Bug#928809: lintian: suggest adding gitlab-ci file

[Niels Thykier]

Chris Lamb:
> Dmitry Bogatov wrote:
> 
>>> [..]  I just think that lintian should be less pro-active at adding
>>> checks for things that are far from accepted.
>>
>> That is why I propose introducing concept of "controversial" checks.
> 
> I think we are all violently agreeing here. 
> 
>> Having Lintian plainly reject such proposals would mean need in creation
>> of something like "lintian-unofficial"
> 
> (Personally, I doubt someone would fork Lintian, more likely its
> output would become less and less "trusted". But both outcomes suck.)
> 
> 
> Best wishes,
> 

There would be no need to fork lintian over this.  Lintian supports
third-party checks (via third-party lintian profiles).  With files in
the proper place, you can have:

  lintian --profile debian/unofficial ...

run lintian's built-in plus the extra unofficial checks.

Thanks,
~Niels

Bug#929411: dstat: upstream discontinued due to reimplementation by RedHat

[Otto Kekäläinen]

> Upstream wrote on github that they are discontinuing the dstat project
> because RedHat reimplemented it and used the same name.
>
> https://github.com/dagwieers/dstat/issues/170
> https://www.redhat.com/en/blog/implementing-dstat-performance-co-pilot
> https://news.ycombinator.com/item?id=19986646

The project wasn't maintained anyway, so this makes no practical
difference. There was good open pull requests unhandled for years
(e.g. https://github.com/dagwieers/dstat/pull/96 since 2015) that
never got reviewed or merged. I offered to help with the project 6
months ago but got no response from the original author whatsoever,
until yesterday when he locked down all issues and thus prevented any
further communications (see
https://github.com/dagwieers/dstat/issues/158).

I have also contacted the current Debian maintainer last year and have
offered to maintain the package in Debian, but turns out this
maintainer was kicked out from Debian and thus not open for
collaboration.

I still use the tool and throwing away the current Python code base
would not seem to be like smart idea...

Bug#929421: zip4j -- java library for zip files

[merkys]

Package: wnpp
Owner: Andrius Merkys 
Severity: wishlist

* Package name    : zip4j
  Version : 1.3.3+ds
  Upstream Author : , Srikanth Reddy Lingala
* URL : http://www.lingala.net/zip4j
* License : Apache-2.0
  Programming Lang: Java
  Description : java library for zip files
 Features:
  * Create, Add, Extract, Update, Remove files from a Zip file
  * Read/Write password protected Zip files
  * AES 128/256 Encryption/Decryption
  * Standard Zip Encryption/Decryption
  * Zip64 format
  * Store (No Compression) and Deflate compression method
  * Create or extract files from Split Zip files (Ex: z01, z02,...zip)
  * Unicode file names
  * Progress Monitor

Remark: This package is to be maintained with Debian Java Maintainers at
   https://salsa.debian.org/java-team/zip4j

This package is required by deepboof, which I intend to package.

-- 
Andrius Merkys
Vilnius University Institute of Biotechnology, Saulėtekio al. 7, room V325
LT-10257 Vilnius, Lithuania

Bug#929420: libsieve FTCBFS: does not pass --host to ./configure

[Helmut Grohne]

Source: libsieve
Version: 2.2.6-2
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

libsieve fails to cross build from source, because it does not pass
--host to ./configure. The easiest way of fixing that - using
dh_auto_configure - makes libsieve cross buildable. Please consider
applying the attached patch.

Helmut
diff -u libsieve-2.2.6/debian/changelog libsieve-2.2.6/debian/changelog
--- libsieve-2.2.6/debian/changelog
+++ libsieve-2.2.6/debian/changelog
@@ -1,3 +1,9 @@
+libsieve (2.2.6-3) UNRELEASED; urgency=medium
+
+  * Fix FTCBFS: Let dh_auto_configure pass --host to ./configure. (Closes: #-1)
+
+ -- Helmut Grohne   Thu, 23 May 2019 06:12:17 +0200
+
 libsieve (2.2.6-2) unstable; urgency=medium
 
   * QA upload.
diff -u libsieve-2.2.6/debian/rules libsieve-2.2.6/debian/rules
--- libsieve-2.2.6/debian/rules
+++ libsieve-2.2.6/debian/rules
@@ -32,8 +32,8 @@
 configure-stamp:
dh_testdir
test -d debian/orig || mkdir debian/orig 
-   cd src && (autoreconf -f -i && ./configure --prefix=/usr)
-   #cd src && ./configure --prefix=/usr
+   cd src && autoreconf -f -i
+   dh_auto_configure --sourcedirectory=src -- --libdir='$${prefix}/lib'
touch $@
 
 build: build-stamp

Bug#929419: unblock: tasksel/3.53

[Holger Wansing]

Package: release.debian.org
Usertags: unblock


I would like to request an unblock for version 3.53 of tasksel.


The changings contain:

- Remove bubulle from uploaders.
- Translation update for Korean
- Trivial syntax fixes in changelog file.


A corresponding debdiff is attached.



Thanks
Holger

-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076
diff -Nru tasksel-3.52/debian/changelog tasksel-3.53/debian/changelog
--- tasksel-3.52/debian/changelog	2019-04-02 22:48:50.0 +0200
+++ tasksel-3.53/debian/changelog	2019-05-23 05:57:05.0 +0200
@@ -1,4 +1,18 @@
+tasksel (3.53) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Cyril Brulebois ]
+  * Remove Christian Perrier from Uploaders, with many thanks for all
+his contributions over the years! (Closes: #927489)
+
+  [ Updated debconf translations ]
+  * Korean (ko.po) by Changwoo Ryu.
+
+ -- Holger Wansing   Thu, 23 May 2019 05:57:05 +0200
+
 tasksel (3.52) unstable; urgency=medium
+
   * Team upload.
 
   [ Updated translations ]
@@ -7,6 +21,7 @@
  -- Holger Wansing   Tue, 02 Apr 2019 22:48:50 +0200
 
 tasksel (3.51) unstable; urgency=medium
+
   * Team upload.
 
   * Add firefox-l10n-ne-np to task-nepali-desktop. Closes: #922123
@@ -32,6 +47,7 @@
  -- Holger Wansing   Sun, 10 Mar 2019 23:12:54 +0100
 
 tasksel (3.50) unstable; urgency=medium
+
   * Team upload.
 
   [ Yves-Alexis Perez ]
@@ -49,6 +65,7 @@
  -- Holger Wansing   Fri, 08 Feb 2019 22:28:45 +0100
 
 tasksel (3.49) unstable; urgency=medium
+
   * Team upload
 
   [ Tetsutaro KAWADA ]
diff -Nru tasksel-3.52/debian/control tasksel-3.53/debian/control
--- tasksel-3.52/debian/control	2019-03-10 23:11:31.0 +0100
+++ tasksel-3.53/debian/control	2019-04-22 09:13:13.0 +0200
@@ -2,8 +2,7 @@
 Section: tasks
 Priority: optional
 Maintainer: Debian Install System Team 
-Uploaders: Christian Perrier ,
-   Nicolas Braud-Santoni 
+Uploaders: Nicolas Braud-Santoni 
 Standards-Version: 4.1.4
 Build-Depends: po-debconf, debhelper (>= 9), gettext, dpkg-dev (>= 1.9.0)
 Vcs-Browser: https://salsa.debian.org/installer-team/tasksel
diff -Nru tasksel-3.52/debian/po/ko.po tasksel-3.53/debian/po/ko.po
--- tasksel-3.52/debian/po/ko.po	2018-08-10 21:25:13.0 +0200
+++ tasksel-3.53/debian/po/ko.po	2019-05-23 05:42:53.0 +0200
@@ -1,13 +1,13 @@
 # Sunjae Park , 2005
-# Changwoo Ryu , 2005.
+# Changwoo Ryu , 2005, 2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: tasksel_debian\n"
 "Report-Msgid-Bugs-To: task...@packages.debian.org\n"
 "POT-Creation-Date: 2018-05-23 01:37+0200\n"
-"PO-Revision-Date: 2007-12-30 07:11+0900\n"
-"Last-Translator: Sunjae Park \n"
+"PO-Revision-Date: 2019-05-20 08:09+0900\n"
+"Last-Translator: Changwoo Ryu \n"
 "Language-Team: Korean \n"
 "Language: ko\n"
 "MIME-Version: 1.0\n"
@@ -47,7 +47,7 @@
 #. Description
 #: ../templates:3001
 msgid "This can be preseeded to override the default desktop."
-msgstr ""
+msgstr "이 설정에 대해 미리 설정 기능을 이용해 기본 데스크톱을 바꿀 수 있습니다."
 
 #. Type: title
 #. Description

Bug#929193: remove key 6FB2A1C265FFB764 from /usr/share/keyrings/debian-archive-keyring.gpg

[Pradeep Nambiar]

  
  
This can be closed.
I removed key the expired key 6FB2A1C265FFB764 from
  /usr/share/keyrings/debian-archive-keyring.gpg using the command
  and it seem to fix this issue.
sudo gpg --no-default-keyring
  --keyring=/usr/share/keyrings/debian-archive-keyring.gpg
  --delete-key 6FB2A1C265FFB764

Thanks
  

Bug#929418: screen: /run/screen isn't created

[Phil Dibowitz]

Package: screen
Version: 4.6.2-3
Severity: normal

Dear Maintainer,

After a fresh eboot, trying to create a screen session fails with:

  [phil@rider ~]$ screen
  Cannot make directory '/run/screen': Permission denied

It's easy enough to make a 'screen' dir with 777 perms as screen
expects, but the user shouldn't have to do this manually.

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages screen depends on:
ii  libc6 2.28-10
ii  libpam0g  1.3.1-5
ii  libtinfo6 6.1+20181013-2
ii  libutempter0  1.1.6-3

screen recommends no packages.

Versions of packages screen suggests:
pn  byobu | screenie | iselect  
ii  ncurses-term6.1+20181013-2

-- debconf information:
  screen/403-copy-failed:
* screen/410-upgrade:

Bug#929417: debconf: Readline frontend should check that stdin is a tty (to fix Docker build freezes)

[Anders Kaseorg]

Package: debconf
Version: 1.5.72
Tags: patch

When building a Debian- or Ubuntu-based Docker container, installing
perl (so that Term::Readline is available) and a package that asks a
Debconf question causes the build to freeze with an interactive readline
prompt that cannot be answered:

$ cat Dockerfile
FROM debian:sid-20190506-slim
RUN apt-get update
RUN apt-get -y --no-install-recommends install perl keyboard-configuration

$ docker build .
[…]
Setting up keyboard-configuration (1.191) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
Configuring keyboard-configuration
--

Please select the layout matching the keyboard for this machine.

  1. English (US)
[…]
  21. Other
Keyboard layout:

Docker builds are noninteractive, of course, and stdin is connected to 
/dev/null.  What seems to have happened here is that apt created a pty and 
connected stdout and stderr to it, but left stdin connected to /dev/null. 
The Readline frontend checked that there’s a controlling tty (there is), 
but failed to check that stdin is a tty (it’s not).  So it proceeded to 
wait for input from a tty that will never provide it.


(Obviously one can set DEBIAN_FRONTEND=noninteractive as a workaround, but 
that shouldn’t be necessary, and is in fact discouraged: 
https://docs.docker.com/engine/faq/#why-is-debian_frontendnoninteractive-discouraged-in-dockerfiles 
because it’s often set in ways that persist for longer than intended.)


I’ll let the maintainers decide whether it’s worth updating the translated 
error message to be more technically accurate.


--- a/Debconf/FrontEnd/Readline.pm
+++ b/Debconf/FrontEnd/Readline.pm
@@ -44,8 +44,7 @@ sub init {
$this->SUPER::init(@_);

# Yeah, you need a controlling tty. Make sure there is one.
-   open(TESTTY, "/dev/tty") || die gettext("This frontend requires a controlling 
tty.")."\n";
-   close TESTTY;
+   -t STDIN || die gettext("This frontend requires a controlling 
tty.")."\n";

$Term::ReadLine::termcap_nowarn = 1; # Turn off stupid termcap warning.
$this->readline(Term::ReadLine->new('debconf'));

Bug#929005: superkb FTCBFS: upstream build system hard codes build architecture tools

[Octavio Alvarez]

On 5/22/19 7:59 AM, Helmut Grohne wrote:

On Wed, May 22, 2019 at 05:35:08AM -0500, Octavio Alvarez wrote:

First, in commit b364c89897 [1] I moved the help text outside of main.c into
a separate header file.


It seems to me that this commit misses the addition of the separate
header file.


Thank you for catching that. I added commit cf9a9bb3 [1] with the 
missing file.


Octavio.

[1] fix: added forgotten main-help-message.h
https://gitlab.com/alvarezp2000/superkb/commit/cf9a9bb303036085180181808078abe6ac652aff

Bug#928923: Acknowledgement (linux-image-4.19.0-4-cloud-amd64: reports different NIC name than linux-image-amd64 on virtio-net)

[Xinyue Lu]

To reproduce this issue, one must set Machine Type in VM Hardware to
"q35" instead of the default i440fx.

The issue can still be reproduced on linux-image-4.19.0-5-cloud-amd64 4.19.37-3.

Bug#929416: ferm: using legacy tools

[sergio]

Package: ferm
Version: 2.4-1
Severity: normal

Dear Maintainer,

1. With ebtables set to ebtables-nft (via alternatives):

# cat /etc/ferm/printer.ferm
@def $PrinterMAC = MAC;

domain eb table broute chain BROUTING {
daddr $PrinterMAC {
DROP;
}
}

# ferm /etc/ferm/printer.ferm
Policy ACCEPT not allowed for user defined chains.
Cannot rollback domain 'eb' because there is no ebtables-restore



2. With iptables set to iptables-nft (via alternatives) I've discovered
   NULL pointer dereference: https://bugzilla.kernel.org/show_bug.cgi?id=203681
   (Yes, this is not a ferm issue)


The question is: should ferm call *-legacy tools directly regardless
alternative settings?   

Bug#929415: ferm: domain eb ip match wrong rule

[sergio]

Package: ferm
Version: 2.4-1
Severity: normal

Dear Maintainer,

I've already reported this problem but looks like author ignores me:
https://github.com/MaxKellermann/ferm/issues/32



The correct command, that works:

ebtables -t broute -A BROUTING --protocol IPV4 --ip-source  --jump ACCEPT

in ferm form:

% cat test.conf
domain eb table broute chain BROUTING {
proto IPV4 mod ip source  ACCEPT;
}
% /usr/sbin/ferm --shell --remote test.conf
...
ebtables -t broute -A BROUTING --protocol IPV4 --match ip --source  --jump 
ACCEPT

trying ro run it will give:

Unknown argument: '--match

Bug#929414: dbconfig-common: Assumes pgsql ident means dbuser must exist as a local user

[Matthew Gabeler-Lee]

Package: dbconfig-common
Version: 2.0.11
Severity: normal

dbconfig-common assumes that, if "ident" auth is used with postgresql, then
the database user must also exist as a local user.

This is ... not true.

The "peer" auth in postgresql just means that the identity of the connecting
user authenticates for the database user.  There is no requirement that the
two must be the same.

Given a setup like this, upgrades fail in strange ways:

runuser: options --{shell,fast,command,session-command,login} and --user 
are mutually exclusive

Running with `dbc_debug` shows a more useful sequence (long command lines
trimmed because it's only the start that is important):

creating database backup in /var/cache/dbconfig-common/backups/...
runuser --user  -- /bin/sh -c "...
unable to connect to postgresql server.
dumping database as user failed, retrying with administrator credentials.  
dbc_get_admin_pass() .
runuser --user postgres -- /bin/sh -c "...
runuser --user postgres -- /bin/sh -c "...
_dbc_apply_upgrades() 19.2.
applying upgrade sql for 18.12+dfsg-1 -> 19.2.
runuser --user  -- /bin/sh -c "...
error encountered processing /usr/share/dbconfig-common/data/...
runuser: options --{shell,fast,command,session-command,login} and --user 
are mutually exclusive

It doesn't help that `runuser` is giving a wildly misleading error here, but
the root cause is the `_dbc_psql_local_username` function having this logic:

if [ "${dbc_dbuser:-}" ] && id $dbc_dbuser >/dev/null 2>&1; then
echo $dbc_dbuser
return 0
else
dbc_error="ident method specified but local account doesn't 
exist. mapping isn't supported"
return 1
fi

This is exacerbated by the call sites for this function not checking for
errors, and blithely passing the empty username string to `runuser`.

Ironically, in this configuration (system user is providing the real
authentication for connection over a unix socket), it seems that selecting
password auth and giving a bogus password may work, since pgsql won't be
looking at the password at all.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'stable'), (500, 
'oldstable'), (490, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.0.0-trunk-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dbconfig-common depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  ucf3.0038+nmu1

dbconfig-common recommends no packages.

Versions of packages dbconfig-common suggests:
ii  dbconfig-mysql2.0.11
ii  dbconfig-pgsql2.0.11
ii  dbconfig-sqlite3  2.0.11

-- debconf information excluded

Bug#929413: virtualbox-guest-dkms: vbox_fb.c:336: error: unterminated #else

[Kentaro Hayashi]

Package: virtualbox-guest-dkms
Version: 6.0.8-dfsg-5
Severity: important
X-Debbugs-Cc: haya...@clear-code.com,locutusofb...@debian.org

Dear Maintainer,

   * What led up to the situation?

 Upgrading virtualbox-guest-dkms (6.0.8-dfsg-4 => 6.0.8-dfsg-5) causes
 post-installation script subprocess returned error exit status 10

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

 % sudo apt upgrade -V

   * What was the outcome of this action?

Setting up virtualbox-guest-dkms (6.0.8-dfsg-5) ...
Removing old virtualbox-guest-6.0.8 DKMS files...

--
Deleting module version: 6.0.8
completely from the DKMS tree.
--
Done.
Loading new virtualbox-guest-6.0.8 DKMS files...
Building for 5.0.0-trunk-amd64
Building initial module for 5.0.0-trunk-amd64
Error! Bad return status for module build on kernel: 5.0.0-trunk-amd64 (x86_64)
Consult /var/lib/dkms/virtualbox-guest/6.0.8/build/make.log for more
information.
dpkg: error processing package virtualbox-guest-dkms (--configure):
 installed virtualbox-guest-dkms package post-installation script subprocess
returned error exit status 10

   * What outcome did you expect instead?

 % sudo apt upgrade -V succeeds without error.

   * Additional information:

make.log contains the following error.

CC [M]  /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxvideo/vbox_ttm.o
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxvideo/vbox_fb.c:336: error:
unterminated #else
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0)

It seems that debian/patches/new-kernel-5.2.patch doesn't have correct
#if #endif pairs.



-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.0.0-trunk-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ja_JP.utf8, LC_CTYPE=ja_JP.utf8 (charmap=UTF-8), 
LANGUAGE=ja_JP.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages virtualbox-guest-dkms depends on:
ii  dkms  2.6.1-4

virtualbox-guest-dkms recommends no packages.

virtualbox-guest-dkms suggests no packages.

-- no debconf information


make.log
Description: Binary data

Bug#929385: ITP: sequoia -- a modern OpenPGP implementation in Rust

[Paul Wise]

On Wed, May 22, 2019 at 12:05:27PM -0400, Daniel Kahn Gillmor wrote:

> Sequoia offers an OpenPGP interface in a modern, memory-safe language.
> It offers two command-line utilities (sq and sqv) in addition to its
> Rust library implementation.

Please note that there is a file conflict with ispell:

ispell: /usr/bin/sq

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Bug#929412: Support mhtml / mht

[積丹尼 Dan Jacobson]

Package: unar
X-Debbugs-Cc: Dag Ågren 
Version: 1.10.1-2+b4
Severity: wishlist
File: /usr/bin/unar

Would be great to support unarchiving mhtml files.

