Bug#863870: marked as done (perl: File-Path rmtree/remove_tree race condition [CVE-2017-6512])

2017-06-11 Thread Debian Bug Tracking System 
Your message dated Mon, 12 Jun 2017 01:03:49 +
with message-id 
and subject line Bug#863870: fixed in perl 5.26.0-1
has caused the Debian Bug report #863870,
regarding perl: File-Path rmtree/remove_tree race condition [CVE-2017-6512]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863870: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863870
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: perl
Version: 5.26.0~rc1-1
Severity: critical
Justification: privilege escalation in library code

Similar to #286905, a new race condition has been reported in File-Path:

https://rt.cpan.org/Public/Bug/Display.html?id=121951

In the rmtree() and remove_tree() functions, the chmod()logic to make
directories traversable can be abused to set the mode on an
attacker-chosen file to an attacker-chosen value.  This is due to the
time-of-check-to-time-of-use (TOCTTOU) race condition
(https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use) between the
stat() that decides the inode is a directory and the chmod() that tries
to make it user-rwx.

Fixed on CPAN with 2.13.
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.26.0-1

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 863...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves  (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 11 Jun 2017 23:37:03 +0100
Source: perl
Binary: perl-base perl-doc perl-debug libperl5.26 libperl-dev perl-modules-5.26 
perl
Architecture: source
Version: 5.26.0-1
Distribution: experimental
Urgency: medium
Maintainer: Niko Tyni 
Changed-By: Dominic Hargreaves 
Description:
 libperl-dev - Perl library: development files
 libperl5.26 - shared Perl library
 perl   - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules-5.26 - Core Perl modules
Closes: 863870
Changes:
 perl (5.26.0-1) experimental; urgency=medium
 .
   [ Niko Tyni ]
   * Make perl-base Break debconf (<< 1.5.61) due to POSIX::tmpnam() usage.
 (See #863071)
 .
   [ Dominic Hargreaves ]
   * Remove /etc/perl/sitecustomize.pl as the interpreter's initial @INC
 no longer contains '.'
   * Revert local patch setting sitecustomize path
   * Merged 5.24.1-3 from unstable:
 + [CVE-2017-6512] Fix file permissions race condition in File-Path;
   patch from John Lightsey (Closes: #863870)
 + Also fix test logic in ExtUtils-MakeMaker required for the above
   * New upstream release
Checksums-Sha1:
 10ccdbeac544b9ccf942f007f5d2da92e0409ca5 2316 perl_5.26.0-1.dsc
 50f14ebdaa509ff5ef9b32ad388a1e6237c882dd 11961692 perl_5.26.0.orig.tar.xz
 9a631cff0d4ee230c6a0a5f0cb540646bda74be1 153132 perl_5.26.0-1.debian.tar.xz
Checksums-Sha256:
 8da1c2dd48622fbafb8b32f71b409b46b3bc2ec1965104c596a8a24786dfe865 2316 
perl_5.26.0-1.dsc
 9bf2e3d0d72aad77865c3bdbc20d3b576d769c5c255c4ceb30fdb9335266bf55 11961692 
perl_5.26.0.orig.tar.xz
 9dfee809fd268b1d2ca66c21457d7d2516c576aa0e75970604f5f0cff5f7592d 153132 
perl_5.26.0-1.debian.tar.xz
Files:
 2cb66b3c2479e641f7d001c75eed6bb1 2316 perl standard perl_5.26.0-1.dsc
 8c6995718e4cb62188f0d5e3488cd91f 11961692 perl standard perl_5.26.0.orig.tar.xz
 919ff7f21cb79f0bc1f933fa9264f93f 153132 perl standard 
perl_5.26.0-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJZPeGcAAoJEMAFfnFNaU+yCe4P/3Xy52ZDDyg5178ihkASTy7E
/Tpu2n2wKExrf1vcteN7YzRYBnF9z0kiMXXAQ7Nhlzxj8bN2QfFcJl5j+Z94/rP3
GAps5JwfM5GrlEgc4abe43LpWYQ4BjIcdsE9PRAgnMCboIMQqETE/MBtA7f3Z3Sp
OR08cx1jyXJhIGTI9PY/lk0BrxbsO8vPRkpCgo/5J+H0gWvOZlomBCxcOCJjKtmY
95LTHRtxd5t4Ra3Ogsli5NVg/OU6DbP8DHd4FW4appZ9piXN6X9h10oIdLtF29/y
WhZVbOcD7XI3Ub4Hmt+0ACevxtjG5WQDATbI06mw2O8vZhHgKWt0pPocafuvuem/
qe4KK5LnZIvTzL97PeEyLxstfzmkgsOFqO9fFnzjUQzz7em0H7Fbb29WeNDzcZN7

Bug#864366: marked as done (CVE-2017-9433)

