Bug#850885: May 12, 2017 and it still isn't fixed.

[Bill Zimmerly]

My dwww was working fine until applying the latest updates.

If it was logged and I knew where to look, I would show you the exact date
/ time that dwww was updated.

This is an especially frustrating bug as I use the dwww facility all the
time. :(

Sincerely,
Bill
(Sent from my GMail account)

Bug#846548: patch for #846548

[Luke W Faraone]

On Thu, 11 May 2017 19:45:51 -0700 Luke W Faraone 
wrote:
> Attached is a patch to fix the path to the engine directory, and moves
> this library back to libssl-dev. (it isn't clear to me from changelog or
> git log why the move to 1.1 was originally reverted)

And of course, that patch was bogus. Attached is a orrected patch. I
intend to upload this to DELAYED/5 once I have a chance to test on real
hardware. Below from a VM:

# dpkg -L libssl1.1 | grep engine | head -n 1
/usr/lib/x86_64-linux-gnu/engines-1.1
# dpkg -L libengine-pkcs11-openssl | grep /pkcs11.so
/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so

# openssl engine pkcs11 -t
(pkcs11) pkcs11 engine
 [ available ]


>   -- Luke

diff -Nru libp11-0.4.4/debian/changelog libp11-0.4.4/debian/changelog
--- libp11-0.4.4/debian/changelog   2017-01-28 08:13:56.0 +
+++ libp11-0.4.4/debian/changelog   2017-05-12 02:20:40.0 +
@@ -1,3 +1,11 @@
+libp11 (0.4.4-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Link against libssl 1.1, since `openssl` is built against it.
+  * debian/rules: Fix path to OpenSSL engine directory. (Closes: #846548)
+
+ -- Luke Faraone   Thu, 11 May 2017 19:20:40 -0700
+
 libp11 (0.4.4-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libp11-0.4.4/debian/control libp11-0.4.4/debian/control
--- libp11-0.4.4/debian/control 2017-01-28 08:13:56.0 +
+++ libp11-0.4.4/debian/control 2017-05-12 02:20:40.0 +
@@ -6,7 +6,7 @@
 Build-Depends: debhelper (>= 10),
libltdl3-dev,
libp11-kit-dev,
-   libssl1.0-dev,
+   libssl-dev,
pkg-config
 Standards-Version: 3.9.8
 Homepage: https://github.com/OpenSC/libp11
@@ -16,7 +16,7 @@
 Package: libp11-dev
 Architecture: any
 Depends: libp11-2 (= ${binary:Version}),
- libssl1.0-dev,
+ libssl-dev,
  pkg-config,
  ${misc:Depends}
 Description: pkcs#11 convenience library - development files
diff -Nru libp11-0.4.4/debian/libengine-pkcs11-openssl.install 
libp11-0.4.4/debian/libengine-pkcs11-openssl.install
--- libp11-0.4.4/debian/libengine-pkcs11-openssl.install2017-01-28 
08:13:56.0 +
+++ libp11-0.4.4/debian/libengine-pkcs11-openssl.install2017-05-12 
02:20:40.0 +
@@ -1 +1 @@
-usr/lib/*/openssl-*/engines/*
+usr/lib/*/engines-*/*
diff -Nru libp11-0.4.4/debian/rules libp11-0.4.4/debian/rules
--- libp11-0.4.4/debian/rules   2017-01-28 08:13:56.0 +
+++ libp11-0.4.4/debian/rules   2017-05-12 02:20:40.0 +
@@ -2,8 +2,8 @@
 
 include /usr/share/dpkg/architecture.mk
 
-OPENSSL_VERSION := $(shell pkg-config --modversion openssl | sed "s/[a-z]$$//")
-ENGINES_DIR := /usr/lib/$(DEB_HOST_GNU_TYPE)/openssl-$(OPENSSL_VERSION)/engines
+OPENSSL_VERSION := $(shell pkg-config --modversion openssl | sed "s/[a-z]$$//" 
| cut -d . -f -2)
+ENGINES_DIR := /usr/lib/$(DEB_HOST_GNU_TYPE)/engines-$(OPENSSL_VERSION)/
 
 %:
dh $@


signature.asc
Description: OpenPGP digital signature

Bug#862329: gitlab: fails gitlab install on stretch with alternative gitlab user while configuring dbconfig-common

[Pirate Praveen]

On വ്യാഴം 11 മെയ് 2017 05:00 വൈകു, Patrik Hagedorn wrote:
> Installing the gitlab package via apt on a clean Stretch environment resulted
> in an dpkg error if the gitlab default user is changed from 'gitlab' to
> something like 'git' in the debconf installation process (probably a common
> use-case):

I uploaded a fix in unstable, but I realized the fix was not proper
after the upload, I'll upload a correct fix soon.

The package in unstable works, but it will bind dbconfig-common
configuration to $gitlab_user package, which will cause problem with
purging.



signature.asc
Description: OpenPGP digital signature

Bug#862272: libpomegranate-clojure lost all dependencies

[Elana Hashman]

On 2017-05-10 10:14, Adrian Bunk wrote:

Package: libpomegranate-clojure
Version: 0.3.1-1
Severity: serious

libpomegranate-clojure 0.2.0-1 has:
Depends: libaether-java, libdynapath-clojure, libwagon-java,
libwagon2-java, maven

libpomegranate-clojure 0.3.1-1 has no dependencies at all.


Hi Adrian! Thanks for your report.

This is a known bug, due to a typo in specifying the classpath[1]---it's 
currently recursive.


I was actually working on a fix for that when I discovered #862233.[2] 
If I fix this bug, the package still won't work, so I'm planning on 
fixing both together once the upstream pomegranate 0.4.0 is released. 
The upstream work is currently in progress.[3]


Cheers!

- e

[1]: 
https://anonscm.debian.org/git/pkg-clojure/pomegranate-clojure.git/tree/debian/libpomegranate-clojure.classpath

[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862233
[3]: https://github.com/cemerick/pomegranate/pull/80

Bug#846548: patch for #846548

[Luke W Faraone]

control: tag 846548 + patch

On Sat, 6 May 2017 19:07:50 +0200 Enrico Zini  wrote:
> Hello,
> 
> I'm raising severity to serious since as far as I can see the package is
> currently unusable in testing without a rebuild.

Sadly not even a rebuild will fix it. The issue is that debian/rules
specifies:

  OPENSSL_VERSION := $(shell pkg-config --modversion openssl | sed
"s/[a-z]$$//")

Which, in current unstable, resolves to:
  # pkg-config --modversion openssl | sed "s/[a-z]$//"
  1.1.0

Yet, ``openssl`` tries to find engines in
``/usr/lib/x86_64-linux-gnu/engines-1.1/``:

  # openssl engine foo
  139873873437888:error:25066067:DSO support routines:dlfcn_load:could
not load the shared
library:../crypto/dso/dso_dlfcn.c:113:filename(/usr/lib/x86_64-linux-gnu/engines-1.1/foo.so):
/usr/lib/x86_64-linux-gnu/engines-1.1/foo.so: cannot open shared object
file: No such file or directory
  139873873437888:error:25070067:DSO support routines:DSO_load:could not
load the shared library:../crypto/dso/dso_lib.c:161:
  139873873437888:error:260B6084:engine routines:dynamic_load:dso not
found:../crypto/engine/eng_dyn.c:414:
  139873873437888:error:2606A074:engine routines:ENGINE_by_id:no such
engine:../crypto/engine/eng_list.c:339:id=foo

This is a change from jessie, where it looks in
``/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/``.

Attached is a patch to fix the path to the engine directory, and moves
this library back to libssl-dev. (it isn't clear to me from changelog or
git log why the move to 1.1 was originally reverted)

  -- Luke
diff -Nru libp11-0.4.4/debian/changelog libp11-0.4.4/debian/changelog
--- libp11-0.4.4/debian/changelog   2017-01-28 08:13:56.0 +
+++ libp11-0.4.4/debian/changelog   2017-05-12 02:20:40.0 +
@@ -1,3 +1,11 @@
+libp11 (0.4.4-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Link against libssl 1.1, since `openssl` is built against it.
+  * debian/rules: Fix path to OpenSSL engine directory. (Closes: #846548)
+
+ -- Luke Faraone   Thu, 11 May 2017 19:20:40 -0700
+
 libp11 (0.4.4-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libp11-0.4.4/debian/control libp11-0.4.4/debian/control
--- libp11-0.4.4/debian/control 2017-01-28 08:13:56.0 +
+++ libp11-0.4.4/debian/control 2017-05-12 02:20:40.0 +
@@ -6,7 +6,7 @@
 Build-Depends: debhelper (>= 10),
libltdl3-dev,
libp11-kit-dev,
-   libssl1.0-dev,
+   libssl-dev,
pkg-config
 Standards-Version: 3.9.8
 Homepage: https://github.com/OpenSC/libp11
@@ -16,7 +16,7 @@
 Package: libp11-dev
 Architecture: any
 Depends: libp11-2 (= ${binary:Version}),
- libssl1.0-dev,
+ libssl-dev,
  pkg-config,
  ${misc:Depends}
 Description: pkcs#11 convenience library - development files
diff -Nru libp11-0.4.4/debian/rules libp11-0.4.4/debian/rules
--- libp11-0.4.4/debian/rules   2017-01-28 08:13:56.0 +
+++ libp11-0.4.4/debian/rules   2017-05-12 02:20:05.0 +
@@ -2,7 +2,7 @@
 
 include /usr/share/dpkg/architecture.mk
 
-OPENSSL_VERSION := $(shell pkg-config --modversion openssl | sed "s/[a-z]$$//")
+OPENSSL_VERSION := $(shell pkg-config --modversion openssl | sed "s/[a-z]$$//" 
| cut -d . -f -2)
 ENGINES_DIR := /usr/lib/$(DEB_HOST_GNU_TYPE)/openssl-$(OPENSSL_VERSION)/engines
 
 %:


signature.asc
Description: OpenPGP digital signature

Processed: patch for #846548

[Debian Bug Tracking System]

Processing control commands:

> tag 846548 + patch
Bug #846548 [libengine-pkcs11-openssl] libengine-pkcs11-openssl: Can't load 
pkcs11 engine into openssl
Added tag(s) patch.

-- 
846548: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846548
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862378: check-all-the-things: not suitable for Debian stable at this time

[Paul Wise]

Package: check-all-the-things
Severity: serious

check-all-the-things is not suitable for Debian stable at this time.
It is still evolving a bit and doesn't have any sandboxing of tools.
There are also a lot of bugs in stretch fixed in the git repository.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#861612: pixbros: level designs appear to be non-free

[Markus Koschany]

Am 10.05.2017 um 20:56 schrieb Adrian Bunk:
> On Mon, May 01, 2017 at 03:50:21PM +0200, Steve Cotton wrote:
>> ...
>> Oh well at least this will resolve the Fenix-is-not-64-bit bugs.
> 
> Is pixfrogger also affected?
> 

I think all images and graphics in pixfrogger are genuine and not copied
from another (non-free) game.

I had a look a this bug report and I disagree with the assumption that
the level designs are non-free. You can clearly see by comparing the
screenshots from the original game and pixbros, that textures and
graphics are completely different. Yes, the level design of pixbros
resembles those of the other non-free games but it is not a direct copy.
Also the gameplay is much different. I am not aware of any design
patents for those non-free games hence I am quite sure that there is no
risk for Debian or any breach of law.

However the screenshots in recursos/floors don't depict levels in
pixbros but those of the original games which are copyrighted. Since the
original games are non-free, I would suggest to remove them from the
tarball.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Processed: bug 862373 is forwarded to https://github.com/ingydotnet/yaml-pm/issues/176

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 862373 https://github.com/ingydotnet/yaml-pm/issues/176
Bug #862373 [libyaml-libyaml-perl] libyaml-libyaml-perl: Unconditionally 
instantiates objects from yaml data
Set Bug forwarded-to-address to 
'https://github.com/ingydotnet/yaml-pm/issues/176'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
862373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862373
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861958: lintian: insecure YAML validation

[Christoph Biedl]

clone 861958 -1
reassign -1 libyaml-libyaml-perl
retitle -1 libyaml-libyaml-perl: Unconditionally instantiates objects from yaml 
data
thanks

Dominique Dumont wrote...

> On samedi 6 mai 2017 13:01:50 CEST you wrote:

> > This module is happy to deserialize objects of any existing Perl class. For
> > Lintian, the File::Temp::Dir class can be abused to remove arbitrary
> > directory trees. (There might be other exciting ways to exploit this bug,
> > but I'm too lazy to investigate further.)
> 
> I wonder if this behavior should be considered as a YAML bug...

At least I consider the unconditional instantiation of object a bug,
hence cloning.

As previously mentioned in debian-perl@, there is no easy solution,
assuming some code out there intentionally uses that feature, and in
a safe matter. If we choose to ignore that, at least for the time being,
we can disable the blessing entirely by dropping the three sv_bless
invocations in . This makes the attached
reproducer pass.

Before releasing that change however, there should be an audit of all
the roughly 40 packages in Debian that use YAML::XS to avoid unintended
breakage. In the worst case, that simple approach isn't feasible and
the instantiation needs to be made configurable - something that
requires coordination with upstream[1] and/or other distributions.

We should discuss this during the sprint.

