Bug#956845: scilab builds OK with FreeHEP 2.4

2020-05-01 Thread merkys 
Hello,

scilab 6.1.0 builds fine with FreeHEP 2.4. So if it's really OK to drop
geogebra, FreeHEP could be upgraded.

Best,
Andrius

Bug#959410: jinja2 breaks oca-core autopkgtest: The server encountered an internal error and was unable to complete your request

2020-05-01 Thread Paul Gevers 
Source: jinja2, oca-core
Control: found -1 jinja2/2.11.1-1
Control: found -1 oca-core/11.0.20180730-1
Severity: serious
Tags: sid bullseye
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of jinja2 the autopkgtest of oca-core fails in
testing when that autopkgtest is run with the binary packages of jinja2
from unstable. It passes when run with only packages from testing. In
tabular form:

   passfail
jinja2 from testing2.11.1-1
oca-core   from testing11.0.20180730-1
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration of jinja2 to testing
[1]. Due to the nature of this issue, I filed this bug report against
both packages. Can you please investigate the situation and reassign the
bug to the right package?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=jinja2

https://ci.debian.net/data/autopkgtest/testing/amd64/o/oca-core/5233451/log.gz

autopkgtest [05:12:03]: test basic-tests: [---
● oca-core.service - Odoo's Community Association Open Source ERP and CRM
 Loaded: loaded (/lib/systemd/system/oca-core.service; enabled;
vendor preset: enabled)
 Active: active (running) since Fri 2020-05-01 05:12:04 UTC; 10ms ago
   Main PID: 7301 (odoo)
  Tasks: 1 (limit: 4915)
 Memory: 1008.0K
 CGroup: /system.slice/oca-core.service
 └─7301 /usr/bin/python3 /usr/bin/odoo --config
/etc/odoo/odoo.conf --logfile /var/log/odoo/odoo-server.log

May 01 05:12:04 ci-122-22d8115e systemd[1]: Started Odoo's Community
Association Open Source ERP and CRM.
Try #1 to fetch http://localhost:8069/web
ERROR: Odoo is not up and running :-(
Output of curl -L http://localhost:8069/web:

500 Internal Server Error
Internal Server Error
The server encountered an internal error and was unable to complete
your request. Either the server is overloaded or there is an error in
the application.
autopkgtest [05:12:09]: test basic-tests: ---]



signature.asc
Description: OpenPGP digital signature

Bug#958951: Reopen first itp

2020-05-01 Thread Andreas Tille 
Control: reopen -1

The competing ITP 958956 was closed by somebody else so restore the first one

Bug#959409: pbcopper breaks pbbam (autopkgtest): libpbcopper.so.1.3.0: cannot open shared object file: No such file or directory

2020-05-01 Thread Paul Gevers 
Source: pbcopper, pbbam
Control: found -1 pbcopper/1.4.0+dfsg-1
Control: found -1 pbbam/1.0.6+dfsg-2
Severity: serious
Tags: sid bullseye
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of pbcopper the autopkgtest of pbbam fails in
testing when that autopkgtest is run with the binary packages of
pbcopper from unstable. It passes when run with only packages from
testing. In tabular form:

   passfail
pbcopper   from testing1.4.0+dfsg-1
pbbam  from testing1.0.6+dfsg-2
all others from testingfrom testing

I copied some of the output at the bottom of this report. To be honest,
this looks a bit messy. 1) libpbcopper.so.1.4.0 is shipped by a package
called libpbcopper1.3.0 (this may be correct, but very confusing; didn't
investigate further). 2) pbmerge is opening libpbcopper.so.1.3.0 instead
of something like libpbcopper.so.1 (and following symlinks). This may be
correct (again, I didn't investigate), but it makes updates to pbcopper
very fragile (as in this case) and isn't what normally happens with
libraries, where the symlinks make it possible to update the package
without rebuilding if SONAME compatibility is maintained, and otherwise
trigger a transition that can be handled by the release team.

Currently this regression is blocking the migration of pbcopper to
testing [1]. Due to the nature of this issue, I filed this bug report
against both packages. Can you please investigate the situation and
reassign the bug to the right package?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=pbcopper

https://ci.debian.net/data/autopkgtest/testing/amd64/p/pbbam/5248083/log.gz

   $ $PBMERGE $HQREGION_BAM $SCRAPS_BAM > $MERGED_BAM
+  pbmerge: error while loading shared libraries: libpbcopper.so.1.3.0:
cannot open shared object file: No such file or directory
+  [127]



signature.asc
Description: OpenPGP digital signature

Bug#959407: dh-python: pybuild without setup.py

2020-05-01 Thread Scott Kitterman 



On May 2, 2020 4:17:20 AM UTC, Drew Parsons  wrote:
>> pybuild will want to support it
>
>Some discussion has started on the mailing list,
>
>https://lists.debian.org/debian-python/2020/04/msg00061.html

As mentioned in the thread, there's a pybuild plugin for packages that use flit 
to build based on pyproject.toml.  It's in git, staged for the next upload.  
The pep517 package can also build packages using pyproject.toml, but it isn't, 
IMO, suitable for integration with pybuild because it's to heavy weight.

Scott K

Bug#959408: tilda: man page refers to non-existent info page

2020-05-01 Thread Olaf Meeuwissen 
Package: tilda
Version: 1.4.1-2.1
Severity: normal

Dear Maintainer,

Reading the tilda manual page, I saw

  The full documentation for tilda is maintained as a Texinfo manual.
  If the info and tilda programs are properly installed at your site,
  the command

info tilda

  should give you access to the complete manual.

Problem is, there is no such Texinfo manual.  Running `info tilda` just
shows the manual page in the info browser :-/

I checked the upstream source tarball and did not find a Texinfo manual
there.  There is also no tilda-doc or similar package.

Please fix the manual page to *not* refer to the non-existent Texinfo
manual.

-- System Information:
Architecture: x86_64

Kernel: Linux 4.19.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages tilda depends on:
ii  libc6   2.28-10
ii  libconfuse2 3.2.2+dfsg-1
ii  libgdk-pixbuf2.0-0  2.38.1+dfsg-1
ii  libglib2.0-02.58.3-2+deb10u2
ii  libgtk-3-0  3.24.5-1
ii  libpango-1.0-0  1.42.4-7~deb10u1
ii  libvte-2.91-0   0.54.2-2
ii  libx11-62:1.6.7-1

tilda recommends no packages.

tilda suggests no packages.

-- no debconf information

--
Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Softwarehttps://my.fsf.org/donate
 Join the Free Software Foundation  https://my.fsf.org/join

Bug#947755: sbuild: force-orig-source with source-only-changes does not add .orig.tar to source.changes

2020-05-01 Thread Guilhem Moulin 
Hi there,

On Sun, 29 Dec 2019 at 17:13:46 -0800, Vagrant Cascadian wrote:
> When I run:
> 
>  sbuild -d UNRELEASED -c sid  --source --force-orig-source 
> --source-only-changes hello_2.10-2.dsc
> 
> Results in an hello_2.10-2_amd64.changes that contains references to the
> .orig.tar but hello_2.10-2_source.changes that does not, which is pretty
> counterintuitive to me at least. :)

Probably related: --debbuildopt="-v$VERSION" is not passed along to
`dpkg-genchanges --build=source` either.

This might be why many _source.changes files uploaded to backports now
contain only entries for the current version (while it's recommended to
include all entries since the last bpo version — so the BTS can be
updated accordingly etc.)


https://salsa.debian.org/debian/sbuild/-/blob/debian/sbuild-0.79.1-1/lib/Sbuild/Build.pm#L2676

I suppose it'd make sense to collect dpkg-buildpackage options that are
meant for dpkg-genchanges (‘-sa’, ‘-vversion’, etc.) and pass them along
when invoking `dpkg-genchanges --build=source`.

> Thanks for maintaining sbuild!

+1 :-)

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#959367: loop device missing, too

2020-05-01 Thread Josep Lladonosa 
I add that I placed iso image in a vfat partition.
And after, in terminal:

modprobe vfat
mkdir /mnt/source
mount -t vfat /dev/sd?? /mnt/source

I can see iso image there but when I try mounting it through a loop device:

mount -o loop /mnt/source/image.iso /cdrom

it fails so installation cannot go on.

It seems this second need  was already reported in 785512 bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785512


-- 
--
Salutacions...Josep
--

Bug#959407: dh-python: pybuild without setup.py

2020-05-01 Thread Drew Parsons 
Package: dh-python
Version: 4.20200315
Severity: normal


There are movements around upstream packages to stop using setup.py.
https://stackoverflow.com/questions/58753970/how-to-build-a-source-distribution-without-using-setup-py-file

PEP517 seems to be the culprit behind this movement,
https://pypi.org/project/pep517/


If this is going to become the Way Of The Future,
then pybuild is going to want to support it.

Drew

Bug#959394: perlapi-5.28.1: Package Won't Install

2020-05-01 Thread Andrei POPESCU 
Control: reassign -1 libgtk2-perl
Control: forcemerge -1 942135

On Vi, 01 mai 20, 16:20:27, Brian Farnell wrote:
> Package: perlapi-5.28.1

Because this is a virtual package bugs can't be reported against it. 
Reassigning to libgtk2-perl instead.

> Severity: important
> 
> Dear Maintainer,
> 
> The package will not install
> 
> libgtk2-perl : Depends: perlapi-5.28.1 but it is not installable
> 
> perlapi-5.28.1 should be provided by perl-base which is already intalled on 
> the
> sytem.

perl-base in unstable provides perlapi-5.30.0, so this appears to be a 
problem with libgtk2-perl.

On the other hand there is also #912860. Are you sure you need 
libgtk2-perl?

> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (100, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
> LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled

Kind regards,
Andrei
-- 
Looking after bugs filled against unknown packages


signature.asc
Description: PGP signature

Bug#959406: apt-get: Language and numeric formatting in the output do not match

2020-05-01 Thread Bjarni Ingi Gislason 
Package: apt
Version: 2.0.2
Severity: normal

Dear Maintainer,

  there is an inconsistency between used language (English) in the
output and the used punctuation marks for numbers.

LC_LANG=is_IS, decimal_point="," thousands_sep="."

LC_LANG=C, decimal_point="." thousands_sep=""

LC_LANG=C.UTF-8, decimal_point="." thousands_sep=""


  Example:

Fetched 1.289 kB in 4s (302 kB/s)

Fetched 42,4 MB in 7s (5.949 kB/s)


  Additionally, there should be a space between a number and its units,
here "4s" should be "4 s", "7s" be "7 s".


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.19-1 (SMP w/2 CPU cores)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE=is_IS.iso88591 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages apt depends on:
ii  adduser 3.118
ii  debian-archive-keyring  2019.1
ii  gpgv2.2.20-1
ii  libapt-pkg6.0   2.0.2
ii  libc6   2.30-4
ii  libgcc-s1   10-20200418-1
ii  libgnutls30 3.6.13-2
ii  libseccomp2 2.4.3-1+b1
ii  libstdc++6  10-20200418-1
ii  libsystemd0 245.5-2

Versions of packages apt recommends:
ii  ca-certificates  20190110

Versions of packages apt suggests:
pn  apt-doc  
pn  aptitude | synaptic | wajig  
ii  dpkg-dev 1.19.7
ii  gnupg2.2.20-1
pn  powermgmt-base   

-- Configuration Files:
/etc/cron.daily/apt-compat changed [not included]

-- no debconf information

-- 
Bjarni I. Gislason

Bug#959399: libreoffice-common: Using libreoffice results in many AppArmor "ALLOWED" log messages in kernel syslog

2020-05-01 Thread Rene Engelhard 
Hi again.

On Sat, May 02, 2020 at 03:56:26AM +0200, Rene Engelhard wrote:
> > A small sampling of messages (obfuscated):
> > 
> > May  1 17:19:49 host kernel: [ 9201.656675] audit: type=1400 
> > audit(1588371589.713:822): apparmor="ALLOWED" operation="mknod" 
> > profile="libreoffice-soffice" 
> > name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453 
> > comm="configmgrWriter" requested_mask="c" denied_mask="c" fsuid=1000 
> > ouid=1000
> 
> why /raid as extra mountpoint and not /home directly or / directly or if
> that's not intended some bind mounts to have /home on a "known"
> location? So that stuff like this doesn't knowingly break?
> Or is that the case?

And what is your @HOME set for in apparmor sense?

  owner @{HOME}/.config/libreoffice{,dev}/** rwk,

is in the profile, which allows the owner of the config dir in @{HOME}
access.

So I just bet that setting needs to be globally adapted
for apparmor?
(Or use standard paths.)

Regards,

Rene

Bug#959395: remmina: Grab all keyboard events not working after upgrade

2020-05-01 Thread Bin Guo 
Package: remmina
Version: 1.4.2+dfsg-1
Severity: important

Dear Maintainer,

After upgrading remmina from 1.4.2+dfsg-1 to 1.4.3+dfsg-2 (plus
dependencies), Alt-Tab key in remote viewer keeps being processed by
host, while after downgrading back to 1.4.2+dfsg-1, Alt-Tab works in
remote viewer without problem.

Grab all keyboard events was enabled all the time, and I saw the same
problem with other hotkeys defined in host.

-- System Information:
Debian Release: bullseye/sid
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'testing'), (500, 'oldstable'), 
(400, 'unstable'), (300, 'stable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.5.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages remmina depends on:
ii  dbus-user-session [default-dbus-session-bus]  1.12.16-2
ii  dbus-x11 [dbus-session-bus]   1.12.16-2
ii  libavahi-client3  0.7-5
ii  libavahi-common3  0.7-5
ii  libavahi-ui-gtk3-00.7-5
ii  libayatana-appindicator3-10.5.4-2
ii  libc6 2.30-4
ii  libcairo2 1.16.0-4
ii  libgcrypt20   1.8.5-5
ii  libglib2.0-0  2.64.2-1
ii  libgtk-3-03.24.18-1
ii  libjson-glib-1.0-01.4.4-2
hi  libpango-1.0-01.42.4-8
ii  libsodium23   1.0.18-1
ii  libsoup2.4-1  2.70.0-1
ii  libssh-4  0.9.4-1
ii  libssl1.1 1.1.1g-1
ii  libvte-2.91-0 0.60.1-1
hi  remmina-common1.4.2+dfsg-1

Versions of packages remmina recommends:
hi  remmina-plugin-rdp 1.4.2+dfsg-1
hi  remmina-plugin-secret  1.4.2+dfsg-1
hi  remmina-plugin-vnc 1.4.2+dfsg-1

Versions of packages remmina suggests:
pn  remmina-plugin-exec 
pn  remmina-plugin-kwallet  
hi  remmina-plugin-nx   1.4.2+dfsg-1
hi  remmina-plugin-spice1.4.2+dfsg-1
pn  remmina-plugin-www  
hi  remmina-plugin-xdmcp1.4.2+dfsg-1

-- no debconf information

Bug#959405: paperconfig.8: Some tiding in the manual

2020-05-01 Thread Bjarni Ingi Gislason 
Package: libpaper-utils
Version: 1.1.28+b1
Severity: minor
Tags: patch

Dear Maintainer,

Input file is paperconfig.8

chk_man: Next line: execute mandoc -T lint paperconfig.8

mandoc: paperconfig.8:68:67: STYLE: whitespace at end of input line

###

Add a space after a comma.

