Bug#930406: [lyx] lyx crashes on file dialog

[Tomasz Wartalski]

Package: lyx
Version: 2.3.2-1
Severity: normal

--- Please enter the report below this line. ---

Dear maintainer,

* What led up to the situation?

Opening lyx and trying to choose a file, e.g. a template.

* What exactly did you do (or not do) that was effective (or ineffective)?
Opening a template file (e.g. in German: Datei -> Neu von Vorlage ->
choosing a template, eg. docbook article -> crash)

* What was the outcome of this action?
lyx crashes

* What outcome did you expect instead?
lyx should open a (template) file

The same happens if i try to reconfigure lyx (in german: Werkzeuge ->
Neu konfigurieren). The problem is reproducible as it happens every time
i try to do one of the above. I´m using KDE at a recent debian testing.

A backtrace is attached below.

Sincerely yours,

Tomasz


(gdb) run
Starting program: /usr/bin/lyx
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x71e44700 (LWP 9386)]
[New Thread 0x7fffea724700 (LWP 9387)]
[New Thread 0x7fffe88d7700 (LWP 9389)]
[New Thread 0x7fffdf6e1700 (LWP 9390)]

Thread 1 "lyx" received signal SIGSEGV, Segmentation fault.
0x76aaa1ce in QMetaObject::activate(QObject*, int, int, void**)
() from /lib/x86_64-linux-gnu/libQt5Core.so.5
(gdb) bt
#0  0x76aaa1ce in QMetaObject::activate(QObject*, int, int,
void**) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#1  0x55bd044f in ?? ()
#2  0x76aaa906 in QMetaObject::activate(QObject*, int, int,
void**) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#3  0x773f5f02 in QAction::triggered(bool) () from
/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#4  0x773f8510 in QAction::activate(QAction::ActionEvent) ()
from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#5  0x76aab182 in QObject::event(QEvent*) () from
/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x773f8d92 in QAction::event(QEvent*) () from
/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#7  0x773fc4b1 in QApplicationPrivate::notify_helper(QObject*,
QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#8  0x77403950 in QApplication::notify(QObject*, QEvent*) ()
from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#9  0x55b57e5a in ?? ()
#10 0x76a815a9 in QCoreApplication::notifyInternal2(QObject*,
QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#11 0x76a8459b in
QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*)
() from /lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x76ad3233 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x76235f2e in g_main_context_dispatch () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x762361c8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x7623625c in g_main_context_iteration () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x76ad2863 in
QEventDispatcherGlib::processEvents(QFlags)
() from /lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x731d23e1 in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#18 0x76a8027b in
QEventLoop::exec(QFlags) () from
/lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x76a88262 in QCoreApplication::exec() () from
/lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x5586fbb5 in ?? ()
#21 0x5572c696 in ?? ()
#22 0x7635709b in __libc_start_main () from
/lib/x86_64-linux-gnu/libc.so.6
#23 0x557371da in ?? ()


ldd /usr/bin/lyx
linux-vdso.so.1 (0x7ffdc5ba3000)
libgtk3-nocsd.so.0 => /lib/x86_64-linux-gnu/libgtk3-nocsd.so.0
(0x7f32c3f8f000)
libmythes-1.2.so.0 => /lib/x86_64-linux-gnu/libmythes-1.2.so.0
(0x7f32c3d8b000)
libenchant.so.1 => /lib/x86_64-linux-gnu/libenchant.so.1
(0x7f32c3d7d000)
libmagic.so.1 => /lib/x86_64-linux-gnu/libmagic.so.1
(0x7f32c3d56000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7f32c3b38000)
libQt5Svg.so.5 => /lib/x86_64-linux-gnu/libQt5Svg.so.5
(0x7f32c3ae2000)
libQt5Widgets.so.5 => /lib/x86_64-linux-gnu/libQt5Widgets.so.5
(0x7f32c3489000)
libQt5Gui.so.5 => /lib/x86_64-linux-gnu/libQt5Gui.so.5
(0x7f32c2efe000)
libQt5Core.so.5 => /lib/x86_64-linux-gnu/libQt5Core.so.5
(0x7f32c2a03000)
libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6
(0x7f32c287f000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f32c26fc000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1
(0x7f32c26e2000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f32c251f000)
/lib64/ld-linux-x86-64.so.2 (0x7f32c50cc000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f32c251a000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x7f32c24f9000)
libgmodule-2.0.so.0 => /lib/x86_64-linux-gnu/libgmodule-2.0.so.0
(0x7f32c24f3000)
libglib-2.0.so.0 => /lib/x86_64-linux-gnu/libglib-2.0.so.0
(0x7f32c23d

Bug#930264: (no subject)

[Aleksander Morgado]

I am not yet sure what to do with this issue.

The Arduino is saying that it has an AT-capable ttyACM port, so ModemManager 
tries to use the port. I'd like to improve the heuristics to detect this 
without falling back to the blacklist, but not sure yet how to reliable do 
that. Ideally, the Arduino shouldn't say that its ttyACM is AT-capable...

Any suggestion on how to improve the heuristics, without falling back to the 
blacklist, would be appreciated. Maybe we should no longer try to use devices 
that expose one single ttyACM port even if the ports are reported as AT-capable?

Bug#930405: xorg-server-source contains nested tarballs

[Mike Gabriel]

Package: xorg-server-source
Version: 2:1.20.4-1
Severity: normal

The xorg-server-source bin:pkg contains a tarball with the current  
xorg sources. The current version of this tarball contains a folder  
named build-source/ and in there I see a tarball named  
xorg-server.tar.xz. This tarball is half-ready packed.


It seems that at build that xorg-source.tar.xz tarball gets packed in  
the location that actually just gets tarred up and then the  
half-way-through packed tarball ends up "in itself".


```
xorg-server/COPYING
xorg-server/ChangeLog
xorg-server/INSTALL
xorg-server/Makefile.am
xorg-server/Makefile.in
xorg-server/README
xorg-server/Xext/
xorg-server/Xext/geext.h
xorg-server/Xext/xf86bigfont.c
xorg-server/Xext/dpmsproc.h
xorg-server/Xext/xselinux_label.c
xorg-server/Xext/shmint.h
xorg-server/Xext/xvmain.c
xorg-server/Xext/xcmisc.c
xorg-server/Xext/xtest.c
xorg-server/Xext/xvdisp.h
xorg-server/Xext/hashtable.h
xorg-server/Xext/sleepuntil.h
xorg-server/Xext/Makefile.in
xorg-server/Xext/xvmcext.h
xorg-server/Xext/xacestr.h
xorg-server/Xext/panoramiX.c
xorg-server/Xext/syncsdk.h
xorg-server/Xext/xselinuxint.h
xorg-server/Xext/panoramiX.h
xorg-server/Xext/meson.build
xorg-server/Xext/Makefile.am
xorg-server/Xext/xselinux.h
xorg-server/Xext/sleepuntil.c
xorg-server/Xext/dpms.c
xorg-server/Xext/geext.c
xorg-server/Xext/security.c
xorg-server/Xext/xf86bigfontsrv.h
xorg-server/Xext/panoramiXsrv.h
xorg-server/Xext/xvdix.h
xorg-server/Xext/xselinux_hooks.c
xorg-server/Xext/geint.h
xorg-server/Xext/xselinux_ext.c
xorg-server/Xext/shm.c
xorg-server/Xext/vidmode.c
xorg-server/Xext/hashtable.c
xorg-server/Xext/panoramiXprocs.c
xorg-server/Xext/xvmc.c
xorg-server/Xext/syncsrv.h
xorg-server/Xext/shape.c
xorg-server/Xext/panoramiXSwap.c
xorg-server/Xext/saver.c
xorg-server/Xext/xace.h
xorg-server/Xext/bigreq.c
xorg-server/Xext/xvdisp.c
xorg-server/Xext/xres.c
xorg-server/Xext/sync.c
xorg-server/Xext/panoramiXh.h
xorg-server/Xext/securitysrv.h
xorg-server/Xext/xace.c
xorg-server/Xi/
xorg-server/Xi/ungrdev.c
xorg-server/Xi/setfocus.c
xorg-server/Xi/getvers.h
xorg-server/Xi/xiquerypointer.c
xorg-server/Xi/gtmotion.h
xorg-server/Xi/setdval.h
xorg-server/Xi/getselev.c
xorg-server/Xi/grabdev.h
xorg-server/Xi/getselev.h
xorg-server/Xi/sendexev.h
xorg-server/Xi/xiqueryversion.c
xorg-server/Xi/chgkmap.h
xorg-server/Xi/allowev.h
xorg-server/Xi/setmmap.h
xorg-server/Xi/getvers.c
xorg-server/Xi/opendev.h
xorg-server/Xi/setmode.c
xorg-server/Xi/chgfctl.c
xorg-server/Xi/ungrdevb.h
xorg-server/Xi/chgptr.h
xorg-server/Xi/setbmap.h
xorg-server/Xi/getbmap.c
xorg-server/Xi/xisetdevfocus.c
xorg-server/Xi/listdev.h
xorg-server/Xi/xiquerypointer.h
xorg-server/Xi/xisetdevfocus.h
xorg-server/Xi/exevents.c
xz: (stdin): Unexpected end of input
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
```

The solution probably is to roll the xorg-server.tar.xz tarball  
outside of the source tree.


I stumbled over this while packaging x2gokdrive, a new, Xephyr-based,  
DDX for X2Go.


Greets,
Mike

--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpQ1ibCeFGkT.pgp
Description: Digitale PGP-Signatur

Bug#930219: ITP: node-dagre-layout - should other dagre users switch?

[Pirate Praveen]

On Sun, 9 Jun 2019 17:43:10 +0100 "Rebecca N. Palmer"  
wrote:
> Changes from dagre to this fork are summarized at [0]. It looks like 
> Gitlab use this fork because Mermaid does [1] and the fork author is a 
> major Mermaid contributor [2].
> 
> A few packages currently use the original dagre(-d3), but none run its 
> full build process:
> 
> firefox/firefox-esr/thunderbird - embed already concatenated but 
> non-minified source devtools/client/shared/vendor/dagre-d3.js
> snakemake - snakemake/gui.html loads dagre-d3 from upstream website
> theano - starts from the full source, but doesn't use its build script: 
> runs browserify-lite + uglifyjs directly from d/rules
> 
> ssreflect used to embed dagre, but stopped doing so without apparent 
> replacement, possibly (I haven't checked) disabling the documentation 
> graph that uses it.
> 
> I previously [3] raised the question of whether dagre-* should be 
> packaged separately rather than embedded, without reply. I don't know 
> whether it would be practical or desirable for the above packages to 
> switch to this fork.

It seems dfsg requirement to build from source is applied only selectively.

If they decided to switch, I could drop the dependency on nodejs and provide 
libjs-dagre-* packages with bundled files in /usr/share/javascript. Please open 
a wish list bug in that case.

Related: #921628

> [0] 
> https://github.com/tylingsoft/dagre-layout#changes-compared-to-dagrejsdagre
> [1] 
> https://gitlab.com/gitlab-org/gitlab-ce/commit/131e74d10dafbf2b781ab5d5517e42a18e20a587
> [2] 
> https://github.com/knsv/mermaid/commit/7b935823da2058243dfc32f7c2a533ae233a9d1e#diff-8ee2343978836a779dc9f8d6b794c3b2
> [3] 
> https://alioth-lists-archive.debian.net/pipermail/pkg-mozilla-maintainers/2017-September/029645.html
> 
> 
> 

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Bug#928185: unblock: openjdk-11/11.0.3+7-4

[tony mancill]

On Wed, Jun 12, 2019 at 12:37:11AM +0200, Moritz Mühlenhoff wrote:
> On Mon, Jun 10, 2019 at 09:46:41PM -0700, tony mancill wrote:
> > I am not a member of the OpenJDK team and contributed far less to the
> > JDK 8 -> 11 transition than Emmanuel has.  If he and Matthias are in
> > agreement and the plan is palatable to the Release and Security Teams,
> > that's ideal.
> 
> I don't have any preference either, just adding my 2 cents here; with
> our buster release set to 6th of July and the next Oracle CPU set for
> July 16, we'll ship a non-GA release of Java for maybe two, at most three
> weeks (as buster-security will rebase to the next openjdk-11 following
> the CPU). I'm also fairly sure we've shipped non-GA releases for openjdk-8
> before?
> 
> In any case, whether we go with t-p-u or unblocking the sid version,
> we should fix a solution before the release and not ship buster with
> the unfixed issues from the April CPU :-)

Regarding t-p-u and/or unstable, a source package and build of
11.0.4+4+really11.0.3+7 can be found here:

  https://people.debian.org/~tmancill/openjdk-11/

The interdiff [1] between this build and the 11.0.3+7-5 discussed
previously in this thread and this build is small (as would be
expected).  The debdiff [2] against 11.0.4+4-1 is (predictably) huge, as
it reverts all of the 11.0.4 development.  The packaging changes against
unstable are also attached.

I have done some basic smoke-testing of the 11.0.4+4+really11.0.3+7
packages - e.g. running zookeeper and building a few packages that
depend on the JDK.  The version reported by JVM is:

> $ java -version
> openjdk version "11.0.3" 2019-04-16
> OpenJDK Runtime Environment (build 11.0.3+7-post-Debian-1)
> OpenJDK 64-Bit Server VM (build 11.0.3+7-post-Debian-1, mixed mode, sharing)

Note that the date reported is part of JDK.  Even the current version in
buster, which was uploaded in February, reports the future "GA" date:

> $ java -version
> openjdk version "11.0.3" 2019-04-16
> OpenJDK Runtime Environment (build 11.0.3+1-Debian-1)
> OpenJDK 64-Bit Server VM (build 11.0.3+1-Debian-1, mixed mode, sharing)

Decision time... :)

Thanks,
tony

[1] 
https://people.debian.org/~tmancill/openjdk-11/interdiff_buster_11.0.3+7+5_vs_11.0.4+4+really11.0.3+7-1.diff
[2] 
https://people.debian.org/~tmancill/openjdk-11/11.0.4+4-1.dsc_vs_11.0.4+4+really11.0.3+7-1.dsc.debdiff
diff --git a/debian/changelog b/debian/changelog
index af1e3ee8a..eeba772dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+openjdk-11 (11.0.4+4+really11.0.3+7-1) unstable; urgency=medium
+
+  * Team upload.
+  * Revert upstream sources to GA release 11.0.3+7.
+  * Disable workaround_expand_exec_shield_cs_limit.diff and
+hotspot-disable-exec-shield-workaround.diff patches
+  * No longer try to install jspawnhelper.
+
+ -- tony mancill   Mon, 10 Jun 2019 19:16:00 -0700
+
 openjdk-11 (11.0.4+4-1) unstable; urgency=medium
 
   * OpenJDK 11.0.4+4 build (early access).
diff --git a/debian/patches/series b/debian/patches/series
index 8d10621eb..d057ce0af 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,7 +6,7 @@ icedtea-override-redirect-compiz.diff
 libpcsclite-dlopen.diff
 jexec.diff
 default-jvm-cfg.diff
-workaround_expand_exec_shield_cs_limit.diff
+#workaround_expand_exec_shield_cs_limit.diff
 adlc-parser.diff
 multiple-pkcs11-library-init.diff
 s390x-thread-stack-size.diff
@@ -20,7 +20,7 @@ machine-flag.diff
 zero-x32.diff
 mips-sigset.diff
 # s390x-zEC12.diff
-hotspot-disable-exec-shield-workaround.diff
+#hotspot-disable-exec-shield-workaround.diff
 atk-wrapper-security.diff
 # java-access-bridge-security.diff
 # jdk-pulseaudio.diff
diff --git a/debian/rules b/debian/rules
index 0a12fba23..3ee4fc237 100755
--- a/debian/rules
+++ b/debian/rules
@@ -91,7 +91,9 @@ else
 endif
 jvmver		= 1.11.0
 shortver	= 11
-v_upstream	:= $(shell echo $(PKGVERSION) | sed 's/-[^-][^-]*$$//')
+#v_upstream	:= $(shell echo $(PKGVERSION) | sed 's/-[^-][^-]*$$//')
+#v_pkgrel	:= $(shell echo $(PKGVERSION) | sed 's/^.*-//')
+v_upstream	:= 11.0.3+7
 v_pkgrel	:= $(shell echo $(PKGVERSION) | sed 's/^.*-//')
 # FIXME. currently v_upstream like 11~4
 v_upbase	:= $(word 1, $(subst +, , $(v_upstream)))
@@ -100,9 +102,9 @@ v_upbuild	:= $(word 2, $(subst +, , $(v_upstream)))
 #v_upbuild	:= $(word 2, $(subst ~, , $(v_upstream)))
 # that should be the package version ...
 
-ifneq ($(PKGVERSION),$(v_upbase)+$(v_upbuild)-$(v_pkgrel))
-  $(error wrong version: $(v_upbase)+$(v_upbuild)-$(v_pkgrel) should be: $(PKGVERSION))
-endif
+#ifneq ($(PKGVERSION),$(v_upbase)+$(v_upbuild)-$(v_pkgrel))
+#  $(error wrong version: $(v_upbase)+$(v_upbuild)-$(v_pkgrel) should be: $(PKGVERSION))
+#endif
 #ifneq ($(PKGVERSION),$(v_upbase)~$(v_upbuild)-$(v_pkgrel))
 #  $(error wrong version: $(v_upbase)~$(v_upbuild)-$(v_pkgrel) should be: $(PKGVERSION))
 #endif
@@ -1201,7 +1203,6 @@ endif
 	  echo '$(basedir)/lib/jli/libjli.so'; \
 	  echo '$(basedir)/lib/ct.sym'; \
 	  echo '$(basedir)/l

Bug#930404: [Meta] move gitlab back to main from contrib

[Pirate Praveen]

Package: gitlab
Version: 11.8.10+dfsg-1
Severity: wishlist
Control: block -1 by 863293
Control: block -1 by 930372

This is a meta bug to track progress of packaging node dependencies.


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Bug#927851: no empty promises

[andrew glaeser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Just not my fault, if you cannot read this inside of your mobile app, that
you love the most, although might be you have to adapt your preferences and
behaviour to the realities of life:

> andrew@a68n:~$ ssh root@detst
> Linux detst 4.19.0-5-amd64 #1 SMP Debian 4.19.37-3 (2019-05-15) x86_64
> 
> The programs included with the Debian GNU/Linux system are free software;
> the exact distribution terms for each program are described in the
> individual files in /usr/share/doc/*/copyright.
> 
> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
> permitted by applicable law.
> Last login: Wed Jun  5 12:00:13 2019 from 192.168.0.58
> root@detst:~# aptitude update && aptitude upgrade
> Get: 1 http://security.debian.org/debian-security buster/updates InRelease
> [39.1 kB] Get: 2 http://ftp2.de.debian.org/debian buster InRelease [163
> kB] Get: 3 http://packages.x2go.org/debian buster InRelease [26.7
> kB] Get: 4 http://ftp2.de.debian.org/debian buster/main amd64
> Packages.diff/Index [27.9 kB] Get: 5 http://ftp2.de.debian.org/debian
> buster/main Translation-en.diff/Index [27.9 kB] Get: 6
> http://ftp2.de.debian.org/debian buster/contrib amd64 Packages.diff/Index
> [27.8 kB] Get: 7 http://ftp2.de.debian.org/debian buster/contrib
> Translation-en.diff/Index [27.8 kB] Get: 8 http://ftp2.de.debian.org/debian
> buster/main amd64 Packages 2019-06-06-0216.00.pdiff [6,774 B] Get: 9
> http://ftp2.de.debian.org/debian buster/main amd64 Packages
> 2019-06-06-2122.13.pdiff [1,444 B] Get: 10 http://ftp2.de.debian.org/debian
> buster/main amd64 Packages 2019-06-07-0304.14.pdiff [3,534 B] Get: 11
> http://ftp2.de.debian.org/debian buster/main amd64 Packages
> 2019-06-07-1432.00.pdiff [143 B] Get: 12 http://ftp2.de.debian.org/debian
> buster/main amd64 Packages 2019-06-07-2014.58.pdiff [1,138 B] Get: 13
> http://ftp2.de.debian.org/debian buster/main amd64 Packages
> 2019-06-08-0221.39.pdiff [3,791 B] Get: 14 http://ftp2.de.debian.org/debian
> buster/main amd64 Packages 2019-06-08-0812.38.pdiff [619 B] Get: 15
> http://ftp2.de.debian.org/debian buster/main amd64 Packages
> 2019-06-08-1413.01.pdiff [363 B] Get: 16 http://ftp2.de.debian.org/debian
> buster/main amd64 Packages 2019-06-08-2012.44.pdiff [15.5 kB] Get: 17
> http://ftp2.de.debian.org/debian buster/main amd64 Packages
> 2019-06-09-0213.23.pdiff [5,267 B] Get: 18 http://ftp2.de.debian.org/debian
> buster/main amd64 Packages 2019-06-10-0218.27.pdiff [3,240 B] Get: 19
> http://ftp2.de.debian.org/debian buster/main amd64 Packages
> 2019-06-10-1418.10.pdiff [3,982 B] Get: 20 http://ftp2.de.debian.org/debian
> buster/main amd64 Packages 2019-06-11-0218.53.pdiff [1,845 B] Get: 21
> http://ftp2.de.debian.org/debian buster/main amd64 Packages
> 2019-06-12-0212.00.pdiff [4,512 B] Get: 22 http://ftp2.de.debian.org/debian
> buster/main Translation-en 2019-06-07-1432.00.pdiff [33 B] Get: 23
> http://ftp2.de.debian.org/debian buster/main Translation-en
> 2019-06-08-0221.39.pdiff [33 B] Get: 24 http://ftp2.de.debian.org/debian
> buster/main amd64 Packages 2019-06-12-0212.00.pdiff [4,512 B] Get: 25
> http://ftp2.de.debian.org/debian buster/main Translation-en
> 2019-06-11-0218.53.pdiff [239 B] Get: 26 http://ftp2.de.debian.org/debian
> buster/main Translation-en 2019-06-12-0212.00.pdiff [45 B] Get: 27
> http://ftp2.de.debian.org/debian buster/contrib amd64 Packages
> 2019-06-07-0304.14.pdiff [431 B] Get: 28 http://ftp2.de.debian.org/debian
> buster/main Translation-en 2019-06-12-0212.00.pdiff [45 B] Get: 29
> http://ftp2.de.debian.org/debian buster/contrib Translation-en
> 2019-06-07-0304.14.pdiff [169 B] Get: 30 http://ftp2.de.debian.org/debian
> buster/contrib amd64 Packages 2019-06-07-0304.14.pdiff [431 B] Get: 31
> http://ftp2.de.debian.org/debian buster/contrib Translation-en
> 2019-06-07-0304.14.pdiff [169 B] Fetched 393 kB in 7s (58.7 kB/s) Current
> status: 19 (+19) upgradable, 1418 (+1) new. The following packages will be
> upgraded: dpkg gvfs gvfs-common gvfs-daemons gvfs-libs libegl-mesa0
> libegl1-mesa libfaad2 libgbm1 libgl1-mesa-dri libglapi-mesa libglib2.0-0
> libglib2.0-bin libglib2.0-data libglx-mesa0 libxatracker2 mesa-va-drivers
> mesa-vdpau-drivers python3-debian 19 packages upgraded, 0 newly installed,
> 0 to remove and 0 not upgraded. Need to get 18.3 MB of archives. After
> unpacking 17.4 kB will be used. Do you want to continue? [Y/n/?] Get: 1
> http://ftp2.de.debian.org/debian buster/main amd64 dpkg amd64 1.19.7 [2,208
> kB] Get: 2 http://ftp2.de.debian.org/debian buster/main amd64
> libglib2.0-data all 2.58.3-2 [1,109 kB] Get: 3
> http://ftp2.de.debian.org/debian buster/main amd64 libglib2.0-bin amd64
> 2.58.3-2 [125 kB] Get: 4 http://ftp2.de.debian.org/debian buster/main amd64
> libglib2.0-0 amd64 2.58.3-2 [1,259 kB] Get: 5
> http://ftp2.de.debian.org/debian buster/main amd64 gvfs amd64 1.38.1-4 [129
> kB] Get: 6 http://ftp2.de.debian.org/debian buster/main amd64 gvfs-daemons
> amd64 1.38.1-4 [134

Bug#930403: ibod FTCBFS: strips with the wrong strip

[Helmut Grohne]

Source: ibod
Version: 1.5.0-6
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

ibod fails to cross build from source, because its make install passes
the -s flag to install and thus uses the wrong strip. Beyond breaking
cross compilation, this also breaks DEB_BUILD_OPTIONS=nostrip as well as
generating a -dbgsym package. The attached patch disables such stripping
and defers it to dh_strip instead. Please consider not applying the
patch and bumping the compatibility level to 11 or higher. In that
level, debhelper will disable the stripping. Failing that, consider
applying the patch.

