Bug#898338: plasma-workspace: Different components hang, high CPU load

[Dominik George]

OK, I found something:

When I kill plasmashell and start it again, in a terminal, I get the
following several times per second:

KActivities: Database can not be opened in WAL mode. Check the SQLite version 
(required >3.7.0). And whether your filesystem supports shared memory
Closing SQL connection:  "kactivities_db_resources_139838218086080_readonly"
KActivities ERROR: There is no database. This probably means that you do not 
have the Activity Manager running, or that something else is broken on your 
system. Recent documents and alike will not work!
KActivities: FATAL ERROR: Failed to contact the activity manager daemon

The last message of these is also filling up mi .xsession-errors, so I
figure it's the same error that is causing the hangs.

-nik


signature.asc
Description: PGP signature

Bug#898338: plasma-workspace: Different components hang, high CPU load

[Dominik George]

Interesting observation:

When the panel catches up and does something, it seems to still be stuck
somewhere back in time: It froze at 21:52, when I noticed, my wall clock
showed 22:12.  At 22:17, the panel clock jumped to 21:59, some task
switching requests got handled and my sound volume exploded (because some
5-6 minutes back, I used the volume up key).

All applications not linked directly to Plasma work absolutely flawlessly
and fast.


signature.asc
Description: PGP signature

Bug#898338: plasma-workspace: Different components hang, high CPU load

[Dominik George]

Heisann,

> You might want to try using a 4.15 kernel till:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898021
> gets fixed. If the issue solves itself using a 4.15 kernel please send
> a mail to this bug with line saying Control: block 898338 with 898021

Unfortunately, the issue persists, even with kernels as old as 4.13 (I did
not test older ones).

Cheers,
Nik


signature.asc
Description: PGP signature

Bug#888303: zbar: Ship python3-zbar package

[Dominik George]

Source: zbar
Version: 0.10+doc-10.1+b2
Followup-For: Bug #888303

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

This also blocks the introduction of the current version of SDAPS.

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=nb:en_GB:en_US (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlr0cV4xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p
ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTyltVVEACFpK3d
zVPo5oj3uQBX/NYY2ZTbIxlblIoK5bO4SsNsHt0RIomusE9UlBTpX8a/DCyi/rQc
+jxYfrCHR6GIWvCY5+6WlOX7iKpl85V+CIXowl+vh4O6UWKcPJT8Sa73F+g0siF5
UYDJfy19SEkPTqdbQY5KOxdDlAso2sndbhNqG3qgeUTe8QMm/A1n9ikGK77JBq2Y
Cx9eC3MBHxPDX565/7j5zvDEG43zMR2jUKSe2VCJ2u1B40wV7mbvMYG6EivjxrBw
/mR8z6AOCINSBQ4xWr+JYrjbh9v48VqqNbJsyDEb/jSObxWDsdjCLUK1HxVk2Jzr
03pZbNraJARtSPFjrau2uzuJhaEW083O40lDCrNKnsPEwqwoTWouulkXPUUPy/Me
fht3vOx0ZgtCAaHvJ90WCjS48O8B5ZGSEUBsbg8ny/FYCLVyWzeK37jIvP9vkyxg
l3E6hFpY4wCZKV2g5p3cB9LBjqIc3mppJGfICvKPZgZ9lP/9n7BNGUQjr/mpnAoD
MVWAmh34P7INRuz9MgXJdGWsWTTrfjx1MuK+zDqbEEFyxwBZo0klrYGnHGTMCk14
NKiQntnW8yzobjI1hNsLmfKHQr72sZs9ubWykE469hjSMSlploEelBV9dbdGTrTJ
I6zcfhEcb5pc21l0EgU7LZKeYfQEFXfTZH7QlQ==
=9JxC
-END PGP SIGNATURE-

Bug#898338: plasma-workspace: Different components hang, high CPU load

[Dominik George]

Package: plasma-workspace
Version: 4:5.12.5-1
Severity: important

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Since one of the three recent updates, the Plasma workspace is close to 
unusable.

 * Panel hangs completely, windows in the panel do not change, menu is
   unresponsive, clock is stuck
 * Window switcher reacts minutes after pressing Alt-Tab
 * Sometimes, some component triggered minutes before start popping up, drawing 
only their
   borders but no content

The plasmashell process is constantly consuming between 100% and 150% of CPU
time, and the Xorg process also uses around 100% when doing nothing special
UI-wise, but only sometimes.

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), 
LANGUAGE=nb:en_GB:en_US (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages plasma-workspace depends on:
ii  dbus-x11 1.12.8-2
ii  drkonqi  5.12.5-1
ii  frameworkintegration 5.45.0-1
ii  gdb  7.12-6+b1
ii  iso-codes3.79-1
ii  kactivitymanagerd5.12.5-1
ii  kde-cli-tools4:5.12.5-1
ii  kded55.45.0-1
ii  kinit5.45.0-1
ii  kio  5.45.0-1
ii  kpackagetool55.45.0-1
ii  kwin-common  4:5.12.5-1
ii  libappstreamqt2  0.12.0-3
ii  libc62.27-3
ii  libcln6  1.3.4-4
ii  libcolorcorrect5 4:5.12.5-1
ii  libgcc1  1:8.1.0-1
ii  libgps23 3.17-5
ii  libice6  2:1.0.9-2
ii  libkf5activities55.45.0-1
ii  libkf5auth5  5.45.0-1
ii  libkf5baloo5 5.45.0-1
ii  libkf5bookmarks5 5.45.0-1
ii  libkf5calendarevents55.45.0-1
ii  libkf5completion55.45.0-1
ii  libkf5config-bin 5.45.0-1
ii  libkf5configcore55.45.0-1
ii  libkf5configgui5 5.45.0-1
ii  libkf5configwidgets5 5.45.0-1
ii  libkf5coreaddons55.45.0-1
ii  libkf5crash5 5.45.0-1
ii  libkf5dbusaddons55.45.0-1
ii  libkf5declarative5   5.45.0-1
ii  libkf5globalaccel-bin5.45.0-1
ii  libkf5globalaccel5   5.45.0-1
ii  libkf5guiaddons5 5.45.0-1
ii  libkf5holidays5  1:5.45.0-1
ii  libkf5i18n5  5.45.0-1
ii  libkf5iconthemes55.45.0-1
ii  libkf5idletime5  5.45.0-1
ii  libkf5itemviews5 5.45.0-1
ii  libkf5jobwidgets55.45.0-1
ii  libkf5js55.45.0-1
ii  libkf5jsembed5   5.45.0-1
ii  libkf5kdelibs4support5   5.45.0-1
ii  libkf5kiocore5   5.45.0-1
ii  libkf5kiofilewidgets55.45.0-1
ii  libkf5kiogui55.45.0-1
ii  libkf5kiowidgets55.45.0-1
ii  libkf5networkmanagerqt6  5.45.0-1
ii  libkf5newstuff5  5.45.0-1
ii  libkf5notifications5 5.45.0-1
ii  libkf5notifyconfig5  5.45.0-1
ii  libkf5package5   5.45.0-1
ii  libkf5plasma55.45.0-1
ii  libkf5plasmaquick5   5.45.0-1
ii  libkf5prison55.45.0-1
ii  libkf5quickaddons5   5.45.0-1
ii  libkf5runner55.45.0-1
ii  libkf5service-bin5.45.0-1
ii  libkf5service5   5.45.0-1
ii  libkf5solid5 5.45.0-1
ii  libkf5texteditor55.45.0-1
ii  libkf5textwidgets5   5.45.0-1
ii  libkf5wallet-bin 5.45.0-1
ii  libkf5wallet55.45.0-1
ii  libkf5waylandclient5 4:5.45.0-1
ii  libkf5widgetsaddons5 5.45.0-1
ii  libkf5windowsystem5  5.45.0-1
ii  libkf5xmlgui55.45.0-1
ii  

Bug#895692: ejabberd: Does not use IPv6 for PostgreSQL and LDAP

[Dominik George]

Hi,

> could you please supply corresponding logs?

Here is the crash dump:

2018-04-14 19:50:16 =CRASH REPORT
  crasher:
initial call: pgsql_proto:init/1
pid: <0.516.0>
registered_name: []
exception exit: 
{{init,{error,nxdomain}},[{gen_server,init_it,6,[{file,"gen_server.erl"},{line,344}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}
ancestors: 
[<0.481.0>,'ejabberd_sql_sup_mercurius.teckids.org',ejabberd_rdbms,ejabberd_sup,<0.62.0>]
messages: []
links: []
dictionary: []
trap_exit: false
status: running
heap_size: 610
stack_size: 27
reductions: 349
  neighbours:

Error log:

2018-04-14 19:52:06.522 [error] <0.648.0>@eldap:connect_bind:1083 LDAP 
connection failed:
** Server: db.teckids.org:636
** Reason: nxdomain
** Socket options: [{packet,asn1},{active,true},{keepalive,true},binary]

ejabberd.log has nothing different.

> Also, have you tried configuring IPv6 addresses directly instead of 
> records to rule out wonky DNS?

See my initial report ;).  Putting an IPv6 address leads to the same error,
and ejabberd even seems to try to resolve it via a DNS forward query because
with an IPv6 address, the error also is nxdomain.

-nik


signature.asc
Description: PGP signature

Bug#895944: biboumi: Please allow listening on ident in systemd service file

[Dominik George]

Source: biboumi
Version: 7.2-2
Severity: wishlist

Biboumi can act as identd, in order to allow the IRC server to identify
users on a connection. If run as biboumi user, this user needs the
correct capabilities set to listen on port 113.

The following setting under the Service section of the systemd service
file enables that:

AmbientCapabilities=CAP_NET_BIND_SERVICE

Please consider adding it in the package.

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#895692: ejabberd: Does not use IPv6 for PostgreSQL and LDAP

[Dominik George]

Source: ejabberd
Version: 18.01-2
Severity: important
Tags: ipv6

ejabberd 18.01 fails hard when one of the SQL or LDAP hosts does not
have an A record and is IPv6 only. Providing an IPv6 address directly in
the configuration also fails. It looks like ejabberd does simply not
support AF_INET6 for its client sockets.

With IPv4 addresses running out on our infrastructure, we wanted to drop
IPv4 from all hosts not used directly from outside, and ejabberd turned
out to be a showstopper there because it cannot use our databases
anymore that way.

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#895680: esptool: please backport to stretch

[Dominik George]

Package: esptool
Version: 2.1+dfsg1-2
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

Teckids has need for esptool 2 in stretch, so we would love to see a
backport.

If this ok ok for the maintainer, I can offer to do that myself.  Please
just leave me a note, and ideally, grant me (Natureshadow) access to the
packaging repo on GitLab so I can track the branch there (or even better,
move to Salsa ;)).

Cheers,
Nik

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages esptool depends on:
ii  python3 3.6.5-3
ii  python3-ecdsa   0.13-3
ii  python3-pyaes   1.6.1-1
ii  python3-serial  3.4-2

esptool recommends no packages.

esptool suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlrSCHUxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p
ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylrGZD/0eLL5n
/HwsL/hWz8yfzgIzaTqwyNUrk1P97XoiVUAeKxZCqVFAUPs9W3HtubfsJf6YVfvZ
yaUhwHuBGoyVpWDR3Z4LKNpNVgU+eUUNRN7jG20tlbngTvY1pORruNxKOfEoXj/S
CAqOZsU/Q3/XuZ6fjSwa/MGkAN83tpOe4AXzgD8MfXeLBd4qlVO1opifqSU4n3dD
6c3NWwwuWTxOG3/8MsrZ5UW+10xdcqcrD8kkyJVRlzUpF4LPf6OlAPjl/VY7Whw+
gML/HKn2cgKMjYHSOtQJxhm53TUuZbN4MebhB4RVUdfvWYKpUeY3YUpTitXfDZNN
7EhCeesv42cTBo/1cAQubFo4T0pcgaXfDlDiu8Rt8hETl2WYkQB9iiOn3d3Qcba2
pNA/iVHuWnsYiCSnNzgjMzChVQRJF+1j1o2V60hwRGbFrrgVRcGlu0yUbVx67u1a
mKv61cXuj0qyUP8KcaIE4Lqa/PMNE249r7kHqodIv5V3M6cp8ISelK9YPWauUWxA
lAkrbY2e4hVTHqlPU4sQArlLq3N3obXstlbf8NNrQw9cDbEo904/GAdTp24XOYyo
rWpzcS9CNh+7807UbPyn0uQUU3MRNfEaSFDqoeqL61vj1jel6LU64f8zjt1Gz+BF
7Yi0PJe0TkIPXDmGX6MWfRASGFDDsISMduJ0PQ==
=k/8B
-END PGP SIGNATURE-

Bug#895596: stretch-pu: package xrdp/0.9.1-9+deb9u2

[Dominik George]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The last upload to stretch, fixing a minor security issue, had an incomplete
patch provided by upstream which can lead to memory corruption and crashes
in some cases.

The update was first negotiated with the security team, who proposed to
update via stretch-pu AND stretch-updates.

Find attached the debdiff.

N.B.: This is not an NMU - I am now using my debian.org mail address, but
did not want to change Uploaders: in a stable update (or should I?).

-BEGIN PGP SIGNATURE-

iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlrQbtsxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p
ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTyljN1D/9DMKk+
5+A2QnYFxVCeqKKhBt/Yc+dXb7CsyDW80nUZWnlyP0XHi4OChJg8+MyjKVMIMTmp
Vr5LBJbFDlDaQ/hqNY0KKqc4Md4PcEXF+krcN4nL0bEAdAFT7BdDJA+rFeoCGz8z
Vi2Ev0JkdWJndHuNMrGFZb0ESOxy+4vF1P7j7zrTvFfeXj/PowbIUzBGPBEQ8o6y
ELbMjXk0ma5gri9mvyv0xaRV7oDUhHA/czq1A+aM2anJmABaZJzLxWd/9YKcvzxV
Gyhv3dQtESd+fQOzbtqW1okhxPIOnaDcldRDjdvNNLsE7PMjcxq0PresNZkeBMKM
Yys7AInm3L8Pv2dHImAl7GSHyO6FpvFWy8DT9IdSgpz196X/Vx/I6do0lPPbqpWT
Q52vCQ21lR7F6FXYYwoDVzpGrM1OB6bOeJxmM6AnTfzwAKsF5g0+AGZuiW0i3AQj
guxhf5CnoVvUfxY7yixjOZUosvipdU/Fktcbs3rpE2tbHKV84pFcq+EJBjjzKMVc
p/rQW2UP53pZGvO45t5S0cwlnqRtxcXH15yyOfMGdx9jdAWcnVHB8h69TIi0jVWB
1s74hN1IpYbCLu63f/ei1NtOKEkJ8vvTl92omHp548G09oIJNenGTI8WQ1mBXzwg
ZqmqS081W7/dtRv+PiZkF+Gh8+QpQHk627f42w==
=H6gU
-END PGP SIGNATURE-
diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
--- xrdp-0.9.1/debian/changelog 2017-12-15 19:28:28.0 +0100
+++ xrdp-0.9.1/debian/changelog 2018-04-12 23:43:25.0 +0200
@@ -1,3 +1,10 @@
+xrdp (0.9.1-9+deb9u3) stretch; urgency=high
+
+  * Fix patch for CVE-2017-16927. (Closes: #884702)
++ Off-by-one mistake could crash xrdp in some cases.
+
+ -- Dominik George <naturesha...@debian.org>  Thu, 12 Apr 2018 23:43:25 +0200
+
 xrdp (0.9.1-9+deb9u2) stretch; urgency=medium
 
   * Fix CVE-2017-16927. (Closes: #882463)
diff -Nru xrdp-0.9.1/debian/patches/cve-2017-16927.patch 
xrdp-0.9.1/debian/patches/cve-2017-16927.patch
--- xrdp-0.9.1/debian/patches/cve-2017-16927.patch  2017-12-15 
19:28:28.0 +0100
+++ xrdp-0.9.1/debian/patches/cve-2017-16927.patch  2018-04-12 
23:43:25.0 +0200
@@ -18,7 +18,7 @@
  /* reading username */
  in_uint16_be(c->in_s, sz);
 -buf[sz] = '\0';
-+buf = g_new0(char, sz);
++buf = g_new0(char, sz + 1);
  in_uint8a(c->in_s, buf, sz);
 -
 +buf[sz] = '\0';
@@ -34,7 +34,7 @@
  /* reading password */
  in_uint16_be(c->in_s, sz);
 -buf[sz] = '\0';
-+buf = g_new0(char, sz);
++buf = g_new0(char, sz + 1);
  in_uint8a(c->in_s, buf, sz);
 -
 +buf[sz] = '\0';
@@ -53,7 +53,7 @@
  
  if (sz > 0)
  {
-+buf = g_new0(char, sz);
++buf = g_new0(char, sz + 1);
  in_uint8a(c->in_s, buf, sz);
  buf[sz] = '\0';
  scp_session_set_domain(session, buf);
@@ -65,7 +65,7 @@
  
  if (sz > 0)
  {
-+buf = g_new0(char, sz);
++buf = g_new0(char, sz + 1);
  in_uint8a(c->in_s, buf, sz);
  buf[sz] = '\0';
  scp_session_set_program(session, buf);
@@ -77,7 +77,7 @@
  
  if (sz > 0)
  {
-+buf = g_new0(char, sz);
++buf = g_new0(char, sz + 1);
  in_uint8a(c->in_s, buf, sz);
  buf[sz] = '\0';
  scp_session_set_directory(session, buf);
@@ -89,7 +89,7 @@
  
  if (sz > 0)
  {
-+buf = g_new0(char, sz);
++buf = g_new0(char, sz + 1);
  in_uint8a(c->in_s, buf, sz);
  buf[sz] = '\0';
  scp_session_set_client_ip(session, buf);
@@ -102,7 +102,7 @@
  /* reading username */
  in_uint16_be(c->in_s, sz);
 -buf[sz] = '\0';
-+buf = g_new0(char, sz);
++buf = g_new0(char, sz + 1);
  in_uint8a(c->in_s, buf, sz);
 +buf[sz] = '\0';
  
@@ -119,7 +119,7 @@
  /* reading password */
  in_uint16_be(c->in_s, sz);
 -buf[sz] = '\0';
-+buf = g_new0(char, sz);
++buf = g_new0(char, sz + 1);
  in_uint8a(c->in_s, buf, sz);
 +buf[sz] = '\0';
  

Bug#894560: pygame: Don't drop python2 package

[Dominik George]

Control: tags -1 + pending

Hi,

the next upload in a couple of days will re-introduce the python 2 package.

-nik


signature.asc
Description: PGP signature

Bug#884561: stretch-pu: package pam-krb5-migrate/0.0.11-4

[Dominik George]

Hi,

On Sun, Apr 01, 2018 at 10:45:10PM +0200, Andreas Beckmann wrote:
> On Sat, 31 Mar 2018 20:53:05 +0200 Dominik George
> <naturesha...@debian.org> wrote:
> > Files in second .deb but not in first
> > -
> > -rw-r--r--  root/root   /lib/security/pam_krb5_migrate_mit.so
> 
> > Files in first .deb but not in second
> > -
> > -rw-r--r--  root/root   
> > /lib/security/pam_krb5_migrate_mit.so/pam_krb5_migrate_mit.so
> 
> Does dpkg gracefully handle directory->file transitions?
> I know it intentionally doesn't do symlink<->directory transitions ...

Well, at least I successfully upgraded from the package in stretch to my new
version ☺.

-nik



signature.asc
Description: PGP signature

Bug#894560: pygame: Don't drop python2 package

[Dominik George]

Hi,

> Your latest upload drops the python-pygame pacakge but I count 35
> packages in Debian Testing that depend on it. Please restore the
> python-pygame package until all those packages no longer depend on it.
> 
> Even without a bug being filed, I believe the broken dependency issue
> would have prevented this package from migrating to Testing.

So, what's the use of that?

I do not target for testing - I target for buster and for sid.  Neither
pygame nor its dependencies, using Python 2, will survive the buster release
cycle, so there is no point in forcefully keeping it around in testing.  And
as you said: Non of this will transition until the problem is solved (either
by removal of the dependencies or their switch to Python 3).

All that will happen with and without the Python 2 version of Pygame.

-nik


signature.asc
Description: PGP signature

Bug#884561: stretch-pu: package pam-krb5-migrate/0.0.11-4

[Dominik George]

Control: tag -1 - moreinfo

Hi,

sorry for losing track of this ☹…

> Care to provide the binary debdiff as well?