###

Test nr. 36:

Wrong distance between sentences. 

a) Separate the sentences and subordinate clauses; each begins on a new
line.  See man-pages(7) and "info groff".

 The best procedure is always to start a new sentence on a new line,
at least, if you are typing on a computer.

Remember coding: Only one command ("sentence") on each (logical) line.

E-mail: Easier to quote exactly the relevant lines.

Generally: Easier to edit the sentence.

Patches: Less unaffected text.


45:if possible. If

#

  Patch:

--- paperconfig.8   2019-08-18 11:08:29.0 +
+++ paperconfig.8.new   2020-05-01 21:30:25.0 +
@@ -6,13 +6,14 @@
 .SH SYNOPSIS
 .B paperconfig
 [
-.BR \-v\fP, \fB\-\-version
+.BR \-v ", " \-\-version
 ]
 [
-.BR \-h\fP, \fB\-\-help
+.BR \-h ", " \-\-help
 ]
 [
-.BI "\-p\fP, \fB\-\-paper" " papername"
+.BR \-p ", " \-\-paper
+.I papername
 |
 .B \-\-force
 ]
@@ -31,18 +32,20 @@ notifies other packages of the change by
 directory.
 .SH OPTIONS
 .TP
-.BR \-v\fP, \fB\-\-version
+.BR \-v ", " \-\-version
 Print the version of
 .B paperconfig
 and exit.
 .TP
-.BR \-h\fP, \fB\-\-help
+.BR \-h ", " \-\-help
 Print help about usage and exit.
 .TP
-.BI "\-p\fP, \fB\-\-paper" " papername"
+.BR \-p ", " \-\-paper\c
+.I papername
 Use
 .I papername
-if possible. If
+if possible.
+If
 .I papername
 is not a valid paper, print an error message and exit.
 .TP
@@ -65,7 +68,7 @@ variable is not set.
 Directory of scripts to run after the paper size has been changed.
 This package puts no scripts here, but other packages may.
 .B run-parts
-is used to run the scripts, therefore their names must comply with 
+is used to run the scripts, therefore their names must comply with
 .B run-part's
 naming requirements.
 .SH AUTHOR



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.19-1 (SMP w/2 CPU cores)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE=is_IS.iso88591 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpaper-utils depends on:
ii  libc6  2.30-4
ii  libpaper1  1.1.28+b1

libpaper-utils recommends no packages.

libpaper-utils suggests no packages.

-- no debconf information

-- 
Bjarni I. Gislason

Bug#959403: papersize.5: Some tiding in the manual

2020-05-01 Thread Bjarni Ingi Gislason 
Package: libpaper1
Version: 1.1.28+b1
Severity: minor
Tags: patch

Dear Maintainer,

Input file is papersize.5

chk_man: Next line: execute mandoc -T lint papersize.5

mandoc: papersize.5:32:10: STYLE: whitespace at end of input line

###

 Use two-fonts macros instead of font escapes.

###

Correct spelling:

overrideen -> overridden



  Patch:

--- papersize.5 2019-08-18 11:08:29.0 +
+++ papersize.5.new 2020-05-01 20:58:38.0 +
@@ -17,24 +17,25 @@ string found; the case in the name of th
 section however).
 .SH "PAPER NAMES"
 The following names are commonly understood by programs:
-.B a3\fP,\fB a4\fP,\fB a5\fP,
-.B b5\fP,\fB letter\fP,\fB legal\fP,\fB executive\fP,\fB note\fP
+.BR a3 ", " a4 ", " a5 ", " b5 ", " letter ", " legal ", " executive ,
+.B note
 and
 .BR 11x17 .
 .PP
 Additional paper names that one may encounter are:
-.B a0\fP,\fB a1\fP,\fB a2\fP,\fB a6\fP,\fB a7\fP,\fB a8\fP,\fB a9\fP,\fB 
a10\fP,
-.B b0\fP,\fB b1\fP,\fB b2\fP,\fB b3\fP,\fB b4\fP,\fB tabloid\fP,
-.B statement\fP,\fB note\fP,
-.B halfletter\fP,\fB halfexecutive\fP,\fB folio\fP,\fB quarto\fP,\fB ledger\fP,
-.B archA\fP,\fB archB\fP,\fB archC\fP,\fB archD\fP,\fB archE\fP,\fB flsa\fP,
-.B flse\fP,\fB csheet\fP,\fB dsheet\fP,\fB esheet\fP
-and   
+.BR a0 ", " a1 ", " a2 ", " a6 ", " a7 ", " a8 ", " a9 ", " a10 ,
+.BR b0 ", " b1 ", " b2 ", " b3 ", " b4 ", " tabloid ,
+.BR statement ", " note ,
+.BR halfletter ", " halfexecutive ", " folio ", " quarto ", " ledger ,
+.BR archA ", " archB ", " archC ", " archD ", " archE ", " flsa ,
+.BR flse ", " csheet ", " dsheet ,
+.B esheet
+and
 .BR 10x14 .
 .PP
 The value of the
 .B papersize
-file can be overrideen by
+file can be overridden by
 looking in order at the
 .B PAPERSIZE
 environment variable, then at the contents of the file specified by the


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.19-1 (SMP w/2 CPU cores)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE=is_IS.iso88591 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpaper1 depends on:
ii  debconf [debconf-2.0]  1.5.74
ii  dpkg   1.19.7
ii  libc6  2.30-4
ii  ucf3.0038+nmu1

Versions of packages libpaper1 recommends:
ii  libpaper-utils  1.1.28+b1

libpaper1 suggests no packages.

-- debconf information:
  libpaper/defaultpaper: a4

-- 
Bjarni I. Gislason

Bug#959404: paperconf.1: trim trailing spaces

2020-05-01 Thread Bjarni Ingi Gislason 
Package: libpaper-utils
Version: 1.1.28+b1
Severity: minor
Tags: patch

Dear Maintainer,

Input file is paperconf.1

chk_man: Next line: execute mandoc -T lint paperconf.1

mandoc: paperconf.1:99:19: STYLE: whitespace at end of input line
mandoc: paperconf.1:105:19: STYLE: whitespace at end of input line


  Patch:

--- paperconf.1 2019-08-18 11:08:29.0 +
+++ paperconf.1.new 2020-05-01 21:15:33.0 +
@@ -96,13 +96,13 @@ Use millimetres as unit for paper size.
 Use inches as unit for paper size.
 
 .SH ENVIRONMENT
-.TP 20
+.TP 20
 .B PAPERSIZE
 Paper size to use regardless of what the papersize file contains.
 .TP 20
 .B PAPERCONF
 Full path to a file containing the paper size to use.
-.SH FILES 
+.SH FILES
 .TP 20
 .B /etc/papersize
 Contains the name of the system-wide default paper size to be used


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.19-1 (SMP w/2 CPU cores)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE=is_IS.iso88591 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpaper-utils depends on:
ii  libc6  2.30-4
ii  libpaper1  1.1.28+b1

libpaper-utils recommends no packages.

libpaper-utils suggests no packages.

-- no debconf information

-- 
Bjarni I. Gislason

Bug#925444: smokeping: --pid-dir doesn't worj as expected

2020-05-01 Thread Gabriel Filion 
Hi Cameron,

Sorry it took me so much time to reply. I've just now fixed my local
discardable VM setup for testing so I'm able to dive in again.

On Tue, 11 Feb 2020 11:23:19 +1000 Cameron Davidson
 wrote:
> This has just started hapenning to my also.
> 
> The cause, I think, that evenutally a tmpfile cleanup will delete
> /run/smokeping - maybe depends on age and/or  because it is not owned by
> root.

This is very strange.. As I've mentioned earlier in this bug report, the
systemd unit file should have a directive (RuntimeDirectory) that
automatically creates the directory /run/smokeping.
I've just verified and the sysvinit script also does create the
directory (albeit under /var/run, but that should be equivalent since
/var/run can be expected to symlink to /run).

Something that I've just discovered today though is that systemd
completely destroys the /run/smokeping directory when the service is
stopped. So this might throw some ppl off (myself included!) when trying
to debug this.


maybe one thing that might be interesting to verify is whether the
configuration file points to the right directory for "piddir". In the
default configuration that the package ships, the file
/etc/smokeping/config.d/pathnames contains the following:


root@debian-10-amd64:~# cat /etc/smokeping/config.d/pathnames
sendmail = /usr/sbin/sendmail
imgcache = /var/cache/smokeping/images
imgurl   = ../smokeping/images
datadir  = /var/lib/smokeping
piddir  = /var/run/smokeping
smokemail = /etc/smokeping/smokemail
tmail = /etc/smokeping/tmail
dyndir = /var/lib/smokeping/__cgi


check in this file if "piddir" points either to /var/run/smokeping or
/run/smokeping, otherwise try and correct the path.


and finally as I mentioned earlier, if smokeping is running in "slave"
mode, then --pid-dir behaves differently : it does not create a pid file
for some reason. if you're running smokeping using this mode, then take
a look at the example file I've added to the package:

/usr/share/doc/smokeping/examples/systemd/slave_mode.conf

this can be copied in a systemd override directory and then adapted for
the master url. the file contains some instructions in comments for
where to place it.

> One solution (I found for other systemd processes run as non-root) is to
> add a config file:
> 
> /usr/lib/tmpfiles.d/smokeping.conf
> 
> Contents should be something like:
> 
>    d    /run/smokeping   0755   smokeping   smokeping   -   -
> 
> to have systemd recreate the dir when smokeping is started.

I believe this should be non-necessary since both the init script and
the systemd units have some method to automatically create the directory.


If you're still unable to get the pid file to be created by systemd,
then maybe I'm missing something out. In this case, tell me a bit more
information about your system. e.g. what CPU architecture is being used
(amd64, arm64, i386, ...) and what version of systemd your system
currently has installed.


Cheers!



signature.asc
Description: OpenPGP digital signature

Bug#959399: libreoffice-common: Using libreoffice results in many AppArmor "ALLOWED" log messages in kernel syslog

2020-05-01 Thread Rene Engelhard 
retitle 959399 libreoffice-common: many AppArmor "ALLOWED" log messages
if using "non-standard" $HOME
severity 959399 minor
tag 959399 + wontfix
thanks

On Fri, May 01, 2020 at 06:00:46PM -0500, E Harris wrote:
> Using LibreOffice results in many AppArmor audit log messages marked as 
> "ALLOWED".
> These messages repeat many times during normal use of the app, resulting in 
> quite a bit of log spam.
> 
> Perhaps this is the result of the user's home directory being mounted in an 
> alternate location?

Yes, and to be honest, if you change that dir you need to change all
profiles referencing $HOME to allow it.

Here you can be just glad it works because the profile is in complain
mode, if it wasn't this wouldn't work at all...

One simply cannot allow any path as this would simply defeat the
purpose.

> 
> A small sampling of messages (obfuscated):
> 
> May  1 17:19:49 host kernel: [ 9201.656675] audit: type=1400 
> audit(1588371589.713:822): apparmor="ALLOWED" operation="mknod" 
> profile="libreoffice-soffice" 
> name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453 
> comm="configmgrWriter" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

why /raid as extra mountpoint and not /home directly or / directly or if
that's not intended some bind mounts to have /home on a "known"
location? So that stuff like this doesn't knowingly break?
Or is that the case?

I am honestly not sure whether there's something to do there at all -
except for the admin of the system to adapt the profile to the setuo of
the system.

Regards,

Rene

Bug#959402: yaml-cpp: FTBFS on mipsel

2020-05-01 Thread Boyuan Yang 
Source: yaml-cpp
Version: 0.6.3-1
Severity: grave
Justification: FTBFS

Dear Debian yaml-cpp maintainer,

Unfortunately yaml-cpp currently FTBFS on mipsel architecture. Build logs
indicate that it might be caused by the exhaustion of memory:

as: out of memory allocating 7161456 bytes after a total of 573444096 bytes
/tmp/cc7NTJLR.s: Assembler messages:
/tmp/cc7NTJLR.s: Fatal error: can't close CMakeFiles/run-
tests.dir/integration/gen_emitter_test.cpp.o: memory exhausted
make[4]: *** [test/CMakeFiles/run-tests.dir/build.make:102:
test/CMakeFiles/run-tests.dir/integration/gen_emitter_test.cpp.o] Error 1


I'm not sure what's the best way of solving this issue. Maybe we need some
test-builds on porterbox?

-- 
Best,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#904717: rosegarden "Tie Notes at Barlines" has no effect on some imported MIDI

2020-05-01 Thread Ted Felix 

Confirmed.  This is likely working as designed.

In the Bass_sample.mid case, the note beginnings have been quantized, 
but the note durations have not been quantized.  Rosegarden seems to 
prefer exact note durations when doing ties.  If you double-click the 
note that you want to tie and set its duration to a dotted quarter, you 
can then tie across the barline.


It may be possible to improve this, but I'm not the one to ask.  I 
recommend closing this bug and starting a discussion on the upstream 
rosegarden-user mailing list:


https://sourceforge.net/projects/rosegarden/lists/rosegarden-user

Look forward to seeing you there.

Bug#959143: RFS: libgrokj2k/7.1.0-1 [ITP] -- JPEG 2000 image compression/decompression library

2020-05-01 Thread Aaron Boxer 
Hi Adam,
Thanks a lot for testing this I've fixed the build error - please try it
again when you have time.
Cheers,
Aaron

On Fri, May 1, 2020 at 7:21 PM Adam Borowski  wrote:

> On Wed, Apr 29, 2020 at 04:53:38PM -0400, Aaron Boxer wrote:
> >  * Package name: libgrokj2k
> >Version : 7.1.0-1
>
> > It builds those binary packages:
> >
> >   libgrokj2k1 - JPEG 2000 image compression/decompression library
> >   libgrokj2k1-dev - development files for Grok, a JPEG 2000 image library
> >   grokj2k-tools - command-line tools for the Grok JPEG 2000 library
>
> I'm afraid it doesn't build in a minimal chroot.
> Log attached.
>
> --
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ in the beginning was the boot and root floppies and they were good.
> ⢿⡄⠘⠷⠚⠋⠀   --  on #linux-sunxi
> ⠈⠳⣄
>

Bug#959393: ruby2.7 breaks diaspora-installer autopkgtest: sh: 1: bundle: not found

2020-05-01 Thread Antonio Terceiro 
Control: reassign -1 ruby2.7
Control: found -1 2.7.0-6

On Fri, May 01, 2020 at 10:23:56PM +0200, Paul Gevers wrote:
> Using system bundler...
> Installing gems with rubygems ...
> sh: 1: bundle: not found

libruby2.7 now has some Provides: for libraries builtin to the standard
library, including ruby-bundler. But since ruby-bundler also provides a
`bundle` binary, which libruby2.7 does not, then this Provides: is not
really correct.

Instead, libruby2.7 should depend on ruby-bundler, like it already does on
rake, ruby-test-unit and others, and not provide it.


signature.asc
Description: PGP signature

Bug#959391: wordpress: CVE-2020-11025 CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 CVE-2020-11030

2020-05-01 Thread Craig Small 
This is the analysis of the latest WordPress security bugs.
Is it awesome upstream already has CVE IDs and (almost) clear patches of
the fixes? Yes, it is!

