Bug#879046: osm-gps-map: don't build-depend on python-gobject-dev

[Sebastiaan Couwenberg]

Control: tags -1 pending

Hi Emilio,

Thanks for the patch, I've applied it in git. A new upload to unstable
will follow soon.

Sorry for not applying your patch sooner, I had expected Ross to take
care of this issue, but apparently he's busy.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#882200: transition: sox

[Jaromír Mikeš]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi,
new upstream release of sox bumps SONAME, so we need transition.

Direct reverse dependencies are:

bs1770gain
daisy-player
ebook-speaker
freedv
imagination
mlt

All packages above I tested to build with new sox and they build fine except
bs1770gain and freedv
bs1770gain failed with error ...
WARNING: 'aclocal-1.14' is missing on your system.
so not issue related to sox
freedv failed with error ...
./Build/src/./src/sox_biquad.c:101: undefined reference to `lsx_biquad_flow'
so some patch will be needed here

I will fill a bug aganst these packages (bs1770gain freedv)

best regards

mira

Bug#880474: redis-server: Unknown lvalue 'RunTimeDirectory' in section 'Service'

[Chris Lamb]

Hi,

Sorry for replying earlier but I seemingly did not receive this bug report by 
mail and have just seen it via my QA page.

> redis-server: Unknown lvalue 'RunTimeDirectory' in section 'Service'

Hm, so this was added for #846350. Not quite clear what I should have
done - clearly a "Depends" would be wrong, but "Breaks" doesn't seem
that sensible either..

Is this actually causing a problem? If not, I'm not sure what we can
do here; it seems far too minor for a point release update.


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#881287: python-daiquiri: Add python2 support

[Chris Lamb]

Chris Lamb wrote:

> Alas your patch doesn't seem to work properly here:

[..]

Gentle ping on this? :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#882201: Source files are included in the package file

[Piotr Jurkiewicz]

Package: borgbackup
Version: 1.1.2-3

Source files *.{c,h,pyx} and directories are included in the .deb 
package file, what inflates Installed Size approximately 6 times.

Bug#870635: [Pkg-mutt-maintainers] Bug#870635: mutt package is not using the official mutt tarball

[Antonio Radici]

On Fri, Nov 17, 2017 at 04:46:21PM +, Jonathan Dowland wrote:
> debian-de...@lists.debian.org
> Bcc: Subject: Re: Bug#870635: mutt package is not using the official mutt
> tarball
> Reply-To: In-Reply-To: <2017074105.iz5bje4kgkl3q...@cherubino.dyne.org>
> 
> CCing -devel because I think this might be of wider interest.

I believe you haven't CC'd -devel but feel free to forward your response and my
response to the -devel list, I only hit 'g' in mutt and ended up replying to the
original To/CC

Bug#870635: mutt package is not using the official mutt tarball

[Antonio Radici]

On Fri, Nov 17, 2017 at 04:46:21PM +, Jonathan Dowland wrote:
> debian-de...@lists.debian.org
> Bcc: Subject: Re: Bug#870635: mutt package is not using the official mutt
> tarball
> Reply-To: In-Reply-To: <2017074105.iz5bje4kgkl3q...@cherubino.dyne.org>
> 
> CCing -devel because I think this might be of wider interest.

[...]
> Firstly, the existing package is neomutt, but called mutt. So the
> existing package users are neomutt users, and the existing reported bugs
> are bugs in neomutt. (The wisdom of having moved the package *to*
> neomutt at this point is irrelevant, because it has happened whether we
> like it or not.) If you are suggesting that the package name "mutt" is
> going to be real "mutt" in future, then what happens to existing
> users? What are their expectations? Do you reassign all existing bugs to
> a new neomutt package name? Do you attempt to triage all bugs to figure
> out whether they apply to one, the other, or both? Would users who are
> using neomutt features not find the change to be a regression from their
> point of view?

I think this is the most problematic point and one of the reason against having
a mutt package that is not a transitional package, despite that I still believe
that we need a 'neomutt' package, this need was raised by the mutt maintainer,
we cannot continue to distribute something called mutt where the source code
comes from another package, which is now completely different.

To provide more context: initially we shipped neomutt as a patch on the top of
the original mutt source code, then at some stage the neomutt team (it is in
thei right) to format their code in a consistent way across all files, so the
neomutt patch became bigger than the mutt source code, which is why I switched
to the neomutt tarball. That was the first and last upload with the neomutt
tarball (also the last upload for neomutt).

The original mutt maintainer raised the point that we cannot call the mutt
package as 'mutt' if the source comes from another package, especially since he
disagrees with some technical choices of the other package, so I think his
reasoning is correct.

> Secondly, is there a need for both mutt and neomutt in Debian? Our
> mission is not to package every piece of software on earth, but to build
> a useful operating system. Is there sufficient distinction between the
> two, from a user's perspective, that there is a genuine need for both in
> the archive? (Of course, the distinction is very important for the
> authors of the software. But that's not the same thing.) For enough
> users to justify the work? I've been a daily mutt (and now neomutt) user
> in Debian for nearly 20 years, and I don't think there is.

In an ideal world yes, in a real world where the maintenance is done by humans
probably not

 
> Thirdly, let's look honestly at how well the existing package maintenance
> is working. This particular issue was raise in late June[1], and you
> said at the time that'd you have come up with a transition plan within a
> couple of weeks[2]. For my pet neomutt bug[3] (which coincidentally I
> reported at around the same time) you expected to have the patch applied
> shortly, possibly even within a week[4], but it remains unfixed.

Unfortunately some non-Debian related commitments trumped my plans; yes I could
have uploaded bugfixes as I did in the past but I made a commitment to Kevin
(original mutt maintainer) to solve the source code issue first. Unfortunately
no easy solution is in sight, so for the benefit of the users I think that it is
better to have mutt as transational package + neomutt.

> I am not trying to criticise your personal contributions to Debian. We
> are all volunteers, and we all do what we can and nobody should expect
> more from us than we are prepared or able to give. I am extremely
> grateful for the work you have done and continue to do. But I think it's
> important to communicate as realistically as possible what we are able
> to do. I am very guilty of getting this wrong, and over-promising and
> under-delivering for my own efforts in Debian. I simply wish to point
> out that the existing Mutt packaging team appears to be stretched. It
> seems to me that having two mutt packages to manage is only going to
> make this situation much worse.

The existing Mutt packaging team it's just me for some time now, I had a similar
slow period in the past (I was the only maintainer at the time) and we ended up
with the decision of switching to neomutt, decision which I'm still trying to
sort out years later. I'm not trying to blame anyone here, I think who
contributed at the time did a fantastic work; the fact remains that the current
situation is not good for the maintainer of the upstream mutt package and it
needs to be fixed.

Thanks a lot for your feedback, it is very valuable. My last commitment, which
in theory should work, is to fix this situation before the end of the month. I
know that at this point in time this is '10 days from 

Bug#882191: ktuberling: file conflict with kde-l10n-ptbr: /usr/share/doc/HTML/pt_BR/ktuberling/index.cache.bz2

[Pino Toscano]

reassign 882191 src:kde-l10n kde-l10n/4:16.04.3-3
thanks

In data lunedì 20 novembre 2017 03:53:49 CET, Andreas Beckmann ha scritto:
> I'm filing only this one bug (because ktuberling is the only
> package with a -2 revision and a changelog entry pointing
> into the Breaks+Replaces direction),
> but the problem affects many packages uploaded yesterday:
> 
> ark=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3
> blinken=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3
> bomber=4:17.08.3-1kde-l10n-ptbr=4:16.04.3-3
> bovo=4:17.08.3-1  kde-l10n-ptbr=4:16.04.3-3
> filelight=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
> granatier=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
> kapman=4:17.08.3-1kde-l10n-ptbr=4:16.04.3-3
> katomic=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3
> kblackbox=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
> kblocks=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3
> kbounce=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3
> kbreakout=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
> 
> kde-l10n-ptbr=4:16.04.3-3   kdiamond=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   kfourinline=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   khangman=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   killbots=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   kiriki=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   kjumpingcube=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   klettres-data=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   klickety=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   klines=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   kmahjongg=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   kmines=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   knavalbattle=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   knetwalk=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   kollision=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   kpat=4:17.08.3-2
> kde-l10n-ptbr=4:16.04.3-3   kshisen=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   ksquares=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   ksystemlog=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   kteatime=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   ktuberling=4:17.08.3-2
> kde-l10n-ptbr=4:16.04.3-3   lokalize=4:17.08.3-1
> kde-l10n-ptbr=4:16.04.3-3   picmi=4:17.08.3-1
> 
> kde-l10n-sr=4:16.04.3-3   lokalize=4:17.08.3-1

Sigh... OK, let's move this bug to kde-l10n, no point it staying as a
ktuberling bug.  I'll fix kde-l10n and the other affected packages
tonight.

-- 
Pino Toscano

signature.asc
Description: This is a digitally signed message part.

Bug#873877: jessie-pu: package flightgear/3.0.0-5+deb8u3

[Markus Wanner]

On 11/19/2017 11:47 PM, Adam D. Barratt wrote:
> Technically it had only been accepted into oldstable-new. I've just
> flagged it for acceptance into opu.

Ah, I didn't fully parse the subject, and the body of the "...change
ACCEPTED into" only said:

> Mapping jessie to oldstable.
> Mapping oldstable to oldstable-proposed-updates.

Thank you for clarification and for taking care.

Kind Regards

Markus Wanner

Bug#882196: ssh: apt-get install ssh broken for i386

[Adam D. Barratt]

On Mon, 2017-11-20 at 05:43 +0100, Daniel Reichelt wrote:
> Package: ssh
> Version: 1:6.7p1-5+deb8u4
> Severity: normal
> 
> Hi,
> 
> on a pure-jessie-vm `apt-get install ssh` currently fails with:

"pure-jessie" has no way of knowing that the packages you refer to 
exist. You must have added jessie-proposed-updates to the sources.list.

> --8<
> # apt-get install ssh
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> 
> The following packages have unmet dependencies:
>  ssh : Depends: openssh-client (>= 1:6.7p1-5+deb8u4) but 1:6.7p1-
> 5+deb8u3 is to be installed
> Depends: openssh-server (>= 1:6.7p1-5+deb8u4) but 1:6.7p1-
> 5+deb8u3 is to be installed
>   E: Unable to correct problems, you have held broken packages.
> 
> -->8
> 
> 
> I suspect this stems from yesterday's upload [1] containing only
> .debs for
> amd64 and the ssh_6.7p1-5+deb8u4_all.deb, the latter depending on
> currently
> unavailable openssh-(client|server)_6.7p1-5+deb8u4_i386.deb...
> 
> In fact I suspect `apt-get install ssh` on jessie currently would
> fail on ANY arch except amd64.

No.

It might well fail on a machine with jessie-proposed-updates in the
sources.list, but that's to be expected sometimes, as the arch:all
packages will often be available before those of some architectures
where the binary packages are built on the buildds.

Regards,

Adam

Bug#882199: pon: Bash completion for pon not working.

[kirill]

Package: ppp
Version: 2.4.7-1+4
Severity: normal

Dear Maintainer,

After upgrading to debian stretch no more completion for pon command when 
pressing tab.

-- System Information:
Debian Release: 9.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), 
LANGUAGE=ru_RU:ru (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ppp depends on:
ii  init-system-helpers  1.48
ii  libc62.24-11+deb9u1
ii  libpam-modules   1.1.8-3.6
ii  libpam-runtime   1.1.8-3.6
ii  libpam0g 1.1.8-3.6
ii  libpcap0.8   1.8.1-3
ii  lsb-base 9.20161125
ii  procps   2:3.3.12-3

ppp recommends no packages.

ppp suggests no packages.

-- no debconf information

Bug#881859: Updating the libwebp Uploaders list

[Jeff Breidenbach]

okay.

Bug#881749: redmine: creates world-writable tempdir /tmp/bundler/home

[duck]

Control: reassign -1 ruby-bundler
Control: tags -1 + security


Quack,

This repository is created by bundler, and there is no code in the 
redmine package specifying this repository, so this is using the default 
Bundler behavior.


In fact someone already reported about this directory being created and 
left over in #796383, without seeing the security implications.


Also I looked into the code and in /usr/lib/ruby/vendor_ruby/bundler.rb 
you can read the 'tmp_home_path' method:

  path = Pathname.new(Dir.tmpdir).join("bundler", "home")
  SharedHelpers.filesystem_access(path) do |tmp_home_path|
unless tmp_home_path.exist?
  tmp_home_path.mkpath
  tmp_home_path.chmod(0o777)

This is really horrible and I wonder how it was not found out earlier.

Anyway, reassigning and thanks for findind this out.
\_o<

--
Marc Dequènes

Bug#878809: closed by Jaromír Mikeš <mira.mi...@seznam.cz> (Bug#878809: fixed in sox 14.4.2-1)

[Salvatore Bonaccorso]

Source: sox
Source-Version: 14.4.2-1

Hi Jaromir,

On Sun, Nov 19, 2017 at 10:23:01PM +0100, Jaromír Mikeš wrote:
> 2017-11-19 21:11 GMT+01:00 Salvatore Bonaccorso :
> 
> > Control: reopen -1
> > Control: found -1 14.4.1-5
> > Control: found -1 14.4.2-1
> > Control: tags -1 + moreinfo
> >
> > Hi Jaromir,
> >
> > Are you sure #878809 is yet fixed?
> >
> > With the patches applied on top of 14.4.2 we see still that sox aborts
> > with:
> >
> > $ ./sox-14.4.2/src/sox 03-abort out.wav
> > sox: formats.c:227: sox_append_comment: Assertion `comment' failed.
> > Aborted
> >
> > So the assertion is still reachable, so at least
> > 0005-CVE-2017-15371.patch did not solve the problem?
> >
> > What am I missing here? Note, I'm just reopening the bug as
> > safetymeasure to double-check. If I turn to be wrong (likely) we can
> > reclose it, but I wanted to be sure.
> >
> 
> ​Hi Salvatore,
> 
> can you provide some more details please. Upstream developers claims that
> issue should be solved
> by 0005-CVE-2017-15371.patch

sure, but all I have is basically the above with the poc attached in
the initial message. But I just reverified and I got probably an error
in my initial retest.

The assertion is not reached anymore with the experimental version:

$ sox --version
sox:  SoX v14.4.2
$ sox 03-abort out.vaw
sox FAIL formats: can't open input file `03-abort': FLAC ERROR whilst decoding 
metadata

Regards,
Salvatore

Bug#882198: symmetrica FTCBFS: fails running tests despite DEB_BUILD_OPTIONS=nocheck

[Helmut Grohne]

Source: symmetrica
Version: 2.0+ds-4
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

symmetrica fails to cross build from source, because it fails running
tests. Those should have been disabled by DEB_BUILD_OPTIONS=nocheck,
because they usually fail with an "Exec format error", but symmetrica
runs (and fails) them anyway. After honouring the nocheck flag, it cross
builds successfully. Please consider applying the attached patch.