Christoph

[1] But see https://github.com/perl11/cperl/issues/198
#!/usr/bin/perl

use 5.010;
use strict;
use warnings;

use File::Temp qw(tempdir);
use YAML::XS qw(LoadFile);

my $temp_dir = tempdir (
"yaml-xs-demo.$$.X",
'TMPDIR' => 1,
'CLEANUP' => 1,
);

my $temp_file = "$temp_dir/story.yaml";

my $pid = fork // die ("Cannot fork: $!");
if ($pid == 0) {
my $fh;
open ($fh, '>', $temp_file) or die $!;
print $fh <<__EOS__;
- !File::Temp::Dir
  CLEANUP: 1
  LAUNCHPID: $$
  REALNAME: $temp_dir
__EOS__
close ($fh);
my $data = LoadFile ($temp_file);
exit 0;
}
wait;

if (-d $temp_dir) {
print "I: Pass, temp dir is still present\n";
} else {
print "F: FAIL, temp dir was purged\n";
}


signature.asc
Description: Digital signature

Processed: Re: Bug#861958: lintian: insecure YAML validation

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> clone 861958 -1
Bug #861958 [lintian] lintian: insecure YAML validation [CVE-2017-8829]
Bug 861958 cloned as bug 862373
> reassign -1 libyaml-libyaml-perl
Bug #862373 [lintian] lintian: insecure YAML validation [CVE-2017-8829]
Bug reassigned from package 'lintian' to 'libyaml-libyaml-perl'.
No longer marked as found in versions lintian/2.5.41.
Ignoring request to alter fixed versions of bug #862373 to the same values 
previously set
> retitle -1 libyaml-libyaml-perl: Unconditionally instantiates objects from 
> yaml data
Bug #862373 [libyaml-libyaml-perl] lintian: insecure YAML validation 
[CVE-2017-8829]
Changed Bug title to 'libyaml-libyaml-perl: Unconditionally instantiates 
objects from yaml data' from 'lintian: insecure YAML validation 
[CVE-2017-8829]'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
861958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861958
862373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862373
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 861736 in 4.3.2-svn1921-5

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 861736 4.3.2-svn1921-5
Bug #861736 {Done: Andreas Tille } [python-nxs] python-nxs: 
Cannot save files with nxs python module
Marked as found in versions nexus/4.3.2-svn1921-5; no longer marked as fixed in 
versions nexus/4.3.2-svn1921-5 and reopened.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
861736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861736
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#715646: Processed: Bug#715646 marked as pending

[Marcos Fouces]

Hi Adrian,

i agree to prepare a package for the next Jessie point release. I think 
these issues are not grave enough for a DSA.


That is my opinon, but i would appreciate feedback.

Greetings,

Marcos


El 11/05/17 a las 21:51, Adrian Bunk escribió:

On Sun, Mar 12, 2017 at 09:06:34AM +0100, Marcos Fouces wrote:

control: severity -1 grave

This could lead to DOS or, even worst, remote code execution. Following
Hilko Bengen's advice: i re-adjust the severity.

Hi Marcos,

thanks a lot for fixing this bug as well as the similar #716355, #716457
and #716458 in dsniff for stretch.

If these issues are serious enough, please coordinate with the security
team (added to Cc) for getting them to jessie as part of a DSA.

If they are not serious enough for a DSA, it would be appreciated if you
could prepare a package for the next jessie point release.

Thanks
Adrian

Bug#861736: Still some regression in python-nxs

[Carlos Pascual]

Hi,

while nexus 4.3.2-svn1921-5 fixes the originally reported exception, the
fix seems not to be complete [1].

In order to trigger the still-existing regression, run the following
python code (which ideally should exit without errors):

```
import nxs
f = nxs.open("/tmp/foo.h5", "w5")
f.makegroup('entry', 'NXentry')
f.opengroup('entry')
f.makegroup('g', 'NXcollection')
f.opengroup('g', 'NXcollection')
f.makedata('d', 'float64', shape=(1,))
f.opendata('d')
f.putdata(1.23)
f.closedata()
f.closegroup()
f.flush()
f.close()
```

In stretch + nexus_4.3.2-svn1921-5, it fails with the following
exception:

```
Traceback (most recent call last):
  File "nxs_flush_bug.py", line 12, in 
f.flush()
  File "/usr/lib/python2.7/dist-packages/nxs/napi.py", line 397, in flush
raise NeXusError, "Could not flush NeXus file %s"%(self.filename)
nxs.napi.NeXusError: Could not flush NeXus file /tmp/foo.h5
```

The same code works well when run on a clean jessie (I used an official
debian:stable docker) and it fails with the same exception as above when
run on sid (I used the official debian:unstable docker)

Cheers,

Carlos

[1] I am replying here because this new problem seems likely to be related
with 861736, but if you think that it may be an unrelated bug I'd be glad
to open a new bug

Bug#861736:

[PICCA Frederic-Emmanuel]

here the error message

~/Debian/nexus/bugs$ ./bug.py
Traceback (most recent call last):
  File "./bug.py", line 15, in 
f.flush()
  File "/usr/lib/python2.7/dist-packages/nxs/napi.py", line 397, in flush
raise NeXusError, "Could not flush NeXus file %s"%(self.filename)
nxs.napi.NeXusError: Could not flush NeXus file /tmp/foo.h5

Processed: Re: [Ceph-maintainers] Bug#862075: ceph-detect-init: Platform is not supported.: debian 9.0

[Debian Bug Tracking System]

Processing control commands:

> forwarded -1 http://tracker.ceph.com/issues/19884
Bug #862075 [ceph-base] ceph-detect-init: Platform is not supported.: debian  
9.0
Set Bug forwarded-to-address to 'http://tracker.ceph.com/issues/19884'.
> tags -1 +patch
Bug #862075 [ceph-base] ceph-detect-init: Platform is not supported.: debian  
9.0
Added tag(s) patch.

-- 
862075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862075: [Ceph-maintainers] Bug#862075: ceph-detect-init: Platform is not supported.: debian 9.0

[Gaudenz Steinlin]

Control: forwarded -1 http://tracker.ceph.com/issues/19884
Control: tags -1 +patch

Simon McVittie  writes:

> On Mon, 08 May 2017 at 11:16:48 +0200, Pim van den Berg wrote:
>> As you can see ceph assumes our init system is sysvinit in stretch, while it
>> is systemd.
>
> No, our init system is "either sysvinit or systemd, or maybe even Upstart".
> get_init_system() in reportbug's reportbug.utils demonstrates how to detect
> which one we're dealing with.
>
> (In particular, /run/systemd/system is the canonical way to probe for
> a system where systemctl can be expected to work.)
>

There is already a patch proposed upstream doing exactly this. I
modified it a bit to apply to the current version in stretch and removed
some more code which is now unused to avoid confusion.

My proposed debdiff is attached to this mail. I'm currently building the
package and will then do some tests to verify that the patch works as
expected with systemd and sysvinit. This will take some time (the build
alone takes several hours).

Gaudenz



bug_862075.debdiff
Description: Binary data

>>  debian_codenames = {
>> +'9': 'stretch',
>
> The codenames for what will become Debian 10 (buster) and Debian 11
> (bullseye) are already known, precisely to be able to avoid this sort
> of bug. However, if what Ceph really wants to know is a fact like
> "what is the init system?", it should be probing for the init system,
> not going via the OS vendor and version.
>
> S
> ___
> Ceph-maintainers mailing list
> ceph-maintain...@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-maintainers-ceph.com
>
-- 
PGP: 836E 4F81 EFBB ADA7 0852 79BF A97A 7702 BAF9 1EF5


signature.asc
Description: PGP signature

Bug#861736:

[PICCA Frederic-Emmanuel]

It seems that the fix is not enought

this test failed at the flush

import nxs
f = nxs.open("/tmp/foo.h5", "w5")
f.makegroup('entry', 'NXentry')
f.opengroup('entry')
f.makegroup('g', 'NXcollection')
f.opengroup('g', 'NXcollection')
f.makedata('d', 'float64', shape=(1,))
f.opendata('d')
f.putdata(1.23)
f.closedata()
f.closegroup()
f.flush()
f.close()

Bug#857296: marked as done (hol88-library is an empty package on arm64, hppa, and m68k)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 21:04:41 +
with message-id 
and subject line Bug#857296: fixed in hol88 2.02.19940316-33
has caused the Debian Bug report #857296,
regarding hol88-library is an empty package on arm64, hppa, and m68k
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
857296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857296
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: hol88-library
Version: 2.02.19940316-32
Severity: grave
Justification: unintentionally empty package on a release architecture
User: helm...@debian.org
Usertags: rebootstrap

Something weired seems to have happend to hol88-library. On some
architectures (arm64, hppa, m68k), the package is simply empty. Upon
closer inspection it turns out that the upstream build system simply
hides build failures.

https://sources.debian.net/src/hol88/2.02.19940316-32/Makefile/#L291
|   (date; $(MAKE) hol; date; $(MAKE) library; date)

Thus technically, hol88 fails to build from source, it violates policy
by not detecting such failure and it is dysfunctional by shipping empty
packages.

Helmut
--- End Message ---
--- Begin Message ---
Source: hol88
Source-Version: 2.02.19940316-33

We believe that the bug you reported is fixed in the latest version of
hol88, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 857...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Camm Maguire  (supplier of updated hol88 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 11 May 2017 19:24:09 +
Source: hol88
Binary: hol88 hol88-source hol88-help hol88-library hol88-library-source 
hol88-library-help hol88-contrib-source hol88-contrib-help hol88-doc
Architecture: source all amd64
Version: 2.02.19940316-33
Distribution: unstable
Urgency: high
Maintainer: Camm Maguire 
Changed-By: Camm Maguire 
Description:
 hol88  - Higher Order Logic, system image
 hol88-contrib-help - Higher Order Logic, user contributed online help files
 hol88-contrib-source - Higher Order Logic, user contributed source
 hol88-doc  - Documentation for hol88
 hol88-help - Higher Order Logic, online help files
 hol88-library - Higher Order Logic, binary library modules
 hol88-library-help - Higher Order Logic, library online help files
 hol88-library-source - Higher Order Logic, library source files
 hol88-source - Higher Order Logic, source files
Closes: 857296
Changes:
 hol88 (2.02.19940316-33) unstable; urgency=high
 .
   * Bug fix: "hol88-library is an empty package on arm64, hppa, and m68k",
 thanks to Helmut Grohne (Closes: #857296).
   * build-dep on latest gcl
   * deprecated dh -s to -a in debian/rules
   * lintian override for hol88-help *.doc
   * temp files in clean target
Checksums-Sha1:
 8c6d90aabc03d8723b672d348a170539aae484a6 2275 hol88_2.02.19940316-33.dsc
 1b40188a188f809d058e40ca53fd197c8d6deec7 131228 
hol88_2.02.19940316-33.debian.tar.xz
 d5165963b8fa87a13693d093e6b08955ac5e2bfd 24760 
hol88-contrib-help_2.02.19940316-33_all.deb
 145c64859f6df307fed548b00d8d5ba962b9946d 729846 
hol88-contrib-source_2.02.19940316-33_all.deb
 20a8f3d858d2bad228c4ed54f14981b3327a8106 1056008 
hol88-doc_2.02.19940316-33_all.deb
 97e6f7089c9411da641d1b4b4220b7cdaa6bbeca 216690 
hol88-help_2.02.19940316-33_all.deb
 bb592a9eaa0873beed8e2d9d53148311b28c3e97 238504 
hol88-library-help_2.02.19940316-33_all.deb
 447cbf67a96b0ec0e25a761603678c3054fb0916 418966 
hol88-library-source_2.02.19940316-33_all.deb
 caa03c4367e6717c3331c18a975508edd0af6bc2 3098198 
hol88-library_2.02.19940316-33_amd64.deb
 a0a11e798b658e8a6035e1cb9253848b5925d673 295528 
hol88-source_2.02.19940316-33_all.deb
 a4963a823fd508e3b2ea2ff3d04275e6174e0a9b 12918 
hol88_2.02.19940316-33_amd64.buildinfo
 e9725805c16a034c15dfd4a52a9bb927f907aa74 6396842 
hol88_2.02.19940316-33_amd64.deb
Checksums-Sha256:
 bc566ce47e2dc75a132b2b2b89c293aee52d9c945014c5a23e20fb4c89dee205 2275 
hol88_2.02.19940316-33.dsc
 39ee37cd3fbe56ea631a3bcc3c2d4f9b2cd962eecadb2327a095278d84b863f0 131228 

Bug#715646: Processed: Bug#715646 marked as pending

[Adrian Bunk]

On Sun, Mar 12, 2017 at 09:06:34AM +0100, Marcos Fouces wrote:
> control: severity -1 grave
> 
> This could lead to DOS or, even worst, remote code execution. Following
> Hilko Bengen's advice: i re-adjust the severity.

Hi Marcos,

thanks a lot for fixing this bug as well as the similar #716355, #716457 
and #716458 in dsniff for stretch.

If these issues are serious enough, please coordinate with the security 
team (added to Cc) for getting them to jessie as part of a DSA.

If they are not serious enough for a DSA, it would be appreciated if you 
could prepare a package for the next jessie point release.