Sid: 5.4
All vulnerabilities, use upstream 5.4.1

Bullseye: 5.3.2
https://github.com/WordPress/wordpress-develop/commit/42cbfc76f87add1853996730c587ea66aa8fdc28
SVN references: 47633 47634 47635 47636 47637 47638
https://core.trac.wordpress.org/changeset/47633  Customizer - CVE-2020-11025
https://core.trac.wordpress.org/changeset/47634 password update -
CVE-2020-11027
https://core.trac.wordpress.org/changeset/47635 single post on query -
CVE-2020-11028
https://core.trac.wordpress.org/changeset/47636 block editor escape -
CVE-2020-11030
https://core.trac.wordpress.org/changeset/47637 escaping around stats -
CVE-2020-11029
https://core.trac.wordpress.org/changeset/47638 sanitize file name -
CVE-2020-11026
All vulnerable, use aggregated GH commit

Buster: 5.0.4
https://github.com/WordPress/wordpress-develop/commit/e65e7a3bd96df6675a9a3caa54f5945885379f09
SVN references: 47633 47634 47635 47636 47637 47638
All vulnerable, use aggregated GH commit

Stretch: 4.7.5
https://github.com/WordPress/wordpress-develop/commit/f9be892b76512c0bf3826c07839dd7c406f13e06
SVN references: 47633 47634 47635 47637 47638
Does NOT reference 47636
4.7.5 code does not use blocks, equivalent code in get_search_form() uses
if statement so changing class variable gives default (follows else path)
https://github.com/WordPress/wordpress-develop/blob/c7f320da2b05b261fc94b63dccc2fc0787641cf9/src/wp-includes/general-template.php#L221
Not vulnerable to CVE-2020-11030, use aggregated GH commit for the rest

Bug#644728: DID YOU GET IT?

2020-05-01 Thread Smith and Associates 
Dear Sir,

Did you get my previous email about you deceased relatives estate?

Paul Smith
Smith and Associates
Tampa Florida U.S.A

Bug#959400: mesa: SIGSEGV in iris_dri.so using mpv or glxgears, Intel HD Graphics 620

2020-05-01 Thread Jean-Francois Pirus 


Source: mesa
Severity: normal
Tags: upstream

Dear Maintainer,


Get a SIGSEV playing any video or running glxgears with latest
kernel/mesa 20.0.4-2.

Thread 11 "mpv/vo" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe0c85700 (LWP 6662)]
0x7fffcaca49d8 in ?? () from /usr/lib/x86_64-linux-
gnu/dri/iris_dri.so

Thread 1 "glxgears" received signal SIGSEGV, Segmentation fault.
0x75fac336 in GEN9_3DSTATE_VERTEX_ELEMENTS_pack
(values=, dst=, data=0x7fffe290)
at src/intel/genxml/gen9_pack.h:6901
6901src/intel/genxml/gen9_pack.h: No such file or directory.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_USER, TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8),
LANGUAGE=en_NZ:en (charmap=UTF-8)

glxinfo
---
name of display: :0.0
display: :0  screen: 0
direct rendering: Yes
server glx vendor string: SGI
server glx version string: 1.4
server glx extensions:
client glx vendor string: Mesa Project and SGI
client glx version string: 1.4
client glx extensions:
Extended renderer info (GLX_MESA_query_renderer):
Vendor: Intel (0x8086)
Device: Mesa Intel(R) HD Graphics 620 (KBL GT2) (0x5916)
Version: 20.0.4
Accelerated: yes
Video memory: 3072MB
Unified memory: yes
Preferred profile: core (0x1)
Max core profile version: 4.6
Max compat profile version: 4.6
Max GLES1 profile version: 1.1
Max GLES[23] profile version: 3.2
OpenGL vendor string: Intel
OpenGL renderer string: Mesa Intel(R) HD Graphics 620 (KBL GT2)
OpenGL core profile version string: 4.6 (Core Profile) Mesa 20.0.4
OpenGL core profile shading language version string: 4.60
OpenGL core profile context flags: (none)
OpenGL core profile profile mask: core profile
OpenGL core profile extensions:
OpenGL version string: 4.6 (Compatibility Profile) Mesa 20.0.4
OpenGL shading language version string: 4.60
OpenGL context flags: (none)
OpenGL profile mask: compatibility profile
OpenGL extensions:
OpenGL ES profile version string: OpenGL ES 3.2 Mesa 20.0.4
OpenGL ES profile shading language version string: OpenGL ES GLSL ES
3.20
OpenGL ES profile extensions:

Xorg.0.log
---
[ 8.368] (II) Loading /usr/lib/xorg/modules/drivers/intel_drv.so
[ 8.371] (II) Module intel: vendor="X.Org Foundation"
[ 8.371]compiled for 1.20.8, module version = 2.99.917
[ 8.371]Module class: X.Org Video Driver
[ 8.371]ABI class: X.Org Video Driver, version 24.1
[ 8.371] (II) intel: Driver for Intel(R) Integrated Graphics
Chipsets:
[ 8.371] (II) intel: Driver for Intel(R) Integrated Graphics
Chipsets:
i810, i810-dc100, i810e, i815, i830M, 845G, 854, 852GM/855GM,
865G,
915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM,
Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33,
Q35, Q33,
GM45, 4 Series, G45/G43, Q45/Q43, G41, B43
[ 8.371] (II) intel: Driver for Intel(R) HD Graphics
[ 8.371] (II) intel: Driver for Intel(R) Iris(TM) Graphics
[ 8.371] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics
[ 8.376] (II) intel(0): Using Kernel Mode Setting driver: i915,
version 1.6.0 20200114
[ 8.376] (II) intel(0): SNA compiled: xserver-xorg-video-intel
2:2.99.917+git20200226-1 (Timo Aaltonen )
[ 8.376] (II) intel(0): SNA compiled for use with valgrind
[ 8.377] (--) intel(0): Integrated Graphics Chipset: Intel(R) HD
Graphics 620

gdb
-
Starting program: /usr/bin/glxgears 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-
gnu/libthread_db.so.1".
[New Thread 0x7fffef42b700 (LWP 4167)]
[New Thread 0x7fffeec2a700 (LWP 4168)]
[New Thread 0x7fffee429700 (LWP 4169)]
[New Thread 0x7fffedc28700 (LWP 4170)]

Thread 1 "glxgears" received signal SIGSEGV, Segmentation fault.
0x75fac336 in GEN9_3DSTATE_VERTEX_ELEMENTS_pack
(values=, dst=, data=0x7fffe290)
at src/intel/genxml/gen9_pack.h:6901
6901src/intel/genxml/gen9_pack.h: No such file or directory.

Thread 5 (Thread 0x7fffedc28700 (LWP 4170)):
#0  futex_wait_cancelable (private=0, expected=0,
futex_word=0x556f6d88) at ../sysdeps/unix/sysv/linux/futex-
internal.h:80
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0,
mutex=0x556f6d38, cond=0x556f6d60) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x556f6d60, mutex=0x556f6d38) at
pthread_cond_wait.c:638
#3  0x75913efb in cnd_wait (mtx=0x556f6d38,
cond=0x556f6d60) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x556f9960) at
../src/util/u_queue.c:275
#5  0x75913b17 in impl_thrd_routine (p=) at
../include/c11/threads_posix.h:87
#6  0x76b0ef27 in start_thread (arg=) at
pth

Bug#150137: DID YOU GET IT?

2020-05-01 Thread Smith and Associates 
Dear Sir,

Did you get my previous email about you deceased relatives estate?

Paul Smith
Smith and Associates
Tampa Florida U.S.A

Bug#959393: ruby2.7 breaks diaspora-installer autopkgtest: sh: 1: bundle: not found

2020-05-01 Thread Antonio Terceiro 
Control: reassign -1 libruby2.7
Control: found -1 2.7.0-6

On Fri, May 01, 2020 at 09:12:57PM -0300, Antonio Terceiro wrote:
> Control: reassign -1 ruby2.7
> Control: found -1 2.7.0-6
> 
> On Fri, May 01, 2020 at 10:23:56PM +0200, Paul Gevers wrote:
> > Using system bundler...
> > Installing gems with rubygems ...
> > sh: 1: bundle: not found
> 
> libruby2.7 now has some Provides: for libraries builtin to the standard
> library, including ruby-bundler. But since ruby-bundler also provides a
> `bundle` binary, which libruby2.7 does not, then this Provides: is not
> really correct.
> 
> Instead, libruby2.7 should depend on ruby-bundler, like it already does on
> rake, ruby-test-unit and others, and not provide it.

It's on libruby2.7, not ruby2.7


signature.asc
Description: PGP signature

Bug#959399: libreoffice-common: Using libreoffice results in many AppArmor "ALLOWED" log messages in kernel syslog

2020-05-01 Thread E Harris 
Package: libreoffice-common
Version: 1:6.1.5-3+deb10u5
Severity: normal

Using LibreOffice results in many AppArmor audit log messages marked as 
"ALLOWED".
These messages repeat many times during normal use of the app, resulting in 
quite a bit of log spam.

Perhaps this is the result of the user's home directory being mounted in an 
alternate location?

A small sampling of messages (obfuscated):

May  1 17:19:49 host kernel: [ 9201.656675] audit: type=1400 
audit(1588371589.713:822): apparmor="ALLOWED" operation="mknod" 
profile="libreoffice-soffice" 
name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453 
comm="configmgrWriter" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
May  1 17:19:49 host kernel: [ 9201.657039] audit: type=1400 
audit(1588371589.713:823): apparmor="ALLOWED" operation="open" 
profile="libreoffice-soffice" 
name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453 
comm="configmgrWriter" requested_mask="wrc" denied_mask="wrc" fsuid=1000 
ouid=1000
May  1 17:19:49 host kernel: [ 9201.657107] audit: type=1400 
audit(1588371589.717:824): apparmor="ALLOWED" operation="file_lock" 
profile="libreoffice-soffice" 
name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453 
comm="configmgrWriter" requested_mask="wk" denied_mask="wk" fsuid=1000 ouid=1000
May  1 17:19:49 host kernel: [ 9201.670903] audit: type=1400 
audit(1588371589.729:825): apparmor="ALLOWED" operation="rename_src" 
profile="libreoffice-soffice" 
name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453 
comm="configmgrWriter" requested_mask="wrd" denied_mask="wrd" fsuid=1000 
ouid=1000
May  1 17:19:49 host kernel: [ 9201.670926] audit: type=1400 
audit(1588371589.729:826): apparmor="ALLOWED" operation="rename_dest" 
profile="libreoffice-soffice" 
name="/raid/home/user/.config/libreoffice/4/user/registrymodifications.xcu" 
pid=16453 comm="configmgrWriter" requested_mask="wc" denied_mask="wc" 
fsuid=1000 ouid=1000

-- System Information:
Debian Release: 10.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-8-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreoffice-common depends on:
ii  libnumbertext-data 1.0.5-1
ii  libreoffice-style-colibre  1:6.1.5-3+deb10u5
ii  libreoffice-style-tango1:6.1.5-3+deb10u5
ii  ure6.1.5-3+deb10u5

Versions of packages libreoffice-common recommends:
ii  apparmor2.13.2-10
ii  fonts-liberation2   2.00.5-1
ii  libexttextcat-data  3.4.5-1
ii  python3-uno 1:6.1.5-3+deb10u5
ii  xdg-utils   1.1.3-1

Versions of packages libreoffice-common suggests:
ii  libreoffice-style-colibre [libreoffice-style]  1:6.1.5-3+deb10u5
ii  libreoffice-style-tango [libreoffice-style]1:6.1.5-3+deb10u5

Versions of packages python3-uno depends on:
ii  libc6 2.28-10
ii  libgcc1   1:8.3.0-6
ii  libpython3.7  3.7.3-2+deb10u1
ii  libreoffice-core  1:6.1.5-3+deb10u5
ii  libstdc++68.3.0-6
ii  python3   3.7.3-1
ii  python3.7 3.7.3-2+deb10u1
ii  uno-libs3 6.1.5-3+deb10u5
ii  ure   6.1.5-3+deb10u5

-- Configuration Files:
/etc/libreoffice/soffice.sh changed:
FILE_LOCKING=auto
OPENGL_SUPPORT=no


-- no debconf information

Bug#959391: wordpress: CVE-2020-11025 CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 CVE-2020-11030

2020-05-01 Thread Craig Small 
Hi Salvatore,
  Thanks for the bug report. I'll look into it today and yes its good we
finally have CVE IDs to work with.


On Sat, 2 May 2020 at 06:21, Salvatore Bonaccorso  wrote:

> example CVE-2020-11030 lists via the GHSA as affected versions 5.2 to
> 5.4, and patched in 5.4.1, 5.3.3 and 5.2.6. Is this correct so which
> would mean buster and stretch are not affected?
>
[...]

> CVE-2020-11030:
> | to add content. This has been patched in version 5.4.1, along with all
> | the previously affected versions via a minor release (5.3.3, 5.2.6,
> | 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23,
> | 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
> The github entry is definitely confusing. "This affects 5.2-5.4" and
> "fixed in 5.0.9 and 4.7.17" (why fix something no affected?


So WordPress pull in changes into the old branches with a single commit[1]
which then references 6 SVN commits.  My gut feel is with 6 CVEs and 6
referenced commits it is a good chance 5.0.x is impacted by all 6, but
sometimes they have multiple commits for one bug, or one commit fixes
multiple bugs. The trick comes down to how understandable the SVN commits
are.  It's a bit of a jigsaw puzzle. So for CVE-2020-11030, the 5.0x fix is
probably [2] because it mentions the block editor and changes the search
file. It's not an exact science.

The actual code fix is easy, I just pull in [1] into the Debian repository
for buster. It's the referencing and checking the version is impacted that
takes the time.

 - Craig


1:
https://github.com/WordPress/wordpress-develop/commit/e65e7a3bd96df6675a9a3caa54f5945885379f09
2: https://core.trac.wordpress.org/changeset/47636

Bug#897768: hmat-oss: diff for NMU version 1.2.0-2.1

2020-05-01 Thread Sudip Mukherjee 
Control: tags 897768 + patch
Control: tags 897768 + pending

Dear maintainer,

I've prepared an NMU for hmat-oss (versioned as 1.2.0-2.1) and
uploaded it to mentors for sponsoring. Please feel free to tell me if I
should remove it.