(I currently use

test $# -eq 1 ||{ echo $0: One arg please. 1>&2; exit 42;}
perl -pwle 's/\r$//;' $@| # Workaround for 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869217
/usr/bin/munpack -t 2>&1|
perl -nle '
# Workaround for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=222582
use strict;
use warnings FATAL => q(all);
print STDERR;
if (m@^(part\d+) \((?:text|image)/(\w+)\)$@) {
my $f = $1 . "." . ( $2 eq "plain" ? "txt" : $2 );
if ( -f $f ) { print STDERR "$f exists already, skipping"; next }
else { die $! unless rename $1, $f }
print "$1->$f";
}

but I didn't try https://www.volkerschatz.com/unix/uware/unmht.html .)

Bug#869217: munpack must realize that some input is CRLF else will shatter UTF-8

[積丹尼 Dan Jacobson]

munpack must realize some archives, e.g., .mhtmls, come in CRLF format,
otherwise, it will shatter UTF-8 when decoding! E.g.,
$ cat -vte
Content-Transfer-Encoding: quoted-printable^M$
...
jidanni=E7=9A=84=E4=BE=BF=E5=88=A9=E8=B2=BC - =E6=8B=89=E5=90=89=E4=^M$
=BC=8A=E6=98=9F=E7=90=83 raGii.net - Powered by Ragii.com!^M$

Bug#929224: apt-cacher-ng, debootstrap and deb.debian.org combination fails

[Sean Whitton]

Hello Eduard,

On Wed 22 May 2019 at 09:24PM +02, Eduard Bloch wrote:

> Uhm, I suggest you do what it says and read the manual?

I am not trying to use an https mirror.

I don't know what's responsible for the attempt to use https, but I want
to use http://deb.debian.org/debian, and one of apt-cacher-ng,
debootstrap or the deb.debian.org service is blocking doing that.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#625847: Newer unattended-upgrades mails even if there aren't packages on hold

[Sean Whitton]

control: retitle -1 Option to send an e-mail only if packages were upgraded
control: severity -1 normal

Hello,

unattended-upgrades in stretch would not send an e-mail unless packages
were actually upgraded.  The version in buster sends an e-mail daily
even if there is nothing to do -- no packages on hold, and nothing
upgradeable.

It would be great to have an option to restore the stretch behaviour.
That would also satisfy the original reporter of this bug, I believe.

I'm raising the severity since this feels like a regression since
stretch, but I understand if the maintainers disagree.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#926501: xpdf: continuous memory leak

[ziegler]

I can confirm this for the amd68-version. After some days of 
browsing a 300 pages pdf-dokument, the programm used ten 
gigabytes of memory.



Martin

Bug#929411: dstat: upstream discontinued due to reimplementation by RedHat

[Paul Wise]

Package: dstat
Severity: normal

Upstream wrote on github that they are discontinuing the dstat project
because RedHat reimplemented it and used the same name.

https://github.com/dagwieers/dstat/issues/170
https://www.redhat.com/en/blog/implementing-dstat-performance-co-pilot
https://news.ycombinator.com/item?id=19986646

> Since Red Hat decided to replace this utility with a complete
> framework and its own utility with the same name.
> 
> And since I have zero interest to fight a multi-billion company who
> likes replacing commands with their own. And I have been in the same
> situation before and it didn't bring any joy. And since nobody is
> picking up the towel, let's end this project here.
> 
> So long, and thanks for all the fish.
> 
> Send your bug reports to Red Hat, and good luck with the future.
> 
> Over and out.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Bug#920373: default soundfonts

[Thorsten Glaser]

Fabian Greffrath dixit:

>Hi Thorsten et al.,
>
>> Do we also wish a /usr/share/sounds/sf3/default.sf3 ? Ib^@^Yve got four
>
>I don't have a strong opinion about this. My concern is merely that we
>have at least one soundfont installed so users can play MIDI
>out-of-the-box. We can still decide wether to extend this to other formats
>once we've got an implementation for SF2 alternatives working.

True, but that would lead to major unnecessary package churn with,
in my case, about 700 MiB (compressed size) per upload. I’d prefer
to avoid that, for snapshot.d.o sanity and users on poor bandwidth
connections (i.e. Germans) ☻

>I don't see a problem with a soundfont appearing twice, once under its
>original filename and once as "default.sf2". Quite the contrary, I think

OK, /usr/share/sounds/sf[23]/default.sf[23] then.

>> Should we also make all packages providing an alternative for this
>> Provides some virtual package, for others to depend on? Ib^@^Yd suggest
>> sf2-soundfont and sf3-soundfont for naming, and SF3 soundfonts can
>> Provides both of them.
>
>Either this, or we could even introduce a real package that depends on one
>of the providers and itself provides the named symlink and the
>alternatives invocation in its maintainer scripts.

Oh, interesting. Is there prior art for this? I think it can only
add alternatives for those packages that are actually installed…

… for simplicity, I’d use this dependency though:

timgm6mb-soundfont | sf2-soundfont

(preferring the tiniest of its providers as the real alternative,
for when the package is installed in buildds)


>> Alternatives priorities could also be tricky. They can even differ
>> between default.sf2 and default.sf3b^@&
>
>I believe that if you install a several-hundred-MB soundfont package you
>did this for a reason and apparently want to use this soundfont as your
>new default. So, as a rough measure, we could probably start with
>timgm6mb-soundfont and increase priority with increasing package size.

OK, good point, although I’d decrease opl3-soundfont as it’s special-use
(and whether fluid-soundfont-gs should be included at all?) and put
MuseScore_General (actively developed) over all Fluid ones (frozen).

Going by Installed-Size in apt-cache policy:

fluid-soundfont-gs  314910  sf2 (I think)
timgm6mb-soundfont  606920  sf2 (I think)
opl3-soundfont  131891  30  sf2 (I think)
fluidr3mono-gm-soundfont23091   40   sf3
fluid-soundfont-gm  145169  50  sf2 (I think)
musescore-general-soundfont-small   39002   60   sf3
musescore-general-soundfont 83917   70   sf3
musescore-general-soundfont-lossless477837  80  sf2 (confirmed)

The sf3 ones can also fulfill sf2.

Does this look agreeable? Did I miss any (I did a search for
packages with “soundfont” in their name)? Did I misidentify
any non-SF2 ones as SF2?

>The point is that playing MIDI should immediately work out-of-the-box with
>at least fluidsynth and gstreamer if one of the packages providing the
>alternative is installed. So, I guess any SF2 soundfont providing a GM set
>should be sufficient?

Sure. Some people consider GS sufficient for MIDI, some don’t, it
really depends on what kind of music to play. Just leave out
fluid-soundfont-gs and start with timgm6mb-soundfont at 20
if we do that. Easier to change later.

>> Another point to think of: admins can locally install anyB9 other
>> soundfont by just copying it into place, and those can also serve
>> as default soundfonts. This offers two questions:
>
>In Debian, we can really only take care of other software that is in
>Debian. However, we can make it as easy as possible to use Debian's
>mechanisms for software not packaged, c.f. game-data-packager.

OK.

>> b^@" how easy is it for non-packaged things to be added to the
>>   Debian alternatives system? I think itb^@^Ys just one command,
>>   which we could document in the consumers of soundfontsb^@^Y readmes.
>
>It should be just one command, indeed, and we could document it somewhere,

Agreed.

>e.g. in the Wiki. However, this already exceeds the "it should just work"
>use case. If you care enough to install your own soundfont then probably
>it can be expected that (a) you either already figured out how to tell
>your MIDI rendering software how to use it

Changing the alternative might be easier and robuster.

> or (b) you are able to nuke the
>alternatives symlink and point a new one to your favourite soundfont
>instead.

Ouch, don’t do that…

>> This (#929185) may also affect timidity, which has its own format,
>> but with a trivial config file can support any SF2 (at least, did
>> not try SF3) soundfont:
>
>I didn't even know this! I believed timidity was still bound to the pats
>format.

It was news to me as well, but happy news.

>> Ibve opened #920373 against timidity to have sourcing this, commented
>> out, 

Bug#923930: FTBFS: FAIL test_chain

[Jeffrey Altman]

Heimdal's hx509 relies on ctime(), gmtime(), strptime() and tm2time()
all of which are constrained by glibc's concept of time.  Please advise
when Debian provides 64-bit time versions of these functions on i386.

Jeffrey Altman
Heimdal Project Manager




smime.p7s
Description: S/MIME Cryptographic Signature

Bug#923930: FTBFS: FAIL test_chain

[Jeffrey Altman]

On 5/22/2019 6:25 PM, Brian May wrote:
> To me it really sounds like Heimdal is dropping support for 32 bit
> architectures then.
> 
> However Debian doesn't have the luxury of being able to drop the 32 bit
> version of Heimdal, just for the sake of a faulty test. Particularly
> when existing versions have known security issues.

Heimdal isn't dropping support for 32-bit architectures; Debian is
failing to support timestamps past 19 Jan 2038 03:14:07 UTC using the
standard integer type for time: time_t.

Heimdal uses time_t in its public api.  Therefore, we cannot simply
change from 32-bit time_t or (time_t *) in a public api and replace
it with int64_t and (int64_t *) without breaking the API and ABI
contracts.  We certainly are not going to do so in a minor release.
Even if we did Debian wouldn't accept the change in its stable
distributions because doing so would break the API and ABI contracts.

> Does this problem affect Heimdal versions < 7.5.0? It sounds like
> these version should be fine (thinking of Jessie and Stretch security
> updates here).

I'm not sure if you are asking about the 32-bit time limitation on
platforms that provide 32-bit time_t or the security vulnerabilities.

The range of affected Heimdal versions was published as part of the
CVE-2018-16860 announcement.  Quoting from that text:

== CVE ID#: CVE-2018-16860
==
== Versions:All Samba versions since Samba 4.0
==  All releases of Heimdal from 0.8 including 7.5.0
==  and any products that ship a KDC derived from one of
==  those Heimdal releases.

Since Jessie and Stretch distribute vulnerable versions of Heimdal,
Debian should update them.

The 32-bit time limitation imposed by OS platforms whose time_t is
32-bit affects all versions of Heimdal.

Our advice to Debian is to replace the certificate with one that has an
expiration date before 19 Jan 2038 03:14:07 UTC.  Otherwise, Debian will
fail to detect failures of the certificate validation code caused by
patches that might be applied to OpenSSL.

Changes to the API and ABI can occur as part of a major release such as
8.0.  These is an open issue to address the problem as part of Heimdal 8.0.

Jeffrey Altman
Heimdal Project Manager




smime.p7s
Description: S/MIME Cryptographic Signature

Bug#929410: RANDR extension not present

[Floris Bos]

Package: tigervnc-scraping-server

Version: 1.9.0+dfsg-3


Seems the tigervnc package is missing randr support.


==

$ x0tigervncserver -SecurityTypes none

Wed May 22 22:20:30 2019
 Geometry:    Desktop geometry is set to 1024x768+0+0
 XDesktop:    Using evdev codemap

 XDesktop:    XTest extension present - version 2.2
 XDesktop:    RANDR extension not present
 XDesktop:    Will not be able to handle session resize
 Main:    Listening on port 5900
^C

==


While my system/X server certainly has the RANDR extension:


==

$ xrandr
Screen 0: minimum 320 x 200, current 1024 x 768, maximum 7680 x 7680
HDMI-1 connected primary 1024x768+0+0 (normal left inverted right x axis 
y axis) 0mm x 0mm

   1024x768  60.00*
   800x600   60.32    56.25
   848x480   60.00
   640x480   59.94

==


Think you are missing a build dependeny on the libxrandr2 library.

If HAVE_XRANDR is not set at compile time, it always prints the message 
( 
https://github.com/TigerVNC/tigervnc/blob/master/unix/x0vncserver/XDesktop.cxx#L182 
)

Bug#754513: Paper Submission - CFP International Conference @ University of Westminster, London, UK

[Stefania Wilson]

Dear Friends,


We would like to invite you to submit research article in the 9th Joint 
International Conference organised by Institute of Research Engineers and 
Doctors at University of Westminster, London, UK. The theme for the 2019 UK 
conference is to bring together innovative academics and industrial experts to 
a common forum. We would be delighted to have you present at this conference to 
hear what the technology experts and researchers have to share about the 
technology advancements and their impact on our daily lives.


Joint International Conference Consists of following tracks:




Track 1: 9th International Conference on Advances in Computing, Control and 
Networking - ACCN


Official Webiste: www.accn.theired.org




Track 2: 9th International Conference On Advances in Civil, Structural and 
Mechanical Engineering - ACSM


Official Webiste: www.acsm.theired.org




Track 3: 9th International Conference On Advances in Applied Science and 
Environmental Technology - ASET


Official Webiste: www.aset.theired.org




Track 4: 9th International Conference On Advances in Economics, Social Science 
and Human Behaviour Study - ESSHBS​




Official Webiste: www.esshbs.theired.org​




Conference Venue: University of Westminster, London, UK


Conference Date: 20 - 21 July 2019


Abstract/ Full Paper Submission For Review: 10 June 2019





About University of Westminster (Conference Venue):
--The University of Westminster is a public university in London, United 
Kingdom. Its antecedent institution, the Royal Polytechnic Institution, was 
founded in 1838 and was the first polytechnic institution in the UK. 
Westminster was awarded university status in 1992 meaning it could award its 
own degrees.


--Its headquarters and original campus are in Regent Street in the City of 
Westminster area of central London, with additional campuses in Fitzrovia, 
Marylebone and Harrow. It operates the Westminster International University in 
Tashkent in Uzbekistan.


--Westminster's academic activities are organised into seven faculties and 
schools, within which there are around 45 departments. The University has 
numerous centres of research excellence across all the faculties, including the 
Communication and Media Research Institute, whose research is ranked in the 
Global Top 40 by the QS World University Rankings. Westminster had an income of 
£170.4 million in 2012/13, of which £4.5 million was from research grants and 
contracts.


--Westminster is a member of the Association of Commonwealth Universities, the 
Association of MBAs, EFMD, the European University Association and Universities 
UK.


About Publication:​

All the registered papers will proudly be published by IRED-CPS and stored in 
the SEEK digital Library 

(www.seekdl.org). Each Paper will be assigned DOI (Digital Object Identifier) 
from CROSSREF. The Proc. will be submitted to ISI Thomson for Review and 
Indexing. Proc. will also be published in International Journals with ISSN 
Numbers.


Remote Presentation via Skype can also be arranged.


We would also like to share some conference photographs of previous held 
International conference that has been worldwide.


Kindly refer to the below 

Bug#929409: boinc-client: no access to /dev/dri/renderD*

[Achim Schaefer]

Package: boinc-client
Version: 7.14.2+dfsg-3
Severity: normal

Dear Maintainer,

due to missing access to /dev/dri/renderD*  the boinc-client is not able to 
"see" the GPU.
Due to this GPU computing is not possible.

root@data:/lib/udev/rules.d# LANG=C getfacl /dev/dri//renderD128 
getfacl: Removing leading '/' from absolute path names
# file: dev/dri//renderD128
# owner: root
# group: render
user::rw-
user:achim:rw-
group::rw-
mask::rw-
other::---

root@data:/lib/udev/rules.d# ls -l /dev/dri//renderD128
crw-rw+ 1 root render 226, 128 Mai 20 00:14 /dev/dri//renderD128
root@data:/lib/udev/rules.d# 

Thanks

-- Package-specific info:
-- Contents of /etc/default/boinc-client:
# This file is /etc/default/boinc-client, it is a configuration file for the
# /etc/init.d/boinc-client init script.

# Set this to 1 to enable and to 0 to disable the init script.
ENABLED="1"

# Set this to 1 to enable advanced scheduling of the BOINC core client and
# all its sub-processes (reduces the impact of BOINC on the system's
# performance).
SCHEDULE="1"

# The BOINC core client will be started with the permissions of this user.
BOINC_USER="boinc"

# This is the data directory of the BOINC core client.
BOINC_DIR="/var/lib/boinc-client"

# This is the location of the BOINC core client, that the init script uses.
# If you do not want to use the client program provided by the boinc-client
# package, you can specify here an alternative client program.
#BOINC_CLIENT="/usr/local/bin/boinc"
BOINC_CLIENT="/usr/bin/boinc"

# Here you can specify additional options to pass to the BOINC core client.
# Type 'boinc --help' or 'man boinc' for a full summary of allowed options.
#BOINC_OPTS="--allow_remote_gui_rpc"
BOINC_OPTS=""

# Scheduling options

# Set SCHEDULE="0" if prefering to run with upstream default priority
# settings.

# Nice levels. When systems are truly busy, e.g. because of too many active
# scientific applications started by the boinc client, there is a chance for
# the boinc client not to be granted sufficient opportunity to check for
# scientific applications to be alive and make the (wrong) decision to
# terminate the scientific app. This is particularly an issue with many
# apps started in parallel on modern multi-core systems and extra overheads
# for the download and uploads of files with the project servers. Another
# concern is the latency for scientific applications to communicate with the
# graphics card, which should be low. All such values should be set and
# controled from within the BOINC client. The Debian init script also sets
# extra constrains via chrt on real time performance and via ionice on 
# I/O performance, which is beyond the regular BOINC client. It then was
# too easy to use that code to also constrain minimal nice levels. We still
# think about how to best distinguish GPU applications from regular apps.
BOINC_NICE_CLIENT=10
BOINC_NICE_APP_DEFAULT=19
#BOINC_NICE_APP_GPU=5# not yet used

# ionice classes. See manpage of ionice (1) in the util-linux package.
BOINC_IONICE_CLIENT=3# idle
#BOINC_IONICE_APP_DEFAULT=3  # idle, not yet used
#BOINC_IONICE_APP_GPU=2  # best effort, not yet used


-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages boinc-client depends on:
ii  adduser3.118
ii  ca-certificates20190110
ii  debconf [debconf-2.0]  1.5.72
ii  libboinc7  7.14.2+dfsg-3
ii  libc6  2.28-10
ii  libcurl4   7.64.0-3
ii  libgcc11:8.3.0-7
ii  libstdc++6 8.3.0-7
ii  libx11-6   2:1.6.7-1
ii  libxss11:1.2.3-1
ii  lsb-base   10.2019051400
ii  python33.7.3-1
ii  zlib1g 1:1.2.11.dfsg-1

boinc-client recommends no packages.

Versions of packages boinc-client suggests:
pn  boinc-client-nvidia-cuda  
pn  boinc-client-opencl   
ii  boinc-manager 7.14.2+dfsg-3
ii  x11-xserver-utils 7.7+8

-- Configuration Files:
/etc/boinc-client/cc_config.xml changed:


1
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0


0
0

Bug#886855: xfce4-session: verbose logging is always enabled

[Dmitry Katsubo]

I've encountered the same problem being discussed: xfce4-session v4.12.1-6 
(Debian buster) creates ~/.xfce4-session.verbose-log even though XFSM_VERBOSE 
variable is not set.

Bug#923930: FTBFS: FAIL test_chain

[Brian May]

Jeffrey Altman  writes:

> Background on this test failure.
>
> The reason that the Heimdal 7.5.0 tests began to fail after they
> previously succeeded is because the failing test relies upon an X.509
> certificate that expired on March 4 2019.
>
> Then post 7.5.0 support was added to support OpenSSL 1.1 which included
> the ability to handle certificates with expiration dates post 19 Jan
> 2038 03:14:07 UTC.
>
> Heimdal also updated the test suite certificates to last 500 years.
> These certificates work fine on platforms with 64-bit time_t but on
> platforms such as Debian Linux i386 where time_t is 32-bit, the tests
> will fail.
>
> There has been no code change to Heimdal and there is no intention to
> replace the use of time_t within Heimdal for a Heimdal specific time
> integer type within the Heimdal 7.x series.  Making such a change would
> alter not only APIs but ABIs.  Its unclear when or if we could make such
> a change for the same reasons that Debian cannot alter the size of
> time_t on i386.

To me it really sounds like Heimdal is dropping support for 32 bit
architectures then.