Helmut
diff --minimal -Nru symmetrica-2.0+ds/debian/changelog 
symmetrica-2.0+ds/debian/changelog
--- symmetrica-2.0+ds/debian/changelog  2016-05-16 01:25:36.0 +0200
+++ symmetrica-2.0+ds/debian/changelog  2017-11-19 21:35:03.0 +0100
@@ -1,3 +1,10 @@
+symmetrica (2.0+ds-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Honour DEB_BUILD_OPTIONS=nocheck. (Closes: #-1)
+
+ -- Helmut Grohne   Sun, 19 Nov 2017 21:35:03 +0100
+
 symmetrica (2.0+ds-4) unstable; urgency=medium
 
   * Debianization:
diff --minimal -Nru symmetrica-2.0+ds/debian/rules 
symmetrica-2.0+ds/debian/rules
--- symmetrica-2.0+ds/debian/rules  2016-05-16 01:25:36.0 +0200
+++ symmetrica-2.0+ds/debian/rules  2017-11-19 21:35:03.0 +0100
@@ -10,8 +10,10 @@
 
 override_dh_auto_build-indep:
 
+ifeq ($(filter nocheck,$(DEB_BUILD_OPTIONS)),)
 override_dh_auto_test-arch:
$(MAKE) check
+endif
 
 override_dh_auto_test-indep:
 

Bug#661005: Final Notice ayTARC

[Sandra Morris]

  
  
  
Please don’t send anymore emails. Thank u very much!   
  
  
  

  
  

  
  
>   
> On Nov 19, 2017 at 12:48 PM,  <11 last chance (mailto:ow...@bugs.debian.org)> 
>  wrote:
>   
>   
> 
> hello Dear!
>   
>  Welcome to Amazon Final Notice For Amazon Rewards
>   
>  NewPost: 50usd AmazonOffer here
>   
>  30 seconds to a 50usdReward! Sandra. Click here to get started 
> (http://sofresh.picodi.com/c/guyo7h8gc4/zz52w3jv7j/)   
>   
>   
>  You may unsubscribe at any time.  Unsubscribe 
> (http://sofresh.picodi.com/c/hylsq7rc9u/zz52w3jv7j/)
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>  Your message dated Sun, 19 Nov 2017 18:45:33 +0100 with message-id and 
> subject line Re: python-cairo: ImageSurface.write_to_png() transparency fails 
> has caused the Debian Bug report #661005, regarding python-cairo: 
> ImageSurface.write_to_png() transparency fails to be marked as done. This 
> means that you claim that the problem has been dealt with. If this is not the 
> case it is now your responsibility to reopen the Bug report if necessary, 
> and/or fix the problem forthwith. (NB: If you are a system administrator and 
> have no idea what this message is talking about, this may indicate a serious 
> mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org 
> immediately.) -- 661005: 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661005 Debian Bug Tracking 
> System Contact ow...@bugs.debian.org with problems  

Bug#882197: stretch-pu: package variety/0.6.3-5+deb9u1

[James Lu]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Team,

I've prepared an update for Variety to fix some shell injection bugs caused by
crafted filenames. These fixes are backported from the 0.6.6 release which is
currently in unstable.

The debdiff is attached, and the full changelog is below:

variety (0.6.3-5+deb9u1) stretch; urgency=medium

  * Backport various security fixes from Variety 0.6.6:
- Fix shell injection on deleting files to trash, from upstream commit
https://github.com/varietywalls/variety/commit/475a5e076b9c8c7c83176214f84455dc78834723
- Fix shell injection in filter and clock with specially crafted
  filenames; upstream commit
https://github.com/varietywalls/variety/commit/65722237baa996b0ef2389cea693bfeeba62b224
- Harden ImageMagick calls against potential shell injection:
https://github.com/varietywalls/variety/commit/a7c134ecd494bb878c73df9f65cb838dbb57413a

Best,
James

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500,
'testing'), (450, 'unstable'), (101, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8),
LANGUAGE=en_CA.utf8 (charmap=UTF-8)
diff -Nru variety-0.6.3/debian/changelog variety-0.6.3/debian/changelog
--- variety-0.6.3/debian/changelog  2017-05-06 16:43:32.0 -0700
+++ variety-0.6.3/debian/changelog  2017-11-14 12:42:11.0 -0800
@@ -1,3 +1,16 @@
+variety (0.6.3-5+deb9u1) stretch; urgency=medium
+
+  * Backport various security fixes from Variety 0.6.6:
+- Fix shell injection on deleting files to trash, from upstream commit
+  
https://github.com/varietywalls/variety/commit/475a5e076b9c8c7c83176214f84455dc78834723
+- Fix shell injection in filter and clock with specially crafted
+  filenames; upstream commit
+  
https://github.com/varietywalls/variety/commit/65722237baa996b0ef2389cea693bfeeba62b224
+- Harden ImageMagick calls against potential shell injection:
+  
https://github.com/varietywalls/variety/commit/a7c134ecd494bb878c73df9f65cb838dbb57413a
+
+ -- James Lu   Tue, 14 Nov 2017 12:42:11 -0800
+
 variety (0.6.3-5) unstable; urgency=medium
 
   * Add fix-autoscroll-high-cpu.patch backported from upstream Bzr revision
diff -Nru 
variety-0.6.3/debian/patches/0001-Fix-shell-injection-on-deleting-to-trash-via-special.patch
 
variety-0.6.3/debian/patches/0001-Fix-shell-injection-on-deleting-to-trash-via-special.patch
--- 
variety-0.6.3/debian/patches/0001-Fix-shell-injection-on-deleting-to-trash-via-special.patch
1969-12-31 16:00:00.0 -0800
+++ 
variety-0.6.3/debian/patches/0001-Fix-shell-injection-on-deleting-to-trash-via-special.patch
2017-11-14 12:42:11.0 -0800
@@ -0,0 +1,65 @@
+From 475a5e076b9c8c7c83176214f84455dc78834723 Mon Sep 17 00:00:00 2001
+From: James Lu 
+Date: Sun, 10 Sep 2017 10:39:13 -0700
+Subject: [PATCH 1/3] Fix shell injection on deleting to trash via specially
+ crafted filenames
+
+Rewrite this code in subprocess.call (which doesn't spawn a shell by default), 
and explicitly check whether trash programs are installed before running them.
+---
+ variety/VarietyWindow.py | 31 +--
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/variety/VarietyWindow.py b/variety/VarietyWindow.py
+index b99cd1a..c9bb770 100644
+--- a/variety/VarietyWindow.py
 b/variety/VarietyWindow.py
+@@ -43,6 +43,10 @@ import urlparse
+ import webbrowser
+ from PIL import Image as PILImage
+ 
++# Replacement for shutil.which, which (no pun intended) only exists on Python 
3.3+
++# unless we want another 3rd party dependency.
++from distutils.spawn import find_executable
++
+ random.seed()
+ logger = logging.getLogger('variety')
+ 
+@@ -1721,14 +1725,29 @@ class VarietyWindow(Gtk.Window):
+ def _go():
+ self.smart.report_file(file, 'trash', async=False)
+ 
+-command = 'gvfs-trash "%s" || trash-put "%s" || kfmclient 
move "%s" trash:/' % (file, file, file)
+-logger.info(lambda: "Running trash command %s" % command)
+-result = os.system(command.encode('utf8'))
+-if result != 0:
+-logger.error(lambda: "Trash resulted in error code 
%d" % result)
++command = ''
++if find_executable('gvfs-trash'):
++command = ['gvfs-trash', file.encode('utf-8')]
++elif find_executable('trash-put'):
++command = ['trash-put', file.encode('utf-8')]
++elif find_executable('kfmclient'):
++command 

Bug#882196: ssh: apt-get install ssh broken for i386

[Daniel Reichelt]

Package: ssh
Version: 1:6.7p1-5+deb8u4
Severity: normal

Hi,

on a pure-jessie-vm `apt-get install ssh` currently fails with:
--8<
# apt-get install ssh
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 ssh : Depends: openssh-client (>= 1:6.7p1-5+deb8u4) but 1:6.7p1-5+deb8u3 is to 
be installed
Depends: openssh-server (>= 1:6.7p1-5+deb8u4) but 1:6.7p1-5+deb8u3 is 
to be installed
E: Unable to correct problems, you have held broken packages.

-->8


I suspect this stems from yesterday's upload [1] containing only .debs for
amd64 and the ssh_6.7p1-5+deb8u4_all.deb, the latter depending on currently
unavailable openssh-(client|server)_6.7p1-5+deb8u4_i386.deb...

In fact I suspect `apt-get install ssh` on jessie currently would fail on ANY
arch except amd64.


Cheers
Daniel


[1] https://packages.qa.debian.org/o/openssh/news/20171119T224745Z.html



-- System Information:
Debian Release: 8.9
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages ssh depends on:
ii  dpkg1.17.27
ii  openssh-client  1:6.7p1-5+deb8u3
ii  openssh-server  1:6.7p1-5+deb8u3

ssh recommends no packages.

ssh suggests no packages.

-- no debconf information

Bug#881013: Patch

[Antonio Russo]

I've attached a very simple patch enforcing this constraint.

Antonio
commit cfb50102c8864ba59a67a25e772efe8d0c73e996
Author: Antonio Russo 
Date:   Sun Nov 19 17:03:47 2017 -0500

Add maximum version dependency on spl-dkms

diff --git a/debian/control b/debian/control
index dc8d0d65..3d6c973b 100644
--- a/debian/control
+++ b/debian/control
@@ -87,7 +87,7 @@ Description: OpenZFS pool library for Linux
 
 Package: zfs-dkms
 Architecture: all
-Pre-Depends: spl-dkms (>= ${source:Upstream-Version})
+Pre-Depends: spl-dkms (>= ${source:Upstream-Version}), spl-dkms (<=${source:Upstream-Version}.)
 Depends: dkms (>> 2.1.1.2-5), lsb-release, ${misc:Depends}
 Recommends: zfsutils-linux, zfs-zed
 Provides: zfs-modules
diff --git a/debian/control.in b/debian/control.in
index dc8d0d65..3d6c973b 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -87,7 +87,7 @@ Description: OpenZFS pool library for Linux
 
 Package: zfs-dkms
 Architecture: all
-Pre-Depends: spl-dkms (>= ${source:Upstream-Version})
+Pre-Depends: spl-dkms (>= ${source:Upstream-Version}), spl-dkms (<=${source:Upstream-Version}.)
 Depends: dkms (>> 2.1.1.2-5), lsb-release, ${misc:Depends}
 Recommends: zfsutils-linux, zfs-zed
 Provides: zfs-modules

Bug#880709: Library versions

[Antonio Russo]

All upstream testing and development is done with matching library and utility 
versions.
I really don't see any advantage to making fine-grained dependencies that 
expose Debian
users to unconventional configurations with some possibly non-matching library 
versions.
Just my 2 cents.

Antonio

Bug#882195: certbot: Install plug-ins, update to 0.20

[Matthias Urlichs]

Package: certbot
Version: 0.19.0-1
Severity: wishlist

I need version 0.20 and the dns-rfc2136 plugin.

Please update.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'oldstable'), (600, 'unstable'), (550, 
'experimental'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages certbot depends on:
ii  init-system-helpers  1.48
ii  python   2.7.13-2
pn  python-certbot   

certbot recommends no packages.

Versions of packages certbot suggests:
pn  python-certbot-apache  
pn  python-certbot-doc 

Bug#881597: krb5-multidev: Please make the package multi-arch installable

[Benjamin Kaduk]

On Sun, Nov 19, 2017 at 07:07:45PM -0500, Sam Hartman wrote:
> 
> Why do you want to replace krb5-config with pkg-config?
> That seems like a good option if we can sell upstream on the idea, but
> something requiring more thought otherwise.

I believe we can consider upstream sold.

pkg-config is the de facto standard for how to do this sort of
thing, and there is no need for krb5 to be its own special snowflake
anymore.  pkg-config also gives more reasonable behavior with
private libraries and static linking, if I remember correctly.

-Ben

Bug#882194: stretch-pu: package spamassassin/3.4.1-6+deb9u1

[Noah Meyerhans]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello. I'd like to fix a number of bugs in spamassassin, mostly related to
systemd service management. A debdiff against the current stretch version
is attached. All the changes have been in buster for some time. I've
tested them in fresh installation, upgrade, remove, and purge scenarios.

Thanks
noah
diff -Nru spamassassin-3.4.1/debian/65_debian.cf 
spamassassin-3.4.1/debian/65_debian.cf
--- spamassassin-3.4.1/debian/65_debian.cf  2016-10-30 09:39:27.0 
-0700
+++ spamassassin-3.4.1/debian/65_debian.cf  2017-11-19 10:43:02.0 
-0800
@@ -25,3 +25,10 @@
 metaD_SENT_BY_CRON __CRON_FROM && __CRON_HEADER
 score   D_SENT_BY_CRON -5.0
 describe D_SENT_BY_CRONSent by Cron Daemon
+
+# As documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861671,
+# the bb.barracudacentral.org blacklist requires users to register, making it
+# unsuitable for use in the default configuration. If you've registered your
+# use of this blacklist, remove the following line in order to re-activate
+# this service:
+score RCVD_IN_BRBL_LASTEXT 0
diff -Nru spamassassin-3.4.1/debian/changelog 
spamassassin-3.4.1/debian/changelog
--- spamassassin-3.4.1/debian/changelog 2016-10-30 09:39:27.0 -0700
+++ spamassassin-3.4.1/debian/changelog 2017-11-19 10:43:02.0 -0800
@@ -1,3 +1,21 @@
+spamassassin (3.4.1-6+deb9u1) stretch; urgency=medium
+
+  * Ensure that spamd doesn't automatically start upon initial
+installation.
+  * Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as
+it requires users to register. (Closes: #861671)
+  * Update the systemd unit file to use the same pid file as was
+used in the sysvinit script. (Closes: #808804)
+  * Update spamassassin docs to remove outdated gpg version
+compatibility note. (Closes: #853913)
+  * Update systemd unit dependencies to include network and syslog.
+(Closes: 864810)
+  * Fix inappropriate invocation of invoke-rc.d in cron script.
+(Closes: 865514)
+  * Fix spamd service manage on upgrades. (Closes: #865356)
+
+ -- Noah Meyerhans   Sun, 19 Nov 2017 10:43:02 -0800
+
 spamassassin (3.4.1-6) unstable; urgency=medium
 
   * Import upstream fix for spamassassin bug 7226: Enhance whitelist_from_dkim
diff -Nru spamassassin-3.4.1/debian/rules spamassassin-3.4.1/debian/rules
--- spamassassin-3.4.1/debian/rules 2016-10-30 09:39:27.0 -0700
+++ spamassassin-3.4.1/debian/rules 2017-11-19 10:43:02.0 -0800
@@ -125,9 +125,10 @@
dh_testroot -i
dh_installman -i sa-awl.1p sa-check_spamd.1p
dh_installdocs -i
-   dh_systemd_enable --no-enable
dh_installexamples -i
-   dh_installinit -i -- defaults 19 21
+   dh_systemd_enable -i --no-enable
+   dh_installinit -i --no-start -- defaults 19 21
+   dh_systemd_start -i --no-start
dh_installcron -i
dh_installchangelogs Changes -i
dh_link -i
diff -Nru spamassassin-3.4.1/debian/spamassassin.cron.daily 
spamassassin-3.4.1/debian/spamassassin.cron.daily
--- spamassassin-3.4.1/debian/spamassassin.cron.daily   2016-10-30 
09:39:27.0 -0700
+++ spamassassin-3.4.1/debian/spamassassin.cron.daily   2017-11-19 
10:43:02.0 -0800
@@ -53,8 +53,7 @@
 invoke-rc.d --quiet spamassassin status > /dev/null && \
   invoke-rc.d spamassassin reload > /dev/null
 else
-invoke-rc.d --quiet spamassassin status > /dev/null && \
-  /etc/init.d/spamassassin reload > /dev/null
+/etc/init.d/spamassassin reload > /dev/null
 fi
 if [ -d /etc/spamassassin/sa-update-hooks.d ]; then
 run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d
diff -Nru spamassassin-3.4.1/debian/spamassassin.postinst 
spamassassin-3.4.1/debian/spamassassin.postinst
--- spamassassin-3.4.1/debian/spamassassin.postinst 2016-10-30 
09:39:27.0 -0700
+++ spamassassin-3.4.1/debian/spamassassin.postinst 2017-11-19 
10:43:02.0 -0800
@@ -43,3 +43,9 @@
 fi
 
