Bug#935182: Concurrent file open results file deletion by the read-only instance

[Gilles MOREL]

Hi,

For severity, I read severity's description and the first that seemed to fit 
was grave, since I got data loss.
For multiple user on the same host, the host is actually a RDP server, served 
by xrdp.
For the version, that's because I tryed to use the backports version of LO, but 
the problem is there too.
--
Gilles MOREL 
Le premier tirage aléatoire est [51, 31, 38, 6, 16] et le second est [9, 9, 9, 
9, 9]. Quel tirage est le plus aléatoire ?


- Message original 
Rene Engelhard 
à Gilles MOREL , 935...@bugs.debian.org
le mardi 20 août 2019 à 18:30:06 +0200
avec Mutt/1.10.1 (2018-07-13)

Re: Bug#935182: Concurrent file open results file deletion by the read-only 
instance
--
Hi,

On Tue, Aug 20, 2019 at 04:52:52PM +0200, Gilles MOREL wrote:
> Package: libreoffice-core
> Version: 1:6.1.5-3+deb10u3
> Severity: grave

2 grave   makes the package in question unusable by most or all users, 
or causes data loss, or
  introduces a security hole allowing access to the accounts of 
users who use the package.
[...]
4 important   a bug which has a major effect on the usability of a package, 
without rendering it completely
  unusable to everyone.

Ok, one might argue this as data loss, but I don't think this is grave enough to
warrant grave, important looks more suited. But anyways.

> When two users on the same machine open

Why two users on the same machine, same file? I could understand the
scenario of same file on samba share, different computers... Or do
you use some graphical "remote desktop" thingy allowing access of more
people to one comuter?

> If the first user saves modification while the second user have the file 
> openned, the first user gets an error saying the file does not exists anymore.
> And then, the file is actually deleted once the second user closes the file.

LO has lockinbg problems like this. This is nothing new. In fact, quick googling
just gave me
https://bugs.documentfoundation.org/show_bug.cgi?id=115747#c28

> Versions of packages libreoffice-core depends on:
> ii  fontconfig2.13.1-2
> ii  fonts-opensymbol  2:102.11+LibO6.3.0-2~bpo10+1
[...]
> ii  libreoffice-common1:6.1.5-3+deb10u3
[...]
> ii  uno-libs3 6.3.0-2~bpo10+1
> ii  ure   6.3.0-2~bpo10+1
[...]
> ii  libreoffice-style-colibre  1:6.1.5-3+deb10u3
> ii  libreoffice-style-tango1:6.1.5-3+deb10u3
> ii  ure6.3.0-2~bpo10+1
[...]
> ii  python3-uno1:6.1.5-3+deb10u3
[...]
> ii  libreoffice-style-colibre [libreoffice-style]  1:6.1.5-3+deb10u3
> ii  libreoffice-style-tango [libreoffice-style]1:6.1.5-3+deb10u3
[...]
> ii  libreoffice-common  1:6.1.5-3+deb10u3

etc.

It's probably not related (and would be a bug in the newer LO)
but why are you mixing 6.1.5 and 6.3.0 packages?

Regards,

Rene



signature.asc
Description: This is a digitally signed message part.

Bug#935182: Concurrent file open results file deletion by the read-only instance

[Gilles MOREL]

Hi,

Actually, we were almost certain that the problem will be forwarded to the 
upstream, so we openned the bug on Document Fondation too.

We also tryed with the backports version, the problem is there too.
--
Gilles MOREL 
Ce message ne s'autodétruira pas dans cinq secondes. Cinq, quatre, trois, deux, 
un…


- Message original 
Rene Engelhard 
à Gilles MOREL , 935...@bugs.debian.org
copie à cont...@bugs.debian.org
le mardi 20 août 2019 à 18:53:06 +0200
avec Mutt/1.10.1 (2018-07-13)

Re: Bug#935182: Concurrent file open results file deletion by the read-only 
instance
--
forwarded 935182 https://bugs.documentfoundation.org/show_bug.cgi?id=127057
thanks

Hi,

On Tue, Aug 20, 2019 at 06:30:06PM +0200, Rene Engelhard wrote:
> LO has lockinbg problems like this. This is nothing new. In fact, quick 
> googling
> just gave me
> https://bugs.documentfoundation.org/show_bug.cgi?id=115747#c28

Or https://bugs.documentfoundation.org/show_bug.cgi?id=127057. By chance
filed by you or someone in your organization?

Just for data: What happens with a ("real"/complete) 6.3.0 (as is in
buster-backports, of which you have parts installed)?

Regards,

Rene


signature.asc
Description: This is a digitally signed message part.

Bug#934629: ITP: seqan3 -- C++ library for the analysis of biological sequences (development)

[Michael Crusoe]

Correction: This package is maintained by Debian Med Packaging Team at
https://salsa.debian.org/med-team/seqan3

Bug#935244: jh_depends: "-j headless" have no effect

[Dmitry Smirnov]

Package: javahelper
Version: 0.72.9
Severity: normal
Control: block 864861 by -1
Tags: patch

Despite jh_depends invoked with option "-jheadless", the generated 
java:Depends contains "default-jre" instead of "default-jre-headless".

Looks like jh_depends is rather sloppy: is uses no "set -u" to ensure that 
there are no undefined variables and no surprise that some variables are used 
before they are defined...

The following patch fixes the problem:


--- a/jh_depends
+++ b/jh_depends
@@ -210,9 +210,9 @@
if [ -n "$WRAPPER" ]; then
   DEBDEPS="jarwrapper (>=0.5) $DEBDEPS"
fi
JVMDEPS=
-   if [ -n "`getarg j jvm`" ] && [ -z "$JVM" ]; then
+   if [ -n "`getarg j jvm`" ]; then
   JVM="`getarg j jvm`"
fi

if [ -n "$WRAPPER" ] && [ -z "$JVM" ]; then


By the time when script checks "-j | --jvm" options, $JVM is always defined 
so removing '&& [ -z "$JVM" ]' condition is required to respect given 
parameters.

Thanks.

-- 
Regards,
 Dmitry Smirnov

---

The truth is incontrovertible, malice may attack it, ignorance may deride
it, but in the end; there it is.
-- Winston Churchill


signature.asc
Description: This is a digitally signed message part.

Bug#929923: missing dictionaries.xcu confuses non-US English locales (e.g. en_AU)

[Rene Engelhard]

On Wed, Aug 21, 2019 at 03:44:36PM +1000, Trent W. Buck wrote:
> I still advocate solving only MY problem, with a simple change:
> 
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?att=2;bug=929923;filename=929923.patch;msg=22

And I still say that it at least for en_GB is wrong. As said: color vs.
colour.
You say that Australia is used to both, Ok, I believe so - but I don't think so
for en_GB.

> However, I also considered a complex change:
> generate debian/*.links automatically from */dictionaries.xcu.
> 
> A proof-of-concept is attached.
> If this is interesting, I can look at merging it into debian/helper.py.
> If this is not interesting, I'm happy to just forget about it :-)

IMHO, this definitely sounds interesting. "In emergency" we can just remove
unwanted ones..

Regards,

Rene

Bug#935110: dbconfig-common: [INTL:ru] Russian debconf templates translation update

[Yuri Kozlov]

Updated version.


-- 
Best Regards,
Yuri Kozlov



ru.po.gz
Description: application/gzip

Bug#929923: missing dictionaries.xcu confuses non-US English locales (e.g. en_AU)

[Trent W. Buck]

I still advocate solving only MY problem, with a simple change:


https://bugs.debian.org/cgi-bin/bugreport.cgi?att=2;bug=929923;filename=929923.patch;msg=22

However, I also considered a complex change:
generate debian/*.links automatically from */dictionaries.xcu.

A proof-of-concept is attached.
If this is interesting, I can look at merging it into debian/helper.py.
If this is not interesting, I'm happy to just forget about it :-)
#!/usr/bin/python3

"""Create symlinks to simulate missing dictionaries.xcu.

LibreOffice provides spelling/hyphenation/thesaurus dictionaries for different language varieties (xx_YY).
When another variety is similar, and no dedicated dictionary is available, they are aliased together.
LibreOffice defines these aliases in a "dictionaries.xcu" file.

For example, de_AT has its own hyphenation dictionary, but re-uses de_DE's thesaurus dictionary.
https://sources.debian.org/src/libreoffice-dictionaries/1:6.3.0-1/dictionaries/de/dictionaries.xcu/#L46
https://sources.debian.org/src/libreoffice-dictionaries/1:6.3.0-1/dictionaries/de/dictionaries.xcu/#L80

Debian does not ship dictionaries.xcu files because

 1. only LibreOffice understands them, but
other packages use the dictionaries themselves.

 2. Debian packages the spelling/hyphenation/thesaurus dictionaries separately, but
dictionaries.xcu assumes they are packaged together.

If your locale is set to the original language (e.g. LANG=de_DE for
th_de_DE_v2.dat), this Just Works, because of fallback behaviour in
the individual apps (including LibreOffice).

If your locale is set to the aliased language (e.g. LANG=de_AT for
th_de_DE_v2.dat), a symlink is needed to help the app "see" the dictionary.

Prior to this script, those symlinks were created on an ad-hoc basis.
This script tries to fully automate that process, so that

 1. there is less work for the Debian maintainer; and
 2. more consistent behaviour between Debian and upstream.