2017-06-11 Thread Debian Bug Tracking System 
Your message dated Sun, 11 Jun 2017 21:02:15 +
with message-id 
and subject line Bug#864366: fixed in libmwaw 0.3.1-2+deb8u1
has caused the Debian Bug report #864366,
regarding CVE-2017-9433
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864366
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libmwaw
Severity: grave
Tags: security

Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libmwaw
Source-Version: 0.3.1-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
libmwaw, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rene Engelhard  (supplier of updated libmwaw package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 07 Jun 2017 22:47:10 +0200
Source: libmwaw
Binary: libmwaw-dev libmwaw-doc libmwaw-0.3-3 libmwaw-tools
Architecture: source amd64 all
Version: 0.3.1-2+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Rene Engelhard 
Changed-By: Rene Engelhard 
Description:
 libmwaw-0.3-3 - import library for some old Mac text documents
 libmwaw-dev - import library for some old Mac text documents -- development
 libmwaw-doc - import library for some old Mac text documents -- documentation
 libmwaw-tools - import library for some old Mac text documents -- tools
Closes: 864366
Changes:
 libmwaw (0.3.1-2+deb8u1) jessie-security; urgency=medium
 .
   * backport upstream patch to fix CVE-2017-9433 (closes: #864366)
Checksums-Sha1:
 d97e376ba3d419e92f1709b2130a98231a48fb21 1996 libmwaw_0.3.1-2+deb8u1.dsc
 02b6949b5d9fcd7ec3b0b686b1f8ab921fcdf033 1147351 libmwaw_0.3.1.orig.tar.bz2
 721b92e180e2fad1bf85d24802c4139e8b321047 7912 
libmwaw_0.3.1-2+deb8u1.debian.tar.xz
 dd1a35ab5b0679b42bf7e264c316e9ab0c4cc0bf 18960 
libmwaw-dev_0.3.1-2+deb8u1_amd64.deb
 6067c6e268e4996f005c93baf436f2bd488e4eb0 1928742 
libmwaw-doc_0.3.1-2+deb8u1_all.deb
 5b912d27f329e34dc9eb527fb0598afda9dba14f 1808078 
libmwaw-0.3-3_0.3.1-2+deb8u1_amd64.deb
 0ac25d4785d8bac6353ead2f26b40583f6c81173 19372 
libmwaw-tools_0.3.1-2+deb8u1_amd64.deb
Checksums-Sha256:
 4ca2853bf1490b7b58ffcea295c06ead6aa1b654aedf0556b5c061f527214df3 1996 
libmwaw_0.3.1-2+deb8u1.dsc
 66d3dbc4421daa628326204b5d14bb99f2b9d4423184027aabe207d677c89845 1147351 
libmwaw_0.3.1.orig.tar.bz2
 18a5d88c6fd911bb0c98ae9cabf378c421724ae8598571a026b5cb9cc416e0bc 7912 
libmwaw_0.3.1-2+deb8u1.debian.tar.xz
 f11add702d338885719a26ba1b714d20433b7458fb1bd12b3119f258ab81ef3f 18960 
libmwaw-dev_0.3.1-2+deb8u1_amd64.deb
 af171349cea6faa60dc9fbceea9ac530dbcaab82b05423f602cdd45812eef8d6 1928742 
libmwaw-doc_0.3.1-2+deb8u1_all.deb
 0d8fe8bf431ffb1eb08f11433064279092c63a861795713dd08c378cd8a7dabd 1808078 
libmwaw-0.3-3_0.3.1-2+deb8u1_amd64.deb
 9978e91aac5cb0960e18d9111b694050a510f3e823213aa17324843c9cbae379 19372 
libmwaw-tools_0.3.1-2+deb8u1_amd64.deb
Files:
 a376a941a87ac8d21c44ef060f3cdd7a 1996 libs optional libmwaw_0.3.1-2+deb8u1.dsc
 6f1ac4a0e24131c422e1e91f07718fb6 1147351 libs optional 
libmwaw_0.3.1.orig.tar.bz2
 71e4885c0a463ea00ce9107b20d1375e 7912 libs optional 
libmwaw_0.3.1-2+deb8u1.debian.tar.xz
 03444b5eea36e062f806ce4f66641389 18960 libdevel optional 
libmwaw-dev_0.3.1-2+deb8u1_amd64.deb
 4cb6f9f8e19afb60360c9a0f8efa8ec9 1928742 doc optional 
libmwaw-doc_0.3.1-2+deb8u1_all.deb
 76d6480c6d0a7c2577f5939daf79845b 1808078 libs optional 
libmwaw-0.3-3_0.3.1-2+deb8u1_amd64.deb
 406b17e8d0450f24173e45262fd5b104 19372 utils optional 
libmwaw-tools_0.3.1-2+deb8u1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAlk4e90ACgkQCqBFcdA+
PnDv4A/9HdZuxMxNoZf3PrVLYQHP05ByXrJK1NGn4JW/5vhBiqC6CQLm8Isclbx1
Q0ZBoQeda1hoIPMJwADbmKYxaFObHz6y+Eb4u0+whmuNB9YQ6Q+HCzj44XYPgpKQ
O267csBI7rzB8KDKPDZod6o67qu1du/w5gYbIDov7v5Up2hLwrb6k9Co3TMAOyis
BO3/mY7JHf3iLfo5Rop6LjxtlhweODQ52RGLNsWdoqeY/2k9vzKEnpDC5NiyJmZq

