Bug#860072: botan1.10: diff for NMU version 1.10.15-1.1

[Ondřej Surý]

Darn,

time passes so quickly...

I have uploaded 1.10.16 to unstable and will fill unblock bug, given
that the upstream changes from 1.10.15 to 1.10.16 comprises just of this
bugfix:

$ git diff upstream/1.10.15..upstream/1.10.16 
diff --git a/botan_version.py b/botan_version.py
index 9002199..28f4823 100644
--- a/botan_version.py
+++ b/botan_version.py
@@ -1,11 +1,11 @@
 
 release_major = 1
 release_minor = 10
-release_patch = 15
+release_patch = 16
 
 release_so_abi_rev = 1
 
 # These are set by the distribution script
-release_vc_rev = 'git:f79e642ab8c09971968abdfe6990df6801711e1f'
-release_datestamp = 20170112
+release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e'
+release_datestamp = 20170404
 release_type = 'released'
diff --git a/doc/log.txt b/doc/log.txt
index 9ceaa7d..60b76d0 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -7,6 +7,16 @@ Release Notes
 Series 1.10
 
 
+Version 1.10.16, 2017-04-04
+
+
+* Fix a bug in X509 DN string comparisons that could result in out of
bound
+  reads. This could result in information leakage, denial of service,
or
+  potentially incorrect certificate validation results. (CVE-2017-2801)
+
+* Avoid throwing during a destructor since this is undefined in C++11
+  and rarely a good idea. (GH #930)
+
 Version 1.10.15, 2017-01-12
 
 
diff --git a/src/alloc/alloc_mmap/mmap_mem.cpp
b/src/alloc/alloc_mmap/mmap_mem.cpp
index 17c189e..85edbc4 100644
--- a/src/alloc/alloc_mmap/mmap_mem.cpp
+++ b/src/alloc/alloc_mmap/mmap_mem.cpp
@@ -73,8 +73,7 @@ void* MemoryMapping_Allocator::alloc_block(size_t n)
 * will continue to exist until the mmap is unmapped from
 * our address space upon deallocation (or process exit).
 */
-if(fd != -1 && ::close(fd) == -1)
-   throw MemoryMapping_Failed("Could not close file");
+fd != -1 && ::close(fd);
 }
   private:
  int fd;
diff --git a/src/utils/parsing.cpp b/src/utils/parsing.cpp
index 9ec0004..fc7e963 100644
--- a/src/utils/parsing.cpp
+++ b/src/utils/parsing.cpp
@@ -230,6 +230,8 @@ bool x500_name_cmp(const std::string& name1, const
std::string& name2)
 
  if(p1 == name1.end() && p2 == name2.end())
 return true;
+ if(p1 == name1.end() || p2 == name2.end())
+return false;
  }
 
   if(!Charset::caseless_cmp(*p1, *p2))

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Sun, May 28, 2017, at 14:27, Salvatore Bonaccorso wrote:
> Control: tags 860072 + pending
> 
> Dear maintainer, hi Ondrej
> 
> I've prepared an NMU for botan1.10 (versioned as 1.10.15-1.1) and
> uploaded it to DELAYED/3. Please feel free to tell me if I
> should delay it longer.
> 
> Regards,
> Salvatore
> Email had 1 attachment:
> + botan1.10-1.10.15-1.1-nmu.diff
>   2k (text/x-diff)

Bug#863624: unblock: lua-http/0.1-3

[Ondřej Surý]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package lua-http

Dear release team,

the 0.1-3 update fixes two bugs:

- 0.1-1 package contained incorrect Breaks, this was fixed in 0.1-2
  but never uploaded to unstable

- 0.1-3 contains upstream patch to fix RC bug #863286 (HTTP Request
  string failed in non-comma-as-separator locales)

unblock lua-http/0.1-3

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 3.0 (quilt)
Source: lua-http
Binary: lua-http
Architecture: all
Version: 0.1-3
Maintainer: Ondřej Surý 
Homepage: https://github.com/daurnimator/lua-http
Standards-Version: 3.9.8
Vcs-Browser: https://anonscm.debian.org/git/pkg-lua/lua-http.git
Vcs-Git: git://anonscm.debian.org/pkg-lua/lua-http.git
Build-Depends: debhelper (>= 9), dh-lua, pandoc
Package-List:
 lua-http deb interpreters optional arch=all
Checksums-Sha1:
 b03216bb5c903b07678464664c142ff9c76833c0 116507 lua-http_0.1.orig.tar.gz
 36f72780773ad5752ce33568af9b30de0a582664 3452 lua-http_0.1-3.debian.tar.xz
Checksums-Sha256:
 4ba01edc7f02d49f98cf98883d7ad9b47f5e4c11dd95d5149f980f40ba12e546 116507 
lua-http_0.1.orig.tar.gz
 537488d3a5d918be5f5b625ca53582e318e66484f58f4d9cf034744219275696 3452 
lua-http_0.1-3.debian.tar.xz
Files:
 f5da73665fb3a13cd600e8b17e0c1bb9 116507 lua-http_0.1.orig.tar.gz
 2e5cbfb4a8dca99abf5fb33d5d4569fb 3452 lua-http_0.1-3.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlksChtfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw
QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8
uwej0w//aN0E0k7GSSpB4wY/zaZWAG3x1fzY9diWU6HF7QvE+r4WDunVwXG8trW/
/JA1ilJfvCLkuBG9C0sFIiLWtkRVrGaZzudbEcEZvjMB4Q4QfvAbpG6v0SJzH8jA
TGj3YeF6IkSG9qUDB94o4pKTfiGEFIvdAP3UqHeJElsMYTMfN16O/HQ6VLC0C1lr
PG8aLnG+dik5eDtu8oopchRTHEj8iD7A0VMPK/7FN6VagaDpWm4F6+cEOq2IEqTj
gbrW4yJqHYEvc3OMhpQ9PiO+sJ8zHxD+z2fzHeXTz5AZQFLwWsZaPRZ6pC/mcvfx
91vZ0330zJ2Bm/dtZ7LSlUncB8gHTX16YiLc3uZc/A6wDM3x4i6LGaGYcr1DaVVv
hBpM7JoPmPFl31gue/MmY9wPe+JAzVKozPJs2aNoCgsrBFdyT3bUe6ZRkop9ITjb
VU0C2uKdxp7xl2+WDbTyKrkpgxVBI9TDwtwQHDIDZB/5qkLvkhHem0YCJZGBLFxa
yeNV97mOoinQp9haDHeBrbImSgNFY/hy+X+weDI8PfVp2s8AvM/DyfZQK8YafgJK
5m/YOQ4gMWIhPCPMdXy3onmYJuBAa2MehHlq+ZZGH83BrImIUmFqAN+D876NjnSh
MR/uHYAkxZK8njUwc2dRFrHVZ/v2SqAtxahBsXVXlE+nqgD8f+0=
=Wpip
-END PGP SIGNATURE-
diff -Nru lua-http-0.1/debian/changelog lua-http-0.1/debian/changelog
--- lua-http-0.1/debian/changelog   2016-12-19 13:13:38.0 +0100
+++ lua-http-0.1/debian/changelog   2017-05-29 13:39:46.0 +0200
@@ -1,3 +1,16 @@
+lua-http (0.1-3) unstable; urgency=medium
+
+  * Fix request building in locales with comma decimal separator
+(Closes: #863286) (Courtesy of Daurnimator)
+
+ -- Ondřej Surý   Mon, 29 May 2017 13:39:46 +0200
+
+lua-http (0.1-2) unstable; urgency=medium
+
+  * New lua-http breaks knot-resolver-module-http and not knot-resolver
+
+ -- Ondřej Surý   Tue, 20 Dec 2016 11:39:33 +0100
+
 lua-http (0.1-1) unstable; urgency=medium
 
   * Imported Upstream version 0.1
diff -Nru lua-http-0.1/debian/control lua-http-0.1/debian/control
--- lua-http-0.1/debian/control 2016-12-19 13:13:38.0 +0100
+++ lua-http-0.1/debian/control 2017-05-29 13:39:46.0 +0200
@@ -21,7 +21,7 @@
  lua-luaossl (>= 20161208),
  ${misc:Depends},
  ${shlibs:Depends}
-Breaks: knot-resolver (<< 1.2.0~)
+Breaks: knot-resolver-module-http (<< 1.2.0~)
 Provides: ${lua:Provides}
 XB-Lua-Versions: ${lua:Versions}
 Description: HTTP library for Lua
diff -Nru 
lua-http-0.1/debian/patches/0001-http-h1_connection-Fix-request-building-in-locales-w.patch
 
lua-http-0.1/debian/patches/0001-http-h1_connection-Fix-request-building-in-locales-w.patch
--- 
lua-http-0.1/debian/patches/0001-http-h1_connection-Fix-request-building-in-locales-w.patch
 1970-01-01 01:00:00.0 +0100
+++ 
lua-http-0.1/debian/patches/0001-http-h1_connection-Fix-request-building-in-locales-w.patch
 2017-05-29 13:39:46.0 +0200
@@ -0,0 +1,32 @@
+From: daurnimator 
+Date: Thu, 25 May 2017 11:04:32 +1000
+Subject: http/h1_connection: Fix request building in locales with comma
+ decimal separator
+
+Reported at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863286
+---
+ http/h1_connection.lua | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/http/h1_connection.lua b/http/h1_connection.lua
+index 1dd5def..28db038 100644

Bug#852675: #852675: package cfengine3 unusable

[Christoph Martin]

severity 862903 grave
tags #862903 + patch
thanks

ssl1.1 makes cfengine3 crash with cfengine3 3.6 clients from jessie.

reverting the patch in debian/patches fixes the issue.

Christoph

-- 

Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber: mar...@jabber.uni-mainz.de
  (Siehe http://www.zdv.uni-mainz.de/4010.php)




signature.asc
Description: OpenPGP digital signature

Bug#863623: freetype: diff for NMU version 2.8-0.1

[Laurent Bigonville]

Package: freetype
Version: 2.7.1-0.1
Severity: normal
Tags: patch pending

Dear maintainer,

I've prepared an NMU for freetype (versioned as 2.8-0.1). The diff
is attached to this message.

Regards.
diff -Nru freetype-2.7.1/debian/changelog freetype-2.8/debian/changelog
--- freetype-2.7.1/debian/changelog 2017-05-29 13:35:21.0 +0200
+++ freetype-2.8/debian/changelog   2017-05-29 13:35:21.0 +0200
@@ -1,3 +1,16 @@
+freetype (2.8-0.1) experimental; urgency=medium
+
+  * Non-maintainer upload.
+  * New upstream release
+- Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
+- t1_builder_close_contour: Add safety guard (CVE-2017-8287)
+  (Closes: #861308)
+- tt_size_reset: Do nothing for CFF2 (CVE-2017-7864) (Closes: #860313)
+- Improve handling for buggy variation fonts (CVE-2017-7857 CVE-2017-7858)
+  (Closes: #860307)
+
+ -- Laurent Bigonville   Fri, 26 May 2017 17:39:07 +0200
+
 freetype (2.7.1-0.1) experimental; urgency=medium
 