Sure:

debdiff libpam-krb5-migrate-mit_0.0.11-4+b1_amd64.deb 
libpam-krb5-migrate-mit_0.0.11-4+deb9u1_amd64.deb
[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second .deb but not in first
-
-rw-r--r--  root/root   /lib/security/pam_krb5_migrate_mit.so
-rw-r--r--  root/root   
/usr/share/pam-configs/libpam-krb5-migrate-mit.pam-config

Files in first .deb but not in second
-
-rw-r--r--  root/root   
/lib/security/pam_krb5_migrate_mit.so/pam_krb5_migrate_mit.so
-rw-r--r--  root/root   
/usr/share/doc/libpam-krb5-migrate-mit/changelog.Debian.amd64.gz
-rw-r--r--  root/root   
/usr/share/pam-configs/krb5-migrate-mit/libpam-krb5-migrate-mit.pam-config

Control files: lines which differ (wdiff format)

Installed-Size: [-45-] {+42+}
Maintainer: [-Jelmer Vernooij <jel...@debian.org>-] {+Dominik George 
<n...@naturalnet.de>+}
Source: pam-krb5-migrate [-(0.0.11-4)-]
Version: [-0.0.11-4+b1-] {+0.0.11-4+deb9u1+}

> Also, when did this break?

I do not know. I adopted the package after the stretch release.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V. · Debian Developer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual

[Dominik George]

Hi,

> In Oslo we discussed about what should be the default desktop (being 
> MATE at that time); iirc we decided to keep KDE as default but to 
> recommend LXDE for LTSP clients. On the mailing lists there was feedback 
> (also after the Stretch release) that LXDE was well suited for LTSP. So 
> it's somehow known...

> […]

> KDE works quite well for profiles 'Standalone', 'Roaming-Workstation' 
> and 'Workstation'. Just for LTSP clients a decent desktop like KDE (or 
> GNOME) isn't really suited.

If MATE was the default, why was LXDE chosen?

Also, I do not think that MATE is not a "decent desktop".

For buster, please let's decide for one default for all, set that both
on the media and in the manual, and extra points for not diverting from
Debian's default ;).

-nik

-- 
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/


signature.asc
Description: PGP signature

Bug#893724: gajim: Cannot open preferences

[Dominik George]

Package: gajim
Version: 1.0.0-1
Severity: important

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

When trying to open preferences, I get the following error:

## Versions
- - OS: Linux
- - GTK+ Version: 3.22.29
- - PyGObject Version: 3.26.1
- - python-nbxmpp Version: 0.6.4
- - Gajim Version: 1.0.0

## Traceback
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/gajim/app_actions.py", line 56, in 
on_preferences
config.PreferencesWindow()
  File "/usr/lib/python3/dist-packages/gajim/config.py", line 402, in __init__
create_av_combobox('audio_input', AudioInputManager().get_devices())
  File "/usr/lib/python3/dist-packages/gajim/common/multimedia_helpers.py", 
line 30, in get_devices
self.detect()
  File "/usr/lib/python3/dist-packages/gajim/common/multimedia_helpers.py", 
line 60, in detect
'%s is-live=true name=gajim_vol')
  File "/usr/lib/python3/dist-packages/gajim/common/multimedia_helpers.py", 
line 36, in detect_element
if hasattr(element.props, 'device'):
AttributeError: 'NoneType' object has no attribute 'props'


I have PulseAudio running; this seems unrelated to the other bug.

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gajim depends on:
ii  gir1.2-gtk-3.03.22.29-1
ii  python3   3.6.4-1
ii  python3-gi3.26.1-2
ii  python3-gi-cairo  3.26.1-2
ii  python3-idna  2.6-1
ii  python3-nbxmpp0.6.4-1
ii  python3-openssl   17.5.0-1
ii  python3-pyasn10.4.2-3

Versions of packages gajim recommends:
ii  alsa-utils  1.1.3-1
ii  aspell-en [aspell-dictionary]   2017.08.24-0-0.1
ii  ca-certificates 20170717
ii  dbus1.12.6-2
ii  fonts-noto-color-emoji  0~20180102-1
ii  gajim-omemo 2.5.7-1
ii  gajim-pgp   1.2.2-1
ii  gir1.2-farstream-0.20.2.8-4
ii  gir1.2-geoclue-2.0  2.4.7-1
ii  gir1.2-gspell-1 1.6.1-1
ii  gir1.2-gst-plugins-base-1.0 1.14.0-1
ii  gir1.2-gstreamer-1.01.14.0-1
ii  gir1.2-gupnpigd-1.0 0.2.5-2
ii  gir1.2-networkmanager-1.0   1.10.6-2
ii  gir1.2-secret-1 0.18.5-6
ii  gstreamer0.10-plugins-ugly  0.10.19-2.1+b3
ii  notification-daemon 3.20.0-3
ii  plasma-workspace [notification-daemon]  4:5.12.3-1
ii  pulseaudio-utils11.1-4
ii  python3-crypto  2.6.1-8
ii  python3-dbus1.2.6-1
ii  python3-gnupg   0.4.1-2
ii  python3-keyring 10.6.0-1
ii  python3-pil 5.0.0-1
pn  python3-precis-i18n 
ii  sox 14.4.2-3

Versions of packages gajim suggests:
ii  avahi-daemon  0.7-3.1
ii  libxss1   1:1.2.2-1+b2
pn  nautilus-sendto   
pn  python3-avahi 
pn  python3-gconf 
pn  python3-gnome2
ii  python3-kerberos  1.1.14-1
ii  python3-pycurl7.43.0.1-0.2

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqyiYgxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pb+MBAAwhuO+rcviHekRZPWKGC5+H/oUeVB
96nEDTr+RiU0ocIfj1SBkEMJSmH5O6apJni9PDMjGGhhu7QfMSKYnGIq3moKysOP
8r00Jr0vzCIYAH6pEixkCKxwp1dqKw14pCaOU0JJ9cTYkq7D1/hAOshY/bybY/8T
BzM9hUdthi9ysWZS0SzthHUD/5Sz3A5y/yyHibeHvQWG2P6eShxyMV5vooWJNWBG
c6zYVF1ED14LwZNpiCGgtYOaXugLR2tNlRGwEP0XogQ0OpMR0ZaoHGhEa8ggPJEE
O0CzifuH4JRAyvUKbdeFPpgucAgO1ia0vFDqbeeaTE1BXhkStrkevIfyp6v8IAve
7Fk6QTa1WmzR+S+cuuKjZ8ourvjmn7WIwbLxfVq8gm+noBfXeRoX/aK2c4Xt50kU
uasDN9dimRAZpDFo7vUoeOPpBManv22PiPVjPz9HXfpauJo7Kq7YP+YDiVGoO9im
lcbMV+AXMs6TwWl8NNdjo6f2D6J95onNHGy0pnGzAQiH5yP2+9wFnsfy0wIkTgvw
Ik1jb1zLJjakwN1QkqwXHTbacEUYNC8Ril91XNV8QHszBjN9V3d2WetRSYw7jTMG
VDWSriwQ8YC6OpmFYETExJPJiGceDQ9Av1FtHuKQO2o+N4fZM71V+i/Wa64VMJgl
UKT3xrW+2Pw1DHI=
=p015
-END PGP SIGNATURE-

Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual

[Dominik George]

Hi,

On Sat, Mar 17, 2018 at 12:43:58AM +, Holger Levsen wrote:
> from irc:
> 
> < Natureshadow> 78 GiB reserved for "debianfreespace"
> < Natureshadow> And /var only 5.2 GiB
> < h01ger> Natureshadow: mybe put that in the bug? i know, ranting 
> on irc is fun, but
> < h01ger> and then you could also resize /var during installing...
> < h01ger> debian-edu-autofsresize will do the job nicely and is documented

Resizing the partitions during installation in the /target chroot works.

On Sun, Mar 18, 2018 at 08:01:34PM +0100, Wolfgang Schweer wrote:
> On Fri, Mar 16, 2018 at 05:19:01PM +0100, Dominik George wrote:
> > I spent two days trying to install Debian Edu (combined server) in a
> > virtual machine. I started with 100 GiB hard disk, then tried 150 GiB,
> > and finally 220 GiB. The LTSP chroot installation always fails with no
> > space left in /opt/var/cache/apt.
> >
> > Installing Debain Edu is not possible.
> 
> I was unable to reproduce it (recommended 'desktop=lxde' setting, see manual).
> 
> I figure you used 'desktop=kde' (default kernel command line entry, common for
> all profiles); in this single case LTSP installation fails reproducibly.

OK. I read the manual (again) and do find a short note that lxde should
be used for LTSP, but what you write here sounds like more than a simple
recommendation. Maybe the manual should be clearer about that (the note
is also very well hidedn, IMHO - the paragraph is about changing the
desktop environment from the default, so I'd skip reading it if I don't
care changing the default).

> In the past I've tested also this case taking into account that reading a
> manual isn't fun for most people and thus will simply hit return; back then
> the KDE variant used to work as well, enough space was left.

OK.

But really - we should absolutely test the installer as it comes out of
the box. I really think most people will want to use it that way.

> 
> Now, the netinstall ISO image being outdated and a lot of updated packages
> getting installed after point release 9.4, /var/cache/apt/archives is filled
> up and about 100 MiB space is missing.
> 
> (As LTSP mounts the server Apt cache and arch=i386 is the LTSP default, a 
> whole
> bunch of unneeded packages plus the updated ones show up.)

Oh. Sorry, I missed the bit about the differing archs!

> 
> That said, a simple workaround is (if someone really wants KDE for LTSP 
> clients):
> 
> After the Debian installer reported the LTSP menu item as failed:
> 
> (1) Activate a Debian installer shell.
> (2) Run 'rm target/opt/ltsp -rf'
> (3) Run 'rm target/var/cache/apt/archive/*_amd64.deb'
> (4) Go back to the installer gui.
> (5) Choose the LTSP menu item again.
> 
> One could use an even simpler solution:
> Once the LTSP changeroot installation has started, do steps (1) and (3); the
> installation will run without issues.
> 
> As far as Buster is concerned, the cache issue won't show up as the LTSP 
> chroot
> arch will be the same as the server one.

Great!

Cheers,
Nik


signature.asc
Description: PGP signature

Bug#893111: debian-edu-install: Consider LTSP PnP

[Dominik George]

Hi Wolfgang,

On Sun, Mar 18, 2018 at 07:58:35PM +0100, Wolfgang Schweer wrote:
> On Fri, Mar 16, 2018 at 04:42:40PM +0100, Dominik George wrote:
> 
> > LTSP got a new mode called LTSP-PnP, where the image for clients is not
> > built from a debootstrapped chroot, but rather from the host filesystem,
> > with ways to strip unwanted contents and change details before packing
> > the squashfs.
> 
> As far as I remember this has been developped some years ago for single 
> purpose
> LTSP installation (mostly at Greek schools). 

Hmm… I don't know where it originates, but following some threads on the
ltsp mailing list, they seem to consider it more or less the default.

> 
> > That would make Debain Edu a lot more easy on disk resources and the
> > installation a lot quicker, an also ease updates and changes to the
> > environment.
> 
> It doesn't fit the Debian Edu case and is way to unflexible, i.e. 
> doesn't allow to serve LTSP clients with different archs.

Modifying the chroot or building for another arch requires manual
intervention anyway, so I am not sure whether using the PnP mode would
mean a regression.

-nik


signature.asc
Description: PGP signature

Bug#893394: debian-edu-install: FQDN wrongly ends up in /etc/hostname on tjener

[Dominik George]

Hi Petter,

On Sun, Mar 18, 2018 at 07:17:06PM +0100, Petter Reinholdtsen wrote:
> [Dominik George]
> > However, on Debian systems, only the short hostname must be in
> > /etc/hostname
> 
> Why do you believe this to be true?  The /etc/hostname in Skolelinux /
> Debian Edu is intentionally FQDN.  Personally, based on many years of
> large scale *nix system administration, I believe it is the only
> sensible thing to store there.
> 
> In short, it is no mistake the FQDN is stored there.

I think that depends on how you define "mistake".

Reading hostname(1):

FILES
   /etc/hostname  Historically this file was supposed to only
   contain the hostname and not the full canonical FQDN. Nowadays
   most software is able to cope with a full FQDN here. This file is
   read at boot time by the system initialization scripts to set the
   hostname.

   /etc/hosts Usually, this is where one sets the domain name by
   aliasing the host name to the FQDN.


I know this is not what most Unix admins expect because Debian diverts
from the standard here, or used to. However, as the manual says, "most
software is able to cope with a full FQDN here". My point of view is
that we should rather stay in line with the Debian installer, and "most
software" is not "all software". I have recently at least seen one
backup tool fail because of this (although I agree it shouldn't break).

So, my opinion is: If there is no good reason in Debian Edu (as in,
software breaking, not beliefs), we should strip the domain part there
like Debian itself normally does.

-nik


signature.asc
Description: PGP signature

Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual

[Dominik George]

Hi,

>I figure you used 'desktop=kde' (default kernel command line entry,
>common for
>all profiles); in this single case LTSP installation fails
>reproducibly.

Yeah, well, that's what I meant by "default".

A diversion from defaults is a diversion from defaults, even if some text 
contradicts the defaults.

Why wasn't desktop=lxde made the default if it is the default?

-nik

Bug#893394: debian-edu-install: FQDN wrongly ends up in /etc/hostname on tjener

[Dominik George]

Hi,

>Why do you believe this to be true?  The /etc/hostname in Skolelinux /
>Debian Edu is intentionally FQDN.  Personally, based on many years of
>large scale *nix system administration, I believe it is the only
>sensible thing to store there.
>
>In short, it is no mistake the FQDN is stored there.

Depends how you define "mistake".

You are right for pretty much everything except Debian. Debian has always had 
the short name in there, c.f. 
https://manpages.debian.org/stretch/hostname/hostname.1.en.html

This also states that "most software can cope" with an FQDN there, but 
primarily it documents that the short name is the right thing to put there. We 
should work with documented behaviour rather than a hope involving the terms 
"most" and "cope with" rather than "all" and "expect".

-nik

Bug#893394: debian-edu-install: FQDN wrongly ends up in /etc/hostname on tjener

[Dominik George]

Source: debian-edu-install
Version: 1.916
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

When installing a tjener, the name tjener.intern ends up in the file
/etc/hostname. However, on Debian systems, only the short hostname must
be in /etc/hostname, the FQDN is always determined by resolving the
short name to an IP address and reverse-resolving that back into an
FQDN.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqufKMxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZFWRAAwE2O4+Z+aMy8DgXpbu0mcGsb/OoL
3oEIbrsy7pzD79FhYn7A+U4o+EEOYImvaGMwRB0ZV5OXIusNeqgC96QxkDuY/n9j
7TP9Sv8xoOq/B8G0FqQ0/HVH5pd0MjwT6LuqMcXUMfpUrSm4lxLBsdSLHlQAaCEC
1ydflCkrJdDYxkEz2YnItea+uKPqvhUnzLqV70zSK94diMSy6iw5pLipHpfomp2V
kSbQZ6sYFLgRT8EAnmTK0RWxJKnyl+yeY2WQ1rEHwnQXL2J0SGKrLsrP758DX3so
MH5LM3D+v77W7KQXxS1UIg1zNaPBVZPbPoyo4rPUr+qUQ+Az5SwjpzqQnX1Xf1Mm
gdtdirln/F+86vtPae3Mm5qJVPNloTqhxvBxGqmxRanOEUC3Q0gh5dnosB4WKgLB
o1UsP5QZ4uGERJqwDBcXNBvTwkLt+lhJruHUlK83OaCD2OldVM2i7X2KdeYC7yeR
Gv6LmeqfSvg6D7tphAyM2xDyf9dq97fm2Ji710vifSpu2Z91+fMGpEGIyPAKbMd+
3maqaMbHE67lZFqSKYN8Y5sLdC3MgRm6foaguFt6AR7o39nHJp0sAGMkGgI2yYwW
M0NVegPfDOh6qqGQCwF3z5Ym6OtkIKvd8B1Rki2BYjbCzqskMvBDLFEBQ7YDFgPJ
PApREOXMSOOVktI=
=ps3i
-END PGP SIGNATURE-

Bug#892794: systemd-networkd fails to configure IPv6 without MTU from RA

[Dominik George]

Hi,

I can confirm that our infrastructure completely broke IPv6-wise right
after updating to stretch 9.4 ☺.

I did not try the new build, but can confirm that everything start
working again if radvd on the gateway is configured to send out an MTU.

-nik


signature.asc
Description: PGP signature

Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual

[Dominik George]

Hi,

> > Severity: grave
> > Justification: renders package unusable
> 
> but not for everyone, so its just "important". we have had several many
> successful installation reports since last year.

I very much doubt that the standard configuration can be installed by
anyone right now.

> 
> > I spent two days trying to install Debian Edu (combined server) in a
> > virtual machine. I started with 100 GiB hard disk, then tried 150 GiB,
> > and finally 220 GiB. The LTSP chroot installation always fails with no
> > space left in /opt/var/cache/apt.
> 
> strange. as a workaround you could install a plain main-server and then
> turn that into an LTSP server after installation.

How would I do this (without manually fixing the partitions)? The
content downlaoded for building the chroot simply does not fit into the
logical volume used for it. Taht won't change after reboot.

-nik


signature.asc
Description: PGP signature

Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual

[Dominik George]

Source: debian-edu-install
Version: 1.916
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I spent two days trying to install Debian Edu (combined server) in a
virtual machine. I started with 100 GiB hard disk, then tried 150 GiB,
and finally 220 GiB. The LTSP chroot installation always fails with no
space left in /opt/var/cache/apt.

Installing Debain Edu is not possible.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr7nQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pb2bxAAvIZSU7BE0+ucGg5SEzrzvk0GHzuv
OfhwhpxuggDzKgTf2vq5fsEXm9DafxyIXhq9ZfYgbGCRqXlWbO3hjlmneZx1OCzt
ow3kpLZJy5LwerRYe2lYlJY8O8ZYnKPUMuWxblpVCU9tQUXw/+edtmu+KGRNcEmX
L8u5/y1LNp5846Xb9wSKgJP93DaYInUndv9+i9EOGps+uoZlO67yyDgYJUJmmkJf
0q9zoU7KBOO2fJv8i1rcbxmgNaT9gcqZLtlLXPvFUm526ipZHT1nktteHJQEtwqf
KNhGA2tsNwxJrWJgnJG/Vtppwj9wgbdJ9q9cPxVqS9sLVi3hoUPeDRA6kBVmkebB
nbxDLI8tl5DtdR6FLQKOT8nfich9V5XDmW4379jCL+g7P+ixigBiWLouwMwnBCr/
EpBK8Qwv0KCnRhs9geC9i5HBpU4oKB4nJr5L24jEy9kbwaduN1w3mpRQZ81WtsCC
MdYEmJl0VhW4UH5MYjxrkPZ1lI5b9f4pSFI5wmA1FGSC12+swTWFWKY3ivVhObDE
exQfsdRUhuLj4NpPVvE3rIqxLOCAi75X5R9/cdJ5uMxyG0kzUwzi87dv9VIBy+FT
0SpH1QYhSz/ORRA4FjlDBn726Bwk6OpudECPn1JMBoziZ6k/ASwSfSG74q8MPDRI
70iu0yXdiLct/3M=
=HyOM
-END PGP SIGNATURE-

Bug#893113: debian-edu-install: synced homes on LTSP

[Dominik George]

Source: debian-edu-install
Version: 2.10.8
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

It would be helpful to have a mode where an LTSP server (or mobile
workstation, for that matter) synchronises a configurable subset of home
directories from the master rather than mounting it. That way, a
decentral Skolelinux network could be created, with master server in one
location and LTSP servers in a remote location, and no really fast
network link between them.

At Teckdis, we experimetned with csync2 for that. It has issues of its
own, but those who would use that feature could certainly cope with it.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr5pgxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pY+whAAieeIH+E8PWxs0XrH+Wy2p7OBt0zH
cCIps66BGCp+mNTHo+3oWCy71eD5s/UWOMNtJzlYCtIJNAH/GH84hgpa0aKIu1d/
bsdLTlSPlDQKjv934gvOZBQqLXw5jioKC3+9jJ7txRMbDYyzMLpNPELophmzz3zD
5hSfpBGSlIx45RcWQwBE3zlcQh+RA9Ls35g5g/pQK2ff24AFJRvKOyByCcTXh4m+
qORUceNIAv9o7dLV0YBIfoU9C8W7nE0OrQ/Avc7sqp4SqfMH/RmQBiLsVOZyQLll
aJAeqWz+FPJp4/rNrrkSWmYU8CpmJv3SayvDuulCULBq//QGRUXbEGIYgkhBOkyQ
UEPNw7vHHWVOyVZiWK1CRF2Fxk+E+IKFwBSb8bC0MNonD6PtE0qHyzsL+j/A+1HU
fXtiC70KJ8YNIhpRUajarbXYD9opA0xf5MKYEOIhHVxTWPaD/iacgLXiy27Ybz9w
ECdNh6023EJ8q/lgJhzXGkkLfTdFNFYqs4ypS5zNm145tR3714iktEgOv9t+wqwv
l8ykpjYHwKkOvT+faLGnVbpW4fgeC/8rZIknZaCVcj0EnzK+pl1NagN2naLjZll3
WqBXL6Y5pYle0Bv9AOk6mywOBzx8qKCeMVRnKGuSQQGEKG0BYhD9YZpHvQ9WGBMX
ZR386GEkmKJSi78=
=iBkO
-END PGP SIGNATURE-

Bug#893111: debian-edu-install: Consider LTSP PnP

[Dominik George]

Source: debian-edu-install
Version: 2.10.8
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

LTSP got a new mode called LTSP-PnP, where the image for clients is not
built from a debootstrapped chroot, but rather from the host filesystem,
with ways to strip unwanted contents and change details before packing
the squashfs.