---Trent W. Buck, Aug 2019, https://bugs.debian.org/929923
"""

import sys
import glob
import pprint
import types
import re

import lxml.etree


def main() -> None:
for d in xcu2dicts():
for f, l in zip(d.files, d.locales):
# Expand the "%origin%" variable to whatever it should be.
f = f.replace('%origin%',
  {'DICT_SPELL': '/usr/share/hunspell',
   'DICT_HYPH': '/usr/share/hyphen',
   'DICT_THES': '/usr/share/mythes'}[d.format])
symlink_dst_path = f
prefix = re.fullmatch(
r'('
r'/usr/share/hunspell/|'
r'/usr/share/hyphen/hyph_|'
r'/usr/share/mythes/(?:th|thes|thesaurus)_'
r').*',
f).group(1)
suffix = re.fullmatch(
r'.*'
r'((?:_v2)?\.(?:dic|aff|dat|idx))',
f).group(1)
symlink_src_path = (
prefix +
IETF_locale_to_glibc_locale(l) +
suffix)

# FIXME: needs to use f'-p{package}', like helper.py:generate_installs().
if symlink_dst_path != symlink_src_path:
print('',   # indent for make
  'dh_link',
  symlink_dst_path,
  symlink_src_path,
  '# ' + l,   # comment
  sep='\t')


# The upstream XCU use RFC 5646 notation (kmr-Latn-TR).
# The upstream dictionaries aren't completely consistent, but mostly use glibc notation (ks_IN@devanagari).
# libreoffice-dictionaries/debian/helper.py has a hand-written dict instead of this bodgy regex-replacement.
def IETF_locale_to_glibc_locale(lo_locale: str) -> str:
s = lo_locale
# Change -Latn- to @latin  (YUK!)
s = re.sub(r'(.+)-Latn(-.+)?', r'\1\2@latin', s)
# Change -valencia to @valencia  (YUK!)
s = re.sub(r'(.+)-valencia', r'\1@valencia', s)
# Change xx-YY to xx_YY
s = re.sub(r'([^-]+)-(.+)', r'\1_\2', s)
return s


# Scrape key/value pairs from the XCUs.
# Example output:
# [namespace(files={'%origin%/af_ZA.aff', '%origin%/af_ZA.dic'},
#format='DICT_SPELL',
#locales={'af-NA', 'af-ZA'}),
#  namespace(files={'%origin%/hyph_af_ZA.dic'},
#format='DICT_HYPH',
#locales={'af-NA', 'af-ZA'})]
def xcu2dicts() -> list:
acc = []# accumulator
for xcu_path in glob.glob('dictionaries/*/dictionaries.xcu'):
xcu_obj = lxml.etree.parse(xcu_path)
nsmap = xcu_obj.getroot().nsmap
for d in xcu_obj.xpath('//node[@oor:name="Dictionaries"]/node', namespaces=nsmap):
format, = d.xpath('./prop[@oor:name="Format"]/value/text()', namespaces=nsmap)
files = {
l
for value in d.xpath('./prop[@oor:name="Locations"]/value/text()', namespaces=nsmap)
for l in value.split()}
 

Bug#934749: welle.io: some icons & widgets not displayed

[Fab Stz]

Bug report for KDE can be found here:
https://bugs.kde.org/show_bug.cgi?id=411127

Bug#935243: Does not work with Thunderbird 6x (60+)

[martin f krafft]

Package: webext-tbsync, webext-dav4tbsync, webext-eas4tbsync
Severity: normal

The extensions needs to be updated to Thunderbird 60+. Not sure 
upstream supports it, but it's useless with the current version in 
unstable.


--
System Information:
Debian Release: bullseye/sid
 APT prefers unstable
 APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages webext-tbsync depends on:
ii  lightning1:68.0~b1-1
ii  thunderbird  1:68.0~b1-1

Versions of packages webext-tbsync recommends:
ii  webext-dav4tbsync  0.15-1
pn  webext-eas4tbsync  

webext-tbsync suggests no packages.

--
no debconf information


--
.''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
 `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Bug#935242: RM: seascope -- RoQA; Obsolete libs (Qt4/Python2), rc buggy, unmaintained, dead upstream

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Blocking removal of Qt4/Python2 from qscintilla2.

Scott K

Bug#935241: RM: opensesame -- RoQA; Obsolete libs (Qt4/Python2), rc buggy, unmaintained

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Blocking qscintilla2 from dropping Qt4/python2 support.

Scott K

Bug#935240: RM: hgview -- RoQA; Obsolete libs (Qt4 and Python2), rc buggy, unmaintained, upstream vanished

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Blocking qscintilla2 from dropping Qt4/Python2 binaries.

Scott K

Bug#875208: [tora] Future Qt4 removal from Buster

[Scott Kitterman]

On Fri, 09 Aug 2019 13:15:21 -0400 Scott Kitterman  
wrote:
> On Sat, 9 Sep 2017 23:11:23 +0200 Lisandro =?iso-8859-1?Q?
> Dami=E1n_Nicanor_P=E9rez?= Meyer  wrote:
> > Source: tora
> > Version: 2.1.3-3
> > Severity: wishlist
> > User: debian-qt-...@lists.debian.org
> > Usertags: qt4-removal
> > 
> > 
> > Hi! As you might know we the Qt/KDE team are preparing to remove Qt4
> > as [announced] in:
> > 
> > [announced]  msg6.html>
> > 
> > Currently Qt4 has been dead upstream and we are starting to have problems
> > maintaining it, like for example in the [OpenSSL 1.1 support] case.
> > 
> > [OpenSSL 1.1 support]  bug=828522>
> > 
> > In order to make this move, all packages directly or indirectly depending 
on
> > the Qt4 libraries have to either get ported to Qt5 or eventually get
> > removed from the Debian repositories.
> 
> There is a Qt5 version available upstream (has been for several years).  
This 
> is one of the last two packages requirement Qscintilla2 for Qt4 and I would 
> appreciate it if the maintainer would either update it or indicate they 
aren't 
> going to so it can be removed.

It's now the last one, so if I don't hear back soon that someone intends to 
upgrade this to Qt5, I'll file for the rm.

Scott K

Bug#935205: add systemd mount file to mount shared folders (vmhgfs-fuse)

[Bernd Zeimetz]

Hi Oliver,

what you are proposing is not an option.
- we don't want to have fuse mounts or hgfs on server vms
- using subfolders of /mnt for general use and permanently is forbidden anyway.

Adding an automount service to the desktop package might be acceptable, but 
only if it is not in /mnt. That is reserved for rescuing filesystems and 
similar things.

Best regards,

Bernd

Am 21. August 2019 02:50:42 MESZ schrieb Oliver Kurth :
>Package: open-vm-tools
>Version: 2:10.3.10-2
>
>Currently, when "shared folders" is enabled in VMware Workstation or
>Fusion while the VM is running, the mount point will be created and
>mounted. This works by sending an RPC from WS / Fusion to vmtoolsd in
>the VM. But this does not persist on a reboot, and does not happen when
>the VM is powered off. Attached is a patch for the debian files that
>adds a systemd mount file that mounts /mnt/hgfs with the same options
>that are used by vmtoolsd to mount the shared folders. It also moves
>the loading of the fuse module to the base package since vmhgfs uses
>fuse.
>
>Thanks,
>Oliver

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

Bug#935239: RM: syncevolution -- RoQA; Obsolet libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935238: RM: kvpnc -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935233: RM: kprinter4 -- RoQA; Obsolet libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

No longer needed for KDE4.

Scott K

Bug#935236: RM: kremotecontrol -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935237: RM: kscd -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935234: RM: kradio4 -- RoQA; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935235: RM: kredentials -- RoQA; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal


Not ported to Qt5.

Scott K

Bug#935231: RM: kpartsplugin -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

No longer needed for Qt4.

Scott K

Bug#935232: RM: kppp -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

No longer used, not ported to Qt5.

Scott K

Bug#935229: RM: knutclient -- RoQA; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935228: RM: kmldonkey -- RoQA; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935230: RM: kover -- RoQA; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935227: RM: kmetronome -- RoQA; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935225: RM: kdesrc-build -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935226: RM: kfilemetadata -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935224: RM: kdbg -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

No longer needed for KDE4.

Scott K

Bug#935223: RM: kcollectd -- ROM; Obsolet libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935221: RM: kamerka -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#935222: RM: kate4 -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

No longer needed for KDE4.

Scott K

Bug#935219: RM: kactivities -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not needed for KDE4 anymore.

Scott K

Bug#935220: RM: kalternatives -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

No longer needed for KDE4.

Scott K

Bug#935218: RM: kaccessible -- ROM; Obsolete libs - Qt4 removal

[Scott Kitterman]

Package: ftp.debian.org
Severity: normal

Not ported to Qt5.

Scott K

Bug#931325: manpages-dev: io_cancel can fail with EINTR

[Marc Lehmann]

On Tue, Aug 20, 2019 at 08:53:21AM +0200, "Michael Kerrisk (man-pages)" 
 wrote:
> On 7/1/19 10:34 PM, Marc Lehmann wrote:
> > Package: manpages-dev
> > Version: 4.16-2
> > Severity: minor
> > 
> > Dear Maintainer,
> > 
> > I found that, at least with debians 4.19 kernel, io_cancel can fail with
> > EINTR on signal delivery, which should be documented as per similar calls.
> 
> Can you provide some more info on the circumstances where you observed
> this behavior please.

Well, while developing the aio backend for libev, but the details are lost
to my meory by now. I do remember having looked at the kernel code at the
time to see why it would block, because I didn't expect it to.

Also, what more detail than "signal delivery can cause EINTR" do you have
on your mind? This cause of EINTR seems pretty standard to me (signal
received while in interuptible wait - EINTR) - the only question to me
would be whether io_cancel does interruptible waits, which isn't clear
from the documentation, and would device whether it can result in EINTR or
not.

-- 
The choice of a   Deliantra, the free code+content MORPG
  -==- _GNU_  http://www.deliantra.net
  ==-- _   generation
  ---==---(_)__  __   __  Marc Lehmann
  --==---/ / _ \/ // /\ \/ /  schm...@schmorp.de
  -=/_/_//_/\_,_/ /_/\_\

Bug#935217: buildd.debian.org: Giveback service complains about version mismatch

[Guillem Jover]

Package: buildd.debian.org

Hi!