 #DEBHELPER#
+
+if [ "$1" = "configure" ] && [ -n "$2" ]; then
+if deb-systemd-helper was-enabled spamassassin.service > /dev/null; then
+   invoke-rc.d spamassassin restart
+fi
+fi
diff -Nru spamassassin-3.4.1/debian/spamassassin.prerm 
spamassassin-3.4.1/debian/spamassassin.prerm
--- spamassassin-3.4.1/debian/spamassassin.prerm2016-10-30 
09:39:27.0 -0700
+++ spamassassin-3.4.1/debian/spamassassin.prerm2017-11-19 
10:43:02.0 -0800
@@ -9,6 +9,7 @@
 # /etc/spamassassin without causing dpkg to complain on purge.
 
 if [ "$1" = "remove" ]; then
+invoke-rc.d --quiet spamassassin stop || true
 rm -Rf /var/lib/spamassassin
 rm -Rf /etc/spamassassin/sa-update-keys
 fi
diff -Nru spamassassin-3.4.1/debian/spamassassin.README.Debian 
spamassassin-3.4.1/debian/spamassassin.README.Debian
--- 

Bug#882193: xauth: FTBFS under pbuilder with output redirected

[Daniel Schepler]

Source: xauth
Version: 1:1.0.9-1
Severity: important

>From my pbuilder build log, with stdout redirected to a pipe into "tee
.../build-log-amd64":

...
   debian/rules override_dh_auto_test
make[1]: Entering directory '/build/xauth-1.0.9'
dh_auto_test -- VERBOSE=1
dh_auto_test: Compatibility levels before 9 are deprecated (level 8 in use)
   cd build && make -j1 check VERBOSE=1 VERBOSE=1
make[2]: Entering directory '/build/xauth-1.0.9/build'
Making check in man
make[3]: Entering directory '/build/xauth-1.0.9/build/man'
make[3]: Nothing to be done for 'check'.
make[3]: Leaving directory '/build/xauth-1.0.9/build/man'
Making check in tests
make[3]: Entering directory '/build/xauth-1.0.9/build/tests'
make  test_xauth
make[4]: Entering directory '/build/xauth-1.0.9/build/tests'
gcc -DHAVE_CONFIG_H -I. -I../../tests -I.. -g -O2 -c -o
test_xauth.o ../../tests/test_xauth.c
gcc  -g -O2   -o test_xauth test_xauth.o
make[4]: Leaving directory '/build/xauth-1.0.9/build/tests'
make  check-TESTS
make[4]: Entering directory '/build/xauth-1.0.9/build/tests'
make[5]: Entering directory '/build/xauth-1.0.9/build/tests'
FAIL: test_xauth
===
  xauth 1.0.9: tests/test-suite.log
===

# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: test_xauth


Traceback (most recent call last):
 File "/usr/lib/python2.7/dist-packages/cliapp/app.py", line 193, in _run
   self.process_args(args)
 File "/usr/bin/cmdtest", line 64, in process_args
   self.setup_ttystatus(td)
 File "/usr/bin/cmdtest", line 105, in setup_ttystatus
   self.ts = ttystatus.TerminalStatus(period=0.001)
 File "/usr/lib/python2.7/dist-packages/ttystatus/status.py", line 37,
in __init__
   period=period, _terminal=_terminal)
 File "/usr/lib/python2.7/dist-packages/ttystatus/messager.py", line
45, in __init__
   self._terminal.open_tty()
 File "/usr/lib/python2.7/dist-packages/ttystatus/tty.py", line 36, in open_tty
   curses.setupterm(None, self._terminal.fileno())
error: setupterm: could not find terminal
FAIL test_xauth (exit status: 1)


Testsuite summary for xauth 1.0.9

# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

See tests/test-suite.log
Please report to https://bugs.freedesktop.org/enter_bug.cgi?product=xorg

Makefile:628: recipe for target 'test-suite.log' failed
make[5]: *** [test-suite.log] Error 1
make[5]: Leaving directory '/build/xauth-1.0.9/build/tests'
Makefile:734: recipe for target 'check-TESTS' failed
make[4]: *** [check-TESTS] Error 2
make[4]: Leaving directory '/build/xauth-1.0.9/build/tests'
Makefile:807: recipe for target 'check-am' failed
make[3]: *** [check-am] Error 2
make[3]: Leaving directory '/build/xauth-1.0.9/build/tests'
Makefile:521: recipe for target 'check-recursive' failed
make[2]: *** [check-recursive] Error 1
make[2]: Leaving directory '/build/xauth-1.0.9/build'
dh_auto_test: cd build && make -j1 check VERBOSE=1 VERBOSE=1 returned
exit code 2
debian/rules:12: recipe for target 'override_dh_auto_test' failed
make[1]: *** [override_dh_auto_test] Error 2
make[1]: Leaving directory '/build/xauth-1.0.9'
debian/rules:18: recipe for target 'build' failed
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
-- 
Daniel Schepler

Bug#882188: juce: FTBFS on non-Linux: sys/prctl.h: No such file or directory

[Aaron M. Ucko]

"Aaron M. Ucko"  writes:

> However, there may well be additional portability issues; in
> particular, I see that libopenshot-audio FTBFS on hurd-i386 due to
> errors in "JuceLibraryCode".  (I'll report that failure separately.)

Rather, I already did (as #876792); likewise, #876793 corresponds to #882189.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#882192: linux: PREEMPT_RT not available

[wargreen]

Source: linux
Version: 4.12
Severity: important

Dear maintainers,

The PREEMPT_RT patch was disable to wait the 4.12 update
[https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/changelog?h=sid#n1104],
but it was updated to 4.14 now
[https://www.kernel.org/pub/linux/kernel/projects/rt/]

Thanks,
wargreen



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-rt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#882191: ktuberling: file conflict with kde-l10n-ptbr: /usr/share/doc/HTML/pt_BR/ktuberling/index.cache.bz2

[Andreas Beckmann]

Package: ktuberling
Version: 4:17.08.3-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package ktuberling.
  Preparing to unpack .../329-ktuberling_4%3a17.08.3-2_amd64.deb ...
  Unpacking ktuberling (4:17.08.3-2) ...
  dpkg: error processing archive 
/tmp/apt-dpkg-install-EIyn9C/329-ktuberling_4%3a17.08.3-2_amd64.deb (--unpack):
   trying to overwrite '/usr/share/doc/HTML/pt_BR/ktuberling/index.cache.bz2', 
which is also in package kde-l10n-ptbr 4:16.04.3-3
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /tmp/apt-dpkg-install-EIyn9C/329-ktuberling_4%3a17.08.3-2_amd64.deb

I'm filing only this one bug (because ktuberling is the only
package with a -2 revision and a changelog entry pointing
into the Breaks+Replaces direction),
but the problem affects many packages uploaded yesterday:

ark=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
blinken=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
bomber=4:17.08.3-1  kde-l10n-ptbr=4:16.04.3-3
bovo=4:17.08.3-1kde-l10n-ptbr=4:16.04.3-3
filelight=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3
granatier=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3
kapman=4:17.08.3-1  kde-l10n-ptbr=4:16.04.3-3
katomic=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
kblackbox=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3
kblocks=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
kbounce=4:17.08.3-1 kde-l10n-ptbr=4:16.04.3-3
kbreakout=4:17.08.3-1   kde-l10n-ptbr=4:16.04.3-3

kde-l10n-ptbr=4:16.04.3-3   kdiamond=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   kfourinline=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   khangman=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   killbots=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   kiriki=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   kjumpingcube=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   klettres-data=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   klickety=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   klines=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   kmahjongg=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   kmines=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   knavalbattle=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   knetwalk=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   kollision=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   kpat=4:17.08.3-2
kde-l10n-ptbr=4:16.04.3-3   kshisen=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   ksquares=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   ksystemlog=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   kteatime=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   ktuberling=4:17.08.3-2
kde-l10n-ptbr=4:16.04.3-3   lokalize=4:17.08.3-1
kde-l10n-ptbr=4:16.04.3-3   picmi=4:17.08.3-1

kde-l10n-sr=4:16.04.3-3 lokalize=4:17.08.3-1


cheers,

Andreas


kde-l10n-ptbr=4%16.04.3-3_ktuberling=4%17.08.3-2.log.gz
Description: application/gzip

Bug#878474: hiredis FTCBFS: fails running tests despite DEB_BUILD_OPTIONS=nocheck

[Tom Lee]

>
> I don't expect that you have to do anything special, apart from "git
> pull" and keeping the changes in the next versions.


Yep! That's what I meant: I'll be sure to pull this change into the next
release.

I'll try to have a look to the package BTS for some weeks, to see if
> the package has new bugs as a consequence of this change; but just in
> case that I fail to notice, please tell me if such things happens or
> if you think that I can help in any way!


Appreciate it, will do.  :)

Cheers,
Tom

On Sun, Nov 19, 2017 at 4:50 PM, Manuel A. Fernandez Montecelo <
manuel.montez...@gmail.com> wrote:

> 2017-11-20 0:17 GMT+01:00 Tom Lee :
> > Thank you Manuel, go for it. This slipped off my radar, will try to get
> it
> > sorted out soon. Sorry folks!
>
> OK, rescheduled, thanks.
>
> I don't expect that you have to do anything special, apart from "git
> pull" and keeping the changes in the next versions.
>
> I'll try to have a look to the package BTS for some weeks, to see if
> the package has new bugs as a consequence of this change; but just in
> case that I fail to notice, please tell me if such things happens or
> if you think that I can help in any way!
>
>
> Cheers.
> --
> Manuel A. Fernandez Montecelo 
>



-- 
*Tom Lee */ http://tomlee.co / @tglee 

Bug#878490: Pending fixes for bugs in the fonts-hanazono package

[pkg-fonts-devel]

tag 878490 + pending
thanks

Some bugs in the fonts-hanazono package are closed in revision
7df0f4c74a942ac2294ae004f9d0984704a46a8c in branch '  master' by
Nobuhiro Iwamatsu

The full diff can be seen at
http://anonscm.debian.org/gitweb/?p=pkg-fonts/fonts-hanazono.git;a=commitdiff;h=7df0f4c

Commit message:

Remove ttf-hanazono (Closes: #878490)

Signed-off-by: Nobuhiro Iwamatsu 

Bug#882190: rhythmbox: Audio switches off when screen saver starts under gnome

[paul d]

Package: rhythmbox
Version: 3.4.1-2+b1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation? Using it normally to play FLAC audio file
   * What exactly did you do (or not do) that was effective (or
 ineffective)? Start playing and wait until screen saver kicks in
   * What was the outcome of this action? No audio until I wake up screen from
screen saver
   * What outcome did you expect instead? Audio should not be affected by a
screen saver

*** End of the template - remove these template lines ***



-- System Information:
Debian Release: 9.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rhythmbox depends on:
ii  dbus1.10.22-0+deb9u1
ii  gstreamer1.0-plugins-base   1.10.4-1
ii  gstreamer1.0-plugins-good   1.10.4-1
ii  gstreamer1.0-x  1.10.4-1
ii  libc6   2.24-11+deb9u1
ii  libglib2.0-02.50.3-2
ii  libgstreamer-plugins-base1.0-0  1.10.4-1
ii  libgstreamer1.0-0   1.10.4-1
ii  libgtk-3-0  3.22.11-1
ii  libpeas-1.0-0   1.20.0-1+b1
ii  librhythmbox-core10 3.4.1-2+b1
ii  libx11-62:1.6.4-3
ii  media-player-info   22-3
ii  rhythmbox-data  3.4.1-2

Versions of packages rhythmbox recommends:
ii  avahi-daemon0.6.32-2
ii  gnome-shell [notification-daemon]   3.22.3-3
ii  gstreamer1.0-plugins-ugly   1.10.4-1
ii  gstreamer1.0-pulseaudio 1.10.4-1
ii  gvfs-backends   1.30.4-1
ii  notification-daemon 3.20.0-1+b1
ii  plasma-workspace [notification-daemon]  4:5.8.6-2.1
ii  rhythmbox-plugins   3.4.1-2+b1
ii  yelp3.22.0-1

Versions of packages rhythmbox suggests:
pn  gnome-codec-install  
ii  gnome-control-center 1:3.22.2-3
ii  gstreamer1.0-plugins-bad 1.10.4-1
ii  rhythmbox-plugin-cdrecorder  3.4.1-2+b1

-- no debconf information

Bug#882189: juce: FTBFS on m68k: StringHolder is not large enough to hold an empty String

[Aaron M. Ucko]

Source: juce
Version: 5.2.0~repack-1
Severity: important
Tags: upstream
Justification: fails to build from source
User: debian-m...@lists.debian.org
Usertags: m68k

Builds of juce for m68k (admittedly not a release architecture) have
been failing:

  ../../../../modules/juce_core/text/juce_String.cpp:233:9: error: static 
assertion failed: StringHolder is not large enough to hold an empty String

I presume Atomic needs a separate lock on this architecture.

Could you please take a look?

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#882188: juce: FTBFS on non-Linux: sys/prctl.h: No such file or directory

[Aaron M. Ucko]

Source: juce
Version: 5.2.0~repack-1
Severity: important
Tags: upstream
Justification: fails to build from source
User: debian-h...@lists.debian.org
Usertags: hurd-i386

Builds of juce for hurd-i386 and kfreebsd-* (admittedly not release
architectures) have been failing.  The immediate problem is

  ../../../../modules/juce_core/native/juce_BasicNativeHeaders.h:232:11: fatal 
error: sys/prctl.h: No such file or directory

However, there may well be additional portability issues; in
particular, I see that libopenshot-audio FTBFS on hurd-i386 due to
errors in "JuceLibraryCode".  (I'll report that failure separately.)

Could you please take a look?

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#880411: sqldeveloper-package version forking

[Lazarus Long]

Hi.

First let me thank Adam for the sponsorship.

I've already had manually closed the LP #, and just closed #693798 also.

Didn't think about tagging #868673 until Phil's suggestion, thank you
very much for it (your suggested way of adding the tag didn't work for
me, had to do it the documented way of mailing control).

