Bug#860805: [Pkg-opencl-devel] Bug#860805: Could we set bug #860805 against beignet-opencl-icd to stretch-is-blocker?

[Andreas Tille]

On Fri, Apr 28, 2017 at 10:03:31AM +, Holger Levsen wrote:
> On Fri, Apr 28, 2017 at 09:35:53AM +0200, Andreas Tille wrote:
> > Please excuse my hardware ignorance but how can I tell whether my hardware
> > has Haswell?  Any one-liner to read out the relevant part from the system
> > information?
>  
> compare /proc/cpuinfo with 

 $ grep '^model name'  /proc/cpuinfo | head -n1
model name  : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz

> https://en.wikipedia.org/wiki/Haswell_%28microarchitecture%29#List_of_Haswell_processors

... 4200U is listed so I guess I can do the testing, right?
 
Kind regards

   Andreas.

-- 
http://fam-tille.de

Bug#861431: restic: Rebuild needed for CVE-2017-3204; #859655

[Michael Lustfield]

Package: restic
Justification: renders package unusable
Tags: security
Severity: grave

A CVE was issued for golang-go.crypto which is a build dependency of this
package. While attempting a rebuild of restic against this updated crypto
library, I ran into a build failure. This failure did not seem to come from the
changes made in the crypto library.

I have attached the build log from that failure, as generated by sbuild. The
error indicated it may be a simple solution, but I'm lacking the time to dig
into it. I saw no build failure when testing the change in unstable.

Thanks,
-- 
Michael Lustfield


restic_0.3.3-1
Description: Binary data

Bug#765504: marked as done (xshisen: segfaults on program start (i386))

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:32:14 +
with message-id 
and subject line Bug#765504: fixed in xshisen 1:1.51-4.1+deb8u1
has caused the Debian Bug report #765504,
regarding xshisen: segfaults on program start (i386)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
765504: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765504
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xshisen
Version: 1:1.51-4.1
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
unknown

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
installed xshisen in a VBox VM running up-to-date Jessie/i386 with lxde-core 
via apt-get
tried to start the program via lxterminal by invoking 'xshisen'

   * What was the outcome of this action?
xshisen window briefly (<1sec) appears with an empty green background
program crashes with segmentation fault

   * What outcome did you expect instead?
proper start of xshisen

   ** additional info
xshisen starts properly in a Jessie/amd64 VM


*** End of the template - remove these template lines ***


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.16-2-686-pae (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xshisen depends on:
ii  libc6   2.19-11
ii  libgcc1 1:4.9.1-15
ii  libice6 2:1.0.9-1
ii  libsm6  2:1.2.2-1
ii  libstdc++6  4.9.1-15
ii  libx11-62:1.6.2-3
ii  libxm4  2.3.4-5+b1
ii  libxmu6 2:1.1.2-1
ii  libxpm4 1:3.5.11-1
ii  libxt6  1:1.1.4-1

xshisen recommends no packages.

xshisen suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xshisen
Source-Version: 1:1.51-4.1+deb8u1

We believe that the bug you reported is fixed in the latest version of
xshisen, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 765...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated xshisen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 28 Apr 2017 14:54:37 +0300
Source: xshisen
Binary: xshisen
Architecture: source amd64
Version: 1:1.51-4.1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Adrian Bunk 
Description:
 xshisen- Shisen-sho puzzle game for X11
Closes: 765504
Changes:
 xshisen (1:1.51-4.1+deb8u1) jessie; urgency=medium
 .
   * QA upload.
   * Set maintainer to the QA team.
   * Fix frequent segfault on start, thanks Alexey Shilin.
 (Closes: #765504)
Checksums-Sha1:
 b1fd1e5294aef1b88427d44efc1cbf29a09926ef 1850 xshisen_1.51-4.1+deb8u1.dsc
 ac69e0e2f6d757e1f8ae1784dbc59dc1ef6f1bb1 11344 
xshisen_1.51-4.1+deb8u1.debian.tar.xz
 9cbe74baceffb6a70c440bcbc3dbd3c3ae1b6a49 52170 
xshisen_1.51-4.1+deb8u1_amd64.deb
Checksums-Sha256:
 fa754ee2656352aabfa1122378ab22dfbb5185d94dda3c5ec5b240c8bb41b20d 1850 
xshisen_1.51-4.1+deb8u1.dsc
 7d3b5b2a983ea9083fc9c1782725b4327713dea694e7ea16a25a13d5032d5007 11344 
xshisen_1.51-4.1+deb8u1.debian.tar.xz
 a3cb9851b8ebf8eac047b7a85bc5795541f3e92d4e2f2aef6c4afb37dc9870c2 52170 
xshisen_1.51-4.1+deb8u1_amd64.deb
Files:
 d2a0ea573578c36da41fcea891aa2c7a 1850 games optional 
xshisen_1.51-4.1+deb8u1.dsc
 c5295cdb6e70087f2b3d57770b27ca9a 11344 games optional 
xshisen_1.51-4.1+deb8u1.debian.tar.xz
 1046ab212f123fff2c417532c82209ac 52170 games optional 
xshisen_1.51-4.1+deb8u1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAlkDeecACgkQiNJCh6LY
mLHbQBAAu9fbjpIGdIgDIZwuTys2CW9+hxf59039fEMJ7nl0/HB/4yPfQu02V9lQ
+z/blMC9BMY1hYqZE266Vx46SBVRDig9/o6foo1ouLkdIG4xYXzVKOvXbEa8Gjtl
rCfG/14oyptizx1Hdne7jbi4NGdp78bFF4kM+AaIfHehFg9TC0CxLred4AkvQPWw
AQfF95jq9Mdti9bWJplg6F9Y3sc/GJjuKhC5vldLUS8xbM79rGNemgDnSZcd2OHp

Bug#859986: marked as done (libopenmpi1.6: please relax the conflict on libopenmpi2)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:32:12 +
with message-id 
and subject line Bug#859986: fixed in openmpi 1.6.5-9.1+deb8u1
has caused the Debian Bug report #859986,
regarding libopenmpi1.6: please relax the conflict on libopenmpi2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
859986: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libopenmpi1.6
Version: 1.6.5-9.1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during tests with piuparts I noticed some jessie->stretch upgrade problems
related to openmpi. I got most of them fixed by having libstdc++6 add a
  Breaks: libopenmpi1.6
to ensure apt kills the old openmpi stack and does not consider keeping
the jessie version installed a valid option.

There is one problem remaining, code-saturne gets removed instead of
being upgraded, piuparts log attached (search for "kept back", there is
also apt problemresolver debug output included in the log).
I suspect this is caused by libopenmpi1.6 carrying a
  Conflicts: libopenmpi2
which hits the current version in stretch ... but the conflict probably
targets some older versions of the library instead:

According to http://snapshot.debian.org/binary/libopenmpi2/ there have
been some ancient versions providing libopenmpi2, too:
1.5.4-2~exp2 (source: openmpi 1.5.4-2~exp2)
1.5.4-2~exp1 (source: openmpi 1.5.4-2~exp1)
1.5.4-1 (source: openmpi 1.5.4-1)

Making this conflict versioned:
  Conflicts: libopenmpi2 (<< 2)
should solve the issue that apt does not consider libopenmpi2 2.x a
valid installation candidate for stretch.

Please get this fixed in the upcoming jessie point release (which is
hopefully the last before stretch gets released, and therefore the last
chance to get this fixed properly in jessie).

Unfortunately I cannot easily test that this actually improves the
situation before the package appears in jessie-pu. But I'm quite
confident that it should fix the issue, and it does not carry regression
potential.


Andreas


code-saturne_4.3.3+repack-1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: openmpi
Source-Version: 1.6.5-9.1+deb8u1

We believe that the bug you reported is fixed in the latest version of
openmpi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated openmpi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 27 Apr 2017 22:47:22 +0200
Source: openmpi
Binary: openmpi-bin libopenmpi-dev libopenmpi1.6 openmpi-common openmpi-doc 
libopenmpi1.6-dbg openmpi-checkpoint
Architecture: source all
Version: 1.6.5-9.1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian Open MPI Maintainers 

Changed-By: Andreas Beckmann 
Description:
 libopenmpi-dev - high performance message passing library -- header files
 libopenmpi1.6 - high performance message passing library -- shared library
 libopenmpi1.6-dbg - high performance message passing library -- debug library
 openmpi-bin - high performance message passing library -- binaries
 openmpi-checkpoint - high performance message passing library -- checkpoint 
support
 openmpi-common - high performance message passing library -- common files
 openmpi-doc - high performance message passing library -- man pages
Closes: 736675 859986
Changes:
 openmpi (1.6.5-9.1+deb8u1) jessie; urgency=medium
 .
   * Non-maintainer upload.
   * libopenmpi1.6: Fix two incorrect soname links.  (Closes: #736675)
   * libopenmpi1.6: Use versioned Conflicts: libopenmpi2 (<< 1.6) to not
 interfere with upgrades to stretch.  (Closes: #859986)
Checksums-Sha1:
 fa191a9183b9ca1cd7543456efba3b067457d535 3516 openmpi_1.6.5-9.1+deb8u1.dsc
 462c3143c212fcf5a8b8e6fedaa1c1fd904c1458 28964 
openmpi_1.6.5-9.1+deb8u1.debian.tar.xz
 1152f3dda4cda4db3822f9d9b9e8dd84d64a483b 110274 
openmpi-common_1.6.5-9.1+deb8u1_all.deb
 

Bug#701674: marked as done (apf-firewall doesn't work with kernel-version >= 3.0)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:32:08 +
with message-id 
and subject line Bug#701674: fixed in apf-firewall 9.7+rev1-3+deb8u1
has caused the Debian Bug report #701674,
regarding apf-firewall doesn't work with kernel-version >= 3.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apf-firewall
Version: 9.7+rev1-3
Severity: important

Dear Maintainer,

kernel-version >= 3.0 is not supported:
cf. apf-9.7-1/files/internals/functions.apf

if [ "$KREL" == "2.4" ]; then
MEXT="o"
elif [ "$KREL" == "2.6" ]; then
MEXT="ko"
elif [ ! "$KREL" == "2.4" ] && [ ! "$KREL" == "2.6" ]; then
if [ ! "$SET_VERBOSE" == "1" ]; then
echo "Kernel version not equal to 2.4.x or 2.6.x, aborting."
fi
eout "{glob} kernel version not equal to 2.4.x or 2.6.x, aborting."
exit 1
else
if [ ! "$SET_VERBOSE" == "1" ]; then
echo "Kernel version not equal to 2.4.x or 2.6.x, aborting."
fi
eout "{glob} kernel version not equal to 2.4.x or 2.6.x, aborting."
exit 1
fi

Thank you very much.

Regards,
Edi



-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
--- End Message ---
--- Begin Message ---
Source: apf-firewall
Source-Version: 9.7+rev1-3+deb8u1

We believe that the bug you reported is fixed in the latest version of
apf-firewall, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 701...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated apf-firewall package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 28 Apr 2017 14:01:55 +0300
Source: apf-firewall
Binary: apf-firewall
Architecture: source all
Version: 9.7+rev1-3+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Adrian Bunk 
Description:
 apf-firewall - easy iptables based firewall system
Closes: 701674
Changes:
 apf-firewall (9.7+rev1-3+deb8u1) jessie; urgency=medium
 .
   * QA upload.
   * Set maintainer field to Debian QA Group.
   * Add patch from Christoph Biedl to make it work with
 kernel 3.x and newer. (Closes: #701674)
Checksums-Sha1:
 2b8c348be7fde3c6175389f75036367d5c2d688a 1811 
apf-firewall_9.7+rev1-3+deb8u1.dsc
 787c2df5a01b970ec2bbb27fb8c51a9bdb5b6f9c 12121 
apf-firewall_9.7+rev1-3+deb8u1.diff.gz
 59c078300c3aa45bfbe95961997f462746cdcc49 99270 
apf-firewall_9.7+rev1-3+deb8u1_all.deb
Checksums-Sha256:
 490553d09f48b06bcfc53439ba4ffdaa83e0fe53b4580b08a85c5c3f9253a4e8 1811 
apf-firewall_9.7+rev1-3+deb8u1.dsc
 77ac2cf106c747f20d548678a266201425140dd1634c05fa5bb7ade02fec2ab5 12121 
apf-firewall_9.7+rev1-3+deb8u1.diff.gz
 234c34cba7adaca38365c65d8cddd6655974f77a561329adeeed8d697237b3fc 99270 
apf-firewall_9.7+rev1-3+deb8u1_all.deb
Files:
 8252c80e100fe88a1f0d3a3adced821b 1811 net optional 
apf-firewall_9.7+rev1-3+deb8u1.dsc
 70914385f05db74c4583f3ab5c41608e 12121 net optional 
apf-firewall_9.7+rev1-3+deb8u1.diff.gz
 1281076edeffc30f4b80353ed2237c56 99270 net optional 
apf-firewall_9.7+rev1-3+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAlkDeUYACgkQiNJCh6LY
mLHdWRAAhIQV9++h7MJb9cnCvzOsC9Id0qEmNJDTAZUSW8ouURE6c+Ny3aRPFM/+
A8rRG4n/kYRxyM2dVQe/RVkDQGLHcCHT7W7k5aENT21+zpHegltmpPYFsW8R73P5
O99U7pDO15smGNNXCSWBXWVB0UyTmuAckNLmzSW0OdqZ3LRgPK5b2GpvHE/oNNb+
sUHvST9ZONFeYSrh/4PVcp6RNPeqtpberOWSH1RBHTDBaMgPmmy6XYivdgpqBAnp
Ae2AHPp90knv3B3YPBK5UfUP4n2Nc6iM/VPigXMDu7isiM9Jia0ZgeykUMnAJd8+
QNUmcWYzBRIKOUeafqHeN1nU48N4NnxyjNgsbE/Qo7IsKE03Xuv0/mVdiuj01FMR
C0vSbQZdu5pORuBicg3gDcMAp/Eapzu3VVhVAyBqtcDgIACo5/XKDilkuqWCm3Xy
NGikl/F1ErBjRg6w0wJoeodVD/JuClRybMqYzyjJYyTtzxuPzPMC3MbVAoqWJ192
xX5Yr9J94ofHXwsny1JZFSfJYqSP57NX34/0ldIAafcMLxj2y56kCbtRfwyz89Kw
5WURLPKck9/v/5IcexETncrX51dc2hVujiIKdnNwdJ/tHBZ8DCMFZrRJfo/e47Q6

Bug#859805: marked as done (postfix-ldap: unsupported dictionary type: ldap after upgrade)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:32:13 +
with message-id 
and subject line Bug#859805: fixed in postfix 2.11.3-1+deb8u1
has caused the Debian Bug report #859805,
regarding postfix-ldap: unsupported dictionary type: ldap after upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
859805: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859805
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: postfix-ldap
Version: 3.1.4-4
Severity: grave
Justification: renders package unusable

  Hi,

  I just upgraded one of my system from jessie to strech. This system was using
postfix with ldap lookup table.
>From /var/log/dpkg.log, postfix-ldap has been upgraded from 2.11.3-1 to
3.1.4-4 on 2017-04-06

  I just discovered that, after the upgrade, ldap was not working anymore. I
got in my log lots of such messages:
Apr  7 16:22:01 chaman postfix/pickup[25203]: 9711A1FD73: uid=104 
from=
Apr  7 16:22:01 chaman postfix/cleanup[32362]: warning: 
ldap:/etc/postfix/ldap-canonical.cf is unavailable. unsupported dictionary 
type: ldap
Apr  7 16:22:01 chaman postfix/cleanup[32362]: warning: 
ldap:/etc/postfix/ldap-canonical.cf lookup error for "XXX@YYY"
Apr  7 16:22:01 chaman postfix/cleanup[32362]: warning: 9711A1FD73: 
canonical_maps map lookup problem for XXX@YYY -- message not accepted, try 
again later
Apr  7 16:22:01 chaman postfix/pickup[25203]: warning: maildrop/3FACF20B26: 
error writing 9711A1FD73: queue file write error

  I manually fixes the problem by executing these commands:
# . /usr/share/postfix/postinst.functions
# delmap ldap
# addmap ldap

Etckeeper show me the differences:
root@chaman:/etc# git diff
diff --git a/postfix/dynamicmaps.cf b/postfix/dynamicmaps.cf
index d953c54..c3bac41 100644
--- a/postfix/dynamicmaps.cf
+++ b/postfix/dynamicmaps.cf
@@ -4,4 +4,4 @@
 #  =   
 tcp/usr/lib/postfix/dict_tcp.sodict_tcp_open   
 sqlite /usr/lib/postfix/dict_sqlite.so dict_sqlite_open
-ldap   /usr/lib/postfix/dict_ldap.so   dict_ldap_open  
+ldap   postfix-ldap.so dict_ldap_open  


=> It seems that the postfix ldap plugin change its library name but the debian
configure script does not fix it. Reinstalling the package (apt-get install 
--reinstall)
or reconfiguring it (dpkg-reconfigure) do not help. As I read 'addmap', the
dynamicmaps.cf file is not modified if 'ldap' is found in the first column
(even if the next informations are now wrong).

  This bug needs to be fixed before the release, else postfix-ldap
would be unusable for any upgraded system.

Side note: it seems that this bug is larger. As shown before,
my dynamicmaps.cf also have two other entries (tcp and sqlite)
refering to non-existant files on my system:
# ls /usr/lib/postfix/
configure-instance.sh  libpostfix-dns.so libpostfix-master.so  
libpostfix-util.so  postfix_groups.pl  postfix-ldap.so.1.0.1  
postfix-sqlite.so.1.0.1
libmilter.alibpostfix-global.so  libpostfix-tls.so libxsasl.a   
   postfix-ldap.sopostfix-sqlite.so  sbin

/usr/lib/postfix/dict_sqlite.so should probably be replaced by postfix-sqlite.so
but I've no clues for /usr/lib/postfix/dict_tcp.so...