   * Non-maintainer upload.
diff -Nru freetype-2.7.1/debian/libfreetype6.symbols 
freetype-2.8/debian/libfreetype6.symbols
--- freetype-2.7.1/debian/libfreetype6.symbols  2017-05-29 13:35:21.0 
+0200
+++ freetype-2.8/debian/libfreetype6.symbols2017-05-29 13:35:21.0 
+0200
@@ -50,6 +50,7 @@
  FT_Face_GetCharsOfVariant@Base 2.3.5
  FT_Face_GetVariantSelectors@Base 2.3.5
  FT_Face_GetVariantsOfChar@Base 2.3.5
+ FT_Face_Properties@Base 2.8
  FT_Face_SetUnpatentedHinting@Base 2.3.5
  FT_FloorFix@Base 2.2.1
  FT_Forget_Frame@Base 0 1
@@ -87,6 +88,7 @@
  FT_Get_PS_Font_Value@Base 2.4.8
  FT_Get_Postscript_Name@Base 2.2.1
  FT_Get_Renderer@Base 2.2.1
+ FT_Get_Sfnt_LangTag@Base 2.8
  FT_Get_Sfnt_Name@Base 2.2.1
  FT_Get_Sfnt_Name_Count@Base 2.2.1
  FT_Get_Sfnt_Table@Base 2.2.1
@@ -194,6 +196,7 @@
  FT_Set_Char_Size@Base 2.2.1
  FT_Set_Charmap@Base 2.2.1
  FT_Set_Debug_Hook@Base 2.2.1
+ FT_Set_Default_Properties@Base 2.8
  FT_Set_MM_Blend_Coordinates@Base 2.2.1
  FT_Set_MM_Design_Coordinates@Base 2.2.1
  FT_Set_Pixel_Sizes@Base 2.2.1
@@ -264,6 +267,10 @@
  FT_Vector_Unit@Base 2.2.1
  TT_New_Context@Base 2.2.1
  TT_RunIns@Base 2.2.1
+ af_adlm_dflt_style_class@Base 0 1
+ af_adlm_nonbase_uniranges@Base 0 1
+ af_adlm_script_class@Base 0 1
+ af_adlm_uniranges@Base 0 1
  af_arab_dflt_style_class@Base 0 1
  af_arab_nonbase_uniranges@Base 0 1
  af_arab_script_class@Base 0 1
@@ -273,17 +280,49 @@
  af_armn_script_class@Base 0 1
  af_armn_uniranges@Base 0 1
  af_autofitter_interface@Base 0 1
+ af_avst_dflt_style_class@Base 0 1
+ af_avst_nonbase_uniranges@Base 0 1
+ af_avst_script_class@Base 0 1
+ af_avst_uniranges@Base 0 1
+ af_bamu_dflt_style_class@Base 0 1
+ af_bamu_nonbase_uniranges@Base 0 1
+ af_bamu_script_class@Base 0 1
+ af_bamu_uniranges@Base 0 1
  af_beng_dflt_style_class@Base 0 1
  af_beng_nonbase_uniranges@Base 0 1
  af_beng_script_class@Base 0 1
  af_beng_uniranges@Base 0 1
  af_blue_strings@Base 0 1
  af_blue_stringsets@Base 0 1
+ af_buhd_dflt_style_class@Base 0 1
+ af_buhd_nonbase_uniranges@Base 0 1
+ af_buhd_script_class@Base 0 1
+ af_buhd_uniranges@Base 0 1
+ af_cakm_dflt_style_class@Base 0 1
+ af_cakm_nonbase_uniranges@Base 0 1
+ af_cakm_script_class@Base 0 1
+ af_cakm_uniranges@Base 0 1
+ af_cans_dflt_style_class@Base 0 1
+ af_cans_nonbase_uniranges@Base 0 1
+ af_cans_script_class@Base 0 1
+ af_cans_uniranges@Base 0 1
+ af_cari_dflt_style_class@Base 0 1
+ af_cari_nonbase_uniranges@Base 0 1
+ af_cari_script_class@Base 0 1
+ af_cari_uniranges@Base 0 1
  af_cher_dflt_style_class@Base 0 1
  af_cher_nonbase_uniranges@Base 0 1
  af_cher_script_class@Base 0 1
  af_cher_uniranges@Base 0 1
  af_cjk_writing_system_class@Base 0 1
+ af_copt_dflt_style_class@Base 0 1
+ af_copt_nonbase_uniranges@Base 0 1
+ af_copt_script_class@Base 0 1
+ af_copt_uniranges@Base 0 1
+ af_cprt_dflt_style_class@Base 0 1
+ af_cprt_nonbase_uniranges@Base 0 1
+ af_cprt_script_class@Base 0 1
+ af_cprt_uniranges@Base 0 1
  af_cyrl_c2cp_style_class@Base 0 1
  af_cyrl_c2sc_style_class@Base 0 1
  af_cyrl_dflt_style_class@Base 0 1
@@ -301,6 +340,10 @@
  af_deva_nonbase_uniranges@Base 0 1
  af_deva_script_class@Base 0 1
  af_deva_uniranges@Base 0 1
+ af_dsrt_dflt_style_class@Base 0 1
+ af_dsrt_nonbase_uniranges@Base 0 1
+ af_dsrt_script_class@Base 0 1
+ af_dsrt_uniranges@Base 0 1
  af_dummy_writing_system_class@Base 0 1
  af_ethi_dflt_style_class@Base 0 1
  af_ethi_nonbase_uniranges@Base 0 1
@@ -314,6 +357,14 @@
  af_geor_nonbase_uniranges@Base 0 1
  af_geor_script_class@Base 0 1
  af_geor_uniranges@Base 0 1
+ af_glag_dflt_style_class@Base 0 1
+ af_glag_nonbase_uniranges@Base 0 1
+ af_glag_script_class@Base 0 1
+ af_glag_uniranges@Base 0 1
+ af_goth_dflt_style_class@Base 0 1
+ af_goth_nonbase_uniranges@Base 0 1
+ af_goth_script_class@Base 0 1
+ af_goth_uniranges@Base 0 1
  af_grek_c2cp_style_class@Base 0 1
  af_grek_c2sc_style_class@Base 0 1
  af_grek_dflt_style_class@Base 0 1
@@ -344,6 +395,10 @@
  af_hebr_script_class@Base 0 1
 

Bug#863621: plasma-pa: Notification sounds volume stuck at zero

[Timo Kalliomäki]

Package: plasma-pa
Version: 4:5.8.6-1
Severity: important

Dear Maintainer,

I wanted to change my "notification sounds" volume. I opened the plasma-pa 
settings and moved the slider. The slider was at zero, and trying to change the 
value resulted in the setting immediately returning back to zero. The expected 
outcome was being able to set the volume to a non-zero value.

As a workaround, I used pavucontrol to change the value from zero. After this, 
plasma-pa also seems to work properly.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages plasma-pa depends on:
ii  gconf-service3.2.6-4+b1
ii  libc62.24-10
ii  libcanberra0 0.30-3
ii  libgconf-2-4 3.2.6-4+b1
ii  libglib2.0-0 2.50.3-2
ii  libkf5coreaddons55.28.0-2
ii  libkf5globalaccel5   5.28.0-1
ii  libkf5i18n5  5.28.0-2
ii  libkf5quickaddons5   5.28.0-1
ii  libpulse-mainloop-glib0  10.0-1
ii  libpulse010.0-1
ii  libqt5core5a 5.7.1+dfsg-3+b1
ii  libqt5dbus5  5.7.1+dfsg-3+b1
ii  libqt5gui5   5.7.1+dfsg-3+b1
ii  libqt5qml5   5.7.1-2+b2
ii  libqt5quick5 5.7.1-2+b2
ii  libqt5widgets5   5.7.1+dfsg-3+b1
ii  libstdc++6   6.3.0-18
ii  plasma-framework 5.28.0-2
ii  pulseaudio   10.0-1
ii  pulseaudio-module-gconf  10.0-1
ii  qml-module-org-kde-draganddrop   5.28.0-1
ii  qml-module-org-kde-kquickcontrolsaddons  5.28.0-1
ii  qml-module-qtquick-controls  5.7.1~20161021-2
ii  qml-module-qtquick-layouts   5.7.1-2+b2
ii  qml-module-qtquick2  5.7.1-2+b2

plasma-pa recommends no packages.

plasma-pa suggests no packages.

-- no debconf information

Bug#863622: apt: warn when installing packages that are not reproducible

[Chris Lamb]

Package: apt
Severity: wishlist
X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org

Hi,

APT should (eventually) warn when installing packages that are not
reproducible. 

Clearly, all the bits to make this work today are not in dak, APT, the
mirrors, etc. However, I thought it was best to experiment early with
the potential user interface.

This would ensure that we know exactly what data we need and we don't
make a big mistake and miss something.

To this end, I've attached a proof of concept patch. Example output:

  $ apt install python-pywt-doc
  Reading package lists... Done
  Building dependency tree   
  Reading state information... Done
  The following NEW packages will be installed:
python-pywt-doc
  0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
  Need to get 102 kB of archives.
  After this operation, 978 kB of additional disk space will be used.
  WARNING: The following packages are not reproducible!
python-pywt-doc
  Install these packages anyway? [y/N]

  $ echo $?
  130


It takes an expected "--allow-unreproducible" argument, as well as an
"-o Debug::pkgAcquire::Reproducible=true" if you want to debug it. I
might play with it more at https://github.com/lamby/apt on the
reproducible-ui branch:

  https://github.com/lamby/apt/tree/lamby/wip/reproducible-ui

Just to be clear, the patch is obviously an digusting hack and you
should not use it, hence the lack of a "patch" tag (!).

(We would also — later please! — need to agree on what "reproducible"
really means in terms of multiple builders.)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
>From a381af380f642080d11048d767fe7eb3704a74ce Mon Sep 17 00:00:00 2001
From: Chris Lamb 
Date: Thu, 15 Dec 2016 22:58:43 +0100
Subject: [PATCH] Warn when installing packages that are not reproducible.

  ** This is obviously an digusting hack and you should not use it. **

It is only a proof-of-concept to experiment with the user-facing interface
of such a warning.

Signed-off-by: Chris Lamb 
---
 apt-pkg/init.cc |   1 +
 apt-private/private-cmndline.cc |   1 +
 apt-private/private-download.cc | 130 +++-
 apt-private/private-download.h  |   6 ++
 apt-private/private-install.cc  |   3 +
 completions/bash/apt|   1 +
 debian/control  |   3 +
 7 files changed, 144 insertions(+), 1 deletion(-)

diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index 00d991027..8142ea1d8 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -145,6 +145,7 @@ bool pkgInitConfig(Configuration )
Cnf.CndSet("Dir::Cache::archives","archives/");
Cnf.CndSet("Dir::Cache::srcpkgcache","srcpkgcache.bin");
Cnf.CndSet("Dir::Cache::pkgcache","pkgcache.bin");
+   Cnf.CndSet("Dir::Cache::reproduciblecache","reproducible.json.bz2");
 
// Configuration
Cnf.CndSet("Dir::Etc", CONF_DIR + 1);
diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc
index de3992a00..ca218d1ec 100644
--- a/apt-private/private-cmndline.cc
+++ b/apt-private/private-cmndline.cc
@@ -274,6 +274,7 @@ static bool addArgumentsAPTGet(std::vector , char const
addArg(0,"only-source","APT::Get::Only-Source",0);
addArg(0,"allow-unauthenticated","APT::Get::AllowUnauthenticated",0);
addArg(0,"allow-insecure-repositories","Acquire::AllowInsecureRepositories",0);
+   addArg(0,"allow-unreproducible","APT::Get::AllowUnreproducible",0);
addArg(0,"allow-weak-repositories","Acquire::AllowWeakRepositories",0);
addArg(0,"install-recommends","APT::Install-Recommends",CommandLine::Boolean);
addArg(0,"install-suggests","APT::Install-Suggests",CommandLine::Boolean);
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc
index ee477f4cb..85235ad6e 100644
--- a/apt-private/private-download.cc
+++ b/apt-private/private-download.cc
@@ -85,6 +85,132 @@ bool AuthPrompt(std::vector const , bool const Prompt
 
return _error->Error(_("There were unauthenticated packages and -y was used without --allow-unauthenticated"));
 }
+
+// GetOutput - execute CmdLine and place the first line in output	/*{{{*/
+static bool GetOutput(std::string , std::string const CmdLine, bool const Debug)
+{
+   pid_t Child;
+   FileFd PipeFd;
+   char buf[1024];
+
+   if (Debug)
+  std::cerr << CmdLine << std::endl;
+
+   std::vector Args = {"/bin/sh", "-c", CmdLine.c_str(), nullptr};
+   if (Popen([0], PipeFd, Child, FileFd::ReadOnly, false) == false)
+  return false;
+
+   PipeFd.ReadLine(buf, sizeof(buf));
+   buf[sizeof(buf) - 1] = '\0';
+   PipeFd.Close();
+
+   if (ExecWait(Child, "sh") == false)
+  return false;
+
+   output = _strstrip(buf);
+
+   return true;
+}
+
+// CheckReproducible - check if each download comes form a reproducible source	/*{{{*/
+bool CheckReproducible(pkgAcquire& Fetcher, bool const PromptUser)
+{
+   if 

Bug#792552: [pkg-cryptsetup-devel] Bug#792552: still doesn't continue shutdown process

[Pali Rohár]

On Monday 29 May 2017 09:31:39 Guilhem Moulin wrote:
> On Sun, 28 May 2017 at 23:41:56 +0200, Pali Rohár wrote:
> > On Sunday 28 May 2017 21:26:53 Guilhem Moulin wrote:
> >> which as I explained in message #86 is due to /etc/init.d/sendsigs
> >> killing systemd-udevd at shutdown/reboot time, thereby causing
> >> dmsetup to hang.
> > 
> > And removing remaining socket file /run/udev/control before invoking 
> > cryptsetup fixes hanging.
> 
> The udev regression might affect other shutdown sequences so I don't
> think the workaround should be implemented in cryptsetup's init scripts.