However Debian doesn't have the luxury of being able to drop the 32 bit
version of Heimdal, just for the sake of a faulty test. Particularly
when existing versions have known security issues.

To solve this for the immediate short term, I am seriously considering
disabling all 6 tests that are failing (see patch below). This in turn
will solve the FTBFS bug, and allow us to solve the security issues
(which are probably more important then the tests). Hopefully this in
turn will get accepted into Buster.

Does this problem affect Heimdal versions < 7.5.0? It sounds like these
version should be fine (thinking of Jessie and Stretch security updates
here).


=== cut ===
From: Brian May 
Date: Wed, 22 May 2019 17:19:48 +1000
Subject: Disable tests that are failing due to expired cert

See https://bugs.debian.org/923930
---
 lib/hx509/Makefile.am | 3 ---
 tests/kdc/Makefile.am | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am
index bd71225..2880676 100644
--- a/lib/hx509/Makefile.am
+++ b/lib/hx509/Makefile.am
@@ -220,10 +220,7 @@ PROGRAM_TESTS =\
test_expr
 
 SCRIPT_TESTS = \
-   test_ca \
test_cert   \
-   test_chain  \
-   test_cms\
test_crypto \
test_nist   \
test_nist2  \
diff --git a/tests/kdc/Makefile.am b/tests/kdc/Makefile.am
index 57b8f9a..b4f3d77 100644
--- a/tests/kdc/Makefile.am
+++ b/tests/kdc/Makefile.am
@@ -27,13 +27,10 @@ SCRIPT_TESTS = \
check-fast \
check-kadmin \
check-hdb-mitdb \
-   check-kdc \
-   check-kdc-weak \
check-keys \
check-kpasswdd \
check-pkinit \
check-referral \
-   check-tester \
check-uu
 
 TESTS = $(SCRIPT_TESTS)
=== cut ===

-- 
Brian May 

Bug#928809: lintian: suggest adding gitlab-ci file

[Mattia Rizzolo]

On Wed, 22 May 2019, 11:30 pm Chris Lamb,  wrote:

> (Personally, I doubt someone would fork Lintian, more likely its
> output would become less and less "trusted". But both outcomes suck.)
>

Rather, people who until at some point diligently read the whole lintian
output for every single upload they do, may just decide that it is too
bothersome to do it anymore, and STO reading it.

Bug#929019: dpkg-dev: How to use Rules-Requires-Root without debhelper

[Guillem Jover]

On Wed, 2019-05-15 at 14:42:53 +0200, Santiago Vila wrote:
> On Wed, May 15, 2019 at 02:21:49PM +0200, Guillem Jover wrote:
> > > To be precise, if I apply the patch below to hello-traditional_2.10-5
> > > and do "dpkg-buildpackage -uc -us -b" in a sid chroot, I get a .deb
> > > package with all files owned by "sanvila/sanvila".

> > Ah. :) Ok let's try to see whether the current spec/doc is enough or
> > whether it'd need improvements. So it would be great if you could go
> > over /usr/share/doc/dpkg-dev/rootless-builds.txt.gz and see whether
> > you can figure it out with just that? Also assuming you were not aware
> > of that doc, where do you think it could have been referred from so
> > that it would be easy to get to?
> 
> Yes, I read the document (following a link from lintian), and no,
> I was not able to figure out.

BTW, I just recalled this is also documented now in policy, I'll file
a bug on lintian to add a reference.

> (BTW: The document speaks about "the builder", who is exactly this
> mysterious character? dpkg-deb? sbuild? the person doing the build?)

This is whatever or whoever is calling debian/rules. I've updated the
doc.

> > (Briefly checking it now again, I think it should spell out dpkg-deb's
> > --root-owner-group option on the prototyping/preparation section.)
> 
> Ok, I see it now. So, I should use Rules-Requires-Root: no and
> also add --root-owner-group to the "dpkg --build" call, right?

Yes.

> Should I also add a versioned build-depends on dpkg-dev?

You want a build-dep on dpkg >= 1.19.0 itself for the new dpkg-deb
option. I guess you could also want a build-dep on dpkg-dev >= 1.19.1
for the R³ field support, but in your specific case it does not matter
much, as either it will be supported and debian/rules will not be
called with (fake)root, or it will not be supported and it will be
called with (fake)root, which will not matter much as dpkg-deb will do
the right thing anyway.

I'm attaching the diff to the spec, but not sure whether that'd have
been enough to make this more clear?

Thanks,
Guillem
diff --git i/doc/rootless-builds.txt w/doc/rootless-builds.txt
index 0b6b9d849..3298768ec 100644
--- i/doc/rootless-builds.txt
+++ w/doc/rootless-builds.txt
@@ -48,10 +48,11 @@ The values are defined as:
  (See also "Implementation provided keywords".)
 
- When "Rules-Requires-Root" is set to , the
- builder will expose an interface that is used to run a command under
- (fake)root via the "Gain Root API". If the builder cannot provide such
- a command, it MUST behave like "Rules-Requires-Root" was set to
- "binary-targets", i.e. run "debian/rules binary" under (fake)root.
+ builder (i.e. whatever is executing debian/rules) will expose an
+ interface that is used to run a command under (fake)root via the
+ "Gain Root API". If the builder cannot provide such a command, it
+ MUST behave like "Rules-Requires-Root" was set to "binary-targets",
+ i.e. run "debian/rules binary" under (fake)root.
 
 When the builder supports this specification, it MUST notify this fact to
 the rules file via the "DEB_RULES_REQUIRES_ROOT" environment variable, with
@@ -139,12 +140,12 @@ Prototyping/preparation
 dpkg side
 -
 
-dpkg-deb --build must either default to resetting all owner/group values to
-0:0 when not run under (fake)root OR provide an interface so dh_builddeb can
-provide the owner/group value to dpkg-deb --build.
+dpkg-deb --build provides the --root-owner-group option so that dh_builddeb
+or direct calls can control the owner/group file values w/o requiring
+(fake)root.
 
-dpkg-buildpackage must export DEB_GAIN_ROOT_CMD (for starters, doing this
-unconditionally would be fine).
+dpkg-buildpackage must export DEB_GAIN_ROOT_CMD when necessary (for
+prototyping, doing this unconditionally would be fine).
 
 
 debhelper side

Bug#929408: ruby-inherited-resources: /usr/lib/ruby/vendor_ruby/generators/rails/templates/controller.rb is already shipped by ruby-jbuilder

[Andreas Beckmann]

Package: ruby-inherited-resources
Version: 1.9.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../ruby-inherited-resources_1.9.0-1_all.deb ...
  Unpacking ruby-inherited-resources (1.9.0-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb (--unpack):
   trying to overwrite 
'/usr/lib/ruby/vendor_ruby/generators/rails/templates/controller.rb', which is 
also in package ruby-jbuilder 2.7.0-1
  Errors were encountered while processing:
   /var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb


cheers,

Andreas


ruby-jbuilder=2.7.0-1_ruby-inherited-resources=1.9.0-1.log.gz
Description: application/gzip

Bug#929394: rust-libc: please update to 0.2.55

[Daniel Kahn Gillmor]

On Wed 2019-05-22 14:22:38 -0400, Daniel Kahn Gillmor wrote:
> There are 100 of them -- yikes!  I'm not sure how to efficiently and
> safely test them all to ensure that the upgrade doesn't break anything,
> so rather than just applying the patch below, i'm proposing it here.

We discussed the upgrade over on #debian-rust, and decided that because
this is a change in the PATCH version level, it is likely to be fine to
do the upgrade.

If we need something more subtle between 0.2.48 and 0.2.55 to make it
into buster (we do not anticipate needing that), we should be able to
use testing-proposed-updates instead.

--dkg


signature.asc
Description: PGP signature

Bug#929407: ruby-inherited-resources: /usr/lib/ruby/vendor_ruby/generators/rails/USAGE is already shipped by ruby-active-model-serializers

[Andreas Beckmann]

Package: ruby-inherited-resources
Version: 1.9.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../ruby-inherited-resources_1.9.0-1_all.deb ...
  Unpacking ruby-inherited-resources (1.9.0-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb (--unpack):
   trying to overwrite '/usr/lib/ruby/vendor_ruby/generators/rails/USAGE', 
which is also in package ruby-active-model-serializers 0.10.8-1
  Errors were encountered while processing:
   /var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb


cheers,

Andreas


ruby-active-model-serializers=0.10.8-1_ruby-inherited-resources=1.9.0-1.log.gz
Description: application/gzip

Bug#929406: hdf5: libhdf5-*103-1 missing Breaks+Replaces: libhdf5-*103

[Andreas Beckmann]

Package: 
libhdf5-103-1,libhdf5-cpp-103-1,libhdf5-mpich-103-1,libhdf5-mpich-cpp-103-1,libhdf5-openmpi-103-1,libhdf5-openmpi-cpp-103-1
Version: 1.10.5+repack-1~exp6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'experimental' to 'experimental'.
It installed fine in 'experimental', then the upgrade to 'experimental' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package libhdf5-103-1:amd64.
  Preparing to unpack .../libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb ...
  Unpacking libhdf5-103-1:amd64 (1.10.5+repack-1~exp6) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb (--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.1.0', 
which is also in package libhdf5-103:amd64 1.10.5+repack-1~exp5
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb

  Selecting previously unselected package libhdf5-openmpi-103-1:amd64.
  Preparing to unpack .../libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb 
...
  Unpacking libhdf5-openmpi-103-1:amd64 (1.10.5+repack-1~exp6) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb 
(--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/libhdf5_openmpi.so.103', 
which is also in package libhdf5-openmpi-103:amd64 1.10.4+repack-10
  Selecting previously unselected package libhdf5-openmpi-cpp-103-1:amd64.
  Preparing to unpack 
.../libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb ...
  Unpacking libhdf5-openmpi-cpp-103-1:amd64 (1.10.5+repack-1~exp6) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb
 (--unpack):
   trying to overwrite 
'/usr/lib/x86_64-linux-gnu/libhdf5_openmpi_cpp.so.103.1.0', which is also in 
package libhdf5-openmpi-cpp-103:amd64 1.10.5+repack-1~exp5
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb
   
/var/cache/apt/archives/libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb


I didn't check all failures, but I assume it's the same problem in all packages.


cheers,

Andreas


libhdf5-openmpi-cpp-103=1.10.5+repack-1~exp5_libhdf5-openmpi-cpp-103-1=1.10.5+repack-1~exp6.log.gz
Description: application/gzip

Bug#750781: not fixed

[sergio]

While the dirty hack of editing /lib/systemd/system/getty@.service works,

the right way of creating /etc/systemd/system/getty@.service works only for 
tty1:

$ ps aux | grep getty
... /sbin/agetty -f /etc/issue.linuxlogo -o -p -- \u --noclear tty1 linux
... /sbin/agetty -o -p -- \u --noclear tty2 linux
... /sbin/agetty -o -p -- \u --noclear tty3 linux
... /sbin/agetty -o -p -- \u --noclear tty4 linux
... /sbin/agetty -o -p -- \u --noclear tty5 linux
... /sbin/agetty -o -p -- \u --noclear tty6 linux

-- 
sergio.

Bug#928809: lintian: suggest adding gitlab-ci file

[Chris Lamb]

Dmitry Bogatov wrote:

> > [..]  I just think that lintian should be less pro-active at adding
> > checks for things that are far from accepted.
> 
> That is why I propose introducing concept of "controversial" checks.

I think we are all violently agreeing here. 

> Having Lintian plainly reject such proposals would mean need in creation
> of something like "lintian-unofficial"

(Personally, I doubt someone would fork Lintian, more likely its
output would become less and less "trusted". But both outcomes suck.)


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#929405: ITP: pveclib -- power vector library

[Gabriel F. T. Gomes]

Package: wnpp
Severity: normal

I will start working on the packaging for pveclib
(https://github.com/open-power-sdk/pveclib).

Cheers,
Gabriel

Bug#929063: init: delegate selinux operation to separate binary

[Jesse Smith]

On Wed, 22 May 2019 13:28:39 +0200 (CEST) Thorsten Glaser wrote:
>
> (I’m not quite convinced the effort is worth it, but given that
> this would be changed upstream, and that there are likely other
> users of the same upstream code who’re _not_ using SELinux, this
> would be very welcomed by those, so I’m okay with it.)

I'd like to point out that init already has compile-time defines in the
code which check for the existence of SELinux (using the variable
WITH_SELINUX). If WITH_SELINUX is not defined at compile time, then the
SELinux code isn't built into init. So other projects, perhaps Debian
Hurd or FreeBSD, can already build init without SELinux features.

Bug#929393: rust-lazy-static: please upgrade to 1.3.0

[Daniel Kahn Gillmor]

Control: retitle 929393 rust-lazy-static: please upgrade to 1.3.0

On Wed 2019-05-22 14:20:11 -0400, Daniel Kahn Gillmor wrote:
> sequoia-openpgp wants lazy_static version 0.13.0.  we only have 0.11.0
> in debian right now.

I mis-wrote this -- it should have said we want lazy_static 1.3.0, but
we currently have 1.2.0.

talking with kpcyrd and silwol[m] and Sylvestre on #debian rust today, i
think i gained enough insight and confidence to go ahead with this
upgrade.

First, we discussed whether to target unstable or experimental.  the
rough sense of the group was that unstable is ok. if we come up with
targeted fixes we want in buster before the release, we might use
testing-proposed-updates for that.

I also learned that lazy_static has a spin feature that is versioned
against spin 0.5.0 (0.4.10 is in testing), so upgrading spin initially
is probably advisable.  An updated spin is needed in other projects too,
so this update appears to be concretely useful.

finally, because of the semantic versioning, 1.3.0 is supposed to be a
safe upgrade from 1.2.0.  Indeed, other packages should have their build
(and runtime) dependencies set to just care about the major version (and
maybe >= some minor version, but upstream is supposed to avoid any
breaking changes in minor updates as long as the major version is
already >= 0.

So i've uploaded this package.  If there are problems with the upload or
the process, please let me know.

--dkg


signature.asc
Description: PGP signature

Bug#929386: Can you please run `inject-into-salsa-git` on your local clone (Was: Bug#929386: r-cran-webgestaltr: FTBFS (missing builds-depends))

[Andreas Tille]

Hi Steffen,

can you please run `inject-into-salsa-git` on your local clone.  There is
no Git repository at

   https://salsa.debian.org/r-pkg-team/r-cran-webgestaltr

Kind regards

  Andreas.

-- 
http://fam-tille.de

Bug#928809: lintian: suggest adding gitlab-ci file

[Dmitry Bogatov]

[2019-05-20 15:45] Mattia Rizzolo 
> On Fri, May 17, 2019 at 08:58:03AM +0100, Chris Lamb wrote:
> [...]
> > (This kind of conversation always makes me wonder if we need another
> > level of "extra pendatic" that people need to opt into... *g*)
>
> Nah.  I just think that lintian should be less pro-active at adding
> checks for things that are far from accepted.

That is why I propose introducing concept of "controversial" checks.

Having Lintian plainly reject such proposals would mean need in creation
of something like "lintian-unofficial", that would be wasted technical
effort on setting up new source package, re-using Lintian library and so
on.
-- 
Note, that I send and fetch email in batch, once every 24 hours.
 If matter is urgent, try https://t.me/kaction
 --

Bug#928969: stterm: incorrect rendering of cyrillic letters with Terminus

[Dmitry Bogatov]

[2019-05-19 23:49] Paride Legovini 
> I tried with xterm and sakura, the Cyrillic string renders exactly as
> in stterm, with the correct character width and spacing.

> Let me know if there is anything else I can try.

Okay. I prepared kvm virtual machine image, that you can download
from "people.debian.org/~kaction/stterm-bug.img.xz".

After it boots, it shows Xdm prompt. Log is as "user:useruser". You will
have default "dwm" instance. Press Alt-Shift-Enter and some terminal
will appear.

There is ~user/I-Will-Show-You.sh script, that starts stterm to show
difference between cyrillic "Привет, мир!" and ascii "Hello, world!".

Hope, you will see same thing as me. After that, you can get root
permission with su and "root:rootroot".
-- 
Note, that I send and fetch email in batch, once every 24 hours.
 If matter is urgent, try https://t.me/kaction
 --

Bug#929404: debian-security-support: [INTL:pt] Updated Portuguese translation

[Américo Monteiro]

Package: debian-security-support
Version: 2019.05.15
Tags: l10n, patch
Severity: wishlist

Updated Portuguese translation for  debian-security-support messages
Translator: Américo Monteiro 
Feel free to use it.

For translation updates please contact 'Last Translator' 

-- 
Melhores cumprimentos/Best regards,

Américo Monteiro

-


debian-security-support_2019.05.15_pt.po.gz
Description: application/gzip

Bug#929403: php-horde-icalendar 2.1.8-1: autopkgtest regression

[Steve Langasek]

Source: php-horde-icalendar
Version: 2.1.8-1
Severity: important
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu eoan

Dear Mathieu,

The autopkgtests for php-horde-icalendar 2.1.8-1 have never passed; they
always fail with this error:

autopkgtest [13:09:30]: test phpunit: [---
PHP Fatal error:  Uncaught Error: Class 'Horde_Test_Case' not found in 
/tmp/autopkgtest-lxc.tfhylnhe/downtmp/build.NcJ/src/Horde_Icalendar-2.1.8/test/Horde/Icalendar/AttributeTest.php:13
Stack trace:
#0 /usr/share/php/PHPUnit/Util/FileLoader.php(57): include_once()
#1 /usr/share/php/PHPUnit/Util/FileLoader.php(45): 
PHPUnit\Util\FileLoader::load('/tmp/autopkgtes...')
#2 /usr/share/php/PHPUnit/Framework/TestSuite.php(540): 
PHPUnit\Util\FileLoader::checkAndLoad('/tmp/autopkgtes...')
#3 /usr/share/php/PHPUnit/Framework/TestSuite.php(618): 
PHPUnit\Framework\TestSuite->addTestFile('/tmp/autopkgtes...')
#4 /usr/share/php/PHPUnit/Runner/BaseTestRunner.php(70): 
PHPUnit\Framework\TestSuite->addTestFiles(Array)
#5 /usr/share/php/PHPUnit/TextUI/Command.php(183): 
PHPUnit\Runner\BaseTestRunner->getTest('.', '', Array)
#6 /usr/share/php/PHPUnit/TextUI/Command.php(162): 
PHPUnit\TextUI\Command->run(Array, true)
#7 /usr/bin/phpunit(42): PHPUnit\TextUI\Command::main()
#8 {main}
  thrown in 
/tmp/autopkgtest-lxc.tfhylnhe/downtmp/build.NcJ/src/Horde_Icalendar-2.1.8/test/Horde/Icalendar/AttributeTest.php
 on line 13
autopkgtest [13:09:31]: test phpunit: ---]

  (https://ci.debian.net/packages/p/php-horde-icalendar/unstable/amd64/)

This is a regression vs the previous version of php-horde-icalendar,
2.1.7-3, whose autopkgtests passed.

Since php-horde-icalendar 2.1.8-1 was uploaded to Debian before autopkgtest
regressions became blocking for testing migration, 2.1.8-1 is in testing and
will be included in the next Debian release.  However, autopkgtest
regressions have always been blocking in Ubuntu, where this test also fails,
so FYI php-horde-icalendar 2.1.8 will not be included in an Ubuntu release
until this is resolved.

(Also, obviously if the tests are consistently failing, this prevents you
from using this as an effective CI gate for Debian testing, so dependencies
of php-horde-icalendar could at any point cause php-horde-icalendar to have
runtime regressions in Debian testing.)