  Regards
Vincent


-- System Information:
Debian Release: 9.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), 
(200, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, mipsel

Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: postfix
Source-Version: 2.11.3-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
postfix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman  (supplier of updated postfix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)

Bug#861296: marked as done (tests/data/mbox/input/jwz.mbox contains likely-non-free material [was: Re: gmime_3.0.0-1_amd64.changes REJECTED])

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:33:50 +
with message-id 
and subject line Bug#861296: fixed in gmime 2.6.22+dfsg2-1
has caused the Debian Bug report #861296,
regarding tests/data/mbox/input/jwz.mbox contains likely-non-free material 
[was: Re: gmime_3.0.0-1_amd64.changes REJECTED]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861296
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:gmime
Version: 2.6.21-1
Severity: serious
Control: found -1 2.6.22+dfsg1-1

On Wed 2017-04-26 06:00:10 +, Chris Lamb wrote:

> Not 100% sure but is that a bunch of non DFSG-compliant stuff in
> tests/data/mbox/input/jwz.mbox? Either way, please clarify in 
> debian/copyright.
> For example, some kind of Star Trek image, etc. etc.

You're absolutely right that there's dubious stuff in that mbox.
However, it appears to be already in the debian archive, as of 2.6.21.
yuck, and sorry about that :/ -- it's #858794 all over again, sigh.

  --dkg
--- End Message ---
--- Begin Message ---
Source: gmime
Source-Version: 2.6.22+dfsg2-1

We believe that the bug you reported is fixed in the latest version of
gmime, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Kahn Gillmor  (supplier of updated gmime package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 28 Apr 2017 10:58:25 -0700
Source: gmime
Binary: libgmime-2.6-dev gir1.2-gmime-2.6 libgmime-2.6-doc libgmime-2.6-0 
gmime-bin libgmime2.6-cil libgmime2.6-cil-dev monodoc-gmime2.6-manual
Architecture: source
Version: 2.6.22+dfsg2-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kahn Gillmor 
Changed-By: Daniel Kahn Gillmor 
Description:
 gir1.2-gmime-2.6 - MIME message parser and creator library - GObject 
introspection d
 gmime-bin  - MIME message parser and creator library - runtime binaries
 libgmime-2.6-0 - MIME message parser and creator library
 libgmime-2.6-dev - MIME message parser and creator library - development files
 libgmime-2.6-doc - MIME message parser and creator library - documentation
 libgmime2.6-cil - CLI binding for the GMime library
 libgmime2.6-cil-dev - CLI binding for the GMime library -- development files
 monodoc-gmime2.6-manual - compiled XML documentation for GMime
Closes: 861296
Changes:
 gmime (2.6.22+dfsg2-1) unstable; urgency=medium
 .
   * another new dfsg-free upstream tarball (Closes: #861296)
Checksums-Sha1:
 f3c6a717f24d2b703e6938853dada6d5b60ad7e2 2805 gmime_2.6.22+dfsg2-1.dsc
 429658fbfe92670e07af6ab9b6018d16f4c4f0dd 502756 gmime_2.6.22+dfsg2.orig.tar.xz
 d9c831dd20241465593fba4575106b7f89fa42c5 12484 
gmime_2.6.22+dfsg2-1.debian.tar.xz
 8063fa094a35906652b2b57a855ff342ef2b32a4 26542 
gmime_2.6.22+dfsg2-1_amd64.buildinfo
Checksums-Sha256:
 4446866006094aed46ba7f7a76c2f6d0e3f25d4cf40d075b93546f2974369970 2805 
gmime_2.6.22+dfsg2-1.dsc
 f948d020bd4c2d789e79f592b3dd9f8bcc1838ab012cdd452546d5291bbfeed5 502756 
gmime_2.6.22+dfsg2.orig.tar.xz
 e4225575652867ef0005769d55ecfa408ab16a0b09108c359d4143261d148f8a 12484 
gmime_2.6.22+dfsg2-1.debian.tar.xz
 b414b002f99af7c1c59ac5cf9f77c55e60a12bd613d208298f862de6d2827da1 26542 
gmime_2.6.22+dfsg2-1_amd64.buildinfo
Files:
 e369d4d703d6a97b05ca50e918bee8e5 2805 libs optional gmime_2.6.22+dfsg2-1.dsc
 7e6ca1427f9e2bc49ce2df0fba595c6a 502756 libs optional 
gmime_2.6.22+dfsg2.orig.tar.xz
 d00fcf100fd041f8a7ede478259aa746 12484 libs optional 
gmime_2.6.22+dfsg2-1.debian.tar.xz
 5acf7dd891572f88e62df0fe92cf0c5f 26542 libs optional 
gmime_2.6.22+dfsg2-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlkDg3wACgkQFJitxsGS
MjfR6A//Xo4XYNueACnVOu13SXa6+wftrSC3Kad6by3fnsClxb/cr24oPf3D98At
xp500hFiF6JA17hEB1o+Ty4VL9HZP8Uispjb99NBiyhmpV54hkW4dunopJsOkAjY
LNbBW+pJweXqBt3T5jNKqZvf2mO/oKi92zPTmEByABMmazeafq6RXbKwuvg7HMX2
7zK9399p8hzuEefdrPz0/4UAgmUeo5mVVlCPGBbAk0TIEUjc4LMnpuYkyxMU+Swk

Bug#860866: marked as done (activemq: CVE-2015-7559: DoS in client via shutdown command)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:32:08 +
with message-id 
and subject line Bug#860866: fixed in activemq 5.6.0+dfsg1-4+deb8u3
has caused the Debian Bug report #860866,
regarding activemq: CVE-2015-7559: DoS in client via shutdown command
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860866
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: activemq
Version: 5.6.0+dfsg1-4
Severity: important
Tags: upstream patch security
Forwarded: https://issues.apache.org/jira/browse/AMQ-6470

Hi,

the following vulnerability was published for activemq.

CVE-2015-7559[0]:
DoS in client via shutdown command

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-7559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7559
[1] https://issues.apache.org/jira/browse/AMQ-6470
[2] https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e

I'm not too familiar with activemq, but from code inspection only the
class (although on different path in the source) is present back as
well in the version in jessie.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: activemq
Source-Version: 5.6.0+dfsg1-4+deb8u3

We believe that the bug you reported is fixed in the latest version of
activemq, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated activemq package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 25 Apr 2017 21:01:20 +0200
Source: activemq
Binary: libactivemq-java libactivemq-java-doc activemq
Architecture: source all
Version: 5.6.0+dfsg1-4+deb8u3
Distribution: jessie
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 activemq   - Java message broker - server
 libactivemq-java - Java message broker core libraries
 libactivemq-java-doc - Java message broker core libraries - documentation
Closes: 860866
Changes:
 activemq (5.6.0+dfsg1-4+deb8u3) jessie; urgency=medium
 .
   * Team upload.
   * Fix CVE-2015-7559:
 DoS in activemq-core via shutdown command. (Closes: #860866)
Checksums-Sha1:
 e602f59f41fd0e3d6601a4470a8f9f54a50c84de 3543 activemq_5.6.0+dfsg1-4+deb8u3.dsc
 b9965cf7e7d5066afceb7b7f1327a040710b60d3 22832 
activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz
 a38c53ef9a62f38e206420cba32a26f69a909b38 3588612 
libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb
 56f1656250033b1079cd3dac8af7b015269034f5 3500384 
libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb
 f36e6e2472e1d1c278ae922cda07d85e45b8bb63 49530 
activemq_5.6.0+dfsg1-4+deb8u3_all.deb
Checksums-Sha256:
 ade25083dbd340d06c8cce2ba102699570a5e813c8d6201e7377d34d6dee1883 3543 
activemq_5.6.0+dfsg1-4+deb8u3.dsc
 157f8da007d7abf96068db9fd0c346c522d178c64124dbef5b335d67f6bd5286 22832 
activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz
 f4f75936a477a0c008f3426b8941320973f80c655cde9d57f74529c4f8a4f9dc 3588612 
libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb
 a7ebc3d28e58d47abfb5961f16116f5dc028c124c2ed4f1225ba52e84ded2eb2 3500384 
libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb
 fae6a78ab06fa5c5e9870360f5e625588a9dbe6339e4125abee85d969400b0f3 49530 
activemq_5.6.0+dfsg1-4+deb8u3_all.deb
Files:
 33eeff00b4dd095b3eed954eb59753ea 3543 java optional 
activemq_5.6.0+dfsg1-4+deb8u3.dsc
 adb79aaa6b842c434c7366825da34bd9 22832 java optional 
activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz
 7347aa1c985332bbc31e1df8844a7161 3588612 java optional 
libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb
 2fd27305135c9d2496395ca6f901affe 3500384 doc optional 
libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb
 969707bbcd38ce1b6758c97a3f23bab4 49530 java optional 
activemq_5.6.0+dfsg1-4+deb8u3_all.deb

-BEGIN PGP SIGNATURE-

Bug#715066: marked as done (libindicate-gtk3-dev: missing Depends: libindicate-gtk3-3 (= ${binary:Version}))

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:32:11 +
with message-id 
and subject line Bug#715066: fixed in libindicate 0.6.92-2+deb8u1
has caused the Debian Bug report #715066,
regarding libindicate-gtk3-dev: missing Depends: libindicate-gtk3-3 (= 
${binary:Version})
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
715066: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libindicate-gtk3-dev
Version: 0.6.92-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts, broken-symlink, broken-symlink-shared-library

Hi,

During a test with piuparts, I noticed your package is
responsible for the presence of broken symlinks involving
a shared library. Such failures may indicate a significant
problem with the package.

Usually this is caused by a missing Depends. It may also be
triggered if a Recommended or reverse dependency package
owning the symlink target file is not yet installed. This type
of failure mode needs to be eliminated so that other symlink
problems become more visible. In this case, the problem can be
resolved by creating a trigger for the target file. See the
dpkg triggers documentation[1] and an example on the net[2] for
implementation details.

This is being filed as Serious because it represents a violation
of Policy. Section 8 states "Packages containing shared
libraries must be constructed with a little care to make sure
that the shared library is always available".

A link to the log containing the indicated broken symlinks can
be found on piuparts.debian.org[3]. Search for "Warn: Broken
Symlinks" to see the failure point. A log showing the broken
symlink as an error is appended.

The log contains the following broken symlinks:

  /usr/lib/libindicate-gtk3.so
-> libindicate-gtk3.so.3.0.3


[1] - file:///usr/share/doc/dpkg-dev/triggers.txt.gz
[2] - http://www.seanius.net/blog/2009/09/dpkg-triggers-howto/
[3] - http://piuparts.debian.org/sid/broken_symlinks_issue.html


--

Start: 2013-07-05 21:54:52 EST

Package: libindicate-gtk3-dev
Source: libindicate
Version: 0.6.92-1
Installed-Size: 88
Maintainer: The Ayatana Packagers 
Architecture: amd64
Depends: libindicate-gtk3 (= 0.6.92-1), libindicate-dev (= 0.6.92-1), 
libdbus-glib-1-dev (>= 0.76), libgtk-3-dev (>= 3.0)
Description: library for raising indicators via DBus - GTK bindings development 
files
Homepage: https://launchpad.net/libindicate
Description-md5: db4ba01cea52e73b63c4da26bdc8fc5c
Tag: devel::library, role::devel-lib
Section: libdevel
Priority: optional
Filename: pool/main/libi/libindicate/libindicate-gtk3-dev_0.6.92-1_amd64.deb
Size: 36668
MD5sum: fe8a6dd96f010c259c1d02f6f505cfb0
SHA1: 7c4bab1cad63f20a0e0249cf782f9901cad27509
SHA256: a365796226f0e76b69d9a8b6bd49eca779b57e059b8a5f2c0e64e15ccc612ef5

Executing: sudo piuparts --scriptsdir /etc/piuparts/scripts 
--skip-logrotatefiles-test --warn-on-others --fail-on-broken-symlinks --mirror 
http://127.0.0.1/debian --tmpdir /var/tmp --arch amd64 -b 
/var/cache/piuparts/basetgz/sid.tar.gz -d sid --no-upgrade-test --apt 
libindicate-gtk3-dev=0.6.92-1
0m0.0s INFO: 
--
0m0.0s INFO: To quickly glance what went wrong, scroll down to the bottom of 
this logfile.
0m0.0s INFO: FAQ available at http://wiki.debian.org/piuparts/FAQ
0m0.0s INFO: 
--
0m0.0s INFO: piuparts version 0.54~201306172307~0.53-14-ge8900a0 starting up.
0m0.0s INFO: Command line arguments: '/usr/sbin/piuparts' '--scriptsdir' 
'/etc/piuparts/scripts' '--skip-logrotatefiles-test' '--warn-on-others' 
'--fail-on-broken-symlinks' '--mirror' 'http://127.0.0.1/debian' '--tmpdir' 
'/var/tmp' '--arch' 'amd64' '-b' '/var/cache/piuparts/basetgz/sid.tar.gz' '-d' 
'sid' '--no-upgrade-test' '--apt' 'libindicate-gtk3-dev=0.6.92-1'
0m0.0s INFO: Running on: Linux debian-testing 3.9-1-amd64 #1 SMP Debian 3.9.8-1 
x86_64
0m0.0s DEBUG: Created temporary directory /var/tmp/tmp8Um1eu
0m0.0s DEBUG: Unpacking /var/cache/piuparts/basetgz/sid.tar.gz into 
/var/tmp/tmp8Um1eu
0m0.0s DEBUG: Starting command: ['tar', '-C', '/var/tmp/tmp8Um1eu', '-zxf', 
'/var/cache/piuparts/basetgz/sid.tar.gz']
0m1.3s DEBUG: Command ok: ['tar', '-C', '/var/tmp/tmp8Um1eu', '-zxf', 
'/var/cache/piuparts/basetgz/sid.tar.gz']
0m1.3s DEBUG: Starting command: ['chroot', '/var/tmp/tmp8Um1eu', 'eatmydata', 
'mount', '-t', 'proc', 'proc', 

Bug#823688: marked as done (sitesummary: prerm called with unknown argument `upgrade')

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:32:14 +
with message-id 
and subject line Bug#823688: fixed in sitesummary 0.1.17+deb8u3
has caused the Debian Bug report #823688,
regarding sitesummary: prerm called with unknown argument `upgrade'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
823688: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823688
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sitesummary
Version: 0.1.20
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed the maintainer scripts of your
package don't support all the ways they are going to be called.

See policy 6.5 at
https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-mscriptsinstact

>From the attached log (scroll to the bottom...):

0m37.5s DEBUG: Starting command: ['chroot', '/tmp/piupartss/tmp5IwKQK', 
'apt-get', '-y', 'install', '--reinstall', 'sitesummary=0.1.20']
0m38.6s DUMP: 
  Reading package lists...
  Building dependency tree...
  Reading state information...
  debconf: delaying package configuration, since apt-utils is not installed
  0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
  Need to get 0 B/45.1 kB of archives.
  After this operation, 0 B of additional disk space will be used.
  (Reading database ... 
(Reading database ... 9514 files and directories currently installed.)
  Preparing to unpack .../sitesummary_0.1.20_all.deb ...
  prerm called with unknown argument `upgrade'
  dpkg: warning: subprocess old pre-removal script returned error exit status 1
  dpkg: trying script from the new package instead ...
  prerm called with unknown argument `failed-upgrade'
  dpkg: error processing archive 
/var/cache/apt/archives/sitesummary_0.1.20_all.deb (--unpack):
   subprocess new pre-removal script returned error exit status 1
  Errors were encountered while processing:
   /var/cache/apt/archives/sitesummary_0.1.20_all.deb
  E: Sub-process /usr/bin/dpkg returned an error code (1)
0m38.6s ERROR: Command failed (status=100): ['chroot', 
'/tmp/piupartss/tmp5IwKQK', 'apt-get', '-y', 'install', '--reinstall', 
'sitesummary=0.1.20']


Cheers,

Andreas


sitesummary_0.1.20.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: sitesummary
Source-Version: 0.1.17+deb8u3

We believe that the bug you reported is fixed in the latest version of
sitesummary, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 823...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen  (supplier of updated sitesummary package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 21 Apr 2017 19:46:35 +0200
Source: sitesummary
Binary: sitesummary sitesummary-client
Architecture: source all
Version: 0.1.17+deb8u3
Distribution: jessie
Urgency: medium
Maintainer: Debian Edu Developers 
Changed-By: Holger Levsen 
Description:
 sitesummary - Generate site summary of submitting hosts (server part)
 sitesummary-client - Generate site summary of submitting hosts (client part)
Closes: 823688
Changes:
 sitesummary (0.1.17+deb8u3) jessie; urgency=medium
 .
   [ Wolfgang Schweer ]
   * Fix d/sitesummary.prerm and provide mandatory facilities. Cherrypicked from
 commit 3cff262 (master branch / 0.1.21 release). (Closes: #823688).
Checksums-Sha1:
 3b71e8751c9b99116d4f197a8300499c18d411d0 1864 sitesummary_0.1.17+deb8u3.dsc
 1495f4252f475d2b17b04a598bd327f0a1de8220 74789 sitesummary_0.1.17+deb8u3.tar.gz
 6390104346e24ed2ab53299e08d57856962ebed5 45500 
sitesummary_0.1.17+deb8u3_all.deb
 9a91869d26a51dcd00523cd9a49cbc05720762e9 35120 
sitesummary-client_0.1.17+deb8u3_all.deb
Checksums-Sha256:
 c2d22aa203ac0fb29729d40c64a588d7fda12345105787ca1af69c12c3b07f11 1864 
sitesummary_0.1.17+deb8u3.dsc
 29549740929f31a72ff8a53c5648f0beb838009fde64477ff73cd26628aa8220 74789 
sitesummary_0.1.17+deb8u3.tar.gz
 5713bb07f6f37604a15602b07395ecf216c7b7c4f4589ba6aa90829e5f93d890 45500 
sitesummary_0.1.17+deb8u3_all.deb
 

Bug#861416: marked as done (libzmq5: built with experimental zmq_poll implementation enabled by default)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:18:44 +
with message-id 
and subject line Bug#861416: fixed in zeromq3 4.2.1-4
has caused the Debian Bug report #861416,
regarding libzmq5: built with experimental zmq_poll implementation enabled by 
default
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861416: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861416
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libzmq5
Version: 4.2.1-3
Severity: serious
Tags: patch

Dear Maintainer,

A feature under development has sneaked in as active by default in the
recent releases of libzmq. I'm sorry we only noticed just now.