That would make Debain Edu a lot more easy on disk resources and the
installation a lot quicker, an also ease updates and changes to the
environment.

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr5fAxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8paFeRAA0nSFFepyDF9tVndnzPchqt7q1Kay
14UiBkBiYWJWt8iIWfBYk79UZboTAkko0yH7SvdgMrlImNxM5uie00N3AXAJUxWe
NfqmKvqtR2nxUcm3s5ybRzpb07ObddHL8jf72i0TRs86kBxmnDdsZmvL4S5OtogV
vomFVXPAkb5rW7WsGll6SkartrFBFg8fFG2KpgeK8gpsbKSVyaHqrWlr89W+lvmd
kDpOvlEkEIEswFIc65Yfcy/5AxPxNQAYA+Q2vEH/3KECsl+3q37RLMdybUvyN6xS
cii9OB7OMwLzjzw373yB1S11sFpR4jEApKL/yMm4DeFe2ZhWmtQYrSUiWemxlHDm
eTMnIrKkF3MMP45TPEIBh+W3Cn1Ao82oJ4Fct5nUe2ji9aFPhZZ0nS2lTja5OKTq
+2/HzSAcshQtpFCi6VOwxKO/bhF31aQmBE7OcKm9VcpKaDBdV9HlOHVemd72ZzsG
xftIZ3CvbmDhXgdUpkZBXQ3Z3/IkKnqiPFiQbaXIVnbOn0JDTM7+iZr9MNE30QBu
RgPh7mu6VuLJUAFmXOKkrbnr+z4abe3Z2U/7Li8JbjRvEbxckrxUGw658ZWIB/qj
H0o8mBmuURr8nGLVUDjmKfsVhOagqp5Tscs3PSOwBSD8l6I4Brrn21VWwqpKHzcc
DedFe6kgh8nWl0w=
=FuGw
-END PGP SIGNATURE-

Bug#893109: debian-edu-install: use cached apt archives when building chroot

[Dominik George]

Source: debian-edu-install
Version: 2.10.8
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

LTSP offers a config option to ltsp-build-client that mounts the
/var/cache/apt/archives directory to the target. This is helpful when
building aa chroot on an LTSP server, where all packages used in the
chroot were already downloaded on the host. It would also save space in
/opt on installation.

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr5YQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbd9BAAxolCiKRinmbp1WRtFd9/LRIb/M49
47qyZ5B4pUnUN1Mgnazj50jtCyhqv0uxJEHAWVfduF8N4RkmyB6GZBZqkxQSptB/
Y2N3Wvz1OmzZ9v1OkOkHshfkSWhYBJgFXzD4LwQGfQFYlmNTOGSXoYQ8Ve1WOYKl
OFmG0aFSRAerEYRgJuCXfD2NpMQjQuuy8Rd/c87VTlXWm4Efyd+rDBuffC88Sh5D
CeHiMM1tZ8EnHPw8Em+Xy2mEv8M4BuLALpdnEyfyFhhsc1gAp7chVTEPv0eynRdp
fj17r9jtrGsiwAeW0eMsDJosUlaS5n84WfN8uTRnq+FyE1gCkRHW982CGcx6wrQ0
qPytPaBvOriEpGQ72jjLeWLCod2SUQJINobALwcOszeo8o539bduSG7ReT1qC9+z
AQOdEtJesPqxqUkp/WumL4lalnysysZYbXWrSVELQq5FO+dSkX2y8WpAteQ5S718
gRXnDCrCNv77f7y7wVY/OBLNUAnV0wy5zBLTtI29upNQbct0ZW9JWXkENEzcKlBO
F0FXYC4/mTaf9vYQNZqpp8W4DsnRyJiDL9hXnWhXcf92VIsWbFkpX+DfLFF9e2fC
ZFN2QjX3qN6QTSg3B6Jo8L7C30qX1tNVszMf2p/6IQyvqezSz8Vqw9Zs1oL5HQQO
UvluTXxQn/48OMw=
=odhg
-END PGP SIGNATURE-

Bug#893108: debian-edu-install: please do not force complex partitioning scheme

[Dominik George]

Source: debian-edu-install
Version: 2.10.8
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The Skolelinux installer enforces a micropartitioning theme, splitting
all parts of the filesystem into several volumes. While there are
theoretical benefits, most a re historic, and in practice, the scheme
complicates installations and maintenance (there is an entire chapter in
the manual describing what to do if something runs full).

I know from at least two support cases that the scheme made things more
difficult than necessary, and it cost me several hours today because I
had to install Debian Edu with limited space and one of the partitions
always ended up being too small.

I propose compeltely dropping Edu's own partitioning scheme and simply
using the corresponding step from the Debian installer, or defaulting to
jsut one partition or at most three (root, home and backup).

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr5KgxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYBCQ//T0zFuBucOSoYXsMM/bvNvIdXmA6B
VHLm8JdP56NwMi+xJciBxenAdrZHcoF01NwfMsnlwVPF90IFwTex10YsVpd2ljIG
a2p9YKGFzZgLWrPmyPhEwQ1SEWfdiCTx2AzF3hy7BjUbOm5gQjtDvDmjEnKC5YFh
C00gow39e9BKbhDeu8RG64w8UhB5a86ZTVKcmSXWZdjcDP+bsjXV7XdoLFyyktqC
RJeWBTJnJsDkijCGfT8PW9jHsMlF3orS5NaMvtLlVrAkVN8WO8v39d94eW6nzHm2
L/kTkjb1jOi7vjGtQ3UKBIVd1N9LfBHMyyGB4Jlvi9kVNMtC9LQnKgm3ZRwoSPIj
DdopTanN4wMrn4k9qkUsNZDz73VrjMa1tB1ntDoqCSgzwZ6yjaoz841eGXLIjNfh
e60R9d2u8OZSktCp5dSshY/MffhJOYzQZwe26bybJxmI/47n5hJsUEz8BQKGeHQG
1/tGKe0kwVQyO7qOfqzsuXL/YnR0tZ8cvcVKTbHSIwKppjFiqLElGImTZJ5gSeRZ
B6bu7RgYUSWNDDqXunFzsACmXdc1DVhFkEq5StNJ5yeurXuGeklgWQ7Jd3p7ZQaT
CCNHFqzX8Ys7CAJIShFHlNoHqhBWBk1w5qvm8Eed7UdF5DkKJOLuoRc+5nlraNSz
oIzC/cbMN4/jEN8=
=PtjD
-END PGP SIGNATURE-

Bug#891829: stretch-pu: package needrestart/2.11-3

[Dominik George]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I would like to update needrestart in the upcoming point release to fix
the RC bug #876459 in stretch. It causes regular unintended restarts of
critical services.

The maintainer seems to lack time, so I have offered help to fix this in
stretch. I got it reviewed by Mike Gabriel, who also offers to sponsor
the upload.

Find attached the debdiff.
Thanks,
Nik

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqX1+4xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pY7Cw/9ESJmQMvwveheqIoCzLB4GTOYW6yK
ADuq8nHfQNmvd1Xdn/ejDwTEuz0NH/trRfuxvZ2oyIKFHMmpCx1meI5wy/wXypE1
dAroycHl4IRI3vruM1d8eg7LIzziak8tXJgg1gQt3RF9UOtE0WDMT4zPmPF5CBPk
kx4b4jBKEsrLz6IyjpXL7z+v7BmJ4+Qb9rmWI9ewEiKionnqfgfwivhjZg52PX0P
3wHIhgHUwbyQtzonZJq19iXyEg48nhKSCVYs0J1zRxTk5FEMkdplAWZwPVjrpDOT
jLL0LpJncv+AV3fukXl+JmHaF3EfTfKyKjtHD1SD2L2cTRPg/5zP9XBUL59W11wH
HbjmoyfEqib99nSp0bySDQSBJdJbnJ0DluvekT2O1JmYNG8KaYdhs2z/9Zw/wQe3
u0Qmgqw34P/bP21yURutCEjQjBqWACkcnLq85Evmx597gr6ZrV2ObBO393mnimwB
OEsxOWw6wBAJzyqTeWD1cRCqp4gI/JqGfP5R5FsfkOkIjgRac05UIoVJSncAssl0
O+wmbFs99X8bgCSPzXB9M0ASJKxRMCPzBK/79QFWg8jUj/v8tkrCMHoBpViBu/Ut
dXPwTJEqIvK32tixDhqLzyAHZY0j6T1X8G1jJ+tYssQ+FXQZ9i50w1in1ZEF+mKi
+fzXy9IBnDs9xgY=
=QteC
-END PGP SIGNATURE-
diff -Nru needrestart-2.11/debian/changelog needrestart-2.11/debian/changelog
--- needrestart-2.11/debian/changelog   2017-05-26 15:45:04.0 +0200
+++ needrestart-2.11/debian/changelog   2018-02-28 22:48:43.0 +0100
@@ -1,3 +1,11 @@
+needrestart (2.11-3+deb9u0.1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix switching to list mode if debconf is run non-interactively.
+(Closes: #876459)
+
+ -- Dominik George <n...@naturalnet.de>  Wed, 28 Feb 2018 22:48:43 +0100
+
 needrestart (2.11-3) unstable; urgency=high
 
   * Add patch 03-perl-warning to fix a warning from Perl triggered in version
diff -Nru needrestart-2.11/debian/patches/05-fix-debconf-noninteractive.diff 
needrestart-2.11/debian/patches/05-fix-debconf-noninteractive.diff
--- needrestart-2.11/debian/patches/05-fix-debconf-noninteractive.diff  
1970-01-01 01:00:00.0 +0100
+++ needrestart-2.11/debian/patches/05-fix-debconf-noninteractive.diff  
2018-02-28 22:48:43.0 +0100
@@ -0,0 +1,16 @@
+From: Piotr Pańczyk <piotr.panc...@assecobs.pl>
+Subject: Fix switcihng to list mode if debconf is run non-interactively
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876459
+Origin: 
https://github.com/liske/needrestart/commit/6c83d643a21fe0da2c8ae5ece97a778b347a033c
+
+--- a/needrestart
 b/needrestart
+@@ -181,7 +181,7 @@ $nrconf{ui} = qq(NeedRestart::UI::stdio)
+ die "Hook directory '$nrconf{hook_d}' is invalid!\n" unless(-d 
$nrconf{hook_d} || $opt_b);
+ $opt_r = $nrconf{restart} unless(defined($opt_r));
+ die "ERROR: Unknown restart option '$opt_r'!\n" unless($opt_r =~ /^(l|i|a)$/);
+-$is_tty++ if($opt_r eq 'i' && exists($ENV{DEBIAN_FRONTEND}) && 
$ENV{DEBIAN_FRONTEND} eq 'noninteractive');
++$is_tty = 0 if($opt_r eq 'i' && exists($ENV{DEBIAN_FRONTEND}) && 
$ENV{DEBIAN_FRONTEND} eq 'noninteractive');
+ $opt_r = 'l' if(!$is_tty && $opt_r eq 'i');
+ 
+ $opt_m = $nrconf{ui_mode} unless(defined($opt_m));
diff -Nru needrestart-2.11/debian/patches/series 
needrestart-2.11/debian/patches/series
--- needrestart-2.11/debian/patches/series  2017-05-26 15:45:04.0 
+0200
+++ needrestart-2.11/debian/patches/series  2018-02-28 22:45:55.0 
+0100
@@ -2,3 +2,4 @@
 02-install-restart-d.diff
 03-perl-warning.diff
 04-ignore-systemd-services.diff
+05-fix-debconf-noninteractive.diff

Bug#876459: needrestart: Non-interactive mode not being detected properly

[Dominik George]

Hi Patrick,

> I regularly see this bug cause important PostgreSQL databases to be
> restarted on Debian stable.
> 
> Can you please make sure to provide an update for the next Debian point
> release? If you need help doing so, feel free to say that.

Any news/opinion on that?

If I do not hear anything from you within this week, I will start
negotiating with therelease team about the patch for the next point
release.

Cheers,
Nik


signature.asc
Description: PGP signature

Bug#890622: vbackup: mbr backup fails on block devices with / in path

[Dominik George]

On Sun, Feb 18, 2018 at 12:03:09PM +, Stefanos Harhalakis wrote:
> Ended up with a slightly different approach that converts / to _.
> This should work:
> https://github.com/sharhalakis/vbackup/commit/52971d7b5e034f8bb939e2c1b23fbdc6c88b45d7

OK. I wanted to keep the patch as small as possible for stetch-proposed-updates.

That echo | sed also looks strange given that bash has built-in tools for that: 
foo=${foo//\//_}

-nik

-- 
Dominik George (1. Vorstandsvorsitzender, pädagogische Leitung)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/

Bug#890622: vbackup: mbr backup fails on block devices with / in path

[Dominik George]

> Find attached a patch with a simple fix.

Sorry, the patch was broken. Here's the correct one.

-- 
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/
--- mbr.orig	2018-02-16 21:47:46.415903625 +0100
+++ mbr	2018-02-16 21:53:46.631944775 +0100
@@ -133,6 +133,7 @@
 
 	for p in $DISKS ; do
 		h_msg 12 "Backing up $p"
+		mkdir -p "$(dirname "$TDIR2/$p")"
 		dd if=/dev/$p "of=$TDIR2/$p.mbr" bs=512 count=1 >/dev/null 2>&1
 		[ -z "$FDISK" ] || $FDISK -l /dev/$p > "$TDIR2/$p.fdisk-l" \
 			2> >(h_filter 6 >&2)


signature.asc
Description: PGP signature

Bug#890622: vbackup: mbr backup fails on block devices with / in path

[Dominik George]

Package: vbackup
Version: 1.0.1-1
Severity: important

The mbr script misses on / characters in device paths (like, when the device
is /dev/cciss/c0d0 in an HP array).  It inserts the part after /dev/
verbatim into its temp filenames.

A fix in the next stretch point release would be most welcome.

Find attached a patch with a simple fix.

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- no debconf information
--- mbr.orig2018-02-16 21:47:46.415903625 +0100
+++ mbr 2018-02-16 21:49:49.710561189 +0100
@@ -133,6 +133,7 @@
 
for p in $DISKS ; do
h_msg 12 "Backing up $p"
+   mkdir -p "$TDIR2/$p"
dd if=/dev/$p "of=$TDIR2/$p.mbr" bs=512 count=1 >/dev/null 2>&1
[ -z "$FDISK" ] || $FDISK -l /dev/$p > "$TDIR2/$p.fdisk-l" \
2> >(h_filter 6 >&2)

Bug#890544: otrs2: gpg commandline for signing not compatible with gpg2

[Dominik George]

Package: otrs2
Version: 5.0.16-1+deb9u5
Severity: important

The gpg command-line used for signing is not compatible with gpg2 (well,
the command-line is - but after calling, OTRS asserts that gpg did not
produce any output, which it does in gpg2 - this assertion is broken by
design anyway).

This results in mails being not signed.

In line 258 of Kernel/System/Crypt/PGP.pm, the --default-key option
needs to be changed to --local-user - which is the correct option at
this point anyway, and is also compatible with gpg1.

As gpg2 is the default for stretch, it would be very good if you could
apply this change for a proposed-update, as having gpg2 currently
requires running a locally patched OTRS.

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages otrs2 depends on:
ii  adduser 3.115
ii  apache2 [httpd-cgi] 2.4.25-3+deb9u3
ii  dbconfig-common 2.0.8
ii  debconf [debconf-2.0]   1.5.61
ii  fonts-font-awesome  4.7.0~dfsg-1
ii  libapache-dbi-perl  1.12-1
ii  libapache2-reload-perl  0.13-1
ii  libauthen-sasl-perl 2.1600-1
ii  libcgi-pm-perl  4.35-1
ii  libcrypt-eksblowfish-perl   0.009-2+b2
ii  libcrypt-passwdmd5-perl 1.3-10
ii  libcss-minifier-perl0.01-1
ii  libdate-pcalc-perl  6.1-4+b2
ii  libdbd-mysql-perl   4.041-2
ii  libdbd-pg-perl  3.5.3-1+b2
ii  libdbi-perl 1.636-1+b1
ii  libemail-valid-perl 1.202-1
ii  libencode-hanextra-perl 0.23-4+b2
ii  libexcel-writer-xlsx-perl   0.95-1
ii  libgd-graph-perl1.48-2
ii  libgd-perl [libgd-gd2-perl] 2.53-3
ii  libgd-text-perl 0.86-9
ii  libhtml-parser-perl 3.72-3
ii  libhtml-tagset-perl 3.20-3
ii  libhtml-truncate-perl   0.20-1
ii  libio-interactive-perl  1.022-1
ii  libio-stringy-perl  2.111-2
ii  libjavascript-minifier-perl 1.11-1
ii  libjson-perl2.90-1
ii  libjson-xs-perl 3.030-1
ii  liblingua-translit-perl 0.26-1
ii  liblinux-distribution-perl  0.23-1
ii  libmail-imapclient-perl 3.38-1
ii  libmail-pop3client-perl 2.19-1
ii  libmailtools-perl   2.18-1
ii  libmime-tools-perl  5.508-1
ii  libnet-imap-simple-perl 1.2207-1
ii  libnet-imap-simple-ssl-perl 1.3-3
ii  libnet-ldap-perl1:0.6500+dfsg-1
ii  libnet-smtp-ssl-perl1.04-1
ii  libnet-smtp-tls-butmaintained-perl  0.24-1
ii  libnet-sslglue-perl 1.057-1
ii  libpdf-api2-perl2.030-1
ii  libperl5.24 [libdigest-sha-perl]5.24.1-3+deb9u2
ii  libpod-strip-perl   1.02-2
ii  libproc-daemon-perl 0.23-1
ii  libschedule-cron-events-perl1.95-1
ii  libsoap-lite-perl   1.20-1
ii  libsys-hostname-long-perl   1.5-1
ii  libtemplate-perl2.24-1.2+b3
ii  libtext-csv-perl1.33-2
ii  libtext-csv-xs-perl 1.26-1
ii  libtext-diff-perl   1.44-1
ii  libxml-feedpp-perl  0.43-1
ii  libxml-libxml-perl  2.0128+dfsg-1+deb9u1
ii  libxml-libxslt-perl 1.95-1+b1
ii  libxml-parser-lite-perl 0.721-1
ii  libxml-parser-perl  2.44-2+b1
ii  libyaml-libyaml-perl0.63-2
ii  libyaml-perl1.21-1
ii  perl5.24.1-3+deb9u2
ii  ttf-dejavu-core 2.37-1
ii  ttf-dejavu-extra2.37-1
ii  ucf 3.0036

Versions of packages otrs2 recommends:
ii  aspell 0.60.7~20110707-3+b2
ii  ispell 3.4.00-5
ii  postgresql-client  9.6+181+deb9u1
ii  postgresql-client-9.6 [postgresql-client]  9.6.6-0+deb9u1
ii  procmail   3.22-25+deb9u1

Versions of packages otrs2 suggests:
pn  postgresql | default-mysql-server  

-- debconf information excluded

-- debsums errors found:
debsums: changed file /usr/share/otrs/Kernel/System/Crypt/PGP.pm (from otrs2 
package)

Bug#890494: otrs2: Turns everything startign with www in plain text mails into links

[Dominik George]

Control: reopen -1
Control: forwarded -1 https://bugs.otrs.org/show_bug.cgi?id=13666
Control: severity -1 minor
Control: tags -1 + upstream

Hi,

> I do not think that this behaviour is wrong.

As in: “I think that it is a correct behaviour for an MUA to replace
arbitrary texts in mail bodies, changing the content”?

Please, seriously - I am not complaining about OTRS adding an  tag
around it, but by all means, it should *not* change the displayed text.

> But: this is nothing Debian
> related. You should report this to upstream please and see what he
> thinks about it.

If you find a minute, please read the Developer Reference again,
especially paragraph 3.1.4.

I will happily assist you in doing that, but still please take bug
reports serious.