Helmut
diff --minimal -Nru ibod-1.5.0/debian/changelog ibod-1.5.0/debian/changelog
--- ibod-1.5.0/debian/changelog 2012-05-29 11:19:25.0 +0200
+++ ibod-1.5.0/debian/changelog 2019-06-12 06:27:08.0 +0200
@@ -1,3 +1,10 @@
+ibod (1.5.0-6.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Don't strip during dh_auto_install. (Closes: #-1)
+
+ -- Helmut Grohne   Wed, 12 Jun 2019 06:27:08 +0200
+
 ibod (1.5.0-6) unstable; urgency=low
 
   * Fix typo in package description. (Closes: #24)
diff --minimal -Nru ibod-1.5.0/debian/rules ibod-1.5.0/debian/rules
--- ibod-1.5.0/debian/rules 2012-05-22 16:46:22.0 +0200
+++ ibod-1.5.0/debian/rules 2019-06-12 06:27:07.0 +0200
@@ -2,6 +2,9 @@
 %:
dh $@
 
+override_dh_auto_install:
+   dh_auto_install -- INSTALL='install --strip-program=true'
+
 override_dh_installppp:
dh_installppp --name=00-ibod
dh_installppp --name=zz-ibod

Bug#930402: kball FTCBFS: uses the build architecture compiler

[Helmut Grohne]

Source: kball
Version: 0.0.20041216-10
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

kball fails to cross build from source, because it uses the build
architecture compiler. It uses a non-standard variable GCC for the
compiler while debhelper passes it as CXX. After renaming the variable,
kball cross builds successfully. Please consider applying the attached
patch.

Helmut
diff --minimal -Nru kball-0.0.20041216/debian/changelog 
kball-0.0.20041216/debian/changelog
--- kball-0.0.20041216/debian/changelog 2016-06-03 09:51:11.0 +0200
+++ kball-0.0.20041216/debian/changelog 2019-06-12 06:18:27.0 +0200
@@ -1,3 +1,10 @@
+kball (0.0.20041216-11) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Pass C++ compiler as GCC. (Closes: #-1)
+
+ -- Helmut Grohne   Wed, 12 Jun 2019 06:18:27 +0200
+
 kball (0.0.20041216-10) unstable; urgency=medium
 
   * Team upload.
diff --minimal -Nru kball-0.0.20041216/debian/rules 
kball-0.0.20041216/debian/rules
--- kball-0.0.20041216/debian/rules 2016-06-03 09:51:11.0 +0200
+++ kball-0.0.20041216/debian/rules 2019-06-12 06:18:24.0 +0200
@@ -14,6 +14,9 @@
$(RM) test_linux.bin
$(RM) test.run
 
+override_dh_auto_build:
+   dh_auto_build -- 'GCC=$$(CXX)'
+
 override_dh_install-indep:
dh_install bin/*.dat usr/share/games/kball
dh_install bin/levels/*.map usr/share/games/kball/levels

Bug#930401: mutter: Crashes on restart if Static Workspaces are enabled (gnome-shell)

[Matthew Gabeler-Lee]

Package: mutter
Version: 3.30.2-7
Severity: normal
Tags: upstream

If you enable static instead of dynamic workspaces, then gnome-shell
segfaults if you restart it.

This has been reported and fixed upstream in 3.32.x, it would be nice if
this fix could be backported to Debian's 3.30.x release.

https://gitlab.gnome.org/GNOME/mutter/issues/479
https://gitlab.gnome.org/GNOME/mutter/merge_requests/466
https://bugs.launchpad.net/ubuntu/+source/mutter/+bug/1796607

Note: I've put "gnome-shell" in the title in the hopes of making it
discoverable by web search, since the user perception is that this happens
when restarting gnome-shell, even though the upstream bug/fix is in mutter.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (490, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mutter depends on:
ii  gnome-settings-daemon-common  3.30.2-3
ii  gsettings-desktop-schemas 3.28.1-1
ii  libc6 2.28-10
ii  libglib2.0-0  2.58.3-2
ii  libmutter-3-0 3.30.2-7
ii  libx11-6  2:1.6.7-1
ii  libxcomposite11:0.4.4-2
ii  mutter-common 3.30.2-7
ii  zenity3.30.0-2

mutter recommends no packages.

Versions of packages mutter suggests:
ii  gnome-control-center  1:3.30.3-1
ii  xdg-user-dirs 0.17-2

-- no debconf information

Bug#930399: python-mode: Pychecker will be removed after buster

[Kenneth Pronovici]

Package: python-mode
Severity: normal

Hi,

This is one of 3 packages in the archive that still depends on
pychecker.

I intend to have the pychecker package removed from unstable a little
while after buster is released.  Besides its lack of support for Python
3, pychecker has been completely unsupported upstream for close to a
decade.  It really should have been removed from the archive years ago.

Since you also suggest pylint, I suspect that you probably just need to
remove or disable the parts of python-mode that use pychecker, and then
remove the dependency.  Or perhaps you can just remove the dependency
and users will get an error if they try to use pychecker and it's not
installed.  (In any case, it's not likely that very many people use the
pychecker features these days.)

If you reply to this bug and let me know how you're intending to handle
this, I will hold off on removing pychecker from the archive until after
you're done with your work.  If I don't hear anything, then I'll move
forward and have the package removed sometime in late July.

Thanks,

KEN

Bug#930398: spe: Pychecker will be removed after buster

[Kenneth Pronovici]

Package: spe
Severity: normal

Hi,

This is one of 3 packages in the archive that still depends on
pychecker.

I intend to have the pychecker package removed from unstable a little
while after buster is released.  Besides its lack of support for Python
3, pychecker has been completely unsupported upstream for close to a
decade.  It really should have been removed from the archive years ago.

I am not sure whether it's possible to convert spe to some alternative
tool, such as pylint.  You may simply need to disable the parts of spe
that depend on pychecker.  Or perhaps spe is obsolete and should itself
be removed from the archive.

If you let me know that you are intending to convert spe to some
alternative and need some time to complete that work, I will hold off on
removing pychecker from the archive until after you're done.  If I don't
hear anything, then I'll move forward and have the package removed
sometime in late July.

Thanks,

KEN

Bug#930400: boa-constructor: Pychecker will be removed after buster

[Kenneth Pronovici]

Package: boa-constructor
Severity: normal

Hi,

This is one of 3 packages in the archive that still depends on
pychecker.

I intend to have the pychecker package removed from unstable a little
while after buster is released.  Besides its lack of support for Python
3, pychecker has been completely unsupported upstream for close to a
decade.  It really should have been removed from the archive years ago.

I am not sure whether it's possible to convert boa-constructor to some
alternative tool, such as pylint.  You may simply need to disable the
parts of boa-constructor that depend on pychecker.  Or perhaps
boa-constructor is obsolete and should itself be removed from the
archive.

If you let me know that you are intending to convert boa-constructor to
some alternative and need some time to complete that work, I will hold
off on removing pychecker from the archive until after you're done.  If
I don't hear anything, then I'll move forward and have the package
removed sometime in late July.

Thanks,

KEN

Bug#930397: [pre-approval] unblock: nano/3.2-3

[Jordi Mallach]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi release team,

Nano's upstream has been focusing on fixing some crashers and hangs lately,
and as nano froze a while back, he was kind enough to backport all the fixes
he deems interesting for the buster release.

The following debdiff adds 7 patches (and renames the already existing one).

All patches are simple, some of them one liners.

If you can signal if this is OK for an upload now, I'll act accordingly ASAP.

unblock nano/3.2-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8), 
LANGUAGE=ca_ES:ca (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru nano-3.2/debian/changelog nano-3.2/debian/changelog
--- nano-3.2/debian/changelog   2019-02-20 12:27:34.0 +0100
+++ nano-3.2/debian/changelog   2019-06-12 02:34:18.0 +0200
@@ -1,3 +1,11 @@
+nano (3.2-3) unstable; urgency=medium
+
+  * Add series of patches from Benno, to address several known crashes and
+hangs, as well as a couple presentation issues.
+  * Add gbp.conf with debian branch pointing to buster.
+
+ -- Jordi Mallach   Wed, 12 Jun 2019 02:34:18 +0200
+
 nano (3.2-2) unstable; urgency=medium
 
   * The "#JoAcuso" release.
diff -Nru nano-3.2/debian/gbp.conf nano-3.2/debian/gbp.conf
--- nano-3.2/debian/gbp.conf1970-01-01 01:00:00.0 +0100
+++ nano-3.2/debian/gbp.conf2019-06-12 02:33:34.0 +0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+pristine-tar = True
+debian-branch = buster
diff -Nru 
nano-3.2/debian/patches/0001-options-exit-on-a-bad-quoting-regex-instead-of-crash.patch
 
nano-3.2/debian/patches/0001-options-exit-on-a-bad-quoting-regex-instead-of-crash.patch
--- 
nano-3.2/debian/patches/0001-options-exit-on-a-bad-quoting-regex-instead-of-crash.patch
 1970-01-01 01:00:00.0 +0100
+++ 
nano-3.2/debian/patches/0001-options-exit-on-a-bad-quoting-regex-instead-of-crash.patch
 2019-06-12 02:26:08.0 +0200
@@ -0,0 +1,46 @@
+From d12fb86e18b826ef7f341c14b27acec4d137f191 Mon Sep 17 00:00:00 2001
+From: David Lawrence Ramsey 
+Date: Mon, 10 Dec 2018 14:25:15 -0600
+Subject: [PATCH 1/8] options: exit on a bad quoting regex, instead of crashing
+ later
+
+The paragraph-jumping functions used the regex unverified...
+
+This fixes https://savannah.gnu.org/bugs/?55169.
+---
+ src/nano.c | 2 ++
+ src/text.c | 5 -
+ 2 files changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/nano.c b/src/nano.c
+index e121722a..9825d457 100644
+--- a/src/nano.c
 b/src/nano.c
+@@ -2481,6 +2481,8 @@ int main(int argc, char **argv)
+ 
+   quoteerr = charalloc(size);
+   regerror(quoterc, "ereg, quoteerr, size);
++
++  die(_("Bad quoting regex \"%s\": %s\n"), quotestr, quoteerr);
+   }
+ #endif /* ENABLE_JUSTIFY */
+ 
+diff --git a/src/text.c b/src/text.c
+index abdd243d..70953379 100644
+--- a/src/text.c
 b/src/text.c
+@@ -2145,11 +2145,6 @@ bool find_paragraph(size_t *const quote, size_t *const 
par)
+   filestruct *current_save;
+   /* The line at the beginning of the paragraph we search for. */
+ 
+-  if (quoterc != 0) {
+-  statusline(ALERT, _("Bad quote string %s: %s"), quotestr, 
quoteerr);
+-  return FALSE;
+-  }
+-
+   /* If we're at the end of the last line of the file, it means that
+* there aren't any paragraphs left, so get out. */
+   if (openfile->current == openfile->filebot && openfile->current_x ==
+-- 
+2.20.1
+
diff -Nru 
nano-3.2/debian/patches/0002-history-use-an-unfreed-position_history-to-avoid-a-p.patch
 
nano-3.2/debian/patches/0002-history-use-an-unfreed-position_history-to-avoid-a-p.patch
--- 
nano-3.2/debian/patches/0002-history-use-an-unfreed-position_history-to-avoid-a-p.patch
 1970-01-01 01:00:00.0 +0100
+++ 
nano-3.2/debian/patches/0002-history-use-an-unfreed-position_history-to-avoid-a-p.patch
 2019-06-12 02:26:08.0 +0200
@@ -0,0 +1,45 @@
+From 2204d14c86f17f13ad1f23e62af80bff406425cb Mon Sep 17 00:00:00 2001
+From: Brand Huntsman 
+Date: Wed, 27 Feb 2019 02:40:18 -0700
+Subject: [PATCH 2/8] history: use an unfreed 'position_history' to avoid a
+ possible crash
+
+The reload_positions_if_needed() routine can free the existing
+'position_history' and allocate a new one.  Using the old one,
+from before the reload, could lead to a crash.
+
+This fixes https://savannah.gnu.org/bugs/?55792.
+Reported-by: Enrico Mioso 
+
+Bug existed since the reloading of the position-history file was
+introduced, a year and a half ago, in commi

Bug#930341: rotix FTCBFS: does not use cross tools

[Raúl Benencia]

Hi Helmut,

On Tue, Jun 11, 2019 at 06:10:28AM +0200, Helmut Grohne wrote:
> Please consider applying the attached patch.

Thanks for the report and, especially, for the patch. I've applied it
along with other routine maintenance changes.

Best wishes,

--
Raúl Benencia


signature.asc
Description: PGP signature

Bug#881544: Epydoc will be removed after buster

[Kenneth Pronovici]

I intend to have the eypdoc package removed from unstable a few weeks after
buster is released. Besides its lack of support for Python 3, epydoc has
been completely unsupported upstream for close to a decade.  It really
should have been removed from the archive years ago.

If you are in the process of migrating and simply need more time, please
reply to this bug and we can come to some sort of arrangement.  Otherwise,
I'm going to have the package removed as planned.  Once the package is
removed, your best short-term solution is to just stop building API
documentation until you find time to convert to another tool.

Thanks,

KEN

-- 
Kenneth J. Pronovici 

Bug#881566: Epydoc will be removed after buster

[Kenneth Pronovici]

Hi,

This bug report is now over 18 months old with no reply.

I intend to have the eypdoc package removed from unstable a few weeks after
buster is released. Besides its lack of support for Python 3, epydoc has
been completely unsupported upstream for close to a decade.  It really
should have been removed from the archive years ago.

If you are in the process of migrating and simply need more time, *please*
reply to this bug and we can come to some sort of arrangement.  Otherwise,
I'm going to have the package removed as planned.  Once the package is
removed, your best short-term solution is to just stop building API
documentation until you find time to convert to another tool.

Thanks,

KEN

-- 
Kenneth J. Pronovici gmail.com>

Bug#881558: Intending to remove epydoc after buster

[Kenneth Pronovici]

Hi,

I just wanted you to know that I am intending to have epydoc removed from
unstable a few weeks after buster is released, along with several other
obsolete Python packages that I maintain.  Besides its lack of support for
Python 3, epydoc has been completely unsupported upstream for close to a
decade.  It really should have been removed from the archive years ago.

If you are in the process of migrating and simply need more time, please
let me know how much time you think you need, and we can come to some sort
of arrangement.   Otherwise, I'm going to have the package removed as
planned.  Once the package is removed, your best short-term solution is to
just stop building API documentation until you find time to convert to
another tool.

Thanks,

KEN

-- 
Kenneth J. Pronovici 

Bug#881546: Epydoc will be removed after buster

[Kenneth Pronovici]

Hi,

This bug report is now over 18 months old with no reply.

I intend to have the eypdoc package removed from unstable a few weeks after
buster is released. Besides its lack of support for Python 3, epydoc has
been completely unsupported upstream for close to a decade.  It really
should have been removed from the archive years ago.

If you are in the process of migrating and simply need more time, *please*
reply to this bug and we can come to some sort of arrangement.  Otherwise,
I'm going to have the package removed as planned.  Once the package is
removed, your best short-term solution is to just stop building API
documentation until you find time to convert to another tool.

Thanks,

KEN

-- 
Kenneth J. Pronovici 

Bug#929182: fluidsynth: no sound by default - soundfont location doesn't exist

[Erich Eickmeyer]

This bug was noticed in the Ubuntu package (inherited from Debian) and 
reported at 
. 
That bug has been linked to this bug.


Erich Eickmeyer
Project Leader
Ubuntu Studio

ubuntustudio.org

Bug#930396: ITP: libdata-dumper-compact-perl -- Uber compact perl5 Data::Dumper wrapper

[Utkarsh Gupta]

Package: wnpp
Severity: wishlist
Owner: Utkarsh Gupta 

* Package name : libdata-dumper-compact-perl
  Version  : 0.004000-1
  Upstream Author  : Matt S Trout
* URL  : https://github.com/shadow-dot-cat/Data-Dumper-Compact
* License  : Artistic or GPL-1+
  Programming Lang : Perl
  Description  : Uber compact perl5 Data::Dumper wrapper

 JSON::Dumper::Compact is a subclass of Data::Dumper::Compact that turns
 arrayrefs and hashrefs instead into JSON.
 .
 Deep data structures are rendered highly compactly.


Best,
Utkarsh

Bug#930168: Confirming the bug on Debian

[Alexander Kernozhitsky]

I also encounter this bug on Debian Buster.

But I manually disabled all the AppStream and DEP-11 metadata from apt 
configs, so this may be the reason.

Can anyone reproduce this on a clean system?

-- 
Alexander Kernozhitsky

Bug#928185: unblock: openjdk-11/11.0.3+7-4

[Moritz Mühlenhoff]

On Mon, Jun 10, 2019 at 09:46:41PM -0700, tony mancill wrote:
> I am not a member of the OpenJDK team and contributed far less to the
> JDK 8 -> 11 transition than Emmanuel has.  If he and Matthias are in
> agreement and the plan is palatable to the Release and Security Teams,
> that's ideal.

I don't have any preference either, just adding my 2 cents here; with
our buster release set to 6th of July and the next Oracle CPU set for
July 16, we'll ship a non-GA release of Java for maybe two, at most three
weeks (as buster-security will rebase to the next openjdk-11 following
the CPU). I'm also fairly sure we've shipped non-GA releases for openjdk-8
before?

In any case, whether we go with t-p-u or unblocking the sid version,
we should fix a solution before the release and not ship buster with
the unfixed issues from the April CPU :-)

Cheers,
Moritz

Bug#930395: u-boot-menu doesn't allow setting U_BOOT_MENU_LABEL

[Steev Klimaszewski]

Package: u-boot-menu

Version: 3

Tags: patch

The default file shows that we should be able to set the
U_BOOT_MENU_LABEL option in /etc/default/u-boot however, in the actual
u-boot-update script, U_BOOT_MENU_LABEL is hardcoded to "Debian
GNU/Linux kernel" instead of allowing it to be different like the other
variables.  I've created a merge request (which is why I've tagged this
as patch) at
https://salsa.debian.org/debian/u-boot-menu/merge_requests/1 - I wasn't
sure whether to do it there, or on the github that is listed as the
homepage as the github repo doesn't show any activity in 2 years.

Bug#911844: okular: Prints to the wrong printer

[Martin Steigerwald]

Martin Steigerwald - 11.06.19, 23:37:
> > I used the neon-user-20190606-1138.iso (okular 19.04.1). Everything
> > behaved normally. No observed bug there. Okular 18.04 from
> > experimental wouldn't install because of unmet depenencies. Another
> > time, perhaps.
> 
> Hmmm, so it works okay with okular 19.04.1.
> 
> That means somewhere between 17.12 and 19.04.1 is a bug fix for the
> issue you reported. Maybe upstream has an idea which one it might be.
> At this point I believe all that could be done would be to find and
> then backport that fix, as Debian is in deep freeze and packaging
> 19.04 thus out of scope.

Well it would be helpful to test with versions in between.

So in case you are still having fun with that, Brian, that would be 
something you could do :). One way might be to test with Ubuntu live 
systems of different versions. Another way would be to build the thing 
yourself and do a git bisect. But well maybe upstream has an idea.

-- 
Martin

Bug#911844: okular: Prints to the wrong printer

[Martin Steigerwald]

Hi Brian.

Brian Potkin - 11.06.19, 21:13:
> On Tue 11 Jun 2019 at 13:20:40 +0200, Martin Steigerwald wrote:
> > Brian Potkin - 11.06.19, 10:42:
> > > On Tue 11 Jun 2019 at 09:53:50 +0200, Martin Steigerwald wrote:
> > […]
> > 
> > > > Two ways to use your (and our) time in a more productive manner
> > > > are:
> > > > 
> > > > 1) Retest with Okular 18.04 from Debian experimental (in case
> > > > you
> > > > run
> > > > buster/sid). Or start KDE Neon in a machine and try with the
> > > > newest
> > > > Okular available there.
> > > 
> > > There might be time for me to do both of these today or tomorrow.
> > 
> > Wonderful.
> 
> And good fun.