This feature completely changes the internal implementation for
zmq_poll, a very widely used API, and as such I do not believe Debian 9
should ship with it, hence the initial severity choice.

The attached patch, backported from upstream, reverts to the previous
stable and well-tested implementation. I've tested it on Stretch.
Please consider applying it and asking for an exception to the freeze
so that it can be included in Debian 9.

Thank you!

Kind regards,
Luca Boccassi


From 90c76fbd6069b8e1e98236f31317ed22792ab739 Mon Sep 17 00:00:00 2001
From: Luca Boccassi 
Date: Fri, 28 Apr 2017 16:08:46 +0100
Subject: [PATCH] Problem: new zmq_poller used by zmq_poll without DRAFTs

Solution: do not define ZMQ_HAVE_POLLER in src/zmq_drafts.h otherwise
src/zmq.cpp will implement zmq_poll using the new poller classes.
Same for ZMQ_HAVE_TIMERS, even though it has no internal effect, but
to be safe against future development.
---
 src/zmq_draft.h | 4 
 1 file changed, 4 deletions(-)

diff --git a/src/zmq_draft.h b/src/zmq_draft.h
index bfbf9e3f..9aed6ddd 100644
--- a/src/zmq_draft.h
+++ b/src/zmq_draft.h
@@ -67,8 +67,6 @@ const char *zmq_msg_group(zmq_msg_t *msg);
 /*  Poller polling on sockets,fd and thread-safe sockets  
*/
 
/**/
 
-#define ZMQ_HAVE_POLLER
-
 typedef struct zmq_poller_event_t
 {
 void *socket;
@@ -103,8 +101,6 @@ int zmq_poller_remove_fd (void *poller, int fd);
 /*  Scheduling timers 
*/
 
/**/
 
-#define ZMQ_HAVE_TIMERS
-
 typedef void (zmq_timer_fn)(int timer_id, void *arg);
 
 void *zmq_timers_new (void);
-- 
2.11.0


signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: zeromq3
Source-Version: 4.2.1-4

We believe that the bug you reported is fixed in the latest version of
zeromq3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS)  (supplier of updated zeromq3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 28 Apr 2017 18:52:42 +
Source: zeromq3
Binary: libzmq5 libzmq3-dev libzmq5-dbg
Architecture: source amd64
Version: 4.2.1-4
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) 
Changed-By: Laszlo Boszormenyi (GCS) 
Description:
 libzmq3-dev - lightweight messaging kernel (development files)
 libzmq5- lightweight messaging kernel (shared library)
 libzmq5-dbg - lightweight messaging kernel (debugging symbols)
Closes: 861416
Changes:
 zeromq3 (4.2.1-4) unstable; urgency=medium
 .
   * Backport upstream fix to disable experimental zmq_poll implementation
 (closes: #861416).
Checksums-Sha1:
 d39bed7a2ecfcd121db4eb7ba3fb48aea725b266 2026 zeromq3_4.2.1-4.dsc
 c5608bc211371ed51db0fe08ce29354fe0c01294 21488 zeromq3_4.2.1-4.debian.tar.xz
 1eec60cfd64fb80a68d1dff7f6275c5d7f7552c8 369536 libzmq3-dev_4.2.1-4_amd64.deb
 c8f6862d91d20057f05a389b6d419fab1cf6c8ca 3253738 libzmq5-dbg_4.2.1-4_amd64.deb
 1eee98f4ad1ac817110b2b372719164325a65149 200468 libzmq5_4.2.1-4_amd64.deb
 2605770918102eb84cc8acf6a64956eb36fcd183 7501 zeromq3_4.2.1-4_amd64.buildinfo

Bug#861295: marked as done (ghostscript: CVE-2017-8291: shell injection)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:02:08 +
with message-id 
and subject line Bug#861295: fixed in ghostscript 9.06~dfsg-2+deb8u5
has caused the Debian Bug report #861295,
regarding ghostscript: CVE-2017-8291: shell injection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: upstream security
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808

Hi,

the following vulnerability was published for ghostscript.

CVE-2017-8291[0]:
| Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote
| command execution via a "/OutputFile (%pipe%" substring in a crafted
| .eps document that is an input to the gs program, as exploited in the
| wild in April 2017.

Regading the CVE assignment, note that it is psecific to the shell
injection, as per
https://bugs.ghostscript.com/show_bug.cgi?id=697808#c1 if the
segmentation violation that is seen when executing this sample
represents a second security issue then it will get a second CVE.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697808

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.06~dfsg-2+deb8u5

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated ghostscript 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 28 Apr 2017 10:32:58 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common 
libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.06~dfsg-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team 
Changed-By: Salvatore Bonaccorso 
Closes: 858350 859666 859694 859696 861295
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug 
symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - 
Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 
support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9 - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common 
file
Changes:
 ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes:
 #859666)
   * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220)
 (Closes: #859694)
   * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696)
   * Ensure a device has raster memory, before trying to read it
 (CVE-2017-7207) (Closes: #858350)
   * -dSAFER bypass and remote command execution via a "/OutputFile  (%pipe%"
 substring (CVE-2017-8291) (Closes: #861295)
Checksums-Sha1: 
 8f7c4346fe47fea21650056086bda263db9d6872 3044 
ghostscript_9.06~dfsg-2+deb8u5.dsc
 e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 
ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz
 a273d08977e14bdfc3a79bb96facbff938257629 5067584 
ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb
 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 
libgs9-common_9.06~dfsg-2+deb8u5_all.deb
Checksums-Sha256: 
 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 

Bug#860986: marked as done (python-iptables: import raises AttributeError: 'NoneType' object has no attribute 'throw_exception')

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 21:05:55 +
with message-id 
and subject line Bug#860986: fixed in python-iptables 0.11.0-3
has caused the Debian Bug report #860986,
regarding python-iptables: import raises AttributeError: 'NoneType' object has 
no attribute 'throw_exception'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860986: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-iptables
Version: 0.11.0-2
Severity: serious
Justification: required

Dear Maintainer:

  The python-iptables library did not work on my Debian 9. The problem occured 
likes the following transcript:

-- Terminal Output --

<0> [anthony@debian-lmde ~] $ python
Python 2.7.13 (default, Jan 19 2017, 14:48:08) 
[GCC 6.3.0 20170118] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import iptc
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python2.7/dist-packages/iptc/__init__.py", line 10, in 
from iptc.ip4tc import (is_table_available, Table, Chain, Rule, Match, 
Target,
  File "/usr/lib/python2.7/dist-packages/iptc/ip4tc.py", line 13, in 
from .xtables import (XT_INV_PROTO, NFPROTO_IPV4, XTablesError, xtables,
  File "/usr/lib/python2.7/dist-packages/iptc/xtables.py", line 711, in 
_throw = _lib_xtwrapper.throw_exception
AttributeError: 'NoneType' object has no attribute 'throw_exception'
>>> exit()

--- End of terminal output --

  The problem occurs when importing the library and invokes traceback, but the 
traceback message did not works on me. Hope for early solved.


Here is my system information below:

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python-iptables depends on:
ii  libc6   2.24-9
ii  python  2.7.13-2
pn  python:any  

python-iptables recommends no packages.

Versions of packages python-iptables suggests:
pn  python-iptables-doc  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: python-iptables
Source-Version: 0.11.0-3

We believe that the bug you reported is fixed in the latest version of
python-iptables, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU)  (supplier of updated 
python-iptables package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 28 Apr 2017 22:41:39 +0200
Source: python-iptables
Binary: python-iptables python3-iptables python-iptables-doc
Architecture: source
Version: 0.11.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team 

Changed-By: IOhannes m zmölnig (Debian/GNU) 
Description:
 python-iptables - Python bindings for iptables (Python 2 interface)
 python-iptables-doc - documentation for the python-iptables library
 python3-iptables - Python bindings for iptables (Python 3 interface)
Closes: 860986
Changes:
 python-iptables (0.11.0-3) unstable; urgency=medium
 .
   * Backported IPv6 mask fix from upstream
   * Depend on iptables (Closes: #860986)
 * Backported support for v12 xtables from upstream
Checksums-Sha1:
 e5581b97da41dafe6f77a50484bb452b9542ced0 2117 python-iptables_0.11.0-3.dsc
 103b8c00c7ed72df2c3f1f4bc4ec6a20b95ca2da 4932 
python-iptables_0.11.0-3.debian.tar.xz
 8d75350a0759df2f02a2690884d11e6466f5acc5 8561 
python-iptables_0.11.0-3_amd64.buildinfo
Checksums-Sha256:
 a762ccdec274d7f04235b4bdfe743126dae7e5b61629f9d7969ece9d615c0fe4 2117 
python-iptables_0.11.0-3.dsc
 105d5e9e3c2909c51a14b5cef1f88a26ec1a3e78484ad1b86ec9a08d9bb4f4e8 4932 
python-iptables_0.11.0-3.debian.tar.xz
 

Bug#859262: Re: freezes Orca screen reader

[Joanmarie Diggs]

So I just handled the value-related "The process appears to be hung"
exception. I saw that you also had the name-related exception. But the
line number suggests to me that you don't have another change I made,
namely to return immediately in isLayoutOnly() if obj is dead. I'm not
positive, but I'm hopeful that check will prevent the name-related
exception. (And if not, I'd like to know that.)

Therefore, before you try to log other issues, would you mind pulling
master or the gnome-3-24 branch so you have the latest?

Thanks again!
--joanie

On 04/28/2017 03:08 PM, Paul Gevers wrote:
> Hi,
> 
> On 23-04-17 19:27, Paul Gevers wrote:
>> On 23-04-17 15:32, Joanmarie Diggs wrote:
>>> That segfault is an AT-SPI2 bug. And apparently an elusive one.
>>> https://bugzilla.gnome.org/show_bug.cgi?id=767074
>>
>> Just to get things straight, do you mean here that you do or that you
>> don't believe this segfault has anything to do with the current bug?
> 
> Pending an answer :)
> 
>> If not, I can try getting logs until I am not hit by this segfault AND
>> there is something more in the log than the already known issue.
> 
> Not sure if there is anything interesting in the log, but I have a new
> one where orca didn't crash. Does that help?
> 
> Paul
> 

Processed: A fix for the warning

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + stretch
Bug #861152 [nagstamon] nagstamon: InsecureRequestWarning: Unverified HTTPS 
request is being made.
Added tag(s) stretch.

-- 
861152: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861152
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861152: A fix for the warning

[Moritz Schlarb]

Control: tags -1 + stretch

I have fixed the code for disabling the warnings which didn't work in
Stretch, because there were some changes regarding the requests.packages
unbundling in python3-requests.

https://anonscm.debian.org/viewvc/python-apps?view=revision=13981

Still, I'd like for upstream to handle that better - but that isn't
going to happen right now.

Regards,
Moritz

Bug#859262: Re: freezes Orca screen reader

[Joanmarie Diggs]

It identifies an unhandled exception which I can handle. Again, that may
or may not magically make Orca present synaptic. Thanks for the log!
--joanie

On 04/28/2017 03:08 PM, Paul Gevers wrote:
> Hi,
> 
> On 23-04-17 19:27, Paul Gevers wrote:
>> On 23-04-17 15:32, Joanmarie Diggs wrote:
>>> That segfault is an AT-SPI2 bug. And apparently an elusive one.
>>> https://bugzilla.gnome.org/show_bug.cgi?id=767074
>>
>> Just to get things straight, do you mean here that you do or that you
>> don't believe this segfault has anything to do with the current bug?
> 
> Pending an answer :)
> 
>> If not, I can try getting logs until I am not hit by this segfault AND
>> there is something more in the log than the already known issue.
> 
> Not sure if there is anything interesting in the log, but I have a new
> one where orca didn't crash. Does that help?
> 
> Paul
> 

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 861152 + pending
Bug #861152 [nagstamon] nagstamon: InsecureRequestWarning: Unverified HTTPS 
request is being made.
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
861152: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861152
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859262: Re: freezes Orca screen reader

[Paul Gevers]

Hi,

On 23-04-17 19:27, Paul Gevers wrote:
> On 23-04-17 15:32, Joanmarie Diggs wrote:
>> That segfault is an AT-SPI2 bug. And apparently an elusive one.
>> https://bugzilla.gnome.org/show_bug.cgi?id=767074
> 
> Just to get things straight, do you mean here that you do or that you
> don't believe this segfault has anything to do with the current bug?

Pending an answer :)

> If not, I can try getting logs until I am not hit by this segfault AND
> there is something more in the log than the already known issue.

Not sure if there is anything interesting in the log, but I have a new
one where orca didn't crash. Does that help?

Paul


debug-2017-04-28-20:43:12.out.xz
Description: application/xz


signature.asc
Description: OpenPGP digital signature

Bug#861383: marked as done (grpc: Incomplete debian/copyright?)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 17:48:52 +
with message-id 
and subject line Bug#861383: fixed in grpc 1.2.5-1+nmu1
has caused the Debian Bug report #861383,
regarding grpc: Incomplete debian/copyright?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861383: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861383
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: grpc
Version: 1.2.5-1+nmu0
Severity: serious
Justication: Policy 12.5
X-Debbugs-CC: Steinar H. Gunderson 

Hi,

I just ACCEPTed grpc from NEW but noticed it was missing attribution 
in debian/copyright for at least:

  src/objective-c/!ProtoCompiler.podspec
  src/python/grpcio/commands.py
  third_party/nanopb/
  third_party/rake-compiler-dock/
  [..]

(This is not exhaustive so please check over the entire package 
carefully and address these on your next upload.)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- End Message ---
--- Begin Message ---
Source: grpc
Source-Version: 1.2.5-1+nmu1

We believe that the bug you reported is fixed in the latest version of
grpc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steinar H. Gunderson  (supplier of updated grpc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 28 Apr 2017 18:48:22 +0200
Source: grpc
Binary: libgrpc-dev libgrpc3 libgrpc++-dev libgrpc++1 protobuf-compiler-grpc
Architecture: source amd64
Version: 1.2.5-1+nmu1
Distribution: unstable
Urgency: medium
Maintainer: gRPC Package Maintainers 
Changed-By: Steinar H. Gunderson 
Description:
 libgrpc++-dev - high performance general RPC framework (development)
 libgrpc++1 - high performance general RPC framework
 libgrpc-dev - high performance general RPC framework (development)
 libgrpc3   - high performance general RPC framework
 protobuf-compiler-grpc - high performance general RPC framework - protobuf 
plugin
Closes: 861383
Changes:
 grpc (1.2.5-1+nmu1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Update debian/copyright with missing license information. (Closes: #861383)
   * make-pkg-config-files-nonexecutable.diff: New patch, installs .pc files
 as nonexecutable. Fixes Lintian warning.
Checksums-Sha1:
 aea4ed8f20e18a83b562e1892eebf67ddd614f1f 2260 grpc_1.2.5-1+nmu1.dsc
 fed9f8d4bf3ff4fd2caf0a267270fe41ddc05be7 6408 grpc_1.2.5-1+nmu1.debian.tar.xz
 cc66ba653429547d6bc341cd9ac4238075d3d4b9 7884 grpc_1.2.5-1+nmu1_amd64.buildinfo
 0932985a86267602d855bed9f262dbc909aac120 457010 
libgrpc++-dev_1.2.5-1+nmu1_amd64.deb
 664a18fcecbc3bcbfd4946e400f5097dda772102 391056 
libgrpc++1_1.2.5-1+nmu1_amd64.deb
 0f6b26e2a3550b9d824933a8ebf55291b11b75e7 389382 
libgrpc-dev_1.2.5-1+nmu1_amd64.deb
 be3d7465d41ea735ebdc9d073b84476f4fae7c60 441156 libgrpc3_1.2.5-1+nmu1_amd64.deb
 7b6bee5d95afe86ea636ebab1560ae92ad3ebb77 1733122 
protobuf-compiler-grpc-dbgsym_1.2.5-1+nmu1_amd64.deb
 030ba062446ee40298731d2fc6fb00b560d4eb2d 123998 
protobuf-compiler-grpc_1.2.5-1+nmu1_amd64.deb
Checksums-Sha256:
 9efdb32efbd1b63da27621298ebacd1a99c15698bce8fb2bf01cc4730c2ce1c0 2260 
grpc_1.2.5-1+nmu1.dsc
 44b622905e0885c2c8cae9c6f9ebf7dcf89711be1918dc642f06adc9459315ff 6408 
grpc_1.2.5-1+nmu1.debian.tar.xz
 8153519a3680beb928942bfb4bbe914eb92a2c78e862e7c66b34ae1bdc5929bb 7884 
grpc_1.2.5-1+nmu1_amd64.buildinfo
 79227e5330abf69f9f3dc59be921920b104cbcac1f8279a67389648443327e3b 457010 
libgrpc++-dev_1.2.5-1+nmu1_amd64.deb
 6bdbd7aa2e503738ff7e67bedb1b4bdbe621f46a14545e1a7c620e6472a3f90f 391056 
libgrpc++1_1.2.5-1+nmu1_amd64.deb
 fcdf20b5794da0055a9355d1e82dbcd4ffa0d47f17eeb9bd8fa2fa9fd31c1450 389382 
libgrpc-dev_1.2.5-1+nmu1_amd64.deb
 a324913be58314dc4c4a4e4dd57fc2ea6e107af1f341c8745e183445c8ad33b1 441156 
libgrpc3_1.2.5-1+nmu1_amd64.deb
 da1f3bb19dfe6f34730cca0c61784009676cb8517ee8cfc56a745e0c48764a14 1733122 
protobuf-compiler-grpc-dbgsym_1.2.5-1+nmu1_amd64.deb
 

Bug#861416: libzmq5: built with experimental zmq_poll implementation enabled by default

[Luca Boccassi]

Package: libzmq5
Version: 4.2.1-3
Severity: serious
Tags: patch

Dear Maintainer,

A feature under development has sneaked in as active by default in the
recent releases of libzmq. I'm sorry we only noticed just now.