Cheers,
Nik

-- 
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/


signature.asc
Description: PGP signature

Bug#890494: otrs2: Turns everything startign with www in plain text mails into links

[Dominik George]

Package: otrs2
Version: 5.0.16-1+deb9u5
Severity: normal

In plaintext mails, OTRS renders every string starting with www. with HTTP 
URls, rendering some text useless without manual correction, like this one:

apache2/sites-available/http://www.conf   |  2 +-

-nik

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages otrs2 depends on:
ii  adduser 3.115
ii  apache2 [httpd-cgi] 2.4.25-3+deb9u3
ii  dbconfig-common 2.0.8
ii  debconf [debconf-2.0]   1.5.61
ii  fonts-font-awesome  4.7.0~dfsg-1
ii  libapache-dbi-perl  1.12-1
ii  libapache2-reload-perl  0.13-1
ii  libauthen-sasl-perl 2.1600-1
ii  libcgi-pm-perl  4.35-1
ii  libcrypt-eksblowfish-perl   0.009-2+b2
ii  libcrypt-passwdmd5-perl 1.3-10
ii  libcss-minifier-perl0.01-1
ii  libdate-pcalc-perl  6.1-4+b2
ii  libdbd-mysql-perl   4.041-2
ii  libdbd-pg-perl  3.5.3-1+b2
ii  libdbi-perl 1.636-1+b1
ii  libemail-valid-perl 1.202-1
ii  libencode-hanextra-perl 0.23-4+b2
ii  libexcel-writer-xlsx-perl   0.95-1
ii  libgd-graph-perl1.48-2
ii  libgd-perl [libgd-gd2-perl] 2.53-3
ii  libgd-text-perl 0.86-9
ii  libhtml-parser-perl 3.72-3
ii  libhtml-tagset-perl 3.20-3
ii  libhtml-truncate-perl   0.20-1
ii  libio-interactive-perl  1.022-1
ii  libio-stringy-perl  2.111-2
ii  libjavascript-minifier-perl 1.11-1
ii  libjson-perl2.90-1
ii  libjson-xs-perl 3.030-1
ii  liblingua-translit-perl 0.26-1
ii  liblinux-distribution-perl  0.23-1
ii  libmail-imapclient-perl 3.38-1
ii  libmail-pop3client-perl 2.19-1
ii  libmailtools-perl   2.18-1
ii  libmime-tools-perl  5.508-1
ii  libnet-imap-simple-perl 1.2207-1
ii  libnet-imap-simple-ssl-perl 1.3-3
ii  libnet-ldap-perl1:0.6500+dfsg-1
ii  libnet-smtp-ssl-perl1.04-1
ii  libnet-smtp-tls-butmaintained-perl  0.24-1
ii  libnet-sslglue-perl 1.057-1
ii  libpdf-api2-perl2.030-1
ii  libperl5.24 [libdigest-sha-perl]5.24.1-3+deb9u2
ii  libpod-strip-perl   1.02-2
ii  libproc-daemon-perl 0.23-1
ii  libschedule-cron-events-perl1.95-1
ii  libsoap-lite-perl   1.20-1
ii  libsys-hostname-long-perl   1.5-1
ii  libtemplate-perl2.24-1.2+b3
ii  libtext-csv-perl1.33-2
ii  libtext-csv-xs-perl 1.26-1
ii  libtext-diff-perl   1.44-1
ii  libxml-feedpp-perl  0.43-1
ii  libxml-libxml-perl  2.0128+dfsg-1+deb9u1
ii  libxml-libxslt-perl 1.95-1+b1
ii  libxml-parser-lite-perl 0.721-1
ii  libxml-parser-perl  2.44-2+b1
ii  libyaml-libyaml-perl0.63-2
ii  libyaml-perl1.21-1
ii  perl5.24.1-3+deb9u2
ii  ttf-dejavu-core 2.37-1
ii  ttf-dejavu-extra2.37-1
ii  ucf 3.0036

Versions of packages otrs2 recommends:
ii  aspell 0.60.7~20110707-3+b2
ii  ispell 3.4.00-5
ii  postgresql-client  9.6+181+deb9u1
ii  postgresql-client-9.6 [postgresql-client]  9.6.6-0+deb9u1
ii  procmail   3.22-25+deb9u1

Versions of packages otrs2 suggests:
pn  postgresql | default-mysql-server  

-- debconf information excluded

Bug#876459: needrestart: Non-interactive mode not being detected properly

[Dominik George]

Control: severity -1 serious
Control: tags -1 + fixed-in-experimental stretch

Hi,

> the problem described in the archived bug #803249 still exists in
> 2.11-3 (Debian 9.1). When needrestart is run without a tty AND with
> DEBIAN_FRONTEND=noninteractive, it still tries to work interactively
> rather than fall back to "list only" mode. In some cases it causes
> unwanted restarts. The easiest way to reproduce it is to run
> needrestart from cron, redirecting the output to a file.

I regularly see this bug cause important PostgreSQL databases to be
restarted on Debian stable.

Can you please make sure to provide an update for the next Debian point
release? If you need help doing so, feel free to say that.

-nik


signature.asc
Description: PGP signature

Bug#889954: [Pkg-xmpp-devel] Bug#889954: gajim: please play nicely with gajim-httpupload and gajim-omemo (i.e. break it ; ))

[Dominik George]

Hi,

> Please join the xmpp-team in salsa.d.o and fix it in the git! :~)
> (Only if you like, no pressure intended!)

I had planned to not register a -guest account on salsa, given that I am
about to become a DD, but that plan was made 9 months ago and as my AM
has been entirely unresponsive for these 9 months, I will have to start
as -guest again and migrate stuff later, which I wanted to avoid…

So, yeah, I will do tonight ☺.

-nik


signature.asc
Description: PGP signature

Bug#889954: gajim: please play nicely with gajim-httpupload and gajim-omemo (i.e. break it ;))

[Dominik George]

Package: gajim
Version: 1.0.0~beta1-1
Severity: minor

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

As I understand it, Gajim >= 0.98.1~ implements OMEMO and HTTP File
Upload in the core and does not need external plugins for it anymore.
Both plugins are packaged in Debian.

While Gajim seems to ignore the plugins when they are enabled and does
not break, to be certain, I suggest conflicting with gajim-httpupload
and gajim-omemo (not sure if conflicting is the right thing, but you get
the point ;)).

I might as well be wrong with all of that…

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gajim depends on:
ii  gir1.2-gtk-3.03.22.26-2
ii  python3   3.6.4-1
ii  python3-gi3.26.1-2
ii  python3-gi-cairo  3.26.1-2
ii  python3-idna  2.6-1
ii  python3-nbxmpp0.6.3-1
ii  python3-openssl   17.5.0-1
ii  python3-pyasn10.4.2-3

Versions of packages gajim recommends:
ii  alsa-utils  1.1.3-1
ii  aspell-en [aspell-dictionary]   2017.08.24-0-0.1
ii  ca-certificates 20170717
ii  dbus1.12.2-1
ii  fonts-noto-color-emoji  0~20180102-1
ii  gajim-omemo 2.5.4-1
ii  gajim-pgp   1.2.1-2
ii  gir1.2-farstream-0.20.2.8-2
ii  gir1.2-geoclue-2.0  2.4.7-1
ii  gir1.2-gspell-1 1.6.1-1
ii  gir1.2-gst-plugins-base-1.0 1.12.4-1
ii  gir1.2-gstreamer-1.01.12.4-1
ii  gir1.2-gupnpigd-1.0 0.2.4-2
ii  gir1.2-networkmanager-1.0   1.10.2-1
ii  gir1.2-secret-1 0.18.5-5
ii  gstreamer0.10-plugins-ugly  0.10.19-2.1+b3
ii  notification-daemon 3.20.0-2
ii  plasma-workspace [notification-daemon]  4:5.10.5-2+b1
ii  pulseaudio-utils11.1-4
ii  python3-crypto  2.6.1-8
ii  python3-dbus1.2.4-1+b4
ii  python3-gnupg   0.4.1-1
ii  python3-keyring 10.6.0-1
ii  python3-pil 5.0.0-1
pn  python3-precis-i18n 
ii  sox 14.4.2-3

Versions of packages gajim suggests:
ii  avahi-daemon  0.7-3
ii  libxss1   1:1.2.2-1+b2
pn  nautilus-sendto   
pn  python3-avahi 
pn  python3-gconf 
pn  python3-gnome2
ii  python3-kerberos  1.1.14-1
ii  python3-pycurl7.43.0-2+b1

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlp9WtUxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZf/BAAx5tPF5DF/vbSQEj5xla9oMCfGTTu
b3u7cnGwWTYcWfQFQXF1qqjqy86ySaKKwx6mJOgRO6+fNs2UsXWZkImnuBJOwbdO
CRvNehwvTdBRJqNxs6VarjiYiyWrxIKkvL0igk1f99DDrt35doMCBrTxfVDuybBZ
HnkowXWgoAMSErDzhCnCNEjDEYjqH0iMo6DJTHh7t5/Snd8lmxc0UhzCiFYvb98A
OmI18Jf0/WNAOX2m+l8Y87IYZTaWUsbJxVz6BbAyW8utTc7taKFXA8O4ul/DDpUT
/zHLAQx0CfFeUVD5A4kupAZlkI/+WmQc78+t8zzev348S7R6ipHr4E24Q3Srq2N5
3Qni6LOo+cVOlLmj1RJb60xZOL6BZ2ZF/RjKxTUV22zixL03GyF1/4TFxzizj4a0
F93P124tBufAW3pnK8Ccgpbry5FR7MMlIwiI3PxbItMzz9MVwJShcBhlZwsOaDQa
dbgNHpU/BexxOrw+Bt3RAkWfaq3kmAI5pyCoErB0wj4dKlB35QE8HUr9smUmwGis
TscO8N25k0FQgxuPMh8TgQuEXJlHDCKl/OtMX+DdqU2neTjarBwif39KsglmO6R8
mqk3TvSZC467kN9V8lKXj5XqprF3VIf7R7U490wwuWXv3982fuJeeJHjcdCx3PG5
xGH15VKnxbIrqkg=
=quNi
-END PGP SIGNATURE-

Bug#887393: ITP: sdaps -- scripts for data acquisition with paper-based surveys

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: sdaps
  Version : 1.2.1
  Upstream Author : Benjamin Berg <benja...@sipsolutions.net>
* URL : https://sdaps.org
* License : GPL-3+ / LPPL
  Programming Lang: Python
  Description : scripts for data acquisition with paper-based surveys

SDAPS is an open source (GPLv3, LPPL) optical mark recognition (OMR)
program. It is written in python and has an integrated workflow with
both LibreOffice and LaTeX to create questionnaires.


I will maintain this as part of the Debian Edu packaging team.
-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlpdDeQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pa70RAAg/Sd0Q8BFWZFOD2q4wj00E2p9JdF
WoufCnfUiYCeOcVtpYMk+L1v2h4V/HP3ZTP0X6KbBaGmmKiVQ/Wfvn4CbxcCdf2S
Iyy9KaCUsqHWZ94Y8YPXZwK/t0uitVEeGN7JYYQeHgzKUtt6a+yqNuoHMGCDIgVq
4jhH0QUJ1/kCEvPz55tjRYuqKWeg72wiBE9iMnjnEYWlKNaa3ComuSX8deIDP17l
Mfg9mEfKct34WY5/mIJ2njcZnat4Lt0HCIunj/tFHGnHEJKjaEJKVPWoj5mFJQ6k
Dhi/9eqJi/3gnSSLoRp25h+AVR1KHKi8AVl2Q6A6umvtUXyEVrYY48oprxffQobO
CxZLth948aS9kSAIfRTXyOsgBHoz9L5Vim3D3NGesCMtmusI4FmZlUwODI8jo5jH
SirQill2oWPfRLMNI4k8p8/AfEI0C3N9fmF2OnCoDhtKd/mpuy5PzgRNrTlA/3ct
Bdwl2E+8QPxefcq7PY0Ib9ky0ZdhB0IkWgTC5u8A/4B4nbvbH1rU8gIouu0ONORQ
MQa3sDg6iWbICDA1Gcgdal0BNsHxwPAEBeUl/RzgBzxWJbRnMO85pYyH5UsSq6Oq
AW6urVG8OBY1XH26ypZ1MEcL0s1qgUAIQpTMTHuaaeWmWQDkeyIHI4oI1+vxEgEb
pb4j4oMePTRGZTY=
=xFTc
-END PGP SIGNATURE-

Bug#876376: debian-edu: autofs daemon on combined server breaks homes and NFS

[Dominik George]

Hi,

> yes. And about an installation flaw. From the bug description, it looks like
> Nik hard-mounted the physical drives under /skole/tjener/.
> 
> This can only fail. The question is, how did that happen. If the TJENER
> installation does that via debian-edu-install, then we have a bug.
> 
> If Nik moved / added mounts under /skole, then there is no bug.

I did not.

But I only was handed this box over to to the upgrade - I cannot tell
for sure whether something like that was done before, but I do trust the
person in charge and they say they didn't do such a thing either.

Cheers,
Nik

-- 
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/


signature.asc
Description: PGP signature

Bug#884483: stretch-pu: package xrdp/0.9.1-9+deb9u1

[Dominik George]

Hi,

On Fri, Dec 15, 2017 at 07:41:29PM +0100, Dominik George wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian@packages.debian.org
> Usertags: pu

Any news ☺?

Cheers,
Nik


signature.asc
Description: PGP signature

Bug#885029: xrdp: thinclient_drives not umounted after session terminated

[Dominik George]

Control: tags -1 + moreinfo

>This is still not correct: after the session has ended, the
>mountpoint must be umounted. Older xrdp versions even did this.

So, is the session really correctly terminated?

I cannot reproduce anything of this after logging out.

-nik

Bug#885029: xrdp: thinclient_drives not umounted after session terminated

[Dominik George]

Control: tags -1 + moreinfo

> Now I have these extra mountpoints in the system:
> 
> fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
> xrdp-chansrv on /home/tglase/thinclient_drives type fuse.xrdp-chansrv 
> (rw,nosuid,nodev,relatime,user_id=2339,group_id=141)

Looks correct.

> 
> Also, my home directory ls -lF’d doesn’t look too healthy:
> 
> d?   ? ?  ?  ?? thinclient_drives/
> 

Also looks correct (as already explained to you in person, and to others
in this bug tracker, several times).

But again: Only the owner of a fuse mount point can stat the directory
managed by this fuse process, which is the user running chansrv. It
looks strange, but is a design decision.

-nik


signature.asc
Description: PGP signature

Bug#884561: stretch-pu: package pam-krb5-migrate/0.0.11-4

[Dominik George]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I would like to update pam-krb5-migrate in stretch to fix #873271.

Right now, the package is unusable because it installs files to the
wrong directories.

I took over maintenance of the package, which is why I also change the
maintainer in the new package (as to not wrongly mark it as an NMU).

Diff attached.

Cheers,
Nik

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlo1jcQxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZW/RAA0yjmuxuBzOktQoyjNzKgUel0Tv4D
MEl7p7vscUJKwL9RJ/HkB95J38fSFJkwCtWBhg9dpDin6VCqZvg4B5XCjYyxYWd6
7kW7dPxf76GHoRj5qeoEjlFp5vP5k/NhuBI2by6t+z35lTtBDEtHaqzFTvoR2+jm
2GpkqdKk/u7slD1BNyOP9XG/gKfViC7DjO0QNIyNESWJ1t5liwFWvx35W1e/+izC
FWG/By4WbmFaZiDYcZIUKQyy5d57swziVQwAzKSf1ItwgJC+lFy5iLMUMVgMHBxd
fWePt/FF+MQmhNEV+WRr8PbCPNudQaZB3QW1PvHXzusvQprELxgqpLA1FuRT47J1
y4AvkJFYG3iXRDhhn7m5B9ZsKl2t4HWg87HNUw3daoew/yWNzeHA8baBCs77VOm5
E3+JcGxfeTqjtAuXH0rXuzTH4o5sZWWVs2st1jmJIEKvEbbWbqh1dwsarpXVnDkK
DXtHoj/E4HXGin9gJAH3dBiV6udbolTXzTGHzbsEtbpjmgGc0IjhIPRDWRamt3fX
p2EIGKW1yXWnAYhEk3PWPM1pgmijdVgr3aJOTIdQYV9K8RTA9e6r/nQBEKenk6xX
FDrYOQyW/VF7ew5VKmDGjZglJ3Fj93IO002l/xJSZDvqDJY+D+PvaQcJ1bvEgMi6
thO1UGJbKoniyX4=
=MSeb
-END PGP SIGNATURE-
diff --git a/debian/changelog b/debian/changelog
index f59576e..f1c26a0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+pam-krb5-migrate (0.0.11-4+deb9u1) stretch; urgency=medium
+
+  * Fix install paths. (Closes: #873271)
+  * Make myself maintainer (instead of marking this an NMU,
+which it isn't).
+
+ -- Dominik George <n...@naturalnet.de>  Sat, 16 Dec 2017 21:51:59 +0100
+
 pam-krb5-migrate (0.0.11-4) unstable; urgency=medium
 
   * Drop support for Heimdal. Closes: #837695
diff --git a/debian/control b/debian/control
index 98ccc21..d10797d 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,7 @@
 Source: pam-krb5-migrate
 Section: admin
 Priority: optional
-Maintainer: Jelmer Vernooij <jel...@debian.org>
+Maintainer: Dominik George <n...@naturalnet.de>
 Standards-Version: 3.9.8
 Build-Depends: comerr-dev,
debhelper (>= 5.0.70~),
diff --git a/debian/libpam-krb5-migrate-mit.install 
b/debian/libpam-krb5-migrate-mit.install
index 859fba5..77f7a0f 100644
--- a/debian/libpam-krb5-migrate-mit.install
+++ b/debian/libpam-krb5-migrate-mit.install
@@ -1,2 +1,2 @@
-mit/pam_krb5_migrate_mit.so /lib/security/pam_krb5_migrate_mit.so
-debian/libpam-krb5-migrate-mit.pam-config 
/usr/share/pam-configs/krb5-migrate-mit
+mit/pam_krb5_migrate_mit.so lib/security
+debian/libpam-krb5-migrate-mit.pam-config usr/share/pam-configs

Bug#867558: flask-ldapconn FTBFS: build dependencies python-ldap3/python3-ldap3 are only available in more recent versions

[Dominik George]

Control: tags -1 + upstream

>  builddeps:flask-ldapconn : Depends: python-ldap3 (< 2.0~) but it is not 
> going to be installed
> Depends: python3-ldap3 (< 2.0~) but it is not 
> going to be installed

ldap3 version 2 requires a complete rewrite. Upstream tracks this at
https://github.com/rroemhild/flask-ldapconn/20

-nik


signature.asc
Description: PGP signature

Bug#884483: stretch-pu: package xrdp/0.9.1-9+deb9u1

[Dominik George]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I'd like to update xrdp in stretch for two important bugs:

 1. #882463, CVE-2017-16927: Local DoS
Security team says it's not critical enough for stretch-security and I 
should instead
target stretch-pu (although I disagree).

 2. #884453, High CPU load in ssl_tls_accept
Remote users could use up quite a lot or all system resources by keeping 
TLS contexts
in a certain state.

Please find the debdiff attached.

Cheers,
Nik

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlo0F1gxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8paeRA//apbQ6DhlOkmV6C5+bQ3dSPK0BYbV
CAEwhIVSNSsIr7M8726DcoRPIcfdkmU9sE6T84QXf8wShBzoGPTjI9WWIhkwOF2o
UuBWZ68wKnQ7A4wuH9br5TYkeF6TDHpct7PE2N+p/BlihXUuUqReXqa4KSjtmKuj
l5Q2VJUyUUwyNlZWash8wAY+NmRqpF681sMJCol1v3LQ3F5JUije2rayw//2tdYW
HGBYAZEzU/FXZEQyfS6507lyjjiGLWmiwYSGvpvEyr5dg1rJCDNr4P4KH9qbUYLS
4LVpbh8FcsGlnopyjlW9z791upwHUpyyJD2+GTda3zBCTIlTwII7+NJ3L5jpYL//
JDXAigt1H09vb2ZYcfjm/P2gqd6yIP9PZDeBjetgQ2Z+pD8/1BrzG/OUd1glxNXU
kElHUMvJQxv5jm6XKPldcoBN2CQqwm9NOxiQsx/DyEyhAEpL78+sg1hZ+oPUrj4j
I/vX9CGE30mWCEwU6PQqkYS8urN+bvVVFYFO8jM+xYeJZTjwvnjPJkgp89+poGzp
ZeRPYyY9+OxMMJJke3aSvrU5wXXpePvz29/KXzAuOTsLavkeL1RQkW7NPtHWtCYk
qKICivi10AqLY2Ye2PScnUdAdgJ6spye/b2hju1Hzrz3oeUlxBd5ME2v90QsvbVq
CW0Pxt5DlSX9Ir8=
=8FZ1
-END PGP SIGNATURE-
diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
--- xrdp-0.9.1/debian/changelog 2017-10-18 11:56:31.0 +0200
+++ xrdp-0.9.1/debian/changelog 2017-12-15 19:28:28.0 +0100
@@ -1,3 +1,10 @@
+xrdp (0.9.1-9+deb9u2) stretch; urgency=medium
+
+  * Fix CVE-2017-16927. (Closes: #882463)
+  * Fix high CPU load on ssl_tls_accept. (Closes: #884453)
+
+ -- Dominik George <n...@naturalnet.de>  Fri, 15 Dec 2017 19:28:28 +0100
+
 xrdp (0.9.1-9+deb9u1) stretch; urgency=medium
 
   * Fix high CPU load on SSL shutdown. (Closes: #876976)
diff -Nru xrdp-0.9.1/debian/patches/cve-2017-16927.patch 
xrdp-0.9.1/debian/patches/cve-2017-16927.patch
--- xrdp-0.9.1/debian/patches/cve-2017-16927.patch  1970-01-01 
01:00:00.0 +0100
+++ xrdp-0.9.1/debian/patches/cve-2017-16927.patch  2017-12-15 
19:28:28.0 +0100
@@ -0,0 +1,137 @@
+From: Idan Freiberg
+Subject: sesman: scpv0, accept variable length data fields
+Origin: 
https://github.com/neutrinolabs/xrdp/commit/ebd0510a7d4dab906b6e01570205dfa530d1f7bf.diff
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
+--- a/sesman/libscp/libscp_v0.c
 b/sesman/libscp/libscp_v0.c
+@@ -157,7 +157,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ struct SCP_SESSION *session = 0;
+ tui16 sz;
+ tui32 code = 0;
+-char buf[257];
++char *buf = 0;
+ 
+ if (!skipVchk)
+ {
+@@ -222,27 +222,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ 
+ /* reading username */
+ in_uint16_be(c->in_s, sz);
+-buf[sz] = '\0';
++buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+-
++buf[sz] = '\0';
+ if (0 != scp_session_set_username(session, buf))
+ {
+ scp_session_destroy(session);
+ log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error 
setting username", __LINE__);
++g_free(buf);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
++g_free(buf);
+ 
+ /* reading password */
+ in_uint16_be(c->in_s, sz);
+-buf[sz] = '\0';
++buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+-
++buf[sz] = '\0';
+ if (0 != scp_session_set_password(session, buf))
+ {
+ scp_session_destroy(session);
+ log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error 
setting password", __LINE__);
++g_free(buf);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
++g_free(buf);
+ 
+ /* width */
+ in_uint16_be(c->in_s, sz);
+@@ -268,9 +272,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ 
+ if (sz > 0)
+ {
++buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
+ scp_session_set_domain(session, buf);
++g_free(buf);
+ }
+ }
+ 
+@@ -281,9 +287,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ 
+ if (sz > 0)
+ {
++buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
+ scp_session_set_program(session, buf);
++g_free(buf);
+ }
+ }
+ 
+@@ -294,9 +302,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ 
+ if (sz > 0)

Bug#880720: updated xrdp: Failed at step RUNTIME_DIRECTORY spawning /bin/sh: File exists

[Dominik George]

> dpkg: erreur de traitement du paquet xrdp (--configure) :
>  le sous-processus script post-installation installé a retourné une erreur de 
> sortie d'état 1
> Traitement des actions différées (« triggers ») pour libc-bin 
> (2.19-18+deb8u10) ...
> Des erreurs ont été rencontrées pendant l'exécution :
>  xrdp

Unfortunately, I cannot read this. Please run with LC_ALL=C.