Thank you for your contribution.

> I used the neon-user-20190606-1138.iso (okular 19.04.1). Everything
> behaved normally. No observed bug there. Okular 18.04 from
> experimental wouldn't install because of unmet depenencies. Another
> time, perhaps.

Hmmm, so it works okay with okular 19.04.1.

That means somewhere between 17.12 and 19.04.1 is a bug fix for the issue 
you reported. Maybe upstream has an idea which one it might be. At this 
point I believe all that could be done would be to find and then backport 
that fix, as Debian is in deep freeze and packaging 19.04 thus out of 
scope.

Thanks,
-- 
Martin

Bug#771339: linux: linux-headers 3.16 Makefile contains VERSION=2 PATCHLEVEL=6

[Fab Stz]

Le mardi 11 juin 2019, 21:41:25 CEST Ben Hutchings a écrit :
> They should be using "make kernelversion" instead of looking for
> variable assignments the Makefile.
> 
> This is not even a Debian-specific problem any more.  Looking for
> variable assignments in the Makefile will break whenever the kernel is
> built out-of-tree (since Linux 4.20).

Oh, ok. Thank you for the tip.

Bug#930394: unblock: usrmerge/22

[Marco d'Itri]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package usrmerge to support installing the fixed 
molly-guard in buster.

unblock usrmerge/22


diff -Nru usrmerge-21/debian/changelog usrmerge-22/debian/changelog
--- usrmerge-21/debian/changelog2019-02-17 17:44:25.0 +0100
+++ usrmerge-22/debian/changelog2019-06-09 14:54:21.0 +0200
@@ -1,3 +1,10 @@
+usrmerge (22) unstable; urgency=medium
+
+  * Added a version to the conflict with molly-guard (see #914716).
+(Closes: #914716)
+
+ -- Marco d'Itri   Sun, 09 Jun 2019 14:54:21 +0200
+
 usrmerge (21) unstable; urgency=medium
 
   * Added a version to the conflict with ebtables (see #912046).
diff -Nru usrmerge-21/debian/control usrmerge-22/debian/control
--- usrmerge-21/debian/control  2019-02-17 17:41:06.0 +0100
+++ usrmerge-22/debian/control  2019-06-07 23:58:57.0 +0200
@@ -2,7 +2,7 @@
 Section: admin
 Priority: optional
 Maintainer: Marco d'Itri 
-Standards-Version: 4.2.1.1
+Standards-Version: 4.3.0.3
 Rules-Requires-Root: no
 Build-Depends: debhelper (>= 10), po-debconf
 Vcs-Git: https://salsa.debian.org/md/usrmerge.git
@@ -34,7 +34,7 @@
  libpng12-0 (<< 1.2.54-4~),
  libusb-0.1-4 (<< 2:0.1.12-28~),
  mksh (<< 52b-1~),
- molly-guard,
+ molly-guard (<< 0.7.1+exp1~),
  musl-dev (<< 1.1.9-1.1~),
  nano (<< 2.3.99pre3-1~),
  open-iscsi (<< 2.0.873+git0.3b4b4500-13~),


-- 
ciao,
Marco


signature.asc
Description: PGP signature

Bug#771339: linux: linux-headers 3.16 Makefile contains VERSION=2 PATCHLEVEL=6

[Ben Hutchings]

On Tue, 2019-06-11 at 17:01 +0200, Fab Stz wrote:
> Source: linux
> Version: 4.9.0 or 4.19... probably any
> Followup-For: Bug #771339
> 
> Dear Maintainer,
> 
> This bug still exists in linux 4.9 and 4.19 (stretch, stretch-backports and
> also buster)
> 
> Like the first reporter, I tried compiling the amdgpu driver provided by AMD
> (through DKMS) and it is searching for the kernel version in that file.
> 
> As a workaroung in the meantime, I manually set VERSION to 4 and PATCHLEVEL to
> 19 in /usr/src/linux-headers-4.9.0-9-amd64/Makefile
> or the equivalent for 4.19

They should be using "make kernelversion" instead of looking for
variable assignments the Makefile.

This is not even a Debian-specific problem any more.  Looking for
variable assignments in the Makefile will break whenever the kernel is
built out-of-tree (since Linux 4.20).

Ben.

-- 
Ben Hutchings
For every complex problem
there is a solution that is simple, neat, and wrong.




signature.asc
Description: This is a digitally signed message part

Bug#930351: linux-image-4.9.0-9-amd64: soft lockup / stuck in pid_revalidate

[Ben Hutchings]

On Tue, 2019-06-11 at 10:13 +0200, Bernhard M. Wiedemann wrote:
[...]
>  kernel:[1616241.072680] NMI watchdog: BUG: soft lockup - CPU#5 stuck for 
> 22s! [ps:28525]
> 
> [1626796.848128] CPU: 5 PID: 28525 Comm: ps Tainted: G  D  L  
> 4.9.0-9-amd64 #1 Debian 4.9.168-1+deb9u2
[...]

Please provide the log for the first BUG/Oops error, which will incldue
the text "Not tainted" instead of "Tainted: ..."

Ben.

-- 
Ben Hutchings
For every complex problem
there is a solution that is simple, neat, and wrong.




signature.asc
Description: This is a digitally signed message part

Bug#930392: unblock: ibus-sunpinyin/2.0.3+git20181120-4

[Boyuan Yang]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: debian-input-met...@lists.debian.org idaob...@gmail.com

Please unblock ibus-sunpinyin 2.0.3+git20181120-4. This upload fixes 
https://bugs.debian.org/929078 , which caused crash when the user is trying to
save settings for this input method.

The full debdiff is pasted below. Please let me know if there are any issues.

Regards,
Boyuan Yang



diff -Nru ibus-sunpinyin-2.0.3+git20181120/debian/changelog ibus-sunpinyin-
2.0.3+git20181120/debian/changelog
--- ibus-sunpinyin-2.0.3+git20181120/debian/changelog   2018-11-20
15:38:43.0 -0500
+++ ibus-sunpinyin-2.0.3+git20181120/debian/changelog   2019-06-11
13:40:06.0 -0400
@@ -1,3 +1,29 @@
+ibus-sunpinyin (2.0.3+git20181120-4) unstable; urgency=medium
+
+  * Team upload.
+  * debian/patches/0003-Fix-upstream-issue-85: Rework again on the
+patch to fix issues introduced in the previous uploads. (really
+really closes: #929078).
+
+ -- Boyuan Yang   Tue, 11 Jun 2019 13:40:06 -0400
+
+ibus-sunpinyin (2.0.3+git20181120-3) unstable; urgency=high
+
+  * Team upload.
+  * debian/patches/0003-Fix-upstream-issue-85: Rework on the patch
+to fix issues introduced in the previous upload. (really
+closes: #929078).
+
+ -- Boyuan Yang   Tue, 11 Jun 2019 12:07:21 -0400
+
+ibus-sunpinyin (2.0.3+git20181120-2) unstable; urgency=high
+
+  * Team upload.
+  * debian/patches: Cherry-pick upstream patch to fix crashing
+when trying to save user settings. (Closes: #929078)
+
+ -- Boyuan Yang   Mon, 10 Jun 2019 12:41:17 -0400
+
 ibus-sunpinyin (2.0.3+git20181120-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru ibus-sunpinyin-2.0.3+git20181120/debian/patches/0003-Fix-upstream-
issue-85-the-config-value-is-glib.Varia.patch ibus-sunpinyin-
2.0.3+git20181120/debian/patches/0003-Fix-upstream-issue-85-the-config-value-
is-glib.Varia.patch
--- ibus-sunpinyin-2.0.3+git20181120/debian/patches/0003-Fix-upstream-issue-
85-the-config-value-is-glib.Varia.patch 1969-12-31 19:00:00.0
-0500
+++ ibus-sunpinyin-2.0.3+git20181120/debian/patches/0003-Fix-upstream-issue-
85-the-config-value-is-glib.Varia.patch 2019-06-11 13:40:02.0
-0400
@@ -0,0 +1,64 @@
+From: Boyuan Yang 
+Date: Tue, 11 Jun 2019 12:06:51 -0400
+Subject: Fix upstream issue 85: the config value is glib.Variant
+
+Bug-Debian: https://bugs.debian.org/929078
+Forwarded: https://github.com/sunpinyin/sunpinyin/issues/85
+Applied-Upstream: https://github.com/sunpinyin/sunpinyin/pull/86
+Signed-off-by: LI Daobing 
+Signed-off-by: Boyuan Yang 
+Last-Update: 2019-06-11
+---
+ setup/main.py | 19 +++
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/setup/main.py b/setup/main.py
+index e20a3a5..aaa4a7d 100644
+--- a/setup/main.py
 b/setup/main.py
+@@ -39,10 +39,13 @@ import os
+ from os import path
+ try:
+ import gtk
++import glib
+ except ImportError:
+ from gi import require_version as gi_require_version
+ gi_require_version('Gtk', '3.0')
++gi_require_version('GLib', '2.0')
+ from gi.repository import Gtk as gtk
++from gi.repository import GLib as glib
+ try:
+ import ibus
+ except ImportError:
+@@ -69,19 +72,27 @@ class Option(object):
+ it is used to synchronize the configuration with setting on user
interface
+ """
+ config = ibus.Bus().get_config()
+-
++
++__wrappers = {
++type(True): glib.Variant.new_boolean,
++type(1): glib.Variant.new_int32,
++type('str'): glib.Variant.new_string,
++type([]): glib.Variant.new_strv,
++}
++
+ def __init__(self, name, default):
+ self.name = name
+ self.default = default
++self.__wrap = self.__wrappers[type(self.default)]
+ 
+ def read(self):
+ section, key = self.__get_config_name()
+-return self.config.get_value(section, key, self.default)
++wrapped = self.config.get_value(section, key)
++return self.default if wrapped is None else wrapped.unpack()
+ 
+ def write(self, v):
+ section, key = self.__get_config_name()
+-return self.config.set_value(section, key, type(self.default)(v))
+-
++return self.config.set_value(section, key, self.__wrap(v))
+
+ def __get_config_name(self):
+ keys = self.name.rsplit(SEPARATOR ,1)
diff -Nru ibus-sunpinyin-2.0.3+git20181120/debian/patches/series ibus-
sunpinyin-2.0.3+git20181120/debian/patches/series
--- ibus-sunpinyin-2.0.3+git20181120/debian/patches/series  2018-11-20
15:37:17.0 -0500
+++ ibus-sunpinyin-2.0.3+git20181120/debian/patches/series  2019-06-11
13:40:02.0 -0400
@@ -1,2 +1,3 @@
 libexecdir.patch
 0003-setup-ibus-setup-sunpinyin.in-Use-python3-explicitly.patch
+0003-Fix-upstream-issue-85-the-config-value-is-glib.Varia.patch


signature.asc
Description: This is a digitally signed message part

Bug#930393: RFS: aqemu/0.9.2-2.3 [NMU] [RC] -- Fix #927126 including suggestion from #929342 - aqemu: after updating can't open VMs

[Alexis Murzeau]

Package: sponsorship-requests
Severity: important
X-Debbugs-CC: Ignace Mouzannar 
X-Debbugs-CC: Abhijith PA 

Dear mentors,

I am looking for a sponsor for a NMU of "aqemu" to fix this RC bug:
#927126  - aqemu: after updating can't open VMs [0].
This bug was fixed in previous NMU aqemu/0.9.2-2.2 bug after discussion
with release team in #929342 [1], I modified the fix before being able
to migrate to buster.

This NMU remove references to VLANs in the description texts.

The maintainer has not responded to this bug at all, nor other bugs on
this package since 26/07/2016.

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927126
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929342#10

 * Package name: aqemu
   Version : 0.9.2-2.3
   Upstream Author : Andrey Rijov, Tobias Gläßer
 * URL : https://sourceforge.net/projects/aqemu/,
 https://github.com/tobimensch/aqemu
 * License : GPL-2+, BSD-3-clause
   Section : x11

It builds those binary packages:

  aqemu - Qt5 front-end for QEMU and KVM

To access further information about this package, please visit the
following URL:
  https://mentors.debian.net/package/aqemu


Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/a/aqemu/aqemu_0.9.2-2.3.dsc

Changes since the last upload in unstable:
aqemu (0.9.2-2.3) unstable; urgency=medium

  * Non-maintainer upload.
  *
debian/patches/0002-Remove-VLAN-stuff-QEMU-doesn-t-support-it-anymore.patch
- Remove "Virtual LAN" references in description texts.

 -- Alexis Murzeau   Sun, 26 May 2019 01:03:06 +0200

Additional change since the version in buster:
aqemu (0.9.2-2.2) unstable; urgency=medium

  * Non-maintainer upload.
  *
debian/patches/0002-Remove-VLAN-stuff-QEMU-doesn-t-support-it-anymore.patch
- Fix "after updating can't open VMs": Remove vlan related options.
(Closes: #927126)

 -- Alexis Murzeau   Fri, 17 May 2019 00:55:49 +0200

Source packages diff is in attachment and can be viewed here:
https://salsa.debian.org/amurzeau-guest/aqemu/compare/debian%2F0.9.2-2.2...debian%2F0.9.2-2.3


Regards,
-- 
Alexis Murzeau
PGP: B7E6 0EBB 9293 7B06 BDBC  2787 E7BD 1904 F480 937F
From 26087ea3c3700bc5a019ae8cc0f84eb14954ef3d Mon Sep 17 00:00:00 2001
From: Alexis Murzeau 
Date: Sun, 26 May 2019 01:02:34 +0200
Subject: [PATCH] Remove Virtual LAN references in description texts

---
 debian/changelog |  8 
 ...N-stuff-QEMU-doesn-t-support-it-anymore.patch | 16 
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b65fecf..24da78a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+aqemu (0.9.2-2.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/patches/0002-Remove-VLAN-stuff-QEMU-doesn-t-support-it-anymore.patch
+- Remove "Virtual LAN" references in description texts.
+
+ -- Alexis Murzeau   Sun, 26 May 2019 01:03:06 +0200
+
 aqemu (0.9.2-2.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --git 
a/debian/patches/0002-Remove-VLAN-stuff-QEMU-doesn-t-support-it-anymore.patch 
b/debian/patches/0002-Remove-VLAN-stuff-QEMU-doesn-t-support-it-anymore.patch
index 1e1014c..53591b4 100644
--- 
a/debian/patches/0002-Remove-VLAN-stuff-QEMU-doesn-t-support-it-anymore.patch
+++ 
b/debian/patches/0002-Remove-VLAN-stuff-QEMU-doesn-t-support-it-anymore.patch
@@ -41,7 +41,7 @@ QEMU can work again.
 +  // -net nic[,macaddr=addr][,model=type][,name=name]
if( ui.CB_Network_Type->currentText() == "nic" )
 -  QMessageBox::information( this, tr("nic"), tr("-net 
nic[,vlan=n][,macaddr=addr][,model=type][,name=name] \nCreate a new Network 
Interface Card and connect it to VLAN n (n = 0 is the default). The NIC is an 
ne2k_pci by default on the PC target. Optionally, the MAC address can be 
changed to addr and a name can be assigned for use in monitor commands. If no 
\'-net\' option is specified, a single NIC is created. Qemu can emulate several 
different models of network card. Valid values for type are i82551, i82557b, 
i82559er, ne2k_pci, ne2k_isa, pcnet, rtl8139, e1000, smc91c111, lance and 
mcf_fec. Not all devices are supported on all targets. Use -net nic,model=? for 
a list of available devices for your target.") );
-+  QMessageBox::information( this, tr("nic"), tr("-net 
nic[,macaddr=addr][,model=type][,name=name] \nCreate a new Network Interface 
Card and connect it to Virtual LAN n (n = 0 is the default). The NIC is an 
ne2k_pci by default on the PC target. Optionally, the MAC address can be 
changed to addr and a name can be assigned for use in monitor commands. If no 
\'-net\' option is specified, a single NIC is created. Qemu can emulate several 
different models of network card. Valid values for type are i82551, i82557b, 
i82559er, ne2k_pci, ne2k_isa, pcnet, rtl8139, e1000, smc91c11

Bug#927126: Fwd: Bug#929342: unblock: aqemu/0.9.2-2.2

[Alexis Murzeau]

Le 11/06/2019 à 21:58, Paul Gevers a écrit :
> Hi Alexis,
> 
> [Note: when you think you have covered questions asked, please remove
> the moreinfo tag, as it will make the bug show up in the list of bugs
> that need attention from us].

Ok, I guess that tag should be removed once aqemu/0.9.2-2.3 enter
unstable, right ?

> 
> On 06-06-2019 22:16, Alexis Murzeau wrote:
>> The modification I've done in version aqemu/0.9.2-2.3 specifically fix
>> descriptions that was referring to VLAN or Virtual LAN (all instances)
>> as reported by Jonathan.
>> I've reused the description of the various command line arguments that
>> no longer accept the vlan parameter from the qemu man page.
>>
>> (aqemu/0.9.2-2.3 is not in unstable as of now).
>>
>> This is the diff between aqemu/0.9.2-2.2 (unstable) and aqemu/0.9.2-2.3
>> (upload candidate on mentors.debian.net):
>>
>> https://salsa.debian.org/amurzeau-guest/aqemu/compare/debian%2F0.9.2-2.2...debian%2F0.9.2-2.3#380c8035425c8dcf8fb5ead9e2d4e5bc1a9f7192
> 
> This looks OK, so I think it is best to find a sponsor to upload that,
> such that we can proceed with unblocking when the full patch is reviewed.
> 
>> And the diff between actual buster version (aqemu/0.9.2-2.1) and
>> aqemu/0.9.2-2.3:
>>
>> https://salsa.debian.org/amurzeau-guest/aqemu/compare/debian%2F0.9.2-2.1...debian%2F0.9.2-2.3
> 
> I specifically note that I have *not* checked the full diff.
> 
> Paul
> 

I will make an RFS since Abhijith does not seem available to do the upload.

-- 
Alexis Murzeau
PGP: B7E6 0EBB 9293 7B06 BDBC  2787 E7BD 1904 F480 937F



signature.asc
Description: OpenPGP digital signature

Bug#930390: patch

[dann frazier]

From: Robert McMahon 
Subject: [PATCH] fix latent bug in signal handling, per POSIX calling exit()
 in signal handler is not safe.  Use _exit() instead.  Also, detect the user
 signal SIGINT for the case of server needing two invocations to stop server
 threads.  Note: the server threads still need some work from graceful
 termination with a single ctrl-c
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930390
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1832401
Last-Update: 2019-06-11
Applied-Upstream: https://sourceforge.net/p/iperf2/code/ci/7c0ac64ebea38d0d9ff4d160db4d33bc087a3490/

diff --git a/compat/signal.c b/compat/signal.c
index 92ddc25..48a0f9d 100644
--- a/compat/signal.c
+++ b/compat/signal.c
@@ -171,7 +171,7 @@ void sig_exit( int inSigno ) {
 static int num = 0;
 if ( num++ == 0 ) {
 fflush( 0 );
-exit( 0 );
+	_exit(0);
 }
 } /* end sig_exit */
 
diff --git a/src/main.cpp b/src/main.cpp
index 53069fd..2a70e8e 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -268,7 +268,7 @@ void Sig_Interupt( int inSigno ) {
 // We try to not allow a single interrupt handled by multiple threads
 // to completely kill the app so we save off the first thread ID
 // then that is the only thread that can supply the next interrupt
-if ( thread_equalid( sThread, thread_zeroid() ) ) {
+if ( (inSigno == SIGINT) && thread_equalid( sThread, thread_zeroid() ) ) {
 sThread = thread_getid();
 } else if ( thread_equalid( sThread, thread_getid() ) ) {
 sig_exit( inSigno );
@@ -420,9 +420,3 @@ VOID ServiceStop() {
 }
 
 #endif
-
-
-
-
-
-
-- 
2.20.1

Bug#927126: Fwd: Bug#929342: unblock: aqemu/0.9.2-2.2

[Paul Gevers]

Hi Alexis,

[Note: when you think you have covered questions asked, please remove
the moreinfo tag, as it will make the bug show up in the list of bugs
that need attention from us].

On 06-06-2019 22:16, Alexis Murzeau wrote:
> The modification I've done in version aqemu/0.9.2-2.3 specifically fix
> descriptions that was referring to VLAN or Virtual LAN (all instances)
> as reported by Jonathan.
> I've reused the description of the various command line arguments that
> no longer accept the vlan parameter from the qemu man page.
> 
> (aqemu/0.9.2-2.3 is not in unstable as of now).
> 
> This is the diff between aqemu/0.9.2-2.2 (unstable) and aqemu/0.9.2-2.3
> (upload candidate on mentors.debian.net):
> 
> https://salsa.debian.org/amurzeau-guest/aqemu/compare/debian%2F0.9.2-2.2...debian%2F0.9.2-2.3#380c8035425c8dcf8fb5ead9e2d4e5bc1a9f7192

This looks OK, so I think it is best to find a sponsor to upload that,
such that we can proceed with unblocking when the full patch is reviewed.

> And the diff between actual buster version (aqemu/0.9.2-2.1) and
> aqemu/0.9.2-2.3:
> 
> https://salsa.debian.org/amurzeau-guest/aqemu/compare/debian%2F0.9.2-2.1...debian%2F0.9.2-2.3

I specifically note that I have *not* checked the full diff.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#930391: frei0r-plugins-dev: Missing header files in /usr/include directory

[Laurent BRULET]

Package: frei0r-plugins-dev
Version: 1.6.1-2
Severity: important

Dear Maintainer,

I was trying to build a frei0r plugin I wrote in C++. But the compilation
failed because the header file frei0r.hpp was not present in /usr/include

The unique present header file is frei0r.h which allows to build C plugins
only,
and with limited functionality.

Note : The problem is also present in upstream distribution.

Please find a patch below, which may allow to install these headers.