Bug#864319: marked as done (CVE-2017-9324)

2017-06-11 Thread Debian Bug Tracking System 
Your message dated Sun, 11 Jun 2017 19:48:42 +
with message-id 
and subject line Bug#864319: fixed in otrs2 5.0.16-1+deb9u1
has caused the Debian Bug report #864319,
regarding CVE-2017-9324
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864319
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: otrs
Severity: grave
Tags: security

Hi,
details are sparse on this one, could you get in touch with upstream to
isolate this to the change in question?
https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: otrs2
Source-Version: 5.0.16-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
otrs2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi  (supplier of updated otrs2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 08 Jun 2017 10:29:28 +0200
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 5.0.16-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Patrick Matthäi 
Changed-By: Patrick Matthäi 
Description:
 otrs   - Open Ticket Request System (OTRS 5)
 otrs2  - Open Ticket Request System
Closes: 864319
Changes:
 otrs2 (5.0.16-1+deb9u1) stretch-security; urgency=high
 .
   * Add patch 15-CVE-2017-9324:
 This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with
 agent permission is capable by opening a specific URL in a browser to
 gain administrative privileges / full access. Afterward, all system
 settings can be read and changed.
 Closes: #864319
Checksums-Sha1:
 d19268a534d845c8a16260fc6235fecc7c7d8802 1824 otrs2_5.0.16-1+deb9u1.dsc
 5538c2b9138a0b6d5816ff034507dd5ce26abf8d 19417591 otrs2_5.0.16.orig.tar.bz2
 8f6f3fe65eec1b84a1ea70563f8f9c8f10fc08f8 45240 
otrs2_5.0.16-1+deb9u1.debian.tar.xz
 45390b55957421723baef4604018eed0fac7738b 7051968 otrs2_5.0.16-1+deb9u1_all.deb
 4dfc77eb815c8254e0a50560ecdff38771e5cd54 6139 
otrs2_5.0.16-1+deb9u1_amd64.buildinfo
 6dde1c754c5dbc52aceedf9ac2eaca69c50ae87d 212870 otrs_5.0.16-1+deb9u1_all.deb
Checksums-Sha256:
 99d1576447f7504fabda26d818565de78824accc6e6d875d22971add012155c4 1824 
otrs2_5.0.16-1+deb9u1.dsc
 ddec039990c1bdfc27299ab175eff3e1665aa99ba48050f7f2dde480b28f4029 19417591 
otrs2_5.0.16.orig.tar.bz2
 6b0bd5ef7755e9b6f40f644dc74fd3c06355902d9f4a2b7708431235236d53d9 45240 
otrs2_5.0.16-1+deb9u1.debian.tar.xz
 114f365b1753eaebcc8e96a2087951b97459dd0ed1053e94680dcb36bfd59750 7051968 
otrs2_5.0.16-1+deb9u1_all.deb
 c56d596df0fbf7433dae9d745c5ec753ab8a99dbf649da2c28cc498ce53015a9 6139 
otrs2_5.0.16-1+deb9u1_amd64.buildinfo
 7c86712b0b47b743f735d1d769433b8854f6cf4513add0787af539b316fbf716 212870 
otrs_5.0.16-1+deb9u1_all.deb
Files:
 9d7699878b9831436e7d7d2b103b7dfa 1824 non-free/web optional 
otrs2_5.0.16-1+deb9u1.dsc
 9fe21e6993bcac71247fdcaf5e1f4e55 19417591 non-free/web optional 
otrs2_5.0.16.orig.tar.bz2
 4ef3dd0e4ad72c19f706895be5eb4d33 45240 non-free/web optional 
otrs2_5.0.16-1+deb9u1.debian.tar.xz
 f783e5c1ed7df4ec8af58f545af27638 7051968 non-free/web optional 
otrs2_5.0.16-1+deb9u1_all.deb
 0cefdce66de561d00adcefe5768a0329 6139 non-free/web optional 
otrs2_5.0.16-1+deb9u1_amd64.buildinfo
 80a3d6e3b32cd1ffd3e4e1d8dca12fd8 212870 non-free/web optional 
otrs_5.0.16-1+deb9u1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJZOSrsAAoJEBLZsEqQy9jkUCgQAJW351UJIrCqIq75GaLZJfOt
BB/jUiCmaCQXaOoqAW0771j+EW3WwcxYw48tWxTSWZpmeWDToMphuFddrwTaRZzH
Oc/rbgcm1rgzbIfqpKH4xoDKJqpsjbr/JSuoUA7oAiP1t+H1IOX66RdiFgywiYeD
AG/UmcIWU1KMqvxkVU9+cFyeCBSEWb05FVLBn9wEXt5RRNlFvVmNmRpVRrJkL8we
AS8TF34ppJJEnlCmwLiW1fCXTAFwkpvDtkmbEs+SANr6jkrkF6KA1R3NOGQLBBI0
FmR50SvW++7teSpFCl40FeofHLjtvzFdI2SrwimPTV7QDRTv0pgwQQN1oj99m8Bi
NkqhWev1pNjnkyOCoz1IIQqLkQyssvqj9rjVH8KxQBKAU9t5ttIx62V/I/uY/kJ0

