Bug#924291: closed by Markus Koschany (Bug#924291: fixed in netrek-client-cow 3.3.1-2)

2019-03-23 Thread Helmut Grohne 
Control: reopen -1

On Thu, Mar 21, 2019 at 12:54:04AM +, Debian Bug Tracking System wrote:
>* Fix possible infinite loop. (Closes: #924291)

Thank you for the timely fix. Unfortunately, it doesn't work as the
variables are improperly escaped. The build continues to loop.

The patch has:

+   attempts=32; until ./mkkey $(KEYFILE) "Client Of Win" $(DESC) $(MAKER) 
$(COMMENT) "inl,standard2"; do attempts=$(attempts - 1); test $(attempts) -le 0 
&& exit 1; sleep 1; done

It tries to interpolate make variables named "attempts - 1" and
"attempts". Those are empty so the test expression always fails. With
proper escaping it looks like this:

+   attempts=32; until ./mkkey $(KEYFILE) "Client Of Win" $(DESC) $(MAKER) 
$(COMMENT) "inl,standard2"; do attempts=$$((attempts - 1)); test $$(attempts) 
-le 0 && exit 1; sleep 1; done

The double $ is unescaped by make to a single $ and the double braces
are required to perform arithmetic in shell.

Helmut

Bug#925028: unblock: dwww/1.13.4+nmu1

2019-03-23 Thread Osamu Aoki 
On Sat, Mar 23, 2019 at 09:29:44PM +, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
> 
> On Tue, Mar 19, 2019 at 11:00:33PM +0900, Osamu Aoki wrote:
> > diff -Nru dwww-1.13.4/debian/control dwww-1.13.4+nmu1/debian/control
> > --- dwww-1.13.4/debian/control  2017-06-21 05:13:20.0 +0900
> > +++ dwww-1.13.4+nmu1/debian/control 2019-03-16 18:31:19.0 +0900
> > @@ -5,8 +5,8 @@
> >  Build-Depends: debhelper (>= 10), dh-apache2, lsb-release, publib-dev
> >  Build-Conflicts: apache2-dev (<< 2.4.4-6~)
> >  Standards-Version: 4.0.0
> > -Vcs-Git: https://anonscm.debian.org/git/users/robert/dwww.git
> > -Vcs-Browser: https://anonscm.debian.org/cgit/users/robert/dwww.git
> > +Vcs-Git: https://salsa.debian.org/debian/dwww.git
> > +Vcs-Browser: https://salsa.debian.org/debian/dwww
> >  
> >  Package: dwww
> >  Architecture: any
> > @@ -23,10 +23,26 @@
> >   ${perl:Depends},
> >   ${shlibs:Depends}
> >  Breaks: apache2 (<< 2.4.4-6~)
> > -Recommends: apt, dlocate (>= 0.5-0.1), info2www, swish++, 
> > ${misc:Recommends}
> > -Suggests: doc-debian, dpkg-www, links | www-browser
> > +Recommends: apt,
> > +dlocate (>= 0.5-0.1),
> > +doc-debian,
> > +dpkg-www,
> > +info2www,
> > +links | www-browser,
> > +swish++,
> > +${misc:Recommends}
> 
> This promotion of packages from Suggests to Recommends is not mentioned in
> the changelog. What is its purpose?

dwww in old setting with older apache used to publish web page to
non-local machine.  So browser was not needed.  Now for security
concern, we limit to local as default. 

links | www-browser
 * this is very much intended
 * user has to manually enable apache CGI module.
 * The default access is limited to local
 * So having browser is a almost must

--> Valid objection: Why links 
 Why not firefox-esr:
 true but tried to be minimal change

dpkg-www
 * dpkg-www recommends dwww
 * CGI script is the same situation: require local
 * not much loss of resource and help user via local web which is
   accessed via clicking desktop icon.

--> Valid objection: Yah but ...: true

doc-debian
  * Nice to have as a part of links
  * not much loss of resource and help user via local web to know
what Debian is

--> Valid objection: Yah but ...: true

Osamu

Bug#925385: /usr/bin/mysql: Poor MariaDB performance

2019-03-23 Thread Jeffrey Walton 
In case it matters, here are the repos being used for the Tinkerboard.

$ cat /etc/apt/sources.list
deb http://http.debian.net/debian/ stretch main contrib non-free
deb-src http://http.debian.net/debian/ stretch main contrib non-free
deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free
deb http://http.debian.net/debian/ stretch-updates main contrib non-free
deb-src http://http.debian.net/debian/ stretch-updates main contrib non-free
deb http://tprd.asus.com:8000 stretch main contrib non-free
deb-src http://tprd.asus.com:8000 stretch main contrib non-free

Bug#925385: /usr/bin/mysql: Poor MariaDB performance

2019-03-23 Thread Jeffrey Walton 
Package: mariadb-client-core-10.1
Version: 10.1.37-0+deb9u1
Severity: important
File: /usr/bin/mysql

Dear Maintainer,

I am working on a Tinkerboard 
(https://www.asus.com/us/Single-Board-Computer/Tinker-Board/), which is an ARM 
dev-board. The board has a Cortex-A17 1.4 GHz cpu, 2 GB RAM, and 16 GB SDcard. 
The board runs Debian 9.8.

I have a program that tries to use MySQL, but MySQL/MariaDB is mostly unusable 
on this board due to poor performance.

I installed the following packages (and recommends) and ran 
mysql_secure_installation. Everything else is a Debian default.

* mysql-server
* mysql-client
* mysql-utilities
* libmariadbd-dev

The test program/SQL below attempts to create two small tables and two users. 
It takes 13 seconds to complete. I've read about the changes Debian made to 
MySQL at 
https://mariadb.com/kb/en/library/moving-from-mysql-to-mariadb-in-debian-9/, 
but I don't know what is causing this problem. This is not my area of expertise.

The smae program and SQL runs fine on Fedora 29 and dev-boards. Performance is 
about where one expects, give or take.

The command to setup the test database is:

# Password set using mysql_secure_installation
$ time mysql -uroot -p < testdb.sql

real0m12.799s
user0m0.040s
sys 0m0.000s

The contents of testdb.sql are:

DROP DATABASE IF EXISTS testdb;
CREATE DATABASE IF NOT EXISTS testdb;
USE testdb;

#

CREATE TABLE IF NOT EXISTS name_number
(
`nn_id` INT PRIMARY KEY AUTO_INCREMENT,
`nn_name` VARCHAR(64) CHARACTER SET utf8,
`nn_number` VARCHAR(18) CHARACTER SET utf8
);

CREATE INDEX IF NOT EXISTS number_index ON name_number(nn_number);

#

CREATE TABLE IF NOT EXISTS whitelist
(
`list_id` INT PRIMARY KEY AUTO_INCREMENT,
`nn_id` INT NOT NULL,
`list_date` DATETIME,
FOREIGN KEY fk1_id (nn_id)
REFERENCES name_number(nn_id)
);

#

CREATE TABLE IF NOT EXISTS blacklist
(
`list_id` INT PRIMARY KEY AUTO_INCREMENT,
`nn_id` INT NOT NULL,
`list_date` DATETIME,
FOREIGN KEY fk2_id (nn_id)
REFERENCES name_number(nn_id)
);

#

CREATE USER IF NOT EXISTS 'testdb_admin'@'localhost' IDENTIFIED BY 
'';
CREATE USER IF NOT EXISTS 'testdb_admin'@'%' IDENTIFIED BY 
'';

CREATE USER IF NOT EXISTS 'testdb_user'@'localhost' IDENTIFIED BY 
'';
CREATE USER IF NOT EXISTS 'testdb_user'@'%' IDENTIFIED BY 
'';

GRANT ALL PRIVILEGES ON testdb.* TO 'testdb_admin'@'localhost';
GRANT ALL PRIVILEGES ON testdb.* TO 'testdb_admin'@'%';

GRANT SELECT,INSERT,UPDATE,DELETE ON testdb.* TO 'testdb_user'@'localhost';
GRANT SELECT,INSERT,UPDATE,DELETE ON testdb.* TO 'testdb_user'@'%';

-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 4.4.132+ (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mariadb-client-core-10.1 depends on:
ii  libaio1 0.3.110-3
ii  libc6   2.24-11+deb9u4
ii  libncurses5 6.0+20161126-1+deb9u2
ii  libreadline55.2+dfsg-3+b1
ii  libstdc++6  6.3.0-18+deb9u1
ii  libtinfo5   6.0+20161126-1+deb9u2
ii  mariadb-common  10.1.37-0+deb9u1
ii  zlib1g  1:1.2.8.dfsg-5

mariadb-client-core-10.1 recommends no packages.

mariadb-client-core-10.1 suggests no packages.

-- no debconf information

Bug#925384: pkgconf 1.6.1 release

2019-03-23 Thread William Pitcock 
Package: pkgconf
Version: 1.6.0-1
Severity: wishlist

Hello,

Just letting you know that I have tagged and released pkgconf 1.6.1.
Please drop by #pkgconf at freenode if you have any questions about
the release.

The relevant changelog is below.

==
Changes from 1.6.0 to 1.6.1:


* Bug fixes:
  - Fixed an issue where a personality may not be properly selected
due to argv[0] containing a full path.
  - Fixed a regression where having an empty PKG_CONFIG_LIBDIR
environment variable would not eliminate the default search
paths.
  - Use POSIX realpath(3) instead of readlink() for deduplicating the
search path.  Use _fullpath() on Windows for the same purpose.
  - The dequoting logic for tuples has been improved to ensure that
quotes *inside* a value remain quoted when necessary.
==

William

Bug#892999: pkgconf multiarch support

2019-03-23 Thread William Pitcock 
Hello,

I just wanted to write that pkgconf 1.5 and later do support
cross-toolchains.  The procedure for this is described in
pkgconf-personality(5) and should be easily adaptable for Debian's
needs, as Fedora is using the personality support for the same
purpose.

The upcoming pkgconf 1.6.1 release fixes some edge cases with this as
well, so please consider removing wontfix tag :)

William

Bug#847531: Bug #847531: Update for new programming language sections

2019-03-23 Thread Guillem Jover 
Hi!

On Wed, 2018-04-25 at 14:05:12 +0200, Laura Arjona Reina wrote:
> Guillem, I didn't commit your patch for 2 reasons:
> 
> * The debian/changelog file in https://salsa.debian.org/l10n-team/dl10n/ has
> evolved since you sent your patch (as well as the dl10n codebase) and I'm not
> sure how to integrate well all those changes. I'm not familiarised with
> packaging rules either and have no permissions to do uploads. I'm 
> fundamentally
> trying to get the l10n cron jobs to update the info in i18n.debian.org, and
> those jobs use git master https://salsa.debian.org/l10n-team/dl10n , not the
> package.

I rebased and opened it as a MR at
.

> * I see that the bug #847520 "ftp.debian.org: please add new "golang" section 
> to
> the archive" is still open. I am not sure if we should close this dl10n bug
> first, in order to get #847520 closed (and thus "golang" appear as an official
> section of the archive) or it's the opposite way (we should wait for #847520 
> to
> be closed, and after that, integrate golang in the dl10n section lists). Can 
> you
> clarify this?

I think in a way it might be waiting for the major blockers to be
fixed before being deployed, so it would be nice to get this in, yes.

Thanks,
Guillem

Bug#925383: unblock: shorewall/5.2.3.2-1

2019-03-23 Thread Roberto C. Sanchez 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Shorewall upstream released version 5.2.3.2 a few days ago.  While this
unblock request is for 6 packages, only shorewall contains any
functional changes.  The other five packages contain only a version
increment and release notes entry.

Here is the explanation of the upstream change:

5.2.3.2

1)  Shorewall 5.2 automatically converts and existing 'masq' file to an
equivalent 'snat' file. Regrettably, Shorewall 5.2.3 broke that
automatic update, such that the following error message was issued:

   Use of uninitialized value $Shorewall::Nat::raw::currentline in
   pattern match (m//) at /usr/share/shorewall/Shorewall/Nat.pm
   line 511, <$currentfile> line nnn.

and the generted 'masq' file contains only initial comments.

That has been corrected.

I have attached debdiffs for all 6 packages.

Given the small scope and size of the fix and that the Shorewall
upstream project is undergoing some changes that most likely make this
the last release for quite some time, I would very much like to see this
make it into Buster.

Regards,

- -Roberto

unblock shorewall/5.2.3.2-1
unblock shorewall6/5.2.3.2-1
unblock shorewall-lite/5.2.3.2-1
unblock shorewall6-lite/5.2.3.2-1
unblock shorewall-core/5.2.3.2-1
unblock shorewall-init/5.2.3.2-1

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlyW5u0ACgkQLNd4Xt2n
sg+C4w/9FvQBTnKgjT3o+jNamHNw5fTofLCM0x+7uVSWzI4v9YjwJnBBjhGSvd/7
t8NsOLTj6bjplylRiiOrvqUAgfl3p8LxkSNYHtxZdgUhU8kKcTHYmWOgOtHDrp/+
2wB2YSGTjkMl6QzsvK9e/P35xZ7Sd/iQlEU9miwmYWlT5b3l18M5ekZRZmroM8VU
Wn8yhfJzWBZs1MKcaV58rtVM3yl/ZfwhtjFIIvWVqc94w20POFTZR7FkEMTxd5NQ
9C+bzrZS13+QP6wYs7XLekFDtNGGn9s5PK/k67syuT7q6YdjRfhyHKMxHM/hsY22
ppGUd1qqcRspxOod/EPI5AqE4BUmUpVkfF3I2OmbWPFgK+UNrkYd3NIzdkBn1ahW
T2LrSPJPYvmN3/bo+tSP1U1m0Hh5+g0XDllTNBExQZq7JiAgoHPKVdgmUzihEl6c
71ao9kS/FzpuwwciFcg/TrTEFFJdm1VLBMviNatZhMTttkD8Fmrot2SBtpVGvOkg
ddiEHzpR7Ba95hrBOI3Jyu7Z8Ff3iF2hrd31IrMCjYKiJmXCisPHyUeJReKo6pIB
kj4Qm8STO6rwc2hm4/nKHrrbP3pMo9nRaY8Kumqo7Qc/hv1/90WhMJdPdd75kg/s
SaQjkiyfe/egZihShkJYsZNhRXfSSTsPSkgp7csN1kDzJiYZva4=
=SmkF
-END PGP SIGNATURE-
diff --git a/Perl/Shorewall/Config.pm b/Perl/Shorewall/Config.pm
index bb68bb3d..ba800020 100644
--- a/Perl/Shorewall/Config.pm
+++ b/Perl/Shorewall/Config.pm
@@ -684,7 +684,6 @@ our $shorewall_dir;  # Shorewall Directory; if 
non-empty, search here fi
 
 our $debug;  # Global debugging flag
 our $confess;# If true, use Carp to report errors with stack 
trace.
-our $update; # True if this is an update
 
 our $family; # Protocol family (4 or 6)
 our $export; # True when compiling for export
@@ -851,7 +850,7 @@ sub initialize( $;$$$) {
TC_SCRIPT   => '',
EXPORT  => 0,
KLUDGEFREE  => '',
-   VERSION => "5.2.3.1",
+   VERSION => "5.2.3.2",
CAPVERSION  => 50200 ,
BLACKLIST_LOG_TAG   => '',
RELATED_LOG_TAG => '',
@@ -1192,7 +1191,6 @@ sub initialize( $;$$$) {
 
 $debug = 0;
 $confess = 0;
-$update = 0;
 
 %params = ();
 
@@ -4023,9 +4021,9 @@ sub read_a_line($) {
#
handle_first_entry if $first_entry;
#
-   # Save Raw Image if we are updating
+   # Save Raw Image
#
-   $rawcurrentline = $currentline if $update;
+   $rawcurrentline = $currentline;
#
# Expand Shell Variables using %params and %actparams
#
@@ -4075,14 +4073,16 @@ sub process_shorewallrc( $$ ) {
 my ( $shorewallrc , $product ) = @_;
 
 $shorewallrc{PRODUCT} = $product;
+$variables{PRODUCT}   = $product;
 
 if ( open_file $shorewallrc ) {
-   while ( read_a_line( STRIP_COMMENTS | SUPPRESS_WHITESPACE | CHECK_GUNK 
) ) {
+   while ( read_a_line( STRIP_COMMENTS | SUPPRESS_WHITESPACE | CHECK_GUNK 
| EXPAND_VARIABLES ) ) {
if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
my ($var, $val) = ($1, $2);
$val = $1 if $val =~ /^\"([^\"]*)\"$/;
expand_shorewallrc_variables($val) if supplied $val;
$shorewallrc{$var} = $val;
+   $variables{$var}   = $val;
} else {
fatal_error "Unrecognized shorewallrc entry";
}
@@ -5593,8 +5593,8 @@ EOF
 #
 # Small functions called by get_configuration. We separate them so profiling 
is more useful
 #
-sub process_shorewall_conf( $ ) {
-my ( $annotate ) = @_;
+sub process_shorewall_conf( $$ ) {
+my ( $update, $annotate ) = @_;
 my $file   = find_file "$product.conf";
 my @vars;
 
@@ -6

Bug#925382: Please, correct vala-panel dependencies

2019-03-23 Thread Konstantin P. 
Package: libvalapanel0
Version: 0.4.87+dfsg1-1

Please, remove libpeas from dependencies. It is not required in vala-panel
version higher than 0.4.50. All plugins also finished using libpeas too.

Please, correct this, so, users will not install unused dep on their PCs.

Bug#925381: git-hub: Typo in manpage for git-hub(1)

2019-03-23 Thread J. A. Corbal 
Package: git-hub
Version: 1.0.1-1
Severity: minor

In package `git-hub`.  In man page 'git-hub(1)', at the very end.
It says:

mkdir -p ~/.vim/ftdetect
*   ln -s /usr/share/vim/addons/githubmsg.vim ~/.vim/ftdetect/
# or if you are copying from the sources:
# ln -s ftdetect.vim ~/.vim/ftdetect/githubmsg.vim

It should said:
ln -s /usr/share/vim/addons/ftdetect/githubmsg.vim ~/.vim/ftdetect/


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.19.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages git-hub depends on:
ii  git 1:2.20.1-2
ii  python  2.7.15-4

git-hub recommends no packages.

git-hub suggests no packages.

-- debconf-show failed

Bug#911783: filelight: missing Breaks+Replaces: filelight-l10n

2019-03-23 Thread Andreas Beckmann 
Followup-For: Bug #911783
Control: tag -1 patch pending

Hi,

in order to get this upgrade path fixed for buster, I've NMUed the
package with the attached patch to DELAYED/5. I verified that this fixes
the issue I encountered.


Andreas
diff -Nru filelight-18.04.1/debian/changelog filelight-18.04.1/debian/changelog
--- filelight-18.04.1/debian/changelog  2018-05-23 01:11:17.0 +0200
+++ filelight-18.04.1/debian/changelog  2019-03-24 01:54:15.0 +0100
@@ -1,3 +1,10 @@
+filelight (4:18.04.1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add Breaks+Replaces against filelight-l10n from squeeze. (Closes: #911783)
+
+ -- Andreas Beckmann   Sun, 24 Mar 2019 01:54:15 +0100
+
 filelight (4:18.04.1-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru filelight-18.04.1/debian/control filelight-18.04.1/debian/control
--- filelight-18.04.1/debian/control2018-05-22 23:51:51.0 +0200
+++ filelight-18.04.1/debian/control2019-03-24 00:59:56.0 +0100
@@ -27,8 +27,8 @@
 Package: filelight
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends}
-Breaks: ${kde-l10n:all}
-Replaces: ${kde-l10n:all}
+Breaks: ${kde-l10n:all}, filelight-l10n
+Replaces: ${kde-l10n:all}, filelight-l10n
 Description: show where your diskspace is being used
  Filelight allows you to understand your disk usage by graphically
  representing your filesystem as a set of concentric, segmented rings.

Bug#902493: apache2-bin: Event MPM listener thread may get blocked by SSL shutdowns

2019-03-23 Thread Sven Hartge 
On 22.03.19 21:19, Sven Hartge wrote:
> On 22.03.19 21:14, Stefan Fritsch wrote:
> 
>> Second try with different approach is at
>>
>> https://people.debian.org/~sf/apache2-mpm-event-902493/2.4.25-3+deb9u7~test2/
>>
>> I have backported mpm_event from 2.4.28 and reverted one commit that was 
>> incompatible with 2.4.25. This was quite painless and I am more confident 
>> about 
>> this diff than the first one (even if it's three times the size).
> 
> Thank you. I've thrown the packages into the snake pit and will report
> back should anything break.

So far, so good. I have your packages running on the main webmail server
and the main web server for my university and so far everything is fine,
while default packages and the test1 packages with mpm_event would
normally start showing the symptoms after ~12 hours.

Grüße,
Sven.



signature.asc
Description: OpenPGP digital signature

Bug#925359: dietlibc: built program on x32 terminates with 'smashed stack detected, program terminated.'

2019-03-23 Thread Thorsten Glaser 
Bernhard Übelacker dixit:

>Now I wonder if a x32 binary doing a syscall getrusage to a 64bit
>kernel is supposed to supply memory like "long" would be 8 bytes?

The x32 kernel is amd64, it’s just a userspace ABI, with a
separate entry point in the kernel (OR’d a high bit in the
syscall number).

long and pointer are 4 bytes, time_t is 8 bytes though.

bye,
//mirabilos
-- 
22:20⎜ The crazy that persists in his craziness becomes a master
22:21⎜ And the distance between the craziness and geniality is
only measured by the success 18:35⎜ "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Bug#925380: network-manager-gnome: ifupdown no longer appears in the applet and no longer does not detects hotplug event

2019-03-23 Thread Jack Underwood 
Package: network-manager-gnome
Version: 1.8.20-1
Severity: important

Dear Maintainer,

Sometime in (late) 2018 the NetworkManager stopped showing ifupdown (eth0) in 
the interfaces, iirc
eth0 would only sometimes appear as a seperate entry to ifupdown (eth0) in the 
Ethernet Network
section of the applet.  Now when I unplug the ethernet cable eth0 disappears 
with only a greyed out
"disconnected" appearing in the Ethernet Network section of the applet, and 
when I plug the cable
back in nothing happens to the applet, and clicking on "Connection Information" 
says "Error displaying
connection information:" "No valid active connections found!" despite the 
connection clearly working again.