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Processed: llvm-toolchain-3.8: Fix R_AARCH64_MOVW_UABS_G3 relocation

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #862360 [src:llvm-toolchain-3.8] llvm-toolchain-3.8: Fix 
R_AARCH64_MOVW_UABS_G3 relocation
Severity set to 'serious' from 'normal'
> block 861484 by -1
Bug #861484 [src:julia] julia: FTBFS on arm64
861484 was not blocked by any bugs.
861484 was not blocking any bugs.
Added blocking bug(s) of 861484: 862360

-- 
861484: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861484
862360: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862360
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862301: marked as done (isoquery: FTBFS: test_integration_add_test_from_files: stdout of child process failed to match)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 19:33:53 +
with message-id 
and subject line Bug#862301: fixed in isoquery 3.2.1-2
has caused the Debian Bug report #862301,
regarding isoquery: FTBFS: test_integration_add_test_from_files: stdout of 
child process failed to match
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862301: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862301
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: isoquery
Version: 3.2.1-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Dear Maintainer,

isoquery fails to build from source in unstable/amd64:

  […]

 dh_auto_configure
./configure --build=x86_64-linux-gnu --prefix=/usr 
--includedir=\${prefix}/include --mandir=\${prefix}/share/man 
--infodir=\${prefix}/share/info --sysconfdir=/etc --localstatedir=/var 
--disable-silent-rules --libdir=\${prefix}/lib/x86_64-linux-gnu 
--libexecdir=\${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode 
--disable-dependency-tracking
  checking for a BSD-compatible install... /usr/bin/install -c
  checking whether build environment is sane... yes
  checking for a thread-safe mkdir -p... /bin/mkdir -p
  checking for gawk... no
  checking for mawk... mawk
  checking whether make sets $(MAKE)... yes
  checking whether make supports nested variables... yes
  checking whether to enable maintainer-specific portions of Makefiles... no
  checking for gcc... gcc
  checking whether the C compiler works... yes
  checking for C compiler default output file name... a.out
  checking for suffix of executables... 
  checking whether we are cross compiling... no
  checking for suffix of object files... o
  checking whether we are using the GNU C compiler... yes
  checking whether gcc accepts -g... yes
  checking for gcc option to accept ISO C89... none needed
  checking whether gcc understands -c and -o together... yes
  checking for style of include used by make... GNU
  checking dependency style of gcc... none
  checking for pkg-config... /usr/bin/pkg-config
  checking pkg-config is at least version 0.9.0... yes
  checking for GLIB... yes
  checking for JSON... yes
  checking for a sed that does not truncate output... /bin/sed
  checking whether NLS is requested... yes
  checking for msgfmt... /usr/bin/msgfmt
  checking for gmsgfmt... /usr/bin/msgfmt
  checking for xgettext... /usr/bin/xgettext
  checking for msgmerge... /usr/bin/msgmerge
  checking build system type... x86_64-pc-linux-gnu
  checking host system type... x86_64-pc-linux-gnu
  checking for ld used by gcc... /usr/bin/ld
  checking if the linker (/usr/bin/ld) is GNU ld... yes
  checking for shared library run path origin... done
  checking how to run the C preprocessor... gcc -E
  checking for grep that handles long lines and -e... /bin/grep
  checking for egrep... /bin/grep -E
  checking for CFPreferencesCopyAppValue... no
  checking for CFLocaleCopyCurrent... no
  checking for GNU gettext in libc... yes
  checking whether to use NLS... yes
  checking where the gettext function comes from... libc
  checking for rst2man... /usr/bin/rst2man
  checking for po4a-translate... /usr/bin/po4a-translate
  checking for po4a-gettextize... /usr/bin/po4a-gettextize
  checking that generated files are newer than configure... done
  configure: creating ./config.status
  config.status: creating Makefile
  config.status: creating po/Makefile.in
  config.status: creating src/Makefile
  config.status: creating tests/Makefile
  config.status: executing depfiles commands
  config.status: executing po-directories commands
  config.status: creating po/POTFILES
  config.status: creating po/Makefile
 dh_auto_build
make -j1
  make[1]: Entering directory '«BUILDDIR»'
  Making all in po
  make[2]: Entering directory '«BUILDDIR»/po'
  test ! -f ./isoquery.pot || \
test -z "cs.gmo da.gmo de.gmo e...@boldquot.gmo e...@quot.gmo es.gmo fr.gmo 
pt.gmo ru.gmo si.gmo sv.gmo vi.gmo" || make cs.gmo da.gmo de.gmo 
e...@boldquot.gmo e...@quot.gmo es.gmo fr.gmo pt.gmo ru.gmo si.gmo sv.gmo vi.gmo
  make[3]: Entering directory '«BUILDDIR»/po'
  rm -f cs.gmo && /usr/bin/msgfmt -c --statistics --verbose -o cs.gmo cs.po
  cs.po: 13 translated messages, 2 fuzzy translations, 5 untranslated messages.
  rm -f da.gmo && /usr/bin/msgfmt -c --statistics --verbose -o da.gmo da.po
  da.po: 20 translated messages.
  rm -f de.gmo && /usr/bin/msgfmt -c --statistics --verbose 

Bug#860633: marked as done (golang-gopkg-asn1-ber.v1: FTBFS on i386: dh_auto_test: go test -v -p 1 gopkg.in/asn1-ber.v1 returned exit code 2)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 19:18:53 +
with message-id 
and subject line Bug#860633: fixed in golang-gopkg-asn1-ber.v1 1.1-2
has caused the Debian Bug report #860633,
regarding golang-gopkg-asn1-ber.v1: FTBFS on i386: dh_auto_test: go test -v -p 
1 gopkg.in/asn1-ber.v1 returned exit code 2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860633
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-gopkg-asn1-ber.v1
Version: 1.1-1
Severity: serious
Tags: stretch sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20170418-i386 qa-ftbfs
Justification: FTBFS in stretch on i386

Hi,

During a rebuild of all packages in stretch (in a stretch chroot, not a
sid chroot), your package failed to build on i386.

Relevant part (hopefully):
> make[1]: Entering directory '/<>'
> dh_auto_configure
> cp -r tests _build/src/gopkg.in/asn1-ber.v1/
> make[1]: Leaving directory '/<>'
>dh_auto_build -O--buildsystem=golang -O--builddirectory=_build
>   go install -v -p 1 gopkg.in/asn1-ber.v1
> gopkg.in/asn1-ber.v1
>dh_auto_test -O--buildsystem=golang -O--builddirectory=_build
>   go test -v -p 1 gopkg.in/asn1-ber.v1
> # gopkg.in/asn1-ber.v1
> src/gopkg.in/asn1-ber.v1/length_test.go:83: constant 9223372036854775807 
> overflows int
> src/gopkg.in/asn1-ber.v1/length_test.go:137: constant 9223372036854775807 
> overflows int
> FAIL  gopkg.in/asn1-ber.v1 [build failed]
> dh_auto_test: go test -v -p 1 gopkg.in/asn1-ber.v1 returned exit code 2

The full build log is available from:
   
http://aws-logs.debian.net/2017/04/18/golang-gopkg-asn1-ber.v1_1.1-1_testing-i386.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
Source: golang-gopkg-asn1-ber.v1
Source-Version: 1.1-2

We believe that the bug you reported is fixed in the latest version of
golang-gopkg-asn1-ber.v1, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Lazăr  (supplier of updated golang-gopkg-asn1-ber.v1 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 11 May 2017 12:05:11 +0200
Source: golang-gopkg-asn1-ber.v1
Binary: golang-gopkg-asn1-ber.v1-dev
Architecture: source
Version: 1.1-2
Distribution: unstable
Urgency: medium
Maintainer: pkg-go 
Changed-By: David Lazăr 
Description:
 golang-gopkg-asn1-ber.v1-dev - ASN1 BER Encoding / Decoding Library for the GO 
programming langu
Closes: 860633
Changes:
 golang-gopkg-asn1-ber.v1 (1.1-2) unstable; urgency=medium
 .
   [ Paul Tagliamonte ]
   * Team upload.
   * Use a secure transport for the Vcs-Git and Vcs-Browser URL
 .
   [ David Lazăr ]
   * Add skip-64-bit-tests-on-32-bit-platforms.patch. (Closes: #860633)
   * Add myself to uploaders.
Checksums-Sha1:
 a7cad59c5c366e8571ba1c98f9f97c0ebf1d774b 2174 
golang-gopkg-asn1-ber.v1_1.1-2.dsc
 89349b7b39d7972ff1cc2ff395d80585deabbd67 3092 
golang-gopkg-asn1-ber.v1_1.1-2.debian.tar.xz
 2c1c92e829ee38809b3d14e3369c7d7dbbd8b95a 5686 
golang-gopkg-asn1-ber.v1_1.1-2_amd64.buildinfo
Checksums-Sha256:
 78b25a370d099a8514c65c21eb40140e3762a61a16d457ded75bd08652ed0b0b 2174 
golang-gopkg-asn1-ber.v1_1.1-2.dsc
 0d76c8ba6c5c87d26557a002c748afae4df568a95ef25e709214806e95c3f14f 3092 
golang-gopkg-asn1-ber.v1_1.1-2.debian.tar.xz
 3f915a72c7886a17518ea6eb09e5a4408b955f3e7eb006dbff034c7f5714befe 5686 
golang-gopkg-asn1-ber.v1_1.1-2_amd64.buildinfo
Files:
 0bf14359ecb55bd600232848d5383c1d 2174 devel extra 
golang-gopkg-asn1-ber.v1_1.1-2.dsc
 dab3595691b70cd8cadf4558d0a8a660 3092 devel extra 
golang-gopkg-asn1-ber.v1_1.1-2.debian.tar.xz
 

Bug#860633: Pending fixes for bugs in the golang-gopkg-asn1-ber.v1 package

[pkg-go-maintainers]

tag 860633 + pending
thanks

Some bugs in the golang-gopkg-asn1-ber.v1 package are closed in
revision 797d25845b42f58fd9db1ab93ac79f53ab3fa387 in branch 'master'
by David Lazăr

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-go/packages/golang-gopkg-asn1-ber.v1.git/commit/?id=797d258

Commit message:

Add skip-64-bit-tests-on-32-bit-platforms.patch.

Closes: #860633

Processed: Pending fixes for bugs in the golang-gopkg-asn1-ber.v1 package

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 860633 + pending
Bug #860633 [src:golang-gopkg-asn1-ber.v1] golang-gopkg-asn1-ber.v1: FTBFS on 
i386: dh_auto_test: go test -v -p 1 gopkg.in/asn1-ber.v1 returned exit code 2
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860633
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861484: julia: FTBFS on arm64

[Edmund Grimley Evans]

This problem is caused by:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862360

How I discovered this, would be a long story.

The effect of the LLVM bug is to OR the register field of a
"movz xD, #IMM, lsl #48" with bits 43-47 of an address. With some
kernels those bits are always zero, so no harm is done. If you can
build julia, which is just a matter of using an appropriate system,
then you might as well ship it. It will be useful for some people
even if the LLVM bug does not get fixed.

There is probably no need to rebuild julia when the LLVM bug has been fixed,
but you should probably check that with someone who properly understands
how julia works.

Bug#783605: closed by Christoph Biedl <debian.a...@manchmal.in-ulm.de> (Bug#783605: fixed in dpkg-sig 0.13.1+nmu4)

[Adrian Bunk]

On Thu, Dec 22, 2016 at 11:09:09AM +, Debian Bug Tracking System wrote:
>...
>  dpkg-sig (0.13.1+nmu4) unstable; urgency=medium
>  .
>* Non-maintainer upload
>* Exit non-zero upon unsigned .deb. Patch by Paul Harvey.
>  Closes: #783605
>...

Hi Christoph,

thanks a lot for fixing this bug for stretch.

It is still present in jessie, could you also fix it there?

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#861040: marked as done (camping: broken symlink: /usr/share/doc/camping/rdoc/fonts/Lato-RegularItalic.ttf -> ../../../../fonts/truetype/lato/Lato-RegularItalic.ttf)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 18:18:43 +
with message-id 
and subject line Bug#861040: fixed in camping 2.1.580-1.1
has caused the Debian Bug report #861040,
regarding camping: broken symlink: 
/usr/share/doc/camping/rdoc/fonts/Lato-RegularItalic.ttf -> 
../../../../fonts/truetype/lato/Lato-RegularItalic.ttf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861040: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861040
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: camping
Version: 2.1.580-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink.

>From the attached log (scroll to the bottom...):

0m47.8s ERROR: FAIL: Broken symlinks:
  /usr/share/doc/camping/rdoc/fonts/Lato-RegularItalic.ttf -> 
../../../../fonts/truetype/lato/Lato-RegularItalic.ttf

   ^^^

The fonts-lato ships /usr/share/fonts/truetype/lato/Lato-Italic.ttf
instead.


cheers,

Andreas


camping_2.1.580-1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: camping
Source-Version: 2.1.580-1.1

We believe that the bug you reported is fixed in the latest version of
camping, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Biedl  (supplier of updated camping 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 06 May 2017 13:42:18 +
Source: camping
Binary: camping
Architecture: source all
Version: 2.1.580-1.1
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Christoph Biedl 
Description:
 camping- small Ruby web framework for Model-View-Controller type applicati
Closes: 861040
Changes:
 camping (2.1.580-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix broken symlink, patch by Chris Lamb. Closes: #861040
Checksums-Sha1:
 636ebb0a3e555dee59a6f8b39cf406db273a0c4c 2047 camping_2.1.580-1.1.dsc
 82bdcfdb724ceb093aa6f78aab7851972e611909 33748 
camping_2.1.580-1.1.debian.tar.xz
 3e0fb542cf4862579e0c1e20fd62a2a8685e7965 153688 camping_2.1.580-1.1_all.deb
 06eff3b438a062cdebb9702c95ff9f7977a152ef 5440 
camping_2.1.580-1.1_powerpc.buildinfo
Checksums-Sha256:
 39d107b7b5db3df79225317174a54383103874f9ac8bec44d74eaddba6045561 2047 
camping_2.1.580-1.1.dsc
 5246769171909b5126d52d769c35a92cfb383dc962c3f58f87b57be0ba4dcc69 33748 
camping_2.1.580-1.1.debian.tar.xz
 b70d0f2953d3df4702685d00de0aeb41f05b8f75299b1db71b0f2f55b479dabc 153688 
camping_2.1.580-1.1_all.deb
 8c86f248681dc81e257eb84c41d98b3f2a0ceb57eb24b71c61345663f3632686 5440 
camping_2.1.580-1.1_powerpc.buildinfo
Files:
 c73e97620baa78f7cdbb7de0e6e40736 2047 web optional camping_2.1.580-1.1.dsc
 199318717e6f29a6fb4931d70d2038a0 33748 web optional 
camping_2.1.580-1.1.debian.tar.xz
 b92f709bcd6051e1f0106c172681fd1b 153688 web optional 
camping_2.1.580-1.1_all.deb
 b0447a9fd7847a35a3f18f35fdec928d 5440 web optional 
camping_2.1.580-1.1_powerpc.buildinfo

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJZDgr3AAoJEMQsWOtZFJL9bK4P/01Y8HyCnrJdMUaYR0/w/mk/
MK/BQGRHy7EiF0RuEK4pSlQngvjKsX/tMvrxy6avi6BaL7UHwroS/pl1gC+Sn9VK
brM2rLx0B4g/74R1S7eL9565ofSxIYu1i+XtOInO4sErrMIsodPPR7094SS6Pphv
YvTebeN1/1BT4gAF5HP/Qb2ZwOoUG6bLrmfHICzxaUuW9Z6VkueCi86uV46YUQHR
DRlbq9s3iLh8ifxbi1vPSs5Q4ZlR3fS1+UD7cS8xHQuSnrczjpX/QPtG5ICjGfqo
YCHi7V9RYKN91tnJht77zn4KooDzi0tmZepTFYDML3sGHy5xzMz6cTjhrITIvUGy
5r6MOMbcD/awzIcjWBiQnikD+fvHADdZDloNT/x+SXAFqvFpxqnubMHqf855cZ5x
kkeDaM9gpU+6v7TqhPlGQRy8b+c4HCZB06Uh/wumu+6rStBTy3An3S/jSdXxDaw1
iQ4j4jEYXxjRrrVT91adOrffcEmkiI66yjBomYH/g5RpVm3fg9OaisTg/1R8pzI+
cW0QH+JV1QlzKvPP7dhcUgF7j5RZb/joZaN5DIUG6wE8KnfQOOLL0huDOMCrapNZ
hAXqIaj5fuo9xsYfePsRiHoRgRAmRe+cSK1ZL3NdgL+K9ZMy12huQmJcZuQVVqNg
JrbjZLZ4Yq1+0WRMW5o6
=cyvw
-END PGP 

Processed: This was a regression introduced in 1.8.11

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 836168 1.8.11-1
Bug #836168 {Done: Helmut Grohne } [doxygen] doxygen: 
Injects unescaped '%' signs into LaTeX source
Marked as found in versions doxygen/1.8.11-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
836168: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836168
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Also fixed in 1.8.12-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 836168 1.8.12-1
Bug #836168 {Done: Helmut Grohne } [doxygen] doxygen: 
Injects unescaped '%' signs into LaTeX source
Marked as fixed in versions doxygen/1.8.12-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
836168: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836168
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#684499: Streaming MOVE commands

[Adrian Bunk]

On Mon, Feb 22, 2016 at 12:36:46AM -0500, Jaldhar H. Vyas wrote:
> On Mon, 22 Feb 2016, Timo Sirainen wrote:
> 
> > On 21 Feb 2016, at 13:46, Emilio Jesús Gallego Arias  
> > wrote:
> > > 
> > > Hello Timo,
> > > 
> > > Timo Sirainen  writes:
> > > 
> > > > Thanks, looks like this was broken with Maildir and mbox formats. It
> > > > also caused expunges in some other situations to be lost. Fixed:
> > > > 
> > > > https://github.com/dovecot/core/commit/950a6e61d6c2dac961ce031bdd8b2895bc32b827
> > > 
> > > Thanks a lot for the fix, testing it now!
> > > 
> > > Is this patch suitable of being backported to 2.2.13? (Debian stable)
> > 
> > Should be.
> > 
> 
> This will definitely go into the upcoming 2.2.21 packages. (After a long
> period of stasis we're going to bring everything up to date again soon.)
> 
> I don't know if the release team will allow it for stable even though it is
> a minor change but I'll definitely bring it up for their consideration.