Regards,



diff -ru a/CMakeLists.txt b/CMakeLists.txt
--- a/CMakeLists.txt2017-05-31 07:57:25.0 +0200
+++ b/CMakeLists.txt2019-06-11 21:22:25.637472171 +0200
@@ -46,7 +46,10 @@
 INCLUDE( cmake/modules/TargetDistclean.cmake OPTIONAL)

 # See this thread for a ridiculous discussion about the simple question how to
install a header file with CMake:
http://www.cmake.org/pipermail/cmake/2009-October/032874.html
-install (DIRECTORY include DESTINATION . FILES_MATCHING PATTERN "frei0r.h"
PATTERN "msvc" EXCLUDE)
+install (DIRECTORY include DESTINATION . FILES_MATCHING
+PATTERN "frei0r*.h"
+PATTERN "frei0r*.hpp"
+PATTERN "msvc" EXCLUDE)

 add_subdirectory (doc)
 add_subdirectory (src)



-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/6 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

Bug#930390: iperf server will not exit

[dann frazier]

Package: iperf
Version: 2.0.12+dfsg1-2
Severity: important
Tags: patch, upstream

After running some iperf testing, ^c'ing the server fails:

$ iperf -s

Server listening on TCP port 5001
TCP window size:  128 KByte (default)

[..]
[ 19]  0.0- 0.7 sec  5.75 MBytes  65.2 Mbits/sec
^CWaiting for server threads to complete. Interrupt again to force quit.
^C^C^C

This is addressed by upstream commit:
  
https://sourceforge.net/p/iperf2/code/ci/7c0ac64ebea38d0d9ff4d160db4d33bc087a3490/

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages iperf depends on:
ii  libc6   2.28-10
ii  libgcc1 1:8.3.0-7
ii  libstdc++6  8.3.0-7

iperf recommends no packages.

iperf suggests no packages.

-- no debconf information

Bug#930389: twisted: CVE-2019-12387

[Salvatore Bonaccorso]

Source: twisted
Version: 18.9.0-3
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for twisted.

CVE-2019-12387[0]:
| In Twisted before 19.2.1, twisted.web did not validate or sanitize
| URIs or HTTP methods, allowing an attacker to inject invalid
| characters such as CRLF.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12387
[1] 
https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
[2] 

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#930388: ruby-openid: CVE-2019-11027

[Salvatore Bonaccorso]

Source: ruby-openid
Version: 2.7.0debian-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/openid/ruby-openid/issues/122

Hi,

The following vulnerability was published for ruby-openid.

CVE-2019-11027[0]:
| Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable
| flaw. This library is used by Rails web applications to integrate with
| OpenID Providers. Severity can range from medium to critical,
| depending on how a web application developer chose to employ the ruby-
| openid library. Developers who based their OpenID integration heavily
| on the "example app" provided by the project are at highest risk.

Unfortunately there very scarce information available for this issue.
SuSE folks did try to ask upstream in [1]. Originally the assignement
seems to come from [2], but this as well does practiaclly not give
enough information.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-11027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11027
[1] https://github.com/openid/ruby-openid/issues/122
[2] https://marc.info/?l=openid-security&m=155154717027534&w=2

Regards,
Salvatore

Bug#926434: fixed (in my point of view) & not listetd in "netinst.iso-image Debian 9.9"

[Martin Kubiak]

Hi Julian,

I answered your question of defining the upstream-mirror correctly at 
"05.04.2019, 18:07". So I thought it is done.


Isn't it?

It seems to be open:
 * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926434

And another part:

Today I installed a new machine and wondered that debian.tu-bs.de is not 
listed any more in the mirrors list. Why? Do I have to mirror from 
another source?


Thanks a lot in advance to know what to be done to be listed again,

Martin

Bug#930373: Shotwell: double clicking on the image viewer freezes an image of the picture. Reboot required

[Fran Glais]

Hello Jörg,

Thank you for your prompt reply.

You can find the output requested below.

As for reproducing this bug, it was mentioned upstream that it could be
hardware related. I'm running Debian with Sandybridge integrated graphics
(2450M to be more specific).
Upstream issue: https://gitlab.gnome.org/GNOME/shotwell/issues/26

The screencast provided in the link shows exactly my issue. What is not
shown is that the image persists on screen even upon locking the screen or
logging out.

Best regards,
Fran


$ dconf dump /org/yorba/shotwell/
[preferences/export]
export-metadata=true
photo-file-format='PNG'
constraint='ORIGINAL'
export-format-mode='SPECIFIED'
quality='HIGH'
scale=1200

[preferences/ui]
sidebar-position=180
display-sidebar=true
pin-toolbar-state=false
display-basic-properties=true
display-photo-tags=true
display-search-bar=false
display-photo-titles=false
show-welcome-dialog=false
display-photo-ratings=true
events-sort-ascending=false
library-photos-sort-by=2
library-photos-sort-ascending=false
display-photo-comments=false

[preferences/window]
direct-maximize=false
direct-height=1053
direct-width=1866
library-height=741
library-width=1315
library-maximize=false

[crop-settings]
last-crop-height=1
last-crop-width=1
last-crop-menu-choice=0

[printing]
content-width=20.545531914893619
titles-font='Sans Bold 12'
content-units=2
images-per-page=1
size-selection=11
content-ppi=200
print-titles=false
match-aspect-ratio=true
content-height=13.0
content-layout=3

On Tue, Jun 11, 2019 at 2:23 PM Jörg Frings-Fürst  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
>
> Am Dienstag, den 11.06.2019, 20:19 +0200 schrieb Jörg Frings-Fürst:
> [...]
> > Hello Fran,
> >
> 8...]
> > Please can you send me the output of
> >
> > dconf dump /org/yorba/shotwell
> >
> [...]
>
> Sorry this must be
>
> dconf dump /org/yorba/shotwell/
>
>
> CU
> Jörg
> - --
> New:
> GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
> GPG key (long) : 09F89F3C8CA1D25D
> GPG Key: 8CA1D25D
> CAcert Key S/N : 0E:D4:56
>
> Old pgp Key: BE581B6E (revoked since 2014-12-31).
>
> Jörg Frings-Fürst
> D-54470 Lieser
>
>
> git:  https://jff.email/cgit/
>
> Threema:  SYR8SJXB
> Wire: @joergfringsfuerst
> Skype:joergpenguin
> Ring: jff
> Telegram: @joergfringsfuerst
>
>
> My wish list:
>  - Please send me a picture from the nature at your home.
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAlz/8ZcACgkQCfifPIyh
> 0l30Jg/9EbskosTzqgyrTSpeY5kC+8zPvpLkBBFBBIWd5v7Fopskjxe8VTSzuHQ+
> FPQc2t5HarZPRlz2+WtKFHoc43QTo/jKvWvR5bQbdpFgafJFDfNacuJZeWd4+JXO
> lfqThVfwVseklGjNwhdOvEi7D62+R+7SV5uYWUlcEXCf5800+Fspw/149lwLAgpT
> 79VGf2iKw80YDkwVA/1qfsJtotEpQSD5+gp3Lgfao32gRhv41WpWqNEWAJRYpN2u
> lZk9JlkWtvcVPrGKJhQP8NjTJle31d7Le+fVRI8qeK47bxXohGi4sgvDwDTMqchZ
> XjNKXl3apFZ4fGeVd/GfknwO2fUaE3qBElegYtG75qd7ciepyWp4JeMPEkUxs/vk
> WwRaeqioauteQIg4Uy74d58EmXLO475nmlK0wP6L2MpCMtMKCTcD2ldSWvQ6h/yL
> PmxOKZKfZFrqnEjN8UYqqL5/SY+c8B689ar1MBMwkWUVpW6ftSkwcWxXmZ3hBqsS
> 14bISjmef2OHmMpKaDbmOtFrD7opO9p+kNNzW1tA+VAnRjI7gb71khY/hx0HRHh3
> Du4r996c/DEbJFQ0+4bOz8EwopaUmnVfI6+uiZpUwg7M5AcXY/AgUy/pRV7Id7Z3
> c7qWI4Z2zTl0gmUX/eixXk8Xfe4rWlPSTudKLd9RM4OsU48kBQQ=
> =zJrb
> -END PGP SIGNATURE-
>
>

Bug#930386: patch

[dann frazier]

From: Robert McMahon 
Subject: [PATCH] increase listen backlog limit to much larger value
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930386
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1832399
Last-Update: 2019-06-11
Applied-Upstream: https://sourceforge.net/p/iperf2/code/ci/4565c2ce318318a8a1d4578bab78c0e03fb49437/
[ dannf: Removed incidental version number changes from commit ]

diff --git a/src/Listener.cpp b/src/Listener.cpp
index 6d28c9b..983da07 100644
--- a/src/Listener.cpp
+++ b/src/Listener.cpp
@@ -73,6 +73,7 @@
 
 #define HEADERS()
 
+#include 
 #include "headers.h"
 #include "Listener.hpp"
 #include "SocketAddr.h"
@@ -388,9 +389,9 @@ void Listener::Listen( ) {
 	FAIL_errno( rc == SOCKET_ERROR, "bind", mSettings );
 	}
 // listen for connections (TCP only).
-// default backlog traditionally 5
+// use large (INT_MAX) backlog allowing multiple simultaneous connections
 if ( !isUDP( mSettings ) ) {
-	rc = listen( mSettings->mSock, 5 );
+	rc = listen( mSettings->mSock, INT_MAX );
 	WARN_errno( rc == SOCKET_ERROR, "listen" );
 }
 
-- 
2.20.1

Bug#928770: closed by Laszlo Boszormenyi (GCS) (Bug#928770: fixed in sqlite3 3.27.2-3)

[Salvatore Bonaccorso]

Hi!

On Tue, Jun 11, 2019 at 07:24:06AM +0200, László Böszörményi (GCS) wrote:
> Hi Salvatore,
> 
> On Tue, Jun 11, 2019 at 6:18 AM Salvatore Bonaccorso  
> wrote:
> > On Mon, Jun 10, 2019 at 05:06:07PM +, Debian Bug Tracking System wrote:
> > >  sqlite3 (3.27.2-3) unstable; urgency=high
> > >  .
> > >* Backport security related patches:
> > [...]
> > >  - prevent aliases of window functions expressions from being used as
> > >arguments to aggregate or other window functions (probably fixing
> > >CVE-2019-5018) (closes: #928770),
> >
> > Did you got any upstream confirmation or from TALOS project that this
> > one was the right fixes to pick for the CVE-2019-5018 issue?
>  I can't find a contact method for TALOS project. Upstream says they
> don't know what's CVE-2019-5018 but I can assemble the PoC from the
> TALOS report page. As they know / read the issue it is fixed in
> sqlite3 3.28.0 and I should use that - being tested in every sense by
> their closed source detailed test cases.
> But upstream says that the commit (I've used for the package) is a
> good to have fix for window functions.
> Then it was asked publicly again and all that upstream say about which
> version / commit fixes this: "it appears to be 3.28.0, as best as I
> can tell"[1]. Anyone can interpret this as s/he would like. :-/

Okay, very sad that this is so much intransparent from upstream.

Thanks for your research and try of contact!

Regards,
Salvatore

Bug#930387: rdekstop: security issues fixed in 1.8.5 and 1.8.6

[Salvatore Bonaccorso]

Source: rdesktop
Version: 1.8.4-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Control: fixed -1 1.8.6-1

Hi

1.8.6-1 mentions a new upstream release with many security fixes, but
none of those apparently have (yet) a CVE. Filling this bug for having
an unique identifier for the tracker in meanwhile.

Reference: 
https://tracker.debian.org/news/1041036/accepted-rdesktop-186-1-source-into-unstable/

Regards,
Salvatore

Bug#930386: hangs and connection resets w/ high thread count

[dann frazier]

Package: iperf
Version: 2.0.12+dfsg1-2
Severity: important
Tags: upstream patch

When attempting an iperf run with 24 threads, I either hit a
hang [*] or a bunch of "write failed: Connection reset by peer"
errors [**]. These are both resolved by the following upstream commit:

https://sourceforge.net/p/iperf2/code/ci/4565c2ce318318a8a1d4578bab78c0e03fb49437/

[*]
$ iperf -c 192.168.86.2 -P 24 
^C^Cconnect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
connect failed: Operation now in progress
^C^C^Z
[1]+  Stopped iperf -c 192.168.86.2 -P 24
$ bg
[1]+ iperf -c 192.168.86.2 -P 24 &
$ killall -9 iperf
$ fg
-bash: fg: job has terminated
[1]+  Killed  iperf -c 192.168.86.2 -P 24

[**]
$ iperf -c 192.168.86.2 -P 24 

Client connecting to 192.168.86.2, TCP port 5001
TCP window size: 85.0 KByte (default)

write failed: Connection reset by peer
write failed: Connection reset by peer
write failed: Connection reset by peer
write failed: Connection reset by peer
[ 21] local 192.168.86.1 port 47950 connected with 192.168.86.2 port 5001
[ ID] Interval   Transfer Bandwidth
[ 21]  0.0- 0.0 sec   107 KBytes  0.00 bits/sec
[ 16] local 192.168.86.1 port 47940 connected with 192.168.86.2 port 5001
[ 16]  0.0- 0.0 sec   107 KBytes  0.00 bits/sec
[  4] local 192.168.86.1 port 47914 connected with 192.168.86.2 port 5001
[  8] local 192.168.86.1 port 47918 connected with 192.168.86.2 port 5001
[  3] local 192.168.86.1 port 47916 connected with 192.168.86.2 port 5001
[  5] local 192.168.86.1 port 47920 connected with 192.168.86.2 port 5001
[  6] local 192.168.86.1 port 47922 connected with 192.168.86.2 port 5001
[  7] local 192.168.86.1 port 47924 connected with 192.168.86.2 port 5001
[ 22] local 192.168.86.1 port 47952 connected with 192.168.86.2 port 5001
[  9] local 192.168.86.1 port 47926 connected with 192.168.86.2 port 5001
[ 20] local 192.168.86.1 port 47948 connected with 192.168.86.2 port 5001
[ 26] local 192.168.86.1 port 47960 connected with 192.168.86.2 port 5001
[ 19] local 192.168.86.1 port 47946 connected with 192.168.86.2 port 5001
[ 15] local 192.168.86.1 port 47938 connected with 192.168.86.2 port 5001
[ 15]  0.0- 0.0 sec   107 KBytes  0.00 bits/sec
[ 10] local 192.168.86.1 port 47930 connected with 192.168.86.2 port 5001
[ 25] local 192.168.86.1 port 47958 connected with 192.168.86.2 port 5001
[ 12] local 192.168.86.1 port 47928 connected with 192.168.86.2 port 5001
[ 17] local 192.168.86.1 port 47944 connected with 192.168.86.2 port 5001
[ 14] local 192.168.86.1 port 47936 connected with 192.168.86.2 port 5001
[ 13] local 192.168.86.1 port 47934 connected with 192.168.86.2 port 5001
[ 11] local 192.168.86.1 port 47932 connected with 192.168.86.2 port 5001
[ 11]  0.0- 0.0 sec   107 KBytes  0.00 bits/sec
[ 24] local 192.168.86.1 port 47956 connected with 192.168.86.2 port 5001
[ 23] local 192.168.86.1 port 47954 connected with 192.168.86.2 port 5001
[ 18] local 192.168.86.1 port 47942 connected with 192.168.86.2 port 5001
write failed: Connection reset by peer
write failed: Connection reset by peer
[ 12]  0.0- 0.0 sec   107 KBytes  73.0 Mbits/sec
[ 18]  0.0- 0.0 sec   107 KBytes  73.3 Mbits/sec
[  4]  0.0-10.0 sec  4.19 GBytes  3.60 Gbits/sec
[  8]  0.0-10.0 sec  2.87 GBytes  2.47 Gbits/sec
[  3]  0.0-10.0 sec  2.04 GBytes  1.75 Gbits/sec
[  5]  0.0-10.0 sec  2.00 GBytes  1.72 Gbits/sec
[  6]  0.0-10.0 sec  2.71 GBytes  2.33 Gbits/sec
[  7]  0.0-10.0 sec  4.10 GBytes  3.52 Gbits/sec
[ 22]  0.0-10.0 sec  2.00 GBytes  1.72 Gbits/sec
[  9]  0.0-10.0 sec  2.71 GBytes  2.33 Gbits/sec
[ 20]  0.0-10.0 sec  2.82 GBytes  2.42 Gbits/sec
[ 26]  0.0-10.0 sec  2.71 GBytes  2.32 Gbits/sec
[ 19]  0.0-10.0 sec  4.58 GBytes  3.94 Gbits/sec
[ 10]  0.0-10.0 sec  2.92 GBytes  2.51 Gbits/sec
[ 25]  0.0-10.0 sec  4.15 GBytes  3.57 Gbits/sec
[ 17]  0.0-10.0 sec  2.74 GBytes  2.35 Gbits/sec
[ 14]  0.0-10.0 sec  2.78 GBytes  2.39 Gbits/sec
[ 13]  0.0-10.0 sec  2.00 GBytes  1.72 Gbits/sec
[ 24]  0.0-10.0 sec  2.81 GBytes  2.41 Gbits/sec
[ 23]  0.0-10.0 sec  4.13 GBytes  3.55 Gbits/sec
[SUM]  0.0-10.0 sec  54.3 GBytes  46.6 Gbits/sec


-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experim

Bug#930385: RFP: container-diff -- Diff your Docker containers

[Varac]

Package: wnpp
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: container-diff
  Version : latest
  Upstream Author : ?
* URL : https://github.com/GoogleContainerTools/container-diff
* License : Apache-2.0
  Programming Lang: Golang
  Description : Diff your Docker containers

container-diff is a tool for analyzing and comparing container images. 
container-diff can examine images along several different criteria, including:

* Docker Image History
* Image file system
* Image size
* Apt packages
* RPM packages
* pip packages
* npm packages

These analyses can be performed on a single image, or a diff can be performed 
on two images to compare. The tool can help users better understand what is 
changing inside their images, and give them a better look at what their images 
contain.

-BEGIN PGP SIGNATURE-

iQJEBAEBCgAuFiEESvqqiCmYrIkee91NVGXnfnh27QQFAlz/8rQQHHZhcmFjQHZh
cmFjLm5ldAAKCRBUZed+eHbtBOFSD/96rJzU5vFyi370lXuc55RbWOrjx5rx/D+D
eQEY+k4+lTB87yf4VoXjM4YLNofQLIRxh3SUCIWqk0+jxllv/vp0J6iO4qa+rGwS
7LFGZ/ya4Wxaalc2KEupDkXB+upyUncnfI1id9t3stq4QmviFr5+K3GOxnx9kPf3
zknJuRbAycfze9+Xti6HLwgPwgL9FNgHV7hLkZirTG0uhfFyNgbDxwD0OPOdL4Nt
eNTq48ck65JY5LcUyaObnOoAYfvbre5kmyeG6H1oZ58OoKbnl++5QQ1QsfjNsjsR
J+9j6SnznGzcKL2SK/q21or3y09SNBtS6Rd9dD5XQ7DT49WKiRJ2FT+1wnbfEMpx
3k5FaA/eFrwLTD88MhHbhL2a8NIeTKM1ziIl2sSZ3XqE6MfFvcm0S52VmQ6pk6Hy
ZrO4CyDG/BNegFFEkgmGLrM1pH4y2VTJ6IrkboEH82RMZD89YzhFRDT0cLC7DD8B
1FxfX1pWuqUTbfE2ExUFoFzDh9Y+rx4cd5+lHopamfmhNmnu0ZRromng8DwphD6M
jZrpHze+a/fUFOEdKyDCB3lYIJsVZn+F/iVLkNt2Zuicq0Zphn3Dxt9C4lcPq0Oj
dTiJSFqXCR9p+F2CTUVzCDEFJ8TFNFy7yhLiCNWAMUb8Jh20dHo8yPoOMw9h3WCY
tS5HtDeOLw==
=2o2j
-END PGP SIGNATURE-

Bug#911844: okular: Prints to the wrong printer

[Brian Potkin]

On Tue 11 Jun 2019 at 13:20:40 +0200, Martin Steigerwald wrote:

> Brian Potkin - 11.06.19, 10:42:
> > On Tue 11 Jun 2019 at 09:53:50 +0200, Martin Steigerwald wrote:
> […]
> > > Two ways to use your (and our) time in a more productive manner are:
> > > 
> > > 1) Retest with Okular 18.04 from Debian experimental (in case you
> > > run
> > > buster/sid). Or start KDE Neon in a machine and try with the newest
> > > Okular available there.
> > 
> > There might be time for me to do both of these today or tomorrow.
> 
> Wonderful.

And good fun.

I used the neon-user-20190606-1138.iso (okular 19.04.1). Everything
behaved normally. No observed bug there. Okular 18.04 from experimental
wouldn't install because of unmet depenencies. Another time, perhaps.

> > > 2) Remind upstream in a friendly way to have a look at the issue.
> > > Once there is a patch upstream it is very likely it could be
> > > backported for buster. Maybe it would be an idea to raise the
> > > upstream bug to KDE's security team.
> > 
> > You seem to have done that. Thanks.
> 
> Yes, appeared to be the quickest way to more this forward for me.
> 
> There is a reply by Albert already. He is member of KDE security team 
> and AFAIK also develops on Okular. Please review his comments there and 
> answer accordingly. It appears he does not yet understand on how to 
> reproduce. Maybe, if you can, give a concrete example with the necessary 
> CUPS commands or probably an example configuration file.

I will reply to the upstream bug report later.

The various contributions to this report are appreciated. I have learnt
a thing or two.

Regards,

Brian.

Bug#930384: debian-security-support: [l10n:cs] Updated Czech PO package translation

[Michal Simunek]

Package: debian-security-support
Version: 2019.05.23
Severity: wishlist
Tags: patch l10n

Dear Maintainer,

In attachment there is updated Czech (cs.po) PO translation for package debian-
security-support, please include it.