This severely reduces the functionality of NetworkManager Applet, both as an 
indicator tool, and when a
network interface needs to get restarted in the case of network issues and 
debugging said issues.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (650, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages network-manager-gnome depends on:
ii  dbus-x11 [dbus-session-bus]  1.12.12-1
ii  dconf-gsettings-backend [gsettings-backend]  0.30.1-2
ii  libatk1.0-0  2.30.0-2
ii  libayatana-appindicator3-1   0.5.3-4
ii  libc62.28-7
ii  libcairo21.16.0-3
ii  libgdk-pixbuf2.0-0   2.38.0+dfsg-7
ii  libglib2.0-0 2.58.3-1
ii  libgtk-3-0   3.24.5-1
ii  libjansson4  2.12-1
ii  libmm-glib0  1.10.0-1
ii  libnm0   1.14.6-2
ii  libnma0  1.8.20-1
ii  libnotify4   0.7.7-4
ii  libpango-1.0-0   1.42.4-6
ii  libpangocairo-1.0-0  1.42.4-6
ii  libsecret-1-00.18.7-1
ii  libselinux1  2.8-1+b1
ii  lxpolkit [polkit-1-auth-agent]   0.5.3-2
ii  network-manager  1.14.6-2
ii  policykit-1-gnome [polkit-1-auth-agent]  0.105-7

Versions of packages network-manager-gnome recommends:
ii  gnome-keyring   3.28.2-2
ii  iso-codes   4.2-1
ii  mobile-broadband-provider-info  20170903-1
ii  notification-daemon 3.20.0-4

Versions of packages network-manager-gnome suggests:
pn  network-manager-openconnect-gnome  
pn  network-manager-openvpn-gnome  
pn  network-manager-pptp-gnome 
pn  network-manager-vpnc-gnome 

-- no debconf information

Bug#925359: dietlibc: built program on x32 terminates with 'smashed stack detected, program terminated.'

2019-03-23 Thread Bernhard Übelacker 
Dear Maintainer,
I just tried to get some more information.

Following backtrace, little after the stack smashing happend, I could
reproduce with a amd64 qemu VM crossgraded from Buster amd64 to x32. :-)

That "struct rusage" has some elements of type "long" [1].
In gdb sizeof shows 4 bytes for such an element.

(gdb) print sizeof(ru1.ru_maxrss)
$6 = 4

Now I wonder if a x32 binary doing a syscall getrusage to a 64bit
kernel is supposed to supply memory like "long" would be 8 bytes?

Kind regards,
Bernhard


[1] http://man7.org/linux/man-pages/man2/getrusage.2.html



Watchpoint 2: *0xffb35cac

Old value = -658158982
New value = 0
0x004253e0 in __unified_syscall ()
1: x/i $pc
=> 0x4253e0 <__unified_syscall+15>: cmp$0xff7c,%rax
(gdb) bt
#0  0x004253e0 in __unified_syscall ()
#1  0x004138aa in j_sigchld (sig=) at ../../jobs.c:1369
#2  0x00411883 in trapsig (i=) at ../../histrap.c:1239
#3  
#4  0x0033 in ?? ()


   0x004253db <__unified_syscall+10>:   mov%rcx,%r10
   0x004253de <__unified_syscall+13>:   syscall 
=> 0x004253e0 <__unified_syscall+15>:   cmp$0xff7c,%rax


   0x004138a5 :  callq  0x42546a 
=> 0x004138aa :  mov0x1ab50(%rip),%ebx# 0x42e400 



(gdb) list jobs.c:1314,1370
...
1320static void
1321j_sigchld(int sig MKSH_A_UNUSED)
1322{
...
1328struct rusage ru0, ru1;
...
1369getrusage(RUSAGE_CHILDREN, &ru1);


(gdb) print sizeof(ru1.ru_maxrss)
$6 = 4



# Install amd64 Buster
nano /etc/inputrc
apt install debian-ports-archive-keyring
nano /etc/apt/sources.list.d/buster-approx.list
deb  [ arch=amd64 ] 
http://192.168.178.25:/debian-10-buster-deb.debian.org/ unstable main
deb-src 
http://192.168.178.25:/debian-10-buster-deb.debian.org/ unstable main
deb  [ arch=x32 ]   
http://192.168.178.25:/debian-10-buster-otherarch-ftp.ports.debian.org/ 
unstable main
rm /var/lib/apt/lists/192*
apt update
apt dist-upgrade

# https://wiki.debian.org/CrossGrading
# https://wiki.debian.org/X32Port

nano /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="syscall.x32=y quiet"
GRUB_CMDLINE_LINUX="syscall.x32=y"
update-grub2


dpkg --add-architecture x32
apt update
apt-get --download-only install dpkg:x32 tar:x32 apt:x32 libseccomp2:x32
cd /var/cache/apt/archives
wget 
https://snapshot.debian.org/archive/debian/20161117T153728Z/pool/main/libs/libseccomp/libseccomp2_2.3.1-2.1_amd64.deb
dpkg -i libseccomp2_2.3.1-2.1_amd64.deb
dpkg -i gcc-8-base_8.3.0-3_x32.deb zlib1g_1%3a1.2.11.dfsg-1_x32.deb lib*_x32.deb
dpkg --install /var/cache/apt/archives/*_x32.deb
dpkg --get-selections | grep :amd64 | sed -e s/:amd64/:x32/ | dpkg 
--set-selections
apt-get -f install
apt autoremove --purge
dpkg -l | grep -i :amd64 | awk '{ print $2 }' | grep -v -E "linux-image" | sed 
's/:amd64/:x32/g' | xargs echo apt install
apt install apparmor:x32 aspell:x32 base-files:x32 base-passwd:x32 bash:x32 
bind9-host:x32 bsdmainutils:x32 bsdutils:x32 busybox:x32 bzip2:x32 
coreutils:x32 cpio:x32 cron:x32 dash:x32 dbus:x32 debianutils:x32 diffutils:x32 
discover:x32 dmeventd:x32 dmidecode:x32 dmsetup:x32 e2fsprogs:x32 eject:x32 
fdisk:x32 file:x32 findutils:x32 gcc-8-base:x32 gettext-base:x32 gpgv:x32 
grep:x32 groff-base:x32 grub-common:x32 grub-pc:x32 grub-pc-bin:x32 
grub2-common:x32 gzip:x32 hdparm:x32 hostname:x32 ifupdown:x32 init:x32 
iproute2:x32 iptables:x32 iputils-ping:x32 irqbalance:x32 isc-dhcp-client:x32 
isc-dhcp-common:x32 ispell:x32 klibc-utils:x32 kmod:x32 less:x32 libacl1:x32 
libaio1:x32 libapparmor1:x32 libapt-inst2.0:x32 libapt-pkg5.0:x32 
libargon2-1:x32 libaspell15:x32 libattr1:x32 libaudit1:x32 libbind9-161:x32 
libblkid1:x32 libbsd0:x32 libbz2-1.0:x32 libc6:x32 libcap-ng0:x32 libcap2:x32 
libcap2-bin:x32 libcom-err2:x32 libcryptsetup12:x32 libdb5.3:x32 
libdbus-1-3:x32 libdebconfclient0:x32 libdevmapper-event1.02.1:x32 
libdevmapper1.02.1:x32 libdiscover2:x32 libdns-export1104:x32 libdns1104:x32 
libedit2:x32 libefiboot1:x32 libefivar1:x32 libelf1:x32 libestr0:x32 
libexpat1:x32 libext2fs2:x32 libfastjson4:x32 libfdisk1:x32 libffi6:x32 
libfreetype6:x32 libfstrm0:x32 libfuse2:x32 libgcc1:x32 libgcrypt20:x32 
libgdbm6:x32 libgeoip1:x32 libglib2.0-0:x32 libgmp10:x32 libgnutls30:x32 
libgpg-error0:x32 libgssapi-krb5-2:x32 libhogweed4:x32 libicu63:x32 
libidn11:x32 libidn2-0:x32 libip4tc0:x32 libip6tc0:x32 libiptc0:x32 
libisc-export1100:x32 libisc1100:x32 libisccc161:x32 libisccfg163:x32 
libjson-c3:x32 libk5crypto3:x32 libkeyutils1:x32 libklibc:x32 libkmod2:x32 
libkrb5-3:x32 libkrb5support0:x32 liblmdb0:x32 liblockfile-bin:x32 
liblognorm5:x32 liblvm2cmd2.03:x32 liblwres161:x32 liblz4-1:x32 liblzma5:x32 
libmagic-mgc:x32 libmagic1:x32 libmnl0:x32 libmount1:x32 libncurses6:x32 
libncursesw6:x32 libnetfilter-conntrack3:x32 libnettle6:x32 libnewt0.52:x32 
libnfnetlink0:x32 libnftnl11:x32 libnss-systemd:x32 libnuma1:x32 
libp11-kit0:x32 libpa

Bug#925379: linux-base: linux-version vmlinuz/vmlinux dichotomy, breaks at least m68k

2019-03-23 Thread Thorsten Glaser 
Package: linux-base
Version: 4.5
Severity: important
Control: affects -1 initramfs-tools

Some time between 4.1.0-2 and 4.19.0-3, m68k kernels switched
from vmlinuz-* to vmlinux-*:

-rwxr-xr-x 1 root root 5933276 Feb 11 16:55 vmlinux-4.19.0-3-m68k*
-rwxr-xr-x 1 root root 5933284 Mar 15 02:16 vmlinux-4.19.0-4-m68k*
-rw-r--r-- 1 root root 1769849 Aug 26  2015 vmlinuz-4.1.0-2-m68k

I was surprised by that 4.1.0-2 was the initrd updated by the
initramfs-tools trigger on e2fsprogs update, before I purged
(apt-get --purge autoremove) the 4.1.0-2 kernel, having just
received the 4.19.0-4 one in a dist-upgrade.

This is because /usr/share/perl5/DebianLinux.pm was not updated
accordingly:

# Find kernel image name stem for this architecture
my $image_stem;
if ((uname())[4] =~ /^(?:mips|parisc|powerpc|ppc)/) {
$image_stem = 'vmlinux';
} else {
$image_stem = 'vmlinuz';
}

Since architectures can have both vmlinux-* and vmlinuz-*,
I think this logic should be reconsidered and removed, as
to instead take kernel images from both basenames.

At the absolutely very least, it must be brought in line
with current practicēs… however, that may break during
upgrades, so, please redo it taking both names into account.

-- System Information:
Debian Release: buster/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'unstable')
Architecture: m68k

Kernel: Linux 4.19.0-3-m68k
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages linux-base depends on:
ii  debconf [debconf-2.0]  1.5.71

linux-base recommends no packages.

linux-base suggests no packages.

-- debconf information:
* linux-base/disk-id-convert-auto: true
  linux-base/removing-title:
* linux-base/disk-id-manual-boot-loader:
  linux-base/disk-id-convert-plan-no-relabel: true
* linux-base/disk-id-convert-plan: true
  linux-base/removing-running-kernel: true
  linux-base/disk-id-manual:
  linux-base/do-bootloader-default-changed:
  linux-base/disk-id-update-failed:

Bug#925309: Wrong prefix directory hardcoded in signed GRUB image

2019-03-23 Thread Colin Watson 
On Fri, Mar 22, 2019 at 08:47:37PM +0100, Pascal Hambourg wrote:
> From grub2 changelog :
>   - Unconditionally create grub.cfg on our EFI boot partition in Secure
> Boot mode; GRUB always needs some configuration in this case to find
> /boot/grub, since we can't modify the signed image at install time
> 
> grub-install installs this initial grub.cfg in the same location as the
> signed image, i.e.
> - /EFI/BOOT if the option --removable is present
> - the directory derived from the --bootloader-id option if present
> - the directory derived from $GRUB_DISTRIBUTOR defined in /etc/default/grub
> 
> The default value of $GRUB_DISTRIBUTOR is "Debian", so the default install
> location is (EFI_PARTITION)/EFI/debian.
> 
> However when the signed image is installed in a different location, it still
> looks for grub.cfg in (EFI_PARTITION)/EFI/debian instead of $cmdpath and
> spawns the grub> shell unless grub.cfg is present in this location. In the
> shell, $prefix is set to (EFI_PARTITION)/EFI/debian.
> 
> Shouldn't the prefix be initialized with $cmdpath instead of the hardcoded
> path /EFI/debian ?

Possibly.  The prefix parameter given to grub-mkimage's -p option has to
be an actual path, not a variable reference.  In order to make it use
$cmdpath, we'd need another one of the arrangements we use for some of
the other pre-built images to use a config file embedded in a memdisk.
Fiddly, but should be possible.

Which different location are you installing the signed image in?  Just
/EFI/BOOT, or something more exotic?

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]

Bug#925373: libpam-modules: Executing script from pam_motd or pam_exec produce a huge memory consumption

2019-03-23 Thread Ricardo Fraile 
The /tmp dir is mounted on / with ext4 as the installation process did. 
The output of mount is:


# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs 
(rw,nosuid,relatime,size=489384k,nr_inodes=122346,mode=755)
devpts on /dev/pts type devpts 
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs 
(rw,nosuid,noexec,relatime,size=100108k,mode=755)

/dev/sda2 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs 
(rw,nosuid,nodev,noexec,relatime)

tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs 
(rw,nosuid,nodev,noexec,relatime,size=5120k)

tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup 
(rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)

pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs 
(rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup 
(rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/devices type cgroup 
(rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup 
(rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/freezer type cgroup 
(rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/memory type cgroup 
(rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/perf_event type cgroup 
(rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/pids type cgroup 
(rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/blkio type cgroup 
(rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/cpuset type cgroup 
(rw,nosuid,nodev,noexec,relatime,cpuset)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs 
(rw,relatime,fd=33,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1687)

hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
/dev/sda1 on /boot/efi type vfat 
(rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)
tmpfs on /run/user/0 type tmpfs 
(rw,nosuid,nodev,relatime,size=100104k,mode=700)


I didn't do any configuration on login except configuring the ssh keys, 
the test was done starting from a fresh install.


Thanks for attach the file.

Bug#925332: unblock: grub2/2.02+dfsg1-15

2019-03-23 Thread Colin Watson 
Control: reopen -1
Control: retitle -1 unblock: grub2/2.02+dfsg1-16

On Sat, Mar 23, 2019 at 06:19:00PM +, Niels Thykier wrote:
> Colin Watson:
> > Please review and unblock grub2 2.02+dfsg1-15 (just uploaded, so not
> > quite in the archive yet).  I still have some more RC-bug-fixing to do,
> > but the EFI variable storage changes here are probably going to be the
> > most complicated remaining change for buster, so I want to maximise the
> > time available for finding bugs in it.
> > 
> > unblock grub2/2.02+dfsg1-15
> 
> Thanks for fixing this bug. :)
> 
> Unblocked, thanks,

Could you bump this hint to:

unblock grub2/2.02+dfsg1-16

... please?  I made a mistake that broke building on armel/armhf, so I
had to do a quick follow-up to fix that.  Sorry for the inconvenience.
Incremental debdiff attached.

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]
diff -Nru grub2-2.02+dfsg1/debian/.git-dpm grub2-2.02+dfsg1/debian/.git-dpm
--- grub2-2.02+dfsg1/debian/.git-dpm2019-03-23 00:39:00.0 +
+++ grub2-2.02+dfsg1/debian/.git-dpm2019-03-23 13:48:41.0 +
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-649e5a39cc5ddf42f6853a0bf818685a625f7cab
-649e5a39cc5ddf42f6853a0bf818685a625f7cab
+3ddfe605a6a472100f529c3d7465bf4eb7fe954d
+3ddfe605a6a472100f529c3d7465bf4eb7fe954d
 59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
 59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
 grub2_2.02+dfsg1.orig.tar.xz
diff -Nru grub2-2.02+dfsg1/debian/changelog grub2-2.02+dfsg1/debian/changelog
--- grub2-2.02+dfsg1/debian/changelog   2019-03-23 09:56:35.0 +
+++ grub2-2.02+dfsg1/debian/changelog   2019-03-23 23:28:17.0 +
@@ -1,3 +1,9 @@
+grub2 (2.02+dfsg1-16) unstable; urgency=medium
+
+  * Fix -Wcast-align diagnostics on ARM.
+
+ -- Colin Watson   Sat, 23 Mar 2019 23:28:17 +
+
 grub2 (2.02+dfsg1-15) unstable; urgency=medium
 
   * Build-depend on libefiboot-dev and libefivar-dev, for EFI variable
diff -Nru 
grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch 
grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
--- grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch  
2019-03-23 00:39:00.0 +
+++ grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch  
2019-03-23 13:48:41.0 +
@@ -1,4 +1,4 @@
-From 649e5a39cc5ddf42f6853a0bf818685a625f7cab Mon Sep 17 00:00:00 2001
+From 3ddfe605a6a472100f529c3d7465bf4eb7fe954d Mon Sep 17 00:00:00 2001
 From: Colin Watson 
 Date: Mon, 11 Mar 2019 11:17:43 +
 Subject: Minimise writes to EFI variable storage
@@ -51,11 +51,11 @@
  Makefile.util.def   |  20 ++
  configure.ac|  12 +
  grub-core/osdep/efivar.c|   3 +
- grub-core/osdep/unix/efivar.c   | 503 
+ grub-core/osdep/unix/efivar.c   | 508 
  grub-core/osdep/unix/platform.c | 100 +--
  include/grub/util/install.h |   5 +
  util/grub-install.c |   4 +-
- 8 files changed, 557 insertions(+), 95 deletions(-)
+ 8 files changed, 562 insertions(+), 95 deletions(-)
  create mode 100644 grub-core/osdep/efivar.c
  create mode 100644 grub-core/osdep/unix/efivar.c
 
@@ -213,10 +213,10 @@
 +#endif
 diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c
 new file mode 100644
-index 0..2991c71db
+index 0..4a58328b4
 --- /dev/null
 +++ b/grub-core/osdep/unix/efivar.c
-@@ -0,0 +1,503 @@
+@@ -0,0 +1,508 @@
 +/*
 + *  GRUB  --  GRand Unified Bootloader
 + *  Copyright (C) 2013,2019 Free Software Foundation, Inc.
@@ -445,57 +445,62 @@
 +  else if (newlist)
 +{
 +  for (i = 0; i < nentries; ++i)
-+  free (newlist[i]);
++  free_efi_variable (newlist[i]);
 +  free (newlist);
 +}
 +  return rc;
 +}
 +
++#define GET_ORDER(data, i) \
++  ((uint16_t) ((data)[(i) * 2]) + ((data)[(i) * 2 + 1] << 8))
++#define SET_ORDER(data, i, num) \
++  do { \
++(data)[(i) * 2] = (num) & 0xFF; \
++(data)[(i) * 2 + 1] = ((num) >> 8) & 0xFF; \
++  } while (0)
++
 +static void
 +remove_from_boot_order (struct efi_variable *order, uint16_t num)
 +{
-+  uint16_t *data;
 +  unsigned int old_i, new_i;
 +
 +  /* We've got an array (in order->data) of the order.  Squeeze out any
 + instance of the entry we're deleting by shifting the remainder down.  */
-+  data = (uint16_t *) order->data;
-+
 +  for (old_i = 0, new_i = 0;
 +   old_i < order->data_size / sizeof (uint16_t);
 +   ++old_i)
 +{
-+  if (data[old_i] != num) {
-+  if (new_i != old_i)
-+data[new_i] = data[old_i];
-+  new_i++;
-+  }
++  uint16_t old_num = GET_ORDER (order->data, old_i);
++  if (old_num != num)
++  {
++if (new_i != old_i)
++  SET_ORDER (order->data, new_i, old_num);
++++new_i;
++  }
 +}
 +
-+  order->data_size = sizeof (data[0]) * new_i;
++  order->data_size = ne

Bug#924594: Build-depend on icedtea-netx instead of icedtea-netx-common

2019-03-23 Thread Markus Koschany 
On Thu, 14 Mar 2019 19:53:28 +0100 Matthias Klose  wrote:
> Package: src;sweethome3d
> Version: 6.1.2+dfsg-1
> Severity: serious
> Tags: sid buster
> 
> Build-depend on icedtea-netx instead of icedtea-netx-common (nbs).
> 
> Patch at
> http://launchpadlibrarian.net/415155485/sweethome3d_6.1.2+dfsg-1_6.1.2+dfsg-1ubuntu1.diff.gz

Hi tony,

thank you for fixing the other companion packages of sweethome3d.
Actually I wanted to downgrade the severity to normal because
icedtea-web provides icedtea-netx-common now, so this shouldn't be
release-critical anymore. I intended to fix it after the freeze. But I
guess since the other sweethome3d packages are fixed now, I can upload a
new revision of sweethome3d too to complete the work. Will do so after
some hours of sleep.