What was the result?

Any chance of getting this one-line change into jessie?

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Processed: [bts-link] source package src:swftools

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:swftools
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> #
> user bts-link-upstr...@lists.alioth.debian.org
Setting user to bts-link-upstr...@lists.alioth.debian.org (was 
bts-link-de...@lists.alioth.debian.org).
> # remote status report for #861693 (http://bugs.debian.org/861693)
> # Bug title: swftools: CVE-2017-8400: out-of-bound write of heap data issue 
> can occur in function png_load()
> #  * https://github.com/matthiaskramm/swftools/issues/13
> #  * remote status changed: (?) -> closed
> #  * closed upstream
> tags 861693 + fixed-upstream
Bug #861693 [src:swftools] swftools: CVE-2017-8400: out-of-bound write of heap 
data issue can occur in function png_load()
Added tag(s) fixed-upstream.
> usertags 861693 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> # remote status report for #861998 (http://bugs.debian.org/861998)
> # Bug title: swftools: CVE-2017-8401: out-of-bound read of heap data issue 
> can occur in function png_load()
> #  * https://github.com/matthiaskramm/swftools/issues/14
> #  * remote status changed: (?) -> open
> usertags 861998 + status-open
There were no usertags set.
Usertags are now: status-open.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
861693: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861693
861998: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861998
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#854688: bitlbee: The versions in stable/testing are vulnerable to CVE-2016-10189 and CVE-2016-10188

[Moritz Mühlenhoff]

On Thu, May 11, 2017 at 05:20:55PM +0300, Adrian Bunk wrote:
> On Thu, Feb 09, 2017 at 11:38:29AM -0300, dequis wrote:
> > Package: bitlbee
> > Version: 3.4.2-1.1
> > Severity: grave
> > Tags: upstream security patch fixed-upstream
> > 
> > Hi,
> > 
> > I'm opening this bug since #853282, which was just fixed by the
> > 3.5.1-1 upload, seems to apply to sid only.
> > 
> > CVE-2016-10188 is "bitlbee-libpurple: Use after free when expiring
> > file transfer requests"
> > 
> > https://security-tracker.debian.org/tracker/CVE-2016-10188
> > 
> > CVE-2016-10189 is "Null pointer dereference with file transfer request
> > from unknown contacts"
> > 
> > https://security-tracker.debian.org/tracker/CVE-2016-10189
> > 
> > The current version in sid would fix both of these issues for stretch,
> > but it's blocked due to the freeze. I would like to request an unblock
> > for that particular case, if possible.
> 
> These CVEs are now fixed in wheezy (by Thorsten) and stretch since 
> February, but people upgrading from for wheezy to jessie are losing
> the fixes since they aren't fixed there.
> 
> They are not marked "no DSA" in
>   https://security-tracker.debian.org/tracker/source-package/bitlbee
> 
> Does the security team plan to release a DSA?
> 
> Or should/could someone (Thorsten?) upload these fixes for the next 
> jessie point release?

No, this can be fixed via security.debian.org if someone prepares
a tested update.

Cheers,
Moritz

Bug#807707: closed by Torsten Landschoff <tors...@debian.org> (Bug#807707: fixed in ddclient 3.8.2-4)

[Adrian Bunk]

On Sat, Dec 19, 2015 at 12:21:18AM +, Debian Bug Tracking System wrote:
>...
>  ddclient (3.8.2-4) unstable; urgency=high
>...
>* debian/ddclient.dhclient-exit-hook: Put body in braces to have it run
>  in a subshell. Otherwise an early exit can break DHCP (closes: #807707).
>...

Hi Torsten,

thanks a lot for fixing this bug for stretch.

It is still present in jessie, could you also fix it there?
Or if you don't object, I can fix it for jessie.

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#862329: marked as done (gitlab: fails gitlab install on stretch with alternative gitlab user while configuring dbconfig-common)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 17:18:35 +
with message-id 
and subject line Bug#862329: fixed in gitlab 8.13.11+dfsg1-6
has caused the Debian Bug report #862329,
regarding gitlab: fails gitlab install on stretch with alternative gitlab user 
while configuring dbconfig-common
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862329: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862329
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gitlab
Version: 8.13.11+dfsg1-5
Severity: grave
Justification: renders package unusable

Installing the gitlab package via apt on a clean Stretch environment resulted
in an dpkg error if the gitlab default user is changed from 'gitlab' to
something like 'git' in the debconf installation process (probably a common
use-case):
*** OUTPUT OF 'sudo apt-get install gitlab' ***
[...]
Creating/updating git user account...
adduser: Warning: The home directory `/var/lib/gitlab' does not belong to the
user you are currently creating.
Making git owner of /var/lib/gitlab...
Creating runtime directories for gitlab...
Updating file permissions...
Configuring hostname and email...
Registering /usr/lib/tmpfiles.d/gitlab.conf via ucf

Creating config file /usr/lib/tmpfiles.d/gitlab.conf with new version
Registering /etc/gitlab-shell/config.yml via ucf

Creating config file /etc/gitlab-shell/config.yml with new version
Registering /etc/gitlab/gitlab.yml via ucf

Creating config file /etc/gitlab/gitlab.yml with new version
Registering /etc/gitlab/gitlab-debian.conf via ucf

Creating config file /etc/gitlab/gitlab-debian.conf with new version

Creating config file /etc/nginx/sites-available/localhost with new version
Reloading nginx configuration...
dbconfig-common: writing config to /etc/dbconfig-common/gitlab.conf
Replacing config file /etc/dbconfig-common/gitlab.conf with new version
dbconfig-common: flushing administrative password
dpkg: error processing package gitlab (--configure):
 subprocess installed post-installation script returned error exit status 10
Processing triggers for libc-bin (2.24-10) ...
Processing triggers for systemd (232-22) ...
Errors were encountered while processing:
 gitlab
E: Sub-process /usr/bin/dpkg returned an error code (1)
*** END OF OUTPUT ***


This is the generated '/etc/dbconfig-common/gitlab.conf':
*** CONTENT OF '/etc/dbconfig-common/gitlab.conf' ***
# automatically generated by the maintainer scripts of gitlab
# any changes you make will be preserved, though your comments
# will be lost!  to change your settings you should edit this
# file and then run "dpkg-reconfigure gitlab"

# dbc_install: configure database with dbconfig-common?
#  set to anything but "true" to opt out of assistance
dbc_install=''

# dbc_upgrade: upgrade database with dbconfig-common?
#  set to anything but "true" to opt out of assistance
dbc_upgrade=''

# dbc_remove: deconfigure database with dbconfig-common?
# set to anything but "true" to opt out of assistance
dbc_remove=''

# dbc_dbtype: type of underlying database to use
#   this exists primarily to let dbconfig-common know what database
#   type to use when a package supports multiple database types.
#   don't change this value unless you know for certain that this
#   package supports multiple database types
dbc_dbtype=''

# dbc_dbuser: database user
#   the name of the user who we will use to connect to the database.
dbc_dbuser='10 gitlab/db/app-user doesn'\''t exist'

# dbc_dbpass: database user password
#   the password to use with the above username when connecting
#   to a database, if one is required
dbc_dbpass=''

# dbc_dballow: allowed host to connect from
#   only for database types that support specifying the host from
#   which the database user is allowed to connect from
#   this string defines for which host the dbc_dbuser is allowed
#   to connect
#   this value is only really used again when you reconfigure the
#   package
dbc_dballow=''

# dbc_dbserver: database host.
#   leave unset to use localhost (or a more efficient local method
#   if it exists).
dbc_dbserver=''

# dbc_dbport: remote database port
#   leave unset to use the default.  only applicable if you are
#   using a remote database.
dbc_dbport=''

# dbc_dbname: name of database
#   this is the name of your application's database.
dbc_dbname='gitlab'

# dbc_dbadmin: name of the administrative user
#   this is the administrative user that is used to create all of the 

Bug#861484: always fails on 4.11, too

[Adam Borowski]

> Always succeeds on:
> Linux 3.16.0-4-arm64 armhf (aarch64)
> > 4.5.0

> Always fails on:
> Linux 4.8.0-0.bpo.2-arm64 arm64 (aarch64)
> Linux 4.9.0-0.bpo.2-arm64 arm64 (aarch64)
> Linux 4.9.0-2-arm64 arm64 (aarch64)

You're using ancient kernels.  There's 4.11 out, you know?
It always fails (on Pine64).

Alas, while the opposite case (broken on old kernels, ok on new) would be
acceptable, broken on new is not, especially that stretch uses 4.9, thus
making julia useless for the vast majority of users.

The splat is:
Thread 1 "julia" received signal SIGSEGV, Segmentation fault.
0xfffdb1b8a07c in julia_isfile_21394 () at stat.jl:107
107 @eval ($f)(path...)  = ($f)(stat(path...))
(gdb) list
102 :isexecutable
103 :uperm
104 :gperm
105 :operm
106 ]
107 @eval ($f)(path...)  = ($f)(stat(path...))
108 end
109 
110 islink(path...) = islink(lstat(path...))
111 

But you probably know that already; the only worthwhile data point from me
is that it fails on kernels newer than 4.9 too.


Meow!
-- 
Don't be racist.  White, amber or black, all beers should be judged based
solely on their merits.  Heck, even if occasionally a cider applies for a
beer's job, why not?
On the other hand, corpo lager is not a race.

Bug#862344: [Pkg-puppet-devel] Bug#862344: puppet trying to overwrite /etc/puppet/puppet.conf from puppet-common

[Apollon Oikonomopoulos]

Control: tags -1 unreproducible moreinfo

Hi Christoph,

On 16:31 Thu 11 May , Christoph Berg wrote:
> On a Jessie system running the Jessie version of puppet, upgrading to
> the jessie-backports version yields:
> 
> Entpacken von puppet (4.8.2-3~bpo8+1) über (3.7.2-4) ...
> dpkg: Fehler beim Bearbeiten des Archivs 
> /var/cache/apt/archives/puppet_4.8.2-3~bpo8+1_all.deb (--unpack):
>  Versuch, »/etc/puppet/puppet.conf« zu überschreiben, welches auch in Paket 
> puppet-common 4.8.2-3~bpo8+1 ist
> 
> Roughly translated:
> Unpacking puppet (4.8.2-3~bpo8+1) over (3.7.2-4) ...
> dpkg: Error in /var/cache/apt/archives/puppet_4.8.2-3~bpo8+1_all.deb 
> (--unpack):
>  Trying to overwrite »/etc/puppet/puppet.conf« which is also in package 
> puppet-common 4.8.2-3~bpo8+1

Unfortunately I'm unable to reproduce this. puppet has Breaks & Replaces 
against puppet-common (<< 4.5.0-1), so this should never happen in 
theory.

> 
> $ agi puppet/jessie-backports -t jessie-backports

What does `agi' expand to? Just `apt-get install' or with any additional 
options?