-nik


signature.asc
Description: PGP signature

Bug#884453: xrdp: 100% CPU load on ssl_tls_accept

[Dominik George]

Package: xrdp
Version: 0.9.4-1
Severity: important
Tags: upstream pending
Forwarded: https://github.com/neutrinolabs/xrdp/issues/954

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

There is an infinite loop in ssl_tls_accept. It makes xrdp cause very
high CPU load, and malicious clients can exploit this by keeping many
SSL sessions open in this state.

More details in upstream bug tracker.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlozougxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYvEBAAiwnWk+2aIbHcP+hvGSGuSugJhJwF
iiglKO4TF5/s8Iof8U2Tt2CtyNgMOGpjd4cLW9TLkEGKDDH9Z6o/oZ9c8vvjBPay
fFD7Nrq7XU2v5+E1LaiWj7wOi8XQmQAc6ID320VFMbMo9gHNJG1u9h/wyV+HsRKQ
WSKD0dDXFxN7m2E4ECzwZugeihvPH0o1+f9i2vf4HlAkylkNgCqUesFadf6YDICM
07IZCkU9TT9AJ4LinYH9DhcJmU03mWsjP2lh2hpBFRzjXLjhEojkYD+Y29rQE8RJ
J6bYyBGdC22kvdmvDuG9UqjbM0O9fMuefyDVdn2lxEs0f2RgQkH8jOOLYzo7DqcY
S0UA8Zaxo8u+mJSnwLoy7+O0Kc5QdnIbfpfRI/JjBtvklMnbGMe+QcyQJ/RsUZuK
K9rcg+MKLyO8oAnGtiB3u1b6fCMt4VrGxDia/yoge1QQo340lYzsyvrdNUsR7kkc
QvGm2RAI7n0YFWmHhifOUGw6GtCqTfFcU+EGcOY9/ZZjNem2Ki915EYEDXTqq0Z/
qcEz4UQUWCdCyjv9Ik+ZvFAAwmFH+qCHltWmBkbK1jUK6S4v13PmB9k70ZzF59zb
VKD6iAKvTihO0dHGtZN9CIhJHpB8z6dLm8hdSJdjfeyXAxvJoh8AUzRUP8uycGXC
1my6qMZiBSXT+/M=
=dnOz
-END PGP SIGNATURE-

Bug#882463: Wheezy update of xrdp?

[Dominik George]

Hi,

> Would you like to take care of this yourself?

Not really. Go ahead ☺.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#849325: RFH: heimdal

[Dominik George]

> There are two maintainers in Debian (Brian May and myself), but we're quite
> time constrained. It would be great to have some help dealing with the current
> backlog in bugs and keeping up with more upstream releases.

As discussed by private mail, I will be helping in maintaining heimdal.

-nik


signature.asc
Description: PGP signature

Bug#878144: Remote unauthenticated DoS in Heimdal-KDC 7.1 (Debian)

[Dominik George]

Control: forwarded -1 https://github.com/heimdal/heimdal/issues/353

Hi Brian,

On Tue, Dec 05, 2017 at 09:22:05PM +1100, Brian May wrote:
> Dominik George <n...@naturalnet.de> writes:
> 
> > We can reproduce this issue at Teckids and have now closed the KDC to
> > the internet. It was intentional that users could get a ticket over the
> > internet, but heimdal-kdc crashed at the same code point with the same
> > cause regularly.
> 
> Sorry, very short of time lately. Are you able to submit a bug report
> upstream?

Done.

I will also happily prepare a patch for stable / stable-security once
upstream gave an opinion concerning the fix.

-nik


signature.asc
Description: PGP signature

Bug#878144: Remote unauthenticated DoS in Heimdal-KDC 7.1 (Debian)

[Dominik George]

Hi,

> We are running heimdal-kdc 7.1.0+dfsg-13+deb9u1 amd64 shipped with
> Debian stretch for our Domain and have discovered several crashes in the
> past few months. Investigation showed that dmesg contained several logs
> about segfaults:

We can reproduce this issue at Teckids and have now closed the KDC to
the internet. It was intentional that users could get a ticket over the
internet, but heimdal-kdc crashed at the same code point with the same
cause regularly.

-nik



signature.asc
Description: PGP signature

Bug#882085: [cowsay] Package includes ASCII representation of Zoophilia

[Dominik George]

> In fact, the package was installed since I have turned on install
> suggests. If this was done on purpose or accident is not open for debate.

It is. I'm sorry, but in fact, your concern should be that you are obviously 
unable to control what you install on your system. You can read a handbook on 
this topic - but please leave unrelated maintainers alone - they are not the 
support crew for your personal system's administration.

The fix is to purge the package and look and think next time you install 
packages.

-nik

Bug#879177: Remmina: Not connecting to Windows 7 using RDP connection

[Dominik George]

Control: tag -1 moreinfo
Control: reassign -1 remmina-plugin-rdp

Hi,

>* What led up to the situation?
> 
>   Tested connection to my work desktop after upgrading to Buster
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
>   Tried various settings, installed vinagre, which works fine.  But 
> Remmina won't open an RDP connection.

Which of (rdesktop|freerdp-x11) have you installed?

Cheers,
Nik

Bug#878996: stretch-pu: package xrdp/0.9.1-9

[Dominik George]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear stable release managers,

I would like to update xrdp in stretch.

xrdp 0.9.1-9 has a bug marked as important in the BTS, causing xrdp to
go into an endless loop whewn shutting down an SSL context and causing
very high load on the system when it does.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876976

Find attached the debdiff between the current stable version and the
proposed update.

Cheers,
Nik

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnnJwkxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZwuRAApyqFBZMpTFICL5NOrVXnC43+W0I5
q2ft6ukZ+9nhSMYsFCohxtqthfzn3YW2CcSHBmfk5Ig/+UST+zARiw48qM+a0/pW
Wr9gsK2UMlnSve1R/4kw5NKfFfAxTF1L+JGvvAbEwfsM42jLdQkQOb/7uc8oe+bE
OEKs+HvU5PcsAGv4beoLANtWzikg1nIoukppyRPaZx3HY3iGZv5NVRmrY68mWYHM
/Z8dv4spg6qpCOt8PrMmIe7K2SbS4apUKNDjbgh/BFAkHSKQs3xpBKeGmtFak4oM
mc2GmvHfcDG74qqNOn0Z/NwKaQhBUWjEx/Ok45ctNWcKObk5WZ02G5zrhYz7K7J6
Y0QKoC+f1E8zH0iQAhW80AaOIFZfT1OonNLpxQcc/JECQYSIxZsr/e6EAEeQWCeV
OUCLZh/7tBpnRwzXKAEr36QGlKfyjtchCnbgfFO+2yiaOIc2mn8Lx5QgSUnv+vlV
HGqVvdtZecDKz862zKew495Xuf16gBxg95zS5sfKzLEG+xzspr41Pve+QC25rJry
BV3OsrS4IhpMaOUQEyJhY+AncWX0ZvWQraPF7Ise5YWiI5sjIFGmQkjqjoT2QiB/
pFYnOUaPv7zkPaBI3NL4+GZyMskPba16gnL0032HrIRhFdAerXd6bUBtX50Gq9FF
jfjCKuq2/VZbMzY=
=z88f
-END PGP SIGNATURE-
diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
--- xrdp-0.9.1/debian/changelog 2017-05-04 18:59:10.0 +0200
+++ xrdp-0.9.1/debian/changelog 2017-10-18 11:56:31.0 +0200
@@ -1,3 +1,11 @@
+xrdp (0.9.1-9+deb9u1) stable; urgency=medium
+
+  * Fix high CPU load on SSL shutdown. (Closes: #876976)
++ xrdp could in some situations cause permanent high load on a
+  system if an SSL shutdown got into an endless loop.
+
+ -- Dominik George <n...@naturalnet.de>  Wed, 18 Oct 2017 11:56:31 +0200
+
 xrdp (0.9.1-9) unstable; urgency=high
 
   * Revisit incomplete fix for CVE-2017-6967. (Closes: #858143)
diff -Nru xrdp-0.9.1/debian/patches/fix-876976.patch 
xrdp-0.9.1/debian/patches/fix-876976.patch
--- xrdp-0.9.1/debian/patches/fix-876976.patch  1970-01-01 01:00:00.0 
+0100
+++ xrdp-0.9.1/debian/patches/fix-876976.patch  2017-10-18 11:53:29.0 
+0200
@@ -0,0 +1,16 @@
+From: Jay Sorg <jay.s...@gmail.com>
+Origin: 
https://github.com/neutrinolabs/xrdp/commit/2c96908ea500880c71d3593dd2b2b5b5275bdbf5
+Subject: if SSL_shutdown fails, only call one more time
+Bug: https://github.com/neutrinolabs/xrdp/issues/872
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876976
+--- a/common/ssl_calls.c
 b/common/ssl_calls.c
+@@ -754,7 +754,7 @@ ssl_tls_disconnect(struct ssl_tls *self)
+ return 0;
+ }
+ status = SSL_shutdown(self->ssl);
+-while (status != 1)
++if (status != 1)
+ {
+ status = SSL_shutdown(self->ssl);
+ if (status <= 0)
diff -Nru xrdp-0.9.1/debian/patches/series xrdp-0.9.1/debian/patches/series
--- xrdp-0.9.1/debian/patches/series2017-04-27 12:48:33.0 +0200
+++ xrdp-0.9.1/debian/patches/series2017-10-18 11:50:09.0 +0200
@@ -10,3 +10,4 @@
 kb_jp.diff
 highres.diff
 cve-2017-6967.diff
+fix-876976.patch

Bug#878887: ITP: php-react-child-process -- Library for executing child processes

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-react-child-process
  Version : 0.5.0
  Upstream Author : Cees-Jan Kiewiet
* URL : https://github.com/reactphp/child-process
* License : Expat
  Programming Lang: PHP
  Description : Library for executing child processes


Needed for movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/sgxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZDExAAlTm6cGPF7Cu+of/DKsIAgbbYbzhu
qTpimPWioaJe+vdgsBu8VGMwpo85YVlTC+SYplEMBwV42V3g4z8PMglb3RkntkC5
+EMq4DpPf/HgRxSWb78BTXr9QT7lU1NRxEiJJoq/X4S4Z1bDGya4o/H6Tm4z8atE
9pr52KHudMkDyxHMuKEOuAttxJojEFdoUBjE2kAc/sajc88SUg9p7Kw+MVqJqrYj
g5c1OfwzCcys9xRiHEbKIlTX2E0yn0aap0GU6qKhvfA/SMag+iGAb6Gr9SL4BoV5
UiERLv4lRggTPvsMcdRljU+pqJwe7VMjMpzRsI4x6Gq7rWNxYIuz8uEgryN644SZ
WW5GDUxlbwnecV1CywVPpGi0CFbjJj53kizCwhp0r2QrR1saLP5DDpqolWe18AIE
mVQ4YIftE/N/eWSy8akdZmDineEPwnsXtl3o0NVE8N8Jrn17z96it4WqgQJSNb0O
yt5/mCJkUVd2Lykr8BGievdHf1Jt76GxO8iKSazdI+b4GtONPPDCcZw1bfFYA1MS
tBMGyPxhfTN+D5cumQ5I3n8sTEaw0WznXL3ZwqHmD5LGWc2UQ06S04E32NYuSB+J
kxlHg2OuRn0n5/YZgT3CJgXJV4Byhyr15xstXuoPIrCgpraebrniRIV/JjPfVyBN
wBrtk621FfD8qAs=
=yVZu
-END PGP SIGNATURE-

Bug#878886: ITP: php-encryption -- Simple Encryption in PHP

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-encryption
  Version : 2.1.0
  Upstream Author : Taylor Hornby
* URL : https://github.com/defuse/php-encryption
* License : Expat
  Programming Lang: PHP
  Description : Simple Encryption in PHP


Needed for movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/i8xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pa74A//apYzRf/zsUE4I+NBOszVf1RQZlYu
dwRdOcKustUtvP35apjtxfwYNC3pwg2odcSnDw+nH7R3fwehtiGk2F8tVX6NW6Kr
bZEphtbN4i7RJCd0MhZSHBoOGLusa4HvWQbT9IAt3u31TSac+q6UNmehRAuWIo00
X6TaEHnYib+S3q3UVtmxSenC/b/BhSAo8z9sRZBR7L4SaFgW5xegeA3dX+YU6VPt
SOvSe+TooAGskOMgVsHKb8tC6f6Dj2ulHC2moEhEH08Pn6LRkX4hG2Cge58QXmVB
bHuiA+Vf87vC5mQIjSIoXg7a2JAjxK5z4DaA13iDGbkFX2m+5hd22PhFlH87bY9m
Bt+HOUcizhOHTfQo6188cZ7fAahqxWU1UsXQl1KomzWm8IxrzwIFdB1afxzm5OCY
P4n3oJs1Bz0wJLYAu/9/e/HkufjiCbidc60SuHFgVBDII+hblTRblQHqiLu5zw0g
kRP24+AO04u4WWJ7eMwUxzVDd8SNRll2Wd2YZtX9btYJnV99mMA8Zs27WZeK6q7D
4N1s204L330Rt/FFYigdrEJF09dO+tiUnApyIqP5MhI8q0shU8JMOQM+9ADTWtsw
BeXoNUV1XUcbIymNaoPeMIXvgkewp6nwnwNoyQGX/C0OiBnS5/xfMXGyNeWS24Kx
tGm+XbbrFi8wOEs=
=yz2Q
-END PGP SIGNATURE-

Bug#878885: ITP: php-fig-cookies -- Cookies for PSR-7 HTTP Message Interface

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-fig-cookies
  Version : 1.0.2
  Upstream Author : Beau Siemensen
* URL : https://github.com/dflydev/dflydev-fig-cookies
* License : Expat
  Programming Lang: PHP
  Description : Cookies for PSR-7 HTTP Message Interface


Needed for movim-pod.
-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/ZYxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYaihAAsY+5PilN3F7umx/22fCv3voPmaE/
ypdWPgZKxBIiNru2i2eIMhmycfBNPqLgQdkiKelz7W+v+Tl8aPT0895MFLofkbIq
isQHvIOwCAGfZ5kK9gui9QbI48p/ZlP/P/9thUjCf2xClPgOOHjmkl6KiJDKRTnR
f0UZOBbArsdWqUaOZF8RxBTNjNkED+/uKZgICFvrDPSeXVOn+adE5kY2p4hdM0lK
3vj/kWLwHanreQRDw7zPCNX3dcELn01Ku4jkuHVkFOmZwIEcMSBPTriiJC45vJ0t
xCxhxa+8iJlQ827a+QAeyFFDdBxaThRM3RQKTWXAC5EuJXqDN/cjsxWNsSJ32EQL
nGS6BFyDXzav7ueTTXNmjlhSw/hMZb9ytwAbszSe/itSymfXZtN/kqyZ1az30qA1
7e40K5n4WlBdA/mjb6tcdc9T1WJ9USzi/96+0g/dkx6ETdJRN1dUhXDk4U52lQFl
Hk6t2kRuGQ7xPq3lp6fBmAZED0T96z8CeNGZlbXS65qOkFvG1cEUqD55JkSRBMmm
NkY6qePZgHXeIUbypKS3LaMfEQtd2iGEpdrzAh5tg2oWq91UWNOg6QEM8+HW30uX
B3hnk5ra0Z9vd9g0kxQ5cqhDexzinPQpWtHyFqUvS9S/xVP3pl3+ViWNnGr8egWu
vMuGienYaUvfTFs=
=4lMY
-END PGP SIGNATURE-

Bug#878884: ITP: php-buzz-react -- Simple, async PSR-7 HTTP client

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-buzz-react
  Version : 2.1.0
  Upstream Author : Christian Lück
* URL : https://github.com/clue/php-buzz-react
* License : Expat
  Programming Lang: PHP
  Description : Simple, async PSR-7 HTTP client


Needed for movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/QcxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZuFA//Q/Sq1E7CkPy2Gcd2HsIfNVEmUy4I
pq4bY5s0B66iTMHiwTt5njKyOt4cTkRgFjekrjzOGLicjWMrrZyL5/GwDT/7vAXJ
W4I7hzXv4JRadu+FXq3wKM+e7jwOYGlJsJoruUk2Z8I78Tz+hLffiZ1+EJK8mAWv
DLUpJD00I+y2aexHGZRgIp9j2/XQDbSGK1In6uRiRxWV7H3Iazlb9vR/Njn3ULh9
MJ8UOl9ufE6iJzLm6R5SdtFm2dwbFGhL7KoVyZWfO0wmlkB5SVq2Q6g/e3nt/zOh
W9VYMXuZKvgU0oqpF4+VBq+hSnI6ctt3JiHEXAKYWinFVRf6f0pCq3XOygtV3J/I
CIgYIOsCceQYBTN5hsGoGwMn6J9zKlxmUxHwvhv39IgAeMnQjn4RJQwEYeW+N+8x
KWBMMfrrLlsOvNibyezIAQ03EABhkjZkm0mVPH9Xp+LuBTLfternYqwfCZbPIUO1
yzoJfs7meT2RC7SckPp/aVaKLatvE45uzlGG4nS/WNIoiWerlrLv4d8oBO/EK+6w
ouhd2OmcNZ5ZM9fA8rTqKPIBss9HW+vb2j9/BGJQs75rOFSD+5VmJV7qEgjGYAko
dqj3EaFyzzZKobDSbx2l4myFRGxbhDakDyo1S4YTMCqpJ2QCsJpNYqssgFSGD8dG
pPSjzqFqT9sc/6U=
=uPDo
-END PGP SIGNATURE-

Bug#878881: ITP: php-ramsey-uuid -- PHP 5.4+ library for generating and working with RFC 4122 version 1, 3, 4, and 5 UUIDs

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-ramsey-uuid
  Version : 3.7.1
  Upstream Author : Ben Ramsey
* URL : https://benramsey.com/projects/ramsey-uuid/
* License : Expat
  Programming Lang: PHP
  Description : PHP 5.4+ library for generating and working with RFC 4122 
version 1, 3, 4, and 5 UUIDs