Cheers,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#924053: live-build: UEFI shows grub> on HP250 G6 2SX60EA

2019-03-23 Thread adrian15 
El 18/03/19 a las 00:39, adrian15 escribió:
> El 09/03/19 a las 18:06, Thomas Schmitt escribió:>> What I'm saying with
> all of this is that I'm going to propose a fix that
>>> involves not using any earmark (which involves too much work) but just
>>> searching for /.disk/info instead.
>>
>> Consider to stay at least with the idea of a dedicated marker file
>> with a not-so-probable constant name.
>>
>> The double-job of vmlinuz and the existence of an identical path on
>> another disk caused the problems in this bug report. If the searched
>> path would have been
>>   /live/this_is_a_debian_live_iso
>> then no change of kernel names could interfere. Any incidential path
>> equality would be unlikely, unless multiple debian-live ISOs are
>> involved.
>>
>>
>>> Hopefully Thomas you are not too bad at me. You seemed to be very
>>> excited with all of this earmark implementation ;) .
>>
>> I am a bystander and tool provider here. Some aspects of the current
>> state of Debian ISOs appear sub-optimal to me. E.g. the EFI partition
>> inside the ISO filesystem rather than after it.
>>
>> When the discussion comes to these, then i pop up with my pre-formatted
>> opinion.
>>
>>
>> Have a nice day :)
>>
>> Thomas
> 
> Guess what... my internal tested Rescatux 0.71b2 works flawlessly. The
> Secure Boot part works ok finding /.disk/info. And later on the
> filesystem.squashfs is found on the usb drive.
> 
> But whenever I boot the laptop with an VGA monitor connnected to it...
> live-boot's initrd instead of finding USB's filesystem.squashfs is
> finding the internal hard disk's filesystem.squashfs and I am rewarded
> with this prompt:
> 
> Progress Linux 1.9
> 
> Then you take a look at google and you find many people experimenting
> these type of problems.
> 
> So I need to talk to live distro build tools developers and distro
> remaster tools developers.
> 
> A discussion about liveid (earmark sounds too much as cattle) needs to
> be started.
> 
> Not sure how I will do it. Private mailing list, open bug here at
> Debian's bugzilla, email with CCs.
> 
> Unless you know a place where distributions discuss with each other and
> another place where remaster tool developers discuss with each other.
> 
> 
> adrian15

I have created a github project for gathering feedback on an
hypothetical live id implementation:

https://github.com/rescatux/liveid/blob/proposal-v1/README.md

I have also sent an email to both Gnu/Live build tools developers and
distro remaster tools developers (using BCC to avoid privacy concerns).


I'll try to update this bug only for my own patches / pull requests
related to implementing liveid on live-build (and probably in live-boot
too) which would lead to fixing this bug.


adrian15
-- 
Support free software. Donate to Super Grub Disk. Apoya el software
libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/

Bug#784477: Fwd: Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs

2019-03-23 Thread Sandro Knauß 
Hey,

FreeBSD removed Qt4 compelty last weekend from their repo.

hefee 

--  Forwarded Message  --

Subject: Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
Date: Samstag, 23. März 2019, 22:54:08 CET
From: Tobias C. Berner
To: Sandro Knauß, Adriaan de Groot

Moin moin


On FreeBSD we just solved this be removing that stuff too
[KDE4 and things depending on it was removed 2018-12-31, Qt4 last weekend.]
https://svnweb.freebsd.org/ports?view=revision&revision=495967

I was kind of scared of having a big backlash to this action -- though
there was none in the end.
So as an advice from kde@FreeBSD's side: just pull the plug and remove that
stuff :)

mfg Tobias

On Sat, 23 Mar 2019 at 12:35, Sandro Knauß wrote:

> Hi,
>
> > kdelibs last release was 4.14.35 in August 2017.
> >
> > kdelibs is no longer maintained.
> >
> > Qt 4 last release was 4.8.7 in May 2015.
> >
> > Qt 4 is no longer maintained.
> >
> > Our suggestion is to stop using any qt4/kdelibs based software and move
> to
> > the future if you're concerned about security and/or want to use
> maintained
> > software.
>
> It is not that we do not try it, to remove Qt4 from Debian. We try since
> Aug
> 2017 to reach this goal to remove all qt4/kdelibs software, but still
> there is
> a lot depending on qt4/kdelibs:
>
> https://wiki.debian.org/Qt4Removal
>
> (If you have any notes about status of packages aka dead by upstream -
> input
> is very welcomed).
>
> In next Debian Buster released in some months we still need to ship qt4/
> kdelibs.
>
> Regards,
>
> hefee

signature.asc
Description: This is a digitally signed message part.

Bug#925378: apt-daily service slows down the machine, should use higher niceness

2019-03-23 Thread Antoine Amarilli 
Package: apt
Version: 1.8.0~rc2
Severity: minor

Dear Maintainer,

My machine (Raspberry Pi 3) is significantly slowed down when the apt-daily
service runs. As this is a batch service, in my opinion it should be started
with a higher niceness so that it has less adverse effects on performance of
more relevant tasks.

Would it be a good idea to set up the service so as to have a higher niceness?

Many thanks!

-- 
Antoine Amarilli


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 4.19.0-2-arm64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser 3.118
ii  debian-archive-keyring  2018.1
ii  gpgv2.2.12-1
ii  libapt-pkg5.0   1.8.0~rc2
ii  libc6   2.28-6
ii  libgcc1 1:8.2.0-16
ii  libgnutls30 3.6.6-2
ii  libseccomp2 2.3.3-3
ii  libstdc++6  8.2.0-16

Versions of packages apt recommends:
ii  ca-certificates  20190110

Versions of packages apt suggests:
pn  apt-doc 
ii  aptitude0.8.11-6
ii  dpkg-dev1.19.2
ii  gnupg   2.2.12-1
ii  gnupg2  2.2.12-1
ii  powermgmt-base  1.33

-- debconf-show failed

Bug#910231: Problem was in libfontconfig

2019-03-23 Thread Chris Waters 
The message "Unable to revert mtime: /usr/local/share/fonts" comes
from libfontconfig1, and has nothing to do with emacs per se. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909728

Submitter: if you're still seeing this, you might want to talk to the
fontconfig folks.

Maintainer: depending on what submitter has to say, you can probably
either close this or reassign it.

Bug#925373: libpam-modules: Executing script from pam_motd or pam_exec produce a huge memory consumption

2019-03-23 Thread Steve Langasek 
Control: tags -1 moreinfo

On Sat, Mar 23, 2019 at 06:19:53PM -0400, Ricardo Fraile wrote:

> I attach the reports from the free, slabinfo, meminfo and ps in each step
> in the following file, the directory names are between brackets in each
> step.

You did not attach these, but linked to a tarball stored in a Google drive
instead.  Attaching this tarball here so that the information is available
to users of the Debian BTS without dependency on an external service.

> If I comment the pam_motd lines on "/etc/pam.d/ssh" and I add a pam_exec
> directly, I get the same bad memory consumtion result:

> #sessionoptional pam_motd.so  motd=/run/motd.dynamic
> #sessionoptional pam_motd.so noupdate
> session optional pam_exec.so stdout /bin/sh /etc/update-motd.d/10-uname

> Why the memory consumption is large is the tempfiles are created inside
> pam and executing the same from the login user doesn't produce the same
> result?

I don't know, and yours is certainly the first report I've seen of this
despite the code in the pam modules not having changed for years.

What type of filesystem is mounted at /tmp?  Is it a tmpfs?  Do you
configure something in your login environment that causes mktemp to use a
different path for tempfiles than pam itself, running in a system context,
would?  (i.e. $TMPDIR)

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


report.tar.gz
Description: application/gzip


signature.asc
Description: PGP signature

Bug#925377: libpam-biometric: missing Breaks+Replaces: ukui-polkit (<< 1.0.3)

2019-03-23 Thread Andreas Beckmann 
Package: libpam-biometric
Version: 1.0.3-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../libpam-biometric_1.0.3-1_amd64.deb ...
  Unpacking libpam-biometric (1.0.3-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libpam-biometric_1.0.3-1_amd64.deb (--unpack):
   trying to overwrite 
'/usr/share/polkit-1/actions/org.freedesktop.plicykit.pkexec.bioctl.policy', 
which is also in package ukui-polkit 1.0.2-1
  Errors were encountered while processing:
   /var/cache/apt/archives/libpam-biometric_1.0.3-1_amd64.deb


cheers,

Andreas


ukui-polkit=1.0.2-1_libpam-biometric=1.0.3-1.log.gz
Description: application/gzip

Bug#925337: webext-ublock-origin: deactivated with Firefox 66

2019-03-23 Thread Markus Koschany 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

[...]
> I will update ublock-origin to version 1.18.10 and see if it fixes
> the problem. I couldn't find a hint in the recent release notes, so
> it could also be a Firefox bug. I will investigate. Since Debian is
> currently in a full freeze mode and prepares to release Debian 10
> "Buster" and the bug also doesn't seem to affect the release, I
> will upload the new version to experimental.

I have updated ublock-origin to 1.18.10 but the problem still remains.
However I can confirm that the addon works in chromium 72.x (1.18.4
and 1.18.10). The official version from the Mozilla store (currently
1.18.6) works also fine in Firefox. At the moment I don't know why
there is a regression in Firefox 66.

I have pushed the new version to the experimental branch.

https://salsa.debian.org/webext-team/ublock-origin/tree/experimental


-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyWtplfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRFhBAAumDA+MSKR6vNDNsK1OVsTM/sbR6rBQdimHbnEEGQw7RjYAKlEe3sDBEO
Uiv6Gq/Z/CUyLpS8OkC3NTsPcbVRJaRtssjm5GEOLJ8xHmA7YpRSKVDpixJADJav
dfZ7bojktgAzvHkMj9BI4FyEvl8y1wQZsQy+F/XAuvftuL9UHOJDZKxOP/vfHYck
I/bHfFa/yvhMq31GVVv7wlR8bRBCqhufZ2poIBpXpuHYKA8+Acw+FRmGYQoO/b9y
kGOcbCk40cKP9+snOAN7Q7tB2Aqn8Xt8b8rkZw6Czyq9/v4l04GhZMhMKCjPGged
ef2LM5Zs4vBCRvll6iQcW0E0LnqMQFAlsTvlfioZgit6xxxbwlktfmb+2Nx1L9/h
cWwknsvi2OI3c+TIoHm2aRdzxXFBzon1ZoHx0M1hKBd9Zn3jnTbB3RFRoMfht/Hl
d7HeEiSfwXuDjDgI243VAb2rv/qsK3jSpEkFE7AgPvLe4ZlIBNXbJ+nsWZwQyZfq
NB+e6p6obBXXJvgc2sPWwoXWSNMfLyDRzik1EDJ7WNuy+rDGmzic/B43MrnV9+EL
pGvhCHMB0q+G6dILLLu26Qc/+TkIipMN8JQdoKQLB+0tBKh93prwaXJYo4zdEcct
/gby0467B7SC7Iz0mojmSPg78D2rv2tXBl/edIyuOhPsRxVHg1E=
=Yi0w
-END PGP SIGNATURE-

Bug#923235: shim-signed: Could not prepare Boot variable: Function not implemented

2019-03-23 Thread Steve McIntyre 
control: reassign -1 efibootmgr

On Mon, Feb 25, 2019 at 10:35:02AM +0100, Xavier Bestel wrote:
>Package: shim-signed
>Version: 1.28+nmu1+0.9+1474479173.6c180c6-1
>Severity: important
>
>Dear Maintainer,
>
>When doing an apt dist-upgrade, shim-signed didn't update correctly:
>
>Setting up shim-signed (1.28+nmu1+0.9+1474479173.6c180c6-1) ...
>Installing for x86_64-efi platform.
>Could not prepare Boot variable: Function not implemented
>grub-install: error: efibootmgr failed to register the boot entry: 
>Input/output error.
>dpkg: error processing package shim-signed (--configure):
> installed shim-signed package post-installation script subprocess returned 
> error exit status 1
>Errors were encountered while processing:
> shim-signed
>needrestart is being skipped since dpkg has failed
>E: Sub-process /usr/bin/dpkg returned an error code (1)

Hi Xavier,

What you're seeing here isn't a bug in shim-signed itself, but from
efibootmgr. I'm reassigning it there.

Could you describe your system a little more please? Has efibootmgr
worked OK previously?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Google-bait:   http://www.debian.org/CD/free-linux-cd
  Debian does NOT ship free CDs. Please do NOT contact the mailing
  lists asking us to send them to you.

Bug#925376: unblock: dns-root-data/2019031302

2019-03-23 Thread Daniel Kahn Gillmor 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Control: block -1 by 925374 
Control: affects -1 + src:dns-root-data

Please unblock package dns-root-data, package version 2019031302.

This closes serious bug #925374 ("dns-root-data: ships an obsolete root
zone signing key"), which notes that the older versions of dns-root-data
ship with a root key that is now expired.  This is not the absolute
worst thing, because they *also* ship with the functional, current root
key.  But it is not a good idea to leave this sort of thing lying
around, and we probably don't want to release it in buster.

the debdiff between 2018091102 and 2019031302 is attached.  It's a bit
more complex than just dropping the keys from the distributed files,
because it includes a few extra verification steps during package build,
and accounts for the validity window described in iana's
root-anchors.xml.

The binary diff is actually much smaller :)

To properly avoid this sort of delay for future planned
rollovers/transition, i think we need marginally more sophisticated
binary packages, which i've started a discussion on in #925349.  But
that work isn't relevant directly for the upcoming buster release.

Thanks for your work on debian buster, and sorry for the extra unblock
hassle here,

--dkg

unblock dns-root-data/2019031302

diff --git publicsuffix-2018091102/debian/changelog publicsuffix-2019031302/debian/changelog
index 68800a6..8a4a8b3 100644
--- publicsuffix-2018091102/debian/changelog
+++ publicsuffix-2019031302/debian/changelog
@@ -1,3 +1,15 @@
+dns-root-data (2019031302) unstable; urgency=medium
+
+  * cryptographically verify root.hints
+  * get_orig_source: refresh root-anchors.{xml,p7s} as well
+  * update root data to 2019031302
+  * standards-version: bump to 4.3.0 (no changes needed)
+  * parse-root-anchors.sh: account for validity windows
+  * check: deliberately skip the TTL generated by ldns-key2ds
+  * dns-root-data is Multi-Arch: foreign
+
+ -- Daniel Kahn Gillmor   Sat, 23 Mar 2019 15:33:17 +0100
+
 dns-root-data (2018091102) unstable; urgency=medium
 
   * new upstream version of root.hints, 2018091102
diff --git publicsuffix-2018091102/debian/control publicsuffix-2019031302/debian/control
index 940e507..7295849 100644
--- publicsuffix-2018091102/debian/control
+++ publicsuffix-2019031302/debian/control
@@ -8,11 +8,12 @@ Uploaders:
  Robert Edmonds ,
 Build-Depends:
  debhelper (>= 11~),
+ gpgv,
  ldnsutils,
  openssl,
  unbound-anchor,
  xml2,
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
 Homepage: https://data.iana.org/root-anchors/
 Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git
 Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data
@@ -20,6 +21,7 @@ Rules-Requires-Root: no
 
 Package: dns-root-data
 Architecture: all
+Multi-Arch: foreign
 Depends:
  ${misc:Depends},
 Description: DNS root data including root zone and DNSSEC key
diff --git publicsuffix-2018091102/debian/rules publicsuffix-2019031302/debian/rules
index 3c46b59..5fe3d9a 100755
--- publicsuffix-2018091102/debian/rules
+++ publicsuffix-2019031302/debian/rules
@@ -14,11 +14,14 @@ override_dh_auto_build:
 	# Verify root-anchors.xml using OpenSSL
 	openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml
 
+	# Verify root.hints
+	gpgv --keyring $(CURDIR)/registry-admin.key $(CURDIR)/root.hints.sig $(CURDIR)/root.hints
+
 	# Create key from validated root-anchors.xml
 	./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds
 
 	# Create key from downloaded root.key
-	/usr/bin/ldns-key2ds -n -2 root.key | sed -e 's/\t/ /g' -e 's/ 172800//' | sort -k 4 -n > root.ds
+	/usr/bin/ldns-key2ds -n -2 root.key | cut --fields=1,3- --output-delimiter=' ' | sort -k 4 -n > root.ds
 
 	# Compare the DS from root.key and from root-anchors.xml
 	diff -u root-anchors.ds root.ds
@@ -35,3 +38,7 @@ get_orig_source:
 	< $(CURDIR)/root-auto.key grep -Ev "^($$|;)" | sed -e 's/ ;;count=.*//' > $(CURDIR)/root.key
 	rm $(CURDIR)/root-auto.key
 	wget -O $(CURDIR)/root.hints "https://www.internic.net/domain/named.root";
+	wget -O $(CURDIR)/root.hints.sig "https://www.internic.net/domain/named.root.sig";
+	# get root-anchors.xml and root-anchors.p7s as well
+	wget -O $(CURDIR)/root-anchors.xml 'http://data.iana.org/root-anchors/root-anchors.xml'
+	wget -O $(CURDIR)/root-anchors.p7s 'http://data.iana.org/root-anchors/root-anchors.p7s'
diff --git publicsuffix-2018091102/parse-root-anchors.sh publicsuffix-2019031302/parse-root-anchors.sh
index 4281534..eb1696b 100755
--- publicsuffix-2018091102/parse-root-anchors.sh
+++ publicsuffix-2019031302/parse-root-anchors.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-unset ZONE KTAG ALGO DTYPE DIGEST
+unset ZONE KTAG ALGO DTYPE DIGEST EXPIRES BEGINS
 
 export IFS="="
 xml2 | while read -r KEY VAL; do
@@ -9,14 +9,22 @@ xml2 | while read -r KEY VAL; do
 	"/TrustAnchor/KeyDigest/KeyTag") KTAG="$VAL";;
 	"/TrustAnc

Bug#925375: ucf: UCF_FORCE_CONFFNEW=1 and dpkg --force-confnew broken

2019-03-23 Thread code 
Package: ucf
Version: 3.0036
Severity: important

Dear Maintainer,

   * What led up to the situation?
Trying to manually install a debian package while building a custom ISO
`sudo chroot squashfs-root dpkg --force-confnew -i
tmp/my-package_0.1.0_amd64.deb`
Unfortunatly `dpkg` does not pass `--force-confnew` to `ucf`

`ucf` prompts for user input during install
```
A new version (/usr/share/my-package/config) of configuration file
/etc/xdg/autostart/gnome-keyring-ssh.desktop is available, but the
version installed currently has been locally modified.
```

`UCF_FORCE_CONFFNEW` silences the config compare/selection dialog and
installs the config file, but
somehow it does not create a
`/etc/xdg/autostart/gnome-keyring-ssh.desktop.ucf-old` file. Without
setting `UCF_FORCE_CONFFNEW` the package installs correctly, but it
requires that `install the package maintainer's version` is selected
manually.

```console
$ more debian/postinst
#!/bin/sh
set -e

case "$1" in
configure)
UCF_FORCE_CONFFNEW=1 ucf /usr/share/my-package/config
/etc/xdg/autostart/gnome-keyring-ssh.desktop
```

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

`sudo chroot squashfs-root /usr/bin/env DEBIAN_FRONTEND=noninteractive
dpkg --force-confnew -i tmp/my-package_0.1.0_amd64.deb`
This creates `/etc/xdg/autostart/gnome-keyring-ssh.desktop.ucf-dist`
which I suppose means it is defaulting to the old config file.
`sudo chroot squashfs-root /usr/bin/env DEBIAN_FRONTEND=noninteractive
UCF_FORCE_CONFFNEW=1 dpkg --force-confnew -i
tmp/my-package_0.1.0_amd64.deb` installs the new version but no backup
is created, as mentioned above.

   * What was the outcome of this action?
Nothing really works right here, I'm going back to diversions. Hopefully
this bug report helps.

   * What outcome did you expect instead?
`dpkg --force-confnew` should be passed to ucf somehow
`UCF_FORCE_CONFFNEW=1` should perform the same as manually selecting the
new conffile

Maybe this is more than one bug. Maybe `dpkg` should set
UCF_FORCE_CONFFNEW when --force-confnew is set.
Maybe ucf should just accept --force-confnew, I don't know.
UCF_FORCE_CONFFNEW definatly seems buggy though.

-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500,
'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-46-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ucf depends on:
ii  coreutils  8.25-2ubuntu3~16.04
ii  debconf1.5.58ubuntu1

ucf recommends no packages.

ucf suggests no packages.

-- debconf information:
  ucf/conflicts_found:
  ucf/changeprompt_threeway: keep_current
  ucf/changeprompt: keep_current
  ucf/show_diff:
  ucf/title:

Bug#925314: unblock: wordpress/5.0.3+dfsg1-1

2019-03-23 Thread Craig Small 
Hi,
  Attached is a debdiff between 5.0.3 to 5.04 which is essentially the
changesets I previously reference from the upstream SVN repository.

Option 1 is my preference, the main difference between #1 and #2 was the
changelog version.