Then it is needed to fix broken udev (from systemd source package).

> >> The udev/systemd maintainers have fixed #791944,
> >> but their fix probably didn't land into Stretch yet.
> > 
> > Seems it is not in Stretch yet: 
> > http://metadata.ftp-master.debian.org/changelogs/main/s/systemd/systemd_232-23_changelog
> > 
> > Should I create release bug report for Stretch? This seems to be a big 
> > problem if shutdown/reboot procedure hangs when using encrypted disk.
> 
> Not sure if the fix can be easily backported to 232-xyz, perhaps you
> should follow-up on #791944 and ask there first?

Asked, sent comment.

> Even if the udev
> maintainers don't acknowledge the severity they're in a better position
> to determine whether the workaround should go to our init scripts or
> not.

-- 
Pali Rohár
pali.ro...@gmail.com

Bug#863620: gdb: breakpoints disappear after recompiling

[Lu Wang]

Package: gdb
Version: 7.12-6
Severity: normal

Dear Maintainer,

I'm debugging a test C program. I compile it with gcc as follow

gcc -Wall -g xxx.c -o xxx

I have set some breakpoints. If I recompile the code for debugging.
Then I execute the program using the command
run and the breakpoints disappear. This ought to work, but doesn't
restore my breakpoints.

the output is

`/home/tw/Documents/test1/xxx' has changed; re-reading symbols.
Error in re-setting breakpoint 1: Cannot access memory at address 0x46f0
Starting program: /home/tw/Documents/test1/xxx
[Switching to thread 1 (process 11336)](running)
[Inferior 1 (process 11336) exited normally]



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gdb depends on:
ii  libbabeltrace-ctf1  1.5.1-1
ii  libbabeltrace1  1.5.1-1
ii  libc6   2.24-10
ii  libexpat1   2.2.0-2
ii  liblzma55.2.2-1.2+b1
ii  libncurses5 6.0+20161126-1
ii  libpython3.53.5.3-1
ii  libreadline77.0-3
ii  libtinfo5   6.0+20161126-1
ii  zlib1g  1:1.2.8.dfsg-5

Versions of packages gdb recommends:
ii  libc6-dbg [libc-dbg]  2.24-10

Versions of packages gdb suggests:
ii  gdb-doc7.12-2
ii  gdbserver  7.12-6

-- no debconf information

Bug#863619: vim-youcompleteme: dependence on vim only but noy neovim

[Ulyanich Michael]

Package: vim-youcompleteme
Version: 0+20161219+git194ff33-1
Severity: wishlist

Dear Maintainer,

I want to use this package with neovim only and remove vim, but this package
depends on vim. It would be great if neovim was added as alternative
dependence.



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_UA.utf8, LC_CTYPE=ru_UA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages vim-youcompleteme depends on:
ii  python3-frozendict0.5-1
ii  python3-future0.15.2-4
ii  python3-requests  2.12.4-1
ii  python3-requests-futures  0.9.7-1
pn  python3:any   
ii  vim-nox [vim-python]  2:8.0.0197-4
ii  ycmd  0+20161219+git486b809-1

Versions of packages vim-youcompleteme recommends:
ii  vim-addon-manager  0.5.6

vim-youcompleteme suggests no packages.

-- no debconf information

Bug#862258: add an user for mlmmj

[Geert Stappers]

On Sat, May 27, 2017 at 09:49:49PM +0200, Thomas Goirand wrote:
> On 05/27/2017 01:48 AM, Geert Stappers wrote:
> >> On 05/25/2017 10:59 AM, Geert Stappers wrote:
> >>> Both http://mlmmj.org/docs/readme-exim4/ and 
> >>> http://mlmmj.org/docs/readme-postfix/
> >>> say to create a mlmmj user.
> > 
> > Those who want to use that mlmmj user will benefit from the "postinst 
> > adduser".
> 
> But those who don't will have a useless user setup *every time* the
> package is upgraded.

Code from the patch, note the 'if' statement

+   # Create dedicated mlmmj user
+if ! getent passwd mlmmj > /dev/null; then
+adduser --system --quiet \
+   --home /var/spool/mlmmj --no-create-home \
+   --shell /bin/false --ingroup mlmmj \
+--gecos "Mailing List Management Made Joyful" \
+mlmmj
+fi


That 'if' statement makes
> But those who don't will have a useless user setup *every time* the
> package is upgraded.
into
} But those who don't will have a useless user setup


Right now we are talking about entries in /etc/passwd and /etc/group
that _might not_ be used.

Could we go back to /etc/passwd /etc/group entries
that _are_ being used?



Groeten
Geert Stappers
-- 
Leven en laten leven

Bug#699403: about to upload xorg-test to Debian

[Mike Gabriel]

Control: retitle -1 ITP: xorg-gtest -- X.Org dummy testing environment  
for Google Test

Control: owner -1 mike.gabr...@das-netzwerkteam.de

HI,

I am about to upload this package to Debian as part of my Ayatana  
Indicators initiative...


Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpmTzqOdPv9c.pgp
Description: Digitale PGP-Signatur

Bug#862008: crashes, segmentation fault

[a11cf0]

Hello.
Unfortunately, this bug is still present on a fully updated Stretch system. I 
have at-spi2-core 2.22.0-6 installed and constantly experience Orca crashes 
with exactly the same segfault. This is especially annoying on Gnome when 
switching windows. With Mate it seems to occur only sometimes when closing some 
apps like Pluma, but it is still noticeable.
Which additional info can I provide to help fixing this bug?
Thanks.

Bug#849227: Unreproducible

[u]

Hi Henrik,

I cannot reproduce this. It works perfectly for me. The server is not
stopped when I uncheck the box.

Can you please try using oionshare 0.9.2 and confirm if this still
persists or not?

Cheers!
ulrike

Bug#863616: dacs: effectively built with DACS_HOME=/usr => violates FHS

[Jonas Smedegaard]

Quoting Jonas Smedegaard (2017-05-29 12:35:02)
> Upstream autoconf oddly ties the --prefix option with a custom - 
> --dacs_home option which gets hardwired into the installed tools and 
> is a root directory for both static and variable parts.
> 
> dacs 1.4.38a-1 sets --prefix which effectively tells the build 
> routines to use /usr as the root of both binaries, configuration files 
> (e.g. debugging hint file debug_dacs_acs), admin-editable web content 
> (dtds) and variable data (e.g. a sequence file).
> 
> In other words, setting --prefix=/usr violates FHS!  Weird, yes.

It seems like upstream warned about the oddity: When setting --prefix to 
a short path, the build routines apparently spews this:

> The prefix path ("$prefix") really should specify a"
> directory name of the form "/blah/blah/.../dacs*",
> such as /usr/local/dacs or /usr/local/dacs-xxx.
> If you insist on using this prefix, please rerun configure with
> the --disable-prefix-check option

...except the package silences that warning by use of 
--disable-prefix-check :-/


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#863618: debarchiver: French program translation update

[Alban Vidal]

Package: debarchiver
Version: 0.11.0
Severity: wishlist
Tags: patch l10n

Please find attached the French translation update, proofread by the
debian-l10n-french mailing list contributors.

po4a://debarchiver/po4a/po/fr.po

Best regards

Alban Vidal
# Translation of debarchiver manpage to French
# Copyright (C) 2005, 2006, 2010 Free Software Foundation, Inc.
# This file is distributed under the same license as the debarchiver package.
#
# Translators:
# Valery Perrin , 2005, 2006, 2010, 2011.
# Alban Vidal , 2017.
msgid ""
msgstr ""
"Project-Id-Version: debarchiver/0.11.0\n"
"POT-Creation-Date: 2016-06-12 21:14+0200\n"
"PO-Revision-Date: 2017-05-21 18:06+0100\n"
"Last-Translator: Alban Vidal \n"
"Language-Team: French \n"
"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Lokalize 2.0\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"

# type: =head1
#. type: =head1
#: debarchiver.pod:1
msgid "NAME"
msgstr "NOM"

# type: textblock
#. type: textblock
#: debarchiver.pod:3
msgid "debarchiver - Tool to sort debian packages into a package archive."
msgstr ""
"debarchiver - Outil de gestion des paquets Debian au sein d'une archive de "
"paquet."

# type: =head1
#. type: =head1
#: debarchiver.pod:5
msgid "SYNOPSIS"
msgstr "SYNOPSIS"

# type: textblock
#. type: textblock
#: debarchiver.pod:7
msgid "debarchiver [options]"
msgstr "debarchiver [options]"

# type: =head1
#. type: =head1
#: debarchiver.pod:9
msgid "DESCRIPTION"
msgstr "DESCRIPTION"

# type: textblock
#. type: textblock
#: debarchiver.pod:11
msgid ""
"The debian archiver is a tool that installs debian packages into a file "
"structure suitable for apt-get, aptitude, dselect and similar tools. This "
"can be used for updating the Debian system. It is meant to be used by local "
"administrators that need special packages, or tweaked versions to ease "
"administration."
msgstr ""
"L'archiveur Debian (debarchiver) est un outil qui installe les paquets "
"Debian dans une structure de fichiers exploitable par apt-get, aptitude, "
"dselect et d'autres outils semblables. Il peut être utilisé pour la mise à "
"jour des systèmes Debian. Il est destiné à être employé par des "
"administrateurs locaux qui ont besoin de paquets spéciaux, ou de versions "
"particulières, afin d'en faciliter la gestion."

# type: textblock
#. type: textblock
#: debarchiver.pod:13
msgid ""
"The file structure is based on the potato file structure and does not "
"support package pools."
msgstr ""
"La structure de fichiers est basée sur celle de potato et ne reconnaît pas "
"la structure de paquets en « pools ». (NdT : Structure utilisée à partir de "
"woody)."

# type: =head1
#. type: =head1
#: debarchiver.pod:15
msgid "OPTIONS"
msgstr "OPTIONS"

# type: =item
#. type: =item
#: debarchiver.pod:19
msgid "B<-a | --autoscan>"
msgstr "B<-a | --autoscan>"

# type: textblock
#. type: textblock
#: debarchiver.pod:21
msgid "Does both --autoscanpackages and --autoscansources."
msgstr "Exécute « --autoscanpackages » et « --autoscansources »."

# type: =item
#. type: =item
#: debarchiver.pod:23
msgid "B<--autoscanall>"
msgstr "B<--autoscanall>"

# type: textblock
#. type: textblock
#: debarchiver.pod:25
msgid "Same as --scanall --autoscan."
msgstr "Identique à « --scanall --autoscan »."

# type: =item
#. type: =item
#: debarchiver.pod:27
msgid "B<--autoscanpackages>"
msgstr "B<--autoscanpackages>"

# type: textblock
#. type: textblock
#: debarchiver.pod:29
msgid ""
"Automatically run dpkg-scanpackages after all new packages are installed."
msgstr ""
"Démarre automatiquement « dpkg-scanpackages » après l'installation de tous "
"les nouveaux paquets."

# type: =item
#. type: =item
#: debarchiver.pod:31
msgid "B<--autoscansources>"
msgstr "B<--autoscansources>"

# type: textblock
#. type: textblock
#: debarchiver.pod:33
msgid ""
"Automatically run dpkg-scansources after all new packages are installed."
msgstr ""
"Lance automatiquement « dpkg-scansources » après l'installation de tous les "
"nouveaux paquets."

# type: =item
#. type: =item
#: debarchiver.pod:35
msgid "B<-b | --bzip>"
msgstr "B<-b | --bzip>"

# type: textblock
#. type: textblock
#: debarchiver.pod:37
msgid "Create bzip2 compressed Packages.bz2 and Sources.bz2 files."
msgstr ""
"Crée les fichiers « Packages.bz2 » et « Sources.bz2 » comprimés avec bzip2."

# type: =item
#. type: =item
#: debarchiver.pod:39
msgid "B<--cachedir> dir"
msgstr "B<--cachedir> répertoire"

# type: textblock
#. type: textblock
#: debarchiver.pod:41
msgid ""
"The apt-ftparchive package cache directory, if --index is used. The default "
"is $cachedir."
msgstr ""
"Indique le répertoire de cache utilisé par apt-ftparchive, si « --index » "
"est utilisé. La valeur par défaut est « $cachedir »."