Needed for movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl+54xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZUkBAAxSFHkcmyWnPuQe/lqm3MHIBzO/CE
GwbR7k90NBEXXzRNJlGhI2r24LxIfnH1c8tIsuBKqbkz+0yLeHGA9PizzDqsI520
kMQOi0468+1TOmCrSzX2l3nYFffjwMUEQD5sTit2sfhpEMIWuxqX3rqZV5IKXDFf
VLgrpvTbH+Jk0ezrCHs7l5qjhXShzwPMyLJg43sg5ktPpNi5sEwnd7zCICLfTBVF
jgoMYvbztlYYIH8W8DPO0t0Pz4b10AMjPw1ISSu+XqlkAahyuaNWiG5qHQAQ6yDs
ArQdbulk4Z8JcZ61h4no1hClARHRVhegizd+VoIRQmJ9q5QVO+qWbzYim95NG5vn
Ud2tbhwEpD5n6crf5prW6cWbT3aU62u2K+4TjQlmbymF5s57fsIvArBk/rSGLHK9
wTkjJ0ko4nm3eC9RYK7v8W0u7ARO7h5fpUh5k4Ux0D10eawm1qtpn5RzTxIA7gwx
NLT1+nF85HiZL6TqSwgnVrYXWqXEi4xuWOFHAXvUGb3e7Dkzlc4kUu3wU0WyCcQw
MM/pM3nwzACA9WdEc2L8vkNbZYFkKdXyJfzZPsvm95ZGLhkbRklOqlgYt/mFfdOO
oHCDcQOL/jLyGGB5aNcfnAxGo+XJuSajHjw3pAS0s2Q50hU4Ha/Lo/c021nGGLBh
2KnNKVb7qH5AtDQ=
=hSAj
-END PGP SIGNATURE-

Bug#878882: ITP: php-cocur-slugify -- Converts a string to a slug

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-cocur-slugify
  Version : 3.0.1
  Upstream Author : Florian Eckerstorfer
* URL : https://github.com/cocur/slugify
* License : Expat
  Programming Lang: PHP
  Description : Converts a string to a slug


Needed for movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/FoxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pY9uRAAoel0ZK70RBSr9V2jtlDyVh+RX5rx
+spqc1bl3pLA0wBDF6X88GuK7cg3rGuSoUYalE0C6y+gSPd5vMFSO9r6PbduE7QU
yP/akll7N5nGhLMx/otDU+7HLg/tK6sScqrOBSfIQxnV7tAQUafipbeOQlAiUeY/
JxMFu4TdhExZpomii5wS5dZrVLFgHe1PdMJgE8YvuzMr/qNRaWPUQ2ypePBVkmWT
B+yuLlSeRlmgJdndNxv1yd1GO0lg8lYLO1CKHxvmEd+4Cmcxk1Q7I6TsDkN8EYQw
TzNwRq/x3nLy8JMNcnE6nI0JEF56tZFiCr7di12zukJpAl5rA6RqMrLlzNLfOGNP
BO396ISrmgWmES8MHzX3YRGdWqMPPlhHoi8S7gP7VWldedKPgg/1DsL6SqEyt0DU
wCcUDgc1Ib4OVomr6KmXH9YD1DGqnglhUiZkeb1a2ebN5yyCRrMLrB7n/jceKkMu
KfeuYtK38RITkrDihpSvkRpPuAZM3eA8iSKmJ4yTugOy8RXHRhN9dAa/tZ/4hgQz
WnFYqCaKYGvhpwhq8o/oyLxCwEaVhrzf88QTXxvYXCFhjZa81fUNyNmZQJtlzWp6
MG+CJLrb0b3BpM0yWradvM3S2tBDR/G1QtUYgxc+f/yceL1Qiaq/nC6ttH/+xjVv
C+mfexgxwvQLFek=
=XPO8
-END PGP SIGNATURE-

Bug#878879: ITP: php-respect-validation -- validation engine for PHP

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-respect-validation
  Version : 1.1.14
  Upstream Author : Henrique Moody
* URL : http://respect.github.io/Validation/
* License : BSD
  Programming Lang: PHP
  Description : validation engine for PHP


Needed for movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl+r0xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbWXhAAiAbozwR7vL+p9n5wNTKZBLTS0Fzt
hz3gAOaAcb601OcLUh3h+4uZEV/u/63VlisMDOaqzb6u6h7CfL0KmqjtS8F2+ALP
I+l13WoJ2BQ5jeXBmgeenWtxSdLwB4m0fBcF9DdQGaXo6U5e4lVowCUm/g5Gz4x2
QZsTiMinrwOyGE7kC4iNknbTps3k5Jym/t6rcVf+fT7R40V8e/w8QEohSNgvztXj
40k5eCX6vEaLegReOoLUQfMrUtBSLeUHiLNBCqwxhleGP+PsUoQsOYAt7NnKb2rw
et9EPFC1nNxjVwhimkKI8U5j9XfUB+Qg6E7MMdEiM/AfwjWAJg+Ho7a3rf4KW4wF
2cAEFUjX8cUB740h8w1YhMezOfCCZWVts/WXPsRTF+rzdYbjXTAVUgHlH6Pkg+Vr
nrZ7DliQPVi9tMiczG4QnQc38FIzH5/f3VFKxonyz9TdZfOTV8Qtu4INMGzHZST8
VZDVfHT//SXECJRZyxgTJdSzys3+buHb7WcgG7NiAkOnS1xlu+BFRfCbKs+ZElYV
+UXeoXYtpo0CAmlJ/SkZ6WIy1u9oqna+oP4hfTIO9x0RjH/3UwGrnJr04w0/65QD
b1a0Hg8QT79jxgNg5hWc1rNV4AKHrRLl9LDgZ1epHpI4JJX2GnR8yMcI9Px3fiIV
6klHJ+kV9gkwJns=
=M//F
-END PGP SIGNATURE-

Bug#878877: ITP: php-react-http -- Event-driven, streaming plaintext HTTP and secure HTTPS server for ReactPHP

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-react-http
  Version : 0.7.4
  Upstream Author : Chris Boden
* URL : https://github.com/reactphp/http
* License : Expat
  Programming Lang: PHP
  Description : Event-driven, streaming plaintext HTTP and secure HTTPS 
server for ReactPHP


Needed for movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl+fgxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYTSQ//R10OopH2AyyPSoAWfDSDHiljQzpG
CCZ1miNtyzLT4HNBTjmEM4taLAzeShB8bb5D8oyoo9aktmTM5WuVw3kXBW12vcRW
QbBDKtVAY7NMMN56PTsVxN1fXNGXQTtuUw63+jbH8yG7ZMktbDThOljcvBdyR7If
w+7vhEEuwiUpgYcplFZTC1HjHj131pNIIDPtsBZr++dkfb8rnIcH71htftMIFbGO
63iXMTzz8DEqgHozsMpGjFijC85tx2vOMVpXF8iEbPCXlW7ne59pKZP21clDLZk0
XghKH4nQYWBBN87MgD4nnIe+dUvEyaEyIMYG70+9TP636uzNgLfNZ3XouO6fC/jT
qj4cmVHc4IjFIIJoEw5Gvk0HbohqtNgRGx5Eej646SNOb2msOeX9WTjVUyx7UFvJ
QNe8cymCtVul6hWxq6nxwG6tVMu6T4ohiSjItvL2rv532Rbm4qN62F9URd3KU4Bk
SWPooO5vcp2VAanWxP5m7lEgqGwEwy/BSB9kAj0VervbK9kOMjOtdKOZed0qMWix
i9+G4/fdd7aOUZQYSZPlPyhCvsUnDy8fNvgIlKKtSLBsBT+1iIJzjHX38Ke00ewE
vcYa6A+pM3wI8Hfi36HbzygJ4ra9YE4a75phIrmdyGixDXZQSGEodlFYya1ONWS5
CBcFU6+yrvzwk7o=
=/nCv
-END PGP SIGNATURE-

Bug#878876: ITP: php-ratchet -- PHP library for asynchronously serving WebSockets

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-ratchet
  Version : 0.4
  Upstream Author : Chris Boden
* URL : http://socketo.me/
* License : Expat
  Programming Lang: PHP
  Description : PHP library for asynchronously serving WebSockets


Needed for movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl+UkxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYVIRAAm5Jvdb3QjAfEKmEddcbC3lG7zGj1
gfs+d/0klpsfcr/ZFhV7dYJT/7/WbRasjbQv9W9iyPMqkbHiGk592xlnIs1C5EUp
dxnPEoDxW+d4TpejSclX32ya/Pijbs0QVyJHB2UKKy2H4yTT4tPau3jt2KBq0zIZ
M02erwORqJg5EfXiA9qYChpJxrW9ip/TX4+bttNPQcm5szXxFV8a7OuQ1smrqsJo
6NqWgx8GMS6tpzbeFcgl2Dm8S3PT3Yw9hSLMIL5hl3cd3yTMAXdTh4GZqgGbAYO8
NnzCH8nCjIaaPnR8LEcfUH8iYGVNXsePYISbEnX8m9lyGljaYiTXg3chPVpx8QUx
M1YJkKcskO5UCsGeEfATdtFs7cX7lJz+BRu+1Py7Or9ImMKAXqU0XGC5lxpQtxBu
bMfKhIeKn06OS1dqKNsvCez0Cj6vCpp81TxpxWIMtfrJk69TUuCpaSkYU66kim6c
+ezstknFjin6JNG1nKlS4qxF9R7GrgZFtqUG9uogEEzhHEwTZ+HahY1a4rD/gjAd
Id7c7blQp2wStVHtgDzkOD8cfzpm+JYCMZCFf+apz9XS7YfQgPCG5/q6LxExqlAn
UOJL5M+Ert0clhv6pVqKXggNToevzIkcqXnQ8yigTTPMWb52Nq1zlSKX0Oh7WRSQ
cruAMGcUZSqjLz4=
=Efgh
-END PGP SIGNATURE-

Bug#878875: ITP: twemoji -- Open-sourced Twitter emoji images

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: twemoji
  Version : 2.3
  Upstream Author : Twitter Inc.
* URL : http://twitter.github.io/twemoji/
* License : Expat, CC-BY
  Programming Lang: JavaScript
  Description : Open-sourced Twitter emoji images


Will be needed by php-emoji and in turn movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl9/MxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZ0uBAAjdfJWiXRaoId1uTkRqs55j0wASMd
AQUrMNkFHMpZWK3mkuB40eZ4QdV/iYZ9U2tkCmb8WQ5aKkZlCb5/Wz2UK2N4E1TJ
bros7dEozTBlzOodQ8p/jtcS4ccGx+2fyG0CWVB+lMCaU4PDIKYKWGh2nztX1sNh
VAyGgojSHvnoUmUmqOKEmV3EJInRS1x4MXcVqoDOz7a9eNjd8Xcl5cEBoi0Sr4ko
Cw5naoRbjCazIVZnVmzMq3OhoxwvVnLTEpxnMvX/FGFWjOI8QVnkcGlXsOVrYL+1
t9pFT3M7mqSs/gIIidr2744hPke+mKv7PmVafyrpB2hNgpSIjbYJXculCf5l7nth
d7nADivffAPRI3U+AxOmhndcVZmnHT/2MlF+kCSvOYA+Ez/H+1bOVryq7lBVEz9W
+J7u7tq3PFvfYXlB4NeGbtl+aAi+hEY28coTdV/Z8ADa/KTnGbMeAnAZCQ0PDCKy
vBM6JuPpf/E1rCPCLYWdVjnieU1H7W9p0/6EGQge455mLxxPM2Lg5KeGEnISKkzv
VBIpPaMIiZHnWe1MTwGyh0EaSdowE7fmCvaZ3Q+n7ROvz+V2MF7nYxWgW0WTQKyO
2Duvqhk5+o5285RLszIr4hDFQpfnAuEQIvNnanRVUjJ/qWf7bNxh2zEH1L4Xjm1O
pnkTKfw8o66hJWs=
=y2Md
-END PGP SIGNATURE-

Bug#878873: ITP: php-emoji -- Emoji images from unicode characters and names

[Dominik George]

Package: wnpp
Severity: wishlist
Owner: Dominik George <n...@naturalnet.de>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: php-emoji
  Version : 1.0.0
  Upstream Author : Tom Graham
* URL : https://github.com/heyupdate/emoji
* License : Expat
  Programming Lang: PHP
  Description : Emoji images from unicode characters and names

Emoji images from unicode characters and names (i.e. :sunrise:). Built
to work with Twemoji images.


Will be needed by movim-pod.

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl9wwxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8paqrhAAnQ5xM9RkAELmy1eBIbTZ3eHlV54E
6ZnpS4oWf3Qskn30ZUkUtMZzdEwp2HXwcMB3nTmXtwun5P3OMdIvGNDfstQqD6tH
undnuK22q2F9gCbpP9SN1ymZC2M0IaVjQgccGDcQu3eTD5h7iWD/L8k2FlSxAMqj
+spcO/xaDXZL4y5rUpA+idMmK7Kcz4WFmzAYBPR0Ap1PXt3/ZIJpSQwW/jtlbx3C
XMNVdwmwXuR8xRL2xfGO6/GKi1LkjT/NgaCuVDqbP/zboER86PxFmTmFzHyW98RT
Tqwg6MFFd0d/r0vHYdvVI9Ms21psOtKB9op0amImrNUCdpgjPWNfRaMlcOzdmPz6
o6Np0WTFeyCtZn5tZP+XtGMs9TQK1OjT785y1/V2/5N4FHyh8BVQB7zzccQysBOd
zT8F0USWKHYbVG3nbLyMzzqvNMH1MHlGN6vxH1y8kup5lI5x23mb4Yrk6ffpZC7T
OYoCleIPwzypx9yHdM/VHZDDuNRWEc++NKEA/GT9v6wMIaBlzgIIRc6740VMlMLD
Cwy1CzSkIOcdeT8MMiQZjNydfi/xObaeA5nEHFTOyMoCa1KZfu/MME7Pp7+Rp4TG
q8K+ufkljzgX3w9EZtUxH43imtQkQ9LuwhRnyaciUt5dGKdO4j28G1hbEzLZV+Gn
zXUTNQ6dHwnjDJs=
=FK1X
-END PGP SIGNATURE-

Bug#878148: cups: Default ServerName wrong/not in sync with manual

[Dominik George]

Hi,

> > I said that I cannot access CUPS from the local network, not from loopback.
> 
> The title of this bug is "Default ServerName wrong/not in sync with manual". 
> I'm not sure I understand whether you think the documentation should be 
> changed, or whether the _code_ should be changed. Could you please clarify?
> 
> From the documentation, you need to have both a network-accessible IP in a 
> `Listen` stanza, as well as the hostnames you want the scheduler to be 
> accesssible to be listed in either `ServerName` and/or `ServerAlias`.
> 
> What I can say is that from the source (scheduler/conf.c, around lines 956 in 
> stable) https://sources.debian.net/src/cups/2.2.1-8/scheduler/conf.c/#L956
> 
> >   else
> >   {
> > if (gethostname(temp, sizeof(temp)))
> > {  
> >   cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
> >   strerror(errno));
> >   strlcpy(temp, "localhost", sizeof(temp));
> > }
> > cupsdSetString(, temp);
> … ServerName is set from gethostname(2), which, by their manpages, return the 
> same value as hostname(1), aka uname(2)'s nodename, which you can retrieve 
> from $ uname -n.

Right. Now read the man page:

  ServerName hostname
Specifies the fully-qualified hostname of the server.  The default 
is the value reported by the hostname(1) command.

Neither gethopstname(2) nor hostname(1) nor uname(2) return the
*fully-qualified hostname of the server*.

So the default used is NOT the FQDN, while ServerName shall be set to the FQDN.

So: The code should be changed…

> 
> ServerName is set around these lines and there are various heuristics which 
> add ServerAliases to that configuration. All these are logged at the 'debug' 
> level. I've added a patch to log the ServerName cups takes:
> 
> --- a/scheduler/conf.c
> +++ b/scheduler/conf.c
> @@ -891,6 +891,7 @@ cupsdReadConfiguration(void)
>  }
>  
>  cupsdSetString(, temp);
> +cupsdLogMessage(CUPSD_LOG_DEBUG, "Set ServerName %s", temp);

…especially as these heuristics try to generate the base host name by
stripping the domain part from the ServerName, expecting it to be the
FQDN.

> With this in place, and debugging enabled via `cupsctl --debug-logging` (see 
> [0] for a very good documentation), a restart of the server gives me:
> 
> D [12/Oct/2017:17:21:25 +0200] Set ServerName gyllingar
> D [12/Oct/2017:17:21:25 +0200] Added auto ServerAlias gyllingar
> 
> And:
> $ hostname -f
> gyllingar
> 
> What is it that you get?

$ hostname
foo
$ hostname -f
foo.example.com

Still, CUPS only responds to foo, not foo.ezample.com.

(Please mind that your system seems to be misconfigured and does not
return the FQDN with hostname -f!)

> And do you still think there's discrepancy between 
> code and documentation? If so, which one do you think is wrong?

The code is wrong. It should use the FQDN, like reported by hostname -f,
as default for ServerName, probably by resolving the name it got from
gethostbyname() twice (like hostname -f does).

-nik

Bug#878148: cups: Default ServerName wrong/not in sync with manual

[Dominik George]

>CUPS' behaviour is intentional. It rejects requests addressed to the
>system's FQDN host which are received over the local loopback
>interface.
>127.0.1.1 uses the loopback interface.

Good thing I do not route 127.0.0.0/8 in my network - that wouldn't work anyway.

I said that I cannot access CUPS from the local network, not from loopback.

-nik

Bug#878148: cups: Default ServerName wrong/not in sync with manual

[Dominik George]

> Does either 127.0.0.1 or 127.0.1.1 in /etc/hosts map to your FQDN?

The base host name of the system is resolvable to its FQDN and
`hostname -f` returns the correct FQDN.

Yet, as reported, CUPS only accepts the base name as reported by
`hostname`.

-nik

Bug#878148: cups: Default ServerName wrong/not in sync with manual

[Dominik George]

Hi,

>> What I report - and what is a fact - is that CUPS as installed from
>> the Debian package does NOT WORK under normal network conditions,
>> because it REFUSES to accept requests under its own FQDN.
>> 
>> That the docs tell it should accept those requests is another part of
>> the bug.
>
>Perhaps a testable example would clarify matters?

1. Install Debian on foo.example.com
2. Install CUPS
3. Open http://foo.example.com:631 in a browser

-nik

Bug#878148: cups: Default ServerName wrong/not in sync with manual

[Dominik George]

Hi,

>If you feel there is an upstream issue in the documentation there is
>
> https://github.com/apple/cups/issues/new

Have you read devref? It's your responsibility as package maintainer to forward 
bugs upstream.

https://www.debian.org/doc/manuals/developers-reference/ch03.en.html#upstream-coordination

If you do not want to handle bug reports, please do not maintain packages.

What I report - and what is a fact - is that CUPS as installed from the Debian 
package does NOT WORK under normal network conditions, because it REFUSES to 
accept requests under its own FQDN.

That the docs tell it should accept those requests is another part of the bug.

-nik

Bug#878148: cups: Default ServerName wrong/not in sync with manual

[Dominik George]

Control: reopen -1

On Wed, Oct 11, 2017 at 07:35:25PM +0100, Brian Potkin wrote:
> It is common to use manualpage(x) as a shorthand to instruct a user to
> run the command 'man x manualpage'. Following the advice in hostname(1)
> does result in the fully-qualified hostname being displayed when the
> hostname command is used with the correct option.
> 
> (Granted the command 'hostname' does not return a FQDN, but that isn't
> what is being advised).

Thanks for teaching me UNIX basics, which is certainly not necessary -
but no matter how to read a mnual page:

The bug that CUPS does *not* default to the FQDN remains. CUPS *only*
allows the hostname part, *not* the FQDN by default, probably because
the authors use a system where the FQDN goes in /etc/hostname.

-nik

Bug#878148: cups: Default ServerName wrong/not in sync with manual

[Dominik George]

Package: cups
Version: 2.2.4-7
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

- From cups.d(5):

   ServerName hostname
Specifies the fully-qualified hostname of the server.  The default 
is the value reported by the hostname(1) command.

This is plain wrong in itself, because hostname(1) does not return the
FQDN (except when run with -f). Consequently, CUPS does not listen to
requests to its FQDN by default.