-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=cs_CZ.utf8, LC_CTYPE=cs_CZ.utf8 (charmap=UTF-8), 
LANGUAGE=cs_CZ.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages debian-security-support depends on:
ii  adduser3.115
ii  debconf [debconf-2.0]  1.5.61
ii  gettext-base   0.19.8.1-2

debian-security-support recommends no packages.

debian-security-support suggests no packages.
# Czech PO debconf template translation of debian-security-support.
# Copyright (C) 2014 Michal Simunek 
# This file is distributed under the same license as the 
debian-security-support package.
# Michal Simunek , 2014 - 2019.
#
msgid ""
msgstr ""
"Project-Id-Version: debian-security-support 2019.05.23\n"
"Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n"
"POT-Creation-Date: 2016-06-07 12:13+0200\n"
"PO-Revision-Date: 2019-06-11 20:15+0200\n"
"Last-Translator: Michal Simunek \n"
"Language-Team: Czech \n"
"Language: cs\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../check-support-status.in:24
#, sh-format
msgid ""
"Unknown DEBIAN_VERSION $DEBIAN_VERSION. Valid values from "
"$DEB_LOWEST_VER_ID and $DEB_NEXT_VER_ID"
msgstr ""
"Neznámá verze Debianu $DEBIAN_VERSION. Platné hodnoty od "
"$DEB_LOWEST_VER_ID a $DEB_NEXT_VER_ID"

#: ../check-support-status.in:63
msgid "Failed to parse the command line parameters"
msgstr "Nepodařilo se zpracovat parametry příkazové řádky"

#: ../check-support-status.in:72
#, sh-format
msgid "$name version $VERSION"
msgstr "$name verze $VERSION"

#: ../check-support-status.in:101
msgid "E: Internal error"
msgstr "E: Vnitřní chyba"

#: ../check-support-status.in:117
msgid "E: Need a --type if --list is given"
msgstr "E: Je-li zadán --list, je třeba zadat --type"

#: ../check-support-status.in:130
#, sh-format
msgid "E: Unknown --type '$TYPE'"
msgstr "E: Neznámý --type '$TYPE'"

#: ../check-support-status.in:152
msgid "E: Cannot detect dpkg version, assuming wheezy or newer"
msgstr ""
"E: Nelze rozpoznat verzi dpkg, předpokládá se, že je ve verzi z "
"wheezy nebo novější"

#: ../check-support-status.in:282
msgid "Future end of support for one or more packages"
msgstr "Budoucí omezená bezpečnostní podpora jednoho nebo více balíčků"

#: ../check-support-status.in:285
msgid ""
"Unfortunately, it will be necessary to end security support for some "
"packages before the end of the regular security maintenance life "
"cycle."
msgstr ""
"U některých balíčků bude bohužel nutné ukončit bezpečnostní podporu "
"před koncem životního cyklu běžně poskytované bezpečnostní podpory."

#: ../check-support-status.in:288 ../check-support-status.in:298
#: ../check-support-status.in:308
msgid ""
"The following packages found on this system are affected by this:"
msgstr ""
"Týká se to následujících balíčků, které se nacházejí na tomto systému:"

#: ../check-support-status.in:292
msgid "Ended security support for one or more packages"
msgstr "Ukončená bezpečnostní podpora jednoho nebo více balíčků"

#: ../check-support-status.in:295
msgid ""
"Unfortunately, it has been necessary to end security support for some "
"packages before the end of the regular security maintenance life "
"cycle."
msgstr ""
"U některých balíčků bylo bohužel nutné ukončit bezpečnostní podporu "
"před koncem životního cyklu běžně poskytované bezpečnostní podpory."

#: ../check-support-status.in:302
msgid "Limited security support for one or more packages"
msgstr "Omezená bezpečnostní podpora jednoho nebo více balíčků"

#: ../check-support-status.in:305
msgid ""
"Unfortunately, it has been necessary to limit security support for "
"some packages."
msgstr ""
"U některých balíčků bylo bohužel nutné omezit bezpečnostní podporu."

#: ../check-support-status.in:320
#, sh-format
msgid "* Source:$SRC_NAME, will end on $ALERT_WHEN"
msgstr "* Zdrojový balíček: $SRC_NAME, podpora skončí $ALERT_WHEN"

#: ../check-support-status.in:323
#, sh-format
msgid ""
"* Source:$SRC_NAME, ended on $ALERT_WHEN at version $ALERT_VERSION"
msgstr ""
"* Zdrojový balíček: $SRC_NAME, podpora ukončena $ALERT_WHEN u verze "
"$ALERT_VERSION"

#: ../check-support-status.in:326
#, sh-format
msgid "* Source:$SRC_NAME"
msgstr "* Zdrojový balíček: $SRC_NAME"

#: ../check-support-status.in:330
#, sh-format
msgid "  Details: $ALERT_WHY"
msgstr "  Podrobnosti: $ALERT_WHY"

#: ../check-support-status.in:333
msgid "  Affected binary package:"
msgstr "  Týká se binárního balíčku:"

#: ../check-support-status.in:335
msgid "  Affected binary packag

Bug#905772: For me it needs sysV drop and --no-stop-on-upgrade and --no-restart-after-upgrade

[Christian Ehrhardt]

Testing now confirmed, that for the version in experimental I need to do both:

a) drop the sysV
- as Ubuntu has done for a while
- without the sysV to systemd mapping still restarts the services
- something like [1], I haven an MP up for that on salsa, might be
slightly outdated

b) Specify both --no-stop-on-upgrade and --no-restart-after-upgrade
Otherwise dh_installsystemd snippets will restart the service

[1]: 
https://git.launchpad.net/~libvirt-maintainers/ubuntu/+source/libvirt/commit/?id=0b5b15b390903e5c282a8bb2c27d53d63e442f31

-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

Bug#911844: okular: Prints to the wrong printer

[Martin Steigerwald]

Brian Potkin - 11.06.19, 10:42:
> On Tue 11 Jun 2019 at 09:53:50 +0200, Martin Steigerwald wrote:
[…]
> > Two ways to use your (and our) time in a more productive manner are:
> > 
> > 1) Retest with Okular 18.04 from Debian experimental (in case you
> > run
> > buster/sid). Or start KDE Neon in a machine and try with the newest
> > Okular available there.
> 
> There might be time for me to do both of these today or tomorrow.

Wonderful.

> > 2) Remind upstream in a friendly way to have a look at the issue.
> > Once there is a patch upstream it is very likely it could be
> > backported for buster. Maybe it would be an idea to raise the
> > upstream bug to KDE's security team.
> 
> You seem to have done that. Thanks.

Yes, appeared to be the quickest way to more this forward for me.

There is a reply by Albert already. He is member of KDE security team 
and AFAIK also develops on Okular. Please review his comments there and 
answer accordingly. It appears he does not yet understand on how to 
reproduce. Maybe, if you can, give a concrete example with the necessary 
CUPS commands or probably an example configuration file.

Thank you very much.

Best,

Bug#930194: unblock: openssl/1.1.1c-1

[Paul Gevers]

Control: tags -1 d-i

Hi Sebastian,

On 08-06-2019 21:39, Paul Gevers wrote:
> Control: tags -1 moreinfo confirmed
> 
> On 08-06-2019 10:50, Sebastian Andrzej Siewior wrote:
>>> Even if we were to unblock, can we get the m2crypto fix available, such
>>> that they can migrate together? I understood (last time I checked that
>>> bug) that this may just be a test fix?
>>
>> I believe m2crypto's upstream made a new release which has all fixes and
>> the last time I looked, that offending test got disabled. I will check,
>> provide a backport, prepare a NMU for m2crypto and its unblock.
> 
> We'll accept openssl, but m2crypto needs to be fixed first.

I have unblock this from Release Team point of view, but this needs an
ACK from the d-i, hence KiBi in CC.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#916610: spacenavd: diff for NMU version 0.6-1.1

[sur5r]

Control: tags 916610 + pending


Dear maintainer,

I've prepared an NMU for spacenavd (versioned as 0.6-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.

diff -Nru spacenavd-0.6/debian/changelog spacenavd-0.6/debian/changelog
--- spacenavd-0.6/debian/changelog  2015-05-18 10:04:05.0 +
+++ spacenavd-0.6/debian/changelog  2019-06-01 11:13:33.0 +
@@ -1,3 +1,11 @@
+spacenavd (0.6-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix "conflict with /dev/input/js0" (Closes: #916610)
+- Fixed upstream in 34ddda1246ad07e8ff2e6606224e710852e3e3d8
+
+ -- Jakob Haufe   Sat, 01 Jun 2019 11:13:33 +
+
 spacenavd (0.6-1) unstable; urgency=medium
 
   * Imported Upstream version 0.6
diff -Nru spacenavd-0.6/debian/patches/series 
spacenavd-0.6/debian/patches/series
--- spacenavd-0.6/debian/patches/series 2015-05-18 10:04:05.0 +
+++ spacenavd-0.6/debian/patches/series 2019-06-01 11:04:55.0 +
@@ -1,2 +1,3 @@
 add-buildflags-to-makefile.patch
 run.patch
+skip-joystick-devices.patch
diff -Nru spacenavd-0.6/debian/patches/skip-joystick-devices.patch 
spacenavd-0.6/debian/patches/skip-joystick-devices.patch
--- spacenavd-0.6/debian/patches/skip-joystick-devices.patch1970-01-01 
00:00:00.0 +
+++ spacenavd-0.6/debian/patches/skip-joystick-devices.patch2019-06-01 
11:13:33.0 +
@@ -0,0 +1,37 @@
+Description: Skip joystick device files
+Author: John Tsiombikas 
+Origin: upstream, 
https://github.com/FreeSpacenav/spacenavd/commit/34ddda1246ad07e8ff2e6606224e710852e3e3d8
+Bug-Debian: https://bugs.debian.org/916610
+---
+commit 34ddda1246ad07e8ff2e6606224e710852e3e3d8
+Author: John Tsiombikas 
+Date:   Sat Oct 11 05:07:58 2014 +
+
+added code to skip joystick device files while parsing 
/proc/bus/input/devices
+
+
+git-svn-id: svn+ssh://svn.code.sf.net/p/spacenav/code/trunk/spacenavd@183 
ef983eb1-d774-4af8-acfd-baaf7b16a646
+
+diff --git a/src/dev_usb_linux.c b/src/dev_usb_linux.c
+index 30db579..5f4baad 100644
+--- a/src/dev_usb_linux.c
 b/src/dev_usb_linux.c
+@@ -342,11 +342,16 @@ struct usb_device_info *find_usb_devices(int 
(*match)(const struct usb_device_in
+   case 'H':
+   keyptr = strstr(cur_line, "Handlers=");
+   if(keyptr) {
+-  char *devfile, *valptr = keyptr 
+ strlen("Handlers=");
++  char *devfile = 0, *valptr = 
keyptr + strlen("Handlers=");
+   static const char *prefix = 
"/dev/input/";
+ 
+   int idx = 0;
+-  while((devfile = strtok(idx ? 0 
: valptr, " \t\v\n\r"))) {
++  while((devfile = strtok(devfile 
? 0 : valptr, " \t\v\n\r"))) {
++  if(strstr(devfile, 
"js") == devfile) {
++  /* ignore 
joystick device files, can't use them */
++  continue;
++  }
++
+   
if(!(devinfo.devfiles[idx] = malloc(strlen(devfile) + strlen(prefix) + 1))) {
+   perror("failed 
to allocate device filename buffer");
+   continue;

Bug#930373: Shotwell: double clicking on the image viewer freezes an image of the picture. Reboot required

[Jörg Frings-Fürst]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,


Am Dienstag, den 11.06.2019, 20:19 +0200 schrieb Jörg Frings-Fürst:
[...]
> Hello Fran,
> 
8...]
> Please can you send me the output of 
> 
> dconf dump /org/yorba/shotwell
> 
[...]

Sorry this must be

dconf dump /org/yorba/shotwell/


CU 
Jörg
- -- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:  https://jff.email/cgit/

Threema:  SYR8SJXB
Wire: @joergfringsfuerst
Skype:joergpenguin
Ring: jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAlz/8ZcACgkQCfifPIyh
0l30Jg/9EbskosTzqgyrTSpeY5kC+8zPvpLkBBFBBIWd5v7Fopskjxe8VTSzuHQ+
FPQc2t5HarZPRlz2+WtKFHoc43QTo/jKvWvR5bQbdpFgafJFDfNacuJZeWd4+JXO
lfqThVfwVseklGjNwhdOvEi7D62+R+7SV5uYWUlcEXCf5800+Fspw/149lwLAgpT
79VGf2iKw80YDkwVA/1qfsJtotEpQSD5+gp3Lgfao32gRhv41WpWqNEWAJRYpN2u
lZk9JlkWtvcVPrGKJhQP8NjTJle31d7Le+fVRI8qeK47bxXohGi4sgvDwDTMqchZ
XjNKXl3apFZ4fGeVd/GfknwO2fUaE3qBElegYtG75qd7ciepyWp4JeMPEkUxs/vk
WwRaeqioauteQIg4Uy74d58EmXLO475nmlK0wP6L2MpCMtMKCTcD2ldSWvQ6h/yL
PmxOKZKfZFrqnEjN8UYqqL5/SY+c8B689ar1MBMwkWUVpW6ftSkwcWxXmZ3hBqsS
14bISjmef2OHmMpKaDbmOtFrD7opO9p+kNNzW1tA+VAnRjI7gb71khY/hx0HRHh3
Du4r996c/DEbJFQ0+4bOz8EwopaUmnVfI6+uiZpUwg7M5AcXY/AgUy/pRV7Id7Z3
c7qWI4Z2zTl0gmUX/eixXk8Xfe4rWlPSTudKLd9RM4OsU48kBQQ=
=zJrb
-END PGP SIGNATURE-

Bug#930373: Shotwell: double clicking on the image viewer freezes an image of the picture. Reboot required

[Jörg Frings-Fürst]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

tags 930373 + moreinfo
severity 930373 important
thanks

Hello Fran,

thank you for spending your time helping to make Debian better with
this bug report. 

I have checked your bug on my 3 and on 2 external machines with gnome /
wayland. On 4 machines I have some artefacts, but on all I can close
the picture. 

Please can you send me the output of 

dconf dump /org/yorba/shotwell


Many thanks

CU
Jörg

- -- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:  https://jff.email/cgit/

Threema:  SYR8SJXB
Wire: @joergfringsfuerst
Skype:joergpenguin
Ring: jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAlz/8LoACgkQCfifPIyh
0l1l+xAA0v2CUvhYMgn7dBMc7B/rRz91+ZtEYbtRb6HKK8H3qyGjkDt0hdMWeXsQ
bRweqeu4BPO/Pplek7WzWlrFkaZsO9WuhVBK0DWvhcmzKR02XGi5qXmML4X+6xma
BpVnQLSmKBKfAHMtvBUOSfBmu+60e/MB1Vf92NMZrTrftgVRhf2977BbyH61UWfM
YLQtb8FyDevQu2nlC8uihr+qhXEU/XPWOZRAjHfXhWTHzZ29O9xn5aBnWWzz0EeS
1f2vPcJAfWYu4Mjp6d0bOZMjtoQ9JY3xZKJKBBoETLiQPnvG+N94XXs9CK3Phzmy
+QGDDVSk+RapqH0unf4Dr3Fgej65cI+0Lh7bTfExyk/BQFKYae99jBE6IEMH/hnm
t3zkWvNtIeqWFf3eiY7bSWOJTUhrndCxW7wlDMozWjjly5yMDEbGzDfLWbdexnpG
Q4bKUGnuxDX/SqLWrypZ7Gtiuimn0MBAtRBoHkhy8AzjtKa9z4Eva5SGwQ8K5AHJ
ESGE5DAdObq0l412DsjrJ2AOB8rKCKg3lPrPKh0R5hH1JcsAJjwFNqe9VVviaq9F
OemXGP1Yy9oDqsfsgaYadIdQ9gcD8Fi+4Fr1WnHcHEECRBaW44rNqth1JurW1S94
EoAHiV3LDiVfy+w5WVjoDWufRTJXXLYt7srERQHvXtuU41pujoU=
=f7WP
-END PGP SIGNATURE-

Bug#930348: chromium: missing intrinsics on armhf

[Riku Voipio]

The build is fixed in:

https://salsa.debian.org/chromium-team/chromium/commits/arm-fixes/debian

I can make an upload if you prefer, or I can wait for you.

Cheers,
Riku

Bug#930383: sniffit: New upstream homepage

[Joao Eriberto Mota Filho]

Package: sniffit
Severity: normal

Please see:

https://github.com/resurrecting-open-source-projects/sniffit

Regards,

Eriberto

Bug#930382: outguess: New upstream homepage

[Joao Eriberto Mota Filho]

Package: outguess
Severity: normal

Please, see:

https://github.com/resurrecting-open-source-projects/outguess

Regards,

Eriberto

Bug#930381: txt2html: New upstream homepage

[Joao Eriberto Mota Filho]

Package: txt2html
Severity: normal

Please, see:

https://github.com/resurrecting-open-source-projects/txt2html

Regards,

Eriberto

Bug#920567: bash: dpkg-reconfigure: command not found

[Jiri Palecek]

On Sun, 27 Jan 2019 09:12:32 +0600 Thulium Equasman wrote:
> Package: python3-reportbug
> Version: 7.5.1
> Severity: normal
> Tags: d-i
>
> Hi,
> I got the message "bash: dpkg-reconfigure: command not found
> " when I ran `dpkg-reconfigure fontconfig-config`. I ran this command
as root.
> I then ran `echo $PATH` and the following appeared
> "/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games". I
searched for


How did you get your root shell? If that was by running "su", what you
describe is actually expected. You should use "su -". See
https://unix.stackexchange.com/questions/460478/debian-su-and-su-path-differences
for more information about that.


Regards

    Jiri Palecek

Bug#930380: calligraflow: crash on startup (when run under gnome?)

[Zack Weinberg]

Package: calligraflow
Version: 1:2.9.11+dfsg-4+b1
Severity: important

calligraflow crashes on startup - possibly only when run under a GNOME 
desktop session and/or with KDE persistent state not properly initialized,
since a stack trace fingers the KDE most-recently-used-files implementation.

Stack trace collected with gdb:

QObject::connect: Cannot connect KoDocumentInfo::infoUpdated(const QString &, 
const QString &) to (null)::documentInformationUpdated(const QString &, const 
QString &)

Program received signal SIGSEGV, Segmentation fault.
0x7689f73c in QString::operator=(QString const&) ()
   from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
(gdb) bt
#0  0x7689f73c in QString::operator=(QString const&) ()
at /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#1  0x74c78f88 in  () at /usr/lib/libkdeui.so.5
#2  0x74c68d84 in KXMLGUIClient::findMostRecentXMLFile(QStringList 
const&, QString&) () at /usr/lib/libkdeui.so.5
#3  0x779548ad in KoMainWindow::KoMainWindow(QByteArray const&, 
KComponentData const&) () at /usr/lib/libkomain.so.14
#4  0x7fffec52a535 in FlowPart::createMainWindow() ()
at /usr/lib/libflowprivate.so.14
#5  0x7792b39f in KoApplication::start() () at /usr/lib/libkomain.so.14
#6  0x77dcc88f in kdemain ()
at /usr/lib/kde4/libkdeinit/libkdeinit4_calligraflow.so
#7  0x77c0309b in __libc_start_main (main=
0x4780, argc=1, argv=0x7fffddc8, init=, 
fini=, rtld_fini=, stack_end=0x7fffddb8)
at ../csu/libc-start.c:308
#8  0x47ba in _start ()



-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages calligraflow depends on:
ii  calligra-libs  1:2.9.11+dfsg-4+b1
ii  calligraflow-data  1:2.9.11+dfsg-4
ii  kde-runtime4:17.08.3-2.1
ii  libc6  2.28-10
ii  libgcc11:8.3.0-7
ii  libkdecore54:4.14.38-3
ii  libkdeui5  4:4.14.38-3
ii  libodfgen-0.1-10.1.7-1
ii  libqtcore4 4:4.8.7+dfsg-18
ii  libqtgui4  4:4.8.7+dfsg-18
ii  librevenge-0.0-0   0.0.4-6
ii  libstdc++6 8.3.0-7
ii  libvisio-0.1-1 0.1.6-1+b2
ii  libwpg-0.3-3   0.3.3-1

calligraflow recommends no packages.

calligraflow suggests no packages.

-- no debconf information

Bug#930379: xfdesktop4: Deskop icons order resets at login

[Simon]

Package: xfdesktop4
Version: 4.12.4-2.1
Severity: important

Dear Maintainer,

Current xfdesktop4 version still suffers from a bug opened in 2014 and now (at
last!) solved upstream in version 4.12.5.

https://bugzilla.xfce.org/show_bug.cgi?id=11266

Since it makes life of XFCE users a lot easier, could you please include it in
the forthcoming Debian release?

Thanks.



-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (450, 'testing'), (400, 'unstable'), (350, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), 
LANGUAGE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xfdesktop4 depends on:
ii  exo-utils0.12.4-1
ii  libc62.28-10
ii  libcairo21.16.0-4
ii  libdbus-1-3  1.12.14-1
ii  libdbus-glib-1-2 0.110-4
ii  libexo-1-0   0.12.4-1
ii  libgarcon-1-00.6.2-1
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.58.3-1
ii  libgtk2.0-0  2.24.32-3
ii  libnotify4   0.7.7-4
ii  libpango-1.0-0   1.42.4-6
ii  libpangocairo-1.0-0  1.42.4-6
ii  libwnck222.30.7-6
ii  libx11-6 2:1.6.7-1
ii  libxfce4ui-1-0   4.12.1-3
ii  libxfce4util74.12.1-3
ii  libxfconf-0-24.12.1-1
ii  xfdesktop4-data  4.12.4-2.1

Versions of packages xfdesktop4 recommends:
ii  dbus-user-session [default-dbus-session-bus]  1.12.14-1
ii  dbus-x11 [dbus-session-bus]   1.12.14-1
ii  librsvg2-common   2.44.10-2.1
pn  tumbler   
ii  xdg-user-dirs 0.17-2

Versions of packages xfdesktop4 suggests:
ii  menu  2.1.47+b1

-- no debconf information

Bug#930378: ITP: qunit-selenium -- Run QUnit tests through Selenium WebDriver

[Jongmin Kim]

Package: wnpp
Severity: wishlist
Owner: Jongmin Kim 

* Package name: qunit-selenium
  Version : 0.0.4
  Upstream Author : Silvio Montanari 
* URL : https://github.com/smontanari/qunit-selenium
* License : Expat
  Programming Lang: Ruby
  Description : Run QUnit tests through Selenium WebDriver

 This package provides a wrapper around the selenium-webdriver with the
 additional logic to parse the QUnit test results page and report the
 success/failure of QUnit tests.

This package is used by rails 6 ujs related web testing codes.