Bug#864566: marked as done (librarian-puppet FTBFS in unstable: ERROR: Test "ruby2.3" failed. Exiting.)

2017-06-11 Thread Debian Bug Tracking System 
Your message dated Sun, 11 Jun 2017 18:03:42 +
with message-id 
and subject line Bug#864566: fixed in ruby-puppet-forge 2.2.4-1
has caused the Debian Bug report #864566,
regarding librarian-puppet FTBFS in unstable: ERROR: Test "ruby2.3" failed. 
Exiting.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864566
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: librarian-puppet
Version: 2.2.3-1
Severity: serious
Tags: sid

librarian-puppet recently started to FTBFS in unstable:

https://tests.reproducible-builds.org/debian/history/librarian-puppet.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/librarian-puppet.html

...
┌─┐
│ Checking Rubygems dependency resolution on ruby2.3   │
└──┘

GEM_PATH=debian/librarian-puppet/usr/share/rubygems-integration/all:/var/lib/gems/2.3.0:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.3.0:/usr/share/rubygems-integration/2.3.0:/usr/share/rubygems-integration/all
 ruby2.3 -e gem\ \"librarian-puppet\"
/usr/lib/ruby/2.3.0/rubygems/dependency.rb:319:in `to_specs': Could not find 
'semantic_puppet' (~> 0.1.0) - did find: [semantic_puppet-1.0.0] 
(Gem::LoadError)
Checked in 
'GEM_PATH=debian/librarian-puppet/usr/share/rubygems-integration/all:/var/lib/gems/2.3.0:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.3.0:/usr/share/rubygems-integration/2.3.0:/usr/share/rubygems-integration/all',
 execute `gem env` for more information
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1439:in `block in 
activate_dependencies'
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1428:in `each'
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1428:in 
`activate_dependencies'
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1410:in `activate'
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1442:in `block in 
activate_dependencies'
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1428:in `each'
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1428:in 
`activate_dependencies'
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1410:in `activate'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_gem.rb:68:in `block 
in gem'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_gem.rb:67:in 
`synchronize'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_gem.rb:67:in `gem'
from -e:1:in `'
bigdecimal (1.2.8)
blankslate (3.1.3)
builder (3.2.2)
cucumber (2.4.0)
cucumber-core (1.5.0)
cucumber-wire (0.0.1)
did_you_mean (1.0.0)
diff-lcs (1.2.5)
faraday (0.9.2)
faraday_middleware (0.10.0)
fast_gettext (1.2.0)
gettext (3.2.2)
gettext-setup (0.7)
gherkin (4.0.0)
highline (1.7.8)
io-console (0.4.5)
json (2.0.1, 1.8.3)
librarianp (0.6.3)
locale (2.1.2)
minitar (0.5.4)
minitest (5.9.0)
multi_json (1.11.2)
multi_test (0.1.2)
multipart-post (1.2.0)
net-telnet (0.1.1)
power_assert (0.2.7)
psych (2.1.0)
puppet_forge (2.2.2)
rake (10.5.0)
rdoc (4.2.1)
rsync (1.0.9)
semantic_puppet (1.0.0)
test-unit (3.1.7)
text (1.3.0)
thor (0.19.1)
ERROR: Test "ruby2.3" failed. Exiting.
dh_auto_install: dh_ruby --install 
/build/1st/librarian-puppet-2.2.3/debian/librarian-puppet returned exit code 1
debian/rules:9: recipe for target 'override_dh_auto_install' failed
make[1]: *** [override_dh_auto_install] Error 1
make[1]: Leaving directory '/build/1st/librarian-puppet-2.2.3'
debian/rules:6: recipe for target 'binary' failed
make: *** [binary] Error 2
--- End Message ---
--- Begin Message ---
Source: ruby-puppet-forge
Source-Version: 2.2.4-1

We believe that the bug you reported is fixed in the latest version of
ruby-puppet-forge, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Badia  (supplier of updated ruby-puppet-forge 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED

Bug#859587: marked as done (x2goserver-fmbindings: fails to install: x2goserver-fmbindings.postinst: update-mime-database: not found)

2017-06-11 Thread Debian Bug Tracking System 
Your message dated Sun, 11 Jun 2017 15:04:55 +
with message-id 
and subject line Bug#859587: fixed in x2goserver 4.0.1.20-5
has caused the Debian Bug report #859587,
regarding x2goserver-fmbindings: fails to install: 
x2goserver-fmbindings.postinst: update-mime-database: not found
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
859587: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859587
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: x2goserver-fmbindings
Version: 4.0.1.20-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package x2goserver-fmbindings.
  (Reading database ... 
(Reading database ... 8233 files and directories currently installed.)
  Preparing to unpack .../x2goserver-fmbindings_4.0.1.20-1_all.deb ...
  Unpacking x2goserver-fmbindings (4.0.1.20-1) ...
  Processing triggers for desktop-file-utils (0.23-1) ...
  Setting up x2goserver-fmbindings (4.0.1.20-1) ...
  /var/lib/dpkg/info/x2goserver-fmbindings.postinst: 24: 
/var/lib/dpkg/info/x2goserver-fmbindings.postinst: update-mime-database: not 
found
  dpkg: error processing package x2goserver-fmbindings (--configure):
   subprocess installed post-installation script returned error exit status 127
  Errors were encountered while processing:
   x2goserver-fmbindings


cheers,

Andreas


x2goserver-fmbindings_4.0.1.20-1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: x2goserver
Source-Version: 4.0.1.20-5

We believe that the bug you reported is fixed in the latest version of
x2goserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel  (supplier of updated x2goserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 11 Jun 2017 15:49:40 +0200
Source: x2goserver
Binary: x2goserver x2goserver-extensions x2goserver-fmbindings 
x2goserver-printing x2goserver-x2goagent x2goserver-xsession
Architecture: source
Version: 4.0.1.20-5
Distribution: experimental
Urgency: medium
Maintainer: Debian Remote Maintainers 
Changed-By: Mike Gabriel 
Description:
 x2goserver - X2Go server daemon scripts
 x2goserver-extensions - X2Go server daemon scripts (extensions)
 x2goserver-fmbindings - Generic (freedesktop-based) file manager bindings for 
X2Go
 x2goserver-printing - X2Go server daemon scripts (printing)
 x2goserver-x2goagent - X2Go server wrapper around NXv3 agent (aka x2goagent)
 x2goserver-xsession - X2Go server daemon scripts (Xsession runner)
Closes: 859587
Changes:
 x2goserver (4.0.1.20-5) experimental; urgency=medium
 .
   * debian/x2goserver-fmbindings.post*:
 + Drop postinst and postrm script for x2goserver-fmbindings. Only call in
   it to update-desktop-database is handled by a trigger in
   desktop-file-utils bin:package. (Closes: #859587).
Checksums-Sha1:
 9f404d6032abbab8e68d6499ac0777f4f21a2fe5 2404 x2goserver_4.0.1.20-5.dsc
 9b329cda983c1d543ec1e697f29fa5013762a8da 27248 
x2goserver_4.0.1.20-5.debian.tar.xz
 c9cb28e2e01836db1eba2c6d1db9c526fe70f576 5903 
x2goserver_4.0.1.20-5_source.buildinfo
Checksums-Sha256:
 8d1b3cb3637198fddc6284136d7b687affadf8994e1799de440f6f323ca8ae87 2404 
x2goserver_4.0.1.20-5.dsc
 2c649a8cf432f8c18e50459f48218d727dac762edd8e04fa37ce124cba350d5c 27248 
x2goserver_4.0.1.20-5.debian.tar.xz
 9df65827171545ff649db082642088688b5bdd0f871ba9cb13fadeba2de94e45 5903 
x2goserver_4.0.1.20-5_source.buildinfo
Files:
 3a17eaeadbd9b77e1f1f40ab774e2797 2404 x11 optional x2goserver_4.0.1.20-5.dsc
 0eb440d0c22a55237f8832bbe48faf20 27248 x11 optional 
x2goserver_4.0.1.20-5.debian.tar.xz
 89311fcc6cd2e733e0a3fc6f64fdcbfd 5903 x11 optional 
x2goserver_4.0.1.20-5_source.buildinfo

Processed: severity of 864609 is normal

2017-06-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 864609 normal
Bug #864609 [postfix] postfix install fails on stretch
Severity set to 'normal' from 'serious'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
864609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864609
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: severity of 864609 is serious

2017-06-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 864609 serious
Bug #864609 [postfix] postfix install fails on stretch
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
864609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864609
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859587: marked as pending