Just tried the new giveback service (which looks great, thanks!) for
attr on sh4, and I got this error message:

  URL:https://buildd.debian.org/auth/giveback.cgi?pkg=attr&suite=sid&arch=sh4
  ,---
  You are authenticated as guillem. ✓
  Working on package attr, suite sid and architecture sh4. ✓
  Package version 1 in state Build-Attempted, can be given back. ✓
  Error when executing wanna-build command:attr: version mismatch (1:2.4.48-4 
by buildd_sh4-sh4-gandi-02)

  ✗
  `---

Thanks,
Guillem

Bug#935216: linux-image-amd64: touchpad not working after resume in kernel 4.19.0-5 / Debian 10

[luco]

Package: linux-image-amd64
Version: 4.19+105
Severity: important
Tags: newcomer

Dear Maintainer,


   * What led up to the situation?
Sometimes randomly and everytime after suspend, touchpad stops working on
ThinkPad-Helix with the selected kernel.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
adding the following kernel parameter seems to solve the problem:
psmouse.synaptics_intertouch=0
   * What was the outcome of this action?
touchpad stops working.
dmsesg output:  rmi4_physical rmi4-00: Failed to read irqs, code=-6
   * What outcome did you expect instead?
working touchpad like in Debian 9 / Kernel 4.9



-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_AR:es (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-amd64 depends on:
ii  linux-image-4.19.0-5-amd64  4.19.37-5+deb10u2

linux-image-amd64 recommends no packages.

linux-image-amd64 suggests no packages.

-- no debconf information

Bug#886999: libreoffice-writer: Crashes when I switch page margins size

[Dean Chia]

Package: libreoffice-writer
Version: 1:6.3.0-2
Followup-For: Bug #886999

Dear Maintainer,

I can duplicate the problem whenever I want to change page margins in 
LibreOffice Writer.
1. Go to Format --> Page (or via pressing F11, etc.)
2. In the Page options page, default for me is .79" and if I change to 1", I 
type
   (starting from the left margin box): 1 [tab] 1 [tab] 1 [tab] 1.
3. If I press tab again then the box normalizes and sets margins to 1" all 
around. If I
  press enter, it works. But if I don't press the tab key the 4th time, and my 
cursor/selection
  is still on the last box, and I press enter, then the new margins don't 
"initialize" and instead
  I get a consistent crash.

Thanks!


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreoffice-writer depends on:
ii  libabw-0.1-1   0.1.3-1
ii  libc6  2.28-10
ii  libe-book-0.1-10.1.3-1+b2
ii  libepubgen-0.1-1   0.1.1-1
ii  libetonyek-0.1-1   0.1.9-1
ii  libgcc11:9.2.1-2
ii  libicu63   63.2-2
ii  liblangtag10.6.2-1
ii  libmwaw-0.3-3  0.3.15-2
ii  libodfgen-0.1-10.1.7-1
ii  libreoffice-base-core  1:6.3.0-2
ii  libreoffice-core   1:6.3.0-2
ii  librevenge-0.0-0   0.0.4-6+b1
ii  libstaroffice-0.0-00.0.6-1
ii  libstdc++6 9.2.1-2
ii  libwpd-0.10-10 0.10.3-1
ii  libwpg-0.3-3   0.3.3-1
ii  libwps-0.4-4   0.4.10-1
ii  libxml22.9.4+dfsg1-7+b3
ii  uno-libs3  6.3.0-2
ii  ure6.3.0-2
ii  zlib1g 1:1.2.11.dfsg-1+b1

Versions of packages libreoffice-writer recommends:
ii  libreoffice-math  1:6.3.0-2

Versions of packages libreoffice-writer suggests:
ii  default-jre [java6-runtime] 2:1.11-72
ii  fonts-crosextra-caladea 20130214-2
ii  fonts-crosextra-carlito 20130920-1
ii  libreoffice-base1:6.3.0-2
ii  libreoffice-java-common 1:6.3.0-2
ii  openjdk-10-jre [java6-runtime]  10.0.2+13-2
ii  openjdk-11-jre [java6-runtime]  11.0.4+11-1
ii  openjdk-8-jre [java6-runtime]   8u222-b10-1
ii  openjdk-9-jre [java6-runtime]   9.0.4+12-4

Versions of packages libreoffice-core depends on:
ii  fontconfig  2.13.1-2
ii  fonts-opensymbol2:102.11+LibO6.3.0-2
ii  libboost-date-time1.67.01.67.0-13
ii  libboost-locale1.67.0   1.67.0-13
ii  libc6   2.28-10
ii  libcairo2   1.16.0-4
ii  libclucene-contribs1v5  2.3.3.4+dfsg-1+b1
ii  libclucene-core1v5  2.3.3.4+dfsg-1+b1
ii  libcmis-0.5-5v5 0.5.2-1
ii  libcups22.2.12-1
ii  libcurl3-gnutls 7.65.3-1
ii  libdbus-1-3 1.12.16-1
ii  libdconf1   0.30.1-2
ii  libeot0 0.01-5+b1
ii  libepoxy0   1.5.3-0.1
ii  libexpat1   2.2.7-1
ii  libexttextcat-2.0-0 3.4.5-1
ii  libfontconfig1  2.13.1-2
ii  libfreetype62.9.1-4
ii  libgcc1 1:9.2.1-2
ii  libglib2.0-02.60.6-2
ii  libgpgmepp6 1.12.0-6
ii  libgraphite2-3  1.3.13-8
ii  libgstreamer-plugins-base1.0-0  1.16.0-2
ii  libgstreamer1.0-0   1.16.0-2.1
ii  libharfbuzz-icu02.6.0-1
ii  libharfbuzz0b   2.6.0-1
ii  libhunspell-1.7-0   1.7.0-2+b1
ii  libhyphen0  2.8.8-7
ii  libice6 2:1.0.9-2
ii  libicu6363.2-2
ii  libjpeg62-turbo 1:1.5.2-2+b1
ii  liblcms2-2  2.9-3+b1
ii  libldap-2.4-2   2.4.48+dfsg-1
ii  libmythes-1.2-0 2:1.2.4-3+b1
ii  libneon27-gnutls0.30.2-3
ii  libnspr42:4.21-2
ii  libnss3 2:3.45-1
ii  libnumbertext-1.0-0 1.0.5-1
ii  libodfgen-0.1-1 0.1.7-1
ii  liborcus-0.14-0 0.14.1-6
ii  libpng16-16 1.6.37-1
ii  libpoppler820.71.0-5
ii  librdf0 1.0.17-1.1+b1
ii  libreoffice-common  1:6.3.0-2
ii  librevenge-0.0-00.0.4-6+b1
ii  libsm6  2:1.2.3-1
ii  libstdc++6  9.2.1-2
ii  libx11-62:1.6.7-1
ii  libxext62:1.3.3-1+b2
ii  libxinerama12:1.1.4-2
ii  libxml2 2.9.4+dfsg1-7+b3
ii  

Bug#934590: [Mlt-devel] Bug#934590: libmlt-data: The package became bloated

[Dan Dennedy]

Just a quick update to mention that this change has been committed to git
master for next release, which will come before the end of the year.

On Tue, Aug 13, 2019 at 2:53 PM Горбешко Богдан 
wrote:

> On 13.08.2019 22:22, Dan Dennedy wrote:
> > On Mon, Aug 12, 2019 at 5:27 AM Patrick Matthäi  > > wrote:
> >
> > Am 12.08.2019 um 13:11 schrieb Горбешко Богдан:
> > > Package: libmlt-data
> > > Version: 6.16.0-3
> > > Severity: minor
> > >
> > > Dear Maintainer,
> > >
> > > After the last upgrade, the package became about 230 MBs larger,
> > > because of a lot of large lumas in PGM format, each about 4 MBs. Is
> > > there an important reason to keep them uncompressed on a disk? Even
> > > the fast GZip compression can drastically reduce their size.
> > >
> > Hi Dan,
> >
> > what is your opionion about this? This is the list of the affected
> > files:
> >
> >
> > This was intentional to produce transitions with the correct aspect
> > ratio. The PGM images cannot be simply gzip compressed because the PGM
> > reader in MLT is not integrated with zlib. Instead, the package can
> > use the configure option --luma-compress to output compressed PNG.
> > However, these are 8-bit instead of the 16-bit PGM, which provides
> > better quality transitions. Since these are procedurally-generated, I
> > started working on a change to generate the image on-demand instead of
> > reading a file. I plan to do that for the next release.
> >
> Okay; thanks for explanation!
>
>

-- 
+-DRD-+

Bug#935215: new upstream security fix release

[Joey Hess]

Package: libmodbus5
Version: 3.1.4-2+b1
Severity: normal

Version 3.0.8 fixes at least two security holes, CVE-2019-14463
and CVE-2019-14462.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_USER, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libmodbus5 depends on:
ii  libc6  2.28-10

libmodbus5 recommends no packages.

libmodbus5 suggests no packages.

-- no debconf information

-- 
see shy jo


signature.asc
Description: PGP signature

Bug#935207: cabal-install should depend on the ghc version it supports.

[peterc]

Package: cabal-install
Version: 2.2.0.0-3

Dear Maintainer,
 Debian-packaged ghc is now at 8.6.5; cabal-install contains a
 version of cabal that works only with ghc <= 8.5

 1.  We need a version of cabal-install that works with the
 current packaged ghc
 2.  cabal-install should have a dependency on the actual versions
 supported, so apt doesn't install a later version (of ghc) than
 can be used.