> Paketlisten werden gelesen... Fertig
> Abhängigkeitsbaum wird aufgebaut.   
> Statusinformationen werden eingelesen Fertig
> Version »4.8.2-3~bpo8+1« (Debian Backports:jessie-backports [all]) für 
> »puppet« gewählt.
> Die folgenden Pakete wurden automatisch installiert und werden nicht mehr 
> benötigt:
>   libnetfilter-acct1 libnetfilter-log1 ruby-hiera
> Verwenden Sie »apt-get autoremove«, um sie zu entfernen.
> Die folgenden zusätzlichen Pakete werden installiert:
>   facter puppet-common puppet-master puppetmaster ruby-deep-merge
> Vorgeschlagene Pakete:
>   ruby-rrd
> Empfohlene Pakete:
>   pciutils dmidecode virt-what debconf-utils ruby-selinux
> Die folgenden Pakete werden ENTFERNT:
>   puppetmaster-common
> Die folgenden NEUEN Pakete werden installiert:
>   puppet-master ruby-deep-merge
> Die folgenden Pakete werden aktualisiert (Upgrade):
>   facter puppet puppet-common puppetmaster
> 4 aktualisiert, 2 neu installiert, 1 zu entfernen und 44 nicht aktualisiert.
> Es müssen 1.287 kB an Archiven heruntergeladen werden.
> Nach dieser Operation werden 783 kB Plattenplatz zusätzlich benutzt.
> Möchten Sie fortfahren? [J/n] 
> Holen: 1 http://ftp.debian.org/debian/ jessie-backports/main facter all 
> 2.4.6-1~bpo8+1 [77,3 kB]
> Holen: 2 http://ftp.debian.org/debian/ jessie-backports/main ruby-deep-merge 
> all 1.1.1-1~bpo8+1 [9.486 B]
> Holen: 3 http://ftp.debian.org/debian/ jessie-backports/main puppetmaster all 
> 4.8.2-3~bpo8+1 [23,2 kB]
> Holen: 4 http://ftp.debian.org/debian/ jessie-backports/main puppet-common 
> all 4.8.2-3~bpo8+1 [23,5 kB]
> Holen: 5 http://ftp.debian.org/debian/ jessie-backports/main puppet all 
> 4.8.2-3~bpo8+1 [1.127 kB]
> Holen: 6 http://ftp.debian.org/debian/ jessie-backports/main puppet-master 
> all 4.8.2-3~bpo8+1 [26,5 kB]
> Es wurden 1.287 kB in 1 s geholt (721 kB/s).
> debconf: Schiebe die Paketkonfiguration auf, da apt-utils nicht installiert 
> ist
> (Lese Datenbank ... 44078 Dateien und Verzeichnisse sind derzeit installiert.)
> Vorbereitung zum Entpacken von .../facter_2.4.6-1~bpo8+1_all.deb ...
> Entpacken von facter (2.4.6-1~bpo8+1) über (2.2.0-1) ...
> Vormals nicht ausgewähltes Paket ruby-deep-merge wird gewählt.
> Vorbereitung zum Entpacken von .../ruby-deep-merge_1.1.1-1~bpo8+1_all.deb ...
> Entpacken von ruby-deep-merge (1.1.1-1~bpo8+1) ...
> Vorbereitung zum Entpacken von .../puppetmaster_4.8.2-3~bpo8+1_all.deb ...
> Entpacken von puppetmaster (4.8.2-3~bpo8+1) über (3.7.2-4) ...
> Trigger für man-db (2.7.0.2-5) werden verarbeitet ...
> (Lese Datenbank ... 44085 Dateien und Verzeichnisse sind derzeit installiert.)
> Entfernen von puppetmaster-common (3.7.2-4) ...
> (Lese Datenbank ... 44083 Dateien und Verzeichnisse sind derzeit installiert.)
> Vorbereitung zum Entpacken von .../puppet-common_4.8.2-3~bpo8+1_all.deb ...
> Entpacken von puppet-common (4.8.2-3~bpo8+1) über (3.7.2-4) ...
> dpkg: Warnung: Altes Verzeichnis »/usr/share/puppet/modules« kann nicht 
> gelöscht werden: Das Verzeichnis ist nicht leer
> dpkg: Warnung: Altes Verzeichnis »/var/lib/puppet« kann nicht gelöscht 
> werden: Das Verzeichnis ist nicht leer
> dpkg: Warnung: Altes Verzeichnis »/var/log/puppet« kann nicht gelöscht 
> werden: Das Verzeichnis ist nicht leer
> Vorbereitung zum Entpacken von .../puppet_4.8.2-3~bpo8+1_all.deb ...
> Entpacken von puppet (4.8.2-3~bpo8+1) über (3.7.2-4) ...
> dpkg: Fehler beim Bearbeiten des Archivs 
>  /var/cache/apt/archives/puppet_4.8.2-3~bpo8+1_all.deb (--unpack):
>  Versuch, »/etc/puppet/puppet.conf« zu überschreiben, welches auch in Paket 
> puppet-common 4.8.2-3~bpo8+1 ist

Notice that the unpack order is correct, i.e. puppet is unpacked after 
puppet-common. I have no idea what could go wrong here, other than dpkg 
thinking that for some reason puppet-common 4.8.2 has inherited 
puppet.conf. However, as I said, I'm unable to reproduce this, even with 
a modified conffile.

Cheers,
Apollon

Processed: Re: [Pkg-puppet-devel] Bug#862344: puppet trying to overwrite /etc/puppet/puppet.conf from puppet-common

[Debian Bug Tracking System]

Processing control commands:

> tags -1 unreproducible moreinfo
Bug #862344 [puppet] puppet trying to overwrite /etc/puppet/puppet.conf from 
puppet-common
Added tag(s) moreinfo and unreproducible.

-- 
862344: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862344
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859912: marked as done (open-infrastructure-locales-c.utf-8: provides the locales and locales-all packages, but not their functionality)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 16:19:57 +
with message-id 
and subject line Bug#862343: Removed package(s) from unstable
has caused the Debian Bug report #859912,
regarding open-infrastructure-locales-c.utf-8: provides the locales and 
locales-all packages, but not their functionality
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
859912: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859912
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: open-infrastructure-locales-c.utf-8
Version: 20170407-1
Severity: serious

Your package has a 'Provides' for locales and locales-all but without
actually providing any of the functionality of these packages.  This
makes many packages build-depending on either of those FTBFS.  Here is a
random example from bgoffice-computer-terms:

,
|  debian/rules build
| dh build
| dh: Compatibility levels before 9 are deprecated (level 5 in use)
|dh_testdir
|dh_update_autotools_config
|dh_auto_configure
| dh_auto_configure: Compatibility levels before 9 are deprecated (level 5 in 
use)
|debian/rules override_dh_auto_build
| make[1]: Entering directory '/build/bgoffice-computer-terms-0.0.200909080118'
| odt2txt --encoding=UTF-8 en-bg-comp-dict.odt \
| | perl debian/odttxt2dat.pl > computer-terms.dat
| Unable to set locale to bg_BG.UTF-8 at debian/odttxt2dat.pl line 18.
| debian/rules:7: recipe for target 'override_dh_auto_build' failed
| make[1]: *** [override_dh_auto_build] Error 2
| make[1]: Leaving directory '/build/bgoffice-computer-terms-0.0.200909080118'
| debian/rules:4: recipe for target 'build' failed
| make: *** [build] Error 2
| dpkg-buildpackage: error: debian/rules build gave error exit status 2
`


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 4.9.21-nouveau (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Version: 20170410-1+rm

Dear submitter,

as the package open-infrastructure-locales-c.utf-8 has just been removed from 
the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/862343

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Processed: Re: [debhelper-devel] Bug#862334: dh_installinit automatically add not running content

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 sane-utils
Bug #862334 [debhelper] dh_installinit automatically add not running content
Bug reassigned from package 'debhelper' to 'sane-utils'.
No longer marked as found in versions debhelper/10.2.5.
Ignoring request to alter fixed versions of bug #862334 to the same values 
previously set

-- 
862334: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862334
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862334: [debhelper-devel] Bug#862334: dh_installinit automatically add not running content

[Steve Langasek]

Control: reassign -1 sane-utils

On Thu, May 11, 2017 at 02:46:48PM +0200, Jörg Frings-Fürst wrote:
> Hello,

> saneutils don't use a prerm script.

> dh_installinit add once with the content:

> [quote]
> #!/bin/sh
> set -e
> # Automatically added by dh_installinit
> if [ -x "/etc/init.d/saned" ] && [ "$1" = remove ]; then
> invoke-rc.d saned stop || saned_eh
> fi
> # End automatically added section
> [/quote]

> saned_eh is defined as a function in the postinst script.

debhelper is behaving as instructed.  The debian/rules in sane-backends is
telling debhelper to use saned_eh as the 'error handler' for installinit:

override_dh_installinit:
dh_installinit -psane-utils --name=saned --error-handler=saned_eh

The error handler must be available to both postinst and prerm scripts if
you expect it to work.

Of course, 'invoke-rc.d saned stop' should normally succeed, in which case
the script never tries to call saned_eh anyway.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Processed: Explicitely marked as found in the version in jessie

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 800819 3.370-2
Bug #800819 {Done: Aurelien Jarno } [cfitsio] cfitsio: 
wrong decompression on MIPS
There is no source info for the package 'cfitsio' at version '3.370-2' with 
architecture ''
Unable to make a source version for version '3.370-2'
Marked as found in versions 3.370-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
800819: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800819
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#854596: marked as done (fontmatrix: uninstallable -at least under stretch, fontmatrix : Dépend: libicu52 (>= 52~m1-1~) which is a virtual package and is not provided by any available package)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 15:39:32 +
with message-id 
and subject line Bug#862101: Removed package(s) from unstable
has caused the Debian Bug report #799311,
regarding fontmatrix: uninstallable -at least under stretch, fontmatrix : 
Dépend: libicu52 (>= 52~m1-1~) which is a virtual package and is not provided 
by any available package
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
799311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: fontmatrix
Version: 0.6.0+svn20110930-1.1+b1
Severity: grave
Tags: upstream
Justification: renders package unusable

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***



-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (101, 'testing'), (10, 'experimental'), (10, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Version: 0.6.0+svn20110930-1.1+rm

Dear submitter,

as the package fontmatrix has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/862101

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#834946: marked as done (lshell: CVE-2016-6903: Shell outbreak with multiline commands)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 15:39:37 +
with message-id 
and subject line Bug#862302: Removed package(s) from unstable
has caused the Debian Bug report #834946,
regarding lshell: CVE-2016-6903: Shell outbreak with multiline commands
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
834946: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834946
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lshell
Version: 0.9.16-1
Severity: grave
Tags: security upstream
Justification: user security hole

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Vladislav Yarmak 
To: Debian Bug Tracking System 
Subject: lshell: Shell outbreak with multiline commands
Message-ID: <20160820194404.1737.15528.reportbug@debian>
X-Mailer: reportbug 6.6.3
Date: Sat, 20 Aug 2016 22:44:04 +0300
X-Debbugs-Cc: Debian Security Team ,
 Debian Testing Security Team
 

Package: lshell
Version: 0.9.16-1
Severity: grave
Tags: security upstream
Justification: user security hole

Just type  after any allowed command and then type desired 
restricted command:

root@debian:~# getent passwd testuser
testuser:x:1001:1001:,,,:/home/testuser:/usr/bin/lshell
root@debian:~# su - testuser
You are in a limited shell.
Type '?' or 'help' to get the list of allowed commands
testuser:~$ ?
cd  clear  echo  exit  help  history  ll  lpath  ls  lsudo
testuser:~$ bash
*** forbidden command: bash
testuser:~$ echo
bash

testuser@debian:~$ ps -f
UIDPID  PPID  C STIME TTY  TIME CMD
testuser  1641  1640  0 22:27 pts/100:00:00 /usr/bin/python /usr/bin/lshell
testuser  1642  1641  0 22:27 pts/100:00:00 sh -c set -m; echo bash
testuser  1643  1642  0 22:27 pts/100:00:00 bash
testuser  1648  1643  0 22:27 pts/100:00:00 ps -f

Problem exists in current upstream code. There are opened issue on Github but 
no reaction yet: https://github.com/ghantoos/lshell/issues/149.

Command parser in this shell is beyound of recovery. I recommend to replace 
this shell with symlink to /usr/sbin/nologin.

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lshell depends on:
ii  adduser  3.113+nmu3
ii  python   2.7.9-1

lshell recommends no packages.

lshell suggests no packages.

-- no debconf information

*** outbreak.txt
root@debian:~# getent passwd testuser
testuser:x:1001:1001:,,,:/home/testuser:/usr/bin/lshell
root@debian:~# su - testuser
You are in a limited shell.
Type '?' or 'help' to get the list of allowed commands
testuser:~$ ?
cd  clear  echo  exit  help  history  ll  lpath  ls  lsudo
testuser:~$ bash
*** forbidden command: bash
testuser:~$ echo
bash

testuser@debian:~$ ps -f
UIDPID  PPID  C STIME TTY  TIME CMD
testuser  1641  1640  0 22:27 pts/100:00:00 /usr/bin/python /usr/bin/lshell
testuser  1642  1641  0 22:27 pts/100:00:00 sh -c set -m; echo bash
testuser  1643  1642  0 22:27 pts/100:00:00 bash
testuser  1648  1643  0 22:27 pts/100:00:00 ps -f

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lshell depends on:
ii  adduser  3.113+nmu3
ii  python   2.7.9-1

lshell recommends no packages.

lshell suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.9.18-2+rm

Dear submitter,

as the package lshell has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/862302

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by 

Bug#834949: marked as done (lshell: CVE-2016-6902: Shell outbreak due to bad syntax parse)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 15:39:37 +
with message-id 
and subject line Bug#862302: Removed package(s) from unstable
has caused the Debian Bug report #834949,
regarding lshell: CVE-2016-6902: Shell outbreak due to bad syntax parse
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
834949: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834949
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lshell
Version: 0.9.16-1
Severity: grave
Tags: security upstream
Justification: user security hole

lshell fails to parse shell syntax correctly and restrictions can be overrun:

root@debian:~# getent passwd testuser
testuser:x:1001:1001:,,,:/home/testuser:/usr/bin/lshell
root@debian:~# su - testuser
You are in a limited shell.
Type '?' or 'help' to get the list of allowed commands
testuser:~$ ?
cd  clear  echo  exit  help  history  ll  lpath  ls  lsudo
testuser:~$ bash
*** forbidden command: bash
testuser:~$ echo && 'bash'

testuser@debian:~$ ps -f
UIDPID  PPID  C STIME TTY  TIME CMD
testuser  4000  3999  0 23:12 pts/100:00:00 /usr/bin/python /usr/bin/lshell
testuser  4001  4000  0 23:12 pts/100:00:00 sh -c set -m; echo && 'bash'
testuser  4002  4001  0 23:12 pts/100:00:00 bash
testuser  4007  4002  0 23:13 pts/100:00:00 ps -f

Problem exists in current upstream code. There are opened issue on Github but 
no reaction yet: https://github.com/ghantoos/lshell/issues/147.

Command parser in this shell is beyound of recovery. I recommend to replace 
this shell with symlink to /usr/sbin/nologin.