2017-06-11 Thread Mike Gabriel 
tag 859587 pending
thanks

Hello,

Bug #859587 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-remote/x2goserver.git/commit/?id=71a6f77

---
commit 71a6f775efa34194c200272747738d1f746bf7a0
Author: Mike Gabriel 
Date:   Sun Jun 11 15:50:30 2017 +0200

upload to experimental (debian/4.0.1.20-5)

diff --git a/debian/changelog b/debian/changelog
index d419394..739ba46 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+x2goserver (4.0.1.20-5) experimental; urgency=medium
+
+  * debian/x2goserver-fmbindings.post*:
++ Drop postinst and postrm script for x2goserver-fmbindings. Only call in
+  it to update-desktop-database is handled by a trigger in
+  desktop-file-utils bin:package. (Closes: #859587).
+
+ -- Mike Gabriel   Sun, 11 Jun 2017 15:49:40 +0200
+
 x2goserver (4.0.1.20-4) experimental; urgency=medium
 
   * debian/control:

Processed: Bug#859587 marked as pending

2017-06-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 859587 pending
Bug #859587 [x2goserver-fmbindings] x2goserver-fmbindings: fails to install: 
x2goserver-fmbindings.postinst: update-mime-database: not found
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
859587: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859587
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863596: mytop can't installed

2017-06-11 Thread Werner Detter 
Hi,

> mytop is now part of mariadb-client-10.1, therefore the mytop package
> doesn't seem to make much sense in stretch.

I don't know which source of mytop is included in mariadb-client-10.1
and cannot estimate if the standalone package of mytop makes sense or
not in stretch. I assume the Maintainers of MariaDB do things right
so I won't look further into this.

Cheers,
Werner

Bug#864597: upgrade-reports: jessie -> stretch: gnome fails to upgrade: cycle found while processing triggers

2017-06-11 Thread Bill Allombert 
On Sun, Jun 11, 2017 at 11:13:05AM +0200, Cyril Brulebois wrote:
> Package: upgrade-reports
> Severity: critical
> Justification: makes upgrade from stable abort
> 
> [ X-D-Cc:
>   debian-rele...@lists.debian.org
>   pkg-java-maintain...@lists.alioth.debian.org
>   pkg-gnome-maintain...@lists.alioth.debian.org ]
> 
> Hi,
> 
> Regression spotted by Pere in some debian-edu job, but also seen since
> the 2nd of June in normal gnome chroot installation then upgrade from
> jessie to stretch:
>   
> https://jenkins.debian.net/view/edu_devel/job/chroot-installation_jessie_install_education-desktop-gnome_upgrade_to_stretch/
>   
> https://jenkins.debian.net/job/chroot-installation_jessie_install_gnome_upgrade_to_stretch/
> 
> I've managed to reproduce it locally with basically a debootstrap of
> jessie, installation of gnome, then switch sources.list from jessie to
> stretch, then update & upgrade & dist-upgrade.
> 
> I've bisected the archive using snapshot.debian.org and found out:
>  - 20170601T212625Z = last timestamp found to be OK;
>  - 20170602T033358Z = first timestamp to be KO.

For what it is worth, according to

a circular dependency between ca-certificates-java and
openjdk-8-jre-headless has been added on Thu Jun  1 01:02:00 CEST 2017

Cheers,
-- 
Bill. 

Imagine a large red swirl here.

Processed: your mail

2017-06-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> owner 864566 !
Bug #864566 [src:librarian-puppet] librarian-puppet FTBFS in unstable: ERROR: 
Test "ruby2.3" failed. Exiting.
Owner recorded as Sebastien Badia .
> tags 864566 + pending confirmed
Bug #864566 [src:librarian-puppet] librarian-puppet FTBFS in unstable: ERROR: 
Test "ruby2.3" failed. Exiting.
Added tag(s) confirmed and pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
864566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864566
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#864566: [DRE-maint] Bug#864566: librarian-puppet FTBFS in unstable: ERROR: Test "ruby2.3" failed. Exiting.

2017-06-11 Thread Sebastien Badia 
owner 864566 !
tags 864566 + pending confirmed
thanks

Hi Adrian,

Thanks for the bug report, I'm currently working on it (ruby-puppet-forge, r10k,
librarian-puppet and ruby-semantic-puppet)

Cheers,

Seb


signature.asc
Description: PGP signature

Bug#864597: upgrade-reports: jessie -> stretch: gnome fails to upgrade: cycle found while processing triggers

2017-06-11 Thread Niels Thykier 
Cyril Brulebois:
> Package: upgrade-reports
> Severity: critical
> Justification: makes upgrade from stable abort
> 
> [ X-D-Cc:
>   debian-rele...@lists.debian.org
>   pkg-java-maintain...@lists.alioth.debian.org
>   pkg-gnome-maintain...@lists.alioth.debian.org ]
> 
> Hi,
> 
> Regression spotted by Pere in some debian-edu job, but also seen since
> the 2nd of June in normal gnome chroot installation then upgrade from
> jessie to stretch:
>   
> https://jenkins.debian.net/view/edu_devel/job/chroot-installation_jessie_install_education-desktop-gnome_upgrade_to_stretch/
>   
> https://jenkins.debian.net/job/chroot-installation_jessie_install_gnome_upgrade_to_stretch/
> 

Hi,

Thanks for reporting this.