Bug#905772: we might also need --no-restart-after-upgrade in addition to --no-stop-on-upgrade

[Christian Ehrhardt]

Was:
systemctl --system daemon-reload >/dev/null || true
if [ -n "$2" ]; then
_dh_action=restart
else
_dh_action=start
fi
deb-systemd-invoke $_dh_action 'libvirt-guests.service'
'virtlockd-admin.socket' 'virtlockd.service' 'virtlockd.socket'
'virtlogd-admin.socket' 'virtlogd.service' 'virtlogd.socket'
>/dev/null || true


/usr/bin/dh_installsystemd
R_FLAG => no restart
RESTART_AFTER_UPGRADE => restart (default)

R_FLAG is only considered in postrm to stop/notstop it
RESTART_AFTER_UPGRADE is considered for postinst

We'd need to set RESTART_AFTER_UPGRADE=0 as well.
That is not (no more?) implied by --no-stop-on-upgrade

First I split list in services and sockets and added the extra arg
just to those not intended to restart:
  dh_installsystemd -p libvirt-daemon-system --no-stop-on-upgrade
--no-restart-after-upgrade $(LIBVIRT_SYSTEM_SERVICES_NR)

New section is:
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" =
"abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
deb-systemd-invoke start 'virtlockd.service'
'virtlockd.socket' 'virtlogd.service' 'virtlogd.socket' >/dev/null ||
true
fi
fi

And one would think that this would keep the processes it up and running as-is.
This actually worked, but we are somewhat back at the original issue
that the restarting the sockets restarts the services (just without
sysV this time).

Later on come the services which still have "restart"

 Main PID: 28688 (virtlogd)
 Main PID: 28687 (virtlockd)
+ deb-systemd-invoke restart libvirt-guests.service
virtlockd-admin.socket virtlockd.socket virtlogd-admin.socket
virtlogd.socket
++ grep 'Main PID'
++ systemctl status virtlogd.service virtlockd.service --no-pager --lines 1
 Main PID: 29470 (virtlogd)
 Main PID: 29469 (virtlockd)

But there isn't really a reason to restart the sockets at all.
And the services already have their systemctl reload virtlogd.service
section in postinst for the proper re-exec.
So lets just make the sockets --no-stop-on-upgrade +
--no-restart-after-upgrade as well.

This seems to do the trick to achieve the correct behavior.
diff --git a/debian/rules b/debian/rules
index 26fc3e7171..63b8a2a316 100755
--- a/debian/rules
+++ b/debian/rules
@@ -247,7 +247,7 @@ override_dh_installinit:

 override_dh_installsystemd:
dh_installsystemd -p libvirt-daemon-system
--restart-after-upgrade libvirtd.service
-   dh_installsystemd -p libvirt-daemon-system
--no-stop-on-upgrade $(LIBVIRT_SYSTEM_SERVICES)
+   dh_installsystemd -p libvirt-daemon-system
--no-stop-on-upgrade --no-restart-after-upgrade
$(LIBVIRT_SYSTEM_SERVICES)

 override_dh_installdocs:
dh_installdocs -plibvirt-doc --doc-main-package libvirt-doc

I have not yet tried what happens if I let the sysV scripts back in.
But for systemd only this seems worth to discuss.

Bug#930377: unblock: haskell-argon2/1.3.0.1-5

[Sean Whitton]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package haskell-argon2.

Fixes a stretch->buster upgrade bug caused by libargon2-0-dev becoming a
virtual package.

unblock haskell-argon2/1.3.0.1-5

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- 
Sean Whitton
diff -Nru haskell-argon2-1.3.0.1/debian/changelog 
haskell-argon2-1.3.0.1/debian/changelog
--- haskell-argon2-1.3.0.1/debian/changelog 2018-10-01 03:47:25.0 
-0700
+++ haskell-argon2-1.3.0.1/debian/changelog 2019-06-10 13:12:30.0 
-0700
@@ -1,3 +1,10 @@
+haskell-argon2 (1.3.0.1-5) unstable; urgency=medium
+
+  * Switch deps libargon2-0-dev -> libargon2-dev (Closes: #930300).
+Thanks Andreas Beckmann for reporting the problem.
+
+ -- Sean Whitton   Mon, 10 Jun 2019 13:12:30 -0700
+
 haskell-argon2 (1.3.0.1-4) unstable; urgency=medium
 
   * Remove build dependency on libghc-text-dev (provided by ghc-8.4.3)
diff -Nru haskell-argon2-1.3.0.1/debian/control 
haskell-argon2-1.3.0.1/debian/control
--- haskell-argon2-1.3.0.1/debian/control   2018-10-01 03:47:25.0 
-0700
+++ haskell-argon2-1.3.0.1/debian/control   2019-06-10 13:12:30.0 
-0700
@@ -10,7 +10,7 @@
  ghc (>= 8.4.3),
  ghc-prof,
  haskell-devscripts (>= 0.13),
- libargon2-0-dev,
+ libargon2-dev,
  libghc-text-short-dev (>= 0.1.2),
  libghc-text-short-dev (<< 0.2),
  libghc-text-short-prof,
@@ -24,12 +24,12 @@
  This library provides Haskell bindings to libargon2, the reference
  implementation of the Argon2 password-hashing function.
  .
- See the libargon2-0-dev package for more information on Argon2.
+ See the libargon2-dev package for more information on Argon2.
 
 Package: libghc-argon2-dev
 Architecture: any
 Depends:
- libargon2-0-dev,
+ libargon2-dev,
  ${haskell:Depends},
  ${misc:Depends},
  ${shlibs:Depends},


signature.asc
Description: PGP signature

Bug#929708: Reopen the accidentially-closed ITP report

[Boyuan Yang]

Control: reopen -1

Seems that my new upload came with a wrong number of bug report. Reopening
this ITP bug to fix this problem. Sorry for the noise.

Regards,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#910143:

[Emmanuel Kasper]

For virtualbox vagrant boxes, please find new box releases at 
https://app.vagrantup.com/debian

Libvirt boxes are pending.

Extending the disk image to 20GB slows the build process a bit, as we need to 
zero free a bigger filesystem, but it is still acceptable.


-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Bug#930375: CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass

[Simon McVittie]

Version: 1.12.16-1

On Tue, 11 Jun 2019 at 17:34:40 +0100, Simon McVittie wrote:
> For buster this has been fixed in libdbus-1-3 1.12.16-1. I'll close this
> bug when I have a bug number.

Bug#930376: gvfsd GetConnection() missing authorization check

[Simon McVittie]

Package: gvfs-daemons
Version: 1.14.1-1
Severity: grave
Tags: security fixed-upstream patch
Forwarded: 
https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a

While looking for services that might be vulnerable to CVE-2019-12749
or a similar vulnerability, I noticed that gvfsd has a mechanism to open
a private D-Bus server socket, and does not configure an authorization
check for clients connecting to that socket. An attacker who learns the
abstract socket address from netstat(8) or similar could connect to it
and issue D-Bus method calls.

Mitigation: the attacker would have to win a race with the user owning
gvfsd, who is probably also trying to connect to the same socket. gvfsd
closes the socket after it has accepted one connection.

I have requested a CVE ID from MITRE but not received one yet.

For buster/sid this has been fixed in gvfs 1.38.1-5.

For experimental this has been fixed in gvfs 1.40.1-2.

I do not have a tested patch for stretch or jessie, but the same change
would probably work as-is.

It would probably be a good idea to also backport
https://gitlab.gnome.org/GNOME/gvfs/commit/16a275041de2e70063da8aa5cfb2804de9a2f60a
for additional hardening. This forces authentication to use the
simple, robust EXTERNAL (credentials-passing) mechanism, disabling
DBUS_COOKIE_SHA1, which is somewhat fragile and seems more likely to
contain unknown vulnerabilities.

Regards,
smcv

Bug#930311: lintian: Possible exception to package-contains-documentation-outside-usr-share-doc

[Chris Lamb]

Hi Niels,

> Re:
> https://salsa.debian.org/lintian/lintian/commit/a16cd3a1c812c8894bddf9b920561eb0dd602d85
> 
> I suspect we should probably match usr/lib/R/site-library/ as a prefix
> rather than an exact match.

Whoops. Fixed in:

  
https://salsa.debian.org/lintian/lintian/commit/3ced3d1b699f86726809043a4c3dd6c377593a35

Thanks for your review.


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-

Bug#930375: CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass

[Simon McVittie]

Package: libdbus-1-3
Version: 1.0.0-1
Severity: grave
Tags: security fixed-upstream patch
Forwarded: https://gitlab.freedesktop.org/dbus/dbus/issues/269

Joe Vennix of Apple Information Security discovered an implementation flaw
in the DBUS_COOKIE_SHA1 authentication mechanism. A malicious client with
write access to its own home directory could manipulate a ~/.dbus-keyrings
symlink to cause a DBusServer with a different uid to read and write
in unintended locations. In the worst case, this could result in the
DBusServer reusing a cookie that is known to the malicious client, and
treating that cookie as evidence that a subsequent client connection
came from an attacker-chosen uid, allowing authentication bypass.

This vulnerability does not normally affect the standard system
dbus-daemon, which only allows the EXTERNAL authentication mechanism.
In supported branches of dbus it also does not normally affect the standard
session dbus-daemon, for the same reason.

However, this vulnerability can affect third-party users of DBusServer
(such as Upstart in Ubuntu 14.04 LTS), third-party dbus-daemon instances,
standard dbus-daemon instances with non-standard configuration, and the
session bus in older/unsupported dbus branches (such as dbus 1.6.x in
Ubuntu 14.04 LTS).

For buster this has been fixed in libdbus-1-3 1.12.16-1. I'll close this
bug when I have a bug number.

For stretch this has been fixed in upstream release 1.10.28 and I am
discussing with the security team whether it is DSA-worthy, and if so,
whether to upload 1.10.28-0+deb9u1 or a minimal backport.

For experimental this will be fixed by upstream release 1.13.12 when
I've tested it.

If the Debian LTS team want to address this vulnerability
in jessie (which has an EOL dbus branch that we no
longer support upstream), they should backport upstream commit

and optionally also the build-time test coverage found in
.

Regards,
smcv

Bug#930311: lintian: Possible exception to package-contains-documentation-outside-usr-share-doc

[Niels Thykier]

Chris Lamb:
> Hi Niels,
> 
>> My question is: Should we move this exception to lintian itself and
>> stop having people automate overrides
> 
> Oh, without any doubt here — the idea of automatically-generated
> overrides simply makes me squirm.
> 
> (Shall we begin by cloning this bug "against" dh-r?)
> 
> 
> Regards,
> 

Re:
https://salsa.debian.org/lintian/lintian/commit/a16cd3a1c812c8894bddf9b920561eb0dd602d85

I suspect we should probably match usr/lib/R/site-library/ as a prefix
rather than an exact match.  My guess is that they have a "per-package"
folder structure beneath that directory.

Thanks,
~Niels

Bug#930373: Shotwell: double clicking on the image viewer freezes an image of the picture. Reboot required

[Fran Glais]

Package: shotwell
Version: 0.30.1-1
Severity: critical
Tags: patch
Justification: breaks unrelated software

Dear Maintainer,

In a Wayland session (gnome-shell in my case), double-clicking on an image when
using the Shotwell Viewer fullscreens the image, but then fails to close the
picture.

This picture will remain on-screen even after logging out. I need to reboot the
system to get rid of it.

I consider this a critical bug, as it renders the system unusable, and can
somewhat lead to data loss. It so happened that I manages to properly close and
save my work using purely the keyboard, but without being able to see what's on
the screen. This is due to an image being stuck on my screen, hiding everything
else.

In a way, this could also be a (local) security bug, considering that the user 
can't
make the image on screen disappear, even after logging out. This information may
be leaked to any other user of the same system.

This is a known bug, which was fixed upstream on version 0.32. Due to the Debian
freeze policy, this fix never made it into Buster.

Upstream fix: 
https://gitlab.gnome.org/GNOME/shotwell/commit/6031f8a285c1599fa692905eaa0475faced08415

Best,
Fran

-- Package-specific info:

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8), 
LANGUAGE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shotwell depends on:
ii  dbus-x11 [dbus-session-bus] 1.12.14-1
ii  dconf-cli   0.30.1-2
ii  libc6   2.28-10
ii  libcairo2   1.16.0-4
ii  libexif12   0.6.21-5.1
ii  libgcr-base-3-1 3.28.1-1
ii  libgcr-ui-3-1   3.28.1-1
ii  libgdata22  0.17.9-3
ii  libgdk-pixbuf2.0-0  2.38.1+dfsg-1
ii  libgee-0.8-20.20.1-2
ii  libgexiv2-2 0.10.9-1
ii  libglib2.0-02.58.3-2
ii  libgphoto2-62.5.22-3
ii  libgphoto2-port12   2.5.22-3
ii  libgstreamer-plugins-base1.0-0  1.14.4-2
ii  libgstreamer1.0-0   1.14.4-1
ii  libgtk-3-0  3.24.5-1
ii  libgudev-1.0-0  232-2
ii  libjson-glib-1.0-0  1.4.4-2
ii  libpango-1.0-0  1.42.4-6
ii  libpangocairo-1.0-0 1.42.4-6
ii  libraw190.19.2-2
ii  librsvg2-common 2.44.10-2.1
ii  libsoup2.4-12.64.2-2
ii  libsqlite3-03.27.2-2
ii  libwebkit2gtk-4.0-372.24.2-1
ii  libxml2 2.9.4+dfsg1-7+b3
ii  shotwell-common 0.30.1-1

shotwell recommends no packages.

shotwell suggests no packages.

-- no debconf information

Bug#929821: libgd2: CVE-2019-11038: Uninitialized read in gdImageCreateFromXbm

[Jonas Meurer]

Jonas Meurer wrote:
> Salvatore Bonaccorso wrote:
> > The following vulnerability was published for libgd2.
> > 
> > CVE-2019-11038[0]:
> > Uninitialized read in gdImageCreateFromXbm
> > 
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> While working on a libgd2 update for Jessie LTS, I prepared a patch that
> fixes this bug for unstable as well. If nobody objects, I would go ahead
> with an NMU to get this CVE fixed in time for Buster, ok?
> 
> The patch (created with `git format-patch`) is attached.
> 
> I also sent the patch upstream: https://github.com/libgd/libgd/pull/503

After uploading patched libgd2 to jessie and stretch, I also decided to
go ahead with the NMU to unstable.

I just uploaded libgd2 2.2.5-5.2 to the DELAYED-1 queue. Once it's been
accepted into unstable, I'll file a unblock request to get it into Buster.

I also pushed all three updates to the packaging Git repo at
https://salsa.debian.org/debian/libgd2

Cheers
 jonas




signature.asc
Description: OpenPGP digital signature

Bug#930372: Provide node-bootstrap (install package.json and symlink dist to /usr/lib/nodejs)

[Pirate Praveen]

Package: libjs-bootstrap4
severity: wishlist
version: 4.3.1+dfsg2-1

gitlab uses webpack and expects bootstrap node module. Please provide 
this in addition to libjs.

Bug#930371: unblock: dbus/1.12.16-1

[Simon McVittie]

Package: release.debian.org
Severity: normal
Tags: d-i
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package dbus to fix CVE-2019-12749. I forgot to set high
urgency, so you might want to adjust its age-days too.

Filtered and full diffs are attached (the former has Autotools noise
removed). As usual, I'm happy to revert anything that -release can't
accept, because the whole 1.12.x branch exists for the benefit of
distros with a bugfix-only policy (but having said that, everything
in this particular version is either CVE-2019-12749, tests for it,
or release preparation).

dbus builds udebs, so this will need an ack from debian-boot (although
from comments on #929132 it isn't clear to me whether the udebs are
actually used for anything).

unblock dbus/1.12.16-1

Breakdown of the diff:

> diffstat for dbus-1.12.14 dbus-1.12.16
>
>  dbus/dbus-auth.c|   32 

CVE-2019-12749

>  dbus/dbus-auth-script.c |   87 
> +++-
>  dbus/dbus-sysdeps-util-unix.c   |   40 +++
>  dbus/dbus-sysdeps-util-win.c|   25 ++
>  dbus/dbus-sysdeps.h |   10 ++
>  test/Makefile.am|2 
>  test/data/auth/cookie-sha1-username.auth-script |   12 +++
>  test/data/auth/cookie-sha1.auth-script  |   11 +++

Regression tests for CVE-2019-12749 (these are #ifdef'd out and do
not affect the dbus binary package, although they do end up in the
special debug build in the dbus-tests package)

>  NEWS|   18 
>  configure.ac|4 -
>  debian/changelog|   15 

Release preparation

>  Makefile.in |4 -
>  aminclude_static.am |2 
>  bus/Makefile.in |2 
>  configure   |   26 +++
>  dbus/Makefile.in|2 
>  test/Makefile.in|4 -

Autotools noise from doing the release

Thanks,
smcv
filterdiff -p1 -xMakefile.in -x'*/Makefile.in' -xaminclude_static.am -xconfigure < dbus_1.12.16-1.diff > dbus_1.12.16-1-filtered.diff

diffstat for dbus-1.12.14 dbus-1.12.16

 Makefile.in |4 -
 NEWS|   18 
 aminclude_static.am |2 
 bus/Makefile.in |2 
 configure   |   26 +++
 configure.ac|4 -
 dbus/Makefile.in|2 
 dbus/dbus-auth-script.c |   87 +++-
 dbus/dbus-auth.c|   32 
 dbus/dbus-sysdeps-util-unix.c   |   40 +++
 dbus/dbus-sysdeps-util-win.c|   25 ++
 dbus/dbus-sysdeps.h |   10 ++
 debian/changelog|   15 
 test/Makefile.am|2 
 test/Makefile.in|4 -
 test/data/auth/cookie-sha1-username.auth-script |   12 +++
 test/data/auth/cookie-sha1.auth-script  |   11 +++
 17 files changed, 272 insertions(+), 24 deletions(-)

diff -Nru dbus-1.12.14/configure.ac dbus-1.12.16/configure.ac
--- dbus-1.12.14/configure.ac	2019-05-17 10:38:45.0 +0100
+++ dbus-1.12.16/configure.ac	2019-06-09 13:09:13.0 +0100
@@ -3,7 +3,7 @@
 
 m4_define([dbus_major_version], [1])
 m4_define([dbus_minor_version], [12])
-m4_define([dbus_micro_version], [14])
+m4_define([dbus_micro_version], [16])
 m4_define([dbus_version],
   [dbus_major_version.dbus_minor_version.dbus_micro_version])
 AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
@@ -42,7 +42,7 @@
 
 ## increment any time the source changes; set to
 ##  0 if you increment CURRENT
-LT_REVISION=10
+LT_REVISION=11
 
 ## increment if any interfaces have been added; set to 0
 ## if any interfaces have been changed or removed. removal has
diff -Nru dbus-1.12.14/dbus/dbus-auth.c dbus-1.12.16/dbus/dbus-auth.c
--- dbus-1.12.14/dbus/dbus-auth.c	2017-10-30 12:26:18.0 +
+++ dbus-1.12.16/dbus/dbus-auth.c	2019-06-09 13:08:12.0 +0100
@@ -529,6 +529,7 @@
   DBusString tmp2;
   dbus_bool_t retval = FALSE;
   DBusError error = DBUS_ERROR_INIT;
+  DBusCredentials *myself = NULL;
 
   _dbus_string_set_length (&auth->challenge, 0);
   
@@ -565,6 +566,34 @@
   return FALSE;
 }
 
+  myself = _dbus_credentials_new_from_current_process ();
+
+  if (myself == NULL)
+goto out;
+
+  if (!_dbus_credentials_same_user (myself, auth->desired_identity))
+{
+  /*
+   * DBUS_COOKIE_S

Bug#930363: faad2: fix build with gcc-9 [patch]

[Fabian Greffrath]

Control: forwarded -1 
https://github.com/knik0/faad2/commit/920ec985a74c6f88fe507181df07a0cd7e51d519
Control: tags -1 +upstream +fixed-upstream

Applied upstream, thanks!

Am Dienstag, den 11.06.2019, 16:05 +0200 schrieb Gianfranco Costamagna:
> control: tags -1 - moreinfo
> 
> Hello Sebastian
> 
> do you like the attached version then? :)
> 
> thanks for the quick update,
> I think a CFLAG passed as LIB doesn't matter that much, while the
> opposite hurts more, 
> but you are right, we should keep them separate indeed.
> 
> thanks for pointing it out!
> 
> Gianfranco


signature.asc
Description: This is a digitally signed message part

Bug#930367: cloud.debian.org: vagrant images: use systemd-networkd for virtualbox provider

[Antonio Terceiro]

Control: retitle -1 vagrant images: network setup in libvirt images are not 
consistent with Debian defaults

On Tue, Jun 11, 2019 at 04:15:12PM +0200, Nicolas Quiniou-Briand wrote:
> Package: cloud.debian.org
> Severity: normal
> 
> Dear Maintainer,
> 
> I noticed a difference between providers for the same box
> (debian/stretch64):
> 
> * with libvirt provider, `systemd-networkd` service is enabled and started
> after first boot of VM.
> 
> * with virtualbox provider, `systemd-networkd`
> service is disabled and stopped after first boot of VM.
> 
> It will be better to have only one way to manage network for the same image
> with different providers.

actually, the correct fix would be to make the libvirt images use the
same setup as virtualbox (which is the same as a regular Debian install
created by the Debian installer).


signature.asc
Description: PGP signature

Bug#771339: linux: linux-headers 3.16 Makefile contains VERSION=2 PATCHLEVEL=6

[Fab Stz]

Source: linux
Version: 4.9.0 or 4.19... probably any
Followup-For: Bug #771339

Dear Maintainer,

This bug still exists in linux 4.9 and 4.19 (stretch, stretch-backports and
also buster)

Like the first reporter, I tried compiling the amdgpu driver provided by AMD
(through DKMS) and it is searching for the kernel version in that file.

As a workaroung in the meantime, I manually set VERSION to 4 and PATCHLEVEL to
19 in /usr/src/linux-headers-4.9.0-9-amd64/Makefile
or the equivalent for 4.19



-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (991, 'stable-updates'), (991, 'stable'), (95, 'testing'), (90, 
'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-0.bpo.5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#929821: libgd2: CVE-2019-11038: Uninitialized read in gdImageCreateFromXbm

[Jonas Meurer]

Hello,

Salvatore Bonaccorso wrote:
> The following vulnerability was published for libgd2.
> 
> CVE-2019-11038[0]:
> Uninitialized read in gdImageCreateFromXbm
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

While working on a libgd2 update for Jessie LTS, I prepared a patch that
fixes this bug for unstable as well. If nobody objects, I would go ahead
with an NMU to get this CVE fixed in time for Buster, ok?