--
Regards
Sudip

diff -Nru hmat-oss-1.2.0/debian/changelog hmat-oss-1.2.0/debian/changelog
--- hmat-oss-1.2.0/debian/changelog 2016-10-20 21:08:08.0 +0100
+++ hmat-oss-1.2.0/debian/changelog 2020-05-02 00:18:14.0 +0100
@@ -1,3 +1,10 @@
+hmat-oss (1.2.0-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS. (Closes: #897768)
+
+ -- Sudip Mukherjee   Sat, 02 May 2020 00:18:14 
+0100
+
 hmat-oss (1.2.0-2) unstable; urgency=medium
 
   * New patch: 0002-Fix-compilation-on-Linux-32-bits-systems.patch
diff -Nru hmat-oss-1.2.0/debian/patches/fix_gcc.patch 
hmat-oss-1.2.0/debian/patches/fix_gcc.patch
--- hmat-oss-1.2.0/debian/patches/fix_gcc.patch 1970-01-01 01:00:00.0 
+0100
+++ hmat-oss-1.2.0/debian/patches/fix_gcc.patch 2020-05-02 00:18:01.0 
+0100
@@ -0,0 +1,46 @@
+Description: Fix FTBFS with gcc-8
+ Use std::fill() instead of memset() as done by upstream.
+ Ref: 
https://github.com/jeromerobert/hmat-oss/commit/9b614cfee6974f4103636402ce3007be336a55b7
+
+Bug-Debian: https://bugs.debian.org/897768
+---
+
+--- hmat-oss-1.2.0.orig/src/full_matrix.cpp
 hmat-oss-1.2.0/src/full_matrix.cpp
+@@ -172,10 +172,9 @@ template FullMatrix::~Ful
+ 
+ template void FullMatrix::clear() {
+   assert(lda == rows);
+-  size_t size = ((size_t) rows) * cols * sizeof(T);
+-  memset(m, 0, size);
++  std::fill(m, m + ((size_t) rows) * cols, Constants::zero);
+   if (diagonal) {
+-memset(diagonal->v, 0, rows * sizeof(T));
++std::fill(diagonal->v, diagonal->v + rows, Constants::zero);
+   }
+ }
+ 
+@@ -210,7 +209,7 @@ template void FullMatrix:
+ T* x = m;
+ if (alpha == Constants::zero) {
+   for (int col = 0; col < cols; col++) {
+-memset(x, 0, sizeof(T) * rows);
++std::fill(x, x + rows, Constants::zero);
+ x += lda;
+   }
+ } else {
+@@ -896,12 +895,12 @@ template double Vector::n
+ }
+ 
+ template void Vector::clear() {
+-  memset(this->v, 0, sizeof(T) * this->rows);
++  std::fill(this->v, this->v + this->rows, Constants::zero);
+ }
+ 
+ template void Vector::scale(T alpha) {
+   if (alpha == Constants::zero) {
+-memset(v, 0, sizeof(T) * rows);
++std::fill(v, v + rows, Constants::zero);
+   } else {
+ proxy_cblas::scal(rows, alpha, v, 1);
+   }
diff -Nru hmat-oss-1.2.0/debian/patches/series 
hmat-oss-1.2.0/debian/patches/series
--- hmat-oss-1.2.0/debian/patches/series2016-10-20 21:08:08.0 
+0100
+++ hmat-oss-1.2.0/debian/patches/series2020-05-01 23:27:04.0 
+0100
@@ -1,2 +1,3 @@
 0001-make-build-reproducible.patch
 0002-Fix-compilation-on-Linux-32-bits-systems.patch
+fix_gcc.patch

Bug#959398: RFS: hmat-oss/1.2.0-2.1 [NMU, RC] -- dynamic libraries for HMat

2020-05-01 Thread Sudip Mukherjee 
Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "hmat-oss"

 * Package name: hmat-oss
   Version : 1.2.0-2.1
   Upstream Author : Jerome Robert 
 * URL : https://github.com/jeromerobert/hmat-oss
 * License : GPL-2+
 * Vcs : 
http://anonscm.debian.org/gitweb/?p=debian-science/packages/hmat-oss.git
   Section : science

It builds those binary packages:

  libhmat-oss1 - dynamic libraries for HMat
  libhmat-oss-dev - headers and development libraries for HMat
  libhmat-oss1-dbg - debug symbols for HMat

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/hmat-oss

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/h/hmat-oss/hmat-oss_1.2.0-2.1.dsc

Changes since the last upload:

   * Non-maintainer upload.
   * Fix FTBFS. (Closes: #897768)


-- 
Regards
Sudip

Bug#944713: www.debian.org: Developer Locations map empty

2020-05-01 Thread Holger Wansing 
Hi,

Holger Wansing  wrote:
> Hi,
> 
> Uwe Kleine-König  wrote:
> > https://www.debian.org/devel/developers.loc shows a world map without
> > the usual markers for the coordinats where DDs live. Also
> > https://www.debian.org/devel/developers.coords is empty.
> 
> The '6map' cron script at wolkenstein relays on a so-called 'markers' file
> under /var/lib/misc/wolkenstein.debian.org/ and this file is empty too:
> 
> debwww@wolkenstein:/home/holgerw$ ls -la 
> /var/lib/misc/wolkenstein.debian.org/markers 
> -rw-r--r-- 1 root root 0 Mai  1 18:06 
> /var/lib/misc/wolkenstein.debian.org/markers
> 
> Therefore, no DD locations are added to the earth image.
> 
> I fail to see where exactly this markers file is populated from.
> 
> Any pointers?

Hmm, I found
https://salsa.debian.org/dsa-team/mirror/userdir-ldap/-/blob/master/ud-xearth
Maybe it's related here?
But I can't get any further ...


Holger


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#959397: ITP: python-resolvelib -- module to resolve abstract dependencies into concrete ones

2020-05-01 Thread Scott Kitterman 
Package: wnpp
Severity: wishlist
Owner: Scott Kitterman 

* Package name: python-resolvelib
  Version : 0.3.0
  Upstream Author : Tzu-ping Chung 
* URL : https://github.com/sarugaku/resolvelib
* License : ISC
  Programming Lang: Python
  Description : module to resolve abstract dependencies into concrete ones

 python3-resolvelib provides a `Resolver` class that includes dependency
 resolution logic. You give it some things, and a little information on how it
 should interact with them, and it will spit out a resolution result.

This is a new dependency for the next version of python-pip (upstream
vendors it, but does support unvendored packages which this will
provide).  It is used to support pip's new dependency resolver (not used
by default, yet).

This package will be maintained in the DPMT.

Scott K

Bug#959396: pterm +ut creates a defunct process (#165887, slight return)

2020-05-01 Thread Mark Wooding 
Package: pterm
Version: 0.70-6
Severity: minor
Tags: patch upstream

It looks superficiallu like #165887 is back:

[spirit ~]ls -l .putty/sessions
total 0
[spirit ~]pterm +ut&
[1] 11172
[spirit ~]echo $!
11172
[spirit ~]ps f
  PID TTY  STAT   TIME COMMAND
[...]
11172 pts/11   SN 0:00  \_ pterm +ut
11175 pts/11   ZN 0:00  |   \_ [pterm] 
11176 pts/21   SNs+   0:00  |   \_ -zsh
11233 pts/11   R+ 0:00  \_ ps f
[...]

But the `SIGCHLD' code is all there still.  What gives?  It turns out
that `pterm''s startup code is racy.

Let's walk through what happens.

  1. We start up and enter `pty_pre_init' to split off the privileged
 `utmp' helper process.  We hang onto a pipe with which to
 communicate with the helper, and carry on.

  2. Stuff happens, and eventually we enter `pty_init'.  Fairly early
 on, we run this code:

 /*
  * Stamp utmp (that is, tell the utmp helper process to do so),
  * or not.
  */
 if (pty_utmp_helper_pipe >= 0) {   /* if it's < 0, we can't anyway */
 if (!conf_get_int(conf, CONF_stamp_utmp)) {
 close(pty_utmp_helper_pipe);   /* just let the child process 
die */
 pty_utmp_helper_pipe = -1;
 } else {
 [...]
 }
 }

 Because I've set `+ut' on the command-line, `CONF_stamp_utmp' is
 off, and we close our pipe to the helper, which is running this:

 while (1) {

 ret = read(pipefd[0], buffer, lenof(buffer));
 if (ret <= 0) {
 cleanup_utmp();
 _exit(0);
 } else
[...]
 }

 So the helper will quit as soon as it notices.  When that happens,
 the main `pterm' process gets `SIGCHLD', which is going to run

 static void sigchld_handler(int signum)
 {
 if (write(pty_signal_pipe[1], "x", 1) <= 0)
 /* not much we can do about it */;
 }

 Ahh!  But what's `pty_signal_pipe[1]' at this point?

  3. Well, it's funny you should ask that.  It starts out as -1 because

 /*
  * The pty_signal_pipe, along with the SIGCHLD handler, must be
  * process-global rather than session-specific.
  */
 static int pty_signal_pipe[2] = { -1, -1 };   /* obviously bogus 
initial val */

 and is set at the /end/ of `pty_init':

 if (pty_signal_pipe[0] < 0) {
 if (pipe(pty_signal_pipe) < 0) {
 perror("pipe");
 exit(1);
 }
 cloexec(pty_signal_pipe[0]);
 cloexec(pty_signal_pipe[1]);
 }

So what goes wrong is that sometimes (mostly, in fact, at least on my
machine), the `SIGCHLD' comes before the signal pipe is established: the
`write' fails with `EBADF' because `pty_signal_pipe[1]' is still -1, but
this is ignored (though honestly we're in a signal handler at this point
and good options aren't readily available), and the child process is
left as a zombie.

The following patch fixes this for me.

--
diff --git a/unix/uxpty.c b/unix/uxpty.c
index 8be507d5..57ce02f6 100644
--- a/unix/uxpty.c
+++ b/unix/uxpty.c
@@ -757,6 +757,15 @@ static const char *pty_init(void *frontend, void 
**backend_handle, Conf *conf,
 pty->term_width = conf_get_int(conf, CONF_width);
 pty->term_height = conf_get_int(conf, CONF_height);
 
+if (pty_signal_pipe[0] < 0) {
+   if (pipe(pty_signal_pipe) < 0) {
+   perror("pipe");
+   exit(1);
+   }
+   cloexec(pty_signal_pipe[0]);
+   cloexec(pty_signal_pipe[1]);
+}
+
 if (pty->master_fd < 0)
pty_open_master(pty);
 
@@ -1008,14 +1017,6 @@ static const char *pty_init(void *frontend, void 
**backend_handle, Conf *conf,
add234(ptys_by_pid, pty);
 }
 
-if (pty_signal_pipe[0] < 0) {
-   if (pipe(pty_signal_pipe) < 0) {
-   perror("pipe");
-   exit(1);
-   }
-   cloexec(pty_signal_pipe[0]);
-   cloexec(pty_signal_pipe[1]);
-}
 pty_uxsel_setup(pty);
 
 *backend_handle = pty;
--

This also affects sid, and current upstream master.  The necessary patch
is superficially different because the code has been refactored and has
grown new features in the meantime, but the basic problem is the same
even if the guts of `pty_init' are now in `pty_backend_create':

--
diff --git a/unix/uxpty.c b/unix/uxpty.c
index 346fdb55..09c5ecb0 100644
--- a/unix/uxpty.c
+++ b/unix/uxpty.c
@@ -890,6 +890,15 @@ Backend *pty_backend_create(
 pty->fds[i].pty = pty;
 }
 
+if (pty_signal_pipe[0] < 0) {
+if (pipe(pty_signal_pipe) < 0) {
+perror("pipe");
+exit(1);
+}
+cloexec(pty_signal_pipe[0]);
+clo

Bug#944713: www.debian.org: Developer Locations map empty

2020-05-01 Thread Holger Wansing 
Hi,

Uwe Kleine-König  wrote:
> https://www.debian.org/devel/developers.loc shows a world map without
> the usual markers for the coordinats where DDs live. Also
> https://www.debian.org/devel/developers.coords is empty.

The '6map' cron script at wolkenstein relays on a so-called 'markers' file
under /var/lib/misc/wolkenstein.debian.org/ and this file is empty too:

debwww@wolkenstein:/home/holgerw$ ls -la 
/var/lib/misc/wolkenstein.debian.org/markers 
-rw-r--r-- 1 root root 0 Mai  1 18:06 
/var/lib/misc/wolkenstein.debian.org/markers

Therefore, no DD locations are added to the earth image.

I fail to see where exactly this markers file is populated from.

Any pointers?


Holger


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#958053: buster-pu: package schleuder/3.4.0-2+deb10u3

2020-05-01 Thread Georg Faerber 
Hi Adam,

On 20-05-01 11:18:55, Adam D. Barratt wrote:
> I'm going to defer to your judgement here, and hope that this turns
> out to be the correct fix. Please go ahead.

Thanks, uploaded accordingly.

Cheers,
Georg

Bug#853915: reportbug: Retrieved base64 messages aren't decoded

2020-05-01 Thread Nis Martensen 
 When running e.g. `reportbug -N 853037`, a bunch of base64 is 
 displayed instead of the actual content of the messages.

> Could the BTS SOAP interface be changed to return the decoded message
> body of signed messages? Being able to deal with all other kinds of
> complex MIME messages is not really necessary.

I've been looking at the tools interacting here and am not yet sure
where the bug is.

Python-debianbts, when retrieving a bug log via the BTS SOAP interface,
receives each buglog element (message) already split into header and
body [get_bug_log]. If the body is base64-encoded, it gets decoded
before the function returns the bug log. Python-debianbts also attempts
to reconstruct something resembling the original full message by using
the feedparser, and includes that in the buglog elements (dicts) it
returns. I am not sure how reliable that message reconstruction is, but
I suspect it is not perfect.

[get_bug_log]:
https://github.com/venthur/python-debianbts/blob/master/debianbts/debianbts.py#L298

Now I'd like to understand the constraints better under which
python-debianbts is operating:
What exactly is the BTS supposed to deliver via SOAP as the message body
part of the bug log? If the message is a simple text/plain email, is the
body expected to be already decoded or not? If the message is some
MIME/multipart construct, is the body then expected to be the main text
message part only or should it just be everything that is not part of
the main message headers?

I've been trying to look at the debbugs code to find the answer to these
questions, but with limited success so far. Looking at
lib/Debbugs/SOAP.pm in subroutine get_bug_log, it uses Debbugs::MIME's
parse function to split the messages into header and body:
https://salsa.debian.org/debbugs-team/debbugs/-/blob/master/lib/Debbugs/SOAP.pm#L249
`parse` in turn uses `getmailbody`, which definitely tries to extract
the main text message part and does not just dump everything that isn't
part of the primary message headers. So either something does not work
as expected there, or I'm simply looking at the wrong code and should be
looking somewhere else.

Ideas?

In the meantime I have come up with a workaround for this in reportbug,
but it would still be useful to know if everything else is working as
intended or not.

Bug#955637: marked as done (ITS: font-manager)

2020-05-01 Thread Alessio Treglia 
Hi,

Please go ahead, feel free to take over.

Thanks.

-- 
Alessio Treglia  | www.alessiotreglia.com
Debian Developer | ales...@debian.org
Ubuntu Core Developer|  quadris...@ubuntu.com
0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A

Bug#959366: python3-seaborn: Allow fallback to scipy when statsmodels is present and issues runtime errors

2020-05-01 Thread Étienne Mollier 
Hi Andreas,

Andreas Tille, on 2020-05-01 22:51:36 +0200:
> I injected seaborn 0.10.1.  I might have misunderstood whether
> simply unploading seaborn 0.10.1 is sufficient or whether
> an additional patch is needed.

The patch appeared between versions 0.10.0 and 0.10.1, uploading
0.10.1 should be sufficient.

