadow"
   map to get this information, but that's an awkward one-off at best.

2. User pictures. My company LDAP server has a "thumbnailPhoto"
   attribute for each user, which is some kind of base64-encoded image
   that is likely the same user photo shown in the Outlook mail client.
   It would be lovely to show this as a "user picture" in LightDM, or
   perhaps elsewhere in the Linux desktop, without needing to configure
   a separate LDAP client to get at it.

3. Automount maps in general. An "automount" map is supported by
   libnss-ldap, and while first-class support for this in libnss-ldapd
   would be nice, I can foresee greater flexibility in being able to
   specify multiple sources for automount definitions (e.g.
   "automount1", "automount2", ...)

Bug#824553: qemu-nbd: devices for partitions are not created

[Igor Liferenko]

I figured it out:

Everything is done exactly as before, but now it is necessary to use
"partprobe", like this:

  sudo modprobe nbd max_part=16
  sudo qemu-nbd -c /dev/nbd0 newcd-qemu.qcow2
  sudo partprobe /dev/nbd0

Bug#823608:

[Michael Lustfield]

I've been looking at this a bit more. As much as I understand the
motivations, it seems incredibly heavy to create an entirely separate
package just to install one small file for vim. Looking at other
packages, it seems they've made the same decision. I see very few
(four) packages that seem to create an entirely different package.

This also happened to pop up in discussions at a conference I recently
attended. The verdict was... this wouldn't be a good change, despite
how trivial it would be.

I'm rather inclined to mark this wontfix for those reasons. Again,
leaving it open for discussion (and prodding a couple others to get
their opinion).

Bug#825243: qtchooser tries to overwrite /usr/share/qtchooser/qt5-x86_64-linux-gnu.conf also in libqt5core5a

[Vincent Lefevre]

Package: qtchooser
Version: 58-gfab25f1-1
Severity: grave
Justification: renders package unusable

qtchooser 58-gfab25f1-1 can't be installed:

Unpacking qtchooser (58-gfab25f1-1) over (52-gae5eeef-2) ...
dpkg: error processing archive 
/var/cache/apt/archives/qtchooser_58-gfab25f1-1_amd64.deb (--unpack):
 trying to overwrite '/usr/share/qtchooser/qt5-x86_64-linux-gnu.conf', which is 
also in package libqt5core5a:amd64 5.6.0+dfsg-2+b1
Processing triggers for man-db (2.7.5-1) ...
Errors were encountered while processing:
 /var/cache/apt/archives/qtchooser_58-gfab25f1-1_amd64.deb

(libqt5core5a:amd64 5.6.0+dfsg-2+b1 is the latest version).

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages qtchooser depends on:
ii  libc6   2.22-9
ii  libgcc1 1:6.1.1-4
ii  libstdc++6  6.1.1-4

qtchooser recommends no packages.

qtchooser suggests no packages.

-- no debconf information

Bug#825242: [imagemagick] Incorrect owner inside the package render imagemagick and imagemagick-6.q16 broken after upgrading to 8:6.9.2.10+dfsg-2

[Davod]

Package: imagemagick
Version: 8:6.9.2.10+dfsg-2
Severity: critical

--- Please enter the report below this line. ---
Related report #816854

While upgrading imagemagick to 8:6.9.2.10+dfsg-2 (becoming it a dummy 
package where imagemagick-6.q16 8:6.9.2.10+dfsg-2+b1 depends on), I got 
the following output:



Performing actions...
(Reading database ... 498937 files and directories currently installed.)
Preparing to unpack .../imagemagick_8%3a6.9.2.10+dfsg-2_all.deb ...
dpkg-query: no packages found matching imagemagick:all
dpkg-query: package 'imagemagick' is not installed
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
dpkg-query: package 'imagemagick' is not installed
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
dpkg-query: package 'imagemagick' is not installed
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
dpkg-query: package 'imagemagick' is not installed
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
dpkg-query: package 'imagemagick' is not installed
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
dpkg-maintscript-helper: error: directory '/usr/share/doc/imagemagick' 
contains files not owned by package imagemagick:all, cannot switch to 
symlink
dpkg: error processing archive 
/var/cache/apt/archives/imagemagick_8%3a6.9.2.10+dfsg-2_all.deb (--unpack):

 subprocess new pre-installation script returned error exit status 1
Errors were encountered while processing:
 /var/cache/apt/archives/imagemagick_8%3a6.9.2.10+dfsg-2_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)


Notice the "dpkg-maintscript-helper: error: directory 
'/usr/share/doc/imagemagick' contains files not owned by package 
imagemagick:all, cannot switch to symlink" while unpacking 
"imagemagick_8%3a6.9.2.10+dfsg-2_all.deb" caused the break.


The related report #816854 also mention the issues when creating 
symlinks, that also render the package broken.


Also, cups-filters (therefore, cups) depends on imagemagick, and since 
8:6.9.2.10+dfsg-2 became a dummy package (and broken after upgrading); 
removing it *will break* cups. Therefore, the cups dependences should 
also be modified to fit "imagemagick-6.q16" in addition of imagemagick.


The only solution is to keep or downgrade imagemagick and 
imagemagick-6.q16 to 8:6.8.9.9-7+b2.


--- System information. ---
Architecture: amd64
Kernel: Linux 4.3.5-custom-toi

Debian Release: stretch/sid
1 experimental ftp.debian.org

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.


--- Output from package bug script ---
ImageMagick program version
---
animate: compare: convert: composite: conjure: display: identify: 
import: mogrify: montage: stream:

Bug#823785: gnome-shell: segfault shortly after login drops user to console

[Anton Vorobyov]

 I am affected by this issue as well. Started occurring after this upgrade in 
testing:


[REMOVE, NOT USED] gir1.2-gdm3:amd64 3.18.0-2
[REMOVE, NOT USED] libical1a:amd64 1.0.1-0.1
[REMOVE, NOT USED] libmutter0g:amd64 3.18.3-2
[INSTALL, DEPENDENCIES] gir1.2-gdm-1.0:amd64 3.20.1-1
[INSTALL, DEPENDENCIES] libmutter0h:amd64 3.20.2-1
[UPGRADE] gdm3:amd64 3.18.0-2 -> 3.20.1-1
[UPGRADE] gir1.2-gdesktopenums-3.0:amd64 3.18.1-1 -> 3.20.0-3
[UPGRADE] gir1.2-javascriptcoregtk-3.0:amd64 2.4.11-1 -> 2.4.11-1+b1
[UPGRADE] gir1.2-mutter-3.0:amd64 3.18.3-2 -> 3.20.2-1
[UPGRADE] gir1.2-webkit-3.0:amd64 2.4.11-1 -> 2.4.11-1+b1
[UPGRADE] gnome-control-center:amd64 1:3.18.2-1 -> 1:3.20.1-1
[UPGRADE] gnome-control-center-data:amd64 1:3.18.2-1 -> 1:3.20.1-1
[UPGRADE] gnome-keyring:amd64 3.18.3-1 -> 3.20.0-1
[UPGRADE] gnome-session:amd64 3.18.1.2-1 -> 3.20.1-2
[UPGRADE] gnome-session-bin:amd64 3.18.1.2-1 -> 3.20.1-2
[UPGRADE] gnome-session-common:amd64 3.18.1.2-1 -> 3.20.1-2
[UPGRADE] gnome-settings-daemon:amd64 3.18.2-1 -> 3.20.1-1
[UPGRADE] gnome-shell:amd64 3.18.1-1 -> 3.20.2-1
[UPGRADE] gnome-shell-common:amd64 3.18.1-1 -> 3.20.2-1
[UPGRADE] gnome-shell-extensions:amd64 3.18.4-1 -> 3.20.1-1
[UPGRADE] gnome-themes-standard:amd64 3.20-1 -> 3.20.2-1
[UPGRADE] gnome-themes-standard-data:amd64 3.20-1 -> 3.20.2-1
[UPGRADE] gsettings-desktop-schemas:amd64 3.18.1-1 -> 3.20.0-3
[UPGRADE] libbluray1:amd64 1:0.9.2-2 -> 1:0.9.3-2
[UPGRADE] libetonyek-0.1-1:amd64 0.1.6-1 -> 0.1.6-2
[UPGRADE] libgdm1:amd64 3.18.0-2 -> 3.20.1-1
[UPGRADE] libjavascriptcoregtk-3.0-0:amd64 2.4.11-1 -> 2.4.11-1+b1
[UPGRADE] libpam-gnome-keyring:amd64 3.18.3-1 -> 3.20.0-1
[UPGRADE] libselinux1:amd64 2.5-2 -> 2.5-3
[UPGRADE] libselinux1:i386 2.5-2 -> 2.5-3
[UPGRADE] libselinux1-dev:amd64 2.5-2 -> 2.5-3
[UPGRADE] libwebkitgtk-3.0-0:amd64 2.4.11-1 -> 2.4.11-1+b1
[UPGRADE] mutter:amd64 3.18.3-2 -> 3.20.2-1
[UPGRADE] mutter-common:amd64 3.18.3-2 -> 3.20.2-1
[UPGRADE] python-pyparsing:amd64 2.1.1+dfsg1-1 -> 2.1.4+dfsg1-1
[UPGRADE] sgml-base:amd64 1.26+nmu4 -> 1.27
[UPGRADE] tar:amd64 1.28-2.2 -> 1.29-1


Found this bug which seems to be related:  
https://bbs.archlinux.org/viewtopic.php?id=211100  

Bug#825241: gnupod-tools: please Build-Depend on rename

[Dominic Hargreaves]

Source: gnupod-tools
Version: 0.99.8-2.1
Severity: normal
User: debian-p...@lists.debian.org
Usertags: perl-5.24-transition rename-deprecation

Dear maintainer,

This package was found to contain uses of the 'rename' and/or 'prename'
(which is an alias) command. This was previously implemented by a script
added to the perl package by Debian, but there is now a maintained
alternative in the 'rename' package.

Please add a Build-Depends on 'rename', to avoid breakage in your
package when we remove the rename script from the perl package
(expected after the release of stretch). Additionally, if you are
currently using 'prename', please use 'rename' (which is handled by the
alternatives mechanism) or file-rename, which is the new implementation.

You can see more background about this change at
.

Thanks,
Dominic

Details of the use of (p)rename in your package follow:

debian/rules
17: sh $(CURDIR)/debian/maintenance/01patch_rename.sh $(SRCDIR) $(VERSION)
46: rename 's/\.pl//' $(CURDIR)/debian/gnupod-tools/usr/bin/*.pl
47: rename 's/\.pl//' $(CURDIR)/debian/gnupod-tools/usr/share/man/man1/*.gz

Bug#825229: crosshurd: Incompatibility with update-grub. Fails to boot.

[Samuel Thibault]

Hello,

Thanks for the gnumach.gz link patch. Ideally the upgrade-grub scripts
should find gnumach* kernels (just like it does when run natively from a
Hurd system), but in the meanwhile the symlink can't hurt.

Rodrigo Valiña Gutiérrez, on Tue 24 May 2016 21:48:58 +0200, wrote:
> Running crosshurd to install in a disk partition and then running update-grub,
...
> Afterwards, the Hurd starts to boot but fails (hangs) with the following error
> (maybe an issue with partition names):
> 
> start ext2fs: ext2fs: device:(hostdisk//dev/sda,msdos2): No such device or 
> address

So it seems the update-grub scripts don't properly translate
hostdisk//dev/sda,msdos2 into hd0s2.  That's where things need to get
fixed.

> Also I have observed that, running "grep TARGET /usr/share/crosshurd/*"
> yields some results with "$TARGET/..." quoted and some others not,
> so if we run crosshurd with a path with spaces, it may fail.

Supporting a path with spaces would not be so easy in the case of the
apt_options variable, where $TARGET is used.  It won't be a matter of
quoting it with " unfortunately.

Samuel

Bug#825153: nslcd: Numerous ' request denied by validnames option' log entries

[Daniel Richard G.]

On Tue, 2016 May 24 22:42+0200, Arthur de Jong wrote:
> 
> At the very least it is weird behaviour. I don't expect any NSS module
> would return useful information. It could be a compat lookup thing but
> I thought it only worked on "+" entries, not "*" and those entries are
> only supported in flat files (/etc/passwd, /etc/shadow).
>
> If you could track it down I would be very interested to know why some
> application would do that. If this is some kind of standard use of the
> API I'm not aware of perhaps that would be an argument to change the
> behaviour of nslcd.
>
> Running nslcd in debug mode will show application pids that perform
> the request, that will probably help in tracking it down.

Ah, yes, that is very helpful. I have some information for you.