Regards,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Bug#929402: unblock: debian-games/3

[Markus Koschany]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-games

debian-games is a collection of metapackages. This update reflects the
latest changes in Buster. Three packages that were recommended by
debian-games will not be part of Debian 10. They are still present in
unstable, so I have changed the recommendations to Suggests.

unblock debian-games/3

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
diff -Nru debian-games-2.6/debian/changelog debian-games-3/debian/changelog
--- debian-games-2.6/debian/changelog   2019-02-10 14:13:56.0 +0100
+++ debian-games-3/debian/changelog 2019-05-20 00:01:59.0 +0200
@@ -1,3 +1,10 @@
+debian-games (3) unstable; urgency=medium
+
+  * Suggest Netbeans, cuyo and holdingnuts because they will not be part of
+Debian 10 "Buster".
+
+ -- Markus Koschany   Mon, 20 May 2019 00:01:59 +0200
+
 debian-games (2.6) unstable; urgency=medium
 
   * games-tasks: Depend on ${misc:Depends}
diff -Nru debian-games-2.6/debian/control debian-games-3/debian/control
--- debian-games-2.6/debian/control 2019-02-10 14:13:56.0 +0100
+++ debian-games-3/debian/control   2019-05-20 00:01:59.0 +0200
@@ -387,7 +387,6 @@
 deal,
 dealer,
 gsalliere,
-holdingnuts,
 lmemory,
 openpref,
 pescetti,
@@ -401,6 +400,7 @@
 xsol
 Suggests: dds,
   gnome-games,
+  holdingnuts,
   kdegames,
   python-pydds,
   yahtzeesharp
@@ -734,9 +734,9 @@
 liblwjgl-java,
 libpixels-java,
 libsvgsalamander-java,
-libupnp-java,
-netbeans
+libupnp-java
 Suggests: freecol,
+  netbeans,
   triplea
 Description: development of games in Java
  This metapackage will install a selection of suitable tools and packages to
@@ -1247,7 +1247,6 @@
 bastet,
 blockout2,
 crack-attack,
-cuyo,
 flobopuyo,
 freealchemist,
 frozen-bubble,
@@ -1264,7 +1263,8 @@
 vitetris,
 xbubble,
 xwelltris
-Suggests: kblocks
+Suggests: cuyo,
+  kblocks
 Description: Debian's tetris-like games
  This metapackage will install tetris-like games.
 

Bug#929401: debian-security-support: Updated Swedish translation

[Andreas Ronnquist]

Package: debian-security-support
Severity: wishlist
Tags: l10n

Dear Maintainer,

Please find attached a Swedish translation of the
debian-security-support package.

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=sv_SE.utf8, LC_CTYPE=sv_SE.utf8 (charmap=UTF-8),
LANGUAGE=sv_SE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debian-security-support depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.72
ii  gettext-base   0.19.8.1-9

debian-security-support recommends no packages.

debian-security-support suggests no packages.


-- Andreas Rönnquist
gus...@debian.org
# Swedish translations for debian-security-support package
# Svenska översättningar för paket debian-security-support.
# Copyright (C) 2019 Christoph Biedl
# This file is distributed under the same license as the debian-security-support package.
# Andreas Rönnquist , 2019.
#
msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n"
"POT-Creation-Date: 2016-06-07 12:13+0200\n"
"PO-Revision-Date: 2019-05-22 15:31+0200\n"
"Last-Translator: Andreas Rönnquist \n"
"Language-Team: Swedish\n"
"Language: sv\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Generator: Poedit 1.8.11\n"

#: ../check-support-status.in:24
#, sh-format
msgid ""
"Unknown DEBIAN_VERSION $DEBIAN_VERSION. Valid values from $DEB_LOWEST_VER_ID "
"and $DEB_NEXT_VER_ID"
msgstr ""
"Okänd DEBIAN_VERSION $DEBIAN_VERSION. Giltiga värden från $DEB_LOWEST_VER_ID "
"och $DEB_NEXT_VER_ID"

#: ../check-support-status.in:63
msgid "Failed to parse the command line parameters"
msgstr "Misslyckades att tolka kommandoradsparametrarna"

#: ../check-support-status.in:72
#, sh-format
msgid "$name version $VERSION"
msgstr "$name version $VERSION"

#: ../check-support-status.in:101
msgid "E: Internal error"
msgstr "E: Internt fel"

#: ../check-support-status.in:117
msgid "E: Need a --type if --list is given"
msgstr "E: Behöver --type om --list är given"

#: ../check-support-status.in:130
#, sh-format
msgid "E: Unknown --type '$TYPE'"
msgstr "E: Okänd --type '$TYPE'"

#: ../check-support-status.in:152
msgid "E: Cannot detect dpkg version, assuming wheezy or newer"
msgstr "E: Kan inte detektera dpkg-version, antar wheezy eller nyare"

#: ../check-support-status.in:282
msgid "Future end of support for one or more packages"
msgstr "Framtida slut på support för ett eller flera paket"

#: ../check-support-status.in:285
msgid ""
"Unfortunately, it will be necessary to end security support for some "
"packages before the end of the regular security maintenance life cycle."
msgstr ""
"Tyvärr kommer det att bli nödvändigt att avsluta säkerhetsstödet för vissa "
"paket innan slutet på livscykeln för regelbundet säkerhetsunderhåll."

#: ../check-support-status.in:288 ../check-support-status.in:298
#: ../check-support-status.in:308
msgid "The following packages found on this system are affected by this:"
msgstr "De följande paketen på detta system påverkas av detta:"

#: ../check-support-status.in:292
msgid "Ended security support for one or more packages"
msgstr "Avslutat säkerhetsstöd för ett eller flera paket"

#: ../check-support-status.in:295
msgid ""
"Unfortunately, it has been necessary to end security support for some "
"packages before the end of the regular security maintenance life cycle."
msgstr ""
"Tyvärr har det blivit nödvändigt att avsluta säkerhetsstödet för vissa paket "
"innan slutet på livscykeln för regelbundet säkerhetsunderhåll."

#: ../check-support-status.in:302
msgid "Limited security support for one or more packages"
msgstr "Begränsad säkerhetsstöd för ett eller flera paket"

#: ../check-support-status.in:305
msgid ""
"Unfortunately, it has been necessary to limit security support for some "
"packages."
msgstr ""
"Tyvärr har det blivit nödvändigt att begränsa säkerhetsstödet för vissa "
"paket."

#: ../check-support-status.in:320
#, sh-format
msgid "* Source:$SRC_NAME, will end on $ALERT_WHEN"
msgstr "* Source:$SRC_NAME, kommer att avslutas $ALERT_WHEN"

#: ../check-support-status.in:323
#, sh-format
msgid "* Source:$SRC_NAME, ended on $ALERT_WHEN at version $ALERT_VERSION"
msgstr "* Source:$SRC_NAME, avslutades $ALERT_WHEN med version $ALERT_VERSION"

#: ../check-support-status.in:326
#, sh-format
msgid "* Source:$SRC_NAME"
msgstr "* Source:$SRC_NAME"

#: ../check-support-status.in:330
#, sh-format
msgid "  Details: $ALERT_WHY"
msgstr "  Detaljer: $ALERT_WHY"

#: ../check-support-status.in:333
msgid "  Affected binary package:"

Bug#929400: apng2gif FTCBFS: debian/rules hard codes gcc

[Helmut Grohne]

Source: apng2gif
Version: 1.8-0.1
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

apng2gif fails to cross build from source, because debian/rules hard
codes the build architecture compiler gcc. The easiest way of fixing
this - using dpkg's buildtools.mk - makes apng2gif cross buildable.
Please consider applying the attached patch.

Helmut
diff --minimal -Nru apng2gif-1.8/debian/changelog apng2gif-1.8/debian/changelog
--- apng2gif-1.8/debian/changelog   2018-10-27 14:15:49.0 +0200
+++ apng2gif-1.8/debian/changelog   2019-05-22 22:24:11.0 +0200
@@ -1,3 +1,10 @@
+apng2gif (1.8-0.2) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Seed CC from dpkg's buildtools.mk. (Closes: #-1)
+
+ -- Helmut Grohne   Wed, 22 May 2019 22:24:11 +0200
+
 apng2gif (1.8-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --minimal -Nru apng2gif-1.8/debian/rules apng2gif-1.8/debian/rules
--- apng2gif-1.8/debian/rules   2018-10-27 14:15:49.0 +0200
+++ apng2gif-1.8/debian/rules   2019-05-22 22:24:10.0 +0200
@@ -2,7 +2,7 @@
 
 PACKAGE = apng2gif
 BIN= $(PACKAGE)
-CC := gcc
+-include /usr/share/dpkg/buildtools.mk
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 CFLAGS += -Wall -pedantic

Bug#929399: virtualbox-guest-dkms: error in building kernel module

[Valery Senotov]

Package: virtualbox-guest-dkms
Version: 6.0.8-dfsg-4
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Since last update (installed on my machine about a day ago) the package can't 
build kernel module because of failing of building vboxvideo. I've only found 
out that in the build directory of vboxvideo wrong include library path is used.


-- System Information:
Distributor ID: Parrot
Description:Parrot GNU/Linux 4.6
Release:4.6
Codename:   n/a
Architecture: x86_64

Kernel: Linux 5.1.0-parrot1-3t-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages virtualbox-guest-dkms depends on:
ii  dkms  2.6.1-4

virtualbox-guest-dkms recommends no packages.

virtualbox-guest-dkms suggests no packages.

-- no debconf information
DKMS make.log for virtualbox-guest-6.0.8 for kernel 5.1.0-parrot1-3t-amd64 
(x86_64)
Wed 22 May 22:51:02 MSK 2019
make: Entering directory '/usr/src/linux-headers-5.1.0-parrot1-3t-amd64'
  CC [M]  /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuest-linux.o
  CC [M]  /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuest.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibGenericRequest.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibHGCMInternal.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibInit.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibPhysHeap.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibVMMDev.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/alloc-r0drv.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/initterm-r0drv.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/memobj-r0drv.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/mpnotification-r0drv.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/powernotification-r0drv.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/alloc-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/assert-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/initterm-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/memobj-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/memuserkernel-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/mp-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/mpnotification-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/process-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/semevent-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/semeventmulti-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/semfastmutex-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/semmutex-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/spinlock-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/thread-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/thread2-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/time-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/timer-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/RTLogWriteDebugger-r0drv-linux.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/generic/semspinmutex-r0drv-generic.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/alloc/alloc.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/err/RTErrConvertFromErrno.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/err/RTErrConvertToErrno.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/err/errinfo.o
  CC [M]  /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/log.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logellipsis.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logrel.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logrelellipsis.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logcom.o
  CC [M]  
/var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logformat.o
  CC [M]  

Bug#929398: jasperreports: Should jasperreports be removed from unstable?

[Salvatore Bonaccorso]

Source: jasperreports
Version: 6.3.1-2
Severity: serious
Justification: unfit for a Debian release

Hi

Given the discussion around https://bugs.debian.org/880467#10 and the
fact that removing jasperreports from unstable will cause no issues
with reverse (build) dependencies anymore:

> $ dak rm --suite=sid -n -R jasperreports
> Will remove the following packages from sid:
> 
> jasperreports |6.3.1-2 | source
> libjasperreports-java |6.3.1-2 | all
> 
> Maintainer: Debian Java Maintainers 
> 
> 
> --- Reason ---
> 
> --
> 
> Checking reverse dependencies...
> No dependency problem found.

Should jasperreports now be removed from the archive?

Regards,
Salvatore

Bug#909085: ispell: Sequoia & ispell's /usr/bin/sq

[Daniel Kahn Gillmor]

On Wed 2018-10-31 10:38:06 -0400, Daniel Kahn Gillmor wrote:
> fwiw, debian has been shipping a bugfix patch to ispell's sq for over 7
> years, despite several new upstream releases.
> debian/patches/0006-Fix-sq-and-unsq.patch also "addresses" that ispell
> upstream doesn't even ship sq and unsq by default.
>
> anyway, for simplicity, we might just stop shipping sq entirely, thereby
> falling in line with upstream.  The attached patch below (against the
> git repo in https://salsa.debian.org/debian/ispell) does that, i think.
>
> If someone really wants to keep sq, perhaps they could speak up here?

Having heard no one speak up in over six months, I've gone ahead and
built an NMU of ispell (version 3.4.00-6.1), applying these changes (and
doing some other minor packaging cleanup besides).

I've uploaded the 3.4.00-6 for debian unstable to DELAYED/15, so that
the maintainer has chance to cancel it if they care.

I've pushed my changes in git on the master branch over at
https://salsa.debian.org/debian/ispell

I'm also including the debdiff between 3.4.00-6 and 3.4.00-6.1 below.

Regards,

--dkg

diff -Nru ispell-3.4.00/debian/changelog ispell-3.4.00/debian/changelog
--- ispell-3.4.00/debian/changelog	2017-07-11 15:01:26.0 -0400
+++ ispell-3.4.00/debian/changelog	2019-05-22 15:28:50.0 -0400
@@ -1,3 +1,20 @@
+ispell (3.4.00-6.1) unstable; urgency=medium
+
+  * Non-maintainer upload
+
+  [ Ondřej Nový ]
+  * d/copyright: Use https protocol in Format field
+  * d/control: Set Vcs-* to salsa.debian.org
+
+  [ Daniel Kahn Gillmor ]
+  * Stop shipping sq and unsq (Closes: #909085)
+  * fix logic bug in debian/packages.d/gen_debhelper_files.pl
+  * debian/watch: update to use https
+  * d/{copyright,control}: use current upstream URL
+  * avoid spelling errors in patch descriptions
+
+ -- Daniel Kahn Gillmor   Wed, 22 May 2019 15:28:50 -0400
+
 ispell (3.4.00-6) unstable; urgency=medium
 
   * New 0037-CC-from-environment.patch from Helmut Grohne to fix cross builds
diff -Nru ispell-3.4.00/debian/control ispell-3.4.00/debian/control
--- ispell-3.4.00/debian/control	2017-07-11 15:01:26.0 -0400
+++ ispell-3.4.00/debian/control	2019-05-22 15:26:38.0 -0400
@@ -17,9 +17,9 @@
  wbritish-large (>= 7.1),
  wbritish-small (>= 7.1)
 Standards-Version: 4.0.0
-Homepage: http://www.lasr.cs.ucla.edu/geoff/ispell.html
-Vcs-Git: https://anonscm.debian.org/git/users/robert/ispell.git
-Vcs-Browser: https://anonscm.debian.org/cgit/users/robert/ispell.git/
+Homepage: https://www.cs.hmc.edu/~geoff/ispell.html
+Vcs-Git: https://salsa.debian.org/debian/ispell.git
+Vcs-Browser: https://salsa.debian.org/debian/ispell
 
 Package: ispell
 Architecture: any
diff -Nru ispell-3.4.00/debian/copyright ispell-3.4.00/debian/copyright
--- ispell-3.4.00/debian/copyright	2017-07-11 15:01:26.0 -0400
+++ ispell-3.4.00/debian/copyright	2019-05-22 15:26:38.0 -0400
@@ -1,6 +1,6 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Contact: Geoff Kuenning 
-Source: http://www.lasr.cs.ucla.edu/geoff/ispell.html
+Source: https://www.cs.hmc.edu/~geoff/ispell.html
 
 Files: *
 Copyright:
diff -Nru ispell-3.4.00/debian/packages.d/gen_debhelper_files.pl ispell-3.4.00/debian/packages.d/gen_debhelper_files.pl
--- ispell-3.4.00/debian/packages.d/gen_debhelper_files.pl	2017-07-11 15:01:26.0 -0400
+++ ispell-3.4.00/debian/packages.d/gen_debhelper_files.pl	2019-05-22 15:26:38.0 -0400
@@ -54,7 +54,7 @@
 die "Invalid action $action" unless $cleanonly or $action eq "generate";
 
 my @debdirs = grep { -d $_ } ("./debian", "../debian", "../../debian");
-die "Cannot find debian dir" unless $#debdirs < 1;
+die "Cannot find debian dir" if $#debdirs < 1;
 chdir "$debdirs[0]/.." or die "Cannot chdir to $debdirs[0]/..: $!\n";
 
 my $dir="debian/packages.d";
diff -Nru ispell-3.4.00/debian/patches/0006-Fix-sq-and-unsq.patch ispell-3.4.00/debian/patches/0006-Fix-sq-and-unsq.patch
--- ispell-3.4.00/debian/patches/0006-Fix-sq-and-unsq.patch	2017-07-11 15:01:26.0 -0400
+++ ispell-3.4.00/debian/patches/0006-Fix-sq-and-unsq.patch	1969-12-31 19:00:00.0 -0500
@@ -1,239 +0,0 @@
-From: "Dr. Werner Fink" 
-Date: Thu, 31 May 2007 00:00:00 +0200
-Subject: 0006 Fix sq and unsq
-
-Fix sq/unsq, hint from Thomas Rachel
-
-The patch is taken from ispell-3.3.02-102.1.src.rpm from OpenSUSE.

- Makefile |  9 +++--
- sq.1 |  4 ++--
- sq.c | 32 
- unsq.c   | 29 ++---
- 4 files changed, 47 insertions(+), 27 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index a11ed06..c8e4b23 100644
 a/Makefile
-+++ b/Makefile
-@@ -283,6 +283,7 @@ all:	all-languages
- programs: buildhash findaffix tryaffix ispell
- programs: icombine ijoin munchlist
- programs: subset zapdups
-+programs: sq unsq
- 
- 

Bug#929268: Pending fixed packages

[Mathieu Parent]

Hi rollopack,

Please test the packages from:
https://salsa.debian.org/samba-team/samba/-/jobs/179622/artifacts/browse/debian/output/

They should fix the segfaults.

@carnil: Once the package is confirmed fixing this bug, can I upload
to security-master? It has only 3 changes:
  * Update Salsa Pipeline
  * Backport stability fixes:
- Bug 13315: Samba segfault with NT1 connections in smbXsrv_session_create()
  (Closes: #929268)
- Bug 13454: No Backtrace given by Samba's AD DC by default"
  (Closes: #929303)



Regards
-- 
Mathieu Parent

Bug#929224: apt-cacher-ng, debootstrap and deb.debian.org combination fails

[Eduard Bloch]

Hallo,
* Sean Whitton [Sun, May 19 2019, 08:08:07AM]:

> I thought that the problem is that apt-cacher-ng is not able to resolve
> SRV records.  However, I'm not so sure about that now.  debootstrap uses
> wget to download stuff, so I tried this:
>
> root@iris:/srv/chroot>http_proxy=http://localhost:3142 wget 
> http://deb.debian.org/debian/dists/sid/Release
> URL transformed to HTTPS due to an HSTS policy
> --2019-05-19 07:54:37--  https://deb.debian.org/debian/dists/sid/Release
> Resolving localhost (localhost)... ::1, 127.0.0.1
> Connecting to localhost (localhost)|::1|:3142... connected.
> Proxy tunneling failed: CONNECT denied (ask the admin to allow HTTPS 
> tunnels)Unable to establish SSL connection.

Uhm, I suggest you do what it says and read the manual?

https://www.unix-ag.uni-kl.de/~bloch/acng/html/howtos.html#ssluse

The "laissez-faire method": in acng.conf (or related) configure the 
PassThroughPattern option to contain a regex like .* and configure the clients 
to use apt-cacher-ng as HTTP proxy and let the clients connect to https URLs 
"as usual". Some limited access control can be achieved through adjustment of 
the regular expression (.* permits access to any host and any port, including 
443 for https). Data is not cached on the server.

Also modified by debconf: dpkg-reconfigure -plow apt-cacher-ng

Best regards,
Eduard.

Bug#923930: FTBFS: FAIL test_chain

[Jeffrey Altman]

Background on this test failure.

The reason that the Heimdal 7.5.0 tests began to fail after they
previously succeeded is because the failing test relies upon an X.509
certificate that expired on March 4 2019.

Then post 7.5.0 support was added to support OpenSSL 1.1 which included
the ability to handle certificates with expiration dates post 19 Jan
2038 03:14:07 UTC.

Heimdal also updated the test suite certificates to last 500 years.
These certificates work fine on platforms with 64-bit time_t but on
platforms such as Debian Linux i386 where time_t is 32-bit, the tests
will fail.