This feature completely changes the internal implementation for
zmq_poll, a very widely used API, and as such I do not believe Debian 9
should ship with it, hence the initial severity choice.

The attached patch, backported from upstream, reverts to the previous
stable and well-tested implementation. I've tested it on Stretch.
Please consider applying it and asking for an exception to the freeze
so that it can be included in Debian 9.

Thank you!

Kind regards,
Luca Boccassi


From 90c76fbd6069b8e1e98236f31317ed22792ab739 Mon Sep 17 00:00:00 2001
From: Luca Boccassi 
Date: Fri, 28 Apr 2017 16:08:46 +0100
Subject: [PATCH] Problem: new zmq_poller used by zmq_poll without DRAFTs

Solution: do not define ZMQ_HAVE_POLLER in src/zmq_drafts.h otherwise
src/zmq.cpp will implement zmq_poll using the new poller classes.
Same for ZMQ_HAVE_TIMERS, even though it has no internal effect, but
to be safe against future development.
---
 src/zmq_draft.h | 4 
 1 file changed, 4 deletions(-)

diff --git a/src/zmq_draft.h b/src/zmq_draft.h
index bfbf9e3f..9aed6ddd 100644
--- a/src/zmq_draft.h
+++ b/src/zmq_draft.h
@@ -67,8 +67,6 @@ const char *zmq_msg_group(zmq_msg_t *msg);
 /*  Poller polling on sockets,fd and thread-safe sockets  
*/
 
/**/
 
-#define ZMQ_HAVE_POLLER
-
 typedef struct zmq_poller_event_t
 {
 void *socket;
@@ -103,8 +101,6 @@ int zmq_poller_remove_fd (void *poller, int fd);
 /*  Scheduling timers 
*/
 
/**/
 
-#define ZMQ_HAVE_TIMERS
-
 typedef void (zmq_timer_fn)(int timer_id, void *arg);
 
 void *zmq_timers_new (void);
-- 
2.11.0


signature.asc
Description: This is a digitally signed message part

Bug#861383: grpc: Incomplete debian/copyright?

[Steinar H. Gunderson]

On Fri, Apr 28, 2017 at 05:19:16PM +0100, Chris Lamb wrote:
>>>   src/objective-c/!ProtoCompiler.podspec
>>>   src/python/grpcio/commands.py
>> I'm trying to figure out these; what's wrong with the current
>> attribution?
> The files are now elsewhere so a little difficult to look into this, but
> if you've checked them over please go ahead and re-upload. :)

I need to create something to look over the almost 1 copies of the BSD
3-clause license first; it's too much to do by hand. :-)

/* Steinar */
-- 
Homepage: https://www.sesse.net/

Bug#861225: [Regression] Soft lockup in KVM/QEMU virtual machine

[Olav Seyfarth]

Hi Ben,

first, thanks for your patience, very much appreciated. I know how hard
debugging can be, I'm helping with Enigmail If I have time to do so.
I tried to write clearly but now see that I did not succeed:

> Based on your original report, giving a kernel log from the guest
> (which has also been upgraded), I thought you were reporting an issue
> triggered by upgrading the guest kernel. Now I think what you're
> actually reporting is that upgrading the host kernel casues guests
> to crash. Is that correct?

No. Host and guests received the (unattended) upgrade but downgrading
the _host_ (only) turned the system in a stable state. You might have
spotted "Guests still are on 3.16.43-1" in my original report and
deducted that the host seems to be the culprit. Well hidden, I agree.
Sorry for that! So maybe you want to rephrase the bug title (again).

While investigating when my guests did not start, I tried to start them
using virsh --console - and received (nothing) for some minutes. Just as
I was about to kill the terminal, there was that kernel panic messages.
So I saved them, not aware by that time that I was the host's console
messages being shown. (At least I now think that it was.)

> were reporting an issue triggered by upgrading the guest kernel

To clearify: The crash only happened upon rebooting the whole system.
Unattended upgrade installed the new kernel but did not reload it.
I rebooted due to a PHP and mySQL upgrade, to make sure new versions
being active and that THEY would come up correctly upon reboot.

> If so, can you check whether the host kernel logs anything when this
> happens, and send that?

Now, as it seems necessary what I can do (on the host) is to remove the
APT Pin, apt update and upgrade, then boot, open a terminal from my
laptop to the host (how do I make sure to get console output there?) and
start some VM guests to make the host crash. Copy the console output
from the terminal and revert all changes (re-activate pin, downgrade,
reboot, fire up guests).

Since I want to avoid having to do this multiple times, what exactly do
I need to capture?

> But I can't fix a bug if I don't understand what the bug is or how to
> reproduce it!

Thought you'd say that. I just hoped that the stuff I reported answering
your remark "you cut too much" might already have helped.

Olav



signature.asc
Description: OpenPGP digital signature

Bug#861383: grpc: Incomplete debian/copyright?

[Chris Lamb]

Hi Steinar,

> >   src/objective-c/!ProtoCompiler.podspec
> >   src/python/grpcio/commands.py
> 
> I'm trying to figure out these; what's wrong with the current
> attribution?

The files are now elsewhere so a little difficult to look into this, but
if you've checked them over please go ahead and re-upload. :)


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#861383: grpc: Incomplete debian/copyright?

[Steinar H. Gunderson]

On Fri, Apr 28, 2017 at 09:04:57AM +0100, Chris Lamb wrote:
>   src/objective-c/!ProtoCompiler.podspec
>   src/python/grpcio/commands.py

I'm trying to figure out these; what's wrong with the current attribution?
It looks like copyright holder is right (and largely the year, too), and the
license appears to be the same.

/* Steinar */
-- 
Homepage: https://www.sesse.net/

Bug#861077: [Pkg-nagios-devel] Bug#861077: icinga-idoutils: fails to upgrade squeeze -> wheezy -> jessie -> stretch

[Sebastiaan Couwenberg]

On 04/28/2017 05:10 PM, Andreas Beckmann wrote:
> On 2017-04-28 15:10, Sebastiaan Couwenberg wrote:
>> No joy there either. The upgrade to wheezy fails again for unrelated
>> reasons:
>>
>>  The following packages have unmet dependencies:
>>   libc6-dev : Breaks: gcc-4.4 (< 4.4.6-4) but 4.4.5-8 is to be installed
>>  E: Broken packages
>>
>> I guess I'll have to setup a proper VM and do interactive upgrades.
> 
> I remember having seen this, but don#t remember the details ...
> 
> Do you have your proposed patch in some git branch?

Yes, currently only in my personal git repo, not yet pushed to Alioth:

 http://git.linuxminded.nl/?p=pkg-nagios/icinga

The patch has been revised a couple of times, and is also available in
this bugreport.

I'm currently doing the upgrade tests in a VM, but haven't reached the
stretch upgrade yet.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#859660: Bug#859660: artemis running issue

[tony mancill]

Hi Andreas,

This does sound like an issue we had in the past with jarwrapper and
binfmt-support.  IIRC, Colin Watson was able to track down the source of
this, but at the moment I cannot locate the details of that exchange.  It
was something along the lines of there being multiple interpreters
registered for the given binfmt.

If we know that the user's kernel supports binfmt_misc, then we should be
able to figure out what's happening.  The output of "sudo update-binfmts
--display jarwrapper" (should point to jarwrapper) and "sudo update-binfmts
--display jar" (should point to jexec) might be informative.  I'll try to
reproduce locally and report back.

Cheers,
tony




On Sun, Apr 23, 2017 at 11:36 PM, Andreas Tille  wrote:

> Hi Java developers,
>
> is there any known issue with running JARs via symlink to /usr/bin?
>
> I suspect this is the problem with this bug but I wonder what might be
> the recommended way from Java team about this way to start Java programs
> that used to work but is not always relieable.
>
> Kind regards
>
>   Andreas.
>
> On Fri, Apr 07, 2017 at 12:43:42PM +0200, Andreas Tille wrote:
> > Hi,
> >
> > On Fri, Apr 07, 2017 at 12:17:08PM +0200, Sascha Steinbiss wrote:
> > > Hi,
> > >
> > > > على الأربعاء  5 نيسـان 2017 ‫12:32، كتب Jerome:
> > > >> When running artemis package, get this issue :
> > > >>
> > > >> $ art
> > > >> bash: /usr/bin/art: cannot execute binary file: Exec format error
> > >
> > > Probably something to do with jarwrapper? I remember running into
> > > something similar quite some time ago.
> >
> > I'd assume the same.  I can confirm that I can not reproduce here as
> > well but the problem sounds like jarwrapper connected.  I do not
> > remember what package I had in the past with a similar issue but
> > providing a shell wrapper calling java with some options and the jar
> > file solved the issue.
> >
> > It seems that jarwrapper is not really reliable - as far as I know
> > specifically if users are using a self compiled kernel where this
> > feature can be switched of.
> >
> > Hope this helps
> >
> >  Andreas.
>
> --
> http://fam-tille.de
>
>

Bug#861077: [Pkg-nagios-devel] Bug#861077: icinga-idoutils: fails to upgrade squeeze -> wheezy -> jessie -> stretch

[Andreas Beckmann]

On 2017-04-28 15:10, Sebastiaan Couwenberg wrote:
> No joy there either. The upgrade to wheezy fails again for unrelated
> reasons:
> 
>  The following packages have unmet dependencies:
>   libc6-dev : Breaks: gcc-4.4 (< 4.4.6-4) but 4.4.5-8 is to be installed
>  E: Broken packages
> 
> I guess I'll have to setup a proper VM and do interactive upgrades.

I remember having seen this, but don#t remember the details ...

Do you have your proposed patch in some git branch?


Andreas

Bug#861408: marked as done (Qt5 package with a Qt4 dependency, libqt4-sql-psql)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 15:06:47 +
with message-id 
and subject line Bug#861408: fixed in postbooks-updater 2.4.0-3
has caused the Debian Bug report #861408,
regarding Qt5 package with a Qt4 dependency, libqt4-sql-psql
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861408: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861408
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: postbooks-updater
Version: 2.4.0-2
Severity: important

The package has been updated for Qt5 however one of the Depends was not
changed, libqt4-sql-psql needs to be replaced with libqt5sql5-psql
--- End Message ---
--- Begin Message ---
Source: postbooks-updater
Source-Version: 2.4.0-3

We believe that the bug you reported is fixed in the latest version of
postbooks-updater, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Pocock  (supplier of updated postbooks-updater 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 28 Apr 2017 15:55:22 +0200
Source: postbooks-updater
Binary: postbooks-updater
Architecture: source amd64
Version: 2.4.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian xTuple Maintainers 

Changed-By: Daniel Pocock 
Description:
 postbooks-updater - multi-user accounting / CRM / ERP suite (database update 
manager)
Closes: 861408
Changes:
 postbooks-updater (2.4.0-3) unstable; urgency=medium
 .
   * Update for libqt5sql5-psql (Closes: #861408)
Checksums-Sha1:
 ca75e5f321090b42bbf9dbe0cb94258fe75efcbb 2331 postbooks-updater_2.4.0-3.dsc
 d0735ea6ecf926d23e25b9a8cea524eedc13cd48 12660 
postbooks-updater_2.4.0-3.debian.tar.xz
 a856829aadcee2f2b246bdb25202f962a268b5fe 2870986 
postbooks-updater-dbgsym_2.4.0-3_amd64.deb
 98e1288ace71b5de326d4d1e793d6fe7be53e447 11361 
postbooks-updater_2.4.0-3_amd64.buildinfo
 7a58e0cc80939cd5353b6fef2e1775fdb1ededa0 135508 
postbooks-updater_2.4.0-3_amd64.deb
Checksums-Sha256:
 d5dac6c0d9c37a6f2977c5bf13f81470a047d2fc00ffc9dbc349a13cd406713a 2331 
postbooks-updater_2.4.0-3.dsc
 1386f377cd322e991e1d76fad50df32f9ac6ca35e72617d013c31e1d3896ab1d 12660 
postbooks-updater_2.4.0-3.debian.tar.xz
 2523162eb9f00ff6d8cbc21d6157a6d18e8374ad6642e91527b2db2d4cd95fc8 2870986 
postbooks-updater-dbgsym_2.4.0-3_amd64.deb
 d29bf94ca15a1d80922204c0a2e7facfa6b856cea514cc4f8fc17c14db07dc67 11361 
postbooks-updater_2.4.0-3_amd64.buildinfo
 c549083b597b7e89121a121201d5a873ab570098d4ba01f526a6d86ba4d03f5d 135508 
postbooks-updater_2.4.0-3_amd64.deb
Files:
 df77c21f2c797b3c4cab390a2c258ea4 2331 misc optional 
postbooks-updater_2.4.0-3.dsc
 e6392c9b8e4a2b4beebe197110133adc 12660 misc optional 
postbooks-updater_2.4.0-3.debian.tar.xz
 d7255703df9c156ffebd5bba8e640cfa 2870986 debug extra 
postbooks-updater-dbgsym_2.4.0-3_amd64.deb
 be667ca18e6939db7b63decb598cef1b 11361 misc optional 
postbooks-updater_2.4.0-3_amd64.buildinfo
 dc96791c917cf52626ffa973b64aa6cb 135508 misc optional 
postbooks-updater_2.4.0-3_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJZA0suAAoJEGxlgOd711bEgIgP/ib04K0Jqio49a4i+yBsSdb6
8ysNi43qEE/qqr5aE93gRL5kOK1/JZvRtzLxyULC6uro4P95rCrngUBWePrgJATA
Yq46ZfK4pRy1FKQlRF+p+E/ArEa5X25KoXsfSlikDs0q7nhd3NMAtfp7DKFi5O1L
M9Qs5Hl01hLKOoM1WQzm+qOIzIEDlL8zsKXiN1K+3mXTTePvKwPC1A272gfZFX/s
Q0sL/1CPHGb2vs16vzvaF/+dnXpisk+BSUMWZOtqQ3kPmA1pWiS+gs1gB861C2kb
3M4LeFBZ5gNBcFNjEabOL3xjNwOfJ2MkPPmrFfeHNzIX7DCZ1Cza9uj6wKJk/trf
sf0ZL5jh3AuHYmh3Bz+RAsJTZ0cXmc++H2rkk6Mc5rL46GzQhuRnlan9KeNUJWSl
fnkwS5zxfUOEA9jZPGjpzIPOL6JRNZjbvjsy5Wv6WzTuHpXOLJ2g9DAlqt7fD+S9
QgXemTVQ14mOhLFMutuAZoboV1sn2owG9H6EoyTnZlSG5/6VC5bD92vY7zpHxF2I
fimZS9mTnPqKFriyy5Qaw8ZIVdMQ/PmTZy+cnIbRm+A383mHnF0LhAzArf6NkNry
bN+OjoSpGdQT5328Rq7XwPcrTA6dJ95yzfM+UV/Zi4pNvNvOzsYvpSLpZQy03K1q
yCWv/NBaWxWrq2Zd7QwR
=0QDd
-END PGP SIGNATURE End Message ---

Bug#861077: [Pkg-nagios-devel] Bug#861077: icinga-idoutils: fails to upgrade squeeze -> wheezy -> jessie -> stretch

[Sebastiaan Couwenberg]

On 04/28/2017 04:01 PM, Sebastiaan Couwenberg wrote:
> On 04/26/2017 01:02 PM, Bas Couwenberg wrote:
>> It's probably sufficient to fix the case of the constraints as per the
>> attached patch. I've haven't tested this (yet), as I don't know who to
>> reproduce the issue with piuparts.
> 
> The patch is not the solution. Because the problem is not the case of
> the constraint.
> 
> The squeeze version of icinga doesn't create a named constraint, this
> was changed in the wheezy version. The database upgrade scripts for the
> various versions don't change the constraints though.
> 
> Adding "IF EXISTS" will likely help to address the SQL error (per the
> attached patch), but will not fix the upstream issue as the unnamed
> UNIQUE constraints will still be present.

Also removing the automatically named constraints if they exists is
probably sufficient. I've updated the proposed patch once again.

Markus, what do you think?

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1


pgsql-upgrade-1.13.0.patch
Description: application/pgp-encrypted

Processed: severity

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 861408 serious
Bug #861408 [postbooks-updater] Qt5 package with a Qt4 dependency, 
libqt4-sql-psql
Severity set to 'serious' from 'important'
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
861408: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861408
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861077: icinga-idoutils: fails to upgrade squeeze -> wheezy -> jessie -> stretch

[Sebastiaan Couwenberg]

On 04/26/2017 01:02 PM, Bas Couwenberg wrote:
> It's probably sufficient to fix the case of the constraints as per the
> attached patch. I've haven't tested this (yet), as I don't know who to
> reproduce the issue with piuparts.

The patch is not the solution. Because the problem is not the case of
the constraint.

The squeeze version of icinga doesn't create a named constraint, this
was changed in the wheezy version. The database upgrade scripts for the
various versions don't change the constraints though.

Adding "IF EXISTS" will likely help to address the SQL error (per the
attached patch), but will not fix the upstream issue as the unnamed
UNIQUE constraints will still be present.

Markus, do you have any suggestions how to fix this?

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1


pgsql-upgrade-1.13.0.patch
Description: application/pgp-encrypted

Bug#856487: libsbc1: compiling with gcc > 4.9 causes stack corruption

[Adrian Bunk]

On Mon, Apr 17, 2017 at 05:02:32PM +0100, Paul Brook wrote:
> Package: libsbc1
> Version: 1.3-1+b2
> Followup-For: Bug #856487
> 
> Not a stack corruption.
> 
> This is miscompilation of sbc_analyze_4b_8s_armv6.  gcc appears to look
> into the asm function and decides that it does not clobber r3 (which the
> normal ARM ABI says is call clobbered).  The last out += out_stride ends
> up incrementing the pointer by an arbitrary amount.
> 
> The attached patch works around the bug.

Unfortunately this is not correct since extended asm is not allowed in 
naked functions.

Short-term I'd suggest to use the attached patch, that disables the 
ARMv6 asm implementation and uses the C implementation instead.

> I'm not entirely sure whether this is a gcc bug or not, but at best it's
> surprising behavior from gcc.  I've attached a reduced testcase for the 
> toolchain
> folks to argue over (compile with gcc -O2, tested with gcc 6.3.0-2 from
> sid).