The patch (created with `git format-patch`) is attached.

I also sent the patch upstream: https://github.com/libgd/libgd/pull/503

Cheers
 jonas
From 6d9343547910719714d2606a9cb11da859200c3d Mon Sep 17 00:00:00 2001
From: Jonas Meurer 
Date: Tue, 11 Jun 2019 16:23:01 +0200
Subject: [PATCH] Fix CVE-2019-11038: Uninitialized read in
 gdImageCreateFromXbm

---
 debian/changelog  |  8 +
 ...ialized-read-in-gdImageCreateFromXbm.patch | 35 +++
 debian/patches/series |  1 +
 3 files changed, 44 insertions(+)
 create mode 100644 debian/patches/Fix-501-Uninitialized-read-in-gdImageCreateFromXbm.patch

diff --git a/debian/changelog b/debian/changelog
index c732f03..87fde35 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libgd2 (2.2.5-5.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2019-11038: Uninitialized read in gdImageCreateFromXbm
+(Closes: #929821)
+
+ -- Jonas Meurer   Tue, 11 Jun 2019 16:21:57 +0200
+
 libgd2 (2.2.5-5.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --git a/debian/patches/Fix-501-Uninitialized-read-in-gdImageCreateFromXbm.patch b/debian/patches/Fix-501-Uninitialized-read-in-gdImageCreateFromXbm.patch
new file mode 100644
index 000..150f133
--- /dev/null
+++ b/debian/patches/Fix-501-Uninitialized-read-in-gdImageCreateFromXbm.patch
@@ -0,0 +1,35 @@
+From: Jonas Meurer 
+Date: Tue, 11 Jun 2019 12:16:46 +0200
+Subject: Fix #501: Uninitialized read in gdImageCreateFromXbm
+ (CVE-2019-11038)
+
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11038
+Bug-Debian: https://bugs.debian.org/929821
+Bug: https://github.com/libgd/libgd/issues/501
+
+We have to ensure that `sscanf()` does indeed read a hex value here,
+and bail out otherwise.
+
+Original patch by Christoph M. Becker  for PHP libgd ext.
+https://git.php.net/?p=php-src.git;a=commit;h=ed6dee9a198c904ad5e03113e58a2d2c200f5184
+---
+ src/gd_xbm.c | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/gd_xbm.c b/src/gd_xbm.c
+index 29bc5c2..1aad2ff 100755
+--- a/src/gd_xbm.c
 b/src/gd_xbm.c
+@@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd)
+ 			}
+ 			h[3] = ch;
+ 		}
+-		sscanf(h, "%x", &b);
++		if (sscanf(h, "%x", &b) != 1) {
++			gd_error("invalid XBM");
++			gdImageDestroy(im);
++			return 0;
++		}
+ 		for (bit = 1; bit <= max_bit; bit = bit << 1) {
+ 			gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0);
+ 			if (x == im->sx) {
diff --git a/debian/patches/series b/debian/patches/series
index 1eb76ca..91e5574 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ Fix-420-Potential-infinite-loop-in-gdImageCreateFrom.patch
 bmp-check-return-value-in-gdImageBmpPtr.patch
 CVE-2019-6977.patch
 Fix-492-Potential-double-free-in-gdImage-Ptr.patch
+Fix-501-Uninitialized-read-in-gdImageCreateFromXbm.patch
-- 
2.20.1



signature.asc
Description: OpenPGP digital signature

Bug#930311: lintian: Possible exception to package-contains-documentation-outside-usr-share-doc

[Chris Lamb]

Niels Thykier wrote:

> If we intend to create the exception in lintian, I would personally
> probably go with making the exception first and then filing the bug
> against dh-r to remove the auto-generation.

Good call. I've done the former task and filed the latter
as #930369.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-

Bug#930370: debconf: Overriding debconf db with file fails with a message "access to disallowed key Filename in restricted hash"

[Jiri Palecek]

Package: debconf
Version: 1.5.71
Severity: normal

Dear Maintainer,

while trying to debug some difficulties with unattended package
installation, I came accross an interesting problem. While debconf(7)
says you can use DEBCONF_DB_OVERRIDE like this:

DEBCONF_DB_FALLBACK=File{Filename:/root/config.dat Backup:no}

when trying it actually, i got an error message:

# LC_MESSAGES=C DEBCONF_DEBUG=developer 
DEBCONF_DB_OVERRIDE="File{Filename:config2.dat.Lwzkvd}" 
DEBIAN_FRONTEND=noninteractive dpkg --auto-deconfigure -i 
../linux-*_"$DATE"_*.deb
... blah blah...
Attempt to access disallowed key 'Filename' in a restricted hash at 
/usr/share/perl5/Debconf/DbDriver.pm line 35.

It does work, though, without the "Filename:" part. What gives?

Another problem, and the reason I am actually experimentig with this, is
that it actually doesn't work unattended, because it somehow disregards
what is in the config file. ie:

debconf (developer): <-- FSET 
linux-image-4.19.36-bughunt+/preinst/overwriting-modules-4.19.36-bughunt+ seen 
false
debconf (developer): --> 0 false
debconf (developer): <-- SUBST 
linux-image-4.19.36-bughunt+/preinst/overwriting-modules-4.19.36-bughunt+ 
modules_base /lib/modules
debconf (developer): --> 0
debconf (developer): <-- SUBST 
linux-image-4.19.36-bughunt+/preinst/overwriting-modules-4.19.36-bughunt+ 
package linux-image-4.19.36-bughunt+
debconf (developer): --> 0
debconf (developer): <-- INPUT critical 
linux-image-4.19.36-bughunt+/preinst/overwriting-modules-4.19.36-bughunt+
debconf (developer): --> 30 question skipped
debconf (developer): <-- GO
debconf (developer): --> 0 ok
debconf (developer): <-- GET 
linux-image-4.19.36-bughunt+/preinst/overwriting-modules-4.19.36-bughunt+
debconf (developer): --> 0 true

I need false on the last line, but still get true (the
default). However, the config2.dat contains

Name: linux-image-4.19.36-bughunt+/preinst/overwriting-modules-4.19.36-bughunt+
Template: 
linux-image-4.19.36-bughunt+/preinst/overwriting-modules-4.19.36-bughunt+
Value: false

Maybe you could help me with that.

Regards
Jiri Palecek

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 4.19.36-bughunt+ (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=cs_CZ, LC_CTYPE=cs_CZ (charmap=ISO-8859-2), LANGUAGE=cs_CZ 
(charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages debconf depends on:
ii  perl-base  5.28.1-6

Versions of packages debconf recommends:
ii  apt-utils 1.8.2
ii  debconf-i18n  1.5.71

Versions of packages debconf suggests:
ii  debconf-doc1.5.71
pn  debconf-kde-helper 
ii  debconf-utils  1.5.71
ii  dialog 1.3-20190211-1
pn  libgtk3-perl   
pn  libnet-ldap-perl   
ii  libterm-readline-gnu-perl  1.36-1
ii  perl   5.28.1-6
ii  whiptail   0.52.20-4

-- debconf information:
  debconf-apt-progress/preparing:
  debconf-apt-progress/media-change:
  debconf-apt-progress/info:
* debconf/frontend: Dialog
  debconf-apt-progress/title:
* debconf/priority: low

Bug#930369: dh-r: Please drop automated package-contains-documentation-outside-usr-share-doc Lintian override generation

[Chris Lamb]

Package: dh-r
Version: 20190121
Severity: wishlist
X-Debbugs-CC: lintian-ma...@debian.org

Hi,

In #930311, Niels Thykier mentions that he:

> noticed that the dh-r package by default creates an override for
> package-contains-documentation-outside-usr-share-doc when the R
> package puts documentation in usr/lib/R/site-library

To wit, https://sources.debian.org/src/dh-r/20190121/dh/R.pm/?hl=3#L268.

My retort was that "the idea of automatically-generated overrides
simply makes me squirm" and so I added an exception to Lintian itself
here:

  
https://salsa.debian.org/lintian/lintian/commit/a16cd3a1c812c8894bddf9b920561eb0dd602d85

Accordingly, please remove the automatic generation code. At the very
least it will now result in annoying "unused override" warnings
instead.

(As an aside, if a similar situation occurs in the future, please
consider requesting the Lintian maintainers to make a general
exception; it is surely poor software engineering practice to litter
our entire archive when we can so easily fix it in one place.)


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#905772: Not Fixed by dh* in the meantime, actually got worse in experimental

[Christian Ehrhardt]

Hi,
I checked this issue for Ubuntu bug 1786179 as I wanted to drop the
related delta that we formerly had. That is the same topic as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905772 that we
discuss here.

At first I thought the changes to dh_ resolved this sysV-vs-systemd
fight as I've seen it happen in other packages.

After initial install we have all sockets, but no service running => ok
But if services are running (later in the live-cycle) and we trigger a
reinstall/upgrade they are all restarted (which they are not supposed
to be done).

4 0  6927  6039  20   0  68836 55752 poll_s S+   ?  0:00
\_ apt install --reinstall libvirt-daemon-system
4 0  7045  6927  20   0  12924  4524 do_wai Ss+  pts/1  0:00
   \_ /usr/bin/dpkg --status-fd 25 --configure --pending
0 0  7046  7045  20   0  25560 16328 do_wai S+   pts/1  0:00
   \_ /usr/bin/perl -w /usr/share/debconf/frontend
/var/lib/dpkg/info/libvirt-daemon-system.postinst configure 5.4.
4 0  7055  7046  20   0   2572  1352 do_wai S+   pts/1  0:00
   \_ /bin/sh
/var/lib/dpkg/info/libvirt-daemon-system.postinst configure
5.4.0-0ubuntu1~ppa6
0 0  7492  7055  20   0  11028  2464 poll_s S+   pts/1  0:00
   \_ /bin/systemctl restart libvirt-guests.service
virtlockd-admin.socket virtlockd.service virtlockd.sock


This causes it to hang for 30-60 seconds on the upgrade which isn't
good but also not too bad.
But the logd/lockd services are restarted (I see new PIDs) which is
bad since those are all "--no-stop-on-upgrade".

I went back to (I know this is less of an option for Debian, but it
proved to be a great stop gap measure all too often) drop the sysV
scripts.

And back on that code not only does it look fine after install, now
also reinstall/upgrade work again.
The PIDs stay constant and no hang is perceived.
- install (sockets up, services down) = good
- reinstall (sockets up, services down) = good
- reinstall with services up
  - no hang perceived = good
  - PIDs still change = bad

So it is better without sysV, but not perfect (as in former versions) either.

Since there were discussions about reproducibility, the shortest test IMHO is:
$ apt install libvirt-daemon-system
$ systemctl start virtlogd.service
$ systemctl start virtlockd.service
$ systemctl status virtlogd.service virtlockd.service --no-pager
--lines 1 | grep PID
 Main PID: 14021 (virtlogd)
 Main PID: 14020 (virtlockd)
$ apt install --reinstall libvirt-daemon-system
# the PIDs will have changed, but they should not being "--no-stop-on-upgrade"

With compat 12 (even with sysV dropped as we did in Ubuntu) the
services will restart which is not what is wanted.
I verified e.g. Disco which has libvirt 5.0 and the sysV dropped, no
problem there.

For simplicity I compare/debug the versions with sysV dropped (less
interactions).
A lot of the postinst is the same, here "old = good" (Disco based on
libvirt 5.0) and "new = bad" (Eoan based on your 5.3 updated to
libvirt 5.4 from upstream).

old:
  dh_systemd_start/12ubuntu1 for libvirtd.service
  => deb-systemd-invoke $_dh_action 'libvirtd.service' (action => restart)
  dh_systemd_start/12ubuntu1 for "all others"
  deb-systemd-invoke start ... (all services and sockets)
  # on already running services that is a no-op the PIDs stay the same
new:
  dh_installsystemd/12.1.1ubuntu1 for all services
  deb-systemd-invoke $_dh_action (action => restart)
  # this is what breaks the current libvirt, calling restart on the service

I started a buster system to check if this is special to Ubuntu, or at
least only to what we have in -experimental.
Ok, as initially reported on the bug here in Buster this issue applies
to virtlockd but not virtlogd.
I installed 5.2.0-2 from experimental, and there as expected both PIDs
are recycled.
Which makes sense given that it seems a non libvirt specific issue in
the postinst as generated by dh_installsystemd.

The d/rules line for all affected services surely has --no-stop-on-upgrade:
  dh_installsystemd -p libvirt-daemon-system --no-stop-on-upgrade
$(LIBVIRT_SYSTEM_SERVICES)

Not sure what to do yet - I'm experimenting, but I wanted to keep you
in the loop as well.

--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

Bug#930368: gatb-core: FTBFS due to inaccurate symbols file

[Gilles Filippini]

Source: gatb-core
Version: 1.4.1+git20181225.44d5a44+dfsg-2
Severity: serious
Justification: FTBFS

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

During a rebuild of gatb-core for unstable on amd64 I experienced a FTBFS at the
dh_makeshlibs step:

   dh_makeshlibs -O--sourcedirectory=gatb-core
dpkg-gensymbols: error: some symbols or patterns disappeared in the symbols 
file: see diff output below
dpkg-gensymbols: warning: debian/libgatbcore2/DEBIAN/symbols doesn't match 
completely debian/libgatbcore2.symbols.amd64
- --- debian/libgatbcore2.symbols.amd64 
(libgatbcore2_1.4.1+git20181225.44d5a44+dfsg-2_amd64)
+++ dpkg-gensymbolsErQvax   2019-06-11 09:56:28.965481025 +
@@ -8997,7 +8997,7 @@
  
_ZNSt6vectorISt5tupleIJjN4gatb4core5tools4math8LargeIntILi1EEEjjjEESaIS7_EE12emplace_backIJS7_EEEvDpOT_@Base
 1.4.1+git20181225.44d5a44+dfsg
  
_ZNSt6vectorISt5tupleIJjN4gatb4core5tools4math8LargeIntILi1EEEjjjEESaIS7_EE17_M_realloc_insertIJS7_EEEvN9__gnu_cxx17__normal_iteratorIPS7_S9_EEDpOT_@Base
 1.4.1
  
_ZNSt6vectorISt5tupleIJjN4gatb4core5tools4math8LargeIntILi1EEEjjjEESaIS7_EE7reserveEm@Base
 1.4.1
- - 
_ZNSt6vectorISt5tupleIJjN4gatb4core5tools4math8LargeIntILi2EEEjjjEESaIS7_EE12emplace_backIJS7_EEEvDpOT_@Base
 1.4.1+git20181225.44d5a44+dfsg
+#MISSING: 1.4.1+git20181225.44d5a44+dfsg-2# 
_ZNSt6vectorISt5tupleIJjN4gatb4core5tools4math8LargeIntILi2EEEjjjEESaIS7_EE12emplace_backIJS7_EEEvDpOT_@Base
 1.4.1+git20181225.44d5a44+dfsg
  
_ZNSt6vectorISt5tupleIJjN4gatb4core5tools4math8LargeIntILi2EEEjjjEESaIS7_EE17_M_realloc_insertIJS7_EEEvN9__gnu_cxx17__normal_iteratorIPS7_S9_EEDpOT_@Base
 1.4.1
  
_ZNSt6vectorISt5tupleIJjN4gatb4core5tools4math8LargeIntILi2EEEjjjEESaIS7_EE7reserveEm@Base
 1.4.1
  
_ZNSt6vectorISt5tupleIJjN4gatb4core5tools4math8LargeIntILi3EEEjjjEESaIS7_EE17_M_realloc_insertIJS7_EEEvN9__gnu_cxx17__normal_iteratorIPS7_S9_EEDpOT_@Base
 1.4.1
@@ -9007,7 +9007,7 @@
  
_ZNSt6vectorISt5tupleIJmiEESaIS1_EE17_M_realloc_insertIJS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_@Base
 1.4.1
  
_ZNSt6vectorISt5tupleIJmiNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcESaIS7_EE17_M_realloc_insertIJS7_EEEvN9__gnu_cxx17__normal_iteratorIPS7_S9_EEDpOT_@Base
 1.4.1
  
_ZNSt6vectorISt6threadSaIS0_EE17_M_realloc_insertIJZN10ThreadPoolC4EmEUlvE_EEEvN9__gnu_cxx17__normal_iteratorIPS0_S2_EEDpOT_@Base
 1.4.1
- - _ZNSt6vectorIbSaIbEE13_M_initializeEm@Base 1.4.1+git20181225.44d5a44+dfsg
+#MISSING: 1.4.1+git20181225.44d5a44+dfsg-2# 
_ZNSt6vectorIbSaIbEE13_M_initializeEm@Base 1.4.1+git20181225.44d5a44+dfsg
  _ZNSt6vectorIbSaIbEE13_M_insert_auxESt13_Bit_iteratorb@Base 1.4.1
  _ZNSt6vectorIbSaIbEE13_M_reallocateEm@Base 1.4.1
  _ZNSt6vectorIbSaIbEE14_M_fill_insertESt13_Bit_iteratormb@Base 1.4.1
dh_makeshlibs: failing due to earlier errors
make: *** [debian/rules:10: binary] Error 2
dpkg-buildpackage: error: fakeroot debian/rules binary subprocess returned exit 
status 2

Thanks,

_g.

- -- System Information:
Debian Release: buster/sid
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAlz/ttsACgkQ7+hsbH/+
z4P/bgf/aI8Kn2N0XrowNHz05+Hw9zTryiLdxmSgqs3HYJwq+bUjzbpZQTbwFb+U
Fgosu7yUAzPQSc0XeWAHbE9zosOVH5pqsvIVCvOOcwIrMJ1w28arh0YtsVTNIs71
4Cn1/x22ZZNHe6rbbb1Kzf0gf1JBMm6riKVqXDh1iJf0S4a1O63w1O6gNXGvXPsj
cwfqbP6En5Wmqys51FH3ZTAWK/ZF/3LPAyGlxgrK7KiFpub1ckph0WiKlaRFOYAv
uzG8Wy7MeVBaG9fpUd/oF+qQiUM+OrHWCXZLLuWKj7UCdCfRgzu3D+t7R5NlTFVr
Rh/mAr/U0rbFG7nDa8g0wOCQNrGBIw==
=2Gnd
-END PGP SIGNATURE-

Bug#930367: cloud.debian.org: vagrant images: use systemd-networkd for virtualbox provider

[Nicolas Quiniou-Briand]

Package: cloud.debian.org
Severity: normal

Dear Maintainer,

I noticed a difference between providers for the same box 
(debian/stretch64):


* with libvirt provider, `systemd-networkd` service is enabled and started
after first boot of VM.

* with virtualbox provider, `systemd-networkd`
service is disabled and stopped after first boot of VM.

It will be better to have only one way to manage network for the same 
image with different providers.

Bug#930366: initramfs-tools: unmkinitramfs fails to unpack lz4 compressed initrd

[Dimitri John Ledkov]

Package: initramfs-tools
Version: 0.133
Severity: normal
Tags: patch

Dear Maintainer,

unmkinitramfs fails to unpack lz4 compressed initrd, ie.:

$ sudo apt install initramfs-tools lz4 file
$ mkinitramfs -c lz4 -o foo.img
$ unmkinitramfs foo.img bar
cpio: premature end of archive
$ echo $?
2

I think this is because lz4cat is strict with file extensions:

$ file foo.img 
foo.img: LZ4 compressed data (v0.1-v0.9)
$ lz4cat -t foo.img 
File extension doesn't match expected LZ4_EXTENSION (.lz4); will not process 
file: foo.img

I propose the attached patch to change 'lz4cat -t $archive'
invocations to become 'lz4cat -t <$archive' instead. As lz4cat does
not / cannot enforce extension checking on streams.

Regards,

Dimitri.
diff -Nru initramfs-tools-0.133ubuntu6/unmkinitramfs 
initramfs-tools-0.133ubuntu8/unmkinitramfs
--- initramfs-tools-0.133ubuntu6/unmkinitramfs  2019-06-07 19:22:58.0 
+
+++ initramfs-tools-0.133ubuntu8/unmkinitramfs  2019-06-09 23:21:17.0 
+
@@ -33,8 +33,8 @@
gzip -c -d "$archive"
elif xzcat -t "$archive" >/dev/null 2>&1 ; then
xzcat "$archive"
-   elif lz4cat -t "$archive" >/dev/null 2>&1 ; then
-   lz4cat "$archive"
+   elif lz4cat -t <"$archive" >/dev/null 2>&1 ; then
+   lz4cat <"$archive"
elif bzip2 -t "$archive" >/dev/null 2>&1 ; then
bzip2 -c -d "$archive"
elif lzop -t "$archive" >/dev/null 2>&1 ; then

Bug#930363: faad2: fix build with gcc-9 [patch]

[Gianfranco Costamagna]

control: tags -1 - moreinfo

Hello Sebastian

do you like the attached version then? :)

thanks for the quick update,
I think a CFLAG passed as LIB doesn't matter that much, while the opposite 
hurts more, 
but you are right, we should keep them separate indeed.

thanks for pointing it out!

Gianfranco
Description: Fix link failure with gcc-9 and wl,asneeded flags
Author: Gianfranco Costamagna 
Last-Update: 2019-06-11

--- faad2-2.8.8.orig/configure.ac
+++ faad2-2.8.8/configure.ac
@@ -92,7 +92,9 @@ AC_DEFUN([AC_C99_FUNC_LRINTF],
   ac_cv_c99_lrintf,
 [
 lrintf_save_CFLAGS=$CFLAGS
-CFLAGS="-O -lm"
+lrintf_save_LIBS=$LIBS
+CFLAGS="-O"
+LIBS="-lm"
 AC_TRY_LINK([
 #define _ISOC9X_SOURCE  1
 #define _ISOC99_SOURCE  1
@@ -103,6 +105,7 @@ AC_TRY_LINK([
 ], if (!lrintf(3.14159)) lrintf(2.7183);, ac_cv_c99_lrintf=yes, ac_cv_c99_lrintf=no)
 
 CFLAGS=$lrintf_save_CFLAGS
+LIBS=$lrintf_save_LIBS
 
 ])
 

Bug#930350: marked as done (gnome-shell: Play/pause keyboard button stops controlling Rhythmbox/Totem)

[Simon McVittie]

Mike Crowe wrote:
> It appears that functionality of the play/pause keyboard button returns to
> normal if I close Google Chrome

This probably means Google Chrome uses GNOME's D-Bus APIs to register
itself as a media player, so that the play/pause/etc. keys can control
sites like Youtube and Soundcloud?