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lshell depends on:
ii  adduser  3.113+nmu3
ii  python   2.7.9-1

lshell recommends no packages.

lshell suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.9.18-2+rm

Dear submitter,

as the package lshell has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/862302

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#799311: marked as done (fontmatrix: FTBFS: error: invalid new-expression of abstract class type 'IcuFontImpl')

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 15:39:32 +
with message-id 
and subject line Bug#862101: Removed package(s) from unstable
has caused the Debian Bug report #799311,
regarding fontmatrix: FTBFS: error: invalid new-expression of abstract class 
type 'IcuFontImpl'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
799311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: fontmatrix
Version: 0.6.0+svn20110930-1.1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Dear Maintainer,

fontmatrix fails to build from source in unstable/amd64:

  [..]

  [ 74%] Building CXX object
  src/CMakeFiles/fontmatrix.dir/fmshaper.cpp.o
  [ 74%] Building CXX object
  src/CMakeFiles/fontmatrix.dir/icushaper.cpp.o
  /tmp/buildd/fontmatrix-0.6.0+svn20110930/src/icushaper.cpp: In
  constructor 'IcuShaper::IcuShaper(FMOtf*, QString)':
  /tmp/buildd/fontmatrix-0.6.0+svn20110930/src/icushaper.cpp:28:34:
  error: invalid new-expression of abstract class type 'IcuFontImpl'
icuFont = new IcuFontImpl ( otf );
^
  In file included from
  /tmp/buildd/fontmatrix-0.6.0+svn20110930/src/icushaper.cpp:14:0:
  /tmp/buildd/fontmatrix-0.6.0+svn20110930/src/icushaper.h:23:7: note:  
  because the following virtual functions are pure within 'IcuFontImpl':
   class IcuFontImpl : public LEFontInstance
 ^
  In file included from
  /tmp/buildd/fontmatrix-0.6.0+svn20110930/src/icushaper.h:20:0,
   from
   
/tmp/buildd/fontmatrix-0.6.0+svn20110930/src/icushaper.cpp:14:
  /usr/include/x86_64-linux-gnu/layout/LEFontInstance.h:165:25: note:   
   virtual const void* icu_55::LEFontInstance::getFontTable(LETag,
  size_t&) const
   virtual const void* getFontTable(LETag tableTag, size_t )
   const = 0;
   ^
  src/CMakeFiles/fontmatrix.dir/build.make:2857: recipe for target
  'src/CMakeFiles/fontmatrix.dir/icushaper.cpp.o' failed
  make[3]: *** [src/CMakeFiles/fontmatrix.dir/icushaper.cpp.o] Error 1
  make[3]: Leaving directory
  '/tmp/buildd/fontmatrix-0.6.0+svn20110930/debian/build'

  [..]

The full build log is attached or can be viewed here:


https://reproducible.debian.net/logs/unstable/amd64/fontmatrix_0.6.0+svn20110930-1.1.build1.log.gz


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
I: using fakeroot in build.
I: pbuilder: network access will be disabled during build
I: Current time: Thu Sep 17 05:13:05 GMT+12 2015
I: pbuilder-time-stamp: 1442509985
I: Building the build Environment
I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz]
I: creating local configuration
I: copying local configuration
I: mounting /proc filesystem
I: mounting /run/shm filesystem
I: mounting /dev/pts filesystem
I: Mounting /dev/shm
I: Mounting /sys
I: policy-rc.d already exists
I: Installing the build-deps
 -> Attempting to satisfy build-dependencies
 -> Creating pbuilder-satisfydepends-dummy package
Package: pbuilder-satisfydepends-dummy
Version: 0.invalid.0
Architecture: amd64
Maintainer: Debian Pbuilder Team 
Description: Dummy package to satisfy dependencies with aptitude - created by 
pbuilder
 This package was created automatically by pbuilder to satisfy the
 build-dependencies of the package being currently built.
Depends: debhelper (>= 5), libfreetype6-dev, libqt4-dev (>= 4.3), cmake, 
libfontconfig1-dev, libm17n-dev, libicu-dev, python-all-dev, libpuzzle-dev, 
python-qt4, libqtwebkit-dev, libqt4-opengl-dev
dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in 
'/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'.
Selecting previously unselected package pbuilder-satisfydepends-dummy.
(Reading database ... 20254 files and directories currently installed.)
Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ...
Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ...
dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring 
anyway as you requested:
 pbuilder-satisfydepends-dummy depends on libfreetype6-dev; however:
  Package libfreetype6-dev is not installed.
 pbuilder-satisfydepends-dummy depends on libqt4-dev (>= 4.3); however:
  Package libqt4-dev is not installed.
 pbuilder-satisfydepends-dummy depends on cmake; 

Bug#787350: marked as done ([RC][cc-by-nc-sa] Please clarify license of a few svg files)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 15:39:32 +
with message-id 
and subject line Bug#862101: Removed package(s) from unstable
has caused the Debian Bug report #787350,
regarding [RC][cc-by-nc-sa] Please clarify license of a few svg files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
787350: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787350
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:fontmatrix
Severity: serious
version: 0.6.0+svn20110930-1.1
user: lintian-ma...@debian.org
usertags: license-problem-cc-by-nc-sa

Hi,

Could you please clarify the license of:
src/icons/application-fontmatrix-vectors.svg
src/icons/application-fontmatrix-systray-vectors.svg
src/graphic-resources/about-vectors.svg
claimed on source to be cc-by-nc-sa, thus non free.

If it is really a non free image please purge these files.

If it is a false positive please override like in 
http://sources.debian.net/src/freecad/0.14.3702%2Bdfsg-3/debian/source/lintian-overrides/
and add a changelog entry and a full explanation on debian/copyright. You may 
ask upstream to remove this cc-by-sa-nc tag on the svg file

signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Version: 0.6.0+svn20110930-1.1+rm

Dear submitter,

as the package fontmatrix has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/862101

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#744698: marked as done ([fontmatrix] [DFSG] missing source)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 15:39:32 +
with message-id 
and subject line Bug#862101: Removed package(s) from unstable
has caused the Debian Bug report #744698,
regarding [fontmatrix] [DFSG] missing source
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
744698: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744698
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:fontmatrix
Severity: serious
Version: 0.6.0+svn20110930-1.1
user: debian...@lists.debian.org
usertags: source-is-missing
severity: serious
X-Debbugs-CC: ftpmas...@debian.org

Hi,

Your package seems to include some files that lack sources
in prefered forms of modification:

help/js/jquery.js
help/js/jquery.jtabs.pack.js
src/graphic-resources/html-css/fontmatrix.js

Please use bunded jquery

According to Debian Free Software Guidelines [1] (DFSG) #2:
 "The program must include source code, and must allow distribution 
  in source code as well as compiled form.".

This could also constitute a license violation for some copyleft licenses such 
as the GNU GPL.

In order to solve this problem, you could:
1. repack the origin tarball adding the missing source to it.
2  add the source files to "debian/missing-sources" directory

Both way satisfies the requirement that we ship the source. Second option
might be preferable due to the following reasons [2]:
 - Upstream can do it too and you could even supply a patch to them, thus full 
filling our social contract [3], see particularly §2.
 - If source and non-source are in different locations, ftpmasters may
   miss the source and (needlessly) reject the package.
 - The source isn't duplicated in every .diff.gz/.debian.tar.* (though
   this only really matters for larger sources).

You could also ask debian...@lists.debian.org or #debian-qa for more
guidance.

[1] https://www.debian.org/social_contract.en.html#guidelines
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736873#8
[3] https://www.debian.org/social_contract
--- End Message ---
--- Begin Message ---
Version: 0.6.0+svn20110930-1.1+rm

Dear submitter,

as the package fontmatrix has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/862101

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)--- End Message ---

Bug#862344: puppet trying to overwrite /etc/puppet/puppet.conf from puppet-common

[Christoph Berg]

Package: puppet
Version: 4.8.2-3
Severity: serious

On a Jessie system running the Jessie version of puppet, upgrading to
the jessie-backports version yields:

Entpacken von puppet (4.8.2-3~bpo8+1) über (3.7.2-4) ...
dpkg: Fehler beim Bearbeiten des Archivs 
/var/cache/apt/archives/puppet_4.8.2-3~bpo8+1_all.deb (--unpack):
 Versuch, »/etc/puppet/puppet.conf« zu überschreiben, welches auch in Paket 
puppet-common 4.8.2-3~bpo8+1 ist

Roughly translated:
Unpacking puppet (4.8.2-3~bpo8+1) over (3.7.2-4) ...
dpkg: Error in /var/cache/apt/archives/puppet_4.8.2-3~bpo8+1_all.deb (--unpack):
 Trying to overwrite »/etc/puppet/puppet.conf« which is also in package 
puppet-common 4.8.2-3~bpo8+1

$ agi puppet/jessie-backports -t jessie-backports
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.   
Statusinformationen werden eingelesen Fertig
Version »4.8.2-3~bpo8+1« (Debian Backports:jessie-backports [all]) für »puppet« 
gewählt.
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr 
benötigt:
  libnetfilter-acct1 libnetfilter-log1 ruby-hiera
Verwenden Sie »apt-get autoremove«, um sie zu entfernen.
Die folgenden zusätzlichen Pakete werden installiert:
  facter puppet-common puppet-master puppetmaster ruby-deep-merge
Vorgeschlagene Pakete:
  ruby-rrd
Empfohlene Pakete:
  pciutils dmidecode virt-what debconf-utils ruby-selinux
Die folgenden Pakete werden ENTFERNT:
  puppetmaster-common
Die folgenden NEUEN Pakete werden installiert:
  puppet-master ruby-deep-merge
Die folgenden Pakete werden aktualisiert (Upgrade):
  facter puppet puppet-common puppetmaster
4 aktualisiert, 2 neu installiert, 1 zu entfernen und 44 nicht aktualisiert.
Es müssen 1.287 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 783 kB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren? [J/n] 
Holen: 1 http://ftp.debian.org/debian/ jessie-backports/main facter all 
2.4.6-1~bpo8+1 [77,3 kB]
Holen: 2 http://ftp.debian.org/debian/ jessie-backports/main ruby-deep-merge 
all 1.1.1-1~bpo8+1 [9.486 B]
Holen: 3 http://ftp.debian.org/debian/ jessie-backports/main puppetmaster all 
4.8.2-3~bpo8+1 [23,2 kB]
Holen: 4 http://ftp.debian.org/debian/ jessie-backports/main puppet-common all 
4.8.2-3~bpo8+1 [23,5 kB]
Holen: 5 http://ftp.debian.org/debian/ jessie-backports/main puppet all 
4.8.2-3~bpo8+1 [1.127 kB]
Holen: 6 http://ftp.debian.org/debian/ jessie-backports/main puppet-master all 
4.8.2-3~bpo8+1 [26,5 kB]
Es wurden 1.287 kB in 1 s geholt (721 kB/s).
debconf: Schiebe die Paketkonfiguration auf, da apt-utils nicht installiert ist
(Lese Datenbank ... 44078 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../facter_2.4.6-1~bpo8+1_all.deb ...
Entpacken von facter (2.4.6-1~bpo8+1) über (2.2.0-1) ...
Vormals nicht ausgewähltes Paket ruby-deep-merge wird gewählt.
Vorbereitung zum Entpacken von .../ruby-deep-merge_1.1.1-1~bpo8+1_all.deb ...
Entpacken von ruby-deep-merge (1.1.1-1~bpo8+1) ...
Vorbereitung zum Entpacken von .../puppetmaster_4.8.2-3~bpo8+1_all.deb ...
Entpacken von puppetmaster (4.8.2-3~bpo8+1) über (3.7.2-4) ...
Trigger für man-db (2.7.0.2-5) werden verarbeitet ...
(Lese Datenbank ... 44085 Dateien und Verzeichnisse sind derzeit installiert.)
Entfernen von puppetmaster-common (3.7.2-4) ...
(Lese Datenbank ... 44083 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../puppet-common_4.8.2-3~bpo8+1_all.deb ...
Entpacken von puppet-common (4.8.2-3~bpo8+1) über (3.7.2-4) ...
dpkg: Warnung: Altes Verzeichnis »/usr/share/puppet/modules« kann nicht 
gelöscht werden: Das Verzeichnis ist nicht leer
dpkg: Warnung: Altes Verzeichnis »/var/lib/puppet« kann nicht gelöscht werden: 
Das Verzeichnis ist nicht leer
dpkg: Warnung: Altes Verzeichnis »/var/log/puppet« kann nicht gelöscht werden: 
Das Verzeichnis ist nicht leer
Vorbereitung zum Entpacken von .../puppet_4.8.2-3~bpo8+1_all.deb ...
Entpacken von puppet (4.8.2-3~bpo8+1) über (3.7.2-4) ...
dpkg: Fehler beim Bearbeiten des Archivs 
/var/cache/apt/archives/puppet_4.8.2-3~bpo8+1_all.deb (--unpack):
 Versuch, »/etc/puppet/puppet.conf« zu überschreiben, welches auch in Paket 
puppet-common 4.8.2-3~bpo8+1 ist
insserv: warning: current start runlevel(s) (empty) of script `puppet' 
overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `puppet' 
overrides LSB defaults (0 1 6).
Vormals nicht ausgewähltes Paket puppet-master wird gewählt.
Vorbereitung zum Entpacken von .../puppet-master_4.8.2-3~bpo8+1_all.deb ...
Entpacken von puppet-master (4.8.2-3~bpo8+1) ...
Trigger für man-db (2.7.0.2-5) werden verarbeitet ...
Trigger für systemd (215-17+deb8u7) werden verarbeitet ...
Fehler traten auf beim Bearbeiten von:
 /var/cache/apt/archives/puppet_4.8.2-3~bpo8+1_all.deb
[master 19b6d29] committing changes in /etc after apt run
 Author: Christoph Berg 
 11 files changed, 119 deletions(-)
 delete mode 100644 

Bug#825379: closed by Nobuhiro Iwamatsu <iwama...@debian.org> (Bug#825379: fixed in cairo-dock-plug-ins 3.4.1-1)

[Adrian Bunk]

On Sat, Oct 29, 2016 at 09:39:09PM +, Debian Bug Tracking System wrote:
>...
>  cairo-dock-plug-ins (3.4.1-1) unstable; urgency=medium
>...
>* Update debian/patches.
>  - Fix API of weather.com. (Closes: #825379)
>Add debian/patches/weather-url.patch. Thanks to Elimar Riesebieter
>.
>...

Thanks a lot for fixing this bug for stretch.

It is still present in jessie, could you also fix it there?
Or if you don't object, I can fix it for jessie.