This is either a bug in gcc or insufficient documentation in gcc.

Could you (or did you already) submit that to the gcc bugzilla?

> Paul
>...

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Description: Disable the ARMv6 asm implementation
 This gets miscompiled with recent gcc since gcc does not consider
 r3 clobbered by the basic asm in a naked function (see #856487).
 .
 The imost simple short-term fix is to disable the ARMv6 asm
 implementation on armhf and use the C implementation instead.
Author: Adrian Bunk 
Bug-Debian: https://bugs.debian.org/856487

--- sbc-1.3.orig/sbc/sbc_primitives_armv6.h
+++ sbc-1.3/sbc/sbc_primitives_armv6.h
@@ -35,7 +35,7 @@
 	defined(__ARM_ARCH_6M__) || defined(__ARM_ARCH_7__) || \
 	defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || \
 	defined(__ARM_ARCH_7M__)
-#define SBC_HAVE_ARMV6 1
+//#define SBC_HAVE_ARMV6 1
 #endif
 
 #if !defined(SBC_HIGH_PRECISION) && (SCALE_OUT_BITS == 15) && \

Bug#861077: [Pkg-nagios-devel] Bug#861077: icinga-idoutils: fails to upgrade squeeze -> wheezy -> jessie -> stretch

[Sebastiaan Couwenberg]

On 04/28/2017 12:38 PM, Sebastiaan Couwenberg wrote:
> On 04/28/2017 12:29 PM, Andreas Beckmann wrote:
>> On 2017-04-28 11:58, Sebastiaan Couwenberg wrote:
>>> Thanks for the feedback. Unfortunately my piuparts tests fail to upgrade
>>> postgresql from 8.4 to 9.1 not even getting to the point of testing the
>>> icinga-idoutils upgrade.
>>
>> You tested amd64? I've encountered some postgresql upgrade related
>> issues on amd64 recently, but haven't investigated them carefully. i386
>> seems to work fine.
> 
> Yes, I tested am64 for which I already had a squeeze pbuilder chroot
> around. I'll try again with a newly created i386 chroot.

No joy there either. The upgrade to wheezy fails again for unrelated
reasons:

 The following packages have unmet dependencies:
  libc6-dev : Breaks: gcc-4.4 (< 4.4.6-4) but 4.4.5-8 is to be installed
 E: Broken packages

I guess I'll have to setup a proper VM and do interactive upgrades.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Processed: Not a problem with the gcc version in jessie

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 857901 stretch sid
Bug #857901 {Done: John Paul Adrian Glaubitz } 
[src:tennix] tennix FTBFS on architectures where char is unsigned
Added tag(s) sid and stretch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
857901: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857901
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Does not apply to jessie

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 859656 stretch sid
Bug #859656 {Done: Hilko Bengen } [src:supermin] binutils: 
mips: undefined hidden symbols cause assertion failure bfd/elfxx-mips.c:3860
Added tag(s) sid and stretch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
859656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859656
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861119: marked as done (nanoc: FTBFS under some timezones (eg. GMT-14))

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 10:50:52 +
with message-id 
and subject line Bug#861119: fixed in nanoc 4.4.7-3
has caused the Debian Bug report #861119,
regarding nanoc: FTBFS under some timezones (eg. GMT-14)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861119: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861119
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nanoc
Version: 4.4.7-2
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Dear Maintainer,

nanoc fails to build from source in unstable/amd64 under 
some timezones (eg. TZ="/usr/share/zoneinfo/Etc/GMT-14"):

  […]

  Nanoc::DataSources::FilesystemTest#test_parse_embedded_no_meta = 0.02 s = .
  
Nanoc::DataSources::FilesystemTest#test_all_split_files_in_allowing_periods_in_identifiers
 = 0.02 s = .
  
Nanoc::DataSources::FilesystemTest#test_all_split_files_in_disallowing_periods_in_identifiers
 = 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_identifier_for_filename_allowing_periods_in_identifiers
 = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_utf8_bom = 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_all_split_files_in_with_same_extensions 
= 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_ext_of_allowing_periods_in_identifiers 
= 0.02 s = .
  
Nanoc::DataSources::FilesystemTest#test_identifier_for_filename_with_index_filenames_allowing_periods_in_identifier
 = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_external_bad_metadata = 0.02 s 
= .
  
Nanoc::DataSources::FilesystemTest#test_ext_of_disallowing_periods_in_identifiers
 = 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_basename_of_allowing_periods_in_identifiers
 = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_load_objects = 0.03 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_embedded_meta_only_1 = 0.03 s = 
.
  
Nanoc::DataSources::FilesystemTest#test_parse_embedded_separators_but_not_metadata
 = 0.02 s = .
  
Nanoc::DataSources::FilesystemTest#test_all_split_files_in_with_multiple_content_files
 = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_embedded_full_meta = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_external = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_all_split_files_in_with_multiple_dirs 
= 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_identifier_for_filename_disallowing_periods_in_identifiers
 = 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_basename_of_disallowing_periods_in_identifiers
 = 0.02 s = .
  
Nanoc::DataSources::FilesystemTest#test_load_objects_correct_identifier_with_separate_yaml_file
 = 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_identifier_for_filename_with_full_style_identifier
 = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_embedded_diff = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_embedded_empty_meta = 0.02 s = .
  Nanoc::DataSources::FilesystemTest#test_load_layouts_with_nil_dir_name = 0.02 
s = .
  Nanoc::DataSources::FilesystemTest#test_compile_iso_8859_1_site = 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_identifier_for_filename_with_index_filenames_disallowing_periods_in_identifier
 = 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_identifier_for_filename_with_subfilename_allowing_periods_in_identifiers
 = 0.03 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_embedded_with_extra_spaces = 
0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_compile_iso_8859_1_site_with_explicit_encoding
 = 0.03 s = .
  Nanoc::DataSources::FilesystemTest#test_load_objects_with_same_extensions = 
0.03 s = .
  Nanoc::DataSources::FilesystemTest#test_filename_for = 0.03 s = .
  Nanoc::DataSources::FilesystemTest#test_load_binary_layouts = 0.03 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_embedded_invalid_2 = 0.03 s = .
  
Nanoc::DataSources::FilesystemTest#test_load_objects_disallowing_periods_in_identifiers
 = 0.03 s = .
  Nanoc::DataSources::FilesystemTest#test_parse_internal_bad_metadata = 0.03 s 
= .
  Nanoc::Checking::DSLTest#test_from_file = 0.03 s = .
  Nanoc::Checking::DSLTest#test_has_absolute_path = 0.03 s = .
  Nanoc::Checking::DSLTest#test_has_base_path = 0.03 s = .
  Nanoc::Filters::RedClothTest#test_filter = 0.03 s = .
  Nanoc::Filters::RedClothTest#test_filter_with_options = 0.03 s = .
  Nanoc::Helpers::XMLSitemapTest#test_filter = 0.03 s = .
  

Bug#861281: rnahybrid: FTBFS on armel

[Edmund Grimley Evans]

There may be no demand for this package (rnahybrid) on armel, but the
FTBFS might be caused by a bug in gcc-6, which would be worth
reporting if someone can confirm it.

Bug#861077: icinga-idoutils: fails to upgrade squeeze -> wheezy -> jessie -> stretch

[Sebastiaan Couwenberg]

On 04/28/2017 12:29 PM, Andreas Beckmann wrote:
> On 2017-04-28 11:58, Sebastiaan Couwenberg wrote:
>> Thanks for the feedback. Unfortunately my piuparts tests fail to upgrade
>> postgresql from 8.4 to 9.1 not even getting to the point of testing the
>> icinga-idoutils upgrade.
> 
> You tested amd64? I've encountered some postgresql upgrade related
> issues on amd64 recently, but haven't investigated them carefully. i386
> seems to work fine.

Yes, I tested am64 for which I already had a squeeze pbuilder chroot
around. I'll try again with a newly created i386 chroot.

>> That's probably due to my setup not having the
>> reference-chroot-metadata.dat, can you send me a copy?
> 
> If that file is missing, the info will be generated on the fly (by
> running an upgrade sequence on the base system only), the test just
> takes more time. That file would be invalidated by the next mirror push
> updating something in stretch anyway.

Thank for the clarification.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#861121: marked as done (weechat: CVE-2017-8073)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 10:32:40 +
with message-id 
and subject line Bug#861121: fixed in weechat 1.0.1-1+deb8u1
has caused the Debian Bug report #861121,
regarding weechat: CVE-2017-8073
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861121: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861121
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: weechat
Version: 1.0.1-1
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for weechat.

CVE-2017-8073[0]:
| WeeChat before 1.7.1 allows a remote crash by sending a filename via
| DCC to the IRC plugin. This occurs in the
| irc_ctcp_dcc_filename_without_quotes function during quote removal,
| with a buffer overflow.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073
[1] https://weechat.org/news/95/20170422-Version-1.7.1/
[2] 
https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: weechat
Source-Version: 1.0.1-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated weechat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 25 Apr 2017 07:01:43 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc 
weechat-dev weechat-dbg
Architecture: all source
Version: 1.0.1-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Emmanuel Bouthenot 
Changed-By: Salvatore Bonaccorso 
Closes: 861121
Description: 
 weechat- Fast, light and extensible chat client
 weechat-core - Fast, light and extensible chat client - core files
 weechat-curses - Fast, light and extensible chat client - console client
 weechat-dbg - Fast, light and extensible chat client - debugging symbols
 weechat-dev - Fast, light and extensible chat client - development headers
 weechat-doc - Fast, light and extensible chat client - documentation
 weechat-plugins - Fast, light and extensible chat client - plugins
Changes:
 weechat (1.0.1-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * irc: fix parsing of DCC filename (CVE-2017-8073) (Closes: #861121)
Checksums-Sha1: 
 9c36a0184acfc045cdf9182d5e8d78f15003c8c0 2611 weechat_1.0.1-1+deb8u1.dsc
 6ff5ab2a5b2044dbdc555d00053cc32315703566 1662196 weechat_1.0.1.orig.tar.xz
 3a98df11362fcf304b96dd9ce51c25b9ac40ecc5 15140 
weechat_1.0.1-1+deb8u1.debian.tar.xz
 b8e3ae40189a3ecae1c78e55879866d4822cf316 48720 weechat_1.0.1-1+deb8u1_all.deb
 fd4369e583c7509f97790f96e210ac900a08a72f 775034 
weechat-doc_1.0.1-1+deb8u1_all.deb
 48d5dba1530b303290c1d1c04384cc6f695186ef 60228 
weechat-dev_1.0.1-1+deb8u1_all.deb
Checksums-Sha256: 
 3bdaeffdad111b6dfe6d0d04fdf71c099108c7ad30c49748e7b9ee22d959b8e0 2611 
weechat_1.0.1-1+deb8u1.dsc
 3ce0ec8a2f3a4c4f10fb0e49f71128c914b04368ce3e55a7cc378ad6c5664d7a 1662196 
weechat_1.0.1.orig.tar.xz
 e010fa2351011699d065035a6ca730e4f3f72a44e6744d87fca88d50e534bac0 15140 
weechat_1.0.1-1+deb8u1.debian.tar.xz
 820567af38f71d8e99665b041150b013e64538e28e4825073de21ea0ecdd 48720 
weechat_1.0.1-1+deb8u1_all.deb
 29b716635578e7aab8cac25d229db57c7cdf2d4ce5ae2b63a60ada69c78633dc 775034 
weechat-doc_1.0.1-1+deb8u1_all.deb
 084a1c005a373677b53afda7e624f6e20ab8f1bd92be4c5d2e2631bfad2c278b 60228 
weechat-dev_1.0.1-1+deb8u1_all.deb
Files: 
 9df928d3d80fa91c6f4121e4ce69401e 2611 net optional weechat_1.0.1-1+deb8u1.dsc
 6a2d15eae08bb83499400e0255f31431 1662196 net optional weechat_1.0.1.orig.tar.xz
 92167bf6935d34844f41ba6b596f1198 15140 net optional 

Bug#860544: marked as done (Security fixes from the April 2017 CPU)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 10:32:27 +
with message-id 
and subject line Bug#860544: fixed in mysql-5.5 5.5.55-0+deb8u1
has caused the Debian Bug report #860544,
regarding Security fixes from the April 2017 CPU
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860544: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860544
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mysql-5.5
Version: 5.5.54-0+deb8u1
Severity: grave
Tags: security upstream fixed-upstream

The Oracle Critical Patch Update for April 2017 will be released on  
Tuesday, April 18. According to the pre-release announcement [1], it  
will contain information about CVEs fixed in MySQL 5.5.55.

The CVE numbers will be available when the CPU is released.

Please note that the MySQL release cycle has changed from every two
months to every three months. The releases are now synchronized with
the CPU announcements.

Best regards,

Norvald H. Ryeng

[1] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
--- End Message ---
--- Begin Message ---
Source: mysql-5.5
Source-Version: 5.5.55-0+deb8u1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Tangvald  (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 18 Apr 2017 09:24:12 +0200
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev 
mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 
mysql-server mysql-client mysql-testsuite mysql-testsuite-5.5 mysql-source-5.5
Architecture: all source
Version: 5.5.55-0+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian MySQL Maintainers 
Changed-By: Lars Tangvald 
Closes: 854713 860544
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest 
versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest 
versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite - MySQL testsuite
 mysql-testsuite-5.5 - MySQL testsuite
Changes:
 mysql-5.5 (5.5.55-0+deb8u1) jessie-security; urgency=high
 .
   * Imported upstream version 5.5.55 to fix security issues:
 - 
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
 - CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309
 - CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461
 - CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600
 (Closes: #860544, #854713)
   * d/patches: refreshed 62_disable_tests.patch
   * d/patches: dropped fix_test_events_2.patch. Issue fixed upstream
Checksums-Sha1: 
 0e87be3d9901201d8686248c01138eb2b3ed8de3 3262 mysql-5.5_5.5.55-0+deb8u1.dsc
 8ab934610e09e5325e143680a201d86ba7f2f70d 21040959 mysql-5.5_5.5.55.orig.tar.gz
 8c56d62fda9a53c4cad146e8668998ef5073c13a 232772 
mysql-5.5_5.5.55-0+deb8u1.debian.tar.xz
 0c9814f51aea9d5562c917e33e227a0ac305b388 85990 
mysql-common_5.5.55-0+deb8u1_all.deb
 109bc8468b6c4801064a680117a3740eef247800 84232 
mysql-server_5.5.55-0+deb8u1_all.deb
 266d43a5ea80782f7879184f69ac559aabd7a7cd 84106 
mysql-client_5.5.55-0+deb8u1_all.deb
 88770fe124e15a608169ae3d7713b9d30a0a709a 84084 
mysql-testsuite_5.5.55-0+deb8u1_all.deb
Checksums-Sha256: 
 52cabbff6950dd73e89db86092c84cd658c49f59120af6eab8b35d4a67e92850 3262 
mysql-5.5_5.5.55-0+deb8u1.dsc
 

Bug#861077: icinga-idoutils: fails to upgrade squeeze -> wheezy -> jessie -> stretch

[Andreas Beckmann]

On 2017-04-28 11:58, Sebastiaan Couwenberg wrote:
> Thanks for the feedback. Unfortunately my piuparts tests fail to upgrade
> postgresql from 8.4 to 9.1 not even getting to the point of testing the
> icinga-idoutils upgrade.

You tested amd64? I've encountered some postgresql upgrade related
issues on amd64 recently, but haven't investigated them carefully. i386
seems to work fine.

> That's probably due to my setup not having the
> reference-chroot-metadata.dat, can you send me a copy?

If that file is missing, the info will be generated on the fly (by
running an upgrade sequence on the base system only), the test just
takes more time. That file would be invalidated by the next mirror push
updating something in stretch anyway.


Andreas

Bug#861388: roundcube: CVE-2017-8114: security issue in virtualmin and sasl drivers

[Salvatore Bonaccorso]

Source: roundcube
Version: 1.2.3+dfsg.1-3
Severity: grave
Tags: upstream security

Hi,

the following vulnerability was published for roundcube.

CVE-2017-8114[0]:
security issue in virtualmin and sasl drivers

The security tracker contains the commit references for 1.2.x, 1.1.x
and 1.0.x.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114

Regards,
Salvatore

Bug#861387: fails to open applet menu

[Mika Hanhijärvi]

Package: pasystray
Version: 0.6.0-1
Severity: grave

Hello

pasystray applet is visible in the Gnome's legacy icon tray but when I click
the  icon then applet menu does not open. This makes pasystray unusable,
atleast on Gnome, I do not know if the problem happens on other desktops too.



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pasystray depends on:
ii  gnome-icon-theme 3.12.0-2
ii  libatk1.0-0  2.22.0-1
ii  libavahi-client3 0.6.32-2
ii  libavahi-common3 0.6.32-2
ii  libavahi-glib1   0.6.32-2
ii  libc62.24-10
ii  libcairo-gobject21.14.8-1
ii  libcairo21.14.8-1
ii  libgdk-pixbuf2.0-0   2.36.5-2
ii  libglib2.0-0 2.50.3-2
ii  libgtk-3-0   3.22.11-1
ii  libnotify4   0.7.7-2
ii  libpango-1.0-0   1.40.4-1
ii  libpangocairo-1.0-0  1.40.4-1
ii  libpulse-mainloop-glib0  10.0-1
ii  libpulse010.0-1
ii  libx11-6 2:1.6.4-3

pasystray recommends no packages.

Versions of packages pasystray suggests:
ii  paman   0.9.4-1+b3
ii  paprefs 0.9.10-2+b1
ii  pavucontrol 3.0-3+b3
ii  pavumeter   0.9.3-4+b3
ii  pulseaudio-module-zeroconf  10.0-1

-- no debconf information

Bug#860805: [Pkg-opencl-devel] Bug#860805: Could we set bug #860805 against beignet-opencl-icd to stretch-is-blocker?