(BTW, I'm in the process of getting 0.5.0 ready in a week or two, it's
a major revamp, due to Oracle including shared libraries in SQL
Developer 4.1 which aren't being used in Debian due to their location)

-- 
Lazarus

On Mon, Nov 20, 2017 at 12:17 AM, Phil Morrell  wrote:
> On 19 November 2017 at 20:51, Adam Borowski  wrote:
>>On Sun, Nov 19, 2017 at 04:55:42AM +, Lazarus Long wrote:
>>> The fact is that the NMU became a fork of an older version, that is out of,
>>> and irrelevant for, my timeline.
>>
>> Well, the history not having a record of a previous upload will confuse bug
>> version tracking.  I think that, barring a manual intervention of setting a
>> "fixed" version in the bug that's a part of its current version history,
>> the bug will never go away.
>>
>> But I'm not sure what will happen.
>
> Yes, both the NMU and proposed-updates versions are forks, both of
> which are correctly recorded as Closes [868673]. As a result, if you
> click on the version graph and then "Don't ignore boring", both
> branches end in green and are also listed as "Fixed in versions".
>
> As for what will happen with v0.4.4, it would be nice if all the
> intermediary changelog entries were processed, but by the looks of
> [accepted], only the specifically uploaded one is. 20/20 hindsight
> therefore says v0.4.4 changelog should have included something like
> the following (split out according to this [guidance]):
>
> * Incorporates unreleased fixes now uploaded to unstable:
>   - JVM path (Closes: #693798)
>   - build error (Closes: #868673)
>   - Included debhelper on the build dependency list (LP: #588458)
>   - Replaced dh options with overrides (LP: #998258)
>
> [868673]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868673
> [accepted]: https://tracker.debian.org/news/887940
> [guidance]: 
> https://lists.debian.org/debian-devel-announce/2003/06/msg00016.html
>
> I documented this partly for my own learning, but Lazarus please can
> you send the relevant metadata emails, or let me know you don't have
> time to? I believe this is all you need to fix the version graph (for
> each bug):
>
> "Control: fixed -1 0.4.4" (at top of email to 868673-done)
>
> https://www.debian.org/Bugs/server-control#fixed
> --
> Phil Morrell (emorrp1)

Bug#882187: git-buildpackage: gbp pull: add option to setup missing tracking branches upstream, pristine-tar

[Andreas Beckmann]

Package: git-buildpackage
Version: 0.9.3
Severity: normal

Hi,

after cloning a repository with debcheckout, I'm missing the upstream
and pristine-tar branches. It would be nice to have an option for gbp
pull to set up these missing tracking branches. (upstream branch name
should of course depend on debian/gbp.conf)


And maybe even better: obsolete debcheckout usage by adding something
like

gbp clone [-a] 

using the repository information from Vcs-Git in Sources, s.t.
I don't have to lookup the URL myself. Don't forget that there could
be branch information in Vcs-Git. Should also support URL rewriting from
anonymous to authenticated like debcheckout -a.


And maybe add some option to gbp pull or gbp push to rewrite the
repository URL from anonymous to authenticated, to allow pushing even if
one forgot the '-a' option to the initial debcheckout / gbp clone.


Andreas

PS: please clone to as many bugs as you want :-)

Bug#882186: jenkins.debian.org: bin/reproducible_maintenance.sh: Update email subject of status change mails; we've HTTP redirected for months now

[Chris Lamb]

Package: jenkins.debian.org
Severity: wishlist
Tags: patch

Hi,

Attached is the following:

  commit a9d8854ce595fb4e36b6a4b647fd9c491174e849
  Author: Chris Lamb 
  Date:   Mon Nov 20 09:55:47 2017 +0900
  
  bin/reproducible_maintenance.sh: Update email subject of status change 
mails; we've HTTP redirected for months now
  
  I did not update the "From:" line to rb-general as we are sending the
  mails to s...@packages.debian.org so wasn't 100% sure about that.
  
   bin/reproducible_maintenance.sh | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)

You could also pull from "reproducible-debian-net-references" on

  https://github.com/lamby/jenkins.debian.net


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
>From a9d8854ce595fb4e36b6a4b647fd9c491174e849 Mon Sep 17 00:00:00 2001
From: Chris Lamb 
Date: Mon, 20 Nov 2017 09:55:47 +0900
Subject: [PATCH] bin/reproducible_maintenance.sh: Update email subject of
 status change mails; we've HTTP redirected for months now

I did not update the "From:" line to rb-general as we are sending the
mails to s...@packages.debian.org so wasn't 100% sure about that.
---
 bin/reproducible_maintenance.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/reproducible_maintenance.sh b/bin/reproducible_maintenance.sh
index 991f0a76..90121b43 100755
--- a/bin/reproducible_maintenance.sh
+++ b/bin/reproducible_maintenance.sh
@@ -488,7 +488,7 @@ if [ "$HOSTNAME" = "$MAINNODE" ] && [ $(date -u +%H) -eq 0 ]  ; then
 			TMPFILE=$(mktemp --tmpdir=$TEMPDIR maintenance-)
 			PKG=$(basename $NOTE)
 			mv $NOTE $TMPFILE
-			cat $TMPFILE | mail -s "reproducible.debian.net status changes for $PKG" \
+			cat $TMPFILE | mail -s "tests.reproducible-builds.org status changes for $PKG" \
 -a "From: Reproducible builds folks " \
  $p...@packages.debian.org
 			rm -f $TMPFILE
-- 
2.15.0

Bug#878474: hiredis FTCBFS: fails running tests despite DEB_BUILD_OPTIONS=nocheck

[Manuel A. Fernandez Montecelo]

2017-11-20 0:17 GMT+01:00 Tom Lee :
> Thank you Manuel, go for it. This slipped off my radar, will try to get it
> sorted out soon. Sorry folks!

OK, rescheduled, thanks.

I don't expect that you have to do anything special, apart from "git
pull" and keeping the changes in the next versions.

I'll try to have a look to the package BTS for some weeks, to see if
the package has new bugs as a consequence of this change; but just in
case that I fail to notice, please tell me if such things happens or
if you think that I can help in any way!


Cheers.
-- 
Manuel A. Fernandez Montecelo 

Bug#882184: ITP: airspyhf -- Airspy HF+ software defined radio support

[A. Maitland Bottoms]

Package: wnpp
Severity: wishlist
Owner: "A. Maitland Bottoms" 

* Package name: airspyhf
  Version : 1.0
  Upstream Author : Airspy (Ian Gilmour, Youssef Touil)
* URL : https://airspy.com/airspy-hf-plus/
* License : BSD 3 Clause
  Programming Lang: C
  Description : User mode driver for Airspy HF+
host software for a high performance
software defined radio for the HF and VHF bands.

This package provides a small library and udev configuration support
of a USB peripheral.

Technical specifications

HF coverage between 9 kHz .. 31 MHz
VHF coverage between 60 .. 260 MHz

Typical Applications

High Performance Networked HF/VHF Radio
Ham Radio (HF + 2m)
Short Wave Listening (SWL)
AM DX
FM DX
VHF-L TV DX
Remote Telemetry Radio Receiver
Low Bands IoT

Recent gqrx-sdr, 2.9: Released November 11, 2017
   NEW: Airspy HF+ support.

-Maitland

Bug#855887: Any news

[Jelmer Vernooij]

On Sun, Nov 19, 2017 at 10:59:40PM +0100, Félix Sipma wrote:
> On 2017-11-19 22:45+0100, Félix Sipma wrote:
> > On 2017-11-19 22:45+0100, Félix Sipma wrote:
> >> I uploaded the last version to mentors and to my repo. No need to open an 
> >> RFS?
> > 
> > Forgot the link:
> > https://mentors.debian.net/debian/pool/main/t/todoman/todoman_3.2.4-1.dsc
> 
> I just updated a new version which fixes a typo.
Thanks! I'll review and barring any issues upload this week.

Cheers,

Jelmer

-- 
Jelmer Vernooij 
PGP Key: https://www.jelmer.uk/D729A457.asc


signature.asc
Description: PGP signature

Bug#872251: libvoikko-dev is wrongly marked Multi-Arch: foreign

[Manuel A. Fernandez Montecelo]

Hi,

2017-10-11 00:03 Manuel A. Fernandez Montecelo:

Hi,

2017-08-15 12:20 Helmut Grohne:

Package: libvoikko-dev
Version: 4.1.1-1
Severity: important
User: helm...@debian.org
Usertags: rebootstrap
Control: affects -1 + src:tmispell-voikko

tmispell-voikko fails to cross build from source, because it cannot find
-lvoikko in the public shared library search path. It requested
libvoikko-dev its Build-Depends. The build architecture libvoikko-dev
was installed, because libvoikko-dev is wrongly marked Multi-Arch:
foreign.

libvoikko-dev was probably marked Multi-Arch: foreign, because it also
contains tools in /usr/bin that are expected to be executable. For
practical cross building, those tools will need to be installed for a
different architecture than the .so symlink. Thus the only viable long
term solution is to split libvoikko-dev into two packages, one of them
being Multi-Arch: foreign and the other Multi-Arch: same. Typically, the
package containing the programs would be called libvoikko-dev-bin and
libvoikko-dev would depend on it.

As a short term solution (closing this bug), please remove Multi-Arch:
foreign from libvoikko-dev as it does more harm than good.


This seem to be an important package to build enchant and, through it,
many other packages.  So I think that it would be nice if this is
solved.

Will it help if I prepare an NMU?


Since the repo is in collab-maint and I am about to NMU (due to the lack
of feedback to the original report and my follow-up), I just pushed this:

 https://anonscm.debian.org/cgit/collab-maint/libvoikko.git/log/

in particular:

 
https://anonscm.debian.org/cgit/collab-maint/libvoikko.git/commit/?id=94e7ce125739e59241c04034f5b0615e93c3cc49

Please review.  Explanations follow.

===

Context: Contrary to the initial assumptions by Helmut, as I understood
them, the binaries are not needed for compilation at all, they are not
pre-processors or similar tools -- they are instead like "examples" or
derived tools of the library, that others can use.  It's like if an XML
library provides a parser or coloriser as a tool.

So my change splits the package to put the libraries (libvoikko-bin, not
-dev-bin as initially suggested), makes -dev recommend it (for possible
r-depends using it, like voikko-fi using the binary programs in rules),
and -dev is marked as "Multi-Arch: same" while -bin one is not marked at
all (implicit "no", IIRC).

However, I am not sure if a "M-A: same" recommending/depending on a
"M-A: no" renders the ": same" unusable, please advise (esp. Helmut).

I'd appreciate review on the changes as a whole anyway, since the
changes in this NMU are a bit more intrusive than others and the
suggested initial fix (just remove the "Multi-Arch: foreign").

If everything is OK, I plan to upload the NMU in the next few days.

Cheers.
--
Manuel A. Fernandez Montecelo 

Bug#882047: [pkg-apparmor] Bug#882047: Bug#882047: apparmor-utils: aa-complain thunderbird fails

[Ben Caradoc-Davies]

On 20/11/17 09:38, Christian Boltz wrote:

Thanks, but unfortunately I still can't reproduce the problem :-(
Can you add a bit of debugging code in aa.py, please?
Search for
 def get_profile_flags(filename, program):
and add the lines marked with "# added" (or just replace the function
with the code below) 
def get_profile_flags(filename, program):

 # To-Do
 # XXX If more than one profile in a file then second one is being ignored 
XXX
 # Do we return flags for both or
 print('looking for', filename, program)  # added
 flags = ''
 with open_file_read(filename) as f_in:
 print('reading file %s' % filename)  # added
 for line in f_in:
 if RE_PROFILE_START.search(line):
 matches = parse_profile_start_line(line, filename)
 profile = matches['profile']
 flags = matches['flags']
 print('found RE_PROFILE_START in %s' % line)  # added
 print(profile, flags)  # added
 if profile == program or program is None:
 print('match, returning flags')  # added
 return flags
 print('no profile', filename, program)  # added
 raise AppArmorException(_('%s contains no profile') % filename)
Then run   aa-complain thunderbird   again and send the output.


Sure. As requested:


# aa-complain thunderbird
Setting /usr/bin/thunderbird to complain mode.
looking for /etc/apparmor.d/usr.bin.thunderbird /usr/bin/thunderbird
reading file /etc/apparmor.d/usr.bin.thunderbird
found RE_PROFILE_START in profile thunderbird 
/usr/lib/thunderbird/thunderbird {


thunderbird None
found RE_PROFILE_START in   profile gpg {

gpg None
found RE_PROFILE_START in   profile lsb_release {

lsb_release None
no profile /etc/apparmor.d/usr.bin.thunderbird /usr/bin/thunderbird

ERROR: /etc/apparmor.d/usr.bin.thunderbird contains no profile


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Bug#880411: sqldeveloper-package version forking

[Phil Morrell]

On 19 November 2017 at 20:51, Adam Borowski  wrote:
>On Sun, Nov 19, 2017 at 04:55:42AM +, Lazarus Long wrote:
>> The fact is that the NMU became a fork of an older version, that is out of,
>> and irrelevant for, my timeline.
>
> Well, the history not having a record of a previous upload will confuse bug
> version tracking.  I think that, barring a manual intervention of setting a
> "fixed" version in the bug that's a part of its current version history,
> the bug will never go away.
>
> But I'm not sure what will happen.

Yes, both the NMU and proposed-updates versions are forks, both of
which are correctly recorded as Closes [868673]. As a result, if you
click on the version graph and then "Don't ignore boring", both
branches end in green and are also listed as "Fixed in versions".

As for what will happen with v0.4.4, it would be nice if all the
intermediary changelog entries were processed, but by the looks of
[accepted], only the specifically uploaded one is. 20/20 hindsight
therefore says v0.4.4 changelog should have included something like
the following (split out according to this [guidance]):

* Incorporates unreleased fixes now uploaded to unstable:
  - JVM path (Closes: #693798)
  - build error (Closes: #868673)
  - Included debhelper on the build dependency list (LP: #588458)
  - Replaced dh options with overrides (LP: #998258)

[868673]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868673
[accepted]: https://tracker.debian.org/news/887940
[guidance]: https://lists.debian.org/debian-devel-announce/2003/06/msg00016.html

I documented this partly for my own learning, but Lazarus please can
you send the relevant metadata emails, or let me know you don't have
time to? I believe this is all you need to fix the version graph (for
each bug):

"Control: fixed -1 0.4.4" (at top of email to 868673-done)

https://www.debian.org/Bugs/server-control#fixed
--
Phil Morrell (emorrp1)

Bug#882154: lintian: Raise level for -dbg packages

[Chris Lamb]

tags 882154 + pending
thanks

> There are various reasons where -dbg packages are still required.
> 
> One example are the python -dbg packages that also use python-dbg.

Indeed, but aren't these small enough in number to either have an
exception within lintian itself or an explicit override? :)

Anyway, initial version in Git here:

  
https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=485ebff875829733de1b44a5ba3c253d365be3a4


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#881903: Please use angles in From: addr-spec

[Don Armstrong]

On Thu, 16 Nov 2017, Michael Stapelberg wrote:
> I first noticed this when looking through the archives of some of our
> lists on master.debian.org, see e.g.:

Yeah, I think mutt just automatically converts these style headers, so I
personally never notice them.

Sounds reasonable; patch put in.

-- 
Don Armstrong  https://www.donarmstrong.com

"That is why I am still tyrant of [Ankh-Morpork]. The way to retain
power, I have always thought, is to ensure the absolute unthinkability
of oneself not being there."
 -- Terry Pratchett _Unseen Academicals_ p391

Bug#881597: krb5-multidev: Please make the package multi-arch installable

[Sam Hartman]

Thanks.
I'll take a look next week.
This looks very promising.
Unless I'm missing something, I think you've done a lot of the work
regardless of whether we want to wrap krb5-config architecture scripts
or wrap a script that calls cross-pkg-config.


Why do you want to replace krb5-config with pkg-config?
That seems like a good option if we can sell upstream on the idea, but
something requiring more thought otherwise.

Are there advantages/simplicities in coding that led you to that
approach?  I'd like to understand so I can evaluate.

less good options
i'm a bit concerned that getting the behavior of all the different
--libs options for the different types of Kerberos apps will be a bit
fiddly.

Bug#882182: ftp.debian.org: Misplaced stretch release line in https://ftp-master.debian.org/stat.html

[Christoph Biedl]

Package: ftp.debian.org
Severity: minor

Hello,

The older graphs in  have a
small line indicating the stretch release date, e.g.
.

However it seems line is placed somewhere in August, while the stretch
release was already in June. Please check.

Christoph


signature.asc
Description: Digital signature

Bug#849514: lintian: Add homepage-uses-insecure-uri tag (HTTP uri in Homepage field)

[Chris Lamb]

Hi Axel,

> > Eh, I was just about to suggest the same. I would however rather ship a
> > list of hosts that are known to offer the service on https, too.
> 
> That's probably unmaintainable, except for a few big site (GitHub,
> MetaCPAN, etc.)

Lets go with this approach for now. The last thing we want is people
to start ignoring Lintian, naturally.

  
https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=b2c73b56774505439b774e256616212102a0f804


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#874790: /lib/rc/bin/lsb2rcconf: Boot dependency does not work for nfs-common

[Benda Xu]

Thanks Adam,

Adam Borowski  writes:

> On Sun, Nov 19, 2017 at 10:46:12PM +0900, Benda Xu wrote:
>> Do you have a quick idea of parsing /etc/insserv.conf.d/* along with
>> /etc/insserv.conf in lsb2rcconf?
>
> I've looked at it before, but somehow I got distracted and didn't mark this
> on my TODO.  The way real insserv parses file names is _thoroughly_ insane:
> details are in this bug report (https://bugs.debian.org/874790).  Looking at
> all current users in Debian, I'd suggest filtering files in
> /etc/insserv.conf.d/* by /^[a-zA-Z0-9_-]+$/ rather than copying insserv
> exactly.  This should be safe enough for expected out-of-archive uses.
>
> Also, affected daemons look significant enough (rpcbind (NFS), postfix,
> mariadb, unbound, ...) that I believe this bug should be bumped to at least
> severity:important and fixed in stable.
>
> (Well, unbound works for me, but NFS is broken.)

I have read your dissection of insserv and I think /^[a-zA-Z0-9_-]+$/ is
a good choice.  It looks like the glibc regex_t is good to go,

  https://www.gnu.org/software/libc/manual/html_node/Regular-Expressions.html

Just want to see what Demitry thinks and if he would like to integrate
it into lsb2rcconf.

Cheeers,
Benda

Bug#882180: nmu: multiple python related packages

[Laurent Bigonville]

On Mon, 20 Nov 2017 00:16:08 +0100 Laurent Bigonville  
wrote:


> Hello,
>
> Apparently pycairo upstream broke the ABI a while back and the package
> with this breakage has been uploaded (by me) in unstable today. (See:
> #878080)
>
> I don't think that reverting the break is a good idea has it happened
> upstream sometime ago and IMHO we should just go forward.
>
> The number of package impacted is quite limited[0], some have already
> been fixed by a sourceful upload to day, the remaining ones are:
>

I think that python-mapnik should be added as well to the list as well, 
it build-depends against python-cairo-dev and seems to use it

Bug#661005: Final Notice akrn

[leng7672]

Fuck you scammer

> On Nov 19, 2017, at 12:48 PM, 11 last chance  wrote:
> 
> hello Dear!
> 
> Welcome to Amazon Final Notice For Amazon Rewards
> 
> NewPost: 50usd AmazonOffer here
> 
> 30 seconds to a 50usdReward! leonard. Click here to get started
> 
> 
> 
> 
> You may unsubscribe at any time. Unsubscribe 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Your message dated Sun, 19 Nov 2017 18:45:33 +0100 with message-id and 
> subject line Re: python-cairo: ImageSurface.write_to_png() transparency fails 
> has caused the Debian Bug report #661005, regarding python-cairo: 
> ImageSurface.write_to_png() transparency fails to be marked as done. This 
> means that you claim that the problem has been dealt with. If this is not the 
> case it is now your responsibility to reopen the Bug report if necessary, 
> and/or fix the problem forthwith. (NB: If you are a system administrator and 
> have no idea what this message is talking about, this may indicate a serious 
> mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org 
> immediately.) -- 661005: 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661005 Debian Bug Tracking 
> System Contact ow...@bugs.debian.org with problems
> 
> 

Bug#882181: mockito: FTBFS - java.lang.UnsupportedOperationException: Cannot nest operations in the same thread

[Gilles Filippini]

Source: mockito
Version: 1.10.19-2
Severity: serious
Justification: FTBFS

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

While testing a build of mockito against a new json-simple releae I've
experienced a FTBFS which is reproducible when building into a clean sid
chroot:

Task :test class loader hash: 83f3637f6805a7b149525a93c5faad58
Task :test actions class loader hash: d883a18cf154fc57e90f4d3fa9e5588f
Executing task ':test' (up-to-date check took 0.041 secs) due to:
  No history is available.
Cannot nest operations in the same thread. Each nested operation must run in 
its own thread.
java.lang.UnsupportedOperationException: Cannot nest operations in the same 
thread. Each nested operation must run in its own thread.
at 
org.gradle.internal.operations.DefaultBuildOperationWorkerRegistry.doStartOperation(DefaultBuildOperationWorkerRegistry.java:65)
at 
org.gradle.internal.operations.DefaultBuildOperationWorkerRegistry.access$400(DefaultBuildOperationWorkerRegistry.java:30)
at 
org.gradle.internal.operations.DefaultBuildOperationWorkerRegistry$DefaultOperation.operationStart(DefaultBuildOperationWorkerRegistry.java:163)
at 
org.gradle.api.internal.tasks.testing.worker.ForkingTestClassProcessor.processTestClass(ForkingTestClassProcessor.java:68)
at 
org.gradle.api.internal.tasks.testing.processors.RestartEveryNTestClassProcessor.processTestClass(RestartEveryNTestClassProcessor.java:47)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
at 
org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at 
org.gradle.internal.dispatch.FailureHandlingDispatch.dispatch(FailureHandlingDispatch.java:29)
at 
org.gradle.internal.dispatch.AsyncDispatch.dispatchMessages(AsyncDispatch.java:132)
at 
org.gradle.internal.dispatch.AsyncDispatch.access$000(AsyncDispatch.java:33)
at 
org.gradle.internal.dispatch.AsyncDispatch$1.run(AsyncDispatch.java:72)
at 
org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:54)
at 
org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:40)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Cannot nest operations in the same thread. Each nested operation must run in 
its own thread.
java.lang.UnsupportedOperationException: Cannot nest operations in the same 
thread. Each nested operation must run in its own thread.
at 
org.gradle.internal.operations.DefaultBuildOperationWorkerRegistry.doStartOperation(DefaultBuildOperationWorkerRegistry.java:65)
at 
org.gradle.internal.operations.DefaultBuildOperationWorkerRegistry.access$400(DefaultBuildOperationWorkerRegistry.java:30)
at 
org.gradle.internal.operations.DefaultBuildOperationWorkerRegistry$DefaultOperation.operationStart(DefaultBuildOperationWorkerRegistry.java:163)
at 
org.gradle.api.internal.tasks.testing.worker.ForkingTestClassProcessor.processTestClass(ForkingTestClassProcessor.java:68)
at 
org.gradle.api.internal.tasks.testing.processors.RestartEveryNTestClassProcessor.processTestClass(RestartEveryNTestClassProcessor.java:47)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
at 
org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at 
org.gradle.internal.dispatch.FailureHandlingDispatch.dispatch(FailureHandlingDispatch.java:29)
at 
org.gradle.internal.dispatch.AsyncDispatch.dispatchMessages(AsyncDispatch.java:132)
at 
org.gradle.internal.dispatch.AsyncDispatch.access$000(AsyncDispatch.java:33)
at 
org.gradle.internal.dispatch.AsyncDispatch$1.run(AsyncDispatch.java:72)
at 
org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:54)
at 
org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:40)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 

Bug#878474: hiredis FTCBFS: fails running tests despite DEB_BUILD_OPTIONS=nocheck

[Tom Lee]

Thank you Manuel, go for it. This slipped off my radar, will try to get it
sorted out soon. Sorry folks!

Cheers,
Tom

On Nov 19, 2017 2:42 PM, "Manuel A. Fernandez Montecelo" <
manuel.montez...@gmail.com> wrote:

> Control: tags -1 + pending
>
>
> Hi,
>
> 2017-10-15 02:09 Manuel A. Fernandez Montecelo:
>
>> Hi,
>>
>> 2017-10-14 00:34 Helmut Grohne:
>>
>>> Source: hiredis
>>> Version: 0.13.3-2
>>> Tags: patch
>>> User: helm...@debian.org
>>> Usertags: rebootstrap
>>>
>>> hiredis fails to cross build from source, because it fails running tests
>>> that it shouldn't be running when DEB_BUILD_OPTIONS contains nocheck.
>>> After making it honour the nocheck option, hiredis cross builds
>>> successfully. Please consider applying the attached patch.
>>>
>>
>> I can offer to sponsor an upload or NMU, if it helps.
>>
>
> I am going to do a NMU with this change, uploaded to delayed/10.
>
> If you want me to cancel it please say so; if it's OK please tell me and
> I can re-schedule it to happen earlier.
>
> Since the package is under collab-maint, instead of attaching the diff I
> just pushed to the repo.
>
>
> Cheers.
> --
> Manuel A. Fernandez Montecelo 
>

Bug#882180: nmu:

[Laurent Bigonville]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hello,

Apparently pycairo upstream broke the ABI a while back and the package
with this breakage has been uploaded (by me) in unstable today. (See:
#878080)

I don't think that reverting the break is a good idea has it happened
upstream sometime ago and IMHO we should just go forward.

The number of package impacted is quite limited[0], some have already
been fixed by a sourceful upload to day, the remaining ones are:

nmu pygtk_2.24.0-5.1 . ANY . unstable . -m "Rebuild after pycairo ABI break"
dw pygtk_2.24.0-5.1 . ANY . -m 'python-cairo-dev (>= 1.15.4)'

nmu hippo-canvas_0.3.1-1.2 . ANY . unstable . -m "Rebuild after pycairo ABI 
break"
dw hippo-canvas_0.3.1-1.2 . ANY . -m 'python-cairo-dev (>= 1.15.4)'

nmu gnome-python-desktop_2.32.0+dfsg-4 . ANY . unstable . -m "Rebuild after 
pycairo ABI break"
dw gnome-python-desktop_2.32.0+dfsg-4 . ANY . -m 'python-cairo-dev (>= 1.15.4)'

nmu gcompris_15.10-1 . ANY . unstable . -m "Rebuild after pycairo ABI break"
dw gcompris_15.10-1 . ANY . -m 'python-cairo-dev (>= 1.15.4)'

nmu pygobject-2_2.28.6-13 . ANY . unstable . -m "Rebuild after pycairo ABI 
break"
dw pygobject-2_2.28.6-13 . ANY . -m 'python-cairo-dev (>= 1.15.4)'

Kind regards,

Laurent Bigonville

[0] https://codesearch.debian.net/search?q=Pycairo_IMPORT

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#880171: ITP: perse -- Permission settings GUI for udev devices

[Al Nikolov]

В Пн, 13/11/2017 в 17:16 +0200, Ville Ranki пишет:

> There are still some lintian warnings left. I can fix them as
> needed.

The source package uploaded to mentors at 2017-11-13 14:59 won't build
at all, see attached the build log. Did you test the build in a clean
Sid environment? You shall always do so before uploading. I reckon, the
packaging is very old, hence the issue, for instance the cdbs is
largely obsoleted by the recent debhelper, with I'd suggest you to
switch to.

And there's more things you need to improve (and certainly revisit the
Debian Policy in general):

* there must be Debian revision 1, see [1]

[1]https://www.debian.org/doc/debian-policy/#s-f-version

* copyright information is incorrect, see [2]

[2]https://www.debian.org/doc/debian-policy/#s-copyrightfile

* lintian messages with severity lesser than warnings are up to you but
binary-without-manpage (i.e. all errors and warnings) shall be fixed.

* the package is still native - the pristine tarball contains debian
directory.

perse_1.0.4_amd64.build
Description: Binary data


signature.asc
Description: This is a digitally signed message part

Bug#855834: patch for linux ptp

[Erez]

Hi,

Since moving to systemd, the ethernet interfaces were renamed, so 'eth0'
does not exist anymore.
I replace the 'eth0' with %I following the convention of systemd.
Adding a new ptp using the convention: systemctl enable ptp4l@

I did not handle the case where PTP runs on 2 interfaces and need a
different configuration,
But I guess, that can be tackled easily.

I was using a packet sniffer that monitor NIC hardware time stamp,
so I prevent the PTP daemon to downgrade the rx time stamp filter.

Erez
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+linuxptp (1.8-2) unstable; urgency=medium
+
+  * support multiple interfaces and skip predefined interface name
+  * use the RX filter patch
+
+ -- Erez Geva  Wed, 30 Aug 2017 15:55:47 +0200
+
 linuxptp (1.8-1) unstable; urgency=medium
 
   * New upstream version 1.8
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,6 @@
 #!/usr/bin/make -f
 
-DPKG_EXPORT_BUILDFLAGS = 1
+DPKG_EXPORT_BUILDFLAGS = 2
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
 include /usr/share/dpkg/default.mk
@@ -13,11 +13,11 @@ override_dh_auto_install:
 	dh_auto_install -- prefix=/usr mandir=/usr/share/man
 
 override_dh_systemd_start:
-	dh_systemd_start ptp4l.service
+	dh_systemd_start --no-start ptp4l.service
 	dh_systemd_start --no-start phc2sys.service
 	dh_systemd_start --no-start timemaster.service
 
 override_dh_systemd_enable:
-	dh_systemd_enable ptp4l.service
+	dh_systemd_enable --no-enable ptp4l.service
 	dh_systemd_enable --no-enable phc2sys.service
 	dh_systemd_enable --no-enable timemaster.service
--- a/debian/linuxptp.install
+++ b/debian/linuxptp.install
@@ -1,6 +1,6 @@
 #!/usr/bin/dh-exec
-debian/ptp4l.service /lib/systemd/system/
-debian/phc2sys.service /lib/systemd/system/
+debian/ptp4l.service => /lib/systemd/system/ptp4l@.service
+debian/phc2sys.service => /lib/systemd/system/phc2sys@.service
 debian/timemaster.service /lib/systemd/system/
 default.cfg => /etc/linuxptp/ptp4l.conf
 debian/timemaster.conf /etc/linuxptp/
--- a/debian/ptp4l.service
+++ b/debian/ptp4l.service
@@ -1,10 +1,13 @@
 [Unit]
 Description=Precision Time Protocol (PTP) service
 Documentation=man:ptp4l
+Wants=dev-pps0.device
+After=dev-pps0.device
+ConditionPathExists=/dev/pps0
 
 [Service]
 Type=simple
-ExecStart=/usr/sbin/ptp4l -f /etc/linuxptp/ptp4l.conf -i eth0
+ExecStart=/usr/sbin/ptp4l -f /etc/linuxptp/ptp4l.conf -i %I
 
 [Install]
 WantedBy=multi-user.target
--- a/debian/phc2sys.service
+++ b/debian/phc2sys.service
@@ -2,12 +2,12 @@
 Description=Synchronize system clock or PTP hardware clock (PHC)
 Documentation=man:phc2sys
 After=ntpdate.service
-Requires=ptp4l.service
-After=ptp4l.service
+Requires=ptp4l@%I.service
+After=ptp4l@%I.service
 
 [Service]
 Type=simple
-ExecStart=/usr/sbin/phc2sys -w -s eth0
+ExecStart=/usr/sbin/phc2sys -w -s %I
 
 [Install]
 WantedBy=multi-user.target
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -5,26 +5,20 @@
 
 2. Systemd services
 
-The service ptp4l invokes ptp4l on eth0 by default. To adjust the
-parameters, follow these steps:
+To activate the ptp4l service using the interface ifX,
+ invoke the following commands as root:
 
-1. create a directory /etc/systemd/system/ptp4l.service.d
+# systemctl enable ptp4l@ifX
+# systemctl start ptp4l@ifX
 
-2. place a file with its name ending in .conf there
+You can invoke as a separate service for each interface you have.
 