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cups depends on:
ii  cups-client 2.2.4-7
ii  cups-common 2.2.4-7
ii  cups-core-drivers   2.2.4-7
ii  cups-daemon 2.2.4-7
ii  cups-filters1.16.4-1+b2
ii  cups-ppdc   2.2.4-7
ii  cups-server-common  2.2.4-7
ii  debconf 1.5.63
ii  ghostscript 9.21~dfsg-1
ii  libavahi-client30.7-3
ii  libavahi-common30.7-3
ii  libc-bin2.24-17
ii  libc6   2.24-17
ii  libcups22.2.4-7
ii  libcupscgi1 2.2.4-7
ii  libcupsimage2   2.2.4-7
ii  libcupsmime12.2.4-7
ii  libcupsppdc12.2.4-7
ii  libgcc1 1:7.2.0-7
ii  libstdc++6  7.2.0-7
ii  libusb-1.0-02:1.0.21-2
ii  poppler-utils   0.57.0-2
ii  procps  2:3.3.12-3

Versions of packages cups recommends:
ii  avahi-daemon 0.7-3
ii  colord   1.3.3-2
ii  cups-filters [ghostscript-cups]  1.16.4-1+b2
ii  printer-driver-gutenprint5.2.13-1

Versions of packages cups suggests:
ii  cups-bsd   2.2.4-7
pn  cups-pdf   
ii  foomatic-db-compressed-ppds [foomatic-db]  20170723-1
ii  hplip  3.17.7+repack0-3
ii  printer-driver-hpcups  3.17.7+repack0-3
ii  smbclient  2:4.6.7+dfsg-2
ii  udev   234-3

- -- debconf information excluded

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlncx+kxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pY2bBAAxGfO/4wB0jH966NSw/rC74I7+6Le
DMZfeQGVz1KSJAcTla7Ttm4Na672X1q1/twcL5Db/jzHHHDgpy4iHqNGrr4HIodS
TV7SlzK50My9KdijiEXMIU+CUvbqOWktNwD6TIvYEt+3unXthXJ/3gd46SKOHYvc
XV210i/etitom+95zw7hW0nLmSR+lzgDh9RH8e39rjJGq3T0fnPlE7FBuByjSsRq
3PDF5MABzGgSrCRxIroc9yoXxkM6AIrbkQz/IGR1NZWO52Dbn1MZdvSkhe5N7TRS
tJaSz3XaZa21RpX+JJrwxXyjnHaF4QU/6W7h2JvFq5CiLcWPXPdWYBpoVxMOJKVX
glXMKHD3K1rjP7GhcHJHogAe1azuYIhob7KqMfGy9bHkEcRVcVyzE8UGSHh0IXMP
z1k+WZjDII4DN/kxCGiJuzL5sSFAgl1DpNgLUEOxEw1lfty7jWD6SL8lU0jX5PiU
9mFKK1KSEeQ1LPTMBtZHwjlX0ABGVRrthbMjge79UWjdd1zG7H6ImP30o4xU7teH
IobNWEtYnZUFNVzdzNSjGIOZcmDou2k4FHvjfbjwrYRBqji1SJ7G6CNvm3TRwPJM
9Bt0t/JqSsooT7/Ui45p7bXLWqmhQcbomwGFIPUhP4jbxnZOiqFOQrOK2Io06vfw
JLVI1qwZXGqzG4o=
=4EIV
-END PGP SIGNATURE-

Bug#876376: debian-edu: autofs daemon on combined server breaks homes and NFS

[Dominik George]

Hi,

> TL;DR; Please revert your change that hard-codes tjener in debian-edu.git
> (42b28ab02). Here is why...

As I see, Holger already did it… I was on holiday over the long weekend.

-nik


signature.asc
Description: PGP signature

Bug#876376: debian-edu: autofs daemon on combined server breaks homes and NFS

[Dominik George]

Source: debian-edu
Version: 1.924
Severity: important
Tags: patch

When updating a jessie combined server (a machine with the Main Server,
LTSP-Server *and* Workstation profiles), autofs-ldap is pulled in as
Recommends from education-networked-common. Enabling autofs and
autofs-ldap on tjener results in /skole being hidden by the autofs
mountpoint.

Bug#873476: coreutils: /bin/cat doesnt display a line of a txt file without an end of line

[Dominik George]

Hi,

> I've a "VERSION" file for a package (not from debian) and this file doesnt 
> have a 0x0A at the end of the line.
> cat doesnt display any contents (less does).
> If I add lines before the offending line, these lines are displayed but not 
> the last one.
> 
> Attached: the VERSION file which contain a single line and the TXT file which 
> contains 2 lines, the second one without a 0x0A.

Your file is not a text file and it does not contain such a thing as a line.

POSOX3.206 Line
A sequence of zero or more non-  characters plus a terminating 
 character.

I also cannot reproduce your bug. Maybe you can post a screen dump?

-nik

Bug#873271: pam-krb5-migrate: install paths are wrong

[Dominik George]

Source: pam-krb5-migrate
Version: 0.0.11-4
Severity: grave
Justification: renders package unusable

Both the PAM modules and the pam config are installed into
sub-directories instead of their correct places. This makes the package
unusable without moving files in system locations around beforehand.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#865361: linux-image-4.9.0-3-amd64: kernel stuck at boot on HP ProLiant DL360 G4p

[Dominik George]

Hi,

> After upgrading my systems to debian 9.0, which provides a 4.9.0-3-amd64 
> kernel
> our HP ProLiant DL360 G4p Systems stop booting the kernel and complain about
> a bug (NMI watchdog: BUG: soft lockup). This concerns all our DL360 G4p 
> devices,
> others seem to work so far. On the affected machines I need to boot the former
> active 3.16.43-2 kernel.

We also ran into this problem yesterday when setting up an old system as
our new firewall.

It turned out that disabling the APIC table (MSP table) in the BIOS
helps, but only at first boot. Once the kernel itself has set up the
tables, after a reboot, it will be stuck again and the machine must be
power-cycled.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#870767: gitlab: editing issues does not work

[Dominik George]

Package: gitlab
Version: 8.13.11+dfsg1-8
Severity: important

The "Save changes" button in "Edit issue" leads to a 404 error and does not 
save the issue.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gitlab depends on:
ii  adduser   3.115
ii  asciidoctor   1.5.4-2
ii  bc1.06.95-9+b3
ii  bundler   1.13.6-2
ii  dbconfig-pgsql2.0.8
ii  debconf [debconf-2.0] 1.5.61
ii  git   1:2.11.0-3
ii  gitlab-shell  3.6.6-4
ii  gitlab-workhorse  0.8.5+debian-3+b2
ii  init-system-helpers   1.48
ii  libjs-chartjs 1.0.2-1
ii  libjs-clipboard   1.4.2-1
ii  libjs-fuzzaldrin-plus 0.3.1+git.20161008.da2cb58+dfsg-4
ii  libjs-graphael0.5+dfsg-1
ii  libjs-jquery-cookie   11-3
ii  libjs-jquery-history  11-3
ii  libjs-jquery-nicescroll   3.6.6-1
ii  lsb-base  9.20161125
ii  nginx 1.10.3-1+deb9u1
ii  nginx-full [nginx]1.10.3-1+deb9u1
ii  nodejs4.8.2~dfsg-1
ii  openssh-client1:7.4p1-10+deb9u1
ii  postfix [mail-transport-agent]3.1.4-7
ii  postgresql-client 9.6+181
ii  postgresql-client-9.6 [postgresql-client  9.6.3-3
ii  postgresql-contrib9.6+181
ii  rake  10.5.0-2
ii  redis-server  3:3.2.6-1
ii  ruby  1:2.3.3
ii  ruby-ace-rails-ap 4.1.1-1
ii  ruby-activerecord-session-store   1.0.0-2
ii  ruby-acts-as-taggable-on  4.0.0-2
ii  ruby-addressable  2.4.0-1
ii  ruby-after-commit-queue   1.3.0-1
ii  ruby-akismet  2.0.0-1
ii  ruby-allocations  1.0.3-1+b2
ii  ruby-asana0.4.0-1
ii  ruby-attr-encrypted   3.0.1-2
ii  ruby-babosa   1.0.2-2
ii  ruby-base32   0.3.2-3
ii  ruby-bootstrap-sass   3.3.5.1-5
ii  ruby-browser  2.2.0-2
ii  ruby-cal-heatmap-rails3.6.0+dfsg-1
ii  ruby-carrierwave  0.10.0+gh-4
ii  ruby-charlock-holmes  0.7.3+dfsg-2+b3
ii  ruby-chronic  0.10.2-3
ii  ruby-chronic-duration 0.10.6-1
ii  ruby-coffee-rails 4.1.0-2
ii  ruby-coffee-script-source 1.10.0-1
ii  ruby-connection-pool  2.2.0-1
ii  ruby-creole   0.5.0-2
ii  ruby-d3-rails 3.5.6+dfsg-1
ii  ruby-default-value-for3.0.1-1
ii  ruby-devise   4.2.0-1
ii  ruby-devise-two-factor3.0.0-2
ii  ruby-diffy3.0.6-1
ii  ruby-doorkeeper   4.2.0-3
ii  ruby-dropzonejs-rails 0.7.1-1
ii  ruby-email-reply-parser   0.5.8-1
ii  ruby-fog-aws  0.12.0-1
ii  ruby-fog-azure0.0.2-1
ii  ruby-fog-core 1.42.0-1
ii  ruby-fog-google   0.3.2-1
ii  ruby-fog-local0.3.0-1
ii  ruby-fog-openstack0.1.6-4
ii  ruby-fog-rackspace0.1.1-4
ii  ruby-fogbugz  0.2.1-3
ii  ruby-font-awesome-rails   4.6.3.0-2
ii  ruby-gemnasium-gitlab-service 0.2.6-1
ii  ruby-gemojione3.1.0-2
ii  ruby-github-linguist  4.7.2-2
ii  ruby-github-markup1.5.1+dfsg-1
ii  ruby-gitlab-flowdock-git-hook 1.0.1-2
ii  ruby-gitlab-git   10.7.0-1
ii  ruby-gollum-lib   4.2.1+debian-1
ii  ruby-gon  6.1.0-1
ii  ruby-grape0.16.2-2
ii  ruby-grape-entity 0.6.0-1
ii  ruby-hamlit   2.7.5-1
ii  ruby-health-check 2.4.0-1
ii  

Bug#870066: python-flask-sockets: please support Python 3 and PyPy

[Dominik George]

Hi,

> thanks for bringing this to my attention.
> 
> > Please enable building the python3- and pypy- variants of the package.
> 
> As far as Python 3 is concerned, the problem is one of the dependencies
> of python-flask-sockets, namely python-gevent-websocket, which doesn't
> build a Python 3 binary package [1]. Please also see bug #756013 for a
> related discussion about how to proceed in this regard.
> I'd be happy to provide a Python 3 version once all dependencies are
> available as Python 3 versions. I myself only packaged
> python-flask-sockets as a dependency for a pure Python 2 application, GRR.

Thank you - I will look into that!

> 
> About the pypy variant, I'm not entirely sure what you mean with that.
> Could you please elaborate a bit?

There are three major Python implementations in Debian python2, python3
(both CPython) and pypy (PythonPython, a re-implementation of Python in
Python).

> 
> > I'd also propose moving the package under the Python Modules team for
> > team maintenance.
> 
> No problem at all. Will do so with an upcoming upload. I would also like
> some other Python packages to the team, if that's fine with you.

Please mind that there is more to it than just changing the Maintainer
field [0], plus the packaging repository must reside inside the DPMT
Alioth project.

Cheers,
Nik

[0] https://www.debian.org/doc/packaging-manuals/python-policy/

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#870112: gitlab-ci-multi-runner: please backport to stretch

[Dominik George]

Source: gitlab-ci-multi-runner
Version: 1.11.4+dfsg-1
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear maintainer,

it would be much appreciated if we could get gitlab-ci-multi-runner in
stretch-backports.

Kind regards,
Nik

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAll89XIxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYFeA/+PoEt8fc+iZMIPPpTfu1H1sLuE4eu
pa0WrtDPXGMh9/dLXn4aYUdbD3BpTBLmVO5P8KUk5lpVJr6MwQmkfBOaj7RUPQAL
gS3x7FsKHq4qrmkrntXkT5s9LQ07EzAPXYNeOI9mWwoQTob/SrIjiWEgR1ZZs1jq
Z0Xknkl8k5dB7VJnPYgQESIhu0ocTyFOr+khdlZffhkMcQ2nboBo0q+/gMYEZ1VD
4KlEGD4DO0Gd4jc9Kew2ybjkiscgLDh9/EauaJ3XeVrGfvkDnakOEmcYkfhqY3TA
Z7hQdYt8w3fwIi9nups5s6QglT4Ot1aJMXcQQD1wQ1oeT4lBG8WHkF3po73IkBBV
86lGteQ7c3H1K4FFnLtxMKBL7y11eWLHmq3Qq/sd4eh50WGU8arSHOhvmJeJX3NL
ZfHi/3bFJcEIG5ge1jMJ/gLdiFoJ8UHvhuGJv/lT1rR0OJZm1NxFVw/vbjUtGTXh
/1kheQ3v8z17BJToz7g67sxAmwvknn1nYt3cyo9gZf4GsSmMWtOz4tDN15VqYaih
zfD9elidaUjdyyZMCxxL0LSsa0Mvzni835c3OUYNA6cf8aFlEQ/119qvluHcwOr4
3JL9oWzX9RDEkrjWrLY6Y9dMaEocw4MA5RFecihcblrePyewfNsHcA0ngc0CaJM1
cFw3tLBPPqOC+io=
=brTJ
-END PGP SIGNATURE-

Bug#870066: python-flask-sockets: please support Python 3 and PyPy

[Dominik George]

Source: python-flask-sockets
Version: 0.2.1-1
Severity: important

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please enable building the python3- and pypy- variants of the package.

I'd also propose moving the package under the Python Modules team for
team maintenance.

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAll8ejMxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZ7yxAAwUF0RbMkmetkP1GWJtteAAFNLTbx
mKfexYXiLlTP9F7mhEuJ3ch+uTLeugft9/sxIzVlIxntMtbUJSyQmRCzWjAP3Yko
oKuS0wbICLUthRywXikwFzZENLduFUYqr8VaaVNc4TkL6cMtd7Sl1QY8upIlrF26
WHtko1sdHv4xaMfSwqlrig9fkoKjrcRzDfVgdlT6iLwlcVPErr+sYHvnNZX/H1c7
15R5ODn4VUcEaan1eM7S5advwy24ERJdMrrNrdtVpkmTKvaUSYb69NrO+R7guIVC
jOWVmn0mvWQLpCgzR4qxLtgAIy6R0Ql5cwfiVPZ7KB7k6fOuXTQ2ivQ7F1sKsH23
8RumSlEaNw/joT31oBwZc17d6t/Lh57KGxGV7OGilovYJnv6Fh8dDQTsITwM82HP
aFOk9q5Pxwb0xXKbkR46fSq9UQBmGWoEWSnFltis6hxakjsYIp2KnMV1F+gzXsDW
lxASZ7DuZG+HKh6+6hM/jHM1EMuu7Mm9FgUqYAzYEmKNHFd4sSzhldiwoN1GluiF
/RpbNMXuwP2ZYJtLNm6950e/M8w3pUI6DfnUFCt25rylPVh5abd2/keV0Fzs4oQF
V05qM+ZWR9Qxt2SL2M0huDT0u/TqAKhY/ldrU6mHW7cpX6xUjLi3XmNlHYCuuwYp
8RE0vluiUixjmvY=
=AYSa
-END PGP SIGNATURE-

Bug#867584: gitlab: please update to new upstream version

[Dominik George]

Source: gitlab
Version: 8.13.11+dfsg1-8
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

at Teckids, we are running the current GitLab from Debian stable for our
EduGit server (https://edugit.org). The service will go public in the
near future, but we would like to provide GitLab 9 some time soon.

What are the plans for upgrading Debian unstable to the new upstream
version (currently 9.3.5)?

Cheers,
Nik

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAllfojcxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZZEQ//SaoQSTfLVhbpjtF6+SPlcDqyscVR
OIji/+SLhHSfoyEfNxQLnDmUhwS3rZwwzRGbq7dDGjonflF5qdvs0k9zYiJWnWqZ
0iMf5CY0/v697k7mMRVFlojyNA3E+HmNaUEZFDJmlrGYNWWF1+rBGEMPAcwytVsY
6zpyDtwGDfUIkLcPSURtHrYn6tp15ymBBCGr82HPI2EimjgMsvxB3d/waMYsdn5k
I5aHgUrACCe4yOpjK4hP/x9sRZ+O8V9tRbCKNoeztLg8zLQqK+uNL9KPkZT4fVTX
Bx0T2XdMw/MU0IE8+qE+lDKijXiWROc7JAKPORIiOXeVX3CvzWF/KC+Va4LXeujQ
o1xwqr4V2njV1BOHEigQU41mjEzKxzSKlgRNd/8GpJVgVKJlyAxca+kiT3P4yNff
Q0GnI3Els+emh4KJnmOmolb1Qt00eXn5evx15c0F5iDRYwkcDalREjb/9Lw9Angx
7SavZlg83S7enUoABjRsCLg/8GigzmQ/TXkscQhBwVwPYVsSXyHAbL63oDWIvJm0
+OJulL0SHO4OK4TSihF6ISuGel5UzCwP4zgBMOlugibuycvzdXk/KoAHnsPQOxQF
Kb1EDSGgyvPnP/lK1K+GEUdi5+o4sgSAMtxmw4ZtUkhNcYaJEFlVA2+sO/vib68P
wxMNMCVCvLNhnaM=
=j7Er
-END PGP SIGNATURE-

Bug#867150: ldapvi: cannot rename entry when filtering out RDN attribute

[Dominik George]

Package: ldapvi
Version: 1.7-10+b2
Severity: normal

ldapvi fails to rename an entry under the following conditions:

 1. Only a subset of attributes is requested at query time.
 2. An RDN attribute is not among these attributes.

On renaming the entry, even if the rename is a move and does not affect
the RDN, ldapvi checks the RDN before sending the rename to the server,
and finds that the RDN attribute is missing.

ldapvi should check that the RDN was not modified and that no RDN field
was modified either, and accept the rename.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ldapvi depends on:
ii  libc6  2.24-11+deb9u1
ii  libglib2.0-0   2.50.3-2
ii  libldap-2.4-2  2.4.44+dfsg-5
ii  libncurses56.0+20161126-1
ii  libpopt0   1.16-10+b2
ii  libreadline7   7.0-3
ii  libtinfo5  6.0+20161126-1

ldapvi recommends no packages.

ldapvi suggests no packages.

-- no debconf information

Bug#792075: How is git-lfs in Debian going?

[Dominik George]

Hi,

I'd also like to have git-lfs in Debian.

What's the progress on the package? Can I help in any way?

Cheers,
Nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#853258: docker.io: uses sleep to query user in maintainer script

[Dominik George]

Hi,

> I stand corrected: the following command does call sleep.
> 
> /var/lib/docker/nuke-graph-directory.sh /var/lib/docker
> 
> I agree this is a bug, but I disagree it is critical, because,
> technically, it's not the maintainer script that calls "sleep".

Erm… I somehow feel I missed some kind of "policy interpretation
creativity contest" ;)?

If something used in the maintainer script breaks policy, the maintainer
breaks policy. With your argumentation, I could move a bunch of bad
commands to this_is_not_a_maintainer_script.sh, source that, and policy
does not mean anything anymore.

Besides, calling sleep is not the issue here. The issue is the
maintainer script requires the package to be removed interactively and
cannot be controlled in an uanttended run.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#850442: release-notes: Section about new remote desktop software in Debian

[Dominik George]

Hi Niels,

>  * Does xrdp need any reconfiguration after/for the upgrade?
> 
>  * Or can the admin simply enable a new configuration to support
>remote X sessions without needing a VNC server?

Well, it's just something to be aware of. I'd put it into section 2 - it
is something new, and people should know it, but it is not an issue per
se. Everything will continue to work, but it will work in a different
way, and admins should notice that.

Cheers,
Nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#863701: sympa: insists that cookie has changed when it hasn't

[Dominik George]

Hi,

> In this case the head command might not be in the path Sympa is seeing. Could 
> you please test if
> `/usr/bin/head ...` works for you?

Yes, it does.

-nik

-- 
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/

Bug#863701: sympa: insists that cookie has changed when it hasn't

[Dominik George]

Hi,

>The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian
>package,
>so this hasn't changed?

Confirmed.

>
>What are the permissions of the cookie file?

640 owned by sympa:sympa

I have placed debugging prints into Conf.pm and found that $current is empty 
right at the beginning of cookie_changed. It seems the `head... command is not 
evaluated.

I placed the cookie in the config file directly, which makes it working again.

-nik
-- 
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/

Bug#863701: sympa: insists that cookie has changed when it hasn't

[Dominik George]

Package: sympa
Version: 6.2.16~dfsg-3
Severity: grave
Justification: renders package unusable

SYMPA suddenly refuses to start with:

May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter 
has changed. You may have severe inconsitencies into password storage. Restore 
previous cookie or write some tool to re-encrypt password in database and check 
spools contents (look at /etc/sympa/cookies.history file). at 
/usr/lib/sympa/bin/sympa_msg.pl line 310.
May 30 09:35:20 terra sympa_msg.pl[22389]:  at /usr/lib/sympa/bin/sympa_msg.pl 
line 310.
May 30 09:35:20 terra sympa_msg.pl[22389]: main::_load() called at 
/usr/lib/sympa/bin/sympa_msg.pl line 87

Now, while I see why this protection is in place, unfortunately, the
cookie has not changed. Neither has the parameter in the config file
changed (checked with etckeeper), nor has the contents of the cookie
file changed (checked with etckeeper), nor is anything different in
cookies.history.