# type: =item
#. type: =item
#: debarchiver.pod:43
msgid "B<--cinstall> dir"

Bug#863616: dacs: effectively built with DACS_HOME=/usr => violates FHS

[Jonas Smedegaard]

Source: dacs
Version: 1.4.38a-1
Severity: serious
Justification: Policy 9.1.1

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Upstream autoconf oddly ties the --prefix option with a custom
- --dacs_home option which gets hardwired into the installed tools and is
a root directory for both static and variable parts.

dacs 1.4.38a-1 sets --prefix which effectively tells the build routines
to use /usr as the root of both binaries, configuration files (e.g.
debugging hint file debug_dacs_acs), admin-editable web content (dtds)
and variable data (e.g. a sequence file).

In other words, setting --prefix=/usr violates FHS!  Weird, yes.

It is sort-of possible to setup a working dacs with current package, by
going through the configuration and replace ${Conf::DACS_HOME} when used
for anything else than binaries - i.e. sequence file, logfiles, content
dtds, and (autogenerated concatenations of) acls.  Some parts, however,
remain hardcoded - e.g. debugging without restarting apache by use of a
$DACS_HOME/debug_dacs_acs file as documented in dacs_acs man page, now
possible only by creating /usr/debug_dacs_acs as sysadmin which is BAD.

I have not yet tested, but it seems the solution is to instead set
- --prefix=/usr/lib/dacs and populate that directory with symlinks to the
various places the files are actually getting installed, matching FHS.

In addition to obeying FHS, that should make it possible to setup DACS
by following upstream quickstart - "man dacs.quick", or
https://dacs.dss.ca/man/dacs.quick.7.html

For inspiration, I believe mailman is installed in a similar manner.


 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlkr+VEACgkQLHwxRsGg
ASGGPQ/7BXuoPrXe3xuJ/k0inrGTXXWg6ate8KXp0RjTK8lJ0V59KsXppUk8irnV
Tm6nQ7GRIr7ip/BaW7Lr3uwYEOf9iJw6Vs8wU7TbLkjk8xKqqLBAbs3oCNQnzU8J
uUeFM2xCXV/GkjSwvsTKit9hGnJG0K5FHZGChXXgLK1SKcCI+zkH5NEC9g8xHkWR
HmVoxfwB7H/Plf+g4JCe3//lCTHTgog4SmJ5NtdNpI6V6v2u0z+KN+IhtuFwy+wm
9FmwpzwGNEllbjHYZOPnuMXKfY18CCdEaKbT9MYbIadSI2FnfD8KlrOKemVGgffe
oVxgxvUQnZMVN4WoLlPpL77n+PSmQAqs9uEY7/l4rH35X7JXPYiw7fVpRAbNxVJ1
1c+8GR/L2ZlqAQBZVqM9FhX5l2N1p/GEjJUENyCOu95Q18Ruz7gXzazzZ61lG6ZX
9nqL/7GrafxjnFbVbJa/W4mFF4dp7CAuhLEEVms0AA+qLSrr6Gcxv8GRxVbAMY1e
ysvQWLC9dqs+PE9zZPbItpOBt9X1QQzBzZ2tRYwO1fI37ZYetq0fEi62naSnGRes
LDuesWaXBW/xEAK/OxwDR2ApB+/wI9IKVFE9oDTdOpeDFM+Bei+JKmdc27lDjh/E
RTOm9tKoFQeUdYOR4LRLdbPPU1gcJ8B3Sho3A8x++XpLLcw6aoc=
=cBLQ
-END PGP SIGNATURE-

Bug#846548: [pkg-opensc-maint] Bug#846548: patch for #846548

[Adrian Bunk]

On Thu, May 18, 2017 at 11:33:51AM -0400, Eric Dorland wrote:
>...
> I think the way forward would be to make that bump and
> rebuild the only dependency (pam-p11) against it, but I'm not 100%
> sure pam-p11 compiles with openssl 1.1.
>...

It does not:

pam_p11.c:270:29: error: dereferencing pointer to incomplete type 
‘EVP_PKEY {aka struct evp_pkey_st}’
signature, siglen, pubkey->pkey.rsa);
 ^~

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#863615: debsums: French program translation update

[Alban Vidal]

Package: debsums
Version: 2.2.2
Severity: wishlist
Tags: patch l10n


Please find attached the French translation update, proofread by the
debian-l10n-french mailing list contributors.

po4a://debsums/man/po/fr.po

Best regards

Alban Vidal
# French translation of debsums manual pages
# Copyright (C) 2002, 2005-2007, 2009, 2010, 2017 Debian French l10n team 

# This file is distributed under the same license as the debsums package.
#
# Translators:
# Antoine Gémis , 2002.
# Frédéric Bothamy , 2005-2007.
# Emilien Mantel , 2009.
# David Prévot , 2010.
# Alban Vidal , 2017.
msgid ""
msgstr ""
"Project-Id-Version: debsums/2.2.2\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2017-05-07 14:00+0200\n"
"PO-Revision-Date: 2017-05-21 18:15+0100\n"
"Last-Translator: Alban Vidal \n"
"Language-Team: French \n"
"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Lokalize 2.0\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"

#. type: ds Dt
#: debsums.1:1
#, no-wrap
msgid "\\$4"
msgstr "\\$4"

# type: TH
#. type: TH
#: debsums.1:2 debsums_init.8:1
#, no-wrap
msgid "DEBSUMS"
msgstr "DEBSUMS"

# type: TH
#. type: TH
#: debsums.1:2
#, no-wrap
msgid "\\*(Dt"
msgstr "\\*(Dt"

# type: TH
#. type: TH
#: debsums.1:2
#, no-wrap
msgid "Debian"
msgstr "Debian"

# type: TH
#. type: TH
#: debsums.1:2
#, no-wrap
msgid "User Commands"
msgstr "Commandes Utilisateur"

# type: SH
#. type: SH
#: debsums.1:3 debsums_init.8:2
#, no-wrap
msgid "NAME"
msgstr "NOM"

# type: Plain text
#. type: Plain text
#: debsums.1:5
msgid "debsums - check the MD5 sums of installed Debian packages"
msgstr ""
"debsums - vérifie les sommes de contrôle MD5 des paquets Debian installés"

# type: SH
#. type: SH
#: debsums.1:5 debsums_init.8:4
#, no-wrap
msgid "SYNOPSIS"
msgstr "SYNOPSIS"

# type: Plain text
#. type: Plain text
#: debsums.1:10
msgid "B [I] [I|I] \\&..."
msgstr "B [I] [I|I] \\&..."

# type: SH
#. type: SH
#: debsums.1:10 debsums_init.8:6
#, no-wrap
msgid "DESCRIPTION"
msgstr "DESCRIPTION"

# type: Plain text
#. type: Plain text
#: debsums.1:13
msgid ""
"Verify installed Debian package files against MD5 checksum lists from /var/"
"lib/dpkg/info/*.md5sums."
msgstr ""
"Vérifie les fichiers des paquets Debian installés grâce à des listes de "
"sommes de contrôle MD5 depuis /var/lib/dpkg/info/*.md5sums."

# type: Plain text
#. type: Plain text
#: debsums.1:16
msgid ""
"B can generate checksum lists from deb archives for packages that "
"don't include one."
msgstr ""
"B peut générer des listes de sommes de contrôle à partir des "
"archives deb pour les paquets n'en possédant pas."

# type: SH
#. type: SH
#: debsums.1:16
#, no-wrap
msgid "OPTIONS"
msgstr "OPTIONS"

# type: TP
#. type: TP
#: debsums.1:17
#, no-wrap
msgid "B<-a>, B<--all>"
msgstr "B<-a>, B<--all>"

# type: Plain text
#. type: Plain text
#: debsums.1:20
msgid "Also check configuration files (normally excluded)."
msgstr "Vérifie aussi les fichiers de configuration (ignorés par défaut)."

# type: TP
#. type: TP
#: debsums.1:20
#, no-wrap
msgid "B<-e>, B<--config>"
msgstr "B<-e>, B<--config>"

# type: Plain text
#. type: Plain text
#: debsums.1:23
msgid "B check configuration files."
msgstr "Vérifie B les fichiers de configuration."

# type: TP
#. type: TP
#: debsums.1:23
#, no-wrap
msgid "B<-c>, B<--changed>"
msgstr "B<-c>, B<--changed>"

# type: Plain text
#. type: Plain text
#: debsums.1:27
msgid "Report changed file list to stdout (implies B<-s>)."
msgstr ""
"Envoie la liste des fichiers modifiés sur la sortie standard (ceci implique "
"B<-s>)."

# type: TP
#. type: TP
#: debsums.1:27
#, no-wrap
msgid "B<-l>, B<--list-missing>"
msgstr "B<-l>, B<--list-missing>"

# type: Plain text
#. type: Plain text
#: debsums.1:30
msgid "List packages (or debs) which don't have an MD5 sums file."
msgstr ""
"Liste les paquets (ou fichiers .deb) qui n'ont pas de somme de contrôle MD5."

# type: TP
#. type: TP
#: debsums.1:30
#, no-wrap
msgid "B<-s>, B<--silent>"
msgstr "B<-s>, B<--silent>"

# type: Plain text
#. type: Plain text
#: debsums.1:33
msgid "Only report errors."
msgstr "Affiche seulement les erreurs."

# type: TP
#. type: TP
#: debsums.1:33
#, no-wrap
msgid "B<-m>, B<--md5sums>=I"
msgstr "B<-m>, B<--md5sums>=I"

# type: Plain text
#. type: Plain text
#: debsums.1:37
msgid "Read list of deb checksums from I."
msgstr "Lit la liste des sommes de contrôle dans I."

# type: TP
#. type: TP
#: debsums.1:37
#, no-wrap
msgid "B<-r>, B<--root>=I"
msgstr "B<-r>, B<--root>=I"

# type: Plain text
#. type: Plain text
#: debsums.1:40
msgid "Root directory to check (default /)."
msgstr "Répertoire racine à vérifier (/ par défaut)."

# type: TP
#. type: TP
#: debsums.1:40
#, no-wrap
msgid "B<-d>, 

Bug#863617: ITP: ayatana-indicator-application -- Ayatana Application Indicators

[Mike Gabriel]

Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

* Package name: ayatana-indicator-application
  Version : 0.5.1
  Upstream Author : Mike Gabriel 
Ted Gould 
* URL : 
https://github.com/ArcticaProject/ayatana-indicator-application
* License : GPL-3
  Programming Lang: C
  Description : Ayatana Application Indicators

 An Ayatana Indicator to take menus from external applications and place
 them in the panel.
 .
 The application supporting indicator based panel applets provides its menu tree
 via the DBus bus org.kde.StatusNotifierWatcher.
 .
 This version of application indicators accepts connections from any 
application built
 against either of the available indicator frameworks: Ayatana Indicators and 
Ubuntu
 Indicators.

Bug#862992: systemd: avoid attempt to re-create /etc/mtab by systemd-tmpfiles-setup.service

[Michael Biebl]

Am 29.05.2017 um 08:37 schrieb Martin Pitt:
> Hello Maximilian,
> 
> Maximilian Stein [2017-05-28 22:12 +0200]:
>> I tried it again and apparently, /etc/mtab was actually created by FAI,
>> not by debootstrap, sorry for the confusion. But maybe it would be an
>> idea to create it by debootstrap to avoid its creation on the first boot?

I think if you use debian-installer to install the system, it will also
create /etc/mtab (as an absolute symlink to /proc/mounts). The
debian.conf tmpfiles config will "correct" that on first boot to make it
a relative symlink.

> Please let's not. /etc/mtab is a thing of the past, and nothing should use it
> any more. util-linux had been the primary reason for still having it in 
> jessie,
> but in testing util-linux, systemd, udisks, etc. completely ignore that file
> (aside from the backwards compat jobs to create it if not present).
> 
> After wheezy's release I would rather drop the /etc/mtab creation bit from
> systemd, and FAI should do the same.
> 

I guess you mean stretch, but yeah, we had this fixup rule for two
release cycles (via debian-fixup.service in jessie and via the tmpfiles
snippet in stretch). Maybe it's time to drop that in buster.
Should we get d-i (and FAI) updated to drop the creation of /etc/mtab as
well then?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#863614: DSL Cannot link network

[cheng wensui]

Package: network-manager
Version: 0.9.10.0-7

 I Establish a DSL 。But Cannot link network。Confirm account and password is 
Right
  I am using debian-live-8.8.0-amd64-mate and debian-live-8.7.0-amd64-cinnamon.