[Holger Levsen]

On Fri, Apr 28, 2017 at 09:35:53AM +0200, Andreas Tille wrote:
> Please excuse my hardware ignorance but how can I tell whether my hardware
> has Haswell?  Any one-liner to read out the relevant part from the system
> information?
 
compare /proc/cpuinfo with 
https://en.wikipedia.org/wiki/Haswell_%28microarchitecture%29#List_of_Haswell_processors

probably hwinfo from that package will also detected it, dunno.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#861077: icinga-idoutils: fails to upgrade squeeze -> wheezy -> jessie -> stretch

[Sebastiaan Couwenberg]

Hi Andreas,

On 04/26/2017 01:44 PM, Andreas Beckmann wrote:
> On 2017-04-26 13:02, Bas Couwenberg wrote:
>> Andreas, how can the upgrade test you performed be reproduced by others
>> using piuparts?
> 
> 1. The comand line I used can be found in the logfile. That may have to
> be adjusted for your paths (I run an installation from git, not packages).
> Try to reproduce the bug.
> 
> 2. Put the new packages you want to test (instead of what is currently
> in stretch) (*.deb + Packages) into /tmp/icido (or whereever).
> Run piuparts with --bindmount /tmp/icido --testdebs-repo /tmp/icido
> --distupgrade-to-testdebs
> 
> 3. Send a patch for the piuparts documentation to have such information
> in a place where you would have looked for it in words you would have
> understood :-)

Thanks for the feedback. Unfortunately my piuparts tests fail to upgrade
postgresql from 8.4 to 9.1 not even getting to the point of testing the
icinga-idoutils upgrade. That's probably due to my setup not having the
reference-chroot-metadata.dat, can you send me a copy?

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#858109: marked as done (live-f1 isn't working anymore due to changes on the data-providing side.)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:40:43 +
with message-id 
and subject line Bug#762541: Removed package(s) from unstable
has caused the Debian Bug report #858109,
regarding live-f1 isn't working anymore due to changes on the data-providing 
side.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858109: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858109
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: live-f1
Version: 0.2.10-1.1+b2
Severity: grave
Tags: upstream
Justification: renders package unusable

This package relies on the presence of a data-providing API at
live-timing.formula1.com.

live-f1: login request failed: Could not resolve hostname
`live-timing.formula1.com': Host not found

That address isn't available anymore. The new method from Formula1 is at
https://www.formula1.com/en/f1-live.html and as far as i can see is completely
new, so this program would require a rewrite to handle that.

In this version (even the newer 0.2.11 from 2014) the program doesn't do
anything anymore.

Cord


-- System Information:
Debian Release: 9.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages live-f1 depends on:
ii  libc6 2.24-9
ii  libncurses5   6.0+20161126-1
ii  libneon27-gnutls  0.30.2-2
ii  libtinfo5 6.0+20161126-1

live-f1 recommends no packages.

live-f1 suggests no packages.

-- debconf-show failed
--- End Message ---
--- Begin Message ---
Version: 0.2.10-1.1+rm

Dear submitter,

as the package live-f1 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/762541

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#857327: marked as done (libapache2-authenntlm-perl: does not work with Apache 2.4)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:40:26 +
with message-id 
and subject line Bug#860916: Removed package(s) from unstable
has caused the Debian Bug report #857327,
regarding libapache2-authenntlm-perl: does not work with Apache 2.4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
857327: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857327
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libapache2-authenntlm-perl
Version: 0.02-7+b1
Severity: important

I've configured this module as per 
http://search.cpan.org/~speeves/Apache2-AuthenNTLM-0.02/AuthenNTLM.pm

However when used it emits the following errors:

[Fri Mar 10 14:46:50.659689 2017] [perl:error] [pid 15491] [client 
192.168.42.2:40383] Can't locate object method "remote_addr" via package 
"Apache2::Connection" at 
/usr/lib/i386-linux-gnu/perl5/5.20/Apache2/AuthenNTLM.pm line 504.\n

A quick Google suggests this is because it is using Apache pre-2.4 API.

I've marked this important as the package appears to be completely unusable 
currently.



Hamish

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libapache2-authenntlm-perl depends on:
ii  libapache2-mod-perl22.0.9~1624218-2+deb8u1
ii  libc6   2.19-18+deb8u7
ii  perl5.20.2-3+deb8u6
ii  perl-base [perlapi-5.20.0]  5.20.2-3+deb8u6

libapache2-authenntlm-perl recommends no packages.

libapache2-authenntlm-perl suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.02-8+rm

Dear submitter,

as the package libapache2-authenntlm-perl has just been removed from the Debian 
archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/860916

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#857902: marked as done (golang-gocheck: package superceded by golang-check.v1)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:40:38 +
with message-id 
and subject line Bug#857917: Removed package(s) from unstable
has caused the Debian Bug report #857902,
regarding golang-gocheck: package superceded by golang-check.v1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
857902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857902
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-gocheck
Version: 0.0~bzr20131118+85-2
Severity: serious
X-Debbugs-CC: pkg-go-maintain...@lists.alioth.debian.org

Hello,

The package golang-gocheck is actually an old version of golang-check.v1 with 
one RC bug [1]. As a result, this package should be useless and should be 
removed from the archive.

Here I suggest sending a Removal Request to ftpmaster in order to delete it 
from Debian archive. Since I am not really familiar with Go packaging, I'm 
seeking help from pkg-go-maintainers and package's original maintainer first. 
If there's no response, I would file an RM request later.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785772

--
Sincerely,
Boyuan Yang

signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Version: 0.0~bzr20131118+85-2+rm

Dear submitter,

as the package golang-gocheck has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/857917

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#734838: marked as done (tcl8.4: Time to remove from testing)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:40:34 +
with message-id 
and subject line Bug#858695: Removed package(s) from unstable
has caused the Debian Bug report #734838,
regarding tcl8.4: Time to remove from testing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
734838: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734838
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tcl8.4
Version: 8.4.20-1
Severity: serious

Dear Maintainer,

It's time to remove Tcl 8.4 from testing.

-- System Information:
Debian Release: 7.3
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable'), (100, 'unstable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 8.4.20-8+rm

Dear submitter,

as the package tcl8.4 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/858695

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#789991: marked as done (FTBFS: Test failures including FixtureS.TestPanicOnSetUpSuite, FixtureS.TestPanicOnSetUpTest)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:40:38 +
with message-id 
and subject line Bug#857917: Removed package(s) from unstable
has caused the Debian Bug report #789991,
regarding FTBFS: Test failures including FixtureS.TestPanicOnSetUpSuite, 
FixtureS.TestPanicOnSetUpTest
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
789991: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789991
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-gocheck
Version: 0.0~bzr20131118+85-2
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs


Dear Maintainer,

The package fails to build during its tests:

--
FAIL: fixture_test.go:132: FixtureS.TestPanicOnSetUpSuite

fixture_test.go:153:
c.Check(output.value, Matches, expected)
 value string = "" +
 "\n" +
 
"--\n" +
 "PANIC: gocheck_test.go:119: FixtureHelper.SetUpSuite\n" +
 "\n" +
 "... Panic: SetUpSuite (PC=0x43A0F5)\n" +
 "\n" +
 "/usr/lib/go/src/runtime/asm_amd64.s:401\n" +
 "  in call16\n" +
 "/usr/lib/go/src/runtime/panic.go:387\n" +
 "  in gopanic\n" +
 "gocheck_test.go:109\n" +
 "  in FixtureHelper.trace\n" +
 "gocheck_test.go:120\n" +
 "  in FixtureHelper.SetUpSuite\n" +
 "/usr/lib/go/src/runtime/asm_amd64.s:401\n" +
 "  in call16\n"
 regex string = "" +
 "^\n" +
 "-+\n" +
 "PANIC: gocheck_test\\.go:[0-9]+: FixtureHelper.SetUpSuite\n" +
 "\n" +
 "\\.\\.\\. Panic: SetUpSuite \\(PC=[xA-F0-9]+\\)\n" +
 "\n" +
 ".+:[0-9]+\n" +
 "  in panic\n" +
 ".*gocheck_test.go:[0-9]+\n" +
 "  in FixtureHelper.trace\n" +
 ".*gocheck_test.go:[0-9]+\n" +
 "  in FixtureHelper.SetUpSuite\n" +
 ".+:[0-9]+\n" +
 "  in call[0-9]+\n" +
 "$"



OOPS: 119 passed, 5 FAILED
--- FAIL: Test (0.18s)
FAIL
exit status 1
FAILlaunchpad.net/gocheck   0.186s


I can reproduce these five tests failing locally.
Jenkins finds some benchmark tests failing too:
https://reproducible.debian.net/rb-pkg/unstable/amd64/golang-gocheck.html

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.19.0-21-generic (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Version: 0.0~bzr20131118+85-2+rm

Dear submitter,

as the package golang-gocheck has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/857917

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#861281: rnahybrid: FTBFS on armel

[Adrian Bunk]

On Thu, Apr 27, 2017 at 07:23:20AM +, Gianfranco Costamagna wrote:
> Hello,
> 
> > rnahybrid FTBFS on armel:
> 
> 
> the warning above is somewhat important
> (too many nested loops), and this usually relates badly with
> high optimization levels
>...

The warning is about an off-by-one in the loop condition that 
writes past the end of the array - that's an unrelated bug.

There are 3 levels of loops at the location of the warning,
that is not a problem.

> G.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#861295: marked as done (ghostscript: CVE-2017-8291: shell injection)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:03:57 +
with message-id 
and subject line Bug#861295: fixed in ghostscript 9.20~dfsg-3.1
has caused the Debian Bug report #861295,
regarding ghostscript: CVE-2017-8291: shell injection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: upstream security
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808

Hi,

the following vulnerability was published for ghostscript.

CVE-2017-8291[0]:
| Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote
| command execution via a "/OutputFile (%pipe%" substring in a crafted
| .eps document that is an input to the gs program, as exploited in the
| wild in April 2017.

Regading the CVE assignment, note that it is psecific to the shell
injection, as per
https://bugs.ghostscript.com/show_bug.cgi?id=697808#c1 if the
segmentation violation that is seen when executing this sample
represents a second security issue then it will get a second CVE.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697808

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.20~dfsg-3.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated ghostscript 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 28 Apr 2017 06:50:05 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common 
libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.20~dfsg-3.1
Distribution: unstable
Urgency: high
Maintainer: Debian Printing Team 
Changed-By: Salvatore Bonaccorso 
Closes: 859662 859666 859694 859696 861295
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug 
symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - 
Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 
support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9 - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common 
file
Changes:
 ghostscript (9.20~dfsg-3.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * -dSAFER bypass and remote command execution via a "/OutputFile  (%pipe%"
 substring (CVE-2017-8291) (Closes: #861295)
   * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696)
   * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220)
 (Closes: #859694)
   * Avoid divide by 0 in scan conversion code (CVE-2016-10219)
 (Closes: #859666)
   * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217)
 (Closes: #859662)
Checksums-Sha1: 
 27beb46933666fd84a822dc2f11043dd9816582e 3025 ghostscript_9.20~dfsg-3.1.dsc
 ff6c9d1f36d0f4baff2f1fca1bfdbe36f2cadf75 114264 
ghostscript_9.20~dfsg-3.1.debian.tar.xz
 38aba5ecd413b0fe8d6f233de1987b18ee43edbb 5630604 
ghostscript-doc_9.20~dfsg-3.1_all.deb
 fd085947763beac463eb617ef0c19458bdf40f86 5160310 
libgs9-common_9.20~dfsg-3.1_all.deb
Checksums-Sha256: 
 7eea1566d95e1970a46635aee3ff6d8cc528907bb0ff3815df7d5430e5bc9158 3025 
ghostscript_9.20~dfsg-3.1.dsc
 

Bug#828332: marked as done (grpc: FTBFS with openssl 1.1.0)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:00:11 +
with message-id 
and subject line Bug#828332: fixed in grpc 1.2.5-1+nmu0
has caused the Debian Bug report #828332,
regarding grpc: FTBFS with openssl 1.1.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
828332: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828332
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: grpc
Version: 0.12.0-1
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/grpc_0.12.0-1_amd64-20160529-1424

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt
--- End Message ---
--- Begin Message ---
Source: grpc
Source-Version: 1.2.5-1+nmu0

We believe that the bug you reported is fixed in the latest version of
grpc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 828...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steinar H. Gunderson  (supplier of updated grpc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 26 Apr 2017 19:11:42 +0200
Source: grpc
Binary: libgrpc-dev libgrpc3 libgrpc++-dev libgrpc++1 protobuf-compiler-grpc
Architecture: source amd64
Version: 1.2.5-1+nmu0
Distribution: unstable
Urgency: medium
Maintainer: gRPC Package Maintainers 
Changed-By: Steinar H. Gunderson 
Description:
 libgrpc++-dev - high performance general RPC framework (development)
 libgrpc++1 - high performance general RPC framework
 libgrpc-dev - high performance general RPC framework (development)
 libgrpc3   - high performance general RPC framework
 protobuf-compiler-grpc - high performance general RPC framework - protobuf 
plugin
Closes: 812845 818327 828332 860316
Changes:
 grpc (1.2.5-1+nmu0) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
 * Fixes CVE-2017-7860 and CVE-2017-7861. (Closes: #860316)
 * Build the C++ library in addition to the C library.
   * New packages libgrpc++-dev and libgrpc++1.
   * Make a new package protobuf-compiler-grpc. (Closes: #818327)
 * Add build-dependency on libprotoc-dev.
 * Disable running tests, as they depend on Google's benchmark library,
   which does not exist in Debian yet (and we do not wish to vendor it).
   (By extension, Closes: #812845)
 * Soname bump from libgrpc0 to libgrpc3.
   * openssl-1.1.0.diff: New patch, fixes FTBFS with OpenSSL 1.1.0.
 (Closes: #828332)
   * fix-libgrpc++-soname.diff: New patch, fixes the symlink of libgrpc++
 to match the soname (fix for upstream bug #10299).
   * Install libgrpc_unsecure.a.
   * Install the pkg-config files.
   * Upgrade to Standards-Version 3.9.8 (no changes needed).
Checksums-Sha1:
 5aec3a959813a532dd1d7b8f202f1aaec1e57d7e 2260 grpc_1.2.5-1+nmu0.dsc
 5ddb0a8f6b3e9a369892c460f41d1803eed89397 4450406 grpc_1.2.5.orig.tar.gz
 aed2154492399d320313c52a30dbae02c5eff7af 4976 grpc_1.2.5-1+nmu0.debian.tar.xz
 57cc69a8816d5161a025a7a8e940a50ea30c6385 7884 grpc_1.2.5-1+nmu0_amd64.buildinfo
 07fe7248073e101e433f3c2f4508146ab4464752 455392 
libgrpc++-dev_1.2.5-1+nmu0_amd64.deb
 337001cc4c813f28aabb02afc8b1a63b929be1d1 389890 
libgrpc++1_1.2.5-1+nmu0_amd64.deb
 b25ae628e4d54a4dfeeafd02b6c1bca8c740a32d 388212 
libgrpc-dev_1.2.5-1+nmu0_amd64.deb
 bfb649bf7185023258922d54812c0ed9df88095e 442002 libgrpc3_1.2.5-1+nmu0_amd64.deb
 a41efe0124182d888e76b5e185fc21aa19ef78da 1733122 
protobuf-compiler-grpc-dbgsym_1.2.5-1+nmu0_amd64.deb
 

Bug#812845: marked as done (grpc: FTBFS: httpscli_test: failed to connect to 'ipv6:[::1]:54383': socket error: connection refused)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:00:10 +
with message-id 
and subject line Bug#812845: fixed in grpc 1.2.5-1+nmu0
has caused the Debian Bug report #812845,
regarding grpc: FTBFS: httpscli_test: failed to connect to 'ipv6:[::1]:54383': 
socket error: connection refused
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
812845: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812845
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: grpc
Version: 0.12.0-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Dear Maintainer,

grpc fails to build from source in unstable/amd64:

  [..]

  [RUN] Testing httpcli_test
  D0227 00:56:25.939085745   56107 test_config.c:159]  test slowdown: 
machine=1.00 build=1.00 total=1.00
  I0227 00:56:25.939250470   56107 httpcli_test.c:78]  test_get
  I0227 00:56:25.939256107   56107 httpcli_test.c:81]  requesting from 
localhost:50571
  E0227 00:56:25.940321293   56107 tcp_client_posix.c:171] failed to 
connect to 'ipv6:[::1]:50571': socket error: connection refused
  127.0.0.1 - - [27/Feb/2017 00:56:25] "GET /get HTTP/1.0" 200 -
  I0227 00:56:25.941078647   56107 httpcli_test.c:109] test_post
  I0227 00:56:25.941088307   56107 httpcli_test.c:112] posting to 
localhost:50571
  E0227 00:56:25.941763695   56107 tcp_client_posix.c:171] failed to 
connect to 'ipv6:[::1]:50571': socket error: connection refused
  127.0.0.1 - - [27/Feb/2017 00:56:25] "POST /post HTTP/1.0" 200 -
  [RUN] Testing httpscli_test
  D0227 00:56:30.964748990   59919 test_config.c:159]  test slowdown: 
machine=1.00 build=1.00 total=1.00
  I0227 00:56:30.965051314   59919 httpscli_test.c:78] test_get
  I0227 00:56:30.965062678   59919 httpscli_test.c:81] requesting from 
localhost:54383
  E0227 00:56:30.966674585   59919 tcp_client_posix.c:171] failed to 
connect to 'ipv6:[::1]:54383': socket error: connection refused
  E0227 00:56:30.966941878   59919 file.c:84]  Could not open 
file /usr/share/grpc/roots.pem (error = No such file or directory).
  E0227 00:56:30.966958742   59919 httpcli_security_connector.c:174] Could not 
get default pem root certs.
  E0227 00:56:30.966980762   59919 httpscli_test.c:62] assertion 
failed: response
  
  
  
  ***
  Caught signal 6
  /build/grpc-0.12.0/bins/opt/httpscli_test(+0x436be)[0x556776e3b6be]
  /lib/x86_64-linux-gnu/libpthread.so.0(+0x10660)[0x7f526cd09660]
  /lib/x86_64-linux-gnu/libc.so.6(gsignal+0x37)[0x7f526be84507]
  /lib/x86_64-linux-gnu/libc.so.6(abort+0x16a)[0x7f526be858da]
  /build/grpc-0.12.0/bins/opt/httpscli_test(+0x12e6e)[0x556776e0ae6e]
  /build/grpc-0.12.0/bins/opt/httpscli_test(+0x13d80)[0x556776e0bd80]
  /build/grpc-0.12.0/bins/opt/httpscli_test(+0x148a2)[0x556776e0c8a2]
  
/build/grpc-0.12.0/bins/opt/httpscli_test(grpc_exec_ctx_flush+0x5a)[0x556776e0bcea]
  
/build/grpc-0.12.0/bins/opt/httpscli_test(grpc_pollset_work+0x24c)[0x556776e1018c]
  /build/grpc-0.12.0/bins/opt/httpscli_test(main+0x2d3)[0x556776e0a903]
  /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f526be71870]
  /build/grpc-0.12.0/bins/opt/httpscli_test(_start+0x29)[0x556776e0ac09]
  Aborted
  test httpscli_test failed
  Makefile:3287: recipe for target 'test_c' failed
  make[2]: *** [test_c] Error 1
  make[2]: Leaving directory '/build/grpc-0.12.0'
  debian/rules:22: recipe for target 'override_dh_auto_test' failed
  make[1]: *** [override_dh_auto_test] Error 2
  make[1]: Leaving directory '/build/grpc-0.12.0'
  debian/rules:29: recipe for target 'build' failed
  make: *** [build] Error 2
  dpkg-buildpackage: error: debian/rules build gave error exit status 2
  I: copying local configuration

  [..]