Example current output:
cabal configure --enable-tests --disable-library-vanilla --enable-shared 
--enable-executable-dynamic
Warning: Unknown/unsupported 'ghc' version detected (Cabal 2.2.0.1 supports
'ghc' version < 8.5): /usr/bin/ghc is version 8.6.5



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'oldoldstable'), (500, 'stable'), (500, 
'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf, armel, i386, powerpc, arm64, riscv64

Kernel: Linux 5.2.0-08441-gfec88ab0af97 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cabal-install depends on:
ii  ghc 8.6.5+dfsg1-3
ii  libatomic1  9.2.1-2
ii  libc6   2.28-10
ii  libffi6 3.2.1-9
ii  libgmp102:6.1.2+dfsg-4
ii  zlib1g  1:1.2.11.dfsg-1+b1

Versions of packages cabal-install recommends:
ii  curl  7.65.3-1
ii  wget  1.20.3-1+b1

cabal-install suggests no packages.

-- no debconf information

Bug#935206: RM: lottanzb -- RoQA; dead upstream; not in testing since 1.5years; python2 only; low popcon

[Sandro Tosi]

Package: ftp.debian.org
Severity: normal

Please remove lottanzb

Bug#935205: add systemd mount file to mount shared folders (vmhgfs-fuse)

[Oliver Kurth]

Package: open-vm-tools
Version: 2:10.3.10-2

Currently, when "shared folders" is enabled in VMware Workstation or Fusion 
while the VM is running, the mount point will be created and mounted. This 
works by sending an RPC from WS / Fusion to vmtoolsd in the VM. But this does 
not persist on a reboot, and does not happen when the VM is powered off. 
Attached is a patch for the debian files that adds a systemd mount file that 
mounts /mnt/hgfs with the same options that are used by vmtoolsd to mount the 
shared folders. It also moves the loading of the fuse module to the base 
package since vmhgfs uses fuse.

Thanks,
Oliver


diff --git a/debian/local/mnt-hgfs.mount b/debian/local/mnt-hgfs.mount
new file mode 100644
index ..405cfd41
--- /dev/null
+++ b/debian/local/mnt-hgfs.mount
@@ -0,0 +1,16 @@
+[Unit]
+Description=VMware mount for hgfs
+DefaultDependencies=no
+Before=umount.target
+ConditionVirtualization=vmware
+After=sys-fs-fuse-connections.mount
+
+[Mount]
+What=vmhgfs-fuse
+Where=/mnt/hgfs
+Type=fuse
+Options=nodev,nosuid,allow_other
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/debian/local/open-vm-tools-desktop.conf b/debian/local/open-vm-tools-desktop.conf
index a3b234c2..0833e325 100644
--- a/debian/local/open-vm-tools-desktop.conf
+++ b/debian/local/open-vm-tools-desktop.conf
@@ -1,2 +1 @@
-fuse
 vmwgfx
diff --git a/debian/local/open-vm-tools.conf b/debian/local/open-vm-tools.conf
new file mode 100644
index ..a517c488
--- /dev/null
+++ b/debian/local/open-vm-tools.conf
@@ -0,0 +1 @@
+fuse
diff --git a/debian/rules b/debian/rules
index 62a68cef..a64e41e3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -39,6 +39,9 @@ override_dh_auto_install:
 	install -D -m 0644 debian/local/xautostart.conf debian/open-vm-tools-desktop/etc/vmware-tools/xautostart.conf
 	install -D -m 0644 debian/local/tools.conf debian/open-vm-tools/etc/vmware-tools/tools.conf
 
+	install -D -m 0644 debian/local/mnt-hgfs.mount debian/open-vm-tools/lib/systemd/system/mnt-hgfs.mount
+	install -D -m 0644 debian/local/open-vm-tools.conf debian/open-vm-tools/usr/lib/modules-load.d/open-vm-tools.conf
+
 	install -D -m 0644 debian/local/run-vmblock\\x2dfuse.mount debian/open-vm-tools-desktop/lib/systemd/system/run-vmblock\\x2dfuse.mount
 	install -D -m 0644 debian/local/open-vm-tools-desktop.conf debian/open-vm-tools-desktop/usr/lib/modules-load.d/open-vm-tools-desktop.conf
 
@@ -99,6 +102,7 @@ override_dh_fixperms:
 override_dh_installsystemd:
 	dh_installsystemd -popen-vm-tools
 	dh_installsystemd -popen-vm-tools --name vgauth
+	dh_installsystemd -popen-vm-tools mnt-hgfs.mount
 	dh_installsystemd -popen-vm-tools-desktop --restart-after-upgrade --no-stop-on-upgrade run-vmblock\\x2dfuse.mount
 
 override_dh_installchangelogs:

Bug#930795: unblock: ruby-airbrussh/1.3.2-1

[Samuel Henrique]

Hello Adam,

Thanks for your patience and explanation, here's the debdiff with the
solution I picked,

I backported the fix to 1.3.1-2, the version is 1.3.1-2+deb10u1 and I will
need to wait until 1.3.3-1 hits testing*, which is fine (2 days), to upload
it.

* because the current version in testing is the same as in stable, and the
version in testing needs to be higher/bug fixed in there as well.

Regards,

-- 
Samuel Henrique 


ruby-airbrussh_1.3.1-2+deb10u1.debdiff
Description: Binary data

Bug#934166: Please add lintian warning for systemd system services using default.target

[Chris Lamb]

tags 934166 + moreinfo
thanks

Hi Michael,

(Feel free to remove the moreinfo tag on your reply; I'm merely triaging…)

> > default.target is only an alias and should not be used for that.
> > Instead services should either hook into multi-user.target (for the vast
> > majority this is the right choice) or graphical.target.

Sure thing. Do you think this warrants a separate tag versus "just"
using systemd-service-file-refers-to-obsolete-target?

> Not too many currently, and I could just file bug reports for them. But
> it seems better to check for this automatically.

+1 to this, obviously. Thanks.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-

Bug#934853: please add a lintian warning/error for packages (b-)depending on python or using the unversioned python shebang

[Chris Lamb]

tags 934853 + moreinfo
thanks

Hi Matthias,

> please add an lintian warning/error for packages (b-)depending on python or
> using the unversioned python shebang.

Do we not have these already? eg. dependency-on-python-version-marked-
for-end-of-life and script-uses-unversioned-python-in-shebang etc.?

If not, please split/clone and retitle this bug to suit or, if you
wish for their severity to be raised or other changes, please make
that a little clearer - I'm not sure what the Lintian maintainers' next
actions should be here.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-

Bug#932111: buster-pu: package webkit2gtk/2.24.3-1~deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

This request never reached debian-release, most likely due to the size
of the diff.

On Mon, 2019-07-15 at 13:57 +0300, Alberto Garcia wrote:
> the i386 build of webkit2gtk that went into buster requires an
> SSE2-capable CPU. Because of this, apps that use this library
> (e.g. Zenity or Liferea) can crash.
> 
> A bug was filed for this problem (#930935) but it was too late
> to fix the package for buster, so it was decided to do it in the
> first update. There's a section on the release notes explaining the
> situation and warning affected i386 users to wait until this is
> solved:
[...]
> This upload fixes this problem. Note that I'm also updating the
> package to the most recent stable release (version 2.24.3), published
> two weeks ago. It contains many other fixes including those for two
> other Debian bugs (#929749, #870814). The reason why I'm doing this
> is because that's the same approach that we are going to follow with
> the webkit2gtk security releases.

Please go ahead.

Regards,

Adam

Bug#935196: asciidoctor: Source highlighting does not work any more

[Joseph Herlant]

Control: forwarded -1 https://github.com/asciidoctor/asciidoctor/issues/3394
Control: owner -1 !

Hi Sebastien,

Thanks for your report.
I'm working on a patch with upstream.

Thanks,
Joseph

Bug#934308: buster-pu: package dpdk/18.11.2-2+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

This request never made it to debian-release, most likely due to the
size of the diff.

On Fri, 2019-08-09 at 13:54 +0100, Luca Boccassi wrote:
> We would like to upload a new LTS release version of DPDK to buster.
> We have already done this previously in stretch, and it was approved
> for the 16.11 LTS series [1][2][3], but given this is a new Debian
> release in combination with a new LTS release train I have not yet
> uploaded to p-u and will wait for an explicit ACK. We would like to
> upload new 18.11 LTS versions as they are released upstream to buster
> -
> EOL is projected in November 2020.

What's the plan for after that point?

> As with the 16.11 LTS, the 18.11 LTS point release has only bug
> fixes and no API/ABI changes and has been tested extensively and
> deployed on Debian Buster and more distros, which includes running
> regression tests.

Please go ahead.

Regards,

Adam

Bug#887736: stretch-pu: package openvswitch/2.6.2~pre+git20161223-3

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Fri, 2018-01-19 at 15:21 +0100, Thomas Goirand wrote:
> I started maintaining OpenVSwitch long after the Stretch release, and
> discovered #858418, which is very annoying for OpenVSwitch users.
> 
> tl;dr: #858418 prevent anyone that has a valid
> /etc/network/interfaces
> with OpenVSwitch directive from having a working network at boot. The
> init script uses a non-documented, not-to-be-used systemd internal,
> which is miserably failing.
> 
> After a long discussion with the bug reporter (which can be read on
> the BTS), I came to the conclusion that he's right, and that the most
> reasonable and safe way to fix the current situation is to apply the
> patch he suggested (and which resulting debdiff I attached to this
> bug).

As I understand things, that fix swaps use of one systemd internal for
another, which doesn't seem like a great plan.

When this was discussed (some time ago) on IRC, one of the systemd
maintainers essentially said "don't do that". With apologies for the
delay in doing so, I've CCed the maintainer list to see if we can find
a mutually acceptable solution.

Regards,

Adam

Bug#925251: stretch-pu: package file/1:5.30-1+deb9u2

[Adam D. Barratt]

Control: tags -1 + confirmed

On Thu, 2019-07-18 at 05:07 +0200, Christoph Biedl wrote:
> Adam D. Barratt wrote...
> 
> > Assuming I count correctly, your mail was from approximately 6
> > weeks
> > before the date of the upcoming 9.9 point release.
> 
> This story has a tendency to fall off radar repeatedly. Perhaps we
> can
> eventually find a solution for this in the next days?

I guess we should just get on with it.