There has been no code change to Heimdal and there is no intention to
replace the use of time_t within Heimdal for a Heimdal specific time
integer type within the Heimdal 7.x series.  Making such a change would
alter not only APIs but ABIs.  Its unclear when or if we could make such
a change for the same reasons that Debian cannot alter the size of
time_t on i386.

Jeffrey Altman
Heimdal Project Manager



smime.p7s
Description: S/MIME Cryptographic Signature

Bug#929397: ftp.d.o: please upload LTS .buildinfo files to ftp-master

[Holger Levsen]

Package: ftp.debian.org
Severity: wishlist

hi,

from #-security today:

  * | h01ger wonders how to tackle #862538
 zwiebelbot | (#debian-security) Debian#862538: security.debian.org: Please
  POST .buildinfo files to buildinfo.debian.net
  - https://bugs.debian.org/862538
| for ftp.d.o there's a cronjob running as my user on coccia.d.o,
  which surely is a hack, but works for now. with security.d.o 
  i have little  idea how to implement this, as i dont know how
  embargoed updates get published and whether we could hook in
  then+their somehow
| h01ger: Well, they do get uploaded to ftp-master after some time.
| oh, really? so this bug is moot? do you have an example?
| h01ger: Hmm, though LTS doesn't get pushed to ftp-master. 
  But everything merged into stable releases just gets uploaded
  to ftp-master, so .buildinfo should be available
  | for variable amounts of "some time" :)


Besides #862538 there are also #862073 and #763822 which are all related
but slightly different details. (and as indicated, we have a workaround for
#862073 which publishes .buildinfo files to both buildinfo.debian.net as 
well as buildinfos.debian.net...
and if you ever forget the details we maintain an overview at
https://wiki.debian.org/ReproducibleBuilds#Big_outstanding_issues )

This new bug shall just be about not copying the .buildinfo files from LTS
uploads to ftp-master.d.o.

Also please note that this bug will only become relevant when Stretch
becomes LTS as only dpkg from stretch (and newer) produces .buildinfo
files.

Thanks!


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

we'll all die. make a difference while you can. disobey. smile.


signature.asc
Description: PGP signature

Bug#929064: CVE-2018-16860

[Jeffrey Altman]

Brian May wrote:

> I am hardly authoritative on this, however my rough take right now is:
>
> * There is a vulerability.
> * The fix is simple. Looking at the Samba patches, I suspect we only
>   need the bit that alters krb5tgs.c - below.
> * Not convinced this can actually be exploited without AD. It is
>   unlikely you would be using the stock Heimdal with AD. So possible
>   we don't need to worry.

When authoring https://www.samba.org/samba/security/CVE-2018-16860.html
we tried to make it very clear that although this vulnerability exists
within the Heimdal KDC (as well as Microsoft Active Directory) the
exploit grants privilege escalation to any service that authenticates
users via a non-Kerberos mechanism and the obtains a Kerberos ticket for
the authenticated user issued with the service principal being the
requesting service's identity.

To make it clear that non-Windows services could be impacted we provided
an example of a web authentication service using OAuth or Shibboleth to
obtain AFS tokens on behalf of an authenticating user.

This vulnerability is very serious and should be patched immediately.
The minimal set of changes to address CVE-2018-16860 and CVE-2019-12098
can be found in this pull request:

  https://github.com/heimdal/heimdal/pull/555

Jeffrey Altman
Heimdal Project Manager





smime.p7s
Description: S/MIME Cryptographic Signature

Bug#929395: typecatcher: diff for NMU version 0.3-1.1

[Mattia Rizzolo]

Control: tags 929395 + patch
Control: tags 929395 + pending


Dear maintainer,

I've prepared an NMU for typecatcher (versioned as 0.3-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
diffstat for typecatcher-0.3 typecatcher-0.3

 changelog |   25 +
 compat|1 -
 control   |   14 +++---
 copyright |2 +-
 rules |2 --
 5 files changed, 29 insertions(+), 15 deletions(-)

diff -Nru typecatcher-0.3/debian/changelog typecatcher-0.3/debian/changelog
--- typecatcher-0.3/debian/changelog	2017-09-04 02:48:32.0 +0200
+++ typecatcher-0.3/debian/changelog	2019-05-22 20:40:43.0 +0200
@@ -1,3 +1,20 @@
+typecatcher (0.3-1.1) unstable; urgency=medium
+
+  * Non-Maintainer Upload.
+
+  [ Ondřej Nový ]
+  * d/control: Remove ancient X-Python3-Version field
+  * d/copyright: Use https protocol in Format field
+  * d/changelog: Remove trailing whitespaces
+  * d/control: Set Vcs-* to salsa.debian.org
+
+  [ Mattia Rizzolo ]
+  * Add missing build-dependency on dh-python (Closes: #929395).
+  * Bump debhelper compat level to 12.
+  * Bump Standards-Version to 4.3.0, no changes needed.
+
+ -- Mattia Rizzolo   Wed, 22 May 2019 20:40:43 +0200
+
 typecatcher (0.3-1) unstable; urgency=medium
 
   * New upstream release.
@@ -5,10 +22,10 @@
   * Add debian/watch file.
   * debian/control:
- Depend on gir1.2-webkit2-4.0 and drop gir1.2-webkit-3.0.
-   - "Extra" priority has been deprecated; now "optional."  
-   - Move to "fonts" section (Closes: #820386). 
+   - "Extra" priority has been deprecated; now "optional."
+   - Move to "fonts" section (Closes: #820386).
- Bump Standards-Version to 4.1.0.
-  * Bump debian/compat to 10. 
+  * Bump debian/compat to 10.
 
  -- Andrew Starr-Bochicchio   Sun, 03 Sep 2017 20:48:32 -0400
 
@@ -17,7 +34,7 @@
   * Move VCS to to git.
   * debian/control:
- Drop unneeded dh-python build dep.
-   - Build depend on python3-gi for tests (Closes: #812181).  
+   - Build depend on python3-gi for tests (Closes: #812181).
- Bump Standards-Version to 3.9.6, no changes.
 
  -- Andrew Starr-Bochicchio   Fri, 22 Jan 2016 12:07:44 -0800
diff -Nru typecatcher-0.3/debian/compat typecatcher-0.3/debian/compat
--- typecatcher-0.3/debian/compat	2017-09-04 02:46:25.0 +0200
+++ typecatcher-0.3/debian/compat	1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-10
diff -Nru typecatcher-0.3/debian/control typecatcher-0.3/debian/control
--- typecatcher-0.3/debian/control	2017-09-04 02:46:40.0 +0200
+++ typecatcher-0.3/debian/control	2019-05-22 20:36:28.0 +0200
@@ -2,18 +2,18 @@
 Maintainer: Andrew Starr-Bochicchio 
 Section: fonts
 Priority: optional
-Build-Depends: debhelper (>= 10),
-   python3 (>= 3.2),
-   python3-distutils-extra,
+Build-Depends: debhelper-compat (= 12),
+   dh-python,
gir1.2-glib-2.0,
gir1.2-gtk-3.0,
gir1.2-webkit2-4.0,
+   python3 (>= 3.2),
+   python3-distutils-extra,
python3-gi
-Standards-Version: 4.1.0
-Vcs-Git: git://anonscm.debian.org/collab-maint/typecatcher.git
-Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/typecatcher.git
+Standards-Version: 4.3.0
+Vcs-Git: https://salsa.debian.org/debian/typecatcher.git
+Vcs-Browser: https://salsa.debian.org/debian/typecatcher
 Homepage: https://launchpad.net/typecatcher
-X-Python3-Version: >= 3.2
 
 Package: typecatcher
 Architecture: all
diff -Nru typecatcher-0.3/debian/copyright typecatcher-0.3/debian/copyright
--- typecatcher-0.3/debian/copyright	2017-09-04 02:15:17.0 +0200
+++ typecatcher-0.3/debian/copyright	2019-05-22 20:33:45.0 +0200
@@ -1,4 +1,4 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: typecatcher
 Upstream-Contact: Andrew Starr-Bochicchio 
 Source: https://launchpad.net/typecatcher
diff -Nru typecatcher-0.3/debian/rules typecatcher-0.3/debian/rules
--- typecatcher-0.3/debian/rules	2016-01-22 02:44:40.0 +0100
+++ typecatcher-0.3/debian/rules	2019-05-22 20:40:24.0 +0200
@@ -5,5 +5,3 @@
 else
 	dh $@ --with python3 --buildsystem=pybuild
 endif
-
-


signature.asc
Description: PGP signature

Bug#929350: RFS: libt3highlight/0.4.8-1

[Adam Borowski]

On Wed, May 22, 2019 at 09:14:11AM +0200, Gertjan Halkes wrote:
> * Package name: libt3highlight
>   Version : 0.4.8-1

> Changes since the last upload:
> 
>   * New upstream release.

Hi!
This upload is targetted at unstable, yet doesn't look like something fit
for a late-freeze update.  It is somewhat controversial whether this matters
much for a near-leaf package, but it makes the life of the Release Team
busier, and some people have strong opinions about the issue.

Thus, I'd propose either:
1. pausing until Buster is released, or
2. uploading to experimental instead, or
3. if you consider it important, isolating just the bad free fix, and
   applying it as a patch to 0.4.6 (I don't know how severe the bug is)


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ Latin:   meow 4 characters, 4 columns,  4 bytes
⣾⠁⢠⠒⠀⣿⡁ Greek:   μεου 4 characters, 4 columns,  8 bytes
⢿⡄⠘⠷⠚⠋  Runes:   ᛗᛖᛟᚹ 4 characters, 4 columns, 12 bytes
⠈⠳⣄ Chinese: 喵   1 character,  2 columns,  3 bytes <-- best!

Bug#929396: libtool is unable to link complex projects

[Dmitry Mikhirev]

Package: libtool
Version: 2.4.6-10
Severity: important

Dear maintainer, I faced a problem trying to build a project,
libtoolized by Buster's libtool. It is also reproducible wit libtool
from Sid. The trouble is that if libfoo.la and libbar.la were built,
where libbar.la depends on libfoo.la, and some binary is linked to
libbar.la, libfoo is not added to the linker command line. If I replace
ltmain.sh and libtool.m4 by the files from the original tarball, I'm
able to build the project successfully.

Steps to reproduce:

1. Get rpm 4.13.1 source tree
git clone g...@github.com:rpm-software-management/rpm.git
cd rpm
git checkout rpm-4.13.1-release
2. Run autoreconf
autoreconf -fiv
3. Download latest berkeley-db from
http://download.oracle.com/otn/berkeley-db/db-18.1.32.tar.gz (the bug
doesn't reproduce when building with system db package) and untar it:
tar -xf db-18.1.32.tar.gz
ln -s db-18.1.32 db
4. Install dependencies
sudo apt install build-essential libnss3-dev libnspr4-dev libpopt-dev 
libdb-dev zlib1g-dev libmagic-dev
5. Configure && make
CPPFLAGS='-I/usr/include/nspr -I/usr/include/nss' ./configure --without-lua 
--without-python
make

Expected result: rpm is built successfully.

Actual result:
/bin/bash ../libtool  --tag=CC   --mode=link gcc  -g -O2 -fPIC -DPIC 
-D_REENTRANT -Wall -Wpointer-arith -Wmissing-prototypes -Wstrict-prototypes  
-fno-strict-aliasing -fstack-protector -Wempty-body   -o rpmdb_dump  
../db3/db_dump.o ../db3/util_cache.o ../db3/util_sig.o librpm.la -ldl -lpthread 
libtool: link: gcc -g -O2 -fPIC -DPIC -D_REENTRANT -Wall -Wpointer-arith 
-Wmissing-prototypes -Wstrict-prototypes -fno-strict-aliasing -fstack-protector 
-Wempty-body -o .libs/rpmdb_dump ../db3/db_dump.o ../db3/util_cache.o 
../db3/util_sig.o  ./.libs/librpm.so -ldl -lpthread
/usr/bin/ld: ../db3/db_dump.o: in function `db_init':
/home/dmitry/src/rpm-github/db3/../db/util/db_dump.c:379: undefined 
reference to `__db_util_env_open_rpmdb'
/usr/bin/ld: ../db3/db_dump.o: in function `main':
/home/dmitry/src/rpm-github/db3/../db/util/db_dump.c:45: undefined 
reference to `__db_util_arg_progname_rpmdb'
/usr/bin/ld: /home/dmitry/src/rpm-github/db3/../db/util/db_dump.c:47: 
undefined reference to `__db_util_version_check_rpmdb'
/usr/bin/ld: /home/dmitry/src/rpm-github/db3/../db/util/db_dump.c:106: 
undefined reference to `__db_util_arg_password_rpmdb'
/usr/bin/ld: /home/dmitry/src/rpm-github/db3/../db/util/db_dump.c:199: 
undefined reference to `__db_util_env_create_rpmdb'
collect2: error: ld returned 1 exit status

In the linker command line librmio.so and libdb.so are missing, as well
as -L options specifying path to find them. Both libraries are listed
as dependency_libs in librpm.la.

After looking at Debian patches I assumed that this issue could be
introduced by the link_all_deplibs.patch. Although after reverting it, I
figured out that even librpm.so has disappeared from the linker command
line. So it seems that some another patch breaks the libtool linking
behavior even with link_all_deplibs=unknown.

-- System Information:
Debian Release: 10.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, mipsel

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), 
LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libtool depends on:
ii  autotools-dev   20180224.1
ii  clang-3.5 [c-compiler]  1:3.5-10
ii  clang-5.0 [c-compiler]  1:5.0.2~svn328729-1~exp1~20180509123438.100
ii  clang-6.0 [c-compiler]  1:6.0.1-10
ii  clang-7 [c-compiler]1:7.0.1-8
ii  cpp 4:8.3.0-1
ii  file1:5.35-4
ii  gcc 4:8.3.0-1
ii  gcc-4.6 [c-compiler]4.6.3-14
ii  gcc-4.8 [c-compiler]4.8.4-1
ii  gcc-4.9 [c-compiler]4.9.2-10
ii  gcc-6 [c-compiler]  6.3.0-18+deb9u1
ii  gcc-8 [c-compiler]  8.3.0-6
ii  libc6-dev [libc-dev]2.28-10

Versions of packages libtool recommends:
ii  libltdl-dev  2.4.6-9

Versions of packages libtool suggests:
ii  autoconf 2.69-11
ii  automake [automaken] 1:1.16.1-4
ii  automake1.11 [automaken] 1:1.11.6-5
pn  gcj-jdk  
ii  gfortran 4:8.3.0-1
ii  gfortran-8 [fortran95-compiler]  8.3.0-6
ii  libtool-doc  2.4.6-9

-- no debconf information

Bug#929395: typecatcher: FTBFS: dh: unable to load addon python3

[Mattia Rizzolo]

Source: typecatcher
Version: 0.3-1
Severity: serious

dpkg-buildpackage: info: source package typecatcher
dpkg-buildpackage: info: source version 0.3-1
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Andrew Starr-Bochicchio 

dpkg-buildpackage: info: host architecture amd64
 dpkg-source --before-build .
dpkg-source: info: using options from typecatcher-0.3/debian/source/options: 
--extend-diff-ignore=(^|/)(po/typecatcher\.pot)$
 fakeroot debian/rules clean
dh clean --with python3 --buildsystem=pybuild
dh: unable to load addon python3: Can't locate 
Debian/Debhelper/Sequence/python3.pm in @INC (you may need to install the 
Debian::Debhelper::Sequence::python3 module) (@INC contains: /etc/perl 
/usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 
/usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 
/usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 
/usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 12) line 
1.
BEGIN failed--compilation aborted at (eval 12) line 1.

make: *** [debian/rules:6: clean] Error 2
dpkg-buildpackage: error: fakeroot debian/rules clean subprocess returned exit 
status 2


-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#926681: Fwd: Bug#926681: unblock: acme-tiny/1:4.0.4-1

[Samuel Henrique]

Control: tags -1 - moreinfo

Bug#929394: rust-libc: please update to 0.2.55

[Daniel Kahn Gillmor]

Package: src:rust-libc
Severity: wishlist
Blocks: 929385 by -1
Control: tags -1 + patch

sequoia-openpgp wants memsec, which wants getrandom, which wants
rust-libc version 0.2.54 or greater.  but we only have rust-libc 0.2.48
in debian right now.

If i look for the dependencies, though:

aptitude '~Dlibrust-libc

There are 100 of them -- yikes!  I'm not sure how to efficiently and
safely test them all to ensure that the upgrade doesn't break anything,
so rather than just applying the patch below, i'm proposing it here.

  --dkg

From 545f9849017fb769bc036127d2515529bbc41179 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Tue, 21 May 2019 17:40:35 -0400
Subject: [PATCH] update libc to 0.2.55

---
 src/libc/debian/changelog   | 7 +++
 src/libc/debian/copyright.debcargo.hint | 7 +++
 2 files changed, 14 insertions(+)

diff --git a/src/libc/debian/changelog b/src/libc/debian/changelog
index 1f6332fc..eafb81e8 100644
--- a/src/libc/debian/changelog
+++ b/src/libc/debian/changelog
@@ -1,3 +1,10 @@
+rust-libc (0.2.55-1) UNRELEASED-FIXME-AUTOGENERATED-DEBCARGO; urgency=medium
+
+  * Team upload.
+  * Package libc 0.2.55 from crates.io using debcargo 2.2.10
+
+ -- Daniel Kahn Gillmor   Tue, 21 May 2019 17:38:23 -0400
+
 rust-libc (0.2.48-1) unstable; urgency=medium
 
   * Package libc 0.2.48 from crates.io using debcargo 2.2.9
diff --git a/src/libc/debian/copyright.debcargo.hint b/src/libc/debian/copyright.debcargo.hint
index 51056c8a..314b788d 100644
--- a/src/libc/debian/copyright.debcargo.hint
+++ b/src/libc/debian/copyright.debcargo.hint
@@ -19,6 +19,13 @@ Comment:
  FIXME (overlay): These notices are extracted from files. Please review them
  before uploading to the archive.
 
+Files: ./src/hermit/mod.rs
+Copyright: 2018 The Rust Project Developers
+License: UNKNOWN-LICENSE; FIXME (overlay)
+Comment:
+ FIXME (overlay): These notices are extracted from files. Please review them
+ before uploading to the archive.
+
 Files: ./src/lib.rs
 Copyright: 2012-2015 The Rust Project Developers
 License: UNKNOWN-LICENSE; FIXME (overlay)
-- 
2.20.1



signature.asc
Description: PGP signature

Bug#921694:

[Samuel Henrique]

Control: tags -1 - buster-ignore

Removing tag as that is making the package not being removed from Testing,
I thought it would be useful so it wouldn't be listed as a buster RC bug
but I will have to remove the tag now.



--
Samuel Henrique 

Bug#905720: Bug#926681: unblock: acme-tiny/1:4.0.4-1

[Samuel Henrique]

Control: tags -1 - moreinfo

Bug#929393: rust-lazy-static: please upgrade to 0.13.0

[Daniel Kahn Gillmor]

Package: src:rust-lazy-static
Severity: wishlist
Blocks: 929385 by -1
Control: tags -1 + patch

sequoia-openpgp wants lazy_static version 0.13.0.  we only have 0.11.0
in debian right now.

If i look for the dependencies, though:

aptitude '~Dlibrust-lazy-static'

There are 36 of them including cargo itself.  I'm not sure how to
efficiently and safely test them all to ensure that the upgrade doesn't
break anything, so rather than just applying the patch below, i'm
proposing it here.