 - Craig
diff -Nru wordpress-5.0.3+dfsg1/debian/changelog wordpress-5.0.4+dfsg1/debian/changelog
--- wordpress-5.0.3+dfsg1/debian/changelog	2019-02-05 22:23:39.0 +1100
+++ wordpress-5.0.4+dfsg1/debian/changelog	2019-03-24 09:20:02.0 +1100
@@ -1,3 +1,10 @@
+wordpress (5.0.4+dfsg1-1) testing-proposed-updates; urgency=medium
+
+  * Backport of 5.1.1 patches
+  * Fix XSS security hole in comments Closes: #924546 CVE-2019-9787
+
+ -- Craig Small   Sun, 24 Mar 2019 09:20:02 +1100
+
 wordpress (5.0.3+dfsg1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru wordpress-5.0.3+dfsg1/wp-admin/about.php wordpress-5.0.4+dfsg1/wp-admin/about.php
--- wordpress-5.0.3+dfsg1/wp-admin/about.php	2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-admin/about.php	2019-03-24 09:14:11.0 +1100
@@ -65,6 +65,26 @@
 			
 Version %s addressed some security issues.' ),
+	'5.0.4'
+);
+?>
+the release notes.' ),
+	sprintf(
+		/* translators: %s: WordPress version */
+		esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+		sanitize_title( '5.0.4' )
+	)
+);
+?>
+			
+			
+Version %1$s addressed %2$s bug.',
diff -Nru wordpress-5.0.3+dfsg1/wp-admin/includes/ajax-actions.php wordpress-5.0.4+dfsg1/wp-admin/includes/ajax-actions.php
--- wordpress-5.0.3+dfsg1/wp-admin/includes/ajax-actions.php	2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-admin/includes/ajax-actions.php	2019-03-24 09:14:11.0 +1100
@@ -1070,6 +1070,8 @@
 			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 kses_remove_filters(); // start with a clean slate
 kses_init_filters(); // set up the filters
+remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {
diff -Nru wordpress-5.0.3+dfsg1/wp-includes/comment.php wordpress-5.0.4+dfsg1/wp-includes/comment.php
--- wordpress-5.0.3+dfsg1/wp-includes/comment.php	2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-includes/comment.php	2019-03-24 09:14:11.0 +1100
@@ -3098,6 +3098,8 @@
 			) {
 kses_remove_filters(); // start with a clean slate
 kses_init_filters(); // set up the filters
+remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {
diff -Nru wordpress-5.0.3+dfsg1/wp-includes/formatting.php wordpress-5.0.4+dfsg1/wp-includes/formatting.php
--- wordpress-5.0.3+dfsg1/wp-includes/formatting.php	2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-includes/formatting.php	2019-03-24 09:14:11.0 +1100
@@ -2750,10 +2750,12 @@
 	$atts = shortcode_parse_atts( $matches[1] );
 	$rel  = 'nofollow';
 
-	if ( preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'http' ) ) . ')%i', $text ) ||
-	 preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'https' ) ) . ')%i', $text )
-	) {
-		return "";
+	if ( ! empty( $atts['href'] ) ) {
+		if ( in_array( strtolower( wp_parse_url( $atts['href'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) {
+			if ( strtolower( wp_parse_url( $atts['href'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) {
+return "";
+			}
+		}
 	}
 
 	if ( ! empty( $atts['rel'] ) ) {
@@ -2766,11 +2768,11 @@
 
 		$html = '';
 		foreach ( $atts as $name => $value ) {
-			$html .= "{$name}=\"$value\" ";
+			$html .= "{$name}=\"" . esc_attr( $value ) . "\" ";
 		}
 		$text = trim( $html );
 	}
-	return "";
+	return "";
 }
 
 /**
diff -Nru wordpress-5.0.3+dfsg1/wp-includes/version.php wordpress-5.0.4+dfsg1/wp-includes/version.php
--- wordpress-5.0.3+dfsg1/wp-includes/version.php	2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-includes/version.php	2019-03-24 09:14:11.0 +1100
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.0.3';
+$wp_version = '5.0.4';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
@@ -33,3 +33,4 @@
  * @global string $required_mysql_version
  */
 $required_mysql_version = '5.0';
+	
\ No newline at end of file

Bug#925374: dns-root-data: ships an obsolete root zone signing key

2019-03-23 Thread Daniel Kahn Gillmor 
Package: dns-root-data
Version: 2018091102
Severity: serious
Control: found -1 2014060201+2 2017072601~deb8u1 2017072601~deb8u2 
2017072601~deb9u1 2017072601~deb9u1
Control: fixed -1 2019031302

The versions of dns-root-data marked as "found" above ship a hash for a
root zone key that was retired earlier this month.

I'm marking this as serious because it is the equivalent of shipping a
certificate for a no-longer valid CA in ca-certificates.

That key is no longer being used to sign anything that i have been aware
of, and hopefully the private elements of it have been destroyed, but we
shouldn't ship it any longer.

Those of us on the dns team should have gotten this done earlier, but we
all appear to have just missed it -- sorry about that!

--dkg


signature.asc
Description: PGP signature

Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1

2019-03-23 Thread Harlan Lieberman-Berg 
On Sat, Mar 23, 2019 at 18:21 Adam D. Barratt 
wrote:

> It looks like there was an issue with the upload:


Indeed. My new key hasn’t reached the keyring package yet, it seems. I’ll
reach out to some of the other pkg-letsencrypt folks and see if I can get
one of them to sponsor it in.

> --
Harlan Lieberman-Berg
~hlieberman

Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1

2019-03-23 Thread Adam D. Barratt 
On Sat, 2019-03-23 at 15:30 -0400, Harlan Lieberman-Berg wrote:
> Control: tags -1 + pending
> 
> On Sat, Mar 23, 2019 at 1:17 PM Adam D. Barratt
>  wrote:
> > Welcome to why we get paranoid about changes in stable updates. :-)
> 
> Tell me about it!  I'm always chewing my fingernails off every time I
> do an upload there... and yet.
> 
> Thanks much for your help!

It looks like there was an issue with the upload:


Mar 23 19:38:07 processing /python-certbot_0.28.0-1~deb9u2_amd64.changes
Mar 23 19:38:08 GnuPG signature check failed on 
python-certbot_0.28.0-1~deb9u2_amd64.changes
Mar 23 19:38:08 /python-certbot_0.28.0-1~deb9u2_amd64.changes has bad PGP/GnuPG 
signature!
Mar 23 19:38:08 Removing /python-certbot_0.28.0-1~deb9u2_amd64.changes, but 
keeping its associated files for now.


Regards,

Adam

Bug#925373: libpam-modules: Executing script from pam_motd or pam_exec produce a huge memory consumption

2019-03-23 Thread Ricardo Fraile 
Package: libpam-modules
Version: 1.1.8-3.6
Severity: important

Dear Maintainer,

In a Debian 9.8 installed only with ssh-server and standard system utilities 
under VMware with 2 cpu and 1Gb of ram.

# ssh-keygen
# cd .ssh
# cat * >> authorized_keys
# vi /etc/ssh/sshd_config 
  #PermitRootLogin prohibit-password
  PermitRootLogin yes
# systemctl disable cron
# apt-get install smem
# reboot


I attach the reports from the free, slabinfo, meminfo and ps in each step in 
the following file, the directory names are between brackets in each step.
https://drive.google.com/file/d/1rsp6x2zB34JyOaO7rYjCWzZwgtJfM9SP/view?usp=sharing

Starting the system and dropping caches, the free report is the following 
(00-started_with_drop):

# sync; echo 3 > /proc/sys/vm/drop_caches
# date && free -m
Sat Mar 23 16:50:01 EDT 2019
  totalusedfree  shared  buff/cache   available
Mem:977  81 861   4  33 806
Swap:  1021   01021


Doing the ssh loop from other terminal:
# while :; do ssh root@localhost "exit"; done


One minute later, the memory reach and mantain the following level 
(01-with_loop_normal):

# date && free -m
Sat Mar 23 16:51:12 EDT 2019
  totalusedfree  shared  buff/cache   available
Mem:977 287 643   9  46 592
Swap:  1021   01021


But if I set "/etc/update-motd.d/10-uname" with the following content:

#!/bin/sh
uname -snrvm

A=`mktemp`
B=`mktemp`
C=`mktemp`
rm -f $A
rm -f $B
rm -f $C


The memory grows largely and starts swapping (02-with_loop_modified):
# date && free -m
Sat Mar 23 16:52:00 EDT 2019
  totalusedfree  shared  buff/cache   available
Mem:977 344 582  10  50 533
Swap:  1021   01021

(03-with_loop_modified_last)
# date && free -m
Sat Mar 23 16:52:34 EDT 2019
  totalusedfree  shared  buff/cache   available
Mem:977 878  63   7  35   7
Swap:  1021  141007


Stopping the loop and cleanning caches produce the following (04-finished_loop):

# sync; echo 3 > /proc/sys/vm/drop_caches
# date && free -m
Sat Mar 23 16:53:34 EDT 2019
  totalusedfree  shared  buff/cache   available
Mem:977 610 340   6  26 280
Swap:  1021  141007


There are around 300Mb of difference on the memory available.

Doing the same task that pam_motd execute, don't produce that large increment 
(05-with_runparts_loop):

# reboot
# sync; echo 3 > /proc/sys/vm/drop_caches
# date && free -m
Sat Mar 23 17:05:55 EDT 2019
  totalusedfree  shared  buff/cache   available
Mem:977  82 864   5  30 807
Swap:  1021   01021


Start the loop on other terminal:

# while :; do run-parts --lsbsysinit /etc/update-motd.d ; done


After a few time, stopping the loop and check (06-with_runpart_loop_last):

# date && free -m
Sat Mar 23 17:08:15 EDT 2019
  totalusedfree  shared  buff/cache   available
Mem:977  83 852   5  41 800
Swap:  1021   01021


And finally cleaning caches (07-finished_runpart_loop):
# sync; echo 3 > /proc/sys/vm/drop_caches
# date && free -m
Sat Mar 23 17:08:33 EDT 2019
  totalusedfree  shared  buff/cache   available
Mem:977  82 863   5  31 806
Swap:  1021   01021


If I comment the pam_motd lines on "/etc/pam.d/ssh" and I add a pam_exec 
directly, I get the same bad memory consumtion result:

#sessionoptional pam_motd.so  motd=/run/motd.dynamic
#sessionoptional pam_motd.so noupdate
session optional pam_exec.so stdout /bin/sh /etc/update-motd.d/10-uname


Why the memory consumption is large is the tempfiles are created inside pam and 
executing the same from the login user doesn't produce the same result?


-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpam-modules depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  libaudit1  1:2.6.7-2
ii  libc6  2.24-11+deb9u4
ii  libdb5.3   5.3.28-12+deb9u1
ii  libpam-modules-bin 1.1.8-3.6
ii  libpam0g   1.1.8-3.6
ii  libselinux1

Bug#921194: amarok: Amarok depends on libmariadbd18, which doesn't exist any longer

2019-03-23 Thread Felicia 
Source: amarok
Version: 2.9.0-1+b1
Followup-For: Bug #921194

Dear Maintainer,

It depends on libmariadbd18 however the current version is libmariadbd19



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#864035: deb.debian.org should be used throughout

2019-03-23 Thread Paul Gevers 
Control: tags -1 moreinfo

Hi Adrian,

On Sat, 03 Jun 2017 17:14:18 +0300 Adrian Bunk  wrote:
> "4.3.1. Adding APT Internet sources" is using mirrors
> instead of deb.debian.org which should be used by default
> (see section 2.2.5.).

Do we recommend using deb.debian.org as the default in
/etc/apt/sources.list (I think so)? If so, is that documented somewhere?

I think people that upgrade may have older entries and I think we should
suggest them to migrate, no? Where to find an authoritative answer?

Paul



signature.asc
Description: OpenPGP digital signature

Bug#925028: unblock: dwww/1.13.4+nmu1

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Tue, Mar 19, 2019 at 11:00:33PM +0900, Osamu Aoki wrote:
> diff -Nru dwww-1.13.4/debian/control dwww-1.13.4+nmu1/debian/control
> --- dwww-1.13.4/debian/control2017-06-21 05:13:20.0 +0900
> +++ dwww-1.13.4+nmu1/debian/control   2019-03-16 18:31:19.0 +0900
> @@ -5,8 +5,8 @@
>  Build-Depends: debhelper (>= 10), dh-apache2, lsb-release, publib-dev
>  Build-Conflicts: apache2-dev (<< 2.4.4-6~)
>  Standards-Version: 4.0.0
> -Vcs-Git: https://anonscm.debian.org/git/users/robert/dwww.git
> -Vcs-Browser: https://anonscm.debian.org/cgit/users/robert/dwww.git
> +Vcs-Git: https://salsa.debian.org/debian/dwww.git
> +Vcs-Browser: https://salsa.debian.org/debian/dwww
>  
>  Package: dwww
>  Architecture: any
> @@ -23,10 +23,26 @@
>   ${perl:Depends},
>   ${shlibs:Depends}
>  Breaks: apache2 (<< 2.4.4-6~)
> -Recommends: apt, dlocate (>= 0.5-0.1), info2www, swish++, ${misc:Recommends}
> -Suggests: doc-debian, dpkg-www, links | www-browser
> +Recommends: apt,
> +dlocate (>= 0.5-0.1),
> +doc-debian,
> +dpkg-www,
> +info2www,
> +links | www-browser,
> +swish++,
> +${misc:Recommends}

This promotion of packages from Suggests to Recommends is not mentioned in
the changelog. What is its purpose?

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925372: unblock: shim/15+1533136590.3beb971-6

2019-03-23 Thread Steve McIntyre 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hey folks,

Please unblock package shim

I think we finally have a new shim package setup that's ready for
Buster, giving us a real chance of working Secure Boot with the
release. Apologies in advance, but this unblock is not a pretty one,
with a large set of changes. :-/ However, shim is clearly key to our
SB strategy for Debian. We've moved from a basically-unused amd64-only
shim package in Stretch and Buster so far (0.9+1474479173.6c180c6-1)
to something that will now provide a better working base for
us. Summary of changes:

1. We've moved to a new upstream (from 0.9+1474479173.6c180c6 to
   15+1533136590.3beb971). Upstream have been pushing us to make this
   change for a long time, and there are a lot of needed changes, both
   in security terms and for better architecture support. I'm not even
   attempting to attach a debdiff for this - it's ~200K lines.

2. As well as amd64, we're now also building shim for i386 and arm64,
   and we've submitted our binaries for signing by Microsoft for all
   three architectures. An important achievement in this process is
   that the new build is now 100% reproducible. \o/

3. We've significantly reworked the packaging setup for shim and
   shim-signed. The main part of this is to use Debian's binary
   signing service to manage the process of signing the helper
   binaries (mmXXX.efi and fbXXX.efi) so we're no longer using
   ephemeral keys for those in the shim build process. This helps for
   the reproducibility.

4. Along the way we've also renamed packages and re-arranged things
   for extra clarity and fixed quite a few bugs.

5. We've moved from a single maintainer to team maintenance for the
   shim packages.

Apologies for not getting this unblocked earlier, it's been quite a
ride in the last few months. :-/ We have done a lot of testing with
this code, just not yet directly in Buster.

I'm attaching a debdiff to show the small packaging changes *since*
the move to the new upstream shim release.

There will be a matching shim-signed unblock coming soon, as and when
we get our new shim binaries signed with the Microsoft key.

unblock shim/15+1533136590.3beb971-6

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru shim-15+1533136590.3beb971/debian/changelog 
shim-15+1533136590.3beb971/debian/changelog
--- shim-15+1533136590.3beb971/debian/changelog 2019-02-09 07:23:19.0 
+
+++ shim-15+1533136590.3beb971/debian/changelog 2019-03-23 18:19:13.0 
+
@@ -1,3 +1,73 @@
+shim (15+1533136590.3beb971-6) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * Add Provides: and Breaks: to shim-helpers-$arch-signed to fix
+clashes with the old shim-signed package for fbx64.efi.signed and
+mmx64.efi.signed. Closes: #924619
+
+  [ Helmut Grohne ]
+  * Fix FTCBFS: Set CROSS_COMPILE. (Closes: #922152)
+
+ -- Steve McIntyre <93...@debian.org>  Sat, 23 Mar 2019 18:19:13 +
+
+shim (15+1533136590.3beb971-5) unstable; urgency=medium
+
+  [ Ansgar Burchardt ]
+  * Correct maintainer address in signing template
+
+  [ Steve McIntyre ]
+  * Remove Rules-Requires-Root in the signing template. We manually install
+things owned by root. There might be better ways to do this, but this
+will do for now.
+
+ -- Steve McIntyre <93...@debian.org>  Tue, 12 Mar 2019 01:38:19 +
+
+shim (15+1533136590.3beb971-4) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * No-change sourceful upload to get rebuilds (and hence build logs) from
+the buildds. Hoping to get this version signed by Microsoft, so let's
+make our setup as clean as possible.
+
+ -- Steve McIntyre <93...@debian.org>  Sat, 09 Mar 2019 22:24:23 +
+
+shim (15+1533136590.3beb971-3) unstable; urgency=medium
+
+  [ Philipp Hahn ]
+  * debian/rules: fixing permissions no longer required
+  * debian/rules: Disable ephemeral key on Debian.
+  * Rename binary package to 'shim-unsigned'
+  * Add template for signing {mm,fb}$ARCH.efi. (Closes: #98)
+
+  [ Luca Boccassi ]
+  * Override lintian error about template rules file.
+  * Include /usr/share/dpkg/architecture.mk instead of shelling out.
+  * Add uname.patch to avoid embedding the kernel architecture in the
+binary and to use a fixed string instead.
+
+  [ Steve McIntyre ]
+  * Change maintenance address to be the EFI team
+  * Add me and vorlon to the Uploaders list
+  * Rename the helper binary packages to shim-helpers-$arch.
+  * Update the signing-template JSON metadata to match new practice:
++ Move all the data under a new top-level "packages" key
+

Bug#924736: [Pkg-zsh-devel] Bug#924736: Bug#924736: zsh 5.7.1 segfaults when three setopt options are in play

2019-03-23 Thread Daniel Shahaf 
wesl...@euronet.nl wrote on Sat, 23 Mar 2019 11:03 +00:00:
> upstream seem to have fixed this bug with commit 
> 73b29f079b50412700727e0f77991506c03d19fe

Thanks for the heads-up, Wesley.  Axel already had annotated this bug
with this information:

> # Commit 73b29f079b50412700727e0f77991506c03d19fe
> tags 924736 + fixed-upstream

Cheers,

Daniel

Bug#910632: iso-codes: ISO 3166-2 is out of date (specifically missing 2017-11-23 changes to CN)

2019-03-23 Thread Dr. Tobias Quathamer 
control: tag -1 pending

Am 09.10.2018 um 05:19 schrieb Julian Calaby:
> Package: iso-codes
> Version: 4.1-1
> Severity: normal
> 
> Dear Maintainer,
> 
> The ISO 3166-2 data provided in this package appears to be missing changes 
> from
> 2017.
> 
> Specifically the short codes for CN are listed as numbers instead of Alpha2
> codes (i.e. CN-11 or CN-21 instead of CN-BJ or CN-LN)
Hi Julian,

thanks for your bug report, I've now updated the names and codes for
China in iso-codes. They'll be part of the next release.

Regards,
Tobias



signature.asc
Description: OpenPGP digital signature

Bug#925371: Enable dynamic module support

2019-03-23 Thread Chris Waters 
Source: emacs
Version: 1:26.1+1-3.2
Severity: wishlist

Hi!

This is a request to add the "--with-modules" option to the
configuration options of emacs-{gtk,ludid,nox}.

This is definitely not an important feature, so no rush, but it's
something I'd like to play around with in the not-too-distant-future,
if at all possible.

cheers

Bug#925370: linux-image-4.9.0-8-amd64: hangs during startup while modesetting

2019-03-23 Thread Simon Richter 
Package: src:linux
Version: 4.9.144-3
Severity: important
Tags: upstream

Hi,

I just tried booting my laptop with the lid closed, an HD monitor attached
via DVI and an 8K monitor attached via DisplayPort. The boot process
stopped in the "Waiting for /dev to be fully populated..." phase,
specifically while trying to load the framebuffer driver for Intel
hardware:

[   19.238056] fb: switching to inteldrmfb from EFI VGA

It appears the system is unsure how to configure the outputs. I have to
disconnect the 8K monitor in order to be able to boot, and leave it
unplugged until after starting X to get it to work.