The full build log is attached or can be viewed here:


https://reproducible.debian.net/logs/unstable/amd64/grpc_0.12.0-1.build1.log.gz


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-


grpc.0.12.0-1.unstable.amd64.log.txt.gz
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: grpc
Source-Version: 1.2.5-1+nmu0

We believe that the bug you reported is fixed in the latest version of
grpc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank 

Bug#860316: marked as done (grpc: CVE-2017-7860 CVE-2017-7861)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:00:11 +
with message-id 
and subject line Bug#860316: fixed in grpc 1.2.5-1+nmu0
has caused the Debian Bug report #860316,
regarding grpc: CVE-2017-7860 CVE-2017-7861
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860316
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: grpc
Severity: grave
Tags: security

Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7861 for details.

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: grpc
Source-Version: 1.2.5-1+nmu0

We believe that the bug you reported is fixed in the latest version of
grpc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steinar H. Gunderson  (supplier of updated grpc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 26 Apr 2017 19:11:42 +0200
Source: grpc
Binary: libgrpc-dev libgrpc3 libgrpc++-dev libgrpc++1 protobuf-compiler-grpc
Architecture: source amd64
Version: 1.2.5-1+nmu0
Distribution: unstable
Urgency: medium
Maintainer: gRPC Package Maintainers 
Changed-By: Steinar H. Gunderson 
Description:
 libgrpc++-dev - high performance general RPC framework (development)
 libgrpc++1 - high performance general RPC framework
 libgrpc-dev - high performance general RPC framework (development)
 libgrpc3   - high performance general RPC framework
 protobuf-compiler-grpc - high performance general RPC framework - protobuf 
plugin
Closes: 812845 818327 828332 860316
Changes:
 grpc (1.2.5-1+nmu0) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
 * Fixes CVE-2017-7860 and CVE-2017-7861. (Closes: #860316)
 * Build the C++ library in addition to the C library.
   * New packages libgrpc++-dev and libgrpc++1.
   * Make a new package protobuf-compiler-grpc. (Closes: #818327)
 * Add build-dependency on libprotoc-dev.
 * Disable running tests, as they depend on Google's benchmark library,
   which does not exist in Debian yet (and we do not wish to vendor it).
   (By extension, Closes: #812845)
 * Soname bump from libgrpc0 to libgrpc3.
   * openssl-1.1.0.diff: New patch, fixes FTBFS with OpenSSL 1.1.0.
 (Closes: #828332)
   * fix-libgrpc++-soname.diff: New patch, fixes the symlink of libgrpc++
 to match the soname (fix for upstream bug #10299).
   * Install libgrpc_unsecure.a.
   * Install the pkg-config files.
   * Upgrade to Standards-Version 3.9.8 (no changes needed).
Checksums-Sha1:
 5aec3a959813a532dd1d7b8f202f1aaec1e57d7e 2260 grpc_1.2.5-1+nmu0.dsc
 5ddb0a8f6b3e9a369892c460f41d1803eed89397 4450406 grpc_1.2.5.orig.tar.gz
 aed2154492399d320313c52a30dbae02c5eff7af 4976 grpc_1.2.5-1+nmu0.debian.tar.xz
 57cc69a8816d5161a025a7a8e940a50ea30c6385 7884 grpc_1.2.5-1+nmu0_amd64.buildinfo
 07fe7248073e101e433f3c2f4508146ab4464752 455392 
libgrpc++-dev_1.2.5-1+nmu0_amd64.deb
 337001cc4c813f28aabb02afc8b1a63b929be1d1 389890 
libgrpc++1_1.2.5-1+nmu0_amd64.deb
 b25ae628e4d54a4dfeeafd02b6c1bca8c740a32d 388212 
libgrpc-dev_1.2.5-1+nmu0_amd64.deb
 bfb649bf7185023258922d54812c0ed9df88095e 442002 libgrpc3_1.2.5-1+nmu0_amd64.deb
 a41efe0124182d888e76b5e185fc21aa19ef78da 1733122 
protobuf-compiler-grpc-dbgsym_1.2.5-1+nmu0_amd64.deb
 739210d2448df051b5b1905e68b4cc8925f2424d 122500 
protobuf-compiler-grpc_1.2.5-1+nmu0_amd64.deb
Checksums-Sha256:
 26fd0c50c2e288e0b83e752a8df45612b70f0819ca8ef2ae401745564a0592ce 2260 
grpc_1.2.5-1+nmu0.dsc
 14105ff19c4a6215ef255abeb7f2521b10fedef0b6c63cead48dd6840aa3fff6 4450406 
grpc_1.2.5.orig.tar.gz
 07b1b9f810b9e0a0b84374170bf40cfce81fbe5bdfcc7597d12c63273dd45f2e 4976 
grpc_1.2.5-1+nmu0.debian.tar.xz
 1f8e38300b70e18d9b4fd2536cd25422337fbbdf1511097757f7c6e5ba839298 7884 
grpc_1.2.5-1+nmu0_amd64.buildinfo
 7dc2370b79b24c55f0e503bc34aca2c84d2d2d874b87565ef71a587882c12d17 455392 
libgrpc++-dev_1.2.5-1+nmu0_amd64.deb
 

Bug#818327: marked as done (missing protoc plugin)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:00:10 +
with message-id 
and subject line Bug#818327: fixed in grpc 1.2.5-1+nmu0
has caused the Debian Bug report #818327,
regarding missing protoc plugin
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
818327: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818327
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libgrpc-dev
Version: 0.12.0-1
Severity: grave

Hi,

libgrpc-dev does not include the protoc compiler plugin, and it is not
shipped in any other binary package. This makes it (as far as I can tell)
impossible to actually compile a project in any useful way; even the hello
world projects 
(https://github.com/grpc/grpc/tree/release-0_13/examples/cpp/helloworld)
depend on this, thus the RC severity.

After looking around a bit, it looks like this (and the C++ version of the
shared library) depends on protobuf 3.0.0 (beta) entering Debian, but I cannot
find a bug for that to block this one with.

-- System Information:
Debian Release: 8.3
  APT prefers stable
  APT policy: (750, 'stable'), (500, 'proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0 (SMP w/40 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: grpc
Source-Version: 1.2.5-1+nmu0

We believe that the bug you reported is fixed in the latest version of
grpc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 818...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steinar H. Gunderson  (supplier of updated grpc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 26 Apr 2017 19:11:42 +0200
Source: grpc
Binary: libgrpc-dev libgrpc3 libgrpc++-dev libgrpc++1 protobuf-compiler-grpc
Architecture: source amd64
Version: 1.2.5-1+nmu0
Distribution: unstable
Urgency: medium
Maintainer: gRPC Package Maintainers 
Changed-By: Steinar H. Gunderson 
Description:
 libgrpc++-dev - high performance general RPC framework (development)
 libgrpc++1 - high performance general RPC framework
 libgrpc-dev - high performance general RPC framework (development)
 libgrpc3   - high performance general RPC framework
 protobuf-compiler-grpc - high performance general RPC framework - protobuf 
plugin
Closes: 812845 818327 828332 860316
Changes:
 grpc (1.2.5-1+nmu0) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
 * Fixes CVE-2017-7860 and CVE-2017-7861. (Closes: #860316)
 * Build the C++ library in addition to the C library.
   * New packages libgrpc++-dev and libgrpc++1.
   * Make a new package protobuf-compiler-grpc. (Closes: #818327)
 * Add build-dependency on libprotoc-dev.
 * Disable running tests, as they depend on Google's benchmark library,
   which does not exist in Debian yet (and we do not wish to vendor it).
   (By extension, Closes: #812845)
 * Soname bump from libgrpc0 to libgrpc3.
   * openssl-1.1.0.diff: New patch, fixes FTBFS with OpenSSL 1.1.0.
 (Closes: #828332)
   * fix-libgrpc++-soname.diff: New patch, fixes the symlink of libgrpc++
 to match the soname (fix for upstream bug #10299).
   * Install libgrpc_unsecure.a.
   * Install the pkg-config files.
   * Upgrade to Standards-Version 3.9.8 (no changes needed).
Checksums-Sha1:
 5aec3a959813a532dd1d7b8f202f1aaec1e57d7e 2260 grpc_1.2.5-1+nmu0.dsc
 5ddb0a8f6b3e9a369892c460f41d1803eed89397 4450406 grpc_1.2.5.orig.tar.gz
 aed2154492399d320313c52a30dbae02c5eff7af 4976 grpc_1.2.5-1+nmu0.debian.tar.xz
 57cc69a8816d5161a025a7a8e940a50ea30c6385 7884 grpc_1.2.5-1+nmu0_amd64.buildinfo
 07fe7248073e101e433f3c2f4508146ab4464752 455392 
libgrpc++-dev_1.2.5-1+nmu0_amd64.deb
 337001cc4c813f28aabb02afc8b1a63b929be1d1 389890 
libgrpc++1_1.2.5-1+nmu0_amd64.deb
 b25ae628e4d54a4dfeeafd02b6c1bca8c740a32d 388212 
libgrpc-dev_1.2.5-1+nmu0_amd64.deb
 bfb649bf7185023258922d54812c0ed9df88095e 442002 

Bug#831250: marked as done (grpc: FTBFS: test httpscli_test failed)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 09:00:10 +
with message-id 
and subject line Bug#812845: fixed in grpc 1.2.5-1+nmu0
has caused the Debian Bug report #812845,
regarding grpc: FTBFS: test httpscli_test failed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
812845: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812845
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: grpc
Version: 0.12.0-1
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20160714 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part (hopefully):
> /«PKGBUILDDIR»/bins/opt/httpscli_test(+0x3197a)[0x7f013074097a]
> /«PKGBUILDDIR»/bins/opt/httpscli_test(+0x46e77)[0x7f0130755e77]
> /lib/x86_64-linux-gnu/libpthread.so.0(+0x7464)[0x7f012f9a8464]
> /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f012ec0330d]
> Aborted
> test httpscli_test failed
> make[2]: *** [test_c] Error 1
> Makefile:3287: recipe for target 'test_c' failed
> make[2]: Leaving directory '/«PKGBUILDDIR»'
> make[1]: *** [override_dh_auto_test] Error 2
> debian/rules:22: recipe for target 'override_dh_auto_test' failed
> make[1]: Leaving directory '/«PKGBUILDDIR»'
> make: *** [build-arch] Error 2
> debian/rules:29: recipe for target 'build-arch' failed
> dpkg-buildpackage: error: debian/rules build-arch gave error exit status 2
> Build killed with signal TERM after 150 minutes of inactivity

The full build log is available from:
   
http://people.debian.org/~lucas/logs/2016/07/14/grpc_0.12.0-1_unstable_gcc5.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
Source: grpc
Source-Version: 1.2.5-1+nmu0

We believe that the bug you reported is fixed in the latest version of
grpc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 812...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steinar H. Gunderson  (supplier of updated grpc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 26 Apr 2017 19:11:42 +0200
Source: grpc
Binary: libgrpc-dev libgrpc3 libgrpc++-dev libgrpc++1 protobuf-compiler-grpc
Architecture: source amd64
Version: 1.2.5-1+nmu0
Distribution: unstable
Urgency: medium
Maintainer: gRPC Package Maintainers 
Changed-By: Steinar H. Gunderson 
Description:
 libgrpc++-dev - high performance general RPC framework (development)
 libgrpc++1 - high performance general RPC framework
 libgrpc-dev - high performance general RPC framework (development)
 libgrpc3   - high performance general RPC framework
 protobuf-compiler-grpc - high performance general RPC framework - protobuf 
plugin
Closes: 812845 818327 828332 860316
Changes:
 grpc (1.2.5-1+nmu0) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
 * Fixes CVE-2017-7860 and CVE-2017-7861. (Closes: #860316)
 * Build the C++ library in addition to the C library.
   * New packages libgrpc++-dev and libgrpc++1.
   * Make a new package protobuf-compiler-grpc. (Closes: #818327)
 * Add build-dependency on libprotoc-dev.
 * Disable running tests, as they depend on Google's benchmark library,
   which does not exist in Debian yet (and we do not wish to vendor it).
   (By extension, Closes: #812845)
 * Soname bump from libgrpc0 to libgrpc3.
   * openssl-1.1.0.diff: New patch, fixes FTBFS with OpenSSL 1.1.0.
 (Closes: #828332)
   * fix-libgrpc++-soname.diff: New patch, fixes the symlink of libgrpc++
 to match the soname (fix for upstream bug #10299).
   * Install libgrpc_unsecure.a.
   * Install the pkg-config files.
   * Upgrade to Standards-Version 3.9.8 (no changes needed).

Bug#860805: Could we set bug #860805 against beignet-opencl-icd to stretch-is-blocker?

[Andreas Tille]

Hi Niels,

On Fri, Apr 28, 2017 at 07:21:00AM +, Niels Thykier wrote:
> @Andreas: Assuming worst case, what are the options for dropping beignet
> support in your packages?  (I appreciate that they are probably not the
> best, but ...)

As I wrote in my other mail I wonder if the testing removal script is
even correct since the dependencies are

$ apt-cache show libhmsbeagle1v5 | grep ^Depends
Depends: libc6 (>= 2.14), libgcc1 (>= 1:3.0), libstdc++6 (>= 5.2), 
ocl-icd-libopencl1 | libopencl1, ocl-icd-libopencl1 (>= 1.0) | libopencl-1.1-1, 
beignet-opencl-icd | mesa-opencl-icd | opencl-icd

so providing alternatives that could fullfill the Dependencies.

Kind regards

   Andreas.

-- 
http://fam-tille.de

Bug#861383: grpc: Incomplete debian/copyright?

[Steinar H. Gunderson]

On Fri, Apr 28, 2017 at 09:04:57AM +0100, Chris Lamb wrote:
> Source: grpc
> Version: 1.2.5-1+nmu0
> Severity: serious
> Justication: Policy 12.5
> X-Debbugs-CC: Steinar H. Gunderson 
> 
> Hi,
> 
> I just ACCEPTed grpc from NEW but noticed it was missing attribution 
> in debian/copyright for at least:
> 
>   src/objective-c/!ProtoCompiler.podspec
>   src/python/grpcio/commands.py
>   third_party/nanopb/
>   third_party/rake-compiler-dock/
>   [..]
> 
> (This is not exhaustive so please check over the entire package 
> carefully and address these on your next upload.)

Sounds good, I'll have a look tonight.

/* Steinar */
-- 
Homepage: https://www.sesse.net/

Bug#860817: marked as done (kedpm: CVE-2017-8296: Information leak via the command history file)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 08:20:19 +
with message-id 
and subject line Bug#861277: Removed package(s) from unstable
has caused the Debian Bug report #860817,
regarding kedpm: CVE-2017-8296: Information leak via the command history file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: kedpm
Version: 1.0
Severity: grave
Tags: upstream security
Justification: user security hole

Hello,

I've discovered an information leak that can give some hints about what ppl
search and read in the password manager.

kedpm is creating a history file in ~/.kedpm/history that is written in clear
text. All of the commands that are done in the password manager are writted
there.

This also means that if someone uses the "password" command with the password
as an argument to change the database's master password, the new password gets
leaked in plaintext to that file!

The issue was already reported upstream[0]. However, the upstream project seems
to be unmoving since a couple of years already.

[0]: https://sourceforge.net/p/kedpm/bugs/6/

I've discovered the bug in wheezy, so in 0.5.0 but the same problem applies to
later releases.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_CA.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Version: 1.0+rm

Dear submitter,

as the package kedpm has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/861277

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#858474: marked as done (trac-ja-resource: broken symlink: /usr/share/trac-ja-resource/trac/htdocs -> ../../pyshared/trac/htdocs)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 08:20:02 +
with message-id 
and subject line Bug#859252: Removed package(s) from unstable
has caused the Debian Bug report #858474,
regarding trac-ja-resource: broken symlink: 
/usr/share/trac-ja-resource/trac/htdocs -> ../../pyshared/trac/htdocs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858474: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: trac-ja-resource
Version: 1.0.ja1-0.1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink.

>From the attached log (scroll to the bottom...):

0m47.9s ERROR: FAIL: Broken symlinks:
  /usr/share/trac-ja-resource/trac/htdocs -> ../../pyshared/trac/htdocs


The current location is probably
/usr/lib/python2.7/dist-packages/trac/htdocs

Assuming that the package does not work properly if it cannot
find some of its files, I set the severity to serious.


cheers,

Andreas


trac-ja-resource_1.0.ja1-0.1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Version: 1.0.ja1-0.1+rm

Dear submitter,

as the package trac-ja-resource has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/859252

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#749531: marked as done (fslview: please switch to vtk6)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 08:20:14 +
with message-id 
and subject line Bug#861330: Removed package(s) from unstable
has caused the Debian Bug report #749531,
regarding fslview: please switch to vtk6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
749531: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749531
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: fslview
Version: 4.0.1-4
Severity: wishlist
Tags: pending
Usertags: switch-to-vtk6

Dear Maintainer,

new VTK version 6.1 is already in archive. We are planning to
switch all dependent on VTK 5 packages to this new version
to escape dependencies on older unsupported VTK.