-3. put these lines into the file, with the parameters adjusted to your needs:
+The service phc2sys syncs the system clock with the PTP clock.
+It is not enabled and started by default.
+To activate this service using the interface ifX,
+ invoke the following commands as root:
 
-[Service]
-ExecStart=
-ExecStart=/usr/sbin/ptp4l -f /etc/linuxptp/ptp4l.conf -i eth0
-
-The service phc2sys syncs the system clock with the PTP clock. It is not
-enabled and started by default. To activate this service, invoke the
-following commands as root:
-
-$ systemctl enable phc2sys
-$ systemctl start phc2sys
-
-It also uses eth0 as the default and can be customized as described above.
+# systemctl enable phc2sys@ifX
+# systemctl start phc2sys@ifX
 
 The service timemaster also isn't enabled and started by default
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+rx_filter.patch
--- a/debian/patches/rx_filter.patch
+++ b/debian/patches/rx_filter.patch
@@ -0,0 +1,22 @@
+--- a/sk.c
 b/sk.c
+@@ -55,8 +55,18 @@ static int hwts_init(int fd, const char *device, int rx_filter, int one_step)
+ 	strncpy(ifreq.ifr_name, device, sizeof(ifreq.ifr_name) - 1);
+ 
+ 	ifreq.ifr_data = (void *) 
++
++	if (ioctl(fd, SIOCGHWTSTAMP, ) < 0)
++	{
++		pr_err("ioctl SIOCGHWTSTAMP failed: %m");
++		return -1;
++	}
++
+ 	cfg.tx_type= one_step ? HWTSTAMP_TX_ONESTEP_SYNC : HWTSTAMP_TX_ON;
+-	cfg.rx_filter  = rx_filter;
++	// Change rx filter only when needed
++	if (cfg.rx_filter != HWTSTAMP_FILTER_ALL &&
++	

Bug#882085: [cowsay] Package includes ASCII representation of Zoophilia

[Felicia Hummel]

> Explicit: the sheep is not part of the cowsay package - it is part of
> cowsay-off which is described as:
> >  This package contains cows which some may consider to be offensive.
> >  Please do not install this package if you or your users are easily
> > offended.
> Ok, it is a little bit tasteless - but no one is forced to install this
> package.

It's not about whether I find this package tasteless or offensive. It's
about a legal issue outlined in my initial bug report.

In fact, the package was installed since I have turned on install
suggests. If this was done on purpose or accident is not open for debate.

All the best
Felicia

Bug#882142: upgrade from 11.1-1 to 11.1-2 breaks audio support in Firefox

[Felipe Sateler]

On Sun, Nov 19, 2017 at 7:01 PM, Harald Dunkel  wrote:

> On Sun, 19 Nov 2017 17:26:16 -0300
> Felipe Sateler  wrote:
>
> > > Removing /etc/pulse/client.conf.d/00-disable-autospawn.conf reenabled
> > > pulse audio on the next reboot.
> > >
> > >
> > >
> > Weird. could you provide the output of the following (from a boot without
> > audio):
> >
> > systemctl --user status  pulseaudio.{socket,service}
> > journalctl --user-unit pulseaudio.socket
> > journalctl --user-unit pulseaudio.service
> >
>
> % systemctl --user status  pulseaudio.{socket,service}
> Failed to get properties: Process org.freedesktop.systemd1 exited with
> status 1
> % su
> Password:
> # systemctl --user status  pulseaudio.{socket,service}
> Failed to get properties: Connection reset by peer
> # journalctl --user-unit pulseaudio.socket
> -- Logs begin at Sun 2017-11-19 22:54:23 CET, end at Sun 2017-11-19
> 22:56:21 CET. --
> -- No entries --
> # journalctl --user-unit pulseaudio.service
> -- Logs begin at Sun 2017-11-19 22:54:23 CET, end at Sun 2017-11-19
> 22:56:21 CET. --
> -- No entries --
> #
>

OK. These indicate that the systemd user instances are not running. Do you
have libpam-systemd installed? If yes, could you post the output of

journalctl user@1000.service

(Assuming 1000 is the uid of your user.)


-- 

Saludos,
Felipe Sateler

Bug#880123: jessie-pu: package syslinux/3:6.03+dfsg-5+deb8u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 19:10 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2017-10-29 at 19:48 +0100, Lukas Schwaighofer wrote:
> > I hereby ask for permission to update the syslinux package in
> > jessie
> > as
> > well.  The update fixes a bug in the isolinux isohybrid MBR causing
> > boot
> > failures with some old BIOS [1].
> > 
> 
> Please go ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#882061: jessie-pu: package openssh/1:6.7p1-5+deb8u4

[Adam D. Barratt]

Control: tags -1 + pending

On Sun, 2017-11-19 at 10:48 +, Colin Watson wrote:
> On Sat, Nov 18, 2017 at 07:15:30PM +, Adam D. Barratt wrote:
> > On Sat, 2017-11-18 at 11:14 +, Colin Watson wrote:
> > > This is the jessie version of #865986.  The WinSCP change isn't
> > > applicable to jessie, but the fixes for #865770 and #873201 are.
> > 
> > I've assumed that KiBi will be happy with this, given his handling
> > of #865986, but CCing for completeness.
> > 
> > Please go ahead.
> 
> Uploaded, thanks.

Thanks. Flagged for acceptance.

Regards,

Adam

Bug#881306: jessie-pu: package python-tablib/0.9.11-2 CVE-2017-2810

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 19:13 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2017-11-10 at 00:02 +0100, Thomas Goirand wrote:
> > After fixing Stretch in release team bug #879702, here's the
> > request
> > for fixing Jessie, since Salvatore asks for it. Debdiff attached.
> > 
> 
> Please go ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#876019: jessie-pu: package libwpd/0.10.0-2+deb8u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 22:25 +0100, Rene Engelhard wrote:
> Hi,
> 
> On Sat, Nov 18, 2017 at 06:57:20PM +, Adam D. Barratt wrote:
> > On Sun, 2017-09-17 at 15:19 +0200, Rene Engelhard wrote:
> > > See http://bugs.debian.org/876001. CVE classified as no-dsa
> > > (minor
> > > issue).
> > > 
> > 
> > Please go ahead; sorry for the delay.
> 
> uploaded.
> 

Flagged for acceptance.

Regards,

Adam

Bug#873877: jessie-pu: package flightgear/3.0.0-5+deb8u3

[Adam D. Barratt]

Control: tags -1 + pending

On Sun, 2017-11-19 at 15:11 +0100, Markus Wanner wrote:
> On 11/18/2017 07:53 PM, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Thu, 2017-08-31 at 21:55 +0200, Markus Wanner wrote:
> > > here's an update for jessie, fixing #873439 (CVE-2017-13709).
> > > It's
> > > based on a patch and debdiff by Florent Rougon. The corresponding
> > > stretch-pu request is #873754.
> > > 
> > 
> > Please go ahead; sorry for not getting back to you sooner.
> 
> No problem.
> 
> I updated the timestamp and also added a "Closes: #873439" to the
> changelog. I hope that change is still acceptable.
> 
> The upload has been accepted into oldstable-proposed-updates.

Technically it had only been accepted into oldstable-new. I've just
flagged it for acceptance into opu.

Regards,

Adam

Bug#880630: jessie-pu: package liblouis/2.5.3-3

[Adam D. Barratt]

Control: tags -1 + pending

On Sun, 2017-11-19 at 14:29 +0100, Samuel Thibault wrote:
> Hello,
> 
> Adam D. Barratt, on sam. 18 nov. 2017 19:11:39 +, wrote:
> > Control: tags -1 + confirmed
> > 
> > On Fri, 2017-11-03 at 01:54 +0100, Samuel Thibault wrote:
> > > Bug#880621 reports that Jessie is affected by CVE-2014-8184.  I'm
> > > proposing to upload there the RedHat fix plus a fix for that fix
> > > (it
> > > didn't actually take care of issues in the strncpy call). Debdiff
> > > is
> > > attached.
> > 
> > Please go ahead.
> 
> This is now uploaded.

Flagged for acceptance into opu.

Regards,

Adam

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 18:37 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2017-09-09 at 13:49 +0200, Julien Cristau wrote:
> > Control: tag -1 - moreinfo
> > 
> > On Sat, Jan 28, 2017 at 15:10:24 +0100, Julien Cristau wrote:
> > 
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: jessie
> > > User: release.debian@packages.debian.org
> > > Usertags: pu
> > > 
> > 
> > New patch, now with less memory leak.  I've also attached the diff
> > from
> > the previous one.
> > 
> 
> Please go ahead.

Flagged for acceptance.

Regards,

Adam

Bug#876638: jessie-pu: package db/5.1.29-9+deb8u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 21:11 +0100, Salvatore Bonaccorso wrote:
> On Sat, Nov 18, 2017 at 06:59:11PM +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Sun, 2017-09-24 at 11:29 +0200, Salvatore Bonaccorso wrote:
> > > db (5.1.29-9+deb8u1) jessie; urgency=medium
> > > > 
> > > >  * Non-maintainer upload.
> > > >  * CVE-2017-10140: Reads DB_CONFIG from the current working
> > > > directory.
> > > >    Do not access DB_CONFIG when db_home is not set.
> > > > 
> > 
> > Please go ahead.
> 
> Uploaded!
> 

Flagged for acceptance; thanks.

Regards,

Adam

Bug#876630: jessie-pu: package db5.3/5.3.28-9+deb8u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 21:09 +0100, Salvatore Bonaccorso wrote:
> Hi Adam,
> 
> On Sat, Nov 18, 2017 at 06:58:28PM +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Sun, 2017-09-24 at 10:08 +0200, Salvatore Bonaccorso wrote:
> > > db5.3 (5.3.28-9+deb8u1) jessie; urgency=medium
> > > > 
> > > >  * Non-maintainer upload.
> > > >  * CVE-2017-10140: Reads DB_CONFIG from the current working
> > > > directory.
> > > >    Do not access DB_CONFIG when db_home is not set. (Closes:
> > > > #872436)
> > > > 
> > 
> > Please go ahead; sorry for the delay.
> 
> Absolutely no problem, uploaded!
> 

Flagged for acceptance.

Regards,

Adam

Bug#870669: libidn: Make source package bootstrappable

[Manuel A. Fernandez Montecelo]

Hello,

2017-11-04 23:09 Manuel A. Fernandez Montecelo:

Hi,

2017-09-13 14:19 Helmut Grohne:

retitle 870669 move gcj-jdk from Build-Depends to Build-Depends-Indep
tags 870669 + patch
severity 870669 normal
user helm...@debian.org
usertags 870669 + rebootstrap
thanks

On Thu, Aug 03, 2017 at 03:14:48PM -0700, Daniel Schepler wrote:

It would be nice if the Build-Depends on gcj-jdk could be moved to
Build-Depends-Indep.  (I did recently see notifications that gcj will
be going away in Debian soon.  But even if you switch over to using
default-jdk, that would still create a build dependency cycle since
openjdk-8 Build-Depends on libcups2-dev also.)


I second that. The gcj-jdk dependency also breaks cross compilation and
moving it to Build-Depends-Indep significantly simplifies debian/rules
as the attached patch demonstrates. In particular, it removes all those
different(!) architecture lists.


Since libidn is a very important package for bootstrapping, it would be
very nice to fix this.

The patch seems a net improvement to the package, even in the absence of
other benefits.

Would it be possible to include it in future uploads, or is there any
reason against including it, from the maintainers point of view?



Though I'd much rather see libidn go. Most rdeps but hesiod have moved
on to libidn2-0.


Since it's unlikely to happen very soon (from a comment by upstream in
this report), I think that it shouldn't stop this being applied.


I am preparing a NMU for this fix.

To the maintainers: if you don't want it applied please speak soon, so I
don't waste time on a fix that will be reverted :)


Cheers.
--
Manuel A. Fernandez Montecelo 

Bug#877420: stretch-pu: xml2/0.4-3.1+deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 17:48 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2017-10-02 at 00:01 +0800, Boyuan Yang wrote:
> > +xml2 (0.4-3.1+deb9u1) stretch; urgency=medium
> > +
> > +  * QA upload.
> > +  * Set maintainer to Debian QA Group.
> 
> Those are both generally irrelevant and unnecessary for updates in
> stable.

Specifically, no tooling looks at the content of the maintainer field
other than for packages in unstable/experimental, and many uploads to
stable are not made by the usual maintainer of the package.

> > +  * Backport patch to fix corruption when dealing with UTF-8
> > files.
> > +(Closes: #506805; Closes: #698072)
> > +  * Backport patch to fix usage string for 2csv tool.
> > +(Closes: #506788)
> 
> Please go ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#881900: stretch-pu: package libofx/1:0.9.10-2+deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sun, 2017-11-19 at 14:53 +0100, Dylan Aïssi wrote:
> Hi Adam,
> 
> 2017-11-18 19:31 GMT+01:00 Adam D. Barratt 
> :
> > 
> > Please go ahead.
> > 
> > Adam
> 
> Thanks, uploaded.

Flagged for acceptance.

Regards,

Adam

Bug#877503: stretch-pu: package mongodb/1:3.2.11-2

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 17:51 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2017-10-02 at 12:33 +0300, Apollon Oikonomopoulos wrote:
> >  - #876755: GCC 6 and later optimizes out some null pointer checks.
> > It 
> >    appears that this breaks the bundled version of spidermonkey
> > (38)
> > and 
> >    causes null pointer dereferences. This is fixed by disabling
> > the 
> >    relevant GCC optimizations for the spidermonkey build.
> > 
> >  - #871906: Since Stretch, our kernels have enabled 48-bit virtual 
> >    addressing on aarch64. MongoDB's embedded spidermonkey crashes
> > on 
> >    kernels with 48-bit VA support, as it assumes that all pointers
> > have 
> >    17 bits clear that can be used for tagging. This is fixed by 
> >    cherry-picking a patch from Mozilla upstream that uses manual 
> >    malloc(3) hints to make sure the malloc()'d regions comply with
> > this 
> >    requirement.
> > 
> >  - #864407: mongodb.service lacks an `After=network.target'
> > statement, 
> >    so startup will fail on system boot if mongodb is asked to bind
> > to
> > a 
> >    non-wildcard, non-localhost address.
> > 
> 
> Please go ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#879850: stretch-pu: package sqldeveloper-package/0.2.4+deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 17:56 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2017-10-26 at 14:40 +0100, Phil Morrell wrote:
> > I have prepared a re-upload of 0.2.4+nmu1 (upload done: 879070)
> > targeting stretch to fix RC bug #868673 which makes this packaging
> > wrapper unusable in stretch.
> 
> Please go ahead.
> 
> Regards,

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#879599: stretch-pu: package charmtimetracker/1.11.4-1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 17:54 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2017-11-05 at 15:35 +0100, Sandro Knauß wrote:
> > Control: tags -1 - moreinfo
> > > 
> > > You also introduced a new issue in the short description:
> > > 
> > > -Description: Cross-Platform Time Tracker
> > > +Description: a task based Time Tracker
> > > 
> > > The convention is that the description can finish the sentence
> > > "$package (is a|contains)".
> > 
> >  
> > > I note that #873917 isn't fixed in unstable currently. I realise
> > > it's a
> > > trivial change, but we should still ensure that such things are
> > > fixed
> > > in unstable, so as not to regress between releases.
> > 
> > Well because  #873917 is quite trivial i don't want to push a new
> > version with 
> > only this patch to unstable. I have nothing more to fix for
> > charmtimetracker 
> > at my list at the moment for unstable.
> 
> [...]
> > Should I rework the description for unstable and pu? And/or remove
> > it
> > from the 
> > pu? If you want me first to upload the fix to unstable, I'll do
> > this.
> > 
> 
> Feel free to upload, but the fix should land in unstable asap.