The play/pause/etc. keys are intercepted by GNOME and routed to exactly
one media player, to make sure that pressing Play while you have, for
example, both Totem and Rhythmbox open doesn't cause them both to start
playing at the same time (which would usually result in cacophony). I
don't know whether they're sent to the most recently registered media
player, or follow some more elaborate heuristic.

It would perhaps be better if Chrome only registered itself as a media
player while the current tab is a site containing multimedia playback,
so that other browser uses did not interfere with local media player apps.

smcv

Bug#929469: systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"

[Raphael Hertzog]

Hi,

On Wed, 05 Jun 2019, Michael Biebl wrote:
> systemd-networkd.service in v241 is locked down more tightly then v232.
> It might be worth a try to comment out the hardening features one by one
> to see if one of them causes your problem.

Thanks for the idea! I tried that but it did not help. I found the issue
after a few more tries tweaking the network configuration file. It's
simply that the system has IPv6 disabled in the kernel policy while the
.network file instructs to configure an IPv6 address.

Both are contradictory but they happily lived together up-to-now.
I don't know what changed but if we don't improve systemd-networkd
to just skip IPv6 configuration when the kernel has a policy disabling
IPv6, then we will have plenty of servers broken on upgrades because
it's quite common to keep the network configuration file provided by
the hoster and just disable IPv6 at the kernel level with sysctl:

$ grep ipv6 /etc/sysctl.conf
# Disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/


signature.asc
Description: PGP signature

Bug#930350: Not related to the Media Player Indicator extension

[Mike Crowe]

I disabled the Media Player Indicator extension in Tweaks, yet the
play/pause button has just stopped working again.

I probably should have mentioned earlier that I'm running on Wayland. This
appears to mean that I can't try restarting gnome-shell to see if that
fixes the problem.

Mike.

Bug#930365: CUDA 10.1 Update 1 is now available

[Graham Inggs]

Source: nvidia-cuda-toolkit
Version: 9.2.148-6
Severity: wishlist

Hi Maintainers

CUDA 10.1 Update 1 (10.1.168) was released at the end of May, 2019.  The 
minimum NVIDIA driver version remains at 418.39 and support is added for 
Clang 8.


As per the release notes [1]:
"CUDA 10.1 Update 1 is a minor update that is binary compatible with 
CUDA 10.1. This release will work with all versions of the R418 NVIDIA 
driver."


Regards
Graham


[1] 
https://docs.nvidia.com/cuda/archive/10.1/cuda-toolkit-release-notes/index.html

Bug#930364: unblock: gvfs/1.38.1-5

[Simon McVittie]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gvfs to fix a missing authorization check on a
private D-Bus socket (no CVE ID yet).

This also adds some security hardening that was applied upstream at the
same time (restricting D-Bus authentication mechanisms on the private
socket to only accept EXTERNAL, which is the simplest and most robust
mechanism available).

unblock gvfs/1.38.1-5


diffstat for gvfs-1.38.1 gvfs-1.38.1

 changelog   |   13 +
 patches/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch |   89 ++
 patches/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch|   51 +
 patches/ref-jobs-in-thread.patch|8 
 patches/series  |2 
 5 files changed, 159 insertions(+), 4 deletions(-)

diff -Nru gvfs-1.38.1/debian/changelog gvfs-1.38.1/debian/changelog
--- gvfs-1.38.1/debian/changelog	2019-06-05 08:34:17.0 +0100
+++ gvfs-1.38.1/debian/changelog	2019-06-11 12:28:34.0 +0100
@@ -1,3 +1,16 @@
+gvfs (1.38.1-5) unstable; urgency=high
+
+  * Team upload
+  * d/p/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch:
+Add missing authentication, preventing a local attacker from connecting
+to an abstract socket address learned from netstat(8) and issuing
+arbitrary D-Bus method calls
+  * d/p/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch:
+Harden private D-Bus connection by rejecting the more complicated
+DBUS_COOKIE_SHA1 authentication mechanism and only accepting EXTERNAL.
+
+ -- Simon McVittie   Tue, 11 Jun 2019 12:28:34 +0100
+
 gvfs (1.38.1-4) unstable; urgency=high
 
   * Team upload
diff -Nru gvfs-1.38.1/debian/patches/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch gvfs-1.38.1/debian/patches/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch
--- gvfs-1.38.1/debian/patches/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch	1970-01-01 01:00:00.0 +0100
+++ gvfs-1.38.1/debian/patches/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch	2019-06-11 12:28:34.0 +0100
@@ -0,0 +1,89 @@
+From: Simon McVittie 
+Date: Wed, 5 Jun 2019 13:33:38 +0100
+Subject: gvfsdaemon: Check that the connecting client is the same user
+
+Otherwise, an attacker who learns the abstract socket address from
+netstat(8) or similar could connect to it and issue D-Bus method
+calls.
+
+Signed-off-by: Simon McVittie 
+Applied-upstream: 1.38.3, commit:e3808a1b4042761055b1d975333a8243d67b8bfe
+---
+ daemon/gvfsdaemon.c | 36 +++-
+ 1 file changed, 35 insertions(+), 1 deletion(-)
+
+diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c
+index 406d4f8..be148a7 100644
+--- a/daemon/gvfsdaemon.c
 b/daemon/gvfsdaemon.c
+@@ -79,6 +79,7 @@ struct _GVfsDaemon
+   
+   gint mount_counter;
+   
++  GDBusAuthObserver *auth_observer;
+   GDBusConnection *conn;
+   GVfsDBusDaemon *daemon_skeleton;
+   GVfsDBusMountable *mountable_skeleton;
+@@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object)
+ }
+   if (daemon->conn != NULL)
+ g_object_unref (daemon->conn);
++  if (daemon->auth_observer != NULL)
++g_object_unref (daemon->auth_observer);
+   
+   g_hash_table_destroy (daemon->registered_paths);
+   g_hash_table_destroy (daemon->client_connections);
+@@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection,
+   daemon->lost_main_daemon = TRUE;
+ }
+ 
++/*
++ * Authentication observer signal handler that authorizes connections
++ * from the same uid as this process. This matches the behaviour of a
++ * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction
++ * has been set, but is not the default in GDBus.
++ */
++static gboolean
++authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
++ G_GNUC_UNUSED GIOStream *stream,
++ GCredentials *credentials,
++ G_GNUC_UNUSED gpointer user_data)
++{
++  gboolean authorized = FALSE;
++
++  if (credentials != NULL)
++{
++  GCredentials *own_credentials;
++
++  own_credentials = g_credentials_new ();
++
++  if (g_credentials_is_same_user (credentials, own_credentials, NULL))
++authorized = TRUE;
++
++  g_object_unref (own_credentials);
++}
++
++  return authorized;
++}
++
+ static void
+ g_vfs_daemon_init (GVfsDaemon *daemon)
+ {
+@@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon)
+ 
+   daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
+   g_assert (daemon->conn != NULL);
++  daemon->auth_observer = g_dbus_auth_observer_new ();
++  g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL);
+ 
+   daemon->daemo

Bug#930363: faad2: fix build with gcc-9 [patch]

[Sebastian Ramacher]

Control: tags -1 + moreinfo

On 2019-06-11 15:06:01, Gianfranco Costamagna wrote:
> Source: faad2
> Version: 2.8.8-3
> Severity: normal
> tags: patch
> 
> Hello, looks like gcc-9 is adding wl,asneeded flag in compilation, so libs 
> passed as CFLAGS are not correctly
> used by gcc anymore, because only LIBS is added at the end of the compilation 
> line.
> 
> The following patch fixes the issue, and starts then using again the glib 
> implementation of the library.
> (without the patch, the bundled version is used everywhere, and the build 
> fails only on i386 because of an implementation mismatch of a long/int data 
> type)
> 
> I reported the patch already upstream
> https://sourceforge.net/p/faac/bugs/242/
> 
> 
> patch: 
> http://launchpadlibrarian.net/427773869/faad2_2.8.8-3_2.8.8-3ubuntu1.diff.gz
> 
> 
> please apply if possible, thanks!
> 
> Gianfranco

> >From b9e6b9bf906c8c2c6fabf7255bcf9eceff96023b Mon Sep 17 00:00:00 2001
> From: Gianfranco Costamagna 
> Date: Tue, 11 Jun 2019 14:54:38 +0200
> Subject: [PATCH] Add patch to fix a gcc-9 build failure on i386 and to
>  correctly use lprintf from glibc
> 
> ---
>  debian/changelog   |  6 ++
>  debian/patches/gcc-9.patch | 26 ++
>  debian/patches/series  |  1 +
>  3 files changed, 33 insertions(+)
>  create mode 100644 debian/patches/gcc-9.patch
> 
> diff --git a/debian/changelog b/debian/changelog
> index dfa8217..c1267f4 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +faad2 (2.8.8-4) UNRELEASED; urgency=medium
> +
> +  * Fix build with gcc-9 and asneeded flag on i386.
> +
> + -- Gianfranco Costamagna   Tue, 11 Jun 2019 
> 14:41:09 +0200
> +
>  faad2 (2.8.8-3) unstable; urgency=high
>  
>* Team upload.
> diff --git a/debian/patches/gcc-9.patch b/debian/patches/gcc-9.patch
> new file mode 100644
> index 000..e17a3a3
> --- /dev/null
> +++ b/debian/patches/gcc-9.patch
> @@ -0,0 +1,26 @@
> +Description: Fix link failure with gcc-9 and wl,asneeded flags
> +Author: Gianfranco Costamagna 
> +Last-Update: 2019-06-11
> +
> +--- faad2-2.8.8.orig/configure.ac
>  faad2-2.8.8/configure.ac
> +@@ -91,8 +91,8 @@ AC_DEFUN([AC_C99_FUNC_LRINTF],
> + [AC_CACHE_CHECK(for lrintf,
> +   ac_cv_c99_lrintf,
> + [
> +-lrintf_save_CFLAGS=$CFLAGS
> +-CFLAGS="-O -lm"
> ++lrintf_save_LIBS=$LIBS
> ++LIBS="-O -lm"

Why is -O controlling the optimization level moved to LIBS? I suppose,
this should stay in CFLAGS.

Cheers

> + AC_TRY_LINK([
> + #define _ISOC9X_SOURCE  1
> + #define _ISOC99_SOURCE  1
> +@@ -102,7 +102,7 @@ AC_TRY_LINK([
> + #include 
> + ], if (!lrintf(3.14159)) lrintf(2.7183);, ac_cv_c99_lrintf=yes, 
> ac_cv_c99_lrintf=no)
> + 
> +-CFLAGS=$lrintf_save_CFLAGS
> ++LIBS=$lrintf_save_LIBS
> + 
> + ])
> + 
> diff --git a/debian/patches/series b/debian/patches/series
> index 6d4062f..f35c884 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -2,3 +2,4 @@ reproducible-build.patch
>  0009-syntax.c-check-for-syntax-element-inconsistencies.patch
>  0010-sbr_hfadj-sanitize-frequency-band-borders.patch
>  0004-Fix-a-couple-buffer-overflows.patch
> +gcc-9.patch
> -- 
> 2.17.1
> 


-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#930363: faad2: fix build with gcc-9 [patch]

[Gianfranco Costamagna]

Source: faad2
Version: 2.8.8-3
Severity: normal
tags: patch

Hello, looks like gcc-9 is adding wl,asneeded flag in compilation, so libs 
passed as CFLAGS are not correctly
used by gcc anymore, because only LIBS is added at the end of the compilation 
line.

The following patch fixes the issue, and starts then using again the glib 
implementation of the library.
(without the patch, the bundled version is used everywhere, and the build fails 
only on i386 because of an implementation mismatch of a long/int data type)

I reported the patch already upstream
https://sourceforge.net/p/faac/bugs/242/


patch: 
http://launchpadlibrarian.net/427773869/faad2_2.8.8-3_2.8.8-3ubuntu1.diff.gz


please apply if possible, thanks!

Gianfranco
>From b9e6b9bf906c8c2c6fabf7255bcf9eceff96023b Mon Sep 17 00:00:00 2001
From: Gianfranco Costamagna 
Date: Tue, 11 Jun 2019 14:54:38 +0200
Subject: [PATCH] Add patch to fix a gcc-9 build failure on i386 and to
 correctly use lprintf from glibc

---
 debian/changelog   |  6 ++
 debian/patches/gcc-9.patch | 26 ++
 debian/patches/series  |  1 +
 3 files changed, 33 insertions(+)
 create mode 100644 debian/patches/gcc-9.patch

diff --git a/debian/changelog b/debian/changelog
index dfa8217..c1267f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+faad2 (2.8.8-4) UNRELEASED; urgency=medium
+
+  * Fix build with gcc-9 and asneeded flag on i386.
+
+ -- Gianfranco Costamagna   Tue, 11 Jun 2019 14:41:09 +0200
+
 faad2 (2.8.8-3) unstable; urgency=high
 
   * Team upload.
diff --git a/debian/patches/gcc-9.patch b/debian/patches/gcc-9.patch
new file mode 100644
index 000..e17a3a3
--- /dev/null
+++ b/debian/patches/gcc-9.patch
@@ -0,0 +1,26 @@
+Description: Fix link failure with gcc-9 and wl,asneeded flags
+Author: Gianfranco Costamagna 
+Last-Update: 2019-06-11
+
+--- faad2-2.8.8.orig/configure.ac
 faad2-2.8.8/configure.ac
+@@ -91,8 +91,8 @@ AC_DEFUN([AC_C99_FUNC_LRINTF],
+ [AC_CACHE_CHECK(for lrintf,
+   ac_cv_c99_lrintf,
+ [
+-lrintf_save_CFLAGS=$CFLAGS
+-CFLAGS="-O -lm"
++lrintf_save_LIBS=$LIBS
++LIBS="-O -lm"
+ AC_TRY_LINK([
+ #define _ISOC9X_SOURCE  1
+ #define _ISOC99_SOURCE  1
+@@ -102,7 +102,7 @@ AC_TRY_LINK([
+ #include 
+ ], if (!lrintf(3.14159)) lrintf(2.7183);, ac_cv_c99_lrintf=yes, ac_cv_c99_lrintf=no)
+ 
+-CFLAGS=$lrintf_save_CFLAGS
++LIBS=$lrintf_save_LIBS
+ 
+ ])
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 6d4062f..f35c884 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ reproducible-build.patch
 0009-syntax.c-check-for-syntax-element-inconsistencies.patch
 0010-sbr_hfadj-sanitize-frequency-band-borders.patch
 0004-Fix-a-couple-buffer-overflows.patch
+gcc-9.patch
-- 
2.17.1

Bug#930362: new post: Help the Java Team Distribute your project!

[Laura Arjona Reina]

Package: press
Severity: normal
X-Debbugs-CC: debian-public...@lists.debian.org, debian-j...@lists.debian.org

Hi
Thanks Hans-Christoph Steiner for resuming the work on this post.
This bug is the continuation of the !16 merge request in Salsa [1], I have 
merged the work so far, and turned the post into a draft until we're all happy 
to publish it.


[1] https://salsa.debian.org/publicity-team/bits/merge_requests/16

I think it's better that we continue using the BTS and committing directly in 
the bits repo, so we don't need to maintain several merge requests.


The current draft is here:

https://salsa.debian.org/publicity-team/bits/blob/master/content/2019/help-the-java-team-distribute-your-project.md

I have not much time today to comment about the content (and I would like to 
provide patches) so I'm leaving this bug open for now and will come back to it 
soon, I hope.


I propose to publish it next week (17 to 23 Jun 2019) because we have just 
published a blog post and we had planned another one during this week.


Kind regards,
--
Laura Arjona Reina
https://wiki.debian.org/LauraArjona

Bug#930361: More to add

[Brent Clark]

Sorry, just to add, I used the following link to test.

https://www.openwall.com/lists/oss-security/2019/06/06/1

Please read points 3 and 4 under section 'Default configuration'

HTH

Regards

Brent Clark

Bug#930361: exim4: Further on to CVE-2019-10149

[Brent Clark]

Package: exim4
Version: 4.89-2+deb9u4
Severity: important

Dear Maintainer,

This is just a FYI and I sure hope its nothing.

In light of CVE-2019-10149

What I did was build a vagrant instance with Exim 4.89-2+deb9u3 to
replicate the POC.

Please see https://pastebin.com/raw/EiLbpsH4 for successful
exploitation.

What was of interest to me, I upgraded to 4.89-2+deb9u4 and redid the POC.

Please see https://pastebin.com/raw/iqaJyHt2, but you will see is, the
file POC does not work, BUT mail still gets accepted.

Please see https://pastebin.com/raw/YLS7CBHY

I just want to double check is this is correct / acceptable.

Kind Regards
Brent Clark
P.s. Just a Q of food for thought, should not CHECK_RCPT_LOCAL_LOCALPARTS and / 
or
CHECK_RCPT_REMOTE_LOCALPARTS be updated in
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs?

-- Package-specific info:
Exim version 4.89 #2 built 28-May-2019 20:13:55
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC Event 
OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz 
dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='local'
dc_other_hostnames='REMOVED
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains='stephan.trial.co.za'
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:stephan.trial.co.za
# /etc/default/exim4
EX4DEF_VERSION=''

# 'combined' -   one daemon running queue and listening on SMTP port
# 'no'   -   no daemon running the queue
# 'separate' -   two separate daemons
# 'ppp'  -   only run queue with /etc/ppp/ip-up.d/exim4.
# 'nodaemon' - no daemon is started at all.
# 'queueonly' - only a queue running daemon is started, no SMTP listener.
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
QUEUERUNNER='combined'
# how often should we run the queue
QUEUEINTERVAL='30m'
# options common to quez-runner and listening daemon
COMMONOPTIONS=''
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
QUEUERUNNEROPTIONS=''
# special flags given to exim directly after the -q. See exim(8)
QFLAGS=''
# Options for the SMTP listener daemon. By default, it is listening on
# port 25 only. To listen on more ports, it is recommended to use
# -oX 25:587:10025 -oP /run/exim4/exim.pid
SMTPLISTENEROPTIONS=''

-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  exim4-base 4.89-2+deb9u4
ii  exim4-daemon-light 4.89-2+deb9u4

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
  exim4/drec:

Bug#930343: libgcr410 FTCBFS: uses the wrong compiler

[Peter 'p2' De Schrijver]

Go ahead.

Peter.

On 2019-06-11 06:13:16 (+0200), Helmut Grohne  wrote:
> Source: libgcr410
> Version: 2.4.0-9.2
> Tags: patch
> User: debian-cr...@lists.debian.org
> Usertags: ftcbfs
> 
> libgcr410 fails to cross build from source, because it does not pass
> cross tools to make. The easiest way of doing so - using dh_auto_build -
> makes libgcr410 cross buildable. Please consider applying the attached
> patch.
> 
> Helmut

> diff -u libgcr410-2.4.0/debian/changelog libgcr410-2.4.0/debian/changelog
> --- libgcr410-2.4.0/debian/changelog
> +++ libgcr410-2.4.0/debian/changelog
> @@ -1,3 +1,10 @@
> +libgcr410 (2.4.0-9.3) UNRELEASED; urgency=medium
> +
> +  * Non-maintainer upload.
> +  * Fix FTCBFS: Let dh_auto_build pass cross tools to make. (Closes: #-1)
> +
> + -- Helmut Grohne   Tue, 11 Jun 2019 06:10:48 +0200
> +
>  libgcr410 (2.4.0-9.2) unstable; urgency=low
>  
>* Non-maintainer upload.
> diff -u libgcr410-2.4.0/debian/rules libgcr410-2.4.0/debian/rules
> --- libgcr410-2.4.0/debian/rules
> +++ libgcr410-2.4.0/debian/rules
> @@ -3,7 +3,7 @@
>  build: build-stamp
>  build-stamp: 
>   dh_testdir
> - $(MAKE)
> + dh_auto_build
>   touch build-stamp
>  
>  clean:

Bug#775029: Processed: reassign 775029 to src:trac

[W. Martin Borgert]

I assume, that the bug is not present in Debian >= 8, i.e. Trac >= 1.
It has been fixed upstream seven years ago.
If the bug is still present in Debian 10, please reopen.

Bug#730572: reprepro: support for ddebs (debug symbols)

[Simon McVittie]

On Sun, 20 Dec 2015 at 08:53:16 +, Niels Thykier wrote:
> In the actual implementation we got live now, there are a couple of
> changes though.
> 
>  * The dbgsym packages use the .deb extension

For the non-Debian projects for which I developed this patch, we still
need at least basic support for .ddeb files, because Ubuntu's toolchain
still produces those (and as far as I can tell it will continue to do
so indefinitely - they no longer use pkg-create-dbgsym, but they have a
patch in their dh_strip to make it produce .ddeb instead of .deb files).

I wouldn't object to simplifying it by treating .ddeb files as exactly
equivalent to .deb, so they go alongside ordinary debs, instead of
creating a /debug pseudo-component? That's what happens right
now when you import a Debian-built -dbgsym package into an unpatched
reprepro. (You can't currently import an Ubuntu-built -dbgsym package
at all.)

(Cc'ing my colleague Lucas Kanashiro who will be looking into rebasing
this patch for our own use - we need a fork of reprepro that supports
this, even if it can't go upstream, so we might as well provide an
updated patch on this bug too.)

> In DAK / the Debian infrastructure, the dbgsym packages are placed in a
> separate component called "-debug".

Isn't that a suite or a "dist" or something, rather than a component?
The production Debian dbgsym infrastructure seems to have the same
three components (aka archive areas) as the main Debian archive, namely
main, contrib and non-free.

I don't think reprepro can or should mimic dak's output accurately,
because dak creates a separate lookaside apt repository for detached
debug symbols, but the scope of reprepro is that it deals with a single
apt repository.

Because reprepro can already accept *-dbgsym_*.deb and will currently
list them alongside any other .deb, moving Debian-built (.deb) -dbgsym
packages into a separate suite, component or repository would arguably
be an incompatible behaviour change.

smcv