  --dkg

From 55e59be404c29182671a97e9c674d7baabcc7b6e Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Tue, 21 May 2019 19:25:17 -0400
Subject: [PATCH] update lazy_static to 1.3.0

---
 src/lazy-static/debian/changelog   | 7 +++
 src/lazy-static/debian/copyright.debcargo.hint | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/lazy-static/debian/changelog b/src/lazy-static/debian/changelog
index b89d4e28..74518e5e 100644
--- a/src/lazy-static/debian/changelog
+++ b/src/lazy-static/debian/changelog
@@ -1,3 +1,10 @@
+rust-lazy-static (1.3.0-1) UNRELEASED-FIXME-AUTOGENERATED-DEBCARGO; urgency=medium
+
+  * Team upload.
+  * Package lazy_static 1.3.0 from crates.io using debcargo 2.2.10
+
+ -- Daniel Kahn Gillmor   Tue, 21 May 2019 19:24:40 -0400
+
 rust-lazy-static (1.2.0-1) unstable; urgency=medium
 
   * Package lazy_static 1.2.0 from crates.io using debcargo 2.2.9
diff --git a/src/lazy-static/debian/copyright.debcargo.hint b/src/lazy-static/debian/copyright.debcargo.hint
index 4cbce74e..3eb957a3 100644
--- a/src/lazy-static/debian/copyright.debcargo.hint
+++ b/src/lazy-static/debian/copyright.debcargo.hint
@@ -42,8 +42,8 @@ Comment:
 
 Files: debian/*
 Copyright:
- 2018 Debian Rust Maintainers 
- 2018 Paride Legovini 
+ 2018-2019 Debian Rust Maintainers 
+ 2018-2019 Paride Legovini 
 License: MIT or Apache-2.0
 
 License: Apache-2.0
-- 
2.20.1



signature.asc
Description: PGP signature

Bug#929392: php-horde-image 2.5.3-1: autopkgtest regression

[Steve Langasek]

Source: php-horde-image
Version: 2.5.3-1
Severity: important
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu eoan

Dear Mathieu,

The autopkgtests for php-horde-image 2.5.3-1 have never passed; they always
fail with this error:

autopkgtest [23:42:23]: test phpunit: [---
PHP Fatal error:  Uncaught Error: Class 'Horde_Image_Exif_TestBase' not found 
in 
/tmp/autopkgtest-lxc._0g2am78/downtmp/build.ir3/src/Horde_Image-2.5.3/test/Horde/Image/Exif/BundledTest.php:11
Stack trace:
#0 /usr/share/php/PHPUnit/Util/FileLoader.php(57): include_once()
#1 /usr/share/php/PHPUnit/Util/FileLoader.php(45): 
PHPUnit\Util\FileLoader::load('/tmp/autopkgtes...')
#2 /usr/share/php/PHPUnit/Framework/TestSuite.php(540): 
PHPUnit\Util\FileLoader::checkAndLoad('/tmp/autopkgtes...')
#3 /usr/share/php/PHPUnit/Framework/TestSuite.php(618): 
PHPUnit\Framework\TestSuite->addTestFile('/tmp/autopkgtes...')
#4 /usr/share/php/PHPUnit/Runner/BaseTestRunner.php(70): 
PHPUnit\Framework\TestSuite->addTestFiles(Array)
#5 /usr/share/php/PHPUnit/TextUI/Command.php(183): 
PHPUnit\Runner\BaseTestRunner->getTest('.', '', Array)
#6 /usr/share/php/PHPUnit/TextUI/Command.php(162): 
PHPUnit\TextUI\Command->run(Array, true)
#7 /usr/bin/phpunit(42): PHPUnit\TextUI\Command::main()
#8 {main}
  thrown in 
/tmp/autopkgtest-lxc._0g2am78/downtmp/build.ir3/src/Horde_Image-2.5.3/test/Horde/Image/Exif/BundledTest.php
 on line 11
autopkgtest [23:42:23]: test phpunit: ---]

  (https://ci.debian.net/packages/p/php-horde-image/unstable/amd64/)

This is a regression vs the previous version of php-horde-image, 2.5.2-3,
whose autopkgtests passed.

Since php-horde-image 2.5.3-1 was uploaded to Debian before autopkgtest
regressions became blocking for testing migration, 2.5.3-1 is in testing and
will be included in the next Debian release.  However, autopkgtest
regressions have always been blocking in Ubuntu, where this test also fails,
so FYI php-horde-image 2.5.3-1 will not be included in an Ubuntu release
until this is resolved.

(Also, obviously if the tests are consistently failing, this prevents you
from using this as an effective CI gate for Debian testing, so dependencies
of php-horde-image could at any point cause php-horde-image to have runtime
regressions in Debian testing.)

Regards,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Bug#929391: makexvpics FTCBFS: does not pass cross tools to make

[Helmut Grohne]

Source: makexvpics
Version: 1.0.1-3
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

makexvpics fails to cross build from source, because it does not pass
cross tools to make. The easiest way of fixing that - using
dh_auto_build - is insufficient for making makexvpics cross buildable,
as it also passes -s to install. Doing so not only breaks cross
compilation, but also DEB_BUILD_OPTIONS=nostrip as well as generation of
-dbgsym packages. The attached patch fixes all of that. Please consider
applying it.

Helmut
diff -u makexvpics-1.0.1/Makefile makexvpics-1.0.1/Makefile
--- makexvpics-1.0.1/Makefile
+++ makexvpics-1.0.1/Makefile
@@ -10,6 +10,7 @@
 PREFIX = $(DESTDIR)/usr
 BINDIR = $(PREFIX)/bin
 MANDIR = $(PREFIX)/share/man/man1
+INSTALL ?= install
 
 # You shouldn't need to modify anything below this line.
 
@@ -20,9 +21,9 @@
$(CC) $(CFLAGS) -o ppmtoxvmini ppmtoxvmini.o
 
 install: all
-   install -m 511 -s ppmtoxvmini $(BINDIR)
-   install -m 555 makexvpics.sh $(BINDIR)/makexvpics
-   install -m 444 makexvpics.1 ppmtoxvmini.1 $(MANDIR)
+   $(INSTALL) -m 511 -s ppmtoxvmini $(BINDIR)
+   $(INSTALL) -m 555 makexvpics.sh $(BINDIR)/makexvpics
+   $(INSTALL) -m 444 makexvpics.1 ppmtoxvmini.1 $(MANDIR)
 
 clean:
$(RM) *.o *~ ppmtoxvmini
diff -u makexvpics-1.0.1/debian/changelog makexvpics-1.0.1/debian/changelog
--- makexvpics-1.0.1/debian/changelog
+++ makexvpics-1.0.1/debian/changelog
@@ -1,3 +1,12 @@
+makexvpics (1.0.1-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: (Closes: #-1)
++ Let dh_auto_build pass cross tools to make.
++ Don't strip during make install.
+
+ -- Helmut Grohne   Wed, 22 May 2019 19:35:32 +0200
+
 makexvpics (1.0.1-3) unstable; urgency=medium
 
   * Update to latest policy, debhelper 9. (Closes: #817573)
diff -u makexvpics-1.0.1/debian/rules makexvpics-1.0.1/debian/rules
--- makexvpics-1.0.1/debian/rules
+++ makexvpics-1.0.1/debian/rules
@@ -19,8 +19,7 @@
 build-stamp:
dh_testdir
 
-   # Add here commands to compile the package.
-   $(MAKE)
+   dh_auto_build
#/usr/bin/docbook-to-man debian/makexvpics.sgml > makexvpics.1
 
touch build-stamp
@@ -42,7 +41,7 @@
dh_installdirs
 
# Add here commands to install the package into debian/makexvpics.
-   $(MAKE) install DESTDIR=$(CURDIR)/debian/makexvpics
+   $(MAKE) install DESTDIR=$(CURDIR)/debian/makexvpics INSTALL='install 
--strip-program=true'
 
 
 # Build architecture-independent files here.

Bug#929383: live-build fails if there's some updates for same kernel

[PICCORO McKAY Lenz]

El mié., 22 de may. de 2019 a la(s) 11:30, PICCORO McKAY Lenz (
mckaygerh...@gmail.com) escribió:

>
> so then at the bvinary stage i got that error:
>
> mv: target ‘binary/live/vmlinuz1’ is not a directory
> P: Begin unmounting filesystems...
> P: Saving caches...
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> }
>

i got some point int the problem seem at scritps/build/binary_syslinux

commands seems are:

mv binary/${_INITRAMFS}/vmlinuz-*-${_FLAVOUR}
binary/${_INITRAMFS}/vmlinuz${_NUMBER}

this when executing for varous flavours with different verions got into
problems due made more than one file and obviousli rest of scripts got
confused

there's others scripts in same way fails if more than one are specified, by
example
and backports repository and updates repositories are enabled:

--security true backports true updates true \
--linux-flavours "586 686-pae amd64" \
--linux-packages "linux-image linux-headers" \

will fails

Bug#923726: A lot of time wasted on previous version.

[Pipo]

Hi,

I am using Sid and had a problem using monero version v0-13-0-4.

That problem arised because that version is still available under Sid.

I noticed that it is not available in testing and stable (that is good).

I suggest that when you get a notice of a fork in any crypto-currency package,

that you delete the old version package from any version (including Sid), until 
you can

setup the new fork's version.

I do not see any good reason to keep an old version (already forked) even in 
the unstable

debian version.


https://monero.stackexchange.com/questions/11241/just-mined-with-an-old-version-v0-13-0-4-and-upgraded-to-v0-14-0-2-reward-now-m


Thank you,

-- pipo

Bug#929390: VTK 8

[Nico Schlömer]

Package: vtk7
Version:

VTK 8 is now out for about two years (June 2017). Perhaps we should
start supporting it?

Bug#929389: missed virtual-package-names-list.yaml page

[Sean Whitton]

Package: www.debian.org
Severity: normal

On Wed 22 May 2019 at 08:30PM +08, laokz wrote:

> Hello all,
>
> The web page
> https://www.debian.org/doc/packaging-manuals/virtual-package-names-list.yaml
> shows "Page not found". The 2017-01 .txt version can be visited.
>
> Regards,
> laokz

I think the scripts need to be updated for the .txt->.yaml change in
debian-policy 4.3.0.0.  Thanks.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#929384: debian-security-support: [INTL:ru] Russian program translation update

[Holger Levsen]

control: tags -1 + pending

On Wed, May 22, 2019 at 06:58:54PM +0300, Yuri Kozlov wrote:
> Russian program translation update is attached.

thank you!


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#929388: cloud-init: Incorrect datasource name

[Avdeev]

Package: cloud-init
Version: 0.7.9-2
Severity: normal

Dear Maintainer,

After run dpkg-reconfigure i select only "Openstack" field.
After this, into file /etc/cloud/cloud.cfg.d/90_dpkg.cfg writed
incorrect value datasource_list. Needed change "Openstack" to 
"OpenStack" for correct working cloud-init service.



-- System Information:
Debian Release: 9.9
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cloud-init depends on:
ii debconf [debconf-2.0] 1.5.61
ii gdisk 1.0.1-1
ii ifupdown 0.8.19
ii init-system-helpers 1.48
ii lsb-base 9.20161125
ii lsb-release 9.20161125
ii net-tools 1.60+git20161116.90da8a0-1
ii procps 2:3.3.12-3+deb9u1
ii python3 3.5.3-1
ii python3-configobj 5.0.6-2
ii python3-jinja2 2.8-1
ii python3-jsonpatch 1.19-4
ii python3-oauthlib 2.0.1-1
ii python3-prettytable 0.7.2-3
ii python3-requests 2.12.4-1
ii python3-six 1.10.0-3
ii python3-yaml 3.12-1

cloud-init recommends no packages.

cloud-init suggests no packages.

-- Configuration Files:
/etc/cloud/cloud.cfg changed:
disable_root: false preserve_hostname: false
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write-files
- growpart
- resizefs
- disk_setup
- mounts
- set_hostname
- update_hostname
- update_etc_hosts
- ca-certs
- rsyslog
- users-groups
- ssh
cloud_config_modules:
- emit_upstart
- ssh-import-id
- locale
- set-passwords
- grub-dpkg
- apt-pipelining
- apt-configure
- ntp
- timezone
- disable-ec2-metadata
- runcmd
- byobu
cloud_final_modules:
- package-update-upgrade-install
- fan
- puppet
- chef
- salt-minion
- mcollective
- rightscale_userdata
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message
- power-state-change
system_info:
# This will affect which distro class gets used
distro: debian
# Other config here will be given to the distro class and/or path classes
paths:
cloud_dir: /var/lib/cloud/
templates_dir: /etc/cloud/templates/
upstart_dir: /etc/init/
package_mirrors:
- arches: [default]
failsafe:
primary: http://deb.debian.org/debian
security: http://security.debian.org/
ssh_svcname: ssh


-- debconf information:
* cloud-init/datasources: Openstack

Bug#929384: debian-security-support: [INTL:ru] Russian program translation update

[Yuri Kozlov]

Package: debian-security-support
Version: 2019.05.15
Severity: wishlist
Tags: l10n patch

Russian program translation update is attached.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), 
LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


ru.po.gz
Description: application/gzip

Bug#929385: ITP: sequoia -- a modern OpenPGP implementation in Rust

[Daniel Kahn Gillmor]

Package: wnpp
Severity: wishlist
Owner: Daniel Kahn Gillmor 

* Package name: sequoia
  Version : 0.7.0
  Upstream Author : Sequoia Developers 
* URL : https://www.sequoia-pgp.org/
* License : GPL
  Programming Lang: Rust
  Description : A modern OpenPGP implementation in Rust

Sequoia offers an OpenPGP interface in a modern, memory-safe language.
It offers two command-line utilities (sq and sqv) in addition to its
Rust library implementation.

In the future, it aims to to offer a C foreign function interface
(FFI) and python bindings as well.

This will likely be packaged via the Rust packaging team for now,
using the debcargo-conf workflow, which means that sequoia itself will
get broken into several distinct packages (one per crate).  I intend
to close this ITP when the "sq" command line utility enters debian,
though i consider other packages to be working toward the same goal.

Bug#929387: unblock: libssh/0.8.7-1 (pre-upload approval)

[Martin Pitt]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Three months ago, a new libssh upstream bug fix release 0.8.7 was done, which
fixes a dozen security issues, crashes, and other bugs:

  https://git.libssh.org/projects/libssh.git/log/?h=stable-0.8
  (the bits between 0.8.6 and 0.8.7)

(Our package already has the oldest three patches backported)
At first I wanted to cherry-pick, but honestly I think we should have all these
fixes in buster, including the "Remove SHA384 HMAC" before that hits stable.

I haven't yet uploaded this new version, as I'd like to get your approval
first. If you do approve, I'll upload it to unstable, otherwise to experimental
and later through s-p-u.

I attach the full debdiff between the current unstable/testing version and the
one I'd like to upload. If you prefer looking at it on salsa:

These are the upstream changes:
   https://salsa.debian.org/debian/libssh/commit/aab54d0cc04dd
and the corresponding packaging changes for it (dropping patches):
   https://salsa.debian.org/debian/libssh/commit/34591503a1b4b

I also added valgrinding to the autopkgtest, which exposes a bug:
   https://salsa.debian.org/debian/libssh/commit/59593bc7cf4

This bug also happens on 0.8.6 and earlier versions (not yet on 0.6.x), so this
is unrelated to this particular upstream update, but I'd still like to land it
to avoid regressions under valgrind.

Thanks for considering!

Martin Pitt
diff -Nru libssh-0.8.6/.gitlab-ci.yml libssh-0.8.7/.gitlab-ci.yml
--- libssh-0.8.6/.gitlab-ci.yml 2018-12-24 07:35:54.0 +
+++ libssh-0.8.7/.gitlab-ci.yml 2019-02-25 08:58:49.0 +
@@ -357,5 +357,5 @@
 paths:
   - obj/
 
-Debian.cross.mips-linux-gnu:
+.Debian.cross.mips-linux-gnu:
   <<: *Debian_cross_template
diff -Nru libssh-0.8.6/CMakeLists.txt libssh-0.8.7/CMakeLists.txt
--- libssh-0.8.6/CMakeLists.txt 2018-12-24 07:36:06.0 +
+++ libssh-0.8.7/CMakeLists.txt 2019-02-25 08:58:49.0 +
@@ -10,7 +10,7 @@
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)
 
-project(libssh VERSION 0.8.6 LANGUAGES C)
+project(libssh VERSION 0.8.7 LANGUAGES C)
 
 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +22,7 @@
 # Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 # Increment REVISION.
-set(LIBRARY_VERSION "4.7.3")
+set(LIBRARY_VERSION "4.7.4")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is 
checked
diff -Nru libssh-0.8.6/ChangeLog libssh-0.8.7/ChangeLog
--- libssh-0.8.6/ChangeLog  2018-12-24 07:36:06.0 +
+++ libssh-0.8.7/ChangeLog  2019-02-25 08:59:53.0 +
@@ -1,6 +1,12 @@
 ChangeLog
 ==
 
+version 0.8.7 (released 2019-02-25)
+  * Fixed handling extension flags in the server implementation
+  * Fixed exporting ed25519 private keys
+  * Fixed corner cases for rsa-sha2 signatures
+  * Fixed some issues with connector
+
 version 0.8.6 (released 2018-12-24)
   * Fixed compilation issues with different OpenSSL versions
   * Fixed StrictHostKeyChecking in new knownhosts API
diff -Nru libssh-0.8.6/debian/changelog libssh-0.8.7/debian/changelog
--- libssh-0.8.6/debian/changelog   2019-02-11 20:43:44.0 +
+++ libssh-0.8.7/debian/changelog   2019-05-22 15:48:31.0 +
@@ -1,3 +1,18 @@
+libssh (0.8.7-1) UNRELEASED; urgency=medium
+
+  * New upstream bug fix release 0.8.7.
+This fixes various crashes, buffer overflows, and other bugs.
+Drop our three backported patches, they are included in this release
+now. For details, see
+https://git.libssh.org/projects/libssh.git/log/?h=stable-0.8
+  * autopkgtest: Check ssh server under valgrind.
+This exposes a long-standing libssh bug with the curve25519-sha256 key
+exchange algorithm, causing an "incorrect signature" failure on 32 bit
+machines under valgrind. Add a hack to switch to a different algorithm,
+until this is properly investigated and reported.
+
+ -- Martin Pitt   Wed, 22 May 2019 15:48:31 +
+
 libssh (0.8.6-3) unstable; urgency=medium
 
   [ Laurent Bigonville ]
diff -Nru libssh-0.8.6/debian/patches/0001-dh-uninitialized-memory.patch 
libssh-0.8.7/debian/patches/0001-dh-uninitialized-memory.patch
--- libssh-0.8.6/debian/patches/0001-dh-uninitialized-memory.patch  
2019-02-11 20:43:44.0 +
+++ libssh-0.8.7/debian/patches/0001-dh-uninitialized-memory.patch  
1970-01-01 00:00:00.0 +
@@ -1,30 +0,0 @@
-From d028b2495d0bb2b7ae9b0af42b4377af4a964b00 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen 
-Date: Tue, 8 Jan 2019 11:32:10 +0100
-Subject: dh: Make sure we do not access uninitialized memory
-
-Signed-off-by: Jakub Jelen 
-Reviewed-by: Andreas Schneider 
-(cherry picked from commit ca62632170c311923026f978c57d2e0a0be3e0e1)

- src/dh.c | 4 
- 1 file changed, 4 insertions(+)
-
-diff --git 

Bug#929386: r-cran-webgestaltr: FTBFS (missing builds-depends)

[Santiago Vila]

Package: src:r-cran-webgestaltr
Version: 0.3.0-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in sid but it failed:


[...]
 debian/rules build-arch
dh build-arch --buildsystem R
   dh_update_autotools_config -a -O--buildsystem=R
   dh_autoreconf -a -O--buildsystem=R
   dh_auto_configure -a -O--buildsystem=R
   dh_auto_build -a -O--buildsystem=R
   dh_auto_test -a -O--buildsystem=R
   create-stamp debian/debhelper-build-stamp
 fakeroot debian/rules binary-arch
dh binary-arch --buildsystem R
   dh_testroot -a -O--buildsystem=R
   dh_prep -a -O--buildsystem=R
   dh_auto_install -a -O--buildsystem=R
I: R Package: WebGestaltR Version: 0.3.0
I: Building using R version 3.6.0-2
I: R API version: r-api-3.5
I: Using built-time from d/changelog: Mon, 18 Feb 2019 14:47:58 +0100
mkdir -p 
/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library
R CMD INSTALL -l 
/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library --clean . 
"--built-timestamp='Mon, 18 Feb 2019 14:47:58 +0100'"
ERROR: dependency 'apcluster' is not available for package 'WebGestaltR'
* removing 
'/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library/WebGestaltR'
dh_auto_install: R CMD INSTALL -l 
/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library --clean . 
"--built-timestamp='Mon, 18 Feb 2019 14:47:58 +0100'" returned exit code 1
make: *** [debian/rules:4: binary-arch] Error 2
dpkg-buildpackage: error: fakeroot debian/rules binary-arch subprocess returned 
exit status 2


Looks like a missing build-depends.