FWIW, we're currently about 2.5 weeks from the next point release. I
realise that {c,sh}ould have been longer.

Regards,

Adam

Bug#931968: stretch-pu: package libtk-img/1:1.4.6+dfsg-1+deb9u1 pre-approval

[Adam D. Barratt]

Control; tags -1 -moreinfo +confirmed

On Mon, 2019-07-29 at 10:42 +0300, Sergei Golovan wrote:
> Hi Adam,
> 
> On Fri, Jul 26, 2019 at 10:46 PM Adam D. Barratt
>  wrote:
> > Control: tags -1 + moreinfo
> > 
> > On 2019-07-13 01:26, Sergei Golovan wrote:
> > > I'd like to fix #931422 (see [1]) for stretch (the bug is already
> > > fixed
> > > in unstable, see also #931967 [2]).
> > > 
> > > The diff with the current 1:1.4.6+dfsg-1 is attaced.
> > > 
> > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931422
> > > [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931967
> > 
> > The same question applies here as for the buster update, i.e. what
> > is
> > the practical impact of the change?
> 
> The answer is the same as for bug 931967. From the user point of view
> nothing should be changed. Just some images which now cause a
> segfault when loaded by libtk-img will load just fine.

Thanks. Please go ahead.

Regards,

Adam

Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1

[Adam D. Barratt]

On Tue, 2019-08-20 at 23:38 +0200, Sebastian Andrzej Siewior wrote:
> On 2019-08-20 22:18:28 [+0100], Adam D. Barratt wrote:
> > Indeed, and then we dropped the ball again. :-(
> > 
> > Let's get this going.
> 
> So I upload the here promissed Stretch package

Yep, then we smile sweetly at ftp-master to get it processed from NEW.

> and then open p-u bugs
> for the transition?

Is anything required beyond binNMUs of r-deps?

Regards,

Adam

Bug#887507: stretch-pu: package roundcube/1.2.3+dfsg.1-4+deb9u1

[Adam D. Barratt]

On Mon, 2018-12-03 at 08:15 +0100, Julien Cristau wrote:
> Control: tag -1 + moreinfo
> 
> On Wed, Jan 17, 2018 at 05:04:15PM +0100, Sandro Knauß wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: stretch
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > Hey,
> > 
> > upstream releases only bugfix releases for the 1.2 branch. As they,
> > do not add any new feature IMO it would makes sense to ship the
> > newest
> > 1.2.7 for Debian Stretch users. This is a prepackage request, I
> > havn't
> > packaged 1.2.7 for Debian yet, as I would only put effort into it,
> > if it
> > can enter stretch in principal. What I can present at the current
> > state
> > is a diff of the upstream tarballs (excluded the minified files,
> > cause
> > we create those in the packageing process itself). I don't expect
> > any
> > changes in the debian folder itself, but I would present a complete
> > debdiff, if you approved the general idea of shipping 1.2.7 via pu.
> > 
> Hi Sandro,
> 
> sounds fine to me in theory, please follow up with a tested debdiff
> and
> remove the moreinfo tag.

That was 8 months ago now and there's been no follow up. Is this still
of any interest?

Regards,

Adam

Bug#885069: stretch-pu: package open-iscsi/2.0.874-3~deb9u1

[Adam D. Barratt]

On Fri, 2019-04-26 at 21:42 +0200, Salvatore Bonaccorso wrote:
> Hi Christian,
> 
> On Fri, Nov 09, 2018 at 06:53:07AM +0100, Salvatore Bonaccorso wrote:
> > Hi Christian,
> > 
> > On Sat, Feb 10, 2018 at 10:15:48AM +0100, Julien Cristau wrote:
> > > Control: tag -1 moreinfo
> > > 
> > > On Sat, Dec 23, 2017 at 13:40:43 +0100, Christian Seiler wrote:
[...]
> > > The above makes little sense to me.  We find out the peer uid,
> > > then
> > > instead of just comparing that against 0 we turn it into a struct
> > > passwd
> > > and compare pw_name against "root".  Why?
> > 
> > Did you had any chance to look at Julien's concerns/questions back
> > on
> > this proposed update for stretch?
> 
> Friendly ping :)
> 

If there's no follow-up by the time the 9.10 point release happens
(~2.5 weeks time) then I will close this request.

Regards,

Adam

Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2

[Adam D. Barratt]

On Sun, 2019-03-31 at 15:44 -0400, Roberto C.Sánchez wrote:
> On Sun, Mar 31, 2019 at 08:09:27PM +0100, Adam D. Barratt wrote:
> > On Thu, 2018-11-01 at 21:07 -0400, Roberto C.Sánchez wrote:
> > > On Thu, Nov 01, 2018 at 06:50:53PM +, Adam D. Barratt wrote:
> > > > Control: tags -1 + moreinfo
> > > > 
> > > > On Wed, 2018-10-31 at 23:25 -0400, Roberto C. Sanchez wrote:
> > > > > I have prepared an update for exiv2 in jessie (0.24-
> > > > > 4.1+deb8u2)
> > > > > related to CVE-2018-16336 and also including a minor fix to
> > > > > the
> > > > > previous patch for CVE-2018-10958 and CVE-2018-10999.
> > > > 
> > > > The Security Tracker indicates that CVE-2018-16336 is as-yet
> > > > unfixed in
> > > > unstable; is that correct?
> > > > 
> > > 
> > > Hi Adam,
> > > 
> > > That is correct.  I completely overlooked it.  I will check with
> > > the
> > > maintainers about their plans for unstable.
> > 
> > Was there any progress there? The issue is still marked as
> > affecting
> > unstable in the tracker.
> > 
> No real progress.  I sent a message [0] to the packaging team's
> mailing
> list that same day (1st November).  Salvatore responded a few days
> later, but there was no response after that.
> 
> Regards,
> 
> -Roberto
> 
> [0] 
> https://alioth-lists.debian.net/pipermail/pkg-kde-extras/2018-November/029728.html
> 

Still nothing? We're about to hit 10 months since the initial request.
:-(

Regards,

Adam

Bug#916650: stretch-pu: package liquidsoap/1.1.1-7.2

[Adam D. Barratt]

Control: tags -1 -moreinfo +confirmed

On Sat, 2019-02-09 at 22:05 +0200, Kyle Robbertze wrote:
> On 2019/02/09 16:08, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Sun, 2018-12-16 at 23:58 +0200, Kyle Robbertze wrote:
> > > The current liquidsoap package in stable segfaults imediately on
> > > run.
> > > Details are in bug #812591. The segfault is due to Ocaml version
> > > 4.02
> > > which is present in stable. The fix upstream has been applied
> > > here
> > > (sourced from Ubuntu where it has been working since 17.10). It
> > > is
> > > part of the version currently in buster and unstable.
> > 
> > Apologies for not getting back to you sooner.
> 
> No worries, we all get busy :)

Apparently so. *sigh*

[...]
> > If a package is incompatible with a newer version of Ocaml, is
> > there no
> > way of indicating this via e.g. dependency relationships, or the
> > package somehow indicating which versions of Ocaml it is compatible
> > with? This seems like the sort of thing that could also cause
> > issues
> > with partial upgrades between stable releases.
> 
> With this fix, it is compatible with newer Ocaml versions and the new
> version in buster and unstable are too. As far as I can tell, there
> have
> been no issues with newer versions outside of this. The common
> convention seems to be to declare an un-versioned or minimum version
> dependency on Ocaml and expect it to work with future versions.
> 

OK, I guess we can go with this. Sorry for the delay (again).

Regards,

Adam

Bug#887324: stretch-pu: package python-flask-rdf/0.2.0-1.1~deb9u1

[Adam D. Barratt]

On Mon, 2018-06-25 at 05:17 +0200, Andreas Beckmann wrote:
> Control: tag -1 moreinfo
> 
> On Sun, 14 Jan 2018 23:45:31 +0100 Andreas Beckmann 
> wrote:
> > Let's fix the python3 dependency by rebuilding the package from
> > sid,
> > Depends: [-python3-mimeparse-] {+python3-mimeparse, python3-six,
> > python3:any (>= 3.3.2-2~)+}
> 
> That is not sufficient: #896358, #896385
> 
> ImportError: No module named 'rdflib'

What's the status here?

Regards,

Adam

Bug#883939: smbclient failing to connect with default protocol SMB3_11

[David Sanders]

As an update, I still have this behavior on my stretch machine running 
smbclient version 4.5.16+dfsg-1+deb9u2. However, on an installation of 
buster running smbclient version 4.9.5+dfsg-5, I do not have the bug.


The two installations are not identical however. The stretch machine is 
a server and the buster machine just has smbclient installed.


It may be that "my" bug is different than the originally reported 
problem in any case.


David

Bug#902487: debdiff log

[Adam D. Barratt]

Control: tags -1 + confirmed

Sorry for the delay in getting back to you.

On Wed, 2018-06-27 at 11:45 +0530, Manas Kashyap wrote:
> diff -Nru ruby-encryptor-3.0.0/debian/changelog ruby-encryptor-
> 3.0.0/debian/changelog
> --- ruby-encryptor-3.0.0/debian/changelog   2016-04-06
> 19:23:59.0 +
> +++ ruby-encryptor-3.0.0/debian/changelog   2018-06-26
> 07:14:17.0 +
> @@ -1,3 +1,11 @@
> +ruby-encryptor (3.0.0-1+deb9u1) stretch; urgency=medium
> +
> +  * Team upload
> +  * Ignore test failures (Its only reverse dependency is ruby-attr-
> encrypted
> +which handles this correctly, all of its tests pass) (Closes:
> #880276)
> 

This really doesn't make me happy as a fix, but let's go with it.

Regards,

Adam

Bug#917880: stretch-pu: package kamailio/4.4.4-2+deb9u3

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Mon, 2018-12-31 at 11:22 +0100, Victor Seva wrote:
> version in stable can't be used with TLS enabled due to #902452 with
> severity grave. If user enables TLS kamailio fails to start.
> 

Apologies for the delay in getting back to you.