> Kind regards (and sorry if I seem a bit stupid - I had some
> wine after our video conference :-P ;-) )

No problem if the upgrade has to wait a bit, the package won't
be removed from Bullseye tomorrow.  ;)

Kind Regards,
-- 
Étienne Mollier 
Fingerprint:  5ab1 4edf 63bb ccff 8b54  2fa9 59da 56fe fff3 882d
Help find cures against the Covid-19 !  Give CPU cycles:
  * Rosetta@home: https://boinc.bakerlab.org/rosetta/
  * Folding@home: https://foldingathome.org/

Bug#959394: perlapi-5.28.1: Package Won't Install

2020-05-01 Thread Brian Farnell 
Package: perlapi-5.28.1
Severity: important

Dear Maintainer,

The package will not install

libgtk2-perl : Depends: perlapi-5.28.1 but it is not installable

perlapi-5.28.1 should be provided by perl-base which is already intalled on the
sytem.




-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (100, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#959113: guava-libraries: Please update to recent upstream (v25.1 or later)

2020-05-01 Thread Emmanuel Bourg 
Hi Olek,

Le 29/04/2020 à 15:38, Olek Wojnar a écrit :

> Please update guava-libraries to a newer version. This is necessary for
> properly packaging Bazel in Debian. Bazel is currently using version 25.1.


Did you try building Bazel with the version 19 of Guava currently packaged?

Emmanuel Bourg

Bug#915972: Broken policy documentation links in p.d.o

2020-05-01 Thread Holger Wansing 

Laura Arjona Reina  wrote:
> As reported in the mail message below (thanks Alfred!, you may want to
> subscribe to the bug number or even submit a patch), some links in
> packages.debian.org need to be updated to point to the current Debian
> Policy URLs.
> 
> I have searched for debian-policy links in the packages repo
> (https://salsa.debian.org/webmaster-team/packages) and tried the URLs
> found. These ones need to be updated:
> 
> lib/Parse/DebianChangelog.pm:1258:L.
> 
> templates/config/archive_layout.tmpl:22:main =>
> 'https://www.debian.org/doc/debian-policy/#the-main-archive-area',
> 
> templates/config/archive_layout.tmpl:23:contrib =>
> 'https://www.debian.org/doc/debian-policy/#the-contrib-archive-area',
> 
> templates/config/archive_layout.tmpl:24:'non-free' =>
> 'https://www.debian.org/doc/debian-policy/#the-non-free-archive-area',
> 
> templates/html/show.tmpl:61:[%- PROCESS marker text=g('essential')
> title=g('package manager will refuse to remove this package by default')
> url='https://www.debian.org/doc/debian-policy/#essential-packages' IF
> page.get_newest('essential') == 'yes' %]

I have created an refreshed patch according to the current situation (aka the 
current version of debian-policy on the webpage).

I will apply it shortly, if there are no objections.



Holger


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076
diff --git a/lib/Parse/DebianChangelog.pm b/lib/Parse/DebianChangelog.pm
index cc48e1b..e6a87f4 100644
--- a/lib/Parse/DebianChangelog.pm
+++ b/lib/Parse/DebianChangelog.pm
@@ -1255,7 +1255,7 @@ with only one of the options specified.
 Parse::DebianChangelog::Entry, Parse::DebianChangelog::ChangesFilters
 
 Description of the Debian changelog format in the Debian policy:
-L.
+L.
 
 =head1 AUTHOR
 
diff --git a/templates/config/archive_layout.tmpl b/templates/config/archive_layout.tmpl
index 4bb5dba..e5354bc 100644
--- a/templates/config/archive_layout.tmpl
+++ b/templates/config/archive_layout.tmpl
@@ -19,9 +19,9 @@
 }
 
section_urls = {
-main => 'https://www.debian.org/doc/debian-policy/#the-main-archive-area',
-contrib => 'https://www.debian.org/doc/debian-policy/#the-contrib-archive-area',
-'non-free' => 'https://www.debian.org/doc/debian-policy/#the-non-free-archive-area',
+main => 'https://www.debian.org/doc/debian-policy/ch-archive.html#the-main-archive-area',
+contrib => 'https://www.debian.org/doc/debian-policy/ch-archive.html#the-contrib-archive-area',
+'non-free' => 'https://www.debian.org/doc/debian-policy/ch-archive.html#the-non-free-archive-area',
 }
 
 %]
diff --git a/templates/html/show.tmpl b/templates/html/show.tmpl
index a586f8c..aca8d2a 100644
--- a/templates/html/show.tmpl
+++ b/templates/html/show.tmpl
@@ -58,7 +58,7 @@
 [% END %]
 [%- PROCESS marker text=archive title=mirrors.$archive.title url=mirrors.$archive.url IF archive && archive != main_archive %]
 [%- PROCESS marker text=section title=section_titles.$section url=section_urls.$section IF section && section != main_section %]
-[%- PROCESS marker text=g('essential') title=g('package manager will refuse to remove this package by default') url='https://www.debian.org/doc/debian-policy/#essential-packages' IF page.get_newest('essential') == 'yes' %]
+[%- PROCESS marker text=g('essential') title=g('package manager will refuse to remove this package by default') url='https://www.debian.org/doc/debian-policy/ch-binary.html#essential-packages' IF page.get_newest('essential') == 'yes' %]
 
 [% UNLESS is_virtual %]
 
@@ -196,7 +196,7 @@
 	[% END %]
 [% ELSE %]
 
-	[% g('This is a virtual package. See the Debian policy for a definition of virtual packages.',
+	[% g('This is a virtual package. See the Debian policy for a definition of virtual packages.',
 		policy_url, policy_url) %]
 [% END %]

Bug#959154: Dead link for Debian KDE Team "Working with symbols files"

2020-05-01 Thread Nicholas D Steeves 
Holger Wansing  writes:
> Nicholas D Steeves  wrote:
[snip]
>> In #debian-qt-kde ScottK confirmed that this is the intended replacement:
>> 
>>   https://qt-kde-team.pages.debian.net/symbolfiles.html
>
> Fixed in git.
>
> Tagging this bug as pending
>

Thank you!
Nicholas


signature.asc
Description: PGP signature

Bug#959366: python3-seaborn: Allow fallback to scipy when statsmodels is present and issues runtime errors

2020-05-01 Thread Andreas Tille 
Hi Étienne,

On Fri, May 01, 2020 at 03:41:46PM +0200, Étienne Mollier wrote:
> 
> There is a patch upstream that fixes this issue, available at
> the following location:
> 
>   
> https://github.com/mwaskom/seaborn/commit/09fef026ad89a299e13db44fa5b92885fb5b2823
> 
> This patch is part of seaborn 0.10.1, so getting this fix
> brought to Sid will just be a matter of upgrading to that
> version or later, hopefuly.

I injected seaborn 0.10.1.  I might have misunderstood whether
simply unploading seaborn 0.10.1 is sufficient or whether
an additional patch is needed.
 
> Manually patching the file seaborn/distributions.py with
> upstream's approach to solving the problem allowed me to go
> through the autopkgtest suite of NanoPlot.

Just let me know if the current state of seaborn is fine or whether the
patch needs to be applied - the pure patch seems to be adaptions.

Kind regards (and sorry if I seem a bit stupid - I had some
wine after our video conference :-P ;-) )

 Andreas.

-- 
http://fam-tille.de

Bug#955648: seqsero: FTBFS: build-dependency not installable: sra-toolkit

2020-05-01 Thread Lucas Nussbaum 
On 14/04/20 at 10:50 +0200, Andreas Tille wrote:
> Hi Lucas,
> 
> this seems to have been a temporary issue.  Seqsero builds fine and all
> its (Build-)Depends are available.
> 
> > The full build log is available from:
> >http://qa-logs.debian.net/2020/04/02/seqsero_1.0.1+dfsg-2_unstable.log
> 
> Since this log seem to have vanished I'm closing this bug.

Huh? The log is available here.

In any case, no big deal. I will reopen if I can reproduce it.

Lucas

Bug#955268: udd watch: "429 too many requests" from GitHub

2020-05-01 Thread Lucas Nussbaum 
Hi

Unfortunately, the fix in devscripts 2.20.3 doesn't work, because watch
files don't use the GitHub API, but rather URLs such as
https://github.com/osallou/cassiopee-c/tags

So different rate limiting rules apply, and authenticating using HTTP
Basic Auth doesn't work.

I ended up implementing a different workaround: when the upstream
importer hits an error 429 for github, it then skips github for the
remaining of the run.

It means that we won't add junk about software hosted on github, but
that they might get tested less frequently.

Let's see if this fixes this problem... To count packages that still
show 429 errors, use:
select count(*) from upstream where watch_file ~ 'github' and warnings ~ '429';
At this point, we are down to 3919, compared to 5200+ before I deployed
the fix.

Lucas

Bug#958405: Wireguard package missing dependencies?

2020-05-01 Thread Daniel Kahn Gillmor 
Control: tags 958405 + moreinfo

Hi Tim--

On Tue 2020-04-21 14:43:32 +, Tim Smith wrote:
> There seems to be a discrepancy between the docs and reality.
>
> The docs (https://www.wireguard.com/install/) suggest that for Debian 10.3 
> all that is needed is to (a) enable backports, (b) run apt install wireguard 
> (c) Move on to the quick start walkthrough
>
> The reality is somewhat different.  Having completed (a) and (b), you are 
> left with the following scenario:
> sudo dkms status
> wireguard, 0.0.20200318: added
> However:
> sudo ip link add dev wg33 type wireguard
> RTNETLINK answers: Operation not supported
>
> I'm guessing a missing dependency ? But whichever way, the package needs 
> adjusting so things work as intended ?

that output of "dkms status" suggests that the wireguard kernel module
has not actually been built for your kernel.

Why hasn't it been built for your kernel? perhaps because you're missing
the linux-headers appropriate for your kernel (which should be a
Recommends: from the dkms package, which wireguard-dkms explicitly
Depends: upon), or something else?

We can't explicitly Depend: on headers for your kernel, because the
wireguard-dkms package itself don't know what kernel you have installed
on your computer, so we rely on the Recommends: part of dkms.  If you've
disabled installation of Recommends, then you need to know how to
manually get the pieces you need.

if you could show the full transcript of your attempt to install the
wireguard-dkms package, that might be a useful contribution to this bug
report.  but without that information, i don't have enough to help you
debug here!

all the best,

--dkg


signature.asc
Description: PGP signature

Bug#959393: ruby2.7 breaks diaspora-installer autopkgtest: sh: 1: bundle: not found

2020-05-01 Thread Paul Gevers 
Source: ruby2.7, diaspora-installer
Control: found -1 ruby2.7/2.7.0-6
Control: found -1 diaspora-installer/0.7.6.1+debian1
Severity: serious
Tags: sid bullseye
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of ruby2.7 the autopkgtest of diaspora-installer
fails in testing when that autopkgtest is run with the binary packages
of ruby2.7 from unstable. It passes when run with only packages from
testing. In tabular form:

   passfail
ruby2.7from testing2.7.0-6
diaspora-installer from testing0.7.6.1+debian1
all others from testingfrom testing

I copied some of the output at the bottom of this report. This change
makes diaspora-installer non-installable.

Currently this regression is blocking the migration of ruby2.7 to
testing [1]. Due to the nature of this issue, I filed this bug report
against both packages. Can you please investigate the situation and
reassign the bug to the right package?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=ruby2.7

https://ci.debian.net/data/autopkgtest/testing/amd64/d/diaspora-installer/5223437/log.gz

Setting up diaspora-installer (0.7.6.1+debian1) ...
Download diaspora tarball version 0.7.6.0 from github.com...
--2020-04-30 19:13:56--
https://github.com/diaspora/diaspora/archive/v0.7.6.0.tar.gz
Resolving github.com (github.com)... 192.30.255.113
Connecting to github.com (github.com)|192.30.255.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/diaspora/diaspora/tar.gz/v0.7.6.0
[following]
--2020-04-30 19:13:56--
https://codeload.github.com/diaspora/diaspora/tar.gz/v0.7.6.0
Resolving codeload.github.com (codeload.github.com)... 192.30.255.120
Connecting to codeload.github.com
(codeload.github.com)|192.30.255.120|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/x-gzip]
Saving to: ‘/var/cache/diaspora-installer/diaspora-0.7.6.0.tar.gz’


  /var/cach [<=> ]   0  --.-KB/s

 /var/cache [ <=>]   1.30M  6.40MB/s

/var/cache/diaspora [  <=>   ]   2.71M  7.50MB/sin
0.4s

2020-04-30 19:13:57 (7.50 MB/s) -
‘/var/cache/diaspora-installer/diaspora-0.7.6.0.tar.gz’ saved [2845165]

Checking integrity of download...
/var/cache/diaspora-installer/diaspora-0.7.6.0.tar.gz: OK
Extracting files...
Copying files to /usr/share/diaspora...
diaspora archive to copy: diaspora-0.7.6.0
Copying source tarball to /var/lib/diaspora/public...
Setting up environment varibales...
Using /etc/diaspora.conf...
export DB_NAME=diaspora_production
Using system bundler...
Installing gems with rubygems ...
sh: 1: bundle: not found
dpkg: error processing package diaspora-installer (--configure):
 installed diaspora-installer package post-installation script
subprocess returned error exit status 127
dpkg: dependency problems prevent configuration of autopkgtest-satdep:
 autopkgtest-satdep depends on diaspora-installer; however:
  Package diaspora-installer is not configured yet.

dpkg: error processing package autopkgtest-satdep (--configure):
 dependency problems - leaving unconfigured



signature.asc
Description: OpenPGP digital signature

Bug#959391: wordpress: CVE-2020-11025 CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 CVE-2020-11030

2020-05-01 Thread Salvatore Bonaccorso 
Source: wordpress
Version: 5.4+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

The following vulnerabilities were published for wordpress.

Fortunately this time additionally to [6], there are GHSA advisories
associated with each of this CVEs (advantage of hosting a project on
github I would say :)). Now they list some ranges of affected
versions, and I'm interested to track which are actually not affecting
buster and stretch. Could you check if those are actually acurate? For
example CVE-2020-11030 lists via the GHSA as affected versions 5.2 to
5.4, and patched in 5.4.1, 5.3.3 and 5.2.6. Is this correct so which
would mean buster and stretch are not affected?

CVE-2020-11025[0]:
| In affected versions of WordPress, a cross-site scripting (XSS)
| vulnerability in the navigation section of Customizer allows
| JavaScript code to be executed. Exploitation requires an authenticated
| user. This has been patched in version 5.4.1, along with all the
| previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5,
| 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27,
| 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).


CVE-2020-11026[1]:
| In affected versions of WordPress, files with a specially crafted name
| when uploaded to the Media section can lead to script execution upon
| accessing the file. This requires an authenticated user with
| privileges to upload files. This has been patched in version 5.4.1,
| along with all the previously affected versions via a minor release
| (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21,
| 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).


CVE-2020-11027[2]:
| In affected versions of WordPress, a password reset link emailed to a
| user does not expire upon changing the user password. Access would be
| needed to the email account of the user by a malicious party for
| successful execution. This has been patched in version 5.4.1, along
| with all the previously affected versions via a minor release (5.3.3,
| 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22,
| 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).