SYMPA just decided to block startup.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sympa depends on:
ii  adduser   3.115
ii  ca-certificates   20161130+nmu1
ii  dbconfig-common   2.0.8
ii  debconf [debconf-2.0] 1.5.60
ii  fonts-font-awesome4.7.0~dfsg-1
ii  init-system-helpers   1.48
ii  libarchive-zip-perl   1.59-1
ii  libc6 2.24-10
ii  libcgi-fast-perl  1:2.12-1
ii  libcgi-pm-perl4.35-1
ii  libclass-singleton-perl   1.5-1
ii  libcrypt-openssl-x509-perl1.8.7-3
ii  libcrypt-smime-perl   0.19-2
ii  libdatetime-format-mail-perl  0.4030-1
ii  libdbd-csv-perl   0.4900-1
ii  libdbd-mysql-perl 4.041-2
ii  libdbd-pg-perl3.5.3-1+b2
ii  libdbd-sqlite3-perl   1.54-1
ii  libdbi-perl   1.636-1+b1
ii  libfcgi-perl  0.78-2
ii  libfile-copy-recursive-perl   0.38-1
ii  libfile-nfslock-perl  1.27-1
ii  libhtml-format-perl   2.12-1
ii  libhtml-stripscripts-parser-perl  1.03-1
ii  libhtml-tree-perl 5.03-2
ii  libintl-perl  1.26-2
ii  libio-stringy-perl2.111-2
ii  libjs-jquery  3.1.1-2
ii  libjs-jquery-migrate-11.4.1-1
ii  libjs-jquery-placeholder  2.3.1-2
ii  libjs-jquery-ui   1.12.1+dfsg-4
ii  libjs-modernizr   2.6.2+ds1-1
ii  libjs-twitter-bootstrap   2.0.2+dfsg-10
ii  libmail-dkim-perl 0.40-1
ii  libmailtools-perl 2.18-1
ii  libmime-charset-perl  1.012-2
ii  libmime-encwords-perl 1.014.3-2
ii  libmime-lite-html-perl1.24-2
ii  libmime-tools-perl5.508-1
ii  libmsgcat-perl1.03-6+b3
ii  libnet-cidr-perl  0.18-1
ii  libnet-dns-perl   1.07-1
ii  libnet-ldap-perl  1:0.6500+dfsg-1
ii  libnet-netmask-perl   1.9022-1
ii  libregexp-common-perl 2016060801-1
ii  libsoap-lite-perl 1.20-1
ii  libtemplate-perl  2.24-1.2+b3
ii  libterm-progressbar-perl  2.18-1
ii  libunicode-linebreak-perl 0.0.20160702-1+b1
ii  libxml-libxml-perl2.0128+dfsg-1+b1
ii  lsb-base  9.20161125
ii  mhonarc   2.6.19-2
ii  perl  5.24.1-2
pn  perl:any  
ii  postfix [mail-transport-agent]3.1.4-4
ii  rsyslog [system-log-daemon]   8.24.0-1
ii  sqlite3   3.16.2-3

Versions of packages sympa recommends:
ii  apache2-suexec-pristine [apache2-suexec]  2.4.25-3
ii  doc-base  0.10.7
ii  libapache2-mod-fcgid  1:2.3.9-1+b1
pn  libcrypt-ciphersaber-perl 
ii  libio-socket-ssl-perl 2.044-1
ii  locales   2.24-10
ii  logrotate 3.11.0-0.1
ii  postgresql9.6+181

Versions of packages sympa suggests:
ii  apache2 [httpd-cgi]  2.4.25-3
pn  libauthcas-perl  
pn  libdbd-odbc-perl 
pn  libdbd-oracle-perl   

-- Configuration Files:
/etc/sympa/auth.conf changed [not included]

-- debconf information excluded

Bug#863631: sympa: trashes configuration on update without asking

[Dominik George]

Package: sympa
Version: 6.2.16~dfsg-3
Severity: critical
Justification: causes serious data loss

The upgrade to 6.2.16~dfsg-3 from 6.2.16~dfsg-2 in stretch just ditched
SYMPA's config files on my system, leaving it in a broken way, even in
such a broken way that users who tried sending mails did not receive an
error and thought things went through. I think some actions would even
have led to destruction of database data.

I have no idea why the maintainer scripts decided to do that. I
recovered from etckeeper and a system backup.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sympa depends on:
ii  adduser   3.115
ii  ca-certificates   20161130+nmu1
ii  dbconfig-common   2.0.8
ii  debconf [debconf-2.0] 1.5.60
ii  fonts-font-awesome4.7.0~dfsg-1
ii  init-system-helpers   1.48
ii  libarchive-zip-perl   1.59-1
ii  libc6 2.24-10
ii  libcgi-fast-perl  1:2.12-1
ii  libcgi-pm-perl4.35-1
ii  libclass-singleton-perl   1.5-1
ii  libcrypt-openssl-x509-perl1.8.7-3
ii  libcrypt-smime-perl   0.19-2
ii  libdatetime-format-mail-perl  0.4030-1
ii  libdbd-csv-perl   0.4900-1
ii  libdbd-mysql-perl 4.041-2
ii  libdbd-pg-perl3.5.3-1+b2
ii  libdbd-sqlite3-perl   1.54-1
ii  libdbi-perl   1.636-1+b1
ii  libfcgi-perl  0.78-2
ii  libfile-copy-recursive-perl   0.38-1
ii  libfile-nfslock-perl  1.27-1
ii  libhtml-format-perl   2.12-1
ii  libhtml-stripscripts-parser-perl  1.03-1
ii  libhtml-tree-perl 5.03-2
ii  libintl-perl  1.26-2
ii  libio-stringy-perl2.111-2
ii  libjs-jquery  3.1.1-2
ii  libjs-jquery-migrate-11.4.1-1
ii  libjs-jquery-placeholder  2.3.1-2
ii  libjs-jquery-ui   1.12.1+dfsg-4
ii  libjs-modernizr   2.6.2+ds1-1
ii  libjs-twitter-bootstrap   2.0.2+dfsg-10
ii  libmail-dkim-perl 0.40-1
ii  libmailtools-perl 2.18-1
ii  libmime-charset-perl  1.012-2
ii  libmime-encwords-perl 1.014.3-2
ii  libmime-lite-html-perl1.24-2
ii  libmime-tools-perl5.508-1
ii  libmsgcat-perl1.03-6+b3
ii  libnet-cidr-perl  0.18-1
ii  libnet-dns-perl   1.07-1
ii  libnet-ldap-perl  1:0.6500+dfsg-1
ii  libnet-netmask-perl   1.9022-1
ii  libregexp-common-perl 2016060801-1
ii  libsoap-lite-perl 1.20-1
ii  libtemplate-perl  2.24-1.2+b3
ii  libterm-progressbar-perl  2.18-1
ii  libunicode-linebreak-perl 0.0.20160702-1+b1
ii  libxml-libxml-perl2.0128+dfsg-1+b1
ii  lsb-base  9.20161125
ii  mhonarc   2.6.19-2
ii  perl  5.24.1-2
pn  perl:any  
ii  postfix [mail-transport-agent]3.1.4-4
ii  rsyslog [system-log-daemon]   8.24.0-1
ii  sqlite3   3.16.2-3

Versions of packages sympa recommends:
ii  apache2-suexec-pristine [apache2-suexec]  2.4.25-3
ii  doc-base  0.10.7
ii  libapache2-mod-fcgid  1:2.3.9-1+b1
pn  libcrypt-ciphersaber-perl 
ii  libio-socket-ssl-perl 2.044-1
ii  locales   2.24-10
ii  logrotate 3.11.0-0.1
ii  postgresql9.6+181

Versions of packages sympa suggests:
ii  apache2 [httpd-cgi]  2.4.25-3
pn  libauthcas-perl  
pn  libdbd-odbc-perl 
pn  libdbd-oracle-perl   

-- Configuration Files:
/etc/sympa/auth.conf changed [not included]

-- debconf information excluded

Bug#862698: ITP: minecraft -- blocks to build anything you can imagine

[Dominik George]

Hi,

also, did you have a look at
https://www.grahamedgecombe.com/projects/minecraft-installer to probably
exchange thoughts?

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature

Bug#860296: lirc is spamming syslog with messages

[Dominik George]

Package: lirc
Version: 0.9.4c-9
Followup-For: Bug #860296

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Same issue here.

lirc got installed as a dependency, and I really think it should not
cause such issues if it is.

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lirc depends on:
ii  init-system-helpers  1.48
ii  libasound2   1.1.3-5
ii  libc62.24-10
ii  libftdi1-2   1.3-2+b2
ii  libgcc1  1:6.3.0-17
ii  liblirc-client0  0.9.4c-9
ii  liblirc0 0.9.4c-9
ii  libportaudio219.6.0-1
ii  libstdc++6   6.3.0-17
ii  libsystemd0  232-23
ii  libudev1 232-23
ii  libusb-0.1-4 2:0.1.12-31
ii  libusb-1.0-0 2:1.0.21-1
ii  lsb-base 9.20161125
ii  python3  3.5.3-1

Versions of packages lirc recommends:
pn  gir1.2-vte
ii  python3-gi3.22.0-2
ii  python3-yaml  3.12-1

Versions of packages lirc suggests:
pn  ir-keytable  
pn  lirc-compat-remotes  
pn  lirc-doc 
pn  lirc-drv-irman   
pn  lirc-x   
pn  setserial

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlkaJ78xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZo1Q//cde60dUWozj4O7TGMvAQyV6aZ5/M
OEHGF2bUERbE2oeiWvzreaSBl9fUrUTMTX/aCUb8po/ojSQTFQh0qBtIF18re8Rx
cK4t8ClVh/cPwliGQe5jO2NJXkoWi1J0HqxV7+nSUu1NNACXumaufXYVB+NH4jgr
BDWRVutrLlLs4pXk+QYmQcvD4+krYsh+fvNxWnBvUyDrh/yO7Wlo5WHnj5/1mijg
DNOp+mgqxCz13DgGchuuYkDyIOlXdmdzYtcsiQ2fvpUcBJ4wsZsLopnDDf/aMrri
xALQZyXX2ML5rD6XaXkgzUfxKGik72mxV0e5UcdQG8QxyboufgTSz2aaISEztoLb
cQyCvmKaAGux3fMJDfEwSRmqfXyU1Zo1j2mFe4hnLqDY2NrRshd9DIO0oRqV0LPb
wjD0bHM9wdH06LhkRTSDqtJkQSJTBmmJ8D7uBt8MAP6h81mIw1D35cLs3NwR34SR
Y1Z56D07YOvy5n7Ml0snEX36MWWd/GJ0td7fd/HzZSV/yEDW9EPdZ5n99rTbBSkp
PJcc1/4j3ShSvLNejCsVRAu0g1Thenv96eIRlHGdGq7hDZXnWTqsp0QFRJdYz7i0
3FQg1oD8kXRKG02n3XwlFwLyNo/pPH0veP8FxVlZO+887jFupaFB+XQJgv3le7mp
gzlzclMqHRyxhWU=
=pG+E
-END PGP SIGNATURE-

Bug#862698: ITP: minecraft -- blocks to build anything you can imagine

[Dominik George]

On Mon, 15 May 2017 18:40:34 -0300 Carlos Donizete Froes  
wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Carlos Donizete Froes 
> 
> * Package name: minecraft
>   Version : 0.1
>   Upstream Author : Carlos Donizete Froes 
> * URL : https://minecraft.net
> * License : BSD-2-Clause
>   Programming Lang: Shell
>   Description : blocks to build anything you can imagine
> 
>  A fantastic game that mixes creativity, survival, and exploration.
>  .
>  Survive alone in a blockys, pìxelated world where monsters come out at 
> night.
>  .
>  Create fantastical buildings and structures, or collaborate with other
>  players online.

Huh?

Minecraft is a proprietary game, not under a BSD license, is not written in 
shell and was not written by you.

I assume you mixed up a lot here ;)?

-nik

Bug#861844: unblock: xrdp/0.9.1-9

[Dominik George]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please unblock package xrdp

This package updates the security fix in 0.9.1-8, which turned out to be 
incomplete.

diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
- --- xrdp-0.9.1/debian/changelog   2017-04-24 20:14:36.0 +0200
+++ xrdp-0.9.1/debian/changelog 2017-05-04 18:59:10.0 +0200
@@ -1,3 +1,9 @@
+xrdp (0.9.1-9) unstable; urgency=high
+
+  * Revisit incomplete fix for CVE-2017-6967. (Closes: #858143)
+
+ -- Dominik George <n...@naturalnet.de>  Thu, 04 May 2017 18:59:10 +0200
+
 xrdp (0.9.1-8) unstable; urgency=medium
 
   * Fix CVE-2017-6967. (Closes: #858143, #855536)
diff -Nru xrdp-0.9.1/debian/patches/cve-2017-6967.diff 
xrdp-0.9.1/debian/patches/cve-2017-6967.diff
- --- xrdp-0.9.1/debian/patches/cve-2017-6967.diff  2017-04-24 
20:14:36.0 +0200
+++ xrdp-0.9.1/debian/patches/cve-2017-6967.diff2017-05-04 
18:59:04.0 +0200
@@ -3,6 +3,8 @@
 Subject: [PATCH] sesman: move auth/pam calls to main process
 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858143
 Origin: 
https://github.com/neutrinolabs/xrdp/commit/4b8a33e087ee9cf5556b40b717cd7e8ff243b3c3
+Reviewed-By: Dominik George <n...@naturalnet.de>
+Reviewed-By: Thorsten Glaser <t...@mirbsd.org>
 
 --- a/sesman/scp_v0.c
 +++ b/sesman/scp_v0.c
@@ -89,3 +91,46 @@
  g_free(slist);
  }
  
+--- a/sesman/session.c
 b/sesman/session.c
+@@ -335,7 +335,6 @@ session_start_sessvc(int xpid, int wmpid
+ g_sigterm(xpid);
+ g_sigterm(wmpid);
+ g_sleep(1000);
+-auth_end(data);
+ g_exit(0);
+ }
+ 
+@@ -490,6 +489,7 @@ session_start_fork(tbus data, tui8 type,
+ return 0;
+ }
+ 
++auth_start_session(data, display);
+ pid = g_fork(); /* parent is fork from tcp accept,
+child forks X and wm, then becomes scp */
+ 
+@@ -548,7 +548,6 @@ session_start_fork(tbus data, tui8 type,
+ else if (wmpid == 0)
+ {
+ wait_for_xserver(display);
+-auth_start_session(data, display);
+ pampid = g_fork(); /* parent waits, todo
+   child becomes wm */
+ if (pampid == -1)
+@@ -639,7 +638,6 @@ session_start_fork(tbus data, tui8 type,
+ else
+ {
+ g_waitpid(pampid);
+-auth_stop_session(data);
+ g_deinit();
+ g_exit(0);
+ }
+@@ -967,6 +965,8 @@ session_kill(int pid)
+ 
+ if (tmp->item->pid == pid)
+ {
++auth_stop_session(tmp->item->data);
++auth_end(tmp->item->data);
+ /* deleting the session */
+ log_message(LOG_LEVEL_INFO, "++ terminated session:  username %s, 
display :%d.0, session_pid %d, ip %s", tmp->item->name, tmp->item->display, 
tmp->item->pid, tmp->item->client_ip);
+ g_free(tmp->item);


unblock xrdp/0.9.1-9

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlkLYAMxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYRAw//bw6MocflTzsylMfGLlakD7gaZCzF
6DGjfgTRVuycCBT8kkGcIutG1ZEnQLW62JXKDfpzPomvyyNbE49TqxosNrMR1/kd
Gb13bVA989K3VSZEVmxV9MgQIz9NbnetdkBvgbmNwDlqcwnyhSLX5VwE+NhOcDF2
rU+uhhvjIbHpqer7bJAo7iyKAC4kEffNs1gQkEvvc8/BYGqOD6l+3glE3rbjGE1k
li5/uo0jBpo1Dexn6n0Q0Q7L/yUmXiuy8+1/2hVBWgMVB+r2Rp2XK4+lsZMp4WV+
9NoTGMtSEDduZxXOQcVPaljO6cNfMEoQVwUcv/KStTx24lCCWdtus1Yk7X0ie1D3
WeVX2yFZdBU/AT2qWzI2iODRaddLOtTMXtVGlXUqnp0+uTtv1EUOrJMAJoaXpKQY
WZ6mR+LBZXPFBd6gkPq0p8lxvK0PVwl/fbZPXSH2vr8LJfJdDwXajMRrIWgWmfXv
3PYdjkGCqtNZeKcC0uzu9bXHyFFfFqm2BGGzhziC1ReutZ4BnmdxJa6LtYor8WRf
rsMsyL0T+uF/lJofmkuQs30OZExxc0qVnFiLxP57AZnJrO7GfUfUL4zkx9nP/dJr
Xtf8VST/dwhDYUj4Q7PjVGmbIAdgWzR5ZkR6yNejiidpI8mWzVv0vaJGK3m3Ky6f
vHyxYjeok7czajA=
=4M+b
-END PGP SIGNATURE-

Bug#861670: sqlite3: sqldiff man page missing

[Dominik George]

Package: sqlite3
Version: 3.16.2-3
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please add a manual page for the sqldiff command.

Thanks!

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sqlite3 depends on:
ii  libc6 2.24-10
ii  libreadline7  7.0-2
ii  libsqlite3-0  3.16.2-3

sqlite3 recommends no packages.

Versions of packages sqlite3 suggests:
pn  sqlite3-doc  

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlkIkt0xGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbV1g/+K3WOPm8IIne3JpK0x5w5Nh8vKJkB
g+BQwFPKmGn/VxdbiHU17yBkPe3CpiVPXjZfnoRubO659KQ615qIFdY5S08Al6h1
5RoXwq1PCbr+VhW0OIs6c/Cedm6U886Lgxvv9F7qRvdjqTxcEkG9iEES1RjqJQVm
DFf2YBe4dWOzBAGLcVoOXTmgIZ9M1pLk18I30Fb7rPFML3kUUFmSW7yGyL45hfsX
vU9efBjg1f2JEgFUOS0nEZFph2I8eh8aMe+g4Ci3tRTM6vZC4wA09kL4/Ycgeump
5icHhDNGf6Cp8lt664yvlOlPk04hVf1f0rk2bksu+YQ3+1sOOurHGeqeL6ZpL2ab
1N4dVk5HBlnvEeeaKyJ0EzInPw0xEb7iIxj7fnnpC6aYoi8uB2toW4nSV+JESnCv
f0C/G2k1rJdwHw8YmjqDIHH9CTMBYVb7mFHDASIFL7XQtDD/dZaDWfYYYcUg7VRh
8FH9RvCmmEG1bw3SUuhg5W+Z0ckTxR8I9wjFwSMc1qo5V+O9hqjmuAO/WmEiOyac
1RHNzYSkDMyu7E04tn62aF2vtDhDWmMNwq59fs+KORQg+jg6ZbssRaP6EifKCWF5
NxJfSJ2oUtXug4xBHLuYK4lE5F5wpJvgXAYFoUvfYu3fJvSdgq1OyEgnKZIzNQFg
gJXLTSNjAgSbIwA=
=GXAE
-END PGP SIGNATURE-

Bug#861322: logrotate: Produce verbose output in cron on error

[Dominik George]

Package: logrotate
Version: 3.11.0-0.1
Severity: wishlist

I would like to make the following suggestion as change to the logrotate
cron job. We occasionally see logrotate errors at Teckids, but some that
are not reproducible and only occur once every few weeks. Unfortunately,
for some of them, logrotate does not lgo the root cause when not run
verbose, and running verbose produces a flood of mails from cron while
waiting for the error to occur.

My suggestion is to colelct the verbose output and output it in case of
an error, by changing the daily cron job to something like this:

 snip =
#!/bin/sh

test -x /usr/sbin/logrotate || exit 0
tempfile=$(mktemp)
/usr/sbin/logrotate --verbose /etc/logrotate.conf >"$(tempfile)" 2>&1 || cat 
"$(tempfile)"
rm -f "$(tempfile)"
 snip =


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages logrotate depends on:
ii  base-passwd 3.5.43
ii  cron [cron-daemon]  3.0pl1-128+b1
ii  libacl1 2.2.52-3+b1
ii  libc6   2.24-9
ii  libpopt01.16-10+b2
ii  libselinux1 2.6-3+b1

Versions of packages logrotate recommends:
ii  bsd-mailx [mailx]  8.1.2-0.20160123cvs-3

logrotate suggests no packages.

-- no debconf information

Bug#858143: fix is not complete

[Dominik George]

Control: reopen -1

Hi,

> I'm investigated content of debian/patches/cve-2017-6967.diff from version
> 0.9.1-8 in unstable and by comparison with 
> https://github.com/neutrinolabs/xrdp/commit/4b8a33e087ee9cf5556b40b717cd7e8ff243b3c3
> it is missing important sesman/session.c part of patch.

You are right, a part went missing when rebasing.

Please have a look at the new patch now: 
https://anonscm.debian.org/cgit/pkg-remote/xrdp.git/tree/debian/patches/cve-2017-6967.diff

> The version 0.9.2 would be much better solution, because it solves many more
> problems.

I know, but 0.9.2 won't get a freeze exception.

Thanks,
Nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Phone: +49 228 92934581 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)


signature.asc
Description: PGP signature