This is a serious problem.Don't you have a test?

9万岁9

Bug#863613: install failure

[cheng wensui]

Package: no-Package
Version: 0.0.0

use "dd bs=4M if=/media/043203AD162A0ED8/debian-live-testing-amd64-cinnamon.iso 
of=/dev/sdc && sync"
 Start the cd install system , To the time of detection of the cd file is 
failure

debian-testing-amd64-DVD and debian-live-testing-amd64-cinnamon and 
debian-live-testing-amd64-mate  Are so

This is a serious problem.Don't you have a test?




9万岁9

Bug#863320: Acknowledgement ((pre-approval) unblock: ganeti/2.15.2-8)

[Apollon Oikonomopoulos]

Control: retitle -1 unblock: ganeti/2.15.2-8

Since we are near the release deadline, I uploaded 2.15.2-8 (including 
two new fixes, see below) to unstable, to gain some time and clear 
piuparts and CI tests.

The upload includes two additional fixes for issues found while 
migrating part of our cluster to Stretch:

 - A fix for a bug in a pre-migration check when migrating between 
   different hypervisor versions. These migrations would always fail on 
   Debian, because of code running on the master node as non-root 
   unintentionally.

 - A fix for instance import/export/move, because of a wrong socat 
   parameter. Instead of renaming the parameter to the new name as 
   upstream did[1], I opted to completely remove it and let 
   socat/OpenSSL pick the best protocol version available (instead of 
   hard-coding good old TLSv1).

Full debdiff attached, interdiff follows.

Regards,
Apollon

[1] 
https://github.com/ganeti/ganeti/commit/d5d747d5e9273e2fbbf99e7f83b313f56f8656bb

Interdiff:

diff -u ganeti-2.15.2/debian/changelog ganeti-2.15.2/debian/changelog
--- ganeti-2.15.2/debian/changelog  2017-05-23 15:49:40.0 +0300
+++ ganeti-2.15.2/debian/changelog  2017-05-23 15:49:40.0 +0300
@@ -11,6 +11,13 @@
   key type/length parameters without running cfgupgrade.
   * Document the new SSH key support in d/NEWS.
   * Update project Homepage (Closes: #862829)
+  * Fix pre-migration check bug causing failure when migrating between 
different
+hypervisor versions and running luxid as non-root. Note that this does not
+mean that migrations between different hypervisor versions are safe and/or
+suppported.
+  * Fix instance import/export/move with current socat versions, by dropping
+the SSL method= socat option and letting socat/OpenSSL pick the best
+available.
   * d/copyright: bump years
 
  -- Apollon Oikonomopoulos   Tue, 23 May 2017 15:49:40 
+0300
diff -u ganeti-2.15.2/debian/patches/series ganeti-2.15.2/debian/patches/series
--- ganeti-2.15.2/debian/patches/series 2017-05-23 15:49:40.0 +0300
+++ ganeti-2.15.2/debian/patches/series 2017-05-23 15:49:40.0 +0300
@@ -15,0 +16,2 @@
+use-hv-class-to-check-for-migration.patch
+do-not-specify-socat-ssl-method.patch
only in patch2:
unchanged:
--- ganeti-2.15.2/debian/patches/do-not-specify-socat-ssl-method.patch  
1970-01-01 02:00:00.0 +0200
+++ ganeti-2.15.2/debian/patches/do-not-specify-socat-ssl-method.patch  
2017-05-23 15:49:40.0 +0300
@@ -0,0 +1,30 @@
+From f8cfc917a890de1d2489ab89775780c41b68a651 Mon Sep 17 00:00:00 2001
+From: Apollon Oikonomopoulos 
+Date: Fri, 26 May 2017 12:45:41 +0300
+Subject: [PATCH 3/3] impexpd: do not specify SSL method
+
+Recent versions of socat have changed the OpenSSL method name from TLSv1
+to TLS1, making instance import/export fail. Since there is no reason to
+force a specific (old) TLS version now that SSLv3 support has been removed
+from OpenSSL, it makes sense to just let socat choose.
+---
+ lib/impexpd/__init__.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/impexpd/__init__.py b/lib/impexpd/__init__.py
+index f40db31e4..97a9716cc 100644
+--- a/lib/impexpd/__init__.py
 b/lib/impexpd/__init__.py
+@@ -88,8 +88,7 @@ BUFSIZE = 1024 * 1024
+ 
+ # Common options for socat
+ SOCAT_TCP_OPTS = ["keepalive", "keepidle=60", "keepintvl=10", "keepcnt=5"]
+-SOCAT_OPENSSL_OPTS = ["verify=1", "method=TLSv1",
+-  "cipher=%s" % constants.OPENSSL_CIPHERS]
++SOCAT_OPENSSL_OPTS = ["verify=1", "cipher=%s" % constants.OPENSSL_CIPHERS]
+ 
+ if constants.SOCAT_USE_COMPRESS:
+   # Disables all compression in by OpenSSL. Only supported in patched versions
+-- 
+2.11.0
+
only in patch2:
unchanged:
--- ganeti-2.15.2/debian/patches/use-hv-class-to-check-for-migration.patch  
1970-01-01 02:00:00.0 +0200
+++ ganeti-2.15.2/debian/patches/use-hv-class-to-check-for-migration.patch  
2017-05-23 15:49:40.0 +0300
@@ -0,0 +1,31 @@
+From 93000ef9b540a243e420e73eb860c62a1322d5d8 Mon Sep 17 00:00:00 2001
+From: Apollon Oikonomopoulos 
+Date: Thu, 25 May 2017 16:13:30 +0300
+Subject: [PATCH 2/3] Do not instantiate an HV object to query for migration
+ safety
+
+hv.VersionsSafeForMigration is a static method. There is no reason to
+instatiate hypervisor objects to query for migration safety, just get
+the class and call the static method. Without this change, hypervisors
+are initialized on the master, causing side-effects (e.g. EnsureDirs)
+that might fail on systems where jobs are not run as root.
+---
+ lib/cmdlib/instance_migration.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/cmdlib/instance_migration.py 
b/lib/cmdlib/instance_migration.py
+index ca64afb35..1e500fdbc 100644
+--- a/lib/cmdlib/instance_migration.py
 b/lib/cmdlib/instance_migration.py
+@@ -738,7 +738,7 @@ class TLMigrateInstance(Tasklet):
+  

Bug#863612: opendmarc: still ignore inet SOCKET configuration

[Nicolas Couturier]

Package: opendmarc
Version: 1.3.2-2
Severity: important

Opendmarc ignore my inet socket settings.
I tried to set up inet socket in /etc/opendmarc.conf first.
Then i tried in /etc/default/opendmarc
When i start opendmarc, daemon options are :
/usr/sbin/opendmarc -p local:/var/run/opendmarc/opendmarc.sock -u
opendmarc -P /var/run/opendmarc/opendmarc.pid

-c options is not set and -p option is set with default local socket.

DEAMON_OPTS seems to be ignored by init.d script.

To bypass this issue, i have to launch opendmarc without the init.d
scripts.

In the bug #856488 the issue is supposed to be fixed in version 1.3.2-1

Thanks.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opendmarc depends on:
ii  adduser 3.115
ii  libbsd0 0.8.3-1
ii  libc6   2.24-10
ii  libmilter1.0.1  8.15.2-8
ii  libopendmarc2   1.3.2-2
ii  libspf2-2   1.2.10-7+b2
ii  lsb-base9.20161125
ii  publicsuffix20170424.0717-1

Versions of packages opendmarc recommends:
ii  libdbd-mysql-perl 4.041-2
ii  libdbi-perl   1.636-1+b1
ii  libhttp-message-perl  6.11-1
ii  libopendbx1   1.4.6-11+b1
ii  libopendbx1-mysql 1.4.6-11+b1
ii  libswitch-perl2.17-2
ii  perl  5.24.1-2
pn  perl:any  

opendmarc suggests no packages.

-- Configuration Files:
/etc/default/opendmarc changed:
RUNDIR=/var/run/opendmarc
SOCKET=inet:11078@localhost
USER=opendmarc
GROUP=opendmarc
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=

/etc/opendmarc.conf changed:
AuthservID "mail.coute.org"
AutoRestart true
AutoRestartRate 10/1h
IgnoreHosts /etc/opendkim/TrustedHosts
IgnoreMailFrom coute.org
PidFile /var/run/opendmarc/opendmarc.pid
RejectFailures false
Syslog true
SyslogFacility mail
TrustedAuthservIDs "mail.coute.org"


-- no debconf information

Bug#863611: physlock: new upstream version available

[Ximin Luo]

Package: physlock
Version: 0.4.5-2
Severity: normal

Dear Maintainer,

0.5 is available in GitHub. Actually it has been available since December 2015,
whereas d/changelog says December 2016 for its out-of-date version 0.4.5-2. I
wonder if d/watch is buggy or if your local git repo is out-of-date too?

Thanks for your time on physlock.

X

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'buildd-unstable'), (300, 'unstable'), (100, 
'experimental'), (1, 'experimental-debug')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#816781: [Aptitude-devel] Bug#816781: aptitude: Can not cancel pending upgrade actions

[Axel Beckert]

Hi,

Cesare Leonardi wrote:
> Steps to reproduce (always reproducible for me):
> - Open the TUI;
> - Press [u] to search for updates;
> - Review the upgradable package list and press [U] to mark them as
>   upgradable;
> - Decide to postpone the real upgrade and exit from aptitude;

This is relevant here.

> - Re-enter the TUI but for some reason you want aptitude forget all
>   pending actions by pressing the corresponding menu entry;
> - Observe that aptitude make some work but doesn't actually forget
>   nothing.

That's expected.

> Note that the same command works as expected if it's given during the
> same session, without exit.

Exactly.

Before you press the corresponding menu entry, but after already
having selected it, aptitude will show the following long description
in the status line:

  Cancel all pending actions from this session

So this menu entry only cancels actions which weren't scheduled in
previous sessions on purpose.

So maybe we should be a little bit more verbose with the short
description in the menu or maybe even split "Cancel pending actions"
into two separate menu entries:

* Cancel pending actions of this session
* Cancel all pending actions

or similar.

For now, what should do what you want is calling "aptitude keep-all"
on the commandline.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#863365: ITA: pylint-celery -- Pylint plugin for code using the Celery library

[陳昌倬]

Control: retitle -1 ITA: pylint-celery -- Pylint plugin for code using the 
Celery library
Control: owner -1 !

On Thu, May 25, 2017 at 09:13:20PM +0200, Daniel Stender wrote:
> Package: wnpp
> Severity: normal
> 
> I request an adopter for the pylint-celery package [1].

I will adopt this package.


-- 
ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org
http://czchen.info/
Key fingerprint = BA04 346D C2E1 FE63 C790  8793 CC65 B0CD EC27 5D5B


signature.asc
Description: PGP signature

Bug#863610: fossil: server IP is reported incorrectly when syncing over HTTPS

[Sergei Golovan]

Package: fossil
Version: 1:1.37-1
Severity: normal
Tags: upstream

Dear Maintainer,

When I sync a repository over SSL the following report is shown:

% fossil sync -R /mnt/srv/fossil/tkabber.fossil
Sync with https://sgolo...@chiselapp.com/user/sgolovan/repository/tkabber
Round-trips: 1   Artifacts sent: 0  received: 0
Sync done, sent: 2224  received: 2082  ip: 10.0.1.187

and the IP address is obviously incorrect, the correct one would be

% host chiselapp.com
chiselapp.com has address 216.250.117.7

The bug seems to be caused by some change in OpenSSL 1.1 comparatively
to 1.0 (another OpenSSL 1.1 incompatibility). It's harmless though,
only the reporting part seems to be affected. For repositories which
don't use HTTPS their IP address is reported correctly.

The bug is reproducible on fossil 1:2.2-1 from sid as well.

-- System Information:
Debian Release: 9.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fossil depends on:
ii  libc6   2.24-10
ii  libfuse22.9.7-1
ii  libsqlite3-03.16.2-3
ii  libssl1.1   1.1.0e-2
ii  libtcl8.5 [libtcl]  8.5.19-2+b1
ii  libtcl8.6 [libtcl]  8.6.6+dfsg-1+b1
ii  zlib1g  1:1.2.8.dfsg-5

fossil recommends no packages.