Thanks,

Anton
--- End Message ---
--- Begin Message ---
Version: 4.0.1-6+rm

Dear submitter,

as the package fslview has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/861330

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#729986: marked as done (libnss-mysql-bg: Patch 04_shadow.diff Introduces Lock Acquisition Hang)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 08:19:57 +
with message-id 
and subject line Bug#860760: Removed package(s) from unstable
has caused the Debian Bug report #729986,
regarding libnss-mysql-bg: Patch 04_shadow.diff Introduces Lock Acquisition Hang
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
729986: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libnss-mysql-bg
Version: 1.5-3+b3
Severity: serious
Justification: Policy 4.3

Hello,

I have found that the Debian patch 04_shadow.diff to libnss-mysql-bg causes
the library to hang under completely typical usage.

I am using libnss-mysql-bg with chrooted SFTP as documented here:
http://www.debian-administration.org/articles/590

I do not believe this to be causing the issue in question.

The issue is that when a get* entity check happens under the sftp session, the
server process hangs. This can be triggered simply by running 'ls' in the
sftp client.

A backtrace of the internal-sftp process shows the issue clearly:

#0  0x7f2ba42f6cec in __lll_lock_wait () from 
/lib/x86_64-linux-gnu/libpthread.so.0
#1  0x7f2ba42f2339 in _L_lock_926 () from 
/lib/x86_64-linux-gnu/libpthread.so.0
#2  0x7f2ba42f215b in pthread_mutex_lock () from 
/lib/x86_64-linux-gnu/libpthread.so.0
#3  0x7f2ba0d368d9 in _nss_mysql_getgrnam_r () from 
/usr/lib/x86_64-linux-gnu/libnss_mysql.so.2
#4  0x7f2ba5216a8d in getgrnam_r () from /lib/x86_64-linux-gnu/libc.so.6
#5  0x7f2ba52160e0 in getgrnam () from /lib/x86_64-linux-gnu/libc.so.6
#6  0x7f2ba0d361c8 in ?? () from /usr/lib/x86_64-linux-gnu/libnss_mysql.so.2
#7  0x7f2ba0d36547 in _nss_mysql_getpwuid_r () from 
/usr/lib/x86_64-linux-gnu/libnss_mysql.so.2
#8  0x7f2ba5217f4d in getpwuid_r () from /lib/x86_64-linux-gnu/libc.so.6
#9  0x7f2ba521783f in getpwuid () from /lib/x86_64-linux-gnu/libc.so.6

Both _nss_mysql_getpwuid_r() and _nss_mysql_getgrnam_r() use
_nss_mysql_lookup(), which uses a mutex. Naturally, these functions
cannot be nested.

The recursed nature of this execution is introduced by 04_shadow.diff, which
does the following inside _nss_mysql_lookup():

+  /* Get shadow gid, if needed */
+  if(cur_euid != 0) {
+cur_egid = getegid ();
+struct group *grp = getgrnam("shadow");
+shadow_gid = (grp ? grp->gr_gid : -1);
+  }

Assuming getgrnam() is mapped to libnss-mysql-bg in /etc/libnss-mysql.cfg,
it will re-enter libnss-mysql and block on the lock.

This simple workaround allows this package to work on my system:

--- lookup.c.orig   2013-11-19 20:16:12.778779823 +
+++ lookup.c2013-11-19 20:17:05.622959118 +
@@ -143,8 +143,7 @@
   /* Get shadow gid, if needed */
   if(cur_euid != 0) {
 cur_egid = getegid ();
-struct group *grp = getgrnam("shadow");
-shadow_gid = (grp ? grp->gr_gid : -1);
+shadow_gid = 42;
   }
 
   D ("%s: restricted = %d, cur_euid = %u", FUNCNAME, restricted, cur_euid);

This is obviously not the correct solution for the package, but it allows
it to be used on my servers, and any server with Debian-standard group
numbering.

It is not clear what the original patch was actually trying to accomplish,
so I cannot write a correct real fix.


-- System Information:
Debian Release: 7.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libnss-mysql-bg depends on:
ii  libc6  2.13-38
ii  libmysqlclient18   5.5.31+dfsg-0+wheezy1
ii  multiarch-support  2.13-38
ii  zlib1g 1:1.2.7.dfsg-13

libnss-mysql-bg recommends no packages.

Versions of packages libnss-mysql-bg suggests:
ii  libpam-mysql  0.7~RC1-4+b3
pn  mysql-server  

-- Configuration Files:
/etc/libnss-mysql-root.cfg [Errno 13] Permission denied: 
u'/etc/libnss-mysql-root.cfg'
/etc/libnss-mysql.cfg changed [not included]

-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.5-5+rm

Dear submitter,

as the package libnss-mysql-bg has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/860760

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This 

Bug#811875: marked as done (fslview: FTBFS with GCC 6: no matching function for call to)

[Debian Bug Tracking System]

Your message dated Fri, 28 Apr 2017 08:20:14 +
with message-id 
and subject line Bug#861330: Removed package(s) from unstable
has caused the Debian Bug report #811875,
regarding fslview: FTBFS with GCC 6: no matching function for call to
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
811875: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811875
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: fslview
Version: 4.0.1-5
Severity: important
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-6 gcc-6-no-match

This package fails to build with GCC 6.  GCC 6 has not been released
yet, but it's expected that GCC 6 will become the default compiler for
stretch.

Note that only the first error is reported; there might be more.  You
can find a snapshot of GCC 6 in experimental.  To build with GCC 6,
you can set CC=gcc-6 CXX=g++-6 explicitly.

You may be able to find out more about this issue at
https://gcc.gnu.org/gcc-6/changes.html

> sbuild (Debian sbuild) 0.67.0 (26 Dec 2015) on dl580gen9-02.hlinux
...
> [ 86%] Building CXX object src/fslview/CMakeFiles/fslview.dir/clusterbrowser.o
> cd /<>/obj-x86_64-linux-gnu/src/fslview && /usr/bin/c++   
> -DHAVE_VTK -DQT3_SUPPORT -DQT_3SUPPORT_LIB -DQT_CORE_LIB -DQT_GUI_LIB 
> -DQT_XML_LIB -I/<>/fsl -I/<>/fsl/newmat 
> -I/<>/fsl/niftiio -I/<>/fsl/znzlib 
> -I/<>/src -I/<>/fsl/extras/include/zlib -isystem 
> /usr/include/qt4 -isystem /usr/include/qt4/Qt3Support -isystem 
> /usr/include/qt4/QtGui -isystem /usr/include/qt4/QtXml -isystem 
> /usr/include/qt4/QtCore -I/usr/include/qwt-qt4 -I/usr/include/vtk-5.10 
> -I/<>/fsl/include -I/<>/fsl/extras/include/newmat 
> -I/<>/obj-x86_64-linux-gnu/src/fslview 
> -I/<>/src/fslview/..  -I/<>/fsl/libprob 
> -I/usr/include/newmat -I/usr/include/qwt-qt4 -I/usr/include/nifti 
> -I/<>/fsl/libprob -I/usr/include/newmat -I/usr/include/qwt-qt4 
> -I/usr/include/nifti -Wdate-time -D_FORTIFY_SOURCE=2   -Wno-deprecated -g   
> -o CMakeFiles/fslview.dir/clusterbrow
> ser.o -c /<>/src/fslview/clusterbrowser.cpp
> /<>/src/fslview/clusterbrowser.cpp: In constructor 
> 'ClusterBrowser::ClusterBrowser(QWidget*, Image::Handle, Cursor::Handle, 
> ModelFit::Handle)':
> /<>/src/fslview/clusterbrowser.cpp:118:57: error: no matching 
> function for call to 'std::vector std::pair, 
> std::__cxx11::list > > 
> >::push_back(std::pair std::pair, 
> std::__cxx11::list > >)'
>m_clusterTables.push_back(std::make_pair(name, cp));
>  ^
> 
> In file included from /usr/include/c++/6/vector:64:0,
>  from /usr/include/c++/6/bits/random.h:34,
>  from /usr/include/c++/6/random:49,
>  from /usr/include/c++/6/bits/stl_algo.h:66,
>  from /usr/include/c++/6/algorithm:62,
>  from /usr/include/qt4/QtCore/qglobal.h:68,
>  from /usr/include/qt4/QtCore/qnamespace.h:45,
>  from /usr/include/qt4/QtCore/qobjectdefs.h:45,
>  from /usr/include/qt4/QtGui/qwindowdefs.h:45,
>  from /usr/include/qt4/QtGui/qwidget.h:46,
>  from /usr/include/qt4/QtGui/qframe.h:45,
>  from /usr/include/qt4/Qt3Support/q3frame.h:45,
>  from /usr/include/qt4/Qt3Support/Q3Frame:1,
>  from 
> /<>/obj-x86_64-linux-gnu/src/fslview/clusterbrowserbase.h:12,
>  from /<>/src/fslview/clusterbrowser.h:18,
>  from /<>/src/fslview/clusterbrowser.cpp:15:
> /usr/include/c++/6/bits/stl_vector.h:914:7: note: candidate: void 
> std::vector<_Tp, _Alloc>::push_back(const value_type&) [with _Tp = 
> std::pair std::pair, 
> std::__cxx11::list > >; _Alloc = 
> std::allocator std::pair, 
> std::__cxx11::list > > >; std::vector<_Tp, 
> _Alloc>::value_type = std::pair std::pair, 
> std::__cxx11::list > >]
>push_back(const value_type& __x)
>^
> 
> /usr/include/c++/6/bits/stl_vector.h:914:7: note:   no known conversion for 
> argument 1 from 'std::pair 

Bug#861383: grpc: Incomplete debian/copyright?

[Chris Lamb]

Source: grpc
Version: 1.2.5-1+nmu0
Severity: serious
Justication: Policy 12.5
X-Debbugs-CC: Steinar H. Gunderson 

Hi,

I just ACCEPTed grpc from NEW but noticed it was missing attribution 
in debian/copyright for at least:

  src/objective-c/!ProtoCompiler.podspec
  src/python/grpcio/commands.py
  third_party/nanopb/
  third_party/rake-compiler-dock/
  [..]

(This is not exhaustive so please check over the entire package 
carefully and address these on your next upload.)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#861382: sniproxy: Incomplete debian/copyright?

[Chris Lamb]

Source: sniproxy
Version: 0.5.0-1
Severity: serious
Justication: Policy 12.5
X-Debbugs-CC: Jan Dittberner 

Hi,

I just ACCEPTed sniproxy from NEW but noticed it was missing 
attribution in debian/copyright for at least Manuel Kasper
in src/backend.*

(This is not exhaustive so please check over the entire package 
carefully and address these on your next upload.)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#860805: [Pkg-opencl-devel] Bug#860805: Could we set bug #860805 against beignet-opencl-icd to stretch-is-blocker?

[Andreas Tille]

Hi Rebecca,

On Fri, Apr 28, 2017 at 08:20:34AM +0100, Rebecca N. Palmer wrote:
> - We now have a test case for the error remaining after the patch, but it
> doesn't fail on my system: any of you with Haswell hardware and a real (not
> chrooted) sid/stretch, please apply the patch then try
> https://bugs.freedesktop.org/show_bug.cgi?id=100639

Please excuse my hardware ignorance but how can I tell whether my hardware
has Haswell?  Any one-liner to read out the relevant part from the system
information?
 
> >this morning 16 "marked for autoremoval from testing" mails hit my
> >mailbox for partly quite important Debian Med packages.  I'm sure other
> >packages will be affected as well so this package is somehow cruxial.
> 
> I'm not sure why, given that this package is one of several OpenCL
> implementations.

I guess is based on libhmsbeagle1v5.  It is

   Depends: beignet-opencl-icd|mesa-opencl-icd|opencl-icd

but I've got the "marked for autoremoval from testing" despite the fact
that there are alternatives.  May be it is caused by a failure in the
testing migration script?

Kind regards

Andreas.

-- 
http://fam-tille.de

Bug#860805: [Pkg-opencl-devel] Bug#860805: Could we set bug #860805 against beignet-opencl-icd to stretch-is-blocker?

[Rebecca N. Palmer]

Upstream status update:

- The patch is probably better than disabling softpin, but neither is 
perfect; in particular, there is now a report of *silently wrong 
results* (it's now yet clear with which), which means a partial fix 
*may* be worse than nothing.


- We now have a test case for the error remaining after the patch, but 
it doesn't fail on my system: any of you with Haswell hardware and a 
real (not chrooted) sid/stretch, please apply the patch then try

https://bugs.freedesktop.org/show_bug.cgi?id=100639


this morning 16 "marked for autoremoval from testing" mails hit my
mailbox for partly quite important Debian Med packages.  I'm sure other
packages will be affected as well so this package is somehow cruxial.


I'm not sure why, given that this package is one of several OpenCL 
implementations.

Bug#860805: Could we set bug #860805 against beignet-opencl-icd to stretch-is-blocker?

[Niels Thykier]

Andreas Tille:
> Hi release team,
> 
> this morning 16 "marked for autoremoval from testing" mails hit my
> mailbox for partly quite important Debian Med packages.  I'm sure other
> packages will be affected as well so this package is somehow cruxial.
> 
> I wonder whether you might consider this bug stretch-is-blocker to make
> sure we will not loose a larger set of packages.
> 
> Kind regards
> 
> Andreas.
> 

Hi Andreas,

Sorry to hear that you are affected by an auto-removal.

With that and the removal date being in June, we should plenty of time
to see where this bug is going and possibly device a fix for it.   There
is some recent progress on the upstream bug with a patch, which might
bring us closer to a fix  (@Rebecca: Kudos for the timely response to
the bug when it was filed).
  Also, please keep in mind that regular updates to the bug will reset
the timer.  Even a simple """I tried this patch from upstream, it didn't
work because of X.  Notify upstream of the issue""" will reset the
automatic timer.

@Andreas: Assuming worst case, what are the options for dropping beignet
support in your packages?  (I appreciate that they are probably not the
best, but ...)

Thanks,
~Niels

Bug#809669: unattended-upgrades: files got created under /var/ mountpoint

[Louis Bouchard]

Hello,

The debdiff that I provided contains two typos in a comment :

> 64 +# Explicitely enable and start the service.i Debian Bug #797108 for

It should read Explicitly and "start the service. Debian"

Just let me know if you want an updated debdiff or if you will be fixing it up
yourself.

Kind regards,

...Louis


-- 
Louis Bouchard
Software engineer, Cloud & Sustaining eng.
Canonical Ltd
Ubuntu developer   Debian Maintainer
GPG : 429D 7A3B DD05 B6F8 AF63  B9C4 8B3D 867C 823E 7A61



signature.asc
Description: OpenPGP digital signature

Processed: Update Bug

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfixed 840227 libgit2/0.24.2-1
Bug #840227 [src:libgit2] libgit2: CVE-2016-8568 CVE-2016-8569
No longer marked as fixed in versions libgit2/0.24.2-1.
> fixed 840227 libgit2/0.24.5-1
Bug #840227 [src:libgit2] libgit2: CVE-2016-8568 CVE-2016-8569
Marked as fixed in versions libgit2/0.24.5-1.
> tags 840227 + jessie confirmed security
Bug #840227 [src:libgit2] libgit2: CVE-2016-8568 CVE-2016-8569
Added tag(s) confirmed and jessie.
> found 840227 0.21.1-3
Bug #840227 [src:libgit2] libgit2: CVE-2016-8568 CVE-2016-8569
Marked as found in versions libgit2/0.21.1-3.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
840227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 860805 is forwarded to https://bugs.freedesktop.org/show_bug.cgi?id=100639

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 860805 https://bugs.freedesktop.org/show_bug.cgi?id=100639
Bug #860805 [beignet-opencl-icd] beignet-opencl-icd: OpenCL fails with: 
drm_intel_gem_bo_context_exec() failed: Device or resource busy
Set Bug forwarded-to-address to 
'https://bugs.freedesktop.org/show_bug.cgi?id=100639'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860805: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860805
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: submitter 859655

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> submitter 859655 Salvatore Bonaccorso 
Bug #859655 [src:golang-go.crypto] golang-go.crypto: CVE-2017-3204
Changed Bug submitter to 'Salvatore Bonaccorso ' from 
'car...@debian.org'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
859655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#859655: (still in progress)

[Debian Bug Tracking System]

Processing control commands:

> fixed -1 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1
Bug #859655 [src:golang-go.crypto] golang-go.crypto: CVE-2017-3204
Marked as fixed in versions 
golang-go.crypto/1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1.

-- 
859655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859655: (still in progress)

[Salvatore Bonaccorso]

Control: fixed -1 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1
Hi Michael,

On Thu, Apr 27, 2017 at 09:53:50PM -0500, Michael Lustfield wrote:
> Control: reopen 859655 !
> 
> This is obviously not resolved yet, but the fix is in unstable.

Actually reopen should not be done. The fix is in the version, and the
BTS can handle the version tracking, so there is no need to keep a bug
"open/undone" until the fix reaches all affected suites.

To not futher interfere, I only add back the fixed version (wich goes
lost if one does reopen on a bug), leaving to mark it as done to you
:-)

Regards,
Salvatore

Bug#860805: Could we set bug #860805 against beignet-opencl-icd to stretch-is-blocker?

[Andreas Tille]

Hi release team,

this morning 16 "marked for autoremoval from testing" mails hit my
mailbox for partly quite important Debian Med packages.  I'm sure other
packages will be affected as well so this package is somehow cruxial.

I wonder whether you might consider this bug stretch-is-blocker to make
sure we will not loose a larger set of packages.

Kind regards

Andreas.

-- 
http://fam-tille.de