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#881415: stretch-pu: python2.7/2.7.13-2+deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sun, 2017-11-19 at 13:31 +0100, Kurt Roeckx wrote:
> On Sat, Nov 18, 2017 at 06:28:03PM +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Sat, 2017-11-11 at 14:36 +0100, Kurt Roeckx wrote:
> > > I would like to upload python2.7 to fix a problem that it can't
> > > talk to SSL/TLS sites that use an ECDSA certificate different
> > > than
> > > P256, like a P384 certificate.
> > > 
> > 
> > Please go ahead.
> 
> Uploaded.

Flagged for acceptance.

Regards,

Adam

Bug#878668: stretch-pu: package simutrans/120.1.3+repack-3

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-11-18 at 21:45 +0100, Markus Koschany wrote:
> Am 18.11.2017 um 18:52 schrieb Adam D. Barratt:
> > Control: tags -1 + confirmed
> > 
> > On Sun, 2017-10-15 at 17:30 +0200, Markus Koschany wrote:
> > > I would like to fix Debian bug #869029 [1] in Stretch. It is
> > > currently
> > > not possible to enable sound for simutrans which was not
> > > intended.
> > > 
> > 
> > Please go ahead.
> > 
> > Regards,
> > 
> > Adam
> 
> Uploaded. Thank you!

Flagged for acceptance into p-u.

Regards,

Adam

Bug#878474: hiredis FTCBFS: fails running tests despite DEB_BUILD_OPTIONS=nocheck

[Manuel A. Fernandez Montecelo]

Control: tags -1 + pending


Hi,

2017-10-15 02:09 Manuel A. Fernandez Montecelo:

Hi,

2017-10-14 00:34 Helmut Grohne:

Source: hiredis
Version: 0.13.3-2
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

hiredis fails to cross build from source, because it fails running tests
that it shouldn't be running when DEB_BUILD_OPTIONS contains nocheck.
After making it honour the nocheck option, hiredis cross builds
successfully. Please consider applying the attached patch.


I can offer to sponsor an upload or NMU, if it helps.


I am going to do a NMU with this change, uploaded to delayed/10.

If you want me to cancel it please say so; if it's OK please tell me and
I can re-schedule it to happen earlier.

Since the package is under collab-maint, instead of attaching the diff I
just pushed to the repo.


Cheers.
--
Manuel A. Fernandez Montecelo 

Bug#882156: firefox-esr: Upgrading firefox should somehow prompt users to restart running instances

[Mike Hommey]

On Mon, Nov 20, 2017 at 07:26:15AM +0900, Mike Hommey wrote:
> On Sun, Nov 19, 2017 at 11:14:32PM +0100, Axel Beckert wrote:
> > Yay, Popcorn!
> > 
> > Mike Hommey wrote:
> > > > Consider, for example, an unattended-upgrades process that 
> > > > installs security updates automatically.  Users may continue 
> > > > to run instances of old insecure versions for long periods 
> > > > with no indication that an upgrade has been installed.  
> > > > Generally, Debian will restart long-running system processes 
> > > > (i.e. daemons) in this sort of situation but not user processes.  
> > > > This is a particular issue for firefox because of its security 
> > > > characteristics.
> > > 
> > > That's not limited to firefox. That's also true of libreoffice, gnome,
> > > chromium, etc.
> > 
> > Nope. It's definitely not true for Chromium. (And not for the
> > Firefox-based Tor Browser either.) Chromium and Tor Browser both
> > notify their users as Phil wants it for Firefox. And as it had been
> > implemented (IMHO successfully) for Firefox years ago.
> > 
> > That feature though was removed again from the Debian package (and
> > IIRC never managed to land in stable) as it was said to "not work
> > properly". I though can't remember that I ever had issues with that
> > feature, really appreciated the feature and never understood why it
> > was removed again from Debian's Firefox.
> > 
> > So please reintroduce this feature again.
> > 
> > Upstream should really understand the need for such feature as they're
> > copying everything Chrome/Chromium does anyway. So why not copying
> > that feature, too? 
> 
> It's not because a few packages do it that the problem is not a general
> one in Debian.

Also, the chromium package doesn't have anything in postinst to do what
you claim it's doing, and doesn't seem to have files related to that in
the package, so if it does it, I don't know how it does. The mechanism
that iceweasel used in the past doesn't exist anymore.

Mike

Bug#882131: wrap-and-sort should not re-order across comments

[Mattia Rizzolo]

user devscri...@packages.debian.org
usertag 882131 wrap-and-sort
forcemerge 788998 882131

On Sun, Nov 19, 2017 at 02:36:36PM +0100, Julian Andres Klode wrote:
> In apt.maintscript, we remove two conffiles. For the second one, a comment
> is added, but wrap-and-sort helpfully moves the first one after that comment,
> completely confusing the file:

Yap, already reported.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#882177: busybox: unzip creates world-writable directories

[Christoph Biedl]

tags 882175 confirmed upstream
tags 882177 confirmed upstream
thanks

Jakub Wilk wrote...

> Adding forgotten attachment...

Thanks, was already able to reproduce without that one.

Christoph


signature.asc
Description: Digital signature

Bug#882179: jupyter-console: --kernel option ignored

[Sebastian Luque]

Package: jupyter-console
Version: 5.2.0-1
Severity: normal

Dear Maintainer,

Requesting a python2 kernel gives this:

------
$ jupyter console --kernel=python2
Jupyter console 5.2.0

Python 3.6.3 (default, Oct  3 2017, 21:16:13) 
Type "copyright", "credits" or "license" for more information.

IPython 5.5.0 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help  -> Python's own help system.
object?   -> Details about 'object', use 'object??' for extra details.



In [1]: 
------

python2 is certainly an available kernel (I believe from
python-ipykernel package):

$ jupyter kernelspec list
Available kernels:
  octave /usr/local/share/jupyter/kernels/octave
  python2/usr/local/share/jupyter/kernels/python2
  python3/usr/share/jupyter/kernels/python3


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages jupyter-console depends on:
ii  jupyter-core 4.3.0-1
ii  python3  3.6.3-2
ii  python3-jupyter-console  5.2.0-1

jupyter-console recommends no packages.

jupyter-console suggests no packages.

-- no debconf information


-- 
Sebastian Luque

Bug#882156: firefox-esr: Upgrading firefox should somehow prompt users to restart running instances

[Mike Hommey]

On Sun, Nov 19, 2017 at 11:14:32PM +0100, Axel Beckert wrote:
> Yay, Popcorn!
> 
> Mike Hommey wrote:
> > > Consider, for example, an unattended-upgrades process that 
> > > installs security updates automatically.  Users may continue 
> > > to run instances of old insecure versions for long periods 
> > > with no indication that an upgrade has been installed.  
> > > Generally, Debian will restart long-running system processes 
> > > (i.e. daemons) in this sort of situation but not user processes.  
> > > This is a particular issue for firefox because of its security 
> > > characteristics.
> > 
> > That's not limited to firefox. That's also true of libreoffice, gnome,
> > chromium, etc.
> 
> Nope. It's definitely not true for Chromium. (And not for the
> Firefox-based Tor Browser either.) Chromium and Tor Browser both
> notify their users as Phil wants it for Firefox. And as it had been
> implemented (IMHO successfully) for Firefox years ago.
> 
> That feature though was removed again from the Debian package (and
> IIRC never managed to land in stable) as it was said to "not work
> properly". I though can't remember that I ever had issues with that
> feature, really appreciated the feature and never understood why it
> was removed again from Debian's Firefox.
> 
> So please reintroduce this feature again.
> 
> Upstream should really understand the need for such feature as they're
> copying everything Chrome/Chromium does anyway. So why not copying
> that feature, too? 

It's not because a few packages do it that the problem is not a general
one in Debian.

Mike

Bug#882156: firefox-esr: Upgrading firefox should somehow prompt users to restart running instances

[Axel Beckert]

Yay, Popcorn!

Mike Hommey wrote:
> > Consider, for example, an unattended-upgrades process that 
> > installs security updates automatically.  Users may continue 
> > to run instances of old insecure versions for long periods 
> > with no indication that an upgrade has been installed.  
> > Generally, Debian will restart long-running system processes 
> > (i.e. daemons) in this sort of situation but not user processes.  
> > This is a particular issue for firefox because of its security 
> > characteristics.
> 
> That's not limited to firefox. That's also true of libreoffice, gnome,
> chromium, etc.

Nope. It's definitely not true for Chromium. (And not for the
Firefox-based Tor Browser either.) Chromium and Tor Browser both
notify their users as Phil wants it for Firefox. And as it had been
implemented (IMHO successfully) for Firefox years ago.

That feature though was removed again from the Debian package (and
IIRC never managed to land in stable) as it was said to "not work
properly". I though can't remember that I ever had issues with that
feature, really appreciated the feature and never understood why it
was removed again from Debian's Firefox.

So please reintroduce this feature again.

Upstream should really understand the need for such feature as they're
copying everything Chrome/Chromium does anyway. So why not copying
that feature, too? 

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#882178: sonic-visualiser ftbfs on arm64 and s390x (test failure)

[Matthias Klose]

Package: src:sonic-visualiser
Version: 3.0.3-1
Severity: serious
Tags: sid buster

PASS   : AudioFileReaderTest::read(mp3/32000-1.mp3 at 44100)
PASS   : AudioFileReaderTest::read(mp3/32000-1.mp3 at 44100 non-gapless)
PASS   : AudioFileReaderTest::read(mp3/32000-1.mp3 at 44100 normalised)
PASS   : AudioFileReaderTest::read(mp3/32000-1.mp3 at 44100 normalised 
non-gapless)
FAIL!  : AudioFileReaderTest::read(mp3/32000-1.mp3 at 48000) Compared values are
not the same
   Actual   (offset): -1
   Expected (0) : 0
   Loc: [o/../svcore/data/fileio/test/AudioFileReaderTest.h(379)]
PASS   : AudioFileReaderTest::read(mp3/32000-1.mp3 at 48000 non-gapless)
FAIL!  : AudioFileReaderTest::read(mp3/32000-1.mp3 at 48000 normalised) Compared
values are not the same
   Actual   (offset): -1
   Expected (0) : 0
   Loc: [o/../svcore/data/fileio/test/AudioFileReaderTest.h(379)]

Bug#882099: libnih1: Dependency from libc6<2.25 breaks dist-upgrade

[Emilio Pozuelo Monfort]

On 19/11/17 22:57, Axel Beckert wrote:
> Hi again,
> 
> Axel Beckert wrote:
>> Indeed. It still depends on libc6 < 2.25 despite being rebuilt against
>> libc6 2.25 according to
>> https://buildd.debian.org/status/package.php?p=libnih
> 
> Nope, the rebuilt against libc6 2.25 went wrong and was still against
> version 2.24, at least on amd64:
> https://buildd.debian.org/status/fetch.php?pkg=libnih=amd64=1.0.3-8%2Bb1=155842=0
> 
> And a local rebuilt in pbuilder (as of Git HEAD in the packaging repo)
> worked fine and shows the proper dependencies.
> 
> So for now, it just seems necessary to fix the binary rebuild
> (BinNMU).
> 
> And since the release team is tracking this at
> https://release.debian.org/transitions/html/glibc-2.25.html anyway, I
> expect them to notice that, too, very soon, or already have.
> Nevertheless, Cc'ing them to make sure they're aware of this bug
> report. As far as I can see, this bug can be closed when the fixed
> rebuild on amd64 hits unstable.

Yep, my bad. I (again) forgot to add --extra-depends to the binNMUs, as libc is
installed on the chroots and they don't get updated for each build. I'll fix
this, either by adding --extra-depends on libc-bin (as there are too many
different libc SONAMEs) or by waiting a few hours as the chroots will be updated
soon.

Cheers,
Emilio

Bug#879439: O: x11vnc -- VNC server to allow remote access to an existing X session

[Samuel Thibault]

Hello Fathi,

Just to make sure: do you plan to continue maintaining x11vnc?

I see you have made an upload last year, so apparently you are not
completely inactive on it?

If you plan to continue maintaining it, this O bug should be closed :)

Samuel

Bug#882177: busybox: unzip creates world-writable directories

[Jakub Wilk]

Package: busybox
Version: 1:1.27.2-1
Tags: security

When busybox's unzip creates a directory that is not shipped directly in 
the zip file, it makes the directory world-writable:


  $ zipinfo moo.zip
  Archive:  moo.zip
  Zip file size: 112 bytes, number of entries: 1
  -rw-r--r--  3.0 unx0 b- stor 17-Nov-19 22:51 moo/moo
  1 file, 0 bytes uncompressed, 0 bytes compressed:  0.0%

  $ busybox unzip moo.zip
  Archive:  moo.zip
inflating: moo/moo

  $ ls -ld moo
  drwxrwxrwx 2 jwilk users 4096 Nov 19 22:03 moo


-- System Information:
Architecture: i386

Versions of packages busybox depends on:
ii  libc6  2.25-1

--
Jakub Wilk

Bug#881908: trac-wikitablemacro: does not work with trac 1.2, needs upgrade

[Al Nikolov]

Control: forward -1 https://trac-hacks.org/ticket/13336#ticket
Control: tags -1 + confirmed

Thanks, Joachim, for reporting this one.

В Чт, 16/11/2017 в 12:05 +0100, Joachim Mairboeck пишет:
> Package: trac-wikitablemacro
> Version: 1:0.2-3
> Severity: important
> 
> Dear Maintainer,
> 
> The packaged version 0.2 of WikiTableMacro doesn't work with Trac
> 1.2, because it still uses the old Database API which was removed in
> Trac 1.2.
> See https://trac.edgewall.org/wiki/TracDev/ApiChanges/1.1#get_db_cnx
> 
> At least the changes from revision 14524 (using the new DB API) need
> to be incorporated into the package for it to work again.
> The current trunk version seems to work fine (as installed with
> easy_install).

I'd need to ask the upstream author (Ryan J Ollos et al) first about
his own willingness to keep maintaining the hack, as there's no sign of
new tagged releases for few years after 0.2. Seems that releasing rev
14524 with Trac 1.2 compatibility fixes would improve our situation.

If it's dead though, I'll not very happily remove tracking the upstream
releases from the debian packaging.

signature.asc
Description: This is a digitally signed message part

Bug#882142: upgrade from 11.1-1 to 11.1-2 breaks audio support in Firefox

[Harald Dunkel]

On Sun, 19 Nov 2017 17:26:16 -0300
Felipe Sateler  wrote:

> > Removing /etc/pulse/client.conf.d/00-disable-autospawn.conf reenabled
> > pulse audio on the next reboot.
> >
> >
> >  
> Weird. could you provide the output of the following (from a boot without
> audio):
> 
> systemctl --user status  pulseaudio.{socket,service}
> journalctl --user-unit pulseaudio.socket
> journalctl --user-unit pulseaudio.service
> 

% systemctl --user status  pulseaudio.{socket,service}
Failed to get properties: Process org.freedesktop.systemd1 exited with status 1
% su
Password: 
# systemctl --user status  pulseaudio.{socket,service}
Failed to get properties: Connection reset by peer
# journalctl --user-unit pulseaudio.socket
-- Logs begin at Sun 2017-11-19 22:54:23 CET, end at Sun 2017-11-19 22:56:21 
CET. --
-- No entries --
# journalctl --user-unit pulseaudio.service
-- Logs begin at Sun 2017-11-19 22:54:23 CET, end at Sun 2017-11-19 22:56:21 
CET. --
-- No entries --
# 


Regards
Harri

Bug#855887: Any news

[Félix Sipma]

On 2017-11-19 22:45+0100, Félix Sipma wrote:
> I uploaded the last version to mentors and to my repo. No need to open an RFS?