Versions of packages fossil suggests:
ii  gnupg  2.1.18-6

-- no debconf information

Bug#863584: CVE-2017-2824

[Alexei Vladishev]

Hey all,

Upstream here. Both issues has already been fixed under 
https://support.zabbix.com/browse/ZBX-12075 
.

Kind regards,
Alexei

> On 28 May 2017, at 23:42, Moritz Muehlenhoff  wrote:
> 
> Source: zabbix
> Severity: grave
> Tags: security
> 
> Please see
> http://www.talosintelligence.com/reports/TALOS-2017-0325/
> http://www.talosintelligence.com/reports/TALOS-2017-0326/
> 
> Cheers,
>Moritz
> 
> 

Bug#816781: aptitude: Can not cancel pending upgrade actions

[Cesare Leonardi]

Package: aptitude
Version: 0.8.7-1
Followup-For: Bug #816781

Since some times I'm hitting the following bug and today I've found the
time to report it to Debian. Even if it's a different use case, I think
it's closely related to this bug, so i'm posting here.

Steps to reproduce (always reproducible for me):
- Open the TUI;
- Press [u] to search for updates;
- Review the upgradable package list and press [U] to mark them as
  upgradable;
- Decide to postpone the real upgrade and exit from aptitude;
- Re-enter the TUI but for some reason you want aptitude forget all
  pending actions by pressing the corresponding menu entry;
- Observe that aptitude make some work but doesn't actually forget
  nothing.

Note that the same command works as expected if it's given during the
same session, without exit.

If I understand correctly, Manuel suggests to use the following
steps to obtain the same practical effect as cancel pending actions:
- With the cursor go on the "Upgradable Packages" tree root.
- Package -> Keep

Is that correct?
But in that case i haven't understood now what the "Cancel pending
actions" command is for.

Cesare.


-- Package-specific info:
Terminal: xterm
$DISPLAY is set.
which aptitude: /usr/bin/aptitude

aptitude version information:
aptitude 0.8.7
Compiler: g++ 6.3.0 20170406
Compiled against:
  apt version 5.0.1
  NCurses version 6.0
  libsigc++ version: 2.10.0
  Gtk+ support disabled.
  Qt support disabled.

Current library versions:
  NCurses version: ncurses 6.0.20161126
  cwidget version: 0.5.17
  Apt version: 5.0.1

aptitude linkage:
linux-vdso.so.1 (0x7ffc688a4000)
libapt-pkg.so.5.0 => /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0 
(0x7f35fc6a2000)
libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5 
(0x7f35fc472000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 
(0x7f35fc248000)
libsigc-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libsigc-2.0.so.0 
(0x7f35fc041000)
libcwidget.so.3 => /usr/lib/x86_64-linux-gnu/libcwidget.so.3 
(0x7f35fbd44000)
libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 
(0x7f35fba3a000)
libboost_iostreams.so.1.62.0 => 
/usr/lib/x86_64-linux-gnu/libboost_iostreams.so.1.62.0 (0x7f35fb822000)
libboost_filesystem.so.1.62.0 => 
/usr/lib/x86_64-linux-gnu/libboost_filesystem.so.1.62.0 (0x7f35fb609000)
libboost_system.so.1.62.0 => 
/usr/lib/x86_64-linux-gnu/libboost_system.so.1.62.0 (0x7f35fb405000)
libxapian.so.30 => /usr/lib/x86_64-linux-gnu/libxapian.so.30 
(0x7f35faff1000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
(0x7f35fadd4000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 
(0x7f35faa5)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f35fa74c000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 
(0x7f35fa535000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f35fa197000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f35f9f93000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 
(0x7f35f9d7c000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7f35f9b6)
libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 
(0x7f35f995)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x7f35f972a000)
liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 
(0x7f35f9518000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f35f931)
libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x7f35f9109000)
/lib64/ld-linux-x86-64.so.2 (0x55db3ead2000)

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages aptitude depends on:
ii  aptitude-common0.8.7-1
ii  libapt-pkg5.0  1.4.4
ii  libboost-filesystem1.62.0  1.62.0+dfsg-4
ii  libboost-iostreams1.62.0   1.62.0+dfsg-4
ii  libboost-system1.62.0  1.62.0+dfsg-4
ii  libc6  2.24-10
ii  libcwidget3v5  0.5.17-4+b1
ii  libgcc11:6.3.0-18
ii  libncursesw5   6.0+20161126-1
ii  libsigc++-2.0-0v5  2.10.0-1
ii  libsqlite3-0   3.16.2-3
ii  libstdc++6 6.3.0-18
ii  libtinfo5  6.0+20161126-1
ii  libxapian301.4.3-2

Versions of packages aptitude recommends:
ii  libparse-debianchangelog-perl  1.2.0-12
ii  sensible-utils 0.0.9

Versions of packages aptitude suggests:
pn  apt-xapian-index
pn  aptitude-doc-en | aptitude-doc  
pn  debtags 
ii  tasksel 3.39

-- 

Bug#791944: /etc/init.d/sendsigs kills systemd-udevd upon shutdown, causing dmsetup to hang

[Pali Rohár]

Problem is still present in Stretch and cause system hangs at
shutdown/reboot when using LUKS encryption. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792552#153

Stretch has only version 232. As in Jessie is version 215 and according
to first post this problem was introduced in 221, it is a regression
when upgrading from Jessie to Stretch.

Please fix this problem in Stretch.

-- 
Pali Rohár
pali.ro...@gmail.com

Bug#863179: apt: GPG errors on update and other operations

[Julian Andres Klode]

On 29 May 2017 at 09:53, Peter Miller  wrote:
> Hi,
>
>
> If you'd like to show me how I can use the gmail web interface to respond
> inline and select what to quote, do go ahead. I really don't like to be
> called names, especially when there is no basis for it.

Oh, I wasn't name calling, I just stated facts. In the gmail web UI,
you click on the three dots and then move your cursor to the position
where you want to start writing (I actually forgot to add this to the
previous email...).

>
> Sorry, but I did miss the  stuff from David. But, all files in that
> directory are -rw-r--r-- 1 root root and all files are GPG key files.

These look correct. Just to clarify: Running file shows you "GPG key
public ring" for each file? What about /etc/apt/trusted.gpg

>
> And:
>
> stat /tmp
>   File: /tmp
>   Size: 4096Blocks: 8  IO Block: 4096   directory
> Device: 10302h/66306d   Inode: 5373953 Links: 14
> Access: (1777/drwxrwxrwt)  Uid: (0/root)   Gid: (0/root)

That looks correct.

What you can do is manually run apt-key verify for an InRelease file, e.g.:

/usr/bin/apt-key verify
/var/lib/apt/lists/deb.debian.org_debian_dists_unstable_InRelease
/usr/bin/apt-key verify
/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_Release{.gpg,}

(showing the two different invocations). If you don't have InRelease
(or Release.gpg and Release) files, you could download one manually.
This should error messages from gpgv.

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.

Bug#863608: invalid application of ‘sizeof’ to incomplete type ‘cipher_ctx_t {aka struct evp_cipher_ctx_st}’

[jean-christophe manciot]

Package: openvpn
Version: 2.4.0-6

Building with:
dpkg-buildpackage --build=binary

leads to:
In file included from crypto.h:131:0,
 from crypto.c:36:
crypto.c: In function ‘init_key_ctx’:
crypto.c:846:32: error: invalid application of ‘sizeof’ to incomplete type
‘cipher_ctx_t {aka struct evp_cipher_ctx_st}’
 ALLOC_OBJ(ctx->cipher, cipher_ctx_t);
^
buffer.h:1013:61: note: in definition of macro ‘ALLOC_OBJ’
 check_malloc_return((dptr) = (type *) malloc(sizeof(type))); \
 ^~~~
crypto.c:870:30: error: invalid application of ‘sizeof’ to incomplete type
‘hmac_ctx_t {aka struct hmac_ctx_st}’
 ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
  ^
buffer.h:1013:61: note: in definition of macro ‘ALLOC_OBJ’
 check_malloc_return((dptr) = (type *) malloc(sizeof(type))); \
 ^~~~
Full build log is attached.

-- 
Jean-Christophe


openvpn_2.4.0-6.build
Description: Binary data

Bug#863605: ITP: python-pyserial -- serial port access library in Python

[Ghislain Vaillant]

On Mon, 2017-05-29 at 10:32 +0200, Julien Cristau wrote:
> On 05/29/2017 10:22 AM, Ghislain Antony Vaillant wrote:
> > Package: wnpp
> > Severity: wishlist
> > Owner: Ghislain Antony Vaillant 
> > 
> > * Package name: python-pyserial
> >   Version : 3.3
> >   Upstream Author : Chris Liechti 
> > * URL : https://github.com/pyserial/pyserial
> > * License : BSD
> >   Programming Lang: Python
> >   Description : serial port access library in Python
> > 
> > Long-Description:
> >  This module encapsulates the access for the serial port. It provides
> >  backends for Python running on Windows, OSX, Linux, BSD (possibly any
> >  POSIX compliant system) and IronPython. The module named "serial"
> >  automatically selects the appropriate backend.
> > 
> > This package is a dependency to src:python-pymeasure. It will be
> > co-maintained by the Debian Science Team.
> > 
> 
> Sounds like this duplicates the existing python-serial package.
> 
> Cheers,
> Julien

Correct, thanks for spotting it.

Ghis

Bug#863607: smartmontools: smartctl displays incorrect values for attributes Power_On_Hours and LifeTime

[Christian Andretzky]

Package: smartmontools
Version: 6.5+svn4324-1~bpo8+1
Severity: important

Starting some weeks (or months) ago – sorry I can't be more precise, the 
command 'smartctl -a [device]' displays wrong values for the attributes
'Power_On_Hours' and 'LifeTime'. As far as I can see in on case this seems to 
happen with Samsung SSD 850 PRO drives

Here an example:

---

smartctl 6.6 2016-05-31 r4324 [x86_64-linux-4.9.0-0.bpo.3-amd64] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Samsung based SSDs
Device Model: Samsung SSD 850 PRO 128GB
Serial Number:XXX
LU WWN Device Id: 5 002538 8701420da
Firmware Version: EXM02B6Q
User Capacity:128.035.676.160 bytes [128 GB]
Sector Size:  512 bytes logical/physical
Rotation Rate:Solid State Device
Device is:In smartctl database [for details use: -P show]
ATA Version is:   ACS-2, ATA8-ACS T13/1699-D revision 4c
SATA Version is:  SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:Sun May 28 21:33:16 2017 CEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:  (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection:(0) seconds.
Offline data collection
capabilities:(0x53) SMART execute Offline immediate.
Auto Offline data collection on/off 
support.
Suspend Offline collection upon new
command.
No Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:(0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:(0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time:(   2) minutes.
Extended self-test routine
recommended polling time:(  68) minutes.
SCT capabilities:  (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 1
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME  FLAG VALUE WORST THRESH TYPE  UPDATED  
WHEN_FAILED RAW_VALUE
  5 Reallocated_Sector_Ct   0x0033   100   100   010Pre-fail  Always   
-   0
  9 Power_On_Hours  0x0032   096   096   000Old_age   Always   
-   15950
 12 Power_Cycle_Count   0x0032   099   099   000Old_age   Always   
-   76
177 Wear_Leveling_Count 0x0013   099   099   000Pre-fail  Always   
-   2
179 Used_Rsvd_Blk_Cnt_Tot   0x0013   100   100   010Pre-fail  Always   
-   0
181 Program_Fail_Cnt_Total  0x0032   100   100   010Old_age   Always   
-   0
182 Erase_Fail_Count_Total  0x0032   100   100   010Old_age   Always   
-   0
183 Runtime_Bad_Block   0x0013   100   100   010Pre-fail  Always   
-   0
187 Uncorrectable_Error_Cnt 0x0032   100   100   000Old_age   Always   
-   0
190 Airflow_Temperature_Cel 0x0032   061   044   000Old_age   Always   
-   39
195 ECC_Error_Rate  0x001a   200   200   000Old_age   Always   
-   0
199 CRC_Error_Count 0x003e   100   100   000Old_age   Always   
-   0
235 POR_Recovery_Count  0x0012   099   099   000Old_age   Always   
-   15
241 Total_LBAs_Written  0x0032   099   099   000Old_age   Always   
-   147957410

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num  Test_DescriptionStatus  Remaining  LifeTime(hours)  
LBA_of_first_error
# 1  Extended offlineCompleted without error   00% 15935

Bug#863605: ITP: python-pyserial -- serial port access library in Python

[Julien Cristau]

On 05/29/2017 10:22 AM, Ghislain Antony Vaillant wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Ghislain Antony Vaillant 
> 
> * Package name: python-pyserial
>   Version : 3.3
>   Upstream Author : Chris Liechti 
> * URL : https://github.com/pyserial/pyserial
> * License : BSD
>   Programming Lang: Python
>   Description : serial port access library in Python
> 
> Long-Description:
>  This module encapsulates the access for the serial port. It provides
>  backends for Python running on Windows, OSX, Linux, BSD (possibly any
>  POSIX compliant system) and IronPython. The module named "serial"
>  automatically selects the appropriate backend.
> 
> This package is a dependency to src:python-pymeasure. It will be
> co-maintained by the Debian Science Team.
> 
Sounds like this duplicates the existing python-serial package.