   Simon

-- Package-specific info:
** Version:
Linux version 4.9.0-8-amd64 (debian-ker...@lists.debian.org) (gcc version 6.3.0 
20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.144-3 (2019-02-02)

** Command line:
initrd=\7fa8c2303086c2fad03bc1be50eaac8c\4.9.0-8-amd64\initrd 
root=/dev/mapper/coffee-root ro quiet

** Not tainted

** Kernel log:

** Model information
sys_vendor: FUJITSU
product_name: LIFEBOOK E782
product_version: 10601186020
chassis_vendor: FUJITSU
chassis_version: LIFEBOOK E782
bios_vendor: FUJITSU // Phoenix Technologies Ltd.
bios_version: Version 2.11
board_vendor: FUJITSU
board_name: FJNB253
board_version: L3

** Loaded modules:
rfcomm
ctr
ccm
cmac
bnep
cpufreq_conservative
cpufreq_userspace
cpufreq_powersave
xfrm_user
xfrm4_tunnel
tunnel4
ipcomp
xfrm_ipcomp
esp4
ah4
af_key
xfrm_algo
binfmt_misc
uinput
nfsd
auth_rpcgss
oid_registry
nfs_acl
nfs
lockd
grace
fscache
sunrpc
nls_ascii
nls_cp437
vfat
fat
loop
lp
arc4
intel_rapl
ppdev
snd_hda_codec_hdmi
x86_pkg_temp_thermal
intel_powerclamp
coretemp
iwldvm
iTCO_wdt
iTCO_vendor_support
uvcvideo
mac80211
videobuf2_vmalloc
kvm_intel
videobuf2_memops
snd_hda_codec_realtek
videobuf2_v4l2
snd_hda_codec_generic
videobuf2_core
qmi_wwan
qcserial
btusb
cdc_wdm
btrtl
usb_wwan
kvm
videodev
usbnet
btbcm
btintel
mii
media
iwlwifi
irqbypass
snd_hda_intel
bluetooth
usbserial
efi_pstore
intel_cstate
snd_hda_codec
i915
intel_uncore
snd_hda_core
evdev
intel_rapl_perf
snd_hwdep
joydev
cfg80211
serio_raw
drm_kms_helper
snd_pcm
efivars
rtsx_pci_ms
snd_timer
pcspkr
snd
sg
memstick
rfkill
soundcore
drm
mei_me
mei
lpc_ich
shpchp
i2c_algo_bit
parport_pc
tpm_infineon
parport
fujitsu_laptop
battery
video
ac
button
ext4
crc16
jbd2
fscrypto
ecb
mbcache
algif_skcipher
af_alg
dm_crypt
dm_mod
raid10
raid456
async_raid6_recov
async_memcpy
async_pq
async_xor
async_tx
xor
raid6_pq
libcrc32c
crc32c_generic
raid1
raid0
multipath
linear
md_mod
sd_mod
hid_generic
usbhid
hid
rtsx_pci_sdmmc
mmc_core
crct10dif_pclmul
crc32_pclmul
crc32c_intel
ghash_clmulni_intel
aesni_intel
aes_x86_64
lrw
gf128mul
glue_helper
ablk_helper
cryptd
ahci
libahci
psmouse
libata
ehci_pci
i2c_i801
xhci_pci
scsi_mod
i2c_smbus
xhci_hcd
ehci_hcd
rtsx_pci
mfd_core
e1000e
ptp
usbcore
pps_core
usb_common

** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation 3rd Gen Core processor DRAM 
Controller [8086:0154] (rev 09)
Subsystem: Fujitsu Limited. 3rd Gen Core processor DRAM Controller 
[10cf:16bf]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: ivb_uncore

00:02.0 VGA compatible controller [0300]: Intel Corporation 3rd Gen Core 
processor Graphics Controller [8086:0166] (rev 09) (prog-if 00 [VGA controller])
Subsystem: Fujitsu Limited. 3rd Gen Core processor Graphics Controller 
[10cf:16c1]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: i915
Kernel modules: i915

00:14.0 USB controller [0c03]: Intel Corporation 7 Series/C210 Series Chipset 
Family USB xHCI Host Controller [8086:1e31] (rev 04) (prog-if 30 [XHCI])
Subsystem: Fujitsu Limited. 7 Series/C210 Series Chipset Family USB 
xHCI Host Controller [10cf:16ee]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- 
SERR- 
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci

00:16.0 Communication controller [0780]: Intel Corporation 7 Series/C216 
Chipset Family MEI Controller #1 [8086:1e3a] (rev 04)
Subsystem: Fujitsu Limited. 7 Series/C216 Chipset Family MEI Controller 
[10cf:16ea]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: mei_me
Kernel modules: mei_me

00:16.3 Serial controller [0700]: Intel Corporation 7 Series/C210 Series 
Chipset Family KT Controller [8086:1e3d] (rev 04) (prog-if 02 [16550])
Subsystem: Fujitsu Limited. 7 Series/C

Bug#925369: CVE-2018-10910

2019-03-23 Thread Moritz Muehlenhoff 
Package: bluez
Version: 5.50-1
Severity: important
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=1606203
and https://bugzilla.redhat.com/show_bug.cgi?id=1602985

Cheers,
Moritz

Bug#925337: webext-ublock-origin: deactivated with Firefox 66

2019-03-23 Thread Markus Koschany 
Control: tags -1 confirmed

Hello, and thank you both for the report.

Am 23.03.19 um 12:40 schrieb Martin Steigerwald:
> Package: webext-ublock-origin
> Version: 1.18.4+dfsg-2
> Severity: normal
> 
> Dear Markus,
> 
> uBlock Origin becomes deactivated with Firefox 66.0-1.
> 
> With Firefox ESR 60.6.0esr-1 it works okay.
> 
> With Firefox 65 it also worked.
> 
> Maybe the extension needs an update.
> 
> In Buster AFAIK there will only be Firefox ESR. So there does not seem
> to be a need to have an updated version in Buster. But for those users
> who use Debian Unstable an updated version in experimental would ne nice.

I will update ublock-origin to version 1.18.10 and see if it fixes the
problem. I couldn't find a hint in the recent release notes, so it could
also be a Firefox bug. I will investigate. Since Debian is currently in
a full freeze mode and prepares to release Debian 10 "Buster" and the
bug also doesn't seem to affect the release, I will upload the new
version to experimental.

Cheers,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#925368: di-netboot-assistant: autopkgtest needs update archiving of wheezy

2019-03-23 Thread Paul Gevers 
Source: di-netboot-assistant
Version: 0.60
Severity: important
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: issue
Control: affects -1 src:grub2

Dear maintainers,

With a recent upload of grub2 the autopkgtest of di-netboot-assistant
fails in testing when that autopkgtest is run with the binary packages
of grub2 from unstable. It turns out that this has nothing to do with
grub2, but is due to the archiving of wheezy. I copied some of the
output at the bottom of this report. Can you please fix the autopkgtest?
It seems adding a allow-stderr restriction is enough for, which is
eligible for an unblock exception, however, I think and hope a better
fix can be found (possibly after buster).

Paul

https://ci.debian.net/data/autopkgtest/testing/amd64/d/di-netboot-assistant/2147585/log.gz

autopkgtest [16:13:48]: test std-run:  - - - - - - - - - - results - - -
- - - - - - -
std-run  FAIL stderr: E: Can't download 'wheezy' for 'amd64'
(https://deb.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/SHA256SUMS).



signature.asc
Description: OpenPGP digital signature

Bug#925315: prboom-plus: missing dependency on timgm6mb-soundfont

2019-03-23 Thread Fabian Greffrath 
Control: severity -1 minor

Hi Lee,

Am Freitag, den 22.03.2019, 19:10 -0400 schrieb Lee Cremeans:
> I just installed prboom-plus with the default options on Debian
> testing, and while starting it, I noticed this error:

by default, prboom-plus uses the built-in OPL3 emulator for music
playback which doesn't even require a soundfont.

> is also not installed on this system; installing it clears the
> CRITICAL assertion and the SoundFont load error.

This issue is at most critical if you explicitly select the fluidsynth
backend for music playback, and even then the most critical part will
be that no music will be playing if this soundfont is missing.

So, what you see printed in the terminal is an error message in the
initialization code for a music backend that is not selected by
default. ;)

> Adding the proper package dependency should fix the problem.

I'll add 'timgm6mb-sountfont' to Suggests in the next upload as the
package already runs out-of-the-box as is and without this package -
hence I also lower the severity.

Thanks,

 - Fabian



signature.asc
Description: This is a digitally signed message part

Bug#910350: [INTL:tr] turkish translation update of iso-codes/iso_3166-1

2019-03-23 Thread Dr. Tobias Quathamer 
control: tag -1 pending

Am 23.03.2019 um 19:26 schrieb Holger Wansing:
> Hi Tobias,
> 
> I just noticed this bug.
> It contains a full complete Turkish translation of ISO_3166-1.
> 
> 
> Could you please include it?

Hi Holger,

thanks for reminding me, that bug slipped through. I've now included the
file, it'll be part of the next release.

Regards,
Tobias



signature.asc
Description: OpenPGP digital signature

Bug#925367: debian-history: DebConf12 mistakenly referred to as the 12th DebConf

2019-03-23 Thread Rafa 
Package: debian-history
Severity: normal

Dear Maintainers,

File project-history.en.dbk, as of commit 176f60e3, refers to DebConf12
as the "12th" Debconf in line 428. It is my understanding that it 
should be referred to as the "13th" Debconf instead.

Please note that in line 1101 it is (correctly, in my opinion) referred
to as the "13th" one.

Regards,

Rafa.


signature.asc
Description: PGP signature

Bug#925366: RFP: node-watchify -- watch mode for browserify builds

2019-03-23 Thread Jeff Cliff 
Package: wnpp
Severity: wishlist

* Package name: node-watchify
  Version : 3.11.0
  Upstream Author : James Halliday 
* URL : https://salsa.debian.org/themusicgod1-guest/watchify
* License : MIT
  Programming Lang: javascript
  Description : watch mode for browserify builds

Update any nodejs source file and your browserify bundle will be recompiled on 
the spot.

node-watchify is a prerequisite of node-beefy ( #910824 ).

Bug#925337: webext-ublock-origin: deactivated with Firefox 66

2019-03-23 Thread Linda Lapinlampi 
On Sat, Mar 23, 2019 at 12:40:30PM +0100, Martin Steigerwald wrote:
> Package: webext-ublock-origin
> Version: 1.18.4+dfsg-2
> Severity: normal
> 
> Dear Markus,
> 
> uBlock Origin becomes deactivated with Firefox 66.0-1.

Dear Maintainer,

I can confirm this behavior as well with Firefox 66.0-1 update on
buster/sid. uBlock Origin is "(disabled)" in about:addons, with no way
to activate it again and no explanation.

Another Debian webextension package, webext-https-everywhere, appears to
be active and working on buster/sid with Firefox 66.0-1 update.

Bug#925365: unblock: mpich/3.3-3

2019-03-23 Thread Michael Banck 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mpich

It fixes building packages against mpich, see e.g. #924032.

unblock mpich/3.3-3

-- System Information:
Debian Release: 8.10
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru mpich-3.3/debian/changelog mpich-3.3/debian/changelog
--- mpich-3.3/debian/changelog  2019-02-22 17:45:42.0 +0100
+++ mpich-3.3/debian/changelog  2019-03-18 09:31:47.0 +0100
@@ -1,3 +1,11 @@
+mpich (3.3-3) unstable; urgency=medium
+
+
+  * Patch from Ana Guerrero Lopez, Andreas Beckann to remove obsolete
+GCC check. Closes: #807666, #924837.
+
+ -- Alastair McKinstry   Mon, 18 Mar 2019 08:31:47 +
+
 mpich (3.3-2) unstable; urgency=medium

   * Use dh_fortran_mod to install Fortran mod files in $fmoddir/mpich.
diff -Nru mpich-3.3/debian/control mpich-3.3/debian/control
--- mpich-3.3/debian/control2019-02-22 17:45:42.0 +0100
+++ mpich-3.3/debian/control2019-03-18 09:31:47.0 +0100
@@ -38,7 +38,10 @@
 Fortran-Mod: ${Fortran-Mod}
 Breaks: libmpl-dev,
 libopa-dev,
-libmpich2-dev
+libmpich2-dev,
+libopenmpi-dev (<< 3.0.1~rc1-2),
+openmpi-bin (<< 3.0.1~rc1-2),
+lam4-dev (<< 7.1.4-3.2),
 Replaces: libmpl-dev,
   libopa-dev,
   libmpich2-dev
@@ -89,7 +92,10 @@
 Suggests: mpich-doc (= ${source:Version})
 Breaks: mpich-bin,
 mpich2,
-   libmpich-dev ( << 3.3~b2-3~)
+libmpich-dev ( << 3.3~b2-3~),
+libopenmpi-dev (<< 3.0.1~rc1-2),
+openmpi-bin (<< 3.0.1~rc1-2),
+lam4-dev (<< 7.1.4-3.2),
 Replaces: mpich-bin,
   mpich2,
  libmpich-dev ( << 3.3~b2-3~)
diff -Nru mpich-3.3/debian/libmpich-dev.postinst.in 
mpich-3.3/debian/libmpich-dev.postinst.in
--- mpich-3.3/debian/libmpich-dev.postinst.in   2019-02-22 17:45:42.0 
+0100
+++ mpich-3.3/debian/libmpich-dev.postinst.in   2019-03-18 09:31:47.0 
+0100
@@ -5,7 +5,7 @@
 # lib*.so files, which depends on the multiarch triplet. This can be gotten
 # from dpkg-architecture, but to avoid dependence on dpkg-dev, we instead
 # determine it at package build-time, and include a processed version of this
-# file as the libmpich-dev.postinst, where the variable triplet has been 
replaced
+# file as the libmpich-dev.postinst, where the variable TRIPLET has been 
replaced
 # by its appropriate value, depending on the build host architecture.

 set -e
@@ -27,5 +27,6 @@

 fi

+
 #DEBHELPER#

diff -Nru mpich-3.3/debian/libmpich-dev.preinst.in 
mpich-3.3/debian/libmpich-dev.preinst.in
--- mpich-3.3/debian/libmpich-dev.preinst.in2019-02-22 17:45:42.0 
+0100
+++ mpich-3.3/debian/libmpich-dev.preinst.in2019-03-18 09:31:47.0 
+0100
@@ -2,10 +2,58 @@

 set -e

-# Splitting mpi and mpi-$MULTIARCH  requires this
-if [ ! -z "$(update-alternatives --query mpi 2> /dev/null | grep --silent 
mpi-fort.pc)" ]; then
-update-alternatives --quiet --remove-all mpi >/dev/null 2>&1
-update-alternatives --quiet --remove-all mpi-TRIPLET >/dev/null 2>&1
+remove_corrupt_alternative()
+{
+   local alt=$1
+
+   if [ -f /var/lib/dpkg/alternatives/$alt ] && \
+   ! update-alternatives --query $alt >/dev/null 2>&1
+   then
+   # file exists, but query failed? likely corrupt!
+   echo "Removing corrupt alternative(s) '$alt'"
+   update-alternatives --remove-all $alt >/dev/null 2>&1 || \
+   rm -fv /var/lib/dpkg/alternatives/$alt
+   fi
+}
+
+remove_obsolete_alternative()
+{
+   local alt=$1
+
+   remove_corrupt_alternative $alt
+
+   if update-alternatives --query $alt >/dev/null 2>&1
+   then
+   echo "Removing obsolete alternative(s) '$alt'"
+   update-alternatives --remove-all $alt
+   fi
+}
+
+if [ "$1" = "install" ] || [ "$1" = "upgrade" ]; then
+
+   if dpkg --compare-versions "$2" lt "3.3-2~" ; then
+
+   # Recover from historically grown corruption (#912437)
+   remove_corrupt_alternative mpi
+   remove_corrupt_alternative mpi-TRIPLET
+
+   # mpicc seemed to be used as a master alternative by some MPI 
package. But
+   # currently, all MPI packages have the mpicc alternative 
installed as a slave
+   # link. We remove the link here in order to resolve bugs 
#531184 and #532910.
+   remove_obsolete_alternative mpicc
+
+   # Similarly, see #886644
+   remove_obsolete_alternative mpiCC
+
+   # Splitting mpi and mpi-$MULTIARCH requires this
+   if update-alternatives --query mpi 2>/dev/null | grep -q 
mpi-fort

Bug#925364: unblock: featherpad/0.9.4-2

2019-03-23 Thread Alf Gaida 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package featherpad

The new version fixes three bugs:
 * #925361 - Don't toggle the insert mode with modifier
 * #925362 - Save button is disabled when it shouldn't
 * #923687 - Add qttranslations5-l10n as recommend

unfortunately i was to fast with fixing #923687 (not thought about freeze start
and let the faulty package migrate before uploading) so 0.9.4 did not migrate 
to testing in time. It would be really nice to have 0.9.4 in buster - beside 
the mentiond changes there are some translation updates. If not possible it 
have to split out the fixes for 925361 and 925362 and patch 0.9.3. It would be 
nice if i can save that time.

featherpad is not a dependency for everything, but the considered main editor
in LXQt.

Cheers Alf

unblock featherpad/0.9.4-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.3-towo.1-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)

2019-03-23 Thread John Paul Adrian Glaubitz 
Control: tag -1 - moreinfo

On 3/23/19 6:13 PM, Jonathan Wiltshire wrote:
> You forgot the debdiff, but the upstream patch looks OK. Please go ahead
> and remove the moreinfo tag when this is ready to unblock.

Uploaded and built successfully on all release architectures, should
be good for unblock now. Removing "moreinfo".

Thanks,
Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#924076: Idea how to solve this

2019-03-23 Thread Helge Kreutzmann 
Hello,
I'm not a C programmer but I guess solving this issue might go along
the following path:

Description: Create a secure directory for the FIFO
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 tvtime (1.0.11-4) unstable; urgency=medium
 .
   * QA upload.
   * Add the missing build dependency on pkg-config.
Author: Helge Kreutzmann 

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: other
Bug-Debian: https://bugs.debian.org/924076
Forwarded: 
Reviewed-By: 
Last-Update: 2019-03-23

--- tvtime-1.0.11.orig/src/utils.c
+++ tvtime-1.0.11/src/utils.c
@@ -167,14 +167,19 @@ char *get_tvtime_fifo_filename( uid_t ui
 char *fifodir;
 char *fifo;
 
+char *fifosdir;
+
+/* Create a secure private temporary directory */
+fifosdir = mkdtemp(FIFODIR "tvtimeXX");
+
 /* Create string for the directory in FIFODIR */
 pwuid = getpwuid( uid );
 if( pwuid ) {
-if( asprintf( &fifodir, FIFODIR "/.TV-%s", pwuid->pw_name ) < 0 ) {
+if( asprintf( &fifodir, "%s/.TV-%s", fifosdir, pwuid->pw_name ) < 0 ) {
 return 0;
 }
 } else {
-if( asprintf( &fifodir, FIFODIR "/.TV-%u", uid ) < 0 ) {
+if( asprintf( &fifodir, "%s/.TV-%u", fifosdir, uid ) < 0 ) {
 return 0;
 }
 }


This code segfaults, does not contain error checks but hopefully
someone with real C knowledge can make it work (and prevent tvtime
from being removed).

Greetings

Helge
-- 
  Dr. Helge Kreutzmann deb...@helgefjell.de
   Dipl.-Phys.   http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
   Help keep free software "libre": http://www.ffii.de/


signature.asc
Description: Digital signature

Bug#924767: pgadmin3: Incorrectly installs entire database engine as dependency

2019-03-23 Thread Witold Baryluk 
Package: pgadmin3
Followup-For: Bug #924767


You can use apt-get --no-install-recommends to do what you want.

It is up to discussion if the Recommends should be moved to Suggests tho.

Bug#925362: Save button is disabled when it shouldn't

2019-03-23 Thread Alf Gaida 
Package: featherpad
Version: 0.9.4-2
Severity: important

Reported upstream: https://github.com/tsujan/FeatherPad/issues/251

At least important, if not serious - most of the day i really want to save my 
changes to a file.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.3-towo.1-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages featherpad depends on:
ii  libc62.28-8
ii  libgcc1  1:8.3.0-3
ii  libqt5core5a 5.11.3+dfsg1-1
ii  libqt5gui5   5.11.3+dfsg1-1
ii  libqt5network5   5.11.3+dfsg1-1
ii  libqt5printsupport5  5.11.3+dfsg1-1
ii  libqt5svg5   5.11.3-2
ii  libqt5widgets5   5.11.3+dfsg1-1
ii  libqt5x11extras5 5.11.3-2
ii  libstdc++6   8.3.0-3
ii  libx11-6 2:1.6.7-1

Versions of packages featherpad recommends:
ii  libglib2.0-bin2.58.3-1
ii  qttranslations5-l10n  5.11.3-2

featherpad suggests no packages.

-- no debconf information

Bug#925363: unblock: nvidia-settings/410.104-1

2019-03-23 Thread Andreas Beckmann 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nvidia-settings

Looks like I missed this one unblock request ... to bring the
nvidia-settings version in sync with the other packages from
the nvidia stack.

unblock nvidia-settings/410.104-1


Andreas


nvidia-settings_410.104-1.dsc.diff.gz
Description: application/gzip

Bug#925361: Don't toggle the insert mode with modifier

2019-03-23 Thread Alf Gaida 
Package: featherpad
Version: 0.9.4-2
Severity: important

Bug reported upstream: https://github.com/tsujan/FeatherPad/issues/247

Can and will break workflows without sane reason, fixed upstream.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.3-towo.1-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages featherpad depends on:
ii  libc62.28-8
ii  libgcc1  1:8.3.0-3
ii  libqt5core5a 5.11.3+dfsg1-1
ii  libqt5gui5   5.11.3+dfsg1-1
ii  libqt5network5   5.11.3+dfsg1-1
ii  libqt5printsupport5  5.11.3+dfsg1-1
ii  libqt5svg5   5.11.3-2
ii  libqt5widgets5   5.11.3+dfsg1-1
ii  libqt5x11extras5 5.11.3-2
ii  libstdc++6   8.3.0-3
ii  libx11-6 2:1.6.7-1

Versions of packages featherpad recommends:
ii  libglib2.0-bin2.58.3-1
ii  qttranslations5-l10n  5.11.3-2

featherpad suggests no packages.

-- no debconf information

Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1

2019-03-23 Thread Harlan Lieberman-Berg 
Control: tags -1 + pending

On Sat, Mar 23, 2019 at 1:17 PM Adam D. Barratt
 wrote:
> Welcome to why we get paranoid about changes in stable updates. :-)

Tell me about it!  I'm always chewing my fingernails off every time I
do an upload there... and yet.

Thanks much for your help!
-- 
Harlan Lieberman-Berg
~hlieberman

Bug#925360: pcre2: Uses SSE2 unconditionally on i386

2019-03-23 Thread Guillem Jover 
Source: pcre2
Source-Version: 10.32-4
Severity: serious
Tags: upstream patch

Hi!

I just upgraded a server of mine to Debian buster, and roundcube's
postinst started to crash with "Illegal instruction" messages from a
php process, due to usage of a SSE2 instruction (PSLLDQ). This
instruction is not required by our ISA baseline, and SSE2 is not
present on many i386 based CPUs, such as AMD Semprons for example.

Tracking this down was a bit of a pain, as the offending instructions
were JITed at run-time, so there were no symbols associated, or
indication from where this was coming from. Checking php source
themselves revelead at least what seemed like some unconditional usage
of AVX, SSE2, SSS3 and SSE4.x instructions, and I've got a patch for
that, but this didn't fix the problem. Because php links against the
system pcre2 instead of using its internal embedded copy. :)

So attached is the matching patch for pcre2, that does fix this issue
for me.