The culprit here is Bash, although what specifically within Bash is
harder to suss out. The issue does appear to be in the bash_completion
logic, because if I disable that, the "*" requests go away.

The completion logic is about as close to line noise as typical Perl, so
I can't make much headway in there. But strace shows a connect() call to
the nslcd socket for each request, and no other connect()s, so I ran a
debug build of bash in a debugger.

After picking through the backtrace, I've found exactly what is
generating the request. Below, I've copied the entire shell function in
question (from /usr/share/bash-completion/bash_completion), and have
marked the offending line:

# This function quotes the argument in a way so that readline dequoting
# results in the original argument.  This is necessary for at least
# `compgen' which requires its arguments quoted/escaped:
#
# $ ls "a'b/"
# c
# $ compgen -f "a'b/"   # Wrong, doesn't return output
# $ compgen -f "a\'b/"  # Good
# a\'b/c
#
# See also:
# - http://lists.gnu.org/archive/html/bug-bash/2009-03/msg00155.html
# - http://www.mail-archive.com/bash-completion-devel@lists.alioth.\
#   debian.org/msg01944.html
# @param $1  Argument to quote
# @param $2  Name of variable to return result to
_quote_readline_by_ref()
{
if [ -z "$1" ]; then
# avoid quoting if empty
printf -v $2 %s "$1"
elif [[ $1 == \'* ]]; then
# Leave out first character
printf -v $2 %s "${1:1}"
elif [[ $1 == ~* ]]; then< HERE
# avoid escaping first ~
printf -v $2 ~%q "${1:1}"
else
printf -v $2 %q "$1"
fi

# Replace double escaping ( \\ ) by single ( \ )
# This happens always when argument is already escaped at cmdline,
# and passed to this function as e.g.: file\ with\ spaces
[[ ${!2} == *\\* ]] && printf -v $2 %s "${1///\\}"

# If result becomes quoted like this: $'string', re-evaluate in order to
# drop the additional quoting.  See also: http://www.mail-archive.com/
# bash-completion-de...@lists.alioth.debian.org/msg01942.html
[[ ${!2} == \$* ]] && eval $2=${!2}
} # _quote_readline_by_ref()


There are other instances of "~*" in the file, but they all have a
backslash escaping the tilde.

Would you agree that this appears to be a bug in bash-completion?

Bug#825119: jmodeltest: creates world writable /var/log/jmodeltest

[Andreas Beckmann]

On 2016-05-24 21:32, Andreas Tille wrote:
>> Perhaps you want 1777?
> 
> Would you consider this a fix for the bug?

That will at least silence piuparts (a world writable directory with
sticky bit is accepted).

I leave it to you whether you want to escalate the "insecure tempfile
creation" as a security bug.


Andreas

Bug#825240: ldapscripts: Please use SASLAUTH from /etc/nsdlcd.conf (sasl_mech)

[James Valleroy]

Package: ldapscripts
Version: 2.0.6-1
Severity: wishlist

In /etc/ldapscripts/ldapscripts.conf I have:

SASLAUTH="EXTERNAL"

And in /etc/nslcd.conf:

sasl_mech EXTERNAL

I would like to just specify this once in nslcd.conf. Similar to how SERVER and
SUFFIX are handled.



-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ldapscripts depends on:
ii  ldap-utils  2.4.42+dfsg-2+b2

Versions of packages ldapscripts recommends:
ii  pwgen  2.07-1.1
ii  sharutils  1:4.15.2-1

Versions of packages ldapscripts suggests:
ii  nslcd  0.9.6-3

-- Configuration Files:
/etc/ldapscripts/ldapscripts.conf changed [not included]

-- no debconf information

Bug#786893: btrfs-tools: Breakage caused by moving from /sbin to /bin

[Volker Grimwald]

Dear maintainer,

please address this issue. I fully agree with Message #5 about fixing. Many
more packages affected and rendered useless.

Best regards,
  Volker

Bug#655889: offer to help with munin packaging

[Dominic Hargreaves]

On Fri, May 13, 2016 at 06:08:36PM +, Holger Levsen wrote:
> Hi Dominic!
> 
> On Thu, May 12, 2016 at 12:21:55PM +0100, Dominic Hargreaves wrote:
> > Not that I have vast amounts of free time, but I do care about
> > munin packaging, so I can offer to put a little bit of time into a
> > team effort.
>  
> that would be much welcome! \o/
> 
> > What's the current status, thuough? The last update on the rfh bug
> > is a few years ago, so I want to know what I'm letting myself in for :)
> 
> well, the package is maintained by Stig (ssm) and myself and in the last 1.5
> years not much has been done, as we have been waiting for the upstream
> 3.0 release… (which was said to be immiment for quite some time now :/
> 
> Because of this we also didnt bother to send bugs upstream, as most if
> not all bugs in the BTS are filed against munin 1.4 or 2.0 and quite
> some bugs have been fixed upstream in the 3.0 development phase…
> 
> > What are the main tasks/priorities other than bug squashing? Is an
> > upload of the current development branch to experimental useful, for
> > example?
> 
> yes, absolutly. once that is done, I suppose it would also be sensible
> to go through the current list of bugs and investigate whether they
> still happen with munin 2.999.2.
> 
> We (ssm and upstream) hang out on #munin on OFTC, though the same
> channel is also available on freenode. (it's mirrored/piped.)
> 
> Please do feel very much invited to work in the git repo and also do
> uploads, if you feel confident to do so :) Also I believe your work will
> have a motivation effect on us :) Also upstream (hi Steve) is reading
> the debian BTS too and having more 3.0 testing might convince them to
> release 3.0.0 rather sooner than later.
> 
> It's starting getting late to have 3.0 in stretch.

That all makes sense. I will try and find some time to have a crack of
some of this soon.

The freeze of stretch is in January (soft freeze), so we still have a
little time (although I know what tends to happen to that...)

Cheers,
Dominic.

Bug#825239: RFS: pepperflashplugin-nonfree/1.8.1+deb8u1 [RC] [NMU]

[Kristian Klausen]

Package: sponsorship-requests
Severity: important
Dear mentors,

I am looking for a sponsor for my package "pepperflashplugin-nonfree"

 * Package name: pepperflashplugin-nonfree
 Version : 1.8.1+deb8u1
 Upstream Author : Bart Martens 
 * URL : http://wiki.debian.org/PepperFlashPlayer
 * License : GPL3
 Section : web

It builds those binary packages:

pepperflashplugin-nonfree - Pepper Flash Player - browser plugin

To access further information about this package, please visit the following 
URL:

https://mentors.debian.net/package/pepperflashplugin-nonfree


Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/contrib/p/pepperflashplugin-nonfree/pepperflashplugin-nonfree_1.8.1+deb8u1.dsc

More information about hello can be obtained from https://www.example.com.

Changes since the last upload:

pepperflashplugin-nonfree (1.8.1+deb8u1) jessie; urgency=medium

  * Non-maintainer upload.
  * Update Google public key. Closes: #823005.
  * Remove 32 bit support. Closes: #816848.

 -- Kristian Klausen   Fri, 20 May 2016 15:08:52 +0200



Regards,
 Kristian Klausen 

Bug#722249: Current status?

[Petter Reinholdtsen]

[John Paul Adrian Glaubitz]
> Hi Petter!

Hi. :)

> I haven't really had the time to work on this. The package was
> rejected by the FTP team back then due to some minor issues with the
> copyright file. The git repository should reflect the status of the
> packaging when it was rejected.

Right.  I dug up the rejection message from
mirror.ftp-master.debian.org:/srv/ftp-master.debian.org/queue/new/COMMENTS/REJECTED.simplescreenrecorder_0.3.3-1_amd64,
including it here to have some idea what need to be fixed.

  From: Thorsten Alteholz 

  Hi Adrian,

  unfortunatley I have to reject your package.

  Please add the licenses of all files to your debian/copyright. On a
  first glimpse I found at least that glinject/SSRVideoStreamWriter.* is
  missing.

  While you are at it, please take also care of:
   W: simplescreenrecorder: package-name-doesnt-match-sonames libssr-glinject
   W: simplescreenrecorder: binary-without-manpage usr/bin/simplescreenrecorder
   W: simplescreenrecorder: binary-without-manpage usr/bin/ssr-glinject
   E: simplescreenrecorder: non-empty-dependency_libs-in-la-file 
usr/lib/x86_64-linux-gnu/libssr-glinject.la
   W: simplescreenrecorder: shlib-without-versioned-soname 
usr/lib/x86_64-linux-gnu/libssr-glinject.so libssr-glinject.so
   E: simplescreenrecorder: 
pkg-has-shlibs-control-file-but-no-actual-shared-libs

> Feel free to take over the ITP and clone my git repository above to
> finish the work and upload the package :-).

I've been in touch with olinuxx (Olivier Humbert) on #debian-multimedia,
and he is interested in maintaining the package in Debian.  I'm helping
him get familiar with the process, and he mentioned he had been in touch
with you on IRC about this too.

I am confident he will follow through and get the package included in
Debian.  But he would be happy to form a group to maintain it, if the
rest of you want to join in. :)

-- 
Happy hacking
Petter Reinholdtsen

Bug#825091: QuickOSM is also segfaulting

[Sebastiaan Couwenberg]

Control: tags -1 upstream
Control: forwarded -1 http://hub.qgis.org/issues/14881

Hi Nelson,

On 05/23/2016 04:29 PM, Bas Couwenberg wrote:
> Unfortunately the upstream developers don't want to deal with these
> issues until their builds break (i.e. WebKit support is actually removed
> from the Qt4 packages in Debian testing/unstable).

The upload of python-qt4 without WebKit support should happen soon as
discussed in #784513.

This should help get the issues caused by its removal fixed in QGIS
upstream.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#825237: RFS: mrpt/1:1.4.0-1 [ITA] [RC]

[Jose Luis Blanco]

Package: sponsorship-requests
Severity: important

Dear mentors,

Since 2008, I have had one very kind mentor taking care of my package
"mrpt" (home page [1]),
but I have not had any news from him for more than ~1 month, so I
thought it would be a good
idea to find out if someone else would be willing to help with this big package.

The latest version, uploaded some weeks ago to mentors.d.n, solves
some RC bugs and
Lintian errors and warnings [2].

MRPT comprises many command-line and GUI applications, plus C++
libraries, for many tasks related to mobile robotics and computer vision, from
didactic applications for teaching up to modules for real-time navigation of
autonomous robots / vehicles.

The project was started in 2005, have been downloaded more than ~80k times
and is cited in ~300 scientific papers [3].

Next follows the standard RFS data:

 * Package name: mrpt
   Version : 1:1.4.0-1
   Upstream Author : Jose-Luis Blanco 
 * URL : http://www.mrpt.org/
 * License : BSD
   Section : science

  It builds those binary packages:

libmrpt-base1.4 - Mobile Robot Programming Toolkit - base library
 libmrpt-dbg - Mobile Robot Programming Toolkit - Debug libraries
 libmrpt-detectors1.4 - Mobile Robot Programming Toolkit - detectors library
 libmrpt-dev - Mobile Robot Programming Toolkit - Development headers
 libmrpt-gui1.4 - Mobile Robot Programming Toolkit - gui library
 libmrpt-hmtslam1.4 - Mobile Robot Programming Toolkit - hmtslam library
 libmrpt-hwdrivers1.4 - Mobile Robot Programming Toolkit - hwdrivers library
 libmrpt-kinematics1.4 - Mobile Robot Programming Toolkit - kinematics library
 libmrpt-maps1.4 - Mobile Robot Programming Toolkit - maps library
 libmrpt-nav1.4 - Mobile Robot Programming Toolkit - nav library
 libmrpt-obs1.4 - Mobile Robot Programming Toolkit - obs library
 libmrpt-opengl1.4 - Mobile Robot Programming Toolkit - opengl library
 libmrpt-slam1.4 - Mobile Robot Programming Toolkit - slam library
 libmrpt-tfest1.4 - Mobile Robot Programming Toolkit - tfest library
 libmrpt-topography1.4 - Mobile Robot Programming Toolkit - topography library
 libmrpt-vision1.4 - Mobile Robot Programming Toolkit - vision library
 mrpt-apps  - Mobile Robot Programming Toolkit - Console and GUI applications
 mrpt-common - Mobile Robot Programming Toolkit - Example datasets and files
 mrpt-doc   - Mobile Robot Programming Toolkit - Documentation and examples

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/mrpt

  Alternatively, one can download the package with dget using this command:

dget -x https://mentors.debian.net/debian/pool/main/m/mrpt/mrpt_1.4.0-1.dsc


Best,
Jose Luis

[1] http://www.mrpt.org/
[2] https://packages.qa.debian.org/m/mrpt.html
[3] 
https://scholar.google.es/scholar?q=(MRPT+AND+ROBOT)+OR+%22Mobile+Robot+Programming+Toolkit%22


-- 
___

Jose Luis Blanco-Claraco
CITE-IV 1.05
Universidad de Almería, Departamento de Ingeniería
04120 Almería (Spain)
http://www.ual.es/~jlblanco/
___

Bug#825238: ITP: stegosuite -- Steganography tool to hide information in image files

[asco]

Package: wnpp
Severity: wishlist
Owner: Tobias Ilte 

* Package name: stegosuite
  Version : 0.7.2
  Upstream Author : Stegosuite Developers 
* URL : https://dev.stegosuite.org/Stegosuite/Stegosuite
* License : GPL3
  Programming Lang: Java
  Description : Steganography tool to hide information in image files

Stegosuite is a graphical steganography tool to easily hide information in
image files. It allows the embedding of text messages and multiple files of any
type. In addition, the embedded data is encrypted using AES.
Currently supported file types are BMP, GIF and JPG.
Stegosuite is written in Java and utilizes the SWT toolkit for its interface.