Cheers,
Julien

Bug#863414: coyim FTBFS: xmpp: failed to verify TLS certificate: x509: certificate signed by unknown authority

[Chris Lamb]

Hi Sascha,

> Many thanks for taking care of this! I was unfortunately not able to
> respond to the bug in time due to traveling :/

No problem; and feel free to upload your own version now to avoid the
ickiness of having to incorporate an NMU into your packaging repo. :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#863414: coyim FTBFS: xmpp: failed to verify TLS certificate: x509: certificate signed by unknown authority

[Sascha Steinbiss]

Hi Chris,

[...]
> I've uploaded coyim 0.3.7-2.1 to DELAYED/5:

Many thanks for taking care of this! I was unfortunately not able to
respond to the bug in time due to traveling :/

Cheers
Sascha



signature.asc
Description: OpenPGP digital signature

Bug#863605: ITP: python-pyserial -- serial port access library in Python

[Ghislain Antony Vaillant]

Package: wnpp
Severity: wishlist
Owner: Ghislain Antony Vaillant 

* Package name: python-pyserial
  Version : 3.3
  Upstream Author : Chris Liechti 
* URL : https://github.com/pyserial/pyserial
* License : BSD
  Programming Lang: Python
  Description : serial port access library in Python

Long-Description:
 This module encapsulates the access for the serial port. It provides
 backends for Python running on Windows, OSX, Linux, BSD (possibly any
 POSIX compliant system) and IronPython. The module named "serial"
 automatically selects the appropriate backend.

This package is a dependency to src:python-pymeasure. It will be
co-maintained by the Debian Science Team.

Bug#861913: mariadb-client-10.1: trying to overwrite '/usr/bin/mytop', which is also in package mytop 1.9.1-4

[Ondřej Surý]

The old one uses "MySQL" name everywhere, the new one write "MariaDB"
everywhere.

So they are compatible, but it's kind of "Pope in Avignon" situation...

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Mon, May 29, 2017, at 10:15, Olaf van der Spek wrote:
> 2017-05-29 10:12 GMT+02:00 Ondřej Surý :
> > I am not sure about that. We still live in the strange dichotomy where
> > we consider that MySQL server might get installed from different
> > repository (or unstable) and the original "mytop" is meant to be used
> > with MySQL server (from Oracle).
> 
> Is the one included with mariadb not fully compatible with the other one?

Bug#863604: ITP: python-pymeasure -- scientific measurement library for Python

[Ghislain Antony Vaillant]

Package: wnpp
Severity: wishlist
Owner: Ghislain Antony Vaillant 

* Package name: python-pymeasure
  Version : 0.4.3
  Upstream Author : PyMeasure Developers
* URL : https://github.com/ralph-group/pymeasure
* License : Expat
  Programming Lang: Python
  Description : scientific measurement library for Python

Long-Description:
 PyMeasure makes scientific measurements easy to set up and run. The
 package contains a repository of instrument classes and a system for
 running experiment procedures, which provides graphical interfaces for
 graphing live data and managing queues of experiments. Both parts of the
 package are independent, and when combined provide all the necessary
 requirements for advanced measurements with only limited coding.

This package will be co-maintained by the Debian Science Team.

Bug#759492: File conflicts between /bin and /usr/bin

[Ferenc Wágner]

On Sat, 31 Dec 2016 23:33:13 -0800 Russ Allbery  wrote:

> + To support merged-/usr systems, packages must not
> + install files in both path

Is there a reason to omit the leading slash in this construct?  I think
I'd find /path more symmetric and thus easier to
follow.
-- 
Regards,
Feri

Bug#861913: mariadb-client-10.1: trying to overwrite '/usr/bin/mytop', which is also in package mytop 1.9.1-4

[Olaf van der Spek]

2017-05-29 10:12 GMT+02:00 Ondřej Surý :
> I am not sure about that. We still live in the strange dichotomy where
> we consider that MySQL server might get installed from different
> repository (or unstable) and the original "mytop" is meant to be used
> with MySQL server (from Oracle).

Is the one included with mariadb not fully compatible with the other one?

Bug#861913: mariadb-client-10.1: trying to overwrite '/usr/bin/mytop', which is also in package mytop 1.9.1-4

[Ondřej Surý]

I am not sure about that. We still live in the strange dichotomy where
we consider that MySQL server might get installed from different
repository (or unstable) and the original "mytop" is meant to be used
with MySQL server (from Oracle).

Maybe there should be some clear naming split in the future (like what
happened with libmariadb C library), but that would be a buster
material, because that would need:

1) walk through all the commands and replace all "my" and "mysql" with
"maria"
2) make a compatibility package on top of that that would decide what
command to use based on the default "MySQL" provider in the system

Definitely lot of careful work.

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Mon, May 29, 2017, at 10:04, Olaf van der Spek wrote:
> Thanks!
> 
> I was thinking, wouldn't it make sense to just update the original
> mytop package?
> 
> 2017-05-08 12:10 GMT+02:00 Ondřej Surý :
> > https://anonscm.debian.org/git/pkg-mysql/mariadb-10.1.git/commit/?id=2a17c70476de768f1e166b65f4a1b3865ac9757f
> >
> > --
> > Ondřej Surý 
> > Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> > Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
> > fast DNS(SEC) resolver
> > Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
> > pečení chleba všeho druhu
> >
> > On Mon, May 8, 2017, at 12:08, Olaf van der Spek wrote:
> >> 2017-05-08 11:42 GMT+02:00 Ondřej Surý :
> >> > Definitely, I am just building the fixed version. I did a cleanup of
> >> > upstream files not being installed in the last bigger mariadb update,
> >> > and I was just not aware mytop was already packaged. Sorry for the
> >> > troubles.
> >>
> >> Shouldn't it also declare a Replaces?
> 
> 
> 
> -- 
> Olaf

Bug#861913: mariadb-client-10.1: trying to overwrite '/usr/bin/mytop', which is also in package mytop 1.9.1-4

[Olaf van der Spek]

Thanks!

I was thinking, wouldn't it make sense to just update the original
mytop package?

2017-05-08 12:10 GMT+02:00 Ondřej Surý :
> https://anonscm.debian.org/git/pkg-mysql/mariadb-10.1.git/commit/?id=2a17c70476de768f1e166b65f4a1b3865ac9757f
>
> --
> Ondřej Surý 
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
> fast DNS(SEC) resolver
> Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
> pečení chleba všeho druhu
>
> On Mon, May 8, 2017, at 12:08, Olaf van der Spek wrote:
>> 2017-05-08 11:42 GMT+02:00 Ondřej Surý :
>> > Definitely, I am just building the fixed version. I did a cleanup of
>> > upstream files not being installed in the last bigger mariadb update,
>> > and I was just not aware mytop was already packaged. Sorry for the
>> > troubles.
>>
>> Shouldn't it also declare a Replaces?



-- 
Olaf

Bug#846548: marked as pending

[Julien Cristau]

On 05/29/2017 03:15 AM, Eric Dorland wrote:
> * Julien Cristau (jcris...@debian.org) wrote:
>> On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:
>>
>>> tag 846548 pending
>>> thanks
>>>
>>> Hello,
>>>
>>> Bug #846548 reported by you has been fixed in the Git repository. You can
>>> see the changelog below, and you can check the diff of the fix at:
>>>
>>> https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
>>>
>> So, erm.  This seems like it would break using libengine-pkcs11-openssl
>> in an application using libssl1.0.2.  As a SONAME bump it also seems
>> rather inappropriate during the freeze.
> 
> That's a good point. I was trying to provide an alternative to the
> broken NMU that was going to be uploaded, but yes this will break
> applications built against libssl1.0.2. It does fix using this with
> the openssl tool however.
> 
Right.

>> I'm very interested in having this fixed in stretch so I can get the
>> secure-boot stuff working on ftp-master, but this doesn't look like the
>> way to go.  Not to mention that you'd have to justify the bump from
>> 0.4.3 to 0.4.4.
>>
>> Can you explain your plans here?
> 
> As you suggested in your followup, the way forward would appear to be
> to upload a new libp11 source package that builds against
> libssl1.0.2. I can also backport all of the changes to 0.4.3 and
> upload to testing-proposed-updates. Does that sound reasonable?
> 
Having read through the 0.4.4 changes I think I'd be ok with getting
that in if you're confident.  I guess the other question is should
libp11-dev come from the openssl1.1-using package or the
openssl1.0.2-using one.  At this late stage I guess it's safer to stay
with 1.0.2, and have the libp11-openssl1.1 package (or however it's
called) only provide a libengine-pkcs11-openssl1.1 binary?

Cheers,
Julien

Bug#863179: apt: GPG errors on update and other operations

[Peter Miller]

Hi,


If you'd like to show me how I can use the gmail web interface to respond
inline and select what to quote, do go ahead. I really don't like to be
called names, especially when there is no basis for it.

Sorry, but I did miss the  stuff from David. But, all files in that
directory are -rw-r--r-- 1 root root and all files are GPG key files.

And:

stat /tmp
  File: /tmp
  Size: 4096Blocks: 8  IO Block: 4096   directory
Device: 10302h/66306d   Inode: 5373953 Links: 14
Access: (1777/drwxrwxrwt)  Uid: (0/root)   Gid: (0/root)
Access: 2017-05-24 20:21:01.468603835 +1000
Modify: 2017-05-29 17:45:53.533125958 +1000
Change: 2017-05-29 17:45:53.533125958 +1000
 Birth: -

So, it doesn't look like the issue?


Thanks, Pete

On 26 May 2017 at 19:51, Julian Andres Klode  wrote:

> On Fri, May 26, 2017 at 06:21:23PM +1000, Peter Miller wrote:
> > Julian,
> >
> > Sorry, but gmail does not allow me to reply inline, or to select what I
> > quote. I am using the only option I have.
>
> Yeah, right. No. That's a lie.
>
> >
> > I am not and did not ignore Frank's advice, which included a *count* of
> the
> > files in /etc/apt/trusted.gpg.d. That advice was followed and was a dead
> > end. Frank's advice was that the keys seem to be correct. There is a bug
> > somewhere in here, I just don't know where. I did not try to fix anything
> > from a clean install before this issue showed up.
>
> There is no Frank here, and nobody here gave you an advice to count
> files.
>
> >
> > I do appreciate you responding to me, but it's really not helping that we
> > seem to be talking at cross purposes. I am not a Debian dev, but do have
> a
> > technical background. So, I have tried my best to listen to advice, and
> to
> > do what research I can.  I am happy to follow any clear instruction, and
> > would really like not to have to reinstall the operating system to fix
> what
> > appears to be a simple problem. I understand I am using Testing, but
> there
> > must be a way out of here.
>
> David gave you very clear instructions (and I quoted them twice for you)
>
> 1. run ls -lh on all files in trusted.gpg.d to figure out permissions
> 2. run file on all files to check that they are all valid GPG public
>key files
> 3. And run a stat on /tmp to check if your system is not messed up there.
>
> You have followed *none* of the instructions, so I get the feeling
> you are just here to troll. So this is your last chance, after that
> I'll ignore you and ask for you to be banned or something.
>
> And one last time, the original quote from David:
>
> > > > > > On 23 May 2017 at 21:35, David Kalnischkies <
> da...@kalnischkies.de>
> > > > > wrote:
> > > > > > > Julian was asking basically for running both:
> > > > > > > ls -l /etc/apt/trusted.gpg{,.d}
> > > > > > > file /etc/apt/trusted.gpg{,.d/*}
> > > > > > >
> > > > > > > As he thinks it might be a permission/wrong-file-in-there
> problem,
> > > > > which
> > > > > > > is the most likely cause… I would add a "stat /tmp" as I have
> seen
> > > it
> > > > > > > a few times by now that people had very strange permissions on
> /tmp
> > > > > > > – all of which usually caused by "fixing" some problem earlier…
>
> --
> Debian Developer - deb.li/jak | jak-linux.org - free software dev
>   |  Ubuntu Core Developer |
> When replying, only quote what is necessary, and write each reply
> directly below the part(s) it pertains to ('inline').  Thank you.
>

Bug#863603: bluez: a2dp not working

[gregory bahde]

Package: bluez
Version: 5.43-2
Severity: normal
Tags: upstream

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
I acquired a JBL Go bluetooth speaker.
It works only in headsetmode on one of my computers (both running stetch, the
other one is running this speaker wih a2dp fine)

I tried different dongles (different chips) and they all don't allow me to use
a2dp, only HSP  with this speaker.