CVE-2020-11028[3]:
| In affected versions of WordPress, some private posts, which were
| previously public, can result in unauthenticated disclosure under a
| specific set of conditions. This has been patched in version 5.4.1,
| along with all the previously affected versions via a minor release
| (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21,
| 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).


CVE-2020-11029[4]:
| In affected versions of WordPress, a vulnerability in the stats()
| method of class-wp-object-cache.php can be exploited to execute cross-
| site scripting (XSS) attacks. This has been patched in version 5.4.1,
| along with all the previously affected versions via a minor release
| (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21,
| 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).


CVE-2020-11030[5]:
| In affected versions of WordPress, a special payload can be crafted
| that can lead to scripts getting executed within the search block of
| the block editor. This requires an authenticated user with the ability
| to add content. This has been patched in version 5.4.1, along with all
| the previously affected versions via a minor release (5.3.3, 5.2.6,
| 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23,
| 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-11025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11025
[1] https://security-tracker.debian.org/tracker/CVE-2020-11026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11026
[2] https://security-tracker.debian.org/tracker/CVE-2020-11027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11027
[3] https://security-tracker.debian.org/tracker/CVE-2020-11028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11028
[4] https://security-tracker.debian.org/tracker/CVE-2020-11029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11029
[5] https://security-tracker.debian.org/tracker/CVE-2020-11030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11030
[6] 
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates

Regards,
Salvatore

Bug#959392: ruby-faye: CVE-2020-11020

2020-05-01 Thread Salvatore Bonaccorso 
Source: ruby-faye
Version: 1.2.4-1
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

The following vulnerability was published for ruby-faye.

CVE-2020-11020[0]:
| Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4,
| 1.1.3 and 1.2.5, has the potential for authentication bypass in the
| extension system. The vulnerability allows any client to bypass checks
| put in place by server-side extensions, by appending extra segments to
| the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-11020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11020
[1] https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
[2] https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e

Regards,
Salvatore

Bug#959390: adwaita-icon-theme breaks gtk+3.0 autopkgtest: gtk+/icontheme.test (Child process killed by signal 5)

2020-05-01 Thread Paul Gevers 
Source: adwaita-icon-theme, gtk+3.0
Control: found -1 adwaita-icon-theme/3.36.1-1
Control: found -1 gtk+3.0/3.24.18-1
Severity: serious
Tags: sid bullseye
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of adwaita-icon-theme the autopkgtest of gtk+3.0
fails in testing when that autopkgtest is run with the binary packages
of adwaita-icon-theme from unstable. It passes when run with only
packages from testing. In tabular form:

   passfail
adwaita-icon-theme from testing3.36.1-1
gtk+3.0from testing3.24.18-1
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration of
adwaita-icon-theme to testing [1]. Due to the nature of this issue, I
filed this bug report against both packages. Can you please investigate
the situation and reassign the bug to the right package?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=adwaita-icon-theme

https://ci.debian.net/data/autopkgtest/testing/amd64/g/gtk+3.0/5236284/log.gz

# Running test: gtk+/icontheme.test
# FAIL: gtk+/icontheme.test (Child process killed by signal 5)
not ok - gtk+/icontheme.test



signature.asc
Description: OpenPGP digital signature

Bug#955547: waagent 2.2.45-4~deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 955547 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: waagent
Version: 2.2.45-4~deb10u1

Explanation: new upstream release; support co-installation with cloud-init

Bug#924146: [Bug#924146] www.debian.org: possible leftover: norwegian/Bugs/pseudo-packages.inc

2020-05-01 Thread Holger Wansing 


Cyril Brulebois  wrote:
> Tracking down another issue, I've spotted that one particular language has an 
> inc file that appears to be an older copy of a inc file that's otherwise 
> only in the english/ directory:
> 
> norwegian/Bugs/pseudo-packages.inc
> 
> As the following file correctly references (includes) the file under
> english/ instead of the one under norwegian/ (which is what is done for
> other languages as well), it might be safe to simply delete it? I didn't
> double check that though.

I checked that, the file in norwegian/Bugs is not used at all, so removed
and bug closed.

Holger


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#959222: closed by Debian FTP Masters (reply to Michael Tokarev ) (Bug#959222: fixed in qemu 1:5.0-4)

2020-05-01 Thread contact 
Hi,

Thanks for the timely bug fix. I believe there's still some improper quoting
on line 115 of binfmt-install
(https://salsa.debian.org/qemu-team/qemu/-/blob/9ce886cd819b1f9900b84c55f416977e8f418d27/debian/binfmt-install#L115).

Instead of:

ifs="\$IFS"; IFS=:; set $action; IFS="\$ifs"

I believe it should be:

ifs="$IFS"; IFS=:; set $action; IFS="$ifs"

I don't think this is causing any issues currently, but it could break future
modifications to binfmt-install, since the shell will interpret the characters
'$', 'i', 'f', and 's' as separators.

Bug#958709:

2020-05-01 Thread lennox 
I performed other tests and I noticed that when I switch to the ati graphic
cards the glitches/artifacts go away but they come back when I switch back
to the intel integrated card, which make me suspect the culprit might be
the i915 driver.

Another strange thing I noticed, which is 100% reproducible, is that when
the system wakes up after being in suspended mode, the glitches/artifacts
are gone.

Bug#959389: autopkgtest-build-qemu: Support for vmdb2->qemu-debootstrap

2020-05-01 Thread Christian Kastner 
Package: autopkgtest
Version: 5.13.1
Severity: wishlist
Tags: patch

Please find attached a patch to enable qemu-debootstrap support in
autopkgtest-build-qemu.

With this patch, I could successfully build and boot an i386 image on an
amd64 host.

It won't work for architectures that don't use grub-pc; that would need
further extensions to the vmdb2 configuration code.
>From 10dcc76db32d36cdfaf9a33aed56696c9553a1af Mon Sep 17 00:00:00 2001
From: Christian Kastner 
Date: Fri, 1 May 2020 21:10:50 +0200
Subject: [PATCH] autopkgtest-build-qemu: Support for vmdb2->qemu-debootstrap

This makes it possible to build i386 images on an amd64 host, for
example.

This only works for architectures that use BIOS GRUB. To extend this to
other architectures, the vmdb2 configuration would need to be extended
again.
---
 tools/autopkgtest-build-qemu | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/tools/autopkgtest-build-qemu b/tools/autopkgtest-build-qemu
index 16fdc2a..6a68ba8 100755
--- a/tools/autopkgtest-build-qemu
+++ b/tools/autopkgtest-build-qemu
@@ -235,6 +235,16 @@ case "$mirror" in
 ;;
 esac
 
+
+if [ "$architecture" = "$(dpkg --print-architecture)" ]; then
+debootstrap_cmd=debootstrap
+debootstrap_arch=
+else
+debootstrap_cmd=qemu-debootstrap
+debootstrap_arch="arch: $architecture"
+fi
+
+
 vmdb2_config=$(mktemp)
 trap "rm -rf $vmdb2_config" INT TERM EXIT
 cat > "$vmdb2_config" <

Bug#958419: swi-prolog 8.1.29 in Debian

2020-05-01 Thread Jan Wielemaker 

Hi Lev, Jonas,

I've uploaded 8.1.30.  We should be getting really close to 8.2
now.  There are a couple of outstanding issues, notably for the
development tools.

Cheers --- Jan

On 4/30/20 3:13 PM, Lev Lamberov wrote:

Sure, that's what we need. Thanks, Jan!

Bug#959388: torbrowser fails to start due to lacking fonts/* entry in apparmor

2020-05-01 Thread Santiago R.R. 
Package: torbrowser-launcher
Version: 0.3.2-10
Severity: important
Tags: patch

When trying to launch torbrowser, I got this:

type=1400 audit(1588360736.602:285): apparmor="DENIED"
operation="link" profile="torbrowser_firefox"

name="/home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_es-ES/Browser/fonts/.uuid.LCK"
pid=368816 comm="firefox.real" requested_mask="l" denied_mask="l"
fsuid=1000 ouid=1000

target="/home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_es-ES/Browser/fonts/.uuid.TMP-8RQs3m"

The attached patch seems to have fixed here the issue.

Thanks for maintaining torbrowser-launcher!

 -- S


-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.5.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=es_CO.UTF-8, LC_CTYPE=es_CO.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_CO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages torbrowser-launcher depends on:
ii  ca-certificates   20190110
ii  libdbus-glib-1-2  0.110-5
ii  python3   3.8.2-3
ii  python3-gpg   1.13.1-7+b1
ii  python3-pyqt5 5.14.2+dfsg-1+b1
ii  python3-requests  2.23.0+dfsg-2
ii  python3-socks 1.6.8+dfsg-1

Versions of packages torbrowser-launcher recommends:
ii  tor  0.4.2.7-1

Versions of packages torbrowser-launcher suggests:
ii  apparmor  2.13.4-1+b1

-- Configuration Files:
/etc/apparmor.d/torbrowser.Browser.firefox changed [not included]

-- no debconf information
--- torbrowser.Browser.firefox.orig	2020-05-01 21:38:49.701044777 +0200
+++ torbrowser.Browser.firefox	2020-05-01 21:38:39.40119 +0200
@@ -68,6 +68,7 @@
   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
   owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/{,**} rwk,
   owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
+  owner @{torbrowser_home_dir}/fonts/* l,
   owner @{torbrowser_home_dir}/TorBrowser/Tor/tor px,
   owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
   owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,


signature.asc
Description: PGP signature

Bug#959375: /usr/bin/slabtop: Bad column widths

2020-05-01 Thread Philipp Marek 
Package: procps
Version: 2:3.3.16-4
Severity: minor
File: /usr/bin/slabtop

The column output is broken:

OBJS ACTIVE  USE OBJ SIZE  SLABS OBJ/SLAB CACHE SIZE NAME   
  1898064 1822570  96%0,19K  90384   21361536K dentry
  1698638 1549739  91%1,10K  58580   29   1874560K btrfs_inode
  394536 317256  80%0,08K   7736   51 30944K Acpi-State
  331576 172365  51%0,57K  11848   28189568K radix_tree_node
  325528 290842  89%0,14K  11626   28 46504K btrfs_extent_map
  297180 260604  87%0,30K  11430   26 91440K btrfs_delayed_node
  178560 164904  92%0,06K   2790   64 11160K kmalloc-rcl-64

Please allow 7 digits in "OBJS" and "ACTIVE".

Perhaps the cumulative SIZE needs to get a "M" (and "G"?) unit?


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.5.0-1-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_AT:de (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages procps depends on:
ii  init-system-helpers  1.57
ii  libc62.30-4
ii  libncurses6  6.2-1
ii  libncursesw6 6.2-1
ii  libprocps8   2:3.3.16-4
ii  libtinfo66.2-1
ii  lsb-base 11.1.0

Versions of packages procps recommends:
ii  psmisc  23.3-1

procps suggests no packages.

-- Configuration Files:
/etc/sysctl.conf changed [not included]

-- no debconf information

--

Bug#959135: gdc -debuglib not supported

2020-05-01 Thread Iain Buclaw 
On 29/04/2020 21:31, Witold Baryluk wrote:> 
> But reading the source and reading between the lines of the manpage,
> maybe it should be stated in the manpage as '-debuglib libname', similar
> to '-defaultlib libname'?
> 

Man pages have been fixed in gdc-10 to say '-debuglib=libname'

Iain

Bug#959101: buster-pu: package debian-security-support/2020.04.16~deb10u2

2020-05-01 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Wed, 2020-04-29 at 13:26 +0200, Holger Levsen wrote:
> I'd like to update debian-security-support in buster, preferedly to
> the version in bullseye (modulo changelog entry), as I think the
> changes are safe and sane also because this will make updating the
> package in future easier.

The attached diff appears to be for the unstable package, rather than
the proposed buster one.

However, assuming that the only difference will be an additional
changelog stanza, then please go ahead. Please attach the final debdiff
for the record.

Regards,

Adam

Bug#954845: closed by Debian FTP Masters (reply to Sven Joachim ) (Bug#954845: fixed in xterm 354-1)

2020-05-01 Thread Harald Dunkel 

I tried it on sid, and I have backported the new version to Stretch and Buster 
in
a local repository. Works very well

Big improvement. Keep on your good work


Harri

Bug#959387: paraview-dev: missing cmake vtk modules in the dev package, cannot use

2020-05-01 Thread Mark.Olesen 
Package: paraview-dev
Version: 5.7.0-4ubuntu9
Severity: important

Dear Maintainer,

The paraview-dev package does not install cmake files for the vtk
modules used in paraview:

   /usr/lib/x86_64-linux-gnu/cmake/paraview-5.7/vtk/

This means that the VTK-config.cmake is not found and the dev package
cannot actually be used at all.

I believe that this directory is new with paraview-5.7, since they
(upstream) juggled the entire cmake modules system.

-- System Information:
Debian Release: bullseye/sid
  APT prefers focal-updates
  APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-28-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to C.UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to 
C.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages paraview-dev depends on:
ii  libc6   2.31-0ubuntu9
ii  libeigen3-dev   3.3.7-2
ii  paraview5.7.0-4ubuntu9
ii  qttools5-dev-tools  5.12.8-0ubuntu1

paraview-dev recommends no packages.

paraview-dev suggests no packages.

-- no debconf information

Bug#958916: taglib 1.11.1+dfsg.1-0.3+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 958916 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: taglib
Version: 1.11.1+dfsg.1-0.3+deb10u1

Explanation: fix corruption issues with OGG files

Bug#959224: scilab 6.0.1-10+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 959224 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: scilab
Version: 6.0.1-10+deb10u1

Explanation: fix library loading with OpenJDK 11.0.7

Bug#956890: zfs-linux 0.7.12-2+deb10u2 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 956890 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: zfs-linux
Version: 0.7.12-2+deb10u2

Explanation: fix potential deadlock issues

Bug#949921: uim 1.8.8-4+deb10u3 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 949921 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: uim
Version: 1.8.8-4+deb10u3

Explanation: libuim-data.postinst: unregister not-installed modules, fixing 
regression in previous upload

Bug#959197: typo

2020-05-01 Thread jk18buugz 
Typo, everything is on Linux 5.4.35 as shown in the syslog

Bug#959386: src:php-imagick: fails to migrate to testing for too long: FTBFS on armel

2020-05-01 Thread Paul Gevers 
Source: php-imagick
Version: 3.4.4-3
Severity: serious
Control: close -1 3.4.4-4
Tags: sid bullseye
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

As recently announced [1], the Release Team now considers packages that
are out-of-sync between testing and unstable for more than 60 days as
having a Release Critical bug in testing. Your package src:php-imagick
in its current version in unstable has been trying to migrate for 60
days [2]. Hence, I am filing this bug.

If a package is out of sync between unstable and testing for a longer
period, this usually means that bugs in the package in testing cannot be
fixed via unstable. Additionally, blocked packages can have impact on
other packages, which makes preparing for the release more difficult.
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that
hamper the migration of their package in a timely manner.

This bug will trigger auto-removal when appropriate. As with all new
bugs, there will be at least 30 days before the package is auto-removed.