Thanks,
Guillem
diff -u pcre2-10.32/debian/changelog pcre2-10.32/debian/changelog
--- pcre2-10.32/debian/changelog
+++ pcre2-10.32/debian/changelog
@@ -1,3 +1,12 @@
+pcre2 (10.32-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Do not unconditionally use SSE2 instructions on i386, as some processors
+that conform to the architecture ISA baseline, do not support that
+instruction set.
+
+ -- Guillem Jover   Sat, 23 Mar 2019 19:24:32 +0100
+
 pcre2 (10.32-4) unstable; urgency=medium
 
   * Take patch from Jeremy Bicha to build with
only in patch2:
unchanged:
--- pcre2-10.32.orig/src/pcre2_jit_compile.c
+++ pcre2-10.32/src/pcre2_jit_compile.c
@@ -5120,8 +5120,9 @@
   }
 
 #if (defined SLJIT_CONFIG_X86 && SLJIT_CONFIG_X86) && !(defined SUPPORT_VALGRIND) && !(defined _WIN64)
-if (check_fast_forward_char_pair_sse2(common, chars, max))
-  return TRUE;
+if (sljit_has_cpu_feature(SLJIT_HAS_SSE2))
+  if (check_fast_forward_char_pair_sse2(common, chars, max))
+return TRUE;
 #endif
 
 in_range = FALSE;

Bug#925358: klibc: built program on m68k terminates with signal 9 (SIGKILL)

2019-03-23 Thread Thorsten Glaser 
Hi Adrian,

>Could you point me to the actual error message so I know how the reproducer
>looks like?

sure: it’s the
Total failed: 3 (3 unexpected)
in the build log, and before that:

FAIL ../../debian/mtest.t:mtest-external
Description:
Minitest: can run an external utility and return
test timed out (limit of 3 seconds)
unexpected exit status 9 (signal 9), expected 0
unexpected stdout - got too little output
wanted:
bar
baz
got:
bar


>I can, indeed, just test whether mksh works on a real Amiga
>68060 which I have running for this purpose.

The trick here is that the faulty binary is not included in
the .deb package thanks to the testsuite failure, so it’s
not all that easy.

Recompiling the .dsc would trigger it though (expect that to
take a couple of hours, perhaps a day…).


You *might* be able to trigger it with:

$ apt-get source mksh
$ cd mksh-*/
$ env LC_ALL=C HAVE_CAN_WALL=0 HAVE_LIBUTIL_H=0 CC=klcc \
HAVE_CAN_FSTACKPROTECTORSTRONG=0 HAVE_CAN_FSTACKPROTECTORALL=0 \
CFLAGS='-fstack-protector-strong -Wformat -Werror=format-security -Wall 
-Wextra -g -fno-stack-protector -Os' \
CPPFLAGS='-Wdate-time -D_FORTIFY_SOURCE=2 -DMKSH_BINSHPOSIX 
-DMKSH_BINSHREDUCED -DMKSH_SMALL -DMKSH_SMALL_BUT_FAST' \
LDFLAGS='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' \
LDSTATIC=-static LIBS= sh Build.sh -r && \
  perl check.pl -s debian/mtest.t -p ./mksh -v

This should do roughly the same as the package build does in that
place, although I’m not sure I caught all exports.


Thanks,
//mirabilos
--  
When he found out that the m68k port was in a pretty bad shape, he did
not, like many before him, shrug and move on; instead, he took it upon
himself to start compiling things, just so he could compile his shell.
How's that for dedication. -- Wouter, about my Debian/m68k revival

Bug#924881: postgresql: buster upgrade breaks older postgresql (9.6) and newer postgresql (11) is also inoperative

2019-03-23 Thread Boyd Stephen Smith Jr. 
On Thursday, March 21, 2019 5:39:10 AM CDT Christoph Berg wrote:
> that error message is directly from openssl, so unrelated to
> PostgreSQL. What size is the snakeoil key? Could you post the output
> of that command?
> 
>   openssl x509 -text -noout < /etc/ssl/certs/ssl-cert-snakeoil.pem

Sorry, I deleted the old file while I was trying to get my system into a 
working state.
 
> My guess would be that the snakeoil key was generated a very long time
> ago, when the key size defaults were less than they are today, and
> buster's libssl is now rejecting the key.

Yes, I was able to run:

sudo make-ssl-cert generate-default-snakeoil --force-overwrite

to resolve the issue.  Note the `--force-overwrite`, which is not used by the 
various postinst scripts.

It would be nice if the buster upgrade could so this for the user, but I don't 
know if that's reasonable for all Debian installations.  IMO, It would be a 
good buster release note.  In any case, it's not a *PostgreSQL* bug.

-- 
Boyd Stephen Smith Jr.   ,= ,-_-. =.
b...@iguanasuicide.net   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/\_/


signature.asc
Description: This is a digitally signed message part.

Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled

2019-03-23 Thread Steve McIntyre 
On Tue, Jan 22, 2019 at 02:41:24PM +0800, Steven Shiau wrote:
>Package: shim-signed
>Version: 1.28+nmu1+0.9+1474479173.6c180c6-1
>Severity: normal
>
>Dear Maintainer,
>
>On Debian secure boot wiki page:
>https://wiki.debian.org/SecureBoot/Testing#Buster_installer_images
>It mentioned:
>Buster live images
>Since 16th Jan 2019, our normal weekly amd64 live images should
>live-boot with Secure Boot enabled without needing any special steps.
>They should also support installation of a Secure Boot enabled system
>directly.
>
>See https://get.debian.org/images/weekly-live-builds/
>and
>Buster live images
>
>Since 16th Jan 2019, our normal weekly amd64 live images should
>live-boot with Secure Boot enabled without needing any special steps.
>They should also support installation of a Secure Boot enabled system
>directly.
>
>See https://get.debian.org/images/weekly-live-builds/
>
>However, both
>https://get.debian.org/images/daily-builds/daily/current/amd64/iso-cd/debian-testing-amd64-netinst.iso
>and
>https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-mate.iso
>build on Jan/21/2019 failed to boot with secure boot enabled on VMWare
>WS Pro 15 and Lenovo X260.
>Attached please check the screenshot when it failed to boot.
>
>In addition, I use live-build 20180925 to create the secure boot ready
>Debian Sid ISO with
>lb config --uefi-secure-boot enable
>and also included grub-efi-amd64-signed, shim-signed,
>linux-image-4.19.0-1-amd64
>
>However, the created live ISO also failed to boot with the same error.
>If I turned off the secure boot in the BIOS, the created ISO can boot
>successfully.

Apologies, this was a mistake on my part. We were still using our test
key for signing our packaged EFI binaries (grub, linux, etc.) and I'd
missed that. Things should be fixed really soon...

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"When C++ is your hammer, everything looks like a thumb." -- Steven M. Haflich

Bug#911352: shim-signed: missing Microsoft-signed version for UEFI 32bit

2019-03-23 Thread Steve McIntyre 
control: forwarded -1 https://github.com/rhboot/shim-review/issues/57

On Fri, Oct 19, 2018 at 12:11:56AM +0200, beta-tester wrote:
>Package: shim-signed
>Severity: normal
>
>Dear Maintainer,
>
>it looks like there is a 32 bit (i386) version of shim-signed
>missing, that is Microsoft-signed and able to boot UEFI 32bit version
>with enabled SecureBoot.

This is in progress - see

  https://github.com/rhboot/shim-review/issues/57

We've submitted a new version of shim for signing for all of amd64,
i386 and arm64.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Since phone messaging became popular, the young generation has lost the
 ability to read or write anything that is longer than one hundred and sixty
 characters."  -- Ignatios Souvatzis

Bug#860716: shim fails to load MokManager (mmx64.efi) in the case of self-signed grub

2019-03-23 Thread Steve McIntyre 
On Wed, Apr 19, 2017 at 12:24:14PM +0300, Mikhail Kshevetskiy wrote:
>Package: shim
>Version: 0.9+1474479173.6c180c6-1
>Severity: important
>
>I test shim-signed with qemu in secure boot environment. Here is the steps
>to reproduce a problem:
>
>1) install shim, shim-signed, qemu and ovmf packages
>
>2) get EnrollDefaultKeys.efi from
>   
> https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Workstation/x86_64/os/Packages/e/edk2-ovmf-20170209git296153c5-3.fc27.noarch.rpm
>
>3) create a efi_test directory with shim binaries, grub and 
>EnrollDefaultKeys.efi files
>
>   mkdir efi_test
>   cp /usr/lib/shim/{shimx64,mmx64,fbx64}.efi.signed efi_test/
>   rename 's/[.]signed$//' efi_test/*
>
>   cp /boot/efi/EFI/debian/grubx64.efi efi_test/[this step is significant]
>
>   cp EnrollDefaultKeys.efi efi_test/ [see step (2)]
>
>4) so we have in efi_test/
>
>   LANG=C ls -la efi_test/
>
>   drwxr-xr-x 2 kl kl4096 Apr 19 12:10 .
>   drwxr-xr-x 5 kl kl4096 Apr 19 11:52 ..
>   -rw-r--r-- 1 kl kl   20032 Apr 19 11:55 EnrollDefaultKeys.efi
>   -rw-r--r-- 1 kl kl9184 Apr 19 12:05 NvVars
>   -rw-r--r-- 1 kl kl   72144 Apr 19 11:52 fbx64.efi
>   -rwxr-xr-x 1 kl kl  121856 Apr 19 12:10 grubx64.efi
>   -rw-r--r-- 1 kl kl 1168464 Apr 19 12:05 mmx64.efi
>   -rw-r--r-- 1 kl kl 1169528 Apr 19 11:52 shimx64.efi
>
>5) run qemu with ovmf firmware
>
>   qemu-system-x86_64 -m 1024 -enable-kvm -machine q35,smm=on,accel=kvm \
>  -bios /usr/share/ovmf/OVMF.fd \
>  -drive media=disk,file=fat:rw:efi_test
>
>6) import microsoft keys and enable secure boot (from EFI shell)
>
>   Shell> fs0:
>   FS0:\> EnrollDefaultKeys.efi
>   info: SetupMode=1 SecureBoot=0 SecureBootEnabled=0 CustomMode=0 VendorKeys=1
>   info: SetupMode=0 SecureBoot=1 SecureBootEnabled=1 CustomMode=0 VendorKeys=0
>   info: success
>
>7) reboot virtual machine (from EFI shell)
>
>   FS0:\> reset
>
>8) run shim (from EFI shell)
>
>   Shell> fs0:
>   FS0:\> shimx64.efi
>
>9) expected result:
>
>   MokManager (mmx64.efi) will be started
>
>10) actual result:
>
>Verification failed: (15) Access Denied
>
>Failed to load image: Access Denied
>start_image() returned Access Denied
>start_image() returned Access Denied
>
>and we back to EFI shell.
>
>Thus it's not possible to install user keys or add user
>loader to trusted binary database.

Hi Mikhail,

I'm hoping that our current set of packages will fix this bug, as
we've moved to a much newer upstream version of shim which includes
the commit you point at. Once we have our new shim signed with the
Microsoft CA, could you retry your test and confirm please?

Cheers,

Steve

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
< sladen> I actually stayed in a hotel and arrived to find a post-it
  note stuck to the mini-bar saying "Paul: This fridge and
  fittings are the correct way around and do not need altering"

Bug#925358: klibc: built program on m68k terminates with signal 9 (SIGKILL)

2019-03-23 Thread John Paul Adrian Glaubitz 
Hi Thorsten!

On 3/23/19 7:25 PM, Thorsten Glaser wrote:
> mksh built against klibc is not usable at all (thankfully, the build
> process recognises this and removes the unusable program, unless it
> is cross-built).
> 
> Note that vs93.physik.fu-berlin.de is a qemu VM.
> 
> I guess I can retry in an ARAnyM VM, and a porter could retry on
> real metal, to see whether we are hitting an emulator bug instead.

Could you point me to the actual error message so I know how the reproducer
looks like? I can, indeed, just test whether mksh works on a real Amiga
68060 which I have running for this purpose.

Thanks,
Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913Hi

Bug#925359: dietlibc: built program on x32 terminates with 'smashed stack detected, program terminated.'

2019-03-23 Thread Thorsten Glaser 
Package: dietlibc-dev
Version: 0.34~cvs20160606-10
Severity: important

https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=x32&ver=57-1&stamp=1551461619&raw=0

mksh built, with -fstack-protector-strong though, against dietlibc is
not usable at all, on x32 only.

-- System Information:
Debian Release: buster/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

dietlibc-dev depends on no packages.

dietlibc-dev recommends no packages.

Versions of packages dietlibc-dev suggests:
pn  dietlibc-doc  

-- no debconf information

Bug#910350: [INTL:tr] turkish translation update of iso-codes/iso_3166-1

2019-03-23 Thread Holger Wansing 
Hi Tobias,

I just noticed this bug.
It contains a full complete Turkish translation of ISO_3166-1.


Could you please include it?

Thanks
Holger



-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#925358: klibc: built program on m68k terminates with signal 9 (SIGKILL)

2019-03-23 Thread Thorsten Glaser 
Package: libklibc-dev
Version: 2.0.6-1
Severity: important

https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=m68k&ver=57-1&stamp=1551464062&raw=0

mksh built against klibc is not usable at all (thankfully, the build
process recognises this and removes the unusable program, unless it
is cross-built).

Note that vs93.physik.fu-berlin.de is a qemu VM.

I guess I can retry in an ARAnyM VM, and a porter could retry on
real metal, to see whether we are hitting an emulator bug instead.

Bug#905178: apt-cacher: prompting due to modified conffiles which were not modified by the user: /etc/default/apt-cacher

2019-03-23 Thread Andreas Beckmann 
Followup-For: Bug #905178
Control: found -1 1.7.20

Hi,

you probably need to take care of the config files installed by older
versions, here I could still trigger the bug on upgrades from squeeze to
wheezy to jessie to stretch to buster.


Andreas


apt-cacher_1.7.20.log.gz
Description: application/gzip

Bug#925164: RM: deltachat-core/0.39.0-1+ds2

2019-03-23 Thread Niels Thykier 
micah anderson:
> Control tags -1 - moreinfo
> 
> Hi,
> 
> Niels Thykier  writes:
> 
>> I am adding the Debian maintainer of Delta Chat in Debian as:
>>
>>  * I do not know anything about Delta Chat nor its situation outside of
>>Debian.  In Debian, it has zero bugs.
> 
> Indeed, the upstream Delta Chat authors have requested that it not be
> put into stable, as too much is changing at the moment.
> 

Thanks for clarifying.  I have added a removal hint.

>>  * I am not sure if the Debian maintainer has been informed of the
>>situation (I got not easily way of knowing except asking).
> 
> Yes, I am aware, and glad that this was done.
> 
> Andre is listed as DM for this package, so I thought that it would not
> be necessary to check this.
> 
> [...]

Ah, I was not aware.  I only checked the maintainers/uploaders field
(but it did not occur to me to check the DM permissions).

Thanks,
~Niels

Bug#925357: unblock: tomoyo-tools/2.6.0-20190305-1

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Sun, Mar 24, 2019 at 02:20:26AM +0900, Hideki Yamane wrote:
> Please unblock package tomoyo-tools
> 
> * I'd like to push tomoyo 2.6.0 for buster, since less upstream delta is
>   better to reduce maintain cost.
> * tomoyo-tools is leaf package, no worries about breaking other packages'
>   behavior :) (and it's stable enough, IMHO).

Keeping close to upstream is useful, but the freeze policy is bug fixes
only. This doesn't appear to fix any bugs, or have I misunderstood?

>  The blocker for update is debdiff is huge.
> 
> > $ wc -l tomoyo.debdiff  
> > 
> > 
> > 1528 tomoyo.debdiff
> 
>  However, most of above changes are almost same boring changes like this.

There are still enough changes that I'm not comfortable with this. I am
going to need some convincing.


Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)

2019-03-23 Thread John Paul Adrian Glaubitz 
On 3/23/19 6:13 PM, Jonathan Wiltshire wrote:
> You forgot the debdiff, but the upstream patch looks OK. Please go ahead
> and remove the moreinfo tag when this is ready to unblock.

Whoops, I meant to attach it. I'm still a bit jet-lagged from my last
trip. Attaching it now and will go ahead with the upload.

Thanks,
Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
diff -Nru sane-backends-1.0.27/debian/changelog sane-backends-1.0.27/debian/changelog
--- sane-backends-1.0.27/debian/changelog	2018-11-02 20:30:06.0 +0100
+++ sane-backends-1.0.27/debian/changelog	2019-03-23 17:38:37.0 +0100
@@ -1,3 +1,11 @@
+sane-backends (1.0.27-3.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * New debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch
+- Fix regression in the mustek_usb2 backend (Closes: #886777).
+
+ -- John Paul Adrian Glaubitz   Sat, 23 Mar 2019 17:38:37 +0100
+
 sane-backends (1.0.27-3.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch
--- sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch	1970-01-01 01:00:00.0 +0100
+++ sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch	2019-03-23 17:34:56.0 +0100
@@ -0,0 +1,88 @@
+From 93340afddfbc4085a5297fe635b65dd7f7f3ef05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= 
+Date: Mon, 17 Dec 2018 00:05:43 +0100
+Subject: [PATCH] mustek_usb2: Avoid stack smashing.  Fixes #35
+
+Use a properly sized variable in call to sanei_usb_{read,write}_bulk.
+
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886777
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907972
+---
+ backend/mustek_usb2_asic.c | 18 ++
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/backend/mustek_usb2_asic.c b/backend/mustek_usb2_asic.c
+index b5f3b0a4..b31c7494 100644
+--- a/backend/mustek_usb2_asic.c
 b/backend/mustek_usb2_asic.c
+@@ -255,6 +255,7 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+   STATUS status = STATUS_GOOD;
+   unsigned int i, buf[1];
+   unsigned int read_size;
++  size_t read_size_usb;
+ 
+   DBG (DBG_ASIC, "Mustek_DMARead: Enter\n");
+ 
+@@ -268,9 +269,11 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+   SetRWSize (chip, 1, buf[0]);
+   status = WriteIOControl (chip, 0x03, 0, 4, (SANE_Byte *) (buf));
+ 
++  read_size_usb = buf[0];
+   status =
+ 	sanei_usb_read_bulk (chip->fd, lpdata + i * read_size,
+-			 (size_t *) buf);
++ &read_size_usb);
++  buf[0] = read_size_usb;
+   if (status != STATUS_GOOD)
+ 	{
+ 	  DBG (DBG_ERR, "Mustek_DMARead: read error\n");
+@@ -284,9 +287,11 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+   SetRWSize (chip, 1, buf[0]);
+   status = WriteIOControl (chip, 0x03, 0, 4, (SANE_Byte *) (buf));
+ 
++  read_size_usb = buf[0];
+   status =
+ 	sanei_usb_read_bulk (chip->fd, lpdata + i * read_size,
+-			 (size_t *) buf);
++ &read_size_usb);
++  buf[0] = read_size_usb;
+   if (status != STATUS_GOOD)
+ 	{
+ 	  DBG (DBG_ERR, "Mustek_DMARead: read error\n");
+@@ -307,6 +312,7 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+   unsigned int buf[1];
+   unsigned int i;
+   unsigned int write_size;
++  size_t write_size_usb;
+ 
+   DBG (DBG_ASIC, "Mustek_DMAWrite: Enter:size=%d\n", size);
+ 
+@@ -320,9 +326,11 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+   SetRWSize (chip, 0, buf[0]);
+   WriteIOControl (chip, 0x02, 0, 4, (SANE_Byte *) buf);
+ 
++  write_size_usb = buf[0];
+   status =
+ 	sanei_usb_write_bulk (chip->fd, lpdata + i * write_size,
+-			  (size_t *) buf);
++  &write_size_usb);
++  buf[0] = write_size_usb;
+   if (status != STATUS_GOOD)
+ 	{
+ 	  DBG (DBG_ERR, "Mustek_DMAWrite: write error\n");
+@@ -337,9 +345,11 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+   SetRWSize (chip, 0, buf[0]);
+   WriteIOControl (chip, 0x02, 0, 4, (SANE_Byte *) buf);
+ 
++  write_size_usb = buf[0];
+   status =
+ 	sanei_usb_write_bulk (chip->fd, lpdata + i * write_size,
+-			  (size_t *) buf);
++  &write_size_usb);
++  buf[0] = write_size_usb;
+   if (status != STATUS_GOOD)
+ 	{
+ 	  DBG (DBG_ERR, "Mustek_DMAWrite: write error\n");
+-- 
+2.18.1
+
diff -Nru sane-backends-1.0.27/debian/patches/series sane-backends-1.0.27/debian/patches/series
--- sane-backends-1.0.27/de

Bug#925314: unblock: wordpress/5.0.3+dfsg1-1

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Sat, Mar 23, 2019 at 09:30:32AM +1100, Craig Small wrote:
> So, we have a few options:
> 1) Update Buster WordPress 5.0.3 to 5.0.4 which is the security fixes
> 2) Make a security release for Buster, effectively what (1) is with
> different version numbers
> 3) Update Buster to follow Sid, which is a major update, 5.1.1
> 4) Do nothing and wait until Buster is released and then fix it.

Tricky. I am more inclined towards option 1 (I don't understand option 2)
but that presumably means an upload via t-p-u? Normally important bugs
wouldn't qualify for that but I actually consider this at least serious, so
it's fine.

Can I see a debdiff of 5.0.3 to 5.0.4 please?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925357: unblock: tomoyo-tools/2.6.0-20190305-1

2019-03-23 Thread Hideki Yamane 
Package: release.debian.org
Severity: wishlist
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package tomoyo-tools

* I'd like to push tomoyo 2.6.0 for buster, since less upstream delta is
  better to reduce maintain cost.
* tomoyo-tools is leaf package, no worries about breaking other packages'
  behavior :) (and it's stable enough, IMHO).

 The blocker for update is debdiff is huge.