I own another bluetooth device and it connects with a2dp fine.


journalctl gives me this:

mai 29 09:42:11 GoonieB gnome-settings-[1856]: Unable to get default sink
mai 29 09:42:11 GoonieB gnome-settings-[1856]: gvc_mixer_card_get_index:
assertion 'GVC_IS_MIXER_CARD (card)' failed
mai 29 09:42:11 GoonieB gnome-settings-[1856]: gvc_mixer_card_get_index:
assertion 'GVC_IS_MIXER_CARD (card)' failed
mai 29 09:42:11 GoonieB gnome-shell[1727]: gvc_mixer_card_get_index: assertion
'GVC_IS_MIXER_CARD (card)' failed
mai 29 09:42:11 GoonieB gnome-shell[1727]: gvc_mixer_card_get_index: assertion
'GVC_IS_MIXER_CARD (card)' failed



AND THEN

kernel: Bluetooth: hci0 SCO packet for unknown connection handle 71
mai 29 09:42:16 GoonieB gnome-control-c[6529]: Device did not have an
appropriate card
mai 29 09:42:16 GoonieB gnome-control-c[6529]: gvc_mixer_card_get_index:
assertion 'GVC_IS_MIXER_CARD (card)' failed
mai 29 09:42:21 GoonieB pulseaudio[2950]: [pulseaudio] module-bluez5-device.c:
Refused to switch profile to a2dp_sink: Not connected



   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Tried all the fix for such bug shown on the internet

   * What was the outcome of this action?

unsuccessful



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (502, 'testing'), (500, 'testing-proposed-updates'), (500, 
'stable'), (10, 'experimental'), (10, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bluez depends on:
ii  dbus 1.10.18-1
ii  init-system-helpers  1.48
ii  kmod 23-2
ii  libc62.24-10
ii  libdbus-1-3  1.10.18-1
ii  libglib2.0-0 2.50.3-2
ii  libreadline7 7.0-3
ii  libudev1 232-23
ii  lsb-base 9.20161125
ii  udev 232-23

bluez recommends no packages.

Versions of packages bluez suggests:
ii  pulseaudio-module-bluetooth  10.0-1

-- debconf-show failed

Bug#863276: nvidia-driver: nvidia fails to initialize Xorg with linux-image-4.9.0-0.bpo.3-amd64

[Hugo Sepulveda]

Op 28-05-17 om 14:18 schreef Luca Boccassi:
> On Fri, 2017-05-26 at 13:37 +0200, Hugo Sepulveda wrote:
>> I've isolated the problem, it seems the DisplayPort does not get
>> initialized. Have no other OS to test this behaviour, not a
>> replacement
>> GPU card. However i really doubt the displayport just "died" on me,
>> neither is the error caused by hardware failure of the screen itself.
>>
>> Admitted, it's a luxury problem (i cna still work with 2 display's
>> connected to the DVI ports), but it used to work fine with 3, now
>> it's
>> all fubar, and X is tripping.
>>
>> Maybe that helps. If you need any additional info, i'm happy to
>> provide it.
> If 375.66 fixes the problem, it might be just your lucky day!
>
> CVEs have been revealed and they are fixed by that version, so I have
> now uploaded it to unstable. Due to the security implications I've
> requested the release team to allow it to migrate to testing as well,
> and after that happens we will upload to jessie-backports too.
>
> It will take a few days to a couple of weeks to happen.
>
> Kind regards,
> Luca Boccassi
That would be really wonderful! Great way to start of a monday.
Thank you again for your efforts, I'll get back on this issue after the
new version has been released on backports to give a status update.


With kind regards,

Hugo

Bug#863602: nginx: Restart should check conf files before stopping service

[Olaf van der Spek]

Subject: nginx: Restart should check conf files before stopping service
Package: nginx
Version: 1.10.3-1
Severity: normal

Dear Maintainer,

1. A conf file was edited, a bug was inserted but it wasn't loaded.
2. A (letsencrypt) script invoked a service restart (maybe it
shouldn't), but the service didn't come backup due to the bug in the
conf file.

I think the conf files should be checked in restart before the old
service is stopped.
Perhaps even better, but I'm not sure if systemd and nginx supports
this, would be for the new instance to be fully started before the old
one is stopped.

Gr,

Olaf

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nginx depends on:
ii  nginx-full  1.10.3-1

nginx recommends no packages.

nginx suggests no packages.

-- no debconf information

Bug#792552: [pkg-cryptsetup-devel] Bug#792552: still doesn't continue shutdown process

[Guilhem Moulin]

On Sun, 28 May 2017 at 23:41:56 +0200, Pali Rohár wrote:
> On Sunday 28 May 2017 21:26:53 Guilhem Moulin wrote:
>> which as I explained in message #86 is due to /etc/init.d/sendsigs
>> killing systemd-udevd at shutdown/reboot time, thereby causing
>> dmsetup to hang.
> 
> And removing remaining socket file /run/udev/control before invoking 
> cryptsetup fixes hanging.

The udev regression might affect other shutdown sequences so I don't
think the workaround should be implemented in cryptsetup's init scripts.

>> The udev/systemd maintainers have fixed #791944,
>> but their fix probably didn't land into Stretch yet.
> 
> Seems it is not in Stretch yet: 
> http://metadata.ftp-master.debian.org/changelogs/main/s/systemd/systemd_232-23_changelog
> 
> Should I create release bug report for Stretch? This seems to be a big 
> problem if shutdown/reboot procedure hangs when using encrypted disk.

Not sure if the fix can be easily backported to 232-xyz, perhaps you
should follow-up on #791944 and ask there first?  Even if the udev
maintainers don't acknowledge the severity they're in a better position
to determine whether the workaround should go to our init scripts or
not.

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#863601: systemd-notify doesn't work because of race condition

[Андрей Доценко]

Package: systemd
Version: 232

I used unit-file with options below:

Type=notify
NotifyAccess=all

Command `systemd-notify --ready` worked only once. All other times it did
nothing. Service was killed by systemd after timeout. systemd-notify
returned zero code (success). No error was reported.

Workaround script I used to solve the issue:

inport systemd.daemon;
systemd.daemon.notify('READY=1')

Another bug report might describe the same issue:
https://bugzilla.redhat.com/show_bug.cgi?id=982376
But in my case everything works without any sleeps.

I use Debian 9 Stretch.

Bug#863578: Initial upload to experimental should probably still merge history

[Sean Whitton]

On Sun, May 28, 2017 at 03:26:09PM -0700, Russ Allbery wrote:

> Oh, hm.  I actually think the second is better, isn't it?  Since it allows
> anyone who had cloned dgit's representation of 3.9.8.0 to update cleanly
> to the current dgit tree.

H.  Now I'm quite confused with the --deliberately-not-fast-forward
trick works at all, as it should always be possible for such a user to
update cleanly.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#863596: mytop can't installed

[Adrian Bunk]

On Mon, May 29, 2017 at 05:38:38AM +0200, Jörg Frings-Fürst wrote:
> Package: mytop
> Version: 1.9.1-4
> Severity: grave
> 
> Hi,
> 
> with the last mariadb upgrade I get:
> 
> ~ > apt-get install mytop
> Paketlisten werden gelesen... Fertig
> Abhängigkeitsbaum wird aufgebaut.
> Statusinformationen werden eingelesen Fertig
> Einige Pakete konnten nicht installiert werden. Das kann bedeuten, dass
> Sie eine unmögliche Situation angefordert haben oder, wenn Sie die
> Unstable-Distribution verwenden, dass einige erforderliche Pakete noch
> nicht erstellt wurden oder Incoming noch nicht verlassen haben.
> Die folgenden Informationen helfen Ihnen vielleicht, die Situation zu lösen:
> 
> Die folgenden Pakete haben unerfüllte Abhängigkeiten:
>  mariadb-client-10.1 : Kollidiert mit: mytop aber 1.9.1-4 soll installiert
> werden
> E: Fehler: Unterbrechungen durch pkgProblemResolver::Resolve hervorgerufen;
> dies könnte durch zurückgehaltene Pakete verursacht worden sein.

Thanks for your report.

mytop is now part of mariadb-client-10.1, therefore the mytop package 
doesn't seem to make much sense in stretch.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#862838: rockdodger: Please explain Software failure, Guru meditation in the man page

[Pararaum]

Hi!

The requested fix

> If (a), then the errors should be more descriptive, if (b), please
mention this
> is a feature in the man page.

has been added to the development of rockdodger. A patch is attached to
this email.

Ciao,
Robert diff -r 6f4d2c79329b rockdodger.6
--- a/rockdodger.6	Fri Jul 31 21:34:40 2015 +0200
+++ b/rockdodger.6	Mon May 29 08:49:29 2017 +0200
@@ -1,5 +1,5 @@
 .\"  Hey, EMACS: -*- nroff -*-
-.TH ROCKDODGER 6 "Sep 4, 2014"
+.TH ROCKDODGER 6 "May 29, 2017"
 .\" Please adjust this date whenever revising the manpage.
 .\"
 .\" Some roff macros, for reference:
@@ -45,6 +45,15 @@
 .TP
 .B Esc
 Quit game.
+
+.SH GURU MEDITATION (Errors)
+Error messages (aka software failures) are usually reported by a so
+called "guru meditation". The guru meditation will be displayed in the
+top of the screen in a blinking border. If this happens please send in
+a bug report and provide the colour of the border (red, yellow, green,
+blue) and the two hex numbers after the hash ('#'). This will help
+greatly in locating the failure.
+
 .SH OPTIONS
 .TP
 .B \-h

Bug#862992: systemd: avoid attempt to re-create /etc/mtab by systemd-tmpfiles-setup.service

[Martin Pitt]

Hello Maximilian,

Maximilian Stein [2017-05-28 22:12 +0200]:
> I tried it again and apparently, /etc/mtab was actually created by FAI,
> not by debootstrap, sorry for the confusion. But maybe it would be an
> idea to create it by debootstrap to avoid its creation on the first boot?

Please let's not. /etc/mtab is a thing of the past, and nothing should use it
any more. util-linux had been the primary reason for still having it in jessie,
but in testing util-linux, systemd, udisks, etc. completely ignore that file
(aside from the backwards compat jobs to create it if not present).

After wheezy's release I would rather drop the /etc/mtab creation bit from
systemd, and FAI should do the same.

Martin


signature.asc
Description: PGP signature

Bug#863412: Acknowledgement (xca uses PRINTABLESTRING by default, ignoring RFC 2459)

[Harald Dunkel]

PS: Obviously RFC 5280 (the successor of RFC 2459) is not that
precise about using UTF8 or PRINTABLESTRING anymore.

Sorry for the noise
Harri

Bug#863595: gnome-control-center: Can't save configuration if 'Use this connection only for resource on its network' is checked

[Jason Crain]

Control: forwarded -1 https://bugzilla.gnome.org/708500

On Sun, May 28, 2017 at 11:05:44PM -0400, Fabian Inostroza wrote:
> Manually configuring a network interface and checking the option 'Use this 
> connection only for 
> resources on its network' doesn't allow to save it, the Apply button is 
> grayed out.

The Apply button is grayed out whenever an invalid configuration is
detected.  In this case, the invalid configuration is because you both
specified a gateway through manual configuration and checked the 'only
for resources on its network' aka 'never default' box.  Instead, you
should use '0.0.0.0' or '::' for the gateway field if you really want to
use the 'never default' box.

In version 3.24 the dialog is changed to allow the gateway to be left
blank, which should make this less confusing in the future.