I have immediately closed this bug with the version in unstable, so if
that version or a later version migrates, this bug will no longer affect
testing. I have also tagged this bug to only affect sid and bullseye, so
it doesn't affect (old-)stable.

If you believe your package is unable to migrate to testing due to
issues beyond your control, don't hesitate to contact the Release Team.

Paul

[1] https://lists.debian.org/debian-devel-announce/2020/02/msg5.html
[2] https://qa.debian.org/excuses.php?package=php-imagick




signature.asc
Description: OpenPGP digital signature

Bug#929389: patch to fix #929389

2020-05-01 Thread Holger Wansing 
FYI: 
I have also corrected the link on the webpage (www.d.o/doc/devel-manuals),
since it still pointed to the old .txt variant.

Holger



Holger Wansing  wrote:
> Hi Lev,
> 
> Lev Lamberov  wrote:
> > Hi,
> > 
> > please find attached a trivial patch to fix #929389.
> > 
> > Cheers!
> > Lev Lamberov
> 
> I have just applied your patch, thanks!
> 
> So the issue should be fixed within the next hours.
> 
> Regards
> Holger
> 
> 
> > ===File
> > /home/dogsleg/path/to/cron/parts/0001-7doc-Install-yaml-files.-Closes-929389.patch===
> > >From e3edaebe4de5efb24993cb8e2e7634ced15a4c42 Mon Sep 17 00:00:00 2001
> > From: Lev Lamberov 
> > Date: Thu, 30 Apr 2020 13:53:57 +0500
> > Subject: [PATCH] [7doc] Install yaml files. Closes: #929389
> > 
> > ---
> >  parts/7doc | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/parts/7doc b/parts/7doc
> > index be23353..2eb9906 100755
> > --- a/parts/7doc
> > +++ b/parts/7doc
> > @@ -57,7 +57,7 @@ else # NO ADD
> > lang0=""
> >  fi
> >  
> > -for ext in epub pdf txt text ps; do
> > +for ext in epub pdf txt text yaml ps; do
> > sourcepath=$basedir/${namedoc}${lang0}.$ext
> > if [ -f "`readlink -f $sourcepath.gz`" ]; then
> > rm -f $sourcepath
> > -- 
> > 2.26.2
> > 
> > 
> > 
> 
> 
> -- 
> Holger Wansing 
> PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#959385: bugs.debian.org: default open with app

2020-05-01 Thread Harold Meneley 
Package: bugs.debian.org
Severity: normal



-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

can't change default open with app of .bmp files after associating with 
shotwell photo viewer. Tried thru caja

Bug#943664: Solution for PowerMac11,2

2020-05-01 Thread Ralf P. 
On Fri, May 01, 2020 at 09:10:50AM +0200, Michel Dänzer wrote:

> > Note: For me this triggers another bug: If I run my AMD Radeon
> > hardware accelerated the X11 internal font server shows garbled
> > (sometimes looking like reversed) characters.
> > Client side font rendering (Firefox, LibreOffice, Emacs, sakura)
> > works.
> > My Nvidia card is affected too. Until now I have no soultion for this.
> 
> Sounds like https://gitlab.freedesktop.org/xorg/xserver/-/issues/1011 .

Confirmed!

Setting "AccelMethod" to "EXA" in xorg.conf
-> all characters are OK

Setting "AccelMethod" to "glamor" in xorg.conf
-> all characters are garbled/mirrored


@Michel: Thank you very much for this hint.

@Michel: You already replied to:
 https://gitlab.freedesktop.org/xorg/xserver/-/issues/1011
 Do you want me to confirm the bug on freedesktop.org for PPC64?

Bug#959384: similarity-tester: Fix compilation warnings and enable reproductible builds.

2020-05-01 Thread Benoît 
Package: similarity-tester
Version: 3.0.2-1+b1
Severity: normal
Tags: patch

Dear Maintainer,

here's patch to fix compilation warnings and actually enable
reproductible builds.

Upstream seems totally dead but this software is really
important to me.

Thank you.


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages similarity-tester depends on:
ii  libc6  2.30-4

similarity-tester recommends no packages.

similarity-tester suggests no packages.

-- debconf-show failed
>From 613976535663abc254b5f48e2b22215fb55a675a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Dejean?= 
Date: Fri, 1 May 2020 20:17:15 +0200
Subject: [PATCH] Enable and fix compilation warnings.

---
 ForEachFile.c | 4 ++--
 Makefile  | 3 ++-
 Malloc.c  | 2 +-
 compare.c | 4 ++--
 debug.c   | 3 ++-
 options.c | 2 ++
 pass3.c   | 2 +-
 7 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/ForEachFile.c b/ForEachFile.c
index a7b9166..991fe6d 100644
--- a/ForEachFile.c
+++ b/ForEachFile.c
@@ -122,8 +122,8 @@ do_dir(
Closedir(dir);
 }
 
-static MSDOS_sep = (Fchar)'\\';
-static UNIX_sep = (Fchar)'/';
+static const char MSDOS_sep = (Fchar)'\\';
+static const char UNIX_sep = (Fchar)'/';
 
 static void
 clean_name(Fchar *Fn) {
diff --git a/Makefile b/Makefile
index 7bce7f6..6416dad 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,7 @@
 #
 
 #VERSION="-DVERSION=\"3.0.2 of 2017-12-16\""   # uncomment for public version
+VERSION="-DVERSION=\"3.0.2-2 Debian\""
 
 #  E N T R Y   P O I N T S
 
@@ -78,7 +79,7 @@ GROFF =   man2pdf
 export DEB_BUILD_MAINT_OPTIONS=hardening=+all
 # Compiling
 MEMORY =   -DMEMCHECK -DMEMCLOBBER
-CFLAGS =   $(VERSION) $(MEMORY) -O4  $(shell dpkg-buildflags --get 
CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS) -fPIC
+CFLAGS =   $(VERSION) $(MEMORY) -Wall $(shell dpkg-buildflags --get 
CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS) -fPIC
 LIBFLAGS = #
 LINTFLAGS =-Dlint_test $(MEMORY) -h# -X
 LOADFLAGS =-s $(shell dpkg-buildflags --get LDFLAGS) # strip symbol table
diff --git a/Malloc.c b/Malloc.c
index 39ed530..cde504f 100644
--- a/Malloc.c
+++ b/Malloc.c
@@ -57,7 +57,7 @@ struct alloc {/* corresponds to an allocated block */
 
 #defineHASH_SIZE   16381   /* largest prime under 2^16 */
 static struct alloc *alloc_bucket[HASH_SIZE];
-#definealloc_bucket_for(x) alloc_bucket[((unsigned 
int)(x)%HASH_SIZE)]
+#definealloc_bucket_for(x) alloc_bucket[((size_t)(x)%HASH_SIZE)]
 
/* MEMORY STATUS */
 
diff --git a/compare.c b/compare.c
index 189f607..2feb340 100644
--- a/compare.c
+++ b/compare.c
@@ -33,8 +33,8 @@ in_range(size_t i, const struct range *rg) {
return (rg->rg_start <= i && i < rg->rg_limit);
} else {
/* looped-around range */
-   return (rg->rg_start <= i && i < end_of_text
-   || beginning_of_text <= i && i < rg->rg_limit);
+   return (rg->rg_start <= i && i < end_of_text)
+   || (beginning_of_text <= i && i < rg->rg_limit);
}
 }
 
diff --git a/debug.c b/debug.c
index e27c335..3828007 100644
--- a/debug.c
+++ b/debug.c
@@ -3,6 +3,7 @@
$Id: debug.c,v 1.8 2017-12-08 18:07:16 Gebruiker Exp $
 */
 
+#include   
 #include   
 #include   
 #include   
@@ -26,7 +27,7 @@
 
 static void
 wr_char(char ch) {
-   write(2, &ch, 1);
+   fputc(ch, stderr);
 }
 
 static void
diff --git a/options.c b/options.c
index 0416f6e..59ccd78 100644
--- a/options.c
+++ b/options.c
@@ -121,6 +121,8 @@ opt_value(
case String:
*(const char **)op->op_value = string;
break;
+   default:
+   break;
}
 
return consumed;
diff --git a/pass3.c b/pass3.c
index 9c0be1b..7c4de66 100644
--- a/pass3.c
+++ b/pass3.c
@@ -185,7 +185,7 @@ print_line(FILE *f, pts max_line_length) {
utf8_box u; clear_utf8_box(&u);
 
int len;
-   while (len = fill_ubox(f, &u)) {
+   while ((len = fill_ubox(f, &u))) {
/* take a critical look at what we've got */
char u0 = u.text[0];
if (u0 == '\n') break;  /* stop on end of line*/
-- 
2.26.0

Bug#959081: libssh 0.8.7-1+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 959081 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: libssh
Version: 0.8.7-1+deb10u1

Explanation: fix possible DoS in client and server when handling AES-CTR keys 
with OpenSSL [CVE-2020-1730]

Bug#947102: filezilla 3.39.0-2+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 947102 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: filezilla
Version: 3.39.0-2+deb10u1

Explanation: fix untrusted search path vulnerability [CVE-2019-5429]

Bug#958969: gosa 2.7.4+reloaded3-8+deb10u2 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 958969 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: gosa
Version: 2.7.4+reloaded3-8+deb10u2

Explanation: replace (un)serialize with json_encode/json_decode to mitigate PHP 
object injection [CVE-2019-14466]

Bug#959383: xpra: all vts lock when starting xpra from a console

2020-05-01 Thread Bradley M. Kuhn 
Package: xpra
Version: 3.0.4+dfsg1-1~bpo10+1
Severity: normal

xpra is a very useful tool, thank you for packaging it for Debian.

Trying to work around and produce test cases for Debian Bug #959382 , I
attempted to start xpra session by logging into a standard vt console and
running xpra from the shell.  So, just switch to vt1, log in to a regular
user account, and type:

  $ xpra start :1002 --start=xterm

I get:
Entering daemon mode; any further errors will be reported to:
  /run/user/1000/xpra/:1002.log

However, at that point, all vt's lock up entirely; so much so that C-ALT-F1-7
do nothing and no input can be typed.

However, the power button worked and allowed me to shutdown, so systemd was
presumably still responding to the power button press.

-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (202, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-0.bpo.4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xpra depends on:
ii  adduser   3.118
ii  gir1.2-gtk-3.03.24.5-1
ii  init-system-helpers   1.56+nmu1
ii  libavcodec58  7:4.1.4-1~deb10u1
ii  libavformat58 7:4.1.4-1~deb10u1
ii  libavutil56   7:4.1.4-1~deb10u1
ii  libc6 2.28-10
ii  libcairo2 1.16.0-4
ii  libglib2.0-0  2.58.3-2+deb10u2
ii  libgtk-3-03.24.5-1
ii  libpam0g  1.3.1-5
ii  libswscale5   7:4.1.4-1~deb10u1
ii  libsystemd0   244.3-1~bpo10+1
ii  libturbojpeg0 1:1.5.2-2+b1
ii  libvpx5   1.7.0-3+deb10u1
ii  libwebp6  0.6.1-2
ii  libx11-6  2:1.6.7-1
ii  libx264-155   2:0.155.2917+git0a84d98-2
ii  libx265-165   2.9-4
ii  libxcomposite11:0.4.4-2
ii  libxdamage1   1:1.1.4-3+b3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes31:5.0.3-1
ii  libxi62:1.7.9-1
ii  libxkbfile1   1:1.0.9-2+b11
ii  libxrandr22:1.5.1-1
ii  libxtst6  2:1.2.3-1
ii  python3   3.7.3-1
ii  python3-gi-cairo  3.30.4-1
ii  python3-rencode   1.0.5-1+b2
ii  x11-xserver-utils 7.7+8
ii  xserver-xorg-input-void   1:1.4.1-1+b2
ii  xserver-xorg-video-dummy  1:0.3.8-1+b1

Versions of packages xpra recommends:
ii  gir1.2-appindicator3-0.1  0.4.92-7
ii  keyboard-configuration1.193~deb10u1
ii  openssh-client1:7.9p1-10+deb10u2
ii  python3-brotli1.0.7-2
ii  python3-cpuinfo   4.0.0-1
ii  python3-dbus  1.2.8-3
ii  python3-dns   3.2.0-2
ii  python3-gssapi1.4.1-1+b1
ii  python3-kerberos  1.1.14-2
ii  python3-lz4   1.1.0+dfsg-1
ii  python3-lzo   1.12-2
ii  python3-numpy 1:1.16.2-1
ii  python3-opengl3.1.0+dfsg-2
ii  python3-paramiko  2.6.0-1~bpo10+1
ii  python3-pil   5.4.1-2+deb10u1
ii  python3-setproctitle  1.1.10-1+b2
ii  python3-uritools  2.2.0-1
ii  python3-xdg   0.25-5
ii  python3-zeroconf  0.21.3-1
ii  ssh-askpass   1:1.2.4.1-10

Versions of packages xpra suggests:
ii  cups-client2.2.10-6+deb10u2
ii  cups-common2.2.10-6+deb10u2
ii  cups-filters   1.21.6-5
pn  cups-pdf   
ii  gstreamer1.0-plugins-bad   1.14.4-1+b1
ii  gstreamer1.0-plugins-base  1.14.4-2
ii  gstreamer1.0-plugins-good  1.14.4-1
ii  gstreamer1.0-plugins-ugly  1.14.4-1
ii  openssh-server 1:7.9p1-10+deb10u2
ii  pulseaudio 13.0-3~bpo10+1
ii  pulseaudio-utils   13.0-3~bpo10+1
ii  python3-cryptography   2.6.1-3+deb10u2
ii  python3-cups   1.9.73-2+b1
ii  python3-gst-1.01.14.4-1+b1
pn  python3-netifaces  
pn  python3-opencv 
ii  python3-pyinotify  0.9.6-1
pn  python3-pyopencl   
pn  python3-uinput 
pn  python3-yaml   
pn  v4l2loopback-dkms  

-- no debconf information

Bug#958994: tzdata 2020a-0+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 958994 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: tzdata
Version: 2020a-0+deb10u1

Explanation: new upstream stable release

Bug#958931: node-mongodb 3.1.13+~3.1.11-2+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 958931 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: node-mongodb
Version: 3.1.13+~3.1.11-2+deb10u1

Explanation: reject invalid _bsontypes [CVE-2019-2391 CVE-2020-7610]

Bug#951761: opam 2.0.3-1+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 951761 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: opam
Version: 2.0.3-1+deb10u1

Explanation: prefer mccs over aspcud

Bug#953647: proftpd-dfsg 1.3.6-4+deb10u5 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 953647 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: proftpd-dfsg
Version: 1.3.6-4+deb10u5

Explanation: fix memory access issue in keyboard-interative code in mod_sftp; 
properly handle DEBUG, IGNORE, DISCONNECT, and UNIMPLEMENTED messages in 
keyboard-interactive mode

Bug#948381: owfs 3.2p3+dfsg1-2+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 948381 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: owfs
Version: 3.2p3+dfsg1-2+deb10u1

Explanation: remove broken Python 3 packages

Bug#959380: mpd: Can't disable mpd easily

2020-05-01 Thread kaliko 
Hi,

Le 01/05/2020 à 18:48, eingousef a écrit :
> I'd like to disable mpd at startup to only enable it when I need
> it. (e.g., in a user console : mpd ; ncmpc ; mpd --kill;)

With the current setup and using systemd you can disable mpd.service and keep 
mpd.socket
enabled :

systemctl disable mpd.service
systemctl enable mpd.socket

Then mpd is disable at startup but mpd.socket will launched it as soon as a 
client open
[::]:6600 over the network or locally /run/mpd/socket.