> $ wc -l tomoyo.debdiff
>   
> 
> 1528 tomoyo.debdiff

 However, most of above changes are almost same boring changes like this.

 diff -Nru tomoyo-tools-2.5.0-20170102/examples/candy.c 
tomoyo-tools-2.6.0-20190305/examples/candy.c
--- tomoyo-tools-2.5.0-20170102/examples/candy.c2017-01-04 
19:12:17.0 +0900
+++ tomoyo-tools-2.6.0-20190305/examples/candy.c2019-03-05 
09:00:00.0 +0900
@@ -2,11 +2,11 @@
  * candy.c
  *
  * An example program for CERBERUS.
- * ( http://osdn.jp/projects/tomoyo/document/winf2005-en.pdf )
+ * ( https://osdn.jp/projects/tomoyo/document/winf2005-en.pdf )
  *
  * Copyright (C) 2005-2011  NTT DATA CORPORATION
  *
- * Version: 2.5.0   2011/09/29
+ * Version: 2.6.0   2019/03/05
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License v2 as published by the

 URL change (use https), version and date update. I've striped down such
 things and diff size becomes just 255 lines (= upstream changes).

> $ wc -l tomoyo.diff 
> 255 tomoyo.diff

 And 1/3 of that is test file, remains are changes to update profile version.

diff --git a/kernel_test/tomoyo_bprm_test.c b/kernel_test/tomoyo_bprm_test.c
index c19d89e..1675ea6 100644
--- a/kernel_test/tomoyo_bprm_test.c
+++ b/kernel_test/tomoyo_bprm_test.c
@@ -178,6 +178,7 @@ int main(int argc, char *argv[])
ccs_test_init();
fprintf(domain_fp, "%s " BINDIR "/true\n", self_domain);
fprintf(domain_fp, "use_profile 255\n");
+   fprintf(domain_fp, "use_group 0\n");
fprintf(domain_fp, "select pid=%u\n", pid);
fprintf(domain_fp, "file read/write %s\n", proc_policy_domain_policy);
set_profile(3, "file::execute");
diff --git a/kernel_test/tomoyo_cond_test.c b/kernel_test/tomoyo_cond_test.c
index 123a2be..da5905d 100644
--- a/kernel_test/tomoyo_cond_test.c
+++ b/kernel_test/tomoyo_cond_test.c
@@ -388,7 +388,10 @@ static void stage_cond_test(void)
 int main(int argc, char *argv[])
 {
ccs_test_init();
-   fprintf(domain_fp, "ignore_global\n");
+   fprintf(domain_fp, "%s " BINDIR "/true\n", self_domain);
+   fprintf(domain_fp, "use_profile 255\n");
+   fprintf(domain_fp, "use_group 0\n");
+   fprintf(domain_fp, "%s\n", self_domain);
fprintf(domain_fp, "file read/write %s\n", proc_policy_domain_policy);
set_profile(3, "file::execute");
set_profile(3, "file::open");
diff --git a/kernel_test/tomoyo_new_file_test.c 
b/kernel_test/tomoyo_new_file_test.c
index 827c595..9c8ed87 100644
--- a/kernel_test/tomoyo_new_file_test.c
+++ b/kernel_test/tomoyo_new_file_test.c
@@ -118,6 +118,7 @@ static void stage_file_test(void)
size_t size = sizeof(buffer);
int pipe_fd[2] = { EOF, EOF };
int err = 0;
+   int flags;
int fd;
char pbuffer[1024];
struct stat sbuf;
@@ -184,6 +185,38 @@ static void stage_file_test(void)
write_domain_policy(policy, 1);
show_result(uselib("/tmp/uselib"), 0);
 
+   policy = "file write /dev/null";
+   fd = open("/dev/null", O_WRONLY);
+   show_result(fd, 0);
+   close(fd);
+   write_domain_policy(policy, 0);
+   fd = open("/dev/null", O_WRONLY);
+   show_result(fd, 1);
+   write_domain_policy(policy, 1);
+   flags = fcntl(fd, F_GETFL, 0) | O_APPEND;
+   policy = "file append /dev/null";
+   show_result(fcntl(fd, F_SETFL, flags), 0);
+   write_domain_policy(policy, 0);
+   show_result(fcntl(fd, F_SETFL, flags), 1);
+   write_domain_policy(policy, 1);
+   close(fd);
+
+   policy = "file append /dev/null";
+   fd = open("/dev/null", O_WRONLY | O_APPEND);
+   show_result(fd, 0);
+   close(fd);
+   write_domain_policy(policy, 0);
+   fd = open("/dev/null", O_WRONLY | O_APPEND);
+   show_result(fd, 1);
+   write_domain_policy(policy, 1);
+   flags = fcntl(fd, F_GETFL, 0) & ~O_APPEND;
+   policy = "file write /dev/null";
+   show_result(fcntl(fd, F_SETFL, flags), 0);
+   write_domain_policy(policy, 0);
+   show_result(fcntl(fd, F_SETFL, flags), 1);
+   write_domain_policy(policy, 1);
+   close(fd);
+
policy = "file execute " BINDIR "/true task.uid!=10 path1.parent.uid=0";
write_domain_policy(policy, 0);
fflush(stdout);
@@ -625,6 +658,7 @@ int main(int argc, char *argv[])
make_elf_lib();

Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1

2019-03-23 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Sun, 2019-03-10 at 22:04 -0400, Harlan Lieberman-Berg wrote:
> After talking to kibi and jrtc27 on IRC, pushing up a new proposed
> diff with some tweaks to the control file and changelog.
[...]
> In v9, dh_systemd_enable would stop timers in prerm and then start
> them in postinst.  In v10, however, dh_systemd_enable switches to
> using try-restart, which will noop on stopped timers.  This means
> when the SRU was installed, the timer was stopped (in the old v9
> prerm) and never started (in the new v10 postinst).  Changing back to
> use v9 will mean that the package will invoke the start on the timer
> regardless of its current status, fixing broken systems and
> preventing new problems.
> 
> This problem doesn't occur on fresh installs because the postinst is
> called differently, and although I tested certbot extensively (and
> had upstream do the same), none of us were looking closely at the
> timer functionality because "it wasn't supposed to change" (because
> that's never caused bugs before, god knows.)

Welcome to why we get paranoid about changes in stable updates. :-)

Please go ahead.

Regards,

Adam

Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 confirmed moreinfo

On Sat, Mar 23, 2019 at 06:04:06PM +0100, John Paul Adrian Glaubitz wrote:
> I'm attaching the full debdiff for this change and would like to ask
> for an unblock such that users of the mustek_usb2 backend are not
> running into the unpleasant surprise that their scanner is no longer
> working after updating to Debian Buster.
> 

You forgot the debdiff, but the upstream patch looks OK. Please go ahead
and remove the moreinfo tag when this is ready to unblock.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)

2019-03-23 Thread John Paul Adrian Glaubitz 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi!

sane-backends suffers from a regression in the mustek_usb2 backend
which makes said backend unusable [1]. The bug has already been fixed
upstream [2] and consists of a rather small fix which should be easy
to review.

I'm attaching the full debdiff for this change and would like to ask
for an unblock such that users of the mustek_usb2 backend are not
running into the unpleasant surprise that their scanner is no longer
working after updating to Debian Buster.

Thanks,
Adrian

unblock sane-backends/1.0.27-3.2

> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886777
> [2] https://gitlab.com/sane-project/backends/issues/35

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#893498: RM: openhft-chronicle-wire/1.1.13-1

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Sat, Mar 09, 2019 at 11:17:09PM +, Andrej Shadura wrote:
> Please remove openhft-chronicle-wire from testing, I don’t see any
> chance of us properly solving this for Buster.

There are reverse dependencies:

| Will remove the following packages from testing:
| 
| libopenhft-chronicle-wire-java |   1.1.13-1 | all
| openhft-chronicle-wire |   1.1.13-1 | source
| 
| Maintainer: Debian Java Maintainers 

| 
| --- Reason ---
| 
| --
| 
| Checking reverse dependencies...
| # Broken Depends:
| openhft-chronicle-network: libopenhft-chronicle-network-java
| openhft-chronicle-queue: libopenhft-chronicle-queue-java
| 
| # Broken Build-Depends:
| openhft-chronicle-network: libopenhft-chronicle-wire-java
| 
| Dependency problem found.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#924938: unblock: healpix-java/3.40-1

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Mon, Mar 18, 2019 at 01:01:18PM -0400, Leo Singer wrote:
> Please unblock package healpix-java.
> 
> The package fixes the important bug #923752, "healpix-java: FTBFS in
> buster/sid". Note that aladin and topcat depend on healpix-java.

Unfortunately it also includes an unreviewable new upstream release. Please
revert that and include just the bug fix.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925237: unblock: node-timeago.js/3.0.2+dfsg-2

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Thu, Mar 21, 2019 at 04:41:53PM +0100, Xavier Guimard wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package node-timeago.js
> 
> Hi all,
> 
> I updated node-timeago.js to fix RC bug #924809. Main change is to find
> uglifyjs since there is a conflict between webpack and uglifyjs (see
> #925211). I updated also some other few things.
> 
> Cheers,
> Xavier
> 
> unblock node-timeago.js/3.0.2+dfsg-2
> 
> -- System Information:
> Debian Release: buster/sid
>   APT prefers testing
>   APT policy: (600, 'testing'), (50, 'unstable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.14.0-3-amd64 (SMP w/2 CPU cores)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= 
> (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled

> diff --git a/debian/changelog b/debian/changelog
> index f52ff7f..2d309c2 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,17 @@
> +node-timeago.js (3.0.2+dfsg-2) unstable; urgency=medium
> +
> +  * Team upload
> +  * Switch minimal test to autopkgtest
> +  * Add upstream/metadata
> +  * Patch package.json to use unminified file
> +  * Remove build dependency to uglifyjs and use the one installed with
> +webpack (Closes: #924809)
> +  * Declare compliance with policy 4.3.0
> +  * Add Multi-Arch: foreign

Multi-arch changes aren't really appropriate now, please revert that.


Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925355: python-flake8: Please package flake8 3.7.7 (or later) in experimental

2019-03-23 Thread Sylvestre Ledru 
Package: python-flake8
Version: 3.6.0-1
Severity: wishlist

Dear Maintainer,

The title says all. Thanks!

S


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing'), (600, 'unstable'), (500, 'stable'), (300, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python-flake8 depends on:
ii  python2.7.15-4
ii  python-configparser   3.5.0b2-1
ii  python-enum34 1.1.6-2
ii  python-mccabe 0.6.1-2
ii  python-pkg-resources  40.7.1-1
ii  python-pycodestyle2.4.0-2
ii  python-pyflakes   2.0.0-1
ii  python-setuptools 40.7.1-1

python-flake8 recommends no packages.

Versions of packages python-flake8 suggests:
ii  python-mock  2.0.0-4

-- no debconf information

Bug#925235: unblock: node-jschardet/1.6.0+dfsg-2

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Thu, Mar 21, 2019 at 04:10:02PM +0100, Xavier Guimard wrote:
> +node-jschardet (1.6.0+dfsg-2) unstable; urgency=medium
> +
> +  * Team upload
> +  * Add debian/clean
> +  * Use node-uglify if uglifyjs isn't available (Closes: #924807)
> +  * Bump debhelper compatibility level to 11

The time is gone for changing debhelper levels; please revert that.

> +  * Declare compliance with policy 4.3.0
> +  * Fix VCS fields
> +  * Fix debian/copyright URL format
> +  * Switch minimal test to pkg-js-tools
> +  * Add upstream/metadata
> +  * Update lintian-overrides
> +  * Add Multi-Arch: foreign

Multi-arch changes aren't really appropriate now either.


Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925354: pacemaker-dev: missing Breaks+Replaces: libcrmcluster1-dev

2019-03-23 Thread Andreas Beckmann 
Package: pacemaker-dev
Version: 2.0.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'wheezy' to 'jessie' to 'stretch' to 'buster'.
It installed fine in 'wheezy', and upgraded to 'jessie' and 'stretch'
successfully,
but then the upgrade to 'buster' failed.

In case the package was not part of an intermediate stable release,
the version from the preceding stable release was kept installed.

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package pacemaker-dev:amd64.
  Preparing to unpack .../10-pacemaker-dev_2.0.1-1_amd64.deb ...
  Unpacking pacemaker-dev:amd64 (2.0.1-1) ...
  dpkg: error processing archive 
/tmp/apt-dpkg-install-UW7jMV/10-pacemaker-dev_2.0.1-1_amd64.deb (--unpack):
   trying to overwrite '/usr/include/pacemaker/crm/attrd.h', which is also in 
package libcrmcluster1-dev 1.1.7-1
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /tmp/apt-dpkg-install-UW7jMV/10-pacemaker-dev_2.0.1-1_amd64.deb


cheers,

Andreas


pacemaker-dev_2.0.1-1.log.gz
Description: application/gzip

Bug#922679: Locking screen with light-locker/nvidia-driver crashes system to blinking cursor

2019-03-23 Thread nodiscc 
Hi,
did you have some time to have a look at this?

I encountered a minor problem when using 'update-glx glx'
(https://packages.debian.org/sid/update-glx package), which updates
the glx alternative but does not remove the nvidia entry from
xorg.conf

I still think it would be good to have automatically generated (maybe
make it optional through a debconf dialog?).

@anbe, ping

Bug#925083: unblock: nsca-ng/1.5-4

2019-03-23 Thread Sebastiaan Couwenberg 
Control: tags -1 - moreinfo

On 3/23/19 4:52 PM, Jonathan Wiltshire wrote:
> On Tue, Mar 19, 2019 at 07:35:53PM +0100, Bas Couwenberg wrote:
>> Please unblock package nsca-ng 1.5-4.
>>
>> It cherry-picks the OpenSSL 1.1.1 change from the 1.6 release available
>> in experimental.
> 
> nsca-ng has not been in testing since September 2018; you need a Very Good
> Justification for it to enter now.

The fix for the RC bug that cause the removal from testing only became
available now.

That's probably not good enough, but the best we could do to try have
nsca-ng available in buster.

Feel free to close this issue if you'd rather ship buster without nsca-ng.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#924946: unblock: budgie-desktop/10.5-1

2019-03-23 Thread Jonathan Wiltshire 
On Sat, Mar 23, 2019 at 03:51:33PM +, David Mohammed wrote:
>   ah - maybe I understood the freeze process - I attached the proposed
> debdiff for 10.5 to this unblock request.  I thought the evaluation
> would be done on that.
> 
> I can certainly upload 10.5 to unstable - should I do this?

Right, OK. It's fine to request pre-approval of changes which might be
controversial, but it's helpful to make that clear in the bug to save time.

I haven't reviewed your diff yet but if you're sure of the changes, upload
to unstable and remove the 'moreinfo' tag from this bug when it's ready to
unblock please.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925083: unblock: nsca-ng/1.5-4

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Tue, Mar 19, 2019 at 07:35:53PM +0100, Bas Couwenberg wrote:
> Please unblock package nsca-ng 1.5-4.
> 
> It cherry-picks the OpenSSL 1.1.1 change from the 1.6 release available
> in experimental.

nsca-ng has not been in testing since September 2018; you need a Very Good
Justification for it to enter now.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#923924: Please review and apply attached patch to support shutdown on SIGPWR

2019-03-23 Thread Cameron Norman 
On Mon, 11 Mar 2019 20:51:29 +0100 Andras Korn 
wrote:
> On Mon, Mar 11, 2019 at 06:12:06PM +, Dmitry Bogatov wrote:
>
> > > On Fri, Mar 08, 2019 at 02:39:47PM +, Dmitry Bogatov wrote:
> > > > [2019-03-07 12:57] Andras Korn 
> > > > > part 1 text/plain 218
> > > > > Sorry, I sent an earlier version of the patch by mistake.
> > > > >
> > > > > I'm attaching the correct one, which I tested and which works for
me.
> > > > > [...]
> > > > > -  if (sigc && (stat(STOPIT, &s) != -1) && (s.st_mode &
S_IXUSR)) {
> > > > > +  if ((sigp) || (sigc && (stat(STOPIT, &s) != -1) &&
(s.st_mode & S_IXUSR))) {
> > > >
> > > > As far as I can tell by glance on patch, you want SIGPWR trigger
reboot.
> > > > If so, why don't you create REBOOT file in, say, /etc/rc.local and
make
> > > > lxc controller to send SIGCONT?
> > >
> > > No -- I want SIGPWR to trigger a halt.
> > >
> > > For the purposes of LXC, any signal will do; I just need for a signal
to
> > > trigger a shutdown regardless of the permissions on runit.stopit and
> > > runit.reboot.
> >
> > Halt. Fine. But why can't you pre-provision you container with apporiate
> > `stop.*' file with apporiate permissions?
>
> Because that adds complexity elsewhere -- /etc/runit/1 as shipped creates
> /run/runit.stopit with mode 0, so either all containers would need ot
have a
> custom /etc/runit/1, or run a custom script to chmod 100 /run/runit.stopit
> on every boot, or have an immutable /run/runit.stopit.
>
> It's not just about me; this affects everyone who wants to use runit
inside
> an lxc container.
>
> My goal is to make using runit as hassle-free as possible, without
> sacrificing any of its core values.
>
> > > > By the way, SIGPWR is not in POSIX, according to signal(7).
> > >
> > > You're right; in that case, maybe we can use SIGQUIT?
> >
> > SIGTERM feels better, imho. TERM is graceful termination, while SIGQUIT
> > creates coredump. By default.
>
> SIGPWR would be nice to use as the halt signal because it's the lxc
default,
> so that runit could be a drop-in replacement for sysvinit in LXC
containers.

We should recognize that SIGPWR was chosen in a fairly arbitrary way.
Of course, SIGPWR is in use today by LXC and powerstatd so it is useful to
support.

>
> If we're not going to use SIGPWR it's pretty much all the same which
signal
> we use, because it will need to be configured explicitly in LXC (but
that's
> acceptable -- POSIX is important enough).
>
> > But this naming only matters if you explain to me, how solution not
> > involving changing C code does not suffice. Two lines for convenience in
> > this case, three there -- and we all know where it ends.
>
> I'm sorry, I don't buy the slippery slope argument. I'm not adding a DNS
> resolver, a DHCP client or a QR encoder, merely making the user interface
a
> tiny bit more similar to sysvinit's, to make integration easier. This is
> entirely in line with The Unix Way: making one program a drop-in
replacement
> for another such that other programs interfacing with them don't see a
> difference unless they need to. It's why bzip2 and gzip take most of the

You are taking a previously portable codebase and making it not portable.
As a distribution patch, this might be acceptable. However it is an
unfortunate compromise.

Personally, I elect to replace the runit-init program entirely and only use
the supervision suite.
There is absolutely zero reason for an init system to call reboot(2). It is
simply unnecessary.

I have written a guide to do exactly this. It leverages two small C
programs:

* linit:
  * Reaps zombies
  * Ignores SIGCHLD, preventing new zombies
  * Sets up signal handlers for SIGINT and SIGPWR that spawn hooks
  * Spawns a boot hook
  * Calls pause()
* lreboot: calls reboot(2)

The rest is simply some scripting to emulate what runit-init does.
Please review the guide and source code for the above C programs:

https://gitlab.com/chinstrap/linit/blob/master/README.runit.md

Regards,
--
Cameron Nemo

Bug#925106: php7.3-common: please add Breaks: php7.0-curl, gforge-common (<< 6)

2019-03-23 Thread Andreas Beckmann 
Followup-For: Bug #925106

Hi,

next round, let's add a Breaks: gforge-common (<< 6), too.
That's the version from jessie (there is no gforge-common in stretch, so
the jessie version may be kept installed on long grown system upgrades),
which will fail to remove under php7.3:

  Removing gforge-shell-postgresql (5.3.2+20141104-3+deb8u3) ...
  PHP Deprecated:  Methods with the same name as their class will not be 
constructors in a future version of PHP; Error has a deprecated constructor in 
/usr/share/gforge/common/include/Error.class.php on line 36
  PHP Fatal error:  Cannot declare class Error, because the name is already in 
use in /usr/share/gforge/common/include/Error.class.php on line 36
  dpkg: error processing package gforge-shell-postgresql (--remove):
   installed gforge-shell-postgresql package pre-removal script subprocess 
returned error exit status 255

This happens in multiple gforge packages, but can be prevented by
uninstalling it before php7.3 gets installed.


Andreas
diff -Nru php7.3-7.3.3/debian/changelog php7.3-7.3.3/debian/changelog
--- php7.3-7.3.3/debian/changelog   2019-03-07 20:43:34.0 +0100
+++ php7.3-7.3.3/debian/changelog   2019-03-19 04:03:09.0 +0100
@@ -1,3 +1,14 @@
+php7.3 (7.3.3-2) UNRELEASED; urgency=medium
+
+  * php7.3-common: Add Breaks against php7.0-curl for smoother upgrades from
+stretch.  (Closes: #925106)
+  * php7.3-common: Add Breaks against gforge-common from jessie which uses a
+deprecated constructor syntax.
+  * Deterministically generate debian/control by sorting the extension
+packages.
+
+ -- Andreas Beckmann   Tue, 19 Mar 2019 04:03:09 +0100
+
 php7.3 (7.3.3-1) unstable; urgency=medium
 
   * New upstream version 7.3.3
diff -Nru php7.3-7.3.3/debian/php-common.substvars.extra 
php7.3-7.3.3/debian/php-common.substvars.extra
--- php7.3-7.3.3/debian/php-common.substvars.extra  2019-03-07 
20:43:34.0 +0100
+++ php7.3-7.3.3/debian/php-common.substvars.extra  2019-03-19 
04:03:09.0 +0100
@@ -1 +1 @@
-php-common:Breaks=php7.2-sodium
+php-common:Breaks=php7.0-curl, php7.2-sodium, gforge-common (<< 6)
diff -Nru php7.3-7.3.3/debian/rules php7.3-7.3.3/debian/rules
--- php7.3-7.3.3/debian/rules   2019-03-07 20:43:34.0 +0100
+++ php7.3-7.3.3/debian/rules   2019-03-19 04:03:09.0 +0100
@@ -607,7 +607,7 @@
 
 debian/control: debian/control.in debian/rules debian/changelog 
debian/source.lintian-overrides debian/rules.d/* debian/php-module.control.in
$(SED) -e "s/@PHP_VERSION@/$(PHP_NAME_VERSION)/g" -e 
"s/@BUILT_USING@/$(BUILT_USING)/g" >$@ <$<
-   for ext in $(ext_PACKAGES); do \
+   for ext in $(sort $(ext_PACKAGES)); do \
  package=php$(PHP_NAME_VERSION)-$${ext}; \
  description=$$(eval echo \$${$${ext}_DESCRIPTION}); \
  echo >>$@; \

Bug#924946: unblock: budgie-desktop/10.5-1

2019-03-23 Thread David Mohammed 
Jonathan,

  ah - maybe I understood the freeze process - I attached the proposed
debdiff for 10.5 to this unblock request.  I thought the evaluation
would be done on that.