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#854688: bitlbee: The versions in stable/testing are vulnerable to CVE-2016-10189 and CVE-2016-10188

[Adrian Bunk]

On Thu, Feb 09, 2017 at 11:38:29AM -0300, dequis wrote:
> Package: bitlbee
> Version: 3.4.2-1.1
> Severity: grave
> Tags: upstream security patch fixed-upstream
> 
> Hi,
> 
> I'm opening this bug since #853282, which was just fixed by the
> 3.5.1-1 upload, seems to apply to sid only.
> 
> CVE-2016-10188 is "bitlbee-libpurple: Use after free when expiring
> file transfer requests"
> 
> https://security-tracker.debian.org/tracker/CVE-2016-10188
> 
> CVE-2016-10189 is "Null pointer dereference with file transfer request
> from unknown contacts"
> 
> https://security-tracker.debian.org/tracker/CVE-2016-10189
> 
> The current version in sid would fix both of these issues for stretch,
> but it's blocked due to the freeze. I would like to request an unblock
> for that particular case, if possible.

These CVEs are now fixed in wheezy (by Thorsten) and stretch since 
February, but people upgrading from for wheezy to jessie are losing
the fixes since they aren't fixed there.

They are not marked "no DSA" in
  https://security-tracker.debian.org/tracker/source-package/bitlbee

Does the security team plan to release a DSA?

Or should/could someone (Thorsten?) upload these fixes for the next 
jessie point release?

> Thanks.

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Processed: Version fix

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfound 862250 9.10.3.dfsg.P4-12.3
Bug #862250 [bind9] Proposed diff fixing prefetch logic of 9.10
There is no source info for the package 'bind9' at version 
'9.10.3.dfsg.P4-12.3' with architecture ''
Unable to make a source version for version '9.10.3.dfsg.P4-12.3'
No longer marked as found in versions 9.10.3.dfsg.P4-12.3.
> found 862250 1:9.10.3.dfsg.P2-1
Bug #862250 [bind9] Proposed diff fixing prefetch logic of 9.10
Marked as found in versions bind9/1:9.10.3.dfsg.P2-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
862250: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862250
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862001: marked as done (libapt-pkg5.0: Failed to try-restart apt-daily-upgrade.timer: Unit apt-daily-upgrade.timer not found.)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 13:03:29 +
with message-id 
and subject line Bug#862001: fixed in apt 1.4.3
has caused the Debian Bug report #862001,
regarding libapt-pkg5.0: Failed to try-restart apt-daily-upgrade.timer: Unit 
apt-daily-upgrade.timer not found.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862001: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862001
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libapt-pkg5.0
Version: 1.4.2
Severity: serious

Hi,

When upgrading my system today I saw the following line in the output:

Dépaquetage de libapt-pkg5.0:amd64 (1.4.2) sur (1.4.1) ...
Paramétrage de libapt-pkg5.0:amd64 (1.4.2) ...
Failed to try-restart apt-daily-upgrade.timer: Unit apt-daily-upgrade.timer not 
found.

It seems that the libapt-pkg5.0 postinst script contains the following
snippet but that the apt-daily-upgrade.timer and apt-daily.timer are not
shipped in that package (they are in apt package instead):

# Automatically added by dh_systemd_start
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
if [ -n "$2" ]; then
_dh_action=try-restart
else
_dh_action=start
fi
deb-systemd-invoke $_dh_action apt-daily-upgrade.timer apt-daily.timer 
>/dev/null || true
fi
# End automatically added section

That code (or that file) should be moved around between apt and libapt-pkg5.0 
packages.

Regards,

Laurent Bigonville

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libapt-pkg5.0 depends on:
ii  libbz2-1.0  1.0.6-8.1
ii  libc6   2.24-10
ii  libgcc1 1:6.3.0-16
ii  liblz4-10.0~r131-2+b1
ii  liblzma55.2.2-1.2+b1
ii  libstdc++6  6.3.0-16
ii  zlib1g  1:1.2.8.dfsg-5

Versions of packages libapt-pkg5.0 recommends:
ii  apt  1.4.2

libapt-pkg5.0 suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 1.4.3

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 862...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode  (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 11 May 2017 14:46:28 +0200
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc 
apt-utils apt-transport-https
Architecture: source
Version: 1.4.3
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team 
Changed-By: Julian Andres Klode 
Description:
 apt- commandline package manager
 apt-doc- documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 861943 862001
Changes:
 apt (1.4.3) unstable; urgency=medium
 .
   [ Julian Andres Klode ]
   * Do not try to (re)start timers outside 'apt' package (Closes: #862001)
 .
   [ Miroslav Kure ]
   * Updated Czech translation of apt (Closes: #861943)
Checksums-Sha1:
 c3a174484eb3194a2af92e26e84fcdc2b88eb82e 2549 apt_1.4.3.dsc
 c2dafaa8d7a69e809848ab2ae9245f374bde4d70 2077840 apt_1.4.3.tar.xz
 f8db9afe51572af3a038041084877cd6ab9aaf03 7605 apt_1.4.3_source.buildinfo
Checksums-Sha256:
 4ce7a96cfd50e36bc8f425adf3a6bc75ea589c15b313611658a9aef28e41fa20 2549 
apt_1.4.3.dsc
 

Bug#859912: Bug#862178: problem with packages build-depending on locales in experimental

[Iain Lane]

On Thu, May 11, 2017 at 08:08:06AM +0900, Mike Hommey wrote:
> [...] I'm all for open-infrastructure-locales-c.utf-8 being removed
> from the archive because it's a broken package that does nothing
> useful [...]

I just had pygobject broken in experimental by this bug too.

Any objection to me (or someone else if they would like to) filing an
RoQA RM bug?

Cheers,

-- 
Iain Lane  [ i...@orangesquash.org.uk ]
Debian Developer   [ la...@debian.org ]
Ubuntu Developer   [ la...@ubuntu.com ]


signature.asc
Description: PGP signature

Bug#862334: dh_installinit automatically add not running content

[Jörg Frings-Fürst]

Package: debhelper
Version: 10.2.5
Severity: grave

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello,

saneutils don't use a prerm script.

dh_installinit add once with the content:

[quote]
#!/bin/sh
set -e
# Automatically added by dh_installinit
if [ -x "/etc/init.d/saned" ] && [ "$1" = remove ]; then
invoke-rc.d saned stop || saned_eh
fi
# End automatically added section
[/quote]

saned_eh is defined as a function in the postinst script.




- -- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages debhelper depends on:
ii  autotools-dev20161112.1
ii  binutils 2.28-4
ii  dh-autoreconf14
ii  dh-strip-nondeterminism  0.032-1
ii  dpkg 1.18.23
ii  dpkg-dev 1.18.23
ii  file 1:5.30-1
ii  libdpkg-perl 1.18.23
ii  man-db   2.7.6.1-2
ii  perl 5.24.1-2
ii  po-debconf   1.0.20

debhelper recommends no packages.

Versions of packages debhelper suggests:
ii  dh-make  2.201608

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAlkUXTgACgkQCfifPIyh
0l1VFg//TcvF3F7psox3UaS/5ioje/S4QJ148KE1X/tNFabCY+stxrquLtQorW8L
/y9VxoXjqECZVSoJEmMKI4UAUYxMljA/Or+s/TLxD6RIVtFn0ueAcR2087sUrK17
Mc8VUa9YueBleV7N2VoA33+yTd9dBriJLg8Mj0clbpIa0964hCog/oXmqCdEwV5t
XdNSq8VL8WjJh7Jeymi+7GqGST2oJnPFfbpFmHMd4y64FkEGOTDqSiZqoFjN5EUS
oAydgOjzdXasOIDYflog5AxRemVR6B922dr4czyvX+6GYG9IILb3+uIGEpVdFaN+
fch+ordJYZot6gfurHozZbPv230M6xDE17bUCkcPyZmIHuOXMtqPhzB6tP/B3s8p
moFVZLwigMuCVI3xbAOIujECOPRBesmQONM353C/D5/6XLWGgwF7baT4h+9OQEBS
X/8TKKpuUnNeEMHjUi+LhKDZpeaFpcyHp0Xhz+1j3AbcVXuMo6dKhgHAHSavNWGI
6EDAnEBGOH2LG60LGgPt5ANvdd0srXmuClUVIQ+NFl1bvO5ij5MZPeQkHAPvawuB
18Q4ELlnxdOOUe4nzTpkfOroIRP6aXdMWMJri8km2CW+94Sy6MunBYTdIsHdlw42
vYv50gHs1sJBjr5TEC6C6ZeZgPKH/gC0vwYVPF3/5DPS9awxPKU=
=+e/A
-END PGP SIGNATURE-

Bug#862329: gitlab: fails gitlab install on stretch with alternative gitlab user while configuring dbconfig-common

[Patrik Hagedorn]

Package: gitlab
Version: 8.13.11+dfsg1-5
Severity: grave
Justification: renders package unusable

Installing the gitlab package via apt on a clean Stretch environment resulted
in an dpkg error if the gitlab default user is changed from 'gitlab' to
something like 'git' in the debconf installation process (probably a common
use-case):
*** OUTPUT OF 'sudo apt-get install gitlab' ***
[...]
Creating/updating git user account...
adduser: Warning: The home directory `/var/lib/gitlab' does not belong to the
user you are currently creating.
Making git owner of /var/lib/gitlab...
Creating runtime directories for gitlab...
Updating file permissions...
Configuring hostname and email...
Registering /usr/lib/tmpfiles.d/gitlab.conf via ucf

Creating config file /usr/lib/tmpfiles.d/gitlab.conf with new version
Registering /etc/gitlab-shell/config.yml via ucf

Creating config file /etc/gitlab-shell/config.yml with new version
Registering /etc/gitlab/gitlab.yml via ucf

Creating config file /etc/gitlab/gitlab.yml with new version
Registering /etc/gitlab/gitlab-debian.conf via ucf

Creating config file /etc/gitlab/gitlab-debian.conf with new version

Creating config file /etc/nginx/sites-available/localhost with new version
Reloading nginx configuration...
dbconfig-common: writing config to /etc/dbconfig-common/gitlab.conf
Replacing config file /etc/dbconfig-common/gitlab.conf with new version
dbconfig-common: flushing administrative password
dpkg: error processing package gitlab (--configure):
 subprocess installed post-installation script returned error exit status 10
Processing triggers for libc-bin (2.24-10) ...
Processing triggers for systemd (232-22) ...
Errors were encountered while processing:
 gitlab
E: Sub-process /usr/bin/dpkg returned an error code (1)
*** END OF OUTPUT ***


This is the generated '/etc/dbconfig-common/gitlab.conf':
*** CONTENT OF '/etc/dbconfig-common/gitlab.conf' ***
# automatically generated by the maintainer scripts of gitlab
# any changes you make will be preserved, though your comments
# will be lost!  to change your settings you should edit this
# file and then run "dpkg-reconfigure gitlab"

# dbc_install: configure database with dbconfig-common?
#  set to anything but "true" to opt out of assistance
dbc_install=''

# dbc_upgrade: upgrade database with dbconfig-common?
#  set to anything but "true" to opt out of assistance
dbc_upgrade=''

# dbc_remove: deconfigure database with dbconfig-common?
# set to anything but "true" to opt out of assistance
dbc_remove=''

# dbc_dbtype: type of underlying database to use
#   this exists primarily to let dbconfig-common know what database
#   type to use when a package supports multiple database types.
#   don't change this value unless you know for certain that this
#   package supports multiple database types
dbc_dbtype=''

# dbc_dbuser: database user
#   the name of the user who we will use to connect to the database.
dbc_dbuser='10 gitlab/db/app-user doesn'\''t exist'

# dbc_dbpass: database user password
#   the password to use with the above username when connecting
#   to a database, if one is required
dbc_dbpass=''

# dbc_dballow: allowed host to connect from
#   only for database types that support specifying the host from
#   which the database user is allowed to connect from
#   this string defines for which host the dbc_dbuser is allowed
#   to connect
#   this value is only really used again when you reconfigure the
#   package
dbc_dballow=''

# dbc_dbserver: database host.
#   leave unset to use localhost (or a more efficient local method
#   if it exists).
dbc_dbserver=''

# dbc_dbport: remote database port
#   leave unset to use the default.  only applicable if you are
#   using a remote database.
dbc_dbport=''

# dbc_dbname: name of database
#   this is the name of your application's database.
dbc_dbname='gitlab'

# dbc_dbadmin: name of the administrative user
#   this is the administrative user that is used to create all of the above
#   The exception is the MySQL/MariaDB localhost case, where this value is
#   ignored and instead is determined from /etc/mysql/debian.cnf.
dbc_dbadmin=''

# dbc_basepath: base directory to hold database files
#   leave unset to use the default.  only applicable if you are
#   using a local (filesystem based) database.
dbc_basepath=''

##
## postgresql specific settings.  if you don't use postgresql,
## you can safely ignore all of these
##

# dbc_ssl: should we require ssl?
#   set to "true" to require that connections use ssl
dbc_ssl=''

# dbc_authmethod_admin: authentication method for admin
# dbc_authmethod_user: authentication method for dbuser
#   see the section titled "AUTHENTICATION METHODS" in
#   /usr/share/doc/dbconfig-common/README.pgsql for more info
dbc_authmethod_admin=''
dbc_authmethod_user=''

##
## end postgresql specific settings
##
*** END OF 

Bug#860633:

[David Lazăr]

Hi,

I've prepared a fix for this bug, it's currently uploaded at:
https://github.com/dlzr/golang-gopkg-asn1-ber.v1

stapelb...@debian.org will review and upload the fixed package over the
next few days.  So please hang on with the removal request.

Thanks,
-=[david]=-

Bug#862236: Xen jessie testing

[Ian Jackson]

Control: severity -1 important

(adding the bug, and my work hat, to the CC)

Moritz Mühlenhoff writes ("Re: Xen jessie testing"):
> On Thu, May 11, 2017 at 11:04:21AM +0200, Axel Beckert wrote:
> > Moritz Mühlenhoff wrote:
> > > Ian's upload was built on i386, while the previous ones were built
> > > on amd64.

I built it on i386 because then it would produce packages I could at
least do some kind of test of it on my system at home.  We could
rebuild it on amd64 and issue another update.  However, I think if
something was going to break it would have done already.