Timing being what it is, we need to act fast if we want to fix this for
stretch.  I have CC'ed maintainers of (presumably) relevant packages;
please be ready to upload a fix to your package if needed.

Long story short:
=

 * dpkg reports a trigger cycle between gnome-menus and
   desktop-file-utils.

 * desktop-file-utils has an "interest" (implicit "-await") trigger, so
   it is plausible.  I have not verified the dependency relationship.

 * shared-mime-info also has an "interest" (implicit "-await") trigger.
   It may (or may not) be an accomplice to this issue.

 * gnome-menus only have "interest-noawait" and should therefore not be
   able to start the trigger cycle (but it can be part of one).

Things to do / research:
===

 * @desktop-file-utils: The trigger seems to be used for a cache.  Is
   there any reason for using the implicit "-await" trigger or can this
   cache update be deferred like the "man-db" cache can?

 * @shared-mime-info: The trigger seems to be used for a cache.  Is
   there any reason for using the implicit "-await" trigger or can this
   cache update be deferred like the "man-db" cache can?

 * @Andreas: Could you have a look at the upgrade ordering in this case.
   You are usually pretty good at spotting if we need Breaks, so I would
   be delighted if you could give it a go.
   (E.g. if gnome-menus need to break desktop-file-utils in jessie even
if desktop-file-utils in stretch uses a "-noawait" trigger)


I have left the remaining parts of KiBi's mails below for the newly
CC'ed people.

Thanks,
~Niels


> I've managed to reproduce it locally with basically a debootstrap of
> jessie, installation of gnome, then switch sources.list from jessie to
> stretch, then update & upgrade & dist-upgrade.
> 
> I've bisected the archive using snapshot.debian.org and found out:
>  - 20170601T212625Z = last timestamp found to be OK;
>  - 20170602T033358Z = first timestamp to be KO.
> 
> Since logs are a bit too heavy for a bug report, I've uploaded them
> there:
>   https://people.debian.org/~kibi/jessie2stretch/gnome/
> 
> $timestamp.log is the output of the installation & dist-upgrade process,
> while $timestamp.log.clean is a cleaned version (with Get: lines edited
> to remove the package indice and the timestamp, then sort them by block,
> so as to avoid a huge diff).
> 
> Then I've generated upgrade.diff by diffing both clean versions:
>   https://people.debian.org/~kibi/jessie2stretch/gnome/upgrade.diff
> 
> This file consists mainly of some differences which should help us
> pinpoint the exact issue (first part of the diff), but also of a big
> diff at the end, since the OK log goes on with the install while the KO
> one is cut rather quickly. Actual error follows:
> | Unpacking default-jre-headless (2:1.8-58) over (2:1.7-52) ...
> | Processing triggers for libc-bin (2.24-10) ...
> | Processing triggers for hicolor-icon-theme (0.15-1) ...
> | Processing triggers for desktop-file-utils (0.23-1) ...
> | Processing triggers for man-db (2.7.6.1-2) ...
> | Processing triggers for libglib2.0-0:amd64 (2.50.3-2) ...
> | (Reading database ... 129883 files and directories currently installed.)
> | Removing openjdk-7-jre:amd64 (7u111-2.6.7-1~deb8u1) ...
> | Removing openjdk-7-jre-headless:amd64 (7u111-2.6.7-1~deb8u1) ...
> | Removing tzdata-java (2017b-0+deb8u1) ...
> | Processing triggers for hicolor-icon-theme (0.15-1) ...
> | dpkg: cycle found while processing triggers:
> |  chain of packages whose triggers are or may be responsible:
> |   gnome-menus -> desktop-file-utils
> |  packages' pending triggers which are or may be unresolvable:
> |   gnome-menus: /usr/share/applications
> |   shared-mime-info: /usr/share/mime/packages
> |   desktop-file-utils: /usr/share/applications
> | dpkg: error processing package gnome-menus (--remove):
> |  triggers looping, abandoned
> | Processing triggers for desktop-file-utils (0.23-1) ...
> | Errors were encountered while processing:
> |  gnome-menus
> | E: Sub-process /usr/bin/dpkg returned an error code (1)
> 
> By looking at the diff before that, this might have been triggered (no
> pun intended) by the ca-certificates-java update, which included changes
> in the required java version, which might explain why

Bug#864597: upgrade-reports: jessie -> stretch: gnome fails to upgrade: cycle found while processing triggers