Thanks.

Bug#929380: PLEASE DISCARD - this bug is irrelevant

[Benoit Branciard]

I must be somewhat short-sighted...

/etc/cron.daily/tmpreaper already has "set -f" command, which is 
equivalent to "set -o noglob".


So this report is obviously irrelevant, you can close it.

--
Benoit BRANCIARD
Service InfraStructures (SIS)
Direction du Système d'Information et des Usages Numériques (DSIUN)
Université Paris 1 Panthéon-Sorbonne
Centre Pierre Mendès France
90 rue de Tolbiac - 75634 Paris cedex 13 - France
Bur. B406 - Tél +33 1 44 07 89 68 - Fax +33 1 44 07 89 66
Accueil: +33 1 44 07 89 65 - assistance-ds...@univ-paris1.fr
http://dsi.univ-paris1.fr

Bug#929383: live-build fails if there's some updates for same kernel

[PICCORO McKAY Lenz]

Package: live-build
Version: 1:20170213
Severity: serius

when try to build live strecht image with differents mirros (i setup not
only "mirror-" also setup "parent-mirror-" due bandwicht usage behind
firewallin also optimization of my bandwicht account spend..

IN ANY CASE: noted that i have various versions of the linux-image packages
(some from security others from recent uploads) such:

linux-image-4.9.0-9-686_4.9.168-1+deb9u2_i386.deb
linux-image-4.9.0-9-686_4.9.168-1_i386.deb

this happened if i configured http://ftp.wa.au.debian.org/debian as mirror
for live-build

so then at the bvinary stage i got that error:

mv: target ‘binary/live/vmlinuz1’ is not a directory
P: Begin unmounting filesystems...
P: Saving caches...
Reading package lists... Done
Building dependency tree
Reading state information... Done


NOTED THE "‘binary/live/vmlinuz1’ that i guess must be
‘binary/live/vmlinuz’ ?

i tried various configurations but the only working if when i disable all
mirrors configurations and only use only one mirror for all the stages...
and if those mirrors are only in sync...

i think the mirror "out of sync" are not a response to the problem due the
scripts must only take the configured version that i suppot to point at the
command line such :

--linux-flavours "586 686-pae" \
--linux-packages "linux-image linux-headers" \

This does not happened with amd64 if i build jessie image but fails for all
setup of i386 using any release such stretch, buster of oldstable when te
mirrors are not in sync with most recents

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
Description: rollback the drop of the backports customizations due now merged in main repo
Author: PICCORO Lenz McKAY 

---
Origin: https://salsa.debian.org/live-team/live-build/commit/dd15ade8bbdc6360816ed858253e7aaa68e4c9c2

--- live-build-4.0.4.orig/functions/defaults.sh
+++ live-build-4.0.4/functions/defaults.sh
@@ -435,6 +435,31 @@ Set_defaults ()
 			;;
 	esac
 
+	# Setting backports mirror to fetch packages from
+	case "${LB_MODE}" in
+		debian)
+			_DISTRIBUTOR="$(lsb_release -sc)"
+			case "${_DISTRIBUTOR}" in
+jessie|wheeze)
+	LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-http://archive.debian.org/debian-backports/};
+	LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT_BACKPORTS}}"
+	;;
+*)
+	LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-http://backports.debian.org/debian-backports/};
+	LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT_BACKPORTS}}"
+	;;
+			esac
+			;;
+
+		progress-linux)
+			LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT}}"
+			;;
+		*)
+			LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-none}"
+			LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-none}"
+			;;
+	esac
+
 	# Setting mirror which ends up in the image
 	case "${LB_MODE}" in
 		debian)
@@ -489,6 +514,30 @@ Set_defaults ()
 			;;
 	esac
 
+	# Setting backports mirror which ends up in the image
+	case "${LB_MODE}" in
+		debian)
+			_DISTRIBUTOR="$(lsb_release -sc)"
+			case "${_DISTRIBUTOR}" in
+jessie|wheeze)
+	LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-http://archive.debian.org/debian-backports/};
+	LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT_BACKPORTS}}"
+	;;
+*)
+	LB_MIRROR_CHROOT_BACKPORTS="${LB_MIRROR_CHROOT_BACKPORTS:-http://ftp.de.debian.org/debian-backports/};
+	LB_PARENT_MIRROR_CHROOT_BACKPORTS="${LB_PARENT_MIRROR_CHROOT_BACKPORTS:-${LB_MIRROR_CHROOT_BACKPORTS}}"
+	;;
+			esac
+			;;
+		progress-linux)
+			LB_MIRROR_BINARY_BACKPORTS="${LB_MIRROR_BINARY_BACKPORTS:-${LB_MIRROR_BINARY}}"
+			;;
+		*)
+			LB_PARENT_MIRROR_BINARY_BACKPORTS="${LB_PARENT_MIRROR_BINARY_BACKPORTS:-none}"
+			LB_MIRROR_BINARY_BACKPORTS="${LB_MIRROR_BINARY_BACKPORTS:-none}"
+			;;
+	esac
+
 	case "${LB_MODE}" in
 		progress-linux)
 			LB_PARENT_MIRROR_DEBIAN_INSTALLER="${LB_PARENT_MIRROR_DEBIAN_INSTALLER:-${LB_MIRROR_CHROOT}}"
--- live-build-4.0.4.orig/scripts/build/chroot_archives
+++ live-build-4.0.4/scripts/build/chroot_archives
@@ -160,11 +160,11 @@ EOF
 debian)
 	if [ "${LB_PARENT_DISTRIBUTION}" != "sid" ]
 	then
-		echo "deb ${LB_PARENT_MIRROR_CHROOT} ${LB_PARENT_DISTRIBUTION}-backports ${LIVE_IMAGE_PARENT_ARCHIVE_AREAS}" >> chroot/etc/apt/${_PARENT_FILE}
+		echo "deb ${LB_PARENT_MIRROR_CHROOT_BACKPORTS} ${LB_PARENT_DISTRIBUTION}-backports ${LIVE_IMAGE_PARENT_ARCHIVE_AREAS}" >> chroot/etc/apt/${_PARENT_FILE}
 
 		if [ "${_PASS}" = "source" ] || [ "${LB_APT_SOURCE_ARCHIVES}" = "true" ]
 		then
-			echo "deb-src ${LB_PARENT_MIRROR_CHROOT} ${LB_PARENT_DISTRIBUTION}-backports ${LIVE_IMAGE_PARENT_ARCHIVE_AREAS}" >> chroot/etc/apt/${_PARENT_FILE}
+			echo "deb-src ${LB_PARENT_MIRROR_CHROOT_BACKPORTS} ${LB_PARENT_DISTRIBUTION}-backports 

Bug#929063: Moving SELinux check

[Jesse Smith]

On 5/22/19 11:57 AM, Thorsten Glaser wrote:
> On Wed, 22 May 2019, Jesse Smith wrote:
>
>> I don't think removing the SELinux dependency from init actually saves
>> us any RAM. Several other services link to these libraries too, so the
> Maybe, maybe not. (I’m fairly sure I’ve got some VMs without.)
>
> Other services can, however, be more easily restarted than the entire
> system, in case of a security fix for that library.
>
>

How do you think an attacker would exploit a flaw in a SELinux library
through init? SysV init doesn't interact with the user, doesn't read any
files directly after it's up and running, doesn't listen on any sockets.
About the only way to interact with PID1 is through a pipe that can only
be written to by root.

Bug#928164: backports work

[Frederic Peters]

Hi Thijs,

> >> I would have been OK to have 2.6.0 of liblasso3 in stretch backports,
> >> and I was in the believe that I had installed it. But when checking,
> >> I'm still running 2.5.0-5+b1. Spooky
> 
> > I'll see about uploading 2.6.0 to backports.
> 
> That would be great. I have a backport of libapache2-mod-auth-mellon in
> stretch, to allow to use SHA256 with mellon. But the signatures fail
> because of https://dev.entrouvert.org/issues/10019
> 
> That is fixed in lasso 2.5.1. So having a lasso >= 2.5.1 in backports
> would really help us aswell.
> 
> I can help out with the backport work if needed.

Per https://backports.debian.org/Contribute/#index3h3 I asked to be
added to the ACL but no news yet; as you are already in I'd suggest you
go ahead and upload lasso (afaik there are no technical difficulties
and I'm using a local backport at $dayjob).


cheers,

Frederic

Bug#929382: python3-lib389: dsidm posixgroup create fails due to Namespace error in cli_idm/posixgroup.py

[Jörg Behrmann]

Package: python3-lib389
Version: 1.4.0.22-1
Severity: normal
Tags: patch

When running 

dsidm  posixgroup create foo

to create the group foo, dsidm fails with a namespace error, saying that
args does not have the attribute extra.

The problem can be found in versions 1.4.0.21 and 1.4.0.22 and has been
fixed upstream.

A patch is attached.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-lib389 depends on:
ii  python3   3.7.2-1
ii  python3-argcomplete   1.8.1-1
ii  python3-argparse-manpage  1.1-1
ii  python3-dateutil  2.7.3-3
ii  python3-ldap  3.1.0-2
ii  python3-pyasn10.4.2-3
ii  python3-pyasn1-modules0.2.1-0.2
ii  python3-pytest3.10.1-2
ii  python3-six   1.12.0-1

python3-lib389 recommends no packages.

python3-lib389 suggests no packages.

-- no debconf information
--- posixgroup.py.broken2019-05-22 16:51:15.051955626 +0200
+++ posixgroup.py   2019-05-22 16:52:03.423941608 +0200
@@ -39,7 +39,7 @@
 _generic_get_dn(inst, basedn, log.getChild('_generic_get_dn'), MANY, dn, 
args)
 
 def create(inst, basedn, log, args):
-kwargs = _get_attributes(args.extra, MUST_ATTRIBUTES)
+kwargs = _get_attributes(args, MUST_ATTRIBUTES)
 _generic_create(inst, basedn, log.getChild('_generic_create'), MANY, 
kwargs, args)
 
 def delete(inst, basedn, log, args):

Bug#924554: Bug#928108: unblock: unattended-upgrades/1.12 ?

[Bálint Réczey]

Control: tags -1 - moreinfo
Control: retitle -1 unblock: unattended-upgrades/1.11.1


Hi Paul,

Paul Gevers  ezt írta (időpont: 2019. máj. 21., K, 21:06):
>
> Control: tags -1 confirmed moreinfo
>
> Hi Bálint,
>
> On 21-05-2019 09:58, Bálint Réczey wrote:
...
> > Please find the the patch attached for cherry-picking only the fix for
> > #924554. If you prefer adding only this fix to Buster I will upload
> > this change to unstable then it can be let to testing.
>
> You can go ahead with that, except I prefer not to have the +deb10u1
> version as that looks weird for an unstable upload. Seem like you could
> use 1.11.1 or something along those lines.
>
> Please remove the moreinfo tag when the package built successfully.

Done, with the version number adjusted. The failing autopkgtest is not
related to this change.

Cheers,
Balint

Bug#929381: needs cdrecord binary which isn't in Debian

[Felix Zielcke]

Package: simpleburn
Version: 1.8.0-1+b3
Severity: grave

I tried burning an iso with simpleburn but it completely fails due to depending 
on cdrecord:

$ simpleburn
command: simpleburn.sh /dev/cdrom b-iso 'debian-buster-DI-rc1-amd64-netinst.iso'
/usr/bin/simpleburn.sh: line 171: cdrecord: command not found

cdrecord isn't avaible even in oldstable.

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages simpleburn depends on:
ii  cdrdao   1:1.2.4-1
ii  cdrskin  1.5.0-1
ii  icedax   9:1.1.11-3+b2
ii  libatk1.0-0  2.30.0-2
ii  libc62.28-10
ii  libcairo-gobject21.16.0-4
ii  libcairo21.16.0-4
ii  libcddb2 1.3.2-6
ii  libcdio-utils2.0.0-2
ii  libcdio182.0.0-2
ii  libdvdread4  6.0.1-1
ii  libfribidi0  1.0.5-3.1
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.58.3-1
ii  libgtk-3-0   3.24.5-1
ii  libpango-1.0-0   1.42.4-6
ii  libpangocairo-1.0-0  1.42.4-6
ii  xorriso  1.5.0-1

Versions of packages simpleburn recommends:
pn  flac
pn  mencoder
pn  mpg123  
pn  mplayer | mplayer2  
pn  normalize-audio 
pn  vorbis-tools

simpleburn suggests no packages.

-- no debconf information

Bug#929063: Moving SELinux check

[Thorsten Glaser]

On Wed, 22 May 2019, Jesse Smith wrote:

> I don't think removing the SELinux dependency from init actually saves
> us any RAM. Several other services link to these libraries too, so the

Maybe, maybe not. (I’m fairly sure I’ve got some VMs without.)

Other services can, however, be more easily restarted than the entire
system, in case of a security fix for that library.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**

Bug#929063: Moving SELinux check

[Jesse Smith]

On 5/21/19 8:45 PM, Dmitry Bogatov wrote:
> [2019-05-18 16:14] Jesse Smith 
>> From a practical perspective, I'm curious if there is any benefit or
>> drawback. Is this patch fixing a known bug,
>> does it significantly reduce the size of PID 1 in memory?
> Not that I really care about 1Mb of RAM, but:
>
> 152K  /lib/x86_64-linux-gnu/libselinux.so.1
> 692K  /lib/x86_64-linux-gnu/libsepol.so.1
> 460K  /lib/x86_64-linux-gnu/libpcre.so.3.13.3

I don't think removing the SELinux dependency from init actually saves
us any RAM. Several other services link to these libraries too, so the
libraries are loaded into RAM anyway and should be shared between the
various services. Unless SELinux is culled from every low-level daemon
that 1MB RAM is still going to be used.

Bug#929380: tmpreaper: /etc/cron.daily/tmpreaper should not expand TMPREAPER_PROTECT_EXTRA shell wildcards

[Benoit Branciard]

Package: tmpreaper
Version: 1.6.13+nmu1+deb9u1+b1
Severity: normal
Tags: d-i patch

Dear Maintainer,

current version od /etc/cron.daily/tmpreaper shell-expands 
TMPREAPER_PROTECT_EXTRA content 
before passing it to /usr/sbin/tmpreaper using "--protect" option.

This may cause some patterns to be ignored by tmpreaper when using *relative* 
paths, 
if they happen to match any file in the current working directory (/root if run 
by cron).

A quick fix would be ton add a "set -o noglob" a the proper place in the script 
(as in suggested patch).

A better way would be to use a shell array to declare TMPREAPER_PROTECT_EXTRA 
items, 
but this beaks compatibility.

Suggested patch:

--- /etc/cron.daily/tmpreaper.orig  2008-05-26 18:39:01.0 +0200
+++ /etc/cron.daily/tmpreaper   2019-05-22 16:17:53.571043378 +0200
@@ -95,6 +95,7 @@
 TMPREAPER_PROTECT_EXTRA=${TMPREAPER_PROTECT_EXTRA:-''}
 TMPREAPER_DIRS=${TMPREAPER_DIRS:-'/tmp/.'}
 
+set -o noglob
 nice -n10 tmpreaper --delay=$TMPREAPER_DELAY --mtime-dir --symlinks 
$TMPREAPER_TIME  \
   $TMPREAPER_ADDITIONALOPTIONS \
   --ctime \


-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-042stab136.1 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages tmpreaper depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  libc6  2.24-11+deb9u4
ii  libmount1  2.29.2-1+deb9u1

tmpreaper recommends no packages.

tmpreaper suggests no packages.

-- Configuration Files:
/etc/tmpreaper.conf changed:
TMPREAPER_PROTECT_EXTRA='/tmp/systemd-private-*/* /var/tmp/systemd-private-*/*'
TMPREAPER_DIRS='/tmp/. /var/tmp/.'
TMPREAPER_DELAY='256'
TMPREAPER_ADDITIONALOPTIONS='--runtime=7200'


-- debconf information:
* tmpreaper/readsecurity_upgrading:
  tmpreaper/readsecurity:
* tmpreaper/TMPREAPER_TIME:
* tmpreaper/confignowexists:

Bug#929379: pcp: libvirt module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The libvirt module is missing.

Seems auto-enabled when Python lxml module is available at build-time.

So please build-depend on python3-lxml.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlYFwACgkQLHwxRsGg
ASFCoA/9HEhsJF+wg6nqCOV0JDBSKFx+VcVA91TA/lYZfuqfbSQVxaxYweczQxwp
6D/GXc+Nxxn4c3b5DvuDiywVl9xPYYAHQ1VIEuveOy6U5MhQjqvBgumN9EYhCwpe
U3J+1Vi3RQcwb9N0vPKMfCd4PDiNkDA/HbWc3GUpG4Ak+CTltOzEWE+U38C1jdjJ
FW0d+o2U3V7NO/NyOXD03bIzJRwbWqnhxhedK825+HULoAh7Ad+PYO6/jl//DTN0
DGtd1DL13RxXltakQV5X7nYt/ie2oFHV2XiKzVcp1knsNHkUtGcu5eG2/kEoqFcd
JT60p787xhtszUTsD+EIsYlI30lwnazndKUz5hj70XzrBC5u7EuCFg45O6CMR8xu
Ez8v36YEVCl28xMpYWFA9JDuVFjGvvY3P1t7N2oCo+OnNLAMBzdEZLN8AgXe4CRZ
VNIpr5AqLcZjcCOR69TCb86bU3vB4Niidxni6PsxKRpX8H4xzAF+pjD+0VoKmtrK
fphB/yMjTb1r1DJPZ3m1QNLHS6jT0O2PtJGmlgsX15mwhy3rqcLSMTc3cdiEEzxx
HUxglEGjumDGbDnZNT5u6LOu86OdwrRproLcWy+HkOQVLdl7EbB2LaNAMmlRMnAS
NnvImSro0yfNMD1kFNebf0BCXqVLju9LntlYcecmfXKDiL7/eLo=
=Y9Bd
-END PGP SIGNATURE-

Bug#929378: pcp: LIO module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The LIO module is missing.

Seems auto-enabled when Python module rtslib is available at build-time.

So please build-depend on python3-rtslib-fb

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlX+gACgkQLHwxRsGg
ASEhLBAAkVputGxgoJNU2Dk15guRE4HT+iZuFB9dhXnxHb/hBbKCZLKNeH7+hhkr
GA9m+VeivcA/5I8Q/iCaW0Zw6H4H6Dtzf+O8bsJ7TBEL3uDP7DVr1t9Al7eyPWaD
DbLSSoqEjZBLWBTjQeuuyaW9ry65xsnf7KMArX+Flxb0XubLfVoBCnsnFUTl0C1T
+b+P356iFGvqz5IBqM1HE3Emq35v2cUnO1fgMZOPj79LhDzSyRpcZOoKH4xgoe2Z
XiVbzmPpzeUl0nmammX6grgLQltZWC6C/DxoV51DmLMcqOY6fxytlqkEL+pGxdyW
Nuji7sqBk4TTgi69SeqFSo+Hs7csgKxG2wHECaIIgCIVZRc8+iK5wAbU+fNcOa3E
nEXGv298u6s5xW9w4RGgT9xQ1TdBoj8JahP68iStL3JhbWhEZoUucY/hN1Pa/F2N
ZTX6XDACJT907HP1LwcqD3VkldVvx5Op8GguHKCD/YrqM6csY6AORQAHE1QshXZQ
N1hhf2ojC92P2Mxx3Kytiuq9qCztaAZSpwZi3YQRXHL4+AbWdtTcVyRz657Jo8c2
5g1a1U72/QuFSppY48yxg9SZ2pM6IfzkIds3p0V4tIHa5YjcDaF92O+SmQ1oIYfT
OuB1d2XgIhyhefzXnX8rJVpTVpHCqp0zT3j20wP9hYRwbMUxE5k=
=KwN/
-END PGP SIGNATURE-

Bug#929377: pcp: nutcracker module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The nutcracker module is missing.