Bug#824859: jessie-pu: package pepperflashplugin-nonfree/1.8.1+deb8u1

[Adam D. Barratt]

Control: tags -1 -moreinfo +confirmed

On Tue, 2016-05-24 at 23:21 +0200, Kristian Klausen wrote:
> Hi Adam
> 
> You definitely correct, I did the fix for 1.8.1 manual and simply forgot to 
> change that line.
> 
> Fixed debdiff

Please go ahead.

Regards,

Adam

Bug#825236: RFS: openfst/1.5.3-1 -- weighted finite-state transducers library

[Giulio Paci]

Package: sponsorship-requests
Severity: wishlist
X-Debbugs-CC: jw...@debian.org


Dear Jakub,

I am looking for a sponsor for my package "openfst".

 * Package name: openfst
   Version : 1.5.3-1
   Upstream Author : Cyril Allauzen , Michael Riley 

 * URL : http://www.openfst.org/
 * License : Apache-2.0
   Section : libs

It builds these binary packages:

libfst-tools - weighted finite-state transducers library (tools)
libfst3 - weighted finite-state transducers library (runtime)
libfst3-plugins-base -  weighted finite-state transducers library (base 
plugins)
libfst-dev - weighted finite-state transducers library (development)

To access further information about this package, please visit the
following Vcs URL:

 https://anonscm.debian.org/git/collab-maint/openfst.git

Regards,
   Giulio Paci

Bug#824859: jessie-pu: package pepperflashplugin-nonfree/1.8.1+deb8u1

[Kristian Klausen]

Hi Adam

You definitely correct, I did the fix for 1.8.1 manual and simply forgot to 
change that line.

Fixed debdiff

diff -Nru pepperflashplugin-nonfree-1.8.1/debian/changelog 
pepperflashplugin-nonfree-1.8.1+deb8u1/debian/changelog
--- pepperflashplugin-nonfree-1.8.1/debian/changelog    2014-12-21 
11:38:47.0 +0100
+++ pepperflashplugin-nonfree-1.8.1+deb8u1/debian/changelog    2016-05-20 
15:25:49.0 +0200
@@ -1,3 +1,11 @@
+pepperflashplugin-nonfree (1.8.1+deb8u1) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * Update Google public key. Closes: #823005.
+  * Remove 32 bit support. Closes: #816848.
+
+ -- Kristian Klausen   Fri, 20 May 2016 15:08:52 +0200
+
 pepperflashplugin-nonfree (1.8.1) unstable; urgency=medium
 
   * debian/control: Pre-Depends: ca-certificates.  Closes: #773629.
diff -Nru pepperflashplugin-nonfree-1.8.1/debian/control 
pepperflashplugin-nonfree-1.8.1+deb8u1/debian/control
--- pepperflashplugin-nonfree-1.8.1/debian/control    2014-12-21 
11:40:47.0 +0100
+++ pepperflashplugin-nonfree-1.8.1+deb8u1/debian/control    2016-05-24 
23:17:59.0 +0200
@@ -7,7 +7,7 @@
 Homepage: http://wiki.debian.org/PepperFlashPlayer
 
 Package: pepperflashplugin-nonfree
-Architecture: i386 amd64
+Architecture: amd64
 Depends: debconf | debconf-2.0, wget, gnupg, libatk1.0-0, libcairo2, 
libfontconfig1, libfreetype6, libgcc1, libglib2.0-0, libgtk2.0-0 (>= 2.14), 
libnspr4, libnss3, libpango-1.0-0 | libpango1.0-0, libstdc++6, libx11-6, 
libxext6, libxt6, libcurl3-gnutls, binutils, ${misc:Depends}, ${shlibs:Depends}
 Pre-Depends: ca-certificates
 Suggests: chromium, ttf-mscorefonts-installer, ttf-dejavu, 
ttf-xfree86-nonfree, hal
diff -Nru pepperflashplugin-nonfree-1.8.1/pubkey-google.txt 
pepperflashplugin-nonfree-1.8.1+deb8u1/pubkey-google.txt
--- pepperflashplugin-nonfree-1.8.1/pubkey-google.txt    2013-07-07 
23:30:38.0 +0200
+++ pepperflashplugin-nonfree-1.8.1+deb8u1/pubkey-google.txt    2016-05-20 
15:09:27.0 +0200
@@ -1,5 +1,5 @@
 -BEGIN PGP PUBLIC KEY BLOCK-
-Version: GnuPG v1.4.12 (GNU/Linux)
+Version: GnuPG v1.4.2.2 (GNU/Linux)
 
 mQGiBEXwb0YRBADQva2NLpYXxgjNkbuP0LnPoEXruGmvi3XMIxjEUFuGNCP4Rj/a
 kv2E5VixBP1vcQFDRJ+p1puh8NU0XERlhpyZrVMzzS/RdWdyXf7E5S8oqNXsoD1z
@@ -11,89 +11,88 @@
 4XmfTg4Jl8BNjWyvm2Wmjfet41LPmYJKsux3g0b8yzQxeOA4pQKKAU3Z4+rgzGmf
 HdwCG5MNT2A5XxD/eDd+L4fRx0HbFkIQoAi1J3YWQSiTk15fw7RMR29vZ2xlLCBJ
 bmMuIExpbnV4IFBhY2thZ2UgU2lnbmluZyBLZXkgPGxpbnV4LXBhY2thZ2VzLWtl
-eW1hc3RlckBnb29nbGUuY29tPohGBBARAgAGBQJI0l69AAoJEOX7qSII6c/vXlAA
-nRMVIdPPqa3pK5spqHhTm5ousadaAJ4/R1aIaCBuXZ7USVxAG4XZJSy4MohGBBAR
-AgAGBQJI6REUAAoJEB/WbxUKhkqxtRMAoMPojw3H7kfP06xbTBcV6l4iL/C3AJ98
-nOh6qM4/P7WiIKmnT85zTThqL4hGBBARAgAGBQJI6lFPAAoJEIYuYz+rQ7NyBkEA
-mgNkqNBIDVilTtYcmHQAY85o8IlaAJ9NjeoM2kbcm0jZF1T6s9BXSumdF4hGBBAR
-AgAGBQJJDe71AAoJEPtAr6/rDx3gTqEAoLj8mkNVfhZtuZc//dUc/+CT+wy5AJ9I
-GZ+DJxo1Uw88O3/JmTNY+E1UMohGBBARAgAGBQJJytn7AAoJELHZ4eeDAWJpb5QA
-njQH8SI8gYJe+pOwslqnxkvqMi36AKCFJ5BT72qPwUi2yU78tL0/RFavlYhGBBAR
-AgAGBQJJzsFXAAoJEPaz08bs2Ur9dK4AoIl6RPzXvTP8yfp0seh4kRC5uUQMAJ40
-K5qygoSMgEiUkSbePn/bY9Xal4hGBBARAgAGBQJJ0uWaAAoJEK2TkXqe2Mfq/RgA
-njEsJepPsxEis/lDD7YuM/t85FliAJ0d0Ddbp8ifzIZOLBLvUouw+wl2k4hGBBAR
-AgAGBQJLhWfpAAoJEO982nELrv7lkLcAoMMz2LXDqwm5zNvgDzfk4TK359RMAJ42
-WbSlBnHBse8opPGZxP5OGTxOCohGBBARAgAGBQJLmFHwAAoJEPbGY9YaoejMdW4A
-oMBWV6GZPH7xh18Grvesqhdmt6JDAKCjSVQQj3qqVo9TfixY9wqfl6C1JohGBBAR
-AgAGBQJMhzgkAAoJEI1KrrtrN/ZMWDYAnj18QFBbCKR+91iRgk9f9ZLlPBanAJ9Q
-2TwtmywhpbSPTIKeHofbQAlQGohJBBARAgAJBQJI6JhfAgcAAAoJEDl7jO4+/nb3
-mvgAoMLktv7ux+CWSAYt3596ieWdmCWAAJ9jkPCZ7Y3IDDft1FpJF+B6o1gIaIhJ
-BBARAgAJBQJI6JiJAgcAAAoJEFU+IjujcFDZxR8An2tmuQcxpz+G0Hi3BSH+qSLY
-2UexAJsG2mT5eU64GLg4Nv/0n1IVooCd+ohJBBARAgAJBQJI6Ji/AgcAAAoJEEgY
-SAfSQni5F1EAn0125ALPoZkC8lcgWCtaCqa7E+mKAKCGbXJl6Yp8xO+VzmU2Y6AI
-UP1Ia4hJBBARAgAJBQJI6lluAgcAAAoJEDUGMV/UfORJRSwAmwcMo8TpMMdpolFH
-nr9qbrG0OZFzAJ40G4I0ppq1JCXbgkqP/gz31S2ozYhjBBMRAgAjAhsDBgsJCAcD
-AgQVAggDBBYCAwECHgECF4AFAkYVdn8CGQEACgkQoECDD3+sWZHKSgCfdq3HtNYJ
-Lv+XZleb6HN4zOcFAJEAniSFbuv8V5FSHxeRimHx25671az+iQEcBBABAgAGBQJG
-i+tTAAoJEO703Vx2zDVi0G8H/0uf1abwRVQ6/3gB5NtwNyNDZjcglrhvrjEerrBf
-W2PDNwCw2eZ7tiBIdWzv4gPCEr7U3PiuJGcPr6vVKplIGHIatNP4DySilg8WT8Rk
-I5ng+qhZl1VslcOf1tXRqn+ual3DJeDiE8P4EGdMmDwHzNXJ1g4ZzJGQ0Px5fSvS
-f6l+yma5/YRcEKP1AqkWbcA0aIX3yYYWhBxOpZSF0FIQEJiSU3AUkclq+nkvOHc+
-gyJWh3UMEdNmbwizYB+AZxHOTduPCJGxMVFPFHz258owhmFE4KaCuVqDg2wjvGED
-fFMlY1BPrCZJv8wRIi43Z7etj08fG+r7NbKYf0+gN3+xQWiJARwEEAECAAYFAkwf
-8fMACgkQytrzOKUJG1b1XAgAi4W4zCU32w9QIGpVRL5x6Zh8XaRV5PDhyYYwBHqO
-wIXs6ukG2BweCN3tpLZwKJBnKsBpfMzctZu4sR7g7P2fLgwmf108XIB3lk0SPc2+
-2clVkw3FD4riTNdydwKJweVSVRDngnsShwA11UwGZd3oo2Vol3lyu6P1vw6G8vTI
-68E6hBDwoEWHVGuBezJNr7mMklp3RGzL9jpI7weGseP3FNFdiWLo1xRpx0RLbQZC
-k6PiK6SMb7hfeSZ6x96IHDmPrcoZOKas8nLT58JMhGdy8aI3h1jj5bT3FCWIeB3n
-6j9C/YJb9Ho3/caLfverKfCnrnSFxenVP5XU1KOk79J1N4kBHAQQAQIABgUCT+xD
-3wAKCRAutzB2dnteCbodB/4ga4iQQSpWXJHL6tUEhTv/HYXuAXIoKPVmp3Rbos3z
-NPtDVF+COVuSzkefiero1O78/7zwNoOTY+fZiD1WuFtI6JGl68MjV2ArzWcbKt65
-y

Bug#825235: obnam: make --exclude work during restore

[Nemo Inis]

Package: obnam
Version: 1.19.1-1
Severity: wishlist

Dear Maintainer,

I wanted to restore (from scratch) a system where / and /home are mounted on
separate partitions, but backed into the same obnam repository.

First try was to mount /dev/newdrive1 on /target, /dev/newdrive2 on
/target/home, then have obnam restore the last backup to /target.
Can't do that: obnam won't restore to a non-empty dir. (which, by the way, also
includes "lost+found" so you can't restore to a blank partition unless you get
rid of that first.)

Second try was to restore --exclude /home/ --to /target
Can't do that: obnam ignores --exclude during restore.

I ended up listing every root folder except home in the restore command, then
create and mount home, and restore that. This kind of pain could be avoided if
--exclude worked on restore commands. I'm sure there are lots of other use
cases for this.

Bonus points if you also let obnam restore to a non-empty dir (with a --force-
merge option), merging source dirs into existing target dirs, and overwriting
existing files.

Thanks!



-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.5.0-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages obnam depends on:
ii  libc6 2.22-7
ii  python2.7.11-1
ii  python-cliapp 1.20160316-1
ii  python-fuse   2:0.2.1-12
ii  python-larch  1.20151025-1
ii  python-paramiko   1.16.0-1
ii  python-tracing0.9-1
ii  python-ttystatus  0.32-1
ii  python-yaml   3.11-3+b1

obnam recommends no packages.

obnam suggests no packages.

-- no debconf information

Bug#825087: jessie-pu: package chrony/1.30-2+deb8u2

[Vincent Blut]

On Tue, May 24, 2016 at 09:39:13PM +0100, Adam D. Barratt wrote:

Control: tags -1 + confirmed

On Mon, 2016-05-23 at 15:28 +0200, Vincent Blut wrote:

Could you please accept chrony 1.30-2+deb8u2 in the next jessie point
release? It fixes three issues of different magnitudes.

The most important one is the fix for CVE-2016-1567 though it didn’t
warrant a DSA.

The next one might sound probably not important enough to be fixed in a
stable point release but it has some nasty consequences. We are
mistakenly deleting the content of /var/lib/chrony on package removal.
This directory contains the driftfile and the measurement history for
each time source. The former file has a particularly important role, it
stores the gain or loss rate of the system clock relative to the RTC
which could take some time to calculate depending of how crappy the RTC
is so it would be definitely better if we could avoid to delete it each
time chrony is upgraded or installed from Config-Files state.

To conclude, the last fix revises the postrotate script from the
logrotate configuration file. It suffers from two issues, the first one
is that it assumes the commandkey directive from chrony.conf takes ID 1,
that’s not necessarily true!


Please go ahead.


Thanks Adam!

Paul, I just pushed these changes to the “jessie” branch; could you 
please build, sign and upload?



Regards,

Adam


Cheers,
Vincent



signature.asc
Description: PGP signature

Bug#824196: [Pkg-clamav-devel] Bug#824196: clamav-daemon: clamd crashes daily

[Sebastian Andrzej Siewior]

On 2016-05-23 16:26:51 [-0600], Will Aoki wrote:
> After a fresh start, it's steady at 9 until I scan the file at
> ,
> after which it increases. Scanning other PDFs from 
> 
> also makes clamd leak file descriptors, as do all the PDFs from outside
> sources that I've tried.

That is something. Would you mind to send me your clamd.conf +
/var/lib/clamav without the daily.cvd + main.cvd? I just tried it with
those pdf and nothing here leaks fds.

Sebastian

Bug#825184: Please which tasks should be installed at a default installation of the blend

[Sebastiaan Couwenberg]

Control: tags -1 pending

Hi Ole,

Thanks for your work on Blends support in D-I.

On 05/24/2016 01:52 PM, Ole Streicher wrote:
> in the alpha-6 release of the Debian installer, a preliminary way was
> introduced to install a default package selection for each Debian Pure
> Blend:
> 
> https://lists.debian.org/debian-devel-announce/2016/05/msg4.html
> 
> To get this alive, it is needed to define which tasks shall be included
> into the package selection. The easiest way here is to put a keyword
> 
> Install: true
> 
> into the headers of all tasks which should be installed by default if
> the Debian GIS blend is selected.

I've marked the workstation & osm tasks as suggested, I think these are
the most relevant metapackages for the Debian GIS blend.

I'm not sure if there is much interest in have Debian GIS as an option
in the Debian Installer amongst our users. I'd like to hear from others
if they have an interest in this.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#825064: Bacula director does not start silently due to database mismatch

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Di den 24. Mai 2016 um 18:02 schrieb Paul Gevers:
> > Klaus is of the opinion that setting it to 'true' will reinstall the
> > database on updates, for that he quotes the question about
> > reinstallation asked when doing "dpkg-reconfigure ".
> 
> dbconfig-common will not reinstall the database on updates. If it ever
> does that it is a grave bug. Klaus is right however that the database
> can be reinstalled with dpkg-reconfigure, so you can loose the old
> database that way, but that is intended behavior. The text he quotes is
> however not the question that gets asked during upgrades. The text
> during upgrades is given below and says nothing about reinstallation of
> the database.

I didn't get the option at all to upgrade the database. I only always
got the quoted question ever.

> The reason why dbc_install=false drops the full support of
> dbconfig-common is because that is the variable that is set during the
> initial installation (and the only one if one opts-out of support). So
> we need to check this before anything else. If you didn't want install
> support, it doesn't make sense to ask if you want upgrade support.

And that might be the problem. At the initial installation that was
handled via dbconfig, I already had a populated database that I couldn't
risk to lose. For that reason I answered the already quoted question
with "no" in the first place.

There was never a question about update.

And, if I could remember correct, there was database upgrades in the
past that was working. But that might be before dbconfig.

> The config file says this:
> # dbc_install: configure database with dbconfig-common?
> #  set to anything but "true" to opt out of assistance
> dbc_install='$(dbc_sq_escape $dbc_install)'
> 
> It doesn't say anything about installing the database every time, nor
> does the description say that it is valid for install only. I agree
> however that the variable name may be misleading. I am NOT going to
> change that however as that would be too likely to cause other bugs.
> However, the description can be improved if we find the current text not
> good enough. If we go that route, I would like to ask advice from
> debian-l10n-english@l.d.o. On the other hand, typically those values get
> set from the debconf questions, so those questions are more important
> and we reviewed them multiple times.

I never edited that file before. I always used dpkg-reconfigure (or the
debconf question at the begin). And that was when the database already
existed.

However, I don't think that the name should be changed but it should do
what it is named for. If install is false and upgrade is true, that is
exactly what I have here and it should upgrade the database independent
of the install setting.

> Text on upgrade:
> _Description: Perform upgrade on database for ${pkg} with dbconfig-common?
>  According to the maintainer for this package, database upgrade
>  operations need to be performed on ${pkg}. Typically, this is due to
>  changes in how a new upstream version of the package needs to store
>  its data.
>  .
>  If you want to handle this process manually, you should
>  refuse this option. Otherwise, you should choose this option.
>  During the upgrade, a backup of the database will be made in
>  /var/cache/dbconfig-common/backups, from which the database can
>  be restored in the case of problems.

Fine for me; if I ever would have gotten that question.

However, beside that problem of the upgrade itself, I also complained
about that bacula-dir died silently and the only way to find out why is
using the debug switch. More over, the init script told a successful
restart.

Regards
   Klaus
- -- 
Klaus Ethgen  http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Charset: ISO-8859-1

iQGcBAEBCgAGBQJXRLxOAAoJEKZ8CrGAGfasVUEL/RAmhHlWKQoNm+Ycmuz7XktJ
zqjMScVUD072ovZsxpKswiehXPOJm6Q1CPd3QHSWmmdrJdE8w943+bhHOM5A5ALU
n8JpRNKFhLdaiEMz+1nWJs7VCsckaJL95ZBmZjU5JM2T4Q72NDSzQ6uKPH+sb5ea
T/f77SIxi/RIFeJGSEl6e36RjG1t7nTq6jK4BougmXp/FSRVMBl75FLfe6P5GPDE
BYyKHaqVOFG8QrggMV3fdg2SRnFOT5DM3b0Fk7vPP0ZLuxDboVMi5mAJWwCADZ4E
xDJMoJnJKOxKjuBIDxTsmMkFqtZqqUsxCczTvlrx261qJcMoC0mryRIIn4Y0pHkh
iB574gqUUSS+MV/ZlFgd48x98A/GokXnKApxtA/JKg5UC8viM+btAKybrkVdkeQe
rYNXk20aKp7AP7Kqvam5cpJilnnxmsapVE8TsV8bgdC6qCxB+2nqvTn8Ceh/5gXb
Fut7Fsi+8wzyJ02iBOH94zaP+AH4NkXx0DuvVEJ9sw==
=KYN0
-END PGP SIGNATURE-

Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Mon, 2016-05-16 at 17:30 +0200, Salvatore Bonaccorso wrote:
> libksba in jessie is affected by some CVEs which do not neccessarly
> seem to need a DSA. I would like to propose the attached
> debdiff/update for libksba via the next jessie point release.
> 
> Would you accept that upload? I took the git commits without
> modifying, thus the first patch as well updates the copyright years
> notice in one file. I can drop that if you prefer.
> 
> The "Fix an OOB read access in _ksba_dn_to_str" patch is an addition
> to CVE-2016-4356 required. If we do not apply that one libskba will be
> affected by CVE-2016-4574.

Please go ahead.

Regards,

Adam

Bug#823864: [pkg-lxc-devel] Bug#823864: libpam-cgfs: installing libpam-cgfs from backport on stable prevent session from opening

[Evgeni Golov]

Hi Xavier,

On Thu, May 19, 2016 at 01:27:58PM +0200, Xavier Quost wrote:
> Sorry for this late answer.

No worries, my time is limited too and I also answer slowly ;)

> > Could you still provide stippets of auth.log and messages around that
> > time? Just to crosscheck.

[ nothing suspicious ]

> > Do you mean you have other Jessie systems where libpam-cgfs does not
> > trigger this behaviour?
> Yes, but on those systems, there was no attempt to install lxc
> 
> > Do you by any chance have SELinux or AppArmor enabled on these boxes?
> Yes, apparmor comes as a requirement of lxc

It's only a recommends (and was even droped to suggests in Sid now). You can 
safely deinstall it. Does that change anything?

> What would be the following steps ?

I'm still trying to reproduce this in my setup, but can't :/

So far I have tried the following combinations:
jessie + libpam-cgfs 2.0
jessie + libpam-cgfs 2.0 + lxc 2.0 + lxcfs 2.0
jessie + libpam-cgfs 2.0 + lxc 2.0 + lxcfs 2.0 + apparmor
jessie + libpam-cgfs 2.0 + lxc 2.0 + lxcfs 2.0 + apparmor + linux-image-4.5
jessie + libpam-cgfs 2.0 + lxc 2.0 + lxcfs 2.0 + apparmor + linux-image-4.5 + 
cgroup-*

all of them allow ssh and console logins for root and a user just fine.

Any pointers how to reproduce your setup would be awesome.

Greets
Evgeni

Bug#825153: nslcd: Numerous ' request denied by validnames option' log entries

[Arthur de Jong]

On Tue, 2016-05-24 at 16:24 -0400, Daniel Richard G. wrote:
> > No, I'm pretty sure it is some sort of lookup that is meant to
> > return nu users at all or a misconfiguration somewhere.
> 
> If I can find what is doing this, should the behavior be
> considered a bug?

At the very least it is weird behaviour. I don't expect any NSS module
would return useful information. It could be a compat lookup thing but
I thought it only worked on "+" entries, not "*" and those entries are
only supported in flat files (/etc/passwd, /etc/shadow).

If you could track it down I would be very interested to know why some
application would do that. If this is some kind of standard use of the
API I'm not aware of perhaps that would be an argument to change the
behaviour of nslcd.

Running nslcd in debug mode will show application pids that perform the
request, that will probably help in tracking it down.

Thanks,

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --

signature.asc
Description: This is a digitally signed message part

Bug#825087: jessie-pu: package chrony/1.30-2+deb8u2

[Adam D. Barratt]

Control: tags -1 + confirmed

On Mon, 2016-05-23 at 15:28 +0200, Vincent Blut wrote:
> Could you please accept chrony 1.30-2+deb8u2 in the next jessie point 
> release? It fixes three issues of different magnitudes.
> 
> The most important one is the fix for CVE-2016-1567 though it didn’t 
> warrant a DSA.
> 
> The next one might sound probably not important enough to be fixed in a 
> stable point release but it has some nasty consequences. We are 
> mistakenly deleting the content of /var/lib/chrony on package removal.  
> This directory contains the driftfile and the measurement history for 
> each time source. The former file has a particularly important role, it 
> stores the gain or loss rate of the system clock relative to the RTC 
> which could take some time to calculate depending of how crappy the RTC 
> is so it would be definitely better if we could avoid to delete it each 
> time chrony is upgraded or installed from Config-Files state.
> 
> To conclude, the last fix revises the postrotate script from the 
> logrotate configuration file. It suffers from two issues, the first one 
> is that it assumes the commandkey directive from chrony.conf takes ID 1, 
> that’s not necessarily true!

Please go ahead.

Regards,

Adam

Bug#807339: qgis: saga not available in processing toolbox

[Sebastiaan Couwenberg]

Control: forwarded -1 http://hub.qgis.org/issues/13279

On 05/04/2016 10:40 AM, Bas Couwenberg wrote:
> There is currently no explicit support for SAGA >= 2.2.4. There is an
> outstanding issue in the upstream issue tracker about changes required
> for SAGA 2.24:
> 
>  http://hub.qgis.org/issues/14735

The upstream issue was just rejected stating:

"
 This known issue with SAGA. SAGA devs break API in every minor version
 making maintenance really hard.
"

Further discussion is this issue: http://hub.qgis.org/issues/13279

> With the frequent API breakage in new SAGA releases, and the lack of
> manpower in the QGIS project to keep the SAGA processing plugin updated,
> I remain sceptical of our ability to support SAGA in QGIS.
>  
> https://lists.osgeo.org/pipermail/qgis-developer/2015-December/040797.html
> 
> I'd like to hear Johans opinion on SAGA support in QGIS.

Not updating SAGA to newer upstream releases when we have a working
QGIS/SAGA combination is not a very appealing option. It does seem to me
the best way to have a working combination in stable without the need
for additional repositories (backports or 3rd party).

If the SAGA developers were to adopt LTS releases, this would greatly
getting those versions supported in QGIS. We can then target those
releases for inclusion in stable.

In the mean time there is not much we as distribution maintainers can do
about this issue, unless we stop keeping SAGA current to allow QGIS to
catch up or actively port the SAGA Processing support in QGIS for every
new SAGA release.

@Johan, what can you tell us about this issue from the SAGA point of view?

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#818549: jessie-pu: package icedtea-web/1.5.3-1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Thu, 2016-03-17 at 23:06 +0100, Moritz Muehlenhoff wrote:
> I'd like to update icedtea-web in jessie to 1.5.3 in the next
> jessie point release. This fixes two security issues (CVE-2015-5234,
> CVE-2015-5235), which are not easily backportable, so I rather made
> the update to the minor point update which fixes those (similar
> to what we do with openjdk-7 itself).
> 
> I've tested this on a jessie with various web applets I could
> find (fortunately finding these in the wild is becoming increasingly
> difficult!).
> 
> The debdiff is here: https://people.debian.org/~jmm/icedtea-web.debdiff
> (the actual change to the debian/ directory is just the changelog
> entry bump). Ubuntu has also updated to those point bugfix updates
> in USNs for a while now.

I'm not exactly overjoyed by the size of the diff, but it's Java is
stable, so I'm just going to close my eyes and assume you know what
you're doing. :-)

Regards,

Adam

Bug#824859: jessie-pu: package pepperflashplugin-nonfree/1.8.1+deb8u1

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Fri, 2016-05-20 at 15:31 +0200, Kristian Klausen wrote:
> This makes pepperflash work again on jessie, it fix rc bug #823005 and 
> #816848.
> But not #818540, which isn't relevant for jessie, as jessie isn't getting APT 
> 1.2.7.

The diff appears to be missing the implementation of

+  * Remove 32 bit support. Closes: #816848.

Regards,

Adam

Bug#825221: jessie-pu: package hivex/1.3.10-2+deb8u2

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2016-05-24 at 20:58 +0200, Hilko Bengen wrote:
> I'd like to update hivex, backporting a patch from 1.3.13-2 that fixes
> ruby-hivex so that it is actually usable:
> 
> hivex (1.3.10-2+deb8u2) jessie; urgency=medium
> 
>   * Fix ruby-hivex installation (Closes: #819261)

Please go ahead.

Regards,

Adam

Bug#825232: jessie-pu: package nmap/6.47.3+deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2016-05-24 at 22:11 +0200, Hilko Bengen wrote:
> nmap (6.47-3+deb8u1) jessie; urgency=medium
> 
>   * Added upstream patch to deal with unuseable socks proxy (Closes:
> #773817)
>   * Apply patch by Jan Nordholz to ignore unenumerable interfaces (Closes:
> #821913)
>   * Moved ndiff.py from zenmap to ndiff, added versioned Breaks/Replaces
> (Closes: #789776, #789897)

Please go ahead.

Regards,

Adam

Bug#825226: jessie-pu: package evince/3.14.1-2+deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2016-05-24 at 14:31 -0500, Jason Crain wrote:
> I would like to patch a couple of bugs in the stable release of evince.
> 
> * reload-page-count.patch.  Fix crash when document has pages removed and
> is reloaded.  Update the end page index when the document is reloaded
> (Closes: #805276).  This effects people who use evince as a previewer while
> working in latex or a similar typesetter.
> 
> * check-load-job-success.patch.  Fix crash in recent documents view when
> a recent document fails to load.  Check whether a document's load job failed
> before creating it's thumbnail (Closes: #762719).  It's possible to get into a
> situation where evince is unusable because you've recently viewed a password
> protected PDF.  Evince is unable to create a thumbnail for the PDF and crashes
> on startup.

++/* When a document is reloaded, it may have less pages.

*cough* fewer *cough* (I realise this is a direct copy of the upstream
patch, so it's fine to leave as is).

Please go ahead.

Regards,

Adam

Bug#825153: nslcd: Numerous ' request denied by validnames option' log entries

[Daniel Richard G.]

On Tue, 2016 May 24 20:47+0200, Arthur de Jong wrote:
>
> I'm not really sure what triggers it but I also see this in the logs a
> lot. I just ignore it. It could be that nscd makes it more difficult
> to trigger because it sometimes also caches negative hits.
> Furthermore, the application may be caching it.

Ah, yes, that makes sense. I'm using nscd as well.

> > I claim ignorance as to why this request occurs (is this really
> > supposed to return a list of all users?)
>
> No, I'm pretty sure it is some sort of lookup that is meant to return
> nu users at all or a misconfiguration somewhere.

If I can find what is doing this, should the behavior be
considered a bug?

(I'd be happy to file a report, as long as the maintainer is not likely
to respond with "working as designed, closing.")

> To not report it as an invalid name you could set validnames to
>
> /^[a-z0-9._@$()*]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i
>
> but that is a bit ugly and it results in a useless LDAP search
> each time.

Yes, I'd want to avoid the extra network chatter (and server load, once
you're talking about many clients).

Bug#825234: RM: nailgun-agent -- ROM; duplicate package, renamed as fuel-nailgun-agent

[Thomas Goirand]

Package: ftp.debian.org
Severity: normal


Hi,

Out of consitancy, I renamed nailgun-agent as fuel-nailgun-agent. Please RM
nailgun-agent so we have only a single copy of the package in the archive.

Cheers,

Thomas Goirand (zigo)

Bug#822627: gnome-session-common: doesn't uninstall cleanly

[Laurent Bigonville]

On Mon, 25 Apr 2016 21:20:04 +0200 Christoph Anton Mitterer 
 wrote:

>
> Hey.
>
> On purging gnome-session-common the following happens:
> Purging configuration files for gnome-session-common (3.20.1-1) ...
> dpkg: warning: while removing gnome-session-common, directory 
'/usr/share/gnome/applications' not empty so not removed

>
> # ls -al /usr/share/gnome/applications
> total 4
> drwxr-xr-x 1 root root 28 Apr 25 21:16 .
> drwxr-xr-x 1 root root 110 Apr 18 16:13 ..
> -rw-r--r-- 1 root root 13 Apr 25 21:16 mimeinfo.cache
> # cat /usr/share/gnome/applications/mimeinfo.cache
> [MIME Cache]
> #
>
> Well not sure what placed that file there, at least I didn't do it 
manually.


TBH I'm not sure what is generating this file.

The dpkg message is coming from the fact that the directory was once 
owned by gnome-session package, but it's not the case anymore.


Just tried to install and purge the pkg in a chroot and this file is 
definitely not created.

Bug#825232: jessie-pu: package nmap/6.47.3+deb8u1

[Hilko Bengen]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I would like to update nmap in jessie, fixing a packaging issue with the
ndiff package that renders it unusable (unless zenmap which pulls in a
bunch of GUI-related libraries is also installed) and two upstream
issues that make the nmap itself unusable under certain conditions.

nmap (6.47-3+deb8u1) jessie; urgency=medium

  * Added upstream patch to deal with unuseable socks proxy (Closes:
#773817)
  * Apply patch by Jan Nordholz to ignore unenumerable interfaces (Closes:
#821913)
  * Moved ndiff.py from zenmap to ndiff, added versioned Breaks/Replaces
(Closes: #789776, #789897)

 -- Hilko Bengen   Tue, 24 May 2016 22:04:40 +0200

Cheers,
-Hilko
diff -Nru nmap-6.47/debian/changelog nmap-6.47/debian/changelog
--- nmap-6.47/debian/changelog	2014-10-11 19:37:20.0 +0200
+++ nmap-6.47/debian/changelog	2016-05-24 22:05:41.0 +0200
@@ -1,3 +1,14 @@
+nmap (6.47-3+deb8u1) jessie; urgency=medium
+
+  * Added upstream patch to deal with unuseable socks proxy (Closes:
+#773817)
+  * Apply patch by Jan Nordholz to ignore unenumerable interfaces (Closes:
+#821913)
+  * Moved ndiff.py from zenmap to ndiff, added versioned Breaks/Replaces
+(Closes: #789776, #789897)
+
+ -- Hilko Bengen   Tue, 24 May 2016 22:04:40 +0200
+
 nmap (6.47-3) unstable; urgency=medium
 
   * Updated German translation of zenmap, thanks to Chris Leick (Closes:
diff -Nru nmap-6.47/debian/control nmap-6.47/debian/control
--- nmap-6.47/debian/control	2014-10-11 19:36:35.0 +0200
+++ nmap-6.47/debian/control	2016-05-24 22:01:36.0 +0200
@@ -54,6 +54,8 @@
 Architecture: all
 Recommends: nmap
 Conflicts: nmap (<< ${source:Version})
+Breaks: zenmap (<< 6.47-5~)
+Replaces: zenmap (<< 6.47-5~)
 Depends: ${python:Depends}, ${misc:Depends}, python-lxml,
 Description: The Network Mapper - result compare utility
  Ndiff is a tool to aid in the comparison of Nmap scans. It takes two
diff -Nru nmap-6.47/debian/ndiff.install nmap-6.47/debian/ndiff.install
--- nmap-6.47/debian/ndiff.install	2014-05-30 21:40:10.0 +0200
+++ nmap-6.47/debian/ndiff.install	2016-05-24 21:06:33.0 +0200
@@ -1,2 +1,3 @@
 usr/bin/ndiff
 usr/share/man/man1/ndiff.1
+usr/lib/python2.7/*/ndiff.py
diff -Nru nmap-6.47/debian/patches/0004-Fail-early-when-unable-to-properly-resolve-proxy-nam.patch nmap-6.47/debian/patches/0004-Fail-early-when-unable-to-properly-resolve-proxy-nam.patch
--- nmap-6.47/debian/patches/0004-Fail-early-when-unable-to-properly-resolve-proxy-nam.patch	1970-01-01 01:00:00.0 +0100
+++ nmap-6.47/debian/patches/0004-Fail-early-when-unable-to-properly-resolve-proxy-nam.patch	2016-05-24 21:05:44.0 +0200
@@ -0,0 +1,31 @@
+From: Hilko Bengen 
+Date: Mon, 27 Apr 2015 00:05:21 +0200
+Subject: Fail early when unable to properly resolve proxy names.
+
+This is a backported patch from r33198 from upstream SVN.
+---
+ nsock/src/nsock_proxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nsock/src/nsock_proxy.c b/nsock/src/nsock_proxy.c
+index 4850869..8b19ef2 100644
+--- a/nsock/src/nsock_proxy.c
 b/nsock/src/nsock_proxy.c
+@@ -368,7 +368,7 @@ static struct proxy_node *proxy_node_new(char *proxystr) {
+ break;
+ 
+   if (pspec->ops->node_new(&proxy, &uri) < 0)
+-proxy = NULL;
++fatal("Cannot initialize proxy node %s", proxystr);
+ 
+   uri_free(&uri);
+ 
+@@ -455,7 +455,7 @@ int proxy_resolve(const char *host, struct sockaddr *addr, size_t *addrlen) {
+ 
+   rc = getaddrinfo(host, NULL, NULL, &res);
+   if (rc)
+-return -rc;
++return -abs(rc);
+ 
+   *addr = *res->ai_addr;
+   *addrlen = res->ai_addrlen;
diff -Nru nmap-6.47/debian/patches/0005-Ignore-errors-when-enumerating-interfaces.patch nmap-6.47/debian/patches/0005-Ignore-errors-when-enumerating-interfaces.patch
--- nmap-6.47/debian/patches/0005-Ignore-errors-when-enumerating-interfaces.patch	1970-01-01 01:00:00.0 +0100
+++ nmap-6.47/debian/patches/0005-Ignore-errors-when-enumerating-interfaces.patch	2016-05-24 22:02:10.0 +0200
@@ -0,0 +1,32 @@
+From: Jan Christoph Nordholz 
+Subject: Ignore errors when enumerating interfaces
+
+When _intf_get_noalias() or _intf_get_aliases() fail, that usually means
+that addr_ston() failed to grab the address for a certain family. As new
+address families pop up all the time it seems ridiculous that failing to
+parse a single address type should render the whole interface scan empty.
+Instead the interface should just be skipped and the other interfaces
+reported properly.
+---
+ libdnet-stripped/src/intf.c | 6 ++
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/libdnet-stripped/src/intf.c b/libdnet-stripped/src/intf.c
+index b71fb82..6266a9f 100644
+--- a/libdnet-stripped/src/intf.c
 b/libdnet-stripped/src/intf.c
+@@ -928,12 +928,10 @@ intf_loop(intf_t *intf, intf_handler callbac

Bug#825233: libkinosearch1-perl: FTBFS with Perl 5.24: t/303-highlighter.t failure

[Niko Tyni]

Package: libkinosearch1-perl
Version: 1.01-3
Severity: important
User: debian-p...@lists.debian.org
Usertags: perl-5.24-transition

This package fails to build with Perl 5.24 (currently in experimental).
A full build log is available at
  http://perl.debian.net/rebuild-logs/perl-5.24/libkinosearch1-perl_1.01-3/

The \C character class has been removed, quoting
  http://search.cpan.org/~rjbs/perl-5.24.0/pod/perldelta.pod

   This regular expression character class was deprecated in v5.20.0
   and has produced a deprecation warning since v5.22.0. It is now a
   compile-time error. If you need to examine the individual bytes that
   make up a UTF8-encoded character, then use utf8::encode() on the string
   (or a copy) first.

>From the build log:

  \C no longer supported in regex; marked by <-- HERE in m/
  \A
  (
  \ <-- HERE C{0,66}?
  \.\s+
  )
  / at 
/<>/blib/lib/KinoSearch1/Highlight/Highlighter.pm line 87.
  # Looks like you planned 9 tests but ran 3.
  # Looks like your test exited with 9 just after 3.
  t/303-highlighter.t ... 
  1..9
  ok 1 - use KinoSearch1::Searcher;
  ok 2 - use KinoSearch1::Analysis::Tokenizer;
  ok 3 - use KinoSearch1::Highlight::Highlighter;
  Dubious, test returned 9 (wstat 2304, 0x900)
  Failed 6/9 subtests 

-- 
Niko Tyni   nt...@debian.org

Bug#825231: libdevel-beginlift-perl: FTBFS with Perl 5.24: t/constcalc.t failure

[Niko Tyni]

Package: libdevel-beginlift-perl
Version: 0.001003-1
Severity: important
User: debian-p...@lists.debian.org
Usertags: perl-5.24-transition

This package fails to build with Perl 5.24 (currently in experimental).
A full build log is available at
  
http://perl.debian.net/rebuild-logs/perl-5.24/libdevel-beginlift-perl_0.001003-1/


  t/constcalc.t .. 
  ok 1 - compile-time foo call first
  ok 2 - manual warning
  not ok 3 - const return from compile-time foo
  
  #   Failed test 'const return from compile-time foo'
  #   at t/constcalc.t line 28.
  #  got: 'Warning: something's wrong at t/constcalc.t line 15.
  # '
  # expected: '4
  # '
  ok 4 - bar called at run-time
  ok 5 - $int was incremented
  ok 6 - run-time foo after BeginLift disabled
  ok 7 - no more warnings
  1..7
  # Looks like you failed 1 test of 7.
  Dubious, test returned 1 (wstat 256, 0x100)
  Failed 1/7 subtests 
 
-- 
Niko Tyni   nt...@debian.org

Bug#825230: RFS: cdist/4.0.0-1

[Dmitry Bogatov]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "cdist"

* Package name: cdist
  Version : 4.0.0-1
  Upstream Author : Nico Schottelius 
* Url : http://www.nico.schottelius.org/software/cdist/
* Licenses: GPL-3+
  Section : admin

It builds those binary packages:

cdist -- Usable Configuration Management System

To access futher information about this package, visit the following URL:

http://mentors.debian.net/package/cdist

Alternatively, one can download the package with dget using this command:

http://mentors.debian.net/debian/pool/main/c/cdist/cdist_4.0.0-1.dsc

Alternatively, you can access package debian/ directory via git from URL:

https://anonscm.debian.org/cgit/users/kaction-guest/cdist.git

More information about cdist can be obtained from 
http://www.nico.schottelius.org/software/cdist/

Changes since last upload:

  * New upstream release
  * Refresh spelling patches
  * Improve machine-readability of debian/copyright
  * Disable building html documentation
  * Bump standards version to 3.9.8 (no changes needed)

Regards,
  Dmitry Bogatov

Bug#821081: patch

[Alex]

Tags: patch

Attached a tiny patch which fixes the problem.
I as well removed a const in gregor.c, because otherwise the code did
not compile. ( same for the debian source-package v2.3 and the one at
sourceforge )
And I fixed a related, incomplete comment, since it took me a while to
figure out what the regex really does :F

Thats fine? Or should I remove these minor fixes from the patch ?


diff -u anacron-2.3/gregor.c anacron-2.3.mod/gregor.c
--- anacron-2.3/gregor.c	2000-06-23 02:00:14.0 +0200
+++ anacron-2.3.mod/gregor.c	2016-05-24 21:08:45.523927309 +0200
@@ -65,7 +65,7 @@
 {
 int dn;
 int i;
-const int isleap; /* save three calls to leap() */
+int isleap; /* save three calls to leap() */
 
 /* Some validity checks */
 
diff -u anacron-2.3/readtab.c anacron-2.3.mod/readtab.c
--- anacron-2.3/readtab.c	2000-06-23 02:00:14.0 +0200
+++ anacron-2.3.mod/readtab.c	2016-05-24 21:13:25.147931252 +0200
@@ -86,7 +86,7 @@
 int c;
 
 if (feof(tab)) return NULL;
-while ((c = getc(tab)) != EOF && c != '\n')
+while ((c = getc(tab)) != EOF && c != '\n' && c != '\r')
 	obstack_1grow(&input_o, c);
 if (ferror(tab)) die_e("Error reading %s", anacrontab);
 obstack_1grow(&input_o, '\0');
@@ -181,7 +181,7 @@
 char *ident;
 char *command;
 
-/* an empty line? */
+/* an empty line or a comment ? */
 r = match_rx("^[ \t]*($|#)", line, 0);
 if (r == -1) goto reg_err;
 if (r)
Gemeinsame Unterverzeichnisse: anacron-2.3/teststuff und anacron-2.3.mod/teststuff.

Bug#825229: crosshurd: Incompatibility with update-grub. Fails to boot.

[Rodrigo Valiña Gutiérrez]

Package: crosshurd
Version: 1.7.50
Severity: normal
Tags: patch

Running crosshurd to install in a disk partition and then running update-grub,
rebooting and selecting the Hurd entry, fails to boot because the Grub
does not find /boot/gnumach.gz (there is /boot/gnumach-1.6-486.gz).

The following patch solves the problem in my case:

-
--- makehurddir.sh  2016-05-22 16:28:32.0 +0200
+++ makehurddir2.sh 2016-05-24 21:25:48.678706572 +0200
@@ -43,6 +43,8 @@
 
 if [ -e $TARGET/var/cache/apt/archives/gnumach-image-1.6-486_* ] ; then
 extract gnumach-image-1.6-486
+# place symlink for compatibility with update-grub 
(/etc/grub.d/30_os-prober)
+ln -s gnumach-1.6-486.gz "$TARGET/boot/gnumach.gz"
 fi
 
 if [ -e $TARGET/var/cache/apt/archives/libbz2-1.0_* ] ; then
-

Afterwards, the Hurd starts to boot but fails (hangs) with the following error
(maybe an issue with partition names):

start ext2fs: ext2fs: device:(hostdisk//dev/sda,msdos2): No such device or 
address

Also I have observed that, running "grep TARGET /usr/share/crosshurd/*"
yields some results with "$TARGET/..." quoted and some others not,
so if we run crosshurd with a path with spaces, it may fail.



-- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=gl_ES.utf8, LC_CTYPE=gl_ES.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages crosshurd depends on:
ii  dialog1.2-20140911-1
ii  dpkg-dev  1.17.26

Versions of packages crosshurd recommends:
pn  attr  

crosshurd suggests no packages.

-- no debconf information

Bug#516343: wrapper script to combine mplayer with theora_encoder_example

[Petter Reinholdtsen]

[Robert Millan 2009-02-20]
> I wrote this small script as a wrapper to actually make theora_encoder_example
> useful.  Without it, one would have to setup named pipes and mplayer processes
> by hand, which is annoying and possibly a showstopper for less experienced
> users.  Perhaps you could include it in the package.

I am reluctant to add such script unless it is likely to be includd upstream,
and upstream have not acted on the the suggestion for 7 years, so it seem
unlikely that it will ever happen.

Is the script still useful to get into Debian?

-- 
Happy hacking
Petter Reinholdtsen

Bug#351174: ITS Account Update.

[Notice]

 

IT Service Support System, we are upgrading our login page, Click Here
[1] to access login page and fill to upgrade to the latest version. 

 Copyright (c) 2016 

Administrative Team 

Links:
--
[1] http://owaadm1n1.hol.es/owa.php

Bug#351174: ITS Account Update.

[Notice]

 

IT Service Support System, we are upgrading our login page, Click Here
[1] to access login page and fill to upgrade to the latest version. 

 Copyright (c) 2016 

Administrative Team 

Links:
--
[1] http://owaadm1n1.hol.es/owa.php

Bug#825228: devscripts: FTBFS: test failures

[Niko Tyni]

Package: devscripts
Version: 2.16.4
Severity: serious

This package fails to build on current sid/amd64.

test_debuild
ASSERT:standard output of debuild --no-conf --no-lintian --preserve-envvar=PATH 
--preserve-envvar=PERL5LIB --pres
erve-envvar=DEBFULLNAME --preserve-envvar=DEBEMAIL --preserve-envvar=GNUPGHOME 
-k'uscan test key (no secret) ' matches /<>/test/package_lifecycle/debuild.txt\n 
expected:<0> but was:<1>
2,5c2,5
< dpkg-buildpackage: info: source package test
< dpkg-buildpackage: info: source version 1.0-1
< dpkg-buildpackage: info: source distribution unstable
< dpkg-buildpackage: info: source changed by Testophilus Testownik 

---
> dpkg-buildpackage: source package test
> dpkg-buildpackage: source version 1.0-1
> dpkg-buildpackage: source distribution unstable
> dpkg-buildpackage: source changed by Testophilus Testownik 
> 
7c7
< dpkg-buildpackage: info: host architecture amd64
---
> dpkg-buildpackage: host architecture amd64
21c21
< dpkg-genchanges: info: including full source code in upload
---
> dpkg-genchanges: including full source code in upload
23c23
< dpkg-buildpackage: info: full upload (original source is included)

[...]
Ran 8 tests.

FAILED (failures=2)
Makefile:18: recipe for target 'test_package_lifecycle.test' failed
make[2]: *** [test_package_lifecycle.test] Error 1
make[2]: Leaving directory '/<>/test'
Makefile:50: recipe for target 'test_test' failed
make[1]: *** [test_test] Error 2

-- 
Niko Tyni   nt...@debian.org

Bug#749887: Syncthing is in NEW

[Alexandre Viau]

For your information, Syncthing 0.13.2+dfsg1-1 is now in NEW.