I can certainly upload 10.5 to unstable - should I do this?

David

On Sat, 23 Mar 2019 at 15:44, Jonathan Wiltshire  wrote:
>
> Control: tag -1 moreinfo
>
> On Mon, Mar 18, 2019 at 08:24:46PM +, David Mohammed wrote:
> > Please unblock package budgie-desktop
> >
> > Upstream have released v10.5 of budgie desktop. I have been regularly
> > uploading Git tarball releases getting valuable testing feedback and
> > resolving issues with upstream.
> >
> > This unblock request is the final step - to catch up with the final
> > changes for the release.  The vast bulk of the debdiff are just
> > translations.
>
> Comparing testing and sid:
>
> | I: using version 10.5~git20190218-1 from unstable
> | I: versions identical, nothing to diff
>
> Did the upload get forgotten?
>
> Thanks,
>
> --
> Jonathan Wiltshire  j...@debian.org
> Debian Developer http://people.debian.org/~jmw
>
> 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
>

Bug#925352: unblock: lxqt-config/0.14.1-2

2019-03-23 Thread Alf Gaida 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package lxqt-config

there was a regression with keyboard layout shortcut handling that make using
different keyboard layouts/models hard for people who need this functionality.

Source diff:

diff --git a/debian/changelog b/debian/changelog
index 712d526..eec2f8b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+lxqt-config (0.14.1-2) unstable; urgency=medium
+
+  * Fixed keyboard layout switch shortcut (Closes: #925346)
+
+ -- Alf Gaida   Sat, 23 Mar 2019 15:40:43 +0100
+
 lxqt-config (0.14.1-1) unstable; urgency=medium
 
   * Cherry-picking new upstream version 0.14.1.
diff --git a/debian/patches/fix-keybord-layout-shortcut.patch 
b/debian/patches/fix-keybord-layout-shortcut.patch
new file mode 100644
index 000..d94ce4c
--- /dev/null

+++ b/debian/patches/fix-keybord-layout-shortcut.patch
@@ -0,0 +1,32 @@
+From dfe9a2b27aab40262b9186672fad480a406d5c4a Mon Sep 17 00:00:00 2001
+From: Tsu Jan 
+Date: Fri, 22 Mar 2019 19:55:32 +0430
+Subject: [PATCH] Fixed changing keyboard layout switch shortcut and model
+
+Fixes https://github.com/lxqt/lxqt-config/issues/445
+---
+ lxqt-config-input/keyboardlayoutconfig.cpp | 10 --
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/lxqt-config-input/keyboardlayoutconfig.cpp 
b/lxqt-config-input/keyboardlayoutconfig.cpp
+index f5a7f24..bc6c369 100644
+--- a/lxqt-config-input/keyboardlayoutconfig.cpp
 b/lxqt-config-input/keyboardlayoutconfig.cpp
+@@ -40,8 +40,14 @@ KeyboardLayoutConfig::KeyboardLayoutConfig(LXQt::Settings* 
_settings, QWidget* p
+   connect(ui.removeLayout, &QAbstractButton::clicked, this, 
&KeyboardLayoutConfig::onRemoveLayout);
+   connect(ui.moveUp, &QAbstractButton::clicked, this, 
&KeyboardLayoutConfig::onMoveUp);
+   connect(ui.moveDown, &QAbstractButton::clicked, this, 
&KeyboardLayoutConfig::onMoveDown);
+-  connect(ui.keyboardModel, QOverload::of(&QComboBox::activated), this, 
&KeyboardLayoutConfig::settingsChanged);
+-  connect(ui.switchKey, QOverload::of(&QComboBox::activated), this, 
&KeyboardLayoutConfig::settingsChanged);
++  connect(ui.keyboardModel, QOverload::of(&QComboBox::activated), 
[this](int /*index*/) {
++applyConfig_ = true;
++Q_EMIT settingsChanged();
++  });
++  connect(ui.switchKey, QOverload::of(&QComboBox::activated), [this](int 
/*index*/) {
++applyConfig_ = true;
++Q_EMIT settingsChanged();
++  });
+ }
+ 
+ KeyboardLayoutConfig::~KeyboardLayoutConfig() {
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..006086d
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+fix-keybord-layout-shortcut.patch

unblock lxqt-config/0.14.1-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.3-towo.1-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#924946: unblock: budgie-desktop/10.5-1

2019-03-23 Thread Jonathan Wiltshire 
Control: tag -1 moreinfo

On Mon, Mar 18, 2019 at 08:24:46PM +, David Mohammed wrote:
> Please unblock package budgie-desktop
> 
> Upstream have released v10.5 of budgie desktop. I have been regularly
> uploading Git tarball releases getting valuable testing feedback and
> resolving issues with upstream.
> 
> This unblock request is the final step - to catch up with the final
> changes for the release.  The vast bulk of the debdiff are just
> translations.

Comparing testing and sid:

| I: using version 10.5~git20190218-1 from unstable
| I: versions identical, nothing to diff

Did the upload get forgotten?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#925351: stretch-pu: package dns-root-data/2019031302~deb9u1

2019-03-23 Thread Daniel Kahn Gillmor 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Control: affects -1 src:dns-root-data

Please consider an update to dns-root-data in debian stretch.

This package reflects the state of the network, and keeping it current
is useful for all the packages that depend on it.  In particular, it
removes a DNSSEC root key that is expired.

For future DNSSEC root key rollovers, we should do something better than
a package upgrade (see https://bugs.debian.org/925349) but for now this
is the least restrictive change.

The debdiff from the previous version in stretch is attached.

This proposed release is also available at the
"debian/2019031302_deb9u1" tag on the "debian/stretch" branch at
the git repo for dns-root-data packaging:

https://salsa.debian.org/dns-team/dns-root-data

Please followup on this ticket to confirm whether I should upload this
revision to stretch.

Thanks for helping to maintain debian's stable release!

   --dkg

diff --git publicsuffix-2017072601~deb9u1/debian/changelog publicsuffix-2019031302~deb9u1/debian/changelog
index 036aebe..660bdd3 100644
--- publicsuffix-2017072601~deb9u1/debian/changelog
+++ publicsuffix-2019031302~deb9u1/debian/changelog
@@ -1,3 +1,19 @@
+dns-root-data (2019031302~deb9u1) stretch; urgency=medium
+
+  * Rebuild for stretch-backports.
+  * d/control: move Vcs-* to salsa.debian.org
+  * d/control: use dns-root-d...@packages.debian.org as Maintainer
+  * sort generated .ds files by key tag
+  * Update root.hints to 2018013001
+  * Update order of root.key to follow output of unbound-anchor
+  * use DEP-14 branches
+  * update root data to 2019031302
+  * parse-root-anchors.sh: account for validity windows
+  * check: deliberately skip the TTL generated by ldns-key2ds
+  * add myself to uploaders
+
+ -- Daniel Kahn Gillmor   Sat, 23 Mar 2019 15:43:27 +0100
+
 dns-root-data (2017072601~deb9u1) stretch; urgency=high
 
   * Update root.hints to 2017072601 version
diff --git publicsuffix-2017072601~deb9u1/debian/control publicsuffix-2019031302~deb9u1/debian/control
index 8413872..bd0ab25 100644
--- publicsuffix-2017072601~deb9u1/debian/control
+++ publicsuffix-2019031302~deb9u1/debian/control
@@ -1,8 +1,9 @@
 Source: dns-root-data
 Section: misc
 Priority: optional
-Maintainer: Debian DNS Maintainers 
+Maintainer: dns-root-data packagers 
 Uploaders: Ondřej Surý ,
+   Daniel Kahn Gillmor ,
 	   Robert Edmonds 
 Build-Depends: debhelper (>= 8.0.0),
 	   unbound-anchor,
@@ -11,8 +12,8 @@ Build-Depends: debhelper (>= 8.0.0),
 	   xml2
 Standards-Version: 3.9.6
 Homepage: https://data.iana.org/root-anchors/
-Vcs-Git: git://git.debian.org/pkg-dns/dns-root-data.git
-Vcs-Browser: http://git.debian.org/?p=pkg-dns/dns-root-data.git;a=summary
+Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git -b debian/stretch
+Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data
 
 Package: dns-root-data
 Architecture: all
diff --git publicsuffix-2017072601~deb9u1/debian/gbp.conf publicsuffix-2019031302~deb9u1/debian/gbp.conf
index 3b27f6d..9453f5b 100644
--- publicsuffix-2017072601~deb9u1/debian/gbp.conf
+++ publicsuffix-2019031302~deb9u1/debian/gbp.conf
@@ -1,2 +1,2 @@
 [DEFAULT]
-debian-branch = master-stretch
+debian-branch = debian/stretch
diff --git publicsuffix-2017072601~deb9u1/debian/rules publicsuffix-2019031302~deb9u1/debian/rules
index b697fc0..453b594 100755
--- publicsuffix-2017072601~deb9u1/debian/rules
+++ publicsuffix-2019031302~deb9u1/debian/rules
@@ -15,13 +15,13 @@ override_dh_auto_build:
 	openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml
 
 	# Create key from validated root-anchors.xml
-	./parse-root-anchors.sh < root-anchors.xml > root-anchors.ds
+	./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds
 
 	# Create key from downloaded root.key
-	/usr/bin/ldns-key2ds -n -2 root.key | sed -e 's/\t/ /g' -e 's/ 172800//' > root.ds
+	/usr/bin/ldns-key2ds -n -2 root.key | cut --fields=1,3- --output-delimiter=' ' | sort -k 4 -n > root.ds
 
 	# Compare the DS from root.key and from root-anchors.xml
-	diff root-anchors.ds root.ds
+	diff -u root-anchors.ds root.ds
 
 override_dh_auto_clean:
 	rm -f root-anchors.ds root.ds
diff --git publicsuffix-2017072601~deb9u1/parse-root-anchors.sh publicsuffix-2019031302~deb9u1/parse-root-anchors.sh
index 4281534..eb1696b 100755
--- publicsuffix-2017072601~deb9u1/parse-root-anchors.sh
+++ publicsuffix-2019031302~deb9u1/parse-root-anchors.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-unset ZONE KTAG ALGO DTYPE DIGEST
+unset ZONE KTAG ALGO DTYPE DIGEST EXPIRES BEGINS
 
 export IFS="="
 xml2 | while read -r KEY VAL; do
@@ -9,14 +9,22 @@ xml2 | while read -r KEY VAL; do
 	"/TrustAnchor/KeyDigest/KeyTag") KTAG="$VAL";;
 	"/TrustAnchor/KeyDigest/Algorithm") ALGO="$VAL";;
 	"/TrustAnchor/KeyDigest/DigestType") DTYPE="$VAL";;
+	"/TrustAnchor/KeyDigest/@validUntil") EXPIRES="$VAL";;
+	"/TrustAnchor/K

Bug#921012: network-manager: change dependency on libpam-systemd to libpam-systemd or libpam-elogind

2019-03-23 Thread Mark Hindley 
On Sat, Mar 23, 2019 at 02:39:41PM +, Mark Hindley wrote:
> Control: reopen -1
> 
> On Tue, Feb 26, 2019 at 07:08:33PM +0100, Michael Biebl wrote:
> > On Thu, 31 Jan 2019 10:38:07 -0500 Dolphin Oracle
> >  wrote:
> > > Package: network-manager
> > > Version: 1.14.4-4
> > > Severity: important
> > > 
> > > Dear Maintainer,
> > > 
> > > Since elogind is now included in buster, can the libpam-systemd depend 
> > > for network-manager 
> > > be changed from libpam-systemd to libpam-systemd | libpam-elogind

Now the new default-logind | logind virtual packages have been seconded for
inclusion in the Policy, it would be better to make use of them:

commit c7b32874e52de188f2a09562ba96fd00cf5b98eb
Author: Mark Hindley 
Date:   Sat Mar 23 14:44:13 2019 +

Use new virtual logind packages.

diff --git a/debian/control b/debian/control
index f42b6bf5..c2302c2e 100644
--- a/debian/control
+++ b/debian/control
@@ -57,7 +57,7 @@ Depends: ${shlibs:Depends},
  dbus,
  udev,
  adduser,
- libpam-systemd,
+ default-logind | logind,
  policykit-1
 Recommends: ppp,
 dnsmasq-base,

Thanks

Mark

Bug#921012: network-manager: change dependency on libpam-systemd to libpam-systemd or libpam-elogind

2019-03-23 Thread Mark Hindley 
Control: reopen -1

On Tue, Feb 26, 2019 at 07:08:33PM +0100, Michael Biebl wrote:
> On Thu, 31 Jan 2019 10:38:07 -0500 Dolphin Oracle
>  wrote:
> > Package: network-manager
> > Version: 1.14.4-4
> > Severity: important
> > 
> > Dear Maintainer,
> > 
> > Since elogind is now included in buster, can the libpam-systemd depend for 
> > network-manager 
> > be changed from libpam-systemd to libpam-systemd | libpam-elogind
> 
> network-manager uses interfaces like hostnamed which are not implemented
> by elogind. In case of network-manager elogind is thus not a suitable
> replacement.

Michael,

I am wondering if I can persuade you to reconsider this?

Looking at the sources, if hostnamed is not available, network-manager falls
back to reading /etc/hostname.

My testing of network-manager in cinnamon, xfce4, mate and budgie is that it
functions correctly.

If network-manager limits itself to libpam-systemd, many desktops are not
installable on non-systemd systems even though the are/could be functional.

Thanks for thinking again.

Mark

Bug#923581: s3fs-fuse FTCBFS: abuses AC_CHECK_FILE

2019-03-23 Thread Mattia Rizzolo 
Control: tag -1 fixed-upstream

On Sat, Mar 02, 2019 at 01:53:45PM +0100, Helmut Grohne wrote:
> s3fs-fuse fails to cross build from source, because configure.ac abuses
> AC_CHECK_FILE. The macro is meant to check for files on the host system.
> configure.ac however uses it to inspect the build tree. A simple test
> invocation better serves that need. The attached patch fixes that and
> makes s3fs-fuse cross buildable. Please consider applying it.

This has been fixed upstream at
https://github.com/s3fs-fuse/s3fs-fuse/commit/df604e50fb3187048ac12057b8fac798694fda60

Alas, after the latest release 1.85.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#925350: unblock: ubuntu-keyring/2018.09.18.1-5

2019-03-23 Thread Hideki Yamane 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

 Please unblock package ubuntu-keyring

 * This update fixes file removal at maintainer script, and also deals with 
symlink
   removal that the package in testing doesn't create properly as below

>>  # force remove garbage that was created by previous version, oh moron...
>>  rm -f /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cloud-archive\,\ 
>> ubuntu-cloud-removed-keys.gpg

 * ubuntu-keyring is leaf package, no package will be affected with this
   change if there would be a regression ;)

>> $ apt-rdepends -r ubuntu-keyring
>> ubuntu-keyring
>>  Reverse Depends: ubuntu-archive-keyring (2018.09.18.1-5)

 ubuntu-archive-keyring is just a transitional package.


 Here's a debdiff.

diff -Nru ubuntu-keyring-2018.09.18.1/debian/changelog 
ubuntu-keyring-2018.09.18.1/debian/changelog
--- ubuntu-keyring-2018.09.18.1/debian/changelog2019-02-07 
00:26:23.0 +0900
+++ ubuntu-keyring-2018.09.18.1/debian/changelog2019-03-12 
01:40:45.0 +0900
@@ -1,3 +1,16 @@
+ubuntu-keyring (2018.09.18.1-5) unstable; urgency=medium
+
+  * debian/*.post{inst,rm}
+- use apt-config(8)'s Dir::Etc::trustedparts and fix keyring removal error.
+  Thanks to Linda Lapinlampi  and
+  Hiroyuki YAMAMORI  (Closes: #922176, #922177)
+  * debian/ubuntu-dbgsym-keyring.templates
+- add ubuntu-dbgsym-keyring.gpg (See #922348)
+  * debian/control
+- add Rules-Requires-Root: no
+
+ -- Hideki Yamane   Tue, 12 Mar 2019 01:40:45 +0900
+
 ubuntu-keyring (2018.09.18.1-4) unstable; urgency=medium
 
   * debian/control
diff -Nru ubuntu-keyring-2018.09.18.1/debian/control 
ubuntu-keyring-2018.09.18.1/debian/control
--- ubuntu-keyring-2018.09.18.1/debian/control  2019-02-07 00:26:23.0 
+0900
+++ ubuntu-keyring-2018.09.18.1/debian/control  2019-03-12 01:40:45.0 
+0900
@@ -8,6 +8,7 @@
 Homepage: https://launchpad.net/ubuntu/+source/ubuntu-keyring
 Vcs-Git: https://salsa.debian.org/debian/ubuntu-keyring.git
 Vcs-Browser: https://salsa.debian.org/debian/ubuntu-keyring
+Rules-Requires-Root: no
 
 Package: ubuntu-archive-keyring
 Architecture: all
diff -Nru ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postinst 
ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postinst
--- ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postinst
2019-02-07 00:26:23.0 +0900
+++ ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postinst
2019-03-12 01:40:45.0 +0900
@@ -5,15 +5,26 @@
 case "$1" in
 install|configure)
 
+  # force remove garbage that was created by previous version, oh moron...
+  rm -f /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cloud-archive\,\ 
ubuntu-cloud-removed-keys.gpg
+
+
+  TRUSTEDPARTS="/etc/apt/trusted.gpg.d/"
+  eval "$(apt-config shell TRUSTEDPARTS Dir::Etc::trustedparts/d)"
+
+  # once clean up keyrings
+  rm -f "${TRUSTEDPARTS}ubuntu-keyring-2012-cloud-archive.gpg" \
+"${TRUSTEDPARTS}ubuntu-keyring-2012-removed-keys.gpg"
+
   . /usr/share/debconf/confmodule
   db_version 2.0
   db_get ubuntu-cloud-keyring/keyring
 
   if [ -n "$RET" ]; then
-for keyring in "$RET"
+selected=$(echo "$RET" | sed -e 's/, /\n/g')
+echo "$selected" | while read keyring
 do
-  rm -f /etc/apt/trusted.gpg.d/"$keyring".gpg
-  ln -sf /usr/share/keyrings/"$keyring".gpg /etc/apt/trusted.gpg.d/
+  ln -sf "/usr/share/keyrings/${keyring}.gpg" "$TRUSTEDPARTS"
 done
   fi
 
diff -Nru ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postrm 
ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postrm
--- ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postrm  
2019-02-07 00:26:23.0 +0900
+++ ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postrm  
2019-03-12 01:40:45.0 +0900
@@ -5,9 +5,12 @@
 case "$1" in
 purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
 
-rm -f /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cloud-archive.gpg \
-  /etc/apt/trusted.gpg.d/ubuntu-cloud-removed-keys.gpg \
-  /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg
+TRUSTEDPARTS="/etc/apt/trusted.gpg.d/"
+eval "$(apt-config shell TRUSTEDPARTS Dir::Etc::trustedparts/d)"
+
+rm -f "${TRUSTEDPARTS}ubuntu-keyring-2012-cloud-archive.gpg" \
+  "${TRUSTEDPARTS}ubuntu-cloud-removed-keys.gpg" \
+  "${TRUSTEDPARTS}ubuntu-cloud-keyring.gpg"
 
 ;;
 *)
diff -Nru ubuntu-keyring-2018.09.18.1/debian/ubuntu-dbgsym-keyring.postinst 
ubuntu-keyring-2018.09.18.1/debian/ubuntu-dbgsym-keyring.postinst
--- ubuntu-keyring-2018.09.18.1/debian/ubuntu-dbgsym-keyring.postinst   
2019-02-07 00:26:23.0 +0900
+++ ubuntu-keyring-2018.09.18.1/debian/ubuntu-dbgsym-keyring.postinst   
2019-03-12 01:40:45.0 +0900
@@ -5,15 +5

Bug#902963: dns-root-data: Added entry in /usr/share/dns/root.ds breaks dnsmasq startup

2019-03-23 Thread Daniel Kahn Gillmor 
Control: tags 902963 + moreinfo
Control: reassign 902963 dnsmasq
Control: retitle 902963 dnsmasq startup breaks when more than one entry is 
present in /usr/share/dns/root.ds
Control: affects 902963 + dns-root-data

On Wed 2018-07-04 00:45:10 +, Mark Blackburn wrote:
>* What led up to the situation?
> Installed dnsmasq on a stock system with ARM arch.
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
> Downgraded to dns-root-data 2017072601~deb8u1 (Had to download directly from
> repository and use dpkg instead of apt-get)

It's not clear to me that dns-root-data is the issue here -- dnsmasq
needs to be able to cope with having multiple entries in its root key
store.  So i'm reassigning this issue to dnsmasq.

If you could describe what the specific problem was (how dnsmasq failed
specifically), the failing version of dnsmasq, etc, that would help the
dnsmasq maintainer figure out what's going on.

Regards,

--dkg


signature.asc
Description: PGP signature

  1   2   >