Is the result of the patch that kamaillo assumes that Kerberos is
always OK with newer OpenSSL versions, or the reverse?

Regards,

Adam

Bug#928556: stretch-pu: package gocode/20150303-3+deb9u2

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2019-05-07 at 05:57 +0200, Andreas Beckmann wrote:
> the last stretch-pu update of gocode caused a regression on
> jessie->stretch updates. If I make the recently added Pre-Depends
> versioned to pull in the version from stretch first, everything seems
> to
> work again as expected.
> 

Hopefully there won't be too many such updates in practice now.

Please go ahead.

Regards,

Adam

Bug#932015: wireguard-dkms: Wireguard dkms module build fails with gcc-8 on arm for 4.19.0-5-armmp-lpae kernel

[Daniel Kahn Gillmor]

On Tue 2019-08-20 22:36:07 +0200, Martin Höfling wrote:
> first of all, my bananapi 2 died and I will replace it, probably with a
> newer arm board.

ouch, sorry to hear that.

> Package: linux-headers-4.19.0-5-armmp-lpae
> Version: 4.19.37-5+deb10u1
>
> Package: linux-headers-4.19.0-5-common
> Version: 4.19.37-5+deb10u1


thanks, that's definitely useful data.

> Oh ok, no mine is much older as it seems. Also the error looks quite
> different from what's described there. As I cannot reproduce it atm, you
> can also close it from my side. I will report back / reopen if it also
> happens with a new board.

i think yours is newer, actually -- 4.19 vs. 4.9 !

I'll close this bug report for now, but please feel free to reopen it if
you can reproduce the problem.

--dkg


signature.asc
Description: PGP signature

Bug#915935: stretch-pu: package zfs-auto-snapshot/1.2.1-1+deb9u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2018-12-08 at 01:07 +0100, Andreas Beckmann wrote:
> Can we backport the changes from unstable that silence the cronjobs
> after package removal? #850776
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Bug#933176: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2019-07-27 at 11:33 +0200, Roland Rosenfeld wrote:
> This fixes CVE-2019-14275 in stretch.  Since this is tagged
> "unimportant" by the security team on
> https://security-tracker.debian.org/tracker/CVE-2019-14275 they won't
> publish a DSA, so I tend to send this into the next point release of
> buster.

stretch. :-)

> Attached you'll find the diff against 3.2.6a-2+deb9u1.
> 

Please go ahead.

Regards,

Adam

Bug#934356: stretch-pu: package mitmproxy/0.18.2-6

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2019-08-10 at 09:27 +0200, Sebastien Delafond wrote:
> Could 0.18.2-6+deb9u1 be included in stretch's next point release ?
> It
> closes #934033, which is an FTBFS on stretch, by blacklisting a
> couple
> #more things from the test suite.
> 

Please go ahead.

Regards,

Adam

Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2019-07-13 at 12:36 +0200, Carsten Leonhardt wrote:
> Control: tags -1 - moreinfo
> 
> Hi,
> 
> attached is a new debdiff, the only change is that I removed some
> cruft
> from the "Origin" field in the patch metadata.
> 
> I've deployed this version on live servers this morning and tested
> them.
> 

Please go ahead; thanks.

Regards,

Adam

Bug#931350: stretch-pu: package fence-agents/4.0.25-1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2019-07-02 at 21:20 +0200, Valentin Vidic wrote:
> I would like to upload a new version of fence-agents to stretch in
> order
> to fix the UTF-8 problem that was recently fixed for buster too.
> debdiff
> of the change is attached.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Bug#929611: Update

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Wed, 2019-06-26 at 14:08 +0200, Xavier wrote:
> Hi all,
> 
> I updated my debdiff due to a little security hole discovered in
> lemonldap-ng 1.9.x

Please go ahead; sorry for the delay.

Regards,

Adam

Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1

[Sebastian Andrzej Siewior]

On 2019-08-20 22:18:28 [+0100], Adam D. Barratt wrote:
> Indeed, and then we dropped the ball again. :-(
> 
> Let's get this going.

So I upload the here promissed Stretch package and then open p-u bugs
for the transition?

> Regards,
> 
> Adam

Sebastian

Bug#930795: unblock: ruby-airbrussh/1.3.2-1

[Adam D. Barratt]

On Tue, 2019-08-20 at 22:22 +0100, Samuel Henrique wrote:
> Hello Adam,
> 
> > It certainly can't be 1.3.2-1+deb10u1, as that version number is
> > higher
> > than the package in unstable. Either one would need to go with
> > 1.3.1-
> > 2+deb10u1 with just the bug fix applied, or 1.3.2-1~deb10u1 with a
> > "backports-style" changelog containing both 1.3.2-1 and then the
> > stable
> > update. In either case we would need a debdiff that reflects the
> > chosen
> > approach.
> > 
> > One thing that will need to be fixed in unstable first either way:
> > 
> > Not built on buildd: arch all binaries uploaded by samueloph
> > 
> > As per the d-d-a announcement, that will need a new source upload
> > to
> > unstable to resolve, as arch:all can't be usefully binNMUed.
> 
> I just uploaded 1.3.3-1 (source-only) to unstable, can I just wait
> until it migrates to testing and then go with "1.3.2-1+deb10u1" ?
> If so, I will remove the "moreinfo" tag when it the package migrates
> to Testing (in 2 days) and we can use the latest debdiff on this
> thread.

That doesn't really make sense as a version here, as it's not a stable
update on top of 1.3.2-1; stable only has 1.3.1-2.

If you really want to go with the complete version rather than just the
specific fix, then either 1.3.2-1~deb10u1 - and therefore with the
original 1.3.2-1 changelog with a "backports style" entry on top - or
1.3.2-0+deb10u1.

Regards,

Adam

Bug#935135: ssh-add: loads key with wrong key comment, impairing key management

[Thorsten Glaser]

Timo WeingДrtner dixit:

>If
>
>$ file .ssh/id_pvt
>
>shows "OpenSSH private key" (instead of "PEM RSA private key") try:

Oh, indeed, it does.

tglase@tglase-nb:~ $ file .ssh/id_!(*.*)
.ssh/id_maven: PEM RSA private key
.ssh/id_pvt:   OpenSSH private key
.ssh/id_rsa:   PEM RSA private key

>$ ssh-keygen -c -C id_pvt -f .ssh/id_pvt
>
>to change the embedded comment. The new private key storage format
>contains an own comment.

Didn’t even know they had a new private key format… which is very
opaque…

… this worked, but the key comment for the PEM keys is also
completely ignored, and they’re listed with pathname instead.

This is weird.

bye,
//mirabilos
-- 
22:20⎜ The crazy that persists in his craziness becomes a master
22:21⎜ And the distance between the craziness and geniality is
only measured by the success 18:35⎜ "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Bug#931921: clutter's autopkgtests hang when ran with a libglib2.0-0 built with gcc-9

[Simon McVittie]

Control: reassign -1 clutter-1.0-tests
Control: severity -1 serious

We were trying so hard to solve this in either gcc-9 or libglib2.0-0
that we didn't consider whether it could be a clutter bug. (It is.)

On Fri, 12 Jul 2019 at 11:16:53 +0100, Iain Lane wrote:
> Here's the bit of code.
> 
>   
> https://sources.debian.org/src/clutter-1.0/1.26.2+dfsg-10/tests/conform/actor-offscreen-redirect.c/#L172
> 
> It's adding some stuff to a main loop and expecting it to finish when a
> particular signal handler is called.
...
> Things which make it work again
> 
>   - Building glib2.0 w/gcc-9 -O1 (and -O0)
>   - Building w/gcc-8

This appears to have been because building gtestutils.c with different
optimizations results in different junk being left on the stack afterwards.
When running the clutter test under valgrind, we get:

# Start of actor tests
# Start of offscreen tests
==13864== Conditional jump or move depends on uninitialised value(s)
==13864==at 0x10AD7C: actor_offscreen_redirect 
(actor-offscreen-redirect.c:331)
==13864==by 0x10AD7C: actor_offscreen_redirect 
(actor-offscreen-redirect.c:299)
==13864==by 0x492F889: clutter_test_func_wrapper (clutter-test-utils.c:138)
==13864==by 0x4B6F3BD: ??? (in 
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6000.6)

This is the variable 'data' here:

> static void
> actor_offscreen_redirect (void)
> {
>   Data data;
>
>   ... data.was_painted is never initialized ...
>
>   while (!data.was_painted)
> g_main_context_iteration (NULL, FALSE);
> }

It seems that data.was_painted was intended to be initialized to FALSE
(all-zeroes), but this never actually happened.

If the uninitialized value of data.was_painted happens to be nonzero,
this results in basically the entire test being skipped - we never enter
the main loop, and never have the opportunity for the test to hang while
waiting for a paint signal that will never happen.

Adding some debug code to hexdump the contents of the data struct reveals
that gcc-9 -O1, or gcc-9 -O2 with -fno-tree-pre, fairly reliably fills
data.was_painted with a nonzero value, so most of the test is effectively
never run. gcc-9 -O2 fills it with zeroes, so the test runs. The paint
signal never happens (at least in my testing) and the test hangs.