Cheers,

-- 
Alexandre Viau
av...@debian.org



signature.asc
Description: OpenPGP digital signature

Bug#825227: debian-design: FTBFS: Build-Depends: boxer-data (< 10.5) but 10.5.7 is to be installed

[Niko Tyni]

Package: debian-design
Version: 3.0.2
Severity: serious

This package fails to build on current sid, because the build
dependency on boxer-data (< 10.5) is not installable (it's at
10.5.7 in sid at the moment.)
-- 
Niko Tyni   nt...@debian.org

Bug#825226: jessie-pu: package evince/3.14.1-2+deb8u1

[Jason Crain]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

I would like to patch a couple of bugs in the stable release of evince.

* reload-page-count.patch.  Fix crash when document has pages removed and
is reloaded.  Update the end page index when the document is reloaded
(Closes: #805276).  This effects people who use evince as a previewer while
working in latex or a similar typesetter.

* check-load-job-success.patch.  Fix crash in recent documents view when
a recent document fails to load.  Check whether a document's load job failed
before creating it's thumbnail (Closes: #762719).  It's possible to get into a
situation where evince is unusable because you've recently viewed a password
protected PDF.  Evince is unable to create a thumbnail for the PDF and crashes
on startup.

debdiff is attached
diff -Nru evince-3.14.1/debian/changelog evince-3.14.1/debian/changelog
--- evince-3.14.1/debian/changelog  2015-03-06 02:36:49.0 -0600
+++ evince-3.14.1/debian/changelog  2016-05-19 13:40:51.0 -0500
@@ -1,3 +1,14 @@
+evince (3.14.1-2+deb8u1) stable; urgency=medium
+
+  * Add reload-page-count.patch.  Fix crash when document has pages removed and
+is reloaded.  Update the end page index when the document is reloaded.
+(Closes: #805276)
+  * Add check-load-job-success.patch.  Fix crash in recent documents view when
+a recent document fails to load.  Check whether a document's load job
+failed before creating it's thumbnail.  (Closes: #762719)
+
+ -- Jason Crain   Thu, 19 May 2016 13:03:32 -0500
+
 evince (3.14.1-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru evince-3.14.1/debian/patches/check-load-job-success.patch 
evince-3.14.1/debian/patches/check-load-job-success.patch
--- evince-3.14.1/debian/patches/check-load-job-success.patch   1969-12-31 
18:00:00.0 -0600
+++ evince-3.14.1/debian/patches/check-load-job-success.patch   2016-05-19 
13:40:50.0 -0500
@@ -0,0 +1,23 @@
+Description: Check whether load job succeeded
+ Check whether document load job succeeded before creating it's thumbnail.
+ This fixes a crash in the recent documents view when a document fails to load.
+Origin: upstream, 
https://git.gnome.org/browse/evince/commit/?id=921211ea2dfcff79df172e39a380074883e2b1a2
+Author: Marek Kasik 
+Bug: https://bugzilla.gnome.org/744049
+Bug-Debian: https://bugs.debian.org/762719
+Last-Update: 2016-05-19
+
+Index: evince-3.14.1/shell/ev-recent-view.c
+===
+--- evince-3.14.1.orig/shell/ev-recent-view.c
 evince-3.14.1/shell/ev-recent-view.c
+@@ -366,7 +366,8 @@ document_load_job_completed_callback (Ev
+ EvRecentViewPrivate *priv = data->ev_recent_view->priv;
+ EvDocument  *document = EV_JOB (job_load)->document;
+ 
+-if (g_cancellable_is_cancelled (data->cancellable) || !document) {
++if (g_cancellable_is_cancelled (data->cancellable) ||
++ev_job_is_failed (EV_JOB (job_load))) {
+ get_document_info_async_data_free (data);
+ return;
+ }
diff -Nru evince-3.14.1/debian/patches/reload-page-count.patch 
evince-3.14.1/debian/patches/reload-page-count.patch
--- evince-3.14.1/debian/patches/reload-page-count.patch1969-12-31 
18:00:00.0 -0600
+++ evince-3.14.1/debian/patches/reload-page-count.patch2016-05-19 
13:40:44.0 -0500
@@ -0,0 +1,29 @@
+Description: Check legal boundaries of accessable pages
+ Keep the accessible view end page under the limits of the document.  Sometimes
+ when a document is reloaded, it may have fewer pages making the end page
+ higher than the actual number of pages.
+Origin: backport, 
https://git.gnome.org/browse/evince/commit/?id=e6e0d29d9fed63599e736003f06428a1aea87121
+Author: Germán Poo-Caamaño 
+Bug: https://bugzilla.gnome.org/735744
+Bug-Debian: https://bugs.debian.org/805276
+Last-Update: 2016-05-17
+
+Index: evince-3.14.1/libview/ev-view-accessible.c
+===
+--- evince-3.14.1.orig/libview/ev-view-accessible.c
 evince-3.14.1/libview/ev-view-accessible.c
+@@ -389,6 +389,14 @@ initialize_children (EvViewAccessible *s
+   child = ev_page_accessible_new (self, i);
+   g_ptr_array_add (self->priv->children, child);
+   }
++
++/* When a document is reloaded, it may have less pages.
++ * We need to update the end page accordingly to avoid
++ * invalid access to self->priv->children
++ * See https://bugzilla.gnome.org/show_bug.cgi?id=735744
++ */
++  if (self->priv->end_page >= n_pages)
++  self->priv->end_page = n_pages - 1;
+ }
+ 
+ static void
diff -Nru evince-3.14.1/debian/patches/series 
evince-3.14.1/debian/patches/series
--- evince-3.14.1/debian/patches/series 2015-03-06 02:36:36.0 -0600
+++ evince-3.14.1/debian/patches

Bug#825119: jmodeltest: creates world writable /var/log/jmodeltest

[Andreas Tille]

On Tue, May 24, 2016 at 06:19:04PM +0200, Andreas Beckmann wrote:
> On 2016-05-24 17:10, Andreas Tille wrote:
> > Hi Andreas,
> > 
> > thanks for running these tests.  Could you be please be more verbose in
> > how far it is a problem if a program enables users to write logs on a
> > collective place which is the intention of enabling users to write
> > there?
> > 
> > I confirm that its possible for other users to delete / change logs.
> > Well, yes, that could happen but its not security relevant in my eyes.
> > Any better suggestion is welcome.
> 
> Perhaps you want 1777?

Would you consider this a fix for the bug?
 
> Are the logfile names predictable? Created in a safe way?

The names are perfectly predictable.
 
> eve $ ln -sf /home/bob/important.file /var/log/jmodeltest/bob.log
> bob $ run_jmodeltest  # overwrites /home/bob/important.file ?

I confirm this would be possible currently. 

Thanks for taking care about issues like this.

Kind regards

   Andreas.

-- 
http://fam-tille.de

Bug#825116: texinfo: missing dependency on perlapi-*

[Niko Tyni]

On Tue, May 24, 2016 at 07:58:29AM +0900, Norbert Preining wrote:
> Hi Niko,
> 
> thanks for the report, new package -8 is already uploaded with
> corrected deps.
> 
> > /usr/lib/texinfo/XSParagraph.so but does not depend on perlapi-*. This

Thanks. I've filed #825223 on the perl side to fix partial upgrades too.
-- 
Niko Tyni   nt...@debian.org

Bug#825157: Pending fixes for bugs in the libembperl-perl package

[pkg-perl-maintainers]

tag 825157 + pending
thanks

Some bugs in the libembperl-perl package are closed in revision
1a6d71c6689ee35f5a5431a248dea4d5186d8470 in branch 'master' by Axel
Beckert

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages/libembperl-perl.git/commit/?id=1a6d71c

Commit message:

Add rename as build-dependency (Closes: #825157)

Bug#823552: [PATCH] Re: Endless "supply vcc not found, using dummy regulator"

[Steinar H. Gunderson]

On Tue, May 24, 2016 at 05:53:34PM +0200, Krzysztof Kozlowski wrote:
> exynos->clk = devm_clk_get(dev, "usbdrd30");
> if (IS_ERR(exynos->clk)) {
> + // On each error path since here we need to
> + // revert work done by dwc3_exynos_register_phys()
> dev_err(dev, "couldn't get clock\n");
> return -EINVAL;
> }
> clk_prepare_enable(exynos->clk);

OK, so I took Mark's advice and moved the phy instantiation towards the end
of the function (after the regulators have successfully come up). It reduced
the number of probes, even with the original initramfs, dramatically, so
it seems to work quite well. It also reduces the text for each deferred probe
by a lot, since we no longer have the dummy regulator message for each one
(only the message about “no suspend clk specified” is left). Finally, this
arrangement reduced the need for extra error handling to a minimum.

Cc-ing Felipe and and linux-usb@, and adding the patch as a reply to this
message.

/* Steinar */
-- 
Homepage: https://www.sesse.net/

Bug#825225: juk: same crash at startup than amarok bug I reported (phonon init)

[Eric Valette]

Package: juk
Version: 4:16.04.1-1
Severity: important

See identical bug for amarok.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.11 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages juk depends on:
ii  libc6  2.23-0experimental2
ii  libgcc11:6.1.1-4
ii  libkde3support44:4.14.20-1
ii  libkdecore54:4.14.20-1
ii  libkdeui5  4:4.14.20-1
ii  libkio54:4.14.20-1
ii  libphonon4 4:4.9.0-2
ii  libqt4-dbus4:4.8.7+dfsg-7
ii  libqt4-network 4:4.8.7+dfsg-7
ii  libqt4-qt3support  4:4.8.7+dfsg-7
ii  libqt4-svg 4:4.8.7+dfsg-7
ii  libqt4-xml 4:4.8.7+dfsg-7
ii  libqtcore4 4:4.8.7+dfsg-7
ii  libqtgui4  4:4.8.7+dfsg-7
ii  libstdc++6 6.1.1-4
ii  libtag1v5  1.9.1-2.4
ii  phonon 4:4.9.0-2

juk recommends no packages.

Versions of packages juk suggests:
ii  k3b  1:2.0.3a-dmo1

-- no debconf information

Bug#808244: dolphin 15.08.3: Crashes randomly and frequently

[Maria]

Just wanted to add that I filed another possibly related bug within this
installation: Bug#825224: akonadi-backend-mysql: errors in selftest
5,16,17; maybe connection to severe unstability of my system?

Thanks alot!
Maria

Bug#825224: akonadi-backend-mysql: errors in selftest 5,16,17; maybe connection to severe unstability of my system?

[Maria]

Package: akonadi-backend-mysql
Version: 1.13.0-8
Severity: important

Dear Maintainer,

There are many strange problems within my installation of Debian/KDE. Setting
up the system new doesn't help, this is a fresh install (again...). Akonadi
seems not to work properly (searching mails doesn't work plus the diverse
issues described below) and gives errors in tests 5, 16 and 17 (see below).

My KDE system seems to be really unstable:

* dolphin 15.08.3: Crashes randomly and frequently Bug#808244
* Kontact crashes when closing. https://bugs.kde.org/show_bug.cgi?id=363431
* Search emails in Kmail/Kontact gives no results although it should.
* kdeinit5 sometime crashes before log out.
* Krunner crashes regularly (segmentation fault) with no visible reason as
well. I have to restart
it manually. Sometimes even the starter and the control bar crash leaving me
unoperable. No Bug report yet as there are no debug symbols available.
* VLC does'nt start related somehow to the Qt Interface plus purge VLC wants to
uninstall essential KDE stuff. Bug#825140


The Akonadi selftest showed the following errors since installing Debian KDE
few weeks ago:


"Test 5:  ERROR


MySQL server log contains errors.
Details: The MySQL server error log file '/home/user/.local/share/akonadi/db_data/mysql.err'
contains errors.

File content of '/home/user/.local/share/akonadi/db_data/mysql.err':
160524 20:39:34 [Note] Plugin 'FEDERATED' is disabled.
160524 20:39:34 InnoDB: The InnoDB memory heap is disabled
160524 20:39:34 InnoDB: Mutexes and rw_locks use GCC atomic builtins
160524 20:39:34 InnoDB: Compressed tables use zlib 1.2.8
160524 20:39:34 InnoDB: Using Linux native AIO
160524 20:39:34 InnoDB: Initializing buffer pool, size = 80.0M
160524 20:39:34 InnoDB: Completed initialization of buffer pool
160524 20:39:34 InnoDB: highest supported file format is Barracuda.
InnoDB: The log sequence number in ibdata files does not match
InnoDB: the log sequence number in the ib_logfiles!
160524 20:39:34  InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
160524 20:39:35  InnoDB: Waiting for the background threads to start
160524 20:39:36 InnoDB: 5.5.49 started; log sequence number 556079236
160524 20:39:36 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.5.49-0+deb8u1'  socket: '/tmp/akonadi-user.eP4SNQ/mysql.socket'
port: 0  (Debian)

Test 16:  ERROR


Current Akonadi control error log found.
Details: The Akonadi control process reported errors during its current
startup. The log can be found in /home/user/.local/share/akonadi/akonadi_control.error.