> The only way I've found to disable the service permanently is to
> comment the line […]

What's wrong with systemd commands:

systemctl stop mpd
systemctl disable mpd

That will prevent mpd from starting at boot (both service and socket) but allow 
you to
run it when you want with "systemctl start mpd".

Is this a better solution for your use case?
Cheers
k



signature.asc
Description: OpenPGP digital signature

Bug#932251: spl-linux 0.7.12-2+deb10u1 flagged for acceptance

2020-05-01 Thread Adam D Barratt 
package release.debian.org
tags 932251 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: spl-linux
Version: 0.7.12-2+deb10u1

Explanation: fix deadlock

Bug#959223: fcitx won't start anymore

2020-05-01 Thread Bernhard Übelacker 
control: found -1 1:4.2.9.7-3
control: notfound -1 4.2.9.7-3



Dear Maintainer,
I tried to collect some more information form the backtrace at
the end of the information in the submitters linked diagnose.

Below are the source locations where the backtraces points to.

Kind regards,
Bernhard




0x5927 in OnException at ./src/core/errorhandler.c:173
0x7fa6ea4ca7e0 <__restore_rt>
0x77c188ef in std::__shared_ptr_access::_M_get() const at 
/usr/include/c++/9/bits/shared_ptr_base.h:1020
// might be near 
rime::ConfigData::ConvertFromYaml(YAML::Node const&, rime::ConfigCompiler*) at 
./src/rime/config/config_data.cc:251
0x77c19982 in 
rime::ConfigData::LoadFromFile(std::__cxx11::basic_string, std::allocator > const&, rime::ConfigCompiler*) 
at ./src/rime/config/config_data.cc:68
0x77cfce0d in rime::InstallationUpdate::Run(rime::Deployer*) at 
/usr/include/boost/filesystem/path.hpp:435
0x77bd61c3 in rime::Deployer::RunTask(std::__cxx11::basic_string, std::allocator > const&, boost::any) at 
./src/rime/deployer.cc:42
0x77bb67c6 in RimeStartMaintenance(Bool) at 
/usr/include/c++/9/ext/new_allocator.h:80
0x77fa5e16 in FcitxRimeStart at ./src/fcitx-rime.c:97
0x77fa64ac in FcitxRimeCreate at ./src/fcitx-rime.c:114
0x77fbb1ea in FcitxInstanceLoadIM at ./src/lib/fcitx/ime.c:329
0x77fbe388 in FcitxInstanceSwitchIMInternal at 
./src/lib/fcitx/ime.c:1183
0x77fbcca5 in FcitxInstanceUpdateCurrentIM at ./src/lib/fcitx/ime.c:1511
0x77fbd491 in FcitxInstanceUpdateIMList at ./src/lib/fcitx/ime.c:2027
0x77fbdf82 in FcitxInstanceLoadAllIM at ./src/lib/fcitx/ime.c:542
0x77fb412f in RunInstance at ./src/lib/fcitx/instance.c:279
0x77fb4b27 in FcitxInstanceRun at ./src/lib/fcitx/instance.c:140
0x52bf in main at ./src/core/fcitx.c:80
0x77dabe0b in __libc_start_main at ../csu/libc-start.c:308
0x533a <_start+36>


https://github.com/rime/librime/blob/master/src/rime/config/config_data.cc#L68
https://github.com/rime/librime/blob/master/src/rime/config/config_data.cc#L251

Bug#959382: light-locker: when xpra running alongside regular login, light-locker-command -l yields unrecoverable session

2020-05-01 Thread Bradley M. Kuhn 
Package: light-locker
Version: 1.8.0-3
Severity: important
Control: affects -1 xpra

Thanks so much as always for your work to make Debian a great desktop
environment.

TL;DR of my bug report: if you have an xpra session running, a lock (either
one triggered automatically by timeout or running `light-locker-command -l`
on DISPLAY :0) will lock up both VT7 and VT8 in a pattern that seems like an
X session is being restarted over and over.  Holding down C-A-F1 to get to
VT1 to race with it can get you back to a non-graphical login and you can
restart lightdm entirely, which does recover the situation, but I've found no
method to recover other than that.

I tried this against both these xpra packages (one from buster and one from
buster-backports); 2.4.3+dfsg1-1 and 3.0.4+dfsg1-1~bpo10+1

Here's the full details:

Note that the reportbug script included my
`/etc/xdg/autostart/light-locker.desktop` because I changed this one line to
get you more debug output, so the only change there is:
Exec=light-locker --debug

but note the problem occurs regardless of whether or not `--debug` is added
there.

First, the "working run-through":

Log in as normal.  light-locker reports this in debug:

[main] light-locker.c:142 (08:57:43):initializing light-locker 1.8.0
[main] light-locker.c:164 (08:57:43):Platform:
gtk:3
systemd:yes
ConsoleKit: no
UPower: yes
[main] light-locker.c:196 (08:57:43):Features:
lock-after-screensaver: yes
late-locking:   yes
lock-on-suspend:yes
lock-on-lid:yes
settings backend:   GSETTINGS
[main] light-locker.c:198 (08:57:43):lock after screensaver 5
[main] light-locker.c:199 (08:57:43):late locking 0
[main] light-locker.c:200 (08:57:43):lock on suspend 1
[main] light-locker.c:201 (08:57:43):lock on lid 0
[main] light-locker.c:202 (08:57:43):idle hint 0
[init_session_id] gs-listener-dbus.c:2196 (08:57:43):Got session-id: 
/org/freedesktop/login1/session/_368
[init_session_id] gs-listener-dbus.c:2206 (08:57:43):Got sd-session-id: 68
[init_seat_path] gs-listener-dbus.c:2287 (08:57:43): Got seat: 
/org/freedesktop/DisplayManager/Seat0
[gs_listener_delay_suspend] gs-listener-dbus.c:449 (08:57:43):   Delay suspend
[gs_listener_x11_acquire] gs-listener-x11.c:172 (08:57:43):  ScreenSaver 
Registered
[listener_dbus_handle_system_message] gs-listener-dbus.c:1343 (08:57:43):   
 obj_path=/org/freedesktop/DBus interface=org.freedesktop.DBus 
method=NameAcquired destination=:1.7069


Run this command in a xterm:
  $ light-locker-command -l

Lock works as completely expected.  I am swtiched to vt8 with the lock
screen.  If I use C-A-F7 to get back to v7 it tells me that the session is
locked, only way I can get back in is answsering prompt on vt8, and when I do
it puts me back unlocked into my xession vt7.  Here is the debug output I get
from that operation:

[listener_dbus_handle_session_message] gs-listener-dbus.c:1010 (09:05:05):  
 Received Lock request
[gs_grab_grab_root] gs-grab-x11.c:647 (09:05:05):Grabbing the root 
window
[gs_grab_get_keyboard] gs-grab-x11.c:153 (09:05:05): Grabbing keyboard 
widget=11F
[gs_grab_get_mouse] gs-grab-x11.c:213 (09:05:05):Grabbing mouse 
widget=11F
[gs_manager_create_windows_for_screen] gs-manager.c:548 (09:05:05):  
Creating 2 windows for screen 0
[gs_manager_create_window_for_monitor] gs-manager.c:324 (09:05:05):  
Creating window for monitor 0 [0,0] (1680x1050)
[gs_manager_create_window_for_monitor] gs-manager.c:324 (09:05:05):  
Creating window for monitor 1 [1680,0] (1920x1200)
[update_geometry] gs-window-x11.c:197 (09:05:05):got geometry for 
monitor 0: x=0 y=0 w=1680 h=1050
[update_geometry] gs-window-x11.c:210 (09:05:05):using geometry for 
monitor 0: x=0 y=0 w=1680 h=1050
[update_geometry] gs-window-x11.c:197 (09:05:05):got geometry for 
monitor 0: x=0 y=0 w=1680 h=1050
[update_geometry] gs-window-x11.c:210 (09:05:05):using geometry for 
monitor 0: x=0 y=0 w=1680 h=1050
[gs_window_move_resize_window] gs-window-x11.c:243 (09:05:05):   Move and/or 
resize window on monitor 0: x=0 y=0 w=1680 h=1050
[update_geometry] gs-window-x11.c:197 (09:05:05):got geometry for 
monitor 0: x=0 y=0 w=1680 h=1050
[update_geometry] gs-window-x11.c:210 (09:05:05):using geometry for 
monitor 0: x=0 y=0 w=1680 h=1050
[gs_window_move_resize_window] gs-window-x11.c:243 (09:05:05):   Move and/or 
resize window on monitor 0: x=0 y=0 w=1680 h=1050
[update_geometry] gs-window-x11.c:197 (09:05:05):got geometry for 
monitor 0: x=0 y=0 w=1680 h=1050
[update_geometry] gs-window-x11.c:210 (09:05:05):using geometry for 
monitor 0: x=0 y=0 w=1680 h=1050
[gs_window_move_resize_window] gs-window-x11.c:243 (09:05:05):   Move and/or 
resize window on monitor 0: x=0 y=0 w=1680 h=1050
[update_geometry] gs-window-x11.c:197 (09:05:05):got geometry for 
monitor 1: x=1680 y=0 w=1920 h=1200
[update_

Bug#959381: bugs dependencies

2020-05-01 Thread Étienne Mollier 
block 959381 by 842420
thanks

Bug#959359: ITP: php-horde-sesha -- A simple Inventory App for Horde

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: sesha
 Version : 1.0.0RC3
 Upstream Author : Jan Schneider , Ralf Lang 

 URL : http://horde.org/
 License : GPL-2.0
 Programming Lang: PHP
 Description : A simple Inventory App for Horde

 Sesha allows you to define categories with a rich set of attributes to manage 
your inventory stock
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959361: ITP: php-horde-whups -- Ticket-tracking application

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: whups
 Version : 3.0.12
 Upstream Author : Chuck Hagenbuch , Jan Schneider 

 URL : http://horde.org/
 License : BSD-2-Clause
 Programming Lang: PHP
 Description : Ticket-tracking application

 Whups is a Horde ticket-tracking application. It is very flexible in design, 
and can be used for help-desk requests, tracking software development, and 
anything else that needs to track a set of requests and their status.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959362: ITP: php-horde-wicked -- Wiki application

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: wicked
 Version : 2.0.8
 Upstream Author : Jan Schneider , Chuck Hagenbuch 

 URL : http://horde.org/
 License : GPL-2.0
 Programming Lang: PHP
 Description : Wiki application

 Wicked is a wiki application for Horde.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959360: ITP: php-horde-scheduler -- Horde Scheduler System

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: Horde_Scheduler
 Version : 2.0.3
 Upstream Author : Chuck Hagenbuch 
 URL : http://horde.org/
 License : LGPL-2.1
 Programming Lang: PHP
 Description : Horde Scheduler System

 Horde Scheduler System
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959354: ITP: php-horde-xml-wbxml -- Horde_Xml_Wbxml provides an API for encoding and decoding WBXML documents used in SyncML and other wireless applications

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: Horde_Xml_Wbxml
 Version : 2.0.3
 Upstream Author : Chuck Hagenbuch , Jan Schneider 

 URL : http://horde.org/
 License : LGPL-2.1
 Programming Lang: PHP
 Description : Horde_Xml_Wbxml provides an API for encoding and decoding 
WBXML documents used in SyncML and other wireless applications

 Encoding and decoding of WBXML (Wireless Binary XML) documents. WBXML is used 
in SyncML for transferring smaller amounts of data with wireless devices.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959352: ITP: php-horde-text-filter-jsmin -- Horde Text Filter - Jsmin PHP Driver

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: Horde_Text_Filter_Jsmin
 Version : 1.0.2
 Upstream Author : Michael Slusarz 
 URL : http://horde.org/
 License : JSMin
 Programming Lang: PHP
 Description : Horde Text Filter - Jsmin PHP Driver

 The JSMin javascript minifier driver for use with the Horde_Text_Filter 
package.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959355: ITP: php-horde-lz4 -- Horde LZ4 Compression Extension

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: horde_lz4
 Version : 1.0.10
 Upstream Author : Michael Slusarz 
 URL : http://horde.org/
 License : MIT (Expat)
 Programming Lang: PHP
 Description : Horde LZ4 Compression Extension

 PHP extension that implements the LZ4 compression algorithm - an extremely 
fast lossless compression algorithm.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959347: ITP: php-horde-service-gravatar -- API accessor for gravatar.com

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: Horde_Service_Gravatar
 Version : 1.0.1
 Upstream Author : Michael Slusarz , Gunnar Wrobel 

 URL : http://horde.org/
 License : LGPL-2.1
 Programming Lang: PHP
 Description : API accessor for gravatar.com

 A library for accessing the Avatar services at gravatar.com.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959340: ITP: php-horde-memcache -- Horde Memcache API

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: Horde_Memcache
 Version : 2.1.1
 Upstream Author : Michael Slusarz 
 URL : http://horde.org/
 License : LGPL-2.1
 Programming Lang: PHP
 Description : Horde Memcache API

 Provides an API to access a memcache installation.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959357: ITP: php-horde-ansel -- Photo gallery application

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: ansel
 Version : 3.0.10
 Upstream Author : Michael J Rubinsky , Jan Schneider 
, Chuck Hagenbuch 
 URL : http://horde.org/
 License : GPL-2.0
 Programming Lang: PHP
 Description : Photo gallery application

 Ansel is a full featured photo gallery application.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959349: ITP: php-horde-service-twitter -- Horde Twitter client

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: Horde_Service_Twitter
 Version : 2.1.6
 Upstream Author : Michael J Rubinsky 
 URL : http://horde.org/
 License : BSD-2-Clause
 Programming Lang: PHP
 Description : Horde Twitter client

 Client libraries for the Twitter REST API.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959348: ITP: php-horde-service-weather -- Horde Weather Provider.

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: Horde_Service_Weather
 Version : 2.5.4
 Upstream Author : Michael J Rubinsky 
 URL : http://horde.org/
 License : BSD-2-Clause
 Programming Lang: PHP
 Description : Horde Weather Provider.

 Set of classes that provide an abstraction to various online weather service 
providers. Includes drivers for WeatherUnderground and WorldWeatherOnline.
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

Bug#959353: ITP: php-horde-thrift -- Thrift

2020-05-01 Thread Mike Gabriel 
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 

 Package name: Horde_Thrift
 Version : 2.0.3
 Upstream Author : Chuck Hagenbuch 
 URL : http://horde.org/
 License : Apache 2.0
 Programming Lang: PHP
 Description : Thrift

 Packaged version of the PHP Thrift client
 .
 Unfortunately, this package has recently been removed from Debian
 unstable.
 .
 I am planning to re-upload this package and pick up maintenance of Horde
 in Debian..

  1   2   3   4   >