2017-06-11 Thread Cyril Brulebois 
Package: upgrade-reports
Severity: critical
Justification: makes upgrade from stable abort

[ X-D-Cc:
  debian-rele...@lists.debian.org
  pkg-java-maintain...@lists.alioth.debian.org
  pkg-gnome-maintain...@lists.alioth.debian.org ]

Hi,

Regression spotted by Pere in some debian-edu job, but also seen since
the 2nd of June in normal gnome chroot installation then upgrade from
jessie to stretch:
  
https://jenkins.debian.net/view/edu_devel/job/chroot-installation_jessie_install_education-desktop-gnome_upgrade_to_stretch/
  
https://jenkins.debian.net/job/chroot-installation_jessie_install_gnome_upgrade_to_stretch/

I've managed to reproduce it locally with basically a debootstrap of
jessie, installation of gnome, then switch sources.list from jessie to
stretch, then update & upgrade & dist-upgrade.

I've bisected the archive using snapshot.debian.org and found out:
 - 20170601T212625Z = last timestamp found to be OK;
 - 20170602T033358Z = first timestamp to be KO.

Since logs are a bit too heavy for a bug report, I've uploaded them
there:
  https://people.debian.org/~kibi/jessie2stretch/gnome/

$timestamp.log is the output of the installation & dist-upgrade process,
while $timestamp.log.clean is a cleaned version (with Get: lines edited
to remove the package indice and the timestamp, then sort them by block,
so as to avoid a huge diff).

Then I've generated upgrade.diff by diffing both clean versions:
  https://people.debian.org/~kibi/jessie2stretch/gnome/upgrade.diff

This file consists mainly of some differences which should help us
pinpoint the exact issue (first part of the diff), but also of a big
diff at the end, since the OK log goes on with the install while the KO
one is cut rather quickly. Actual error follows:
| Unpacking default-jre-headless (2:1.8-58) over (2:1.7-52) ...
| Processing triggers for libc-bin (2.24-10) ...
| Processing triggers for hicolor-icon-theme (0.15-1) ...
| Processing triggers for desktop-file-utils (0.23-1) ...
| Processing triggers for man-db (2.7.6.1-2) ...
| Processing triggers for libglib2.0-0:amd64 (2.50.3-2) ...
| (Reading database ... 129883 files and directories currently installed.)
| Removing openjdk-7-jre:amd64 (7u111-2.6.7-1~deb8u1) ...
| Removing openjdk-7-jre-headless:amd64 (7u111-2.6.7-1~deb8u1) ...
| Removing tzdata-java (2017b-0+deb8u1) ...
| Processing triggers for hicolor-icon-theme (0.15-1) ...
| dpkg: cycle found while processing triggers:
|  chain of packages whose triggers are or may be responsible:
|   gnome-menus -> desktop-file-utils
|  packages' pending triggers which are or may be unresolvable:
|   gnome-menus: /usr/share/applications
|   shared-mime-info: /usr/share/mime/packages
|   desktop-file-utils: /usr/share/applications
| dpkg: error processing package gnome-menus (--remove):
|  triggers looping, abandoned
| Processing triggers for desktop-file-utils (0.23-1) ...
| Errors were encountered while processing:
|  gnome-menus
| E: Sub-process /usr/bin/dpkg returned an error code (1)

By looking at the diff before that, this might have been triggered (no
pun intended) by the ca-certificates-java update, which included changes
in the required java version, which might explain why this block was
present in the OK log but no longer in the KO one?
| -dpkg: openjdk-7-jre-headless:amd64: dependency problems, but removing anyway 
as you requested:
| - ca-certificates-java depends on openjdk-7-jre-headless | 
java7-runtime-headless; however:
| -  Package openjdk-7-jre-headless:amd64 is to be removed.
| -  Package java7-runtime-headless is not installed.
| -  Package openjdk-8-jre-headless:amd64 which provides java7-runtime-headless 
is not configured yet.
| -  Package default-jre-headless which provides java7-runtime-headless is not 
configured yet.
| -  Package openjdk-7-jre-headless:amd64 which provides java7-runtime-headless 
is to be removed.
| - ca-certificates-java depends on openjdk-7-jre-headless | 
java7-runtime-headless; however:
| -  Package openjdk-7-jre-headless:amd64 is to be removed.
| -  Package java7-runtime-headless is not installed.
| -  Package openjdk-8-jre-headless:amd64 which provides java7-runtime-headless 
is not configured yet.
| -  Package default-jre-headless which provides java7-runtime-headless is not 
configured yet.
| -  Package openjdk-7-jre-headless:amd64 which provides java7-runtime-headless 
is to be removed.
| -

I don't see any immediate solutions (mostly because it's the first dpkg
triggers cycle I encounter), but this looks like something that really
should be fixed before the stretch release, hence the severity and the
x-d-cc list.


KiBi.