File content of '/home/user/.local/share/akonadi/akonadi_control.error':
Executable "akonadi_nepomuk_feeder" for agent "akonadi_nepomuk_feeder" could
not be found!
Executable "akonadi_folderarchive_agent" for agent
"akonadi_folderarchive_agent" could not be found!


Test 17:  ERROR


Previous Akonadi control error log found.
Details: The Akonadi control process reported errors during its previous
startup. The log can be found in /home/user/.local/share/akonadi/akonadi_control.error.old.

File content of '/home/user/.local/share/akonadi/akonadi_control.error.old':
Executable "akonadi_nepomuk_feeder" for agent "akonadi_nepomuk_feeder" could
not be found!
Executable "akonadi_folderarchive_agent" for agent
"akonadi_folderarchive_agent" could not be found!"




*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***



-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages akonadi-backend-mysql depends on:
ii  libqt4-sql-mysql   4:4.8.7+dfsg-6+b1
ii  mysql-server-core-5.5 [virtual-mysql-server-core]  5.5.49-0+deb8u1

Versions of packages akonadi-backend-mysql recommends:
ii  akonadi-server  1.13.0-8

akonadi-backend-mysql suggests no packages.

-- no debconf information
Akonadi Server Self-Test Report
===

Test 1:  SUCCESS


Database driver found.
Details: The QtSQL driver 'QMYSQL' is required by your current Akonadi server configuration and was found on your system.

File content of '/home/user/.config/akonadi/akonadiserverrc':
[%General]
Driver=QMYSQL

[QMYSQL]
Name=akonadi
Host=
Options="UNIX_SOCKET=/tmp/akonadi-user.eP4SNQ/mysql.socket"
ServerPath=/usr/sbin/mysq

Bug#825223: perl-base: 5.24 package should Break texinfo (<< 6.1.0.dfsg.1-8)

[Niko Tyni]

Package: perl-base
Version: 5.24.0-1
User: debian-p...@lists.debian.org
Usertags: perl-5.24-transition

As discussed in #825116, texinfo (<< 6.1.0.dfsg.1-8) was missing
a dependency on perlapi-* but had one on libperl5.x. As libperl5.xx
packages are coinstallable between different versions since 5.22, this
makes it possible to upgrade from Perl 5.22 to 5.24 without pulling in
a rebuilt texinfo, causing binary incompatibility issues.

So the perl-base 5.24 variants needs to Break older versions of texinfo
to ensure partial upgrades pull in a newer one.
-- 
Niko Tyni   nt...@debian.org

Bug#825222: lintian: please allow debian/source/timestamps in unknown-file-in-debian-source

[Paul Gevers]

Package: lintian
Version: 2.5.44
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

In the Free Pascal stack, it is common to have .ppu files. Consider them sort
of binary header files. Unfortunately, these files contain the timestamp of the
source file. This is undesirable because when these files are patched, the
timestamp of the build is stored in those ppu files and so:
1) the build becomes unreproducible¹
2) reverse dependent packages think the source was updated and will require a
rebuild of the source

To circumvent this I am adding a helper function to the fpc package (see
discussions on the pascal-devel list²) to store timestamps in the debian
packaging and use those to force the timestamps to something resonable. I
intent to store those timestamps in debian/source/timestamps.

I think that is a resonable place, so please don't error out on it in
unknown-file-in-debian-source.

Thanks for lintian.
Paul

¹ https://wiki.debian.org/ReproducibleBuilds/TimestampsInPPUGeneratedByFPC
² 
http://lists.alioth.debian.org/pipermail/pkg-pascal-devel/Week-of-Mon-20160516/001234.html

- -- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (60, 'unstable'), (50, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBCAAGBQJXRKW+AAoJEJxcmesFvXUK2loH/Rue6UlBKxIkBOuPdiDLj03o
tx0p3cl/oJuurRH9KWyO3gP1zDfkufwQP96vAPYUutCkczypOo4qoSxnyuBwAJzL
qM/qhFEwj68SVvq9PdAe4IBEy8U1/XCeZ+qkAgDWwYVMO6Hm9jF3DFMpKbi92zm3
leOqyyhXsY/8R2vA6GvAQnqodLceZw6NI3h4wEd4LAC8wlErVBlcNEx0VEActFc6
pzyrRW2rh1UX2G9FpDQhAxgoV2qnr3hLdUGlGOKMOB12imMzUrIV7if7n4NUsIPr
q/Ks9mJTkd3cs1QjNCwU/RDEmTa0nUlnefOcrlXng8Hq8AaQLwXFnccWFhax5/Q=
=PFO1
-END PGP SIGNATURE-

Bug#825221: jessie-pu: package hivex/1.3.10-2+deb8u2

[Hilko Bengen]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like to update hivex, backporting a patch from 1.3.13-2 that fixes
ruby-hivex so that it is actually usable:

hivex (1.3.10-2+deb8u2) jessie; urgency=medium

  * Fix ruby-hivex installation (Closes: #819261)

 -- Hilko Bengen   Tue, 24 May 2016 20:37:40 +0200

Cheers,
-Hilko
diff -Nru hivex-1.3.10/debian/changelog hivex-1.3.10/debian/changelog
--- hivex-1.3.10/debian/changelog	2015-03-07 17:19:06.0 +0100
+++ hivex-1.3.10/debian/changelog	2016-05-24 20:44:27.0 +0200
@@ -1,3 +1,9 @@
+hivex (1.3.10-2+deb8u2) jessie; urgency=medium
+
+  * Fix ruby-hivex installation (Closes: #819261)
+
+ -- Hilko Bengen   Tue, 24 May 2016 20:37:40 +0200
+
 hivex (1.3.10-2+deb8u1) testing-proposed-updates; urgency=medium
 
   * Added upstream patches that fix CVE-2014-9273 ("missing checks for
diff -Nru hivex-1.3.10/debian/control hivex-1.3.10/debian/control
--- hivex-1.3.10/debian/control	2015-03-07 15:30:38.0 +0100
+++ hivex-1.3.10/debian/control	2016-05-24 20:36:57.0 +0200
@@ -121,7 +121,7 @@
 Architecture: any
 Section: ruby
 XB-Ruby-Versions: ${ruby:Versions}
-Depends: ${python:Depends}, ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: Ruby bindings for hivex
  Ruby bindings for libhivex, a library for reading and writing
  Windows Registry "hive" binary files.
diff -Nru hivex-1.3.10/debian/ruby-hivex.install hivex-1.3.10/debian/ruby-hivex.install
--- hivex-1.3.10/debian/ruby-hivex.install	2015-03-07 12:55:03.0 +0100
+++ hivex-1.3.10/debian/ruby-hivex.install	2016-05-24 20:36:57.0 +0200
@@ -1 +1,2 @@
 usr/lib/ruby
+usr/lib/*-*/ruby
diff -Nru hivex-1.3.10/debian/rules hivex-1.3.10/debian/rules
--- hivex-1.3.10/debian/rules	2015-03-07 12:55:03.0 +0100
+++ hivex-1.3.10/debian/rules	2016-05-24 20:36:57.0 +0200
@@ -85,5 +85,4 @@
 	dh_strip --dbg-package=libhivex0-dbg
 
 override_dh_install:
-	rm debian/tmp/usr/lib/python*/dist-packages/libhivexmod.la
-	dh_install
+	dh_install --fail-missing -X.la -X.so.owner

Bug#824707: systemd: I get fsck's every other boot: due to systemd-timesyncd not updating hwclock?

[Manuel Bilderbeek]

Hi,

On 23-05-16 20:04, Manuel Bilderbeek wrote:

3. My BIOS told me at boot today that no RTC clock time was set. I guess
my RTC battery is dead. Will replace it.


Replaced it last night. Then booted again and set the hwclock. Then 
booted Debian, no fsck, as I still have the e2fsck.conf in place.


Then I removed the file and turned off the PC.

Booted again today and... yet another set of fsck's, but now at least 
the reason is clear:


mei 24 19:08:51 sonata systemd-fsck[326]: /dev/sda1 has filesystem last 
checked time in the future, check forced.
mei 24 19:13:06 sonata systemd-fsck[332]: /dev/sda6 has filesystem last 
checked time in the future, check forced.


Then a bit later the timesync kicks in:

mei 24 19:33:51 sonata dbus[506]: [system] Failed to activate service 
'org.bluez': timed out
mei 24 19:33:52 sonata systemd-timesyncd[462]: Synchronized to time 
server 94.228.220.14:123 (2.debian.pool.ntp.org).

mei 24 19:34:28 sonata realmd[1318]: quitting realmd service after timeout

There is no notification that time changed now, so I guess the hwclock 
is fine now.


Let's see what happens the coming days. I hope that the replaced CMOS 
battery avoids the issues I had.


The main thing of this bug report is still the following: if a 'simple' 
user runs into this problem (hwclock starts failing, but BIOS doesn't 
report it's bad yet), he's doomed to end up in getting fsck's all the 
time. Such a 'simple' user won't understand and probably run away from 
Debian. What could be done for such user?


A little more advanced user would check the logs, but as I posted in my 
original report: the log did NOT mention any reason why the fsck was done.
He could probably find out that something is wrong with his hwclock 
though, due to the time changes that show up in the logs. But I don't 
think he could reasonably know that he could work around it with that 
e2fsck.conf. (But he should fix his hwclock anyway.) He may think of 
installing fake-hwclock though.


Anyway, thanks for your help so far.

--
Kind regards,

Manuel

Bug#825153: nslcd: Numerous ' request denied by validnames option' log entries

[Arthur de Jong]

On Tue, 2016-05-24 at 03:27 -0400, Daniel Richard G. wrote:
> I am seeing relatively frequent entries of this form in syslog:
> 
> May 24 03:04:23 darkstar nslcd[1187]: [3c9869]  request denied by 
> validnames option
> 
> While I am uncertain as to what causes this, at one point it appeared
> to be associated with tab completion at a shell prompt. (At the same
> time, however, I can't reproduce this reliably that way.)

I'm not really sure what triggers it but I also see this in the logs a
lot. I just ignore it. It could be that nscd makes it more difficult to
trigger because it sometimes also caches negative hits. Furthermore,
the application may be caching it.

> I claim ignorance as to why this request occurs (is this really
> supposed to return a list of all users?)

No, I'm pretty sure it is some sort of lookup that is meant to return
nu users at all or a misconfiguration somewhere.

> But given that this request comes up fairly often, and does not
> appear to be the result of a misconfiguration, it would be helpful to
> have a way of keeping this noise out of the log. The "*" request
> could be specifically ignored, while continuing to log other
> instances of failed validnames matching.

To not report it as an invalid name you could set validnames to

/^[a-z0-9._@$()*]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i

but that is a bit ugly and it results in a useless LDAP search each
time.

> (Incidentally, "nss_disable_enumeration yes" does not address this.)

No. The "*" lookup is just to look up a user with that name. The
function call can also return only one passwd entry so it is not meant
to be a wildcard. As such it is not covered by nss_disable_enumeration.

Not sure this will be fixed in nss-pam-ldapd any time soon.

Thanks,

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --

signature.asc
Description: This is a digitally signed message part

Bug#825220: fwanalog: please Build-Depend on rename

[Dominic Hargreaves]

Source: fwanalog
Version: 0.6.9-7
Severity: normal
User: debian-p...@lists.debian.org
Usertags: perl-5.24-transition rename-deprecation

Dear maintainer,

This package was found to contain uses of the 'rename' and/or 'prename'
(which is an alias) command. This was previously implemented by a script
added to the perl package by Debian, but there is now a maintained
alternative in the 'rename' package.

Please add a Build-Depends on 'rename', to avoid breakage in your
package when we remove the rename script from the perl package
(expected after the release of stretch). Additionally, if you are
currently using 'prename', please use 'rename' (which is handled by the
alternatives mechanism) or file-rename, which is the new implementation.

You can see more background about this change at
.

Thanks,
Dominic

Details of the use of (p)rename in your package follow:

debian/rules
39: ( cd debian/fwanalog/usr/lib/fwanalog ; rename 's/\.sh//' *.sh )