> The severity seems exaggarated, though. If that's really relying
> on the build architecture, this would have been broken on i386
> all the time until the DSA. And while i386 is arguably not a good
> choice to run Xen, I still think this would have been noticed earlier
> if it were a severe issue.

The only place this seems to be used is to prepend it to
the LD_LIBRARY_PATH in force during execution of the hotplug scripts.

This is inherited from upstream, where it is needed (I think) so that
in non-packaged builds of Xen, on non-Debian systems, the Xen
libraries in /usr/local are found when trying to execute the Xen tools
inside the hotplug scripts.

Our dynamic linker is clever enough to ignore irrelevant files, so I
think this is largely harmless.  Of course the noise in /etc ought to
be got rid of.

I think this should be fixed by not dropping this setting (and
probably the consequent LD_LIBRARY_PATH too).  Ideally via some kind
of upstream knob but if not by a Debian patch.

I think such a change is buster material.  For now, I suggest that I
continue to build security updates for jessie on i386 as I am able to
conveniently test that.

If I need to do another update to stretch (eg, a security update)
before its release, I will simply drop this line from this file.

Does that plan seem good ?  Obviously, feel free to try to convince me
that this is RC for stretch.  I wouldn't want to let this slide if
it's going to cause real trouble.

Thanks,
Ian.

Processed: Re: Xen jessie testing

[Debian Bug Tracking System]

Processing control commands:

> severity -1 important
Bug #862236 [xen-utils-common] xen-utils-common hotplugpath.sh has architecture 
dependent bits
Severity set to 'important' from 'serious'

-- 
862236: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862236
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861736: marked as done (python-nxs: Cannot save files with nxs python module)

[Debian Bug Tracking System]

Your message dated Thu, 11 May 2017 09:08:53 +
with message-id 
and subject line Bug#861736: fixed in nexus 4.3.2-svn1921-5
has caused the Debian Bug report #861736,
regarding python-nxs: Cannot save files with nxs python module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861736
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---


Package: python-nxs
Version: 4.3.2-svn1921-4
Severity: grave
Justification: renders package unusable

Dear Maintainer,

   * What led up to the situation?

   Run the following python code:

   import nxs
   e = nxs.NXentry(name= "NXtomo")
   e.save("filenamenxs.h5", 'w5')


   * What was the outcome of this action?

   Got the following exception:

NeXusError
Traceback (most recent call last)
 in ()
> 1 e.save("filenamenxs.h5", 'w5')

/usr/lib/python2.7/dist-packages/nxs/tree.pyc in save(self, filename, 
format)

866 root = NXroot(NXentry(self))
867 if root.nxfile: root.nxfile.close()
--> 868 file = NeXusTree(filename, format)
869 file.writefile(root)
870 file.close()

/usr/lib/python2.7/dist-packages/nxs/napi.pyc in __init__(self, 
filename, mode)

318 else:
319 op = 'create'
--> 320 raise NeXusError, "Could not %s %s"%(op,filename)
321 self.isopen = True
322


   * What outcome did you expect instead?

An hdf5 file filenamenxs.h5 saved with no exception.

Note: Tried this with debian:stable docker and it worked correctly.


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages python-nxs depends on:
ii  libnexus0v5  4.3.2-svn1921-4+b1
pn  python:any   

python-nxs recommends no packages.

python-nxs suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: nexus
Source-Version: 4.3.2-svn1921-5

We believe that the bug you reported is fixed in the latest version of
nexus, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille  (supplier of updated nexus package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 11 May 2017 09:23:17 +0200
Source: nexus
Binary: libnexus0v5 libnexus0-dev libnexus0-java python-nxs nexus-tools
Architecture: source amd64 all
Version: 4.3.2-svn1921-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team 

Changed-By: Andreas Tille 
Description:
 libnexus0-dev - NeXus scientific data file format - development libraries
 libnexus0-java - NeXus scientific data file format - java libraries
 libnexus0v5 - NeXus scientific data file format - runtime libraries
 nexus-tools - NeXus scientific data file format - applications
 python-nxs - NeXus scientific data file format - python binding
Closes: 861736
Changes:
 nexus (4.3.2-svn1921-5) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Andreas Tille ]
   * Take over package into Debian Science team
   * Fix wrong Priority: extra -> optional
   * Add watch file
   * Add Homepage field
 .
   [ Gilles Filippini ]
   * New patch hdf5-1.10-support.patch to fix incorrect type for HDF5
 handles: should be hid_t instead of int (closes: #861736)
Checksums-Sha1:
 7be42f93e667e7ae457f79bb328d4b6da2a34ff8 2341 nexus_4.3.2-svn1921-5.dsc
 277cad76076b42d27f0c741018eb2637372ca056 8388 
nexus_4.3.2-svn1921-5.debian.tar.xz
 d40f689c979de8818e1c0df37cc858f9b60f2ae7 128170 
libnexus0-dev_4.3.2-svn1921-5_amd64.deb
 1c48b3b7e2bbb313b9cccb47baca8a79c29f4e66 46062 
libnexus0-java-dbgsym_4.3.2-svn1921-5_amd64.deb
 a0be6301f89bc27de8a996d959b7d40a54cac8cc 38008 

Bug#860225: bind9: CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME

[Salvatore Bonaccorso]

On Thu, May 11, 2017 at 08:27:57AM +0200, Salvatore Bonaccorso wrote:
> On Thu, May 11, 2017 at 08:19:15AM +0200, Salvatore Bonaccorso wrote:
> > Hi
> > 
> > Packages for testing can be found at:
> > 
> > https://people.debian.org/~carnil/tmp/bind9/
> > 
> > (amd64 build only), and attached the debdiff.
> 
> There was an error in those  packages and I have removed them again.

Corrected version re-uploaded.

Regards,
Salvatore
diff -u bind9-9.9.5.dfsg/bin/named/query.c bind9-9.9.5.dfsg/bin/named/query.c
--- bind9-9.9.5.dfsg/bin/named/query.c
+++ bind9-9.9.5.dfsg/bin/named/query.c
@@ -7325,6 +7325,7 @@
result = query_dns64(client, , rdataset,
 sigrdataset, dbuf,
 DNS_SECTION_ANSWER);
+   noqname = NULL;
dns_rdataset_disassociate(rdataset);
dns_message_puttemprdataset(client->message, );
if (result == ISC_R_NOMORE) {
diff -u bind9-9.9.5.dfsg/bin/tests/system/dname/ns2/example.db 
bind9-9.9.5.dfsg/bin/tests/system/dname/ns2/example.db
--- bind9-9.9.5.dfsg/bin/tests/system/dname/ns2/example.db
+++ bind9-9.9.5.dfsg/bin/tests/system/dname/ns2/example.db
@@ -29,6 +29,7 @@
 short-dnameDNAME   short
 a.longlonglonglonglonglonglonglonglonglonglonglonglong A 10.0.0.2
 long-dname DNAME   
longlonglonglonglonglonglonglonglonglonglonglonglong
+toolong-dname  DNAME   
longlonglonglonglonglonglonglonglonglonglonglonglong
 cname  CNAME   a.cnamedname
 cnamedname DNAME   target
 a.target   A   10.0.0.3
diff -u bind9-9.9.5.dfsg/bin/tests/system/dname/tests.sh 
bind9-9.9.5.dfsg/bin/tests/system/dname/tests.sh
--- bind9-9.9.5.dfsg/bin/tests/system/dname/tests.sh
+++ bind9-9.9.5.dfsg/bin/tests/system/dname/tests.sh
@@ -56,10 +56,19 @@
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
-echo "I:checking (too) long dname from recursive"
+echo "I:checking (too) long dname from recursive with cached DNAME"
+ret=0 
+$DIG 
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example
 @10.53.0.4 a -p 5300 > dig.out.ns4.cachedtoolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1
+grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > 
/dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking (too) long dname from recursive without cached DNAME"
 ret=0
-$DIG 
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example
 @10.53.0.4 a -p 5300 > dig.out.ns4.toolong || ret=1
-grep "status: YXDOMAIN" dig.out.ns4.toolong > /dev/null || ret=1
+$DIG 
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example
 @10.53.0.4 a -p 5300 > dig.out.ns4.uncachedtoolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1
+grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > 
/dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,22 @@
+bind9 (1:9.9.5.dfsg-9+deb8u11) jessie-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Dns64 with "break-dnssec yes;" can result in a assertion failure.
+(CVE-2017-3136) (Closes: #860224)
+  * Prerequisite for CVE-2017-3137 cherry-picked from upstream change #4190.
+If not cherry-picking this change the fix for CVE-2017-3137 can cause an
+assertion failure to appear in name.c.
+  * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
+assertion failures (CVE-2017-3137) (Closes: #860225)
+  * Reimplement: Some chaining (CNAME or DNAME) responses to upstream queries
+could trigger assertion failures. (CVE-2017-3137)
+  * Fix regression introduced when handling CNAME to referral below the
+current domain
+  * 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138)
+(Closes: #860226)
+
+ -- Salvatore Bonaccorso   Thu, 11 May 2017 08:39:19 +0200
+
 bind9 (1:9.9.5.dfsg-9+deb8u10) jessie-security; urgency=medium
 
   * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
diff -u 

Bug#860225: bind9: CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME

[Salvatore Bonaccorso]

On Thu, May 11, 2017 at 08:19:15AM +0200, Salvatore Bonaccorso wrote:
> Hi
> 
> Packages for testing can be found at:
> 
> https://people.debian.org/~carnil/tmp/bind9/
> 
> (amd64 build only), and attached the debdiff.

There was an error in those  packages and I have removed them again.

Salvatore

Bug#712612: gcr: diff for NMU version 3.20.0-5.1

[Christoph Biedl]

Michael Biebl wrote...

> Well, Ansgar mentioned this:
> 
> > there are two files under a BSD license in build/valgrind/*. In addition the
> > documentation has its own license in docs/reference/COPYING.
> 
> He was referring to that file afaics:
> https://git.gnome.org/browse/gcr/tree/docs/reference/COPYING

I fail to find that file in the gcr orig tar ball. So again, if you want
to take over and/or me to cancel the upload, just say so. My only
interest is pushing the stretch release by taking care of RC bugs.

Christoph


signature.asc
Description: Digital signature

Bug#860225: bind9: CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME

[Salvatore Bonaccorso]

Hi

Packages for testing can be found at:

https://people.debian.org/~carnil/tmp/bind9/

(amd64 build only), and attached the debdiff.

I would appreciate any testing feedback from people mentioning in this
bug that they are affected by the issue.

Thanks already in advance,

Regards,
Salvatore
diff -u bind9-9.9.5.dfsg/bin/named/query.c bind9-9.9.5.dfsg/bin/named/query.c
--- bind9-9.9.5.dfsg/bin/named/query.c
+++ bind9-9.9.5.dfsg/bin/named/query.c
@@ -7330,6 +7330,7 @@
result = query_dns64(client, , rdataset,
 sigrdataset, dbuf,
 DNS_SECTION_ANSWER);
+   noqname = NULL;
dns_rdataset_disassociate(rdataset);
dns_message_puttemprdataset(client->message, );
if (result == ISC_R_NOMORE) {
diff -u bind9-9.9.5.dfsg/bin/tests/system/dname/ns2/example.db 
bind9-9.9.5.dfsg/bin/tests/system/dname/ns2/example.db
--- bind9-9.9.5.dfsg/bin/tests/system/dname/ns2/example.db
+++ bind9-9.9.5.dfsg/bin/tests/system/dname/ns2/example.db
@@ -29,6 +29,7 @@
 short-dnameDNAME   short
 a.longlonglonglonglonglonglonglonglonglonglonglonglong A 10.0.0.2
 long-dname DNAME   
longlonglonglonglonglonglonglonglonglonglonglonglong
+toolong-dname  DNAME   
longlonglonglonglonglonglonglonglonglonglonglonglong
 cname  CNAME   a.cnamedname
 cnamedname DNAME   target
 a.target   A   10.0.0.3
diff -u bind9-9.9.5.dfsg/bin/tests/system/dname/tests.sh 
bind9-9.9.5.dfsg/bin/tests/system/dname/tests.sh
--- bind9-9.9.5.dfsg/bin/tests/system/dname/tests.sh
+++ bind9-9.9.5.dfsg/bin/tests/system/dname/tests.sh
@@ -56,10 +56,19 @@
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
-echo "I:checking (too) long dname from recursive"
+echo "I:checking (too) long dname from recursive with cached DNAME"
+ret=0 
+$DIG 
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example
 @10.53.0.4 a -p 5300 > dig.out.ns4.cachedtoolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1
+grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > 
/dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking (too) long dname from recursive without cached DNAME"
 ret=0
-$DIG 
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example
 @10.53.0.4 a -p 5300 > dig.out.ns4.toolong || ret=1
-grep "status: YXDOMAIN" dig.out.ns4.toolong > /dev/null || ret=1
+$DIG 
01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example
 @10.53.0.4 a -p 5300 > dig.out.ns4.uncachedtoolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1
+grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > 
/dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,22 @@
+bind9 (1:9.9.5.dfsg-9+deb8u10) jessie-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Dns64 with "break-dnssec yes;" can result in a assertion failure.
+(CVE-2017-3136) (Closes: #860224)
+  * Prerequisite for CVE-2017-3137 cherry-picked from upstream change #4190.
+If not cherry-picking this chane the fix for CVE-2017-3137 can causs an
+assertion failure to appear in name.c.
+  * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
+assertion failures (CVE-2017-3137) (Closes: #860225)
+  * Reimplement: Some chaining (CNAME or DNAME) responses to upstream queries
+could trigger assertion failures. (CVE-2017-3137)
+  * Fix regression introduced when handling CNAME to referral below the
+current domain
+  * 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138)
+(Closes: #860226)
+
+ -- Salvatore Bonaccorso   Thu, 11 May 2017 07:40:56 +0200
+
 bind9 (1:9.9.5.dfsg-9+deb8u9) jessie-security; urgency=medium
 
   * Apply patches from ISC.
diff -u bind9-9.9.5.dfsg/lib/dns/resolver.c bind9-9.9.5.dfsg/lib/dns/resolver.c
--- bind9-9.9.5.dfsg/lib/dns/resolver.c
+++ bind9-9.9.5.dfsg/lib/dns/resolver.c
@@ -3821,6 +3821,7 @@