The attached is probably a good starting point for someone who has some
sort of understanding of Clutter to start to investigate this.

smcv
diff --git a/tests/conform/actor-offscreen-redirect.c b/tests/conform/actor-offscreen-redirect.c
index f47af3617..44b2e43c6 100644
--- a/tests/conform/actor-offscreen-redirect.c
+++ b/tests/conform/actor-offscreen-redirect.c
@@ -150,25 +150,37 @@ verify_results (Data *data,
   g_free (pixel);
 }
 
+static void
+paint_handler_cb (GMainLoop *main_loop,
+  gpointer nil)
+{
+  g_debug ("in paint_handler_cb");
+  g_main_loop_quit (main_loop);
+}
+
 static void
 verify_redraw (Data *data, int expected_paint_count)
 {
   GMainLoop *main_loop = g_main_loop_new (NULL, TRUE);
   guint paint_handler;
 
+  g_debug ("in verify_redraw");
+
   paint_handler = g_signal_connect_data (data->stage,
  "paint",
- G_CALLBACK (g_main_loop_quit),
+ G_CALLBACK (paint_handler_cb),
  main_loop,
  NULL,
  G_CONNECT_SWAPPED | G_CONNECT_AFTER);
 
   /* Queue a redraw on the stage */
+  g_debug ("queueing redraw");
   clutter_actor_queue_redraw (data->stage);
 
   data->foo_actor->paint_count = 0;
 
   /* Wait for it to paint */
+  g_debug ("running main loop");
   g_main_loop_run (main_loop);
 
   g_signal_handler_disconnect (data->stage, paint_handler);
@@ -181,6 +193,8 @@ run_verify (gpointer user_data)
 {
   Data *data = user_data;
 
+  g_debug ("in run_verify");
+
   group_has_overlaps = FALSE;
 
   /* By default the actor shouldn't be redirected so the redraw should
@@ -298,7 +312,7 @@ run_verify (gpointer user_data)
 static void
 actor_offscreen_redirect (void)
 {
-  Data data;
+  Data data = {};
 
   if (!cogl_features_available (COGL_FEATURE_OFFSCREEN))
 return;

Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7? -7~deb10+1?

[Thorsten Glaser]

Adam D. Barratt dixit:

>Please go ahead; sorry for the delay.

Done, thanks!

bye,
//mirabilos
-- 
> Hi, does anyone sell openbsd stickers by themselves and not packaged
> with other products?
No, the only way I've seen them sold is for $40 with a free OpenBSD CD.
-- Haroon Khalid and Steve Shockley in gmane.os.openbsd.misc

Bug#934628: bootlogd(8) man page: incorrect SEE ALSO section

[Thorsten Glaser]

On Tue, 20 Aug 2019, Vincent Lefevre wrote:

> In this line, everything is in bold except "(8)," and "(3),".
> I think that the mistake is that "(1)." should not be in bold.

Not using the mdoc macropackage (cf. e.g. the mksh(1) manpage)
is a mistake and the one I guess causing the issues you see.

bye,
//mirabilos
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”  (#nosec)‣‣‣ Please let MySQL and MariaDB finally die!

Bug#932251: buster-pu: package spl-linux/0.7.12-2+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Wed, 2019-07-17 at 07:06 +, Aron Xu wrote:
> On Wed, Jul 17, 2019 at 01:41:12AM +, Aron Xu wrote:
> > We would like to apply a single-line patch in addition to spl-
> > linux/0.7.12-2
> > which fixes a deadlock[1], please see the changes in debdiff.
> > 
> > [1]
> > https://github.com/zfsonlinux/spl/commit/cb4464f1549087794fdbe0f5ad2328618de2033e
> > 

Please go ahead.

Regards,

Adam

Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2019-05-18 at 23:41 +0200, Sebastian Andrzej Siewior wrote:
> On 2019-03-27 19:43:13 [+], Adam D. Barratt wrote:
> > Sure. To make things easier to keep track of (at least for me),
> > could
> > you open a new bug for the 0.100.3 update, and we'll keep using
> > this
> > one for the effective transition.
> 
> Please find attach a debdiff between 0.100.3 (current Stretch) and
> 0.101.2 (Buster and proposed Stretch).
> The package is unchanged since I created the bug. I have no idea who
> is
> waiting here for whom but I *think* the stable team waited for an
> update. In case it is not, I am back to patience mode :)

Indeed, and then we dropped the ball again. :-(

Let's get this going.

Regards,

Adam

Bug#931282: unblock: s-nail/14.9.11-3

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Mon, 2019-07-01 at 10:49 +0200, Paride Legovini wrote:
> Paul Gevers wrote on 30/06/2019:
> 
> > Hi Paride,
> > 
> > On 30-06-2019 14:55, Paride Legovini wrote:
> > > Please unblock package s-nail. Version 14.9.11-3 contains a
> > > targeted fix for
> > > #930691 I've got from upstream. The debdiff between -2 and -3 is
> > > attached.
> > 
> > The time for unblocks for buster has come and gone. The deadline
> > was
> > last Tuesday, we are now in deep freeze. If you consider the bug
> > severe
> > enough (please fix the bug metadata if you do) you can consider a
> > stable
> > release update targeting buster (I have updated this bugs
> > metadata),
> > such that this can be fixed in the first point release.
> 
> Thanks Paul,
> 
> I'll call this a off-by-one-week error. I am sorry. At least I know
> that
> when I've got the patch for #930691 it was already too late for an
> unblock.
> 
> I reviewed the policy for stable release updates; while definitely a
> deal breaker for some users I'm not sure #930691 qualifies as "a
> truly
> critical functionality problem". Affected users are those using the
> GSSAPI + Kerberos authentication.
> 
> What's the take of the stable release team here?

Sorry for the delay in getting back to you.

This looks like it would be OK for stable, but we would need a debdiff
of a package built and tested on stable (and appropriately versioned),
please.

Regards,

Adam

Bug#930795: unblock: ruby-airbrussh/1.3.2-1

[Samuel Henrique]

Hello Adam,

It certainly can't be 1.3.2-1+deb10u1, as that version number is higher
> than the package in unstable. Either one would need to go with 1.3.1-
> 2+deb10u1 with just the bug fix applied, or 1.3.2-1~deb10u1 with a
> "backports-style" changelog containing both 1.3.2-1 and then the stable
> update. In either case we would need a debdiff that reflects the chosen
> approach.
>
> One thing that will need to be fixed in unstable first either way:
>
> Not built on buildd: arch all binaries uploaded by samueloph
>
> As per the d-d-a announcement, that will need a new source upload to
> unstable to resolve, as arch:all can't be usefully binNMUed.
>

I just uploaded 1.3.3-1 (source-only) to unstable, can I just wait until it
migrates to testing and then go with "1.3.2-1+deb10u1" ?
If so, I will remove the "moreinfo" tag when it the package migrates to
Testing (in 2 days) and we can use the latest debdiff on this thread.

Thanks,

-- 
Samuel Henrique 

Bug#919694: elogind triggers ACPI suspend on laptop lid close, contrary to prior acpi-support configuration

[Thorsten Glaser]

Package: elogind
Version: 241.3-1+debian1
Followup-For: Bug #919694

Mark Hindley wrote:

>I think you might need
>
>HandleLidSwitch=lock
>
>in /etc/elogind/logind.conf for that behaviour.

I’ve made a few adjustments following that suggestion (see
below), dist-upgraded sid to ensure I’ve got the latest
version of everything, rebooted (there was a new kernel to
update to anyway), and… still no lock for both console and
X11 sessions.

Running xlock -mode blank manually works, so this is a
regression from when I only had the ACPI stuff installed.

In case it’s relevant, X11 is ran by “exec startx” after
logging in.

-- System Information:
Debian Release: bullseye/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages elogind depends on:
ii  dbus 1.12.16-1
ii  debconf  1.5.73
ii  libacl1  2.2.53-4
ii  libc62.28-10
ii  libcap2  1:2.25-2
ii  libelogind0  241.3-1+debian1
ii  libselinux1  2.9-2+b2
ii  libudev1 241-7
ii  lsb-base 11.1.0

Versions of packages elogind recommends:
ii  policykit-1  0.105-26

elogind suggests no packages.

-- Configuration Files:
/etc/elogind/logind.conf changed:
[Login]
HandlePowerKey=poweroff
HandleLidSwitch=lock
HandleLidSwitchExternalPower=lock
HandleLidSwitchDocked=lock
[Sleep]


-- no debconf information

Bug#935204: go2: uninstalling go2 breaks "bash cd"

[Oliver Grimm]

Package: go2
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

uninstalling "go2" via "apt remove" forgets to correctly removing a "cd alias"
in ~/.bashrc. Therefore, using "cd" in a terminal points to a nonexisting alias
after uninstalling go2. Uncommenting the "cd alias" to go2 in ~/.bashrc by hand
fixes the issue.



-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#934628: bootlogd(8) man page: incorrect SEE ALSO section

[Vincent Lefevre]

On 2019-08-20 16:05:10 +, Dmitry Bogatov wrote:
> [2019-08-12 17:31] Vincent Lefevre 
> > SEE ALSO
> >dmesg(8),fdatasync(3),readbootlog(1).
> >
> > Spaces are missing
> 
> Bug. Will fix.
> 
> > and coloring is inconsistent.
> 
> Fail to see. What exactly wrong with colors?

Actually, that's boldness, I think (as I render the bold attribute
with a special color).

In this line, everything is in bold except "(8)," and "(3),".
I think that the mistake is that "(1)." should not be in bold.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#830726: xtrlock: CVE-2016-10894: xtrlock does not block multitouch events

[Chris Lamb]

Hi Antoine,

> Thanks for writing the patch! I tested it on
> . For some reason it didn't
> apply cleanly to debian/rules

Mea culpa; there was another upload in the meantime that I somehow did
not spot. I have now correctly subscribed to this package in the
tracker so this shouldn't occur again.

> Of course the patch is already a big improvement, but do you have any
> idea about how to address this problem with new devices being plugged in
> while xtrlock is running?

I've been working on an updated patch that detects new devices and
blocks them too. However, "grabbing" devices during the processing of
these "device hierarchy changed" events appears to do something funny
and actually disables all input entirely for me at the moment
requiring me to restart my X session. I'm obviously doing something
wrong and I'll have another run at it ASAP.
  

Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-

Bug#935137:

[Samuel Henrique]

Hello,

> I forgot to add the patch to d/series, you'll find the updated debdiff
> > attached.
>
> Please go ahead.
>

acme-tiny_4.0.4-1+deb10u1_source.changes ACCEPTED into
proposed-updates->stable-new

-- 
Samuel Henrique 

Bug#934300: buster-pu: package apt/1.8.3~deb10u1

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Fri, 2019-08-09 at 11:50 +0200, Julian Andres Klode wrote:
> I just uploaded 1.8.3 to unstable which includes a fix for HTTPS
> proxying - when using the CONNECT method, we were sending the proxy's
> host name in the Host header, where we should have sent the
> destination
> host name.
> 
> This breaks ACLs on proxies that filter on that field and might thus
> prevent access to HTTPS repositories over such proxies.
> 

+apt (1.8.3) unstable; urgency=medium

Please provide a debdiff for the proposed buster upload, as built and
tested there.

Regards,

Adam

Bug#933754: buster-pu: package mariadb-10.3 10.3.17-0+deb9u1

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Thu, 2019-08-08 at 19:23 +0200, Moritz Mühlenhoff wrote:
> On Fri, Aug 02, 2019 at 10:48:53PM +0100, Otto Kekäläinen wrote:
> > MariaDB 10.3.17 includes security fixes and a few bug fixes
> > appropriate for a stable release.
> > 
> > This bug report is intentionally void of the debdiff as I might
> > still
> > amend something, or the severity of the security issues might
> > change
> > on further investigation.
> > 
> > See buster branch at 
> > https://salsa.debian.org/mariadb-team/mariadb-10.3/
> > 
> > 
> > Changelog:
> > 
> > mariadb-10.3 (1:10.3.17-0+deb9u1) buster; urgency=high
> 
> Should rather be +deb10u1, Buster is the tenth stable release.

Indeed. However, as Otto said, there isn't a finalised diff included
for checking.

Regards,

Adam

Bug#935203: tomcat9: systemd configuration fails to allow tomcat to write to it's own directory

[Kit Haines]

Package: tomcat9
Version: 9.0.16-4~bpo9+1
Severity: normal

Dear Maintainer,

I'm trying to install tomcat9, and run it as a service.  After purging
and reinstalling, tomcat9 fails to start.  I had expected it to start.

`root@gelfly:/var/lib/tomcat9# service tomcat9 restart
Job for tomcat9.service failed because the control process exited with error 
code.
See "systemctl status tomcat9.service" and "journalctl -xe" for details.`

I expected the prompt to simply return, and tomcat9 to be running.

I editted: `/etc/systemd/system/multi-user.target.wants/tomcat9.service`
to add the following two lines:
`ReadWritePaths=/etc/tomcat9/
ReadWritePaths=/var/lib/tomcat9/`

When I then ran

`root@gelfly:/var/lib/tomcat9/conf# systemctl daemon-reload
root@gelfly:/var/lib/tomcat9/conf# service tomcat9 restart
root@gelfly:/var/lib/tomcat9/conf#`

The service started.

-- System Information:
Debian Release: 9.9
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tomcat9 depends on:
ii  lsb-base9.20161125
ii  systemd 232-25+deb9u11
ii  tomcat9-common  9.0.16-4~bpo9+1
ii  ucf 3.0036

Versions of packages tomcat9 recommends:
pn  libtcnative-1  

Versions of packages tomcat9 suggests:
pn  tomcat9-admin 
ii  tomcat9-docs  9.0.16-4~bpo9+1
ii  tomcat9-examples  9.0.16-4~bpo9+1
pn  tomcat9-user  

-- Configuration Files:
/etc/tomcat9/policy.d/01system.policy [Errno 13] Permission denied: 
'/etc/tomcat9/policy.d/01system.policy'
/etc/tomcat9/policy.d/02debian.policy [Errno 13] Permission denied: 
'/etc/tomcat9/policy.d/02debian.policy'
/etc/tomcat9/policy.d/03catalina.policy [Errno 13] Permission denied: 
'/etc/tomcat9/policy.d/03catalina.policy'
/etc/tomcat9/policy.d/04webapps.policy [Errno 13] Permission denied: 
'/etc/tomcat9/policy.d/04webapps.policy'
/etc/tomcat9/policy.d/50local.policy [Errno 13] Permission denied: 
'/etc/tomcat9/policy.d/50local.policy'

-- no debconf information

Bug#933769: buster-pu: package erlang-p1-pkix/1.0.0-3+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2019-08-16 at 11:03 +0200, Philipp Huebner wrote:
> Control: tags -1 - moreinfo
> 
> > Thanks for looking at fixing this is stable. The unstable upload is
> > a
> > pre-requisite to that, so tagging accordingly - please remove the
> > "moreinfo" tag once the fix is in unstable.
> 
> It is now.
> 

Thanks. Please go ahead.

Regards,

Adam

Bug#935200: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2019-08-20 at 22:37 +0200, Bernhard Schmidt wrote:
> I'd like to update asterisk with a fix for two minor CVEs that have
> been deemed
> no-dsa. Exactly the same change (apart from the d/gbp.conf update for
> the
> Buster branch) has been uploaded to sid as -2 and migrated to testing
> a month
> ago.
> 

Please go ahead.

Regards,

Adam

Bug#935165: buster-pu: package newsboat/2.13-1+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2019-08-20 at 13:33 +0300, Nikos Tsipinakis wrote:
> I'd like to patch a use-after-free bug in newsboat. It was reported
> in debian
> in #898559[1] and fixed upstream[2]. While I haven't been able to
> reproduce a
> crash with it it's clear that it's there and I have received feedback
> that it
> indeed fixes the linked issue.
> 

Please go ahead.

Regards,

Adam

Bug#934934: buster-pu: package piuparts/1.0.0+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2019-08-16 at 22:33 +0200, Holger Levsen wrote:
> We'd like to update piuparts with the following changes in buster,
> fixing a
> bunch of rather important bugs (as well as one trivial wishlist bug
> and a 
> trivial normal bug), including one for buster=stable (which missed
> the buster
> relase because 1.0.1 was not accepted).
> 

Please go ahead.

Regards,

Adam

Bug#933911: buster-pu: package pulseaudio

[Adam D. Barratt]

Control: tags -1 + confirmed

On Thu, 2019-08-15 at 11:28 -0400, Felipe Sateler wrote:
> Control: tags -1 -moreinfo
> 
> On Sun, Aug 11, 2019 at 9:53 AM Jonathan Wiltshire 
> wrote:
> > Control: tag -1 moreinfo
> > 
> > Hi,
> > 
> > On Sun, Aug 04, 2019 at 09:31:37PM -0400, Felipe Sateler wrote:
[...]
> > > There is a bug affecting pulseaudio users: #913102. This bug
> > causes the
> > > mute state to be incorrectly restored. Some users have asked for
> > the fix
> > > (which is now on unstable), to be backported to buster given that
> > GDM is
> > > affected by this bug. The upstream patch fixing this issue is
> > very
> > > small[1].

Please go ahead; thanks.

Regards,

Adam

Bug#933839: buster-pu: package resource-agents/1:4.2.0-2+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sun, 2019-08-04 at 11:08 +0200, Valentin Vidic wrote:
>  * ethmonitor: does not list interfaces without assigned IP address
>  * ZFS: monitoring action broken by a bashism bug
>  * Xen: toolstack detection generates warnings in the logs
> 

Please go ahead.

Regards,

Adm

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Thu, 2019-08-08 at 21:33 +0200, Hugo Lefeuvre wrote:
> Hi Salvatore,
> 
> > > Done! You can find an updated debdiff for buster in attachement.
> > > The new
> > > debdiff ships CVE-2019-5058.patch which addresses the remaining
> > > issue in
> > > IMG_xcf.c.
> > 
> > Is the attachment missing?
> 
> Right, attachment is missing! Better now :)
> 

Please go ahead; thanks.

Regards,

Adam

Bug#933125: systemd 241-7~deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 933125 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: systemd
Version: 241-7~deb10u1

Explanation: network: Fix failure to bring up interface with Linux kernel 5.2; 
ask-password: Prevent buffer overflow when reading from keyring; network: 
Behave more gracefully when IPv6 has been disabled

Bug#933636: CVE-2019-14934

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Tue, 2019-08-13 at 23:29 -0700, Francois Marier wrote:
> There is now an additional CVE that affects pdfresurrect in buster
> and
> stretch:
> 
>   https://security-tracker.debian.org/tracker/CVE-2019-14934
> 
> Neither this one or CVE-2019-14267 are deemed worthy of a DSA
> however.
> 
> If you approve the first upload I have prepared for buster and
> stretch, I
> will revise it to include the fix for this second CVE, but I will
> wait for
> your initial approval before putting any more work into this.

It looks OK to me. Tagging moreinfo until there's a final diff.

Regards,

Adam

Bug#933175: buster-pu: package fig2dev/1:3.2.7a-5

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2019-07-27 at 11:30 +0200, Roland Rosenfeld wrote:
> This fixes CVE-2019-14275 in buster.  Since this is tagged
> "unimportant" by the security team on
> https://security-tracker.debian.org/tracker/CVE-2019-14275 they won't
> publish a DSA, so I tend to send this into the next point release of
> buster.
> 
> Attached you'll find the diff agains 3.2.7a-5.  The patch is a little
> longer, because I included the test code to check for this
> vulnerability and code for the salsa CI pipeline.

Please go ahead.

Regards,

Adam

Bug#933369: buster-pu: package dma/0.11-1+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Mon, 2019-07-29 at 21:13 +0200, Laurent Bigonville wrote:
> dma currently use the TLSv1_client_method() function that means that
> it
> only support TLS 1.0 which is considered deprecated (and forbidden by
> PCI certification).
> 
> For what I can read, major providers are planning to remove support
> for
> TLS 1.0 and TLS 1.1 current 2020.
> 
> The attached patches (cherry-picked from upstream) are switching to
> the
> "version-flexible" function (TLS_client_method())
> 

Please go ahead.

Regards,

Adam