Forgot the link:
https://mentors.debian.net/debian/pool/main/t/todoman/todoman_3.2.4-1.dsc


signature.asc
Description: PGP signature

Bug#882099: libnih1: Dependency from libc6<2.25 breaks dist-upgrade

[Axel Beckert]

Hi again,

Axel Beckert wrote:
> Indeed. It still depends on libc6 < 2.25 despite being rebuilt against
> libc6 2.25 according to
> https://buildd.debian.org/status/package.php?p=libnih

Nope, the rebuilt against libc6 2.25 went wrong and was still against
version 2.24, at least on amd64:
https://buildd.debian.org/status/fetch.php?pkg=libnih=amd64=1.0.3-8%2Bb1=155842=0

And a local rebuilt in pbuilder (as of Git HEAD in the packaging repo)
worked fine and shows the proper dependencies.

So for now, it just seems necessary to fix the binary rebuild
(BinNMU).

And since the release team is tracking this at
https://release.debian.org/transitions/html/glibc-2.25.html anyway, I
expect them to notice that, too, very soon, or already have.
Nevertheless, Cc'ing them to make sure they're aware of this bug
report. As far as I can see, this bug can be closed when the fixed
rebuild on amd64 hits unstable.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#855887: Any news

[Félix Sipma]

On 2017-11-19 22:45+0100, Félix Sipma wrote:
> On 2017-11-19 22:45+0100, Félix Sipma wrote:
>> I uploaded the last version to mentors and to my repo. No need to open an 
>> RFS?
> 
> Forgot the link:
> https://mentors.debian.net/debian/pool/main/t/todoman/todoman_3.2.4-1.dsc

I just updated a new version which fixes a typo.


signature.asc
Description: PGP signature

Bug#855887: Any news

[Félix Sipma]

On 2017-11-19 15:13+, Jelmer Vernooij wrote:
> That's great to hear. I'm more than happy to sponsor :)
> 
> The package looks okay to me.

Great!

> How does todoman use JavaScript? are the suggests for that just for sphinx?

Right... They are just for sphinx.

I uploaded the last version to mentors and to my repo. No need to open an RFS?


signature.asc
Description: PGP signature

Bug#882099: libnih1: Dependency from libc6<2.25 breaks dist-upgrade

[Axel Beckert]

Hi,

manul wrote:
> Apt dist-upgrade wants to delete the following packages:
>   cgmanager kde-plasma-desktop kdeconnect libcgmanager0 libnih-dbus1 libnih1 
> libpam-systemd libvirt-daemon-system plasma-desktop plasma-widgets-addons 
> plasma-workspace policykit-1 polkit-kde-1
>   polkit-kde-agent-1 systemd-shim sysvinit-core udisks2
> 
> 
> Seems the culprit is in libnih1 package:

Indeed. It still depends on libc6 < 2.25 despite being rebuilt against
libc6 2.25 according to
https://buildd.debian.org/status/package.php?p=libnih

Will have a look at it.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#877195: the patches

[Adam D. Barratt]

[apparently this ended up sat in my drafts for a while]

On Sun, 2017-10-01 at 23:49 +1100, Russell Coker wrote:
> On Friday, 29 September 2017 4:39:15 PM AEDT Adam D. Barratt wrote:
> > On Sat, 2017-09-30 at 01:08 +1000, Russell Coker wrote:
> > > I've attached the patches.  These all come from the package
> > > currently
> > > in 
> > > Testing.
> > 
> > Thanks, but we don't review individual patches (at least, we don't
> > ack/nack uploads based on looking at individual patches).
> 
> https://www.debian.org/doc/manuals/developers-reference/pkgs.html
> 
> Section 5.5.1 of the above seemed to indicate that I should do it
> that way.  
> Did I misunderstand it or does the documentation need improving?

Some combination. :-)

You used reportbug to file the report - did it not ask for a debdiff?

> > If you'd like an ack for an upload to stable, we'd need to see a
> > full
> > source debdiff for a package that's been built and tested on
> > stable.
> 
> I've attached such a debdiff.  NB It has one thing that is not
> required (but 
> is still handy) that is a build-conflicts against too-new versions of
> the SE 
> Linux tools.  This prevents anyone from accidentally building it on
> Testing or 
> Unstable (which will be unusable).  Obviously the package will work
> OK without 
> such a build-conflict, unless you build it with the wrong packages
> installed.

Technically, it's version-constrained build-dependencies, rather than a
build-conflict.

In any case, the diff you supplied has:

+refpolicy (2:2.20161023.1-10) unstable; urgency=medium

which obviously isn't what you're proposing using for an upload to
stable. I realise I said "a package", but the implication was that it
be a package that you could simply upload "as-is" if the diff was OKed.

Regards,

Adam

Bug#882176: libgsm1-dev: installs internal, non-public header files

[Diego Biurrun]

Package: libgsm1-dev
Version: 1.0.13-4+b2
Severity: important
Tags: patch

Hello!

The -dev Debian package for libgsm installs all of the header files
contained in the libgsm upstream sources instead of only installing
the gsm.h public header file. I'm including a patch to fix this.
It's untested because I don't have package building infrastructure
easily available on this machine.

Furthermore Debian renames a libgsm internal header, config.h, to
gsm_config.h in 03_config.patch of the quilt patch series. This is
probably a workaround for issues introduced by wrongly installing
that header. I'm attaching another patch to drop 03_config.h.

best regards, Diego
Only in debian.orig/patches: 03_config.patch
diff -ur debian.orig/rules debian.fixed/rules
--- debian.orig/rules   2012-04-12 18:10:27.0 +0200
+++ debian.fixed/rules  2017-11-19 21:22:16.586583755 +0100
@@ -34,9 +34,8 @@
dh_testroot
dh_installdirs
mkdir -p debian/tmp/usr/lib debian/tmp/usr/bin 
debian/libgsm1-dev/usr/lib/$(DEB_HOST_MULTIARCH) 
debian/libgsm1/usr/lib/$(DEB_HOST_MULTIARCH)
-   $(MAKE) $(CROSS) INSTALL_ROOT=debian/tmp/usr 
GSM_INSTALL_INC=debian/libgsm1-dev/usr/include/gsm 
GSM_INSTALL_MAN=debian/libgsm1-dev/usr/share/man/man3 
TOAST_INSTALL_MAN=debian/libgsm-tools/usr/share/man/man1 install
-   ln -s gsm/gsm.h debian/libgsm1-dev/usr/include/gsm.h
-   cp inc/*.h debian/libgsm1-dev/usr/include/gsm
+   $(MAKE) $(CROSS) INSTALL_ROOT=debian/tmp/usr 
GSM_INSTALL_INC=debian/libgsm1-dev/usr/include 
GSM_INSTALL_MAN=debian/libgsm1-dev/usr/share/man/man3 
TOAST_INSTALL_MAN=debian/libgsm-tools/usr/share/man/man1 install
+   ln -s ../gsm.h debian/libgsm1-dev/usr/include/gsm/gsm.h
mv lib/*so debian/libgsm1-dev/usr/lib/$(DEB_HOST_MULTIARCH)
mv lib/*a debian/libgsm1-dev/usr/lib/$(DEB_HOST_MULTIARCH)
mv lib/*so.* debian/libgsm1/usr/lib/$(DEB_HOST_MULTIARCH)
diff -ur debian.orig/patches/04_includes.patch 
debian.fixed/patches/04_includes.patch
--- debian.orig/patches/04_includes.patch   2012-04-12 17:22:53.0 
+0200
+++ debian.fixed/patches/04_includes.patch  2017-11-19 22:26:39.379002210 
+0100
@@ -37,7 +37,7 @@
 --- a/src/code.c
 +++ b/src/code.c
 @@ -9,8 +9,8 @@
- #include  "gsm_config.h"
+ #include  "config.h"
  
  
 -#ifdefHAS_STDLIB_H
diff -ur debian.orig/patches/series debian.fixed/patches/series
--- debian.orig/patches/series  2012-04-12 17:22:53.0 +0200
+++ debian.fixed/patches/series 2017-11-19 21:40:20.233591925 +0100
@@ -1,6 +1,5 @@
 01_makefile.patch
 02_cplusplus.patch
-03_config.patch
 04_includes.patch
 05_compiler_warnings.patch
 06_fix_manpages.patch

Bug#877195: the patches

[Russell Coker]

I sent such a debdiff almost 2 months ago. Is it ok?

On 30 September 2017 1:39:15 am AEST, "Adam D. Barratt" 
 wrote:
>On Sat, 2017-09-30 at 01:08 +1000, Russell Coker wrote:
>> I've attached the patches.  These all come from the package currently
>> in 
>> Testing.
>> 
>Thanks, but we don't review individual patches (at least, we don't
>ack/nack uploads based on looking at individual patches).
>
>If you'd like an ack for an upload to stable, we'd need to see a full
>source debdiff for a package that's been built and tested on stable.
>
>Regards,
>
>Adam

-- 
Sent from my Huawei Mate 9 with K-9 Mail.

Bug#882175: busybox: out-of-bounds read in get_header_ar()

[Jakub Wilk]

Package: busybox
Version: 1:1.27.2-1

Apparently an out-of-bounds read can happen when unpacking ar archives:

  $ valgrind -q -- busybox ar p oob.ar > /dev/null
  ==2180== Invalid read of size 1
  ==2180==at 0x4831403: __GI_strlen (in 
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
  ==2180==by 0x48B9F5A: strdup (strdup.c:41)
  ==2180==by 0x1108BC: xstrdup (xfuncs_printf.c:81)
  ==2180==by 0x15C560: get_header_ar (get_header_ar.c:116)
  ==2180==by 0x15C26F: unpack_ar_archive (unpack_ar_archive.c:20)
  ==2180==by 0x14D956: ar_main (ar.c:291)
  ==2180==by 0x10F788: run_applet_no_and_exit (appletlib.c:916)
  ==2180==by 0x10FA50: run_applet_and_exit (appletlib.c:934)
  ==2180==by 0x10FA38: busybox_main (appletlib.c:875)
  ==2180==by 0x10FA38: run_applet_and_exit (appletlib.c:927)
  ==2180==by 0x10FADC: main (appletlib.c:1032)
  ==2180==  Address 0x4a0715c is 0 bytes after a block of size 4 alloc'd
  ==2180==at 0x482E2BC: malloc (in 
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
  ==2180==by 0x110847: xmalloc (xfuncs_printf.c:47)
  ==2180==by 0x15C4A0: get_header_ar (get_header_ar.c:86)
  ==2180==by 0x15C26F: unpack_ar_archive (unpack_ar_archive.c:20)
  ==2180==by 0x14D956: ar_main (ar.c:291)
  ==2180==by 0x10F788: run_applet_no_and_exit (appletlib.c:916)
  ==2180==by 0x10FA50: run_applet_and_exit (appletlib.c:934)
  ==2180==by 0x10FA38: busybox_main (appletlib.c:875)
  ==2180==by 0x10FA38: run_applet_and_exit (appletlib.c:927)
  ==2180==by 0x10FADC: main (appletlib.c:1032)
  ...

Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/


-- System Information:
Architecture: i386

Versions of packages busybox depends on:
ii  libc6  2.25-1

--
Jakub Wilk


oob.ar
Description: Binary data

Bug#882170: python-cryptography: missing dependency on python-cffi

[Tristan Seligmann]

Control: retitle -1 python-cryptography: extraneous setuptools dependency
on cffi
Control: tags -1 + pending

Argh! This is caused by an incomplete fix for #882011 of course.

On Sun, 19 Nov 2017 at 22:45 Adrian Bunk  wrote:

> pkg_resources.DistributionNotFound: The 'cffi>=1.7' distribution was not
> found and is required by cryptography
>

This problem is actually backwards from what it seems; python-cffi has a
pydist file that translates into a dependency on python-cffi-backend only
as python-cffi is not needed at runtime, and translated dependencies are
removed from requires.txt by dh_python2. However, since dh_python2 doesn't
understand the environment marker in the dependency, we are passing
--depends=cffi manually to take care of the dependency; unfortunately the
entry in requires.txt is thus not removed, so setuptools/pkg_resources
think that cffi needs to be available.

Stripping out the untranslated distributions from requires.txt ourselves
should fix this, I'll upload this fix once I've done a little more testing.

Bug#878809: closed by Jaromír Mikeš <mira.mi...@seznam.cz> (Bug#878809: fixed in sox 14.4.2-1)

[Jaromír Mikeš]

2017-11-19 21:11 GMT+01:00 Salvatore Bonaccorso :

> Control: reopen -1
> Control: found -1 14.4.1-5
> Control: found -1 14.4.2-1
> Control: tags -1 + moreinfo
>
> Hi Jaromir,
>
> Are you sure #878809 is yet fixed?
>
> With the patches applied on top of 14.4.2 we see still that sox aborts
> with:
>
> $ ./sox-14.4.2/src/sox 03-abort out.wav
> sox: formats.c:227: sox_append_comment: Assertion `comment' failed.
> Aborted
>
> So the assertion is still reachable, so at least
> 0005-CVE-2017-15371.patch did not solve the problem?
>
> What am I missing here? Note, I'm just reopening the bug as
> safetymeasure to double-check. If I turn to be wrong (likely) we can
> reclose it, but I wanted to be sure.
>

​Hi Salvatore,

can you provide some more details please. Upstream developers claims that
issue should be solved
by 0005-CVE-2017-15371.patch

best regards

mira

Bug#881127: transition: xerces-c

[Emilio Pozuelo Monfort]

On 19/11/17 22:04, Ferenc Wágner wrote:
> On Wed, 15 Nov 2017 20:08:28 + Bill Blough  wrote:
> 
>> The package has been uploaded to unstable [...]
> 
> Dear Release Team,
> 
> xmltooling, opensaml2 and shibboleth-sp2 must be rebuilt again in this
> order to correctly pick up the new xerces library.
> 
> Meanwhile I'd like to upload their latest upstream releases, which fix
> serious security issues in the latter two (#881856 and #881857).  Shall
> I wait for this transition to complete before the uploads?

No need to wait in this case. Please go ahead.

Emilio

Bug#882174: gcc-7: Raising the armel port baseline to armv5te

[John Paul Adrian Glaubitz]

On 11/19/2017 10:06 PM, Adrian Bunk wrote:
> As announced in https://lists.debian.org/debian-arm/2017/11/msg00045.html
> this patch raises the armel baseline for buster from armv4t to armv5te.

And I still disagree with this change and don't see any gain with it.

armel is a legacy architecture and people using it don't expect it to
break anymore. Why do you forcefully want to break things?

If people want something better than armel, they will just buy recent ARM
hardware and upgrade to armhf which provides much more hardware power
and capabilities (OpenJDK Hotspot, Rust and so on).

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#363502: closed by Debian FTP Masters <ftpmas...@ftp-master.debian.org> (Bug#877240: Removed package(s) from unstable)

[Reuben Thomas]

On 19 November 2017 at 20:46, Vincent Lefevre  wrote:

> BTW, since readline6 has been replaced by readline7: I have not tried
> readline7. If it has the same problem, then I suppose that this bug
> should be reopened and reassigned to readline7.
>

​My notes suggested that this bug was fixed in readline6, but I just tried
it and it's still present, so yes, you're right.​

​One of the other bindings I have is for "\C-w", which turns out (I had not
realised) to be one of the combinations that, bizarrely, one can bind to a
macro but not a command. Sigh…I've added this to the top of my todo list
(not that that means it'll get looked at soon, though!)

-- 
https://rrt.sc3d.org