Seems to need Perl module YAML::XS installed at build-time.

So please build-depend on libyaml-libyaml-perl.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlXzgACgkQLHwxRsGg
ASFk0w/+JtCY58v6/LnvRbCyaRjCAA+9s9f2xDKHstSR0fzrMsnie9ImnU4W1IHS
77MujIOQGSnBg3lXenLct6X7RwkBLLtVB+ZQn4ZFvtInymaxm3bNa398k3YgzSVE
oeLhCa1EiSuyPO4GuIUgoAwWQeY3u7Qric5mij2YxGOvKsPI+SHpCmzNut/bHDx8
iIXcvLy/fLmZw1hJLZpUTHtARgcrpRy/GCe3Y+JiX9kZp8YSWLdgZyk/OwxyRTHj
YXcU22JClgK3zAS7wsh30ZijuI1sI4RbdFJByqeZNbdDIyA45WEgghMYKdOHm4wt
JvNiXpxRQ7pOrjN4MgdULLcutR17ZdOHOuhP3PJPcpEbPDhupip448sDDvk7Hhm5
HVQjkY+ig4zvxANql8lNpUZ6317CyIxljZG7J9sJHaB2o6gqe4I9h9sN0gVhUOd+
sVZ7ZfMHlCpCOgah9G+g9kIKb8mJWg9Zuv2wLlMYk5wuuDt+IIIGeyJTWxCrim+u
aGxugF7s0T+1ZZftj3+7ANxkIKUy9D3fwpav6Ll3PQG2Au7Y1HvRt3kNIbQ8HyWH
XuhC1OjwAvMtcwtiIOpJL7W/l+OeHR0tTs+TMAdfCFnRUDY2OMb+uUKx++Bh7LxW
BZB18i2rJBRH/wFpDJDsrPf4WCyMx1EABivpFHvPYu3ieFZa/FI=
=j9S0
-END PGP SIGNATURE-

Bug#929376: pcp: bind2 module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The bind2 module is missing.

Seems to be auto-enabled if a few Perl libraries are available at build-time.

Please build-depend on libfile-slurp-perl and libxml-libxml-perl.

Probably need to have pcp depend on same packages as well.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlXhsACgkQLHwxRsGg
ASFyYBAAkzgiQf2iZbU7JRPQ0SqDVB1HxN4Odsyt6U/hcpEblLndQXHDM73Hpkux
+208spUNPk5kAvfiG0H6BmmiPtrWu/uaFwADFZiihNkt94DC1A+cCTJpVLp1+IuE
bar4/yT2IdhGtvjsT/XdpeEtSOzJ4tHpaN9ncUS8oSboIa9LwauzkYNKwJ9qmfIi
OvenQOC3YPcthNlAoiOG88VTIsSCIoRaDyOhsQHXCGZxjNF50Ad1mpHXJk+yr3BY
5fNAanMt5nclIiHV3+GVQzCjgK8gmy6I+pxVCao2UkDiOLoxC3gmx291zY6FUl6P
RNe19izjFx/kEnqRvPIBW6r7pqNTz9vrpyKSLnR+dVduGD5sQPNW0IyQK3WWeb9H
iVgCT3hmDydOkRGWOn5TSM1zzLMNlkBtVpYOjdYJpYVczok2vrOgbJZDai3P/8Yv
gK1qH3wpxyejo/cWEndmBB9nuCUHrsmb2sCbCbiKo3wC5OBk2x/i6Gt2tmNPJqoF
YUX83jJjVuOS2+iSNrFJiHYGIMCE5huo/RHw3UiarWILhKQxtq2zH+hyasA3bra+
qiIxCCYlcMs37NdE9JRTEdUKJWZyRGHXqbybS/c6njOYhiDAQ2otBCnGPKcqgdsI
KbHCE1/TVXP0vY0Tx6kJzO8ubRyC5G2hNxYhxtWzqmuMkdytwQE=
=xC+T
-END PGP SIGNATURE-

Bug#928164: backports work

[Thijs Kinkhorst]

Hi Frederic,

>> I would have been OK to have 2.6.0 of liblasso3 in stretch backports,
>> and I was in the believe that I had installed it. But when checking,
>> I'm still running 2.5.0-5+b1. Spooky

> I'll see about uploading 2.6.0 to backports.

That would be great. I have a backport of libapache2-mod-auth-mellon in
stretch, to allow to use SHA256 with mellon. But the signatures fail
because of https://dev.entrouvert.org/issues/10019

That is fixed in lasso 2.5.1. So having a lasso >= 2.5.1 in backports
would really help us aswell.

I can help out with the backport work if needed.


Thanks,
Thijs



signature.asc
Description: OpenPGP digital signature

Bug#929271: backports customizations are not enabled for live-build

[PICCORO McKAY Lenz]

A SPECIAL NOTE ABOUT THIS:

El mié., 22 de may. de 2019 a la(s) 06:18, Roland Clobus
(rclo...@rclobus.nl) escribió:
> Issue 2: Building a live image for jessie
> Jessie is now oldstable, and will soon (TM) be oldoldstable. Unless you
> have a compelling reason to use jessie, I would suggest to pick stretch
> or perhaps even buster.
NONE OF THOSE WILL WORK WITH MY CAPTURE CARDS FRAMEGRABBER (that the
driver was removed somehwere in 4.X)
NONE OF THOSE NOW WORK IN MY Pentium II 550MHZ used to play NES and DOS games
NONE OF THOSE NOW WORK "enoucht decent" in my older machiens and i
have a lot of thems

before you says "buy newer" i remenber here that not all the countries
have lot of money to buy machines so easyle!


>
> Note: lb config --distribution stretch works fine
> Note: lb config --distribution buster works fine too
>
> Issue 3: Unrecognized command line option
>
> As noted in my first response to this bug report, I will update the
> manual to match the current code. The time I spent on writing this mail
> has provided me with lots of information on how to update the manual to
> match the current implementation of the live-image building tools.
>
> Issue 4: the program gives options to alter all sources of packages
> except the "backports"
>
> > [snip] the
> > program gives options to alter all sources of packages except the
> > "backports"... because you can alter all and not that?
>
> I think I answered this question with the test for backports as
> mentioned with issue 1. Support for backports is not in the basic
> configuration of 'lb config', you need to explicitly add support for
> that repository, and you can use the configuration files for that.
>
> > I don't think that the excuse of "all are always in the same source" is
> > valid, because according to the installation images as well as the
> > backports images are not always coordinated between all the mirrors
> > origins according to the debian notes.
>
> I am not aware of these notes, on which URL can I find them?
> It can be that local mirror will not be synced yet or only a partial
> mirror, but you can always add an additional repository.
>
> > In addition, not all the countries have excelent internet providers and
> > the net service are expensive in some cases..
>
> For that, you can use something like apt-cacher-ng during the
> construction of the live image.
>
> Summmary: from my personal point of view, only issue 3 remains.
>
> With kind regards,
> Roland Clobus
>
> [1] https://lists.debian.org/debian-devel-announce/2019/03/msg6.html
> [2] https://backports.debian.org/Instructions/
> [3] https://wiki.debian.org/DebianGeoMirror
> [4]
> https://salsa.debian.org/live-team/live-build/commit/dd15ade8bbdc6360816ed858253e7aaa68e4c9c2
> [5]
> https://salsa.debian.org/live-team/live-build/commit/68700f466c142082e7423282ca4caaf7552bf8e9
> [6]
> https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html#379
> [7] http://ftp.debian.org/debian/dists/jessie-updates/
>

Bug#929373: a python-FOO-doc package should suggest/recommend python3-FOO instead of python-FOO

[Chris Lamb]

severity 929373 wishlist
thanks

Matthias Klose wrote:

> Seen when trying to remove Python2 dependencies. A lot of -doc packages
> recommend/suggest the Python2 package, not the Python3 one.

Getcha, assuming that python3-foo exists.
 
> Additionally, I'm not sure if a recommends is really appropriate.

That… would be a different bug/request/conversation altogether. :)


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#929374: unblock: debian-security-support/2019.05.22

[Holger Levsen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-security-support, the trivial debdiff is
inline below. This change is only useful to have in Buster, so that we
can have this version (modulo ~deb9u1) in Stretch without breaking the
archive constraints.

(
 If you think this is non-sense/sub-optimal, please tell me a better
 plan. I'm not fully convinced this is sensible though I do think we
 should inform Stretch users about ended security support. OTOH cherry
 picking commits seems more work than this, and having the version in
 sync in the different suites also seems useful to me.
)

unblock debian-security-support/2019.05.22

$ debdiff debian-security-support_2019.05.14.dsc 
debian-security-support_2019.05.22.dsc
diff -Nru debian-security-support-2019.05.14/check-support-status.hook 
debian-security-support-2019.05.22/check-support-status.hook
--- debian-security-support-2019.05.14/check-support-status.hook
2019-05-14 11:36:45.0 +0200
+++ debian-security-support-2019.05.22/check-support-status.hook
2019-05-14 14:09:54.0 +0200
@@ -3,9 +3,7 @@
 #%# Copyright (C) 2014-2017 Christoph Biedl 
 #%# License: GPL-2.0-only
 
-# This codes duplicates "postinst configure"
-# 20190514: but why? and why all of it, eg the user creation?
-# FIXME: we should drop this after the Buster release, this is tracked as 
#928968.
+# This codes duplicates "postinst configure", see #928968 why this has to be 
done...
 
 set -e
 
diff -Nru debian-security-support-2019.05.14/debian/changelog 
debian-security-support-2019.05.22/debian/changelog
--- debian-security-support-2019.05.14/debian/changelog 2019-05-14 
11:48:37.0 +0200
+++ debian-security-support-2019.05.22/debian/changelog 2019-05-22 
14:49:10.0 +0200
@@ -1,3 +1,13 @@
+debian-security-support (2019.05.22) unstable; urgency=medium
+
+  * Mark jasperreports as end-of-life in Stretch as well. Closes: #884907.
+  * Explain in comments to check-support-status.hook and postinst that code
+needs to be present in both files as the hook could be run before
+postinst. #928968 has a longer explanation why and is used for tracking
+that this will be properly fixed eventually.
+
+ -- Holger Levsen   Wed, 22 May 2019 14:49:10 +0200
+
 debian-security-support (2019.05.14) unstable; urgency=medium
 
   * check-support-status.in: don't fail if security-support-ended.debX does
diff -Nru 
debian-security-support-2019.05.14/debian/debian-security-support.postinst 
debian-security-support-2019.05.22/debian/debian-security-support.postinst
--- debian-security-support-2019.05.14/debian/debian-security-support.postinst  
2019-05-14 11:16:42.0 +0200
+++ debian-security-support-2019.05.22/debian/debian-security-support.postinst  
2019-05-14 14:11:57.0 +0200
@@ -7,6 +7,13 @@
 USERNAME=debian-security-support
 LIB_DIR="/var/lib/$USERNAME"
 
+##
+##
+# WARNING: if you modify code here, you probably also need to modify #
+#  ../check-support-status.hook  #
+##
+##
+
 case "$1" in
 configure)
 # assert user
diff -Nru debian-security-support-2019.05.14/security-support-ended.deb9 
debian-security-support-2019.05.22/security-support-ended.deb9
--- debian-security-support-2019.05.14/security-support-ended.deb9  
2018-03-16 15:39:59.0 +0100
+++ debian-security-support-2019.05.22/security-support-ended.deb9  
2019-05-22 14:06:16.0 +0200
@@ -11,3 +11,4 @@
 #In the program's output, this is prefixed with "Details:"
 
 tomcat6  6.0.45+dfsg-1   2016-12-31  
https://lists.debian.org/debian-java/2016/01/msg00069.html
+jasperreports4.1.3+dfsg-32017-12-09  
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880467#10


Thanks.

-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Some people say that the climate crisis  is something that we all have created,
but  that is not true,  because if everyone is guilty  then no one is to blame.
And someone is to blame.  Some people, some companies,  some decision-makers in
particular, have known exactly what priceless values they have been sacrificing
to continue making unimaginable amounts of money.


signature.asc
Description: PGP signature

Bug#929375: ITP: jarchivelib -- simple archiving and compression library for Java

[merkys]

Package: wnpp
Owner: Andrius Merkys 
Severity: wishlist

* Package name    : jarchivelib
  Version : 1.0.0
  Upstream Author : Thomas Rausch
* URL : https://rauschig.org/jarchivelib/
* License : Apache-2.0
  Programming Lang: Java
  Description : simple archiving and compression library for Java
 A simple archiving and compression library for Java that provides a
thin and
 easy-to-use API layer on top of the powerful and feature-rich
 org.apache.commons.compress.

Remark: This package is to be maintained with Debian Java Maintainers at
   https://salsa.debian.org/java-team/jarchivelib

This package is required by deepboof, which I intend to package.

-- 
Andrius Merkys
Vilnius University Institute of Biotechnology, Saulėtekio al. 7, room V325
LT-10257 Vilnius, Lithuania

Bug#929373: a python-FOO-doc package should suggest/recommend python3-FOO instead of python-FOO

[Matthias Klose]

Package: lintian

Seen when trying to remove Python2 dependencies. A lot of -doc packages
recommend/suggest the Python2 package, not the Python3 one.

Additionally, I'm not sure if a recommends is really appropriate.

Bug#929372: pcp: systemd module missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

systemd module is missing.

Seems it is auto-enabled when libsystemd-dev is available at build-time.

Please build-depend on libsystemd-dev


 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlVVwACgkQLHwxRsGg
ASEjFQ/6Ak8oh0Us7xfC0tdrO+PG3ucJ2l0mw/qQ2usEvsM9K7BrfcSciH1D3nZR
dVMW1UPahed0jdA8OqaQw+5ae2/xUZlvSh30fAIA4bhsgI3MRuMzNyGT/22e14g5
xi0yliIwSFy5igKwuDzhKzNkWjpGCkcNvedCZH/3IIbva+cXmFhC/2pjF7kRwc7A
Wi5s3uYa9l6Q7/i59mUDckUq4/1SMl9Euc1PzNacoJeTjQ8p5VhscWv8z72vf19f
6r8mp8DR84NSm4HXd+NP9emEUA/CscFoUH6yRtyc3cwrLhxyMdco5mQn7PtLsn7D
7ebJ/N/xnzEBlQjqyDY/nT05zlyN8bD9iClpLKYp3KBTWp/zYM2/cmYcbaFgI3Mc
q3zqqV+CXB1WCOYCPtO96wleWnc/18jl5s5LshRTs478/o+6geC96KaqeubT9qdp
z/SS+tWfy7nY6Fq8vWlSbasNFi4jFcvaXwVJa2LV5N9lo/HsnoTGLo0BHyM8uRSh
uX+TmCGBHTSOeuhlAUF7XkN2Byip5CFqVmeOyXsrZGUrYmiliEPPqy+4BC99RswN
Xa2/StumF0/zDEEAkIVQnQrNUj1kRffQSqh+FZiiFp5+n1tLEJMqL8POS+6wZG+5
qsl04/NFrPiVf9q1GuaEa0nO8qPRXRzKAHaFaxJ6OwL78BLs4yY=
=Doh/
-END PGP SIGNATURE-

Bug#929371: pcp: bcc module is missing

[Jonas Smedegaard]

Package: pcp
Version: 4.3.2-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The bcc module is missing.

Seems it simply needs Python BCC library available at build time.

Please build-depend on python3-bpfcc


 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlzlU8UACgkQLHwxRsGg
ASG1kQ/+NxaxbEZN1K4VygWN0bnt3Ko37RvHztPeUEf3UaGe9JPdlZcdMQAKWjer
DZvqkxv2ArLkZnIalN6uPHrFvwrm4lTzJ9olHnuMPwzjFVz6Aw2Bs73yCX8b7xmJ
0TurpW+i5wcdS02YqM1cYR0WCp8uyL2oBVU8NjZLWFRsi0dcV/pY7f2Knlri7PgA
Ear5VQK0A0nNSX9PkS117AB4PIJ1XZ/4Qh3+xzfsV6h3suYM+965Yz8/Tok7dB3B
O0OTHlcyYdQMTHWPSV3TEu8NK3uO7lWNNUeJTzMRSxt/L5NADYlN3p/61vLO4jAl
0luWSR/p/+4+QR38wAvG74C6MEzHh9G9hM3tkXHNAan+YRwE/WUd1iZZpWnLsTut
u8TJLz4C/GCg3PiTC+52y8MbmnWrI1HmmrWIO/M29Tql2fweq5Czkw+eQFUj6ACP
DDOcMmjYA9whLWWh3U2/mkPSga+sWLEb+NcWuZ7tDgOlNEaXs4hSdX7KZAU84oDd
aSwL/OZgNdyk8ZvPcHKfxSHfZQJazipN6kM8GT6tlbNJAWfUJAdVh8klv/mr3fdz
TxpjfehUI5/OSNwe9akGElVWzmdVO+ihDnnEUR2nMklWrSq7DWRpTsEdqJjLW1TB
9t+3fjO3unhXvP0NCULnuJXgZo4kIM/HC/gH/0w6YaO+Om6oISI=
=lgs4
-END PGP SIGNATURE-

Bug#929370: unblock: lprng/3.8.B-2.2

[Sam Hartman]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package lprng

Lprng didn't run with buster dpkg because start-stop-daemon --stop got
more careful about ownership of pid files.  It also didn't really work
with systemd because systemctl start lprng failed if lpd was already
running.

Uploaded to unstable just now so probably not dinstalled.




unblock lprng/3.8.B-2.2

diff --git a/debian/changelog b/debian/changelog
index 9849a12..2854c8e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+lprng (3.8.B-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Specify executable and user to stop-start-daemon; closes security
+issue and fixes starting  with buster dpkg, Closes: #928040
+  * Use --oknodo on start so that systemd doesn't fail if lprng is already
+running, Closes: #908770
+
+ -- Sam Hartman   Wed, 22 May 2019 09:18:03 -0400
+
 lprng (3.8.B-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --git a/debian/lprng.init.in b/debian/lprng.init.in
index b4df6b7..97edabd 100644
--- a/debian/lprng.init.in
+++ b/debian/lprng.init.in
@@ -97,7 +97,7 @@ case "$1" in
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" lpd
initialise
if start-stop-daemon --start --quiet --pidfile "${PIDFILE}" \
-   --exec $DAEMON ; then
+   --oknodo --exec $DAEMON ; then
[ "$VERBOSE" != no ] && log_end_msg 0
else
[ "$VERBOSE" != no ] && log_end_msg 1
@@ -106,7 +106,8 @@ case "$1" in
;;
   stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" lpd
-   if start-stop-daemon --stop --oknodo --quiet --pidfile "${PIDFILE}" ; 
then
+   if start-stop-daemon --stop --oknodo --quiet --pidfile "${PIDFILE}" \
+   --exec $DAEMON --user daemon ; then
cleanup
[ "$VERBOSE" != no ] && log_end_msg 0
else
@@ -129,7 +130,8 @@ case "$1" in
;;
   restart|force-reload)
[ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" lpd
-   start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" 
+   start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" \
+   --exec $DAEMON --user daemon
sleep 1
initialise
start-stop-daemon --start --quiet --pidfile "${PIDFILE}" \

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (500, 'stable'), (200, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled