Bug#750593: Stable update request: kernel changes to fix PIE with large stack

2017-04-22 Thread Niels Thykier 
Ben Hutchings:
> On Sat, 2017-04-22 at 20:07 +, Niels Thykier wrote:
> [...]
>> Hi Ben,
>>
>> Could you please file a pu bug for this?  I fear that otherwise, it
>> might be overlooked for the next time the SRMs review the outstanding
>> stable update requests.
> 
> I already stopped waiting and went ahead and made these changes.  I
> verified that they build on all release architectures except
> mips/mipsel (porterboxes were down) and was able to test the result on
> amd64, armhf, i386, powerpc, ppc64 (standing in for ppc64el) and s390x.
> 
> Ben.
> 

Excellent, thanks. :)

~Niels

Processed: severity of 860981 is important

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 860981 important
Bug #860981 [cryptsetup] CVE-2016-4484 still Exists
Severity set to 'important' from 'critical'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860981
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#860046: wolfssl: Incomplete debian/copyright?

2017-04-22 Thread Felix Lechner 
Chris,

Sorry about the oversight. Please find a new upload
 on Mentors, closing two bugs.
Thank you!

Best regards,
Felix


On Mon, Apr 10, 2017 at 10:13 AM, Chris Lamb  wrote:

> Source: wolfssl
> Version: 3.10.2+dfsg-1
> Severity: serious
> Justication: Policy 12.5
>
> Hi,
>
> I just ACCEPTed wolfssl from NEW but noticed it was missing
> attribution in debian/copyright for at least the files under m4/
>
> (This is not exhaustive so please check over the entire package
> carefully and address these on your next upload.)
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-
>

Processed: tagging 860981

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 860981 + security
Bug #860981 [cryptsetup] CVE-2016-4484 still Exists
Added tag(s) security.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860981
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#860981: CVE-2016-4484 still Exists

2017-04-22 Thread ??. ? 
Package: cryptsetup
Version: 2:1.7.3-3
Severity: critical

When logging in to an encrypted system, just press the ENTER button for about 
half an hour (or you may just put a stone on your keyboard) and you will be 
provided with a initramfs shell in which you or someone nasty can modify 
something and do an evil-maid attack, similar to CVE-2016-4484 just with a 
longer time. In short, the vulnerability is not resolved.

In 
[setup_mapping()](https://anonscm.debian.org/cgit/pkg-cryptsetup/cryptsetup.git/tree/debian/initramfs/cryptroot-script#n372)
 it exits rather than halts, and there is no check for the result of the 
decryption in 
[local](https://anonscm.debian.org/cgit/kernel/initramfs-tools.git/tree/scripts/local).
 The quick-and-dirty solution of this is to add `panic=3600` in the kernel 
parameters, forbidding the shell as in 
[panic()](https://anonscm.debian.org/cgit/kernel/initramfs-tools.git/tree/scripts/functions#n44).

Thank you very much!

I am using Debian GNU/Linux 9.0, kernel 4.9.0-2-amd64 and libc6 2.24-10.

Bug#860979: dpkg-dev: dpkg-shlibdeps regression due to the /usr-merge changes

2017-04-22 Thread Guillem Jover 
Package: dpkg-dev
Version: 1.18.17
Severity: serious
Tags: patch

Hi!

Commit a927295c93fb7a17742441aa863aaffcf4a351b5 introduced a severe
regression related to ignoring the order of the found shared library
pathnames, very carefully curated over time in the find_library()
function. Which I already mentioned as my biggest gut-feeling concern
at the time (for which I should have known better and push back instead
of succumbing to the unpleasant pressure at the time…).

This was reported on IRC by Helmut Grohne as being detected on one of
the marvelous rebootstrap runs. An easy reproducer is to install on a
clean amd64 system libc6-amd64:i386, and build anything that depends
on libc6. The binary generated might contain a wrong and unsatisifiable
dependency, because it might emit libc6-amd64 (w/o the arch-qualifier,
which does not exist on amd64) instead of just libc6.

I've prepared the most minimal patch I could come up with up to now,
attached, which fixes that specific problem. But I've not given it
much further testing yet. So I'm a bit hesitant to push this into
1.18.24, because it has the potential to break havoc. :( Of course
there's always the other option of reverting the /usr-merge change
altogether…

Thanks,
Guillem
From aa1ad5755490cb90a309f2d3daf6539d0b4762cb Mon Sep 17 00:00:00 2001
From: Guillem Jover 
Date: Sun, 23 Apr 2017 04:51:58 +0200
Subject: [PATCH] dpkg-shlibdeps: Preserve the order when scanning
 symbols/shlibs files

Regression introduced in commit a927295c93fb7a17742441aa863aaffcf4a351b5.

The code was getting all the possible shared library pathnames for the
wanted SONAME, but was not preserving the order carefully constructed
in find_library(), so we were overwriting symbols/shlibs information
when parsing multiple entries, and selecting the symbols/shlibs files
randomly based on the perl hash order.

This causes regressions when multiple packages provides the same
SONAME on different directories. An example would be libc6:amd64
and libc6-amd64:i386.

Closes: #
Reported-by: Helmut Grohne 
---
 scripts/dpkg-shlibdeps.pl | 74 ---
 1 file changed, 51 insertions(+), 23 deletions(-)

diff --git a/scripts/dpkg-shlibdeps.pl b/scripts/dpkg-shlibdeps.pl
index 0978f33b9..b314202f1 100755
--- a/scripts/dpkg-shlibdeps.pl
+++ b/scripts/dpkg-shlibdeps.pl
@@ -191,6 +191,7 @@ foreach my $file (keys %exec) {
 # Load symbols files for all needed libraries (identified by SONAME)
 my %libfiles;
 my %altlibfiles;
+my %soname_libs;
 my %soname_notfound;
 my %alt_soname;
 foreach my $soname (@sonames) {
@@ -209,6 +210,11 @@ foreach my $file (keys %exec) {
 	}
 	next;
 	}
+
+	# Track shared libraries for a given SONAME.
+	push @{$soname_libs{$soname}}, @libs;
+
+	# Track shared libraries for package mapping.
 	foreach my $lib (@libs) {
 	$libfiles{$lib} = $soname;
 	my $reallib = realpath($lib);
@@ -222,9 +228,11 @@ foreach my $file (keys %exec) {
 my $symfile = Dpkg::Shlibs::SymbolFile->new();
 my $dumplibs_wo_symfile = Dpkg::Shlibs::Objdump->new();
 my @soname_wo_symfile;
-foreach my $lib (keys %libfiles) {
-	my $soname = $libfiles{$lib};
+SONAME: foreach my $soname (@sonames) {
+  # Select the first good entry from the ordered list that we got from
+  # find_library(), and skip to the next SONAME.
 
+  foreach my $lib (@{$soname_libs{$soname}}) {
 	if (none { $_ ne '' } @{$file2pkg->{$lib}}) {
 	# The path of the library as calculated is not the
 	# official path of a packaged file, try to fallback on
@@ -244,6 +252,7 @@ foreach my $file (keys %exec) {
 	}
 
 	# Load symbols/shlibs files from packages providing libraries
+	my $missing_wanted_shlibs_info = 0;
 	foreach my $pkg (@{$file2pkg->{$lib}}) {
 	my $symfile_path;
 my $haslocaldep = 0;
@@ -273,6 +282,9 @@ foreach my $file (keys %exec) {
 		my $minver = $symfile->get_smallest_version($soname) || '';
 		update_dependency_version($dep, $minver);
 		debug(2, " Minimal version of ($dep) initialized with ($minver)");
+
+		# Found a symbols file for the SONAME.
+		next SONAME;
 	} else {
 		# No symbol file found, fall back to standard shlibs
 debug(1, "Using shlibs+objdump for $soname (file $lib)");
@@ -284,31 +296,47 @@ foreach my $file (keys %exec) {
 		$alt_soname{$id} = $soname;
 		}
 		push @soname_wo_symfile, $soname;
+
 		# Only try to generate a dependency for libraries with a SONAME
-		if ($libobj->is_public_library() and not
-		add_shlibs_dep($soname, $pkg, $lib)) {
-		# This failure is fairly new, try to be kind by
-		# ignoring as many cases that can be safely ignored
-		my $ignore = 0;
-		# 1/ when the lib and the binary are in the same
-		# package
-		my $root_file = guess_pkg_root_dir($file);
-		my $root_lib = guess_pkg_root_dir($lib);
-		$ignore++ if defined $root_file and defined $root_lib
-			and check_files_are_the_same($root_file,

Bug#860670: marked as done (racket: FTBFS on i386: Racket virtual machine has run out of memory; aborting)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sun, 23 Apr 2017 03:04:10 +
with message-id 
and subject line Bug#860670: fixed in racket 6.7-3
has caused the Debian Bug report #860670,
regarding racket: FTBFS on i386: Racket virtual machine has run out of memory; 
aborting
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860670
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: racket
Version: 6.7-2
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20170418-i386 qa-ftbfs
Justification: FTBFS in stretch on i386

Hi,

During a rebuild of all packages in stretch (in a stretch chroot, not a
sid chroot), your package failed to build on i386.

Relevant part (hopefully):
> make[5]: Entering directory '/<>/build'
> if [ "/<>/debian/tmp" = "" ]; then \
>   echo "/usr/lib"; \
> fi
> make[5]: Leaving directory '/<>/build'
> make[4]: Leaving directory '/<>/build'
> make[3]: Leaving directory '/<>/build'
> racket/racket3m -X "/<>/debian/tmp/usr/share/racket/collects" -G 
> "/<>/debian/tmp/etc/racket"   --no-user-path -N "raco" -l- setup 
> --no-user -j 64 --no-launcher --no-install --no-post-install 
> raco setup: bootstrapping from source...
>   (loading non-.zo: 
> /<>/debian/tmp/usr/share/racket/collects/compiler/cm.rkt)
> raco setup: version: 6.7
> raco setup: platform: i386-linux [3m]
> raco setup: installation name: 6.7
> raco setup: variants: 3m
> raco setup: main collects: 
> /<>/debian/tmp/usr/share/racket/collects
> raco setup: collects paths: 
> raco setup:   /<>/debian/tmp/usr/share/racket/collects
> raco setup: main pkgs: /<>/debian/tmp/usr/share/racket/pkgs
> raco setup: pkgs paths: 
> raco setup:   /<>/debian/tmp/usr/share/racket/pkgs
> raco setup:   /nonexistant/.racket/6.7/pkgs
> raco setup: links files: 
> raco setup:   /<>/debian/tmp/usr/share/racket/links.rktd
> raco setup: main docs: /<>/debian/tmp/usr/share/doc/racket
> raco setup: --- updating info-domain tables ---
> raco setup: updating: /info-domain/compiled/cache.rktd
> raco setup: updating: 
> /<>/debian/tmp/usr/share/racket/info-cache.rktd
> raco setup: --- installing foreign libraries ---
> raco setup: --- installing shared files ---
> raco setup: installing: shared file /slatex.sty
> raco setup: installing: shared file /slatex.py
> raco setup: --- compiling collections ---
> raco setup: making: /racket
> raco setup:  in /racket
> raco setup:  in /syntax
> raco setup:  in /racket/private
> raco setup:  in /ffi
> raco setup:  in /ffi/unsafe
> raco setup: --- parallel build using 64 jobs ---
> raco setup: 63 making: /compiler
> raco setup: 62 making: /cext-lib/compiler
> raco setup: 62 making: /cext-lib/compiler/commands
> raco setup: 61 making: /compiler-lib/compiler
> raco setup: 60 making: /mzscheme-lib/compiler
> raco setup: 59 making: /zo-lib/compiler
> raco setup: 58 making: /raco
> raco setup: 57 making: /racket
> raco setup: 56 making: /class-iop-lib/racket
> raco setup: 56 making: /class-iop-lib/racket/class
> raco setup: 56 making: /class-iop-lib/racket/class/private
> raco setup: 55 making: /compatibility-lib/racket
> raco setup: 54 making: /distributed-places-lib/racket
> raco setup: 54 making: /distributed-places-lib/racket/place
> raco setup: 53 making: /draw-lib/racket
> raco setup: 53 making: /draw-lib/racket/draw
> raco setup: 52 making: /gui-lib/racket
> raco setup: 52 making: /gui-lib/racket/gui
> raco setup: 51 making: /option-contract-lib/racket
> raco setup: 51 making: /option-contract-lib/racket/contract
> raco setup: 50 making: /sandbox-lib/racket
> raco setup: 50 making: /sandbox-lib/racket/private
> raco setup: 49 making: /snip-lib/racket
> raco setup: 49 making: /snip-lib/racket/snip
> raco setup: 48 making: /unix-socket-lib/racket
> raco setup: 48 making: /unix-socket-lib/racket/private
> raco setup: 47 making: /acks
> raco setup: 46 making: /data
> raco setup: 45 making: /db
> raco setup: 45 making: /db/private
> raco setup: 45 making: /db/private/generic
> raco setup: 44 making: /dynext
> raco setup: 43 making: /ffi
> raco setup: 42 making: /file
> raco setup: 41 making: /info
> raco setup: 40 making: /info-domain
> raco setup: 40 making: /info-domain/compiled
> raco setup: 40 making: /json
> raco setup: 39 making: /launcher
> raco setup: 38 making: /net
> raco setup: 37 making: /openssl
> raco setup: 36 making: /pkg
> raco setup: 35 making: /planet
> raco setup: 34 making: /reader
> raco setup: 34 making: /reader/lang
> raco setup: 33 making: /realm
> raco setup: 33 making: /s-exp
> raco setup: 33 making: /s-exp/lang

Processed: tagging 860619

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 860619 - sid
Bug #860619 {Done: Brian May } [src:python-passlib] 
python-passlib: FTBFS on i386: Test failures
Removed tag(s) sid.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860619
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#860619: marked as done (python-passlib: FTBFS on i386: Test failures)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sun, 23 Apr 2017 02:51:26 +
with message-id 
and subject line Bug#860619: fixed in python-passlib 1.7.0-2
has caused the Debian Bug report #860619,
regarding python-passlib: FTBFS on i386: Test failures
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860619
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-passlib
Version: 1.7.0-1
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20170418-i386 qa-ftbfs
Justification: FTBFS in stretch on i386

Hi,

During a rebuild of all packages in stretch (in a stretch chroot, not a
sid chroot), your package failed to build on i386.

Relevant part (hopefully):
>   File "", line 673, in _load_unlocked
>   File "", line 673, in exec_module
>   File "", line 222, in _call_with_frames_removed
>   File "/<>/passlib/tests/test_totp.py", line 61, in 
> datetime.datetime.utcfromtimestamp(max_time_t << 1)
> OverflowError: timestamp out of range for platform time_t
> 
> --
> Ran 2810 tests in 217.655s
> 
> FAILED (errors=1, skipped=1191)
> Test failed: 
> error: Test failed:  failures=0>
> E: pybuild pybuild:283: test: plugin custom failed with: exit code=1: 
> python3.5 setup.py test
> dh_auto_test: pybuild --test --test-nose -i python{version} -p 3.5 
> --system=custom --test-args={interpreter} setup.py test returned exit code 13
> debian/rules:9: recipe for target 'override_dh_auto_test' failed

The full build log is available from:
   http://aws-logs.debian.net/2017/04/18/python-passlib_1.7.0-1_testing-i386.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
Source: python-passlib
Source-Version: 1.7.0-2

We believe that the bug you reported is fixed in the latest version of
python-passlib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Brian May  (supplier of updated python-passlib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 23 Apr 2017 08:16:49 +1000
Source: python-passlib
Binary: python-passlib python3-passlib
Architecture: source all
Version: 1.7.0-2
Distribution: testing-proposed-updates
Urgency: medium
Maintainer: Debian Python Modules Team 

Changed-By: Brian May 
Description:
 python-passlib - comprehensive password hashing framework
 python3-passlib - comprehensive password hashing framework
Closes: 860619
Changes:
 python-passlib (1.7.0-2) testing-proposed-updates; urgency=medium
 .
   * Fix FTBFS with timestamp overlow overflow on i386. Closes: #860619.
Checksums-Sha1:
 f84cf937d54d68a42116b37932fbad0ef5bc5236 2200 python-passlib_1.7.0-2.dsc
 a773592d9675c41465bd47c12f447e1100611703 637909 
python-passlib_1.7.0.orig.tar.gz
 88ac65df8f588ab9d849f3c2494406c786a2f7ae 15048 
python-passlib_1.7.0-2.debian.tar.xz
 2c68bd08c43146b6b03fcaf655fe7269a05d8d14 344500 python-passlib_1.7.0-2_all.deb
 d9ed42128bc60f6e9aa40c6f40fc8f0aeec73d11 6650 
python-passlib_1.7.0-2_i386.buildinfo
 d95dcbec3ca78072a413b83a239beb7531d10156 343870 python3-passlib_1.7.0-2_all.deb
Checksums-Sha256:
 2fe76f5371650909b3207862008ebaeca7497575207be2caa79bfe9f2246c3f4 2200 
python-passlib_1.7.0-2.dsc
 0be4f6053357c4ebba5578a065fbdad75a844501d4c6d91d4a3a0c1594c6abed 637909 
python-passlib_1.7.0.orig.tar.gz
 7b834df9a5edbc6544ce8db09b86cdd470a2bb2c0485d5bb6b8596674709a3e5 15048 
python-passlib_1.7.0-2.debian.tar.xz
 b15f06f80cc616515dea03554054c167a266d6b20fab501c4343aee773214ee7 344500 
python-passlib_1.7.0-2_all.deb
 2d9c96582e1c60c0df9c1d0bfc214d060adc0258f4e4060f67abed375df3feb1 6650 
python-passlib_1.7.0-2_i386.buildinfo
 ad419613dfb62b4e8baf117977c147290a6a11bc7a8729c6bc587713c8

Bug#831101: marked as done (imms: FTBFS with GCC 6: stl_algobase.h:243:56: error: macro "min" passed 3 arguments, but takes just 2)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sun, 23 Apr 2017 02:49:38 +
with message-id 
and subject line Bug#831101: fixed in imms 3.1.0~svn301-4
has caused the Debian Bug report #831101,
regarding imms: FTBFS with GCC 6: stl_algobase.h:243:56: error: macro "min" 
passed 3 arguments, but takes just 2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
831101: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831101
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imms
Version: 3.1.0~svn301-3.2
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20160713 qa-ftbfs
Justification: FTBFS with GCC 6 on amd64

Hi,

During a rebuild of all packages in sid using the gcc-defaults package
available in experimental to make GCC default to version 6, your package failed
to build on amd64. For more information about GCC 6 and Stretch, see:
- https://wiki.debian.org/GCC6
- https://lists.debian.org/debian-devel-announce/2016/06/msg7.html

Relevant part (hopefully):
> g++   -g -O2 -fstack-protector-strong -Wformat -Werror=format-security 
> -fno-rtti  -Wdate-time -D_FORTIFY_SOURCE=2  -O3 -Wall -fPIC -D_REENTRANT 
> -I../ -I../immscore -I../clients -c  ../model/model.cc -o  model.o
> In file included from /usr/include/c++/6/bits/char_traits.h:39:0,
>  from /usr/include/c++/6/ios:40,
>  from /usr/include/c++/6/ostream:38,
>  from /usr/include/c++/6/iostream:39,
>  from ../model/model.cc:35:
> /usr/include/c++/6/bits/stl_algobase.h:243:56: error: macro "min" passed 3 
> arguments, but takes just 2
>  min(const _Tp& __a, const _Tp& __b, _Compare __comp)
> ^
> /usr/include/c++/6/bits/stl_algobase.h:265:56: error: macro "max" passed 3 
> arguments, but takes just 2
>  max(const _Tp& __a, const _Tp& __b, _Compare __comp)
> ^
> In file included from /usr/include/c++/6/bits/stl_algo.h:60:0,
>  from /usr/include/c++/6/algorithm:62,
>  from ../model/model.cc:37:
> /usr/include/c++/6/bits/algorithmfwd.h:362:41: error: macro "max" passed 3 
> arguments, but takes just 2
>  max(const _Tp&, const _Tp&, _Compare);
>  ^
> /usr/include/c++/6/bits/algorithmfwd.h:375:41: error: macro "min" passed 3 
> arguments, but takes just 2
>  min(const _Tp&, const _Tp&, _Compare);
>  ^
> /usr/include/c++/6/bits/algorithmfwd.h:403:30: error: macro "min" requires 2 
> arguments, but only 1 given
>  min(initializer_list<_Tp>);
>   ^
> /usr/include/c++/6/bits/algorithmfwd.h:413:30: error: macro "max" requires 2 
> arguments, but only 1 given
>  max(initializer_list<_Tp>);
>   ^
> In file included from /usr/include/c++/6/bits/uniform_int_dist.h:35:0,
>  from /usr/include/c++/6/bits/stl_algo.h:66,
>  from /usr/include/c++/6/algorithm:62,
>  from ../model/model.cc:37:
> /usr/include/c++/6/limits:320:11: error: macro "min" requires 2 arguments, 
> but only 1 given
>min() _GLIBCXX_USE_NOEXCEPT { return _Tp(); }
>^
> /usr/include/c++/6/limits:324:11: error: macro "max" requires 2 arguments, 
> but only 1 given
>max() _GLIBCXX_USE_NOEXCEPT { return _Tp(); }
>^
> /usr/include/c++/6/limits:387:11: error: macro "min" requires 2 arguments, 
> but only 1 given
>min() _GLIBCXX_USE_NOEXCEPT { return false; }
>^
> /usr/include/c++/6/limits:390:11: error: macro "max" requires 2 arguments, 
> but only 1 given
>max() _GLIBCXX_USE_NOEXCEPT { return true; }
>^
> /usr/include/c++/6/limits:394:38: error: macro "min" requires 2 arguments, 
> but only 1 given
>lowest() noexcept { return min(); }
>   ^
> /usr/include/c++/6/limits:456:11: error: macro "min" requires 2 arguments, 
> but only 1 given
>min() _GLIBCXX_USE_NOEXCEPT { return __glibcxx_min(char); }
>^
> /usr/include/c++/6/limits:459:11: error: macro "max" requires 2 arguments, 
> but only 1 given
>max() _GLIBCXX_USE_NOEXCEPT { return __glibcxx_max(char); }
>^
> /usr/include/c++/6/limits:463:38: error: macro "min" requires 2 arguments, 
> but only 1 given
>lowest() noexcept { return min(); }
>   ^
> /usr/include/c++/6/limits:523:11: error: macro "min" requires 2 argument

Bug#858794: gmime: Tests contain a MIME message with a (presumably non-free) Playboy/Hustler/something photo

2017-04-22 Thread Mirco Bauer 
Hi Niels,

sure, I will have a look.

Mirco

On Apr 23, 2017 02:51, "Niels Thykier"  wrote:

> On Sun, 26 Mar 2017 23:06:51 +0300 Sami Liedes  wrote:
> > Source: gmime
> > Version: 2.6.22-2
> > Severity: serious
> >
> > With package 'ripmime' installed:
> >
> > 
> > $ apt-get source gmime-bin
> > $ cd gmime-2.6.22/tests/
> > $ mkdir attachments
> > $ cd attachments
> > $ cat ../message-partial.* ../*.eml |ripmime -i -
> > $ ls -l *.jpg
> > -rw--- 1 sliedes sliedes 115113 Mar 26 22:45 2377h003.jpg
> > -rw--- 1 sliedes sliedes  17527 Mar 26 22:45 leonc.jpg
> > -rw--- 1 sliedes sliedes  45064 Mar 26 22:45 SkipStone-Banner.jpg
> > 
> >
> > The file 2377h003.jpg is a photograph of a scantily clad model
> > apparently taken by a pornographer named Suze Randall. The photograph,
> > which "ripmime" unfortunately does not extract fully from the
> > multipart message (you can build gmime and use tests/test-partial
> > message-partial.* to combine the parts; the size should be 117415
> > bytes), contains the copyright notice "(c) 2001 Suze Randall" in the
> > lower right corner.
> >
> > The file leonc.jpg is apparently part of a movie poster of the movie
> > Leon: The Professional and depicts the character "Mathilda", a 12-year
> > old girl played by Natalie Portman, with a huge gun in her hand.
> >
> > SkipStone-Banner appears to be a partial banner of an old web browser
> > ("Gtk+ only browser"; I did not inspect what its license is, but did
> > find a source download link).
> >
> >   Sami
> >
> >
> > [...]
>
> Hi Micro,
>
> Could I convince you to do a +dfsg upload to remove the offending images
> (assuming they are indeed as non-free as implied)?
>
> Thanks,
> ~Niels
>

Bug#860423: marked as done (gwenview: Could not start process Cannot talk to klauncher: The name org.kde.klauncher5 was not provided by any .service files.)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sun, 23 Apr 2017 01:33:43 +
with message-id 
and subject line Bug#860423: fixed in gwenview 4:16.08.3-2
has caused the Debian Bug report #860423,
regarding gwenview: Could not start process Cannot talk to klauncher: The name 
org.kde.klauncher5 was not provided by any .service files.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860423: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860423
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gwenview
Version: 4:16.08.3-1
Severity: serious

Dear Maintainer,

gwenview seems to miss some dependencies

| Invalid pixmap specified.
| QTimeLine::setDuration: cannot set duration <= 0
| Invalid pixmap specified.
| QTimeLine::setDuration: cannot set duration <= 0
| Invalid pixmap specified.
| QTimeLine::setDuration: cannot set duration <= 0
| Invalid pixmap specified.
| QTimeLine::setDuration: cannot set duration <= 0
| Invalid pixmap specified.
| QTimeLine::setDuration: cannot set duration <= 0
| klauncher not running... launching kdeinit
| Can not find 'kdeinit5' executable at  
"/home/christoph/bin:/home/christoph/bin:/usr/local/bin:/usr/bin:/bin:/usr/games"
 "/usr/bin, /usr/lib/x86_64-linux-gnu/qt5/bin"
| klauncher not running... launching kdeinit
| Can not find 'kdeinit5' executable at  
"/home/christoph/bin:/home/christoph/bin:/usr/local/bin:/usr/bin:/bin:/usr/games"
 "/usr/bin, /usr/lib/x86_64-linux-gnu/qt5/bin"
| klauncher not running... launching kdeinit
| Can not find 'kdeinit5' executable at  
"/home/christoph/bin:/home/christoph/bin:/usr/local/bin:/usr/bin:/bin:/usr/games"
 "/usr/bin, /usr/lib/x86_64-linux-gnu/qt5/bin"
| couldn't create slave: "Cannot talk to klauncher: The name org.kde.klauncher5 
was not provided by any .service files"

In the end and empty gwenview window appears that doesn't display any
images and doesn't work (open dialog also just opens the error message
from $subject)

  Christoph

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gwenview depends on:
ii  kio 5.28.0-2
ii  libc6   2.24-9
ii  libexiv2-14 0.25-3+b1
ii  libgcc1 1:6.3.0-12
ii  libjpeg62-turbo 1:1.5.1-2
ii  libkf5activities5   5.28.0-1
ii  libkf5baloo55.28.0-2
ii  libkf5completion5   5.28.0-1
ii  libkf5configcore5   5.28.0-2
ii  libkf5configgui55.28.0-2
ii  libkf5configwidgets55.28.0-2
ii  libkf5coreaddons5   5.28.0-2
ii  libkf5filemetadata3 5.28.0-1+b2
ii  libkf5i18n5 5.28.0-2
ii  libkf5iconthemes5   5.28.0-2
ii  libkf5itemmodels5   5.28.0-2
ii  libkf5itemviews55.28.0-1
ii  libkf5jobwidgets5   5.28.0-2
ii  libkf5kdcraw5   16.04.0-2
ii  libkf5kdelibs4support5  5.28.0-1
ii  libkf5kiocore5  5.28.0-2
ii  libkf5kiofilewidgets5   5.28.0-2
ii  libkf5kiowidgets5   5.28.0-2
ii  libkf5kipi31.0.04:16.08.2-1
ii  libkf5notifications55.28.0-1
ii  libkf5parts55.28.0-1
ii  libkf5service-bin   5.28.0-1
ii  libkf5service5  5.28.0-1
ii  libkf5textwidgets5  5.28.0-1
ii  libkf5widgetsaddons55.28.0-2
ii  libkf5xmlgui5   5.28.0-1
ii  liblcms2-2  2.8-4
ii  libphonon4qt5-4 4:4.9.0-4
ii  libpng16-16 1.6.28-1
ii  libqt5core5a5.7.1+dfsg-3+b1
ii  libqt5gui5  5.7.1+dfsg-3+b1
ii  libqt5opengl5   5.7.1+dfsg-3+b1
ii  libqt5printsupport5 5.7.1+dfsg-3+b1
ii  libqt5svg5  5.7.1~20161021-2+b2
ii  libqt5widgets5  5.7.1+dfsg-3+b1
ii  libqt5x11extras55.7.1~20161021-2
ii  libstdc++6  6.3.0-12
ii  libx11-62:1.6.4-3
ii  phonon4qt5  4:4.9.0-4

Versions of packages gwenview recommends:
ii  kamera 4:16.08.3-1
ii  kio-extras 4:16.08.3-1
ii  qt5-image-formats-plugins  5.7.1~20161021-2

gwenview suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gwenview
Source-Version: 4:16.08.3-2

We believe that the bug you reported is fixed in the latest version of
gwenview, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.

Bug#803670: marked as done (gwenview: missing dependency to plasma-workspace and kinit)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sun, 23 Apr 2017 01:33:43 +
with message-id 
and subject line Bug#860423: fixed in gwenview 4:16.08.3-2
has caused the Debian Bug report #860423,
regarding gwenview: missing dependency to plasma-workspace and kinit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860423: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860423
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gwenview
Version: 4:15.08.2-1
Severity: important

Dear Maintainer,

after recent upgrade of gwenview from gwenview_4%3a4.14.2-1_amd64.deb to
gwenview_4%3a15.08.0-1_amd64.deb and onwards it stoped working properly.
it started, but was unable to show files or browse directories, showing
access errors to 'file:///', most of the time.

installing 'plasma-workspace' and 'kinit' solved all issues. please add
these two packages to dependencies (needed for those who do not use KDE
itself).


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gwenview depends on:
ii  libc6   2.19-22
ii  libexiv2-14 0.25-2.1
ii  libgcc1 1:5.2.1-22
ii  libjpeg62-turbo 1:1.4.1-2
ii  libkf5activities5   5.15.0-1
ii  libkf5baloo55.15.0+-1
ii  libkf5completion5   5.15.0-1
ii  libkf5configcore5   5.15.0-1
ii  libkf5configgui55.15.0-1
ii  libkf5configwidgets55.15.0-1
ii  libkf5coreaddons5   5.15.0-1
ii  libkf5filemetadata3 5.15.0-1
ii  libkf5i18n5 5.15.0-1
ii  libkf5iconthemes5   5.15.0-1
ii  libkf5itemmodels5   5.15.0-1
ii  libkf5itemviews55.15.0-1
ii  libkf5jobwidgets5   5.15.0-1
ii  libkf5kdelibs4support5  5.15.0-1
ii  libkf5kiocore5  5.15.0-1
ii  libkf5kiofilewidgets5   5.15.0-1
ii  libkf5kiowidgets5   5.15.0-1
ii  libkf5notifications55.15.0-1
ii  libkf5parts55.15.0-1
ii  libkf5service-bin   5.15.0+-1
ii  libkf5service5  5.15.0+-1
ii  libkf5textwidgets5  5.15.0-1
ii  libkf5widgetsaddons55.15.0-1
ii  libkf5xmlgui5   5.15.0-1
ii  liblcms2-2  2.6-3+b3
ii  libphonon4qt5-4 4:4.8.3-2
ii  libpng12-0  1.2.50-2+b2
ii  libqt5core5a5.5.1+dfsg-5
ii  libqt5gui5  5.5.1+dfsg-5
ii  libqt5opengl5   5.5.1+dfsg-5
ii  libqt5printsupport5 5.5.1+dfsg-5
ii  libqt5svg5  5.5.1-2
ii  libqt5widgets5  5.5.1+dfsg-5
ii  libqt5x11extras55.5.1-3
ii  libstdc++6  5.2.1-22
ii  libx11-62:1.6.3-1
ii  phonon4qt5  4:4.8.3-2

Versions of packages gwenview recommends:
ii  kamera 4:4.14.2-1+b1
ii  kio-extras 4:15.08.2-1
ii  qt5-image-formats-plugins  5.5.1-2

gwenview suggests no packages.

-- no debconf information

-- 
pozdrawiam serdecznie / best regards,
bartek 'basz' szurgot
/* http://www.baszerr.eu */
/* http://www.baszerr.eu/lib/exe/fetch.php/about_me/basz_pub_key.txt */




signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: gwenview
Source-Version: 4:16.08.3-2

We believe that the bug you reported is fixed in the latest version of
gwenview, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lisandro Damián Nicanor Pérez Meyer  (supplier of updated 
gwenview package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 22 Apr 2017 22:21:47 -0300
Source: gwenview
Binary: gwenview
Architecture: source
Version: 4:16.08.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers 
Changed-By: Lisandro Damián Nicanor Pérez Meyer 
Description:
 gwenview   - image viewer
Closes: 860423
Changes:
 gwenview (4:16.08.3-2) unstable; urgency=medium
 .
   * Team upload.

Processed: pending

2017-04-22 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 pending
Bug #860423 [gwenview] gwenview: Could not start process Cannot talk to 
klauncher: The name org.kde.klauncher5 was not provided by any .service files.
Bug #803670 [gwenview] gwenview: missing dependency to plasma-workspace and 
kinit
Added tag(s) pending.
Added tag(s) pending.

-- 
803670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803670
860423: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860423
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: pending

2017-04-22 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 pending
Bug #860423 [gwenview] gwenview: Could not start process Cannot talk to 
klauncher: The name org.kde.klauncher5 was not provided by any .service files.
Bug #803670 [gwenview] gwenview: missing dependency to plasma-workspace and 
kinit
Ignoring request to alter tags of bug #860423 to the same tags previously set
Ignoring request to alter tags of bug #803670 to the same tags previously set

-- 
803670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803670
860423: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860423
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#860423: pending

2017-04-22 Thread Lisandro Damián Nicanor Pérez Meyer 
Control: tag -1 pending

Thanks hristoph for th ebug and the triaging! I have already pushed the fix to 
the archive.

-- 
Paris, Je suis impregnée de ta présence!!!
vous cette une fleche alée qui traspase mon cour
  muxbalsoc. Comment posted in
  http://youtube.com/watch?v=G3S_sOEjsmo

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#812027: marked as done (zthreads: FTBFS with GCC 6: return-statement with a value)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sun, 23 Apr 2017 01:19:03 +
with message-id 
and subject line Bug#812027: fixed in zthreads 2.3.2-8
has caused the Debian Bug report #812027,
regarding zthreads: FTBFS with GCC 6: return-statement with a value
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
812027: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812027
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: zthreads
Version: 2.3.2-7.2
Severity: important
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-6

This package fails to build with GCC 6.  GCC 6 has not been released
yet, but it's expected that GCC 6 will become the default compiler for
stretch.

Note that only the first error is reported; there might be more.  You
can find a snapshot of GCC 6 in experimental.  To build with GCC 6,
you can set CC=gcc-6 CXX=g++-6 explicitly.

You may be able to find out more about this issue at
https://gcc.gnu.org/gcc-6/changes.html

> sbuild (Debian sbuild) 0.67.0 (26 Dec 2015) on dl580gen9-02.hlinux
...
> libtool: compile:  g++ -DHAVE_CONFIG_H -I. -I../include -Wdate-time 
> -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat 
> -Werror=format-security -Wall -DNDEBUG -g -O2 -fstack-protector-strong 
> -Wformat -Werror=format-security -Wall -DNDEBUG -MT AtomicCount.lo -MD -MP 
> -MF .deps/AtomicCount.Tpo -c AtomicCount.cxx  -fPIC -DPIC -o 
> .libs/AtomicCount.o
> In file included from vanilla/SimpleAtomicCount.cxx:26:0,
>  from AtomicCount.cxx:55:
> ../include/zthread/Guard.h: In static member function 'static void 
> ZThread::CompoundScope Scope2>::createScope(ZThread::LockHolder&, long unsigned int)':
> ../include/zthread/Guard.h:117:16: error: return-statement with a value, in 
> function returning 'void' [-fpermissive]
>  return false;
> ^
> 
> ../include/zthread/Guard.h:121:12: error: return-statement with a value, in 
> function returning 'void' [-fpermissive]
>  return true;
> ^~~~
> 
> Makefile:576: recipe for target 'AtomicCount.lo' failed
> make[4]: *** [AtomicCount.lo] Error 1

-- 
Martin Michlmayr
Linux for HPE Helion, Hewlett Packard Enterprise
--- End Message ---
--- Begin Message ---
Source: zthreads
Source-Version: 2.3.2-8

We believe that the bug you reported is fixed in the latest version of
zthreads, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 812...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated zthreads package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 23 Apr 2017 02:50:57 +0200
Source: zthreads
Binary: libzthread-2.3-2 libzthread-dev
Architecture: source
Version: 2.3.2-8
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Andreas Beckmann 
Description:
 libzthread-2.3-2 - Object-oriented synchronization library for C++
 libzthread-dev - Object-oriented synchronization library for C++
Closes: 812027
Changes:
 zthreads (2.3.2-8) unstable; urgency=medium
 .
   * QA upload.
   * Set Maintainer to Debian QA Group.  (See: #846286)
   * fix-ftbfs-g++-6.patch: New, remove spurious return-with-value in void
 function.  (Closes: #812027)
   * Switch to debhelper compat level 10.
Checksums-Sha1:
 e77312d20741fa98156ac1207107e5907d955782 1770 zthreads_2.3.2-8.dsc
 8168acc1bd4f4e2e2d046071332740f27ebe3cc2 7956 zthreads_2.3.2-8.debian.tar.xz
 149dcde389a8d0c9f3959d0fcf322c72f9722cc4 4261 zthreads_2.3.2-8_source.buildinfo
Checksums-Sha256:
 1c810fb4829c9d1876bbacb28493f7ff7b818acaae59ceb3ddc8370eacdfc7ee 1770 
zthreads_2.3.2-8.dsc
 3b3d0cc628cb9f40de73e28ad175c13491e50fe776963101e1e49631324629f9 7956 
zthreads_2.3.2-8.debian.tar.xz
 e2005efa8e08badca89cecf38969a644cfb50dd7cfc40991adec280d86fe4ffa 4261 
zthreads_2.3.2-8_source.buildinfo
Files:
 d9a23359eb58b95fc387176d44f9e844 1770 libs extra zthreads_2.3.2-8.dsc
 b3335793ae92eff4ef21875c9210bc67 7956 libs extra zthreads_2.3.2-8.debian.tar.xz
 c1ab9fd1080dc371974040e52a6f48e0 4261 libs extra 
zthreads_2.3.2-8_source.buildinfo

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJY+/tnAAoJEF+zP5N

Bug#799756: NEWS: core-network is alive outside of Debian

2017-04-22 Thread Eriberto Mota 
Hi all,

Sure, core-network cannot be kept in Debian because it has a serious
security hole. However, it is an efficient and versatile network
emulator, used by several groups, teachers and books. Is a fact that
CORE can be used over restricted and not critical environments.

Well, I want to leave registered that I will keep amd64 packages for
CORE in my website. So, if you want these packages, please go to
http://eriberto.pro.br/core/

Regards,

Eriberto

Bug#856335: marked as done (python-pyftpdlib: FTBFS, unittests error: error_temp: 426 Internal error; transfer aborted.)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 23:49:08 +
with message-id 
and subject line Bug#856335: fixed in python-pyftpdlib 1.5.1-4
has caused the Debian Bug report #856335,
regarding python-pyftpdlib: FTBFS, unittests error: error_temp: 426 Internal 
error; transfer aborted.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
856335: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856335
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-pyftpdlib
Version: 1.5.1-3
Severity: serious

Hello,
rebuilding python-pyftpdlib fails with the following errors


```
==
ERROR: test_list (test_functional.TestUnicodePathNames)
--
Traceback (most recent call last):
  File "/build/python-pyftpdlib-1.5.1/pyftpdlib/test/test_functional.py", line 
2652, in test_list
self._test_listing_cmds('list')
  File "/build/python-pyftpdlib-1.5.1/pyftpdlib/test/test_functional.py", line 
2639, in _test_listing_cmds
self.client.retrlines(cmd, ls.append)
  File "/usr/lib/python2.7/ftplib.py", line 453, in retrlines
return self.voidresp()
  File "/usr/lib/python2.7/ftplib.py", line 229, in voidresp
resp = self.getresp()
  File "/usr/lib/python2.7/ftplib.py", line 222, in getresp
raise error_temp, resp
error_temp: 426 Internal error; transfer aborted.

==
ERROR: test_mlsd (test_functional.TestUnicodePathNames)
--
Traceback (most recent call last):
  File "/build/python-pyftpdlib-1.5.1/pyftpdlib/test/test_functional.py", line 
2658, in test_mlsd
self._test_listing_cmds('mlsd')
  File "/build/python-pyftpdlib-1.5.1/pyftpdlib/test/test_functional.py", line 
2639, in _test_listing_cmds
self.client.retrlines(cmd, ls.append)
  File "/usr/lib/python2.7/ftplib.py", line 453, in retrlines
return self.voidresp()
  File "/usr/lib/python2.7/ftplib.py", line 229, in voidresp
resp = self.getresp()
  File "/usr/lib/python2.7/ftplib.py", line 222, in getresp
raise error_temp, resp
error_temp: 426 Internal error; transfer aborted.

--
Ran 783 tests in 16.884s

FAILED (errors=2, skipped=52)
```

Full build log attached.

Regards,
Sandro

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


python-pyftpdlib_1.5.1-3_amd64.build.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: python-pyftpdlib
Source-Version: 1.5.1-4

We believe that the bug you reported is fixed in the latest version of
python-pyftpdlib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
W. Martin Borgert  (supplier of updated python-pyftpdlib 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 22 Apr 2017 22:45:44 +
Source: python-pyftpdlib
Binary: python-pyftpdlib python3-pyftpdlib
Architecture: source all
Version: 1.5.1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team 

Changed-By: W. Martin Borgert 
Description:
 python-pyftpdlib - Python FTP server library
 python3-pyftpdlib - Python FTP server library
Closes: 849728 856335
Changes:
 python-pyftpdlib (1.5.1-4) unstable; urgency=medium
 .
   * Disable automatic tests, that are known to be unstable (Closes: #856335)
   * Remove Janos Guljas as maintainer (Closes: #849728)
Checksums-Sha1:
 741ca9c0b18adfa8b3f21c45158595689d2f0a98 2333 python-pyftpdlib_1.5.1-4.dsc
 51ff4806607a7f2f19ee5da2b946b056c135871e 4456 
python-pyftpdlib_1.5.1-4.debian.tar.xz
 729c59015266aada50d0ea49f25564b7d0c866fe 83354 python-pyftpdlib_1.

Bug#856335: marked as pending

2017-04-22 Thread W . Martin Borgert 
tag 856335 pending
thanks

Hello,

Bug #856335 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/python-pyftpdlib.git/commit/?id=933255d

---
commit 933255d1940e941b96c47874e391f965bf59b39d
Author: W. Martin Borgert 
Date:   Sun Apr 23 00:24:53 2017 +0200

disable tests, that are known to be unstable

diff --git a/debian/changelog b/debian/changelog
index 0ab54d2..c46639f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 python-pyftpdlib (1.5.1-4) UNRELEASED; urgency=medium
 
+  * Disable automatic tests, that are known to be unstable (Closes: #856335)
   * Remove Janos Guljas as maintainer (Closes: #849728)
 
  -- W. Martin Borgert   Wed, 25 Jan 2017 00:34:58 +

Processed: Bug#856335 marked as pending

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 856335 pending
Bug #856335 [src:python-pyftpdlib] python-pyftpdlib: FTBFS, unittests error: 
error_temp: 426 Internal error; transfer aborted.
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
856335: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856335
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859262: Fwd: Re: Bug#859262: Re: freezes Orca screen reader

2017-04-22 Thread Joanmarie Diggs 
Thanks! From a quick glance, Orca isn't frozen. Orca is still getting
and processing accessibility events even after that error. But it's
getting those events from defunct accessible objects, objects with
ROLE_INVALID, etc.

I'll take a longer look next week and handle the currently-unhandled
error. But the problem may persist. Orca cannot bring defunct/invalid
objects back from the dead; it can only try to gracefully step around
their bodies. Thus getting to the bottom of the Synaptic and/or AT-SPI2
issues needs to occur.

I'd be curious to know what happens if, when the Synaptic issue occurs,
you Alt+Tab into another accessible application. Does Orca present your
interactions with that app?

Thanks again!
--joanie

On 04/22/2017 03:25 PM, Paul Gevers wrote:
> Resending with Thunderbird mail.strictly_mime set to true, because your
> host refused my message. I hope this one reaches you. Reply-To set to
> the bug.
> 
> Paul
> 
> 
>  Forwarded Message 
> Subject: Re: Bug#859262: Re: freezes Orca screen reader
> Date: Sat, 22 Apr 2017 21:07:08 +0200
> From: Paul Gevers 
> To: Joanmarie Diggs , 859...@bugs.debian.org
> 
> Hi Joanmarie,
> 
> On 19-04-17 22:35, Joanmarie Diggs wrote:
>> Please send me a full debug.out, captured from Orca master or Orca
>> 3.24.x (i.e. current stable). Instructions here:
>> https://wiki.gnome.org/Projects/Orca/Debugging
> 
> I hope the attached log contains enough information for you to work it out.
> 
> Mind you, my Orca setup isn't speaking (as can be seen from the top of
> the log), but I think it captures the same error as reported in this bug
> already.
> 
> I created a Debian package for the 3.24 version which I build on
> debomatic¹ for this purpose.
> 
> Paul
> 
> ¹
> http://debomatic-amd64.debian.net/distribution#unstable/gnome-orca/3.24.0-1
>

Bug#831085: marked as done (socnetv: FTBFS with GCC 6: cstdlib:75:25: fatal error: stdlib.h: No such file or directory)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sun, 23 Apr 2017 00:13:28 +0200
with message-id <8607be2e-639b-ed18-1fe9-7f27bdae0...@debian.org>
and subject line Re:
has caused the Debian Bug report #831085,
regarding socnetv: FTBFS with GCC 6: cstdlib:75:25: fatal error: stdlib.h: No 
such file or directory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
831085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: socnetv
Version: 1.9-1.1
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20160713 qa-ftbfs
Justification: FTBFS with GCC 6 on amd64

Hi,

During a rebuild of all packages in sid using the gcc-defaults package
available in experimental to make GCC default to version 6, your package failed
to build on amd64. For more information about GCC 6 and Stretch, see:
- https://wiki.debian.org/GCC6
- https://lists.debian.org/debian-devel-announce/2016/06/msg7.html

Relevant part (hopefully):
> g++ -c -m64 -pipe -g -O2 -fstack-protector-strong -Wformat 
> -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -std=gnu++0x -Wall -W 
> -D_REENTRANT -fPIC -DQT_NO_DEBUG -DQT_PRINTSUPPORT_LIB -DQT_WIDGETS_LIB 
> -DQT_GUI_LIB -DQT_XML_LIB -DQT_NETWORK_LIB -DQT_CORE_LIB -I. -Isrc -isystem 
> /usr/local/include -isystem /usr/include -isystem /usr/include/qt5 
> -I/usr/share/qt5/include -isystem /usr/local/include -isystem /usr/include 
> -isystem /usr/include/qt -isystem /usr/include/qt5 -I/usr/share/qt5/include 
> -isystem /usr/include/x86_64-linux-gnu/qt5 -isystem 
> /usr/include/x86_64-linux-gnu/qt5/QtPrintSupport -isystem 
> /usr/include/x86_64-linux-gnu/qt5/QtWidgets -isystem 
> /usr/include/x86_64-linux-gnu/qt5/QtGui -isystem 
> /usr/include/x86_64-linux-gnu/qt5/QtXml -isystem 
> /usr/include/x86_64-linux-gnu/qt5/QtNetwork -isystem 
> /usr/include/x86_64-linux-gnu/qt5/QtCore -I. -I. 
> -I/usr/lib/x86_64-linux-gnu/qt5/mkspecs/linux-g++-64 -o guide.o src/guide.cpp
> In file included from /usr/include/c++/6/bits/stl_algo.h:59:0,
>  from /usr/include/c++/6/algorithm:62,
>  from /usr/include/x86_64-linux-gnu/qt5/QtCore/qglobal.h:88,
>  from 
> /usr/include/x86_64-linux-gnu/qt5/QtWidgets/qgraphicsitem.h:37,
>  from 
> /usr/include/x86_64-linux-gnu/qt5/QtWidgets/QGraphicsItem:1,
>  from src/guide.h:32,
>  from src/guide.cpp:27:
> /usr/include/c++/6/cstdlib:75:25: fatal error: stdlib.h: No such file or 
> directory
>  #include_next 
>  ^
> compilation terminated.
> make[1]: *** [guide.o] Error 1

The full build log is available from:
   
http://people.debian.org/~lucas/logs/2016/07/13/socnetv_1.9-1.1_unstable_gcc6.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
On Mon, 3 Oct 2016 21:40:27 +0100 Serafeim Zanikolas
 wrote:
> fixed 831085 2.1-1.1

and closing ...


Andreas--- End Message ---

Processed: fixed 860619 in python-passlib/1.7.1-1

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> fixed 860619 python-passlib/1.7.1-1
Bug #860619 [src:python-passlib] python-passlib: FTBFS on i386: Test failures
Marked as fixed in versions python-passlib/1.7.1-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860619
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#821634: marked as done (php-xajax: PHP 7.0 Transition)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 21:52:00 +
with message-id 
and subject line Bug#821634: fixed in php-xajax 0.5-2
has caused the Debian Bug report #821634,
regarding php-xajax: PHP 7.0 Transition
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
821634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: php-xajax
Version: 0.5-1
Severity: important
User: pkg-php-ma...@lists.alioth.debian.org
Usertags: php7.0-transition

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear maintainer(s),

this bug is a part of ongoing php7.0 transition.  It is filled as
important, but the severity will be bumped to serious within quite short
(~month) timeframe as the transition was announced almost 3 months ago.

The php-xajax package currently depends on php5 php5-cgi php5-cli .

PHP 7.0 has landed in unstable with substantial changes to the packaging:

  1. Every package built from src:phpMAJOR.MINOR now include
 phpMAJOR.MINOR in the name, so f.e. php5-fpm is now php7.0-fpm.

  2. Accompanying src:php-defaults builds 1:1 mapping to a default
 MAJOR.MINOR version, e.g. php-fpm depends on php7.0-fpm.  When you
 specify a dependency, please use the generic name, unless you
 absolutely know that won't work for you.

  3. Every path in the system has been changed to a versioned, e.g.
 /etc/php5/cli is now /etc/php/7.0/cli

  4. dh_php5 is now dh_php

  5. php-pear is not built from independent source package.

  6. master-7.0 branches of several extensions (php-apcu, xdebug,
 php-apcu-bc) can be used as a template how to change the PHP
 extension packaging.  It's mostly cut&paste since the d/rules tries
 to figure-out most of the variables from debian/ directory.

  7. pkg-php-tools package now supports PHP 7.0 packaging and if your
 package uses pkg-php-tools a simple binNMU is all it might need

  8. PHP 7.0 has changed extension API, so most-if-not-all extensions
 need work from upstream to be compatible with PHP 7.0.

  9. We expect to ship next Debian release (stretch) only with PHP
 7.0, that means that all packages needs to be made compatible with
 PHP 7.0.  Fortunately the PHP 7.0 is mostly compatible with properly
 maintained software.  However some extensions has been deprecated
 (f.e. mysql) and thus old unmaintained software will stop working
 and it will have to be either patched or removed from stable Debian.

So what you need to do:

Replace every occurence of php5 with just php, e.g. if you depend on
'php5' then you just need to depend on 'php'.  Also if you package a web
application and depend on specific SAPI, I would recommend depending just
on 'php' package and let the user decide whether he will install php-fpm,
libapache2-mod-php or php-cgi.

The script that was used to get the list of packages for MBF was not a
particular smart one (so it doesn't detect alternatives, etc.), so if
there's a false positive, please excuse me and just close the bug with
short explanation.

The other options that might be used with packages that don't and won't
support PHP 7.0 is to remove the software from Debian by changing the
title of this bugreport to:

RM: php-xajax -- ROM; doesn't support PHP 7.0

reassigning it to ftp.debian.org pseudo-package and changing severity to
'normal'.

Also feel free to contact the maintainers at one of the lists:

pkg-php-p...@lists.alioth.debian.org -- for PEAR related packages
pkg-php-p...@lists.alioth.debian.org -- for PHP extensions
pkg-php-ma...@lists.alioth.debian.org -- main PHP packaging and catch-all

Cheers, Ondrej

- -- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-35-generic (SMP w/24 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQJ8BAEBCgBmBQJXFUrOXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHvAkP+QFPJlBaMxty6RkVtVPt70H8
kfaS/u/O4vdZLiuFPfLXbm9P/CD/M7a6nl0gWmNZPL96xjijcr61ilQfGy287i6N
fVq2kwJLL62ds3yrouUIdbMtCPCFvxAEsgTeLphpYdRfzEbM94ywQNSMs57PYLME
ERZp78fPYvN4uAaS+FFZgCdhN27Gwf4MqKA/OjUN64W96a6IIABPuvJbrhkbkf88
GcrDHQpSiFl3m1ZY1tjDYXFq5PcRnp29tq+nv3SNweAL1y11Ag/dO9QvVeWfTfmn
Mk/i8/FqD4GUcT3kdTkjgEt++gwfTyzMvPQd7QW6EU9g28IdC

Processed: closing 839241

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # duplicate of #772947 ?
> close 839241 9.3-1+deb8u1
Bug #839241 [linkchecker] fails on HTTPS URLs: ImportError: cannot import name 
get_subj_alt_name
Marked as fixed in versions linkchecker/9.3-1+deb8u1.
Bug #839241 [linkchecker] fails on HTTPS URLs: ImportError: cannot import name 
get_subj_alt_name
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
839241: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839241
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 709198, tagging 851771, tagging 849832

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # propagate jessie-ignore to wheezy-ignore
> tags 709198 + wheezy-ignore
Bug #709198 [debconf] debconf: should not use python in maintainer scripts
Added tag(s) wheezy-ignore.
> tags 851771 + wheezy-ignore
Bug #851771 [src:php-gettext] php-gettext: CVE-2016-6175
Added tag(s) wheezy-ignore.
> tags 849832 + wheezy-ignore
Bug #849832 [icedove] firefox: contains JSHint work under non-free licence
Added tag(s) wheezy-ignore.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
709198: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709198
849832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849832
851771: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851771
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#766397: marked as done (emacs/gnus: Uses s_client to for SSL.)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 21:07:22 +
with message-id 
and subject line Bug#766397: fixed in emacs24 24.5+1-10
has caused the Debian Bug report #766397,
regarding emacs/gnus: Uses s_client to for SSL.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
766397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: emacs23
Severity: serious
Tags: security

Hi,

It has come to my attention that Gnus is using s_client to set up
SSL connections to retrieve email.  Please stop using that.
s_client is a debug tool, it does not set up a secure connection,
it ignores all errors and just continues.  It also doesn't do
checks it should be doing.  This is all documented behaviour.

Please get rid of all documentation, configurations and examples
that tell you how to set it up using s_client.

I've also seen examples adding -ssl2 and -ssl3 which is really
really broken.


Kurt
--- End Message ---
--- Begin Message ---
Source: emacs24
Source-Version: 24.5+1-10

We believe that the bug you reported is fixed in the latest version of
emacs24, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 766...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rob Browning  (supplier of updated emacs24 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 22 Apr 2017 12:33:05 -0500
Source: emacs24
Binary: emacs24-lucid emacs24-lucid-dbg emacs24-nox emacs24-nox-dbg emacs24 
emacs24-dbg emacs24-bin-common emacs24-common emacs24-el
Architecture: source amd64 all
Version: 24.5+1-10
Distribution: unstable
Urgency: medium
Maintainer: Rob Browning 
Changed-By: Rob Browning 
Description:
 emacs24- GNU Emacs editor (with GTK+ GUI support)
 emacs24-bin-common - GNU Emacs editor's shared, architecture dependent files
 emacs24-common - GNU Emacs editor's shared, architecture independent 
infrastructur
 emacs24-dbg - Debugging symbols for emacs24
 emacs24-el - GNU Emacs LISP (.el) files
 emacs24-lucid - GNU Emacs editor (with Lucid GUI support)
 emacs24-lucid-dbg - Debugging symbols for emacs24-lucid
 emacs24-nox - GNU Emacs editor (without GUI support)
 emacs24-nox-dbg - Debugging symbols for emacs24-nox
Closes: 766397
Changes:
 emacs24 (24.5+1-10) unstable; urgency=medium
 .
   * Don't segfault if gcc expects -nopie instead of -no-pie.
 Add 0027-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch, a
 backport from emacs25 (that closed #841551) to fix the problem.
 Thanks to Lucas Nussbaum and Aaron M. Ucko for reporting the
 problem, and Sven Joachim for tracking down the upstream patch.
 .
   * Don't offer/use openssl s_client by default: "s_client is a debug
 tool, it does not set up a secure connection, it ignores all
 errors and just continues.  It also doesn't do checks it should be
 doing.  This is all documented behaviour." -- Kurt Roeckx
 Add these patches to fix the problem:
   0028-IMAP-connections-no-longer-use-openssl-s_client.patch
   0029-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch
 Thanks to Kurt Roeckx for reporting the issue. (Closes: #766397)
Checksums-Sha1:
 8cf46365fb37790480d42eb93a9011f9e82b5f7d 2735 emacs24_24.5+1-10.dsc
 08998050ad3a0baf2990cfa29705c8b77f81adad 80488 emacs24_24.5+1-10.debian.tar.xz
 73831fabf035d35ae220601a0c390a80c08dd64f 259908 
emacs24-bin-common-dbgsym_24.5+1-10_amd64.deb
 bbaed360f046864c23f93ff6b60904f92a7adb7e 257522 
emacs24-bin-common_24.5+1-10_amd64.deb
 e33d55979450bafdc96601dd573da12011901e1f 12975482 
emacs24-common_24.5+1-10_all.deb
 fd55bc96c1524027aa71776cb9ca8977fa2c2cfc 4895070 
emacs24-dbg_24.5+1-10_amd64.deb
 594f49b2258e617f7cb259a074d5662c84667e79 15442082 emacs24-el_24.5+1-10_all.deb
 7f7dcc76f27bb83b6d2f7d38ce78a1c0c1e593c8 4945610 
emacs24-lucid-dbg_24.5+1-10_amd64.deb
 31139e74c85e434647f8d5b9e6550626fb68a27c 3549922 
emacs24-lucid_24.5+1-10_amd64.deb
 d0fdcfbc143010adc7e55638928289a6224704a1 3589510 
emacs24-nox-dbg_24.5+1-10_amd64.deb
 c63bd03f1472c7cfa954059d6c1de82f93a61e01 3136970 
emacs24-nox_24.5+1-10_amd64.deb
 d5186c51e03ccde2652648

Bug#860664: marked as done (primesieve: FTBFS on i386: dh_auto_test: make -j64 check VERBOSE=1 returned exit code 2)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 21:08:05 +
with message-id 
and subject line Bug#860664: fixed in primesieve 5.7.2+ds-2
has caused the Debian Bug report #860664,
regarding primesieve: FTBFS on i386: dh_auto_test: make -j64 check VERBOSE=1 
returned exit code 2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860664: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860664
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: primesieve
Version: 5.7.2+ds-1
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20170418-i386 qa-ftbfs
Justification: FTBFS in stretch on i386

Hi,

During a rebuild of all packages in stretch (in a stretch chroot, not a
sid chroot), your package failed to build on i386.

Relevant part (hopefully):
> make[2]: Entering directory '/<>/primesieve-5.7.2+ds/_build'
> make[2]: Leaving directory '/<>/primesieve-5.7.2+ds/_build'
> ./primesieve --test
> pi(x) : Prime-counting function test
> pi(10^1)  = 4   OK
> pi(10^2)  = 25  OK
> pi(10^3)  = 168 OK
> pi(10^4)  = 1229OK
> pi(10^5)  = 9592OK
> pi(10^6)  = 78498   OK
> pi(10^7)  = 664579  OK
> pi(10^8)  = 5761455 OK
> pi(10^9)  = 50847534OK
> pi(10^10) = 455052511   OK
> 
> Sieving the primes within [10^12, 10^12+2^32]
> 
> 0%
> 1%
> 2%
> 3%
> 4%
> 5%
> 6%
> 7%
> 8%
> 9%
> 10%
> 11%
> 12%
> 13%
> 14%
> 15%
> 16%
> 17%
> 18%
> 19%
> 20%
> 21%
> 22%
> 23%
> 24%
> 25%
> 26%
> 27%
> 28%
> 29%
> 30%
> 31%
> 32%
> 33%
> 34%
> 35%
> 36%
> 37%
> 38%
> 39%
> 40%
> 41%
> 42%
> 43%
> 44%
> 45%
> 46%
> 47%
> 48%
> 49%
> 50%
> 51%
> 52%
> 53%
> 54%
> 55%
> 56%
> 57%
> 58%
> 59%
> 60%
> 61%
> 62%
> 63%
> 64%
> 65%
> 66%
> 67%
> 68%
> 69%
> 70%
> 71%
> 72%
> 73%
> 74%
> 75%
> 76%
> 77%
> 78%
> 79%
> 80%
> 81%
> 82%
> 83%
> 84%
> 85%
> 86%
> 87%
> 88%
> 89%
> 90%
> 91%
> 92%
> 93%
> 94%
> 95%
> 96%
> 97%
> 98%
> 99%
> 100%
> 
> Prime count: 155428406  OK
> Sieving the primes within [10^13, 10^13+2^32]
> 
> 0%
> 1%
> 2%
> 3%
> 4%
> 5%
> 6%
> 7%
> 8%
> 9%
> 10%
> 11%
> 12%
> 13%
> 14%
> 15%
> 16%
> 17%
> 18%
> 19%
> 20%
> 21%
> 22%
> 23%
> 24%
> 25%
> 26%
> 27%
> 28%
> 29%
> 30%
> 31%
> 32%
> 33%
> 34%
> 35%
> 36%
> 37%
> 38%
> 39%
> 40%
> 41%
> 42%
> 43%
> 44%
> 45%
> 46%
> 47%
> 48%
> 49%
> 50%
> 51%
> 52%
> 53%
> 54%
> 55%
> 56%
> 57%
> 58%
> 59%
> 60%
> 61%
> 62%
> 63%
> 64%
> 65%
> 66%
> 67%
> 68%
> 69%
> 70%
> 71%
> 72%
> 73%
> 74%
> 75%
> 76%
> 77%
> 78%
> 79%
> 80%
> 81%
> 82%
> 83%
> 84%
> 85%
> 86%
> 87%
> 88%
> 89%
> 90%
> 91%
> 92%
> 93%
> 94%
> 95%
> 96%
> 97%
> 98%
> 99%
> 100%
> 
> Prime count: 143482916  OK
> Sieving the primes within [10^14, 10^14+2^32]
> 
> 0%
> 1%
> 2%
> 3%
> 4%
> 5%
> 6%
> 7%
> 8%
> 9%
> 10%
> 11%
> 12%
> 13%
> 14%
> 15%
> 16%
> 17%
> 18%
> 19%
> 20%
> 21%
> 22%
> 23%
> 24%
> 25%
> 26%
> 27%
> 28%
> 29%
> 30%
> 31%
> 32%
> 33%
> 34%
> 35%
> 36%
> 37%
> 38%
> 39%
> 40%
> 41%
> 42%
> 43%
> 44%
> 45%
> 46%
> 47%
> 48%
> 49%
> 50%
> 51%
> 52%
> 53%
> 54%
> 55%
> 56%
> 57%
> 58%
> 59%
> 60%
> 61%
> 62%
> 63%
> 64%
> 65%
> 66%
> 67%
> 68%
> 69%
> 70%
> 71%
> 72%
> 73%
> 74%
> 75%
> 76%
> 77%
> 78%
> 79%
> 80%
> 81%
> 82%
> 83%
> 84%
> 85%
> 86%
> 87%
> 88%
> 89%
> 90%
> 91%
> 92%
> 93%
> 94%
> 95%
> 96%
> 97%
> 98%
> 99%
> 100%
> 
> Prime count: 133235063  OK
> Sieving the primes within [10^15, 10^15+2^32]
> 
> 0%
> 1%
> 2%
> 3%
> 4%
> 5%
> 6%
> 7%
> 8%
> 9%
> 10%
> 11%
> 12%
> 13%
> 14%
> 15%
> 16%
> 17%
> 18%
> 19%
> 20%
> 21%
> 22%
> 23%
> 24%
> 25%
> 26%
> 27%
> 28%
> 29%
> 30%
> 31%
> 32%
> 33%
> 34%
> 35%
> 36%
> 37%
> 38%
> 39%
> 40%
> 41%
> 42%
> 43%
> 44%
> 45%
> 46%
> 47%
> 48%
> 49%
> 50%
> 51%
> 52%
> 53%
> 54%
> 55%
> 56%
> 57%
> 58%
> 59%
> 60%
> 61%
> 62%
> 63%
> 64%
> 65%
> 66%
> 67%
> 68%
> 69%
> 70%
> 71%
> 72%
> 73%
> 74%
> 75%
> 76%
> 77%
> 78%
> 79%
> 80%
> 81%
> 82%
> 83%
> 84%
> 85%
> 86%
> 87%
> 88%
> 89%
> 90%
> 91%
> 92%
> 93%
> 94%
> 95%
> 96%
> 97%
> 98%
> 99%
> 100%
> 
> Prime count: 124350420  OK
> Sieving the primes within [10^16, 10^16+2^32]
> 
> 0%
> 1%
> 2%
> 3%
> 4%
> 5%
> 6%
> 7%
> 8%
> 9%
> 10%
> 11%
> 12%
> 13%
> 14%
> 15%
> 16%
> 17%
> 18%
> 19%
> 20%
> 21%
> 22%
> 23%
> 24%
> 25%
> 26%
> 27%
> 28%
> 29%
> 30%
> 31%
> 32%
> 33%
> 34%
> 35%
> 36%
> 37%
> 38%
> 39%
> 40%
> 41%
> 42%
> 43%
> 44%
> 45%
> 46%
> 47%
> 48%
> 49%
> 50%
> 51%
> 52%
> 53%
> 54%
> 55%
> 56%
> 57%
> 58%
> 59%
> 60%
> 61%
> 62%
> 63%
> 64%
> 65%
> 66%
> 67%
> 68%
> 69%
> 70%
> 71%
> 72%
> 73%
> 74%
> 75%
> 76%
> 77%
> 78%
> 79%
> 80%
> 81%
> 82%
> 83%
> 84%
> 85%
> 86%
> 87%
> 88%
> 89%
> 90%
> 91%
>

Bug#809669: unattended-upgrades: files got created under /var/ mountpoint

2017-04-22 Thread Niels Thykier 
On Thu, 20 Apr 2017 14:05:39 +0200 Louis Bouchard
 wrote:
> Hello,
> 
> Le 20/04/2017 à 12:27, Simon McVittie a écrit :
> > [...]
> 
> First of all, I am sorry for not keeping up with my work in both bug reports.
> Recent events at my employer have made things a bit more difficult, including
> the recent release of Ubuntu Zesty.
> 

Hi,

Congrats on the Zesty release, btw. :)

> [...]
> 
> I am also preparing a .debdiff of a proposed debian fix that I will create and
> test today and tomorrow. In the meantime, here is the final unit that will be
> shiped :
> 
>

Any news from the test and about the debdiff? :)

Thanks,
~Niels

Bug#750593: Stable update request: kernel changes to fix PIE with large stack

2017-04-22 Thread Ben Hutchings 
On Sat, 2017-04-22 at 20:07 +, Niels Thykier wrote:
[...]
> Hi Ben,
> 
> Could you please file a pu bug for this?  I fear that otherwise, it
> might be overlooked for the next time the SRMs review the outstanding
> stable update requests.

I already stopped waiting and went ahead and made these changes.  I
verified that they build on all release architectures except
mips/mipsel (porterboxes were down) and was able to test the result on
amd64, armhf, i386, powerpc, ppc64 (standing in for ppc64el) and s390x.

Ben.

-- 
Ben Hutchings
It is impossible to make anything foolproof because fools are so
ingenious.



signature.asc
Description: This is a digitally signed message part

Bug#860739: libghc-xcb-types-dev: cannot parse xcb-proto 1.12

2017-04-22 Thread Iain R. Learmonth 
Hi,

On Sat, Apr 22, 2017 at 07:48:00PM +, Niels Thykier wrote:
> Thanks for the update and for looking into this issue.  I am glad to see
> there is progress on this issue.

+1. Sorry I've not been able to look at this.

> I hope we can get a timely resolution on this bug and #839314.  If not,
> I will request that cairocffi drops its Build-Dependency and then remove
> xcffib plus haskell-xcb-types from testing.

I won't object to removal if it becomes necessary.

Thanks,
Iain.



signature.asc
Description: PGP signature

Bug#750593: Stable update request: kernel changes to fix PIE with large stack

2017-04-22 Thread Niels Thykier 
Ben Hutchings:
> On Thu, 2017-03-23 at 17:06 +, James Cowgill wrote:
> [...]
>> The reason the program and the heap are at these very high addresses is
>> that xsltproc is built with PIE and the kernel is treating the
>> executable like a mmap and grouping it with all the other libraries. In
>> d1fd836dcf00 ("mm: split ET_DYN ASLR from mmap ASLR") the behavior
>> changed and now the program and it's heap will be mapped at a lower
>> address so the bug does not affect newer kernels. Using "setarch -L" or
>> "setarch -R" is another workaround for this bug because that moves the
>> program so that there is a much larger gap between the heap and the stack.
>>
>> This might affect other applications as well. Effectively it means that
>> PIE executables which use lots of stack space might not work properly
>> with jessie's kernel. The chances the bug will be hit seems to vary
>> between arches however (depending on what each arch does in
>> arch_pick_mmap_layout and arch_randomize_brk) - mips64el seems to be hit
>> pretty frequently. In xsltproc's case, PIE was enabled some time ago
>> which is why this bug is quite old.
>>
>> I believe any of the following will fix this (but have not all been tested):
>> - Reduce the stack usage in xsltproc (the upstream bug)
>> - Upgrade the relevant buildds to Linux >= 4.1
>> - Apply d1fd836dcf00 to jessie's kernel
> 
> That's part of a series of 10 commits covering multiple architectures. 
> I already picked one of them as a dependency for fixing CVE-2016-3672,
> which leaves 9 to do.  I think it is worth doing this in stable to
> support chroots and partial upgrades, but I would like to hear the
> release team ack/nak this in principle before I start preparing the
> change for Debian stable.
> 
> Kees Cook quotes the list of commits here:
> http://lists.openwall.net/linux-kernel/2015/07/27/964
> (I can't find the original message).
> 
> Ben.
> 
>> - Disable PIE in xsltproc.
>> - Run xsltproc inside setarch -L / setarch -R
> [...]
> 

Hi Ben,

Could you please file a pu bug for this?  I fear that otherwise, it
might be overlooked for the next time the SRMs review the outstanding
stable update requests.

Thanks,
~Niels

Processed: Re: nanomsg FTBFS on armel: tests/ipc_shutdown fails

2017-04-22 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 important
Bug #858172 [src:nanomsg] nanomsg FTBFS on armel: tests/ipc_shutdown fails
Severity set to 'important' from 'serious'

-- 
858172: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858172
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859926: speechd-up: fails to install

2017-04-22 Thread Paul Gevers 
Hi Cobra,

On 22-04-17 21:26, Cobra wrote:
> On 2017-04-22 19:51, Paul Gevers wrote:
>> On 22-04-17 00:26, Cobra wrote:
>>> The directories are different when starting at boot:
>> This doesn't sound good. I think it shouldn't matter how you call an
>> init-script, it should behave the same. I guess this is speechd-up's
>> responsibility.
>>> At this stage, I think all these problems belong to speech-dispatcher.
>> Well, I am not 100% convinced. The directory for the socket apparently
>> comes from the environment, and I would say that that is the
>> responsibility of the caller (in this case speechd-up or its init-script).
> 
> Might need some further testing, but imho that is speech-dispatcher's
> problem, especially with the autospawn. I'd rather have
> speech-dispatcher handle this correctly for all clients than make all
> clients do the right thing (which they will inevitably fail to do).

Good point. Agreed.

>>> That's a dead-end, speechd-up doesn't seem to be the primary culprit.
>> Agree. But I wonder if for the issue at hand (installation failing due
>> to init script failing) we should rather give up on providing an init
>> script that works in all circumstances for now. It seems it may rely on
>> configuration of speech-dispatcher (and sound). So maybe it is best for
>> now to just disable the init script (in a similar way as for
>> speech-dispatcher)?
> 
> Sounds like making this package quite useless and I think it's not
> necessary. Fixing init script bugs should suffice.

Agree, but if fixing the bug doesn't happen in time, it will drop out of
Stretch (at least if it remains with speechd-up). If we can't find the
real bug (and a solution), maybe having an init script that needs to be
enabled by the user is better than no speechd-up in Stretch. But see
below. (And what an incredible amount of work are we putting into this
package with a popcon of 9).

> I was thinking of reassigning to the current speech-dispatcher version
> as "breaks with pulse output when spawned by speechd-up from init
> system", keeping the RC level.

Please go ahead.

> Does this count as "breaking unrelated
> packages"? I think so, but speechd-up and speech-dispatcher aren't
> completely unrelated, so I'm unsure.

I don't think so. It breaks a very related package.

> Without further input, I won't issue such bug control commands.

Please don't hesitate further.

> I'd rather open new bugs for any issues with speechd-up's init scripts
> we find instead of cloning.

Ok.

> Yep, things are really working without pulseaudio and there aren't any
> directory changes with systemd handling things. Logs are also there.
> speechd-up is only breaking when speech-dispatcher is configured in a
> special way, but sadly it's speech-dispatcher's default config.

Ack.

Paul



signature.asc
Description: OpenPGP digital signature

Bug#858172: nanomsg FTBFS on armel: tests/ipc_shutdown fails

2017-04-22 Thread Ivo De Decker 
Control: severity -1 important

Hi,

On Sun, Mar 19, 2017 at 01:26:32PM +0200, Adrian Bunk wrote:
> Subject: nanomsg FTBFS on armel: tests/ipc_shutdown fails

This was fixed by a give-back. The issues happened once on s390x as well. It
seems rare enough, so I downgraded the bug, but it would still be good to fix
this eventually.

Cheers,

Ivo

Bug#859805: Patch proposal

2017-04-22 Thread Scott Kitterman 
On Saturday, April 22, 2017 07:28:00 PM Niels Thykier wrote:
> On Sat, 15 Apr 2017 00:39:56 + JC  wrote:
> > Hi Scott,
> > 
> > Le ven. 14 avr. 2017 Ã  19:59, Scott Kitterman  a
> > 
> > écrit :
> > > Thanks for the patch.
> > > I still need to review the underlying issue.  I suspect it is user
> > > error.
> > > Scott K
> > 
> > Well, I was not sure myself, so I did install postfix into new jessie and
> > stretch VMs and I've seen myself the same differences between the
> > dynamicmaps.cf.
> > 
> > The thing is: when you upgrade, the file is already created and
> > provisioned
> > with the map entries; but they are just not valid anymore with a stretch
> > postfix installation, since the pathnames changed from
> > /usr/lib/postfix/dict_XXX.so to postfix-XXX.so (notice the full path
> > removal _and_ the file name change).
> > 
> > I did compare the addmap function from the debian/functions file between
> > jessie and stretch and they _do_ differ in the map line generated.
> > 
> > So the map lines already there _do_ need to get updated, either by the
> > user
> > itself (in such case we should announce it in a README.upgrade or
> > equivalent) or by Debian. My opinion here is that the postinst script
> > could
> > manage this upgrade here without much "conffile" modification conflict.
> > :-)
> 
> Hey Scott,
> 
> Did you have any comments to the above?
> 
> (FTR, "dynamicmaps.cf" can't be a conffile unless the original postinst
> is RC buggy as it seems to generate dynamicmaps.cf - or are you talking
> about a different file?)
> 
> Thanks
> ~Niels

I do not think it's the correct fix for the problem.  I hope to work on this 
in the next day or three.  This may mask an issue, but it's not a fix.

Scott K

Bug#860739: libghc-xcb-types-dev: cannot parse xcb-proto 1.12

2017-04-22 Thread Niels Thykier 
On Sat, 22 Apr 2017 18:13:50 +0100 James Cowgill 
wrote:
> Hi,
> 
> On Wed, 19 Apr 2017 16:05:12 +0100 James Cowgill  wrote:
> > Package: libghc-xcb-types-dev
> > Version: 0.7.1-4
> > Severity: grave
> > Tags: sid stretch
> > Control: block 839314 by -1
> > 
> > Hi,
> > 
> > Currently haskell-xcb-types cannot parse xcb-proto 1.12. While strictly
> > speaking you don't have to use this package to just parse the files from
> > xcb-proto, it is the package's main purpose and (afaik) only use in the
> > archive.
> 
> [...]
> 
> Relevant xcb-types commits:
> https://github.com/aslatter/xcb-types/commit/0991f1d61b92371e9af51ab0fa3699d7c32e2b65
> https://github.com/aslatter/xcb-types/commit/a86e578f0860670f3d43fa2d414e93a60aa72e2d
> 
> Commit which would need backporting to xcffib:
> https://github.com/tych0/xcffib/commit/6e6646b7d5eec253225579e1cbb40acf380648b4
> 
> (xcffib would then need to depend on xcb-types >= 0.8)
> 
> I notice the xcffib patches ignore the new alignment fields so we might
> be able to bodge it by ignoring the "required_start_align" elements in
> xcb-types, but since that's a bit of a hack, there are no other rdeps
> of xcb-types, and we're going to have to patch both packages anyway, I
> don't know if it's worth it.
> 
> James
> 

Hi James,

Thanks for the update and for looking into this issue.  I am glad to see
there is progress on this issue.

I hope we can get a timely resolution on this bug and #839314.  If not,
I will request that cairocffi drops its Build-Dependency and then remove
xcffib plus haskell-xcb-types from testing.

Thanks,
~Niels

Bug#860700: bitz-server: FTBFS on i386: dh_makeshlibs: failing due to earlier errors

2017-04-22 Thread John Paul Adrian Glaubitz 
Hi Joerg!

While your updated package version fixes the FTBFS, you are still only providing
the symbols files for i386 and amd64, for the remaining architectures the 
symbols
files are missing and I think they should be present - at least for the release
architectures.

I could help with providing build logs to create the missing symbols files for
all the other architectures.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#858037: ikarus FTBFS on i386: recipe for target 'ikarus.boot' failed (Segmentation fault)

2017-04-22 Thread Barak A. Pearlmutter 
Well, vicare is a sort-of fork/continuation of ikarus.
If that compiles on i386, we could transition.
Or, since this problem is i386-only, and I'd imagine most users are
amd64, could just stop supporting i386.

Bug#859805: Patch proposal

2017-04-22 Thread Niels Thykier 
On Sat, 15 Apr 2017 00:39:56 + JC  wrote:
> Hi Scott,
> 
> Le ven. 14 avr. 2017 Ã  19:59, Scott Kitterman  a
> écrit :
> 
> > Thanks for the patch.
> > I still need to review the underlying issue.  I suspect it is user error.
> > Scott K
> >
> 
> Well, I was not sure myself, so I did install postfix into new jessie and
> stretch VMs and I've seen myself the same differences between the
> dynamicmaps.cf.
> 
> The thing is: when you upgrade, the file is already created and provisioned
> with the map entries; but they are just not valid anymore with a stretch
> postfix installation, since the pathnames changed from
> /usr/lib/postfix/dict_XXX.so to postfix-XXX.so (notice the full path
> removal _and_ the file name change).
> 
> I did compare the addmap function from the debian/functions file between
> jessie and stretch and they _do_ differ in the map line generated.
> 
> So the map lines already there _do_ need to get updated, either by the user
> itself (in such case we should announce it in a README.upgrade or
> equivalent) or by Debian. My opinion here is that the postinst script could
> manage this upgrade here without much "conffile" modification conflict. :-)

Hey Scott,

Did you have any comments to the above?

(FTR, "dynamicmaps.cf" can't be a conffile unless the original postinst
is RC buggy as it seems to generate dynamicmaps.cf - or are you talking
about a different file?)

Thanks
~Niels

Bug#859926: speechd-up: fails to install

2017-04-22 Thread Cobra 
Hi,

On 2017-04-22 19:51, Paul Gevers wrote:
> On 22-04-17 00:26, Cobra wrote:
>> The directories are different when starting at boot:
> This doesn't sound good. I think it shouldn't matter how you call an
> init-script, it should behave the same. I guess this is speechd-up's
> responsibility.
>> At this stage, I think all these problems belong to speech-dispatcher.
> Well, I am not 100% convinced. The directory for the socket apparently
> comes from the environment, and I would say that that is the
> responsibility of the caller (in this case speechd-up or its init-script).

Might need some further testing, but imho that is speech-dispatcher's
problem, especially with the autospawn. I'd rather have
speech-dispatcher handle this correctly for all clients than make all
clients do the right thing (which they will inevitably fail to do).
Also, at the moment I think this happens only when not using systemd to
manage services. Still a bug though, especially because debian does
support other init systems.

>> That's a dead-end, speechd-up doesn't seem to be the primary culprit.
> Agree. But I wonder if for the issue at hand (installation failing due
> to init script failing) we should rather give up on providing an init
> script that works in all circumstances for now. It seems it may rely on
> configuration of speech-dispatcher (and sound). So maybe it is best for
> now to just disable the init script (in a similar way as for
> speech-dispatcher)?

Sounds like making this package quite useless and I think it's not
necessary. Fixing init script bugs should suffice.

> If not, thant I propose to clone this bug for speech-dispatcher.
> Cloning, because I think that the delta in socket path is something that
> speechd-up should fix. But that is probably (if it does not actually
> cause this issue) not RC. But than what would be the issue for
> speech-dispatcher? "speech-dispatcher doesn't work with pulse-audio when
> started from init-script"? That doesn't sound like a great thing.

I was thinking of reassigning to the current speech-dispatcher version
as "breaks with pulse output when spawned by speechd-up from init
system", keeping the RC level. Does this count as "breaking unrelated
packages"? I think so, but speechd-up and speech-dispatcher aren't
completely unrelated, so I'm unsure.
Without further input, I won't issue such bug control commands.
I'd rather open new bugs for any issues with speechd-up's init scripts
we find instead of cloning.

Like I announced, I did some further testing, but with a fresh debian
install now - the same base I used at the beginning, with systemd.
I can install speechd-up without any problem when I remove the
pulseaudio package, stop any running pa daemons, and configure
speech-dispatcher to use alsa instead before running apt install.
The installation succeeds without any warning, speechd-up is running
afterwards.

$ systemctl status speechd-up.service
● speechd-up.service - LSB: Interface between speakup and speech-dispatcher
   Loaded: loaded (/etc/init.d/speechd-up; generated; vendor preset: enabled)
   Active: active (running) since Sat 2017-04-22 20:40:19 CEST; 23s ago
 Docs: man:systemd-sysv-generator(8)
   CGroup: /system.slice/speechd-up.service
   ├─2267 /usr/bin/speechd-up -l1
   ├─2270 /usr/lib/speech-dispatcher-modules/sd_dummy 
/etc/speech-dispatcher/modules/dummy.conf
   ├─2272 /usr/lib/speech-dispatcher-modules/sd_generic 
/etc/speech-dispatcher/modules/generic.conf
   ├─2274 /usr/lib/speech-dispatcher-modules/sd_espeak-ng 
/etc/speech-dispatcher/modules/espeak-ng.conf
   └─2278 /usr/bin/speech-dispatcher --spawn --communication-method 
unix_socket --socket-path /root/.cache/speech-dispatcher/speechd.sock
$ ps aux | grep "speec\h"
root  2267  0.0  0.1 105616  2696 ?Ssl  20:40   0:00 
/usr/bin/speechd-up -l1
root  2270  0.0  0.1  59776  4504 ?SLl  20:40   0:00 
/usr/lib/speech-dispatcher-modules/sd_dummy 
/etc/speech-dispatcher/modules/dummy.conf
root  2272  0.0  0.1  59788  4540 ?SLl  20:40   0:00 
/usr/lib/speech-dispatcher-modules/sd_generic 
/etc/speech-dispatcher/modules/generic.conf
root  2274  0.0  0.3 142088  8580 ?SLl  20:40   0:00 
/usr/lib/speech-dispatcher-modules/sd_espeak-ng 
/etc/speech-dispatcher/modules/espeak-ng.conf
root  2278  0.0  0.0 183144  2168 ?Ssl  20:40   0:00 
/usr/bin/speech-dispatcher --spawn --communication-method unix_socket 
--socket-path /root/.cache/speech-dispatcher/speechd.sock

I then stopped speechd-up with systemctl and waited for
speech-dispatcher to terminate (as expected).

$ sudo systemctl start speechd-up.service
$ systemctl status speechd-up.service
● speechd-up.service - LSB: Interface between speakup and speech-dispatcher
   Loaded: loaded (/etc/init.d/speechd-up; generated; vendor preset: enabled)
   Active: active (running) since Sat 2017-04-22 20:51:21 CEST; 1min 22s ago
 Docs: man:systemd-sysv-generator(8)

Processed: severity of 781155 is important

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 781155 important
Bug #781155 [openbsd-inetd] openbsd-inetd: openbsd-inetd.service should be the 
main service file
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
781155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781155
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859262: Re: freezes Orca screen reader

2017-04-22 Thread Paul Gevers 
Hi Joanmarie,

On 19-04-17 22:35, Joanmarie Diggs wrote:
> Please send me a full debug.out, captured from Orca master or Orca
> 3.24.x (i.e. current stable). Instructions here:
> https://wiki.gnome.org/Projects/Orca/Debugging

I hope the attached log contains enough information for you to work it out.

Mind you, my Orca setup isn't speaking (as can be seen from the top of
the log), but I think it captures the same error as reported in this bug
already.

I created a Debian package for the 3.24 version which I build on
debomatic¹ for this purpose.

Paul

¹
http://debomatic-amd64.debian.net/distribution#unstable/gnome-orca/3.24.0-1


debug-2017-04-22-20:54:19.out.xz
Description: application/xz


signature.asc
Description: OpenPGP digital signature

Processed: tagging 812574

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 812574 - moreinfo unreproducible
Bug #812574 [grub-pc] grub-pc: wants to overwrite admin configuration on each 
upgrade
Bug #841889 [grub-pc] grub-pc: ucf prompt that wants to change nothing except 
remove admin-defined config
Removed tag(s) unreproducible and moreinfo.
Removed tag(s) moreinfo and unreproducible.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
812574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812574
841889: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841889
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: user release.debian....@packages.debian.org, usertagging 744753, tagging 744753

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was ni...@thykier.net).
> usertags 744753 stretch-can-defer
There were no usertags set.
Usertags are now: stretch-can-defer.
> tags 744753 + stretch-ignore
Bug #744753 [anacron] anacron: Anacron not triggered when system resumes under 
systemd
Bug #767092 [anacron] anacron fails to run when laptop goes out of sleep
Added tag(s) stretch-ignore.
Added tag(s) stretch-ignore.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
744753: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744753
767092: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767092
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: user release.debian....@packages.debian.org, usertagging 855344, tagging 855344

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was ni...@thykier.net).
> usertags 855344 stretch-can-defer
There were no usertags set.
Usertags are now: stretch-can-defer.
> tags 855344 + stretch-ignore
Bug #855344 [icedove] thunderbird: retains mails from removed IMAP accounts
Added tag(s) stretch-ignore.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
855344: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855344
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: user release.debian....@packages.debian.org, usertagging 854727, tagging 854727

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was ni...@thykier.net).
> usertags 854727 stretch-can-defer
There were no usertags set.
Usertags are now: stretch-can-defer.
> tags 854727 + stretch-ignore
Bug #854727 [src:zziplib] Multiple vulnerabilities / unsuitable for stretch?
Added tag(s) stretch-ignore.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
854727: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854727
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: user release.debian....@packages.debian.org, usertagging 855912, tagging 855912

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was ni...@thykier.net).
> usertags 855912 stretch-can-defer
There were no usertags set.
Usertags are now: stretch-can-defer.
> tags 855912 + stretch-ignore
Bug #855912 [debconf] db_purge: exits with error code 8 when using deluser in 
the same postinst
Added tag(s) stretch-ignore.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
855912: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855912
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#858794: gmime: Tests contain a MIME message with a (presumably non-free) Playboy/Hustler/something photo

2017-04-22 Thread Niels Thykier 
On Sun, 26 Mar 2017 23:06:51 +0300 Sami Liedes  wrote:
> Source: gmime
> Version: 2.6.22-2
> Severity: serious
> 
> With package 'ripmime' installed:
> 
> 
> $ apt-get source gmime-bin
> $ cd gmime-2.6.22/tests/
> $ mkdir attachments
> $ cd attachments
> $ cat ../message-partial.* ../*.eml |ripmime -i -
> $ ls -l *.jpg
> -rw--- 1 sliedes sliedes 115113 Mar 26 22:45 2377h003.jpg
> -rw--- 1 sliedes sliedes  17527 Mar 26 22:45 leonc.jpg
> -rw--- 1 sliedes sliedes  45064 Mar 26 22:45 SkipStone-Banner.jpg
> 
> 
> The file 2377h003.jpg is a photograph of a scantily clad model
> apparently taken by a pornographer named Suze Randall. The photograph,
> which "ripmime" unfortunately does not extract fully from the
> multipart message (you can build gmime and use tests/test-partial
> message-partial.* to combine the parts; the size should be 117415
> bytes), contains the copyright notice "(c) 2001 Suze Randall" in the
> lower right corner.
> 
> The file leonc.jpg is apparently part of a movie poster of the movie
> Leon: The Professional and depicts the character "Mathilda", a 12-year
> old girl played by Natalie Portman, with a huge gun in her hand.
> 
> SkipStone-Banner appears to be a partial banner of an old web browser
> ("Gtk+ only browser"; I did not inspect what its license is, but did
> find a source download link).
> 
>   Sami
> 
> 
> [...]

Hi Micro,

Could I convince you to do a +dfsg upload to remove the offending images
(assuming they are indeed as non-free as implied)?

Thanks,
~Niels

Bug#860601: marked as done (altos: FTBFS: ld: final link failed: Bad value)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 18:48:50 +
with message-id 
and subject line Bug#860601: fixed in altos 1.6.8-5
has caused the Debian Bug report #860601,
regarding altos: FTBFS: ld: final link failed: Bad value
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860601
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: altos
Version: 1.6.8-4
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20170418 qa-ftbfs
Justification: FTBFS in stretch on amd64

Hi,

During a rebuild of all packages in stretch (in a stretch chroot, not a
sid chroot), your package failed to build on amd64.

Relevant part (hopefully):
> /usr/lib/gcc/arm-none-eabi/5.4.1/../../../arm-none-eabi/bin/ld: 
> telegps-v0.3-1.6.8.elf: Not enough room for program headers, try linking with 
> -N
> /usr/lib/gcc/arm-none-eabi/5.4.1/../../../arm-none-eabi/bin/ld: final link 
> failed: Bad value
> collect2: error: ld returned 1 exit status

The full build log is available from:
   http://aws-logs.debian.net/2017/04/18/altos_1.6.8-4_testing.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
Source: altos
Source-Version: 1.6.8-5

We believe that the bug you reported is fixed in the latest version of
altos, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee  (supplier of updated altos package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 22 Apr 2017 12:07:57 -0600
Source: altos
Binary: altos
Architecture: source amd64
Version: 1.6.8-5
Distribution: unstable
Urgency: medium
Maintainer: Bdale Garbee 
Changed-By: Bdale Garbee 
Description:
 altos  - Altus Metrum firmware and utilities
Closes: 860601
Changes:
 altos (1.6.8-5) unstable; urgency=medium
 .
   [ Keith Packard ]
   * altos/lpc,altos/stmf0: Use -n flag to work around link editor issue,
 closes: #860601
   * ao-elftohex: Add conditions for skipping ELF sections
   * ao-tools/ao-flash-lpc: Adapt to current openocd LPC support
   * altos/telegps: Inherit LDFLAGS from lpc make specification
Checksums-Sha1:
 8ecc6540e3e27ab672be65c46e08bd3238bb9ed5 2198 altos_1.6.8-5.dsc
 2a0c87513044c522d0184b1b59492a3058dfaf31 62992 altos_1.6.8-5.debian.tar.xz
 b819d2c3011c00c1eb1fa085c44ecd04b1b19910 267670 altos-dbgsym_1.6.8-5_amd64.deb
 060b935c05137d32a9376b8ce4b3089cb0097070 12717 altos_1.6.8-5_amd64.buildinfo
 658b1ff412f490b8e28947fbdf503dc7688f2faa 22539538 altos_1.6.8-5_amd64.deb
Checksums-Sha256:
 2d2633ea44b6db1c50ffab9c80ee1055e2f535fb9a29cf4a603365a3c38e098a 2198 
altos_1.6.8-5.dsc
 071635779221294146efd8e9344c9802d25bc1609f95b73424e8d163d08220c3 62992 
altos_1.6.8-5.debian.tar.xz
 a649bcd3396562e9e2216ec4101e0c550c39a0d6573dd7f60523f0a023d52593 267670 
altos-dbgsym_1.6.8-5_amd64.deb
 5b714312135dce0c79744ec7ac24124865f61c373fe56d345e5faa28bd9819b8 12717 
altos_1.6.8-5_amd64.buildinfo
 40570f93798507908ea1ff8b3a0aa1bb45904e07ded38b9498c23dc54adbee9c 22539538 
altos_1.6.8-5_amd64.deb
Files:
 e1fab6d0f9c24977db92b6b936968d63 2198 electronics optional altos_1.6.8-5.dsc
 86d0aade6a181ae7568186cfb61aa3d8 62992 electronics optional 
altos_1.6.8-5.debian.tar.xz
 5ffd0721c60e417a7dcfbe7c945f37f5 267670 debug extra 
altos-dbgsym_1.6.8-5_amd64.deb
 286da97094d5fe4ee7e910d5682fbd6b 12717 electronics optional 
altos_1.6.8-5_amd64.buildinfo
 7c67b7adba627ebc87e9e5a1a86e6f74 22539538 electronics optional 
altos_1.6.8-5_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEhHDyCwYlkhh8unuzOpNhlsCV2UEFAlj7nuoACgkQOpNhlsCV
2UE1ahAAornlYnMt6QYrf7WUsosQpLy+JzMUITNbe8w4BM4O6b04fJwJePwRYBhY
AOQ/hdICofndszBMbOc2YapbUFk/M9zq3dmUG1p9UDaV34lJAdFg8yJ5BYCnIx7h
c7UoD0m4NeT/v5xzNaTIhvYEs7eKwNsyBnU0i

Bug#858193: marked as done (backintime-common: restore as root can render system unusable)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 18:49:08 +
with message-id 
and subject line Bug#858193: fixed in backintime 1.1.12-2
has caused the Debian Bug report #858193,
regarding backintime-common: restore as root can render system unusable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858193: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858193
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: backintime-common
Version: 1.1.12-1
Severity: critical
Justification: breaks the whole system

Note: this is a summary of an upstream bug report at
https://github.com/bit-team/backintime/issues/708, but I'm still
reporting this here since the fixed version isn't available anywhere in
Debian at the moment and stretch is affected.

Restoring a snapshot with preserved permissions from selecting a folder
in the shortcuts pane will set / as read-only, breaking the complete
system.

how to reproduce, DO NOT TRY THIS ON A REAL SYSTEM:
0. create a backup of your VMor prepare to rescue it
1. install backintime-common and backintime-qt4 in version 1.1.12-1
2. open backintime in root mode; create a simple profile, I used /tmp as
   snapshot target and included /etcfor a quick test.
   Enable "preserve ACL" and/or "preserve extended attributes" in
   "expert options"
3. create a snapshot
4. select this snapshot, select a folder in the shortcuts middle pane,
   click the restorebutton
5. if the system doesn't seem broken yet, try opening a terminal and
   $ls -la /

This has been fixed upstream by a new maintenance release 1.1.14. I
built a package of this version myself and can confirm that this bug is
gone. Version 1.0.36 from jessie does not seem to be affected. This bug
won't hit users using only the default settings and depends a bit on
specific usage, but is still more than bad enough.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (150, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: backintime
Source-Version: 1.1.12-2

We believe that the bug you reported is fixed in the latest version of
backintime, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 858...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire  (supplier of updated backintime package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 22 Apr 2017 17:21:03 +0100
Source: backintime
Binary: backintime-common backintime-qt4 backintime-gnome backintime-kde
Architecture: source all
Version: 1.1.12-2
Distribution: unstable
Urgency: high
Maintainer: Jonathan Wiltshire 
Changed-By: Jonathan Wiltshire 
Description:
 backintime-common - simple backup/snapshot system (common files)
 backintime-gnome - GNOME front-end for backintime (transitional package)
 backintime-kde - KDE front-end for backintime (transitional package)
 backintime-qt4 - simple backup/snapshot system (graphical interface)
Closes: 858193 859815
Changes:
 backintime (1.1.12-2) unstable; urgency=high
 .
   * 01-858193-back-up-slash-root-perms.patch: back up permissions
 of '/' as well (Closes: #858193)
   * 02-polkit-vuln.patch: fix race condition in polkit privilege
 authorisation (CVE-2017-7572) (Closes: #859815)
   * Build-depend on dh-python
Checksums-Sha1:
 09ae0264cfd87f6bf586adfad87faa29b024ef57 2078 backintime_1.1.12-2.dsc
 6cfe7fcb5a356191eec4b1da764f51eccffa9706 6964 backintime_1.1.12-2.debian.tar.xz
 733fd5ec9784cf5641720a2df8e710ce6acf6068 247164 
backintime-common_1.1.12-2_all.deb
 f71a7fac0e0fac3c224cf50234132891e0e646f6 16784 
backintime-gnome_1.1.12-2_all.deb
 b4380f6d281b2c86c3a3db37ba81f89e305711a7 16778 backintime-kde_1.1.12-2_all.deb
 63161f89474d61af06a56181409f7bc20190f0b0 64706 backintime-qt4_1.1.12-2_all.deb
 83d5bebf8d3b498f619b82285f34aa3c524b08c5 6621 
backintime_1.1.12-2_amd64.buildinfo
Checksums-Sha256:
 4f4712f1d09ebcecb8b4d7eb5c2e30

Bug#859926: speechd-up: fails to install

2017-04-22 Thread Paul Gevers 
[CC-ing tts-project@l.a.d.o as they are the maintainer of
speech-dispatcher; although I believe most contributers there also read
d-a11n.]

On 22-04-17 00:26, Cobra wrote:
> Looks like we're chasing a pulseaudio<->speech-dispatcher bug now. Fun.

I concluded the same based on my logs. Although there the text was
different (3 times):
[Fri Apr 21 20:04:39 2017 : 454436] speechd:  Error: Module reported
error in request from speechd (code 3xx): 300-Opening sound device
failed. Reason: Couldn't open pulse plugin.
300 UNKNOWN ERROR

> The directories are different when starting at boot:

This doesn't sound good. I think it shouldn't matter how you call an
init-script, it should behave the same. I guess this is speechd-up's
responsibility.

> At this stage, I think all these problems belong to speech-dispatcher.

Well, I am not 100% convinced. The directory for the socket apparently
comes from the environment, and I would say that that is the
responsibility of the caller (in this case speechd-up or its init-script).

> Just for the record:
> I just found out that Jessie doesn't have any issues and the only
> relevant changelog entry is "speechd-up.init: Fix startup/shutdown."
> - well, for me it looks like the other way around.

I noticed the same.

> The errcode move is a legit bug fix.

Ack.

> STARTTIME might expose some bugs but isn't the root cause of anything.
> Required-(Start|Stop) looks strange with the autospawn thing of
> speech-dispatcher. But deleting speech-dispatcher from
> Required-(Start|Stop) won't do anything - speech-dispatcher won't run
> anyway unless enabled to do so in /etc/default/speech-dispatcher.

I came to the same conclusions in my previous e-mail. Good that we agree.

> That's a dead-end, speechd-up doesn't seem to be the primary culprit.

Agree. But I wonder if for the issue at hand (installation failing due
to init script failing) we should rather give up on providing an init
script that works in all circumstances for now. It seems it may rely on
configuration of speech-dispatcher (and sound). So maybe it is best for
now to just disable the init script (in a similar way as for
speech-dispatcher)?

If not, thant I propose to clone this bug for speech-dispatcher.
Cloning, because I think that the delta in socket path is something that
speechd-up should fix. But that is probably (if it does not actually
cause this issue) not RC. But than what would be the issue for
speech-dispatcher? "speech-dispatcher doesn't work with pulse-audio when
started from init-script"? That doesn't sound like a great thing.

What do others think?

Paul



signature.asc
Description: OpenPGP digital signature

Bug#852016: marked as done (libosl: FTBFS on i386: __builtin_ia32_paddd128 undeclared)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 17:33:48 +
with message-id 
and subject line Bug#852016: fixed in libosl 0.8.0-1.2
has caused the Debian Bug report #852016,
regarding libosl: FTBFS on i386: __builtin_ia32_paddd128 undeclared
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
852016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libosl
Version: 0.8.0-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)

The i386 build of libosl failed:

  /«PKGBUILDDIR»/core/osl/bits/quadInt.h: In member function 
'osl::container::QuadInt& osl::container::QuadInt::operator+=(const 
osl::container::QuadInt&)':
  /«PKGBUILDDIR»/core/osl/bits/quadInt.h:96:43: error: 
'__builtin_ia32_paddd128' was not declared in this scope
v.v4=__builtin_ia32_paddd128(v.v4,si.v.v4);
 ^
  /«PKGBUILDDIR»/core/osl/bits/quadInt.h: In member function 
'osl::container::QuadInt& osl::container::QuadInt::operator-=(const 
osl::container::QuadInt&)':
  /«PKGBUILDDIR»/core/osl/bits/quadInt.h:104:43: error: 
'__builtin_ia32_psubd128' was not declared in this scope
v.v4=__builtin_ia32_psubd128(v.v4,si.v.v4);
   ^
Please either avoid relying on these builtins or build with -msse2.
(As with -march=native, this flag limits portability of the resulting
binaries, but I suppose it still beats having no binaries at all.)

Thanks!
--- End Message ---
--- Begin Message ---
Source: libosl
Source-Version: 0.8.0-1.2

We believe that the bug you reported is fixed in the latest version of
libosl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 852...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated libosl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 22 Apr 2017 19:10:51 +0200
Source: libosl
Binary: libosl1v5 libosl-dev libosl-doc
Architecture: source
Version: 0.8.0-1.2
Distribution: unstable
Urgency: medium
Maintainer: Daigo Moriwaki 
Changed-By: Andreas Beckmann 
Description:
 libosl-dev - library for Shogi playing programs
 libosl-doc - library for Shogi playing programs
 libosl1v5  - library for Shogi playing programs
Closes: 852016
Changes:
 libosl (0.8.0-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Use DEB_CXXFLAGS_MAINT_APPEND to add -DOSL_NO_SSE on i386.
 (Closes: #852016)
   * Stop messing around with makefile.conf and makefile.local, they are not
 used by the CMake buildsystem.
   * Drop superfluous B-D: quilt.
Checksums-Sha1:
 780c96c067ddbf30b3fed7c5fbc26f82e0e00d56 2054 libosl_0.8.0-1.2.dsc
 2ccf4b5889c1971d70fdea18f2872458efe3b5d8 7764 libosl_0.8.0-1.2.debian.tar.xz
 2c8b8ba123134c078c58b2a042ccd7559f9cd784 10636 
libosl_0.8.0-1.2_source.buildinfo
Checksums-Sha256:
 dbfe05dcbc5f92bffc6ab631a9949ba7be19907cbb8d1bbe88fd90fd282a984b 2054 
libosl_0.8.0-1.2.dsc
 ab087edd5e3c1c3904570100de66124b30ea3d31293c3f48694836f36de07cd8 7764 
libosl_0.8.0-1.2.debian.tar.xz
 301ac80b31cbb5fd2aceb922385a2016691056d542248591b066b995871a56f4 10636 
libosl_0.8.0-1.2_source.buildinfo
Files:
 8a6ebcec8ea5d58ca9f7f9fa00bbc8f0 2054 libs optional libosl_0.8.0-1.2.dsc
 38ed1738b243a7d246494b5e453aba1a 7764 libs optional 
libosl_0.8.0-1.2.debian.tar.xz
 b7d7d39976fd631cf421e8e1d8db9263 10636 libs optional 
libosl_0.8.0-1.2_source.buildinfo

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJY+48bAAoJEF+zP5NZ6e0INM0P/1kEGfdYwRf4pe7n27JQDRj0
XWFC7lbB+G9NzEaljqUfRqQSBhGzmh+0AnGdhPVJ/m2yVnftc6zRGDXcNRm7HVbL
PN1YJ7EwT2Im01UMe30R6HrOaPNlN5s0pBHPi0H6nx5XoTJH1U8aB9PfrG+OHaax
0rxTOtMHm+/Bw4xq2stfWqLewC5aC3JUGp6UGu6eOiP7hy13Oy+YWBLX1eKoOxdh
EGT1NUhHkPfvy9C42g3e89jXkwsva8yjl9pkf7NDza3H40nkJZ1LbIGxkiaxRTYY
9IuM4pnRAYqwo1UaggVW9b+kK0uqQt6u7FEbLRC/JiUAE99RkO0He5yFbvzzUpyg
iINVZ1fp5TxKczhi6KEvLKrpYH5KDwILbKjeDhn0IoZvBsBu3vUIWeMWVDUHN6YH
DDPKQOvx8Av4kmIvsFA0IWLEBN4pHfNsccGixlmKxBanfT5HLcpzTfF8uorWl+QD
BsWcLg6m57HdrGAG10DcW2FxTxGRUPt4kIXsEFcm5hW1c16omP3/N0N2dYsYCHII
rGE6jystD/EQRgw+sLSDGO+cqxaw0

Bug#860739: libghc-xcb-types-dev: cannot parse xcb-proto 1.12

2017-04-22 Thread James Cowgill 
Hi,

On Wed, 19 Apr 2017 16:05:12 +0100 James Cowgill  wrote:
> Package: libghc-xcb-types-dev
> Version: 0.7.1-4
> Severity: grave
> Tags: sid stretch
> Control: block 839314 by -1
> 
> Hi,
> 
> Currently haskell-xcb-types cannot parse xcb-proto 1.12. While strictly
> speaking you don't have to use this package to just parse the files from
> xcb-proto, it is the package's main purpose and (afaik) only use in the
> archive.

On closer inspection, it looks like haskell-xcb-types has never been
able to parse the full xcb-proto. It's only ever been able to parse the
bits that xcffib needs to work properly. Since adding the extra support
is a lot of work and no packages will use it, I suggest that only the
xcffib stuff is fixed and then this bug can be cloned as important to
cover the other bits.

[...]
> This is the cause of the xcffib FTBFS in #839314
> 
> Apparently xcb-types 0.8.0 fixes this. I don't know how suitable that is
> to be included into stretch.

Upgrading to 0.8.0 breaks the API by adding alignment fields everywhere
to handle the parsing of the new "required_start_align" element. This
means we would also need to backport the relevant xcffib patches as
well. I think this is the best option though.

Relevant xcb-types commits:
https://github.com/aslatter/xcb-types/commit/0991f1d61b92371e9af51ab0fa3699d7c32e2b65
https://github.com/aslatter/xcb-types/commit/a86e578f0860670f3d43fa2d414e93a60aa72e2d

Commit which would need backporting to xcffib:
https://github.com/tych0/xcffib/commit/6e6646b7d5eec253225579e1cbb40acf380648b4

(xcffib would then need to depend on xcb-types >= 0.8)

I notice the xcffib patches ignore the new alignment fields so we might
be able to bodge it by ignoring the "required_start_align" elements in
xcb-types, but since that's a bit of a hack, there are no other rdeps
of xcb-types, and we're going to have to patch both packages anyway, I
don't know if it's worth it.

James



signature.asc
Description: OpenPGP digital signature

Bug#860625: zimlib: FTBFS on i386: dh_makeshlibs: failing due to earlier errors

2017-04-22 Thread Jonas Smedegaard 
Quoting Vasudev Kamath (2017-04-22 18:08:27)
> James Clarke  writes:
> 
> > Control: tags -1 patch
> >
> > These symbol files differences have been fixed by Ubuntu. I came to 
> > an identical patch independently before being told about it. I have 
> > also performed some additional cleanup where things are clearly 
> > based on bitness or endianness, which are *not* included in the 
> > Ubuntu delta, but I think should be in Debian for everyone's sanity.
> 
> Thanks!.
> 
> >
> > Now for a slight rant: Please stop blindly applying patches to 
> > symbols files without thinking about what's going on. There were 
> > many instances of:
> 
> I agree that I should not blindly apply the patches. But since I 
> clearly do not understand the symbol files I rely on pkg-kde-tools 
> symbolhelper written by Russ.

Please beware that e.g. feeding an incomplete set of buildlogs or 
buildlogs from varying sources makes the tool loose track and produce 
broken arch lists.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#860625: zimlib: FTBFS on i386: dh_makeshlibs: failing due to earlier errors

2017-04-22 Thread Vasudev Kamath 
James Clarke  writes:

> Control: tags -1 patch
>
> These symbol files differences have been fixed by Ubuntu. I came to an
> identical patch independently before being told about it. I have also
> performed some additional cleanup where things are clearly based on
> bitness or endianness, which are *not* included in the Ubuntu delta, but
> I think should be in Debian for everyone's sanity.

Thanks!.

>
> Now for a slight rant: Please stop blindly applying patches to symbols
> files without thinking about what's going on. There were many instances
> of:

I agree that I should not blindly apply the patches. But since I clearly
do not understand the symbol files I rely on pkg-kde-tools symbolhelper
written by Russ.
>
>> arch=!amd64 !arm64 !armel !armhf !hppa !hurd-i386 !kfreebsd-amd64 
>> !kfreebsd-i386 !m68k !mips !mips64el !mipsel !powerpc !powerpcspe !ppc64 
>> !ppc64el !s390x !x32
>
> with the same symbol disappearing on alpha, sh4 and sparc64, causing the
> build to fail. Additionally, the symbol also disappeared on i386, but
> binary uploads to unstable were used. These must have been done in an
> outdated chroot. Source-only uploads are highly recommended to avoid
> things like this, but if you *are* going to do binary uploads, *please
> ensure your chroot is up to date*.

I've uploaded with updated chroot!. Anyway going forward I will adapt
source only upload to avoid these issues.

>
> Similarly, there were instances of:
>
>> arch=amd64 arm64 armel armhf hppa hurd-i386 kfreebsd-amd64 kfreebsd-i386 
>> m68k mips mips64el mipsel powerpc powerpcspe ppc64 ppc64el s390x x32
>
> with the symbol appearing on i386.
>
> I have checked the build (no symbol diff, even warnings) on amd64 and
> i386. I will continue to test other architectures and update this bug
> later today.

Thanks for this. Its already NMUed so I will have a look at patch and
acknowledge NMU.

Bug#857360: gitlab_8.13.11+dfsg-4 no longer available, unable to install

2017-04-22 Thread Joel Maxuel 
> Currently it support autoconfiguration of nginx only (you may open a
> wishlist bug for apache support). You'll have to manually configure
apache.

I ended up installing nginx, didn't realize it didn't install with gitlab
but required.

Getting closer now, but with the  following files edited for my port 1443
host to FQDN...

/etc/gitlab/gitlab.yml (host:  \n port: 1443)
/etc/gitlab/unicorn.rb (listen ":1443", :tcp_nopush => true)
/var/lib/gitlab/gitlab-shell-config.yml (gitlab_url: "https://
:1443/")

... as well as the nginx gitlab enabled site configured for HTTP 8808/HTTPS
1443 (below), I get a 502 "Bad Gateway" error.

  listen 0.0.0.0:8088;
  listen [::]:8088 ipv6only=on;
  server_name ; ## Replace this with something like
gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security
best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

...

  listen 0.0.0.0:1443 ssl;
  listen [::]:1443 ipv6only=on ssl;
  server_name ; ## Replace this with something like
gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security
best practice
  root /usr/share/gitlab/public;


Not sure what to do next.

Bug#860679: marked as done (pydl: FTBFS on i386: Test failures)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 15:34:47 +
with message-id 
and subject line Bug#860679: fixed in pydl 0.5.3-3
has caused the Debian Bug report #860679,
regarding pydl: FTBFS on i386: Test failures
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860679: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860679
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pydl
Version: 0.5.3-2
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20170418-i386 qa-ftbfs
Justification: FTBFS in stretch on i386

Hi,

During a rebuild of all packages in stretch (in a stretch chroot, not a
sid chroot), your package failed to build on i386.

Relevant part (hopefully):
> 037 
> 038 >>> import numpy as np
> 039 >>> from pydl import uniq
> 040 >>> uniq(np.sort(np.array([ 1, 2, 3, 1, 5, 6, 1, 7, 3, 2, 5, 9, 11, 1 
> ])))
> Expected:
> array([ 3,  5,  7,  9, 10, 11, 12, 13])
> Got:
> array([ 3,  5,  7,  9, 10, 11, 12, 13], dtype=int32)
> 
> /tmp/pydl-test-4cudd_0b/lib.linux-i686-3.5/pydl/uniq.py:40: DocTestFailure
>  pytest-warning summary 
> 
> WC1 None [pytest] section in setup.cfg files is deprecated, use [tool:pytest] 
> instead.
> == 1 failed, 122 passed, 1 skipped, 1 pytest-warnings in 6.26 seconds 
> ==
> /usr/lib/python3/dist-packages/astropy/config/configuration.py:541: 
> ConfigurationMissingWarning: Configuration defaults will be used due to 
> FileNotFoundError:2 on None
>   warn(ConfigurationMissingWarning(msg))
> debian/rules:28: recipe for target 'override_dh_auto_test' failed

The full build log is available from:
   http://aws-logs.debian.net/2017/04/18/pydl_0.5.3-2_testing-i386.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
Source: pydl
Source-Version: 0.5.3-3

We believe that the bug you reported is fixed in the latest version of
pydl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Prat  (supplier of updated pydl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 22 Apr 2017 16:41:50 +0200
Source: pydl
Binary: python-pydl python3-pydl python-pydl-doc
Architecture: source all
Version: 0.5.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Astro Team 
Changed-By: Vincent Prat 
Description:
 python-pydl - Library of IDL astronomy routines converted to Python 2
 python-pydl-doc - Library of IDL astronomy routines converted to Python (doc)
 python3-pydl - Library of IDL astronomy routines converted to Python 3
Closes: 860679
Changes:
 pydl (0.5.3-3) unstable; urgency=medium
 .
   * Fix failed test on 32 bits architectures (Closes: #860679)
Checksums-Sha1:
 e3e7f82c5b8479c7610df6bfa07b9fbe1d7a64f0 2270 pydl_0.5.3-3.dsc
 c6eee887df9be768f6a33e76b7e3c3a61c404951 3916 pydl_0.5.3-3.debian.tar.xz
 c1e07279e282ebbb078edc48d565ac19665b3aa9 464088 python-pydl_0.5.3-3_all.deb
 b740a58368057668360117d5cf40e74faf139b4e 475740 python3-pydl_0.5.3-3_all.deb
 ab2c90600d79a0e76f4178035e2d8295c9c939cf 69098 python-pydl-doc_0.5.3-3_all.deb
Checksums-Sha256:
 51ecf6c7e3de04ed524851422f4b572258778874d478c03669f0f6e54a67e940 2270 
pydl_0.5.3-3.dsc
 99472956ab653dbf8ba0d58043623400d1c3cd79a894d72bf8bcbab7acc648b2 3916 
pydl_0.5.3-3.debian.tar.xz
 45b6ea042e52ebb746da6a6bdd76fc3979e34ad2cba301559c2903384bd43e28 464088 
python-pydl_0.5.3-3_all.deb
 95d6bc616812224611bdb6c9d301b021d23699a9e45d55d19a9dbab66275d8ee 475740 
python3-pydl_0.5.3-3_all.deb
 a3339d50675dbc06ba78ecc3797963a064896aa8b66720b86a0c3f7a5fabeb0c 69098 
python-pydl-doc_0.5.3-3_all.deb
Files:
 2147c32c594ca24ac11f089b435bd590 2270 python optional pydl_0.5.3-3.dsc
 4d4830cdaaebd0f092dc8713f49cc71a 3

Processed: All affected versions

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 860952 1:3.7b1-2
Bug #860952 [rar] Statically linked to glibc, in breach of policy and copyright
Marked as found in versions rar/1:3.7b1-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 860952 in 2:4.0.b3-1

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 860952 2:4.0.b3-1
Bug #860952 [rar] Statically linked to glibc, in breach of policy and copyright
Marked as found in versions rar/2:4.0.b3-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 860952 in 2:4.2.0-1

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 860952 2:4.2.0-1
Bug #860952 [rar] Statically linked to glibc, in breach of policy and copyright
Marked as found in versions rar/2:4.2.0-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#860940: marked as done (minicom: CVE-2017-7467: Out of bounds write in vt100.c)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 14:50:29 +
with message-id 
and subject line Bug#860940: fixed in minicom 2.7-1.1
has caused the Debian Bug report #860940,
regarding minicom: CVE-2017-7467: Out of bounds write in vt100.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860940: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860940
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: minicom
Version: 2.7-1
Severity: grave
Tags: upstream security fixed-upstream

Hi,

the following vulnerability was published for minicom.

CVE-2017-7467[0]:
Out of bounds write in vt100.c

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7467
[1] https://anonscm.debian.org/hg/minicom/rev/c33d24938f3e

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: minicom
Source-Version: 2.7-1.1

We believe that the bug you reported is fixed in the latest version of
minicom, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated minicom package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 22 Apr 2017 11:14:19 +0200
Source: minicom
Binary: minicom
Architecture: source
Version: 2.7-1.1
Distribution: unstable
Urgency: high
Maintainer: Martin A. Godisch 
Changed-By: Salvatore Bonaccorso 
Closes: 860940
Description: 
 minicom- friendly menu driven serial communication program
Changes:
 minicom (2.7-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Add ARRAY_SIZE macro
   * CVE-2017-7467: Out of bounds write in vt100.c (Closes: #860940)
Checksums-Sha1: 
 159a2eaf57e3e66fd52fe1375d7e3ce5f64f3fc1 1930 minicom_2.7-1.1.dsc
 469f1a324a5f9401260a77e12648fc7263db5683 14064 minicom_2.7-1.1.debian.tar.xz
Checksums-Sha256: 
 23e3df76643e1998dbdd578fd936e18579b6472d81d26fd535043188a6e8abc1 1930 
minicom_2.7-1.1.dsc
 c30d7cda121d468a2d5d48693c1b25fdf34b66463599a5e4c53fafcd16103b77 14064 
minicom_2.7-1.1.debian.tar.xz
Files: 
 584c66807b1fce904dbac6a03c91befe 1930 comm optional minicom_2.7-1.1.dsc
 1caef1e83571ae2838b03508c6ef43a0 14064 comm optional 
minicom_2.7-1.1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlj7IWZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EM3EP+gNVraKM68ah5JkeSmCSdbzOyvajbM2x
komdmnWEKW9Iwp9O7U8uQ1zyecLYuWDtzdJ4EEJxoSGzQNlusLJqc/D0hCbDXC9U
E11S1GVZn3FVNl5UC2A+C4MVjngrIKq7od/72rhlL+a6H86jm1f/znSAvg/lCBrC
O4LfgRM3PnAqkr3FFn61QKcTGJG/395YFG+EEHqP6MRFgMk+BbtpFGoabTH+Vnuv
m2pA5tkrKL/nc+RGt3AJ2XKRt+U7YSFitD2LOZRX/zoC7vZtKTraWJnN5nyE0Ine
NdGkezSaBFLrO915NOFG9vnssbl6h2CrB/Uwz0Xn5TMr9zRXh3Rz4gwsDIwvW97o
kZnPou6svLCi3pjhAimANp20ORLUNjBdHdeg4HNFyBxyp9dr0/GmMgTin5v5W16B
v88JYaCqOIjKIOvFeA5I17CxR6LkKQPCiVSSkFC1IcvSnufDpA7G3xq1eXNal3Zs
GNup18/aGrvunGSuZ9VxgJlmkaKGGhXkUJh/ROQ42RUWKQMSPcOsh1nIj2gZ9wBr
gGsZU/EusJqY/83kQKmcW+8soe4NwpOMLFrA8Mjq4aZdAhkHJ+9fW0hYpq9g7KWc
65O1Np98QyPHXFocqKAl9+cYEts2SeEjX04lMu4QxJlsyTzb4j35g3rUQePUW4jK
oJH0EmnQq0iy
=AKMZ
-END PGP SIGNATURE End Message ---

Bug#860952: Statically linked to glibc, in breach of policy and copyright

2017-04-22 Thread Ben Hutchings 
Package: rar
Version: 2:5.4.0-1
Severity: serious

Policy forbids executables statically linked to glibc (though other
C libraries such as dietlibc are allowed).

This is also a copyright violation.  Proprietary programs can
generally be dynamically linked with glibc and distributed under the
terms of LGPL 2.1 section 6, but a statically linked binary does not
comply - there are no object files for the rest of rar, and we don't
even know which version of glibc to provide source for.

Ben.

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Processed: And re-add the fixed version

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> fixed 860943 0.110.0-4
Bug #860943 {Done: Jonas Smedegaard } [sugar-toolkit-gtk3] 
sugar-jukebox-activity does not start
There is no source info for the package 'sugar-toolkit-gtk3' at version 
'0.110.0-4' with architecture ''
Unable to make a source version for version '0.110.0-4'
Marked as fixed in versions 0.110.0-4.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860943
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Move to the package where the bug was

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> reassign 860943 sugar-toolkit-gtk3 0.110.0-3
Bug #860943 {Done: Jonas Smedegaard } [sugar-jukebox-activity] 
sugar-jukebox-activity does not start
Bug reassigned from package 'sugar-jukebox-activity' to 'sugar-toolkit-gtk3'.
No longer marked as found in versions sugar-jukebox-activity/32+20160926-1.
No longer marked as fixed in versions sugar-toolkit-gtk3/0.110.0-4.
Bug #860943 {Done: Jonas Smedegaard } [sugar-toolkit-gtk3] 
sugar-jukebox-activity does not start
There is no source info for the package 'sugar-toolkit-gtk3' at version 
'0.110.0-3' with architecture ''
Unable to make a source version for version '0.110.0-3'
Marked as found in versions 0.110.0-3.
> affects 860943 sugar-jukebox-activity
Bug #860943 {Done: Jonas Smedegaard } [sugar-toolkit-gtk3] 
sugar-jukebox-activity does not start
Added indication that 860943 affects sugar-jukebox-activity
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860943
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#860940: minicom: diff for NMU version 2.7-1.1

2017-04-22 Thread Martin Godisch 
On Sat, Apr 22, 2017 at 15:40:48 +0200, Salvatore Bonaccorso wrote:

> > > I've prepared an NMU for minicom (versioned as 2.7-1.1) and
> > > uploaded it to DELAYED/2. Please feel free to tell me if I
> > > should delay it longer.
> > 
> > Thank you! -- Martin
> 
> Thanks for quick feedback! Do you allow me to reshedule it to enter
> faster the archive, or do you want me actually to cancel it and upload
> an own version?

Go ahead, reschedule it.

Kind regards,

Martin

Bug#849802: marked as done (python-cryptography: FTBFS in stable/jessie)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 13:47:49 +
with message-id 
and subject line Bug#849802: fixed in python-cryptography 0.6.1-1+deb8u1
has caused the Debian Bug report #849802,
regarding python-cryptography: FTBFS in stable/jessie
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
849802: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849802
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-cryptography
Version: 0.6.1-1
Severity: serious
Tags: jessie
Justification: FTBFS in stable

Hi

python-cryptography 0.6.1-1 FTBFS on stable with the attached
buildlog. I noticed this while investigating a potential fix for
CVE-2016-9243 via either jessie-pu or jessie-security.

Regards,
Salvatore

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


python-cryptography_0.6.1-1_amd64.build.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: python-cryptography
Source-Version: 0.6.1-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
python-cryptography, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 849...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tristan Seligmann  (supplier of updated 
python-cryptography package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 01 Jan 2017 22:19:17 +0200
Source: python-cryptography
Binary: python-cryptography python3-cryptography python-cryptography-doc
Architecture: source amd64 all
Version: 0.6.1-1+deb8u1
Distribution: stable
Urgency: high
Maintainer: Tristan Seligmann 
Changed-By: Tristan Seligmann 
Description:
 python-cryptography - Python library exposing cryptographic recipes and 
primitives (Pyt
 python-cryptography-doc - Python library exposing cryptographic recipes and 
primitives (doc
 python3-cryptography - Python library exposing cryptographic recipes and 
primitives (Pyt
Closes: 849802
Changes:
 python-cryptography (0.6.1-1+deb8u1) stable; urgency=high
 .
   * Stable update.
   * Backport the fix for CVE-2016-9243 (HKDF returns an empty byte string
 for small key sizes).
   * Fix FTBFS due to SSL2 method detection (closes: #849802).
Checksums-Sha1:
 133d9cc89ac982549f3b92d3b3d60100bcbcf674 2480 
python-cryptography_0.6.1-1+deb8u1.dsc
 d95382860c6cb438f3dd721f278cd45df056077c 23228 
python-cryptography_0.6.1-1+deb8u1.debian.tar.xz
 5382b233eea2051c8954df1f87b0c571dded0efe 164192 
python-cryptography_0.6.1-1+deb8u1_amd64.deb
 cea5d338f9eb64b3dda83c580a36aeaaf691f14e 164144 
python3-cryptography_0.6.1-1+deb8u1_amd64.deb
 04fd7dcc17b573b683e616c0e9a6e5234b93c796 71016 
python-cryptography-doc_0.6.1-1+deb8u1_all.deb
Checksums-Sha256:
 32339953b23e65b0819dc86a5bcb86b923b7c05da31e4f472fe136497f8373c9 2480 
python-cryptography_0.6.1-1+deb8u1.dsc
 aeb7e4bce63f6d75f03ca70915929f685ea507c35d832fff204810b7d7667120 23228 
python-cryptography_0.6.1-1+deb8u1.debian.tar.xz
 3cd82e5a44d16a78d2b1a6565257137427ed7e9af84be3ac1b88052969ca98ac 164192 
python-cryptography_0.6.1-1+deb8u1_amd64.deb
 64fa1c7d9c6feda6b05aaf5bfc13897235255058d02eee3a2a67ff237601f52b 164144 
python3-cryptography_0.6.1-1+deb8u1_amd64.deb
 9453683099247aa4cce5551a6ae1e966b20eba05451b01b83fa7b0e75ed056e8 71016 
python-cryptography-doc_0.6.1-1+deb8u1_all.deb
Files:
 3e2eb4633472333d807cab8b8a6b9470 2480 python optional 
python-cryptography_0.6.1-1+deb8u1.dsc
 51c653ed5844e67517afea7d7f38aee1 23228 python optional 
python-cryptography_0.6.1-1+deb8u1.debian.tar.xz
 0cd078d99e7e8097e7882a0df72f562a 164192 python optional 
python-cryptography_0.6.1-1+deb8u1_amd64.deb
 e2db60b5b1540d76dfcf779a51662e90 164144 python optional 
python3-cryptography_0.6.1-1+deb8u1_amd64.deb
 b476a005668b33423a84e6c98ebae93d 71016 doc optional 
python-cryptography-doc_0.6.1-1+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQGTBAEBCgB9FiEEXAZWhXVRbQoz/6ejwImQ+x9j

Bug#803936: marked as done (goplay: not installable using aptitude with "apt-xapian-index.postinst: update-python-modules: not found")

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 13:47:08 +
with message-id 
and subject line Bug#793681: fixed in apt-xapian-index 0.47+deb8u1
has caused the Debian Bug report #793681,
regarding goplay: not installable using aptitude with 
"apt-xapian-index.postinst: update-python-modules: not found"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
793681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793681
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: goplay
Severity: grave
Justification: renders package unusable

Dear Maintainer,

goplay failed to install using aptitude with "apt-xapian-index.postinst:
update-python-modules: not found":

# aptitude install goplay
The following NEW packages will be installed:
  apt-xapian-index{a} goplay libept1.4.16{a} libfltk-images1.3{a} libfltk1.3{a}
python-xapian{a}
The following packages are RECOMMENDED but will NOT be installed:
  games-thumbnails
0 packages upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/1275 kB of archives. After unpacking 4128 kB will be used.
Do you want to continue? [Y/n/?]
Selecting previously unselected package python-xapian.
(Reading database ... 211875 files and directories currently installed.)
Preparing to unpack .../python-xapian_1.2.21-2.1_amd64.deb ...
Unpacking python-xapian (1.2.21-2.1) ...
Selecting previously unselected package apt-xapian-index.
Preparing to unpack .../apt-xapian-index_0.47_all.deb ...
Unpacking apt-xapian-index (0.47) ...
Selecting previously unselected package libept1.4.16:amd64.
Preparing to unpack .../libept1.4.16_1.0.14+b1_amd64.deb ...
Unpacking libept1.4.16:amd64 (1.0.14+b1) ...
Preparing to unpack .../libfltk1.3_1.3.3-4_amd64.deb ...
Unpacking libfltk1.3:amd64 (1.3.3-4) ...
Selecting previously unselected package libfltk-images1.3:amd64.
Preparing to unpack .../libfltk-images1.3_1.3.3-4_amd64.deb ...
Unpacking libfltk-images1.3:amd64 (1.3.3-4) ...
Selecting previously unselected package goplay.
Preparing to unpack .../goplay_0.9.1_amd64.deb ...
Unpacking goplay (0.9.1) ...
Processing triggers for man-db (2.7.4-1) ...
Processing triggers for menu (2.1.47) ...
Processing triggers for mime-support (3.59) ...
Processing triggers for desktop-file-utils (0.22-1) ...
Setting up python-xapian (1.2.21-2.1) ...
Setting up apt-xapian-index (0.47) ...
apt-xapian-index: Building new index in background...
/var/lib/dpkg/info/apt-xapian-index.postinst: 43: /var/lib/dpkg/info/apt-
xapian-index.postinst: update-python-modules: not found
dpkg: error processing package apt-xapian-index (--configure):
 subprocess installed post-installation script returned error exit status 127
Setting up libept1.4.16:amd64 (1.0.14+b1) ...
Setting up libfltk1.3:amd64 (1.3.3-4) ...
Setting up libfltk-images1.3:amd64 (1.3.3-4) ...
dpkg: dependency problems prevent configuration of goplay:
 goplay depends on apt-xapian-index; however:
  Package apt-xapian-index is not configured yet.

dpkg: error processing package goplay (--configure):
 dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.19-22) ...
Errors were encountered while processing:
 apt-xapian-index
 goplay
==  How can you help?  (doc: https://wiki.debian.org/how-can-i-help )
==

-  Show old opportunities as well as new ones: how-can-i-help --old  -
E: Sub-process /usr/bin/dpkg returned an error code (1)
Failed to perform requested operation on package.  Trying to recover:
Setting up apt-xapian-index (0.47) ...
apt-xapian-index: Building new index in background...
/var/lib/dpkg/info/apt-xapian-index.postinst: 43: /var/lib/dpkg/info/apt-
xapian-index.postinst: update-python-modules: not found
dpkg: error processing package apt-xapian-index (--configure):
 subprocess installed post-installation script returned error exit status 127
dpkg: dependency problems prevent configuration of goplay:
 goplay depends on apt-xapian-index; however:
  Package apt-xapian-index is not configured yet.

dpkg: error processing package goplay (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 apt-xapian-index
 goplay



-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: apt-xapian-index
Source-Version: 0.47+deb8u1

We bel

Bug#793681: marked as done (/var/lib/dpkg/info/apt-xapian-index.postinst: 43: /var/lib/dpkg/info/apt-xapian-index.postinst: update-python-modules: not found)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 13:47:08 +
with message-id 
and subject line Bug#793681: fixed in apt-xapian-index 0.47+deb8u1
has caused the Debian Bug report #793681,
regarding /var/lib/dpkg/info/apt-xapian-index.postinst: 43: 
/var/lib/dpkg/info/apt-xapian-index.postinst: update-python-modules: not found
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
793681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793681
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-xapian-index
Version: 0.47
Severity: important

Hi!

apt-xapian-index fails to install (stretch vmdebootstrap) [0]. Note, I had to 
install[1] reportbug later to report this bug so the package list might be 
somewhat disturbed.

  Christoph

[1]
Get:1 http://mirror.sieglitzhof.net/debian/ stretch/main python-support all 
1.0.15 [33.6 kB]
Get:2 http://mirror.sieglitzhof.net/debian/ stretch/main python-defusedxml all 
0.4.1-2 [35.5 kB]
Get:3 http://mirror.sieglitzhof.net/debian/ stretch/main python-wstools all 
0.4.3-3 [141 kB]
Get:4 http://mirror.sieglitzhof.net/debian/ stretch/main python-soappy all 
0.12.22-1 [69.0 kB]
Get:5 http://mirror.sieglitzhof.net/debian/ stretch/main python-debianbts all 
1.12 [8,144 B]
Get:6 http://mirror.sieglitzhof.net/debian/ stretch/main python-reportbug all 
6.6.3 [126 kB]
Get:7 http://mirror.sieglitzhof.net/debian/ stretch/main reportbug all 6.6.3 
[123 kB]

[0]
# apt install apt-xapian-index
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following extra packages will be installed:
  iso-codes libxapian22 python-apt python-apt-common python-chardet 
python-debian python-pkg-resources
  python-six python-xapian xz-utils
Suggested packages:
  app-install-data python-xdg isoquery xapian-tools python-apt-dbg 
python-apt-doc xapian-doc
The following NEW packages will be installed:
  apt-xapian-index iso-codes libxapian22 python-apt python-apt-common 
python-chardet python-debian
  python-pkg-resources python-six python-xapian xz-utils
0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,410 kB of archives.
After this operation, 23.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://mirror.sieglitzhof.net/debian/ stretch/main libxapian22 amd64 
1.2.21-1 [995 kB]
Get:2 http://mirror.sieglitzhof.net/debian/ stretch/main python-apt-common all 
1.0.0~beta3 [91.1 kB]
Get:3 http://mirror.sieglitzhof.net/debian/ stretch/main python-apt amd64 
1.0.0~beta3 [171 kB]
Get:4 http://mirror.sieglitzhof.net/debian/ stretch/main xz-utils amd64 
5.1.1alpha+20120614-2.1 [219 kB]
Get:5 http://mirror.sieglitzhof.net/debian/ stretch/main python-xapian amd64 
1.2.21-2 [309 kB]
Get:6 http://mirror.sieglitzhof.net/debian/ stretch/main python-pkg-resources 
all 17.0-1 [73.2 kB]
Get:7 http://mirror.sieglitzhof.net/debian/ stretch/main python-chardet all 
2.3.0-1 [96.2 kB]
Get:8 http://mirror.sieglitzhof.net/debian/ stretch/main python-six all 1.9.0-3 
[13.6 kB]
Get:9 http://mirror.sieglitzhof.net/debian/ stretch/main python-debian all 
0.1.27 [71.5 kB]
Get:10 http://mirror.sieglitzhof.net/debian/ stretch/main apt-xapian-index all 
0.47 [58.5 kB]
Get:11 http://mirror.sieglitzhof.net/debian/ stretch/main iso-codes all 3.59-1 
[2,312 kB]
Fetched 4,410 kB in 1s (2,457 kB/s)
Selecting previously unselected package libxapian22.
(Reading database ... 41254 files and directories currently installed.)
Preparing to unpack .../libxapian22_1.2.21-1_amd64.deb ...
Unpacking libxapian22 (1.2.21-1) ...
Selecting previously unselected package python-apt-common.
Preparing to unpack .../python-apt-common_1.0.0~beta3_all.deb ...
Unpacking python-apt-common (1.0.0~beta3) ...
Selecting previously unselected package python-apt.
Preparing to unpack .../python-apt_1.0.0~beta3_amd64.deb ...
Unpacking python-apt (1.0.0~beta3) ...
Selecting previously unselected package xz-utils.
Preparing to unpack .../xz-utils_5.1.1alpha+20120614-2.1_amd64.deb ...
Unpacking xz-utils (5.1.1alpha+20120614-2.1) ...
Selecting previously unselected package python-xapian.
Preparing to unpack .../python-xapian_1.2.21-2_amd64.deb ...
Unpacking python-xapian (1.2.21-2) ...
Selecting previously unselected package python-pkg-resources.
Preparing to unpack .../python-pkg-resources_17.0-1_all.deb ...
Unpacking python-pkg-resources (17.0-1) ...
Selecting previously unselected package python-chardet.
Preparing to unpack .../python-chardet_2.3.0-1_all.deb ...
Unpacking python-chardet (2.3.0-1) ...
Selecting previously unselected package python-six.
P

Bug#860940: minicom: diff for NMU version 2.7-1.1

2017-04-22 Thread Salvatore Bonaccorso 
Hi Martin,

On Sat, Apr 22, 2017 at 01:14:06PM +0200, Martin Godisch wrote:
> On Sat, Apr 22, 2017 at 11:34:54 +0200, Salvatore Bonaccorso wrote:
> 
> > I've prepared an NMU for minicom (versioned as 2.7-1.1) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I
> > should delay it longer.
> 
> Thank you! -- Martin

Thanks for quick feedback! Do you allow me to reshedule it to enter
faster the archive, or do you want me actually to cancel it and upload
an own version?

Regards,
Salvatore

Bug#858037: ikarus FTBFS on i386: recipe for target 'ikarus.boot' failed (Segmentation fault)

2017-04-22 Thread Bernhard Übelacker 
Hello,
tried to get some more information from the crash.



# IKARUS_SRC_DIR=.   IKARUS_BUILD_DIR=.   IKARUS_FASL_DIRECTORY=''   
IKARUS_LIBRARY_PATH=.:.:./../lib  gdb -q --args   ../src/ikarus -b 
./ikarus.boot.4.prebuilt   --r6rs-script ./makefile.ss
Reading symbols from ../src/ikarus...done.
(gdb) directory 
/home/benutzer/debian/ikarus/ikarus/orig/ikarus-0.0.3+bzr.2010.01.26/src
Source directories searched: 
/home/benutzer/debian/ikarus/ikarus/orig/ikarus-0.0.3+bzr.2010.01.26/src:$cdir:$cwd
(gdb) run
Starting program: 
/home/benutzer/debian/ikarus/ikarus/orig/ikarus-0.0.3+bzr.2010.01.26/src/ikarus 
-b ./ikarus.boot.4.prebuilt --r6rs-script ./makefile.ss
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0xb7c890b8 in ?? ()
(gdb) bt
#0  0xb7c890b8 in ?? ()
#1  0x80007ffe in memmove (__len=, __src=, 
__dest=) at /usr/include/i386-linux-gnu/bits/string3.h:59
#2  ik_exec_code (pcb=0x80021008, code_ptr=3065696261, argcount=0, cp=0) at 
ikarus-exec.c:73
#3  0x80008f59 in ik_fasl_load (pcb=0x80021008, fasl_file=0xb75f 
"./ikarus.boot.4.prebuilt") at ikarus-fasl.c:114
#4  0x80009f21 in ikarus_main (argc=3, argv=0xb5c4, boot_file=0xb75f 
"./ikarus.boot.4.prebuilt") at ikarus-main.c:87
#5  0x8000509c in main (argc=3, argv=) at ikarus.c:72
(gdb) up
#1  0x80007ffe in memmove (__len=, __src=, 
__dest=) at /usr/include/i386-linux-gnu/bits/string3.h:59
59return __builtin___memmove_chk (__dest, __src, __len, __bos0 
(__dest));
(gdb) up
#2  ik_exec_code (pcb=0x80021008, code_ptr=3065696261, argcount=0, cp=0) at 
ikarus-exec.c:73
73  memmove((char*)(long)new_fbase + argc,
(gdb) print/x new_fbase
$2 = 0xb78dfa14
(gdb) print argc
$3 = 
(gdb) list
68exit(-10);
69  }
70  pcb->next_k = k->next;
71  ikptr fbase = pcb->frame_base - wordsize;
72  ikptr new_fbase = fbase - framesize;
73  memmove((char*)(long)new_fbase + argc,
74  (char*)(long)fbase + argc,
75  -argc);
76  memcpy((char*)(long)new_fbase, (char*)(long)top, framesize);
77  argc = ik_asm_reenter(pcb, new_fbase, argc);
(gdb) print framesize
$4 = 12
(gdb) print/x fbase
$5 = 
(gdb) up
#3  0x80008f59 in ik_fasl_load (pcb=0x80021008, fasl_file=0xb75f 
"./ikarus.boot.4.prebuilt") at ikarus-fasl.c:114
114 ikptr val = ik_exec_code(pcb, v, 0, 0);
(gdb) print pcb
$6 = (ikpcb *) 0x80021008
(gdb) print *pcb
$7 = {allocation_pointer = 3083378008, allocation_redline = 3083722752, 
frame_pointer = 3079535140, frame_base = 3079535140, frame_redline = 
3075350528, next_k = 3083377997, system_stack = 322184, dirty_vector = 
3063017472, arg_list = 3075297577, 
  engine_counter = 15420512, interrupted = 0, base_rtd = 3075301477, 
collect_key = 47, callbacks = 0x0, root0 = 0x0, root1 = 0x0, segment_vector = 
0xb6919000, weak_pairs_ap = 3086998576, weak_pairs_ep = 3086999552, heap_base = 
3079536640, heap_size = 4194304, 
  heap_pages = 0x0, cached_pages = 0xb7fd2c08, uncached_pages = 0xb7fd2c00, 
cached_pages_base = 3086794752, cached_pages_size = 32768, stack_base = 
3075342336, stack_size = 4194304, symbol_table = 47, gensym_table = 3075268613, 
protected_list = {0xb6ac7000, 0xb6abf000, 
0x0, 0x0, 0x0}, dirty_vector_base = 0xb6bf9000, segment_vector_base = 
0xb6bf3000, memory_base = 3061841920, memory_end = 3087007744, collection_id = 
2, allocation_count_minor = 8169088, allocation_count_major = 0, collect_utime 
= {tv_sec = 0, tv_usec = 4000}, 
  collect_stime = {tv_sec = 0, tv_usec = 4000}, collect_rtime = {tv_sec = 0, 
tv_usec = 9718}, last_errno = 0}
(gdb) print/x *pcb
$8 = {allocation_pointer = 0xb7c89d58, allocation_redline = 0xb7cde000, 
frame_pointer = 0xb78dfa24, frame_base = 0xb78dfa24, frame_redline = 
0xb74e2000, next_k = 0xb7c89d4d, system_stack = 0xb38c, dirty_vector = 
0xb691f000, arg_list = 0xb74d5129, 
  engine_counter = 0xeb4c60, interrupted = 0x0, base_rtd = 0xb74d6065, 
collect_key = 0x2f, callbacks = 0x0, root0 = 0x0, root1 = 0x0, segment_vector = 
0xb6919000, weak_pairs_ap = 0xb7ffdc30, weak_pairs_ep = 0xb7ffe000, heap_base = 
0xb78e, heap_size = 0x40, 
  heap_pages = 0x0, cached_pages = 0xb7fd2c08, uncached_pages = 0xb7fd2c00, 
cached_pages_base = 0xb7fcc000, cached_pages_size = 0x8000, stack_base = 
0xb74e, stack_size = 0x40, symbol_table = 0x2f, gensym_table = 
0xb74ce005, protected_list = {0xb6ac7000, 
0xb6abf000, 0x0, 0x0, 0x0}, dirty_vector_base = 0xb6bf9000, 
segment_vector_base = 0xb6bf3000, memory_base = 0xb680, memory_end = 
0xb800, collection_id = 0x2, allocation_count_minor = 0x7ca680, 
allocation_count_major = 0x0, collect_utime = {tv_sec = 0x0, 
tv_usec = 0xfa0}, collect_stime = {tv_sec = 0x0, tv_usec = 0xfa0}, 
collect_rtime = {tv_sec = 0x0, tv_usec = 0x25f6}, last_errno = 0x0}
(gdb) print v
$9 = 



But as the package already dropped out of stret

Bug#854804: marked as done (saned: CVE-2017-6318: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 13:02:08 +
with message-id 
and subject line Bug#854804: fixed in sane-backends 1.0.24-8+deb8u2
has caused the Debian Bug report #854804,
regarding saned: CVE-2017-6318: SANE_NET_CONTROL_OPTION response packet may 
contain memory contents of the server
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
854804: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854804
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sane-utils
Version: 1.0.25-3
Severity: grave
Tags: security upstream
Justification: user security hole

Dear Maintainer,

When saned received a SANE_NET_CONTROL_OPTION packet with value_type ==
SANE_TYPE_STRING and value_size larger than the actual length of the
requested string, the response packet from the server contains a string
object as long as value_size in the request. The bytes following the
actual string appears to contain memory contents from the server.

It may be possible to trigger this bug with other packet types, but I
have not verified this.

I have previously filed a bug in the SANE bug tracker on Alioth
(#315576), but I received no response.


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sane-utils depends on:
ii  adduser3.115
ii  debconf [debconf-2.0]  1.5.60
ii  init-system-helpers1.47
ii  libavahi-client3   0.6.32-2
ii  libavahi-common3   0.6.32-2
ii  libc6  2.24-9
ii  libieee1284-3  0.2.11-13
ii  libjpeg62-turbo1:1.5.1-2
ii  libpng16-161.6.28-1
ii  libsane1.0.25-3
ii  libsystemd0232-6
ii  libusb-1.0-0   2:1.0.21-1
ii  lsb-base   9.20161125
ii  update-inetd   4.44

sane-utils recommends no packages.

Versions of packages sane-utils suggests:
ii  avahi-daemon  0.6.32-2
pn  unpaper   

-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: sane-backends
Source-Version: 1.0.24-8+deb8u2

We believe that the bug you reported is fixed in the latest version of
sane-backends, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 854...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jörg Frings-Fürst  (supplier of updated 
sane-backends package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 19 Apr 2017 11:51:22 +0200
Source: sane-backends
Binary: sane-utils libsane-common libsane libsane-dev libsane-dbg
Architecture: source amd64 all
Version: 1.0.24-8+deb8u2
Distribution: jessie
Urgency: medium
Maintainer: Jörg Frings-Fürst 
Changed-By: Jörg Frings-Fürst 
Description:
 libsane- API library for scanners
 libsane-common - API library for scanners -- documentation and support files
 libsane-dbg - API development library for scanners [debug symbols]
 libsane-dev - API development library for scanners [development files]
 sane-utils - API library for scanners -- utilities
Closes: 854804
Changes:
 sane-backends (1.0.24-8+deb8u2) stable; urgency=medium
 .
   * CVE-2017-6318:
 - New debian/patches/0500-CVE-2017-6318.patch
   + cherry-picked from upstream to fix memory corruption and
 information leakage (Closes: #854804).
Checksums-Sha1:
 33053e795f952686e5028297281aa36b915ed6e7 2493 sane-backends_1.0.24-8+deb8u2.dsc
 1a5d4a2967c304baadae0888bc80f2f904a162dc 98460 
sane-backends_1.0.24-8+deb8u2.debian.tar.xz
 f1a2cf35413f08e0e0687604a5c8a16d24b4ddb7 223022 
sane-utils_1.0.24-8+deb8u2_amd64.deb
 7c915d97f2dda98fd70713096908a066321f3476 1000266 
libsane-common_1.0.24-8+deb8u2_all.deb
 ee6dddce67f1cae4167460de8f65479aa74cac18 2038932 
libsane_1.0.24-8+deb8u2_amd64.deb
 ea73697040b7a87b991f8218fc8c2bc31043ce73 2208572 
libsane-dev_1.0.24-8+deb8u2_amd64.deb
 a4d24bbf50daf3569b25a2b1131f507167de167b 6097174 
libsane-dbg_1.0.24-8+deb8u2_amd64.deb
Checksums-Sha256:
 7d29e428eb73cd5de752770

Bug#857360: gitlab_8.13.11+dfsg-4 no longer available, unable to install

2017-04-22 Thread Pirate Praveen 
On Fri, 21 Apr 2017 20:34:40 -0300 Joel Maxuel  wrote:
> I should add that I am currently using ports 80, 443 and 8080 for other
> purposes, so my challenge may be gitlab cannot find a port to bind to.  But
> from my perspective it does not even attempt as the available-sites file
> does not exist in the apache config directory.

Currently it support autoconfiguration of nginx only (you may open a
wishlist bug for apache support). You'll have to manually configure apache.



signature.asc
Description: OpenPGP digital signature

Bug#860943: marked as done (sugar-jukebox-activity does not start)

2017-04-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Apr 2017 12:48:47 +
with message-id 
and subject line Bug#860943: fixed in sugar-toolkit-gtk3 0.110.0-4
has caused the Debian Bug report #860943,
regarding sugar-jukebox-activity does not start
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860943
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sugar-jukebox-activity
Version: 32+20160926-1

Jukebox does not start.  Logs contain error "ImportError: cannot
import name ImageTk".

Is fixed upstream in sugar-toolkit-gtk3 495eed8 "Prepend instead of
append to path".

-- 
James Cameron
--- End Message ---
--- Begin Message ---
Source: sugar-toolkit-gtk3
Source-Version: 0.110.0-4

We believe that the bug you reported is fixed in the latest version of
sugar-toolkit-gtk3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard  (supplier of updated sugar-toolkit-gtk3 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 22 Apr 2017 14:19:42 +0200
Source: sugar-toolkit-gtk3
Binary: libsugarext0 libsugarext-data libsugarext-dev libsugarext-dbg 
python-sugar3 gir1.2-sugarext-1.0
Architecture: source
Version: 0.110.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Sugar Team 
Changed-By: Jonas Smedegaard 
Description:
 gir1.2-sugarext-1.0 - Sugar Learning Platform - toolkit GObject introspection
 libsugarext-data - Sugar Learning Platform - toolkit common files
 libsugarext-dbg - Sugar Learning Platform - toolkit debugging symbols
 libsugarext-dev - Sugar Learning Platform - toolkit development files
 libsugarext0 - Sugar Learning Platform - toolkit runtime library
 python-sugar3 - Sugar Learning Platform - toolkit Python bindings
Closes: 860943
Changes:
 sugar-toolkit-gtk3 (0.110.0-4) unstable; urgency=medium
 .
   * Add patch cherry-picked upstream to fix depend instead of append to
 path.
 Closes: Bug#860943. Thanks to James Cameron.
Checksums-Sha1:
 530449f3782d1b741773ad4ee6af8e14de48a698 2809 sugar-toolkit-gtk3_0.110.0-4.dsc
 17fc2dba4d0e3719e88c492d8edce3756c74a47c 15168 
sugar-toolkit-gtk3_0.110.0-4.debian.tar.xz
 a72fd5c3fca4c52b826bb9789ca55b99f0e9e826 16765 
sugar-toolkit-gtk3_0.110.0-4_amd64.buildinfo
Checksums-Sha256:
 a8a412bf4aafd4c83ae726ff5f0486962cd026da1d32997de75a578551f77ae7 2809 
sugar-toolkit-gtk3_0.110.0-4.dsc
 7c42ebe6134ccdae1c1db17153dd47acc3e632290f6d7c5e23bddb32f786026d 15168 
sugar-toolkit-gtk3_0.110.0-4.debian.tar.xz
 3e862fe011ddde44a0af4b655195ce94eb003542fa3180262d80dc763ab06820 16765 
sugar-toolkit-gtk3_0.110.0-4_amd64.buildinfo
Files:
 5a4b2480330311648e9d0dff43d4c7a0 2809 python optional 
sugar-toolkit-gtk3_0.110.0-4.dsc
 3f4de926e7adcf0820f939262f5b6a32 15168 python optional 
sugar-toolkit-gtk3_0.110.0-4.debian.tar.xz
 1195f7bfd6b46ce8a9b163a8135f5366 16765 python optional 
sugar-toolkit-gtk3_0.110.0-4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlj7TXcACgkQLHwxRsGg
ASF8hQ//e9Z3cyZXk6RIvVTwMawsMRZ62zFAvfos8jMV/HpwJHUGq5pqLBa/7eWA
/erYif38FQNvCHj7SQ7qxDoML29j3IksikNncQgch48ZemftxlAoHuhG4Ui8CVyW
2i3GTVGa9Zm0m/9Ld5jNW3g9N/lTJXW6pmVsdjWjSC0Cdw9hXH1zVTnXyJ3XkOeW
j287DxdNALSwYKab4trIHVn2jZSF3OY9Q4ddcUZjmp/kweZ3MMDH+c1UKPDF0O9G
ZShkfGkYImjVY8QGGHgb2Tv3lt902fY8XpxG0jgB6fUU/qCmF7Hty7dxdkn1DB9H
r6bA9l1p/NxVlvRiUP14qagIEqY6IPoKrWD6fkeZPSp7R3e3OGhSHltGFKSKqMCm
2p3oZ24pqWo3Oo4/BUIvRZscHdidsu2Q6sYWuiXLyhKfr4ibjVpylzEKVT1RYewm
4pz9LnxnMIUY2QMw/PNRrpJMLP/aozM8wvMc46elMBsgeMFMpFNuXB9mBVujMU0i
t1kONCO0RiFUF5oY6gH2nW5tSBnpDLGWv1ABifcm9afJg4FO0DGXbnaM+ppI/eB/
nXHDUg4dyFc/5/UNoHMopWVpCFR7eM70SwHmZEi8a2pTZq6MVjbN1C3j+u5QIFoN
7m5WP//Yjy4ucDTprOakmMzastGYFtOFR7IJNBah4rt2NLi7qU4=
=oTIN
-END PGP SIGNATURE End Message ---

Processed: Re: [Pkg-sugar-devel] Bug#860943: sugar-jukebox-activity does not start

2017-04-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 860943 serious
Bug #860943 [sugar-jukebox-activity] sugar-jukebox-activity does not start
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860943
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#857748: [request-tracker-maintainers] Bug#857748: Please package current version - 1.02

2017-04-22 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 stretch sid
Bug #857748 {Done: KURASHIKI Satoru } 
[rt4-extension-customfieldsonupdate] Please package current version - 1.02
Added tag(s) stretch and sid.

-- 
857748: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857748
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#857748: [request-tracker-maintainers] Bug#857748: Please package current version - 1.02

2017-04-22 Thread Adrian Bunk 
Control: tags -1 stretch sid

On Thu, Apr 13, 2017 at 04:54:13PM +0100, Dominic Hargreaves wrote:
> On Wed, Apr 12, 2017 at 12:13:30PM +0300, Adrian Bunk wrote:
> > On Thu, Mar 23, 2017 at 03:09:56PM +0900, Satoru KURASHIKI wrote:
> > >...
> > > In the later stage of freeze, are there any chance to upload newer
> > > upstream version (into testing) to fix RC bugs?
> > > If it can, I will finish staged git chages as soon as I can.
> > >...
> > 
> > This was already ACK'ed for stretch by the release team in #858779,
> > but there is a second open issue:
> > 
> > The upstream changelog says 4.2 compatibility was added in 0.02
> > 
> > Does rt4-extension-customfieldsonupdate 0.01-1 in jessie work with 
> > request-tracker4 4.2.8 in jessie?
> 
> I don't use it myself, but the git history suggests that it mostly
> worked:
> 
> https://github.com/bestpractical/rt-extension-customfieldsonupdate/commit/60ab227c44296f6f92c3084bc811171d9aa0b665
> 
> (silence deprecation warnings)
> 
> https://github.com/bestpractical/rt-extension-customfieldsonupdate/commit/ae351ae9cdee8b37c4eb397402d80f7ba6ecd54d
> 
> (fixing a non-fatal bug)

Thanks, tagging accordingly.

> Cheers,
> Dominic.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#860940: minicom: diff for NMU version 2.7-1.1

2017-04-22 Thread Martin Godisch 
On Sat, Apr 22, 2017 at 11:34:54 +0200, Salvatore Bonaccorso wrote:

> I've prepared an NMU for minicom (versioned as 2.7-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

Thank you! -- Martin

Processed: minicom: diff for NMU version 2.7-1.1

2017-04-22 Thread Debian Bug Tracking System 
Processing control commands:

> tags 860940 + patch
Bug #860940 [src:minicom] minicom: CVE-2017-7467: Out of bounds write in vt100.c
Added tag(s) patch.
> tags 860940 + pending
Bug #860940 [src:minicom] minicom: CVE-2017-7467: Out of bounds write in vt100.c
Added tag(s) pending.

-- 
860940: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860940
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#860940: minicom: diff for NMU version 2.7-1.1

2017-04-22 Thread Salvatore Bonaccorso 
Control: tags 860940 + patch
Control: tags 860940 + pending

Dear maintainer,

I've prepared an NMU for minicom (versioned as 2.7-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
diff -Nru minicom-2.7/debian/changelog minicom-2.7/debian/changelog
--- minicom-2.7/debian/changelog	2014-01-01 10:28:01.0 +0100
+++ minicom-2.7/debian/changelog	2017-04-22 11:14:19.0 +0200
@@ -1,3 +1,11 @@
+minicom (2.7-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Add ARRAY_SIZE macro
+  * CVE-2017-7467: Out of bounds write in vt100.c (Closes: #860940)
+
+ -- Salvatore Bonaccorso   Sat, 22 Apr 2017 11:14:19 +0200
+
 minicom (2.7-1) unstable; urgency=low
 
   * New upstream release, closes: #707564 (configurable status line).
diff -Nru minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff
--- minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff	1970-01-01 01:00:00.0 +0100
+++ minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff	2017-04-22 11:14:19.0 +0200
@@ -0,0 +1,19 @@
+# HG changeset patch
+# User Adam Lackorzynski 
+# Date 1440364600 -7200
+# Node ID 4eff7b4cde33a56d9caf64e44722186c89e26922
+# Parent  3cb4335d5819099c85a30dae714f0a213fa4a44c
+Add ARRAY_SIZE macro
+
+diff -r 3cb4335d5819 -r 4eff7b4cde33 src/minicom.h
+--- a/src/minicom.h	Mon Jun 29 21:16:14 2015 +0200
 b/src/minicom.h	Sun Aug 23 23:16:40 2015 +0200
+@@ -303,6 +303,7 @@
+ int lockfile_create(int no_msgs);
+ void lockfile_remove(void);
+ 
++#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
+ 
+ 
+ /* We want the ANSI offsetof macro to do some dirty stuff. */
+
diff -Nru minicom-2.7/debian/patches/CVE-2017-7467.diff minicom-2.7/debian/patches/CVE-2017-7467.diff
--- minicom-2.7/debian/patches/CVE-2017-7467.diff	1970-01-01 01:00:00.0 +0100
+++ minicom-2.7/debian/patches/CVE-2017-7467.diff	2017-04-22 11:14:19.0 +0200
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Adam Lackorzynski 
+# Date 1492510834 -7200
+# Node ID c33d24938f3ed3dc2b7d328fe255794468a814eb
+# Parent  c72edf0e43bca463239ea15594d128ecbc0d2574
+Fix CVE-2017-7467, a remote exploitalbe out of bound access
+
+This fixes an out of bounds data access that can lead to a
+remotely exploitable code execution.
+
+This issue was found by Solar Designer of Openwall during a
+security audit of the Virtuozzo 7 product, which contains
+derived downstream code in its prl-vzvncserver component.
+The corresponding Virtuozzo 7 fix is:
+
+https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f
+
+Openwall would like to thank the Virtuozzo company for
+funding the effort.
+
+diff -r c72edf0e43bc -r c33d24938f3e src/vt100.c
+--- a/src/vt100.c	Sat Sep 17 02:17:37 2016 +0200
 b/src/vt100.c	Tue Apr 18 12:20:34 2017 +0200
+@@ -428,7 +428,7 @@
+   }
+   /* Separation between numbers ? */
+   if (c == ';') {
+-if (ptr < 15)
++if (ptr < (int)ARRAY_SIZE(escparms) - 1)
+   ptr++;
+ return;
+   }
+
diff -Nru minicom-2.7/debian/patches/series minicom-2.7/debian/patches/series
--- minicom-2.7/debian/patches/series	2014-01-01 10:21:15.0 +0100
+++ minicom-2.7/debian/patches/series	2017-04-22 11:14:19.0 +0200
@@ -2,3 +2,5 @@
 01manual.diff
 03norzsz.diff
 470582_history_buffer_msg.diff
+Add-ARRAY_SIZE-macro.diff
+CVE-2017-7467.diff

Bug#858633: closed by Innocent De Marchi (Bug#858633: fixed in dmaths 4.3.0.0+dfsg1-1)

2017-04-22 Thread Adrian Bunk 
On Fri, Apr 07, 2017 at 10:21:08PM +, Debian Bug Tracking System wrote:
>...
>  dmaths (4.3.0.0+dfsg1-1) unstable; urgency=low
>  .
> * New upstream release.
>   + Update upstream changelog.
>   + Update debian/README.source.
> * Change the installation directory to
>   dmaths in debian/libreoffice-dmaths.install
>   (Closes: #858633).
>...

This fixed the bug for unstable, but the new upstream version won't be 
acceptable for fixing the bug in stretch.

Please make an additional upload to stretch only fixing #858633
on top of 3.7.0.0+dfsg1-1

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#860940: minicom: CVE-2017-7467: Out of bounds write in vt100.c

2017-04-22 Thread Salvatore Bonaccorso 
Source: minicom
Version: 2.7-1
Severity: grave
Tags: upstream security fixed-upstream

Hi,

the following vulnerability was published for minicom.

CVE-2017-7467[0]:
Out of bounds write in vt100.c

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7467
[1] https://anonscm.debian.org/hg/minicom/rev/c33d24938f3e

Regards,
Salvatore

Bug#860939: node-diffie-hellman: Please clarify security concerns

2017-04-22 Thread Chris Lamb 
Source: node-diffie-hellman
Version: 5.0.2-1
Severity: serious
X-Debbugs-CC: Bastien Roucariès 

Hi,

I just ACCEPTed node-diffie-hellman from NEW but thought I would
file this bug to ensure that the concerns on debian-devel were
addressed etc.

eg. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860771#10


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#860938: python-ase: Incomplete debian/copyright?

2017-04-22 Thread Chris Lamb 
Source: python-ase
Version: 3.13.0-1
Severity: serious
Justication: Policy 12.5
X-Debbugs-CC: Graham Inggs 

Hi,

I just ACCEPTed python-ase from NEW but noticed it was missing 
attribution in debian/copyright for at least ase/geometry/cell.py.

(This is not exhaustive so please check over the entire package 
carefully and address these on your next upload.)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#860664: primesieve: FTBFS on i386: dh_auto_test: make -j64 check VERBOSE=1 returned exit code 2

2017-04-22 Thread Jerome BENOIT 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello, unfortunately I cannot reproduce the issue on the Debian porter barriere.
I am on my way to ask to the uptream maintainer.
Thanks, Jerome
-BEGIN PGP SIGNATURE-

iQQcBAEBCgAGBQJY+wh4AAoJED+SGaZ/NsaLSsAf/3+6IEoFEFJwG2aqE2VKv2Z8
71sm1lmWkbmfRiCfo94OoGaanAH+jnEMIVuoc53WVhUVKv+eILh1lWV98EB1iaJ8
DhAPTqpWsadtqknvfdGDtVRwuLZTZMcPowODW2RoH9NQ52EEMhRNjnC3UipBONth
q6f4Qx28edJPQMm5Vuz4hg1Zo05LeKVa3h1ARdonKqIFeP/ZnMKDESXODipCfWVp
eRnxVzXfwsbhQ+QdJBljpOobNviKpiD6xn8UhSQsy3hIifJsRKrleZbAgOrOTUrJ
S/kSDqBQBMn+JPx4qcdvlewETnovalQwnr3q7Pf+FSzIudw3vL6nyaeE8oR3Vct0
2PYx/QN6mXsMYc0C7HRf1RC416NKxVxdt8MEbyJ7eKst1Qn9f6aywbPAEdC+jbEw
yywaAPLZ/vkzz4163aD5h3yZFl7v57kQpZsC70YjntYt3TwZZ67UoUKxl825lu3e
7aWrYVsn4iMiY88wv0u5C9+ovNHmWkEXbfvFfc1i4FMF8qNgBAJHKxolkYDtXtMn
i1LU1T/fg9BO24nczoP9GdwowTnW7A2iQXzd2RH4aGORwfrvuqyXCTVEEDofFEXm
XYL8Zk/aAgLe4R/YmUVNtQ9cBMdKjaXszVkw2CZx3EFnAX/dTOEPm11rlys1LSmw
gS3OIX9orJAGAOu6NWsIvUQlNaiLg7Bs2/7K3jB2U+5NL+8AcMqWJd+Lx1lEkTvA
A40oOhfgqdGcP5DIKCxa42NahPJmUym+TeVa5oSh8r3KJlT409AD4L1kObWBn7vf
ePYtoF9o3qM2tzYDMXPP8EMMBHaw2uc7bvOU715KwJQEzPBnOtZW5bCocIZgMtr9
CFH+3M87kVbaqaCWciJ+DQAAanXiiJP1tr6QTGsgQqU0+1tBWf6i6KA48iPmvaFA
F5KKP+4of2v7HfR7OwtTT/mRlb7UqT23RowzPgIrodzz1w8ce6mwCjrOslQxVyM8
zjeo2tI0mqrFqCS3VpPTdZpt4HV5GpX8hkyld1ObtOm1nBSJX3pG8g2xXfYNOuWl
tNW4YdbX5Iwll/iQONiZAkNDck6pjvUadTWu2FBfT3zhrN4o5eF+pmTtiLCQhn4T
hcVk04Dw8fGIVmNYvafJ1Oy2SSUSU6I/njRvqwKnFUJgx46E18c50wWV4twlB72v
XEsmgxmi4Okbsq2SgImaGigrWr+3Gfa32kuPCra7PYRxVqA7i1C8rUrIlCXuvNQT
576TnVG48IcrpG9Tx5eKZSYYO6dsCpNrRtiGgMlCoDxcYGdqZyXUWhnKw55owIB6
ByCm0YwXn6mguhDJ8md6cLdc9kTo+RnIbGp4N7ST5wgAqqr/sOQlnXqQ/6tzGTw=
=CaVZ
-END PGP SIGNATURE-